Benchmarking Terminology for Firewall Performance
RFC 2647

Document Type RFC - Informational (August 1999; No errata)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 2647 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                       D. Newman
Request for Comments: 2647                        Data Communications
Category: Informational                                   August 1999

           Benchmarking Terminology for Firewall Performance

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Table of Contents

   1. Introduction...................................................2
   2. Existing definitions...........................................2
   3. Term definitions...............................................3
   3.1 Allowed traffic...............................................3
   3.2 Application proxy.............................................3
   3.3 Authentication................................................4
   3.4 Bit forwarding rate...........................................5
   3.5 Circuit proxy.................................................6
   3.6 Concurrent connections........................................6
   3.7 Connection....................................................7
   3.8 Connection establishment......................................9
   3.9 Connection establishment time.................................9
   3.10 Connection maintenance......................................10
   3.11 Conection overhead..........................................11
   3.12 Connection teardown.........................................11
   3.13 Connection teardown time....................................12
   3.14 Data source.................................................12
   3.15 Demilitarized zone..........................................13
   3.16 Firewall....................................................13
   3.17 Goodput.....................................................14
   3.18 Homed.......................................................15
   3.19 Illegal traffic.............................................15
   3.20 Logging.....................................................16
   3.21 Network address translation.................................16
   3.22 Packet filtering............................................17
   3.23 Policy......................................................17
   3.24 Protected network...........................................18
   3.25 Proxy.......................................................19
   3.26 Rejected traffic............................................19

Newman                       Informational                      [Page 1]
RFC 2647            Firewall Performance Terminology         August 1999

   3.27 Rule set....................................................20
   3.28 Security association........................................20
   3.29 Stateful packet filtering...................................21
   3.30 Tri-homed...................................................22
   3.31 Unit of transfer............................................22
   3.32 Unprotected network.........................................23
   3.33 User........................................................23
   4. Security considerations.......................................24
   5. References....................................................25
   6. Acknowledgments...............................................25
   7. Contact Information...........................................25
   8. Full Copyright Statement......................................26

1. Introduction

   This document defines terms used in measuring the performance of
   firewalls. It extends the terminology already used for benchmarking
   routers and switches with definitions specific to firewalls.

   Forwarding rate and connection-oriented measurements are the primary
   metrics used in this document.

   Why do we need firewall performance measurements? First, despite the
   rapid rise in firewall deployment, there is no standard method of
   performance measurement. Second, implementations vary widely, making
   it difficult to do direct performance comparisons. Finally, more and
   more organizations are deploying firewalls on internal networks
   operating at relatively high speeds, while most firewall
   implementations remain optimized for use over relatively low-speed
   wide-area connections. As a result, users are often unsure whether
   the products they buy will stand up to relatively heavy loads.

2. Existing definitions

   This document uses the conceptual framework established in RFCs 1242
   and 2544 (for routers) and RFC 2285 (for switches). The router and
   switch documents contain discussions of several terms relevant to
   benchmarking the performance of firewalls. Readers should consult the
Show full document text