GigaSMART Overload Bypass

Packet buffers, CPU, and concurrent connections are monitored for overloaded conditions. GigaSMART goes to bypass when resource usage exceeds thresholds. Existing connections will continue to be processed by GigaSMART, but any new connections will be bypassed. Refer to Overload Bypass Connections and Thresholds for information on connections and thresholds.

 

Table 1: Overload Bypass Connections and Thresholds

Criteria

GigaVUE‑HC1

GigaVUE‑HC2 (per module)

GigaVUE‑HC3 (per GigaSMART Engine)

Maximum connections per second

1500
2000 (SMT-HC0-X16 and SMT-HC0-R)
5000 (SMT-HC0-Q02X08 )
5000

Maximum connections

100000

100000 (SMT-HC0-X16 and SMT-HC0-R)
200000 (SMT-HC0-Q02X08 )

200000

Resource Packet Buffer

Overload threshold for packet buffer resources for GigaSMART operations.
Default is 80% (configurable)

Resource CPU

Rising threshold for GigaSMART CPU statistics.
Default is 90% (configurable)

Heap exhaust

80%

To configure the Packet Buffer and CPU threshold values, navigate to GigaSMART > GigaSMART Operations (GSOP) > Resource Buffer and configure the following:

  • Resource Packet Buffer Overload Threshold (%)
  • Resource CPU Overload Threshold (%)

CPU Overload Threshold

Due to sudden bursts of traffic, the GigaSMART CPU can become too busy and drop packets. However, when a system or application reaches a threshold, SSL sessions can be bypassed. When a maximum CPU is reached, incoming connections will be bypassed.

When the CPU overload threshold is set to a configured value, (for example, 90%), the lower threshold is set to two-third of the CPU overload threshold configured (in this example 60%). A mean threshold is calculated, which will be the average of the CPU overload threshold and the lower threshold (in this example 75%).

The following actions will be taken:

■   If the CPU hits the overload threshold, all new SSL connections will be bypassed.
■   If the CPU reduces to the mean threshold, half of the new SSL connections will be bypassed.
■   If the CPU reduces further to the lower threshold, all new SSL connections will be decrypted.

If you choose connectivity-over-security, the CPU overload threshold must be set to the lower threshold value.