Disappointing performance.
We are running asav9-13-1-7 on c5.2xlarge and we are not happy with the value. As we are using the appliance for SSLVPN, we primarily need to scale in terms of concurrent users. The "box" looked very promising by its featureset (10G interfaces and 10K concurrent users supported) at launch but in reality the setup seems to only scale to appr 1500 users (Cloudwatch metrics show instance cpu flat around 90% with only 1200 users and 2Gpbs of total VPN traffic).
Is there a way to improve somewhat (would also be good to have a performance prediction by Cisco) via implementing support for c5.4xlarge instance?
Thanks for your feedback. Our datasheet shows 10Gbps for “ideal conditions” (Footnote #1), but “ideal” is not encrypted. We are planning to add DTLS numbers shortly, but in the meantime, the IPSec throughput number is close. Using that throughput number and your guesstimate for throughput per user, would give a good estimate of the number of users that can be supported. You can optimize your performance by using DTLS 1.2 with an AES-GCM based cipher being negotiated. Thanks again for your input!