1721 IOS firewall throughput?

Answered Question
Jan 31st, 2008

How many pps or Mbps cleartext would you expect from a 1721 between the built-in 10/100 port and a 10/100 port on the four-port switch module, using IOS firewall? I've seen numbers for encryption (the unit has VPN bundle), but have no idea how the unencrypted IOS firewall throughput would compare to, say, a 506E.

Any thoughts or links will be much appreciated.

Paul

Correct Answer by Paolo Bevilacqua about 9 years 3 weeks ago

Ok, here it goes now.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Paolo Bevilacqua Thu, 01/31/2008 - 14:16

Here's attached the frequently posted performance sheet.

For FW enabled, subtract a very cautious 30%.

Hope this helps, please rate post if it does!

pnicolette Fri, 02/01/2008 - 12:50

Very helpful, thanks. Just 3 more questions ;-) ...

- do you happen to know whether IOS firewall is process switched on a smaller router?

- should the CEF numbers be seen as a best-case sum for all flows through a router with multiple interfaces, ie fe1<->fe2 PLUS fe3<->fe4?

- why do some models have no listing for process-switched throughput? (hope it's not embarrassment protection!)

Thanks again.

Paolo Bevilacqua Fri, 02/01/2008 - 13:20

Hi, first of all one has to define which FW flavour is used. There is the old one, then evolution of it, now we have zone-based FW..

Anyway the tendency is to have cef switching as long possible. This is also why you see less and less process-switching performance numbers.

Multiple interface routing vs single pair usually subtracts little from the overall.

Thanks for the nice rating and good luck!

pnicolette Fri, 02/01/2008 - 13:59

So for a sanity check...

If a 1721 maxes at 12k pps, assuming an avg packet size of 1000 bytes, then w/8bits/byte it's 96Mbps. So on a full duplex 100Mbps link with the conservative 30% fw derating, and equal traffic in both directions (won't happen!) I might get up to 33Mbps throughput in each direction?

BTW, FWIW, I found a slightly newer version product sheet at http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

...once I knew what to search for.

Actions

This Discussion