BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterprise Firewalls
•
0 j'aime•963 vues
BreakingPoint and Fortinet present "How To Measure the Performance, Security, and Stability of Your Enterprise Firewall" at the 2011 RSA Conference.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterprise Firewalls
Similaire à BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterprise Firewalls (20)
Plus de Ixia
Plus de Ixia (19)
BreakingPoint & Fortinet RSA Conference 2011 Presentation: Evaluating Enterprise Firewalls
- 1. How To Measure the Performance, Security and Stability of Your Enterprise Firewall February 16th at 2:30 pm
- 2. Agenda • Throughput • Packets Per Second • Latency • Connections Per Second • Simultaneous Sessions • Stacking It Up • Real Traffic
- 3. Throughput What is it? It’s all about ‘volume’ Why is it important? Maximum transfer capability How is it affected? Packet size – for smaller packets we may become packet per second bound File size – for smaller files we may become connection per second bound Physical limits – bus/interface limits How do we find it? For UDP – Single or multiple streams of large packet sizes For TCP – multiple HTTP GETs of 32K files 3
- 5. Packets Per Second What is it? It’s all about ‘pressure’ Why is it important? Small transaction characteristics How is it affected? Packet size – for larger packets we may become throughput bound How do we find it? Reduce packet size until you see packets per second maximize 5
- 7. Latency What is it? It’s all about ‘bursts’ Per packet (UDP) Per transaction (TCP) Why is it important? Transfer delay How is it affected? Hardware or software Session setup How do we find it? Measure latency at 10%, 50%, 75%, and 90% utilization 7
- 9. Connections per second What is it? It’s all about ‘temperature’ Why is it important? Most everything is a connection How is it affected? Protocol type (ICMP, UDP, TCP, etc) – TCP hardest with the most state Handled in CPU How do we find it? HTTP 1.0 connections transferring a single byte file 9
- 10. Connections per second (cont) SYN handshake – 3 packets Data transfer – 4 packets FIN close – 3 packets Total of 10 packets. Can be reduced RST, piggyback gets, SACK – But this may be cheating 10
- 11. Simultaneous sessions What is it? It’s all about ‘streams’ Why is it important? How many parallel requests can you handle? How is it affected? Memory is the biggest factor How do we find it? Open, but do not complete sessions. Once all sessions are open, transfer data and close sessions 11
- 13. Stacking it up FortiGate-3950B
- 14. Real Traffic
- 15. Real Traffic Why is it good? More than one variable at a time Protocol interaction What makes it hard? Difficult to repeat Traffic is different for every customer Can we test it? Different mixes of application traffic Standard background traffic with specific security traffic 15
- 16. How? Attack Thyself! Real Attacks • 4,500 live security attacks • 100+ evasions • Malware • Spam • DDoS and Botnet simulation • Custom attacks • Research and frequent updates Real World Applications • 150+ application protocols • Social media, peer-to-peer, voice, video • Web and enterprise applications, gaming • Custom applications • Frequent updates Unprecedented Performance • 120 Gbps blended application traffic • 90M concurrent TCP sessions • 3M TCP sessions/second • 38 Gbps SSL bulk encryption