topic Re: FWSM memory partitions in Network Security

FWSM memory partitions

e-chuah — Mon, 11 Mar 2019 16:44:31 GMT

Hi,

I have a questions on FWSM memory partition. I understand that there are 12 memory partitions and we can configure how many partitions we need.

If i set the number of partition to 6, then each partition will have more resources compared to if i set the number of partitions to 12.

Can i just set the number of partition to 1, then in this case, i have one big memory partition which all the contexts i created will use.

My client (running 3.X) has 6 partitions of equal size. One of the partition is running out of resource and the other partitions still have plenty of resources. I undertand that 4.x has some enhancement on resource allocation. I am just thinking if it might be easier just to have one large partition and any context just use that pool of resrouces. In this way, it will keep things simple..

Has anyone tried this before? Anything i should take note of if i do this?

Thanks

Eng Wee

Re: FWSM memory partitions

Jon Marshall — Wed, 02 Dec 2009 11:46:18 GMT

e-chuah wrote:

Hi,

I have a questions on FWSM memory partition. I understand that there are 12 memory partitions and we can configure how many partitions we need.

If i set the number of partition to 6, then each partition will have more resources compared to if i set the number of partitions to 12.

Can i just set the number of partition to 1, then in this case, i have one big memory partition which all the contexts i created will use.

Has anyone tried this before? Anything i should take note of if i do this?

Thanks

Eng Wee

Eng

You can do this but i wouldn't recommend it. The whole idea of using memory partitions is to protect virtual firewalls from each other. If you have one big partition with all contexts in and one context consumes all resources then all contexts suffer.

Jon

Re: FWSM memory partitions

Kureli Sankar — Wed, 02 Dec 2009 14:49:52 GMT

FWSM 4.x

Total Partitions        ACLs
     12          19219
     11          20821
     10          22714
     9          24985
     8          27761
     7          31232
     6          35693
     5          41642
     4          49971
     3          62464
     2          83285
     1          124928


There is also acl optimization in 4.x. 
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/product_bulletin_c25-478751.html


I agree with Jon. May be you can go to 3 partitions and point all the smaller contexts to one partition and give 
the bigger context its own partition.

-KS

Re: FWSM memory partitions

e-chuah — Fri, 04 Dec 2009 11:01:50 GMT

kusankar & Jon, Thanks for the reply. I managed to get hold of a FWSM and downloaded 4.x to test. With 1 partition, you get 124928 rules in total excluding the backup tree with 2 partitions, you get 166570 rules in total excluding the backup tree. with 12 partitions, you get 230628 rules in total excluding the backup tree This is because of the backup tree partition which is equivalent to the size of the biggest partition. So even with one partition, it doesn't mean you can have more context as the total number of rules are also reduced. Rgds Eng Wee

Re: FWSM memory partitions

Kureli Sankar — Fri, 04 Dec 2009 13:56:39 GMT

Looks like you would have to move this big context to a separate firewall. Have you looked at the ASA5580s?

http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html

-KS