Re: Network throughput ngfw

adeebtaqui · ‎12-14-2020

Hi, can anyone advice me about how to get overall throughput or bandwidth of a customer network to to verify if my proposed ngfw 2130 with 10g uplink is able to match network overall bandwidth or throughput through one 10g link between network anf fw

Is there any cisco tool?

Rob Ingram · ‎12-14-2020

Hi @adeebtaqui

If you are a partner you can access the NGFW Performance Estimator tool https://ngfwpe.cisco.com/ select the bandwidth and which features will be used (VPN, URL Filter, SSL etc) and it will tell you which hardware will be suitable.

HTH

Mohammed al Baqari · ‎12-14-2020

Hi,

You need to have a netflow monitor running on the network to be able to get
usage reports. Run it for a week or two to get good estimates. You should
avoid holiday seasons.

**** please remember to rate useful posts

adeebtaqui · ‎12-15-2020

Please advise if below method ok.

I am planning to use Cisco partner-PRTG monitoring tool which can give in/out traffic in bps, so we can apply switch port analyser on the customer's 6506E 10G port receiving traffic from downlink network using span config and monitor by connecting monitoring software(laptop) to another RJ45 port on 6506E.

Cisco SPAN to be configured on 6506E with source as the port receiving traffic from ring ie Te1/0/1 and then one port as destination connecting to workstation with PRTG tool installed.

On switch , we can also use show interface summary/detail, ip accounting or traffic to all get an idea about port traffic.

Mohammed al Baqari · ‎12-16-2020

Hi,

I think this is complicated. If you configure netflow forwarder to your
PTRG it will work. No need to capture network traffic using SPAN. This can
expose sensitive information depending on what is passing over the network.

**** please remember to rate useful posts

adeebtaqui · ‎12-16-2020

Is it possible to configure netflow forwarder on 6506?

Mohammed al Baqari · ‎12-16-2020

Depending on the IOS version and MSFC card. If you have MSFC3
installed then yes. If you use it as L2 with PFC only, as far as I know, No.

You can post this in the switching community to get better answers.

**** please remember to rate useful posts

adeebtaqui · ‎12-17-2020

Hi Mohammed,

Below is the interface details that uplinks to core switch.

So I need to calculate from this port's output traffic the traffic throughput as this port would be connected to NGFW.

Please advise what is the calculation or throughput?

5 minute output rate 111384000 bits/sec, 13311 packets/sec

TenGigabitEthernet1/1 is up, line protocol is up (connected)
Hardware is C6k 10000Mb 802.3, address is 001c.588e.ed40 (bia 001c.588e.ed40)
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
reliability 255/255, txload 2/255, rxload 6/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 10Gb/s
input flow-control is off, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:03, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/5/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 272363000 bits/sec, 33282 packets/sec
5 minute output rate 111384000 bits/sec, 13311 packets/sec
52616931742 packets input, 57009860758592 bytes, 0 no buffer
Received 49967471114 broadcasts (2435189373 multicasts)
0 runts, 0 giants, 0 throttles
5 input errors, 2 CRC, 2 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
21730980537 packets output, 24225933950828 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out