Compaq ProLiant 1000 Performance Analysis and Tuning of Raptor's Eagle NT 3.06
Compaq ProLiant 1000 Manual
 |
View all Compaq ProLiant 1000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Compaq ProLiant 1000 manual content summary:
- Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 1
HTTP Only 20 Conclusions 23 Appendix A 24 Appendix B 25 278A/0497 ... Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Firewall on Compaq Servers As firewalls make their mark as a security measure used to protect intranetworks, it is not clear what is lost from network performance when - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 2
products other than its own strictly as stated in Compaq product warranties. Compaq, ProLiant, and SmartStart, registered United States Patent and Trademark Office. Netelligent and ProSignia are trademarks and/or service marks of Compaq Computer Corporation. Other product names mentioned herein may - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 3
278A/0497 WHITE PAPER (cont.) ... INTRODUCTION The intent of this paper is to help answer questions about performance of firewalls so that logical decisions can be made for capacity planning using Raptor's Eagle NT 3.06 firewall product. A base line for a specified firewall system is defined, - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 4
data can also be collected, such as throughput in bits per second. The benchmark itself uses a client/server architecture, and each client runs a configuration file that tells it which server to connect to, how long to maintain the connection, and which URLs to fetch. WebBench WebBench reports two - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 5
. Internal networks reside in the private area. • DMZ - the network area unsecured by the firewall. Usually Internet servers are located here such as Web Servers, News Servers, DNS Servers, FTP Servers, etc. • Hostile Zone - or public area, is the cloud of the Internet or the outside network. NSTL - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 6
- Allow All • Hostile/DMZ to Private - Allow only to specified servers. Logging affects the firewall throughput; therefore moderate logging is used. This logs number of virtual clients was 1, 12, 24, 32, 36, 48, 60, and 72. This approach in the number of virtual clients used shows how the firewall - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 7
Software for client machines server01 - server06 ProLiant 2000, 2Pentium/90, 32 MB RAM, 1 EISA NetFlx-3 10/100 NIC, ON BOARD SCSI, 2 GB Drive Windows NT 4.0 Server, Service Pack2 Microsoft IIS 3.0 configured with FTP and HTTP Table 3: Client and Server Hardware Makeup Eagle NT 3.06 Firewall - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 8
of the firewall for the base system. Machine Hardware OS Software firewall01 ProLiant 5000, 64 MB RAM, 1-Pentium PRO 200/512K cache, 2 EISA NetFlx-3 10/100 NICs, PCISmart-2 Ctrl, 1-2 GB Drive Windows NT 3.51 Server, Service Pack 5 Raptor's Eagle NT 3.06 firewall software and Hawk GUI. Table - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 9
depending on the rule set. HTTP transfers from the outside to the inside must be directed to the firewalls outside interface. If an inside HTTP server has been configured as in Screen 2, the firewall checks the rule base to ensure that traffic is allowed to pass, then makes a connect request to - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 10
Characteristics The various hardware options used in the tests are described below. Each hardware configuration change made was re-configured using the Compaq system partition utilities found by pressing the F10 key during the system bootup process. Processor Processor Pentium Pro Uni and Dual - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 11
RAM RAM MB 32 64 128 256 Bus Subsystem Bus Type - EISA and PCI Compaq NetFlx-3 10/100 card Compaq S2-Array Controller card Drive Controller / Disks Drive Controller Disks Compaq /disabling). By default, using SmartStart, performance enhancement is enabled. Specify -f 0 to disable it. 11 - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 12
disabled. This is not usually a problem. Since HTTP traffic is so Services\cpqnf3(#)\Parameters Add the following parameter: MaxReceives = REG_DWORD 0x1F4 = 500 • Increases the number of MaxReceives counters for Compaq ProLiant 5000 system • 1-Pentium Pro 200 MHz Processor, 512K cache • 64 MB RAM - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 13
THE FIREWALL The table below represents the different configurations using the Compaq ProLiant 5000 System. A * on the row indicates the configuration first test run is the base system. Test Run Processor Type and MHz RAM NIC Disk/Drive MaxRecv Network HTTP MB BUS Controller, # Buffers Mb - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 14
ProLiant 5000. Test 19 is considered as a base system for HTTP only traffic through the firewall. Again the * represents the change from the base system. Run Processor RAM two parts based on test runs with HTTP and FTP transactions and test runs with HTTP only transactions. In both parts, results - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 15
base system, test run 1, consists of the ProLiant 5000 system, 1Pentium Pro 200 MHz, 512K cache processor, 64 MB RAM, 2-EISA NetFlx-3 10/100, PCI Smart Run- Run #1 1100 1000 900 800 TPM 700 600 500 400 300 200 100 0 1 12 24 32 36 48 Number of Virtual Clients 60 72 Graph 1: Base - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 16
w/256m b R AM Graph 2: Base Run with 128 MB and 256 MB RAM NIC Bus Type Two PCI NetFlx-3 10/100 NICS replaces two EISA Netflx-3 10/100 for this test. The graph of this run is displayed in Graph 3. 1100 1000 900 800 700 600 500 400 300 200 100 0 Run #4 in - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 17
difference increase from the base system is higher because the HTTP daemon supports the switch for no DNS Lookups and FTP currently does not. Please cache processor was added to the base system. Review Graph 4 below for results. 1100 1000 900 800 700 600 500 400 300 200 100 0 Run #9 in TPM 1 12 - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 18
of the standard protocols found in the SERVICES file. The reasons for the decline is that the FTP daemon does not support caching of the rules so each packet rule base as it is routed through the firewall. HTTP, however, does support caching of the rules. The HTTPD cache is updated by the rule base - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 19
System Run #11 adds a Pentium Pro 200-512K cache processor, 256 MB RAM, sets MaxRecieve buffers for NetFlx-3 cards to 500, changes to PCI bus for together shows, the combined performance enhancements. Refer to Graph 6 for the results. 1100 1000 900 800 700 600 500 400 300 200 100 0 1 Run #11 in TPM - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 20
#16, #17, and #18 in TPM 1100 1000 900 800 700 600 500 400 300 200 100 0 Prosignia 500, P120 Proliant 800, PP200, 256C Proliant 4500, P133 1 12 24 32 36 48 56 72 Virtual Clients Graph 7: ProSignia 500, ProLiant 800, ProLiant 4500 The low-end server, the ProSignia 500, had an overall average of - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 21
The base system, test run 1, consists of the ProLiant 5000 system, 1Pentium Pro 200 MHz, 512 cache processor, 64Mb RAM, 2-EISA NetFlx-3 10/100, PCI S2-Array base system. Failures remained at 0.0%. Run #20 and Run #21 TPM 2400 2100 1800 1500 1200 900 600 300 0 1 12 24 32 36 48 56 72 V irtual C - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 22
to the firewall rule set to show the decrease in performance. Graph 10 displays the decrease in performance. Run #22 in TPM 2400 2100 1800 1500 1200 900 600 300 0 1 12 24 32 36 48 56 72 Virtual Clients HTTP Only Base Run Base Run + 100 Rules Graph 10: Base Run - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 23
HTTP only tests. This software switch is turned on by default in SmartStart installations of Raptor's Eagle NT 3.06 product to give higher performance using a firewall for any environment. As a result, using Compaq servers and adding specific hardware and software components can reduce this - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 24
278A/0497 WHITE PAPER (cont.) ... APPENDIX A DNS hosts and host.pub files for Raptors Eagle NT 3.06 firewall setup. %systemroot%\system32\drivers\etc\hosts 10.10.10.50 aaa.testbed.com aaa 10.10.10.1 10.10.10.2 10.10.10.5 10.10.10.4 10.10.10.6 client01.testbed.com client02.testbed.com - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 25
24 2400 32 3200 36 3600 48 4800 60 6000 72 7200 Run8 1 100 12 1200 24 2400 32 3200 36 3600 48 4800 60 6000 72 7200 25 TPM 300.26 589 1.50 0.72 0.83 0.80 7.56 296.19 549.55 576.93 462.17 572.76 588.60 583.49 771.93 0.00 0.92 0.92 1.41 1.06 6.48 0.75 13.89 305.70 716 - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 26
35 732.57 616.26 701.10 753.75 906.89 %Failures 0.00 0.92 1.42 1.44 1.47 4.60 1.45 11.79 267.27 580.00 520.36 537.21 551.82 536.85 616.07 547.19 0. 03 0.88 10.42 0.79 303.77 732.67 1008.81 969.93 953.11 1035.70 1017.86 1025.60 0.00 0.92 1.13 1.50 1.39 1.38 1.45 1.42 299.24 557.59 586.42 487.19 - Compaq ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 27
395.33 394.27 402.16 400.86 0.00 0.08 0.50 0.41 0.28 0.27 0.23 0.18 307.40 1408.41 1889.15 2016.70 2085.60 2092.46 2124.07 2145.73 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 327.70 1433.30 1975.51 2098.05 2268.31 2428
-
1 -
2 -
3 -
4 -
5 -
6 -
7 -
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
 |
 |
W
HITE
P
APER
1
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
278A/0497
April 1997
Prepared By
Intranet/Groupware
Solutions Group
Compaq Computer
Corporation
C
ONTENTS
Introduction
.....................
3
Executive Summary
..........
3
Benchmark Tools
.............
3
NSTL Methodology
of Internet Firewalls
.........
4
Configuration
........................
4
Test Bed Setup
.....................
7
Hardware and
Software Tuning
Characteristics
...............
10
Hardware Characteristics
.....
10
Software Characteristics
......
11
Base System
.......................
12
Test Configurations
of the Firewall
................
13
Evaluation of
Results
.........................
14
Tests results with HTTP
and FTP Transactions
..........
14
Tests Results
with HTTP Only
...................
20
Conclusions
...................
23
Appendix A
....................
24
Appendix B
....................
25
Performance Analysis and Tuning of
Raptor’s Eagle NT 3.06 Firewall on
Compaq Servers
As firewalls make their mark as a security measure used to protect intranetworks, it is
not clear what is lost from network performance when security is implemented. Today,
the lack of multi-protocol benchmark tools makes it difficult to determine network
performance through firewalls. Since few tools are available and most are used to
determine http performance, determining the loss of network performance and what
can be done to improve it remains difficult.
This paper looks at performance of firewalls using Raptor’s Eagle NT 3.06 product on
Compaq servers, and the popular protocols ftp and http. It answers questions about
the level of hardware needed to address capacity planning, software tuning
parameters for the system and firewall, and what to expect in performance gains and
losses while incorporating a secure environment for internet connections.