Flow Symmetry - Cisco Nexus 9000 Series Configuration Manual
Nx-os intelligent traffic director configuration guide, release 9.x
Hide thumbs
Also See for Nexus 9000 Series:
- Configuration manual (562 pages) ,
- Troubleshooting manual (126 pages) ,
- Quick start configuration manual (6 pages)
Table of Contents
Advertisement
Configuring ITD
Flow Symmetry
switch. Therefore, a pair of separate VLANs is required to prevent traffic looping between the firewalls and
the Nexus switch.
Figure 12: ITD ASA Deployment
This diagram shows VLANs 10 and 20 as the inside and outside interfaces toward the source and destination
on the network. VLANs 100 and 200 are used toward the ASAs to ensure loop-free traffic.
Flow Symmetry
Firewalls typically inspect traffic flows in both the forward and return directions. Due to the stateful nature
of the inspection, it is generally required that flow symmetry be maintained during normal operation of firewalls
that are not clustered. Even for clustered firewalls, the asymmetry of traffic flows results in the increased
redirection of flows over cluster control links. The increase of asymmetric flows adds unnecessary overhead
to the firewalls and adversely impedes performance.
Flow symmetry can be achieved using the inherent IP persistence and deterministic nature of the ITD algorithms.
A typical ITD configuration for firewalls uses one ITD service for the forward flow and one ITD service for
the return flow. Configuring these two ITD services in such a way that the value of the load-balance parameter
remains the same for both services ensures that flow symmetry is maintained.
Cisco Nexus 9000 Series NX-OS Intelligent Traffic Director Configuration Guide, Release 9.x
53
Hide quick links:
Advertisement
Table of Contents
