Firewalls: Re: firewall performance limitations

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: firewall performance limitations
From:	George Mullins <george @ wicked . neato . org>
Date:	Mon, 24 Apr 1995 09:34:51 -0700
To:	Darren Reed <avalon @ coombs . anu . edu . au>
Cc:	mjr @ tis . com (Marcus J. Ranum), fc @ all . net, firewalls @ greatcircle . com
In-reply-to:	<199504241254 . FAA27295 @ miles . greatcircle . com>
References:	<26346 . 9504232203 @ illuminati> <199504241254 . FAA27295 @ miles . greatcircle . com>

 > The below test was performed between a SS5-85 (client pumping data)
 > and a SS2 (equiped with IP packet filter as per the tests) over ethernet.

This is comparing apples and oranges!

I didn't say that packet filter would have problems maintaining
ethernet speeds.  I said that the problem is with application relays.
Packet filters provide much better scalability to larger numbers of
connections and higher speed interfaces and do application relays that
much process all of the packets in a user level process.

	george

References:

Re: firewall performance limitations
From: "Marcus J. Ranum" <mjr @ tis . com>
Re: firewall performance limitations
From: Darren Reed <avalon @ coombs . anu . edu . au>

Indexed By Date	Previous:	Address/Port Translation From: daleh @ research . westlaw . com (Dale R. Henninger)
Indexed By Date	Next:	Cisco port logging From: lafko @ ici . com (David A. Lafko)
Indexed By Thread	Previous:	Re: firewall performance limitations From: David Miller <isdmill @ gatekeeper . ddp . state . me . us>
Indexed By Thread	Next:	Firewall Performance Limitations From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)