Cisco Nexus Data Broker, Release 3.7.1, Release Notes
This document describes the features, caveats, and limitations for the Cisco Nexus Data Broker (NDB) software, Release 3.7.1.
Additional product documentation is listed in the “Related Documentation” section.
Table 1 shows the online change history for this document.
Table 1 Online History Change
Date |
Description |
February 26, 2019 |
Created the release notes for the 3.7.1 release. |
March 11, 2019 |
Added support to configure sessions with UCS B series servers (rack servers). |
June 7, 2019 |
Updated Feature Limitations section. |
June 20, 2019 |
Added support for the following NX-OS versions: I7(6), 9.2(3), and I4(9). |
Sep 19, 2019 |
Removed bug, CSCuy81389, from the list of Open Caveats. |
January 9, 2020 |
Added CSCvs50998 to the list of known caveats. |
This document includes the following sections:
· Caveats
Visibility into application traffic is important for infrastructure operations to maintain security and compliance, and to perform resource planning and troubleshooting. With the technological advances and growth in cloud-based applications, it has become imperative to gain increased visibility into the network traffic. Traditional approaches to gain visibility into network traffic are expensive and rigid, making it difficult for managers of large-scale deployments.
Cisco Nexus Data Broker (NDB) with Cisco Nexus Switches provides a software-defined, programmable solution to aggregate copies of network traffic using SPAN or network taps for monitoring and visibility. As opposed to traditional network taps and monitoring solutions, this packet-brokering approach offers a simple, scalable and cost-effective solution well-suited for customers who need to monitor higher-volume and business-critical traffic for efficient use of security, compliance, and application performance monitoring tools.
Cisco NDB also provides a software-defined, programmable solution to perform inline inspection of the network traffic for monitoring and visibility purpose. Inline traffic inspection is performed on specific traffic by redirecting it through multiple security tools before it enters or exits a network.
This section lists the new and changed features in Cisco NDB 3.7.1 release:
· MTU setting for delivery port – Provision to set MTU from NDB on delivery ports.
· Support to configure sessions with UCS B series (rack server) connected to leafs via Fabric interconnect (Fabric loose nodes in ACI) as ACI Span Session source.
Feature Limitations
The following feature limitation apply for the Cisco Nexus Data Broker, Release 3.7.1:
· NDB Openflow embedded is not supported on Cisco Nexus 3000/9000 series switches running 7.0(3)I6.1 and 7.0(3)I7.1 NXOS image.
· Dry Run feature is disabled by default. To enable this feature, see Cisco NDB Configuration Guide.
· Default deny ACL on all ports and Default ISL deny ACL on ISL ports is enabled by default for Cisco NDB Release 3.6 and later releases. To disable this feature, please refer the Cisco NDB Release 3.7 Configuration Guide or Cisco NDB 3.7 Deployment Guide.
This section lists the usage guidelines and limitations for the Cisco Nexus Data Broker.
■ By default, NDB cluster URL is https://<NDBIP>:8443.
■ NDB supports Google Chrome version 45.x and later, FireFox version 45.x and later, and Internet Explorer version 11 and later.
■ APIC versions supported are 1.1, 1.2, and 2.0 series.
■ The switchport mode trunk and spanning-tree bpdufilter enable command should be enabled for all the inter-switch ports on all the NDB managed switches.
■ Cisco Nexus Data Broker Embedded will be supported on NxOS 7.0(I4).1 onwards, and 7.0(3)I6.1 onwards. For more information, see the Nexus Data Broker Hardware and Software Interoperability Matrix section.
■ The following features will not be supported in embedded mode deployment of Cisco Nexus Data Broker:
— Adding another NDB device
— Adding APIC for ACI SPAN session
— Adding production device for the SPAN session
— Configuring SPAN session
— Configuring copy device
— Configuring copy sessions
— Scheduling Configuration Backup
— NDB High availability is not supported
— TLS communication between the NDB controller and the switches is not supported
— Secured communication between the browser and NDB controller is not supported
■ Cisco Nexus switches managed by Cisco Nexus Data Broker in NX-API mode must have LLDP feature enabled. Disabling LLDP may cause inconsistencies and require device rediscovery.
■ When removing devices from the Cisco Nexus Data Broker, the device associated port definitions and connections should be removed first. Otherwise, the device might contain stale configurations created by the Cisco Nexus Data Broker.
■ For secured communication between Nexus Data Broker and Device through HTTPS, start Nexus Data Broker in TLS mode for the first time only. Subsequent NDB restarts does not require TLS mode. For more details, refer to Cisco Nexus Data Broker Configuration Guide.
■ The TLS KeyStore and TrustStore passwords are sent to the Cisco Nexus Data Broker so it can read the password-protected TLS KeyStore and TrustStore files only through HTTPS.
./xnc config-keystore-passwords [--user {user} --password {password} --url {url} --verbose --prompt --keystore-password {keystore_password} --truststore-password {truststore_password}.
Here default URL to be - https://Nexus_Data_Broker_IP:8443
■ A Cisco Nexus Data Broker instance can support either the OpenFlow or NX-API configuration mode, it does not support both configuration modes in the same NDB instance.
■ VLAN based IP filtering is not supported for Nexus Series switch with NxOS version 7.0(3)I6.1. Hence, the filtering fails when you filter the traffic for the following series of switches: 92160YC-X Switch,92300YC Swicth, 9272Q switch, 92304Q Switch, 9236C Switch.
■ For the NDB cluster deployment, the round trip delay across the various servers participating in the cluster should be less than 50 milliseconds. If the round trip delay is more, the NDB cluster behaves unexpectedly. The NDB server round trip delay should be less than 50 ms. If anything above that will have issue in NDB sync up with member servers.
■ Do not configure TACACS on the NDB switches. You can configure it only for authentication and authorization. Not to be used for accounting.
■ For Cisco NDB Release 3.7, Cisco NX-OS Release versions 7.0(3)I5(1), 7.0(3)I5(2), and 7.0(3)I7(2) are not recommended for NXAPI deployment and Cisco NX-OS Release versions 7.0(3)I5(1) and 7.0(3)I5(2) are not recommended OpenFlow deployments.
The Cisco Nexus Data Broker, Release 3.7.1 supports the following operating systems for the full visibility software sensors:
Table 2 Cisco NDB Compatibility Information
Device Model |
Cisco Nexus Data Broker Minimum version |
Deployment Mode Supported |
Supported Use Cases |
Cisco Nexus 3000 Series |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation and |
Cisco Nexus 3100 platform |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation and |
Cisco Nexus 3164Q Switch |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 3200 switch |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only In-line redirection |
Cisco Nexus 3500 Series |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9200 switch |
Cisco Nexus Data Broker 3.1 or later |
Centralized and Embedded Note: Cisco Nexus 9200 Series switches support only one switch deployment. |
Tap/SPAN aggregation only |
Cisco Nexus 9300 platform |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation and |
Cisco Nexus 9300-EX switch |
Cisco Nexus Data Broker 3.1 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9300-FX switch |
Cisco Nexus Data Broker 3.5 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9500 platform |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9500-EX switch |
Cisco Nexus Data Broker 3.5 or later |
Centralized only |
Tap/SPAN aggregation only |
Cisco Nexus 9500-FX switch |
Cisco Nexus Data Broker 3.5 or later |
Centralized only |
Tap/SPAN aggregation only |
Cisco Nexus 9500-FX switch |
Cisco Nexus Data Broker 3.7 or later |
Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 31100 Platfrom |
Cisco Nexus Data Broker 3.7 or later |
Centralized and Embedded |
Tap/SPAN aggregation and In-line redirection |
Cisco Nexus 9300-FX2 Platfrom |
Cisco Nexus Data Broker 3.7 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
The following table lists the hardware and software ineteroperability matrix for NDB Release 3.7.1.
Table 3 Nexus Data Broker Hardware and Software Interoperability Matrix
Nexus Switch Model(s) |
Implementation Type |
Supported NX-OS Versions |
OpenFlow Agent |
3048/3064/3172 |
OpenFlow |
6.0(2)U6(x), I2(x), and I3(x) |
1.1.5 |
3048/3064/3172 |
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4) |
2.14 |
3046/3064 |
NX-API |
6.0(2)U6(x), 7.0(3)I4(1) to 7.0(3)I4(8b) |
Not supported |
3172 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4) |
Not applicable |
3164 |
OpenFlow |
Not supported |
Not supported |
3164 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4) |
Not applicable |
3232 |
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4) |
2.14 |
3232 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4)
|
Not applicable |
3548 |
OpenFlow |
6.0(2)A6(x) and 6.0(2)A8(x). I7(5) and I7(5a), and 9.3(1) (OF agent is not required) 7.0(3)I7(2) to 7.0(3)I7(7) |
1.1.5 |
3548 |
NX-API |
Not supported |
Not supported |
92160/92304 |
OpenFlow |
Not supported |
Not supported |
92160/92304 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4) |
Not applicable |
9372/9396/93128 |
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4) |
2.14 |
9372/9396/93128 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4) |
Not applicable |
9364C/9332C
|
NX-API |
9.2(3) to 9.2(4) and 9.3(1) to 9.3(4) |
NA |
9364C/9332C |
OpenFlow |
Not supported |
Not supported |
93180LC-EX / 93108TC-EX / 93180YC-EX |
OpenFlow |
Not supported |
Not supported |
93180LC-EX / 93108TC-EX / 93180YC-EX |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4)
|
NA |
93108TC-FX / 93180YC-FX |
OpenFlow |
Not supported |
Not supported |
93108TC-FX / 93180YC-FX |
NX-API |
7.0(3)I7(1) to 7.0(3)I7(7) and 9.2(1) to 9.2(4) , 9.3(1) to 9.3(4) |
Not applicable |
9504/9508/9516 |
OpenFlow |
Not supported |
Not supported |
9504/9508/9516 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(2) |
Not applicable |
31108TC-V / 31108PC-V |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4)
|
Not applicable |
31108TC-V / 31108PC-V |
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4) |
Not applicable |
9336C-FX2 / 93240YC-FX2 |
NX-API |
7.0(3)I7(5), 7.0(3)I7(5a), 7.0(3)I7(6), 7.0(3)I7(7), 9.2(1) to 9.2(4), 9.3(1) to 9.3(4) |
Not applicable |
N9K-C93360YC-FX2 |
NX-API |
9.3(1) to 9.3(4) |
Not applicable |
The following tables provide the APIC versions supported on NDB.
Table 4 APIC versions supported on NDB
APIC Version |
Cisco Nexus Data Broker Minimum version |
Deployment Mode Supported |
1.1, 1.2 and 2.0 |
NDB 3.0 |
Centralized only |
2.X |
NDB 3.1 and above |
Centralized only |
4.X |
NDB 3.7 and above |
Centralized only |
The following tables provide the scalability limits for Cisco Nexus Data Broker for Centralized Deployment
Table 5 Scalability Limits for Cisco Nexus Data Broker
Description |
Small |
Medium |
Large |
Number of switches used for Tap and SPAN aggregation |
25 |
50 |
75 |
This section contains lists of open and resolved caveats and known behaviors.
This section lists the open caveats. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Description |
|
Direction change should be supported while editing span session. |
|
Port configuration fails while importing the json file with unsupported characters in the description.
|
|
Node Id of the device group is not updated after upgrading from NDB release 3.X to 3.2 and above. |
|
Export operation does not retrieve Node specific configuration. |
|
Limitations in uploading a configuration that has redirections (bi-directional). |
|
NDB Server backup entries are not shown in the UI after the upgrade. |
|
“Could not commit transaction” exception thrown at NDB. |
This section lists the resolved caveats. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Bug ID |
Description |
Replacing a filter on a connection with its clone may generate incomplete ACL without the filter ACE. |
|
Timestamp tag field needs to be enabled on NDB UI for 3548 device in AUX mode. |
|
SPAN synchronization is dropping traffic to tool ports. |
|
False flow inconsistencies are seen when switches are added in NXAPI mode. |
|
Default-match-all filter supports additional ethertypes. |
|
PTP and Timestamp configuration fails for ports that are in the port-channel. |
|
Programmed ACLs should Include 'ndb' in the name. |
This section lists the known caveats from the previous releases. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Bug ID |
Description |
Module Serial number instead of Switch serial number in OF statistics. |
|
Unable to attach VLAN access list entry to the interface in NXOS Release 7.0(3)I6.1. |
|
Flows are not installing in switch with simple IPv6 match criteria. |
|
NXAPI w/TACACS authentication failing. |
|
Reconnecting the switch with NXOS I5.2 from NDB periodically. |
|
Device in NDB becomes suddenly disconnected - nginx_f crash. |
|
Openflow - Portchannel links are not seen on NDB, Release 2.1. |
|
Connections are not matched with the VLAN ID of source ports on ISL links with an IPv6 filter. |
|
IPv6 traffic is not hitting appropriate ACL deny entries that are configured with UDF. |
|
Redirect interface is missing from ACL after an upgrade operation. |
|
Disk space not reclaimed in switch I7.x versions while uninstalling Embedded NDB. |
|
Unable to remove MAC ACE using sequence number in Cisco NXOS I7(2) release. |
|
IP ACL with UDF match removes internal VLAN tag in Cisco NX-OS Release 9.3(2). |
|
Re-direct STP, CDP packets similar to LLDP port for Openflow. |
|
After device reload guestshell activation fails due to low memory on devices for NXOS 9.x.x version. |
|
After reloading switch N9372PX-118 in GS it takes more time to send interface details to NDB server. |
|
|
9508/9516-with 4k VLAN scale modules go to powered down state when upgrading to 9.3.3 and above. |
The Cisco Nexus Data Broker documentation can be accessed from the following websites:
Nexus Data Broker Datasheet http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/nexus-data-broker/data_sheet_c78-729452.html
General Documentation: http://www.cisco.com/c/en/us/support/cloud-systems-management/nexus-data-broker/tsd-products-support-series-home.html
The documentation includes installation information and release notes.
Document |
Description |
Cisco Nexus Data Broker Embedded Deployment Guide |
Describes the deployment Nexus Data Broker on NxOS devices either as a separate NDB virtual service or as a application along with GuestShell+ virtual service |
Cisco Nexus Data Broker Centralized Deployment Guide |
Describes the deployment of Nexus Data Broker in a Linux VM that be used to manage multiple NxOS device for SPAN configuration |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2019 Cisco Systems, Inc. All rights reserved.