DANZ Monitoring Fabric Verified Scale

This document describes the DANZ Monitoring Fabric (DMF) multi-dimension scale test performed with DMF Controllers.

Overview

Network visibility is a growing concern in data centers due to increasing virtualization, service-oriented architecture, and cloud-based IT. However, visibility into network traffic with traditional monitoring infrastructure could be improved. Expensive monitoring infrastructure, including application performance monitoring tools, Intrusion Detection Systems (IDS), and forensic tools, could be more efficiently utilized due to a need for more management of monitored traffic.

DANZ Monitoring Fabric (DMF) is an advanced network monitoring solution that alleviates this problem dramatically. DMF leverages high-performance bare metal Ethernet switches to provide the most scalable, flexible, and cost-effective monitoring fabric. Using an SDN-centric architecture, DMF enables tapping traffic everywhere in the network and delivers it to any troubleshooting, network monitoring, application performance monitoring, or security tool.

At its core is the centralized DMF Controller software that converts user-defined policies into highly optimized flows programmed into the forwarding ASICs of bare metal Ethernet switches running the production-grade switch operating system from Arista Networks. DMF delivers unprecedented network visibility with bare-metal economics, getting the right traffic to the right tool at the right time. With its open and published Application Programming Interfaces (APIs), the DMF Controller allows customers to deploy integrated network monitoring solutions along with the DMF.

Note: This document's scale and performance numbers came from a DMF hardware Controller.

DMF Verified Scale Values

TCAM Rule Limits

The following tables contain the data for the scalability limits tested and verified for the DANZ Monitoring Fabric (DMF).

Table 1. Verified TCAM Rule Limits
Note: The numbers in the following table are the max TCAM values for Ingress flow2 for the switch series listed. The Ingress flow2 TCAM scale depends on features configured in the Controller, which can be less than the max value.
Ingress_flow2 tcam scale
 
  Match Mode 7280R3 Series Switches

7289R3 Chassis Switch

Important: Except the 7280R3 switches referenced in Table 3.
IPv4 TCAM rules per switch (Verified Limit/Max Limit) Full 8180/8188
L3-L4 8180/8188
Offset 8180/8188
IPv6 TCAM rules per switch (Verified Limit/Max Limit) Full 8180/8188
L3-L4 8180/8188
Offset 8180/8188
Match conditions per policy Full IPv4/IPv6 8180/8180
L3-L4 IPv4/IPv6 8180/8180
L3-L4

Offset IPv4/IPv6

 8180/8180
 
  7280R3 Series Switches

7289R3 Chassis Switch
Ingress_flow1 max tcam scale 1024
Egress_flow1 max tcam scale 1024
Table 2. Verified TCAM Rule Limits
Note: The numbers in the following table are the max TCAM values for Ingress flow2 for the switch series listed. TCAM scale depends on features configured in the Controller, which can be less than the max value.
Ingress_flow2 tcam scale
 
Note: The verified TCAM rule limit applies to the whole chassis, not per line card.
 
  Match Mode 7800R3 Series Switches
IPv4 TCAM rules per switch (Verified Limit /Max Limit) Full 8180/8188
L3-L4 8180/8188
Offset 8180/8188
IPv6 TCAM rules per switch (Verified Limit /Max Limit) Full 8180/8188
L3-L4 8180/8188
Offset 8180/8188
Match conditions per policy Full-IPv4/v6 8180/8180
L3-L4IPv4/v6 8180/8180
L3-L4

Offset-IPv4/v6

 8180/8180
 
  7800R3 Series Switches
Ingress_flow1 max tcam scale 1024 × number of line cards
Egress_flow1 max tcam scale 1024 × number of line cards
Table 3. Verified TCAM Rule Limits
Note: The numbers in the following table are the max TCAM values for Ingress flow2 for the switch series listed. TCAM scale depends on features configured in the Controller, which can be less than the max value.
Ingress_flow2 tcam scale
 
  Match Mode 7280SR3E-40YC6 Series Switches, 7280SR3-40YC6 Switch, 7280TR3 Series Switches

IPv4 TCAM Rules per Switch (Verified Limit /Max Limit)

 

Full

 

4084/4088

 

L3-L4

 

4084/4088

 

Offset

 

4084/4088

 

IPv6 TCAM Rules per Switch (Verified Limit /Max Limit)

 

Full

 

4084/4088

 

L3-L4

 

4084/4088

 

Offset

 

4084/4088

 

Match Conditions per Policy

 

Full IPv4/IPv6

 

4084/4084

 

L3-L4 IPv4/IPv6

 

4084/4084

 

L3-L4 Offset IPv4/IPv6

 

4084/4084

 
 
  7280SR3E-40YC6 Series Switches, 7280SR3-40YC6 Switch, 7280TR3 Series Switches
Ingress_flow1 max tcam scale 512
Egress_flow1 max tcam scale 512
Table 4. Verified TCAM Rule Limits
Ingress_flow2 tcam scale
 
  Match Mode 7050X3 Series Switches
IPv4 TCAM rules per switch (Verified Limit /Max Limit) Full 3055/3068
L3-L4 3055/3068
Offset 3055/3068
IPv6 TCAM rules per switch (Verified Limit /Max Limit) Full 2300/3068
L3-L4 2300/3068
Offset 2300/3068
Match conditions per policy Full-IPv4/v6 3055/2300
L3-L4IPv4/v6 3055/2300
L3-L4

Offset-IPv4/v6

 3055/2300
 
  7050X3 Series Switches
Ingress_flow1 max tcam scale 1024
Egress_flow1 max tcam scale 1024
Table 5. Verified TCAM Rule Limits
Ingress_flow2 tcam scale
 
  Match Mode 7260X3 Series Switches
IPv4 TCAM rules per switch (Verified Limit /Max Limit) Full 1015/1020
L3-L4 1015/1020
Offset 1015/1020
IPv6 TCAM rules per switch (Verified Limit /Max Limit) Full 760/1020
L3-L4 760/1020
Offset 760/1020
Match conditions per policy Full-IPv4/v6 1015/760
L3-L4IPv4/v6 1015/760
L3-L4

Offset-IPv4/v6

 1015/760
 
  7260X3 Series Switches
Ingress_flow1 max tcam scale 1024
Egress_flow1 max tcam scale 512
Table 6. Verified TCAM Rule Limits
Ingress_flow2 tcam scale
 
  Match Mode 7050DX4 Series Switches, 7050PX4-32S Switch 7050CX4 Series Switches, 7050SDX4 Series Switches, 7050SPX4 Switch
IPv4 TCAM rules per switch (Verified Limit /Max Limit) Full 4092/4095 6140/6143
L3-L4 4092/4095 6140/6143
Offset 2044/2047 3068/3071
IPv6 TCAM rules per switch (Verified Limit /Max Limit) Full 2044/2047 3068/3071
L3-L4 2044/2047 3068/3071
Offset 2044/2047 3068/3071
Match conditions per policy Full-IPv4/v6 4092/2044 6140/3068
L3-L4IPv4/v6 4092/2044 6140/3068
L3-L4 Offset-IPv4/v6 2044/2044 3068/3068
 
  7050DX4 Series Switches, 7050PX4-32S Switch 7050CX4 Series Switches, 7050SDX4 Series Switches, 7050SPX4 Switch
Ingress_flow1 max tcam scale N/A N/A
Egress_flow1 max tcam scale N/A N/A

Port Channel Interface Limits

Table 7. Verified Port Channel Interface Limits on Arista 7050X3 and 7260X3 Series Switches

Arista 7050X3 and 7260X3 Series Switches
 
  Maximum Hardware/Software Verified Limits
Number of Port Channel Interfaces Per Switch 64 10
Number of Port Channel Member Interfaces 32 32
Table 8. Verified Port Channel Interface Limits on Arista 7280R3 Series of Switches

Arista 7280R3 Series of Switches
 
  Maximum Hardware/Software Verified Limits
Number of Port Channel Interfaces Per Switch 1024 16
Number of Port Channel Member Interfaces 32 32

Tunnel Interface Limits

Verified VXLAN and L2GRE Tunnel Interface Limits on Arista 7050X3 and 7260X3 Series Switches

Arista 7050X3 and 7260X3 Series of Switches

Table 9. Verified VXLAN Tunnel Interface Limits
  Maximum Hardware/Software Limit Verified Limits
VXLAN Rx Tunnels per Switch 2000 2000
VXLAN Bidirectional / Tx Tunnels per Switch Depends on available ports on switch.1 60
Table 10. Verified L2GRE Tunnel Interface Limits
  Maximum Hardware/Software Limit Verified Limits
L2GRE Rx Tunnels per Switch 2000 2000
L2GRE Bidirectional / Tx Tunnels per Switch Depends on available ports on switch. 60

Functional Limits

Table 11. Verified Functional Limits
Functionality Verified Limits
Filter Interfaces per switch 128
Delivery interfaces per switch 128
Services Chained in a Policy 4
User created policies per fabric (Disable overlap to create more than 200 user policies) 200
Max number of policies which can overlap 10 (Default is 4)
Max number of policies per fabric (user + dynamic policies) 4000
Switches per Fabric 150
Filter interfaces per Fabric 1500
Delivery interfaces per Fabric 1000
Managed Services Per Fabric 40
Managed Services Per Switch 40
No of Service Nodes Per Fabric 5
Filter interfaces per policy per Fabric 1000
Connected devices per fabric 100
IPv4 address groups 170
IPv4 addresses per group 20000
IPv6 address groups 50
IPv6 addresses per group 100
Maximum RTT between active and standby Controller, between switch and Controllers 300 ms
Maximum Users 500
Maximum Groups 500
Unmanaged Service interfaces per switch 44
Unmanaged Service per switch 22
Unmanaged Service interfaces per Fabric 100
Unmanaged Service per switch 50

Naming Conventions

Table 12. Naming Conventions
  Minimum Length Maximum Length Allowed Pattern
Username 1 255 [a-zA-Z][-0-9a-zA-Z_]*
Password 1 255 [0-9a-zA-Z,./;[]<>?:{}|❵~!@#$%^&*()_+-=]
Group Name 1 255 [a-zA-Z][-0-9a-zA-Z_]*
Filter Interface Name 1 255 [a-zA-Z][-.:0-9a-zA-Z_]*
Delivery Interface Name 1 255 [a-zA-Z][-.:0-9a-zA-Z_]*
Service Interface Name 1 255 [a-zA-Z][-.:0-9a-zA-Z_]*
Service Name 1 255 [a-zA-Z][-.:0-9a-zA-Z_]*

DMF Service Node Verified Scale Values

NetFlow Scale Values

Table 13. Verified NetFlow Scale Values
DMF Service Node: Netflow Verified Limits
Service Node Throughput per port 2
(DCA-DM-SC, DCA-DM-SDL)
  • 10 Gbps for IMIX traffic.
(DCA-DM-SEL)
  • 20 Gbps for IMIX traffic.
Max Packets processed per port
(DCA-DM-SC3)
  • 6.0 million pps per port when 1 port is used.

    (DCA-DM-SDL4)

  • 5.5 million pps per port when 1 port is used.

    (DCA-DM-SEL5)

  • 7.5 million pps per port when 1 port is used.

    (DCA-DM-SC3)

  • 5.5 million pps per port when 2 ports on the same NIC are used.

    (DCA-DM-SDL4)

  • 5.0 million pps per port when 4 ports on the same NIC are used.

    (DCA-DM-SEL5)

  • 7.0 million pps per port when 2 ports on the same NIC are used.

    (DCA-DM-SDL4)

  • 4.0 million pps per port when 16 port are used.

    (DCA-DM-SEL5)

  • 6.0 million pps per port when 16 ports are used.
Expected Netflow Traffic out of per service node port 300Mbps 6
Max Number of Flows supported 1 million per port of supported managed-appliances.

16 million per 16 ports of supported managed-appliances.
Note:All executed test cases send 10Gbps traffic to supported 10G service node ports with 1 million flows.
Note: All executed test cases send 20Gbps traffic to the DCA-DM-SEL.

IPFIX Scale Values

Table 14. IPFIX Template Used
IPV4 Template IPV6 Template
  • key destination-ipv4-address
  • key destination-ipv6-address
  • key destination-transport-port
  • key destination-transport-port
  • key dot1q-vlan-id
  • key dot1q-vlan-id
  • key source-ipv4-address
  • key source-ipv6-address
  • key source-transport-port
  • key source-transport-port
  • field flow-end-milliseconds
  • field flow-end-milliseconds
  • field flow-end-reason
  • field flow-end-reason
  • field flow-start-milliseconds
  • field flow-start-milliseconds
  • field maximum-ttl
  • field maximum-ttl
  • field minimum-ttl
  • field minimum-ttl
  • field packet-delta-count
  • field packet-delta-count
Note: All executed test cases send 10Gbps traffic to all supported 10G service node ports with 1 million flows.
Table 15. Verified IPFIX Scale Values
DMF Service Node: IPFIX IPv4 Verified Limits IPv6 Verified Limits
Service Node Throughput per port. 7
(DCA-DM-SC)
  • 10 Gbps for IMIX traffic.
(DCA-DM-SEL)
  • 20 Gbps for IMIX traffic.
(DCA-DM-SC)
  • 10 Gbps for IMIX traffic.
(DCA-DM-SEL)
  • 11 Gbps for IMIX traffic.
Max Packets processed per port.
(DCA-DM-SC8)
  • 7.5 million pps per port when 1 port is used.
  • 7.0 million pps per port when 2 ports on the same NIC are used.
(DCA-DM-SEL9)
  • 9.5 million pps per port when 1 port is used.
  • 8.5 million pps per port when 2 ports on the same NIC are used.
  • 7.0 million pps per port when 16 ports are used.
(DCA-DM-SC8)
  • 6.4 million pps per port when 1 port is used.
  • 6.0 million pps per port when 2 ports on the same NIC are used.
(DC-DM-SEL9)
  • 7.5 million pps per port when 1 port is used.
  • 7.5 million pps per port when 2 ports on the same NIC are used.
  • 6.5 million pps per port when 16 ports are used.

Expected IPFIX Traffic out of per service node port.

 300 Mbps 10 . 500 Mbps10 .
Max Number of Flows tested per port.

(DCA-DM-SC)

  • 1 million per port.
  • 4 million when 4 ports are used.

(DCA-DM-SEL)

  • 16 million when 16 ports are used.

(DCA-DM-SC)

  • 1 million per port.
  • 4 million when 4 ports are used.

(DCA-DM-SEL)

  • 16 million when 16 ports are used.

Deduplication Verified Scale Values

Table 16. Verified Scale for Deduplication Managed Services
Managed Service One Service Node Port 4 Service Node Ports 16 Service Node Ports
Deduplication Maximum Packet Rate Processed
(DCA-DM-SC)
  • 2 ms window: 14 million pps.
  • 4, 6 ms window: 13 million pps.
  • 8 ms window: 11 million pps.
(DCA-DM-SDL)
  • 2 ms window: 14 million pps.
  • 4, 6 ms window: 13 million pps.
  • 8 ms window: 11 million pps.
(DCA-DM-SEL)
  • 2 ms window: 19 million pps.
  • 4, 6 ms window: 18 million pps.
  • 8 ms window: 16 million pps.
(DCA-DM-SC)
  • 2 ms window: 13 million pps per port when 4 ports are used.
  • 4, 6 ms window: 13 million pps per port when 4 ports are used.
  • 8 ms window: 11 million pps per port when 4 ports are used.

(DCA-DM-SDL)

  • 2, 4, 6, 8 ms window: 8 million pps.
(DCA-DM-SEL)11
  • 2 ms window: 17.5 million pps per port when 2 ports on the same NIC are used.
  • 4, 6 ms window: 16.5 million pps per port when 2 ports on the same NIC are used.
  • 8 ms window: 15.5 million pps per port when 2 ports on the same NIC are used.
(DCA-DM-SDL)
  • 2, 4, 6, 8 ms window: 8 million pps.
(DCA-DM-SEL)
  • 2, 4, 6, 8 ms window: 15.5 million unique pps.
Deduplication Maximum Bandwidth by Service Node Port12

(DCA-DM-SC, DCA-DM-SDL)

10 Gbps for IMIX traffic.
  • 2 ms window: It handles 10 Gbps traffic per port with average packet size > 70 bytes.
  • 4, 6 ms window: It handles 10 Gbps traffic per port with average packet size > 76 bytes.
  • 8 ms window: It handles 10 Gbps traffic per port with average packet size > 94 bytes.

(DCA-DM-SEL)

20 Gbps for IMIX traffic.
  • 2 ms window: It handles 20 Gbps traffic per port with average packet size > 110 bytes.
  • 4, 6 ms window: It handles 20 Gbps traffic per port with average packet size > 120 bytes.
  • 8 ms window: It handles 20 Gbps traffic per port with average packet size > 140 bytes.

(DCA-DM-SC)

40 Gbps for IMIX traffic.
  • 2 ms window: It handles 10 Gbps traffic per port with average packet size > 76 bytes.
  • 4, 6 ms window: It handles 10 Gbps traffic per port with average packet size > 76 bytes.
  • 8 ms window: It handles 10 Gbps traffic per port with average packet size > 94 bytes.

(DCA-DM-SDL)

  • 40 Gbps. Handles line-rate IMIX traffic. Service node ports handles 10G line-rate traffic per port with average packet size > 140 bytes.

(DCA-DM-SEL)13

80 Gbps for IMIX traffic.
  • 2 ms window: It handles 20 Gbps traffic per port with average packet size > 120 bytes.
  • 4, 6 ms window: It handles 20 Gbps traffic per port with average packet size > 130 bytes.
  • 8 ms window: It handles 20 Gbps traffic per port with average packet size > 140 bytes.

(DCA-DM-SDL)

160 Gbps for IMIX traffic.
  • Handles line-rate IMIX traffic. Service node ports handles 10G line-rate traffic per port with average packet size > 140 bytes.

(DCA-DM-SEL)13

320 Gbps for IMIX traffic.
  • Service node ports handles 20 Gbps traffic per port with average packet size > 140 bytes.
Note: Tested for 100%, 50%, 20%, and 0% deduplication by sending 10Gbps traffic with different packet sizes.

Header Stripping Verified Scale Values

Table 17. Header Stripping Verified Scale Values
Managed Service One Service Node Port 4 Service Node Port 16 Service Node Port
Header Stripping Maximum Packet Rate Processed

(DCA-DM-SC)

  • 14 million pps per port.

(DCA-DM-SDL)

  • 12 million pps per port.

(DCA-DM-SEL)

  • 29 million pps per port.

(DCA-DM-SC)

  • 14 million pps per port.

(DCA-DM-SDL)

  • 8 million pps per port.

(DCA-DM-SEL)

  • 29 million pps per port.

(DCA-DM-SDL)

  • 7.5 million pps per port.

(DCA-DM-SEL)

  • 14.5 million pps per port.
Header Stripping Maximum Bandwidth by Service Node Port14

(DCA-DM-SC)

  • 10 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 70 bytes.
(DCA-DM-SDL)
  • 10 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 85 bytes.

(DCA-DM-SEL)

  • 20 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 90 bytes.

(DCA-DM-SC)

  • 40 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 70 bytes.
(DCA-DM-SDL)
  • 40 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 140 bytes.

(DCA-DM-SEL)

  • 80 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 90 bytes.

(DCA-DM-SDL)

  • 160 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 145 bytes.

(DCA-DM-SEL)

  • 320 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 190 bytes.
Note: Tested VXLAN, MPLS, ERSPAN15 and LISP encapsulated packets of different sizes at line rate.

Slicing, Masking and Pattern Matching Verified Scale Values

This section summarizes the verified scale values for DMF Service Node managed services.
  • Slicing
  • Masking
  • Pattern Matching
Table 18. Verified Scale for Packet Slicing as a Managed Service
Processing rate and supported bandwidth 16 One Service Node Port 4 Service Node Ports 16 Service Node Ports
Maximum Packet Rate Processed

(DCA-DM-SC)

  • 14 million pps per port

(DCA-DM-SDL)

  • 14 million pps per port

(DCA-DM-SEL)

  • 29.5 million pps per port

(DCA-DM-SC)

  • 13 million pps per port

(DCA-DM-SDL)

  • 8 million pps per port

(DCA-DM-SEL)

  • 17.5 million pps per port

(DCA-DM-SDL)

  • 8 million pps per port.

(DCA-DM-SEL)

  • 17.5 million pps per port.
Maximum Bandwidth by Service Node

(DCA-DM-SC, DCA-DM-SDL)

  • 10 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SEL)

  • 20 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 85 bytes.

(DCA-DM-SC)

  • 40 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SDL)

  • 40 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 140 bytes.

(DCA-DM-SEL)

  • 80 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 160 bytes.

