11.2.11. (Reference) Firewall (vSRX) performance measurement result

  • The values resulted from Firewall (vSRX) performance measurement executed by NTT Communications are as follows.

  • The maximum value for each measurement item was measured. That is, simultaneous measurements of the maximum values of all performance items were not conducted.

  • For the number of sessions, restrictions exist in terms of the virtual server on which the Firewall (vSRX) is installed. For details, refer to Instance restrictions.

  • It has been identified that the change of the number of ACLs is unlikely to largely affect the performance.

  • The verification result here is to be used just for reference. Please note that assurance of the performance is not intended with the result.

11.2.11.1. Non-encryption communication test

Configuration diagram

Measurement result

Measurement item

Measurement condition

Measurement result

    2CPU-4GB-8IF

L4 UDP throughput

Protocol : UDP
Data Size : 1,522 bytes
NAT: Enabled
No. of ACL: 100
1.8 Gbps

L4 UDP Latency

Protocol : UDP
Data Size : 1,522 bytes
NAT: Yes
No. of ACL: 100
0.9 ms

Number of simultaneous TCP connections in terms of L4

Protocol : HTTP
Number of new connections: 1,500 cps
Multiplicity: Triple
Data Size : 64 bytes
NAT: Yes
No. of ACL: 100

29,000 connections (*1)

Number of new TCP connections in terms of L4

Protocol : HTTP
Number of new connections: 300 cps
Multiplicity: Tenfold
Data Size : 64 bytes
NAT: Yes
No. of ACL: 100
1,000 cps

Note

  • (*1) For measurement with lighter load (number of new connections: 1,500 cps/ multiplicity: triple), 48,000 connections have been confirmed.

11.2.11.2. Encryption communication test

Measurement result

Measurement item

Measurement condition

Measurement result

    2CPU-4GB-8IF

IPSec throughput

1 site (*2)
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.4 Gbps
 
16 sites
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.5 Gbps
 
32 sites
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.5 Gbps
 
48 sites
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.4 Gbps
 
64 sites
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.5 Gbps

Note

  • (*2) The testing apparatus used this time was able to apply up to approx. 0.4 Gbps IPsec traffic per site. The test result at one site is based on the upper limit of the testing apparatus. Check it as reference.