Packet Broker
Packet Broker
Note: The Arista Networks Packet Broker solution is available on all platforms except NSU, NRU01, NRU02, NRU03, and NRU-S0301 platforms.
The Arista Networks' Packet Broker solution enables users to deploy modular, scale-out, monitoring fabrics with a distributed architecture that allows sharing visibility and security tools located anywhere in the network. Simple and global monitoring fabrics deployed as part of the Network Packet Broker solution feature centralized management capability and function as a 'distributed virtual chassis.' Built on top of NetVisor OS Unified Cloud Fabric, Network Packet Broker does not require specialized software or a proprietary fabric and consequently provides a high degree of flexibility, resiliency, and operational simplicity.
Using tools such as network taps or mirrors, the Network Packet Broker service copies traffic from a production network to the adaptive monitoring fabric's ingress ports. In turn, the monitoring fabric redirects the traffic arriving on the ingress ports to the monitoring tools located geographically apart. This implementation employs VXLAN overlay to transport packets from ingress ports to monitoring tools and features ECMP in the underlay to address link failures.
Network Packet Broker Architecture
The monitoring fabric can be of any physical topology, including leaf-spine, ring, hub-and-spoke, mesh, tree, and others. NetVisor OS allows you to club the ingress or source ports and the destination ports into Virtual Port Groups (vPGs). The vPG construct permits you to flood the traffic that arrives at select source ports to multiple destination ports.
Monitoring Fabric Topology
Reference the example above, a monitoring fabric with a leaf-spine topology. Network taps copy traffic from the production network to the source ports or trunks on Leaf1, Leaf2, Leaf3, and Leaf4. These ports constitute the source vPGs: TAP-GROUP-1, TAP-GROUP-2, and TAP-GROUP-3. The switches Leaf5 and Leaf6 form a cluster. The monitoring tools connect to ports on Leaf5 and Leaf6, which constitute the destination vPGs: TOOL-GROUP-1 and TOOL-GROUP-2.
Note: Before creating the vPGs, you must configure a VXLAN underlay network and VTEPs for the overlay. And, to deploy the Packet Broker fabric that spreads across geographical locations, you must create a Fabric over Layer 3 configuration.
NetVisor UNUM Packet Broker
Selecting Dashboards → Packet Broker → displays important information about the Fabric and/or individual switches within the Fabric.
There are features and functions used in Arista NetVisor UNUM and Insight Analytics that are common throughout the user interface (UI). Please refer to the Common Functions section for more information on the use of these functions and features.
Note: Selecting Dashboards → Packet Broker displays information about a Fabric assuming a fabric was created and added. For more information about creating and adding a Fabric please refer to the ZTP - Zero Touch Provisioning section in this manual.
Select the applicable Fabric from the left-hand navigation bar and the dashboard updates showing all Switch entries from all switches within the Fabric.
Packet Broker Dashboard
When first instantiated, the default Packet Broker dashboard displays as shown below.
Note: Certain images and illustrations depicted below have been edited for clarity, display, differentiation, or example purposes.
NetVisor UNUM Packet Broker Default Dashboard
When configured, the dashboard displays the Virtual Ports Groups, filters, schema, statistics, and vFlow data as illustrated below.
The schema shows the vPG Source, the vPG Destination, and the vPG Service Group and the number of Enabled Rules, Source Ports, Destination Ports, and their respective status.
The Packet Broker Rules dashboard displays the Rule Name, Source Group with Switch/Port/State/Description, Destination Group with Switch/Port/State/Description, Precedence, Enable, and Filter Rule.
The Packet Broker Port Groups dashboard displays vPG Name, Type, and Switch/Port/State/Description.
Each vPG Name entry displays a status arrow indicating the state of the connection, Up or Down, shown as or .
NetVisor UNUM Packet Broker Populated Dashboard
Note: A Packet Broker Service vPG translates into one source and one destination vPG on the switch. All other vPGs are one-to-one.
Packet Broker Legend
The Packet Broker schema displays the status of Ports and Source vPG, Destination vPG, and Service vPG.
NetVisor UNUM Packet Broker Legend
An example is illustrated below.
NetVisor UNUM Packet Broker Dashboard and Legend
In the following example, the Partial Ports Up orange dashed line indicate the vPG exists with up and down ports. In this case, TAP-IX25-IX26 ports are up.
However, the TechPubs_Tool_TechPubs_TAP vPG has no assigned resources. The Port Groups details pane confirms this status, where TechPubs_Tool_TechPubs_TAP does not have a switch and port assignment.
NetVisor UNUM Packet Broker Populated Dashboard -Partial Ports Up - Example
Assigning switch and enabled port resources to TechPubs_Tool_TechPubs_TAP results in an All Ports Up dashboard.
NetVisor UNUM Packet Broker Populated Dashboard - All Ports Up - Example
In the event multiple source and destination vPGs have no assigned resources, the dashboard displays the No Ports Added gray dashed line as shown below.
NetVisor UNUM Packet Broker Populated Dashboard - No Ports Added - Example
When all ports are down, the dashboard displays the All Ports Down red dashed line.
NetVisor UNUM Packet Broker Populated Dashboard - All Ports Down - Example
Search & Filtering
Click on a connection between the vPGs and the schema and dashboard updates with specific information about the selected link.
The Search window updates with the selected Rule.
NetVisor UNUM Packet Broker Dashboard Filter & Link Example
NetVisor UNUM Packet Broker Dashboard Filter & Link Up Example
Enter search criteria in the search box displays matching vPGs, Rules, and Switch-Ports.
NetVisor UNUM Packet Broker Dashboard Filter &Search
Selecting a search result or refining the search updates the dashboard accordingly.
Each vPG Name entry displays a status arrow indicating the state of the connection, Up or Down, shown as or .
NetVisor UNUM Packet Broker Dashboard Filter &Search
Packet Broker Switch Selection
Select a switch from the left-hand navigation bar, and the schema updates with the settings associated with the individual switch selected, as illustrated in the illustration below.
Packet Broker Fabric versus Individual Switch Examples
Schema Indicator Buttons
•Rules Enabled – Displays the number of rules enabled.
•Source Ports – Displays the number of Source Ports and status.
•Destination Ports – Displays the number of Destination ports and status.
Cycling through the Rules Enabled, Source Ports, and Destination Ports indicator buttons update the schema as shown in the illustration below.
NetVisor UNUM Packet Broker Dashboard Buttons
Schema Icons - Interactive Rule Creation
Using the schema icons interactively create a Packet Broker Rule for Source and Destination by selecting an icon.
Note: A Tool Group is synonymous with a Destination Port(s) or Tool Port(s) and is a Destination vPG.
Click on the first icon and then select the second icon while holding the Ctrl and Command key on your keyboard, as illustrated below.
NetVisor UNUM Packet Broker Icons Create Filter
A Packet Broker Rule dashboard displays.
Enter the required parameters which include:
•Rule Name – Name of the rule.
•Source Group – Select the Source Group from the created Port Groups.
•Destination Group – Select the Destination Group from the created Port Groups.
•Attribute – Select the applicable field parameter.
•Value – Enter the value for the attribute.
Attributes
The Additional Fields drop-down selection box allows you to enter the following options:
•tos – ToS number for the vFlow.
•precedence – Traffic priority value between 2 and 15.
•src-ip – Source IP address for the vFlow.
•dst-ip – Destination IP address for the vFlow.
•src-mac – Source MAC address.
•dst-mac – Destination MAC address.
•dscp – 6-bit Differentiated Services Code Point (DSCP) for the vFlow with range 0 to 63.
•src-ip-mask – Source IP address wildcard mask for the vFlow.
•dst-ip-mask – Destination IP address wildcard mask for the vFlow.
•src-mac-mask – Source MAC address to use as a wildcard mask.
•dst-mac-mask – Destination MAC address to use as a wildcard mask.
•in-port – Incoming port for the vFlow.
•vlan – VLAN number for the vFlow.
•src-port – Source port.
•dst-port – Destination port.
