Learning Express for SP ISRG2 Value Added Services · WAN Architecture • Secure to access,...

© 2011 Cisco and/or its affiliates. All rights reserved. 1 © 2011 Cisco and/or its affiliates. All rights reserved. 1

Learning Express for SP

ISRG2 – Value Added Services

Oct 2013

© 2011 Cisco and/or its affiliates. All rights reserved. 2

Video and Collaboration

Cloud and Virtualization

Mobility and Wireless

Seven Billion New Wireless Devices by 2015

50% of Enterprises Surveyed Allow Personal Devices Use

for Work

40% of Customers Are Planning to Move to Cloud

Cloud Computing Services to Grow Dramatically

($44.2 Billion) by 2013

“Collaboration Enthusiasts” Use an Average of 22 Tools to

Connect with Colleagues

45% Employed Millennials Use Social Networking Sites


Secure & Scalable

WAN Architecture

• Secure to access,

hardened from attacks

• Scales to 1000s of

sites and Globally

• Pre-validated designs

utilizing Cisco best

practices

Rich Network

Services

• Multiservice –

voice, video, data

• Multiuse – any

device or app

• Intelligent network

services for optimal

user experience

Simplified Operation &

Implementation

• Reduced complexity

with integrated

management

• Application visibility –

proactive optimization

& troubleshooting


Mobile Branch

• 3G/4G or Satellite

• WAAS Express to

boost application

performance

• Branch mobility

Standard Branch

• Most common

deployment

• Migration from Serial

to Ethernet

• SP MPLS with

Internet as backup

• Application

performance

• 4-9s availability

• Deliver SD video

High-end Branch

• Migration from DS3 to

FastEthernet

• Dual SP MPLS

• Redundant router

• Application

performance

• 5-9s availability

• Deliver HD video

Ultra High-end Branch

• Very high BW – up to

1Gb

• Software and

hardware redundancy

• Same profile as High-

end Branch

• Services are provided

by dedicated

appliance

ISR G2

3G/4G

Satellite

ISR G2

MPLS Internet MPLS MPLS

ISR G2 ISR G2 ASR1K ASR1K

MPLS MPLS

Perf

orm

ance a

nd A

vaila

bili

ty

Flexible deployment options for

different service requirements

Retail Banking, Kiosk,

Vehicles, Cruises

Typical branch office

Financial branch,

Med/Large branch office

Remote campus


5

Firewall Internet

Internal Resources

Corporate Network

Access Router WAAS

Application Visibility and Control

Firewall and VPN WAN Path

Control


L2-L3 Transport

L4-L7 Application

Services

Simplify Application

Delivery

One Network

UNIFIED SERVICES

Routing Redefined

Access Router

Firewall Internet

Internal Resources

Corporate Network

Application Visibility and Control

Firewall and VPN WAN Path

Control

6

WAAS

Control

Optimization

Security

Visibility

Routing


Router Generation 2

Pe

rfo

rma

nce

, S

ca

lab

ility

, A

va

ilab

ility

3925, 3945

Enhancing the Customer Experience

Virtual

Office

Secure

Mobility

Secure

Collaboration

Scalable Rich-

Media Services

2901, 2911, 2921, 2951

860, 880, 890

1941, 1941-W

Customizable

Applications


Network and Security Services

Compute Services

and Applications

Collaboration Services

Network Services

Network and Physical Security

Unified Communications

Application Infrastructure

Infrastructure Management

Communication and Collaboration

Secure, Protect, Compliance

Consolidate Servers and Applications

Cisco Wide Area Application Services (WAAS)

Cisco Wireless LAN Controller (WLC)

Cisco Network Analysis Module (AVC)

Cisco Unity® Express (Voicemail, IVR)

Call control

VPN

Cisco Intrusion Prevention System

Cisco Web Security (cloud connector)

SIP Trunk

Customized Vertical

Solutions

Demarcation Point

Toll fraud

Hidden topology

Rich Media

Transcoding & Inetrworking

Cisco Application Extension Platform (AXP)

Cisco Integrated Storage System

Industry standard virtualization

Windows Server

CUBE

IP TRUNK


Technology Driver : Security


• Provide data privacy for accessing services across the WAN

GETVPN over MPLS provides any-to-any encryption

DMVPN over 3G/4G or Internet provides dynamic spoke-to-spoke tunnel

• Highly scalable WAN aggregation with encryption

4000 DMVPN tunnels per ASR1K

Up to 8 Gbps of encryption throughput per ASR1K

• Full interoperation with QoS ensures service performance

Provide Secure, Reliable Access to Any Services

SP A

MPLS

GETVPN

WAE Cluster

Internet

DMVPN ASR1K

ASR1K

Headquarter SP B

MPLS

GETVPN

ASR1K

ASR1K

Branch

GETVPN KS

Standard Branch

Data Center Protected by DMVPN

Protected by GETVPN

DMVPN Hub ISR G2

ASR1K

ISR G2

GETVPN

COOP KS

Private Cloud


Protect Internet Edge at Enterprise Branches

Key Benefits:

• Avoid expensive backhaul of internet

and public cloud traffic through the

HQ/Datacenter

• Single policy portal, easy of deployment

and management

• Enhanced security for all users

Solution:

• Integrate ScanSafe Connector in ISR

• Router redirects Internet Web traffic to

ScanSafe cloud

Content analysis, detect/stop malware

Web usage control – administrator can control

access to websites

• Complement the integrated security

(ZBF, IPS) on the router

Internet

Branch Branch

Internet

WAN

Web Security

Web Filtering

Centralized Reporting

Consistent Policy Control

HQ

Secure

VPN

Integrated

Security

Web

Security

ASR1K

http://www.salesforce.com/


Secure Access Tunnel

Head Office

IPsec VPN

Internet

Internet bound Traffic - SSL encrypted


Technology Driver : Application Performance


Visibility &Control Acceleration and Optimization

Network & Application Agility

Maximize user experience, optimize resource utilization, increase reliability

Application Acceleration:

WAAS

Network Optimization &

Utilization: WAAS-Express

Content Distribution : ECDS

Application Survivability:

UCS-Express

Adaptability: PfR,

Discovery, Prioritization &

Control: AVC

Performance Monitoring:

NAM, PA

Analytics &

Management: NAM,

Partners


Make the Network Application Aware

Visibility into network applications, performance and user experience trending

Intelligently prioritize and control application traffic to maximize

user experience

http://images.google.fr/imgres?imgurl=http://elbconsultingllc.com/images/SAP-Logo.jpg&imgrefurl=http://elbconsultingllc.com/index.html&usg=__ttrD8hVR0ZecJBAgUc1jjcxqsZQ=&h=551&w=945&sz=36&hl=fr&start=1&sig2=eDSzYadbfwaGzGedWvK1-g&um=1&tbnid=9f5hdQ6CnNYH3M:&tbnh=86&tbnw=148&prev=/images?q=sap+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=reDBSv2WCZa7jAfWrvXgBQ

http://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQ




HTTP

FTP

SMTP

POP3

IMAP

HTTPS

Are these

applications?

Or just ports?

80

20/21

25

110

143

443

What about these?

1

6

Application Visibility

Key Benefits:

What type of applications are running on the network, including the ones running over http port like twitter, facebook, dropbox, P2P, etc.

Feature License AX on ISR

How it works?: configure Nbar2 & Neflow to known stats and applications


?

Gigabytes

Ap

plic

ations

unknown

http

https

ica

sip

dns

cifs

hsrp

icmp

ldap

msnp

sap

Megabytes

bittorrent

Netflix

share-point

gtalk-voip

google-docs

rtp

cirix

Ssl

sip

skype

webex-meeting

https

flash-video

dns

facebook

Ap

plic

ations

Cisco AVC with NBAR2 Provides Deep Packet Inspection at the Application Level

1

7

Application Visibility

© 2011 Cisco and/or its affiliates. All rights reserved. 18 18

AVC Reports


Problem

- Application latency

- WAN Bandwidth inefficiencies

0

4.5

0

180

1

2

3

4

0.5

1.5

2.5

3.5

Bandwidth (Mbps)

40

80

120

160

20

60

100

140

Latency (Seconds)

Application Bandwidth with WAAS

Application Bandwidth Natively

Application latency Natively

Application latency with WAAS

Reduction in Bandwidth

Reduction in Latency

Solution

- Reduce load Data Redundancy Elimination,

Compression, TCP optimization

- Application Optimization fewer protocol messages, Meta data

caching, ... Feature License

AX on ISRG2


Branch

Office

WAAS

Express

(ISR G2) Data

Center

NAM

WAAS5.1

CM

NAM data

sources: Flexible Netflow

(FNF) WAAS Flow Agent (FA)

Branch

Office WAAS SM-SRE

Branch

Office

Branch

Office WAAS

off path

WAAS

inline

WAN

IOS Performance Agent

(PA)

WAAS CM:

View both Application

Performance

& optimization performance

(compression ratio, lateny

savings)

ISR G2

ISR G2

No optimization

Optimization Enabled

QoS

VPN

NAT

ACL

FW

NetFlow

WAAS Express


Cisco

WAAS

Cisco

WAAS Express

Auto Discovery of end nodes

TFO (Transport Flow Optimization)

Compression

DRE (Data Redundancy Elimination) - Disk based

- Persistent

- Memory based

- non-persistent

Bandwidth Optimization for Secured Web

(SSL)

Application Acceleration Selected file/web

Network Services Integration

WAAS Central Manager WAASx2.0: WCM5.0

WAASx1.0: WCM4.31+

WAAS Software compatibility Cisco WAAS backward

compatible

WAASx2.0: WAAS4.4.3c

WAASx1.0: 4.2.1+


• Provides adaptive routing based upon real-time performance data

• Full utilization of expensive WAN resources

Efficient distribution of traffic based upon load, circuit cost and path preference

• Improved Application Performance

Per application best path based on delay, loss, jitter measurements

• Increased Application Availability

Protection from carrier black holes and brownouts

Application aware adaptive routing

SP A

MPLS

GETVPN

WAE Cluster

Internet

DMVPN ASR1K

ASR1K

PfR MCs

Headquarter

ISR G2

SP B

MPLS

GETVPN

ASR1K

ASR1K

Branch

PfR BRs

PfR MC/BR

Master Controller (MC) Border Router (BR)

Email VMs

Email Path

Video Path


CISCO SOLUTION

Host business application and network services on common ‘Service Ready Engine’ blades on ISRG2

Consolidate servers on VMware hypervisor with ‘Unified Computing System Express’ on SRE

Remote deployment & changes with no truck roll

CHALLENGES

Performance and survivability require local services & applications

Complexity of disparate servers & appliances

Costly truck rolls to deploy new services or servers

Physical space limits equipment and wiring

Before After

BENEFITS

Reduced capital & operational costs

More flexible branch infrastructure

Simplified server deployment

Microsoft Windows

Server & Linux


Improves Efficiency of interconnection between networks

Simplifies PSTN interconnection with IP end-to-end

Enables rich media services to employees, customers, partners

Carries converged voice, video and data traffic

TDM Trunking

SIP Trunking

Enterprise 1

Enterprise 1

IP

Rich Media

TDM

IP

SIP

Service Provider

CUBE

IP / PSTN

IP

Enterprise 2

Enterprise 2

IP CUBE

Rich Media

Rich Media

TDM

SIP


Internet MPLS

Legacy PBX PBX

ISRG2 T1/E1 CUBE

Unified Communications Manager Express

BE6K

CUBE

ISRG2

Unified Communications & Collaboration

CUBE

ISRG2


Co

ncu

rre

nt S

erv

ice

s a

nd

Pe

rfo

rma

nce

Small Office Enterprise Branch Office Small Branch

2911

50

50

200

100

2921

100

100

400

170

2951

150

150

600

250

3925

250

730

800

480

3945

350

1200

1000

720

2901

35

35

100

50

Multiple Services

With the Services Module and Integrated Services Module – SRE for Unity Express (32 ports) and AXP

3925E

400

1350

2000

420

3945E

450

1500

2500

660

Cisco Unified Communications Manager

Express

Cisco Unified Survivable Remote Site

Telephony

Cisco Unified Border Element

Voice Gateway


SRST

Branch Office IP Phone High Availability Survivable Remote Site Telephony (SRST) Survivable Remote Site VoiceMail (SRSV)

Phones register to SRST in the router when it loses contact with CUCM

Phones automatically home back to their CUCM when WAN contact is restored

Cisco Unity Express (CUE), if SRE is installed in the branch router, provides voice mail and Auto Attendant survivability for the site

User and malbox configurations are automatically synchronized with central CUCM and Unity configurations

A

CUCM

WAN X SRST/V

PSTN

SCCP Keepalive to SRST if

CUCM Does Not Respond SCCP Keepalive to CUCM

Dial-Peers Control GW Call Routing

New


Routing Redefined

Overlay Approach

Routing

Switching

Security

Control

Optimization

Voice

Reduced CapEx

Lower ongoing OpEx

Easier to manage

Thank you.

Date post:	19-Aug-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Learning Express for SP ISRG2 Value Added Services · WAN Architecture • Secure to access,...

Documents