10-04-2008 12:27 AM
hi,
I am getting the below error on defining stickiness. Please assist.
switch/Admin(config)# sticky ip-netmask 255.255.255.255 address both ACE-CKH-STICKY
Error: sticky resource not available
Thanks.
Solved! Go to Solution.
10-04-2008 03:05 AM
The sticky resource must be specifically allocated to each class requiring sticky resources. Because the default resource class does not allocate resources for sticky, this needs to be done manually if persistence is required.
The Cisco ACE module supports up to 100 unique resource classes. Any resource class can be applied to any single virtual partition or all virtual partitions if resources are available for allocation. There are three ways to allocate individual resources within a resource class:
⢠Fixed: Minimally allocate x% and maximum may not exceed x%.
⢠Oversubscription: Minimally allocate x% with the option to use any available resources.
⢠Free-for-all: Any available resource can be used, but no minimal allocations are defined.
Rate-limited resources are reserved by the Cisco ACE module when allocated to a virtual partition. This allocation method can either be assigned to help ensure a virtual partition has enough resources to properly handle client traffic, or to help ensure a virtual partition does not exhaust resources that are used in other virtual partitions. To configure a rate-limited resource, define the guaranteed value as the minimum limit and configure the maximum limit as "equal-to-min."
ACE/Admin(config)# resource-class 10-guaranteed
ACE/Admin(config-resource)# limit-resource all min 10 maximum equal-to-min
Resources can be allocated to allow oversubscription in scenarios where a virtual partition is required to perform at a minimum level and may need to draw upon additional resources during peak times. When configuring a resource for oversubscription, define the guaranteed value as the minimum limit and configure the maximum limit as "unlimited."
ACE/Admin(config)# resource-class 15-plus
ACE/Admin(config-resource)# limit-resource all min 15 maximum unlimited
Use the free-for-all allocation to allow fair competition for resources between virtual partitions. By default all resources (except sticky) are allocated to the "default-class." By default this class is applied to all new virtual partitions when the virtual partition is created. To configure a free-for-all allocation of a resource, define the minimum limit as zero and configure the maximum limit as "unlimited."
ACE/Admin(config)# resource-class any-available
ACE/Admin(config-resource)# limit-resource all min 0 maximum unlimited
-----
Check URL below containg the above all...
10-04-2008 02:34 AM
I think I need to allocate resource to the sticky group.
Could someone let me know how to allocate resources to sticky group within default resource class. I would like to use the default resource class for all allocation initially.
Regards.
10-04-2008 03:05 AM
The sticky resource must be specifically allocated to each class requiring sticky resources. Because the default resource class does not allocate resources for sticky, this needs to be done manually if persistence is required.
The Cisco ACE module supports up to 100 unique resource classes. Any resource class can be applied to any single virtual partition or all virtual partitions if resources are available for allocation. There are three ways to allocate individual resources within a resource class:
⢠Fixed: Minimally allocate x% and maximum may not exceed x%.
⢠Oversubscription: Minimally allocate x% with the option to use any available resources.
⢠Free-for-all: Any available resource can be used, but no minimal allocations are defined.
Rate-limited resources are reserved by the Cisco ACE module when allocated to a virtual partition. This allocation method can either be assigned to help ensure a virtual partition has enough resources to properly handle client traffic, or to help ensure a virtual partition does not exhaust resources that are used in other virtual partitions. To configure a rate-limited resource, define the guaranteed value as the minimum limit and configure the maximum limit as "equal-to-min."
ACE/Admin(config)# resource-class 10-guaranteed
ACE/Admin(config-resource)# limit-resource all min 10 maximum equal-to-min
Resources can be allocated to allow oversubscription in scenarios where a virtual partition is required to perform at a minimum level and may need to draw upon additional resources during peak times. When configuring a resource for oversubscription, define the guaranteed value as the minimum limit and configure the maximum limit as "unlimited."
ACE/Admin(config)# resource-class 15-plus
ACE/Admin(config-resource)# limit-resource all min 15 maximum unlimited
Use the free-for-all allocation to allow fair competition for resources between virtual partitions. By default all resources (except sticky) are allocated to the "default-class." By default this class is applied to all new virtual partitions when the virtual partition is created. To configure a free-for-all allocation of a resource, define the minimum limit as zero and configure the maximum limit as "unlimited."
ACE/Admin(config)# resource-class any-available
ACE/Admin(config-resource)# limit-resource all min 0 maximum unlimited
-----
Check URL below containg the above all...
10-04-2008 04:17 AM
Thanks.
