cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1329
Views
5
Helpful
2
Replies

Firepower performance issues for 2017 NSS report

peter.cheng
Level 1
Level 1
Hello, Is there anyone who can have a better explanation about the performance downgrade issue in the 2017 NSS report? In the report, all the other vendors' product has fewer downgrade performance; but for Cisco FP 4110, the performance downgrade from 10G as it claimed to 2.5 Gbps (NSS test result). Thanks a lot.
2 Replies 2

Oliver Kaiser
Level 7
Level 7

There could be various reasons as to why the performance is measured at 2.5Gbps by NSS Labs. According to their testing methodology (v 7.0) they are using traffic generators that will do various src/dst ip/port variations but I could not figure out the exact numbers. 

 

Since Firepower load balances traffic across multiple snort (ips) instances the result could be like that because of sub-optimal load balancing due to insufficient number of variations in the test traffic. The datasheet numbers are basically the max performance if traffic is evenly distributed to all snort instances... so the maximum throughput of a single flow = [datasheet-throughput] / [snort-instances].

 

Another reason could be bugs in 6.1.0.1 that lead to performance degradation. If you seek a more detailed reason you would have to contact cisco or buy the nss labs report that might go into more details.

 

Hope that helps. 

 

kind regards

Oliver

Can we have a valid explanation from Cisco for this huge performance degradation in FTD 4110. 

Review Cisco Networking for a $25 gift card