5.2.2.13. (Reference) Firewall (vSRX) performance measurement result

  • The values resulted from Firewall (vSRX) performance measurement executed by NTT Communications are as follows.

  • The maximum value for each measurement item was measured. That is, simultaneous measurements of the maximum values of all performance items were not conducted.

  • For the number of sessions, restrictions exist in terms of the virtual server on which the Firewall (vSRX) is installed. For details, refer to Instance restrictions.

  • It has been identified that the change of the number of ACLs is unlikely to largely affect the performance.

  • The verification result here is to be used just for reference. Please note that assurance of the performance is not intended with the result.

Non-encryption communication test

Configuration diagram

Measurement results (after vulnerability fix for CVE-2017-5715 and CVE-2017-5753 (Spectre))

  • Version 19.2R1.8

Measurement item

Measurement condition

Measurement result

    2CPU-4GB-8IF

L4 UDP throughput

Protocol : UDP
Data Size : 1,522 bytes
NAT: Enabled
No. of ACL: 100
1.8 Gbps

L4 UDP Latency

Protocol : UDP
Data Size : 1,522 bytes
NAT: Yes
No. of ACL: 100
2.0 ms

Number of simultaneous TCP connections in terms of L4

Protocol : HTTP
Number of new connections: 1,500 cps
Multiplicity: Triple
Data Size : 64 bytes
NAT: Yes
No. of ACL: 100

200,000 connections

Number of new TCP connections in terms of L4

Protocol : HTTP
New connections : 3000 cps
Multiplicity: Tenfold
Data Size : 64 bytes
NAT: Yes
No. of ACL: 100
5,000 cps
  • Version 15.1X49-D105.1

Measurement item

Measurement condition

Measurement result

    2CPU-4GB-8IF

L4 UDP throughput

Protocol : UDP
Data Size : 1,522 bytes
NAT: Enabled
No. of ACL: 100
1.8 Gbps

L4 UDP Latency

Protocol : UDP
Data Size : 1,522 bytes
NAT: Yes
No. of ACL: 100
1.1 ms

Number of simultaneous TCP connections in terms of L4

Protocol : HTTP
Number of new connections: 1,500 cps
Multiplicity: Triple
Data Size : 64 bytes
NAT: Yes
No. of ACL: 100

200,000 connections

Number of new TCP connections in terms of L4

Protocol : HTTP
New connections : 3000 cps
Multiplicity: Tenfold
Data Size : 64 bytes
NAT: Yes
No. of ACL: 100
5,000 cps

Encryption communication test

Measurement results (after vulnerability fix for CVE-2017-5715 and CVE-2017-5753 (Spectre))

  • Version 19.2R1.8

Measurement item

Measurement condition

Measurement result

    2CPU-4GB-8IF

IPSec throughput

1 site (*1)
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.3 Gbps
 
16 sites
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.3 Gbps
 
32 sites
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.3 Gbps
 
48 sites
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.3 Gbps
 
64 sites
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.3 Gbps
  • Version 15.1X49-D105.1

Measurement item

Measurement condition

Measurement result

    2CPU-4GB-8IF

IPSec throughput

1 site (*1)
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.3 Gbps
 
16 sites
Protocol:IKEv2/ESP
NAT: Enabled
No. of ACL: 100
0.4 Gbps

Note

  • (*1) For the machine used this time, application of up to about 0.4 Gbps IPsec traffic was possible per site. Note (for reference) that the test result regarding one site is based on the upper limit of the used test machine.