Connection Refusals to Incoming Requests are Observed on Avi Service Engines

Issue & Symptoms

Intermittent connection refusals are observed on Avi Service Engines which correlate to higher traffic volume.

Resolution

The shared memory pool on an Avi SE is divided up into the following two components:

1. Connections– Connections consists of the TCP, HTTP, and SSL connection tables. Memory allocated to connections directly impacts the total concurrent connections a Service Engine can maintain.
2. Buffers– Buffers consists of application layer packet buffers. These buffers are used to queue packets to provide improved network performance.

The connection refusals can be due to the Service Engine running low on packet buffers. When packet buffer usage is greater than the configured value, connection refusals start. This issue can be alleviated by increasing memory allocated per Service Engine. As the available packet buffers decrease, Avi Service Engine conserves the remaining memory by refusing a percentage of the connections. As the available buffers decrease, the percentage of refused connections increase. This is why the issue is amplified with the higher load on the Avi SE.

To change memory allocation per SE, navigate to Infrastructure > Service Engine Group, select the specific cloud, and select the desired SE. Click on the edit icon (the pencil icon) on the right side.

Memory per Service Engine option is available under the Service Engine Capacity and Limit Setting section as shown in the image below:

For more information on memory allocation on an Avi SE, refer to SE Memory Consumption.

Click here to know how to enable per virtual service level admission control SE Memory Consumption.