-----BEGIN PGP SIGNED MESSAGE-----
> At 08:14 PM 7/17/97 +0000, marc @
> >One reason, why DataComm was doing this stress test is the upcomming
> >need for internal firewalls.
> It's too bad the test was so unrepresentative of real-world IP traffic.
> More than 90% of the traffic was FTP, the rest HTTP. Sorta backwards from
> the real world..
I believe this is backwards, 90% was HTTP and the remainder was FTP (via
ftp URLs I believe). I viewed this test as very WWW-centric which in
many ways is a good performance gauge because of the impact on the firewall
by heavy loads of HTTP (AKA TCP) connections. IMHO, this is much more
telling than worrying about the number of bits passed using something
I frequently hear people ask "how big of a firewall do I need to protect
my T1 line". My experience (at least with our product) is that the
connection speed/firewall throughput is rarely the most challenging factor
(can you say "100Mbps ethernet" :-)). Normally, its the traffic mix
(particularly HTTP and SMTP) and usage pattern (load spikes) drive that
drive the hardware platform. So the Data Comm's performance section is
useful to feed one data point (benchmark WWW performance for a particular
hardware configuration) when evaluating firewalls.
It should be mentioned that at least this year's Data Comm. article (unlike
the previous one) focused on more than just performance. I wish the other
trade rags doing comparisons of firewall actually looked at the products
and not just their marketing literature before publishing their opinions
for the masses ;-).
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----