Does the filter function affect the performance of the router?

With the development of the routing industry, its application is also very extensive, so I have studied the impact of the filter function in the router settings on the performance of the router. Here I will share with you, I hope it will be useful to you. To what extent does the filter function affect the router setting performance? This is a topic that many people are interested in.

For testers, they all want to perform similar tests after basic performance tests to provide test reports that are closer to actual use. In previous tests, the online world evaluation lab has made many attempts, this is a public comparison test of low-end routers in NetworkWorld. they measure the impact of the data packet filtering function on the performance of the router. Vrouters on the market today generally support data packet filtering. The data packet filtering function is generally used for the following work:

Of course, the user does not apply a router to replace the firewall. However, the tester believes that this data packet filtering function is very important for vro settings. Therefore, the test focuses on the impact of the data packet filtering function on the Performance of vro settings. In this test, each manufacturer uses a pair of router settings of the same model which are connected by two T-1 interfaces using the adapter cable. Product Configuration (with two T-1 lines and two Ethernet interfaces of the router) can be considered as the most common situation of enterprise router settings. When determining the impact of the filtering function on the performance of such devices, the tester starts from never enabling the data filtering function (baseline test), and then adds more and more data packet filtering conditions before testing.

In all tests, the tester connected SmartBits to two Ethernet interfaces on each router and connected the T-1 interface using a WAN crossover cable. In the baseline test, they sent data streams based on The SmartBits configuration in the bidirectional partial mesh structure described in RFC2889. Measured throughput and average and maximum latency of 60 seconds. They repeat this test using 64, 256, and 1518 bytes of Ethernet frames of UDP/IP packets.

In the test of the filter function, they provided the same data stream as the test on the baseline, but configured the tested router with different data packet filtering rules. The test was repeated with 8, 16, 64, and 256 packet filtering rules. They chose different filters to check whether the router settings can be checked according to the increasing rules. During the test, they selected common filtering conditions, including source and destination IP addresses, protocols, and TCP and UDP port numbers. The tester asked the vendor to set the final data packet filtering rule to allow the test data flow to pass, and forced the router to set a circular traversal of the entire data packet filtering table. The vendor has also enabled the log function, so the tester can learn how many packets "hit" each rule.

According to the test results, the throughput test results of some access routers that depend on ASIC are not much different, but the devices using traditional CPU and software architecture have a great impact. Compared with the throughput test results, the tester pays more attention to the results of the latency test. The test results do not only show that the performance of products using general CPU and software is degraded after the data packet filtering function is enabled, similarly, the performance of some Access Router configurations using ASIC is also affected after the feature is enabled.

The tester believes that latency is a more important indicator than throughput. Low and sustained latency is not only important for voice and video applications, but also for applications that care about response time, such as TCP data streams. Due to TCP requirements for timely data validation, delay may cause re-transmission or session loss. In addition, this test records the average latency and maximum latency of data packets, because for devices, although the latency of most data packets is near the average latency, there are very few data packets with a very large latency, it will also have a great impact on some sensitive applications. In addition, one interesting thing in this test is that a vendor's product buffer zone is very large. When the throughput is tested, the throughput exceeds the line speed: after the test is stopped, the vro settings continue forwarding data packets for 17 seconds. This results in the absurd high-latency measurement.