We are excited to announce the availability of Cisco Nexus Data Broker software release 2.0. Using the Cisco Nexus Data Broker software, Cisco’s approach replaces the traditional purpose-built matrix switches used for network taps or SPAN aggregation with one or more OpenFlow-enabled Cisco Nexus switches.
Visibility into application traffic has traditionally been important for infrastructure operations to maintain security, resolve problems, and perform resource planning. Now, however, as a result of technological advances and the ubiquity of the Internet, organizations increasingly are seeking not just visibility but real-time feedback about their business systems to more effectively engage their customers. Also, with the rapid evolution of cloud-based technologies, there is a strong need for scalable and cost-effective network traffic tap/SPAN aggregation for traffic monitoring solutions. The traditional approach that uses purpose-built matrix switches for netowrk tap/SPAN aggregation to feed traffic to multiple systems for security, compliance and application performance monitoring has three primary challenges:
This approach is too expensive to scale the visibility to meet today’s business requirements.
The purpose-built switches are statically programmed with predetermined filtering and forwarding rules, so they cannot act in an event-based way to provide traffic visibility in real time.
Support for interconnecting multiple switches for a scalable deployment that suits your data center architecture is limited.
With Cisco Nexus Data Broker (see Figure 1), the traffic is tapped into this bank of switches in the same manner as in a purpose-built matrix network. However, with Cisco Nexus Data Broker, you can interconnect these Cisco Nexus switches to build a scalable tap and SPAN aggregation infrastructure. You also can use a combination of network taps and SPAN sources to bring the copy of the production traffic to this infrastructure. In addition, you can distribute the network tap and SPAN sources and traffic monitoring and analysis tools across multiple Cisco Nexus switches. Cisco Nexus Data Broker also provides the flexibility to aggregate traffic from multiple tap or SPAN sources and replicate and forward traffic to multiple analysis tools for monitoring. See Table 1 for a list of important features and functions.
Supported topology for Cisco® Monitor Manager network
Cisco Nexus Data Broker software discovers the Cisco Nexus switches and associated topology for Tap/SPAN aggregation.
The software allows you to configure ports as monitoring tool ports or input Tap/SPAN ports.
You can set end-device names for easy identification in the topology.
Support for QinQ to tag input source Tap/SPAN port
You can tag traffic with a VLAN for each input Tap or SPAN port.
Q-in-Q support in edge Tap and SPAN ports allow you to uniquely identify the source of traffic and preserve production VLAN information.
Symmetric hashing or symmetric load balancing*
You can configure the hashing based on Layer 3 (IP address) or Layer 3 + Layer 4 (protocol ports) for load balancing the traffic across a port-channel link.
You can spread the traffic across multiple tool instances to meet the high-traffic-volume scale.
Rules for matching monitored traffic
You can match traffic based on Layer 1 through Layer 4 criteria.
You can configure the software to send only the required traffic to the monitoring tools without flooding the tools with unnecessary traffic.
You can configure action to set the VLAN ID for the matched traffic.
Replicate and forward traffic
You can configure the software to aggregate traffic from multiple input Tap/SPAN ports that could be spread across multiple Cisco Nexus switches.
You can replicate and forward traffic to multiple monitoring tools that can be connected across multiple Cisco Nexus switches.
This solution is the only one that supports any:many forwarding across a topology.
You can time-stamp a packet at ingress using the Precision Time Protocol (PTP; IEEE 1588), thereby providing nanosecond accuracy. You can use this capability for critical transaction monitoring and archiving data for regulatory compliance and advance troubleshooting.
You can configure the software to truncate a packet beyond specified bytes.
The minimum is 64 bytes.
You can retain a header for only analysis and troubleshooting.
You can configure the software to discard the payload for security or compliance reasons.
End-to-end path visibility
For each traffic forwarding rule, the solution provides a complete end-to-end path visibility all the way from source ports to the monitoring tools, including the path through the network.
React to changes in the Tap/SPAN aggregation network states
You can monitor and keep track of network condition changes.
You can configure the software to react to link or node failures by automatically reprogramming the flows through an alternative path.
Management for multiple disjointed Cisco Monitor Manager networks
You can manage multiple independent traffic monitoring networks, which may be disjointed, using the same Cisco Nexus Data Broker instance. For example, if you have five data centers and you want to deploy an independent Cisco Monitor Manager solution for each data center, you can manage all of these five independent deployments using a single Cisco Nexus Data Broker instance by creating a logical partition (network slice) for each monitoring network.
Role Based Access Control (RBAC)
Application access can be integrated with corporate AAA server for both authentication and authorization
You can create port groups and associate the port groups with specific user roles
Capability to assign users to specific roles and port groups; users can manage only those ports
*Feature supported only on Cisco Nexus 3500.
**Feature supported only on Cisco Nexus 3100.
Please visit the Cisco NDB website for more information. If you are going to be in NYC at Interop Sep 29 -- Oct 2, please visit us to hear Jothi Prakash Prabakaran talk about Nexus Data Broker as a scalable network traffic monitoring solution in the Cisco booth (#611) theater.
Cisco has a broad base of data center customers with a diverse set of requirements and we meet their needs with Nexus -- the most comprehensive switching portfolio in the industry. This week, we are making announcements for both the Nexus 9000 series and the Nexus 3000 series that provide design and deployment flexibility for our commercial, enterprise, service provider, as well as cloud customers. Key points of the announcement include:
ACI (Application Centric Infrastructure) is shipping this month;
Additional linecard and chassis options provide customer choice and flexibility;
100G linecards for the Nexus 9500 will be available in Q4CY14 and will offer the highest density in the industry; and
New starter kits and bundles help customers ease transitions.
The Nexus 9000 Series
ACI is shipping this month
The Nexus 9000 series can operate in standard NX-OS mode or in ACI mode. In either case the Nexus 9000 portfolio delivers the value of the “5 P’s” of Power efficiency, Price, Port density, Performance, and Programmability. NX-OS mode provides customers with the value of the NX-OS operating system used by tens of thousands of customers in data centers around the world. ACI mode adds to NX-OS capabilities by providing an application driven policy model, integration of hardware and software, and centralized visibility, among other things. ACI requires a controller and switch software. Both are shipping this month. It is important to note that the pricing for this solution is simple and predictable. There is a perpetual license for each leaf switch. Other pricing approaches in the industry are monthly and are based on varying elements like number of VM’s. Comparing the two approaches is somewhat like comparing a cell phone bill that is either flat rate or usage based. Personally, I like the simplicity and predictability of flat rate. See The Future of Networking, as well as SDN and Beyond for additional details on new ACI announcements and how they can take you beyond SDN.
Additional linecard and chassis options underscore flexibility
We’ll consider how flexibility is delivered for both modular and fixed platforms. For modular switching, the Nexus 9500 modular chassis family offers different line card options that can be mixed in the same chassis and allow customers to “dial up” or “dial down” their design based upon the price, performance, feature set, and scale they want to achieve. There are basically 3 different ‘flavors’, all of which are now shipping:
The Nexus 9500 X9400 set of 1/10G and 40G line cards are based on merchant silicon and provide industry-leading price and performance compared to other merchant silicon switches. These provide a very cost effective solution ideal for traditional modular data center designs.
The Nexus 9500 X9500 set of 1/10G and 40G line cards are sometimes referred to as “merchant plus” because they have custom Cisco ASICs, in addition to merchant silicon, and are ideal for customers that need performance together with additional buffering and VXLAN routing capabilities. The X9500 line cards can be used in future ACI designs as well.
The Nexus 9500 X9600 set of 40G line cards provide performance without compromise even for small packet sizes.
The Nexus 9300 series offers ACI capabilities (ala the X9500 linecards in item 2 above) in a fixed form factor. For customers interested in a merchant only fixed form factor, we offer the Nexus 3000 family. This week, we announced the new Nexus 3164, which provides 64 ports of 40G and is a great solution for 40G access or space constrained aggregation.
We are also announcing 100G linecards that we believe will deliver industry leading port density of up to 128 ports of 100G in a single chassis. 100G for both the X9400 and X9600 series will be available for the Nexus 9500 in Q4CY14. Cisco will offer an 8 port 100G X9400 line card and a 12 port 100G X9600 line card.
New starter kits and bundles ease transitions
There are numerous packages available to ease transitions -- from 1G to 10G, 10G to 40G, or from traditional networks to ACI. There are 2 bundles I want to quickly call out. The first provides a smooth transition for customers with older End of Row Catalyst 6500’s in their data centers. It occupies the same rack space and uses the same cabling as they currently have, but provides 10X the performance. The second is basically an ACI starter kit, providing the APIC, spine switches and leaf switches, even optical cables – everything required to set up and get started with an ACI pod.
In summary, Cisco is continuing its rapid pace of innovation and execution around ACI and data center switching overall. Ultimately, this means customers gain choice, flexibility and true innovation to support their business needs.
The next generation Nexus 5600 family offers VXLAN bridging and routing capability, line rate L2/L3, and 40G uplinks, to deliver high performance in a compact form factor for 10G Top of Rack, 1/10G FEX aggregation deployments.
AND THERE HAS BEEN BROAD CUSTOMER ADOPTION ACROSS THE DATA CENTER!
From Nexus 1000V to the Nexus 9000, Cisco’s holistic approach resonates with customers because it provides increased business agility, operational efficiency, and empowers IT to rapidly evolve as business requirements change.
Here are the latest examples of why our customers chose Nexus:
There’s been a lot of news and momentum surrounding VXLAN technology in the last several months, and there is no doubt that VXLAN is becoming a more strategic and pervasive technology across cloud networks as a result. When we rolled out VXLAN about two years ago with the first commercial implementation as part of our Nexus 1000V virtual switch, VXLAN was solely a virtual networking construct and had real constraints in how it could be extended to physical networks and devices. It was also restricted to overlay networks using our Nexus 1000V switch (or other virtual switches supporting the VXLAN overlay protocol).
Now, however, VXLAN is being supported broadly across Cisco networking platforms and devices, across multiple Cisco fabric architectures, and we are even seeing broader support from other vendor ecosystems and non-Cisco switching platforms. Cisco is continuing to expand its support for VXLAN onto the new Nexus 5600 Series switches, as well as Nexus 7700 Series using the F3 line card.
For those of you not fully up to speed on VXLAN, VXLAN stands for Virtual eXtensible Local Area Network, and started out as vastly more scalable Layer 2 LAN and tenant isolation construct for data center and cloud networks. Where cloud networks were running out of only 4000+ VLAN IDs to segment application networks, VXLAN gave them over 16 Million logical network segments.
On September 30th at Interop New York we announced the Cisco Nexus 3100 top-of-rack flexible switches. The show floor was buzzing with the news and the Techwise TV video below with Senior Product Manager, Jag Tamvada and self proclaimed Chief Networking Geek Jimmy Ray Purser discuss details of the switches.