The performance index of selecting commercial firewall needs reference

1. Throughput test

This test is used to determine the maximum data transfer rate of a firewall in the case of receiving and sending packets without loss, and is the basis of other metrics to test the ability of the firewall to process data during normal operation. It reflects the packet forwarding capability of the firewall. Because the loss of one frame in the data stream can cause significant delays due to high level protocol latency, it is useful to know the actual maximum data transfer rate of the firewall. At the same time, this index can be used to judge the stability problem of firewall equipment exceeding its own load.

The higher throughput makes the firewall more suitable for the network environment where the network core layer has high traffic requirements, so that the firewall will not become the bottleneck of the network performance and will not affect the normal business communication.

2. Delay Test

Latency refers to the time interval from the last bit of the test data frame to the port of the measured device to the first bit of the test packet leaving at the other end of the device being measured.

The delay index is very important for some real-time sensitive applications, such as network telephony, video conferencing, database replication and so on, so good delay index is critical to evaluate the performance performance of firewall.

All frame-length delay tests are performed at 50% and 100% throughput rates, and are compared horizontally to the latency results of store forwarding. Single-Machine forwarding latency (one rule, 2 GE ports, bidirectional 2Gbps flow, tested at 50% and 100% throughput rates respectively).

3, packet loss rate test

The packet loss test is used to determine the percentage of packets lost by the firewall at different transmission rates, in order to test the performance of the firewall in the case of overload.

For finance, securities, E-commerce and other transactions involving online trading, the packet loss rate requirements are very harsh, even if there is a system structure error correction, proofreading mechanism, but a large number of packet loss rate will lead to frequent roll-back action, delay the important transactions in time, Affects the trader's confidence in the system and leads to the loss of the customer. Therefore, the packet loss rate index is very important to the banking system network.

For the frame length of 64~1518 byte, 40%, 70%, 100% line speed were used to test. Single machine packet loss rate (one rule, 2 GE ports, bidirectional 2Gbps flow rate, respectively, at the 40%,70% and 100% line speed of packet loss).

4. Concurrent Connection Test

This test is used to test the maximum number of TCP concurrent connections that a firewall can establish.