1. Stateless parameters
In OSI layered
architecture layer 2 devices relate to physical interfaces, these devices
perform task of picking a packet from an interface and deliver it to
appropriate destination. Layer 2 technologies such as ethernet employ such
features, thus two important stateless parameters that define performance
characteristics for these devices are: Firewall Throughput (bps) and Forwarding
The throughput element is
measured in bits per second (bps) and is especially important for a Layer 2
device that forwards frames to a physical port locating destination MAC
address. This bps aspect has a drawback i.e. metric itself cannot disclose
number of frames (or packets) are flowing per second through the device.
The forwarding capacity attribute
is expressed in packets per second (PPS) and results as an element for evaluating
router performance. After creating the routing table, router forward packets
according to available information, irrespective of packet size, using an
output interface and next-hop combination that lead to desired destination.
Bandwidth and Packet
Forwarding Rate are also related. The attributes such as Maximum frame rate
(minimum frame size) and Maximum Throughput (Maximum Frame Size) depends on implemented
layer 2 technologies like ethernet, token-ring etc.
There are various inspection checks in a
stateful firewall, these checks are based on conditions and rules applied for
inspecting traffic travelling from both the interfaces. A stateful device as
mentioned keeps track of all states of a packet or a connection, hence in
context of these devices various other attributes define performance metrics. For
example, arrival of TCP SYN packets notify initiation of TCP connection. this
information includes five-tuple for the connection i.e. the source IP Address,
destination IP Address, source port, destination port, and protocol (TCP). After
this information about a connection is stored in a stateful device, it can
resume its normal operation of forwarding and filtering.