Integrating Cisco Nexus Data Broker With Cisco ACI

This chapter contains the following sections:

Viewing the SPAN Management Tab

The SPAN Management tab is displayed on the Devices screen under the Administration tab in the GUI.

On the SPAN Management tab, click + Add Device. The Connect to Device window is displayed. Complete the following steps to connect to the device:

Before you begin

For APIC and production switches, the centralized deployment of Cisco Nexus Data Broker is mandatory.

Procedure

Step 1

Choose ACI device to add an APIC device.

Step 2

In the APIC IP Addresses panel, add the APIC IP Address (Primary), APIC IP address (Secondary), and APIC IP address (Tertiary).

Step 3

In the User Details panel, add Username and Password.

Step 4

After an ACI device has been added, the ACI radio button is disabled. Then you can add a NXOS production switch. Click NXOS in the first step to add a NXOS production switch.

The NX-API feature has to be enabled for the NXOS production switch to be added. To add a NXOS production switch in the SPAN Management tab, one NX-API device should already exist. This is a pre-requisite.

Step 5

Click Connect.

The NXOS production switch is displayed with the Type as PS in the SPAN Management tab. The APIC IP Address (Primary), APIC IP address (Secondary), and APIC IP address (Tertiary) do not apply to the NXOS production switch. Therefore, those fields are blank. You can also edit the credentials of the NXOS production switch. Once the production switch is added, it is displayed in the Configuration tab in green. In the Port Configuration window, you can configure SPAN Destination in the production Nexus switches that are NX-API enabled.

Viewing the SPAN Destination Tab

When you click Port Definition tab in the GUI, the Port Definition screen is displayed. Select the switch from the drop-down list to configure the ports.

On the Port Definition screen, the following two tabs are displayed:

  • Port Configuration

  • SPAN Destination

On the SPAN Destination tab, the following details are displayed:

  • SPAN Destination Name

  • SPAN Destinations

  • Node Connector

  • Monitor Port Type

  • Description

Adding SPAN Destination

When you configure a port as an edge SPAN port and the port is connected to the API side, you can select the APIC device, pod, node, and port from the ACI side and set the port as SPAN destination. SPAN destination can now be configured on the Cisco Nexus 9000 or Cisco Nexus 3000 Series production switches.


Note

Starting with Cisco Nexus Data Broker, release 3.8, you can configure multiple APIC devices on NDB.

Note

Starting with Cisco NDB release 3.8, you can now select an APIC device (ACI Node) on which SPAN destination is to be configured.

Note

For APIC SPAN destination, when you configure a port as an Edge SPAN port and the port is connected to the API side, you can select the pod, the node, and the port from the ACI side and set the port as SPAN destination. For production switch SPAN destination, when you configure a port as an Edge SPAN port and the port is connected to the production switch side, you can select the node and the port from the production switch side and set the port as SPAN destination.

You can add SPAN destination only after either an APIC or the production switch has been successfully added to the network.

Procedure

Step 1

Select the switch for which you want to configure the port details on the Port Configuration screen.

Step 2

Click Configure under Action.

The Configure Ports window is displayed.

Step 3

In the Configure Ports window, configure the port type from the Select a port type drop-down list by selecting one of the following options:

  • Add Monitoring Device
  • Edge Port-SPAN
  • Edge Port-TAP
  • Production Port

Monitoring Device—Creates a monitoring device for capturing traffic and configures the corresponding delivery port.

Edge Port-SPAN—Creates an edge port for incoming traffic connected to an upstream switch that is configured as a SPAN destination.

Edge Port-TAP—Creates an edge port for incoming traffic connected to a physical TAP port.

Production Port—Creates a production port for the ingress and egress traffic.

When you select the port type, the title of the window changes to Manage Configure Ports.

Step 4

In Manage Configure Ports window, the details of the selected node are displayed.

Step 5

In the Destination panel, if the APIC device is added, it is listed in the drop-down list. Select the Node Type as APIC from the drop-down list.

The SPAN Destination and Copy Device tabs are displayed.

Step 6

When you click the SPAN Destination tab, the Select SPAN Destination window is displayed. From the Select Node drop-down list, select an APIC device.

Step 7

Select corresponding leaf switch, node and port from the Select Pod drop-down list, Select Node drop-down list, and Select Port drop-down list to configure the SPAN Destination.

Step 8

Click Apply.

