10-16-2014 01:35 AM
We have a cluster of 3 x Ironport S370's all running 7.7.0-753
The throughput is really poor we have a 500Mbps Internet connection which at it's peak is only getting to 120Mbps as the Ironports don't seem to be able to handle the traffic.
The Proxy CPU% is always close to 100% but the overall CPU is usually at no more than 30% at times it can take up to 60 seconds to load the initial page particularly if the site is an HTTPS site.
We have
22 Identities
62 Access policies
6 decryption Policies
Our maintainer says that having this number of Identities / policies should not be an issue but I have my doubts.
Can anyone advise as it's really become a major issue, Output from the rate and status commands are below.
%proxy reqs client server %bw disk disk
CPU /sec hits blocks misses kb/sec kb/sec saved wrs rds
99.00 285 373 1293 1193 26484 21838 17.5 550 100
99.00 286 209 1313 1335 28682 24532 14.5 635 80
99.00 285 182 1323 1359 37083 33529 9.6 1351 0
100.00 231 132 1051 1113 34816 34151 1.9 355 0
98.00 253 161 1171 1195 39668 37236 6.1 1363 0
99.00 294 256 1225 1469 51371 43304 15.7 1117 40
96.00 346 525 1166 1763 31882 23300 26.9 1328 0
98.00 302 228 1258 1534 30385 25565 15.9 1302 0
99.00 295 149 1200 1597 26253 22888 12.8 816 0
98.00 275 199 1020 1536 35237 31443 10.8 838 0
99.00 288 184 1131 1574 35019 26688 23.8 1433 0
99.00 262 116 1073 1437 24744 23228 6.1 1306 0
105.00 307 292 1165 1610 24249 20236 16.6 1061 0
Status as of: Thu Oct 16 08:28:10 2014 GMT
Up since: Wed Oct 15 15:21:19 2014 GMT (17h 6m 51s)
System Resource Utilization:
CPU 28.2%
RAM 82.6%
Reporting/Logging Disk 16.0%
Transactions per Second:
Average in last minute 266
Maximum in last hour 296
Average in last hour 118
Maximum since proxy restart 296
Average since proxy restart 9
Bandwidth (Mbps):
Average in last minute 25.461
Maximum in last hour 49.605
Average in last hour 16.400
Maximum since proxy restart 49.605
Average since proxy restart 1.365
Response Time (ms):
Average in last minute 179
Maximum in last hour 526
Average in last hour 192
Maximum since proxy restart 17710
Average since proxy restart 3165
Cache Hit Rate:
Average in last minute 16
Maximum in last hour 25
Average in last hour 7
Maximum since proxy restart 25
Average since proxy restart 0
Connections:
Idle client connections 1276
Idle server connections 1170
Total client connections 1638
Total server connections 1890
10-16-2014 08:38 AM
If I remember correctly, 7.7 was a dog... they had a bunch of performance issues, especially with adaptive scanning turned on.
Any chance you can go to 8.x?
10-17-2014 03:07 AM
The only update available for our units is 7.7.0 Build 761
I can't see any updates for 8.x
Also there is a BIOS update which has been done but still shows up but apparently this is normal.
I may update one unit to see if it improves the performance.
10-22-2014 08:57 AM
In the release notes it states...
IMPORTANT: During testing of AsyncOS 7.7.0, Cisco observed performance changes ranging from +
33% to - 16%, depending on the model and configuration. Performance degradation risk is limited to
S160 & S360 models and models S370 and S660 that are running the web proxy without security
services. If you experience performance degradation with AsyncOS 7.7.0, Cisco recommends that you
revert to AsyncOS 7.5.x.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide