Cisco Intelligent WAN (IWAN) Right-size your Network without Compromise

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved.

Cisco Intelligent WAN (IWAN)Right-size your Network without Compromise

Michael Waas

Systems Engineer

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

The Branch is More Relevant Than Ever

Where You Engage Customers

Source of Business Intelligence

Up to 80% of Your Employees Reside

To Grow Your Business & Innovate Your Remotes Sites Must Keep Pace with HQ


Emerging Branch DemandsThe Application Landscape Is Changing

Applications are Moving to the Data Center and Cloud

Internet Edge Is Moving to the Branch

Branch

Cloud

Data Centers

50Cloud

of CIOs Expect to Operate via the Cloud by 2015

%

Mobility

More Mobile Data Traffic by 2015

Fat Apps

Of Mobile Traffic will be Video6X 2/3

Pressures on the WAN


The Branch Conundrum

BUDGET

USER SUFFERING

WANDemands

Rethink your Branch-WAN Strategy


Why Move to Internet as WAN?

1. Internet Transit Pricing based on surveys & informal data collection primarily from Internet Operations Forums – ‘street pricing’ estimates2. Packet delivery based on 15 years of ping data from PingER for WORLD (global server sample) from EDU.STANFORD.SLAC in CaliforniaSource: William Norton (DrPeering.net); Stanford ping end-to-end reporting (PingER)

Low Cost Alternative

Of organizations do are planning to transition to connections

%46


Internet Becoming an Extension of Enterprise WAN

Commodity Transports Viable Now

Dramatic Bandwidth, Price Performance Benefits

Higher Network Availability

Improved Performance Over Internet


Cisco IWAN Deployment ModelsDual InternetHybridDual MPLS

Public Public Enterprise

Internet MPLS Internet Internet

Internet

MPLSMPLS

Dual MPLS Highest reliability, security & availability ẋ Inflexible for new servicesẋ Expensive

Hybrid Enable SaaS and/or high BW apps Balanced availability Dual WAN+Dual Router = 99.999% Reliability

Dual Internet Best price/performance Least dependent on contracts Dual WAN+Dual Router = 99.999% Reliability

Consistent VPN Overlay enables Security across Transition

8

TransportIndependent

Intelligent Path Control

Secure Connectivity

• DMVPN IPsec overlay design• Consistent operational model• Simple transport migrations• Scalable and Modular design

• Performance Routing (PfR) full utilization of all bandwidth

• Application best path based on delay, loss, jitter and path preference

• Improved network availability

• Suite-B strong encryption• ASA & IOS Firewall/IPS

comprehensive threat defense

• Cloud Web Security (CWS) for direct Internet Access

ApplicationOptimization

• Application Visibility & Control (AVC)

• WAAS Application Acceleration and bandwidth savings

Internet

AVC

Branch Data CenterWAAS PfR

3G/4G-LTE

MPLS

Introducing Cisco Intelligent WAN (IWAN) Enhanced Connectivity over any Transport

David Prall (dprall)

The grey shading at the bottom makes the slide unreadable in the middle.


Optimize Application Performance


What is An Application?

11

HTTP

FTP

SMTP

POP3

IMAP

HTTPS

Are these applications?

Or just ports?

80

20/21

25

110

143

443

What about these?


Control application network usage to

improve application performance

Control

Advanced reporting tool aggregates and reports application

performance

App Visibility & User Experience Report

Management Tool

Collect application performance

metrics, and export to management tool

Reporting Tool Perf. Collection & Exporting

Reporting Tools

NFv9/IPFIX

App BW Transaction Time

…

SAP 3M 150 ms …Sharepoint 10M 500 ms …

Identify applications using L3 to L7 information

ApplicationRecognition

What is Application Visibility and Control (AVC)What is Needed

High

Med

Low

http://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQ



• QoS (w/ NBAR2)• PfR

Control

High

Med

Low

• Cisco Prime Infrastructure

• 3rd Party Tools

App Visibility & User Experience Report

Management Tool

• Unified Monitoring- Traffic Statistics- Response Time- Voice/Video

Monitoring- URL Collection

Reporting Tool Perf. Collection & Exporting

Reporting Tools

App BW Transaction Time

…

SAP 3M 150 ms …Sharepoint 10M 500 ms …

• NBAR2• Metadata

ApplicationRecognition

What is Application Visibility and Control (AVC)Enabled Technologies

NFv9/IPFIX




AVC ConfigurationPrime Infrastructure

14

• Enable AVC with just ON/OFF button

• With Cisco Prime Infrastructure 2.0


AVC ConfigurationPrime AVC One-Click

15

• Enable AVC in one-clickOne device at a time

• Two simple steps1. Select interface(s)2. Enable

1

2


Maximize Application PerformanceControls application bandwidth usage and selects optimal path

17

Identify 1000+ applications using NBAR2 and control bandwidth with Cisco industry leading QoSLimit unwanted traffic and prioritize critical applications

Application-aware QoS

Deliver critical applications over the path which can meet application performance requirement using PfRAutomatic load share to maximize bandwidth use on available links

Intelligent Path Selection

Stop bittorrent and netflix.

Prioritize salesforce, oracle

Backup Backup

WAN1

WAN2


Performance Routing Topologies

•Full utilization of expensive WAN bandwidthEfficient distribution of traffic based upon load, circuit cost and path preference

•Improved Application PerformancePer application best path based on delay, loss, jitter measurements

•Increased Application AvailabilityProtection from carrier black holes and brownouts

WAN1(IP-VPN)

WAN2(IPVPN, DMVPN)

MC/BR

MC/BR

BR

MC/BR

BR

BR

HQ

MC

BRBR

MC

Enterprise WANISP1 ISP2

Internet Edge

Branch

Optimize by:•Reachability, Loss, •Delay, Jitter, MOS, •Throughput, Load, and/or $Cost

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

PrivateCloud

Add WAN OptimizationSpeed and Bandwidth Benefits on top of the IWAN

Branch DC/Headquarters

Faster Applications, More Users, Less Bandwidth

• 90% HD Video optimization and better user experience

• Twice as many Citrix users over same WAN, 70% faster

• Toyota: ROI in less than one year, 65% BW cost savings

Easy to Deploy

• Works with existing branch routers (and existing AX license)

Scalable

• AppNav Controller and WAVE pool is scalable

• Native HA capability

vWAAS

WAAS Express

Proliferationof Devices

Users/Machines

AppNav-XE Controller

CSR

WAVE

WAN

Accelerate Any TCP Connection


SOLUTION

• Reduce load – Data redundancy elimination

(DRE), compression, and TCP optimization

• Application optimization– Fewer protocol messages

and metadata caching

PROBLEM

• Application latency• WAN bandwidth

inefficiencies

Application bandwidth with Cisco® WAAS

Application bandwidth natively

Application latency natively

Application latency with Cisco WAAS 0 0

1

2

3

4

40

80

120

160

ApplicationBandwidth

ApplicationLatency

Bandwidth(Mbps)

Latency(Seconds)

Reduction inbandwidth

Reductionin latency

Cisco WAAS Enhancing User Experience and WAN Efficiency


Securing Your IWAN


Securing the IWANIPSec VPN and FirewallStep 1: Secure TransportIPSec with DMVPN or FlexVPN overlay

Secure transport independent overlay

Add Strong Cryptography: IKEv2 + AES-GCM 256

Step 2: Threat DefenseIOS Zone-based FirewallMinimize exposure

DHCP addressing for Internet and tunnel interfacesDon’t put tunnel addresses into DNS

Step 3: Choose your performance levelSize router based on Encryption with Services and WAN bandwidth

Head-end: ASR1000 or ISR4451X

Branch: ISR-G2

DSL Cable

Branch

Data Center

ISR-G2

ASR 1000 ASR 1000

ISP A ISP C


Add Network Integrated Threat DefenseIOS Zone-Based FirewallControl the Perimeter:• External and internal protection: internal network is no longer trusted• Protocol anomaly detection and stateful inspectionCommunicate Securely: • Call flow awareness (SIP, SCCP, H323)• Prevent DoS attacksFlexible:• Split Tunnel-Branch/Remote Office/Store/Clinic• Internal FW—International or un-trusted locations/segments,

addresses regulatory compliancesIntegrated: • No need for additional devices, expenses and power• Works with other Cisco Services: SRE, Scansafe, WaaS ExpressManageable: • Supports CLI, SNMP, CCP, and CSM• Supports Cisco Configuration Engine

DSL Cable

Branch

Data Center

ISR-G2

ASR 1000 ASR 1000

ISP A ISP C


Flexible Secure WAN Design over any transportDynamic Multipoint VPN (DMVPN) or FlexVPN

Simplifies WANDesign

Easy multi-homing over any carrier service offering

Single routing control plane with minimal peering to the provider

Transport Independent

Proven RobustSecurity

Certified crypto and firewall for compliance

Scalable design with high performance cryptography in hardware

Secure

Dynamic Full Meshed Connectivity

Consistent design over all transports

Automatic site-to-site IPsec tunnels

Zero-touch hub configuration fornew spokes

Flexible

MPLS

Internet

Data CenterBranch

ASR 1000

ASR 1000

ISR-G2 WAN


Why Cisco IWAN?


Why Cisco IWAN

Integrated Platform

for IT Simplicity

Granular Control Everywhere

Proven Security at Scale

Unmatched Context-based

RoutingQuick ROI

Faster than Alternatives

Overlay Appliances

Up to 72% in Savings

The Alternative:

App Visibility & Control

IP Sec VPN

WAN Opt. Firewall

WAN Path SelectionRouter

• Any to Any Security

• Protect All Branch Resources

• Secure Direct Internet Access

• Network-Aware

• App-Aware

• Endpoint-Aware• Savings enables

Business Innovation

Many pay off in

6-12 months

$$$

• Branch ISR-AX

• DC ASR1K-AX

• Cloud CSR1000V


L2-L3Transport

L4-L7Application

Services

Start with Cisco AX RoutersIWAN Capabilities Embedded in the Router

Control

Optimization

Visibility

Transport Independent

Secure Routing

ISR-AX

Cisco AX Routers 3900 | 2900 | 1900 | 800 | 4451 | ASR1002-X

Simplify Application

Delivery

One NetworkUNIFIED SERVICES

ASR1000-AX

ISR 4451-X-AX


What makes the ISR-AX different?Introducing the ISR App License

Security U.C.

IP Base

App Extends and replaces the Data license with application router services. All previous Data license features included.

All Application Visibility and Control (AVC) features included. Enables powerful, comprehensive application monitoring and management.

Right-To-Use license for WAASLicense enables WAAS Express, WAAS SRE, or WAAS on UCS-E with no additional software cost.

App & Security included with the ISR-AX!


Cisco IWANUncompromised Experience Over Any Connection

Lower Costs without Tradeoffs

Maximize Your WAN Investment

Unleash Your Business Potential


Thank you.

Cisco Intelligent WAN (IWAN) Right-size your Network without Compromise

Documents

Transcript of Cisco Intelligent WAN (IWAN) Right-size your Network without Compromise