Manualshelf

HP-UX IPFilter Version 16 Performance White Paper

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
12345678910
4
Outbound TCP (MAERTS) Tests
The netperf TCP MAERTS tests also measure unidirectional transmission of TCP data without
connection establishment time. The measurements indicate performance for processing outbound
packets. IPFilter is installed and configured on the sending system.
This document includes the following data from TCP MAERTS tests:
Outbound TCP Throughput
The data transfer rate, expressed in Mb/s.
Outbound TCP CPU Utilization
The percentage of CPU capacity used.
TCP Connect, Request, and Response (CRR) Transaction Tests
The netfperf connect, request, and response (CRR) tests provide performance data for TCP
transactions. Each transaction consists of the following events:
The netperf client and server establish a TCP connection
The netperf client sends a request to the server
The netserver server sends a response to the client
HP measured CRR performance with 1-byte request and response packets.
This document includes the following data from TCP CRR tests, as measured on the responder
(netserver) system:
CRR Transaction Rate
The number of CRR transactions per second.
CRR CPU Utilization
The percentage of the system CPU capacity used on the responder.
Summary of Test Results
When IPFilter is installed but no rules are configured, the effect on throughput and transaction rates is
negligible (averaging less than 1%). The average increase in CPU utilization with IPFilter installed and
no rules configured is less than 4%.
When used with 1GigE links, HP-UX IPFilter has a negligible effect on network throughput; inbound
and outbound throughput decreases by less than 1% on a system with IPFilter rules configured
compared to systems without IPFilter installed.
With 10GigE links, results for IPFilter version 16 results are significantly better than for previous
IPFilter versions. Results show that IPFilter has a negligible (less than 1%) effect on outbound
throughput.
IPFilter also has a minimal effect on inbound 10GigE network throughput when Large Receive Offload
(LRO) is enabled. This 10GigE driver feature reassembles inbound packets for TCP connections and is
enabled by default. With LRO, IPFilter decreases inbound throughput by less than 1% for stateless
IPFilter rules, and by 3.19% for stateful rules.
When IPFilter is used with 10GigE but LRO is disabled, inbound throughput decreases by 12.58%;
with stateless IPFilter rules, inbound throughput decreases by 32.38%.
Configuring IPFilter rules can affect system performance, as measured by CPU utilization rates.
However, note that the primary goal of netperf tests is to determine maximum throughput by
saturating the network. In real-world deployments, network usage rates are likely to be lower than