ITD - Amazon Web Services
advertisement
ITD : Scalable load distribution solution with Nexus Switches Samar Sharma, Principal Engineer Rajendra Kumar Thirumurthi, Technical Leader BRKSPV 1113 Agenda • Problem statement • ITD features, advantages • ITD use cases, Deployment Modes • Configuring ITD, Supported Platforms • Case-studies, Demo • Summary Problem Statement Increasing traffic Global IP Video in PB 50 49.9 38.4 45 40 35 30 25 29.6 22.8 20 EMEA 8.0 PB 35% APJC 8.3 PB 36% NAM 6.5 PB 29% 15 10 5 0 2014 2015 2016 2017 Over ¾ of the Internet is Video IP Video traffic will more than double in 3 years Source Cisco VNI Expanding network functionality • DC, SP, Video customer base is growing • Themes are cloud, multi-tenancy, SDN, NFV, Fabric solutions • Increase in on-demand provisioning, elasticity requirements Services deployment Todays deployments use servers/appliances such as Video servers, FW, IPS, IDS, Video Caches, WAE. For various networks: • Video delivery • Content delivery • Data traffic networks Servers/Appliances are not scalable • Traffic growing dynamically • Requires scaling of solution • Today’s theme is scale-out solution • Today’s solutions do not scale Online Video on TV /STB • Hard to manage • Not easy to troubleshoot • Need extra capacity Multi-screen Video Intelligent Traffic Director (ITD) ITD : Intelligent Traffic Director • Hardware based L3, L4 load balancing solution • Every Nexus 5k/6k/7k/9k port, can be used for load balancing • Traffic redirection to any devices • No service module needed • Wire-speed solution • Simple to configure, easy to deploy • Servers/Appliances need not be directly connected to Nexus switch ITD : Intelligent Traffic Director Redirect Loadbalance ACL to select traffic ITD Clients Select the traffic destined to VIP Po-5 Po-6 Po-7 Po-8 Video-cache/CDN (could be any appliance/server) ITD features, advantages ITD: Multi-terabit LB key features 20.20.20.2 • IP stickiness, resiliency (like resilient-ECMP) • Load balancing based on L3 address, L4 Protocol, Port • Weighted Load balancing • Health monitoring and automatic failure handling e 3/1 • Simultaneous ACL, redirection and load balancing e 3/2 • NAT (EFT), allows non-DSR deployments • High availability, N+M redundancy • Both IPv4 and IPV6, VRF aware ITD Loadbalancing VIP: 210.10.10.100 TCP 80 20.20.20.3 20.20.20.4 20.20.20.5 ITD Advantages • Zero-touch appliance deployment • No certification, integration with vendor appliances • Supports heterogeneous appliances • No load on CPU, less TCAM utilization • Not dependent on HW architecture ITD Advantages (contd.) • CAPEX savings: wiring, power, rack space, appliance cost • Automatic failure handling and recovery • Seamless migration to new Nexus switches • Transparent to end devices • Simplified provisioning, easy to deploy ITD Use Cases ITD Use cases • Server Load balancing • • Services Load balancing, clustering • • Server farms, Application servers, Web Servers Firewall, IDS, IPS, L7 Server LB, WAF, VDS-TC (Transparent Caching), WAE Traffic Steering, Redirection • Web accelerator Engine (WAE), Web Caches • Replace PBR, ECMP, Port-channel • Professional Media Networks (PMN/AVB) Scalable NFV using ITD • Load-Balancer as a Service (LBaaS) L3/L4 server loadbalancing • Supports 10G, 40G, and 100G interfaces • Application/Service scaling without additional hardware Multi-Tbps firewall cluster • Server Load-Balancing • Traffic re-direction • Multi-Tbps Firewall • Significant CAPEX and OPEX reduction Web-cache, video-cache, WAE • Supported on all existing hardware Investment Protection: Supported on all LCs, Sups and Chassis ITD Comparison with Port-chan., ECMP, PBR Feature/Benefit Port Channel ECMP PBR ITD Link Failure detection ✓ ✓ ✓ ✓ Appliance/server failure detection ✗ ✗ ✓ ✓ Weighted load-balancing ✗ ✗ ✗ ✓ VIP, advertisement ✗ ✗ ✗ ✓ Hot standby support: N+M HA ✗ ✗ ✗ ✓ Quick failure detection/recovery ✗ ✗ ✗ ✓ Max # of nodes for scaling 16 16 16 256 Ease of configuration, troubleshooting ✗ ✗ ✗ ✓ ✗ (complex) ✗ (complex) ✗ (complex) ✓ (simple) ✗ ✗ ✗ ✓ Deployment complexity Avoid Traffic Black-holing in Sandwich ITD Server Load balancing • Traditional load-balancers can support ~100G • Traditional load-balancers are expensive • Large DC/SP need multi-terabit LB • Server migration from 1G to 10G • Server health monitoring, failure/recovery • Weighted load balancing ITD Comparison with traditional load balancer Feature/Benefit Traditional L4 loadbalancer ITD Number of moving parts External appliance needed No appliance or service module needed Hardware Typically Network processor based ASIC based 10G Server migration Doesn’t scale Scales well Bandwidth ~100 Gb ~20 Tb User can specify which bits to use for load-balancing Typically No Yes ACL + VIP + Redirection + LB Performance Degradation Wire-speed Customer support needs to look at switch only, or both the switch and appliance Both Switch only Wiring, Power, Rackspace, Cost Extra Not needed ITD with Web Accelerator Engines Appliance vendors try to redirect using WCCP or PBR. Both models have deficiencies • WCCP Solution drawbacks: 1. 2. 3. 4. 5. 6. 7. 8. Appliance has to support WCCP Explosion in the number of TCAM entries Complex protocol Troubleshooting involves both switch and appliance Cannot choose the load-balancing method Appliances have to be aware of health of other appliances. Supervisor CPU utilization becomes high WCCP not supported on N9k. ITD Comparison with WCCP Feature/Benefit N7k WCCP N7k ITD Appliance is unaware of the protocol No Yes Protocol support IPv4, no IPv6 IPv4, IPv6 Number of TCAM entries (say, 100 SVI, 8 nodes, 20 ACEs) Very High 16000 Very low 160 Weighted load-balancing No Yes Number of nodes/web caches 32 256 Support for Virtual IP No Yes Src/Dest. IP, L4 port based LB, user specified bits No Yes Customer support needs to look at switch only, or both the switch and appliance Both Switch only Sup CPU Overhead High None Support for IPSLA probes No Yes DCNM Support No Yes Account team, Leading Smart Phone company Deployment Modes ITD: One-Arm mode Topology src-ip loadbalance ITD Clients Po-5 Po-6 Po-7 Po-8 ITD: Sandwich mode topology Dst based loadbalance Src based loadbalance Outside ITD Inside ITD Clients N7k-1 N7k-2 ITD: Sandwich mode (two VDCs) Inside Outside Src based loadbalance Dst based loadbalance ITD VDC 1 ITD VDC 2 ITD: one-Arm mode (with HA) ITD ITD Po-1 Po-2 Po-3 Po-4 ITD: Selective LB with ACL + VIP + Redirection L3/L4 loadbalance Redirect ACL to select traffic ITD Clients Select the traffic destined to VIP Po-5 Web-cache/video-cache/CDN Po-6 Po-7 Po-8 Traditional Data Center (without ITD) Outside Clients Firewall LB Inside Server L4 LB Web servers Server L4 LB App servers ITD enabled Data center App servers Server L4 LB ITD Clients Server L4 LB Web servers Firewall LB ITD with NAT deployment ITD Client-1: 10.1.1.10 1 2 30.1.1.10 Po-1 4 Clients Loadbalancing VIP: 20.1.1.10 3 Step dst-mac src-mac src-ip dst-ip 1 N7K MAC Router MAC 10.1.1.10 20.1.1.10 2 Server MAC N7K MAC 10.1.1.10 30.1.1.10 3 N7K MAC Server MAC 30.1.1.10 10.1.1.10 4 Router MAC N7K MAC 20.1.1.10 10.1.1.10 ITD clustering with Virtual Machines VIP 210.10.10.10 0 Clients ITD VLAN 2000 e3/1 Cisco UCS vNIC / vSwitch 210.10.10.11 vNIC / vSwitch 210.10.10.12 vNIC / vSwitch 210.10.10.13 vNIC / vSwitch vNIC / vSwitch vNIC / vSwitch 210.10.10.14 VLAN 2000 220.10.10.10 220.10.10.20 220.10.10.30 220.10.10.40 Configuring ITD ITD: 3 Step service creation 1. Create ITD device-group 2. Create ITD service 3. Associate ITD device-group to service Creating ITD Device-group N7k(config)# feature itd N7k(config)# itd device-group WebServers N7k(config-device-group)# node ip 20.20.20.2 N7k(config-device-group)# node ip 20.20.20.3 weight 4 N7k(config-device-group)# node ip 20.20.20.4 N7k(config-device-group)# node ip 20.20.20.5 N7k(config-device-group)# node ip 20.20.20.6 mode hot-standby N7k(config-device-group)# probe icmp Creating ITD Service