We continue the series of articles on the Check Point Maestro solution. We have already published three introductory articles:
Now it's time to move on to load testing. As part of the article, we will try to show how load balancing occurs between nodes, and also consider the process of adding new gateways to an existing scalable platform. For tests, we will use the well-known traffic generator - TRex.
Scenario #1. Load balancing between two nodes
We will start our experience with the already created Security Group, which includes two 6500 gateways:
For a performance test, we will run the already mentioned TRex. As you can see from the screenshot below, the load on the CPU is distributed across two devices with an average load CPU at 50%:
Scenario #2. Adding a Gateway to the Security Group
Adding a new gateway to the Security Group is quite simple, in fact it's Drag & Drop:
TRex still works with the same parameters. After adding the gateway, all necessary configurations will be performed automatically. Even the policy is set by itself. The whole procedure takes 5-8 minutes. After adding, we see the changed indicators of the gateways:
As you can see, there are already 3 gateways and the average load on CPU already 35%.
Scenario N3. Emergency shutdown of one node
For the purity of the experiment, let's put out one node using the command clusterXL_admin down.
This will immediately affect the CPU load of two gateways already working in the cluster:
Instead of a conclusion
I am sure that many would like to test this technology. Especially for them, we are going to hold . The training will take place in Moscow, on November 19, at the Golden Gate Business Center. The workshop will be led by Check Point Scalable Platform Engineer - Ilya Anokhin. Unfortunately, the number of seats is very limited (due to the need for real equipment), so .
This is far from the last workshop we are going to host, so stay tuned (, , , )!
Source: habr.com