Data Sheet Cisco Nexus Data Broker Product Overview You used to monitor traffic mainly to manage network operations. Today, when you monitor traffic you can find out instantly what is happening throughout your entire data center. And you can use this information to immediately engage your customers and increase your business advantage. But you need the right data broker software. Cisco Nexus Data Broker provides the features that a modern solution needs. Monitor Network Traffic to Gain Business Advantage Every enterprise depends on the smooth running of its business applications and the underlying infrastructure. Visibility into application traffic has traditionally been important for infrastructure operations to maintain security, resolve problems, and perform resource planning. Now, however, as a result of technological advances and the ubiquity of the Internet, organizations increasingly are seeking not just visibility but real-time feedback about their business systems to more effectively engage their customers. Essentially, traffic monitoring is evolving from a tool to manage network operations to a tool for achieving smart business agility that can materially affect the revenue of the business. In addition to out-of-band traffic monitoring, migration to 40 or 100 Gbps in aggregation and core network infrastructure is presenting new challenges for inline traffic monitoring at the perimeter of the network. Using Cisco Nexus Data Broker and Cisco Nexus switches, Cisco provides a new software-defined approach for monitoring both out-of-band and inline network traffic. Scalable TAP and SPAN Aggregation with Cisco Nexus Data Broker Cisco Nexus Data Broker (Figure 1) is a simple, scalable, and cost-effective solution for enterprise customers who need to monitor higher-volume and business-critical traffic. It replaces traditional purpose-built matrix switches with one or more Cisco Nexus 3000 or 9000 Series Switches that you can interconnect to build a scalable network test access port (TAP) and Cisco Switched Port Analyzer (SPAN) aggregation infrastructure that supports 1, 10, 40, and 100 Gbps. And you can dedicate ports both for TAP and SPAN and for traditional Ethernet connectivity. Traffic is tapped into this bank of switches in the same manner as in a matrix network. However, because the data broker lets you interconnect the Cisco Nexus switches to build a scalable TAP and SPAN aggregation infrastructure, you can use a combination of TAP and SPAN sources to bring the copy of the production traffic to this infrastructure. You also can distribute these TAP and SPAN sources and traffic monitoring and analysis tools across multiple Cisco Nexus switches. The monitoring and analysis tools can be based in physical appliances or virtual machines. Figure 1 shows the centralized deployment architecture that the data broker supports. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 9
Figure 1. Cisco Nexus Data Broker Solution for Network Traffic Visibility Using Cisco Nexus 9000 switches, customers can build a high-density 10, 25, 40, and 100-Gbps TAP and SPAN aggregation infrastructure. Also, Cisco Nexus switches used for TAP and SPAN aggregation support hybrid mode, which allows you to use the same switch for production traffic and for TAP and SPAN aggregation. Cisco Nexus Data Broker also integrates with Cisco Application Centric Infrastructure (Cisco ACI ) fabric through the Cisco Application Policy Infrastructure Controller (APIC) to configure SPAN destinations on Cisco ACI leaf switches and set up SPAN sessions in Cisco ACI to monitor traffic. You can perform all these configurations through Nexus Data Broker s web-based GUI or REST API. With this release, Cisco Nexus Data Broker also automates configuration of ACI copy function. With these features, the Cisco approach provides superior economics, saving both capital expenditures (CapEx) and operating expenses (OpEx) when compared to the traditional matrix network approach. The Cisco approach also helps ensure short response times and full coverage as monitoring needs grow. Main Features of TAP and SPAN Aggregation Table 1 summarizes the main features and benefits of Cisco Nexus Data Broker. Table 1. Feature Main Features and Benefits of TAP and SPAN Aggregation Benefit Support for a variety of port capacities Multiple switches in topology for TAP and SPAN aggregation The data broker supports 1, 10, 25, 40, and 100-Gbps ports. The data broker supports fixed switch s (Nexus 3000, 9200, 9300 series) as well as high density modular switch s (Nexus 9500 series). The data broker software discovers the Cisco Nexus switches and associated topology for TAP and SPAN aggregation. You can configure ports as monitoring tool ports or as input TAP and SPAN ports. You can set end-device names for easy identification in the topology. IEEE 802.1 Q-in-Q to tag input source TAP and SPAN ports * Symmetric hashing or symmetric load balancing * You can tag traffic with a VLAN for each input TAP or SPAN port. Q-in-Q in edge TAP and SPAN ports can uniquely identify the source of traffic and preserve production VLAN information. You can configure hashing based on Layer 3 (IP address) or Layer 3 plus Layer 4 (protocol ports) to load-balance the traffic across a port-channel link. You can spread the traffic across multiple tool instances to accommodate high-traffic-volume scale. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 9
Feature Rules for matching monitored traffic Layer 7 monitoring for HTTP traffic * User defined filtering Multiprotocol Label Switching (MPLS) label stripping * Traffic replication and forwarding Benefit You can match traffic based on Layer 1 through Layer 4 criteria for both IPv4 and IPv6. With advance filtering support, now you can match on TCP/IP flags in addition to other standard Layer-2 and Layer-3 parameters. You can configure the software to send only the required traffic to the monitoring tools without flooding the tools with unnecessary traffic. You can match on HTTP methods such as GET and PUT and perform specific actions for that traffic. This feature can help reduce the volume of traffic sent to any Websense tools. For IPv4 packets, you can match for a pattern by specifying an offset within the first 128 bytes of the packet. For example, if you want to matchin on VNI (Virtual Network Indentifier) for VXLAN packets. You can filter MPLS packets by enabling MPLS label stripping. You can aggregate traffic from multiple input TAP and SPAN ports that can be spread across multiple Cisco Nexus switches. You can configure the software to replicate and forward traffic to multiple monitoring tools, which can be connected across multiple Cisco Nexus switches. This solution is the only solution that supports any-to-many forwarding across a topology. Time stamping ** You can time-stamp a packet at ingress using the Precision Time Protocol (PTP; IEEE 1588), thereby providing nanosecond accuracy. You can use this capability to monitor critical transactions and archive data for regulatory compliance and advanced troubleshooting. Packet truncation ** You can configure the software to truncate a packet beyond a specified number of bytes. The minimum packet size is 64 bytes. You can retain a header for only analysis and troubleshooting. You can configure the software to discard the payload for security or compliance reasons. Response to changes in the TAP and SPAN aggregation network state End-to-end path visibility Management for multiple disjointed Cisco Nexus Data Broker networks IPv6 support for Management Automation of SPAN configuration in production network Export Nexus Data Broker configuration Role Based Access Control You can monitor and keep track of network condition changes. You can respond to link or node failures by automatically reprogramming the flows through an alternative path. For each traffic-forwarding rule, the solution provides complete end-to-end path visibility all the way from the source ports to the monitoring tools, including the path through the network. You can manage multiple independent TAP and SPAN aggregation networks using the same data broker instance. Communication between Nexus Data Broker software and switches is supported over IPv6 management interfaces. IPv6 support for High Availability and Clustering. Cisco ACI integration for span destination, access SPAN and copy function automation. Automate SPAN destination and SPAN configuration when using Cisco Nexus 9000 series or Nexus 3000 series switches in production. Easy export of Nexus Data Broker configuration to replicate the installation in other instances. Integration with external AAA servers using LDAP or TACACS or RADIUS protocols for user authentication and authorization. * Feature supported on Cisco Nexus 3100 and 3200 s and Cisco Nexus 9000 Series Switches ** Feature supported only on Cisco Nexus 3500 Series Switches Cisco Application Centric Infrastructure Integration Cisco Nexus Data Broker integrates with Cisco ACI to configure SPAN sessions and/or Copy function to monitor traffic within Cisco ACI fabric (Figure 2). This integration eliminates the need for the user to separately configure SPAN sessions or Copy function in the APIC. The data broker supports the following functions through the web GUI and REST API: You can set up Cisco ACI leaf ports as SPAN destinations. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 9
You can configure SPAN sessions in Cisco ACI using leaf ports or endpoint groups (EPGs) as SPAN sources. You can automatically periodically synchronize SPAN session information with the APIC. You can update SPAN sessions automatically based on EPG port association changes. You can directly redirect SPAN traffic to monitoring tools connected to the data broker on Cisco Nexus switches. The Cisco Nexus Data Broker performs all these configurations through the APIC REST interface. Figure 2. Cisco Nexus Data Broker with Cisco ACI Automated SPAN Configuration in Production Network You can now add production switches in Cisco Nexus Data Broker and automate SPAN destination and session configuration. This capability allows administrators to use a single interface to bring in traffic for monitoring purposes: You can configure interfaces connecting to a Cisco Nexus Data Broker switch as a SPAN destination. You can configure SPAN sessions using one or more source ports or VLANs. You can directly redirect SPAN traffic to monitoring tools connected to the data broker on Cisco Nexus switches. In the current software release, the production network must consist of Cisco Nexus 9000 or 3000 Series Switches in standalone Cisco NX-OS Software mode. This setup requires Cisco NX-API to be enabled for discovery and configuration. Scalable Traffic Monitoring with Cisco Nexus Data Broker Inline Option Today, with ever-higher volumes of traffic traversing the WAN and Internet, organizations are migrating their aggregation and core infrastructure to 40 Gbps and greater. In addition, today s security environment demands multiple proactive inline security tools, such as intrusion prevention systems (IPSs) and web filtering tools, at the perimeter of the network for strong, layered security. Because of the high volume of traffic, these security tools themselves can become bottlenecks and single points of failure. To address these concerns, customers need a 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 9
solution that can adapt to increasing traffic volumes, provide flexible connections for both production infrastructure and inline tools, and provide cost-effective deployment options. The Cisco Nexus Data Broker Inline option allows you to insert one or more Cisco Nexus 3000 Series or 9300 switches in your production infrastructure to which these security tools (or service nodes) are connected (Figure 3). Using the data broker software, you can configure redirection policies that can match specific traffic and redirect it through multiple security tools before the traffic enters or exits your data center. Cisco s solution also automatically adapts to failure scenarios by bypassing the service nodes. It also provides the option to completely bypass all security tools for any emergency troubleshooting. Figure 3. Cisco Nexus Data Broker Inline Traffic Monitoring Main Features of Inline Monitoring Table 2 lists the main features and benefits of the Cisco Nexus Data Broker Inline traffic monitoring option. Table 2. Feature Main Features and Benefits of Inline Monitoring Benefit Support for a variety of port capacities and densities Flexible port definition option Symmetric hashing or symmetric load balancing Support for multiple service nodes Implicit tagging to distinguish traffic from different ingress ports Service-node status check using heartbeat messages Automatic service-node removal Default fail-safe option The Cisco Nexus Data Broker Inline option supports 10-, 40-, and 100-Gbps connections to the production network switches and routers. Any port can be used as a production connection port or as a security tool (service node) port. Multiple production ingress and egress connections are supported on the same switch. You can configure hashing based on Layer 3 (IP address) or Layer 3 plus Layer 4 (protocol ports) to load-balance the traffic across multiple security tool instances to accommodate high traffic volumes. You can match traffic based on Layer 1 through Layer 4 criteria. You can create a redirection policy to direct the traffic through multiple security tools. To identify traffic uniquely across each ingress and egress port, traffic is implicitly tagged with a VLAN ID. The VLAN ID is stripped implicitly before the traffic is sent through an egress port. By sending heartbeat messages to the service nodes, the data broker can determine a node s functional state. Automatically bypass the service node if heartbeat packets are not received. If a port connected to a service node fails, that service node is automatically removed from the path. The data broker automatically configures the fail-safe option to send the traffic directly from an ingress port to an egress port. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 9
Feature Automatic copy function for out-ofband traffic monitoring End-to-end path visibility Benefit You can copy traffic for out-of-band traffic monitoring. Traffic can be copied from the ingress or egress port or both. For each redirection, the solution provides complete end-to-end path visibility from the ingress port to the egress port, including the path through the service nodes. Cisco Nexus Data Broker Access Mechanisms You can access the Cisco Nexus Data Broker application through the web-based GUI or REST API. Figures 4 and 5 show the GUI and REST API access mechanisms, respectively, to connect to the data broker. Figure 4. Cisco Nexus Data Broker Application GUI Access Mechanism Figure 5. Cisco Nexus Data Broker Application REST API Access Mechanism 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 9
Cisco Nexus Data Broker Embedded If you want to run Cisco Nexus Data Broker using a single Cisco Nexus 3000 or 9000 Series Switch in your topology, you can run the data broker software on the switch itself using the Embedded function (Figure 6). Cisco Nexus Data Broker Embedded is provided as an open virtual appliance (OVA) that you can deploy in the Linux container of the Cisco Nexus switch. After you download this OVA file to the switch, you must activate it, and by default the data broker uses the management interface IP address of the Cisco Nexus switch. All features of the data broker application are available with this option except: Clustering and high availability Management for multiple switches in the network topology Figure 6. Cisco Nexus Data Broker Embedded Device Support Matrix for Cisco Nexus Data Broker Table 3 lists the supported Cisco Nexus Data Broker software for the various Cisco Nexus switches. Table 3. Cisco Nexus Data Broker Application Device Support Matrix Device Model Cisco Nexus Data Broker Software Deployment Mode Supported Supported Use Cases Cisco Nexus 3100 Cisco Nexus 3164Q Switch Cisco Nexus 3200 All Cisco Nexus Data Broker releases Centralized and Embedded TAP and SPAN aggregation and inline monitoring Cisco Nexus Data Broker 2.2 and later Centralized and Embedded TAP and SPAN aggregation only Cisco Nexus Data Broker 3.0 Centralized and Embedded TAP and SPAN aggregation and inline monitoring Cisco Nexus 3500 Series Cisco Nexus Data Broker 2.0 and later Centralized and Embedded TAP and SPAN aggregation only Cisco Nexus 9200 Cisco Nexus 9300 Cisco Nexus 9300 EX Cisco Nexus 9500 Cisco Nexus Data Broker 3.0 Centralized and Embedded TAP and SPAN aggregation only Cisco Nexus Data Broker 2.1 and later Centralized and Embedded TAP and SPAN aggregation and inline monitoring Cisco Nexus Data Broker 3.1 Centralized and Embedded TAP and SPAN aggregation only Cisco Nexus Data Broker 2.1 and later Centralized only TAP and SPAN aggregation only 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 9
The following Cisco Nexus 9500 chassis models are supported with Nexus Data Broker. Cisco Nexus 9504 Cisco Nexus 9508 Cisco Nexus 9516 The following line cards are supported with Nexus Data Broker for Cisco Nexus 9500 series chassis. N9K-X9432C-S N9K-X9408PC-CFP2 9636PQ 9536PQ 9432PQ N9K-X9564PX N9K-X9464PX N9K-X9564TX N9K-X9464TX2 Licensing and Ordering Information Table 4 provides ordering information for Cisco Nexus Data Broker. Table 4. Cisco Nexus Data Broker Software Ordering Information Part Number L-NDB-FX-SWT-K9= L-NDB-MODM-SWT- K9= L-NDB-MODL-SWT- K9= Description Cisco Nexus Data Broker License for using single Cisco Nexus Fixed Switch in TAP/SPAN aggregation mode Cisco Nexus Data Broker License for using single Cisco Nexus Modular Chassis (Up to 6 slots) Switch in TAP/SPAN aggregation mode (Cisco Nexus 9504 switch) Cisco Nexus Data Broker License for using single Cisco Nexus Modular Chassis (> 6 slots) Switch in TAP/SPAN aggregation mode (Cisco Nexus 9508 and Cisco Nexus 9516 switches) Cisco Capital Financing to Help You Achieve Your Objectives Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more. For More Information For more information about Cisco Nexus Data Broker, please visit http://www.cisco.com/go/nexusdatabroker or contact your local Cisco account representative. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 9
Printed in USA C78-729452-10 06/17 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 9