Cisco Application Control Engine (ACE) Troubleshooting Guide -- ACE Resource Limits

From DocWiki

(Difference between revisions)
Jump to: navigation, search
m
m (Management-Related Limits)
 
(One intermediate revision not shown)
Line 8: Line 8:
__TOC__
__TOC__
 +
 +
 +
Line 349: Line 352:
|350,000 per second  
|350,000 per second  
|350,000 per second
|350,000 per second
-
|120,000 per second
+
|100,000 per second
|
|

Latest revision as of 17:48, 29 March 2011

This article describes the ACE system limits and performance numbers for various resources and configuration objects.

Guide Contents
Main Article
Overview of ACE Troubleshooting
Understanding the ACE Module Architecture and Traffic Flow
Preliminary ACE Troubleshooting
Troubleshooting ACE Boot Issues
Troubleshooting with ACE Logging
Troubleshooting Connectivity
Troubleshooting ACE Appliance Ethernet Ports
Troubleshooting Remote Access
Troubleshooting Access Control Lists
Troubleshooting Network Address Translation
Troubleshooting ACE Health Monitoring
Troubleshooting Layer 4 Load Balancing
Troubleshooting Layer 7 Load Balancing
Troubleshooting Redundancy
Troubleshooting SSL
Troubleshooting Compression
Troubleshooting Performance Issues
ACE Resource Limits
Managing ACE Resources
Show Counter Reference

Contents












ACE Performance Numbers and Resource Limits

For the most current performance numbers for the ACE products, always refer to the data sheets for the ACE appliance and the ACE module.

ACE Appliance Data Sheet

ACE appliance data sheet

ACE Module Data Sheets

ACE10/ACE20 module data sheet

ACE30 module data sheet

If you have any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

SLB-Related Limits

Scalability Numbers The scalability numbers provided here are intended to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to your deployment, testing with your feature combination is strongly recommended. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

SLB-Related Object ACE Module System Limit ACE Module Context Limit ACE Appliance Limit Additional Information
ARP Entries 32,768 32,768 32,768
Bridge Table Entries 32,768 32,768 32,768 A few are reserved for L2 interafces, redundancy, and so on.
Bridge-Group Virtual Interfaces (BVIs) 4096 2048 512
Concurrent Conns L4 (Unproxied) 4,000,000 4,000,000 1,000,000
Concurrent Connections L7 (Proxied) 512,000 512,000 128,000
Domains 2,500 10 (9) 10 (9 per context) One is used for the default domain.
Domain Objects None None None Any object within the virtual partition can be added to a domain.
Logical Interfaces 8,192 8,192 8,192
Resource Classes 100 (99) 1 100 (99) One is used for the default class.
Roles 4,000 16 (8) 16 (8) per context Eight are predefined.
Sticky Groups 4,096 4,096 4,096
Sticky Table Entries 4,000,000 4,000,000 800,000
Virtual Contexts 251 N/A 21 (1 Admin context) 250 user contexts + 1 Admin context
VLANs 4,000 (2-4094) 4,000 (2-4094) 4,000 (2-4094)




















Security-Related Limits

Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

Security Related Object ACE Module System Limit ACE Module Context Limit ACE Appliance Limit Additional Information
Static NAT Policies 4096 4096 4096
Dynamic NAT Policies 4096 4096 4096
Maximum of addresses in a NAT pool 64 64 32
Maximum of addresses in a PAT pool 63k 63k 63l
PAT Entries 4,000,000 4,000,000 1,000,000
Total NAT Pools 8,192 8,192 8,192
Xlates 1,000,000 1,000,000 64,000
Concurrent SSL Conns 100,000 100,000 100,000 Subset of L7 (proxied) connections
RSA key size up to 4096 bits up to 4096 bits up to 4096 bits Supported: 512, 786, 1536, 1024, 2048, and 4096 (imported public keys only) bits
SSL Certs/Key files 3800/3800 (A2(3.x) and earlier)

4096/4096 (A4(1.0) and later)

3800/3800 (A2(3.x) and earlier)

4096/4096 (A4(1.0) and later)

3800/3800 (A3(1.x) and earlier)

4096/4096 (A3(2.x) and later, incl. A4(1.0))

This number is strictly enforced in A220, A214, and A322




















Management-Related Limits

Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.

Management-Related Object ACE Module System Limit ACE Module Context Limit ACE Appliance Additional Information
AAA LDAP Servers 6,144 8 (24 total) 8
AAA RADIUS Servers 2K (256*8) 8 (24 total) 8
AAA TACACS+ Servers 6K (256*24) 8 (24 total) 8
Domains 2500 64 (63) 64 (63) One domain is used for the default-domain and cannot be removed
Local Users 7500 30 (Admin context: 28) 31 (including admin, www, and dm)
Objects within a Domain No limit No limit Any object within the virtual partition can be added to a domain
Resource-classes 252 Not applicable 100
Roles 4000 16 (8) 16 (8) Eight are predefined and cannot be altered, leaving eight for you to customize
SNMP Hosts No Limit 10
SSH Sessions 256 4 4
Syslog buffer size 4 MB 4 MB 1 MB
Syslog CP rate 5,000 per seconds 5,000 per seconds 3,000 per seconds
Syslog DP rate 350,000 per second 350,000 per second 100,000 per second
Syslog history table size 256 x 500 500
Syslog Hosts 256 2 2
Syslog internal queue size 10 MB 10 MB 8,192 messages
Syslog persistence size 1M 1M
Syslog rate limit table size 256 x 100 100 10,000 messages per sec
Telnet Sessions 256 4 4

Rating: 3.9/5 (19 votes cast)

Personal tools