In reply to your message of Thu, 19 Sep 1996 15:22:35 EDT: | I am sure a question most of us has is, what kind of latency does your | filtering box add? Doing something at line rate is fine, but latency is | rather important at line speed. Very low, on the order of tens of microseconds, if I remember correctly (the code itself is very small, only a couple hundred K). The PIX operates by switching on flows rather than routing, so latency is comparable to a switch. However, a word on latency since this urban myth seems to keep creeping back: While a device with large latency, on the order hundreds of milliseconds or even seconds, would obviously contribute some detriment to the data path, ultimately the largest latency lies in the transmission media and the processing overhead on the end stations, and not the network nodes themselves. This is an old issue that goes 'way back, and it just won't seem to die. I never like trying to address the issue of latency in a network device, because invariably it isn't the real contributor to latency on a network. In fact, many of the unwashed in the end user community confuse latency with response time, and they are not the same nor are they necessarily related. Seconds-long response times due to congestion do not mean that forwarding latency is at issue in any network devices, just like a traffic jam at a major turnpike does not mean that the speed limits have been reduced or the road surface degraded to where travel beyond a moderate speed is impossible. There is just simply more traffic than the device can handle, and things are going to back up-- but the packets are still being forwarded through the device at the same rate. Back to the PIX, since it filters and forwards at line rate, packets go out as fast as they come in, eliminating the issue of congestion. And I've already touched on the estimated latency for completeness. Hope this helps, Cheers, Paul Paul "Corwin" Frommeyer Work Internet Engineer, CCIE Play ISP Systems Engineer Network Sorcerer At Large Cisco Systems, Inc. Paul's Fone Company pfrommey@cisco.com corwin@palas.com *** Speaking solely for myself unless otherwise noted ***