Network Insight 4.0 was released today and it undeniably the biggest release they’re ever done. It’s packed with some huge features and a lot of small goodness.
While Karl has done an excellent job of describing the top features in this blog post, I’ll go through the somewhat smaller features which will make your life better. But first, here’s a quick recap of the major features:
- Cisco ACI support to gain insight into the underlying topology
- Standardized BGP-EVPN support as an underlay
- F5 BIG-IP router support
- Cisco ASA support
- sFlow support for incoming network flows
Walkthroughs or “Self Service”
Remember Clippy inside Microsoft Word? It was a friendly neighborhood paperclip which could tell you how to get started with certain tasks in Word. While Clippy was mostly annoying, the idea of Clippy is pretty good: getting tips, tricks, and documentation right there in the product without having to go to an online documentation website. That is exactly what they’ve done with a widget called Self Service which is present on every page (only without the annoying aspects of Clippy).
This Self Service widget guides you through a quick start, from setting up data sources and other system services to executing your first search query, or analyzing network flows and exporting them.
Custom Home Page
Building on the usability of Network Insight, there is now the possibility to set a pinboard as your home page. A pinboard is a customizable page (and a different name for a dashboard) where you can drop “pins” on. Any search, every widget has a pushpin on it. If you click that pushpin, you can save that specific bit of data or chart to a pinboard. Have one for a specific purpose; a certain vSphere environment, networking equipment capacity management, application management, analyzing traffic flows, you name it. The default Network Insight home page is a pretty good springboard to other pages, but sometimes you just want a very specific starting point. Achieve that with setting a pinboard as your home page.
You’ll also see the ability to Duplicate a pinboard, which is cool as well.
VMware NSX BGP State Monitoring
Going deeper into the actual state of the network, Network Insight now monitors the state of your BGP sessions inside NSX. If it’s anything but established, you’ll get an alert (on which you can be notified as well) that it is indeed, not established. It looks at the configured BGP neighbors and matches that with the current status. This works for Distributed Logical Router -> Edge and Edge -> Physical uplink router relations.
VMware NSX – Inactive Distributed Firewall Rules
Micro-Segmentation is great for security, but it adds some management overhead. The best implementations use the NSX dynamic policy model, where rules are not applied to workloads directly. But there can be exceptions or applications that disappear completely from the environment, which might leave distributed firewall rules unused and unnecessary. The incoming NSX IPFix data is now correlated to an NSX firewall rule, which means actual network traffic is directly mapped to the distributed firewall rules. This means you can query for firewall rules that are not used (there’s no traffic going through them).
This can also work the other way around, showing the NSX firewall rules where flows are seen by removing the ’not’ operator. Keep in mind you need to have NSX send the IPFix traffic flows to Network Insight for this to work.
New Search Operator: “in”
There’s a new operator in town. If you want to monitor really specific network flows for applications or a set of VMs, you’re probably used to providing a multitude of “where port = 80 or port = 443 or port = ..etc”. You can do this a little bit quicker & easier now, by using the in() operator.
VMware Tools Dependancy
Network Insight reads information from the VMware Tools to gather a full picture of the VMs. Networking info like IP, subnet, default gateway is used to determine network topologies and show the VM to VM paths. With 4.0, the hard requirement for the official VMware Tools has been relaxed and you can now also use the VM to VM path widget for VMs without VMware Tools installed.
This will work for VMs with a single vNIC and vNICs that are connected to networks with a single router (ESG/DLR, physical router SVI) interface.
Previously, only linear upgrades were possible (3.6 -> 3.7 -> 3.8, etc). This has been changed to support version hops. This is the first where you can upgrade from 3.8 and 3.9.