Cisco Nexus Data Broker

Similar documents
Cisco Nexus Data Broker for Network Traffic Monitoring and Visibility

Cisco Nexus 9500 Platform Line Cards and Fabric Modules

Cisco Extensible Network Controller

Cisco Application Centric Infrastructure

VXLAN Overview: Cisco Nexus 9000 Series Switches

Cisco ASR 1000 Series Ethernet Line Cards

Cisco ASR 1000 Series Ethernet Line Cards

Cisco Tetration Platform: Network Performance Monitoring and Diagnostics

Cisco UCS Central Software

Configuring TAP Aggregation and MPLS Stripping

Configuring Tap Aggregation and MPLS Stripping

Configuring TAP Aggregation and MPLS Stripping

Cisco Nexus 9500 Platform Switches for Cisco Application Centric Infrastructure

Cisco Nexus 9500 R-Series

Cisco Nexus 9500 Platform Switches for Cisco Application Centric Infrastructure

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

Designing and Implementing Cisco Network Programmability (NPDESI) v1.0

Cisco Virtual Networking Solution for OpenStack

Cisco HyperFlex Systems

Cisco ACI Multi-Site, Release 1.1(1), Release Notes

INTELLAFLEX. Packet Aggregation Switching Solutions

Migrate from Cisco Catalyst 6500 Series Switches to Cisco Nexus 9000 Series Switches

Configuring SPAN. About SPAN. SPAN Sources

Cisco Wide Area Application Services and Cisco Nexus Family Switches: Enable the Intelligent Data Center

Cisco Data Center Network Manager 5.1

Cisco UCS Mini Software-Defined Storage with StorMagic SvSAN for Remote Offices

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Cisco Nexus 9500 Series Switches

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Cisco CRS-3 Carrier Routing System Essentials (CRS3E) Version 3.0

Cisco ACI Multi-Pod and Service Node Integration

Cisco Nexus 7000 Switches Supervisor Module

Cisco UCS Performance Manager

Cisco Application Centric Infrastructure

Ixia xstream TM 10. Aggregation, Filtering, and Load Balancing for 1GbE/10GbE Networks. Aggregation and Filtering DATA SHEET

Automate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure

Implementing Cisco IP Switched Networks (SWITCH) v2.0

Cisco Nexus 9500 Platform Common Equipment

Cisco Industrial Network Director

ACI Fabric Endpoint Learning

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

Cisco Connected Factory Accelerator Bundles

The Next Opportunity in the Data Centre

Configuring the Catena Solution

Cisco FindIT Network Manager

Five Reasons Why You Should Choose Cisco MDS 9000 Family Directors Cisco and/or its affiliates. All rights reserved.

Storage Access Network Design Using the Cisco MDS 9124 Multilayer Fabric Switch

Implementing Cisco IP Switched Networks (SWITCH) Technical Edition

Implementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches

Cisco Application Centric Infrastructure (ACI) Simulator

Cisco Industrial Network Director

Next Generation Hybrid Network Visibility Solution

Cisco CloudCenter Solution with Cisco ACI: Common Use Cases

is also based on Citrix NetScaler support for the Cisco Nexus 1110-S Virtual Services Appliance and related Cisco vpath traffic-steering technology.

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Lossless 10 Gigabit Ethernet: The Unifying Infrastructure for SAN and LAN Consolidation

Cisco SAN Analytics and SAN Telemetry Streaming

Cisco Nexus 9500 Platform Switches

Cisco Secure Network Server

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

Key Benefits Ixia xstreamtm 40 Fail -safe Inline Security NPB Offers Aggregation, Filtering, and Load Balancing for 10GbE/40GbE Networks

Cisco Nexus 9500 Platform Switches

Cisco Nexus 9500 Platform Switches

Configuring Policy-Based Redirect

The vedge Cloud router targets the follow ing main deployment use cases: 1. Extend SD-WAN Overlay into Public Cloud Environments

TAP Aggregation with DANZ

Configuring Policy-Based Redirect

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Cisco Nexus 7000 Series Virtual Device Context Deployment Scenarios and Recommended Practices

Cisco HyperFlex HX220c Edge M5

Service Graph Design with Cisco Application Centric Infrastructure

Implementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN

Intel PRO/1000 PT and PF Quad Port Bypass Server Adapters for In-line Server Appliances

Verified Scalability Limits

ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)

Ixia xbalancer. A Purpose-Built Load Balancer for 10G Networks. The Load Balancing Solution DATA SHEET. Highlights

