Hi, David, Thanks so much for your feedback! -- Comments in-line....
On 04/17/2014 12:26 PM, David Newman wrote: > > The use of RFC 2544-esque metrics for firewall performance testing > mostly benefits ill-informed or unscrupulous firewall marketeers, who > send 1500-byte UDP packets and then brag about excellent performance. > > For firewalls handling TCP traffic, upper-layer traffic metrics such as > HTTP object size, concurrent connection capacity, and connection setup > rate are a lot more meaningful. > > The RFC 2544/2889 approach is OK if you only ever use your firewall as a > router or a switch. The performance of a firewall used as an L2-L7 > device should be measured with L2-L7 traffic. Are you referring to this text from our document? > REQ GEN-5: > The firewall MUST include performance benchmarking documentation. > Such documentation MUST include information that reflects firewall > performance with respect to IPv6 packet, but also regarding how > IPv6 traffic may affect the performance of IPv4 traffic. The > aforementioned documentation MUST be, at the very least, > conditionally-compliant with both [RFC3511] and [RFC5180] (that > is, it MUST support all "MUST" requirements in such documents, and > may also support the "SHOULD" requirements in such documents). > > NOTE: This is for operators to spot be able to identify cases > where a devices may under-perform in the presence of IPv6 > traffic (see e.g. [FW-Benchmark]). XXX: This note may be > removed before publication if deemed appropriate. Because he RFCs we reference do require to make the measurements as you describe... Thanks! Best regards, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
