LTLnetworker | IT hálózatok, biztonság, Cisco

               IT networks, security, Cisco

ASA throughput depends on port location

Posted by ltlnetworker on January 25, 2011

I can hardly believe my own test results. I’m making performance tests with ASA 5550 (the one with a factory-installed 4GE module) and there is an interface pair where throughput is smaller than on other pairs.

I’m testing with iperf set to TCP and unidirectional (client-to-server, the default). I have a couple of zones and 8 physical ports. The throughput can reach 920..950 Mbit/s (provided you have two linux laptops or servers) between any two interfaces…if they are not on the same card. (One card is the mainboard itself and the other is slot1, 4GE module). However, between G0/1 and G0/3 there is a limit of cca. 650 Mbit/s and a slightly better value of about 730 Mbit/s between G1/0 and G1/2.

Underrun or overrun counters are increasing on the interface during the tests so the throttling is probably due to exceeding the hardware capacity.

I can clearly focus on the difference by organizing G0/2 and G1/2 in a redundant interface pair and let the tests run with the same settings. In this case, the same IP and firewall configuration applies to the port which is active at the moment.

interface Redundant 1
  nameif zone1
  security-level 80
  ip address x.x.x.x y.y.y.y
  member-interface G0/2
  member-interface G1/2

And the throughput varies depending on which firewall port I plug the cable in.

Software versions: 8.3(1) and 8.3(2)

2 Responses to “ASA throughput depends on port location”

  1. Gilad Shinman said

    This matches what Cisco have told us – the first 4 interfaces and second 4 interfaces each connect to a separate bus. In other words each set of 4 interfaces is on a different bus – each bus has a limit. Their recommendation is to use 1 from each bus for best performance (if you need 2)

  2. Thanks Gilad, a nice bit of information

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: