Understanding Throughput Numbers on ASA5585-X series
I'm in the evalation process to upgrade from an ASA5580, which at peak is handling 5 Gbps download and 2 Gbps upload I want to be sure I'm understanding the numbers on the ASA5585-X data sheet correctly. Looking at the ASA5585-S40 for example, these numbers are listed:
Firewall Througput (Max)
Firewall Througput (Multi-Protocol)
Maximum Firewall Connections
Maximum Firewall Connections/Second
Max Packets per second (64-byte)
The "Maximizing Firewall Performance" presentation at Cisco Live also mentioned a "Real-World Throughput" of 12 Gbps, but I'm not sure how they came to this number.
My questions are as follows:
Is "throughput" the combined inbound and outbound traffic? Would a 8 Gbps download and 2 Gbps upload be considered 10 Gbps throughput, or only 8?
What is "Multi-Protocol" and how does that influence the numbers? If the firewall will only pass tcp/80 with no inspection, what is the throughput?
The 5580 platform has a bus limit of 16 Gbps. Does the 5585-X series have any such limit?
Can't really give any specific information myself.
To my understanding the "Multi-Protocol" section should be value to look when comparing a new devices performance to your current or future network throughtput needs. I'd imagine the Max value is the maximum throughtput the device could "push through" in ideal conditions which would lead to believe that it wouldnt be a good value to use.
Then theres ofcourse VPN and IPS which usually have their own section in the max throughput charts.
But as I said, I'm not really the best person to answer about these questions.
Thought I would still link this document/post/blog I ran into today but havent still read it through. And perhaps I should
Maybe it could be of some help while waiting for an answer from someone.
I've scanned through similar discussions and mostly see chatter that throughput depends on packet size. Well, duh! The link states that the 20 Gbps number for the 5585-40 is with Jumbo frames, so that's good to know. But what I'm really trying to figure out is what the throughput would be for large but non-Jumbo frames, roughly 1200 Bytes. I would guestimate it in the 12-15 Gbps range, but since a need a firewall speced for 14 Gbps, it's really cutting it close.
I think the only way to get at these numbers is lab environment with packet generator, so I can go that route. Just seeing if anyone else has done it already. In a nutshell, I'm trying to fill out charts like this below for the 5585-40.
Community Live Event Video
Are you ready to level up your security? Learn more about how Cisco SecureX can help you simplify your security and maximize operational efficiency.
This event talks about Cisco SecureX, its benefits, features, and usage. Th...
Hi all,I cannot understand why is something working very well they create a way to complicate things in Cisco ASA OS. I have a rule :object network LOCAL_ADRESS1 host 192.168.20.12 nat (VLAN20,outside) source static LOCAL_ADRESS1 interface&...
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. We are now looking to our amazing tech community to check out the amazing line up of bloggers, vloggers and podcasters. Make sure to vote for your favorites...
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....