BIG-IP Next Central Manager Sizing Guidelines

Overview

This document details the supported scale limits for F5® BIG-IP® Next™ Central Manager (BIG-IP Next Central Manager) and its high availability setup with three nodes for the 20.3.0 release, considering both standard and large images across various configurations and usage dimensions. Due to the extensive range of services supported by Central Manager and the diverse customer configurations, F5 cannot test all possible combinations. The information provided here offers guidance on maximum numbers and averages that customers can anticipate in their environment. These figures should serve as a starting point for customers to conduct their own sizing exercises and tailor them to their specific configuration and workload. It’s important to note that in addition to Central Manager product performance, scale limits are influenced by factors beyond F5 control, such as host CPU speed, memory, networking, storage performance, infrastructure being dedicated or shared, virtualization software, and more. As a result, the scale limits experienced in a customer environment may vary significantly. Also, work with your F5 representative before enabling and using any system in a production environment.

BIG-IP Next Central Manager Image options

BIG-IP Next Central Manager is available in two image options: Standard and Large.

BIG-IP Next Central Manager Latency requirement

The network latency between the BIG-IP Next Central Manager High Availability (HA) nodes should not exceed 200 milliseconds.

Standalone Setup

Device Version
BIG-IP Next Central Manager BIG-IP-Next-CentralManager-20.3.0-0.16.18
BIG-IP Next BIG-IP-Next-20.3.0-0.16.18

High Availability (HA) Setup

Device Version
BIG-IP Next Central Manager BIG-IP-Next-CentralManager-20.3.0-0.16.18
BIG-IP Next BIG-IP-Next-20.3.0-0.16.18

Scale Test on BIG-IP Next Central Manager and BIG-IP Next versions: Standard Image

The following section details the supported scale limits for BIG-IP Next Central Manager with the standard image for the BIG-IP-Next-CentralManager-20.3.0 release across various configurations and usage scenarios.

BIG-IP Next Central Manager and BIG-IP Next Hardware configuration

BIG-IP Next Central Manager and BIG-IP Next comes with the following hardware configuration for standard image:

Component vCPUs RAM Disk space Image
BIG-IP Next Central Manager 8 16 GB 350 GB Standard
BIG-IP Next 4 8 GB 80 GB Standard

Scale guidance configuration for Standard image BIG-IP Next Central Manager specific objects

Modules Metrics Max number of devices discovered in CM Standalone (1 node) Max number of devices discovered in CM High Availability (3 nodes)
No. of Instances 100 100
No. of Concurrent Sessions1 4 4
LTM LTM apps2 10000 15000
No. of Pools 20000 30000
No. of Pool Members / End Points 20000 30000
No. of iRules supported 10000 15000
No. of Certificates 10000 15000
Max LTM apps (max per instance) 1000 1000
WAF WAF apps2 1000 1000
No. of WAF Policies - non-rating 500 500
No. of WAF Policies - rating 500 500
No. of WAF Policies - non-rating (max per instance) 500 500
No. of WAF Policies - rating (max per instance) 500 500
WAF Events peak throughput 1150 events/seconds 900 events/second
WAF Logs 7 million 7 million
Access Access apps2 1000 1000
Max access sessions (per instance) 800 1000
SSLO SSLO apps2 1000 1000
Layer3 inspection services (per instance) 10 10
SSLO service chains with inspection 2+ services assigned (per instance) 10 10
SSLO policies with 30+ rules and 10 service chains (per instance) 20 20
Max SSLO apps (per instance) 1000 1000
Retention WAF Analytics3 24 days 24 days
WAF Events4 15 hrs 15 hrs
Server error Analytics5 20 min 20 min
Rate of data injection (average)6 500 events/sec per instance 383 events/sec per instance

Table Notes:

  1. Number of Concurrent Sessions: The user is simultaneously deploying apps, invoking APIs for app listings, WAF policy listings, and other use cases.

  2. The applications (LTM, WAF, Access, SSLO) are evenly distributed across all BIG-IP Next instances discovered by BIG-IP Next Central Manager.

  3. WAF Analytics: The retention of the WAF Analytics index is based on the deployed applications and is estimated accordingly.

  4. WAF Events: The retention of the WAF-events index is determined by the events generated per second during the traffic tests.

  5. Server Error Analytics: According to the retention policy, the server-error-analytics index roll over every 10 minutes with two index shards. It is designed to retain 20 minutes of data.

  6. Rate of data injection: The data injection rate refers to the number of events generated by applications deployed on an instance per unit of time.

Scale Testing on BIG-IP Next Central Manager and BIG-IP Next: Large Image

The following section outlines the supported scale limits for BIG-IP Next Central Manager with the large image for the BIG-IP-Next-CentralManager-20.3.0 release across various configurations and usage scenarios.

BIG-IP Next Central Manager and BIG-IP-Next Hardware configuration:

BIG-IP Next Central Manager and BIG-IP Next comes with the following hardware configuration for large image:

Component vCPUs RAM Disk space Image
BIG-IP Next Central Manager 16 64 GB 1 TB Large
BIG-IP Next 8 16 GB 180 GB Large

Scale guidance configuration for Large image BIG-IP Next Central Manager specific objects

Modules Metrics Max number of devices discovered in CM Standalone (1 node) Max number of devices discovered in CM High Availability (3 nodes)
No. of Instances 100 100
No. of Concurrent Sessions1 6 6
LTM LTM apps2 25000 37500
No. of Pools 50000 75000
No. of Pool Members / End Points 50000 75000
No. of iRules supported 25000 37500
No. of Certificates 25000 37500
Max LTM apps (max per instance) 1000 1000
WAF WAF apps2 2500 2500
No. of WAF Policies - non-rating 1250 1250
No. of WAF Policies - rating 1250 1250
No. of WAF Policies - non-rating (max per instance) 500 500
No. of WAF Policies - rating (max per instance) 500 500
WAF Events peak throughput 2875 events/seconds 2250 events/second
WAF Logs 30 million 30 million
Access Access apps2 2500 2500
Max access sessions (per instance) 800 800
SSLO SSLO apps2 2500 2500
Layer3 inspection services (per instance) 10 10
SSLO service chains with inspection 2+ services assigned (per instance) 10 10
SSLO policies with 30+ rules and 10 service chains (per instance) 20 20
Max SSLO apps (per instance) 1000 1000
Retention WAF Analytics3 90 days 90 days
WAF Events4 90 hrs 90 hrs
Server error Analytics5 20 min 20 min
Rate of data injection (average)6 1250 events/sec per instance 1000 events/sec per instance

Table Notes:

  1. Number of Concurrent Sessions: The user is simultaneously deploying apps, invoking APIs for app listings, WAF policy listings, and other use cases.

  2. The applications (LTM, WAF, Access, SSLO) are evenly distributed across all BIG-IP Next instances discovered by BIG-IP Next Central Manager.

  3. WAF Analytics: The retention of the WAF Analytics index is based on the deployed applications and is estimated accordingly.

  4. WAF Events: The retention of the WAF-events index is determined by the events generated per second during the traffic tests.

  5. Server Error Analytics: According to the retention policy, the server-error-analytics index roll over every 10 minutes with two index shards. It is designed to retain 20 minutes of data.

  6. Rate of data injection: The data injection rate refers to the number of events generated by applications deployed on an instance per unit of time.

The table below describes the types of metrics/events stored in the indices.

Index Type of Metrics/Events
WAF events All WAF traffic events
Server Error Analytics Endpoint responses
WAF Analytics WAF events aggregations (blocked, legal, alarmed, dropped etc.).