第五章 網路安全防禦機制之效能測試分析
6.2. 未來工作
本研究尚有一些留待未來研究之問題,像是虛擬化縱深防禦架構沒 有一個主控台,因此未來可以建議開發一套網管系統針對所有虛擬化 防禦機制進行統一的控管,另外 Snort inline mode 的問題也值得我們 後續進行探討,如果將其進行程式碼最佳化,助其效能提升相信也會 是一個有趣之議題,例如將其改成同時多個執行緒能同時對多個佇列 進行過濾分析,這樣效能應該會有顯著之提升。
79
參 考 文 獻
[1] D. Kewley, J. Lowry, “Observations on the effects of defense in depth on adversary behavior in cyber warfare”, Proceedings of the IEEE SMC Information Assurance Workshop, West Point, New York, June 2001.
[2] Neiger, G., A. Santoni, F. Leung, D. Rodgers, and R. Uhlig, Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization. Intel Technology Journal, 10 August 2006. 10(03): p.
167-178.
[3] R. Hiremane. Intel Virtualization Technology for Directed I/O (Intel VT-d). Technology@Intel Magazine, 4(10), May 2007.
[4] Y. Koh, C. Pu, Y. Shinjo, H. Eiraku, G. Saito, D. Nobori, “Improving Virtualized Windows Network Performance by Delegating Network Processing”, In Proceedings of the IEEE Conference on Network Computing and Applications (NCA), 2009.
[5] S. Nanda and T. Chiueh, “A survey of virtualization technologies,”
Stony Brook University, Tech. Rep. TR-179, Feb. 2005.
[6] C-H. Hsu and U. Kremer, “A framework for automatic construction of performance predication models”, In Proceedings of the 1st Workshop on Feedback-Directed Optimization, October 1998.
[7] D. Mosberger and T. Jin, “httperf: A tool for measuring Web server Performance”, In First Workshop on Internet Server Performance (WISP), HP Labs report HPL-98-61, June 1998.
[8] L. Liu, H. Wang, X. Liu, X. Jin, W. He, Q. Wang, and Y. Chen,
“GreenCloud: a new architecture for green data center”, In 6th
international conference industry session on Autonomic computing and
80
communications, pages 29-38. ACM New York, NY, USA, 2009.
[9] Bhattacharya, S.P., Apte, V, “A Measurement Study of the Linux TCP/IP Stack Performance and Scalability on SMP systems”, In Proceedings of the 1st International Conference on COMmunication Systems softWAre and middlewaRE (COMSWARE), New Delhi (2006).
[10] G. Vallee, T. Naughton, C. Engelmann, H. Ong, and S. Scott,
“System-level virtualization for high performance computing,” Parallel, Distributed and Network-Based Processing, 2008. PDP 2008. 16th Euromicro Conference on, pp. 636–643, Feb. 2008.
[11] R. P. Lippmann et al, “Validating and restoring defense in depth using attack graphs”, In Proceedings of MILCOM 2006, Washington, DC.
[12] P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R.
Neugebauer, I. Pratt, and A. Warfield, “Xen and the art of
virtualization”, In SOSP ’03: Proceedings of the nineteenth ACM symposium on Operating systems principles, pages 164–177, New York, NY, USA, 2003. ACM.
[13] 黃能富,朱彥銘,林元偉,陳昶安,陳世興,賴昇鴻。網路安全縱 深防禦系統之研製。行政院國家科學委員會專題研究計畫成果報 告,已出版,新竹市。
[14] 曾宇瑞(2000)。網路安全縱深防護機制之研究。國立中央大學資 訊管理研究所碩士論文,未出版,桃園縣。
[15] 吳金庭(2008)。以 Snort 偵測並封鎖網路異常行為之研究。國立交 通大學理學院碩士論文。未出版,新竹市。
[16] 周海刚,邱正伦,肖军模(2005)。网络主动防御安全模型及体系结 构。解放军理工大学通信工程学院論文,解放军理工大学学报(自
81
然科学版),江苏南京。
[17] RFC 1918- Address Allocation for Private Internets,
"http://www.faqs.org/rfcs/rfc1918.html".
[18] Wikipedia- Firewll(computing),
"http://en.wikipedia.org/wiki/Firewall_(computing)".
[19] Wikipedia- Virtualization,
"http://en.wikipedia.org/wiki/Virtualization".
[20] Wikipedia- Xen, "http://en.wikipedia.org/wiki/Xen".
[21] Eicar, "http://www.eicar.org".
