advertisement
Cisco Nexus Data Broker Release Notes,
Release 2.2
This document describes the features, system requirements, limitations, and caveats in the Cisco Nexus Data Broker
Release 2.2.
Online History Change
Date
October 6, 2015
October 19, 2015
May 2, 2016
May 23, 2016
Description
Created the release notes for Cisco Nexus Data Broker Release 2.2
Added supported NXOS versions.
■ Updated the Supported NXOS Versions section
■ Removed CSCuw09495 and CSCuw20223 from Open Bugs
■ Changed all mentions of Cisco Nexus Release 7.0(3)I2(1) to
7.0(3)I2(2a)
■ Added the Cisco Nexus 3064 and 3048 switches to the OpenFlow mode support list
■ Removed Cisco Nexus 3000 Series from the NX-API support list
Added the following: Cisco Nexus 3000 Series switches support OpenFlow mode only. They do not support NX-API mode.
Contents
Cisco Systems, Inc.
www.cisco.com
1
Cisco Nexus Data Broker Release Notes, Release 2.2
Introduction
2
Cisco Nexus Data Broker Release Notes, Release 2.2
Introduction
Introduction
Visibility into application traffic has traditionally been important for infrastructure operations to maintain security, troubleshooting, and compliance, and to perform resource planning. With the technological advances and growth in cloud-based applications, it has become imperative to gain increased visibility into the network traffic. Traditional approaches to gain visibility into network traffic are expensive and rigid, making it difficult for managers of large-scale deployments.
Cisco Nexus Data Broker with Cisco Nexus Switches provides a software-defined, programmable solution to aggregate copies of network traffic using SPAN or network taps for monitoring and visibility. As opposed to traditional network taps and monitoring solutions, this packet-brokering approach offers a simple, scalable and cost-effective solution wellsuited for customers who need to monitor higher-volume and business-critical traffic for efficient use of security, compliance, and application performance monitoring tools.
Cisco Nexus Data Broker also provides management support for multiple disjointed Cisco Nexus Data Broker networks.
You can manage multiple Cisco Nexus Data Broker topologies that may be disjointed using the same application instance. For example, if you have five data centers and want to deploy an independent Cisco Nexus Data Broker solution for each data center, you can manage all five independent deployments using a single application instance by creating a logical partition (network slice) for each monitored network.
Features
Cisco Nexus Data Broker 2.2 provides the features from the previous Cisco Nexus Data Broker releases listed below. For a list of newly added features specific to this release, see New Features :
■ Support for entry of a VLAN range when creating a filter.
■ Ability to clone filters and connections.
■ Ability to assign multiple filters to a connection.
■ Ability to configure both allow and deny filters for the same connection.
■ Enable time stamp tagging using PTP on Cisco Nexus 3500 Series switches.
■ Display flow and port statistics for devices in the Cisco Nexus Data Broker main user interface.
■ Display flow statistics per connection and for each device within the connection.
■ Inter-switch link (ISL) utilization information available in the topology diagram and in the connection path.
■ Enable packet truncation on input ports on Cisco Nexus 3500 Series switches.
■ Support for Cisco Nexus 3164 and 31128 switches.
■ Embedded application support for Cisco Nexus 9300 Series switches.
■ Scalable topology for Test Access Point (TAP) and Switched Port Analyzer (SPAN) port aggregation.
■ Support for Q-in-Q to tag input source TAP and SPAN ports.
■ Symmetric load balancing.
■ Support for MPLS tag stripping.
■ Connections matching monitoring traffic based on Layer 1 through Layer 4 information.
■ Support for Layer 7 filtering for HTTP traffic.
3
Cisco Nexus Data Broker Release Notes, Release 2.2
Supported NXOS Versions
■ The ability to replicate and forward traffic to multiple monitoring tools.
■ Time stamp tagging using Precision Time Protocol (PTP).
■ Reaction to changes in the TAP/SPAN aggregation network.
■ Security features, such as role-based access control (RBAC), and integration with an external Active Directory
(AD) using RADIUS or TACACS for authentication, authorization, and accounting (AAA).
■ End-to-end path visibility, including both port and flow level statistics for troubleshooting.
■ Robust Representational State Transfer (REST) API and a web-based GUI for all functions.
■ Support for Cisco Plug-in for OpenFlow, version 1.0 and Cisco One Platform Kit (onePK), version 1.3.0.
■ Support for Cisco NX-API mode configuration on the following:
— Cisco Nexus 9000 Series switches
— Cisco Nexus 3100 Series switches
Note: Cisco Nexus 3000 Series switches support OpenFlow mode only. They do not support NX-API mode.
Cisco Nexus Data Broker enables you to:
■ Classify SPAN and TAP ports.
■ Add monitoring devices to capture network traffic.
■ Filter which traffic should be monitored.
■ Redirect packets from a single or multiple SPAN or TAP ports to multiple monitoring devices through delivery ports.
■ Restrict which users can view and modify the monitoring system.
■ Connect to Cisco onePK agents for which Cisco onePK devices have been configured.
■ Configure these additional features, depending on the type of switch:
— Set VLAN ID on Cisco Nexus 3000, 3100, and 9300 Series switches.
— Enable symmetric load balancing on Cisco Nexus 3000 and 9000 Series switches.
— Enable Q-in-Q on Cisco Nexus 3000, 3100, and 9000 Series switches.
— Enable MPLS tag stripping on Cisco Nexus 3100 and 9000 Series switches.
Supported NXOS Versions
NXOS Versions supported in OpenFlow mode:
■ 6.0(2)XX(X) and later on Cisco Nexus 3000 Series switches
■ 7.0(3)I2(2a) and later on Cisco Nexus 9000 Series switches
NXOS Versions supported in NX-API mode:
■ 7.0(3)I1(2) and later on Cisco Nexus 9000 Series switches
4
Cisco Nexus Data Broker Release Notes, Release 2.2
New Features
■ 7.0(3)I2(2a) and later on Cisco Nexus 3100 Series switches
New Features
Cisco Nexus Data Broker 2.2 contains the following new features:
■ Configure multiple ports for Edge span and Edge tap.
■ Device addition using Device name
■ Inline monitoring and redirection functionality for security.
■ Limit Local Authentication Fallback.
The following features require NXOS 7.0(3)|2(2a) or later:
■ Configure matching on HTTP methods and redirect traffic based on that with NX-API.
■ MPLS tag striping on the following:
— Cisco Nexus 3000 Series switches
— Cisco Nexus 3100 Series switches
— Cisco Nexus 9000 Series switches
■ OpenFlow support for the following switches:
— Cisco Nexus 9300 Series
— Cisco Nexus 3064
— Cisco Nexus 3048
■ Q-in-Q on the following:
— Cisco Nexus 3000 Series switches
— Cisco Nexus 3100 Series switches
— Cisco Nexus 9000 Series switches
Usage Guidelines
This section lists the usage guidelines for the Cisco Nexus Data Broker.
■ HTTP access on port 8080 is disabled by default. Only HTTPS access on port 8443 is enabled. If required, HTTP can be enabled by editing the tomcat.xml file. Please refer to Cisco Nexus Data Broker Configuration Guide,
Release 2.2 for details.
■ The Cisco Nexus Data Broker assumes inter-switch link interfaces are configured to be layer 2 switch ports, and these interfaces are set to switchport trunk by default.
■ It is recommended to use JRE version 1.8.0_45 for latest security fixes.
■ Cisco Nexus 9000 switches managed by Cisco Nexus Data Broker 2.2 must have LLDP features enabled.
Disabling LLDP may cause inconsistencies and require devices to be deleted and re-added.
5
Cisco Nexus Data Broker Release Notes, Release 2.2
Limitations
■ When removing devices from the Cisco Nexus Data Broker, the device associated port definitions and connections should be removed first. Otherwise, the device might contain stale configurations created by the
Cisco Nexus Data Broker.
■ For Cisco NX-API devices, there is a 2 minute or more wait after the Cisco Nexus Data Broker configuration operations (port definitions, connections creation/deletion, and stats) to reload the device and avoid any inconsistency between the Cisco Nexus Data Broker and the device.
■ The TLS KeyStore and TrustStore passwords are sent to the Cisco Nexus Data Broker so it can read the password-protected TLS KeyStore and TrustStore files only through HTTPS.
./xnc config-keystore-passwords [--user {user} --password {password} --url {url} --verbose --prompt -keystore-password {keystore_password} --truststore-password {truststore_password. Here default URL to be https://Nexus_Data_Broker_IP:8443
Limitations
■ The same Cisco Nexus Data Broker instance can support either the OpenFlow or NX-API configuration mode, but it does not support both configuration modes.
6
Cisco Nexus Data Broker Release Notes, Release 2.2
Device Support Matrix
Device Support Matrix
Table 2 lists the supported Cisco Nexus Data Broker software for the various Cisco Nexus switches.
Table 1 Cisco Nexus Data Broker Application Device Support Matrix
Device Model Cisco Nexus Data Broker Deployment Mode Supported Supported Use Cases
Cisco Nexus 3000
Series
Cisco Nexus 3100 platform
Cisco Nexus 3164Q
Switch
Cisco Nexus 3500
Series
Cisco Nexus 9300 platform
Cisco Nexus 9500 platform
All Cisco Nexus Data
Broker releases
All Cisco Nexus Data
Broker releases
Cisco Nexus Data Broker
2.2
Cisco Nexus Data Broker
2.0 and later
Cisco Nexus Data Broker
2.1 and later
Cisco Nexus Data Broker
2.1 and later
Centralized and Embedded
Centralized and Embedded
Centralized and Embedded
Centralized and Embedded
Centralized and Embedded
Centralized only
Tap/SPAN aggregation and
In-line monitoring
Tap/SPAN aggregation and
In-line monitoring
Tap/SPAN aggregation only
Tap/SPAN aggregation only
Tap/SPAN aggregation and
In-line monitoring
Tap/SPAN aggregation only
Scale Information
Table 2 lists the scale limits for Cisco Nexus Data Broker.
Table 2 Scale Limits
Description Small Medium
Number of devices
Number of slices
Number of proactive flows
100
25
10,000
300
100
50,000
Large
500
200
100,000
System Requirements
Table 3 lists the system requirements for Cisco Nexus Data Broker 2.2.
Table 3 System Requirements per Deployment Size
Description Small Medium
CPUs (virtual or physical)
6-core 12-core
Large
18-core
7
Cisco Nexus Data Broker Release Notes, Release 2.2
Supported Web Browsers
Description Small Medium
Memory
Hard disk
Operating system
Other
8 GB RAM 16 GB RAM
Java Virtual Machine 1.8 or later.
Large
24 GB RAM
Minimum of 40 GB of free space available on the partition on which the Cisco Nexus Data Broker software is installed.
A recent 64-bit Linux distribution that supports Java, preferably Ubuntu, Fedora, or Red Hat.
Supported Web Browsers
The following web browsers are supported for Cisco Nexus Data Broker 2.2:
■ Firefox 18.x and later
■ Chrome 24.x and later
Note: Javascript 1.5 or a later version must be enabled in your browser.
Upgrading to Release 2.2
This section explains the supported method for upgrading your release.
From
2.0 or later
Earlier than 2.0
Supported Method
Direct upgrade is supported
Perform the following procedure:
1. Upgrade to 2.0
2. Upgrade to 2.2
.
Open and Resolved Bugs
The open and resolved bugs for this release are accessible through the Cisco Bug Search Tool . This web-based tool provides you with access to the Cisco bug tracking system, which maintains information about bugs and vulnerabilities in this product and other Cisco hardware and software products.
Note: You must have a Cisco.com account to log in and access the Cisco Bug Search Tool. if you do not have one, you can register for an account .
For more information about the Cisco Bug Search Tool, see the Bug Search Tool Help & FAQ .
This section includes the following topics:
■ Resolved Bugs in this Release
8
Cisco Nexus Data Broker Release Notes, Release 2.2
Related Documentation
Resolved Bugs in this Release
search the Cisco Bug Search Tool for details about the bug.
Table 4 Resolved Bugs in Cisco Nexus Data Broker Release 2.2
Bug ID Description
CSCuu73817
CSCuu78498
CSCuu87271
CSCuw50555
The NX-API connection is reset periodically between the Cisco Nexus Data Broker and Cisco
Nexus 9000 switches. Cisco Nexus Data Broker automatically reconnects within few seconds.
The Cisco Nexus Data Broker is not able to configure keystore passwords without using the default admin account.
In a topology with two Cisco Nexus 9000 switches interconnected with only a single link, and these two switches are not connected to any other neighbors, Cisco Nexus Data Broker does not display the topology link because NX-API provides the LLDP neighbor output in a different format. This issue does not impact Cisco Nexus 3000 Series switches in OpenFlow mode.
Whenever a login attempt fails for an invalid username/password, the subsequent login attempt with the correct username/password also fails. The next login attempt with the correct username/password succeeds.
Open Bugs for this Release
lists the descriptions of open bugs in Cisco Nexus Data Broker Release 2.2. You can use the bug ID to search the Cisco Bug Search Tool for details about the bug.
Table 5 Open Bugs in Cisco Nexus Data Broker Release 2.2
Bug ID Description
CSCuu41674
CSCuw48383
Removing an existing connection fails and a pop-up window appears to inform the user about connection inconsistency and request the user to fix the problem through the Troubleshooting tab.
After fixing the connection through the Troubleshooting tab, the connection status is displayed in green, and the connection is not removed from NDB and the device. This issue occurs occasionally only if NX-API device connection is lost at the exact time that the connection is being removed.
Sometimes the Cisco Nexus Data Broker does not display the port channel topology links between
N3548 devices when used in OpenFlow mode.
Related Documentation
For more information, see the related documents at the following link: http://www.cisco.com/c/en/us/support/cloud-systems-management/nexus-data-broker/tsd-products-support-serieshome.html
New Documentation
There are no new documents for this release.
9
Cisco Nexus Data Broker Release Notes, Release 2.2
Obtaining Documentation and Submitting a Service Request
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
.
at:
Subscribe to ocumentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks . Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2015 Cisco Systems, Inc. All rights reserved.
10
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project