SNAT port usage high alarm triggered even though active sessions are not high
search cancel

SNAT port usage high alarm triggered even though active sessions are not high

book

Article ID: 327343

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • Critical alarm "SNAT Port Usage On Gateway Is High" is seen continuously for SNAT IP, even though there are not many active connections
  • You see messages similar to the following in the syslog:

    2023-04-14T18:05:10.037Z nsxmgr-03 NSX 5281 MONITORING [nsx@6876 alarmId="927cab4a-####-####-####-36f3a55a14b5" alarmState="OPEN" comp="nsx-manager" entId="62a03bb6-####-####-####-a7279c6a0ca6" errorCode="MP701099" eventFeatureName="nat" eventSev="CRITICAL" eventState="On" eventType="snat_port_usage_on_gateway_is_high" level="FATAL" nodeId="62a03bb6-####-####-####-a7279c6a0ca6" subcomp="monitoring"] SNAT ports usage on logical router 42ecb79b-####-####-####-c3e599c41862 for SNAT IP 10.10.10.10 has reached the high threshold value of 80%. New flows will not be SNATed when usage reaches the maximum limit.

Environment

VMware NSX-T Data Center
VMware NSX

Resolution

This issue is resolved in VMware NSX 3.2.4
This issue is resolved in VMware NSX 4.2.0


Workaround:

Disable the alarm under "Alarm Definitions". This should avoid the alarm from appearing. It is safe to do so as the error is happening by bug and not because of SNAT ports running out.

Additional Information

Impact/Risks:

No impact to production, alarm is false positive

 

Powered by Wolken Software