Command Reference vA5(1.0) and earlier, Cisco ACE Application Control Engine
Resource Configuration Mode Commands
Downloads: This chapterpdf (PDF - 57.0KB) The complete bookPDF (PDF - 28.65MB) | Feedback

Resource Configuration Mode Commands

Table Of Contents

Resource Configuration Mode Commands

(config-resource) limit-resource


Resource Configuration Mode Commands

Resource configuration mode commands allow you to limit the usage of resources by one or more contexts. To create a resource class and access resource configuration mode, enter the resource-class command. The CLI prompt changes to (config-resource). For information about the commands in resource configuration mode, see the commands in this section. Use the no form of this command to delete a resource class.

resource-class name

no resource-class name

Syntax Description

name

Name assigned to the new resource class. Enter an unquoted text string with no spaces and a maximum of 64 alphanumeric characters. You can also use the resource class called default.


Command Modes

Configuration mode

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.


ACE Appliance Release
Modification

A1(7)

This command was introduced.


Usage Guidelines

The commands in this mode require the Admin user role. For details about role-based access control (RBAC) and user roles, see the Virtualization Guide, Cisco ACE Application Control Engine.

After you create and configure the class, use the (config-context) member command in context configuration mode to assign a context to the class.

Examples

To create a resource-class called RC1 and enter resource configuration mode, enter:

host1/C1(config)# resource-class RC1
host1/C1(config-resource)
 
   

To remove the RC1 resource class from the configuration, enter:

host1/C1(config)# no resource-class RC1

Related Commands

(config-context) member

(config-resource) limit-resource

To limit system resources for all members of a resource class, use the limit-resource command. Use the no form of this command to restore the default resource settings for all resources or individual resources for all members (contexts) of a resource class.

limit-resource {acl-memory | all | buffer syslog | conc-connections | http-comp | mgmt-connections | proxy-connections | rate {bandwidth | connections | inspect-conn | mac-miss | mgmt-traffic | ssl-connections | syslog} | regexp | sticky | xlates} {minimum number} {maximum {equal-to-min | unlimited}}

no limit-resource {acl-memory | all | buffer {syslog} | conc-connections | http-comp | mgmt-connections | proxy-connections | rate {bandwidth | connections | inspect-conn | mac-miss | mgmt-traffic | ssl-connections | syslog | to-cp-ipcp} | regexp | sticky | xlates}

Syntax Description

acl-memory

Limits memory allocated for ACLs.

all

Limits all resources to the specified value for all contexts assigned to this resource class.

buffer syslog

Limits the amount of buffering for syslog messages.

conc-connections

Limits the number of simultaneous connections.

http-comp

Limits the HTTP compression rate.

mgmt-connections

Limits the number of management connections.

proxy-connections

Limits the number of proxy connections.

rate

Limits the resource as a number per second for the following:

bandwidth—Limits context throughput in bytes per second.

connections—Limits the number of connections of any kind per second.

inspect conn—Limits the number of application protocol inspection connections per second for Domain Name System (DNS), File Transfer Protocol (FTP), HTTP Deep Packet, Internet Control Message Protocol (ICMP), Internet Locator Service (ILS), Real-Time Streaming Protocol (RTSP)Skinny Client Control Protocol (SCCP), and Session Initiation Protocol (SIP).

mac-miss—Limits the ACE traffic sent to the control plane when the encapsulation is not correct in packets per second.

mgmt-traffic—Limits the management traffic in bytes per second.

ssl-connections—Limits the number of SSL connections per second.

syslog—Limits the number of syslog messages per second.

to-cp-ipcp—(ACE module only) Limits the IPCP traffic from the DP to the CP in packets per second. This keyword prevents the overwhelming of the CP under high syslog rate conditions (for example, level 7 messages).

regexp

Limits the amount of regular expression memory.

sticky

Limits the number of entries in the sticky table. You must configure a minimum value for sticky to allocate resources for sticky entries, because the sticky software receives no resources under the unlimited setting.

xlates

Limits the number of network and port address translations entries.

minimum number

Specifies the lowest acceptable value. Enter an integer from 0.00 to 100.00 percent (two-decimal places of granularity). The number argument specifies a percentage value for all contexts that are members of the class. When used with the rate keyword, the number argument specifies a value per second.

maximum {equal-to-min | unlimited}

Specifies the maximum resource value: either the same as the minimum value or no limit.


Command Modes

Resource configuration mode

Admin context only

Command History

ACE Module Release
Modification

3.0(0)A1(2)

This command was introduced.

A4(1.0)

This command was modified to add the http-comp keyword for compression. Also, added the rate to-cp-ipcp keyword.


ACE Appliance Release
Modification

A1(7)

This command was introduced.

A4(1.0)

Added the rate to-cp-ipcp keyword.


Usage Guidelines

You can limit all resources or individual resources for all members (contexts) of a resource class. For example, you can limit only concurrent connections, probes, or sticky table entries.

For details about the system resource maximum values when you use the limit-resource command, see the Virtualization Guide, Cisco ACE Application Control Engine

If you lower the limits for one context (context A) to increase the limits of another context (context B), you may experience a delay in the configuration change because the ACE will not lower the limits of context A until the resources are no longer being used by the context.

The limit that you set for individual resources when you use the limit-resource command overrides the limit that you set for all resources when you use the limit-resource all command.

When you enter the no limit-resource all command, all ACE contexts associated with the resource class are left without resources that are not separately configured with a minimum limit in the resource class. The CLI displays the following message:

Warning: The context(s) associated with this resource-class
will be denied of all the resources that are not explicitly
configured with minimum limit in this resource-class

Examples

To allocate 20 percent of all resources (minimum and maximum) to all member contexts of the resource class, enter:

(config-resource)# limit-resource all minimum 20 maximum equal-to-min
 
   

To restore resource allocation to the default of 0 percent minimum and 100 percent maximum for all resources to all member contexts, enter:

(config-resource)# no limit-resource all

Related Commands

This command has no related commands.