Hello,
In my evaluation of Astaro ASG running in a Virtual Machine a noticed that the IPS feature seems to have an excessive impact on the VM performance.
This morning I was copying a ISO image from the outside interface to an internal network so all the traffic was being routed through the Astaro FW.
The VM is configured as default (1GB of RAM) and the ESX Server has 4 Intel Xeon E7440 (quad core, 2.4 GHz). There were no other VMs running on the system at the time.
The external interface was connected at 100 Mbps and only the IPS service was enabled (except for about 7 additional firewall rules).
When I started to copy (standard SMB/CIFS copy), the CPU usage (from the Astaro Dashboard) jumped to 99% and stayed there. The copy wasn't even going full speed and maxing out at about 5/6 MB/s.
I decided to try stopping the IPS service and then the CPU usage dropped to about 4% and the copy transfer rate bumped at 10/11 MB/s.
The VM is running on a very powerful machine that was empty at the time. I checked the CPU %READY value on the ESX host just to make sure that I wasn't experiencing a scheduling problem (almost impossible since there were no other VMs running) and in fact it came out empty (0.00).
I wonder.. is this expected ? is it something that would have happened also on a physical appliance ?
Regards,
Ettore
This thread was automatically locked due to age.
