C300 box sizing -performance

Unanswered Question
Jul 2nd, 2007

Hi

Is there anyone who can advice regarding ,how many msg/min /hour -i can reach with this machine without getting a long delays .

I need to know few parameters since i want to tell applications that send mail through the box how to behave .

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jbivens_ironport Tue, 07/03/2007 - 14:02

Yanir,

So first things first, what features do you have enabled? (Brightmail, IronPort AntiSpam, Sophos, VOF, etc. etc.)

Any idea of what your average message size is? (You can get this information with utilities like spamtowho)

Sincerely,

Jay Bivens
IronPort Systems

yanir_ironport Tue, 07/03/2007 - 15:17

Hi

I have ipas anti spam enabled _sophos anti virus enabled

my avarage msg per hour is around 5000msg

how can i know my -is there any statistics form the box itself ?

Yanir

Doc_ironport Thu, 07/05/2007 - 06:43


how can i know my -is there any statistics form the box itself ?
Yanir


You can get CPU, memory and disk stats from the box by going to Monitor -> System Status in the web GUI or by running "status detail" from the CLI.

These same numbers are also available via the SNMP, or XML (http://boxname.domain.com/xml/status )

Scott.
jbivens_ironport Thu, 07/05/2007 - 15:57

Yanir,

Keep in mind that they below comments are related to messages through the e-mail pipeline. The below performance data is only measuring the messages that make it through Senderbase, so if you get 5K message per hour but 3K are blocked by Senderbase then you would only be talking about 2K messages through the pipeline.

So in general when IronPort performs performance testing we do it with varying message sizes but the average always comes out to 15 KB. So my rule of thumb (and your mileage my vary) is that a C300 can handle ~500K messages a day (which covers peak message volume hours) and this number is really for inbound messages getting Anti-Spam and Anti-Virus scanned (assuming you don't so IronPort Anti-Spam scanning for outbound messages (read relay)). Technically the inbound system volume for an hour will top out at ~25K messages per hour but that's based on the average message size of 15 KB. You can pretty much count that if the average message size is 45 KB that your max volume will top out at ~8K messages.

Traditionally the IronPorts are configured to perform Anti-Virus scanning for outbound messages in which case the performance numbers are around 40K per hour.

So with all that said, if you stick the performance numbers listed above you should be able to have a system processing mail with no delays.

Sincerely,

Jay Bivens
IronPort Systems

yanir_ironport Sun, 07/08/2007 - 15:59

Hi

when looking at monitor--system overview-Incoming Messages per hour

is it concludes the just the incoming msg -from public listeners ?

looking at incoming and outgoing mail summary -i can figure out how many msg went throgh the box .

is there any other statistics i can use ?

Yannir

bfayne_ironport Sat, 07/14/2007 - 19:49

If you want to do your own benchmarks, two programs that I have used have given me results that ended up very close to what I see with real-world email.

http://www.slamd.com/ (great for LDAP testing)
http://www.coker.com.au/postal/

Postal is a great program and will generate completely random bodies. It gives IPAS a really hard time and very few messages will come up positive. You can then just measure the output and that is usually very close to what you will see in production.

The best way however, is to get a corpus of your own emails, maybe 100k - 250k and shove them at an Ironport. Don't let the workqueue backlog get too high unles you want to test worst-case mail flow as a backed-up workqueue can have a bit of a performance impact.

There is a program called formail (comes with procmail) that can be used to redeliver mbox format into sendmail.

Try this as a command line
formail -s /usr/sbin/sendmail -v -t -oiee < mbox

If you try it with real addresses, be very sure that you either send the mail to an SMTP sink or have a /dev/null SMTP route on your Ironport appliance or you will risk spraying mail all over the place. Very hard to clean up.


That should be enough to get pointed in the right direction.

All the performance testing that I have ever done has been with large Ironports (C60, C650, X1050) so be nice to your C10s.

I realize that all of the above doesn't really help someone who wants to benchmark using a windows box as a source. Fit the tool to the job, not the job to the tool. :)

jbivens_ironport Thu, 09/27/2007 - 14:44

-C150 ~150,000 a day
-C350 ~1,000,000 a day
-C650 ~2,000,000 a day

Generally the performance was doubled for the C350 and C650 and almost doubled for the C150. These are just my estimates based on some production performance, of course these volumes can vary based on items like the number of TCP connections etc. etc. Of course these numbers are based on every feature turned on.

Sincerely,

Jay Bivens
IronPort Systems

Eisenhafen Thu, 09/27/2007 - 13:05

Hello,

could someone give me an estimate for the current hardware for max. mgs/minute or /day? All features enabled.
-C150
-C350
-C650
How much is the increase compared to the C100/C300/C600?

jbivens_ironport Tue, 10/02/2007 - 14:28

Mark,

Actually you are incorrect, these numbers are with all the features turned on and I see it on a frequent basis. As stated the milage will vary based on other factors like DNS performance, TCP concurrent connections, % of TCP connections rejected, and if a Hardware Load Balancer is being utilized. Besides that these numbers should be on the money if the device is configured correctly and there isn't excessive amounts of custom filters running.

Maybe a key note, I consider these numbers to be maximums meaning that the system will probably show message build up in the work queue and maxed out CPU. Don't expect the systems to run at 50% CPU at these levels.

