NSX Manager reports alarms "The datapath mempool usage for pfdnsdnpl on Edge node X has reached 85% which is at or above the high threshold value of 85%"
Article ID: 319146
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
- NSX Manager reports an Edge Node alarm, similar to:
- In the Gateway Firewall, a rule is using a Context Profile with the DNS attribute.
Environment
VMware NSX-T
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center 2.5.x
VMware NSX-T Data Center
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center 2.5.x
VMware NSX-T Data Center
Cause
The Edge memory pool pfdnsdnpl is becoming full due to a memory leak which occurs when a Gateway Firewall rule is using a Context Profile with the DNS attribute.
Resolution
This issue is resolved in NSX-T 3.1.2.
Workaround:
Avoid using Gateway Firewall rules using a Context Profile with the DNS attribute.
If the pfdnsdnpl memory pool is full, you will need to restart the Edge node after removing the rule.
Workaround:
Avoid using Gateway Firewall rules using a Context Profile with the DNS attribute.
If the pfdnsdnpl memory pool is full, you will need to restart the Edge node after removing the rule.
Additional Information
There is a similar issue which affects newer NSX versions documented in KB 92260.
Feedback
Yes
No
Powered by
