NSX Guest Introspection capacity and troubleshooting
Article ID: 339246
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms:
- GI SVM memory exceeds 75% and guest workloads may be impacted.
- Log messages on the GI SVM show that connection rates exceed capacity.
- UI alerts will show if the GI SVM has exceeded memory threshold.
- In the vsm.log file, you see entries similar to:
2017-12-28 05:08:07.203 GMT INFO messagingTaskExecutor-1 EventServiceImpl:128 - [SystemEvent] Time:'Thu Dec 28 05:08:07.200 GMT 2017', Severity:'Critical', Event Source:'Guest Introspection Health Status', Code:'260009', Event Message:'High memory usage on GI SVM on host-3188.', Module:'Guest Introspection Health Status', Universal Object:'false'
- In the Networking & Security > Events > System Events, you see a recorded event of Code:'260009' and Event Message:'High memory usage on GI SVM on host-XXXX.'
Note: Use the vSphere Managed Object Browser to identify the problem host from the host moid (host-XXXX) logged in the Event Message.
Environment
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.4.x
Cause
This issue occurs when deployed virtual machines / host ratio or network connections per virtual machine capacity has been exceeded
Resolution
To resolve this issue:
Note: This is applicable for NSX for vSphere 6.3.5 and above versions only.
- Identify total throughput of network events on the GI SVM and specific VMs generating high rate of connections.
- Collect the GI SVM logs. For more information, see How to collect logs in NSX for vSphere 6.x Guest Introspection
- On a 10m interval, the GI SVM logs total processed network connections. You see entries similar to:
2017-12-28 05:28:06.934 UTC INFO taskScheduler-3 EventStatsManager:185 - Event counts
Total: 11820217
Preconnect: 5913188
Connect: 0
Listenstart: 0
Listenstop: 0
Inboundconnect: 0
Disconnect: 0 - Determine the rate of network events by observing the change in "Total" count of events.
- To determine high-throughput VMs, enable DEBUG logs on the GI SVM. For more information, see How to collect logs in NSX for vSphere 6.x Guest Introspection
- On a 10m interval, the GI SVM logs per VM, the total processed network connections. You see entries similar to:
2017-12-28 05:28:06.934 UTC INFO taskScheduler-3 EventStatsManager:198 - Per VM individual event counts
VM UUID, VMX Path: <VM UUID, VM_vmx_path>
Total: 11820217
......
- Identify hosts where virtual machines/ host has exceeded capacity.
- Redistribute virtual machines across hosts for load balancing.
| GI Memory Configuration |
VMs per ESXi | Sustained Network Events Rate per VM (events/s) | AD Groups per User |
| 2 GB | 50 | 1850 | 4 |
| 2 GB | 50 | 1000 | 4 |
| 2 GB | 50 | 800 | 4 |
| 2 GB | 50 | 700 | 4 |
Additional Information
It is possible to adjust the CPU/Memory thresholds on the GI SVM. You will see logs and system events once the threshold values are exceeded.
Get current global threshold:
Method : GET
URL: https://NSXM_IP/api/2.0/endpointsecurity/usvmstats/usvmhealththresholds
Set new threshholds:
Method: PUT
URL: https://NSXM_IP/api/2.0/endpointsecurity/usvmstats/usvmhealththresholds
Body:
<?xml version="1.0" encoding="UTF-8"?>
<UsvmHealthStats>
<memThreshold>75</memThreshold>
<cpuThreshold>75</cpuThreshold>
</UsvmHealthStats>
Get current global threshold:
Method : GET
URL: https://NSXM_IP/api/2.0/endpointsecurity/usvmstats/usvmhealththresholds
Set new threshholds:
Method: PUT
URL: https://NSXM_IP/api/2.0/endpointsecurity/usvmstats/usvmhealththresholds
Body:
<?xml version="1.0" encoding="UTF-8"?>
<UsvmHealthStats>
<memThreshold>75</memThreshold>
<cpuThreshold>75</cpuThreshold>
</UsvmHealthStats>
Feedback
Yes
No
Powered by
