01-28-2019 03:20 AM - edited 02-21-2020 08:42 AM
Hello,
what ist the throughput per throughput on multicore ASA
Cisco ASA ASA5585-SSP-20 1 CPU 8 Core
when using 10Gbit NICs ? Each flow is handled by one core. Is there a limit per core ?
thanks
Solved! Go to Solution.
01-30-2019 02:25 AM
I asked Andrew Ossipov directly at Cisco Live Barcelona today.
He told me that on an ASA 5585-X (non-Firepower), the single flow throughput limit is 3-4 Gbps (TCP) or 6-8 Gbps (UDP).
01-28-2019 03:53 AM - edited 01-28-2019 03:54 AM
the max throughput for ASA 5585 SSP40 is 20Gbps
Andrew Ossipov did a cisco live have a look BRKSEC-3021
01-28-2019 04:25 AM
yes, the Cisco Live with Andrew Ossipov does some clarification, the question is throughput per flow. So the box have a data-sheet throughput of 5 Gbps and 10Gbit NICs. When there is a service, eg a CIFS file service, when doing exact one transfer over the 5585-SSP20 what is the limit on the flow.
01-28-2019 04:39 AM
I think the best answer we could get is from cisco tac.
01-28-2019 09:30 AM
Are you using the Firepower module? If so, the limiting factor will be that a given flow (5-tuple) is tied to a single Snort process. A Snort process is limited to something like 500 Mbps per instance.
01-29-2019 12:41 AM
No, without Firepower. Simple one TCP connection through ASA in the fastest path.
01-29-2019 01:09 AM
yes it will be in fastest path if it is in stateful inspection entry.
01-30-2019 02:25 AM
I asked Andrew Ossipov directly at Cisco Live Barcelona today.
He told me that on an ASA 5585-X (non-Firepower), the single flow throughput limit is 3-4 Gbps (TCP) or 6-8 Gbps (UDP).
01-30-2019 02:26 AM
nice one Marvin thanks.
01-30-2019 02:36 AM
thank you, Marvin
02-22-2022 02:04 PM
We are opening up a Case with Cisco TAC shortly. We did some performance testing on single nuttcp flows with the Cisco 5585-X and got limited to 2.9 Gb/s for a single TCP Flow. Please advise on your reference on (non-Firepower). We have Model ASA5585-SSP-60 running 9.8(4)40. The SPEC sheet for the 5585-X is 20 Gbps for NON-VPN multi protocol for total throughput , so its odd that a single flow is limited to 2.9Gbps.
Thanks in advance.
02-22-2022 11:13 PM
As I noted in my posting from 30 January 2019, the expected maximum throughput for a single TCP session is 3-4 Gbps. So, if you are getting 2.9 Gbps, I wouldn't expect any more than that. The 20 Gbps number is the expected maximum across multiple sessions/flows, TCP and UDP, from multiple hosts to multiple hosts.
02-28-2022 07:30 AM
Marvin,
Thanks for the response on this. The Cisco TAC didn't provide any definitive SPECS for the ASA 5585X-SSP-60 hardware yet. However, we tested our new FPR9K with SM-56 which should be capable of 10 Gbps on single Flow and only got 6 Gbps. On further review we found that the MSS without it being properly tuned/configured for Jumbo frames is limited to 1380 (1368). By setting it on the FPR9k via the command: sysopt connection tcpmss 0, it allowed a higher MSS of 8948 to take advantage of our 9K Jumbo Frames MTU. We then got over 9 Gbps on the FPR9K. Setting the same sysopt command on the 5585-X with SSP-60 it then boosted the single flow performance to 8 Gbps. All tested with the Nuttcp tool. https://www.nuttcp.net/Welcome%20Page.html and Linux servers with 10Gb NICs.
V/R
02-28-2022 07:30 AM
Marvin,
Thanks for the response on this. The Cisco TAC didn't provide any definitive SPECS for the ASA 5585X-SSP-60 hardware yet. However, we tested our new FPR9K with SM-56 which should be capable of 10 Gbps on single Flow and only got 6 Gbps. On further review we found that the MSS without it being properly tuned/configured for Jumbo frames is limited to 1380 (1368). By setting it on the FPR9k via the command: sysopt connection tcpmss 0, it allowed a higher MSS of 8948 to take advantage of our 9K Jumbo Frames MTU. We then got over 9 Gbps on the FPR9K. Setting the same sysopt command on the 5585-X with SSP-60 it then boosted the single flow performance to 8 Gbps. All tested with the Nuttcp tool. https://www.nuttcp.net/Welcome%20Page.html and Linux servers with 10Gb NICs.
V/R
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide