VMware Networking Community
liuga
Contributor
Contributor
Jump to solution

NSX Edge Firewall high concurrent connctions

Hi,

We have one NSX Edge running as firewall, and the concurrent connections always keep high (about 200K) even with few network traffics.

Any ideas what is the reason? and what NSX settings I should check to clear the connections?

Thanks

Antony

Tags (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
MohamadAlhousse
Enthusiast
Enthusiast
Jump to solution

I think if you deploy vRealize Network insight and integrate it with NSX, you can have a deep insight into all the traffic you have in your DC specifically the North-South traffic passing through the NSX edges with all sources and destinations. This way you can see if these are normal or not.

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly. Cheers, @vExpertConsult www.vexpertconsultancy.com VCIX-DCV 2018 | VCIX-NV 2019 | VCAP7-CMA Design | vSAN Specialist | vExpert ** | vExpert NSX | vExpert vSAN

View solution in original post

Reply
0 Kudos
3 Replies
Sreec
VMware Employee
VMware Employee
Jump to solution

Clear connections doesn't solve the actual issue. You should try to understand why there is a spike in the traffic . Please do perform a debug on the edge interfaces and you will certainly see what kind of traffic is flowing via each interfaces which will root cause the issue up-to an extent. NSX Command Line Quick Reference

https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.3/nsx_63_cli.pdf (Page:88)

If the traffic is coming from different DC farm or MPLS you will need help from network team as well. If you have VRNI configured in this setup , it will be very easy for you to know the flows.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Reply
0 Kudos
MohamadAlhousse
Enthusiast
Enthusiast
Jump to solution

I think if you deploy vRealize Network insight and integrate it with NSX, you can have a deep insight into all the traffic you have in your DC specifically the North-South traffic passing through the NSX edges with all sources and destinations. This way you can see if these are normal or not.

Please consider marking this answer "correct" or "helpful" if you think your question have been answered correctly. Cheers, @vExpertConsult www.vexpertconsultancy.com VCIX-DCV 2018 | VCIX-NV 2019 | VCAP7-CMA Design | vSAN Specialist | vExpert ** | vExpert NSX | vExpert vSAN
Reply
0 Kudos
liuga
Contributor
Contributor
Jump to solution

Ok, I will install vRealize Network insight and try to figure this out.

Thanks

Reply
0 Kudos