virtual tech update - cisco · virtual tech update itd: intelligent traffic director nexus hardware...
TRANSCRIPT
![Page 1: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/1.jpg)
Virtual Tech Update
ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K)
Michael Petersen, Systems Engineer, Cisco Denmark
Mikkel Brodersen, Systems Engineer, Cisco Denmark
![Page 2: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/2.jpg)
Virtual Tech Update
ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K)
Michael Petersen, Systems Engineer, Cisco Denmark
Mikkel Brodersen, Systems Engineer, Cisco Denmark
![Page 3: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/3.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
1. ITD: An Introduction
2. New ITD capabilities in NxOS
3. ITD Deployment designs
4. Q&A
5. Nexus Hardware Update (7K,5K,2K)
6. Q&A
Agenda
![Page 4: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/4.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017 4
Intelligent Traffic Director : An introduction What ? Why ? How ? While today’s Network Switches and Routers have evolved to multi-terabit capacities, Network service appliances and servers are still limited to a few Gigabits of capacity. Scaling to support this traffic now brings an important requirement: High Capacity Traffic Distribution. Cisco Intelligent Traffic Director(ITD) bridges this gap by providing ASIC-based (hardware) Traffic distribution for Layer 3 and 4 services and applications using Cisco Nexus 5/6/7/9k switches.
![Page 5: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/5.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
WHAT is ITD ? Intelligent Traffic Director
Traffic distribution through
packet redirection
5
![Page 6: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/6.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
WHAT is ITD ?
• Traffic distribution and redirection
• ASIC based solution(HW-switched)
• Caters to multi-terabit traffic
• Works on Nexus switches – 9/7/6/5k
Intelligent Traffic Director
Note: ITD performs L3-L4 traffic distribution,but does not replace Layer-7 Load-balancers
6
![Page 7: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/7.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Where to use ITD ? (Examples)
Clients Servers
ITD to load-balance to the destination Example: Server-Load Balancing #1
7
![Page 8: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/8.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Where to use ITD ? (Examples)
Clients Firewalls/other appliances
ITD for In-line traffic redirection Example: Firewalls, Wan Acceleration Engines, Web Cache etc.
#2
Destination
8
![Page 9: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/9.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Why ITD ? Vs. Appliances
Line-Rate Traffic-distribution
Ease of deployment, reduced configuration
No service-module or external Appliance reqd.
Automatic Failure Handling
Intelligent Traffic Director
No service-module or external Appliance reqd.
Line-Rate Traffic-distribution
Automatic Failure Handling
Ease of deployment, reduced configuration
9
![Page 10: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/10.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Supported Platforms/Software Release
NX-OS 6.2(10)
Nexus 7000/7700 Series
Nexus 9000 Series
Nexus 5000/6000 Series
Version
NX-OS 7.0(3)I1(2)
Platform
NX-OS 7.1.1N1(1)
Enhanced L2
License
Network Services
Enhanced L2/Network Services
10
![Page 11: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/11.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
ITD – Configuration Components
• Configure Nodes (Service Appliances) • Configure Probes • Configure Standby(backyup nodes)
ITD Device-Group • Attach device-group • Configure Ingress-interface • Configure Virtual IP Address • Configure traffic filtering/selection • Configure Load-balancing options • Configure Failover options
ITD Service
11
![Page 12: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/12.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
ITD – Configuration Components (Sample)
Load-balance: Load-balancing options
Device-Group: Defines Nodes
Basic ITD configuration consists of :
ITD-Service Define ITD instances
Probes: Node Failure-detection
Virtual IP(VIP): Traffic Selection
Ingress Interface: L3 interface where traffic is expected
12
![Page 13: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/13.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
1. ITD: An Introduction
2. New ITD capabilities in NxOS
3. ITD Deployment designs
4. Q&A
5. Nexus7000 (M3)
6. Q&A
Agenda
![Page 14: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/14.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
ITD Capabilities
(Differences)
Nexus 5500 / 5600 / 6000 Nexus 7000 / 7700
Nexus 9000 14
![Page 15: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/15.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
ITD Updates on
Nexus 5500 / 5600 / 6000
15
![Page 16: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/16.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Nexus 5500/5600/6000 : 7.2(0)N1(1) ICMP Probe
Release 7.2(1)N1(1) on the N5k/6k/5600 introduces support for ICMP Probes for ITD.
