L7-filter Performance

There have not been any rigorous performance tests of l7-filter (that we know about). However, anecdotal evidence seems to suggest that it is fairly efficient. Here are some configurations that have been reported.

Note that different protocols take different amounts of processing power to match. For heavily loaded networks, you might not have enough processing power use the more processor intensive ones. The protocols page gives information about the speeds of all the patterns so that you can choose which to use.

Kernel version

2.8GHz computer serving 300-400 home users. Filters P2P with a load average of 0.01.
2GHz Dell PowerEdge 650 with 1 GB of RAM serving 100-150 clients. Filters streaming audio and video, P2P & messenger applications. "No hiccups."
Filters P2P on a college dorm network with about 100 students. (Computer stats unknown but was an upgrade from a K6-2 333Mhz.)
Dual 1.2GHz, 512MB Dell PowerEdge serving 100-150 clients, shaping P2P and FTP on a "heavily loaded network". Load average: 0.15
AMD Atlhon XP 3200+ 1GB RAM (DDR-400), using edonkey, fasttrack, gnutella, and bittorrent patterns and about 100 iptables rules for firewalling, 700-1000 simultaneous users. With 20Mbits of traffic CPU usage about 35%. With 27Mbits of traffic CPU usage about 53%. The load average is usually 0.02, with a few spikes of 0.2 in the worst case.
When using the slowest patterns at 90Mbps throughput on a P4 3.0GHz with 1GB RAM, the machine chokes, but it works fine with the faster ones or with only 10Mbps of traffic.
Filtering 30Mbit down, 25Mbit up, 500-600 users, ~75000 connections. P4 3.0GHz with 3GB of RAM. Using l7-filter and IPP2P to identify P2P, VoIP (SIP+Skype), HTTP, FTP, SSH, and SMTP. CPU usage ~70%, load average 0.1-0.3.

Userspace version

No information yet.