Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

1721 IOS firewall throughput?

How many pps or Mbps cleartext would you expect from a 1721 between the built-in 10/100 port and a 10/100 port on the four-port switch module, using IOS firewall? I've seen numbers for encryption (the unit has VPN bundle), but have no idea how the unencrypted IOS firewall throughput would compare to, say, a 506E.

Any thoughts or links will be much appreciated.

Paul

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Gold

Re: 1721 IOS firewall throughput?

Ok, here it goes now.

5 REPLIES
Hall of Fame Super Gold

Re: 1721 IOS firewall throughput?

Here's attached the frequently posted performance sheet.

For FW enabled, subtract a very cautious 30%.

Hope this helps, please rate post if it does!

Hall of Fame Super Gold

Re: 1721 IOS firewall throughput?

Ok, here it goes now.

New Member

Re: 1721 IOS firewall throughput?

Very helpful, thanks. Just 3 more questions ;-) ...

- do you happen to know whether IOS firewall is process switched on a smaller router?

- should the CEF numbers be seen as a best-case sum for all flows through a router with multiple interfaces, ie fe1<->fe2 PLUS fe3<->fe4?

- why do some models have no listing for process-switched throughput? (hope it's not embarrassment protection!)

Thanks again.

Hall of Fame Super Gold

Re: 1721 IOS firewall throughput?

Hi, first of all one has to define which FW flavour is used. There is the old one, then evolution of it, now we have zone-based FW..

Anyway the tendency is to have cef switching as long possible. This is also why you see less and less process-switching performance numbers.

Multiple interface routing vs single pair usually subtracts little from the overall.

Thanks for the nice rating and good luck!

New Member

Re: 1721 IOS firewall throughput?

So for a sanity check...

If a 1721 maxes at 12k pps, assuming an avg packet size of 1000 bytes, then w/8bits/byte it's 96Mbps. So on a full duplex 100Mbps link with the conservative 30% fw derating, and equal traffic in both directions (won't happen!) I might get up to 33Mbps throughput in each direction?

BTW, FWIW, I found a slightly newer version product sheet at http://www.cisco.com/web/partners/downloads/765/tools/quickreference/routerperformance.pdf

...once I knew what to search for.

351
Views
0
Helpful
5
Replies
CreatePlease login to create content