Applies To:Show Versions
BIG-IQ Centralized Management
Use this table to estimate the number of DCDs necessary to collect and display FPS alert data from BIG-IP devices.
- If you are using an off-box logging solution to log FPS events, review a week’s worth of alert logs to identify the logging load you need to support. Take note of both the average and maximum alerts per second.
To determine the peak alerts/second rate to use in the table, first estimate the peak user load for the protected application over your highest period of production hours, and then plug that value into the following calculation:
<peak user load> users/(peak duration (h)*60m*60s)≈ number of logins/sec ≈ number of alerts/sec
For example, if you estimate that there are, at most, 1 million users logging in to access your FPS environment over a 4-hour timespan, the calculation results in a login rate of:
1,000,000 users/(4h*60m*60s) = ≈ 70 logins/sec ≈ 70 alerts/sec
Although each user login does not generate an alert, even single user logins or application transactions can generate multiple alerts depending on the protection policy’s configuration. For determining the number of DCDs needed to operate during peak conditions, 70 alerts per second is a reasonable assumption for this login rate.
|Alerts/Sec||Data Redundancy||Recommended DCD count|
- The sizing recommendations in this table assume that you provision your DCDs with 8 cores/CPUs and 32 GB of memory.
- When you choose an alert rate, consider both the average and peak loads that you anticipate. If your peak loads are frequent, consider provisioning additional data-collection nodes for the increased load. Also, when you determine your peak rates, plan for growth by considering the rate at which you expect your traffic load to increase.
- The outgoing data rate from your BIG-IP devices also depends on the FPS policy configuration, the number of simultaneous application users, and their expected transaction rate.
- The scale numbers provided assume the use of three forwarding rules (100% syslog forwarding, 10% SOC forwarding, 10% customer forwarding), and 17000 transform rules.