Configuring Object Cache, Policy Database, and Forwarding Database
To tune SDK application performance, use the object-cache-size, forwarding-db-size, and policy-db-size statements at the [edit chassis fpc slot-number pic pic-number adaptive-services service-package extension-provider] hierarchy level:
Both the forwarding database (FDB) and the policy database (PDB) are carved out of object cache (PDB + FDB <= object cache).
The policy-db-size statement defines the size of policies that providers expect to be present in their system. It is configured in megabytes. The size should be less than that set for the object-cache-size statement.
The FDB provides access to the route information.
 | Note: You need to include the sampling statement at the [edit forwarding-options hierarchy level for the FDB to be created. For information on configuring this statement, see Configuring Traffic Sampling for JUNOS SDK Applications. |
For the object cache, specify a value that is a multiple of 128 megabytes (MB) and up to 512 MB for the Multiservices 100 PIC or up to 1280 MB for the Multiservices 400 PIC. However, if you include the wired-process-mem-size statement to set wired process memory as well, the maximum value for the object cache on the Multiservices 100 PIC is 128 MB and 768 MB on the Multiservices 400 PIC. For more information about wired process memory, see Configuring Wired Process Memory
| Note: When the extension-provider statement is first configured, the PIC will reboot. Changing the object cache size, the policy database size, or the FDB size on a running system causes the PIC to reboot. |
For the policy database, the current recommendations when configuring Multiservices PICs are:
- Do not exceed a policy database size of 64 MB.
- Stay with one rule per term.
- Keep the object cache size high (1280 MB on Multiservices 400 PICs and DPCs and 512 MB on Multiservices 100 PICs).
- Do not configure anything for forwarding database.
- Keep the number of service sets per Multiservices PIC below 1000. (For more on service sets, see Configuring Service Sets for JUNOS SDK Applications.)
When configuring the stateful firewall internal plug-in, some questions remain regarding the upper limit to specify for the policy-db-size, object-cache-size, and forwarding-db-size statements when the application will use a large number of rules, causing the total memory required to approach the size of the object cache configured. The following limits, which are specific to the stateful firewall configuration, await additional review:
- Maximum number of terms (with one rule per term) per service set: 1200
- Maximum number of service sets per Multiservices PIC: 4000 (M Series and T Series routers), 6000 (MX Series and M120 routers)
- Maximum object cache size: 1280 MB (Multiservices 400 PICs and DPCs), 512 MB (Multiservices 100 PICs)
- Maximum policy database size: Still to be determined.
If the policy database is set too small, an error message will be logged in the router message file even though the commit may appear to be successful. You need to check the logs and not find any message file errors there to be sure that the stateful firewall commit was indeed successful. The remedial action is to increase the size of the policy database.
