Reset Search
 

 

Article

KB43684 - Throughput calculation for PCS devices and VPN traffic

« Go Back

Information

 
Last Modified Date3/15/2018 6:47 AM
Synopsis
This article provides information on Throughput calculation for PCS devices and VPN traffic
Problem or Goal
Different PCS devices have different Maximum tunnel throughput, this article provides information on device throughput and how it is calculated and how it impacts the performance of the PCS based on number of tunnels(ESP or SSL)
Cause
Solution
On the System Status graphs, throughput is measured in MBps (mega byte/sec). To convert to megabits, use the following formula:
1 MBps (mega bytes per second) = 8 Mbps (mega bits per second)

Note : the device throughput shown under overview graph is a sum of all access features like vpn,terminal services, core access, Pulse SAM access, html5 access etc

Notes:
  • Download Throughput refers to the throughput from the ‘External Out’ interface 
  • Upload Throughput refers to the throughput from ‘Internal Out’ interface.
  • Total throughput refers to sum of the download and upload throughput

User-added image


In above screenshot, the total throughput at peak is:

  • 240 MBps + 140 MBps = 380 MBps 
  • If converted to to Mbps, the total would be 3040 Mbps (380 MBps x 8) or close to 3 Gbps

If we are running into performance issues and total throughput numbers are determined (with the graphs), throughput calculations can help understand if we are nearing limit.

The maximum tunnel throughput for each platform is documented here

Let us take an example as in above screenshot of the throughput Graph of an PSA7K device which supports 2.8 Gbps VPN throughput for SSL mode and 4.2 Gbps for ESP mode, let us say for example there is a mix of SSL and ESP tunnels. 4.2 Gbps is 525 MBps and 2.8 Gbps is 350 MBps so approximately we get 400 MBps which is around 75% of ,maximum tunnel throughput. So in this example,VPN throughput is nearing the maximum for this device. Please note that VPN tunnels will start having issue when the VPN throughput reaches around 75 %  of the limit for elongated periods of time and we will see device CPU utilization increase as well.

Important facts to understand:

When performing throughput calculations, it is important to understand the following:

  • What is hardware platform (MAG, PSA)?
  • If we are nearing/reaching maximum device throughput with a few thousand users, then the box cannot scale as mentioned in the datasheets because t he limit is already hit.
  • How many tunnels are in ESP compared to SSL mode? can be seen on UI under Active Users.
  • What is the packet length distribution? With less packet sizes, more PCS CPU is spent on analyzing the packets and hence less throughput.
  • Are other connection methods (PULSE SAM, Terminal Services,HTML5, core access etc) being used?
  • CPU could be high with lesser throughput as CPU usage is dependent on high login rates during peak hours, high rates/min, hits/second etc and other factors like processes piling up due to slow response from back end authentication servers, application servers,HTML5 access etc. 



 

Related Links
Attachment 1 
Created Byjai laisram

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255