NSX-T Traffic Analysis Traceflow fails

So you are trying to do a traceflow to see where the traffic is going, but as it turns out it is not working. If this is the case, and if you are running NSX-T 3.2, and the segment that your VMs belong to is VLAN backed. Then I might have a solutions for you.

ERROR

Traceflow request failed. The request might be cancelled because it took more time than normal. Please retry.Error Message: Error: Traceflow intent /infra/traceflows/<guid> realized on enforcement point /infra/sites/default/enforcement-points/default with error Traceflow on VLAN logical port LogicalPort/<guid> requires INT (In-band Network Telemetry) to be enabled (Error code: 500060)

If you google the error you will get directed to this documentation URL: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-0771969B-A897-4FD0-AEE3-323F630A584A.html

The URL explains that you need to enable the feature with the following REST call:

PUT API: https://<NSX Manager IP of FQDN>/api/v1/global-configs/IntGlobalConfig

The only problem is that it is not working as you will probably get the following response:

{
    "httpStatus": "BAD_REQUEST",
    "error_code": 220,
    "module_name": "common-services",
    "error_message": "Required request body is missing"
}

Solution

Turns out that the documentation is wrong at the time of writing this post. According to VMware GSS. The correct call is as follows. REMEMBER THIS IS TOTALLY DONE AT YOUR OWN RISK!

Be sure to make a backup before you make changes like this.

Make the following REST call:

GET https://<NSX Manager IP of FQDN>/api/v1/infra/ops-global-config

You will get a result similar to this:

Make a note of the _revision as you will use this for your next call.

Make a new call with the following information:

Do not forget to set the _revision to the correct value you previously notes)

PUT https://<NSX Manager IP of FQDN>/policy/api/v1/infra/ops-global-config

Headers:
Content-Type: Application/json

Body:
{
    "display_name": "ops-global-config",
    "in_band_network_telementry": {
        "dscp_value": 2,
        "indicator_type": "DSCP_VALUE"
    },
    "path": "/infra/ops-global-config",
    "relative_path": "ops-global-config",
    "_revision": 0
}

You should now be able to successfully make a Traceflow analysis.

Update: The same resolutions works for NSX 4.x

Hope it helps you out. Please let me know in the comments below.

2 thoughts on “NSX-T Traffic Analysis Traceflow fails”

Leave a Reply

Your email address will not be published. Required fields are marked *