Aria Operations for Logs load balancer incompatible with NSX Distributed Firewall Protection
search cancel

Aria Operations for Logs load balancer incompatible with NSX Distributed Firewall Protection

book

Article ID: 315975

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:

  • In the Aria Operations for Logs user interface under Administration > Management > System Monitor > Statistics, you see these symptoms:
     
    • The Syslog Events Incoming Rate (Per Second) metric is higher on the Integrated Load Balancer (ILB) node relative to all other nodes.
    • The API Events Incoming Rate (Per Second) metric is higher on the ILB node relative to all other nodes.
       
  • Higher CPU usage on the ILB node as compared to other nodes in a Aria Operations for Logs cluster.
  • You are using Aria Operations for Logs and VMware NSX.
  • An Aria Operations for Logs Cluster is behind NSX distributed Firewall Protection.



Environment

VMware Aria Operations for Logs 8.x

Cause

This issue occurs because Aria Operations for Logs' cluster virtual IP uses a Linux Virtual Server in Direct Server Return Mode (LVS-DR) for load balancing which is not supported by NSX.

Resolution

This is an expected behavior for Aria Operations for Logs while using NSX networking.

To work around this issue, exclude the virtual machines that are part of the Aria Operations for Logs cluster from VMware NSX Distributed Firewall Protection.

After adding the nodes to the exclusion list, it is necessary to perform a reboot of all nodes in the Aria Operations for Logs cluster.

​​​​​​Note: A service restart will not suffice here, a reboot is required.

  1. In the Aria Operations for Logs UI, note which node has the ILB (Integrated Load Balancer). You will reboot this node last.
  2. From the vSphere Web Client, right click the Aria Operations for Logs node, select Power > Restart Guest OS
  3. Repeat step 2 on the remaining nodes in the cluster, one by one.