About "show perfmon" command

e.l · ‎11-06-2002

Dear All,

Does anyone know what are the upper limit of the following numbers when we do "show perfmon" ? For example if the "xlates" current is "100000/s" than the PIX has reach the upper limit of its performance, and that is the time to upgrade the hardware (memory upgrade, etc).

The goal is to monitor the PIX performance, and fine tuning it before its reach the upper limit. Any experience with PIX 515 would be very appreciated.

pixfirewall# sh perfmon

PERFMON STATS: Current Average

Xlates 0/s 0/s

Connections 0/s 0/s

TCP Conns 0/s 0/s

UDP Conns 0/s 0/s

URL Access 0/s 0/s

URL Server Req 0/s 0/s

TCP Fixup 0/s 0/s

TCPIntercept 0/s 0/s

HTTP Fixup 0/s 0/s

FTP Fixup 0/s 0/s

AAA Authen 0/s 0/s

AAA Author 0/s 0/s

AAA Account 0/s 0/s

Best Regards,

Engel

steve.barlow · ‎11-06-2002

I don't have exact numbers for you but I will give it a go.

Here is a link regarding perfom stats: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009491c.shtml#perf

As for the capabilities of the 515E, it can provide 125,000 simultaneous sessions and 188 Mbps of clear text throughput (63 Mbps 3DES). I believe these are the numbers that really matter. You can baseline performance times/throughput on the PIX and if performance starts to slide look to increasing memory (64 MB is the max on the 515E I think) or change the PIX itself as there is a limit on what it can handle. To help baseline look into a tool called QCheck by NetIQ (measure throughput and times) and another called MRTG (grabs MIBs).

Hoep it helps.

Steve

e.l · ‎11-06-2002

Hi,

Thanks for the information and pointing to the URL. Will try the QCheck tool to test the PIX.

Best Regards,

Engel