There are 3 types of dataplane pods in the CN-Series HSF and all of them use the same dataplane pod image, but will have different configmap options. CN-Series HSF hosts two management pods.

CN-GW pods - The CN-GW pod is a type of dataplane pod, which has access to the external network traffic and manages load balancing of ingress and egress traffic. The nodes outside will only be aware of the CN-GW pods, their IPs, and all the data subnets for traffic are attached to these pods through multus interfaces. A minimum of 2 and a maximum 4 CN-GW pods are supported in CN-Series HSF 1.0. CN-GW pods are of static scale until the lifespan of the HSF cluster deployment. For example, if you had 2 GW pods initially, and you wish to scale out, while the CN-NGFW pods can scale out dynamically, you will have to redeploy the HSF cluster with an additional number of CN-GW pods.

CN-DB pods - The CN-DB pod is a type of dataplane pod that can query the session/flow ownership across the CN-NGFW pods.The CN-DBs support distribution of sessions to different CN-NGFWs based on different algorithms such as ingress-slot, round-robin, and session-load. CN-Series HSF supports two CN-DB pods and session information is duplicated between the two CN-DB pods with either of the two CN-DB pods functioning on the lookup/binding of flows.

CN-NGFW pods - The CN-NGFW pod processes actual traffic for C and U sessions, applies security policies, and allows separate scaling of the CN-NGFW pods. A minimum 2 and maximum 12 CN-NGFW pods are supported in CN-Series HSF 1.0.

CN-MGMT pod - All the NGFW pods (CN-GW, CN-DB, and CN-NGFW) are connected to a single CN-MGMT pod through IPsec on eth0.