ITD : Scalable load distribution

solution with Nexus Switches

Samar Sharma, Principal Engineer
Rajendra Kumar Thirumurthi, Technical Leader
BRKSPV 1113

Agenda

Problem statement

ITD features, advantages

ITD use cases, Deployment Modes

Configuring ITD, Supported Platforms

Case-studies, Demo

Summary

Problem Statement

Increasing traffic
Global IP Video in PB
50

49.9
38.4

45
40
35
30
25

29.6
22.8

20

EMEA
8.0 PB
35%

APJC
8.3 PB
36%

NAM
6.5 PB
29%

15
10
5
0
2014

2015

2016

2017

Over of the
Internet is Video
IP Video traffic will
more than double in
3 years
Source Cisco VNI

Expanding network functionality

DC, SP, Video customer base is

growing

Themes are cloud, multi-tenancy,

SDN, NFV, Fabric solutions

Increase in on-demand
provisioning, elasticity
requirements

Services deployment
Todays deployments use
servers/appliances such as Video
servers, FW, IPS, IDS, Video
Caches, WAE.

For various networks:

Video delivery

Content delivery

Data traffic networks

Servers/Appliances are not scalable

Traffic growing dynamically

Requires scaling of solution

Todays theme is scale-out solution

Todays solutions do not scale

Online Video on TV /STB

Hard to manage
Not easy to troubleshoot
Need extra capacity

Multi-screen Video

Intelligent Traffic Director (ITD)

ITD : Intelligent Traffic Director

Hardware based L3, L4 load balancing solution

Every Nexus 5k/6k/7k/9k port, can be used for load balancing

Traffic redirection to any devices

No service module needed

Wire-speed solution

Simple to configure, easy to deploy

Servers/Appliances need not be directly connected to Nexus switch

ITD : Intelligent Traffic Director

Redirect

Loadbalance

ACL to
select traffic

ITD

Clients

Select the
traffic destined
to VIP

Po-5

Po-6

Po-7

Po-8

Video-cache/CDN (could be any appliance/server)

ITD features, advantages

ITD: Multi-terabit LB key features

20.20.20.2

IP stickiness, resiliency (like resilient-ECMP)

Load balancing based on L3 address, L4 Protocol, Port

Weighted Load balancing

Health monitoring and automatic failure handling

e 3/1

Simultaneous ACL, redirection and load balancing

e 3/2

NAT (EFT), allows non-DSR deployments

High availability, N+M redundancy

Both IPv4 and IPV6, VRF aware

ITD

Loadbalancing VIP:
210.10.10.100
TCP 80

20.20.20.3

20.20.20.4

20.20.20.5

ITD Advantages

Zero-touch appliance deployment

No certification, integration with vendor appliances

Supports heterogeneous appliances

No load on CPU, less TCAM utilization

Not dependent on HW architecture

ITD Advantages (contd.)

CAPEX savings: wiring, power, rack space, appliance cost

Automatic failure handling and recovery

Seamless migration to new Nexus switches

Transparent to end devices

Simplified provisioning, easy to deploy

ITD Use Cases

ITD Use cases

Server Load balancing

Services Load balancing, clustering

Server farms, Application servers, Web

Servers
Firewall, IDS, IPS, L7 Server LB, WAF,
VDS-TC (Transparent Caching), WAE

Traffic Steering, Redirection

Web accelerator Engine (WAE), Web

Caches

Replace PBR, ECMP, Port-channel

Professional Media Networks

(PMN/AVB)

Scalable NFV using ITD

Load-Balancer as a Service (LBaaS)
L3/L4
server loadbalancing

Supports 10G, 40G, and 100G interfaces

Application/Service scaling without additional
hardware

Multi-Tbps
firewall
cluster

Server Load-Balancing
Traffic re-direction
Multi-Tbps Firewall
Significant CAPEX and OPEX reduction

Web-cache,
video-cache,
WAE

Supported on all existing hardware

Investment Protection: Supported on all LCs, Sups and Chassis

ITD Comparison with Port-chan., ECMP, PBR

Feature/Benefit

Port Channel

ECMP

PBR

ITD

Link Failure detection

Appliance/server failure detection

Weighted load-balancing

VIP, advertisement

Hot standby support: N+M HA

Quick failure detection/recovery

Max # of nodes for scaling

16

16

16

256

Ease of configuration, troubleshooting

(complex)

(complex)

(complex)

(simple)

Deployment complexity
Avoid Traffic Black-holing in Sandwich

ITD Server Load balancing

Traditional load-balancers can support ~100G

Traditional load-balancers are expensive

Large DC/SP need multi-terabit LB

Server migration from 1G to 10G

Server health monitoring, failure/recovery

Weighted load balancing

ITD Comparison with traditional load balancer

Feature/Benefit

Traditional L4 loadbalancer

ITD

Number of moving parts

External appliance needed

No appliance or service
module needed

Hardware

Typically Network processor

based

ASIC based

10G Server migration

Doesnt scale

Scales well

Bandwidth

~100 Gb

~20 Tb

User can specify which bits to use

for load-balancing

Typically No

Yes

ACL + VIP + Redirection + LB

Performance Degradation

Wire-speed

Customer support needs to look at

switch only, or both the switch and
appliance

Both

Switch only

Wiring, Power, Rackspace, Cost

Extra

Not needed

ITD with Web Accelerator Engines

Appliance vendors try to redirect using WCCP or PBR. Both models have
deficiencies

WCCP Solution drawbacks:

1.
2.
3.
4.
5.
6.
7.
8.

Appliance has to support WCCP

Explosion in the number of TCAM entries
Complex protocol
Troubleshooting involves both switch and appliance
Cannot choose the load-balancing method
Appliances have to be aware of health of other appliances.
Supervisor CPU utilization becomes high
WCCP not supported on N9k.

ITD Comparison with WCCP

Feature/Benefit

N7k WCCP

N7k ITD

Appliance is unaware of the protocol

No

Yes

Protocol support

IPv4, no IPv6

IPv4, IPv6

Number of TCAM entries

(say, 100 SVI, 8 nodes, 20 ACEs)

Very High
16000

Very low
160

Weighted load-balancing

No

Yes

Number of nodes/web caches

32

256

Support for Virtual IP

No

Yes

Src/Dest. IP, L4 port based LB, user specified bits

No

Yes

Customer support needs to look at switch only, or

both the switch and appliance

Both

Switch only

Sup CPU Overhead

High

None

Support for IPSLA probes

No

Yes

DCNM Support

No

Yes

Account team,
Leading Smart Phone company

Deployment Modes

ITD: One-Arm mode Topology

src-ip
loadbalance

ITD

Clients

Po-5

Po-6

Po-7

Po-8

ITD: Sandwich mode topology

Dst based
loadbalance

Src based
loadbalance

Outside

ITD

Inside

ITD

Clients

N7k-1

N7k-2

ITD: Sandwich mode (two VDCs)

Inside

Outside
Src based
loadbalance

Dst based
loadbalance

ITD
VDC 1

ITD
VDC 2

ITD: one-Arm mode (with HA)

ITD

ITD

Po-1

Po-2

Po-3

Po-4

ITD: Selective LB with ACL + VIP + Redirection

L3/L4
loadbalance

Redirect
ACL to
select
traffic

ITD

Clients

Select the
traffic destined
to VIP

Po-5

Web-cache/video-cache/CDN

Po-6

Po-7

Po-8

Traditional Data Center (without ITD)

Outside

Clients

Firewall
LB

Inside

Server
L4 LB

Web
servers

Server
L4 LB

App
servers

ITD enabled Data center

App
servers
Server
L4 LB

ITD
Clients

Server
L4 LB

Web
servers

Firewall
LB

ITD with NAT deployment

ITD

Client-1: 10.1.1.10

2
30.1.1.10

Po-1

Clients

Loadbalancing
VIP: 20.1.1.10

Step

dst-mac

src-mac

src-ip

dst-ip

N7K MAC

Router MAC

10.1.1.10

20.1.1.10

Server MAC

N7K MAC

10.1.1.10

30.1.1.10

N7K MAC

Server MAC

30.1.1.10

10.1.1.10

Router MAC

N7K MAC

20.1.1.10

10.1.1.10

ITD clustering with Virtual Machines

VIP
210.10.10.10
0

Clients

ITD
VLAN 2000

e3/1

Cisco
UCS

vNIC /
vSwitch
210.10.10.11

vNIC /
vSwitch
210.10.10.12

vNIC /
vSwitch
210.10.10.13

vNIC /
vSwitch

vNIC /
vSwitch

vNIC /
vSwitch

210.10.10.14

VLAN 2000

220.10.10.10

220.10.10.20

220.10.10.30

220.10.10.40

Configuring ITD

ITD: 3 Step service creation

1.

Create ITD device-group

2.

Create ITD service

3.