The port is now configured as SPAN destination part and it is displayed on the Port Definition screen.

Creating Copy Devices Using Copy Sessions (BETA)

When you configure a port as an edge-SPAN port, you can create copy devices using Copy Sessions (BETA) functionality.


Note

You can add SPAN destination and copy devices only after an APIC device has been successfully added to the network.

Procedure

Step 1

Select the switch for which you want to configure the port details using the Port Configuration screen.

Step 2

Click Configure under Action.

The Configure Ports window is displayed.

Step 3

In the Configure Ports window, configure the port type from the Select a port type drop-down list by selecting one of the following options:

  • Add Monitoring Device
  • Edge Port-SPAN
  • Edge Port-TAP
  • Production Port

Monitoring Device—Creates a monitoring device for capturing traffic and configures the corresponding delivery port.

Edge Port-SPAN—Creates an edge port for incoming traffic connected to an upstream switch that is configured as a SPAN destination.

Edge Port-TAP—Creates an edge port for incoming traffic connected to a physical TAP port.

Production Port—Creates a production port for the ingress and egress traffic.

When you select the port type, the title of the window changes to Manage Configure Ports.

Step 4

In Manage Configure Ports window, the details of the selected node are displayed.

Step 5

In the Destination panel, if the APIC device is added, it is listed in the drop-down list. Select the Node Type as APIC from the drop-down list.

The SPAN Destination and Copy Device tabs are displayed. See Adding SPAN Destination section for adding SPAN destination.

Step 6

When you click the Copy Device tab in the same window, the Create Copy Device (BETA) window is displayed.

Step 7

In the General panel, enter the name of the device in the Name field. The values for the fields, Device Type and Physical Domain are hard-coded.

Step 8

In the Device Interface panel, enter the details in the following fields: Name, Pod, Node, and Port. The value for the field, Path Type is hard-coded.

Step 9

In the Cluster panel, enter the details in the following fields, Name and VLAN Encap. The value for the field, Interface is hard-coded.

Step 10

Click Submit to save the settings.

The name and the path of the copy device is displayed in the destination panel.

Step 11

When you click Submit in Manage Configure Ports window, the device is displayed in the Destination column in the Port Configuration screen. When you hover over the device name in the GUI, the name of the Copy Device is displayed.

Step 12

Once the Copy Device is added, it is displayed in the APIC Copy Session (BETA) screen under the Copy Device tab.

The following fields are displayed under the Copy Device tab: Cluster Name, Managed, Device Type, and Service Type.

Step 13

In the APIC Copy Session (BETA) screen, the Service Graph tab is displayed. When you click +Add Service Graph, the Add Service Graph (BETA) window is displayed.

Step 14

Add name for the service graph in the Name field.

Step 15

Select the copy device for the service graph in the Copy Device field.

The copy devices that are created by Cisco Nexus Data Broker are listed in the Copy Device field.

Step 16

Click Submit to save the settings.

Once the service graph is added, it is displayed in the APIC Copy Session (BETA) screen under the Service Graph tab. The fields that are displayed on the tab are Name, Copy Device, Function Nodes, and Action. The parameters that can be edited for the service graph are Name and Copy Device only. You can click Remove under Action column in the APIC Copy Session (BETA) screen to remove the service graph.

Note 

By default, the copy device and the service graph get created under the common tenant.

Adding SPAN Sessions

On the SPAN Sessions tab, the following fields are displayed:

  • SPAN Session

  • Filter

  • Devices

  • SPAN Source

  • SPAN Destination

You can add a SPAN session in ACI. Complete the following steps to add a SPAN session.


Note

Starting with Cisco NDB release 3.8, a new column named, Status, is added on the SPAN Session tab that displays the status of each session. The status of a SPAN session depends on Operational status of the session in APIC and status of the connection attached to it (whether a connection is attached to the session).


Note

You can create a maximum of 4 SPAN sessions on a switch.

Procedure

Step 1

Log into NDB.
Step 2

Navigate to CONFIGURATIONS > >

Step 3

Click Add SPAN Session to add a SPAN session. The Add SPAN Session window is displayed.

Step 4

In the Add SPAN Session window, add a session name in the SPAN Session Name field.

Step 5

Under SPAN Sources, select ACI as device type from the Select Device Type option list.

Step 6

Select an APIC node from the drop-down list on which the SPAN session is to be configured.
Step 7

Click Apply SPAN Source.

