Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Ironport System Performance

Hello,
Just wondering if anyone is noticing that after each upgrade they do of AsyncOS, the performance of the system goes down and down.

We have been running our C60s for 1 1/2 years, starting with the 3.8 build of AsyncOS.

After this last build (4.5.5) we are averaging over 70 percent on our CPU's.

We process about 30,000 inbound connections per hour, which is well below the 140,000 advertised that the box can handle.

We are not running anything strange... no content scans, no dictionary matches. Just your basic file attachment blocking, AV and Antispam.

Thanks!

18 REPLIES
Community Member

Re: Ironport System Performance

Our C60s are very quiet compared to yours.

In the GUI - under Monitoring/System Status/Guages where is all the CPU going?

Ours have been steady at 16-20% - initially it was higher but due to a Brightmail CPU ineffeciency which was resolved about a year ago.

Community Member

Re: Ironport System Performance

So you guys process 30,000 messages per hour at 20% CPU? If so, that's pretty good...

Do you have everything turned on? VOF, Brightmail, Sophos, Filters, etc...

Community Member

Re: Ironport System Performance

No, we process about 5000/hour now per C60.

We used to process more but we have LDAPACCEPT in the SMTP conversation for some of our more popular domains. Plus we ditched a bunch of domains and turned them into Brightmail probes.

We have BMAS, VOF, Sophos plus some message and content filters.

Community Member

Re: Ironport System Performance

So do you think it was LDAPaccept that is causing the biggest performance hit? Could it be due to LDAP cache rollover? How big has anyone set the LDAP cache size? Ours it set to 300,000. I have not real way to know if I should make it larger or if that would make any difference?

- Erich

Community Member

Re: Ironport System Performance

I think LDAPACCEPT improves performance overall by throwing away email to invalid addresses before the content engines have to look at it.

Community Member

Re: Ironport System Performance

So do you think it was LDAPaccept that is causing the biggest performance hit?  Could it be due to LDAP cache rollover?  How big has anyone set the LDAP cache size?  Ours it set to 300,000.  I have not real way to know if I should make it larger or if that would make any difference?

- Erich


How did you get 300K from?

What happens with default setting which is: 10K of Maximum Retained Cache Entries (I'm Using c600)?

LDAPaccept sounds to be reasonable for impacting the performance, but we don't know for sure how to measure it.

Community Member

Ip System Performance after 5.1 upgrade

We have noticed a decrease in the responsiveness of our C600's since we upgraded to AsyncOS 5.1.0-314. Anyone else seen any performance issues after upgrading to v5.1? We are seeing CPU utilization get and hover above 80% (with most being used by the AntiSpam engine), and the CLI and GUI are both slow to respond.

We currently run LDAP Accept at SMTP, MSG Filters for attachment dropping, IPAS, SOPHOS, Content Filters. None of our filters are overly complex, and we were not seeing this issue prior to the last upgrade. Just wondering if anyone else has seen the same behavior.

Community Member

Re: Ironport System Performance

The CPU utilization per cent value is not really a absolute truth of appliance workload. In the version 4.7 the way how it is calcuated were changed resulting it to report sometimes over 100% values.

In knowledge base answer #559 IronPort say: "Please note that a significant increase in CPU utilization does not necessarily reflect a change in your Appliance's actual CPU utilization; rather, this may be the result of the change in the way we calculate and report the CPU utilization."

and

"In a future AsyncOS version, IronPort will be making further changes to the way in which the Appliance calculates and reports CPU utilization"

So, the CPU utilization values are comparable only between same AsyncOS versions

Community Member

Re: Ironport System Performance

The CPU stat are not really a value to look to see the load. Those values are snapshots taken every 60 seconds.

And those values as said don't compare well between version.

Community Member

Re: Ironport System Performance

If the GUI and CLI are slow to respond, I think that is a good indicator that there is a performance issue no matter what the CPU level indicates.

Has anyone else noticed similair problems after upgrading to AsyncOS 5.1.0-314?

Could this be caused by the reporting level configured on a busy appliance?

reportingconfig
Choose the operation you want to perform:
- MAILSETUP - Configure reporting for the ESA.
[]> mailsetup

SenderBase timeout used by the web interface: 5 seconds
Sender Reputation Multiplier: 3
The current level of reporting data recording is: unlimited
No custom second level domains are defined.


Choose the operation you want to perform:
- SENDERBASE - Configure SenderBase timeout for the web interface.
- MULTIPLIER - Configure Sender Reputation Multiplier.
- COUNTERS - Limit counters recorded by the reporting system.
- THROTTLING - Limit unique hosts tracked for rejected connection reporting.
- TLD - Add customer specific domains for reporting rollup.
[]> counters

1. Unlimited reporting data.
2. Minimally limited reporting data.
3. Moderately limited reporting data.
4. Severely limited reporting data.
Choose the level of reporting system limitation:
[1]>

Community Member

slowing performance

our C10 are going to unuseable(GUI, CLI, SPAM Quarantine)) after update to 5.1 -0314. I put a call to IP support and he said that the only solution is to lower the reportinglevel in mailsetup.
I did it and everythimg goes fine now. But in fact you loose the onlinereporting. However in the log supscriptions is everything available.

Community Member

performance

That doesn't sound good. I've been holding back on my upgrade since reading this thread. What levels did you try and what did you end up using?

Community Member

slowing performance

at this moment I running with the lowest level of reporting (4). This is now, how it was before the update to 5.0.

I had spoken to my sales accountant at Ironport, and he promised me, to give me a new C150 if this hardware available. However I would have to pay some money for this new hardware :twisted:

Community Member

performance

Did you change the default values for listeners "Timeout for Unsuccessful Inbound Connections" and "Total Time Limit for All Inbound Connections" to a lower level than the default?

Changing these values lowered the number of concurrent connections the appliance is dealing with on our systems. Not sure if this makes the appliance run any better, but incoming connections that are not going to deliver an email properly are dumped a lot sooner.

1230
Views
0
Helpful
18
Replies
CreatePlease to create content