DANZ Monitoring Fabric Verified Scale

This document describes the DANZ Monitoring Fabric (DMF) multi-dimension scale test performed with DMF Controllers.

Overview

Network visibility is a growing concern in data centers due to increasing virtualization, service-oriented architecture, and cloud-based IT. However, visibility into network traffic with traditional monitoring infrastructure could be improved. Expensive monitoring infrastructure, including application performance monitoring tools, Intrusion Detection Systems (IDS), and forensic tools, could be more efficiently utilized due to a need for more management of monitored traffic.

DANZ Monitoring Fabric (DMF) is an advanced network monitoring solution that alleviates this problem dramatically. DMF leverages high-performance bare metal Ethernet switches to provide the most scalable, flexible, and cost-effective monitoring fabric. Using an SDN-centric architecture, DMF enables tapping traffic everywhere in the network and delivers it to any troubleshooting, network monitoring, application performance monitoring, or security tool.

At its core is the centralized DMF Controller software that converts user-defined policies into highly optimized flows programmed into the forwarding ASICs of bare metal Ethernet switches running the production-grade switch operating system from Arista Networks. DMF delivers unprecedented network visibility with bare-metal economics, getting the right traffic to the right tool at the right time. With its open and published Application Programming Interfaces (APIs), the DMF Controller allows customers to deploy integrated network monitoring solutions along with the DMF.

Note: This document's scale and performance numbers came from a DMF hardware Controller.

DMF Verified Scale Values

TCAM Rule Limits

The following tables contain the data for the scalability limits tested and verified for the DANZ Monitoring Fabric (DMF).

Table 1. Verified TCAM Rule Limits
  Match Mode 7280R Series Switches 7280R2 Series Switches 7280R3 Series Switches
Important: Except the 7280R3 switches referenced in Table 3.
IPv4 TCAM rules per switch (Verified Limit/Max Limit) Full 6140/6144 6140/6144 8180/8188
L3-L4 6140/6144 6140/6144 8180/8188
Offset 6140/6144 6140/6144 8180/8188
IPv6 TCAM rules per switch (Verified Limit/Max Limit) Full 6140/6144 6140/6144 8180/8188
L3-L4 6140/6144 6140/6144 8180/8188
Offset 6140/6144 6140/6144 8180/8188
Match conditions per policy Full IPv4/IPv6 6140/6140 6140/6140 8180/8180
L3-L4 IPv4/IPv6 6140/6140 6140/6140 8180/8180
L3-L4

Offset IPv4/IPv6

 6140/6140 6140/6140 8180/8180
Table 2. Verified TCAM Rule Limits
Note: The verified TCAM rule limit applies to the whole chassis, not per line card.
  Match Mode 7800R3 Series Switches
IPv4 TCAM rules per switch (Verified Limit /Max Limit) Full 8180/8188
L3-L4 8180/8188
Offset 8180/8188
IPv6 TCAM rules per switch (Verified Limit /Max Limit) Full 8180/8188
L3-L4 8180/8188
Offset 8180/8188
Match conditions per policy Full-IPv4/v6 8180/8180
L3-L4IPv4/v6 8180/8180
L3-L4

Offset-IPv4/v6

 8180/8180
Table 3. Verified TCAM Rule Limits
  Match Mode 7020SR/TR Series Switches 7280SR3, 7280SR3E, 7280TR3 Series Switches

IPv4 TCAM Rules per Switch (Verified Limit /Max Limit)

 

Full

 

4084/4088

 

4084/4088

 

L3-L4

 

4084/4088

 

4084/4088

 

Offset

 

4084/4088

 

4084/4088

 

IPv6 TCAM Rules per Switch (Verified Limit /Max Limit)

 

Full

 

4084/4088

 

4084/4088

 

L3-L4

 

4084/4088

 

4084/4088

 

Offset

 

4084/4088

 

4084/4088

 

Match Conditions per Policy

 

Full IPv4/IPv6

 

4084/4084

 

4084/4084

 

L3-L4 IPv4/IPv6

 

4084/4084

 

4084/4084

 

L3-L4 Offset IPv4/IPv6

 

4084/4084

 

4084/4084

 
Table 4. Verified TCAM Rule Limits
  Match Mode Dell S4048F-ON Dell S4048-48T 7050X3 Series Switches / Dell S5248F-ON / Dell S5232F-ON
IPv4 TCAM rules per switch (Verified Limit /Max Limit) Full 2040/2044 8100/8188 3055/3068
L3-L4 4088/4092 8100/8188 3055/3068
Offset 2040/2044 8100/8188 3055/3068
IPv6 TCAM rules per switch (Verified Limit /Max Limit) Full 1535/2044 6100/8188 2300/3068
L3-L4 1535/4092 6100/8188 2300/3068
Offset 1535/2044 6100/8188 2300/3068
Match conditions per policy Full-IPv4/v6 2040/1535 8100/6100 3055/2300
L3-L4IPv4/v6 4088/1535 8100/6100 3055/2300
L3-L4

Offset-IPv4/v6

 2040/1535 8100/6100 3055/2300
Table 5. Verified TCAM Rule Limits
  Match Mode 7260X3 Series Switches / Dell Z9264F-ON
IPv4 TCAM rules per switch (Verified Limit /Max Limit) Full 1015/1020
L3-L4 1015/1020
Offset 1015/1020
IPv6 TCAM rules per switch (Verified Limit /Max Limit) Full 760/1020
L3-L4 760/1020
Offset 760/1020
Match conditions per policy Full-IPv4/v6 1015/760
L3-L4IPv4/v6 1015/760
L3-L4

Offset-IPv4/v6

 1015/760
Table 6. Verified TCAM Rule Limits
  Match Mode Dell S4112F-ON / Dell S4148F-ON
IPv4 TCAM rules per switch (Verified Limit /Max Limit) Full 4088/4092
L3-L4 8100/8188
Offset 4088/4092
IPv6 TCAM rules per switch (Verified Limit /Max Limit) Full 3060/4092
L3-L4 3060/8188
Offset 3060/4092
Match conditions per policy Full-IPv4/v6 4088/3060
L3-L4IPv4/v6 8100/3060
L3-L4

Offset-IPv4/v6

 4088/3060

Port Channel Interface Limits

Table 7. Verified Port Channel Interface Limits on Arista 7050X3, 7260X3 and Dell Series Switches
Arista 7050X3 and 7260X3 Series Switches, Dell S4048F-ON, Dell S4048-48T, Dell S5232-ON, Dell S5248F-ON, Dell Z9264F-ON
  Maximum Hardware/Software Verified Limits
Number of Port Channel Interfaces Per Switch 64 10
Number of Port Channel Member Interfaces 32 32
Table 8. Verified Port Channel Interface Limits on Arista 7280R, 7280R2, 7280R3 Series of Switches
Arista 7280R, 7280R2 and 7280R3 Series of Switches
  Maximum Hardware/Software Verified Limits
Number of Port Channel Interfaces Per Switch 1024 16
Number of Port Channel Member Interfaces 32 32

Tunnel Interface Limits

Table 9. Verified VXLAN and L2GRE Tunnel Interface Limits on Arista 7050X3, 7260X3 and Dell Series Switches
Arista 7050X3 and 7260X3 Series of Switches, Dell S4048F-ON, Dell S4048-48T, Dell S5232-ON, Dell S5248F-ON, Dell Z9264F-ON
Table 10. Verified VXLAN Tunnel Interface Limits
  Maximum Hardware/Software Limit Verified Limits
VXLAN Rx Tunnels per Switch 2000 2000
VXLAN Bidirectional / Tx Tunnels per Switch Depends on available ports on switch.1 60
Table 11. Verified L2GRE Tunnel Interface Limits
 

Maximum

Hardware/Software Limit

 Verified Limits
L2GRE Rx Tunnels per Switch 2000 2000
L2GRE Bidirectional / Tx Tunnels per Switch Depends on available ports on switch. 60

Functional Limits

Table 12. Verified Functional Limits
Functionality Verified Limits
Filter Interfaces per switch 128
Delivery interfaces per switch 128
Services Chained in a Policy 4
User created policies per fabric (Disable overlap to create more than 200 user policies) 200
Max number of policies which can overlap 10 (Default is 4)
Max number of policies per fabric (user + dynamic policies) 4000
Switches per Fabric 150
Filter interfaces per Fabric 1500
Delivery interfaces per Fabric 1000
Managed Services Per Fabric 40
Managed Services Per Switch 40
No of Service Nodes Per Fabric 5
Filter interfaces per policy per Fabric 1000
Connected devices per fabric 100
IPv4 address groups 170
IPv4 addresses per group 20000
IPv6 address groups 50
IPv6 addresses per group 100
Maximum RTT between active and standby Controller, between switch and Controllers 300 ms
Maximum Users 500
Maximum Groups 500
Unmanaged Service interfaces per switch 44
Unmanaged Service per switch 22
Unmanaged Service interfaces per Fabric 100
Unmanaged Service per switch 50

Naming Conventions

Table 13. Naming Conventions
 

Minimum Length

Maximum Length

Allowed Pattern
Username 1 255 [a-zA-Z][-0-9a-zA-Z_]*
Password 1 255 [0-9a-zA-Z,./;[]<>?:{}|❵~!@#$%^&*()_+-=]
Group Name 1 255 [a-zA-Z][-0-9a-zA-Z_]*
Filter Interface Name 1 255 [a-zA-Z][-.:0-9a-zA-Z_]*
Delivery Interface Name 1 255 [a-zA-Z][-.:0-9a-zA-Z_]*
Service Interface Name 1 255 [a-zA-Z][-.:0-9a-zA-Z_]*
Service Name 1 255 [a-zA-Z][-.:0-9a-zA-Z_]*

DMF Service Node Verified Scale Values

NetFlow Scale Values

Table 14. Verified NetFlow Scale Values
DMF Service Node: Netflow Verified Limits
Service Node Throughput per port 2
(DCA-DM-SC, DCA-DM-SDL)
  • 10 Gbps for IMIX traffic.
(DCA-DM-SEL)
  • 20 Gbps for IMIX traffic.
Max Packets processed per port
(DCA-DM-SC3)
  • 6.0 million pps per port when 1 port is used.

    (DCA-DM-SDL4)

  • 5.5 million pps per port when 1 port is used.

    (DCA-DM-SEL5)

  • 7.5 million pps per port when 1 port is used.

    (DCA-DM-SC3)

  • 5.5 million pps per port when 2 ports on the same NIC are used.

    (DCA-DM-SDL4)

  • 5.0 million pps per port when 4 ports on the same NIC are used.

    (DCA-DM-SEL5)

  • 7.0 million pps per port when 2 ports on the same NIC are used.

    (DCA-DM-SDL4)

  • 4.0 million pps per port when 16 port are used.

    (DCA-DM-SEL5)

  • 6.0 million pps per port when 16 ports are used.
Expected Netflow Traffic out of per service node port 300Mbps 6
Max Number of Flows supported 1 million per port of supported managed-appliances.

16 million per 16 ports of supported managed-appliances.
Note:All executed test cases send 10Gbps traffic to supported 10G service node ports with 1 million flows.
Note: All executed test cases send 20Gbps traffic to the DCA-DM-SEL.

IPFIX Scale Values

Table 15. IPFIX Template Used
IPV4 Template IPV6 Template
  • key destination-ipv4-address
  • key destination-ipv6-address
  • key destination-transport-port
  • key destination-transport-port
  • key dot1q-vlan-id
  • key dot1q-vlan-id
  • key source-ipv4-address
  • key source-ipv6-address
  • key source-transport-port
  • key source-transport-port
  • field flow-end-milliseconds
  • field flow-end-milliseconds
  • field flow-end-reason
  • field flow-end-reason
  • field flow-start-milliseconds
  • field flow-start-milliseconds
  • field maximum-ttl
  • field maximum-ttl
  • field minimum-ttl
  • field minimum-ttl
  • field packet-delta-count
  • field packet-delta-count
Note: All executed test cases send 10Gbps traffic to all supported 10G service node ports with 1 million flows.
Table 16. Verified IPFIX Scale Values
DMF Service Node: IPFIX IPv4 Verified Limits IPv6 Verified Limits
Service Node Throughput per port. 7
(DCA-DM-SC)
  • 10 Gbps for IMIX traffic.
(DCA-DM-SEL)
  • 20 Gbps for IMIX traffic.
(DCA-DM-SC)
  • 10 Gbps for IMIX traffic.
(DCA-DM-SEL)
  • 11 Gbps for IMIX traffic.
Max Packets processed per port.
(DCA-DM-SC8)
  • 7.5 million pps per port when 1 port is used.
  • 7.0 million pps per port when 2 ports on the same NIC are used.
(DCA-DM-SEL9)
  • 9.5 million pps per port when 1 port is used.
  • 8.5 million pps per port when 2 ports on the same NIC are used.
  • 7.0 million pps per port when 16 ports are used.
(DCA-DM-SC8)
  • 6.4 million pps per port when 1 port is used.
  • 6.0 million pps per port when 2 ports on the same NIC are used.
(DC-DM-SEL9)
  • 7.5 million pps per port when 1 port is used.
  • 7.5 million pps per port when 2 ports on the same NIC are used.
  • 6.5 million pps per port when 16 ports are used.