Step 8

In the SPAN SOURCES pane, click + Add SPAN Source. In the pane, click + Add Leaf Ports to add a leaf port to capture the traffic from multiple leaf ports. Or optionally, you can click +Add EPG / AAEP to add an EPG source. Enter the values in the following fields:

  1. If + Add Leaf Ports is clicked.

  2. In the Add Leaf Ports window, select a pod using the drop-down list in the POD field.

  3. Select a node using the drop-down list in the Node field.

  4. Select a port using the drop-down list in the Port field.

  5. Click Add Leaf Ports.

  6. In the SPAN SOURCES pane, select a direction from the Incoming, Outgoing, or Both options.

    The selected Span source is displayed in the Span Source field.

  7. If +Add EPG / AAEP is clicked.

    Note 

    Starting with Cisco NDB Release 3.7, you can now add multiple EPGs in the same SPAN session.

  8. To add EPG source, select a tenant from the Tenant drop-down list in the Add EPG window.

    Note 

    • All EPG interfaces work only when all the ports are within the same leaf switch.

    • If an EPG is spread across multiple switches, select the corresponding SPAN destination on all the leaf switches.

  9. Select a profile using the drop-down list in the Profile field.

  10. Select EPG associated with the tenant using the EPG drop-down list.

    The selected SPAN Source is displayed.

  11. Select EPG or AAEP member from the EPG Members drop-down list.

  12. Click +Add.

  13. Click Add EPG.

    Note 

    If the EPG is selected, by default, Cisco Nexus Data Broker listens for the changes in the statically or dynamically configured interfaces of the selected EPG. If there is any change, it is applied to the SPAN session. The web socket connection is not secured with the certificates. To disable the event listening, add enableWebSocketHandle=false in the config.ini file under xnc/configuration folder.

    Note 

    When new EPG members are added in APIC, if there is no SPAN destination on the leaf switch that matches the newly added EPG member as part of the configured SPAN session, NDB ignores this event and the new EPG member are not shown in NDB.

Step 9

In the SPAN Destination field, select SPAN destination.

If you install ACI SPAN session, it lists the SPAN destination that is created in ACI.

If you install NXOS SPAN session, it lists the SPAN destination that is created in NXOS.

Note 

Ensure that each leaf switch in the SPAN source has at least one corresponsing SPAN destination.

Note 

Starting with Cisco NDB Release 3.7, addition of multiple SPAN Destinations in the same SPAN session is supported.
Step 10

(Optional) Select a connection in the Select Connections field.

Note 

Starting with Cisco NDB Release 3.7, attaching a connection to the SPAN session is optional.
Step 11

(Optional) In the Action pane, select a priority for the SPAN session.

Step 12

(Optional) Select a rule using the drop-down list in the Rule Filter field.

Step 13

(Optional) Select a destination device to which the traffic is sent.

Step 14

Do one of the following:

  • Click Save SPAN Session to save the session without installing it on ACI.
  • Click Install SPAN Session to save and install the session on ACI.
Note 

Starting with Cisco NDB release 3.8, you can install a saved SPAN session on ACI using the Toggle Install button. Select the saved SPAN session that you want to install and click Toggle Install button to install the session on ACI. You can also uninstall a SPAN session without removing it from ACI using the Toggle Install button. The SPAN session in uninstalled from ACI but remains saved on the NDB for future use.

Step 15

Click OK.

As a result, a SPAN session is set up in ACI. It also sets up a connection automatically on the Cisco Nexus Data Broker with the same SPAN session name and this connection redirects the traffic from that source port to the monitoring device.

Note 
Note 

Each leaf can have a maximum of 4 SPAN sessions.

You can set up additional SPAN sessions. You can append a new SPAN session to the existing connection. In that case, you can select the new SPAN session in the Add SPAN Session window, use the same connection that is previously created, select new SPAN sources from different leaf ports, select the SPAN destination, and add the SPAN session.

It creates a new session in ACI, but it appends an existing connection to include the new traffic on the Cisco Nexus Data Broker side.

You can edit or clone the existing SPAN sessions. If you want to remove a SPAN session, click the session and click Remove SPAN Session(s) A message box is displayed asking you to confirm, Remove the following sessions?, if you want to remove the displayed SPAN session. Click Remove SPAN Sessions to confirm. If the SPAN session is using an existing connection, the connection is updated automatically with the changes. If it is the last connection associated with the SPAN session, the connection is deleted.