Benchmarking Methodology for Network Security Device Performance
RFC 9411, “Benchmarking Methodology for Network Security Device Performance”, is an Informational document published in March 2023 by B. Balarajah, C. Rossenhoevel, B. Monkman. It obsoletes RFC 3511. The canonical text is published by the RFC Editor.
Abstract
This document provides benchmarking terminology and methodology for next-generation network security devices, including next-generation firewalls (NGFWs) and next-generation intrusion prevention systems (NGIPSs). The main areas covered in this document are test terminology, test configuration parameters, and benchmarking methodology for NGFWs and NGIPSs. (It is assumed that readers have a working knowledge of these devices and the security functionality they contain.) This document aims to improve the applicability, reproducibility, and transparency of benchmarks and to align the test methodology with today's increasingly complex layer 7 security-centric network application use cases. As a result, this document makes RFC 3511 obsolete.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 9411 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9410 Handling of Identity Header Errors for Secure Telephone Identity Revisited
- RFC 9412 The ORIGIN Extension in HTTP/3
- RFC 9409 The 'sip-trunking-capability' Link Relation Type
- RFC 9413 Maintaining Robust Protocols
- RFC 9408 A YANG Network Data Model for Service Attachment Points
- RFC 9414 Unfortunate History of Transient Numeric Identifiers
- RFC 9407 Tetrys: An On-the-Fly Network Coding Protocol
- RFC 9415 On the Generation of Transient Numeric Identifiers