check-circle-line exclamation-circle-line close-line

vRealize Network Insight 5.3 | 14 Jul 2020 | Build 1593829198

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

Here are the key features and capabilities of vRealize Network Insight 5.3:

Assurance and Verification

  • Network Map: Displays topology of the physical and virtual network
    • Displays a summary of device and network health
    • Groups devices into regions for a simpler visualization
    • Supports VMware NSX-T and leading networking vendors like Cisco, Arista, Palo Alto Networks
  • Path Troubleshooting: Displays network paths from source to destination on the network map
    • Enables search using wildcards to display multiple paths
    • Identifies allowed and blocked paths due to configuration issues on the switches or firewalls
  • Intents: Supports out-of-the-box and user-defined network intents
    • Verifies if the devices and network intents meet the configurations of the overlay and underlay networks
    • Supports the devices and network intents
    • Validates password by using STIG Compliance intents

VMware NSX-T Day2 Ops Troubleshooting

  • Introduces a set of new events for hosts and network utilization
  • Supports new flow retransmit count metrics
  • Displays Infrastructure latency metrics vNIC to vNIC, vNIC to pNIC, pNIC to vNIC, VTEP to VTEP

3rd Party Devices Monitoring

  • Supports HPE Switches
  • Supports Mellanox Switches
  • Enables event analysis and correlation for Arista Switches

VMware SD-WAN by VeloCloud Monitoring and Troubleshooting 

  • Displays gateway clustering on the Edge Topology dashboard
  • Supports end to end path (IP or VM) using real-time flows and configuration
  • Provides enhanced flow analysis on Edge Dashboard using Sankey charts.
  • Provides enhanced overlay tunnel metrics (tunnel QOE)
  • Enables Dead link visibility across the deployment

VMware Cloud on AWS

  • Direct Connect Dashboard enhancements
    • Displays failed advertised subnet alerts, flow widget, advanced flow metrics
    • Renamed Direct Connect events. For example, BGP status down renamed to Direct Connect: BGP Status Down
    • Displays VIF count, top flows by rule, NSX Manager, and vCenter default events
  • Get count of TCP Flow RTT and TCP Retransmit for VMC SDDC
  • Enable deployment of the vRealize Network Insight Cloud collector on VMC using PowerShell script

Others

  • Rebranded VMware PKS Enterprise to Tanzu Kubernetes Grid Integrated Edition
  • Quicker page loading due to UI Performance Improvements
  • Improvements in the search suggestions, which include saved searches and recent searches that match the typed text in the global search bar 
  • Support added for Cisco Nexus switches with NXOS 9.2.2, Cisco ACI 4.2.3, Checkpoint Firewall R80.30, Juniper JunOS with v17, and Palo Alto Networks Panorama 9.1
  • vRealize Suite Lifecycle Manager 8.1 Product Support Pack 3 supports the installation of vRealize Network Insight 5.3. See VMware vRealize Suite Lifecycle Manager 8.1 Release Notes. For information about install and upgrade Network Insight by using vRealize Suite Lifecycle Manager, see the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide.

Product Upgrade

The supported upgrade path is available at https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#upgrade&solution=285.

Refer to the Upgrading vRealize Network Insight section for more information on the upgrade procedure.

Documentation

For additional information about new features, see the vRealize Network Insight documentation.

VMware Product Compatibility

The VMware Product Interoperability Matrix provides details about the compatibility of vRealize Network Insight with other VMware products.

VMware MIB Files

For MIB information, see Determining the MIB module listing, name, and type of an SNMP OID. You can download the SNMP MIB module file from the 1013445 KB article.

Resolved Issues

  • vRealize Network Insight not processing flows correctly after moving from NSX-V to NSX-T.

    When you search for flows between two VMs, you do not see any results. However, you see the flow results when you search between the VM's IP addresses.

  • In certain SD-WAN scenarios, the VM-to-VM path times out.

  • If you are using the Firefox browser, then the information in the summary widget might be truncated.

  • After you upgrade from vRealize Network Insight 5.1, the NSX-T topology diagram and a few other related pages do not render correctly.

  • If the PKS data source password contains special characters like &,(,),|,<,>,`, then vRealize Network Insight does not fetch Kubernetes clusters.

  • The Security Group Topology is not visible on the AWS VPC dashboard.

  • When you attempt to view traffic that passes through the Arista hardware gateway, you get an Unable to determine path error message.

  • The NSX-V CPU usage is too high due to the high API call rate from vRealize Network Insight.

  • You see the Something went wrong. Please contact support error message for Nexus device on the datasource page.

  • After adding Kubernetes as a datasource, you do not see the flows on the UI.

  • Ciphers [ aes128-ctr aes192-ctr aes256-ctr ] and macs [ hmac-sha2-256 hmac-sha2-512 ] of SHA-2 are not supported from Juniper.

Known Issues

  • [NEW] If you are using the Firefox browser, you might experience some issues while accessing the tooltips on a few features like Network Map, Microsegmentation.

    Use Google Chrome, instead of Firefox browser.

  • [NEW] Auto-complete for Entity and Path Search may include items that are currently not supported by Network Map.

  • [NEW] After upgrading to version 5.3.0, the Overview and Updates page might show the following error messages against Platform Capacity:

    • System usage has breached the capacity.
    • Capacity configuration is mismatched.

    The Platform role feature introduced in the 5.3 version requires the correct configuration in the setup. Use the Info icon to view the resolution.

    • Add more resources to increase capacity.
    • Reconfigure using the option provided on the UI.
  • [NEW] Port-channel members in passive mode in the network will not be visible to the users in the passive members field of the port-channel interface. Additionally, the Port Channel Member Mismatch intent will not produce accurate results in this scenario.

  • [NEW] HSRP STP Colocation Intent does not produce the expected result due to a known internal processing issue.

  • [NEW] vRealize Network Insight does not trigger events for the Port Mode Mismatch Intent due to a known internal processing issue.

  • [NEW] The VM-to-VM path does not display VRF information of all existing routes and route interfaces. 

  • [NEW] In the Network Map, path search referring to an older network state may fail on large networks.

  • [NEW] When you set an inferred IP as the destination segment for the Reachability intent, and the path results that are not able to reach the destination exists, the Reachability intent does not generate an event.

  • [NEW] Events on NSX-T Manager nodes that are connected to vSphere Standard Switches are included in the Summary panel, but not on the Events tab in the Network Map page.

  • [NEW] Events are disabled or broken when there are errors such as the system exceeding the physical device limit.

  • [NEW] vRealize Network Insight does not display the LLDP neighbor information of Cisco Catalyst 6500 on the Switch Port Peers widget of the Switch Dashboard.

  • [NEW] If you add a vRealize Network Insight license immediately after the OVA deployment, the UI stops responding on the Platform Reconfiguration window.

  • [NEW] You cannot see the unprotected flows for the Kubernetes service in the Micro-Segmentation Planning page.

  • [NEW] vRealize Network Insight does not display the serial number of HPE switches.

  • [NEW] With the release of vSphere 7.0 and NSX-T 3.0, some vRealize Network Insight features stop to work in 5.1, 5.2, and 5.3 versions due to WCP (Workload Control Plane) and C-VDS. For more information, see the 78492 KB article.

  • [NEW] In a multi-collector setup, after the certificate change for a data source, vRealize Network Insight generates duplicate ’Identity Information for Data Source changed’ events.

  • [NEW] You see the Unable to retrieve manifest or certificate file error while deploying vRealize Network Insight OVA through the URL on a vCenter 7.0 setup.

  • [NEW] The VM Underlay widget does not show all the neighboring switches and its connections correctly.

  • [NEW] The VMs connected to DVPG are not showing correct details.

  • [NEW] The query to request flows on Application Topology fails to display the list of flows intermittently.

  • [NEW] Even after you delete a device, vRealize network Insight continues to show it on the Entities list and the Network Map until the next snapshot is generated.

  • After you upgrade vRealize Network Insight, if you run a query for the metric data for a time range in which the upgrade happened, then the aggregated indicative value might not appear for all metric points in the series.

  • The NSX-V prepared ESX hosts might observe the Purple Screen of Death (PSOD) in certain conditions. So, the Virtual Infrastructure Latency collection is disabled for NSX-V data source in vRealize Network Insight. For more information, see the 75224 KB article.

    Note:  There is no impact on NSX-T versions.

  • The HostPrep FeatureUnhealthy event is not closed even when the feature status is Green.

  • Validation fails for AWS access key users having restricted access to the regions.

  • If the AWS VPC logs are published at a delay of 20 minutes at source, the AWS flow data might not show on the Threshold dashboard.

  • If the flow-based threshold configured application has overlapping members (IP endpoints, VMs, or Kubernetes entities) across tiers of different applications, then tiers from other applications appear on the dashboard of that threshold configuration. 

  • When the application has Kubernetes entities, the thresholds with scope as flows do not show flow data when you use Source Application or Destination Application filters. 

    Select scope as flows and use the following query:

    Scope Query 

    Aggregation Type 

    flow type = 'Internet' and generic source application = 'abc’ 

    source tier 

    flow type = 'Internet' and generic destination application = 'abc’ 

    destination tier 

    generic source application = 'abc’ 

    source tier 

    generic destination application = ‘abc’ 

    destination tier 

    application = ‘abc’ 

    source/destination Tier 

  • If you have upgraded the collector from 4.2, the VMware SD-WAN flow processing does not trigger automatically.

    Add a vCenter on the same collector before you send the VMware SD-WAN flows.

    Note: You can remove the vCenter later.

  • The facet filter does not work in non-English language.

  • When you attempt to export a pinboard in which the pinboard name contains a Non-ASCII character, vRealize Network Insight shows the incorrect filename on the Export to PDF window.

  • When you add a filter in the query result, the count shown in the filter is approximate.

  • When you set the home page from My Preferences, it requires a page refresh to reflect that information in UI.

  • When you attempt to add a Cisco ASA data source, you see a message to contact support with the following error: 

    Message missing required fields: vendorId
  • When you create a logical subnet or logical router, a new edge VM is dynamically created to serve this request. The events for this kind of VM are shown.

  • The Plan Security page for the last two days takes around 3 minutes to load. A higher response time is seen while running the queries for about 24 hours after migration of a data source between collectors. This is because the same flows are reported, opened, and closed from two different collectors within a span of 24 hours. It leads to multiple versions created for the same flows.

  • The firewall rule section of the PCI Compliance dashboard can show incorrect rules if the selected scope is a nested security group in NSX or an application when multiple NSX Managers are added as a data source.

  • Some events such as Host network control plane mismatch are not raised if the data center is not at the top level and is located inside a folder in vCenter.

  • There is a known issue in the list view for the events search where sometimes facet counts are incorrect upon selection and no events are shown.

  • The plan topology widget has options to select all flows, all protected flows, and so on. The flows that are solely captured from VDS and not from NSX IPFIX only show up when the all flows option is selected because their protection status is classified as unknown not as protected or unprotected.

  • The Export to PDF feature for entity dashboards have the following known issues:

    • The changes that you make in the NetFlow flow diagram dashboard are not visible in the PDF.
    • The metric properties are not exported in the PDF. 
  • An unwanted default rule is applied to certain NSX IPFIX flows because sometimes, NSX IPFIX reports a reverse packet in which client and server are flipped and the firewall rule is applied as per the flipped source and destination IP.

  • The auto-refresh counter restarts and keeps showing incorrect data even though auto-refresh is paused.

  • In the absence of a firewall rule on a VM, the default connectivity strategy applies to a VM in VMware Cloud on AWS.
    In such cases, the firewall icon is not present in the VM-VM path on the VMware Cloud on AWS side as we do not get enough information about the realization of the default rule from the VMware Cloud on AWS SDDC.

  • The VAPI health status is going to YELLOW repeatedly with the HTTP response with status code 429 endpoint warning.