

SyFi: A Systematic Approach for Estimating Stateful Firewall Performance

12 years 8 months ago
SyFi: A Systematic Approach for Estimating Stateful Firewall Performance
Due to the lack of a standardized methodology for reporting firewall performance, current datasheets are designed for marketing and provide inflated throughput measurements obtained under unrealistic scenarios. As a result, customers lack usable metrics to select a device that best meets their needs. In this paper, we develop a systematic approach to estimate the performance offered by stateful firewalls. To do so, we first conduct extensive experiments with two enterprise firewalls in a wide range of configurations and traffic profiles to identify the characteristics of a network’s traffic that affect firewall performance. Based on the observations from our measurements, we develop a model that can estimate the expected performance of a particular stateful firewall when deployed in a customer’s network. Our model ties together a succinct set of network traffic characteristics and firewall benchmarks. We validate our model with a third enterprise-grade firewall, and ...
Yordanos Beyene, Michalis Faloutsos, Harsha V. Mad
Added 25 Apr 2012
Updated 25 Apr 2012
Type Journal
Year 2012
Where PAM
Authors Yordanos Beyene, Michalis Faloutsos, Harsha V. Madhyastha
Comments (0)