Fortinet recently selected Spirent to independently validate the performance of one of its new Data Center firewall: the FortiGate-3810D. Fortinet has been a Spirent customer for years.
Validating a new firewall is always interesting and one of the key metrics of this test was to measure the impact – if any – of IPv6 on performance when compared to IPv4 on Fortinet’s new Network Processor (NP6). Typically IPv6 traffic takes a bit longer to process for network devices with the added overhead of 128 bit addressing.
The Test Bed
The test bed consisted of up to eight Spirent Avalanche C100 appliances with 10G interfaces and Avalanche Commander test software, a Spirent N11U chassis with 4x100GbE interfaces and TestCenter software, the FortiGate-3810D with six 100GbE interfaces, and an off-the-shelf switch to forward Avalanche’s multiple 10GbE traffic to the FortiGate’s ports. We needed to load each interface of the device under test (DUT) equally while going as high as possible on the performances. This was accomplished by aggregating 10G interfaces to reach the needed performance as well as having maximum flexibility is test setup
Once all the networks and virtual routers were configured on Spirent Avalanche Commander and the correct VLANs set on the switch, the network topology was ready to be tested.
Despite the scale and comprehensive nature of the test bed we achieved 100% successful transactions on the first run! And we managed to get to 290 Gbps of realistic HTTP/IPv4 traffic straightaway.
In a separate test bed we connected the Spirent Test Center MX-100G-F2 100 GbE modules directly to the FortiGate. This allowed us to run UDP traffic over IPv4 and IPv6 while measuring the one-way latency of the device. The DUT was able to forward 320 Gbps of this traffic with packets as small as 512 bytes.
As for the Layer 4-7 traffic, we found that with both IPv4 and IPv6 traffic, 290 Gbps of sustained throughput was achieved, an impressive level of 100 million concurrent sessions and a maximum connection establishment rate of 550,000 connections per second over different tests. In all cases it didn’t seem that the FortiGate was impacted by the IPv6 traffic any differently than with the IPv4 one.