NSX Flows are not visible in VCF Operations for Networks
search cancel

NSX Flows are not visible in VCF Operations for Networks

book

Article ID: 403213

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

  • NSX is configured as a Data Source and IPFIX is enabled for flow collection.
  • From within VCF Operations for Networks User Interface, searching for an NSX flow using the following query does not return any data.

    Flow where Source IP Address = [IP] and Destination IP Address = [IP] and port = [Port number]

  • From within the flow processor logs on the VCF Operations for Networks collector the NON_DOMAIN_NSXT_FLOWS is actively increasing.

    /var/log/arkin/flow-processor/latest.log:
    [Timestamp] INFO v2.helpers.IpfixRawFlowValidator five_tuple_task-0 printAndResetRejectionStats:426 Raw Ipfix Record Rejection Stats [file=/var/flows/vds/nfcapd/nfcapd.[Timestamp]]: DENY_FLOWS:0 WRONG_REPORTING_POINT:0 DATA_SOURCE_DISABLED:0 SESSION_NOT_ESTABLISHED:0 NO_METRIC_DATA_4:0 NO_METRIC_DATA_6:0 ADDSTATE_WRONG_FLOW_TYPE:0 IPV6_LINK_LOCAL:0 NON_DOMAIN_NSXT_FLOWS:9900663 UNSUPPORTED_IPV6_FLOW_TYPE:0 IPFIX_ENABLED_ON_ANOTHER_COLLECTOR:0 DENY_NSX_INTERNET_FLOWS:0 DENY_NSX_FLOWS_RULE_ID_BASED:0 DENY_NSX_FLOWS_PORT_THRESHOLD_BASED:0


  • From within the collector logs the following API call failing.

    /var/log/arkin/collector/latest.log
    [Timestamp] ERROR dataprovider.utils.HttpUtils NSXT_Config_OpMgr_Policy-0 checkStatusAndThrow:41 API /policy/api/v1/infra/tier-0s/[T0-Name]/nat/NAT64/nat-rules error response { 
      "httpStatus" : "BAD_REQUEST", 
      "error_code" : 500012, 
      "module_name" : "Policy", 
      "error_message" : "The path=[/infra/tier-0s/[T0-Name]/nat/NAT64] is invalid" 
    }

 

NOTE:  VCF Operations for Networks was formerly named Aria Operations for Networks (AON), and prior to that was named vRealize Network Insight (vRNI).

 

Environment

VCF Operations for Networks 6.x 

Cause

This is a known issue affecting VCF Operations For Networks, in cases where the version is 6.14 or higher and was previously upgraded from version 6.12 or lower.

You can determine if that is the case by logging into the Platform 1 node and/or Collector node and entering the following commands:

ub

cat /home/ubuntu/build-target/deployment/patch.txt

Following is an example of the last two lines of output:

[### ## #### ##:##:##] 6.12.1.1707992545 Success
[### ## #### ##:##:##] 6.14.0.1725688792 Success

Where ### ## #### ##:##:## represents the date and time

An additional check to confirm this can be done by checking in the /var/log/arkin/restapilayer/ directory in the "restapilayer.STDOUT-####-##-##-##.##.##.log" files (where ####-##-##-##.##.## is the date and time stamp of the start of the log entry) for the following string :

  policyObject {
    key: "enableNSXTPolicyAPI"
    value: "true"

 

 

 

Resolution

 

If you believe you have encountered this issue, please open a support case with Broadcom Support and refer to this KB article.

For more information, see Creating and managing Broadcom support cases.

Powered by Wolken Software