Highlighted
Contributor
Contributor

NSX Edge Firewall high concurrent connctions

Jump to solution

Hi,

We have one NSX Edge running as firewall, and the concurrent connections always keep high (about 200K) even with few network traffics.

Any ideas what is the reason? and what NSX settings I should check to clear the connections?

Thanks

Antony

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
Highlighted
Enthusiast
Enthusiast

I think if you deploy vRealize Network insight and integrate it with NSX, you can have a deep insight into all the traffic you have in your DC specifically the North-South traffic passing through the NSX edges with all sources and destinations. This way you can see if these are normal or not.

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly. Cheers, @vExpertConsult www.vexpertconsultancy.com VCIX-DCV 2018 | VCIX-NV 2019 | VCAP7-CMA Design | vSAN Specialist | vExpert ** | vExpert NSX | vExpert vSAN

View solution in original post

0 Kudos
3 Replies
Highlighted
VMware Employee
VMware Employee

Clear connections doesn't solve the actual issue. You should try to understand why there is a spike in the traffic . Please do perform a debug on the edge interfaces and you will certainly see what kind of traffic is flowing via each interfaces which will root cause the issue up-to an extent. NSX Command Line Quick Reference

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.3/nsx_63_cli.pdf (Page:88)

If the traffic is coming from different DC farm or MPLS you will need help from network team as well. If you have VRNI configured in this setup , it will be very easy for you to know the flows.

Cheers,
Sree | CKA|VCAP-NSX-T| VCIX-3X| VCAP-3X| VExpert 4x
0 Kudos
Highlighted
Enthusiast
Enthusiast

I think if you deploy vRealize Network insight and integrate it with NSX, you can have a deep insight into all the traffic you have in your DC specifically the North-South traffic passing through the NSX edges with all sources and destinations. This way you can see if these are normal or not.

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly. Cheers, @vExpertConsult www.vexpertconsultancy.com VCIX-DCV 2018 | VCIX-NV 2019 | VCAP7-CMA Design | vSAN Specialist | vExpert ** | vExpert NSX | vExpert vSAN

View solution in original post

0 Kudos
Highlighted
Contributor
Contributor

Ok, I will install vRealize Network insight and try to figure this out.

Thanks

0 Kudos