Re: [fw-wiz] PIX-515 acceptable CPU usage?

• Previous message: Jason Lewis: "[fw-wiz] Log summaries for IOS ACLs"
• Maybe in reply to: Adam Greene: "[fw-wiz] PIX-515 acceptable CPU usage?"
• Next in thread: pmahesh90979_at_yahoo.com: "Re: [fw-wiz] PIX-515 acceptable CPU usage?"
• Reply: pmahesh90979_at_yahoo.com: "Re: [fw-wiz] PIX-515 acceptable CPU usage?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Adam Greene" <maillist@webjogger.net>
Date: Fri, 03 Sep 2004 16:58:35 -0400

Adam,

You're definitely OK for now. Seems like at worst you'll see 20-25% CPU
(10% base and 10% if you had 5 interfaces).

You probably want to try and test a number of use cases including DoS'ing
on of the less trusted interfaces or (and) establishing a couple of VPN or
SSH sessions to the PIX and watching what happens.

Chances are (without looking at your config or knowing how you use the PIX)
you'll probably spike up to 60% when bad things happen.

Liberty for All,

Brian

At 02:22 PM 9/3/2004 -0400, firewall-wizards-request@honor.icsalabs.com wrote:
>From: "Adam Greene" <maillist@webjogger.net>
>To: <firewall-wizards@honor.icsalabs.com>
>Date: Fri, 3 Sep 2004 11:47:17 -0400
>Subject: [fw-wiz] PIX-515 acceptable CPU usage?
>
>Hi --
>
>We're deploying OSPF on our network for the first time, and it looks like it
>will be convenient to enable OSPF on our PIX-515-UR's as well (running 6.3.3
>OS). The problem
>is, the moment I enable OSPF on the pixes, CPU usage on them shoots up from
>0-1% to 7-10% (sh cpu usage). Each interface I add to area 0 appears to add
>1-2% to CPU usage as well.
>
>I've tried googling for acceptable CPU usage levels on the PIX, but came up
>dry. Does anyone have a benchmark they can refer me to?
>
>We're going to be passing about 5 Mbps through these pixes in the short term
>(may grow to 10Mbps or higher). It would be nice to know that ongoing 15%
>CPU usage is not going to cause noticeable performance degradation to our
>users (we are broadband ISP).
>
>Any input anyone may have is very welcome. Thanks for your help.
>
>--Adam
>
>P.S. we're running 6.3.3 on the pixes

Brian Ford
Consulting Engineer, Security & Integrity Specialist
Office of Strategic Technology Planning
Cisco Systems Inc.
http://www.cisco.com/go/safe/

The opinions expressed in this message are those of the author and not
necessarily those of Cisco Systems, Inc..

This email address is transmitted from San Jose, California, U.S.A..

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Jason Lewis: "[fw-wiz] Log summaries for IOS ACLs"
• Maybe in reply to: Adam Greene: "[fw-wiz] PIX-515 acceptable CPU usage?"
• Next in thread: pmahesh90979_at_yahoo.com: "Re: [fw-wiz] PIX-515 acceptable CPU usage?"
• Reply: pmahesh90979_at_yahoo.com: "Re: [fw-wiz] PIX-515 acceptable CPU usage?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]