Cisco Nexus Data Broker

deanwebb · August 22, 2017, 01:10:17 PM

https://www.cisco.com/c/en/us/products/collateral/cloud-systems-management/nexus-data-broker/data_sheet_c78-729452.html

Any comments on this? Working with some folks considering this vs. Gigamon. Have not seen this beastie before, am familiar with Gigamon.

I do understand that, unlike Gigamon, this doesn't do packet de-duplication. $:-\$

Otanx · August 22, 2017, 02:56:53 PM

We played with it a little while ago, and while it is a cool idea the actual implementation left a lot to be desired. The web interface was not intuitive, slow, and ugly(the screen shots in your link look a lot better than what they used to have). The configuration of the switch to support it was kind of a pain. Basically you configure it as an Openflow switch, and then the controller does everything. So even though it is Cisco it will not integrate with the rest of your management stuff. It is its own setup. However, it did work. If you don't need the features of the Gigamon like dedup, de-encryption offload, etc then it is much cheaper. We were also worried about support. It seams that the Cisco employees didn't know much about it if they even knew it existed.

Another option, and I did not get to play with this one yet is Arista, and the DANZ (I think?) stuff. The configuration is much easier. It is all in the CLI (or API if you are cool), and it falls in line with the normal management of the switch. The downside of the Arista option is (at least when we looked at it) was you could not be a data broker, and a switch at the same time like you can with the Cisco stuff. The one thing our montiroing team did not like was no single control point for the entire fabric. Each switch is configured separately unlike the Cisco data broker.

One more point is this isn't a vs Gigamon thing. You can use the Cisco or Arista to aggregate, and do basic filtering at a cheaper per port cost, and then feed the aggregation to a Gigamon to do the fancy stuff. This was what we were interested in. We still wanted Gigamon, but when you have a lot of 10G links with low utilization the cost of a Gigamon is prohibitive. So the plan is to connect all SPAN/TAPs to the Cisco/Arista aggregation, and then send it out to a Gigamon on a single 10G, then back out to the Cisco/Arista where it duplicates it to all the tools.

-Otanx

icecream-guy · August 23, 2017, 07:52:18 AM

"Using Cisco Nexus Data Broker and Cisco Nexus switches, Cisco provides a new software-defined approach for monitoring both out-of-band and inline network traffic."

Hey otanx, if you want prohibitive expensive, you need to combine that gigamon with netscout.

deanwebb · August 23, 2017, 08:04:49 AM

Thanks much, Otanx. I have learned something today.

dlots · August 23, 2017, 09:38:13 AM

Didn't dive to deep into it, but it looks like the SDN part requires OpenFlow or the NX-API, so older gear and perhaps non-Cisco gear need not apply. So if they are a pure Nexus shop it's no prob, but I would do some serious investigation if they want Juniper or Astara type stuff.

deanwebb · August 23, 2017, 01:39:33 PM

Quote from: dlots on August 23, 2017, 09:38:13 AM
Didn't dive to deep into it, but it looks like the SDN part requires OpenFlow or the NX-API, so older gear and perhaps non-Cisco gear need not apply. So if they are a pure Nexus shop it's no prob, but I would do some serious investigation if they want Juniper or Astara type stuff.

I see this every now and then with Cisco stuff... there's a cool new thing BUT it works only with Cisco and you usually need new gear and/or an IOS upgrade to get the cool new thing.

NetworkGroover · August 24, 2017, 10:17:56 AM

It uses OpenFlow and as far as I know hasn't had a ton of traction.

If you want a much cheaper option than Gigamon, check out Arista TAPAggregation - could be a fit depending on requirements at a much cheaper price point.

Yes - TAPAgg is part of the Data ANalyZer (DANZ) feature set. I think you'll find the GUI to be much easier to work with - it's like playing with an iPhone app. No controller needed - everything's on the switch. One of the other nice parts is you basically enable the mode on the switch - this means that when you don't want to run it as a TAPAgg device anymore, you can just disable that mode and use it as a regular switch.

Hit up your local Arista rep for a demo.

deanwebb · August 24, 2017, 10:28:57 AM

Quote from: AspiringNetworker on August 24, 2017, 10:17:56 AM
It uses OpenFlow and as far as I know hasn't had a ton of traction.

If you want a much cheaper option than Gigamon, check out Arista TAPAggregation - could be a fit depending on requirements at a much cheaper price point.

Yes - TAPAgg is part of the Data ANalyZer (DANZ) feature set. I think you'll find the GUI to be much easier to work with - it's like playing with an iPhone app. No controller needed - everything's on the switch. One of the other nice parts is you basically enable the mode on the switch - this means that when you don't want to run it as a TAPAgg device anymore, you can just disable that mode and use it as a regular switch.

Hit up your local Arista rep for a demo.

Got links for product info? If it's simply drop the switch inline and use it as a span port thingy for that line, I'm interested.

NetworkGroover · August 25, 2017, 11:34:01 AM

It's not an inline solution - definitely OOB. You take in all inputs from switch SPAN/port mirrors and physical taps and then filter it, truncate it, steer it, etc. to your tools. This helps your tools scale - imagine a situation where you've got 20Gbps of raw data but your tool only supports 10Gbps of processing. You can heavily reduce what your tool has to handle by removing traffic it doesn't need to see.

That's just a 10,000 ft overview of a single use case.

https://www.arista.com/en/solutions/tap-aggregation

deanwebb · August 25, 2017, 01:53:52 PM

Thanks, that helps me out. CounterACT is famous for asking for SPAN ports, so aggregation solutions are very interesting to me. Having an alternative that is less costly than Gigamon, but less Nexus-y than Cisco is good to know about.

NetworkGroover · August 30, 2017, 06:10:05 PM

Quote from: deanwebb on August 25, 2017, 01:53:52 PM
Thanks, that helps me out. CounterACT is famous for asking for SPAN ports, so aggregation solutions are very interesting to me. Having an alternative that is less costly than Gigamon, but less Nexus-y than Cisco is good to know about.

Yessir!

wintermute000 · August 30, 2017, 07:07:55 PM

Aspiring, do you have any literature for product positioning re: DANZ vs specialist stuff like Gigamon or IXIA.

deanwebb · September 07, 2017, 06:56:55 AM

Quote from: wintermute000 on August 30, 2017, 07:07:55 PM
Aspiring, do you have any literature for product positioning re: DANZ vs specialist stuff like Gigamon or IXIA.

Agree, seconding the request for a comparative positioning whitesheet.