SharkFest 16. Cisco ACI and Wireshark. Karsten Hecker Senior Technical Instructor Fast Lane Germany. Getting Back Our Data

Similar documents
Cisco HyperFlex Systems

Cisco ACI Virtual Machine Networking

Quick Start Guide (SDN)

ACI Terminology. This chapter contains the following sections: ACI Terminology, on page 1. Cisco ACI Term. (Approximation)

Cisco ACI Virtual Machine Networking

Cisco ACI Terminology ACI Terminology 2

Question No: 3 Which configuration is needed to extend the EPG out of the Cisco ACI fabric?

Quick Start Guide (SDN)

Virtual Machine Manager Domains

Service Graph Design with Cisco Application Centric Infrastructure

Cisco ACI Virtual Machine Networking

Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack

Cisco ACI Multi-Pod and Service Node Integration

Cisco ACI with Cisco AVS

Cisco ACI and Cisco AVS

Exam Questions

Virtualization Design

ACI Multi-Site Architecture and Deployment. Max Ardica Principal Engineer - INSBU

Exam Questions Demo Cisco. Exam Questions

Networking Domains. Physical domain profiles (physdomp) are typically used for bare metal server attachment and management access.

Virtual Security Gateway Overview

Cisco ACI Multi-Site Fundamentals Guide

Cisco ACI vcenter Plugin

Layer 3 IP Multicast Architecture and Design in Cisco ACI Fabric

Exam Questions

VXLAN Overview: Cisco Nexus 9000 Series Switches

Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework

Cisco UCS Director and ACI Advanced Deployment Lab

Configure RSPAN with VMware

Configure. Background. Register the FTD Appliance

Cisco Application Centric Infrastructure (ACI) - Endpoint Groups (EPG) Usage and Design

Configuring Cisco Nexus 9000 Series Switches in ACI Mode (DCAC9K) v3.0

Cisco ACI vpod. One intent: Any workload, Any location, Any cloud. Introduction

Cisco ACI Virtual Machine Networking

Cisco ACI Virtual Machine Networking

ACI Fabric Endpoint Learning

Cisco ACI App Center. One Platform, Many Applications. Overview

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018

Cisco Application Centric Infrastructure (ACI) Simulator

Intra-EPG Isolation Enforcement and Cisco ACI

Cisco Application Policy Infrastructure Controller Data Center Policy Model

Modeling an Application with Cisco ACI Multi-Site Policy Manager

Multi-Site Use Cases. Cisco ACI Multi-Site Service Integration. Supported Use Cases. East-West Intra-VRF/Non-Shared Service

Cisco Nexus Data Broker

Cisco ACI Multi-Site, Release 1.1(1), Release Notes

Cisco CCIE Data Center Written Exam v2.0. Version Demo

5 days lecture course and hands-on lab $3,295 USD 33 Digital Version

Cisco ACI Multi-Pod/Multi-Site Deployment Options Max Ardica Principal Engineer BRKACI-2003

Configure RSPAN with VMware

Cisco ACI Simulator VM Installation Guide

Cisco APIC in a Cisco ACI Multi-Site Topology New and Changed Information 2

Cisco Application Centric Infrastructure

Implementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches

Cisco ACI with OpenStack OpFlex Architectural Overview

Cisco UCS Director Tech Module Cisco Application Centric Infrastructure (ACI)

Building NFV Solutions with OpenStack and Cisco ACI

Configuring APIC Accounts

Table of Contents HOL-PRT-1305

Configuring Layer 4 to Layer 7 Resource Pools

Segmentation. Threat Defense. Visibility

Cisco ACI Virtualization Guide, Release 2.2(2)

F5 BIG-IP Local Traffic Manager Service Insertion with Cisco Application Centric Infrastructure

Configuring Q-in-Q VLAN Tunnels

Intra-EPG Isolation Enforcement and Cisco ACI

Page 2

The Next Opportunity in the Data Centre

2018 Cisco and/or its affiliates. All rights reserved.

Real World ACI Deployment and Migration

Integration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit

Cisco Nexus 1000V Switch for Microsoft Hyper-V

Configuring SPAN and RSPAN

Cisco IT Compute at Scale on Cisco ACI

Microsegmentation with Cisco ACI

Migration from Classic DC Network to Application Centric Infrastructure

Trends and challenges Managing the performance of a large-scale network was challenging enough when the infrastructure was fairly static. Now, with Ci

