Firewall Wizards mailing list archives

RE: PIX-515 acceptable CPU usage?

From: "Eugene Kuznetsov" <eugene () datapower com>
Date: Thu, 16 Sep 2004 13:51:19 -0400

Some time ago cisco Documentation used to say that if your 
PIX firewall is running at 30% sustained utilization then 
an upgrade is advised. The latest


It is worth noting that for many network device products, it is difficult
for the vendor to provide a really accurate CPU utilization metric. There
may be custom hardware assist, multiple processors, NPUs, and so on. It is
not easy to reduce all of that to a single percentage.

Also, such numbers are rarely linear. In other words, if a device is at 30%
utilization right now, 2x more traffic won't drive it to 60% -- it may be
40% or 100%, depending on the internal architecture. 

Some less ethical vendors will actually fudge their utilization metrics as a
competitive tactic, i.e. "look, we're only at 5% utilization while
saturating the network". 

So it's a useful basic health check, but be careful in placing too much
trust in CPU utilization numbers, in PIX or elsewhere. 

\\ Eugene Kuznetsov, Chairman & CTO  : eugene () datapower com 
\\ DataPower Technology, Inc.        : Web Services security 
\\ http://www.datapower.com          : XML-aware networks   

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

PIX-515 acceptable CPU usage? Adam Greene (Sep 03)
- <Possible follow-ups>
- Re: PIX-515 acceptable CPU usage? Brian Ford (Sep 03)
  - Re: PIX-515 acceptable CPU usage? pmahesh90979 (Sep 16)
- RE: PIX-515 acceptable CPU usage? Ahmed, Balal (Sep 16)
  - RE: PIX-515 acceptable CPU usage? Eugene Kuznetsov (Sep 16)