On October 26th in Paris, Spirent joined Check Point at the introduction event of their high-end firewall, the 61000 appliance. It’s a blade-based chassis. Adding more blades gives you more performance because you have more cores, memory and so on. This architecture is nothing new. What’s new is the level of performance we measured.
Spirent supported Check Point with their live performance demos in a close session with their top customers. I did the set-up and presentation on behalf of Spirent. Here are some graphs of what we found:
We reached 650,000 new TCP connections per second (with 1k HTTP payload, this is not raw TCP). We measured a Time to Syn/ACK (and even Time to First Byte) remained between 0.1 and 1 millisecond. The page response time was below the millisecond. The open connections were a little on the high end, with around 400 open, which is a bit high for such test ; but given the sheer rate at which we were throwing SYNs, for me this is okay (but that’s just a personal opinion).
We then moved on to the Throughput test.Just throughput, with IPS turned on using the Recommended (not Default) profile. We reached 50+ Gbps (backplane, so incoming + outgoing) with some power left. For this test we used a traffic blend of DNS (10%), SMTP (4%) and HTTP (remainder). This required about 110,000 new TCP connections per second. This last value only would kill most existing medium- to high-end devices.
I was simply too impressed to see that kind of performance level, without any Active/Active set up, to not mention it on this blog . I can’t wait to test some customer requests on this device to run some more tests.