cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Vladimir
Pearl

Default and maximum memory per VS in VSX R80.10

Since R80.10 virtual systems are 64 bit, how is the memory allocation per VS instance works in it and could the amount of RAM for VS's be configured either globally or per VS?

Tags (1)
0 Kudos
12 Replies
Admin
Admin

Re: Default and maximum memory per VS in VSX R80.10

As I recall, you cannot directly control how much memory a VS uses.

What you CAN do is control the number of concurrent connections supported, and this can be done per VS.

Each connection requires a specific amount of memory depending on the blades used and the like.

Vladimir
Pearl

Re: Default and maximum memory per VS in VSX R80.10

Dameon,

Prior to R80.10 the VS's were limited to 4GB as they were 32 bit. It was possible then to have a rough idea of how many VS's we can run on appliance.

If newer version perform dynamic memory allocation per instance, how are we supposed to size the appliances? 

0 Kudos
Admin
Admin

Re: Default and maximum memory per VS in VSX R80.10

The relevant appliance datasheet tells you how many VSes an appliance supports (both with "default" and "max" memory installed).

However, I assume those numbers are based on optimistic assumptions (15k connections per VS, firewall only). 

Each established connection takes anywhere from 2k to 23k per entry, depending on blade mix in use.

0 Kudos
Vladimir
Pearl

Re: Default and maximum memory per VS in VSX R80.10

Dameon,

Thank you for clarification although, admittedly, I would like to get more clarity on this subject.

https://community.checkpoint.com/people/kaspa0460ae43-b630-4a72-b063-0a8888fa3bb5‌, can you chime in on this subject?

Regards,

Vladimir

0 Kudos
Admin
Admin

Re: Default and maximum memory per VS in VSX R80.10

Completely understand as the public documentation on this is not concrete--I'll see if I can get someone to elaborate Smiley Happy

Meanwhile, I can say that a 4GB VS (assuming old 32bit limit) would support roughly 500k of connections, depending on blade mix.

There is a little more overhead for 64bit, but that's probably a good place to start spitballing. 

Vladimir
Pearl

Re: Default and maximum memory per VS in VSX R80.10

Hmm... in your previous reply you've mentioned 15K per VS with Firewall only. In the last one it is 500K in 32 bit. Am I missing something?

0 Kudos
Admin
Admin

Re: Default and maximum memory per VS in VSX R80.10

Like I said before, the amount of memory a VS takes depends entirely on:

  • The blades configured for that VS
  • The number of connections that VS is configured to support

Obviously there is some other overhead for each VS plus the base OS.

The default setting when you create a VS is 15k connections, which will take far less memory than when you configure it to support, say, 500k.

I know from past experience that a 32bit firewall with 4GB of RAM without VSX can support several hundred thousand connections, again depending on blades configured. 

Obviously, if your VS is only configured to supports 15k connections, it will take far less RAM than 4GB.

Again, I'll see if I can get more specific information.

Vladimir
Pearl

Re: Default and maximum memory per VS in VSX R80.10

Thanks!

I didn't realize that the 500K was referring to non-VSX for rough comparison. It makes more sense to me now. 

0 Kudos

Re: Default and maximum memory per VS in VSX R80.10

I guess it's fairly well covered by now Smiley Happy Can just add real life example on fairly simple firewall setup with only FW, VPN and IA blades it uses ~3GB for 300k connections which equates to ~10kB per connection.

Re: Default and maximum memory per VS in VSX R80.10

Clearly what would be a good idea is to actually update the sizing tool on the Checkpoint site to account for how many VS, what blades and roughly how many concurrent connections would be required.

We have a pair of 15600's, currently with 32GB RAM, additionally have 4 blades turned on.  We have about 5 VSs running on there.  OS is R80.20 and was running JHA47 (now JHA87)

Total peak connections 130K

We ran into, what I believe where memory issue so we failed over a heaviest VS over to the standby node which resolved our issue.

We have a few more VSs to add which require around 410K in total.

We have order additional memory to take the units to 64GB, however a sizing tools may have helped avoid this issue.

0 Kudos

Re: Default and maximum memory per VS in VSX R80.10

Keep in mind that even when the VS is not even handling any traffic, in R80.20 plain it already uses up 750MB per VS. When you add Jumbo 80 or higher another 100MB per VS is added.
You can see the memory used per VS within cpview, advanced, VSX, VSs, statistics (you will get the question if you want to enable statistics. type a and y to do so)
After about a minute you will see memory usage per VS and vSwitch.
Regards, Maarten
0 Kudos

Re: Default and maximum memory per VS in VSX R80.10

Great will give that a go!

0 Kudos