check-circle-line exclamation-circle-line close-line

vRealize Network Insight 5.2 | 14 Apr 2020 | Build 1585846638

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

Here are the key features and capabilities of vRealize Network Insight 5.2:

NSX-T

  • Interoperability* with NSX-T 3.0 release. *For additional information, see the 78492 KB article. 
  • Additional out-of-the-box events for NSX-T Health and Troubleshooting (Day-2 Ops)
  • New out-of-the-box dashboards for Management Node and Transport Nodes (Hosts and Edges)

VMware Cloud on AWS

  • VMware Cloud on AWS Direct Connect Support
    • VMware Cloud on AWS Direct Connect first-class citizen of vRealize Network Insight search
    • Identify flows that pass over VMware Cloud with AWS Direct Connect  
    • VMware Cloud on AWS Direct Connect part of the VM-VM network path for troubleshooting
    • Visibility into the customer deployed Direct Connect colocation router
    • VMware Cloud on AWS Direct Connect dashboard, which includes Properties, Configuration, Connection Status, Flow Metrics, BGP route details
    • Proactive alerting on VMware Cloud on AWS Direct Connect
       
  • Enhanced VMware Cloud on AWS SDDC Dashboard
    • SDDC overview section and SDDC entity flow connectivity widget introduced

VMware SD-WAN by VeloCloud

  • Extending application visibility/troubleshooting by mapping application flows to edge-link and business-policy
  • Extending SDWAN overlay visibility by show throughput and performance metrics of path (overlay) tunnels
  • Extend SDWAN Analytics threshold configuration to upstream/downstream packet loss, jitter, latency, and link-uptime
  • New dashboard for SDWAN business policy includes rules, flows, and in-use/unused policies
  • New dashboard for SDWAN Gateway includes throughput and performance metrics for overlay tunnels associated with that gateway

vRealize Operations Manager Integration

  • vRealize Network Insight alerts in vRealize Operations and Troubleshooting workbench
  • Launch-In-Context from vRealize Operations Manager into vRealize Network Insight
    • SSO (vIDM, LDAP) supported
    • VMs, Hosts, NSX-V, and NSX-T Dashboards

Flow-Based​ Application Discovery

Automatically groups VMs into applications and tiers based on the network traffic between the VMs, using an AI/ML approach.

Note: This feature is available only on vRealize Network Insight Cloud.

Other Enhancements

  • Selectively enable the distributed switch for IPFIX flow collection
  • Manually or automatically accept certificates for data sources
  • New auditor role (read-only role) apart from admin and member roles
  • Added support for NAT rules for Check Point. It can be used in VM-to-VM path visibility in a Check Point NAT deployment
  • New public APIs for creating, editing, deleting, and listing user-defined events
  • Ability to delete saved searches

Product Upgrade

vRealize Network Insight 5.2 supports a direct upgrade from 5.1 and 5.0 versions.

Refer to the Upgrading vRealize Network Insight section for more information on upgrade options.

The upgrade path is available at https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#upgrade&solution=285.

Documentation

For additional information about new features, see the vRealize Network Insight documentation.

VMware Product Compatibility

The VMware Product Interoperability Matrix provides details about the compatibility of vRealize Network Insight with other VMware products.

VMware MIB Files

For MIB information, see Determining the MIB module listing, name, and type of an SNMP OID. You can download the SNMP MIB module file from the 1013445 KB article.

Resolved Issues

  • The CSV report does not show the IPSet and Security Group of the flows.

  • The changes to LDAP or VIDM configuration (newly created or updated) might not reflect on some platform nodes in a cluster deployment, which may result in login failures.

  • If you export the VeloCloud Enterprise dashboard, or any pinboard containing the SD-WAN Deployments widget, you see a blank PDF. However, you can generate the PDF by selecting any widgets of your choice other than the SD-WAN Deployments widget.

  • If a user has created an event notification and then upgraded to vRealize Network Insight 5.1, the user cannot see the event notification or update an existing user-defined event.

  • After upgrading to vRealize Network Insight 5.1, the data sources do not collect data.

  • Though the data source connections are removed from the collector, you could not delete the collector from the UI. You see the following error:
    One or multiple data sources still connected to the collector, please remove them.

  • While adding an NSX-T Manager, sometimes you might not see the collector available capacity as Unknown in the Collector VM dropdown list.

  • While adding Cisco Catalyst data sources, if the host name has en (for example, den-c_6-sw-oob-01), vRealize Network Insight cannot collect data. You see the following errors:
    Data source failed and Something went wrong, please retry or contact support

  • Issues with Arista Switches:

    • vRealize Network Insight does not pull vrf routing table information correctly for a subset of physical network devices and breaks the physical path topology visualizations. 
    • vRealize Network Insight data collection through SSH to Arista switches stops after a failed login attempt and does not retry until the data source is disabled and re-enabled. 
    • vRealize Network Insight DNS data upload only correlates to a subset of data source information. No additional entity information gathered from the data source. Only the switch entities for each data source are mapped to a name, the router entities for the data source are still only available through IP address.
  • Even after deleting Cisco ASA switches, you see the following error: 
    Same Switch or Router is added with different IPs.

  • The path shows Unknown if there is / are Dell Z9100 switches in the path.

  • Though all controllers of a cluster were removed, vRealize Network Insight still shows them. However, controller config data does not show any controller data.

  • Events for DLR networks are not reachable from NSX Edge or external router.

Known Issues

  • [NEW] If the PKS data source password contains special characters like &,(,),|,<,>,`, then vRealize Network Insight does not fetch Kubernetes clusters.

  • [NEW] After you upgrade from vRealize Network Insight 5.1, the NSX-T topology diagram and a few other related pages do not render correctly.

    To fix the issue, apply the vRealize Network Insight 5.2.0-P1 Patch. For more details, see the 78681 KB article.

  • [NEW] If you are using the Firefox browser, then the information in the summary widget might be truncated.

    To fix the issue, apply the vRealize Network Insight 5.2.0-P1 Patch. For more details, see the 78681 KB article.

  • [NEW] In certain SD-WAN scenarios, the VM-to-VM path times out.

    To fix the issue, apply the vRealize Network Insight 5.2.0-P1 Patch. For more details, see the 78681 KB article.

  • [NEW] After you upgrade vRealize Network Insight, if you run a query for the metric data for a time range in which the upgrade happened, then the aggregated indicative value might not appear for all metric points in the series.

  • [NEW] With the release of vSphere 7.0 and NSX-T 3.0, some vRealize Network Insight features to stop work in the 5.1 and 5.2 versions due to WCP (Workload Control Plane) and C-VDS. For more information, see the 78492 KB article.

  • During the license calculation, vRealize Network Insight incorrectly considers the vSAN Witness Appliances and HCX Mobility Agent as hosts.

  • The NSX-V prepared ESX hosts might observe the Purple Screen of Death (PSOD) in certain conditions. So, the Virtual Infrastructure Latency collection is disabled for NSX-V data source in vRealize Network Insight 5.1.0. For more information, see the 75224 KB article.

    Note:  There is no impact on NSX-T versions.

  • The HostPrep FeatureUnhealthy event is not closed even when the feature status is Green.

  • Validation fails for AWS access key users having restricted access to the regions.

  • vRealize Network Insight not processing flows correctly after moving from NSX-V to NSX-T.

    When you search for flows between two VMs, you do not see any results. However, you see the flow results when you search between the VM's IP addresses.

  • If the AWS VPC logs are published at a delay of 20 minutes at source, the AWS flow data might not show on the Threshold dashboard.

  • If the flow-based threshold configured application has overlapping members (IP endpoints, VMs, or Kubernetes entities) across tiers of different applications, then tiers from other applications appear on the dashboard of that threshold configuration. 

  • The violation region might not be seen on the Threshold Dashboard when the region is outside the preview scale window.

  • When the application has Kubernetes entities, the thresholds with scope as flows do not show flow data when you use Source Application or Destination Application filters. 

    Select scope as flows and use the following query:

    Scope Query 

    Aggregation Type 

    flow type = 'Internet' and generic source application = 'abc’ 

    source Tier 

    flow type = 'Internet' and generic destination application = 'abc’ 

    destination tier 

    generic source application = 'abc’ 

    source Tier 

    generic destination application = ‘abc’ 

    destination tier 

    application = ‘abc’ 

    source/destination Tier 

  • vRealize Network Insight supports the addition of following switches in the hmac-sha1-96, hmac-sha1, hmac-md5-96, hmac-md5 SSH authentication modes only.

    • Nexus 5k
    • Dell Z9100, Dell OS10 and Dell Force10 S6k
    • Cisco ASA and Cisco ASR/ISR
    • Catalyst 4500
    • Arista
    • Huawei
    • Brocade MLX series
  • If you have upgraded the collector from 4.2, the VMware SD-WAN flow processing does not trigger automatically.

    Add a vCenter on the same collector before you send the VMware SD-WAN flows.

    Note: You can remove the vCenter later.

  • The facet filter does not work in non-English language.

  • Though you delete the application, you see the protection status of the application on the map view.

  • When you attempt to export a pinboard in which the pinboard name contains a Non-ASCII character, vRealize Network Insight shows the incorrect filename on the Export to PDF window.

  • When you add a filter in the query result, the count shown in the filter is approximate.

  • When you set the home page from My Preferences, it requires a page refresh to reflect that information in UI.

  • When you attempt to add a Cisco ASA data source, you see a message to contact support with the following error: 

    Message missing required fields: vendorId
  • When you create a logical subnet or logical router, a new edge VM is dynamically created to serve this request. The events for this kind of VM are shown.

  • The Plan Security page for the last two days takes around 3 minutes to load. A higher response time is seen while running the queries for about 24 hours after migration of a data source between collectors. This is because the same flows are reported, opened, and closed from two different collectors within a span of 24 hours. It leads to multiple versions created for the same flows.

  • The firewall rule section of the PCI Compliance dashboard can show incorrect rules if the selected scope is a nested security group in NSX or an application when multiple NSX Managers are added as a data source.

  • Some events such as Host network control plane mismatch are not raised if the data center is not at the top level and is located inside a folder in vCenter.

  • There is a known issue in the list view for the events search where sometimes facet counts are incorrect upon selection and no events are shown.

  • The plan topology widget has options to select all flows, all protected flows, and so on. The flows that are solely captured from VDS and not from NSX IPFIX only show up when the all flows option is selected because their protection status is classified as unknown not as protected or unprotected.

  • The Export to PDF feature for entity dashboards have the following known issues:

    • The changes that you make in the NetFlow flow diagram dashboard are not visible in the PDF.
    • The metric properties are not exported in the PDF. 
  • An unwanted default rule is applied to certain NSX IPFIX flows because sometimes, NSX IPFIX reports a reverse packet in which client and server are flipped and the firewall rule is applied as per the flipped source and destination IP.

  • The auto-refresh counter restarts and keeps showing incorrect data even though auto-refresh is paused.

  • In the absence of a firewall rule on a VM, the default connectivity strategy applies to a VM in VMware Cloud on AWS.
    In such cases, the firewall icon is not present in the VM-VM path on the VMware Cloud on AWS side as we do not get enough information about the realization of the default rule from the VMware Cloud on AWS SDDC.