Enhancing Application Performance with PfR TechAdvantage Webinar

3,253 views

Published on

This webinar explains Cisco Performance Routing (PfR) technology as well as the latest enhancements and includes real case studies. PfR allows network administrators to minimize bandwidth costs, enable intelligent load distribution, improve application performance, and deploy dynamic failure detection at the WAN access edge. Whereas other routing mechanisms can provide both load sharing and failure mitigation, Cisco IOS PfR makes real-time routing adjustments based on criteria other than static routing metrics such as response time, packet loss, jitter, path availability, traffic load distribution, and cost minimization. This session is for anyone who wants to understand and deploy Cisco IOS Performance Routing.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,253
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
172
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Enhancing Application Performance with PfR TechAdvantage Webinar

  1. 1. Enhancing Application PerformancePerformance Routing (PfR)Jean-Marc Barozet (jmb@cisco.com)Sumanth Kakaraparthi (sukakara@cisco.com)Network Operating Systems Technology GroupThe Cisco TechAdvantage Webinars – January 9, 2013© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
  2. 2. Register for a Technical Seminar with our Cisco Software SMEs:http://www.ciscolive.com/london/registration-packages/ Session Title Session Number Advanced LISP Techtorial TECIPM-3191 Advanced Network Automation TECNMS-3601 Application Awareness in the Network; the Route to Application Visibility and Control TECRST-2672 Converged Access: Wired/Wireless System Architecture, Design and Operations TECCRS-2678 Enterprise QoS Design Strategy TECRST-2501 IP Mobility Deep Dive TECSPG-3668 IPv6 for Dummies: An Introduction to IPv6 TECMPL-2192 IPv6 Security TECRST-2680 Scaling the IP NGN with Unified MPLS TECNMS-3601 Software Defined Networking and Use Cases TECSPG-2667 Understanding and Deploying IP Multicast Networks TECIMP-1008© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
  3. 3. Speakers Panelists Sumanth Kakaraparthi Jean-Marc Barozet Shabaz Yousaf Scott Van de Houten Product Manager Technical Leader Technical Marketing Engineer Distinguished Architect sukakara@cisco.com jbarozet@cisco.com syousaf@cisco.com svandeho@cisco.com© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
  4. 4. •  Submit questions in Q&A panel and send to “All Panelists” Avoid CHAT window for better access to panelists •  For WebEx audio, select COMMUNICATE > Join Audio Broadcast •  For WebEx call back, click ALLOW phone button at the bottom of participants side panel •  Where can I get the presentation? Or send email to: ask_techadvantage@cisco.com •  Please complete the post-event survey •  Join us February 13th for our next TechAdvantage Webinar: Unleash the Power of Your Network with One Platform Kit (onePK) www.cisco.com/go/techadvantage© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
  5. 5. •  Positioning Key Customer Challenges PfR Benefits•  Performance Routing 101•  Use cases: Internet Edge Enterprise WAN•  Reporting Tools – NetFlow export, SNMP•  Conclusion© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  6. 6. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  7. 7. Drastic Change in Application Consumption, Delivery, Type© 2012 Cisco and/or its affiliates. All rights reserved. How Application Are Consumed Cisco Confidential 7
  8. 8. Drastic Change in Application Consumption, Delivery, Type© 2012 Cisco and/or its affiliates. All rights reserved. How Applications Are Delivered Cisco Confidential 8
  9. 9. Drastic Change in Application Consumption, Delivery, Type© 2012 Cisco and/or its affiliates. All rights reserved. Type of Applications Cisco Confidential 9
  10. 10. Key Findings—Cisco Global Cloud Networking Survey, April 2012* Expectation 50% 37%Percent of CIO s Consider Cloud ready who say the WAN to be the Most majority of their Critical Infrastructure apps will be in for Cloud the Cloud by 28% : Virtualized DC 2015 21% - SP SLA * 1300+ Global IT professionals across 13 countries www.cisco.com/go/cloudsurvey© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
  11. 11. Key Findings—Cisco Global Cloud Networking Survey, April 2012* Expectation Reality: Top Network Challenges 50% 37% vs. 60% 66% 60%Percent of CIO s Consider Cloud ready Cited Cited Security Cited who say the WAN to be the Most Performance and Policy as Management majority of their Critical Infrastructure as a Key a Key Challenge as a Key apps will be in for Cloud Challenge for Cloud Challenge the Cloud by 28% : Virtualized DC for Cloud for Cloud 2015 21% - SP SLA * 1300+ Global IT professionals across 13 countries www.cisco.com/go/cloudsurvey© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
  12. 12. Data Centers Public SaaS WAN Internet Branch with no direct Internet Branch with direct Internet access access© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
  13. 13. Data Centers •  I don’t know, if I am getting my SLA Public SaaS •  I don’t know, the applications running in my network •  I don’t know, how to isolate performance problems •  I don’t know, how much non-business traffic is consuming WAN Internet Branch with no direct Internet Branch with direct Internet access access© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
  14. 14. Data Centers •  I don’t know, if I am getting my SLA Public SaaS •  I don’t know, the applications running in my network •  I don’t know, how to isolate performance problems •  I don’t know, how much non-business traffic is consuming WAN Internet Branch with no direct Internet Branch with direct Internet access access© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
  15. 15. Data Centers •  I don’t know, if I am getting my SLA Public SaaS •  I don’t know, the applications running in my network •  I don’t know, how to isolate performance problems •  I don’t know, how much non-business traffic is consuming WAN Internet Branch with no direct Internet Branch with direct Internet •  I can’t do, anything about poor and inconsistent performance access access •  I can’t do, anything about my Network outages •  I can’t do, anything about under utilization of my Expensive WAN links •  I can’t do, anything about unreliability for my WAN links© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
  16. 16. Data Centers •  I don’t know, if I am getting my SLA Public SaaS •  I don’t know, the applications running in my network •  I don’t know, how to isolate performance problems •  I don’t know, how much non-business traffic is consuming WAN Internet Branch with no direct Internet Branch with direct Internet •  I can’t do, anything about poor and inconsistent performance access access •  I can’t do, anything about my Network outages •  I can’t do, anything about under utilization of my Expensive WAN links •  I can’t do, anything about unreliability for my WAN links© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
  17. 17. Data Centers •  I don’t know, if I am getting my SLA Public SaaS •  I don’t know, the applications running in my network •  I don’t know, how to isolate performance problems •  I don’t know, how much non-business traffic is consuming WAN Internet Branch with no direct Internet Branch with direct Internet •  I can’t do, anything about poor and inconsistent performance access access •  I can’t do, anything about my Network outages •  I can’t do, anything about under utilization of my Expensive WAN links •  I can’t do, anything about unreliability for my WAN links© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
  18. 18. Visibility Control Report© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
  19. 19. Save 40% operational cost by smart load balancing Increase WAN reliability with out increase in $ cost Avoid service outages Improve application performance© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
  20. 20. SP-­‐A   BR BR MC/BR SP-­‐B   MC BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
  21. 21. SP-­‐A   Network Network Outage Outage BR BR MC/BR SP-­‐B   MC BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
  22. 22. Pfr enabled SP-­‐A   Network Network Outage Outage BR BR MC/BR SP-­‐B   MC BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
  23. 23. Voice and Video Bussiness Critical Expensive   Rest of traffic SP-­‐A   BR BR MC/BR SP-­‐B   MC BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
  24. 24. Voice and Video Pfr enabled Bussiness Critical Expensive   Rest of traffic SP-­‐A   BR BR MC/BR SP-­‐B   MC BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
  25. 25. Voice and Video Business Critical   Rest of traffic SP-­‐A   SP-­‐B   BR BR MC/BR MC BR BR HQ   SP-­‐C   BR© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
  26. 26. Voice and Video Pfr enabled Business Critical   Rest of traffic SP-­‐A   SP-­‐B   BR BR MC/BR MC BR BR HQ   SP-­‐C   BR© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
  27. 27. Voice and Video Pfr enabled Business Critical   Rest of traffic SP-­‐A   SP-­‐B   BR BR MC/BR MC BR BR HQ   SP-­‐C   BR© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
  28. 28. Voice and Video Pfr enabled Business Critical   Rest of traffic SP-­‐A   Ready for Business Critical SP-­‐B   BR BR Ready for Voice and VideoMC/BR MC BR BR HQ   SP-­‐C   BR© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
  29. 29. SP-­‐A   BR BR MC/BR SP-­‐B   MC BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
  30. 30. SP-­‐A   Service Outage Service outage BR BR MC/BR SP-­‐B   MC BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
  31. 31. Pfr enabled SP-­‐A   Service Outage Service outage BR BR MC/BR SP-­‐B   MC BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
  32. 32. Detect loss > 10% Internet •  Internet Access with Multiple ISPs •  Optimization policies based on Prefixes •  Egress and Ingress Optimization Cloud Service Best Effort traffic ISP-1 (Primary) ISP-2 (Secondary) Cloud Service & Load Balancing Policy •  Maximize all ISP bandwidth by load sharing other Internet traffic •  Protect business Cloud applications from network brownout Loss > 10% •  Cloud Service preferred path – ISP1© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
  33. 33. Detect loss > 10% Internet •  Internet Access with Multiple ISPs •  Optimization policies based on Prefixes •  Egress and Ingress Optimization Cloud Service Best Effort traffic ISP-1 (Primary) ISP-2 (Secondary) Cloud Service & Load Balancing Policy •  Protect business Cloud applications from network brownout Loss > 10% •  Cloud Service preferred path – ISP1 •  Maximize all ISP bandwidth by load sharing other Internet traffic© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
  34. 34. Detect high jitter WAN •  Enterprise WAN •  Optimization policies based on Applications Critical Apps •  Egress Optimization only Voice - Video Best Effort traffic SP-A (MPLS VPN) SP-B (DMVPN) Multimedia & Critical Data Policy •  Protect voice and video quality Latency > 200ms; Jitter > 30ms •  Protect Critical applications from brownouts Loss > 5% •  Voice & Video preferred path SP-A •  Critical Apps preferred path SP-A •  Maximize utilization by load sharing© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
  35. 35. Detect high jitter WAN •  Enterprise WAN •  Optimization policies based on Applications Critical Apps •  Egress Optimization only Voice - Video Best Effort traffic SP-A (MPLS VPN) SP-B (DMVPN) Multimedia & Critical Data Policy •  Protect voice and video quality Latency > 200ms; Jitter > 30ms •  Protect Critical applications from brownouts Loss > 5% •  Voice & Video preferred path SP-A •  Critical Apps preferred path SP-A •  Maximize utilization by load sharing© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
  36. 36. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
  37. 37. •  The Decision Maker: Master Controller (MC) Apply policy, verification, reporting MC No packet forwarding/ inspection required •  The Forwarding Path: Border Router (BR) Learn, measure, enforcement BR BR •  Optimize by: Reachability, Delay, Loss, Jitter, MOS, WAN1 WAN2 Throughput, Load, and/or $Cost© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
  38. 38. Internet Edge Enterprise WAN Branch   ISP1 ISP2 MC/BR WAN1   (IP-­‐VPN)   BR BR MC MC/BR BR WAN2   (IPVPN,  DMVPN)   BR MC BR MC/BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
  39. 39. HQ  •  Multisite MC Peering Framework MC•  MC to MC Peering Framework can be used to exchange policies, services and feedback BR BR•  Remote Site Discovery Automatic discovery of branch routers Simplifies Configuration – prefix and target discovery WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Probing Efficiency – sharing of probe data across policies Enhance PfR – remote site bandwidth discovery MC/BR MC/BR MC/BR BR© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
  40. 40. HQ   Site HQ Publish Prefix H1, H2, H3 •  Each MC announces its site name, inside MC Responder H prefixes, probe target address and remote bandwidth BR BR WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   MC/ MC/ MC/ BR Site 1 BR Site 2 BR BR Site 3 Publish Publish Publish Prefix A Prefix B Prefix C, D, E Responder 1 Responder 2 Responder 3, 4© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
  41. 41. HQ   MC Prefixes Responders Sites Prefix A Responder1 Site 1 Prefix B Responder2 Site 2 BR BR Prefix C, D, E Responder3, 4 Site 3 WAN1   WAN2  •  Mapping table built on each site (IP-­‐VPN)   (IPVPN,  DMVPN)  •  Allows automatic jitter probe configuration•  Allows automatic probe generation MC/BR MC/BR MC/BR BR© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
  42. 42. Get the Traffic Classes in the Learning MC database Get the Traffic Classes Monitoring (Passive – Active) Performance Metrics Check Delay, loss, threshold, Choosing Your Policies Bandwidth and more … Use a good performing path Enforcing the Path per Traffic Class© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
  43. 43. HQ   Traffic •  PfR determines the traffic classes from the Classes MC traffic flowing through the border routers •  Subsets of the total traffic must be identified, and these traffic subsets are BR BR named traffic classes Voice, Video, The Rest of the Critical Traffic Dest. IP DSCP Delay Loss Jitter BW Global 10.2.2.0/24 - 0 … … WAN1   WAN2   … … … … … (IP-­‐VPN)   (IPVPN,  DMVPN)   or Dest. IP DSCP AppID Delay Loss Jitter BW 10.2.2.0/24 EF 0 … … … … … … …Application MC/BR MC/BR MC/BR BR Groups Dest. IP DSCP AppID Delay Loss Jitter BW 10.2.2.0/24 AF31 0 … … … … … … … 10.1.1.0/24 10.2.1.0/24 10.1.2.0/24 … © 2012 Cisco and/or its affiliates. All rights reserved. 10.2.9.0/24 Cisco Confidential 43
  44. 44. HQ   Traffic Classes MC Voice - Video Traffic Classes Critical Application Definition BR BR Voice, Video, The Rest of the Prefixes Rest of the Traffic Critical Traffic Prefixes + DSCP Applications EXAMPLE WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Critical Apps – DSCP AF31•  Check Prefixes and •  Mask 24 – 11 TCs •  Mask 16 – 2 TCs application/DSCP per branch MC/BR MC/BR MC/BR BR ‒  This will give an idea of the number of Traffic Classes ‒  Tune Aggregation Mask as needed 10.10.1.0/24 10.20.1.0/24 10.10.2.0/24 …© 2012 Cisco and/or its affiliates. All rights reserved. 10.20.9.0/24 Cisco Confidential 44
  45. 45. HQ   Traffic Classes MC Destination App Ingress Egress DSCP Delay Loss BR Exit Prefix Id BW BW NetFlow BR BR NetFlow Cache CacheTraffic Classes WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   §  MC commands BRs to learn Traffic Classes MC/BR MC/BR MC/BR BR © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
  46. 46. HQ   MC Destination App Ingress Egress DSCP Delay Loss BR Exit Prefix Id BW BW 10.1.1.1/32 EF BR1 E0/0 BR BR NetFlow NetFlow 20.2.1.0/24 AF31 BR2 E0/0 Cache Cache 30.1.1.0/24 0 BR1 E0/0Traffic Classes WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   §  BRs use their NetFlow cache ‒  Top Talkers based on throughput §  BRs aggregate based on the configured destination mask MC/BR MC/BR MC/BR BR §  Send the reports to the MC every minute © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
  47. 47. HQ   Traffic MC Classes Passive Passive Performance Metrics Reachability Delay Loss NetFlow BR BR NetFlow Cache Cache Egress BW Ingress BW §  PfR Netflow Monitoring §  Flows Need not be symmetrical WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Learning Monitoring (Passive – Active) MC/BR MC/BR MC/BR BR Choosing Your Policies Enforcing the Path© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
  48. 48. HQ   MC Destination App Ingress Egress DSCP Delay Loss BR Exit Prefix Id BW BW 10.1.1.1/32 0 BR1 Gi1/1 10.1.10.0/24 AF11 BR1 Gi1/2 BR BR … 0 BR2 Gi1/1Traffic Classes BR Links Ingress Egress BR1 Gig1/1 WAN1   WAN2   BR2 Gig1/2 (IP-­‐VPN)   (IPVPN,  DMVPN)   §  PfR uses NetFlow to collect and aggregate passive monitoring statistics on a per traffic class basis. MC/BR MC/BR MC/BR BR §  MC Instructs BRs to monitor the performance © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
  49. 49. HQ   MC Destination App Ingress Egress DSCP Delay Loss BR Exit Prefix Id BW BW 10.1.1.1/32 0 60 0 20 40 BR1 Gi1/1 10.1.10.0/24 AF11 110 0 52 60 BR1 Gi1/2 BR BR … 0 89 1 34 10 BR2 Gi1/1 NetFlow NetFlow Cache CacheTraffic Classes BR Links Ingress Egress BR1 Gig1/1 200 40 WAN1   WAN2   BR2 Gig1/2 130 60 (IP-­‐VPN)   (IPVPN,  DMVPN)   §  Border routers collect and report passive monitoring statistics to the master controller approximately once per minute. MC/BR MC/BR MC/BR BR §  BRs gather performance measurements using Netflow §  BRs report Performance Metrics for Traffic Classes to the Master Controller © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
  50. 50. HQ   Traffic Classes MC Active Active Reachability Delay Loss Performance Metrics BR BR Jitter MOS §  PfR enables IP SLA feature §  Probes sourced from BR §  ICMP probes learned or configured WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   §  TCP, UDP, JITTER need ip sla responder Learning Monitoring (Passive - Active) MC/BR MC/BR MC/BR BR Choosing Your Policies Enforcing the Path© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
  51. 51. HQ   Traffic Classes MC Fast Active §  Active probes on all path all the time Performance §  Passive to measure BW only Metrics BR BR WAN1   WAN2   Active Throughput (IP-­‐VPN)   (IPVPN,  DMVPN)   §  Passive to measure BW only §  Active probing on current exit MC/BR MC/BR MC/BR BR §  Fast Mode is used when fast failover is needed© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
  52. 52. HQ   MC Destination App Ingress Egress DSCP Delay Jitter Loss BR Exit Prefix Id BW BW 10.1.1.1/32 EF BR1 Gi1/1 BR BR 10.1.10.0/24 AF31 BR1 Gi1/2 … 0 BR2 Gi1/1Traffic Classes WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   §  Active monitoring involves creating a stream of synthetic traffic (IP SLA probes) that replicates a traffic class as closely as possible. MC/BR MC/BR MC/BR BR §  MC Instructs BRs to send probes and monitor the performance © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
  53. 53. HQ   MC Destination App Ingress Egress DSCP Delay Jitter Loss BR Exit Prefix Id BW BW 10.1.1.1/32 EF 60 10 0 20 40 BR1 Gi1/1 BR BR 10.1.10.0/24 AF31 110 15 0 52 60 BR1 Gi1/2 … 0 89 26 1 34 10 BR2 Gi1/1Traffic Classes WAN1   WAN2   §  BRs gather performance measurements using IP SLA (IP-­‐VPN)   (IPVPN,  DMVPN)   probes ‒  The performance metrics of the synthetic traffic are collected ‒  BRs report Performance Metrics for Traffic MC/BR MC/BR MC/BR BR Classes to the MC §  The MC applies results to the traffic class entry in the Master Controller database © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
  54. 54. HQ   Traffic Classes MC Link Application Performance §  Load balancing §  Reachability BR BR Voice, Video, The Rest of the §  Max utilization §  Delay Critical Traffic §  Link grouping §  Loss §  $Cost §  MOS WAN1   WAN2   §  Jitter (IP-­‐VPN)   (IPVPN,  DMVPN)   Learning Monitoring (Passive – Active) MC/BR MC/BR MC/BR BR Choosing Your Policies Enforcing the Path© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54
  55. 55. HQ   1. Link-Group MC 2. Loss Voice - Video 3. Jitter BR BR 4. Delay Voice, Video, The Rest of the Critical Traffic 1. Link-Group Critical Application 2. Loss WAN1   WAN2   4. Delay (IP-­‐VPN)   (IPVPN,  DMVPN)   Rest of the Traffic Load-Balancing MC/BR MC/BR MC/BR BR §  Multiple resolvers can be assigned §  Set of Policies per Application Group §  Resolver Priority© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 55
  56. 56. HQ   MC Destination Prefix Application §  BGP §  Dynamic PBR -  Egress: route injection or §  NBAR/CCE Modifying the BGP Local BR BR Voice, Video, The Rest of the Preference attribute Critical Traffic -  Ingress: BGP AS-PATH Prepend or AS Community §  EIGRP Route Control WAN1   WAN2   §  Static Route Injection (IP-­‐VPN)   (IPVPN,  DMVPN)   §  PIRO Learning MC/BR MC/BR MC/BR BR Monitoring (Passive – Active) Choosing Your Policies Enforcing the Path© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 56
  57. 57. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 57
  58. 58. Internet Edge Branch   ISP1 ISP2 MC/BR WAN1   (IP-­‐VPN)   BR BR MC MC/BR BR WAN2   (IPVPN,  DMVPN)   BR MC BR MC/BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 58
  59. 59. •  Problem Statement Internet Ingress/Egress path are under/over utilized Maximize bandwidth utilization (uplinks with different BW ISP A ISP B•  Manual Solution Consider The Traffic Patterns of the Enterprise. Does the Enterprise Host Content? 1000 20 Ingress Mbps Mbps Does the Enterprise Access Content? Egress Not Sure? Graph Interface Byte Count Use NetFlow Even better, use Flexible NetFlow R1 R2•  In General, sites have a 80:20 traffic volume (in bytes) mix. Fix only the 80% Direction. 20% direction doesn’t matter unless links are widely varying speeds.© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 59
  60. 60. Direction of Traffic Tool/Attribute Implementation Flow Affected Longest Match Inbound and Outbound Static or Redistribution / Received Local Preference Outbound Direction Applied: Inbound AS_Path Inbound Direction Applied: Outbound Communities Inbound Direction Applied: Outbound •  “Direction Applied”, works together with Route Maps© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 60
  61. 61. HQ  •  PfR used to load balance the traffic R3 Distributes traffic based upon Link Utilization (Load) iBGP Links can have different bandwidths New default policies based on load-balancing R4 R5•  Cisco ASR1k is typical BR/MC with BR eBGP eBGP terminating Internet connections•  BGP routing BRs must be iBGP peers Default routing or ISP1   ISP2   Partial routes or ISP3   Full routes ISP4   ISP5  •  PfR can actively manage up to 20k Prefixes concurrently (with ASR1000) ISP6   12.4T/15.0.1M IOS-XE 3.3.0© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 61
  62. 62. HQ   R3 iBGP Learning Dest Prefixes (NetFlow) R4 R5 Monitoring Passive – Global eBGP 55% 45% eBGP Egress BW Utilization Policies Load-Balancing (range) ISP1   ISP2   ISP3   Path Enforcement BGP ISP4   ISP5   Inject BGP Route ISP6   BGP Local Pref© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 62
  63. 63. HQ   R3 iBGP Learning Inside Prefixes (BGP) R4 R5 Monitoring Passive – Global eBGP eBGP Ingress BW Utilization 20% 17% Policies Load-Balancing (range) ISP2   ISP1   ISP3   Path Enforcement BGP ISP4   ISP5   BGP AS-PATH Prepend ISP6   BGP Community© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 63
  64. 64. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 64
  65. 65. Enterprise WAN Branch   ISP1 ISP2 MC/BR WAN1   (IP-­‐VPN)   BR BR MC MC/BR BR WAN2   (IPVPN,  DMVPN)   BR MC BR MC/BR HQ  © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 65
  66. 66. HQ   Voice - Video•  Problem Statement: Critical Application MC Recent carrier routing problem cause a network outage (Blackout). Rest  of  the  Traffic   Fluctuating performance over the WAN is Voice, Video, BR BR The Rest of the causing intermittent application problems (Brownout) Critical Traffic Secondary/Backup WAN path under utilized•  Solution: PfR Application based optimization WAN1   WAN2   (IP-­‐VPN)   (IPVPN,  DMVPN)   Protect Voice and Video traffic: primary path, check delay, loss, jitter – fallback secondary Protect Business Applications: primary path, check loss, utilization – fallback secondary MC/BR MC/BR MC/BR BR Best effort Applications – Maximize bandwidth utilization: load balanced across SPs or use the secondary path© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 66
  67. 67. HQ   Traffic Classes MC Learning BR BR Voice - Video Voice, Video, The Rest of the Critical Traffic Classes of Critical Application Applications WAN1   WAN2   Rest of the Traffic (IP-­‐VPN)   (IPVPN,  DMVPN)   Prefixes Prefixes + DSCP MC/BR MC/BR MC/BR BR Applications© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 67
  68. 68. HQ   Traffic Classes MC Monitoring Fast – Voice/Video NetFlow NetFlow Active – Critical Apps BR BR Probes Probes Passive – Rest App Ingress Egress WAN1   WAN2  Destination Prefix DSCP Delay Jitter Loss BR Exit (IP-­‐VPN)   (IPVPN,  DMVPN)   Id BW BW10.1.1.1/32 EF 60 10 0 20 40 BR1 Gi1/110.1.10.0/24 AF31 110 20 0 52 60 BR1 Gi1/2 … EF 89 35 1 34 10 BR2 Gi1/1Destination App Ingress Egress DSCP Delay Loss BR Exit MC/BR MC/BR MC/BR BR Prefix Id BW BW 10.1.1.1/32 0 60 0 20 40 BR1 Gi1/110.1.10.0/24 AF11 110 0 52 60 BR1 Gi1/2 … 0 89 1 34 10 BR2 Gi1/1 © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 68
  69. 69. HQ   MC Policies BR BR Voice, Video, The Rest of the 1. Link-Group Critical Traffic 2. Loss Voice - Video 3. Jitter WAN1   WAN2   4. Delay (IP-­‐VPN)   (IPVPN,  DMVPN)   1. Link-Group Critical Application 2. Loss 4. Delay MC/BR MC/BR MC/BR BR Rest  of  the  Traffic   Load-Balancing© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 69
  70. 70. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 70
  71. 71. HQ   NetFlow•  Standard based MC•  PfR NetFlow v9 Export SNMP Read The PfR NetFlow v9 Exporter resides on the PfR Master BR BR Controller Exports Passive Metrics, Active Metrics, Events, Configuration•  PfR SNMP MIB WAN2   WAN1   TC as a row of cpfrTrafficClassTable (IP-­‐VPN)   (IPVPN,  DMVPN)   TC Status as a row of cpfrTrafficClassStatusTable performance metrics as a row of cpfrTrafficClassMetricsTable Traps MC/BR MC/BR MC/BR BR•  NMS application vendors engaged!•  Cisco Prime Assurance engaged! 7© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 71
  72. 72. To Support Technologies Such as Flows from Flows from MPLS or Multicast, This Export Format Can Interface A Interface B Be Leveraged to Easily Insert New Fields Template FlowSet #0 Data FlowSet Data FlowSet Option Option Data FlowSet Template FlowSet ID #256 FlowSet ID #257 Template Record Template Record FlowSet FlowSet ID #1 (Version, Template ID #254 Template ID #257 Data Record Data Record # Packets, Data Record Template ID Option Option (Specific Field (Specific Field 258 Data Record Data RecordSequence #, Source ID) Types and Lengths) Types and Lengths) (Specific (Field Values) (Field Values) (Field Values) Field Types (Field Values) (Field Values) and Lengths) •  Matching ID numbers are the way to associate template to the data records •  The header follows the same format as prior NetFlow versions so collectors will be backward compatible •  Each data record represents one flow •  If exported flows have different fields, they cannot be contained in the same template record (i.e., BGP next hop cannot be combined with MPLS-aware, NetFlow records)© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 72
  73. 73. Traffic Analysis Denial of Service BillingMore info: http://www.cisco.com/warp/public/732/Tech/nmp/netflow/partners/commercial/ © 2012 Cisco and/or its affiliates. All rights reserved. 73
  74. 74. MC© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 74
  75. 75. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 75
  76. 76. © 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 76

×