Symptoms
In vRNI collected data flows from NSX contain an empty destination TCP/UDP port number.
In NSX-T manager logs, the destination transport port is set to false under “IpfixDfwConfig”
$ grep -A 3 IpfixD desired_state_manager.json "resource_type": "IpfixDfwConfig", "template_parameters": { "destination_address": true, "destination_transport_port": false,
Duplicate IPFIX profiles may get created after upgrading to 3.2 under NSX-T Manager View.Manually modified IPFIX profile in the NSX-T UI remains in “in-Progress” status.
Cause
When upgrading from 3.x to 3.2.x, the upgrade process does not convert DFW IPFIX correctly.
Impact / Risks
1. Incomplete IPFIX data collection. Destination port should always be included as the first field of the TCP or UDP segment header for vRNI to identity unique applications.2. An IPFIX profile applied to multiple segments before the upgrade will be duplicated to multiple profiles with the same prefix name in manager UI view, and each profile applies to only one segment. 3. Any attempt to change IPFIX profile via NSX-T policy UI will cause the IPFIX policy remain in “in-Progress” status.
Resolution
This is a known issue affecting VMware NSX-T Data Center 3.2.x, and will be resolved in 3.2.2.
Workaround
vRNI customers :
Disable DFW for NSX monitor in vRNIWait for at least 2 hours before re-enable it in vRNI to ensure IPFIX profiles are removed completely. Re-enable DFW monitor in vRNI.
For none-vRNI customers
Delete all existing IPFIX profiles then create new DFW IPFIX profiles just like the previous one. destination_transport_port in the new profile will automatically be set to ’True’.
Steps: Delete DFW IPFIX Profiles in the Policy UI. If the operation is not allowed by the UI, user can use API to delete each profiles: DELETE API /api/v1/ipfix/configs/<uuid> Include -H "X-Allow-Overwrite: true" in the API header.
