Data Centre Interconnection - firewall and load balancer deployment
Hi all,
I've read lots of Cisco docs/white papers on DCI - Layer 2 extension between DCs, but as yet I cannot find any decent information on how best to deploy firewalls and load balancers in such a design. I've seen refs to FHRP isolation on Nexus 7k (and possible 6k if you use DCI block) but nothing on the services elements.
The services element seems to be a complete minefield here:
- active/standby across sites, or deploy resilient pairs in each site?
- how to align optimal traffic flows inbound and ooutbound (RHI, SNAT, etc.)
- best practice suggestions ideally.
Cisco DCI docs seem to always gloss over the fact that most customers would have to deal with firewalls and load balancers here, and simply refer to 'coming soon' for that info.
If anyone has any good suggestions/links to docs explaining detailed implementation info would be much appreciate
Thanks
Phil
You might want to check out this new product called ITD.
Simple and faster solution:
ITD provides :
ASIC based multi-terabit/s L3/L4 load-balancing at line-rate
No service module or external L3/L4 load-balancer needed. Every N7k port can be used as load-balancer.
Redirect line-rate traffic to any devices, for example web cache engines, Web Accelerator Engines (WAE), video-caches, etc.
Capability to create clusters of devices, for example, Firewalls, Intrusion Prevention System (IPS), or Web Application Firewall (WAF), Hadoop cluster
IP-stickiness
Resilient (like resilient ECMP)
VIP based L4 load-balancing
NAT (available for EFT/PoC). Allows non-DSR deployments.
Weighted load-balancing
Load-balances to large number of devices/servers
ACL along with redirection and load balancing simultaneously.
Bi-directional flow-coherency. Traffic from A-->B and B-->A goes to same node.
Order of magnitude OPEX savings : reduction in configuration, and ease of deployment
Order of magnitude CAPEX savings : Wiring, Power, Rackspace and Cost savings
The servers/appliances don’t have to be directly connected to N7k
Monitoring the health of servers/appliances.
N + M redundancy.
Automatic failure handling of servers/appliances.
VRF support, vPC support, VDC support
Supported on both Nexus 7000 and Nexus 7700 series.
Supports both IPv4 and IPv6
N5k / N6k support : coming soon
Blog
At a glance
ITD config guide
Email Query or feedback:[email protected]
Similar Messages
-
Resources for designing redundancy and load balancing among data centers
Hello all,
I'm looking for resources for designing redundancy and load balancing between two physically separate data centers. I'm looking for some "best practice" links, tips, or recommendations. Any suggestions are appreciated!
Thanks.I think that we can do per packet load balancing by using CEF.
Please go to the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fswtch_c/swprt1/xcfcefc.htm#xtocid5
Also, you may need local director or distributed director. What resource/application is availalbe in the data centre? (e.g. http server, ftp server, TN3270 server, and so on) -
Reverse Proxy and Load Balancer for SMP 2.3 and Agentry Application
Hi Expert,
I'm putting in place a mobile solution composed by SMP 2.3 SPS 4 and SAP ECC 6.0. In the SMP 2.3 I created the agentry server and I have deployed my agentry application.
My SMP/Agentry infrastructure is composed by two servers therefore I need a load balancer for balance the load into the several servers. Furthermore I need to use a reverse proxy in my DMZ zone.
Based on what indicated in the SAP note "1904213 - SAP Mobile Platform Server Release Information" the Apache Reverse Proxy is not supported for Agentry clients. Agentry uses nginx for Reverse Proxy.
I also found the following document How-to-Guide for Reverse Proxy and Load Balancing in SAP Mobile Platform 3.x that explain how to set-up a reverse proxy and load balancer with nginx and apache.
Both the SAP note and the HOW to document are refereed to SMP 3.0 and not to SMP 2.3.
I would know if the NGINX must be used also for SMP 2.3.
Any suggestion/information is appreciated.
Thanks in advance
g.Please see Agentry Network Landscapes
-
VPN device with dual ISP, fail-over, and load balancing
We currently service a client that has a PIX firewall that connects to multiple, separate outside vendors via IPSEC VPN. The VPN connections are mission critical and if for any reason the VPN device or the internet connection (currently only a T1) goes down, the business goes down too. We're looking for a solution that allows dual-ISP, failover, and load balancing. I see that there are several ASA models as well as the IOS that support this but what I'm confused about is what are the requirements for the other end of the VPN, keeping in mind that the other end will always be an outside vendor and out of our control. Current VPN endpoints for outside vendors are to devices like VPN 3000 Concentrator, Sonicwall, etc. that likely do not support any type of fail-over, trunking, load-balancing. Is this just not possible?
Unless I am mistaken the ASA doesn't do VPN Load Balancing for point-to-point IPSec connections either. What you're really after is opportunistic connection failover, and/or something like DMVPN. Coordinating opportunistic failover shouldn't be too much of an issue with the partners, but be prepared for lot of questions.
-
Difference between Clustering and Load balancing
What is the difference between Clustering and Load balancing?
For example, We use Cisco Arrowpoint to do load balancing and it works fine for 3
Sun solaris boxes/WebLogic 6.1 SP1.
So what is the value addition to buy clustering license?
Thanks
Selvaraj
Hi.
Among other things, clustering allows you to share app data (such as http session
data) across cluster members, allowing you to failover should one cluster member
crash.
If your app is stateless then this doesn't mean much - load balancing alone would
probably be ok for you.
Regards,
Michael
Selvaraji wrote:
> What is the difference between Clustering and Load balancing?
>
> For example, We use Cisco Arrowpoint to do load balancing and it works fine for 3
> Sun solaris boxes/WebLogic 6.1 SP1.
>
> So what is the value addition to buy clustering license?
>
> Thanks
>
> Selvaraj
Michael Young
Developer Relations Engineer
BEA Support
-
Cache and Load Balancing with Oracle APEX Listener
Hi,
I intend to use only HTTP access.
How to implement a Cache and Load Balancing with the Oracle APEX Listener?
Is it possible to do with the the standalone running APEX Listener?
Thanks by advance for any tips/documentation/references.
Kind Regards.Hi,
I think this question is best asked in the APEX Listener forum:
ORDS, SODA & JSON in the Database
Kind regards
Sandro -
Cache and Load Balancing for the Oracle APEX Listener
Hi,
I intend to use only HTTP access.
My database is Oracle 11gR2, SE, 32 bit.
How to implement a Cache and Load Balancing with the Oracle APEX Listener?
Is it possible to do with the the standalone running APEX Listener?
Thanks by advance for any tips/documentation/references.
Kind Regards.Error. To be closed.
-
Cache and Load Balancing for Oracle APEX Listener
Hi,
I intend to use only HTTP access.
The database I use is Oracle11gR2 SE 32bit.
How to implement a Cache and Load Balancing with the Oracle APEX Listener?
Is it possible to do with the the standalone running APEX Listener?
Thanks by advance for any tips/documentation/references.
Kind Regards.Error. To be closed.
-
PIX Redundant Internet Line and Load balancing
I would like to find out if it's possible to configure my Cisco PIX 525 to use a secondary internet line from a different provider and perform load balancing. I'm using PIX Version 6.3(1)
PIX version 6.3 does not support Redundancy and load balancing. but PIX/ ASA with version 7.0 supports Redundancy.
-
What does per Wlan Band select and load balancing do ?
Good morning.....We recently upgraded our controllers from 4.2.185 to 6.0.188 and have noticed many clients having connectivity issues. We have Aggressive load balancing turned off globally but have noticed that band select and load balancing are enabled on the
Wlan. Are these settings mutually exclusive or do they do the same thing ? Does the Wlan setting override the default ? We have noticed that there is
output doing "debug dot11 load-balancing"
Thanx.....DaveI believe we never had load balancing turned on when running 5.2 code. We jumped from 5.2 to 6.x temporarily and then to 7.0 within a 30 day time frame this summer. We're a large university and we had very few users on WiFi during that time.
The Macintosh laptops are having nothing but trouble since school began, and I have gone over everything and found that band select is turned on as well as load balancing. Since band select didn't exist in 5.2 (I believe) I know it wasn't on. As for load balancing, I don't believe it was on, and I discovered it was turned on when recently reviewing our configs.
The Macintosh laptops have been debugged and our Mac gurus tell us they're getting a message that equates to "the AP is busy, or the AP is full". This leads me to believe that load balancing got turned on during the upgrade and we didn't notice, which caused the Macintoshes to have issues.
We don't have any VoWiFi clients so we don't have to support them, and we don't officially support smartphones, either.
I turned off load balancing and will see how it goes....
Thanks! -
ARFC: Single Server and Load Balancing
Hi All,
I am trying to create aRFC model. In SAP logon screen, I can see two tab pages - Single Server and Load Balancing.
Can you please let me know when we have to use which tab?
Thanks
TGSingle Server Connect or Load Balancing connect is completely independend from the location where SAP Gui Client is installed.
