VMware NSX-T is designed to address the emerging application frameworks and architectures that have heterogeneous endpoints and technology stacks. In addition to vSphere, these environments may also include other hypervisors, containers, bare metal, and public clouds. Network Insight supports NSX-T deployments where the VMs are managed by vCenter.

Considerations

  • NSX-T 2.0, 2.2, and 2.3 versions are supported.

  • Network Insight supports only the NSX-T setups in which vCenter manages the ESXi hosts. Ensure that vCenter is added as Compute Manager in NSX-T.

    Note:

    Compute Managers should be added as data sources in Network Insight before adding NSX-T as a data source.

  • Network Insight supports NSGroups, NSX-T Firewall Rules, IPSets, NSX-T Logical Ports, NSX-T Logical Switches, and NSX-T distributed firewall IPFIX flows.

  • Network Insight supports both NSX-V and NSX-T deployments. When you use NSX in your queries, the results include both NSX-V and NSX-T entities. NSX Manager lists both NSX-V and NSX-T Managers. NSX Security Groups list both NSX-T and NSX-V security groups. If NSX-V or NSX-T is used instead of NSX, then only those entities are displayed. The same logic applies to the entities such as firewall rules, IPSets, and logical switches.

To Add an NSX-T Manager as a Data Source

Here are the prerequisites for adding an NSX-T Manager as a data source:

  • Before adding NSX - T, add at least one vCenter which is associated with NSX - T to Network Insight.

  • It is recommended that you add all the vCenters associated with NSX-T as data sources in Network Insight.

  • Ensure that there are no logical switches in the exclusion list in the Distributed Firewall (DFW). If there are any logical switches in this list, then the flows are not reported for any VMs attached to these logical switches.

To add an NSX-T Manager:

  1. On the Accounts and Data Source page under Settings, click Add Source.

  2. Under VMware Manager in the Select an Account or Data Type page, select VMware NSX-T Manager.

  3. Provide the user credentials. The user should be a local user with the audit level permissions.

  4. Select Enable IPFIX to update the IPFIX settings on NSX-T. By selecting this option, vRealize Network Insight receives DFW IPFIX flows from NSX-T. For more information on enabling IPFIX, see Enabling VMware NSX-T DFW IPFIX.

    Note:

    DFW IPFIX is not supported in the Standard Edition of NSX-T.

Examples for Queries

Here are some examples for queries related to NSX-T:

Table 1.

Queries

Search Results

NSX-T Manager where VC Manager=10.197.53.214

NSX-T Manager where this particular VC Manager has been added as the compute manager.

NSX-T Logical Switch

Lists all the NSX-T Logical switches present in the instance of Network Insight including the details on whether it is a system-created or a user-created switch.

NSX-T Logical Ports where NSX-T Logical Switch = 'DB-Switch'

Lists the NSX-T logical ports belonging to that particular NSX-T logical switch, DB-Switch.

VMs where NSX-T Security Group = 'Application-Group'

Or

VMs where NSGroup = ‘Application-Group’

Lists all the VMs in that particular security group, Application-Group.

NSX-T Firewall Rule where Action='ALLOW'

Lists all the NSX-T Firewall Rules which have their action set as ALLOW.

NSX-T Firewall Rule where Destination Security Group = ‘CRM-Group’

Lists the firewall rules where the CRM-Group is the Destination Security Group. The results include both Direct Destination Security Groups and Indirect Destination Security Groups.

NSX-T Firewall Rule where Direct Destination Security Group = ‘CRM-Group’

Lists the firewall rules where the CRM-Group is the Destination Security Group. The results include only the Direct Destination Security Groups.

VMs where NSX-T Logical Port = ‘App_Port-Id-1’

Lists all the VMs which have that particular NSX-T Logical Port.

NSX-T Transport Zone

Lists the VLAN and the overlay transport zone and the respective details associated with it including the type of the transport node.

Note:

vRealize Network Insight does not support KVM as a data source.

NSX-T Router

Lists the TIER 1 and TIER 0 routers. Click the router shown in the results to view more details associated with it including the NSX-T Edge Cluster and the HA mode.

Support for NSX-T Metrics

The following table displays the Network Insight entities that support the NSX-T metrics currently and the widgets that display these metrics on the corresponding entity dashboards.

Table 2.

Entities

Widgets on the Entity Dashboard

Supported NSX-T Metrics

Logical Switch

Logical Switch Packet Metrics

Logical Switch Byte Metrics

Multicast and Broadcast Rx

Multicast and Broadcast Tx

Unicast Rx

Unicast Tx

Dropped Rx

Dropped Tx

Rx Packets (Total)

Tx Packets (Total)

Logical Port

Logical Port Packet Metrics

Logical Port Byte Metrics

Multicast and Broadcast Rx

Multicast and Broadcast Tx

Unicast Rx

Unicast Tx

Rx Packets (Total)

Tx Packets (Total)

Router Interface

Router Interface Metrics

Rx Packets

Tx Packets

Dropped Rx Packets

Dropped Tx Packets

Rx Bytes

Tx Bytes

Firewall Rule

Firewall Rule Metrics

Hit Count

Flow Bytes

Flow Packets

Here are some sample queries for NSX-T Metrics:

  • nsx-t logical switch where Rx Packet Drops > 0

    This query lists all the logical switches where the count of the dropped received packets is greater than 0.

  • nsx-t logical port where Tx Packet Drops > 0

    This query lists all the logical ports where the count of the dropped transmitted packets is greater than 0.

  • top 10 nsx-t firewall rules order by Connection count

    This query lists the top 10 firewall rules based on the connection count(Hit Count).