I have come across a strange issue regarding network driver filters on Windows. It seems that merely installing a network driver filter will cause a degradation in performance.
I am testing different scenarios of 1 Gigabit bandwidth connections and experience an increase in CPU interrupts and lower overall network utilization. The installed driver in question is completely in packet passthrough mode (No packet reaches usermode).
Is the driver to blame, or will every installed network filter driver cause degradation even when it is not doing anything rather than passing on the packets in kernel mode to the next driver on the stack?
What will be the effects of such a driver on a virtual machine?
After searching all over I have come to no conclusions. I would be very grateful for any advice whatsoever!
The OS has a fast-path for the case when NDIS filters are not present. Even if the filter does very little, its mere presence can inhibit the fast-path. There is another fast-path for when no WFP filter is installed. The WFP fast-path has an even more significant effect on performance. So it's not too surprising that installing a no-op filter (WFP or NDIS) will have a small effect on performance.
The effect should be so small that it should be difficult to measure. For NDIS, I expect much less than 1% impact to key metrics. For WFP, I expect less than 1% in small-scale (1Gbps), and possibly a little more at larger scale (10Gbps+). In no case should a typical PC struggle to operate a full line rate of 1Gbps, using synthetic workload data.
I issue a generic caution that performance measurement is subtle. It's way too easy to generate convincing graphs that are spoiled by some external factor. Be wary of drawing conclusions until you've thoroughly "debugged" your data itself.