@nitin21 wrote:
As per rule of mpps to gbps, I had seen many industry vetrans to use the rule, wherein 1gbps of throughput is considered for 1.488 mpps routing performance. Considering the same,I had calculated the throughputs.
This is not a rule -- this is a baseline calculation using minimum packet sizes to determine "wire speed" and does not tell nearly the entire story.
Smaller packets require more processing overhead by a firewall / services router. Thus, the larger the average packet size traversing the system, the more efficient the system will be, and the higher the throughput will be.
This is why there are numerous metrics on the datasheet. Large packets, IMIX, minimum packet size, etc.
There is no steadfast absolute "rule" and thus you must apply some judgement and knowledge of your traffic patterns to get a realistic estimate. You must also understand that the throughput of a firewall is based on significantly more factors than just packets per second and look beyond that number.
@nitin21 wrote:
As per my previous experince, I had terminated 5 mbps of WAN Link on SRX 210 running on 10.4 with UTM enabled, but device performance got below par (Delay even during web browsing, etc was considerable). Considering the prior experince, I never advise for more than 4 mbps to be terminated on SRX210 running UTM services.
Did you ever open a JTAC case for this? I would consider this abnormal and there must have been some contributing factors to the poor performance. CPU exhausted? Firewall low on memory? Excessive fragmented packets? Was everything running through AntiVirus? AV is not fast, that's a fact of life. JTAC could have helped diagnose the cause of the issue.
@nitin21 wrote:
Understand that there are many permutation and combinations to be considered while deciding upon the WAN Link terminations on the router (SRX is going to be used as a secured Router only with, may be, few services like NATTing), but still wish I can get a approximate WAN Bandwidth that we can terminate on the device.
I understand why you're focused on "WAN Performance" (because that's how Cisco gives their numbers on the small ISR platforms), but please understand that there is no distinction on the SRX on WAN throughput vs. other throughput. Packets are packets. Throughput is aggregate. If the only services you're going to use are NAT and Firewall, the datasheet gives you the numbers you need to think about:
SRX220 SRX240
Firewall performance (large packets) 950 Mbps 1.8 Gbps
Firewall performance (IMIX) 300 Mbps 600 Mbps
Firewall + routing PPS (64 Byte) 125 Kpps 200 Kpps
Firewall performance (HTTP) 350 Mbps 830 Mbps
Based on that, if you're running "average" traffic through the devices (mixed packet sizes), you can estimate based on the IMIX numbers and I generally use a "fudge factor" of +/- 20%. Again, these are estimates. Not rules.
If you're pushing nothing but minimum-sized packets through the devices, yes, performance is going to be abysmal. Around 8Mbps for the 220 and around 12.8Mbps for the 240. However, I'm going to guess you're not going to have that type of traffic pattern and if you are, you probably need specialized equipment. So why fixate on this number if it's not applicable to your situation?
Nobody here will be able to give you an absolute answer in the form of a strict number, and if they do, I'd be quite dubious of such an answer. The information is there for you to make a reasonable decision based on your factors. A Juniper SE or your friendly local VAR will be your best resource at this point to discuss your needs and assess the factors.