Fork me on GitHub
Teleport

Scaling

Improve

This section covers recommended configurations for large-scale deployments of Teleport.

For Teleport Cloud customers, the settings in this guide are configured automatically.

Prerequisites

  • Teleport v9.2.3 Open Source or Enterprise.

Hardware recommendations

Set up Teleport with a High Availability configuration.

ScenarioMax Recommended CountProxyAuth ServerAWS Instance Types
Teleport Nodes connected to Auth Server10,0002x 4 vCPUs, 8GB RAM2x 8 vCPUs, 16GB RAMm4.2xlarge
Teleport Nodes connected to Proxy Server through reverse tunnels10,0002x 4 vCPUs, 8GB RAM2x 8 vCPUs, 16+GB RAMm4.2xlarge

Proxy Configuration

Upgrade Teleport's connection limits from the default connection limit of 15000 to 65000 and use an in-memory cache instead of the default SQLite persistent cache.

teleport:
  cache:
    # Use an in-memory cache to speed up the connection of many teleport nodes
    # back to proxy.
    type: in-memory
  # Set up connection limits to prevent throttling of many nodes connecting to proxies
  connection_limits:
    max_connections: 65000
    max_users: 1000

Auth Configuration

Upgrade Teleport's connection limits from default connection limit of 15000 to 65000.

# Teleport Auth
teleport:
  connection_limits:
    max_connections: 65000
    max_users: 1000

Kernel parameters

Tweak Teleport's systemd unit parameters to allow a higher amount of open files:

[Service]
LimitNOFILE=65536

Verify that Teleport's process has high enough file limits:

cat /proc/$(pidof teleport)/limits

Limit Soft Limit Hard Limit Units

Max open files 65536 65536 files