Cisco Application Control Engine (ACE) Troubleshooting Guide -- ACE Resource Limits

From DocWiki

(Difference between revisions)
Jump to: navigation, search
m (Security-Related Limits)
m
Line 4: Line 4:
|align="center"|'''Guide Contents'''
|align="center"|'''Guide Contents'''
|-
|-
-
|[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x)|Main Article]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Overview of ACE Module Troubleshooting|Overview of ACE Module Troubleshooting]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Understanding the ACE Module Architecture and Traffic Flow|Understanding the ACE Module Architecture and Traffic Flow]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Preliminary ACE Module Troubleshooting|Preliminary ACE Module Troubleshooting]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting ACE Boot Issues|Troubleshooting ACE Boot Issues]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting with ACE Logging|Troubleshooting with ACE Logging]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting Connectivity|Troubleshooting Connectivity]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting Remote Access|Troubleshooting Remote Access]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting Access Control Lists|Troubleshooting Access Control Lists]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting Network Address Translation|Troubleshooting Network Address Translation]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting ACE Health Monitoring|Troubleshooting ACE Health Monitoring]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting Layer 4 Load Balancing|Troubleshooting Layer 4 Load Balancing]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting Layer 7 Load Balancing|Troubleshooting Layer 7 Load Balancing]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting Redundancy|Troubleshooting Redundancy]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting SSL|Troubleshooting SSL]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Troubleshooting Performance Issues|Troubleshooting Performance Issues]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- ACE Module Resource Limits|ACE Resource Limits]]<br>[[Cisco Application Control Engine (ACE) Module Troubleshooting Guide, Release A2(x) -- Managing Resources|Managing ACE Resources]]<br>
+
|[[Cisco Application Control Engine (ACE) Troubleshooting Guide|Main Article]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Overview of ACE Troubleshooting|Overview of ACE Troubleshooting]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Understanding the ACE Module Architecture and Traffic Flow|Understanding the ACE Module Architecture and Traffic Flow]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Preliminary ACE Troubleshooting|Preliminary ACE Troubleshooting]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting ACE Boot Issues|Troubleshooting ACE Boot Issues]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting with ACE Logging|Troubleshooting with ACE Logging]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Connectivity|Troubleshooting Connectivity]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Remote Access|Troubleshooting Remote Access]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Access Control Lists|Troubleshooting Access Control Lists]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Network Address Translation|Troubleshooting Network Address Translation]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting ACE Health Monitoring|Troubleshooting ACE Health Monitoring]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Layer 4 Load Balancing|Troubleshooting Layer 4 Load Balancing]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Layer 7 Load Balancing|Troubleshooting Layer 7 Load Balancing]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Redundancy|Troubleshooting Redundancy]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting SSL|Troubleshooting SSL]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Performance Issues|Troubleshooting Performance Issues]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- ACE Resource Limits|ACE Resource Limits]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Managing Resources|Managing ACE Resources]]<br>
|}
|}

Revision as of 21:45, 8 March 2011

This article describes the ACE system limits and performance numbers for various resources and configuration objects.

Guide Contents
Main Article
Overview of ACE Troubleshooting
Understanding the ACE Module Architecture and Traffic Flow
Preliminary ACE Troubleshooting
Troubleshooting ACE Boot Issues
Troubleshooting with ACE Logging
Troubleshooting Connectivity
Troubleshooting Remote Access
Troubleshooting Access Control Lists
Troubleshooting Network Address Translation
Troubleshooting ACE Health Monitoring
Troubleshooting Layer 4 Load Balancing
Troubleshooting Layer 7 Load Balancing
Troubleshooting Redundancy
Troubleshooting SSL
Troubleshooting Performance Issues
ACE Resource Limits
Managing ACE Resources

Contents











ACE Performance Numbers and Resource Limits

For the most current performance numbers for the ACE products, always refer to the data sheets for the ACE appliance and the ACE module.

