| BMF - Hardware | |
| Processor | Intel Core Duo 2 x 2.13Ghz |
| Motherboard | Intel DG965WH Westchester |
| RAM | 1GB |
| NIC 1 | Intel PRO/1000 PT Server Adapter, it is interface to server |
| NIC 2 | Intel 82566DC Gigabit Adapter - Built-in on motherboard, it is interface to client |
| BMF - Software |
| Windows Vista 32-bit, Service Pack 1 |
| Build-in router - routing table |
| BMF 2.1.3 |
| BMF Configuration is on NIC 1 |
This test shows high speed packet filtering and NAT implemented in BMF.
The test was done on three machines connected with cross-over ethernet cable. In
the middle machine is installed BMF. First edge W2K3 machine runs testing
application configured like server and second edge W2K3 machine runs testing
application configured like client configured with many IP addresses to open
predetermined number of TCP connections to the server. Every opened TCP
connection transfers maximum possible amount of data in both directions through
middle machine with installed BMF. Middle machine is Windows Vista 32-bit
configured like router with help of built-in routing table, no routing software
is used. Measurement was done with help of Windows built-in tool Performance Monitor. On
the bottom of perfmon window is described counter type displayed on the graphs.
In case of speed there is also "scale". Number on vertical y-axis must be
divided by scale to retrieve measured value in Bytes/sec. Average measured value is already
calculated and displayed under graph in units: Bytes/sec.
Every network software which does packet filtering can have impact to overall
network speed and processor load. In BMF are important three factors: number of
filters, enabled or disabled TCP inspection/NAT and bandwidth of network.
BMF filter corresponds to one or more computers in real network. Every BMF filter
can permit from 1 to X TCP connections by it's configuration. I our test there
was used filtering by source IP address.
Test results:
| Number of TCP connections | Number of filters | NAT | TCP inspection | Processor0 [%] | Processors1 [%] | Speed [Mbit/s] |
| 200 | BMF is not installed | 7 | 64 | 1400 | ||
| 200 | 200 | 93 | 96 | 1130 | ||
| 200 | 0 | x | x | 95 | 75 | 1260 |
| 200 | 200 | x | x | 70 | 94 | 912 |
| 200 | 200 | x | 97 | 94 | 992 | |
| Number of TCP connections | Number of filters | NAT | TCP inspection | Processor0 [%] | Processors1 [%] | Speed [Mbit/s] |
| 500 | BMF is not installed | 46 | 48 | 1360 | ||
| 500 | 500 | 97 | 98 | 632 | ||
| 500 | 0 | x | x | 95 | 70 | 1100 |
| 500 | 500 | x | x | 92 | 92 | 528 |
| 500 | 500 | x | 97 | 98 | 576 | |
| Number of TCP connections | Number of filters | NAT | TCP inspection | Processor0 [%] | Processors1 [%] | Speed [Mbit/s] |
| 1000 | BMF is not installed | 46 | 48 | 952 | ||
| 1000 | 500 | 80 | 96 | 552 | ||
| 1000 | 0 | x | x | 68 | 91 | 800 |
| 1000 | 500 | x | x | 95 | 98 | 494 |
| 1000 | 500 | x | 97 | 98 | 525 |
Comment:
Real maximal
number of filters in configuration is depending on power of CPU, network cards
hardware and network speed. With our hardware configuration we reached limit
about 500 filters on
Gigabit network. To reach higher number of filters on Gigabit network with
contemporary BMF version there should be quicker CPU. If BMF is used on Fast
ehernet (100Mbit) then number of filters can be higher.
CPU must to search right filter for every packet so with higher speed there is
needed higher number of searches.
Graphs
Because of we want to know how BMF impacts overall speed and CPU load we first measured it without installed BMF. Graphs demonstrates power of Windows Vista built-in router. With increasing number of TCP connections there was decreasing of network speed.
TCP connections: 200
Average speed: 1.4Gbit
BMF is not installed.
TCP connections: 500
Average speed: 1.36Gbit
BMF is not installed.
TCP connections: 1000
Average speed: 952Gbit
BMF is not installed.
Results for 200 TCP connections and BMF configuration: TCP inspection, NAT, 200 filters:
TCP connections: 200
Average speed: 1.13Gbit
BMF configuration: 200 filters with unlimited bandwidth.
TCP connections: 200
Average speed: 1.26Gbit
BMF configuration: Firewall NAT
TCP connections: 200
Average speed: 992Mbit
BMF configuration: Firewall TCP inspection and 200 filters with unlimited
bandwidth:
TCP connections: 200
Average speed: 912Mbit
BMF configuration: Firewall NAT and 200 filters with unlimited bandwidth:
TCP connections: 200
Average speed: 736Mbit
BMF configuration: Firewall NAT, 200 filters with limited bandwidth 4Mbit on
every filter.
Results for 500 TCP connections and BMF configuration: TCP inspection, NAT, 500 filters:
TCP connections: 500
Average speed: 632Mbit
BMF configuration: 500 filters with unlimited bandwidth
TCP connections: 500
Average speed: 1.1Gbit
BMF configuration: Firewall NAT
TCP connections: 500
Average speed: 576Mbit
BMF configuration: Firewall TCP inspection and 500 filters with unlimited
bandwidth
TCP connections: 500
Average speed: 528Mbit
BMF configuration: Firewall NAT, 500 filters with unlimited bandwidth
TCP connections: 500
Average speed: 405Mbit
BMF configuration: Firewall NAT, 500 filters with limited bandwidth 1Mbit on
every filter
Results for 1000 TCP connections and BMF configuration: TCP inspection, NAT, 500 filters:
TCP connections: 1000
Average speed: 552Mbit
BMF configuration: 500 filters with unlimited bandwidth
TCP connections: 1000
Average speed: 800Mbit
BMF configuration: Firewall NAT
TCP connections: 1000
Average speed: 525Mbit
BMF configuration: Firewall TCP inspection and 500 filters with unlimited
bandwidth
TCP connections: 1000
Average speed: 494Mbit
BMF configuration: Firewall NAT, 500 filters with unlimited bandwidth
This test was executed in cooperation with Zdeno Smondrk - external assistant of monthly magazine PC REVUE, Slovak Republic.