On the System Status graphs, throughput is measured in MBps (mega byte/sec). To convert to megabits, use the following formula:
1 MBps (mega bytes per second) = 8 Mbps (mega bits per second)
Note : the device throughput shown under overview graph is a sum of all access features like vpn,terminal services, core access, Pulse SAM access, html5 access etc
- Download Throughput refers to the throughput from the ‘External Out’ interface
- Upload Throughput refers to the throughput from ‘Internal Out’ interface.
- Total throughput refers to sum of the download and upload throughput
In above screenshot, the total throughput at peak is:
- 240 MBps + 140 MBps = 380 MBps
- If converted to to Mbps, the total would be 3040 Mbps (380 MBps x 8) or close to 3 Gbps
If we are running into performance issues and total throughput numbers are determined (with the graphs), throughput calculations can help understand if we are nearing limit.
The maximum tunnel throughput for each platform is documented here
Let us take an example as in above screenshot of the throughput Graph of an PSA7K device which supports 2.8 Gbps VPN throughput for SSL mode and 4.2 Gbps for ESP mode, let us say for example there is a mix of SSL and ESP tunnels. 4.2 Gbps is 525 MBps and 2.8 Gbps is 350 MBps so approximately we get 400 MBps which is around 75% of ,maximum tunnel throughput. So in this example,VPN throughput is nearing the maximum for this device. Please note that VPN tunnels will start having issue when the VPN throughput reaches around 75 % of the limit for elongated periods of time and we will see device CPU utilization increase as well.
Important facts to understand:
When performing throughput calculations, it is important to understand the following:
- What is hardware platform (MAG, PSA)?
- If we are nearing/reaching maximum device throughput with a few thousand users, then the box cannot scale as mentioned in the datasheets because t he limit is already hit.
- How many tunnels are in ESP compared to SSL mode? can be seen on UI under Active Users.
- What is the packet length distribution? With less packet sizes, more PCS CPU is spent on analyzing the packets and hence less throughput.
- Are other connection methods (PULSE SAM, Terminal Services,HTML5, core access etc) being used?
- CPU could be high with lesser throughput as CPU usage is dependent on high login rates during peak hours, high rates/min, hits/second etc and other factors like processes piling up due to slow response from back end authentication servers, application servers,HTML5 access etc.