Skip to main content

Illumio Core 24.5 Install, Configure, Upgrade

Supercluster in PCE Web Console

This section describes using the PCE web console with a PCE Supercluster.

Overview of Supercluster in Web Console

Each PCE in the Supercluster processes the summarized traffic data reported by its managed workloads and stores a computed view of the traffic in memory, just as on a standalone PCE. The display of this data in the Illumination map, however, looks different depending on whether you are logged into the leader or one of the members:

  • The leader's Illumination map shows an aggregated view of traffic data for the entire Supercluster. The leader periodically queries traffic data from each PCE to generate this map.

  • The Illumination map on Supercluster members only shows data from workloads that have been paired with that member's PCE.

The following Illumination features are not available in a Supercluster (leader or member):

  • Clear traffic for one traffic link

  • Increase the VEN reporting rate.

These features are only available to a leader (and not available to a member):

  • Add a rule from Illumination.

  • Policy Generator

  • App Group configuration

VEN heartbeat and uptime data are not replicated in a Supercluster. It is available only on the leader itself and the individual members themselves:

Leader: Aggregated Illumination Data

The leader of the Supercluster shows a complete picture of all aggregated traffic from all PCEs in your Supercluster. Traffic data from members is refreshed periodically and then cached on the leader.

The refresh interval increases with the number of workloads you pair with the Supercluster. The minimum sync interval is 10 minutes and can be up to 24 hours, depending on the number of workloads you pair with your Supercluster. You can force a sync of traffic data from members to the leader at any time, but the sync can take several minutes to complete.

Depending on your network speeds and possible latency, the Illumination map's traffic data can be delayed temporarily while the data is syncing.

Supercluster Illumination Sync with Members

In the lower right of the Illumination map on the leader, a small timer indicates when the Illumination map data was last refreshed.

Click the timer to launch a dialog from which you can refresh the Illumination map data so all traffic from all PCEs in the Supercluster is displayed.

Member: Local Illumination Data

The Illumination map on a member displays traffic information only from those workloads paired with the member's PCE. When viewing the Illumination map on a member, you can see a message indicating that you are viewing a local traffic data set.

Web Console Filtering Problem

In the PCE web console on a Supercluster member, filtering the workload view with Policy Sync: Active displays the workloads for the entire Supercluster instead of the member on which the report is run. This filter includes workloads marked as "Unavailable."

Workaround: In addition to Policy Sync: Active, use the PCE member FQDN filter to exclude all workloads not paired with the desired member. This filter combination is available:

Policy Sync: Active and PCE: Member PCE FQDN