Prerequisites: Insights

Requirements for Insights

This section describes additional requirements and guidelines if you plan to enable the Insights service. Ensure that you have already satisfied the platform-level requirements described in the Prerequisites and guidelines for all enabled services section.

  • Starting with Nexus Dashboard release 3.1.1, Cisco DC App Center connectivity has been removed from Nexus Dashboard because downloading the services separately is no longer required.

    To deploy Insights, download the unified installation image from the Software Download page; individual services' installation images are no longer available from the Cisco DC App Center.

  • For Nexus Dashboard Insights service, the data network must provide IP reachability to the following:

    • The in-band network of each fabric and of the APIC.

    • The DNS server.

    • For Panduit PDU integration, to the Panduit PDU server.

    • For External Kafka integration, to the External Kafka server (consumer).

    • For SysLog integration, to the SysLog server.

    • For Network-Attached Storage integration, to the Network-Attached Storage server.

    • For VMware vCenter integration, to the VMware vCenter.

    • For AppDynamics integration, to the AppDynamics controller.

  • If you are using the Insights service with NDFC fabrics or have SFLOW/NetFlow enabled, the data network interfaces must be Layer 2 adjacent.

  • You must allocate the following number of persistent IP addresses depending on your use case.

    For an overview of persistent IP functionality, see Prerequisites and guidelines for all enabled services.

    For Cisco ACI fabrics:

    • Nexus Dashboard Insights without Netflow or Panduit PDU integration: 0 IP needed in data network.

    • Nexus Dashboard Insights with Panduit PDU integration: 1 IP (if using IPv4) and the integration is not supported with pure IPv6 stack.

    • Nexus Dashboard Insights with Netflow and with/without Panduit PDU integration : 8 IPs (if using IPv4) and 6 IPs (if using IPv6) in data network.

    For NDFC fabrics:

    • 8 IP addresses (if using IPv4) and 6 IP addresses (if using IPv6) in data network.

    For standalone NX-OS switches:

    • 10 IP addresses (if using IPv4) and 8 IP addresses (if using IPv6) in data network.

    Allocating persistent IP addresses is done after the cluster is deployed using the External Service Pools configuration in the UI, as described in the Cisco Nexus Dashboard User Guide.

  • Connectivity between the nodes is required on both networks with the following additional round trip time (RTT) requirements:

    Table 1. Insights RTT Requirements

    Connectivity

    Maximum RTT

    To switches

    150 ms

  • Nexus Dashboard Insights does not suport Layer 3 adjacency.

Communication Ports for Insights

In addition to the ports required by the Nexus Dashboard cluster nodes (listed in a previous section), the following ports are required by the Insights service.


Note

By default, Insights requires connectivity only between data interfaces of Nexus Dashboard cluster nodes and in-band IP of the switches. However, if a switch becomes unavailable, then Insights will attempt to connect to the OOB IP of the switches using the cluster nodes' management or data interface (depending on the route settings).

Table 2. Nexus Dashboard Insights Ports (Data Network)

Service

Port

Protocol

Direction

In—towards the cluster

Out—from the cluster towards the fabric or outside world

Connection

Show Techcollection

2022

TCP

In/Out

In-band of switches and APIC/NDFC

Flow Telemetry

5640-5671​

UDP

In

In-band of switches

TAC Assist

8884

TCP

In/Out

Other cluster nodes

KMS

9989

TCP

In/Out

Other cluster nodes and ACI fabrics

Kafka

30001

TCP

In/Out

In-band IP of switches and APIC/NDFC

SW Telemetry

5695​

30000

57500

30570

TCP

In/Out

Other cluster nodes

Fabric Requirements for Insights

Additional Prerequisites for ACI Fabrics

If you plan to use the Insights service with ACI fabrics:

  • You must not on-board NDFC fabrics to the same cluster as ACI fabrics.

  • You can on-board standalone NX-OS switches in the same cluster as ACI fabrics but with a reduced scale and in physical clusters only.

    • For a 3-node cluster, you can have up to 15 standalone NX-OS switches (of the total 300 switches supported).

    • For a 6-node cluster, you can have up to 50 standalone NX-OS switches (of the total 1000 switches supported).

  • You have configured NTP settings on Cisco APIC.

    For more information, see Configure NTP in ACI Fabric Solution.

  • If you plan to use the flow telemetry functions in Nexus Dashboard Insights, Telemetry Priority must be selected in the ACI fabric node control policy.

