We have a Cisco UCS C240 M4. Is it possible to run two separate virtual AMD's on this server? The hardware resources would be DEDICATED equally partitioned between each virtual AMD.
We might be able to boost some of these, but our budget is thin.
What would be the drawback on using a virtual AMD vs physical? Are
there decodes/analyzers and other functionality that would be lost.
Here is why we need it. We are monitoring from both sides of the firewall. NetSec has implemented TCP sequence number randomization, and, of course, will not change from this. Just as they forced DH into the environment. We have been experiencing high sequence number gap, and two-way loss rates. We believe these are false because the users, server admins, etc. are not experiencing any issues.
Thanks and God bless,
First of all, sequence number randomization shall not cause any issues with the AMD. If it does, then it's a matter for a Support call.
Having said that, if you are feeding front and back of the FW to a single AMD, that wouldn't work in any case and indeed randomization would only amplify the problem. Monitoring on both sides of the FW it is a good reason to have two AMDs.
These two AMDs can be run as VMs on the same host. Limitations would be the performance overhead of the hypervisor and no possibility to run custom driver, so some overall capacity degradation. But it may be not an issue, depending on the traffic levels.
When you will have those two AMDs in place, it would be possible to measure FW latency an pick up FW connectivity errors. Latency measurement could be provided as a custom DMI metric based on comparing RTT seen on both sides of the FW - these will be visible as either two different links in the CAS DMI reporting (with respective AMD names), or - if you name the software services differently on the AMDs - as two different software services.
A very interesting case indeed.
I've experimented with virtual AMDs as a customer of mine wants that functionality.
We've found with better hardware than you are proposing ~5Gbps is as much as can be done in a VM. You'll get much better performance having one AMD physically on that equipment.
Not quite sure on if you're talking about two 10Gbit interfaces (20Gbits possible) or two dual port 10Gbit interfaces (40Gbits possible). But the specs for a 20Gbits capable AMD, call for 20cores, 128GB of RAM.
Unless lightly utilised your hardware won't meet those (potential) incoming traffic levels.
"First of all, sequence number randomization shall not cause any issues
with the AMD. If it does, then it's a matter for a Support call."
Support call was opened and was not fixed. We have an GigaVUE HC2 between the SPAN and the AMD. Support had us test with a different NPB (Ixia 5236); problem still occurs. Working with Gigamon, the TCP sequence number randomization issue occurred with another client who was using Exahop and capturing from both sides of the firewall.
"Not quite sure on if you're talking about two 10Gbit interfaces (20Gbits
possible) or two dual port 10Gbit interfaces (40Gbits possible)."
The UCS has 4 x 10Gb Ethernet ports (two dual 10Gb NICs). Apologies for misunderstanding.
Thanks and God bless,
I've just realized that you a re using the classic 12.4 AMD. This doesn't help for sure. It may be muddying the water of the sequence randomization issue - classic AMD doesn't scales as much as the release 17 AMD would, adding packet drops where these wouldn't appear on AMD 2017.
When do you plan to upgrade to release 2017? Please note that 12.4 support ends in six weeks...
I think it is muddying the waters also. All of DCRUM, except for the AMD, is on 2017. I am waiting for our DC team to rack, power and connect the UCS for me to build a new 2017 AMD. I am not a Linux or Cisco UCS guru, but I will have to learn quickly to get this up and running in time.
In the meantime, I wanted to know about the virtual so I would only be building once. But that appears to be not a viable option.
Will the hardware specs I gave in the beginning of this post suffice for a highspeed AMD?
Thanks and God bless,
The server looks fine. How many cores do the CPUs have? I guess 8 each. Anyway with 64 GB RAM and HS AMD the box should be enough to handle 5 Gbps HTTP or 10 Gbps TCP analysis.
Virtualization is an option on that box, I think. Just watch the AMD throughput then versus its resources. My gut feeling is that 2 virtual AMDs on this box should be able to handle 2 Gbps HTTP each (or 4 Gbps TCP each).