Virtual System Resource allocation

Reply
Highlighted
L2 Linker

Virtual System Resource allocation

Hi Team,

 

We would like to know how can we allocate the CPU resources for Virtual system (Vsys) on a Firewall.

 

Please share your thoughts !!

 

Awaiting for a response. Thanks in advance !!

 

Best Regards,

Sahul Hameed


Accepted Solutions
Highlighted
L5 Sessionator

Re: Virtual System Resource allocation

@SahulH  Firewall will have all the information of multiple vsys but it will not consider it while allocating resources like cpu and memory. Firewall will only consider the features that we just discussed related to limiting resources per vsys. Yes, when packets comes into firewall, it will use its default mechanism of cpu and memory allocation. So all vsys have access to all resources, so they will just grab what they can until resources are exhausted.

 

Hope this helps !

 

Mayur



Mayur Sutare

View solution in original post


All Replies
Highlighted
L5 Sessionator

Re: Virtual System Resource allocation

@SahulHHello, you can't define CPU resources to particuler Vsys.  CPU cycles are global to box. You can only define resources like session limit, security and NAT policies, tunnel limits and other (PFA image for seeing other) to particular vsys under resources.

 

Hope this helps !

 

Mayur

vsys.PNG



Mayur Sutare
Highlighted
L2 Linker

Re: Virtual System Resource allocation

@SutareMayur Thanks Mayur,

 

Yes, I do agree on that, we can only able to specify limitation for the mentioned features. However, my concern is how the packet processing will be handled by the Firewall if we have deployed a Multi Vsys enabled. In order to get clarified more regarding how the resources are getting allocated for each and every ingress packets.

 

So for now my understanding here is, the firewall will use the default mechanism for CPU allocation for the packets received for processing. Am i right?

 

So if my understanding is correct. the firewall will not consider Vsys information for allocating the CPU and Memory resources for any ingress packets.

 

Please correct me if i am wrong !!

 

Best Regards,

Sahul Hameed

Highlighted
L5 Sessionator

Re: Virtual System Resource allocation

@SahulH  Firewall will have all the information of multiple vsys but it will not consider it while allocating resources like cpu and memory. Firewall will only consider the features that we just discussed related to limiting resources per vsys. Yes, when packets comes into firewall, it will use its default mechanism of cpu and memory allocation. So all vsys have access to all resources, so they will just grab what they can until resources are exhausted.

 

Hope this helps !

 

Mayur



Mayur Sutare

View solution in original post

Highlighted
L2 Linker

Re: Virtual System Resource allocation

@SutareMayurThanks Mayur, For your explanation and also confirming my understanding is right !!.

 

Best Regards,

Sahul Hameed

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!