Installation and Configuration Guide for Remote Integrated Service Engine (RISE)
Overview
Downloads: This chapterpdf (PDF - 699.0KB) The complete bookPDF (PDF - 1.54MB) | Feedback

Overview

Table Of Contents

Overview

Information about Remote Integrated Service Engine

Information About the NetScaler Appliance

Information About the Cisco Nexus 7000 Series Switch

RISE Functionality

Discovery and Bootstrap

Health Monitoring

Nondisruptive Maintenance

In-Service Software Upgrade

In-Service Software Downgrade

RISE Deployment Scenarios

One-Arm Mode

High Availability

Virtualization Support

Multiple VDC Support

Single/Multiple NetScaler appliances Connected to Single VDC


Overview


This chapter provides an overview for installing and using the Remote Integrated Service Engine (RISE) feature with the Citrix NetScaler Application Delivery Controller (NS) and the Cisco Nexus 7000 Series switches. The Cisco NX-OS software supports the Cisco Nexus 7000 Series that includes Cisco Nexus 7000 switches and Cisco Nexus 7700 switches. You can find detailed information about supported hardware in the Cisco Nexus 7000 Series Hardware Installation and Reference Guide.


Note This guide describes how to install, configure and administer the RISE feature only. For additional documentation on the NetScaler appliance and the Cisco Nexus 7000 Series switches, see the "Related Documentation" section.


This chapter includes the following sections:

Information about Remote Integrated Service Engine

Information About the NetScaler Appliance

Information About the Cisco Nexus 7000 Series Switch

RISE Functionality

RISE Deployment Scenarios

High Availability

Virtualization Support

Information about Remote Integrated Service Engine

The RISE architecture logically integrates the NetScaler appliance and Cisco Nexus 7000 Series switches so that an external (remote) service appliance appears as a service module (remote line card) in the switch. In addition to providing a service module's streamlined deployment and simplified configuration and operation, it enables integration with the Cisco Nexus 7000 Series switches Virtual Device Context (VDC) architecture. For more information on VDCs, see the "Virtualization Support" section.

RISE enables feature integration between the NetScaler appliance and the Cisco Nexus 7000 Series switches, such as plug and play auto-provisioning, discovery and bootstrap, Health Monitoring, and message encryption during upgrades and downgrades.

For more information on the above features, see the "RISE Functionality" section.

Figure 1-1 RISE Integration for the NetScaler appliance and Cisco Nexus 7000 Series switches

The key aspects of RISE integration (see Figure 1-1) are as follows:

The NetScaler appliance appears as a module (virtual slot) in the Cisco Nexus 7000 Series switches chassis.

Cisco Nexus 7000 Series switches ports are allocated for the virtual slot (NetScaler appliance) and configured either as a port channel or as a regular trunk switch mode with the associated list of VLANs.

An initial handshake is established between the NetScaler appliance and the Cisco Nexus 7000 Series switches to exchange parameters and set up a control channel:

RISE Discovery Packet (RDP) enables RISE to perform the initial handshake.

The Intelligent Services Control Client (iSCC) component, which resides on the NetScaler appliance, establishes a control channel with the Intelligent Services Control Manager (iSCM) component on the Cisco Nexus 7000 Series switches.

The iSCC and iSCM communicate using Transmission Control Protocol (TCP) packets.

Information About the NetScaler Appliance

The Citrix NetScaler (NS) product is an application switch that performs application-specific traffic analysis to intelligently distribute, optimize, and secure Layer 4-Layer 7 (L4-L7) network traffic for web applications. For example, a NetScaler makes load balancing decisions on individual HTTP requests rather than on the basis of long-lived TCP connections, so that the failure or slowdown of a server is managed much more quickly and with less disruption to clients. The NetScaler feature set can be broadly categorized as consisting of switching features, security and protection features, and server-farm optimization features.

Information About the Cisco Nexus 7000 Series Switch

TheCisco Nexus 7000 Series switcheses are multiprotocol-capable, high-density, and high-performance switches that incorporate Ethernet/IP, virtualization, Layer 4 to Layer 7 services, and low-latency interconnect (LLI) technologies. They are designed for deployment in the core, aggregation, or access layers of a high performance, hierarchical data center network topology.

The Cisco Nexus 7000 Series switcheses run on the Cisco NX-OS software. This software fulfills the routing, switching, and storage networking requirements of data centers and provides an Extensible Markup Language (XML) interface and a command-line interface (CLI) that is similar to Cisco IOS software.

For installation instructions, see the Cisco Nexus 7000 Series Hardware Installation and Reference Guide and for configuration information, see the Cisco Nexus 7000 Series configuration guides.

RISE Functionality

This section includes the following topics:

Discovery and Bootstrap

Health Monitoring

Nondisruptive Maintenance


Note All features in this section function with IPv4.


Discovery and Bootstrap

The discovery and bootstrap mechanism enables the Cisco Nexus 7000 Series switches to communicate with the NetScaler appliance by exchanging information to set up the RISE channel, which transmits control and data packets. Auto-discovery is supported only when you directly connect the NetScaler appliance with the Cisco Nexus 7000 Series switches. Once you configure the RISE control channel on the Cisco Nexus 7000 Series switches, by default, the NetScaler appliance is set to RISE mode and all of its ports are set to operational mode.

In indirect mode (when the NetScaler appliance is either Layer 2 or Layer 3 adjacent to the switch), you must manually configure the NetScaler appliance and the Cisco Nexus 7000 Series switches to establish the control channel connectivity and for discovery and bootstrap to occur.

For information about connection options, see the "Information About Connection Options" section and about RISE configuration, see Chapter 3 "Configuring RISE."

Health Monitoring

The NetScaler appliance uses its health monitoring feature to track and support the server health by sending out health probes to verify server responses. The iSCM on the Cisco Nexus 7000 Series switches and the iSCC on the NetScaler appliance also periodically send heartbeat packets to each other. If a critical error occurs and health monitoring detects a service instance failure, or if the heartbeat is missed six times successively, the RISE channel becomes nonoperational. The health monitoring timer is 30 seconds (sec).

Some of the commands used for monitoring are as follows:

NetScaler appliance—Enter the show rise profile command on the NetScaler appliance to display the RISE configuration status on the appliance. If RISE is configured and enabled on the Cisco Nexus switch by using the no shutdown command, the state is displayed as active. Otherwise, the RISE state will is displayed as inactive.

Cisco Nexus 7000 Series switches—Enter the show rise status details command to display service-instances failures (such as failure of multiple NetScaler appliances) created by a health monitoring issue. Use the same command with the service name included to verify the status of a specific service instance.

For additional RISE commands and detailed command line reference information, see "Cisco NX-OS RISE Commands".

Nondisruptive Maintenance

The nondisruptive maintenance feature enables retaining of RISE configuration and runtime information on the Cisco Nexus 7000 Series switches during maintenance processes, such as an In-Service Software Upgrade (ISSU) or an In-Service Software Downgrade (ISSD), instead of being purged.

This section includes the following topics:

In-Service Software Upgrade

In-Service Software Downgrade

In-Service Software Upgrade

During an In-Service Software Upgrade (ISSU), all RISE control channel communications are disabled. The configuration state across all components is restored after the ISSU is completed. Data traffic is not affected during an ISSU.

In-Service Software Downgrade

During an ISSD, when you are downgrading from a Cisco Nexus 7000 Series switches software image with RISE support to an image without RISE support, you are notified that you should enter the no feature rise command before proceeding with the downgrade. This enables the iSCM to remove all RISE configuration and runtime configuration from the Cisco Nexus 7000 Series switches.

RISE Deployment Scenarios

This section includes the following topics:

One-Arm Mode

One-Arm Mode

The recommended RISE deployment is a one-arm mode NetScaler deployment with all of the appliance ports bundled as a port channel connected to the Cisco Nexus 7000 Series switches. In the one-arm mode (see figure below), the NetScaler appliance is configured with a VLAN that handles both client and server requests.

See the "Prerequisites for RISE Integration" section for the high-level installation and configuration sequence for the NetScaler appliance and the Cisco Nexus 7000 Series switches.

Figure 1-2 One-Arm Mode

High Availability

This section describes the basic redundancy deployments that support RISE runtime message handling between the NetScaler appliance and the Cisco Nexus 7000 Series switches. A high availability, redundant deployment uses a maximum of two NetScaler appliances (peers), where there is a seamless switchover of flows in case one of the NetScaler appliances becomes unresponsive.

For more information on NetScaler appliance high availability, see the High Availability Citrix eDoc.

For more information on switch redundancy, see the Cisco Nexus 7000 Series NX-OS High Availability and Redundancy Guide.

When the redundancy involves multiple Cisco Nexus 7000 Series switcheses, the switches are considered to be both in active state (one as primary and the other as secondary).

You can implement redundancy as follows:

Two NetScaler appliances connected with two Cisco Nexus 7000 Series switcheses (dedicated)—In this deployment (see figure below), the active NetScaler appliance is connected to one Cisco Nexus 7000 Series switches chassis and the standby NetScaler appliance is connected to the other chassis. This deployment ensures that even if one of the Cisco Nexus 7000 Series switches goes down, there is no disruption in the traffic.

Figure 1-3 Dedicated NetScaler appliances for Two Cisco Nexus 7000 Series Switches

Virtualization Support

With the integration of Cisco Nexus 7000 Series switches and the NetScaler appliance, the following occurs:

The Cisco Nexus 7000 Series switches VDC collapses multiple logical networks into a single physical infrastructure.

For more information on creating and managing VDCs, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide.

The NetScaler appliance creates virtual contexts on a single physical appliance that are connected with the VDCs on the Cisco Nexus 7000 Series switches.

Figure 1-4 Virtualization and VDCs

In a RISE environment, within the same Cisco Nexus 7000 Series switches chassis, the key aspects of the NetScaler appliance connectivity with the VDCs are as follows:

The NetScaler appliance appears as a RISE slot in each of the VDCs.

The NetScaler appliance has one RISE control channel and one port channel per RISE instance.

VLANs should not be shared across VDCs.

The NetScaler appliance maintains mapping of all the VLANs for each RISE instance.

Multiple VDC Support

The VDC ID is part of the discovery and bootstrap payload and the NetScaler appliance is aware of the VDCs that each VLAN is associated with. The Cisco Nexus 7000 Series switches supports 32 RISE instances per VDC. The slot ID scheme is as follows:

300-331 in vdc1

332-363 in vdc2

364-395 in vdc3

396-427 in vdc4

This section includes the following topics:

Single/Multiple NetScaler appliances Connected to Single VDC

Single/Multiple NetScaler appliances Connected to Single VDC

In the following figure, multiple NetScaler (NS) appliances connect to one VDC (vdc1) and a single NS connects to another VDC (vdc2) on the same Cisco Nexus 7000 Series switches. In both cases, all the ports of each NS are connected to the same VDC and their VLANs do not overlap.

However, unlike in the previous scenario, the RISE control VLAN does not need to be unique, because when two different NSs connect to the same VDC (vdc1), they can share the same RISE control VLAN.

Figure 1-5 Single/Multiple NetScaler appliances Connected with One VDC