Manual Chapter :
BIG-IQ Sizing Recommendations
Applies To:
Show Versions
BIG-IQ Centralized Management
- 8.3.0, 8.2.0, 8.1.0
BIG-IQ Sizing Recommendations
BIG-IQ scaling guidelines
Each service on the devices managed by your BIG-IQ has scale limits that depend on your system setup, BIG-IQ version, and the scope of each BIG-IP service. These scaling limits were tested using a BIG-IQ system managing just two services: the tested service and LTM. If your BIG-IQ solution manages multiple services, the scale limits you can expect will likely be lower than the maximum numbers reported in this table.
Hardware Configuration
The following are the maximum recommended objects for a BIG-IQ system. These values were tested with the following BIG-IQ hardware configuration:
- 16 cores/CPU
- 64 GB of memory
- SSD local disk
- 100Gb disk space on/varpartition
Software scale limits
Managed Service | Max number of devices discovered | Max number of overall objects per type per BIG-IQ | Max number of overall objects per type per single BIG-IP discovered | Type of objects |
|---|---|---|---|---|
DNS/GTM | 200 | 190,000 | 1,000 | GSLB objects |
ASM/WAF* | 30 | 1,000 | 200 | Policies |
Access | 100 | 50,000 | 600 | Policy items |
ADC/LTM | 1500 | 430,000 | 50,000 | Combination of virtual servers, pools, nodes, pool members, certificates, monitors and any AFM or DNS specific objects |
AFM | 1500 | 305,000 | 50,000 | Combination of firewalls, firewall policies, rules, rule lists, address lists, ports, NAT objects |
*Sizing varies depending on your software/hardware configuration. See
BIG-IQ Web Application Security scaling notes
for additional WAF/ASM sizing recommendations and details.BIG-IQ Web Application Security scaling notes
Web Application Security (ASM/WAF) services in BIG-IQ have scale limits depending on your system's setup, BIG-IQ version, and the scope of your BIG-IP services. The following outlines additional configuration recommendations and corresponding hardware recommendations for managing Web Application Security objects on BIG-IQ. Please note, these recommendations were based upon a BIG-IQ setup running Web Application Security and Local Traffic Manager services.
Hardware configuration
Web Application Security object recommendations were tested with the following BIG-IQ hardware (CM) configuration:
- 16 vCPUs
- 8 CPU cores
- 64 GB of memory
- SSD local disk
- 210 Gb disk space on/varpartition*
/var
may require more than the default 100Gb. Before the upgrade, calculate the disk space required using the BIG-IQ preUpgradeCheck tool. /var
sizing is not in the default settings on BIG-IQ CM, and adding disk space might require additional configuration. For more information see Resizing Disk Space on BIG-IQ Virtual Edition
in the BIG-IQ: Sizing Guidelines
found on support.f5.com
, or K14952.Software scale limits
The following lists the object limits for a system running the recommended hardware configuration. If you are running a smaller Web Application Security deployment, you will be able to import a higher volume devices to BIG-IQ. For large setups, see the scale limits and
Additional Sizing Notes
below.
Managed Service | Max number of devices discovered | Max number of overall objects per type per BIG-IQ | Max number of overall objects per type per single BIG-IP discovered | Type of objects |
|---|---|---|---|---|
ASM/WAF | 30 | 1,000 | 200 | Policies |
Additional Sizing Notes
- For full simultaneous deployments
- Maximum number of devices for a full simultaneous deployment: 3
- Maximum number of devices for partial simultaneous deployment: No limit
- For large deployments (high volume devices and/or policies)
- A configuration that includes more than 60 medium policies may require additional disk space. To allow for a larger import to BIG-IQ, apply the following PATCH to the preferences worker (prior to import):restcurl -X PATCH -d '{value:256}' /cm/asm/preferences/diff-parts-limit-mb
- For BIG-IP objects that exceed the numbers listed in the table and/or have less than the recommended memory on BIG-IQ CM, you can improve performance results setting to the parallelism of differences, during a deployment evaluation, to 1. You can do so by using the following REST command:restcurl -X PATCH -d '{value:1}' /cm/asm/preferences/device-batch-size
- To bulk discover/import the maximum number of devices (4 devices) use the following REST command:restcurl -X PATCH -d '{value:4}' /cm/asm/preferences/discovery-batch-size
