Cisco Intelligent WAN (IWAN) Solution
Scott Hodgdon
Senior Technical Marketing Engineer
Enterprise Networking Group
19.12.2013 © 2013 Cisco and/or its affiliates. All rights reserved.
Why IWAN ?
© 2012 Cisco and/or its affiliates. All rights reserved. 3
Average #apps per device*:
41
Sources:
* http://www.nielsen.com/us/en/newswire/2012/state-of-the-appnation-%C3%A2%C2%80%C2%93-a-year-of-change-and-growth-in-u-s-smartphones.html
** https://www.abiresearch.com/press/average-size-of-mobile-games-for-ios-increased-by-
*** http://www.wirelessandmobilenews.com/2013/05/samsung-galaxy-s3-iii-update-android-4.2.1-jelly-bean.html
http://theiphonewiki.com/wiki/Firmware#iPad_4
http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/what-is-average-monthly-size-of-update-downloads/dfe9bb34-c2dd-478e-a6cb-0a26228cf552
Average app size**:
23 MB (iOS)
6 MB (Android)
25 MB (Windows)
OS update file size***:
130 MB (iOS 6 for iPad 4)
168 MB (Jelly Bean 4.1)
400.0 MB (Windows 7)
700.0 MB (iOS 7 for iPhone 5)
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
The Application Landscape Is Changing
Applications are Moving to the Data Center and Cloud
Internet Edge Is Moving to the Branch
Branch
Cloud
Data Centers
Cloud
of CIOs Expect to
Operate via the
Cloud by 2015
Mobility
More Mobile Data
Traffic by 2015
Fat Apps
Of Mobile Traffic
will be Video
Pressures on the WAN
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Improved Performance Over Internet
Commodity Transports Viable Now
Dramatic Bandwidth, Price Performance Benefits
Higher Network Availability
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
-75%
1.5 Mbps
10 Mbps
iWAN
$220
$140
MPLS VPN
CoS3
$830
$260
MPLS VPN
CoS2
$885
$274
MPLS VPN
CoS1
$1,014
$303
Example: San Francisco Single MPLS VPN vs Dual Business Internet ($ per month)
Source: Telegeography MPLS VPN pricing for San Francisco as of March 2013; Comcast Web site; Verizon Web site
Dual Internet links
combined for Ent SLA
Simple example:
$665 savings/month x
12 months x 1000 sites
= $8M savings
per year
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Hybrid
Public Enterprise
Internet MPLS
Hybrid More BW for key applications
Balanced SLA guarantees
– Moderately priced
Dual Internet
Internet Internet
Dual Internet Best price/performance
Most SP flexibility
– Enterprise responsible for SLAs
Consistent VPN Overlay enables Security across Transition
Dual MPLS
Public
Internet
MPLSMPLS
Dual MPLS Highest SLA guarantees
– Tightly coupled to SP
ẋ Expensive
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
PrivateCloud
MPLS (IP-VPN)
Public Cloud
Internet
Secure IPsec
VPN overlay
Direct Internet
Access
• Secure WAN Transport for Private and Virtual Private Cloud access
• Leverage Local Internet path for Public Cloud and Internet access
• Increase WAN capacity – cost effectively!
• Improve application performance (right flows to right places)
VirtualPrivate Cloud
Branch
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
PrivateCloud
WAN (IP-VPN)
Public Cloud
Internet VirtualPrivate Cloud
Branch
Internet as WAN with High Reliability
SLAs for Business Critical Applications
Dramatically Lower WAN Costs without Compromise
Centralized Security Policy for Internet Access
Secure
Connectivity
• Certified strong encryption
• Comprehensive threat defense with ASA and IOS Firewall/IPS
• Cloud Web Security (CWS) for scalable securedirect Internet access
Application
Optimization
• Application monitoring with Application Visibility and Control (AVC)
• Application Accelerationand bandwidth savingswith WAAS
Transport
Independence
• Consistent operational model
• Simple Provider migrations
• Scalable and Modular design
• DMVPN IPsec overlay design
Internet
AVC
Branch WAAS PfR
Intelligent Path
Control• Application best path based
on delay, loss, jitter, path preference
• Load Balancing for full utilization of all bandwidth
• Improved network availability
• Performance Routing (PfR)
3G/4G-LTE
MPLS
PrivateCloud
Public Cloud
VirtualPrivate Cloud
Transport Independent Design
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Simplifies WAN
Design
Easy multi-homing over any carrier
service offering
Single routing control plane with
minimal peering to the provider
Transport Independent
Proven Robust
Security
Certified crypto and firewall for
compliance
Scalable design with high
performance cryptography in
hardware
Secure
Dynamic Full Meshed
Connectivity
Consistent design over all transports
Automatic site-to-site IPsec tunnels
Zero-touch hub configuration for
new spokes
Flexible
MPLS
Internet
Data CenterBranch
ASR 1000
ASR 1000
ISR-G2 WAN
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Internet MPLS
Data Center
BranchISR-G2
ASR 1000 ASR 1000
DMVPN GETVPN
2 IPsec Technologies- MPLS/GETVPN
- Internet/DMVPN
2 WAN Routing Domains- MPLS: eBGP or static
- Internet: iBGP, EIGRP or OSPF
- Route Redistribution to force
primary path
- Route Filtering loop prevention
Active/Standby WAN Paths- Primary with Backup
TraditionalHybrid
Internet MPLS
Data Center
BranchISR-G2
ASR 1000 ASR 1000
DMVPN DMVPN
1 DMVPN IPsec Overlay
1 WAN Routing DomainiBGP, EIGRP, or OSPF
Active/Active WAN paths
IWANHybrid
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Internet Internet
Data Center
BranchISR-G2
ASR 1000 ASR 1000
ISP ADSL
ISP CCable
DMVPN DMVPN
Internet MPLS
Data Center
BranchISR-G2
ASR 1000 ASR 1000
ISP A SP V
DMVPN DMVPN
IWANHybrid
IWANDual Internet
1 DMVPN IPsec Overlay
1 WAN Routing Domain
iBGP, EIGRP, or OSPF
1 Active-Active WAN Paths
© 2012 Cisco and/or its affiliates. All rights reserved. 19
• Private peering with Internet providersUse same Internet provider for hub and spoke sites
Avoids Internet Exchange bottlenecks between providers
Reduces round trip latency
• Use a separate DMVPN network per provider Increases availability
Enables PfR to optimize traffic between provider
• Transport settingsUse the same MTU size on all WAN paths
Bandwidth settings should match offered rate
Use a Front-Side VRF to separate Internet and Internal Default routes
• Internet SecurityUse Access-Lists or Firewalls to block all traffic except DMVPN tunnel traffic
Use provider’s IP addresses for tunnel source addresses
Do not be registered tunnel addresses in DNS to make the routers difficult for others to find
DSL Cable
Data Center
BranchISR-G2
ASR 1000 ASR 1000
ISP A ISP C
Intelligent Path Control
© 2012 Cisco and/or its affiliates. All rights reserved. 24
Benefits of Intelligent Path Control
• Lower WAN Costs
Enabling Internet based WANs
• Full Utilization of all WAN bandwidth
Efficient distribution of traffic based upon load,
circuit cost and path preference
• Improved Application Performance
Per application best path based on delay, loss, jitter measurements
• Increased Application Availability
Protection from carrier black holes and brownouts
Internet
MPLS
AVC
Branch Data CenterWAAS PfR
ISR G2
ASR 1000
ASR 1000
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
PrivateCloud
MPLS
Internet
• PfR monitors network performance and routes applications
based on application performance policies
• PfR load balances traffic based upon link utilization levels
to efficiently utilize all available WAN bandwidth
VirtualPrivate Cloud
Other traffic is load
balanced to maximize
bandwidth
Branch
Voice/Video will be rerouted if
the current path degrades below
policy thresholds
Voice/Video take the best
delay, jitter, and/or loss path
SP1 (MPLS) ISP (Internet)
• Protect voice and
video quality
Latency less than 150 ms; Jitter
less than 20 ms
• Protect VDI applications
from brownouts
Loss less than 5%
• Voice and video preferred
path SP-A
• VDI preferred path SP-B
• Increase utilization
by load sharing
Multimedia and Critical Data Policy
Cloud Services
Hybrid IWAN
Best-Effort Traffic
Detect loss
greater than
10%
ISP-1 (Cable) ISP-2 (DSL)
Voice and Video
Dual Internet
WAN
Detect
high jitter
VDI
Best-Effort Traffic
• Protect business cloud
applications from
brownouts
Loss less than 5%
• Preferred path for Critical
Applications: SP1 (MPLS)
• Increase WAN bandwidth
efficiency by load-sharing
traffic over all WAN paths,
MPLS + Internet
Cloud Services and Load-Balancing Policy
© 2012 Cisco and/or its affiliates. All rights reserved. 27
The Decision Maker: Master Controller (MC)
Discover BRs, collect statistics Apply policy, verification, reporting No packet forwarding/ inspection required
The Forwarding Path: Border Router (BR)
Gain network visibility in forwarding path (Learn, measure) Enforce MC’s decision (path enforcement) Does all packet forwarding
Optimize by:
Reachability, Delay, Loss, Jitter, MOS, Throughput, Load, and/or $Cost
DSL Cable
Data Center
BranchMC+BR
BR BR
MC
Application Optimization
© 2012 Cisco and/or its affiliates. All rights reserved. 31
Information
FTP IM
RPC
Collaboration SaaS
SOAP Video
HTTP is the new TCP
• Static port classification is no longer enough
• More and more apps are opaque
• Increasing use of encryption and obfuscation
• Application consists of multiple sessions (video, voice, data)
• What if user experience is not meeting business needs?
Add Cisco AVC
Proliferation
of Devices
Users/Machines
VDI | IaaS
Private Cloud
60% of IT Professionals Cite Performance as Key Challenge for Cloud
Storage
Database
Public Cloud
No Probes
Rich data collection using NetFlow v9/IPFIXNo additional hardware (and included in AX license)Easy to integrate into many reporting tools
Business Aligned Policy EnforcementNo need for complex IP and port ACLsSee inside HTTP flows to identify specific Cloud applications
Smarter Capacity Planning Better use of costly bandwidthPer-branch and per-application level reporting
Branch HQ/DC
Cisco AVC
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
AVC
Enterprise Edge
HQ/Data Center
Branch
NetFlow v9WAN
AVC
AVC
AVC
NetFlow/IPFIX Records (Same provisioning, same format)
• Traffic statistics records
• Application Response Time records
• Media monitoring records (Application, Jitter, Loss, etc)
Partner Tools EcosystemInfoVista
PlixerActionPackedCompuWare
CA TechnologiesLiving Objects
Glue
Track and Report Application Flows and Performance
CSR
Collecting
Collecting
Collecting
P r o v i s i o n i n g
Exporting
NetFlow v9 Export / IPFIX Export
Speed and Bandwidth Benefits on top of the IWAN
Users/Machines
Private Cloud
Accelerate Any TCP Connection
Easy to Deploy Works with existing branch routers (and existing AX license)
Faster Applications, More Users, Less Bandwidth
90% HD Video optimization and better user experienceTwice as many Citrix users over same WAN, 70% fasterToyota: ROI in less than one year, 65% BW cost savings
Scalable AppNav Controller and WAVE pool is scalableNative HA capability
Branch
vWAAS
WAAS Express
WAVE
AppNav-XE Controller
WAN
CSR
© 2012 Cisco and/or its affiliates. All rights reserved. 35
Problem
• Application latency
• WAN bandwidth
inefficiencies
Solution
• Reduce load
– Data redundancy elimination
(DRE), compression, and TCP
optimization
• Application optimization
– Fewer protocol messages and
metadata caching
Application bandwidth with Cisco® WAAS
Application bandwidth natively
Application latency natively
Application latency with Cisco WAAS 0 0
1
2
3
4
40
80
120
160
Application
Bandwidth
Application
Latency
Bandwidth
(Mbps)
Latency
(Seconds)
Reduction in
bandwidth
Reduction
in latency
Secure Connectivity
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
PrivateCloud
MPLS (IP-VPN)
Public Cloud
InternetDirect Internet
Access
• Leverage Local Internet path for Public Cloud and Internet access
• Improve application performance (right flows to right places)
VirtualPrivate Cloud
Branch
© 2012 Cisco and/or its affiliates. All rights reserved. 40
Private Cloud
Branch WAN2(Internet)
WAN1(IP-VPN)
Public Cloud
IOS Firewall to
protect Internet
Edge
IWAN IPsec VPN for
Private Cloud Traffic
ISR CWS
Connector to
CWS Firewall
towers
Web Filtering,
Access Policy,
Malware
Secure Public
Cloud & Internet
Access
CWS
Internet
© 2012 Cisco and/or its affiliates. All rights reserved. 4444© 2012 Cisco and/or its affiliates. All rights reserved.
Why Cisco IWAN?
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
PrivateCloud
WAN (IP-VPN)
Public Cloud
Internet VirtualPrivate Cloud
Branch
Internet as WAN with High Reliability
SLAs for Business Critical Applications
Dramatically Lower WAN Costs without Compromise
Centralized Security Policy for Internet Access
L2-L3Transport
L4-L7Application
Services
IWAN Capabilities Embedded in the Router
Control
Optimization
Visibility
Transport Independent
Secure Routing
ISR-AX
Cisco AX Routers 3900 | 2900 | 1900 | 800 | 4451 | ASR1002-X
Simplify Application
Delivery
One Network
UNIFIED SERVICES
ASR1000-AX
Top Related