Firewalls: Re: Dynamically Re-arranged ACLs/ performance

Firewalls
(January 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Dynamically Re-arranged ACLs/ performance
From:	Paul Traina <pst @ cisco . com>
Date:	Fri, 27 Jan 1995 14:46:10 -0800
To:	robp @ anubis . network . com (Rob Peglar)
Cc:	firewalls @ GreatCircle . COM
In-reply-to:	Your message of "Fri, 27 Jan 1995 08:51:57 CST." <9501271449 . AA14270 @ anubis . network . com>

> From: robp @
 anubis .
 network .
 com (Rob Peglar)
> Subject: Re: Dynamically Re-arranged ACLs/ performance

> The NSC degraded approximately 8% (from 12,500 64-byte pps to 11,500
> pps) in overall IP forwarding rate.  The other two vendors degraded
> over 70%; both from 14,880 (wire rate) pps to 4,100 pps.

My personal philosophy (no, I am not cisco's spokesdroid) is that I'd rather
see folks name names and back up statements with hard data,  because that's
a lot easier to deal with than inuendo, whether it's towards one router vendor
or another (cf. the recent bit about Telebit's reordering ACLs).


Specificly, in the area of performance,  I tend to want to blow off anyone
who doesn't mention:

	vendor
	hardware platform
	software version
	configuration of router
	type of packets
	packet rate
	loss-determination parameters (how did you measure throughput)

References:

Re: Dynamically Re-arranged ACLs/ performance
From: robp @ anubis . network . com (Rob Peglar)

Indexed By Date	Previous:	IP Spoofing and Vendor's attitude From: Christopher Klaus <cklaus @ iss . net>
Indexed By Date	Next:	Re: Firewall-1 and TCP Sequence Number Spoofing From: gil @ checkpoint . com (Gil Shwed)
Indexed By Thread	Previous:	Re: Dynamically Re-arranged ACLs/ performance From: robp @ anubis . network . com (Rob Peglar)
Indexed By Thread	Next:	Re: Dynamically Re-arranged Access Lists? From: Dan Thorson <Dan_Thorson @ notes . seagate . com>