1. Home
    2. CN-Series
    3. CN-Series Deployment Guide
    4. CN-Series Supported Scale Factors

    CN-Series Supported Scale Factors

    Review the capacities on the Kubernetes plugin and the CN-Series firewall.
    The scale numbers that the different components required to Secure Kubernetes Workloads with CN-Series are listed in the following sections:

    Scale Supported on the CN-Series Components

    Attribute
    CN-Series Scale
    Maximum CN-MGMT pairs per K8s cluster
    4 CN-MGMT
    (or 8 CN-MGMT pod instances in a cluster)
    Maximum CN-NGFW pods per CN-MGMT pair
    30
    Kubernetes pods secured by CN-NGFW (per K8s node)
    30
    Maximum Number of TCP/IP Sessions per CN-NGFW
    20,000 sessions
    Maximum Dynamic Address Groups IP addresses* per CN-MGMT pair
    2500
    Tags per IP address* per CN-MGMT pair
    32

    Scale Supported on the Kubernetes Plugin on Panorama

    Attribute
    Kubernetes Plugin Scale
    Maximum Clusters on a K8s Panorama Plugin
    16 (across all supported environments such as native K8s, AKS, EKS, GKE)
    Maximum pods per cluster in Kubernetes plugin
    900 (30*30)
    Maximum Services per K8s cluster (Internal + External)
    40
    Maximum IP addresses (Pods + Services) across clusters per device group in the Kubernetes plugin
    32*30 + 40 * 16 = 1560 (MP supports 2500)

    CN-Series Key Performance Metrics

    The testing for the following information was conducted on Google Kubernetes Engine (GKE) with traffic directed between nodes and between pods on the same node in the same cluster.
    Feature/Attribute
    CN-Series Scale
    Firewall Throughput (App-ID Enabled) vCPU of CN-NGFW
    500 Mbps
    Threat Prevention Throughput vCPU of CN-NGFW
    250 Mbps
    IPSec VPN Throughput per vCPU of CN-NGFW
    N/A
    Max Sessions
    20,000 (DaemonSet)
    Connections per Second
    N/A

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo