没有合适的资源?快使用搜索试试~ 我知道了~
RFC3511防火墙性能基准测试方法借鉴.pdf
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 182 浏览量
2021-12-25
23:01:03
上传
评论
收藏 167KB PDF 举报
温馨提示
试读
28页
RFC3511防火墙性能基准测试方法借鉴.pdf
资源推荐
资源详情
资源评论
测评技术体系
之测试方法篇
(测试文档)
RFC3511 Benchmarking Methodology for Firewall Performance ,2003.4
北京国信网安信息系统测评技术实验室
测评技术文章
第 2 页 共 28 页
Benchmarking Methodology for Firewall Performance
RFC3511 ,2003.4
Network Working Group B. Hickman
Request for Comments: 3511 Spirent Communications
Category: Informational D. Newman
Network Test
S. Tadjudin
Spirent Communications
T. Martin
GVNW Consulting Inc
Status of this Memo
This memo provides information for the Internet community. It does not specify an
Internet standard of any kind. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved.
Abstract
This document discusses and defines a number of tests that may be used to describe
the performance characteristics of firewalls. In addition to defining the tests, this
document also describes specific formats for reporting the results of the tests. This
document is a product of the Benchmarking Methodology Working Group (BMWG) of the
Internet Engineering Task Force (IETF).
1 INTRODUCTION · ·········································································································· 4
2 REQUIREMENTS ·········································································································· 4
3 SCOPE ·························································································································· 5
4 TEST SETUP ················································································································· 5
4.1 T
EST
C
ONSIDERATIONS
···························································································· 6
4.2 VIRTUAL CLIENTS /SERVERS ······················································································ 6
4.3 T
EST
T
RAFFIC
R
EQUIREMENTS
················································································· 6
4.4 DUT/SUT T
RAFFIC
F
LOWS
······················································································· 6
4.5 MULTIPLE CLIENT /SERVER TESTING ·········································································· 7
4.6 N
ETWORK
A
DDRESS
T
RANSLATION
(NAT) ································································· 7
4.7 R
ULE
S
ETS
·············································································································· 7
4.8 W
EB
C
ACHING
·········································································································· 7
4.9 A
UTHENTICATION
······································································································ 7
4.10 TCP S
TACK
C
ONSIDERATIONS
·················································································· 8
5 BENCHMARKING TESTS ····························································································· 8
5.1 IP T
HROUGHPUT
······································································································ 8
5.1.1 Objective ········································································································· 8
5.1.2 Setup Parameters ··························································································· 8
测评技术文章
第 3 页 共 28 页
5.1.3 Procedure ········································································································ 8
5.1.4 Measurement ·································································································· 8
5.1.5 Reporting Format ···························································································· 9
5.2 C
ONCURRENT
TCP C
ONNECTION
C
APACITY
····························································· 9
5.2.1 Objective ········································································································· 9
5.2.2 Setup Parameters ··························································································· 9
5.2.3 Procedure ······································································································ 10
5.2.4 Measurements ······························································································ 10
5.2.5 Reporting Format ·························································································· 11
5.3 M
AXIMUM
TCP C
ONNECTION
E
STABLISHMENT
R
ATE
··············································· 11
5.3.1 Objective ······································································································· 11
5.3.2 Setup Parameters ························································································· 12
5.3.3 Procedure ······································································································ 12
5.3.4 Measurements ······························································································ 12
5.3.5 Reporting Format ·························································································· 13
5.4 M
AXIMUM
TCP C
ONNECTION
T
EAR
D
OWN
R
ATE
····················································· 13
5.4.1 Objective ······································································································· 13
5.4.2 Setup Parameters ························································································· 14
5.4.3 Procedure ······································································································ 14
5.4.4 Measurements ······························································································ 14
5.4.5 Reporting Format ·························································································· 15
5.5 D
ENIAL
O
F
S
ERVICE
H
ANDLING
··············································································· 15
5.5.1 Objective ······································································································· 15
5.5.2 Setup Parameters ························································································· 15
5.5.3 5.5.3 Procedure ····························································································· 15
5.5.4 Measurements ······························································································ 16
5.5.5 Reporting Format ·························································································· 16
5.6 HTTP T
RANSFER
R
ATE
·························································································· 16
5.6.1 Objective ······································································································· 16
5.6.2 Setup Parameters ························································································· 16
5.6.3 Procedure ······································································································ 17
5.6.4 Measurements ······························································································ 17
5.6.5 Reporting Format ·························································································· 18
5.7 M
AXIMUM
HTTP T
RANSACTION
R
ATE
····································································· 19
5.7.1 Objective ······································································································· 19
5.7.2 Setup Parameters ························································································· 19
5.7.3 Procedure ······································································································ 19
5.7.4 Measurements ······························································································ 20
5.7.5 Reporting Format ·························································································· 20
5.8 I
LLEGAL
T
RAFFIC
H
ANDLING
···················································································· 20
5.8.1 Objective ······································································································· 20
5.8.2 Setup Parameters ························································································· 20
5.8.3 Procedure ······································································································ 21
5.8.4 Measurements ······························································································ 21
测评技术文章
第 4 页 共 28 页
5.8.5 Reporting Format ·························································································· 21
5.9 IP F
RAGMENTATION
H
ANDLING
················································································ 21
5.9.1 Objective ······································································································· 21
5.9.2 Setup Parameters ························································································· 21
5.9.3 Procedure ······································································································ 22
5.9.4 Measurements ······························································································ 22
5.9.5 Reporting Format ·························································································· 23
5.10 L
ATENCY
················································································································ 23
5.10.1 Objective ······································································································· 23
5.10.2 Setup Parameters ························································································· 23
5.10.3 Network-layer procedure ··············································································· 23
5.10.4 Application layer procedure ·········································································· 24
5.10.5 Measurements ······························································································ 24
5.10.6 Network-layer reporting format ····································································· 24
5.10.7 Application-layer reporting format ································································· 25
6 REFERENCES · ··········································································································· 25
6.1 N
ORMATIVE
R
EFERENCES
······················································································· 25
6.2 I
NFORMATIVE
R
EFERENCES
···················································································· 25
7 SECURITY CONSIDERATIONS · ················································································ 25
8 APPENDIX A: HTTP (HYPERTEXT TRANSFER PROTOCOL) ································· 26
9 APPENDIX B: CONNECTION ESTABLISHMENT TIME MEASUREMENTS · ··········· 26
10 APPENDIX C: CONNECTION TEAR DOWN TIME MEASUREMENTS · ··············· 27
11 AUTHORS' ADDRESSES ························································································ 27
1 Introduction
This document provides methodologies for the performance benchmarking of firewalls.