Expected IPFIX Traffic out of per service node port.

 300 Mbps 10 . 500 Mbps10 .
Max Number of Flows tested per port.

(DCA-DM-SC)

  • 1 million per port.
  • 4 million when 4 ports are used.

(DCA-DM-SEL)

  • 16 million when 16 ports are used.

(DCA-DM-SC)

  • 1 million per port.
  • 4 million when 4 ports are used.

(DCA-DM-SEL)

  • 16 million when 16 ports are used.

Deduplication Verified Scale Values

Table 17. Verified Scale for Deduplication Managed Services
Managed Service One Service Node Port 4 Service Node Ports 16 Service Node Ports
Deduplication Maximum Packet Rate Processed
(DCA-DM-SC)
  • 2 ms window: 14 million pps.
  • 4, 6 ms window: 13 million pps.
  • 8 ms window: 11 million pps.
(DCA-DM-SDL)
  • 2 ms window: 14 million pps.
  • 4, 6 ms window: 13 million pps.
  • 8 ms window: 11 million pps.
(DCA-DM-SEL)
  • 2 ms window: 19 million pps.
  • 4, 6 ms window: 18 million pps.
  • 8 ms window: 16 million pps.
(DCA-DM-SC)
  • 2 ms window: 13 million pps per port when 4 ports are used.
  • 4, 6 ms window: 13 million pps per port when 4 ports are used.
  • 8 ms window: 11 million pps per port when 4 ports are used.
(DCA-DM-SEL)11
  • 2 ms window: 17.5 million pps per port when 2 ports on the same NIC are used.
  • 4, 6 ms window: 16.5 million pps per port when 2 ports on the same NIC are used.
  • 8 ms window: 15.5 million pps per port when 2 ports on the same NIC are used.
(DCA-DM-SDL)
  • 2, 4, 6, 8 ms window: 8 million pps.
(DCA-DM-SEL)
  • 2, 4, 6, 8 ms window: 15.5 million unique pps.
Deduplication Maximum Bandwidth by Service Node Port

(DCA-DM-SC)

10 Gbps for IMIX traffic.
  • 2 ms window: It handles 10 Gbps traffic per port with average packet size > 70 bytes.
  • 4, 6 ms window: It handles 10 Gbps traffic per port with average packet size > 76 bytes.
  • 8 ms window: It handles 10 Gbps traffic per port with average packet size > 94 bytes.

(DCA-DM-SEL)

20Gbps for IMIX traffic.
  • 2, 4, 6 and 8 ms window: It handles 20 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SC)

40 Gbps for IMIX traffic.
  • 2 ms window: It handles 10 Gbps traffic per port with average packet size > 76 bytes.
  • 4, 6 ms window: It handles 10 Gbps traffic per port with average packet size > 76 bytes.
  • 8 ms window: It handles 10 Gbps traffic per port with average packet size > 94 bytes.

(DCA-DM-SEL)13

40Gbps for IMIX traffic.
  • 2, 4, 6 and 8 ms window: It handles 40 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SC)

160 Gbps for IMIX traffic.
  • Service node ports handles 10 Gbps traffic per port with average packet size > 210 bytes.

(DCA-DM-SEL)13

320 Gbps for IMIX traffic.
  • Service node ports handles 20 Gbps traffic per port with average packet size > 210 bytes.
Note: Tested for 100%, 50%, 20%, and 0% deduplication by sending 10Gbps traffic with different packet sizes.

