Not quite all, but very helpful nonetheless and a great reference - something like that should be in the standard "support" section for the FWSM.
I also found another reference to performance issues in another doc around the same time that says a lot of useful stuff: http://www.sectao.com/redirect.php?tid=14079&goto=lastpost http://isamology.blogspot.com/2010-02/troubleshooting-fwsm-performance.h tml Read the docs for a better description, but fundamentally the FWSM is designed for a high quantity of short, small-term flows (ISP traffic) as opposed to a few high volume flows, so the whole thing needs to be tuned somewhat differently. Summary: enable "sysopt np completion-unit". That took care of all of the retransmits I had been seeing, and I can now push several hundred mbit/sec through the firewall with zero retransmits. There's other useful things to do like disable seq-no rewriting and such, but most all of that happens in the fast path and I haven't seen much effect so far. The latency still sucks, but I'm not sure what step is adding the latency - I need to look further at my test setup (cat3560s aren't exactly fast), and I also want to install a DFC on the linecard to see if having to go through the crossbar is adding latency. (For those who care, please keep in mind that I'm dealing in a financial application here, so yes I'm counting microseconds - but we're not a super-high-freq-shop so we don't pay for utter bleeding edge solutions. ) I've seen the latency get down to about 220usec (both ways) so far, which isn't bad. that's in transparent mode, direct-attached hosts. -bacon From: David White, Jr. (dwhitejr) [mailto:dwhit...@cisco.com] Sent: Friday, June 03, 2011 12:04 AM To: Jeff Bacon Cc: Pete Templin; Peter Rathlev; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] cat6500/fwsm performance And here is a great doc TAC wrote up on single flow TCP performance which should answer all your questions: https://supportforums.cisco.com/docs/DOC-12668 Sincerely, David. _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/