© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 1
Cisco Wide Area Application Services (WAAS)
Odd-Rune MoltuConsulting Systems [email protected]
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 2
Agenda
Enterprise Application Delivery Challenges
Introducing Cisco Wide Area Application Services
Cisco WAAS Product Architecture
Management and WAE Platforms
Summary
Q&A
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 3
I/T’s Application Delivery Problem
Distribution ofResources
Distribution ofResources
Data center consolidationData center consolidation
Increasingly distributed workforce drives need for distribution of I/T resources to remote locations
Enable productivity
Drive revenue and profits
Increasingly distributed workforce drives need for distribution of I/T resources to remote locations
Enable productivity
Drive revenue and profits
Data protection, availability, compliance, and management drives need for consolidation
Fewer devices to manage
Fewer points to protect
Data protection, availability, compliance, and management drives need for consolidation
Fewer devices to manage
Fewer points to protect
PrimaryData CenterPrimary
Data CenterRemote OfficesRemote Offices
Regional OfficesRegional Offices
Home OfficesHome Offices
SecondaryData CenterSecondaryData Center
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 4
The WAN Is A Barrier To Consolidation
Applications generally performwell in LAN environments as few barriers exist to application performanceHigh bandwidth
Low latency
Reliability
WAN characteristicshinder performance andconsolidation effortsAlready congested
Low bandwidth
Latency
Packet Loss
Round Trip Time (RTT) ~ 0mS
Client LAN Switch Server
Round Trip Time (RTT) ~ many many milliseconds
ServerClient LAN SwitchLAN Switch
WAN
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 5
The Impact of Latency and Loss
1.544Mbps
500Kbps
Coefficient of Latency and Loss
Thro
ughp
ut
ActualActual
ExpectedExpected
Low
5.02.1
pRTTMSSR =
R : Average Throughput
MSS: Packet Size
RTT: Round-Trip Time
P : Packet Loss
High
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 6
Agenda
Enterprise Application Delivery Challenges
Introducing Cisco Wide Area Application Services
Cisco WAAS Product Architecture
Management and WAE Platforms
Summary
Q&A
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 7
Cisco WAAS - Overcomes the WANCisco WAAS is a solution that leverages a hardware footprint (WAE) in the remote office and in the data center to overcome application performance problems in WAN environments and enable infrastructure consolidation
Data Center
Remote Office
Remote Office
Remote Office
WAN
Optimized Connections
Optimized Connections
Optimized ConnectionsOptimized Connections
Optimized Connections
Optimized Connections
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 8
Cisco WAAS - Accelerates Applications
* Performance improvement varies based on user workload, compressibility of data, and WAN characteristics and utilization. Actual numbers are case-specific and results may vary. Cisco WAAS can employ optimization on almost any TCP-based application.
Category Applications 2X 5X 10X 25X 50X 100X+
File Sharing CIFSNFS
Email Microsoft ExchangeLotus NotesInternet Mail
Web andCollaboration
HTTPWebDAVFTPMicrosoft Sharepoint
SoftwareDistribution
Microsoft SMSAltirisHP Radia
EnterpriseApplications
Microsoft SQLOracle, SAPLotus Notes
BackupApplications
Microsoft NTBackupLegato NetworkerVeritas NetbackupCommVault Galaxy
Data Replication EMC SRDF/AEMC IP ReplicatorNetApp SnapMirrorData DomainDouble-TakeVeritas Vol Replicator
2-20X Avg >100X Peak
2-5X Avg 20X Peak
2-10X Avg 100X Peak
2-20X Avg >100X Peak
2-5X Avg 20X Peak
2-10X Avg 50X Peak
2-10X Avg 50X Peak
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 9
Cisco WAAS - Seamless Integration
Transparency ensures compliance with critical network features to provide the industry’s only holistic and secure optimization, visibility, and control solutionQuality of Service (QoS)
Classification, NBAR, markingPolicing, shaping, queuing, WREDLFI, header compression
Network ManagementNAM, PVM, NetFlowNetQoS, IP SLA
SecurityIOS Firewall, IDS, IPS, ACL, VPN
Optimized RoutingNetwork Path Affinity (NPA)Optimized Edge Routing, PBR
SrcIP 1.1.1.1DstIP 2.2.2.2
SrcPrt 1434DstPort 80 APP DATA
WAN
SrcIP 1.1.1.1DstIP 2.2.2.2
SrcPrt 1434DstPort 80 optimized
Cisco Integrated Services Router
Cisco Wide Area Application Services
Quality of Service (QoS)Network Analysis/NetFlowIOS FirewallIntrusion Prevention
Optimized Edge RoutingPolicy Based RoutingIP Service Level AgreementsVPN
Application AccelerationAdvanced Compression
Transport OptimizationWide Area File Services
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 10
Cisco WAAS, QoS, and Enterprise VoIPCisco WAAS enables enterprise VoIP deployments by easing the contention for available bandwidth resources and complying with network-based end-to-end QoS
WAN
Without WAAS(QoS only)
WAN
VoIP
Scavenger
ERPVoIP
Scavenger Email ERP
AdditionalAvailableCapacity!
With WAASand QoS
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 11
Agenda
Enterprise Application Delivery Challenges
Introducing Cisco Wide Area Application Services
Cisco WAAS Product Architecture
Management and WAE Platforms
Summary
Q&A
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 12
Cisco WAAS Product Architecture
Cisco WAAS Operating System
Local CMS Process
Disk Encryption
Network Interception CLI, Device GUI
Bypass SNMP, Syslog
Application Traffic Policy (ATP) Manager
PrintServices
ApplicationAccelerators
Layer-7Transport Flow Optimization (TFO)
Persistent LZ Compression (PLZ)
Data Redundancy Elimination (DRE)
Enterprise-class x86 Hardware Platform
Network InterfacesDisk Storage
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 13
Application-Specific Acceleration
Application and Protocol AwarenessMinimize chatter through protocol proxy-caching, read-ahead, write-behind, and other optimizationSafe caching preserves coherency, integrity while improving performance and saving WAN bandwidthScheduled preposition enables intelligent distribution of large objects to improve performance
Intelligent Server OffloadCaching and optimizations minimize workload on accelerated servers enabling consolidation along with centralizationConsolidation enables the ‘green data center’ and power/cooling/space savings
WAASv4 Application AcceleratorsCIFS (Windows File Services)Windows printing
Remote Office Data Center
WAN
Object Cache VerificationSecurity and ControlWAN Optimization
Server Safely OffloadedFewer Servers NeededPower/Cooling SavingsLAN-like Performance
WAN Bandwidth Savings
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 14
Advanced Compression
Cisco WAAS advanced compression nearly eliminates the transmission of redundant data patterns and compresses data thatmust traverse the WAN to improve application performance and save bandwidth
Data Redundancy Elimination (DRE): application-agnostic compression eliminates redundant data from TCP streams providing up to 100:1 compression
Persistent LZ Compression: session-based compression provides up to an additional 10:1 compression even for messages that have been optimized by DRE
DRE DRE
LZ LZ
SynchronizedCompression
History
WAN
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 15
TCP Optimization
Cisco WAAS employs TCP optimization to improve application throughput and better leverage existing WAN bandwidth capacity and shield end-nodes from unruly WAN conditions
Bandwidth scalability - help certain applications ‘fill-the-pipe’Connection fairness - ensure bandwidth is allocated fairly amongst flowsLoss mitigation - selective acknowledgement and retransmissionSlow-start mitigation - improve connection setup time
TCP Proxy architecture provides LAN-like TCP behavior andprovides higher levels of compression than per-packet compression
LAN-like TCP Behavior
WAN DREPLZ
DREPLZ
TCP TCPTCP TCPLAN-like TCP BehaviorOptimized TCP Connections
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 16
Combined Power of TCP Optimization and Advanced Compression
WAN
LAN-LikeThroughput
Bandwidth SavingsFewer Roundtrips
Thro
ughp
ut
Throughput
60Mbps
10 Mbps
20 Mbps30 Mbps40 Mbps
50 Mbps
01:20 01:21 01:22 01:23 01:24 01:25 01:26
Thro
ughp
ut
Throughput
3 Mbps
.5 Mbps
1 Mbps1.5 Mbps2 Mbps
2.5 Mbps
01:20 01:21 01:22 01:23 01:24 01:25 01:26
LAN Throughput WAN Throughput
Optimization Enabled
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 17
Simple Transparent In-path DeploymentRemoteOffice
WAN
Simple Plug-and-Play DeploymentPhysical in-path deployment between switch and router or firewall requires no network changesMechanical fail-to-wire upon hardware, software, or power failure
Scalability and High AvailabilityTwo two-port fail-to-wire groups provides support for redundant network paths and asymmetric routingSerial in-path clustering with load-sharing and fail-over
Seamless Transparent IntegrationTransparency and automatic discovery802.1q VLAN trunking supportSupported on all WAE appliance models
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 18
Network-Integrated Off-path Interception
WAN
Optimized Flow
Optimized Flow
OriginalFlow
OriginalFlow
InterceptionRedirectionMonitoring
InterceptionRedirectionMonitoring
WAEClusterWAE
Cluster
RemoteOffice
Transparent integration and automatic discovery regardless of interception methodWCCPv2 Interception
Active/active clustering supports up to 32 WAEs and 32 routers with automatic load-balancing, load redistribution, fail-over, and fail-through operationNear-linear scalability and performance improvement when adding devices
Policy-Based Routing InterceptionRouting of flows to be optimized through a Cisco WAE as a next-hop routerActive/passive clustering provides high availability and failover using IP SLAs as a tracking mechanism
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 19
Scalable Data Center Integration
Catalyst6509 w/
ACEModule
Catalyst6509 w/
ACEModule
OriginalFlow
OriginalFlow
OptimizedFlow
OptimizedFlow
Data Center
WAEClusterWAE
Cluster
WANApplication Control Engine (ACE)
Appliance and Catalyst 6500 series module provide industry-leading scalability and performance for the most demanding data center networksSupports from 1Gbps to 64Gbps of aggregate throughput and up to 4M concurrent TCP connectionsCluster management for hundreds of WAE devices provides industry’s most scalable and high-performance WAN optimization solution
Asymmetric OptimizationHost of asymmetric optimizations that complement WAAS and provide single-ended performance and scalability improvementsIncludes intelligent compression, latency reduction for HTTP applications, SSL offload, and TCP connection re-use
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 20
Cisco WAAS Auto-Discovery
Cisco WAAS devices automatically discover one another and negotiate optimization capabilities
Eliminates the need for complex overlay networks with tunnels that could double management effort and break control, security, and monitoring systems
WAN
WAE1 WAE2
WCCPv2or PBR
WCCPv2or PBR
WCCPv2or PBR
WCCPv2or PBR
A:B TCP SYNA:B TCP SYN A:B TCP SYN(marked)
A:B TCP SYN(marked)
A:B TCP SYN(marked)
A:B TCP SYN(marked)
I know WAE1 isin the path, let’s
accelerate!
I know WAE1 isin the path, let’s
accelerate!
I would liketo accelerate
this connection!Here are my details
I would liketo accelerate
this connection!Here are my details
B:A TCP SYN/ACKB:A TCP SYN/ACK
AcknowledgeAcceleration!
Here are my details
AcknowledgeAcceleration!
Here are my details
ACCELERATIONCONFIRMED!
ACCELERATIONCONFIRMED!
