5260 Experience

Reply
L6 Presenter

5260 Experience

Looking for some realworld deployment experience.  Anyone that's deployed a 5260 how much data have you guys pushed through it.  Anyone pushing 20-30Gbps+?  How does it perform?

 

I'm thinking about getting one and putting it off our tapping infrastructure for IPS/IDS functionality.

Tags (1)
L7 Applicator

Re: 5260 Experience

So far we are still in a migration project, so right now our 5260s are still totally bored with peaks of about 5 Gbit :P

L6 Presenter

Re: 5260 Experience

I ended up requesting a 5260 for a PoC which I'll hopefully get deployed this week.  Soon after I'll put at least 30GB of traffic so I'll update here after it gets up and running.

L7 Applicator

Re: 5260 Experience

@Brandon_Wertz,

The pair I support have pushed just pass 15Gb/s without issue with a mix of non-decrypted and decrypted traffic utilizing full Threat Prevention without issue. If you're looking to push more than 30Gb/s you'll be maxing threat prevention capabilities on the box. 

L6 Presenter

Re: 5260 Experience

Oh I'm attempting to "melt" the box. I know the spec sheet says 28-33G of "threat" throughput. I've got a unique use case though and really only need these boxes to do threat. (No SSL or ipsec)
L6 Presenter

Re: 5260 Experience

So far this box is a beast...Sending about 20Gb/s with around 280k session/s and it's only at 12% dataplane.

L6 Presenter

Re: 5260 Experience

We're up to 720k sessions/s and DP CPU is still at 14%.  I'm really impressed with the capacity of the box

 

Traffic.PNG

L6 Presenter

Re: 5260 Experience

So here's what I was trying to do and what I eventually deployed.  I've got a fairly extensive tapping infrastructure at my company, which is aggregated into 8 x  40G links into an Gigamon HD4.  These links are essentially the summation of "core / UCS" traffic. 

 

I then took 6 x 10G ports from the HD4 and connected them to the 5260 and configured these in "tap mode" on the 5260.  I know there's going to be some discrepancy is jumping down from 40G to 10G, but unfortunately I didn't have any 40G available on the HD4 so I had to compromise.  Evenso the 5260 seems to be taking the traffic just fine.  I'm not sure how it would perform in an inline deployment, but this box definitely has the legs to take considerable amounts of throughput.

 

App_3Day.PNG

 

 

 

 

L4 Transporter

Re: 5260 Experience

Hi,

 

Nerver tested a PA 5260 but tested a PA5250.

Be carefull if you enaled VSYS !

Inter VSYS traffic was limited to 3,5 Gbps on PA 5250...

 

Regards,

 

HA

L6 Presenter

Re: 5260 Experience


@licenselu wrote:

Hi,

 

Nerver tested a PA 5260 but tested a PA5250.

Be carefull if you enaled VSYS !

Inter VSYS traffic was limited to 3,5 Gbps on PA 5250...

 

Regards,

 

HA


 

That's something great to point out.  I will say though that a 5260 has substainitally more capacity than a 5250.  It's possible the 5260 has a greater capacity.

 

And for clarification you're referring to enabling "multi-vsys," right?  Because "VSYS" is already enabled by default (VSYS1).

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!