Cisco Nexus Data Broker Embedded: Implementation Quick- Start Guide

Similar documents
Cisco Nexus Data Broker for Network Traffic Monitoring and Visibility

Cisco Tetration Analytics, Release , Release Notes

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Release Notes. Dell SonicWALL Security firmware is supported on the following appliances: Dell SonicWALL Security 200

BMC Remedyforce Integration with Remote Support

Cisco Smart Software Manager satellite

Getting Started with the SDAccel Environment on Nimbix Cloud

Launching Xacta 360 Marketplace AMI Guide June 2017

Packet Tracer - Configuring a Zone-Based Policy Firewall (ZPF)

BMC Remedyforce Integration with Bomgar Remote Support

CounterSnipe Software Installation Guide Software Version 10.x.x. Initial Set-up- Note: An internet connection is required for installation.

App Orchestration 2.6

Adverse Action Letters

1 Getting and Extracting the Upgrader

NiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel

Xerox Security Bulletin XRX12-007

Frequently Asked Questions

Dear Milestone Customer,

SafeDispatch SDR Gateway for MOTOROLA TETRA

2. What is the most cost-effective method of solving interface congestion that is caused by a high level of traffic between two switches?

Dynamic Storage (ECS)

WorldShip PRE-INSTALLATION INSTRUCTIONS: INSTALLATION INSTRUCTIONS: Window (if available) Install on a Single or Workgroup Workstation

These tasks can now be performed by a special program called FTP clients.

Wave IP 4.5. CRMLink Desktop User Guide

DIVAR IP 3000 Field Installation Guide

Dolby Conference Phone Support Frequently Asked Questions

1 Getting and Extracting the Upgrader

1. What is a characteristic of Frame Relay that provides more flexibility than a dedicated line?

Campuses that access the SFS nvision Windows-based client need to allow outbound traffic to:

CCNA Security v2.0 Chapter 9 Exam Answers

CMC Blade BIOS Profile Cloning

CCNA 1 Chapter v5.1 Answers 100%

CCNA 3 Chapter 2 v5.0 Exam Answers 2015 (100%)

Quick Guide on implementing SQL Manage for SAP Business One

Enterprise Installation

2. When logging is used, which severity level indicates that a device is unusable?

1 Getting and Extracting the Upgrader

File Share Navigator Online

August 22, 2006 IPRO Tech Client Services Tip of the Day. Concordance and IPRO Camera Button / Backwards DB Link Setup

IMC QoS Manager 7.3 (E0502) Copyright 2015, 2016 Hewlett Packard Enterprise Development LP

Oracle Universal Records Management Oracle Universal Records Manager Adapter for Documentum Installation Guide

Telkom VPN-Lite router setup User Manual Billion 800VGT

Secure File Transfer Protocol (SFTP) Interface for Data Intake User Guide

CCNA Security v2.0 Chapter 10 Exam Answers

Interoperability between ProCurve WESM zl and HP ipaq Voice Messenger smartphone

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

Avigilon Control Center Server User Guide. Version 6.4

Trimble Survey GNSS Firmware Version 4.81 (July 2013)

Your New Service Request Process: Technical Support Reference Guide for Cisco Customer Journey Platform

USER MANUAL. RoomWizard Administrative Console

I. Introduction: About Firmware Files, Naming, Versions, and Formats

Please contact technical support if you have questions about the directory that your organization uses for user management.

TECHNICAL REQUIREMENTS

User Guide. Document Version: 1.0. Solution Version:

CNS-222-1I: NetScaler for Apps and Desktops

Gemini Intercom Quick Start Guide

EView/400i Management Pack for Systems Center Operations Manager (SCOM)

Troubleshooting Citrix- Published Resources Configuration in VMware Identity Manager

2. When an EIGRP-enabled router uses a password to accept routes from other EIGRP-enabled routers, which mechanism is used?

DELL EMC VxRAIL vcenter SERVER PLANNING GUIDE

I. Introduction: About Firmware Files, Naming, Versions, and Formats

Avigilon Control Center Server User Guide. Version 6.8

UDS Enterprise Configuring UDS Enterprise in HA

istartsmart 3.5 Upgrade - Installation Instructions

UiPath Automation. Walkthrough. Walkthrough Calculate Client Security Hash

Release Notes. Dell SonicWALL Security BETA

Admin Report Kit for Exchange Server

UPGRADING TO DISCOVERY 2005

Telkom VPN-Lite router setup User Manual Billion 810VGTX

CCNA Security v2.0 Chapter 2 Exam Answers

Planning, installing, and configuring IBM CMIS for Content Manager OnDemand

Establishing two-factor authentication with FortiGate and HOTPin authentication server from Celestix Networks

CMS and e-commerce Solutions. version 1.0. Please, visit us at: or contact directly by

This document describes new features and resolved issues for Intelligent Scene Analysis System

CommandCenter Secure Gateway Release Virtual CC

This document lists hardware and software requirements for Connected Backup

CaseWare Working Papers. Data Store user guide

Re-Flashing Your CDM-760 Advanced High-Speed Trunking Modem

Quick Start Guide. Basic Concepts. DemoPad Designer - Quick Start Guide

HW4 Software Version 3.4.1

Using HP Smart Update Manager with HP Integrity Servers

HW4 Software version 3. Device Manager and Data Logging LOG-RC Series Data Loggers

Interoperability between ProCurve WESM zl and Siemens Gigaset SL75 wireless phone

VMware EVO:RAIL Customer Release Notes

Client Configurations

AvePoint Discovery Tool 3.5. User Guide

Troubleshooting Citrix- Published Resources Configuration in VMware Identity Manager

Release Type: Firmware Software Hardware New Product

Xilinx Answer Xilinx PCI Express DMA Drivers and Software Guide

Paraben s Phone Recovery Stick

Application Note. Digi Connect Wi-SP Troubleshooting Guide. Digi Technical Support 10 May 2016

BANNER BASICS. What is Banner? Banner Environment. My Banner. Pages. What is it? What form do you use? Steps to create a personal menu

CCNA 1 Chapter v5.1 Answers 100%

The screenshots/advice are based on upgrading Controller 10.1 RTM to 10.1 IF6 on Win2003

CCNA 1 Chapter v5.1 Answers 100%

Cisco EPN Manager Network Administration

ROCK-POND REPORTING 2.1

WebEx Web Conferencing Quick Start Guide

MySabre API RELEASE NOTES MYSABRE API VERSION 2.0 (PART OF MYSABRE RELEASE 7.0) OCTOBER 28, 2006 PRODUCTION

SMART Room System for Microsoft Lync. Software configuration guide

Transcription:

Cisc Nexus Data Brker Embedded: Implementatin Quick- Start Guide Table f Cntents What Yu Will Learn... 2 Cisc Nexus Data Brker Slutin Overview... 2 Cisc Nexus Data Brker Slutin Lab Setup Tplgy... 3 Enabling Cisc Plug- in fr OpenFlw n Cisc Nexus 3000 Series and Cisc Nexus 9300 Platfrm Switches... 5 Enabling Hardware Supprt fr Cisc Plug- in fr OpenFlw... 5 Installing and Activating Cisc Plug- in fr OpenFlw... 6 Cnfiguring the Cisc Plug- in fr OpenFlw... 7 Enabling Cnfiguratin fr Cisc Nexus 9300, Cisc Nexus 3100 and Cisc Nexus 3200 Series Switches fr Cisc NX- API Mde... 8 Enabling Cisc Nexus Data Brker Embedded Slutin n Cisc Nexus 3000 series and Cisc Nexus 9300 Series Switches... 10 Installing and Activating the Cisc Nexus Data Brker Embedded Slutin... 10 Checking the Status f the Switch Cnnectin t the Cisc Nexus Data Brker Embedded Slutin... 11 Initial Cisc Nexus Data Brker Embedded Cnfiguratin... 11 Cisc Nexus Data Brker Cnfiguratin... 12 Cnfiguring Prt Types and Mapping Mnitring Tls... 12 Cnfiguring Edge Prts... 13

Cnfiguring Delivery Prts... 13 Cnfiguring Filters t Match Netwrk Traffic... 13 Cnclusin... 16 Fr Mre Infrmatin... 16 What Yu Will Learn This dcument prvides a quick-start cnfiguratin guide fr implementing the Cisc Nexus Data Brker embedded slutin, which is an n-switch deplyment ptin fr netwrk traffic visibility using a single Cisc Nexus 3000 Series Switch r Cisc Nexus 9300 platfrm switch fr test access pint (TAP) and Cisc Switched Prt Analyzer (SPAN) aggregatin. This dcument includes the steps fr cnfiguring: Cisc Plug-in fr OpenFlw n the Cisc Nexus 3000 Series and Cisc Nexus 9300 platfrm switches Cisc Nexus Data Brker applicatin n the Cisc Nexus 3000 Series and Cisc Nexus 9300 platfrm switches Cisc NX-API cnfiguratin n the Cisc Nexus 3000 and Cisc Nexus 9300 Series Switches Disclaimer: This dcument des nt replace the cnfiguratin guide published fr the prducts. Fr a list f applicable cnfiguratin guides, please see the Fr Mre Infrmatin sectin at the end f this dcument. Cisc Nexus Data Brker Slutin Overview The Cisc Nexus Data Brker replaces a purpse-built matrix netwrk with ne r mre Cisc Nexus 3000 r 9000 Series Switches fr netwrk TAP and SPAN aggregatin. The traffic is tapped int this bank f Cisc Nexus 3000 r 9000 Series Switches in the same manner as in a matrix netwrk. Hwever, with the Cisc Nexus Data Brker applicatin, traffic can be filtered and frwarded t the right tls. The filtering and frwarding rules can change dynamically n the basis f business lgic, allwing unique traffic patterns t flw directly t the tls in real time. In additin, because the Cisc Nexus Data Brker supprts cmmn prgrammable interfaces such as Java and representatinal state transfer (REST), netwrk peratrs can write applicatins t detect and capture unique traffic, clsing any cverage gaps. Custmers wh want t run Cisc Nexus Data Brker using a single Cisc Nexus 3000 Series r Cisc Nexus 9300 platfrm switch in their netwrk have the ptin t run Cisc Nexus Data Brker in the Linux cntainer f the switch itself using embedded mde. Cisc Nexus Data Brker embedded sftware is distributed as an pen virtual appliance (OVA) that can be deplyed in the Cisc Nexus switch s Linux cntainer. All features f Cisc Nexus Data Brker are available in this ptin as well except: Clustering and high availability Page 2 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

Management fr multiple switches fr netwrk TAP r SPAN aggregatin Table 1 summarizes the main features and functins available with the Cisc Nexus Data Brker embedded slutin. Table 1 Main Features Feature Supprt fr a variety f prt capacities Supprt fr TAP and SPAN aggregatin Supprt fr IEEE 802.1 Q-in-Q t tag input surce TAP and SPAN prt* Symmetric hashing r symmetric lad balancing* Rules fr matching mnitred traffic Layer 7 mnitring fr HTTP traffic* Multiprtcl Label Switching (MPLS) label stripping* Traffic replicatin and frwarding Time stamping** Packet truncatin** End-t-end path visibility Benefit The data brker supprts 1-, 10-, 40-, and 100-Gbps prts. Yu can cnfigure prts as mnitring tl prts r as input TAP and SPAN prts. Yu can set end-device names fr easy identificatin in the tplgy. Yu can tag traffic with a VLAN fr each input TAP r SPAN prt. Q-in-Q in edge TAP and SPAN prts can uniquely identify the surce f traffic and preserve prductin VLAN infrmatin. Yu can cnfigure hashing based n Layer 3 (IP address) r Layer 3 plus Layer 4 (prtcl prts) t lad-balance the traffic acrss a prtchannel link. Yu can spread the traffic acrss multiple tl instances t accmmdate high-traffic-vlume scale. Yu can match traffic based n Layer 1 thrugh Layer 4 criteria. Yu can cnfigure the sftware t send nly the required traffic t the mnitring tls withut flding the tls with unnecessary traffic. Yu can cnfigure an actin t set the VLAN ID fr the matched traffic. Yu can match n HTTP methds such as GET and PUT and take specific actins fr that traffic. This feature can help reduce the vlume f traffic sent t any Websense tls. Yu can filter MPLS packets by enabling MPLS label stripping. Yu can aggregate traffic frm multiple input TAP and SPAN prts. Yu can cnfigure the sftware t replicate and frward traffic t multiple mnitring tls. This slutin is the nly slutin that supprts any-t-many frwarding. Yu can time-stamp a packet at ingress using the Precisin Time Prtcl (PTP; IEEE 1588), thereby prviding nansecnd accuracy. Yu can use this capability t mnitr critical transactins and archive data fr regulatry cmpliance and advanced trubleshting. Yu can cnfigure the sftware t truncate a packet beynd a specified number f bytes. The minimum packet size is 64 bytes. Yu can retain a header fr nly analysis and trubleshting. Yu can cnfigure the sftware t discard the paylad fr security r cmpliance reasns. Fr each traffic-frwarding rule, the slutin prvides cmplete end-tend path visibility all the way frm the surce prts t the mnitring tls. Cisc Nexus Data Brker Slutin Lab Setup Tplgy This slutin implementatin guide presents the steps yu need t cmplete t set up the Cisc Nexus Data Brker embedded slutin. Fllwing are the prerequisites yu need t implement befre yu set up the slutin: Page 3 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

