Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Software-Defined WAN 101


Published on

GTRI and Cisco discuss how using the internet to run branch network traffic provides a better user experience and reduces costs. You’ll learn the basics of Software-Defined WAN (SD-WAN) and the benefits, including:
- Reduced costs
- Reliability and security
- Flexibility to choose service providers
- Optimized traffic flows

Presented by Mani Ganesan of Cisco and Michael Edwards of GTRI ( in a webinar on August 10, 2016. Webinar recording at

Published in: Technology
  • Get paid to send out tweets - $25 per hour 
    Are you sure you want to  Yes  No
    Your message goes here
  • Get paid to post comments on Facebook - $25 per hour ➤➤
    Are you sure you want to  Yes  No
    Your message goes here

Software-Defined WAN 101

  1. 1. WWW.GTRI.COM © 2016 Global Technology Resources, Inc. All rights reserved. Software Defined WAN 101 Mani Ganesan - Cisco Michael Edwards - GTRI
  2. 2. Agenda • What is SD-WAN ? • IWAN Architecture Overview • Transport Independence • Intelligent Path Control • Application Optimization • Secure Connectivity • Orchestration & Automation • Closing 2
  3. 3. Digital Innovation Overwhelming the Branch 3 BRANCH OS Updates HD Video Mobile Apps Online Training Social Media Guest Wi-Fi MORE USERS MORE APPS MORE THREATS 80% Of employee and customers are served in branch offices* 20-50% Increase in enterprise bandwidth per year through 2018** 30% Of advanced threats will target branch offices by 2016 (up from 5%) *** Omnichannel Apps SaaS Enterprise Apps Digital Displays * Tech Target, Branch Office Growth Demands New Devices., 2013 ** Gartner, Forecast Analysis: Worldwide Enterprise Network Services, Q2 2015 Update *** Gartner: “Bring Branch Office Network Security Up to the Enterprise Standard, Jeremy D’Hoinne, 26 April. 2013.
  5. 5. What If Your WAN Can… 5 Hours Minutes Pinpoint Application Issues Instantly Improve Your Application Performance 1x 2x -20x Increase WAN Utilization Deliver More Bandwidth for Lower Cost Backhaul Local & Cloud Consistent Security Policies Ensure Security Over Any Connection By Device System Simplify Operations Reduce Network Complexity
  6. 6. Internet as an Extension of Enterprise WAN 6 Commodity Transports Viable Now Dramatic Bandwidth, Price Performance Benefits Higher Network Availability Improved Internet Performance
  7. 7. ONUG - Software Defined-WAN Requirements Branch Private Cloud Virtual Private Cloud Public Cloud MPLS (IP-VPN) Internet CSR1000-AX 1) Physical or Virtual* devices 2) Zero Touch Deployment 7) L2/3 Interoperability 8) Management Dashboard 9) Open North-bound API 3) Dynamic Traffic Engineering 5) HA and Resilient WAN 6) App Visibility, Prioritization and Steering 4) Active-Active Architecture APIC Prime 10) FIPS 140-2 w/ Cert Management Optimized Secure Transport Direct Internet Access
  8. 8. WWW.GTRI.COM © 2016 Global Technology Resources, Inc. All rights reserved. SD-WAN and beyond with Cisco IWAN 8
  9. 9. SD-WAN and Beyond with Cisco Intelligent WAN ApplicationsUsers/Devices Private (MPLS) Public (Internet/4G LTE) Hybrid (MPLS, Internet) SMART • Intelligent Path Control • Application Optimization • Advanced Content Caching SECURE • Secure Direct Internet Access • Advanced Threat Defense • Robust Data Encryption SIMPLE • SD-WAN Policy Management • Deployment Automation • Open APIs Transport Independence Application Optimization Secure Connectivity Intelligent Path Control Technology Blocks
  10. 10. Intelligent WAN: Leveraging the Internet Secure WAN Transport and Cloud Access 10 Optimized Secure Transport Branch Direct Cloud Access Private Cloud Virtual Private Cloud Public Cloud 1. IWAN Secure transport for private and virtual private cloud access 2. Leverage local Internet path for public cloud and Internet access  Increase WAN transport capacity and app performance cost effectively!  Improve application performance (right flows to right places) MPLS (IP-VPN) Internet
  11. 11. Intelligent WAN (IWAN) Architecture Enterprise 11 MPLS Unified Branch 3G/4G-LTE Internet Private Cloud Virtual Private Cloud Public Cloud Application Optimization Enhanced Application Visibility and Performance Secure Connectivity Comprehensive Threat Defense Intelligent Path Control Application Aware Routing Transport Independence Simplified Hybrid WAN Management Automation
  12. 12. Cisco Intelligent WAN Enabling the Next-Generation Branch Mani Ganesan - Cisco
  13. 13. WWW.GTRI.COM © 2016 Global Technology Resources, Inc. All rights reserved. Transport-Independence Virtualizing the Enterprise WAN 1 3
  14. 14. Simplifies WAN Design Dynamic Full-Meshed Connectivity Proven Robust Security Flexible Secure IWAN Over Any Transport SecureFlexible • Easy multi-homing with several providers • Single routing control plane over the top of provider networks • Consistent design over all WAN transport types • Scalable Hub-n-spoke with dynamic full mesh topology • Industry Certified security compliance • Scalable high-performance cryptography in hardware ISR WAN Internet MPLS ASR 1000 ASR 1000 Transport-Independent Data CenterBranch 14
  15. 15. IWAN Transport Independence Consistent deployment models simplify operations Internet MPLS Branch DMVPN DMVPN IWAN HYBRID Data Center ISR ASR 1000 ASR 1000 ISP A SP B 4G/LTE Branch DMVPN IWAN HYBRID/LTE Data Center ISP C SP B ASR 1000 MPLS Branch MPLS DMVPN IWAN Dual MPLS Data Center ISR ASR 1000 ASR 1000 SP A SP B DMVPN MPLS DMVPN ISR ASR 1000 15
  16. 16. Intelligent Path Control Improving Application Delivery and WAN Efficiency 23
  17. 17. Getting the Most Out of Your WAN Investment Benefits of Intelligent Path Control Data Center Branch ASR 1000 ASR 1000 ISR MPLS Internet Enabling Hybrid WANs Efficient Distribution of Traffic Based Upon Load or Path Preference Application Best Path Based on Quality Protection From Carrier Black Holes and Brownouts Lower WAN Costs Full Utilization of WAN Bandwidth Improved Application Performance Higher Application Availability 24
  18. 18. Intelligent Path Control with PfR Voice and Video Use-Case Branch MPLS Internet Virtual Private Cloud Private Cloud • PfR monitors network performance and routes applications based on policy • PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth Other traffic is load balanced to maximize bandwidth Voice/Video will be rerouted if the current path degrades below policy thresholds Voice/Video take the best delay, jitter, and/or loss path 25
  19. 19. SP1 (MPLS) ISP (FTTH) • Protect voice and video quality Latency < 150 ms Jitter < 20 ms • Protect Email applications from WAN congestion Loss < 5% • Voice and video preferred path SP1 • Email preferred path ISP • Increase utilization by load sharing Multimedia and Critical Data Policy Business App Best-Effort Traffic High Delay Detected SP1 (MPLS) ISP (DSL) Voice and Video High Jitter Detected Email Best-Effort Traffic Protecting Critical Applications While Increasing Link Efficiency • Protect transactional business app from brownouts delay < 250ms • Preferred path SP1 (MPLS) • Increase WAN bandwidth efficiency by load-sharing traffic over all WAN paths, MPLS + Internet Business App and Load-Balancing Policy 27
  20. 20. Load Balancing Maximizing Link Utilization to Increase Available Bandwidth • Traffic distributed across all paths to efficiently use all WAN bandwidth • Load Balancing based upon link utilization levels • External links can have different bandwidth capacities MPLS = 1.5Mbps Internet = 15Mbps ISR WAN Internet MPLS ASR 1000 ASR 1000 Data Center 50% T1 = 750kbps 50% 15Mbps = 7.5Mbps 28
  21. 21. Application Optimization 32
  22. 22. Today’s Network is an IT Blind Spot • Static port classification is no longer enough • More and more apps are opaque • Increasing use of encryption and obfuscation • Application consists of multiple sessions (video, voice, data) • What if user experience is not meeting business needs? 33
  23. 23. Branch Private Cloud Make Your IWAN Application Aware Application Visibility and Control (AVC) DC/Headquarters Public Cloud Cisco AVC Application Performance Visibility • Application inspection with existing routers • Rich data collection using NetFlow v9/IPFIX • Easy to integrate into many reporting tools Smart Capacity Planning • Better use of costly bandwidth • Per-branch and per- application level reporting Business Objective Enforcement • Service Level monitoring per application • Better Analytics to adjust network policies to maintain compliance AVC AVC 34
  24. 24. What applications, how much bandwidth, flow direction? (NBAR2 and Flexible Netflow) Basic Monitoring Performance Collection & Exporting Integrated performance monitoring and advanced metrics for different type of applications and use cases HTTP HTTP Voice and Video Performance (Media Monitoring) Unified Monitoring 30% of traffic is voice and video Critical Applications Performance (Application Response Time) 40% of traffic is critical applications AVC 35
  25. 25. Private Cloud Add WAN Optimization with WAAS + Akamai Speed and Bandwidth Benefits on Top of the IWAN Branch DC/POP Application Optimization • Improved Application performance, delay mitigation, less bandwidth • Twice as many Citrix users over same WAN, 70% faster • Typical ROI in less than one year, 65% BW cost savings Content Caching & Prepositioning Simple and Scalable • Works with existing branch routers • Scale out optimizations resources with AppNav • Native HA resiliency vWAAS AppNav-XE Controller CSR WAVE, vWAAS WAN Improving Application Performance • Reduces WAN bandwidth usage, while accelerating applications • Intelligent caching of internal and Internet content • Prepositioning of data and rich media before it is needed 37
  26. 26. WAAS and Akamai Connect Synergy AKAMAI Connect Transparent Cache Dynamic URL Cache Akamai Connected Cache Content Pre-positioning CISCO WAAS LZ Compression TCP Optimization Data De-duplication Application Specific Acceleration 38
  27. 27. IWAN Secure Connectivity 45
  28. 28. Intelligent WAN: Secure Connectivity Securing the network and users Secure WAN Transport Branch MPLS (IP-VPN) Internet Secure Internet Access Private Cloud Virtual Private Cloud Public Cloud Two areas of concern 1. Protecting the network from outside threats with data privacy over provider networks 2. Protecting user access to Public Cloud and Internet services; malware, privacy, phishing,… 46
  29. 29. Securing the IWAN Transport IPSec VPN and Access Control • Step 1: Authenticate hardware and software Trust Anchor Module verification • Step 2: Secure Transport Proven IPsec VPN overlay Strong Cryptography: IKEv2 + AES-GCM 256 F-VRF to isolate provider networks • Step 3: Access Control IOS Zone-based Firewall or ACLs protection Role based access to router w/ logging Minimize exposure Provider assigned addressing to hide routers Don’t put tunnel addresses into DNS MPLS Internet Branch ASR 1000 ASR 1000 ISP A ISP C Data Center 47
  30. 30. * RFC 6379 Suite B ** Not supported on older RP1 based ASR 1000s Cisco Router Security Certifications FIPS Common Criteria NG Strong Crypto 140-2, Level 2 EAL4 AES-GCM-256* Cisco ISR 890 Series    Cisco ISR 1900 Series    Cisco ISR 2900 Series    Cisco ISR 3900 Series    Cisco ISR 4000 Series    Cisco ASR 1000 Series   ** 48
  31. 31. MPLS Internet Branch ASR 1000 ASR 1000 ISP A ISP C Data Center Add Network Integrated Threat Defense IOS Zone-Based Firewall • Control the Perimeter: • External and internal protection: internal network is no longer trusted • Protocol anomaly detection and stateful inspection • Communicate Securely: • Call flow awareness (SIP, SCCP, H323) • Prevent DoS attacks • Flexible: • Split Tunnel-Branch direct Internet access • Internal FW— addresses regulatory compliances • Integrated: • No need for additional devices, expenses and power • Works with other IWAN Services: CWS, WAAS, UCS -E,… • Manageable: • APIC-EM, Prime, CLI, SNMP, CCP, and CSM 51
  32. 32. Intelligent WAN—Direct Cloud Access Branch MPLS (IP-VPN) Internet Direct Internet Access Private Cloud Virtual Private Cloud Public Cloud • Leverage Local Internet path for Public Cloud and Internet access • Improve application performance (right flows to right places) Solutions On Premise – Zone Based Firewall Cloud Based – Cloud Web Security CWS ISR-AX ZBFW 55
  33. 33. Secure Internet Access with Cisco Cloud Web Security (CWS) with ISR-4000 and ISR-G2 Series Routers Secure Public Cloud and Internet Access ISR Connector to CWS Firewall towers Web Filtering, Access Policy, Malware Detect WAN1 (IP-VPN) CWS Private Cloud Public Cloud Branch WAN2 (Internet) IWAN IPsec VPN for Private Cloud TrafficIOS Firewall to protect Internet Edge Internet 60
  34. 34. Orchestration and Automation 61
  35. 35. Network-Wide Abstractions Simplify the Network Applications SecurityOrchestration Automation Collaboration SOUTHBOUND ABSTRACTION LAYER REST API CATALYST® CISCO NEXUS® ASRISR WIRELESSASA OTHER SDN Ideal: Controller as the Application Platform The SDN Ideal: Controller as the Application Platform Virtualization 64
  36. 36. IWAN SD-WAN Automation with APIC-EM `  Cisco® APIC-EM centralized policy expression and distribution  Distributed policy enforcement  Automated application and topology discovery  Application and network performance monitoring  Adaptive path selection and QoS to sustain policy  Performance analytics collected network-wide and reported centrally MC Branch MC Large Site MC Campus Data Center or POP 4G LTE Internet Data Center or POP #2...n MPLS (IP-VPN) IWAN Domain ControllerPolicy Rendering Policy Distribution and Domain Control Distributed Policy Enforcement IWAN APP Policy Expression 66
  37. 37. Cisco IWAN Management Portfolio Covering a broad range of requirements and preferences • Customer wants advanced provisioning, life cycle management, and customized policies • System-wide network consistency assurance • Lean IT OR IT Network team Cisco Prime Infrastructure • Customer needs customizable IWAN with end-to-end monitoring • One Assurance across Cisco portfolio from Branch to Datacenter • IT Network team Enterprise Network Mgmt and Monitoring Ecosystem Partners IWAN App • Customer wants considerable automation and operational simplicity • Requirements consistent with prescriptive IWAN Validated Design • Lean IT organization Prescriptive Policy Automation • Customer looking for advanced monitoring and visualization • QoS/ PfR/ AVC configuration, Real-time analytics and network troubleshooting • IT Network team Application Aware Performance Mgmt Advanced Orchestration 67
  38. 38. IWAN App Demo 68
  39. 39. GTRI SDN Solutions • GTRI’s Virtualization and Advanced Networking Professional Services (PS) practice has expertise with SDN vendor solutions. • GTRI has top-tier partner status with the most relevant long-term vendors in the IT virtualization market. • GTRI offers an SDN readiness assessment service to assess your infrastructure, your applications, and the benefits to your business gained from using SDN. • GTRI has a SDN test bed where we can learn and teach SDN solutions and help validate solutions prior to deployment. • GTRI is performing SDN deployments and we will freely share the latest vendor and industry information with you. © 2016 Global Technology Resources, Inc. All Rights Reserved. 85
  40. 40. FREE SDN Technology Review • We are offering a FREE 3-hour (~1/2 day) SDN technology review for your company • Bring your networking, security, DevOps, and other technology teams together • Review SDN capabilities within your existing networked systems • Discuss SDN architecture and design options • Review network automation and network programmability potential • Engage in conversation on securely deploying IPv6 and using SDN for security
  41. 41. WWW.GTRI.COM © 2016 Global Technology Resources, Inc. All rights reserved. Q&A Thank you for attending! | 877.603.1984 | @gtri_global