I'm in the evalation process to upgrade from an ASA5580, which at peak is handling 5 Gbps download and 2 Gbps upload I want to be sure I'm understanding the numbers on the ASA5585-X data sheet correctly. Looking at the ASA5585-S40 for example, these numbers are listed:
|Firewall Througput (Max)||20 Gbps|
|Firewall Througput (Multi-Protocol)||10 Gbps|
|Maximum Firewall Connections||4,000,000|
|Maximum Firewall Connections/Second||200,000|
|Max Packets per second (64-byte)||6,000,0000|
The "Maximizing Firewall Performance" presentation at Cisco Live also mentioned a "Real-World Throughput" of 12 Gbps, but I'm not sure how they came to this number.
My questions are as follows:
Can't really give any specific information myself.
To my understanding the "Multi-Protocol" section should be value to look when comparing a new devices performance to your current or future network throughtput needs. I'd imagine the Max value is the maximum throughtput the device could "push through" in ideal conditions which would lead to believe that it wouldnt be a good value to use.
Then theres ofcourse VPN and IPS which usually have their own section in the max throughput charts.
But as I said, I'm not really the best person to answer about these questions.
Thought I would still link this document/post/blog I ran into today but havent still read it through. And perhaps I should
Maybe it could be of some help while waiting for an answer from someone.
Maybe some other section of these very forums might have people that could give you more specific answer. Sections which have people participating that have to handle these things in everyday work.
I've scanned through similar discussions and mostly see chatter that throughput depends on packet size. Well, duh! The link states that the 20 Gbps number for the 5585-40 is with Jumbo frames, so that's good to know. But what I'm really trying to figure out is what the throughput would be for large but non-Jumbo frames, roughly 1200 Bytes. I would guestimate it in the 12-15 Gbps range, but since a need a firewall speced for 14 Gbps, it's really cutting it close.
I think the only way to get at these numbers is lab environment with packet generator, so I can go that route. Just seeing if anyone else has done it already. In a nutshell, I'm trying to fill out charts like this below for the 5585-40.
|Packet Size (Bytes)||Max PPS||Throughput (Gbps)|