About Memory Partitions; Default Rule Allocation - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Managing Memory for Rules
About Memory Partitions
In multiple context mode, the FWSM partitions the memory allocated to rule configuration, and assigns
each context to a partition. By default, a context belongs to one of 12 partitions that offers a maximum
number rules, including ACEs, AAA rules, and others. See the
list of rule limits.
The FWSM assigns contexts to the partitions in the order they are loaded at startup. For example, if you
have 12 contexts and the maximum number of rules is 14,103, each context is assigned to its own
partition, and can use 14,103 rules. If you add one more context, then context number 1 and the new
context number 13 are both assigned to partition 1, and can use 14,103 rules divided between them; the
other 11 contexts continue to use 14,103 rules each. If you delete contexts, the partition membership
does not shift, so you might have some unequal distribution until you reboot, at which time the contexts
are evenly distributed.
Rules are used up on a first come, first served basis, so one context might use more rules than another
Note
context.
You can manage memory partitions by manually assigning a context to a partition (see the
a Security Context" section on page
of contexts you have (see the
changing the size of a partition (see the
and reallocating rules between features (see the
Memory Partition" section on page
Default Rule Allocation
Table 4-1
12 memory partitions.
Some access lists use more memory than others. Depending on the type of access list, the actual limit
Note
the system can support will be less than the maximum. See the
page 13-6
Table 4-1
Specification
AAA Rules
ACEs
established commands
Filter Rules
ICMP, Telnet, SSH, and HTTP Rules
Policy NAT ACEs
Inspect Rules
Total Rules
1. Use the show resource rule command to view the default values for partitions other than 12.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
4-12
4-27); reducing the number of partitions to better match the number
"Setting the Number of Memory Partitions" section on page
4-19).
lists the default number of rules for each feature type in multiple context mode, for the default
for more information about ACEs and memory usage.
Default Rule Allocation
2
3
"Default Rule Allocation"
"Changing the Memory Partition Size" section on page
"Reallocating Rules Between Features for a Specific
"Maximum Number of ACEs" section on
Maximum per Partition (with 12
1345
14,801
96
576
384
384
1537
19,219
Chapter 4
Configuring Security Contexts
section for a
"Configuring
4-13);
1
Partitions)
OL-20748-01
4-14);
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
