diff --git a/npm/namespace.go b/npm/namespace.go
index a4ecac97a7..95bb18bbf6 100644
--- a/npm/namespace.go
+++ b/npm/namespace.go
@@ -3,6 +3,8 @@
 package npm
 
 import (
+	"reflect"
+
 	"github.com/Azure/azure-container-networking/log"
 	"github.com/Azure/azure-container-networking/npm/ipsm"
 	"github.com/Azure/azure-container-networking/npm/iptm"
@@ -42,6 +44,15 @@ func isSystemNs(nsObj *corev1.Namespace) bool {
 	return nsObj.ObjectMeta.Name == util.KubeSystemFlag
 }
 
+func isInvalidNamespaceUpdate(oldNsObj, newNsObj *corev1.Namespace) (isInvalidUpdate bool) {
+	isInvalidUpdate = oldNsObj.ObjectMeta.Name == newNsObj.ObjectMeta.Name &&
+		newNsObj.ObjectMeta.DeletionTimestamp == nil &&
+		newNsObj.ObjectMeta.DeletionGracePeriodSeconds == nil
+	isInvalidUpdate = isInvalidUpdate && reflect.DeepEqual(oldNsObj.ObjectMeta.Labels, newNsObj.ObjectMeta.Labels)
+
+	return
+}
+
 func (ns *namespace) policyExists(npObj *networkingv1.NetworkPolicy) bool {
 	if np, exists := ns.rawNpMap[npObj.ObjectMeta.Name]; exists {
 		if isSamePolicy(np, npObj) {
@@ -134,8 +145,11 @@ func (npMgr *NetworkPolicyManager) AddNamespace(nsObj *corev1.Namespace) error {
 
 // UpdateNamespace handles updating namespace in ipset.
 func (npMgr *NetworkPolicyManager) UpdateNamespace(oldNsObj *corev1.Namespace, newNsObj *corev1.Namespace) error {
-	var err error
+	if isInvalidNamespaceUpdate(oldNsObj, newNsObj) {
+		return nil
+	}
 
+	var err error
 	oldNsNs, oldNsLabel := "ns-"+oldNsObj.ObjectMeta.Name, oldNsObj.ObjectMeta.Labels
 	newNsNs, newNsLabel := "ns-"+newNsObj.ObjectMeta.Name, newNsObj.ObjectMeta.Labels
 	log.Printf(
diff --git a/npm/pod.go b/npm/pod.go
index deb63df5d4..5e38d9d267 100644
--- a/npm/pod.go
+++ b/npm/pod.go
@@ -4,6 +4,7 @@ package npm
 
 import (
 	"fmt"
+	"reflect"
 
 	"github.com/Azure/azure-container-networking/log"
 	"github.com/Azure/azure-container-networking/npm/util"
@@ -20,6 +21,18 @@ func isSystemPod(podObj *corev1.Pod) bool {
 	return podObj.ObjectMeta.Namespace == util.KubeSystemFlag
 }
 
+func isInvalidPodUpdate(oldPodObj, newPodObj *corev1.Pod) (isInvalidUpdate bool) {
+	isInvalidUpdate = oldPodObj.ObjectMeta.Namespace == newPodObj.ObjectMeta.Namespace &&
+		oldPodObj.ObjectMeta.Name == newPodObj.ObjectMeta.Name &&
+		oldPodObj.Status.Phase == newPodObj.Status.Phase &&
+		oldPodObj.Status.PodIP == newPodObj.Status.PodIP &&
+		newPodObj.ObjectMeta.DeletionTimestamp == nil &&
+		newPodObj.ObjectMeta.DeletionGracePeriodSeconds == nil
+	isInvalidUpdate = isInvalidUpdate && reflect.DeepEqual(oldPodObj.ObjectMeta.Labels, newPodObj.ObjectMeta.Labels)
+
+	return
+}
+
 // AddPod handles adding pod ip to its label's ipset.
 func (npMgr *NetworkPolicyManager) AddPod(podObj *corev1.Pod) error {
 	if !isValidPod(podObj) {
@@ -92,6 +105,10 @@ func (npMgr *NetworkPolicyManager) UpdatePod(oldPodObj, newPodObj *corev1.Pod) e
 		return nil
 	}
 
+	if isInvalidPodUpdate(oldPodObj, newPodObj) {
+		return nil
+	}
+
 	var (
 		err            error
 		oldPodObjNs    = oldPodObj.ObjectMeta.Namespace