Cisco Nexus 9508 Switch Power and Performance

Cisco Secure Network Server

Cisco ACI Virtual Machine Networking

Cisco ACI Virtual Machine Networking

Layer 4 to Layer 7 Service Insertion, page 1

Cisco HyperFlex HX220c M4 and HX220c M4 All Flash Nodes

Cisco Nexus 7000 F3-Series 6-Port 100 Gigabit Ethernet Module

Introduction to Cisco ASR 9000 Series Network Virtualization Technology

Port Mapping the Cisco Nexus 9K Switch

Cisco ONE for Access Wireless

Verified Scalability Limits

OpenFlow: What s it Good for?

Cisco CloudCenter Solution Use Case: Application Migration and Management

Cisco Application Policy Infrastructure Controller Data Center Policy Model

SharkFest 16. Cisco ACI and Wireshark. Karsten Hecker Senior Technical Instructor Fast Lane Germany. Getting Back Our Data

Cisco ACI Virtual Machine Networking

Hosted Collaboration Service Foundation

Integrating NetScaler ADCs with Cisco ACI

White Paper. OCP Enabled Switching. SDN Solutions Guide

Cisco HyperFlex HX220c M4 and HX220c M4 All Flash Nodes

Cisco Spark Hybrid Media Service

Best Practices for Building Visibility Fabrics in the Enterprise

Cisco Prime Data Center Network Manager Release 7.1

Cisco Nexus 9500 Series Switches Buffer and Queuing Architecture

Transcription:

Data Sheet Cisco Nexus Data Broker Product Overview You used to monitor traffic mainly to manage network operations. Today, when you monitor traffic you can find out instantly what is happening throughout your entire data center. And you can use this information to immediately engage your customers and increase your business advantage. But you need the right data broker software. Cisco Nexus Data Broker provides the features that a modern solution needs. Monitor Network Traffic to Gain Business Advantage Every enterprise depends on the smooth running of its business applications and the underlying infrastructure. Visibility into application traffic has traditionally been important for infrastructure operations to maintain security, resolve problems, and perform resource planning. Now, however, as a result of technological advances and the ubiquity of the Internet, organizations increasingly are seeking not just visibility but real-time feedback about their business systems to more effectively engage their customers. Essentially, traffic monitoring is evolving from a tool to manage network operations to a tool for achieving smart business agility that can materially affect the revenue of the business. In addition to out-of-band traffic monitoring, migration to 40 or 100 Gbps in aggregation and core network infrastructure is presenting new challenges for inline traffic monitoring at the perimeter of the network. Using Cisco Nexus Data Broker and Cisco Nexus switches, Cisco provides a new software-defined approach for monitoring both out-of-band and inline network traffic. Scalable TAP and SPAN Aggregation with Cisco Nexus Data Broker Cisco Nexus Data Broker (Figure 1) is a simple, scalable, and cost-effective solution for enterprise customers who need to monitor higher-volume and business-critical traffic. It replaces traditional purpose-built matrix switches with one or more Cisco Nexus 3000 or 9000 Series Switches that you can interconnect to build a scalable network test access port (TAP) and Cisco Switched Port Analyzer (SPAN) aggregation infrastructure that supports 1, 10, 40, and 100 Gbps. And you can dedicate ports both for TAP and SPAN and for traditional Ethernet connectivity. Traffic is tapped into this bank of switches in the same manner as in a matrix network. However, because the data broker lets you interconnect the Cisco Nexus switches to build a scalable TAP and SPAN aggregation infrastructure, you can use a combination of TAP and SPAN sources to bring the copy of the production traffic to this infrastructure. You also can distribute these TAP and SPAN sources and traffic monitoring and analysis tools across multiple Cisco Nexus switches. The monitoring and analysis tools can be based in physical appliances or virtual machines. Figure 1 shows the centralized deployment architecture that the data broker supports. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 9

