NSX UI Alarm Edge Datapath Mempool High for mempools pfa_ctx_pl3, pfa_key_ace_pl3, pfa_attrconn_pl3
search cancel

NSX UI Alarm Edge Datapath Mempool High for mempools pfa_ctx_pl3, pfa_key_ace_pl3, pfa_attrconn_pl3

book

Article ID: 433464

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware NSX VMware NSX Firewall

Issue/Introduction

An alarm for Edge Datapath Mempool High is seen in the NSX UI relating to mempools pfa_ctx_pl3, pfa_key_ace_pl3, and pfa_attrconn_pl3. These specific mempools are related to Layer 7 Gateway Firewall rules. If the mempool usages approach 100% usage, the Layer 7 GFW rules stop being processed until the datapath is restarted. Additionally, DNS requests, which hit a L7 DNS rule, can be dropped when there was no free entry in either mempool.

An Example of the alarm in the NSX UI (there are similiar alarms for mempools pfa_key_ace_pl3 and pfa_ctx_pl3):

Edge Datapath Mempool High
 nsx-edge-103
Transport Node
Medium
Dec 17, 2025, 12:17:51 PM
Open
Beginning of Expandable row content Screen reader table commands may not work for viewing expanded content, please use your screen reader's browse mode to read the content exposed by this button
Description:
The datapath mempool usage for pfa_attrconn_pl3 on Edge node <UUID> has reached 85% which is at or above the high threshold value of 85%.



Recommended Action:
Get the mempool usage using `get dataplane memory stats` CLI. 1. In case of high usage in malloc heap mempool, grep `malloc_heap` in the syslog file to get the pattern for increase in usage. If the free space is fairly consistent across all the logs, it just means high usage of malloc_heap and there wont be any functional or traffic disruption. 2. Firewall related mempool usage high means capacity is low. Move the Edge to a larger form factor or increase the number of Edge nodes in the Edge cluster. 3. Increase Edge form factor if alarm is raised after upgrading to a new configuration. View Knowledge Base  

 



The mem_usage.json log contained in the var/run/vmware/edge/ directory of the NSX edge node support bundle shows percent usage over 85%:

var/run/vmware/edge/mem_usage.json
{"name": "pfa_attrconn_pl3", "description": "Stateful Service Attribute Connection Pool", "total": 442368, "used": 389690, "percent": 88.09},
{"name": "pfa_ctx_pl3", "description": "Stateful Service Context Pool", "total": 24576, "used": 21649, "percent": 88.09},
{"name": "pfa_key_ace_pl3", "description": "Stateful Service Integer Attribute Key Pool", "total": 65536, "used": 57731, "percent": 88.09}

Environment

NSX 4.2.x where L7 rules are configured on Edge nodes and FQDN Analysis is enabled

Cause

Mempools pfa_ctx_pl3, pfa_key_ace_pl3, and pfa_attrconn_pl3 are not purged even after they are no longer needed (e.g. timestamp of mempool expired)

 

Resolution

This issue will be corrected in an upcoming mainline NSX release.


If the memory pool usage continues to climb on the Active edge, the work around is:

  • During a maintenance window, fail over the Active edge
  • Once that edge becomes the Standby edge, put it into NSX maintenance mode
  • Reboot the Standby edge to clear the mempools
  • Take the Standby edge back out of NSX maintenance mode.
Powered by Wolken Software