Hardware and software requirements

About Kaspersky SD-WAN > Hardware and software requirements

Hardware and software requirements

The solution includes the following software modules:

Orchestrator
Controls the solution infrastructure, functions as an NFV orchestrator (NFVO), and manages network services and distributed VNFMs. Can be managed via the web interface or REST API when using external northbound systems.

, which is part of the backend of the solution.
Orchestrator web interface, which is part of the frontend of the solution.
Orchestrator database (MongoDB version 5.0.7).
VNFM
Manages the lifecycle of virtual network functions using SSH, Ansible playbooks, scripts, and Cloud-init attributes.

.
NGINX web server for balancing HTTP and HTTPS requests to VNFMs and providing web proxies to CPE devices and VNFs.
Redis 6.2.7 resident database.
SD-WAN Controller
Centrally manages the overlay network and network devices in accordance with the service chain topology via the OpenFlow protocol. Deployed as a virtual or physical network function.

.

Modules are deployed as Docker containers for stand-alone installation and scaling. If necessary, you can provision additional resources (CPU cores, RAM) to each module and distribute them among multiple servers to increase the overall performance of the solution.

Kaspersky SD-WAN components can be deployed on multiple physical servers or virtual machines (VMs). KVM and VMware virtualization platforms are supported. You must ensure the availability of servers or virtual machines for installing Kaspersky SD-WAN, an external Zabbix 5.0.26 monitoring system, and an SD-WAN Controller.

The controller can be deployed in two ways:

As a VNF in the OpenStack cloud platform (Xena release). Controller nodes are hosted on compute nodes.
As a
PNF
Pre-deployed ready-to-use network functions that are uploaded to the orchestrator web interface. The orchestrator can then handle additional configuration of the PNF.

on separate virtual machines.

Before deploying Kaspersky SD-WAN, make sure that your network infrastructure meets the following hardware and software requirements.

Hardware requirements

Hardware requirements are listed in the following tables. Note that these requirements depend on the number of managed CPE devices used in the SD-WAN instance. The tables provide typical values, so if you need to calculate the exact requirements for your deployment scheme, please contact Kaspersky technical support.

Hardware requirements for servers or virtual machines for orchestrator deployment

CPE devices	CPU cores	RAM, GB	Disk space, GB	Network adapters	Virtual machines
up to 50	8	8	105	2	3
up to 100	8	10	110	2	3
up to 250	8	12	125	2	3
up to 500	8	16	150	2	3
up to 1,000	10	24	200	2	3
up to 5,000	12	32	600	2	3
up to 10,000	16	64	1100	2	5

Hardware requirements for servers or virtual machines for deployment of other components of the solution

CPE devices	CPU cores	RAM, GB	Disk space, GB	Network adapters	Containers

SD-WAN Controller
up to 50	4	8	64	2	3
up to 100	6	8	64	2	3
up to 250	8	16	64	2	3
up to 500	8	16	64	2	6
up to 1,000	8	16	64	2	12
up to 5000	8	16	64	2	60
up to 10,000	8	16	64	2	120
VNFM
up to 50	4	8	20	2	3
up to 100	4	8	20	2	3
up to 250	4	8	20	2	3
up to 500	4	8	20	2	3
up to 1000	4	10	20	2	3
up to 5000	4	12	20	2	3
up to 10000	4	16	20	2	3
Zabbix monitoring system
up to 50	4	8	100	2	3
up to 100	4	10	200	2	3
up to 250	6	12	350	2	3
up to 500	8	24	600	2	3
up to 1,000	10	32	1100	2	3
up to 5,000	12	64	5100	2	3
up to 10,000	16	128	10100	2	3

If you need to connect more than 250 CPE devices, deploy additional SD-WAN Controller clusters.

For detailed information about the hardware requirements of the Zabbix monitoring system, see the official documentation of the Zabbix solution.

When deploying the solution, an offline map is configured. Consider the following disk space requirements:

The offline map (central-fed-district-latest.osm.pbf) takes up approximately 100 GB.
Geocoding data takes up approximately 10 GB.

We recommend considering the possibility of overcommitment at the resource planning stage for your SD-WAN instance deployment. The maximum overcommitment ratio available when deploying containers is 3. The ratio is determined by the following characteristics of the SD-WAN instance:

Number of CPE devices in use
Frequency of network state changes
Traffic bandwidth
Size of transmitted traffic packets

Channel requirements

The following channels are supported:

MPLS transport networks
Broadband links for connecting to the Internet
Leased communication lines
Wireless connections including 3G, 4G, LTE, and 5G
Satellite communication channels

Software requirements

Docker 1.5 or later is required. The following 64-bit operating systems are supported:

Ubuntu 20 LTS or later
Astra Linux 1.7 or later (security level: "Orel").

Supported browsers

You can use the following browsers to manage the orchestrator web interface:

Google Chrome 100 or later
Firefox 100 or later
Microsoft Edge 100 or later
Opera 90 or later
Safari 15 or later

CPE device requirements

Kaspersky SD-WAN supports the following devices:

KESR-M1-R-5G-2L-W
KESR-M2-K-5G-1L-W
KESR-M2-K-5G-1S
KESR-M3-K-4G-4S
KESR-M4-K-2X-1CPU
KESR-M4-K-8G-4X-1CPU
KESR-M5-K-8G-4X-2CPU
KESR-M5-K-8X-2CPU

Kaspersky experts carried out tests to confirm the functionality of CPE devices when providing the L3 VPN service (see the table below). DPI (Deep Packet Inspection) was not used on the tested devices, and traffic encryption was disabled.

Tested CPE device models (L3 VPN Service)

Model	Packet size, bytes	Bandwidth (Mbps)
KESR-M1	IMIX (417)	30
KESR-M1	Large (1300)	115
KESR-M2	IMIX (417)	165
KESR-M2	Large (1300)	241
KESR-M3	IMIX (417)	805
KESR-M3	Large (1300)	1150
KESR-M4	IMIX (417)	1430
KESR-M4	Large (1300)	2870
KESR-M5	IMIX (417)	2875
KESR-M5	Large (1300)	5750

For more details about the specifications of CPE devices that you can use in Kaspersky SD-WAN, see the website of the solution.

Article ID: 239105, Last review: Aug 21, 2024

Page top