Since R80.10 virtual systems are 64 bit, how is the memory allocation per VS instance works in it and could the amount of RAM for VS's be configured either globally or per VS?
As I recall, you cannot directly control how much memory a VS uses.
What you CAN do is control the number of concurrent connections supported, and this can be done per VS.
Each connection requires a specific amount of memory depending on the blades used and the like.
Prior to R80.10 the VS's were limited to 4GB as they were 32 bit. It was possible then to have a rough idea of how many VS's we can run on appliance.
If newer version perform dynamic memory allocation per instance, how are we supposed to size the appliances?
The relevant appliance datasheet tells you how many VSes an appliance supports (both with "default" and "max" memory installed).
However, I assume those numbers are based on optimistic assumptions (15k connections per VS, firewall only).
Each established connection takes anywhere from 2k to 23k per entry, depending on blade mix in use.
Thank you for clarification although, admittedly, I would like to get more clarity on this subject.
Kaspars Zibarts, can you chime in on this subject?
Completely understand as the public documentation on this is not concrete--I'll see if I can get someone to elaborate
Meanwhile, I can say that a 4GB VS (assuming old 32bit limit) would support roughly 500k of connections, depending on blade mix.
There is a little more overhead for 64bit, but that's probably a good place to start spitballing.
Hmm... in your previous reply you've mentioned 15K per VS with Firewall only. In the last one it is 500K in 32 bit. Am I missing something?
Like I said before, the amount of memory a VS takes depends entirely on:
Obviously there is some other overhead for each VS plus the base OS.
The default setting when you create a VS is 15k connections, which will take far less memory than when you configure it to support, say, 500k.
I know from past experience that a 32bit firewall with 4GB of RAM without VSX can support several hundred thousand connections, again depending on blades configured.
Obviously, if your VS is only configured to supports 15k connections, it will take far less RAM than 4GB.
Again, I'll see if I can get more specific information.
I didn't realize that the 500K was referring to non-VSX for rough comparison. It makes more sense to me now.
I guess it's fairly well covered by now Can just add real life example on fairly simple firewall setup with only FW, VPN and IA blades it uses ~3GB for 300k connections which equates to ~10kB per connection.
Retrieving data ...