Want to get the highest possible performance out of your security device? Make sure it only handles connectionless UDP traffic – the stuff that, according to studies from CAIDA and other sources – makes up less than 5 percent of traffic on Internet backbones.
Want to get the highest possible performance out of your security device? Make sure it only handles connectionless UDP traffic – the stuff that, according to studies from CAIDA and other sources – makes up less than 5% of traffic on Internet backbones.
Security devices don't have to track state with connectionless UDP, and thus have more resources available to push packets faster. Authors of vendor data sheets love this, because it pumps up throughput rates.
Unfortunately for end-users, UDP isn't representative of enterprise traffic. Packet-blasting with UDP has its place, but that place is switch and router testing – and no one buys security appliances just for switching or routing.
All the same, UDP testing revealed a few things that aren't in the TMS's data sheet. For example, HP says the TMS forwards traffic at up to 3Gbps when configured as a firewall. The TMS did better than that in our tests, moving UDP at up to 5Gbps, but only with 9,216-byte jumbo frames, which are seldom used except in data centers. With 1,518-byte Ethernet frames – the maximum length commonly found on enterprise backbones – UDP throughput was around 2.2Gbps.
HP's claim of higher throughput – 3Gbps vs. the 2.2Gbps we observed – is probably attributable to testing with a single flow per port. We configured the Spirent TestCenter traffic generator with 50 flows sourced from each of eight ports, for 400 total. When we retested with a single flow per port, throughput rose to around 2.8Gbps; all the same, it's more likely that the TMS will handle multiple flows in production networks. An eight-slot modular switch such as the ProCurve 5406zl we tested (or the even larger ProCurve 8212zl) most likely will handle hundreds or thousands of flows in an enterprise networks.
With one exception, average latency with UDP was consistently around 200 to 300 microseconds regardless of frame length, both in firewall and firewall/IPS configurations. Latency was highest with 256-byte frames (nearly 600 microsec in firewall-only mode).
Some 2.7 million AT&T customers will share $88 million in compensation for having had unauthorized...
The team behind the Apache Zeppelin open-source notebook for big data analytics visualization has...
In 2010, Jim Gettys, a veteran computer programmer who currently works at Google, was at home uploading...
U.S. International Trade Commission Judge MaryJoan McNamara issued the so-called “initial...
Comparing cloud prices between AWS, Azure and Google is not as straightforward as comparing one Cyber...
Recruiters and hiring managers reveal what makes a candidate stand out -- or fall flat
As security leaders, we want to allow your teams to move as fast as possible and not deploy a policy or...