Manual Chapter : Flexible Resource Allocation

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0

BIG-IP LTM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0

BIG-IP AFM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0

BIG-IP DNS

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0

BIG-IP ASM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0
Manual Chapter

Flexible Resource Allocation

Understanding guest resource requirements

Before you create vCMP® guests and allocate system resources to them, you need to determine the specific CPU and memory needs of each guest. You can then decide how many cores to allocate to a guest, factoring in the resource capacity of your appliance model.
To determine the CPU and memory resource needs, you must know:
  • The number of guests you need to create
  • The specific BIG-IP® modules you need to provision within each guest
  • The combined memory requirement of all BIG-IP modules within each guest

Resource allocation planning

When you create a vCMP® guest, you must decide on the amount of dedicated CPU and memory that you want the vCMP host to allocate to the guest.

Prerequisite hardware considerations

Appliance models vary in terms of how many cores the model provides and how much memory each core contains. Also variable is the maximum number of guests that each model supports.
Before you can determine the number of cores to allocate to a guest, you should understand:
  • The total number of cores that the model provides
  • The amount of memory that the model provides
  • The maximum number of guests that the model supports
By understanding these metrics, you ensure that the total amount of resource you allocate to guests is aligned with the amount of resource that your appliance model supports.
For specific information on the resources that each appliance model provides, see the vCMP® guest memory/CPU core allocation matrix on the AskF5 Knowledge Base at
http://support.f5.com
.

About core allocation

As host administrator you need to decide the number of cores that you want to assign a vCMP guest. Each
core
represents a fixed amount of CPU and memory resource, which varies by hardware platform.
This illustration shows an example of core allocation for three guests.
Three guests with varying amounts of core allocation
vcmp guests with varying core allocation

About single-core guests

On platforms with hard drives, the vCMP® host always allocates cores for a guest in increments of two cores. In the case of platforms with solid-state drives, however, the host can allocate a single core to a guest, but only for a guest that requires a maximum of one core; for guests that require more than one core, the host does not allocate an odd number of cores (such as three, five, or seven cores).
The illustration shows a possible guest configuration on an appliance with a solid-state drive, where one of the guests has a single core only allocated to it.
A vCMP configuration with a single-core guest
vcmp single-core guest
Because the amount of CPU and memory in a single-core guest is limited, F5 Networks highly recommends that you provision only the BIG-IP® Local Traffic Manager (LTM) module within a single-core guest, and no other modules.

Network throughput for guests

To manage network throughput for a vCMP® guest, you should understand the throughput capacity of your appliance model, as well as the throughput limit you want to apply to each guest:
Throughput capacity
Each appliance model has a total throughput capacity, which defines the combined upper limit on throughput for guests.
Throughput limits per guest
Throughput requirements for a guest are typically lower than the throughput capacity of the appliance on which the guest runs. Consequently, you can define a specific network throughput limit for each guest. When vCMP is provisioned on the system, you define a guest's throughput limit by logging in to the vCMP host and creating a rate shaping object known as a
Single Rate Three Color Marker (srTCM) Policer
. You then assign the policer to one or more guests when you create or modify the guests. It is important that the srTCM values that you assign to a guest do not exceed the combined throughput capacity of the appliance model.

Guest states and resource allocation

As a vCMP® host administrator, you can control when the system allocates or de-allocates system resources to a guest. You can do this at any time, by setting a guest to one of three states: Configured, Provisioned, or Deployed. These states affect resource allocation in these ways:
Configured
This is the initial (and default) state for newly-created guests. In this state, the guest is not running, and no resources are allocated to the guest. If you change a guest from another state to the Configured state, the vCMP host does not delete any virtual disks that were previously attached to that guest; instead, the guest's virtual disks persist on the system. The host does, however, automatically de-allocate other resources such as CPU and memory. When the guest is in the Configured state, you cannot configure the BIG-IP® modules that are licensed to run within the guest; instead, you must set the guest to the Deployed state to provision and configure the BIG-IP modules within the guest.
Provisioned
When you change a guest from Configured to Provisioned, the vCMP host allocates system resources to the guest (CPU, memory, and any unallocated virtual disks). If the guest is new, the host creates new virtual disks for the guest and installs the selected ISO image on them. A guest does not run while in the Provisioned state. When you change a guest from Deployed to Provisioned, the host shuts down the guest but retains its current resource allocation.
Deployed
When you change a guest to the Deployed state, the guest administrator can then provision and configure the BIG-IP modules within the guest. If you are a host administrator and you reconfigure the properties of a guest after its initial deployment, the host immediately propagates those changes to all of the guests and also propagates the list of allowed VLANs.

About SSL resource allocation for appliance platforms

When Virtual Clustered Multiprocessing (vCMP) is provisioned on an F5 appliance that offers software-based SSL resources only, the BIG-IP system allocates an equal share of the SSL resource to each guest.
By contrast, certain F5 platforms contain hardware-based SSL resources. These platforms can contain these SSL processor types:
An SSL Acceleration processor
Platforms with an SSL acceleration processor allocate SSL resources according to an SSL mode that you configure for each guest when you create it. The available modes are:
Dedicated
,
Shared
, and
None
. As a vCMP host administrator, you configure the
SSL Mode
setting for a guest when the guest needs hardware SSL resources for application traffic that is not FIPS-related.
A FIPS hardware security module
Platforms containing an HSM provide FIPS multi-tenancy. That is, you can create individual FIPS partitions, one per guest. This means that for guests that need to process FIPS-related application traffic, you can dedicate SSL resources to as many of those guests as you need to, where each guest gets the specific amount of SSL resource it needs.
If a single guest must process both non-FIPS and FIPS application traffic, you can configure the guest to use SSL resources from both an SSL acceleration processor and an HSM.
For more information on the
SSL Mode
and
FIPS Partitions
settings for a guest, see the section titled
vCMP host administrator tasks
that describes how to create a vCMP guest.