Installing and Configuring the DMF Recorder Node

This chapter describes how to perform the installation, initial configuration, and upgrade of the DMF Recorder Node. It includes the following sections.

 

Overview

The DMF Recorder is a traffic recording appliance consisting of software provided by Arista Networks, running on servers provided by Dell, Inc.

The Recorder records packets from the network to disk and recalls specific packets from disk quickly, efficiently, and at scale. The Recorder is integrated with DMF for a single-pane-of-glass. A single DMF Controller can manage multiple Recorders, delivering packets for recording through Out-of-Band policies. The controller also provides central APIs for interacting with Recorders to perform packet queries.

An DMF Out-of-Band policy directs matching packets to be recorded to one or more Recorders. The out-of-band policy defines the switch and port used to attach the Recorder to the fabric. The policy treats these as “dynamic” delivery interfaces and adds them to the policy with unique names. The DMF Controller also provides commands for viewing errors, warnings, statistics, and the status of connected Recorders.

The Recorder provides an OpenFlow agent that collects statistics and health information from the Controller. The OpenFlow agent also allows the Controller to configure the Recorder, eliminating the need for to separately administer any Recorder directly during normal operation. To the DMF Controller, the OpenFlow agent causes the Recorder to appear as a special type of switch. You can use the REST API to directly query the Recorder.

The DMF Recorder Node is based on the Dell 740 server hardware and is available with the following interfaces.
  • Two management interfaces (10/100/1000 Mb/s)
  • One serial interface (db9)
  • One VGA interface
  • Two USB ports
  • One dedicated IDRAC port
Note: It is recommended to have an iDRAC connection to the DMF Controller, DMF Service Node, Arista Analytics Node and DMF Recorder Node appliances. This helps in easy troubleshooting of issues. Please refer to the chapter on “Using iDRAC” later in this guide for more details.
The DMF Recorder Nodes storage capacity and the bandwidth provided by the data interfaces. DMF Recorder Node
  • 192 TB packet storage capacity
  • Two 25-Gb SFP ports
  • Two 10Gb Copper ports
The following figure illustrates the bezel on the larger (HWA) DMF Recorder Node.
Figure 1. DMF Packet Recorder Node (HWA) Front Panel


1 System identification button / indicator 4 LCD panel
2 Packet Recorder Node Security Bezel 5 Power-on indicator / Power button
3 LCD menu buttons 6 USB ports
The following figure illustrates the front panel of the DMF Recorder Node.
Figure 2. DMF Recorder Node (HWA) Front Panel


1 Information Tag
2 Video connector
3 Micro USB (not supported)
4 Hard drives

The following figure illustrates the rear panel of the DMF Recorder Node.

Figure 3. DMF Recorder Node (HWA) Rear Panel
1 Ethernet connector 1 – Aux. interface 9 Ethernet connector 4 – Packet Recorder Node management. Backup, port 2 (10/100/1000 Mb/s)
2 Ethernet connector 2 – 25-GbE SFP+ Packet Recorder Interface 10 Ethernet connector 3 – Packet Recorder Node management. Active, port 1 (10/100/1000 Mb/s)
3 SSD drives 11 USB ports
4 Power Supply 1 12 Video connector
5 Power Supply 2 13 Serial connector (Default Baud Rate 115200)
6 PSU status indicators 14 iDRAC Ethernet interface
7 Ethernet connector 6 – Not supported 15 System identification button
8 Ethernet connector 5 – Not supported 16 System identification indicator

DMF Recorder Installation Procedure

Pre-Requisite: A fresh installation of the DMF Recorder Node is required to upgrade to Release 7.1.x from earlier releases. To install the Recorder software on a Dell server, complete the following steps:
  1. Rack the DMF Recorder Node Appliance.
    The appliance interfaces are on the rear of the device, where the power cord is connected.
  2. Connect the bottom leftmost Recorder management interface (Gb 10) to the management network.
  3. Log in via the serial port or SSH using the admin account name. The baud rate is 115200.
  4. Insert a bootable USB drive in the DMF Recorder Node USB port.
    Refer to Appendix Creating a USB Boot Image to make a bootable USB drive.
  5. Power cycle the appliance.
  6. Press F11 to select the Boot Manager to allow booting from USB.
    Figure 4. System Boot Manager Screen
  7. Select One-shot BIOS Boot Menu.
    The Boot Manager screen is displayed as shown in the following figure.
    Figure 5. Boot Manager Main Menu
     
  8. Select the USB drive.
    Figure 6. Boot Menu
  9. Respond to the system prompt to login in using the admin account: 
    recorder-node login: admin
(Press Control-C at any time to cancel and start over)
This product is governed by an End User License Agreement (EULA).
You must accept this EULA to continue using this product.
You can view this EULA from our website at:
https://www.arista.com/en/eula
Do you accept the EULA for this product? (Yes/No) [Yes] >
  10. Type Yes to accept the EULA, which is required to use the product. To view the EULA, type View, or refer to https://www.arista.com/en/eula.
    The system displays the following messages. 
    Running system pre-check
Finished system pre-check
Starting first-time setup
  11. Configure the recovery password. 
    Emergency recovery user password >
Emergency recovery user password (retype to confirm) >
Hostname > dmf-pr-740
  12. Configure IP addresses for the management network and DNS servers. 
    [1] IPv4 only
[2] IPv6 only
[3] IPv4 and IPv6
> 1
IPv4 address [0.0.0.0/0] > 10.9.32.21/24
IPv4 gateway (Optional) > 10.9.32.1
DNS server 1 (Optional) > 10.3.0.4
DNS server 2 (Optional) >
DNS search domain (Optional) > qa.arista.com
Administrator password >
Administrator password (retype to confirm) >
Controller address if deployment mode is preconfigured (L3 ZTN) (Optional) > 10.111.35.101
  13. If the DMF Recorder Node is connected to DMF Controller by a Layer 3 device (such as a router) in preconfigured (L3 ZTN) mode, enter the Active DMF Controller IP address.
  14. Configure the administrator password. 
    Administrator password >
Administrator password (retype to confirm) >
  15. Configure the NTP servers. 
    -----------
Default NTP servers:
- 0.bigswitch.pool.ntp.org
- 1.bigswitch.pool.ntp.org
- 2.bigswitch.pool.ntp.org
- 3.bigswitch.pool.ntp.org
NTP server options:
[1] Use default NTP servers
[2] Use custom NTP servers
[1] > 1
  16. Confirm the settings. 
    Please choose an option:
[ 1] Apply settings
[ 2] Reset and start over
[ 3] Update Recovery Password (*****)
[ 4] Update Hostname (dmf-pr-740)
[ 5] Update IP Option (IPv4 only)
[ 6] Update IPv4 Address (10.9.32.21/24)
[ 7] Update IPv4 Gateway (10.9.32.1)
[ 8] Update DNS Server 1 (10.3.0.4)
[ 9] Update DNS Server 2 (<none>)
[10] Update DNS Search Domain (qa.arista.com)
[11] Update Admin Password (*****)
[12] Update NTP Option (Use default NTP servers)
[1] >
The system displays the following messages.
[Stage 1] Initializing system
[Stage 2] Configuring local node
Waiting for network configuration
IP address on bond0 is 10.9.32.21
Generating cryptographic keys
[Stage 3] Configuring system time
Initializing the system time by polling the NTP servers:
0.bigswitch.pool.ntp.org
1.bigswitch.pool.ntp.org
2.bigswitch.pool.ntp.org
3.bigswitch.pool.ntp.org
[Stage 4] Configuring cluster
Cluster is already configured
First-time setup is complete!
  17. To complete the configuration, press Enter.

Initial Configuration - GUI

After completing the installation, refer to the DANZ Monitoring Fabric 8.4 User Guide to configure and operate the Recorder.

GUI Procedure

To use the DMF GUI to configure the Recorder, complete the following steps.

  1. Select Monitoring > Packet Recorders from the main menubar.
    Figure 7. Provision Packet Recorder
  2. Type a name for the Recorder
  3. Identify the MAC address of the Recorder appliance NIC connected to DMF.
    If the MAC address has been discovered, you can choose it from the selection list.
  4. Click Save.
  5. Click the Provision control (+) at the top of the Interfaces section.
    Figure 8. Provision Packet Recorder
  6. Type an identifying name for the Recorder interface.
  7. Select the switch and interface to use for receiving traffic to record.

Initial Configuration - CLI

CLI Procedure

To use the DMF CLI to perform the basic Recorder configuration, complete the following steps.

  1. Assign a name to the Recorder: 
    (config)# packet-recorder device bt-recorder3
  2. Set the MAC address of the Recorder. 
    controller-1(config-packet-recorder)# mac 18:66:da:fb:6d:b4
    If the management MAC is unknown, you can determine it from the chassis ID of connected devices.
    controller-1> show connected-devices
>SwitchIF NameDMF name SPAN?Device Name Device Description Chassis ID Port ID Port DescriptionManagement AddressProtocol
- |-------- |------- |------- |----- |------------ |--------------------------- |----------------- |---------------- |---------------- |------------------ |------- |
1bt-lb9-1ethernet 50 Falsebt-recorder3dmf-recorder-node,SNHLZYHH218:66:da:fb:6d:b43c:fd:fe:1f:0f:82 enp 130s0f110.4.100.200 LLDP
  3. Enable the Recorder. 
    controller-1(config-packet-recorder)# record
  4. Define the Recorder interface name. 
    controller-1(config)# packet-recorder device pr-intf-1
controller-1(config-packet-recorder)#
    You can assign any alphanumeric identifier for the name of the Recorder interface, which changes the submode to config-bigtap-pkt-rec.
  5. Assign a switch and interface and optionally provide a text description. 
    controller-1(config-packet-recorder))# description 'Delivery point for packet-recorder'
controller-1(config-packet-recorder)# packet-recorder-interface switch
00:00:70:72:cf:c7:cd:7d ethernet37
  6. Identify the Recorder interface by name in an Out-of-Band policy: 
    controller-1(config)# policy pkt-rec
controller-1(config-policy)# use-packet-recorder pr-intf-1
  7. Configure the DMF policy to Identify the traffic to send to the Recorder. 
    controller-1(config-policy)# 1 match any
controller-1(config-policy)# filter-interface sw1-fil1
    The following example forwards all traffic received in the monitoring fabric on filter-interface sw1-fil1 to the Recorder interface. Below is an example of the packet-recorder configuration: 
    packet-recorder pr-intf-1
description 'Delivery point for packet-recorder'
packet-recorder-interface switch 00:00:70:72:cf:c7:cd:7d ethernet37

policy pkt-rec
action forward
filter-interface sw1-fil1
use-packet-recorder pr-intf-1
1 match any

Changing the Recorder Node Default Configuration

Configuration settings are automatically downloaded to the Recorder node from the DMF controller, which eliminates the need for box-by-box configuration. However, you can override the default configuration for a Recorder node from the config-packet-recorder submode for any Recorder node.
Note: In the current release, these options are available only from the CLI, and are not included in the DMF GUI.
To change the CLI mode to config-packet-recorder, enter the following command from config mode on the Active DMF controller. 
controller-1(config)# packet-recorder device <instance>

Replace instance with the alias you want to use for the Recorder Node. This alias is associated with the MAC hardware address, using the mac command.

Use any of the following commands from config-packet-recorder submode to override the default configuration for the associated Recorder node.
  • banner: Set recorder-node pre-login banner message
  • mac: Configure MAC address for recorder-node name
Additionally, the below configurations can be overridden to use values specific to the recorder node or can also be used in a merge-mode along with the configuration inherited from the Controller.
  • ntp: Configure packet-recorder to override default timezone and NTP parameters
  • snmp-server: Configure packet-recorder SNMP parameters and traps
  • logging: Enable packet-recorder logging to controller
  • tacacs: Set TACACS defaults, server IP address(es), timeouts and keys
To configure the recorder node to override the configuration inherited from the Controller, execute the following commands at the config-packet-recorder submode:
  • ntp override-global: Override global time config with packet-recorder time config
  • snmp-server override-global: Override global snmp config with packet-recorder snmp config
  • snmp-server trap override-global: Override global snmp-trap config with packet-recorder snmp-trap config
  • logging override-global: Override global logging config with packet-recorder logging config
  • tacacs override-global: Override global tacacs config with packet-recorder tacacs config
To configure the recorder node to work in a merge mode by merging its specific configuration with that of the Controller, execute the following commands at the config-packet-recorder submode:
  • ntp merge-global: Merge global time config with packet-recorder time config
  • snmp-server merge-global: Merge global snmp config with packet-recorder snmp config
  • snmp-server trap merge-global: Merge global snmp-trap config with packet-recorder snmp-trap config
  • logging merge-global: Merge global logging config with -packet-recorder logging config

Tacacs configuration does not have a merge option. It can either be inherited completely from the Controller or overridden to use only the recorder node specific configuration.