Data Backups through ASA appliance

Unanswered Question
Mar 14th, 2008
User Badges:

Hi There,

We are currently looking at building out our Data Center to support a managed backup solution for multiple clients. We are currently looking at pushing the backups through a pair of ASA5580-20 appliances, however I have concerns as I haven't had much success with backups through a firewall in the past (albeit much smaller firewalls). Has anyone/Is anyone doing this now? Do you current see any performance degradation? What platform are you using? Thanks for your help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Sat, 03/15/2008 - 18:44
User Badges:
  • Silver, 250 points or more

I setup a pair of IBM 3650s Servers running

in Checkpoint Firewall NGx R65 in Active/Active ClusterXL unicast mode. We have about 10 customers behind this pair of firewall for managed backup solution. Each

customer has copper Gig to the firewall and

that the main connection to the veritas backup is a 10GB interface on the firewall.

The ibm Server is dual processors with

quad-core processors 3.16Ghz with 4GB RAM.

Throughput is excellent.

I am not sure the ASA 5580 can provide

the throughput you are looking for. You

may want to look at FWSM.

CCIE security

richardfinnie Sun, 03/16/2008 - 12:44
User Badges:

What type of throughput do you recieve? The 5580 is rated at 5Gbps real-world and 10Gbps jumbo frames, and I have done some throughput tests on various other platforms and have not seen these types of results.

richardfinnie Sun, 03/16/2008 - 12:46
User Badges:

Yes, I have read all the marketing fluff, however I have learned by experience that this doesn't translate into real world results. I am looking for people currently doing this with this platform or another platform and what their experiences are.

jefanell Sun, 03/16/2008 - 19:28
User Badges:
  • Cisco Employee,

The 5580 is a new product, so you'll likely not immediately find folks able to type a reply here indicating a successful deployment in this scenario.

That said, the 5580 is positioned for, among other roles, precisely the deployment you are looking at. I can confidently recommend this solution, assuming the bandwidth requirements are a match. The 5580 was tested with various traffic types and loads, consistent with your intended use. I would recommend 10Gb interfaces if you want to achieve 1Gb+ throughput for a given flow.

cisco24x7 Sun, 03/16/2008 - 19:38
User Badges:
  • Silver, 250 points or more

"The 5580 was tested with various traffic types and loads, consistent with your intended use."

If I understand you correctly, I can setup a

couple of IBM 3560 Servers, dual Intel

quad-core 3.16Ghz processors with 8GB RAM,

with 10Gb interface on the servers, running

Gentoo Linux. If I place an ASA 5580 between

these two servers and test the throughput

through the ASA 5580 with IPerf, I can

achieve 1Gb+ throughput for a given flow?

This to me is a real-world scenario. Most

of the times, testing by vendors come from

smartbit, which throw a lot udp traffics

through the device and declare a success.

Does Cisco test the ASA 5580 with Spirent

Web Avalance and Web reflector?

jefanell Sun, 03/16/2008 - 19:51
User Badges:
  • Cisco Employee,

Yes. I would recommend you contact your local Cisco sales team, i'm sure my local counterpart would be happy to bring an evaluation unit on site to confirm your requirements before purchase.

Warm regards..


This Discussion