Note: Currently only the ICMP Probe is supported on the N5/6k platforms. IP SLA is not required for this feature on the N5/6k
16
![Page 17: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/17.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
New ITD Capabilities
Nexus 7000 / 7700
17
![Page 18: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/18.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
• IPv4 control Probe for IPv6 Node
• Node-level Probe
• Exclude-ACL
• ITD-Destination NAT for Server load-balancing
• Multiple device-groups per ITD-Service
Enhancements introduced in previous release: 6.2(10) - Weighted load-balancing - Node-level standby - L4-port load-balancing - Sandwich mode node-state sync
across VDC’s on same device. - DNS Probe - Start/Stop/Clear ITD Stats - VRF Support
Nexus 7000/7700 : NxOS 7.2 Enhancements
18
![Page 19: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/19.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
• Health Monitoring for IPv6 nodes is now
possible with IPv4 Probes. • As a result, the nodes need to be IPv4-IPv6
dual-stacked. • Only probes are IPv4. IPv6 traffic is still
handled by ITD. itd device-group IPv6-Nodes node ipv6 2001:db8::10:1:1:1 probe icmp ip 192.168.10.11 node ipv6 2001:db8::10:1:1:2 probe icmp ip 192.168.10.12
IPv6 Node IPv4 Probe
With this feature, IPv6 ITD can now support failure-handling of nodes.
Nexus 7000/7700 : 7.2(0)D1(1) IPv4 probe for IPv6 Node
19
![Page 20: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/20.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Node-level Probing allows each node to be configured with its own probe for further customization. itd device-group Servers node ip 192.168.1.10 probe icmp frequency 10 retry-down-count 5 node ip 192.168.1.20 probe icmp frequency 5 retry-down-count 5 node ip 192.168.1.30 probe icmp frequency 20 retry-down-count 3
Per-node Probes
Prior to this feature probe-configuration was done at the device-group level.
Node-level probes are useful in scenarios where each node has to be
monitored differently for failure conditions.
For Ex. IPv6 device-groups need specific IPv4 probes per-node.
Nexus 7000/7700 : 7.2(0)D1(1) Node-Level Probe
20
![Page 21: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/21.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Exclude-ACL specifies traffic that will bypass ITD. Traffic selected by the Exclude-ACL will get RIB-Routed without ITD functionality. Itd Service_Test device-group test-group ingress interface Vlan10 exclude access-list ITDExclude no shut ip access-list ITDExclude 10 permit ip 5.5.5.0 255.255.255.0 any 20 permit ip 192.168.100.0 255.255.255.0 192.168.200.0
Note: Ø The Exclude ACL supports only
“permit” statements. Ø Traffic that is matched by a Permit-
ACE in Exclude-ACL bypasses ITD. Exclude Access-list
Exclude example: Developer-VLANs and Testbed-VLANs not needing Firewall
inspection can bypass ITD.
Nexus 7000/7700 : 7.2(0)D1(1) Exclude ACL
21
![Page 22: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/22.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
• ITD now supports Server-Load Balancing using NAT on Nexus 7000/7700
• Traffic from the Client-IP -> VIP is translated to the real IP addresses of the servers.
• Without ITD, external load-balancers are required for this functionality.
Prior to ITD-NAT, SLB was possible only using DSR mode which required VIP
configuration on the Servers.
Nexus 7000/7700 : 7.2(1)D1(1) ITD-Destination NAT for SLB
22
![Page 23: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/23.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Clients
Device-group 1 Device-group 2
Destination
• With this feature, a single ITD-Service can have multiple Device-groups in it.
