Cisco Nexus Data Broker, Release 3.8, Release Notes
This document describes the features, caveats, and limitations for the Cisco Nexus Data Broker (NDB) software, Release 3.8.
Additional product documentation is listed in the “Related Documentation” section.
Table 1 shows the online change history for this document.
Table 1 Online History Change
Date |
Description |
August 12, 2019 |
Created the release notes for the NDB 3.8 release. |
September 19, 2019 |
Removed bug, CSCuy81389, from the list of Open Caveats. |
December 12, 2019 |
Updated the deployment mode for Cisco Nexus 9200 Series switches. |
January 11, 2020 |
Added CSCvs50998 to the list of known caveats. |
This document includes the following sections:
· Caveats
Visibility into application traffic is important for infrastructure operations to maintain security and compliance, and to perform resource planning and troubleshooting. With the technological advances and growth in cloud-based applications, it has become imperative to gain increased visibility into the network traffic. Traditional approaches to gain visibility into network traffic are expensive and rigid, making it difficult for managers of large-scale deployments.
Cisco Nexus Data Broker (NDB) with Cisco Nexus Switches provides a software-defined, programmable solution to aggregate copies of network traffic using SPAN or network taps for monitoring and visibility. As opposed to traditional network taps and monitoring solutions, this packet-brokering approach offers a simple, scalable and cost-effective solution well-suited for customers who need to monitor higher-volume and business-critical traffic for efficient use of security, compliance, and application performance monitoring tools.
Cisco NDB also provides a software-defined, programmable solution to perform inline inspection of the network traffic for monitoring and visibility purpose. Inline traffic inspection is performed on specific traffic by redirecting it through multiple security tools before it enters or exits a network.
This section lists the new and changed features in Cisco NDB 3.8 release:
§ Remote Source with ERSPAN Termination: Receive and terminate ERSPAN encapsulated traffic from a remote source (virtual TAP or ACI ERSPAN or any other ERSPAN source).
§ NDB as Netflow Generator: Generate Netflow records at line rate for NDB ingress traffic.
§ ACI/APIC Integration Enhancements: Multiple APICs (ACI fabrics), loose nodes support and ability to add AAEP members when creating SPAN Session.
§ MPLS Label Filters: Create filters based on the MPLS Labels.
§ Create Connection Page Improvement: Create or modify all the components required to create the connection from the Create Connection page.
§ Automation of Device Pre-requisites: Complete automation of device pre-requisites for onboarding into NDB.
§ Update Device Credentials in Bulk: Update device credentials (username and password) for multiple devices in NDB administration at a time by using device profiles.
§ RMA from NDB UI: Easily replace existing NDB switches with new switches from the NDB UI.
§ NDB Hitless Upgrade: Upgrade NDB controller software to newer versions without traffic impact (supported from NDB 3.6 onwards).
§ Port-channel support: Create, modify, or delete port-channels from NDB UI.
§ While in Use: Rename filters, connections, port groups while in use. Port VLAN can be changed while the port is in use by toggling OFF the connection.
§ Session Page Improvements: The Span session and its related connection status can be tracked. Span session can be saved and toggled.
§ Feature parity on Nexus 9500 Modular switches: Support for packet truncation, time stamping, and TTAG strip.
Feature Limitations
The following feature limitation apply for the Cisco Nexus Data Broker, Release 3.8:
§ NDB Openflow embedded is not supported on Cisco Nexus 3000/9000 series switches running 7.0(3)I6.1 and 7.0(3)I7.1 NXOS image.
§ Dry Run feature is disabled by default. To enable this feature, see Cisco NDB Configuration Guide.
§ Default deny ACL on all ports and Default ISL deny ACL on ISL ports is enabled by default for Cisco NDB Release 3.6 and later releases. To disable this feature, please refer the Cisco Nexus Data Broker Configuration Guide, Release 3.8 or Cisco Nexus Data Broker Deployment Guide, Release 3.8.
This section lists the usage guidelines and limitations for the Cisco Nexus Data Broker.
§ By default, NDB cluster URL is https://<NDBIP>:8443.
§ NDB supports Google Chrome version 45.x and later, FireFox version 45.x and later, and Internet Explorer version 11 and later.
§ The switchport mode trunk and spanning-tree bpdufilter enable command should be enabled for all the inter-switch ports on all the NDB managed switches.
§ Cisco Nexus switches managed by Cisco Nexus Data Broker in NX-API mode must have LLDP feature enabled. Disabling LLDP may cause inconsistencies and require switch rediscovery for NX-API switches
§ For secured communication between Nexus Data Broker and switch through HTTPS, start Nexus Data Broker in TLS mode for the first time only. Subsequent NDB restarts does not require TLS mode. For more details, refer to Cisco Nexus Data Broker Configuration Guide.
§ The TLS KeyStore and TrustStore passwords are sent to the Cisco Nexus Data Broker so it can read the password-protected TLS KeyStore and TrustStore files only through HTTPS.
./xnc config-keystore-passwords [--user {user} --password {password} --url {url} --verbose --prompt --keystore-password {keystore_password} --truststore-password {truststore_password}.
Here default URL to be - https://Nexus_Data_Broker_IP:8443
§ For the NDB cluster deployment, the roundtrip delay between the cluster nodes should be less than 50 milliseconds. If the round trip delay is more, the NDB cluster behavior is unpredictable and inconsistent.
§ Cisco Nexus 92XX devices does not support the QnQ, you cannot use this switch in the Multi switch environment.
The following features will not be supported in embedded mode deployment of Cisco Nexus Data Broker:
— Adding another NDB device
— Adding APIC for ACI SPAN session
— Adding production device for the SPAN session
— Configuring SPAN session
— Configuring copy device
— Configuring copy sessions
— Scheduling Configuration Backup
— NDB High availability is not supported
— TLS communication between the NDB controller and the switches is not supported
— Secured communication between the browser and NDB controller is not supported
§ A Cisco Nexus Data Broker instance can support either the OpenFlow or NX-API configuration mode, it does not support both configuration modes in the same NDB instance.
§ VLAN based IP filtering is not supported for Nexus Series switch with NxOS version 7.0(3)I6.1. Hence, the filtering fails when you filter the traffic for the following series of switches: 92160YC-X Switch,92300YC Swicth, 9272Q switch, 92304Q Switch, and 9236C Switch.
§ Do not configure TACACS on the NDB switches. You can configure it only for authentication and authorization. Not to be used for accounting.
§ For Cisco NDB Release 3.7, Cisco NX-OS Release versions 7.0(3)I5(1), 7.0(3)I5(2), and 7.0(3)I7(2) are not recommended for NXAPI deployment and Cisco NX-OS Release versions 7.0(3)I5(1) and 7.0(3)I5(2) are not recommended OpenFlow deployments.
§ Cisco Nexus Data Broker Embedded will be supported on NxOS 7.0(I4).1 onwards, and 7.0(3)I6.1 onwards. For more information, see the Nexus Data Broker Hardware and Software Interoperability Matrix section.
The Cisco Nexus Data Broker, Release 3.8 supports the following operating systems for the full visibility software sensors:
Table 2 Cisco NDB Compatibility Information
Device Model |
Cisco Nexus Data Broker Minimum version |
Deployment Mode Supported |
Supported Use Cases |
Cisco Nexus 3000 Series Switch |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation and |
Cisco Nexus 3100 Series Switch |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation and |
Cisco Nexus 3164Q Series Switch |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 3200 Series Switch |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only In-line redirection |
Cisco Nexus 3500 Series Switch |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9200 Series Switch |
Cisco Nexus Data Broker 3.1 or later |
Centralized and Embedded Note: Cisco Nexus 9200 Series switches support only one switch deployment. |
Tap/SPAN aggregation only |
Cisco Nexus 9300 Series Switch |
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation and |
Cisco Nexus 9300-EX Series Switch |
Cisco Nexus Data Broker 3.1 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9300-FX Series Switch |
Cisco Nexus Data Broker 3.5 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9332C Series Switch |
Cisco Nexus Data Broker 3.8 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9364C Series Switch |
Cisco Nexus Data Broker 3.8 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9500 Series Switch Supported Modules: § N9K-X9464TX § N9K-X9464TX
|
Cisco Nexus Data Broker 3.0 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9500-EX Series Switch Supported Modules: § N9K-X97160YC-EX § N9K-X97160YC-EX § N9K-X9732C-EX § N9K-X9732C-EX
|
Cisco Nexus Data Broker 3.5 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 9500-FX Series Switch |
Cisco Nexus Data Broker 3.5 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
Cisco Nexus 31100 Series Switch |
Cisco Nexus Data Broker 3.7 or later |
Centralized and Embedded |
Tap/SPAN aggregation and In-line redirection |
Cisco Nexus 9300-FX2 Series Switch |
Cisco Nexus Data Broker 3.7 or later |
Centralized and Embedded |
Tap/SPAN aggregation only |
The following table lists the hardware and software ineteroperability matrix for NDB Release 3.8.
Table 3 Nexus Data Broker Hardware and Software Interoperability Matrix
Nexus Switch Model(s) |
Implementation Type |
Supported NX-OS Versions |
OpenFlow Agent |
3048/3064/3172 |
OpenFlow |
6.0(2)U6(x), I2(x), and I3(x) |
1.1.5 |
3048/3064/3172 |
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7), 9.3(9). |
2.14 |
3046/3064 |
NX-API |
6.0(2)U6(x), 7.0(3)I4(1) to 7.0(3)I4(8b) |
Not supported |
3172 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7), 9.3(9). |
Not applicable |
3164 |
OpenFlow |
Not supported |
Not supported |
3164 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9). |
Not applicable |
3232 |
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9). |
2.14 |
3232 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9).
|
Not applicable |
3548 |
OpenFlow |
6.0(2)A6(x) and 6.0(2)A8(x). I7(5) and I7(5a), and 9.3(1) (OF agent is not required) 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9) |
1.1.5 |
3548 |
NX-API |
Not supported |
Not supported |
92160/92304 |
OpenFlow |
Not supported |
Not supported |
92160/92304 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9). |
Not applicable |
9372/9396/93128 |
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9). |
2.14 |
9372/9396/93128 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9). |
Not applicable |
9364C/9332C
|
NX-API |
9.2(3) to 9.2(4) and 9.3(1) to 9.3(5), 9.3(7) |
NA |
9364C/9332C |
OpenFlow |
Not supported |
Not supported |
93180LC-EX / 93108TC-EX / 93180YC-EX |
OpenFlow |
Not supported |
Not supported |
93180LC-EX / 93108TC-EX / 93180YC-EX |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9).
|
NA |
93108TC-FX / 93180YC-FX |
OpenFlow |
Not supported |
Not supported |
93108TC-FX / 93180YC-FX |
NX-API |
7.0(3)I7(1) to 7.0(3)I7(6), 7.0(3)I7(9) and 9.2(1) to 9.2(4) , 9.3(1) to 9.3(5), 9.3(7) , 9.3(9). |
Not applicable |
9504/9508/9516 |
OpenFlow |
Not supported |
Not supported |
9504/9508/9516 |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9). |
Not applicable |
31108TC-V / 31108PC-V |
NX-API |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9).
|
Not applicable |
31108TC-V / 31108PC-V |
OpenFlow |
7.0(3)I4(1) to 7.0(3)I4(9), 7.0(3)I6(1), 7.0(3)I7(2) to 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9). |
Not applicable |
9336C-FX2 / 93240YC-FX2 |
NX-API |
7.0(3)I7(5), 7.0(3)I7(5a), 7.0(3)I7(6), 7.0(3)I7(7), 7.0(3)I7(9), 9.2(1) to 9.2(4), 9.3(1) to 9.3(5), 9.3(7) , 9.3(9). |
Not applicable |
N9K-C93360YC-FX2 |
NX-API |
9.3(1) to 9.3(5), 9.3(7) , 9.3(9). |
Not applicable |
The following tables provide the APIC versions supported on NDB.
Table 4 APIC versions supported on NDB
APIC Version |
Cisco Nexus Data Broker Minimum version |
Deployment Mode Supported |
1.1, 1.2 and 2.0 |
NDB 3.0 |
Centralized only |
2.X |
NDB 3.1 and above |
Centralized only |
4.X |
NDB 3.7 and above |
Centralized only |
The following tables provide the scalability limits for Cisco Nexus Data Broker for Centralized Deployment
Table 5 Scalability Limits for Cisco Nexus Data Broker
Description |
Small |
Medium |
Large |
Number of switches used for Tap and SPAN aggregation |
25 |
50 |
75 |
This section contains lists of open and resolved caveats and known behaviors.
This section lists the open caveats. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Description |
|
Direction change should be supported while editing span session. |
|
Unable to configure ports/connections after creating slice user. |
|
Port configuration fails while importing the json file with unsupported characters in the description.
|
|
Export operation does not retrieve Node specific configuration. |
|
Limitations in uploading a configuration that has redirections (bi-directional). |
|
NDB Server backup entries are not shown in the UI after the upgrade. |
|
“Could not commit transaction” exception thrown at NDB. |
This section lists the resolved caveats. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Bug ID |
Description |
NDB3.4: Link color not showing correctly in topology for Port-channel after shut/no shut. |
|
NDB3.4: white space is not allowing while entering description in Description Field in ConnectionTab. |
|
GUI authentication may fail if AAA passes unknown value in cisco-av-pair attribute. |
|
NDB: Switch discovery failure while upgrading/downgrading from 9.2.2 to 9.2.3. |
This section lists the known caveats from the previous releases. Click the bug ID to access the Bug Search tool and see additional information about the bug.
Bug ID |
Description |
Can't match MAC address in IP packet, it will hit deny any any in IP ACLs. |
|
Need Error handling for feature SFLOW with ERSPAN destination since they are mutually exclusive. |
|
TapAgg: MPLS traffic with TTL=0 gets flooded without MPLS label being stripped off. |
|
MPLS tapagg should allow deny ace without redirection option. |
|
Module Serial number instead of Switch serial number in OF statistics. |
|
Unable to attach VLAN access list entry to the interface in NXOS Release 7.0(3)I6.1. |
|
Flows are not installing in switch with simple IPv6 match criteria. |
|
NXAPI w/TACACS authentication failing. |
|
Reconnecting the switch with NXOS I5.2 from NDB periodically. |
|
Device in NDB becomes suddenly disconnected - nginx_f crash. |
|
Openflow - Portchannel links are not seen on NDB, Release 2.1. |
|
Connections are not matched with the VLAN ID of source ports on ISL links with an IPv6 filter. |
|
IPv6 traffic is not hitting appropriate ACL deny entries that are configured with UDF. |
|
Redirect interface is missing from ACL after an upgrade operation. |
|
Disk space not reclaimed in switch I7.x versions while uninstalling Embedded NDB. |
|
Unable to remove MAC ACE using sequence number in Cisco NXOS I7(2) release. |
|
IP ACL with UDF match removes internal VLAN tag in Cisco NX-OS Release 9.3(2). |
|
Re-direct STP, CDP packets similar to LLDP port for Openflow. |
|
After device reload guestshell activation fails due to low memory on devices for NXOS 9.x.x version. |
|
After reloading switch N9372PX-118 in GS it takes more time to send interface details to NDB server. |
|
After device reload guestshell activation fails due to low memory on devices for NXOS 9.3(5) version. |
|
Dot1q-tunnel(QinQ) is not programmed correctly for port-channel members in NXOS 9.3(5). |
|
9508/9516-with 4k VLAN scale modules go to powered down state when upgrading to 9.3.3 and above. |
|
Not seeing timestamptag on interface after configuring the cmds on C9504 platform in nxos 9.3.7. |
|
Username is shown as 'guestshell' irrespective of user executes the guestshell. |
The Cisco Nexus Data Broker documentation can be accessed from the following websites:
Nexus Data Broker Datasheet http://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/nexus-data-broker/data_sheet_c78-729452.html
General Documentation: http://www.cisco.com/c/en/us/support/cloud-systems-management/nexus-data-broker/tsd-products-support-series-home.html
The documentation includes installation information and release notes.
Document |
Description |
Cisco Nexus Data Broker Embedded Deployment Guide |
Describes the deployment Nexus Data Broker on NxOS devices either as a separate NDB virtual service or as a application along with GuestShell+ virtual service |
Cisco Nexus Data Broker Centralized Deployment Guide |
Describes the deployment of Nexus Data Broker in a Linux VM that be used to manage multiple NxOS device for SPAN configuration |
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2019 Cisco Systems, Inc. All rights reserved.