Solved: Nexus Data Broker - No data hitting PCAP interface

simonprice1 · ‎09-10-2018

Have a simple 2 X 93180YC switches configured with Nexus Data Broker (3.5).

Code on the switches is 7.0(3) I7(1).

Problem seeing is traffic coming into the ingress ports from UCS switches ok. However traffic is not being sent to PCAP tool attached on 1/47 of the switch.

I'm focused on the single switch with a single ingress interface (lots of traffic) and egress to the PCAP tool.

I have built a filter with IP range of interest. In connections this is deployed Priority 2. Got 2 x Priority 1 connections which I can't control/delete. Default-Match-IP/Default-Match-ARP/Default-Match-MPLS on these Default-Deny Filters - Is this my problem?? / Is so how do I remove them?

Looking at Stats > Flows for the switch I see plenty of traffic on the ingress port with Action (Output PCAP Interface) - but traffic stats for PCAP Interface is limited to LLDP_Multicast & CDP traffic. Are those default filters stopping and if so how do I overcome this.

I'm not expert here but thing its all in place to work.....

Andreas Hernandez · ‎09-13-2018

TCAM is OK, same config as I have. It looks like your are missing some prerequisites for the nexus 9k described here: Cisco Nexus Data Broker Configuration Guide, Release 3.5 - Prerequisites

Config:

spanning-tree mode mst
spanning-tree mst 0-4094 priority 4096
vlan 1-3967
no spanning-tree vlan 1-3967

Can you configure those settings in your environment and test again?

View solution in original post

balaji.bandi · ‎09-10-2018

Why not use internal Ethanalyzer and store in PCAP file and upload to destination for analyzing.

https://www.cisco.com/c/en/us/support/docs/switches/nexus-5000-series-switches/116201-technote-ethanalyzer-00.html

Make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Andreas Hernandez · ‎09-12-2018

Are you running NXDB in centralized or embedded mode on those two 9318YC Switches? (having two Prio1. connections makes me think of embedded mode).

On which ports did you attach the UCS? Did you interconnect your NXDB switches? Which ports?

FYI: Priority 1 Connections (Created by Admin) can't be deleted as they are installed on every NXDB switch to prevent traffic flooding when no other forwarding rule is installed. Higher priority rules override those with lower priority so any new connection installed will always overrule the default prio 1 rule.

simonprice1 · ‎09-12-2018

Andreas – Thanks for the reply and you’ve kind of answered my initial query which was on the Admin created filters and the role they played.
We’re running in a centralized model with 2 x 93180 trunked port 1/48 on each switch. Although to simplify this troubleshooting I’m concentrating on a single 93180 with a single Ingress port 1/9 (Border Leaf), configured as Edge SPAN and the Egress 1/47 configured as Delivery port, which connects to the Packet Capture tool
We have 2 X FI & 2 X Border Leaf from ACI SPANNING Traffic in total. Flow Stats show traffic on 1/9 and outputting to 1/47 but something is causing the data not to be sent to the PCAP tool and instead dropped as Port Stats on 1/47 show on the switch

Andreas Hernandez · ‎09-12-2018

Would it be possible to provide us with "show version" and the interface config from the switch you are troubleshooting? Input and output ports would be nice and output from "show running-config | grep 'feature\|tcam\|spanning-tree'"

simonprice1 · ‎09-13-2018

Andreas – Below is the info. Let me know if I’m missing any tcam settings.

Show version = NXOS: version 7.0(3)I7(1)

Input
interface Ethernet1/9
description XXX_BL1
ip port access-group ndb_ipacl_Ethernet1_9 in
ipv6 port traffic-filter ndb_ipv6acl_Ethernet1_9 in
mac port access-group ndb_macacl_Ethernet1_9
switchport
switchport mode trunk
mode tap-aggregation
spanning-tree bpdufilter enable
switchport block multicast
switchport block unicast
no shutdown

Output
interface Ethernet1/47
description PCAP
switchport
switchport mode trunk
mode tap-aggregation
spanning-tree bpdufilter enable
no shutdown

9k-lab# show running-config | grep 'feature\|tcam\|spanning-tree'
feature nxapi
feature scp-server
feature tacacs+
feature lldp
hardware access-list tcam region ing-racl 0
hardware access-list tcam region ing-l3-vlan-qos 0
hardware access-list tcam region egr-racl 0
hardware access-list tcam region ing-ifacl 1024
spanning-tree bpdufilter enable
spanning-tree bpdufilter enable
spanning-tree bpdufilter enable

Andreas Hernandez · ‎09-13-2018

TCAM is OK, same config as I have. It looks like your are missing some prerequisites for the nexus 9k described here: Cisco Nexus Data Broker Configuration Guide, Release 3.5 - Prerequisites

Config:

spanning-tree mode mst
spanning-tree mst 0-4094 priority 4096
vlan 1-3967
no spanning-tree vlan 1-3967

Can you configure those settings in your environment and test again?

simonprice1 · ‎09-17-2018

Andreas – Just to loop back here the spanning tree changes seem to have made the difference and the PCAP tool is now getting traffic following the spanning tree changes.

I'm going to replicate the TCAM and Spanning Tree changes on the 2nd switch in the fabric with incoming traffic and then confirm for sure but at the moment traffic into PCAP aligns to the spanning tree changes on Thursday.

Thanks