Weitere ähnliche Inhalte Ähnlich wie Cisco Intelligent WAN (IWAN) Solution (20) Mehr von Cisco Russia (20) Kürzlich hochgeladen (20) Cisco Intelligent WAN (IWAN) Solution1. Cisco Intelligent WAN (IWAN) Solution
Scott Hodgdon
Senior Technical Marketing Engineer
Enterprise Networking Group
19.12.2013
© 2013 Cisco and/or its affiliates. All rights reserved.
3. Average #apps per device*:
41
Average app size**:
23 MB (iOS)
6 MB (Android)
25 MB (Windows)
OS update file size***:
130 MB (iOS 6 for iPad 4)
168 MB (Jelly Bean 4.1)
400.0 MB (Windows 7)
700.0 MB (iOS 7 for iPhone 5)
Sources:
* http://www.nielsen.com/us/en/newswire/2012/state-of-the-appnation-%C3%A2%C2%80%C2%93-a-year-of-change-and-growth-in-u-s-smartphones.html
** https://www.abiresearch.com/press/average-size-of-mobile-games-for-ios-increased-by*** http://www.wirelessandmobilenews.com/2013/05/samsung-galaxy-s3-iii-update-android-4.2.1-jelly-bean.html
http://theiphonewiki.com/wiki/Firmware#iPad_4
© 2012 Cisco and/or its affiliates. All rights reserved.
http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/what-is-average-monthly-size-of-update-downloads/dfe9bb34-c2dd-478e-a6cb-0a26228cf552
3
4. The Application Landscape Is Changing
Applications are Moving to the Data Center and Cloud
Cloud
Internet Edge Is Moving to the Branch
Branch
Data Centers
Pressures on the WAN
Cloud
of CIOs Expect to
Operate via the
Cloud by 2015
© 2013 Cisco and/or its affiliates. All rights reserved.
Mobility
More Mobile Data
Traffic by 2015
Fat Apps
Of Mobile Traffic
will be Video
Cisco Confidential
4
5. Commodity Transports Viable Now
Dramatic Bandwidth, Price Performance Benefits
Higher Network Availability
Improved Performance Over Internet
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
6. Example: San Francisco Single MPLS VPN vs Dual Business Internet ($ per month)
$1,014
-75%
$885
$830
Simple example:
10 Mbps
$665 savings/month x
12 months x 1000 sites
$220
1.5 Mbps
$303
$274
$260
= $8M savings
per year
$140
MPLS VPN
CoS1
MPLS VPN
CoS2
MPLS VPN
CoS3
iWAN
Dual Internet links
combined for Ent SLA
Source: Telegeography MPLS VPN pricing for San Francisco as of March 2013; Comcast Web site; Verizon Web site
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
6
7. Dual MPLS
Dual Internet
Hybrid
Public
Public
Enterprise
Internet
MPLS MPLS
Dual MPLS
Highest SLA guarantees
– Tightly coupled to SP
ẋ Expensive
© 2013 Cisco and/or its affiliates. All rights reserved.
Internet
Internet Internet
MPLS
Hybrid
More BW for key applications
Balanced SLA guarantees
– Moderately priced
Dual Internet
Best price/performance
Most SP flexibility
– Enterprise responsible for SLAs
Consistent VPN Overlay enables Security across Transition
Cisco Confidential
7
8. Secure IPsec
VPN overlay
MPLS (IP-VPN)
Branch
Direct Internet
Access
•
•
•
•
Internet
Secure WAN Transport for Private and Virtual Private Cloud access
Leverage Local Internet path for Public Cloud and Internet access
Increase WAN capacity – cost effectively!
Improve application performance (right flows to right places)
© 2013 Cisco and/or its affiliates. All rights reserved.
Private
Cloud
Virtual
Private Cloud
Public Cloud
Cisco Confidential
8
9. Internet as WAN with High Reliability
WAN (IP-VPN)
SLAs for Business Critical Applications
Branch
Internet
Centralized Security Policy for Internet Access
Dramatically Lower WAN Costs without Compromise
© 2013 Cisco and/or its affiliates. All rights reserved.
Private
Cloud
Virtual
Private Cloud
Public Cloud
Cisco Confidential
9
10. AVC
Private
Cloud
Internet
Virtual
Private Cloud
3G/4G-LTE
Branch
Transport
Independence
• Consistent operational model
• Simple Provider migrations
• Scalable and Modular design
• DMVPN IPsec overlay design
WAAS
PfR
Intelligent Path
Control
MPLS
Public Cloud
Application
Optimization
• Application best path based
on delay, loss, jitter, path
preference
• Application monitoring with
Application Visibility and
Control (AVC)
• Load Balancing for full
utilization of all bandwidth
• Application Acceleration
and bandwidth savings
with WAAS
• Improved network availability
• Performance Routing (PfR)
Secure
Connectivity
• Certified strong encryption
• Comprehensive threat
defense with ASA and IOS
Firewall/IPS
• Cloud Web Security (CWS)
for scalable secure
direct Internet access
12. Transport Independent
Simplifies WAN
Design
Flexible
Secure
Proven Robust
Security
Dynamic Full Meshed
Connectivity
Easy multi-homing over any carrier
service offering
Consistent design over all transports
Certified crypto and firewall for
compliance
Automatic site-to-site IPsec tunnels
Single routing control plane with
minimal peering to the provider
Zero-touch hub configuration for
new spokes
Scalable design with high
performance cryptography in
hardware
ASR 1000
Internet
ISR-G2
WAN
Branch
ASR 1000
MPLS
© 2013 Cisco and/or its affiliates. All rights reserved.
