Setting The Number Of Memory Partitions - Cisco 7604 Configuration Manual

Chapter 4 Configuring Security Contexts
2. Each established command creates a control and data rule, so this value is doubled in the Total Rules value.
3. This limit is lower than in release 2.3.

Setting the Number of Memory Partitions

When increasing the number of partitions, the default size of each partition is reduced. If you manually
configured the partition sizes (see the
sizes you set might not be compatible with the new smaller partition sizes. If the current configured sizes
do not fit into the new partitions, then the FWSM rejects the new memory partition configuration.
The FWSM also checks the rule allocation (see the
Memory Partition" section on page
total number of rules allocated is now greater than those available, then the FWSM rejects the new
memory partition configuration. Similarly, if the absolute maximum number of rules for a feature is now
exceeded, then the FWSM rejects the new memory partition configuration.
Note Changing the number of partitions requires you to reload the FWSM.
Guidelines
Failure to follow these guidelines might result in dropped access list configuration as well as other
Caution
anomalies, including ACL tree corruption.
•
•
Detailed Steps
To change the number of memory partitions, perform the following steps:
To view the current mapping of contexts to memory partitions, enter the following command:
Step 1
hostname(config)# show resource acl-partition
For example, the following output shows that 2 memory partitions are configured:
hostname(config)# show resource acl-partition
Total number of configured partitions = 2
Partition #0
Partition #1
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
The target partition and rule allocation settings must be carefully calculated, planned, and preferably
tested in a non-production environment prior to making the change to ensure that all existing
contexts and rules can be accommodated.
When failover is used, both FWSMs need to be reloaded at the same time after making partition
changes. Reloading both FWSMs causes an outage with no possibility for a zero-downtime reload.
At no time should two FWSMs with a mismatched number of partitions or rule limits synchronize
over failover.
Mode
List of Contexts
Number of contexts
Number of rules
Mode
List of Contexts
"Changing the Memory Partition Size" section on page
"Reallocating Rules Between Features for a Specific
4-19). If you manually allocated rules between features so that the
:exclusive
:bandn, borders
:2(RefCount:2)
:0(Max:53087)
:non-exclusive
:admin, momandpopA, momandpopB, momandpopC
momandpopD
Managing Memory for Rules
4-14), the
4-13