Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3495
Views
0
Helpful
2
Replies

WAAS on Nexus - ITD, PBR?

Aaron Harrison
VIP Alumni
VIP Alumni

‎09-11-2017 01:17 AM - edited ‎03-01-2019 09:31 AM

Hi

We currently have a pair of WAVE694s with AppNav controllers, and a futher two 694s as WAAS engines all in a single AppNav cluster. These are connected to some 3750x switches which use WCCP to divert traffic.

I'm looking at a Nexus based design for a new DC, and wondering what the best practice is for integrating WAAS with these switches - Nexus 9504 core, with some Nexus 9372s.

I've seen reference to using ITD with WAAS, but no specific detail - like here: https://blogs.cisco.com/enterprise/itd-intelligent-traffic-director

- Has anyone deployed ITD for WAAS? 

- Is it a 'TAC supported' solution?

- What are other options on Nexus 9k - presumably just PBR? 

Thanks!

Aaron

 

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
5 people had this problem
Labels:
0 Helpful
2 Replies 2

lauresfrank
Level 1
Level 1

‎01-20-2020 01:31 PM

Hello!

Yes, same question here. We have 2x N9K-C93180LC-EX as DC Core with 7.0(3)I7(7) and WAAS WAE-694 with 6.4.3d software.

As DC-Core does not support WCCP, it looks like we need to go with ITD. 

 

Will it work according to the config guide example Configuration Example: ITD as WCCP Replacement (Web-Proxy Deployment Mode)? Or anyone has an example config?

 

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/itd/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Intelligent_Traffic_Director_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Intelligent_Traffic_Director_Config... 

 

1.PNG

 

Thank you.

 

0 Helpful

lauresfrank
Level 1
Level 1
In response to lauresfrank

‎01-22-2020 06:32 AM - edited ‎01-22-2020 06:37 AM

Should look something like this but I am not sure.

 

! Send through WAE to remote sites
ip access-list ITD-LAN-TO-WAN
 permit tcp any 10.100.16.0 0.0.0.255

! Dont send through WAE to remote sites
ip access-list ITD-LAN-TO-WAN-EXCLUDE
 permit tcp 10.100.43.0 255.255.255.7 any

! Send through WAE from remote sites
ip access-list ITD-WAN-TO-LAN
 permit tcp 10.100.16.0 0.0.0.255 any

! Dont Send through WAE from remote sites
ip access-list ITD-WAN-TO-LAN-EXCLUDE
 permit tcp any 10.100.43.0 255.255.255.7 

!
itd device-group ITD-WAAS-GROUP
  probe icmp timeout 2
  node ip 10.100.43.2 
  node ip 10.100.43.3 

!
Itd ITD-WAAS-SERVICE-LAN-TO-WAN
  device-group ITD-WAAS-GROUP
  exclude access-list ITD-LAN-TO-WAN-EXCLUDE
  access-list ITD-LAN-TO-WAN
  ingress interface vlan 100, vlan 101 !!Server VLANs. Make sure WAE-IP VLAN is not included (loop).
  failaction node reassign 
  load-balance method src ip bucket 4
  no shutdown

!
Itd ITD-WAAS-SERVICE-WAN-TO-LAN	
  device-group ITD-WAAS-GROUP   
  access-list ITD-WAN-TO-LAN	 
  exclude access-list ITD-WAN-TO-LAN-EXCLUDE
  ingress interface Vlan 400 !! WAN facing VLAN
  failaction node reassign 
  load-balance method dst ip bucket 4
  no shutdown
!

 

0 Helpful
Customers Also Viewed These Support Documents