Q&A

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 4

Monitor Business-Critical Network Traffic with Cisco Nexus Data Broker

June 2, 2016

Q. Are the Cisco Nexus Data Broker (NDB) SPAN ports still limited to 32 VLANs as sources? A. NDB does not change any SPAN capabilities on the source side. And these SPAN sources can be from any

switches that support SPAN: for example, Cisco Nexus® 7K, 6K, 5K; Cisco® Catalyst® switches; and so on. The SPAN scaling is based on the source switches, not on the NDB switches.

Q. Is the Cisco Nexus 9000 Series in NX-OS mode or also in an ACI environment? A. The NDB switch operates in NX-OS mode. However, the NDB switch can get SPAN traffic from both traditional

and ACI deployments.

Q. Can you just run the software while using gigamon hardware instead on Cisco Nexus gear? A. No. NDB software works only with Cisco Nexus 3Ks and Cisco Nexus 9Ks.

Q. Any chance this will be supported in 5k or 7k Cisco Nexus boxes? A. Currently there is no roadmap to make Cisco Nexus 5K or 7K as a NDB switch. However, if you have Cisco

Nexus 5K or 7K in your production network, you can bring SPAN traffic from these switches to NDB.

Q. Does communications continue if the Data Broker hardware and/or VM goes down? A. Forwarding will continue to flow. No effect to traffic being monitored.

Q. Can you mix NDB and switching on the same box, or do you need dedicated Cisco Nexus switches for NDB? A. Yes, you can mix them. You need to run in hybrid mode.

Q. How does Data Broker compare with Cisco Monitor Manager? A. NDB evolved from Cisco Monitor Manager.

Q. Do the 9Ks support 100G? A. Next-gen 9K supports 100G ports. Take a look at N9K-C9236C, N9K-X9432C-S LC, and N9K-X9732C-EX LC.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 4

Q. We use Open Flow on NDB to redirect the span traffic to our packet analyzers. Can you discuss the difference with using NX-API and some of the pros/cons of using Open Flow vs. NX-API? A. NDB still uses Open Flow. For some of the cases where Open Flow support is not there, NDB uses NX-API.

Q. Is there a cost to the feature on the switch or the software running in the VM? A. For licensing information, visit http://www.cisco.com/c/en/us/products/collateral/software/one-data-

center/datasheet-c78-733010.html.

Q. Can the 9K NDB be managed via the ACI APIC? A. In NDB 3.0, we have integration between NDB and ACI. The goal of the integration is to get packets from ACI

deployment to NDB. The communication is the other way around. NDB talks to ACI via ACI REST API to set up SPAN sources and destinations in ACI.

Q. Can this solution do deduplication of packets when we have capture done in multiple places of the traffic flow? A. No, NDB does not support deduplication at the moment.

Q. Does NDB support GRE header stripping? A. GRE header stripping is not supported today.

Q. Is there a design example I can reference if I have Cisco Nexus 7K as distribution with a mix of access switches N6K, N5K, and 3750X? A. We have some reference architectures for both traditional and ACI deployments. For details, contact us by

email.

Q. With the Cisco Nexus switch acting as NDB, which is the entry level? A. It depends on the number of ports that you want to monitor and port speeds. You can start with Cisco Nexus

3Ks.

Q. Is the NDB licensed with all Cisco Nexus 3k/9k, or is that a separate license? A. For licensing information, visit http://www.cisco.com/c/en/us/products/collateral/software/one-data-

center/datasheet-c78-733010.html.

Q. Is there a way for NDB to detect any connections that aren't currently active? For instance, in our environment it is common for someone to set up a "connection setup" to redirect SPAN traffic to a packet analyzer device. However, there are many cases in which cleanup work isn't done when the span traffic is no longer needed. A. NDB maintains statistics at the granularity of connection. You can look at those using GUI or query via REST

API to see if a particular connection is being used or not. In ACI deployments, NDB acts as a single point of management for ACI span configurations too. When you delete a connection in NDB, it will clean up in APIC as well. For standalone deployments, SPAN configuration needs to be set up and cleaned up separately. Q. How many VLANs can it support? A. NDB does not have any limitation on VLANs.

Q. Does NDB snap into the Cisco Prime interface for a single view of the network? A. No, currently NDB does not integrate with the Cisco Prime® interface.

Q. Is NDB licensing included with Cisco ONE™ foundations? A. Yes. Learn more at http://www.cisco.com/c/en/us/products/collateral/software/one-data-center/datasheet-c78-

733010.html.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 4

Q. Can I use my production network to connect the N3K/N9K one to another? Or do we need to have a dedicated link? A. You need to have Cisco Nexus 9K or 3K as the NDB switches. And you can bring in SPAN from production

network into these switches. You need to dedicate at least some ports for NDB.

Q. Is it supported to configure a range of interfaces on Cisco Nexus for Data Broker functions and the rest of the interfaces on the same box for production purposes? A. Yes, you can use the hybrid mode in which you can dedicate some ports for NDB and other ports for production

network.

Q. What is the difference between SPAN and TAP? Are they treated differently? A. Test access point (TAP) is a bump in the wire, a passive device that sits between the switches. SPAN replicates

the traffic on a port, performed inside the production switch. From the NDB side, how the traffic comes does not make a difference.

Q. Why do we have two options (SPAN and TAP) if it doesn't matter? A. When you use SPAN, you are making the switch to the traffic replication and are dedicating the port as SPAN

destination. With TAPs you don't lose any ports. However, TAPs are additional devices, and they cost money.

Q. What are the limits to hybrid mode? A. No limitations. After you dedicate the port to NDB, that can't be used for production.

Q. This solution is entirely out of band (that is, from production network). Does this mean that flows are not traversing existing production network the way that ERSPAN does? A. The communication between NDB and the NDB switches is via management port on the switches. It does not

interrupt production traffic. However, if you use ERSPAN for bringing in the traffic to NDB, it has to come through the production network.

Q. Stripping GRE headers is huge. Our company definitely needs this feature. A. We will get this into our roadmap.

Q. We have too many TOR switches to have physical connections from each TOR to the matrix switches. We would like to use ERSPAN to get the SPAN traffic to the matrix switches. However, NDB can't strip out GRE headers. A. You can use ERSPAN type-2 or type-3 header. ERSPAN destination today is supported on 3500 switches,

which can remove the ERSPAN headers and forward the packet. This will be available on the new cloud-scale 9000 series switches, which are 9200 and 9300-EX.

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 4

Q. Because NDB and Openflow are seemingly in their infancy, what are some good ways to connect with others who are actively doing NDB implementations? A. We also have NXAPI mode for configuring the same functionality. We started with Openflow two years ago and

continue to add functionality in both modes. Q. Number of SPAN ports is limited on source switches (like limited number per VDC configuration). Do you have a best practices suggestions so you don’t run out of SPANs available? A. With Cisco Nexus 9K and 3K you can have 4 SPAN sessions on each switch. You can also use 40G links as

SPAN destinations. We see more and more customers moving to SPAN from TAP, as SPAN technology has evolved. Q. Will the filtering allow exclusion of traffic? For example, will it allow all traffic except NFS, SMB, and other file access or backup traffic? A. Yes, you can filter based on any parameters in L2-L4 headers. It's fairly flexible. For HTTP traffic, you can even

filter based on HTTP methods.