'Service Router Limit Per Edge Exceeded' alarm is generated when NAT is enabled and the number of Service Routers is less than the supported limit
search cancel

'Service Router Limit Per Edge Exceeded' alarm is generated when NAT is enabled and the number of Service Routers is less than the supported limit

book

Article ID: 409383

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall

Issue/Introduction

VMware NSX is in use with the GFW (Gateway Firewall) enabled.
Alarms are generated for 'Service Router Limit Per Edge Exceeded' even though the number of Service Routers with GFW enabled is is less than the maximum allowed.

For example, a T0 (T0-GW-1) and 5 T1s (T1-GW-1 to T1-GW-5) are configured on a medium edge VM. GFW is enabled on T0-GW-1 and T1-GW-5 only. NAT is enabled on T1-GW-1 to T1-GW-4.

Even though the number of SR (Service Routers) with GFW enabled is 2, an alarm for "Service Router Limit Per Edge Exceeded" is generated. The number of SR reported in the alarm is 6.

Environment

VMware NSX 4.2.1 or later. NAT is enabled on T0/T1, where GFW is disabled.

Cause

This is expected behavior. Regardless of Gateway Firewall configuration (enabled or disabled), SRs with NAT enabled are counted towards SR limit on an edge node.

Resolution

Use the following formula to calculate the total number of SRs in an edge node:
total # of SRs = # of SRs with GFW enabled + # of SRs with NAT enabled. 

Refer to Configuration Maximums Portal for Service Router limit for different edge node sizes:
https://configmax.broadcom.com

Based on the number of SRs, deploy edge node(s) with an appropriate size.

Powered by Wolken Software