Nexus Intelligent Traffic Director

I have a few questions about Nexus ITD.
1. Can I have ITD running on multiple Nexus 7000 chassis at multiple data centers all active? Seems like I could since it is stateless, but this does raise other questions (see below).
2. Does ITD provide true connection stickiness, and if so, does it provide it across multiple active ITD? Not sure how this can be done with ITD being stateless. Sending a user's traffic to the same server for the current and any new connections for a certain duration is very common. Is it assumed that apps should now be stateless as well?
3. How does the 'advertise enable' option advertise to neighbors (what is considered a neighbor... IGP peer, another ITD...? Is the VIP injected into IGP or is there an ITD protocol that is used between ITD enabled devices?
There's not a lot of information on this feature right now. I appreciate any input.

Found the answer for question 3. With the advertise keyword, a static route is created that can be injected into a routing protocol. I believe it only creates the static route if the service is healthy also.

Similar Messages

  • Traffic shaping for each user

    Hello!
    I want to limit bandwidth to users. Each user must have own speed. For each user I define class-map and policy-map. But I have many users (above 500), but class-map limits 256 :(. How I can resolve my problem?
    My config for only 2 users:
    ip access-list extended u_2175_a
    permit ip any 10.10.10.1 0.0.0.0
    class-map u_2175
    match access-group name u_2175_a
    ip access-list extended u_2204_a
    permit ip any 10.10.10.2 0.0.0.0
    class-map u_2204
    match access-group name u_2204_a
    policy-map UNLIM_USERS
    class u_2175
    shape peak 256000
    class u_2204
    shape peak 512000
    Policy UNLIM_USERS applies to interface.
    Cisco 7200 NPE G2

    You can resolve your issues through enable intelligent traffic control to condition or applications for traffic rate limiting ie NBAR and Rate-limiting / CAR:
    You can designate CAR rate-limiting policies based on physical port, packet classification, IP address, MAC address, application flow, and other criteria specifiable by access lists or extended access lists. CAR rate limits may be implemented either on input or output interfaces or subinterfaces including Frame Relay and ATM subinterfaces.
    An example of use of CAR's rate-limiting capability is application-based rates limiting HTTP World Wide Web traffic to 50 percent of link bandwidth, which ensures capacity for non-Web traffic including mission-critical applications

  • Collapsed Data Center Tier - Best Practice

    Hey guys,
    I'm working with a company who's doing a Data Center build-out. This is not a huge build out and I don't believe I really need a 2 tier design (access, core/aggregation). I'm looking for a 1 tier design. I say this because they only really have one rack of hosts - and we are not connected to a WAN or campus network - we are a dev shop (albeit a pretty damn big dev shop) who hosts internet sites and web applications to the public. 
    My network design relies heavily on VRF's. I treat every web application published to the internet as it's town "tenant" with one leaked route which is my managment network so I have any management servers ( continues deployment, monitoring, etc...) sitting in this subnet that is leaked. Each VRF has their own route to a virtual firewall context of their own and out to the internet. 
    Right now we are in a managed datacenter. I'm going to be building out their own switching environment utilizing the above design and moving away from the managed data center. That being said I need to pick the correct switches for this 1 tier design. I need a good amount of 10gbe port density (124 ports minimum). I was thinking about going with 4 5672UP or 4 C3064TQ-10GT - these will work as both my access and core (about 61 servers, one fiber uplink to my corporate network, and one fiber uplink to a firewall running multiple device contexts via multiple vlans) 
    That being said - With the use of VRFs, VLAN, and MP-BGP (used to leak my routes) what is the best redundancy topology for this design. If I was using catalyst 6500's I would do VSS and be done with it - but I don't believe vPC on the nexus switches traffic and is really more for a two tier model (vPC on two cores, aggregation/access switch connects up to both cores but it looks like one.) What I need to accomplish sounds to me that I'm going to be doing this the old fashion way , running a port channel between each switch, and hopefully using a non STP method to avoid loops. 
    Am I left with any other options? 

    ISP comes into the collapsed core after a router. A specific firewall interface (firewall is in multi context mode) sits on the "outside" vlan specific to each VRF. 

  • SOA 12C Enterprise Deployment - Clustered

    We are currently implementing 12c with OSB(Oracle Service Bus), OTD (Oracle Traffic Director) and SOA
    AS you can imagine the build has a number of SOA composites.
    IN our Test and Production environments, we have 2 nodes per cluster, and we have separate OSB and SOA clusters. We also make use of MDS
    Now to set the scene, a number of our SOA composites call other down stream composites.
    As an example a payment composite may call a create customer composite as part of its process.
    The way we have configured this all is the SOA Composites point to MDS, and the WSDL (Endpoint URL) contains the URL for the second service.
    We currently have a situation where if a service is called on Node1, it will always call the downstream services on Node1 due to the fact that the MDS wsdl has the NODE1 endpoint Url Hard coded.
    Obviously this does not make sense in a clustered environment, as such i am seeking assistance from the community on what the best practice is in this situation.
    Our current thoughts are
         1) Have the MDS wsdls point at a load balacer (potentially OTD or some other LBR) which will then distribute the traffic down stream
         2) Have the SOA composites point at an OSB proxy, which does load balancing to the downstream SOA composites
         3) Somehow configure the MDS wsdls to have the end points generate dynamically at run time (hopefully this will then automatigically distribute the load)
    Any advice is welcome

    I think what you're looking for is "callback url"(in enterprise manager) and "frontend host/port" (in weblogic console -> cluster -> http tab).
    hope it helps

  • AEBS causing earthlink Zyxel modem to loose DSL connection

    I hooked up my new AEBS n two weeks ago and I am having problems keeping connected to the internet. DLS and Internet light go off on Zyxel P-600 modem randomly. When I connect to the internet, via ethernet, no problems. I used to have a airport express hooked up to the modem and had no problems with dropping the DSL connection. Earthlink seem to think the AEBSn is causing the problem. Can you help?

    Hello again fleabee,
    So sorry it's taken me so long to get back here and update my last post. I wanted to wait a few weeks to see if my new configuration with the Netopia router would really make a difference, and then I just got really busy.
    Anyway, I'm happy to report that my wireless connection is MUCH more stable since switching away from the Zyxel to the Netopia. It is also important that you configure your Airport Express (or did you say you have the Extreme?) to be a 'bridge' letting your modem/router be the primary 'traffic director', if you will. Otherwise the two devices--your AE and the modem--will fight each other. I can try and retrace my steps on how to do this, or I'd suggest going to the genius bar at any Apple store if you no longer have AppleCare phone support. Please let me know if you need me to retrace.
    To get a new Netopia modem from Earthlink, you can simply call as I did and request it saying your Zyxel isn't cutting it any more for you or that it died, whatever. They should upgrade you for free as they did me.
    Oh, I also had to play around for a while to find a better location in my apt. for the AE. There are a LOT of wireless devices in my neighborhood apparently competing for the same airspace and that was also causing my wireless connection to suffer.
    Lastly, if you can afford to upgrade to Leopard, I highly recommend you do so. Leopard along with Apple's first patch 10.5.1 really have helped with stability of everything. Hope all this helps. Good Luck!

  • Is there an NXOS command to check to see if traffic is being dropped from traversing a Nexus vPC link?

    Is there an NXOS command to check to see if traffic is being dropped from traversing a Nexus vPC link?

    iTunes 11 seems to shuffle just fine for me.
    You can restore much of the look & feel of the previous version with these shortcuts:
    Ctrl-B to turn on the menu bar.
    Ctrl-S to turn on the sidebar (your device should be listed here as before).
    Ctrl-/ to turn on the status bar.
    Click the magnifying glass top right and untick Search Entire Library to restore the old search behaviour.
    If you want to roll back to iTunes 10.7 first download a copy of the 32 bit installer or 64 bit installer as appropriate, uninstall iTunes and suppporting software, i.e. Apple Application Support & Apple Mobile Device Support. Reboot. Restore the pre-upgrade version of your library database as per the diagram below, then install iTunes 10.7.
    See iTunes Folder Watch for a tool to scan the media folder and catch up with any changes made since the backup file was created.
    tt2

  • Is Cisco Nexus 5596UP support vlan base Policing and traffic shaping on code NX OS version: 5.1(3)N1(1)

    Is Cisco Nexus 5596UP support vlan base Policing and traffic shaping on code NX OS version: 5.1(3)N1(1)
    where i couldn't see any police command under the policy map 

    I have tested this issue on another 5548UP with L3 running the same NX-OS version and get the same problem. Show CDP from the switch is not discovering devices, but the neightbors can see the 5K in question. Reboot sometimes will fix it, but not always. I suspect a problem with the software since that doesn't happen in NX-OS 5.2. The one I am using is
    Software
      BIOS:      version 3.6.0
      loader:    version N/A
      kickstart: version 5.1(3)N2(1)
      system:    version 5.1(3)N2(1)

