Chapter 4. Tuning the operating system 133
Draft Document for Review May 4, 2007 11:35 am 4285ch04.fm
4.7.6 Performance impact of Netfilter
As Netfilter provides TCP/IP connection tracking and packet filtering capability (refer to
“Netfilter” on page 29), in certain circumstances it may have a large performance impact. The
impact is clearly visible when the number of connection establishments is high. Figure 4-18
and Figure 4-19 show benchmark results with large and small connection establishments
counts. The results clearly illustrate the effect of the Netfilter.
When no Netfilter rule is applied (Figure 4-18), the result shows quite similar performance
characteristics to a benchmark that connection establishment rarely occurs (refer to the left
chart of Figure 4-14 on page 125) while absolute throughput still differs because of
connection establishment overhead.
Figure 4-18 No Netfilter rule applied
However, when filtering rules are applied, relatively inconsistent behavior can been seen
(Figure 4-19).
Figure 4-19 Netfilter rules applied
TCP_CRR benchmark
0
500
1000
1500
2000
2500
3000
3500
4000
4500
1024 2048 4096 8192 16384 32768 65536 131070 262144
remote send socket size
trans rate per sec
1
16
128
1024
1460
4096
16384
32768
65536
131072
Data size
(bytes)
TCP_CRR benckmark
0
500
1000
1500
2000
2500
3000
3500
4000
4500
1 16 128 1024 1460 4096 16384 32768 65536 131072
receive data size
tran rate
1024
2048
4096
8192
16384
32768
65536
131070
262144
524288
Socket size
(bytes)
TCP_CRR benchmark
0
500
1000
1500
2000
2500
3000
3500
4000
1024 2048 4096 8192 16384 32768 65536 131070 262144
remote send socket size
trans per sec
1
16
128
1024
1460
4096
16384
32768
65536
131072
Data size
(bytes)
TCP_CRR banchmark
0
500
1000
1500
2000
2500
3000
3500
4000
1 16 128 1024 1460 4096 16384 32768 65536 131072
receive data size
trans per sec
1024
2048
4096
8192
16384
32768
65536
131070
262144
524288
Socket size
(bytes)