(DCA-DM-SDL)

  • 160 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 140 bytes.

(DCA-DM-SEL)

  • 320 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 160 bytes.
Note: Tested different packet sizes with line rate traffic.
Table 19. Verified Scale for Packet Masking as a Managed Service
Processing rate/bandwidth supported 17 One Service Node Port 4 Service Node Ports 16 Service Node Ports
Maximum Packet Rate Processed Depending on regex pattern

DCA-DM-SC supports 40% of 10 Gbps traffic or more per port.

DCA-DM-SEL supports 31%18 of 20 Gbps 19 traffic or more per port.
Maximum Bandwidth by Service Node Port Depending on regex pattern

One Service Node port handles about 40% of 10 Gbps traffic or more.

To get 10 Gbps performance, use LAG with 2 or more Service Node ports.
Table 20. Verified Scale for Pattern Matching as a Managed Service
Processing rate/bandwidth supported 20 One Service Node Port 4 Service Node Ports 16 Service Node Ports
Maximum Packet Rate Processed Depending on regex pattern

One Service Node port handles about 50% of 10 Gbps traffic or more.

DCA-DM-SEL supports 36%18 of 20 Gbps19 traffic or more per port.
Maximum Bandwidth by Service Node Port Depending on regex pattern

One Service Node port handles about 50% of 10 Gbps traffic or more.

To get 10 Gbps performance, use LAG with 2 or more Service Node ports.
Note: The performance of packet masking or packet matching depends on the packet length and the complexity of the regular expression.

Session Slice Scale Values

This section summarizes the verified scale values for TCP and UDP session-slicing configured as a managed service action.

Session-Slice Scale Values for UDP

Service Node Port IPv4 UDP Session IPv6 UDP Session IPv4/6 UDP Session
One 524000 Max sessions 524000 Max sessions 1 Million Max sessions
4 Port 2 Million Max sessions 2 Million Max sessions 4 Million Max sessions

Session-Slice Scale Values for TCP

Service Node Port IPV4 TCP Session IPV6 TCP Session IPv4/6 TCP Session
One 524000 Max sessions 524000 Max sessions 1 Million Max sessions
4 Port 2 Million Max sessions 2 Million Max sessions 4 Million Max sessions

Each service node port supports 524000 maximum sessions for each traffic type - TCP/UDP/TCP6/UDP6. With mixed traffic (TCP,TCP6,UDP,UDP6), each service node port supports a maximum of 2 million sessions.

Analytics Node Verified Scale Values

This section displays the tested scalability values for the Analytics Node.

Table 21. Analytics Node Scale Performance Results
  Single Node Cluster Three Node Cluster Five Node Cluster
ARP 20,000 pkts/sec 60,000 pkts/sec 100,000 pkts/sec
DHCP 15,000 pkts/sec 30,000 pkts/sec 60,000 pkts/sec
ICMP 15,000 pkts/sec 40,000 pkts/sec 80,000 pkts/sec
DNS 8,000 pkts/sec 20,000 pkts/sec 32,000 pkts/sec
TCPFlow 6,000 flows/ 18,000 flows/sec 30,000 flows/sec
sFLOW®* 12,000 flows/sec 30,000 flows/sec 70,000 flows/sec
NetFlow v5 without Optimization22 12,000 flows/sec 32,000 flows/sec 60,000 flows/sec
IPFIX without Optimization22 9,000 flows/sec 27,000 flows/sec 45,000 flows/sec
NetFlow v9 without Optimization22 9,000 flows/sec 27,000 flows/sec 45,000 flows/sec
All the Above Cases Combined: 23 ARP: 800 pkts/sec

DHCP: 500 pkts/sec

ICMP: 300 pkts/sec

DNS: 3,000 pkts/sec

TCPFlow: 300 flows/sec

sFLOW: 3,000 flows/sec

Netflow version 5: 5,000 flows/sec

 ARP: 1,800 pkts/sec

DHCP: 900 pkts/sec

ICMP: 1,200 pkts/sec

DNS: 6,000 pkts/sec

TCPFlow: 400 flows/sec

sFLOW: 6,000 flows/sec

Netflow version 5: 10,000 flows/sec

 ARP: 2,000 pkts/sec

DHCP: 1,200 pkts/sec

ICMP: 2,000 pkts/sec

DNS: 8,000 pkts/sec

TCPFlow: 500 flows/sec

sFLOW: 8,000 flows/sec

Netflow version 5: 13,000 flows/sec
Note: The above test measurements were performed with 60% average CPU Utilization.

