You see that not all flows are captured by VCF Operations for Networks.

Some IP addresses are not reported when they are the source IP or when they are the destination IP address and the source is a public IP address.

Your environment is configured for IPFIX for the NSX data source.

The IP addresses for the flows that are not being captured in VCF Operations for Networks are not configured in NSX or vCenter but are IP addresses that are configured within the F5 load balancer.

Note:  VCF Operations for Networks was formerly named Aria Operations for Networks (AON), and prior to that was named vRealize Network Insight (vRNI).

VCF Operations for Networks

The IP addresses in question are configured within the F5 load balancer and the traffic flows from the F5 load balancer, not from VMware ESXi or NSX and, therefore, if the F5 load balancer is not configured to send flows to a VCF Operations for Networks "physical" (i.e. non-VMware) flow Collector, these flows will not be captured.

Note: For VCF Operations for Networks, any device that is not a native VMware construct (e.g. virtual switch, distributed firewall) is considered a "physical" device even if it is virtual. Therefore, F5 load balancers whether they are a deployed as physical or virtual appliances are considered "physical" by VCF Operations for Networks.

To receive flows in VCF Operations for Networks, you must do the following:

1. Deploy a Collector dedicated to "physical" (i.e. non-VMware) flows as per technical documentation: Flow Support for Physical Servers
   
   
2. Configure the F5 load balancer to send flows to the "physical" (i.e. non-VMware) Collector as per technical documentation: Sending Flow Records from F5 To VMware Aria Operations for Networks Collectors

Note: For VCF Operations for Networks, any device that is not a native VMware construct (e.g. virtual switch, distributed firewall) is considered a "physical" device even if it is virtual. Therefore, F5 load balancers whether they are a deployed as physical or virtual appliances are considered "physical" by VCF Operations for Networks.