Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Question regarding ACL memory footprint and stateful connections

    Scheduled Pinned Locked Moved TNSR
    3 Posts 2 Posters 505 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gabacho4 Rebel Alliance
      last edited by

      Good afternoon,

      Quick question. TNSR documentation, as well as information provided in response to one of my earlier forum postings, indicates that TNSR is capable of handling thousands of ACLs, while maintaining the ability to achieve blazing fast routing/connection speeds. Is someone able to tell me what the memory footprint of ACLs is and how many concurrent connections are supported by stateful ACLs (reflect)?

      Thanks!

      1 Reply Last reply Reply Quote 1
      • E
        eeraltan
        last edited by

        Good Afternoon,

        The maximum number of ACLs is limited by the memory allocated within TNSR.
        Here is a way for you to monitor your current usage of ACLs and the memory footprint:

        From the Linux shell, you can check the output of:

        [tnsr ~]$ sudo vppctl show acl-plugin memory

ACL plugin main heap statistics:
 total: 1.06G, used: 66.36K, free: 1.06G, trimmable: 1.06G
    free chunks 2 free fastbin blks 0
    max total allocated 1.06G

ACL hash lookup support heap statistics:
 total: 64.06M, used: 5.70K, free: 64.06M, trimmable: 64.06M
    free chunks 6 free fastbin blks 0
    max total allocated 64.06M

        This output gives you the total memory allocated for ACLs (1.06G in this particular example which is using default values). Also, there are 64MB of memory allocated for the ACL hash lookup support.

        In order to check the number of current sessions, you can check the output of:

        [tnsr ~]$ sudo vppctl show acl-plugin session | head -n 3
Sessions total: add 218922 - del 218609 = 313
Sessions active: add 218922 - deact 218609 = 313
Sessions being purged: deact 218609 - del 218609 = 0

        In this example, we have 313 active sessions, using 66.36KB of data from the 1.06GB allocated.

        Emre

        1 Reply Last reply Reply Quote 2
        • G
          gabacho4 Rebel Alliance
          last edited by gabacho4

          Thanks for the response! I ran the prescribed commands and got very similar numbers. In layman's terms, it looks like the answer to my questions is "an insane number" for both. ☺

          I'm not employing my TNSR instance in a large enterprise or corporate network. Would be very curious to see memory and session numbers for someone who is and who has a robust number of ACLs. Thanks again for the response!

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.