•proto – Layer 3 protocol for the vFlow including: ip, icmp, igmp, tcp, udp, and icmpv6.
•ether-type – EtherType for the vFlow including: ipv4, arp, wake, rarp, vlan, ipv6 ,lacp, mpls-uni, mpls-multi, jumbo, dot1x, aoe, qinq, lldp, macsec, ecp, ptp, fcoe, fcoe-init, and qinq-old.
•setvlan – Changes the VLAN of a tagged packet.
•add-outer-vlan – Add a VLAN to the untagged packet and convert a single tagged packet to a double tagged packet.
•inner-vlan – Used to filter QinQ packets based on inner-vlan.
•tcp-flags – Used to filter traffic based on tcp flags such as: SYN, FIN, RST, PUSH, ACK, URG, ECE and CWR.
•vxlan – VXLAN number for the vFlow.
•set-dmac – Set the directional medium access control.
•loopbackport – Used only in conjunction with set-dmac.
•metadata – Metadata number for the vFlow. Supports the use of ICAP fields.
Enter the required parameters and click the icon to Add Field or Add Filter Attribute.
Note: You must add the filter using the icon before clicking Submit.
Multiple Packet Broker Rules
Add multiple PB rules are added by repeating the process adding more fields and rules.
NetVisor UNUM Packet Broker Packet Broker Rule Example
Click Submit to continue or Cancel to return to the previous screen without making any changes.
The Packet Broker Rule adds to the dashboard and the Rules Enabled updates.
NetVisor UNUM Packet Broker Rule Added to Dashboard Example
Packet Broker Dashboard Functions
Select the Cog icon and the applicable function:
•Trigger Discovery – Trigger a Packet Broker discovery selecting Trigger Discovery.
•Add Virtual Port Group – Add a new Virtual Port Group.
•Add Filter Rule – Add a Filter rule.
•Edit Port – Edit a port in a vPG.
Each Rule Name entry displays a status arrow indicating the state of the connection, Up or Down, shown as or .
NetVisor UNUM Packet Broker Dashboard Functions
Trigger Discovery
Trigger a Packet Broker discovery selecting Trigger Discovery.
NetVisor UNUM Packet Broker Dashboard Functions Trigger Discovery
Discovery Status Messages
Following a discovery process the Details dashboard displays a status message when rolling over the Packet Broker status icon.
Success Message
Dashboards Packet Broker - Packet Broker Discovered - Status Message - Success
Failure Message
Dashboards Packet Broker - Packet Broker Discovered - Failure Message
Add Virtual Port Group
Add a new Virtual Port Group selecting Add Virtual Port Group.
Enter the required parameters and click the icon to Add Port or Add vPG.
Note: You must add the port or vPG using the icon before clicking Submit.
Repeat the process to add more ports and vPGs each time clicking Apply. Verify the port settings appear in the configuration dashboard.
NetVisor UNUM Packet Broker Dashboard Functions Add vPG
Click Submit to continue or Cancel to return to the previous screen without making any changes.
The Packet Broker dashboard updates with the new vPGs.
NetVisor UNUM Packet Broker Dashboard Functions Added vPG Dashboard
You create a Filter Rule using by interactively selecting the schema icons.
NetVisor UNUM Packet Broker Dashboard Functions Added vPG Dashboard
Enter the required parameters and then click the icon to Add Field or Add Filter.
Note: You must add the filter using the icon before clicking Submit.
NetVisor UNUM Packet Broker Dashboard Functions Add vPG Filter
Repeat the process to add more fields and rules, as required.
Add Filter Rule
Create a Filter Rule by selecting Add Filter Rule.
Enter the required parameters which include:
•Rule Name – Name of the rule.
•Source Group – Select the Source Group.
•Destination Group – Select the Destination Group.
•Attribute – Select the applicable field parameter.
•Value – Enter the value for the additional field.
Enter the required parameters and then click the icon to Add Field or Add Filter.
Note: You must add the filter using the icon and click Apply before clicking Submit.
Repeat the process to add more fields and rules.
Click Apply to add each filter. The filter must appear as a highlighted blue item otherwise it will not apply. Verify the filter settings appear in the configuration dashboard.
NetVisor UNUM Packet Broker Add Packet Broker Rule
Click Submit to continue or Cancel to return to the previous screen without making any changes.
Edit Port
Using the Cog icon select Edit Port.
Port Options
The Port Options menu provides two options, Edit Configuration and Port Force Linkup.
Select Edit Configuration to make changes to Attributes and their associated Values.
Attributes and the associated Values include:
•Speed – 10M to 400G
•Config State – Enable/Disable
•Autoneg – Enable/Disable
•Jumbo – Enable/Disable
•Crc-check – Enable/Disable
•Fec – Enable/Disable
Select Port Force Linkup to enable or disable the linkup and Mode type, either TX or RX.
NetVisor UNUM Packet Broker Edit Port - Port Options
Select Edit Configuration or Port Force Linkup.
NetVisor UNUM Packet Broker Edit Port - Port Force Linkup
Click Apply to continue.
NetVisor UNUM Packet Broker Edit Port - Port Force Linkup Applied
Click Submit to continue.
In the Rules dashboard, the associated switch and port details update with the port number and the Port Force Linkup Mode.
NetVisor UNUM Packet Broker Rules - Port Force Linkup Example
In the Port Groups dashboard, the associated switch and port details update with the port number and the Port Force Linkup Mode.
NetVisor UNUM Packet Broker Port Groups - Port Force Linkup Example
Port Description
As shown in the following examples, entering a new description for the port and clicking submit updates the Packet Broker dashboard with the new port description.
NetVisor UNUM Packet Broker Edit Port - Original Port Description
Enter a new description.
NetVisor UNUM Packet Broker Edit Port - New Port Description
Click Submit to continue.
The Packet Broker dashboard updates with the new information.
NetVisor UNUM Packet Broker Edit Port - Updated Packet Broker Dashboard
The port description appears in the port roll-over from now on until it is changed again.
NetVisor UNUM Packet Broker Edit Port - Edit Port Updated Rollover Details
The port description details appear in the Manage Ports dashboard.
NetVisor UNUM Packet Broker Edit Port - Manage Ports Description Details
Rules Details Dashboard Functionality
Select the Cog icon and select the applicable function:
•Edit – Modify a Packet Broker Rule.
•Delete – Delete a Packet Broker Rule.
•Rule Stats – Real time display of Rule Stats.
Each Rule Name entry displays a status arrow indicating the state of the connection, Up or Down, shown as or .
NetVisor UNUM Packet Broker Rules Menu
Edit Rule
Select Edit to modify a Packet Broker Rule.
Enter the updated parameters and then click Apply.
Note: You must update the values using Apply before clicking Submit.
NetVisor UNUM Packet Broker Modify Packet Broker Rule Example
Click Submit to continue of Cancel to return to the previous screen.
The Packet Broker Rules dashboard updates with the changes.
NetVisor UNUM Packet Broker Modify Packet Broker Rule Example
Rule Stats
Select Rule Stats and select the applicable rule in the dashboard
Login to the switch.
NetVisor UNUM Packet Broker Login
Click Login to continue of Close to return to the previous screen.
A real-time console session window displays the vflow-stats.
NetVisor UNUM Packet Broker Switch vFlow Real Time Stats
Delete Rule
To delete a Packet Broker Rule select Delete.
NetVisor UNUM Packet Broker Delete Rule
Confirm the deletion by clicking OK. Click Cancel to return to the previous screen without making any changes.
The dashboard updates with the changes.
Bulk Delete Rules
Using the Packet Broker Rules Details pane, select each port group by holding CTRL / Command and click on a row or multiple rows to highlight the rule entries.
The dashboard displays the selected rules, the number of rows chosen, and the total number of entries.
Right click and select Delete.
NetVisor UNUM Packet Broker Bulk Delete Rules
Confirm the deletion.
NetVisor UNUM Packet Broker Bulk Delete Rules -Confirm
Click OK to continue or Cancel to return to the previous screen without making any changes.