Single Server connect means that your are directly connecting to an ABAP Server using hostname and systemnumber you have to provide.
Load Balancing Connect means that you specify the message server of the central instance of an ABAP Server group. The SAPGUI first connects to the message server which will provide the SAPGUI with the information about the best performing ABAP server. SAPGUI will then connect to this ABAP server.
Single Server is suitable for small landscapes with lets say less than 4 application servers. In huger configurations (and those which I know will grow to more than 3 servers)I would prefer to use logon groups - aka Load Balancing.
Peter -
Help to save Vector data into a disk and load it back again
Hi all
I�m still need help to solve the problem of saving vector data object into disk and load it aging whenever I restart the program. I used one central design for the project. The codes below is most important part of the project.
I stored data into vector collection through the GUI. My problem is, where should I put the FileOutputStream and ObjectInputStream in the steps below before the data that I stored in the Vector can be save in a disk and also to be loaded back to the vector when I restart program automatically. Pls I need help. Any assistance will be appreciate
Step1:
import java.io.*;
public class UserP implements Serializable{
private String staffNo;
private String passW;
public UserP(String staffNo,String passW){
this.staffNo= staffNo;
this.passW= passW;
public String getUserCode(){
return staffNo;
public void setPassW(String passW ){
//Use to change user password .
this.passW= passW;
public String getPassW(){
return passW;
Step2:
import java.util.*;
import java.io.*;
public class UserPs implements Serializable{
private Vector pUsers;
public UserPS(){
//initialize collection Object.
this.pUsers= new Vector(10,10);
//Helper method.
private int getIndexFor(String staffNo){
//Find the position index of User in the collection
//Only used by the following method(getPUserFor, Add).
for(int i=0; i< pUsers.size(); i++){
UserP aUserP= (UserP) pUsers.elementAt(i);
if(aUserP.getUserCode().equals(staffNo))
return i;
return -1;
public UserP getPUserFor(String staffNo){
int i= getIndexFor(staffNo);
if(i < 0)
return null;
UserP aUserP= (UserPatient) pUsers.elementAt(i);
return aUserP;
public synchronized UserP add(UserP aUserP){
//add the given prescription object to this collection but only if not already in.
if(aUserP==null)
return null;
if(getIndexFor(aUserP.getUserCode()) >= 0)
return null;
pUsers.addElement(aUserP);
return aUserP;
public Enumeration list(){
//returns the enumeration collection of UserP.
return pUsers.elements();
Step3:
import java.io.*;
//Every UserP has a collection of UserPs,a reference to such
//collection is held by the instance variable 'userPs'.
public class Hosp implements Serializable{
private UserPs userPs;
public Hosp(){
userPs= new UserPs();
public UserPs getUserPs(){
// return a reference to the UserPatients collection
return userPs;
Step4 :
public interface GateKeeper{
public String addUserP(String staffNo,String passW);
public String retrieveAllUserP();
Step5:
import java.util.*;
import java.awt.event.*;
import javax.swing.*;
import java.io.*;
public class GateKeeperImpl implements GateKeeper, Serializable {
private Hosp hosp;
public GateKeeperImpl(){ //CONSTRUCTION
//Make an Hosp.
hosp= new Hosp();
public String addUserPs(String staffNo,String passW){
if(stafNo == null)
return("The staff is required.");
if(passW.equals(""))
return("Password is required.");
UserP userP= new UserP(staffNo,passW);
UserPs uPs =hosp.getUserPs();
UserP collet= uPs.add(userP);
if(collet == null)
return ("This user is already in the collection.");
else
return ("The user has been added to the collection.");
public String retrieveAllUserP(){
UserPs uPs =hosp.getUserPs();
String allUser="User informations:";
Enumeration e= uPs.list();
while(e.hasMoreElements()){
UserP user =(UserP)e.nextElement();
allUser = allUser +"\n"+"\n"+"UserCode:"+user.getUserCode()+" "+" "+"UserPassword:"+user.getPassW()+"\n";
return allUser;
Step 6:
import java.util.*;
import java.awt.event.*;
import javax.swing.*;
import java.io.*;
public class HospFrame1 extends Jframe, implements Serializable {
private GateKeeperImpl gate= new GateKeeperImpl();
private JButton jButton1 = new JButton();
private JButton jButton2 = new JButton();
private JTextField sSfied = new JTextField();
private JTextField pWfied = new JTextField();
//Construct the frame
public HospFrame1() {
//The rest of the code comes here
//The rest of the action method that used to implement also comes here.
Step 7:
import java.util.*;
import java.io.*;
import javax.swing.UIManager;
public class Testing{
public static void main(String[] args) {
try {
UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
catch(Exception e) {
e.printStackTrace();
HospFrame1 hops=new HospFrame1();
try
// to save data to afile
FileOutputStream sFile = new FileOutputStream("theData.dat");
ObjectOutputStream oos = new ObjectOutputStream(sFile);
oos.writeObject(hops);
oos.close();
catch (Exception e){
e.printStackTrace();
try {
//to read data from previous save file
FileInputStream fin = new FileInputStream("theData.dat");
ObjectInputStream yess = new ObjectInputStream(fin);
hops =(HospFrame1) yess.readObject();
yess.close();
catch(Exception e){
e.printStackTrace();Stop multi-posting and cross-posting your questions.
-
Taking the data from interactive forms and load the data into SAP system?
hi all,
I want to know how to take the data from interactive forms and load the data into sap system?
if u have any sample scenario, explain with that.
thanks in advance
RajaHello,
Check the program...
SAPBC480_DEMO.
Check the below threads
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/88e7ea34-0501-0010-95b0-ed14cfbeb85a
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bfbcd790-0201-0010-679d-e36a3c6b89fa
Thanks
Seshu -
Reverse Proxy plug in and Load Balancer Plug in
Hi,
Can anyone please provide me with an example obj.conf file showing how to combine the reverse proxy plug-in and Load Balancer plug-in.
I would like to use the reverse proxy plug in to detect when static content is requested and provide this from the web server. Requests for dynamic content would then be forwarded to an Application server via the Load balancer plug-in. I have found plenty of documentation on how to configure these plug-in separately but nothing on how to combine the two.smiking
reverse proxy plugin - its job is to forward the requests to another server for a specific task. you can use the webserver 7 . it does forward and limited load balancing (using round robin ) based on the number of servers you provide in the configuration. i would say this is a poor man's setup.
load balancer plugin - some app servers like sun java system app server or web logic provide this plugin so that you can effectively use the back end app server
with both these setup, you can <if> constructs to determine which requests need to be forwarded to the back end server.
I wonder, why do you need both - if both of them is designed to do the same thing. -
Web Dispatcher - Reverse Proxy and Load Balancing
I'm finding limited docs on Web Dispatcher with regard to reverse proxy and load balancing. Are you aware of some recent presentations or docs in this area? The info on help.sap.com is not what I'm looking for.
Thanks.Hi,
best thing is that you look at your scenarios and test the web dispatcher against each of it, like:
- SSL
- Portal only
- Web Dynpro ABAP / Java
- BSP
- Different backend systems like SRM, MDM
- Several backends with 1 Web Dispatcher
After getting a list of use cases that you can test quite easily (installation of Web Dispatcher is done fast and can be done on a local PC), you can contact SAP Support and ask them about the specific problems and questions you encountered. This way, you'll get the official answer, sometimes they will even inform you about "secret" parameters and options.
As of the reverse proxy functionality: there are several version of Web Dispatcher available that differ from the functionality offered. The latest version - 7.2 - is the one that offers the most, i.e. allows you to create rewrite rules like Apache.
SAP Note 908097 - SAP Web Dispatcher: Released releases and applying patches
br,
Tobias
Maybe you are looking for
-
I tried to do an update. Was prompted to do a restore and update. I am getting an error message. It will not restore OR update. I have tried all of the troubleshooting and it won't work now!
-
Fire wire ports stopped working
This is pretty weird, even for a Saturday. The fire wire ports on one of my G5's quit working while attached to 2 Western Digital external hard drives. The FW 800 port attached to a 9800xl MicroTek scanner quit too. Proofed all the wires and equipmen
-
Dear sir, Im processing invoice FB-70 for customer DM01 with payment term 0002 (14days cash discount 3%, 30days due date). But when I Process partial incoming payment (F-28) for 3 times in 14 first days, it doesnt deduct cash discount for each times
-
Can't create Exchange users in a new child domain
Hi, i have an Exchange 2010 SP3 ( 1 CAS/Hub + 1 mailbox) server running in a parent domain. Few days ago i've created a new child domain, but i can't create mailbox for users coming from this new child domain. The error message says that i don't have
-
Item Conditions in ISA b2c catalog
Hi, I need to get the item conditions for the porducts in the web catalog and show them in the catalog page in ISA b2c 5.0. Any pointers how to achieve that ! Regards, Kunal