Summit X460-G2 and PurView it is possible ?

  • 1
  • 1
  • Question
  • Updated 6 months ago
  • Answered
How integrate Summit X460-G2 with  PurView ?
Photo of Jarek Sobieszek

Jarek Sobieszek

  • 174 Points 100 badge 2x thumb

Posted 3 years ago

  • 1
  • 1
Photo of David Coglianese

David Coglianese, Embassador

  • 5,944 Points 5k badge 2x thumb
I think we will all need to clarify what you are asking. Are you trying to forward traffic from the 460 to the appliance?
You have added the switch to NetSight correct?
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 8,474 Points 5k badge 2x thumb
Hi Jarek.

You can use X460-G2 as Purview sensor.

Feel free to contact the local team directly :)

Regards Zdenek
Photo of Alexandr P

Alexandr P, Embassador

  • 12,042 Points 10k badge 2x thumb
Hello, Pala!

Can you, please, give example how configre G2 switch to work as sensor? (or some manuals, or link...)
As I know in the past - there was possibility to sensor only S and K series switches.
In new soft version we can add IdentiFi controller.

I have no information about G2 as sensor.

Thank you!
Photo of David Coglianese

David Coglianese, Embassador

  • 5,944 Points 5k badge 2x thumb
I had heard there was a trial case running on a very small network in California. It is my understanding that the sampling is whats missing from the 460. The 460 can send the packets to the appliance but does not yet have the ability to only send the first 15 like the SSA does.
So your network needs to be small enough for the link to the appliance and the appliance to handle the full load.

If someone could correct any errors in my thought process.

Thanks
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
All, 

The X460 and X460-G2 now (in code level 15.4 and above) fully support IPFIX and in 16.1 now have the n-mirror capability as a beta, although things work just fine but you will not get any support from TAC. In 16.2 the code will be GA, meaning that if you call TAC you will get support if you need it.  

For some clarification, there is no sampling with IPFIX in our implementation on XOS, it is at line rate and ALL flows are processed.  It is my recommendation that if you are trying to do this on a medium or larger scale please use a G2 model as the CPU has a lot more horsepower to process flows, what I mean is that the ASIC will create the flows but the OS has to send them to the collector (purview or some other device).  These models can and are used to be a sensor for Purview with the only condition is that you cannot, based on scale, mirror off your core to say a 460-G1 and expect to capture a 10Gig stream of flows.  As the X460 series is a edge or aggregation box, therefore scale is different than what you would expect from a SSA or S Chassis.  If you are trying to get started with Purview and/or demo it XOS on a 460 works great. Customers with existing X460 edge deployments will benefit highly as they can possibly add Purview to a an existing installation.  In another installment we can, if people like, talk about R-SPAN to get the mirror back over existing uplinks, etc..

Here you go: 

The pre-requisites are:
- Netsight/Purview 6.2 and later
- XOS 16.1 and Later

The configuration for XOS is as follows:

•configure ip-fix ip-address 192.168.1.96 protocol udp L4-port 2075 vr “VR-Default”  (The port Purview Uses is 2075 - the IP address is your purview appliance)
•configure ip-fix source ip-address 192.168.1.132 vr “VR-Default” (put your switch IP address)
•enable ip-fix ports all
•enable ip-fix

Create a mirror: (Example)

configure mirror defaultmirror to port <port #>
configure defaultmirror add port <port list>
enable mirror defaultmirror to <port>

To Enable N-Mirror
configure mirror defaultmirror add ip-fix

There are also some new commands added for showing flows:  

In 15.7 and later:

show port <port list> ip-fix

Give it a shot, works really well!

Bill
Photo of Alexandr P

Alexandr P, Embassador

  • 12,040 Points 10k badge 2x thumb
Hi, Bill!

First of all - great thanks!!!
It's very usefull information.

But have some questions:
1. We don't adding any device to Puview? Purview just listen port 2075?
2. Is Summit have to be directly connected to the Purview (with mirror-to port) or we can configure Purview with 3 deployment mode (Interface tunnel mirrored)?
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
Alexandr,

I suspected that this would spark some additional questions.. :-)

Anyway, yes the purview engine will collect the flows and there is nothing else you need to do. To check to make sure you are seeing the flows, on the management interface - example: tcpdump -i <mgmt port > udp port 2075   - You should see flows from the switch.

As to the mirror, for testing I suggest directly collecting the mirror to the appliance. We dont support the GRE tunnel method at this time on XOS but we do support R-SPAN.  I will post the R-SPAN configuration in a later post here.

Bill
Photo of Drew C.

Drew C., Community Manager

  • 37,350 Points 20k badge 2x thumb
Thanks Bill, this is great!
Photo of Jarek Sobieszek

Jarek Sobieszek

  • 174 Points 100 badge 2x thumb
Thanks Bill for very useful information. I will test this configuration.
Photo of David Coglianese

David Coglianese, Embassador

  • 5,944 Points 5k badge 2x thumb
I am interested in setting this up at our shop. We only have 13 employees so I think our 460 G1 will be ok based on what I have read here.

I have two questions:
Do we need a PureView virtual appliance or is it build in?
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
You need a Purview virtual appliance in conjunction with the X460-G1 to make it all work.
Photo of htw

htw

  • 1,144 Points 1k badge 2x thumb
Hi,
we plan to implement some X670-G2 as Datacenter Switches. Does anything speak against using them as Purview / Analytics sensor? Connected to this switch are four Hypervisors with 100 -200 VMs and independent servers. Is X670-G2 CPU strong enough to manage export flow and n-mirror data to Purview aplliance?
(Edited)
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
HTW, 

The X670-G2 does not support the creation of IPFIX records.  This requires specific hardware and is only supported in X460-G1 and X460-G2 and some blades on the BD8800 and BDX-8. In order to accomplish what you outline your best bet is to purchase the Analytics Bundle that includes the Sensor and Flow Licenses. Please contact you sales teams for more information.

Bill
Photo of htw

htw

  • 1,144 Points 1k badge 2x thumb
Hi Bill,
we already have Analytics/Purview feeded from our core S-Series. We can see all traffic which is routed or switched by the cores. But what to do with traffic which only traverses the Datacenter ToR-Switches (X670-G2) f.e. between the servers or betweeen hypervisor or storage in same subnet? IIRC Analytics would only be able to detect this traffic if I could send nMirror and netflow from ToR-Switch towards Analytics Appliance or if I mirror everything. But wouldn't be mirroring full ToR-switch traffic to a sensor be too much?
(Edited)
Photo of Ahmed Haroun

Ahmed Haroun

  • 888 Points 500 badge 2x thumb
Hi Bill,

will you explain R-SPAN part?