Forum Discussion

alt's avatar
alt
Icon for Nimbostratus rankNimbostratus
May 14, 2021
Solved

sizing the F5 appliance

Dears,

I want to size an f5 appliance, the customer is publishing a application which are running without load balancers, I need to know the questionnaire that I need to ask to the customer. lets keep it simple for the LTM purpose only for time being.

 

I have some question in mind but customer is not that much IT educated to answer them how we can find those to size the appliance.

 

- Total expected throughput on F5 platform? how I can size this i hope based on number of transaction hit counts on application but how I will count these transaction any tool or from the server itself.

- No of application that need to published on f5 appliance

- Expected number of concurrent users on F5 (targeting all applications)

- Is SSL termination/offloading required on the F5 platform?

-Specify the certificate/key size (0.25 – 4k)

 

Thanks

  • I will quote from K15831: How the BIG-IP VE system enforces the licensed throughput rate

     

    "The BIG-IP VE product license determines the maximum allowed throughput rate. When calculating throughput, the BIG-IP VE system accounts for packets ingressing and egressing the system separately. Additionally, the licensed throughput rate for ingress and egress is enforced separately. For example, if you have a 200 Mbps license, ingress into the Traffic Management Microkernel (TMM) has a limit of 200 Mbps and egress from TMM also has a limit of 200 Mbps."

     

    However, I think the utilization of the NIC is not a quality indicator for sizing your BIG-IP appliance.

    Or it shouldn't be the only parameter for sizing, take into account also connections per second and SSL TPS. Furthermore throughput and connections per second are important metrics, but they are not the only things that should be considered when sizing BIG-IP. Memory and CPU are just as important if not more important than some of the datasheet numbers. Plan for growth too.

     

    The virtual editions datasheets will give you general performance numbers. You should refer to the datasheets as you make general sizing determinations. In most cases, these are the maximum capabilities at which either CPU or memory is completely consumed. This means determining CPU and memory requirements are extremely important in determining the appliance or virtual edition that is purchase for a solution. For, example, the amount of memory not only determines how many modules can run on a BIG-IP, but also how many concurrent connections can be maintained, as each current connection uses a finite amount of memory. CPU can be a limiting factor, HTTP compression consumers CPU, if not performed in hardware, SSL can consume CPU depending on the key size, cipher and whether the cipher is supported by hardware and for BIG-IP Virtual Editions this is always the case.

     

    And last recommendation from: K44935357: Sizing for BIG-IP platform

    "Contact your usual F5 reseller, F5 Sales, or one of F5's many Partners.

    Sizing is done by Sales."

7 Replies

  • alt's avatar
    alt
    Icon for Nimbostratus rankNimbostratus

    Dear Experts

    Is it my question is very strange or it is not clear in understanding,

     

    please guide how i can propose the f5 appliance to a customer who is just moving to the f5 load balancers

  • Hi alt,

     

    all of the questions are right, but they must be answered with the contribution of your customer.

    The number of connections, requests per second and concurrent users can be calculated from the existing servers (logs, performance data, maybe also a SIEM can show this data), also calculate for the expected increase of web traffic over n years.

    Either the customer knows the numbers, or you should help him gather this data.

    The number of applications should also be known to the customer. Take into account the customers strategy. Will they add web applications on-prem or migrate to the cloud?

    Is SSL termination/offloading required? Discuss the requirements and advantages/disadvantages of all three options with the customer (Offloading, Re-encryption, Pass-trough) and let them decide.

    The key size is again a customer decision. Maybe the have a CISO that has the requirements in written. Maybe the are subject to some state or industry regulation that requires 4096 RSA or 256 ECC. In that case I'd opt for 256 ECC. Explain that to your customer.

     

    In other words, that fact that the customer is not very savvy should not be an excuse for participating in the decision which platform they will buy. If you decide for them, there is a high risk that it is not what they envisioned and they'll be an unhappy customer of yours.

     

    KR

    Daniel

  • alt's avatar
    alt
    Icon for Nimbostratus rankNimbostratus

    Dear Daniel.

     

    thanks for the reply and I would really appreciate if you stay with me till i marked this post as a solved on your name. below are my thoughts please correct me where i m wrong or is there any expert advise u can give to size the appliance it will be much appreciated.

     

    1. so lets assume my server is installed with 1G interface and the current utilization on the NIC 500 Mbps, so I can installed a f5 VM with 5 Gbps throughput ??
    2. so lets assume if I have 2 application servers and each of the server is installed with 1 GB NIC and their nic is utilized by 500 Mbps so I should accumulate the total utilization of both the server i.e 1 Gbps utilization to size the f5 appliance so in this case i have to size it above 1 gbps and keep it buffer for more 1 gb,
    3. what about the internet bandwidth, please correct me if i m not wrong the internet bandwidth pipe on that site should be above 1 gbps if both the servers nic are been utilized by 1 gbps

     

    Thanks

    • I will quote from K15831: How the BIG-IP VE system enforces the licensed throughput rate

       

      "The BIG-IP VE product license determines the maximum allowed throughput rate. When calculating throughput, the BIG-IP VE system accounts for packets ingressing and egressing the system separately. Additionally, the licensed throughput rate for ingress and egress is enforced separately. For example, if you have a 200 Mbps license, ingress into the Traffic Management Microkernel (TMM) has a limit of 200 Mbps and egress from TMM also has a limit of 200 Mbps."

       

      However, I think the utilization of the NIC is not a quality indicator for sizing your BIG-IP appliance.

      Or it shouldn't be the only parameter for sizing, take into account also connections per second and SSL TPS. Furthermore throughput and connections per second are important metrics, but they are not the only things that should be considered when sizing BIG-IP. Memory and CPU are just as important if not more important than some of the datasheet numbers. Plan for growth too.

       

      The virtual editions datasheets will give you general performance numbers. You should refer to the datasheets as you make general sizing determinations. In most cases, these are the maximum capabilities at which either CPU or memory is completely consumed. This means determining CPU and memory requirements are extremely important in determining the appliance or virtual edition that is purchase for a solution. For, example, the amount of memory not only determines how many modules can run on a BIG-IP, but also how many concurrent connections can be maintained, as each current connection uses a finite amount of memory. CPU can be a limiting factor, HTTP compression consumers CPU, if not performed in hardware, SSL can consume CPU depending on the key size, cipher and whether the cipher is supported by hardware and for BIG-IP Virtual Editions this is always the case.

       

      And last recommendation from: K44935357: Sizing for BIG-IP platform

      "Contact your usual F5 reseller, F5 Sales, or one of F5's many Partners.

      Sizing is done by Sales."

  • alt's avatar
    alt
    Icon for Nimbostratus rankNimbostratus

    Dear Daniel,

    Thanks for the reply, I will check the current server connection per second and top of that CPU +MEM as u mentioned and definitely will approached and F5 engineer for sizing.

    However, I think the utilization of the NIC is not a quality indicator for sizing your BIG-IP appliance.
    Or it shouldn't be the only parameter for sizing, take into account also connections per second and SSL TPS. Furthermore throughput and connections per second are important metrics, but they are not the only things that should be considered when sizing BIG-IP. Memory and CPU are just as important if not more important than some of the datasheet numbers. Plan for growth too.

    what shld be in the internet bandwidth reservation calculation for these application keeping aside the other aspects of corporate users.

    Thanks

    • Sorry for the late reply. The internet bandwidth of your customer is not really important for sizing the appliance. Important is how much traffic should flow through the BIG-IP, probably not 100% of the internet bandwidth. And another question - will internal users also access the application trough the BIG-IP? If the answer is "yes" then this must also be taken into account.