Forum Discussion
alt
Nimbostratus
Nimbostratussizing the F5 appliance
Dears, I want to size an f5 appliance, the customer is publishing a application which are running without load balancers, I need to know the questionnaire that I need to ask to the customer. lets ...
I will quote from K15831: How the BIG-IP VE system enforces the licensed throughput rate
"The BIG-IP VE product license determines the maximum allowed throughput rate. When calculating throughput, the BIG-IP VE system accounts for packets ingressing and egressing the system separately. Additionally, the licensed throughput rate for ingress and egress is enforced separately. For example, if you have a 200 Mbps license, ingress into the Traffic Management Microkernel (TMM) has a limit of 200 Mbps and egress from TMM also has a limit of 200 Mbps."
However, I think the utilization of the NIC is not a quality indicator for sizing your BIG-IP appliance.
Or it shouldn't be the only parameter for sizing, take into account also connections per second and SSL TPS. Furthermore throughput and connections per second are important metrics, but they are not the only things that should be considered when sizing BIG-IP. Memory and CPU are just as important if not more important than some of the datasheet numbers. Plan for growth too.
The virtual editions datasheets will give you general performance numbers. You should refer to the datasheets as you make general sizing determinations. In most cases, these are the maximum capabilities at which either CPU or memory is completely consumed. This means determining CPU and memory requirements are extremely important in determining the appliance or virtual edition that is purchase for a solution. For, example, the amount of memory not only determines how many modules can run on a BIG-IP, but also how many concurrent connections can be maintained, as each current connection uses a finite amount of memory. CPU can be a limiting factor, HTTP compression consumers CPU, if not performed in hardware, SSL can consume CPU depending on the key size, cipher and whether the cipher is supported by hardware and for BIG-IP Virtual Editions this is always the case.
And last recommendation from: K44935357: Sizing for BIG-IP platform
"Contact your usual F5 reseller, F5 Sales, or one of F5's many Partners.
Sizing is done by Sales."
Daniel_Wolf
MVP
MVPHi alt,
all of the questions are right, but they must be answered with the contribution of your customer.
The number of connections, requests per second and concurrent users can be calculated from the existing servers (logs, performance data, maybe also a SIEM can show this data), also calculate for the expected increase of web traffic over n years.
Either the customer knows the numbers, or you should help him gather this data.
The number of applications should also be known to the customer. Take into account the customers strategy. Will they add web applications on-prem or migrate to the cloud?
Is SSL termination/offloading required? Discuss the requirements and advantages/disadvantages of all three options with the customer (Offloading, Re-encryption, Pass-trough) and let them decide.
The key size is again a customer decision. Maybe the have a CISO that has the requirements in written. Maybe the are subject to some state or industry regulation that requires 4096 RSA or 256 ECC. In that case I'd opt for 256 ECC. Explain that to your customer.
In other words, that fact that the customer is not very savvy should not be an excuse for participating in the decision which platform they will buy. If you decide for them, there is a high risk that it is not what they envisioned and they'll be an unhappy customer of yours.
KR
Daniel