Great Circle Associates Firewalls
(July 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Packet filtering overhead
From: tdn @ tdn . xyplex . com (Thomas D. Nadeau)
Date: Mon, 11 Jul 94 09:14:49 EDT
To: quent . johnson @ intellistor . com
Cc: firewalls @ GreatCircle . COM
In-reply-to: <9407061458 . AA04207 @ whizbang . Intellistor . COM> (quent . johnson @ intellistor . com)
Reply-to: tdnadeau @ xap . xyplex . com

"qj" == Quentin Johnson <quent .
 johnson @
 intellistor .
 com> writes:

>What is the packet filtering overhead for a router?

>qj> I've heard people mention that access lists impose a significant
>qj> overhead; the box is so much faster than 56Kbps or T1 speeds that
>qj> it doesn't matter.

		They do.  Most access list lookups are not implemented in the
most efficient ways.  Even those implemented using hash table lookups,
still require the added overhead of the hash function calculation.
Some routers implement a filter caching feature, which does speed
things up a bit, but there is still a performance penalty, especially
if the packets continually come from different locations which will 
break the cache.

		--tOM

-- 
/---------------------------------------------------------------------/
\                                                                     \
/  Thomas D. Nadeau                            ========      ======== /
\  Internetworking Software                      =======   =========  \
/  Xyplex, Inc.                                   =======  ======     /
\  295 Foster Street,                              ========  ==       \
/  Littleton, MA 01460                       -------=======  -------  /  
\                                                  ========  ==       \
/  Voice:  (508) 952-4837                         =======  ======     /
\  FAX:    (508) 952-4887                       =======   =========   \
/  email:  tdnadeau @
 eng .
 xyplex .
 com            ========    ==========  /
\                                                                     \
/---------------------------------------------------------------------/


References:
Indexed By Date Previous: Router filtering capability
From: brian @ lloyd . com (Brian Lloyd)
Next: Vendor Recommendations
From: "Vegsund, Richard" <MISRHV @ infosvcs . tmh . tmc . edu>
Indexed By Thread Previous: Re: Packet filtering overhead
From: quent . johnson @ intellistor . com (Quentin Johnson)
Next: Re: Packet filtering overhead
From: ted . doty @ nsco . network . com

Google
 
Search Internet Search www.greatcircle.com