HP ProLiant 1000 Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir
HP ProLiant 1000 Manual
View all HP ProLiant 1000 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP ProLiant 1000 manual content summary:
- HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 1
Configurations of the Firewall 13 Evaluation of Results 14 Tests results with HTTP and FTP Transactions.......... 14 Tests Results with HTTP Only 20 Conclusions 23 Appendix A 24 Appendix B 25 278A/0497 ... Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Firewall on Compaq Servers - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 2
product or products that were tested. The configuration or configurations tested or described may or may not be Compaq product warranties. Compaq, ProLiant, and SmartStart, registered United States Patent and Trademark Office. Netelligent and ProSignia are trademarks and/or service marks of Compaq - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 3
. Variable hardware and software components modified in the tests include memory, bus architecture, drive controller, network speed, Raptor's Eagle on a 10 Mb network because of higher collision rates. • Software configurable tests with HTTP Cache on, resulted in increased performance in both HTTP/ - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 4
The benchmark itself uses a client/server architecture, and each client runs a configuration file that tells it which server to connect to, how long to security, and slow networks. NSTL Benchmark This benchmark was designed specifically to stresses the ability of the firewall to route traffic based - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 5
minute. (See Figure 1) Inside Outside Figure 1: Test Bed Configuration Three areas determine security zones: • Private Zone - the secure area unsecured by the firewall. Usually Internet servers are located here such as Web Servers, News Servers, DNS Servers, FTP Servers, etc. • Hostile Zone - or - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 6
used to determine the amount of traffic the virtual clients send to the virtual servers is a configurable item for the methodology. For configurations used in test runs contained in this paper, each virtual server receives the percentages of HTTP and FTP requests from the virtual clients as listed - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 7
machines server01 - server06 ProLiant 2000, 2Pentium/90, 32 MB RAM, 1 EISA NetFlx-3 10/100 NIC, ON BOARD SCSI, 2 GB Drive Windows NT 4.0 Server, Service Pack2 Microsoft IIS 3.0 configured with FTP and HTTP Table 3: Client and Server Hardware Makeup Eagle NT 3.06 Firewall Setup of Base System - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 8
5000, 64 MB RAM, 1-Pentium PRO 200/512K cache, 2 EISA NetFlx-3 10/100 NICs, PCISmart-2 Ctrl, 1-2 GB Drive Windows NT 3.51 Server, Service Pack 5 Raptor's Eagle NT 3.06 firewall software and Hawk GUI. Table 4: Firewall Hardware and Software Makeup Firewall configuration with Eagle NT 3.06 - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 9
the rules are configured to allow access from Private clients to Private servers, Private clients to DMZ/Hostile Servers, and DMZ/Hostile clients to specified Private servers. The convention of Inside and Outside mapping to Private and DMZ/Hostile was used. Also, note that specific rules must exist - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 10
base system. Only one software/hardware configuration change at a time was made from configurations in order to increase performance. It of individual configuration changes, since how to make the configuration changes in hardware and software configuration change made was re-configured using the Compaq - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 11
(cont.) ... RAM RAM MB 32 64 128 256 Bus Subsystem Bus Type - EISA and PCI Compaq NetFlx-3 10/100 card Compaq S2-Array Controller card Drive Controller / Disks Drive Controller Disks Compaq S2Array Controller PCI Raid 0 - No Fault Tolerant, 1 and 5 disks, Pagefile size = 200 Compaq S2Array - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 12
MaxReceives counters for Compaq Netelligent 10/100TX Network Controller to 500. (The default is 100.) • Specifies the maximum number of receive lists the driver allocates for receive frames Base System • ProLiant 5000 system • 1-Pentium Pro 200 MHz Processor, 512K cache • 64 MB RAM • 2-EISA NetFlx - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 13
16, 17, 18 listed in the table below are for the Compaq ProSignia 500, ProLiant 800, and ProLiant 4500 respectively. These runs were done to show differences between hardware configurations and processor speeds. Run Processor RAM NIC Disk/Drive MaxRecv Network HTTP Type and MHz MB BUS Controller - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 14
change from the base system. Run Processor RAM NIC Disk/Drive MaxRecv Network HTTP Type and parts based on test runs with HTTP and FTP transactions and test runs with HTTP only transactions. In both parts of Test Configurations of the Firewall section. Subsections are Base System, Memory, NIC Bus - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 15
ProSignia systems and was run to show performance on lower-end systems. Base System The base system, test run 1, consists of the ProLiant 5000 system, 1Pentium Pro 200 MHz, 512K cache processor, 64 MB RAM for all runs was under 1%. Memory Run #2 and #3 increase memory from the base system up to - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 16
