NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] [FW] CodeRed Scanner



Below is a link to a web site with a great tool called CodeRed Scanner,
which checks to see whether the Code Red worm has hit your systems:

http://www.eeye.com/html/Research/Tools/codered.html

**********************************
Roman Zeltser,
@National Computer Center,
RSIS & DNE
 


-----Original Message-----
From: Mark Decker [mailto:[email protected]]
Sent: Tuesday, July 24, 2001 9:39 PM
To: [email protected]
Cc: Chris Arnold
Subject: [FW1] Nokia IP330 vs. Compaq DL320 SolutionPaq




Chris Arnold wrote:
-----------------------
>Do you have any results from your internal tests as well as the testing
>criteria you could share with the group, Mark?

All,

I dug up the results of our benchmark testing of these two boxes, per
Chris's request, and here they are.  Hope you find this information
useful.  If not, remember what you paid for it. ;-) First, a few
disclaimers:

1) We did this testing purely to satisfy our own curiosity, and the
information comes with no warranties of any kind.  Neither Compaq nor
Nokia has verified our methods or our results.
2) YMMV. As with any benchmark, you should take it with a grain of salt.
Different testing methods inevitably yield different results.  That
said, we made every attempt to ensure a fair, apples-to-apples
comparison.  Also, we tested on identical test beds in a totally
isolated lab network, not a production environment.
3) These tests were performed in April on slightly older models from
both vendors.  Namely, the IP330 was equipped with an AMD K6-2 266Mhz
CPU with 64MB RAM, and the DL320 was equipped with an Intel P-III 800Mhz
and 256MB RAM.  Nokia is now shipping their IP330 units with a 400Mhz
processor (last I heard), and Compaq has similarly upgraded the DL320 to
a 1Ghz chip.

Test criteria and method:
---------------------------
- HTTP transfer of 1MB and 5MB files using Mercury Interactive's
LoadRunner, which is a popular commercial performance testing tool.
Results from multiple test runs averaged together.
- Check Point FireWall-1 version 4.1, and current OS revs from Compaq
and Nokia.
- We tested the Nokia both in the default configuration and with the
FLOWS feature enabled.  FLOWS accelerates throughput of regular IP
traffic, particularly long-lived connections and small packet sizes.  It
does not accelerate VPN traffic and is not compatible with FloodGate-1.
Some other problems have been reported with FLOWS, but I suspect Nokia
and CP will eventually get most of them resolved, if they haven't
already.
- HA tests were performed using two units in a hot-standby
configuration, state sync enabled.  VRRP on the Nokia versus the
built-in RainWall HA on the Compaq.  Lower fail-over times are better.
Passing a test means that the problem was detected and traffic shifted
transparently to the backup.  Failure means that problem was not
detected and/or transparent failover did not occur.
- Throughput here is defined very narrowly as unidirectional throughput
between two fast Ethernet ports.  Higher throughput numbers and lower
response times are better.  The maximum theoretical throughput possible
in such a test is 100Mbps.  Measurement of bi-directional or total
aggregate throughput through multiple interfaces, which would allow
higher throughput, was not attempted.

The Results:
------------

Performance:
               Compaq   Nokia   Nokia w/FLOWS
               ------   ------  ------
Throughput:     89.4     52.4    89.4   (Mbps)
Transaction
Response Time:  2.01     3.45    1.99   (msec)

High Availability:
               Compaq   Nokia
               ------   ------
Average fail-
over time:      3 sec    8 sec
Power off:       pass     pass
Cable pull:      pass     pass
Stop FW-1:       pass     fail
Unload policy:   pass     fail

Conclusions:
- Both boxes are more than capable of T3 speeds.  In the default
configuration, the Compaq was significantly faster than the Nokia, but
with FLOWS enabled on the Nokia, there was no significant difference
between the two in this particular test.
- It appears that the simple unidirectional test method and 100Mbps
wire-speed limit prevented both boxes from reaching their full
throughput potential, as they both registered identical top speeds.
This is likely because both reached the Ethernet saturation point before
the CPU saturation point.  It would be interesting to see an aggregate
total throughput test that simultaneously sends files through 3 or more
ports in multiple directions to determine the real maximum when the LAN
bottleneck is removed.
- Although we did not test VPN, Compaq will likely have an advantage for
VPN traffic, since VPN is CPU-intensive and does not benefit from FLOWS.

More information on Nokia IP330:
http://www.nokia.com/securitysolutions/platforms/330.html
More information on Compaq DL320 SolutionPaq:
http://www.compaq.com/solutions/security/solutionpaq.html

Best regards,

Mark L. Decker
Rainfinity - High Availability for [email protected]







============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====





============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.