Enterprise Filter Performance
Applies to Netsweeper Version 3 and below.
Generally, the Netsweeper Enterprise Filter is capable of intercepting a maximum of 140Mbps of traffic. On 64 bit systems with over 8GB of memory it is possible to reconfigure the Enterprise Filter to utilize more memory and process more traffic. All these settings affect memory and CPU utilization and caution should be taken when adjusting these settings.
How to improve CPU utilization and increase bandwidth
-
Disable all patterns except HTTP/HTTPS
Login to the WebAdmin and click System Tools > Protocol Patterns. deselect all enabled protocol check-boxes except for HTTP and SSL/TLS. Make sure the Reload patterns to all Policy Servers check-box is selected then click the Submit button. -
Disable CNS in the Policy Server Settings
Login to the WebAdmin and click System Tools > Services. Click on the appropriate Policy Server host, then click the More button and select Policy Server Settings. Comment out the cns_server directive or reduce the cns_server timeout value to zero. Click Submit and Restart Service to load the new configuration.
-
Increase the nsqueue_threads to 128 in the Policy Server Settings
Login to the WebAdmin and navigate to System Tools > Services. Select the appropriate Policy Server host, click the More button and select Policy Server Settings. Increase the nsqueue_threads directive from 64 to 128. Click Submit and Restart Service to load the new configuration.
Additional considerations
Changing the above generally will increase the number of connections going through the Enterprise Filter since more bandwidth can be run through the system. You may require adjusting the following if the above is changed and possibly depending on the type of network traffic going through the system:
-
Increase the maximum nsqueue entries in the Enterprise Filter Settings
Login to the WebAdmin and navigate to System Tools > Services. Click the appropriate host machine, then click the More button and select Enterprise Filter Settings. Scroll down to the nsef_modprobe_config directive and increase main_nsqueue_entry_max from 4096 to 8192. Click Submit and Restart Service to load the new configuration.. -
Increase the connection tracking hash buckets (Must have 8Gb or more memory on 64 bit)
Login to the WebAdmin and navigate to System Tools > Services. Click the appropriate host machine, then click the More button and select Enterprise Filter Settings. Scroll down to the nsef_modprobe_config directive and increase main_hash_buckets to 16384. Click Submit and Restart Service to load the new configuration.
Generally, reducing the enabled Protocol Patterns can significantly improve Enterprise Filter performance.
Reconfiguring in favour of the Capture Module framework
If this does not improve the through-put of your deployment, proceed with the following:
- During peak hours, when the Ethernet interface is dropping packets, stop the Enterprise Filter (from the System Tools > Services page). No traffic will be intercepted and processed by the Netsweeper when the Enterprise Filter service is stopped.
- If the Ethernet interface does not drop packets when the Enterprise Filter service is not running, you may garner a performance increase by reconfiguring in favor of the Capture Module framework.
For more information on configuring the Capture Module framework, please refer to our Capture Module configuration guide.