Figure 1. Cisco Nexus Data Broker Solution for Network Traffic Visibility Using Cisco Nexus 9000 switches, customers can build a high-density 10, 25, 40, and 100-Gbps TAP and SPAN aggregation infrastructure. Also, Cisco Nexus switches used for TAP and SPAN aggregation support hybrid mode, which allows you to use the same switch for production traffic and for TAP and SPAN aggregation. Cisco Nexus Data Broker also integrates with Cisco Application Centric Infrastructure (Cisco ACI ) fabric through the Cisco Application Policy Infrastructure Controller (APIC) to configure SPAN destinations on Cisco ACI leaf switches and set up SPAN sessions in Cisco ACI to monitor traffic. You can perform all these configurations through Nexus Data Broker s web-based GUI or REST API. With this release, Cisco Nexus Data Broker also automates configuration of ACI copy function. With these features, the Cisco approach provides superior economics, saving both capital expenditures (CapEx) and operating expenses (OpEx) when compared to the traditional matrix network approach. The Cisco approach also helps ensure short response times and full coverage as monitoring needs grow. Main Features of TAP and SPAN Aggregation Table 1 summarizes the main features and benefits of Cisco Nexus Data Broker. Table 1. Feature Main Features and Benefits of TAP and SPAN Aggregation Benefit Support for a variety of port capacities Multiple switches in topology for TAP and SPAN aggregation The data broker supports 1, 10, 25, 40, and 100-Gbps ports. The data broker supports fixed switch s (Nexus 3000, 9200, 9300 series) as well as high density modular switch s (Nexus 9500 series). The data broker software discovers the Cisco Nexus switches and associated topology for TAP and SPAN aggregation. You can configure ports as monitoring tool ports or as input TAP and SPAN ports. You can set end-device names for easy identification in the topology. IEEE 802.1 Q-in-Q to tag input source TAP and SPAN ports * Symmetric hashing or symmetric load balancing * You can tag traffic with a VLAN for each input TAP or SPAN port. Q-in-Q in edge TAP and SPAN ports can uniquely identify the source of traffic and preserve production VLAN information. You can configure hashing based on Layer 3 (IP address) or Layer 3 plus Layer 4 (protocol ports) to load-balance the traffic across a port-channel link. You can spread the traffic across multiple tool instances to accommodate high-traffic-volume scale. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 9

Feature Rules for matching monitored traffic Layer 7 monitoring for HTTP traffic * User defined filtering Multiprotocol Label Switching (MPLS) label stripping * Traffic replication and forwarding Benefit You can match traffic based on Layer 1 through Layer 4 criteria for both IPv4 and IPv6. With advance filtering support, now you can match on TCP/IP flags in addition to other standard Layer-2 and Layer-3 parameters. You can configure the software to send only the required traffic to the monitoring tools without flooding the tools with unnecessary traffic. You can match on HTTP methods such as GET and PUT and perform specific actions for that traffic. This feature can help reduce the volume of traffic sent to any Websense tools. For IPv4 packets, you can match for a pattern by specifying an offset within the first 128 bytes of the packet. For example, if you want to matchin on VNI (Virtual Network Indentifier) for VXLAN packets. You can filter MPLS packets by enabling MPLS label stripping. You can aggregate traffic from multiple input TAP and SPAN ports that can be spread across multiple Cisco Nexus switches. You can configure the software to replicate and forward traffic to multiple monitoring tools, which can be connected across multiple Cisco Nexus switches. This solution is the only solution that supports any-to-many forwarding across a topology. Time stamping ** You can time-stamp a packet at ingress using the Precision Time Protocol (PTP; IEEE 1588), thereby providing nanosecond accuracy. You can use this capability to monitor critical transactions and archive data for regulatory compliance and advanced troubleshooting. Packet truncation ** You can configure the software to truncate a packet beyond a specified number of bytes. The minimum packet size is 64 bytes. You can retain a header for only analysis and troubleshooting. You can configure the software to discard the payload for security or compliance reasons. Response to changes in the TAP and SPAN aggregation network state End-to-end path visibility Management for multiple disjointed Cisco Nexus Data Broker networks IPv6 support for Management Automation of SPAN configuration in production network Export Nexus Data Broker configuration Role Based Access Control You can monitor and keep track of network condition changes. You can respond to link or node failures by automatically reprogramming the flows through an alternative path. For each traffic-forwarding rule, the solution provides complete end-to-end path visibility all the way from the source ports to the monitoring tools, including the path through the network. You can manage multiple independent TAP and SPAN aggregation networks using the same data broker instance. Communication between Nexus Data Broker software and switches is supported over IPv6 management interfaces. IPv6 support for High Availability and Clustering. Cisco ACI integration for span destination, access SPAN and copy function automation. Automate SPAN destination and SPAN configuration when using Cisco Nexus 9000 series or Nexus 3000 series switches in production. Easy export of Nexus Data Broker configuration to replicate the installation in other instances. Integration with external AAA servers using LDAP or TACACS or RADIUS protocols for user authentication and authorization. * Feature supported on Cisco Nexus 3100 and 3200 s and Cisco Nexus 9000 Series Switches ** Feature supported only on Cisco Nexus 3500 Series Switches Cisco Application Centric Infrastructure Integration Cisco Nexus Data Broker integrates with Cisco ACI to configure SPAN sessions and/or Copy function to monitor traffic within Cisco ACI fabric (Figure 2). This integration eliminates the need for the user to separately configure SPAN sessions or Copy function in the APIC. The data broker supports the following functions through the web GUI and REST API: You can set up Cisco ACI leaf ports as SPAN destinations. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 9

