HP ProSignia 720 Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir
HP ProSignia 720 Manual
View all HP ProSignia 720 manuals
Add to My Manuals
Save this manual to your list of manuals |
HP ProSignia 720 manual content summary:
- HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 1
HTTP Only 20 Conclusions 23 Appendix A 24 Appendix B 25 278A/0497 ... Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Firewall on Compaq Servers As firewalls make their mark as a security measure used to protect intranetworks, it is not clear what is lost from network performance when - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 2
products other than its own strictly as stated in Compaq product warranties. Compaq, ProLiant, and SmartStart, registered United States Patent and Trademark Office. Netelligent and ProSignia are trademarks and/or service marks of Compaq Computer Corporation. Other product names mentioned herein may - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 3
, bus architecture, drive controller, network speed, Raptor's Eagle NT 3.06 HTTP Cache and DNS Lookup switches, the firewall rule base with 100 rules, and NetFlx-3 MaxRecieve buffers. From the sets of test run, the following performance summary resulted: • For hardware configurable tests, upgrading - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 4
data can also be collected, such as throughput in bits per second. The benchmark itself uses a client/server architecture, and each client runs a configuration file that tells it which server to connect to, how long to maintain the connection, and which URLs to fetch. WebBench WebBench reports two - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 5
. Internal networks reside in the private area. • DMZ - the network area unsecured by the firewall. Usually Internet servers are located here such as Web Servers, News Servers, DNS Servers, FTP Servers, etc. • Hostile Zone - or public area, is the cloud of the Internet or the outside network. NSTL - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 6
Virtual clients are administered from one of the physical clients known as the control machine. Each virtual client makes 100 request for FTP GET and HTTP GET transfers to the 6 virtual servers. HTTP/CGI requests were also available but not used because HTTP/CGI requests could skew the totals due to - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 7
Software for client machines server01 - server06 ProLiant 2000, 2Pentium/90, 32 MB RAM, 1 EISA NetFlx-3 10/100 NIC, ON BOARD SCSI, 2 GB Drive Windows NT 4.0 Server, Service Pack2 Microsoft IIS 3.0 configured with FTP and HTTP Table 3: Client and Server Hardware Makeup Eagle NT 3.06 Firewall - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 8
of the firewall for the base system. Machine Hardware OS Software firewall01 ProLiant 5000, 64 MB RAM, 1-Pentium PRO 200/512K cache, 2 EISA NetFlx-3 10/100 NICs, PCISmart-2 Ctrl, 1-2 GB Drive Windows NT 3.51 Server, Service Pack 5 Raptor's Eagle NT 3.06 firewall software and Hawk GUI. Table - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 9
depending on the rule set. HTTP transfers from the outside to the inside must be directed to the firewalls outside interface. If an inside HTTP server has been configured as in Screen 2, the firewall checks the rule base to ensure that traffic is allowed to pass, then makes a connect request to - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 10
Characteristics The various hardware options used in the tests are described below. Each hardware configuration change made was re-configured using the Compaq system partition utilities found by pressing the F10 key during the system bootup process. Processor Processor Pentium Pro Uni and Dual - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 11
WHITE PAPER (cont.) ... RAM RAM MB 32 64 128 256 Bus Subsystem Bus Type - EISA and PCI Compaq NetFlx-3 10/100 card Compaq S2-Array Controller card Drive Controller / Disks Drive Controller Disks Compaq S2Array Controller PCI Raid 0 - No Fault Tolerant, 1 and 5 disks, Pagefile size = 200 - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 12
all HTTP rules are disabled. This is not usually a problem. Since HTTP traffic is so bursty by nature, even the Compaq Netelligent 10/100TX Network Controller to 500. (The default is 100.) • Specifies the maximum number of receive lists the driver allocates for receive frames Base System • ProLiant - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 13
on/on/4 14 PP200,512c 64 EISA 1/S2-A,PCI 100 100 on/on/*100 15 PP200,512c 64 EISA *5/S2-A, PCI 100 100 on/on/4 Runs 16, 17, 18 listed in the table below are for the Compaq ProSignia 500, ProLiant 800, and ProLiant 4500 respectively. These runs were done to show differences between - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 14
to HTTP only tests. These tests are done on the ProLiant 5000. Test 19 is considered as a base system for 100 100 on/on/4 20 PP200,512c 64 EISA ON BOARD 100 100 on/*off/4 21 PP200,512c 64 EISA ON BOARD 100 100 *off/on/4 22 PP200,512c 64 EISA ON BOARD 100 100 on/on/*100 - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 15
ProLiant and ProSignia systems and was run to show performance on lower-end systems. Base System The base system, test run 1, consists of the ProLiant is displayed in Graph 1. Base Run- Run #1 1100 1000 900 800 TPM 700 600 500 400 300 200 100 0 1 12 24 32 36 48 Number of Virtual - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 16
