[c-nsp] cat6500/fwsm performance
Tony Varriale
tvarriale at comcast.net
Thu Jun 2 20:23:23 EDT 2011
On 6/2/2011 3:09 PM, Jeff Bacon wrote:
> Hi folks -
>
> So, in an attempt to address some fun issues with NAT I'm having with my
> 6500s, I'm considering resorting to the use of an FWSM as a fancy
> specialized NAT device - call it a complicated hairpin, if you will (one
> VRF is on one side of the FWSM, one is on the other, the VRFs
> communicate with each other via VLANs set to pass through the FWSM,
> which is in transparent mode).
I'm not seeing the NAT or fancy hairpinning in your config below.
> This doesn't seem like it would be such a terribly difficult project,
> but...
>
> I'm seeing round-trip latencies of approx 250us pushing data through the
250 us? I assume you mean ms.
> FWSM, and a relatively ridiculously high rate of packet loss. This is
> just with having the firewall in transparent mode, two hosts on one vlan
> and two hosts on another VLAN bridged via the FWSM, with all inspection
> turned off.
>
> Are these cards _really_ that bad? Or am I missing something really dumb
> and obvious here?
Generally no, they aren't that bad. But it's hard to say what's going
on with the data you presented so far.
tv
More information about the cisco-nsp
mailing list