B:A TCP SYN/ACK(marked)
B:A TCP SYN/ACK(marked)
B:A TCP SYN/ACKB:A TCP SYN/ACK
AA BB
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 21
Cisco WAE Disk Encryption
Cisco WAE Disk EncryptionOptional feature applied against data partitions within the WAE to mitigate concern of data theft due to stolen drives or physically compromised WAE devicesKeys fetched from CM upon boot and stored in memory only, WAE will pass-through if keys are unavailableKeys synchronized amongst Central Managers to ensure high availability
Data CenterRemote Office
WAN
Fetch Disk EncryptionKey and Store in RAM
Cisco WAASCentral Manager
Disk Disk
Disk
Standards-Based Strong EncryptionFollows FIPS 140-2 level 2 specification with certification to follow256-bit Advanced Encryption Standard (AES) cipher, which is the standard for US Government data protection and the strongest commercially-available encryptionCisco WAAS is ‘In Evaluation’ with Common Criteria certification
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 22
Secure WAN Optimization from Cisco
Security- Stateful Inspection- Firewall Policies- Signature Matching
Control- Classification- Drop or Mark- Policing
Visibility- NetFlow
Intercept- WCCP
Optimize- L7 Acceleration- Compression- Flow Optimization
Secure- Disk Encryption- Firewall Compliance
Routing- Static- Dynamic- Optimized
Security- Stateful Inspection- Firewall Policies- Link Encryption
Control- Shaping
Visibility- NetFlow
WAN
Cisco Integrated Services Router (ISR) - Integrated Security and WAN Optimization
Egress Security,
Control, and Visibility
RouteSelection
Intercept and
Optimize
Ingress Security,
Control, and Visibility
LAN
Cisco WAAS integrates seamlessly and transparentlyinto network security, visibility, and control functions
Cisco WAAS integrates seamlessly and transparentlyinto network security, visibility, and control functions
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 23
Agenda
Enterprise Application Delivery Challenges
Introducing Cisco Wide Area Application Services
Cisco WAAS Product Architecture
Management and WAE Platforms
Summary
Q&A
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 24
Scalable, Secure Central ManagementCentralized Management
Robust management, monitoring, and reporting for up to 2500 nodes
Device grouping for simplified rollout of configuration changes
Device and system alarms, as well as integration with SNMP and syslog
Secure Management PlatformSSL-encrypted HTTP GUI and intra-device communication
Roles-based Access Control (RBAC) to isolate users to specific capabilities and domains of management
Integrated IOS-like CLI accessible via SSH (also telnet, serial)
High Availability ConfigurationsActive/standby deployments with automatic failover, replication of Central Manager database, and encryption keys
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 25
Configurable Comprehensive ReportingDevice Dashboard
Configurable list of reports to display on a device or device-group homepage
Traffic StatisticsOptimized vs pass-through traffic mix including pass-through reasonApplication traffic mix over period of time (hr/day/wk/mo/custom)
Per-Connection StatisticsConnection monitoring shows near real-time view of optimized connections and details
Compression StatisticsBandwidth savings per application over time (hr/day/wk/mo/custom)
Acceleration StatisticsExamine accelerated connections, open files, cached resources, cache hit ratio, and average throughput
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 26
Enterprise Performance Monitoring Integration
No optimizationWithout Flow Export Agent (Inaccurate)
Flow Export Agent Enabled (Accurate)
Optimization Enabled
Transparent IntegrationPacket header preservation ensures compliance with enterprise performance monitoring systemsEnables visibility to end-nodes involved in performance data collectionFull compatibility with NetQoS Super Agent and infrastructure to support Cisco PVM and others
Flow Export AgentTransmit connection data to monitoring systems to ensure correct response time analysisEliminates WOC distortion of TCP RTT analysis caused by TCP proxy architectures
Data CenterRemote Office
WAN
TCP Flow Export Agent
Super Agent
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 27
Cisco WAAS Router Modules
NME-WAERouter-Integrated Network Module
for the Cisco Integrated Services Router
Provides the lowest CapEx and OpEx; integrates within the ISR; addresses 80 percent of remote branch officesSingle processor system, can be clustered with WCCPv2, PBR, and is supported in ISR models 2811, 2821, 2851, 3825, and 3845
Model NME-WAE-302512MB of RAM, 80GB of diskUp to 4Mbps WAN connections and up to 250 optimized TCP connections
