I know you can measure the actual performance if you use Ixia hardware. We have used Ixia to find the limitations of hardware before putting it in production. On Mon, Jan 11, 2010 at 8:03 PM, GIULIANO (UOL) <giulianocm@uol.com.br>wrote:
People,
I have seen a discussion about DDoS Mitigation in this list.
Someone reference Juniper SRX equipments like good equipments to prevent DDoS attacks.
Like Juniper SRX, other players like fortinet has some hardware based ( FORTIGATE) Appliances to provide great throughput, ddos mitigation, UTM Features, etc. Ex. Recent Fortigate 1240B
My question about this products is related to a combination of performance parameters that I really does not understand.
Lets use Juniper SRX as an example:
Juniper SRX has (from Juniper's web site):
Firewall performance (max) 1.5 Gbps
Maximum concurrent sessions 64 K (512 MB DRAM) / 128 K (1 GB DRAM)
New sessions/second (sustained, TCP, 3-way) 9,000
Lets suppose that we have a client with 100 Mbps total full duplex throughput in a SRX-240 interfaces.
If this client has 6000 users ... how is possible to combine:
1.5 Gbps (100 Mbps) x 128K sessions x 9000 new sessions/second
Supposing 5000 users x 100 sessions per user ... the box will not support it , right ?
How is the correct way to calculate with accuracy this ?
Every player looks like to have a way to calculate it. Every player said something about sessions.
What is the correct parameter about sessions ?
How many sessions per second a normal user (FTP, E-mail, HTTP, SSL, SSH, Telnet) can generate ?
Why the number 9000 new sessions/second is important ?
How can I sum to all of this 3 parameters ... the DDoS mitigation ?
How much performance I will consume, under a DDoS attack ?
It is possible to measure it ?
Thanks a lot,
Giuliano