This article provides a list of the main default thresholds, and limitations, for various features and capabilities available for use in the Cato Cloud.
These limits are designed to support the Cato best practices to ensure the reliability and performance of the service. If there is a requirement to increase a threshold or limit, please contact Cato Support to discuss further.
For more information about API limits, see Understanding Cato API Rate Limiting.
|
Feature |
Limit |
|
Event |
2,500,000 events/hour* |
|
Alerts |
50 alerts/hour (per alert sub-type) |
|
Events CSV export |
250,000 events per export |
|
eventsFeed API |
*Dependent on DPA agreement:
- For accounts operating under DPA 2021, the Event limit is 2,500,000 events/hour per event sub-type.
- DPA 2023 includes a bundled Event limit of 2,500,000 events/hour which can be extended by licensing additional Data Units (each Data Unit provides 2,500,000 events/hour). For more information, see Guide to Cato Data Lake.
For IPsec sites with bandwidth greater than 100Mbps, use only the AES 128 GCM-16 or AES 256 GCM-16 algorithms.
AES CBC algorithms are only used on sites with bandwidth less than 100Mbps.
The Cato Cloud supports site throughput of up to 10Gbps for the X1700B Socket and Cloud Interconnect, which is immediately available in many PoP locations.
These are the details for the supported throughput of different site types:
-
Cloud Interconnect: Up to 10Gbps
-
Physical Sockets
-
Socket X1500: Up to 500 Mbps
-
Socket X1600/X1600 LTE: Up to 1 Gbps
-
Socket X1700: Up to 3 Gbps
-
Socket X1700B: Up to 10 Gbps
-
-
Virtual Sockets
-
Azure:
-
2 NIC - up to 1Gbps
-
3 NIC with accelerated networking - up to 2Gbps
-
-
Google Cloud Platform (GCP): Up to 2 Gbps
-
Amazon (AWS) and VMware ESXi: Actual throughput will depend on various factors including the instance type, network configuration, and environmental conditions in the specific deployment
-
-
IPsec sites
-
IPsec IKEv1 (Cato-initiated): Up to 3 Gbps
-
IPsec IKEv2: Up to 3 Gbps
-
Transaction Processing Latency
Transaction processing latency measures the time from when the Cato Single Pass Cloud Engine (SPACE) receives network data packets for a transaction until the complete transaction is received by the client or host. This latency can be up to 10 milliseconds for both decrypted and non-decrypted transactions of up to 1MB of data.
Cato SDP Client
The throughput for Cato SDP Clients is based on a variety of factors, including hardware, software, and geolocation. For example, wired vs. wireless connections, operating systems, shared software, Internet infrastructure, and system resources, can significantly impact the Client's performance. In addition, the encryption and encapsulation between the SDP Client and the Cato Cloud may add an overhead of up to 20% of the throughput.
The Cato Client is not capped for most PoP locations in the world, and Cato guarantees a minimum throughput of 100Mbps. Cato only investigates Support tickets when the throughput is less than 100Mbps.
However, there are a few PoP locations with limited capacity, and Cato caps the maximum throughput of the Client. These are the details of the PoP locations:
-
North America, Europe, Japan, and Singapore: There is no maximum cap, and the throughput is only subject to environmental factors
-
China: The maximum throughput is capped at 20Mbps
-
Vietnam: The maximum throughput is capped at 20Mbps
-
Other PoP locations: The maximum throughput is capped at 100Mbps
1 comment
Updated Supported Throughput for Cato Sites
Please sign in to leave a comment.