Virtual System Resource allocation

Reply
L2 Linker

Virtual System Resource allocation

Hi Team,

 

We would like to know how can we allocate the CPU resources for Virtual system (Vsys) on a Firewall.

 

Please share your thoughts !!

 

Awaiting for a response. Thanks in advance !!

 

Best Regards,

Sahul Hameed


Accepted Solutions
L6 Presenter

@SahulH  Firewall will have all the information of multiple vsys but it will not consider it while allocating resources like cpu and memory. Firewall will only consider the features that we just discussed related to limiting resources per vsys. Yes, when packets comes into firewall, it will use its default mechanism of cpu and memory allocation. So all vsys have access to all resources, so they will just grab what they can until resources are exhausted.

 

Hope this helps !

 

Mayur

Mayur S.

View solution in original post


All Replies
L6 Presenter

@SahulHHello, you can't define CPU resources to particuler Vsys.  CPU cycles are global to box. You can only define resources like session limit, security and NAT policies, tunnel limits and other (PFA image for seeing other) to particular vsys under resources.

 

Hope this helps !

 

Mayur

vsys.PNG

Mayur S.
L2 Linker

@SutareMayur Thanks Mayur,

 

Yes, I do agree on that, we can only able to specify limitation for the mentioned features. However, my concern is how the packet processing will be handled by the Firewall if we have deployed a Multi Vsys enabled. In order to get clarified more regarding how the resources are getting allocated for each and every ingress packets.

 

So for now my understanding here is, the firewall will use the default mechanism for CPU allocation for the packets received for processing. Am i right?

 

So if my understanding is correct. the firewall will not consider Vsys information for allocating the CPU and Memory resources for any ingress packets.

 

Please correct me if i am wrong !!

 

Best Regards,

Sahul Hameed

L6 Presenter

@SahulH  Firewall will have all the information of multiple vsys but it will not consider it while allocating resources like cpu and memory. Firewall will only consider the features that we just discussed related to limiting resources per vsys. Yes, when packets comes into firewall, it will use its default mechanism of cpu and memory allocation. So all vsys have access to all resources, so they will just grab what they can until resources are exhausted.

 

Hope this helps !

 

Mayur

Mayur S.

View solution in original post

L2 Linker

@SutareMayurThanks Mayur, For your explanation and also confirming my understanding is right !!.

 

Best Regards,

Sahul Hameed

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!