本节介绍为什么在 NSX Advanced Load Balancer UI 的下观察到 SE_SYN_CACHE_USAGE_HIGH 和 CONN_DROP_POOL_LB_FAILURE 警示。
- SE_SYN_CACHE_USAGE_HIGH
-
此警示指示 SYN 缓存使用率超过配置的阈值。
- CONN_DROP_POOL_LB_FAILURE
-
此警示指示池负载均衡决策失败。
要对这些警示进行故障排除并增加其阈值,请登录到 NSX Advanced Load Balancer shell 提示符,并运行 show serviceengine <foo> flowtablestat 命令。将 foo 替换为 NSX Advanced Load Balancer 服务引擎名称。
将 NSX Advanced Load Balancer 控制器 的 shell 命令应用于虚拟服务所在的服务引擎,或从中观察到警示的服务引擎。
show serviceengine <foo> flowtablestat 命令的示例输出如下所示:
[admin:10-1-1-1]: > show serviceengine 10.1-1-1 flowtablestat +--------------------------------------+-------------------------------------+ | Field | Value | +--------------------------------------+-------------------------------------+ | se_uuid | 10-1-1-1:se-10.1-1-1-avitag-1 | | proc_id | C1_L4 | | dispatch[1] | | | intf_name | bond0 | | mac | XX:C4:XX:XX:9E:XX | | vnic_id | 32 | | flow_inband_update_ignored | 0 | | flow_pkts_throttled | 0 | | flow_conn_throttled | 0 | | flow_conn_throttled_mem | 0 | | flow_conn_throttled_num_flows | 0 | | flow_conn_throttled_num_syn | 0 | | fault_injection_tcp_drops | 0 | | icmp_current_rate | 0 | | icmp_rsp_current_rate | 0 | | arp_current_rate | 0 | | flow_parse_udp | 0 | | rst_sent | 0 | | flow_table_remote_entries | 0 | | icmp_rx_rl_cfg_pps | 100 | | icmp_rx_rl_confirming | 0 | | icmp_rx_rl_drops | 0 | | arp_rx_rl_cfg_pps | 100 | | arp_rx_rl_confirming | 0 | | arp_rx_rl_drops | 0 | | tcp_rst_tx_rl_cfg_pps | 100 | | tcp_rst_tx_rl_confirming | 0 | | tcp_rst_tx_rl_drops | 0 | | flowprobe_tx_rl_cfg_pps | 250 | | flowprobe_tx_rl_confirming | 0 | | flowprobe_tx_rl_drops | 0 | | flow_mac_errors | 0 | | syn_dropped_delete_pending | 0 | | invalid_vlan | 0 | | flow_parse_tcp_kni | 0 | | flow_table_num_tcp_entries | 0 | | flow_table_num_udp_entries | 0 | | flow_probes_req_sent | 0 | | flow_probes_req_received | 0 | | flow_probes_rsp_sent | 0 | | flow_probes_rsp_received | 0 | | flow_probes_req_discarded_miss | 0 | | flow_probes_req_discarded_nonlocal | 0 | | flow_act_rl_drop | 0 | | doser_oom | 0 | | delay_fairness | False | | flow_del_req_sent | 0 | | flow_del_req_received | 0 | | flow_syn_seen_from_syn_seen | 0 | | flow_syn_seen_from_half_closed | 0 | | flow_syn_seen_from_closed | 0 | | flow_syn_seen_from_unknown | 0 | | flow_num_syns | 0 | | flow_num_syns_mim | 0 | | flow_syn_seen_aged | 0 | | flow_est_aged | 0 | | flow_half_closed_aged | 0 | | flow_closed_aged | 0 | | flow_unknown_aged | 0 | | flow_del_req_received_for_local | 0 | | flow_del_req_received_not_found | 0 | | flow_remote_entry_on_secondary | 0 | | flow_loop_detected | 0 | | flow_dropped_vs_down | 0 | | flow_parse_lacp_kni | 0 | | l2_flow_probes_req_sent | 0 | | l2_flow_probes_req_received | 0 | | l2_flow_probes_rsp_sent | 0 | | l2_flow_probes_rsp_received | 0 | | l3_flow_probes_req_sent | 0 | | l3_flow_probes_req_received | 0 | | l3_flow_probes_rsp_sent | 0 | | l3_flow_probes_rsp_received | 0 | | flow_created_by_probe_rsp | 0 | | send_pkt_with_intf_no_route | 0 | | send_pkt_with_intf_arp_fail | 0 | | flow_delete_before_update | 0 | | flow_multiple_updates | 0 |
在上一个输出中,检查 flow_conn_throttled_num_syn 计数器的值。此计数器的默认值为 40,000,可以根据要求将其增加为更大的值。增加 flow_conn_throttled_num_syn 计数器的阈值并监控系统的错误。如果仍观察到警示,可以进一步增加 flow_conn_throttled_num_syn 计数器的阈值。
使用 configure serviceengineproperties 命令更改 flow_table_new_syn_max_entries 的值。在下面所述的示例中,flow_table_new_syn_max_entries 计数器的值增加到 400000。
从 NSX Advanced Load Balancer 控制器 的主节点中输入 NSX Advanced Load Balancer shell 提示符。
从 shell 提示符中使用 configure serviceengineproperties 命令。
从 seproperties 子模式中,输入 se_runtime_properties flow_table_new_syn_max_entries 400000 命令。
退出子提示符以保存更改。
更改会立即生效,无需重新引导。
要检查 NSX Advanced Load Balancer 服务引擎上的内存问题,请使用 show serviceengine <foo> flowtablestat 命令查看以下计数器:
flow_conn_throttled
flow_conn_throttled_mem
flow_conn_throttled_num_flows
flow_pkts_throttled
flow_table_new_syn_max_entries 计数器的默认值为 0,并且 SE 会根据 SE 上的可用内存自动选取一个数字。
对于大多数 SE,为 flow_table_new_syn_max_entries 计数器选取的默认值已经足够了,不需要通过手动设置来增加阈值。如果观察到限制,用于设置 flow_table_new_syn_max_entries 计数器值的手动设置仍可供使用。按照以下步骤更改 flow_table_new_syn_max_entries 的默认值。
configure serviceengine flow_table_new_syn_max_entries 900000 save </code></pre>
有关在 NSX Advanced Load Balancer 上生成的事件和警示的详细信息,请参阅事件列表。