Two questions
1) The description of sticky in limit-resource command is number of sticky entries in the sticky table. However, if I were to do limit-resource sticky minimum ?, it would ask to give a value between 0-100%. Now how can the number of entries in sticky tables associate the percentage value in limit-resource command.
2) What is a good number to use for sticky mimimum value. Or what is a good way to determine suitable sticky value.
10-04-2008 11:42 AM
First of thanks for your nice rating.
you can define 50 percent minimum sticky resources using below command:
host1/Admin(config-resource)#limit-resource sticky minimum 50.00 maximum equal-to-min
Configure a resource class to limit resources used by user contexts. For example, to limit the resources of a context to 10 percent of the total resources available, enter the following commands:
host1/Admin(config)# resource-class RC1
host1/Admin(config-resource)# limit resource all minimum 10 maximum equal-to-min
host1/Admin(config-resource)# exit
ACE/Admin(config-resource)# limit-resource all minimum 0.00 maximum unlimited
maximum {equal-to-min | unlimited}-Specifies the maximum resource value: either the same as the minimum value or no limit.
When you remove a resource class from the ACE, any contexts that were members of that resource class automatically become members of the default resource class. The default resource class allocates a minimum of 0.00 percent to a maximum of 100.00 percent of all ACE resources to each context. You cannot modify the default resource class.
Sticky table Entries
maximum entries=800,000 table entries
10-04-2008 11:43 AM
Allocating Resources
When you plan the initial resource allocations for the virtual contexts in your configuration, allocate only the minimum required or estimated resources. The ACE protects resources that are in use, so to decrease a context's resources, those resources must be unused. Although it is possible to decrease the resource allocations in real time, it may require additional management overhead to clear any used resources before reducing them. Therefore, it is considered a best practice to initially keep as many resources in reserve as possible and allocate the unused reserved resources as needed.
To address scaling and capacity planning, we recommend that new ACE installations do not exceed 60 to 80 percent of the appliance's total capacity. To accomplish this goal, create a reserved resource class with a guarantee of 20 to 40 percent of all the ACE resources. Configure a virtual context dedicated solely to ensuring that these resources are reserved. Then, you can efficiently distribute such reserved resources to contexts as capacity demands for handling client traffic increase over time.
You can allocate all resources or individual resources to all member contexts of a resource class. For example, you can allocate only concurrent connections or sticky table memory. To allocate system resources to all members (contexts) of a resource class, use the limit-resource command in resource-class configuration mode. The syntax of this command is as follows:
limit-resource {acc-connections | acl-memory | all | buffer {syslog} | conc-connections | http-comp | mgmt-connections | proxy-connections | rate {bandwidth | connections | inspect-conn | mac-miss | mgmt-traffic | ssl-connections | syslog} | regexp | sticky | xlates} {minimum number} {maximum {equal-to-min | unlimited}}
The arguments and keywords are as follows:
â¢acc-connections-Limits the number of application acceleration connections.
â¢acl-memory-Limits memory space allocated for ACLs.
â¢all-Limits all resources to the specified value for all contexts assigned to this resource class.
â¢buffer-Limits the number of syslog buffers.
â¢conc-connections-Limits the number of simultaneous connections.
â¢http-comp-Limits the HTTP compression rate.
â¢mgmt-connections-Limits the number of management (to-the-ACE) connections.
â¢proxy-connections-Limits the number of proxy connections.
â¢rate-Limits the resource as a number per second for the following:
-bandwidth-Limits context throughput in bytes per second.
-connections-Limits the number of connections of any kind per second.
-inspect conn-Limits the number of application protocol inspection connections per second for File Transfer Protocol (FTP) and Real-Time Streaming Protocol (RTSP) only.
-mac-miss-Limits the ACE traffic sent to the control plane when the encapsulation is not correct in bytes per second.
-mgmt-traffic-Limits management (to-the-ACE) traffic in bytes per second.
-ssl-connections-Limits the number of SSL connections per second.
-syslog-Limits the number of syslog messages per second.
10-04-2008 11:45 AM
Note The syslog message statistics do not include the syslogs generated from the dataplane when you enable the logging of connection setup and teardown syslog messages through the logging fastpath command.
--------
â¢regexp-Limits the amount of regular expression memory.
â¢sticky-Limits the number of entries in the sticky table. You must configure a minimum value for sticky to allocate resources for sticky entries, because the sticky software receives no resources under the unlimited setting.
â¢xlates-Limits the number of network and port address translations entries.
â¢minimum number-Specifies the lowest acceptable value. Enter an integer from 0.00 to 100.00 percent (two-decimal places of granularity). The number argument specifies a percentage value for all contexts that are members of the class. When used with the rate keyword, the number argument specifies a value per second.
â¢maximum {equal-to-min | unlimited}-Specifies the maximum resource value: either the same as the minimum value or no limit.
----
Note The limit that you set for individual resources when you use the limit-resource command overrides the limit that you set for all resources when you use the limit-resource all command.
-------
If you lower the limits for one context (context A) in order to increase the limits of another context (context B), you may experience a delay in the configuration change because the ACE will not lower the limits of context A until the resources are no longer being used by the context.
For example, to allocate 20 percent of all resources (minimum and maximum) to all member contexts of the resource class, enter:
(config-resource)# limit-resource all minimum 20% maximum equal-to-min
System Resource Maximum Values
Resource Maximum Value
Application Acceleration Connections
10000 connections
ACL Memory
34123184 bytes
Buffer Memory (Syslog)
1048576 bytes
Concurrent Connections
1,000,000 connections (Layer 4),
100,000 connections (SSL)
HTTP Compression
100 megabits per second (Mbps). You can upgrade the ACE maximum HTTP compression rate to 1 Gbps by purchasing a separate license from Cisco Systems. For more information, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
Management Connections
5000 connections
Proxy Connections (Layer 7)
256,000 connections
Rate
Bandwidth
1 gigabits per second (Gbps). You can upgrade the ACE maximum bandwidth to 2 Gbps by purchasing a separate license from Cisco Systems. For more information, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
Connections (any kind)
120,000 connections per second (Layer 4), 40, 000 connections per second (Layer 7)
MAC miss
2000 packets per second
Management traffic
125,000,000 bits per second
SSL connections
1000 transactions per second (TPS). You can upgrade the SSL bandwidth to a maximum of 7500 TPS with a separate license. For more information, see the Cisco 4700 Series Application Control Engine Appliance Administration Guide.
syslog
For traffic going to the ACE (control plane), 3000 messages per second
For traffic going through the ACE (data plane), 120,000 messages per second
Regular Expression Memory
1,048,576 bytes
Sticky Entries
800,000 table entries
Xlates (network and port address translation entries)
64,000 Xlates (network entries),
1,000,000 Xlates (port address translation entries)
Kind Regards,
Sachin Garg
Senior Specialist Security
HCL Comnet Ltd.
A-10, Sector 3, Noida- 201301
INDIA
Mob: +91-9911757733
Email: sachinga@hcl.in
10-04-2008 05:33 PM
When you use minimum & maximum values in a limit-resource command then in affect you are reserving a % of resource (represented by minimum value) and defining a an upper threshold for the available resource that can be used by context if needed.
minimum value allocate/reserve a % of available resources to the context and makes this %of resources are unavailable to other contexts.
Where as maximum value puts the upper limit on the oversubscription. Context can take the available resource on per need basis but the usage will never exceed the maximum value defined.
Just for example if you have 2 contexts and you want to distribute sticky resources evenly between these contexts then you will define the following resource-class and assign it to both contexts
resource-class XYZ
limit-resource sticky minimum 50 maximum unlimited
There is no generic good/bad value for resource classes. It really depends on the type of traffic you are serving with each contexts. You can start with open ended resource-allocation policies and then can tweak these as per requirement.
For e.g
If you have n contexts, you can create the following class and apply it to all contexts
resource-class XYZ
limit-resource sticky minimum 1 maximum unlimited
This will ensure that 1% of the resource is guaranteed to all contexts and remaining sticky entries are open to grab.
You can monitor all contexts usage and then can reserve/allocate accordingly.
I always recommend to Create a Dummy class and reserve 10%-15% of all module resources then create a dummy/unused context and assign this class.This will ensure that atleast 10%-15% of resources are reserved and unused and dynamically available for other contexts (If you need to allocate more resources to the contexts).
HTH
Syed Iftekhar Ahmed
10-04-2008 05:57 PM
One correction to the earlier response to your query (Since you are using ACE module)
Ace module supports 4 million sticky entries.
The post verbage is copied & pasted from ACE appliance virtualization guide and hence mentions the ACE appliance sticky resource limit (800,000).
Thanks
Syed
10-04-2008 06:59 PM
Hi Syed,
Thnaks for correcting me.
It is always great to look at your posts.
So I am rating you 5 for this.
Thanks for guiding me right.
Sachin Garg
Senior Specialist Security
HCL Comnet Ltd.
A-10, Sector 3, Noida- 201301
INDIA
Mob: +91-9911757733
Email: sachinga@hcl.in
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: