Hi, David, Thanks so much for your feedback! -- Comments in-line.... On 04/17/2014 12:26 PM, David Newman wrote:
The use of RFC 2544-esque metrics for firewall performance testing mostly benefits ill-informed or unscrupulous firewall marketeers, who send 1500-byte UDP packets and then brag about excellent performance.
For firewalls handling TCP traffic, upper-layer traffic metrics such as HTTP object size, concurrent connection capacity, and connection setup rate are a lot more meaningful.
The RFC 2544/2889 approach is OK if you only ever use your firewall as a router or a switch. The performance of a firewall used as an L2-L7 device should be measured with L2-L7 traffic.
Are you referring to this text from our document?
REQ GEN-5: The firewall MUST include performance benchmarking documentation. Such documentation MUST include information that reflects firewall performance with respect to IPv6 packet, but also regarding how IPv6 traffic may affect the performance of IPv4 traffic. The aforementioned documentation MUST be, at the very least, conditionally-compliant with both [RFC3511] and [RFC5180] (that is, it MUST support all "MUST" requirements in such documents, and may also support the "SHOULD" requirements in such documents).
NOTE: This is for operators to spot be able to identify cases where a devices may under-perform in the presence of IPv6 traffic (see e.g. [FW-Benchmark]). XXX: This note may be removed before publication if deemed appropriate.
Because he RFCs we reference do require to make the measurements as you describe... Thanks! Best regards, -- Fernando Gont e-mail: fernando@gont.com.ar || fgont@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1