RE: [fw-wiz] PIX-515 acceptable CPU usage?
From: Eugene Kuznetsov (eugene_at_datapower.com)
Date: 09/16/04
- Previous message: Mark Teicher: "Re: [fw-wiz] "upgrade" for Gauntlet"
- In reply to: Ahmed, Balal: "RE: [fw-wiz] PIX-515 acceptable CPU usage?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Ahmed, Balal'" <balal.ahmed@capgemini.com>, "'Adam Greene'" <maillist@webjogger.net>, <firewall-wizards@honor.icsalabs.com> Date: Thu, 16 Sep 2004 13:51:19 -0400
> Some time ago cisco Documentation used to say that if your
> PIX firewall is running at 30% sustained utilization then
> an upgrade is advised. The latest
It is worth noting that for many network device products, it is difficult
for the vendor to provide a really accurate CPU utilization metric. There
may be custom hardware assist, multiple processors, NPUs, and so on. It is
not easy to reduce all of that to a single percentage.
Also, such numbers are rarely linear. In other words, if a device is at 30%
utilization right now, 2x more traffic won't drive it to 60% -- it may be
40% or 100%, depending on the internal architecture.
Some less ethical vendors will actually fudge their utilization metrics as a
competitive tactic, i.e. "look, we're only at 5% utilization while
saturating the network".
So it's a useful basic health check, but be careful in placing too much
trust in CPU utilization numbers, in PIX or elsewhere.
\\ Eugene Kuznetsov, Chairman & CTO : eugene@datapower.com
\\ DataPower Technology, Inc. : Web Services security
\\ http://www.datapower.com : XML-aware networks
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Mark Teicher: "Re: [fw-wiz] "upgrade" for Gauntlet"
- In reply to: Ahmed, Balal: "RE: [fw-wiz] PIX-515 acceptable CPU usage?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
