Cisco Nexus Dashboard Data Broker Release Notes, Release 3.10.2

Available Languages

Download Options

  • PDF
    (334.7 KB)
    View with Adobe Reader on a variety of devices
Updated:November 23, 2023

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Available Languages

Download Options

  • PDF
    (334.7 KB)
    View with Adobe Reader on a variety of devices
Updated:November 23, 2023
 

     

Introduction

Visibility into application traffic is important for infrastructure operations to maintain security and compliance, and to perform resource planning and troubleshooting. With the technological advances and growth in cloud-based applications, it has become imperative to gain increased visibility into the network traffic. Traditional approaches to gain visibility into network traffic are expensive and rigid, making it difficult for managers of large-scale deployments.

Cisco Nexus Dashboard Data Broker with Cisco Nexus Switches provides a software-defined, programmable solution to aggregate copies of network traffic using SPAN or network taps for monitoring and visibility. As opposed to traditional network taps and monitoring solutions, this packet-brokering approach offers a simple, scalable and cost-effective solution well-suited for customers who need to monitor higher-volume and business-critical traffic for efficient use of security, compliance, and application performance monitoring tools.

Cisco Nexus Dashboard Data Broker also provides a software-defined, programmable solution to perform inline inspection of the network traffic for monitoring and visibility purpose. Inline traffic inspection is performed on specific traffic by redirecting it through multiple security tools before it enters or exits a network.

Note: The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product.

 

Date

Description

November 23, 2023

Updated the Interoperability Matrix table to indicate support for NX-OS releases, 9.3(12) and 10.2(6).

October 30, 2023

Updated the Compatibility Matrix table to indicate support for Nexus C93180YC-FX3 and C9332D-GX2B switches.

March 31, 2023

Updated the Interoperability Matrix table to indicate support for NX-OS release 9.3(10).

March 12, 2023

Updated the Supported APIC Versions table to indicate support for APIC version 5.2(6e).

February 16, 2023

Updated the Interoperability Matrix table to indicate support for NX-OS release 10.3(1).

December 20, 2022

Updated the Interoperability Matrix table to indicate support for NX-OS release 10.2(4).

July 28, 2022

Updated the Interoperability Matrix table to indicate support for NX-OS release 9.3(9).

July 11, 2022

Release 3.10.2 became available.

New Software Features

No new features for this release.  

Enhanced Security Updates

To fix vulnerability issues, the following enhancements have been made in Release 3.10.2:

     Supported Jetty version - 9.4.45

     Supported OSGi version – 3.17.200

Issues

Cisco Bug Search Help Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.Use the Bug Search Tool to search for a specific bug or to search for all bugs in a release.

This section includes the following topics:

     Open Issues

     Resolved Issues

     Known Issues

Open Issues

Open Issues for Cisco Nexus Dashboard Data Broker.

Bug ID                    

Description

Exists In

CSCvk39789

“Could not commit transaction” exception thrown at NDB.

3.7.0 and above

CSCvs65911

Port Channel Configuration is not getting exported.

3.9.0 and above

CSCvt62492

Port-channel operations on ISL links results in failure of Link discovery.

3.9.0 and above

CSCvw91742

Auto-priority connection with intersecting port range filters not working.

3.10.0 and above

CSCvw20966

A NDB shouldn't use "session manager" way for MPLS ACLs configuration.

3.10.0 and above

CSCvw82855

Port-channel is not getting recreated and reconfigured port hit upgrade.

3.10.0 and above

CSCvm65172

Direction change should be supported while editing span session.

3.8.0 and above

CSCvx44167

NDB reprograms ISL ACL/ACEs without any flag enabled.

3.10.0 and above

CSCvy83107

ISL portchannel is attached with port and global acl after upgrade from 3.7 to 3.10.1.

3.10.1 and above

CSCvy56209

RMA of device is not getting successful on upgraded setup.

3.10.1 and above

Resolved Issues

Resolved Issues for Cisco Nexus Dashboard Data Broker.

Bug ID                    

Description

Resolved In

CSCwb50429

Nexus Data Broker - HSTS Missing From HTTPS Server (RFC 6797 & Qualys ID 11827).

3.10.2

 CSCwb47815

Vulnerability on NDB Jetty version.

3.10.2

CSCwb04906

Controller crashes when configuring a span session with ACI-AAEP settings.

3.10.2

CSCvy76473

Inconsistencies seen on upgrade from 3.10.0.a to 3.10.1.

3.10.2

CSCvz99026

Not able to install connection with filter having IPv6/IPV4+VLAN in 10.1(2) NXOS.

3.10.2

Known Issues (NX-OS) 

Bug ID

Description

Exists In

CSCvo85210

NDB Limitation: Can't match MAC address in IP packet, it will hit deny any any in IP ACLs.

9.2.1 and above

CSCvq61822

Need Error handling for feature SFLOW with ERSPAN destination since they are mutually exclusive.

9.2.1 and above

CSCvt15642

Can't match MAC address in IP packet, it will hit deny any any in IP ACLs.

9.2.1 and above

CSCvo21059

MPLS tapagg should allow deny ACE without redirection option.

9.2.2 and above

CSCvt15877

Not able to use ipv6 + vlan on the ISL link.

 7.3.0 and above

CSCvs50998

IP ACL with UDF match removes internal VLAN tag in Cisco NX-OS Release 9.3(2). - Fixed in 9.3(3).

9.3.2

CSCvr01876

Re-direct STP, CDP packets similar to LLDP port for OpenFlow.

7.0.3 and above

CSCvt14639

Not able to convert Layer 2 ports to layer 3 in 9.3(3).

9.3.3

CSCvt03231

ACL with HTTP tcp-option-length redirect statement are not matching traffic correctly in 9.3(3).

9.3.3

CSCvt37799

ERSPAN Dest doesn't work when L2 port with mode tap-aggregation is converted to L3 port in 9.3(3).

9.3.4

CSCvx23944

Duplicate sequence number error in  NXOS 9.3(6).

9.3.6

CSCvx32214

Dot1q-tunnel(QinQ) is not programmed correctly for port-channel members in NXOS 9.3(5).

9.3.5, 9.3.6

CSCvx45678

After device reload Guest Shell activation fails due to low memory on devices for NXOS 9.3(5) version.

9.3.5

CSCvx79293

Not seeing timestamptag on interface after configuring the cmds on C9504 platform in nxos 9.3.7.

9.3.7

CSCvy16218

Username is shown as ‘guestshell’ irrespective of user executes the guestshell.

9.3.7

Compatibility Matrix

The following table lists the compatibility information for Cisco Nexus Dashboard Data Broker, Release 3.10.2.

 

Device

Minimum Cisco Nexus Dashboard Data Broker Version

Supported Use Case

Cisco Nexus 3000 Series Switch

Cisco Nexus 3100 Series Switch

Cisco Nexus 3200 Series Switch

Cisco Nexus 3164Q Series Switch

3.0 or later

Tap/SPAN aggregation

Cisco Nexus 31100 Series Switch

3.7 or later

Tap/SPAN aggregation

Cisco Nexus 9200 Series Switch

3.1 or later

Tap/SPAN aggregation

Cisco Nexus 9300 Series Switch

3.0 or later

Tap/SPAN aggregation

Cisco Nexus 9300-EX Series Switch

3.1 or later

Tap/SPAN aggregation

Cisco Nexus 9300-FX Series Switch

3.5  or later

Tap/SPAN aggregation

Cisco Nexus 9300-FX2 Series Switch

 3.7 or later

Tap/SPAN aggregation

Cisco Nexus 9300-FX3 Series Switch

Supported Modules:

  C93180YC-FX3

 3.10.2 or later

Tap/SPAN aggregation

Cisco Nexus 9300-GX Series Switch

3.10 or later

Tap/SPAN aggregation

Cisco Nexus C9332D-GX2B Switch

3.10.2 or later

Tap/SPAN aggregation

Cisco Nexus 9332C Switch

Cisco Nexus 9364C Switch

3.8 or later

Tap/SPAN aggregation

Cisco Nexus 9500 Series Switch – 9504, 9508, 9516

Supported Modules:

  N9K-X97160YC-EX
  N9K-X9732C-EX
  N9K-X9732C-FX
  N9K-X9736C-EX
  N9K-X9736C-FX
  N9K-X9788TC-FX

 

3.5  or later

Tap/SPAN aggregation

Interoperability Matrix  

The following table lists the hardware and software interoperability matrix for Cisco Nexus Dashboard Data Broker, Release 3.10.2.

Implementation Type: NX-API

Device

Supported NX-OS Versions 

Cisco Nexus 3000 Series Switch1 – 3048, 3064

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9).

Cisco Nexus 3100 Series Switch1 – 3132C-Z, 3172, 3164, 3164Q

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9).

Cisco Nexus 3200 Series Switch – 3232

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.2(4), 10.3(1).

Note: NX-OS release 9.3(12) is supported only on 3232C.

Cisco Nexus 31100 Series Switch

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9).

Note: 31108PCV also supports (besides the releases listed above) NX-OS releases, 9.3(10), 9.3(12), 10.2(4), 10.3(1).

Cisco Nexus 9200 Series Switch - C92304QC1, C92160YC

Note: Cisco Nexus 9200 Series switches support only one switch deployment.

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5), 9.3(7), 9.3(7a), 9.3(8), 9.3(9),10.1(2), 10.2(2).

Cisco Nexus 9300 Series Switch - C93128TX1, C9396TX1

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8), 9.3(9),10.1(2), 10.2(2).

Cisco Nexus 9300-EX Series Switch - C93180LC-EX1, C93180YC-EX, C93108TC-EX

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6), 10.3(1).

Note: NX-OS Releases, 9.3(10), 9.3(12), 10.2(4), 10.2(6), 10.3(1) are supported only on C93108TC-EX.

Cisco Nexus 9300-FX Series Switch - C93108TC-FX, C93180YC-FX

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) 9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.3(1).

 Note: NX-OS Releases, 9.3(10), 10.2(4), 10.3(1) are supported only on C93108TC-FX.  

Cisco Nexus 9300-FX2 Series Switch - N9K-9336C-FX2, 93240YC-FX2

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8), 9.3(9), 10.1(2), 10.2(2), 10.2(3), 10.3(1).

Cisco Nexus 9300-FX2 Series Switch - C93360YC-FX2

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5) ,9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6), 10.3(1).

Cisco Nexus 9300-FX3 Series Switch - C93180YC-FX3

9.3(10), 9.3(12), 10.2(4), 10.2(6), 10.3(1).

Cisco Nexus 9300-GX Series Switch - 93600CD-GX, 9364C-GX,9316D-GX

9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6), 10.3(1).

Note: NX-OS Releases, 9.3(10), 9.3(12), 10.2(4), 10.2(6), 10.3(1) are supported only on 93600CD-GX.

Cisco Nexus 9332C Switch

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a), 9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6), 10.3(1).

Cisco Nexus 9364C Switch

9.3(1), 9.3(2),9.3(3),9.3(4),9.3(5),9.3(7), 9.3(7a),  9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6), 10.3(1).

Cisco Nexus C9332D-GX2B Switch

9.3(10), 10.2(4), 10.2(6), 10.3(1).

Cisco Nexus 9500 Series Switch

Supported Modules:

   • N9K-X9464TX

9.3(1), 9.3(2), 9.3(7), 9.3(7a),  9.3(8), 9.3(9), 9.3(10), 9.3(12), 10.1(2), 10.2(2), 10.2(3), 10.2(4), 10.2(6).

Note: NX-OS Releases 9.3(10), 9.3(12), 10.2(4), 10.2(6), 10.3(1) are supported only on 9504.

Cisco Nexus 9500-EX Series Switch

Supported Modules:

    • N9K-X97160YC-EX

    • N9K-X9732C-EX

9.3(1), 9.3(2), 9.3(7), 9.3(7a), 9.3(8),  9.3(9), 10.1(2), 10.2(2), 10.2(3).

Cisco Nexus 9500-FX Series Switch

Supported Modules:

• N9K-X9732C-FX

9.3(1), 9.3(2), 9.3(7), 9.3(7a), 9.3(8), 9.3(9), 10.1(2), 10.2(2), 10.2(3).

1-   NX-OS Release 10.x(x) is not supported on these platforms.

 

Unsupported Features

Unsupported features for Cisco Nexus Dashboard Data Broker, Release 3.10.2:

     Embedded mode (OVA) deployment in NX-OS version I(4) or lower is not supported.

     Communication between the Nexus Dashboard Data Broker controller and devices using OpenFlow is not supported.

     Inline redirection of traffic is not supported. 

Supported APIC Versions

The table displays the supported APIC versions.

APIC Version

Minimum Cisco Nexus Dashboard Data Broker Version

Supported Deployment Mode

5.2(4d),5.2(4e), 5.2(6e)

3.10.2

Centralized

Verified Scalability Limits

The table displays the supported verified scalability limits.

Description

Small

Medium

Large

Number of switches used for TAP and SPAN aggegation

25

50

75 - 100

 

Guidelines and Limitations

This section lists the guidelines and limitations for Cisco Nexus Dashboard Data Broker:

Specific for Release 3.10.2

     Upgrade from Nexus Data Broker, Release 3.9.2, to Nexus Dashboard Data Broker, Release 3.10.2, is not supported.

     Nexus Dashboard Data Broker, Release 3.10.2 is not supported on ND/vND.

     The recommended RHEL version for deploying Cisco Nexus Dashboard Data Broker, Release 3.10.2 is RHEL 7.7.

     Cisco Nexus Dashboard Data Broker, Release 3.10.2, supports the following versions:

 

Cisco Product

Supported Version(s)

Catalyst 9300-24UB, C9500-32QC1

16.12.02 and above

Catalyst C9200-48PXG, C9200L-24T-4X, C9407R, C9606R

17.03.01 and above

DNAC

2.2.2.4

Nexus 3550-F Fusion L1

1.15.0 and 1.16.0

            1 - C9500 with version 16.12 should have the same show version output as C9300.

General

     A Cisco Nexus Dashboard Data Broker instance can support only the NX-API configuration mode.

     By default, the Nexus Dashboard Data Broker cluster URL is https://<IP_address>:8443

     The switchport mode trunk and spanning-tree bpdufilter enable command should be enabled for all switch ports on all Cisco Nexus Dashboard Data Broker managed switches.

     Cisco Nexus switches managed by Cisco Nexus Dashboard Data Broker in NX-API mode must have LLDP feature enabled. Disabling LLDP may cause inconsistencies and require switch rediscovery for NX-API switches.

     For secured communication between Cisco Nexus Dashboard Data Broker and switch through HTTPS, start the Cisco Nexus Dashboard Data Broker in TLS  mode for the first time only. Subsequent restarts does not require TLS mode.

For more details, see Cisco Nexus Dashboard Data Broker Configuration Guide.

     The TLS KeyStore and TrustStore passwords are sent to the Cisco Nexus Dashboard Data Broker so it can read the password-protected TLS KeyStore and TrustStore files only through HTTPS

./ndb config-keystore-passwords [--user {user} --password {password} --url {url} –verbose --prompt --keystore-password {key-store_password} --truststore-password {truststore_password}

     Cisco Nexus 92xx series switches do not support Q-in-Q; you cannot use this switch in a multi-switch environment.

     Dry Run feature is disabled by default. To enable this feature, see the Configuration Guide.

     Do not configure TACACS on the Cisco NDB devices. You can configure it only for authentication and authorization. It is not to be used for accounting.

Documentation Feedback

To provide technical feedback on this document, or to report an error or omission, send your comments to ciscodcnapps-docfeedback@cisco.com. We appreciate your feedback.

Legal Information

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2023 Cisco Systems, Inc. All rights reserved.

Learn more