CSS - Configuration Limitations

Answered Question
Apr 30th, 2007
User Badges:


Can anyone tell me what (if any) the limitations are on the CSS with regard to configured services, content rules, groups, etc...? Is there a documented maximum for each individual config variable or the sum of all config variables? I've also heard that there is a limitation on the "size" of your actual config, i.e., how many lines of code in the overall running-config file (6,000 lines)?



Correct Answer by Syed Iftekhar Ahmed about 10 years 4 weeks ago

Roughly 1000 content rules & 128,000 entries in the sticky table.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Syed Iftekhar Ahmed Mon, 04/30/2007 - 18:43
User Badges:
  • Blue, 1500 points or more

CSS 11500 supports a maximum of 64 services per content rule and source group.

Number of services per CSS is limited by keepalive capacity which is bounded by CPU resources on the SCM.

Max 2048 for ICMP, TCP, HTTP Head non-persistent and SSL (Hello) keepalives.

Max 256 for HTTP-GET, FTP and Scripted with a maximum of 512 of these combined.

The max recommended configuration size is 10,000 lines.

a.veschak Tue, 05/01/2007 - 04:13
User Badges:


Thanks for the info... that's just what I was looking for.

One more question here... is there a limit to how many content rules you can have configured?

Thanks again!


Correct Answer
Syed Iftekhar Ahmed Tue, 05/01/2007 - 10:25
User Badges:
  • Blue, 1500 points or more

Roughly 1000 content rules & 128,000 entries in the sticky table.

thumpercisco Wed, 05/09/2007 - 11:15
User Badges:

just so I am clear, I currently have configured an Owner, a group with 2 services(2servers w/different IP addresses) all for one VIP address.

I can also add another Owner, group and in this case the services will have the same IP address but different ports for connection and a different VIP than above.

Will I need to add another circuit or can this second set use the same circuit and VLAN and interface pointing to the same upstream router.

a.veschak Thu, 05/10/2007 - 16:19
User Badges:


If all of your service VIPs fall within the same subnet range, then the answer is yes... you can utilize your existing circuit/VLAN configuration.

However, if you have your new service VIPs in a different subnet than your existing ones, then you will have to create a second circuit/VLAN to accomodate the additional service VIPs.

Whether or not you can utilize the same upstream router interface is dependant on which of the above situations you are configured for.




This Discussion