We have about 30 AMD's that have a large amounts of different applications and decodes on each AMD (some 1Gb but most 10Gb sniffing interfaces).
We are at 12.3.x and know that several decodes are still single threaded, and can cause packet sampling if more than one single threaded decode is "fighting" over the thread. And we have experience that the sniffing interface is not a good indicator (unless saturated) of an AMD being over subscribed.
Basically, the only way we know we have come to a capacity limit is when we start to see packet sampling happen consistently. When that happens we impact customer RUM data due to sampling and it causes even more problems with SSL sessions getting cut off.
Has anyone come up with a clever way to better judge AMD capacity besides box level resources? Some sort of AMD index score?
I am really hoping the 12.4 New Generation AMD's will have better insight to capacity because we have always had to basically wait till it tips over before we know when to stop adding traffic/applications to an AMD. Not a very proactive way to manage capacity. Especially when you have a busy season where you expect a certain percentage of increase in traffic.
Matt, I too am looking into AMD capacity monitoring but so far I haven't found the tools/resources that will allow me to do this well. I did come across a previous post where Ulf suggested to check the SPAN feed, and I have found that having a 20% duplicate packet component does impact the software's ability to process, though this is dependent on throughput (at 1.5Gpbs I was always above 93% CPU). Lost Packets (as seen in the RUM Console GUI) is also significantly higher during these periods as well.
In hindsight I guess there is nothing too surprising here, so just ensure you cover off ensuring you have the cleanest possible traffic entering the AMD to avoid/eliminate unnecessary load.