Classes And Class Members Overview; Resource Limits - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Configuring Resource Management
This section includes the following topics:
•
•
Classes and Class Members Overview
The FWSM manages resources by assigning contexts to resource classes. Each context uses the resource
limits set by the class. This section includes the following topics:
•
•
•
Resource Limits
When you create a class, the FWSM does not set aside a portion of the resources for each context
assigned to the class; rather, the FWSM sets the maximum limit for a context. If you oversubscribe
resources, or allow some resources to be unlimited, a few contexts can "use up" those resources,
potentially affecting service to other contexts.
You can set the limit for all resources together as a percentage of the total available for the device. Also,
you can set the limit for individual resources as a percentage or as an absolute value.
You can oversubscribe the FWSM by assigning more than 100 percent of the resources across all
contexts. For example, you can set the Bronze class to limit connections to 20 percent per context, and
then assign 10 contexts to the class for a total of 200 percent. If contexts concurrently use more than the
system limit, then each context gets less than the 20 percent you intended. (See
Figure 4-5
Max. 20%
(199,800)
(159,984)
(119,988)
(79,992)
(39,996)
The FWSM lets you assign unlimited access to one or more resources in a class, instead of a percentage
or absolute number. When a resource is unlimited, contexts can use as much of the resource as the system
has available. For example, Context A, B, and C are in the Silver Class, which limits each class member
to 1 percent of the system inspections per second, for a total of 3 percent; but the three contexts are
currently only using 2 percent combined. Gold Class has unlimited access to inspections. The contexts
in the Gold Class can use more than the 97 percent of "unassigned" inspections; they can also use the
1 percent of inspections not currently in use by Context A, B, and C, even if that means that Context A,
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
4-22
Classes and Class Members Overview, page 4-22
Configuring a Class, page 4-24
Resource Limits, page 4-22
Default Class, page 4-23
Class Members, page 4-24
Resource Oversubscription
Total Number of System Connections = 999,900
16%
12%
8%
4%
1
2
3
Contexts in Class
4
5
6
7
8
Chapter 4
Configuring Security Contexts
Figure
Maximum connections
allowed.
Connections in use.
Connections denied
because system limit
was reached.
9
10
4-5.)
OL-20748-01
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
