Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Multi-Core Scaling Support on AWS with SWRSS and ENA

EC2 instance types are predefined by AWS. You cannot launch an instance with an arbitrary number of vCPUs. This scenario leads to a gap between the resource AWS provides and the resource that vSRX Virtual Firewall 3.0 can use.

As an example: For AWS C5.4xlarge without software RSS, vSRX Virtual Firewall 3.0 will be launched with 9 vCPUs. Whereas we have 16 vCPUs that can be used. So, the remaining 7 vCPUs offered by AWS are wasted. With Software RSS, the hardware RSS queue limitation is removed. With more software queue available, more vCPUs can be deployed as data vCPUs.

Starting in Junos OS Release 19.4R1, vSRX Virtual Firewall 3.0 instances with the Software Receive Side Scaling (SWRSS) feature can scale up the number of vCPUs on instances with ENA support in AWS. The ENA enabled instances allow for more RSS queues. With the SWRSS feature, the dynamic ratio between number of vCPUs and RSS queues allows for the scale up of vSRX Virtual Firewall with larger AWS EC2 instances.

Software RSS supports up to 32 vCPUs. Launching vSRX Virtual Firewall into EC2 instance with more than 32 vCPUs will not provide further benefits. To support multi-core scaling you need to ensure SWRSS is enabled on vSRX Virtual Firewall instances.

With this feature support the AWS instances type supported by vSRX Virtual Firewall are c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, and c5.9xlarge. For more information, see Amazon EC2 Instance Types.