We began this evaluation by measuring
the internal processing throughput of the packet engine, which empowers the real-world benchmarks performed later. These were performed internally using H/OS utilities operating at socket and IPC level.
Internal throughput benchmark
| Test |
Throughput |
Configuration |
Notice |
| Stateful |
> 5 Gbps |
1000+ rules |
Packet engine test |
| IDS |
700 Mbps |
1000+ rules |
Intrusion detection test |
| Cipher |
Throughput |
Configuration |
Notice |
| AES |
> 5.3 Gbps |
AES-128-CBC (EVP) |
In-processor instructions |
| 3DS |
263 Mbps |
DES3 (EVP) |
HIFN accelerator |
| DES |
422 Mbps |
DES-CBC (EVP) |
HIFN accelerator |
Real-world throughput benchmark
These tests provide actual real-world usage benchmarks. We have measured the total TCP throughput that one SX-101 can handle. The test was performed between several Pentium 4 computers running at 2 GHz, loaded with Windows 2000/2003 and the IPerf benchmark application. The firewall itself had the latest software and was loaded with 1000 different rules (does not affect performance noticeably).
All tests were run 10 times to provide reliable values and performed with a TCP window size from 1 to 8000 bytes (with the same result). The IPSec tests were performed between two SX-101 units.
| Interfaces |
Throughput |
Configuration |
Notice |
| LAN/WAN |
2 x 94 Mbps |
1000+ rules |
Wires were saturated |
| All interfaces |
4 x 91 Mbps |
1000+ rules |
Wires almost saturated |
| Cipher |
Throughput |
Configuration |
Notice |
| AES |
53 Mbps |
AES 128/SHA1 |
| 3DES |
53 Mbps |
3DES 192/SHA1 |
| DES |
53 Mbps |
DES 64/SHA1 |
Copyright © 2008 Halon Security | Phone
+46-31-301 19 20 | Fax +46-31-301 19 39
Olskroksgatan 30, SE-416 66 Gothenburg,
Sweden
Get rid of spam, right now. Try the SX or SPG product series for free.
Attend our free, one-day, workshop seminars in Gothenburg, Malmö or Stockholm.