Throughput inspection

To measure large packets and streaming speed, I use two very useful tools: netperf and wget. Lets see how the RB750GL, with various configurations, affect the results:

RB750GL Netperf benchmark

Netperf enable us to distinctly test TCP and UDP performances. While our switch-only setup can approach the theoretic one-Gigabit maximum speed, our little firewall can, at most, give us about 152 Mbit/s with TCP and about 225 using UDP. These are not bad results at all: considering its small cost, its pure firewall results were impressive. Also consider that this kind of firewall is generally used in front of a Internet line with far lower maximum throughput. String and regular expression matching speed are again very good, above my expectations.

However, with the typical encrypt / encap / decap / decrypt workload imposed by a IPSec VPN, we get far lower sustained transfer speed: with 3DES encryption we have only 5.8 Mb/sec, while the AES128 mode give us a quite higher 12.1Mb/sec (with added security).

What about the wget result? Lets see:

RB750GL wget performance

Wget shown us a picture in-line with netperf's ones: note the very good firewall / string / regexp speed and the low 3DES and AES128 performances.