B Cisco Nexus 7000 Series Intelligent Traffic Director Configuration Guide Release 6x - 14 - Fixed

Cisco Nexus 7000 Series NX-OS Intelligent Traffic Director
Configuration Guide, Release 6.x

First Published: April 15, 2014
Last Modified: April 15, 2014
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-32044-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
© 2014 Cisco Systems, Inc. All rights reserved.

CONTENTS
Preface Preface v
Audience v
Document Conventions v
Documentation Feedback vi
Obtaining Documentation and Submitting a Service Request vii
CHAPTER 1 New and Changed Information 1

New and Changed Information 1
CHAPTER 2 Configuring ITD 3

Finding Feature Information 3
Information About ITD 3
ITD Feature Overview 4
Benefits of ITD 4
Scalability of ITD 5
Deployment Modes 6
One-Arm Deployment Mode 6
One-Arm Deployment Mode with VPC 7
Sandwich Deployment Mode 7
Server Load-Balancing Deployment Mode 8
Device Groups 8
Load Balancing 9
Hot Standby 9
Router Access Control Lists 9
Multiple Ingress Interfaces 9
System Health Monitoring 10
Monitor Cluster Node 10
Cisco Nexus 7000 Series NX-OS Intelligent Traffic Director Configuration Guide, Release 6.x
OL-32044-01 iii
Contents
Failaction Reassignment 11
Failaction Reassignment Without a Standby Node 11
Failaction Reassignment with a Standby Node 11
No Failaction Reassignment 12
No Failaction Reassignment with a Probe Configured 12
No Failaction Reassignment without a Probe Configured 12
Licensing Requirements for ITD 12
Prerequisites for ITD 12
Guidelines and Limitations for ITD 12
Configuring ITD 13
Enabling ITD 13
Configuring a Device Group 13
Configuring an ITD Service 14
Verifying the ITD Configuration 16
Warnings and Error Messages for ITD 21
Configuration Examples for ITD 22
Related Documents for ITD 23
Standards for ITD 23
Feature History for ITD 23
iv OL-32044-01
Preface
This preface describes the audience, organization and conventions of the Cisco Nexus 7000 Series NX-OS
Intelligent Traffic Director Configuration Guide. It also provides information on how to obtain related
documentation.
• Audience, page v
• Document Conventions, page v
• Documentation Feedback, page vi
• Obtaining Documentation and Submitting a Service Request, page vii
Audience
This publication is for network administrators who configure and maintain Cisco Nexus devices.
Document Conventions
Command descriptions use the following conventions:
Convention Description
bold Bold text indicates the commands and keywords that you enter literally
as shown.
Italic Italic text indicates arguments for which the user supplies the values.
[x] Square brackets enclose an optional element (keyword or argument).
[x | y] Square brackets enclosing keywords or arguments separated by a vertical

bar indicate an optional choice.
{x | y} Braces enclosing keywords or arguments separated by a vertical bar

indicate a required choice.
OL-32044-01 v
Preface
Documentation Feedback
[x {y | z}] Nested set of square brackets or braces indicate optional or required
choices within optional or required elements. Braces and a vertical bar
within square brackets indicate a required choice within an optional
element.
variable Indicates a variable for which you supply values, in context where italics
cannot be used.
string A nonquoted set of characters. Do not use quotation marks around the
string or the string will include the quotation marks.
Examples use the following conventions:
screen font Terminal sessions and information the switch displays are in screen font.
boldface screen font Information you must enter is in boldface screen font.
italic screen font Arguments for which you supply values are in italic screen font.
<> Nonprinting characters, such as passwords, are in angle brackets.
[] Default responses to system prompts are in square brackets.
!, # An exclamation point (!) or a pound sign (#) at the beginning of a line

of code indicates a comment line.
This document uses the following conventions:
Note Means reader take note. Notes contain helpful suggestions or references to material not covered in the
manual.
Caution Means reader be careful. In this situation, you might do something that could result in equipment damage
or loss of data.
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, please send your comments
to one of the following:
We appreciate your feedback.
vi OL-32044-01
Preface
Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service
request, and gathering additional information, see What's New in Cisco Product Documentation, at: http://
www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.
Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical
documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The
RSS feeds are a free service.
OL-32044-01 vii
Preface
viii OL-32044-01
CHAPTER 1
New and Changed Information
• New and Changed Information, page 1

The table below summarizes the new and changed features for this document and shows the releases in which
each feature is supported. Your software release might not support all the features in this document. For the
latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the
release notes for your software release.
Table 1: New and Changed ITD Features
Feature Description Changed in Release

Intelligent Traffic Director Introduced this feature. 6.2(8)
OL-32044-01 1
2 OL-32044-01
CHAPTER 2
Configuring ITD
This chapter describes how to configure Intelligent Traffic Director (ITD) on the Cisco NX-OS device.
• Finding Feature Information, page 3

• Information About ITD, page 3
• Licensing Requirements for ITD, page 12
• Prerequisites for ITD, page 12
• Guidelines and Limitations for ITD, page 12
• Configuring ITD, page 13
• Verifying the ITD Configuration, page 16
• Warnings and Error Messages for ITD, page 21
• Configuration Examples for ITD, page 22
• Related Documents for ITD, page 23
• Standards for ITD, page 23
• Feature History for ITD, page 23
Finding Feature Information

Your software release might not support all the features documented in this module. For the latest caveats
and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes
for your software release. To find information about the features documented in this module, and to see a list
of the releases in which each feature is supported, see the “New and Changed Information” chapter or the
Feature History table below.
Information About ITD

Intelligent Traffic Director (ITD) is an intelligent, scalable clustering and load-balancing engine that addresses
the performance gap between a multi-terabit switch and gigabit servers and appliances. The ITD architecture
OL-32044-01 3
Configuring ITD
ITD Feature Overview
integrates Layer 2 and Layer 3 switching with Layer 4 to Layer 7 applications for scale and capacity expansion
to serve high-bandwidth applications.
ITD provides adaptive load balancing to distribute traffic to an application cluster. With this feature on the
Cisco Nexus 7000 Series switch, you can deploy servers and appliances from any vendor without a network
or topology upgrade.
ITD Feature Overview

The ITD feature offers the following:
• Multi-terabit solution to load balance traffic at line-rate.
• ASIC based load-balancing.
• Every Cisco Nexus 7000 Series port can be used for load balancing.
• Distributes load to large number of devices/servers.
• No service module or external load-balancer required.
• Simplified configuration and easy to deploy.
• Can be used to redirect traffic to any devices, for example web cache engine or Web Accelerator Engine
(WAE).
• Provides access control along with redirection and load balancing capabilities.
• Provides the capability to create clusters of devices, for example firewalls, Intrusion Prevention System
(IPS), Web Application Firewall (WAF), or Cisco Videoscape Distribution Suite Transparent Caching
(VDS-TC) .
• Supports Virtual IP addresses (VIPs).
• Supports both IPv4 and IPv6.
Benefits of ITD
ITD on the Cisco NX-OS switch enables the following:
• Horizontal scale—groups N servers for linear scaling and capacity expansion.
• Health monitoring of servers.
• Automatic failure detection of links and/or servers.
• Automatic traffic redistribution in case of a failure.
• Hot standby support of N+1 redundancy, with M standby.
• Complete transparency to the end devices.
• No manual configuration or intervention required if a link or server fails.
• The use of heterogeneous types of servers and devices.
• Large number of servers supported.
• Simplified provisioning and ease of deployment.
4 OL-32044-01
Configuring ITD
Scalability of ITD
• No certification, integration, or qualification needed between the devices and the Cisco NX-OS switch.
• The feature does not add any load to the supervisor CPU.
• ITD uses orders of magnitude less hardware TCAM resources than WCCP.
• Handles unlimited number of flows.
Scalability of ITD
The following table shows the scalability for this feature.
Table 2: Scalability of ITD
Parameter Limit
Maximum number of nodes per ITD device group 256
Maximum number of ITD services per VDC 8
Maximum number of ITD services per Nexus 7000 Series switch. 8 x maximum number of VDCs
Maximum number of ingress interfaces per ITD service 512
Maximum number of virtual IP addresses per ITD service 8
Maximum number of probes per ITD service 500
Maximum number of probes per VDC 500
Maximum number of probes per Nexus 7000 Series switch. 500 x maximum number of VDCs
OL-32044-01 5
Configuring ITD
Deployment Modes
Deployment Modes
One-Arm Deployment Mode

You can connect servers to the Cisco NX-OS device in one-arm deployment mode. In this topology, the server
is not in the direct path of client or server traffic, which enables your to plug in a server into the network with
no changes to the existing topology or network.
Figure 1: One-Arm Deployment Mode
6 OL-32044-01
Configuring ITD
Deployment Modes
One-Arm Deployment Mode with VPC

The ITD feature supports an appliance cluster connected to a virtual port channel (vPC). The ITD service runs
on each Cisco NX-OS switch and ITD programs each switch to provide flow coherent traffic passing through
the cluster nodes.
Figure 2: One-Arm Deployment Mode with VPC
Sandwich Deployment Mode

The sandwich deployment mode uses two Cisco NX-OS 7000 Series switches to provide stateful handling of
traffic.
The main requirement in this mode is that both forward and reverse traffic of a flow must go through the same
appliance. Examples include firewalls and load balancer deployments, where traffic between client and server
must flow through the same appliance.
The key features are:
• An ITD service for each network segment—one for outside network and another for inside network.
• An SRC-IP load balancing scheme for the ITD service on the ingress interface for traffic entering outside
network from the internet
OL-32044-01 7
Configuring ITD
Device Groups
• A DST-IP load balancing scheme for the ITD service on the ingress interface for traffic entering inside
the network from servers.
Figure 3: Sandwich Deployment Mode
Server Load-Balancing Deployment Mode

The ITD service can be configured to host a virtual IP (VIP) on a Cisco NX-OS 7000 Series switch. Internet
traffic destined for the VIP will be load balanced to the nodes.
Note You need to configure ITD service similarly on each Cisco NX-OS 7000 Series switch. The ITD service
configuration needs to be done manually on each switch.
Device Groups
The ITD feature supports device groups. When you configure a device group you can specify the following:
• The device group's cluster nodes
• The device group's probe
Note You can map one device group to one ITD service.
8 OL-32044-01
Configuring ITD
Load Balancing
Load Balancing
The ITD feature enables you to configure specific load-balancing options by using the loadbalance command.
The optional keywords for the loadbalance command are as follows:
• buckets—Specifies the number of buckets to create. Buckets must be configured in powers of two. One
or more buckets are mapped to a node in the cluster. If you configure more buckets than the number of
nodes, the buckets are applied in round robin fashion across all the nodes.
• mask-position— Specifies the mask position of the load balancing. This keyword is useful when a
packet classification has to be made based on specific octets or bits of an IP addresses. By default the
system uses the last octet or least significant bits (LSBs) for bucketing. If you prefer to use nondefault
bits/octets, you can use the mask-position keyword to provide the starting point at which bits the traffic
classification is to be made. For example, you can start at the 8th bit for the second octet and the 16th
bit for the third octet of an IP address.
Hot Standby
ITD supports N+1 redundancy where M cluster nodes can act as standby nodes for N active cluster nodes.
When an active node fails, ITD looks for an operational standby node and selects the first available standby
node to replace the failed node. ITD reconfigures the switch to redirect the traffic segment that was originally
headed toward the failed node to the newly active node. The service does not impose any fixed mapping of
standby nodes to active nodes.
When the failed node becomes operational again, it is reinstated as an active node and traffic from the acting
standby node is redirected back to the original node and the standby node reverts to the pool of standby nodes.
When multiple nodes fail, traffic destined to all failed nodes gets redirected to the first available standby node.
Router Access Control Lists

Cisco Nexus 7000 Series devices support router access control lists (RACL) with ITD.
You can configure on the same ingress interface the ITD feature and an RACL together. The resulting RACL,
which is downloaded to the TCAM, is a cross product of the ACL generated by ITD and the user-configured
RACL. The permit and deny statements configured on the RACL are combined with the ACL permits and
redirect entries created by ITD. This helps you to filter and load distribute selected traffic.
For more information on configuring an RACL with ITD, see Configuration Examples for ITD, on page 22.
Multiple Ingress Interfaces

You can configure the ITD service to apply traffic redirection policies on multiple ingress interfaces. This
feature allows you to use a single ITD service to redirect traffic arriving on different interfaces to a group of
nodes. The ingress interface command enables you to configure multiple ingress interfaces.
OL-32044-01 9
Configuring ITD
System Health Monitoring
System Health Monitoring

ITD supports health monitoring functionality to do the following:
• Monitor the health of the cluster node through the configured probe.
• Monitor the state of ingress interface(s).
With health monitoring, the following critical errors are detected and remedied:
• ITD service is shut/no shut or deleted.
• Switch reboot.
• Supervisor switchover.
• In-service software upgrade (ISSU).
• ITD service node failure.
• Ingress interface is down.
Monitor Cluster Node

The ITD health monitoring module periodically monitors cluster nodes to detect any failure and to handle
failure scenarios.
Note IPv6 probes are not supported.
Health of an Interface Connected to a Cluster Node

ITD leverages the IP service level agreement (IP SLA) feature to periodically probe each cluster node. The
probes are sent at a one second frequency and sent simultaneously to all cluster nodes. You can configure the
probe as part of the cluster group configuration. A probe is declared to have failed after retrying three times.
The cluster node state becomes “Failed” and its status becomes “PROBE_FAILED.”
Node Failure Handling
Upon marking a cluster node as down, the ITD performs the following tasks automatically to minimize traffic
disruption and to redistribute the traffic to remaining operational nodes:
• Determines if a standby node is configured to take over from the failed node.
• Identifies the node as a candidate node for traffic handling, if the standby node is operational.
• Redefines the standby node as active for traffic handling, if an operational standby node is available.
• Programs automatically to redistribute traffic from the failed node to the newly active standby node.
10 OL-32044-01
Configuring ITD
Failaction Reassignment
Failaction Reassignment
Failaction for ITD enables traffic on the failed nodes to be reassigned to the first available active node. Once
the failed node comes back, it automatically resumes serving the connections. The failaction command enables
this feature.
When the node is down, the traffic or ACL associated with the node is reassigned to the first active node
found in the configured set of nodes. If the newly reassigned node also fails, traffic is reassigned to the next
available active node. Once the failed node becomes active again, traffic is diverted back to the new node and
resumes serving connections.
Note You must configure probe under an ITD device group, before enabling the failaction feature.
Failaction Reassignment Without a Standby Node

When the node is down, the traffic or ACL associated with the node is reassigned to the first active node
found in the configured set of nodes. If the newly reassigned node also fails, the traffic or ACL is reassigned
to the next available active node. Once the failed node comes back and becomes active, the traffic is diverted
back to the new node and starts serving the connections.
If all the nodes are down, the packets get routed automatically.
• When the node goes down (probe failed), the traffic is reassigned to the first available active node.
• When the node comes up (probe success) from the failed state, it starts handling the connections.
• If all the nodes are down, the packets get routed automatically.
Failaction Reassignment with a Standby Node

When the node is down and if the standby is active, the traffic serves the connections and there is no change
in the bucket assignment. When both the active and standby nodes are down, the traffic or ACL associated
with the node is reassigned to the first active node found in the configured set of nodes. If the newly reassigned
node also fails, the traffic or ACL is reassigned to the next available active node. Once the failed node comes
back up and becomes active, the traffic is diverted back to the new node and begins serving connections.
• When the node goes down (probe failed) and when there is a working standby node, traffic is directed
to the first available standby node.
• When all nodes are down including the standby node, the traffic is reassigned to the first available active
node.
• When the node comes up (probe success) from failed state, the node that came up starts handling the
connections.
• If all the nodes are down, the packets are routed automatically.
OL-32044-01 11
Configuring ITD
Licensing Requirements for ITD
No Failaction Reassignment
When failaction node reassignment is not configured, there are two possible scenarios:
• Scenario 1: Probe configured; and:
◦with standby configured; or
◦without standby configured.
• Scenario 2: No probe configured.
No Failaction Reassignment with a Probe Configured

The ITD probe can detect the node failure or the lack of service reachability.
• If the node fails and a standby is configured, the standby node takes over the connections.
• If the node fails and there is no standby configuration, the traffic gets routed and does not get reassigned,
as failaction is not configured. Once the node recovers, the recovered node starts handling the traffic.
No Failaction Reassignment without a Probe Configured

Without a probe configuration, ITD cannot detect the node failure. When the node is down, ITD does not
reassign or redirect the traffic to an active node.
Licensing Requirements for ITD

ITD requires an Enhanced Layer 2 Package license. For a complete explanation of the Cisco NX-OS licensing
scheme and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide.
Prerequisites for ITD

ITD has the following prerequisites:
• You must enable the ITD feature with the feature itd command.
• The following commands must be configured prior to entering the feature itd command:
• feature pbr
• feature sla sender
Guidelines and Limitations for ITD

ITD has the following configuration guidelines and limitations:
• Virtual IP type and the ITD device group nodes type should be either IPv4 or IPv6, but not both.
12 OL-32044-01
Configuring ITD
Configuring ITD
• You can map one device group to one ITD service.

• Probes are not supported for a device group with IPv6 nodes.
• The failaction command is supported only for IPv4.
Configuring ITD
After the servers are physically connected, the interfaces can be configured on the switch. The server can be
connected to the switch through a routed interface or port-channel.
Enabling ITD
Before You Begin
You must enable the ITD feature before you can configure ITD.
Note Before you configure feature itd you must enter the feature pbr and feature ipsla commands.
SUMMARY STEPS
1. switch# configure terminal

2. switch(config)# feature itd
DETAILED STEPS
Command or Action Purpose

Step 1 switch# configure terminal Enters global configuration mode.
Step 2 switch(config)# feature itd Enables the ITD feature.
Configuring a Device Group

Before You Begin
Enable the ITD feature.
OL-32044-01 13
Configuring ITD
Configuring an ITD Service
SUMMARY STEPS

2. switch(config)# itd device-group name
3. switch(config-device-group)# node ip ipv4-address [mode hot-standby]
4. switch(config-device-group)# probe {icmp | tcp port port-number | udp port port-number} [frequency
seconds] [retry-count number] [timeout seconds]
DETAILED STEPS

Step 2 switch(config)# itd device-group name Creates an ITD device group and enters into device group
configuration mode.
Step 3 switch(config-device-group)# node ip ipv4-address Specifies the cluster nodes for ITD. Repeat this step to specify all
[mode hot-standby] cluster nodes.
To configure IPv6 cluster nodes, use the node ipv6 ipv6-address
[mode hot-standby].
Note An ITD device group can have either IPv4 or IPv6 nodes,
but not both.
Step 4 switch(config-device-group)# probe {icmp | tcp Configures the cluster group service probe.
port port-number | udp port port-number} You can specify the following protocols as the probe for the ITD
[frequency seconds] [retry-count number] service:
[timeout seconds]
• ICMP
• TCP
• UDP
Note IPv6 probes are not

supported.

Before You Begin
Enable the ITD feature.
14 OL-32044-01
Configuring ITD
SUMMARY STEPS

2. switch(config)# itd service-name
3. switch(config-itd)# device-group device-group-name
4. switch(config-itd)# ingress interface interface
5. switch(config-itd)# loadbalance [buckets bucket-number] [mask-position position] [method {src-ip |
dst-ip}]
6. switch(config-itd)# virtual ip ipv4-address ipv4-network-mask [tcp | udp {port-number | any}] [advertise
{enable | disable}]
7. switch(config-itd)# failaction node reassign
8. switch(config-itd)# no shutdown
DETAILED STEPS

Step 2 switch(config)# itd service-name Configures an ITD service and enters into ITD configuration mode.
Step 3 switch(config-itd)# device-group Adds an existing device group to the ITD service. The device-group-name
device-group-name specifies the name of the device group. You can enter up to 32
alphanumeric characters.
Step 4 switch(config-itd)# ingress interface Adds an ingress interface or multiple interfaces to an ITD service.
interface
• Use a comma (“,”) to separate multiple interfaces.
• Use a hyphen (“-”) to separate a range of interfaces.
Step 5 switch(config-itd)# loadbalance [buckets Configures the load-balancing options for the ITD service. The optional
bucket-number] [mask-position position] keywords are as follows:
[method {src-ip | dst-ip}]
• buckets—Specifies the number of buckets to create. Buckets must
be configured in powers of two.
• mask-position— Specifies the mask position of the loadbalance.
• method—Specifies the source IP address or destination IP address
based load/traffic distribution.
Step 6 switch(config-itd)# virtual ip ipv4-address Configures the virtual IPv4 address of the ITD service.
ipv4-network-mask [tcp | udp Note To configure an IPv6 virtual address, use the virtual ipv6
{port-number | any}] [advertise {enable ipv6-address ipv6-network-mask | ipv6-prefix/length} [ip | tcp
| disable}] {port-number | any} | udp {port-number | any}] [advertise
{enable | disable}]
The advertise enable keywords specify that the virtual IP route is
advertised to neighboring devices.
OL-32044-01 15
Configuring ITD
Verifying the ITD Configuration

The tcp, udp, and ip keywords specify that the virtual IP address will
accept flows from the specified protocol.
Step 7 switch(config-itd)# failaction node Enables traffic to be reassigned, following a node failure. The traffic to
reassign the failed node gets reassigned to the first available active node.
Step 8 switch(config-itd)# no shutdown Enables the ITD service.

To display the ITD configuration, perform one of the following tasks:
Command Purpose
show itd [itd-name] [brief] Displays the status and configuration for all or
specified ITD instances.
• Use the itd-name argument to display the status
and configuration for the specific instance.
• Use the brief keyword to display summary
status and configuration information.
show itd statistics [itd-name] [brief] Displays the statistics for ITD instances.
• Use the itd-name argument to display statistics
for the specific instance.
• Use the brief keyword to display summary
information.
Note Before using the show itd statistics

command, you need to enable the statistic
by using the route-map name pbr-statistics
command.
These examples show how to verify the ITD configuration:
switch(config)# show itd
Name Probe LB Scheme Status Buckets

---------- ----- ---------- -------- -------
WEB-SERVERS N/A src-ip ACTIVE 16
Device Group
--------------------------------------------------
IPV6_SERVER_FARM
Route Map Interface Status Track_id
16 OL-32044-01
Configuring ITD
------------------------------ ------------ ------ ---------

WEB-SERVERS_itd_routemap Eth6/13 UP 9
Node IP Config-State Status Track_id Sla_id

--------------------------------------------- ------------ ---------- --------- ---------
1 100:100::100:100 Active OK None None
IP Access List
---------------------------------------------------------------------------
WEB-SERVERS_itd_acl_0

--------------------------------------------- ------------ ---------- --------- ---------
IP Access List
---------------------------------------------------------------------------

--------------------------------------------- ------------ ---------- --------- ---------
IP Access List
---------------------------------------------------------------------------

--------------------------------------------- ------------ ---------- --------- ---------
IP Access List
---------------------------------------------------------------------------

--------------------------------------------- ------------ ---------- --------- ---------
IP Access List
---------------------------------------------------------------------------

--------------------------------------------- ------------ ---------- --------- ---------
6 700:700::700:700 Standby Standby None None
IP Access List
---------------------------------------------------------------------------

--------------------------------------------- ------------ ---------- --------- ---------
OL-32044-01 17
Configuring ITD
IP Access List
---------------------------------------------------------------------------
switch(config)# show itd
Name Probe LB Scheme Status Buckets

---------- ----- ---------- -------- -------
WEB-SERVERS ICMP src-ip ACTIVE 8
Device Group
--------------------------------------------------
IPV4_SERVER_FARM
Route Map Interface Status Track_id

------------------------------ ------------ ------ ---------
WEB-SERVERS_itd_routemap Eth6/13 UP 17

--------------------------------------------- ------------ ---------- --------- ---------
1 10.10.10.10 Active OK 9 10009
IP Access List
---------------------------------------------------------------------------

--------------------------------------------- ------------ ---------- --------- ---------
2 20.20.20.20 Active OK 10 10010
IP Access List
---------------------------------------------------------------------------

--------------------------------------------- ------------ ---------- --------- ---------
3 30.30.30.30 Active OK 11 10011
IP Access List
---------------------------------------------------------------------------

--------------------------------------------- ------------ ---------- --------- ---------
4 40.40.40.40 Standby Standby 12 10012
IP Access List
---------------------------------------------------------------------------

--------------------------------------------- ------------ ---------- --------- ---------
5 50.50.50.50 Active OK 13 10013
IP Access List
---------------------------------------------------------------------------
18 OL-32044-01
Configuring ITD
--------------------------------------------- ------------ ---------- --------- ---------
6 60.60.60.60 Active OK 15 10015
IP Access List
---------------------------------------------------------------------------

--------------------------------------------- ------------ ---------- --------- ---------
7 70.70.70.70 Standby Standby 16 10016
IP Access List
---------------------------------------------------------------------------
switch(config)# show itd brief
Name Probe LB Scheme Interface Status Buckets

---------- ----- ---------- ---------- -------- --------
WEB-SERVERS N/A src-ip Eth6/13 ACTIVE 16
Device Group
--------------------------------------------------
IPV6_SERVER_FARM

------------------------------------------ ------------ ---------- --------- ---------
7 400:400::400:400 Standby Standby
switch(config)# show itd brief
Name Probe LB Scheme Interface Status Buckets

---------- ----- ---------- ---------- -------- --------
WEB-SERVERS ICMP src-ip Eth6/13 ACTIVE 8
Device Group
--------------------------------------------------
IPV4_SERVER_FARM

--------------------------------------------- ------------ ---------- --------- ---------
1 10.10.10.10 Active OK 9 10009

2 20.20.20.20 Active OK 10 10010
3 30.30.30.30 Active OK 11 10011
4 40.40.40.40 Standby Standby 12 10012
5 50.50.50.50 Active OK 13 10013
6 60.60.60.60 Active OK 15 10015
7 70.70.70.70 Standby Standby
switch(config)# show itd statistics
Service Name
--------------------------------------------------------------------
WEB-SERVERS
Device Group
--------------------------------------------------------------------
IPV6_SERVER_FARM
Node IP Packets
----------------------------------------------------- ------------
1 100:100::100:100 1563
OL-32044-01 19
Configuring ITD
IP Access List Packets

----------------------------------------------- ------------
WEB-SERVERS_itd_acl_0 432
Node IP Packets
----------------------------------------------------- ------------
2 200:200::200:200 1200

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
3 300:300::300:300 1200

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
4 500:500::500:500 1200

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
5 600:600::600:600 1201

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
6 700:700::700:700 0

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
7 400:400::400:400 0

----------------------------------------------- ------------
switch(config)# show itd statistics
Service Name
--------------------------------------------------------------------
WEB-SERVERS
Device Group
--------------------------------------------------------------------
IPV4_SERVER_FARM
20 OL-32044-01
Configuring ITD
Warnings and Error Messages for ITD
Node IP Packets
----------------------------------------------------- ------------
1 10.10.10.10 110

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
2 20.20.20.20 101

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
3 30.30.30.30 92

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
4 40.40.40.40 0

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
5 50.50.50.50 32

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
6 60.60.60.60 32

----------------------------------------------- ------------
Node IP Packets
----------------------------------------------------- ------------
7 70.70.70.70 0

----------------------------------------------- ------------
Warnings and Error Messages for ITD

The following warnings and error messages are displayed for ITD:
When you reach the maximum number of configurable nodes, this message is displayed:
Already reached maximum nodes per service
If you configure the same node IP when it is already configured part of an ITD service, this message is
displayed:
This IP is already configured, please try another IP
OL-32044-01 21
Configuring ITD
Configuration Examples for ITD
When you try to change or remove a device group, probe, or ingress interface after the IDT service is enabled,
one of these messages is displayed:
Probe configuration is not allowed, service is enabled
Ingress interface configuration is not allowed, service is enabled
Node configuration is not allowed, service is enabled
If the ITD service is already enabled or disabled, one of these messages is displayed:
In service already enabled case
In service already disabled case
When you try to change the failaction configuration after the ITD service is enabled:
Failaction configuration is not allowed, service is enabled.
Configuration Examples for ITD

This example shows how to configure an ITD device group:
switch(config)# feature itd
switch(config)# itd device-group dg
switch(config-device-group)# node ip 20.20.20.3
switch(config-device-group)# probe icmp
This example shows how to configure a virtual IPv4 address:

switch(config)# itd test
switch(config-itd)# device-group dg
switch(config-itd)# ingress interface Ethernet 4/1-10
switch(config-itd)# virtual ip 4.4.4.4 255.255.0.0 advertise enable tcp any
This example shows how to configure a virtual IPv6 address:

switch(config)# itd test
switch(config-itd)# device-group dg
switch(config-itd)# ingress interface Ethernet 4/1-10
switch(config-itd)# virtual ipv6 ffff:eeee::cccc:eeee dddd:efef::fefe:dddd tcp 10 advertise
enable
This example shows how to configure an RACL with ITD. The user-defined RACL, test, is displayed:
switch(config-itd)# show ip access-lists test
IP access list test

10 permit ip 1.1.1.1/32 2.2.2.2/16
20 permit ip 3.3.3.3/20 4.4.4.4/32
Below is the ITD configuration that has the ingress interface as Eth4/15
itd demo
device-group dg
virtual ip 11.22.33.44 255.255.255.255 tcp any
virtual ip 11.22.33.55 255.255.0.0
virtual ip 11.22.33.66 255.255.255.255 tcp any
ingress interface Eth4/15
no shut
Here we see both the route-map created by ITD and the RACL are both part of the same physical interface
Eth4/15:
interface Ethernet4/15
ip access-group test in
ip policy route-map demo_itd_routemap
no shutdown
22 OL-32044-01
Configuring ITD
Related Documents for ITD
Related Documents for ITD

Related Topic Document Title
Intelligent Traffic Director commands Cisco Nexus 7000 Series NX-OS Intelligent Traffic
Director Command Reference
Standards for ITD

No new or modified standards are supported by this feature, and support for existing standards has not been
modified by this feature.
Feature History for ITD

This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Feature Name Release Feature Information

Intelligent Traffic Director 6.2(8) This feature was introduced.
(ITD)
OL-32044-01 23
Configuring ITD
Feature History for ITD
24 OL-32044-01
INDEX
C H
configuration examples 22 hot standby 9
ITD 22 ITD 9
configuring a device group 13
ITD 13
configuring an ITD service 14
ITD 14
I
information about 3
ITD 3
D ITD 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 21, 22, 23
benefits 4
device groups 8 configuration examples 22
ITD 8 configuring a device group 13
configuring an ITD service 14
device groups 8
enabling 13
E error messages 21
enabling 13 failaction 11
ITD 13 feature history 23
error messages 21 feature overview 4
ITD 21 guidelines and limitations 12
hot standby 9
information about 3
licensing requirements 12
F load-balancing 9
failaction 11, 12 monitor cluster node 10
ITD 11 multiple ingress interfaces 9
no failaction reassignment 12 one-arm deployment 6
reassignment with standby node 11 one-arm deployment with VDC 7
reassignment without standby node 11 prerequisites 12
without failaction reassignment 12 RACL 9
feature history 23 related documents 23
ITD 23 sandwich deployment 7
scalability 5
server load-balancing deployment 8
standards 23
G system health 10
verifying 16
guidelines and limitations 12
ITD 12
OL-32044-01 IN-1
Index
L R
licensing requirements 12 RACL 9
ITD 12 ITD 9
load-balancing 9 related documents 23
ITD 9 ITD 23
M S
monitor cluster modes 10 sandwich deployment 7
ITD 10 ITD 7
multiple ingress interfaces 9 scalability 5
ITD 9 ITD 5
server load-balancing deployment 8
ITD 8
standards 23
O ITD 23
one-arm deployment 6 system health monitoring 10
ITD 6 ITD 10
one-arm deployment with VDC 7
ITD 7
V
verifying 16
P ITD 16
prerequisities 12
ITD 12
IN-2 OL-32044-01

B Cisco Nexus 7000 Series Intelligent Traffic Director Configuration Guide Release 6x - 14 - Fixed

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

B Cisco Nexus 7000 Series Intelligent Traffic Director Configuration Guide Release 6x - 14 - Fixed

Hochgeladen von

Copyright:

Verfügbare Formate

Cisco Nexus 7000 Series NX-OS Intelligent Traffic Director

Configuration Guide, Release 6.x

Text Part Number: OL-32044-01

© 2014 Cisco Systems, Inc. All rights reserved.

CHAPTER 1 New and Changed Information 1

CHAPTER 2 Configuring ITD 3

[x] Square brackets enclose an optional element (keyword or argument).

[x | y] Square brackets enclosing keywords or arguments separated by a vertical

{x | y} Braces enclosing keywords or arguments separated by a vertical bar

Examples use the following conventions:

<> Nonprinting characters, such as passwords, are in angle brackets.

[] Default responses to system prompts are in square brackets.

!, # An exclamation point (!) or a pound sign (#) at the beginning of a line

This document uses the following conventions:

Obtaining Documentation and Submitting a Service Request

New and Changed Information

Table 1: New and Changed ITD Features

Feature Description Changed in Release

• Finding Feature Information, page 3

Finding Feature Information

Information About ITD

ITD Feature Overview

Table 2: Scalability of ITD

Maximum number of ITD services per VDC 8

Maximum number of ingress interfaces per ITD service 512

Maximum number of virtual IP addresses per ITD service 8

Maximum number of probes per ITD service 500

Maximum number of probes per VDC 500

One-Arm Deployment Mode

Figure 1: One-Arm Deployment Mode

One-Arm Deployment Mode with VPC

Figure 2: One-Arm Deployment Mode with VPC

Sandwich Deployment Mode

Figure 3: Sandwich Deployment Mode

Server Load-Balancing Deployment Mode

Router Access Control Lists

Multiple Ingress Interfaces

System Health Monitoring

Monitor Cluster Node

Note IPv6 probes are not supported.

Health of an Interface Connected to a Cluster Node

Failaction Reassignment Without a Standby Node

Failaction Reassignment with a Standby Node

• Scenario 2: No probe configured.

No Failaction Reassignment with a Probe Configured

No Failaction Reassignment without a Probe Configured

Licensing Requirements for ITD

Prerequisites for ITD

Guidelines and Limitations for ITD

• You can map one device group to one ITD service.

1. switch# configure terminal

Command or Action Purpose

Step 2 switch(config)# feature itd Enables the ITD feature.

Configuring a Device Group

1. switch# configure terminal

Command or Action Purpose

Note IPv6 probes are not

Configuring an ITD Service

1. switch# configure terminal

Command or Action Purpose

Command or Action Purpose

Step 8 switch(config-itd)# no shutdown Enables the ITD service.

Verifying the ITD Configuration