CN-Series Supported Scale Factors

Review the capacities on the Kubernetes plugin and the CN-Series firewall.
The scale numbers that the different components required to Secure Kubernetes Workloads with CN-Series are listed in the following sections:

Scale Supported on the CN-Series Components

Attribute
CN-Series Scale
Maximum CN-MGMT pairs per K8s cluster
4 CN-MGMT
(or 8 CN-MGMT pod instances in a cluster)
Maximum CN-NGFW pods per CN-MGMT pair
30
Kubernetes pods secured by CN-NGFW (per K8s node)
30
Maximum Number of TCP/IP Sessions per CN-NGFW
20,000 sessions
Maximum Dynamic Address Groups IP addresses* per CN-MGMT pair
2500
Tags per IP address* per CN-MGMT pair
32

Scale Supported on the Kubernetes Plugin on Panorama

Attribute
Kubernetes Plugin Scale
Maximum Clusters on a K8s Panorama Plugin
16 (across all supported environments such as native K8s, AKS, EKS, GKE)
Maximum pods per cluster in Kubernetes plugin
900 (30*30)
Maximum Services per K8s cluster (Internal + External)
40
Maximum IP addresses (Pods + Services) across clusters per device group in the Kubernetes plugin
32*30 + 40 * 16 = 1560 (MP supports 2500)

CN-Series Key Performance Metrics

The testing for the following information was conducted on Google Kubernetes Engine (GKE) with traffic directed between nodes and between pods on the same node in the same cluster.
Feature/Attribute
CN-Series Scale
Firewall Throughput (App-ID Enabled) vCPU of CN-NGFW
500 Mbps
Threat Prevention Throughput vCPU of CN-NGFW
250 Mbps
IPSec VPN Throughput per vCPU of CN-NGFW
N/A
Max Sessions
20,000 (DaemonSet)
Connections per Second
N/A

Recommended For You