Testing High Performance Firewalls

Resiliency Testing of High Performance Firewalls

Agenda
Throughput
Packets Per Second
Latency
Connections Per Second
Simultaneous Sessions
Stacking It Up
Real Traffic
Resiliency Score

Throughput
3
What is it?
It’s all about ‘volume’
Why is it important?
Maximum transfer capability
How is it affected?
Packet size – for smaller packets we may become packet per second bound
File size – for smaller files we may become connection per second bound
Physical limits – bus/interface limits
How do we find it?
For UDP – Single or multiple streams of large packet sizes
For TCP – multiple HTTP GETs of 32K files

Packets Per Second
5
What is it?
It’s all about ‘pressure’
Small transaction characteristics
How is it affected?
Packet size – for larger packets we may become throughput bound
How do we find it?
Reduce packet size until you see packets per second maximize

Latency
7
What is it?
It’s all about ‘bursts’
Per packet (UDP)
Per transaction (TCP)
Transfer delay
How is it affected?
Hardware or software
Session setup
How do we find it?
Measure latency at 10%, 50%, 75%, and 90% utilization

Connections per second
9
What is it?
It’s all about ‘temperature’
Most everything is a connection
How is it affected?
Protocol type (ICMP, UDP, TCP, etc) – TCP hardest with the most state
Handled in CPU
How do we find it?
HTTP 1.0 connections transferring a single byte file

Connections per second (cont)
10
SYN handshake – 3 packets
FIN close – 3 packets
Data transfer – 4 packets
Total of 10 packets. Can be reduced
RST, piggyback gets, SACK – But this may be cheating

Simultaneous sessions
12
What is it?
It’s all about ‘streams’
How many parallel requests can you handle?
How is it affected?
Memory is the biggest factor
How do we find it?
Open, but do not complete sessions.
Once all sessions are open, transfer data and close sessions

Stacking it up
FortiGate-3950B

Real Traffic

Real Traffic
16
Why is it good?
More than one variable at a time
Protocol interaction
What makes it hard?
Difficult to repeat
Traffic is different for every customer
Can we test it?
Different mixes of application traffic
Standard background traffic with specific
security traffic

How? Attack Thyself!
Real Attacks
4,500 live security attacks
100+ evasions
Malware
Spam
DDoS and Botnet simulation
Custom attacks
Research and frequent updates
Real World Applications
150+ application protocols
Social media, peer-to-peer, voice, video
Web and enterprise applications, gaming
Custom applications
Frequent updates
Unprecedented Performance
120 Gbps blended application traffic
90M concurrent TCP sessions
3M TCP sessions/second
38 Gbps SSL bulk encryption

Resiliency Score
18
What is it?
Combines aspects of all previous tests to
produce a single comparable result
Can provide an easy way to compare different
devices to each other
How is it affected?
Device configuration
How do we find it?
Its as simple as clicking a button (just do it before you go home)

FortiGate 3950B
19

Questions and Answers
20

http://www.breakingpointsystems.com	107
http://blogs.ixiacom.com	29
http://breakingpointsystems.ten24web.com	2
url_unknown	1

Testing High Performance Firewalls

by Ixia

Accessibility

Categories

Upload Details

Usage Rights

4 Embeds 139

Statistics

Testing High Performance Firewalls Presentation Transcript