[22] CentOS, "http://www.centos.org/".
[23] N-Stalker The Web Security Specialists, "http://www.nstalker.com/".
[24] Snort, "http://www.snort.org/".
[25] HAVP - HTTP Anti Virus Proxy - The web antivirus solution,
"http://www.server-side.de/".
[26] ClamAV, "http://www.clamav.net/lang/en/".
82
# Enviroment Varible
EXTIF="eth0" # External Interface INIF="eth1" # Internal Interface
# Internal Network
EXTNET=”140.10.10.0/24”
INNET="192.168.0.0/24"
EXTWEB="140.10.10.10"
INWEB="192.168.0.10"
export EXTIF INIF EXTNET INNET EXTWEB INWEB
# For Local Firewall Setting
# 1.System parameter setting
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo "1" > $i done
for i in /proc/sys/net/ipv4/conf/*/log_martians; do echo "1" > $i
done
for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo "0" > $i
done
#!/bin/bash
# Enviroment Varible
EXTIF="eth0" # External Interface INIF="eth1" # Internal Interface
# Internal Network
EXTNET=”140.10.10.0/24”
INNET="192.168.0.0/24"
EXTWEB="140.10.10.10"
INWEB="192.168.0.10"
export EXTIF INIF EXTNET INNET EXTWEB INWEB
# For Local Firewall Setting
# 1.System parameter setting
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo "1" > $i done
for i in /proc/sys/net/ipv4/conf/*/log_martians; do echo "1" > $i
done
for i in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo "0" > $i
done
83
for i in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo "0" > $i
done
for i in /proc/sys/net/ipv4/conf/*/send_redirects; do echo "0" > $i
done
# 2.Clear rule,default policies,loopback interface allow PATH=/sbin:/usr/sbin:/bin:usr/bin; export PATH
iptables -F iptables -X iptables -Z
iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT
# 3.Start extra firewall script moudles
if [ -f /usr/local/iptables/iptables.deny ]; then
sh /usr/local/iptables/iptables.deny fi
if [ -f /usr/local/iptables/iptables.allow ]; then
sh /usr/local/iptables/iptables.allow fi
iptables -A INPUT -m state --state ESTABLISHED -j \ ACCEPT
# 4.Allow some kinds of ICMP packets incomming AICMP="0 3 3/4 4 11 12 14 16 18"
for tyicmp in $AICMP
for i in /proc/sys/net/ipv4/conf/*/accept_redirects; do echo "0" > $i
done
for i in /proc/sys/net/ipv4/conf/*/send_redirects; do echo "0" > $i
done
# 2.Clear rule,default policies,loopback interface allow PATH=/sbin:/usr/sbin:/bin:usr/bin; export PATH
iptables -F iptables -X iptables -Z
iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT
# 3.Start extra firewall script moudles
if [ -f /usr/local/iptables/iptables.deny ]; then
sh /usr/local/iptables/iptables.deny fi
if [ -f /usr/local/iptables/iptables.allow ]; then
sh /usr/local/iptables/iptables.allow fi
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
# 4.Allow some kinds of ICMP packets incomming AICMP="0 3 3/4 4 11 12 14 16 18"
for tyicmp in $AICMP
84
do
iptables -A INPUT -i $EXTIF -p icmp --icmp-type $tyicmp\ -j ACCEPT done
# 5.Allow some kinds of service incomming
iptables -A INPUT -p TCP -i EXTIF --dport 22 -j ACCEPT
# For Internal Server firewall rules setting
# 1.Load moudles
modules="Ip_tables ip_nat ip_nat_ftp ip_nat_irc \ ip_conntrack ip_conntrack_ftp ip_conntrack_irc"
for mod in $modules do
# 2.Clear NAT Table rule iptables -F -t nat
iptables -X -t nat iptables -Z -t nat
iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT
# 3.Open ip_forward if [ "$INIF" != "" ]; then
iptables -A INPUT -i $INIF -j ACCEPT echo "1" > /proc/sys/net/ipv4/ip_forward
do
iptables -A INPUT -i $EXTIF -p icmp --icmp-type $tyicmp -j ACCEPT done
# 5.Allow some kinds of service incomming
iptables -A INPUT -p TCP -i EXTIF --dport 22 -j ACCEPT
# For Internal Server firewall rules setting
# 1.Load moudles
modules="Ip_tables ip_nat ip_nat_ftp ip_nat_irc ip_conntrack \ ip_conntrack_ftp ip_conntrack_irc"
for mod in $modules do
# 2.Clear NAT Table rule iptables -F -t nat
iptables -X -t nat iptables -Z -t nat
iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT
# 3.Open ip_forward if [ "$INIF" != "" ]; then
iptables -A INPUT -i $INIF -j ACCEPT echo "1" > /proc/sys/net/ipv4/ip_forward
85
if [ "$INNET" != "" ]; then for innet in $INNET
do
iptables -t nat -A POSTROUTING -s $innet -o \ $EXTIF -j MASQUERADE
done fi
fi
# 4.Internal Server static NAT
iptables -t nat -A PREROUTING -i $EXTIF -d $EXTWEB -j \ DNAT --to $INWEB
iptables -t nat -A POSTROUTING -o $EXTIF -s $INWEB -j \ SNAT --to $EXTWEB
# 5.Proxy-ARP
arp -i $EXTIF -s $EXTWEB xx:xx:xx:xx:xx:xx pub route add -host $EXTWEB $INIF
if [ "$INNET" != "" ]; then
for innet in $INNET do
iptables -t nat -A POSTROUTING -s $innet -o \ $EXTIF -j MASQUERADE
done fi
fi
# 4.Internal Server static NAT
iptables -t nat -A PREROUTING -i $EXTIF -d $EXTWEB -j \ DNAT --to $INWEB
iptables -t nat -A POSTROUTING -o $EXTIF -s $INWEB -j \ SNAT --to $EXTWEB
# 5.Proxy-ARP
arp -i $EXTIF -s $EXTWEB xx:xx:xx:xx:xx:xx pub route add -host $EXTWEB $INIF
86
Iptables.allow
#!/bin/bash
# Local Chain
iptables -A INPUT -i $EXTIF -s $EXTNET -j ACCEPT iptables -A INPUT -i $INIF -s $INNET -j ACCEPT
# Forward Chain
# Out to In
iptables -A FORWARD -i $EXTIF -o $INIF -m state --state \ ESTABLISHED,RELATED -j LOG --log-prefix "ACCEPT \ state packet: "
iptables -A FORWARD -i $EXTIF -o $INIF -m state --state \ ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INIF -p tcp -d $INWEB \ --dport 80 -j LOG --log-prefix "ACCEPT web server packet: "
iptables -A FORWARD -i $EXTIF -o $INIF -p tcp -d $INWEB \ --dport 80 -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INIF -p icmp -d \ $INWEB -j LOG --log-prefix "ACCEPT ICMP packet: "
iptables -A FORWARD -i $EXTIF -o $INIF -p icmp -d \ $INWEB -j ACCEPT
# In to Out
iptables -A FORWARD -i $INIF -o $EXTIF -p tcp \
--dport 80 –j LOG --log-prefix "ACCEPT go out web packet: "
iptables -A FORWARD -i $INIF -o $EXTIF -p tcp \ --dport 80 -j ACCEPT
iptables -A FORWARD -i $INIF -o $EXTIF -p icmp -j LOG \ --log-prefix "ACCEPT go out icmp packet: "
#!/bin/bash
# Local Chain
iptables -A INPUT -i $EXTIF -s $EXTNET -j ACCEPT iptables -A INPUT -i $INIF -s $INNET -j ACCEPT
# Forward Chain
# Out to In
iptables -A FORWARD -i $EXTIF -o $INIF -m state --state \ ESTABLISHED,RELATED -j LOG --log-prefix "ACCEPT state \ packet: "
iptables -A FORWARD -i $EXTIF -o $INIF -m state --state \ ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INIF -p tcp -d $INWEB \ --dport 80 -j LOG --log-prefix "ACCEPT web server packet: "
iptables -A FORWARD -i $EXTIF -o $INIF -p tcp -d $INWEB \ --dport 80 -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INIF -p icmp -d $INWEB –j \ LOG --log-prefix "ACCEPT ICMP packet: "
iptables -A FORWARD -i $EXTIF -o $INIF -p icmp -d $INWEB –j \ ACCEPT
# In to Out
iptables -A FORWARD -i $INIF -o $EXTIF -p tcp --dport 80 –j LOG \ --log-prefix "ACCEPT go out web packet: "
iptables -A FORWARD -i $INIF -o $EXTIF -p tcp --dport 80 –j \ ACCEPT
iptables -A FORWARD -i $INIF -o $EXTIF -p icmp -j LOG \ --log-prefix "ACCEPT go out icmp packet: "
87
iptables -A FORWARD -i $INIF -o $EXTIF -p icmp -j \ ACCEPT iptables -A FORWARD -i $INIF -o $EXTIF -m state –state \
ESTABLISHED,RELATED -j LOG --log-prefix "ACCEPT \ state packet: "
iptables -A FORWARD -i $INIF -o $EXTIF -m state –state \ ESTABLISHED,RELATED -j ACCEPT
Iptables.deny
#!/bin/bash
# Forward Chain
# Out to In
iptables -A FORWARD -i $EXTIF -o $INIF -m state –state \ INVALID -j LOG --log-prefix "DROP invalid packet: "
iptables -A FORWARD -i $EXTIF -o $INIF -m state –state \ INVALID -j DROP
# In to Out
iptables -A FORWARD -i $INIF -o $EXTIF -m state –state \ INVALID -j LOG --log-prefix "DROP invalid packet: "
[27] iptables -A FORWARD -i $INIF -o $EXTIF -m state –state \ INVALID -j DROP
#!/bin/bash
# Forward Chain
# Out to In
iptables -A FORWARD -i $EXTIF -o $INIF -m state –state INVALID \ -j LOG --log-prefix "DROP invalid packet: "
iptables -A FORWARD -i $EXTIF -o $INIF -m state –state INVALID \ -j DROP
# In to Out
iptables -A FORWARD -i $INIF -o $EXTIF -m state –state INVALID \ -j LOG --log-prefix "DROP invalid packet: "
iptables -A FORWARD -i $INIF -o $EXTIF -m state –state INVALID \ -j DROP
iptables -A FORWARD -i $INIF -o $EXTIF -p icmp -j ACCEPT iptables -A FORWARD -i $INIF -o $EXTIF -m state –state \ ESTABLISHED,RELATED -j LOG --log-prefix "ACCEPT state \ packet: "
iptables -A FORWARD -i $INIF -o $EXTIF -m state –state \ ESTABLISHED,RELATED -j ACCEPT
88 量(Throughput)差異並不大,約 940Mbits/sec 左右,PPS(Packet per Second)約達 81000 個以上,而封包遺失率是 0%。其餘情況如表 7 至 表 11 所示。
表 6 iperf 網路效能測試數據-無防禦設備
P=1 Payload size Throughput(Mbits/sec) PPS packet loss (%)
8k 941 81302 0
P=5 Payload size Throughput(Mbits/sec) PPS packet loss (%)
8k 941 81391 0
P=10 Payload size Throughput(Mbits/sec) PPS packet loss (%)
8k 941 81515 0
P=20 Payload size Throughput(Mbits/sec) PPS packet loss (%)
89
P=50 Payload size Throughput(Mbits/sec) PPS packet loss (%)
8k 941 82475 0
P=100 Payload size Throughput(Mbits/sec) PPS packet loss (%)
8k 941 83578 0
P=1 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 862.00 74982 0
P=5 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 865.00 75029 0
16k 866.00 75186 0
24k 867.00 75182 0
128k 864.00 74963 0
512k 865.00 74986 0
90
1448k 865.00 75026 0
P=10 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 888.00 77028 0
P=20 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 882.00 76748 0
P=50 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 852.00 76172 0
P=100 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 869.00 75927 0
P=1 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 564 48,732 0
16k 576 49,700 0
24k 570 49,201 0
91
128k 567 48,931 0
512k 569 49,099 0
1448k 588 50,740 0
P=5 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 580 50,467 0
P=10 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 634 55,531 0
P=20 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 583 51,896 13
P=50 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 562 51,802 0
P=100 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 591 55,486 6
16k 585 54,945 0
24k 603 56,491 0
128k 595 56,105 6
92
512k 576 55,151 20
1448k 606 59,399 0
表 9 iperf 網路效能測試數據-虛擬化縱深防禦(有 IPS)
P=1 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 103 8,990 6
P=5 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 98.9 9,041 0
P=10 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 103 9,266 20
P=20 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 89.5 8,547 13
P=50 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 68.4 8,449 13
16k 53.6 8,726 6
24k 47.2 9,198 6
93
128k 42 9,114 6
512k 77.6 9,461 20
1448k 79.3 11,621 13
P=100 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 32.6 8,642 20
P=1 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 909 78509 0
P=5 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 939 81237 0
