Page 1
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1Cisco Confidential 1© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Intelligent WAN (IWAN)Right-size your Network without Compromise
Michael Waas
Systems Engineer
Page 2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
The Branch is More Relevant Than Ever
Where You Engage Customers
Source of Business Intelligence
Up to 80% of Your Employees Reside
To Grow Your Business & Innovate Your Remotes Sites Must Keep Pace with HQ
Page 3
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Emerging Branch DemandsThe Application Landscape Is Changing
Applications are Moving to the Data Center and Cloud
Internet Edge Is Moving to the Branch
Branch
Cloud
Data Centers
50Cloud
of CIOs Expect to Operate via the Cloud by 2015
%
Mobility
More Mobile Data Traffic by 2015
Fat Apps
Of Mobile Traffic will be Video6X 2/3
Pressures on the WAN
Page 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
The Branch Conundrum
BUDGET
USER SUFFERING
WANDemands
Rethink your Branch-WAN Strategy
Page 5
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
Why Move to Internet as WAN?
1. Internet Transit Pricing based on surveys & informal data collection primarily from Internet Operations Forums – ‘street pricing’ estimates2. Packet delivery based on 15 years of ping data from PingER for WORLD (global server sample) from EDU.STANFORD.SLAC in CaliforniaSource: William Norton (DrPeering.net); Stanford ping end-to-end reporting (PingER)
Low Cost Alternative
Of organizations do are planning to transition to connections
%46
Page 6
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Internet Becoming an Extension of Enterprise WAN
Commodity Transports Viable Now
Dramatic Bandwidth, Price Performance Benefits
Higher Network Availability
Improved Performance Over Internet
Page 7
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Cisco IWAN Deployment ModelsDual InternetHybridDual MPLS
Public Public Enterprise
Internet MPLS Internet Internet
Internet
MPLSMPLS
Dual MPLS Highest reliability, security & availability ẋ Inflexible for new servicesẋ Expensive
Hybrid Enable SaaS and/or high BW apps Balanced availability Dual WAN+Dual Router = 99.999% Reliability
Dual Internet Best price/performance Least dependent on contracts Dual WAN+Dual Router = 99.999% Reliability
Consistent VPN Overlay enables Security across Transition
Page 8
8
TransportIndependent
Intelligent Path Control
Secure Connectivity
• DMVPN IPsec overlay design• Consistent operational model• Simple transport migrations• Scalable and Modular design
• Performance Routing (PfR) full utilization of all bandwidth
• Application best path based on delay, loss, jitter and path preference
• Improved network availability
• Suite-B strong encryption• ASA & IOS Firewall/IPS
comprehensive threat defense
• Cloud Web Security (CWS) for direct Internet Access
ApplicationOptimization
• Application Visibility & Control (AVC)
• WAAS Application Acceleration and bandwidth savings
Internet
AVC
Branch Data CenterWAAS PfR
3G/4G-LTE
MPLS
Introducing Cisco Intelligent WAN (IWAN) Enhanced Connectivity over any Transport
David Prall (dprall)
The grey shading at the bottom makes the slide unreadable in the middle.
Page 9
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10Cisco Confidential 10© 2013 Cisco and/or its affiliates. All rights reserved.
Optimize Application Performance
Page 10
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
What is An Application?
11
HTTP
FTP
SMTP
POP3
IMAP
HTTPS
Are these applications?
Or just ports?
80
20/21
25
110
143
443
What about these?
