Cisco Nexus Data Broker Configuration Guide, Release 3.10.x

User Connections

The User Connections tab displays details of all the user-defined connections between input port(s) (with or without filters) and monitoring tool port(s).

A table with the following details is displayed:

Table 1. User Connections
Column Name	Description
Connection Name	The name of the connection. This field is a hyperlink. Click the name of the connection. A new pane is displayed on the right which has more information about the connection. You can view the topology of the connection in either Deployment View or Network View. Additional actions that can be performed here: Edit Connection—Select this action to edit a connection. See Edit Connection for details. Clone Connection—Select this action to clone a connection. See Edit Connection for details. Cloning a connection is similar to editing a connection. Click the Details icon ( ) to get additional details of the connection. A new window displays the following details for the selected connection: General Deployment View Network View Flow Statistics Port Statistics
Type	Type of connection. The options are: Normal— here, the connection applies filters on the input ports and redirects traffic to the monitoring tool. Auto Priority— here, the connection redirects the traffic to the monitoring tool based on the set auto-priority number. For more details, see Auto Priority.
Applied Filters	The number of Allow and Drop filters applied to the connection. Matching traffic is either dropped or allowed based on the selection. This field is a hyperlink. Click the displayed number and a new pane opens on the right. A list of all the filters applied to the connection is displayed.
Input Port/ Input Port Groups	The number of input ports and/or input port groups of the connection. This field is a hyperlink. Click the displayed number and a new pane opens on the right. A list of sources (production devices from which traffic reaches the NDB controller) and ports applicable to the connection is displayed.
Monitoring Tools/ Monitoring Tools Group	The number of monitoring tools and/or monitoring tool groups of the connection. This field is a hyperlink. Click the displayed number and a new pane opens on the right. A list of monitoring tools applicable to the connection is displayed.
Description	Description of the connection.
Created By	User who created the connection.
Last Modified By	User who last modified the connection.

A color coded circle and a lock are displayed at the beginning of each row. The factors impacting the status of a connection are— operational and administration state of the source ports, operational state and administration state of the monitoring tools and the sessions involved in the connection.

A green circle indicates that the connection is successful.
A red circle indicates that the connection has failed.
A yellow circle indicates the connection is partially successful; one or more input port(s) and monitoring tools have errors.
A gray circle indicates that the connection is not operational; check the state of all the input ports and monitoring tools.

The lock symbol indicates that the connection is locked and unauthorized modification of the connection parameters is not allowed. Only the user (or administrator) who has created the connection or the user who has locked the connection can make required changes. You can lock a connection while adding a connection.

The following actions can be performed from the User Connections tab:

Add Connection—Select this action to add a new connection. See Add Connection for details about this task.
Delete Connection—Select the required connection(s) by checking the check box which is at the beginning of the row. Click the Actions button and, select Delete Connection. The selected connection(s) are deleted. If you choose the delete action without selecting a check box, an error is displayed. You will be prompted to select a connection.
Toggle Install—Select the required connection(s) by checking the check box which is at the beginning of the row. Click the Actions button, select Toggle Install to install a connection. Toggle Install will install/ uninstall connection(s) on the NDB devices but the connection configuration will not be deleted from the NDB controller.

If you choose the toggle install action without selecting a check box, an error is displayed. You will be prompted to select a connection.

You can disable deny ACL on all the ISL interfaces by setting the configure.global.acls parameter to false in the config.ini file. Ensure that you restart NDB after making changes in the configuration file.

You can disable Global deny ACL or ISL deny ACL during the CLI upgrade or configuration upload by using the CLI upgrade command and setting the configure.global.acls parameter to false in the config.ini file. For example:

configure.global.acls=false

Adding a Connection

Use this procedure to add a connection. A connection establishes a link between the input ports (with filters) of a device to the monitoring tool ports of the device.

Before you begin

Complete these tasks:

Define a filter for the connection
Configure a monitoring tool (recommended)
Configure an edge port (recommended)
Use Dry Run (recommended)

Follow these restrictions and usage guidelines for creating a connection:

Configure QinQ VLAN to add a new connection with auto priority across devices (with multiple hops).
You can configure only one connection with auto priority for each input port/port group.

Procedure

Step 1

Navigate to Connections > User Connections.

Step 2

From the Actions drop-down list, select Add Connection.

Step 3

In the Add Connection dialog box, enter the following details:

Table 2. Add Connection

Field

Description

Connection Name

Enter the connection name.

Description

Enter a description for the connection.

Priority

Enter the priority you want to set for the connection. By default, priority level is 100. Range is from 2 to 10000. Higher the number, greater the priority. For example, 200 indicates higher priority when compared to 100.

Incoming traffic from the ports is matched based on priority. If two connections have the same inputs ports and same filters, traffic takes the connection with the higher priority.

Note

By default, Edit is enabled for the Cisco NDB administrator role.

Lock Connection

Click the gray button to lock the connection. The gray button turns blue and moves to the right indicating that locking is enabled.

Locking a connection prevents unauthorized changes to a connection.

AutoPriority

Click the gray button to enable auto priority. The gray button turns blue and moves to the right indicating that AutoPriority is enabled.

When AutoPriority is enabled, the Priority field is disabled. NDB automatically assigns a priority for a connection based on certain criteria (monitoring tools and filters).

Auto priority provides flexibility to map filters to mulitple monitoring tools in a connection. For more details, see Auto Priority.

Connection Topology

Here, you can define Input Port(s), Filter(s) and Monitoring Tools(s) for a connection.

Input Port

Select an input port for the connection.

Click Select Input Port(s)/ Group. Select either Input Portor Input Port Group.

If you select Input Port, a list of devices is displayed.

To select a device, check the corresponding check box. Based on the selected device, the available ports of the device are displayed.

To select a port, check the corresponding check box. Details of the selected port(s) are displayed on the right. The current status of the port is displayed by a color-coded circle.

Note

Click Add Input Port to add an input port for the selected device. For the detailed procedure, see Adding an Input Port.

Click Select to include the selected source port(s) as part of the connection.

If you select Input Port Group, a list of port groups is displayed.

To select a port group, check the corresponding check box. Details of the selected port group(s) are displayed on the right. The current status of the port group is indicated by a color-coded circle.

Note

Click Add Input Port Group to add an input port group. For the detailed procedure, see Adding an Input Port Group.

Click Select to include the selected source port group(s) as part of the connection.

Filter

Click Select Filter(s).

To select a filter, check the corresponding check box. Details of the selected filter(s) are displayed on the right. More than one filter can be selected. You can either choose to use the Allow or Deny behavior for a filter. Allow enables the traffic from the input ports to pass through; deny drops the traffic from the input ports.

Note

Click Add Filter to add a filter. For the detailed procedure, see Adding a Filter.

Click Select to include the selected filter(s) as part of the connection.

Note

This field is disabled if AutoPriority is enabled.

Monitoring Tools

The Select Monitoring Tool(s)/ Group option is displayed if AutoPriority is not enabled.

Click Select Monitoring Tool(s)/ Group . Select either Monitoring Tool or Tool Group.

If you select Monitoring Tool, a list of monitoring tools is displayed.

To select a monitoring tool, check the corresponding check box. The details of the monitoring tool are displayed on the right, with the current status of the monitoring tool. The status is indicated by color coded circles.

Note

Click Add Monitoring Tool to add a monitoring tool. For the detailed procedure, see Adding a Monitoring Tool.

Click Select to include the monitoring tool(s) as part of the connection.

If you select Tool Group, a list of monitoring tool groups is displayed.

To select a tool group, check the corresponding check box. Details of the selected tool group(s) are displayed on the right. The current status of the tool group is indicated by a color coded circle.

Note

Click Add Monitoring Tool Group to add a monitoring tool group. For the detailed procedure, see Adding a Monitoring Tool Group.

Click Select to include the selected tool group(s) as part of the connection.

The Select Monitoring Tool and Filter Pair option is displayed if AutoPriority is enabled.

Select one or more monitoring tool(s) and filter(s).
Click Select.

Step 4

Click Add Connection to add the connection or Install Connection to add and deploy the connection on the NDB device.

Editing or Cloning a Connection

Use this procedure to edit or clone a connection.

Editing a connection means changing the parameters of an existing connection.

Cloning a connection means creating a new connection with identical parameters of an exisiting connection, and then, changing the required parameters. Ensure to change the name of the connection before saving it.

Before you begin

Create one or more connections.

Procedure

Step 1

Navigate to Connections > User Connections.

Step 2

In the displayed table, click a Connection Name.

A new pane is displayed on the right.

Step 3

Click Actions and select Edit Connection.

To clone a connection, select Clone Connection.

Step 4

In the Edit Connection or Clone Connection dialog box, the current connection information is displayed. Modify these fields, as required:

Table 3. Edit Connection/ Clone Connection
Field	Description
Connection Name	Connection name.
Description	Description of the connection.
Priority	The current priority of the connection.
Lock Connection	Click the gray button to lock the connection. The gray button turns blue and moves to the right indicating that locking is enabled. Locking a connection prevents unauthorized changes to a connection.
Auto Priority	If Auto Priority was not enabled while adding a connection, then this field is disabled.
Connection Topology	Here, you can define Input Port(s), Filter(s) and Monitoring Tools(s) for a connection.
Input Port	The current input port(s) included in the connection are displayed. Click the cross mark adjacent to an input port to delete the port from the connection. To edit the input ports, click Select Input Port(s)/ Group. Select either Input Portor Input Port Group. If you select Input Port, a list of devices is displayed. To select a device, check the corresponding check box. Based on the selected device, the available ports of the device are displayed. To select a port, check the corresponding check box. Details of the selected port(s) are displayed on the right. Click Select to include the selected source port(s) as part of the connection. If you select Input Port Group, a list of port groups is displayed. To select a port group, check the corresponding check box. Details of the selected port group(s) are displayed on the right. Click Select to include the selected source port group(s) as part of the connection.
Filter	The current filter(s) included in the connection are displayed. Click the cross mark adjacent to a filter to delete the filter from the connection. To edit filters, click Select Filter(s). To select a filter, check the corresponding check box. Details of the selected filter(s) are displayed on the right. More than one filter can be selected. Click Select to include the selected filter(s) as part of the connection.
Monitoring Tools	The current monitoring tool(s) or tool group(s) included in the connection are displayed. Click the cross mark adjacent to a monitoring tool or tool group to delete it from the connection. To edit any of these, click Select Monitoring Tool(s)/ Group . Select either Monitoring Tool or Tool Group. If you select Monitoring Tool, a list of monitoring tools is displayed. To select a monitoring tool, check the corresponding check box. The details of the monitoring tool are displayed on the right, with the current status of the monitoring tool. The status is indicated by color coded circles. Click Select to include the monitoring tool(s) as part of the connection. If you select Tool Group, a list of monitoring tool groups is displayed. To select a tool group, check the corresponding check box. Details of the selected tool group(s) are displayed on the right. The current status of the tool group is indicated by a color coded circle. Click Select to include the selected tool group(s) as part of the connection.

Step 5

Click Edit Connection or Clone Connection.

Auto Priority

Auto priority provides flexibility to map filters to mulitple destination devices in a connection.The priority of a connection with Auto-Priority is set to the value configured in the config.ini file. You can configure the connection.autopriority.priorityValue attribute in the config.ini file with a priority value to be used for all the new connections with auto-priority. The connection information lists the allowed filters along with the destination devices.

Dry Run

You can estimate the amount of traffic generated for a new connection using the Dry Run feature. This feature samples the traffic for 30 seconds for the new connection and estimates the approximate traffic generated for the connection. You can use the Dry Run feature before adding a new connection. You can manage the Dry Run feature using the mm.dryrun.timer parameter in the config.ini file. To enable the Dry Run feature, set the mm.dryrun.timer paramter to a value greater than zero. If the mm.dryrun.timer paramter is set to zero, the Dry Run feature is disabled.

The Dry Run feature shows the topology for the new connection with information about the estimated traffic. The feature samples the traffic for few (mm.dryrun.timer value in config.ini file) seconds for the new connection and estimates the approximate traffic generated for the connection. Use the Dry Run feature before adding a new connection.

Default Connections

The Default Connections tab displays details of the default NDB connections. Default deny rules are system-configured on the input ports, monitoring tools and packet truncation ports. This means, by default, traffic received on the input ports is denied , until a user defined connection is configured.

By default, deny ACL is enabled on all the Inter Switch Links (ISL) interfaces causing all the traffic in the ISL interfaces to be dropped if there is no connection installed. The following connections are installed on the ISL interfaces:

Default-Deny-ISL-device_name connection with Default-Deny-All, Default-Deny-MPLS, and Default-Deny-ARP filters. This connection is supported on all the types of switches in NXAPI mode.
Default-Deny-ISL-ICMP-device_name connection with Default-Deny-ICMP and Default-Deny-ICMP-All filters. This connection is supported on Nexus 9200, 9300EX, 9300FX, 9500EX, and 9500FX switches in NXAPI mode.
You can manage this feature using the mm.addDefaultISLDenyRules attribute in config.ini file. By default, the mm.addDefaultISLDenyRules attribute is not be present in config.in file. To disable this feature, you need to add the mm.addDefaultISLDenyRules attribute to config.ini file ans set it to false and restart the device. For example:
```
mm.addDefaultISLDenyRules = false
```

A table is displayed with the following details:

Table 4. Default Connections

Column Name

Description

Connection Name

The default connection name.

This field is a hyperlink. Click the name of the connection. A new pane is displayed on the right which has more information about the connection.

The following actions can be performed here:

Clone Connection—Select this action to clone a connection. See Edit Connection for details. Cloning a connection is similar to editing a connection.

Note

Default connections cannot be edited.

Drop Filters

The number of drop filters for the connection.

Drop filters on NDB drop the matching traffic.

Input / Monitoring Ports

The number of input or monitoring ports.

Description

Description of the connection.

Bias-Free Language

Book Title

Cisco Nexus Data Broker Configuration Guide, Release 3.10.x

Chapter Title

Connections

Results

Chapter: Connections

Connections

Connections

User Connections

Adding a Connection

Before you begin

Procedure

Editing or Cloning a Connection

Before you begin

Procedure

Auto Priority

Dry Run

Default Connections

Was this Document Helpful?

Contact Cisco