We are excited to announce the availability of Cisco Nexus Data Broker software release 2.0. Using the Cisco Nexus Data Broker software, Cisco’s approach replaces the traditional purpose-built matrix switches used for network taps or SPAN aggregation with one or more OpenFlow-enabled Cisco Nexus switches.
Visibility into application traffic has traditionally been important for infrastructure operations to maintain security, resolve problems, and perform resource planning. Now, however, as a result of technological advances and the ubiquity of the Internet, organizations increasingly are seeking not just visibility but real-time feedback about their business systems to more effectively engage their customers. Also, with the rapid evolution of cloud-based technologies, there is a strong need for scalable and cost-effective network traffic tap/SPAN aggregation for traffic monitoring solutions. The traditional approach that uses purpose-built matrix switches for netowrk tap/SPAN aggregation to feed traffic to multiple systems for security, compliance and application performance monitoring has three primary challenges:
- This approach is too expensive to scale the visibility to meet today’s business requirements.
- The purpose-built switches are statically programmed with predetermined filtering and forwarding rules, so they cannot act in an event-based way to provide traffic visibility in real time.
- Support for interconnecting multiple switches for a scalable deployment that suits your data center architecture is limited.
With Cisco Nexus Data Broker (see Figure 1), the traffic is tapped into this bank of switches in the same manner as in a purpose-built matrix network. However, with Cisco Nexus Data Broker, you can interconnect these Cisco Nexus switches to build a scalable tap and SPAN aggregation infrastructure. You also can use a combination of network taps and SPAN sources to bring the copy of the production traffic to this infrastructure. In addition, you can distribute the network tap and SPAN sources and traffic monitoring and analysis tools across multiple Cisco Nexus switches. Cisco Nexus Data Broker also provides the flexibility to aggregate traffic from multiple tap or SPAN sources and replicate and forward traffic to multiple analysis tools for monitoring. See Table 1 for a list of important features and functions.
Features of the New Cisco Data Broker Release 2.0
|Supported topology for Cisco® Monitor Manager network
- Cisco Nexus Data Broker software discovers the Cisco Nexus switches and associated topology for Tap/SPAN aggregation.
- The software allows you to configure ports as monitoring tool ports or input Tap/SPAN ports.
- You can set end-device names for easy identification in the topology.
|Support for QinQ to tag input source Tap/SPAN port
- You can tag traffic with a VLAN for each input Tap or SPAN port.
- Q-in-Q support in edge Tap and SPAN ports allow you to uniquely identify the source of traffic and preserve production VLAN information.
|Symmetric hashing or symmetric load balancing*
- You can configure the hashing based on Layer 3 (IP address) or Layer 3 + Layer 4 (protocol ports) for load balancing the traffic across a port-channel link.
- You can spread the traffic across multiple tool instances to meet the high-traffic-volume scale.
|Rules for matching monitored traffic
- You can match traffic based on Layer 1 through Layer 4 criteria.
- You can configure the software to send only the required traffic to the monitoring tools without flooding the tools with unnecessary traffic.
- You can configure action to set the VLAN ID for the matched traffic.
|Replicate and forward traffic
- You can configure the software to aggregate traffic from multiple input Tap/SPAN ports that could be spread across multiple Cisco Nexus switches.
- You can replicate and forward traffic to multiple monitoring tools that can be connected across multiple Cisco Nexus switches.
- This solution is the only one that supports any:many forwarding across a topology.
- You can time-stamp a packet at ingress using the Precision Time Protocol (PTP; IEEE 1588), thereby providing nanosecond accuracy. You can use this capability for critical transaction monitoring and archiving data for regulatory compliance and advance troubleshooting.
- You can configure the software to truncate a packet beyond specified bytes.
- The minimum is 64 bytes.
- You can retain a header for only analysis and troubleshooting.
- You can configure the software to discard the payload for security or compliance reasons.
|End-to-end path visibility
- For each traffic forwarding rule, the solution provides a complete end-to-end path visibility all the way from source ports to the monitoring tools, including the path through the network.
|React to changes in the Tap/SPAN aggregation network states
- You can monitor and keep track of network condition changes.
- You can configure the software to react to link or node failures by automatically reprogramming the flows through an alternative path.
|Management for multiple disjointed Cisco Monitor Manager networks
- You can manage multiple independent traffic monitoring networks, which may be disjointed, using the same Cisco Nexus Data Broker instance. For example, if you have five data centers and you want to deploy an independent Cisco Monitor Manager solution for each data center, you can manage all of these five independent deployments using a single Cisco Nexus Data Broker instance by creating a logical partition (network slice) for each monitoring network.
|Role Based Access Control (RBAC)
- Application access can be integrated with corporate AAA server for both authentication and authorization
- You can create port groups and associate the port groups with specific user roles
- Capability to assign users to specific roles and port groups; users can manage only those ports
*Feature supported only on Cisco Nexus 3500.
**Feature supported only on Cisco Nexus 3100.
Please visit the Cisco NDB website for more information. If you are going to be in NYC at Interop Sep 29 – Oct 2, please visit us to hear Jothi Prakash Prabakaran talk about Nexus Data Broker as a scalable network traffic monitoring solution in the Cisco booth (#611) theater.
Tags: Cisco Nexus Data Broker, Data Center Visibility, NDB, Nexus 3000, Nexus 7000, SDN, Tap/SPAN aggregation
In case you didn’t notice , the partnership between Citrix and Cisco has been growing nicely over the part 2 years in many areas .
Amongst numerous areas of collaboration here are some common solutions that will be highlighted at the coming conference Citrix Synergy
- Cisco Enterprise Mobility solution for business to employee with Citrix XenMobile
- Cisco Desktop Virtualization with Citrix Xen Desktop 7.1 on Cisco UCS
- Cisco DaaS with Citrix (CloudPlatform or UCS director on UCS)
- Cisco’s Citrix NetScaler 1000V (vPath and RISE)
- Cisco ACI strategy and how Citrix integrates OpFlex.
The last bullets point, especially the endorsement by Citrix of RISE , the new protocol for Nexus 7000 have been amply covered over the past weeks in blogs from Gary Kinghorn as well as video – You will find links at the bottom of this blogs. But check also Citrix page on Netscaler 1000V.
Citrix was one of the close partner present when we announced last month at Interop OpFlex, a new open standards- based protocol (OpFlex) for Application Centric Infrastructure (ACI) .In this video, Sunil Potti, Citrix VP & GM Netscaler, explained why Citrix is standing shoulder to shoulder with Cisco on this topic.
Cisco and Citrix have been also working diligently to offer the best solutions in terms of mobility . You may want to check this blog from Jonathan Gilad on Cisco strategy and solutions around mobile workplace . Check his recent blog Beyond BYOD to Workspace mobility
Read More »
Tags: ACI, byod, Cisco, citrix, citrixsynergy, cloud, dAAS, EMC, FlexPod, netapp, NetScaler, Nexus 7000, OpFlex, RISE, Sunil Potti, UCS, ucs director, Vblock, VCE, vPath, Xen desktop 7.1, Xenmobile
Just prior to Interop about two weeks ago, Cisco unveiled its Remote Integrated Services Engine (RISE) on the Nexus 7000 series switch. Remote Integrated Service Engine (RISE) is a new protocol being added to the Nexus 7000 and 7700 platforms through NX-OS (software upgradeable to existing devices), that integrates external service appliances attached to Nexus 7000 Series switches with the same benefits as if the appliance was directly connected to the switch backplane, just like a dedicated service module. Initially, Citrix NetScaler Application Delivery Controllers (ADC) and the Cisco Prime Network Analysis Module (NAM) are the first services appliances that have integrated with RISE, and have been tested and Certified as “RISE-enabled”. With the announcement of RISE, we expect to develop an ecosystem of partners that will work with Cisco to take advantage of this technology, including other application services vendors and firewalls.
At Interop, I had a chance to meet up on the show floor with Citrix NetScaler Product Manager, Joe Peck, to talk about why Citrix is taking advantage of this new RISE technology.
But wait there’s more… Read More »
Tags: Cisco Prime NAM, citrix, interop, NetScaler, Nexus 7000, RISE
Last week was a busy week in Las Vegas at another eventful Interop. In addition to our new announcements around ACI, we’ve been busy showing off our new Remote Integrated Services Engine (RISE) capability we introduced for the Nexus 7000 Series switch. Our introductory series on RISE concludes with a look at how RISE facilitates network integration of Cisco Prime Network Analysis Module (NAM) through the Nexus 7000.
Following our initial blog announcement last week, Andrew Lerner at Gartner took time from a busy Interop week to provide a nice blog on the RISE integration with Citrix NetScaler as well, which I encourage you to read here.
If you recall from my earlier posts here and here, RISE is the new protocol in the Nexus 7000 and 7000 Series switch that allows integration of a remote service appliance like NAM or an application delivery controller with the same functional capability as if it was attached to the switch backplane like an embedded services blade. Devices can actually be connected over any layer 2 network, and not necessarily directly connected to the Nexus switch ports, although that is the usual configuration. RISE-enabled ports are configured on the Nexus 7000 and up to 4 dedicated ports per appliance can be configured for maximum throughput to connected devices.
It’s a great benefit for appliance vendors to not have to develop specific network-embedded modules of their products to install inside the chassis, as well as saving valuable slots while providing the same degree of traffic visibility and optimization for the appliance. In this video, I had a chance to sit down with Praveen Chandra, Director of NAM Engineering at Cisco, to talk about the first Cisco service appliance to support RISE and what it means for Prime NAM customers:
Tags: cisco prime, Cisco Prime NAM, Network Analysis Module, Nexus 7000, Remote Integrated Services Engine, RISE
It’s been a busy week at Interop in Las Vegas so far, and we’re getting a lot of interest in our new Remote Integrated Services Engine (RISE) technology for the Nexus 7000 Series switches, which Cisco unveiled earlier this week. RISE integrates service appliances attached to Nexus 7000 Series switches as if the appliance was directly connected to the switch backplane, as if it were a dedicated service module. Cisco RISE establishes a communication path between the network data plane and the service appliance, simplifying deployments and optimizing data paths with better traffic visibility within the data center.
Recently, I had a chance to sit down with Steve Shah, Citrix Senior Director of Product Management to talk about why they were the first to integrate with RISE technology, and what benefits it has for their NetScaler customers.
Tags: Citrix NetScaler, Nexus 7000, Remote Integrated Services Engine, RISE