datatracker.ietf.org
Sign in
Version 5.6.2.p2, 2014-07-24
Report a bug

Benchmarking Terminology for Firewall Performance
RFC 2647

Document type: RFC - Informational (August 1999; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Document shepherd: No shepherd assigned

IESG State: RFC 2647 (Informational)
Responsible AD: (None)
Send notices to: No addresses provided

Network Working Group                                       D. Newman
Request for Comments: 2647                        Data Communications
Category: Informational                                   August 1999

           Benchmarking Terminology for Firewall Performance

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Table of Contents

   1. Introduction...................................................2
   2. Existing definitions...........................................2
   3. Term definitions...............................................3
   3.1 Allowed traffic...............................................3
   3.2 Application proxy.............................................3
   3.3 Authentication................................................4
   3.4 Bit forwarding rate...........................................5
   3.5 Circuit proxy.................................................6
   3.6 Concurrent connections........................................6
   3.7 Connection....................................................7
   3.8 Connection establishment......................................9
   3.9 Connection establishment time.................................9
   3.10 Connection maintenance......................................10
   3.11 Conection overhead..........................................11
   3.12 Connection teardown.........................................11
   3.13 Connection teardown time....................................12
   3.14 Data source.................................................12
   3.15 Demilitarized zone..........................................13
   3.16 Firewall....................................................13
   3.17 Goodput.....................................................14
   3.18 Homed.......................................................15
   3.19 Illegal traffic.............................................15
   3.20 Logging.....................................................16
   3.21 Network address translation.................................16
   3.22 Packet filtering............................................17
   3.23 Policy......................................................17
   3.24 Protected network...........................................18
   3.25 Proxy.......................................................19
   3.26 Rejected traffic............................................19

Newman                       Informational                      [Page 1]
RFC 2647            Firewall Performance Terminology         August 1999

   3.27 Rule set....................................................20
   3.28 Security association........................................20
   3.29 Stateful packet filtering...................................21
   3.30 Tri-homed...................................................22
   3.31 Unit of transfer............................................22
   3.32 Unprotected network.........................................23
   3.33 User........................................................23
   4. Security considerations.......................................24
   5. References....................................................25
   6. Acknowledgments...............................................25
   7. Contact Information...........................................25
   8. Full Copyright Statement......................................26

1. Introduction

   This document defines terms used in measuring the performance of
   firewalls. It extends the terminology already used for benchmarking
   routers and switches with definitions specific to firewalls.

   Forwarding rate and connection-oriented measurements are the primary
   metrics used in this document.

   Why do we need firewall performance measurements? First, despite the
   rapid rise in firewall deployment, there is no standard method of
   performance measurement. Second, implementations vary widely, making
   it difficult to do direct performance comparisons. Finally, more and
   more organizations are deploying firewalls on internal networks
   operating at relatively high speeds, while most firewall
   implementations remain optimized for use over relatively low-speed
   wide-area connections. As a result, users are often unsure whether
   the products they buy will stand up to relatively heavy loads.

2. Existing definitions

   This document uses the conceptual framework established in RFCs 1242
   and 2544 (for routers) and RFC 2285 (for switches). The router and
   switch documents contain discussions of several terms relevant to
   benchmarking the performance of firewalls. Readers should consult the

[include full document text]