The document describes Cisco Nexus Data Broker, which provides a scalable and cost-effective solution for network traffic monitoring. It replaces purpose-built matrix switches with Cisco Nexus switches running Cisco Nexus Data Broker software. This allows flexible tapping and filtering of traffic across switches to replicate traffic to multiple monitoring tools. Key benefits include improved visibility, troubleshooting and compliance at reduced cost compared to conventional approaches.

1. Cisco Nexus Data Broker
Jothi Prakash
June 2, 2016

2. Jothi Prakash
Product Manager
June, 2016
Enable Maximum Visibility With Minimum Complexity
Cisco Nexus Data Broker

3. Why Monitor Network Traffic?
Application PerformanceApplication PerformanceCompliance and
Security
Network Performance
/Troubleshooting

4. Tools
Conventional Packet Broker Deployment Scenario
Production Network
IDS
Video
monitor
Matrix network
Purpose-built
matrix switch
Analytics
Cisco®
SPAN ports
Conventional
Traffic Monitoring
Traffic Filtered
and Forwarded to
Monitoring Tools
Tap Aggregation with Purpose-built Matrix Switch

5. Traffic Pattern Shift within Datacenter
Source: Cisco Global Cloud Index, 2012

6. High cost of conventional matrix switches make
scaling very expensive
Filtering and forwarding are statically
configured, not event driven
Limitation on interconnection of Matrix
Switches to build a scalable topology
Challenges with The Conventional Approach

7. Cisco Nexus Data Broker

8. Cisco Nexus Data Broker Components
Cisco Nexus
3000 Series
3100 Platform
3500 Series
9300 Platform
9500 Platform
+ Cisco Nexus® Data
Broker software
Cisco Nexus Data Broker Software
Cisco Nexus 3000 or 9000 Series Switches
Supported use cases:
Scalable test access point (TAP) and Cisco® Switched Port Analyzer (SPAN) aggregation for out-of-band
network traffic monitoring
Flexible solution for inline traffic monitoring and redirection to security tools
3200 Series
9200 Platform

9. Cisco Nexus Data Broker:
Centralized Deployment
Tools TAP and Cisco® SPAN Aggregation Production Network
Custom
Tools
Optical
TAPs
SPAN
Cisco Nexus 3000 or
9000 Series Switches
Central
tapping point
Java and REST
Cisco Nexus
Data Broker
Cisco Prime™
Network Analysis
Module (NAM)
Security
intrusion detection
system (IDS)
Traffic filtered and forwarded
to one or more
monitoring tools
With Cisco Nexus® Data Broker
Cisco Nexus Data Broker replaces the purpose-built matrix switch with Cisco Nexus
switches for scalable and cost-effective TAP and SPAN aggregation

10. Cisco Nexus Data Broker Embedded Mode
On-Switch Deployment
Production NetworkTools TAP and Cisco® SPAN Aggregation
Cisco Nexus Data Broker software runs on an Cisco Nexus 3000 Series or Cisco Nexus 9300
platform switches
Custom
Tools
SPAN and
ERSPAN
Optical
TAPs
Cisco Nexus
Data Broker and
OpenFlow
REST API for
northbound
application
integration
Cisco
Prime™ NAM
Security IDS
Traffic filtered and forwarded
to one or more monitoring tools
With Cisco Nexus® Data Broker
Cisco Nexus
3000 Series or 9000
platform switches
New

11. Cisco Nexus Data Broker Programming Flows
Cisco Nexus®
Data Broker
HTTP/HTTPS REST API
Cisco Nexus switch Cisco Nexus switch
OpenFlow or Cisco® NX-API OpenFlow or Cisco NX-API

12. Cisco Nexus Data Broker Interfaces
Web-based GUI and REST API to support:
Device management
Monitoring topology view
Troubleshooting
AAA functions
TAP and Cisco® SPAN port definitions
Filter configurations
Connection configuration

13. Cisco Nexus Data Broker
Packet Filtering Features
Packet tagging features at ingress
 Support IEEE 802.1Q encapsulation for source-port tagging
 Perform VLAN and MPLS tag stripping
 Time-stamp packet at ingress based on PTP (IEEE 1588)
 Truncate packet at ingress at set number of bytes (minimum 64 bytes)
Packet filtering capabilities
 Filter based on Layer 1 through Layer 4 information
 Perform Layer 7 filtering for HTTP traffic based on HTTP methods
 Enable bidirectional packet matching
 Support dropping of all matching traffic
Traffic load balancing
 Load-balance traffic to multiple monitoring tools
 Enable symmetric hashing with:
 Layer 3 (IP address) information
 Layer 3 plus Layer 4 (IP address plus protocol plus port) information
I want to see web traffic on
my packet-analysis tool …
Production infrastructure
Traffic monitoring infrastructure
Copy of
production traffic