• Each Device-group is separated/filtered via its Virtual-IP address/range.
• An ITD service still generates one route-map, with different sequences pointing to different device-groups
Nexus 7000/7700 : 7.2(1)D1(1) Multiple device-groups per Service
23
![Page 24: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/24.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
• Caters to different types of traffic requiring different services, but arriving on the same ingress-interface
• VIP-address is used to differentiate between
the different device-groups.
• Supporting multiple device-groups per service on the same interface allows ITD to scale.
Nexus 7000/7700 : 7.2(1)D1(1) Multiple device-groups per Service
Web Servers Auth Servers
Example with Multiple device-groups
24
![Page 25: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/25.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
• Include-ACL for traffic selection
• Optimized Node insertion/removal
Nexus 7000/7700 : 7.3(0)D1(1) Enhancements
25
![Page 26: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/26.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
• VIP can only match Destination fields(IP/
Ports). Source fields cannot be matched/filtered by VIP.
• “Include ACL” feature defines a user-defined ACL for selecting traffic requiring ITD-redirection. VIP does not use Source-IP or Src-Port
numbers. For traffic-selection requiring Src(or) {Src & Dst} filtering, ITD-IncludeACL feature is used.
Nexus 7000/7700 : 7.3(0)D1(1) Include-ACL for traffic selection*
* Refer 7.x configuration guide for guidelines and limitations
26
![Page 27: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/27.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
• Allows users to add or remove nodes when ITD service is UP.
• Maintains an intermittent state of nodes when nodes are deleted or added.
• Buckets are reprogrammed once user has completed node addition/removal.
• Currently once ITD service is created, adding or removing node requires the service to be in shut state
• Shutting down ITD service will cause 100% packet loss
Nexus 7000/7700 : 7.3(0)D1(1) Optimized node Insertion/Removal
27
![Page 28: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/28.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
ITD on Nexus 9000
28
![Page 29: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/29.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Supported N9K Platforms: 9300: Cisco Nexus 9332PQ, 9372PX, 9372TX, 9396PX, 9396TX, 93120TX, and 93128TX 9500: X9432PQ, X9464PX, X9464TX, X9536PQ, X9564PX, X9636PQ, and X9564TX line cards License: N93-SERVICES1K9 N95-SERVICES1K9
Nexus 9000: 7.0(3)I1(2) ITD features
* - Not an exhaustive list
29
![Page 30: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/30.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
• Include-ACL for traffic selection • Non-disruptive add/delete (new nodes) • Multiple device-groups • TCP, UDP, DNS Probes • Node-state Synchronization between services • Support for 40G ports Roadmap Features under evaluation: • Destination-NAT SLB • IPv6 ITD support • L2 mode ITD • N3k/92XX support • HTTP support
Nexus 9000: Recent feature additions
Note: Roadmap Items are tentative only
30
![Page 31: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/31.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
* Based on latest releases in each train # For exhaustive list, refer ITD configuration guides in reference slide
SR Feature N5K N7K N9K 7.2* 6.2* 7.2* 7.3 7.0(3)I3
1 IPv4 L3/L4 Traffic Distribution Yes Yes Yes Yes Yes 2 IPv6 L3/L4 Traffic Distribution No Yes Yes Yes No 3 Weighted load-balancing Yes Yes Yes Yes Yes 4 IP Persistence Yes Yes Yes Yes Yes 5 Traffic Distribution with destination NAT No No Yes Yes No 6 Probe - ICMP Yes Yes Yes Yes Yes TCP/UDP No Yes Yes Yes Yes IP SLA based No Yes Yes Yes Yes HTTP No No No TBD No 7 Exclude feature (ACL to deny traffic) No Yes Yes Yes Yes 8 VRF support for ITD service Yes Yes Yes Yes Yes 9 Include ACL (ACL to select traffic) No No No Yes Yes
10 Non-disruptive add/delete node No No No Yes Yes 11 DCNM Support No Yes Yes Yes -
ITD Feature Matrix across N5/6/7/9k#
31
![Page 32: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/32.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Agenda
1. ITD: An Introduction
2. New ITD capabilities in NxOS
3. ITD Deployment designs
4. Q&A
5. Nexus Hardware Update (7K,5K,2K)
6. Q&A
32
![Page 33: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/33.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
ITD: Deployment Designs
33
![Page 34: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/34.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
ITD Use-cases
• Server Load balancing • Server farms, Application servers,
Web Servers
• Services Load balancing, Clustering • Firewall, IDS, IPS, L7 Server LB,
WAF, VDS-TC (Transparent Caching)
• Traffic Steering, Redirection • Web accelerator Engine (WAE), Web
Caches, Web Proxy
34
![Page 35: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/35.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
• Application requests are Load-balanced across multiple servers.
