View
28
Download
2
Category
Tags:
Preview:
DESCRIPTION
asa
Citation preview
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAPP-100414617_05_2008_c2 2
Introduction to Cisco Wide Area Application Services
BRKAPP-1004
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3BRKAPP-100414617_05_2008_c2
Agenda
Overview
Wide-Area Application Engine (WAE)
WAN Optimization
Application Acceleration
Virtual Blades
Network Integration
Central Management
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4BRKAPP-100414617_05_2008_c2
WAN AccelerationData redundancy eliminationWindow scalingLZ compressionAdaptive congestion avoidance
Application AccelerationLatency mitigationApplication data cacheMeta data cacheLocal services
Application OptimizationDelta encodingFlashForward optimizationApplication securityServer offload
Application NetworkingMessage transformationProtocol transformationMessage-based securityApplication visibility
Application ScalabilityServer load-balancingSite selectionSSL termination and offloadVideo delivery
Network ClassificationQuality of serviceNetwork-based app recognitionQueuing, policing, shapingVisibility, monitoring, control
Cisco Application Delivery Networks
WAN
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5BRKAPP-100414617_05_2008_c2
Other Cisco Live Breakout Sessions that You May Want to Attend
BRKAPP-2002 Server Load Balancing Design
BRKAPP-3003 Troubleshooting ACE
BRKAPP-1004 Introduction WAAS
BRKAPP-2005 Deploying WAAS
BRKAPP-3006 Troubleshooting WAAS
BRKAPP-1008 What can Cisco IOS do for my application?
BRKAPP-1009 Introduction to Web Application Security
BRKAPP-2010 How to build and deploy a scalable video communication solution for your organization
BRKAPP-2011 Scaling Applications in a Clustered Environment
BRKAPP-2013 Best Practices for Application Optimization illustrated with SAP, Seibel and Exchange
BRKAPP-2014 Deploying AXG
BRKAPP-1015 Web 2.0, AJAX, XML, Web Services for Network Engineers
BRKAPP-1016 Running Applications on the Branch Router
BRKAPP-2017 Optimizing Application Delivery
BRKAPP-2018 Optimizing Oracle Deployments in Distributed Data Centers
ApplicationsISRGSS WAAS ACE AXGACNS
Relevancy
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6BRKAPP-100414617_05_2008_c2
Overview
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7BRKAPP-100414617_05_2008_c2
Branch IT Infrastructure Challenges
Infrastructure cost/complexityFile, print and application servers
Storage and backup
Plethora of networking equipment
Data protection concernsFailing backups/lost data
Costly off-site vaulting
Regulatory compliance
WAN limitations inhibit centralization
Bandwidth and throughput limitations
Latency and packet loss
Poor end-user experience
App/file/printServers
LocalStorage
Backup
Users
RouterSecurity
Voice WLAN
Companies spend 6 billion dollars per year on branch servers, storage, backup and management -Source: IDC, Gartner, Cisco
Branches consume 70- 90% of business resources. -Source: NetworkWorld
Most enterprises have many servers running at 15% or less utilization, but still requiring 100% administration -Source: Gartner
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8BRKAPP-100414617_05_2008_c2
Rising Costs of Branch Offices
Companies spend 6 billion dollars per year on branch servers, storage, backup and management-Source: IDC, Gartner, Cisco Analysis
Branches consume 70- 90% of business resources-Source: NetworkWorld
80% of enterprise workers work outside headquarters-Source: Nemertes Research
Most enterprises have many servers running at 15% or less utilization, but still requiring 100% administration-Source: Gartner
The average branch has 4-6 servers-Source: Nemertes Research
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9BRKAPP-100414617_05_2008_c2
Security and Compliance Worries
Rising Incidents of Branch Data LeakageA top financial firm lost a file server with 930,000 customers information-Source: CNN, March 2006
A bank lost 3.9 million customers credit information on unencrypted tapes -Source: Wall Street Journal, June 2005
February 2005, Bank … lost unencrypted computer backup tapes containing information from 1.2 million federally issued credit cards
Regulations Are RespondingHIPAA - Health information of patients
GLBA - Consumer Financial Information
SOX - Business Financial and Accounting Information
CA SB 1386 - Consumer Personal Information
PCI - Credit Card Information
*As of July 18, 2006, 34 US states had passed security breach notification laws
Organizations Are RespondingThe top emerging technology trend, regardless of site type or timeframe, is the integration of security features like firewall, VPN, IDS, etc. into routers
-Source: Infonetics
Compliance
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10BRKAPP-100414617_05_2008_c2
WAN and Application Optimization
Application protocol awareWindows file services (CIFS)Windows print servicesServer offload technology
Data redundancy elimination(Up to 100:1 compression)Persistent LZ compression (additional 10:1 compression)
LAN-like TCP behaviorLoss mitigationSlow-start mitigation
LAN-LikeThroughput
Bandwidth SavingsFewer Roundtrips
Thro
ughp
ut
Throughput
60Mbps
10 Mbps
20 Mbps
30 Mbps
40 Mbps
50 Mbps
01:20 01:21 01:22 01:23 01:24 01:25 01:26
Thro
ughp
ut
Throughput
3 Mbps
.5 Mbps
1 Mbps
1.5 Mbps
2 Mbps
2.5 Mbps
01:20 01:21 01:22 01:23 01:24 01:25 01:26
End User Throughput Goes up 5x
WAN ConsumptionDrops 67%
Optimization Enabled
Advanced Compression/Cache
Application SpecificAcceleration
TCP Flow Optimization (TFO)
WAN
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11BRKAPP-100414617_05_2008_c2
Application Performance ImprovementsCategory Applications 2X 5X 10X 25X 50X 100X+
File Sharing CIFSNFS
Email Microsoft ExchangeLotus NotesInternet Mail
Web andCollaboration
HTTPWebDAVFTPMicrosoft Sharepoint
Software Distribution
Microsoft SMSAltirisHP Radia
EnterpriseApplications
Microsoft SQLOracle, SAPLotus Notes
BackupApplications
Microsoft NTBackupLegato NetworkerVeritas NetbackupCommVault Galaxy
Data Replication EMC SRDF/AEMC IP ReplicatorNetApp SnapMirrorData DomainDouble-TakeVeritas Vol Replicator
2-20X Avg >100X Peak
2-5X Avg 20X Peak
2-10X Avg 100X Peak
2-20X Avg >100X Peak
2-5X Avg 20X Peak
2-10X Avg 50X Peak
2-10X Avg 50X Peak
Category Applications 2X 5X 10X 25X 50X 100X+
File Sharing CIFSNFS
Email Microsoft ExchangeLotus NotesInternet Mail
Web andCollaboration
HTTPWebDAVFTPMicrosoft Sharepoint
Software Distribution
Microsoft SMSAltirisHP Radia
EnterpriseApplications
Microsoft SQLOracle, SAPLotus Notes
BackupApplications
Microsoft NTBackupLegato NetworkerVeritas NetbackupCommVault Galaxy
Data Replication EMC SRDF/AEMC IP ReplicatorNetApp SnapMirrorData DomainDouble-TakeVeritas Vol Replicator
2-20X Avg >100X Peak
2-5X Avg 20X Peak
2-10X Avg 100X Peak
2-20X Avg >100X Peak
2-5X Avg 20X Peak
2-10X Avg 50X Peak
2-10X Avg 50X Peak
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12BRKAPP-100414617_05_2008_c2
WAN Bandwidth Optimization
Bandwidth Usage Reduction
Improve VoIPQuality
Up to 95% savingsAvoid bandwidth upgradeDe-commission bandwidth
More room on wireBetter quality and reliabilityUse existing QoS policies
Optimization On Optimization On
Improved Application Perf. Management
Report Apps SLA accuratelyFind bottlenecks quicklyInvest confidently
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13BRKAPP-100414617_05_2008_c2
WAN Optimization with Accurate Visibility
Granular, robust, extensive QoSDynamic bandwidth allocationHierarchical queuing/scheduling
Integration with NetQoSEnd to end response time SLAWAN bandwidth utilization
Always the latest NetflowUnified Netflow analysisUnified QoS analysis
Accurate Perf. Management
Integration With Existing Router QoS
Ease of Operationsand Management
Application Response Time Application Data Rate
Link Utilization Protocol Analysis
Before After
Before After Before After
Before After
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14BRKAPP-100414617_05_2008_c2
WAAS Overview Summary
Solutions and BenefitsApplication accelerationBranch and data center consolidationWAN bandwidth optimizationImproved data protection and compliance
TechnologiesCompression and accelerationRouter integrationSecurity integrationApplication perf. mgmt. integration
Key Success FactorsMost secure WAN accelerationHighest scalability and performanceBest reliability andinteroperabilityLowest total cost of ownership
Branch Office
Data CenterBranch Office
WAAS
WAAS
WAAS
WAN
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15BRKAPP-100414617_05_2008_c2
Wide-Area Application Engine (WAE)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16BRKAPP-100414617_05_2008_c2
Wide Area Application Engine (WAE)
ObjectStorage
Wide Area Application Services (WAAS) Version 4.1
IOS Platform with Services and CLI
Cisco Linux Kernel
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
FlashIOS Shell
LinuxApplication
Storage
Windows On WAASVirtual Blades
ConfigurationManagement
System(CMS)
CIFSAO
TCP Proxy with Scheduler Optimizer (SO)DRE, LZ, TFO
EPMAO
MAPIAO
HTTPAO
SSLAO
RTSPAO WoW
VirtualBlade
# 2
VirtualBlade
# 3NFSAO
DREStorage
Virtual BladeStorage
/vbspace
EthernetNetwork
I/O
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17BRKAPP-100414617_05_2008_c2
Wide Area Application EngineWAAS Portfolio
$
Performance (TCP Connections/Throughput/Storage)
NME250-800/4Mbps80-160GB
WAE-512750-1,500/20Mbps250GB
WAE-6122,000-6,000/90Mbps300GB
WAE-674*2,000-7,500/155Mbps600GB
WAE-7341*12K/300Mbps900GB
WAE-7371*50K/1Gbps1400GB
* Supports Windows on WAAS
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18BRKAPP-100414617_05_2008_c2
Cisco WAE FamilyPerformance and Scalability
Hardware Configuration
Max Opt TCP Conn
Max CIFS
Session
Drive (GB) / Max Usable
Capacity (GB)
Max Drive Memory (GB)
WAN Capacity (Mbps)
Video
CapacitySSL
CapacityCM Scale (Devices
Managed)
Core Fan-out (No of Peers)
NME-WAE-302 250 N/A 80/80 1 .5 4 N/A 1
NME-WAE-502 500 500 120/120 1 1 4 N/A 1
NME-WAE-522 800 800 160/160 1 2 8 N/A 1
WAE-512-1GB 750 750 250/250 2 1 8 500 5
WAE-512-2GB 1500 1500 250/250 2 2 20 1000 10
WAE-612-2GB 2000 2000 300/300 2 2 45 2000 30
WAE-612-4GB 6000 2500 300/300 2 4 90 2500 50
WAE-674-4GB 2000 2000 300/600 2 4 90 2000 100
WAE-674-8GB 7500 2500 300/600 2 8 155 2500 200
WAE-7341 12000 12000 300/900 4 8 310 N/A 200
WAE-7371 50000 32000 300/1400 6 24 1000 N/A 400
Note: These Are Guidelines for Sizing Based on Certain Assumptions. Enabling Multiple Features Will Have an Impact on Scalability.
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19BRKAPP-100414617_05_2008_c2
Device Mode—Central Manager
Provides a GUI interface to centrally manage the entire WAAS deployment
Requires a dedicated appliance
Sole purpose is to provide configuration management and reporting—no user traffic is accelerated by CM
Secure communication with registered WAEs using SSL
Supports a single primary and multiple warm standby central managers
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20BRKAPP-100414617_05_2008_c2
Device Mode—Application Accelerator
Optimized for a large number of low to medium-throughput TCP connections
Default device mode used for branch office environments
Available on all WAE appliance and network module form factors
Only negotiates optimized connections with other WAEs in the same mode
WAN
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21BRKAPP-100414617_05_2008_c2
Device Mode—Replication Accelerator
Optimized for a small number of high-throughput TCP connections
Focused on EMC SRDF/A and NetApp SnapMirror traffic
Available on the WAE-7341 and WAE-7371 platforms
Only negotiates optimized connections with other WAEs in the same mode
* Requires WAAS 4.0.19 or Later
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22BRKAPP-100414617_05_2008_c2
WAE Device Security Features
Disk encryptionAll user cache data is encrypted using AES-256Encryption key not stored locally
All WAE-to-CM communication encryptedCommon Criteria Certification*
Alphanumeric rules for password strengthPassword aging and historyAccount lockoutSecure store API used to encrypt/decrypt credentialsSecure random key generatorSecure key destruction
* Requires WAAS 4.0.19 or Later
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23BRKAPP-100414617_05_2008_c2
WAN Optimization
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24BRKAPP-100414617_05_2008_c2
Application Definition
The application definitionprovides a logical grouping of traffic types
Statistics from traffic classifiers mapped to an application through a policy map report through the application definition
Monitoring is enabled per application definition
Applications are assigned to devices or device groups
TrafficClassifier
PolicyMap
ApplicationDefinition
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25BRKAPP-100414617_05_2008_c2
Traffic Classifier
The traffic classifier is used to identify a connection as a specific type
Actions are taken against the classifier based upon the configured policy map
Statistics count toward the application definition that the classifier is assigned to via the policy map
Classification is based on source or destination L3 and L4 parameters
ApplicationDefinition
PolicyMapTraffic
Classifier
Valid Match Conditions Include:Source IP addressSource IP subnetDestination IP addressDestination IP subnetSource TCP port or rangeDestination TCP port or rangeAll traffic
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26BRKAPP-100414617_05_2008_c2
Policy Map
A policy map performs two primary functions:
Associates a traffic classifier to an application definition for reporting purposes
Assigns an action to be taken against traffic that matches a traffic classifier
Policy maps are applied based on their ordering within Central Manager, or on the device itself
TrafficClassifier
ApplicationDefinitionPolicy
MapPolicy Map Actions Include:
Pass-throughOptimize
TFOTFO + LZTFO + DREFull (TFO + DRE + LZ)
AccelerateApplication adapter or UUID
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27BRKAPP-100414617_05_2008_c2
1234
TCP Performance Challenges
TCP performance across the WAN is heavily influenced by two factors:
Bandwidth Delay Product (BDP)
Maximum Windows Size (MWS)
If MWS < BDP, a host will be unable to fully utilize the available WAN bandwidth
BDP versus MWS
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28BRKAPP-100414617_05_2008_c2
WAAS OverviewTFO Improves Transport Performance
TFO overcomes TCP and WAN bottlenecksShields nodes connections from WAN conditions
Clients experience fast acknowledgementMinimize perceived packet lossEliminate need to use inefficient congestion handling
Window ScalingLarge Initial Windows
Congestion MgmtImproved RetransmitPacket Aggregation
LAN TCPBehavior
LAN TCPBehavior
WAN
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29BRKAPP-100414617_05_2008_c2
TCP Performance Challenges
Time (RTT)Slow Start Congestion Avoidance
cwnd
TCP
Inability to Use Available Bandwidth
Inefficient Response to Packet Loss/Congestion
Bandwidth Starvation for Short-Lived Connections
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30BRKAPP-100414617_05_2008_c2
WAAS TCP Optimizations
RFC896—Nagle Algorithm *
RFC1323—Window Scaling
RFC2018/2883—Selective Acknowledgements (SACK)
RFC3168—Explicit Congestion Notification
RFC3390—Large Initial Windows
BIC-TCP
Dynamic Right-Sizing: TCP Flow Control Adaptation
Improving Throughput and Congestion Control
*Replication Accelerator Mode Only
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31BRKAPP-100414617_05_2008_c2
Comparing TCP and WAAS TFO
Time (RTT)Slow Start Congestion Avoidance
cwnd
TCP
TFO
Cisco TFO Provides Significant Throughput Improvements over Standard TCP Implementations
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32BRKAPP-100414617_05_2008_c2
Application Acceleration Transparency
WAAS optimizes TCP-based applications while preserving L3 and L4 packet header informationNetwork transparency allows application acceleration components to maintain compliance with existing network features
Quality of Service (QoS)NBARNetFlow, monitoring, reportingSecurity functions (ACLs, firewall
policies)
Src Mac AAADst Mac BBB
Src IP 1.1.1.10Dst IP 2.2.2.10
Src TCP 15131Dst TCP 80
Src Mac BBBDst Mac AAA
Src IP 1.1.1.10Dst IP 2.2.2.10
Src TCP 15131Dst TCP 80
App Data
Optimized
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33BRKAPP-100414617_05_2008_c2
WAN
TFO Auto Discovery
WAEs automatically discovers peers through in-band TCP option marking
Auto discovery exchange allows WAEs to negotiate capabilities and policy settings
Auto discovery adapts to topology changes automatically
WAE1 WAE2
A:B TCP ACKA:B TCP ACK A:B TCP ACKA:B TCP ACKA:B TCP ACKA:B TCP ACK
ACCELERATIONCONFIRMED!
ACCELERATIONCONFIRMED!
WCCPv2or PBR
WCCPv2or PBR
AB
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34BRKAPP-100414617_05_2008_c2
Cisco WAAS Advanced Compression
Data Redundancy Elimination (DRE)
Persistent LZ compression (PLZ)
DRE DRE
LZ
SynchronizedContext
OriginalMessage
LZ
CompressedMessage
OriginalMessage
Cisco WAAS Employs Two (2) Forms of Advanced Compression:
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35BRKAPP-100414617_05_2008_c2
Fingerprinting and Chunk Identification
DRE analyzes incoming data streams using a sliding window to identify chunks
Each chunk is assigned a 5-byte signature
A single-pass is used to identify chunks at multiple levels:
Basic chunks
Chunk aggregation (nesting)
After chunks are identified, DRE begins pattern matching:
Looks for largest chunks first
Looks for smaller chunks if necessary
Window
Window
Window
Window
Window
Window
No Boundary Found
No Boundary Found
No Boundary Found
No Boundary Found
Boundary Identified!
Chunk1
5-Byte Signature
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36BRKAPP-100414617_05_2008_c2
DRE Pattern Matching
DRE Database
NO MATCH
NO MATCH
NO MATCH
NO MATCH
Original MessageOriginal Message
EncodedMessageEncodedMessage
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37BRKAPP-100414617_05_2008_c2
Lempel-Ziv (LZ) Compression
Searches redundancy within a message
Uses a small compression contextProvides compression for 1st time transfers
Cisco WAAS uses a modified version of LZ, referred to as Persistent LZ (PLZ)
Compression context is shared across all messages for a TCP connection
Provides improved compression rates, especially for application protocols that utilize small messages
WAAS PLZ implementation is also adaptiveBypasses LZ for highly compressed (DRE) messages or messages with a low probability of good compression
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38BRKAPP-100414617_05_2008_c2
Classify
Redirect
Prioritize &Optimize
Prioritize & TransmitReplication
Sales Portal
IOS
WAAS
Resource Prioritization
Offers deterministic application processing priority
Reduces processing latency for business critical application
Integrates with existing QoS marking policies
Leverages WFQ schedules for processing of application traffic
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39BRKAPP-100414617_05_2008_c2
Connections
DSCP Marking Weights
Service Class Weights
Precedence Bits Priority-Weight00 10 (10 %)
01 20 (20 %)
10 30 (30 %)
11 40 (40 %)
The Two Low-Order Bits of the IP Precedence (Tos) Portion
of the DSCP Marking Is Mapped to a Weight.
Service Class
Combination of service class and DSCP marking weights determine how the connection is scheduled by DRE
Scheduling queue:
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40BRKAPP-100414617_05_2008_c2
Power of WAAS WAN Optimization
LAN-LikeThroughput
Bandwidth SavingsFewer Roundtrips
Thro
ughp
ut
Throughput
60Mbps
10 Mbps
20 Mbps
30 Mbps
40 Mbps
50 Mbps
01:20 01:21 01:22 01:23 01:24 01:25 01:26
Thro
ughp
ut
Throughput
3 Mbps
.5 Mbps
1 Mbps
1.5 Mbps
2 Mbps
2.5 Mbps
01:20 01:21 01:22 01:23 01:24 01:25 01:26
LAN Throughput WAN Throughput
Optimization Enabled
WAN
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41BRKAPP-100414617_05_2008_c2
Application Acceleration
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42BRKAPP-100414617_05_2008_c2
The Need for Application Acceleration
For some application protocol, throughput is not the performance limiting factor:
“Chatty” protocols generates large numbers of synchronous messages between hosts
As RTT latency increases, latency-bound application suffer
Application-specific acceleration focuses on latency mitigation techniques:
Local acknowledgment - remove WAN RTT penalty
Asynchronous message handing enables faster exchanges
WAAS includes application-specific acceleration for the following enterprise protocols:
CIFS, HTTP, SSL, MAPI, NFS, RTSP
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43BRKAPP-100414617_05_2008_c2
WAAS Application Accelerators
CIFS
HTTP
SSL
MAPI
NFS
RTSP
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44BRKAPP-100414617_05_2008_c2
In this example of a 2MB Word document open, over 1000 messages are exchanged.
With a 40ms RTT WAN, this equates to more than 52 seconds of wait time before the document is usable.
The Need for CIFS Acceleration
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45BRKAPP-100414617_05_2008_c2
Sessions are maintained end-to-end to ensure no security reconfiguration
Auditing, access-control, and quotas are fully preserved
Scheduled preposition to prepopulate Data Redundancy Elimination and edge data cache
Advanced WAN optimization layer improves throughput and efficiency
DRE eliminates redundant network data
TCP optimizations to improve protocol ability to fully use the network
CIFS Accelerator
Intelligent local handling and optimization of protocol mitigates latency
File caching removes the need forunnecessary file transfer; validation ensures stale data is never served
Transparent integration ensures no client or server changes to apply optimization
FILE.DOC
Cache
Files
WAN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46BRKAPP-100414617_05_2008_c2
CIFS Accelerator
Edge file segment caching and metadata caching:Data is cached on demand as files or directories are opened
Prepopulation of edge cache via prepositioning
Coherency, concurrency, and ACL:Cache validation guarantees that no stale data is served
File locking and AAA are handled synchronously with server
FILE.DOC
Files
OPENFILE.DOC
AAA, OPEN, LOCK
APPROVED, LOCKED, VALIDATED
IPNetwork
Data Caching and Integrity
NAS
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47BRKAPP-100414617_05_2008_c2
CIFS Accelerator
Intelligent prepositioning capabilities with flexible configuration to prepopulate cache with files before the first user request
Leverages DRE and LZ compression to improve transfer performance and user save performance
Preposition FILE.DOC
at 3amFetch
FILE.DOC
Intelligent File Prepositioning
IPNetwork
NAS
FILE.DOC
Files
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48BRKAPP-100414617_05_2008_c2
The Need for Windows Print Acceleration
Windows print traffic is composed of:CIFS/MSRPC between the client and print server
Print job traffic (IPP, socket, etc.) between the print server and printer
CIFS/MSRPC protocols are “chatty”
RPC calls over SMB are fragmentedMaximum fragment size is 4280 bytes
Print job traffic can consume lots of bandwidth
CIFS / MSRPC IPP, socket, etc.
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49BRKAPP-100414617_05_2008_c2
Windows Print Accelerator
RPC command fragments are handled asynchronouslyCan boost WAN utilization
Significantly increases rate of commands issued from client
Asynchronous Command Handling
StartDocPrinter
StartPagePrinter
WritePrinter
StartDocPrinterReply
StartPagePrinterReply
StartPagePrinter StartPagePrinter
WritePrinter WritePrinter
WritePrinterReply
StartPagePrinterReply
WritePrinterReply
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50BRKAPP-100414617_05_2008_c2
Windows Print Accelerator
Established printer connection teardown postponed for 30 seconds
Subsequent OPEN requests are answered locally
Delayed Close of Printer Handles
OpenPrinterEx
ClosePrinter
OpenPrinterEx
OpenPrinterExReply
ClosePrinterReply
OpenPrinterExReply
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51BRKAPP-100414617_05_2008_c2
Windows Print Accelerator
Responses for the following printer commands are cached:
GetPrinter
GetPrinterData
EnumPrintProcessorDataTypes
Metadata cache TTL depends on frequency of data change
There are three TTL values used:15 seconds
5 minutes
1 hour
Metadata Caching
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52BRKAPP-100414617_05_2008_c2
WAAS Application Accelerators
CIFS
HTTP
SSL
MAPI
NFS
RTSP
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53BRKAPP-100414617_05_2008_c2
The Need for HTTP Acceleration
Constant connection open/close when servers don’t support HTTP 1.1 or connection reuse
Complex web pages contain many small objectsEach object retrieved using a single connection
For HTTP over WAN the time required to establish a connection is substantial
WAAS 4.1 release decreases the load time of complex web pages when persistent connections are not available
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54BRKAPP-100414617_05_2008_c2
HTTP Accelerator
Reuses an existing TCP connection across the WANWAN connection bound to a single clientEliminates connection setup penalty for subsequent client connections
Tuned to offset connection “bursts”Bounded session and idle timeouts
Connect (SYN, SYN-ACK, ACK)
Connect
HTTP Request
HTTP Response
HTTP Request
HTTP Response
Fast Connection Setup
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55BRKAPP-100414617_05_2008_c2
HTTP Accelerator
Explicit web proxy configuration complicates detection of SSL sessions
CONNECT method creates client-to-server tunnel via proxy
WAAS ATP is aware of proxy IP:Port, not target SSL server
First HTTP request on every new LAN segment is inspected
Known HTTP methods are handled by the HTTP Acclerator
CONNECT method generates query to SSL Accelerator to determine if SSL server is accelerated
In all other cases (unrecognized methods, unsupported SSL servers, etc.) the connection is handed off to the generic TCP accelerator
Proxy Connect to SSL Servers
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56BRKAPP-100414617_05_2008_c2
WAAS Application Accelerators
CIFS
HTTP
SSL
MAPI
NFS
RTSP
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57BRKAPP-100414617_05_2008_c2
The Need for SSL Acceleration
WAAS optimization benefits are maximized only when applied to decrypted payload
WAAS 4.1 release decreases load time of complex web pages when persistent connections are not available
SSL Handshake
“session key” derived
Encrypted Data Exchange
WAN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58BRKAPP-100414617_05_2008_c2
WAN
Cisco WAAS SSL Optimization Solution
Core WAE acts as a Trusted Intermediary Node for SSL requests by clientPrivate Key and Server Certificate are stored on the Core WAE deviceCore WAE participates in SSL Handshake to derive “session key”Distributes the “session key” securely in-band to the Edge WAE over the established connection between the Edge WAE and Core WAE
Send “session key”
SSL Session Core WAE to Server- Core WAE: Server Private Key
SSL Session Client to Core WAE (WAAS)
Edge WAE Core WAE
TransparentSecure Channel
Original Data - EncryptedOriginal Data - Encrypted Optimized & EncryptedOptimized & Encrypted Original Data - EncryptedOriginal Data - Encrypted
SSL HandshakeSSL Handshake
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59BRKAPP-100414617_05_2008_c2
WAAS Application Accelerators
CIFS
HTTP
SSL
MAPI
NFS
RTSP
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60BRKAPP-100414617_05_2008_c2
The Need for MAPI Acceleration
TCP ports used between client/server are dynamically negotiated
MAPI uses MSRPC, which is “chatty”
Data encoding is negotiated by client/serverOutlook 2000 obfuscates data
Outlook 2003 and 2007 compress data (LZ) or obfuscate if uncompressible
WAAS 4.1 release accelerates Outlook 2000–2007 traffic, including:
Emails, calendar items, OAB, messages in public folders
Accelerates both cached and non-cached mode traffic
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61BRKAPP-100414617_05_2008_c2
MAPI Accelerator
Required for MAPI Accelerator to function
Listens to client communication with PortMapper server
Creates dynamic ATP entry for negotiated port
EndPoint Mapper (EPM)
Resolve Service a4f1db00
Connect tcp/2218
Service a4f1db00 uses tcp/2218
MAPI Request
MAPI Response
Dynamic Policy Created: tcp/2218 = MAPI Accelerate
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62BRKAPP-100414617_05_2008_c2
MAPI Accelerator
Asynchronous WritesWrite operations for sending email and attachments are acknowledged locallyGenerating local responses allows clients to fully utilize WAN bandwidth
Read AheadMAPI Accelerator pre-fetches data during idle periodsAlways happens in the context of an existing user session
Messages DecompressionWAAS modifies client/server messages to disable host compressionRecognizes remote operations and instructs DRE to exclude their headers from the compression input stream
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63BRKAPP-100414617_05_2008_c2
WAAS Application Accelerators
CIFS
HTTP
SSL
MAPI
NFS
RTSP
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64BRKAPP-100414617_05_2008_c2
The Need for NFS Acceleration
‘Chatty’ nature of the protocolEx: File creation generates 4+ RPC calls, each one handled synchronously
Client optimizations insufficient for high BDP environments
Ex: Client read/write buffers are too small (128-512KB)
Coherency mechanisms increase “chatter”Ex: Every file open results in an attribute check with the server
WAAS 4.1 release focuses on accelerating large file copies between a client and server
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65BRKAPP-100414617_05_2008_c2
NFS Accelerator
Write optimizations applied to requests with the ‘UNSTABLE’ flag set
Local acknowledgement generated for consecutive write requests
Data Write Optimization
Write #1Write #1
Write #2Write #2
WriteReply #1
WriteReply #1
WriteReply #2
WriteReply #2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66BRKAPP-100414617_05_2008_c2
NFS Accelerator
Read ahead initiated per connection in presence of sequential read requests and connection inactivity
Edge WAE instructs CORE WAE to start/stop read-ahead based on protocol indicators
Data Read Optimization
Read #1Read #1
Read #2
ReadAhead #2Read #3 Read #2 …
ReadReply #2 …ReadReply #2 …ReadReply #3
Read #4
ReadReply #4
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67BRKAPP-100414617_05_2008_c2
NFS Accelerator
A FH cache is maintained per connection (client)Provides local replies to GETATTR requests
Attribute requests are always forwarded to the origin server
Local response to client is provided if FH entry is cached and less than 15 seconds old
Cache eviction is a combination of random and LRUCache performs random eviction when cache size is less than watermark value
Above watermark, cache performs eviction based on LRU
Attribute Caching
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68BRKAPP-100414617_05_2008_c2
WAAS Application Accelerators
CIFS
HTTP
SSL
MAPI
NFS
RTSP
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69BRKAPP-100414617_05_2008_c2
Live video streaming is bandwidth intensiveBandwidth consumption = StreamRate x NumUsers
Separate stream for each individual user
WAAS 4.1 accelerates Windows Media live stream requests on RTSP
The Need for RTSP Acceleration
Media Players
WAN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70BRKAPP-100414617_05_2008_c2
RTSP Accelerator
Each new client request (over LAN) will reuse existing incoming stream (over WAN) for the same stream URL
Creates a “splitting” effect
For incoming accelerated stream (over WAN), compression is disabled
Reduces resource overhead
Client requests over RTSP/UDP automatically rolled over to RTSP/TCP
RTSP/TCP used for streaming over WAN
Acceleration Algorithm
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71BRKAPP-100414617_05_2008_c2
WAN
RTSP AcceleratorAcceleration Example
Media Players
Video AO(Edge side Stream
Split)
On match, One incoming stream play will be split into multiple outgoing streams
End to End connections for transparent authentication and url & asf-hdr check
for matchVery high WAN bandwidth savings !!
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72BRKAPP-100414617_05_2008_c2
Integration with WAN Optimization
TFO enables the protocols to more effectively and efficiently use available WAN resources
DRE+PLZ improves the performance through compression and data suppression
DRE Cache
Transport Flow Optimization
FILE.DOC
Edge
FilesDRE Cache
CoreLZ LZ
WAN
WAAS Application Accelerators Leverage WAN Optimization Capabilities Provided by TFO+DRE+PLZ
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73BRKAPP-100414617_05_2008_c2
Virtual Blades
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74BRKAPP-100414617_05_2008_c2
Fully Distributed Branch IT
Branch IT Infrastructure:Main Approaches Today
(+) Everything available
(-) Cost of management
(+) Centralized management
(-) Application performance
(-) Limited local services
Fully Centralized Branch IT
Router
UsersApp/file/print
Servers
Router
Backup
LocalStorage
Users
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75BRKAPP-100414617_05_2008_c2
Branch IT Infrastructure: Cisco WAAS Approach
Data Center
Storage Backup
Business and Communication Apps
CiscoWAAS
Flexible, Optimized Branch IT
Servers
Router
Backup
LocalStorage
Users
WAN
CiscoWAAS
Centralize what you can with Cisco WAAS
Locally host Window services on same WAAS device
WAAS and Windows Server: Providing Best Mix of Distributed and Centralized IT Services
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76BRKAPP-100414617_05_2008_c2
Virtual Blade—Sample FlowAllocate Resources and Deploy Image
Allocate resources and start Virtual-Blade instanceEasy and simple—from WAAS CM or from CLI
Centrally deploy server image over to WAEFrom CLI or WAAS CM, using FTP or HTTP
WAE#virtual-blade 1 show virtual-blade 1description WIN2008-SERVERmemory 1500MBdisk size 150GBcpu-count 1cpu-list 1cd-image disk /local1/Longhorn.isoboot-from diskinterface 1 bridge GigabitEthernet 1/0 mac-address 00:13:24:35:35:35not shutdownrunningserial console session inactive
