When you populate the port ranges across all available PCA instances, the PCA assigns the same number of ports to each available PCA instance. Typically, however, the enterprise network infrastructure does not evenly distribute the traffic load across the entire range of available ports.
After you populate port ranges, you can discover that the traffic load is not evenly distributed between the instances. For example, PCA Instance 0 can be processing 75% of the forwarded data, while PCA Instance 1 is processing only 25%, even though each instance is listening on the same number of ports.
Using the steps below, you can adjust the port ranges assigned to each PCA instance to balance the load between available instances. This process can require iterative tuning and tweaking and should factor peak traffic periods.
- Instantiate the required number of PCA instances.
- In the Interface tab, click Populate Ports.
- Save your changes.
- The previous step distributes the load traffic evenly across all ports. The following
steps must be repeated until the data load is distributed evenly across all available ports to the
- Check the number of SSL hits/sec processed by each instance. SSL hit processing is the
most CPU-intensive operation and a good indicator for load balancing. If SSL hits are not the
primary traffic volume, then use the non-SSL hits/sec rates to gauge the load. You can use a
combination of the two, if required.
- Current Hits Per Second statistics are reported on the Summary tab, with each PCA instance reported under a separate ID value.
- SSL Hits/sec rate is reported in the Reassd Hits SSL column.
- Non-SSL Hits/sec rate is reported in the Reassd Hits Non-SSL column.
- Using the specific hit rates per second on each PCA instance, you must review and tweak the port ranges, expanding or contracting as needed, to more closely approximate even load distribution.
- Adjust and then review the results in the Summary tab.
Note: The PCA Web Console does not validate the specified port ranges. With each adjustment, verify that no gaps or overlaps are created in the port ranges and that the entire range of available ports is not specified.
- It is unlikely that any set of adjustments produces a even distribution. Getting the hits/sec rates for each range to within 25% of each other must suffice, as load rates can vary over time.
- Save your changes. The PCA is automatically restarted, and the changes are applied.
- Repeat the preceding steps until the load is balanced to your satisfaction.
- Check the number of SSL hits/sec processed by each instance. SSL hit processing is the most CPU-intensive operation and a good indicator for load balancing. If SSL hits are not the primary traffic volume, then use the non-SSL hits/sec rates to gauge the load. You can use a combination of the two, if required.
- When your adjustments are complete, verify that the entire range of available ports (1024 - 65535) is covered by your set of port ranges. Gaps and overlaps must be eliminated.