cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1213
Views
5
Helpful
3
Replies
Highlighted
Contributor

Understanding Throughput Numbers on ASA5585-X series

I'm in the evalation process to upgrade from an ASA5580, which at peak is handling 5 Gbps download and 2 Gbps upload I want to be sure I'm understanding the numbers on the ASA5585-X data sheet correctly. Looking at the ASA5585-S40 for example, these numbers are listed:

StatisticValue
Firewall Througput (Max)20 Gbps
Firewall Througput (Multi-Protocol)10 Gbps
Maximum Firewall Connections4,000,000
Maximum Firewall Connections/Second200,000
Max Packets per second (64-byte)6,000,0000

The "Maximizing Firewall Performance" presentation at Cisco Live also mentioned a "Real-World Throughput" of 12 Gbps, but I'm not sure how they came to this number.

My questions are as follows:

  1. Is "throughput" the combined inbound and outbound traffic? Would a 8 Gbps download and 2 Gbps upload be considered 10 Gbps throughput, or only 8?
  2. What is "Multi-Protocol" and how does that influence the numbers? If the firewall will only pass tcp/80 with no inspection, what is the throughput?
  3. The 5580 platform has a bus limit of 16 Gbps. Does the 5585-X series have any such limit?
3 REPLIES 3
Highlighted
Contributor

Anyone?

I understanding the "real world" throughput is based mostly on packet size, but is it a single direction number or combined input and output?

Highlighted

Hi,

Can't really give any specific information myself.

To my understanding the "Multi-Protocol" section should be value to look when comparing a new devices performance to your current or future network throughtput needs. I'd imagine the Max value is the maximum throughtput the device could "push through" in ideal conditions which would lead to believe that it wouldnt be a good value to use.

Then theres ofcourse VPN and IPS which usually have their own section in the max throughput charts.

But as I said, I'm not really the best person to answer about these questions.

Thought I would still link this document/post/blog I ran into today but havent still read it through. And perhaps I should

Maybe it could be of some help while waiting for an answer from someone.

https://supportforums.cisco.com/community/netpro/security/firewall/blog/2011/06/16/revisiting-firewall-performance-parameters

Maybe some other section of these very forums might have people that could give you more specific answer. Sections which have people participating that have to handle these things in everyday work.

- Jouni

Highlighted

I've scanned through similar discussions and mostly see chatter that throughput depends on packet size.  Well, duh!   The link states that the 20 Gbps number for the 5585-40 is with Jumbo frames, so that's good to know.  But what I'm really trying to figure out is what the throughput would be for large but non-Jumbo frames, roughly 1200 Bytes.  I would guestimate it in the 12-15 Gbps range, but since a need a firewall speced for 14 Gbps, it's really cutting it close.

I think the only way to get at these numbers is lab environment with packet generator, so I can go that route.  Just seeing if anyone else has done it already.  In a nutshell, I'm trying to fill out charts like this below for the 5585-40.

Packet Size (Bytes)Max PPSThroughput (Gbps)
9000277,77720
1500
1200
512
645,000,0002.56
Content for Community-Ad