To enable VMware NSX-T IPFIX in vRealize Network Insight:

Prerequisites

  • Ensure that you have any one of the following privileges:
    • enterprise_admin
    • network_engineer
    • security_engineer
  • Ensure that the Distributed (DFW) firewall is enabled.
  • Ensure that priority 0 is available for the Network Insight IPFIX profile. If there is another IPFIX profile with priority 0, then you have to change it to some other value.

Procedure

  • Select Enable IPFIX when adding or editing an NSX-T Manager data source.

What to do next

After you enable IPFIX, vRealize Network Insight creates its own Network Insight Collector profile and Network Insight IPFIX profile on NSX-T. Ensure that you do not modify any of these profiles.

After enabling IPFIX on NSX-T, if the flows are not seen in vRealize Network Insight, then the following events may occur:
  • Network Insight Collector Profile is not registered in the NSX-T Manager.
  • Network Insight IPFIX Profile is not registered in the NSX-T Manager.
  • Network Insight IPFIX Profile port number has changed.
  • Network Insight Collector Profile does not match in the Network Insight IPFIX profile in the NSX-T Manager.
    Note: To resolve all the above issues, enable NSX-T IPFIX again.
  • Network Insight IPFIX Profile priority is not zero in the NSX-T Manager.

    To resolve this issue, log into NSX-T Manager and set the priority of Network Insight IPFIX Profile to zero.

  • Network Insight Collector IP cannot be added in existing Network Insight Collector Profile in the NSX-T Manager.

    Delete one of the collectors from the Network Insight Collector Profile in the NSX-T Manager and re-enable NSX-T IPFIX from data source page.

  • Distributed Firewall is disabled in NSX-T Manager.

    Log into NSX-T Manager and enable the DFW firewall.

With NSX-T 2.4, after enabling IPFIX on NSX-T, if the flows are not seen in vRealize Network Insight Network Insight, then the following events may occur:
  • Network Insight IPFIX Collector configuration is absent in NSX-T Manager collector profile.
  • DFW IPFIX Profile is absent in NSX-T Manager.
To resolve these issues, enable DFW IPFIX again.
Note: All the logical switches present in NSX-T are appended in the IPFIX profile within 10-15 minutes.