Cisco Intelligent WAN (IWAN) Solution

Cisco Intelligent WAN (IWAN) Solution

Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking Group

19.12.2013 © 2013 Cisco and/or its affiliates. All rights reserved.

Why IWAN ?

© 2012 Cisco and/or its affiliates. All rights reserved. 3

Average #apps per device*:

41

Sources:

* http://www.nielsen.com/us/en/newswire/2012/state-of-the-appnation-%C3%A2%C2%80%C2%93-a-year-of-change-and-growth-in-u-s-smartphones.html

** https://www.abiresearch.com/press/average-size-of-mobile-games-for-ios-increased-by-

*** http://www.wirelessandmobilenews.com/2013/05/samsung-galaxy-s3-iii-update-android-4.2.1-jelly-bean.html

http://theiphonewiki.com/wiki/Firmware#iPad_4

http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/what-is-average-monthly-size-of-update-downloads/dfe9bb34-c2dd-478e-a6cb-0a26228cf552

Average app size**:

23 MB (iOS)

6 MB (Android)

25 MB (Windows)

OS update file size***:

130 MB (iOS 6 for iPad 4)

168 MB (Jelly Bean 4.1)

400.0 MB (Windows 7)

700.0 MB (iOS 7 for iPhone 5)

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

The Application Landscape Is Changing

Applications are Moving to the Data Center and Cloud

Internet Edge Is Moving to the Branch

Branch

Cloud

Data Centers

Cloud

of CIOs Expect to

Operate via the

Cloud by 2015

Mobility

More Mobile Data

Traffic by 2015

Fat Apps

Of Mobile Traffic

will be Video

Pressures on the WAN


Improved Performance Over Internet

Commodity Transports Viable Now

Dramatic Bandwidth, Price Performance Benefits

Higher Network Availability


-75%

1.5 Mbps

10 Mbps

iWAN

$220

$140

MPLS VPN

CoS3

$830

$260

MPLS VPN

CoS2

$885

$274

MPLS VPN

CoS1

$1,014

$303

Example: San Francisco Single MPLS VPN vs Dual Business Internet ($ per month)

Source: Telegeography MPLS VPN pricing for San Francisco as of March 2013; Comcast Web site; Verizon Web site

Dual Internet links

combined for Ent SLA

Simple example:

$665 savings/month x

12 months x 1000 sites

= $8M savings

per year


Hybrid

Public Enterprise

Internet MPLS

Hybrid More BW for key applications

Balanced SLA guarantees

– Moderately priced

Dual Internet

Internet Internet

Dual Internet Best price/performance

Most SP flexibility

– Enterprise responsible for SLAs

Consistent VPN Overlay enables Security across Transition

Dual MPLS

Public

Internet

MPLSMPLS

Dual MPLS Highest SLA guarantees

– Tightly coupled to SP

ẋ Expensive


PrivateCloud

MPLS (IP-VPN)

Public Cloud

Internet

Secure IPsec

VPN overlay

Direct Internet

Access

• Secure WAN Transport for Private and Virtual Private Cloud access

• Leverage Local Internet path for Public Cloud and Internet access

• Increase WAN capacity – cost effectively!

• Improve application performance (right flows to right places)

VirtualPrivate Cloud

Branch


PrivateCloud

WAN (IP-VPN)

Public Cloud

Internet VirtualPrivate Cloud

Branch

Internet as WAN with High Reliability

SLAs for Business Critical Applications

Dramatically Lower WAN Costs without Compromise

Centralized Security Policy for Internet Access

Secure

Connectivity

• Certified strong encryption

• Comprehensive threat defense with ASA and IOS Firewall/IPS

• Cloud Web Security (CWS) for scalable securedirect Internet access

Application

Optimization

• Application monitoring with Application Visibility and Control (AVC)

• Application Accelerationand bandwidth savingswith WAAS

Transport

Independence

• Consistent operational model

• Simple Provider migrations

• Scalable and Modular design

• DMVPN IPsec overlay design

Internet

AVC

Branch WAAS PfR

Intelligent Path

Control• Application best path based

on delay, loss, jitter, path preference

• Load Balancing for full utilization of all bandwidth

• Improved network availability

• Performance Routing (PfR)

3G/4G-LTE

MPLS

PrivateCloud

Public Cloud


Transport Independent Design


Simplifies WAN

Design

Easy multi-homing over any carrier

service offering

Single routing control plane with

minimal peering to the provider

Transport Independent

Proven Robust

Security

Certified crypto and firewall for

compliance

Scalable design with high

performance cryptography in

hardware

Secure

Dynamic Full Meshed

Connectivity

Consistent design over all transports

Automatic site-to-site IPsec tunnels

Zero-touch hub configuration for

new spokes

Flexible

MPLS

Internet

Data CenterBranch

ASR 1000

ASR 1000

ISR-G2 WAN


Internet MPLS

Data Center

BranchISR-G2

ASR 1000 ASR 1000

DMVPN GETVPN

2 IPsec Technologies- MPLS/GETVPN

- Internet/DMVPN

2 WAN Routing Domains- MPLS: eBGP or static

- Internet: iBGP, EIGRP or OSPF

- Route Redistribution to force

primary path

- Route Filtering loop prevention

Active/Standby WAN Paths- Primary with Backup

TraditionalHybrid

Internet MPLS

Data Center

BranchISR-G2

ASR 1000 ASR 1000

DMVPN DMVPN

1 DMVPN IPsec Overlay

1 WAN Routing DomainiBGP, EIGRP, or OSPF

Active/Active WAN paths

IWANHybrid


Internet Internet

Data Center

BranchISR-G2

ASR 1000 ASR 1000

ISP ADSL

ISP CCable

DMVPN DMVPN

Internet MPLS

Data Center

BranchISR-G2

ASR 1000 ASR 1000

ISP A SP V

DMVPN DMVPN

IWANHybrid

IWANDual Internet

1 DMVPN IPsec Overlay

1 WAN Routing Domain

iBGP, EIGRP, or OSPF

1 Active-Active WAN Paths


• Private peering with Internet providersUse same Internet provider for hub and spoke sites

Avoids Internet Exchange bottlenecks between providers

Reduces round trip latency

• Use a separate DMVPN network per provider Increases availability

Enables PfR to optimize traffic between provider

• Transport settingsUse the same MTU size on all WAN paths

Bandwidth settings should match offered rate

Use a Front-Side VRF to separate Internet and Internal Default routes

• Internet SecurityUse Access-Lists or Firewalls to block all traffic except DMVPN tunnel traffic

Use provider’s IP addresses for tunnel source addresses

Do not be registered tunnel addresses in DNS to make the routers difficult for others to find

DSL Cable

Data Center

BranchISR-G2

ASR 1000 ASR 1000

ISP A ISP C

Intelligent Path Control


Benefits of Intelligent Path Control

• Lower WAN Costs

Enabling Internet based WANs

• Full Utilization of all WAN bandwidth

Efficient distribution of traffic based upon load,

circuit cost and path preference

• Improved Application Performance

Per application best path based on delay, loss, jitter measurements

• Increased Application Availability

Protection from carrier black holes and brownouts

Internet

MPLS

AVC

Branch Data CenterWAAS PfR

ISR G2

ASR 1000

ASR 1000


PrivateCloud

MPLS

Internet

• PfR monitors network performance and routes applications

based on application performance policies

• PfR load balances traffic based upon link utilization levels

to efficiently utilize all available WAN bandwidth


Other traffic is load

balanced to maximize

bandwidth

Branch

Voice/Video will be rerouted if

the current path degrades below

policy thresholds

Voice/Video take the best

delay, jitter, and/or loss path

SP1 (MPLS) ISP (Internet)

• Protect voice and

video quality

Latency less than 150 ms; Jitter

less than 20 ms

• Protect VDI applications

from brownouts

Loss less than 5%

• Voice and video preferred

path SP-A

• VDI preferred path SP-B

• Increase utilization

by load sharing

Multimedia and Critical Data Policy

Cloud Services

Hybrid IWAN

Best-Effort Traffic

Detect loss

greater than

10%

ISP-1 (Cable) ISP-2 (DSL)

Voice and Video

Dual Internet

WAN

Detect

high jitter

VDI

Best-Effort Traffic

• Protect business cloud

applications from

brownouts

Loss less than 5%

• Preferred path for Critical

Applications: SP1 (MPLS)

• Increase WAN bandwidth

efficiency by load-sharing

traffic over all WAN paths,

MPLS + Internet

Cloud Services and Load-Balancing Policy


The Decision Maker: Master Controller (MC)

Discover BRs, collect statistics Apply policy, verification, reporting No packet forwarding/ inspection required

The Forwarding Path: Border Router (BR)

Gain network visibility in forwarding path (Learn, measure) Enforce MC’s decision (path enforcement) Does all packet forwarding

Optimize by:

Reachability, Delay, Loss, Jitter, MOS, Throughput, Load, and/or $Cost

DSL Cable

Data Center

BranchMC+BR

BR BR

MC

Application Optimization


Information

FTP IM

RPC

Collaboration SaaS

SOAP Video

HTTP is the new TCP

• Static port classification is no longer enough

• More and more apps are opaque

• Increasing use of encryption and obfuscation

• Application consists of multiple sessions (video, voice, data)

• What if user experience is not meeting business needs?

Add Cisco AVC

Proliferation

of Devices

Users/Machines

VDI | IaaS

Private Cloud

60% of IT Professionals Cite Performance as Key Challenge for Cloud

Storage

Database

Public Cloud

No Probes

Rich data collection using NetFlow v9/IPFIXNo additional hardware (and included in AX license)Easy to integrate into many reporting tools

Business Aligned Policy EnforcementNo need for complex IP and port ACLsSee inside HTTP flows to identify specific Cloud applications

Smarter Capacity Planning Better use of costly bandwidthPer-branch and per-application level reporting

Branch HQ/DC

Cisco AVC


AVC

Enterprise Edge

HQ/Data Center

Branch

NetFlow v9WAN

AVC

AVC

AVC

NetFlow/IPFIX Records (Same provisioning, same format)

• Traffic statistics records

• Application Response Time records

• Media monitoring records (Application, Jitter, Loss, etc)

Partner Tools EcosystemInfoVista

PlixerActionPackedCompuWare

CA TechnologiesLiving Objects

Glue

Track and Report Application Flows and Performance

CSR

Collecting

Collecting

Collecting

P r o v i s i o n i n g

Exporting

NetFlow v9 Export / IPFIX Export

Speed and Bandwidth Benefits on top of the IWAN

Users/Machines

Private Cloud

Accelerate Any TCP Connection

Easy to Deploy Works with existing branch routers (and existing AX license)

Faster Applications, More Users, Less Bandwidth

90% HD Video optimization and better user experienceTwice as many Citrix users over same WAN, 70% fasterToyota: ROI in less than one year, 65% BW cost savings

Scalable AppNav Controller and WAVE pool is scalableNative HA capability

Branch

vWAAS

WAAS Express

WAVE

AppNav-XE Controller

WAN

CSR


Problem

• Application latency

• WAN bandwidth

inefficiencies

Solution

• Reduce load

– Data redundancy elimination

(DRE), compression, and TCP

optimization

• Application optimization

– Fewer protocol messages and

metadata caching

Application bandwidth with Cisco® WAAS

Application bandwidth natively

Application latency natively

Application latency with Cisco WAAS 0 0

1

2

3

4

40

80

120

160

Application

Bandwidth

Application

Latency

Bandwidth

(Mbps)

Latency

(Seconds)

Reduction in

bandwidth

Reduction

in latency

Secure Connectivity


PrivateCloud

MPLS (IP-VPN)

Public Cloud

InternetDirect Internet

Access

• Leverage Local Internet path for Public Cloud and Internet access

• Improve application performance (right flows to right places)


Branch


Private Cloud

Branch WAN2(Internet)

WAN1(IP-VPN)

Public Cloud

IOS Firewall to

protect Internet

Edge

IWAN IPsec VPN for

Private Cloud Traffic

ISR CWS

Connector to

CWS Firewall

towers

Web Filtering,

Access Policy,

Malware

Secure Public

Cloud & Internet

Access

CWS

Internet

© 2012 Cisco and/or its affiliates. All rights reserved. 4444© 2012 Cisco and/or its affiliates. All rights reserved.

Why Cisco IWAN?


PrivateCloud

WAN (IP-VPN)

Public Cloud

Internet VirtualPrivate Cloud

Branch

Internet as WAN with High Reliability

SLAs for Business Critical Applications

Dramatically Lower WAN Costs without Compromise

Centralized Security Policy for Internet Access

L2-L3Transport

L4-L7Application

Services

IWAN Capabilities Embedded in the Router

Control

Optimization

Visibility

Transport Independent

Secure Routing

ISR-AX

Cisco AX Routers 3900 | 2900 | 1900 | 800 | 4451 | ASR1002-X

Simplify Application

Delivery

One Network

UNIFIED SERVICES

ASR1000-AX

Date post:	19-Jan-2015
Category:	Technology
Upload:	cisco-russia
View:	2,375 times
Download:	6 times

Cisco Intelligent WAN (IWAN) Solution

Technology