Dobbins, Roland wrote:
On Jan 8, 2010, at 9:02 PM, bill from home wrote:
And maybe there is no way to tell, but I feel I need to ask the question.
Situationally-dependent; the only way to really tell, not just theorize, is to test the firewall to destruction during a maintenance window (or one like it, in the lab).
see my post in the subject, a reasonably complete performance report for the device is a useful place to start. if you know what the maximum session rate and state table size for the device are, you have a pretty good idea at what rate of state instantiation it will break. rather frequently it's more than two orders of magnitude lower than the peak forwarding rate.
----------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Injustice is relatively easy to bear; what stings is justice.
-- H.L. Mencken