Model NME-WAE-5021GB of RAM, 120GB of diskUp to 4Mbps WAN connections and up to 500 optimized TCP connections
Model NME-WAE-5222GB of RAM, 160GB of diskUp to 8Mbps WAN connections and up to 800 optimized TCP connections
Cisco Integrated ServicesRouter (ISR) Series
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 28
Cisco WAAS Appliance FamilyWAE-512 Appliance
Single processor system with 250GB of RAID-1 protected SATA2 disk capacity and optional disk encryption
1GB memory configuration supports 8Mbps WAN connections and 750 optimized TCP connections
2GB memory configuration supports 20Mbps WAN connections and 1500 optimized TCP connections
WAE-612 ApplianceDual-core processor system with 300GB of RAID-1 protected and hot-swappable SATA2 disk capacity and optional disk encryption
2GB memory configuration supports 45Mbps WAN connections and 2000 optimized TCP connections
4GB memory configuration supports 90Mbps WAN connections and 6000 optimized TCP connections
WAE-512 Appliance
WAE-612 Appliance
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 29
Cisco WAAS Data Center AppliancesWAE-7326 Appliance:
Dual-core processor w/ 4GB of RAM
Up to 155Mbps WAN connections and 7500 optimized TCP connections
900GB RAID-1 protected and hot-swappable SCSI disk capacity with optional disk encryption
WAE-7341 Appliance:Quad-core processor, 8GB of RAM
Up to 310Mbps WAN connections and 12000 optimized TCP connections
Up to 900GB RAID-5 protected and hot-swappable SAS disk capacity with optional disk encryption
WAE-7371 Appliance:Dual Quad-core processors, 24GB of RAM
Up to 1Gbps WAN connections and 50000 optimized TCP connections
Up to 1.5TB RAID-5 protected and hot-swappable SAS disk capacity with optional disk encryption
WAE-7326Enterprise Data Center Appliance
WAE-7341Enterprise Data Center Appliance
WAE-7371Enterprise Data Center Appliance
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 30
Data Center Integration with Cisco ACEApplication Control Engine (ACE)
Provides transparent integration of Cisco WAAS into the datacenter, server load-balancing, andasymmetric application optimization
Scales from 1Gbps to 64Gbps, up to 16 million TCP connections
ACE Features and BenefitsCatalyst 6500 series module or standalone appliance form factor
Solution for scaling servers, appliances, and network devices
Virtual partitions, flexible resource assignment, security, and control
Asymmetric application optimization complementing WAAS
Cisco Application Control Engine4710 Appliance Series
Cisco Application Control EngineLinecard for the Catalyst 6500 Family
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 31
Cisco’s End-to-End Application Networking Services
Branch Office
Data Center
Branch Office
WAN
Application object cachingApplication latency optimizationProtocol accelerationObject prepositioning
Advanced compression
Data redundancy elimination
Transport optimization
Quality of Service (QoS)
OER, PBR, IP SLA
Application latency optimization
TCP re-use and SSL offload
Server scalability
Virtualization
Optimization in the Branch Optimization in the WAN Optimization in the Data Center
Cisco ANS accelerates application performance by employingthe right optimization at the right location within the network
Cisco ANS accelerates application performance by employingthe right optimization at the right location within the network
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 32
Agenda
Enterprise Application Delivery Challenges
Introducing Cisco Wide Area Application Services
Cisco WAAS Product Architecture
Management and WAE Platforms
Summary
Q&A
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 33
Why Choose Cisco WAAS?
Industry-leading infrastructure integration including compliance with security architecture, compatibility with existing network control and visibility platforms Most scalable WAN optimization solution with lowest environmental impact - high density appliances with tremendous performance yields less rack space, cooling, and powerServer offload acceleration architecture enables not only centralization but also consolidation of costly servers, therebyenabling capital and operational efficiency and cost savingsHigh performance WAN optimization to reduce bandwidth consumption and maximize throughput, efficiency to significantlyimprove application delivery over the WANRobust and proven secure central management platform scales to meet the needs of the largest organizations while providing visibility to the performance and health data you demandCisco’s world-class 24x7x365 technical assistance center
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 34
Q and A
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialSession IDPresentation_ID 35
Please Complete Your Session Evaluation!