NSX Advanced Load Balancer publishes minimum and recommended resource requirements for new Service Engines. However, network and application traffic may vary. This section provides guidance on sizing.

The Service Engines can be configured with a minimum of 1 vCPU core and 1 GB RAM up to a maximum of 64 vCPU cores and 256 GB RAM. In write access mode, the Service Engine resources for newly created Service Engines can be configured within the Service Engine Group properties from the Controller.

CPU

CPU scales very linearly as more cores are added. CPU is a primary factor in SSL handshakes (TPS), throughput, compression, and WAF inspection. For NSX-T Clouds, the default is 1 vCPU cores, not reserved. However, vCPU reservation is highly recommended.

Memory

Memory scales near linearly. It is used for concurrent connections and HTTP caching. Doubling the memory will double the ability of the Service Engine to perform these tasks. For NSX-T Clouds, the default is 2 GB memory, reserved within the hypervisor for NSX-T Clouds.

Packets Per Second (PPS)

For throughput-related metrics, the hypervisor is likely going to be the bottleneck and provides limited PPS for a virtual machine such as Service Engine.

HTTP Requests Per Second (RPS)

HTTP RPS is dependent on the CPU or the PPS limits. It indicates the performance of the CPU and the limit of PPS that the Service Engine can push. On vSphere, the Service Engine can provide approximately 40k RPS per core running on Intel v3 servers. Maximum RPS on the Service Engine virtual machine running on ESXi will be approximately 160k.

Disk

The Service Engines may store logs locally before they are sent to the Controllers for indexing. Increasing the disk will increase the log retention on the Service Engine. SSDs are highly recommended, as they can write the log data faster. The recommended minimum size for storage is 10 GB, ((2 * RAM) + 5 GB) or 15 GB, whichever is greater. 15 GB is the default for Service Engines deployed in VMware clouds.

NSX Advanced Load Balancer Service Engine Performance Guidelines

The following table provides guidance to size an NSX Advanced Load Balancer Service Engine virtual machine with regards to performance:

vCenter Cloud

1 Core/ 2 GB RAM

2 Core/ 2 GB RAM

4 Core/ 4 GB RAM

6 Core/ 6 GB

SSL Transactions per sec (ECC)

2900

5800

8700

12000

SSL Transactions per sec (RSA)

950

1800

2600

4000

L7 Requests per sec

58000

80000

150000

185000

L4 Connections per sec (TCP)

42000

54000

100000

132000

L4 Open Connections*

40000

80000

160000

320000

L4 Throughput**

6 Gbps

6 Gbps

9.5 Gbps

13 Gbps

L7 Throughput

5 Gbps

5.6 Gbps

11 Gbps

12 Gbps

L7 SSL Throughput

2.6 Gbps

3.8 Gbps

7.2 Gbps

10 Gbps

SE CPU Cores

1

2

4

6

SE Memory

2 GB

2 GB

4 GB

6 GB

SE Disk

15 GB

20 GB

30 GB

40 GB
Note:

  1. Tested on Intel(R) Xeon(R) Gold 6148 CPU @ 2.40GHz, supermicro, 32 CPUs x 2.4 GHz, 256 GB memory with NSX Advanced Load Balancer 20.1.6.

  2. The Service Engines were deployed on VMware vCenter, using Avi’s VMware Cloud Connector and Write Access automation.

  3. Core = Service Engine VM Core (Service Cores)

  4. Throughput measurements are virtual service throughput, calculated by aggregating the client-facing traffic only. Total throughput on the Service Engine is approximately double.

  5. SSL Tests were performed with:

    1. EC (SECP2 56R1) and RSA (2048 Bits)

    2. Cipher used:

      1. EC — TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

      2. RSA — TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

    3. PFS enabled, TLS version 1.2

  6. The above data is per Service Engine VM. Avi’s L3-based Active-Active scaling capability allows customers to scale out based on application requirements on-demand.

  7. The performed tests are done with CPU limit set to ‘unlimited’ for Service Engine VM. This is the default setting for bringing up the Service Engine VM.

  8. *Open Connections capacity (also known as Concurrent Connections) can be increased by adding more memory to the Service Engine.

  9. **L4 Throughput on SEs with 4 core or more tested with 2 dispatcher cores.

  10. SE dispatcher/ proxy cores configuration:

    • 1 Core and 2 Core SE — Dedicated dispatcher set to False

    • 4 Core and 6 Core SE — Dedicated dispatcher set to True

    • 4 Core SE — 1 dispatcher core, 3 proxy cores

      • 2 Dispatcher and 2 proxy cores for L4-throughput tests

    • 6 Core SE— 2 Dispatcher cores, 4 proxy cores