resource-item-limit

Function

The resource-item-limit command sets the guaranteed number and maximum number of resource items.

The undo resource-item-limit command deletes the guaranteed number and maximum number of resource items.

Format

resource-item-limit bandwidth bandwidth-reserved-number { entire | inbound | outbound }

resource-item-limit online-user { reserved-number online-user-reserved-number | maximum online-user-maximum-number } ^*

resource-item-limit policy reserved-number policy-reserved-number

resource-item-limit traffic-policy maximum traffic-policy-maximum-number

resource-item-limit session reserved-number ipv4-session-reserved-number [ maximum { ipv4-session-maximum-number | equal-to-reserved | unlimited } ]

resource-item-limit ipv6 session reserved-number ipv6-session-reserved-number [ maximum { ipv6-session-maximum-number | equal-to-reserved | unlimited } ]

resource-item-limit session-rate ipv4-session-rate-reserved-number

resource-item-limit ipv6 session-rate ipv6-session-rate-reserved-number

resource-item-limit ssl-vpn-concurrent reserved-number ssl-vpn-concurrent-reserved-number

resource-item-limit l2tp-tunnel reserved-number l2tp-tunnel-reserved-number

resource-item-limit ipsec-tunnel reserved-number ipsec-tunnel-reserved-number [ maximum { ipsec-tunnel-maximum-number | equal-to-reserved | unlimited } ]

resource-item-limit user reserved-number user-reserved-number

resource-item-limit user-group reserved-number user-group-reserved-number

resource-item-limit security-group reserved-number security-group-reserved-number

undo resource-item-limit { bandwidth { entire | inbound | outbound } | online-user | policy | traffic-policy | session | ipv6 session | session-rate | ipv6 session-rate | ssl-vpn-concurrent | l2tp-tunnel | ipsec-tunnel | user | user-group | security-group }

Parameters

Parameter	Description	Value
bandwidth bandwidth-reserved-number	Specifies the reserved bandwidth for a virtual system.	It is an integer, in Mbit/s. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
entire	Indicates limitation on the entire traffic of the virtual system.	-
inbound	Indicates limitation on the incoming traffic of the virtual system.	-
outbound	Indicates limitation on the outgoing traffic of the virtual system.	-
online-user reserved-number online-user-reserved-number	Specifies the reserved number of online users available for a virtual system.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources. NOTE: All models except USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.
maximum online-user-maximum-number	Specifies the maximum number of online users available for a virtual system.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources. NOTE: All models except USG6635E/6655E, USG6680E and USG6712E/6716E support this parameter.
policy reserved-number policy-reserved-number	Specifies the reserved number of policies, including security, NAT, bandwidth, authentication, audit, and routing policies.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
traffic-policy maximum traffic-policy-maximum-number	Specifies the maximum number of traffic policies. NOTE: If the guaranteed number of policies has been configured, the maximum number of traffic policies cannot exceed this guaranteed value. Traffic policy quantity resources can be preempted between virtual systems. If the number of traffic policies for the device has reached the upper limit, the virtual system can no longer have new traffic policies added, even if the maximum number of traffic policies for the virtual system is configured.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
session reserved-number ipv4-session-reserved-number	Specifies the reserved number of IPv4 sessions available for a virtual system.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
maximum ipv4-session-maximum-number	Specifies the maximum number of IPv4 sessions available for a virtual system.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
ipv6 session reserved-number ipv6-session-reserved-number	Specifies the reserved number of IPv6 sessions available for a virtual system.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
maximum ipv6-session-maximum-number	Specifies the maximum number of IPv6 sessions available for a virtual system.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
equal-to-reserved	Sets the maximum number to be the same as the guaranteed number.	-
unlimited	Specifies no limitation over the count.	-
session-rate ipv4-session-rate-reserved-number	Specifies the reserved number of new IPv4 sessions a virtual system can create in one second.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
ipv6 session-rate ipv6-session-rate-reserved-number	Specifies the reserved number of new IPv6 sessions a virtual system can create in one second.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
ssl-vpn-concurrent	Specifies the number of SSL VPN concurrent users available for a virtual system.	The number of concurrent SSL VPN users is controlled by a license. The value range is subject to the license that you purchase. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
l2tp-tunnel reserved-number l2tp-tunnel-reserved-number	The reversed number of L2TP Tunnel.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
ipsec-tunnel reserved-number ipsec-tunnel-reserved-number	The reversed number of IPSec Tunnel.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
maximum ipsec-tunnel-maximum-number	The maximum number of IPSec Tunnel.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
user reserved-number user-reserved-number	Specifies the reversed number of users available for a virtual system.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
user-group reserved-number user-group-reserved-number	Specifies the reversed number of user groups available for a virtual system.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.
security-group reserved-number security-group-reserved-number	Specifies the reversed number of security groups available for a virtual system.	It is an integer. The value range varies with the device model. Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.

Views

Resource class view

Default Level

2: Configuration level

Usage Guidelines

Application Scenarios

When multiple virtual systems exist on the FW, if one virtual system uses too many resource, other virtual systems cannot obtain resources, and the services cannot run properly. For example, a virtual system has many P2P services that consume too many bandwidth and connection resources, affecting the services of other virtual systems. In this case, you can configure resource classes, and bind virtual systems to the resource classes to restrict the use of resources. In this manner, each virtual system can run properly.

Prerequisites

Before resource allocation, you can run the display resource global-resource command to view the number of retained resources on the device (Remained-Number). The guaranteed number of resource items specified by the resource-item-limit command must be smaller than the number of retained resources on the device. Otherwise, the binding of a resource class to a virtual system may fail due to insufficient system resources.

Configuration Impact

If the guaranteed and maximum number of resource items is not specified, no limit on the resource item is available.

The maximum value of a resource item is not limited if it is not specified.

Follow-up Procedure

Run the assign resource-class command to bind a resource class to a virtual system.

When the bandwidth of a virtual system is limited based on the inbound and outbound bandwidths of the resource class, the traffic statistics of the virtual system is based on the public interface. Therefore, you must run the set public-interface command to specify the public interface of the virtual system.

After the resource class is bound to the virtual system, you can run the display resource resource-usage command to display the resource usage of the virtual system. If the used number of a resource item approaches or reaches the maximum value, you must promptly adjust the maximum number of the resource item to a larger value to avoid service exceptions due to insufficient number of resources. If the used number of a resource item falls far below the guaranteed value, you can adjust the guaranteed number of the resource item to a smaller value to release these resources to by used by other virtual systems.

Example

# Set the guaranteed number of sessions to 100 and the maximum number to 10,000.

<sysname> system-view
[sysname] resource-class class1
[sysname-resource-class-class1] resource-item-limit session reserved-number 100 maximum 10000