07-22-2024 05:24 AM
Hello,
We have a Palo Alto 3260 firewall with two 40 Gbps QSFP+ ports, but its maximum firewall throughput is 8.8 Gbps. How does the firewall handle the traffic entering through the QSFP+ ports, considering the potential incoming traffic exceeds the firewall's throughput capacity? How does the device manage this traffic, and what happens to the packets when the traffic exceeds the firewall's 8.8 Gbps throughput limit? And the percentage of packet dropping is 3%.
Thanks.
07-23-2024 01:22 AM
The 40gb is just link speed so there's no issue there
Once you reach the firewall's maximum capacity, several things can happen depending on the kind of traffic and how much 'over' it's limit you go
the firewall will always try to forward packets accordingly, but may not be able to buffer everything flooding in (if buffering is needed) so packetloss may occur.
you can see buffering via the CLI command > show running resource-monitor
packet buffer:
7 7 7 7 7 7 7 7 7 7 7 7 7 7 7
7 7 7 7 7 7 7 7 7 7 7 7 7 7 7
7 7 7 7 7 7 7 7 7 7 7 7 7 7 7
7 7 7 7 7 7 7 7 7 7 7 7 7 7 7
packet descriptor:
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
buffer is software, descriptor is hardware
07-23-2024 02:55 AM
Thank you for your answer but I checked the device and observed that 40 Gbps of traffic is entering the firewall. I want to understand how it manages to handle 40 Gbps of traffic, especially considering that the packet drop rate is very low.
Thanks again.
07-23-2024 03:48 AM
how are you observing 40gbps?
can you run > show session info
07-23-2024 07:09 AM - edited 07-23-2024 07:17 AM
I would agree with @reaper and where he is likely going. You mention the advertised throughput capacity of the 3260 being substantially lower than the 40Gb transceiver speed, but just because you have network connectivity of 40Gbps doesn't mean there's actually traffic coming to the FW of that or even close to it.
While Palo Alto advertises a certain throughput limit for it's hardware that number is a factor of probably 100+ different variables. In some situations the hardware might be able to do double the advertised throughput or in some cases you might only get 1/4th. The max throughput number is simply a guide customers can use to help gauge the relative performance they could expect from a certain hardware model.
--edit-- shared the hardware specs of the 3200/3400
As an FYI the 3200 hardware platform is being EOLd and replaced with the 3400s. You can see from the specs the 3400s performance is substantially greater than the older 3200 generation.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
