Excessive logging by pfp_insert_ruleid in vmkernel when a DFW rule including multiple services with the same port and protocol is configured
search cancel

Excessive logging by pfp_insert_ruleid in vmkernel when a DFW rule including multiple services with the same port and protocol is configured

book

Article ID: 325090

calendar_today

Updated On:

Products

VMware NSX Networking

Issue/Introduction

Symptoms:
  • The vmkernel.log file on the ESXi host shows the following log entry:
2018-09-11T19:20:36.453Z cpu2:2157823)pfp_insert_ruleid: Error Inserting rule Curr 1019, new 1019
2018-09-11T19:20:36.453Z cpu2:2157823)pfp_insert_ruleid: Error Inserting rule Curr 1019, new 1019
  • The above log message may be logged constantly in the vmkernel.log file which leads to decreased log retention
  • The Distributed Firewall (DFW) rule configuration on the ESXi host shows the same port and protocol is duplicated within the rule (notice in the example below, TCP port 443 appears twice in rule 1019):
vsipioctl getrules -f <filter> | grep 1019
  rule 1019 at 1 inout protocol tcp from any to any port 443 accept;
  rule 1019 at 2 inout protocol tcp from any to any port 443 accept;


Environment

VMware NSX for vSphere 6.4.x

Cause

The issue occurs because the DFW rule configured in NSX Manager contains multiple services that reference the same port and protocol.  The message is logged when DFW detects the duplicate rule configuration.

The issue can occur when using Application Rule Manager feature when there are multiple services defined in NSX Manager for the same port and protocol.

Resolution

This issue is resolved in VMware NSX for vSphere 6.4.5, available at VMware Downloads.

Powered by Wolken Software