Dwnlad the Cisc Nexus Data Brker embedded zip file frm Cisc.cm: https://sftware.cisc.cm/dwnlad/release.html?mdfid=286281492&sft wareid=286281554&release=3.0.0&relind=available&rellifecycle=&reltyp e=latest&i=rm. Use Table 2 t select the file t dwnlad. Table 2 Cisc Nexus Data Brker Dwnlad File Matrix Cisc Nexus Switch Cisc NX-OS Versin File t Dwnlad Cisc Nexus 3000 Series and Cisc Cisc NX-OS Release 7.0(3)I2(2a) ndb1000- sw- app- emb- 3.0.0- Nexus 3100 and 9300 platfrms in OpenFlw mde fa_mmemb- 2.1.3- r1- nxs- SPA- k9.zip Cisc Nexus 9300 platfrm and Cisc NX-OS Release 7.0(3)I2(2a) ndb1000- sw- app- emb- nxapi- 3.0.0- Cisc Nexus 3100 series in NX-API mde k9.zip Cisc Nexus 3000 and 3500 Series Cisc NX-OS Release 6.0(2)X in ndb1000- sw- app- emb- 3.0.0- and Cisc Nexus 3100 platfrm OpenFlw mde fa_mmemb- 1.1.5- r3- n3000- SPA- k9.zip If the embedded deplyment mde is OpenFlw: Cpy the Cisc Nexus Data Brker embedded zip file t a directry; then extract the file. The zip file cntains tw OVA files. Cpy the tw OVA files t btflash memry n the Cisc Nexus 3000 Series r Cisc Nexus 9300 platfrm switch n which the Cisc Nexus Data Brker embedded slutin will be implemented. Upgrade the Cisc NX- OS Sftware n the Cisc Nexus switches: Fr Cisc Nexus 3000 Series and Cisc Nexus 3100 platfrm switches, use ne f the fllwing: Cisc NX- OS Release 6.0(2)U6(3) Cisc NX- OS Release 7.0(3)I2(2a) Fr Cisc Nexus 3500 Series and Cisc Nexus 3500- X platfrm switches, upgrade NX- OS t Cisc NX- OS Release 6.0(2)A6(5). Fr each Cisc Nexus 9300 platfrm switch, upgrade NX- OS t Cisc NX- OS Release 7.0(3)I2(2a). Figure 1 shws the mnitring netwrk (TAP aggregatin) tplgy used in the cnfiguratin steps in this dcument. Five TAPs and five mnitring devices (traffic analyzers) are cnnected t the Cisc Nexus 3000 Series r Cisc Nexus 9300 platfrm switch used t demnstrate the Cisc Nexus Data Brker embedded cnfiguratin. Figure 1 Mnitring Netwrk Tplgy Page 4 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

Cnnect ptical TAPs t Ethernet prts 1/10 thrugh 1/14 n the Cisc Nexus switch. Cnnect traffic analyzer devices t Ethernet prts 1/41 thrugh 1/45 n the Cisc Nexus switch. Enabling Cisc Plug- in fr OpenFlw n Cisc Nexus 3000 Series and Cisc Nexus 9300 Platfrm Switches This sectin assumes that the fllwing prerequisites have been met: Fr each switch designated fr TAP and SPAN aggregatin, NX- OS is upgraded t the recmmended versin. The crrect Cisc Plug- in fr OpenFlw agent is dwnladed and available in the btflash memry f the switch. The management IP address is cnfigured n the switch, and the switch can cmmunicate with the server n which the Cisc Nexus Data Brker sftware will be installed. The prcess t enable the Cisc Plug- in fr OpenFlw cnsists f the fllwing steps: Enable hardware supprt fr Cisc Plug- in fr OpenFlw. Install and activate Cisc Plug- in fr OpenFlw. Cnfigure Cisc Plug- in fr OpenFlw. Enabling Hardware Supprt fr Cisc Plug- in fr OpenFlw Use the steps shwn here t enable hardware supprt fr Cisc Plug- in fr OpenFlw and t enable the Cisc NXAPI fr auxiliary cnfiguratin. Yu need t implement these steps n the Cisc Nexus 3000 Series r Cisc Nexus 9300 platfrm Page 5 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

switch that is part f the Cisc Nexus Data Brker slutin. The deplyment uses the tplgy shwn in Figure 1. Fllwing are the cnfiguratin cmmands that need t be run n the Cisc Nexus 3000 Series r Cisc Nexus 9300 platfrm switches. Cmmands fr Cisc Nexus 3000, 3100, 3200, 3500 Series and 9300 platfrm switches enable cnfigure terminal spanning- tree mde mst vlan 1-3967 n spanning- tree vlan 1-3967 If switch is a Cisc Nexus 3000 Series r Cisc Nexus 3100 platfrm: hardware prfile penflw hardware prfile tcam regin qs 0 hardware prfile tcam regin racl 0 hardware prfile tcam regin vacl 0 hardware prfile tcam regin ifacl 1024 duble- wide If switch is a Cisc Nexus 3500 Series: hardware prfile tcam regin qs 0 hardware prfile tcam regin racl 0 hardware prfile tcam regin vacl 0 hardware prfile tcam regin ifacl 1024 duble- wide hardware prfile frwarding- mde penflw- hybrid If switch is a Cisc Nexus 3200 Series: hardware access- list tcam regin e- racl 0 hardware access- list tcam regin span 0 hardware access- list tcam regin redirect 0 hardware access- list tcam regin vpc- cnvergence 0 hardware access- list tcam regin racl- lite 256 hardware access- list tcam regin l3qs- intra- lite 0 hardware access- list tcam regin ifacl 256 duble- wide hardware access- list tcam regin penflw 256 If switch is a Cisc Nexus 9300 platfrm: hardware access- list tcam regin qs 0 hardware access- list tcam regin vacl 0 hardware access- list tcam regin racl 0 hardware access- list tcam regin vpc- cnvergence 0 hardware access- list tcam regin ifacl 1024 duble- wide hardware access- list tcam regin penflw 512 exit cpy running- cnfig startup- cnfig relad Installing and Activating Cisc Plug- in fr OpenFlw Fllw the steps shwn here t install and activate the Cisc Plug- in fr OpenFlw. This example assumes that the OpenFlw OVA filename is fa_mmemb- 1.1.5- r3- n3000- SPA- k9.va, and that it is dwnladed and available in the btflash memry f the Cisc Nexus 3000 Series Switch. Page 6 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

enable virtual- service install name fa package btflash: fa_mmemb-1.1.5-r3-n3000-spak9.va Use the fllwing shw cmmand t check the status f the virtual-service installatin: shw virtual- service list After the status f the virtual service becmes listed as Installed, run the fllwing cmmands t activate the service: cnfigure terminal virtual- service fa activate end cpy running- cnfig startup- cnfig Use the shw virtual-service list cmmand t verify that the service status is changed t Activated. This change prcess may take up t 2 minutes. Cnfiguring the Cisc Plug- in fr OpenFlw T cnfigure the Cisc Plug- in fr OpenFlw, yu need t cnfigure OpenFlw prts, prvide the Cisc Nexus Data Brker IP address, and assciate the OpenFlw prts with the lgical switch. All the prts that will be enabled fr OpenFlw need t be set as trunk prts. The cnfiguratin cmmands shwn here need t be present fr each OpenFlw- enabled interface (use interface ranges wherever applicable t cnfigure multiple interfaces at the same time). Cmmands fr Cisc Nexus 3000 and 3100 Series and 3500 Series and Cisc Nexus 3200 and Cisc Nexus 9300 platfrm switches enable cnfigure terminal interface Ethernet 1/10-14, Ethernet1/41-45 switchprt switchprt mde trunk n shutdwn end cpy running- cnfig startup- cnfig T cnfigure the OpenFlw lgical switch, yu need t prvide the IP address and prt infrmatin fr Cisc Nexus Data Brker embedded and include the OpenFlw- enabled prts. In the Cisc Nexus Data Brker embedded cnfiguratin, use the Cisc Nexus 3000 Series Switch management interface IP address as the Cisc Nexus Data Brker IP address. This cnfiguratin example assumes that 10.10.10.10 is the management interface IP address f the Cisc Nexus 3000 Series Switch. Cmmands fr Cisc Nexus 3000 and 3100 Series and Cisc Nexus 3200 and Cisc Nexus 9300 platfrm switches Page 7 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

penflw switch 1 pipeline 201 cntrller ipv4 10.10.10.10 prt 6653 vrf management security nne f- prt interface ethernet1/10 f- prt interface ethernet1/11 f- prt interface ethernet1/12 f- prt interface ethernet1/13 f- prt interface ethernet1/14 f- prt interface ethernet1/41 f- prt interface ethernet1/42 f- prt interface ethernet1/43 f- prt interface ethernet1/44 f- prt interface ethernet1/45 end cpy running- cnfig startup- cnfig Cmmands fr Cisc Nexus 3500 Series Switches penflw switch 1 default- miss cascade drp pipeline 203 cntrller ipv4 10.10.10.10 prt 6653 vrf management security nne f- prt interface ethernet1/10 f- prt interface ethernet1/11 f- prt interface ethernet1/12 f- prt interface ethernet1/13 f- prt interface ethernet1/14 f- prt interface ethernet1/41 f- prt interface ethernet1/42 f- prt interface ethernet1/43 f- prt interface ethernet1/44 f- prt interface ethernet1/45 end cpy running- cnfig startup- cnfig Enabling Cnfiguratin fr Cisc Nexus 9300, Cisc Nexus 3100 and Cisc Nexus 3200 Series Switches fr Cisc NX- API Mde This sectin is applicable nly if yu chse t use the embedded ptin n Cisc Nexus 9300 platfrm switches in NX- API mde fr TAP and SPAN aggregatin. This sectin assumes that the fllwing prerequisites have been met: Fr each Cisc Nexus 9300 platfrm and Cisc Nexus 3100 series switch, NX- OS is upgraded t Cisc NX- OS Release 7.0(3)I2(2a). The management IP address is cnfigured n the switch, and the switch can cmmunicate with the Cisc Nexus Data Brker server. Page 8 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

Befre yu can use Cisc Nexus Data Brker with Cisc Nexus 9300 platfrm switches, yu must cnfigure the fllwing settings: Enable Link Layer Discvery Prtcl (LLDP) and NX- API features and create VLANs in each switch. Cnfigure ternary cntent- addressable memry (TCAM) settings. Save the cnfiguratin and relad the switch. Enabling LLDP and Cisc NX- API n Each Switch T enable the LLDP and NX- API features n the Cisc Nexus 9300 platfrm and t create the VLANs, use the cnfiguratins shwn here fr each switch. enable cnfigure terminal feature lldp feature nxapi spanning- tree mde mst vlan 1-3967 n spanning- tree vlan 1-3967 end cpy running- cnfig startup- cnfig Cnfiguring TCAM Settings T recnfigure the TCAM allcatin n the Cisc Nexus 9300 platfrm and Cisc Nexus 3100 series and Cisc Nexus 3200 series switches, use the cmmands shwn here n each switch. These cmmands allcate fr IP access list and and MAC access list. Nte: Fr the TCAM recnfiguratin t take effect, yu need t rebt switch. Yu will rebt the switch at the end f the entire prcess. enable cnfigure terminal If switch is a Cisc Nexus 3000 Series r Cisc Nexus 3100 platfrm: hardware prfile tcam regin qs 0 hardware prfile tcam regin racl 0 hardware prfile tcam regin vacl 0 hardware prfile tcam regin ifacl 1024 duble- wide If switch is a Cisc Nexus 3200 Series: hardware access- list tcam regin e- racl 0 hardware access- list tcam regin span 0 hardware access- list tcam regin redirect 0 hardware access- list tcam regin vpc- cnvergence 0 hardware access- list tcam regin racl- lite 256 hardware access- list tcam regin l3qs- intra- lite 0 hardware access- list tcam regin ifacl 512 hardware access- list tcam regin mac- ifacl 256 If switch is a Cisc Nexus 9300 and Cisc Nexus 3164 switches: hardware access- list tcam regin qs 0 Page 9 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

hardware access- list tcam regin vacl 0 hardware access- list tcam regin racl 0 hardware access- list tcam regin redirect 0 hardware access- list tcam regin vpc- cnvergence 0 hardware access- list tcam regin ifacl 1024 duble- wide hardware access- list tcam regin mac- ifacl 512 end Saving the Cnfiguratin and Relading the Switches Fr the hardware TCAM cnfiguratin changes t take effect, yu need t rebt all the switches. Fllw the steps shwn here t save the cnfiguratin and relad the switch. enable cpy running- cnfig startup- cnfig relad Enabling Cisc Nexus Data Brker Embedded Slutin n Cisc Nexus 3000 series and Cisc Nexus 9300 Series Switches This sectin assumes that the fllwing prerequisites have been met: On the Cisc Nexus 3000 series and Cisc Nexus 9300 platfrm switch, the Cisc Nexus Data Brker embedded OVA file is dwnladed and available in the btflash memry. The management IP address is cnfigured n the Cisc Nexus 3000 Series Switch. On the Cisc Nexus 3000 series r Cisc Nexus 9300 platfrm switch btflash memry has at least 700 MB f free space. Installing and Activating the Cisc Nexus Data Brker Embedded Slutin Fllw the steps shwn here t install and activate the Cisc Nexus Data Brker embedded slutin n the On the Cisc Nexus 3000 series r Cisc Nexus 9300 platfrm switch. This example assumes that the Cisc Nexus Data Brker embedded file is ndb1000- sw- app- emb- k9-3.0.0.va, and that it is dwnladed and available in the btflash memry f the Cisc Nexus switch. Cmmands fr Cisc Nexus 3000 and 3100 Series and 3500 Series and Cisc Nexus 3200 and Cisc Nexus 9300 platfrm switches enable virtual- service install name ndbemb package btflash: ndb1000- sw- app- emb- k9-3.0.0.va Use the fllwing shw cmmand t check the status f the virtual-service installatin: shw virtual- service list After the status f the virtual service becmes listed as Installed, run the fllwing cmmands t activate the service: Page 10 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

cnfigure terminal virtual- service ndbemb activate end cpy running- cnfig startup- cnfig Use the shw virtual-service list cmmand t verify that the service status is changed t Activated. This change prcess may take up t 2 minutes. Checking the Status f the Switch Cnnectin t the Cisc Nexus Data Brker Embedded Slutin This step is applicable nly if Cisc Nexus Data Brker embedded ptin is used with OpenFlw mde. Use the shw cmmands presented here t verify that the switch can cnnect t the Cisc Nexus Data Brker instance. If the switch is successfully cnnected t Cisc Nexus Data Brker, the Cnnected status shuld be listed as Yes. shw penflw switch 1 cntrllers shw penflw switch 1 cntrllers stats Initial Cisc Nexus Data Brker Embedded Cnfiguratin This sectin assumes that the Cisc Nexus Data Brker applicatin is running. Bring up the Cisc Nexus Data Brker web GUI using ne f the supprted brwsers listed here (see https://10.10.10.10:8443/mnitr): Firefx 18.0 r later Ggle Chrme 24.0 r later In this cnfiguratin example, the Cisc Nexus Data Brker embedded applicatin is running n the Cisc Nexus 3000 Series Switch with management IP address 10.10.10.10. Lg int the GUI using the default credentials: Username: admin Passwrd: admin Device Discvery with Cisc Nexus 9300 and Cisc Nexus 3100 and Cisc Nexus 3200 Platfrm Switches in Cisc NX- API Mde G t Administratin screen by clicking n the Administratin tab n the tp. Yu need t edit the Cisc Nexus 9300, Cisc Nexus 3100 and Cisc Nexus 3200 platfrm switch t prvide a username and passwrd and set the cnnectin mde t NX- API. On the Cisc Nexus Data Brker Administratin page, click Devices. On the Devices, click Device Cnnectins tab. Page 11 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

The Cisc Nexus9300, 3100 r 3200 Series Switch will be already available. Click the Edit buttn. In the pp-up windw, prvide the fllwing infrmatin: Username: Lgin user name that Cisc Nexus Data Brker shuld use t cnnect t the switch Passwrd: Passwrd fr the switch Cnnectin Type: NX-API Click Edit Device Cnnectin t save the settings. Cisc Nexus Data Brker Cnfiguratin Cisc Nexus Data Brker cnfiguratin cnsists f the fllwing steps:! Cnfigure prt types and map mnitring tls.! Cnfigure filters t match traffic.! Cnfigure plicies t frward traffic t varius mnitring tls. Access the Cisc Nexus Data Brker GUI at https://10.10.10.10:8443/mnitr Cnfiguring Prt Types and Mapping Mnitring Tls The Cisc Nexus Data Brker allws yu t cnfigure a variety f prt types, including:! Edge prts (SPAN r ptical TAP)! Delivery prts Edge prts are the ingress prts thrugh which traffic enters the mnitring netwrk. Typically these are netwrk TAP r SPAN prts. Cisc Nexus Data Brker supprts the fllwing edge prts:! TAP prt: An edge prt fr incming traffic cnnected t a physical TAP wire! SPAN prt: An edge prt fr incming traffic cnnected t an upstream switch that is cnfigured as a SPAN destinatin Nte: The Edge- Tap and Edge- SPAN ptins are fr classificatin within the Cisc Nexus Data Brker applicatin nly. They d nt have any implicatins fr traffic filtering and frwarding r require changes in any netwrk cnfiguratins. Optinally, yu can als assciate a VLAN with the ingress surce prt. All packets entering the surce prt will be tagged with that VLAN ID and can be used fr input prt identificatin. Delivery prts are the egress prts thrugh which the traffic exits the mnitr netwrk. These utging prts are cnnected t external mnitring and analysis tls. When yu cnfigure a mnitring device in Cisc Nexus Data Brker, yu can assciate a name and an icn and then assciate these with the switch and the prt t which the switch is cnnected. Page 12 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

Cnfigured devices are displayed in the Mnitr Devices table n the Devices tab. An icn appears in the tplgy diagram with a line cnnecting it t the nde. Cnfiguring Edge Prts In the cnfiguratin example here, each Cisc Nexus switch has five TAP prts. The steps fr cnfiguring the edge TAP prt fr Cisc Nexus switch are shwn here. In the tplgy diagram, click the Cisc Nexus 3000 r 3500 Series r Cisc Nexus 3100 platfrm switch t cnfigure the prts. Repeat the steps prvided shwn here fr Ethernet prts 1/10 thrugh 1/14: In the list f prts fr the nde, click Click t Cnfigure fr the prt (fr example, ethernet1/10). Click the Select a Prt Type drp-dwn list and chse Edge-Tap. (Optinal) Enter a descriptin fr the edge TAP prt. (Optinal) Enter the VLAN ID if yu want t identify the input surce prt. Click Submit After cnfiguring the edge TAP prts, click the Back buttn (highlighted in blue) at the tp f the left pane. Cnfiguring Delivery Prts The cnfiguratin example shwn here uses a ttal f five mnitring tls (traffic analyzers). Here are the steps t map the mnitring tls t the switch and the prt: In the tplgy diagram, click the Cisc Nexus 3000 r 3500 Series r Cisc Nexus 3100 platfrm switch t cnfigure the prts. Repeat the steps shwn here fr Ethernet prts 1/41 thrugh 1/45: In the list f prts fr the nde, click Click t Cnfigure fr Ethernet prt 1/41. Click Add Mnitring Device. In the Add Device dialg bx: Enter the device name. Select the switch name Select the prt t which it is cnnected Chse an icn t use fr the mnitring device. Click Submit. After cnfiguring the edge TAP prts, click the Back buttn (highlighted in blue) at the tp f the left pane. Cnfiguring Filters t Match Netwrk Traffic Filters are used t define the Layer 2, Layer 3, and Layer 4 criteria used by Cisc Nexus Data Brker t filter traffic. Traffic that matches the criteria in the filter is ruted t the delivery prts t which the mnitring devices are attached. In the cnfiguratin example, use the fllwing steps if yu want t create anther filter t match all FTP traffic ging t a certain destinatin IP address: Page 13 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

Click Filters in the left hand pane, click Add Filter. In the Add Filter dialg bx, specify: Name: Match-FTP Layer 3 Destinatin IP Address: 10.17.44.3 Layer 3 Prtcl: TCP Layer 4 Destinatin Prt: FTP (Data) Leave all ther values at the default settings. Click Add Filter. In the cnfiguratin example, use the fllwing steps if yu want t create anther filter t match all User Data Prtcl (UDP) traffic fr a certain IP subnet with a certain destinatin IP address: Click Filters in the left hand pane, click Add Filter. In the Add Filter dialg bx, specify: Name: Match-UDP Bidirectinal: Select this ptin. Layer 3 Surce IP Address: 22.22.22.0/24 Layer 3 Destinatin IP Address: 10.17.44.13 Layer 3 Prtcl: UDP Layer 4 Destinatin Prt: Select the Enter Destinatin Prt ptin and enter 53 in the text bx. Leave all ther values at the default settings. Click Add Filter. Cnnectins are used t assciate filters and mnitring tls. When cnnectins are cnfigured, Cisc Nexus switches are prgrammed t frward the matching traffic t the destinatin mnitring tls. Cisc Nexus Data Brker supprts:! Multipint- t- multipint (MP2MP) frwarding: With the MP2MP frwarding path ptin, the ingress edge prt, thrugh which SPAN r TAP traffic is entering the mnitr netwrk, and the egress delivery prt bth are defined. Cisc Nexus Data Brker uses the delivery prts t direct traffic frm that ingress prt t ne r mre devices.! Any- t- multipint (A2MP): With the A2MP frwarding path ptin, the ingress edge prt f the mnitr netwrk is nt knwn, but the egress delivery prts are defined. Cisc Nexus Data Brker autmatically calculates a lp- free frwarding path frm the rt nde t all ther ndes using the Page 14 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

Single- Surce Shrtest Path (SSSP) algrithm. In the cnfiguratin example, use the fllwing steps if yu want t frward all interface traffic t Traffic Analyzer- 1, Traffic Analyzer- 3, and Traffic Analyzer- 5: Click Cnnectins n the left hand pane. Click New Cnnectin and use the fllwing parameters fr creating the new rule: Cnnectin Name: Name the rule Match-all. Select Filter: Chse Default-Match-All frm the drp-dwn list. Select Destinatin Devices: Select Traffic Analyzer 1, Traffic Analyzer 3, and Traffic Analyzer 5. Select Surce Nde: Chse NX-SW-1 frm the drp-dwn list. Select Surce Prt: Chse Ethernet1/10 frm the drp-dwn list. Click the Add Surce Prt buttn. Select Surce Prt: Chse Ethernet1/11 frm the drp-dwn list. Click the Add Surce Prt buttn. Select Surce Prt: Chse Ethernet1/12 frm the drp-dwn list. Click the Add Surce Prt buttn. Click Submit. In the cnfiguratin example, use the fllwing steps if yu want t frward all UDP traffic t Traffic- Analyzer- 2 and Traffic- Analyzer- 4: Click Cnnectins n the left hand pane. Click New Cnnectin and use the fllwing parameters fr creating the new rule: Cnnectin Name: Name the rule Match-UDP. Select Filter: Chse Match-UDP frm the drp-dwn list. Select Destinatin Devices: Select Traffic Analyzer 2 and Traffic Analyzer 4. Select Surce Nde: Use the default settings. Select Surce Prt: Use the default settings. Click Submit. Yu can click the cnnectin name t see the actual traffic- frwarding path fr each rule. Page 15 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

Nw verify that the tw edge prts n the switch are receiving the traffic accrding t the filter that was applied. Observe the flw details using the Trublesht tab f the Cisc Nexus Data Brker Management UI. Click Statistics n the left side pane. Select a switch name frm the drp dwn bx By default Flw statistics page displayed Yu can g t prt statistics by clicking Prts tab next t Flws tab. Cnclusin Cisc Nexus Data Brker with Cisc Nexus switches can prvide scalable, cst- effective, and efficient infrastructure fr netwrk traffic mnitring and visibility. With the capability f Cisc Nexus Family switches t perate in hybrid mde, custmers can get additinal value frm their investments withut any hardware capital expenditures. Custmers can dedicate a few prts t mnitring purpses, with these prts cntrlled by Cisc Nexus Data Brker. All remaining prts can cntinue t be managed by the lcal cntrl plane and can be used fr prductin traffic. This apprach allws custmers t intrduce new functins n existing data center netwrks withut any significant changes t their infrastructure. Fr Mre Infrmatin Fr additinal infrmatin, see: Cisc Plug- in fr OpenFlw cnfiguratin guide: http://www.cisc.cm/en/us/dcs/switches/datacenter/sdn/cnfiguratin /penflw- agent- nxs.html Cisc Nexus Data Brker cnfiguratin guide: http://www.cisc.cm/c/en/us/supprt/clud- systems- management/nexus- data- brker/prducts- installatin- and- cnfiguratin- guides- list.html Cisc Nexus 9000 Series Switches cnfiguratin guide: http://www.cisc.cm/c/en/us/td/dcs/switches/datacenter/nexus9000/s w/7- x/system_management/cnfiguratin/guide/b_cisc_nexus_9000_series_nx - OS_System_Management_Cnfiguratin_Guide_7x.html Page 16 2016 Cisc and/r its affiliates. All rights reserved. This dcument is Cisc Public Infrmatin.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback