[c-nsp] cat6500/fwsm performance
Peter Rathlev
peter at rathlev.dk
Thu Jun 2 17:22:23 EDT 2011
On Thu, 2011-06-02 at 15:09 -0500, Jeff Bacon wrote:
> I'm seeing round-trip latencies of approx 250us pushing data through the
> FWSM,
That latency sounds much like what we're seeing, around 300 us.
> and a relatively ridiculously high rate of packet loss.
Two things to keep in mind:
1) Any one flow cannot exceed 1 Gb/s, since the connection to the FWSM
is a 6 port etherchannel.
2) Traffic that cannot be "fast switched" in the firewall will overload
it easily. An iperf UDP session resulted in 30% packet loss @ 300
Mbps here. Fast switched traffic (like regular TCP) is no problem.
> This is just with having the firewall in transparent mode, two hosts
> on one vlan and two hosts on another VLAN bridged via the FWSM, with
> all inspection turned off.
>
> Are these cards _really_ that bad? Or am I missing something really
> dumb and obvious here?
I've only ever used routed mode and have no idea if transparent is
different performance wise.
--
Peter
More information about the cisco-nsp
mailing list