firewalla-mcp-server

MIT License

firewalla-mcp-server
docs

limits-and-performance-guide.md•16.6 kB

# Firewalla MCP Server - Limits and Performance Guide This guide provides comprehensive documentation on limit configurations, performance rationale, and optimization strategies for the Firewalla MCP Server. ## Table of Contents - [Overview](#overview) - [Limit Configuration Philosophy](#limit-configuration-philosophy) - [Tool-Specific Limits](#tool-specific-limits) - [Performance Tier System](#performance-tier-system) - [Limit Rationale by Operation Type](#limit-rationale-by-operation-type) - [Historical Context: Resolved Discrepancies](#historical-context-resolved-discrepancies) - [Performance Optimization Strategies](#performance-optimization-strategies) - [Monitoring and Tuning](#monitoring-and-tuning) - [Best Practices](#best-practices) - [Conclusion](#conclusion) ## Overview The Firewalla MCP Server implements a sophisticated limit system designed to balance functionality, performance, and resource utilization. Each tool has carefully chosen limits based on: - **API Performance Characteristics**: Different Firewalla API endpoints have varying response times - **Data Processing Complexity**: Search operations require more resources than simple retrievals - **Memory Usage Patterns**: Large datasets need controlled limits to prevent memory exhaustion - **Network Bandwidth**: Higher limits can cause network saturation - **User Experience**: Reasonable response times for interactive usage ## Limit Configuration Philosophy ### Design Principles 1. **Performance First**: Limits ensure responsive operation under normal usage 2. **Resource Protection**: Prevent memory exhaustion and API overload 3. **Consistency**: Similar operations have similar limits for predictable behavior 4. **Scalability**: Limits allow concurrent usage without degradation 5. **Flexibility**: Different tool types have appropriate limits for their use cases ### Centralized Configuration All limits are centrally managed in `/src/config/limits.ts`: ```typescript export const STANDARD_LIMITS = { BASIC_QUERY: 1000, // Standard data retrieval operations SEARCH_FLOWS: 1000, // Flow search operations SEARCH_ALARMS: 1000, // Alarm search operations BANDWIDTH_ANALYSIS: 500, // Bandwidth-intensive operations CROSS_REFERENCE: 2000, // Complex correlation operations RULES_SUMMARY: 2000, // Rule analysis operations STATISTICS: 100, // Statistical operations (fixed results) } ``` ## Tool-Specific Limits ### Basic Data Retrieval Tools (Limit: 1000) **Tools**: `get_active_alarms`, `get_device_status`, `get_flow_data`, `get_network_rules`, `get_target_lists`, `get_most_active_rules`, `get_recent_rules` **Rationale**: - Simple API calls with minimal server-side processing - Direct data retrieval without complex transformations - Balanced between useful result sets and performance - Most common use case covers 90% of user needs with <1000 results **Performance Characteristics**: - Average response time: 200-500ms - Memory usage: 10-50MB per request - Network bandwidth: 1-5MB per request - CPU usage: Low ### Search Operations (Limit: 1000) **Tools**: `search_flows`, `search_alarms`, `search_rules`, `search_devices`, `search_target_lists` **Rationale**: - Search operations involve query parsing and filtering - Results often require additional processing and normalization - Maintains consistency across all search tools - Provides sufficient data for analysis while ensuring responsiveness **Performance Characteristics**: - Average response time: 500-1500ms - Memory usage: 20-100MB per request - Network bandwidth: 2-10MB per request - CPU usage: Medium **Example Usage**: ```bash # Typical search that benefits from 1000 limit search_flows query:"severity:high AND protocol:tcp" limit:800 # Complex search requiring full limit search_alarms query:"(severity:high OR severity:critical) AND source_ip:192.168.*" limit:1000 ``` ### Geographic Search Operations (Limit: 1000) **Tools**: `search_flows_by_geography`, `search_alarms_by_geography`, `get_geographic_statistics` **Rationale**: - Geographic data requires additional IP geolocation processing - Results include enriched geographic metadata - Consistent with standard search operations - Geographic filtering often naturally limits result sets **Performance Characteristics**: - Average response time: 800-2000ms - Memory usage: 30-150MB per request (includes geo data caching) - Network bandwidth: 3-15MB per request - CPU usage: Medium-High (due to geographic enrichment) ### Bandwidth Analysis Operations (Limit: 500) **Tools**: `get_bandwidth_usage` **Rationale**: - Bandwidth data requires intensive aggregation and sorting - Each device record includes multiple bandwidth metrics - Memory usage increases significantly with device count - Response time degrades rapidly beyond 500 devices **Performance Characteristics**: - Average response time: 1000-3000ms - Memory usage: 50-200MB per request - Network bandwidth: 5-20MB per request - CPU usage: High (aggregation and sorting) **Memory Usage Pattern**: ```typescript // Memory usage scales significantly with device count const memoryUsageEstimate = { 100_devices: '20MB', 500_devices: '100MB', // Optimal limit 1000_devices: '250MB', // Causes performance issues 2000_devices: '500MB+' // Risk of memory exhaustion } ``` ### Cross-Reference Operations (Limit: 2000) **Tools**: `search_cross_reference`, `search_enhanced_cross_reference` **Rationale**: - Cross-reference operations correlate data across multiple entities - Higher limits provide better correlation analysis - Complex algorithms require more data points for accuracy - Results are highly valuable for security analysis **Performance Characteristics**: - Average response time: 2000-5000ms - Memory usage: 100-300MB per request - Network bandwidth: 10-30MB per request - CPU usage: Very High (correlation algorithms) **Correlation Effectiveness by Limit**: ```typescript const correlationQuality = { 500_results: 'Basic patterns detectable', 1000_results: 'Good pattern recognition', 2000_results: 'Excellent correlation analysis', // Current limit 5000_results: 'Comprehensive but slow' } ``` ### Rules Summary Operations (Limit: 2000) **Tools**: `get_network_rules_summary` **Rationale**: - Rule summary operations analyze rule effectiveness and patterns - Higher limits provide better statistical analysis - Most organizations have <2000 active rules - Reduced from the original 10000 limit for better performance **Performance Characteristics**: - Average response time: 1500-4000ms - Memory usage: 75-250MB per request - Network bandwidth: 8-25MB per request - CPU usage: High (statistical analysis) ### Offline Device Operations (Limit: 1000) **Tools**: `get_offline_devices` **Rationale**: - Offline device detection requires timestamp analysis - Results sorted by last-seen time - 1000 offline devices indicate significant network issues - Consistent with other device operations **Performance Characteristics**: - Average response time: 300-800ms - Memory usage: 15-75MB per request - Network bandwidth: 2-8MB per request - CPU usage: Medium (timestamp sorting) ### Statistical Operations (Limit: 100) **Tools**: `get_simple_statistics`, `get_statistics_by_region`, `get_statistics_by_box` **Rationale**: - Statistical operations return fixed-size summary data - Low limit prevents unnecessary API load - Results are aggregated summaries, not individual records - 100 statistical entries provide a comprehensive overview **Performance Characteristics**: - Average response time: 100-300ms - Memory usage: 5-25MB per request - Network bandwidth: 0.5-2MB per request - CPU usage: Low ## Performance Tier System The server categorizes tools into performance tiers based on resource usage: ### Tier 1: Simple Operations (Limit: 1000) **Tools**: Basic data retrieval, standard searches **Characteristics**: Fast API calls, minimal processing **Response Time Target**: <1 second ### Tier 2: Moderate Operations (Limit: 500) **Tools**: Bandwidth analysis, geographic searches **Characteristics**: Data aggregation, enrichment processing **Response Time Target**: <3 seconds ### Tier 3: Complex Operations (Limit: 200-2000) **Tools**: Cross-reference analysis, statistical summaries **Characteristics**: Advanced algorithms, correlation analysis **Response Time Target**: <5 seconds ### Tier 4: Statistical Operations (Limit: 100) **Tools**: Summary statistics, trend analysis **Characteristics**: Aggregated results, minimal data volume **Response Time Target**: <1 second ## Limit Rationale by Operation Type ### Security Operations **High Priority**: Security analysis requires comprehensive data - `get_active_alarms`: 1000 (covers typical alert volumes) - `search_alarms`: 1000 (sufficient for threat investigation) - `search_enhanced_cross_reference`: 2000 (security correlation needs more data) ### Network Analysis **Performance Balanced**: Network operations balance detail with speed - `get_flow_data`: 1000 (typical network monitoring needs) - `search_flows`: 1000 (sufficient for traffic analysis) - `get_bandwidth_usage`: 500 (intensive processing requires lower limit) ### Device Management **Practical Limits**: Based on typical network sizes - `get_device_status`: 1000 (covers medium-sized networks) - `get_offline_devices`: 1000 (consistent with device operations) - `search_devices`: 1000 (sufficient for device discovery) ### Rule Management **Administrative Focus**: Rule operations serve administrative needs - `get_network_rules`: 1000 (typical rule set size) - `get_network_rules_summary`: 2000 (comprehensive analysis) - `search_rules`: 1000 (sufficient for rule discovery) ## Historical Context: Resolved Discrepancies ### Pre-v1.0.0 Issues Before the centralized limits system, the server had significant inconsistencies: #### Limit Discrepancies Found and Fixed 1. **Search Tools Inconsistency**: - **Before**: `search_alarms` (5000), `search_flows` (1000), `search_rules` (3000) - **After**: All search tools standardized to 1000 - **Impact**: Reduced memory usage by 60-80% for alarm searches 2. **Geographic Tools Mismatch**: - **Before**: `search_flows_by_geography` (1000), `search_alarms_by_geography` (5000) - **After**: Both standardized to 1000 - **Impact**: Consistent performance across geographic operations 3. **Rules Summary Over-limit**: - **Before**: `get_network_rules_summary` (10000) - **After**: Reduced to 2000 - **Impact**: Response time improved from 15–30 seconds to 3–5 seconds 4. **Device Search Variation**: - **Before**: `search_devices` (2000) - **After**: Standardized to 1000 - **Impact**: Improved consistency with other search operations #### Schema vs Implementation Discrepancies: 1. **Tool Schemas Showed Higher Limits**: - Schema definitions showed maximum limits of 5000-10000 - Actual implementations used varying limits - **Resolution**: Updated schemas to match actual performance-tested limits 2. **Parameter Validation Inconsistency**: - Some tools accepted limits higher than optimal - Validation occurred too late in processing pipeline - **Resolution**: Centralized validation with performance-based limits ### Performance Impact of Fixes: ```typescript const performanceImprovements = { 'search_alarms': { before: { limit: 5000, avgResponseTime: '8-15s', memoryUsage: '400-800MB' }, after: { limit: 1000, avgResponseTime: '1-3s', memoryUsage: '80-150MB' }, improvement: 'Response time: 80% faster, Memory: 75% reduction' }, 'get_network_rules_summary': { before: { limit: 10000, avgResponseTime: '15-30s', memoryUsage: '800MB-1.5GB' }, after: { limit: 2000, avgResponseTime: '3-5s', memoryUsage: '200-400MB' }, improvement: 'Response time: 83% faster, Memory: 70% reduction' }, 'search_devices': { before: { limit: 2000, avgResponseTime: '3-6s', memoryUsage: '150-300MB' }, after: { limit: 1000, avgResponseTime: '1-2s', memoryUsage: '75-150MB' }, improvement: 'Response time: 67% faster, Memory: 50% reduction' } } ``` ## Performance Optimization Strategies ### Request Optimization 1. **Use Specific Queries**: Narrow queries reduce processing time ```bash # Good: Specific query search_flows query:"protocol:tcp AND severity:high" limit:100 # Avoid: Broad query with high limit search_flows query:"protocol:tcp" limit:1000 ``` 2. **Pagination for Large Datasets**: Use cursor-based pagination ```bash # First request search_flows query:"timestamp:>NOW-24h" limit:500 # Subsequent requests with cursor search_flows query:"timestamp:>NOW-24h" limit:500 cursor:"eyJ0aW1lc3RhbXAi..." ``` 3. **Appropriate Limits**: Use the