Want to get the highest possible performance out of your security device? Make sure it only handles connectionless UDP traffic – the stuff that, according to studies from CAIDA and other sources – makes up less than 5 percent of traffic on Internet backbones.
Want to get the highest possible performance out of your security device? Make sure it only handles connectionless UDP traffic – the stuff that, according to studies from CAIDA and other sources – makes up less than 5% of traffic on Internet backbones.
Security devices don't have to track state with connectionless UDP, and thus have more resources available to push packets faster. Authors of vendor data sheets love this, because it pumps up throughput rates.
Unfortunately for end-users, UDP isn't representative of enterprise traffic. Packet-blasting with UDP has its place, but that place is switch and router testing – and no one buys security appliances just for switching or routing.
All the same, UDP testing revealed a few things that aren't in the TMS's data sheet. For example, HP says the TMS forwards traffic at up to 3Gbps when configured as a firewall. The TMS did better than that in our tests, moving UDP at up to 5Gbps, but only with 9,216-byte jumbo frames, which are seldom used except in data centers. With 1,518-byte Ethernet frames – the maximum length commonly found on enterprise backbones – UDP throughput was around 2.2Gbps.
HP's claim of higher throughput – 3Gbps vs. the 2.2Gbps we observed – is probably attributable to testing with a single flow per port. We configured the Spirent TestCenter traffic generator with 50 flows sourced from each of eight ports, for 400 total. When we retested with a single flow per port, throughput rose to around 2.8Gbps; all the same, it's more likely that the TMS will handle multiple flows in production networks. An eight-slot modular switch such as the ProCurve 5406zl we tested (or the even larger ProCurve 8212zl) most likely will handle hundreds or thousands of flows in an enterprise networks.
With one exception, average latency with UDP was consistently around 200 to 300 microseconds regardless of frame length, both in firewall and firewall/IPS configurations. Latency was highest with 256-byte frames (nearly 600 microsec in firewall-only mode).
A review of 19 companies that offer free cloud storage
World Password Day is Thursday. Time to change your shared passwords for video on demand sites such as...
The Internet of Things is predicted to grow to a $1.4 trillion market by 2020, which means there are...
Apple continues to make headway in the business world. This week it landed a significant partnership...
CISOs explain why, fair or not, they were let go by their company.
In case you couldn't make it to Las Vegas this week for the premier networking show, we have you...
Apple inspires a level of excitement among IT pros today that every enterprise vendor should covet,...