Sometime ago I had to do a stress test for a Cisco FWSM (Firewall Service Module) to see how the resources are consumed and if some potential traffic can temporarly affect the behavior of this device. For those of you who have don’t know what is a Cisco FWSM, here comes the definition: “Cisco Firewall Services Module (FWSM)—a high-speed, integrated firewall module for Cisco Catalyst 6500 switches and Cisco 7600 Series routers—provides the fastest firewall data rates in the industry: 5-Gbps throughput, 100,000 CPS, and 1M concurrent connections”.
Since I didn’t had a hardware packets generator, I had to use a software one: IPerf . This is a tool that measure the maximum TCP or UDP bandwidth performance. Iperf allows the tuning of various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, datagram loss.Also it can run under Linux, Mac and Windows so the platform shouldn’t be a problem for you. As i said before, I used for testing my notebook as packet generator and a Linux server with DNS service enable as destination. Every packet from source (notebook) to destination (DNS server) was passing through FWSM, where it was inspect at OSI Layer 7 (DNS Application). Please check the topology file to have an idea about the configuration. Please be aware that if the packets (in our case DNS) are not to be inspected by FWSM, than the resource utilization of the FWSM is not so high, even in case of big traffic flow.
Please have a look below for the video presentation of the tutorial:
If you cannot see the video tutorial above, please check this text file which present in text mode everything needed to configure to do a stress test tool.
- http://www.cisco.com Troy
- Florin
