Remote Integrated Service Engine (RISE) is a new protocol being added to the Nexus 7000 and 7700 platforms through NX-OS (software upgradeable to existing devices), that integrates service appliances to be attached to Nexus 7000 Series switches with the same benefits as if the appliance was directly connected to the switch backplane, as if it were a dedicated service module. Cisco RISE establishes a communication path between the network data plane and the service appliance, simplifying deployments and optimizing data paths with better traffic visibility within the data center.
Initially, Citrix NetScaler Application Delivery Controllers (ADC) and the Cisco Prime Network Analysis Module (NAM) are the first services appliances that have integrated with RISE, and have been tested and Certified as “RISE-enabled”. With the announcement of RISE, we expect to develop an ecosystem of partners that will work with Cisco to take advantage of this technology, including other application services vendors and firewalls.
The service appliances (e.g., Citrix NetScaler and Cisco Prime NAM) are directly attached by standard network cable to RISE-configured ports on the Nexus 7000 Series switches in a typical virtual Port Channel (VPC) deployment. Appliances can also be attached in indirect mode through any switched (Layer 2) network. Either scenario (direct or indirect connection) allows for device and data path redundancy for fault tolerance.
There are several management advantages to connecting service nodes through RISE. First, RISE can be configured through the Nexus management console or management platform. However, the specific service appliance features are still configured using the existing device management tools. This ensures separation of duties between the networking and security or application teams, as well as eliminating any additional management complexity from the RISE connection.
“RISE offers a unique ability to tightly couple Nexus 7000 Series switches and Service Appliances within the Data Center. We believe that this integration will provide the business agility from an operational and deployment perspective that Data Center engineers have been looking for to reduce the time it takes to instantiate new or modify existing services. Data-path optimization through the use of Auto-PBR (Policy Based Routes) will relieve the need for manual modifications during add/moves/changes and improve network traffic visibility for the Security/Server administrator.” — Joe Weber, Technical Solutions Architect, World Wide Technology
A key use case for RISE is for Application Delivery Controllers that are connected in one-arm mode (out of band to the main flow of switch traffic), which alleviates the ADC from being a bottleneck, and allows the ADC to process only traffic that is applicable. However, admins frequently have to manually configure policy-based routes to direct traffic to the ADC, as well as preserve all proper addressing to reverse the inbound path back to the client, which is a tedious process for each new application service, and prone to human error. RISE integration solves this problem with automated policy-based routing (PBR), where the ADC can simply obtain the Cisco Nexus switch parameters it needs to automatically implement the routes dynamically, as new services are provisioned. This significantly simplifies application scaling and cloud deployments by automating the addition and deletion of routes as additional workloads are brought online.
Some key advantages of RISE integration with Citrix NetScaler include:
- Simplified provisioning: Auto-discovery and bootstrap capabilities reduce administrator involvement for NetScaler ADC direct-mode implementations from 30 steps to 8 steps.
- Data-path optimization: Administrators can use Cisco RISE capabilities to configure a broad range of ADC device features to automate and optimize delivery of network services and traffic through the core switch.
- ADC off-load: Cisco RISE integration frees Citrix NetScaler resources from having to manage ADC flows to help ensure that they are routed back through Citrix NetScaler. This feature enables more customers to adopt one-arm configurations, which allows better sizing and scaling of Citrix NetScaler, while preserving client visibility at the application layer.
- Enhanced application availability: Real-time route updates between Citrix NetScaler and the Cisco Nexus 7000 Series Switch eliminate route black-holing when application failures occur. By enabling Citrix NetScaler to deliver route health updates to the Cisco Nexus 7000 Series Switch through Cisco RISE, the solution allows customers to more easily deploy shared services within and across data centers at a significantly reduced cost of operation with greater availability than ever before.
- Integrated multi-tenancy support: Cisco RISE integration spans multi-tenancy features on both platforms: virtual device contexts (VDCs) on Cisco Nexus 7000 Series Switches, and the capability to run up to 80 independent Citrix NetScaler instances on a Citrix NetScaler SDX appliance, and up to 16 RISE clients on NetScaler VPX or MPX. This feature provides comprehensive flexibility to support multitenant scenarios, including the capability to set up Cisco Nexus VDCs and Citrix NetScaler instances in one-to-many, many-to-one, and a countless variety of many-to-many configurations.
- Significant CapEx and OpEx savings: RISE provides enhanced data path optimizations and simplified provisioning that allows customers to witness significant CapEx and OpEx savings thereby providing business continuity and cost reduction.
- Reduced Total cost of Ownership (TCO): Fully integrated with Nexus 7000 switches, RISE fosters simplified manageability, automated operation and increased utilization of application delivery resources.
- Enhanced business resiliency: RISE helps accelerate the speed of application deployment and provides business agility using components that respond in real time to dynamic application requirements and newly provisioned resources.
RISE is available for customers in NX-OS release 6.2(8) on the Nexus 7000 and 7700 platform, currently scheduled for April, 2014, and requires the ENHANCED LAYER2 PKG license.
Qualified technology partners (appliance vendors) can join the RISE program to license RISE technology, receive an SDK and documentation, and engage in nominal joint development work with Cisco. The annual program fees also cover product testing, certification of the partner’s product as RISE-Enabled, and various marketing benefits. Integration inquiries and specifics of the RISE partner program can be directed to
rise-eco@cisco.com.
For more information:
RISE: http://cisco.com/go/rise
Nexus 7000: http://cisco.com/go/nexus7000
Citrix NetScaler: http://www.citrix.com/products/netscaler-application-delivery-controller/overview.html
Cisco Prime NAM: http://cisco.com/go/nam
General RISE inquiries: mailto:rise-info@cisco.com
I have two questions:
Firstly I’m curious about what the following statement means, “With the announcement of RISE, we expect to develop an ecosystem of partners that will work with Cisco to take advantage of this technology, including other application services vendors and firewalls.”
Does this mean for example potentially that non-Cisco firewalls could take advantage of this technology?
Secondly I seek clarity as to what version of NX-OS is required to use RISE. The blog states 6.2(8), however the installation guide states 6.2.2a: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/riseNetscaler/install_and_cfg/guide/riseicg/RS_instl.html#wpxref40281
Regarding the ecosystem for RISE, yes, we are working with third-parties in several appliance categories to leverage RISE. That includes non-Cisco firewalls. The development partnership includes some nominal software development to connect third-party appliances to RISE, and we offer development support to help make it happen. Obviously Citrix NetScaler is an example of a third party ADC to support RISE and we expect third party FW’s at some point.
6.2.8 is the right release, which is brand new this month. I admit that the spec sheet is confusing and we will look to update that.
A third follow up question, are there any limitations as to which module can be used to terminate a RISE connection? Do all F and M modules support this technology?
If I understand the question correctly, their are a limited number of external appliances that can connect to the 7K through RISE. Today these are any NetScaler appliance (physical or virtual) and Cisco Prime NAM. But we expect that list to grow as other products do the RISE integration.
Thanks Gary for the clarification.
What I meant was that certain I/O modules on the Nexus 7Ks support certain feature sets. For example OTV is not supported on all F series I/O modules.
Having read the config guide however it appears that you can configure this feature on all I/O modules.
Another follow up question if I may. I read the RISE whitepaper here: http://www.cisco.com/c/dam/en/us/products/collateral/switches/nexus-7000-series-switches/at-a-glance-c45-731306.pdf and it states that you can integrate RISE with VPC. Are you able to reveal if there are any plans for RISE to be supported in a FabricPath or vPC+ topology?
Thanks again
Sean
Hi Sean,
As you have noticed correctly, RISE can be configured with all I/O modules.
RISE can be integrated with vPC but other scenarios are under investigation.
I would encourage you to get in touch with me directly so I can better understand your deployment environment.
Where did you get those purple Visio stencils? And where can I get them?
Hi Gary,
If I’m reading this correctly, the following doc suggests that you only need the LAN Advanced Services and LAN Enterprise Services licenses.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/riseNetscaler/install_and_cfg/guide/riseicg/RS_instl.html
“Base (enables basic feature set)
Enterprise Services (enables RISE feature integration, Layer 3 routing protocols, IP multicast, policy-based routing (PBR), GRE and NetFlow in Cisco NX-OS)
Advanced Services (required for running Layer 3 routing protocols and using Virtual Device Contexts (VDCs); enables use of VDCs and CTS in Cisco NX-OS)”
You really have to buy the Fabricpath license also?
Thanks,
John
Hello John,
Initially RISE simplified provisioning for a single Nexus 7000 was included within the base license.
In NX-OS 6.2(8) we have greatly enhanced RISE to include VPC support, APBR for Citrix NetScaler including the NetScaler 1000v, and added the Cisco Prime NAM products as additional RISE clients. We have also removed RISE from the base NX-OS license. As of NX-OS 6.2(8) RISE will be included within the ENHANCED_LAYER2_PKG license.
I agree the older documentation is a bit confusing, we will ensure it is cleared up with the NX-OS 6.2(8) release.
Derek
Thanks or the quick reply Derek.
I just hoped it would have been included in the LAN Enterprise Services package as it seems like more of a L3 technology with APBR,RHI etc.
Looks like a really useful feature anyway.
John
Hi Derek,
I’m pretty sure that the vpc keyword was available in 6.2.2a which the doc references. The config was fine until I upgraded to 6.2.6a for F3 support. Was APBR not supported on 6.2.2a also?
Can I please ask why this feature has been included in the same license as fabricpath?
It would make sense for customers deploying 7K’s and Netscaler’s to have the L3 license at the aggregation layer. I don’t understand why Cisco would pair two seemingly unrelated technologies under the same license? (Excluding sales).
It seems quite an outlay to implement this feature only, as FP would require licensing for all Switches in addition to the 7K’s.
Thanks,
John
Hi John,
The updated config guide will be posted shortly. Please use NX-OS release 6.2(8) for the latest feature updates on RISE.
Regarding the license, we wanted to remove complexity and make it simple to deploy while ensuring the same license is available across Cisco Nexus 7000 Series Switches.
Hope that helps,
Subhav
Thanks Subhav.
I’ll upgrade and take a look at the updated guide.
Cheers,
John
Hi Derek,
Iwonder if you could clarify whether when utilising the capabilities of CISCO RISE you are able to configure
seperate Nexus 7000 switches each with a Netscaler ADC’s as an Citrix Active – Active Triscale Cluster and implement Spotted IP’s to determine the preferred load balancer
thanks if you can assist with this as I have looked everywhere for clarification and can only find an October 2013 article stating HA is Active Passive when using RISE
In terms of support for 3rd party appliances, are Cisco in a position to disclose and publish a roadmap for the coming year?
Geoff, unfortunately we aren’t in a position to talk about potential partners until they are ready to be announced.