Forum Discussion
CirrostratusASM GeoIP vs AFM
Is there a difference in performance or traffic flow in using the ASM built in (nicer) interface for GeoIP blocking vs using an address list that you manually add the regions to with AFM? Also same question for IP intelligence as part of an ASM policy vs a regular standalone IPI policy?
1 Reply
This kind of question might be best discussed with a Sales Engineer, who will be able to invest more effort into testing, but I can tell you off the back of my own knowledge that ASM operates at Layer 7, and in most cases, is CPU-bound. Most of ASM's IP-layer decisions are thus made in CPU, which in F5 terms, means lower scale. Usually, the impact of doing things in CPU vs at the lower hardware level is a few additional microseconds of latency per transaction, the effects of which can manifest in different ways, and which may be acceptable, depending on your specific requirements.
ASM does have the capability to leverage lower-level hardware (ePVA in F5 terminology) when in attack mitigation mode, but all things being equal, I will expect AFM to be able to handle a higher load of traffic than ASM, since AFM offloads as much as possible to the ePVA hardware.
If you are running a suitably equipped appliance, and capacity is of concern, AFM might be a better option.