P=10 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 940 81461 0
P=20 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 940 81699 0
16k 937 81554 0
94
24k 937 81697 0
128k 937 81506 0
512k 937 81650 0
1448k 937 82107 0
P=50 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 828 82412 0
P=100 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 817 83499 0
P=1 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 119 10309 13
P=5 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 100 10408 6
P=10 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 116 10423 6
95
16k 112 10598 6
24k 115 10541 0
128k 118 10682 0
512k 120 10973 0
1448k 117 10935 0
P=20 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 97.8 10445 26
16k 95.4 10706 13
24k 115 10703 6
128k 120 11122 6
512k 113 11050 13
1448k 117 11651 20
P=50 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 101 10873 13
16k 110 10992 0
24k 101 11096 20
128k 77.6 10762 6
512k 67.7 11857 13
1448k 110 12751 6
P=100 Payload Size Throughput(Mbits/sec) PPS packet loss (%)
8k 39.8 10756 13
16k 11.7 7715 6
24k 30.7 9910 6
128k 22.2 11134 6
512k 35.1 12878 20
1448k 76.2 14957 0
96 的檔案大小時,在每秒 100 個 requests、每秒 300 個 requests、每秒 500 個 requests 到每秒 700 個 reqeusts,其 Response Time 及 Request/Replies 錯誤率都沒什麼太大的變化,而每秒封包數則呈現等 比成長。其餘情況如表 13 至表 17 所示。
表 12 httperf 網路效能測試數據-無防禦設備
File size
100 requests/sec 300 requests/sec
Avg. Client
Error Rate 0.00 Request/Replies
Error Rate 0.00
Error Rate 0.00 Request/Replies
Error Rate 0.00
File size
500 requests/sec 700 requests/sec
Avg. Client
97
Request/Replies
Error Rate 0.00 Request/Replies
Error Rate 0.00
Error Rate 0.00 Request/Replies
Error Rate 0.00 表 13 httperf 網路效能測試數據-整合威脅管理系統
File size
100 requests/sec 300 requests/sec
Avg. Client
Error Rate 0.00 Request/Replies
Error Rate 0.00
Error Rate 0.00 Request/Replies
Error Rate 0.00
File size
500 requests/sec 700 requests/sec
Avg. Client
Error Rate 0.00 Request/Replies
Error Rate 0.00
98
Request/Replies
Error Rate 0.00 Request/Replies
Error Rate 0.02 表 14 httperf 網路效能測試數據-虛擬化縱深防禦(無 IPS)
File size
100 requests/sec 300 requests/sec Avg. Client
Error Rate 0.00 Request/Replies
Error Rate 0.00
Error Rate 0.00 Request/Replies
Error Rate 0.00
File size
500 requests/sec 700 requests/sec
Avg. Client
Error Rate 0.00 Request/Replies
Error Rate 0.00
Error Rate 0.00 Request/Replies
Error Rate 0.14
99
表 15 httperf 網路效能測試數據-虛擬化縱深防禦(有 IPS)
File size
100 requests/sec 300 requests/sec
Avg. Client (input)
Client
(output) Avg. Client (input)
Error Rate 0.00 Request/Replies
Error Rate 0.00
Error Rate 0.00 Request/Replies
Error Rate 0.05
File size
500 requests/sec 700 requests/sec
Avg. Client
Error Rate 0.00 Request/Replies
Error Rate 0.00
45k
PPS 6592 4220 PPS 6545 4191
Response
Time(ms) 907.8 Response
Time(ms) 973.7 Request/Replies
Error Rate 0.15 Request/Replies
Error Rate 0.24 表 16 httperf 網路效能測試數據-傳統縱深防禦(無 IPS)
File size
100 requests/sec 300 requests/sec
Avg. Client
100
500 requests/sec 700 requests/sec
Avg. Client
Error Rate 0.00 Request/Replie
s Error Rate 0.00
Error Rate 0.00 Request/Replie
s Error Rate 0.00 表 17 httperf 網路效能測試數據-傳統縱深防禦(有 IPS)
File size
100 requests/sec 300 requests/sec Avg. Client
Response 1.0 Response 234.8
101
Time(ms) Time(ms) Request/Replies
Error Rate 0.00 Request/Replies
Error Rate 0.01
File size
500 requests/sec 700 requests/sec
Avg. Client
Error Rate 0.00 Request/Replie
s Error Rate 0.00
45k
PPS 9648 6116 PPS 9945 6403
Response
Time(ms) 627.3 Response
Time(ms) 601.9 Request/Replies
Error Rate 0.07 Request/Replie
s Error Rate 0.13