On Dec 19, 2007, at 7:11 AM, Jordi Espasa Clofent wrote:
The idea is put the FW, obviously, between the Cta6 wire and the main
gigabit switch. because of that I buildup de FW as a bridge.
Okay.
So, I need to benchmark the FW with little size packets. The question
is
¿Is there any tool which generates small packets traffic to benchmark
the network performance as iperf or netperf does?
Iperf can, it just won't automatically tune itself. It's been a while
since I ran tests with it, but based on memory and the current docs for
it...
What you want to do is test using UDP packets (--udp), setting --length
as appropriate (see below) and running tests with --bandwidth set to
different levels. During each test run, pay attention to the loss
reports. Under normal conditions there should be no loss at all; you'll
start seeing minor loss as you approach the limits of what your
equipment can handle, and then massive loss when you go past the limit.
The report from the highest --bandwidth setting you can use with no
loss is your benchmark. With these kinds of tests, the more interesting
result tends to be "packets per second" rather than transferred data
bandwidth.
Because a lot of gear has trouble with high rates of small packets,
even when they can handle massive amounts of bandwidth, you may need to
get at least 2 machines on each side of the firewall running these
tests at the same time. Otherwise you could end up benchmarking the
test machines instead of the firewall :) Test without the firewall
first to find their limits.
For setting the UDP payload sizes, you need to know:
Ethernet header: 18 bytes
IP header: 20 bytes
UDP header: 8 bytes
Maximum ethernet frame size is 1518 bytes, so the highest --length to
give iperf is 1472. For the minimum ethernet frame of 64, use --length
18. If I remember correctly, iperf has some lower limit on --length
that won't let you use 18, so you may need to go a bit higher. As I
said it's been a while though, so I don't remember what that limit is.
I believe netperf has similar abilities, but I've never used it.
Hope this helps.
