12-02-2009 01:38 AM - edited 03-11-2019 09:44 AM
Hi,
I have a questions on FWSM memory partition. I understand that there are 12 memory partitions and we can configure how many partitions we need.
If i set the number of partition to 6, then each partition will have more resources compared to if i set the number of partitions to 12.
Can i just set the number of partition to 1, then in this case, i have one big memory partition which all the contexts i created will use.
My client (running 3.X) has 6 partitions of equal size. One of the partition is running out of resource and the other partitions still have plenty of resources. I undertand that 4.x has some enhancement on resource allocation. I am just thinking if it might be easier just to have one large partition and any context just use that pool of resrouces. In this way, it will keep things simple..
Has anyone tried this before? Anything i should take note of if i do this?
Thanks
Eng Wee
12-02-2009 03:46 AM
e-chuah wrote:
Hi,
I have a questions on FWSM memory partition. I understand that there are 12 memory partitions and we can configure how many partitions we need.
If i set the number of partition to 6, then each partition will have more resources compared to if i set the number of partitions to 12.
Can i just set the number of partition to 1, then in this case, i have one big memory partition which all the contexts i created will use.
My client (running 3.X) has 6 partitions of equal size. One of the partition is running out of resource and the other partitions still have plenty of resources. I undertand that 4.x has some enhancement on resource allocation. I am just thinking if it might be easier just to have one large partition and any context just use that pool of resrouces. In this way, it will keep things simple..
Has anyone tried this before? Anything i should take note of if i do this?
Thanks
Eng Wee
Eng
You can do this but i wouldn't recommend it. The whole idea of using memory partitions is to protect virtual firewalls from each other. If you have one big partition with all contexts in and one context consumes all resources then all contexts suffer.
Jon
12-02-2009 06:49 AM
FWSM 4.x
Total Partitions ACLs
12 19219
11 20821
10 22714
9 24985
8 27761
7 31232
6 35693
5 41642
4 49971
3 62464
2 83285
1 124928
There is also acl optimization in 4.x.
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/product_bulletin_c25-478751.html
I agree with Jon. May be you can go to 3 partitions and point all the smaller contexts to one partition and give
the bigger context its own partition.
-KS
12-04-2009 03:01 AM
kusankar & Jon, Thanks for the reply. I managed to get hold of a FWSM and downloaded 4.x to test. With 1 partition, you get 124928 rules in total excluding the backup tree with 2 partitions, you get 166570 rules in total excluding the backup tree. with 12 partitions, you get 230628 rules in total excluding the backup tree This is because of the backup tree partition which is equivalent to the size of the biggest partition. So even with one partition, it doesn't mean you can have more context as the total number of rules are also reduced. Rgds Eng Wee
12-04-2009 05:56 AM
Looks like you would have to move this big context to a separate firewall. Have you looked at the ASA5580s?
http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide