Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Intelligent WAN (IWAN) Architecture
Peyton Schouest
Systems Engineer
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
•  Intelligent WAN Overview
•  Transport Inde...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Emerging Branch Demands
Application Landscape is Cha...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise WAN - What’s Going on?
•  WAN bandwidth n...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Third-Party Lab Test:
Chromebook vs.
Windows 8 Lapto...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Internet Becoming an Extension of Enterprise WAN
Com...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Low-Cost Alternative
Why is the Internet viable now?...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Leveraging the Internet Pays Off Fast
1.5 Mbps
10 Mb...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN: Leveraging the Internet
Secure WAN ...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
1.  IWAN Secure transport for private
and virtual pr...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN Deployment Models
Dual MPLS
Internet...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN Solution Components
MPLS
Branch
3G/4...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Vision and Strategy
Secure VPN Overlay, Any Tra...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Vision and Strategy
Systems Development evoluti...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN: An Architectural and Systems Approach
•  IWAN ...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Roadmap Overview
IWAN 1.0
Intelligent Virtualiz...
Transport-Independent Design
Virtualizing the Enterprise WAN
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simplifies WAN Design
Dynamic Full-Meshed
Connectivi...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Transport Independent Design
with Dynamic Multi...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Dynamic Multipoint VPN (DMVPN)
•  Branch spoke sites...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Hybrid WAN Designs
Traditional and IWAN
Internet MPL...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Transport Independence
Consistent deployment mo...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Self, Integrator, or Provider Managed
Internet ...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
What if the CPE is Owned and Managed by an MSP?
ISR-...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Building Highly Resilient WANs
Redundancy and Path D...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Traditional to IWAN Transition
Migration Steps
ADDIN...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Automated Secure VPN
Intelligent
Branch
ISP
Opt...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Transport Best Practices
•  Private peering wit...
Intelligent Path Control
Improving Application Delivery and WAN Efficiency
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Getting the Most Out of Your WAN Investment
Benefits...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent Path Control with PfR
Voice and Video Us...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is Performance Routing (PfR)?
DSL Cable
Branch
...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
PfR Enhances Classical Routing
PATH CONTROL
METRICS
...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
SP1 (MPLS) ISP (FTTH)
•  Protect voice and
video qua...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Load Balancing
Maximizing Link Utilization to Increa...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
PfR Evolution—Simplification and Scale
PfR/OER
•  In...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Performance Routing—Components
The Decision Maker: M...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
PfR Domain Controller
§  Domain Controller Peering ...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Define Traffic Classes
and service level
Policies ba...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Dual POPs – Different Prefix
•  Requirements:
–  Sep...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
PfRv3 Multiple Next Hop Limitation
•  Issues:
–  PfR...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Dual POPs – Common Prefix
•  Requirements:
–  2 (or ...
Optimize Application Performance
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Today’s Network is an IT Blind Spot
•  Static port c...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Branch
Proliferation
of Devices
Users/
Machines
Priv...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
NBAR
2
IOS NBAR
+150 Signatures
SCE
Classification
+...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
What applications, how much bandwidth, flow directio...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Proliferation
of Devices
Users/
Machines
Private
Clo...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Internet
VPN
Up to X Mbps Offered BW :
AVAILABLE BW ...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Adaptive QoS
How Does It Work?
Adapt Sender sha...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Advanced QoS
Local Per-Flow Admission Control (...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Private
Cloud
Add WAN Optimization with WAAS + Akama...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco WAAS
Enhancing User Experience and WAN Efficie...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
© 2010 Cisco Systems, Inc. All rights reserved.
WAN
...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN 2.0
Data CenterBranch
Akamai
Intelligent
Platfo...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Akamai Connect
Caching & Prepositioning
Branch
MPLS ...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Supports
Akamai Cloud | Single-sided Optimization | ...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco WAAS & Akamai Deployment Models
Branch Office
...
IWAN Secure Connectivity
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN: Secure Connectivity
Securing the ne...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Securing the IWAN Transport
IPSec VPN and Access Con...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
* RFC 6379 ** RP2 is only supported in ASR1004 , ASR...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco VPN ISM for ISR G2
Delivering High Performance...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
DSL Cable
Branch
ASR 1000 ASR 1000
ISP A ISP C
Data ...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
•  Virtual Route Forwarding (VRFs) create
multiple l...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
DSL Cable
Branch
ASR 1000 ASR 1000
ISP A ISP C
Data ...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN—Direct Internet Access
Branch
MPLS (...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Web Security
Centralized Management for Distri...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Secure Internet Access with Cisco
Cloud Web Security...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ISR CWS Connector
How it Works
HQ Routes
HQ Tr...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
CWS Features
•  Custom, granular user-based policies...
IWAN Orchestration and Automation
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Specialized Management Cloud-Based Management
•  Eli...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Prime Infrastructure 2.2 for IWAN
•  IWAN workflow w...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Prime Infrastructure Plug-n-Play Options
No CLI Skil...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
WAN1
(IP-VPN)
Branch WAN2
(Internet)
Prime Plug-n-Pl...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Plug-n-Play Application Workflow Overview
0 Pre-Prov...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRANCH LOCATION
Prime Plug-n-Play Application
Simpli...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Management with
Application aware Network Perfo...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Glue Networks IWAN Orchestration
•  Cloud-based SaaS...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
2 Implement
•  Provision head end routers prior to b...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Automation and Orchestration Evolution
APIC-
EM...
Cisco IWAN Product Portfolio
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Start with Cisco AX Routers
IWAN Capabilities Embedd...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Branch Services Routers
INTEGRATED IWAN SERVICE...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Aggregation Border Routers
ASR1000 - IWAN AX Re...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco UCS-E Series
Extend Cloud Services into Branch...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco UCS E-Series Server
Hypervisor and OS Support
...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Future Application Delivery
Write once. Run anywhere...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Advanced Services IWAN Portfolio
Customer Situ...
IWAN 2.0 Considerations
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN 2.0 Considerations
•  Intelligent Path Control
...
Why Cisco IWAN?
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
1st 3rd Savings & Loan (13S&L) Scenario
Current Netw...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Internet
Intelligent WAN Summary
•  Transport Indepe...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Branch
MPLS (IP-VPN)
Internet
Private
Cloud
Virtual
...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Customer Proof of Concept (CPOC)
IWAN Pre-Built Stat...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
CPOC IWAN PBST Questions?
Contact your Cisco Sales o...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Sessions Cisco Live Milan
Techtorial
TECCRS-200...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Call to Action
•  Visit the World of Solutions for
–...
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online Session Evaluation
•  Please co...
Intelligent WAN (IWAN) Architectures
Intelligent WAN (IWAN) Architectures
Intelligent WAN (IWAN) Architectures
Intelligent WAN (IWAN) Architectures
Upcoming SlideShare
Loading in …5
×

Intelligent WAN (IWAN) Architectures

28,397 views

Published on

Intelligent WAN (IWAN) Architectures -Peyton Schouest

Published in: Technology
  • Got a new Iphone 6 in just 7 days completing surveys and offers! Now I'm just a few days away from completing and receiving my samsung tablet! Highly recommended! Definitely the best survey site out there! ♣♣♣ http://t.cn/AieX2Loq
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating for everyone is here: ❶❶❶ http://bit.ly/39pMlLF ❶❶❶
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating direct: ❤❤❤ http://bit.ly/39pMlLF ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE Format, ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Intelligent WAN (IWAN) Architectures

  1. 1. Intelligent WAN (IWAN) Architecture Peyton Schouest Systems Engineer
  2. 2. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Agenda •  Intelligent WAN Overview •  Transport Independent Design •  Intelligent Path Control •  Application Optimization •  Secure Connectivity •  IWAN Management •  IWAN Portfolio •  Summary
  3. 3. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Emerging Branch Demands Application Landscape is Changing Applications Are Moving to the Data Center and Cloud Internet Edge Is Moving to the Branch Branch Cloud Data Centers Cloud of CIOs Expect to Operate via the Cloud by 2015 % 50 Mobility More Mobile Data Traffic by 2015 Fat Apps of Mobile Traffic Will Be Video 6X 2/3 Pressures on the WAN
  4. 4. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Enterprise WAN - What’s Going on? •  WAN bandwidth needs are growing! –  Cloud, BYOD/IOE and Video making it worse •  IT budgets flat or declining –  Transport/bandwidth costs are majority of WAN budget •  These factors are driving WAN modernization –  Lower cost transports – Internet, LTE, Carrier Ethernet, –  Cloud application performance monitoring and optimization –  Security – strong encryption and threat protection Cisco IWAN addressing this market demand! Cloud 50% of CIOs Expect to Operate via the Cloud by 2015 Mobility 6X More Mobile Data Traffic by 2015 Fat Apps 2/3 of Mobile Traffic Will Be Video
  5. 5. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Third-Party Lab Test: Chromebook vs. Windows 8 Laptop Chromebook creates more traffic than Windows PC •  Chromebook creates as high as 692.2 times more network traffic •  On average, Chromebook creates152 times more network traffic http://principledtechnologies.com/Microsoft/Chromebook_PC_network_traffic_0613.pdf 0 2 4 6 8 10 Asus VivoBook S200E Notebook Running Microsoft Windows 8 Document Manipulation Photo Manipulation Video Manipulation Music Manipulation Web Browsing Note Taking Test Taking 0.14 0.27 2.73 0.21 6.06 5.00 8.65 18.30 77.39 145.56 211.29 57.84 10.80 41.33
  6. 6. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Internet Becoming an Extension of Enterprise WAN Commodity Transports Viable Now Dramatic Bandwidth, Price Performance Benefits Higher Network Availability Improved Performance Over Internet
  7. 7. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Low-Cost Alternative Why is the Internet viable now? % 46of Organizations Are Planning to Transition to Internet Connections 1Internet Transit Pricing based on surveys and informal data collection primarily from Internet Operations Forums—‘street pricing’ estimates 2Packet delivery based on 15 years of ping data from PingER for WORLD (global server sample) from EDU.STANFORD.SLAC in California Source: William Norton (DrPeering.net); Stanford ping end-to-end reporting (PingER) Internet Pricing vs. Reliability, 1998-2012
  8. 8. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Leveraging the Internet Pays Off Fast 1.5 Mbps 10 Mbps $220 $140 $830 $260 $885 $274 $1,014 $303 EXAMPLE: San Francisco Single MPLS VPN vs. Dual Business Internet ($ per Month) Dual Internet Links Combined for Ent SLA $665 Savings/ Month x 12 Months X 1,000 Sites = $8M Savings per Year -75% iWANMPLS VPN CoS3 MPLS VPN CoS2 MPLS VPN CoS1 Source: Telegeography MPLS VPN pricing for San Francisco as of March 2013; Comcast Web site; Verizon website
  9. 9. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access Optimized Secure Transport Branch Direct Internet Access Private Cloud Virtual Private Cloud Public Cloud 1.  IWAN Secure transport for private and virtual private cloud access 2.  Leverage local Internet path for public cloud and Internet access !  Increase WAN transport capacity and app performance cost effectively! !  Improve application performance (right flows to right places) MPLS (IP-VPN) Internet
  10. 10. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 1.  IWAN Secure transport for private and virtual private cloud access 2.  Leverage local Internet path for public cloud and Internet access !  Increase WAN transport capacity and app performance cost effectively! !  Improve application performance (right flows to right places) Intelligent WAN: Leveraging the Internet So What is New Here? Optimized Secure Transport Branch Direct Internet Access Private Cloud Virtual Private Cloud Public Cloud MPLS (IP-VPN) Internet Mixed transport WANs with High Reliability SLOs for Business-Critical Applications Centralized Security Policy for Internet Access Dramatically Lower WAN Costs Without Compromise
  11. 11. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Intelligent WAN Deployment Models Dual MPLS Internet ü  Highest SLA guarantees –  Tightly coupled to SP ẋ  Expensive Public MPLS Branch MPLS ü  More BW for key applications ü  Balanced SLA guarantees –  Moderately priced PublicEnterprise Branch MPLS+ Internet Consistent VPN Overlay Enables Security Across Transition ü  Best price/performance ü  Most SP flexibility –  Enterprise responsible for SLAs Internet Branch Enterprise Public Hybrid Dual Internet
  12. 12. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Intelligent WAN Solution Components MPLS Branch 3G/4G-LTE AVC Internet Private Cloud Virtual Private Cloud Public CloudWAAS PfR Application Optimization •  Application visibility with performance monitoring •  Application acceleration and bandwidth optimization Secure Connectivity •  Certified strong encryption •  Cloud Managed Security for secure direct Internet access •  Comprehensive threat defense Intelligent Path Control •  Dynamic Application best path based on policy •  Load balancing for full utilization of bandwidth •  Improved availability Transport Independent •  Consistent operational model •  Simple provider migrations •  Scalable and modular design •  IPsec routing overlay design Control & Management with Automation
  13. 13. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Vision and Strategy Secure VPN Overlay, Any Transport, Bandwidth Efficiency, Application SLA Secure, Simple, Centralized Policy Automation ACI Policies, Inter-Cloud Mobility, Optimization, AMP vRouter, vService and App Orchestration Predictive, Self Directed INTELLIGENT VIRTUALIZATION AUTOMATION CLOUD INTEGRATION SERVICE VIRTUALIZATION SELF LEARNING NETWORKS
  14. 14. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Vision and Strategy Systems Development evolution of IWAN Framework INTELLIGENT VIRTUALIZATION AUTOMATION CLOUD INTEGRATION SERVICE VIRTUALIZATION SELF LEARNING NETWORKS Transport Independent Design Intelligent Path Control Application Optimization Secure Connectivity Management & Orchestration IWANFramework Incremental improvements while delivering new use-cases
  15. 15. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN: An Architectural and Systems Approach •  IWAN is a Solution Architecture –  Solves a network problem –  Use Case Driven –  Systems Development Approach •  Prescribed. Tested. Interoperable. –  Bounded Scope and Complexity –  Enables Automation and Quality •  Delivers Business Outcomes –  Reduce Operational Complexity –  Reduce WAN costs, Increase bandwidth –  Improve Application Performance –  Direct Internet Access –  Guest Access Offload IWAN
  16. 16. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Roadmap Overview IWAN 1.0 Intelligent Virtualization IWAN 2.0 Automation (Q4 CY2014) Domain Scale Hundreds of Branches Large Scale (2000 Branches) Transport Independence Secure VPN Overlay (DMVPN Phase 2) VPN Scalability (DMVPN Phase 3) Intelligent Path Control 2nd Generation Path Control – PfRv2 Simplified Path Control – PfRv3 (Centralized Provisioning, Large Scale) Application Optimization AVC WAAS Adaptive AVC (Performance Optimization) Adv. QoS (Adaptive Shaping, Local Admission) Akamai Connect Secure Connectivity IPSec Suite-B crypto IOS ZBFW Firewall Cloud Web Security (CWS) Key Management Automation (PKI Certificate/Trust Automation) Management Cisco Prime LiveAction Glue Networks Prime Infrastructure 2.2: Transport Ind. Design (DMVPN) Application Optimization (AVC), Automated Deployment Workflow Wizards APIC-EM EFT: PKI Automation Site-by-Site Provisioning CVD-based: QoS, AVC, PfR New
  17. 17. Transport-Independent Design Virtualizing the Enterprise WAN
  18. 18. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Simplifies WAN Design Dynamic Full-Meshed Connectivity Proven Robust Security Flexible Secure IWAN Over Any Transport SecureFlexible •  Easy multi-homing over any WAN service offering •  Single routing control plane with minimal peering to the provider •  Consistent design over all transports •  Automatic site-to-site IPsec tunnels •  Zero-touch hub configuration for new spokes •  Certified crypto and firewall for compliance •  Scalable design with high- performance cryptography in hardware ISR-G2 WAN Internet MPLS ASR 1000 ASR 1000 Transport-Independent Data CenterBranch
  19. 19. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Transport Independent Design with Dynamic Multipoint VPN (DMVPN) •  Proven IPsec VPN technology –  Widely deployed, large scale –  Standards based IPsec and Routing –  Adv QOS: hierarchical, per tunnel and adaptive •  Flexible & Resilient –  Over any transport: MPLS, Carrier Ethernet, Internet, 3G/4G,.. –  Hub-n-Spoke and Spoke-to-Spoke Topologies –  Multiple encryption, key management, routing options –  Multiple redundancy options: platform, hub, transports •  Secure –  Industry Certified IPsec and Firewall –  NG Strong Encryption: AES-GCM-256 (Suite B) –  IKE Version 2 –  IEEE 802.1AR Secure unique device identifier •  Simplified IWAN Deployments –  Prescriptive validated IWAN designs –  Automated provisioning – Prime, APIC, Glue Branch Internet MPLS DMVPN Purple DMVPN Orange IWAN HYBRID Data Center ISP A SP V
  20. 20. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Dynamic Multipoint VPN (DMVPN) •  Branch spoke sites establish an IPsec tunnel to and register with the hub site •  IP routing exchanges prefix information for each site •  BGP or EIGRP are typically used for scalability •  Only the WAN IP addresses need to be known by the WAN transport •  WAN interface IP address can be used for the tunnel source address •  Data traffic flows over the DMVPN tunnels •  When traffic flows between spoke sites, dynamic site-to-site tunnels are established •  Per-tunnel QOS is applied to prevent hub site oversubscription to spoke sites SECURE ON-DEMAND TUNNELS Branch 2 Traditional Static Tunnels DMVPN On-Demand Tunnels Static Known IP Addresses Dynamic Unknown IP Addresses ISR G2 Branch 1 Hub IPsec VPN Branch n ASR 1000 ISR G2 ISR G2
  21. 21. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Hybrid WAN Designs Traditional and IWAN Internet MPLS Branch DMVPN GETVPN Internet MPLS Branch DMVPN DMVPN Two IPsec Technologies GETVPN/MPLS DMVPN/Internet Two WAN Routing Domains MPLS: eBGP or Static Internet: iBGP, EIGRP or OSPF Route Redistribution Route Filtering Loop Prevention Active/Standby WAN Paths Primary With Backup One IPsec Overlay DMVPN One WAN Routing Domain iBGP, EIGRP, or OSPF Minimal route filtering Active/Active WAN Paths ISR-G2 ASR 1000 ASR 1000 ISP A SP V ISR-G2 ISP A SP V ASR 1000 ASR 1000 TRADITIONAL HYBRID Data Center IWAN HYBRID Data Center
  22. 22. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Transport Independence Consistent deployment models simplify operations Internet MPLS Branch DMVPN DMVPN IWAN HYBRID Data Center ISR-G2 ASR 1000 ASR 1000 ISP A SP V Internet Internet Branch DMVPN DMVPN IWAN DUAL INTERNET Data Center ISR-G2 ISP A DSL ISP C Cable ASR 1000 ASR 1000 MPLS Branch MPLS DMVPN IWAN Dual MPLS Data Center ISR-G2 ASR 1000 ASR 1000 ISP A SP V DMVPN
  23. 23. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Self, Integrator, or Provider Managed Internet MPLS Branch DMVPN DMVPN Internet MPLS Branch DMVPN DMVPN IWAN HYBRID Data Center IWAN HYBRID Data Center ISR-G2 ASR 1000 ASR 1000MSP ISR-G2 Self or Integrator ASR 1000 ASR 1000 ISP A DSL ISP C Cable Self or Integrator Managed Service Provider Hybrid Model Typical Increases HA Diversity Competitive Service Offering Self/Integrator Managed Hybrid or Internet Models Ownership of Service Levels Competitive Provider Selection MSP
  24. 24. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public What if the CPE is Owned and Managed by an MSP? ISR-AX – IWAN Services Gateway •  Lower cost than overlay appliances •  Integrated services gateway incl AX, SEC, UC, Compute •  Internet path for extra capacity •  Direct Internet Access for improved SaaS Cloud performance ASR 1000 Data Center Branch MSP-RT MPLS ASR 1000WAN Internet ISP-RT ISR-AX AVC WAAS PfR
  25. 25. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Building Highly Resilient WANs Redundancy and Path Diversity Matter ISR G2 MPLS SINGLE ROUTER, SINGLE PATH ISR G2 Internet 99.95%* 99.90%* Downtime per Year 4–9 Hours Downtime per Year 8 Hours 46 Minutes ISR G2 MPLS MPLS Internet ISR G2 MPLS SINGLE ROUTER, DUAL PATHS Internet Internet ISR G2 99.995% 99.995% 99.995% 26 Minutes IWAN Solution DUAL ROUTERS, DUAL PATHS ISR G2 MPLS Internet ISR G2 ISR G2 Internet Internet ISR G2 99.999% 99.999% 5 Minutes ISR G2 MPLS MPLS ISR G2 99.999% * Typical MPLS and Business Grade Broadband Availability SLAs and Downtime per Year, calculated with Cisco AS DAAP tool.
  26. 26. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Traditional to IWAN Transition Migration Steps ADDING DMVPN TO MPLS WAN REPLACING A WAN SERVICE WITH AN INTERNET SERVICE OTHER INTERESTING IWAN TOPOLOGIES * Typical MPLS and Business Grade Broadband Availability SLAs and Downtime per Year. ISR G2 MPLS MPLS ISR G2 MPLS MPLS ISR G2 MPLS MPLS ISR G2 MPLS MPLS Internet Internet ISR G2 MPLS 3G/4G-LTE Internet Internet ISR G2 3G/4G-LTE Internet Internet ISR G2 3 Internet ISR G2 MPLS ISR G2 MPLS MPLS Internet 4 5 0 1 2
  27. 27. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Automated Secure VPN Intelligent Branch ISP Optional External Certificate Authority Enterprise WAN Core AX   MPLS 4G DC Resilient WAN POP Embedded Trust Devices Metro-E AX   AX   APIC Branch Large Site Campus Secure Boot Strap Automatic Configuration and Trust Establishment Dynamic VPN Establishment Key and Certificate Controller IWAN App, Prime, 3rd Party Deploy, Search, Retrieve, Revoke Configuration Orchestration Automatic Session Key Refresh (IKEv2) Trust Revocation 1H2015
  28. 28. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Transport Best Practices •  Private peering with Internet providers Use same Internet provider for hub and spoke sites Avoids Internet Exchange bottlenecks between providers Reduces round trip latency •  DMVPN Phase 3 Scalable dynamic site-to-site tunnels Separate DMVPN per transport for path diversity Per tunnel QOS NG Encryption – IKEv2 + AES-GCM-256 encryption •  Transport settings Use the same MTU size on all WAN paths Bandwidth settings should match offered rate •  Routing Overlay iBGP or EIGRP for high scale (1000+ sites) Single routing process, simplified operations Front-side VRF to isolate external interfaces Branch Internet MPLS DMVPN Purple DMVPN Green IWAN HYBRID Data Center ISP A SP V
  29. 29. Intelligent Path Control Improving Application Delivery and WAN Efficiency
  30. 30. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Getting the Most Out of Your WAN Investment Benefits of Intelligent Path Control Data Center Branch ASR 1000 ASR 1000 WAAS PfR AVC ISR G2 MPLS Internet Enabling Internet-Based WANs Efficient Distribution of Traffic Based Upon Load, Circuit Cost, and Path Preference Per Application Best Path Based on Delay, Loss, Jitter Measurements Protection From Carrier Black Holes and Brownouts Lower WAN Costs Full Utilization of WAN Bandwidth Improved Application Performance Higher Application Availability
  31. 31. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Intelligent Path Control with PfR Voice and Video Use-Case Branch MPLS Internet Virtual Private Cloud Private Cloud •  PfR monitors network performance and routes applications based on application performance policies •  PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth Other traffic is load balanced to maximize bandwidth Voice/Video will be rerouted if the current path degrades below policy thresholds Voice/Video take the best delay, jitter, and/ or loss path
  32. 32. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public What is Performance Routing (PfR)? DSL Cable Branch BR BR Data Center MC “Performance Routing (PfR) provides additional intelligence to classic routing to track and verify the performance quality of a path between two devices over a Wide Area Networking (WAN) to determine the best path for application traffic....” •  Cisco IOS technology •  Two components: Master Controller , Border Router MC+BR
  33. 33. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public PfR Enhances Classical Routing PATH CONTROL METRICS ADAPTIVE •  Topological state •  Least cost path •  Static user preference •  Path cost •  Interface state •  Application-aware •  Policy controlled •  Measured performance •  Delay •  Jitter •  Bandwidth Responds To: •  Measured performance changes (degradation) Responds To: •  Link and node state changes (up/down) + Classical PfR
  34. 34. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public SP1 (MPLS) ISP (FTTH) •  Protect voice and video quality Latency < 150 ms Jitter < 20 ms •  Protect Email applications from WAN congestion Loss < 5% •  Voice and video preferred path SP1 •  Email preferred path ISP •  Increase utilization by load sharing Multimedia and Critical Data Policy Business App Best-Effort Traffic 300ms Delay Detected SP1 (MPLS) ISP (DSL) Voice and Video High Jitter Detected Email Best-Effort Traffic Protecting Critical Applications While Increasing Bandwidth Utilization •  Protect transactional business app from brownouts delay < 250ms •  Preferred path SP1 (MPLS) •  Increase WAN bandwidth efficiency by load-sharing traffic over all WAN paths, MPLS + Internet Business App and Load-Balancing Policy
  35. 35. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Load Balancing Maximizing Link Utilization to Increase Available Bandwidth •  External link Load Balancing by default •  PfR Distributes traffic across a set of links to maintain efficient utilization levels with a defined percentage range. Default utilization range is +/- 20% •  External links can have different available bandwidth, e.g., Int 1/0 = 1.5Mbps, Int 1/1 = 15Mbps •  Load Balancing defaults can be modified by CLI –  Utilization Range –  Max Utilization 90% ISR-G2 WAN Internet MPLS ASR 1000 ASR 1000 Data Center 50% T1 = 750kbps 50% 15Mbps = 7.5Mbps
  36. 36. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public PfR Evolution—Simplification and Scale PfR/OER •  Internet Edge •  Basic WAN •  Provisioning per site per policy •  1000s of lines of config PfRv2 •  Policy simplification •  App Path Selection •  Blackout ~6s •  Brownout ~9s •  Scale 500 sites •  10s of lines of config PfRv3 •  Centralized provisioning •  AVC Infrastructure •  VRF Awareness •  Blackout ~ 2s •  Brownout ~ 2s •  Scale 2000 sites •  Small Branch config 2014 IWAN 2.0
  37. 37. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Performance Routing—Components The Decision Maker: Master Controller (MC) •  Discover BRs, collect statistics •  Apply policy, verification, reporting •  No packet forwarding/inspection required The Forwarding Path: Border Router (BR) •  Gain network visibility in forwarding path (Learn, measure) •  Enforce MC’s decision (path enforcement) •  Does all packet forwarding The Policy Controller: Domain Controller (DC) •  Discover site peers, prefixes and connected networks •  Advertise policy and services •  One per domain, collocated with MC DSL Cable BranchMC+BR BR BR Data Center DC/MC
  38. 38. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public PfR Domain Controller §  Domain Controller Peering Framework –  Site MCs register to Domain –  Advertise to, or request services –  Simplifies deployment and configuration –  Provides topology auto-discovery §  Single point of configuration across the domain §  Used to distribute information to sites: –  Learned site-prefix –  Application/Traffic Policies –  Performance monitoring –  Traffic Class Database BRBR MC/BR MC/BR BRMC/BR WAN1   WAN2   Scaling: recommended 2000 sites max Domain Controller DC/MC Master Controller
  39. 39. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Define Traffic Classes and service level Policies based on Applications or Transport Classifiers ISR G2 ASR1K Border Routers learn current traffic classes going to the WAN based on classifier definitions Learning Active TCs BR BR MC+BR MC+BR MC+BR MC+BR Traffic Classes MC Measure the traffic flow and network performance and report metrics to the Master Controller Performance Measurements BR BR MC+BR MC+BR MC+BR MC+BR MC Master Controller commands path changes based on traffic class policy definitions Best Path BR BR MC+BR MC+BR BR MC+BR MC How PfR Works Key Operations Path EnforcementMeasurementLearn the TrafficDefine Your Traffic Policy
  40. 40. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Dual POPs – Different Prefix •  Requirements: –  Separate datacenters/POPs –  Separate prefix advertised from each datacenters to spokes •  POP2 Hub MC –  Configured as Branch Separate Prefix 10.1.10.0/24 10.1.11.0/24 10.1.12.0/24 10.1.13.0/24 DC/MC1 MC2 BR1 BR2 BR3 BR4 R10 R11 R12 R13 EIGRP/BGP 10.8.0.0/16 10.0.0.0/8 0.0.0.0 10.8.0.0/16 10.9.0.0/16 DMVPN MPLS DMVPN INET EIGRP/BGP 10.9.0.0/16 10.0.0.0/8 0.0.0.0 IWAN POP1 IWAN POP2 Hub MC 10.8.3.3/32 MC 10.9.3.3/32
  41. 41. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public PfRv3 Multiple Next Hop Limitation •  Issues: –  PfRv3 manages traffic between Tunnel Interfaces, not multiple tunnels within a single Tunnel Interface –  Spokes have multiple next hops on the same DMVPN tunnel Interface –  Channel definition: •  local site id + remote site id + DSCP + color(SP) •  No differentiation for multiple channels within a color(SP) •  Solution: PfRv3 DMVPN Multiple Next Hop support –  Need to add sub-color to differentiate channels –  New channel definition •  local site id + remote site id + DSCP + color(SP) + SP tag –  BR1 with tag 1, BR2 with tag 2 •  Targeted for Spring XE 3.15 / PI27 releases Multiple DMVPN Next Hops DMVPN2DMVPN1 10.1.10.0/24 10.1.11.0/24 10.1.12.0/24 10.1.13.0/24 BR1 BR2 BR3 BR4 R10 R11 R12 R13 Hub MC 10.8.3.3/32 MC1 Next Hop 1 Next Hop 2 10.8.0.0/16 IWAN POP1
  42. 42. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Dual POPs – Common Prefix •  Requirements: –  2 (or more) POPs advertise the very same set of prefixes –  Datacenter may not be collocated with the POPs –  DCs/DMZs are reachable across the WAN Core for each PoP –  Branches can access any DC or DMZ across either POP(hub). And, DC/DMZs can reach any branch across multiple POPs (hubs). –  Multiple BRs per DMVPN per site may be required for crypto and bandwidth horizontal scaling •  Targeted for Spring XE 3.15 / PI27 releases Separate Prefix 10.1.10.0/24 10.1.11.0/24 10.1.12.0/24 10.1.13.0/24 IWAN POP1 IWAN POP2 MC1 MC2 R10 R11 R12 R13 Datacenters 10.8.0.0/16 10.9.0.0/16 10.8.0.0/16 10.9.0.0/16 10.8.0.0/16 10.9.0.0/16 0.0.0.0/0 DMVPN MPLS DMVPN INET Backbone/backdoor connectivity between POPs for failover. May not exist BR1 BR1 BR2 BR2 BR3 BR3 BR4 BR4
  43. 43. Optimize Application Performance
  44. 44. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Today’s Network is an IT Blind Spot •  Static port classification is no longer enough •  More and more apps are opaque •  Increasing use of encryption and obfuscation •  Application consists of multiple sessions (video, voice, data) •  What if user experience is not meeting business needs?
  45. 45. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Branch Proliferation of Devices Users/ Machines Private Cloud Make Your IWAN Application Aware Add Cisco AVC DC/Headquarters Public Cloud Cisco AVC 60% of IT Professionals Cite Performance as Key Challenge for Cloud No Probes •  Rich data collection using NetFlow v9/IPFIX •  No additional hardware (and included in AX license) •  Easy to integrate into many reporting tools Smart Capacity Planning •  Better use of costly bandwidth •  Per-branch and per-application level reporting Business Aligned Privacy Enforcement •  No need for complex IP and port ACLs •  See inside HTTP flows to identify specific Cloud applications
  46. 46. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public NBAR 2 IOS NBAR +150 Signatures SCE Classification +1000 Signatures Innovations Native IPv6 Classification Open API 3rd Party Integration.. Next Generation NBAR (NBAR2) Deep Packet Inspection (DPI) •  Provides Advanced Application Classification and Field Extraction capabilities •  In-service upgradable Protocol Definitions No IOS upgrade or reboot for new Protocol Packs •  Backward compatibility to preserve existing NBAR investments •  NBAR2 Protocol List http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6558/ps6616/product_bulletin_c25-627831.html
  47. 47. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public What applications, how much bandwidth, flow direction? (NBAR2 and Flexible Netflow) Basic Monitoring Performance Collection & Exporting Integrated performance monitoring and advanced metrics for different type of applications and use cases HTTP HTTP Voice and Video Performance (Media Monitoring) Unified Monitoring 30% of traffic is voice and video Critical Applications Performance (Application Response Time) 40% of traffic is critical applications
  48. 48. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Proliferation of Devices Users/ Machines Private Cloud Application Performance Monitoring for IWAN Track and Report Application Flows and Performance WAN NetFlow v9 Enterprise Edge AVC AVC CSR NetFlow/IPFIX Records (Same provisioning, same format) •  Traffic statistics records •  Application Response Time records •  Media monitoring records (Application, Jitter, Loss, etc) Cisco Tools Prime, APIC-EM Partner Tools Ecosystem LivePacked Glue Plixer Living Objects CompuWare CA Technologies InfoVista Collecting Collecting Collecting Provisioning Exporting NetFlow v9 Export/IPFIX Export Branch DC/Headquarters AVC AVC
  49. 49. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Internet VPN Up to X Mbps Offered BW : AVAILABLE BW Not always X, typically < X Mbps Branch DC Bandwidth Management Challenges •  Available Link BW Can Change (Internet) ­  Static Bandwidth Provisioning (QoS) not accurate ­  Shapers become inaccurate due to BW fluctuation ­  Cannot predict BW changes at configuration •  Application & User Impact ­  Applications tune based on static shape rate ­  Indiscriminate traffic drops - SAP instead of YouTube!! ­  New calls/flows admitted can degrade performance of existing ones •  How can QOS improve user experience? Degrading Application Experience in Non SLA Environments - Internet
  50. 50. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Adaptive QoS How Does It Work? Adapt Sender shape rate based on the available bandwidth to Receiver Sender Receiver •  Configure MQC Policy with Adaptive Shaping DMVPN Transport Monitoring Enable •  Collect Periodic bw Stats on received traffic Transport Received Rate •  Calculate Available Bandwidth over the WAN •  Adust Egress Shaper to observed rate IWAN 2.0
  51. 51. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Advanced QoS Local Per-Flow Admission Control (PFA) ...... PathSelection Drop or remark flows exceeding nominal interface bandwidth MPLS or Internet PathSelection DMVPN Tunnel ... ...... ASR1000 ASR1000 PathSelection ...... Acts on Egress flows only Dropped or Remarked Flows DMVPN Tunnel MPLS or Internet Branch Branch DC Flows shaped to Available Link BW. PFA Algorithm is aware of Adaptive Shape Rate! WAN bandwidth oversubscription problem •  The N+1 flow on the pipe can affect quality of all existing N flows!! •  Problem compounded as available BW itself is variable and not predictable IWAN 2.0
  52. 52. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Private Cloud Add WAN Optimization with WAAS + Akamai Speed and Bandwidth Benefits on Top of the IWAN Branch DC/Headquarters Faster Applications, More Users, Less Bandwidth •  90% HD Video optimization and better user experience •  Twice as many Citrix users over same WAN, 70% faster •  Toyota: ROI in less than one year, 65% BW cost savings Easy to Deploy •  Works with existing branch routers (and existing AX license Scalable •  AppNav Controller and WAVE pool is scalable •  Native HA capability vWAAS Proliferation of Devices Users/ Machines AppNav-XE Controller CSR WAVE WAN Accelerate Any TCP Connection
  53. 53. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco WAAS Enhancing User Experience and WAN Efficiency Solution •  Reduce load Data redundancy elimination (DRE), compression, and TCP optimization •  Application optimization Fewer protocol messages and metadata caching Problem •  Application latency •  WAN bandwidth inefficiencies Application bandwidth with Cisco® WAAS Application bandwidth natively Application latency natively Application latency with Cisco WAAS 0 0 1 2 3 4 40 80 120 160 Application Bandwidth Application Latency Bandwidth (Mbps) Latency (Seconds) Reduction in bandwidth Reduction in latency
  54. 54. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public © 2010 Cisco Systems, Inc. All rights reserved. WAN Application-Specific Acceleration §  Application and protocol awareness Eliminate unnecessary chatter Save WAN bandwidth Pre-populate edge cache as necessary Enable disconnected operations § Intelligent protocol acceleration Read-ahead, prediction, and batching Safe data and metadata caching Improves application response time Provide origin server offload § DRE Hints Application intelligence signals to DRE & LZ… whether to compress whether to cache Safe Caching Read-ahead Prediction Batching DRE Hinting WAN Optimization DRE/TFO/LZ Origin Server Offloaded Application Specific Acceleration
  55. 55. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN 2.0 Data CenterBranch Akamai Intelligent Platform Optimal Experience Regardless of Device, Connectivity or Cloud All HTTP Traffic in Private, Public, Akamai Cloud Prepositioning | Dynamic HTTP Caching (YouTube) | Any Transport ISR-AX AKAMAI Inside AKAMAI CACHE WAN IWAN – Application Optimization with Akamai Connect
  56. 56. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Akamai Connect Caching & Prepositioning Branch MPLS (IP-VPN) Private Cloud Virtual Private Cloud Public Cloud Akamai   Intelligent   Pla3orm   WAAS Optimization + Akamai Connect improves both Private and Public Cloud performance Cached & Prepositioned content improves application response time dramatically Prepositioning of internet and Private cloud content, including dynamic URLS like YouTube Caches HTTP Content Akamai Connect works over WAN and directly from the Internet
  57. 57. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Supports Akamai Cloud | Single-sided Optimization | Secure Direct Internet Access Application Acceleration + Edge Caching Enhancing User Experience while reducing WAN load AKAMAI CACHING Transparent HTTP Caching Dynamic URL OTT HTTP Caching Akamai Connected Cache Content Pre-positioning CISCO WAAS Optimization LZ Compression TCP Optimization Data De-duplication Application Specific Acceleration
  58. 58. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco WAAS & Akamai Deployment Models Branch Office WAAS Service Module/ UCSe Branch Office WAAS-XE on ISR-4000 Branch Office WAAS Appliance Regional Office WAAS Appliance Data Center or Private Cloud WAAS Appliances VPN VMware ESXi vWAAS Appliances Server VMs AppNav + WAAS IWAN vWAAS WAE Server VMs VMware ESXi Server Nexus 1000v vPATH UCS /x86 Server FC SAN Nexus 1000v VSM Virtual Private CloudIWAN 2.0
  59. 59. IWAN Secure Connectivity
  60. 60. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Intelligent WAN: Secure Connectivity Securing the network and users Secure WAN Transport Branch MPLS (IP-VPN) Internet Secure Internet Access Private Cloud Virtual Private Cloud Public Cloud Two areas of concern 1.  Protecting the network from outside threats with data privacy over provider networks 2.  Protecting user access to Public Cloud and Internet services; malware, privacy, phishing,…
  61. 61. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Securing the IWAN Transport IPSec VPN and Access Control •  Step 1: Secure Transport IPSec with DMVPN overlay Secure transport independent overlay Add Strong Cryptography: IKEv2 + AES-GCM 256 F-VRF to isolate internal routing domain •  Step 2: Access Control IOS Zone-based Firewall or ACLs Minimize exposure DHCP addressing for Internet and tunnel interfaces Don’t put tunnel addresses into DNS •  Step 3: Choose your performance level Size router based on Encryption with Services and WAN bandwidth Head-end: ASR1000 or ISR4451X Branch: ISR-G2 or ISR-4000 DSL Cable Branch ASR 1000 ASR 1000 ISP A ISP C Data Center
  62. 62. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public * RFC 6379 ** RP2 is only supported in ASR1004 , ASR1006, and ASR1013 Cisco Router Security Certifications FIPS Common Criteria Suite B* 140-2, Level 2 EAL4 Hardware Assist Cisco ISR 890 Series ü P P Cisco ISR 1900 Series ü P P Cisco ISR 2900 Series ü P P Cisco ISR 3900 Series P P P Cisco ISR 4000 Series P P P Cisco ASR 1000 Series P ü P**
  63. 63. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco VPN ISM for ISR G2 Delivering High Performance VPN for Branch Routers Features •  Plug and play Internal Service Module (ISM) for VPN acceleration •  Hardware encryption support for both IPsec and SSL VPN •  Hardware support for IKEv2 and Suite B NG crypto algorithms Performance •  High IPsec VPN throughput (Up to 1.2Gbps) •  Up to 3X throughput and 2X supported IPsec tunnels over onboard crypto engine Platform Requirements •  IOS Requirement: 15.2(1)T1 or later •  Supported Platforms: 1941, 2901, 2911, 2921, 2951, 3925, 3945 –  (Note: Not supported on 1941W, 3925E, 3945E)
  64. 64. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public DSL Cable Branch ASR 1000 ASR 1000 ISP A ISP C Data Center Add Network Integrated Threat Defense IOS Zone-Based Firewall •  Control the Perimeter: –  External and internal protection: internal network is no longer trusted –  Protocol anomaly detection and stateful inspection •  Communicate Securely: –  Call flow awareness (SIP, SCCP, H323) –  Prevent DoS attacks •  Flexible: –  Split Tunnel-Branch direct Internet access –  Internal FW— addresses regulatory compliances •  Integrated: –  No need for additional devices, expenses and power –  Works with other IWAN Services: CWS, WAAS, UCS-E,… •  Manageable: –  Supports CLI, SNMP, CCP, and CSM –  Supports Cisco Configuration Engine
  65. 65. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public •  Virtual Route Forwarding (VRFs) create multiple logical routers on a single device –  Separate control/forwarding planes per VRF –  No connectivity between VRFs by default –  Provider side VRF (yellow) for external networks, Global VRF (blue) for internal networks •  Provider VRF minimizes threat exposure –  Default routing only in Provider VRF –  Provider assigned IP addressing hides internal network –  Provider IP address used as IPSec tunnel source –  Only IPsec allowed between internal Global and Provider Front Side VRFs Securing IWAN Transports with Front-door VRF Isolation of external networks Global F-VRF Branch LAN 10.1.1.0/24 10.1.2.0/24 … Front Side Provider VRF Provider Assigned WAN IP Address 192.168.254.254 VRFs have independent routing and forwarding planes IPSec Tunnel Interface Global Enterprise VRF IOS ZBFW or ACL to permit only authorized traffic; i.e. IPsec
  66. 66. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public DSL Cable Branch ASR 1000 ASR 1000 ISP A ISP C Data Center Protecting Public facing IWAN Interfaces •  Use ACLs, ZBFW or ASA to block all traffic except the DMVPN tunnel traffic to routers •  Zone Based Firewall (ZBFW) at the branch if there are plans for direct Internet access •  Typical ACL for protecting the Internet interface interface GigabitEthernet0/0 bandwidth 10000 ip vrf forwarding INET-PUBLIC1 ip address dhcp ip access-group ACL-INET-PUBLIC in duplex auto ! ip access-list extended ACL-INET-PUBLIC permit udp any any eq non500-isakmp permit udp any any eq isakmp permit esp any any permit udp any any eq bootpc permit icmp any any echo permit icmp any any echo-reply permit icmp any any ttl-exceeded permit icmp any any port-unreachable permit udp any any gt 1023 ttl eq 1 !
  67. 67. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Intelligent WAN—Direct Internet Access Branch MPLS (IP-VPN) Internet Direct Internet Access Private Cloud Virtual Private Cloud Public Cloud •  Leverage Local Internet path for Public Cloud and Internet access •  Improve application performance (right flows to right places) Solutions On Premise – Zone Based Firewall Cloud Based – Cloud Web Security CWS ISR-AX ZBFW
  68. 68. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Cloud Web Security Centralized Management for Distributed Policy Cisco ScanCenter Portal
  69. 69. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Secure Internet Access with Cisco Cloud Web Security (CWS) Secure Public Cloud and Internet Access ISR Connector to CWS Firewall towers Web Filtering, Access Policy, Malware Detect WAN1 (IP-VPN) CWS Private Cloud Public Cloud Branch WAN2 (Internet) IWAN IPsec VPN for Private Cloud TrafficIOS Firewall to protect Internet Edge Internet
  70. 70. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco ISR CWS Connector How it Works HQ Routes HQ Traffic Default Route WAN Tunnel CWS Connector MPLS (IP-VPN) CWS Private Cloud Virtual Private Cloud Public Cloud Internet Branch DSL Interface Cisco ISR G2 with CWS Cloud Connector—FUNCTIONS: •  Authenticate router and client to CWS cloud •  Intercept HTTP/HTTPS traffic based on ACL filters •  Add user credentials header for identifying policy to be applied •  Traffic Relay: replace client Source IP address with Egress address •  Redirect to CWS for scanning •  Act as HTTP proxy to complete requests •  Allow/Block or Warn based on user or group policy •  Scan for Malware
  71. 71. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public CWS Features •  Custom, granular user-based policies managed in the cloud •  User-based reporting •  URL, IP, host, and user agent-based whitelisting for trusted sites (bypasses CWS filtering) •  Default block or permit action in case of tower unreachability •  Single sign-on support •  IP and browser-based authentication bypass features •  Authenticated IP cached with absolute/idle timer options •  Default “guest” access on authentication failure •  Multiple authentication support User Experience Transparent Prompts user for login Prompts user for login Supported ADs Microsoft AD/ LDAP Microsoft AD/ LDAP, ACS Microsoft AD/ LDAP, ACS Authentication Type NTLM (v1and v2) HTTP Basic Web Auth
  72. 72. IWAN Orchestration and Automation
  73. 73. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Specialized Management Cloud-Based Management •  Eliminates manual building of WANs •  Automated SD-WAN orchestration •  Centralized hybrid WAN management •  Quick config updates and IOS upgrades •  Leverages onePK and REST APIs •  Integrates with Cisco AVC and PfR •  Monitor and analyze application traffic •  End-to-end flow visualization •  Flow & App-based Troubleshooting •  Fix and Verify in Realtime Cisco IWAN Management Automates Deployment and Lifecycle Management Application Aware Network Performance Management On-Prem Management Prime Infrastructure 2.2 •  Single-pane view of IWAN •  IWAN deployment workflows •  Plug and Play •  DMVPN, QoS, AVC deployment and monitoring •  PfR v3 in Q1 2015 •  License includes IWAN App and APIC- EM controller! End-to-End Assurance of Application Experience
  74. 74. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Prime Infrastructure 2.2 for IWAN •  IWAN workflow wizard with PnP •  Template-based IWAN configs •  PfRv3 Domain, MC and BR •  AVC One-Click provision •  QoS Provisioning •  Single or Dual Router Branch •  CVD-based, Customizable •  AVC Readiness Assessment •  AVC, QoS, PfR Visibility •  Leverages APIC EM services
  75. 75. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Prime Infrastructure Plug-n-Play Options No CLI Skills Required PnP 1 PnP 2 PnP 3 USB stick to bootstrap the ISR •  Installer connects LAN/WAN cables •  ISR loads bootstrap config from USB memory stick Prime Plug-n-Play Application •  Installer connects LAN/WAN cables + a USB console cable to a Laptop/iPhone/iPad •  PnP Application bootstraps the router Cisco Configuration Professional Express (ISR Device GUI) •  Installer connects LAN/WAN cables + a PC to a LAN port •  CCP Express Application to bootstrap the router
  76. 76. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public WAN1 (IP-VPN) Branch WAN2 (Internet) Prime Plug-n-Play Solution Components PnP Application Installer application for iPhone, iPad, and Windows PC used for authenticating and booting the IOS device Prime Infrastructure Server manages and distributes deployment information (images, configurations, and licenses) Private Cloud CNS Agent CNS Protocol Cisco PnP protocol for loading IOS image and initial configuration IOS CNS Agent Uses bootstrap config to access the PnP Server
  77. 77. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Plug-n-Play Application Workflow Overview 0 Pre-Provisioning In Prime Infrastructure •  Administrator creates a Plug and Play device profile in Prime Infrastructure •  Administrator specifies device names, desired configuration, SW image, and optionally the device serial numbers •  A deployment PIN number is generated for each device and can be emailed to the installer 1 Installation at the End Location •  Installer receives the device, mounts the device and connects the cables •  Installer launches Plug-and-Play application and enters the PIN •  Plug-and-Play application registers the device serial number with Prime and then downloads bootstrap configuration to the device •  Device downloads the SW image and full configuration from Prime, Plug-and-Play application displays status
  78. 78. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public BRANCH LOCATION Prime Plug-n-Play Application Simplified Branch Router Deployment NETWORK OPERATIONS CENTRE (NOC) ENTERPRISE OR SP Remote ISR Prime Infrastruct ure SP Network (MPLS/Internet) https 3.  PnP App retrieves serial number from ISR 4.  PnP App requests router config through the 3G connection 8.  ISR bootstrap downloads IOS image and full config from PnP Server 1.  Installer connects the PC to ISR with USB cable and starts PnP App 6.  PnP Gateway registers router Serial number and gets the ISR bootstrap config from Prime Infrastructure 7.  PnP App receives bootstrap config from PnP Gateway and installs it on ISR Alternatively, installer could download the bootstrap config by logging in to the PnP Gateway’s portal prior to installation, eliminating the need for 3G/4G connection 2.  Installer enters PIN and clicks “install” PnP Gateway DMZ USB Console Cable PnP App 5.  PnP Gateway validates installers credentials ISE Radius, LDAP or AD DES/One-Time- Password 3G/4G
  79. 79. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Management with Application aware Network Performance Management + QoS Control • End-to-End topology, flow and trace visualization • Search capability • Alert drilldown to applicable flows • Point-and-click FnF configurations • QoS dashboard and alert drill-down • Pre and post-QoS graphs • Congestion indicators • Single-click QoS audit • QoS/ACL graphical configurator • Customized policies with 25+ QoS templates • Apply policy to multiple devices w/ single click • CLI preview •  LAN path and Spanning Tree connections •  Trunk and access bandwidth •  Layer 2 QoS stats •  VLAN filtering in topology view • IP SLA topology view • IP SLA dashboard • Graphical IP SLA configurator • Support all IP SLA tests including Video Operations • Topology view of active routes • Graphical Policy Based Routing • Trace path to destination with return route Flow QoS Monitor QoS Configure RoutingLAN IP SLA See Visualize Point Troubleshoot, Decision Making Click Control, Deploy Fix Improve
  80. 80. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Glue Networks IWAN Orchestration •  Cloud-based SaaS subscription model •  Eliminates manual building of WANs •  Automated WAN orchestration and management •  Quick configuration updates and IOS upgrades •  Rapidly delivers nextgen and IWAN features •  Forward compatible with SDN and OnePK for app aware WANs •  Broadband and MPLS support for centralized hybrid WAN management for IWAN
  81. 81. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Implement •  Provision head end routers prior to branch routers •  Initiate provisioning via USBConnect for both greenfield and brownfield routers •  Routers re-provisioned to Gluware management •  Glueware lifecycle management and orchestration Quick configuration changes and IOS upgrades 1 Plan •  Identify network services and IOS features (Security, QoS, etc.) •  Identify existing WAN infrastructure for inclusion into Gluware orchestrated WAN •  Translate network characteristics and design into templates via Gluware DC/HQ Secure SSH Tunnel Branch Branch Internet Existing WAN Router Glue Networks Migrate Existing WAN Routers into Gluware Management
  82. 82. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Automation and Orchestration Evolution APIC- EM Device Abstraction Layer REST APIs APIC-EM Services (Partial) CLIOnePK/Openflow PKI Svc NetFlow Svc PnP Svc Network Svc Events Svc Inventory Svc Traditional Management Systems CiscoPrime Evolutio n Apps IWAN Transport PKI Automation Security Intelligent Path Control Cisco IWAN Apps Partners (future) Application Experience PnP Provisioning Q2 CY2015 Capacity Planning, Troubleshooting, Change controlPrime
  83. 83. Cisco IWAN Product Portfolio
  84. 84. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Start with Cisco AX Routers IWAN Capabilities Embedded in the Router ISR-AX Simplify Application Delivery One Network UNIFIED SERVICES ASR1000-AX ISR-4000AX Transport Independent Secure Routing Optimization Control Visibility Cisco AX Routers 800 | 1900 | 2900 | 3900 | 4000 | ASR 1000
  85. 85. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Branch Services Routers INTEGRATED IWAN SERVICES APPLICATION CENTRIC APPLIANCE LEVEL PERFORMANCE ! IOS Firewall, VPN, IPSec, PfRV3, NBAR2, AVC, AppNav, VRF, MPLS ! Scalable on-chip service provisioning ! App/User policy-driven deployment ! APIC_EM Automation: deploy in minutes ! Pay-as-you-grow ! Up-to-75% cost savings ! Service-Aware Dataplane ! Resilient Service Virtualization ! Multi-gigabit Fabric ASR4000 Series - IWAN AX Ready, Next Generation Branch ISR4431 ISR 4351 ISR 4331 ISR4321 ISR4451 500Mbps/1Gbps 200/400Mbps 100/300Mbps 50/100Mbps 1-2Gbps NEW! NEW! NEW! NEW! Information Reference
  86. 86. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Aggregation Border Routers ASR1000 - IWAN AX Ready, High Performance Routers INTEGRATED IWAN SERVICES BUSINESS-CRITICAL RESILIENCY COMPACT, POWERFUL ROUTER ! IOS Firewall, VPN, IPSec, PfRV3, NBAR2, AVC, AppNav, VRF, MPLS ! Scalable on-chip service provisioning ! Separate control and data planes ! Hardware and software redundancy ! In-service software upgrades ! Line-rate performance 2.5G to 200G+ with services enabled ! Crypto performance from 2G to 60G+ ! Flexible I/O: SPAs and Ethernet LCs §  2.5G Upgradeable to 5G, 10G, 20G §  Up to 8G Crypto Throughput §  5G Upgradeable to 10G, 20G, 36G §  Up to 4G Crypto Throughput §  Modular, Redundant up to 200G §  Up to 60G Crypto Throughput ASR1001-X ASR1002-X Modular ASR1006 NEW! Information Reference
  87. 87. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco UCS-E Series Extend Cloud Services into Branch Infrastructure Support on ISR G2 and 4000 Series IOS, MGF Backplane Switch UCS-E Blade Hypervisor CIMC E UCS-E Blade Hypervisor OS App OS App OS App OS AppPlatform for WAN Edge Applications Microsoft Windows-Server and Linux Certified Server Virtualization Cisco UCS Virtualization Powered by VMware, Microsoft, Citrix Dedicated Blade Management Cisco Integrated Management Controller Consistent management for UCS family Multipurpose x86 Blades Cisco UCS E Series modules House up to four server blades in an ISR Single-Device Network Integration House all devices in ISR G2 chassis Multigigabit fabric backplane switch Information Reference
  88. 88. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco UCS E-Series Server Hypervisor and OS Support Hypervisors •  VMware vSphere Hypervisor™ 5.0, update 1, 5.1 and 5.5 •  Hyper-V (Windows 2008 R2 and 2012, 2012 R2) •  Citrix XenServer 6.0 Microsoft Windows •  Windows Server 2008 R2 Standard 64-bit •  Windows Server 2008 R2 Enterprise 64-bit •  Windows Server 2012, 2012 R2 Linux •  Red Hat Enterprise Linux 6.2 •  SUSE Linux Enterprise 11, service pack 2 •  Oracle Enterprise Linux 6.0, update 2 Information Reference
  89. 89. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Future Application Delivery Write once. Run anywhere. Blade Hosting Server Hosting Cisco Network Operating System External Server Network Services & Applications Traditional Features ContainerCisco Network Operating System Embedded Network Services ISR-4000 Hosting Cisco Network Operating System Feature Container Cisco Network Operating System Network Services & Applications UCS-E Blade NEW!
  90. 90. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Cisco Advanced Services IWAN Portfolio Customer Situation Advanced Services Offering Looking to explore IWAN architecture evolution Network Architecture Discovery Workshop Desire to evaluate current branch architecture and devise IWAN architecture strategy Network Architecture Assessment and Strategy Assistance with designing and planning an IWAN deployment strategy Network Planning and Design Customer wants Cisco to manage the full migration to the IWAN solution through a turn- key service Network Planning, Design, and Implementation Service NEW!
  91. 91. IWAN 2.0 Considerations
  92. 92. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN 2.0 Considerations •  Intelligent Path Control –  Horizontal scaling with multiple BRs at a site connected to a single DMVPN network –  Common/same prefixes being reachable over multiple hub/pop locations –  Enhancements coming in Spring 2015 •  Application Optimization –  AVC requires flow symmetry across the same border router to classify stateful applications •  Problematic at sites with dual routers; e.g. hub/pop locations •  Enhancement coming in the Summer or Fall 2015 release •  Secure Connectivity –  CWS connector not currently supported on the ISR-4000 series routers •  Support coming in the Summer 2015 release
  93. 93. Why Cisco IWAN?
  94. 94. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public 1st 3rd Savings & Loan (13S&L) Scenario Current Network Design •  East and West Data Centers (DC) for redundancy and business continuance •  Internet DMZs at each DC –  13S&L.com Internet presence –  Employee Internet access –  7200 series routers and PIX firewalls •  WAN –  513 branches with 2 Hub/DC sites –  MPLS VPN provided by AsTheBellTolls (ATBT) •  3 Classes of service – Real Time, Data and Default •  99.95% circuit availability •  T3 and ½ T1 access to VPN –  7200 and 2800 series routers Branch-1 Branch-513 768kbps DS3 45Mbps ATBT MPLS VPN 7200 72007200 7200 28112811 3 CoS InternetInternet 7200 7200 DCI WAN Core DC-WestDC-East
  95. 95. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Internet Intelligent WAN Summary •  Transport Independent Design –  Hybrid MPLS + Internet transports Increased bandwidth with higher availability •  Intelligent Path Control –  Performance Routing (PfR) to protect critical applications and load balance traffic to maximize expensive WAN bandwidth •  Application Optimization –  Application Visibility and Control (AVC) to monitor application performance at the branch –  WAAS + Akamai to reduce bandwidth consumption and improved application experience •  Secure Connectivity –  Cloud Web Security (CWS) for improved performance of Public Cloud and Internet applications while reducing bandwidth over the WAN, without compromising security or control •  IWAN Management –  Prime, LiveAction, or GlueWare with SDN evolution with APIC-EM Branch-1 Branch-513 DCI WAN Core MC MC 20M Dn 2M Up 512M FD BR BR ATBT MPLS Island ADSL BR ISR-AX vWAAS ISR-AX vWAAS 1.5M FD 256M FD CWS BR ASR-AX ASR-AX WAAS WAAS AV C AV C AV C ShowMe$$ DC-WestDC-East Internet Internet
  96. 96. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Branch MPLS (IP-VPN) Internet Private Cloud Virtual Private Cloud Public Cloud Cisco Intelligent WAN (IWAN) Secure WAN Transport Direct Internet Access Mixed Transport WAN with High Reliability SLAs for Business-Critical Applications Centralized Security Policy for Internet Access Dramatically Lower WAN Costs Without Compromise
  97. 97. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Customer Proof of Concept (CPOC) IWAN Pre-Built Static Testbed (PBST) •  IWAN LAB for customer hands-on testing •  Network, Management, Traffic Generators and Impairment •  Remote Access with Telepresence
  98. 98. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public CPOC IWAN PBST Questions? Contact your Cisco Sales or Partner Representative
  99. 99. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public IWAN Sessions Cisco Live Milan Techtorial TECCRS-2004 Implementing the Intelligent WAN (IWAN) Jean-Marc, Scott, Steve, David, Bill, Patrick Breakouts BRKCRS-2000 Intelligent WAN (IWAN) Architecture Scott Van de Houten BRKRST-2362 Implementing Next Generation Performance Routing – PfRv3 Jean-Marc Barozet BRKAPP-2030 Troubleshoot Business Applications with Advanced Monitoring Techniques Karthik Dakshinamoorthy BRKRST-2514 Application Optimization and Provisioning the Intelligent WAN (IWAN) Bill Reilly BRKRST-2041 WAN Architectures and Design Principles Adam Groudan BRKCRS-2042 Highly Available Wide Area Network Design David Prall BRKNMS-2845 IWAN and AVC Management with Cisco Prime Infrastructure Tony Hosseiny Others LTRCRS-2005 Intermediate - Intelligent WAN (IWAN) Hands-On Lab : Leveraging Prime to deploy the IWAN Solution to The Next Generation Branch Bill Reilly CCSRST-2400 SkyConnect, Lufthansa Systems global WAN Platform. Moving Business PKI to “IWAN” while adding more services to the network Markus Voegel (Lufthansa) Related BRKCRS-2448 Innovations in Branch Routing Matt Bollick BRKRST-2121 Self Learning Networks Jean-Philippe Vasseur BRKNMS-3132 Advanced NetFlow Benoit Claise BRKRST-2040 WAN and Remote-Site Deployment using Cisco Validated Designs Adam Groudan PSORST-2008 Introduction to Cisco ISR 4000 Series: Architected for Application Performance Jay Chokshi TECCRS-2003 Advanced WAN Design Topics (Techtorial - 8h) Adam Groudan, David Prall, Mark Mitchiner, Arvind Durai
  100. 100. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Call to Action •  Visit the World of Solutions for –  Cisco Campus – (speaker to add relevant demos/areas to visit) –  Walk in Labs – (speaker to add relevant walk in labs) –  Technical Solution Clinics •  Meet the Engineer (Speaker to specify when they will be available for meetings) •  Lunch time Table Topics •  DevNet zone related labs and sessions •  Recommended Reading: for reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2015
  101. 101. © 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public Complete Your Online Session Evaluation •  Please complete your online session evaluations after each session. Complete 4 session evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt. •  All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

×