Header Stripping Verified Scale Values

Table 18. Header Stripping Verified Scale Values
Managed Service One Service Node Port 4 Service Node Port 16 Service Node Port
Header Stripping Maximum Packet Rate Processed

(DCA-DM-SC)

  • 14 million pps per port.

(DCA-DM-SDL)

  • 12 million pps per port.

(DCA-DM-SEL)

  • 29 million pps per port.

(DCA-DM-SC)

  • 14 million pps per port.

(DCA-DM-SDL)

  • 8 million pps per port.

(DCA-DM-SEL)

  • 29 million pps per port.

(DCA-DM-SDL)

  • 7.5 million pps per port.

(DCA-DM-SEL)

  • 14.5 million pps per port.
Header Stripping Maximum Bandwidth by Service Node Port14

(DCA-DM-SC)

  • 10 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SEL)

  • 20 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SC)

  • 40 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SEL)

  • 40 Gbps15 for IMIX traffic.

It handles 20 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SC)

  • 160 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 160 bytes.

(DCA-DM-SEL)

  • 320 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 140 bytes.
Table 19. Header Stripping Verified Scale Values
Managed Service One Service Node Port 4 Service Node Port 16 Service Node Port
Header Stripping Maximum Packet Rate Processed

(DCA-DM-SC)

  • 14 million pps per port.

(DCA-DM-SDL)

  • 12 million pps per port.

(DCA-DM-SEL)

  • 29 million pps per port.

(DCA-DM-SC)

  • 14 million pps per port.

(DCA-DM-SDL)

  • 8 million pps per port.

(DCA-DM-SEL)

  • 29 million pps per port.

(DCA-DM-SDL)

  • 7.5 million pps per port.

(DCA-DM-SEL)

  • 14.5 million pps per port.
Header Stripping Maximum Bandwidth by Service Node Port16

(DCA-DM-SC)

  • 10 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SEL)

  • 20 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SC)

  • 40 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SEL)

  • 40 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 70 bytes.

(DCA-DM-SC)

  • 160 Gbps for IMIX traffic. It handles 10 Gbps traffic per port with average packet size > 160 bytes.

(DCA-DM-SEL)

  • 320 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 140 bytes.
Note: Tested VXLAN, MPLS, ERSPAN17 and LISP encapsulated packets of different sizes at line rate.

Slicing, Masking and Pattern Matching Verified Scale Values

This section summarizes the verified scale values for DMF Service Node managed services.
  • Slicing
  • Masking
  • Pattern Matching
Table 20. Verified Scale for Packet Slicing as a Managed Service
Processing rate and supported bandwidth 18 One Service Node Port 4 Service Node Ports 16 Service Node Ports
Maximum Packet Rate Processed
(DCA-DM-SC)
  • 14 million pps per port
(DCA-DM-SDL)
  • 14 million pps per port
(DCA-DM-SEL)
  • 29.5 million pps per port
(DCA-DM-SC)
  • 13 million pps per port
(DCA-DM-SDL)
  • 8 million pps per port
(DCA-DM-SEL)
  • 17.5 million pps per port19
(DCA-DM-SDL)
  • 8 million pps per port.
(DCA-DM-SEL)
  • 17.5 million pps per port.
Maximum Bandwidth by Service Node
(DCA-DM-SC)
  • 10 Gbps for IMIX traffic. It handles 10Gbps traffic per port with average packet size > 70 bytes.
(DCA-DM-SEL)
  • 20 Gbps for IMIX traffic. It handles 20Gbps traffic per port with average packet size > 130 bytes.
(DCA-DM-SC)
  • 40 Gbps for IMIX traffic. It handles 10Gbps traffic per port with average packet size > 70 bytes.
(DCA-DM-SEL)
  • 40 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 130 bytes.19
(DCA-DM-SC)
  • 160 Gbps for IMIX traffic. It handles 10Gbps traffic per port with average packet size > 70 bytes.
(DCA-DM-SEL)
  • 320 Gbps for IMIX traffic. It handles 20 Gbps traffic per port with average packet size > 130 bytes.
.
Note: Tested different packet sizes with line rate traffic.
Table 21. Verified Scale for Packet Masking as a Managed Service
Processing rate/bandwidth supported 20 One Service Node Port 4 Service Node Ports 16 Service Node Ports
Maximum Packet Rate Processed Depending on regex pattern

DCA-DM-SC supports 40%19 of 10 Gbps traffic or more per port.

DCA-DM-SEL supports 31%21 of 20 Gbps 22 traffic or more per port.
Maximum Bandwidth by Service Node Port Depending on regex pattern

One Service Node port handles about 40% of 10 Gbps traffic or more.

To get 10 Gbps performance, use LAG with 2 or more Service Node ports.
Table 22. Verified Scale for Pattern Matching as a Managed Service
Processing rate/bandwidth supported 23 One Service Node Port 4 Service Node Ports 16 Service Node Ports
Maximum Packet Rate Processed Depending on regex pattern

One Service Node port handles about 50%19 of 10 Gbps traffic or more.

DCA-DM-SEL supports 36%21 of 20 Gbps22 traffic or more per port.
Maximum Bandwidth by Service Node Port Depending on regex pattern

One Service Node port handles about 50% of 10 Gbps traffic or more.

To get 10 Gbps performance, use LAG with 2 or more Service Node ports.
Note: The performance of packet masking or packet matching depends on the packet length and the complexity of the regular expression.

Session Slice Scale Values

This section summarizes the verified scale values for TCP and UDP session-slicing configured as a managed service action.

Session-Slice Scale Values for UDP

Service Node Port IPv4 UDP Session IPv6 UDP Session IPv4/6 UDP Session
One 524000 Max sessions 524000 Max sessions 1 Million Max sessions
4 Port 2 Million Max sessions 2 Million Max sessions 4 Million Max sessions

Session-Slice Scale Values for TCP

Service Node Port IPV4 TCP Session IPV6 TCP Session IPv4/6 TCP Session
One 524000 Max sessions 524000 Max sessions 1 Million Max sessions
4 Port 2 Million Max sessions 2 Million Max sessions 4 Million Max sessions

Each service node port supports 524000 maximum sessions for each traffic type - TCP/UDP/TCP6/UDP6. With mixed traffic (TCP,TCP6,UDP,UDP6), each service node port supports a maximum of 2 million sessions.

Analytics Node Verified Scale Values

This section displays the tested scalability values for the Analytics Node.

Table 23. Analytics Node Scale Performance Results
  Single Node Cluster Three Node Cluster Five Node Cluster
ARP 20,000 pkts/sec 60,000 pkts/sec 100,000 pkts/sec
DHCP 15,000 pkts/sec 30,000 pkts/sec 60,000 pkts/sec
ICMP 15,000 pkts/sec 40,000 pkts/sec 80,000 pkts/sec
DNS 8,000 pkts/sec 20,000 pkts/sec 32,000 pkts/sec
TCPFlow 6,000 flows/ 18,000 flows/sec 30,000 flows/sec
sFLOW®* 12,000 flows/sec 30,000 flows/sec 70,000 flows/sec
Netflow v5 without Optimization25 12,000 flows/sec 32,000 flows/sec 60,000 flows/sec
IPFIX without Optimization25 9,000 flows/sec 27,000 flows/sec 45,000 flows/sec
Netflow v9 without Optimization25 9,000 flows/sec 27,000 flows/sec 45,000 flows/sec
All the Above Cases Combined: 26 ARP: 800 pkts/sec

DHCP: 500 pkts/sec

ICMP: 300 pkts/sec

DNS: 3,000 pkts/sec

TCPFlow: 300 flows/sec

sFLOW: 3,000 flows/sec

Netflow version 5: 5,000 flows/sec

 ARP: 1,800 pkts/sec

DHCP: 900 pkts/sec

ICMP: 1,200 pkts/sec

DNS: 6,000 pkts/sec

TCPFlow: 400 flows/sec

sFLOW: 6,000 flows/sec

Netflow version 5: 10,000 flows/sec

 ARP: 2,000 pkts/sec

DHCP: 1,200 pkts/sec

ICMP: 2,000 pkts/sec

DNS: 8,000 pkts/sec

TCPFlow: 500 flows/sec

sFLOW: 8,000 flows/sec

Netflow version 5: 13,000 flows/sec
Note: The above test measurements were performed with 60% average CPU Utilization.

Recorder Node Verified Scale Values

This section displays the tested performance numbers for the Recorder Node with no-drop packet capture characteristics.

Table 24. Maximum packets recorded on a DCA-DM-RA3 Recorder Node
Packet Size (Bytes) Packets per second Maximum Bandwidth (Gbps)
1500 Bytes or greater ~1.98 million 24 Gbps
512 Bytes or greater ~4.7 million 20 Gbps
IMIX ~6.3 million 19 Gbps
256 Bytes or greater ~8.6 million 19 Gbps
Note: IMIX is a 7:4:1 distribution of 64, 570, and 1518-byte Ethernet-encapsulated packets, leading to a 353-byte packet size average.
1Configuration of Bidirectional / Tx Tunnels would require using an additional port. Therefore maximum number of supported Bidirectional / Tx Tunnels would be limited to number of free ports available on the switch.
2In push-per-policy mode, a 4-byte internal VLAN tag is added to the traffic and this reduces the maximum bandwidth supported.
3DCA-DM-SC Service Node (4x10G) handles 10 Gbps per port with average packet size >= 210 bytes.
4DCA-DM-SDL Service Node (16x10G) handles 10 Gbps traffic per port with average packet size >= 285 bytes.
5DCA-DM-SEL Service Node (16x25G) handles 20 Gbps traffic per port with average packet size >= 68 bytes.
6Measured when each service node port sent 1 million flow records at the same time.
7In push-per-policy mode, a 4-byte internal VLAN tag is added to the traffic and this reduces the maximum bandwidth supported and recommended.
8DCA-DM-SC (4x10G) handles 10Gbps traffic per port with average packet size IPv4>= 160 byte for IPv6 >=190 byte.
9DCA-DM-SEL (16x25G) handles 20Gbps traffic per port with average packet size IPv4 >= 68 byte and 10Gbps traffic per port with average packet size IPV6 >= 218 bytes.
10Measured when service node exports ipfix data packets representing 1 million unique flows information with default eviction timers.
11DCA-DM-SEL NIC Hardware configuration is 2 Port, Published numbers represent NIC card Performance.
12In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
13DCA-DM-SEL maximum supported bandwidth per port is 20 Gig.
14In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
15DCA-DM-SEL NIC Hardware configuration is 2 Port, Published numbers represent NIC card Performance.
16In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
17DCA-DM-SEL support of ERSPAN managed-service has limitations.
18In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
19With regex \d{3}-\d{2}-\d{4} to match/mask/drop packets with Social Security numbers in a 64 byte packet, DCA-DM-SC can handle 10 million packets/sec. The performance reduces to 5 million pps with 131 byte packet. With regex \d{4}[\s\-]*\d{4}[\s\-]*\d{4}[\s\-]*\d{4} to match/mask/drop packets with credit card numbers in a 68 byte packet, DCA-DM-SC can handle 7 million pps. Higher the packet size and position of match string in the packet will influence performance. Performance can be optimized by setting appropriate l4-payload off-set value.
20In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
21With regex \d{3}-\d{2}-\d{4} to match/mask/drop packets with Social Security numbers in a 64 byte packet, DCA-DM-SEL can handle 11 million pps. With regex \d{4}[\s\-]*\d{4}[\s\-]*\d{4}[\s\-]*\d{4} to match/mask/drop packets with credit card numbers in a 68 byte packet, DCA-DM-SEL supports masking service 11 million pps. Higher the packet size and position of match string in the packet will influence performance. Performance can be optimized by setting appropriate l4-payload off-set value.
22Two ports belongs to single NIC card.
23In push-per-policy mode, 4-byte internal VLAN tags are added to the traffic, which reduces the maximum bandwidth supported to 9.7 Gbps.
*sFlow® is a registered trademark of Inmon Corp.
25The Netflow with optimization test cases yield a result of 100,000 flows/sec for a single analytics node cluster. For more details about Netflow optimization, please refer to the Arista Analytics User Guide.
26The rate of traffic chosen is for testing purposes only. In production network the rate of traffic for each protocol may vary.