14. Cisco Nexus Data Broker
Packet Forwarding Features
Multipoint-to-multipoint (MP2MP) traffic
 Specify one or more input ports (TAP or Cisco® SPAN)
 Can replicate and forward traffic to N number of
monitoring tools
 Monitoring tools can be connected to different switches
Any-to-multipoint (A2MP) traffic
 Input port in monitor topology is not known
 Can replicate and forward traffic to N number of
monitoring tools
 Monitoring tools can be connected to different switches
 Programmed flows follow loop-free forwarding path
Complex topologies require
(and Cisco Nexus® Data Broker
provides):
Automation of flow
programming
Capability to automatically adapt
to topology changes

15. Cisco Nexus Data Broker
View and Statistics
 Link use information is available in the topology and the per-rule path view window
Inter-Switch Link (ISL) use
 For each flow on the device, provides packet and byte counters
 Provides per-port statistics for all ports on the switch
Device-level statistics
Per-connection-path view and flow-level statistics

16. Cisco ACI Integration

17. Cisco Nexus Data Broker Integration with Cisco ACI
ToolsTAP and Cisco® SPAN AggregationProduction Network
Cisco Nexus Data Broker integrates with Cisco ACI to provide single point of management
for monitoring configuration
Cisco Prime™
NAM
Security IDS
Other traffic
analyzer tools
Cisco Nexus®
Data Broker
Cisco Nexus 3000 or
9000 Series Switches for
Cisco Nexus Data Broker
Production network: Cisco ACI™
SPAN
BiDi
TAPs
REST interface

18. Cisco ACI Integration Features
All operations performed through Cisco Nexus® Data Broker web GUI or REST API
Cisco® SPAN
Destination
SPAN Sessions
Automated Connection
Setup
 Query Cisco ACI™ leaf
switches
 Designate ports as
SPAN destinations
 Configure access SPAN
in Cisco ACI
 Use multiple source
interfaces across
multiple leaf switches
 Filter traffic based on
EPG
 Set up connections
automatically
 Forward traffic to
monitoring tools
 Support filter setup

19. Cisco Nexus Data Broker:
Demonstration

20. Customer Deployment
Scenarios

21. Scalable Deployment Using Nexus 9000 Series
Customer Benefits
Improve Operations Efficiency
• Get relevant traffic visibility in minutes
• Enable faster troubleshooting through automation
Provide Tool Placement Flexibility
• Replicate traffic to multiple tools across different
switches
Highly Cost Effective
• Cost effective and scalable option with rich feature
set
Monitoring Tool-1 Monitoring Tool-2
Cisco Nexus
9500
Cisco Nexus
9300
Production
Network
SPAN and
Taps
SPAN and
Taps
SPAN and
Taps
Nexus Data
Broker
Large Financial Customer

22. Exisiting Packet Broker Switch
Nexus 3172
with Nexus
Data Broker
Access SPAN
from every
ACI leaf
40G links to
existing
Packet
Broker
Switch
Cisco ACI Infrastructure
Customer Benefits
Seamless insertion
• Enables visibility to both Cisco ACI and
traditional infrastructure
• Works with existing packet broker
solution
Enables Automation
• Robust REST API for programmatic
configurations
• Build feedback loop based on traffic
patterns
Monitoring Traffic in Cisco ACI with Nexus Data Broker
Large Service Provider Customer

23. General Features
and Functions

24. Multiple-Data Center Management Feature
Filtering and forwarding policies for each slice
Statistics collected and presented per slice
Full RBAC functions for each slice
Cisco UCS® Cluster for Cisco Nexus® Data Broker
Cisco Nexus Data
Broker Cluster
Monitoring Network in Data Center 1 Monitoring Network in Data Center 2
Cisco Prime™
NAM
Network TAPs
Network TAPs
Cisco
Nexus 3100
Cisco
Nexus 3100
Cisco
Nexus 3000
Cisco
Nexus 3000
Cisco Prime
NAM
Network TAPs
Network TAPs
Cisco
Nexus 3100
Cisco
Nexus 3100
Cisco
Nexus 3000
Cisco
Nexus 3000
Cisco Prime
NAM
Cisco Prime
NAM
Support for multiple data centers using network slicing concept

25. Cisco Solution Differentiators
Summary
Centralized management through GUI and REST API
 Uses Cisco Nexus® Data Broker
 Supports multiple disjointed monitoring networks
Capability to interconnect multiple monitoring switches to form a topology
 No limit on number of switches and topology model
Transparent replication and redirection of traffic to monitoring tools
connected anywhere in the topology
 Only solution to support any-to-one and any-to-many connections
High-availability support using clustering
Integrated role-based access control (RBAC)
 Supports local deployment of or integration with a corporate or central RBAC server

26. www.cisco.com/go/
nexusdatabroker

28. Thank you for watching.