1. How To Measure the Performance, Security
and Stability of Your Enterprise Firewall
February 16th at 2:30 pm
2. Agenda
• Throughput
• Packets Per Second
• Latency
• Connections Per Second
• Simultaneous Sessions
• Stacking It Up
• Real Traffic
3. Throughput
What is it?
It’s all about ‘volume’
Why is it important?
Maximum transfer capability
How is it affected?
Packet size – for smaller packets we may become packet per second bound
File size – for smaller files we may become connection per second bound
Physical limits – bus/interface limits
How do we find it?
For UDP – Single or multiple streams of large packet sizes
For TCP – multiple HTTP GETs of 32K files
3
4.
5. Packets Per Second
What is it?
It’s all about ‘pressure’
Why is it important?
Small transaction characteristics
How is it affected?
Packet size – for larger packets we may become throughput bound
How do we find it?
Reduce packet size until you see packets per second maximize
5
6.
7. Latency
What is it?
It’s all about ‘bursts’
Per packet (UDP)
Per transaction (TCP)
Why is it important?
Transfer delay
How is it affected?
Hardware or software
Session setup
How do we find it?
Measure latency at 10%, 50%, 75%, and 90% utilization
7
8.
9. Connections per second
What is it?
It’s all about ‘temperature’
Why is it important?
Most everything is a connection
How is it affected?
Protocol type (ICMP, UDP, TCP, etc) – TCP hardest with the most state
Handled in CPU
How do we find it?
HTTP 1.0 connections transferring a single byte file
9
10. Connections per second (cont)
SYN handshake – 3 packets Data transfer – 4 packets FIN close – 3 packets
Total of 10 packets. Can be reduced
RST, piggyback gets, SACK – But this may be cheating
10
11. Simultaneous sessions
What is it?
It’s all about ‘streams’
Why is it important?
How many parallel requests can you handle?
How is it affected?
Memory is the biggest factor
How do we find it?
Open, but do not complete sessions.
Once all sessions are open, transfer data and close sessions
11
15. Real Traffic
Why is it good?
More than one variable at a time
Protocol interaction
What makes it hard?
Difficult to repeat
Traffic is different for every customer
Can we test it?
Different mixes of application traffic
Standard background traffic with specific
security traffic
15
16. How? Attack Thyself!
Real Attacks
• 4,500 live security attacks
• 100+ evasions
• Malware
• Spam
• DDoS and Botnet simulation
• Custom attacks
• Research and frequent updates
Real World Applications
• 150+ application protocols
• Social media, peer-to-peer, voice, video
• Web and enterprise applications, gaming
• Custom applications
• Frequent updates
Unprecedented Performance
• 120 Gbps blended application traffic
• 90M concurrent TCP sessions
• 3M TCP sessions/second
• 38 Gbps SSL bulk encryption