Want to get the highest possible performance out of your security device? Make sure it only handles connectionless UDP traffic – the stuff that, according to studies from CAIDA and other sources – makes up less than 5 percent of traffic on Internet backbones.
Want to get the highest possible performance out of your security device? Make sure it only handles connectionless UDP traffic – the stuff that, according to studies from CAIDA and other sources – makes up less than 5% of traffic on Internet backbones.
Security devices don't have to track state with connectionless UDP, and thus have more resources available to push packets faster. Authors of vendor data sheets love this, because it pumps up throughput rates.
Unfortunately for end-users, UDP isn't representative of enterprise traffic. Packet-blasting with UDP has its place, but that place is switch and router testing – and no one buys security appliances just for switching or routing.
All the same, UDP testing revealed a few things that aren't in the TMS's data sheet. For example, HP says the TMS forwards traffic at up to 3Gbps when configured as a firewall. The TMS did better than that in our tests, moving UDP at up to 5Gbps, but only with 9,216-byte jumbo frames, which are seldom used except in data centers. With 1,518-byte Ethernet frames – the maximum length commonly found on enterprise backbones – UDP throughput was around 2.2Gbps.
HP's claim of higher throughput – 3Gbps vs. the 2.2Gbps we observed – is probably attributable to testing with a single flow per port. We configured the Spirent TestCenter traffic generator with 50 flows sourced from each of eight ports, for 400 total. When we retested with a single flow per port, throughput rose to around 2.8Gbps; all the same, it's more likely that the TMS will handle multiple flows in production networks. An eight-slot modular switch such as the ProCurve 5406zl we tested (or the even larger ProCurve 8212zl) most likely will handle hundreds or thousands of flows in an enterprise networks.
With one exception, average latency with UDP was consistently around 200 to 300 microseconds regardless of frame length, both in firewall and firewall/IPS configurations. Latency was highest with 256-byte frames (nearly 600 microsec in firewall-only mode).
A jury in San Francisco has cleared Google of copyright infringement in a case brought by Oracle over...
A review of 19 companies that offer free cloud storage
The Internet of Things is predicted to grow to a $1.4 trillion market by 2020, which means there are...
Some 40,000 striking Verizon workers are poised to resume their regular job duties next week after...
In the field, at the server rack, or in need of a live stream, these essential IT tools will help your...
This week SaaS giant Salesforce.com and IaaS behemoth Amazon Web Services codified a partnership that...
Whenever creating a budget, there is always the rainy day fund in case of unexpected circumstances. But...