cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From srinivas niddapu <sr...@axiomio.com>
Subject RE: Urgent Question at VPC router:
Date Mon, 17 Aug 2015 02:21:42 GMT
Thanks for the information Simon, 
We do add more resource to current VPC/vR and test the max no. of concurrent HTTP connections.

We do Static NAT internal VM to external address and port 80 only allowed on public. 
Currently HTTP connections established 2500 not crossing beyond that, expecting/required maximum
connections 5000.

Thanks,
Srini

-----Original Message-----
From: Simon Weller [mailto:sweller@ena.com] 
Sent: Monday, August 17, 2015 3:19 AM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: Re: Urgent Question at VPC router:

Srini/Anil,

The answer is, it depends. You can greatly scale the VRs by adding additional cores and additional
memory. The VRs are running Debian linux as a base, so any limitations would be the same as
the Debian distro.

In terms of IPSEC deployment, any software based IPSEC solution isn't going to perform throughput
wise as well as an appliance that does the encryption/decryption in hardware. In terms of
the number of tunnels, I'm not sure I have an answer to that, but most deployments would involve
a VR deployed per VPC/isolated network, so I can't imagine this would become a problem for
you.

There is a proposal out there right now to replace openswan with strongswan, as openswan is
no longer actively maintained:

https://cwiki.apache.org/confluence/display/CLOUDSTACK/Replacing+openswan+ipsec+with+strongswan+ipsec

In our deployments, we've found the current session limits to be based on the currently deployed
iptables conntrack configuration and the max session limits within the haproxy config. We
rolled out own VR to get around the conntrack problems, but the haproxy config is created
by the CS Management server, hence it would require a code change and recompile.

We've been thinking about proposing a rewrite to how the haproxy configuration is generated,
we just haven't got around to it as of yet.

The haproxy config won't matter to you, unless you're using load balancing on the front end.


We push very large amount of traffic through the VRs, with high current sessions and we've
been very happy with the performance after a little tweaking here and there.

I hope this helps a little.

- Si
________________________________________
From: srinivas niddapu <srini@axiomio.com>
Sent: Sunday, August 16, 2015 11:45 AM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: RE: Urgent Question at VPC router:

Hello,

Need info based on Anil requirement.
vRouter / VPC  maximum connections limit?   Is Unlimited connections supports?

Please share us info regarding max/min values (IPsec tunnels/VLANs/sessions/ACL rules).

Thanks,
Srini.

-----Original Message-----
From: Simon Weller [mailto:sweller@ena.com]
Sent: Sunday, August 16, 2015 10:05 PM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: Re: Urgent Question at VPC router:

Anil,

Do you actually have a problem, or are you asking whether the VR is capable of scaling to
your required connection level?

If you're experiencing problems, can you provide some more information in terms of logging
from the VR?
Are you hitting HAProxy connection limits, or iptables conntrack table full warnings?
Is the virtual cpu or memory usage very high?

- Si
________________________________________
From: anil lakineni <anilkumar459.lakineni@gmail.com>
Sent: Sunday, August 16, 2015 8:36 AM
To: users@cloudstack.apache.org; dev@cloudstack.apache.org
Subject: Urgent Question at VPC router:

Hi All,

I have a web server inside cloud VPC, It usually getting 2500 user hits on average at every
time But I need to increase the user connections for ex:
5000 hits on web server.
Do you have any idea that I should change some configurations at VPC vR in order to achieve
my requirement.?

Else, Is cloud platform with XenServer supports my requirement?

Please Help me with valuable suggestions,

Thanks in advance.

Regards,
Anil.

Mime
View raw message