This chapter provides
an overview of the Cisco Remote Integrated Service Engine (RISE) protocol with
an external service appliance and the Cisco Nexus
5600 Series switches.
Cisco RISE is an
architecture that logically integrates an external service appliance, such as a
Citrix NetScaler Application Delivery Controller (ADC) appliance appears and
operates as a service module within the Cisco Nexus
The Cisco NX-OS
software in which RISE is supported supports the Cisco Nexus
5600 Series switches.
This chapter includes
the following sections:
Your software release
might not support all the features documented in this module. For the latest
caveats and feature information, see the Bug Search Tool at
and the release notes for your software release. To find
information about the features documented in this module, and to see a list of
the releases in which each feature is supported, see the “New and Changed
The key features of a
RISE integration are as follows:
Application Delivery Controller (ADC)
The Citrix Netscaler
Application Delivery Controller (ADC) is a network switch that performs
application-specific traffic analysis to intelligently distribute, optimize,
and secure layer 4 to layer 7 network traffic for web applications. For
example, a Citrix Netscaler Application Delivery Controller (ADC) makes load
balancing decisions on individual HTTP requests instead of on the basis of
long-lived TCP connections, so that the failure or slowdown of a server is
managed much more quickly and with less disruption to clients. The feature set
can be broadly categorized as consisting of switching features, security and
protection features, and server-farm optimization features.
The Cisco Nexus Series switches are used purely as a 1 and 10-Gigabit
Ethernet switch, consolidating 10 Gigabit Ethernet connections into a smaller
number of server connections trunked to the aggregation layers. These switches
are designed for deployment in the core, aggregation, or access layers of a
high performance, hierarchical data center network topology.
The Cisco Nexus Series switches run on the Cisco NX-OS software. This
software fulfills the routing, switching, and storage networking requirements
of data centers and provides an Extensible Markup Language (XML) interface and
a command-line interface (CLI) that is similar to Cisco IOS software. As a
crucial element in data center I/O consolidation, the switch enables I/O
consolidation at the access layer and provides interoperability with the Cisco
Nexus Series switches and other standards-based products.
5600 Series Switch
The Cisco Nexus Series
switches are used purely as a 1 and 10-Gigabit Ethernet switch, consolidating
10 Gigabit Ethernet connections into a smaller number of server connections
trunked to the aggregation layers. These switches are designed for deployment
in the core, aggregation, or access layers of a high performance, hierarchical
data center network topology.
The Cisco Nexus Series
switches run on the Cisco NX-OS software. This software fulfills the routing,
switching, and storage networking requirements of data centers and provides an
Extensible Markup Language (XML) interface and a command-line interface (CLI)
that is similar to Cisco IOS software. As a crucial element in data center I/O
consolidation, the switch enables I/O consolidation at the access layer and
provides interoperability with the Cisco Nexus Series switches and other
All features in
this section function with IPv4.
This section includes
the following topics:
The discovery and
bootstrap functionality enables the Cisco Nexus
5600 Series switches to communicate with the appliance by
exchanging information to set up the Remote Integrated Service Engine (RISE)
channel, which transmits control and data packets. Auto-discovery is supported
only when you directly connect the service appliance with the Cisco Nexus
switch. Once you configure the RISE control channel on the switch, the
connected service appliance is set to RISE mode and all of its ports are set to
operational mode by default.
In indirect mode (when
the appliance is either Layer 2 or Layer 3 adjacent to the switch), you must
manually configure the appliance and the Cisco Nexus switches to establish the
control channel connectivity and for discovery and bootstrap to occur.
For more information
about connection modes, see the “Preparing for RISE Integration” chapter. For
configuration information, see the “Configuring RISE” chapter.
appliance can use its health monitoring feature to track and support server
health by sending out health probes to verify server responses.
The Cisco Nexus switch
and the appliance also periodically send heartbeat packets to each other. If a
critical error occurs and health monitoring detects a service instance failure,
or if the heartbeat is missed six times successively, the RISE channel becomes
nonoperational. The health monitoring timer is 30 seconds (sec).
maintenance feature of the Cisco Remote Integration Services Engine (RISE)
maintains the RISE configuration and runtime information on the Cisco Nexus
5600 Series switches during maintenance processes, such as
an in-service software upgrade (ISSU) or an in-service software downgrade
(ISSD), instead of being purged.
During an in-service
software upgrade (ISSU), all RISE control channel communications are disabled.
The configuration state across all components is restored after the ISSU is
completed. Data traffic is not affected during an ISSU.
During an in-service
software downgrade (ISSD), when you are downgrading from a Cisco Nexus
5600 Series switch software image with RISE support to an
image without RISE support, you are notified that you should enter the
no feature rise
command before proceeding with the downgrade. This removes all of the RISE
configuration and runtime configuration from the switch.
ISSU Start and
In Cisco NX-OS 7.1(1)N1(1) and later releases, the Cisco Nexus 5600 Series switch provides start and stop notifications to the RISE service appliance during an in-service software upgrade (ISSU) or downgrade. This notification includes the hitful and hitless status of the line card to which the appliance is connected.
When the RISE
service appliance receives a start notification, the appliance stops all
control plane communication with the switch until after the switch sends a stop
notification. The appliance uses the hitful and hitless status in the start and
stop notifications to determine whether the data plane is operational.
The recommended RISE
deployment is a one-arm mode NetScaler deployment with all of the appliance
ports bundled as a port channel connected to the Cisco Nexus
In the one-arm mode
(see figure below), the Citrix Netscaler Application Delivery Controller (ADC)
appliance is configured with a VLAN that handles both client and server
Figure 1. One-Arm
This section describes the basic redundancy deployments that support the Cisco Remote Integrated Service Engine (RISE) runtime message handling between a service appliance and the Cisco Nexus
5600 Series switch. A high availability, redundant deployment uses a maximum of two appliances (peers) to support seamless switchover of flows in case one of the appliances becomes unresponsive.
When the redundancy involves multiple Cisco Nexus
5600 Series switches, the switches are considered to be both in active state (one as primary and the other as secondary). When two RISE-enabled appliances are connected to two Cisco Nexus
Series switches (dedicated), the active appliance is connected to one Cisco Nexus
Series chassis and the standby appliance is connected to the second chassis. This deployment ensures that even if one of the switches goes down, there is minimal disruption in the traffic.
availability can be used in conjunction with vPC. vPC is used when an Nexus
switch fails, and NetScaler high availability is there for when a NetScaler
fails. A NetScaler HA failover should only be triggered if one of the
NetScalers actually stops functioning. If a Nexus switch fails and there is no
vPC it causes the downstream NetScaler to "fail", but only because it lost
connection to its HA peer.
When the Cisco Nexus
5600 Series switch and the appliance are deployed in a RISE
integration, the virtual device context (VDC) on the switch collapses multiple
logical networks within a single physical infrastructure.
The appliance creates
virtual contexts on the single physical appliance that is connected to the VDCs
on the switch.
appliance appears as a RISE slot within each of the VDCs for which it is a
service context. The appliance does not appear in VDCs that are not associated
with the RISE service context.
The appliance has
one RISE control channel per RISE instance.
The service VLAN
groups maintain the mapping of all of the data VLANs for each RISE instance.
The VDC ID is part of
the discovery and bootstrap payload and the appliance is aware of the VDCs for
each VLAN with which it is associated. The Cisco Nexus
supports 32 RISE instances per VDC.
can be connected to a single VDC. When two different appliances are connected
to the same VDC, the RISE control VLAN need not be unique because the
appliances can share the same RISE control VLAN. One or more appliances can
also be connected to different VDCs on the same switch. In a multiple VDC
deployment, all of the ports for an appliance are connected to its respective
VDC and the VLANs for each appliance do not overlap.