Recorder Node Verified Scale Values

This section displays the tested performance numbers for the Recorder Node with no-drop packet capture characteristics.

Table 22. Maximum packets recorded on a DCA-DM-RA3 Recorder Node
Packet Size (Bytes) Packets per second Maximum Bandwidth (Gbps)
1500 Bytes or greater ~1.98 million 24 Gbps
512 Bytes or greater ~4.7 million 20 Gbps
IMIX ~6.3 million 19 Gbps
256 Bytes or greater ~8.6 million 19 Gbps

 

Table 23. Maximum packets recorded on a DCA-DM-RN760 Recorder Node
Packet Size (Bytes) Packets per second Maximum Bandwidth (Gbps)
1500 Bytes or greater ~1.52 million 20 Gbps
512 Bytes or greater ~4.01 million 18 Gbps
IMIX ~5.40 million 17 Gbps
256 Bytes or greater ~6.24 million 14 Gbps

 

Table 24. Maximum packets recorded on a DCA-DM-RN760L Recorder Node
Packet Size (Bytes) Packets per second Maximum Bandwidth (Gbps)
1500 Bytes or greater ~1.60 million 22 Gbps
512 Bytes or greater ~4.34 million 20 Gbps
IMIX ~5.72 million 18 Gbps
256 Bytes or greater ~7.58 million 19 Gbps

 

Note: IMIX is a 7:4:1 distribution of 64, 570, and 1518-byte Ethernet-encapsulated packets, leading to a 353-byte packet size average.
1Configuration of Bidirectional / Tx Tunnels would require using an additional port. Therefore maximum number of supported Bidirectional / Tx Tunnels would be limited to number of free ports available on the switch.
2In push-per-policy mode, a 4-byte internal VLAN tag is added to the traffic and this reduces the maximum bandwidth supported.
3DCA-DM-SC Service Node (4x10G) handles 10 Gbps per port with average packet size >= 210 bytes.
4DCA-DM-SDL Service Node (16x10G) handles 10 Gbps traffic per port with average packet size >= 285 bytes.
5DCA-DM-SEL Service Node (16x25G) handles 20 Gbps traffic per port with average packet size >= 68 bytes.
6Measured when each service node port sent 1 million flow records at the same time.
7In push-per-policy mode, a 4-byte internal VLAN tag is added to the traffic and this reduces the maximum bandwidth supported and recommended.
8DCA-DM-SC (4x10G) handles 10Gbps traffic per port with average packet size IPv4>= 160 byte for IPv6 >=190 byte.
9DCA-DM-SEL (16x25G) handles 20Gbps traffic per port with average packet size IPv4 >= 68 byte and 10Gbps traffic per port with average packet size IPV6 >= 218 bytes.
10Measured when service node exports ipfix data packets representing 1 million unique flows information with default eviction timers.
11DCA-DM-SEL NIC Hardware configuration is 2 Port, Published numbers represent NIC card Performance.
12In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
13DCA-DM-SEL maximum supported bandwidth per port is 20 Gig.
14In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
15DCA-DM-SEL support of ERSPAN managed-service has limitations.
16In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
17In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
18With regex \d{3}-\d{2}-\d{4} to match/mask/drop packets with Social Security numbers in a 64 byte packet, DCA-DM-SEL can handle 11 million pps. With regex \d{4}[\s\-]*\d{4}[\s\-]*\d{4}[\s\-]*\d{4} to match/mask/drop packets with credit card numbers in a 68 byte packet, DCA-DM-SEL supports masking service 11 million pps. Higher the packet size and position of match string in the packet will influence performance. Performance can be optimized by setting appropriate l4-payload off-set value.
19Two ports belongs to single NIC card.
20In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
*sFlow® is a registered trademark of Inmon Corp.
22The Netflow with optimization test cases yield a result of 100,000 flows/sec for a single analytics node cluster. For more details about Netflow optimization, please refer to the Arista Analytics User Guide.
23The rate of traffic chosen is for testing purposes only. In production network the rate of traffic for each protocol may vary.