Sticky resource not available - ACE Module

Answered Question
Oct 4th, 2008

hi,

I am getting the below error on defining stickiness. Please assist.

switch/Admin(config)# sticky ip-netmask 255.255.255.255 address both ACE-CKH-STICKY

Error: sticky resource not available

Thanks.

I have this problem too.
0 votes
Correct Answer by sachinga.hcl about 8 years 2 months ago

The sticky resource must be specifically allocated to each class requiring sticky resources. Because the default resource class does not allocate resources for sticky, this needs to be done manually if persistence is required.

The Cisco ACE module supports up to 100 unique resource classes. Any resource class can be applied to any single virtual partition or all virtual partitions if resources are available for allocation. There are three ways to allocate individual resources within a resource class:

• Fixed: Minimally allocate x% and maximum may not exceed x%.

• Oversubscription: Minimally allocate x% with the option to use any available resources.

• Free-for-all: Any available resource can be used, but no minimal allocations are defined.

Rate-limited resources are reserved by the Cisco ACE module when allocated to a virtual partition. This allocation method can either be assigned to help ensure a virtual partition has enough resources to properly handle client traffic, or to help ensure a virtual partition does not exhaust resources that are used in other virtual partitions. To configure a rate-limited resource, define the guaranteed value as the minimum limit and configure the maximum limit as "equal-to-min."

ACE/Admin(config)# resource-class 10-guaranteed

ACE/Admin(config-resource)# limit-resource all min 10 maximum equal-to-min

Resources can be allocated to allow oversubscription in scenarios where a virtual partition is required to perform at a minimum level and may need to draw upon additional resources during peak times. When configuring a resource for oversubscription, define the guaranteed value as the minimum limit and configure the maximum limit as "unlimited."

ACE/Admin(config)# resource-class 15-plus

ACE/Admin(config-resource)# limit-resource all min 15 maximum unlimited

Use the free-for-all allocation to allow fair competition for resources between virtual partitions. By default all resources (except sticky) are allocated to the "default-class." By default this class is applied to all new virtual partitions when the virtual partition is created. To configure a free-for-all allocation of a resource, define the minimum limit as zero and configure the maximum limit as "unlimited."

ACE/Admin(config)# resource-class any-available

ACE/Admin(config-resource)# limit-resource all min 0 maximum unlimited

-----

Check URL below containg the above all...

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/White_Paper_Cisco_Application_Control_Engine_A_Technical_Overview_of_Virtual_Partitioning_ps7027_Products_White_Paper.html

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/virtualization/guide/config.html

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (4 ratings)
Loading.
new_networker Sat, 10/04/2008 - 02:34

I think I need to allocate resource to the sticky group.

Could someone let me know how to allocate resources to sticky group within default resource class. I would like to use the default resource class for all allocation initially.

Regards.

Correct Answer
sachinga.hcl Sat, 10/04/2008 - 03:05

The sticky resource must be specifically allocated to each class requiring sticky resources. Because the default resource class does not allocate resources for sticky, this needs to be done manually if persistence is required.

The Cisco ACE module supports up to 100 unique resource classes. Any resource class can be applied to any single virtual partition or all virtual partitions if resources are available for allocation. There are three ways to allocate individual resources within a resource class:

• Fixed: Minimally allocate x% and maximum may not exceed x%.

• Oversubscription: Minimally allocate x% with the option to use any available resources.

• Free-for-all: Any available resource can be used, but no minimal allocations are defined.

Rate-limited resources are reserved by the Cisco ACE module when allocated to a virtual partition. This allocation method can either be assigned to help ensure a virtual partition has enough resources to properly handle client traffic, or to help ensure a virtual partition does not exhaust resources that are used in other virtual partitions. To configure a rate-limited resource, define the guaranteed value as the minimum limit and configure the maximum limit as "equal-to-min."

ACE/Admin(config)# resource-class 10-guaranteed

ACE/Admin(config-resource)# limit-resource all min 10 maximum equal-to-min

Resources can be allocated to allow oversubscription in scenarios where a virtual partition is required to perform at a minimum level and may need to draw upon additional resources during peak times. When configuring a resource for oversubscription, define the guaranteed value as the minimum limit and configure the maximum limit as "unlimited."

ACE/Admin(config)# resource-class 15-plus

ACE/Admin(config-resource)# limit-resource all min 15 maximum unlimited

Use the free-for-all allocation to allow fair competition for resources between virtual partitions. By default all resources (except sticky) are allocated to the "default-class." By default this class is applied to all new virtual partitions when the virtual partition is created. To configure a free-for-all allocation of a resource, define the minimum limit as zero and configure the maximum limit as "unlimited."

ACE/Admin(config)# resource-class any-available

ACE/Admin(config-resource)# limit-resource all min 0 maximum unlimited

-----

Check URL below containg the above all...

http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/White_Paper_Cisco_Application_Control_Engine_A_Technical_Overview_of_Virtual_Partitioning_ps7027_Products_White_Paper.html

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/virtualization/guide/config.html

new_networker Sat, 10/04/2008 - 04:17

Thanks.

Two questions

1) The description of sticky in limit-resource command is number of sticky entries in the sticky table. However, if I were to do limit-resource sticky minimum ?, it would ask to give a value between 0-100%. Now how can the number of entries in sticky tables associate the percentage value in limit-resource command.

2) What is a good number to use for sticky mimimum value. Or what is a good way to determine suitable sticky value.

sachinga.hcl Sat, 10/04/2008 - 11:42

First of thanks for your nice rating.

you can define 50 percent minimum sticky resources using below command:

host1/Admin(config-resource)#limit-resource sticky minimum 50.00 maximum equal-to-min

Configure a resource class to limit resources used by user contexts. For example, to limit the resources of a context to 10 percent of the total resources available, enter the following commands:

host1/Admin(config)# resource-class RC1

host1/Admin(config-resource)# limit resource all minimum 10 maximum equal-to-min

host1/Admin(config-resource)# exit

ACE/Admin(config-resource)# limit-resource all minimum 0.00 maximum unlimited

maximum {equal-to-min | unlimited}-Specifies the maximum resource value: either the same as the minimum value or no limit.

When you remove a resource class from the ACE, any contexts that were members of that resource class automatically become members of the default resource class. The default resource class allocates a minimum of 0.00 percent to a maximum of 100.00 percent of all ACE resources to each context. You cannot modify the default resource class.

Sticky table Entries

maximum entries=800,000 table entries

sachinga.hcl Sat, 10/04/2008 - 11:43

Allocating Resources

When you plan the initial resource allocations for the virtual contexts in your configuration, allocate only the minimum required or estimated resources. The ACE protects resources that are in use, so to decrease a context's resources, those resources must be unused. Although it is possible to decrease the resource allocations in real time, it may require additional management overhead to clear any used resources before reducing them. Therefore, it is considered a best practice to initially keep as many resources in reserve as possible and allocate the unused reserved resources as needed.

To address scaling and capacity planning, we recommend that new ACE installations do not exceed 60 to 80 percent of the appliance's total capacity. To accomplish this goal, create a reserved resource class with a guarantee of 20 to 40 percent of all the ACE resources. Configure a virtual context dedicated solely to ensuring that these resources are reserved. Then, you can efficiently distribute such reserved resources to contexts as capacity demands for handling client traffic increase over time.

You can allocate all resources or individual resources to all member contexts of a resource class. For example, you can allocate only concurrent connections or sticky table memory. To allocate system resources to all members (contexts) of a resource class, use the limit-resource command in resource-class configuration mode. The syntax of this command is as follows:

limit-resource {acc-connections | acl-memory | all | buffer {syslog} | conc-connections | http-comp | mgmt-connections | proxy-connections | rate {bandwidth | connections | inspect-conn | mac-miss | mgmt-traffic | ssl-connections | syslog} | regexp | sticky | xlates} {minimum number} {maximum {equal-to-min | unlimited}}

The arguments and keywords are as follows:

•acc-connections-Limits the number of application acceleration connections.

•acl-memory-Limits memory space allocated for ACLs.

•all-Limits all resources to the specified value for all contexts assigned to this resource class.

•buffer-Limits the number of syslog buffers.

•conc-connections-Limits the number of simultaneous connections.

•http-comp-Limits the HTTP compression rate.

•mgmt-connections-Limits the number of management (to-the-ACE) connections.

•proxy-connections-Limits the number of proxy connections.

•rate-Limits the resource as a number per second for the following:

-bandwidth-Limits context throughput in bytes per second.

-connections-Limits the number of connections of any kind per second.

-inspect conn-Limits the number of application protocol inspection connections per second for File Transfer Protocol (FTP) and Real-Time Streaming Protocol (RTSP) only.

-mac-miss-Limits the ACE traffic sent to the control plane when the encapsulation is not correct in bytes per second.

-mgmt-traffic-Limits management (to-the-ACE) traffic in bytes per second.

-ssl-connections-Limits the number of SSL connections per second.

-syslog-Limits the number of syslog messages per second.

sachinga.hcl Sat, 10/04/2008 - 11:45

Note The syslog message statistics do not include the syslogs generated from the dataplane when you enable the logging of connection setup and teardown syslog messages through the logging fastpath command.

