| VMware NSX Intelligence 3.2.1 | 17 MAY 2022 | Build 19800104 Check for additions and updates to these release notes. |
What's New
NSX Intelligence 3.2.1 is a maintenance release that fixes issues documented in the Resolved Issues section below. New known issues identified since the NSX Intelligence 3.2.0 release have been added to the Known Issues section below.
This release also provides the following new enhancements. See VMware NSX Intelligence 3.2.0 Release Notes for the list of features introduced in NSX Intelligence 3.2.0 release.
-
Support for excluding certain traffic flows during recommendation analysis
You can now exclude certain traffic flows during the DFW rule recommendation analysis. By default, the Broadcast flows and Multicast flows are selected in the new Exclude Flows text box in the Start New Recommendation dialog box. These flow types are not relevant for application category rules. Excluding broadcast flows, multicast flows, or both flow types can help optimize the DFW rule recommendation analysis. If you remove the default values, all traffic flow types are included during the recommendation analysis.
-
Updated scale optimization limit and flow guardrails
The scale optimization limit and flow guardrails have been updated and are enforced at the time of starting a new DFW rule recommendation analysis. If the number of flows to be processed is calculated to potentially exceed the total flow limit allowed per analytics node, the recommendation analysis does not start and the system displays an exception message. The current limit per analytics node is 7 million flows.
System Requirements
For system requirements information, see Activating and Upgrading VMware NSX Intelligence. For information about ports and protocols required for NSX Intelligence, see the VMware Ports and Protocols information for VMware NSX Application Platform, which hosts the NSX Intelligence application.
Compatibility Notes
-
For NSX Intelligence and NSX-T Data Center interoperability information, see VMware Product Interoperability Matrices.
-
NSX Intelligence is interoperable with NSX Federation deployments but does not directly support NSX Global Managers. To use the NSX Intelligence user interface, you must access the Local Manager instead of the Global Manager. For deployments with NSX Federation, if an NSX Intelligence instance is deployed with the Local Manager on a specific site, you will see groups and flows from the Global Manager. However, the visualization will not reflect specifics from other sites. NSX Intelligence recommendations will also not function across various sites because NSX Intelligence does not integrate with the Global Manager of NSX Data Center.
API and CLI Resources
See the NSX Intelligence & NSX Application Platform API Reference page for the available for NSX Intelligence REST API resources.
Available Languages
NSX Intelligence has been localized into multiple languages: English, German, French, Japanese, Simplified Chinese, Korean, Traditional Chinese, and Spanish. Because NSX Intelligence localization utilizes the browser language settings, ensure that your settings match the desired language.
Document Revision History
| Revision Date |
Edition |
Changes |
|---|---|---|
| May 17, 2022 |
1 |
Initial edition. |
| October 03, 2022 |
2 |
|
| October 5, 2022 |
3 |
Added known issue 3008628. |
| November 8, 2022 |
4 |
Added known issue 3021103. |
| February 17, 2023 |
5 |
In the Compatibility Notes section, added support information about NSX Federation deployments. |
| February 23, 2023 |
6 |
Added known issue 3095623. |
| April 14, 2023 |
7 |
Updated the workaround info for known issue 3095623 and also associated issue 3164022 to that known issue. |
| July 11, 2023 |
8 |
|
| August 15, 2023 |
9 |
Updated the link to the VMware Ports and Protocols page. |
Resolved Issues
-
Fixed Issue 2908149: After upgrading NSX Intelligence from version 1.2.x to version 3.2.0 or 3.2.0.1, the Redis
/datadirectory gets filled up, the roll-up does not work, and NSX Intelligence does not function as expected.The NSX Intelligence visualization does not display any visualization for the Now time period after upgrading NSX Intelligence 1.2.x to version 3.2.0 or 3.2.0.1. When this issue occurs, the output of the following command indicates that the
/datadirectory for each of the Redis pods is at 100% utilization.kubectl exec -it -n nsxi-platform <redis-pod-name> –df -kh /datawhere
<redis-pod-name>can be redis-master-0, redis-slave-0, or redis-slave-1. -
Fixed Issue 2889740: A lag in processed traffic flows can occur after migrating to NSX Intelligence 3.2.0 and the UI does not display information about recent traffic flows.
After migrating an NSX Intelligence 1.2.x set up to NSX Intelligence 3.2.0, traffic flows stop being correlated by the processing pipeline. When this occurs the UI does not reflect the recent traffic flows. Historical flows are still visible in the UI.
-
Fixed Issue 2885869: Druid tasks are left in pending state after upgrading from NSX Intelligence 1.2.x to NSX Intelligence 3.2.0.
After you upgrade from NSX Intelligence 1.2.x to NSX Intelligence 3.2.0, some Druid tasks are in pending state. When in the Groups view or Computes view, you will not see any service details in the Flow Details dialog for the Allowed and Blocked flows.
-
Fixed Issue 2879667: Traffic flows are not streamed through the PubSub channel after NSX Intelligence is migrated to version 3.2.0.
After migrating from NSX Intelligence 1.2.x to NSX Intelligence 3.2.0, the entries in the PubSub subscription table are not updated to point to the correct Kafka broker endpoint. Hence, there are no traffic flows being received from the subscription.
