Cisco Application Control Engine (ACE) Troubleshooting Guide -- ACE Resource Limits
From DocWiki
This article describes the ACE system limits and performance numbers for various resources and configuration objects.
Contents |
ACE Performance Numbers and Resource Limits
Datasheet Numbers The performance numbers presented here have been obtained under very specific controlled conditions. The configurations and traffic profiles used were chosen to maximize the performance outcome for the given test. Customer environments where configuration combinations and traffic profiles are much more complex may not produce the same results. In order to obtain performance numbers specific to a particular customer, testing with that customer’s feature combination and traffic profile is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.
ACE Performance Numbers
SLB L4 bps | 4, 8, or 16 Gbps | .5, 1, 2, or 4 Gbps |
SLB L4 Connections per Second (CPS) | 325,000 | 120,000 |
SLB L7 Maximum CPS | 133,000 | 40,000 |
Concurrent L4 Sessions | 4,000,000 | 1,000,000 |
Concurrent L7 Sessions | 512,000 | 128,000 |
SSL Bandwidth | 3.3 Gbps | 1 Gbps |
SSL Transactions per Second (TPS) | 15,000 | 7,500 |
Concurrent SSL Sessions | 200,000 | 100,000 |
SLB-Related Limits
Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.
SLB-Related Object | ACE Module System Limit | ACE Module Context Limit | ACE Appliance Limit | Additional Information |
ARP Entries | 32,768 | 32,768 | 32,768 | |
Bridge Table Entries | 32,768 | 32,768 | 32,768 | A few are reserved for L2 interafces, redundancy, and so on. |
Bridge-Group Virtual Interfaces (BVIs) | 4096 | 2048 | 512 | |
Concurrent Conns L4 (Unproxied) | 4,000,000 | 4,000,000 | 1,000,000 | |
Concurrent Connections L7 (Proxied) | 512,000 | 512,000 | 128,000 | |
Domains | 2,500 | 10 (9) | 10 (9 per context) | One is used for the default domain. |
Domain Objects | None | None | None | Any object within the virtual partition can be added to a domain. |
Logical Interfaces | 8,192 | 8,192 | 8,192 | |
Resource Classes | 100 (99) | 1 | 100 (99) | One is used for the default class. |
Roles | 4,000 | 16 (8) | 16 (8) per context | Eight are predefined. |
Sticky Groups | 4,096 | 4,096 | 4,096 | |
Sticky Table Entries | 4,000,000 | 4,000,000 | 800,000 | |
Virtual Contexts | 251 | N/A | 21 (1 Admin context) | 250 user contexts + 1 Admin context |
VLANs | 4,000 (2-4094) | 4,000 (2-4094) | 4,000 (2-4094) |
Security-Related Limits
Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.
Security Related Object | ACE Module System Limit | ACE Module Context Limit | ACE Appliance Limit | Additional Information |
Static NAT Policies | 4096 | 4096 | 4096 | |
Dynamic NAT Policies | 4096 | 4096 | 4096 | |
Maximum of addresses in a NAT pool | 64 | 64 | 32 | |
Maximum of addresses in a PAT pool | 63k | 63k | 63l | |
PAT Entries | 4,000,000 | 4,000,000 | 1,000,000 | |
Total NAT Pools | 8,192 | 8,192 | 8,192 | |
Xlates | 1,000,000 | 1,000,000 | 64,000 | |
Concurrent SSL Conns | 100,000 | 100,000 | 100,000 | Subset of L7 (proxied) connections |
RSA key size | up to 2048 bits | up to 2048 bits | up to 2048 bits | Supported: 512, 786, 1536, 1024, & 2048 bits
Not supported: 3072 bits & 4096 bits |
SSL Certs/Key files | 3800/3800 | 3800/3800 | 3800/3800 | This number is strictly enforced in A220, A214, and A322 |
Management-Related Limits
Scalability Numbers The scalability numbers provided here are meant to provide guidelines related to configuration scalability. The scalability numbers, however, are based on basic configurations. In order to obtain scalability numbers specific to a particular customer, testing with that customer’s feature combination is strongly recommended before any commitment on ACE performance is made to the customer. If there are any questions or concerns related to ACE performance, please contact your Cisco account team for guidance.
Management-Related Object | ACE Module System Limit | ACE Module Context Limit | ACE Appliance | Additional Information |
AAA LDAP Servers | 6,144 | 8 (24 total) | 8 | |
AAA RADIUS Servers | 2K (256*8) | 8 (24 total) | 8 | |
AAA TACACS+ Servers | 6K (256*24) | 8 (24 total) | 8 | |
Domains | 2500 | 64 (63) | 64 (63) | One domain is used for the default-domain and cannot be removed |
Local Users | 7500 | 30 (Admin context: 28) | 31 (including admin, www, and dm) | |
Objects within a Domain | No limit | No limit | Any object within the virtual partition can be added to a domain | |
Resource-classes | 252 | Not applicable | 100 | |
Roles | 4000 | 16 (8) | 16 (8) | Eight are predefined and cannot be altered, leaving eight for you to customize |
SNMP Hosts | No Limit | 10 | ||
SSH Sessions | 256 | 4 | 4 | |
Syslog buffer size | 4 MB | 4 MB | 1 MB | |
Syslog CP rate | 5,000 per seconds | 5,000 per seconds | 3,000 per seconds | |
Syslog DP rate | 350,000 per second | 350,000 per second | 120,000 per second | |
Syslog history table size | 256 x 500 | 500 | ||
Syslog Hosts | 256 | 2 | 2 | |
Syslog internal queue size | 10 MB | 10 MB | 8,192 messages | |
Syslog persistence size | 1M | 1M | ||
Syslog rate limit table size | 256 x 100 | 100 | 10,000 messages per sec | |
Telnet Sessions | 256 | 4 | 4 |