Cisco Intelligent Traffic Director (ITD) is a zero latency multi-terabit layer 4 load-balancer available on 5k/6k/7k/9k. It has support for traffic steering and clustering solution on the Nexus series of switches.
ITD allows customers to deploy servers and appliances from any vendor with no network or topology changes. With a few simple configuration steps on a Cisco Nexus switches, customers can create an appliance or server cluster and deploy multiple devices to scale service capacity with ease. The servers or appliances do not have to be directly connected to the Cisco Nexus switch. ITD takes load balancing decision in a single clock cycle of the switching hardware, Hence avoiding latency altogether.
ITD supports IP-stickiness, resiliency, NAT (EFT), VIP, health monitoring, sophisticated failure handling policies, N+M redundancy, IPv4, IPv6, VRF, weighted load-balancing, bi-directional flow-coherency, and IPSLA probes including DNS. There is no service module or external appliance needed.
ITD provides order of magnitude CAPEX and OPEX savings for the customers. ITD is available on Nexus 7000/7700 series in NX-OS 6.2(10) or later. It is available for demo/EFT on Nexus 5k/6k/9k. ITD is much superior than legacy solutions like PBR, WCCP, ECMP, port-channel, layer-4 load-balancer appliances.
Note:- ITD is not a replacement for L7 load balancers
Tags: Cisco Nexus 9000, ITD, latency, load balancer, nexus, Nexus 7000 Series Switches, Nexus 9000 Series Switches, performance
Given the tremendous interest in VXLAN with MP-BGP based EVPN Control-Plane (short EVPN) at Cisco Live in Milan, I decided to write a “short” technology brief blog post on this topic.
VXLAN (IETF RFC7348) has been designed to solve specific problems faced with Classical Ethernet for a few decades now. By introducing an abstraction through encapsulation, VXLAN has become the de-facto standard overlay of choice in the industry. Chief among the advantages provided by VXLAN; extension of the todays limited VLAN space and the increase in the scalability provided for Layer-2 Domains.
Extended Namespace – The available VLAN space from the IEEE 802.1Q encapsulation perspective is limited to a 12-bit field, which provides 4096 VLANs or segments. By encapsulating the original Ethernet frame with a VXLAN header, the newly introduced addressing field offers 24-bits, thereby providing a much larger namespace with up to 16 Million Virtual Network Identifiers (VNIs) or segments.
While the VXLAN VNI allows unique identification of a large number of tenant segments which is especially useful in high-scale multi-tenant deployments, the problems and requirements of large Layer-2 Domains are not sufficiently addressed. However, significant improvements in the following areas have been achieved:
- No dependency on Spanning-Tree protocol by leveraging Layer-3 routing protocols
- Layer-3 routing with Equal Cost Multi-Path (ECMP) allows all available links to be used
- Scalability, convergence, and resiliency of a Layer-3 network
- Isolation of Broadcast and Failure Domains
IETF RFC7348 – VXLAN: A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks
Scalable Layer-2 Domains
The abstraction by using a VXLAN-like overlay does not inherently change the Flood & Learn behavior introduced by Ethernet. In typical deployments of VXLAN, BUM (Broadcast, Unicast, Multicast) traffic is forwarded via layer-3 multicast in the underlay that in turn aids in the learning process so that subsequent traffic need not be subjected to this “flood” semantic. A control-plane is required to minimize the flood behavior and proactively distribute End-Host information to participating entities (typically called Virtual Tunnel End Points aka VTEPs) in the same segment – learning.
Control-plane protocols are mostly employed in the layer-3 routing space where predominantly IP prefix information is exchanged. Over the past years, some of the well-known routing protocols have been extended to also learn and exchange Layer-2 MAC addresses. An early technology adoption with MAC addresses in a routing-protocol was Cisco’s OTV (Overlay Transport Virtualization), which employed IS-IS to significantly reduce flooding across Data Center Interconnects (DCI).
Multi-Protocol BGP (MP-BGP) introduced a new Network Layer Reachability Information (NLRI) to carry both, Layer-2 MAC and Layer-3 IP information at the same time. By having the combined set of MAC and IP information available for forwarding decisions, optimized routing and switching within a network becomes feasible and the need for flood to do learning get minimized or even eliminated. This extension that allows BGP to transport Layer-2 MAC and Layer-3 IP information is called EVPN – Ethernet Virtual Private Network.
EVPN is documented in the following IETF drafts
Integrated Route and Bridge (IRB) – VXLAN-EVPN offers significant advantages in Overlay networking by optimizing forwarding decision within the network based on Layer-2 MAC as well as Layer-3 IP information. The decision on forwarding via routing or switching can be done as close as possible to the End-Host, on any given Leaf/ToR (Top-of-Rack) Switch. The Leaf Switch provides the Distributed Anycast Gateway for routing, which acts completely stateless and does not require the exchange of protocol signalization for election or failover decision. All the reachability information available within the BGP control-plane is sufficient to provide the gateway service. The Distributed Anycast Gateway also provides integrated routing and bridging (IRB) decision at the Leaf Switch, which can be extended across a significant number of nodes. All the Leaf Switches host active default gateways for their respective configured subnets; the well known semantic of First Hop Routing Protocols (FHRP) with active/standby does not apply anymore.
Summary – The advantages provided by a VXLAN-EVPN solution are briefly summarized as follows:
- Standards based Overlay (VXLAN) with Standards based Control-Plane (BGP)
- Layer-2 MAC and Layer-3 IP information distribution by Control-Plane (BGP)
- Forwarding decision based on Control-Plane (minimizes flooding)
- Integrated Routing/Bridging (IRB) for Optimized Forwarding in the Overlay
- Leverages Layer-3 ECMP – all links forwarding – in the Underlay
- Significantly larger Name-Space in the Overlay (16M segments)
- Integration of Physical and Virtual Networks with Hybrid Overlays
- It facilitates Software-Defined-Networking (SDN)
Simply formulated, VXLAN-EVPN provides a standards-based Overlay that supports Segmentation, Host Mobility, and High Scale.
VXLAN-EVPN is available on Nexus 9300 (NX-OS 7.0) with Nexus 7000/7700 (F3 linecards) to follow in the upcoming major release. Additional Data Center Switching platforms, like the Nexus 5600, will follow shortly after.
A detailed whitepaper on this topic is available on Cisco.com. In addition, VXLAN-EVPN was featured during the following Cisco Live! Sessions.
Do you have appetite for more? Post a comment, tweet about it and have the conversation going … Thanks for reading and Happy Networking!
Tags: #CLEUR, Cisco, cisco live, Cisco Nexus, Cisco Nexus 9000, data center, EVPN, ietf, network, nexus, rfc7348, SDN, VXLAN
The increasing pace of business is creating high demand for IT efficiency and speed.
IT directly affects your ability to respond correctly and quickly to new opportunities. Slow IT equates to slow business.
The latest release of Cisco UCS Director allows IT to automate the deployment of infrastructure delivering the speed and efficiency IT needs in order to support business demands.
Not familiar with Cisco UCS Director? Briefly, this solution reduces data center complexity by replacing manual provisioning tasks with unified automated workflows that span compute, network, storage and virtualization. But this solution doesn’t manage just Cisco products. It unites Cisco UCS-based integrated infrastructures and third-party hardware solutions into a single management view to ensure maximum IT efficiency. Heterogeneous management is just one of the features that makes Cisco UCS Director different. You can learn more by going here. Read More »
Tags: cloud, FlexPod, infrastructure automation, nexus, orchestration, UCS, ucs director, Vblock, vcac, VMware, vspex
The connections between your business success and data center efficiency have never been clearer or stronger. Delivering data center resources quickly to capitalize on new business opportunities or projects is a major factor for business success. The only way to expedite resource delivery is by replacing manual processes with repeatable, best-practice-based automated service consumption and delivery.
So what is getting in the way?
The first problem is inconsistent delivery of standardized infrastructure instances. Many solutions on the market today only manage virtual resources while others just support their proprietary hardware stack. Automation needs to be across all layers – and that includes networks. I believe the only way to achieve the speed and efficiency businesses desire is to manage your entire heterogeneous data center as a unified whole — holistically. Read More »
Tags: automation, FlexPod, infrastructure, nexus, orchestration, Prime Service Catalog, self-service delivery, UCS, ucs director, VACS, Vblock, vcac, vCloud Suite, VMware, vspex
To celebrate 30 years of innovation at Cisco (#We are Cisco), we’ve asked Cisco Champions what they think is the most important Cisco innovation to date. Cisco Champions are seasoned IT technical experts and influencers who enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The Cisco Champions program encompasses different areas of interest, such as Data Center, Internet of Things, Enterprise Networks, Collaboration and Security. Cisco Champions are located all over the world.
(Cisco Champions are not representatives of Cisco. Their views are their own)
Here are their top answers.
Cisco Nexus Series
The most important innovation for me is the Data Center Networking Solution with Nexus Portfolio N2K, N5K, N7K, and N9K, that allows us to address all challenges for our customers. I really appreciate the new campus solution based on C6800 with IA switches which uses the same technology as FEX. It really simplifies architecture and reduces OPEX with a single point of management.
Network Consulting Engineer
@BBordereau Read More »
Tags: #ciscochampion, Cisco Certification, Cisco UCS, nexus