03-01-2021 05:11 AM
I have number of servers with Redis Pipeline (redis.io/topics/pipelining) enabled. A FTD is managing routing access between servers like this:
Redis client --->FTD--->Redis Servers
192.168.2.10/24-->192.168.70.33/24
192.168.2.10/24-->192.168.70.34/24
192.168.2.10/24-->192.168.70.35/24
The connectivity of server and client is okay but Something in FTD decrease the Redis Pipeline performance drastically. I tried tcp bypass and fastpath with no success.
Is anyone knows where's the issue
Thanks
03-02-2021 05:38 AM
Hi Mahdi ,
Since you configured mentioned rule in prefilter Policy Fastpass then traffic should be bypassed without any additional inspection .
you can Login on FTD CLI and check :
> show cpu
> system support firewall-engine-debug
Then specify the filter and share it here
Also you need to make sure:
- Avoid discovering 0.0.0.0/0 network
- try to Trust Known Traffic
- Elephant flows (like backup) will contribute to latency
try to follow below link to test performance of your setup :
https://www.digitalocean.com/community/tutorials/how-to-perform-redis-benchmark-tests
03-03-2021 12:38 AM
Dear Hassan,
Thanks for your kind help. I attached the output of debug command as well as matched ACLs.
As I mentioned before I've used Fastpath to eliminate possible IPS obstacles and I don't have any discovery rule.
I manage to test Redis Pipeline with other vendor's firewall and the results were okay.
I think something in FTD for some reason queue the Pipeline's flow traffic, although I don't use any QoS rule either.
Thanks in advance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide