BRKAPP-2017

39
© 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr 1 © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public BRKAPP-2017 14328_04_2008_c2 2 Optimizing Application Delivery BRKAPP-2017

description

as

Transcript of BRKAPP-2017

Page 1: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

1

© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAPP-201714328_04_2008_c2 2

Optimizing Application Delivery

BRKAPP-2017

Page 2: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

2

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3BRKAPP-201714328_04_2008_c2

WAN AccelerationData redundancy eliminationWindow scalingLZ compressionAdaptive congestion avoidance

Application AccelerationLatency mitigationApplication data cacheMeta data cacheLocal services

Application OptimizationDelta encodingFlashForward optimizationApplication securityServer offload

Application NetworkingMessage transformationProtocol transformationMessage-based securityApplication visibility

Application ScalabilityServer load-balancingSite selectionSSL termination and offloadVideo delivery

Network ClassificationQuality of serviceNetwork-based app recognitionQueuing, policing, shapingVisibility, monitoring, control

Cisco Application Delivery Networks

WAN

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4BRKAPP-201714328_04_2008_c2

Other Cisco Live Breakout Sessions that You May Want to Attend

BRKAPP-2014 Deploying AXG

BRKAPP-2013 Best Practices for Application Optimization illustrated with SAP, Seibel and Exchange

BRKAPP-2011 Scaling Applications in a Clustered Environment

BRKAPP-2010 How to build and deploy a scalable video communication solution for your organization

BRKAPP-1009 Introduction to Web Application Security

BRKAPP-1008 What can Cisco IOS do for my application?

BRKAPP-3006 Troubleshooting WAASBRKAPP-2005 Deploying WAAS

BRKAPP-2018 Optimizing Oracle Deployments in Distributed Data Centers

BRKAPP-2017 Optimizing Application DeliveryBRKAPP-1016 Running Applications on the Branch Router

BRKAPP-1015 Web 2.0, AJAX, XML, Web Services for Network Engineers

BRKAPP-1004 Introduction WAAS

BRKAPP-3003 Troubleshooting ACEBRKAPP-2002 Server Load Balancing Design

ApplicationsISRGSS WAAS ACE AXGACNS

Relevancy

Page 3: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

3

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5BRKAPP-201714328_04_2008_c2

Agenda

Why Optimize?

Enterprise Framework for WAN/Application Optimization

Technologies That Will Be Discussed

Deployment Scenario in Depth

Caveats

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6BRKAPP-201714328_04_2008_c2

Why Optimize?

Page 4: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

4

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7BRKAPP-201714328_04_2008_c2

WAN Characteristics

BandwidthBandwidth constraints keep applications from performing wellToo much data and too small of a pipe causes congestion, packet loss, and backpressure

Packet loss, congestion, and retransmissionPacket loss and congestion cause retransmission which hinders application performance and throughputCommonly caused by saturated device transmit queues in the network path

Packet LossCongestion

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8BRKAPP-201714328_04_2008_c2

Enterprise WAN/Application Optimization Framework

Page 5: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

5

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9BRKAPP-201714328_04_2008_c2

Net

wor

ked

Infr

astr

uctu

reLa

yer

App

licat

ions

Inte

ract

ive

Serv

ices

La

yer WAN/Application

Optimization Services

Secure and Highly Available Network Infrastructure

Enterprise WAN/Application Optimization Framework

TransactionalIP Communications Bulk File / Storage

Data Center

Branch Office

IP WAN/FR/MPLS

Internet

Polic

y C

onfig

urat

ion

& M

anag

emen

t

Optimization

Control

Monitoring

Classification

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10BRKAPP-201714328_04_2008_c2

WAN/Application Optimization Technologies

Page 6: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

6

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11BRKAPP-201714328_04_2008_c2

WAN/Application Optimization Technologies

Data Center

CampusSiSi SiSi

Branch

Branch

Internet

WAN

Branch

IP SLAsMeasurements

Deploy WAASFarm

Deploy WAAS

Deploy WAAS

NBAR Protocol Discoveryand NetFlow Monitoring

Deploy NetQoSMonitoring tools

IP SLAsMeasurements

Deploy ACE: SSL Offload and SLB

QoS

PfR and QoS

PfR and QoSDeploy WAAS

IOS FW

DMVPN

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12BRKAPP-201714328_04_2008_c2

Deployment

Page 7: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

7

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13BRKAPP-201714328_04_2008_c2

DeploymentStep 1—Visibility

Obtain visibility into applications running across the networkApplication discovery and reporting per location

Including encapsulated applications

Get visibility into end-to-end application performanceApplication bandwidth/throughput usage—per user, per site, per prefix

Application performance metrics—loss, RTT, one-way delay, jitter, latency, ART, MOS

Top talkers—applications, sessions, prefixes

TCP session stats—complete, open, expired

Historical and real-time

Network-wide congestion points

Application behavior analysis

Behavioral based application analysis

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14BRKAPP-201714328_04_2008_c2

Link Utilization

Voice

P2P

E-mailBackup,

etc.

Bulk

Streaming-Video

Mission-Critical

Routing

Interactive-Video

Call-SignalingNet Mgmt

Transactional

Real-Time ≤ 33%

Critical Data

Best Effort≥ 25%

Network Based Application Recognition (NBAR)

Protocol Discovery: discover what apps are running on your network and provide real-time statistics

Per-interface, per-protocol, bi-directional statistics

bit rate (bps); packet count; byte count

SNMP accessible for centralized monitoring

Supported by Partner products (Concord|CA, InfoVista, Micromuse|IBM) and MRTG

Stateful Application Intelligence

Page 8: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

8

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15BRKAPP-201714328_04_2008_c2

Application Discovery—NBAR

Configure NBAR on the LAN interface on the branch router

ip nbar protocol-discovery

Identify all applications (NBAR can detect more than 500 applications and protocols)Determine application specific SLAs

Real-Time Application Visibility

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16BRKAPP-201714328_04_2008_c2

Application Discovery—NBAR and NetQOS

NetQOS supports SNMP

Configure NetQOS to take in NBAR info

Map NetQOS to recognize applications

Page 9: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

9

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17BRKAPP-201714328_04_2008_c2

NetFlow

Characterize and analyze application traffic flow

Understand who is utilizing the network and top talkers

Diagnose slow network performance, bandwidth hogs and bandwidth utilization in real-time

Information for network capacity and traffic engineering

Used for anomaly detection, worm diagnosis, and DOS attacks

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18BRKAPP-201714328_04_2008_c2

Making Sense of Your Network Traffic

Page 10: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

10

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19BRKAPP-201714328_04_2008_c2

Configure NetFlow on LAN and WAN interfaces (ingress)ip flow ingress

Identify flows using “show ip cache flow” command.

Monitoring Application Performance Identifying Flows—NetFlow

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20BRKAPP-201714328_04_2008_c2

Monitoring Application PerformanceIdentifying Flows—NetFlow and NetQOS

Configure NetFlow to export statistics to NetQOS

ip flow-export source FastEthernet3/1.3051

ip flow-export version 5

ip flow-export destination 52.1.1.22 9995

Use NetQOS reports to identify top protocols and network-wise traffic

Page 11: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

11

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21BRKAPP-201714328_04_2008_c2

IP SLA—Response Time Measurement

Active AgentSampling method

Synthetic/active

Collection methodEmbedded agents as supposedto external probes

Perspective of measurementNetwork perspective

Scope of measurementEnd-to-end/path

Network Perspective

User Perspective

Source Responder

Network

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22BRKAPP-201714328_04_2008_c2

Monitoring Application PerformanceIP SLA and NetQOS

Configure IP SLAs manually or with NetQOS for the flows identified

Use NetQOS to track these SLAs

Page 12: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

12

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23BRKAPP-201714328_04_2008_c2

Remote Office

WAN Access Links Are Biggest End-to-End Bottleneck!

Telecommuter

Headquarters

Bottlenecks!MCBR

BRBR

MC/BR

MC/BRSP A SP B SP C

SP D SP E

By Default BGP Chooses Best Path Based on Fewest As-

Path Hops!

Performance Routing Overview

PFR Components

BR—Border Router

MC—Master Controller (decision maker)

What Is PFR?Routing Based on Performance

Optimize by: Reachability, Delay, Loss, Jitter*,

MOS*, Throughput, Load and/or $Cost

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24BRKAPP-201714328_04_2008_c2

Multi-Path Baselining—PfR

The router is configured with PfR in monitoring mode to learn jitter, delay, mos etc for automating multi-path baselining

Helps develop appropriate PfR policies for path optimization

Page 13: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

13

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25BRKAPP-201714328_04_2008_c2

Multi-Path Baselining—PfR

PfR can learn and track prefixes and associated delay, jitter etc.

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26BRKAPP-201714328_04_2008_c2

Establishing Application Performance Baselines—NetQOS

Various NetQOS reports can be used to establish application performance baselines

Drill down reports provide greater granularity

Page 14: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

14

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27BRKAPP-201714328_04_2008_c2

Identify What Can Be Optimized and Where

Top traffic in New York is voice and low latency queues with higher bandwidth for voice traffic might provide optimum delay, jitter and performance

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28BRKAPP-201714328_04_2008_c2

Deployment Step 2—Visibility and Control

Assumes visibility tools are already deployed and all applications have been recognized and appropriate priorities mappedProvide application-level SLAs for prioritized traffic flows

Apply application based QoS within the network—shaping, queuing, markingAbility to apply per branch and per application QoS policies

If application SLA are not met based on monitored performance, behavioral based anomaly following actions should be taken:

For local congestion, the local hierarchical QoS policies will be in playIf above don’t suffice then have ability to change application class of service per policy

Local and remoteIf alternate path exist which meets SLA, reroute traffic per policy

Local and remote congestionOnce SLAs are met on the congested path revert back to defaultsIf traffic is anomalous drop the traffic or redirect for forensic analysis

Page 15: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

15

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29BRKAPP-201714328_04_2008_c2

QoS Deployment for Converged NetworksGoal: To Deploy Consistent, End-to-End QoSfor Voice, Video, and Data

• Layer 3 Policing• Egress Scheduling

(multiple queues with WRR)

• Priority Queuing for Voice over IP (VoIP)

• Buffer Management

Distribution Layer• Classification and Trust

Boundary• Marking / Remarking• Egress Queue Scheduling• Buffer Management

Access Layer WAN

• Intelligent Classification • Bandwidth Provisioning• Admission Control• Shaping• Link Fragmentation and

Interleaving• Header Compression

WAN

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30BRKAPP-201714328_04_2008_c2

NBAR Application Discovery and QOS Marking

Configure NBAR classification policies on the LAN interface to recognize different application traffic

match protocol HTTP url *cisco*

match protocol sipmatch protocol rtcp

Configure QOS policies to mark those traffic with appropriate DSCP/TOS markings

match all class HTTP

Set precedence 3 match all class rtcp

Set precedence 6match all class sip

Set precedence 7

Page 16: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

16

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31BRKAPP-201714328_04_2008_c2

NBAR Application Discovery and QOS Marking Show Command Outputs

MQC markings before TCP optimization help in applying appropriate application specific QOS policies on the exit after optimization

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32BRKAPP-201714328_04_2008_c2

Control Policies with QOS

Configure appropriate congestion management QOS policies on the WAN interfaces for both optimized and unoptimized traffic

match ip precedence 5

set bandwidth 20

match ip precedence 3

Set bandwidth 30

Ensure real time traffic like voice are prioritized with appropriate low latency queues

If using a DMVPN tunnel for security, configure appropriate policy and apply the policy map to the physical interface mapped to the tunnel

Page 17: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

17

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33BRKAPP-201714328_04_2008_c2

Control Policies with QOSShow Commands

Verify that the QOS policies are adhered to with appropriate show commands

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34BRKAPP-201714328_04_2008_c2

Path Optimization—PfR

Configure PfR to monitor and route traffic based on appropriate application specific policies

Configure the branch router to be both PfRmaster and border router

Tag the appropriate internal(ingress) and external(exit) interfaces

Define appropriate policy to enable PfR load balance traffic across both the WAN exits

Page 18: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

18

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35BRKAPP-201714328_04_2008_c2

PfR Path Optimization—Load Balancing

Effective bandwidth utilization using both the links

Distinctive treatment for different kids of traffic

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36BRKAPP-201714328_04_2008_c2

PfR Path Optimization—Congestion

Passive or active monitoring of network parameters like delay, jitter, etc.

Fast switch over to alternate path in case of failure

Page 19: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

19

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37BRKAPP-201714328_04_2008_c2

PfR Path Optimization—Congestion Show Command

PfR continuously monitors and verifies that the network parameters are within the defined policy for path optimization

During congestion the delay increases in that path

PfR compares this delay with that of the alternate path and switches path

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38BRKAPP-201714328_04_2008_c2

PfR Path Optimization—Path Failure

Passive or active monitoring of path reachability

Fast switch over to alternate path in case of failure

Page 20: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

20

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39BRKAPP-201714328_04_2008_c2

PfR Path Optimization—Path FailureDebug Command

As soon as PfR detects reachability has gone down it switches to alternate path

Alternate path held in “HOLDDOWN” state for a period of time (configurable) to prevent flapping

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40BRKAPP-201714328_04_2008_c2

Deployment: Step 3—Visibility, Control and Optimization

Assumes visibility and control service already running or is part of this serviceProvide application optimization

TCP accelerationDate CompressionApplication acceleration and caching

DC to DC Active Application Load Distribution

Should support both native and hardware acceleration optimizationAbility for the monitoring tool to extract and present pre/post optimization data—compressions stats, ART, latency, etc.

Per user, per application, per siteShould be consistent across all implementations (native or Hw)—NBI and Instrumentation

Should be transparent to other services (interop and co-exist) already deployed

Page 21: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

21

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41BRKAPP-201714328_04_2008_c2

WAN

TCP Performance Improvement

Transport flow optimization overcomes TCP and WAN bottlenecksShields nodes connections from WAN conditions

Clients experience fast acknowledgementMinimize perceived packet lossEliminate need to use inefficient congestion handling

LAN TCPBehavior

LAN TCPBehavior

Window ScalingLarge Initial Windows

Congestion MgmtImproved Retransmit

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42BRKAPP-201714328_04_2008_c2

Data CompressionReduce overall WAN consumption based on redundancy

Maintain active database of previously sent and received trafficSend database index on behalf of traffic that has been seen beforeRealize 5x–50x compression, minimize WAN bandwidth consumption

Compress all outbound traffic with LZ compressionAdditional 2x compression beyond data suppressionVery good compression for non-redundant data

Label Data

L1

L2

ABCDEFGHIJKL

QRSTUVWXYZ

ABCDEFGHIJKLMNOPQRSTUVWXYZ

ABCDEFGHIJKLMNOPQRSTUVWXYZL1+”MNOP”+L2

DRE CACHE DRE CACHE

IPNetwork

Page 22: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

22

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43BRKAPP-201714328_04_2008_c2

TCP Optimization with Web Cache Communication Protocol (WCCP)

Configure WCCP interception on LAN and WAN interfaces

ip wccp 61 redirect in (LAN)ip wccp 62 redirect in (WAN)

Configure appropriate optimization policies on the WideArea Application Engine (WAE) for different kinds of traffic

TCP flowData Redundancy Elimination (DRE)LZFull

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44BRKAPP-201714328_04_2008_c2

TCP Optimization with WCCPShow Commands

“show ip wccp” command on routers

No of packets redirected by WCCP

No of bypassed packets returned by

WAE

Page 23: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

23

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45BRKAPP-201714328_04_2008_c2

TCP Optimization Show Commands

“show tfo connection summary” on WAEs

Full optimization

Only TCP Flow optimization

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46BRKAPP-201714328_04_2008_c2

TCP Optimization NetQOS

“NetQOS trend charts can be used to track optimization efficiency by tracking throughput

Page 24: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

24

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47BRKAPP-201714328_04_2008_c2

ACE Optimization at Data Center

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48BRKAPP-201714328_04_2008_c2

Server Load Balancing (SLB) andSecure Socket Layer (SSL) Offload with ACE

Load Balancing Algorithms (Round Robin, Least Connections, Hash)Stickiness (session persistence mechanisms—Source IP/Source Subnet Sticky, Cookie sticky, HTTP Redirection sticky, SSL sticky)Health Monitoring (Return code checking, TcL scripts) Redundancy (stateful versus stateless redundancy, session and sticky state replication)Offload of CPU-intensive SSL processing Servers resources are dedicated to serving requests and running applications, rather than encrypting dataAllows packet inspection and advanced content switching (cookie sticky) of SSL traffic

Clients send traffic to a Virtual IP SLB makes a L7

decision on the traffic and sends the connection to the best serverfarm

SLB load balances to the selected SSL Module

SSL Module decrypts traffic & returns it to SLB

Clients send SSL traffic to a Virtual IP

Page 25: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

25

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49BRKAPP-201714328_04_2008_c2

SLB and SSL Offloading with ACE

Offload of CPU-intensive SSL processing

Servers resources are dedicated to serving requests and running applications, rather than encrypting data

Allows packet inspection and advanced content switching (cookie sticky) of SSL traffic

Application Control Engine

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50BRKAPP-201714328_04_2008_c2

WAN Optimization and Security

Page 26: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

26

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51BRKAPP-201714328_04_2008_c2

MPLS WAN Optimization

. L2 WAN is a typical hub and spoke network

Support CenterIndia

USHeadQuarters

ManufacturingChina

USCustomer

USAssembly WAN

USCallCenter

MPLS WAN

USCallCenter

ManufacturingEurope

. All spoke to spoke traffic go through the hub

. MPLS provides direct path between branches

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52BRKAPP-201714328_04_2008_c2

Group Encrypted Technology VPN—GET VPN

Support CenterIndia

ManufacturingChina

USCustomer

USAssembly WAN

USCallCenter

MPLS WAN

USCallCenter

ManufacturingEurope

. Get VPN - Scalable architecture for any-to-any connectivity and encryption

. IPSec tunnel mode security is a typical hub and spoke overlay network

. No overlays – native routing. Any-to-any instant connectivity.

USHeadQuarters

Page 27: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

27

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53BRKAPP-201714328_04_2008_c2

Dynamic Multipoint VPNs—DMVPN

Key Features:

Multipoint GRE (mGRE)

Dynamic IGP routing (EIGRP, OSPF, etc.)

NHRP

Good For:

Customers already using routing

IP only branch offices

IP multicast requirements—hub and spoke only

Customers with dynamic partial or full mesh requirements

DynamicRouting

Routing Control Plane

DPD DPDIPSec Control Plane

TunnelProtection

DynamicRouting

NHRPNHRP

TunnelProtection

GREControl Plane

MultipointGRE

MultipointGRE

IP WAN

DS3, OC3, OC12

Broadband

Hub Site 1

Hub Site 2 Primary DMVPN Tunnel

Branch OfficesBroadband, Frac-T1, T1

Home Offices

Secondary DMVPN Tunnel

DM

VPN

DM

VPN

Head-End Branches

Spoke-to-Spoke Tunnel

WAN RouterVPNHead-end

Branch Router

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54BRKAPP-201714328_04_2008_c2

Deployment Summary

Page 28: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

28

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55BRKAPP-201714328_04_2008_c2

Where to Apply WAN/Application Optimization Technologies

Data Center

CampusSiSi SiSi

Branch

Branch

Internet

WAN

Branch

IP SLAsMeasurements

PfR and QoS

Deploy WAASFarm

Deploy WAAS

QoS

NBAR Protocol DiscoveryAnd NetFlow Monitoring

Deploy WAAS

Deploy NetQoSMonitoring Tools

IP SLAsMeasurements

Deploy ACE: SSL Offload and SLB

NAM Trouble-shooting

PfR and QoSDeploy WAAS

IOS FW

DMVPN

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56BRKAPP-201714328_04_2008_c2

Quick Look—Before Optimization

At around 300 mseclatency, 10 users could sustain connection rate of around 20 connections per second

Page 29: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

29

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57BRKAPP-201714328_04_2008_c2

Quick Look—After Optimization

At around 130 mseclatency, 10 users could sustain a connection rate of around 110 connections per second

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58BRKAPP-201714328_04_2008_c2

Suggested Branch Deployment Designs

Page 30: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

30

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59BRKAPP-201714328_04_2008_c2

Branch Deployment Scenarios 1 and 2

Single Homed Small Branch Office Dual Homed Small Branch Office

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60BRKAPP-201714328_04_2008_c2

Branch Deployment Scenario 3

MC—PfR master controllerRecommended not to be placed in the forwarding path

GLBP—can provide load balancing

Dual homed Medium Branch Office

Page 31: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

31

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61BRKAPP-201714328_04_2008_c2

Deployment CaveatPfR: Lacks Support for Multipoint Interfaces

PfR supports only single next hop per interface

Will work with:PPP/HDLC/Frame Relay

GRE

DMVPN (point to point GRE)

Will not work with:VPLS

Common Ethernet VLAN

DMVPN (multipoint GRE)

Support will be available from IOS version 12.5(pi4)T expected in late 2008

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62BRKAPP-201714328_04_2008_c2

Deployment CaveatPfR Only Supports Static or BGP Routes

PfR currently supports route learning with only static or BGP routes for path control

Support for other routing protocols like EIGRP or OSPF does not exist

Workaround is to add summary static routes and use PfR for only route unreachability mitigation

Support for EIGRP will be available from IOS version 12.5(pi4)T in late 2008 or early 2009

Plans are there to add support for OSPF

Page 32: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

32

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63BRKAPP-201714328_04_2008_c2

Deployment CaveatWAE TCP Options and Firewalls

WAEs add TCP options (0x21) to the TCP header that help in WAE peer discovery and negotiations

Many firewalls do not understand these options and clear them

WAEs peer discovery and negotiation fails and hence no optimization can take place

Wokaround: configure firewalls to allow TCP options

Many Cisco firewalls like IOS Firewall, PIX and the Firewall Service Module (FWSM) can be configured to allow TCP options

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64BRKAPP-201714328_04_2008_c2

Deployment CaveatWAE Sequence Numbers and Firewalls

Introduction of WAEs causes three different TCP sessions to be established

WAEs jump sequence numbers on the optimized TCP session once TCP handshake is done

Many firewalls do not like this and will drop subsequent traffic

Workaround: sequence check can be disabled on the firewalls or traffic from WAEs can be tunneled, say, with GRE

Cisco software and firewall modules can be configured to support this behavior.

PIX 7.2(3)/FWSM v3.2.1

IOS Zone based FW 12.4(11)T2

Page 33: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

33

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65BRKAPP-201714328_04_2008_c2

Branch Deployment Scenario 4

MC—PfR master controllerRecommended not to be placed in the forwarding path

IPSec protection for traffic optional (GetVPN)

Dual homed Large Branch Office

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66BRKAPP-201714328_04_2008_c2

Suggested Data Center Deployment Designs

Page 34: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

34

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67BRKAPP-201714328_04_2008_c2

Core

Distribution

MAN

Data Center View—WAE at WAN-Edge

WAAS

WCCP redirects packet to WAAS

WAE device

Uncompressed / unoptimized Packets

pass thru Firewall to the Server Farm Load Balanced By ACE

DATA CENTER 2

DATA CENTER 1

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68BRKAPP-201714328_04_2008_c2

MAN

Secured WAN

Secured

WAN

Core

Distribution

Data Center View—ACE Load Balancing WAE

WAAS ACE redirects and Load Balances across the

WAAS Farm

DATA CENTER 2

Packets need to traverse Firewalls

so open appropriate ports

DATA CENTER 1

Uncompressed / unoptimizedpackets are

spanned to the NAM for

Monitoring

Page 35: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

35

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69BRKAPP-201714328_04_2008_c2

Deployment CaveatWCCP and DMVPN

DMVPN uses NHRP to create spoke-to-spoke shortcuts

When spoke to spoke traffic hits the DMVPN hub, a NHRP redirect gets generated

In a DMVPN environment, WCCP is redirected on the tunnel interfaces

WCCP breaks this NHRP redirect in both IP return and GRE return

Workaround: use ‘WCCP redirect out’ on client facing interface on HUB; will affect performance

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70BRKAPP-201714328_04_2008_c2

Deployment CaveatWCCP/WAEs Do Not Support VRFs

Current WCCP versions do not support VRF

Also WAEs do not support multi-tenant, or overlapping address ranges

VRF support is being planned

Page 36: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

36

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71BRKAPP-201714328_04_2008_c2

Q and A

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72BRKAPP-201714328_04_2008_c2

Recommended Reading

Continue your Cisco Live learning experience with further reading from Cisco Press

Check the Recommended Reading flyer for suggested books

Available Onsite at the Cisco Company Store

Page 37: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

37

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73BRKAPP-201714328_04_2008_c2

Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes. Winners announced daily.

Receive 20 Passport points for each session evaluation you complete.

Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.

Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008.

Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74BRKAPP-201714328_04_2008_c2

Page 38: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

38

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75BRKAPP-201714328_04_2008_c2

Backup Slides

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76BRKAPP-201714328_04_2008_c2

Enterprises Becoming Global

WAN

Support CenterIndia

USHeadQuarters

ManufacturingChina

ManufacturingEurope

. As enterprises evolve so do the applications

. As enterprises keep growing so do applications

USCustomer

USCallCenter

USAssembly

Page 39: BRKAPP-2017

© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr

39

© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77BRKAPP-201714328_04_2008_c2

Enterprises Becoming Global

WAN

Support CenterIndia

USHeadquarters

ManufacturingChina

ManufacturingEurope

. As enterprises and applications grow so do their need for bandwidth

. Murphy’s law

USCustomer

USCallCenter

USAssembly