2.1.31. (Reference) Performance measurement result of Managed FW / UTM

  • The values resulted from Managed FW/UTM performance measurement executed by Service Provider are as follows.

  • The maximum value for each measurement item was measured. That is, simultaneous measurements of the maximum values of all performance items were not conducted.

  • As for configuration, a redundant configuration was employed.

  • The Log setting of the firewall rule is set to ALL and set Setting up the Log Sending Settings to a Customer Managed Syslog Server. .

  • This performance measurement result is the result of the region where the virtual network maintenance is completed. For completed regions, please refer to Virtual network maintenance <https://ecl.ntt.com/en/news/2018092601//> _ .

  • The verification result here is to be used just for reference. Please note that assurance of the performance is not intended with the result.

2.1.31.1. Managed FW/UTM

2.1.31.1.1. Non-encryption communication test

Configuration diagram

../../../../_images/mfw_performance_test_env.png

Measurement result

Measurement item

Measurement condition

Measurement result

 
    2CPU-4GB 8CPU-12GB

L4 UDP throughput (* 1)

Protocol : UDP
Data Size: 1,522 bytes
NAT: Yes
Number of ACL: 100
1.2 Gbps 1.8 Gbps

L4 UDP Latency

Protocol : UDP
Data Size: 1,522 bytes
NAT: Yes
Number of ACL: 100
1.1 ms 1.4 ms

Number of simultaneous TCP connections in terms of L4

Protocol: HTTP
Number of new connections: 500 cps
Multiplicity: Tenfold
Data Size: 64 bytes
NAT: Yes
Number of ACL: 100

200,000 connections

200,000 connections

Number of new TCP connections in terms of L4(* 2)

Protocol: HTTP
Number of new connections: 3000 cps
Multiplicity: Tenfold
Data Size: 64 bytes
NAT: Yes
Number of ACL: 100
5,000 cps 5,000 cps

Note

  • (* 1) Total value of 3 line.

  • (* 2) There is a possibility that it will be the session limit when using a system that requires many sessions. As an example, Microsoft Office 365 will use approximately 50 sessions per ID.

2.1.31.1.2. Encryption communication test

Configuration diagram

../../../../_images/ipsec_performance_test_env.png

Measurement result

Measurement item

Measurement condition

Measurement result

 
    2CPU-4GB 8CPU-12GB

IPsec Throughput

1 site
Protocol: IKEv1 / ESP
Proposal: aes256-sha512
DH: 21
NAT: Yes
Number of ACL: 100
0.3 Gbps 0.35 Gbps
 
15 sites
Protocol: IKEv1 / ESP
Proposal: aes256-sha512
DH: 21
NAT: Yes
Number of ACL: 100
0.3 Gbps 0.35 Gbps

2.1.31.2. Managed UTM

  • The following result is the result of enabling UTM function (IPS, anti-virus, WebFilter).

../../../../_images/utm_performance_env.png

Measurement result

Measurement item

Measurement condition

Measurement result

 
    2CPU-4GB 8CPU-12GB

Number of new TCP connections in terms of L4(* 3)

Protocol: HTTP
Number of new connections: 200 cps (2CPU-4GB)
Number of new connections: 500 cps (8CPU-12GB)
Multiplicity: double
Data Size: 64 bytes
NAT: Yes
Number of ACL: 100

30,000 connections

80,000 connections

Number of new TCP connections in terms of L4

Protocol: HTTP
Number of new connections: 200 cps (2CPU-4GB)
Number of new connections: 450 cps (8CPU-12GB)
Multiplicity: Tenfold
Data Size: 64 bytes
NAT: Yes
Number of ACL: 100
2,000 cps 4,500 cps

L7 Throughput

Protocol: HTTP
Number of new connections: 200 cps (2CPU-4GB)
Number of new connections: 400 cps (8CPU-12GB)
Multiplicity: double
Data Size: 64 kbyte
NAT: Yes
Number of ACL: 100
200 Mbps 400 Mbps

Note

  • (* 3) There is a possibility that it will be the session limit when using a system that requires many sessions. As an example, Microsoft Office 365 will use approximately 50 sessions per ID.