Virtual System Resource allocation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Virtual System Resource allocation

L3 Networker

Hi Team,

 

We would like to know how can we allocate the CPU resources for Virtual system (Vsys) on a Firewall.

 

Please share your thoughts !!

 

Awaiting for a response. Thanks in advance !!

 

Best Regards,

Sahul Hameed

1 accepted solution

Accepted Solutions

@SahulH  Firewall will have all the information of multiple vsys but it will not consider it while allocating resources like cpu and memory. Firewall will only consider the features that we just discussed related to limiting resources per vsys. Yes, when packets comes into firewall, it will use its default mechanism of cpu and memory allocation. So all vsys have access to all resources, so they will just grab what they can until resources are exhausted.

 

Hope this helps !

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

View solution in original post

4 REPLIES 4

L6 Presenter

@SahulHHello, you can't define CPU resources to particuler Vsys.  CPU cycles are global to box. You can only define resources like session limit, security and NAT policies, tunnel limits and other (PFA image for seeing other) to particular vsys under resources.

 

Hope this helps !

 

Mayur

vsys.PNG

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

@SutareMayur Thanks Mayur,

 

Yes, I do agree on that, we can only able to specify limitation for the mentioned features. However, my concern is how the packet processing will be handled by the Firewall if we have deployed a Multi Vsys enabled. In order to get clarified more regarding how the resources are getting allocated for each and every ingress packets.

 

So for now my understanding here is, the firewall will use the default mechanism for CPU allocation for the packets received for processing. Am i right?

 

So if my understanding is correct. the firewall will not consider Vsys information for allocating the CPU and Memory resources for any ingress packets.

 

Please correct me if i am wrong !!

 

Best Regards,

Sahul Hameed

@SahulH  Firewall will have all the information of multiple vsys but it will not consider it while allocating resources like cpu and memory. Firewall will only consider the features that we just discussed related to limiting resources per vsys. Yes, when packets comes into firewall, it will use its default mechanism of cpu and memory allocation. So all vsys have access to all resources, so they will just grab what they can until resources are exhausted.

 

Hope this helps !

 

Mayur

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks

@SutareMayurThanks Mayur, For your explanation and also confirming my understanding is right !!.

 

Best Regards,

Sahul Hameed

  • 1 accepted solution
  • 6351 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!