Intelligent WAN ArchitectureEnabling the Digital Enterprise
Steven Wood – Principal Engineer, Architect - IWAN
• Business Drivers and Outcomes• IWAN Architecture Overview• Orchestration & Automation• Product Portfolio• Closing
Agenda
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise WAN - What’s Going on?• WAN bandwidth needs are growing!
• Increasing use of Cloud, BYOD/IOE and Videodriving increased traffic
• The Data Center is Exploding• Private DC -> Hybrid Cloud
• It’s all about Application Delivery
• IT budgets flat or declining• Transport/bandwidth costs are majority of WAN budget
• These trends are driving WAN modernization• Lower cost transports – Internet, LTE, Carrier Ethernet• Cloud Endpoints, Security, Threat Protection • Application performance monitoring and optimization• Fast IT Delivery Models
• Software Defined WAN
Is Your NetworkReady?
3
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is Software Defined WAN?
Device discovery, provisioning,registration
Automated configuration “no hands on keyboard”
DevOps/NetOps aligned
Network wide context and state access
Common controller for physical & virtual devices
Business & Application Policy driven
Integrated Monitoring
Network Function Virtualization
Application Aware Network
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Why are enterprises thinking about SD-WAN?
Of IT budgets spent on WAN Connectivity
58%
of Apps accessed via Internet
50%
Cite poor application performance and latency as
corporate WAN concern
48.6%
Cite management of connectivity at branch as a
challenge
32.4%
Source: IDC Worldwide SD-WAN Survey Special Report (May 2016) 5
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Digital Network Architecture
AutomationAbstraction & Policy Control
from Core to Edge
Open & Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service ManagementPolicy | Orchestration
VirtualizationPhysical & Virtual Infrastructure | App Hosting
AnalyticsNetwork Data,
Contextual Insights
Insights & Experiences
Automation& Assurance
Security & Compliance
Network-Enabled Applications
Cloud Enabled | Software Delivered
Principles
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
AutomationAbstraction and Policy
Control from Core to Edge
Open and Programmable | Standards-Based
Open APIs | Developers Environment
Cloud Service ManagementPolicy | Orchestration
VirtualizationPhysical and Virtual Infrastructure | App Hosting
AnalyticsNetwork Data,
Contextual Insights
Network-enabled Applications
Cloud-enabled | Software-delivered
Cisco DNA – How IWAN Fits
VirtualizationNetwork OverlaysEnterprise NFVService Virtualization
APIC-EMIWAN SD-WAN OrchestrationIWAN App for APIC-EMCampus Access AutomationNetconf & Yang Model supportREST API access
DNA-Assurance
Streaming Data collection; Netflow; SNMP; Syslog, othersScalable processing and analyticsAssurance and Debug Applications
DNA-Center
Landing Point for Cisco ServicesSecurityIWANCampusWirelessAssurance
Cloud Ready NetworkHybrid cloud Access – SaaS/IaaS/vPCCloud-based Network Controller
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Internet as part of a Hybrid Enterprise WAN
Commodity Transports Viable Now
Dramatic Bandwidth, Price Performance Benefits
Higher Network Availability
Improved Application Performance
8
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN (IWAN)Optimized Hybrid WAN with Direct Cloud Access
OptimizedHybrid WAN
Branch
Direct CloudAccess
PrivateCloud
VirtualPrivateCloud
PublicCloud
1. IWAN Secure VPN for private and virtual private cloud access
2. Leverage local Internet path for public cloud and Internet access
4 Increase WAN transport capacity and app performance cost effectively!
4 Improve application performance (right flows to right places)
MPLS (IP-VPN)
Internet
9
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN (IWAN)So What is New Here?
OptimizedSecure Transport
Branch
Direct CloudAccess
PrivateCloud
VirtualPrivateCloud
PublicCloud
1. IWAN Secure transport for private and virtual private cloud access
2. Leverage local Internet path for public cloud and Internet access
4 Increase WAN transport capacity and app performance cost effectively!
4 Improve application performance (right flows to right places)
MPLS (IP-VPN)
Internet
Hybrid WANs with High Reliability
Service Levels for Business-Critical Applications
Centralized Security Policy for Internet Access
Dramatically Lower WAN Costs Without Compromise
10
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Common IWAN Deployment Models
Dual MPLS
Internet
ü Highest SLA guarantees– Centralized Internet Access– Expensive
Public
MPLS
Branch
MPLS
ü More BW for key applicationsü Balanced SLA guarantees– Moderately priced
PublicEnterprise
Branch
MPLS+Internet
Consistent VPN Overlay Enables Security Across Transition
ü Best price/performanceü Most flexibility– Enterprise responsible for SLAs
Internet
Branch
Enterprise Public
Hybrid Dual Internet
Internet
11
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN (IWAN) ArchitectureEnterprise
MPLS
UnifiedBranch
3G/4G-LTE
Internet
PrivateCloud
VirtualPrivateCloud
PublicCloud
Application Optimization
Enhanced ApplicationVisibility and Performance
Secure Connectivity
ComprehensiveThreat Defense
Intelligent Path Control
ApplicationAware Routing
TransportIndependence
SimplifiedHybrid WAN
Management Automation
12
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN: Architectural and Systems Approach
• IWAN is a Solution Architecture• Solves a network problem• Use Case Driven• Systems Development Approach
• Prescribed. Tested. Interoperable.• Bounded Scope and Complexity• Enables Automation and Quality
• Delivers Business Outcomes• Reduce Operational Complexity• Reduce WAN costs, Increase bandwidth• Improve Application Performance• Direct Cloud Access• Guest Access Offload
IWAN2.1
13
Transport-IndependenceVirtualizing the Enterprise WAN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Simplifies WAN Design Dynamic Full-Meshed Connectivity Proven Robust Security
Flexible Secure IWAN Overlay Over Any TransportSecureFlexible
• Easy multi-homing with several providers
• Single routing control plane over the top of provider networks
• Consistent design over all WAN transport types
• Scalable Hub-n-spoke with dynamic full mesh topology
• Industry Certified security compliance
• Scalable high-performance cryptography in hardware
ISR
WAN
Internet
MPLSASR 1000
ASR 1000
Transport-Independent
Data CenterBranch
15
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Transport IndependenceConsistent deployment models simplify operations
Internet MPLS
Branch
DMVPN DMVPN
IWAN HYBRID
Data Center
ISR
ASR 1000 ASR 1000
ISP A SP B
4G/LTE
Branch
DMVPN
IWAN HYBRID/LTE
Data Center
ISP C SP B
ASR 1000
MPLS
Branch
MPLS
DMVPN
IWAN Dual MPLS
Data Center
ISR
ASR 1000 ASR 1000
SP A SP B
DMVPN
MPLS
DMVPN
ISR
ASR 1000
16
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Transport Independent Designwith Dynamic Multipoint VPN (DMVPN)
• Proven IPsec VPN technology• Widely deployed, Large scale• Standards based IPsec and Routing• Adv QOS: hierarchical, per tunnel
• Flexible & Resilient• Over any transport: MPLS, Carrier Ethernet, Internet, 3G/4G,..• Automatic Spoke registration (for Zero-touch Deployment)• Hub-and-Spoke with Dynamic full mesh Topology• Multiple encryption, key management, routing options• Multiple redundancy options: platform, hub, transports
• Secure• Industry Certified IPsec and Firewall• NG Strong Encryption: AES-GCM-256 (Suite B)• IKE Version 2• IEEE 802.1AR Secure unique device identifier
• Simplified IWAN Deployments• Prescriptive validated IWAN designs• Automated provisioning – Prime, IWAN-App, Glue
Branch
Internet MPLS
DMVPNPurple
DMVPNGreen
IWAN HYBRID
Data Center
ISP A SP B
17
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Typical IWAN Topology
10.3.3.0/24 10.4.4.0/24 10.5.5.0/24
BR11 BR12 BR21 BR22
DMVPNMPLS
DMVPNINET
BR31 BR41
10.1.0.0/16 10.2.0.0/16
BR51 BR52
• IWAN Domain• Group of IWAN sites with common transports and policies• 2000 sites per domain, multiple domains for larger scale
• IWAN POP locations• 2+ WAN aggregation locations, also called Transit Sites• Each Border Router (BR) is a DMVPN Hub
with iBGP or EIGRP routing• Summary prefixes with primary and secondary path
metrics advertised out to branches• Transit routing to other locations with backdoor failover
routing between POP locations• Dedicated BR per WAN transport
• IWAN Branch locations• Simple consistent configurations• 1 or more BRs connected to each transport• Peer with each DMVPN Hub, stub routing
IWAN POP1 IWAN POP2
10.2.0.0/1610.0.0.0/8
DC1WAN Core
DC2
10.1.0.0/1610.0.0.0/8
10.0.0.0/8
18
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Highly Redundant Large Scale Topology
10.3.3.0/24 10.4.4.0/24 10.5.5.0/24
BR31 BR41 BR51 BR52
BR12
IWAN POP1 IWAN POP2
DMVPNMPLS
DMVPNINET
BR11 BR14BR13 BR22BR21 BR24BR23
10.1.0.0/1610.2.0.0/1610.0.0.0/8
10.1.0.0/1610.2.0.0/1610.0.0.0/8
• Support for multiple BRs per transport• Horizontal scaling and redundancy
• Support for Multiple POPs• Different Prefix• Common Prefix
DC1
DCIWAN Core
DC2
19
Intelligent Path ControlImproving Application Delivery and WAN Efficiency
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Getting the Most Out of Your WAN InvestmentBenefits of Intelligent Path Control
Data CenterBranch
ASR 1000
ASR 1000
ISR
MPLS
Internet
EnablingHybrid WANs
Efficient Distribution of Traffic Based Upon Load
or Path Preference
Application Best Path Based on Quality
Protection FromCarrier Black Holes
and Brownouts
Lower WAN Costs
Full Utilization of WAN Bandwidth
Improved Application
Performance
Higher ApplicationAvailability
21
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
What is Performance Routing (PfR)?
MPLS Internet
Branch
BR BR
Data Center
MC
“Performance Routing (PfR) provides additional intelligence to classic routing to track and verify the quality of a path over a Wide Area Networking (WAN) to determine the best path for application traffic....”
MC+BR
22
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent Path Control with PfRVoice and Video Use-Case
Branch
MPLS
Internet
Virtual PrivateCloud
Private Cloud
• PfR monitors network performance and routes applicationsbased on policy
• PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth
Other traffic is load balanced to maximize bandwidth Voice/Video will be rerouted if
the current path degrades below policy thresholds
Voice/Video take the best delay, jitter, and/or loss path
23
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Load BalancingMaximizing Link Utilization to Increase Available Bandwidth
• Traffic distributed across all paths to efficiently use all WAN bandwidth
• Load Balancing based upon link utilization levels
• External links can have different bandwidth capacitiesMPLS = 1.5MbpsInternet = 15Mbps
ISR
WAN
Internet
MPLSASR 1000
ASR 1000
Data Center
50% T1 = 750kbps
50% 15Mbps = 7.5Mbps
24
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
SP1 (MPLS) ISP (FTTH)
• Protect voice and video quality
Latency < 150 msJitter < 20 ms
• Protect Email applications from WAN congestion
Loss < 5%
• Voice and video preferred path SP1
• Email preferred path ISP• Increase utilization
by load sharing
Multimedia and Critical Data Policy
Business App
Best-Effort Traffic
High Delay Detected
SP1 (MPLS) ISP (DSL)
Voice and Video
High JitterDetected
Best-Effort Traffic
Protecting Critical Applications While Increasing Link Efficiency
• Protect transactionalbusiness app from brownouts
delay < 250ms• Preferred path SP1 (MPLS)
• Increase WAN bandwidth efficiency by load-sharing traffic over all WAN paths, MPLS + Internet
Business App and Load-Balancing Policy
25
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Performance Routing—Components
The Decision Maker: Master Controller (MC)• Discover BRs, collect statistics• Apply policy, verification, reporting• No packet forwarding/inspection required
The Forwarding Path: Border Router (BR)• Does all packet forwarding• Visibility in network performance • Enforce MC’s decision (path enforcement)
The Policy Controller: Domain Controller (DC)• Discover site peers, prefixes and connected networks• Advertise policy and services• One per domain, collocated with MC
MPLS Internet
BranchMC+BR
BR BR
DC/MC
26
Application Optimization
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Today’s Network is an IT Blind Spot
• Static port classification is nolonger enough
• More and more apps are opaque
• Increasing use of encryptionand obfuscation
• Application consists of multiple sessions (video, voice, data)
• What if user experience is not meeting business needs?
28
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Branch
PrivateCloud
Make Your IWAN Application AwareApplication Visibility and Control (AVC)
DC/Headquarters
PublicCloud
Cisco AVC
Application Performance Visibility
• Application inspection with existing routers
• Rich data collection using NetFlow v9/IPFIX
• Easy to integrate into many reporting tools
Smart CapacityPlanning
• Better use of costly bandwidth
• Per-branch and per-application level reporting
Business Objective Enforcement
• Service Level monitoring per application
• Better Analytics to adjust network policies to maintain compliance
AVCAVC
29
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
PrivateCloud
Application Performance Monitoring for IWANTrack and Report Application Flows and Performance
WANNetFlow v9
Enterprise Edge
AVC
AVC
CSR
NetFlow/IPFIX Records(Same provisioning, same format)
• Traffic statistics records• Application Response Time records• Media monitoring records
(Application, Jitter, Loss, etc)
Cisco ToolsPrime, APIC-EM
Partner Tools EcosystemLiveAction
Glue NetworksPlixer
Living ObjectsCompuWare
CA Technologies
Collecting Collecting Collecting
Provisioning
Exporting
NetFlow v9 Export/IPFIX Export
Branch DC/HeadquartersAVC
AVC
30
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
PrivateCloud
Add WAN Optimization with WAAS + AkamaiSpeed and Bandwidth Benefits on Top of the IWAN
Branch DC/POP
ApplicationOptimization
• Improved Application performance, delay mitigation, less bandwidth
• Twice as many Citrix users over same WAN, 70% faster
• Typical ROI in less than one year, 65% BW cost savings
Content Caching& Prepositioning Simple and Scalable
• Works with existing branch routers
• Scale out optimizations resources with AppNav
• Native HA resiliency
vWAAS AppNav-XEController
CSR
WAVE,vWAAS
WAN
Improving Application Performance
• Reduces WAN bandwidth usage, while accelerating applications
• Intelligent caching of internal and Internet content
• Prepositioning of data and rich media before it is needed
31
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco WAAS – IWAN Application AccelerationEnhancing User Experience and WAN Efficiency
Solution
• Reduce load Data redundancy elimination (DRE), compression, and TCP optimization
• Application optimizationFewer protocol messages and metadata caching
Problem
• Application latency• WAN bandwidth
inefficiencies
Application bandwidth with Cisco® WAAS
Application bandwidth natively
Application latency natively
Application latency with Cisco WAAS 0 0
1
2
3
4
40
80
120
160
ApplicationBandwidth
ApplicationLatency
Bandwidth(Mbps)
Latency(Seconds)
Reduction inbandwidth
Reductionin latency
32
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Akamai Connect accelerates HTTP/HTTPS applications, video and content in the branch, while maximizing existing enterprise network bandwidth
Branch
End-UserAkamai Connect
integrated into Cisco ISR-AX
routers
ISR-AX+AC INTERNET
Akamai Intelligent Platform
Data Center
WAASWAN
IWAN – Application Accelerationwith Akamai Connect
33
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Branch
End-UserAkamai Connect integrated into Cisco
ISR-AX routers
ISR-AX+AC
Akamai Intelligent Platform
INTERNET
Data Center
WAASWAN
IWAN - Application AccelerationEnhancing User Experience and WAN Efficiency
Mobile Apps
Video
Software Downloads
Digital Signage
Catalogs
Guest WiFi
Any Device, Connectivity, Cloud Result – Improved Application Response Times
~70+% of HTTP/S data served from
cache
0123456789
WAAS + AKC Native WAN
Avg
. Loa
d Ti
me
(sec
.)
51% reductionload time
34
IWAN Secure Connectivity
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN: Secure ConnectivitySecuring the network and users
Secure WAN Transport
Branch
MPLS (IP-VPN)
InternetSecureInternetAccess
PrivateCloud Virtual
PrivateCloud
PublicCloud
Two areas of concern1. Protecting the network from outside threats with data privacy over provider networks2. Protecting user access to Public Cloud and Internet services; malware, privacy, phishing,…
36
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Securing the IWAN TransportIPSec VPN and Access Control
• Step 1: Authenticate hardware and softwareTrust Anchor Module verification
• Step 2: Secure TransportProven IPsec VPN overlayStrong Cryptography: IKEv2 + AES-GCM 256F-VRF to isolate provider networks
• Step 3: Protect the SiteIOS Zone-based Firewall or ACLs protectionRole based access to router w/ loggingMinimize exposure
Provider assigned addressing to hide routersDon’t put tunnel addresses into DNS
MPLS Internet
Branch
ASR 1000 ASR 1000
ISP A ISP C
Data Center
37
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
MPLS Internet
Branch
ASR 1000 ASR 1000
ISP A ISP C
Data Center
Add Network Integrated Threat DefenseIOS Zone-Based Firewall
• Control the Perimeter:• External and internal protection: internal network is no longer trusted• Protocol anomaly detection and stateful inspection
• Communicate Securely: • Call flow awareness (SIP, SCCP, H323)• Prevent DoS attacks
• Flexible:• Split Tunnel-Branch direct Internet access• Internal FW— addresses regulatory compliances
• Integrated: • No need for additional devices, expenses and power• Works with other IWAN Services: CWS, WAAS, UCS-E,…
• Manageable: • APIC-EM, Prime, CLI, SNMP, CCP, and CSM
38
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN—Direct Internet Access
Branch
MPLS (IP-VPN)
InternetDirect
InternetAccess
PrivateCloud
VirtualPrivateCloud
PublicCloud
• Leverage Local Internet path for Public Cloud and Internet access• Improve application performance (right flows to right places)
SolutionsOn Premise – Zone Based FirewallCloud Based – Cloud Web Security
CloudSecurity
ISR-AXZBFW
39
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Web Security Centralized Management for Distributed Policy
Cisco ScanCenter Portal
40
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Secure Internet Access with Cisco Cloud Web Security (CWS) with ISR-4000 and ISR-G2 Series Routers
Secure Public Cloud and Internet
Access
ISR Connector toCWS Firewall towers
Web Filtering, Access Policy, Malware Detect
WAN1(IP-VPN)
CWS
PrivateCloud
PublicCloud
Branch
WAN2(Internet)
IWAN IPsec VPN for Private Cloud
TrafficIOS Firewall to protect Internet
Edge
Internet
41
IWAN Automation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network-Wide Abstractions Simplify the NetworkApplications
SecurityOrchestration Automation
SOUTHBOUND ABSTRACTION LAYER
REST API
CATALYST® CISCO NEXUS® ASRISR WIRELESSASA OTHER
SDN Ideal: Controller as the
Application Platform
The SDN Ideal:
Controller as the Application
Platform
Virtualization
43
IWAN
APIC-EMIWAN APP
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Intelligent WAN App for APIC-EM
IT Admin
App SLADMVPNSLAQoSSecurityPath Selection
Business Policy
ApplicationNetwork Profile
NETWORK
SDN
Simple Workflow Templates
Plug and Play Business Policy Rendering
Open Architecture
Network, Applications Monitoring
APIC-EM Abstraction Layer Services
Business Policy Dictates Network Action
APIC-EM
IWAN APP
Monitor Application Health
Update Policy
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
PnP: Pre-provisioning and Discovery Workflows
Plug & PlayEnterprise-wide scaleAutomated workflow
79% lower deployment costs
Pre-provision1 Discovery2 Secure Deployment3
Discovery1 Un-claimed Devices2 Secure Deployment3
Network PnP app pre-provisioned with device SR number
Configure device discovery• DHCP Option-43 or DNS
• Installer powers on devices• Devices download image and
configuration
• Installer powers on devices• Devices securely connect
to APIC-EM server, waiting to be ‘claimed’
• Network admin claims devices based on device information
• Device downloads image and configuration
Configure device discovery• DHCP Option-43 or DNS
Network PnP app on APIC-EM
AdminEM
DHCPServer
DNSServer
ORPnP-Agent PnP-Agent
EM
Device Authentication
Download Image and Configure
Installer
Network PnP app on APIC-EM
AdminEM
DHCPServer
DNSServer
OR
PnP-Agent PnP-Agent
EM
Device Authentication
Download Image and Configure
Installer
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco IWAN Management PortfolioCovering a broad range of requirements and preferences
• Customer wants advanced provisioning, life cycle management, and customized policies
• System-wide network consistency assurance
• Lean IT OR IT Network team
Cisco
Prime Infrastructure
• Customer needs customizable IWAN with end-to-end monitoring
• One Assurance across Cisco portfolio from Branch to Datacenter
• IT Network team
Enterprise Network Mgmt and Monitoring
Ecosystem Partners
IWAN App
• Customer wants considerable automation and operational simplicity
• Requirements consistent with prescriptive IWAN Validated Design
• Lean IT organization
Prescriptive Policy Automation
• Customer looking for advanced monitoring and visualization
• QoS/ PfR/ AVC configuration, Real-time analytics and network troubleshooting
• IT Network team
Application Aware Performance Mgmt
AdvancedOrchestration
46
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Prime Infrastructure for IWAN
• IWAN workflow wizard with PnP• Template-based IWAN configs• PfRv3 Domain, MC and BR• AVC One-Click provision• QoS Provisioning• Single or Dual Router Branch• CVD-based, Customizable• AVC Readiness Assessment• AVC, QoS, PfR Visibility• Leverages APIC EM services
For YourReference
47
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
LiveAction Software
• An Application-aware Network Performance Management and QoS Control tool
• Fast, simple, cost effective way to monitor and control application performance leveraging Cisco capabilities
LiveAction Components
Flow QoS Monitor QoS Configure RoutingLAN IP SLA
For YourReference
48
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Glue Networks IWAN Orchestration
• Cloud-based SaaS subscription model
• Eliminates manual building of WANs
• Automated WAN orchestration and management
• Quick configuration updates and IOS upgrades
• Rapidly delivers nextgen and IWAN features
• Forward compatible with SDN APIs for app aware WANs
• Broadband and MPLS support for centralized hybrid WANmanagement for IWAN
For YourReference
49
Cisco IWAN Product Portfolio
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Start with Cisco AX RoutersIWAN Capabilities Embedded in the Router
ISR-AXSimplify
Application Delivery
One NetworkUNIFIED SERVICES
ISR4000-AX
Transport Independent
Secure Routing
Optimization
Control
Visibility
Cisco AX Routers ISRv | 890 | 1900 | 2900 | 3900 | 4000 | ASR 100051
ISRv-AX
ASR1000-AX
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Branch Services RoutersISR4000 Series - IWAN AX Ready, Next Generation Branch
INTEGRATED IWAN SERVICES
APPLICATION CENTRIC
APPLIANCE LEVEL PERFORMANCE
4 IOS Firewall, VPN, IPSec, PfRV3, NBAR2, AVC, AppNav, VRF, MPLS
4 Scalable on-chip service provisioning
4 App/User policy-driven deployment4 APIC-EM Automation: deploy in minutes4 Pay-as-you-grow4 Up-to-75% cost savings
4 Service-Aware Dataplane4 Resilient Service Virtualization4 Multi-gigabit Fabric ISR4431
ISR4351
ISR4331
ISR4321
ISR4451
500Mbps/1Gbps
200/400Mbps
100/300Mbps
50/100Mbps
1-2Gbps
For YourReference
52
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Aggregation Border RoutersASR1000 - IWAN AX Ready, High Performance Routers
INTEGRATED IWAN SERVICES
BUSINESS-CRITICAL RESILIENCY
COMPACT, POWERFUL ROUTER
4 IOS Firewall, VPN, IPSec, PfRV3, NBAR2, AVC, AppNav, VRF, MPLS
4 Scalable on-chip service provisioning
4 Separate control and data planes4 Hardware and software redundancy4 In-service software upgrades
4 Line-rate performance 2.5G to 200G+ with services enabled
4 Crypto performance from 2G to 60G+4 Flexible I/O: SPAs and Ethernet LCs
§ 2.5G Upgradeable to 5G, 10G, 20G§ Up to 8G Crypto Throughput
§ 5G Upgradeable to 10G, 20G, 36G§ Up to 4G Crypto Throughput
§ Modular, Redundant up to 200G§ Up to 60G Crypto Throughput
ASR1001-X
ASR1002-X
Modular ASR1006-X
For YourReference
53
§ 44G Upgradeable to 100G§ 8, 16, 25G Crypto Throughput
ASR1002-HXNew
New
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Enterprise Service Automation (ESA) on APIC-EMVirtual Managed Services (vMS)
Introducing Cisco Enterprise NFVVirtualized IWAN and Branch Services
Cisco 4000 Series ISR + UCS® E-Series
Network Functions Virtualization Infrastructure Software (NFVIS)
Virtual Router(ISRv)
Virtual Firewall(ASAv)
Virtual WAN Optimization
(vWAAS)
Virtual Wireless LAN Controller
(vWLC)Third-Party VNFs
New
Cisco® UCS C-Series
Why Cisco IWAN?
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IWAN Vision and Strategy
Secure VPN Overlay, Any Transport, Bandwidth Efficiency, Application SLA
Secure, Simple, Centralized Policy Automation
Global Policies, Cloud POPs, Mobility, Optimization, Cloud Security
vRouter, vService and App Orchestration
Campus/WAN/DC
INTELLIGENT VIRTUALIZATION AUTOMATION CLOUD
INTEGRATIONSERVICE
VIRTUALIZATIONENTERPRISE
DNA
56
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN (IWAN)
OptimizedSecure Transport
Branch
Direct CloudAccess
PrivateCloud
VirtualPrivateCloud
PublicCloud
MPLS (IP-VPN)
Internet
Mixed transport WANs with High Reliability
Service Levels for Business-Critical Applications
Centralized Security Policy for Internet Access
Dramatically Lower WAN Costs Without Compromise
57
Thank you
Top Related