Abstract

RapidStream, Inc. commissioned The Tolly Group to benchmark the performance of its RapidStream 8000 (Gigabit Ethernet) and RapidStream 6000 (Fast Ethernet) firewall/VPN security appliances. The Tolly Group subjected both devices to a battery of tests to determine bidirectional packet per second (pps) UDP packet throughput, bidirectional file-transfer application throughput and bidirectional UDP packet latency during maximum zero-loss utilization.

RapidStream’s 8000 and 6000 security appliances are designed to provide high-performance firewall and VPN services without the steep throughput penalties often associated with inspection, encryption, and authentication. In Tolly Group testing, both products were evaluated as single-rule firewalls and as IPSec gateways using 3DES and SHA-1, with measurements covering zero-loss UDP throughput, bidirectional file-transfer application throughput, and latency under maximum sustainable load.  

The Gigabit Ethernet-based RapidStream 8000 delivered the stronger overall results. As a single-rule firewall, it reached 620Mbit/s of zero-loss bidirectional throughput with 1,518-byte packets. As an IPSec gateway with 3DES and SHA-1 enabled, it achieved 300Mbit/s with 1,440- and 1,518-byte packets and 200Mbit/s with 1,024-byte packets. The Fast Ethernet-based RapidStream 6000 also performed well, reaching full-duplex wire speed of 200Mbit/s as a firewall with 1,518-byte packets and up to 156Mbit/s as an IPSec gateway with 1,440-byte packets. Tolly notes that IPSec performance declines at the largest frame sizes mainly because encrypted packets require fragmentation.  

Application-level testing with NetIQ Chariot showed similar trends. In bidirectional file-transfer tests, the RapidStream 8000 delivered 489Mbit/s in firewall mode and 220Mbit/s as an IPSec gateway, compared with a 630Mbit/s baseline with no security processing. The RapidStream 6000 delivered 179Mbit/s as a firewall and 115Mbit/s as an IPSec gateway, versus a 185Mbit/s unsecured baseline. These results suggest that both devices retain a large share of baseline application throughput while adding firewall and VPN functionality.  

Latency remained relatively low across the test range. The RapidStream 6000 stayed under 600 microseconds in firewall mode for most packet sizes and below 1,000 microseconds as an IPSec gateway. The RapidStream 8000 stayed under 510 microseconds as a firewall and below 700 microseconds as an IPSec gateway. Overall, the report positions the RapidStream 8000 for high-bandwidth Gigabit Ethernet security deployments and the RapidStream 6000 for Fast Ethernet environments that need strong firewall and VPN performance at near-wire-speed rates.  

Note: RapidStream was founded in 1998. It was acquired by WatchGuard in early 2002. WatchGuard integrated the core technology into its VPN and firewall product lines.