CSS - Configuration Limitations

Answered Question
Apr 30th, 2007


Can anyone tell me what (if any) the limitations are on the CSS with regard to configured services, content rules, groups, etc...? Is there a documented maximum for each individual config variable or the sum of all config variables? I've also heard that there is a limitation on the "size" of your actual config, i.e., how many lines of code in the overall running-config file (6,000 lines)?



I have this problem too.
0 votes
Correct Answer by Syed Iftekhar Ahmed about 9 years 8 months ago

Roughly 1000 content rules & 128,000 entries in the sticky table.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Syed Iftekhar Ahmed Mon, 04/30/2007 - 18:43

CSS 11500 supports a maximum of 64 services per content rule and source group.

Number of services per CSS is limited by keepalive capacity which is bounded by CPU resources on the SCM.

Max 2048 for ICMP, TCP, HTTP Head non-persistent and SSL (Hello) keepalives.

Max 256 for HTTP-GET, FTP and Scripted with a maximum of 512 of these combined.

The max recommended configuration size is 10,000 lines.

a.veschak Tue, 05/01/2007 - 04:13


Thanks for the info... that's just what I was looking for.

One more question here... is there a limit to how many content rules you can have configured?

Thanks again!


thumpercisco Wed, 05/09/2007 - 11:15

just so I am clear, I currently have configured an Owner, a group with 2 services(2servers w/different IP addresses) all for one VIP address.

I can also add another Owner, group and in this case the services will have the same IP address but different ports for connection and a different VIP than above.

Will I need to add another circuit or can this second set use the same circuit and VLAN and interface pointing to the same upstream router.

a.veschak Thu, 05/10/2007 - 16:19


If all of your service VIPs fall within the same subnet range, then the answer is yes... you can utilize your existing circuit/VLAN configuration.

However, if you have your new service VIPs in a different subnet than your existing ones, then you will have to create a second circuit/VLAN to accomodate the additional service VIPs.

Whether or not you can utilize the same upstream router interface is dependant on which of the above situations you are configured for.




This Discussion