CN-Series Prerequisites
Table of Contents
CN-Series Prerequisites
Review the system requirements for deploying the CN-Series
within a cluster.
System Requirements for the Kubernetes Cluster
Here are our recommended system requirements for deploying
the CN-Series firewall across its multiple supported modes.
5G-Native Security is exclusively supported on Daemonset and
Kubernetes CNF Mode.
CN Mode | Resource | Small | Medium | Medium | Medium | Large | Large |
|---|---|---|---|---|---|---|---|
Daemonset | Min CN-MGMT Memory | 3G | 3G | 4G | 4G | 16G | 16G |
Min CN-NGFW Memory | 2G | 6.5G | 16G | 32G | 48G | 56G | |
Recommended CN-MGMT Cores | 2 | 2 | 2 | 4 | 8 | 12 | |
Max CN-NGFW Cores | 2 | 4 | 8 | 16 | 31 | 47 | |
Disk | 52Gi | 52Gi | 52Gi | 52Gi | 52Gi | 52Gi | |
DPDK Hugepage Size | N/A | N/A | N/A | N/A | N/A | N/A | |
Kubernetes Service | Min CN-MGMT Memory | 3G | 3G | 4G | 4G | 16G | 16G |
Min CN-NGFW Memory | 4G | 6.5G | 16G | 32G | 48G | 56G | |
Recommended CN-MGMT Cores | 2 | 2 | 2 | 4 | 8 | 12 | |
Max CN-NGFW Cores | 2 | 4 | 8 | 16 | 31 | 47 | |
Disk | 52Gi | 52Gi | 52Gi | 52Gi | 52Gi | 52Gi | |
DPDK Hugepage Size | N/A | N/A | N/A | N/A | N/A | N/A | |
Kubernetes CNF | Min CN-MGMT Memory | 3G | 3G | 4G | 4G | 16G | 16G |
Min CN-NGFW Memory | 2G | 6.5G | 16G | 32G | 48G | 56G | |
Recommended CN-MGMT Cores | 2 | 2 | 2 | 4 | 8 | 12 | |
Max CN-NGFW Cores | 2 | 4 | 8 | 16 | 31 | 47 | |
Disk | 52Gi | 52Gi | 52Gi | 52Gi | 52Gi | 52Gi | |
DPDK Hugepage Size | 1G | 1G | 2G | 2G | 4G | 4G |
The memory and core combinations for CN-MGMT
and CN-NGFW applies to Small, Medium, and Large respectively. The
combination of Small, Medium, and Large pertaining to CN-MGMT maps
directly with respective CN-NGFW.
For maximum 5G-Native security performance, we recommend a Large
flavor for CN-Series in either modes. However, you can also choose
less resources based on the resource availability and performance
expectations. Please reference our recommendation options to assign
resources based on the CN-Series System Requirements.
- Kubernetes cluster running supported Kubernetes version. See CN-Series Deployment—Supported EnvironmentsIf you are using a GKE cluster, ensure that you enable the Kubernetes Network Policy API to allow the cluster administrator to specify which pods are allowed to communicate with each other. This API is required for the CN-NGFW and CN-MGMT Pods to communicate. For more information, see Enable Or Disable A Kubernetes API.
- Container Images—4 docker files. See Components Required to Secure Kubernetes Clusters with CN-Series Firewall.
- YAML files for your environment. See Components Required to Secure Kubernetes Clusters with CN-Series Firewall.
- Panorama OS version 10.2.0Panorama must be able to establish network connectivity with the Kubernetes cluster API server endpoint. In addition, you must add the ports that Panorama uses to fetch updates and communicate with the managed devices to an allow list, see Ports Used on Panorama.
- Kubernetes plugin 3.0.0 on Panorama version 10.2.0 is required to deploy the CN-Series as a Kubernetes CNF.
For information on scaling, see CN-Series Performance and Scaling.
For information on the CN-Series supported environments, see CN-Series Deployment—Supported Environments and Secure 5G With the CN-Series Firewall.
System Requirements for On-Premises Kubernetes Deployments
Review the following prerequisites for your on-premises
deployments:
- Ensure that the container images are accessible to all nodes in the Kubernetes cluster.
- Set up a persistent volume within the cluster for both the CN-MGMT pods. Since CN-MGMT pods that actively manage CN-NGFW pods, are deployed as a StatefulSet, both instances must have access to the persistent volume.
To get the SSH access for your Rancher cluster, you must
ensure that the content of the kubeconfig file is copied under the
location
/.kube/config
, and then only, you can
run kubectl commands for your cluster. Also, you should ensure
that the Kubernetes command-line tool, kubectl is installed on your
system. For more information, see Install Tools.
For
CN-Series with Rancher support, install Docker on Master node Ubuntu 18.0.4
LTS VM with 8 vCPUs and 32G Memory with minimum 200G disk. For more information,
see Install Docker On Ubuntu 18.04.
For
Ubuntu 18.0.4, Kernel on the machines should be updated to the latest Kernel
using the following command:
sudo apt install linux-generic-hwe-18.04 -y