Alarm for Group size exceeds limit is seen in the VMware NSX UI
search cancel

Alarm for Group size exceeds limit is seen in the VMware NSX UI

book

Article ID: 317151

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall

Issue/Introduction

This KB provides information on "Alarm for group_size_limit_exceeded", including how total number of effective members is calculated.

Title: Alarm for group_size_limit_exceeded
Event ID: group_size_limit_exceeded
Added in release: 4.1.0
AlarmDescription:

    Purpose: Group size exceeds limit alarm warns the user when the program needs long processing time due to processing large group members.
    Impact: In this case user should expect long processing time.

The total number of effective members in a group = IP addresses + MAC addresses + VIFs (virtual interfaces) + LSPs (logical switch ports) + LRPs (logical router ports) + SIDs (security identifiers)

When a VM is added to a group (e.g. via tags), its IP, MAC, VIF, and LSP are added to a group automatically.

For example, a tag is configured as a criteria in a group. There are 2600 VMs tagged with the tag. Each VM has 2 IPs (an IPv4 and IPv6 address), a VIF, a MAC, and a LSP. NSX calculates the effective member of the groups as follows:
Total number of effective member = 2600 x 2 (IP) + 2600 x 1 (VIF) + 2600 x 1 (MAC) + 2600 x 1 (LSP) = 13000

The total above exceeds the group limit. An alarm for group_size_limit_exceeded is shown in UI.

Environment

VMware NSX 4.1.0 or above

Resolution

1. Go to the group alarm, get the Group name.
2. Go to Inventory/Groups and find the oversized Group based on the name.
3. Edit the Group (reduce the Group size or split this Group to multiple smaller Groups).
    

Additional Information

Maintenance window required for remediation?
     No

API reference: https://{nsx-ip}/api/v1/alarms?feature_name=groups