Cisco Application Control Engine (ACE) Troubleshooting Guide -- ACE Resource Limits

From DocWiki

(Difference between revisions)
Jump to: navigation, search
(ACE Performance Numbers)
(ACE Performance Numbers)
Line 42: Line 42:
|SLB L4 bps
|SLB L4 bps
|4, 8, or 16 Gbps
|4, 8, or 16 Gbps
-
|1, 2, or 4 Gbps
+
|.5, 1, 2, or 4 Gbps
|-
|-

Revision as of 20:11, 29 June 2010

This article describes the ACE system limits and performance numbers for various resources and configuration objects.

Guide Contents
Main Article
Overview of ACE Module Troubleshooting
Understanding the ACE Module Architecture and Traffic Flow
Preliminary ACE Module Troubleshooting
Troubleshooting ACE Boot Issues
Troubleshooting with ACE Logging
Troubleshooting Connectivity
Troubleshooting Remote Access
Troubleshooting Access Control Lists
Troubleshooting Network Address Translation
Troubleshooting ACE Health Monitoring
Troubleshooting Layer 4 Load Balancing
Troubleshooting Layer 7 Load Balancing
Troubleshooting Redundancy
Troubleshooting SSL
Troubleshooting Performance Issues
ACE Module Resource Limits
Managing ACE Resources

Contents











ACE Performance Numbers and Resource Limits

Datasheet Numbers The performance numbers presented here have been obtained under very specific controlled conditions. The configurations and traffic profiles used were chosen to maximize the performance outcome for the given test. Customer environments where configuration combinations and traffic profiles are much more complex may not produce the same results. In order to obtain performance numbers specific to a particular customer, testing with that customer’s feature combination and traffic profile is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.


ACE Performance Numbers

SLB L4 bps 4, 8, or 16 Gbps .5, 1, 2, or 4 Gbps
SLB L4 Connections per Second (CPS) 325,000 120,000
SLB L7 Maximum CPS 133,000 40,000
Concurrent L4 Sessions 4,000,000 1,000,000
Concurrent L7 Sessions 512,000 128,000
SSL Bandwidth 3.3 Gbps 1 Gbps
SSL Transactions per Second (TPS) 15,000 7,500
Concurrent SSL Sessions 200,000 100,000


















SLB-Related Limits

Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

SLB-Related Object ACE Module System Limit ACE Module Context Limit ACE Appliance Limit Additional Information
ARP Entries 32,768 32,768 32,768
Bridge Table Entries 32,768 32,768 32,768 A few are reserved for L2 interafces, redundancy, and so on.
Bridge-Group Virtual Interfaces (BVIs) 4096 2048 512
Concurrent Conns L4 (Unproxied) 4,000,000 4,000,000 1,000,000
Concurrent Connections L7 (Proxied) 512,000 512,000 128,000
Domains 2,500 10 (9) 10 (9 per context) One is used for the default domain.
Domain Objects None None None Any object within the virtual partition can be added to a domain.
Logical Interfaces 8,192 8,192 8,192
Resource Classes 100 (99) 1 100 (99) One is used for the default class.
Roles 4,000 16 (8) 16 (8) per context Eight are predefined.
Sticky Groups 4,096 4,096 4,096
Sticky Table Entries 4,000,000 4,000,000 800,000
Virtual Contexts 251 N/A 21 (1 Admin context) 250 user contexts + 1 Admin context
VLANs 4,000 (2-4094) 4,000 (2-4094) 4,000 (2-4094)




















Security-Related Limits

Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

Security Related Object ACE Module System Limit ACE Module Context Limit ACE Appliance Limit Additional Information
Static NAT Policies 4096 4096 4096
Dynamic NAT Policies 4096 4096 4096
Maximum of addresses in a NAT pool 64 64 32
Maximum of addresses in a PAT pool 63k 63k 63l
PAT Entries 4,000,000 4,000,000 1,000,000
Total NAT Pools 8,192 8,192 8,192
Xlates 1,000,000 1,000,000 64,000
Concurrent SSL Conns 100,000 100,000 100,000 Subset of L7 (proxied) connections
RSA key size up to 2048 bits up to 2048 bits up to 2048 bits Supported: 512, 786, 1536, 1024, & 2048 bits

Not supported: 3072 bits & 4096 bits

SSL Certs/Key files 3800/3800 3800/3800 3800/3800 This number is strictly enforced in A220, A214, and A322




















Management-Related Limits

Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

Management-Related Object ACE Module System Limit ACE Module Context Limit ACE Appliance Additional Information
AAA LDAP Servers 6,144 8 (24 total) 8
AAA RADIUS Servers 2K (256*8) 8 (24 total) 8
AAA TACACS+ Servers 6K (256*24) 8 (24 total) 8
Domains 2500 64 (63) 64 (63) One domain is used for the default-domain and cannot be removed
Local Users 7500 30 (Admin context: 28) 31 (including admin, www, and dm)
Objects within a Domain No limit No limit Any object within the virtual partition can be added to a domain
Resource-classes 252 Not applicable 100
Roles 4000 16 (8) 16 (8) Eight are predefined and cannot be altered, leaving eight for you to customize
SNMP Hosts No Limit 10
SSH Sessions 256 4 4
Syslog buffer size 4 MB 4 MB 1 MB
Syslog CP rate 5,000 per seconds 5,000 per seconds 3,000 per seconds
Syslog DP rate 350,000 per second 350,000 per second 120,000 per second
Syslog history table size 256 x 500 500
Syslog Hosts 256 2 2
Syslog internal queue size 10 MB 10 MB 8,192 messages
Syslog persistence size 1M 1M
Syslog rate limit table size 256 x 100 100 10,000 messages per sec
Telnet Sessions 256 4 4

Rating: 3.9/5 (18 votes cast)

Personal tools