PAPER (cont.) ... R un #2 and #3 in T PM 1100 1000 900 800 700 600 500 400 300 200 100 0 1 12 24 32 36 48 56 72 V irtual C lients -3 10/100 NICS replaces two EISA Netflx-3 10/100 for this test. The graph of this run is displayed in Graph 3. 1100 1000 900 800 700 600 500 400 300 200 100 0 Run - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 17
TPM difference increase from the base system is higher because the HTTP daemon supports the switch for no DNS Lookups and FTP currently does not. Please added to the base system. Review Graph 4 below for results. 1100 1000 900 800 700 600 500 400 300 200 100 0 Run #9 in TPM 1 12 24 32 36 48 56 72 - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 18
The overall performance decrease by using 100 rules, was 16% from the base system. These rules included adding user-defined protocol as well as most of the standard protocols found in the SERVICES file. The reasons for the decline is that the FTP daemon does not support caching of the rules so each - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 19
DNS Lookups for HTTPD off. Adding these features together shows, the combined performance enhancements. Refer to Graph 6 for the results. 1100 1000 900 800 700 600 500 400 300 200 100 0 1 Run #11 in TPM 12 24 32 36 48 56 72 V irtual C lients Base Run Full System Graph 6: Full System The - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 20
#16, #17, and #18 in TPM 1100 1000 900 800 700 600 500 400 300 200 100 0 Prosignia 500, P120 Proliant 800, PP200, 256C Proliant 4500, P133 1 12 24 32 36 48 56 72 Virtual Clients Graph 7: ProSignia 500, ProLiant 800, ProLiant 4500 The low-end server, the ProSignia 500, had an overall average of - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 21
(cont.) ... Base Run The base system, test run 1, consists of the ProLiant 5000 system, 1Pentium Pro 200 MHz, 512 cache processor, 64Mb RAM, 2-EISA NetFlx-3 10/100, PCI S2-Array Controller Raid 0, 1 SCSI Disk, MaxReceive Buffers is 100, HTTPD cache is on, DNS Lookups for HTTPD is on, and 100Mb - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 22
from the base at 72 virtual clients. The percent failure is 0.0% for all sets of virtual clients. This decrease in performance with a rule set of 100 rules is expected because of the extra time needed to ensure that all packets passed through the firewall system meet the security requirements of the - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 23
by using a firewall and should notice that there is a performance hit in using a firewall for any environment. As a result, using Compaq servers and adding specific hardware and software components can reduce this performance hit dramatically while increasing overall performance of the firewall for - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 24
278A/0497 WHITE PAPER (cont.) ... APPENDIX A DNS hosts and host.pub files for Raptors Eagle NT 3.06 firewall setup. %systemroot%\system32\drivers\etc\hosts 10.10.10.50 aaa.testbed.com aaa 10.10.10.1 10.10.10.2 10.10.10.5 10.10.10.4 10.10.10.6 client01.testbed.com client02.testbed.com - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 25
1200 24 2400 32 3200 36 3600 48 4800 60 6000 72 7200 Run7 1 100 12 1200 24 2400 32 3200 36 3600 48 4800 60 6000 72 7200 Run8 1 100 12 1200 24 2400 32 3200 36 3600 48 4800 60 6000 72 7200 25 TPM 300.26 589.78 577 - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 26
1 12 24 32 36 48 60 72 URLS 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200 - HP ProSignia 720 | Performance Analysis and Tuning of Raptor's Eagle NT 3.06 Fir - Page 27
24 32 36 48 60 72 URLS 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200 100 1200 2400 3200 3600 4800 6000 7200 27
W
HITE
P
APER
1
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
278A/0497
April 1997
Prepared By
Intranet/Groupware
Solutions Group
Compaq Computer
Corporation
C
ONTENTS
Introduction
.....................
3
Executive Summary
..........
3
Benchmark Tools
.............
3
NSTL Methodology
of Internet Firewalls
.........
4
Configuration
........................
4
Test Bed Setup
.....................
7
Hardware and
Software Tuning
Characteristics
...............
10
Hardware Characteristics
.....
10
Software Characteristics
......
11
Base System
.......................
12
Test Configurations
of the Firewall
................
13
Evaluation of
Results
.........................
14
Tests results with HTTP
and FTP Transactions
..........
14
Tests Results
with HTTP Only
...................
20
Conclusions
...................
23
Appendix A
....................
24
Appendix B
....................
25
Performance Analysis and Tuning of
Raptor’s Eagle NT 3.06 Firewall on
Compaq Servers
As firewalls make their mark as a security measure used to protect intranetworks, it is
not clear what is lost from network performance when security is implemented. Today,
the lack of multi-protocol benchmark tools makes it difficult to determine network
performance through firewalls. Since few tools are available and most are used to
determine http performance, determining the loss of network performance and what
can be done to improve it remains difficult.
This paper looks at performance of firewalls using Raptor’s Eagle NT 3.06 product on
Compaq servers, and the popular protocols ftp and http. It answers questions about
the level of hardware needed to address capacity planning, software tuning
parameters for the system and firewall, and what to expect in performance gains and
losses while incorporating a secure environment for internet connections.