cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Iron

Definition of Throughput ?

The Appliance Comparison chart (https://www.checkpoint.com/downloads/products/check-point-appliance-comparison-chart.pdf) mentions "Throughput" under Enterprise and Ideal conditions.  What does "Throughput" mean here ? 

 

1) Does it mean that that this is the maximum amount of traffic the device can handle without CPU hitting 100% or without device dropping any traffic ? 

2) How do I use this "Throughput" number to find an appropriate sized Checkpoint firewall ? For example if I have a hypothetical firewall with 4 interfaces with following 5 minutes statistics: 


INT1 = Transmitted 500M bps, Received 1500M bps

INT2 = Transmitted 2000M bps, Received 500M bps

INT3 = Transmitted 1000M bps, Received 600M bps

INT4 = Transmitted 500M bps, Received  1400M bps

 

In the above the sum of Transmitted from all interfaces is 4000Mbps and sum of Received on all interfaces is also 4000Mbps. What is the "Throughput" here ? Which one of the below is true ?

 

a) Higher value of EITHER sum of Transmitted from all interfaces  OR sum of Received from all interfaces   ? In actual device these numbers could be slightly different ?  i.e. 4000 Mbps.

b) Grand total of sum of Transmitted from all interfaces AND sum of Received from all interfaces ? i.e. 8000 Mbps. If this is the case then aren't we double counting ?

 

I will be taking the Threat Prevention (Gbps) from the comparison chart to size a firewall since this number is the lowest compared to other numbers. I assume that this Gbps has no relation with CPU utilization

 

Is there any document or link on Checkpoint website that covers "Throughput" and Sizing in the above context ? 

 

Thanks

KM

 

0 Kudos
6 Replies
Highlighted

Re: Definition of Throughput ?

Throughput is the total amount of traffic crossing your security GW through all interfaces. Not all received will be forwarded, as some of the traffic will be dropped.

0 Kudos
Highlighted
Iron

Re: Definition of Throughput ?

Thanks for your reply. 

How CPU utilization is related to Throughput ? I assume that there will be higher CPU utilization as the Throughput reaches closer to to the MAX number specified in the Appliance  comparison chart.  What role CPU utilization plays in the sizing or ordering of a new CP FW ? 

Let's say I have a hypothetical end customer who is running CP on Open Server and his CPU utilization is around 80% and his current throughput is 50% below than suggested new CP physical appliance X Threat Prevention (Gbps).  Should I be considering one model up from CP physical appliance X just because he is hitting 80% CPU utilization ?  

Do we have CPU utilization on the FW side as well as on physical server side ? What role each CPU utilization plays here ? 

Thanks

Mian

 

 

Highlighted
Admin
Admin

Re: Definition of Throughput ?

Other things can potentially impact CPU and throughput either independently or together, but high CPU will definitely throttle potential throughput.
Likewise, your CPU usage will increase as throughput does.
While you can size based on current throughput requirements, that may not give you enough headroom down the road if either the throughput needs increase or the amount of inspection does.
0 Kudos
Highlighted

Re: Definition of Throughput ?

One's security GW CPUs can play different roles: NIC interrupts, acceleration, traffic filtering, deeper inspection, etc. There are literally thick books written about it.

 

If you goal is to size a new security appliance to replace an existing gateway, the best and most practical approach is to run CPSizeme tool and then provide the collected data to your local Check Point partner or SE, for a proper sizing exercise 

0 Kudos
Highlighted

Re: Definition of Throughput ?

As Val said this is a rather complicated question and sometimes performance tuning feels more like art than science, since even if you find and mitigate one bottleneck (say CPU utilization) performance increases to a point and then you hit some other bottleneck (interface buffering drops or something).  Let's just say there will be a lots of reading available soon on this very topic...

 

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
Highlighted

Re: Definition of Throughput ?

Yes, that particular book 🙂

0 Kudos