This section explains why SE_SYN_CACHE_USAGE_HIGH and CONN_DROP_POOL_LB_FAILURE alerts are observed on Avi Load Balancer UI under .
- SE_SYN_CACHE_USAGE_HIGH
-
This alert indicates SYN cache usage over the configured threshold value.
- CONN_DROP_POOL_LB_FAILURE
-
This alert indicates the failure of pool load balancing decision(s).
To troubleshoot and increase the threshold values for these alerts, log in to the Avi Load Balancer shell prompt and run the show serviceengine <foo> flowtablestat command. Replace foo with the Avi Load Balancer Service Engine name.
Apply the shell command of the Avi Load Balancer Controller to the Service Engine where the virtual service is placed, or to the Service Engine from which alerts are observed.
A sample output for show serviceengine <foo> flowtablestat command is shown below:
[admin:10-1-1-1]: > show serviceengine 10.1-1-1 flowtablestat +--------------------------------------+-------------------------------------+ | Field | Value | +--------------------------------------+-------------------------------------+ | se_uuid | 10-1-1-1:se-10.1-1-1-avitag-1 | | proc_id | C1_L4 | | dispatch[1] | | | intf_name | bond0 | | mac | XX:C4:XX:XX:9E:XX | | vnic_id | 32 | | flow_inband_update_ignored | 0 | | flow_pkts_throttled | 0 | | flow_conn_throttled | 0 | | flow_conn_throttled_mem | 0 | | flow_conn_throttled_num_flows | 0 | | flow_conn_throttled_num_syn | 0 | | fault_injection_tcp_drops | 0 | | icmp_current_rate | 0 | | icmp_rsp_current_rate | 0 | | arp_current_rate | 0 | | flow_parse_udp | 0 | | rst_sent | 0 | | flow_table_remote_entries | 0 | | icmp_rx_rl_cfg_pps | 100 | | icmp_rx_rl_confirming | 0 | | icmp_rx_rl_drops | 0 | | arp_rx_rl_cfg_pps | 100 | | arp_rx_rl_confirming | 0 | | arp_rx_rl_drops | 0 | | tcp_rst_tx_rl_cfg_pps | 100 | | tcp_rst_tx_rl_confirming | 0 | | tcp_rst_tx_rl_drops | 0 | | flowprobe_tx_rl_cfg_pps | 250 | | flowprobe_tx_rl_confirming | 0 | | flowprobe_tx_rl_drops | 0 | | flow_mac_errors | 0 | | syn_dropped_delete_pending | 0 | | invalid_vlan | 0 | | flow_parse_tcp_kni | 0 | | flow_table_num_tcp_entries | 0 | | flow_table_num_udp_entries | 0 | | flow_probes_req_sent | 0 | | flow_probes_req_received | 0 | | flow_probes_rsp_sent | 0 | | flow_probes_rsp_received | 0 | | flow_probes_req_discarded_miss | 0 | | flow_probes_req_discarded_nonlocal | 0 | | flow_act_rl_drop | 0 | | doser_oom | 0 | | delay_fairness | False | | flow_del_req_sent | 0 | | flow_del_req_received | 0 | | flow_syn_seen_from_syn_seen | 0 | | flow_syn_seen_from_half_closed | 0 | | flow_syn_seen_from_closed | 0 | | flow_syn_seen_from_unknown | 0 | | flow_num_syns | 0 | | flow_num_syns_mim | 0 | | flow_syn_seen_aged | 0 | | flow_est_aged | 0 | | flow_half_closed_aged | 0 | | flow_closed_aged | 0 | | flow_unknown_aged | 0 | | flow_del_req_received_for_local | 0 | | flow_del_req_received_not_found | 0 | | flow_remote_entry_on_secondary | 0 | | flow_loop_detected | 0 | | flow_dropped_vs_down | 0 | | flow_parse_lacp_kni | 0 | | l2_flow_probes_req_sent | 0 | | l2_flow_probes_req_received | 0 | | l2_flow_probes_rsp_sent | 0 | | l2_flow_probes_rsp_received | 0 | | l3_flow_probes_req_sent | 0 | | l3_flow_probes_req_received | 0 | | l3_flow_probes_rsp_sent | 0 | | l3_flow_probes_rsp_received | 0 | | flow_created_by_probe_rsp | 0 | | send_pkt_with_intf_no_route | 0 | | send_pkt_with_intf_arp_fail | 0 | | flow_delete_before_update | 0 | | flow_multiple_updates | 0 |
In the previous output, check the value of the flow_conn_throttled_num_syn counter. The default value of this counter is 40,000, and it can be increased to a greater value based on the requirement. Increase the threshold value for the flow_conn_throttled_num_syn counter and monitor the system for errors. If the alerts are still observed, then the threshold value for flow_conn_throttled_num_syn counter could be increased further.
Use configure serviceengineproperties command to change the value of flow_table_new_syn_max_entries. In the below-mentioned example, the value of the flow_table_new_syn_max_entries counter is increased to 400000.
Enter the Avi Load Balancer shell prompt from the Avi Load Balancer Controller's leader node.
Use the configure serviceengineproperties command from the shell prompt.
From the seproperties sub-mode, enter se_runtime_properties flow_table_new_syn_max_entries 400000 command.
Exit from the sub-prompt to save the changes.
The changes take effect immediately, and a reboot is not required.
To check the memory issues on Avi Load Balancer Service Engines, check the following counters using the show serviceengine <foo> flowtablestat command:
flow_conn_throttled
flow_conn_throttled_mem
flow_conn_throttled_num_flows
flow_pkts_throttled
The default value of the flow_table_new_syn_max_entries counter is 0, and the SE automatically picks up a number based on the available memory on the SE.
For most of the SE, the default value picked up for the flow_table_new_syn_max_entries counter is good enough, and the manual setting to increase the threshold value is not required. The manual setting to set the value for the flow_table_new_syn_max_entries counter is still available for use if throttling is observed. Follow the steps below to change the default value of flow_table_new_syn_max_entries.
configure serviceengine flow_table_new_syn_max_entries 900000 save </code></pre>
For more information on the events and the alerts generated on an Avi Load Balancer, see Events List.
