03-03-2015 04:53 AM - edited 03-11-2019 10:35 PM
I have one doubt, do I have to clear the interface statistcis "clear traffic" and then take the output of "show traffic" or its to take without clearing the traffic.
Below chart displays the throughput calculated without clearing the traffic rates - clear interfaces.
And this shows that ASA 5540 supports upto 650Mbps.
As per the calculation, 1 min average is 930 Mbps and 5 mins average is 765 Mbps - all calculated in bits per second.
Please confirm on this.
Interfaces | 1 min rate | 5 min rate |
GigabitEthernet0/0 input rate | 58185440 | 47736515 |
GigabitEthernet0/0 output rate | 3197278 | 2663940 |
GigabitEthernet0/1 input rate | 1728440 | 1430846 |
GigabitEthernet0/1 output rate | 56629199 | 46081438 |
GigabitEthernet0/2 input rate | 737171 | 727164 |
GigabitEthernet0/2 output rate | 1239878 | 1421490 |
GigabitEthernet0/3 input rate | 146469 | 115973 |
GigabitEthernet0/3 output rate | 147639 | 124430 |
Total in bytes | 122011514 | 100301796 |
in MB | 116.3592472 | 95.65524673 |
in Mbps | 930.8739777 | 765.2419739 |
ASA 5540 supports | Up to 650 Mbps |
03-03-2015 10:37 AM
I think your calculation is wrong. You can't summ up all input and output rates because with that you counted all traffic twice.. If you sum up all input *or* output rates you get what your ASA is processing. And that is about 384 MBit/s on the 5 Min. interval.
03-04-2015 11:45 PM
Hi Karsten,
Your comments contradicts with the below thread posted by me long back.
https://supportforums.cisco.com/discussion/11542616/device-throughput
Could you please confirm me the exact procedure to get the current throughput of an ASA firewall.
03-05-2015 02:24 AM
Just think about the following scenario:
PC1 ---100M --- ASA --- 100M --- PC2
Now you send a constant UDP-stream that fully saturates the Link from PC1 to PC2. In your calculation you would have a throughput of 200 MBit/s (100 incoming on one interface, 100 outgoing on the other interface).
03-05-2015 04:55 AM
I got your point.
But kindly look into the below threads as well.
https://supportforums.cisco.com/discussion/11359916/throughput-across-asa
Assume firewall has 3 interfaces. So according to you, it must be either the sum of all inbound traffic (1 minute interval) or the sum of all outbound traffic (1 minute interval), or the biggest of inbound or outbound.
I think this should be the one best practice to calculate the current throughput of the ASA firewall or any other device.
Please correct me if I am wrong.
03-18-2015 02:12 AM
Hi Karsten,
Could you revert - this is a one time doubt. So far we were doing wrong calculation..!! You reply to my previously posted comments are appreciated.
03-18-2015 02:29 AM
I was hoping that someone else would jump in with some additional insight. I know that your calculation is also done, but up to now I only knew it from marketing-slides. I still think that you only can sum up all inbound *or* all outbound rates.
06-14-2019 12:01 AM
I hope I'm meeting your hope after almost 4 years this thread was quiet :)
It's the first time I write on community forum and it's only because we just had a discussion around ASA VPN throughput internally. I fully agree with you that summing up traffic from all interfaces makes no sense. So my suggestion would be to divide ASA's VPN throughput into 2 categories:
Management traffic is usually negligible and is not interesting, but if someone needs, can also add a calculation for that.
If you're using ASA as a firewall without any additional encryption on Outside interface, then summary of traffic on Inside interfaces would be enough.
Best regards, Pavel.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide