Manualshelf

HP-UX IPFilter Performance White Paper

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
12345678910
2
Introduction
IPFilter filters IP packets by reading the network protocol headers and comparing the values to a set of
user-configured rules. Based on these rules, IPFilter either passes or drops the packet. Because IPFilter
only reads the protocol headers, the size of an IP packet does not affect the speed at which IPFilter
processes the packet, and IPFilter incurs the same overhead for an IP packet regardless of packet size.
Packet size has little effect on IPFilter throughput.
Configuration
This section describes the configuration for the performance tests.
System Configuration
The test systems had identical configurations. The relevant configuration items are as follows:
HP Integrity rx2660 Server
2-way with dual-core CPUs
1.595 GHz Itanium® processors
6121 MB RAM
HP-UX 11i version 2 update 2
Note: HP performed a subset of the tests on HP-UX 11i v3 and obtained similar results.
PCI 10 Gigabit Ethernet interface on a private LAN
IPFilter Configuration
The IPFilter version was A.11.23.15.01. HP performed the performance tests on systems with the
following IPFilter configurations:
No IPFilter installed
IPFilter installed without rules configured
IPFilter installed with rules configured. The rules were as follows:
pass in proto tcp from any to any keep state
pass in proto udp from any to any keep state
pass in proto icmp from any to any keep state
pass out proto tcp from any to any keep state
pass out proto udp from any to any keep state
pass out proto icmp from any to any keep state
HP also measured how the number of rules in a ruleset affected IPFilter throughput; the rulesets used
for these tests are described in “Inbound TCP Throughput Test Results with Varying Ruleset Sizes.”
Configuration of netperf
HP used the netperf utility to measure performance. The main components of netperf are the
netperf client program and netserver server program. The netperf program runs on the local
system and sends and receives network packets to and from the netserver program, which runs on
a remote system.
The send and receive socket sizes were 32768 bytes for all tests. HP measured performance using
varying message sizes, as indicated in the test results.