Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Cisco device traffic / bandwidth requirements (http://www.velocityreviews.com/forums/t40653-cisco-device-traffic-bandwidth-requirements.html)

Cen 08-31-2005 12:56 PM

Cisco device traffic / bandwidth requirements
 
Where do i get information on traffic characteristics on cisco devices
(routers, PIX, MLS etc) with regards to the following:

- connection (TCP/UDP) blocking probability
- bandwidth / load curve
- maximum TCP/UDP connections
- maximum translations
- etc. . .

It's hard to find this info on cisco web site.



Walter Roberson 08-31-2005 03:04 PM

Re: Cisco device traffic / bandwidth requirements
 
In article <df49ek$2cbv$1@otis.netspace.net.au>,
Cen <test_nospam@spammer.net> wrote:
:Where do i get information on traffic characteristics on cisco devices
:(routers, PIX, MLS etc) with regards to the following:

:- connection (TCP/UDP) blocking probability
:- bandwidth / load curve
:- maximum TCP/UDP connections
:- maximum translations

:It's hard to find this info on cisco web site.

The max connections is in the PIX data sheets, but the figures are
pretty much meaningless as it depends mostly upon the available
memory.

The connection blocking probability on the PIX 6.x software
depends upon available memory, and upon whether you have floodguard
enabled, and upon the state of the other connections that might
be reclaimable -- in the sense that if you are out of resources,
ability to connect is going to depend upon ability to reclaim
resources.
http://www.cisco.com/univercd/cc/td/....htm#wp1029632

If you are not out of resources on the PIX then connection blocking
probability is going to depend upon what you specified for
max_conns and emb_limit in the 'static' command.
http://www.cisco.com/univercd/cc/td/....htm#wp1026694

There is also the possibility that the PIX's IDS will detect
an attack and that you have configured 'drop' as the action,
http://www.cisco.com/univercd/cc/td/....htm#wp1101884
I do not know at the moment if any of those IDS require any kind
of "judgement" or if they can all be determined independantly,
on a per-packet basis. For example, "UDP Bomb attack" sounds like it
might require seeing a few packets to activate.

http://www.cisco.com/univercd/cc/td/....htm#wp1055451


Beyond that... if a PIX does not have the resources to handle a packet,
then the packet will be dropped. The PIX "fails to closed":
each packet must be -explicitly- approved internally in order to
pass to the other side. The PIX does not just pass packets through,
either: it builds new outgoing packets based upon the information
of the incoming packets, so packets cannot "slip through" because
(say) a checking algorithm didn't return within a specific time.



I don't think you are going to find information about items such
as bandwidth/load curves, not unless you go NDA (Non-disclosure
agreement), and even then it is going to depend a lot on what
you have configured and what software release. You might be able
to find some charts in the results published by The Tolly Group.

--
Entropy is the logarithm of probability -- Boltzmann


All times are GMT. The time now is 12:25 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.