PSOD in an NSX environment using L7 FQDN DFW
Article ID: 324173
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
- NSX 4.x
- L7 DFW context firewall is used for FQDN filtering
- ESXi host crashes with a PSOD
- A backtrace similar to this example may be observed
2023-01-22T14:23:16.769Z cpu56:68769668)0x453a6e097dc0:[0x4200397beb91]pf_export_tlv_fqdns@com.vmware.vsip#1.0.7.0.20598730+0x2cd stack: 0x0, 0x397bccdb, 0x453a6e0988b6, 0x453a6e097ceb, 0x453a6e097dc0
2023-01-22T14:23:16.769Z cpu56:68769668)0x453a6e097e80:[0x420039816e77]pfioctl@com.vmware.vsip#1.0.7.0.20598730+0x2a54 stack: 0x433c06fa9fd0, 0x0, 0x0, 0x0, 0x0
2023-01-22T14:23:16.769Z cpu56:68769668)0x453a6e098260:[0x42003982a43f]PFGetSavedStateLenTLV@com.vmware.vsip#1.0.7.0.20598730+0x42c stack: 0x324, 0x88, 0x800000078, 0x1d7c00000008, 0x1d7c
2023-01-22T14:23:16.769Z cpu56:68769668)0x453a6e09bc10:[0x42003982a9e3]PFGetSavedStateLen@com.vmware.vsip#1.0.7.0.20598730+0x8c stack: 0x3237373632363935, 0x6d762d306874652d, 0x7766732d65726177, 0x42003700322e, 0x11
2023-01-22T14:23:16.769Z cpu56:68769668)0x453a6e09bca0:[0x42003974145b]VSIPDVFGetSavedStateLen@com.vmware.vsip#1.0.7.0.20598730+0x140 stack: 0x431793a111a0, 0x41ffc3800ba0, 0x453a6e09bd2b, 0x42003800714c, 0x453a64b1f000
Environment
VMware NSX 4.0.0.1
Cause
During a rapid volume of DNS resolutions a condition may occur where an invalid domain uuid is present and when accessed can result in an ESXi PSOD occurring.
Resolution
This is a known issue, currently there is no resolution.
Workaround:
Disable FQDN based DFW rules.
Workaround:
Disable FQDN based DFW rules.
Feedback
Yes
No
Powered by