-
Fixed Issue 2879564: Any custom NSX Intelligence configuration values that were set prior to NSX Intelligence 3.2.0 are overridden with the default values post migration.
If you made customizations to the host configuration in previous NSX Intelligence releases, those customizations are canceled after migrating to NSX Intelligence 3.2.0.
Known Issues
-
Issue 3034560: Kafka logs filled up the ephemeral storage causing the Kafka pods to be restarted.
The
/opt/kafka/logdirectory became full causing the Kafka pod to be restarted with the message:Pod ephemeral local storage usage exceeds the total limit of containers 1Gi. While the Kafka restarts, the system is unable to perform any activities, such as monitoring the network traffic or generating a new recommendation.Workaround: See VMware knowledge base article 91737.
-
Issues 3095623 and 3164022: After force deleting transport nodes (TNs) that were created using Policy style API, NSX Intelligence traffic flows are not visible for any newly added TNs.
When you use the Policy framework to configure the TNs and the policy paths contain a custom resource name, if any of those TNs are force deleted, data collection is not enabled on any newly added TNs. The old TNs will continue to send data. The NSX Data Collection group goes into an inconsistent state because the policy paths of the force deleted TNs did not get cleared.
Workaround: Use the following steps to clean up the Data Collection group so that it contains the valid policy path.
-
Fetch the NSX Application Platform (NAPP) registration results using the following API request.
GET https://<NSX-manager-IP>/policy/api/v1/infra/sites/napp/registration -
Set the the NSX Intelligence enablement to
falseusing the following API request and thecluster_idinfo from theregistrationAPI request results. Make sure to have"is_intelligence_enabled": false"in thePATCHAPI request payload.PATCH https://<NSX-manager-IP>/policy/api/v1/infra/sites/napp/registration/<cluster_id> { "cluster_id" : "<cluster_id>", "is_intelligence_enabled" : false } -
Set the NSX Intelligence enablement back to
trueusing the same API. Make sure to have"is_intelligence_enabled": true"in thePATCHAPI request payload.PATCH https://<NSX-manager-IP>/policy/api/v1/infra/sites/napp/registration/<cluster_id> { "cluster_id" : "<cluster_id>", "is_intelligence_enabled" : true }
-
-
Issue 3021103: When using NSX Intelligence 3.2.1 with NSX 3.2.2 and the multi-NSX feature is activated, you can see both the prepared and unprepared clusters displayed in the Data Collection tab of the System Settings > NSX Intelligence user interface. Activating or deactivating data collection on the unprepared cluster is nonfunctional.
Although it appears that you can activate and deactivate data collection on the unprepared clusters, the action is actually nonfunctional. You can only edit the data collection mode on prepared clusters.
Workaround: Upgrade to NSX Intelligence 4.0.1 and the unprepared clusters are listed with the data collection activation toggle greyed out .
-
Issue 3008628: In network environments that use mixed IPv4 and IPv6, some of the network traffic analytics (NTA) detection capabilities in the NSX Suspicious Traffic feature are degraded.
In network environments that have traffic from VMs that use IPv4 and IPv6, some pods used by the NSX Suspicious Traffic feature in NSX Intelligence might fail silently and stop processing the network traffic altogether. Some anomaly detection capabilities are lost and it is possible that some anomalous activity in the network might go undetected. As a result of the missing detections, some NSX Network Detection and Response campaigns might not get created.
The following detectors are affected: Data Upload/Download, Destination IP Profiler, DNS Tunneling, Domain Generation Algorithm (DGA), Netflow Beaconing, Port Profiler, Server Port Profiler, and Unusual Network Traffic Pattern.
Workaround: None. Note that you can still activate the NSX Suspicious Traffic feature in NSX Intelligence. The following detectors are not affected by this issue and remain fully functional: Horizontal Port Scan, LLMNR/NBT-NS Poisoning and Relay, Network Traffic Drop, Remote Services, Uncommonly Used Port, and Vertical Port Scan.
-
Issue 2599301: Some active sessions are not visible on the NSX Intelligence user interface for the Last 1 Hour view and are not picked up by the Recommendations module for recommending policies.
There are active traffic flows running on compute hosts, but these traffic flows are not visible in the Last 1 Hour view on the NSX Intelligence user interface. Starting a recommendation analysis for the involved compute hosts does not generate any recommendations for those traffic flows even though those traffic flows are unsegmented.
Workaround: Synchronize the timestamps across all the compute hosts that are exporting the network traffic flows.
-
Issue 2389691: Publish recommendation job fails with error "request payload size exceeds the permitted limit, max 2,000 objects are allowed per request."
If you try to publish a single recommendation job that contains more than 2,000 objects, it will fail with error "request payload size exceeds the permitted limit, max 2,000 objects are allowed per request."
Workaround: Reduce the number of objects to fewer than 2,000 in the recommendation job and retry the publication.
-
Issue 2839668: Old traffic flow data and configuration data from the previous NSX Intelligence deployment are still displayed after NSX Intelligence is reactivated.
If NSX Intelligence is deactivated, but the NSX Application Platform remains deployed, the old traffic flow data and configuration data from the previous NSX Intelligence deployment continue to be displayed after NSX Intelligence is reactivated. There is no easy way to clean up the old data and keep them from being displayed.
Workaround: Contact the VMware Support team for assistance with cleaning up the old data.
