WIXLIB

NetScaler 1000VMay, 2015

Agenda Product summary– Performance– Specifications Technical Questions2

NetScaler 1000V and Nexus 1110-X

Availability Elasticity Simplicity Expandability Best load balancingContent SwitchingGSLBAdvanced HealthChecksPerformance& Offload TCP ConnectionManagement SSL processing Caching &CompressionSecurity &Visibility Responder DoS protection Application firewall Web Insight

Scale up, Scale in and Scale outScale upSimplicity withMany-In-OneElasticity withPay-As-You-GrowScale inExpandabilityScale out

NetScaler 1000V and Cloud Services PortfolioCitrix NetScaler1000V on ESXi/KVM &Nexus 1100 Series Citrix Best-in-Class virtual application delivery controller (vADC) Sold and supported exclusively by Cisco Integrated with Nexus 1100 Series Cloud Services Platform (CSP) Part of Cisco Validated Design – VMDC Virtual ServicesArchitecture (VSA) 1.0 Release and upcoming ACI CVDsCisco Cloud Services Platform (CSP)Any SW SwitchNetScaler 1000VESXi / KVMVMVMNexus 1110-X- Dual 10G SFP - HW SSL cardVMNexus 1110-X Series Cloud Services Platform

NetScaler: Cisco & Citrix Product BreakoutProductPlatform VPXMPXSDXx86HWApplianceHWApplianceNetScaler 1000Vx861110-XHWApplianceThroughputs: 10M, 200M, 500M, 1G, 2G, 3G, 4G & 5GNexus 1000V and vSphere Enterprise Plus are OPTIONALHW SSL offload up to 32K TPS for 2048-bit keysFully compatible with both ACI/APIC and RISENOTE: See Gunnar Anderson for add’l info. guanders@cisco.com or (650) 533-0159 c

New SW/HW Bundles ACE ReplacementSKUsDescriptionNotesC-CRYPTO-COMP-1.0 SSL card ONLY for the Nexus 1110-XField Replaceable Unit (FRU)N1K-1110-X-SSLNexus 1110-X w/ SSL cardNo license - HW ONLYN1K-1110-X-SSL-5SNexus 1110-X w/ SSL card & 5G standard NS1KVw/ NetScaler 1000V licenseN1K-1110-X-SSL-5ENexus 1110-X w/ SSL card & 5G enterprise NS1KVw/ NetScaler 1000V licenseN1K-1110-X-SSL-5PNexus 1110-X w/ SSL card & 5G platinum NS1KVw/ NetScaler 1000V license Applicable ACE models: ACE 4710, ACE 10/20/30 Service Modules, CSM Module,CSS11501S-C, CSS11503, and GSS 4429R. ACE Global Site Selector (GSS) is equivalent to NetScaler 1000V Global ServerLoad Balancing (GSLB); available in Enterprise & Platinum Editions. Clustering now automatically comes w/ Enterprise & Platinum Editions. Cluster upto 32 physical or virtual instances.

ACE virtual contexts NetScaler admin partitionsIn latest Release: 10.5-53.9 (posted Nov 14th)

SSL Card ONLY supported on the Nexus 1110-X platform Available as a Field Replaceable Unit (FRU) for existing Nexus 1110-Xdeployments; SKU “C-CRYPTO-COMP-1.0 ” Nexus 1110-X available w/ SSL card and without licenses; SKU “N1K1110-X-SSL” Up to 32,000 SSL Transactions/Sec (TPS) for 2048-bit keys aresupported. Card may be subdivided into 8 Virtual Functions (VF) tosupport up to 8 NetScaler 1000V instances on the Nexus 1110-X at 4300TPS each.

Performance12

Performance at 5GTestTest case DescriptionResultCommentsHTTP Throughput100KB Response5.2 GbpsRatelimiting5 GbpsRatelimiting2.6 GbpsCPU Saturation2.1 GbpsRetransmits100% persistent connections on client and Server sidesSSL Throughput (Bulk Crypto)100KB Response100% persistent connections on client and Server sidesSSL reuse is enabledHW SSL OFFLOADCompression32 KB response100% persistent connections on client and Server sidesAPP - FW100% persistent connections on client and Server sidesReq per conn 80Basic Profile13

Performance at 5G cont.TestRequests Per Second (RPS) Inf-InfTest case DescriptionResultComments100% persistent connections on client and Server sides326KPE 0 - 98%1Byte ResponseInf-InfCycles Per Second (CPS)HTTP VIP278KPE 0 98%SSL Transactions/Second (TPS) - 2K Keys1B Response32,000Card Queue build upSSL Reuse disabledHW SSL OFFLOADCycles Per Second (CPS)TCP VIP110KPE 0 95%PPSSyn Attack659KPE 0 93%14

NetScaler 1000V itionComprehensive L4-7load balancing and optimizesexpensive server and networkresources to reduce costWeb application deliverysolution providing advancedtraffic management andpowerful applicationaccelerationWeb application deliverysolution designed to delivermission-critical applicationswith web application firewallsecurity, fastest performance,and lowest cost15

Application Evolution

When to Use Which?Physical AppliancesVirtual Appliances Gig performance Labs/test environments High volume SSL Offload Development environments High SSL TPS “Datacenter-in-a-box” High IO/Packets Per Second CPU-intensive workloads FIPS requirements Frequently moved apps Physical device security Fast/remote deployment17

Common ADC Design ArchitecturesOne ArmedLoad Balancer not inlineAllows direct server accessUsed to Requires Source NATNetscalerRouted ModeNetscalerEasy to deployRequires at least two IP subnetsServers in dedicated IP subnetBridged ModeNetscalerEasy migration for serversRequires one IP subnetsRecommend for none-lb traffic

Services Node Insertion Methods Two Armed Mode– Bridged / Transparent– Routed One Armed Mode RISE, Remote Integration of Service Engines19

Cisco Remote Integrated Service Engine (RISE)Challenge: Services and switching are deployed independently which increases the complexity fordeploying and maintaining networksLogical RISE TopologyRISE Overview: Logical integration of a serviceappliance with Nexus 7000 and 7700platforms Enables staging to streamline initialdeployment of the service appliance Allows ongoing configuration updatesto drive flows to and from the serviceappliance Allows data path acceleration andincreased performance Integrated with N7K VDC architectureControl PlanePhysical Topology20

Cisco Remote Integrated Service Engine (RISE)Enabling Tightly Integrated Data Center Services with Citrix NetScalerSimplified Out-of-BoxExperienceSignificant OPEXreductionEase of ManagementInternetReducing Initial Deploymentof NS by 4x (30 to 8 steps)Seamless Nexus IntegrationAuto PBR SimplifiesOne-arm mode configPush VIP Availabilityinto Routing LayerEnables the Nexus 7000 to Direct Application Traffic21

Cisco Solution: Use RISE for Auto PBR NS adds redirection rules as perconfiguration1. Client VIP– Sends the list of servers and the nexthop interfaceInternet N7K applies to rules for its localservers and propagates the rules forservers attached to the neighboringN7K No need for Source-NAT or manualPBR configuration Uses the RISE control channel forsending Auto PBR messages8. VIP Client2. Client VIP3. Client Server6. Server ClientAPBRrules7. VIP ClientConfigure anew service0. Auto PBR5.Server ClientPreserve Client IP Visibility without the operation cost of TraditionalPolicy Based Routing4.Client Server

In Collaboration with Intel Intel and the Intel logo are trademarks of the Intel Corporation in the U.S. and/or other countries

NetScaler: Cisco & Citrix Product Breakout VPX NetScaler 1000VMPX HW Appliance SDX HW Appliance Product 1110-X HW Appliance Platform x86 x86 Throughputs: 10M, 200M, 500M, 1G, 2G, 3G, 4G & 5G Nexus 1000V and