times

vRealize Network Insight 6.2 | 15 Apr 2021| Build 1617345572

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New
Product Upgrade
Documentation
VMware Product Compatibility
VMware MIB Files
Resolved Issues
Known Issues

What's New

Here are the key features and capabilities of vRealize Network Insight 6.2:

Network Assurance and Verification

Provides a cross-link for the VM-VM path search in the network map with a logical VM-VM path
Provides native support for the Cisco ASR 9000 devices
Provides native support for MPLS for Cisco Catalyst and Cisco ASR 9000 devices
Supports F5 Secure Network Address Translation (SNAT) in Network Map
Introduces new threshold configurations for
- Switch metrics: CPU, Memory
- Switch port metrics: Switch-Port RX Traffic Rate, Switch-Port TX Traffic Rate, Switch-Port RX Packet Drops, and Switch-Port TX Packet Drops.

NSX-T Monitoring and Troubleshooting

Introduces 5-minute polling intervals for metrics collected from the VMware NSX-T and VMware vCenter servers
Introduces 20 seconds granular metrics for VMs
Introduces new search queries for BGP neighbor status and learned routes, and Equal Cost Multi Path routing status of edges in a cluster
Supports the collection of the firewall rule comments from the distributed firewall rule definitions
Supports the collection of URPF mode router interface key property for the VMware NSX-T routers
Introduces two new threshold configurations for the VMware NSX-T Edge metrics: Traffic Rate and Packet Drops.

VMware Cloud on AWS

Supports SDDC Group
- Including intra SDDC group flows, application discovery for SDDC group, search operator, dashboard, alerts, and flow threshold
Supports VMware Transit Connect
- Including flows, dashboard, search operator, alerting, and flow threshold
- Supports VMware Cloud on AWS SDDC to VMware Cloud on AWS SDDC and VMware Cloud on AWS SDDC to native VPC topology
Introduces 20 seconds granular metrics for VMs within the VMware Cloud on AWS Compute Gateway and VMware Cloud on AWS Management Gateway (VMware vCenter Appliance, VMware NSX Manager Appliances, VMware NSX Edge Appliances, VMware HCX Appliance VMs)
Provides Network and Security Configuration Maximum alerts
Provides support for Virtual Routing and Forwarding (VRF) Route Leaking and Layer 3 MPLS VPN on VMware Cloud on AWS Direct Connect Colo Router (Cisco ASR).

Flow Based Application Discovery

Automatically identifies application groups without any user inputs
Provides the ability to keep the saved applications up to date with dynamic membership updates
Supports modification of the naming preferences to change the name of applications based on the user CSV file or the VM name, tags, security group or security tag.
Supports modification of the flow duration and scope
- Option to select 1 week, 2 weeks, 3 weeks, or 30 days as flow duration
Applications dashboard:
- Saved applications display an icon if updates are available
- Provides the ability to filter applications based on the applications with updates and no updates
- Supports sort functionality on the last updated column
Update applications view:
- Displays the tiers that are added, modified, or deleted, with the member details
- Provides the ability to apply the update on the applications
Edit application page displays a warning if there are any pending updates

VMware SD-WAN

Application hotspot widget shows impacted applications for immediate attention to applications that are experiencing performance degradation
Eliminates references of the Equal Cost Multi Path tags in the VMware SD-WAN Path Topology map.

Enhanced Rule Recommendations in Security Planning

Enhances security planning to provide fine-grained firewall rule recommendations
Provides the ability to export the recommended rules to include the membership information of different groups used in the rules.

Azure VMware Solution

Provides support for Azure VMware Solution 2.0.

Google Cloud VMware Engine

Provides support for Google Cloud VMware Engine.

Pinboard Enhancements

Provides Public APIs for Pinboard CRUD operations.

Platform Enhancements

Provides support for 7-node XL clusters
Ability to track the usage of VMs, Hosts, Applications, Flows, and Firewall Rules with a data retention period of up to 13 months.

Others

F5 data source now only needs REST API access. SSH access is not required.
Applications discovered from ServiceNow support VMs, Physical IPs, and K8s services in the discovered tiers
- Membership of tiers discovered from Service Now or based on flows can only be specified as a list of entities. Search based membership criteria can not be used to specify members for tiers that are automatically discovered from ServiceNow or based on Flows.
To install and upgrade vRealize Network Insight by using vRealize Suite Lifecycle Manager, see the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide.

Product Upgrade

The supported upgrade path is available at https://interopmatrix.vmware.com/#/Upgrade?productId=285.

Refer to the Upgrading vRealize Network Insight section for more information on the upgrade procedure.

Documentation

For additional information about new features, see the vRealize Network Insight documentation.

Note: As you use the vRealize Network Insight documentation, we want you to know that we value inclusion at VMware. To foster this principle within our customer, partner, and internal community, we have updated some terminology in our documentation.

VMware Product Compatibility

The VMware Product Interoperability Matrix provides details about the compatibility of vRealize Network Insight with other VMware products.

VMware MIB Files

For MIB information, see Determining the MIB module listing, name, and type of an SNMP OID. You can download the SNMP MIB module file from the VMware Knowledge Base Article: 1013445.

Resolved Issues

Web.xml configuration file disclosure, broken link hijacking, email addresses found, and subresource Integrity (SRI) not implemented security issues are reported in the API documentation.
In the Add Application screen, unable to create tier/deployment by using the keyboard to select the values.
During the upgrade to 6.1, while migrating elastic search records if the service restarts, it may happen that the migrated records count decreases or resets to zero. This issue resolves automatically when all records are migrated.
Juniper device running the Spanning Tree Protocol (STP) is incorrectly modeled in the Network Map.
When a trunk interface of a switch is connected to an interface of Arista configured with the dot1Q sub interfaces, then the Port Mode Mismatch intent raises false alerts for that interface pair.
CLI upgrade fails while exporting saved search queries due to a Python library issue.

Perform the upgrade through the UI or reinitiate the upgrade.
If AnalyticsClient is initialized before the elastic search is up, VMware SD-WAN Intent charts do not load.

Restart the REST API layer on all the platforms.
When creating an intent for VMware SD-WAN, adding more than 100 edges to the exception list of VMware SD-WAN causes an expected behavior.

Do not add more than 100 edges to the exception list of VMware SD-WAN.
In the Path Topology page, the vNIC drop-down for the destination VM is not visible in the dark theme.
While viewing the flows for VMs, certain VMs show non-existing firewall rules being applied to the flow record.
NSX-V balancers status sometimes shows missing details.
While using VMs with two NICs, the second NIC does not display the flows.
Upgrading from vRealize Network Insight 6.0 to 6.1 fails with the "Failed to start samzajobs service after removing unused topics" error.
When adding a tier of an application, unable to create filters with tags while using API Calls.
While adding the NSX-T data source using FQDN, with the NSXi integration enabled, the NSXi polling task fails with an error.
In the VM-VM path, Check Point firewall rules are not displayed on the Check Point gateway cluster VRF.
VM-VM path fails after reaching the Check Point gateway cluster VRF due to the Router Interface name mismatch.
VM-VM path fails because the destination VNIC default gateway route interface does not have the layer 2 set and shows the "Unable to find Vnic for destination IP" error.
Denorm of Router Interface, Router, and Check Point gateway cluster VRF fails due to a ClassCast exception, while computing the denorm for path "routerDevice.associatedDevices".
Unknown Path message is displayed while trying to render the VM-VM path.
Collector stops collecting information and displays the "java.lang.OutOfmemoryError: unable to create new native thread" error.
Unable to use search or grouping of tiers and applications in the Security Planning page of Micro-segmentation.
In the Path Topology, the VM-VM path not showing any result, and the Path Topology widget becomes unresponsive due to an error in the browser’s console.
Data collection for VMware NSX-T Manager fails due to RejectedExecutionException error.
Cannot add data source when '(' and '&' special characters are used in the password.

Known Issues

[NEW] HSRP/VRRP Master and STP Root Co-location intent is not supported for Juniper devices.
[NEW] vRealize Network Insight path search results traversing through switchless F5 BIG-IP Load Balancer platforms (2xxx, 4xxx, i2xxx, i4xxx, and VE) show up as "Blocked” at the F5, as these F5 models do not provide MAC address table output.
Additionally these F5 model devices cannot be used as intermediate hop in the path search.
[NEW] In F5, port mode is not available when the interface is associated with the trunks interfaces. This causes a port mode mismatch with the switch ports of the neighboring devices.
[NEW] F5 BIG-IP validation fails if TMSH is not enabled from the F5 BIG-IP UI for the user account.

Workaround: Enable TMSH for the user account to bypass the vRealize Network Insight F5 BIG-IP validation logic.
[NEW] In the Network Map model, Palo Alto rules with destination zone set to 'any', do not get applied to the same zone pair.
[NEW] In the Network Map path search, bidirectional path search queries destined to external IP addresses are truncated at the end of the forward path.
[NEW] When the content of an open alert changes, vRealize Network Insight does not show the new value in the alert details.
[NEW] In the Network Map, the entity details window of the distributed switches does not show alerts that are originated from intents.
[NEW] For VMware vSphere Distributed Switches (VDS), raw data information is not available in the Network Map UI. If you click on the VDS links from the path search option of the Network Map, the UI becomes unresponsive.

Workaround: Refresh the browser to use the Network Map again.
[NEW] While running the RESTAPI service, no users are found in the configuration store. Due to this, the NSX configurations are not created.
[NEW] In the Applications on Edges widget of the VeloCloud Enterprise page, you may see the "Encountered an error" message.

Workaround: Contact VMware Support for the resolution.
[NEW] In the VM details page, the Path to Internet widget does not show the gateway firewall rule applied to the VPN tunnel interface.
[NEW] In the SDDC and the NSX Policy Manager Dashboard, the T0 Router Interface metrics show a "No data to show" message. There is an API change in VMware Cloud on AWS version 1.15. Because of the changes, vRealize Network Insight is unable to collect these metrics to display the data in the T0 Router Interface metrics widget.”
[NEW] After you upgrade to vRealize Network Insight 6.2, you may find some of the manually created applications show zero members. This problem occurs if the application member VM names contain space.

To resolve this issue, see KB 85637.
You cannot see the unprotected flows for the Kubernetes service in the Micro-Segmentation Planning page.