FP Multi-Instance: Resizing Container Instances in Production

Introduction

I was recently involved in resizing a container instance for a customer. Despite searching everywhere, I could not find an official document that describes the process, so I made sure to document everything, which has turned into this post.

Case

Our customer had 2 x FP4115 in Multi-Instance with 4 logical container instances on each firewall running Firepower Threat Defence (FTD). So a total of 8 instances across both chassis constituting 4 A/S HA Pairs.
All instances were initially created using a Resource Profile that allocates 10 Cores for each instance, and the goal was to upgrade one of the instances from 10 to 16 cores.

Overall Procedure

  • Perform Failover on the Logical Instance from FMC by making the Secondary chassis Active for the container instance.
  • Disable the Container Instance on the Primary/Standby unit.
  • Edit the Logical Instance and change Resource Profile.
  • Enable the Logical Device and verify it’s booting.
  • HA Should be re-established, but LINA should be throwing warnings due to the different hardware specifications.
  • Make the Primary/Standby unit active so that it becomes Primary/Active, meaning that the Standby Chassis is handling no traffic for the container instance.
  • Re-do above.
  • Once both container instances and HA is back up, edit the HA Pair in the FMC, and under the Device tab, go to the Inventory Details section and click Refresh Inventory Details.

Procedure

First, create the desired Resource Profiles by logging onto FXOS and navigating to Platform Settings > Resource Profiles, then click Add and specify the number of Cores you wish to assign to the Container Instance. I have noted the expected amount of throughput based on the number of cores in the description field.

OBS: Remember to do this on both Chassis!


Perform Failover on the Logical Instance from FMC by making the Secondary Chassis Active for the container instance


The Primary firewall no longer handles any traffic for that particular HA Pair. Now browse to the FXOS of the Primary Chassis (Make sure it’s the right chassis!) And Disable the container instance.

It’s going to prompt if you really want to disable the instance. Say Yes


The Container Instance will be powered off. Once it has been marked Offline, click the Pencil icon and Click to Configure.