1000 900 800 700 600 500 400 300 200 100 0 1 12 24 32 36 48 56 72 V irtual C lients Base Run Base w/128m b R AM Base w/256m b R AM Graph 2: Base Run with 128 MB and 256 MB RAM NIC Bus Type Two PCI NetFlx-3 10/100 NICS replaces two EISA Netflx-3 10/100 for this - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 17
base system is higher because the HTTP daemon supports the switch for no DNS Lookups and FTP Setting the MaxRecieve buffers for the NetFlx-3 NIC cards to 500 represented by Run #7 and virtual client runs. Processor In Run #9, a Pentium Pro 200 MHZ-512 cache processor was added to the base system. - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 18
more than 10Mb per second please refer to the Other Systems and Configurations subsection and Test Results with HTTP Only section. 100 Firewall Rules Run the standard protocols found in the SERVICES file. The reasons for the decline is that the FTP daemon does not support caching of the rules so each - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 19
S2-Array EISA-R0-1D, S2-Array PCI-R04D Full System Run #11 adds a Pentium Pro 200-512K cache processor, 256 MB RAM, sets MaxRecieve buffers for NetFlx-3 cards to 500, changes to PCI bus for NIC cards, and sets DNS Lookups for HTTPD off. Adding these features together shows, the combined performance - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 20
Test Configurations of the Firewall. Runs #16, #17, and #18 in TPM 1100 1000 900 800 700 600 500 400 300 200 100 0 Prosignia 500, P120 Proliant 800, PP200, 256C Proliant 4500, P133 1 12 24 32 36 48 56 72 Virtual Clients Graph 7: ProSignia 500, ProLiant 800, ProLiant 4500 The low-end server, the - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 21
278A/0497 WHITE PAPER (cont.) ... Base Run The base system, test run 1, consists of the ProLiant 5000 system, 1Pentium Pro 200 MHz, 512 cache processor, 64Mb RAM, 2-EISA NetFlx-3 10/100, PCI S2-Array Controller Raid 0, 1 SCSI Disk, MaxReceive Buffers is 100, HTTPD cache is on, DNS Lookups for - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 22
278A/0497 WHITE PAPER (cont.) ... 100 Rules Run #22 applies 100 rules to the firewall rule set to show the decrease in performance. Graph 10 displays the decrease in performance. Run #22 in TPM 2400 2100 1800 1500 1200 900 600 300 0 1 12 24 32 36 48 56 72 Virtual Clients HTTP Only Base Run - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 23
as the load increases. Increasing memory adds slight performance increases. The for both HTTP/FTP and HTTP only transfers. Software configurable tests with HTTP Cache on drew expected increases in performance As a result, using Compaq servers and adding specific hardware and software components can - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 24
# forward_to # authority testbed.com # authority 127.in-addr.arpa 10.10.10.in-addr.arpa # inside_interface 127.0.0.1 # inside_interface 10.10.10.50 %systemroot%\system32\drivers\etc\hosts.pub 11.11.11.50 aaa.testbed.com aaa 11.11.11.2 11.11.11.3 11.11.11.4 client06.testbed.com client07 - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 25
278A/0497 WHITE PAPER (cont.) ... APPENDIX B Run1 Users URLS 1 100 12 1200 24 2400 32 3200 36 3600 48 4800 60 6000 72 7200 Run2 1 100 12 1200 24 2400 32 3200 36 3600 48 4800 60 6000 72 7200 Run3 1 100 12 1200 24 2400 32 3200 36 3600 48 4800 60 6000 - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 26
278A/0497 WHITE PAPER (cont.) ... Run9 Run10 Run11 Run12 Run13 Run14 Run15 Run16 26 Users 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 URLS 100 1200 2400 - HP ProLiant 1000 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 27
278A/0497 WHITE PAPER (cont.) ... Run17 Run18 Run19 Run20 Run21 Run22 Users 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 1 12 24 32 36 48 60 72 URLS 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200
W
HITE
P
APER
1
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
278A/0497
April 1997
Prepared By
Intranet/Groupware
Solutions Group
Compaq Computer
Corporation
C
ONTENTS
Introduction
.....................
3
Executive Summary
..........
3
Benchmark Tools
.............
3
NSTL Methodology
of Internet Firewalls
.........
4
Configuration
........................
4
Test Bed Setup
.....................
7
Hardware and
Software Tuning
Characteristics
...............
10
Hardware Characteristics
.....
10
Software Characteristics
......
11
Base System
.......................
12
Test Configurations
of the Firewall
................
13
Evaluation of
Results
.........................
14
Tests results with HTTP
and FTP Transactions
..........
14
Tests Results
with HTTP Only
...................
20
Conclusions
...................
23
Appendix A
....................
24
Appendix B
....................
25
Performance Analysis and Tuning of
Raptor’s Eagle NT 3.06 Firewall on
Compaq Servers
As firewalls make their mark as a security measure used to protect intranetworks, it is
not clear what is lost from network performance when security is implemented. Today,
the lack of multi-protocol benchmark tools makes it difficult to determine network
performance through firewalls. Since few tools are available and most are used to
determine http performance, determining the loss of network performance and what
can be done to improve it remains difficult.
This paper looks at performance of firewalls using Raptor’s Eagle NT 3.06 product on
Compaq servers, and the popular protocols ftp and http. It answers questions about
the level of hardware needed to address capacity planning, software tuning
parameters for the system and firewall, and what to expect in performance gains and
losses while incorporating a secure environment for internet connections.