Number of concurrent connections to firewalls

Source: Internet
Author: User
Tags end join firewall

The number of concurrent connections refers to the ability of a firewall or proxy server to handle its business information flow, is the maximum number of point-to-point connections that a firewall can handle at the same time, reflecting the ability of the firewall device to access and link state tracking for multiple connections, and the size of this parameter directly affects the maximum amount of information that the firewall can support.

The number of concurrent connections is an important index to measure the performance of firewalls. In the current market, the common firewall equipment in the manual can be seen, from low-end devices 500, 1000 concurrent connection, to high-end equipment tens of thousands of, hundreds of thousands of concurrent connection, there are several orders of magnitude difference. So what is the concept of concurrent connections? What impact does its size have on the user's daily usage? To understand the number of concurrent connections, you first need to understand a concept, that is, "session." This "conversation" is not our usual conversation, but can be used to understand the usual conversation, two people in the conversation, you a sentence, I, a question, we call it a dialogue, or call the conversation. Similarly, when we work with a computer, we open a window or a Web page, we can also call it a "session", extended to a local area network, all users to the Internet through the firewall, to open a number of Windows or Web page hair (that is, the session), then, this firewall, the maximum number of sessions can be processed , is the number of concurrent connections.

Like the router's routing table holds routing information, there is also a table in the firewall, which we call the concurrent join table, where the firewall is used to hold concurrent connection information, and it can dynamically allocate the memory space of the process after the firewall system starts, which is the maximum number of concurrent connections the firewall can support. Large concurrent connection tables can increase the maximum number of concurrent connections to the firewall, allowing the firewall to support more client terminals. Although it appears that the number of concurrent connections for similar products such as firewalls seems to be greater, the better. But at the same time, too large concurrent join table can also bring some negative effects:

1. The increase in the number of concurrent connections means the consumption of system memory resources

With each concurrent connection table entry occupying 300B calculation, 1000 concurrent connections will consume 300BX1000X8BIT/B≈2.3MB memory space, 10,000 concurrent connections will consume 23Mb of memory space, and 100,000 concurrent connections will occupy 230Mb memory space. And if you really try to implement 1 million concurrent connections, then this product will need to provide 2.24Gb of memory space!

2. Increase the number of concurrent connections should fully consider the processing capacity of the CPU

The main task of the CPU is to forward the traffic from one network segment to another network segment as quickly as possible, and in the process of forwarding the traffic according to a certain access control policy for license check, traffic statistics and access audit operations, This requires the firewall to continuously update read and write operations on the corresponding table entries in the Concurrent connection table. Regardless of the actual processing capacity of the CPU and rashly increase the system's concurrent connection table, it is bound to affect the firewall on the connection request processing delay, resulting in some connection timeout, so that more connection messages are sent back, resulting in more connection timeout, the final formation of avalanche effect, resulting in the entire firewall system crashes.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.