--------

•regexp-Limits the amount of regular expression memory.

•sticky-Limits the number of entries in the sticky table. You must configure a minimum value for sticky to allocate resources for sticky entries, because the sticky software receives no resources under the unlimited setting.

•xlates-Limits the number of network and port address translations entries.

•minimum number-Specifies the lowest acceptable value. Enter an integer from 0.00 to 100.00 percent (two-decimal places of granularity). The number argument specifies a percentage value for all contexts that are members of the class. When used with the rate keyword, the number argument specifies a value per second.

•maximum {equal-to-min | unlimited}-Specifies the maximum resource value: either the same as the minimum value or no limit.

----

Note The limit that you set for individual resources when you use the limit-resource command overrides the limit that you set for all resources when you use the limit-resource all command.

-------

If you lower the limits for one context (context A) in order to increase the limits of another context (context B), you may experience a delay in the configuration change because the ACE will not lower the limits of context A until the resources are no longer being used by the context.

For example, to allocate 20 percent of all resources (minimum and maximum) to all member contexts of the resource class, enter:

(config-resource)# limit-resource all minimum 20% maximum equal-to-min

System Resource Maximum Values

Resource Maximum Value

Application Acceleration Connections

10000 connections

ACL Memory

34123184 bytes

Buffer Memory (Syslog)

1048576 bytes

Concurrent Connections

1,000,000 connections (Layer 4),

100,000 connections (SSL)

HTTP Compression

100 megabits per second (Mbps). You can upgrade the ACE maximum HTTP compression rate to 1 Gbps by purchasing a separate license from Cisco Systems. For more information, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.

Management Connections

5000 connections

Proxy Connections (Layer 7)

256,000 connections

Rate

Bandwidth

1 gigabits per second (Gbps). You can upgrade the ACE maximum bandwidth to 2 Gbps by purchasing a separate license from Cisco Systems. For more information, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.

Connections (any kind)

120,000 connections per second (Layer 4), 40, 000 connections per second (Layer 7)

MAC miss

2000 packets per second

Management traffic

125,000,000 bits per second

SSL connections

1000 transactions per second (TPS). You can upgrade the SSL bandwidth to a maximum of 7500 TPS with a separate license. For more information, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.

syslog

For traffic going to the ACE (control plane), 3000 messages per second

For traffic going through the ACE (data plane), 120,000 messages per second

Regular Expression Memory

1,048,576 bytes

Sticky Entries

800,000 table entries

Xlates (network and port address translation entries)

64,000 Xlates (network entries),

1,000,000 Xlates (port address translation entries)

Kind Regards,

Sachin Garg

Senior Specialist Security

HCL Comnet Ltd.

http://www.hclcomnet.co.in

A-10, Sector 3, Noida- 201301

INDIA

Mob: +91-9911757733

Email: [email protected]

Syed Iftekhar Ahmed Sat, 10/04/2008 - 17:33

When you use minimum & maximum values in a limit-resource command then in affect you are reserving a % of resource (represented by minimum value) and defining a an upper threshold for the available resource that can be used by context if needed.

minimum value allocate/reserve a % of available resources to the context and makes this %of resources are unavailable to other contexts.

Where as maximum value puts the upper limit on the oversubscription. Context can take the available resource on per need basis but the usage will never exceed the maximum value defined.

Just for example if you have 2 contexts and you want to distribute sticky resources evenly between these contexts then you will define the following resource-class and assign it to both contexts

resource-class XYZ

limit-resource sticky minimum 50 maximum unlimited

There is no generic good/bad value for resource classes. It really depends on the type of traffic you are serving with each contexts. You can start with open ended resource-allocation policies and then can tweak these as per requirement.

For e.g

If you have n contexts, you can create the following class and apply it to all contexts

resource-class XYZ

limit-resource sticky minimum 1 maximum unlimited

This will ensure that 1% of the resource is guaranteed to all contexts and remaining sticky entries are open to grab.

You can monitor all contexts usage and then can reserve/allocate accordingly.

I always recommend to Create a Dummy class and reserve 10%-15% of all module resources then create a dummy/unused context and assign this class.This will ensure that atleast 10%-15% of resources are reserved and unused and dynamically available for other contexts (If you need to allocate more resources to the contexts).

HTH

Syed Iftekhar Ahmed

Syed Iftekhar Ahmed Sat, 10/04/2008 - 17:57

One correction to the earlier response to your query (Since you are using ACE module)

Ace module supports 4 million sticky entries.

The post verbage is copied & pasted from ACE appliance virtualization guide and hence mentions the ACE appliance sticky resource limit (800,000).

Thanks

Syed

Actions

This Discussion