Cisco Intelligent WAN (IWAN) Solution

12,889 views

Published on

Published in: Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
12,889
On SlideShare
0
From Embeds
0
Number of Embeds
27
Actions
Shares
0
Downloads
2,331
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide

Cisco Intelligent WAN (IWAN) Solution

  1. 1. Cisco Intelligent WAN (IWAN) Solution Scott Hodgdon Senior Technical Marketing Engineer Enterprise Networking Group 19.12.2013 © 2013 Cisco and/or its affiliates. All rights reserved.
  2. 2. Why IWAN ?
  3. 3. Average #apps per device*: 41 Average app size**: 23 MB (iOS) 6 MB (Android) 25 MB (Windows) OS update file size***: 130 MB (iOS 6 for iPad 4) 168 MB (Jelly Bean 4.1) 400.0 MB (Windows 7) 700.0 MB (iOS 7 for iPhone 5) Sources: * http://www.nielsen.com/us/en/newswire/2012/state-of-the-appnation-%C3%A2%C2%80%C2%93-a-year-of-change-and-growth-in-u-s-smartphones.html ** https://www.abiresearch.com/press/average-size-of-mobile-games-for-ios-increased-by*** http://www.wirelessandmobilenews.com/2013/05/samsung-galaxy-s3-iii-update-android-4.2.1-jelly-bean.html http://theiphonewiki.com/wiki/Firmware#iPad_4 © 2012 Cisco and/or its affiliates. All rights reserved. http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/what-is-average-monthly-size-of-update-downloads/dfe9bb34-c2dd-478e-a6cb-0a26228cf552 3
  4. 4. The Application Landscape Is Changing Applications are Moving to the Data Center and Cloud Cloud Internet Edge Is Moving to the Branch Branch Data Centers Pressures on the WAN Cloud of CIOs Expect to Operate via the Cloud by 2015 © 2013 Cisco and/or its affiliates. All rights reserved. Mobility More Mobile Data Traffic by 2015 Fat Apps Of Mobile Traffic will be Video Cisco Confidential 4
  5. 5. Commodity Transports Viable Now Dramatic Bandwidth, Price Performance Benefits Higher Network Availability Improved Performance Over Internet © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
  6. 6. Example: San Francisco Single MPLS VPN vs Dual Business Internet ($ per month) $1,014 -75% $885 $830 Simple example: 10 Mbps $665 savings/month x 12 months x 1000 sites $220 1.5 Mbps $303 $274 $260 = $8M savings per year $140 MPLS VPN CoS1 MPLS VPN CoS2 MPLS VPN CoS3 iWAN Dual Internet links combined for Ent SLA Source: Telegeography MPLS VPN pricing for San Francisco as of March 2013; Comcast Web site; Verizon Web site © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
  7. 7. Dual MPLS Dual Internet Hybrid Public Public Enterprise Internet MPLS MPLS Dual MPLS  Highest SLA guarantees – Tightly coupled to SP ẋ Expensive © 2013 Cisco and/or its affiliates. All rights reserved. Internet Internet Internet MPLS Hybrid  More BW for key applications  Balanced SLA guarantees – Moderately priced Dual Internet  Best price/performance  Most SP flexibility – Enterprise responsible for SLAs Consistent VPN Overlay enables Security across Transition Cisco Confidential 7
  8. 8. Secure IPsec VPN overlay MPLS (IP-VPN) Branch Direct Internet Access • • • • Internet Secure WAN Transport for Private and Virtual Private Cloud access Leverage Local Internet path for Public Cloud and Internet access Increase WAN capacity – cost effectively! Improve application performance (right flows to right places) © 2013 Cisco and/or its affiliates. All rights reserved. Private Cloud Virtual Private Cloud Public Cloud Cisco Confidential 8
  9. 9. Internet as WAN with High Reliability WAN (IP-VPN) SLAs for Business Critical Applications Branch Internet Centralized Security Policy for Internet Access Dramatically Lower WAN Costs without Compromise © 2013 Cisco and/or its affiliates. All rights reserved. Private Cloud Virtual Private Cloud Public Cloud Cisco Confidential 9
  10. 10. AVC Private Cloud Internet Virtual Private Cloud 3G/4G-LTE Branch Transport Independence • Consistent operational model • Simple Provider migrations • Scalable and Modular design • DMVPN IPsec overlay design WAAS PfR Intelligent Path Control MPLS Public Cloud Application Optimization • Application best path based on delay, loss, jitter, path preference • Application monitoring with Application Visibility and Control (AVC) • Load Balancing for full utilization of all bandwidth • Application Acceleration and bandwidth savings with WAAS • Improved network availability • Performance Routing (PfR) Secure Connectivity • Certified strong encryption • Comprehensive threat defense with ASA and IOS Firewall/IPS • Cloud Web Security (CWS) for scalable secure direct Internet access
  11. 11. Transport Independent Design
  12. 12. Transport Independent Simplifies WAN Design Flexible Secure Proven Robust Security Dynamic Full Meshed Connectivity Easy multi-homing over any carrier service offering Consistent design over all transports Certified crypto and firewall for compliance Automatic site-to-site IPsec tunnels Single routing control plane with minimal peering to the provider Zero-touch hub configuration for new spokes Scalable design with high performance cryptography in hardware ASR 1000 Internet ISR-G2 WAN Branch ASR 1000 MPLS © 2013 Cisco and/or its affiliates. All rights reserved. Data Center Cisco Confidential 12
  13. 13. IWAN Hybrid Traditional Hybrid Active/Active WAN paths Active/Standby WAN Paths - Primary with Backup Data Center Data Center ASR 1000 ASR 1000 ASR 1000 ASR 1000 1 DMVPN IPsec Overlay 2 IPsec Technologies - MPLS/GETVPN - Internet/DMVPN GETVPN DMVPN 2 WAN Routing Domains - MPLS: eBGP or static - Internet: iBGP, EIGRP or OSPF - Route Redistribution to force primary path - Route Filtering loop prevention MPLS Internet ISR-G2 © 2013 Cisco and/or its affiliates. All rights reserved. Branch DMVPN DMVPN MPLS Internet 1 WAN Routing Domain iBGP, EIGRP, or OSPF ISR-G2 Branch Cisco Confidential 13
  14. 14. IWAN Hybrid IWAN Dual Internet 1 Active-Active WAN Paths Data Center 1 DMVPN IPsec Overlay ASR 1000 ISP C ISP A Cable DSL DMVPN DMVPN MPLS Internet ISR-G2 © 2013 Cisco and/or its affiliates. All rights reserved. ASR 1000 ASR 1000 SP V ISP A 1 WAN Routing Domain iBGP, EIGRP, or OSPF Data Center ASR 1000 Branch DMVPN DMVPN Internet Internet ISR-G2 Branch Cisco Confidential 14
  15. 15. Data Center • Private peering with Internet providers Use same Internet provider for hub and spoke sites Avoids Internet Exchange bottlenecks between providers Reduces round trip latency • Use a separate DMVPN network per provider Increases availability Enables PfR to optimize traffic between provider ASR 1000 ASR 1000 ISP C ISP A • Transport settings Use the same MTU size on all WAN paths Bandwidth settings should match offered rate Use a Front-Side VRF to separate Internet and Internal Default route s Cable DSL • Internet Security Use Access-Lists or Firewalls to block all traffic except DMVPN tunnel traffic Use provider’s IP addresses for tunnel source addresses Do not be registered tunnel addresses in DNS to make the routers difficult for others to find © 2012 Cisco and/or its affiliates. All rights reserved. ISR-G2 Branch 19
  16. 16. Intelligent Path Control
  17. 17. Benefits of Intelligent Path Control • Improved Application Performance • Lower WAN Costs Per application best path based on delay, loss, jitter measurements Enabling Internet based WANs • Full Utilization of all WAN bandwidth • Increased Application Availability Efficient distribution of traffic based upon load, circuit cost and path preference Protection from carrier black holes and brownouts AVC MPLS ASR 1000 ISR G2 ASR 1000 Branch © 2012 Cisco and/or its affiliates. All rights reserved. WAAS PfR Internet Data Center 24
  18. 18. Voice/Video take the best delay, jitter, and/or loss path MPLS Branch Other traffic is load balanced to maximize bandwidth Internet • PfR monitors network performance and routes applications based on application performance policies • PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth © 2013 Cisco and/or its affiliates. All rights reserved. Private Cloud Virtual Private Cloud Voice/Video will be rerouted if the current path degrades below policy thresholds Cisco Confidential 25
  19. 19. Detect loss greater than 10% Hybrid IWAN Detect high jitter Voice and Video Cloud Services Best-Effort Traffic SP1 (MPLS) ISP (Internet) Cloud Services and Load-Balancing Policy • Protect business cloud applications from brownouts Loss less than 5% • Preferred path for Critical Applications: SP1 (MPLS) Dual Internet WAN • Increase WAN bandwidth efficiency by load-sharing traffic over all WAN paths, MPLS + Internet VDI Best-Effort Traffic ISP-1 (Cable) ISP-2 (DSL) Multimedia and Critical Data Policy • Protect voice and video quality Latency less than 150 ms; Jitter less than 20 ms • Protect VDI applications from brownouts Loss less than 5% • Voice and video preferred path SP-A • VDI preferred path SP-B • Increase utilization by load sharing
  20. 20. Data Center The Decision Maker: Master Controller (MC)    Discover BRs, collect statistics Apply policy, verification, reporting No packet forwarding/ inspection required MC BR BR The Forwarding Path: Border Router (BR)    Gain network visibility in forwarding path (Learn, measure) Enforce MC’s decision (path enforcement) Does all packet forwarding Cable DSL Optimize by:   Reachability, Delay, Loss, Jitter, MOS, Throughput, Load, and/or $Cost © 2012 Cisco and/or its affiliates. All rights reserved. MC+BR Branch 27
  21. 21. Application Optimization
  22. 22. • Static port classification is no longer SaaS Collaboration Information enough • More and more apps are opaque • Increasing use of encryption and obfuscation • Application consists of multiple FTP IM SOAP RPC Video sessions (video, voice, data) • What if user experience is not meeting business needs? HTTP is the new TCP © 2012 Cisco and/or its affiliates. All rights reserved. 31
  23. 23. Add Cisco AVC Storage Public Cloud Users/ Machines Private Cloud Proliferation of Devices VDI | IaaS Database Branch 60% of IT Professionals Cite Performance as Key Challenge for Cloud HQ/DC No Probes Cisco AVC Rich data collection using NetFlow v9/IPFIX No additional hardware (and included in AX license) Easy to integrate into many reporting tools Smarter Capacity Planning Better use of costly bandwidth Per-branch and per-application level reporting Business Aligned Policy Enforcement No need for complex IP and port ACLs See inside HTTP flows to identify specific Cloud applications
  24. 24. Track and Report Application Flows and Performance NetFlow v9 Export / IPFIX Export Exporting Provisioning Collecti ng Collecti ng Collecti ng NetFlow/IPFIX Records (Same provisioning, same format) • Traffic statistics records • Application Response Time records • Media monitoring records (Application, Jitter, Loss, etc) Partner Tools Ecosystem InfoVista Plixer ActionPacked CompuWare CA Technologies Living Objects Glue AVC CSR Enterprise Edge AVC AVC WAN NetFlow v9 AVC Branch HQ/Data Center © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
  25. 25. Speed and Bandwidth Benefits on top of the IWAN CSR WAN Users/ Machines Private Cloud vWAAS AppNav-XE Controller WAAS Express Accelerate Any TCP Connection Branch Faster Applications, More Users, Less Bandwidth 90% HD Video optimization and better user experience Twice as many Citrix users over same WAN, 70% faster Toyota: ROI in less than one year, 65% BW cost savings Easy to Deploy Works with existing branch routers (and existing AX license) Scalable AppNav Controller and WAVE pool is scalable Native HA capability WAVE
  26. 26. Problem • Application latency • WAN bandwidth inefficiencies Solution • Reduce load Bandwidth (Mbps) – Data redundancy elimination (DRE), compression, and TCP optimization Latency (Seconds) 4 160 Reduction in bandwidth • Application optimization 3 120 2 – Fewer protocol messages and 80 1 40 metadata caching Reduction in latency Application bandwidth natively Application bandwidth with Cisco® WAAS Application latency natively Application latency with Cisco WAAS 0 0 Application Bandwidth © 2012 Cisco and/or its affiliates. All rights reserved. Application Latency 35
  27. 27. Secure Connectivity
  28. 28. MPLS (IP-VPN) Branch Direct Internet Access Internet • Leverage Local Internet path for Public Cloud and Internet access • Improve application performance (right flows to right places) © 2013 Cisco and/or its affiliates. All rights reserved. Private Cloud Virtual Private Cloud Public Cloud Cisco Confidential 37
  29. 29. IWAN IPsec VPN for Private Cloud Traffic WAN1 (IP-VPN) Branch IOS Firewall to protect Internet Edge WAN2 (Internet) Private Cloud Secure Public Cloud & Internet Access ISR CWS Connector to CWS Firewall towers CWS Web Filtering, Access Policy, © 2012 Cisco and/or its affiliates. All rights reserved. Public Cloud Internet 40
  30. 30. Why Cisco IWAN? © 2012 Cisco and/or its affiliates. All rights reserved. 44
  31. 31. Internet as WAN with High Reliability WAN (IP-VPN) SLAs for Business Critical Applications Branch Internet Centralized Security Policy for Internet Access Dramatically Lower WAN Costs without Compromise © 2013 Cisco and/or its affiliates. All rights reserved. Private Cloud Virtual Private Cloud Public Cloud Cisco Confidential 45
  32. 32. IWAN Capabilities Embedded in the Router One Network UNIFIED SERVICES Visibility L4-L7 Application Control Services ASR1000-AX Optimization Simplify Application Delivery Transport Independent L2-L3 Secure Transport Routing ISR-AX Cisco AX Routers 3900 | 2900 | 1900 | 800 | 4451 | ASR1002-X

×