Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
james_holley
New Contributor

3240C NP4 Throughput Question

Hello all

 

We run a 3240C cluster in an active-pasive configuration.

We have four vdoms's in total on the devices, with pretty much the two busiest vdoms in terms of traffic, feeding into np4 0.

Our traffic predictions for next Summer suggest we might start to come close to pushing around 35 Gb's of traffic through our three data centres, so with reasonable load balancing, around 15 gbs of tcp traffic pr cluster.

 

Going active-active is not an option, so the key question is, even though these firewalls are rated to 40 Gb, will we have enough ceiling to accomodate this traffic level through NP4 0?

 

Are there any decent commands available to interrogate the NP4's and attempt to work out how hard the are currently working with our current throughput of around 5GB?

 

Tanks in advance

 

 

 

James

1 Solution
SgtMalicious

To my knowledge, there isn't anything that will report on the utilization of the backplane links to the ASICs. You can get an idea by monitoring the individual port statistics with a network monitoring system and I think that's about as good as it gets.

View solution in original post

3 REPLIES 3
SgtMalicious
New Contributor III

That 40Gb/s is marketing bs because the 3240C has 2 NP4s. A single NP4 will not be able to handle a full 40G through it. The hardware acceleration guide covers how the ports are mapped to the NPs. https://docs.fortinet.com/uploaded/files/3941/fortigate-hardware-acceleration-56.pdf (page 122) so you can design around that limitation by splitting VDOMs onto ports mapped to a different ASIC as well as running some VDOMs on your passive fortigate. With four VDOMs you could potentially run each one on a dedicated NP4.

james_holley

Thanks SgtMalicious, I had already looked at the literature and had seen that the NP4 asic is a 20Gb bottleneck potentially.

 

I suspect that we will have to push through around 15 Gb of traffic through NP4 0. 

 

Question is, how do we check the current performance levels of the asics? Can I run commands to show current traffic levels? I have looked around and cannot seem to find any.

 

Regards

 

 

 

 

James

SgtMalicious

To my knowledge, there isn't anything that will report on the utilization of the backplane links to the ASICs. You can get an idea by monitoring the individual port statistics with a network monitoring system and I think that's about as good as it gets.

Labels
Top Kudoed Authors