Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Supported Platforms

Resource Limits Imposed on Applications

Junos applications have four levels of policies to ensure that applications have the minimal impact on the native Junos operating system and system operations. These policies impose limits on the system resources the application uses. Each succeeding policy level overrides the previous level’s settings, provided the constraints are within the previous level’s settings.

Level I policy is the default global policy generated by Juniper Networks. Level II is a per-provider level policy that enables different resource limits per provider. A Level III policy is implemented in the policy file that providers write for each application package. The Level IV policy is set by you, the administrative user using the resource-limits statement at the [edit system extensions] hierarchy level.

Note: This documentation is not application-specific documentation. Features documented in this guide are generic to all applications. Refer to the application-specific documentation developed by your applications’ provider for detailed instructions.

Restricting Resource Limits

The Level IV policy is set by the administrative user using the resource-limits statement at the [edit system extensions] hierarchy level.

The limits imposed by a Level IV policy can be configured either by package or by individual processes in the package. Limits defined for individual processes override the limits defined for an entire package. Any limits not set as Level IV limits inherit the limits from Level III if they exist or from Level II.

The following hierarchy shows all the statements for setting resource limits:

[edit system extensions]
resource-limits {package package-name {resources {cpu {priority number;time seconds;}file {core-size bytes;open number;size bytes;}memory {data-size bytes;locked-in bytes;resident-set-size bytes;socket-buffers bytes;stack-size bytes;}}}process process-ui-name {resources {cpu {priority number;time seconds;}file {core-size bytes;open number;size bytes;}memory {data-size bytes;locked-in bytes;resident-set-size bytes;socket-buffers bytes;stack-size bytes;}}}}

If an application exceeds any of the imposed limits, the router logs it. For example, if a process tries to exceed its stack size, the process is terminated and the system generates a core file.

Level IV policies can be more restrictive than previous policy levels, but they cannot ease the limits set by the other levels. If you try to commit a resource limit that is higher (less stringent) than the inherited value, the commit operation fails with the following error message: 

[edit system extensions resource-limits]
  'process jnx-example-service'
    Limit validation failed for program 'jnx-example-service', resource 'file' limit 'open': raising limits defined in role 'Provider_Daemon' is not allowed.
commit complete

[edit system extensions resource-limits]

Level IV policies can be applied either during runtime of the application or before the application gets started. However, if the application was already running when a new limit is applied, the application must be restarted manually in order to allow for the new limits to take effect.

If you delete a resource configuration, the setting goes back to the limits from the assigned role in the manifest file (Level II or Level III).

Displaying Resource Limits

To display the applied policies, use the show system processes resource-limits process-name process-ui-name operational command. The following example configuration, when committed, applies resource limits for an application package jnx-example and overrides it with process-level settings for the process jnx-example-service: 

[edit system extensions]
user@router# show
resource-limits {
    package jnx-example {
        resources {
            memory {
                stack-size 4m;
            }
        }
    }
    process jnx-example-service {
        resources {
            file {
                size 4m;
            }
        }
    }
}

Using the show system processes resource-limits process-name command, the output for jnx-example-foo-binary, part of package jnx-example, looks like the following output because the package-level settings are applied on it:

user@router> show system processes resource-limits process-name jnx-example-foo-binary
Resource Limits:
  Area                       Max. allowed     Max. configurable
  memory/stack-size                   4MB                   8MB
  memory/data-size                   32MB                  32MB
  memory/resident-set-size           24MB                  24MB
  memory/locked-in                   16MB                  16MB
  cpu/priority                         10                    10
  file/open                            64                    64

The output for jnx-example-service looks like this:

user@router> show system processes resource-limits process-name jnx-example-service
Resource Limits:
  Area                       Max. allowed     Max. configurable
  file/size                           4MB             unlimited
  file/open                            64                    64
  cpu/priority                         10                    10
  memory/stack-size                   8MB                   8MB
  memory/data-size                   32MB                  32MB
  memory/resident-set-size           24MB                  24MB
  memory/locked-in                   16MB                  16MB

For more detail on the show system processes resource-limits process-name process-ui-name operational command, see its command summary.

Published: 2013-03-06

Supported Platforms

Published: 2013-03-06

Previous Page Next Page