Gail Ferrerira, Product Marketing Manager at Crossbeam, Interop 2012 presentation at Spirent booth.
Jointly Developed:Industry-Leading Network Security Methodology
Rather than test for a single inflated number:
- Jointly defined realistic test:
- Enable 3G and 4G mobile operators to accurately test and predict expected network security performance
Jointly executed:
- Simulated mobile user behavior
- Emulated mobile user traffic
- Obtained comprehensive performance metrics
Learn more about how we developed the test methodology for high performance firewalls: http://bit.ly/K49DV0
Download the case study here: http://bit.ly/LarfAT
2. Network Security
for large enterprises, Service
Providers & Government
organizations, offering:
Performance/Scalability
Gail Ferreira Reliability
Product Marketing
Multiple best-of-breed
applications on 1 platform
3. Jointly Developed:
Industry-Leading Network Security Methodology
Rather than test for a single inflated number:
2011
– Jointly defined realistic test:
• Enable 3G and 4G mobile operators to accurately test
and predict expected network security performance
– Jointly executed:
• Simulated mobile user behavior
• Emulated mobile user traffic
• Obtained comprehensive performance metrics
3
4. The Actual Test
8 x Spirent Avalanche 3100B L4-7 Testers
• HTTP, DNS, SMTP, POP3 & OS/app updates
• Emulated behaviors – page load times, wait
times, read times
Realistic Topology
• Single routing table
Crossbeam X80-S (9.6)
• Check Point Security Gateway R75.20
• Firewall and optionally NAT and/or IPS
Users Simulated 12,646,275
Page Render Time 10-121ms
Layer 7 Transactions
175,547,400
4
5. Impact of NAT and IPS
Firewall Forwarding Performance by Test Run
Source: EANTC
5
6. Validation of Real World Performance
Simultaneous metrics to demonstrate the 2011
security, number of subscribers and QoE that an
LTE carrier delivers with realistic packet sizes:
• Firewall plus negligible impact with NAT and IPS
• 242,000 Stateful connections per second, plus
42,000 new DNS flows per second
• 4,000,000 Concurrent tcp connections
• 580,000 Objects per second
• 106 Gbps Real world throughput
• 42,000 Smartphones activated per second
• Approximately 1,000,000 subscribers supported
“A new benchmark for high
performance firewall testing”
-- Gabriel Brown, Sr. Analyst 6
Questions to be askedWelcome and thank you for joining us at Interop 2012 Las Vegas. Today we have special guest <name> who will be discussing a recent test that was conducted of their Crossbeam X80 Platform with Check Point firewall.
Questions to be askedHi Gail Ferreira (Fur-air-a). Special thanks for joining us today. Can you tell the audience a little about yourself and your company?
So Gail, what was different about this test – didn’t you want to just show the maximum performance of your box?Rather than structuring a test to yield the highest possible number, we wanted to jointly define a test that would accurately predict expected network security performanceon the SGI in 4G/LTE environments.So we worked with EANTC and Heavy Reading as well as Spirent to define a test that would:Simulate users & their behavior, not just bits of data flying aroundThese users, in sum emulate the mobile networkA methodology like this is the most realistic way to effectively validate and allow comparison of different network security devices.
Gail – how did you set up the test?Test Environment – 4 pairs of Spirent Avalanche 3100B w/Crossbeam in the center forwarding traffic from one set of Avalanche testers to another set.In fact Spirenttermed the Crossbeam as having “super-class capabilities” given the volume it could handle!--- simulated users – lots of users - 12B during the 5 minute steady state of the test--- and therefore emulated a massively scaledmobile operator’s network – of 20M subscriber network – handled with a singleCrossbeam platform.So let’s take a deeper look at what was going in the Crossbeam device.Crossbeam --- running Check Point Secure Gateway and received the traffic from 4 Spirent Avalance (L4-7) testers & forwarded that traffic to another set of from 4 Spirent Avalance (L4-7) testers - that simulated 1+ mobile clients cycling through a LOT of transactions.All runs had firewall, and optionally added NAT and/or IPSThe test ramped so during the 5 minutes at steady state: the volumes included 12B users & 175B L7 transactions! So let’s look at the results …
Typically enabling NAT & IPS has a huge impact on performance. It’s a massive problem …. unless you use Crossbeam.
So overall, what did the results show?all metrics recorded simultaneously – on the same run --- not a separate run to maximize each measure.And Heavy Reading analyzed EANTC recorded results, and claimed that this test is a NEW BENCHMARK FOR HIGH PERFORMANCE FIREWALL TESTING
Gail, so this test was of a mobile operators network – pretty heavy load there. So how would that be applicable for others, maybe with less severe requirements?Whether Mobile, Financial Trading, branch offices --- whatever metric that drives your businessKey is to develop a test and use it to size for your network.
Questions to be askedThank again <name> for your time today. If there are questions from the audience, please make sure to discuss with our guest speaker. If you have any questions how Spirent can help you, please make sure to speak with one of our booth staff.Thank you again and enjoy the show.