Good discussion guys
just wanted to summarize - some of this you may already know - so please read this as a review
- All quoted throughput numbers are for applicative traffic - and the max throughput is the max applicative traffic that can be inspected
- max throughput has no relationship to the speed of the NIC - these are two distinct values and are not related
- The impact of non-applicative traffic
First - it is important to understand the messaging in this regard
- it used to be communicated that non-applicative traffic had either no or minimal impact
- that may have been fair to say for our very early releases
- but that is not the situation in todays deployments - non-applicative traffic has an impact
What has changed
- the primary thing that has changed is a combination of new features and better/advanced inspection which both require more resources
- with the current resource requirements non-applicative traffic becomes more of a factor
If non-applicative traffic is not inspected how can it be a factor
- this is a very common question
- the answer begins with another question - how do we know if its applicative or not
- answer - you have to look at all the traffic to see if it needs inspected
- This means every connection must at least be examined to determine if its applicative or not
- this takes resources
Are their guidelines on how much non-applicative traffic can be sent through
- There is no accurate guideline that can be applied to all deployments
- the reason, as Jason mentioned, - has to do with the type of traffic
- if we have a really chatty application going through and it does NOT need to be inspected - that will consume more resources simply because there are more connections that need to be classified as being applicative or non-applicative
Simply based on experience I personally would say 25% non-applicative should be - emphasis on should - within the limits we can manage
The closer you get to 50% the more you could expect to see unexpected behavior
So, to answer the base question - if we exceed the max throughput should we see latency IF we are exceeding that max limit due to non-applicative traffic?
- Yes - the more exceed max throughput - even if its non-applicative - the more likely it is you see some degradation