3240C NP4 Throughput Question

Author
james.holley@three.co.uk
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/12/06 07:12:13
  • Status: offline
2018/12/06 07:24:36 (permalink)
0

3240C NP4 Throughput Question

Hello all
 
We run a 3240C cluster in an active-pasive configuration.
We have four vdoms's in total on the devices, with pretty much the two busiest vdoms in terms of traffic, feeding into np4 0.
Our traffic predictions for next Summer suggest we might start to come close to pushing around 35 Gb's of traffic through our three data centres, so with reasonable load balancing, around 15 gbs of tcp traffic pr cluster.
 
Going active-active is not an option, so the key question is, even though these firewalls are rated to 40 Gb, will we have enough ceiling to accomodate this traffic level through NP4 0?
 
Are there any decent commands available to interrogate the NP4's and attempt to work out how hard the are currently working with our current throughput of around 5GB?
 
Tanks in advance
 
 
 
James
#1

3 Replies Related Threads

    SgtMalicious
    Bronze Member
    • Total Posts : 19
    • Scores: 6
    • Reward points: 0
    • Joined: 2013/12/17 16:10:14
    • Status: offline
    Re: 3240C NP4 Throughput Question 2018/12/06 12:35:14 (permalink)
    4 (1)
    That 40Gb/s is marketing bs because the 3240C has 2 NP4s. A single NP4 will not be able to handle a full 40G through it. The hardware acceleration guide covers how the ports are mapped to the NPs. https://docs.fortinet.com/uploaded/files/3941/fortigate-hardware-acceleration-56.pdf (page 122) so you can design around that limitation by splitting VDOMs onto ports mapped to a different ASIC as well as running some VDOMs on your passive fortigate. With four VDOMs you could potentially run each one on a dedicated NP4.
    #2
    james.holley@three.co.uk
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/12/06 07:12:13
    • Status: offline
    Re: 3240C NP4 Throughput Question 2018/12/10 02:49:50 (permalink)
    0
    Thanks SgtMalicious, I had already looked at the literature and had seen that the NP4 asic is a 20Gb bottleneck potentially.
     
    I suspect that we will have to push through around 15 Gb of traffic through NP4 0. 
     
    Question is, how do we check the current performance levels of the asics? Can I run commands to show current traffic levels? I have looked around and cannot seem to find any.
     
    Regards
     
     
     
     
    James
    #3
    SgtMalicious
    Bronze Member
    • Total Posts : 19
    • Scores: 6
    • Reward points: 0
    • Joined: 2013/12/17 16:10:14
    • Status: offline
    Re: 3240C NP4 Throughput Question 2018/12/10 08:18:13 (permalink)
    0
    To my knowledge, there isn't anything that will report on the utilization of the backplane links to the ASICs. You can get an idea by monitoring the individual port statistics with a network monitoring system and I think that's about as good as it gets.
    #4
    Jump to:
    © 2018 APG vNext Commercial Version 5.5