Cisco Nexus Data Broker Release Notes, Release 3.10
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- US/Canada 800-553-2447
- Worldwide Support Phone Numbers
- All Tools
Feedback
Feedback
◦
Introduction
Visibility into application traffic is important for infrastructure operations to maintain security and compliance, and to perform resource planning and troubleshooting. With the technological advances and growth in cloud-based applications, it has become imperative to gain increased visibility into the network traffic. Traditional approaches to gain visibility into network traffic are expensive and rigid, making it difficult for managers of large-scale deployments.
Cisco Nexus Data Broker (NDB) with Cisco Nexus Switches provides a software-defined, programmable solution to aggregate copies of network traffic using SPAN or network taps for monitoring and visibility. As opposed to traditional network taps and monitoring solutions, this packet-brokering approach offers a simple, scalable and cost-effective solution well-suited for customers who need to monitor higher-volume and business-critical traffic for efficient use of security, compliance, and application performance monitoring tools.
Cisco NDB also provides a software-defined, programmable solution to perform inline inspection of the network traffic for monitoring and visibility purpose. Inline traffic inspection is performed on specific traffic by redirecting it through multiple security tools before it enters or exits a network.
Note: The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.
| Date |
Description |
| July 18, 2022 |
Updated the Interoperability Table to indicate support for NX-OS release, 9.3(9). |
| December 10, 2021 |
Updated the Interoperability Table to indicate NX-OS Release 10.1(2) is not supported on 93180LC-EX. |
| October 20, 2021 |
Added CSCvz99026 to the list of Open Caveats. |
| September 20, 2021 |
Updated the Interoperability Matrix table; indicated support for NX-OS Release 10.1(2). |
| September 7, 2021 |
Added CSCvz21072 to the list of Known Issues. |
| May 17, 2021 |
Updated Guidelines and Limitations section, indicating support only for Oracle Java. |
| May 14, 2021 |
Added CSCvy16218 to the list of Known Issues. |
| April 8, 2021 |
Added CSCvx79293 to the list of Known Issues. |
| April 1, 2021 |
Added CSCvx11654 to the list of Open Issues. |
| March 8, 2021 |
Added CSCvx45678, CSCvx32214, CSCvx23944 to the list of Known Issues. |
| January 20, 2021 |
Added CSCvx05890 to the list of Open Issues. |
| January 8, 2021 |
Release 3.10 became available. |
A completely new GUI has been introduced in the Cisco Nexus Data Broker, Release 3.10. The GUI offers easy navigation and a better user experience.
The salient features of the Cisco NDB GUI, Release 3.10 are:
| Feature |
Description |
||
| Dashboard |
The Dashboard tab provides information about the health and performance of the Cisco Nexus Data Broker. It includes the top connections, input ports, monitoring tools, filters and devices (based on TCAM utilization). |
||
| System Information |
The System Information tab displays information about the NDB controller and the NDB controller host. |
||
| Audit Log |
The Audit Log tab displays a record of actions performed by a user on the NDB controller. |
||
| Flow Management |
The Flow Management tab enables you to view inconsistent connections and device flows and manage the inconsistent flows. You can view and download the details, which can be used for debugging. |
||
| Consolidated Input Ports |
The Input Ports tab displays details of all the inputs ports of the devices of the NDB controller. |
||
| Monitor Sessions |
The Sessions tab displays the sessions created for a remote monitoring tool with the connected inputs ports and local monitoring tools with packet truncation ports. |
||
| Port Instances for Devices |
The Devices tab (detailed view) displays slot and instance details. |
||
| Reconnect Device |
The Reconnect Devices action re-establishes a failed connection between a device and NDB controller. |
||
| On-demand trigger for attaching Global ACLs |
The Trigger Global ACLs action identifies the non-configured interfaces of a device and attaches global ACLs to all these interfaces. |
||
| Support for Quick Create |
The Create button in the header provides quick navigation to often-used configuration and administration procedures. |
||
| Improved Northbound APIs |
The System Tools > Northbound API in the header provides you a better segregation of the NDB REST APIs. |
||
| About Nexus Data Broker |
The System Tools > About Nexus Data Broker in the header displays details of the current NDB version. |
||
| Online Help |
The Help button in the header displays online help content |
||
|
XNC renamed to NDB |
Installation folder name has been changed from xnc to ndb. When you extract the installer.zip folder for installing the NDB controller, the NDB software is installed in a folder named ndb. |
|
Issues
Cisco Bug Search Help Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.Use the Bug Search Tool to search for a specific bug or to search for all bugs in a release.
This section includes the following topics:
● Open Issues (NDB)
● Resolved Issues (NDB)
● Known Issues (NX-OS)
Open Issues (NDB)
| Bug ID |
Description |
| “Could not commit transaction” exception thrown at NDB. |
|
| Port Channel Configuration is not getting exported. |
|
| Port-channel operations on ISL links results in failure of Link discovery. |
|
| Auto-priority connection with intersecting port range filters not working. |
|
| A NDB shouldn't use "session manager" way for MPLS ACLs configuration. |
|
| Port-channel is not getting recreated and reconfigured port hit upgrade. |
|
| Direction change should be supported while editing span session. |
|
| NDB Server backup entries are not shown in the UI after the upgrade. |
|
| Port configs cannot be removed when device is added with Hostname. |
|
| ISL Port-channels are attached with Global deny ACLs after sequence of upgrade to 3.10.0. |
|
| Not able to install connection with filter having IPv6/IPV4+VLAN in 10.1(2) NXOS. |
Resolved Issues (NDB)
Click the bug ID to access the Bug Search tool and see additional information about the bug.
| Bug ID |
Description |
| N9K-C93180YC-FX can't connect to NDB after upgrade to 3.9.0. |
|
| Upgrade is not happening on doing any operations on second session. |
|
| Search by Description field in NDB Connections tab is not working. |
|
| Process Thread-15 takes 97% of CPU in NDB 3.9.0. |
|
| NDB - Filters page load time enhancement for high number of configured filters. |
|
| Filter page not loading, connection edit is slow with UDP 2048-65535 as SPORT and DPORT create. |
Known Issues (NX-OS)
| Bug ID |
Description |
| NDB Limitation: Can't match MAC address in IP packet, it will hit deny any any in IP ACLs. |
|
| Need Error handling for feature SFLOW with ERSPAN destination since they are mutually exclusive. |
|
| Can't match MAC address in IP packet, it will hit deny any any in IP ACLs. |
|
| MPLS tapagg should allow deny ACE without redirection option. |
|
| Connections are not matched with the VLAN ID of source ports on ISL links with an IPv6 filter. |
|
| Not able to use ipv6 + vlan on the ISL link. |
|
| IP ACL with UDF match removes internal VLAN tag in Cisco NX-OS Release 9.3(2). - Fixed in 9.3(3). |
|
| Re-direct STP, CDP packets similar to LLDP port for Openflow. |
|
| Not able to convert Layer 2 ports to layer 3 in 9.3(3). |
|
| ACL with HTTP tcp-option-length redirect statement are not matching traffic correctly in 9.3(3). |
|
| ERSPAN Dest doesn't work when L2 port with mode tap-aggregation is converted to L3 port in 9.3(3). |
|
| Duplicate sequence number error in NXOS 9.3(6). |
|
| Dot1q-tunnel(QinQ) is not programmed correctly for port-channel members in NXOS 9.3(5). |
|
| After device reload guestshell activation fails due to low memory on devices for NXOS 9.3(5) version. |
|
| Not seeing timestamptag on interface after configuring the cmds on C9504 platform in nxos 9.3.7. |
|
| Username is shown as ‘guestshell’ irrespective of user executes the guestshell. |
|
| NDB throws NumberFormatException error with NX-OS 9.3(7a) devices. |
Compatibility Matrix
The following table lists the compatibility information for Cisco NDB, Release 3.10.
Deployment mode: Centralized
| Device |
Minimum Cisco NDB Version |
Supported Use Case |
| Cisco Nexus 3000 Series Switch Cisco Nexus 3100 Series Switch Cisco Nexus 3200 Series Switch Cisco Nexus 3164Q Series Switch |
Cisco NDB 3.0 or later |
Tap/SPAN aggregation |
| Cisco Nexus 31100 Series Switch |
Cisco NDB 3.7 or later |
Tap/SPAN aggregation |
| Cisco Nexus 9200 Series Switch |
Cisco NDB 3.1 or later |
Tap/SPAN aggregation |
| Cisco Nexus 9300 Series Switch |
Cisco NDB 3.0 or later |
Tap/SPAN aggregation |
| Cisco Nexus 9300-EX Series Switch |
Cisco NDB 3.1 or later |
Tap/SPAN aggregation |
| Cisco Nexus 9300-FX Series Switch |
Cisco NDB 3.5 or later |
Tap/SPAN aggregation |
| Cisco Nexus 9300-FX2 Series Switch |
Cisco NDB 3.7 or later |
Tap/SPAN aggregation |
| Cisco Nexus 9300-GX Series Switch |
Cisco NDB 3.10 or later |
Tap/SPAN aggregation |
| Cisco Nexus 9332C Switch Cisco Nexus 9364C Switch |
Cisco NDB 3.8 or later |
Tap/SPAN aggregation |
| Cisco Nexus 9500 Series Switch Supported Modules: • N9K-X9464TX |
Cisco NDB 3.0 or later |
Tap/SPAN aggregation |
| Cisco Nexus 9500-EX Series Switch Supported Modules: • N9K-X97160YC-EX • N9K-X9732C-EX |
Cisco NDB 3.5 or later |
Tap/SPAN aggregation |
| Cisco Nexus 9500-FX Series Switch Supported Modules: • N9K-X9732C-FX |
Cisco NDB 3.5 or later |
Tap/SPAN aggregation |
Interoperability Matrix
The following table lists the hardware and software interoperability matrix for Cisco NDB, Release 3.10.
| Supported NX-OS Versions |
|
| Cisco Nexus 3000 Series Switch1 – 3048, 3064 |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9). |
| Cisco Nexus 3100 Series Switch1 – 3132C-Z, 3172, 3164, 3164Q |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8) , 9.3(9). |
| Cisco Nexus 3200 Series Switch1 – 3232 |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8) , 9.3(9). |
| Cisco Nexus 31100 Series Switch1 |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8) , 9.3(9). |
| Cisco Nexus 9200 Series Switch - C92304QC1, C92160YC Note: Cisco Nexus 9200 Series switches support only one switch deployment. |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5), 9.3(7), 9.3(7a), 9.3(8), 9.3(9), 10.1(2). |
| Cisco Nexus 9300 Series Switch - C93128TX1, C9396TX1 |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8) , 9.3(9),10.1(2). |
| Cisco Nexus 9300-EX Series Switch - C93180LC-EX1, C93180YC-EX, C93108TC-EX |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8) , 9.3(9), 10.1(2). |
| Cisco Nexus 9300-FX Series Switch - C93108TC-FX, C93180YC-FX |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) 9.3(7), 9.3(7a), 9.3(8) , 9.3(9), 10.1(2). |
| Cisco Nexus 9300-FX2 Series Switch - N9K-9336C-FX2, 93240YC-FX2, C93360YC-FX2 |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8) , 9.3(9), 10.1(2) |
| Cisco Nexus 9300-GX Series Switch - 93600CD-GX, 9364C-GX,9316D-GX |
9.3(5),9.3(7), 9.3(7a), 9.3(8) , 9.3(9), 10.1(2). |
| Cisco Nexus 9332C Switch |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8) , 9.3(9), 10.1(2). |
| Cisco Nexus 9364C Switch |
9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8) , 9.3(9), 10.1(2). |
| Cisco Nexus 9500 Series Switch Supported Modules: • N9K-X9464TX |
9.3(1), 9.3(2), 9.3(7), 9.3(7a), 9.3(8) , 9.3(9), 10.1(2). |
| Cisco Nexus 9500-EX Series Switch Supported Modules: • N9K-X97160YC-EX • N9K-X9732C-EX |
9.3(1), 9.3(2), 9.3(7), 9.3(7a), 9.3(8) , 9.3(9), 10.1(2). |
| Cisco Nexus 9500-FX Series Switch Supported Modules: • N9K-X9732C-FX |
9.3(1), 9.3(2), 9.3(7), 9.3(7a), 9.3(8) , 9.3(9),10.1(2). |
1- NX-OS Release 10.1(2) is not supported on these platforms.
