Firewalls: Re: Screend ports (other than ULTRIX and BSD/386)?

Firewalls
(May 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Screend ports (other than ULTRIX and BSD/386)?
From:	Marcus J Ranum <mjr @ tis . com>
Date:	Sun, 8 May 94 11:48:52 EDT
To:	Geoffrey . Mulligan @ Eng . Sun . COM, brent @ GreatCircle . COM
Cc:	Firewalls @ GreatCircle . COM, Stephen . L . Arnold @ Arnold . Com, mulligan @ future . Eng . Sun . COM

Geoff Mulligan writes:
>Is screend running on a 486 "fast enough" to keep up at ethernet speed?
>How about faster than a T1?

	At ethernet speeds it adds something like 2-4ms to the latency.
Not too bad, really. Not great, but for the price it's pretty good.

You can have:

	a) Cheap
	b) Fast
	c) Good

	- Pick two.

	If you're playing T3 speed games, you're already buying very
expensive sexy hardware just to move packets around. "Low cost firewall"
is an oxymoron in that situation -- just buy high-end routers like an
NSC that have really awesome screening capabilities.

	It's not fair to beat up on Brent when he assume T1 or lower
speed connection. That's what the majority of the folks running
firewalls are dealing with. Anything else is right out of the ballpark.
By the time we are all running local T3 connects to the 'net, the
future-equivalent of a '486 will handle the traffic just fine using
the future-equivalent of screend.

mjr.

Indexed By Date	Previous:	Re: Screend ports (other than ULTRIX and BSD/386)? From: Geoff Mulligan <Geoffrey . Mulligan @ Eng . Sun . COM>
Indexed By Date	Next:	Re: MBONE and Firewalls... From: Geoff Mulligan <Geoffrey . Mulligan @ Eng . Sun . COM>
Indexed By Thread	Previous:	Re: Screend ports (other than ULTRIX and BSD/386)? From: jpf @ mig . com (Jack Flory)
Indexed By Thread	Next:	Re: Screend ports (other than ULTRIX and BSD/386)? From: jim @ Tadpole . COM (Jim Thompson)