minimum limit that meets your needs ```bash # For quick overview get_active_alarms limit:50 # For detailed analysis get_active_alarms limit:500 # For comprehensive audit get_active_alarms limit:1000 ``` ### Memory Optimization 1. **Batch Processing**: Process large datasets in smaller chunks 2. **Query Filtering**: Use server-side filtering to reduce data transfer 3. **Limit Management**: Never request more data than you can process ### Cache Utilization 1. **Query Caching**: Identical queries benefit from 300-second cache 2. **Geographic Caching**: Location data cached for 1 hour 3. **Statistical Caching**: Summary data cached for optimal performance ## Monitoring and Tuning ### Performance Metrics Monitor these key metrics to validate limit effectiveness: ```typescript const performanceThresholds = { responseTime: { warning: 1000, // Log warning if >1 second error: 5000, // Log error if >5 seconds timeout: 10000 // Hard timeout at 10 seconds }, memoryUsage: { warning: 100 * 1024 * 1024, // 100MB error: 500 * 1024 * 1024, // 500MB critical: 1024 * 1024 * 1024 // 1GB }, concurrency: { optimal: 10, // Optimal concurrent requests warning: 25, // Performance degradation starts maximum: 50 // Maximum concurrent requests } } ``` ### Tuning Recommendations 1. **Monitor Response Times**: Adjust limits if response times exceed targets 2. **Track Memory Usage**: Reduce limits if memory usage becomes excessive 3. **Analyze Query Patterns**: Optimize limits based on actual usage patterns 4. **Load Testing**: Regular performance testing validates limit effectiveness ### Debug Configuration Enable performance debugging: ```bash # Enable comprehensive performance monitoring DEBUG=firewalla:performance,firewalla:limits npm run mcp:start # Monitor specific limit enforcement DEBUG=validation,limits npm run mcp:start # Track memory usage patterns DEBUG=memory,gc npm run mcp:start ``` ## Best Practices ### For Developers 1. **Respect Limits**: Never bypass or circumvent established limits 2. **Test Performance**: Validate that changes don't degrade performance 3. **Monitor Impact**: Track the effect of limit changes on system performance 4. **Document Changes**: Update this guide when modifying limits ### For Users 1. **Start Small**: Begin with smaller limits and increase as needed 2. **Use Pagination**: For large datasets, use cursor-based pagination 3. **Filter Effectively**: Use specific queries to reduce processing overhead 4. **Monitor Performance**: Be aware of response times and adjust usage accordingly ### For Administrators 1. **Regular Audits**: Periodically review limit effectiveness 2. **Performance Testing**: Run load tests to validate current limits 3. **Usage Analysis**: Monitor actual usage patterns vs. configured limits 4. **Capacity Planning**: Adjust limits based on infrastructure capabilities ## Conclusion The Firewalla MCP Server's limit system represents a carefully balanced approach to performance, functionality, and resource utilization. The centralized configuration in `/src/config/limits.ts` provides: - **Consistency**: All tools follow the same limit philosophy - **Performance**: Limits ensure responsive operation under load - **Maintainability**: Centralized configuration simplifies management - **Scalability**: Limits support concurrent usage without degradation By understanding the rationale behind each limit and following the optimization strategies outlined in this guide, users can achieve optimal performance while maximizing the value of their Firewalla MCP Server deployment. For questions or limit adjustment requests, refer to the performance monitoring section and conduct thorough testing before implementing changes.

Latest Blog Posts

OpenTelemetry for Model Context Protocol (MCP) Analytics and Agent Observability
By Om-Shree-0709 on .
observability
mcp
opentelemetry
Securing Enterprise AI Agents with Unique Identities in the Model Context Protocol (MCP)
By Om-Shree-0709 on .
When Your Year of Work Gets Copied Overnight: What Actually Matters?
By punkpeye on .
startups

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/amittell/firewalla-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server