RFC 9411

Benchmarking Methodology for Network Security Device Performance, March 2023

File formats:

icon for HTML icon for text file icon for v3pdf icon for XML
Also available: XML file for editing
RFC 3511
B. Balarajah
C. Rossenhoevel
B. Monkman
bmwg (ops)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9411

Discuss this RFC: Send questions or comments to the mailing list bmwg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9411


This document provides benchmarking terminology and methodology for next-generation network security devices, including next-generation firewalls (NGFWs) and next-generation intrusion prevention systems (NGIPSs). The main areas covered in this document are test terminology, test configuration parameters, and benchmarking methodology for NGFWs and NGIPSs. (It is assumed that readers have a working knowledge of these devices and the security functionality they contain.) This document aims to improve the applicability, reproducibility, and transparency of benchmarks and to align the test methodology with today's increasingly complex layer 7 security-centric network application use cases. As a result, this document makes RFC 3511 obsolete.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.

Advanced Search