To answer your question, the 5580 ASA (PIX is EoS if you didn’t know) is capable of 10G “HTTP” traffic and 20G “jumbo frame” packets. However, 64-byte packet rate is “limited” to 4,000,000pps. And yes, you will pay for that performance. You get a lot more than just a packet filter with the ASA though. Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS Senior Network Engineer Coleman Technologies, Inc. 954-298-1697 From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Patrick Clochesy Sent: Tuesday, March 25, 2008 9:16 PM To: Adrian Chadd Cc: nanog@nanog.org Subject: Re: 10GE router resource Very interesting study I had not seen, and a bummer. That really puts a cramp in my advocation of our CARP+pf load balancers/firewalls/gateways. Than again, what's a PIX box capable of? I also had to switch to OpenBSD as there was a fatal crash with the bridge device in FreeBSD when used with my paticular OpenVPN/CARP/pf combination. AFAIK pf/forwarding only takes place on one core and wouldn't take advantage of the other 3 cores, correct? -Patrick ----- Original Message ----- From: "Adrian Chadd" <adrian@creative.net.au> To: "Chris Grundemann" <cgrundemann@gmail.com> Cc: "William Herrin" <herrin-nanog@dirtside.com>, nanog@nanog.org Sent: Tuesday, March 25, 2008 6:02:03 PM (GMT-0800) America/Los_Angeles Subject: Re: 10GE router resource On Tue, Mar 25, 2008, Chris Grundemann wrote:
To Ann's question on resources; I have only used Linux routers with 1G ports but have surpassed 10G total throughput (up+ down) using various dual proc set ups, most often Intel Xeon in Dell servers. A gentlemen by the name of Martin Pels wrote a good paper on the subject early last year that can be found here: http://docs.rodecker.nl/10-GE_Routing_on_Linux.pdf. He hit a wall at 700K pps and was using two dual core Intel Xeon 64bit 2.33GHz CPUs and 2GB of RAM in a Dell PowerEdge 1950.
Mike Tancsa did some benchmarking in late 2006: http://www.tancsa.com/blast.html I think things are slightly faster now but not because of a massive change in software architecture. Adrian