HP-UX IPFilter Version 16 Performance White Paper
3
IPFilter Configuration
The IPFilter version was A.11.31.16. HP performed the performance tests on systems with the
following IPFilter configurations:
No IPFilter
No IPFilter installed
No rules
IPFilter installed and enabled (the IPFilter modules are added to the network interface stream), but
no IPFilter rules are configured
Stateless rules
IPFilter installed with stateless rules configured. The rules were as follows:
pass in proto tcp from any to any
pass in proto udp from any to any
pass in proto icmp from any to any
pass out proto tcp from any to any
pass out proto udp from any to any
pass out proto icmp from any to any
Stateful rules
IPFilter installed with rules configured. The rules were as follows:
pass in proto tcp from any to any keep state
pass in proto udp from any to any keep state
pass in proto icmp from any to any keep state
pass out proto tcp from any to any keep state
pass out proto udp from any to any keep state
pass out proto icmp from any to any keep state
Configuration of netperf
HP used the netperf utility to measure performance. The main components of netperf are the
netperf client program and netserver server program. The netperf program runs on the local
system and sends and receives network packets to and from the netserver program, which runs on
a remote system.
The send and receive socket sizes were 256 KB for all tests. HP measured performance using varying
packet sizes, as indicated in the test results.
Inbound TCP (Streams) Tests
The netperf TCP Streams tests measure unidirectional transmission of TCP data and do not
include connection establishment time. The measurements indicate performance for processing
inbound packets. IPFilter is installed and configured on the receiving system.
This document includes the following data from TCP Streams tests:
Inbound Throughput
The data transfer rate, expressed in Mb/s.
Inbound CPU Utilization
The percentage of CPU capacity used.