Summit X460-G2 and PurView it is possible ?


How integrate Summit X460-G2 with PurView ?

15 replies

I think we will all need to clarify what you are asking. Are you trying to forward traffic from the 460 to the appliance? You have added the switch to NetSight correct?
Userlevel 6
Hi Jarek. You can use X460-G2 as Purview sensor. Feel free to contact the local team directly 🙂 Regards Zdenek
Userlevel 6
Hello, Pala!

Can you, please, give example how configre G2 switch to work as sensor? (or some manuals, or link...)
As I know in the past - there was possibility to sensor only S and K series switches.
In new soft version we can add IdentiFi controller.

I have no information about G2 as sensor.

Thank you!
I had heard there was a trial case running on a very small network in California. It is my understanding that the sampling is whats missing from the 460. The 460 can send the packets to the appliance but does not yet have the ability to only send the first 15 like the SSA does. So your network needs to be small enough for the link to the appliance and the appliance to handle the full load. If someone could correct any errors in my thought process. Thanks
Userlevel 5
All,

The X460 and X460-G2 now (in code level 15.4 and above) fully support IPFIX and in 16.1 now have the n-mirror capability as a beta, although things work just fine but you will not get any support from TAC. In 16.2 the code will be GA, meaning that if you call TAC you will get support if you need it.

For some clarification, there is no sampling with IPFIX in our implementation on XOS, it is at line rate and ALL flows are processed. It is my recommendation that if you are trying to do this on a medium or larger scale please use a G2 model as the CPU has a lot more horsepower to process flows, what I mean is that the ASIC will create the flows but the OS has to send them to the collector (purview or some other device). These models can and are used to be a sensor for Purview with the only condition is that you cannot, based on scale, mirror off your core to say a 460-G1 and expect to capture a 10Gig stream of flows. As the X460 series is a edge or aggregation box, therefore scale is different than what you would expect from a SSA or S Chassis. If you are trying to get started with Purview and/or demo it XOS on a 460 works great. Customers with existing X460 edge deployments will benefit highly as they can possibly add Purview to a an existing installation. In another installment we can, if people like, talk about R-SPAN to get the mirror back over existing uplinks, etc..

Here you go:

The pre-requisites are:
- Netsight/Purview 6.2 and later
- XOS 16.1 and Later

The configuration for XOS is as follows:

•configure ip-fix ip-address 192.168.1.96 protocol udp L4-port 2075 vr “VR-Default” (The port Purview Uses is 2075 - the IP address is your purview appliance)
•configure ip-fix source ip-address 192.168.1.132 vr “VR-Default” (put your switch IP address)
•enable ip-fix ports all
•enable ip-fix

Create a mirror: (Example)

configure mirror defaultmirror to port
configure defaultmirror add port
enable mirror defaultmirror to

To Enable N-Mirror
configure mirror defaultmirror add ip-fix

There are also some new commands added for showing flows:

In 15.7 and later:

show port ip-fix

Give it a shot, works really well!

Bill
Userlevel 6
Bill Stritzinger wrote:

All,

The X460 and X460-G2 now (in code level 15.4 and above) fully support IPFIX and in 16.1 now have the n-mirror capability as a beta, although things work just fine but you will not get any support from TAC. In 16.2 the code will be GA, meaning that if you call TAC you will get support if you need it.

For some clarification, there is no sampling with IPFIX in our implementation on XOS, it is at line rate and ALL flows are processed. It is my recommendation that if you are trying to do this on a medium or larger scale please use a G2 model as the CPU has a lot more horsepower to process flows, what I mean is that the ASIC will create the flows but the OS has to send them to the collector (purview or some other device). These models can and are used to be a sensor for Purview with the only condition is that you cannot, based on scale, mirror off your core to say a 460-G1 and expect to capture a 10Gig stream of flows. As the X460 series is a edge or aggregation box, therefore scale is different than what you would expect from a SSA or S Chassis. If you are trying to get started with Purview and/or demo it XOS on a 460 works great. Customers with existing X460 edge deployments will benefit highly as they can possibly add Purview to a an existing installation. In another installment we can, if people like, talk about R-SPAN to get the mirror back over existing uplinks, etc..

Here you go:

The pre-requisites are:
- Netsight/Purview 6.2 and later
- XOS 16.1 and Later

The configuration for XOS is as follows:

•configure ip-fix ip-address 192.168.1.96 protocol udp L4-port 2075 vr “VR-Default” (The port Purview Uses is 2075 - the IP address is your purview appliance)
•configure ip-fix source ip-address 192.168.1.132 vr “VR-Default” (put your switch IP address)
•enable ip-fix ports all
•enable ip-fix

Create a mirror: (Example)

configure mirror defaultmirror to port
configure defaultmirror add port
enable mirror defaultmirror to

To Enable N-Mirror
configure mirror defaultmirror add ip-fix

There are also some new commands added for showing flows:

In 15.7 and later:

show port ip-fix

Give it a shot, works really well!

Bill

Hi, Bill!

First of all - great thanks!!!
It's very usefull information.

But have some questions:
1. We don't adding any device to Puview? Purview just listen port 2075?
2. Is Summit have to be directly connected to the Purview (with mirror-to port) or we can configure Purview with 3 deployment mode (Interface tunnel mirrored)?
Userlevel 5
Bill Stritzinger wrote:

All,

The X460 and X460-G2 now (in code level 15.4 and above) fully support IPFIX and in 16.1 now have the n-mirror capability as a beta, although things work just fine but you will not get any support from TAC. In 16.2 the code will be GA, meaning that if you call TAC you will get support if you need it.

For some clarification, there is no sampling with IPFIX in our implementation on XOS, it is at line rate and ALL flows are processed. It is my recommendation that if you are trying to do this on a medium or larger scale please use a G2 model as the CPU has a lot more horsepower to process flows, what I mean is that the ASIC will create the flows but the OS has to send them to the collector (purview or some other device). These models can and are used to be a sensor for Purview with the only condition is that you cannot, based on scale, mirror off your core to say a 460-G1 and expect to capture a 10Gig stream of flows. As the X460 series is a edge or aggregation box, therefore scale is different than what you would expect from a SSA or S Chassis. If you are trying to get started with Purview and/or demo it XOS on a 460 works great. Customers with existing X460 edge deployments will benefit highly as they can possibly add Purview to a an existing installation. In another installment we can, if people like, talk about R-SPAN to get the mirror back over existing uplinks, etc..

Here you go:

The pre-requisites are:
- Netsight/Purview 6.2 and later
- XOS 16.1 and Later

The configuration for XOS is as follows:

•configure ip-fix ip-address 192.168.1.96 protocol udp L4-port 2075 vr “VR-Default” (The port Purview Uses is 2075 - the IP address is your purview appliance)
•configure ip-fix source ip-address 192.168.1.132 vr “VR-Default” (put your switch IP address)
•enable ip-fix ports all
•enable ip-fix

Create a mirror: (Example)

configure mirror defaultmirror to port
configure defaultmirror add port
enable mirror defaultmirror to

To Enable N-Mirror
configure mirror defaultmirror add ip-fix

There are also some new commands added for showing flows:

In 15.7 and later:

show port ip-fix

Give it a shot, works really well!

Bill

Alexandr,

I suspected that this would spark some additional questions.. 🙂

Anyway, yes the purview engine will collect the flows and there is nothing else you need to do. To check to make sure you are seeing the flows, on the management interface - example: tcpdump -i udp port 2075 - You should see flows from the switch.

As to the mirror, for testing I suggest directly collecting the mirror to the appliance. We dont support the GRE tunnel method at this time on XOS but we do support R-SPAN. I will post the R-SPAN configuration in a later post here.

Bill
Userlevel 7
Bill Stritzinger wrote:

All,

The X460 and X460-G2 now (in code level 15.4 and above) fully support IPFIX and in 16.1 now have the n-mirror capability as a beta, although things work just fine but you will not get any support from TAC. In 16.2 the code will be GA, meaning that if you call TAC you will get support if you need it.

For some clarification, there is no sampling with IPFIX in our implementation on XOS, it is at line rate and ALL flows are processed. It is my recommendation that if you are trying to do this on a medium or larger scale please use a G2 model as the CPU has a lot more horsepower to process flows, what I mean is that the ASIC will create the flows but the OS has to send them to the collector (purview or some other device). These models can and are used to be a sensor for Purview with the only condition is that you cannot, based on scale, mirror off your core to say a 460-G1 and expect to capture a 10Gig stream of flows. As the X460 series is a edge or aggregation box, therefore scale is different than what you would expect from a SSA or S Chassis. If you are trying to get started with Purview and/or demo it XOS on a 460 works great. Customers with existing X460 edge deployments will benefit highly as they can possibly add Purview to a an existing installation. In another installment we can, if people like, talk about R-SPAN to get the mirror back over existing uplinks, etc..

Here you go:

The pre-requisites are:
- Netsight/Purview 6.2 and later
- XOS 16.1 and Later

The configuration for XOS is as follows:

•configure ip-fix ip-address 192.168.1.96 protocol udp L4-port 2075 vr “VR-Default” (The port Purview Uses is 2075 - the IP address is your purview appliance)
•configure ip-fix source ip-address 192.168.1.132 vr “VR-Default” (put your switch IP address)
•enable ip-fix ports all
•enable ip-fix

Create a mirror: (Example)

configure mirror defaultmirror to port
configure defaultmirror add port
enable mirror defaultmirror to

To Enable N-Mirror
configure mirror defaultmirror add ip-fix

There are also some new commands added for showing flows:

In 15.7 and later:

show port ip-fix

Give it a shot, works really well!

Bill

Thanks Bill, this is great!
Thanks Bill for very useful information. I will test this configuration.
I am interested in setting this up at our shop. We only have 13 employees so I think our 460 G1 will be ok based on what I have read here.

I have two questions:
Do we need a PureView virtual appliance or is it build in?
Userlevel 5
You need a Purview virtual appliance in conjunction with the X460-G1 to make it all work.
Userlevel 3
Hi,
we plan to implement some X670-G2 as Datacenter Switches. Does anything speak against using them as Purview / Analytics sensor? Connected to this switch are four Hypervisors with 100 -200 VMs and independent servers. Is X670-G2 CPU strong enough to manage export flow and n-mirror data to Purview aplliance?
Userlevel 5
HTW,

The X670-G2 does not support the creation of IPFIX records. This requires specific hardware and is only supported in X460-G1 and X460-G2 and some blades on the BD8800 and BDX-8. In order to accomplish what you outline your best bet is to purchase the Analytics Bundle that includes the Sensor and Flow Licenses. Please contact you sales teams for more information.

Bill
Userlevel 3
Hi Bill,
we already have Analytics/Purview feeded from our core S-Series. We can see all traffic which is routed or switched by the cores. But what to do with traffic which only traverses the Datacenter ToR-Switches (X670-G2) f.e. between the servers or betweeen hypervisor or storage in same subnet? IIRC Analytics would only be able to detect this traffic if I could send nMirror and netflow from ToR-Switch towards Analytics Appliance or if I mirror everything. But wouldn't be mirroring full ToR-switch traffic to a sensor be too much?
Userlevel 2
Hi Bill,

will you explain R-SPAN part?

Reply