Information About Catena; Catena Feature Overview - Cisco Nexus 7000 Series Configuration Manual

Information About Catena

Information About Catena
Catena is a multi-terabit security, chaining, load-balancing, analytics and L4-L7 applications integration
solution, natively on the switch or router. Catena provides a hardware-based application chaining solution for
Cisco Nexus devices so that packets can be redirected through multiple physical or virtual devices without
changing the topology or the existing configuration. The solution works with all L4-L7 virtual and physical
devices, such as firewall, IPS, IDS, DOS Protection, WAAS, SSL offload engines, networking monitoring
devices, switches, virtual appliances, and containers.

Catena Feature Overview

Catena allows users to create multiple chains with multiple elements in each chain. Users can configure
security policies to specify which segments of traffic go through which chain. An element could be a cluster
of devices, in which case, catena load balances to the cluster. Catena performs health monitoring and failure
handling of devices, along with sophisticated analytics.
The catena solution is natively embedded in the switch or router; therefore, you don't need to buy any service
module or external hardware.
Some of the key features of Catena are as follows:
Note Catena supports IPv4 and IPv6 addresses.
• Supports full ACL including source IP, destination IP, source L4 port number, and destination L4 port
• Enables wire-speed performance.
• Provides hardware independence.
• Adds zero-latency to traffic.
• Allows you to insert additional appliances without disrupting existing device architecture or making
• Deploys appliances with the zero-touch feature. Catena does not need special header or data path packet
• Provides per-segment telemetry and analytics at different points in the network.
• Does not place any additional load on the supervisor because the hardware handles all the packets.
• Provides selective traffic segmentation and chaining using ACLs. For example, any traffic entering at
• Redirects line-rate traffic to multiple appliances.
• Monitors the health of devices using PING (ICMP), TCP, UDP, or DNS probes. Catena sends periodic
Cisco Nexus 7000 Series Switches Configuration Guide: The Catena Solution
4
number.
complex changes to the wiring.
modification. It is compatible with your existing hardware and software. It accepts standard space packets
and does not require special tunneling, or headers. As a result, any appliance works without any special
certification or support from the vendor.
the ingress port is matched against your ACL and if the traffic matches your ACL, it is ingested into the
appropriate traffic chain.
probe packets to all the appliances. When an appliance responds in a healthy manner within a specified
Configuring the Catena Solution