GigaSMART Overload Bypass
Packet buffers, CPU, and concurrent connections are monitored for overloaded conditions. GigaSMART goes to bypass when resource usage exceeds thresholds. Existing connections will continue to be processed by GigaSMART, but any new connections will be bypassed. Refer to Overload Bypass Connections and Thresholds for information on connections and thresholds.
|
Criteria |
GigaVUE‑HC1 |
GigaVUE‑HC2 (per module) |
GigaVUE‑HC3 (per GigaSMART Engine) |
||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Maximum connections per second |
|
|
|
||||||||||||
|
Maximum connections |
100000 |
|
200000 |
||||||||||||
|
Resource Packet Buffer |
Overload threshold for packet buffer resources for GigaSMART operations. |
||||||||||||||
|
Resource CPU |
Rising threshold for GigaSMART CPU statistics. |
||||||||||||||
|
Heap exhaust |
80% |
||||||||||||||
To configure the Packet Buffer and CPU threshold values, navigate to GigaSMART > GigaSMART Operations (GSOP) > Resource Buffer and configure the following:
- Resource Packet Buffer Overload Threshold (%)
- Resource CPU Overload Threshold (%)
CPU Overload Threshold
Due to sudden bursts of traffic, the GigaSMART CPU can become too busy and drop packets. However, when a system or application reaches a threshold, SSL sessions can be bypassed. When a maximum CPU is reached, incoming connections will be bypassed.
When the CPU overload threshold is set to a configured value, (for example, 90%), the lower threshold is set to two-third of the CPU overload threshold configured (in this example 60%). A mean threshold is calculated, which will be the average of the CPU overload threshold and the lower threshold (in this example 75%).
The following actions will be taken:
| If the CPU hits the overload threshold, all new SSL connections will be bypassed. |
| If the CPU reduces to the mean threshold, half of the new SSL connections will be bypassed. |
| If the CPU reduces further to the lower threshold, all new SSL connections will be decrypted. |
If you choose connectivity-over-security, the CPU overload threshold must be set to the lower threshold value.
