Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NSP
NFV
harbor235 at gmail
Sep 23, 2019, 12:15 PM
Post #1 of 2 (408 views)
Permalink
Looking for real word experiences virtualizing router and firewall services
with rates above 1Gbps on x86 platforms. Most testing I have been involved
with virtualizing routers and firewalls, performance drops
dramatically above 1Gbps.

Connections per second are critical for a firewall in particular, can a
virtual firewall handle high connections per second as appliances?

Anyone experience good results at 10GigE with a virtual firewall?

Where do you draw the line for router based virtualization?



Mike
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: NFV [ In reply to ]
jac.kloots at surfnet
Sep 24, 2019, 1:40 AM
Post #2 of 2 (404 views)
Permalink
Hi Mike,

We run an openstack with VPP NFV setup with fortigate virtual firewalls.

To get to competitive performance we also use mellanox ConnectX NICs to
offload processing to this hardware.

A lot of effort has to be put into this setup to get good performance.
We have tested upto 10G bi-dir and 30k+ sessions, we are planning on
testing with higher speeds/more sessions soon.

Jac


On 23/09/2019 21:15, harbor235 wrote:
> Looking for real word experiences virtualizing router and firewall services
> with rates above 1Gbps on x86 platforms. Most testing I have been involved
> with virtualizing routers and firewalls, performance drops
> dramatically above 1Gbps.
>
> Connections per second are critical for a firewall in particular, can a
> virtual firewall handle high connections per second as appliances?
>
> Anyone experience good results at 10GigE with a virtual firewall?
>
> Where do you draw the line for router based virtualization?
>
>
>
> Mike
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

--
Jac Kloots

Teamlead Network Services
Network Department
SURFnet

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal