Hi, I am trying to use Zorp. Would like to get some more details about the performance of Zorp and connection setup rates. I see the web-proxy throughput mentioned in the file Zorp2.pdf. What i am looking for immediately are: - Number of TCP connections Zorp can handle per second in a Pentium-3 or similar type of desktop. - Similarly, Number of SSL connections per second Would appreciate your input on any performance related information on Zorp. Thanks in advance. Happy New Year to you all. cheers, Elwin. ===== __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/
On Tue, 2003-12-30 at 21:37, Elwin Eliazer wrote:
Hi,
I am trying to use Zorp. Would like to get some more details about the performance of Zorp and connection setup rates.
I see the web-proxy throughput mentioned in the file Zorp2.pdf.
Those numbers are the results of labor testing and as we all know (except for the marketing guys :) labor tests never really measure real life. We used "ab" (apachebench, bundled in Apache webservers) to generate HTTP requests through router/packet filter+NAT/Zorp to a custom web server (not really a webserver, it is just a program which understands HTTP and returns static content). Our results clearly indicate that session startup time is much worse than for packet filters but as soon as the proxies start running throughput is quite good when the number of parallel sessions stabilize (ie. not many new/closing connections)
What i am looking for immediately are:
- Number of TCP connections Zorp can handle per second in a Pentium-3 or similar type of desktop.
Speaking about real life, we are using Zorp in the following scenario: - about 10000 users - Four Pentium IV Xeon 2.4Ghz, 2GB RAM, SCSI disks - load balancing equipment to balance load accross the four firewall boxes - mail traffic is relayed (this results in lots of disk I/O) - about 15GB log each day The system is stable for about 100MBits of Internet traffic (95% HTTP sessions), about 30000-40000 sessions/minute. It is important to note that Zorp supports HTTP keep-alive, therefore the number of connections is lower than the number of URLs fetched. We tried to overload a single box just to see where the limits of a single box configuration is, with a widespread e-mail virus active at the time, it could handle about 16000 connections per minute. I think without the load generated by the mail system (postfix) we could achieve 18000-20000 connections per minute. As we profiled and tuned the system for a couple of weeks I'm confident that about 90% of the load is caused by session startup/teardown.
- Similarly, Number of SSL connections per second
We don't really have similar, real-life performance numbers for SSL. Zorp uses openssl and as such it is a possibility to use crypto accelerator cards, though this is currently not supported (because of the lack of customer demand).
Would appreciate your input on any performance related information on Zorp.
We are currently evaluating a technology that could increase our performance even more, using a custom kernel module. In our experience these kernel extensions can increase proxy throughput significantly. (copying files from kernel space is about ten times faster than doing the same in userspace). I think raw throughput (e.g. without the proxy startup time) can be increased by 100%. If you provided some more information about your actual scenario, we could probably help you more. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
On Thu, 2004-01-01 at 20:37, Balazs Scheidler wrote:
Speaking about real life, we are using Zorp in the following scenario: - about 10000 users - Four Pentium IV Xeon 2.4Ghz, 2GB RAM, SCSI disks
Here I mean: four pieces of dual Pentium IV Xeon -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
participants (2)
-
Balazs Scheidler
-
Elwin Eliazer