Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
201202203204205206207208209210
Performance Guidelines
Traffic
Appendix C 189
Traffic
To manage IPFilter for optimal system performance:
Keep the state entries at a manageable level. Many state entries
require many CPU cycles to process them. Too many state entries
can cause noticeable degradation on a system.
Keep packet searches on rulesets as short as possible. On a 750-MHz
PA-RISC system, a 1000 to 2000 rule search is acceptable. If IPFilter
traffic is light, a 5000 rule search is the recommended maximum.
The optimal number of rules is dependent on your specific operating
environment, including factors such as type of rules and amount of
traffic.
Keep IPFilter traffic at a manageable level. Do not run at peak load
all the time. Keep the average CPU usage rate at around 60% to
accommodate unexpected peak loads. At peak load times the system
compensates with schemes such as dropping packets. However, it is
never a good idea to push a system beyond its intended capacity.