Information About Deploying Transit VPC with Autoscaler
Overview of Autoscaler
Autoscaler automatically performs scale in and scale out operations by adding and removing CSR instances depending on the volume of traffic in the transit VPC. Autoscaler optimizes CSR performance in transit VPC by effectively utilizing CSR instances in a cost-effective mode.
Scaling out refers to attaching additional CSR instances to increase capacity. Scaling in refers to detaching the CSR instances to reduce the extended capacity. When Autoscaler detects a load increase for a sustained period of time, it performs a scale-out by adding a new CSR instance to the Transit VPC capacity. Similarly, when Autoscaler detects a decrease in traffic for a sustained period of time, it performs scale-in action by terminating one of the instances in the Transit VPC. To handle varying loads, it configures and manages the appropriate number of CSR instances.
While performing scale-out, Autoscaler configures the CSR instance for all the existing on-premise VPN networks and the spoke VPC networks. Autoscaler cannot perform scaling out beyond the maximum number of instances and scaling in beyond the minimum number of instances defined.
Autoscaler performs scale-out and scale-in operations based on the metrics that are published on AWS CloudWatch. When Autoscaler detects that the metrics meet the pre-defined conditions, it takes appropriate action. To know about the conditions for performing scale out and scale in operations, see Scaling-Out and Scaling-In in Transit VPC.
Scaling-Out and Scaling-In in Transit VPC
Autoscaler scales out by attaching CSR instances. Autoscaler scales out when these conditions are met:
-
if the load on each CSR is higher than the base trigger value for a predefined period of time. For example, the load on each CSR in the group is higher than 50 percent of the license level for a period of 10 minutes.
-
at least one CSR in the group is above the threshold for a predefined period of time. For example, at least one CSR in the group must exceed 80 percent of the license level for a period of 15 minutes.
- if the maximum number of configured instances has not been met
-
if the configured debounce time for scale out has passed from the last scale out or scale in operation.
-
If the maximum number of Out of Compliance instances has not been met
Autoscaler scales in when these conditions are met:
-
If the load on all CSR instances in the group are below the trigger value. For example, the load on all CSR instances in the group are below 40 percent of the license level.
-
at least any one CSR is lower than the threshold for a predefined period of time. For example, at least any one CSR is lower than 10 percent of the license level.
-
if the configured debounce time for scale in has passed from the last scale-out or scale-in operation
-
if the minimum number of configured instances has not been met
Monitoring in Transit VPC
Autoscaler monitors events in the Transit VPC CSRs through CloudWatch metrics. It continuously monitors and detects any changes in the load and determines the actions to be taken based on the parameters defined. Based on the statistics that are published on CloudWatch, it determines the appropriate time to scale-in or scale-out.
For example, if throughput value is higher than the threshold defined for a period of over 15 minutes, it scales out.
Benefits of Autoscaler
-
Manages the changing requirements of a Transit VPC by adding or removing CSR instances to meet varying load demands. Whenever the load varies, there is no need for a manual intervention of adding or removing additional CSR instances.
- Performs automatic license activation for CSR instances for Bring Your Own License (BYOL) type.
- Effectively utilizes CSR instances in Transit VPC to save cost.
Prerequisites for Autoscaler
-
An AWS account with the privileges to create CloudFormation stack
-
Access to S3 Bucket and AMI in AWS
-
Elastic IPs for each CSRs in the group
-
CSR license types: BYOL or LicenseIncluded
-
Ensure that you meet the following service limits for the specified resources in the transit the account for the transit VPC deployment:
-
1 VPC (for transit VPC deployment)
-
1 NAT gateway
-
12 EPIs
-
1 S3 bucket
-
4 lambda functions
-
4 Cloudwatch logs
-
8 EC2 instances
-
1 SQS queue
-