Port Groups Dashboard Functions
Select the Cog icon and select the applicable function:
•Add Ports – Add ports to a Port Group.
•Remove Ports – Remove ports from a Port Group.
•Delete – Delete a group.
•Port Stats – Real time Tool Port statistics.
NetVisor UNUM Packet Broker Port Groups Menu
Add Ports to Port Groups
Select Add Ports to add additional ports to a service group.
The vPG Name is pre-populated, select the Type and vPG Options from the drop-down lists and select the Switch and Ports using the interactive port selector.
Enter the required parameters and then click Apply to add the port to the Service Group.
Note: You must click Apply before clicking Submit.
NetVisor UNUM Packet Broker Port Groups - Add Ports To Group
Click Submit to continue of Cancel to return to the previous screen.
The added port appears in the dashboard.
NetVisor UNUM Packet Broker Port Groups Ports Added to Dashboard
Remove Ports from a Port Group
Select Remove Ports from the menu and delete the applicable port. Click the respective entry using the to remove the port(s).
NetVisor UNUM Packet Broker Port Groups Ports Added to Dashboard
Click Submit to continue or Cancel to return to the previous screen without making any changes.
The dashboard updates with the new port data.
Note: In the example above, the port highlighted in red is designated for deletion. The untouched port(s) highlighted in green.
Port Stats
Select Port Stats and select the applicable Switch-Port from the drop-down list.
NetVisor UNUM Packet Broker Switch Port Display Stats
Click OK to continue or Cancel to return to the previous screen.
Login to the switch.
NetVisor UNUM Packet Broker Switch Port Login Screen
Click Login to continue of Close to return to the previous screen.
A real-time console session window displays the switch-port stats.
NetVisor UNUM Packet Broker Switch Port Real Time Stats
Delete a Port Group
Select Delete Group to delete a Port Group.
NetVisor UNUM Packet Broker Delete Port Group
Click OK to continue or Cancel to return to the previous screen without making any changes.
Usage Note: You must first delete any rules associated with the Port Group before attempting to delete the Port Group; otherwise, you will receive an error message.
NetVisor UNUM Packet Broker Delete Port Group Deletion Error Message |
Go to the Rules tab, select the rule associated with the Port Group, and Delete the rule.
Return to the Port Groups tab and select the Port Group associated initially with the rule.
After deleting the Port Group, a success message displays. The dashboard updates with the changes as illustrated below.
Bulk Delete Port Groups
Using the Packet Broker Details pane, select each port group by holding CTRL / Command and click on a row or multiple rows to highlight the port group entries as illustrated in the following examples.
The dashboard displays the selected Port Groups, the number of rows chosen, and the total number of entries.
NetVisor UNUM Packet Broker - Bulk Delete - Select
Right click on select Delete.
NetVisor UNUM Packet Broker - Bulk Delete - Confirm
You must first delete any rules associated with the Port Group before attempting to delete the Port Group; otherwise, you will receive an error message.
Multi-Tenancy Packet Broker
Virtual Port Groups can be grouped and assigned to Tenants. Each tenant is isolated and can independently manage Virtual Port Groups (vPG) and Rules.
In the following example, the TAC_Team UG is assigned privileges to the Packet Broker dashboard using Manage Groups.
NetVisor UNUM Packet Broker - Multi-Tenant - Group Assign- Dashboard
Use Manage Users to create and assign roles.
Packet Broker - User Role
Create the FRG and assign them to the UG.
Packet Broker - Fabric Resource Group
Click Submit to continue.
The FRG appears on the dashboard.
Packet Broker - Fabric Resource Group Manage Groups Dashboard
When TAC_User_1 logs in to NetVisor UNUM, they are presented with their tenant dashboard limited to Packet Broker and the assigned Fabric and resources.
Packet Broker - UG Login
As illustrated below, the TAC_User_1 has access to all Packet Broker functions and can create Port Groups and Rules.
Packet Broker - UG Create Groups and Rules
The vPGs and Rules appear in the Packet Broker dashboard.
Packet Broker - UG Dashboard with vPGs and Rules