Unsupported Features
Unsupported features for Cisco Nexus Data Broker, Release 3.10:
● Embedded mode (OVA) deployment in NX-OS version I(4) or lower is not supported.
● Communication between the NDB controller and devices using OpenFlow is not supported.
● Inline redirection of traffic is not supported.
Supported APIC Versions
The table displays the supported APIC versions.
| APIC Version |
Minimum Cisco NDB Version |
Supported Deployment Mode |
| 4.x |
Cisco NDB 3.7 or later |
Centralized only |
Verified Scalability Limits
The table displays the supported verified scalability limits.
| Description |
Small |
Medium |
Large |
| Number of switches used for TAP and SPAN aggegation |
25 |
50 |
75 |
Guidelines and Limitations
This section lists the guidelines and limitations for Cisco NDB:
● A Cisco NDB instance can support only the NX-API configuration mode.
● By default, NDB cluster URL is https://<NDB_IP>:8443
● Java is not included with the Release 3.10 NDB software. Ensure to have the required Java packages downloaded to the Linux machine (for Centralized deployment) or NDB switch (for Embedded deployment), before installing Release 3.10 NDB software.
Cisco NDB Release 3.10 supports Oracle Java only.
For more details, see Cisco Nexus Data Broker Deployment Guide.
● The switchport mode trunk and spanning-tree bpdufilter enable command should be enabled for all switch ports on all Cisco NDB managed switches.
● Cisco Nexus switches managed by Cisco NDB in NX-API mode must have LLDP feature enabled. Disabling LLDP may cause inconsistencies and require switch rediscovery for NX-API switches.
● For secured communication between Cisco NDB and switch through HTTPS, start Cisco NXB in TLS mode for the first time only. Subsequent Cisco NDB restarts does not require TLS mode.
For more details, see Cisco Nexus Data Broker Configuration Guide.
● The TLS KeyStore and TrustStore passwords are sent to the Cisco Nexus Data Broker so it can read the password-protected TLS KeyStore and TrustStore files only through HTTPS
./ndb config-keystore-passwords [--user {user} --password {password} --url {url} –verbose --prompt --keystore-password {key-store_password} --truststore-password {truststore_password}
● Cisco Nexus 92xx devices do not support QnQ; you cannot use this switch in a multi-switch environment.
● Dry Run feature is disabled by default. To enable this feature, see Cisco NDB Configuration Guide.
● Do not configure TACACS on the Cisco NDB switches. You can configure it only for authentication and authorization. It is not to be used for accounting.
Related Content
| Document |
Description |
| This document. |
|
| Provides information on how to configure Cisco Nexus Data Broker. |
|
| Provides information on how to deploy Cisco Nexus Data Broker. |
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, send your comments to ciscodcnapps-docfeedback@cisco.com. We appreciate your feedback.
Legal Information
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2021 Cisco Systems, Inc. All rights reserved.