Deploying Cisco ISR G2 and ASR 1000 in the Enterprise

7,742 views

Published on

This presentation discusses the disrupting networking trends that are changing the Enterprise landscape, scope of these changes include the areas of network security, services delivery, application performance optimization and cloud access in tomorrow's borderless networks. The biggest challenge is to help Enterprise IT scale. Borderless Networks is an architectural approach to networking that, if designed correctly, can automate business and network processes driving down operational cost, thus allowing IT to scale. Cisco ISR G2 and ASR 1000 platforms offer the best in class service richness and flexibility that is needed to deliver the promise of borderless networks and allow users to turn on services on-demand.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
7,742
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
279
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Welcome to this year’s Networkers event! I’d like to call out a few house-keeping items for this year’s conference.If you haven’t already, download the Cisco Mobile Events app at bit.ly/cnsfapp. The app can be used on all types of Smart-phones and android devices.You have an opportunity to earn points, win prizes, view program highlights, link to peers, Cisco experts, and partners. When you click on ‘Check-In’ for the Networkers event, you automatically earn a ‘Canada’ badge! Also, if you are engaged in Social Media, join the Networkers 2011 conversation through Twitter, Facebook, and YouTube. Use hash-tag CNSF2011 to be part of the discussion.
  • The diagram you see here outlines the main components of the borderless network architecture – it links applications, users, and end-point devices with operational processes and the network.It serves as both a framework for our system and architecture roadmap, as well as the deployment blueprint for Borderless Organizations. Let me briefly walk through its main elements. There are key pillars of functionality that Cisco Borderless Networks delivers on – primarily video, green, security, mobility, and application performance—on an end-to-end basis. For innovative organizations, these are key areas of investment and differentiation. The critical network services and proof-points of these pillars include Medianet, TrustSec and EnergyWise; they are delivered by the core infrastructure including routing, switching, mobility, security and WAN Optimization components. Equally important to the Borderless Network architecture is how the user experience is impacted by these network services—when mobile, when engaging with video, and in the workplace—however it’s defined. Network services integrate with endpoint technologies like AnyConnect, to deliver always-on, seamless, reliable, secure connectivity regardless of location or device.Meanwhile, Borderless Management and Policy are built into Network and User Services, offering a flexible and dynamic framework for policy definition and enforcement that spans across video, green, security, mobility, and application performance. The focus here is to connect the right user, the right device, the right application at the right place, at the right time, to the right network. It enables organizations to offer different levels of access privileges or performance characteristics to users, devices and applications.In this framework, policy definition and administration are centralized while control, visibility and enforcement are distributed via the application of dynamic policy assignments.Finally, we have the end-point devices that Cisco extends intelligence and awareness to, including cameras, video terminals, IP Phones, and mobile devices so that the experience is seamless and end to end. It is this blended approach of technologies and new capabilities that will enable new business models and allow your organization to go Borderless. Let’s take a look now at each of those critical network services I mentioned.services including mobile collaboration and secure mobility
  • Advanced WAN capabilities such as PfR, Medianet, SAF, IPv6, cloud accessSelf deployed MPLSvs Enterprise MPLS where you simply connect to the provider’s network
  • Cisco WAAS enables organizations to accomplish these primary IT objectives:Cisco WAAS enhances productivity by mitigating the effects of WAN latency. Applications perform better. Data is transferred faster.Cisco WAAS reduces bandwidth consumption, delaying or eliminating increased recurring bandwidth costs. Cisco WAAS enables IT consolidation, reducing both capital and recurring expenses for branch IT infrastructure.Cisco WAAS delivers increased business agility by enabling IT consolidation and enhanced application rollouts without the risk of degraded productivity or added complexity. Ultimate agility is available with Cisco ISRG2 and the Services-Ready Engine (SRE), offering WAN optimization “on demand” as business needs arise.Cisco WAAS is deployed on an appliance or router-integrated service module on each side of the WAN to provide application-specific acceleration and WAN optimization capabilities. Cisco WAAS appliances can be deployed out of the data path or physically in-path in the data center or in the remote branch office, and Cisco WAAS network modules can be deployed out-of-path in the branch office. Regardless of the deployment model, Cisco WAAS provides application performance improvements and enables centralization without compromising high availability and scalability by providing intelligent load-distribution and fail-through operation.
  • Application aware Data Redundancy Elimination (DRE) Improve application performance on traditional applications as well as emerging applications such as Video, Virtual Desktops and cloud-based applications Performance fairness across all branches Increased bandwidth savings through better compression Integrated Application Performance Monitoring (APM) Provide visibility to effectively optimize application performance and manage network utilization Improve operational efficiency with integrated management Provide rapid root-cause analysis of application performance issuesECDS allows for consistent and predictable WAN utilization for Video on Demand and Live Video for low and high demand video requests.Stream Splitting – Allows one stream to be sent over the WAN and split locally to multiple clients.Video on Demand – ECDS can dynamically or manually pre-position videos at the branch Service Engine for local client serving.Live Video – Through live video ingest, ECDS can multicast-to-unicast & unicast-to-multicast. This allows for multicast distribution over non-multicast WAN’s.Hierarchical CDN with Advanced prepositioning (manual and dynamic)Scheduled events (live and multicast)Native multiprotocol support (Flash, WM, QT)Flexible deployment and HA featuresHigh Availability enhancementsImproved WCCP timers for better fault toleranceMultiple WCCP service groups for higher optimization performance
  • This actually simplifies making a QoS recommendation. However if you are unfamiliar with all the QoS options available this may seem complicated, if so take a look at two of several QoS GuidesEnterprise QoS Solution Reference Network Design Guide (303 pages)http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoS-SRND-Book.htmlMedianet Campus QoS Design 4.0 (181 pages)http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html
  • This is for campus use, all references to traversing a WAN are in the following slides.This is an animated slide, the following hidden slide is not animated
  • The WAN router controls the percentage of bandwidth allocated to each class and proper classification before entering the SP network.You can set CS5 BW % before you remark and queue, thereby controlling ingress to SP cloudThis applies to all cases where multiple classification from the Enterprise WAN router are combined into a single SP Class of ServiceACL to fix CS5 to AF41 on other side since know sourceHow important is CS% to business….may decide not to remark and allow to enter the Service Provide COS1. These are representation of AT&T & Verizon offerings. These can vary around the world, however the represent the most common models to date.
  • This is an animated transition slide, the following hidden slides allow for the same discussion without animation.These are representation of AT&T & Verizon offerings. These can vary around the world, however the represent the most common models to date.
  • Objective - To shape the traffic for standard backup link to the headend and mobile branches primary link in this solutionLimitations - No per SA QOS policy support (roadmapped for Q4CY11)Workaround – Groups branches by type into groups per IP addresses, then apply QOS to those groups
  • For those interested in copies of this year’s conference presentations, please visit our Event Landing Page at www.networkerssolutionsforum.com. Here you will find the presentations for download.Lastly, we are interested in your feedback. Please take the time to fill-out the Conference Evaluation Form. If you did not receive an Eval Form with today’s Conference Guide, please see one of our Registration Attendants. The Eval Forms will be used for the prize draws at the Cocktail Reception.
  • Deploying Cisco ISR G2 and ASR 1000 in the Enterprise

    1. 1. Welcome<br />
    2. 2. Branch and Head-end of Tomorrow: Deploying Cisco ISRG2 and ASR 1000 in the Enterprise<br />Presented by James Weathersby<br />#CNSF2011<br />
    3. 3. Agenda<br />NG Network – Introducing the Borderless Routing Infrastructure<br />Platform Overview<br />ISRG2<br />ASR 1k<br />Enabling Technologies<br />WAN Optimization<br />Video/MediaNet<br />QOS<br />Security<br />Deployment Templates – Branch and Head End<br />
    4. 4. NG Networks – Introducing BRI<br />
    5. 5. Borderless Network Architecture<br />Architecture for Agile Delivery of the Borderless Experience<br />BORDERLESS END-POINT/USER SERVICES<br />POLICY<br />Securely, Reliably, Seamlessly:AnyConnect<br />MANAGEMENT<br />App Performance: App Velocity<br />Energy Management: EnergyWise<br />Multimedia Optimization: Medianet<br />BORDERLESS NETWORK SERVICES<br />Mobility:Motion<br />Security:TrustSec<br />CISCO SMARTSERVICES<br />BORDERLESS NETWORK SYSTEMS<br />CISCO LIFECYCLE SERVICES<br />Core<br />Fabric<br />Unified<br />Access<br />Extended<br />Edge<br />Extended Cloud<br />APIs<br />Application Networking/ Optimization<br />BORDERLESSINFRASTRUCTURE<br />Switching<br />Security<br />Routing<br />Wireless<br />PROFESSIONAL SERVICES: Realize the Value of Borderless Networks Faster<br />
    6. 6. Borderless Routing Infrastructure<br />Borderless Routing Infrastructure provides <br />Aprescriptive design to support deployment and access to enterprise and cloud resources<br />Not a list of all configuration options<br />Focus on Large Enterprise andPublic Sector organizations<br />Provides an infrastructure for adding Borderless Services<br />Multi-Phase plan to support future services<br />Incorporatesapplication awareness and control for data, video and unified communications<br />IPv6<br />Cloud Access<br />
    7. 7. Which Reference Architecture?<br />Scope<br />Smart Business Architecture (SBA)<br />Borderless Routing Infrastructure (BRI)<br />Campus<br />Single Regional WAN<br />Internet Edge<br />Multiple Regional WANs<br />Routing Core for transport<br />Advanced WAN Capabilities <br />Scale<br />Up to 500 remote sites<br />Up to 10,000 users<br />Fixed variants<br />Theater and Global WANs<br />Enterprise Interconnect<br />Enterprise MPLS<br />Multiple routing domains<br />Carrier-class Services<br />Prescriptive designs <br />Detailed deployment guidance<br />Emphasis on best practices<br />Complexity<br />
    8. 8. High Level Topology – BRI<br />In Theater WAN<br />Country C<br />Global WAN<br />In Theater WAN<br />Country A<br />Services<br />Voice, Video, Etc.<br />Services<br />Voice, Video, Etc.<br />Services<br />Voice, Video, Etc.<br />Services<br />Voice, Video, Etc.<br />In Theater WAN<br />Country B<br />Customer<br />premise<br />Remote<br />Customer<br />premise<br />Metro MAN<br />Regional<br />WANs<br />Interconnect<br />Internet<br />Unmanaged WAN<br />Services<br />WEB<br />Cloud<br />Data Center<br />Cloud<br />Service<br />Provider<br />Campus<br />Data Center<br />Enterprise RTR<br />
    9. 9. Internet for Enterprise WAN<br /><ul><li>Terminating remote networks into the Enterprise Edge
    10. 10. VPN Termination, FW policies
    11. 11. Allow primary or redundant links
    12. 12. QOS on outbound interfaces
    13. 13. No expectation of differentiated services
    14. 14. Makes Edge part of Enterprise Branch WAN design</li></ul>Regional <br />Location<br />Primary WAN link<br />Remote Location<br />Internet<br />Enterprise<br />Borderless Network<br />Central Location<br />Service<br />Provider<br />VPN<br />VPN<br />VPN<br /> WAN link<br />Typical flow<br />Optional Back location<br />
    15. 15. Enterprise Branch WAN - Overview<br />
    16. 16. Enterprise Branch WAN <br />Interconnect<br />ASR1K<br />ASR1K<br />ASR1K<br />ASR1K<br />ASR1K<br />ASR1K<br />Local Campus<br />Data Center<br />Redundant, Scalable<br /> head-end<br />ASR 1k providing <br />WAN Aggregation<br />Internet Edge<br />Internet<br />SP B<br />MPLS<br />SP A<br />MPLS<br />DMVPN Head End<br />OC3, GE<br />DS3, FE<br />3G/4GWWAN<br />T1/E1, Ethernet<br />Ultra High-End<br />Branch Office<br />High End Branch<br />Standard Branch<br />MobileBranch<br />
    17. 17. Platforms Overview<br />
    18. 18. ISRG2 Line up<br />WAN Access Speeds with Services<br />3945E<br />Line Rate <br />N x FE<br />3925E<br />3945<br />Line Rate <br />FE +<br />3925<br />2951<br />WAN Access Speed With Services<br />2921<br />VDSL2+/Sub-rate FE<br />2911<br />2901<br />EFM<br />SubrateFE<br />1941<br />1921<br />800<br />250 Mb<br />350 Mb<br />150 Mb<br />25 Mb<br />75 Mb<br />35 Mb<br />100 Mb<br />50 Mb<br />15 Mb<br />10 Mb<br />
    19. 19. Integrated Services Routers G2 – Technical Overview<br />Under the Covers<br />Services Performance Engine (3900)<br /><ul><li>Upgradeable engines
    20. 20. SPE-200 & SPE-250</li></ul>Multi-core Network Processor<br /><ul><li>5x- 7xperformance increase</li></ul>Multi Gigabit Fabric<br /><ul><li>Module to module communications
    21. 21. Packet prioritizationand shaping</li></ul>NG DSP Modules<br /><ul><li>Video ready DSP modules
    22. 22. 4x increase in audio conferencing and transcoding
    23. 23. Configurable power savings modes</li></ul>GE Ports<br /><ul><li>4 on 3900E
    24. 24. 3 on 2911+
    25. 25. SFP slots on 2921and above</li></ul>EHWIC<br /><ul><li>2x performance increase
    26. 26. HWIC/WIC/VWIC/VIC support natively
    27. 27. EPoE capable</li></ul>Service Modules<br /><ul><li>3x-7x increase in service module performance
    28. 28. Existing NM support through adapter
    29. 29. EPoE capable</li></ul>Internal Services Module<br /><ul><li>3x increase in servicemodule performance
    30. 30. Configurable power savings mode
    31. 31. Not available on 3900E & 1941W</li></ul>USB<br /><ul><li>Console over USB
    32. 32. Convenience storage
    33. 33. Security credentials</li></li></ul><li>Cisco ASR 1000 Series Routers: Overview<br />Instant On Service Delivery <br />Compact, Powerful Router<br />Business-Critical Resiliency<br /><ul><li>Line-rate performance 2.5G to 100G+ with services enabled
    34. 34. Investment protection with modular engines, IOSCLI and SPAs for I/O
    35. 35. Hardware based QoS engine with 128K queues
    36. 36. Integrated firewall, VPN, encryption, NBAR, CUBE-ENT,CUBE-SP
    37. 37. Scalable on-chip service provisioning through software licensing
    38. 38. Fully separated control and forwarding planes
    39. 39. Hardware and software redundancy
    40. 40. In-service software upgrades</li></ul>Embedded High-Performance Resilient Services <br />ASR 1013 <br />ASR 1001<br />ASR 1002<br />ASR 1004<br />ASR 1006 <br />2.5–10Gbps<br />10-40Gbps<br />10-40+Gbps <br />40-360Gbps <br />2.5 -5Gbps<br />
    41. 41. ASR 1000 Series Chassis<br />ASR1013<br />ASR1006<br />ASR1002<br />ASR1004<br />ASR1001<br />
    42. 42. Cisco Router Security Certifications <br />http://www.cisco.com/go/securitycert<br />
    43. 43. Deploying End to End WAN Services<br />
    44. 44. Optimization<br />
    45. 45. Cisco WAAS: WAN Optimization Solution<br />Flexible deployment options<br />One-box solution<br />Full WAAS functionality<br />WAN<br />WAASAppliances<br />WAN<br />Data Center<br />WAN<br />Internet<br />WAAS<br />VPN<br />WAASExpress<br />WAASon SRE<br />Branch Office<br />Branch Office<br />Fully integrated in IOS<br />No additional HW required<br />Integrates with overall WAAS deployment<br />
    46. 46. Key WAAS Express Features<br /><ul><li>Optimization
    47. 47. Auto-Discovery
    48. 48. TFO
    49. 49. LZ Compression
    50. 50. DRE
    51. 51. Management
    52. 52. Offers simplified CLI configuration
    53. 53. WAAS Central Manager for management and provisioning
    54. 54. Network Integration
    55. 55. Compatible with WAAS appliances
    56. 56. Inline IOS feature - Interoperates with IOS Security and QoS
    57. 57. Support for mixed devices (WAAS appliances, WAAS on SRE, WAAS Express</li></li></ul><li>Cisco PfR and Cisco WAAS IntegrationAdaptive WAN-Optimized Network<br />Cisco Wide Area Application Services (WAAS) optimizes the TCP session<br />Cisco PfR monitors and optimizes WAN path selection<br />Cisco WAAS network transparency allows individualized session placement by Cisco PfR over best WAN path<br />Cisco WAE<br />Cisco PfR Places SQL Traffic on Best-Performing WAN Path<br />MPLS-VPN<br />Cisco WAE<br />BR<br />MC<br />BR<br />BR<br />IPSec overInternet<br />Servers<br />PfR Master Controller (MC)& Border Router (BR)<br />Client<br />Cisco WAE<br />Data Center<br />Branch Office<br />Cisco PfR Domain<br />
    58. 58. WAAS 4.4 New Features and Benefits<br />4.4<br />Integrated APM<br />Applicationaware DRE<br /><ul><li> Increased Visibility into Application and network performance
    59. 59. Improve operational and management efficiency
    60. 60. Rapid detection of application performance issues
    61. 61. Improved Performance (traditional, emerging and cloud based applications)
    62. 62. Fair performance amongst branches
    63. 63. Improved overall bandwidth utilization</li></ul>WAAS4.4<br />eCDS on VB<br />High Availabilityenhancements<br />WCCP<br /><ul><li> Complete WAN optimization + Video CDN solution
    64. 64. Hierarchical CDN with advanced prepositioning and dedicated Video cache
    65. 65. Scheduled events (live and multicast)
    66. 66. Improved WCCP timers for HA
    67. 67. Multiple WCCP service groups improving optimization performance</li></li></ul><li>Enterprise End to EndQoS Recommendation<br />
    68. 68. Enterprise Campus7 classes of service, 12 classifications<br />Queuing structure<br />4 Queues Multiple Thresholds <br />Real-time Interactive<br />Lowlatency-Data<br />Data<br />Voice<br />Remote campus <br />locations<br />Queue<br />Data Center<br />locations<br />12 Classifications<br />7 Classes of Service<br />PQ<br />EF<br />Telephony<br />WAN<br />CS4<br />Real-Time Interactive<br />T1<br />Q1<br />AF41<br />Multimedia Conferencing<br />CS6<br />Bulk<br />Network Control <br />Best Effort<br />Scavenger<br />CS2<br />Operations / Management<br />T3<br />CS3<br />Signaling<br />T2<br />Main campus<br />locations<br />AF21<br />Low-Latency Data <br />Q2<br />T1<br />AF31<br />Multimedia Streaming<br />CS5<br />Broadcast Video<br />BE<br />Standard<br />T2<br />AF11<br />Q3<br />High-Throughput<br />T1<br />CS1<br />Low-Priority/ Scavenger<br />
    69. 69. Service Provider IP WAN 6 Classes of ServiceCampus to WAN<br />to<br />SP IP WAN Service<br />6 Classes of Service<br />Transition to<br />Service provider<br />Real-time Interactive<br />Low latency-Data<br />Data<br />EF & CS5<br />BE<br />Voice<br />CS6 & CS7<br />AF32 & AF33<br />AF41 & CS4<br />AF42 & AF43<br />AF31 & CS3<br />AF21 & CS2<br />AF22/ & AF23<br />AF11/ & CS1<br />AF12 & AF13<br />Queue<br />Queue<br />Service Provider<br />Honored markings<br />NM<br />12 Classifications<br />7 Classes of Service<br />NM<br />PQ<br />COS1<br />PQ<br />EF<br />EF<br />EF<br />PQ<br />Telephony<br />Q1<br />COS2V<br />T1<br />CS4<br />CS4<br />CS5<br />Real-Time Interactive<br />T1<br />AF41<br />AF41<br />AF41<br />Multimedia Conferencing<br />CS6<br />CS6<br />CS6<br />Bulk<br />Network Control <br />COS2<br />Best Effort<br />Scavenger<br />CS2<br />CS2<br />CS2<br />T1<br />Q2<br />Operations / Management<br />T3<br />CS3<br />CS3<br />CS3<br />CS4<br />Signaling<br />T2<br />AF21<br />AF21<br />AF21<br />Low-Latency Data <br />T1<br />COS3<br />T1<br />AF31<br />AF31<br />AF31<br />Multimedia Streaming<br />COS4<br />CS5<br />CS5<br />AF41<br />Broadcast Video<br />Q3<br />BE<br />BE<br />BE<br />Standard<br />T2<br />AF11<br />AF11<br />AF11<br />High-Throughput<br />T1<br />COS5<br />T1<br />CS1<br />CS1<br />CS1<br />Low-Priority / Scavenger<br />LLQ-CBWFQ<br />
    70. 70. Restoring Original MarkingWAN to Campus<br />to<br />SP IP WAN Service<br />6 Classes of Service<br />Transition from<br />Service provider Campus<br />Transition to<br />Service provider<br />AF41 & CS4<br />EF<br />BE<br />CS6<br />AF32 & AF33<br />AF42 & AF43<br />AF21 & CS2<br />AF22/ & AF23<br />AF11/ & CS1<br />AF31 & CS3<br />AF12 & AF13<br />Queue<br />Service Provider<br />Honored markings<br />NM<br />NM<br />COS1<br />PQ<br />EF<br />EF<br />PQ<br />to<br />AF41 requires<br />re-classification to CS5 <br />Solution A<br />Access Control List/NBAR<br />Solution B<br />WAN Encryption<br />COS2V<br />T1<br />CS5<br />CS5<br />AF41<br />AF41<br />Originating router remarks the Encryption or tunnel header while reserving original marking. <br />Terminating router removes header and process traffic based on original DSCP markings<br />CS6<br />CS6<br />COS2<br />CS2<br />CS2<br />T1<br />CS3<br />CS4<br />CS3<br />CS4<br />AF21<br />AF21<br />COS3<br />Straight forward since<br />DSCP mapping was one-to-one.<br />Broadcast Video has static <br /><ul><li>Know IP source
    71. 71. Know IP Multicast sink </li></ul>T1<br />AF31<br />AF31<br />COS4<br />AF41<br />AF41<br />BE<br />BE<br />AF11<br />AF11<br />COS5<br />T1<br />CS1<br />CS1<br />LLQ-CBWFQ<br />
    72. 72. policy-map WAN-SP-CLASS-OUTPUT<br /> class VOICE<br /> priority percent 10<br /> class VIDEO-RT-INTERACTIVE<br /> priority percent 23<br /> class NETWORK-MGMT-OAM<br /> bandwidth percent 5<br />class BROADCAST-VIDEO<br /> set ipdscpaf41<br /> bandwidth percent 7<br /> class STREAMING-SIGNALLING<br /> bandwidth percent 10<br /> class CRITICAL-DATA<br /> bandwidth percent 15<br /> class BULK-SCAVENGER<br /> bandwidth percent 5<br /> random-detect<br /> class class-default<br /> bandwidth percent 25<br /> random-detect<br />QOS 12-to-6 Mapping<br />class-map match-any VOICE<br /> match ipdscpef<br />class-map match-any VIDEO-RT-INTERACTIVE<br /> match ipdscpcs4af41<br />class-map match-any NETWORK-MGMT-OAM<br /> match ipdscpcs2cs6<br />class-map match-any STREAMING-SIGNALLING<br /> match ipdscpcs3af31<br />class-map match-any CRITICAL-DATA<br /> match ipdscpaf21af22af23<br />class-map match-any BULK-SCAVENGER<br /> match ipdscpcs1af11<br />class-map match-any BROADCAST-VIDEO<br /> match ipdscpcs5<br />class-map match-any BEST-EFFORT<br /> match ipdscp default<br />Reference<br />
    73. 73. Video/MediaNet<br />
    74. 74. A<br />A<br />Video Conferencing Services<br />HQ/Campus<br />Multiple video streams traverse the WAN to a central MCU resource – non-optimal use of limited WAN BW<br />Video is mixed by a centralized MCU controlled by CUCM<br />MCU<br />Video mixing<br />Branch<br />Signaling<br />Media<br />HQ/Campus<br /><ul><li>Video is mixed by the ISRG2DSPs controlled by CUCM or UCME
    75. 75. Keeps traffic local in the branch if all participants are located in the branch
    76. 76. Ad-hoc and MeetMe conferences</li></ul>MCU<br />Branch<br />Video mixing<br />WAN<br />WAN<br />
    77. 77. Branch MCU on ISR<br />sccp local GigabitEthernet0/2.2<br /> sccpccm10.4.200.15 identifier 1 version 7.0 <br /> sccp<br /> sccpccm group 1<br />  bind interface GigabitEthernet0/2.2<br />  associate ccm 1 priority 1<br />  associate profile 1 register VCBc471fe671782<br />  keepalive retries 5<br />  keepalive timeout 10<br />dspfarm profile 1 conference video homogeneous<br />codec g711ulaw<br /> codec g711alaw<br /> codec g729ar8<br /> codec g729abr8<br /> codec g729r8<br /> codec g729br8<br /> codec h2644cif frame-rate 30 bitrate1mbps<br /> maximum sessions 8<br /> associate application SCCP<br />IP addr of CUCM or CME for control<br />
    78. 78. Media MonitoringPerformance Monitor<br />LiveAction<br />MPLS<br />Internet<br />VPN<br />Headend<br />Branch<br />Apply to in/out directionof voice/video VLAN<br />Monitor video traffic traversing different network types <br />Generate alert based on user configurable threshold<br />Enable on voice/video VLAN<br />Provide metrics including jitter, packet loss, latency, bitrate, etc.<br />
    79. 79. Performance MonitorSample CLI Output<br />Match: ipv4srcaddr = 40.40.195.1, ipv4dstaddr = 40.40.222.1, ipv4prot = udp, trnssrc port = 31492, trnsdst port = 16990, SSRC = 4075548911<br /> Policy: video-mon, Class: video-class, Interface: GigabitEthernet0/1, Direction: input<br /> *counter flow : 1<br /> counter bytes : 3902031<br /> counter bytes rate (Bps) : 130067<br /> *counter bytes rate per flow (Bps) : 130067<br /> *counter bytes rate per flow min (Bps) : 130067<br /> *counter bytes rate per flow max (Bps) : 130067<br /> counter packets : 5574<br /> counter packets dropped : 0<br /> routing forwarding-status reason : Unknown<br /> interface input : Gi0/1<br /> interface output : NA<br /> monitor event : false<br />ipv4dscp : 34<br />ipv4ttl : 252<br /> application media bytes counter : 3790551<br /> application media packets counter : 5574<br /> application media bytes rate (Bps) : 126351<br /> *application media bytes rate per flow (Bps) : 126351<br /> *application media bytes rate per flow min (Bps) : 126351<br /> *application media bytes rate per flow max (Bps) : 126351<br />*application media packets rate variation min ( % ) : NA<br /> *application media packets rate variation max ( % ) : NA<br /> application media event : Normal<br /> *transport rtp flow count : 1<br /> transport rtp jitter mean (usec) : 16967<br /> transport rtp jitter minimum (usec) : 9029<br /> transport rtp jitter maximum (usec) : 24120<br /> *transport rtp payload type : 97<br /> transport event packet-loss counter : 58<br /> *transport event packet-loss counter min : 58<br /> *transport event packet-loss counter max : 58<br /> transport packets expected counter : 5632<br /> transport packets lost counter : 58<br /> *transport packets lost counter minimum : 58<br /> *transport packets lost counter maximum : 58<br /> transport packets lost rate ( % ) : 1.02<br /> *transport packets lost rate min ( % ) : 1.02<br /> *transport packets lost rate max ( % ) : 1.02<br /> *transport tcp flow count : 0 <br /> *transport round-trip-time sum (msec) : NA<br /> *transport round-trip-time samples : NA<br /> transport round-trip-time (msec) : NA<br /> *transport round-trip-time min (msec) : NA<br /> *transport round-trip-time max (msec) : NA<br />show performance monitor status<br />Display performance metrics of the flows such as<br /><ul><li>Packet rate
    80. 80. Jitter
    81. 81. Packet loss</li></li></ul><li>Performance MonitorSetting Threshold and Syslog Alert<br />policy-map type performance-monitor <vidmon_policy><br />class rtsp-video<br /> flow monitor vidmon-monitor<br />react 1 transport-packets-lost-rate<br /> threshold value ge 5.00<br /> alarm severity alert<br /> action syslog<br /><ul><li>Monitoring policy can contain threshold and action
    82. 82. Syslog contains flow information and value of metric that exceeds the threshold </li></ul>Feb 22 18:28:29.866 PST: %PERF_TRAFFIC_REACT-1-ALERTSET: TCA RAISE. <br />Detailed info: Threshold value crossed - current value 14.55%<br />Flow info: srcip 172.30.0.1, dstip 172.30.102.6<br />src port 5004, dst port 3381<br />ssrc 3618346598 <br />Policy info: Policy-map vidmon-policy, Class rtsp-video, Interface GigabitEthernet0/1, Direction input<br />React info: id 1, criteria transport-packets-lost-rate, severity alert, alarm type discrete, threshold range [5.00%, 100.00%]<br />
    83. 83. Media MonitoringMediatrace<br />Collaboration Manager<br />Initiate Mediatrace for traffic from Branch phone to Headend phone<br />MPLS<br />Internet<br />VPN<br />Headend<br />Branch<br />Use Mediatrace to further troubleshoot media issues<br />Initiate Mediatrace to discover path, system resource, or quality metrics on devices in the media path<br />Mediatrace responders collect the requested metrics and return to initiator<br />Works with Cisco Collaboration Manager<br />
    84. 84. MediatraceCisco Collaboration Manager<br />Identify the device causing media issue<br />Display media path<br />Display media flow performance statistics<br />Display the path taken by the media stream<br />Identify the device in the path where problem is seen<br />Display the media flow performance metrics<br />
    85. 85. MediatraceSample CLI Output<br />Memory<br />Two types of mediatrace profiles – system and perf-monitor<br />mediatrace profile system <name><br /> metric-list cpu|intf|memory<br />mediatrace profile perf-monitor <name><br /> metric-list tcp|rtp<br />Mediatrace Hop Number: 1 (host=branch1-router, ttl=253)<br /> Metrics Collection Status: Success<br />Reachability Address: 10.1.0.128<br /> Ingress Interface: Gi0/1<br /> Egress Interface: Gi0/0.21<br /> Metrics Collected:<br /> Collection timestamp: 16:23:21.193 PST Tue Feb 15 2011<br />Processor memory utilization (%): 5<br />Reference<br />CPU<br />Intf<br />Mediatrace Hop Number: 1 (host=branch1-router, ttl=253)<br /> Metrics Collection Status: Success<br />Reachability Address: 10.1.0.128<br /> Ingress Interface: Gi0/1<br /> Egress Interface: Gi0/0.21<br /> Metrics Collected:<br /> Collection timestamp: 16:23:07.209 PST Tue Feb 15 2011<br /> One min CPU utilization (%): 2 <br /> Five min CPU utilization (%): 2<br />Mediatrace Hop Number: 1 (host=branch1-router, ttl=253)<br /> Metrics Collection Status: Success<br />Reachability Address: 10.1.0.128<br /> Ingress Interface: Gi0/1<br /> Egress Interface: Gi0/0.21<br /> Metrics Collected:<br /> Collection timestamp: 16:22:49.825 PST Tue Feb 15 2011<br /> Octet input at Ingress (KB): 388610.651 <br /> Octet output at Egress (KB): 271010.426 <br />Pkts rcvd with err at Ingress (pkts): 0 <br />Pktserrored at Egress (pkts): 0 <br />Pkts discarded at Ingress (pkts): 0 <br />Pkts discarded at Egress (pkts): 0 <br /> Ingress i/f speed (mbps): 1000.000000 <br /> Egress i/f speed (mbps): 1000.000000<br />
    86. 86. MediatraceSample Output (Cont.)<br />TCP<br />RTP<br />Mediatrace Hop Number: 1 (host=branch1-router, ttl=253)<br /> Metrics Collection Status: Success<br />Reachability Address: 10.1.0.128<br /> Ingress Interface: Gi0/1<br /> Egress Interface: Gi0/0.21<br /> Metrics Collected:<br /> Flow Sampling Start Timestamp: 21:36:54<br /> Loss of measurement confidence: FALSE <br /> Media Stop Event Occurred: FALSE <br /> IP Packet Drop Count (pkts): 0 <br /> IP Byte Count (KB): 2025.305 <br /> IP Packet Count (pkts): 1566 <br /> IP Byte Rate (Bps): 67510 <br /> Packet Drop Reason: 0 <br /> IP DSCP: 40 <br /> IP TTL: 125 <br /> IP Protocol: 6 <br /> Media Byte Count (KB): 1962.665 <br /> TCP Connect Round Trip Delay (ms): 4294.967295 <br /> TCP Lost Event Count: 14 <br />Mediatrace Hop Number: 1 (host=branch1-router, ttl=253)<br /> Metrics Collection Status: Success<br />Reachability Address: 10.1.0.128<br /> Ingress Interface: Gi0/1<br /> Egress Interface: Gi0/0.21<br /> Metrics Collected:<br /> Flow Sampling Start Timestamp: 16:09:22<br /> Loss of measurement confidence: FALSE <br /> Media Stop Event Occurred: FALSE <br /> IP Packet Drop Count (pkts): 0 <br /> IP Byte Count (KB): 1224.162 <br /> IP Packet Count (pkts): 1201 <br /> IP Byte Rate (Bps): 40805 <br /> Packet Drop Reason: 0 <br /> IP DSCP: 0 <br /> IP TTL: 125 <br /> IP Protocol: 17 <br /> Media Byte Rate Average (Bps): 40004 <br /> Media Byte Count (KB): 1200.142 <br /> Media Packet Count (pkts): 1201 <br />RTPInterarrival Jitter Average (usec): 52808 <br />RTP Packets Lost (pkts): 7 <br />RTP Packets Expected (pkts): 1208 <br />RTP Packet Lost Event Count: 7 <br />RTP Loss Percent (%): 0.57 <br />Reference<br />
    87. 87. Security<br />
    88. 88. GET VPN Technology<br />Key Server<br />Key Server<br />Group Member<br />Group Member<br /><ul><li>IETF Standards based - Group Domain of Interpretation (GDOI)
    89. 89. Key Management Protocol
    90. 90. Group Members authenticate and register to the key server
    91. 91. Key Server distributes keys and policies
    92. 92. Periodic refresh of keys from key server
    93. 93. Separation of control and data plane
    94. 94. High Availability built into the key server protocol</li></ul>Group Member<br />Registration<br />Rekey<br />COOP Protocol<br />Encrypted data flow<br />
    95. 95. Cooperative Key Server<br />Primary: Elected by eligible set of KS<br />Creates Keys, Registers GM, Distributes Keys, Notifies Secondary<br /><ul><li>Secondary: Eligible KS in cooperative state for a group</li></ul>Registers GM, Monitors Primary, Notifies Primary of New GM<br />
    96. 96. = Static Known IP Addresses<br />= Dynamic Unknown IP Addresses<br />DMVPN Phase 3<br />Full meshedconnectivity w/ simple configuration of hub and spokes<br />Supportsdynamically addressed spokes<br />Zero touch configurationfor addition of new spokes<br />Secure On-Demand Meshed Tunnels<br />Hub<br /><ul><li>Hierarchical hub network design for improved resiliency and network scalability
    97. 97. Dynamic discovery of shortest path between hubs for improved resiliency for inter-hub connection
    98. 98. Route summarization for improved bandwidth utilization & reduced routing protocol load on hub and spokes
    99. 99. OSPF not limited to two hubs for improved routing protocol scalability in DMVPN</li></ul>VPN<br />Spoke B<br />Spoke A<br />= DMVPN Tunnels<br />= Traditional Static Tunnels<br />
    100. 100. Templates – Branch and Head End<br />
