Compaq ProLiant 1000 Performance Analysis and Tuning of Raptor's Eagle NT 3.06 - Page 18

Network Speed, Firewall Rules, Disk Controller

Get Compaq ProLiant 1000 PDF manuals and user guides View all Compaq ProLiant 1000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

278A/0497 WHITE PAPER (cont.) ... Network Speed In Run #10, the 100Mb hubs were replaced with 10Mb hubs to show the degradation of performance by the network. The overall negative percent difference that was shown by the network, from 1 to 72 virtual clients, was 2%. The lows were down to 10% negative difference for 24 virtual clients and 7% negative percent difference for 48 virtual clients from the base system. The purpose was to show how the network affects performance. Theoretically, the collision rate on the 10Mb network would be higher under such loads than the 100Mb network and thus the performance degrade. To show that the firewall can handle throughputs of more than 10Mb per second please refer to the Other Systems and Configurations subsection and Test Results with HTTP Only section. 100 Firewall Rules Run #14 applied 100 rules to the firewall rule set to show the performance hit on the firewall system. The overall performance decrease by using 100 rules, was 16% from the base system. These rules included adding user-defined protocol as well as most of the standard protocols found in the SERVICES file. The reasons for the decline is that the FTP daemon does not support caching of the rules so each packet is checked via the rule base as it is routed through the firewall. HTTP, however, does support caching of the rules. The HTTPD cache is updated by the rule base once per minute. HTTP only transfers provide less of a performance hit on the firewall system as described in the section Test Results with HTTP Only. Disk Controller The base run used a PCI Smart-2 Array Controller card with 1 disk at Raid 0. The tests here show the ON BOARD PCI SCSI Controller, EISA Smart-2 Array Controller card with 1 disk at Raid 0, and Smart-2 Array Controller PCI with 4 disks at Raid 0. Raid 0 possesses the highest performance to disk IO but provides no mechanism for data recovery. These tests were run to show what affect the disk controller/disk combination used with Raid 0 had on the writes to the log file from the firewall software. Logging was moderate to heavy, tracking every connection, disconnect, FTP GET, rules authorization for HTTP and FTP, and other FTP statistics. Each log file contained 8 to 10 megabytes of data after each run. The overall average percent differences for runs #12, #13, and #15 did not exceed 0.05%. This small performance difference is attributed to the fact that Raptor's Eagle NT 3.06 Firewall system flushes log file information in batch processes. For heavy loads, log file writes are done every few seconds instead of updating the log file for every system event. This allows the firewall to concentrate more on passing data than writing log file information and stops the log file generator from being a bottleneck on the system. 18

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
W
HITE
P
APER
(cont.)
18
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
278A/0497
Network Speed
In Run #10, the 100Mb hubs were replaced with 10Mb hubs to show the degradation of
performance by the network. The overall negative percent difference that was shown by the
network, from 1 to 72 virtual clients, was 2%. The lows were down to 10% negative difference
for 24 virtual clients and 7% negative percent difference for 48 virtual clients from the base
system. The purpose was to show how the network affects performance. Theoretically, the
collision rate on the 10Mb network would be higher under such loads than the 100Mb network
and thus the performance degrade.
To show that the firewall can handle throughputs of more
than 10Mb per second please refer to the Other Systems and Configurations subsection and Test
Results with HTTP Only section.
100 Firewall Rules
Run #14 applied 100 rules to the firewall rule set to show the performance hit on the firewall
system. The overall performance decrease by using 100 rules, was 16% from the base system.
These rules included adding user-defined protocol as well as most of the standard protocols found
in the SERVICES file. The reasons for the decline is that the FTP daemon does not support
caching of the rules so each packet is checked via the rule base as it is routed through the firewall.
HTTP, however, does support caching of the rules. The HTTPD cache is updated by the rule base
once per minute.
HTTP only transfers provide less of a performance hit on the firewall system as
described in the section Test Results with HTTP Only.
Disk Controller
The base run used a PCI Smart-2 Array Controller card with 1 disk at Raid 0. The tests here show
the ON BOARD PCI SCSI Controller, EISA Smart-2 Array Controller card with 1 disk at Raid 0,
and Smart-2 Array Controller PCI with 4 disks at Raid 0. Raid 0 possesses the highest
performance to disk IO but provides no mechanism for data recovery.
These tests were run to
show what affect the disk controller/disk combination used with Raid 0 had on the writes to the
log file from the firewall software. Logging was moderate to heavy, tracking every connection,
disconnect, FTP GET, rules authorization for HTTP and FTP, and other FTP statistics.
Each log
file contained 8 to 10 megabytes of data after each run.
The overall average percent differences
for runs #12, #13, and #15 did not exceed
0.05%. This small performance difference is attributed
to the fact that Raptor’s Eagle NT 3.06 Firewall system flushes log file information in batch
processes.
For heavy loads, log file writes are done every few seconds instead of updating the
log file for every system event. This allows the firewall to concentrate more on passing data than
writing log file information and stops the log file generator from being a bottleneck on the
system.