We began this evaluation by measuring the internal processing throughput of the packet engine, which empowers the real-world benchmarks performed later. These were performed internally using H/OS utilities operating at socket and IPC level.
Internal throughput benchmark
| Test |
Throughput |
Configuration |
Notice |
| Stateful |
> 10 Gbps |
1000+ rules |
Packet engine test |
| IDS |
1 Gbps |
1000+ rules |
Intrusion detection test |
| Cipher |
Throughput |
Configuration |
Notice |
| AES |
> 524 Gbps |
AES-128-CBC (EVP) |
|
| 3DS |
511 Mbps |
DES3 (EVP) |
|
| DES |
567 Mbps |
DES-CBC (EVP) |
|
Real-world throughput benchmark
These tests provide actual real-world usage benchmarks. We have measured the total TCP throughput that one SX-101 can handle. The test was performed between several Pentium 4 computers running at 2 GHz, loaded with Windows 2000/2003 and the IPerf benchmark application. The firewall itself had the latest software and was loaded with 1000 different rules (does not affect performance noticeably).
All tests were run 10 times to provide reliable values and performed with a TCP window size from 1 to 8000 bytes (with the same result). The IPSec tests were performed between two SX-101 units.
| Interfaces |
Throughput |
Configuration |
Notice |
| LAN/WAN |
2 x 900 Mbps |
1000+ rules |
Wires were saturated |
| Cipher |
Throughput |
Configuration |
Notice |
| AES |
250 Mbps |
AES 128/SHA1 |
| 3DES |
250 Mbps |
3DES 192/SHA1 |
| DES |
250 Mbps |
DES 64/SHA1 |
Copyright © 2008 Halon Security | Phone
+46-31-301 19 20 | Fax +46-31-301 19 39
Olskroksgatan 30, SE-416 66 Gothenburg,
Sweden
Get rid of spam, right now. Try the SX or SPG product series for free.
Attend our free, one-day, workshop seminars in Gothenburg, Malmö or Stockholm.