HP-UX IPFilter Performance White Paper

Inbound TCP Throughput Test Results with Varying Ruleset

Sizes

HP tested TCP Streams inbound throughput with ruleset sizes ranging from 100 to 5000 rules. Each

ruleset forced IPFilter to read every rule in the ruleset. The rulesets have the following contents:

filter in from non-matching_address to any pass

filter in from matching_address to any pass

Where non-matching_address is an IP address that does not match the IP address of the sending

system, and matching_address is the IP address of the sending system.

The packet size was 8192 bytes.

Figure 10 and Table 10 show the results of these tests.

Figure 10 Effect of Ruleset Size on Inbound TCP Throughput

Inbound TCP Throughput, 100 - 5000 Rules

100

200

300

400

500

600

700

800

900

1000

(No IPFilter) 100 250 500 1000 1500 2000 2500 3000 4000 5000

Number of Rules

Throughput (Mbps)

Table 10 Effect of Ruleset Size on Inbound TCP Throughput

Number of Rules

Throughput

(Mb/s)

Decrease (Compared to System without

IPFilter Installed)

0 (No IPFilter

installed) 942.39 n/a

100 934.96 0.79%

250 929.48 1.37%

500 930.99 1.20%

1000 917.02 2.70%

1500 892.83 5.26%

2000 829.32 12%

2500 766.99 18.61%