Manual Chapter : BIG-IQ Sizing Recommendations

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.3.0, 8.2.0, 8.1.0
Manual Chapter

BIG-IQ Sizing Recommendations

BIG-IQ scaling guidelines

Each service on the devices managed by your BIG-IQ has scale limits that depend on your system setup, BIG-IQ version, and the scope of each BIG-IP service. These scaling limits were tested using a BIG-IQ system managing just two services: the tested service and LTM. If your BIG-IQ solution manages multiple services, the scale limits you can expect will likely be lower than the maximum numbers reported in this table.

Hardware Configuration

The following are the maximum recommended objects for a BIG-IQ system. These values were tested with the following BIG-IQ hardware configuration:
  • 16 cores/CPU
  • 64 GB of memory
  • SSD local disk
  • 100Gb disk space on
    /var
    partition

Software scale limits

Managed Service
Max number of devices discovered
Max number of overall objects per type per BIG-IQ
Max number of overall objects per type per single BIG-IP discovered
Type of objects
DNS/GTM
200
190,000
1,000
GSLB objects
ASM/WAF*
30
1,000
200
Policies
Access
100
50,000
600
Policy items
ADC/LTM
1500
430,000
50,000
Combination of virtual servers, pools, nodes, pool members, certificates, monitors and any AFM or DNS specific objects
AFM
1500
305,000
50,000
Combination of firewalls, firewall policies, rules, rule lists, address lists, ports, NAT objects
*Sizing varies depending on your software/hardware configuration. See
BIG-IQ Web Application Security scaling notes
for additional WAF/ASM sizing recommendations and details.

BIG-IQ Web Application Security scaling notes

Web Application Security (ASM/WAF) services in BIG-IQ have scale limits depending on your system's setup, BIG-IQ version, and the scope of your BIG-IP services. The following outlines additional configuration recommendations and corresponding hardware recommendations for managing Web Application Security objects on BIG-IQ. Please note, these recommendations were based upon a BIG-IQ setup running Web Application Security and Local Traffic Manager services.

Hardware configuration

Web Application Security object recommendations were tested with the following BIG-IQ hardware (CM) configuration:
  • 16 vCPUs
  • 8 CPU cores
  • 64 GB of memory
  • SSD local disk
  • 210 Gb disk space on
    /var
    partition*
*During an upgrade to with a max scale configuration, the
/var
may require more than the default 100Gb. Before the upgrade, calculate the disk space required using the BIG-IQ preUpgradeCheck tool.
/var
sizing is not in the default settings on BIG-IQ CM, and adding disk space might require additional configuration. For more information see
Resizing Disk Space on BIG-IQ Virtual Edition
in the
BIG-IQ: Sizing Guidelines
found on
support.f5.com
, or K14952.

Software scale limits

The following lists the object limits for a system running the recommended hardware configuration. If you are running a smaller Web Application Security deployment, you will be able to import a higher volume devices to BIG-IQ. For large setups, see the scale limits and
Additional Sizing Notes
below.
Managed Service
Max number of devices discovered
Max number of overall objects per type per BIG-IQ
Max number of overall objects per type per single BIG-IP discovered
Type of objects
ASM/WAF
30
1,000
200
Policies

Additional Sizing Notes

For full simultaneous deployments
Maximum number of devices for a full simultaneous deployment: 3
Maximum number of devices for partial simultaneous deployment: No limit
For large deployments (high volume devices and/or policies)
A configuration that includes more than 60 medium policies may require additional disk space. To allow for a larger import to BIG-IQ, apply the following PATCH to the preferences worker (prior to import):
restcurl -X PATCH -d '{value:256}' /cm/asm/preferences/diff-parts-limit-mb
For BIG-IP objects that exceed the numbers listed in the table and/or have less than the recommended memory on BIG-IQ CM, you can improve performance results setting to the parallelism of differences, during a deployment evaluation, to 1. You can do so by using the following REST command:
restcurl -X PATCH -d '{value:1}' /cm/asm/preferences/device-batch-size
To bulk discover/import the maximum number of devices (4 devices) use the following REST command:
restcurl -X PATCH -d '{value:4}' /cm/asm/preferences/discovery-batch-size