By default, the NSX-T Manager has a protection mechanism in place to prevent the API from being overloaded. This is a good thing, protecting the NSX-T Manager.
But, the increasing integrations into NSX-T, make it so that more and more products are using the NSX-T API to monitor or configure NSX (vRealize Network Insight, vRealize Operations, vRealize Automation, etc.). I’ve hit this limit several times and needed to push that limit up.
The API Guide states that the default maximum API request number is 100 per second. In the guide, there’s a reference to the API call to change the settings, but there’s also an easier way; via the console.
Configuring the API limits
First, the documentation says that it’s not officially recommended to increase the API limits. Make sure the NSX-T Manager(s) can handle the extra load and that you don’t push them into resource contention. Monitor them after you’ve increased the limit and prepare for a rollback if needed.
With that out of the way, there are three options under the HTTP service that control the API limits:
- client-api-concurrency-limit
- client-api-rate-limit
- global-api-concurrency-limit
See the defaults by running this:
nsx-south> get service http
Fri Jan 15 2021 UTC 12:47:02.608
Service name: http
Service state: running
Logging level: info
Session timeout: 1800
Connection timeout: 30
Client API rate limit: 100 requests/sec
Client API concurrency limit: 40 connections
Global API concurrency limit: 199 connections
Redirect host: (not configured)
Basic authentication: enabled
Cookie-based authentication: enabled
And, here’s how to set them:
nsx-south> set service http client-api-rate-limit [new-limit] nsx-south> set service http client-api-concurrency-limit [new-limit] nsx-south> set service http global-api-concurrency-limit [new-limit]
When setting the [new-limit] to 0, you disable the limit entirely. I won’t recommend that in a production environment, you need to keep some protection in place.
June 6, 2021 at 13:26
I don’t know if this is the correct place to ask but I can’t seem to find an answer anywhere on the web.
I’m trying to do some integration with NSX-T and I want to use the session authentication when using NSX-T’s API. What I was wondering and can’t find the answer to is whether I can set the session’s timeout manually or do I have to rely on what NSX-T sets internally? And if so then what is the default timeout?
Thanks in advance!
June 9, 2021 at 14:27
Hi,
I don’t believe you can set it manually – the only parameters /api/session/create takes, are the username and password. The session timeout is the same as the CSP one; 30 minutes. That should be plenty of time to do your thing.
June 9, 2021 at 14:47
Thank you very much for the answer!