ACE Appliance Data Sheet

ACE appliance data sheet

ACE Module Data Sheets

ACE10/ACE20 module data sheet

ACE30 module data sheet

If you have any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

SLB-Related Limits

Scalability Numbers The scalability numbers provided here are intended to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to your deployment, testing with your feature combination is strongly recommended. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

SLB-Related Object ACE Module System Limit ACE Module Context Limit ACE Appliance Limit Additional Information
ARP Entries 32,768 32,768 32,768
Bridge Table Entries 32,768 32,768 32,768 A few are reserved for L2 interafces, redundancy, and so on.
Bridge-Group Virtual Interfaces (BVIs) 4096 2048 512
Concurrent Conns L4 (Unproxied) 4,000,000 4,000,000 1,000,000
Concurrent Connections L7 (Proxied) 512,000 512,000 128,000
Domains 2,500 10 (9) 10 (9 per context) One is used for the default domain.
Domain Objects None None None Any object within the virtual partition can be added to a domain.
Logical Interfaces 8,192 8,192 8,192
Resource Classes 100 (99) 1 100 (99) One is used for the default class.
Roles 4,000 16 (8) 16 (8) per context Eight are predefined.
Sticky Groups 4,096 4,096 4,096
Sticky Table Entries 4,000,000 4,000,000 800,000
Virtual Contexts 251 N/A 21 (1 Admin context) 250 user contexts + 1 Admin context
VLANs 4,000 (2-4094) 4,000 (2-4094) 4,000 (2-4094)




















Security-Related Limits

Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

Security Related Object ACE Module System Limit ACE Module Context Limit ACE Appliance Limit Additional Information
Static NAT Policies 4096 4096 4096
Dynamic NAT Policies 4096 4096 4096
Maximum of addresses in a NAT pool 64 64 32
Maximum of addresses in a PAT pool 63k 63k 63l
PAT Entries 4,000,000 4,000,000 1,000,000
Total NAT Pools 8,192 8,192 8,192
Xlates 1,000,000 1,000,000 64,000
Concurrent SSL Conns 100,000 100,000 100,000 Subset of L7 (proxied) connections
RSA key size up to 4096 bits up to 4096 bits up to 4096 bits Supported: 512, 786, 1536, 1024, 2048, and 4096 (imported public keys only) bits
SSL Certs/Key files 3800/3800 (A2(3.x) and earlier)

4096/4096 (A4(1.0) and later)

3800/3800 (A2(3.x) and earlier)

4096/4096 (A4(1.0) and later)

3800/3800 (A3(1.x) and earlier)

4096/4096 (A3(2.x) and later, incl. A4(1.0))

This number is strictly enforced in A220, A214, and A322




















Management-Related Limits

Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

Management-Related Object ACE Module System Limit ACE Module Context Limit ACE Appliance Additional Information
AAA LDAP Servers 6,144 8 (24 total) 8
AAA RADIUS Servers 2K (256*8) 8 (24 total) 8
AAA TACACS+ Servers 6K (256*24) 8 (24 total) 8
Domains 2500 64 (63) 64 (63) One domain is used for the default-domain and cannot be removed
Local Users 7500 30 (Admin context: 28) 31 (including admin, www, and dm)
Objects within a Domain No limit No limit Any object within the virtual partition can be added to a domain
Resource-classes 252 Not applicable 100
Roles 4000 16 (8) 16 (8) Eight are predefined and cannot be altered, leaving eight for you to customize
SNMP Hosts No Limit 10
SSH Sessions 256 4 4
Syslog buffer size 4 MB 4 MB 1 MB
Syslog CP rate 5,000 per seconds 5,000 per seconds 3,000 per seconds
Syslog DP rate 350,000 per second 350,000 per second 120,000 per second
Syslog history table size 256 x 500 500
Syslog Hosts 256 2 2
Syslog internal queue size 10 MB 10 MB 8,192 messages
Syslog persistence size 1M 1M
Syslog rate limit table size 256 x 100 100 10,000 messages per sec
Telnet Sessions 256 4 4

Rating: 3.9/5 (19 votes cast)

Personal tools