Guides
Secure Access Help Center

Estimate Peak Traffic to Custom Targets for Default Endpoint Tests

Endpoint tests sent to custom targets (whether public or private) require bandwidth. A high number of endpoint agents sending synthetic traffic to a custom target can generate network throughput high enough to negatively impact custom target performance.

Before selecting a custom target for a default endpoint test, we recommend using the traffic calculator to estimate peak throughput. Use that estimate to ensure your network and server have the capacity to handle peak throughput. You can also use mitigation strategies described below to attempt to reduce peak throughput.

Calculate Estimated Peak Throughput of Test Traffic

Estimated peak throughput of test traffic is an estimate of the upper limit of bandwidth required in the event that the default test runs for all endpoint agents at at the same time. At the default test interval of 1 minute, actual test throughput will be at or near estimated peak throughput. At higher test intervals, actual test throughput may not be as high as estimated peak throughput, but this is not guaranteed.

Estimated peak throughput = A x N

  • A = Agent throughput for a single test (in KB/s). Peak throughput is 1 KB/s per endpoint agent.
  • N = Number of endpoint agents, assuming one synthetic test per agent to the same custom target. By default, all endpoint agents are included in the default test.

Consult with internal teams (IT, network, or firewall administrators) to compare the results to your network and server capacity to ensure that your systems can withstand the load.

📘

Estimated Peak Throughput Calculation Example

A = 1 KB/s

N = 1000 agents

Peak throughput: A x N = 1,000 KB/s (1 MB/s)

Mitigation Strategies

Follow these strategies to mitigate default test throughput that exceeds your available bandwidth.

  • Change the default test target (RAVPN, Zero Trust Access, or SWG remote module) or custom target that is more capable of managing the load.
  • Increasing the test interval may mitigate impact on your network. At the default test interval of 1 minute, actual throughput will be at or near estimated peak throughput. Increasing the interval will likely redistribute the tests over the longer interval.

Note: It is not possible to predict actual throughput at test intervals greater than 1 minute. In the worst case scenario, if all endpoint agent tests run at the same time (for example, at minute 30 of a 30-minute test interval), they would still generate actual throughput at or near estimated peak throughput.

  • Increase the capacity of your backhauling infrastructure.
    • If using IPsec tunnels, provision traffic backhauling over your edge infrastructure that is capable of handling increased traffic load.
    • If using resource connectors, add additional connectors to resource connector groups to increase the ability to handle the traffic load.

Recovery Options

If your system crashes or becomes unavailable due to high traffic sent to a custom target, do the following:

  • For public targets: The SaaS provider may block traffic that is sent from Cisco IP addresses. The traffic may mimic the characteristics of a distributed denial-of-service (DDoS) attack, potentially disrupting legitimate user access by overloading system resources. Contact Cisco support.
  • For private targets: Seek assistance from your IT or network administration team.

About Endpoint Agent Tests < Estimate Peak Traffic to Custom Targets for Default Endpoint Tests > Estimate Peak Traffic to Custom Targets for Default Endpoint Tests

Updated 9 days ago