Avi Vantage on Cisco CSP 5000 - Sizing Guidelines

This document provides Cisco CSP 5000 sizing guidelines for deploying Avi Vantage.

Overview

Cisco CSP is a NFV platform based on Intel x86 and the KVM hypervisor. The Avi Controller and Service Engines can be deployed on Cisco CSP.

Cisco CSP is generally available as a 2-socket server, with configurable options for CPU, memory, disk, and network interface cards. The following sections discuss the sizing guidelines for common deployment scenarios.

Deploying Avi Service Engines on Cisco CSP 5000

Avi Service Engines (SEs) are deployed as virtual machines (VMs) on Cisco CSP. The performance of the SEs depends on the number of vCPUs per SE VM (for throughput and SSL TPS) and memory (for concurrent connections). For optimal performance, SE VMs must be deployed on Cisco CSP with SRIOV enabled.

The following table outlines the core allocation for CSP:

CSP Model Total cores available Cores reserved for OS Available cores
CSP 5216 16 2 14
CSP 5228 28 4 24
CSP 5436 36 4 32
CSP 5444 44 4 40
CSP 5436 56 4 52

Avi Vantage Performance on Cisco CSP 5000

The following table outlines Avi SE performance on Cisco CSP, Intel(R) Xeon(R) Gold 6152 CPU @ 2.10GHz, with hyper-threading disabled, and a 10-Gbps NIC with SRIOV enabled.

  • Hardware – Cisco CSP 5444
  • Software – CSP software - CSP Version 2.4.0
  • Avi Vantage version – 18.2.3
L4 Performance
L7 Performance
SE VM Size CPS Throughput RPS Throughput
2 vcpu, 4 gig (no dedicated dispatcher) 60000 7 Gbps 100000 7 Gbps
4 vcpu, 4 gig (dedicated dispatcher) 125000 9 Gbps 175000 8.5 Gbps
8 vcpu, 8 gig (dedicated dispatcher) 150000 9 Gbps 350000 9 Gbps
L7 SSL Performance (ECC)
L7 SSL Performance (RSA)
SE VM Size CPS Throughput RPS Throughput
2 vcpu, 4 gig (no dedicated dispatcher) 4000 3 Gbps 1500 3 Gbps
4 vcpu, 4 gig (dedicated dispatcher) 9000 5 Gbps 3200 5 Gbps
8 vcpu, 8 gig (dedicated dispatcher) 18000 9 Gbps 7000 9 Gbps

Notes:

  1. In general, the SSL/TLS performance (both throughput and TPS) scales linearly with the number of vCPUs. For example, 4-vCPU SE can provide a performance twice the capacity as listed in the table above.

  2. Dedicated dispatcher CPU – Selecting this option dedicates the core that handles packet receive/transmit from/to the data network to just the dispatching function. This option is most applicable for an SE that has three or more vCPUs.

Deploying Avi Controller on Cisco CSP 5000

In addition to Avi SEs, Avi Controller can also be deployed (as a VM) on Cisco CSP 5000. Avi Controller VM sizing is based on the system scale as outlined in the Avi Controller Sizing article.

Depending on the network design, the Avi Controller cluster can be deployed on dedicated Cisco CSP, or can share Cisco CSP with Avi SEs.

The following are the recommended Cisco CSP 5000 specification for various deployment scenarios:

Scale CSP Model Memory Storage NICs Max Avi SE performance+
Extra small CSP5216 256 GB 3 TB SSD 1x 40G NICs 20 Gbps SSL
25K SSL TPS
Small CSP5228 256 GB 3 TB SSD 1x 40G NICs 30 Gbps SSL
50K SSL TPS
Medium CSP5436 256 GB 3 TB SSD 2x 40G NICs 40 Gbps SSL
70K SSL TPS
Large* CSP5444 512 GB 6 TB SSD 2x 40G NICs 50 Gbps SSL
90K SSL TPS
Extra Large* CSP5456 512 GB 6 TB SSD 2x 40G NICs 65 Gbps SSL
115K SSL TPS

+Max Avi SE performance assumes all available vCPUs on the CSP are used for Avi SEs. If the Avi Controller is deployed on the same CSP, the maximum SE performance depends on the total number of vCPUs available for Avi SEs. The SSL numbers are for ECC TPS. These numbers are with SR-IOV configured on the NIC. Maximum throughput is achieved with vCPU/NIC affinity.

*This configuration is recommended when Cisco CSP is used to deploy multiple NFV solutions. For instance, Avi Vantage, virtual ASA, etc.

Creating Logical interfaces on Service Engine

The following table discusses the interfaces that can be created on a Service Engine:

Logical interface Limit
Maximum number of vNICs attached to Avi Vantage's SE VNF 23 (out of which vNIC0 would be used for Avi SE management)
Maximum number of vLANs on Avi SE 200
Maximum number of vLANs per SRIOV passthrough interface 64