Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
829
Views
0
Helpful
2
Replies

Data Centre Interconnection - firewall and load balancer deployment

guerinp
Level 1
Level 1

‎08-04-2011 08:28 AM - edited ‎03-01-2019 06:58 AM

Hi all,

I've read lots of Cisco docs/white papers on DCI - Layer 2 extension between DCs, but as yet I cannot find any decent information on how best to deploy firewalls and load balancers in such a design. I've seen refs to FHRP isolation on Nexus 7k (and possible 6k if you use DCI block) but nothing on the services elements.

The services element seems to be a complete minefield here:

- active/standby across sites, or deploy resilient pairs in each site?

- how to align optimal traffic flows inbound and ooutbound (RHI, SNAT, etc.)

- best practice suggestions ideally.

Cisco DCI docs seem to always gloss over the fact that most customers would have to deal with firewalls and load balancers here, and simply refer to 'coming soon' for that info.

If anyone has any good suggestions/links to docs explaining detailed implementation info would be much appreciate

Thanks

Phil

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎08-04-2011 08:32 AM

Phil-

By no means am I an expert here, but I believe that a Global Site Selector is what Cisco wants you to use. If you make both DC's active then you can leverage all resources and control who goes where with the GSS. Hope that little bit of info helps.

0 Helpful

pukumar2
Level 1
Level 1

‎09-17-2014 10:41 PM

You might want to check out this new product called ITD.

Simple and faster solution:

ITD provides :

  1. ASIC based multi-terabit/s L3/L4 load-balancing at line-rate
  2. No service module or external L3/L4 load-balancer needed. Every N7k port can be used as load-balancer.
  3. Redirect line-rate traffic to any devices, for example web cache engines, Web Accelerator Engines (WAE), video-caches, etc.
  4. Capability to create clusters of devices, for example, Firewalls, Intrusion Prevention System (IPS), or Web Application Firewall (WAF), Hadoop cluster
  5. IP-stickiness
  6. Resilient (like resilient ECMP)
  7. VIP based L4 load-balancing
  8. NAT (available for EFT/PoC). Allows non-DSR deployments.
  9. Weighted load-balancing
  10. Load-balances to large number of devices/servers
  11. ACL along with redirection and load balancing simultaneously.
  12. Bi-directional flow-coherency. Traffic from A-->B and B-->A goes to same node.
  13. Order of magnitude OPEX savings : reduction in configuration, and ease of deployment
  14. Order of magnitude CAPEX savings : Wiring, Power, Rackspace and Cost savings
  15. The servers/appliances don’t have to be directly connected to N7k
  16. Monitoring the health of servers/appliances.
  17. N + M redundancy.
  18. Automatic failure handling of servers/appliances.
  19. VRF support, vPC support, VDC support
  20. Supported on both Nexus 7000 and Nexus 7700 series.
  21. Supports both IPv4 and IPv6
  22. N5k / N6k support : coming soon


Blog

At a glance

ITD config guide

Email Query or feedback:ask-itd@external.cisco.com

0 Helpful
Customers Also Viewed These Support Documents