Select gateway specifications based on two complementary dimensions: capacity thresholds and QPS performance. Capacity thresholds define how many connections and how much bandwidth a gateway node can sustain. QPS performance defines how many requests per second the gateway can process. In most cases, a specification that satisfies one dimension also satisfies the other. When only one dimension is the bottleneck, upgrade the specification until both align with your traffic requirements.
Capacity thresholds
The following table lists capacity thresholds per gateway node. Keep all gateway capacity metrics below the security thresholds for production workloads.
Deploy at least two nodes per gateway to meet your service-level agreement (SLA) targets. A single-node deployment cannot guarantee SLA compliance. When two or more nodes are deployed, thresholds apply per node based on each node's specification.
Threshold behavior:
| Threshold | Behavior |
|---|---|
| Security | The gateway maintains high throughput and low latency even if traffic doubles. |
| Warning | Latency may increase, and traffic spikes can introduce stability risks. |
| Overload | The gateway rejects new connections to protect stability. |
Capacity thresholds per node:
| Gateway capacity metric | Threshold | 2 cores, 4 GiB | 4 cores, 8 GiB | 8 cores, 16 GiB | 16 cores, 32 GiB |
|---|---|---|---|---|---|
| Number of client connections | Security | 12,000 | 24,000 | 48,000 | 96,000 |
| Warning | 24,000 | 48,000 | 96,000 | 192,000 | |
| Overload | 40,000 | 80,000 | 160,000 | 320,000 | |
| New HTTPS connections per second | Security | 400 | 800 | 1,600 | 3,200 |
| Warning | 800 | 1,600 | 3,200 | 6,400 | |
| Overload | — | — | — | — | |
| Network bandwidth (Gbit/s) | Security | 1 | 2 | 4 | 8 |
| Warning | 1 | 2 | 4 | 8 | |
| Overload | — | — | — | — | |
| CPU utilization | Security | 30% | 30% | 30% | 30% |
| Warning | 60% | 60% | 60% | 60% | |
| Overload | 90% | 90% | 90% | 90% | |
| Memory usage | Security | 75% | 75% | 75% | 75% |
| Warning | 75% | 75% | 75% | 75% | |
| Overload | 90% | 90% | 90% | 90% |
QPS performance
The following tables list pessimistic QPS values measured when CPU utilization is below 30%. Actual throughput varies based on response size, HTTPS usage, and gzip compression.
New HTTPS connections are CPU-intensive. In scenarios with a high volume of instantaneous concurrent HTTPS connections, use the short-lived connections tables to assess gateway capacity. The gzip compression feature is available to allowlisted users only. To request access, submit a ticket.
Short-lived connections — 1 KB response
| HTTPS | gzip | 2c4g x 3 nodes | 2c4g x 5 nodes | 4c8g x 3 nodes | 4c8g x 5 nodes | 8c16g x 3 nodes | 8c16g x 5 nodes | 16c32g x 3 nodes | 16c32g x 5 nodes |
|---|---|---|---|---|---|---|---|---|---|
| No | No | 5,200 | 8,700 | 10,500 | 17,500 | 21,000 | 35,000 | 42,000 | 70,000 |
| Yes | No | 1,600 | 2,700 | 3,200 | 5,500 | 6,500 | 11,000 | 13,000 | 22,000 |
Persistent connections — 1 KB response
| HTTPS | gzip | 2c4g x 3 nodes | 2c4g x 5 nodes | 4c8g x 3 nodes | 4c8g x 5 nodes | 8c16g x 3 nodes | 8c16g x 5 nodes | 16c32g x 3 nodes | 16c32g x 5 nodes |
|---|---|---|---|---|---|---|---|---|---|
| No | No | 6,500 | 10,800 | 13,000 | 21,700 | 26,000 | 43,500 | 52,000 | 87,000 |
| Yes | No | 6,000 | 10,000 | 12,000 | 20,000 | 24,000 | 40,000 | 48,000 | 80,000 |
| Yes | Yes | 5,200 | 8,700 | 10,500 | 17,500 | 21,000 | 35,000 | 42,000 | 70,000 |
Persistent connections — 10 KB response
| HTTPS | gzip | 2c4g x 3 nodes | 2c4g x 5 nodes | 4c8g x 3 nodes | 4c8g x 5 nodes | 8c16g x 3 nodes | 8c16g x 5 nodes | 16c32g x 3 nodes | 16c32g x 5 nodes |
|---|---|---|---|---|---|---|---|---|---|
| No | No | 5,600 | 9,300 | 11,200 | 18,700 | 22,500 | 37,500 | 45,000 | 75,000 |
| Yes | No | 5,300 | 9,000 | 10,700 | 18,000 | 21,500 | 36,000 | 43,000 | 72,000 |
| Yes | Yes | 3,100 | 5,200 | 6,200 | 10,500 | 12,500 | 21,000 | 25,000 | 42,000 |