We assessed the performance of Watchguard's V200 VPN/firewall using three metrics: IPSec tunnel capacity, latency, and throughput.
To measure IPSec tunnel capacity, we used TeraVPN software and SmartBits traffic generator/analyzers from Spirent Communications. We offered traffic between 12 pairs of SmartBits LAN-3301A TeraMetrics cards, with each pair attempting to establish 3,500 IPSec tunnels. With 12 card pairs on the test bed, we established 42,000 tunnels in all. To funnel traffic from 24 total SmartBits interfaces into the two Gigabit Ethernet interfaces of the V200, we used a pair of Summit switches from Extreme Networks.
For all tests, we configured both the V200 and TeraVPN to use preshared secrets, SHA-1 message authentication, and Triple-DES for message privacy.
To measure latency and throughput, Watchguard supplied a pair of V200s, which we connected in a "back-to-back" configuration, with a single Gigabit Ethernet link between them. At either edge of the pair of the V200s, we attached SmartBits analyzers equipped with LAN-3201B Gigabit Ethernet cards. We used custom scripts that called Spirent's to generate bidirectional traffic.
We measured latency and throughput across the V200s in three different configurations - with eight pairs of IPSec security associations configured between V200s; with IPSec disabled and two firewall rules in place; and with IPSec disabled and 1,000 firewall rules in place.
For all three configurations, we measured latency and throughput using 64-, 256-, 1,440-, and 1,518-byte frames. The duration for all latency and throughput tests was 60 seconds, and latency measurements have a timestamp resolution of 100 nanoseconds.
Back to main review: "WatchGuard Firebox V200 firewall/VPN"
Rss FeedRss Feed
The Leader in Network Knowledge
Comment