Cisco Cisco MGX Service Resource Module Enhanced [SRM-E] 백서
Technical Overview
© 2011 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 3
Relevant Metrics
Different traffic patterns and configurations can stress different portions of the system, and require
different resources in the NPUs within the module. For this reason, there is no single metric or CPU
utilization that can indicate the overall load on the system, but there are critical metrics that can be
monitored to see if the current traffic pattern is approaching some bottlenecks.
The following sections describe the main metrics characterizing the load of the system and show
how to check the relevant counters.
●
Concurrent Connections – The number of simultaneous connections a device can support is
a function of available memory. If the number of concurrent connections reaches the
supported limit, no new connections can be established until existing connections are freed.
●
Interconnects and Bandwidth – The bandwidth a device supports is based on the devices
interconnection links into the network and the amount of time it takes to process application
traffic. Exceeding the bandwidth can lead to packet loss at the interlinks or within the device
itself.
●
Connections per second (CPS) – Measures the number of new client connections to an
application within a second. A connection setup can be a simple TCP three-way handshake
with an immediate TCP reset, or more involved, such as SSL where TCP is setup, SSL is
terminated, and a HTTP Request is processed before properly closing the SSL session and
TCP connection. Although supported CPS typically vary between application types,
exceeding the limit will result in new connection attempts being rejected
●
Resource usage
1. Co n c u rre n t Co n n e c tio n s (CC)
The Cisco ACE Module has allocated data plane memory to guarantee concurrent connection
support for basic Layer 4 connections (such as TCP, UDP, IPSec), Layer 7 connections (proxied
flows, typically for application aware load balancing or inspection, and SSL connection when using
SSL acceleration. The Cisco ACE Module can support the maximum bi-directional concurrent
connection limit regardless of the features enabled.
Table 1.
Concurrent connection support
Co n n e c tio n Typ e
Cis c o ACE Mo d u le Lim it
Layer 4
◦
4 Million
Layer 7
◦
512 Thousand
The state for both directions (client-to-VIP/ACE and server-to-ACE) of a TCP connection is
maintained via distinct connection objects. The following is an example of the current connection
table.
ACE/Admin# show conn
total current connections : 6
conn-id np dir proto vlan source destination
state
----------+--+---+-----+----+---------------------+---------------------+-
-----+
6 1 in TCP 110 10.82.217.52:1566 172.25.91.20:23
ESTAB
7 1 out TCP 110 172.25.91.20:23 10.82.217.52:1566
ESTAB
total current connections : 6
conn-id np dir proto vlan source destination
state
----------+--+---+-----+----+---------------------+---------------------+-
-----+
6 1 in TCP 110 10.82.217.52:1566 172.25.91.20:23
ESTAB
7 1 out TCP 110 172.25.91.20:23 10.82.217.52:1566
ESTAB