Originally published at: Indeni Blog - Network Security News and Insights
New knowledge, in depth analysis and detailed remediation steps have been introduced in release 6.3.x.x. It supports many new critical metrics for the next critical and widely deployed CISCO Data Center NX-OS technologies:
✓ virtual Port Channel (vPC) ✓ Fabric Extender (FEX)
In brief, the Cisco Nexus virtual Port Channel (vPC) is a virtualization technology launched in the mid of 2009 (starting from NX-OS version 4.1(4)) and is supported by the majority of Cisco Nexus Series Switches. The Cisco Nexus vPC technology has been widely deployed and in particular by almost 95% of Cisco Data Centers based on CiscoLive documentation.Now you can deploy Indeni to have real time analysis of the vPC configured features. Alerts will be provided if a vPC issue is raised such as vPC peer-link or keepalive link is down but also if a service degradation occurs due to e.g. vPC type-2 mismatch.
Indeni currently analyzes and automatically validates several important metric related to the NX-OS vPC technology. An indicative list of the current vPC related metrics is provided below:
✓ HSRP & VRRP Active/Standby state change of the vPC cluster members ✓ vPC role configuration/operation status ✓ Connected networks do not match across vPC cluster members ✓ vPC type 1 & 2 consistency status ✓ vPC advanced features and configuration best practices status such as peer-gateway, vPC graceful consistency check, auto- recovery ✓ vPC peer link status or any of the members link vPC status ✓ vPC peer keepalive status ✓ Checks for Domain name of the vPC peers mismatch ✓ Checks for Login banner of the vPC peers mismatch ✓ Checks for NX-OS version of the vPC peers mismatch ✓ Checks for enabled features of the vPC peers mismatch ✓ Checks for Timezone of the vPC peers mismatch
Cisco launched the Nexus 2000 Fabric Extender (FEX) series in 2009. The FEX technology is based on the IEEE 802.1BR standard and is a widely deployed technology to most of the data centers. Indeni can offer analysis and automated validation tasks for major FEX metrics. An indicative list is provided below:✓ FEX connectivity status and service degradation metric ✓ FEX diagnostic metrics which guarantee the optimum operation of the N2k series switch ✓ FEX environmental metrics
Indeni goes beyond proactive analysis and also provides visibility into security vulnerabilities that are difficult to uncover. The Spectre and Meltdown vulnerabilities have been described as the “worst ever CPU bug” which could let attackers steal sensitive data. The Indeni Knowledge Expert team recognized the high severity security risk and developed the required ind scripts to get the relevant Meltdown and Spectre metrics for analysis. The Nexus switches will be analyzed by Indeni and a notification along with detailed remediation steps will be provided to the user in case the conditions for Nexus switch exploitation are enabled. The Indeni database is updated daily to analyze and validate key metrics against more Cisco Security Advisories and Field notices officially published by Cisco.Do you want to see how Indeni analyzes and monitors the Nexus vPC and FEX technologies? Then the following articles on the Indeni web site are for you!:
https://indeni.com/deployment-of-the-cisco-nexus-vpc-technology-and-analysis-by-indeni-part-1/
https://indeni.com/deployment-of-the-cisco-nexus-vpc-technology-and-analysis-by-indeni-part-2/
How can Indeni provide proactive alerting from the Spectre and Meltdown vulnerabilities which has been described as the “worst ever CPU bug”? Read the next article:
https://indeni.com/cisco-nexus-switches-indeni-series/
More and more NX-OS metrics are coming in new Indeni releases. Stay tuned!