It covers four areas: forwarding, connection, latency and filtering. In addition to defining
tests, this document also describes specific formats for reporting test results. A previous
document, "Benchmarking Terminology for Firewall Performance" [1], defines many of the
terms that are used in this document. The terminology document SHOULD be consulted
before attempting to make use of this document.
2 Requirements
In this document, the words that are used to define the significance of each particular
requirement are capitalized. These words are:
"MUST" ,This word, or the words "REQUIRED" and "SHALL" mean that the item is an
absolute requirement of the specification.
"SHOULD" ,This word or the adjective "RECOMMENDED" means that there may exist
valid reasons in particular circumstances to ignore this item, but the full implications
测评技术文章
第 5 页 共 28 页
should be understood and the case carefully weighed before choosing a different course.
"MAY" ,This word or the adjective "OPTIONAL" means that this item is truly optional.
One vendor may choose to include the item because a particular marketplace requires it or
because it enhances the product, for example; another vendor may omit the same item.
An implementation is not compliant if it fails to satisfy one or more of the MUST
requirements. An implementation that satisfies all the MUST and all the SHOULD
requirements is said to be "unconditionally compliant"; one that satisfies all the MUST
requirements but not all the SHOULD requirements is said to be "conditionally compliant".
3 Scope
Firewalls can control access between networks. Usually, a firewall protects a private
network from public or shared network(s) to which it is connected. A firewall can be as
simple as a single device that filters packets or as complex as a group of devices that
combine packet filtering and application-level proxy and network translation services.
This document focuses on benchmarking firewall performance, wherever possible,
independent of implementation.
4 Test Setup
Test configurations defined in this document will be confined to dual-homed and
tri-homed as shown in figure 1 and figure 2 respectively.
Firewalls employing dual-homed configurations connect two networks. One interface
of the firewall is attached to the unprotected network [1], typically the public network
(Internet). The other interface is connected to the protected network [1], typically the
internal LAN. In the case of dual-homed configurations, servers which are made
accessible to the public (Unprotected) network are attached to the private (Protected)
network.
+----------+ +----------+
| | | +----------+ | | |
| Servers/ |----| | | |------| Servers/ |
| Clients | | | | | | Clients |
| | |-------| DUT/SUT |--------| | |
+----------+ | | | | +----------+
Protected | +----------+ | Unprotected
Network | | Network
Figure 1 (Dual-Homed)
Tri-homed [1] configurations employ a third segment called a Demilitarized Zone
(DMZ). With tri-homed configurations, servers accessible to the public network are
attached to the DMZ. Tri-Homed configurations offer additional security by separating
server(s) accessible to the public network from internal hosts.
+----------+ +----------+
| | | +----------+ | | |
| Clients |----| | | |------| Servers/ |
| | | | | | | Clients |
+----------+ |-------| DUT/SUT |--------| | |
| | | | +----------+
| +----------+ |
Protected | | | Unprotected
Network | Network
剩余27页未读,继续阅读
资源评论
cy18065918457
- 粉丝: 0
- 资源: 7万+
下载权益
C知道特权
VIP文章
课程特权
开通VIP
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于mysql和python的学生选课系统【课程设计(实验报告+源码)】
- PxCook-像素大厨Windows版本安装包
- aspose-words-23.12-jdk16 有水印
- [大模型部署]在C# Winform中使用文心一言ERNIE-3.5 4K 聊天模型
- python毕业设计-基于Django+OpenCV的二维码生成与识别系统设计与实现.zip
- python毕业设计-基于Django+OpenCV的二维码生成与识别系统设计与实现+使用说明.zip
- 基于STM32单片机空气监测系统设计源码+详细文档+配套全部资料(毕业设计).zip
- rdf0412-kcu116-pcie-c-2019-1.zip(XILINX KCU116 源码)
- 基于C#语言的winform界面火车票订票系统(源码+实验报告)
- 【华为OD部分真题及讲解】华为OD部分真题及讲解
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功