Memory is used by distributed firewall internal data structures, and can be configured for CPU, RAM and connections per second.

Each ESXi host is configured with three threshold parameters for DFW resource utilization: CPU, RAM, and connections per second (CPS). An alarm is raised if the respective threshold is crossed 20 consecutive times during a 200-second period. A sample is taken every 10 seconds.

100 percent of CPU corresponds to the total CPU available on the host.

100 percent of RAM corresponds to the memory allocated for distributed firewall ("total max size"), which is dependent on the total amount of RAM installed in the host.

Table 1. Total Max Size

Physical Memory

Total Max Size (MB)

0 - 8GB

160

8GB - 32GB

608

32GB - 64GB

992

64GB - 96GB

1920

96GB - 128GB

2944

128GB

4222

The memory is used by distributed firewall internal data structures, which include filters, rules, containers, connection states, discovered IPs, and drop flows. These parameters can be manipulated using the following API call:

https://NSX-MGR-IP/api/4.0/firewall/stats/eventthresholds

Request body:

<eventThresholds>
  <cpu>
    <percentValue>100</percentValue> 
  </cpu>
  <memory>
    <percentValue>100</percentValue> 
  </memory>
  <connectionsPerSecond>
    <value>100000</value> 
  </connectionsPerSecond>
</eventThresholds>