    In Cisco APIC, choose Fabric > Fabric Policies > Policies > Monitoring > Fabric Node Controls > <policy-name> > Feature Selection to select Telemetry Priority. Monitoring <policy-name> should be attached to Fabric > Fabric Policies > Switches > Leaf/Spine Switches > Profiles > .

  • If you plan to use the flow telemetry functions in Nexus Dashboard Insights, Precision Time Protocol (PTP) must be enabled on Cisco APIC so that Nexus Dashboard Insights can correlate flows from multiple switches accordingly

    In Cisco APIC, choose System > System Settings > PTP and Latency Measurement > Admin State to enable PTP.

    The quality of the time synchronization via PTP depends on the accuracy of the PTP Grandmaster (GM) clock which is the source of the clock, and the accuracy and the number of PTP devices such as ACI switches and IPN devices in between.

    Although a PTP GM device is generally equipped with a GNSS/GPS source to achieve the nanosecond accuracy which is the standard requirement of PTP, microsecond accuracy is sufficient for Nexus Dashboard Insights and its flow telemetry, hence a GNSS/GPS source is typically not required.

    For a single-pod ACI fabric, you can connect your PTP GM via leaf switches. Otherwise, one of the spine switches will be elected as a GM. For a multi-pod ACI fabric, you can connect your PTP GM via leaf switches or via IPN devices. Your IPN devices should be PTP boundary clocks or PTP transparent clocks so that ACI switch nodes can synchronize their clock across pods. To maintain the same degree of accuracy across pods, it is recommended to connect your PTP GM via IPN devices.

    See section "Precision Time Protocol" in Cisco APIC System Management Configuration Guide for details about PTP connectivity options.

  • You have configured in-band management as described in Cisco APIC and Static Management Access.

  • If one or more DNS Domains are set under DNS Profiles, it is mandatory to set one DNS Domain as default.

    In Cisco APIC, choose Fabric > Fabric Policies > Policies > Global > DNS Profile > default > DNS Domains and set one as default.

    Failure to do so will result in the same switch appearing multiple times in the Nexus Dashboard Insights Flow map.

  • Deploy ACI in-band network by configuring EPG using the following:

    • Tenant = mgmt

    • VRF = inb

    • BD = inb

    • Node Management EPG = default/<any_epg_name>

  • Nexus Dashboard’s data-network IP address and ACI fabric’s in-band IP address must be in different subnets.

Additional Prerequisites for NDFC Fabrics or Standalone NX-OS Switches

If you plan to use the Insights service with NDFC fabrics or Standalone NX-OS switches:

  • You must not on-board ACI fabrics to the same cluster as NDFC fabrics.

  • You must not on-board standalone NX-OS switches to the same cluster as NDFC fabrics.

  • You can on-board standalone NX-OS switches in the same cluster as ACI fabrics but with a reduced scale and in physical clusters only.

    • For a 3-node cluster, you can have up to 15 standalone NX-OS switches (of the total 300 switches supported).

    • For a 6-node cluster, you can have up to 50 standalone NX-OS switches (of the total 1000 switches supported).

  • The data network must have IP reachability to the fabrics' in-band or out-of-band IP addresses.


    Note

    If you are using the Flow Telemetry feature, the data network must have IP reachability to the fabric's in-band IP addresses.

  • To enable Flow Telemetry or Traffic Analytics, Precision Time Protocol (PTP) must be configured on all nodes you want to support with Nexus Dashboard Insights.

    In both managed and monitor fabric mode, you must ensure PTP is correctly configured on all nodes in the fabric. You can enable PTP in NDFC easy fabric setup's Advanced tab by checking the Enable Precision Time Protocol (PTP) option.

    The PTP Grandmaster Clock should be provided by a device that is external to the network fabric. Using Cisco Nexus 9000 series switches as PTP Grandmaster is not supported.


    Note

    N9k-C93180YC-FX3 switch in the fabric can be used as a PTP GM.

    The quality of the time synchronization via PTP depends on the accuracy of the PTP Grandmaster (GM) clock which is the source of the clock, and the accuracy and the number of PTP devices along the network path. Although a PTP GM device is generally equipped with a GNSS/GPS source to achieve the nanosecond accuracy which is the standard requirement of PTP, microsecond accuracy is sufficient for Nexus Dashboard Insights and its flow telemetry, hence a GNSS/GPS source is typically not required.

    For details about configuring Precision Time Protocol on Nexus switches using NDFC, Cisco NDFC LAN Fabric Configuration Guide.

    For details about manually configuring Precision Time Protocol on Nexus switches, see Cisco Nexus 9000 Series NX-OS System Management Configuration Guide.