Allocating Resources for WAF Node

The amount of memory allocated for the WAF node determines the quality and speed of request processing. This instruction describes recommendations for WAF node memory allocation.

In a WAF node there are two main memory consumers:

  • Tarantool, also called postanalytics module. This is the local data analytics backend and the primary memory consumer in a WAF node.
  • NGINX is the main WAF node and reverse proxy component.

Tarantool

The Tarantool database is used to keep in a circular buffer a local copy of the data stream processed by a WAF node, including request and response headers and request bodies (but not response bodies).

The recommended value is 75% of the total server memory. But there is a more accurate way to define the required value: to make a WAF node efficient, the database should keep at least 15 minutes of transmitted data, with about 2x overhead for data serialization. Following these points, the amount of memory can be estimated by the formula:

Speed of request processing per minute in bytes * 15 * 2

For example, if a WAF node is handling at peak 50 MBps of end-user requests, the required Tarantool database memory consumption can be estimated as the following:

50 MBps / 8 (bits in a byte) * 60 (seconds in a minute) * 15 * 2 = 11,250,000,000 bytes (or ~ 10.4 GB)

Allocating Memory in Kubernetes Ingress Controller

Tarantool memory is configured for the ingress-controller-wallarm-tarantool pod using the following sections in the values.yaml file:

  • To set up memory in GB:

      controller:
      wallarm:
          tarantool:
          arena: "0.2"
    
  • To set up memory in CPU:

      controller:
      wallarm:
          tarantool:
          resources:
              limits:
              cpu: 1000m
              memory: 1640Mi
              requests:
              cpu: 1000m
              memory: 1640Mi
    

Allocating Memory in Other Deployment Options

The sizing of Tarantool memory is controlled using the SLAB_ALLOC_ARENA attribute in the /etc/default/wallarm-tarantool configuration file. To allocate memory:

  1. Open for editing the configuration file of Tarantool:

Debian 8.x (jessie)
Debian 9.x (stretch)
Debian 10.x (buster)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
Amazon Linux 2
# vi /etc/default/wallarm-tarantool
# vi /etc/default/wallarm-tarantool
# vi /etc/default/wallarm-tarantool
# vi /etc/default/wallarm-tarantool
# vi /etc/default/wallarm-tarantool
# vi /etc/default/wallarm-tarantool
# vi /etc/sysconfig/wallarm-tarantool
# vi /etc/sysconfig/wallarm-tarantool
# vi /etc/sysconfig/wallarm-tarantool

  1. Set the SLAB_ALLOC_ARENA attribute to memory size. For example:
SLAB_ALLOC_ARENA=10.4
  1. Restart Tarantool:

Debian 8.x (jessie)
Debian 9.x (stretch)
Debian 10.x (buster)
Ubuntu 14.04 LTS (trusty)
Ubuntu 16.04 LTS (xenial)
Ubuntu 18.04 LTS (bionic)
CentOS 6.x
CentOS 7.x
Amazon Linux 2
# systemctl restart wallarm-tarantool
# systemctl restart wallarm-tarantool
# systemctl restart wallarm-tarantool
# service wallarm-tarantool restart
# service wallarm-tarantool restart
# service wallarm-tarantool restart
# service wallarm-tarantool restart
# systemctl restart wallarm-tarantool
# systemctl restart wallarm-tarantool

To learn for how long a Tarantool instance is capable to keep traffic details with the current level of WAF node load, you can use the wallarm-tarantool/gauge-timeframe_size monitoring metric.

NGINX

NGINX memory consumption depends on many factors, and on average it can be estimated as the following:

Number of concurrent request * Average request size * 3

For example:

  • WAF node is processing at peak 10000 concurrent requests,
  • average request size is 5 kB.

The NGINX memory consumption can be estimated as follows:

10000 * 5 kB * 3 = 150000 kB (or ~150 MB)

To allocate the amount of memory:

  • for the NGINX Ingress controller pod (ingress-controller), use the following sections in the values.yaml file:
      controller:
      resources:
          limits:
          cpu: 1000m
          memory: 1640Mi
          requests:
          cpu: 1000m
          memory: 1640Mi
    
  • for other deployment options, use the NGINX configuration files.

Recommendations from the CPU utilization perspective

When running in the production mode it is recommended to allocate at least one CPU core for the NGINX process and one core for the Tarantool process.

Actual NGINX CPU utilization depends on many factors like RPS level, an average size of request and response, number of LOM rules handled by the node, types, and layers of employed data encodings like Base64 or data compression, etc. On average one CPU core can handle about 500 RPS. In the majority of cases it is recommended to initially over-provision a WAF node, see the actual CPU and memory usage for real production traffic levels, and gradually reduce allocated resources to a reasonable level (with at least 2x headroom for traffic spikes and node redundancy).

results matching ""

    No results matching ""