Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Question regarding ACL memory footprint and stateful connections

    TNSR
    2
    3
    106
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gabacho4 Rebel Alliance last edited by

      Good afternoon,

      Quick question. TNSR documentation, as well as information provided in response to one of my earlier forum postings, indicates that TNSR is capable of handling thousands of ACLs, while maintaining the ability to achieve blazing fast routing/connection speeds. Is someone able to tell me what the memory footprint of ACLs is and how many concurrent connections are supported by stateful ACLs (reflect)?

      Thanks!

      1 Reply Last reply Reply Quote 1
      • E
        eeraltan last edited by

        Good Afternoon,

        The maximum number of ACLs is limited by the memory allocated within TNSR.
        Here is a way for you to monitor your current usage of ACLs and the memory footprint:

        From the Linux shell, you can check the output of:

        [tnsr ~]$ sudo vppctl show acl-plugin memory
        
        ACL plugin main heap statistics:
         total: 1.06G, used: 66.36K, free: 1.06G, trimmable: 1.06G
            free chunks 2 free fastbin blks 0
            max total allocated 1.06G
        
        ACL hash lookup support heap statistics:
         total: 64.06M, used: 5.70K, free: 64.06M, trimmable: 64.06M
            free chunks 6 free fastbin blks 0
            max total allocated 64.06M
        

        This output gives you the total memory allocated for ACLs (1.06G in this particular example which is using default values). Also, there are 64MB of memory allocated for the ACL hash lookup support.

        In order to check the number of current sessions, you can check the output of:

        [tnsr ~]$ sudo vppctl show acl-plugin session | head -n 3
        Sessions total: add 218922 - del 218609 = 313
        Sessions active: add 218922 - deact 218609 = 313
        Sessions being purged: deact 218609 - del 218609 = 0
        

        In this example, we have 313 active sessions, using 66.36KB of data from the 1.06GB allocated.

        Emre

        1 Reply Last reply Reply Quote 2
        • G
          gabacho4 Rebel Alliance last edited by gabacho4

          Thanks for the response! I ran the prescribed commands and got very similar numbers. In layman's terms, it looks like the answer to my questions is "an insane number" for both. ☺

          I'm not employing my TNSR instance in a large enterprise or corporate network. Would be very curious to see memory and session numbers for someone who is and who has a robust number of ACLs. Thanks again for the response!

          1 Reply Last reply Reply Quote 1
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy