Create a Post
Daniel_Kavan
Advisor

clusterXL @AWS on 2 cores

Jump to solution

Is anyone running clusterXL on R80.40 on 2 cores in the cloud as active/active?    I'm thinking about setting up an AWS transit gw with clusterXL with 2 cores for each member.     Is 2 cores enough?  I'm not sure if you can get 6 cores, 3 cores on each.

0 Kudos
1 Solution

Accepted Solutions
Nir_Shamir
Employee
Employee

I have installed Regular Clusters in AWS with 2 cores. 

This was dictated to me by the customer because of budget issues. They didn't pass a lot of traffic so 2 cores was enough.

Anyway , at any point , they can upgrade to a stronger VM image if they need to. 

Of course they will need to purchase more cores to their licenses.

View solution in original post

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

The “vendor recommended” size on our marketplace entry is a 4 core instance size. 
2 core instances only offer a bare minimum amount of RAM.
The next largest instance is 8 cores.
These choices are dictated by AWS.

Also note it’s not really ClusterXL Active/Active in the traditional sense, but there are various deployment methods that are active/active.

Nir_Shamir
Employee
Employee

I have installed Regular Clusters in AWS with 2 cores. 

This was dictated to me by the customer because of budget issues. They didn't pass a lot of traffic so 2 cores was enough.

Anyway , at any point , they can upgrade to a stronger VM image if they need to. 

Of course they will need to purchase more cores to their licenses.

View solution in original post

0 Kudos
Daniel_Kavan
Advisor

Nir,  Can you confirm your gateway cluster was in it's own VPC?   In the attached image from sk111013, you can see the cloud formation template creates a new VPC for the gateways.  From what I can tell, whether you use clusterXL or an autoscale group, these gateways get deployed to their OWN security VPC.

0 Kudos
Nir_Shamir
Employee
Employee

Yes, Best Practice is to put the deployment in its own VPC.

you can create a new one with the Template or build your own and use the template for "existing VPC"

0 Kudos
Timothy_Hall
Champion
Champion

Agree with Phoneboy here, even on a bare metal non-cloud firewall only having 2 cores will work but is not very efficient for traffic inspection and handling.

New 2021 IPS/AV/ABOT Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Daniel_Kavan
Advisor

Some times for funding, you have to go thru POC and show it can work though.  With active/active, I hope its a little better.   If AWS would have an AMI with 3 cores, that would be just right.

Update: we ended up NOT using a clusterXL at AWS because of the limitation of NOT being able to use a VIP over two separate AZs.  Using a cluster would have limited us to ONE AZ.

0 Kudos
PhoneBoy
Admin
Admin

The number of cores is typically a power (or at least a multiple) of 2.
Never seen physical hardware with just 3 cores.