Cisco RISE
Integration Overview
This chapter provides an overview of the Cisco Remote Integrated Service Engine (RISE) protocol with an external service appliance and the Cisco Nexus 5600 Series switches.
Cisco RISE is an architecture that logically integrates an external service appliance, such as a Citrix NetScaler Application Delivery Controller (ADC) appliance appears and operates as a service module within the Cisco Nexus 5600 switch.
The Cisco NX-OS software in which RISE is supported supports the Cisco Nexus 5600 Series switches.
This chapter includes the following sections:
- Finding Feature Information
- Remote Integrated Service Engine
- Citrix Netscaler Application Delivery Controller (ADC)
- Cisco Nexus 5600 Series Switch
- RISE Functionality
- One-Arm Mode Deployment
- High Availability
- Virtualization
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the “New and Changed Information” chapter.
Remote Integrated Service Engine
The key features of a RISE integration are as follows:
Citrix Netscaler Application Delivery Controller (ADC)
The Citrix Netscaler Application Delivery Controller (ADC) is a network switch that performs application-specific traffic analysis to intelligently distribute, optimize, and secure layer 4 to layer 7 network traffic for web applications. For example, a Citrix Netscaler Application Delivery Controller (ADC) makes load balancing decisions on individual HTTP requests instead of on the basis of long-lived TCP connections, so that the failure or slowdown of a server is managed much more quickly and with less disruption to clients. The feature set can be broadly categorized as consisting of switching features, security and protection features, and server-farm optimization features.
The Cisco Nexus Series switches are used purely as a 1 and 10-Gigabit Ethernet switch, consolidating 10 Gigabit Ethernet connections into a smaller number of server connections trunked to the aggregation layers. These switches are designed for deployment in the core, aggregation, or access layers of a high performance, hierarchical data center network topology.
The Cisco Nexus Series switches run on the Cisco NX-OS software. This software fulfills the routing, switching, and storage networking requirements of data centers and provides an Extensible Markup Language (XML) interface and a command-line interface (CLI) that is similar to Cisco IOS software. As a crucial element in data center I/O consolidation, the switch enables I/O consolidation at the access layer and provides interoperability with the Cisco Nexus Series switches and other standards-based products.
Cisco Nexus 5600 Series Switch
The Cisco Nexus Series switches are used purely as a 1 and 10-Gigabit Ethernet switch, consolidating 10 Gigabit Ethernet connections into a smaller number of server connections trunked to the aggregation layers. These switches are designed for deployment in the core, aggregation, or access layers of a high performance, hierarchical data center network topology.
The Cisco Nexus Series switches run on the Cisco NX-OS software. This software fulfills the routing, switching, and storage networking requirements of data centers and provides an Extensible Markup Language (XML) interface and a command-line interface (CLI) that is similar to Cisco IOS software. As a crucial element in data center I/O consolidation, the switch enables I/O consolidation at the access layer and provides interoperability with the Cisco Nexus Series switches and other standards-based products.
RISE Functionality
Note | All features in this section function with IPv4. |
This section includes the following topics:
Discovery and Bootstrap
The discovery and bootstrap functionality enables the Cisco Nexus 5600 Series switches to communicate with the appliance by exchanging information to set up the Remote Integrated Service Engine (RISE) channel, which transmits control and data packets. Auto-discovery is supported only when you directly connect the service appliance with the Cisco Nexus switch. Once you configure the RISE control channel on the switch, the connected service appliance is set to RISE mode and all of its ports are set to operational mode by default.
In indirect mode (when the appliance is either Layer 2 or Layer 3 adjacent to the switch), you must manually configure the appliance and the Cisco Nexus switches to establish the control channel connectivity and for discovery and bootstrap to occur.
For more information about connection modes, see the “Preparing for RISE Integration” chapter. For configuration information, see the “Configuring RISE” chapter.
Health Monitoring
A RISE-enabled appliance can use its health monitoring feature to track and support server health by sending out health probes to verify server responses.
The Cisco Nexus switch and the appliance also periodically send heartbeat packets to each other. If a critical error occurs and health monitoring detects a service instance failure, or if the heartbeat is missed six times successively, the RISE channel becomes nonoperational. The health monitoring timer is 30 seconds (sec).
Nondisruptive Maintenance
The nondisruptive maintenance feature of the Cisco Remote Integration Services Engine (RISE) maintains the RISE configuration and runtime information on the Cisco Nexus 5600 Series switches during maintenance processes, such as an in-service software upgrade (ISSU) or an in-service software downgrade (ISSD), instead of being purged.
In-Service Software Upgrade
During an in-service software upgrade (ISSU), all RISE control channel communications are disabled. The configuration state across all components is restored after the ISSU is completed. Data traffic is not affected during an ISSU.
In-Service Software Downgrade
During an in-service software downgrade (ISSD), when you are downgrading from a Cisco Nexus 5600 Series switch software image with RISE support to an image without RISE support, you are notified that you should enter the no feature rise command before proceeding with the downgrade. This removes all of the RISE configuration and runtime configuration from the switch.
ISSU Start and Stop Notifications
In Cisco NX-OS 7.1(1)N1(1) and later releases, the Cisco Nexus 5600 Series switch provides start and stop notifications to the RISE service appliance during an in-service software upgrade (ISSU) or downgrade. This notification includes the hitful and hitless status of the line card to which the appliance is connected.
When the RISE service appliance receives a start notification, the appliance stops all control plane communication with the switch until after the switch sends a stop notification. The appliance uses the hitful and hitless status in the start and stop notifications to determine whether the data plane is operational.
One-Arm Mode Deployment
The recommended RISE deployment is a one-arm mode NetScaler deployment with all of the appliance ports bundled as a port channel connected to the Cisco Nexus 5600 Series switches.
High Availability
This section describes the basic redundancy deployments that support the Cisco Remote Integrated Service Engine (RISE) runtime message handling between a service appliance and the Cisco Nexus 5600 Series switch. A high availability, redundant deployment uses a maximum of two appliances (peers) to support seamless switchover of flows in case one of the appliances becomes unresponsive.
When the redundancy involves multiple Cisco Nexus 5600 Series switches, the switches are considered to be both in active state (one as primary and the other as secondary). When two RISE-enabled appliances are connected to two Cisco Nexus 5600 Series switches (dedicated), the active appliance is connected to one Cisco Nexus 5600 Series chassis and the standby appliance is connected to the second chassis. This deployment ensures that even if one of the switches goes down, there is minimal disruption in the traffic.
NetScaler high availability can be used in conjunction with vPC. vPC is used when an Nexus switch fails, and NetScaler high availability is there for when a NetScaler fails. A NetScaler HA failover should only be triggered if one of the NetScalers actually stops functioning. If a Nexus switch fails and there is no vPC it causes the downstream NetScaler to "fail", but only because it lost connection to its HA peer.
Virtualization
When the Cisco Nexus 5600 Series switch and the appliance are deployed in a RISE integration, the virtual device context (VDC) on the switch collapses multiple logical networks within a single physical infrastructure.
-
The RISE-enabled appliance appears as a RISE slot within each of the VDCs for which it is a service context. The appliance does not appear in VDCs that are not associated with the RISE service context.
-
The appliance has one RISE control channel per RISE instance.
-
The service VLAN groups maintain the mapping of all of the data VLANs for each RISE instance.
The VDC ID is part of the discovery and bootstrap payload and the appliance is aware of the VDCs for each VLAN with which it is associated. The Cisco Nexus 5600 Series switch supports 32 RISE instances per VDC.
Multiple appliances can be connected to a single VDC. When two different appliances are connected to the same VDC, the RISE control VLAN need not be unique because the appliances can share the same RISE control VLAN. One or more appliances can also be connected to different VDCs on the same switch. In a multiple VDC deployment, all of the ports for an appliance are connected to its respective VDC and the VLANs for each appliance do not overlap.