Cisco Customer Education - Cisco · PDF fileCisco Confidential 21 Enable Advanced Threat...

Cisco Confidential 1© 2013-2014 C isco and/or its affiliates . All rights reserved.

Cisco Customer EducationBack To the Future with Cisco Routing and intelligent WAN

Brian J. AveryTerritory Business Manager – Cisco Systems

This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:

https://acecloud.webex.com/acecloud/lsr.php?RCID=3cab00e76f9244188fc221865e608198

Thanks for your interest and participation!

https://acecloud.webex.com/acecloud/lsr.php?RCID=3cab00e76f9244188fc221865e608198


Cisco Customer EducationBack To the Future with Cisco Routing and intelligent WAN

Brian J. AveryTerritory Business Manager – Cisco Systems

Connect using the audio conference box or you can call into the meeting:

1. Toll-Free: (866) 432-9903

2. Enter Meeting ID: 208 110 187

3. Press “1” to join the conference.

Today’s Agenda

► Welcome from Cisco!

► Back to the Future with Cisco Routing

► Conclusion

► Cisco Routing History Lesson

► Cisco Intelligent WAN

Priors:Cisco Sales and Channels (11 yrs)President and CEO (6 yrs) - Cisco Premier Partner Director of Sales (2 yrs) - Cisco Silver PartnerFinancial Analyst (7 yrs) - Sprint Corporation

About Your HostBrian AveryTerritory Business ManagerCisco Systems, Inc.

[email protected]


Who Is Cisco?


C omputer scientis ts , Len B osack and S andy Lerner found C isco S ystems

B osack and Lerner run network cables between two different buildings on the S tanford Univers ity campus

A technology has to be invented to deal with disparate local area protocols ; the multi-protocol router is born

1984


WellF leet

S ynOptics

3C om

AC C

DE C

P roteon

IB M

B ay Networks

Newbridge

C abletron

As cend

F ore

Xylan

3C omNortel

E ricsson

Alcatel

J uniperLucent

S iemens

NE C

F oundry

R edback

R ivers tone

E xtreme Aris ta

HP

Avaya

J uniper

Huawei

Aruba

B rocade

C heckpoint

F ortinet

S horeT el

P olycom

Micros oft

F 5

R iverbed

Dell

Internet of E verything

1990 –1995 1996 – 2000 2001 – 2007 2008 – T oday

T he Landscape is C onstantly

C hanging

Leading for Nearly 30 Years

2016


Who Is Cisco?

Chuck Robbins,CEO, Cisco

• Dow Jones Industrial AverageFortune 100 Company (AAPL, CSCO, INTC, MSFT)

• $117B Market Capitalization

• $49.6B in Revenue

• $10B in Annual Net Profits

• $34B More Cash than Debt

• $6.3B in Research and Development

http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics

http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics

No. 1Voice

41%

No. 1TelePresence

50%

No. 1Web

Conferencing43%

No. 1Wireless LAN

50%

No. 2x86 Blade Servers

29%

No. 1RoutingEdge/Core/

Access

47%

No. 1Security

31%

No. 1SwitchingModular/Fixed

65%

No. 1Storage Area

Networks47%

Market Leadership Matters

Cisco ISR 4000 FamilyPowering the Cisco Intelligent WAN

Cisco Confidential 10© 2013-2014 Cisco and/or its affiliates. All rights reserved.

And the Pace of Change Is AcceleratingInternet of Everything (IoE)

“At current churn rate, 75% of the S&P 500 will be replaced by 2027”-- Richard Foster, Sarah Kaplan, authors of Creative Destruction

IoE has the potential to grow global corporate profits by an estimated 21%

There will be approximately 50 billion objects connected to the Internet

Globally, M2M IP traffic will grow 20-fold

Two-thirds of the world’s mobile data traffic will be video

The number of mobile-connected devices will exceed the number of people on earth

An estimated 77 billion apps will be downloaded

More data will be created than in the previous 5000 years combined

We have captured just 53% of the IoE’s value at stake, leaving $544 billion in unrealized value

2022

2020

2017

2015

2014

20132012

Mobility, cloud, video, and the IoT place significant pressure on the branch

A new branch architecture is required to keep pace with these new demands


Cisco Branch Router Evolution

ISR 4431 & 4300 familyMaking for a complete ISR 4000 familyISR 4451-X

First ISR based on IOS XE

ISR G2 family800, 1900, 2900 & 3900Taking the ISR concept to the next level

ISR G1 family1800, 2800, 3800The first architecture custom designed for integrated services

Cisco 2500Cisco’s first family of branch routers for 23 different deployments

Cisco 2600Superseded 2500. Considered one of Cisco's premier products.

2014

2013

2009

2004

1998

1993

Not shown here: 700, 1600, 1700, 4000/4500, 3600 & 3700 series routers


JUST A FRIENDLY REMINDER…

THIS IS HOW WE ARE SUPPOSED TO DRESS.


Disruptions Driving Innovation at the BranchCloud, Mobility, and Next-Generation Apps

Are you meeting your business and user expectations?

Application DeliveryPublic, private, hybrid clouds are redefining the data center

Application Consumption Mobility is redefining network architecture

Next-Generation ApplicationsHD video, immersive web apps, and SaaS are consuming more bandwidth

Cisco Confidential 15C97-732524-00 © 2014 Cisco and/or its affiliates. All rights reserved.

Next-Gen Branch Needs

What’s Happening in Your World?

Mobility, Cloud,Data Center Virtualization

Greater network loads New traffic patterns New application types

Reduced cost Faster time to market Instant app experiences Robust security Fast innovation

80%of employees and

customers are served by branches. They need a

LAN-like experience

Pressure on the Branch


What’s Holding You Back?

Likely, some or all of the following:

An inflexible branch network

An overabundance of manual tasks

A complex collection of hardware

Slow application performance

Budget and resource limitations

Security risks


What If You Could…

Run your branch at the speed your business demands?

Accelerate Time to Market

Streamline Operations

Enhance User Experiences

Increase IT’s Strategic Role

Quickly open new offices Roll out apps faster

Run your branch from one device

Automate manual tasks

Prioritize traffic by apps and users

Reduce downtime

Enhance customer experience Increase employee productivity


Introducing the Cisco ISR 4000 FamilyEnabling Branch Services for the 21st Century Network

Delivering the Ultimate Application Experience Over Any Connection

4-10 times faster, at the same price Deterministic performance with

services Pay as you grow Virtualized network function

Revolutionary Architecture Service Innovation Cisco® Application Centric Infrastructure (ACI) for the WAN

Native Layer 2 – 7 services Converged network, compute,

storage Simple, scalable WAN path control Best-of-breed security:

Sourcefire® IDS

Automation, orchestration,

User/app-based policy

Changes without disruption


Built on an Award-Winning, Converged InfrastructureArchitecture Advantage

Up to 2 Gigabits of performance

Cisco® Application Centric Infrastructure

Virtualized network services

Pay-as-you-grow flexibility

Lowest TCO


World’s Broadest Service Offerings in One BoxSimplified Services Integration

The Ultimate Converged Branch – No More Appliances

Native, Full Featured Security, AVC, WAN Opt, UC

Ease of Service Deployment – No Truck Rolls

Network, Computeand Storage

WAN opt Compute Storage UC Path Control App Visibility Security


Enable Advanced Threat Protection Across BranchesSecurity Services

Up to 1.3 Gbpsencryption

Advanced encryption (Suite B)

Integrated crypto without additional hardware

Single source for policy rules

Context-aware

80% reduction in rules and policy

Real-time web filtering

Threat analytics for full continuum -before, during, and after an attack

Industry-leading network intrusion detection

IDS integrated on Cisco UCS® E-Series

DMVPN GET VPN Flex VPN

Zone-Based Firewall

Sourcefire®

IDS

CWS TrustSec®VPN

High-Performance VPN

Consistent Policy EnforcementCloud Web SecurityAdvanced Threat

Defense


Simpler for IT

Voice and Video Services

Cisco® Unified Border Element

TDM Gateway BRI

Modules FXO, FXS,

and E/M Modules

RSVP Agent / CAC

TCL

TDM Gateway T1 / E1

Modules

CMESRST

DSP Media Services Conferencing Transcoding

MGCP

Higher multiservice performance

Dual processors separate

signaling from media

Faster upgrades and easier maintenance; DSPs built into UC cards

No chassis-level downtime during DSP adds


Server Blades with StorageServer Blades with Storage

Server Virtualization at the BranchConverged Branch Infrastructure with UCS E-Series Server Modules

UCS-E140S• Intel E3 4 Core

Processor• 8-16GB x RAM, 2

TB UCS-E160D• Intel E5 6 Core Processor• 8-48 GB RAM, 200GB - 3 TB

Mobility

Unified Communications

Routing

WAN Optimization

Security

Technology Consolidation for Branch Services

Feature Richness

Scal

abilit

y

UCS-E180D• Intel E5 8 Core Processor• 8-48 GB RAM, 200 GB - 3 TB

NEW


Service Virtualization for Networking

Service Containers• Dedicated virtualized compute

resources• Easily repurpose resources• Industry Standards Hypervisor

Benefits• Better Performing Network Services• Ease of Deployment with Zero

Footprint, No Truck Roll• Greater Security via Fault Isolation• High Reliability based on Industry

Stands Hypervisor Technology• Flexibility to Upgrade Network Services

Independent of Router IOS

VM 1 VM 2 VM 3WAAS Energywise Future App


IWAN SYSTEM RELEASE 2.0

INTELLIGENT WAN APP WITH APIC-EM

Simplified Management and Validated DesignsIntroducing IWAN App, Prime 2.2 and IWAN System Release 2.0

System for Change• Simple workflow templates • Automated provisioning• Business policy driven deployment

Network Deployment Automation (Day 0/1)

Faster Time to MarketFree IT Time for Strategic Projects

End-to-End Validated Design• Secure WAN Virtualization• Intelligent Path Control• Application Performance Acceleration

Prescriptive Design BlueprintLower Operational CostsAccelerated Deployments

PRIME INFRASTRUCTURE 2.2

System of Record• Historical reporting, Capacity Trending• Troubleshooting workflows• IWAN Workflows and Topology

Visualization

Ease of Monitoring (Day 2)Faster Mean Time To Repair

Simplify IT Operations

Cisco Intelligent WANRight Size Your Network Without Compromise

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

Why Move to Internet as WAN Transport?

Low-Cost Alternative

of Organizations Are Planning to Transition to

Internet Connections1Internet Transit Pricing based on surveys and informal data collection primarily from Internet Operations Forums—‘street pricing’ estimates

2Packet delivery based on 15 years of ping data from PingER for WORLD (global server sample) from EDU.STANFORD.SLAC in California

Source: William Norton (DrPeering.net); Stanford ping end-to-end reporting (PingER)

Internet Pricing vs. Reliability, 1998-2012


Getting the Most Out of Your WAN InvestmentBenefits of Intelligent Path Control

Data CenterBranch

ASR 1000

ASR 1000

WAAS PfR

AVC

ISR G2

WAN

Internet

EnablingInternet-Based WANs

Efficient Distribution of Traffic Based Upon Load, Circuit Cost, and Path Preference

Per Application Best Path Based on Delay, Loss, Jitter Measurements

Protection FromCarrier Black Holes

and Brownouts

Lower WAN Costs

Full Utilization of All WAN Bandwidth

Improved Application Performance

Lower WAN Costs


Cisco Intelligent WAN Solution Components

Secure, Reliable and High Performance Application Experience

Intelligent Path Control

Load BalancingPolicy-Based Path Selection

Network Availability

Secure Connectivity

Scalable, Strong EncryptionApp-Aware Threat Defense

Cloud Web Security

Application Optimization

Application VisibilityApp Acceleration

Intelligent Caching

TransportIndependent

Provider FlexibilityModular Design

Common Operational Model

ISR4000-AX

Cisco Confidential© 2010 Cisco and/or its affiliates. All rights reserved. 30

Transport-Independent DesignSimplifying Internet-Based WANs


Simplifies WAN Design Dynamic Full-Meshed Connectivity Proven Robust Security

Flexible Secure WAN Design Over Any TransportDynamic Multipoint VPN (DMVPN)

SecureFlexible

• Easy multi-homing over any carrier service offering

• Single routing control plane with minimal peering to the provider

• Consistent design over all transports

• Automatic site-to-site IPsec tunnels

• Zero-touch hub configuration for new spokes

• Certified crypto and firewall for compliance

• Scalable design with high-performance cryptography in hardware

ISR-G2

WAN

MPLS

InternetASR 1000

ASR 1000

Transport-Independent

Data CenterBranch


IWAN Transport Independent Designwith Dynamic Multipoint VPN (DMVPN)

• Proven IPsec VPN technology• Widely deployed, large scale• Standards based IPsec and Routing• Advanced QOS: hierarchical, per tunnel and adaptive

• Flexible & Resilient• Over any transport: MPLS, Carrier Ethernet, Internet, 3G/4G,..• Scalable-Mesh or Hub & Spoke Topologies• Multiple encryption, key management, routing options• Multiple redundancy options: platform, hub, transports

• Secure• Industry Certified IPsec and Firewall• NG Strong Encryption: AES-GCN-256 (Suite B)• IKE Version 2• IEEE 802.1AR Secure unique device identifier

• Simplified IWAN Deployments• Prescriptive validated IWAN designs• Automated provisioning – Prime, APIC, Glueware

SECURE ON-DEMAND TUNNELS

Branch 2

Traditional Static TunnelsDMVPN On-Demand TunnelsStatic Known IP AddressesDynamic Unknown IP Addresses

ISR G2

Branch 1

Hub

IPsecVPN

Branch 3

ASR 1000

ISR G2ISR G2


Hybrid WAN DesignsTraditional and IWAN

Internet MPLS

Branch

DMVPN GETVPN

Internet MPLS

Branch

DMVPN DMVPN

Two IPsec TechnologiesGETVPN/MPLSDMVPN/Internet

Two WAN Routing DomainsMPLS: eBGP or StaticInternet: iBGP, EIGRP or OSPFRoute RedistributionRoute Filtering Loop Prevention

Active/Standby WAN PathsPrimary With Backup

One IPsec OverlayDMVPN

One WAN Routing DomainiBGP, EIGRP, or OSPF

Active/Active WAN Paths

ISR-G2

ASR 1000 ASR 1000

ISP A SP V

ISR-G2

ISP A SP V

ASR 1000 ASR 1000

TRADITIONAL HYBRID

Data Center

IWAN HYBRID

Data Center


Consistent deployment models simplify operations

Internet MPLS

Branch

DMVPN DMVPN

IWAN HYBRID

Data Center

ISR-G2

ASR 1000 ASR 1000

ISP A SP V

Internet Internet

Branch

DMVPN DMVPN

IWAN DUAL INTERNET

Data Center

ISR-G2

ISP ADSL

ISP CCable

ASR 1000 ASR 1000

MPLS

Branch

MPLS

DMVPN

IWAN Dual MPLS

Data Center

ISR-G2

ASR 1000 ASR 1000

ISP A SP V

DMVPN


Intelligent Path ControlImproving Application Delivery and WAN Efficiency


Getting the Most Out of Your WAN InvestmentBenefits of Intelligent Path Control

Data CenterBranch

ASR 1000

ASR 1000

WAAS PfR

AVC

ISR G2

WAN

Internet

EnablingInternet-Based WANs

Efficient Distribution of Traffic Based Upon Load, Circuit Cost, and Path Preference

Per Application Best Path Based on Delay, Loss, Jitter Measurements

Protection FromCarrier Black Holes

and Brownouts

Lower WAN Costs

Full Utilization of All WAN Bandwidth

Improved Application Performance

Lower WAN Costs


Intelligent Path Control with PfRVoice and Video Use-Case

Branch

MPLS

InternetVirtual Private

Cloud

Private Cloud

• PfR monitors network performance and routes applicationsbased on application performance policies

• PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth

Other traffic is load balanced to maximize bandwidth Voice/Video will be

rerouted if the current path degrades below policy thresholds

Voice/Video take the best delay, jitter, and/or loss path


What is Performance Routing (PfR)?Tooling for Intelligent Path Control

DSL Cable

BranchMC+BR

BR BR

Data Center

MC

“Performance Routing (PfR) provides additional intelligence to classic routing technologies to track the performance of, or verify the quality of, a path between two devices over a Wide Area Networking (WAN) infrastructure to determine the best egress or ingress path for application traffic....”

• Cisco IOS technology

• Two components: Master controller and border router


PfR Enhances Classical Routing

PATH CONTROL

METRICS

ADAPTIVE

• Topological state• Least cost path• Static user preference

• Path cost• Interface state

• Application-aware • Policy controlled• Measured performance

• Delay• Jitter• Bandwidth

Responds To:• Measured performance

changes (degradation)

Responds To: • Link and node state

changes (up/down)

+

Classical PfR


SP1 (MPLS) ISP (Internet)

• Protect voice and video quality

Latency < 150 ms; Jitter < 20 ms

• Protect VDI applications from brownouts

Loss < 5%

• Voice and video preferred path SP-A

• VDI preferred path SP-B• Increase utilization

by load sharing

Multimedia and Critical Data Policy

Business App

Hybrid IWAN

Best-Effort Traffic

7% Loss Detected

ISP-1 (Cable) ISP-2 (DSL)

Voice and Video

Dual Internet IWAN

High JitterDetected

VDI

Best-Effort Traffic

Protecting Critical Applications While Increasing Bandwidth Utilization

• Protect business cloud applications from brownouts

Loss < 5%• Preferred path for business

applications: SP1 (MPLS)

• Increase WAN bandwidth efficiency by load-sharing traffic over all WAN paths, MPLS + Internet

Business App and Load-Balancing Policy


Optimize Application Performance AVC NetFlow v9 & WAAS


• Static port classification is no longer enough

• More and more apps are opaque

• Increasing use of encryption and obfuscation

• Application consists of multiple sessions (video, voice, data)

• In many cases the user experience is not meeting business needs.

FTP IM

RPCSOAP Video

HTTP is the new TCP

InformationCollaboration SaaS


Make your IWAN Application AwareAdd Cisco Application Visibility and Control (AVC)

Branch

Proliferationof Devices

Users/Machines

PrivateCloud

DC/Headquarters

PublicCloud

60% of IT Professionals Cite Cloud Performance as Key Challenge

No Probes

Rich data collection –Flexible NetFlow

No additional hardware, AX license

Many reporting tool options

Smart CapacityPlanning

Per-application per-site level reporting

Better information improves planning accuracy

Business Aligned Privacy Enforcement

Intuitive application policies

Identify specific products and applications within http traffic

Cisco AVC


What applications, how much bandwidth, flow direction?(NBAR2 and Flexible Netflow) Basic Monitoring

Performance Collection & Exporting

Integrated performance monitoring and advanced metrics for different type of applications and use cases

HTTP HTTP

Voice and Video Performance(Media Monitoring)

Advanced Monitoring

30% of traffic is voice and video

Critical Applications Performance(Application Response Time)

40% of traffic is critical applications


Branch Internet Access


The Branch Conundrum

Time to Rethink your Branch-WAN Strategy

User SufferingBudgetBandwidth Demands


Today’s Backhaul Approach is ExpensiveInefficient Traffic Management over a Premium Connection

WAN/MPLS

BEFOREInternet

Data CentersBranch

Backhaul Challenge:Growing WAN traffic from cloud services and internet connectivity


The Upgrade that Pays for ItselfOptimize Your WAN Investment with IWAN

WAN/MPLS

AFTERInternet

Direct Internet Access (DIA) from B ranch; Lower latency, lower cost

Data CentersBranch

Internet V P N Used to C onnect B ranch to HQ

DIA Benefit:Efficient access to SaaSand offload guest traffic


Quick Payoff for Infrastructure InvestmentCan Shift Funds from Connectivity to Enabling New Services

EXAMPLE:San Francisco MPLS VPN vs Dual Business Internet ($ per month)

Source: Telegeography MPLS VPN pricing for San Francisco as of March 2013; Comcast Web site; Verizon Web siteAssumes average Router upgrade is $3000; installation is $1000 and Support is $300CoS2 refers to VPN services providing real-time data and middle priority

$665 savings/month x 12 months x 100 sites

80

274

140

611

1.5 Mbps 10 Mbps

$220

MP LS VP N C oS 2 $885

Direct Internet Acces s C ombined

for E nt S LA-75%

$800K Annual S avings

186% R OI

P ayoff in 6 Months


What Can IWAN Enable?

High BW Apps

• Links overwhelmed

• Security and policy

• Backhaul to DC

• More BW for less

• Visibility and control

• Threat defense

• DIA: no backhaul

SaaS Roll-Out

Business Challenges

How IWAN Helps

Mobility/Guest

• App latency

• Backhaul to DC

• DIA: low latency

• Quick link turn-up

• Visibility and control

• Time-consuming and costly to add BW

• More BW for less

• Quick link turn-up

• DIA for right-traffic, right-link

OpEx Savings

• High recurring charges

• Inflexible SLAs

• Low-cost Internet links without compromise

• Provider flexibility for faster service rollout


Why Cisco IWAN

Integrated Platform

for IT Simplicity

Granular Control Everywhere

Proven Security at Scale

Unmatched Context-based

RoutingQuick ROI

Faster than Alternatives

Overlay Appliances

Up to 72% in Savings

The Alternative:

App Visibility & Control

IP Sec VPN

WAN Opt. Firewall

WAN Path SelectionRouter

• Any to Any Security

• Protect All Branch Resources

• Secure Direct Internet Access

• Network-Aware

• App-Aware

• Endpoint-Aware• Savings enables

Business Innovation

Many pay off in

6-12 months

• Branch IS R -AX

• DC AS R 1K -AX

• C loud C S R 1000V


Thank You and Next Steps

Brian [email protected]

Contact Your Cisco Partnerhttps://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

www.

Learn more about C isco intelligent WAN:www.cisco.com/go/iwan/

mailto:[email protected]

https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

http://www.cisco.com/go/iwan/


C C E sess ions are held weekly on a variety of topics

C C E sess ions can help you understand the capabilities and bus iness benefits of C isco technologies

Watch replays of past events and register for upcoming events !

Vis it http://cs .co/cisco101 for details

Join us again for a future Cisco Customer Education Event

http://cs.co/cisco101

Thank you.

Cisco Customer Education - Cisco · PDF fileCisco Confidential 21 Enable Advanced Threat...

Documents

Transcript of Cisco Customer Education - Cisco · PDF fileCisco Confidential 21 Enable Advanced Threat...