• In vRNI collected data flows from NSX contain an empty destination TCP/UDP port number. 

                $ grep -A 3 IpfixD desired_state_manager.json
                 "resource_type": "IpfixDfwConfig",
                "template_parameters": {
                "destination_address": true,
               "destination_transport_port": false,

• Duplicate IPFIX profiles may get created after upgrading to 3.2 under NSX-T Manager View.
• Manually modified IPFIX profile in the NSX-T UI remains in “in-Progress” status.

This is a known issue affecting VMware NSX-T Data Center 3.2.x, and will be resolved in 3.2.2.

Workaround:

vRNI customers :
 

• Disable DFW for NSX monitor in vRNI
• Wait for at least 2 hours before re-enable it in vRNI to ensure IPFIX profiles are removed completely. 
• Re-enable DFW monitor in vRNI. 

For none-vRNI customers

Delete all existing IPFIX profiles then create new DFW IPFIX profiles just like the previous one.  destination_transport_port in the new profile will automatically be set to ’True’. 

• Delete DFW IPFIX Profiles in the Policy UI.  If the operation is not allowed by the UI,  user can use API to delete each profiles:
• DELETE API /api/v1/ipfix/configs/<uuid>   Include  -H "X-Allow-Overwrite: true" in the API header. 

Impact/Risks:

1. Incomplete IPFIX data collection. Destination port should always be included as the first field of the TCP or UDP segment header for vRNI to identity unique applications.

2. An IPFIX profile applied to multiple segments before the upgrade will be duplicated to multiple profiles with the same prefix name in manager UI view, and each profile applies to only one segment. 

3. Any attempt to change IPFIX profile via NSX-T policy UI will cause the IPFIX policy remain in “in-Progress” status.