How To Measure the Performance, Security and Stability of Your Enterprise FirewallFebruary 16th at 2:30 pm

Agenda

• Throughput• Packets Per Second• Latency• Connections Per Second• Simultaneous Sessions• Stacking It Up• Real Traffic

Throughput

3

What is it?

It’s all about ‘volume’

Why is it important?

Maximum transfer capability

How is it affected?

Packet size – for smaller packets we may become packet per second bound

File size – for smaller files we may become connection per second bound

Physical limits – bus/interface limits

How do we find it?

For UDP – Single or multiple streams of large packet sizes

For TCP – multiple HTTP GETs of 32K files

Packets Per Second

5

What is it?

It’s all about ‘pressure’

Why is it important?

Small transaction characteristics

How is it affected?

Packet size – for larger packets we may become throughput bound

How do we find it?

Reduce packet size until you see packets per second maximize

Latency

7

What is it?

It’s all about ‘bursts’

Per packet (UDP)

Per transaction (TCP)

Why is it important?

Transfer delay

How is it affected?

Hardware or software

Session setup

How do we find it?

Measure latency at 10%, 50%, 75%, and 90% utilization

Connections per second

9

What is it?

It’s all about ‘temperature’

Why is it important?

Most everything is a connection

How is it affected?

Protocol type (ICMP, UDP, TCP, etc) – TCP hardest with the most state

Handled in CPU

How do we find it?

HTTP 1.0 connections transferring a single byte file

Connections per second (cont)

10

Total of 10 packets. Can be reduced

RST, piggyback gets, SACK – But this may be cheating

SYN handshake – 3 packets Data transfer – 4 packets FIN close – 3 packets

Simultaneous sessions

11

What is it?

It’s all about ‘streams’

Why is it important?

How many parallel requests can you handle?

How is it affected?

Memory is the biggest factor

How do we find it?

Open, but do not complete sessions.

Once all sessions are open, transfer data and close sessions

Stacking it up

FortiGate-3950B

Real Traffic

Real Traffic

15

Why is it good?

More than one variable at a time

Protocol interaction

What makes it hard?

Difficult to repeat

Traffic is different for every customer

Can we test it?

Different mixes of application traffic

Standard background traffic with specific

security traffic

How? Attack Thyself!Real Attacks• 4,500 live security attacks• 100+ evasions• Malware• Spam• DDoS and Botnet simulation• Custom attacks• Research and frequent updates

Real World Applications• 150+ application protocols• Social media, peer-to-peer, voice, video• Web and enterprise applications, gaming• Custom applications• Frequent updates

Unprecedented Performance• 120 Gbps blended application traffic• 90M concurrent TCP sessions• 3M TCP sessions/second• 38 Gbps SSL bulk encryption

Questions and Answers

17