Page 11
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Control application network usage to
improve application performance
Control
Advanced reporting tool aggregates and reports application
performance
App Visibility & User Experience Report
Management Tool
Collect application performance
metrics, and export to management tool
Reporting Tool Perf. Collection & Exporting
Reporting Tools
NFv9/IPFIX
App BW Transaction Time
…
SAP 3M 150 ms …Sharepoint 10M 500 ms …
Identify applications using L3 to L7 information
ApplicationRecognition
What is Application Visibility and Control (AVC)What is Needed
High
Med
Low
Page 12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
• QoS (w/ NBAR2)• PfR
Control
High
Med
Low
• Cisco Prime Infrastructure
• 3rd Party Tools
App Visibility & User Experience Report
Management Tool
• Unified Monitoring- Traffic Statistics- Response Time- Voice/Video
Monitoring- URL Collection
Reporting Tool Perf. Collection & Exporting
Reporting Tools
App BW Transaction Time
…
SAP 3M 150 ms …Sharepoint 10M 500 ms …
• NBAR2• Metadata
ApplicationRecognition
What is Application Visibility and Control (AVC)Enabled Technologies
NFv9/IPFIX
Page 13
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
AVC ConfigurationPrime Infrastructure
14
• Enable AVC with just ON/OFF button
• With Cisco Prime Infrastructure 2.0
Page 14
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
AVC ConfigurationPrime AVC One-Click
15
• Enable AVC in one-clickOne device at a time
• Two simple steps1. Select interface(s)2. Enable
1
2
Page 15
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1616
Page 16
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Maximize Application PerformanceControls application bandwidth usage and selects optimal path
17
Identify 1000+ applications using NBAR2 and control bandwidth with Cisco industry leading QoSLimit unwanted traffic and prioritize critical applications
Application-aware QoS
Deliver critical applications over the path which can meet application performance requirement using PfRAutomatic load share to maximize bandwidth use on available links
Intelligent Path Selection
Stop bittorrent and netflix.
Prioritize salesforce, oracle
Backup Backup
WAN1
WAN2
Page 17
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Performance Routing Topologies
•Full utilization of expensive WAN bandwidthEfficient distribution of traffic based upon load, circuit cost and path preference
•Improved Application PerformancePer application best path based on delay, loss, jitter measurements
•Increased Application AvailabilityProtection from carrier black holes and brownouts
WAN1(IP-VPN)
WAN2(IPVPN, DMVPN)
MC/BR
MC/BR
BR
MC/BR
BR
BR
HQ
MC
BRBR
MC
Enterprise WANISP1 ISP2
Internet Edge
Branch
Optimize by:•Reachability, Loss, •Delay, Jitter, MOS, •Throughput, Load, and/or $Cost
Page 18
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
PrivateCloud
Add WAN OptimizationSpeed and Bandwidth Benefits on top of the IWAN
Branch DC/Headquarters
Faster Applications, More Users, Less Bandwidth
• 90% HD Video optimization and better user experience
• Twice as many Citrix users over same WAN, 70% faster
• Toyota: ROI in less than one year, 65% BW cost savings
Easy to Deploy
• Works with existing branch routers (and existing AX license)
Scalable
• AppNav Controller and WAVE pool is scalable
• Native HA capability
vWAAS
WAAS Express
Proliferationof Devices
Users/Machines
AppNav-XE Controller
CSR
WAVE
WAN
Accelerate Any TCP Connection
Page 19
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
SOLUTION
• Reduce load – Data redundancy elimination
(DRE), compression, and TCP optimization
• Application optimization– Fewer protocol messages
and metadata caching
PROBLEM
• Application latency• WAN bandwidth
inefficiencies
Application bandwidth with Cisco® WAAS
Application bandwidth natively
Application latency natively
Application latency with Cisco WAAS 0 0
1
2
3
4
40
80
120
160
ApplicationBandwidth
ApplicationLatency
Bandwidth(Mbps)
Latency(Seconds)
Reduction inbandwidth
Reductionin latency
Cisco WAAS Enhancing User Experience and WAN Efficiency
Page 20
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21Cisco Confidential 21© 2013 Cisco and/or its affiliates. All rights reserved.
Securing Your IWAN
Page 21
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Securing the IWANIPSec VPN and FirewallStep 1: Secure TransportIPSec with DMVPN or FlexVPN overlay
Secure transport independent overlay
Add Strong Cryptography: IKEv2 + AES-GCM 256
Step 2: Threat DefenseIOS Zone-based FirewallMinimize exposure
DHCP addressing for Internet and tunnel interfacesDon’t put tunnel addresses into DNS
Step 3: Choose your performance levelSize router based on Encryption with Services and WAN bandwidth
Head-end: ASR1000 or ISR4451X
Branch: ISR-G2
DSL Cable
Branch
Data Center
ISR-G2
ASR 1000 ASR 1000
ISP A ISP C
Page 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
Add Network Integrated Threat DefenseIOS Zone-Based FirewallControl the Perimeter:• External and internal protection: internal network is no longer trusted• Protocol anomaly detection and stateful inspectionCommunicate Securely: • Call flow awareness (SIP, SCCP, H323)• Prevent DoS attacksFlexible:• Split Tunnel-Branch/Remote Office/Store/Clinic• Internal FW—International or un-trusted locations/segments,
addresses regulatory compliancesIntegrated: • No need for additional devices, expenses and power• Works with other Cisco Services: SRE, Scansafe, WaaS ExpressManageable: • Supports CLI, SNMP, CCP, and CSM• Supports Cisco Configuration Engine
DSL Cable
Branch
Data Center
ISR-G2
ASR 1000 ASR 1000
ISP A ISP C
Page 23
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Flexible Secure WAN Design over any transportDynamic Multipoint VPN (DMVPN) or FlexVPN
Simplifies WANDesign
Easy multi-homing over any carrier service offering
Single routing control plane with minimal peering to the provider
Transport Independent
Proven RobustSecurity
Certified crypto and firewall for compliance
Scalable design with high performance cryptography in hardware
Secure
Dynamic Full Meshed Connectivity
Consistent design over all transports
Automatic site-to-site IPsec tunnels
Zero-touch hub configuration fornew spokes
Flexible
MPLS
Internet
Data CenterBranch
ASR 1000
ASR 1000
ISR-G2 WAN
Page 24
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25Cisco Confidential 25© 2013 Cisco and/or its affiliates. All rights reserved.
Why Cisco IWAN?
Page 25
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Why Cisco IWAN
Integrated Platform
for IT Simplicity
Granular Control Everywhere
Proven Security at Scale
Unmatched Context-based
RoutingQuick ROI
Faster than Alternatives
Overlay Appliances
Up to 72% in Savings
The Alternative:
App Visibility & Control
IP Sec VPN
WAN Opt. Firewall
WAN Path SelectionRouter
• Any to Any Security
• Protect All Branch Resources
• Secure Direct Internet Access
• Network-Aware
• App-Aware
• Endpoint-Aware• Savings enables
Business Innovation
Many pay off in
6-12 months
$$$
• Branch ISR-AX
• DC ASR1K-AX
• Cloud CSR1000V
Page 26
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
L2-L3Transport
L4-L7Application
Services
Start with Cisco AX RoutersIWAN Capabilities Embedded in the Router
Control
Optimization
Visibility
Transport Independent
Secure Routing
ISR-AX
Cisco AX Routers 3900 | 2900 | 1900 | 800 | 4451 | ASR1002-X
Simplify Application
Delivery
One NetworkUNIFIED SERVICES
ASR1000-AX
ISR 4451-X-AX
Page 27
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
What makes the ISR-AX different?Introducing the ISR App License
Security U.C.
IP Base
App Extends and replaces the Data license with application router services. All previous Data license features included.
All Application Visibility and Control (AVC) features included. Enables powerful, comprehensive application monitoring and management.
Right-To-Use license for WAASLicense enables WAAS Express, WAAS SRE, or WAAS on UCS-E with no additional software cost.
App & Security included with the ISR-AX!
Page 28
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Cisco IWANUncompromised Experience Over Any Connection
Lower Costs without Tradeoffs
Maximize Your WAN Investment
Unleash Your Business Potential
Page 29
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Thank you.