Cisco Nexus Dashboard Insights Explore, Release 6.4.1 - For Cisco NDFC or Standalone NX-OS

Tech Article

Expand all sections

New and Changed Information
Explore
Copyright

Last updated: April 7, 2024

Is this helpful? Feedback

First Published: 2024-03-07

Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883

New and Changed Information

The following table provides an overview of the significant changes up to the current release. The table does not provide an exhaustive list of all changes or of the new features up to this release.

Table 1. New Features and Changed Behavior in the Cisco Nexus Dashboard Insights
Feature	Description	Release	Where Documented
No updates	There were no major changes from the previous release.	6.4.1

This document is available from your Nexus Dashboard Insights GUI as well as online at www.cisco.com. For the latest version of this document, visit Cisco Nexus Dashboard Insights Documentation.

Explore

About Explore

Explore feature analyzes a configuration snapshot from Cisco NX-OS to enable data center operators and architects to:

Explore the NX-OS networking assets
Verify connectivity and segmentation between network assets

It allows network operators to discover assets and their object associations in an easy-to-consume natural language query format. Operators can quickly get visibility into their infrastructure and connectivity or segmentation between assets.

Explore also allows you to select Connectivity or Flow (Beta) on any selected site on a timeline which could be a snapshot of the mode, Latest, Last, Date range, or Time Window.

Flow (Beta) allows you to view the flow path summary between two IP addresses and aggregated flow records.

Explore allows operators to easily discover associations between traditional networking constructs such as VRFs, endpoints, and VLANs with Cisco NX-OS.

The Explore feature is based on a natural language query interface. The types of queries supported by the feature include:

Currently, to explore NX-OS networking assets that are available through a NDFC site, the What Query is supported. The Can Query and the How Query are not supported.

Simple word search - You type plain text in the search bar for which the results are provided.
What Query: Answers how the different networking entities are related to each other.

Examples for NX-OS managed by NDFC:
- What VLANs are associated with VRF: secure
- What EPs are associated with INF: eth1/3 | leaf-1 or VRF: vrf_1 | leaf-1
- What VLANs are associated with EP:100.x.x.x | vrf_secure

You can also click What Can I ask you? to view the entire list of the pre defined queries. When you click any one of the queries and click Enter, it displays the corresponding details page for that search.

View Interfaces Query - You start a query with View Interfaces. This displays a list of pre-defined queries that can be called and searched.

The View Interfaces Query is available only for Interfaces.

What Can I Ask You?

Click What can I ask you? , to display where all possible explore queries are listed. Use this page to determine the list of queries you can explore. Click Get Started button to go back to the explore page.

Ask for Associations - An example of such a query would be Can X talk to Y.

Use Cases

Design verification: Ad-hoc query model enables operators to quickly understand and reason about their infrastructure. The natural language query model returns search results and associations in an easy to understand tabular format. In a single concise view, operators are able to answer design verification questions or discover deviations from organizational best practices.
Lightweight book-keeping: Administration and maintenance teams can provide on demand visibility into the current state of their policy and networking infrastructure allowing inventory, book-keeping, and asset tracking procedures to be lightweight.

Guidelines and Limitations

You can explore for endpoints using the MAC or IP addresses as well.
If your searched query falls into a broad category, Explore will show a list of all the items matching that criteria.
Explore treats input as prefix.
Explore is case sensitive.
In Explore, four active snapshots to explore across all Sites is supported. The snapshots can be used for exploration by either the same user or by multiple users. To explore additional snapshots, you must offload an existing snapshot before exploring. In the Offload Snapshot From Explore page you can select the snapshots to offload. This dialog box displays automatically when you load 4 snapshots in memory.
The Explore feature is supported only for IPv4 prefixes.
All queries created using the Explore feature are unidirectional.
In Explorer, if the analysis fails, the error message Analysis has failed is displayed. Download the tech support logs for Explore and contact Cisco TAC to resolve the issue.
1. In Cisco Nexus Dashboard, choose Operations > Tech Support and choose Actions > Collect Tech Support > and choose the appropriate service for Cisco Nexus Dashboard Insights to download the tech support logs.
2. Navigate to /data/services/app_logs/cisco-nir-logger/nae/nae/explorerService/ directory to locate the logs for the Explore feature. If there are multiple Explore instances running, the logs for each instance is located in a separate directory.

nae-policyexplorer-0/explorer.log
nae-policyexplorer-1/explorer.lo
nae-policyexplorer-2/explorer.log
nae-policyexplorer-3/explorer.log

For NX-OS fabric, the Explore feature provides a switch-wide view of VRFs, VLANs, interfaces, endpoints and leaf switch resources in the fabric. It also provides Layer 2 VNI and Layer 3 VNI as resources.
Resource aggregation is supported for VLAN and VRF resources. With resource aggregation, resources like VRF and VLAN are discovered for the entire fabric and all the leaf switches are aggregated by these resources. If you query What VLANs are associated with any? in the Query Results area, you will see a list of all the VLANs available across the fabric. EP and LEAF counts will be aggregated by VLAN and you can find all the EPs and LEAFs associated to a single VLAN by clicking the aggregated resource counts.

Additionally, as the VLAN and VRF queries are fabric wide, if you want to explore resources for a VLAN on a specific leaf switch, you must use the AND operator in your query. For example, What EPs are associated with VRF:vrf-vrf_51020 and LEAF:CANDID-SYS-S1-L1.

A networking asset, such as interfaces on a leaf switch, must be associated with an endpoint in the leaf switch for you to be able to explore it in Explore.
When a VRF is not operational, Explore discovers the endpoints as a Layer 2 endpoint.
Endpoints are discovered as Layer 3 or Layer 2 endpoints. All endpoints present in a VLAN are discovered, and other endpoints are ignored.
In Explore if you do not see endpoints or other network assets, look for system anomalies in the associated snapshot. Verify that the collection has succeeded in all the leaf switches. If the collection failed, it may result in endpoints not being discovered.
For NX-OS with NDFC site, only IPv4 endpoints support in Explore is available. IPv6 endpoints support in Explore is currently not available.
Explore has the following scale limits:
- On virtual Nexus Dashboard we support snapshots with 100,000 logical rules and 350,000 (Vertices + Edges).
- On physical Nexus Dashboard we support snapshots with 300,000 logical rules and 1000,000 (Vertices + Edges).
The Explore feature for NDFC based fabric must have endpoints available in VNI or VRF for certain WHAT queries to work, since the Explore feature is based on the endpoints learnt on VNI and/or VRF. If the endpoints is not available, the What query for VRF or L3 VNI will not display accurate results.

Creating a 'What' Query

This query helps answer the question, "What entities are associated with each other?"

In the Navigation, click Explore.
In the Timeline select a snapshot for analysis. When you select a snapshot, the data to explore is loaded on demand.
Generate a model and when there is enough data, you will be able to type in a query in the input field.
In the query selector field, enter a What query. The query must include two groups of one or more entities available in the Search bar. See Supported Queries. By default, What endpoints are associated with the Any query view.

RESULTS

The Query results are displayed on the page and you can drill further to see the associated entities. You can add to the source and destination list. For example, Can source talk to destination?

In the What entities can talk? area, the radial is displayed with View Controls for additional filtering. Click inside the radial to get more information as required. Click an entity in the Query Results table to view details. Click a number in the results table to view details about the entity in the NX-OS networking assets.

Supported Queries

The following table lists the queries supported by the Explore feature for NX-OS managed by NDFC.

Supported What Queries

Table 2. Supported What Queries
Query	Entity	Operator	Entity
What EPs are associated with	? Any EP INF LEAF VLAN VRF L2VNI L3VNI	And Or	Any EP INF LEAF VLAN VRF L2VNI L3VNI
What INFs are associated with	? Any EP INF LEAF VLAN VRF L2VNI L3VNI	And Or	Any EP INF LEAF VLAN VRF L2VNI L3VNI
What LEAFs are associated with	? Any EP INF LEAF VLAN VRF L2VNI L3VNI	And Or	Any EP INF LEAF VLAN VRF L2VNI L3VNI
What VLANs are associated with	? Any EP INF LEAF VLAN VRF L2VNI L3VNI	And Or	Any EP INF LEAF VLAN VRF L2VNI L3VNI
What VRFs are associated with	? Any EP INF LEAF VLAN VRF L2VNI L3VNI	And Or	Any EP INF LEAF VLAN VRF L2VNI L3VNI
What L2VNIs are associated with	? Any EP INF LEAF VLAN VRF L2VNI L3VNI	And Or	Any EP INF LEAF VLAN VRF L2VNI L3VNI
What L3VNIs are associated with	? Any EP INF LEAF VLAN VRF L2VNI L3VNI	And Or	Any EP INF LEAF VLAN VRF L2VNI L3VNI

Copyright

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Need help?

Open a Support Case
(Requires a Cisco Service Contract)