This document describes the features, caveats, and limitations for the Cisco Nexus Data Broker (NDB) software, Release 3.6.
Additional product documentation is listed in the “Related Documentation” section.
Table 1 shows the online change history for this document.
Table 1 Online History Change
Date |
Description |
April 18, 2018 |
Created the release notes for the 3.6 release. |
Feb 24, 2019 |
Updated Known Caveats section and Open Caveats section. |
June 7, 2019 |
Updated Feature Limitations section. |
June 20, 2019 |
Added support for the following NX-OS versions: I7(6), 9.2(3), and I4(9). |
Sep 19, 2019 |
Removed bug, CSCuy81389, from the list of Open Caveats. |
January 9, 2020 |
Added CSCvs50998 to the list of known caveats. |
This document includes the following sections:
· Caveats
Visibility into application traffic is important for infrastructure operations to maintain security and compliance, and to perform resource planning and troubleshooting. With the technological advances and growth in cloud-based applications, it has become imperative to gain increased visibility into the network traffic. Traditional approaches to gain visibility into network traffic are expensive and rigid, making it difficult for managers of large-scale deployments.
Cisco Nexus Data Broker (NDB) with Cisco Nexus Switches provides a software-defined, programmable solution to aggregate copies of network traffic using SPAN or network taps for monitoring and visibility. As opposed to traditional network taps and monitoring solutions, this packet-brokering approach offers a simple, scalable and cost-effective solution well-suited for customers who need to monitor higher-volume and business-critical traffic for efficient use of security, compliance, and application performance monitoring tools.
Cisco NDB also provides a software-defined, programmable solution to perform inline inspection of the network traffic for monitoring and visibility purpose. Inline traffic inspection is performed on specific traffic by redirecting it through multiple security tools before it enters or exits a network.
This section lists the new and changed features in this release:
· Support to check consistency for NX-API based devices.
· Support to configure multiple User Defined Fields (UDFs) in a single filter.
· Support for IPv6 ethertype for UDF (UDFv6).
· Default Deny Global ACL for all the ports when switches connected via NX-API.
· Default Deny ISL ACL for all Inter switch ports when switches connected via NX-API.
· Cisco NDB now provides an option to estimate data traffic on a connection using dry run feature.
· Support to purge the device configuration from NDB database while deleting the device and for deleted device.
· FEX type port is now supported for ACI Span Session source.
· Support to configure MTU using NDB GUI.
· During upgrade configured Edge/TAP and Monitor ports will be administratively down and will be made administratively up post upgrade.
· Multiple device support added to consistency check.
· Cisco NDB now shows Last Modified By information for the Connection page.
· Cisco NDB now shows uptime information for NX-API devices on the Consistency Check tab.
· Support to display Node Name instead of Node ID for Connection Port Statistics information.
· Cisco NDB now provides an option to clear counters under Connection Port Statistics.
· Cisco NDB GUI now has smaller icons for monitoring devices in the topology.
· Support to use Esc key to close a dialog box in Cisco NDB.
Feature Limitations
The following feature limitation apply for the Cisco Nexus Data Broker, Release 3.6:
· NDB Openflow embedded is not supported on Cisco Nexus 3000/9000 series switches running 7.0(3)I6.1 and 7.0(3)I7.1 NXOS image.
· Dry Run feature is disabled by default. To enable this feature, see Cisco NDB Configuration Guide.
· Default deny ACL on all ports and Default ISL deny ACL on ISL ports is enabled by default for Cisco NDB Release 3.6. To disable this feature, please refer the Cisco NDB Release 3.6 Configuration Guide or Cisco NDB 3.6 Deployment Guide.
This section lists the usage guidelines and limitations for the Cisco Nexus Data Broker.
■ By default, NDB cluster URL is https://<NDBIP>:8443.
■ NDB supports Google Chrome version 45.x and later, FireFox version 45.x and later, and Internet Explorer version 11 and later.
■ APIC versions supported are 1.1, 1.2, and 2.0 series.
■ The switchport mode trunk and spanning-tree bpdufilter enable command should be enabled for all the inter-switch ports on all the NDB managed switches.
■ Cisco Nexus Data Broker Embedded will be supported on NxOS 7.0(I4).1 onwards, and 7.0(3)I6.1 onwards. For more information, see the Nexus Data Broker Hardware and Software Interoperability Matrix section.
■ The following features will not be supported in embedded mode deployment of Cisco Nexus Data Broker:
— Adding another NDB device
— Adding APIC for ACI SPAN session
— Adding production device for the SPAN session
— Configuring SPAN session
— Configuring copy device
— Configuring copy sessions
— Scheduling Configuration Backup
— NDB High availability is not supported
— TLS communication between the NDB controller and the switches is not supported
— Secured communication between the browser and NDB controller is not supported
■ Cisco Nexus switches managed by Cisco Nexus Data Broker in NX-API mode must have LLDP feature enabled. Disabling LLDP may cause inconsistencies and require device rediscovery.
■ When removing devices from the Cisco Nexus Data Broker, the device associated port definitions and connections should be removed first. Otherwise, the device might contain stale configurations created by the Cisco Nexus Data Broker.
■ For secured communication between Nexus Data Broker and Device through HTTPS, start Nexus Data Broker in TLS mode for the first time only. Subsequent NDB restarts does not require TLS mode. For more details, refer to Cisco Nexus Data Broker Configuration Guide.
■ The TLS KeyStore and TrustStore passwords are sent to the Cisco Nexus Data Broker so it can read the password-protected TLS KeyStore and TrustStore files only through HTTPS.
./xnc config-keystore-passwords [--user {user} --password {password} --url {url} --verbose --prompt --keystore-password {keystore_password} --truststore-password {truststore_password}.
Here default URL to be - https://Nexus_Data_Broker_IP:8443
■ A Cisco Nexus Data Broker instance can support either the OpenFlow or NX-API configuration mode, it does not support both configuration modes in the same NDB instance.
■ VLAN based IP filtering is not supported for Nexus Series switch with NxOS version 7.0(3)I6.1. Hence, the filtering fails when you filter the traffic for the following series of switches: 92160YC-X Switch,92300YC Swicth, 9272Q switch, 92304Q Switch, 9236C Switch.
■ For the NDB cluster deployment, the round trip delay across the various servers participating in the cluster should be less than 50 milliseconds. If the round trip delay is more, the NDB cluster behaves unexpectedly. The NDB server round trip delay should be less than 50 ms. If anything above that will have issue in NDB sync up with member servers.
■ Do not configure TACACS on the NDB switches. You can configure it only for authentication and authorization. Not to be used for accounting.
■ For Cisco NDB Release 3.6, Cisco NX-OS Release versions 7.0(3)I5(1), 7.0(3)I5(2), and 7.0(3)I7(2) are not recommended for NXAPI deployment and Cisco NX-OS Release versions 7.0(3)I5(1) and 7.0(3)I5(2) are not recommended OpenFlow deployments.
The 3.6 release supports the following operating systems for the full visibility software sensors:
Table 2 Cisco NDB Compatibility Information
Device Model |
Cisco Nexus Data Broker Minimum version |
Deployment Mode Supported |
Supported Use Cases |
Cisco Nexus 3000 Series |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation and |
Cisco Nexus 3100 platform |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation and |
Cisco Nexus 3164Q Switch |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 3200 switch |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 3500 Series |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9200 switch |
Cisco Nexus Data Broker 3.1 or later |
Centralized and Embedded Note: Cisco Nexus 9200 Series switches support only one switch deployment. |
Tap/SPAN aggregation only |
Cisco Nexus 9300 platform |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation and |
Cisco Nexus 9300-EX switch |
Cisco Nexus Data Broker 3.1 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9300-FX switch |
Cisco Nexus Data Broker 3.5 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9500 platform |
Cisco Nexus Data Broker 3.0 or later |
Centralized only |
Tap/SPAN aggregation only |
Cisco Nexus 9500-EX switch |
Cisco Nexus Data Broker 3.5 or later |
Centralized only |
Tap/SPAN aggregation only |
Cisco Nexus 9500-FX switch |
Cisco Nexus Data Broker 3.5 or later |
Centralized only |
Tap/SPAN aggregation only |
The following table lists the hardware and software ineteroperability matrix for NDB Release 3.6.
Table 3 Nexus Data Broker Hardware and Software Interoperability Matrix
Nexus Switch Model(s) |
Implementation Type |
Supported NX-OS Versions |
Open Flow Agent |
Nexus 3048 / 3064 / 3172 |
OpenFlow |
6.0(2)U6(x), I2(x), and I3(x) |
1.1.5 |
Nexus 3048 / 3064 / 3172 |
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(3) to 7.0(3)I7(6), 9.2(1) to 9.2(3). |
2.1.4 |
Nexus 3048 / 3064
|
NXAPI |
6.0(2)U6(x), 7.0(3)I4(1) to 7.0(3)I4(7) |
Not Supported |
Nexus 3172
|
NXAPI |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(3) to 7.0(3)I7(6) , 9.2(1) to 9.2(3). |
NA |
Nexus 3164
|
OpenFlow |
Not Supported |
Not Supported |
Nexus 3164 |
NXAPI |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(3) to 7.0(3)I7(6) , 9.2(1) to 9.2(3). |
NA |
Nexus 3232
|
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(6) , 9.2(1) to 9.2(3). |
2.1.4 |
Nexus 3232
|
NXAPI |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(3) to 7.0(3)I7(6) , 9.2(1) to 9.2(3). |
NA |
Nexus 3548 |
OpenFlow |
6.0(2)A6(x) or 6.0(2)A8(x) I7(5) and I7(5a) (OF agent is not required) 7.0(3)I7(2) to 7.0(3)I7(6) |
1.1.5 |
Nexus 3548 |
NXAPI |
Not Supported |
Not Supported |
Nexus 92160 / 92304
|
OpenFlow |
Not Supported |
Not Supported |
Nexus 92160 / 92304
|
NXAPI |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(3) to 7.0(3)I7(6) , 9.2(1) to 9.2(3). |
NA |
Nexus 9372 / 9396 / 93128
|
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(6) , 9.2(1) to 9.2(3). |
2.1.4 |
Nexus 9372 / 9396 / 93128 |
NXAPI |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(3) to 7.0(3)I7(6) , 9.2(1) to 9.2(3). |
NA |
93180LC-EX |
OpenFlow |
Not Supported |
Not Supported |
93180LC-EX |
NXAPI |
7.0(3)I4(1) to 7.0(3)I4(8), 7.0(3)I6(1), 7.0(3)I7(3) to 7.0(3)I7(6), 9.2(1) to 9.2(3). |
NA |
93108TC-EX / 93180YC-EX |
OpenFlow |
Not Supported |
Not Supported |
93108TC-EX / 93180YC-EX |
NXAPI |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(3) to 7.0(3)I7(6) , 9.2(1) to 9.2(3). |
NA |
93108TC-FX / 93180YC-FX |
OpenFlow |
Not Supported |
Not Supported |
93108TC-FX / 93180YC-FX |
NXAPI |
7.0(3)I7(1) to 7.0(3)I7(6), 9.2(1) to 9.2(3) |
NA |
Nexus 9504 / 9508 / 9516 |
OpenFlow |
Not Supported. |
Not Supported |
Nexus 9504 / 9508 / 9516 |
NXAPI |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(3) to 7.0(3)I7(6), 9.2(1) to 9.2(3) |
NA |
Nexus 31108TC-V / 31108PC-V |
NXAPI |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(3) to 7.0(3)I7(6) , 9.2(1) to 9.2(3). |
NA |
Nexus 31108TC-V / 31108PC-V |
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(6) , 9.2(1) to 9.2(3). |
NA |
Nexus 9336C-FX2 / 93240YC-FX2 |
NXAPI |
9.2(3).
|
NA |
The following tables provide the APIC versions supported on NDB.
Table 4 APIC versions supported on NDB
APIC Version |
Cisco Nexus Data Broker Minimum version |
Deployment Mode Supported |
1.1, 1.2 and 2.0 |
NDB 3.0 |
Centralized only |
2.X |
NDB 3.1 and above |
Centralized only |
The following tables provide the scalability limits for Cisco Nexus Data Broker for Centralized Deployment
Table 5 Scalability Limits for Cisco Nexus Data Broker
Description |
Small |
Medium |
Large |
Number of switches used for Tap and SPAN aggregation |
25 |
50 |
75 |
This section contains lists of open and resolved caveats and known behaviors.
This section lists the open caveats. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Description |
|
Node Id of the device group is not updated after upgrading from NDB release 3.X to 3.2 and above. |
|
Port configuration fails due to unsupported characters in description: Import. |
|
Reboot guest shell only after 60 seconds during NDB upgrade. |
|
Export operation does not retrieve Node specific configuration. |
|
Limitations in uploading a configuration that has redirections (bi-directional). |
|
NDB Server backup entries are not shown in the UI after the upgrade. |
|
Cisco NDB does not support NXOS 7.0(3)I7(2) NXAPI mode. |
|
Stale ACE entries are created on switch when TACACS+ server is unreachable. |
|
Unable to remove MAC ACE using sequence number in Cisco NXOS I7(2) release. |
This section lists the resolved caveats. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Bug ID |
Description |
SPAN synchronization is dropping traffic to tool ports. |
|
False flow inconsistencies are seen when switches are added in NXAPI mode. |
|
Default-match-all filter supports additional ethertypes. |
|
PTP and Timestamp configuration fails for ports that are in the port-channel. |
|
Programmed ACLs should Include 'ndb' in the name. |
This section lists the known caveats from the previous releases. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Bug ID |
Description |
Module Serial number instead of Switch serial number in OF statistics. |
|
Disk space not reclaimed in switch I7.x versions while uninstalling Embedded NDB. |
|
Unable to attach VLAN access list entry to the interface in NXOS Release 7.0(3)I6.1. |
|
Flows are not installing in switch with simple IPv6 match criteria. |
|
NXAPI w/TACACS authentication failing. |
|
Reconnecting the switch with NXOS I5.2 from NDB periodically. |
|
Device in NDB becomes suddenly disconnected - nginx_f crash. |
|
Openflow - Portchannel links are not seen on NDB, Release 2.1. |
|
Connections are not matched with the VLAN ID of source ports on ISL links with an IPv6 filter. |
|
IPv6 traffic is not hitting appropriate ACL deny entries that are configured with UDF. |
|
Redirect interface is missing from ACL after an upgrade operation. |
|
IP ACL with UDF match removes internal VLAN tag in Cisco NX-OS Release 9.3(2). |
|
Re-direct STP, CDP packets similar to LLDP port for Openflow. |
|
|
After device reload guestshell activation fails due to low memory on devices for NXOS 9.x.x version. |
After reloading switch N9372PX-118 in GS it takes more time to send interface details to NDB server. |
The Cisco Nexus Data Broker documentation can be accessed from the following websites:
Nexus Data Broker Datasheet http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/nexus-data-broker/data_sheet_c78-729452.html
General Documentation: http://www.cisco.com/c/en/us/support/cloud-systems-management/nexus-data-broker/tsd-products-support-series-home.html
The documentation includes installation information and release notes.
Document |
Description |
Cisco Nexus Data Broker Embedded Deployment Guide |
Describes the deployment Nexus Data Broker on NxOS devices either as a separate NDB virtual service or as a application along with GuestShell+ virtual service |
Cisco Nexus Data Broker Centralized Deployment Guide |
Describes the deployment of Nexus Data Broker in a Linux VM that be used to manage multiple NxOS device for SPAN configuration |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2018 Cisco Systems, Inc. All rights reserved.