FWSM Release 2.3: The ACL Partition Manager
Starting with release 2.3, the system administrator is given the possibility to modify the ACL memory space-carving scheme. Instead of the default 12-pool model plus two trees for downloadable ACLs, the administrator can choose to divide the space into only three large chunks, or eight, or only one, depending on the needs of a particular configuration. Suppose, for instance, that it has been determined that there are never going to be more than six contexts on this FWSM: the super-user can opt for a six-pool allocation scheme.
A new command line interface is introduced for this purpose. It is available only from the system context, for obvious reasons. Note that the module must be reloaded before a new allocation scheme takes effect. Up to 12 partitions can be created, and if you try to create more than 12, following message will be displayed:
FWSM(config)# resource acl-partition 144
ERROR: Incorrect number of partitions. Allowed range is 1 - 12
Usage: resource acl-partition
The following example shows allocating three partitions:
FWSM(config)# resource acl-partition 3
WARNING: This command leads to re-partitioning of ACL Memory.
It will not take affect until you save the configuration and reboot.
FWSM(config)# write memory
FWSM(config)# reload
When the system comes back online, the command in Example 4-36 displays the context-to-partition mapping. Note that even though three partitions were specified via the CLI, six partitions are actually created: three as required by the administrator, one backup, and two for downloadable ACLs. By default, a round-robin scheme is applied to map contexts to ACL partitions: