Cisco Nexus Dashboard Data Broker Configuration Guide, Release 3.10.1
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter has details about the connections of the Cisco Nexus Dashboard Data Broker.
Beginning with Release 3.10.1, Cisco Nexus Data Broker (NDB) has been renamed to Cisco Nexus Dashboard Data Broker. However,
some instances of NDB are present in this document, to correspond with the GUI, and installation folder structure. References
of NDB/ Nexus Data Broker/ Nexus Dashboard Data Broker can be used interchangeably.
Connections
The Connections tab has the following subtabs:
User Connections—user-defined connections to manage traffic between an input port and monitoring tool port. See User Connections for more details.
Default Connections—by default, ingress traffic on the input ports is denied, until a user-defined connection is defined. See Default Connections for more details.
User Connections
The User Connections tab displays details of all the user-defined connections between input port(s) (with or without filters) and monitoring tool
port(s).
A table with the following details is displayed:
Table 1. User Connections
Column Name
Description
Connection Name
The name of the connection.
This field is a hyperlink. Click the name of the connection. A new pane is displayed on the right which has more information
about the connection. You can view the topology of the connection in either Deployment View or Network View.
Additional actions that can be performed here:
Edit Connection—Select this action to edit a connection. See Edit Connection for details.
Clone Connection—Select this action to clone a connection. See Edit Connection for details. Cloning a connection is similar to editing a connection.
Click the Details icon ( ) to get additional details of the connection. A new window displays the following details for the selected connection:
General
Deployment View
Network View
Flow Statistics
Port Statistics
Type
Type of connection. The options are:
Normal— here, the connection applies filters on the input ports and redirects traffic to the monitoring tool.
Auto Priority— here, the connection redirects the traffic to the monitoring tool based on the set auto-priority number. For
more details, see Auto Priority.
Applied Filters
The number of Allow and Drop filters applied to the connection. Matching traffic is either dropped or allowed based on the selection.
This field is a hyperlink. Click the displayed number and a new pane opens on the right. A list of all the filters applied
to the connection is displayed.
Input Port/ Input Port Groups
The number of input ports and/or input port groups of the connection.
This field is a hyperlink. Click the displayed number and a new pane opens on the right. A list of sources (production devices
from which traffic reaches the Nexus Dashboard Data Broker controller) and ports applicable to the connection is displayed.
Monitoring Tools/ Monitoring Tools Group
The number of monitoring tools and/or monitoring tool groups of the connection.
This field is a hyperlink. Click the displayed number and a new pane opens on the right. A list of monitoring tools applicable
to the connection is displayed.
Description
Description of the connection.
Created By
User who created the connection.
Last Modified By
User who last modified the connection.
A color coded circle and a lock are displayed at the beginning of each row. The factors impacting the status of a connection
are— operational and administration state of the source ports, operational state and administration state of the monitoring
tools and the sessions involved in the connection.
A green circle indicates that the connection is successful.
A red circle indicates that the connection has failed.
A yellow circle indicates the connection is partially successful; one or more input port(s) and monitoring tools have errors.
A gray circle indicates that the connection is not operational; check the state of all the input ports and monitoring tools.
The lock symbol indicates that the connection is locked and unauthorized modification of the connection parameters is not
allowed. Only the user (or administrator) who has created the connection or the user who has locked the connection can make
required changes. You can lock a connection while adding a connection.
The following actions can be performed from the User Connections tab:
Add Connection—Select this action to add a new connection. See Add Connection for details about this task.
Delete Connection—Select the required connection(s) by checking the check box which is at the beginning of the row. Click the Actions button and, select Delete Connection. The selected connection(s) are deleted. If you choose the delete action without selecting a check box, an error is displayed.
You will be prompted to select a connection.
Toggle Install—Select the required connection(s) by checking the check box which is at the beginning of the row. Click the Actions button, select Toggle Install to install a connection. Toggle Install will install/ uninstall connection(s) on the NDB devices but the connection configuration will not be deleted from the Nexus
Dashboard Data Broker controller.
If you choose the toggle install action without selecting a check box, an error is displayed. You will be prompted to select
a connection.
You can disable deny ACL on all the ISL interfaces by setting the configure.global.acls parameter to false in the config.ini file. Ensure that you restart Nexus Dashboard Data Broker after making changes in the configuration file.
You can disable Global deny ACL or ISL deny ACL during the CLI upgrade or configuration upload by using the CLI upgrade command
and setting the configure.global.acls parameter to false in the config.ini file. For example:
configure.global.acls=false
Adding a Connection
Use this procedure to add a connection. A connection establishes a link between the input ports (with filters) of a device
to the monitoring tool ports of the device.
Follow these restrictions and usage guidelines for creating a connection:
Configure QinQ VLAN to add a new connection with auto priority across devices (with multiple hops).
You can configure only one connection with auto priority for each input port/port group.
Procedure
Step 1
Navigate to Connections > User Connections.
Step 2
From the Actions drop-down list, select Add Connection.
Step 3
In the Add Connection dialog box, enter the following details:
Table 2. Add Connection
Field
Description
Connection Name
Enter the connection name.
Description
Enter a description for the connection.
Priority
Enter the priority you want to set for the connection. By default, priority level is 100. Range is from 2 to 10000. Higher
the number, greater the priority. For example, 200 indicates higher priority when compared to 100.
Incoming traffic from the ports is matched based on priority. If two connections have the same inputs ports and same filters,
traffic takes the connection with the higher priority.
Note
By default, Edit is enabled for the Cisco NDB administrator role.
Lock Connection
Click the gray button to lock the connection. The gray button turns blue and moves to the right indicating that locking is
enabled.
Locking a connection prevents unauthorized changes to a connection.
AutoPriority
Click the gray button to enable auto priority. The gray button turns blue and moves to the right indicating that AutoPriority
is enabled.
When AutoPriority is enabled, the Priority field is disabled. NDB automatically assigns a priority for a connection based on certain criteria (monitoring tools and
filters).
Auto priority provides flexibility to map filters to mulitple monitoring tools in a connection. For more details, see Auto Priority.
Connection Topology
Here, you can define Input Port(s), Filter(s) and Monitoring Tools(s) for a connection.
Input Port
Select an input port for the connection.
Click Select Input Port(s)/ Group. Select either Input Portor Input Port Group.
If you select Input Port, a list of devices is displayed.
To select a device, check the corresponding check box. Based on the selected device, the available ports of the device are
displayed.
To select a port, check the corresponding check box. Details of the selected port(s) are displayed on the right. The current
status of the port is displayed by a color-coded circle.
Note
Click Add Input Port to add an input port for the selected device. For the detailed procedure, see Adding an Input Port.
Click Select to include the selected source port(s) as part of the connection.
If you select Input Port Group, a list of port groups is displayed.
To select a port group, check the corresponding check box. Details of the selected port group(s) are displayed on the right.
The current status of the port group is indicated by a color-coded circle.
Note
Click Add Input Port Group to add an input port group. For the detailed procedure, see Adding an Input Port Group.
Click Select to include the selected source port group(s) as part of the connection.
Filter
Click Select Filter(s).
To select a filter, check the corresponding check box. Details of the selected filter(s) are displayed on the right. More
than one filter can be selected. You can either choose to use the Allow or Deny behavior for a filter. Allow enables the traffic from the input ports to pass through; deny drops the traffic from the input
ports.
Note
Click Add Filter to add a filter. For the detailed procedure, see Adding a Filter.
Click Select to include the selected filter(s) as part of the connection.
Note
This field is disabled if AutoPriority is enabled.
Monitoring Tools
The Select Monitoring Tool(s)/ Group option is displayed if AutoPriority is not enabled.
Click Select Monitoring Tool(s)/ Group . Select either Monitoring Tool or Tool Group.
If you select Monitoring Tool, a list of monitoring tools is displayed.
To select a monitoring tool, check the corresponding check box. The details of the monitoring tool are displayed on the right,
with the current status of the monitoring tool. The status is indicated by color coded circles.
Note
Click Add Monitoring Tool to add a monitoring tool. For the detailed procedure, see Adding a Monitoring Tool.
Click Select to include the monitoring tool(s) as part of the connection.
If you select Tool Group, a list of monitoring tool groups is displayed.
To select a tool group, check the corresponding check box. Details of the selected tool group(s) are displayed on the right.
The current status of the tool group is indicated by a color coded circle.
Note
Click Add Monitoring Tool Group to add a monitoring tool group. For the detailed procedure, see Adding a Monitoring Tool Group.
Click Select to include the selected tool group(s) as part of the connection.
The Select Monitoring Tool and Filter Pair option is displayed if AutoPriority is enabled.
Select one or more monitoring tool(s) and filter(s).
Click Select.
Step 4
Click Add Connection to add the connection or Install Connection to add and deploy the connection on the NDB device.
Editing or Cloning a Connection
Use this procedure to edit or clone a connection.
Editing a connection means changing the parameters of an existing connection.
Cloning a connection means creating a new connection with identical parameters of an exisiting connection, and then, changing
the required parameters. Ensure to change the name of the connection before saving it.
Before you begin
Create one or more connections.
Procedure
Step 1
Navigate to Connections > User Connections.
Step 2
In the displayed table, click a Connection Name.
A new pane is displayed on the right.
Step 3
Click Actions and select Edit Connection.
To clone a connection, select Clone Connection.
Step 4
In the Edit Connection or Clone Connection dialog box, the current connection information is displayed. Modify these fields, as required:
Table 3. Edit Connection/ Clone Connection
Field
Description
Connection Name
Connection name.
Description
Description of the connection.
Priority
The current priority of the connection.
Lock Connection
Click the gray button to lock the connection. The gray button turns blue and moves to the right indicating that locking is
enabled.
Locking a connection prevents unauthorized changes to a connection.
Auto Priority
If Auto Priority was not enabled while adding a connection, then this field is disabled.
Connection Topology
Here, you can define Input Port(s), Filter(s) and Monitoring Tools(s) for a connection.
Input Port
The current input port(s) included in the connection are displayed. Click the cross mark adjacent to an input port to delete
the port from the connection. To edit the input ports, click Select Input Port(s)/ Group. Select either Input Portor Input Port Group.
If you select Input Port, a list of devices is displayed.
To select a device, check the corresponding check box. Based on the selected device, the available ports of the device are
displayed.
To select a port, check the corresponding check box. Details of the selected port(s) are displayed on the right.
Click Select to include the selected source port(s) as part of the connection.
If you select Input Port Group, a list of port groups is displayed.
To select a port group, check the corresponding check box. Details of the selected port group(s) are displayed on the right.
Click Select to include the selected source port group(s) as part of the connection.
Filter
The current filter(s) included in the connection are displayed. Click the cross mark adjacent to a filter to delete the filter
from the connection. To edit filters, click Select Filter(s).
To select a filter, check the corresponding check box. Details of the selected filter(s) are displayed on the right. More
than one filter can be selected.
Click Select to include the selected filter(s) as part of the connection.
Monitoring Tools
The current monitoring tool(s) or tool group(s) included in the connection are displayed. Click the cross mark adjacent to
a monitoring tool or tool group to delete it from the connection. To edit any of these, click Select Monitoring Tool(s)/ Group . Select either Monitoring Tool or Tool Group.
If you select Monitoring Tool, a list of monitoring tools is displayed.
To select a monitoring tool, check the corresponding check box. The details of the monitoring tool are displayed on the right,
with the current status of the monitoring tool. The status is indicated by color coded circles.
Click Select to include the monitoring tool(s) as part of the connection.
If you select Tool Group, a list of monitoring tool groups is displayed.
To select a tool group, check the corresponding check box. Details of the selected tool group(s) are displayed on the right.
The current status of the tool group is indicated by a color coded circle.
Click Select to include the selected tool group(s) as part of the connection.
Step 5
Click Edit Connection or Clone Connection.
Auto Priority
Auto priority provides flexibility to map filters to mulitple destination devices in a connection.The priority of a connection
with Auto-Priority is set to the value configured in the config.ini file. You can configure the connection.autopriority.priorityValue attribute in the config.ini file with a priority value to be used for all the new connections with auto-priority. The connection
information lists the allowed filters along with the destination devices.
Dry Run
You can estimate the amount of traffic generated for a new connection using the Dry Run feature. This feature samples the
traffic for 30 seconds for the new connection and estimates the approximate traffic generated for the connection. You can
use the Dry Run feature before adding a new connection. You can manage the Dry Run feature using the mm.dryrun.timer parameter
in the config.ini file. To enable the Dry Run feature, set the mm.dryrun.timer paramter to a value greater than zero. If the
mm.dryrun.timer paramter is set to zero, the Dry Run feature is disabled.
The Dry Run feature shows the topology for the new connection with information about the estimated traffic. The feature samples
the traffic for few (mm.dryrun.timer value in config.ini file) seconds for the new connection and estimates the approximate
traffic generated for the connection. Use the Dry Run feature before adding a new connection.
Default Connections
The Default Connections tab displays details of the default Nexus Dashboard Data Broker connections. Default deny rules are system-configured on
the input ports, monitoring tools and packet truncation ports. This means, by default, traffic received on the input ports
is denied , until a user defined connection is configured.
By default, deny ACL is enabled on all the Inter Switch Links (ISL) interfaces causing all the traffic in the ISL interfaces
to be dropped if there is no connection installed. The following connections are installed on the ISL interfaces:
Default-Deny-ISL-device_name connection with Default-Deny-All, Default-Deny-MPLS, and Default-Deny-ARP filters. This connection is supported on all the
types of switches in NXAPI mode.
Default-Deny-ISL-ICMP-device_name connection with Default-Deny-ICMP and Default-Deny-ICMP-All filters. This connection is supported on Nexus 9200, 9300EX,
9300FX, 9500EX, and 9500FX switches in NXAPI mode.
You can manage this feature using the mm.addDefaultISLDenyRules attribute in config.ini file. By default, the mm.addDefaultISLDenyRules attribute is not be present in config.in file. To disable this feature, you need to add the mm.addDefaultISLDenyRules attribute to config.ini file ans set it to false and restart the device. For example:
mm.addDefaultISLDenyRules = false
A table is displayed with the following details:
Table 4. Default Connections
Column Name
Description
Connection Name
The default connection name.
This field is a hyperlink. Click the name of the connection. A new pane is displayed on the right which has more information
about the connection.
The following actions can be performed here:
Clone Connection—Select this action to clone a connection. See Edit Connection for details. Cloning a connection is similar to editing a connection.