Smart-channel and Catena: Next generation Layer 4-7 services scaling technologies
|
|
- Alexina Thompson
- 5 years ago
- Views:
Transcription
1
2 Smart-channel and Catena: Next generation Layer 4-7 services scaling technologies Avni Baveja, Software Engineer Samar Sharma, Principal Engineer BRKDCN-1020
3 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, cs.co/ciscolivebot#brkdcn Cisco and/or its affiliates. All rights reserved. Cisco Public
4 Smart Channel for Line-Rate Traffic Distribution, Redirection Catena for Secure Segmentation, Service Chaining and Analytics
5 By % of the population will be using the internet By GB of internet traffic per month, per user By networked devices and connections per person By % of all internet traffic will be video By Mbps of the population will be using the internet By Mbps average mobile speed Source: Cisco VNI Forecast BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6 Network/Switches have Multiple-Terabit Capacity Appliance/Server Few Gigabits capacity How to bridge this Performance Gap? BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 Smart Channel
8 Agenda What is Smart Channel? Why Smart Channel? How to deploy? Use Cases Configuration and Troubleshooting 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
9 What is Smart-channel? Smart Channel is an intelligent ASIC-based(hardware) multi terabit traffic distribution, redirection solution. It can transparently load balance across many devices at line-rate speed. Smart channel can be used to build a scalable architecture for load balancing, traffic distribution and redirection. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 Smart-channel Hardware Based Traffic Distribution Solution Load-balancing in L2 scenarios (e.g., transparent mode appliances) Resilient and Consistent hashing Traffic redirection to any type of device Works on most of the Cisco ASICs, LCs. E.g. Nexus 9k/7k Selective traffic distribution (include/exclude certain traffic*) *on Roadmap/EFT BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 Network topology using Smart Channel Smartchannel N7k1 Nexus 9000 Hardware based algorithm to splits traffic ACL Selection Redirection Load balancing Many Devices can be Part of Smart Channel No MAC or IP rewrite done BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 Smart-Channel Configuration Components PORT GROUP Ports connected to appliance/device SMART CHANNEL SERVICE Port Group Load Balance Method Buckets Include/Exclude Filters Vlan List Mode ( trunk or access) *Roadmap/EFT BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 Basic Smart-Channel Configuration Smartchannel Vlan N7k1 Step 1 Create Port group of ports to load balance traffic smart-channel port-group monitor-group interface Eth1/11 interface Eth1/13.. interface Eth1/40 interface Eth1/41 Step 2 Create and Enable Smart Channels smart-channel svc-vlan10 port-group monitor-group vlan 10 load-balance method dst ip source ip filter any any no shutdown BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 Smart Channel: Resilient/Consistent Load Balancing Flow S1:Device 1 Smartchannel Flow sets: S1, S2, S3, S aaaa N7k1 Flow sets: S5, S6, S7, S Flow S1 Flow S1:Match Port 1 Flow sets: S9, S10, S11, S12 Flow sets: S13, S14, S15, S16 TCAM based algorithm splits the traffic (there is no actual hashing) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Smart Channel: Resilient/Consistent Load Balancing aaaa Smartchannel N7k1 Flow sets: S1, S2, S3, S4 Flow S5:Device 2 Flow sets: S5, S6, S7, S Flow S5 Flow S5:Match Port 2 Flow sets: S9, S10, S11, S12 Flow sets: S13, S14, S15, S16 TCAM based algorithm splits the traffic (there is no actual hashing) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Smart channel: No Disruption/rehashing of flows with failures Smartchannel Flow sets: aaaa N7k1 Flow sets: S5, S6, S7, S8, S1, S4 Flow sets: S9, S10, S11, S12, S Flow sets: S13, S14, S15, S16, S3 TCAM based algorithm splits the traffic (there is no actual hashing) BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Smart-channel can be used to do weighted load balancing Weighted Smartchannel N7k1 Weight W1: TCAM Match Flow sets: S3, S4, S5, S6, S7, S8 Weight W2: TCAM Match Flow sets:s1, S2 Weight W3: TCAM Match Flow sets: S9, S10, S11 TCAM based algorithm splits the traffic according to weights Weight W4: TCAM Match Flow sets: S12, S13, S14, S15 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 Benefits of Smart Channel Line-Rate Load Balancing Resilient hash (flows are not re-hashed on node addition/removal) IP-stickiness Not dependent on Nexus HW architecture Same hashing irrespective of Line-card types, ASICs, Nexus 9k/7k/6k/5k, etc. Symmetric hash even across different types of switches Health monitoring User can select the traffic to be redirected, via ACL The solution handles an unlimited number of flows BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 Benefits of Smart Channel CAPEX Saving : Wiring, Power, Rackspace and Cost savings No additional header on the packet Supports NX-API, CLI, XML Weighted load-balancing No control protocol needed Simplified provisioning and ease of deployment BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 Comparison between Ether-channel and Smart-Channel Feature/Benefit Port Channel Smart Channel Link Failure detection Weighted load-balancing * Traffic selection * Hashing is same irrespective of wiring, port numbering, reboot, link bring up Same hashing/mapping across all types of line cards/switches Resilient: Non-Disruptive to existing flows Max # of nodes for scaling Ease of configuration, troubleshooting Load-balancing method per VLAN/port * Roadmap/EFT BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Use-cases
22 Use-cases of Smart-Channel Scale out Monitoring Networks IPS, IDS, Loggers, Security Appliance, ISE Scale-out the transparent devices WSA VDS-TC (Video Scape Transparent caching) WAF (Web application firewall) Virtual appliances, like CSP, vwaas, ASAv, CSR, vwlc Improve the clustering solution ASA Scale Firepower, Sourcefire Traffic Steering, Redirection BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 How to Scale Monitoring Networks with Smart Channel? Servers aaaa Nexus Data Broker Smartchannel RX/TX vlan Clients Production Network Monitoring Network Appliances, such as: IPS, IDS, WAF, WAE, Virtual appliances, Open Source IPS, Analytics tools, Video Monitoring Examples: ASA, Sourcefire, Firepower, ISE, WSA, WAAS, CSP, vwaas, ASAv, CSR, vwlc BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 How to Scale Monitoring Networks with Smart Channel? BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 Configuring Smart-channel
26 Basic Smart-Channel Configuration Smartchannel Vlan N7k1 Step 1 Create Port group of ports to load balance traffic smart-channel port-group monitor-group interface Eth1/11 interface Eth1/13.. interface Eth1/50 interface Eth1/51 Step 2 Create and Enable Smart Channels smart-channel svc-vlan10 port-group monitor-group vlan 10 load-balance method dst ip no shutdown BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 Smart-channel Enabling Feature [no] feature smart-channel Executed in CLI config mode Enables/Disables smart-channel feature N7k# conf t Enter configuration commands, one per line. End with CNTL/Z. N7k(config)# feature smart-channel N7k# sh feature grep smart-channel smart-channel 1 enabled BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 Smart-channel Service Creation Steps Three Primary steps to configure an smart-channel Service 1 Create port group 2 Create smart-channel service 3 Attach port group to smart-channel Service NOTE: smart-channel is a conditional feature and needs to be enabled via feature smart-channel BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 Smart-channel Configuring port Group [no] smart-channel port-group <port-group-name> Executed in CLI config mode Creates/Deletes port Group N7k(config)# feature smart-channel N7k(config)# smart-channel port-group WEBSERVERS N7k(config-port-group)# interface Eth 2/2 N7k(config-port-group)# interface Eth 2/3 N7k(config-port-group)# interface Eth 2/4 N7k(config-port-group)# interface Eth 2/5 N7k(config-port-group)# BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 Smart-channel Configuring a Service [no] smart-channel <service-name> Executed in CLI config mode Creates/Deletes smart-channel service N7k(config)# smart-channel WebTraffic BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 Smart-channel Configuring Vlans [no] access vlan <access-vlan> vlan <vlan range> Executed in CLI config mode Executed as sub-mode of smart-channel service CLI Specify list of vlan for smart-channel service Access vlan for access vlan Vlan <vlan-range> for trunked vlans N7k(config)# smart-channel WebTraffic N7k(config-smart-channel)# vlan Or N7k(config)# smart-channel WebTraffic N7k(config-smart-channel)# access vlan 10 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Smart-channel Associating port Group [no] port-group <port group name> Executed in CLI config mode Executed as sub-mode of smart-channel service CLI Specify port Group to associate with smart-channel service N7k(config)# smart-channel WebTraffic N7k(config-smart-channel)# vlan N7k(config-smart-channel)# port-group WEBSERVERS BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 Smart-channel Configuring Load-balance Method [no] load-balance method [src dst ] Executed in CLI config mode Executed as sub-mode of smart-channel service CLI Specify Loadbalancing method N7k(config)# smart-channel WebTraffic N7k(config-smart-channel)# vlan N7k(config-smart-channel)# port-group FW-INSPECT N7k(config-smart-channel)# load-balance method src ip Bucket 16 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 Smart-channel Configuring filters [no] destination filter ip <ip-address> [<net mask> <prefix>] [ip tcp <port-num> udp <port-num> ] Executed in CLI config mode Executed as sub-mode of smart-channel service CLI Used to select certain destination subnets N7k(config)# smart-channel WebTraffic N7k(config-smart-channel)# vlan N7k(config-smart-channel)# port-group WEBSERVERS N7k(config-smart-channel)# loadbalance method src-ip N7k(config-smart-channel)# destination filter ip N7k(config-smart-channel)# source filter ip BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 Smart-channel Creating smart-channel Service smart-channel service attributes: port-group Associate port Group with service Access vlan Specify access vlan Vlan <1-3967> Range of trunked vlans load-balance Select Load distribution method destination filter Configuring destination filter IP Source filter Configuring destination filter IP switch(config)# smart-channel svc switch(config-smart-channel)#? access Access vlan destination Destination ip configuration load-balance Loadbalance port-group Smart channel port group shutdown source Source ip configuration vlan trunk Vlans N7k(config-smart-channel)# load-balance method? dst Destination based parameters src Source based parameters N7k(config-smart-channel)# load-balance method src? ip IP N7k(config-smart-channel)# destination filter ip ? tcp TCP Protocol udp UDP Protocol N7k(config-smart-channel)# source filter ip ? BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 Load-balance Bucket Load balance Bucket option provides user to specify the number of ACLs created per service. The Bucket value must be configured in powers of 2. When Bucket are configured more than the configured Active interfaces, the Bucket are applied in Round Robin. Bucket configuration is optional, by default the value is computed based on the number of interfaces in port group. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 Smart-channel Port Events If port fails the reassign is configured by default When the interface goes down failed, When one interfaces goes down.the traffic will be reassigned to the first Available Active interfaces. When the interface comes up success from failed state, the interface that came up will start handling the connections. If all the interfaces are down, the packets will be get forwarded automatically. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 Smart-channel sample configurations
39 Smart-channel Configure a Service N7k-1 Configuration N7k-1(config)# feature smart-channel N7k-1(config)# port-group FW-INSPECT N7k-1(config-port-group)# interface Eth 2/2 N7k-1(config-port-group)# interface Eth 2/3 N7k-1(config-port-group)# interface Eth 2/4 N7k-1(config-port-group)# interface Eth 2/5 N7k-1(config)# smart-channel WebTraffic N7k-1(config-smart-channel)# vlan 10 N7k-1(config-smart-channel)# port-group FW-INSPECT N7k-1(config-smart-channel) load-balance method src ip N7k-1(config-smart-channel)# no shut N7k-2 Configuration N7k-2(config)# feature smart-channel N7k-2(config)# port-group FW-INSPECT N7k-2(config-port-group)# interface Eth 12/2 N7k-2(config-port-group)# interface Eth 12/3 N7k-2(config-port-group)# N7k-2(config-smart-channel)# smart-channel WebTraffic N7k-2(config-smart-channel)# vlan 20 N7k-2(config-smart-channel)# port-group FW-INSPECT N7k-2(config-smart-channel)# load-balance method dst ip N7k-2(config-smart-channel)# no shut e 3/1 smartchannel Service N7k-1 Configuration Steps: 2/2 2/4 Enable smart-channel feature on both N7k Configure a port Group Configure an smart-channel Service a) Configure Service Name b) Specify vlan c) Associate port Group d) Specify Load Distribution Scheme e) Activate smart-channel Service BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40 Troubleshooting Smart-channel
41 show commands smart-channel switch(config-smart-channel)# show smart-channel svc1 Legend: ST(Status): ST-Standby,LF-Link Failed,PF-Probe Failed,PD-Peer Down,IA-Inactive Name LB Scheme Status Buckets svc1 dst-ip ACTIVE 2 Port Group Pool Vlans Status svc1_smartc_pool Source/Destination Filter Protocol Port / IP Member-Interface WGT Ethernet2/6 1 Bucket List svc1_smartc_ip_1_bucket_1 Member-Interface WGT Ethernet2/7 1 Bucket List svc1_smartc_ip_1_bucket_2 Show running-config smart-channel!command: show running-config smart-channel!time: Fri Sep 21 17:05: version 7.3(0)D1(1) feature smart-channel smart-channel port-group 3 interface Eth2/6 interface Eth2/7 smart-channel svc1 port-group 3 vlan source filter ip load-balance method dst ip no shutdown BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Verifications for smart-channel When a Smart Channel is active Following is a check-list 1. Make sure Smart Channel ACL s and Vlan ACL s Created 2. Check Smart Channel ports configuration has vlan allowed and mode & check port is up 3. Verify Smart Channel TCAM entries BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43 Step1) Smart Channel ACL s and Vlan ACL s Created switch(config)# sh run aclmgr Eg config feature smart-channel smart-channel port-group 3 interface Eth2/6 interface Eth2/7 smart-channel svc1 port-group 3 vlan source filter ip load-balance method dst ip no shutdown!command: show running-config aclmgr!time: Fri Sep 21 17:06: version 7.3(0)D1(1) ip access-list smartc_svc1_smartc_pool_allow_all_vacl 10 permit ip any any ip access-list svc1_smartc_ip_1_bucket_1 10 permit ip / ip access-list svc1_smartc_ip_1_bucket_2 10 permit ip / vlan access-map svc1_smartc_pool 10 match ip address svc1_smartc_ip_1_bucket_1 action redirect Ethernet2/6 vlan access-map svc1_smartc_pool 11 match ip address svc1_smartc_ip_1_bucket_2 action redirect Ethernet2/7 vlan access-map svc1_smartc_pool 12 match ip address smartc_svc1_smartc_pool_allow_all_vacl action forward vlan filter svc1_smartc_pool vlan-list BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 Step2) Smart Channel ports configuration switch(config)# sh run int eth 2/6-7 feature smart-channel smart-channel port-group 3 interface Eth2/6 interface Eth2/7 smart-channel svc1 port-group 3 vlan source filter ip load-balance method dst ip no shutdown!command: show running-config interface Ethernet2/6-7!Time: Fri Sep 21 17:13: version 7.3(0)D1(1) interface Ethernet2/6 switchport switchport mode trunk switchport trunk allowed vlan no shutdown interface Ethernet2/7 switchport switchport mode trunk switchport trunk allowed vlan no shutdown BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 Step4) Smart Channel TCAM entries feature smart-channel show system internal access-list vlan 10 input statistics smart-channel port-group 3 interface Eth2/6 interface Eth2/7 smart-channel svc1 port-group 3 vlan source filter ip load-balance method dst ip no shutdown BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 45
46 show smart-channel debug/event history switch# show system internal smartc event-history? all Show all logs of smartc debugs Show debug logs of smartc errors Show error logs of smartc events Show event logs of smartc fsm Fsm event logs infra Show internal infra logs of smartc msgs Show various message logs of smartc packets Show packet logs of smartc warnings Show warning logs of smartc switch(config-smart-channel)# debug smartc? all Configure all debug flags of smart-channel discovery Configure debugging of Smartc discovery error Configure debugging of smart-channel Errors events Configure debugging of smartc Events fsm Configure debugging of smart-channel FSM Events ha Configure debugging of smart-channel HA infra Configure debugging of smartc internal infra packets Configure debugging of smartc Packets trace Configure debugging of smart-channel trace trace-detail Configure debugging of smartc detail trace warning Configure debugging of smart-channel Warnings BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 Availability N9k series N7k, N7700 : Already available in Freeport: NX-OS 7.0(3)I6(1) : EFT available ( on nxos-smartc@cisco.com for details) License Network Services License References Configuration Guide: x/interfaces/configuration/guide/b_cisco_nexus_9000_series_nx- OS_Interfaces_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX- OS_Interfaces_Configuration_Guide_7x_chapter_01111.pdf Contacts & Mailer: Avni Baveja : avbaveja@cisco.com nxos-smartc@cisco.com BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 47
48 Agenda What is Catena Catena Use Cases Catena Benefits Catena Configuration Catena Sample Configurations
49 Video -all-in-one-service-chaining-solution/v/d-id/
50 What is Catena? Catena is a multi-terabit security, service chaining, segmentation, analytics and L4-L7 applications integration solution, natively on the switch/router. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 50
51 IT World Awards: Gold Winner BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52 What does the word Catena mean? Catena means Chain in several languages including English, Italian, Latin, Spanish BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 52
53 Problem Statement Network Traffic Type 1 Traffic Type 2 Network Functions, eg, Firewall, IPS, Load-balancer, NAT, Applications Traffic Type N BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 53
54 BRKDCN
55 Catena Hardware based application chaining Telemetry and analytics: natively on the switch No proprietary packet headers. No special hardware. Create multiple chains with multiple elements in each chain eg, Firewall, IPS, IDS, DOS Protection, WAAS, switches, VMs, containers Performs health monitoring and automatic failure handling Transparent insertion of appliances (configurations not required) Wire-speed performance Secure Segmentation eg, each tenant can have its own chains Catena is also a platform, for which users can write apps BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 55
56 Deployment BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 56
57 Deployment : Transparent Mode Traffic without Catena Traffic with Catena Blocked Traffic with Catena Firewall IDS/IPS Vlan 10 Eth 1/1 Vlan 20 Eth 1/2 Eth 1/3 Eth 1/4 Eth 1/5 Nexus switch Vlan 30 Eth 1/8 Per segment telemetry, and analytics at each point in the network. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 57
58 Deployment : Routed Mode Traffic without Catena Traffic with Catena Blocked Traffic with Catena Appliance1 Appliance2 Appliance Eth 2/1 Eth 2/2 Eth 2/3 Eth 1/1 Eth 1/8 Nexus switch Per segment telemetry, and analytics at each point in the network. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 58
59 Benefits of Catena Secure segmentation Insert/Remove Network Functions Build an elastic Data Center User can select the traffic to be chained, via ACL No dependency on Nexus HW architecture Independent of Line-card types, ASICs, Nexus 9k/7k, etc. No vendor-specific controller required Telemetry for each chain, for each element, for each category of traffic No proprietary packet headers Zero-touch appliance deployment BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 59
60 Benefits of Catena (Contd.) Zero-latency: Catena adds no latency CAPEX savings: User doesn t have to buy any service module or specialized hardware Catena feature does not add any load to the supervisor No certification, integration, or qualification needed between the appliances and the switch OPEX savings: Without Catena, the user has to do VLAN stitching or create default gateways, which is very hard to deploy and hard to add/remove devices. Without Catena, either all the traffic is in a chain or not in a chain. Catena allows securely partitioning the traffic through multiple chains. Today s solution, does not allow user to create multiple chains using the same network elements. Catena allows that. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 60
61 VXLAN Fabric: Traffic without Catena Traffic without Catena RR RR Traffic with Catena Blocked Traffic with Catena VXLAN Overlay with BGP-EVPN VxLAN Encap Packet Host A MAC_A IP_ ASA Firewall APP Firewall BRKDCN-1020 Host B MAC_B IP_ Cisco and/or its affiliates. All rights reserved. Cisco Public 61
62 VXLAN Fabric: Traffic with Catena Traffic without Catena RR RR Traffic with Catena Blocked Traffic with Catena VXLAN Overlay with BGP-EVPN VxLAN Encap Packet Host A MAC_A IP_ ASA Firewall App Firewall BRKDCN-1020 Host B MAC_B IP_ Cisco and/or its affiliates. All rights reserved. Cisco Public 62
63 Management for Catena CLI NX-API XML User created Apps on top of Catena DME: Coming soon DCNM (Data Center Network Manager) GUI: coming soon BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 63
64 Health Monitoring Probes Link State: For Transparent mode ICMP Ping TCP Port-number UDP Port-number DNS HTTP User can specify the probe frequency, timeout, retry-count etc. BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 64
65 Failure Handling Modes In case a device fails, either Forward the packet (normal L2/L3 forwarding) Bypass the current device Drop the packet BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 65
66 Configuring Catena
67 Catena Enabling [no] feature catena switch# conf t Enter configuration commands, one per line. End with CNTL/Z. switch(config)# feature catena switch# sh feature grep catena catena 1 enabled NOTE: catena is a conditional feature and needs to be enabled via feature catena BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 67
68 Catena: Configuration Steps 1. Create port group Add interfaces to the port group 2. Create vlan group Add vlans to the vlan group 3. Create device group Add IP nodes to the device group Probe to use for health monitoring of node 4. Create access list 5. Create catena instance BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 68
69 Configuring Port Group [no] catena port-group <port-group-name> switch(config)# feature catena switch(config)# catena port-group pg1 switch(config-port-group)# interface Eth 2/2 switch(config-port-group)# interface Eth 2/3 switch(config-port-group)# interface Eth 2/4 switch(config-port-group)# interface Eth 2/5 Creating a port group Adding an interface BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 69
70 Configuring VLAN Group [no] catena vlan-group <vlan-group-name> switch(config)# feature catena switch(config)# catena vlan-group vg1 switch(config-vlan-group)# vlan 10 switch(config-vlan-group)# vlan 20 switch(config-vlan-group)# vlan switch(config-vlan-group)# vlan 50,55 Creating a vlan group Adding a vlan BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 70
71 Configuring Device Group Device group contains: Node ip address Probe to use for health monitoring of nodes [no] catena device-group <device-group-name> If there are multiple nodes, then traffic will be load-balanced switch(config)# feature catena switch(config)# catena device-group dg-1 Creating a device group switch(config-device-group)# node ip Configuring an active node switch(config-device-group)# node ip Configuring an active node switch(config-device-group)# probe icmp Configuring a probe. Per dev-grp BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 71
72 Configuring Instance [no] catena <instance-name> Creates/Deletes catena instance switch(config)# catena instance1 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 72
73 Configuring Chain & Sequence list [no] chain <chain-id> [no] <sequence-no> access-list <acl-name> {vlan-group <vg-name> ingress-portgroup <ipg-name>} {egress-port-group <epg-name> egress-device-group <edgname> [mode <mode>] switch(config)# catena instance1 switch(config-catena-instance)# chain 10 switch(config-catena)# 10 access-list acl11 vlan-group vg1 egressport-group pg1 mode forward switch(config)# catena instance2 switch(config-catena-instance)# chain 20 switch(config-catena)# 20 access-list acl12 ingress-port-group pg1 egress-device-group dg-1 mode forward BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 73
74 Creating Catena-Transparent Instance switch(config)# catena instance1 switch(config-catena-instance)#? chain Chain for instance shutdown switch(config-catena)# chain? < > Chain ID switch(config-catena)#? < > Sequence number switch(config-catena)# 10? access-list ACL list switch(config-catena)# 10 access-list acl10? ingress-port-group Specify ingress port group name for ACL rule vlan-group Specify vlan group name for ACL rule switch(config-catena)# 10 access-list acl10 vlan-group vg1? egress-port-group Specify egress port group name for ACL rule egress-device-group Specify egress device group name for ACL rule switch(config-catena)# 10 access-list acl10 vlan-group vg1 egress-port-group pg1? <CR> mode Failure mode switch(config-catena)# 10 access-list acl10 vlan-group vg1 egress-port-group pg1 mode? drop forward redirect BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 74
75 Creating Catena-Routed Instance switch(config)# catena instance2 switch(config-catena-instance)#? chain Chain for instance shutdown switch(config-catena)# chain? < > Chain ID switch(config-catena)#? < > Sequence number switch(config-catena)# 10? access-list ACL list switch(config-catena)# 10 access-list acl10? ingress-port-group Specify ingress port group name for ACL rule vlan-group Specify vlan group name for ACL rule switch(config-catena)# 10 access-list acl10 ingress-port-group pg1? egress-port-group Specify egress port group name for ACL rule egress-device-group Specify egress device group name for ACL rule switch(config-catena)# 10 access-list acl10 ingress-port-group pg1 egress-device-group dg1? <CR> mode Failure mode switch(config-catena)# 10 access-list acl10 ingress-port-group pg1 egress-device-group dg1 mode? drop forward redirect BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 75
76 Show Commands Command Syntax: show catena <instance-name> [brief] Displays more information for a given instance Command Syntax: show running-config catena Displays current catena running configuration BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 76
77 Catena sample configurations
78 Configure Catena-Transparent Nexus Configuration N9k(config)# feature catena N9k(config)# catena port-group pg1 N9k(config-port-group)# interface Eth 3/1 N9k(config)# catena port-group pg2 N9k(config-port-group)# interface Eth 3/2 N9k(config)# catena vlan-group vg1 N9k(config-vlan-group)# vlan 10 N9k(config)# catena vlan-group vg2 N9k(config-vlan-group)# vlan 20 Vlan 10 Vlan 20 Eth 3/1 Eth 3/2 Nexus switch Vlan 30 Eth 3/3 N9k(config)# ip access-list acl10 N9k(config-acl)# 10 permit */24 any Similarly, the Catena return instance is configured N9k(config)# catena instance1 N9k(config-catena-instance)# chain 10 N9k(config-catena)# 10 access-list acl10 vlan-group vg1 egress-port-group pg1 mode forward N9k(config-catena)# 20 access-list acl10 vlan-group vg2 egress-port-group pg2 mode forward N9k(config-catena-instance)# no shut BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 78
79 Configure Catena-Routed N9k(config)# feature catena N9k(config)# catena port-group pg1 N9k(config-port-group)# interface Eth 3/1 N9k(config)# catena port-group pg2 N9k(config-port-group)# interface Eth 3/3 N9k(config)# catena device-group dg-1 N9k(config-device-group)# node ip N9k(config-device-group)# probe icmp N9k(config)# catena device-group dg-2 N9k(config-device-group)# node ip N9k(config-device-group)# probe icmp N9k(config)# ip access-list acl10 N9k(config-acl)# 10 permit /24 any Appliance1 Appliance2 inside outside Eth 3/2 Eth 3/3 Eth 3/4 Eth 3/1 Eth 3/5 Nexus switch Similarly, the Catena return instance is configured N9k(config)# catena instance2 N9k(config-catena-instance)# chain 10 N9k(config-catena)# 10 access-list acl10 ingress-port-group pg1 egress-device-group dg-1 mode forward N9k(config-catena)# 20 access-list acl10 ingress-port-group pg2 egress-device-group dg-2 mode forward N9k(config-catena-instance)# no shut BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 79
80 BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 80
81 Catena Supported Platforms/Software Release Platform Nexus 7000/7700 Series Nexus 9000 Series Version License NX-OS 8.0(1) Network Services NX-OS 7.0(3)I6(1) Network Services BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 81
82 References Mailing list: Config guide sco_nexus7000_catena_config_guide_8x/configuring_catena.html Command reference guide d/cisco_nexus7000_catena_command_ref_8x.html Blog: BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 82
83 Summary How to build an elastic network Data Center Enterprise Service Provider Scale same type of functions; Smart-Channel Insert different type of functions: Catena BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 83
84 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on Don t forget: Cisco Live sessions will be available for viewing on demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public
85 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKDCN Cisco and/or its affiliates. All rights reserved. Cisco Public 85
86 Thank you
87
Configuring the Catena Solution
This chapter describes how to configure Catena on a Cisco NX-OS device. This chapter includes the following sections: About the Catena Solution, page 1 Licensing Requirements for Catena, page 2 Guidelines
More informationCisco Nexus 7000 Series Switches Configuration Guide: The Catena Solution
Cisco Nexus 7000 Series Switches Configuration Guide: The Catena Solution First Published: 2016-12-21 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com
More informationNXOS in the Real World Using NX-API REST
NXOS in the Real World Using NX-API REST Adrian Iliesiu Corporate Development Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationConfiguring Policy-Based Redirect
About Policy-Based Redirect, page 1 About Symmetric Policy-Based Redirect, page 8 Policy Based Redirect and Hashing Algorithms, page 8 Using the GUI, page 9 Using the NX-OS-Style CLI, page 10 Verifying
More informationConfiguring Policy-Based Redirect
About Policy-Based Redirect, on page 1 About Multi-Node Policy-Based Redirect, on page 3 About Symmetric Policy-Based Redirect, on page 3 Policy Based Redirect and Hashing Algorithms, on page 4 Policy-Based
More informationLayer-4 to Layer-7 Services
Overview, page 1 Tenant Edge-Firewall, page 1 LBaaS, page 2 FWaaS, page 4 Firewall Configuration, page 6 Overview Layer-4 through Layer-7 services support(s) end-to-end communication between a source and
More informationConfiguring TAP Aggregation and MPLS Stripping
This chapter describes how to configure TAP aggregation and MPLS stripping on Cisco NX-OS devices. This chapter contains the following sections: About TAP Aggregation, page 1 About MPLS Stripping, page
More informationImplementing VXLAN in DataCenter
Implementing VXLAN in DataCenter LTRDCT-1223 Lilian Quan Technical Marketing Engineering, INSBU Erum Frahim Technical Leader, ecats John Weston Technical Leader, ecats Why Overlays? Robust Underlay/Fabric
More informationLayer 4 to Layer 7 Service Insertion, page 1
This chapter contains the following sections:, page 1 Layer 4 to Layer 7 Policy Model, page 2 About Service Graphs, page 2 About Policy-Based Redirect, page 5 Automated Service Insertion, page 12 About
More informationNexus 7000 F3 or Mx/F2e VDC Migration Use Cases
Nexus 7000 F3 or Mx/F2e VDC Migration Use Cases Anees Mohamed Network Consulting Engineer Session Goal M1 VDC M1/M2 VDC M2/F3 VDC M1/F1 VDC M1/M2/F2e VDC F2/F2e/F3 VDC F2 VDC F3 VDC You are here This Session
More informationService Graph Design with Cisco Application Centric Infrastructure
White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...
More informationConfiguring TAP Aggregation and MPLS Stripping
This chapter describes how to configure TAP aggregation and MPLS stripping on Cisco NX-OS devices. This chapter contains the following sections: About TAP Aggregation, page 1 About MPLS Stripping, page
More informationBuilding NFV Solutions with OpenStack and Cisco ACI
Building NFV Solutions with OpenStack and Cisco ACI Domenico Dastoli @domdastoli INSBU Technical Marketing Engineer Iftikhar Rathore - INSBU Technical Marketing Engineer Agenda Brief Introduction to Cisco
More informationCisco Virtual Networking Solution Nexus 1000v and Virtual Services. Abhishek Mande Engineer
Cisco Virtual Networking Solution Nexus 1000v and Virtual Services Abhishek Mande Engineer mailme@cisco.com Agenda Application requirements in virtualized DC The Anatomy of Nexus 1000V Virtual Services
More informationLayer 3 Forwarding and Troubleshooting Deep Dive on Nexus 9000/3000
Layer 3 Forwarding and Troubleshooting Deep Dive on Nexus 9000/3000 Ambrish Mehta Principal Engineer (INSBU Engineering) Swami Narayanan Principal Engineer (INSBU Engineering) Session Abstract Closer look
More informationImplementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches
White Paper Implementing the ERSPAN Analytics Feature on Cisco Nexus 6000 Series and 5600 Platform Switches White Paper October 2014 2014 Cisco and/or its affiliates. All rights reserved. This document
More informationConfiguring Policy-Based Redirect
About Policy-Based Redirect, page 1 About Symmetric Policy-Based Redirect, page 8 Using the GUI, page 8 Using the NX-OS-Style CLI, page 10 Verifying a Policy-Based Redirect Configuration Using the NX-OS-Style
More informationCisco Firepower NGIPS Tuning and Best Practices
Cisco Firepower NGIPS Tuning and Best Practices John Wise, Security Instructor High Touch Delivery, Cisco Learning Services CTHCRT-2000 Cisco Spark How Questions? Use Cisco Spark to communicate with the
More informationLayer 4 to Layer 7 Design
Service Graphs and Layer 4 to Layer 7 Services Integration, page 1 Firewall Service Graphs, page 5 Service Node Failover, page 10 Service Graphs with Multiple Consumers and Providers, page 12 Reusing a
More informationConfiguring Tap Aggregation and MPLS Stripping
This chapter contains the following sections: Information About Tap Aggregation, page 1 Information About MPLS Stripping, page 3 Configuring Tap Aggregation, page 4 Verifying the Tap Aggregation Configuration,
More informationLTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager
LTRDCT-2781 Building and operating VXLAN BGP EVPN Fabrics with Data Center Network Manager Henrique Molina, Technical Marketing Engineer Matthias Wessendorf, Technical Marketing Engineer Cisco Spark How
More informationConfiguring Static and Dynamic NAT Translation
This chapter includes the following sections: Network Address Translation Overview, on page 1 Information About Static NAT, on page 2 Dynamic NAT Overview, on page 3 Timeout Mechanisms, on page 3 NAT Inside
More informationCisco Intelligent Traffic Director Deployment Guide with Cisco ASA
Cisco Intelligent Traffic Director with Cisco ASA Cisco Intelligent Traffic Director Deployment Guide with Cisco ASA 2016 Cisco and/or its affiliates. All rights reserved. 1 Cisco Intelligent Traffic Director
More informationConfiguring Local SPAN and ERSPAN
This chapter contains the following sections: Information About ERSPAN, page 1 Licensing Requirements for ERSPAN, page 5 Prerequisites for ERSPAN, page 5 Guidelines and Limitations for ERSPAN, page 5 Guidelines
More informationConfiguring WCCPv2. Information About WCCPv2. Send document comments to CHAPTER
CHAPTER 5 This chapter describes how to configure the Web Cache Communication Protocol version 2 (WCCPv2) on Cisco NX-OS devices. This chapter includes the following sections: Information About WCCPv2,
More informationConfiguring SPAN. About SPAN. SPAN Sources
This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco NX-OS devices. This chapter contains the following sections: About SPAN, page
More informationVXLAN Deployment Use Cases and Best Practices
VXLAN Deployment Use Cases and Best Practices Azeem Suleman Solutions Architect Cisco Advanced Services Contributions Thanks to the team: Abhishek Saxena Mehak Mahajan Lilian Quan Bradley Wong Mike Herbert
More informationConfiguring Web Cache Services By Using WCCP
CHAPTER 44 Configuring Web Cache Services By Using WCCP This chapter describes how to configure your Catalyst 3560 switch to redirect traffic to wide-area application engines (such as the Cisco Cache Engine
More informationHypervisors networking: best practices for interconnecting with Cisco switches
Hypervisors networking: best practices for interconnecting with Cisco switches Ramses Smeyers Customer Support Engineer Agenda What is this session about? Networking virtualization concepts Hypervisor
More informationCisco Nexus Data Broker
Data Sheet Cisco Nexus Data Broker Product Overview You used to monitor traffic mainly to manage network operations. Today, when you monitor traffic you can find out instantly what is happening throughout
More informationConfiguring VXLAN EVPN Multi-Site
This chapter contains the following sections: About VXLAN EVPN Multi-Site, on page 1 Licensing Requirements for VXLAN EVPN Multi-Site, on page 2 Guidelines and Limitations for VXLAN EVPN Multi-Site, on
More informationNexus 1000V in Context of SDN. Martin Divis, CSE,
Nexus 1000V in Context of SDN Martin Divis, CSE, mdivis@cisco.com Why Cisco Nexus 1000V Losing the Edge Server Admin Host Host Host Host Server Admin manages virtual switching! vswitch vswitch vswitch
More informationDeploy Application Load Balancers with Source Network Address Translation in Cisco DFA
White Paper Deploy Application Load Balancers with Source Network Address Translation in Cisco DFA Last Updated: 1/27/2016 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco
More informationConfiguring Port Channels
This chapter contains the following sections: Information About Port Channels, page 1, page 10 Verifying Port Channel Configuration, page 21 Verifying the Load-Balancing Outgoing Port ID, page 22 Feature
More informationConfiguring Static and Dynamic NAT Translation
This chapter contains the following sections: Network Address Translation Overview, page 1 Information About Static NAT, page 2 Dynamic NAT Overview, page 4 Timeout Mechanisms, page 4 NAT Inside and Outside
More informationConfigure FTD Interfaces in Inline-Pair Mode
Configure FTD Interfaces in Inline-Pair Mode Contents Introduction Prerequisites Requirements Components Used Background Information Configure Inline Pair Interface on FTD Network Diagram Verify Verify
More informationStatic VLAN Pools that will be used for the encapsulation VLAN between the external devices
Contents Introduction Prerequisites Requirements Components Used Background Information Configure Network Diagram Configure Verify and Troubleshoot Introduction This document describes the configuration
More informationCisco UCS Director and ACI Advanced Deployment Lab
Cisco UCS Director and ACI Advanced Deployment Lab Michael Zimmerman, TME Vishal Mehta, TME Agenda Introduction Cisco UCS Director ACI Integration and Key Concepts Cisco UCS Director Application Container
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationConfiguring Cisco ACE for Load Balancing Cisco Identity Service Engine (ISE)
Configuring Cisco ACE for Load Balancing Cisco Identity Service Engine (ISE) Craig Hyps Principal Technical Marketing Engineer, Cisco Systems Sample ACE Configuration 2 Health Probes and Real Servers Define
More informationV Commands. virtual ip, page 2 virtual ipv6, page 5 vrf, page 8. Cisco Nexus 7000 Series NX-OS Intelligent Traffic Director Command Reference 1
virtual ip, page 2 virtual ipv6, page 5 vrf, page 8 1 virtual ip virtual ip To configure the virtual IPv4 address of an Intelligent Traffic Director (ITD) service, use the virtual ip command. To remove
More informationVXLAN Overview: Cisco Nexus 9000 Series Switches
White Paper VXLAN Overview: Cisco Nexus 9000 Series Switches What You Will Learn Traditional network segmentation has been provided by VLANs that are standardized under the IEEE 802.1Q group. VLANs provide
More informationServiceability of SD-WAN
BRKCRS-2112 Serviceability of SD-WAN Chandrabalaji Rajaram & Ali Shaikh Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live
More informationCisco SD-Access Hands-on Lab
LTRCRS-2810 Cisco SD-Access Hands-on Lab Larissa Overbey - Technical Marketing Engineer, Cisco Derek Huckaby - Technical Marketing Engineer, Cisco https://cisco.box.com/v/ltrcrs-2810-bcn2018 Password:
More informationConfiguring IPv6 First-Hop Security
This chapter describes the IPv6 First-Hop Security features. This chapter includes the following sections: Finding Feature Information, on page 1 Introduction to First-Hop Security, on page 1 RA Guard,
More informationConfiguring SPAN. Finding Feature Information. About SPAN. SPAN Sources
This chapter describes how to configure an Ethernet switched port analyzer (SPAN) to analyze traffic between ports on Cisco NX-OS devices. Finding Feature Information, on page 1 About SPAN, on page 1 Licensing
More informationCisco Nexus Data Broker for Network Traffic Monitoring and Visibility
Guide Cisco Nexus Data Broker for Network Traffic Monitoring and Visibility Solution Implementation Guide 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
More informationConfiguring Port Channels
This chapter contains the following sections: Information About Port Channels, on page 1, on page 8 Verifying Port Channel Configuration, on page 16 Verifying the Load-Balancing Outgoing Port ID, on page
More informationConfiguring EtherChannels
Configuring EtherChannels This chapter describes how to configure EtherChannels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of EtherChannels in Cisco
More informationLayer 2 Implementation
CHAPTER 3 In the Virtualized Multiservice Data Center (VMDC) 2.3 solution, the goal is to minimize the use of Spanning Tree Protocol (STP) convergence and loop detection by the use of Virtual Port Channel
More informationChapter 10 - Configure ASA Basic Settings and Firewall using ASDM
Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM This lab has been updated for use on NETLAB+ Topology Note: ISR G1 devices use FastEthernet interfaces instead of GigabitEthernet interfaces.
More informationAutomation and Programmability using Cisco Open NXOS and DevOps Tools
Automation and Programmability using Cisco Open NXOS and DevOps Tools Jeff Lester Sr. Solutions Integration Architect Matt Tarkington Consulting Engineer Services Cisco Spark How Questions? Use Cisco Spark
More informationConfiguring Cache Services Using the Web Cache Communication Protocol
Configuring Cache Services Using the Web Cache Communication Protocol Finding Feature Information, page 1 Prerequisites for WCCP, page 1 Restrictions for WCCP, page 2 Information About WCCP, page 3 How
More informationPnP Deep Dive Hands-on with APIC-EM and Prime Infrastructure
LTRNMS-2007 PnP Deep Dive Hands-on with APIC-EM and Prime Infrastructure Thomas Gerneth, Julian Mueller,Tobias Huelsdau Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationConfiguring Private VLANs Using NX-OS
This chapter describes how to configure private VLANs on Cisco NX-OS devices. Private VLANs provide additional protection at the Layer 2 level. This chapter includes the following sections: Finding Feature
More informationConfiguring Virtual Servers
3 CHAPTER This section provides an overview of server load balancing and procedures for configuring virtual servers for load balancing on an ACE appliance. Note When you use the ACE CLI to configure named
More informationITBraindumps. Latest IT Braindumps study guide
ITBraindumps http://www.itbraindumps.com Latest IT Braindumps study guide Exam : 400-151 Title : CCIE Data Center v2.0 Vendor : Cisco Version : DEMO Get Latest & Valid 400-151 Exam's Question and Answers
More informationVXLAN EVPN Fabric and automation using Ansible
VXLAN EVPN Fabric and automation using Ansible Faisal Chaudhry, Principal Architect Umair Arshad, Sr Network Consulting Engineer Lei Tian, Solution Architecture Cisco Spark How Questions? Use Cisco Spark
More informationConfiguring Port Channels
This chapter contains the following sections: Information About Port Channels, page 1, page 9 Verifying Port Channel Configuration, page 16 Verifying the Load-Balancing Outgoing Port ID, page 17 Feature
More informationEvolution of Data Center Security Automated Security for Today s Dynamic Data Centers
Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers Speaker: Mun Hossain Director of Product Management - Security Business Group Cisco Twitter: @CiscoDCSecurity 2 Any
More informationNexus 7000 and 7700 Series Switches Optimized ACL Logging Configuration Example
Nexus 7000 and 7700 Series Switches Optimized ACL Logging Configuration Example Document ID: 118907 Contributed by Richard Michael, Cisco TAC Engineer. Apr 15, 2015 Contents Introduction Prerequisites
More informationRouting Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationConfiguring EtherChannels
This chapter describes how to configure EtherChannels and to apply and configure the Link Aggregation Control Protocol (LACP) for more efficient use of EtherChannels in Cisco NX-OS. It contains the following
More informationACI Fabric Endpoint Learning
White Paper ACI Fabric Endpoint Learning 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 45 Contents Introduction... 3 Goals of this document...
More informationCisco Container Platform
Cisco Container Platform Pradnesh Patil Suhail Syed Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click
More informationCisco CCIE Data Center Written Exam v2.0. Version Demo
Cisco 400-151 CCIE Data Center Written Exam v2.0 Version Demo QUESTION 1 Which IETF standard is the most efficient messaging protocol used in an lot network? A. SNMP B. HTTP C. CoAP D. MQTI Correct Answer:
More informationNSX Data Center Load Balancing and VPN Services
NET2761BU NSX Data Center Load Balancing and VPN Services Derek Deukyoon Kang, VMware, Inc. Vinay Reddy, VMware, Inc. #vmworld #NET2761BU Disclaimer This presentation may contain product features or functionality
More informationI Commands. iping, page 2 iping6, page 4 itraceroute, page 5 itraceroute6 vrf, page 6. itraceroute vrf encap vxlan, page 12
iping, page 2 iping6, page 4 itraceroute, page 5 itraceroute6 vrf, page 6 itraceroute6 vrf encap vlan, page 7 itraceroute6 vrf encap vxlan dst-mac, page 8 itraceroute vrf, page 9 itraceroute vrf encap
More informationVirtual Security Gateway Overview
This chapter contains the following sections: Information About the Cisco Virtual Security Gateway, page 1 Cisco Virtual Security Gateway Configuration for the Network, page 10 Feature History for Overview,
More informationLoad Balancing Microsoft IIS. Deployment Guide v Copyright Loadbalancer.org
Load Balancing Microsoft IIS Deployment Guide v1.6.4 Copyright Loadbalancer.org Table of Contents 1. About this Guide...4 2. Loadbalancer.org Appliances Supported...4 3. Loadbalancer.org Software Versions
More informationConfiguring IPv4. Finding Feature Information. This chapter contains the following sections:
This chapter contains the following sections: Finding Feature Information, page 1 Information About IPv4, page 2 Virtualization Support for IPv4, page 6 Licensing Requirements for IPv4, page 6 Prerequisites
More informationCisco Nexus 1000V InterCloud
Deployment Guide Cisco Nexus 1000V InterCloud Deployment Guide (Draft) June 2013 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 49 Contents
More informationInternet Technology. 15. Things we didn t get to talk about. Paul Krzyzanowski. Rutgers University. Spring Paul Krzyzanowski
Internet Technology 15. Things we didn t get to talk about Paul Krzyzanowski Rutgers University Spring 2016 May 6, 2016 352 2013-2016 Paul Krzyzanowski 1 Load Balancers Load Balancer External network NAT
More informationConfiguring VLAN Interfaces
CHAPTER1 The Cisco Application Control Engine (ACE) module does not have any external physical interfaces to receive traffic from clients and servers. Instead, it uses internal VLAN interfaces. You assign
More informationConfiguring Port Channels
This chapter contains the following sections: Information About Port Channels, page 1, page 11 Verifying Port Channel Configuration, page 19 Triggering the Port Channel Membership Consistency Checker,
More informationIntegration of Hypervisors and L4-7 Services into an ACI Fabric. Azeem Suleman, Principal Engineer, Insieme Business Unit
Integration of Hypervisors and L4-7 Services into an ACI Fabric Azeem Suleman, Principal Engineer, Insieme Business Unit Agenda Introduction to ACI Review of ACI Policy Model Hypervisor Integration Layer
More informationConfiguring SPAN. Configuring SPAN. SPAN Sources. This chapter includes the following sections: Configuring SPAN, page 1
This chapter includes the following sections:, page 1 SPAN Sources The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by
More informationConfiguring EtherChannels and Link-State Tracking
CHAPTER 37 Configuring EtherChannels and Link-State Tracking This chapter describes how to configure EtherChannels on Layer 2 and Layer 3 ports on the switch. EtherChannel provides fault-tolerant high-speed
More informationAutomation of Application Centric Infrastructure (ACI) with Cisco UCS Director
Automation of Application Centric Infrastructure (ACI) with Cisco UCS Director Raju Penmetsa @RajuPenmetsa1 Data Center Group Agenda IT Complexity Solution for ACI Automation Cisco UCS Director Application
More informationConfiguring Real Servers and Server Farms
CHAPTER2 Configuring Real Servers and Server Farms This chapter describes the functions of real servers and server farms in load balancing and how to configure them on the ACE module. It contains the following
More informationIntegrating the Cisco ASA with Cisco Nexus 9000 Series Switches and the Cisco Application Centric Infrastructure
Solution Guide Integrating the Cisco ASA with Cisco Nexus 9000 Series Switches and the Cisco Application Centric Infrastructure Data Center Design Opportunities Modern designs for the highly secure data
More informationConfiguring Fabric and Interfaces
Fabric and Interface Configuration, on page 1 Graceful Insertion and Removal (GIR) Mode, on page 2 Configuring Physical Ports in Leaf Nodes and FEX Devices Using the NX-OS CLI, on page 3 Configuring Port
More informationOracle E-Business Suite 11i with Cisco ACE Series Application Control Engine Deployment Guide, Version 1.0
Design Guide Oracle E-Business Suite 11i with Cisco ACE Series Application Control Engine Deployment Guide, Version 1.0 This design guide describes how to deploy the Cisco Application Control Engine (Cisco
More informationConfiguring an IP ACL
9 CHAPTER This chapter describes how to configure IP access control lists (ACLs). This chapter includes the following sections: Information About ACLs, page 9-1 Prerequisites for IP ACLs, page 9-5 Guidelines
More informationTable of Contents HOL-PRT-1305
Table of Contents Lab Overview... 2 - Abstract... 3 Overview of Cisco Nexus 1000V series Enhanced-VXLAN... 5 vcloud Director Networking and Cisco Nexus 1000V... 7 Solution Architecture... 9 Verify Cisco
More informationOn the Cisco Nexus 5548 Switch, Fibre Channel ports and VSAN ports cannot be configured as ingress source ports in a SPAN session.
This chapter includes the following sections:, page 1 SPAN Sources The Switched Port Analyzer (SPAN) feature (sometimes called port mirroring or port monitoring) selects network traffic for analysis by
More informationConfiguring Virtual Port Channels
This chapter contains the following sections: Information About vpcs vpc Overview Information About vpcs, on page 1 Guidelines and Limitations for vpcs, on page 11 Verifying the vpc Configuration, on page
More informationConfiguring EtherChannels and Layer 2 Trunk Failover
35 CHAPTER Configuring EtherChannels and Layer 2 Trunk Failover This chapter describes how to configure EtherChannels on Layer 2 and Layer 3 ports on the switch. EtherChannel provides fault-tolerant high-speed
More informationMigrating Applications with CloudCenter
Migrating Applications with CloudCenter Tuan Nguyen, Technical Marketing Engineer, Insieme BU DEVNET-1179 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this
More informationApplication Centric Infrastructure
Application Centric Infrastructure Design pro řešení na zelené louce i do stávajícího DC DCA4 Miroslav Brzek, Systems Engineer Agenda Modern DC infrastructure Customer requirements What s Application Centric
More informationTRex Realistic Traffic Generator
DEVNET-1120 TRex Realistic Traffic Generator Hanoch Haim, Principal Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco
More informationConfiguring Access and Trunk Interfaces
Configuring Access and Trunk Interfaces Ethernet interfaces can be configured either as access ports or trunk ports. Trunks carry the traffic of multiple VLANs over a single link and allow you to extend
More informationConfiguring VLAN Interfaces
CHAPTER1 The Cisco Application Control Engine (ACE) module does not have any external physical interfaces to receive traffic from clients and servers. Instead, it uses internal VLAN interfaces. You assign
More informationPage 2
Page 2 Mgmt-B, vmotion-a vmotion-b VMM-Pool-B_ Connection-B -Set-A Uplink-Set-A Uplink-Set-B ACI-DC Standard Aggregation L3 Switch Configuration for existing Layer 2 : Nexus 6K-01 switch is
More informationIntroducing Cisco Network Assurance Engine
BRKACI-2403 Introducing Cisco Network Assurance Engine Intent Based Networking for Data Centers Sundar Iyer, Distinguished Engineer Head Cisco Network Assurance Engine Team Dhruv Jain, Director of Product
More informationConfiguring IP ACLs. About ACLs
This chapter describes how to configure IP access control lists (ACLs) on Cisco NX-OS devices. Unless otherwise specified, the term IP ACL refers to IPv4 and IPv6 ACLs. This chapter includes the following
More informationIntuit Application Centric ACI Deployment Case Study
Intuit Application Centric ACI Deployment Case Study Joon Cho, Principal Network Engineer, Intuit Lawrence Zhu, Solutions Architect, Cisco Agenda Introduction Architecture / Principle Design Rollout Key
More informationCisco SD-Access Building the Routed Underlay
Cisco SD-Access Building the Routed Underlay Rahul Kachalia Sr. Technical Leader Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More information