And finally the throughput comparison of IPv6 and legacy IP on a Juniper ScreenOS firewall. Nobody needs this anymore since they are all gone. ;) But since I did the same speedtests for Palo Alto and FortiGates I was interested in the results here as well.
ScreenOS has no security profiles or threat preventions that could decrease the throughput such as on all next generation firewalls. Only mere access lists. That is: this test had only two cases: one for IPv6 and one for legacy IP.
My lab was almost the same as in the other tests linked above. Two Juniper SSG 140 firewalls with ScreenOS 6.3.0r24.0, Knoppix 7.7.1 on both end notebooks, iperf 2.0.9 running in both directions. I only used the 1000 Mbps interfaces eth0/8 and eth0/9 on both firewalls while there was an intermediary switch between them. In fact I tested the throughput crossing two identical firewalls, not only one.
The results show that there is a small discrepancy between both protocols. IPv4 is a bit faster with 836/833 Mbps (Tx, Rx) compared to 780/779 Mbps on IPv6:
However, to my mind that’s ok, at least since the official spec sheet from Juniper lists a firewall throughput of 350+ Mbps at all. Both values are far beyond that.
Here are two screenshots from the any-any policies for IPv4 and IPv6. I ran both tests a few times to minimize the spread of the tests.
Featured image: “concorde2” by bahcodeclub is licensed under CC BY-NC 2.0.