Hi all,
We are evaluting the ASL 5.05 content filter and are having serious performance issues. Our Routers are doing source routing of http requests on port 80 traffic to the ASL. No other traffic touches the box. There is only one rule activated in the content filter and that is to block porn for all our networks. There are no user / group configurations. Otherwise the box is a standard installation.
The hardware is a dell 2.8GHz machine, 1GB Ram, and a Gbit Ethernet Interface.
Here are a few of our observations.
50 Users:
CPU Load: 0.1
Memory Usage: 150MB
Traffic: 500Kbit
Connections: 600
Http Pages: 600
DNS Queries: 0.5
TOP Stats: CPU usage: 1-10 Procent
No Performance downgrades.
200 Users:
CPU Load: 0.2
Memory Usage: 160MB
Traffic: 1.2Mbit
Connections: 2000
Http Pages: 2500
DNS Queries: 1.5
TOP Stats: CPU usage: 10-25 Procent
Very minor lag in some obscure sites (comparable to current solution with 600 users)
450 Users:
CPU Load: 0.6
Memory Usage: 190MB
Traffic: 2.2Mbit
Connections: 3500
Http Pages: 4500
DNS Queries: 2.4
TOP Stats: CPU usage: 30-60 Procent
2-8 seconds lag between loading of any page. At this point our IT director pulled the plug.
We are testing several solutions (because of the cost of our current solution), however I would like to see the ASL implemented. It has other very useful features which we could use in our corporation.
There are no caching servers in our network and this is not an option. Our pipes are also quite thick so there is no bottle neck there.
What I think is happening is that the DNS queries are killing the machine. So I activated the DNS cache and rerouted (i think) the queries to our DNS caching server but I didnt actually do a packet capture on the network to verify this. This produced a very minor improvement.
TOP also reported some fairly large spikes in processes like syslog-ng, alicd, and a few others.
So does anyone else have a large user base using the content filter?
Suggestions?
This thread was automatically locked due to age.
