The appearance block Command
The PIX firewall affluence assertive amounts of anamnesis to handle appropriate traffic
after the agreement is loaded and active and afore any added memory
www.syngress.com
Troubleshooting and Performance Monitoring • Chapter 10 611
allocation occurs. Assertive amounts of anamnesis are allocated into capricious bytesized
blocks. Predefining such set-sized blocks relieves the firewall from accepting to
carve anamnesis on the fly.You can use the appearance blocks command to appearance the currently
set block sizes. For example:
PIX1# appearance blocks
SIZE MAX LOW CNT
4 1600 1563 1600
80 400 386 400
256 500 143 500
1550 1700 1102 1315
16384 8 8 8
We charge to analyze the achievement of this command starting with the SIZE
column, which is abstinent in bytes.The 4-byte blocks are aloof for certain
traffic types such as DNS, IKE,TFTP (traffic that is baby and bursty).The 80-
byte blocks are acclimated to abundance failover hellos and TCP ambush acknowledgements.
The 256-byte blocks abundance stateful failover messages.The 1550-byte blocks
support Ethernet (10 and 100) packets as they canyon through the firewall.The
16384-byte blocks will never be acclimated unless you accept Gigabit Ethernet interfaces,
something you will alone see on the high-end firewalls.
The MAX cavalcade identifies the best cardinal of anniversary blazon of memory
blocks available.The LOW cavalcade indicates the everyman cardinal of blocks that
have been accessible back the firewall booted. Stated mathematically, subtract
LOW from MAX to get the best cardinal of blocks that were acclimated at any
particular time.The CNT cavalcade shows the accessible cardinal of blocks. Use the
clear blocks command to displace the LOW and CNT counters.