Enabling Public Subnet Filtering Gateway Settings
This document describes the settings that you configure when you create the gateway and general settings that you can configure after the gateway is created.
About Public Subnet Filtering Gateway Setings
Account
Your cloud provider account. The Aviatrix Controller uses your cloud provider API credentials to make API calls; for example to launch Aviatrix Gateway in that cloud account.
To learn more about access accounts, see Accounts and Users.
Instance Size
Instance Size is the gateway instance size.
When selecting the gateway instance size, use the following guidelines of IPsec performance based on IPERF tests conducted between two gateways of the same size:
AWS Performance Numbers:
| AWS Instance Size | Expected Throughput |
|---|---|
T2 series |
Not guaranteed; it can burst up to 130Mbps |
c5.2xlarge, c5.4xlarge |
2Gbps - 2.5Gbps |
c5n.4xlarge |
25Gbps (with High Performance Encryption (HPE) Mode) |
c5n.9xlarge |
70Gbps (with HPE Mode) |
c5n.18xlarge |
70Gbps (with HPE Mode) |
Azure Performance Numbers (without High Performance Encryption Mode):
| Azure Instance Size | Expected Throughput |
|---|---|
B series |
Not guaranteed; it can burst up to 260Mbps |
D/Ds series |
480Mbps - 1.2Gbps |
F Series |
approximately 450Mbps - 1.2Gbps |
GCP Performance Numbers (without High Performance Encryption Mode):
| GCP Instance Size | Expected Throughput |
|---|---|
n1-standard-1, n1-standard-2, n1-highcpu-2 |
1.0 - 1.2 Gbps |
n1-standard-4, n1-highcpu-2 |
2.3 - 2.5 Gbps |
OCI Expected Throughput Numbers:
| OCI Instance Shape | Throughput with Active Mesh | Throughput without Active Mesh |
|---|---|---|
VM.Standard2.2 or larger |
1.8G |
900 Mbps |
With OCI you can choose a flexible shape to modify the Oracle CPU (OCPU) and memory configurations of your shape after it is deployed.
| OCI Flex Shape | OCPU and RAM |
|---|---|
FLEX4.16 |
E3 4 OCPU 8G RAM |
FLEX8.32 |
E3 8 OCPU 32G RAM |
FLEX16.32 |
E3 16 OCPU 32G RAM |
|
If you need IPsec performance beyond 2Gbps, refer to ActiveMesh HPE Performance Benchmark. |
Gateway Resize
You can change gateway instance size, if needed, to change gateway throughput. The gateway instance will restart with a different instance size.
If you use Availability Set when launching Azure gateways, different classes of VM sizes can be resized interchangeably.
See the Resizing a Gateway document.
To change gateway instance size, see Changing Gateway Instance Size
Attach to Unused Subnet
PSF gateways are launched in a public subnet in AWS. A public subnet in an AWS VPC is defined as a subnet whose associated route table has a default route entry that points to the Internet gateway.
If you do not have a VPC with a public subnet in AWS, you can use our Create a VPC tool to create a VPC with fully populated public subnets in each AZ.
About Public Subnet Filtering Gateway General Settings
Use VPC/VNet DNS Server
The Use VPC/VNet DNS Server feature enables you to set the default DNS server for the Aviatrix gateway.
When this feature is On, it removes the default DNS server for the Aviatrix Gateway and instructs the gateway to use the VPC or VNet DNS server configured in VPC or VNet DHCP option.
When this feature is Off, the Aviatrix Gateway will revert to use its built-in (default) DNS server.
|
When enabling this feature, the Controller checks to make sure the gateway can indeed reach the VPC/VNet DNS server; if not, an error is returned. |
For more information, see Using VPC/VNet DNS Server.
Jumbo Frame
Jumbo Frame improves Aviatrix Gateway throughput performance.
| Jumbo Frame is enabled by default for AWS and OCI. It is not supported for Azure or GCP. |
GRO/GSO
The GRO/GSO feature enables you to configure the gateway interface and enable or disable Generic Receive Offload (GRO) and Generic Segmentation Offload (GSO).
GRO/GSO is On by default to improve performance. You can set this feature to Off to minimize out of order packets for sensitive applications (like FTP), but there will be a performance throughput penalty.
Gateway Single AZ HA
Gateway Single AZ HA feature enables the Aviatrix Controller to monitor the health of the gateway and restart the gateway if it becomes unreachable. No secondary gateway is launched in this case.
Using Gateway Single AZ HA, you can select either the primary or secondary gateway as the gateway to restart.
When Gateway Single AZ HA status is On, Controller restarts the gateway instance. When status is Off, Controller does not attempt to restart the gateway instance.
Change Interface(s) RX Queue Size
Using the Change Interface(s) RX Queue Size, you can select a gateway and set the gateway’s interface(s) RX Queue Size.
-
A larger RX queue size introduces high latency in forwarding packets.
-
A smaller RX queue size has low latency but will drop packets early when forwarding packets.