Data Center
Cisco Confidential
12
13. IWAN
Hybrid
Traditional
Hybrid
Active/Active WAN paths
Active/Standby WAN Paths
- Primary with Backup
Data Center
Data Center
ASR 1000
ASR 1000
ASR 1000
ASR 1000
1 DMVPN IPsec Overlay
2 IPsec Technologies
- MPLS/GETVPN
- Internet/DMVPN
GETVPN
DMVPN
2 WAN Routing Domains
- MPLS: eBGP or static
- Internet: iBGP, EIGRP or OSPF
- Route Redistribution to force
primary path
- Route Filtering loop prevention
MPLS
Internet
ISR-G2
© 2013 Cisco and/or its affiliates. All rights reserved.
Branch
DMVPN
DMVPN
MPLS
Internet
1 WAN Routing Domain
iBGP, EIGRP, or OSPF
ISR-G2
Branch
Cisco Confidential
13
14. IWAN
Hybrid
IWAN
Dual Internet
1 Active-Active WAN Paths
Data Center
1 DMVPN IPsec Overlay
ASR 1000
ISP C
ISP A
Cable
DSL
DMVPN
DMVPN
MPLS
Internet
ISR-G2
© 2013 Cisco and/or its affiliates. All rights reserved.
ASR 1000
ASR 1000
SP V
ISP A
1 WAN Routing Domain
iBGP, EIGRP, or OSPF
Data Center
ASR 1000
Branch
DMVPN
DMVPN
Internet
Internet
ISR-G2
Branch
Cisco Confidential
14
15. Data Center
• Private peering with Internet providers
Use same Internet provider for hub and spoke sites
Avoids Internet Exchange bottlenecks between providers
Reduces round trip latency
• Use a separate DMVPN network per provider
Increases availability
Enables PfR to optimize traffic between provider
ASR 1000
ASR 1000
ISP C
ISP A
• Transport settings
Use the same MTU size on all WAN paths
Bandwidth settings should match offered rate
Use a Front-Side VRF to separate Internet and Internal Default route s
Cable
DSL
• Internet Security
Use Access-Lists or Firewalls to block all traffic except DMVPN tunnel traffic
Use provider’s IP addresses for tunnel source addresses
Do not be registered tunnel addresses in DNS to make the routers
difficult for others to find
© 2012 Cisco and/or its affiliates. All rights reserved.
ISR-G2
Branch
19
17. Benefits of Intelligent Path Control
• Improved Application Performance
• Lower WAN Costs
Per application best path based on delay,
loss, jitter measurements
Enabling Internet based WANs
• Full Utilization of all WAN bandwidth
• Increased Application Availability
Efficient distribution of traffic based upon load,
circuit cost and path preference
Protection from carrier black holes and
brownouts
AVC
MPLS
ASR 1000
ISR G2
ASR 1000
Branch
© 2012 Cisco and/or its affiliates. All rights reserved.
WAAS
PfR
Internet
Data Center
24
18. Voice/Video take the best
delay, jitter, and/or loss path
MPLS
Branch
Other traffic is load
balanced to maximize
bandwidth
Internet
• PfR monitors network performance and routes applications
based on application performance policies
• PfR load balances traffic based upon link utilization levels
to efficiently utilize all available WAN bandwidth
© 2013 Cisco and/or its affiliates. All rights reserved.
Private
Cloud
Virtual
Private Cloud
Voice/Video will be rerouted if
the current path degrades below
policy thresholds
Cisco Confidential
25
19. Detect loss
greater than
10%
Hybrid IWAN
Detect
high jitter
Voice and
Video
Cloud Services
Best-Effort Traffic
SP1 (MPLS)
ISP (Internet)
Cloud Services and Load-Balancing Policy
• Protect business cloud
applications from
brownouts
Loss less than 5%
• Preferred path for Critical
Applications: SP1 (MPLS)
Dual Internet
WAN
• Increase WAN bandwidth
efficiency by load-sharing
traffic over all WAN paths,
MPLS + Internet
VDI
Best-Effort Traffic
ISP-1 (Cable)
ISP-2 (DSL)
Multimedia and Critical Data Policy
• Protect voice and
video quality
Latency less than 150 ms; Jitter
less than 20 ms
• Protect VDI applications
from brownouts
Loss less than 5%
• Voice and video preferred
path SP-A
• VDI preferred path SP-B
• Increase utilization
by load sharing
20. Data Center
The Decision Maker: Master Controller (MC)
Discover BRs, collect statistics
Apply policy, verification, reporting
No packet forwarding/ inspection required
MC
BR
BR
The Forwarding Path: Border Router (BR)
Gain network visibility in forwarding path (Learn, measure)
Enforce MC’s decision (path enforcement)
Does all packet forwarding
Cable
DSL
Optimize by:
Reachability, Delay, Loss, Jitter, MOS,
Throughput, Load, and/or $Cost
© 2012 Cisco and/or its affiliates. All rights reserved.
