[j-nsp] Cisco 7600 vs. M10i performance tests
Phil Rosenthal
pr at isprime.com
Wed Jun 1 13:30:04 EDT 2005
Well, I'll actually defend that practice. DoS attackers go after weak
points. If the box is particularly hurt at 64 byte packets, that's
what they'll send.
Also, even if they aren't trying to do that... Most syn flooders send
40 byte packets.
On Jun 1, 2005, at 1:24 PM, Craig Pierantozzi wrote:
> Check the packet sizes used in testing too. Running all 40 or
> 64 byte packets or unrealistic stream types is good for hero
> tests, but not realistic in real world deployments.
>
> Every box has strengths and weaknesses. Exploit them and you can
> always make the numbers work in your favor regardless of whether
> you're doing apples to apples or apples to oranges. :)
>
> regards
>
> On Jun 1, 2005, at 11:10 AM, Phil Rosenthal wrote:
>
>
>> I've been looking at that same report, and trying to make sense of
>> it.
>>
>> I have both devices in my network, and both seem to work well for
>> me. Then again, I'm not forwarding anywhere near 1.488Mpps per gig-
>> e, but rather something on the order of 300kpps per gig-e.
>>
>> If someone from juniper can post something to explain those results
>> I'd love to hear it (eg: what acl's/firewall filters did they use?) -
>> I am assuming (hoping?) this was with logging or counters enabled, or
>> something similarly dumb.
>>
>>
>
More information about the juniper-nsp
mailing list