Intra-EPG Isolation Enforcement and Cisco ACI

ACI Transit Routing, Route Peering, and EIGRP Support

Schema Management. Schema Management

PSOACI Tetration Overview. Mike Herbert

Layer 4 to Layer 7 Design

Cisco ACI Virtualization Guide, Release 2.2(1)

Cisco ACI - Application Policy Enforcement Using APIC

Hypervisors networking: best practices for interconnecting with Cisco switches

VXLAN Design with Cisco Nexus 9300 Platform Switches

Automate Application Deployment with F5 Local Traffic Manager and Cisco Application Centric Infrastructure

SDN Security BRKSEC Alok Mittal Security Business Group, Cisco

Principles of Application Centric Infrastructure

Q-in-Q Encapsulation Mapping for EPGs

Cisco ACI Virtualization Guide, Release 1.1(1j)

GUIDE. Optimal Network Designs with Cohesity

Microsegmentation with Cisco ACI

VMware vsan Network Design-OLD November 03, 2017

Cisco ACI Simulator Release Notes, Release 1.1(1j)

Deploy the ExtraHop Discover Appliance with VMware

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Health Scores. Understanding Health Scores

Configuring SPAN and RSPAN

Cisco ACI Virtualization Guide, Release 2.1(1)

Configuring SPAN. Understanding SPAN CHAPTER. This chapter describes how to configure Switched Port Analyzer (SPAN) and on the Catalyst 2960 switch.

Integrating the Cisco ASA with Cisco Nexus 9000 Series Switches and the Cisco Application Centric Infrastructure

Transcription:

SharkFest 16 Cisco ACI and Wireshark Getting Back Our Data Karsten Hecker Senior Technical Instructor Fast Lane Germany

Current Challenges for SPAN

Current Challenges for SPAN connect through the CLI manually initiate a SPAN session on every required switch in the potential traffic path 10 / 40 Gbps Link Aggregation (Etherchannel)

Current Challenges for SPAN multitenant, transient data centers VMs / containers move between physical hardware outside the control of network engineers => traffic path may not be known ahead of time

New SPAN Concept with Cisco ACI

Cisco ACI Benefits new layer of policy abstraction on top of the switch hardware

Cisco ACI Benefits includes the logical networking construct of endpoint groups (EPGs)

Cisco ACI Benefits EPGs consume switch hardware resources only when relevant endpoints are present

Cisco ACI Benefits As workloads move around the data center, the EPG expands and contracts to meet resource needs

Support for Local and Remote Destinations Originally SPAN traffic could be mirrored only locally on the switch Extensions such as RSPAN and ERSPAN allowed traffic to be encapsulated and sent to a remote switch or device Cisco ACI supports local and remote (ERSPAN) destinations in the various types of SPAN

Continued Support for SPAN, RSPAN and ERSPAN Cisco ACI thus continues to make available Remote SPAN (RSPAN) Encapsulated RSPAN (ERSPAN) virtual workloads need to be spanned directly within a virtual switch (vswitch) Cisco ACI can be paired with Cisco Application Virtual Switch (AVS) used to create and manage Virtual SPAN (vspan) sessions providing a full end-to-end SPAN

How ERSPAN Reaches the Destination ERSPAN packets are injected into the destination EPG on the source leaf switch outer source address set to the generated IP address outer destination IP address set to the destination IP address packet then follows the same forwarding path as normal traffic in this EPG

ERSPAN Types I and II Cisco ACI uses a merchant+ methodology Broadcom and Cisco chips combined in one chassis Tenant and Access SPAN use Type I (Broadcom chips) Fabric SPAN uses Type II (Cisco chips) ERSPAN Type I and Wireshark: by default Wireshark will not decode the packets choose Preferences > Protocols > ERSPAN select Force to decode fake ERSPAN frame

New SPAN Types

SPAN Type Use Cases Tenant SPAN Mirror all traffic to and from an EPG to a remote destination Fabric SPAN Mirror all traffic to and frommy spine switches to a remote destination Access SPAN Mirror all traffic to and from leaf host ports locally or to a remote destination Virtual SPAN Mirror a virtual interface on a virtual machine to a remote destination