WAN
Remote Office
WAASAppliance
ISR
Remote Office
WAASAppliance
ISR
Data CenterVB2
VB3
VB1
VB2
VB3
VB1
WAASAppliance
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77BRKAPP-100414617_05_2008_c2
Network Integration
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 78BRKAPP-100414617_05_2008_c2
IPNetwork
Network Integration Overview: In-Path
WAE sits physically in-path between two (2) network elements (such as a branch router and switch)
Inspects all traffic passing through the device and determines which traffic to intercept
Intercepts packets in both direction of flow
Passes through non-TCP traffic at a low layer
Fully transparent solution—maintains compatibility with most existing IOS features
Cisco WAEs Can Be Deployed Physically In-Path
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 79BRKAPP-100414617_05_2008_c2
Cisco WAE Physical Inline Deployment
Physical inline interception:Physical in-path deployment between
switch, and router or firewall
Mechanical fail-to-wire upon hardware, software, or power failure
Requires no router configuration
Scalability and high availability:Two two-port groups
Serial clustering with load-sharing and fail-over
Redundant network paths and asymmetric routing
Seamless integration:Transparency and automatic discovery
802.1q support, configurable VLANs
Supported on all WAE appliances
Cisco WAE 4-Port Inline Card
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 80BRKAPP-100414617_05_2008_c2
Network Integration Overview: Off-Path
WAE devices rely on packet interception and redirection to enable application acceleration and WAN optimization:
Interception in each site where deployedInterception in both directions of packet flow
Transparent optimizations maintain compatibility with most IOS features and other platforms
Cisco WAE
IPNetwork
Cisco WAE Devices Attach to the LAN as an Appliance
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 81BRKAPP-100414617_05_2008_c2
IPNetwork
Network Interception
Generally deployed at network entry/exit points
Rely on network interception to supply flows to optimize
Cisco Wide AreaApplication Engine
Intercepted Flow
Non-Optimized Flow
Optimized Flow
Network Attached Optimizations Rely on Devices Physically Attached to the Network at Strategic Locations
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 82BRKAPP-100414617_05_2008_c2
Cisco WAE WCCPv2 Deployment
WCCPv2 interceptionOut-of-path with redirection of
flows to be optimized (all flows or selective via redirect-list)
Automatic load-balancing, load redistribution, fail-over, and fail-through operation
Scalability and high availabilityUp to 32 WAEs within a service
group and up to 32 routers
Linear performance and scalability increase as devices are added
Seamless integrationTransparency and automatic
discovery
Supported on all WAE platforms
Optimized Flow
Optimized Flow
OriginalFlow
OriginalFlow
InterceptionRedirection
InterceptionRedirection
ServiceGroup
ServiceGroup
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 83BRKAPP-100414617_05_2008_c2
Cisco WAE ACE Deployment
Application Control Engine (ACE)Industry-leading scalability and
performance for the most demanding data center networks
Supports up to 16Gbps throughput, 4M concurrent TCP connections, and 350K connections/sec setup
Seamless integrationFully integrated with the Catalyst 6500
series of intelligent switches
Transparency and automatic discovery
Supported on all WAE appliances
Industry Leading FunctionalitySolution for scaling servers, appliances,
and network devices
Virtual partitions, flexible resource assignment, security, and control
Catalyst650X w/
ACE
Catalyst650X w/
ACE
OriginalFlow
OriginalFlow
OptimizedFlow
OptimizedFlow
WAN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 84BRKAPP-100414617_05_2008_c2
Central Management
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85BRKAPP-100414617_05_2008_c2
WAAS Central ManagerCentral Manager Navigation
Context-based Menus – based on device group or device selection
Organized for intuitive access
Reporting CapabilitiesChoose pre-defined reports or
create your ownScheduled report generation and emailReport per device or device group
RBAC capabilitiesSupport for User Group
authorization
Privileges, including Read-only access
Reporting views
SOA-ready MonitoringStandard XML Web
Service (SOAP)
Integration with external reporting and monitoring portals
Virtual Blade ManagementCentralized creation, deployment,
management and monitoring for Virtual Blades
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 86BRKAPP-100414617_05_2008_c2
Davis Central Manager Dashboard
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 87BRKAPP-100414617_05_2008_c2
Device Home Page
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 88BRKAPP-100414617_05_2008_c2
Q and A
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 89BRKAPP-100414617_05_2008_c2
Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press
Check the Recommended Reading flyer for suggested books
Available Onsite at the Cisco Company Store
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 90BRKAPP-100414617_05_2008_c2
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Receive 20 Passport points for each session evaluation you complete.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008.
Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 91BRKAPP-100414617_05_2008_c2
Recommended