  • Nexus 5548 - VM Traffic through Nexus failed

    Hi guys,
    I am having a Nexus switching problem in a data center.
    VM traffic failed through the nexus switches, i run a ping test and the test is fail and back to success after few minutes, after a minute of success ping it is fail again.
    Also when the nexus don't reach the tacacs this indicate us that we lose the VMs.
    The issue affect the virtual servers and does not affect other servers. The virtual machine is VMWare with ESX and Vcenter.
    Please look at the attach topology:
    The issue happen in MST Region X.
    We tried to disconnect MST Region Y and the issue is remain the same.
    The 2 6500 switches in the bottom of the diagram runs GLBP for servers' default gateway.
    Also, there is some downstream switches that connected to the 6500 switches and not apear in the diagram.
    I found a workaround - If i configure on one of the 6500 in MST Region X on Port-channel 1 spanning-tree mst 0-1 cost 20 the issue is solved.
    ESX server connectivity architecture:
    6 nics. 2 for management and vmotion, 2 for NFS traffic, 2 for VM traffic.
    Management and vmotion couple are configured as a team where one of the nics is primary for management and the second is primary for vmotion.
    The NFS couple are configured the same.
    The 2 nics configured for VM traffic are configured as active active.
    Mode of connection: all connections are trunk.
    Someone?

    Hi,
    Finally, we found the problem.
    We configure on the 6500's links - mtu 9216.
    The VMs was disconnect cause the NFS generates jumbo frames.
    Thanks a lot.

  • Could my nexus be slowing down UDP traffic?

    I have a pair of 5010 switches. On the switch is an OpenVPN server (That can operate in UDP or TCP mode) and a Juniper VPN appliance. We experience the same problem with both VPNs.
    We connect to this VPN to access secure network segments, it's all high speed 1GB+ local area network.
    How to produce the problem:
    * Connect to either VPN in UDP mode.
    * Start pinging a a machine through the VPN.
    * Copy a large file from workstation to another server behind VPN.
         * Watch pings go from 1ms to 50-125ms, including MANY dropped packets. (Probably 5-10 percent loss)
         * CPU utilization on the OpenVPN server is low, about 20 percent.
         * File transfer speed is ~5 to 6 mb/sec.
    Now, switch OpenVPN over to TCP mode (which I would expect to be much slower, especially on high speed reliable networks) and repeat.
         * Ping times stay sub 12ms and there are no dropped packets.
         * CPU on OpenVPN box is 100 percent.
         * File transfer speed.... 22 mb/sec!
    I haven't taken the time to switch the Juniper VPN to TCP mode, it's kind of time consuming and I'd rather skip it.
    My firewall doesn't indicate anything abnormal or special going on and I want to rule out the Nexus if I can. 
    EDIT: Don't know if this stuff matters, I'm not an expert, but I wanted to include it here.
    class-map type qos class-fcoeclass-map type queuing class-all-flood  match qos-group 2class-map type queuing class-ip-multicast  match qos-group 2class-map type network-qos class-all-flood  match qos-group 2class-map type network-qos class-ip-multicast  match qos-group 2

    These commands are default QOS commands on all Nexus devices and don't have anything to do with slowness you are encountering.
    HTH

  • Vpc bind-vrf on Nexus 7000/N7k to ensure forwarding of multicast traffic over peer-link?

    In previous vPC setups with N5k (or also N6k), I had to use the 'vpc bind-vrf' command to ensure the forwarding of multicast over the vpc peer-link, especially for receivers in in non-vPC VLANs and the receivers connected to Layer 3 interfaces.
    I am wondering why this command isn't available on N7k? Isn't this necessary on this platform or is it just not yet implemented?
    Any hint is welcome!
    Stephan Strack

    Hey Stephan,
    The 'vpc bind-vrf' command allocates a special internal VLAN for routing traffic over the vPC peer-link to ensure L3 connections on the vPC peer or orphan ports successfully receive multicast traffic on N5k/N6k platforms.  This workaround is not needed on the N7K because that platform implements the vPC loop prevention rule differently in hardware.
    In short, 'vpc bind-vrf' is not required on N7K.
    -Andy

  • Nexus 5548 and Define static route to forward traffic to Catalyst 4500

    Dear Experts,
    Need your technical assistance for the Static routing in between Nexus 5548 and Catalyst 4500.
    Further I connected both Nexus 5548 with Catalyst 4500 as individual trunk ports because there is HSRP on Catalyst 4500. So I just took 1 port from each nexus 5548, make it trunk with the Core Switch (Also make trunk from each Switch each port). Change the speed on Nexus to 1000 because other side on Catalyst 4500 line card is 1G RJ45.
    *Here is the Config on Nexus 5548 to make port a Trunk:*
    N5548-A/ N5548-B
    Interface Ethernet1/3
    Switchport mode trunk
    Speed 1000
    Added the static route on both nexus for Core HSRP IP: *ip route 0.0.0.0/0 10.10.150.39 (Virtual HSRP IP )*
    But I could not able to ping from N5548 Console to core Switch IP of HSRP? Is there any further configuration to enable routing or ping?
    Pleas suggest

    Hello,
    Please see attached config for both Nexus 5548. I dont have Catalyst 4500 but below is simple config what I applied:
    Both Catalyst 4500
    interface gig 3/48
    switchport mode trunk
    switchport trunk encap dot1q
    On Nexus 5548 Port 1/3 is trunk
    Thanks,
    Jehan

  • Cisco UCS Director vs Cisco Intelligent Automation for cloud

    I am new to cloud automation and private/public cloud solutions, and Im exploring what solutions Cisco has to offer.
    What are the differences between these two solutions? What are the different use case scenarios?
    I appreciate any feedback, Thanks,

    Hello Sandeep,
    Follwing  are key high point of UCSD or are better than what other vendors are  providing.
    1) Enable Automation & Self Service through Workflows,  Triggers, & Tasks.
    2) Lifecycle Management Controls.
    3)  Automated adaptive provisioning.
    4) Multi-tenant Security
    5)  Single pane of glass for continuous capacity monitoring.
    6)  Chargeback.
    7) Orchestrator & workflow designer.
    8 )CloudSense Analytics.
    9) Multi-hypervisor support.
    10) Multi-cloud  support.
    Regards,
    Shahzad

  • I have v1.2 on my nexus 4, and the update function doesn't seem to be working. What is the app.update.url I should point my phone to?

    I select 'check for updates' and it will not display anything other than 'checking for updates...' below the button. I do not see any internet traffic in the status bar as it does this. Also, I have left it to 'check for updates' all night, to no avail. Any definitive answers would be great. 'https://update.boot2gecko.org/beta/update.xml' doesn't work and neither does 'https://aus3.mozilla.org/update/3/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VERSION%/%DISTRIBUTION%/%DISTRIBUTION_VERSION%/update.xml'
    I have searched extensively to find where the update channels are located and those, and variants like them, proffer no changes in my situation.
    I am starting to wonder if it is the program responsible for checking for updates, or if it is the build for nexus-4 that is having the issue.
    Another question that would help in my search to resolve this issue is, does anyone know what program is responsible for checking for these updates?
    All help is appreciated, and thank you in advance.

    I have since changed my build to master, but this time without using mozilla-central as my gecko path. I have had no issues so far with the stability of the master branch, as I did in the past with mozilla-central as the gecko path.
    After having done this, and restoring my /data/local and /data/b2g directories, I am now recieving updates. At least, it updated my marketplace after booting for the first time. Also, I am no longer getting the check now stuck at 'checking for updates...'.
    So, I am going to call this solved with changing to master, without using my .userconfig. Further, using Michelle's input, I will periodically git pull, repo update, and reconfigure, build, and flash the master branch.
    Thank you all for the help.

  • Cisco Nexus 1000v VXLAN don't work

    Hi to all,
    I configured VXLAN configuration by the book (Cisco Nexus 1000V VXLAN Configuration Guide, Release 4.2(1)SV1(5.1)), but there is some problem.
    There are two ESXs with four VMs (two VMs on each ESX). Each VM has one NIC and that NIC is assigned to a port-profile configured for same VXLAN bridge-domain access. There is connectivity between VMs on same ESX but there is no connectivity between VMs hosted on different ESXs. In other words, L2 connectivity works between VMs on same ESX but not between VMs on different ESXs.
    Nexus 1000V VSM is installed on Nexus 1010 Appliance and manages two VEMs through L3 control interfaces.
    VSM version is 4.2(1)SV1(5.1) and VEM feature level is 4.2(1)SV1(5.1).
    Bridge-domain is VXLAN-5001 with segment id 5001 and group address 239.1.1.1
    Port-profile for VMK VXLAN interface is properly configured for access to VLAN 588 ("transport" VLAN for VXLAN) and capability vxlan.
    VLAN 588 is allowed on all uplinks on both sides (Nexus and physical switch).
    Port profile for VMs if properly configured for access to bridge-domain.
    I was create a monitor session for VLAN 588 on upstrean switch (Cisco 6513 with 12.2(18)SXF14 IOS) and  did't see any multicast, unicast or any other traffic. According to documentation, first I shuld to see IGMP join, after that multicast and after that unicast traffic between two VMK interfaces.
    Here is MAC address table for bridge-domain VXLAN-5001:
    Nexus1000V-VSM-1# sh mac address-table bridge-domain VXLAN-5001
    Bridge-domain: VXLAN-5001
              MAC Address       Type    Age       Port            IP Address     Mod
    --------------------------+-------+---------+---------------+---------------+---
              0050.56a3.0009    static  0         Veth6           0.0.0.0         3 
              0050.56a3.000a    static  0         Veth7           0.0.0.0         3 
              0050.56a3.0007    static  0         Veth4           0.0.0.0         4 
              0050.56a3.0008    static  0         Veth5           0.0.0.0         4 
    Total MAC Addresses: 4
    As you can see, there is no proper destination IP addresses.
    Can somebody help me?

    Good hint, but it seems that is not the problem...
    Cat ports connecting VEMs support jumbo frames and their MTU is set to 9216B.
    I saw that MTU on Ethernet interfaces of VEMs is set to 1500B, I changed uplink port-profile and set MTU to first to 1550B, and after that to 9000B (max), but thing still isn't working.
    I'm not using vCloud director, just VMware vSphere 4.1 (vCenter Server with VUM, vCenter Client and two ESX hosts).
    Message was edited by: Mate Grbavac
    After little research I found something strange... I setted up SVI on Cat in Vlan 588 ("transport" VLAN for VXLAN) and when I ping VMKernel interface (with capabilitiy vxlan) with packet size more than 1500B and df bit set I have no reply. My Cat ports and UpLink port profiles are configured for jumbo frames. Is it possible to change MTU of VMKernel interface?

  • Routing issue in Nexus 7009 due to vPC or hsrp

    we have two site's, on first site we have two nexus 7009 switches (Nexus A  & Nexus B)  and other site is remote site having two 6500 switches. (design attached)
    we are using hsrp on nexus switches and Active is Nexus A for all vlan’s 
    From one of my remote site user's (user's are in vlan 30 ) are not able to communicate with  nexus site vlan 20 specially if host in vlan 20 take forwarding path from nexus switch B,
    I can ping the vlan 20 both physical address's and gateway (vlan 20 configured in both nexus switch and using HSRP) from vlan 30 which configured on remote site 6500 switch
    ospf with area 0 is the  routing protocol running between both site.
    vlan 10 we are using as a management  vlan on both nexus switch  that building neighbore ship with WAN router, it's means wan router have two neighbors nexus A and nexus B, but nexus B building the neigbhorship via a Nexus A because from WAN router we have single link which is terminated on Nexus A,
    there is one layer 2 switch between nexus A and WAN router, nexus A site that switch port in vPC because we are planning to pull second link later to nexus B.
    All user's are connected with edge switch and edge switch have a redundant uplink to nexus A and B with vPC configured
    After troubleshooting we observe that if user in vlan 20 wants to communicate with vlan 30 (remote site), traffic is taking Nexus B is forwarding path, then gets drops.
    I run the tracert from pc its showing route till SVI on Nexus B  after that seems packets not finding route.  Even vlan 30 routes are available in the routing table of Nexus B. we don’t have any access-list and Firewall between this path.

    Hi,
    I suspect in your scenario that traffic is being dropped due to the characteristics of vPC, the routing table on Nexus-B may reflect the next-hop address for the destination IP, however if that next-hop address is the address of the Nexus-A off of VLAN 20 then it will be forwarded across the vPC peer-link, this breaks the convention.
    When you attach a Layer 3 device to a vPC domain, the peering of routing protocols using a VLAN also carried on the vPC peer-link is not supported. If routing protocol adjacencies are needed between vPC peer devices and a generic Layer 3 device, you must use physical routed interfaces for the interconnection.
    You can configure VLAN Interfaces for Layer 3 connectivity on the vPC peer devices to link to Layer 3 of the network for such applications as HSRP and PIM. However, Cisco recommend that you configure a separate Layer 3 link for routing from the vPC peer devices, rather than using a VLAN network interface for this purpose.
    Take a look at the following URL, this article helps to explain the characteristics of vPC and routing over the peer-link:
    http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/
    Regards
    Allan.
    Hope you find this is helpful.
    Sent from Cisco Technical Support iPad App

Maybe you are looking for