You can configure SPAN sessions in Cisco ACI using leaf ports or endpoint groups (EPGs) as SPAN sources. You can automatically periodically synchronize SPAN session information with the APIC. You can update SPAN sessions automatically based on EPG port association changes. You can directly redirect SPAN traffic to monitoring tools connected to the data broker on Cisco Nexus switches. The Cisco Nexus Data Broker performs all these configurations through the APIC REST interface. Figure 2. Cisco Nexus Data Broker with Cisco ACI Automated SPAN Configuration in Production Network You can now add production switches in Cisco Nexus Data Broker and automate SPAN destination and session configuration. This capability allows administrators to use a single interface to bring in traffic for monitoring purposes: You can configure interfaces connecting to a Cisco Nexus Data Broker switch as a SPAN destination. You can configure SPAN sessions using one or more source ports or VLANs. You can directly redirect SPAN traffic to monitoring tools connected to the data broker on Cisco Nexus switches. In the current software release, the production network must consist of Cisco Nexus 9000 or 3000 Series Switches in standalone Cisco NX-OS Software mode. This setup requires Cisco NX-API to be enabled for discovery and configuration. Scalable Traffic Monitoring with Cisco Nexus Data Broker Inline Option Today, with ever-higher volumes of traffic traversing the WAN and Internet, organizations are migrating their aggregation and core infrastructure to 40 Gbps and greater. In addition, today s security environment demands multiple proactive inline security tools, such as intrusion prevention systems (IPSs) and web filtering tools, at the perimeter of the network for strong, layered security. Because of the high volume of traffic, these security tools themselves can become bottlenecks and single points of failure. To address these concerns, customers need a 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 9

solution that can adapt to increasing traffic volumes, provide flexible connections for both production infrastructure and inline tools, and provide cost-effective deployment options. The Cisco Nexus Data Broker Inline option allows you to insert one or more Cisco Nexus 3000 Series or 9300 switches in your production infrastructure to which these security tools (or service nodes) are connected (Figure 3). Using the data broker software, you can configure redirection policies that can match specific traffic and redirect it through multiple security tools before the traffic enters or exits your data center. Cisco s solution also automatically adapts to failure scenarios by bypassing the service nodes. It also provides the option to completely bypass all security tools for any emergency troubleshooting. Figure 3. Cisco Nexus Data Broker Inline Traffic Monitoring Main Features of Inline Monitoring Table 2 lists the main features and benefits of the Cisco Nexus Data Broker Inline traffic monitoring option. Table 2. Feature Main Features and Benefits of Inline Monitoring Benefit Support for a variety of port capacities and densities Flexible port definition option Symmetric hashing or symmetric load balancing Support for multiple service nodes Implicit tagging to distinguish traffic from different ingress ports Service-node status check using heartbeat messages Automatic service-node removal Default fail-safe option The Cisco Nexus Data Broker Inline option supports 10-, 40-, and 100-Gbps connections to the production network switches and routers. Any port can be used as a production connection port or as a security tool (service node) port. Multiple production ingress and egress connections are supported on the same switch. You can configure hashing based on Layer 3 (IP address) or Layer 3 plus Layer 4 (protocol ports) to load-balance the traffic across multiple security tool instances to accommodate high traffic volumes. You can match traffic based on Layer 1 through Layer 4 criteria. You can create a redirection policy to direct the traffic through multiple security tools. To identify traffic uniquely across each ingress and egress port, traffic is implicitly tagged with a VLAN ID. The VLAN ID is stripped implicitly before the traffic is sent through an egress port. By sending heartbeat messages to the service nodes, the data broker can determine a node s functional state. Automatically bypass the service node if heartbeat packets are not received. If a port connected to a service node fails, that service node is automatically removed from the path. The data broker automatically configures the fail-safe option to send the traffic directly from an ingress port to an egress port. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 9

