Select Performance Indicators for commercial firewalls

1. throughput Test

This test is used to determine the maximum data transmission rate of the firewall when packets are received and sent without being lost. It is used to test the data transmission and processing capability of the firewall during normal operation and is the basis of other indicators. It reflects the packet forwarding capability of the firewall. Because the loss of a frame in the data stream will lead to a significant delay due to the high-level protocol wait timeout, it is very useful to know the actual maximum data transmission rate of the firewall. In addition, this indicator can be used to determine the stability of firewall devices when they exceed their own load.

Higher throughput makes the firewall more suitable for network environments with high traffic requirements on the network core layer, so that the firewall does not become a network performance bottleneck and does not affect normal business communication.

2. latency test

Latency refers to the time interval from the last bit of the data frame to the start of the port of the tested device to the departure of the first bit of the test data packet from the other port of the tested device.

Latency indicators have a great impact on real-time sensitive applications, such as network phones, video conferencing, and database replication. Therefore, good latency indicators are very important for evaluating firewall performance.

Latency tests for all frame lengths are performed at 50% and 100% throughput rates. The latency results of storage forwarding are compared horizontally. Single-host forwarding latency (one rule, two GE ports, two-way 2 Gbps traffic, tested at 50% and 100% throughput respectively ).

3. Packet Loss Rate Test

The packet loss rate test is used to determine the percentage of data packets lost by the firewall at different transmission rates. This test aims to test the performance of the firewall under overload conditions.

For industries involving online transactions, such as finance, securities, and e-commerce, the packet loss rate requirement for data transmission is extremely demanding, even if the system structure has internal error correction and verification mechanisms, however, a large number of packet loss rates can lead to frequent roll-back operations, delaying the timely delivery of important transactions, affecting the confidence of traders in the system and leading to the loss of customers. Therefore, packet loss rate indicators are crucial to the banking system network.

For 64 ~ The frame length of 1518 bytes is measured at a speed of 40%, 70%, and 100% respectively. Packet Loss Rate on a single machine (one rule, two GE ports, two-way 2 Gbps traffic, packet loss rate at 40%, 70%, and 100% wire speeds respectively ).

4. Concurrent connection test

This test is used to test the maximum number of TCP concurrent connections established by the firewall.