Proactive Analysis remediation steps introduced for Cisco Nexus Series Switches


New knowledge, in depth analysis and detailed remediation steps have been introduced in release 6.3.x.x. It supports many new critical metrics for the next critical and widely deployed CISCO Data Center NX-OS technologies:

 virtual Port Channel (vPC)
Fabric Extender (FEX)

In brief, the Cisco Nexus virtual Port Channel (vPC) is a virtualization technology launched in the mid of 2009 (starting from NX-OS version 4.1(4)) and is supported by the majority of Cisco Nexus Series Switches. The Cisco Nexus vPC technology has been widely deployed and in particular by almost 95% of Cisco Data Centers based on CiscoLive documentation.

Now you can deploy Indeni to have real time analysis of the vPC configured features. Alerts will be provided if a vPC issue is raised such as vPC peer-link or keepalive link is down but also if a service degradation occurs due to e.g. vPC type-2 mismatch.

Indeni currently analyzes and automatically validates several important metric related to the NX-OS vPC technology. An indicative list of the current vPC related metrics is provided below:

HSRP & VRRP Active/Standby state change of the vPC cluster members
vPC role configuration/operation status
 Connected networks do not match across vPC cluster members
vPC type 1 & 2 consistency status
 vPC advanced features and configuration best practices status such as peer-gateway, vPC graceful consistency check, auto-  recovery
 vPC peer link status or any of the members link vPC status
 vPC peer keepalive status
 Checks for Domain name of the vPC peers mismatch
 Checks for Login banner of the vPC peers mismatch
 Checks for NX-OS version of the vPC peers mismatch
 Checks for enabled features of the vPC peers mismatch
 Checks for Timezone of the vPC peers mismatch

Cisco launched the Nexus 2000 Fabric Extender (FEX) series in 2009. The FEX technology is based on the IEEE 802.1BR standard and is a widely deployed technology to most of the data centers. Indeni can offer analysis and automated validation tasks for major FEX metrics. An indicative list is provided below:

 FEX connectivity status and service degradation metric
 FEX diagnostic metrics which guarantee the optimum operation of the N2k series switch
 FEX environmental metrics

Indeni goes beyond proactive analysis and also provides visibility into security vulnerabilities that are difficult to uncover. The Spectre and Meltdown vulnerabilities have been described as the “worst ever CPU bug” which could let attackers steal sensitive data. The Indeni Knowledge Expert team recognized the high severity security risk and developed the required ind scripts to get the relevant Meltdown and Spectre metrics for analysis. The Nexus switches will be analyzed by Indeni and a notification along with detailed remediation steps will be provided to the user in case the conditions for Nexus switch exploitation are enabled. The Indeni database is updated daily to analyze and validate key metrics against more Cisco Security Advisories and Field notices officially published by Cisco.

Do you want to see how Indeni analyzes and monitors the Nexus vPC and FEX technologies? Then the following articles on the Indeni web site are for you!:

Deployment of the Cisco Nexus vPC technology and Analysis by Indeni (Part 1)

Deployment of the Cisco Nexus vPC technology and Analysis by Indeni (Part 2)

How can Indeni provide proactive alerting from the Spectre and Meltdown vulnerabilities which has been described as the “worst ever CPU bug”? Read the next article:

Cisco Nexus Switches & Indeni Series

More and more NX-OS metrics are coming in new Indeni releases. Stay tuned!

Vasileios Bouloukos
About the author
Vasileios Bouloukos