Page 1
Copyright © 2015 World Wide Technology, Inc. All rights reserved.
Architecting the Intelligent WAN (IWAN)September 24, 2015
Neil AndersonBill Thompson
Laks Vijayarajan
Lead, Mobility and Access SolutionsTechnical Solutions ArchitectTechnical Solutions Architect
Page 2
What is Driving Change in the Branch?
Securing Connectivity with DMVPN
Realizing Performance with PfRv3
Improving App Experience with WAAS
Management and Automation
Your Next Steps with WWT
Q&A
AGENDA
Page 3
Increasing Demands on the Branch NetworkRISK | ASSET MANAGEMENT | COMPLEXITY
Proliferation of Intelligent DevicesMore people and more devices, many mobile, are on the network
The Need for a Multi-functional NetworkCollaboration requires voice, video, and data simultaneously
Additional Complexity with Shrinking StaffNeed for rapid provisioning and real-time services
Page 4
Mobility and Cloud are Changing the Business Landscape
New Digital Experiences Make the Network More Relevant
RETAIL
Generate More SalesStores Omni-channel
EDUCATION
Improved LearningBooks iPads
FINANCE
Customer LoyaltyTellers Remote Agents
of executives state achieving digital transformation in two years is critical*78%
*MIT Sloan Management Review, 2013 Digital Transformation Global Executive Study
Page 5
Mobile Device Traffic
AVERAGE NUMBER OF APPS PER DEVICE
AVERAGE APP SIZE
LATEST OS UPDATE SIZE
41 32 41
23mb 6mb 25mb
1.3gb 400mb 940mbiOS 9 Lollipop Windows 8.1
Page 6
WAN Demands Exceeding Budgets
Exhibit 2: The Widening Network Complexity Gap
Building Blocks of IT
Endp
oint
s on
the
Net
wor
k
VoIP/Video
Virtualization
Cloud Computing
Mobility
IoT
IT Budgets
Network Complexity Gap
Source: ZK Research, 2014
5 years Cisco Visual Networking Index, June 2014
Increase 3X in the next
GLOBAL IP TRAFFIC GROWTH:
will be flat or declining
Nemertes Research, August 2014
60% WAN budgets
LIMITED WAN BUDGETS:
Page 7
Intelligent WAN Vision
UNCOMPROMISED EXPERIENCE OVER ANY CONNECTION
4G/LTE
Internet MPLS
AnyUser
AnyApplication
Application Experience
SecureAccess
Lower Costs
IT Simplicity
Align Infrastructure to Better Business Outcomes
AnyTransport
Page 8
What is Driving Change in the Branch?
Securing Connectivity with DMVPN
Realizing Performance with PfRv3
Improving App Experience with WAAS
Management and Automation
Your Next Steps with WWT
Q&A
AGENDA
Page 9
Securing Connectivity with DMVPN
MPLS
Internet
192.168.40.0/24
192.168.50.0/24
192.168.10.0/24
Physical: 172.16.10.2Tunnel0: 10.10.10.2
Physical: 172.16.20.2Tunnel0: 10.10.20.2
Physical: 172.16.10.50Tunnel1: 10.10.10.50
Physical: 172.16.20.40Tunnel0: 10.10.20.40
Physical: 172.16.10.40Tunnel0: 10.10.10.40
Physical: 172.16.20.50Tunnel0: 10.10.20.50
10.10.20.40 -> 172.16.20.40
10.10.20.50 -> 172.16.20.50
NHRP Table10.10.20.40 -> 172.16.20.4010.10.20.50 -> 172.16.20.50
10.10.10.40 -> 172.16.10.40
10.10.10.50 -> 172.16.10.50NHRP Table10.10.10.40 -> 172.16.10.4010.10.10.50 -> 172.16.10.50
Routing Table:192.168.40.0/24 - > 10.10.20.40
interface tunnel0 ip address 10.10.10.40 255.255.255.0 ip nhrp network-id 10 ip nhrp nhs 10.10.10.2 nbma 172.16.10.2 multicast tunnel source GigabitEthernet0/0/0 tunnel mode gre multipoint tunnel protection ipsec profile INET-PROFILE
DMVPNCloud 1
DMVPNCloud 2
10.10.20.40 -> NBMA 172.16.20.40
10.10.20.40 NBMA?
Page 10
What is Driving Change in the Branch?
Securing Connectivity with DMVPN
Realizing Performance with PfRv3
Improving App Experience with WAAS
Management and Automation
Your Next Steps with WWT
Q&A
AGENDA
Page 11
Realizing Performance with Performance Routing v3 (PfRv3)
MPLS
Internet
192.168.40.0/24
192.168.50.0/24
192.168.10.0/24
Master Hub
192.168.10.0/24
Transit Hub
Border Router
Master Branch/Border Router
Master Branch/Border Router
Border Router
Border Router
Border Router
Border Router
domain ATC
domain ATC
Path discovery: INET
Path discovery: MPLS Path: MPLS
Path: INET
Policies:class VOICE sequence 5 path-preference MPLS fallback INET match dscp ef policy voice priority 1 one-way-delay threshold 150 msec
Traffic Class:Dst-Site-Prefix Dst-Site-ID DSCP 192.168.10.0/24 10.0.0.10 EF
Delay Threshold 150 msecPreferred path: MPLSBackup path: INET
Delay > 150msec
Traffic Class:Dst-Site-Prefix Dst-Site-ID DSCP 192.168.10.0/24 10.0.0.11 EF
Delay Threshold 150 msecPreferred path: MPLSBackup path: INET
Page 12
What is Driving Change in the Branch?
Securing Connectivity with DMVPN
Realizing Performance with PfRv3
Improving App Experience with WAAS
Management and Automation
Your Next Steps with WWT
Q&A
AGENDA
Page 13
Improving App Experience with AVC/WAASUNIFIED PERFORMANCE MONITOR | AVC | FLEXIBLE NETFLOW & NBAR2
Branch
Proliferationof Devices
Users/Machines
PrivateCloud
DC/Headquarters
PublicCloud
ApplicationVisibility & Control (AVC)
60% of IT Professionals Cite Performance as Key Challenge for Cloud
No Probes• Deep packet inspection
• Passive monitoring for voice, video, critical apps and best-effort apps
• No additional hardware (and included in IOS-AX license)
Business-Aligned Privacy Enforcement• No need for complex IP and port
ACLs
• See inside HTTP flows to identify specific Cloud applications
Smart Capacity Planning• Better use of expensive bandwidth
• Per-branch and per-application level reporting
Page 14
Improving App Experience with Content Caching
ExtranetHTTP Akamaized Web Content
Akamai Intelligent Platform
Authentication to Akamai Intelligent Platform
Akamai Connected Cache
Branch User
Network Challenges• Customer’s own content already cached in the
Akamai Intelligent Platform
• Last mile access may still be an issue
• Users access their own and 3rd party content from the branch
Akamai Connect Solution• Cache previously “non-cacheable” Internet content
inside the branch
• Utilizes the breadth and scale of the Akamai Intelligent Platform
• Automatically takes advantages of changes in the Akamai Intelligent Platform
Page 15
What is Driving Change in the Branch?
Securing Connectivity with DMVPN
Realizing Performance with PfRv3
Improving App Experience with WAAS
Management and Automation
Your Next Steps with WWT
Q&A
AGENDA
Page 16
IWAN Management and AutomationPRESCRIPTIVE CUSTOMIZABLE
3RD PARTY MANAGEMENT TOOLS
Lifecycle Management and Provisioning
APIC EM IWAN App (on-prem)Policy automated, prescriptive deployment of IWAN in Greenfield with PnP and PKI
Prime Infrastructure (on-prem)Full configurability of IWAN features in Greenfield and Brownfield with PnP and PKI automation
(cloud-based, multi-tenant)
Advanced orchestration, provisioning, lifecycle management and customized policies
Assurance, Monitoring, Troubleshooting
Prime Infrastructure (on-prem)One assurance visibility and reporting across Cisco infrastructure including WLAN, Access, WAN and data center
(on-prem)Application-aware performance management, visualization, granular troubleshooting, real-time analytics and flow visibility
Page 17
What is Driving Change in the Branch?
Securing Connectivity with DMVPN
Realizing Performance with PfRv3
Improving App Experience with WAAS
Management and Automation
Your Next Steps with WWT
Q&A
AGENDA
Page 18
Advanced Technology Center (ATC)
ATC MISSIONTo create a collaborative ecosystem to design, build, educate, demonstrate and deploy innovative technology products and integrated architectural solutions for our customers, partners and employees around the globe.
CLICK HERE
Page 19
Bringing it All Together for WWT Customers
DATA CENTERS
SMALL BRANCH
MEDIUM BRANCH
LARGE BRANCH
HOME OFFICE
Page 20
What is Driving Application Changes?
Architecting the Hybrid WAN
Securing Connectivity with DMVPN
Realizing Performance with PfRv3
Improving App Experience with WAAS
Your Next Steps with WWT
Q&A
AGENDA