PSOD in an NSX environment using L7 FQDN DFW
book
Article ID: 324173
calendar_today
Updated On:
Products
VMware NSX
Show More
Show Less
Issue/Introduction
Symptoms:
NSX 4.x L7 DFW context firewall is used for FQDN filtering ESXi host crashes with a PSOD A backtrace similar to this example may be observed 2023-01-22T14:23:16.769Z cpu56:68769668)0x453a6e097dc0:[0x4200397beb91]pf_export_tlv_fqdns @com.vmware.vsip#1.0.7.0.20598730+0x2cd stack: 0x0, 0x397bccdb, 0x453a6e0988b6, 0x453a6e097ceb, 0x453a6e097dc0 2023-01-22T14:23:16.769Z cpu56:68769668)0x453a6e097e80:[0x420039816e77]pfioctl @com.vmware.vsip#1.0.7.0.20598730+0x2a54 stack: 0x433c06fa9fd0, 0x0, 0x0, 0x0, 0x0 2023-01-22T14:23:16.769Z cpu56:68769668)0x453a6e098260:[0x42003982a43f]PFGetSavedStateLenTLV @com.vmware.vsip#1.0.7.0.20598730+0x42c stack: 0x324, 0x88, 0x800000078, 0x1d7c00000008, 0x1d7c 2023-01-22T14:23:16.769Z cpu56:68769668)0x453a6e09bc10:[0x42003982a9e3]PFGetSavedStateLen @com.vmware.vsip#1.0.7.0.20598730+0x8c stack: 0x3237373632363935, 0x6d762d306874652d, 0x7766732d65726177, 0x42003700322e, 0x11 2023-01-22T14:23:16.769Z cpu56:68769668)0x453a6e09bca0:[0x42003974145b]VSIPDVFGetSavedStateLen @com.vmware.vsip#1.0.7.0.20598730+0x140 stack: 0x431793a111a0, 0x41ffc3800ba0, 0x453a6e09bd2b, 0x42003800714c, 0x453a64b1f000
Environment
VMware NSX 4.0.0.1
Cause
During a rapid volume of DNS resolutions a condition may occur where an invalid domain uuid is present and when accessed can result in an ESXi PSOD occurring.
Resolution
This is a known issue, currently there is no resolution. Workaround: Disable FQDN based DFW rules.
Feedback
thumb_up
Yes
thumb_down
No