IPFIX flow data originating from ESXi host transport nodes is not processed or displayed within VCF Operations for Networks. The IPFIX configuration is verified as correctly applied in the data source and the NSX-T manager.

Analysis of flow samples demonstrates that host transport node details are collected, but flow reporter IP addresses appear as NAT addresses rather than the expected ESXi Host Transport Node IP addresses.

NOTE:  VCF Operations for Networks was formerly named Aria Operations for Networks (AON), and prior to that was named vRealize Network Insight (vRNI).

VCF Operations for Networks

VMware NSX Firewall

VMware vSphere ESXi

Source NAT (SNAT) is actively applied to the communication path between the ESXi hosts and the VCF Operations for Networks Collector.

VCF Operations for Networks does not support NATed IP addresses for flow forwarders. Because the original host IPs are obscured by address translation, the system cannot validate and correlate the traffic to the corresponding NSX Manager. Consequently, necessary enrichment data cannot be applied, and the flows are dropped.

To restore flow visibility, direct or cleanly routed communication without address translation must be re-established.

• Identify the network path between the ESXi host transport nodes and the VCF Operations for Networks Collector.
  
  
• Remove Source NAT (SNAT) configurations affecting this specific traffic flow on the intervening network hardware (firewalls, routers, or load balancers).
  
  
• Verify that the Collector receives the original, un-NATed ESXi management IP addresses.

Alternative Workaround: Relocate the VCF Operations for Networks Collector directly to the ESXi management network to bypass the NAT boundary entirely.

VCF Operations for Networks strictly requires original, un-NATed host IP addresses to accurately map flow data to the corresponding NSX Manager and process the associated telemetry.