Cisco Application Control Engine (ACE) Troubleshooting Guide -- ACE Resource Limits
From DocWiki
m (→ACE Performance Numbers and Resource Limits) |
m (→Management-Related Limits) |
||
(12 intermediate revisions not shown) | |||
Line 4: | Line 4: | ||
|align="center"|'''Guide Contents''' | |align="center"|'''Guide Contents''' | ||
|- | |- | ||
- | |[[Cisco Application Control Engine (ACE) | + | |[[Cisco Application Control Engine (ACE) Troubleshooting Guide|Main Article]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Overview of ACE Troubleshooting|Overview of ACE Troubleshooting]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Understanding the ACE Module Architecture and Traffic Flow|Understanding the ACE Module Architecture and Traffic Flow]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Preliminary ACE Troubleshooting|Preliminary ACE Troubleshooting]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting ACE Boot Issues|Troubleshooting ACE Boot Issues]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting with ACE Logging|Troubleshooting with ACE Logging]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Connectivity|Troubleshooting Connectivity]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Ethernet Ports|Troubleshooting ACE Appliance Ethernet Ports]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Remote Access|Troubleshooting Remote Access]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Access Control Lists|Troubleshooting Access Control Lists]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Network Address Translation|Troubleshooting Network Address Translation]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting ACE Health Monitoring|Troubleshooting ACE Health Monitoring]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Layer 4 Load Balancing|Troubleshooting Layer 4 Load Balancing]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Layer 7 Load Balancing|Troubleshooting Layer 7 Load Balancing]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Redundancy|Troubleshooting Redundancy]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting SSL|Troubleshooting SSL]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Compression|Troubleshooting Compression]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Troubleshooting Performance Issues|Troubleshooting Performance Issues]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- ACE Resource Limits|ACE Resource Limits]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Managing Resources|Managing ACE Resources]]<br>[[Cisco Application Control Engine (ACE) Troubleshooting Guide -- Show Counter Reference|Show Counter Reference]]<br> |
|} | |} | ||
__TOC__ | __TOC__ | ||
+ | |||
+ | |||
+ | |||
Line 230: | Line 233: | ||
|- | |- | ||
|RSA key size | |RSA key size | ||
- | |up to | + | |up to 4096 bits |
- | |up to | + | |up to 4096 bits |
- | |up to | + | |up to 4096 bits |
- | |Supported: 512, 786, 1536, 1024, | + | |Supported: 512, 786, 1536, 1024, 2048, and 4096 (imported public keys only) bits |
- | + | ||
|- | |- | ||
|SSL Certs/Key files | |SSL Certs/Key files | ||
- | |3800/3800 | + | |3800/3800 (A2(3.x) and earlier) |
- | |3800/3800 | + | 4096/4096 (A4(1.0) and later) |
- | |3800/3800 | + | |3800/3800 (A2(3.x) and earlier) |
+ | 4096/4096 (A4(1.0) and later) | ||
+ | |3800/3800 (A3(1.x) and earlier) | ||
+ | 4096/4096 (A3(2.x) and later, incl. A4(1.0)) | ||
|This number is strictly enforced in A220, A214, and A322 | |This number is strictly enforced in A220, A214, and A322 | ||
Line 347: | Line 352: | ||
|350,000 per second | |350,000 per second | ||
|350,000 per second | |350,000 per second | ||
- | | | + | |100,000 per second |
| | | | ||
Latest revision as of 17:48, 29 March 2011
This article describes the ACE system limits and performance numbers for various resources and configuration objects.
Contents |
ACE Performance Numbers and Resource Limits
For the most current performance numbers for the ACE products, always refer to the data sheets for the ACE appliance and the ACE module.
ACE Appliance Data Sheet
ACE Module Data Sheets
If you have any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.
SLB-Related Limits
Scalability Numbers The scalability numbers provided here are intended to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to your deployment, testing with your feature combination is strongly recommended. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.
SLB-Related Object | ACE Module System Limit | ACE Module Context Limit | ACE Appliance Limit | Additional Information |
ARP Entries | 32,768 | 32,768 | 32,768 | |
Bridge Table Entries | 32,768 | 32,768 | 32,768 | A few are reserved for L2 interafces, redundancy, and so on. |
Bridge-Group Virtual Interfaces (BVIs) | 4096 | 2048 | 512 | |
Concurrent Conns L4 (Unproxied) | 4,000,000 | 4,000,000 | 1,000,000 | |
Concurrent Connections L7 (Proxied) | 512,000 | 512,000 | 128,000 | |
Domains | 2,500 | 10 (9) | 10 (9 per context) | One is used for the default domain. |
Domain Objects | None | None | None | Any object within the virtual partition can be added to a domain. |
Logical Interfaces | 8,192 | 8,192 | 8,192 | |
Resource Classes | 100 (99) | 1 | 100 (99) | One is used for the default class. |
Roles | 4,000 | 16 (8) | 16 (8) per context | Eight are predefined. |
Sticky Groups | 4,096 | 4,096 | 4,096 | |
Sticky Table Entries | 4,000,000 | 4,000,000 | 800,000 | |
Virtual Contexts | 251 | N/A | 21 (1 Admin context) | 250 user contexts + 1 Admin context |
VLANs | 4,000 (2-4094) | 4,000 (2-4094) | 4,000 (2-4094) |
Security-Related Limits
Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.
Security Related Object | ACE Module System Limit | ACE Module Context Limit | ACE Appliance Limit | Additional Information |
Static NAT Policies | 4096 | 4096 | 4096 | |
Dynamic NAT Policies | 4096 | 4096 | 4096 | |
Maximum of addresses in a NAT pool | 64 | 64 | 32 | |
Maximum of addresses in a PAT pool | 63k | 63k | 63l | |
PAT Entries | 4,000,000 | 4,000,000 | 1,000,000 | |
Total NAT Pools | 8,192 | 8,192 | 8,192 | |
Xlates | 1,000,000 | 1,000,000 | 64,000 | |
Concurrent SSL Conns | 100,000 | 100,000 | 100,000 | Subset of L7 (proxied) connections |
RSA key size | up to 4096 bits | up to 4096 bits | up to 4096 bits | Supported: 512, 786, 1536, 1024, 2048, and 4096 (imported public keys only) bits |
SSL Certs/Key files | 3800/3800 (A2(3.x) and earlier)
4096/4096 (A4(1.0) and later) | 3800/3800 (A2(3.x) and earlier)
4096/4096 (A4(1.0) and later) | 3800/3800 (A3(1.x) and earlier)
4096/4096 (A3(2.x) and later, incl. A4(1.0)) | This number is strictly enforced in A220, A214, and A322 |
Management-Related Limits
Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.
Management-Related Object | ACE Module System Limit | ACE Module Context Limit | ACE Appliance | Additional Information |
AAA LDAP Servers | 6,144 | 8 (24 total) | 8 | |
AAA RADIUS Servers | 2K (256*8) | 8 (24 total) | 8 | |
AAA TACACS+ Servers | 6K (256*24) | 8 (24 total) | 8 | |
Domains | 2500 | 64 (63) | 64 (63) | One domain is used for the default-domain and cannot be removed |
Local Users | 7500 | 30 (Admin context: 28) | 31 (including admin, www, and dm) | |
Objects within a Domain | No limit | No limit | Any object within the virtual partition can be added to a domain | |
Resource-classes | 252 | Not applicable | 100 | |
Roles | 4000 | 16 (8) | 16 (8) | Eight are predefined and cannot be altered, leaving eight for you to customize |
SNMP Hosts | No Limit | 10 | ||
SSH Sessions | 256 | 4 | 4 | |
Syslog buffer size | 4 MB | 4 MB | 1 MB | |
Syslog CP rate | 5,000 per seconds | 5,000 per seconds | 3,000 per seconds | |
Syslog DP rate | 350,000 per second | 350,000 per second | 100,000 per second | |
Syslog history table size | 256 x 500 | 500 | ||
Syslog Hosts | 256 | 2 | 2 | |
Syslog internal queue size | 10 MB | 10 MB | 8,192 messages | |
Syslog persistence size | 1M | 1M | ||
Syslog rate limit table size | 256 x 100 | 100 | 10,000 messages per sec | |
Telnet Sessions | 256 | 4 | 4 |