Flows remained in the "Unknown" category despite corresponding Groups being realized in the SSP UI
search cancel

Flows remained in the "Unknown" category despite corresponding Groups being realized in the SSP UI

book

Article ID: 441040

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

Security Explorer Dashboard may shows many objects under "Unknown" category.

When the flow details are seen, the source IP falls under "Unknown" category of groups however, there are groups already that contains this IP address.

Environment

Security Services Platform 5.1, 5.1.1

Cause

The kafka consumer in nsx-config which is part of group-iplookup functionality goes down and it's unable to come up.

Resolution

To remediate this issue, we can verify if the kafka consumer is not listed in the kafka consumer list 

1. In case kafka consumer is running , you can expect following output when running the following command 

k -n nsxi-platform exec $(kubectl --kubeconfig=/config/clusterctl/1/ssp-instance.kubeconfig -n nsxi-platform get pod -l app.kubernetes.io/name=cluster-api -o jsonpath='{.items[0].metadata.name}') -c cluster-api -- /opt/kafka/bin/kafka-consumer-groups.sh --bootstrap-server kafka:9092 --command-config /root/adminclient.props --describe --group config-group-ipset-update

 

Valid Output:

 

2. Once the error scenario is confirmed from the Step 1 , run the following command to restart nsx-config statefulsets for resolution.

k rollout restart sts nsx-config-0 nsx-config-1 -n nsxi-platform

This issue is fixed in the next release of SSP.

Powered by Wolken Software