SPAN Type Comparison SPAN Type Source Filter Destination Fabric SPAN Fabric port Bridge domain Private network Remote (ERSPAN Type II) Access SPAN Access port Tenant Application profile Endpoint group Remote (ERSPAN Type I) Local Tenant SPAN Endpoint group Remote (ERSPAN Type I) Virtual SPAN Virtual machine interface Remote (ERSPAN Type I) LSPAN (virtual machine interface)

Tenant SPAN

Tenant SPAN Tenant SPAN aggregates SPAN sessions across multiple leaf switches transparently and on demand administrator is free to describe semantically how traffic should be replicated Cisco Application Policy Infrastructure Controller (APIC) will command the appropriate hardware resources to initiate SPAN sessions on demand to capture relevant traffic

Tenant SPAN - Main Facts source can be only an EPG destination can be only ERSPAN ERSPAN encapsulation Type I direction can be: Inbound Outbound Both no filtering is possible

Tenant SPAN - Use Case use Tenant SPAN when you: do not know where the physical source is know that you want to capture all traffic in and out of any physical port that belongs to this EPG

Fabric SPAN

Fabric SPAN - Main Facts source must be a fabric (uplink) port on a leaf or spine switch 1/49 to 1/60 on Cisco Nexus 9396 (leaf switch) 1/49 to 1/54 on Cisco Nexus 9372 (leaf switch) 1/1 to 1/36 on Cisco Nexus 9336 (spine switch) destination can be only ERSPAN ERSPAN encapsulation is Type II

Fabric SPAN - Main Facts direction can be: Inbound Outbound Both filter options are: Private network Bridge domain multiple source paths are supported can have multiple switches (leaf or spine) with the same SPAN policy

Fabric SPAN - Use Case to mirror traffic that is traversing the spine switches within the fabric choose one or more fabric ports (on leaf or spine) replicate the traffic to a remote location

Access SPAN

Access SPAN - Main Facts source port can be any access port destination can be another access port (not a port channel or virtual port channel [vpc]) or ERSPAN ERSPAN encapsulation is Type I direction can be: Inbound Outbound Both

Access SPAN - Main Facts filter options are: Tenant Application profile Endpoint group multiple source paths are supported

Access SPAN - Use Case to mirror traffic that is flowing to and from any host-facing ports on a leaf switch locally mirror the traffic to a switch port, or you can send it to a remote destination

Access SPAN - Use Case local destination is useful when you want to help ensure that the mirrored traffic does not leave this switch important decision to make when planning network capacity

Virtual SPAN

Virtual SPAN - Main Facts vspan requires Cisco Application Virtual Switch source can be an EPG or a virtual interface destination can be ERSPAN or a virtual interface no filtering is possible direction can be: Inbound Outbound Both

Virtual SPAN - Use Case take advantage of the Application Virtual Switch to mirror traffic from a virtual switch useful when traffic is being switched locally within the hypervisor and cannot be captured by the physical leaf switch

Troubleshooting SPAN Wizard

Troubleshooting SPAN Wizard Feature of Cisco ACI Visibility and Troubleshooting Tool available from the Operations tab using SPAN to troubleshoot two endpoints quickly Troubleshooting SPAN Wizard is especially useful for NOC teams

Troubleshooting SPAN Wizard given two endpoints, the troubleshooting tool will dynamically build a temporary Access SPAN session mirror the necessary traffic to capture the flow after the capture is complete, the SPAN session is taken down

Troubleshooting SPAN Wizard two distinct destinations are introduced: APIC the APIC acts as a capture device from which the mirrored traffic can be downloaded or inspected Host through the APIC causes the APIC to act as a proxy, forwarding mirrored traffic to an external analyzer

Scalability

Scalability plan capacity appropriately when you use SPAN with Cisco ACI after SPAN traffic has been captured, it will compete with normal traffic on the fabric to be delivered be sure to plan for SPAN traffic accordingly to avoid link oversubscription

Scalability For each leaf, you can have: Four Tenant or Access SPAN sessions Four Fabric SPAN sessions For each SPAN session, you may have: Up to all leaf access ports as the source (Access SPAN) Up to all fabric ports as the source (Fabric SPAN) Up to 280 EPGs or bridge domains as the source (Tenant SPAN)

Cisco Nexus Data Broker

Benefits Integration with Cisco ACI highly scalable solution options ranging from a small one-switch, embedded deployment to a centralized deployment across many data centers in different locations

Benefits central point for all monitoring configuration eliminates the need for users to use multiple systems monitor any part of networks in an automated and cost-effective way

DEMO

FIN

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback