VMware vRealize Network Insight 6.6 Release Notes

VMware vRealize Network Insight 6.6 | 12 APR 2022 | Build 1648892975

Check for additions and updates to these release notes.

What's New

Here are the key features and capabilities of vRealize Network Insight 6.6:

VMware NSX-T Monitoring and Troubleshooting

vRealize Network Insight supports VMware NSX Firewall for Bare Metal edges in network maps and intents.
vRealize Network Insight introduces Crown Jewel Analysis to identify lateral movements that can occur during a security breach.

Network Assurance and Verification

vRealize Network Insight supports for Arista BGP-EVPN in Network Map and VM-VM paths.
vRealize Network Insight supports Cisco UCS FEX in Network Map.

Platform Enhancements

You can perform bulk actions on the data sources managed by vRealize Network Insight to enable, disable, delete, and update parameters such as credentials, polling intervals, and notes. This saves time and helps you manage multiple data sources in one go.
You can specify a secure Network Time Protocol (NTP) server to get timestamps when deploying vRealize Network Insight. Secure NTP supports Network time and provides cryptographic security for the client-server mode of the Network Time Protocol.
You can add physical devices such as routers and switches, in bulk using automated network discovery from command line interface.
You can view the East-West and North-South IP ranges on the same screen. You can also add exceptions when editing IP ranges to override RFC 1918 specification for flow analysis.

Application Usability Enhancements

While adding an application, you can now view the micro-segmentation wheel before saving the changes. This helps in improving your understanding of the application flow.
You can now view the load balancers in the Application Topology map. You can also select the edge that runs between the load balancer hexagon and the tier hexagon to view the complete flow information.
While performing Flow-based Application Discovery, you can select load balancers as your application naming preference. Also, the Flow-based Application Discovery time is reduced from 6 hours to 3 hours after the first 7 days of full discovery.

Databus Enhancements

vRealize Network Insight introduces Heartbeat message to inform a subscriber if the Databus streaming path is available. This is useful to troubleshoot when a subscriber does not see any incoming messages from the subscribed message groups.
vRealize Network Insight introduces new message groups to support granular levels of metric data. Message groups for entity specific metrics include:
- vms-metrics
- hosts-metrics
- flows-metrics
- nics-metrics
- switchports-metrics

Others

vRealize Network Insight 6.6 uses Log4j 2.17.1.
For third-party components where a fix is not within the control of VMware, we have removed the JndiLookup class to mitigate the reported vulnerabilities. Also, the flag log4j2.formatMsgNoLookups = true has been set.

Note: The vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832 with CVSS3 score of 6.6 is exploitable if JDBC appender is used. vRealize Network Insight is not affected by this vulnerability because JDBC appender is not used.

To resolve the Log4j vulnerabilities for previous releases, see KB-87135.
vRealize Suite Lifecycle Manager 8.7 Product Support Pack 1 supports the installation of vRealize Network Insight 6.6. See VMware vRealize Suite Lifecycle Manager 8.7 PSPAK 1 Release Notes. To install and upgrade vRealize Network Insight by using vRealize Suite Lifecycle Manager, see the vRealize Suite Lifecycle Manager Installation, Upgrade, and Management Guide.

Product Upgrade

The supported upgrade path is available at https://interopmatrix.vmware.com/#/Upgrade?productId=285.

Refer to the Upgrading vRealize Network Insight section for more information on the upgrade procedure.

Documentation

For additional information about new features, see the vRealize Network Insight documentation.

Note: As you use the vRealize Network Insight documentation, we want you to know that we value inclusion at VMware. To foster this principle within our customers, partners, and internal communities, we have updated some terminology in our documentation.

VMware Product Compatibility

The VMware Product Interoperability Matrix provides details about the compatibility of vRealize Network Insight with other VMware products.

VMware MIB Files

For MIB information, see Determining the MIB module listing, name, and type of an SNMP OID. You can download the SNMP MIB module file from the VMware Knowledge Base Article: 1013445.

Resolved Issues

Unable to draw the network path as the Branch to Branch VPN configuration is disabled for the HUB VMware SD-WAN edge in VeloCloud Orchestrator.
Cisco ACI switches do not supported Port Channel Member Mismatch intent.
After a Federation peer instance is paired with the primary instance, you see the following behaviors:
- The newly added instance state is shown as 'Disconnected' in the primary instance
- The Federation page widgets show the status of this instance as “Instance Unreachable”
- After the Federation data synchronization completes, the peer instance state changes to 'Connected' and the data is shown in the widgets
After pairing a Federation instance, it takes up to 2 hours for the data to appear in the Summary widget of the Federation page due to the current metricStore behavior for aggregation of metrics.
If a peer instance is disconnected with the primary instance, the system takes one hour for its status to reflect on the primary instance. If this peer instance is unpaired before the status is reflected on the primary instance, then the primary instance removes that peer instance. But the peer instance configuration page shows that it is still connected to the primary instance.

Contact VMware support to unpair this peer instance.
In the Federation page, Other Problems in Physical Devices tab of the Enviroments widget does not include the Palo Alto VMs.
If the VLAN interfaces of Cisco ACI switches are used as source or destination, the path search in Network Map does not show any results.
False BGP alerts are displayed on the vRealize Network Insight Cloud interface.
Network Assurance and Verification data processing fails on the Cisco ACI devices.
Tanzu Kubernetes Grid Integrated Edition VMs shows a spike in the CPU usage when the Tanzu Kubernetes Grid Integrated Edition datasource is enabled.
Unable to view the VMware NSX-T Tier 0 and Tier 1 devices path information in Network Maps.
Cisco UCS switch port VLAN ID does not show in vRealize Network Insight even after it is configured in the Cisco UCS Manager.
Path search and intent verification is not available on the Cisco N5K device.
VMware SD-WAN flow overview in vRealize Network Insight does not show the path topology, VM underlay, and related flows through the load balancer.
Unable to use the Network Assurance and Verification feature in the Cisco N5K and N7K devices due to unexpected errors in Network Maps.
Fixed the MacTable object size which was increasing due to the addition of duplicate entries and was causing the out of memory error in Juniper EVPN.

Known Issues

New - Metrics widget in the Cisco UCS FEX entities page does not show the interface metrics.

Use global search to see the metrics of the Cisco UCS FEX interfaces.
New - Metrics for the Cisco UCS Blade interfaces are not updated in the metric entity page.
New - Metrics for the Cisco UCS Fabric Interconnect Management interface are not updated in the metric entity page.
New - Flow based Application Discovery auto discovery does not start when large brick size clusters are upgraded to extra large brick size clusters.

Manually start Flow based Application Discovery when you upgrade large brick size clusters to extra large brick size clusters on vRealize Network Insight setups.
New - While performing SNMP based Seed Device Auto Discovery, Cisco Discovery Protocol (CDP) gives IP addresses which may or may not be management IP addresses. vRealize Network Insight ignores all non management IP addresses while performing SNMP based Seed Device Auto Discovery.
New - Port Mode Mismatch intent of vRealize Network Insight may not process physical underlay interface pairs when VMware vCenter data sources are present.
New - In Arista BGP EVPN Topology, network map path results are inconsistent if the gateway of source or destination VM is a virtual IP of Arista switches configured with VARP over MLAG.
New - While performing an upgrade, the pre-checks can fail with the HBase or HDFS unhealthy error. Also, during normal operations, vRealize Network Insight interface can be unresponsive.

Restart the restapilayer service on all nodes to resolve these issues. If these issues persist, contact VMware support.
New - On the Accounts and Data Sources page, when you search for a specific data source and click the select all check box, the system selects all the data sources listed in the Accounts and Data Sources page, irrespective of the search result. For more details, see KB-88300.