Performance Requirements

Nova performance is dependent on the hardware, VM, or container performance where it has been deployed. There are also minimum requirements for the full set of functionality.

Resourcing

Nova has three primary components to performance:

  • CPU count: the more CPUs (to a point) you add, the better the system will perform. As a general guideline we recommend at least 2 CPUs, however it is possible to run with just one.
  • Clock speed: faster CPUs will have much higher request per second and SSL transaction rates, this can make a very large difference to performance, especially with the WAF.
  • Memory: each active connection on Nova uses a small amount of memory, and then you have the processes and containers for things like the WAF. An installation should have at least 2GB of memory, but we recommend 4GB.

Compute Requirements

We recommend 2 CPUs and 2GB of memory as the minimum spec for a production Node. We have a guideline below on recommended system specifications.

SizeRPSSSL TPSCPUMemory
Micro1,00020011GB
Small10,0001,00022GB
Standard20,0004,00024GB
Large50,0008,00048GB
XL100,00012,000812GB
XXL120,00015,0001016GB

Note that if you are caching, or using the WAF, you need at least 4GB of memory.

Different hypervisors and cloud companies provide different "real world" performance for the same specifications, so the numbers you see above are provided as a general guide. Performance can be higher or lower.

Performance

Typically, if you have less than 10,000 clients, or under 1,000 RPS you do not need to consider performance per Node. An individual Node can be configured to handle 50-80Gbps of traffic and up to 120,000 requests per second (L7) or 20,000 SSL TPS in the right configurations and with the right virtual machines.

By far, the most costly activity on Nova is the WAF. It has to scan and process the entire content of every request, making it 10-20x slower than the ADC without WAF. In high performance environments it is a good idea to run naked ADCs that are configured for performance, with WAF separated from the task. Alternatively, you can scale out (e.g. using a Nova Autoscaler) to handle the increased load.

Scaling

Nova is a modern system, designed to function in a non-monolithic nature. When scaling Nova (and next-gen infrastructure in general) you want to spread the load. An ADC per service or application is much more performant and reliable than one massive north-south ADC at the ingress to your infrastructure.

We also recommend scaling-out versus scaling-up. This means running multiple (potentially autoscaling) Nodes that are of a medium size versus one that is extremely powerful. Containers and VMs perform best at around 4 CPUs with 4-8GB of memory in our tests. It's often wiser to run 2 or more in an active configuration.

This attitude also helps you to limit the effect of a system failing.

RPS and TPS

RPS (requests per second) and TPS (transactions per second) are a measurement of how many Layer 7 requests and SSL accelerated requests the ADC is handling per second. This is an excellent way to spec performance, but can be harder to estimate in an environment. Generally speaking, you can multiply RPS/TPS by 3 to get an idea of how many active users it could handle.

For example, on a webserver deployment lets suggest we have a Large deployment, handling 50,000 HTTP requests per second. This would likely be around (3 x 50,000) = 150,000 active users on the website.

For API workloads it is much easier, and you can translate API requests per second directly into transactions.

Performance Tips

For high performance installations we have several recommendations. These are designed for advanced users with high throughput requirements.

1. Disable Nova Vision on your ADCs.

2. Disable session persistence if not needed on your ADCs.

3. Run an official VM image or Ubuntu installer image as opposed to a container on a basic Linux install.

4. Disable userland-proxy for Docker daemons to improve WAF performance. 

5. Disable user-land proxy for docker by adding the below to /etc/docker/daemon.json:
{
   "userland-proxy": false,
}

6. Have high clock speed CPUs, scale CPUs to improve performance of the WAF and SSL TPS.

7. Ensure Nova can adjust sysctl values on the server, or, get the official Nova sysctl settings.