Symptoms:

• Flows being reported in vRealize Network Insight  (vRNI)/ VMware Aria Operations for Networks (vAON) might be corrupted (For example: Incorrect IP addresses, huge amount of traffic etc. being reported in the flows).
• Duplicate flow being reported for each flow, one of which will not be enriched with a VM, Security Group and other information.

Aria Operations for Networks (AON)

vRealize Network Insight (vRNI)

NSX-T users can enable export of flow information in two ways:

• Through the DFW IPFIX
• Through the Switch IPFIX

Currently, vRNI/ AON does not allow a user to enable switch IPFIX. But NSX-T does allow a user to configure the switch IPFIX and point it to the vRNI/ AON Collector. This can potentially cause the flow data corruption in vRNI/ AON and the flows shown along with their metrics would be incorrect and unusable. Also, if a user specifies the same observation domain ID in both DFW and Switch IPFIX profiles, it can cause corruption in the flow data being received by vRNI/ AON. That corruption will persist as there is no way to clean that up hence the issue occurs.

In worst case, corrupted data would be cleaned after flow retention period. New flow, such as flows for which Four Tuple is not created when the wrong switch IPFIX was configured, will be shown correctly immediately. 

In case of manually configuring the Switch IPFIX to point to vRNI/ AON Collector, if a user decommissions the vRNI/ AON collector, then the vRNI/ AON Collector IP address will be unreachable and issues related to unreachable IP address will occur in the network.