Sincerely,

Jay Bivens
IronPort Systems

jbivens_ironport Wed, 10/03/2007 - 13:53

How funny, I was wondering why you would say that, and I thought did he see per day... :^)

Sincerely,

Jay Bivens

kurceitpro_ironport Tue, 09/09/2008 - 08:23

-C150 ~150,000 a day 
-C350 ~1,000,000 a day
-C650 ~2,000,000 a day

Generally the performance was doubled for the C350 and C650 and almost doubled for the C150. These are just my estimates based on some production performance, of course these volumes can vary based on items like the number of TCP connections etc. etc. Of course these numbers are based on every feature turned on.

Sincerely,

Jay Bivens
IronPort Systems


Helo Jay Bivens, about your statement above, I want to ask u about that. What about the performance of the appliance (C150, C350, C650) when we calculate for Message Per Hour (MPH)? Can I say :
C150 ~ 7,500 MPH
C350 ~ 50,000 MPH
C650 ~ 100,000 MPH
Is that my assumption correct?
And what about the performance of X1050, when we calculate in MPH?

Thanks a lot.
Sincerely,

Kurniawan
jbivens_ironport Tue, 09/09/2008 - 15:14


Helo Jay Bivens, about your statement above, I want to ask u about that. What about the performance of the appliance (C150, C350, C650) when we calculate for Message Per Hour (MPH)? Can I say :
C150 ~ 7,500 MPH
C350 ~ 50,000 MPH
C650 ~ 100,000 MPH
Is that my assumption correct?
And what about the performance of X1050, when we calculate in MPH?


The numbers that you're quoting are closer to the Anti-Spam performance numbers and one thing to keep in mind that is that it's based on a 15KB message size with is probably a good message size without Senderbase block but when you start blocking with Senderbase your average message size usually goes up to something like 49-60 KB which means that performance will go down proportionally to that size (with regards to MPH).

Now using the Anti-Spam number is really the best performance gauge because by an large it's the slowest of all the engines however one thing that seems to be creeping into the performance equation (and there really little data to gauge it) is content scanning for compliance (i.e. credit card numbers, social security numbers, etc) and the other variable is going to be TCP connections. Just recently I was at a customer who was hit with a Bounce Blow Back attack on such a scale that it they were literally 10x their normal volume of 5M messages a day so it was quite large and the TCP overhead created a large CPU MTA burden. So just keep this in mind because for small customers TCP really doesn't matter in most cases however in larger accounts (especially ISPs) you need to account for it.

With regards to the 1050 the number is ~250,000 MPH on the spam side.

Sincerely,

Jay Bivens
IronPort Systems
steven_geerts Mon, 09/15/2008 - 22:45

Hello,

We had an incident last day that caused 2 of our incoming C650 to be unreachable from the internet (this was a firewall problem, not an Ironport problem :twisted: .)

The interesting thing about this was that we had to process the majority of our incoming mail on one C650. We have another C650 processing our outgoing mail that is also in the MX records with a lower preference, that device catches always some spam from the internet.

The incident showed us that the one C650 "just" can handle the complete load with only little delays (we measured no delays longer that 10 minutes). I think that we have touched the boundaries of the performance of the device today and I would like to share the details with you.

If you copy and past the SNIP data below into Excel you get an idea of the load we processed on one device during the incident.

We run CASE, Sophos and Reputation filter on the box, we do not use LDAP and have an external (high speed) caching DNS.

Enjoy!

Steven





******SNIP******
Begin Timestamp,End Timestamp,Begin Date,End Date,Stopped by Reputation Filtering,Stopped as Invalid Recipients,Spam Detected,Virus Detected,Stopped by Content Filter,Clean Messages
1221462000.0,1221465599.0,2008-09-15 07:00 GMT,2008-09-15 07:59 GMT,120319,10,2353,4,89,23377
1221465600.0,1221469199.0,2008-09-15 08:00 GMT,2008-09-15 08:59 GMT,131761,23,2888,7,178,30281
1221469200.0,1221472799.0,2008-09-15 09:00 GMT,2008-09-15 09:59 GMT,98428,11,2613,7,95,30546
1221472800.0,1221476399.0,2008-09-15 10:00 GMT,2008-09-15 10:59 GMT,103656,13,3275,2,142,24549
1221476400.0,1221479999.0,2008-09-15 11:00 GMT,2008-09-15 11:59 GMT,124044,2,3631,2,223,25648
1221480000.0,1221483599.0,2008-09-15 12:00 GMT,2008-09-15 12:59 GMT,129838,5,3538,5,103,28427
1221483600.0,1221487199.0,2008-09-15 13:00 GMT,2008-09-15 13:59 GMT,130242,5,3108,1,66,12390
******END SNIP*****

SJensen_ironport Sun, 10/05/2008 - 21:24

-C150 ~150,000 a day 
-C350 ~1,000,000 a day
-C650 ~2,000,000 a day

Generally the performance was doubled for the C350 and C650 and almost doubled for the C150. These are just my estimates based on some production performance, of course these volumes can vary based on items like the number of TCP connections etc. etc. Of course these numbers are based on every feature turned on.

Sincerely,

Jay Bivens
IronPort Systems


Hi Jay

Do you have any performance numbers on the new X1060 and C660 boxes?

Best,
Steen.

Actions

This Discussion