Virtualization The Future

Friday, 2 May 2014

Services available at vApp Networks and Org VDC Networks? (Info taken from VMware Documentation)

Org VDC Edge Services

Edge Gateways

An Edge Gateway provides a routed connection between an organization vDC network and an external network. It can provide any of the following services, defined in the GatewayFeatures element of the Edge Gateway's Configuration.

FirewallService	Specifies firewall rules that, when matched, block or allow incoming or outgoing network traffic.
GatewayDhcpService	Provides DHCP services to virtual machines on the network. A variant of this service, DhcpService, is intended to provide DHCP services in vApp networks.
GatewayIpsecVpnService	Defines one or more virtual private networks that connect an Edge Gateway to another network in or outside of the cloud.
LoadBalancerService	Distributes incoming requests across a set of servers.
NatService	Provides network address translation services to computers on the network.
StaticRoutingService	Specifies static routes to other networks

vApp Edge Gateway Services

The Features element defines features of the vApp network, and can include the following services:

DhcpService	Provides DHCP services to virtual machines on the network.
FirewallService	Specifies firewall rules that, when matched, block or allow incoming or outgoing network traffic.
NatService	Provides network address translation services to virtual machines on the network.
StaticRoutingService	Specifies static routes to other networks. Requires a routed organization vDC network.

vCloud Networking and Security 5.1 Edge configuration limits and throughput (2042799)

Purpose

This article provides information about the configuration limits and performance metrics of the vCloud Networking and Security 5.1 Edge – compact, large, and x-large versions. You can use this information to make a deployment choice for Edge instances.

Resolution

Details of Edge instances used in performance metrics comparison

	Edge (Compact)	Edge (Large)	Edge (X-Large)
vCPU	1	2	2
Memory	256 MB	1 GB	8 GB
Disk	320 MB	320 MB	4.4 GB

Tested Limits

The following table provides information on the tested soft limits per vCloud Networking and Security Manager:

Note: These soft limits can be exceeded on a per feature basis depending on the resources and the set of features in use.

Limit	vCloud Networking and Security Manager
Number of Edge HA appliances	2,000 Compact / Large Edges or 1,000 X-Large Edges
Number of clusters	8
Number of hosts with Edge in use	256 (8 clusters * 32 hosts)
Number of hosts in inventory	400
Number of virtual machines	15000 total virtual machines, 5000 powered on
Number of networks	5000 VXLANs
Number of firewall rules	100,000
Number of firewall object groups	130,000
Number of DHCP static bindings	25,000
Number of DHCP pools	10,000
Number of static routes	100,000
Number of load balancer pools	3,000
Number of load balancer virtual servers	3,000
Number of members in load balancer pools	30,000

The following table provides information on the tested soft limits per vCloud Networking and Security Edge:

Limit	vCloud Networking and Security Edge
Number of interfaces	10
Number of firewall rules	2,000
Number of NAT rules	2,000
Number of DHCP static bindings	25
Number of DHCP pools	10
Number of static routes	100
Number of load balancer pools	3 (Hard limit: 64)
Number of load balancer virtual servers	3 (Hard limit: 64)
Number of members per load balancer pool	10 (Hard limit: 32)
Concurrent IPSec VPN Tunnels	64
Concurrent SSL VPN Tunnels	25 (Compact), 100 (Large)

Firewall and VPN Performance Comparison

	Edge (Compact)	Edge (Large)
Firewall Performance (Gbps)	3	9.7
Concurrent Sessions	64,000	1,000,000
New sessions/second	8,000	50,000
IPSec VPN throughput (Gbps) - H/W acceleration via AESNI	0.9	2

Load Balancer Performance Comparison

	Edge (Large)	Edge (X-Large)
Load balancer throughput – L7 Proxy Mode (Gbps)	2.2	3
Load balancer connections / sec – L7 Proxy Mode	46,000	50,000
Load balancer concurrent connections – L7 Proxy Mode	8,000	60,000
Load balancer throughput – L4 Mode (Gbps)	6	6
Load balancer connections / sec – L4 Mode	50,000	50,000
Load balancer concurrent connections – L4 Mode	600,000	1,000,000

Notes:

VMware recommends you to use Edge (Large) or Edge (X-Large) for load balancing
Edge (X-Large) is not available in the vCloud Director deployment

Test Server Configuration

Dell PowerEdge T610 with ESXi 5.1
CPU – 8 CPUs x 2.393 GHz Intel(R) Xeon(R) CPU E5620
Memory – 24 GB
Network – 2x Intel 82599EB 10-gigabit SFI/SFP+

Test Methodology

IXIA IX Chariot applications used for throughput, connections per second, and concurrent connections tests.
Throughput measured with 1500 byte TCP frame size.
Throughput measured with accept any to any firewall rule and no additional NAT rules.
Load balancer performance numbers are for HTTP traffic.
Feature performance quoted is independent of other features. For example, firewall throughput measured without load balancer or other services enabled.

Source:-

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2042799

Differences between Compact, Large and X-Large Edge Gateway appliances?

The vCloud Networking and Security Edge Gateway is available in three different sizes: Compact, Large, and X-Large. As part of the Edge Gateway deployment, we need to select the appliance size in the wizard as shown below.

The three different Edge Gateway appliances consume different resources and offer different performance levels. The resources used by three different Edge Gateway appliances and their performance levels based on VMware internal testing are posted in the vCloud Networking and Security 5.1 Edge configuration limits and throughput KB article.

As indicated in the KB article, Large appliance offers higher throughput compared to Compact appliance in terms of firewall performance, number of concurrent sessions, and IPSec VPN throughput.

	Edge (Compact)	Edge (Large)
vCPU	1	2
Memory	256 MB	1 GB
Firewall Performance (Gbps)	3	9.7
Concurrent Sessions	64,000	1,000,000
IPSec VPN throughput (Gbps) – H/W acceleration via AESNI	0.9	2

Use of Large or X-Large appliance recommended for using Edge Gateway load balancing service. X-Large appliance uses much higher memory and allows higher number of concurrent load balancer connections than Large appliance. The X-large Edge Gateway is not currently supported with vCloud Director 5.1. As the picture above shows, the X-Large deployment model has some limitations, such as a lack of SSL VPN support.

	Edge (Large)	Edge (X-Large)
vCPU	2	2
Memory	1 GB	8 GB
Load balancer throughput – L7 Proxy Mode (Gbps)	2.2	3
Load balancer connections / sec – L7 Proxy Mode	46,000	50,000
Load balancer concurrent connections – L7 Proxy Mode	8,000	60,000

Another cool feature offered with Edge Gateway deployment is we can start with one appliance and move to a different appliance at a later time. For example, we can deploy Edge Gateway Compact appliance and later upgrade to Large or X-Large with a click of a button as shown below.

In summary, choose the Edge Gateway appliance that suits your environment based on the resources consumed and the performance levels offered.

Info taken from blogs.vmware.com