![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 15%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,018 questions
The user capacity of an Azure virtual machine running an Arista Next Generation Firewall depends on several factors, including CPU utilization and network throughput for both inbound and outbound traffic. To determine the user capacity, you can validate the VM CPU and network statistics, and monitor resources using Azure Monitor Network Insights.
If CPU usage gets close to 100 percent, it may cause issues that affect network packet drops. You can validate the VM CPU usage in the Azure portal and investigate which process on the guest VM is causing the high CPU, and mitigate it, if possible. You may also have to resize the VM to a larger SKU size or increase the instance count or set to auto-scale on CPU usage.
If the VM network use spikes or shows periods of high usage, you may also have to increase the SKU size of the VM to obtain higher throughput capabilities. You can also redeploy the VM by having Accelerated Networking enabled. To verify whether the NVA supports Accelerated Networking feature, contact the NVA vendor for assistance, as needed.
Azure virtual machines have a network bandwidth limit that is metered on egress (outbound) traffic from the virtual machine. All network traffic leaving the virtual machine is counted toward the allocated limit, regardless of destination. Ingress is not metered or limited directly. The expected outbound throughput and the number of network interfaces supported by each VM size are detailed in Azure Windows and Linux VM sizes. The throughput limit applies to the virtual machine, and it is unaffected by the number of network interfaces, Accelerated networking, traffic destination, or protocol.
In addition to bandwidth, the number of network connections present on a VM at any given time can affect its network performance. The Azure networking stack maintains state for each direction of a TCP/UDP connection in data structures called ‘flows’. A typical TCP/UDP connection has two flows created, one for the inbound and another for the outbound direction. Each flow is distinguished by a 5-tuple (protocol, local IP address, remote IP address, local port, and remote port) information.
Each NVA solution has its own tools and resources for monitoring the performance of their NVA. Consult your vendor's documentation to make sure you understand the performance limitations and can detect when your NVA is near or reaching capacity. You can also use Azure Monitor Network Insights to see basic performance information about your Network Virtual Appliances such as CPU Utilization, Network In, Network Out, Inbound Flows, and Outbound Flows.
References:
- TCP/IP performance tuning for Azure VMs: Virtual network factors that can affect performance
- Network virtual appliance issues in Azure: Check NVA Performance
- Virtual machine network bandwidth: Expected network throughput
- Working remotely: Network Virtual Appliance (NVA) considerations for remote work: Monitoring resources
- Virtual machine network bandwidth