Sunday, 20 October 2019

Future Proof SANs with Enhanced Performance, Analytics, and Automation

Cisco introduced the MDS 9700 Switches in 2013 as the foundation for next-generation data centers transitioning to flash storage – now deployed in over 80% of our customer environments. Non-volatile memory express (NVMe) technology played a key role in this rapid adoption as it unleashed the full potential of flash storage through higher performance scales and ultra-low latency.

Today, Cisco is raising the bar for storage networking with new features that further future-proof data centers to support existing and emerging applications. These include:

◈ Investment protection for NVMe and all-Flash arrays: 64G ready director, no forklift upgrade, built for the most demanding storage environments

◈ Actionable visibility and insights: TheIndustry’s first NVMe/FC analytics for deep visibility, built for customer choice and flexibility

◈ Reduced operational complexity: Extending DevOps support for IT automation with new Ansible module, including simplified integration built for advanced SAN automation

Support for 64G Fibre Channel Performance


The high performance, flexibility and reliability of Fibre Channel is now demanding the next-gen performance standards. The 64G capabilities for the MDS 9700 platform helps customers achieve better scale, bandwidth and performance to support business data growth.

And customers can support tomorrow’s mission-critical, data-hungry applications with a new Supervisor and Fabric module available via an in-place upgrade with no downtime.

Cisco Data Center, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam, Cisco Study Materials

Analytics for FC-SCSI and NVMe/FC


The introduction of NVMe/FC protocols has introduced a new set of challenges brought forward by the high speed and high performance of all-flash storage devices. Multiple technologies are all vying for the use of high speed Fibre Channel fabrics.

Cisco’s in-line SAN Analytics capability now includes the NVMe/FC protocol, whether customers send SCSI or NVMe over FC. The enhanced visibility is available for all products within the Cisco 32Gbps portfolio, from 8-port all the way up to models, offering 768 ports in a single chassis, and enabling faster troubleshooting of all workloads.

Customers can leverage analytics out-of-the-box for their next-generation storage infrastructure, decreasing costly troubleshooting time for fabric wide issues.

Cisco Data Center, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam, Cisco Study Materials

New SAN DevOps Tools Including New Ansible Modules 


Almost 95% of network changes in traditional SANs are performed manually. More than 70% of policy violations in SANs can be attributed to human error, while 75% of OpEx are attributed to network changes and troubleshooting.

Cisco Data Center, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam, Cisco Study Materials

Consolidating SAN management reduces the complexity of data center networks, lowers the overall cost of operations, and frees up additional resources. Cisco is introducing Ansible modules to simplify the frequent tasks in storage networks such as VSAN, device-alias, and zoning configuration.

Additional benefits for the Ansible modules include:

◈ OpEx savings: Reduce effort in deploying storage networking infrastructure and provisioning new devices for faster storage allocation to applications

◈ Improved SLA and business agility: Elimination of human-errors in repeated efforts; ability to deploy and provision new switches and storage faster

◈ Faster problem resolution and change management: Integrate changes across multiple products/vendors as a single automated work-flow

◈ Simple integration of multiple vendors: Open-standard technology enables work across multiple vendors with minimal learning curve across different products

Saturday, 19 October 2019

Introducing the Cisco Intersight Mobile App for Data Center Visibility on the Go

Cisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam

With the tremendous customer adoption of Cisco Intersight, Cisco has now extended the reach of its Management-as-a-Service (MaaS) platform with the introduction of the Cisco Intersight Mobile App. The Intersight Mobile App provides a new intuitive view of Intersight managed systems, allowing users to keep an eye on what’s going on in their data center no matter where they are or what device they use.

Cisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam
The iOS version of the app is available now in the Apple App Store and the Android version will be available in the Google Play Store soon.


Cisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online ExamCisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam

The new app provides on-the-go Health and Inventory detail for your Intersight-managed UCS and Hyperflex environment, so if a managed system’s health degrades to a point where an alarm is generated, the app will display relevant alarm detail. In addition, a comprehensive status of any Intersight-driven request can be monitored via the “Requests” dashboard.   Below we’re going to walk you through a series of screenshots with a few examples in the new app, so you see first-hand how easy it is to monitor your data center while you’re not in the office

How does it work?


Cisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam

The Intersight OpenAPI provides a REST-based, programmatic interface for accessing the Intersight Management Information Model that is representative of your compute environment. The App solicits this model through the API and returns a rich set of status-related details for UCS Servers, HyperFlex Clusters, and Fabric Interconnects. These details are then displayed in an easy to understand format within the App.

A quick peek at the appropriate dashboard can reveal Server, HyperFlex Cluster, or Fabric Interconnect views for your environment. These dashboards provide high-level roll-ups showing health, inventory, model, and alarm summaries.

How are my servers doing?


Cisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online ExamCisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam

This dashboard is showing that there are 54 healthy systems on the Server Dashboard, with one showing up as critical. To investigate, simply select the red “Critical” hot link. Seeing that it’s C220, you can then select that server.

Cisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online ExamCisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam

In this scenario, the app is showing an alarm indicating a problem with fan 1 in server 1. The user can then take this information, turn on the locator from the app and have one of the operators go and assess the situation.

HyperFlex Storage Capacity on the Go


Cisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam

Taking a closer look at the HyperFlex Dashboard and the HyperFlex “Top 5 Storage Utilization” summary on the bottom of the screen, it appears HX-SJC-01 has a capacity warning. Digging deeper into the HyperFlex Cluster Details for HX-SJC-01, it appears 61.8% of 110.6 TB is in use. This information tells the app user that they’ll need to keep an eye on the situation.

Cisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online ExamCisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam

The Intersight App can also be used to monitor the progress of requests initiated through Intersight. For instance, if someone kicked off an OS installation on one of their C240 servers the previous day, they can see if – and how – that finished up. In the screenshot below it appears that the task is complete, and only took 38 minutes.

Cisco Certifications, Cisco Learning, Cisco Study Materials, Cisco Tutorial and Material, Cisco Guides, Cisco Online Exam

Here is a complete list of my current alarms.  There are several issues being flagged with varying levels of severity.  The alarms provide a level of visibility that enables IT teams to prioritize and be proactive in managing their infrastructure.

This is just the beginning for Intersight’s Mobile App. With this introductory version of the mobile app, users get:

◈ On-the-go health and inventory detail
◈ HyperFlex capacity detail
◈ Status and monitoring of Intersight-driven requests

Friday, 18 October 2019

How 5G Will Accelerate Industrial IoT

2019 is shaping up to be a remarkable time in the 5G technology global roll-out. With its higher data rate, ultra-reliable and lower latency connectivity, and massive scale of machine-to-machine communication, 5G carries enormous potential.

Cisco Study Materials, Cisco Tutorial and Materials, Cisco Guides, Cisco Online Exam, Cisco Learning

With 5G and cellular, consumers will enjoy UHD 4K/8K video streaming, virtual reality, augmented reality, immersive entertainment, and interactive gaming – a great personal experience.

But, how will 5G boost the industrial market? Will it translate to big opportunities in the next decade across manufacturing, mining, oil and gas, utilities, transportation, and other verticals? Let’s explore how 5G will accelerate industrial IoT (IIoT).

Diversity in Industrial IoT


Industrial IoT offers lots of opportunities. The use cases span the spectrum: from indoor to outdoor, less demanding to mission-critical, data rate from dozens of bps to gbps, device motion from fixed to mobility, and power source from button battery to high voltage.

Some of the most common scenarios for IIoT include predictive maintenance, smart metering, asset tracking, and fleet management. 5G will create continued diversity and expansion for the possibilities of IIoT.

5G Inspires Untapped Frontiers


Many industrial IoT use cases mandate wide mobility, low latency, and mission-critical reliability, such as mobile robot control in production automation and autonomous vehicles in open pit mining. These use cases rely on wireless access at 50ms to 1ms latency and service reliability from 5 nines to 6 nines.

4G/LTE has attempted to address these use cases,but has often failed due to unsatisfactory performance. 5G’s combination of ultra-reliable and low latency connection will extend industrial IoT to unconquered spaces.

Managing the Enterprise 5G Network


Typically, enterprise IT is responding to the business demand from Operational Technology (OT) and mandates security, integration, visibility, control, and compatibility. In this scenario, 5G is not about “what,” but about “how.” IT needs to consider the right approach to bring 5G to the enterprise and decide whether to co-manage with the service provider (SP) or self-manage. The experience of IT in managing Industrial Ethernet and Wi-Fi may not hold when it comes to 5G. IT will likely require OT’s partnership to address complexity, security, integration, and other new challenges that 5G presents.

Multiple Access Technologies Coexisting


What are Cisco customers saying? We’re seeing an eagerness to move to 5G, but also concerns around coverage and costs. The video streaming and interactive gaming we mentioned before are going to gobble up data. And data = $$$.

While excited for the coming of 5G, customers realize that other access technologies will continue their irreplaceable roles in various capacities:

Cisco Study Materials, Cisco Tutorial and Materials, Cisco Guides, Cisco Online Exam, Cisco Learning

◈ Manufacturing needs strictly deterministic time synchronization for discrete automation. Industrial Ethernet is the only option today offering TSN (Time-Sensitive Networking) capability. HD video surveillance and AGV (Automated Guided Vehicle) operation around the warehouse requires higher throughput and full wireless coverage. Wi-Fi 6 is the more flexible and economical option in this case.

◈ Mining and oil/gas customers want to connect production fleets, trucks, assets, and workers at remote sites. It might make sense to use private LTE to solve for the lack of public cellular coverage.

◈ Utility advanced metering infrastructure (AMI) demands millions of electricity meters get connected at lower costs. RF-Mesh is commonly adopted by running on unlicensed ISM bands and resilient self-formed topology.

The beauty of access technologies is that they don’t – and won’t – compete with each other, but instead work together to meet the diverse requirements of IIoT from different angles. To find success, customers should marry 5G and Wi-Fi 6 to existing technologies, as driven by use cases.

Cisco is committed to helping those with secured access technologies embrace the advent of both 5G and Wi-Fi 6. We are constantly exploring use cases that support future technology development and how to achieve the best outcomes. Our latest industrial wireless portfolio, including the Cisco IR1101 Integrated Services Router Rugged, is a prime example of building for the future.

Thursday, 17 October 2019

Five Industries for Monetizing your 5G Investment

Cisco Study Material, Cisco Guides, Cisco Learning, Cisco Online Exam, Cisco 5G

Unless you’ve been living in a cave for the last few years, you probably know that the fifth generation of cellular network technology, 5G, is going to unleash some serious power with lower latency, higher bandwidth, greater density, and network slicing. There’s been a lot of talk about everything from self-driving cars and robots to refrigerators that can sense that you’re out of broccoli and call the store to restock your supply of cruciferous vegetables.

Although a lot of hype surrounds 5G, it clearly does have the power to transform established industries. It will affect business models and customer’s experiences and interactions across the globe.

What is 5G?


Whether it’s on the move or standing in place, everything needs to be connected. Mobility will play an increasing role in connecting everyone and everything. With the rise of interconnectivity comes a variety of new wireless technologies that are going to have to coexist. Wi-Fi 6, CBRS, and 5G are all similar in terms of what they are going to deliver. However, each of them uses different means to deliver these capabilities.

We’ve come to a major inflection point with 5G. Because of the wireless nature, it will allow us to accelerate digital disruption. At the same time, the new attributes of 5G will allow it to take on characteristics that were previously reserved for wired technologies. An added benefit is that wireless is more cost effective than wired connections.

Although 5G will primarily be used for outdoor connections, it will be able to seamlessly connect indoors as well. It will coexist with Wi-Fi 6 and CBRS, so users won’t be able to detect a hand-off.

How does this seamless experience work? A major difference in the 5G era is behind the radios. Software-defined “telco cloud” networks will be the foundation of intent-based networks. This will allow service providers to offer customers the tools and experiences they need and want.

5G for Service Providers and Enterprises


Service providers are at the center of the move to 5G, working to deliver network services. Enterprises will have to make a choice: do they want to buy from a service provider or build a 5G network themselves?

The relationship between industries and service providers will change as industries rely on providers for more applications, features, and services. Service providers can commit to new business models, cost models, and service levels. By playing a larger role, service providers can give industries the confidence to make the transition to 5G.

Cisco Study Material, Cisco Guides, Cisco Learning, Cisco Online Exam, Cisco 5G

5G Blog Series


We want to shed some light on how service providers and enterprises across industries can fully reach their 5G potential. To do so, we’ve worked with several of our resident subject matter experts to show you some ways 5G can help companies cut costs and increase revenue. In the next five blogs, we’ll focus on two common themes: the rise of the sensor ecosystem and the impact of 5G on knowledge workers.

Cisco is at the center of the move to 5G because we provide the technologies that are going to enable the transition. We want our customers to do the disrupting before they get disrupted.

We’re going to roll out this blog series each Monday for the next five weeks. Each blog post centers on a different key industry that we expect will go through a major transformation with the advent of 5G: retail, healthcare, industrials, smart cities, and education.

We could write a blog about every industry out there because 5G will be that far-reaching. However, we’ve chosen these five industries because many people can relate to them. These industries affect people’s everyday lives, and we’ll all feel positive change when the promise of 5G evolves into a reality.

Tuesday, 15 October 2019

Cisco Ranked #1 in Market Share for Industrial Networking

When people think of networking, they think of Cisco. But in the industrial networking space, sometimes that isn’t the case. In the past, organizations connecting areas such as manufacturing floors, oil rigs, traffic intersections relied on specialized vendors for their industrial IoT networking needs. Not anymore. I am proud to announce that for the second year in row, Cisco is #1 in industrial networking market share. This includes layer 2 and layer 3 switching, wireless and routing. In fact, according to IHS, Cisco is the only major vendor growing across all categories.

Cisco Internet of Things (IoT), Cisco Tutorial and Materials, Cisco Online Exam, Cisco Study Materials, Cisco Guides

No Longer Will Any Networking Solution Do


Data from IoT projects is critical to helping organizations stay competitive.  But problems with scale, IoT security and complexity block progress. More and more, operations are bringing in IT specialists to overcome these issues and lay a solid network foundation to help ensure project success. And this is where Cisco is uniquely equipped to help.

Cisco Internet of Things (IoT), Cisco Tutorial and Materials, Cisco Online Exam, Cisco Study Materials, Cisco Guides

Cisco Enterprise Networking and Security


Other networking solutions are more complex. To connect an IoT deployment, IT often must add another domain. This creates added burden, forcing IT to manage one more network. And with the large number of devices connected, manual setup and operations isn’t an option. Only Cisco offers an integrated multi-domain networking architecture. It extends the powerful capabilities of the enterprise network, including intent-based networking, to the IoT edge. With Cisco intent-based networking (IBN), you can automate key IT functions and provide centralized visibility and control across your entire network – from your campus to your branch, data center and to your IoT deployments.

And because most IoT projects bring more risk, security must be part of the equation. We are uniquely positioned to deliver a fully integrated Cisco security architecture without gaps in coverage. Our multi-layered, built-in approach is across every layer of our IoT stack. Coupled with our multi-domain architecture and intent-based networking, you can enforce unified security policies throughout your enterprise.

These networking and security capabilities provide scale and security unlike anyone else in the market so that you can deploy with confidence.

Industrial Protocol Interoperability


The second part of the equation adds interoperability and compliance. To get data, a large number of IoT sensors and machines must connect to the Internet. But the protocols they use are not common in traditional IT networks. Our industrial networking products support a wide variety of industrial protocols such as Modbus, Profinet, CIP, and IEC 61850 GOOSE. You get interoperability and compliance with the network scale and security you need.

The Right Form Factor and Design


The third part of the equation ensures that you can scale and deploy IoT wherever you need it. Key business operations are not always in the headquarters or the branch office. The data you need can be on the front lines of your operations like in remote oil pipelines, dirty/dusty manufacturing floors, or service vehicles. None of these are conducive to rack-mounted, ambient temperature network products. To help you connect, Cisco IoT offers ruggedized and heavy-duty routers, switches and wireless access points in small and modularized form factors. We have built them to withstand extreme temperatures, dust and moisture, and vibration. They come in sizes that are small enough to deploy in cars or on light poles or wherever you need it – not just in a 19-inch rack. And unlike many other vendors, no extra enclosures required!

Cisco Industrial Networking: The Foundation for IoT Success


When added together, these are the core networking capabilities that you need as a foundation for a successful IoT project. IT gets the network that they know and trust without added burden. Operations gets a solid network foundation that is reliable, scalable and secure and that works in their environment allowing them to capture the data the need to move the business forward.

Monday, 14 October 2019

SD-WAN Security: Built-in is Better than Bolt-on

Securing enterprise data and business applications is undoubtedly at the forefront of every IT professional’s mind. However, efforts to secure data and applications competes with the priority to open up resources for a distributed workforce by moving applications and data to multiple cloud and SaaS platforms. It’s the task of the Wide Area Network (WAN) to securely connect cloud apps to the workforce on campus and branch sites. Unfortunately, by circumventing the security layers of the enterprise data center and using direct internet connections, data and devices can be exposed to a host of threats.

Secure, cloud-scale Software-Defined Wide Area Networks (SD-WAN) address these challenges with a designed-in set of features that combines security at scale with implementation flexibility. SD-WAN addresses flexibility with transport independence, enabling connections over direct internet broadband, MPLS circuits, and LTE/5G. Multiple connection types can carry traffic simultaneously so that the best path is automatically selected for optimal application experience, as well as for instant failover protection.

In addition to flexibility, I believe organizations need to address security holistically, with end-to-end networking approach that embeds security layers directly into the SD-WAN fabric along with intelligent analytics to measure and maintain application quality of experience (QoE). Let’s look at three capabilities that SD-WAN needs to have to successfully provide security along with ubiquitous connectivity and high levels of application experience for distributed enterprises.

1. SD-WAN provides security without compromising flexibility, simplicity, and application experience.


By unifying security and networking, enterprises get the flexibility they need with the application experience they want. IT gets simplicity of centralized administration to manage distributed resources. Integrating flexible, transport-independent WAN capabilities with full stack security, all managed from one cloud portal, reduces the inevitable complexities that result from installing, configuring, and managing products from multiple vendors with multiple interfaces. Branch sites gain direct internet access to cloud applications with protection against threats originating from the internet.

SD-WAN flexibility and security can be extended to colocation facilities and cloud platforms to provide connectivity to regional branch sites and minimize the attack surface without deploying edge hardware to each site. Applying unified security and segmentation policies through SD-WAN through a cloud colocation platform keeps personal data regional to help meet regulatory and privacy requirements.

With the ability to centrally manage both the SD-WAN fabric and integrated security stack from a central cloud portal, IT can focus on providing the best application experience for the workforce. SD-WAN Cloud OnRamps for SaaS platforms, for example, provide performance specifically tuned for cloud applications such as Office 365, directing traffic from branches to the closest cloud gateways to meet pre-defined SLAs, and simplifying both connection management and access security.

Cisco SD-WAN, Cisco Study Materials, Cisco Learning, Cisco Certifications, Cisco Tutorials and Materials

Cisco’s integrated security solution provides the best balance of security and user experience for direct internet access Direct Internet

2. Security is an embedded full-stack solution, not an add-on.


As data leaves the control of tightly-managed data centers and spreads to multiple cloud and SaaS platforms, security controls have to be at the forefront of the network design. When considering the capabilities of an SD-WAN solution, look for a fully-integrated security stack that includes an application-aware enterprise firewall, intrusion prevention, advanced malware protection, and URL filtering operating at the edge or the cloud.

Be aware that when similar security layers are implemented as bolt-on sets of third-party point solutions, they must be individually integrated and managed, requiring additional IT training and time to unify them.

3. Protect data and applications with on-premise or cloud-based security


Where a SD-WAN security stack is deployed is less about the efficacy of protecting data than providing flexibility to adapt to changes in an organization’s operations. A holistic end-to-end solution that encompasses on-premise as well as cloud security—including integration with third-party security vendors—provides maximum flexibility.

◈ On-box security at each branch edge router, for example, provides flexibility to tailor each instance to branch-specific security, routing, and access policies—guest access, direct internet permissions, VPN tunnels—to meet business requirements.

◈ Easy-to-implement cloud-delivered security gateways, such as Cisco Umbrella, monitor traffic and apply security policies to guard against accessing known malicious sites, phishing attacks, and ransomware infections.

◈ SD-WAN with security as Virtual Network Functions (VNFs) hosted in colocation facilities provide connectivity for many regional branch sites with the same capabilities as on-premise branch implementation, along with unified security and segmentation policies to protect and keep data regional to meet regulatory and privacy requirements.

◈ SD-WAN built-in security is enhanced with knowledge derived from Cisco Talos, the leading cyber threat intelligence team, that constantly monitors emerging threats worldwide and automatically updates SD-WAN security solutions with proactive and actionable resolutions.

Security without Compromise


These three capabilities provide a foundation for evaluating an SD-WAN’s fit in an enterprise’s secure WAN architecture. Since security is a must-have to protect sensitive business data, and application performance is equally important to keep a workforce productive and meet customer experience levels, the two cannot be exclusive—there can be no compromise.

Cisco SD-WAN, Cisco Study Materials, Cisco Learning, Cisco Certifications, Cisco Tutorials and Materials

While implementing a flexible, high-performing SD-WAN solution solves a myriad of challenges, without built-in security, every connected resource is at risk. Likewise, installing the best security solutions without a flexible, dependable SD-WAN fabric to optimize application performance doesn’t provide the enterprise workforce with the information they need at the right place at the right time.

To successfully transition enterprise resources to cloud and SaaS computing, an SD-WAN architecture must encompass the best of both security and application performance. An end-to-end software-defined networking architecture embeds security directly into the SD-WAN fabric to provide the optimal solution for IT and a distributed workforce.

Sunday, 13 October 2019

Continuing innovations on Nexus9K ITD – Additional server load-balancing use cases

A couple months ago we released the new Cisco Innovated Intelligent Traffic Distribution (ITD) features on NX-OS 9.3.1. In this latest addition to Nexus 9000, we introduced ITD over VXLAN and ITD with destination NAT. The Cisco ITD feature in NX-OS was developed to addresses concerns with respect to capacity limitation on network service appliances in a multi-terabit environment, while providing a hardware-based scalable solution for Layer 3 and Layer 4 traffic distribution and redirection. These are the primary use cases for ITD a L3-L4 based load balancing across network service nodes or web servers and traffic redirection and distribution to WAN Optimizers or Web Proxies.

Benefits of ITD includes:


◈ Simplified provisioning during scaling of services nodes(scale-up);

◈ Provides line rate traffic load balancing;

◈ Health monitoring, failure detection and recovery; and

◈ Unlike ECMP, ITD provides even distribution of traffic and more granular control on traffic distribution

ITD over VXLAN


In a VXLAN fabric architecture, the endpoints, such as clients, physical servers, and virtual servers, are distributed across the fabric. Traffic flow from and to these clients and servers needs to be load-balanced in this fabric environment. With this ITD release, the single-switch ITD solution has been expanded to the VXLAN fabric so that now the fabric will act as a massive load-balancer. The NX-OS 9.3.1 release covers only the VIP-based load balancing mechanism in a VXLAN scenario, which means servers and clients can be connected anywhere in the fabric and glean the benefit of this fabric-based load-balancing function.

Cisco Prep, Cisco Tutorials and Materials, Cisco Learning, Cisco Online Exam, Cisco Data Center

Traffic flow from and to clients and servers in a fabric environment using ITD

ITD with NAT


Due to security reasons and a need for IP space conservation, customers look at NAT solutions to reuse the private IP address and hide the real-IP of the servers or services. Prior to this release, ITD was supported with Direct Server Return (DSR) mode. DSR mode is where clients have the visibility into the real-IP address of the servers/services. These servers were configured with the same public Virtual IP address (VIP), and servers reply directly to clients with the VIP as source IP bypassing the ITD. With this feature in NX-OS 9.3.1, clients no longer have visibility into real-IP’s of servers/services endpoints. Now, ITD on the switch will perform load balancing as well as NAT functionality, and ITD with destination NAT changes the destination address of the IP header. This helps redirecting the incoming packets with a destination of public IP to a real server private IP inside the network. The reverse path of the packet flow also follows the same approach, such as translating source address/real server IP to the VIP address, and then forwarding the traffic to the clients. ITD with destination NAT is applicable only in standalone switch today.  ITD w/ NAT will be supported over VXLAN fabric in future releases.

Cisco Prep, Cisco Tutorials and Materials, Cisco Learning, Cisco Online Exam, Cisco Data Center

Clients sending traffic to the ITD virtual IP address (20.1.1.1)

In the above example, clients send the traffic to the ITD virtual IP address (20.1.1.1), assuming it as real destination IP of the server. ITD switch translates and load balances the traffic to one of the server’s private IP address by adding its own IP as the source IP. The return traffic from the server is translated by ITD to its own VIP as source IP and forwarded back to the client. This way the traffic gets load balanced across the servers behind NAT without exposing the real-IP of servers to clients.