Q. What is the Cisco® Catalyst® 6500 Series Network Analysis Module (NAM-3) and what does it do?
A. The Cisco Catalyst 6500 Series NAM-3 is an integrated traffic and performance analysis blade designed for 10 Gigabit Ethernet networks that empowers network administrators to quickly understand how traffic over the network is being used and how it is performing to troubleshoot performance issues and help ensure a consistent end-user experience. It combines a rich set of embedded data collection and analysis capabilities with a remotely accessible, web-based management console, all of which reside on a single blade that is installed into Cisco Catalyst 6500 E-Series switches.
NAM-3 includes an embedded, intuitive web-based graphical user interface (GUI) with prepackaged reports, workflows, and contextual navigation to expedite problem resolution and optimization decisions. It also includes a Performance Database that preserves historical data, allowing you to understand what happened in the past when an event that affected network performance occurred. See the Cisco Prime™ Network Analysis Module Software 5 Datasheet for additional information.
Q. What are the key features and benefits of NAM-3?
A. The key features and benefits of NAM-3 are provided in Table 1.
Table 1. Key Features and Benefits of the Cisco Catalyst 6500 Series NAM-3
15+ Gbps traffic monitoring performance
NAM-3 is designed to monitor and troubleshoot high-performance 10 Gigabit Ethernet networks.
Deployed in the Cisco Catalyst 6500 Series Switch, the Cisco NAM-3 takes advantages of backplane integration. It provides greater investment protection, lower total cost of ownership, and a reduced footprint that saves premium rack space. Backplane integration allows collection of packets right from the source, helping to ensure high reliability and precision analytics.
Application performance intelligence
Characterize the end-user experience for TCP-based applications and isolate application response time problems to the network, server, or the application, minimizing any triage process.
IEEE1588 hardware time-stamping
Packet capture from the backplane combined with a precise hardware time stamp results in accurate performance measurements with metrics such as application response time and jitter. The IEEE 1588 hardware time stamps also facilitate accurate packet capture analysis and are specifically useful when merging captures from multiple NAM-3s for investigating complex application performance issues.
Comprehensive voice quality monitoring and real-time troubleshooting
Gather real-time reports on Mean Opinion Score (MOS) and other key performance indicators (KPIs) such as jitter and packet loss to understand and improve how the end user experiences the delivery of voice services. MOS is computed based on ITU-T Recommendations G.107, offering accurate characterization of voice quality. Combine monitoring with real-time troubleshooting using prepackaged dashboards to improve the end-user service levels.
WAN-optimized networks visibility
Obtain end-to-end proof points demonstrating how Cisco Wide Area Application Services (WAAS) has improved application delivery (for example, decreased application transaction times, improved WAN bandwidth utilization). Accelerate the return on investment (ROI) for your assets by assessing the best site and application candidates for optimization as part of the phased rollout plan.
Detailed traffic analytics
View short- and long-term performance data on hosts, conversations, and applications that use critical network resources.
Look back to the past with the embedded Performance Database to understand what happened when an event that affects network performance occurred to accelerate root-cause analysis and prevent any reoccurrence. Use historical analysis for advancing optimization and capacity decisions.
Deep, insightful packet captures
Solve complex performance issues with trigger-based captures, filters, decodes, and Packet Capture Error Scan features. Packet captures can be triggered based on performance thresholds allowing you to focus on specific performance issues. Utilize external storage (mini-SAS or 10 Gigabit Ethernet) to store longer packet captures for offline analysis.
Advanced hardware and software filters
Reduce the time to get to the critical data to accelerate troubleshooting and analysis of network traffic behavior.
Monitor Virtual Switching System (VSS) deployments
Monitor both virtual switches in VSS environments, reducing management overhead while improving operational efficiency.
Cisco Nexus® 1000V deployment visibility
Simplify the operational management of Cisco Nexus 1000V switch environments by gaining visibility into the virtual machine (VM) network including interactions across virtual machines and virtual interfaces. Monitor the VMs uninterrupted by vMotion operations.
View network and application performance by logical groups or sites that you can create to mirror your network topology. For example, you can create sites by geographic locations, departments, or even managed customer networks. The feature facilitates tracking site-specific service-level objectives, resolving performance issues, or enforcing optimization policies.
Cisco Performance Agent Reporting
Extend performance visibility across Cisco Borderless Networks utilizing the Cisco Performance Agent (PA) deployed at the remote sites. PA is a licensed feature of Cisco IOS Software introduced with version 15.1(4)M and is supported on ISR G2, 880, and 890 platforms.
Pre- and post-deployment metrics
Glean valuable before and after traffic analytics to help plan for and verify changes in network resources, such as introducing new applications, establishing quality of service (QoS) policies, consolidating servers, and deploying voice over IP (VoIP).
Ease NAM configuration and export of computed NAM data using standards-based APIs (XML/REST for configuration, NetFlow Version 9 for data export).
Anytime, anywhere access
Access the web interface from any desktop, eliminating the need to send personnel to remote sites or haul large amounts of data over WAN links to the central site.
Q. What are the business benefits of deploying Cisco NAM?
A. Table 2 provides an overview of the business benefits that Cisco NAM offers.
Table 2. Business Benefits of Deploying Cisco NAM
Improve operational efficiency with faster problem resolution and greater productivity
• Rapid problem isolation with prepackaged reports, visual correlation, contextual navigation, and one-click packet captures
• Combined packet and flow analysis reduces time to noteworthy and actionable information to expedite troubleshooting
• Remote management eliminates the need to travel to remote sites
Enhance service levels with consistent application performance visibility across the network
• Accurate characterization of performance with advanced analytics for voice and TCP applications
• Consistent application recognition using new application classification architecture
• Improved end-user experience with effective use of control and optimization techniques such as QoS and Cisco WAAS
• Preemption of performance issues with threshold-based proactive alerts reduces downtime and failures
Reduce total cost of ownership
• Integrated with Cisco platforms, NAM delivers reduced network footprint, lower operational cost, and simplified manageability
• NAM form factors offer cost-effective options and deployment flexibility to address location-specific network instrumentation needs
• Open standards-based API preserves investment in existing management assets
Q. What is the Cisco Prime Network Analysis Module Software?
A. Cisco Prime Network Analysis Module Software includes an intuitive, web-based GUI with prepackaged reports, workflows, and contextual navigation to expedite problem resolution and optimization decisions. It provides quick access to the configuration menus and interactive reports on the performance of voice, video, and TCP-based traffic. In addition, the software hosts an embedded web server that facilitates (enable is more accurate but you leave it) remote access from anywhere so that network performance can be viewed, managed, and improved at any time, eliminating the need to travel to remote sites or haul large amounts of data over WAN links to a central site.
Q. Where is the Cisco NAM deployed in the network?
A. The Cisco NAM is deployed in the Cisco Catalyst 6500 Series at LAN aggregation points (for example, in the core or distribution layer) for monitoring and quick troubleshooting; at service points (for example, in data centers, server farms, or Cisco Unified Communications Manager clusters) where performance is critical; and at critical access points. Also, the NAM can be deployed in Catalyst 6500 Series Switches connected to WAN routers. When deployed at remote sites, the Cisco NAM uniquely allows users to perform remote troubleshooting and traffic analysis using the embedded web-based GUI without having to send personnel or to haul large amounts of data to the central site. When deployed in data center server access, the Cisco NAM can also be used for monitoring traffic in the virtual machine network, extending the visibility into the virtual infrastructure with Cisco Nexus 1000V switch deployments.
Q. How does the Cisco Catalyst 6500 Series NAM-3 work?
A. NAM-3 collects packets or flows (NetFlow Data Export [NDE]) sent to it from a switch or router. The NAM parses the packets, gathers relevant data, and stores processed information in the Performance Database. This database provides valuable traffic information on voice, video, and data traffic, VLANs, Differentiated Services (DiffServ) configurations, hosts, conversation pairs, application usage, and application response times. This information is presented in the NAM's GUI in easy-to-read interactive reports.
The packets that NAM-3 collects are defined by the user's selecting one or more data sources. Data sources, which are features of the switch, router, or WAAS device, are described in Table 3. NAM-3 has independent backplane interfaces to collect Switched Port Analyzer (SPAN)/VLAN access control list (VACL) traffic and NDE/WAAS/Encapsulated Remote SPAN (ERSPAN).
Table 3. Cisco Catalyst 6500 Series NAM Traffic Sources
SPAN, Remote SPAN (RSPAN), and ERSPAN
Using the SPAN, RSPAN, and ERSPAN capabilities of Cisco Catalyst 6500 E-Series Switches, traffic from ports, VLANs, and EtherChannel links can be mirrored to the NAM. The NAM collects statistics on all layers of network traffic spanned to it. RSPAN allows traffic to be collected from other RSPAN-enabled devices in the same VLAN Trunk Protocol (VTP) domain. ERSPAN allows traffic to be sent to the NAM using generic routing encapsulation (GRE) tunnels from a Layer 3 network.
The NAM uses VACLs to capture or "filter" selected VLANs and WAN traffic (on Cisco IOS® Software devices only) to the NAM ports. Additional filtering rules can also be applied to target specific data flows. The NAM must be specified as the capture destination for VACL entries when configuring the local supervisor.
NetFlow Data Export records offer an aggregate view of the network traffic. When enabled on the switch, the NetFlow data source becomes available on the Cisco NAM without the need to create any SPAN sessions. In addition, the NAM can receive NDE from remote devices for analysis.
The NAM uses the built-in instrumentation on WAAS to gather information about the optimized and pass-through traffic to provide end-to-end application performance visibility in a Cisco WAAS environment. The information allows NAM to measure application response time, transaction time, bandwidth usage, and LAN/WAN data throughput to accurately quantify the impact of Cisco WAAS optimizations.
Q. How does the Cisco NAM gain visibility into traffic from other switches/routers?
A. The LAN or WAN traffic from other devices can be directed to the NAM for analysis using RSPAN, ERSPAN, or NetFlow Data Export.
Q. How does the Cisco NAM gain visibility into WAN traffic?
A. The NAM gains visibility into WAN traffic using VACL capture for WAN interfaces and NDE. VACL-based captures can be used (in supervisors running Cisco IOS Software in native mode) to monitor traffic from WAN interfaces. NDE from local and remote devices can be used to monitor WAN interfaces and provide application-level visibility into WAN segments.
Q. What is VACL capture and how does the Cisco NAM use it?
A. VACL capture is a data source that uses SPAN and fulfills similar functions. VACLs can be used to capture or "filter" selected VLANs and WAN traffic (with Cisco IOS Software). In Cisco IOS Software 12.2(18)SXF or later, VACLs can also be applied to WAN interfaces.
Q. How does the Cisco NAM with Software 5 use NetFlow?
A. The Cisco NAM supports monitoring of both packet- and NetFlow-based traffic sources using independent backplane interfaces. These two data sources complement each other to provide a powerful and comprehensive monitoring solution. NetFlow can be used to gain an extensive view of the traffic to analyze who is using your network, what applications they're using, and how much bandwidth is being consumed. For deeper analysis, it can be combined with packet data using traffic sources such as SPAN, VACL, ERSPAN, or RSPAN. NetFlow can also be used to obtain visibility into traffic where SPAN is not available (for example, WAN interfaces, remote router interfaces, and so on).
NetFlow can be enabled on interfaces of local or remote devices and sent to the NAM for analysis. As a consumer, the NAM can receive NetFlow packets on its management port from devices such as Cisco routers and switches. Those records are stored in its performance database as if that traffic had appeared on one of the NAM data ports. The NAM understands NetFlow versions 1, 5, 6, 7, 8, and 9. Incoming NetFlow data is parsed by the NAM, stored in its internal database, and presented in the GUI in the same way as traffic from other data sources.
Some network devices have more than one "engine" that is capable of independently exporting NetFlow. Depending upon features of the device, flows can be exported from multiple flow caches in the hardware and software. For example, supervisor and line cards may be able to export flows independently from their local caches. By default, Cisco Prime NAM 5.0 will automatically create independent data sources for each engine exporting NetFlow records to NAM.
Q. Can the Cisco NAM collect NetFlow from remote WAN routers?
A. Yes. The Cisco NAM can collect and analyze NDE from remote devices including WAN routers. This feature is helpful in analyzing traffic on a WAN router connected to the Catalyst 6500 Series Switch or from remote WAN routers where ample bandwidth is available to send NDE.
Q. Does the Cisco NAM require a separate NetFlow data collector for monitoring?
A. No. The NAM collects and consumes NetFlow data for performance monitoring purposes.
Q. What versions of NetFlow does the Cisco Catalyst 6500 Series NAM-3 support?
A. NAM-3 supports versions 1, 5, 6, 7, 8, and 9.
Q. What version of Cisco IOS Software is required to support the Cisco Catalyst 6500 Series NAM-3?
A. NAM-3 requires Cisco IOS Software Release 12.2(33)SXJ1 (minimum) for Cisco Catalyst 6500 Series Supervisor Engine 720 and Cisco IOS Software Release 15.0(1)SY1 (minimum) for Cisco Catalyst 6500 Series Supervisor Engine 2T. Please refer to the Cisco Prime NAM Release Notes for additional information on required system software.
Q. What Catalyst 6500 supervisors does the Cisco Catalyst 6500 Series NAM-3 support?
A. NAM-3 is supported with Cisco Catalyst 6500 Series Supervisor Engine 2T (Part Numbers: VS-S2T-10G, VS-S2T-10G-XL) and Supervisor Engine 720 (Part Numbers: WS-SUP720-3B, WS-SUP720-3BXL, VS-S720-10G-3C, VS-S720-10G-3CXL).
Q. What was the first Cisco Prime Network Analysis Module Software release that supported the NAM-3 (WS-SVC-NAM-3-K9)?
A. NAM-3 was first supported in Cisco Prime NAM 5.0(1T).
Q. How is the Cisco NAM secured?
A. The Cisco NAM can be secured with up to 256-bit encryption. The NAM also supports role-based user authorization and authentication locally or using TACACS+.
Q. Can NAM-3 be deployed in fabric-enabled Cisco Catalyst 6500 Switches without affecting switch performance?
A. Yes. NAM-3 supports full fabric (crossbar) connectivity and can be deployed in a fabric-enabled chassis with no impact on switching performance.
Q. Can multiple Cisco NAMs be installed in a Cisco Catalyst 6500 E-Series chassis?
A. Yes. Multiple Cisco NAMs can be installed in a single chassis.
Q. Can the Cisco NAM be installed in a Cisco Catalyst 6500 E-Series chassis with other services modules (for example, the Firewall Services Module [FWSM])?
A. Yes. The Cisco NAM can be installed with other services modules.
Q. Are there any ports or network interfaces on the Cisco NAM?
A. Yes, there is a 10 Gigabit Ethernet SFP+ external interface that can be used for external storage. There is also a mini-SAS port to connect to external SAS arrays. There are two 1 Gigabit Ethernet ports, one for management and the other for IEEE 1588 sync.
Q. Can multiple VLANs be spanned to NAM-3?
A. Yes. The NAM is fully compatible with the Switch Monitoring (SMON) MIB and supports the monitoring of multiple VLANs.
Q. Does NAM-3 support supervisor failover?
Q. If a switch chassis is upgraded, must a new Cisco NAM be purchased?
A. No. The Cisco NAM is fully functional in any of the modular Cisco Catalyst 6500 E chassis.
Q. Does the NAM support Virtual Switch System on the Catalyst 6500?
A. Yes, NAM-3 supports VSS.
Q. Are there specific capabilities that NAM provides in a VSS environment that are distinct from the capabilities provided in a non-VSS environment?
A. Yes, there are three key differentiators:
• Monitoring port statistics on both switches using one NAM. The NAM can provide mini-Remote Monitoring (RMON) statistics on both switches and identifies these statistics by chassis, slot, and port. In this way, a complete view of Layer 2 traffic utilization can be obtained to assist in quickly identifying potential bottlenecks.
• Using SPAN on one NAM to obtain visibility into traffic on both virtual switches. Typically, RSPAN or NetFlow would be used to obtain visibility into an adjacent switch.
• Monitoring the health of both switches using a single NAM.
Q. What device does the Cisco Catalyst 6500 Series NAM-3 monitor in the virtualized data center?
A. The Cisco Catalyst 6500 NAM-3 can extend its visibility into the Cisco Nexus 1000V switch in deployment scenarios where the Cisco Catalyst 6500 is an end-of-row (EoR) access switching platform in the virtualized data center. The Cisco Nexus 1000V switch is a software switch on a server that delivers Cisco Virtual Network Link (VN-Link) services to VMs hosted on the server. This distributed switch has two major components: the Virtual Ethernet Module (VEM) and the Virtual Supervisor Module (VSM), which manages the VEMs. The Cisco Nexus 1000V can be configured to direct NetFlow Data Export from virtual or physical interfaces on the Nexus VEM to the Cisco Catalyst 6500 NAM. Also, ERSPAN can be configured to allow the Cisco Catalyst 6500 NAM to remotely monitor the traffic in the VM network.
Q. What NAM data sources can be used to monitor traffic in the Cisco Nexus 1000V switch environment?
A. As previewed in the answer above, the Cisco Catalyst 6500 Series NAM-3 can monitor the Cisco Nexus 1000V using ERSPAN and NetFlow data sources (for more information about these NAM data sources, please refer to Table 3 of this Q&A). ERSPAN can be configured on the Cisco Nexus 1000V to allow the Cisco NAM to obtain visibility into specific ports or VLANs. The data made available by ERSPAN permits the NAM to provide core traffic usage metrics (on applications, hosts, and conversations), response time analytics, and QoS and VLAN monitoring statistics. NetFlow Data Export can be configured on select virtual and physical interfaces of the Cisco Nexus 1000V. The data made available by NetFlow permits the NAM to provide core traffic analytics and QoS monitoring statistics.
Q. Where should I deploy the Cisco Catalyst 6500 Series NAM-3 to obtain visibility into the virtualized data center?
A. The NAM-3 is ideally deployed in an EoR Catalyst 6500 switch. Using the ERSPAN data source from the Cisco Nexus 1000V, headers of designated traffic flows (by port or VLAN) are encapsulated in a GRE tunnel and forwarded to the Cisco NAM for analysis.
Q. When would I purchase a Cisco Catalyst 6500 Series NAM-3 versus a Cisco Nexus 1000V NAM virtual service blade (VSB)?
A. The NAM-3 is a hardware module integrated in the Cisco Catalyst 6500 that provides visibility into both physical and virtual networks. It comes with a feature set and level of performance commensurate with providing high-performance monitoring and troubleshooting in the campus or data center. The Cisco Nexus 1000V NAM VSB is a software module integrated in the Cisco Nexus 1010 Virtual Service Appliance. The Cisco Nexus 1000V NAM VSB comes with a feature set and level of performance that is specifically targeted for monitoring and troubleshooting the Cisco Nexus 1000V environment. The Cisco NAM VSB is a perfect fit for customers who are deploying the Cisco Nexus 1010, offering both ease of deployment and investment value. Customers who have Cisco Catalyst 6500s, who may want to monitor more than the Cisco Nexus 1000V environment, who require higher overall performance, or who perform extensive captures and decodes will want to consider the Cisco Catalyst 6500 Series NAM-3. Additionally, the NAM-3 should be considered if a Cisco Catalyst 6500 is deployed in the data center access layer in VSS mode for high availability considerations. In this deployment scenario the Cisco Catalyst 6500 Series NAM can monitor switch ports and associated application traffic on both the Cisco Catalyst 6500 and on the Cisco Nexus 1000V.
Q. What is the latest software version for Cisco Catalyst 6500 Series NAM-3?
A. The latest version of software for the Cisco Catalyst 6500 Series NAM-3 is Cisco Prime NAM 5.1(2). For any questions related to the latest software release, please refer to the Cisco Prime NAM Software Q&A.
Q. What are the software features and functionality of Cisco Prime NAM for ISR G2 SRE?
Q. What are the part numbers for the Cisco Catalyst 6500 Series NAM-3?
A. Table 4 lists the part numbers for the NAMs.
Table 4. Cisco Catalyst 6500 Series NAM-3 Part Numbers
Cisco Catalyst 6500 Series Network Analysis Module (NAM-3) (Spare)
Cisco Prime NAM Software 5.1(2)
Q. How can the Cisco Prime NAM Software be obtained?
A. The Cisco Prime NAM Software can be obtained in one of two ways. To obtain the latest Cisco Prime NAM Software with your new hardware order, order SC-SVC-NAM3-5.1-K9 when ordering the NAM hardware. The software will then be delivered preloaded on the hardware.
Q. Must Cisco Prime NAM Software be downloaded from the Cisco.com Software Center when first deploying a Cisco Catalyst 6500 Series NAM?
A. No. Cisco NAM-3 comes with the latest Cisco Prime NAM software release. There is no need to download the software when first deploying the Cisco Catalyst 6500 Series NAM-3.
Q. How do I obtain access to a new Cisco Prime NAM Software release?
A. Customers who have purchased SMARTnet® for their NAM-3 are entitled to download new software releases from the Cisco.com Software Center.
Q. What is required to deploy NAM-3?
A. The following are required to deploy NAM-3:
• Cisco Catalyst 6500 E-Series running Cisco IOS Software Release 12.2(33)SXJ1 (minimum) with Supervisor Engine 720 and Cisco IOS Software Release 15.0(1)SY1 (minimum) with Supervisor Engine 2T.