IBM REDP-4285-00 Manual De Usuario
Chapter 4. Tuning the operating system
133
Draft Document for Review May 4, 2007 11:35 am
4285ch04.fm
4.7.6 Performance impact of Netfilter
As Netfilter provides TCP/IP connection tracking and packet filtering capability (refer to
“Netfilter” on page 29), in certain circumstances it may have a large performance impact. The
impact is clearly visible when the number of connection establishments is high. Figure 4-18
and Figure 4-19 show benchmark results with large and small connection establishments
counts. The results clearly illustrate the effect of the Netfilter.
“Netfilter” on page 29), in certain circumstances it may have a large performance impact. The
impact is clearly visible when the number of connection establishments is high. Figure 4-18
and Figure 4-19 show benchmark results with large and small connection establishments
counts. The results clearly illustrate the effect of the Netfilter.
When no Netfilter rule is applied (Figure 4-18), the result shows quite similar performance
characteristics to a benchmark that connection establishment rarely occurs (refer to the left
chart of Figure 4-14 on page 125) while absolute throughput still differs because of
connection establishment overhead.
characteristics to a benchmark that connection establishment rarely occurs (refer to the left
chart of Figure 4-14 on page 125) while absolute throughput still differs because of
connection establishment overhead.
Figure 4-18 No Netfilter rule applied
However, when filtering rules are applied, relatively inconsistent behavior can been seen
(Figure 4-19).
(Figure 4-19).
Figure 4-19 Netfilter rules applied
TCP_CRR benchmark
0
500
1000
1500
2000
2500
3000
3500
4000
4500
1024
2048
4096
8192
16384
32768
65536
131070 262144
remote send socket size
tr
a
n
s r
a
te
p
e
r sec
1
16
128
1024
1460
4096
16384
32768
65536
131072
16
128
1024
1460
4096
16384
32768
65536
131072
Data size
(bytes)
(bytes)
TCP_CRR benckmark
0
500
1000
1500
2000
2500
3000
3500
4000
4500
1
16
128
1024
1460
4096
16384
32768
65536 131072
receive data size
tr
a
n
r
a
te
1024
2048
4096
8192
16384
32768
65536
131070
262144
524288
2048
4096
8192
16384
32768
65536
131070
262144
524288
Socket size
(bytes)
(bytes)
TCP_CRR benchmark
0
500
1000
1500
2000
2500
3000
3500
4000
1024
2048
4096
8192
16384
32768
65536
131070 262144
remote send socket size
tr
an
s p
e
r sec
1
16
128
1024
1460
4096
16384
32768
65536
131072
16
128
1024
1460
4096
16384
32768
65536
131072
Data size
(bytes)
(bytes)
TCP_CRR banchmark
0
500
1000
1500
2000
2500
3000
3500
4000
1
16
128
1024
1460
4096
16384
32768
65536 131072
receive data size
tr
an
s p
e
r sec
1024
2048
4096
8192
16384
32768
65536
131070
262144
524288
2048
4096
8192
16384
32768
65536
131070
262144
524288
Socket size
(bytes)
(bytes)