Question regarding ACL memory footprint and stateful connections
Quick question. TNSR documentation, as well as information provided in response to one of my earlier forum postings, indicates that TNSR is capable of handling thousands of ACLs, while maintaining the ability to achieve blazing fast routing/connection speeds. Is someone able to tell me what the memory footprint of ACLs is and how many concurrent connections are supported by stateful ACLs (reflect)?
The maximum number of ACLs is limited by the memory allocated within TNSR.
Here is a way for you to monitor your current usage of ACLs and the memory footprint:
From the Linux shell, you can check the output of:
[tnsr ~]$ sudo vppctl show acl-plugin memory ACL plugin main heap statistics: total: 1.06G, used: 66.36K, free: 1.06G, trimmable: 1.06G free chunks 2 free fastbin blks 0 max total allocated 1.06G ACL hash lookup support heap statistics: total: 64.06M, used: 5.70K, free: 64.06M, trimmable: 64.06M free chunks 6 free fastbin blks 0 max total allocated 64.06M
This output gives you the total memory allocated for ACLs (1.06G in this particular example which is using default values). Also, there are 64MB of memory allocated for the ACL hash lookup support.
In order to check the number of current sessions, you can check the output of:
[tnsr ~]$ sudo vppctl show acl-plugin session | head -n 3 Sessions total: add 218922 - del 218609 = 313 Sessions active: add 218922 - deact 218609 = 313 Sessions being purged: deact 218609 - del 218609 = 0
In this example, we have 313 active sessions, using 66.36KB of data from the 1.06GB allocated.
Thanks for the response! I ran the prescribed commands and got very similar numbers. In layman's terms, it looks like the answer to my questions is "an insane number" for both.
I'm not employing my TNSR instance in a large enterprise or corporate network. Would be very curious to see memory and session numbers for someone who is and who has a robust number of ACLs. Thanks again for the response!