Redis behind FTD performance issue

mahdiasgari · ‎03-01-2021

I have number of servers with Redis Pipeline (redis.io/topics/pipelining) enabled. A FTD is managing routing access between servers like this:

Redis client --->FTD--->Redis Servers

192.168.2.10/24-->192.168.70.33/24

192.168.2.10/24-->192.168.70.34/24

192.168.2.10/24-->192.168.70.35/24

The connectivity of server and client is okay but Something in FTD decrease the Redis Pipeline performance drastically. I tried tcp bypass and fastpath with no success.

Is anyone knows where's the issue

Thanks

ahassan2 · ‎03-02-2021

Hi Mahdi ,

Since you configured mentioned rule in prefilter Policy Fastpass then traffic should be bypassed without any additional inspection .

you can Login on FTD CLI and check :
> show cpu
> system support firewall-engine-debug
Then specify the filter and share it here

Also you need to make sure:
- Avoid discovering 0.0.0.0/0 network
- try to Trust Known Traffic
- Elephant flows (like backup) will contribute to latency

try to follow below link to test performance of your setup :

https://www.digitalocean.com/community/tutorials/how-to-perform-redis-benchmark-tests

mahdiasgari · ‎03-03-2021

Dear Hassan,

Thanks for your kind help. I attached the output of debug command as well as matched ACLs.

As I mentioned before I've used Fastpath to eliminate possible IPS obstacles and I don't have any discovery rule.

I manage to test Redis Pipeline with other vendor's firewall and the results were okay.

I think something in FTD for some reason queue the Pipeline's flow traffic, although I don't use any QoS rule either.

Thanks in advance.