From: Howard C. Berkowitz (hcb@gettcomm.com)
Date: Thu Mar 25 2004 - 17:45:51 GMT-3
At 1:56 PM -0600 3/25/04, Raymond Jett \(rajett\) wrote:
>Let me turn my badge over and state that is is my opinion and not the
>opinion of my employer:
>
>Make sure you read some of those 'shootouts' with a grain of salt...
>
>There are companies in the industry that are known to make the company that
>is paying for the test the winner in the results.
>
>I forget who said it... There are 3 kinds of lies: Lies, Damn Lies, and
>Statistics.
Benjamin Disraeli, I think.
I like a more recent formulation that really applies nicely to vendor
tests: "statistics are like a bikini. What they reveal is
suggestive, but what they conceal is vital."
Apropos of such tests, the Internet-Draft I coauthored on defining
single-box BGP convergence is finally coming up for RFC approval on
April 2...hopefully it will be approved. One of the delays was that
the approving board wouldn't let us have six coauthors, and Alvaro
Retana of Cisco gracefully allowed us to put his name under a special
acknowledgement. He's an author as far as the rest of us are
concerned.
It was an interesting process to have engineers from Cisco, Juniper,
Nortel and NextHop all collaborate on defining performance. Yes, we
had all sorts of nice engineering reasons to do so, but everybody was
motivated, to a significant extent, to be REALLY TIRED of salesdroids
throwing out meaningless single numbers for characterizing
performance. There is no meaningful way to describe convergence with
a single number, although you can define a reasonable set of
benchmarks with reasonable conditions.
>
>In other words, check multiple sources and look for packet flows
>strangeness... Like how many of your packets are really 64byte packets? How
>many are full size? How many are jumbo? What is a 'real world test'?
>
>If you understand your environment and understand the test metrics, it is
>easy to see the smoke & mirrors in the test results.
>
>:D
>
>Note: I didn't slam any company out there... I didn't say one was better
>than the other... All I said was do your homework before you believe the
>test results. I'm not trying to start a war here on the mail list ;)
>
>Raymond
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Chris Larson
>Sent: Thursday, March 25, 2004 1:16 PM
>To: Wright, Jeremy; security@groupstudy.com
>Cc: ccielab@groupstudy.com
>Subject: RE: PIX vs. Netscreen
>
>
>It has been some time since I have worked with Netscreen, but I have noticed
>they continually beat out competition including Cisco in most firewall
>"shootouts". I am concerned about Juniper now owning them as Juniper has no
>experience in the firewall/security market but that is probably minor... who
>knows.
>
>The netscreen is gui through a browser, lacks (or did) any good debugging
>for troubleshooting but is very simple. If you understand the basics of
>firewalling and VPN this is very easy to deploy. At the time Netscreen was
>about to introduce the 1000 that was vlan aware. Of course now so is the
>FWSM but. I think the netscreen is an excellent and easy to use product for
>its pricing that apparently outperforms most other firewalls according to
>independant "shootouts".. I would imagine that has to do with the design
>around ASICS rather then a processor. Price to performance, you prolly can't
>beat it. Feature wise though it may be lacking....
>
>Chris #12380
>
>
>
>
> -----Original Message-----
> From: Wright, Jeremy [mailto:wright@admworld.com]
> Sent: Wed 3/24/2004 11:35 AM
> To: 'security@groupstudy.com'
> Cc: 'ccielab@groupstudy.com'
> Subject: PIX vs. Netscreen
>
>
>
> Has anyone had experience with both of these products? If so, what
>are the advantages/disadvantages of both? Thanks.
>
>
>
>
>
>
>
> *****************************************
> Jeremy Wright
> CCIE# 11168
> Network Engineer
> Archer Daniels Midland
> wright@admworld.com
> (217)451-4063
>
> *****************************************
>
>
> CONFIDENTIALITY NOTICE:
> This message is intended for the use of the individual or
>entity to which it is addressed and may contain information that is
>privileged, confidential and exempt from disclosure under applicable law.
>If the reader of this message is not the intended recipient or the employee
>or agent responsible for delivering this message to the intended recipient,
>you are hereby notified that any dissemination, distribution or copying of
>this communication is strictly prohibited.
> If you have received this communication in error, please
>notify us immediately by email reply or by telephone and immediately delete
>this message and any attachments. In the U.S. call us toll free at (800)
>637-5843.
> Spanish, French, French (Canada), Portuguese, Polish,
>German, Dutch, Turkish, Russian, Japanese and Chinese:
>http://www.admworld.com/confidentiality.htm.
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:48 GMT-3