< Home

Configuring a Resource Class

This section describes how to configure a resource class. You are advised to configure resource classes before creating any virtual system.

Context

All virtual systems created on a FW share the resources available on the FW. To ensure the availability of system resources for all virtual systems and prevent a virtual system from overusing system resources, restrict the amount of system resources available for each virtual system.

To do so, add a resource class, configure the system resources available for the resource class, and bind the resource class to the virtual system.

A resource class can be bound to multiple virtual system. If multiple virtual systems require the same type and amount of system resources, configure a single resource class and bound the resource class to each of these virtual systems.

Procedure

  1. Check resource usage.

    display resource global-resource [ resource-item { bandwidth | online-user | policy | traffic-policy | security-group | session | ipsec-tunnel | l2tp-tunnel | ipv6 session | session-rate | ipv6 session-rate | ssl-vpn-concurrent | user | user-group } ]

    Check the available resources as the public system administrator before allocating resources for virtual systems.

    Ensure that the guaranteed amount of a specified resource allocated to a virtual system must not exceed the amount of available resources.

  2. In the system view, create a resource class and access the resource class view.

    resource-class resource-class-name

  3. Configure the guaranteed and maximum amount of resources available for a virtual system.

    • Guaranteed value: Minimum amount of a specified resource item available for a virtual system. Once the amount of system resources are allocated to a virtual system, they are exclusively used by the virtual system.

    • Maximum value: Maximum allowed amount of a specified resource item available for a virtual system. Whether the resources used by a virtual system can reach the maximum amount is determined by the resources used by other virtual systems.

    Configure the guaranteed and maximum number of IPv4 sessions available for a virtual system.

    resource-item-limit session reserved-number ipv4-session-reserved-number [ maximum { ipv4-session-maximum-number | equal-to-reserved | unlimited } ]

    Configure the guaranteed and maximum number of IPv6 sessions available for a virtual system.

    resource-item-limit ipv6 session reserved-number ipv6-session-reserved-number [ maximum { ipv6-session-maximum-number | equal-to-reserved | unlimited } ]

    Configure the reserved number of new IPv4 sessions available for a virtual system.

    resource-item-limit session-rate ipv4-session-rate-reserved-number

    Configure the reserved number of new IPv6 sessions available for a virtual system.

    resource-item-limit ipv6 session-rate ipv6-session-rate-reserved-number

    Configure the guaranteed quota of policies.

    resource-item-limit policy reserved-number policy-reserved-number

    NOTE:

    Available policies are security policies, NAT policies, bandwidth policies, authentication policies, audit policies, and routing policies.

    Set the maximum number of traffic policies.

    resource-item-limit traffic-policy maximum traffic-policy-maximum-number

    NOTE:
    • If the guaranteed number of policies has been configured, the maximum number of traffic policies cannot exceed this guaranteed value.
    • Traffic policy quantity resources can be preempted between virtual systems. If the number of traffic policies for the device has reached the upper limit, the virtual system can no longer have new traffic policies added, even if the maximum number of traffic policies for the virtual system is configured.

    Configure the guaranteed and maximum number of IPSec tunnels available for a virtual system.

    resource-item-limit ipsec-tunnel reserved-number ipsec-tunnel-reserved-number [ maximum { ipsec-tunnel-maximum-number | equal-to-reserved | unlimited } ]

    Configure the guaranteed and maximum number of L2TP tunnels available for a virtual system.

    resource-item-limit l2tp-tunnel reserved-number l2tp-tunnel-reserved-number

    Configure the guaranteed and maximum number of online users on a virtual system.

    resource-item-limit online-user { reserved-number online-user-reserved-number | maximum online-user-maximum-number } *

    NOTE:

    All models except USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.

    Configure the SSL VPN concurrent users.

    resource-item-limit ssl-vpn-concurrent reserved-number ssl-vpn-concurrent-reserved-number

    Configure the guaranteed quota of users.

    resource-item-limit user reserved-number user-reserved-number

    Configure the guaranteed quota of user groups.

    resource-item-limit user-group reserved-number user-group-reserved-number

    Configure the guaranteed quota of security groups.

    resource-item-limit security-group reserved-number security-group-reserved-number

    Configure the guaranteed bandwidth.

    resource-item-limit bandwidth bandwidth-maximum-number { entire | inbound | outbound }

  4. Optional: Enable the alarm function for the IPv4 and IPv6 session resource usage of the virtual system in the resource class.

    resource-item-limit { session | ipv6 session } usage alarm enable

    After a resource class is bound, the session resource usage alarm function of the virtual system is enabled by default.

  5. Optional: Set the alarm threshold for the IPv4 and IPv6 session resource usage of the virtual system in the resource class.

    resource-item-limit { session | ipv6 session } usage alarm threshold trigger-threshold recovery-threshold

    The default values of trigger-threshold and recovery-threshold are 80% and 75% respectively.

    Assume that the session resource usage alarm function is enabled for the resource class bound to the virtual system, the alarm triggering threshold and alarm clearing threshold are set to the default values, and the maximum number of sessions is configured in the resource class. The virtual system calculates the usage of session resources based on the configured maximum number of sessions:
    • When the session resource usage of the virtual system reaches 80% of the configured maximum number of sessions, an alarm is generated.
    • When the session resource usage of the virtual system falls below 75% of the configured maximum number of sessions, the alarm is cleared.

Parent Topic: Deploying a Virtual System Using the CLI
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >