Want to get the highest possible performance out of your security device? Make sure it only handles connectionless UDP traffic – the stuff that, according to studies from CAIDA and other sources – makes up less than 5 percent of traffic on Internet backbones.
Want to get the highest possible performance out of your security device? Make sure it only handles connectionless UDP traffic – the stuff that, according to studies from CAIDA and other sources – makes up less than 5% of traffic on Internet backbones.
Security devices don't have to track state with connectionless UDP, and thus have more resources available to push packets faster. Authors of vendor data sheets love this, because it pumps up throughput rates.
Unfortunately for end-users, UDP isn't representative of enterprise traffic. Packet-blasting with UDP has its place, but that place is switch and router testing – and no one buys security appliances just for switching or routing.
All the same, UDP testing revealed a few things that aren't in the TMS's data sheet. For example, HP says the TMS forwards traffic at up to 3Gbps when configured as a firewall. The TMS did better than that in our tests, moving UDP at up to 5Gbps, but only with 9,216-byte jumbo frames, which are seldom used except in data centers. With 1,518-byte Ethernet frames – the maximum length commonly found on enterprise backbones – UDP throughput was around 2.2Gbps.
HP's claim of higher throughput – 3Gbps vs. the 2.2Gbps we observed – is probably attributable to testing with a single flow per port. We configured the Spirent TestCenter traffic generator with 50 flows sourced from each of eight ports, for 400 total. When we retested with a single flow per port, throughput rose to around 2.8Gbps; all the same, it's more likely that the TMS will handle multiple flows in production networks. An eight-slot modular switch such as the ProCurve 5406zl we tested (or the even larger ProCurve 8212zl) most likely will handle hundreds or thousands of flows in an enterprise networks.
With one exception, average latency with UDP was consistently around 200 to 300 microseconds regardless of frame length, both in firewall and firewall/IPS configurations. Latency was highest with 256-byte frames (nearly 600 microsec in firewall-only mode).
The agency's higher speed definition allows it to take new actions to encouarge deployment
A site indexed 73,011 unsecured security cameras in 256 countries to illustrate the dangers of using...
Buyers of the earthly explanation for whatever fell from the sky in Roswell, N.M. back in 1947 are...
Sponsored by AT&T
Sponsored by Brocade
The FCC's sternly worded warning about illegal Wi-Fi blocking earlier this week got through to at least...
Part 1 of a two part series on how to get started with home automation
Part 2 of a two part series on how to get started with home automation
Jazz up your system's storage, memory, networking and display without breaking the bank with CIO.com’s...