    101. 101. Enterprise Branch WAN <br />Interconnect<br />ASR1K<br />ASR1K<br />ASR1K<br />ASR1K<br />ASR1K<br />ASR1K<br />Local Campus<br />Data Center<br />Redundant, Scalable<br /> head-end<br />ASR 1k providing <br />WAN Aggregation<br />Internet Edge<br />Internet<br />SP B<br />MPLS<br />SP A<br />MPLS<br />DMVPN Head End<br />OC3, GE<br />DS3, FE<br />3G/4GWWAN<br />T1/E1, Ethernet<br />Ultra High-End<br />Branch Office<br />High End Branch<br />Standard Branch<br />MobileBranch<br />
    102. 102. Transitions in Enterprise Branch WANs<br />
    103. 103. Enterprise Branch WAN – Branch Profiles<br />
    104. 104. BRI Management Components<br /><ul><li>Simplifies the configuration and management of endpoints
    105. 105. Medianet “plug-in” provides workflows for provisioning autoconfiguration and location settings and tracking of medianet endpoints
    106. 106. More info: http://cisco.com/go/lms</li></ul>Cisco Prime LAN Management Solution<br /><ul><li>Supports timely end-to-end visibility and isolation of video-related issues for TelePresence sessions, endpoints, and the network
    107. 107. Provides deeper network path visibility, down to the granularity of video flow statistics, wherever Medianet-capable devices are deployed in the network
    108. 108. More info: http://www.cisco.com/go/cpcm</li></ul>Cisco Prime Collaboration Manager<br /><ul><li> Site-based monitoring
    109. 109. Interactive reports with advanced filters and contextual navigation
    110. 110. Application performance intelligence </li></ul>Cisco Prime NAM <br />
    111. 111. Enterprise Branch WAN – Mobile Branch<br /><ul><li>Focus on flexible deployment of the branch itself
    112. 112. Retail Banking
    113. 113. Retail
    114. 114. Public Sector
    115. 115. Others
    116. 116. Security enabled branch supports primary connectivity via WWAN link
    117. 117. 3G/4G
    118. 118. Satellite
    119. 119. Optimized connection to maximize application performance</li></ul>ASR1K<br />ASR1K<br />Headquarters<br />Internet<br />Mobile Branch Office<br />with 3GWWAN<br />HWIC<br />
    120. 120. Technical Details – Mobile Branch<br />WAAS Express<br />interface Tunnel10 bandwidth 8192<br />waas enable<br />shintg0/0 <br />  30 second output rate 3731000 bits/sec, 352 packets/sec (original bandwidth )<br />shinttun 10 <br />    Checksumming of packets disabled  30 second input rate 290000 bits/sec, 54 packets/sec (optimized bandwidth in the WAN)<br />shwaas status<br />Maximum Flows                    : 200Total Active connections         : 29Total optimized connections       : 23<br />Single IOS command on the interface<br />Optimization saves 800kb on cellular interface with 23 connections<br />
    121. 121. primary<br />primary<br />Access<br />ISRG2<br />Enterprise Branch WAN – Standard Branch<br /><ul><li>Most typical branch deployment across all sectors
    122. 122. Load balance across redundant links with PfR
    123. 123. Encrypt all traffic
    124. 124. Map LAN QOS to SP QOS offering
    125. 125. Service Advertisement
    126. 126. MediaNet deployment</li></ul>Carriers<br />Remote Sites<br />Enterprise Interconnect<br />SP B<br />MPLS<br />GETVPN<br />primary<br />Headquarters<br />Internet<br />DMVPN<br />secondary<br />WAAS<br />
    127. 127. Technical Details – Standard Branch<br />T1 Configuration<br />controller T1 0/0/0<br />cablelength long 0db<br /> channel-group 0 timeslots 1-24<br />!<br />controller T1 0/0/1<br />cablelength long 0db<br /> channel-group 0 timeslots 1-24<br />  <br />interface Multilink1<br />ip address 10.4.81.114 255.255.255.252<br />ip virtual-reassembly in<br />ppp multilink<br />ppp multilink group 1<br />10 Mb Ethernet Config<br />interface GigabitEthernet0/1<br /> bandwidth 10000 (bandwidth provisioned for 10Mbps)<br />ip address 10.4.81.114 255.255.255.252<br />ipnbar protocol-discovery<br />ip flow ingress<br />ip flow egress<br /> load-interval 30<br /> duplex auto<br />speed auto<br />
    128. 128. ISRG2<br />Technical Details – Standard Branch<br />Performance Routing<br />Master Controller (MC) & Border Router (BR)<br />pfr-map MAP-STD-BR1 10<br /> match pfr learn list STD_BRANCH1_VIDEO<br /> set mode monitor fast<br /> set resolve loss priority 2 variance 5<br /> set resolve jitter priority 3 variance 5<br /> set resolve delay priority 4 variance 5<br /> set loss threshold 50000<br />set jitter threshold 30<br />set probe frequency 4<br /> set link-group MPLS-A fallback DMVPN<br />ip access-list extended DSCP_VIDEO<br /> permit ip any anydscpaf41<br /> permit ip any anydscpcs4<br />ip prefix-list HQ_DATAseq 5 permit 10.4.97.0/24<br />pfr-map MAP-STD-BR1 20<br /> match pfr learn list STD_DATA<br /> set mode monitor active throughput<br /> set resolve utilization priority 2 variance 10<br />set unreachable threshold 200000<br /> set probe frequency 30<br /> set link-group MPLS fallback DMVPN<br />ip access-list extended critical-data<br /> permit ip any anydscpcs3<br /> permit ip any anydscpaf31<br />ip prefix-list HQ_VIDEOseq 5 permit 10.4.98.0/24<br />border 10.6.8.254 key-chain BRI-PFR<br />interface GigabitEthernet0/0 external<br /> max-xmit-utilization percentage 80<br /> link-group MPLS-A (Primary MPLS link)<br />interface Tunnel10 external<br /> link-group DMVPN(DMVPN link)<br />SP B<br />MPLS<br />GETVPN<br />Internet<br />DMVPN<br />2 classes of traffic – Video and Critical Data <br /> list seq 10 refnameSTD_BRANCH1_VIDEO (learn list for Video)<br /> traffic-class access-list DSCP_VIDEO filter HQ_VIDEO<br /> aggregation-type prefix-length 32<br />list seq 20 refnameSTD_DATA (learn list for Data)<br /> traffic-class access-list critical-data filter HQ_DATA<br /> aggregation-type prefix-length 27<br /> throughput<br />
    129. 129. ISRG2<br />ISRG2<br />Enterprise Branch WAN – High End Branch<br /><ul><li>All features from Standard Branch
    130. 130. HD Video ready
    131. 131. Higher availability requirements
    132. 132. Redundant routers
    133. 133. Redundant MPLS carriers, no Internet WAN</li></ul>ASR1K<br />ASR1K<br />Enterprise Interconnect<br />Carriers<br />Remote Site<br />SP B<br />MPLS<br />GETVPN<br />WAAS<br />Headquarters<br />SP A<br />MPLS<br />GETVPN<br />
    134. 134. Technical Details – High End Branch<br />T3Config<br />interface Serial1/0<br />ip address 10.4.81.10 255.255.255.252<br />ipwccp 62 redirect in<br />ip flow ingress<br />ip flow egress<br /> encapsulation ppp<br /> load-interval 30<br />dsu bandwidth 44210<br /> crypto map GN2<br /> service-policy output WAN<br />Ethernet Config<br />interface GigabitEthernet0/0<br /> bandwidth 100000 (bandwidth configured for 100Mbps)<br />ip address 10.4.82.10 255.255.255.252<br />ipmtu 1400<br />ipwccp 62 redirect in<br /> load-interval 30<br /> duplex auto<br /> speed auto<br /> crypto map GN2<br /> service-policy output WAN<br />
    135. 135. Enterprise Branch WAN - Ultra High End Branch<br /><ul><li>Very high bandwidth requirements – Up to 1Gb
    136. 136. Same availability requirements as high-end branch
    137. 137. Services delivered on appliances or discrete platforms for scalability</li></ul>ASR1K<br />ASR1K<br />PSTN<br />SP B<br />MPLS<br />GETVPN<br />Cube-Ent/BR-1<br />Headquarters<br />ISR G2<br />PSTN GW<br />SP A<br />MPLS<br />GETVPN<br />WAE<br />Cube-Ent/BR-2<br />Branch Office<br />
    138. 138. Technical Details – Ultra High End Branch<br />R1<br />interface GigabitEthernet0/0/1.1<br /> description Vlan-Data<br /> encapsulation dot1Q 61<br /> ip address 10.5.25.1 255.255.255.0<br /> ipwccp 61 redirect in<br /> ippim sparse-mode<br /> standby 1 ip 10.5.25.100<br /> standby 1 priority 110<br /> standby 1 preempt<br /> standby 1 track 1 decrement 10<br />R2<br />interface GigabitEthernet0/0/1.1<br /> description Vlan-Data<br /> encapsulation dot1Q 61<br /> ip address 10.5.25.2 255.255.255.0<br /> ipwccp 61 redirect in<br /> ippim sparse-mode<br /> standby 1 ip 10.5.25.100<br /> standby 1 priority 110<br /> standby 1 preempt<br /> standby 1 track 1 decrement 10<br />
    139. 139. Aggregation<br />WAN Aggregation <br />~1500/15k remote connections<br />Standard model<br />Terminate traffic from Mobile and Standard branches only<br />4-9s of availability<br />High-End Model<br />Traffic from all branch types<br />5-9s of availability<br />Aggregation for private links (MPLS) as well as public links<br />GET VPN<br />DMVPN<br />Add new aggregation sites as branch scale requires<br />WAAS<br />Enterprise Interconnect<br />Headquarters<br />APfR MC, GET VPN KS<br />Aggregation<br />
    140. 140. Technical Details – WAN Aggregation<br />Coop Key Server<br />KS1<br />===<br />crypto gdoi group GN2<br /> identity number 1102<br />redundancy<br />   local priority 250<br />   peer address ipv4 10.4.11.211<br />KS2<br />===<br />crypto gdoi group GN2<br /> identity number 1102<br />  redundancy<br />   local priority 1<br />   peer address ipv4 10.4.11.210<br />
    141. 141. ISRG2<br />Internet Edge – VPN Aggregation<br />ASR1K<br />ASR1K<br />ASR1K<br />ASR1K<br />ASR1K<br />ASR1K<br />Home Office<br />Remote Access Head End<br />Standard Branch<br />Teleworker<br />High End Only<br />Internet Edge<br />Internet<br />DMVPN Head End<br />ASA Cluster<br />IPS<br />Interconnect<br />Consolidate with Remote Access for Std Design<br />Mobile Branch Office<br />with 3GWWAN<br />HWIC<br />
    142. 142. QOS on ASR 1000 as DMVPN Hub<br />Step2: Police based on different traffic types<br />Step4: Apply the policy on the physical interface<br />Step1: Configuring class maps <br />We will configure the class maps for the two types of branches and as well as the different traffic types that we want to police. In this solution we have 6 types of traffic class.<br />Step3: Parent policy to shape on the two different types of branches<br />
    143. 143. Branch Profile Summary<br />
    144. 144. Summary<br />Borderless Routing Infrastructure provides a prescriptive migration to NG Branch networks<br />ASR 1000 series provides high performance and added redundancy features in two roles<br />Head end aggregation for GET VPN, DMVPN and Easy VPN<br />Ultra high-end branch router for GE line rate <br />ISRG2 provides integrated services in the branch to support voice, video, data, security and cloud access<br />
    145. 145. For conference presentations visit: <br />www.networkerssolutionsforum.com<br />Please take a moment to complete the <br />Networkers Conference Event Evaluation Form<br />#CNSF2011<br />
    146. 146. #CNSF2011<br />

    ×