MC+BR
Branch
27
22. • Static port classification is no longer
SaaS
Collaboration
Information
enough
• More and more apps are opaque
• Increasing use of encryption and
obfuscation
• Application consists of multiple
FTP
IM
SOAP
RPC
Video
sessions (video, voice, data)
• What if user experience is not meeting
business needs?
HTTP is the new TCP
© 2012 Cisco and/or its affiliates. All rights reserved.
31
23. Add Cisco AVC
Storage
Public Cloud
Users/
Machines
Private Cloud
Proliferation
of Devices
VDI | IaaS
Database
Branch
60% of IT Professionals Cite Performance as Key Challenge for Cloud
HQ/DC
No Probes
Cisco AVC
Rich data collection using NetFlow v9/IPFIX
No additional hardware (and included in AX
license)
Easy to integrate into many reporting tools
Smarter Capacity Planning
Better use of costly bandwidth
Per-branch and per-application level reporting
Business Aligned Policy Enforcement
No need for complex IP and port ACLs
See inside HTTP flows to identify specific Cloud
applications
24. Track and Report Application Flows and Performance
NetFlow v9 Export / IPFIX Export
Exporting
Provisioning
Collecti
ng
Collecti
ng
Collecti
ng
NetFlow/IPFIX Records (Same provisioning, same format)
• Traffic statistics records
• Application Response Time records
• Media monitoring records (Application, Jitter, Loss, etc)
Partner Tools Ecosystem
InfoVista
Plixer
ActionPacked
CompuWare
CA Technologies
Living Objects
Glue
AVC
CSR
Enterprise Edge
AVC
AVC
WAN
NetFlow v9
AVC
Branch
HQ/Data Center
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
33
25. Speed and Bandwidth Benefits on top of the IWAN
CSR
WAN
Users/
Machines
Private Cloud
vWAAS
AppNav-XE Controller
WAAS Express
Accelerate Any TCP Connection
Branch
Faster Applications, More Users, Less
Bandwidth
90% HD Video optimization and better user experience
Twice as many Citrix users over same WAN, 70% faster
Toyota: ROI in less than one year, 65% BW cost savings
Easy to Deploy
Works with existing branch routers (and existing AX license)
Scalable
AppNav Controller and WAVE pool is scalable
Native HA capability
WAVE
26. Problem
• Application latency
• WAN bandwidth
inefficiencies
Solution
• Reduce load
Bandwidth
(Mbps)
– Data redundancy elimination
(DRE), compression, and TCP
optimization
Latency
(Seconds)
4
160
Reduction in
bandwidth
• Application optimization
3
120
2
– Fewer protocol messages and
80
1
40
metadata caching
Reduction
in latency
Application bandwidth natively
Application bandwidth with Cisco® WAAS
Application latency natively
Application latency with Cisco WAAS
0
0
Application
Bandwidth
© 2012 Cisco and/or its affiliates. All rights reserved.
Application
Latency
35
28. MPLS (IP-VPN)
Branch
Direct Internet
Access
Internet
• Leverage Local Internet path for Public Cloud and Internet access
• Improve application performance (right flows to right places)
© 2013 Cisco and/or its affiliates. All rights reserved.
Private
Cloud
Virtual
Private Cloud
Public Cloud
Cisco Confidential
37
29. IWAN IPsec VPN for
Private Cloud Traffic
WAN1
(IP-VPN)
Branch
IOS Firewall to
protect Internet
Edge
WAN2
(Internet)
Private Cloud
Secure Public
Cloud & Internet
Access
ISR CWS
Connector to
CWS Firewall
towers
CWS
Web Filtering,
Access Policy,
© 2012 Cisco and/or its affiliates. All rights reserved.
Public Cloud
Internet
40
31. Internet as WAN with High Reliability
WAN (IP-VPN)
SLAs for Business Critical Applications
Branch
Internet
Centralized Security Policy for Internet Access
Dramatically Lower WAN Costs without Compromise
© 2013 Cisco and/or its affiliates. All rights reserved.
Private
Cloud
Virtual
Private Cloud
Public Cloud
Cisco Confidential
45
32. IWAN Capabilities Embedded in the Router
One Network
UNIFIED SERVICES
Visibility
L4-L7
Application
Control
Services
ASR1000-AX
Optimization
Simplify
Application
Delivery
Transport
Independent
L2-L3
Secure
Transport
Routing
ISR-AX
Cisco AX Routers 3900 | 2900 | 1900 | 800 | 4451 | ASR1002-X