Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

FWSM througput utilization

I want to monitor the througput on the FWSM.

I have a 6509 and the FSWM is seated in slot 9. From the switch I perform the following:

c06#show etherchannel summary
Flags:  D - down        P - bundled in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator

        M - not in use, minimum links not met
        u - unsuitable for bundling
        w - waiting to be aggregated
Number of channel-groups in use: 8
Number of aggregators:           8

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
278    Po278(SU)        -        Gi9/1(P)   Gi9/2(P)   Gi9/3(P)   Gi9/4(P)
                                 Gi9/5(P)   Gi9/6(P)

I also perform a show fabric:

fsen-6509-c06#show fabric utilization
slot    channel      speed    Ingress %     Egress %
    9          0         8G            2            0


c06#show fabric switching-mode
Global switching mode is Truncated
dCEF mode is not enforced for system to operate
Fabric module is not  required for system to operate
Modules are allowed to operate in bus mode
Truncated mode is allowed, due to presence of CEF720 module

Module Slot     Switching Mode
    9                 Crossbar

c06#show interfaces port-channel 278 counters

Port            InOctets   InUcastPkts   InMcastPkts   InBcastPkts
Po278     268197982372814  533737895426      10610098       3908399

Port           OutOctets  OutUcastPkts  OutMcastPkts  OutBcastPkts
Po278     262326947044907  516912071706     126901667      35732558

Questions:

How do I get some reasonable output into something like mbit/s or gbit/s from the above output.

The specs on the FWSM is 6 Gbps thoughput but what does this mean. Is it 3 Gbps in each direction?

I currently have 3rd party software running which is monitoring port-channel 278. On occasion  see  the sum shoot up over 9 Gbps. How is this possible?

Please clarify how best to determine FWSM throughput.

1 REPLY
Bronze

Re: FWSM througput utilization

you can do:

show firewall module 9 traffic .

it's impossible to get more than 6 gigs, since the fwsm is connected to the cat6k backplane via 6x1gig links. so maximum theoretical throughput is 6 Gbps.

Your snmp might be misinterpreting or miscalculating the values properly. better contact support of that 3rd party vendor.

Note that FWSM is rated at 5.5 Gbps not 6:

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps4452/product_data_sheet0900aecd803e69c3.html

however this is under ideal conditions (large packets, udp, minimal features enabled etc..).

some more info about performance, and tuning the fwsm can be found in another support article:

https://supportforums.cisco.com/docs/DOC-12668

best talk to your cisco sales contact to get more info about performance.

I hope this helps.

Fadi.

1119
Views
0
Helpful
1
Replies
CreatePlease to create content