NSX-T Manager: Increasing API requests per second
By default, the NSX-T Manager has a protection mechanism in place to prevent the API from being overloaded. This is a good thing, protecting the NSX-T Manager.
But, the increasing integrations into NSX-T, make it so that more and more products are using the NSX-T API to monitor or configure NSX (vRealize Network Insight, vRealize Operations, vRealize Automation, etc.). I’ve hit this limit several times and needed to push that limit up.
The API Guide states that the default maximum API request number is 100 per second. In the guide, there’s a reference to the API call to change the settings, but there’s also an easier way; via the console.
Configuring the API limits
First, the documentation says that it’s not officially recommended to increase the API limits. Make sure the NSX-T Manager(s) can handle the extra load and that you don’t push them into resource contention. Monitor them after you’ve increased the limit and prepare for a rollback if needed.
With that out of the way, there are three options under the HTTP service that control the API limits:
- client-api-concurrency-limit
- client-api-rate-limit
- global-api-concurrency-limit
See the defaults by running this:
nsx-south> get service httpFri Jan 15 2021 UTC 12:47:02.608Service name: httpService state: runningLogging level: infoSession timeout: 1800Connection timeout: 30Client API rate limit: 100 requests/secClient API concurrency limit: 40 connectionsGlobal API concurrency limit: 199 connectionsRedirect host: (not configured)Basic authentication: enabledCookie-based authentication: enabledAnd, here’s how to set them:
nsx-south> set service http client-api-rate-limit [new-limit]
nsx-south> set service http client-api-concurrency-limit [new-limit]
nsx-south> set service http global-api-concurrency-limit [new-limit]
When setting the [new-limit] to 0, you disable the limit entirely. I won’t recommend that in a production environment, you need to keep some protection in place.