What is the maximum recommended traffic volume a Foglight Experience Monitor (FxM) appliance can monitor without becoming overloaded? What to do if too much traffic is being monitored?
Important: A high packet capture rate is not the sole variable that can cause appliance overload. Refer to SOL39381.
For version 5.2.x and lower, the amount of network traffic that the total appliance (not just per port) is monitoring should be less than 6,000,000 'Packets Captured' per 5-minute interval. 'Packets Captured' is a System Health metric.
Our packet sizes are in bytes. Typically, we see average packet sizes are around 1000 bytes.
So, for example, if your peak traffic was 30 million bits per second, that would be:
30 million bits per second / 8000 bit average packet size = 3750 packets per second.
This is well within limits.
If it is necessary to reduce the amount of network traffic that the appliance is monitoring, do one or more of the following:
1. In the web console UI, reduce the number of Ports, Servers, and/or Sites configured to be monitored.
2. Add another physical appliance to split the load
Note 1: If you are monitoring SSL traffic and doing decryption on it, that slows the agent down. Everything being equal, the appliance can only monitor about one half as much traffic without becoming overloaded.
Note 2: On version 5.3 and higher, due to major architectural improvements, the appliance can monitor about twice as much traffic without becoming overloaded. Refer to SOL39418 for the reasons why this is so.
Note 3: The appliance will only do minimal analysis on each packet to determine if it needs to keep it and do deep analysis. So, exceeding the recommended limit will not impact the database since these packets are discarded and do not result in new entries in the database (e.g. no new URLs would get added). However, doing the minimal analysis on each of these high number of packets can impact our packet capture. So if there are too many packets coming in, then the appliance potentially could drop some packets that it does want to do deep analysis on.
The bottleneck has to do with the agent program that processes the packets, not with the packet capture. So doing anything to increase NIC processing capability would not help. Packet Drop Rate will increase as the agent slows down and cannot read the packets off the NICs fast enough.