As system administrato what's exaclly i need?

[mhf-ir]

Hi as system administrator that have about 10 bare metal server what i need for deploy and run production grade gatekeeper ecosystem?

Just bare metal?

or
I need to configure switches? routers? what about the calculation of speed 10g, 40g or more...

As practical question what i need in real world use case. I'm not network guy, I'm layer 7 developer and need to know about the real world cases to buy example cisco switch 3064, with 10 and 40 gp ports.

For example deployment of ceph is depend on network and you can find many documents which hardware and with special configure could handle special work loads.

Thanks for your awesome project btw

[AltraMayor]

Hi @mhf-ir,

The recently added page Tip for deployments of our wiki should help you to get started with a small deployment that will enable you to test Gatekeeper, write your policy, and incrementally grow your deployment.

On the network hardware, it depends on what you are planning. If you own your IP addresses, that is, you make BGP announcements of your prefixes, you'll need at least one Gatekeeper server per vantage point (i.e. Internet exchanges, points of presence, etc.). The requirements of some vantage points and the need to have multiple Gatekeeper servers often require a router. If you are borrowing your IP addresses, the company providing the link can likely help you with the routing aspects, but the peak capacity of your deployment is limited to the contracted bandwidth.

The front interface of Gatekeeper servers should be at least 10Gbps in production; they can be 1Gbps for tests. The front interface is the interface that receives the incoming traffic. 40gbps interfaces are a good option if available, but faster interfaces are not advised at this point. Instead of a Gatekeeper server with a 100Gbps NIC, you are better off with two Gatekeeper servers each with a 40Gbps NIC. We expect this recommendation to change in the future when we add support to 100Gbps SmartNICs; but it's not going to happen soon.

The back NICs, the NICs that send out the filtered traffic should be proportional to your normal traffic. Thus, while the front NIC of a Gatekeeper server is 40Gbps, there's no requirement that the back interface is also 40Gbps, unless you do have that much filtered traffic.

You want to have loads of fast RAM memory on Gatekeeper servers. At least 256GB, but more is recommended. 512GB is a good reference. Gatekeeper uses this memory to track flows and enforce fine-grained filters. Grantor severs, on the other hand, don't need that much memory. 256GB on a Grantor server is plenty and should allow for a lot of flexibility while creating your policy.

While buying NICs, make sure that DPDK supports it. We only have experience deploying Gatekeeper on Intel Xeon processors, and we recommend sticking with them until experience with other processors grows.