Installing and Configuring the DMF Recorder Node

This chapter describes the installation, initial configuration, and upgrade of the DMF Recorder Node.

 

Overview

The DANZ Monitoring Fabric (DMF) Recorder Node (RN) is a traffic recording appliance with Arista Networks software running on Dell, Inc. servers.

The RN records packets from the network to disk and retrieves specific packets from disk quickly, efficiently, and at scale. It integrates with DMF for a single-pane-of-glass solution. A single DMF Controller can manage multiple RNs, delivering packets for recording through out-of-band policies. The Controller also provides centralized APIs for interacting with RNs to perform packet queries.

A DMF out-of-band policy directs the recording of matching packets to one or more RNs. The out-of-band policy references the switch and port where the RN is attached to the fabric. The policy treats these as “dynamic” delivery interfaces identified by unique names. The DMF Controller also provides commands for viewing errors, warnings, statistics, and the status of connected RNs.

The RN provides an agent that collects statistics and health information from the Controller. The agent also allows the Controller to configure the RN, eliminating the need to administer any RN directly during normal operation separately. To the DMF Controller, the agent causes the RN to appear as a special type of switch. Use the REST API to query the RN directly.

The DMF Recorder Node appliance is based on Dell server hardware supporting the interfaces mentioned in Figure 3. For a detailed hardware specification, refer to the DMF Hardware Guide.
Note: Arista recommends using an iDRAC connection to the DMF Controller, DMF Service Node, Arista Analytics Node, and DMF Recorder Node appliances. This connection helps with troubleshooting issues. For more details, refer to the chapter on Using iDRAC later in this guide.

 

The RN's storage capacity and data interfaces are:

  • 192 TB packet storage
  • 25 GbE recording interface
  • 25 GbE auxiliary interface

Connect the RN's data interface (shown in Figure 3) to a DMF delivery switch, where traffic is delivered after it is processed.

 

The following figure illustrates the bezel on the larger (HWA) DMF Recorder Node.
Figure 1. DMF Recorder Node (HWA) Front Panel


1 System identification button/indicator 4 LCD panel
2 Recorder Node Security Bezel 5 Power-on indicator / Power button
3 LCD menu buttons 6 USB ports

 

The following figure illustrates the front panel of the DMF Recorder Node.
Figure 2. DMF Recorder Node (HWA) Front Panel

1 Information Tag
2 Video connector
3 Micro USB (not supported)
4 Hard drives

 

The following figure illustrates the rear panel of the DMF Recorder Node.

Figure 3. DMF Recorder Node (HWA) Rear Panel
1 Ethernet connector 1 – Aux. Interface 9 Ethernet connector 4 – Recorder Node management. Backup, port 2 (10/100/1000 Mb/s)
2 Ethernet connector 2 – 25-GbE SFP+ Recorder Node Data Interface 10 Ethernet connector 3 – Recorder Node management. Active, port 1 (10/100/1000 Mb/s)
3 SSD drives 11 USB ports
4 Power Supply 1 12 Video connector
5 Power Supply 2 13 Serial connector (Default Baud Rate 115200)
6 PSU status indicators 14 iDRAC Ethernet interface
7 Ethernet connector 6 – Not supported 15 System identification button
8 Ethernet connector 5 – Not supported 16 System identification indicator

DMF Recorder Installation Procedure

Prerequisite: To install the Recorder Node (RN) software on a Dell server, complete the following steps.
Note: The appliance interfaces are on the back of the device.
Note: System boot mode must be set to UEFI (default). Boot mode BIOS is not supported.
  1. Rack the RN Appliance.
  2. Connect the RN management interface port 1 to the management network.
  3. Log in via the serial port or SSH using the admin account name. The baud rate is 115200.
  4. Insert a bootable USB drive in the RN USB port.
    Refer to Appendix Creating a USB Boot Image to make a bootable USB drive.
  5. Power cycle the appliance.
  6. Press F11 to select the Boot Manager to allow booting from USB.
    Figure 4. System Boot Manager Screen
  7. Select One-shot BIOS Boot Menu.
    The Boot Manager screen is displayed in the following figure.
    Figure 5. Boot Manager Main Menu
  8. Select the USB drive.
    Figure 6. Boot Menu
  9. Respond to the system prompt to login in using the admin account: 
    recorder-node login: admin
(Press Control-C at any time to cancel and start over)
This product is governed by an End User License Agreement (EULA).
You must accept this EULA to continue using this product.
You can view this EULA from our website at:
https://www.arista.com/en/eula
Do you accept the EULA for this product? (Yes/No) [Yes] >
  10. Type Yes to accept the EULA, which is required to use the product. To view the EULA, type View, or refer to https://www.arista.com/en/eula.
    The system displays the following messages. 
    Running system pre-check
Finished system pre-check
Starting first-time setup
  11. Configure the recovery password. 
    Emergency recovery user password >
Emergency recovery user password (retype to confirm) >
Hostname > dmf-pr-740
  12. Configure IP addresses for the management network and DNS servers. 
    [1] IPv4 only
[2] IPv6 only
[3] IPv4 and IPv6
> 1
IPv4 address [0.0.0.0/0] > 10.9.32.21/24
IPv4 gateway (Optional) > 10.9.32.1
DNS server 1 (Optional) > 10.3.0.4
DNS server 2 (Optional) >
DNS search domain (Optional) > qa.arista.com
Administrator password >
Administrator password (retype to confirm) >
Controller address if deployment mode is preconfigured (L3 ZTN) (Optional) > 10.111.35.101
  13. If the RN is connected to the DMF Controller by a Layer 3 device (such as a router) in preconfigured (L3 ZTN) mode, enter the active DMF Controller's IP address.
  14. Configure the administrator password. 
    Administrator password >
Administrator password (retype to confirm) >
  15. Configure the NTP servers. 
    -----------
Default NTP servers:
- 0.bigswitch.pool.ntp.org
- 1.bigswitch.pool.ntp.org
- 2.bigswitch.pool.ntp.org
- 3.bigswitch.pool.ntp.org
NTP server options:
[1] Use default NTP servers
[2] Use custom NTP servers
[1] > 1
  16. Confirm the settings. 
    Please choose an option:
[ 1] Apply settings
[ 2] Reset and start over
[ 3] Update Recovery Password (*****)
[ 4] Update Hostname (dmf-pr-740)
[ 5] Update IP Option (IPv4 only)
[ 6] Update IPv4 Address (10.9.32.21/24)
[ 7] Update IPv4 Gateway (10.9.32.1)
[ 8] Update DNS Server 1 (10.3.0.4)
[ 9] Update DNS Server 2 (<none>)
[10] Update DNS Search Domain (qa.arista.com)
[11] Update Admin Password (*****)
[12] Update NTP Option (Use default NTP servers)
[1] >
The system displays the following messages.
[Stage 1] Initializing system
[Stage 2] Configuring local node
Waiting for network configuration
IP address on bond0 is 10.9.32.21
Generating cryptographic keys
[Stage 3] Configuring system time
Initializing the system time by polling the NTP servers:
0.bigswitch.pool.ntp.org
1.bigswitch.pool.ntp.org
2.bigswitch.pool.ntp.org
3.bigswitch.pool.ntp.org
[Stage 4] Configuring cluster
Cluster is already configured
First-time setup is complete!
  17. Press Enter to complete the configuration.

Initial Configuration - GUI

After completing the installation, refer to the DANZ Monitoring Fabric User Guide to configure and operate the Recorder.

GUI Procedure

Complete the following steps to use the DANZ Monitoring Fabric (DMF) GUI to configure the Recorder Node (RN).
  1. Select Monitoring > Recorder Nodes from the main menu and click the Provision control (+) icon.
    Figure 7. Add Recorder Node
  2. Enter the required details by specifying a Name and identifying the MAC address of the RN appliance NIC connected to DMF.
    Tip: Choose the MAC address from the selection list if it has been discovered.
    Figure 8. Provision Recorder Node
  3. Click Save.
  4. Click the Provision control (+) at the top of the Interfaces section and enter the required information.
    Figure 9. Add Interface
    Figure 10. Provision Recorder Node
  5. Type an identifying Name (required) for the RN interface.
  6. Select the Switch and Interface to use to record the received traffic.
  7. Click Save.

Initial Configuration - CLI

CLI Procedure

To use the DMF CLI to perform the basic Recorder Node (RN) configuration, complete the following steps.

  1. Assign a name to the RN. 
    (config)# recorder-node device bt-recorder3
  2. Set the MAC address of the RN. 
    controller-1(config-recorder-node)# mac 18:66:da:fb:6d:b4
    If the management MAC is unknown, you can determine it from the chassis ID of connected devices using the show connected-devices command.
    Note: The following output is truncated and edited for documentation purposes.
    controller-1> show connected-devices
# SwitchIF NameSPAN? Device NameDevice DescriptionChassis ID
-|-----------|----------|-----|------------|-------------------|-----------------|
1 filter-1ethernet1False localhostArista Networks EOS 2c:dd:e9:37:bf:47 
2 delivery-2ethernet1False localhostArista Networks EOS 2c:dd:e9:37:bf:47 
3 delivery-2ethernet43 False leaf1a 5c:16:c7:00:00:01 70:72:cf:c6:fe:f1 
4 delivery-2ethernet48 False qa-ibm-1 IBM NOS 74:99:75:69:f7:00
5 delivery-1ethernet1False leaf1a 5c:16:c7:00:00:01 70:72:cf:c6:fe:f1 
6 delivery-1ethernet2False leaf1a 5c:16:c7:00:00:01 70:72:cf:c6:fe:f1 
7 delivery-1ethernet3False leaf2a 5c:16:c7:00:00:01 70:72:cf:b5:e4:c0 
8 delivery-1ethernet4False leaf2a 5c:16:c7:00:00:01 70:72:cf:b5:e4:c0
9 delivery-1ethernet25 False dmf-rn-1 dmf-recorder-node 18:66:da:fb:6d:b4
  3. The RN is enabled by default. If you ever need to enable it, you can use the following command. 
    controller-1(config-recorder-node)# record
  4. Define the RN interface name. 
    controller-1(config)# recorder-fabric interface pr-intf-1
controller-1(config-recorder-fabric-interface)#
    Assign any alphanumeric identifier for the name of the RN interface, which changes the submode to config-recorder-fabric-interface.
  5. Assign a switch and interface and optionally provide a text description. 
    
controller-1(config-recorder-fabric-interface)# recorder-interface switch delivery-1 ethernet25
controller-1(config-recorder-fabric-interface)# description 'Delivery point for recorder node'
controller-1(config-recorder-fabric-interface)#
  6. Identify the RN interface by name in an out-of-band policy. 
    controller-1(config)# policy pkt-rec
controller-1(config-policy)# use-recorder-node pr-intf-1
  7. Configure the DMF policy to identify the traffic to send to the RN. 
    controller-1(config-policy)# 1 match any
controller-1(config-policy)# filter-interface sw1-fil1
controller-1(config-policy)# action forward
    The following example forwards all traffic received in the monitoring fabric on filter interface sw1-fil1 to the RN interface. 
    recorder-node device bt-recorder3
mac 18:66:da:fb:6d:b4 
recorder-fabric interface pr-intf-1 
description 'Delivery point for recorder node' 
recorder-interface switch delivery-1 ethernet25
policy pkt-rec 
action forward 
filter-interface sw1-fil1 
use-recorder-node pr-intf-1 
1 match any

Changing the Recorder Node Default Configuration

Configuration settings are automatically downloaded to the Recorder Node (RN) from the DANZ Monitoring Fabric (DMF) Controller, eliminating the need for box-by-box configuration. DMF supports overriding the default configuration for an RN from the config-recorder-node submode for any RN.
Note: Currently, these options are available only from the CLI and not in the DMF GUI.
To change the CLI mode to config-recorder-node, enter the following command from config mode on the active DMF Controller. 
controller-1(config)# recorder-node device <instance>

Replace instance with the alias for the Recorder Node. This alias is associated with the MAC hardware address using the mac command.

Use any of the following commands from config-recorder-node submode to override the default configuration for the associated Recorder node.
  • banner: Set recorder-node pre-login banner message
  • mac: Configure MAC address for recorder-node name
Additionally, the following configurations can be overridden to use values specific to the recorder node or used in merge mode along with the configuration inherited from the Controller.
  • ntp: Configure packet-recorder to override default timezone and NTP parameters
  • snmp-server: Configure packet-recorder SNMP parameters and traps
  • logging: Enable packet-recorder logging to the Controller
  • tacacs: Set TACACS defaults, server IP address(es), timeouts and keys
To configure the recorder node to override the configuration inherited from the Controller, execute the following commands at the config-recorder-node submode:
  • ntp override-global: Override global time config with packet-recorder time config
  • snmp-server override-global: Override global SNMP config with packet-recorder SNMP config
  • snmp-server trap override-global: Override global SNMP trap config with packet-recorder SNMP trap config
  • logging override-global: Override global logging config with packet-recorder logging config
  • tacacs override-global: Override global TACACS+ config with packet-recorder TACACS+ config
To configure the recorder node to work in a merge mode by merging its specific configuration with that of the Controller, execute the following commands at the config-recorder-node submode:
  • ntp merge-global: Merge global time config with packet-recorder time config
  • snmp-server merge-global: Merge global SNMP config with packet-recorder SNMP config
  • snmp-server trap merge-global: Merge global SNMP trap config with packet-recorder SNMP trap config
  • logging merge-global: Merge global logging config with -packet-recorder logging config

The TACACS+ configuration does not provide a command usable with the merge option: it can be inherited from the Controller or overridden to use only the recorder node-specific configuration.