Traffic disruption when NSX-T IDPS inspects SMB traffic flows
search cancel

Traffic disruption when NSX-T IDPS inspects SMB traffic flows


Article ID: 327288


Updated On:


VMware NSX Networking


  • NSX-T Data Center 3.2.0 and
  • IDPS is enabled with rules that inspect SMB traffic
  • Traffic monitored by IDPS rules may be intermittently disrupted by latency or packet drops
  • IDPS core files are generated on ESXi hosts /var/run/log/hostd.log
46385:2022-02-10T02:49:59.947Z: [UserWorldCorrelator] 5054803445447us: [vob.uw.core.dumped] /usr/lib/vmware/nsx-idps/bin/nsx-idps(31502338) /var/core/nsx-idps-zdump.000
46386:2022-02-10T03:00:38.398Z: [UserWorldCorrelator] 5055441840903us: [vob.uw.core.dumped] /usr/lib/vmware/nsx-idps/bin/nsx-idps(31513632) /var/core/nsx-idps-zdump.001
Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.


VMware NSX-T Data Center


This issue is triggered when the IDPS service running on the ESXi host is not releasing the SMB transaction objects promptly, the older transaction objects continue to accumulate thereby increasing the memory consumed by the IDPS process. This leads to the engine crash and restart due to memory depletion.


This issue is resolved in NSX-T Data Center 3.2.1 available at VMware Downloads.

Reconfigure to ensure SMB traffic is not monitored by IDPS rules.
Alternatively put the VMs involved on the DFW exclusions list which will exclude their traffic from IDPS inspection.