N7k(config)# itd N7k(config-itd)# 80 N7k(config-itd)# N7k(config-itd)# N7k(config-itd)# WebTraffic virtual ip 10.10.10.10 255.255.255.255 tcp ingress interface ethernet 1/1 ingress interface vlan 10 loadbalance method src-ip Mapping Device-group to ITD service N7k(config)# itd N7k(config-itd)# 80 N7k(config-itd)# N7k(config-itd)# N7k(config-itd)# N7k(config-itd)# N7k(config-itd)# WebTraffic virtual ip 10.10.10.10 255.255.255.255 tcp ingress interface ethernet 1/1 ingress interface vlan 10 loadbalance method src-ip device-group WebServers no shut ITD Service : Configuring failaction N7k(config)# itd N7k(config-itd)# 80 N7k(config-itd)# N7k(config-itd)# N7k(config-itd)# N7k(config-itd)# N7k(config-itd)# N7k(config-itd)# WebTraffic virtual ip 10.10.10.10 255.255.255.255 tcp ingress interface ethernet 1/1 ingress interface vlan 10 loadbalance method src-ip device-group WebServers failaction node rassign no shut ITD Service : Show itd switch# sh itd Name Probe LB Scheme Status Buckets -------------- ----- ---------- -------- ------WebTraffic ICMP src-ip ACTIVE 4 Device Group VRF-Name -------------------------------------------------- ------------WebServers Pool Interface Status Track_id ------------------------------ ------------ ------ --------WebTraffic_itd_pool Eth 1/1 UP 3 Virtual IP Netmask/Prefix Protocol Port ------------------------------------------------------ ------------ ---------10.10.10.100 255.255.255.255 TCP 80 Node IP Config-State Weight Status Track_id Sla_id ------------------------- ------------ ------ ---------- --------- --------1 20.20.20.2 Active 1 OK 1 10001 Bucket List ----------------------------------------------------------------------WebTraffic_itd_vip_1_bucket_1 Node IP Config-State Weight Status Track_id Sla_id ------------------------- ------------ ------ ---------- --------- --------2 20.20.20.3 Active 1 OK 2 10002 Bucket List ----------------------------------------------------------------------WebTraffic_itd_vip_1_bucket_2 ITD Service : Show itd statistics switch# sh itd WebTraffic statistics Service Device Group VIP/mask #Packets ----------------------------------------------------------------------------------WebTraffic WebServers 10.10.10.10.10/255.255.255.255 662328271(100.00%) Traffic Bucket Assigned to Mode Original Node #Packets ----------------------------------------------------------------------------------WAF_itd_vip_1_bucket_1 20.20.20.2 Redirect 20.20.20.2 329348870(49.73%) WAF_itd_vip_1_bucket_2 20.20.20.3 Redirect 20.20.20.3 332979401(50.27%) Example Configuration ITD Configuration with VIP N7k(config)# device-group N7k(config-device-group)# N7k(config-device-group)# N7k(config-device-group)# N7k(config-device-group)# N7k(config-device-group)# WEB-SERVERS node ip 20.20.20.2 node ip 20.20.20.3 node ip 20.20.20.4 node ip 20.20.20.5 probe icmp N7k(config)# itd WebTraffic N7k(config-itd)# ingress interface e3/1, e3/2 N7k(config-itd)# device-group WEB-SERVERS N7k(config-itd)# virtual ip 10.10.10.100 255.255.255.255 tcp 80 N7k(config-itd)# no shut 20.20.20.2 ITD 20.20.20.3 e 3/1 e 3/2 Loadbalancing VIP: 10.10.10.100 TCP 80 20.20.20.4 20.20.20.5 ITD Firewall LB configuration 20.20.20.2 N7k-1(config)# device-group FW-INSPECT 120.20.20.2 ITD Service N7k-1(config-device-group)# node ip 20.20.20.2 ITD Service N7k-1(config-device-group)# node ip 20.20.20.3 N7k-1(config-device-group)# probe icmp N7k-1(config)# itd WebTraffic e 3/1 e 3/2 N7k-1 N7k-2 N7k-1(config-itd)# ingress interface e3/1 N7k-1(config-itd)# device-group FW-INSPECT N7k-1(config-itd)# load-balance method src ip N7k-1(config-itd)# no shut Outside Inside 20.20.20.3 120.20.20.3 N7k-2(config)# device-group FW-INSPECT N7k-2(config-device-group)# node ip 120.20.20.2 N7k-2(config-device-group)# node ip 120.20.20.3 N7k-2(config-device-group)# probe icmp N7k-2(config-itd)# itd WebTraffic N7k-2(config-itd)# ingress interface e3/2 N7k-2(config-itd)# device-group FW-INSPECT N7k-2(config-itd)# load-balance method dst ip N7k-2(config-itd)# no shut DCNM Support What is DCNM ? Simplified Operations of NX-OS CONFIGURE VISUALIZE TROUBLESHOOT OPTIMIZE PROGRAMABLE SCALABLE AUTOMATE DCNM: Creating ITD device-group DCNM: ITD service creation Supported Platforms ITD Supported Platforms/Software Release Platform Nexus 5000/6000 Series Nexus 7000/7700 Series Version NX-OS 7.1.1N1(1) NX-OS 6.2(10) NX-OS 7.0(3)I1(2) License Enhanced L2 Enhanced L2 Network Services Nexus 9000 Series Case Studies Case Study 1: Large service provider in Brazil Challenges and Requirements • Leading provider of Internet, Broadband, Corporate services • Video is majority of the traffic • Increase in international transmission cost • Peering POP’s are located at United States • Long implementation times, high incidence of HA • Using VDS-TC for caching Video • Need scalable LB solution for Video cache cluster Case Study 1: Large service provider in Brazil Network topology Internet Subscribers Subscribers Nexus/ITD N7K ITD Feature Traffic flows from both uplink Routers to same CE but different VNICs through NIC connected to Active FI CE-1 VNIC 10.138.201.1, 10.138.202.1 Cach e ---- CE-16 VNIC 10.138.201.16, 10.138.202.16 Engin es Cach e Stora Case Study 1: Large service provider in Brazil ITD Load balancing across 16 cache servers Case Study 2: Major service provider in Argentina Challenges and Requirements • Leading provider of cable television, home internet. • Corporate SMB services and Data center. • Application availability and speed. • Need a scalable solution • Replacement for ACE load balancer for L3/L4 LB. • Avoid adding another hardware in network Case Study 2: Major service provider in Argentina Cisco solution with ITD • Scalable ITD with their existing Nexus 7k/5k switches • Fast, reliable solution with lower cost. • Saving 100K’s US$ in new devices for the same function • Easy to configure, ease of migration from existing load balancer. ITD ITD Demo Summary John Chambers, CEO, Cisco Systems Intelligent Traffic Director (ITD) Redirect Load-balance ACL to select traffic ITD Clients ITD Overview: • Hardware based multi-Tbps L4 load balancing, Redirection • Zero Latency • Wire-speed solution • VIP, NAT, Weighted LB, Resilient • Health Monitoring Select the traffic destined to VIP Benefits: • CAPEX & OPEX savings • Highly Scalable • High Availability ITD in Data Center and Cloud Networking Portfolio Cisco Nexus 5600 Cisco Nexus 5000 Cisco Nexus 9000 Cisco Nexus 7000/7700 OPEN HIGH PERFORMANCE FABRIC SCALABLE SECURE SEGMENTATION CLI / NX-API / XML / DCNM 1/10/40/100 GE VDC / VRF / VXLAN 55K+ NX-OS customers 100K+ Chassis 10+ Million Ports $15 Billion Install Base DELIVERING TO CUSTOMER NEEDS Resilient, Scalable Fabric Cloud NFV SDN Stand-Alone Additional Information Mailing Lists ask-itd@external.cisco.com nxos-itd@cisco.com Config guide: www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nxos/itd/configuration/guide/b-Cisco-Nexus-7000-Series-Intelligent-TrafficDirector-Configuration-Guide-Release-6x.html Command reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/itd/co mmand/reference/n7k_itd_cmds.html Participate in the “My Favorite Speaker” Contest Promote Your Favorite Speaker and You Could Be a Winner • Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress) • Send a tweet and include Your favorite speaker’s Twitter handle @samar4 • Two hashtags: #CLUS #MyFavoriteSpeaker • • You can submit an entry for more than one of your “favorite” speakers • Don’t forget to follow @CiscoLive and @CiscoPress • View the official rules at http://bit.ly/CLUSwin Complete Your Online Session Evaluation • Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. • Complete your session surveys through the Cisco Live mobile app or your computer on Cisco Live Connect. Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online Continue Your Education • Demos in the Cisco campus • Walk-in Self-Paced Labs • Table Topics • Meet the Engineer 1:1 meetings • Related sessions Thank you
