North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: High-speed filtering boxes (Was: Re: SYN floods...)

  • From: Paul Frommeyer
  • Date: Thu Sep 19 17:47:45 1996

In reply to your message of Thu, 19 Sep 1996 15:22:35 EDT:
 
| I am sure a question most of us has is, what kind of latency does your 
| filtering box add? Doing something at line rate is fine, but latency is 
| rather important at line speed.

Very low, on the order of tens of microseconds, if I remember correctly (the 
code itself is very small, only a couple hundred K). The PIX operates by 
switching on flows rather than routing, so latency is comparable to a switch. 
However, a word on latency since this urban myth seems to keep creeping back:

While a device with large latency, on the order hundreds of milliseconds
or even seconds, would obviously contribute some detriment to the data
path, ultimately the largest latency lies in the transmission media and 
the processing overhead on the end stations, and not the network nodes 
themselves. This is an old issue that goes 'way back, and it just won't seem
to die. I never like trying to address the issue of latency in a network
device, because invariably it isn't the real contributor to latency on a
network. 

In fact, many of the unwashed in the end user community confuse
latency with response time, and they are not the same nor are they necessarily
related.  Seconds-long response times due to congestion do not mean that
forwarding latency is at issue in any network devices, just like a traffic
jam at a major turnpike does not mean that the speed limits have been reduced
or the road surface degraded to where travel beyond a moderate speed is
impossible. There is just simply more traffic than the device can handle,
and things are going to back up-- but the packets are still being forwarded
through the device at the same rate.

Back to the PIX, since it filters and forwards at line rate, packets go out
as fast as they come in, eliminating the issue of congestion. And I've already
touched on the estimated latency for completeness.

Hope this helps,
	Cheers,
		Paul

                          Paul "Corwin" Frommeyer
        Work              Internet Engineer, CCIE               Play
 ISP Systems Engineer                                 Network Sorcerer At Large
 Cisco Systems, Inc.                                    Paul's Fone Company
 [email protected]                                       [email protected]
      *** Speaking solely for myself unless otherwise noted ***
- - - - - - - - - - - - - - - - -