NVA high CPU

Handy, Frederick 80 Reputation points
2024-12-18T17:45:05.5266667+00:00

Often my team receives alerts for high NVA CPU usage. We do not have a good way to identify what exactly floods our system. Is there a way that we can monitor what the source IP may be, filter by IP? We have a service that comes from our Hub, then to our External NVA, then to another service within Azure. I would like to know is there a way to see that overflow of traffic that floods our external NVA?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,172 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,574 questions
{count} votes

Accepted answer
  1. menudale9 75 Reputation points
    2024-12-22T06:18:33.4133333+00:00

    You can monitor and filter traffic by source IP using Azure Network Watcher or Azure Monitor. Set up flow logs for your Network Virtual Appliance (NVA) to capture incoming and outgoing traffic details, including source IP addresses. By analyzing these logs, you can identify which IPs are generating high traffic to your NVA. Additionally, you can set up custom alerts for specific thresholds to proactively manage and filter traffic based on source IP. Azure’s Network Security Group (NSG) flow logs and diagnostic settings would also be useful for identifying the overflow of traffic causing high CPU usage.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 26,936 Reputation points Microsoft Employee
    2024-12-22T05:52:56.7533333+00:00

    @Handy, Frederick

    Thank you for getting back and providing requested details.In this scenario, I think using Virtual Network flow logs will be useful to analyze the traffic based on the source IP.

    • You can have flow logs captured for NIC of the NVA, you can use this article to configure the VNET flow logs and use the target resource as the NIC of the NVA.
    • Then use traffic analytics to view the required data. Traffic analytics examines raw flow logs. It then reduces the log volume by aggregating flows that have a common source IP address, destination IP address, destination port, and protocol.

    Hope this helps! Please let me know if you have any question. Thank you!


    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.