• In the Direct Server Return(DSR) mode, the Servers respond back to the clients directly without involving the load-balancing system.
• In Destination NAT method, ITD performs NAT + load-balancing towards the Servers.
Clients
APPLICATION
Server-N
Server-2
Server-1
Server Load-Balancing (SLB)
35
![Page 36: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/36.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Typical Deployment of ITD for SLB-DSR
• All Servers are configured with the VIP as the Loopback IP address(same on all servers).
• Client sends packet to VIP. ITD load-balances these requests to different servers.
ITD – SLB with DSR mode
36
![Page 37: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/37.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
With SLB-NAT using ITD, NAT + ITD redirection is done on the Nexus switch.
Clients Virtual-IP
ITD-NAT
ITD Real Servers NAT
SLB-Destination NAT with ITD
ITD – SLB with Destination NAT
37
![Page 38: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/38.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Client-1: 10.1.1.10 Server-1: 30.1.1.10
VIP: 20.1.1.10
Src IP 10.1.1.10
Dst IP 20.1.1.10
Src IP 10.1.1.10
Dst IP 30.1.1.10
ITD-NAT address translation
NAT
Src IP 20.1.1.10
Dst IP 10.1.1.10
Src IP 30.1.1.10
Dst IP 10.1.1.10
Client -> Server
Client ß Server NAT
Unlike DSR mode, ITD Destination-NAT requires no separate
configuration on the servers. This makes it easier for deploy for
SLB applications.
ITD – SLB with Destination NAT
38
![Page 39: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/39.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Guidelines and Limitations:
Ø NAT-SLB with VIP-Port is also supported. Ø NAT Functionality is limited to ITD for SLB, not for Carrier-
grade NAT as a feature itself.
Ø Only Destination-NAT is supported.
Ø Currently only supported on Nexus 7000/7700
Ø Note: For the return-traffic, the next-hop on the Nexus Switch needs to be manually configured within ITD.
ITD – SLB with Destination NAT
39
![Page 40: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/40.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Summary • HW based L3-L4 Traffic-distribution
Solution • No additional overheads to forwarding • Multi-Terabit solution • Health Monitoring and Node Failover • Appliance agnostic
• CAPEX & OPEX savings • Scalable to high traffic loads • Easier manageability
• ASA, Firewalls, Security Appliances • Server Load-balancing • WAN acceleration/HTTP/Web Services • Video Caching Services
ITD Summary
ITD Benefits ITD Benefits
40
![Page 41: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/41.jpg)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKDCT-1017
Agenda
1. ITD: An Introduction
2. New ITD capabilities in NxOS
3. ITD Deployment designs
4. Q&A
5. Nexus Hardware Update (7K,5K,2K)
6. Q&A
41
![Page 42: Virtual Tech Update - Cisco · Virtual Tech Update ITD: Intelligent Traffic Director Nexus Hardware Update (7K/5K/2K) Michael Petersen, Systems Engineer, Cisco Denmark Mikkel Brodersen,](https://reader036.vdocuments.us/reader036/viewer/2022063023/5feb70618bbde74ae6552b5a/html5/thumbnails/42.jpg)
Thank you.