Associate ITD device-group to service

Creating ITD Device-group

N7k(config)# feature itd
N7k(config)# itd device-group WebServers
N7k(config-device-group)# node ip 20.20.20.2
N7k(config-device-group)# node ip 20.20.20.3 weight 4
N7k(config-device-group)# node ip 20.20.20.4
N7k(config-device-group)# node ip 20.20.20.5
N7k(config-device-group)# node ip 20.20.20.6 mode hot-standby
N7k(config-device-group)# probe icmp

Creating ITD Service

N7k(config)# itd
N7k(config-itd)#
80
N7k(config-itd)#
N7k(config-itd)#
N7k(config-itd)#

WebTraffic
virtual ip 10.10.10.10 255.255.255.255 tcp
ingress interface ethernet 1/1
ingress interface vlan 10
loadbalance method src-ip

Mapping Device-group to ITD service

N7k(config)# itd
N7k(config-itd)#
80
N7k(config-itd)#
N7k(config-itd)#
N7k(config-itd)#
N7k(config-itd)#
N7k(config-itd)#

WebTraffic
virtual ip 10.10.10.10 255.255.255.255 tcp
ingress interface ethernet 1/1
ingress interface vlan 10
loadbalance method src-ip
device-group WebServers
no shut

ITD Service : Configuring failaction

N7k(config)# itd
N7k(config-itd)#
80
N7k(config-itd)#
N7k(config-itd)#
N7k(config-itd)#
N7k(config-itd)#
N7k(config-itd)#
N7k(config-itd)#

WebTraffic
virtual ip 10.10.10.10 255.255.255.255 tcp
ingress interface ethernet 1/1
ingress interface vlan 10
loadbalance method src-ip
device-group WebServers
failaction node rassign
no shut

ITD Service : Show itd

switch# sh itd
Name
Probe LB Scheme Status
Buckets
-------------- ----- ---------- -------- ------WebTraffic
ICMP src-ip
ACTIVE
4
Device Group
VRF-Name
-------------------------------------------------- ------------WebServers
Pool
Interface
Status Track_id
------------------------------ ------------ ------ --------WebTraffic_itd_pool
Eth 1/1
UP
3
Virtual IP
Netmask/Prefix
Protocol
Port
------------------------------------------------------ ------------ ---------10.10.10.100
255.255.255.255
TCP
80
Node IP
Config-State Weight Status
Track_id Sla_id
------------------------- ------------ ------ ---------- --------- --------1
20.20.20.2
Active
1
OK
1
10001
Bucket List
----------------------------------------------------------------------WebTraffic_itd_vip_1_bucket_1
Node IP
Config-State Weight Status
Track_id Sla_id
------------------------- ------------ ------ ---------- --------- --------2
20.20.20.3
Active
1
OK
2
10002
Bucket List
----------------------------------------------------------------------WebTraffic_itd_vip_1_bucket_2

ITD Service : Show itd statistics

switch# sh itd WebTraffic statistics
Service
Device Group
VIP/mask
#Packets
----------------------------------------------------------------------------------WebTraffic WebServers 10.10.10.10.10/255.255.255.255
662328271(100.00%)

Traffic Bucket
Assigned to
Mode
Original Node
#Packets
----------------------------------------------------------------------------------WAF_itd_vip_1_bucket_1
20.20.20.2
Redirect
20.20.20.2
329348870(49.73%)
WAF_itd_vip_1_bucket_2
20.20.20.3
Redirect
20.20.20.3
332979401(50.27%)

Example Configuration

ITD Configuration with VIP

N7k(config)# device-group
N7k(config-device-group)#
N7k(config-device-group)#
N7k(config-device-group)#
N7k(config-device-group)#
N7k(config-device-group)#

WEB-SERVERS
node ip 20.20.20.2
node ip 20.20.20.3
node ip 20.20.20.4
node ip 20.20.20.5
probe icmp

N7k(config)# itd WebTraffic

N7k(config-itd)# ingress interface e3/1, e3/2
N7k(config-itd)# device-group WEB-SERVERS
N7k(config-itd)# virtual ip 10.10.10.100 255.255.255.255 tcp 80
N7k(config-itd)# no shut

20.20.20.2

ITD

20.20.20.3

e 3/1
e 3/2

Loadbalancing VIP:
10.10.10.100
TCP 80

20.20.20.4

20.20.20.5

ITD Firewall LB configuration

20.20.20.2

N7k-1(config)# device-group FW-INSPECT

120.20.20.2

ITD
Service

N7k-1(config-device-group)# node ip 20.20.20.2

ITD
Service

N7k-1(config-device-group)# node ip 20.20.20.3

N7k-1(config-device-group)# probe icmp
N7k-1(config)# itd WebTraffic

e 3/1

e 3/2

N7k-1

N7k-2

N7k-1(config-itd)# ingress interface e3/1

N7k-1(config-itd)# device-group FW-INSPECT
N7k-1(config-itd)# load-balance method src ip
N7k-1(config-itd)# no shut

Outside

Inside
20.20.20.3

120.20.20.3

N7k-2(config)# device-group FW-INSPECT

N7k-2(config-device-group)# node ip 120.20.20.2
N7k-2(config-device-group)# node ip 120.20.20.3
N7k-2(config-device-group)# probe icmp
N7k-2(config-itd)# itd WebTraffic
N7k-2(config-itd)# ingress interface e3/2
N7k-2(config-itd)# device-group FW-INSPECT
N7k-2(config-itd)# load-balance method dst ip
N7k-2(config-itd)# no shut

DCNM Support

What is DCNM ?
Simplified Operations of NX-OS

CONFIGURE
VISUALIZE
TROUBLESHOOT
OPTIMIZE

PROGRAMABLE

SCALABLE

AUTOMATE

DCNM: Creating ITD device-group

DCNM: ITD service creation

Supported Platforms

ITD Supported Platforms/Software Release

Platform

Nexus 5000/6000
Series

Nexus 7000/7700
Series

Version

NX-OS 7.1.1N1(1)

NX-OS 6.2(10)

NX-OS 7.0(3)I1(2)

License

Enhanced L2

Enhanced L2

Network Services

Nexus 9000
Series

Case Studies

Case Study 1: Large service provider in Brazil

Challenges and Requirements

Leading provider of Internet, Broadband, Corporate services

Video is majority of the traffic

Increase in international transmission cost

Peering POPs are located at United States

Long implementation times, high incidence of HA

Using VDS-TC for caching Video

Need scalable LB solution for Video cache cluster

Case Study 1: Large service provider in Brazil

Network topology

Internet

Subscribers

Subscribers
Nexus/ITD

N7K
ITD Feature

Traffic flows from both uplink

Routers to same CE but different
VNICs through NIC connected to
Active FI

CE-1 VNIC
10.138.201.1,
10.138.202.1

Cach
e

----

CE-16 VNIC
10.138.201.16,
10.138.202.16

Engin
es

Cach
e
Stora

Case Study 1: Large service provider in Brazil

ITD Load balancing across 16 cache servers

Case Study 2: Major service provider in Argentina

Challenges and Requirements

Leading provider of cable television, home internet.

Corporate SMB services and Data center.

Application availability and speed.

Need a scalable solution

Replacement for ACE load balancer for L3/L4 LB.

Avoid adding another hardware in network

Case Study 2: Major service provider in Argentina

Cisco solution with ITD

Scalable ITD with their existing Nexus

7k/5k switches

Fast, reliable solution with lower cost.

Saving 100Ks US$ in new devices for

the same function

Easy to configure, ease of migration

from existing load balancer.

ITD

ITD

Demo

Summary

John Chambers,
CEO, Cisco Systems

Intelligent Traffic Director (ITD)

Redirect

Load-balance

ACL to
select
traffic

ITD

Clients

ITD Overview:
Hardware based multi-Tbps L4
load balancing, Redirection
Zero Latency
Wire-speed solution
VIP, NAT, Weighted LB, Resilient
Health Monitoring

Select
the traffic
destined
to VIP

Benefits:
CAPEX & OPEX savings
Highly Scalable
High Availability

ITD in Data Center and Cloud Networking Portfolio

Cisco Nexus 5600

Cisco
Nexus 5000

Cisco
Nexus 9000

Cisco
Nexus 7000/7700

OPEN

HIGH PERFORMANCE FABRIC

SCALABLE SECURE SEGMENTATION

CLI / NX-API / XML / DCNM

1/10/40/100 GE

VDC / VRF / VXLAN

55K+ NX-OS customers

100K+ Chassis

10+ Million Ports

$15 Billion Install Base

DELIVERING TO CUSTOMER NEEDS

Resilient, Scalable
Fabric

Cloud

NFV

SDN

Stand-Alone

Additional Information
Mailing Lists
ask-itd@external.cisco.com
nxos-itd@cisco.com

Config guide: www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nxos/itd/configuration/guide/b-Cisco-Nexus-7000-Series-Intelligent-TrafficDirector-Configuration-Guide-Release-6x.html

Command reference:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/itd/co
mmand/reference/n7k_itd_cmds.html

Participate in the My Favorite Speaker Contest

Promote Your Favorite Speaker and You Could Be a Winner

Promote your favorite speaker through Twitter and you could win $200 of Cisco
Press products (@CiscoPress)

Send a tweet and include

Your favorite speakers Twitter handle @samar4
Two hashtags: #CLUS #MyFavoriteSpeaker

You can submit an entry for more than one of your favorite speakers

Dont forget to follow @CiscoLive and @CiscoPress

View the official rules at http://bit.ly/CLUSwin

Complete Your Online Session Evaluation

Give us your feedback to be

entered into a Daily Survey
Drawing. A daily winner
will receive a $750 Amazon
gift card.

Complete your session surveys

through the Cisco Live mobile
app or your computer on
Cisco Live Connect.
Dont forget: Cisco Live sessions will be available
for viewing on-demand after the event at
CiscoLive.com/Online

Continue Your Education

Demos in the Cisco campus

Walk-in Self-Paced Labs

Table Topics

Meet the Engineer 1:1 meetings

Related sessions

Thank you