Feature Automatic copy function for out-ofband traffic monitoring End-to-end path visibility Benefit You can copy traffic for out-of-band traffic monitoring. Traffic can be copied from the ingress or egress port or both. For each redirection, the solution provides complete end-to-end path visibility from the ingress port to the egress port, including the path through the service nodes. Cisco Nexus Data Broker Access Mechanisms You can access the Cisco Nexus Data Broker application through the web-based GUI or REST API. Figures 4 and 5 show the GUI and REST API access mechanisms, respectively, to connect to the data broker. Figure 4. Cisco Nexus Data Broker Application GUI Access Mechanism Figure 5. Cisco Nexus Data Broker Application REST API Access Mechanism 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 6 of 9

Cisco Nexus Data Broker Embedded If you want to run Cisco Nexus Data Broker using a single Cisco Nexus 3000 or 9000 Series Switch in your topology, you can run the data broker software on the switch itself using the Embedded function (Figure 6). Cisco Nexus Data Broker Embedded is provided as an open virtual appliance (OVA) that you can deploy in the Linux container of the Cisco Nexus switch. After you download this OVA file to the switch, you must activate it, and by default the data broker uses the management interface IP address of the Cisco Nexus switch. All features of the data broker application are available with this option except: Clustering and high availability Management for multiple switches in the network topology Figure 6. Cisco Nexus Data Broker Embedded Device Support Matrix for Cisco Nexus Data Broker Table 3 lists the supported Cisco Nexus Data Broker software for the various Cisco Nexus switches. Table 3. Cisco Nexus Data Broker Application Device Support Matrix Device Model Cisco Nexus Data Broker Software Deployment Mode Supported Supported Use Cases Cisco Nexus 3100 Cisco Nexus 3164Q Switch Cisco Nexus 3200 All Cisco Nexus Data Broker releases Centralized and Embedded TAP and SPAN aggregation and inline monitoring Cisco Nexus Data Broker 2.2 and later Centralized and Embedded TAP and SPAN aggregation only Cisco Nexus Data Broker 3.0 Centralized and Embedded TAP and SPAN aggregation and inline monitoring Cisco Nexus 3500 Series Cisco Nexus Data Broker 2.0 and later Centralized and Embedded TAP and SPAN aggregation only Cisco Nexus 9200 Cisco Nexus 9300 Cisco Nexus 9300 EX Cisco Nexus 9500 Cisco Nexus Data Broker 3.0 Centralized and Embedded TAP and SPAN aggregation only Cisco Nexus Data Broker 2.1 and later Centralized and Embedded TAP and SPAN aggregation and inline monitoring Cisco Nexus Data Broker 3.1 Centralized and Embedded TAP and SPAN aggregation only Cisco Nexus Data Broker 2.1 and later Centralized only TAP and SPAN aggregation only 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 7 of 9

The following Cisco Nexus 9500 chassis models are supported with Nexus Data Broker. Cisco Nexus 9504 Cisco Nexus 9508 Cisco Nexus 9516 The following line cards are supported with Nexus Data Broker for Cisco Nexus 9500 series chassis. N9K-X9432C-S N9K-X9408PC-CFP2 9636PQ 9536PQ 9432PQ N9K-X9564PX N9K-X9464PX N9K-X9564TX N9K-X9464TX2 Licensing and Ordering Information Table 4 provides ordering information for Cisco Nexus Data Broker. Table 4. Cisco Nexus Data Broker Software Ordering Information Part Number L-NDB-FX-SWT-K9= L-NDB-MODM-SWT- K9= L-NDB-MODL-SWT- K9= Description Cisco Nexus Data Broker License for using single Cisco Nexus Fixed Switch in TAP/SPAN aggregation mode Cisco Nexus Data Broker License for using single Cisco Nexus Modular Chassis (Up to 6 slots) Switch in TAP/SPAN aggregation mode (Cisco Nexus 9504 switch) Cisco Nexus Data Broker License for using single Cisco Nexus Modular Chassis (> 6 slots) Switch in TAP/SPAN aggregation mode (Cisco Nexus 9508 and Cisco Nexus 9516 switches) Cisco Capital Financing to Help You Achieve Your Objectives Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more. For More Information For more information about Cisco Nexus Data Broker, please visit http://www.cisco.com/go/nexusdatabroker or contact your local Cisco account representative. 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 8 of 9

Printed in USA C78-729452-10 06/17 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 9 of 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback