Scale Out Firewalls Based on Custom Metrics Supported
Table of Contents
11.0
Expand all | Collapse all
-
- CN-Series Key Concepts
- CN-Series Core Building Blocks
- Components Required to Secure Kubernetes Clusters with CN-Series Firewall
- CN-Series Deployment—Supported Environments
- CN-Series System Requirements
- Quickstart- CN-Series Firewall Deployment
- CN-Series Performance and Scaling
- Additional CN-Series Resources
-
- CN-Series Deployment Checklist
- CN-Series Prerequisites
- Install a Device Certificate on the CN-Series Firewall
- Create Service Accounts for Cluster Authentication
- Install the Kubernetes Plugin and Set up Panorama for CN-Series
- Get the Images and Files for the CN-Series Deployment
- Editable Parameters in CN-Series Deployment YAML Files
- Enable Horizontal Pod Autoscaling on the CN-Series
- Secure 5G With the CN-Series Firewall
- Enable Inspection of Tagged VLAN Traffic
- Enable IPVLAN
- Uninstall the Kubernetes Plugin on Panorama
- Features Not Supported on the CN-Series
-
- CN-Series HSF System Requirements
- Configure Traffic Flow Towards CN-Series HSF
- Test Case: Layer 3 BFD Based CN-GW Failure Handling
- View CN-Series HSF Summary and Monitoring
- Validating the CN-Series HSF Deployment
- Custom Metric Based HPA Using KEDA in EKS Environments
- Features Not Supported on the CN-Series
Scale Out Firewalls Based on Custom Metrics Supported
This test helps to validate the ability of
the CN-Series HSF cluster to auto scale, based on the custom metric
value target specified in autoscaling.
- Enable Autoscaling while you create the CN-Series HSF Cluster to autoscale based on custom metric target value specified in autoscaling. For more information, see Deploy the HSF Cluster
- Enter the CloudWatch namespace to push metrics to AWS CloudWatch.
- Enter the region of the EKS cluster.
- Enter the Push interval.
- Choose the Autoscaling Meric. In this example, you may wish to choose PansessionActive.
- Specify the scale in threshold and scale out threshold. For example, if you have 2 NGFW pods running and the total number of sessions on the firewall currently is 1000, then the cloud watch metric will show 500 (per NGFW pod).
- You can set scale out threshold to 250 and auto scale should spin up 2 more NGFW pods.
- Use show session info command on the MGMT pod to get the session information
- You can specify the maximum and minimum NGFW pods that can auto scale.Expected Result: The NGFW pod should auto scale based on the scale out threshold value