Cisco Support Community
Community Member

Latency Through a 6500 with FWSM and 2x Contexts

Hi All,

I'd like to get your thoughts on the following please:

We have a Cisco 6509-E running "ipservicesk9_wan-mz.122-33.SXI4a" code and we have an FWSM module within it(WS-SVC-FWM-1). The FWSM is setup to run two contexts, an "inside" context and an "outside" context.

These are the modules within the 6500 chassis:

Mod Ports Card Type                              Model             

--- ----- -------------------------------------- ------------------ ----------------------------------

  1   48  CEF720 48 port 10/100/1000mb Ethernet  WS-X6748-GE-TX    

  2   48  CEF720 48 port 10/100/1000mb Ethernet  WS-X6748-GE-TX    

  5    5  Supervisor Engine 720 10GE (Active)    VS-S720-10G       

  7   48  CEF720 48 port 10/100/1000mb Ethernet  WS-X6748-GE-TX    

  8    6  Firewall Module                        WS-SVC-FWM-1      

Mod  Sub-Module                  Model                     Hw     Status

---- --------------------------- ------------------ ----------- ------- -------

  1  Centralized Forwarding Card   WS-F6700-CFC         4.1    Ok

  2  Centralized Forwarding Card   WS-F6700-CFC         4.1    Ok

  5  Policy Feature Card 3            VS-F6K-PFC3C            1.1    Ok

  5  MSFC3 Daughterboard          VS-F6K-MSFC3        5.0    Ok

  7  Centralized Forwarding Card  WS-F6700-CFC         4.1    Ok

Now add two servers into the mix. One is connected to the "inside" context and the other is connected to the "outside" context.

All network interfaces along the way are set to standard MTU size = 1500bytes and are Gigabit Ethernet.

Running several ping tests between these two servers yields the following ping response times:

1. Test 1 - packet size = 56bytes, average response time = ~0.3ms

2. Test 2 - packet size = 1500bytes, average response time = ~1.4ms

3. Test 3 - packet size = 6000bytes, average response time = ~3.5ms

4. Test 4 - packet size = 10000bytes, average response time = ~4.3ms

Do these response times seem about right or are they a little on the high side? I'm more thinking of the response times for the pings where I have used the larger packet sizes.

Am aware that the switch and FWSM with its MTU set to 1500bytes will start fragmenting the packets. Have seen similar latency for TCP unicast traffic and my thoughts are that the interface when receiving massive size packets is dropping them causing TCP retransmission.

That's my thoughts but would appreciate your thoughts on whether the times I have shown above seem about right or whether it is worthwhile me raising a case with Cisco TAC.

Thanks in advance all


CreatePlease to create content