BRKDCN 1119

#CiscoLive
Introduction to NDFC:
Simplifying Management of
Your Data Center
Parth Patel, Technical Marketing Engineer, Cloud Networking
BRKDCN-1119
#CiscoLive
Cisco Webex app
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install the Webex App or go directly to the Webex space Enter your personal notes here
4 Enter messages/questions in the Webex space
Webex spaces will be moderated https://ciscolive.ciscoevents.com/ciscolivebot/#BRKDCN-1119
by the speaker until June 17, 2022.
#CiscoLive BRKDCN-1119 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
• Introduction to NDFC
• Install and Deployment
• Fabric Automation and Demo
Agenda • Fabric Management

• Fabric Visibility and Monitoring
• Licensing
• Conclusion
The new normal is a hyper-distributed,
extremely diverse IT landscape
SaaS
SaaS
SaaS
SaaS
SaaS
Cloud
providers
Service
Security providers
Colocation
Campus Branch Data center Edge | IOT and OT
And your world is constantly changing…
Campus Branch Data center Edge | IOT and OT
New Name, New Architecture from Release 12.0
Cisco Nexus
Cisco Data Center
Dashboard
Network Manager
Fabric Controller
(DCNM)
(NDFC)
Cisco Nexus Dashboard Powering automation
Unified agile platform
Simple to automate, simple to consume
Cisco Nexus
Dashboard
Insights Fabric Discovery
Fabric Controller
Orchestrator
Data Broker SAN Controller

Consume all services in one place
Private cloud Public cloud Custom/third-party
Cisco Nexus Dashboard Fabric Controller
app accessed through Cisco Nexus Dashboard
Cisco Nexus Dashboard Access NDFC
Benefits Automation Management and Compliance Visibility and Monitoring
NDFC—Comprehensive Data Center Automation Tool
NDFC helps you easily and reliably deploy, operate and maintain VXLAN-EVPN, LAN,
SAN, and Media fabrics for Cisco NX-OS Nexus and MDS infrastructure
and interconnect with public clouds
Management Day 2 with Scale out with

Automation Visibility
ND Insights ND Orchestrator
Accelerate provisioning and In depth Management and Get Centralized Visibility Troubleshoot, Multi-site and cloud
simplify deployments control for all network and Monitoring views plan, grow acceleration
deployments
NDFC addresses challenges by providing comprehensive solution-level control, automation, visibility, monitoring, and integration
NDFC: Install
and Deployment
NDFC 12.0 on Nexus
Dashboard (ND)
Exclusively will run as a service on ND
Supported on both virtual and physical ND
Complete micro-services architecture
3-node active-active cluster with L2 & L3 HA
Benefits
Increased flexibility and scalability Highly customizable Single pane of glass view
NDFC new look and feel
Old New
Benefits
More intuitive to enhance user
React JS based UI Aligns with ND user interface
BRKDCN-1119 experience 13
Cisco NDFC modes
Fabric controller for SAN controller for MDS

Fabric discovery for
LAN and IPFM Fiber Channel
LAN Deployments
Deployments Deployments
No need for mode selection at Selectively enable and disable features for ND fabric discovery selection for
installation time personalized look and feel monitoring capabilities
Cisco Nexus Dashboard Fabric
DCNM 11 to NDFC 12 Form Factors Controller 12.1.1e
NDFC 12.1.1 (3 x pND or 5 x vND)

Switches: 400 managed or 1000 monitor
Managed Mode: <=80 Switches
3-Node Cluster
vND*3
DCNM*2 OVA/ISO 16 vCPUs 32G 500G HDD 3 x NIC App- OVA 16 vCPUs 64G 550G SSD 2xNIC
Node OR
OR
pND*3 SE Appliance
Managed Mode: 350 Switches
Compute nodes 5-Node Cluster

DCNM*2 OVA/ISO 16 vCPUs 32G 500G HDD 3xNIC vND*5
App- OVA 16 vCPUs 64G 550G SSD 2xNIC
Compute*3 OVA/ISO 16vCPUs 64G 500G HDD 3xNIC Node OR
pND*3 SE Appliance
NDFC 12 installation
NDFC installation happens in two major steps:
NDFC
Services
ND ND ND
1 2 3
Nexus Dashboard Cluster
3 Master Nodes
1. Install Nexus Dashboard cluster Platform

Either Virtual OVA [App profile 3 or 5 nodes ] or 3 Physical Cisco Service Engines
2. Install the NDFC service from Cisco DC App Center on top of the Nexus Dashboard Cluster
NDFC 12 installation over ND L2 HA
Nexus Dashboard Network Interface connectivity - vND and pND (SE)
• 2 Interfaces per Node; Management and Data Interfaces Data/Fabric Network

• Mgmt and Fabric/Data interfaces must be in different subnets bond0br
• On each interface, all ND nodes must share the same network
• Associate External (Persistent IPs) for POD stickiness DG: 10.1.1.254
• Minimum of 2 External IPs required for LAN fabric 10.1.1.40
• POD#1 – SNMP TRAP (over ND Mgmt or Data) (EPL)
• POD#2 – SCP (over ND Mgmt or Data)
• POD#3 – EPL (optional; over ND Data only) 10.1.1.10 10.1.1.20 10.1.1.30
• For the pND,

Fabric Network Nexus
(data interfaces)
Active/Standby
Linux bond is used
Dashboard
Cluster 10.2.1.10 10.2.1.20 10.2.1.30
10.2.1.40 10.2.1.50
pND(SE) (SNMP/Trap)
Management Network (SCP)
(mgmt. interfaces)
bond1br
ND Management Network
NDFC 12 installation over ND L3 HA
Cisco Nexus Dashboard Fabric
Controller 12.1.1e
Nexus Dashboard Network Interface connectivity - vND and pND (SE)
• 2 Interfaces per Node; Management and Data Interfaces Data/Fabric Network

• Mgmt and Fabric/Data interfaces must be in different subnets
• On each interface, all ND nodes can be in a different network bond0br
• ND to peer eBGP w/ uplink switches (no support for eBGP Multi-hop) DG: 1.0.0.1 DG: 2.0.0.1 DG: 3.0.0.1
• Associate External (Persistent IPs) for POD stickiness
• Minimum of 2 External IPs required for LAN fabric
100.0.0.1 100.0.0.2
• POD#1 – SNMP TRAP (over Data only) (SCP) (SNMP Trap)
• POD#2 – SCP (over Data only)
AS 65007 AS 65008 AS 65009
• POD#3 – EPL (optional; over ND Data only)
• For L3 HA the External IP Pool must be unique
1.0.0.10 2.0.0.10 3.0.0.10
Fabric Network
• For the pND,
(data interfaces)
Active/Standby Nexus
Linux bond is used
Dashboard
Cluster
4.0.0.10 5.0.0.10 6.0.0.10
pND(SE)
Management Network bond1br
(mgmt. interfaces)
ND Management Network
NDFC 12 connectivity
Option # 1: Switch Mgmt0 is accessed via the ND Mgmt Interface
NDFC 12 RR RR
End-user
Workstation
bond1br
ND cluster Inband
Mgmt. Interface
connection
bond0br
Data Interface
OOB Mgmt0
ND Mgmt. Interface is dedicated to ND Cluster Mgmt. (HTTPs/SSH access, NTP, DNS, Web Proxy, etc..)
ND Mgmt. Interface is used for Switch Mgmt0 (Discovery, Deploy, Monitor, Image Mgmt, POAP etc..)
ND Data/Fabric Interface is used for Endpoint Locator, PMN/PTP Telemetry
List of configuration tasks to enable option 1
Switch Mgmt0 accessed via the ND Mgmt Interface
Fabric OOB Mgmt:

OOB Mgmt (i.e. Switch mgmt0 interfaces) is accessed via the ND Mgmt Interface
o Add static route(s) associated to the ND Mgmt interface pointing to the switches mgmt0
subnet(s)
o Alternatively, the ND Mgmt interface can be configured as part of the same subnet with the
mgmt0 interfaces.
o Define the persistent IP addresses in the ND management subnet
o Used for SCP-POAP, SNMP-Trap
All Inband communication to the fabrics (i.e. via front panel ports) must use the ND Data
interface. Example Endpoint Locator, PMN/PTP Telemetry.
https://www.cisco.com/c/en/us/td/docs/dcn/whitepapers/cisco-nexus-dashboard-fabric-controller-deployment-
guide.html#Introduction
Option # 2: Switch Mgmt0 is accessed via the ND Data Interface
NDFC 12 RR RR
End-user
Workstation
bond1br
ND cluster
Mgmt. Interface Inband
bond0br connection
Data Interface
OOB Mgmt0
ND Mgmt. Interface is dedicated to ND Cluster Mgmt (HTTPs/SSH access, NTP, DNS, Web Proxy, etc..)
ND Data/Fabric Interface is used for Switch OOB and Inband Mgmt. (Discovery, Deploy, Monitor, Image Mgmt,
POAP, etc..)
ND Data/Fabric Interface is used for Endpoint Locator, PMN/PTP Telemetry
Switch Mgmt0 and Front panel interfaces accessed via the ND Data Interface
Fabric OOB Mgmt:

OOB Mgmt (i.e. Switch mgmt0 interfaces) is accessed via the ND Data Interface
o Add static route(s) associated to the ND Data interface pointing to the switches mgmt0
subnet(s).
o Define the persistent IP addresses in the ND Data subnet
o Used for SCP-POAP, SNMP-Trap
o Change the global NDFC setting from “Management” to “Data”.
All Inband communication to the fabrics (i.e. via front panel ports) must use the ND Data
interface. Example Switch Inband mgmt., Inband POAP, Endpoint Locator, PMN/PTP
Telemetry.
Switch Mgmt0 and Front panel interfaces accessed via the ND Data Interface
Special configuration for performing Image management on switches mgmt0 using ND Data interface:
• By default, when a switch mgmt0 is discovered using ND Data interface then NDFC uses “Default VRF” for operations such as
SCP/Image management. As the switch mgmt0 interface is usually not reachable over Default VRF, we will need to perform
the following tasks for image management feature.
• If switches are not added into the fabric then perform Step-1 but if switches are added/already discovered and present in the
fabric then perform Step-2
Step 1: Enable NDFC server settings Step 2: Update discovery VRF per switch
Navigate to NDFC settings > Discovery > Enable the setting Navigate to switches overview > Actions > Discovery > Update VRF
Option # 3: Switch Mgmt0 is accessed via the ND Mgmt. Interface but Image mgmt.
over ND Data
NDFC 12 RR RR
End-user
Workstatio
bond1br
n ND cluster
Mgmt. Interface Inband
connection
bond0br
Data Interface
OOB Mgmt0
ND Mgmt. Interface is dedicated to ND Cluster Mgmt. (HTTPs/SSH access, NTP, DNS, Web Proxy, etc..)
ND Mgmt. Interface is used for OOB Mgmt (Discovery, Deploy, Monitor, POAP etc..)
ND Data/Fabric Interface is used for Image mgmt., Inband Mgmt., Inband POAP, Endpoint Locator, PMN/PTP
Telemetry
Switch Mgmt0 via ND Mgmt. interface and Front Panel accessed via the ND Data
Interface
Fabric OOB Mgmt:

OOB Mgmt (i.e. Switch mgmt0 interfaces) is accessed via the ND Mgmt. Interface
Front panel (i.e. Switch Lo0, SVI interfaces) is accessed via the ND Data Interface
o Add static route(s) associated to the ND Data interface pointing to the switches mgmt0
subnet(s).
o Define the persistent IP addresses used for SCP/POAP/SNMP and associate them to the ND
Data interface.
o Change the global NDFC setting from “Management” to “Data”.
Fabric Inband Mgmt.: All Inband communications to the fabrics (i.e. via front panel ports) must use
the ND Data interface.
Nexus Dashboard
Distributed Cluster Deployment for NDFC
• Master node: Control plane of a cluster.
Performs scheduling tasks when PODs
are instantiated based on resources/load
and maintains state of the cluster.
• Worker node: Horizontal scale-out and

host the application microservices.
NDFC Service on pND
• Standby node: Increasing HA in case of Master Master Master Standby
Master node failure. Only a Standby 50ms RTT
node can be promoted to Master. ND Cluster
OR
• NDFC tolerates failure of up to 1 Master
node. The ND/NDFC cluster goes into
read-only when 2 Master nodes are
down.
NDFC Service on vND App node
Master Master Worker Master Worker Standby
50ms RTT
ND Cluster
DCNM to NDFC migration Run migration script
Y DCNM IPs N
re-used for
ND nodes
Shutdown Deploy ND
DCNM cluster
Deploy ND Add External

cluster Persistent
IPs
Cisco Data Center Cisco Nexus

Add External
Dashboard Persistent Install NDFC
Network Manager IPs App
(DCNM) Fabric Controller

(NDFC) Install NDFC Restore
App Backup file
Restore Shutdown
Backup file DCNM
Nexus Dashboard service connectivity considerations
w/o co-hosting
OOB MGMT Fabric INBAND

*Inter Service communication over Fabric Interface
ND Cluster #1 ND Cluster #2 ND Cluster #3
Nexus Dashboard service connectivity considerations
w/ co-hosting
OOB MGMT Fabric INBAND

*Inter Service communication over Fabric Interface
+
ND Cluster #1 ND Cluster #2
NDFC Co-hosting with ND Insight FYI
+
Nexus Dashboard Cluster
Form Factor ND Version NDFC NDI Version NDFC Mode ND Cluster # NDFC Max
Version Nodes Switches
Physical 2.1(2d) 12.0.2(f) 6.1.1 Fabric 4 50
(pND) Discovery
Physical 2.2(1h) 12.1.1(e) 6.1.2 Fabric 5 50
(pND) Controller
NOTE: For more information on Nexus Dashboard services compatibility and matrix: https://www.cisco.com/c/dam/en/us/td/docs/dcn/tools/nd-sizing/index.html
NDFC backup & restore
NDFC Service Backup Easy Fabric
External Fabric
Multisite Domain (MSD)
NDFC service backup & restore
Config Only Config Only
Full Backup Full Backup

Scheduled Scheduled
Backup Backup
Remote Server (SCP) New NDFC App
Local Workstation Config only or Full

Backup
Restore
Location
• Configuration Backup: Config Intent, Discovery, Credential, and Policies.
• Full Backup: Configuration Backup

charts.
+ historical data like reports, metric
NDFC Fabric backup & restore
What?
NDFC
Backing up all fabric configurations and intents
Backup
automatically or manually
NDFC Backs up Easy Fabrics, as well as External Fabrics,

Classic LAN
Backs up the configurations of member fabrics in an

MSD fabric Globally.
NDFC
Restore switch configuration in External or Classic LAN Restore
fabrics
NDFC Fabric backup & restore
When?
Automatic Hourly backup or Scheduled backups for fabric configurations and intents
NDFC backs up only when there’s a configuration push.
Golden Backup to mark backups as references that you don’t want to delete
Restore configurations of member fabrics in a MSD fabric Globally
NDFC Key
Features-1:
Automation
Automation Automation
Accelerate provisioning from days to minutes
Easy to understand approach to

auto-bootstrapping of entire fabric
Rapid Deployment with Fabric Builder

best practice templates for VXLAN-EVPN
Optimized for both large deployments

and traditional deployment models
Service Insertion and Layer-3 handoff
DevOps friendly
Benefits
Simplify fabric deployments Developer agility VXLAN EVPN Multi-Site
Automate VXLAN EVPN deployments
Provision a new fabric in minutes
Un-provisioned switches Cisco best practice implemented
VXLAN Fabric
Within NDFC
select fabric builder
Fast, automated process

Support for both brownfield and
greenfield deployments
Benefit
Accelerate fabric deployments Automated consistency Minimize risk Support for both Greenfield and Brownfield deployment
Fabric builder
Layer-3 Fabric
Cat9k VXLAN EVPN
VXLAN EVPN
VXLAN EVPN Multisite Domain
External LAN
Day-0 in the life of NDFC
Underlay using Fabric Builder
Create
Define fabric settings – ASN#, Replication Mode,
IGP, Backup schedule, etc.
Discover
Import switches (Supports POAP)
Define Switch Roles and vPC
Recalculate and Deploy

Generates configuration based on intent
VXLAN EVPN Greenfield
Not on VXLAN EVPN Today?
NDFC Fabric Controller Build VXLAN fabric Templates already IP addresses, overlay pool,
Mode in few minutes embed best practices routing profiles, replication
attributes –all taken
care by NDFC
Cisco best practice

Step 2 implemented
Discover
Import switches with POAP or Day-0
config
Define switch Roles (Border, Leaf, Spine,
VXLAN Fabric
etc)
[Optional] Create vPC pairs
Step 1 Step 3
Create Recalculate and Deploy
Define fabric settings (Underlay, Overlay) - Generates config based on intent Fast, automated process
AS#, Replication Mode, IGP, IP Pools, etc. Preview side by side diffs
Day-1 in the life of NDFC – overlay management
4 Deploy 1 Create Network
Deploy configurations to the & VRF
switches Select Fabric and
define VXLAN
Overlays
3 Preview 2 Select
Configuration Switches &
Optionally preview the
overlay intent Interfaces
Overlay attachments
• Top-Down deployment via GUI or REST APIs
• Network/VRF Creation with best-practice Overlay Policies
• Deployment to Switches and/or Interfaces
• Per Network/Per Switch deployment History
• Overlay Resource Manage Tracking for VNIs, VLANs, etc.
VXLAN EVPN Brownfield migration
Already using VXLAN?
Want to use NDFC for managing your fabric?
NDFC fully supports Non-disruptive import Learns topology, all Start Managing fabric as if
Brownfield of existing VXLAN configuration, provisioned from
EVPN deployments associated resources, IP NDFC
subnets, VNIs, VLANs,
etc.
Step 2
Discover
Import switches with Preserve Config
Define switch Roles (Border, Leaf, Spine, etc)
Step 1 Step 3
Create Recalculate and Deploy
Define fabric settings (Underlay, Overlay) -
Sanity checks for mis-config and Normalizes configuration
Match AS#, Replication Mode, IGP, etc.
to best practices
NDFC L4-L7 services integration
• Network orchestration of L4-L7 Service
Appliance attached to a VXLAN EVPN fabric
• Automated guided workflows to define and

peer service nodes. Dynamic PBR and Step 2
Topology Visualization
Route Peering
• No configuration will be done on the service Specify deployment type: Inter-tenant v Intra-tenant
appliance themselves Peering protocols, network parameters, and service IP
Step 1 Step 3
Define Service Node Service Policy
Onboard a service device such as a firewall, load
Optionally specify traffic redirection rules to/from
balancer or VNF. Specify service node name, type,
and interface attachment details the service nodes. Supports PBR for Intra-tenant
Navigate to NDFC LAN menu and Services window
NDFC L4-L7 services integration
use-cases
Virtual & Physical Form Factor
Static & Dynamic Peering
vPC/Non-vPC Attachments
Support for Firewall, Load Balancer, and VNF use-cases
Intra-Tenant Inter-Tenant
PBR PBR
Tenant A Tenant A Tenant B
One-Arm PBR Use-cases Two-Arms
PBR PBR PBR PBR
L4-L7 service node guidelines
Supported on VXLAN EVPN with the Easy_Fabric Template
Enabled on Cisco CloudScale based Nexus 9000 switches
Leaf, Border Leaf, Border Spine, Border Super Spine, vPC Border Gateway
L4-L7 Service node automation using NDFC UI or NDFC REST API
L4-L7 Services generate Kafka Notification for Real-Time Interaction
NDFC does not manage or generate configurations on service nodes. NDFC

automates the switch(es) where the service nodes are connected
Service Node statistics
Service Policy Stats of Redirected Flow
Display Cumulative Statistics from the Service Policy per Switch
Display statistics for a specified time range
LAN Services Select a Expend the Cumulative

Menu Service Policy Service Statistics
Policy
From the Topology – Open the Redirected Flows Icon
Search for Redirected Flows for a particular Service Policy
Highlight Switches which has Service Policy configured
Search for Select the Localized Show Details

Redirected flows Service Policy Service nodes of Flows
VXLAN EVPN Display Cumulative statistics From the Service Policy
Search for Redirected Flows for a Particular Policy
Web App
VXLAN EVPN External Layer-3 connectivity
VRF Lite is used for connecting the fabric to an external Layer 3 domain (N-S)
Each Tenants (VRF) can connect outside the Fabric via a Borders Leaf Node
The Backbone Edge router can be any Layer 3 device

Spine
VRF-Lite Hand-off
Edge Router Border VXLAN Fabric
Leaf
Backbone
App-B
App-A
VXLAN EVPN External Layer-3 connectivity
Pre-requisites and Guidelines
Easy Fabric
Extend Layer-3 services to Nexus 9000, Nexus 7000, Catalyst
9000, ASR 1000, ASR 9000, ASR 8000, NC S500
Spine
Supported role for Easy Fabric: Border, Border Spine, Border
Gateway, Border Gateway Spine, Border Super Spine, and Border
Gateway Super Spine
NDFC automates and auto-deploy Edge router VRF-Lite Border Leaf

configurations when Edge device is a Nexus
*Meta switch in External fabric supported

*A common case when user does not import destination Edge router in NDFC. In this case just create
an empty External fabric.
Edge Router
Layer-3 Ethernet and Port-channel supported
External Fabric
NDFC Seamless Protocol Gateway Integration
Spine
Fault Containment
Seamless Handoff from VXLAN
Fabric to SP Edge – SR/LDP MPLS
Single Switch
MP-iBGP EVPN Control Plane Handoff
VXLAN Data Plane
MPLS Cloud
Separate Admin
MPLS VPN / SR Domains
VTEP Leaf Nodes Border-PE

Scalability
Site 1 Overlay
Future Proofing your DCI as the SP Core evolves
Increase developer agility with NDFC DevOps
Utilize GUI or automation

through APIs
DevOps
Integrations with Ansible
and Terraform
Rest API
Benefits
Accelerate deployments Increase consistency Minimize risk
Controller based approach
User Intention
Automation
Infrastructure
Nexus Dashboard
Fabric Controller
Protocol/
Orchestrator RESTAPI, Ansible, Terraform
Reduced logic complexity in your code, only

focus on workflow
Controller based approach - NDFC
• Full set of RESTAPI support
• Built-in Swagger tool to quickly

test it
• Terraform Provider and Ansible
Collection is shipping
NDFC GUI > https://ND-Mgmt-IP/
NDFC REST API > https://ND-Mgmt-IP/apidocs/
https://ND-Mgmt-IP/appcenter/cisco/ndfc/api/*
* https://ND-Mgmt-IP/appcenter/cisco/ndfc/api/v1/lan-fabric/rest/control/fabrics
Demo: Building
VXLAN EVPN fabric
using NDFC
NDFC Key
Features-2:
Management
Management Control
Single point for management

for data center operations
Optimized for both large deployments
and traditional deployment models
Granular RBAC
Image management
RMA
Scale within and across data centers

with Nexus Dashboard Orchestrator
Management for non-Nexus platforms
Benefits
Reliability Compliance Secure
Optimize your deployments with NDFC
Large deployment Small deployment Multi-site
Benefits
Lower operating expenses Customizable Secure
Configuration compliance
Spine
Ensure fabric consistency
VXLAN Fabric
Continuously monitors if configuration
is compliant with user intent Leaf
Error detection, flag drifts

for remediation
Benefits
Fabric reliability and visibility Operations confidence
Granular Role-Based Access Control (RBAC)
Enhanced RBAC &
Security Domains Orchestrated from ND
Network Access Login Authentication (Local &

Administrator (rights
Administrator (Full
for interfaces
Remote)
admin rights)
management only)
Associate a site to a Security Domain
Device Upgrade
Network
Administrator
Associate a user to a security
Operator (read
only/preview)
(rights for image Domain
management only)
Supports same user to have different

roles for different fabrics
Network
Stager (stage
config/policies on
NDFC only)
Benefit Increases efficiency and further reduces administrative workflows
Streamlined Image and Patch Management for NXOS
Simplify, Speed up, and Mitigate Risks of Errors
Upgrading manually might take a long time and

Why prone to error
Image Management Automates the whole

How Upgrade process.
Automate Software Upgrade for One or a Group

What of Cisco Nexus switches
When Scheduled & On-demand
Streamlined Image and Patch Management for NXOS
3 stage process
Image policy Live status

Maintenance mode update
• Guided workflows
• Switch Grouping Tags
for Bulk upgrade
Image
• Image upgrades, compliance
EPLD upgrades and

downgrades, SMU
Pre and Post
ISSU reports
Benefits
Simplified Intuitive Customizable
Image Management Workflow
1 2
CCO
End-user Image Intent
3
Policy
Workstation
NDFC Mgmt Switch Mgmt0
6
4
NDFC
Discover the switches into Nexus Dashboard Fabric Controller
1 2 3 4 5 6
Validate non-
Upload Create the Attach the Stage the Upgrade the
disruptive
Images Image Policy Image Policy Images switches
upgrade
Return Material Authorization (RMA)
POAP or Manual RMA flow
End-user 4
Workstation
3 NDFC Mgmt Switch Mgmt0
1 2
NDFC
Restore Config
1 From the Fabric Overview, select the concerned switch and Change its Mode to Maintenance
2 Replace the switch with new one
3 Provision RMA and Set the Admin Password (for POAP)
4 Select the device to replace and click Provision RMA
5 Move the device back to Normal Mode (~5 mins for full configuration)
NDFC to NDFC Multi-Site using ND Orchestrator
Cisco Nexus
Dashboard Orchestrator
Site 1 Site 2 Site 3
Benefits
Scale out SSO and DUO MFA for DCI Control between DC DCI connectivity health,
NDFC deployments NDFC, ND Orchestrator, ND and NDFC (multi-site) tunnel path and statistics
Data Center Interconnectivity
Scale out
• 30 Cisco NDFC VXLAN-EVPN fabrics (Starting
NDO 4.0)
• 500 VRFs and networks (L2—1500, L3—1000)
Virtual routing and forwarding stretch
L2/L3 network stretch
BGP EVPN/VXLAN across sites

• Full-mesh
• Centralized to route-server
• Inter-site connectivity automation through BGWs
Static port/VLAN provisioning

London
Tokyo
Los Angeles Visibility
Delhi • Fault information for NDFC objects within NDO
• Tunnel and NDFC object health within NDO
Benefits
End-to-end connectivity and policy between Disaster Recovery, IP Mobility Change control domains Flexible geo-redundancy for Single point of Orchestration
loosely coupled DC sites and Active-Active use cases separation NDFC
Hybrid & Multi-Cloud Roadmap | 2HCY22
Cisco Nexus
Dashboard Orchestrator
Site 1 Site 2 Site 3 Site 4 Site 5

NDFC
Google Cloud
Platform
Consistent Secure Secure

Single Point of Cloud Only
Network Automated Automated
Orchestration (Multi-Cloud)
and Policy Connectivity Connectivity
Evolving Cloud Networking
Roadmap | 2HCY22
Hybrid Cloud Use-Case

Cisco Nexus
Dashboard (Orchestrator)
VXLAN VRF Stretch
Cisco Cloud Router Cisco On-prem

Internet, Colo Router
IPSec VPN Tunnel (Underlay
Public Cloud Data Center BGP EVPN (Control Plane)

On Premises Data Center
VXLAN Tunnel (Data Plane)
Consistent Centralized Visibility VRF stretch and VRF Operational

Secure On-Prem to Cloud Extension Consistency
Management and Deployment Leaking use-cases 69
Non-Nexus platform support
IOS-XE IOS-XR
Cat9k VXLAN EVPN Automation ASR 9000/NCS5500 managed mode
NDFC 12 will support Fabric Builder template for Cisco NDFC 12 will support config management for
IOS-XE: Catalyst 9k VXLAN EVPN automation. IOS-XR devices in External fabrics. Configuration
compliance will also be enabled.
WAN Backbone
IOS-XR
eBGP VRF Lite eBGP VRF Lite

Managed Managed
Cat9k VXLAN EVPN NX-OS VXLAN EVPN
Benefit Increased functionality and support in NDFC for customers deploying non-Nexus switches
NDFC Key
Features-3:
Visibility and
Monitoring
Visibility and monitoring
Visibility
and monitoring
Get comprehensive monitoring
Enhanced topology views
Compute and endpoint visibility
VXLAN OAM support with NDFC
Obtain detailed inventory, health, resource

consumption information on devices
End-to-end visibility, monitoring

and troubleshooting
Integrate with NDI for Day 2 operations
Benefits
Intuitive Deep visibility Enhanced monitoring
NDFC 12 Dashboard
Overall
Fabric Switches
Overall
health configuration
existing
Alarms and status
Events
Switches
inventory by
Switches number of
operational roles
status
Programmable reports
for Image management Switch inventory
and Performance based on different
monitoring hardware and
software versions
NDFC 12 Dashboard
Allow network administrators to focus on daily operation around the health, sync configuration, and
performance of data center switching.
Multiple additional Tabs based on the Features enabled (EPL, VMM, K8s)
Visualize multiple fabrics with topology views
Underlay and
Overlay links
VXLAN Switch
Overlays specific
information
Oper v Config view
Color coded
Compliance
status
NDFC 12 Topology
Operational Color Coding
Operation Configuration
The element is in good health and functioning as intended.
The element is in warning state and requires attention to prevent any further problems
The element has minor issues
The element has major issues and requires attention to prevent any further problems
The element is in critical state and requires immediate attention
The element has not been discovered
NDFC 12 Topology
Configuration Color Coding
Operation Configuration
The element is In-Sync with the intended configuration.
The element has pending deployments.
Indicates that active deployments are in-progress.
The element is Out-of-Sync with the intended configuration.
No support for Configuration Sync/not discovered
NDFC 12 Topology
Switch Logical Links
• Troubleshoot Physical v Logical peering’s

• Routing Protocol state details
• Physical link details such as IP prefix,
Interface speed, Interface mode, and
more…
Switch Performance Metrics
Real Time Switch Health & Performance
Monitoring
New Programmable Report to simplify

Performance visualization
LAN & SAN Fabric Monitoring for CPU,

Memory, Traffic and Interface Utilization
Enabled per Fabric for Easy Fabric, External

and LAN Classic Template (NX-OS)
Email based out-of-band notification can be

used to export reports externally
Switch Performance Monitoring – The Steps
Enable Performance Monitoring Feature from Feature Management
Update SMTP parameters in NDFC server setting for E-mail notification
Enable the Performance Monitoring knob at the Fabric level
Navigate to NDFC Operations and Programmable Reports section to create PM report
Visualize PM reports at Multiple locations: Reports window, Switch overview, Fabric

overview, and main Dashboard window
Monitoring Alarm
Viewing Alarms and Events
Alarms generated for

various categories
History of Cleared Alarm
Manage Alarm Policies
Monitoring Alarm
Create & Activate new Alarm Policies

Device Health Policy
Monitoring Alarm

Interface Health Policy
Monitoring Alarm

Interface Health Policy
Syslog Alarm Policy
Monitoring Alarm
Events generated for the

switches
Display Information
Acknowledge Delete Events
Monitoring Alarm
Accounting Information
Delete Events
NDFC 12 Topology
ngOAM Source & Destination Physical Path of a particular flow
Host to Host path
Topology Menu ☞ Actions ☞ VXLAN
OAM
Switch to Switch path
Monitoring & Troubleshooting

Live path
visualization
Live path
visualization
NDFC Compute Visibility
Virtual Machines Manager Integration (Read Only) and Visibility
Virtual Management Menu ☞ Virtual Infrastructure Manager Tab
Add the Instance of choice: vCenter, K8s cluster or OpenStack cluster

with its reachability information as well as its credential
Expand the view to compute hosts, virtual switches and Virtual Machines.
Select any particular VM and get Networks details up to the Leaf node
From the topology view, enter into the VMM instance to view the Hosts,
virtual Switches and Virtual Machines
Compute Visibility
Display
connected
Physical
Hosts
Display
DVS/vSwit
ch
Display
VMs
Benefit
Single point of management providing in depth visibility and information VMM, Kubernetes, and OpenStack VM level visibility
VMM Visibility Visualise the virtual infrastructure at different layer
vCenter Instance
Hosts DVS VM Display connectivity details
Leaf nodes
Physical Host
DVS
Virtual Machines
Endpoint Locator and Visualizer
NDFC 12 RR RR
Mgmt Interface
ND cluster
Inband
Data Interface Connection
EndPoint Locator relies on Fabric Inband Mgmt to collect EP information, using the ND Data Interface
An endpoint is typically anything with one IP address (IPv4 and\or IPv6) and/or MAC address
NDFC pre-provisions the switches that host the MP-BGP Route Reflector function to peer with them
NDFC contacts the selected RRs and add the appropriate BGP neighbor statements on the RR (Spine)
NDFC 12 RR RR
Mgmt Interface
ND cluster Inband
Connection
Data Interface
The Endpoint Locator (EPL) feature allows Real-time Tracking of Endpoints within a Data Center.
Tracing the Network Life History of Endpoints
Analyze trends associated with endpoint such as additions, removals, moves, and so on
Overlay
count
EPs tracking and

availability
EPs
Active EPs in a connectivity
fabric
EPs per
switches
EPs detailed
information
Benefit
Almost real-time data on active endpoints Single pane of glass for all EP visualization Endpoint life and history Active VRFs and Networks
NDFC with Day 2 operations
Seamless integration with Day 2 operations app NDI for in depth
telemetry analytics
Management Real-time insights
Benefit
Advanced monitoring and troubleshooting capabilities
Cisco Nexus Dashboard Insights
360-degree visibility Analytics Integrate with NDFC
Security
On-prem
resources
Cloud
Other services
Networking
apps
NDI NDFC
ITSM
Network, Digitization, Unprecedented

applications, integrations telemetry, correlation visibility into data
center environments
Nexus Dashboard Insights
Use Cases Identify, Locate, Upgrade impact
Root cause, Remediate Advisories
Error detection, latency,

Mitigate
Packet drops
Prevent outages
Control plane issues
Automated alerts Hardening checks

Software Hardware
Visibility recommendations
Capacity alerts PSIRT notices

Environmental alerts EoS/EoL notices
Correlation TAC assist

Statistical models Topology checker
NDFC Licensing
Easily license your NDFC
Software included with switch subscription licenses
Tier-based
NXOS Essentials, Advantage, Premier
DCN Essentials, Advantage, Premier
Install base (NX-OS) New purchase (NX-OS)
Increased ease of use Less restrictions with Reduced overall licensing

and efficient consumption flexible reporting friction for users
NDFC 12.0 is transitioning to a Smart Licensing only release

NDFC 12.1.1
is out now!
What’s new in 12.1(1) Cisco Nexus Dashboard Fabric
Controller 12.1.1e
Features
L2 ToR visibility and NDFC HA with L3 between Inband management and Co-hosting of NDFC with Interface Group support
management in Easy ND cluster nodes POAP for Easy and NDI for Border devices
Fabric External fabrics
VXLAN Fabric Lo0 Lo0
+
Lo0 Lo0
1.0.0.10 2.0.0.10 3.0.0.10
4.0.0.10 5.0.0.10 6.0.0.10 Nexus Dashboard Cluster

AS 65007 AS 65008 AS 65009 ND Cluster
Enhanced Fabric device Cohesive management and

Flexible and Cost effective Day-1 Overlay operations
Deployment Flexibility onboarding and
fabric design options operations at scale
management
Benefits
What’s new in 12.1(1) Cisco Nexus Dashboard Fabric
Controller 12.1.1e
Features
1-Arm Firewall support
IPv6 underlay support in Switch upgrade groups for Support for IOS-XR based
and multiple virtual NDFC with ND on KVM
VXLAN OAM Image management Cisco 8000 platforms
attachments
Automate and Manage

Advanced troubleshooting Accelerate image Simplify Inter-tenant and
Cisco ASR 8000 series Flexible deployment options
capabilities in IPv6 fabrics management lifecycle DMZ use-cases
routers
Benefits
NDFC Summary
and Benefits
Need new Icons
NDFC solution benefits
Streamlined Automate and Maintain Extensive visibility, Expand your

lifecycle configure your compliance and monitoring and network with
management networks with ease detect errors modernized integrations with
topology views NDO and NDI
Companion sessions – week at a glance
BRKDCN-2267 BRKDCN-2913 BRKDCN-2563
Bits and Bytes
External Connectivity VXLAN BGP EVPN A Day in the Life of a

for VXLAN EVPN Multi-Site VXLAN EVPN Packet
(10:30am-11:15am) (10:30am-11:15am) (8am-8:45am)
BRKDCN-1999 BRKDCN-2012 BRKDCN-3238 BRKDCN-2345

Introduction to VXLAN vPC with VXLAN Overlay Multicast in A Day in the Life of a
(8am-8:45am) (1pm-1:45pm) VXLAN EVPN Multi-Site Packet
(1pm-1:45pm) (9:30am-10:15am)
Monday Tuesday Wednesday Thursday

Control, Design

Introduction to NDFC Automating DCs with Operate vPC with Streaming Telemetry
Operation,
(9:30am-10:15am) NDO and NDFC VXLAN EVPN (1pm-1:45pm)

(1pm-1:45pm) (1pm-1:45pm)

Multi-Tier Fabric RFC5549 in the DC Deploying Nexus Elastic Service
(1pm-1:45pm) (4pm-4:45pm) Dashboard Redirection
(2:30pm-3:15pm) (1pm-1:45pm)
Technical session surveys
• Attendees who fill out a minimum of four
session surveys and the overall event
survey will get Cisco Live branded socks!
• Attendees will also earn 100 points

in the Cisco Live Game for every
survey completed.
• These points help you get on the

leaderboard and increase your chances
of winning daily and grand prizes.
Pay for Learning with
Cisco Learning Credits
Cisco learning and certifications (CLCs) are prepaid training
vouchers redeemed directly
From technology training and team development to Cisco certifications and learning with Cisco.
plans, let us help you empower your business and career. www.cisco.com/go/certs
Learn Train Certify

Cisco U. Cisco Training Bootcamps Cisco Certifications and
IT learning hub that guides teams Intensive team & individual automation Specialist Certifications
and learners toward their goals and technology training programs Award-winning certification
program empowers students
Cisco Digital Learning Cisco Learning Partner Program and IT Professionals to advance
Subscription-based product, technology, Authorized training partners supporting their technical careers
and certification training Cisco technology and career certifications
Cisco Guided Study Groups
Cisco Modeling Labs Cisco Instructor-led and 180-day certification prep program
Network simulation platform for design, Virtual Instructor-led training with learning and support
testing, and troubleshooting Accelerated curriculum of product,
technology, and certification courses Cisco Continuing
Cisco Learning Network Education Program
Resource community portal for Recertification training options
certifications and learning for Cisco certified individuals
Here at the event? Visit us at The Learning and Certifications lounge at the World of Solutions
• Visit the Cisco Showcase
for related demos
• Book your one-on-one

Meet the Engineer meeting
• Attend the interactive education

with DevNet, Capture the Flag,
Continue and Walk-in Labs
your education • Visit the On-Demand Library

for more sessions at
www.CiscoLive.com/on-demand
BRKDCN-1119 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Thank you
#CiscoLive
#CiscoLive

BRKDCN 1119

Uploaded by

Copyright:

Available Formats

You might also like

BRKDCN 1119

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKDCN 1119

Uploaded by

Copyright:

Available Formats

#CiscoLive

4 Enter messages/questions in the Webex space

Webex spaces will be moderated https://ciscolive.ciscoevents.com/ciscolivebot/#BRKDCN-1119

by the speaker until June 17, 2022.

Agenda • Fabric Management

Campus Branch Data center Edge | IOT and OT

Campus Branch Data center Edge | IOT and OT

Insights Fabric Discovery

Data Broker SAN Controller

Cisco Nexus Dashboard Access NDFC

Benefits Automation Management and Compliance Visibility and Monitoring

Management Day 2 with Scale out with

Supported on both virtual and physical ND

Complete micro-services architecture

3-node active-active cluster with L2 & L3 HA

Fabric controller for SAN controller for MDS

DCNM 11 to NDFC 12 Form Factors Controller 12.1.1e

NDFC 12.1.1 (3 x pND or 5 x vND)

Managed Mode: <=80 Switches

Managed Mode: 350 Switches

Compute nodes 5-Node Cluster

1. Install Nexus Dashboard cluster Platform

• 2 Interfaces per Node; Management and Data Interfaces Data/Fabric Network

• For the pND,

Nexus Dashboard Network Interface connectivity - vND and pND (SE)

• 2 Interfaces per Node; Management and Data Interfaces Data/Fabric Network

ND Data/Fabric Interface is used for Endpoint Locator, PMN/PTP Telemetry

Fabric OOB Mgmt:

ND Data/Fabric Interface is used for Endpoint Locator, PMN/PTP Telemetry

Fabric OOB Mgmt:

Fabric OOB Mgmt:

• Worker node: Horizontal scale-out and

Deploy ND Add External

Cisco Data Center Cisco Nexus

(DCNM) Fabric Controller

OOB MGMT Fabric INBAND

ND Cluster #1 ND Cluster #2 ND Cluster #3

OOB MGMT Fabric INBAND

Multisite Domain (MSD)

Full Backup Full Backup

Remote Server (SCP) New NDFC App

Local Workstation Config only or Full

• Configuration Backup: Config Intent, Discovery, Credential, and Policies.

• Full Backup: Configuration Backup

NDFC Backs up Easy Fabrics, as well as External Fabrics,

Backs up the configurations of member fabrics in an

NDFC backs up only when there’s a configuration push.

Restore configurations of member fabrics in a MSD fabric Globally

Accelerate provisioning from days to minutes

Easy to understand approach to

Rapid Deployment with Fabric Builder

Optimized for both large deployments

Service Insertion and Layer-3 handoff

Simplify fabric deployments Developer agility VXLAN EVPN Multi-Site

Fast, automated process

Recalculate and Deploy

Cisco best practice

• Network/VRF Creation with best-practice Overlay Policies