Cisco Customer Education - Cisco Files · ASR 1000 . ASR 1000 . WAAS . PfR . AVC . ISR G2 . WAN . Internet . Enabling Internet-Based WANs . ... Join us again for a future Cisco Customer

Cisco Customer Education

This session was recorded via Cisco WebEx! You can watch the live session recording via the following URL:

https://acecloud.webex.com/acecloud/lsr.php?RCID=002d68d8980f49c498a11edaf0ab4205

Thanks for your interest and participation!

Who Killed the Private Network? Cisco Intelligent WAN Did!


















Cisco Customer Education

Connect using the audio conference box or you can call into the meeting:

1. Toll-Free: (866) 432-9903

2. Enter Meeting ID: 206 785 185 and your attendee ID number.

3. Press “1” to join the conference.

Who Killed the Private Network? Cisco Intelligent WAN Did!

Presentation Agenda

► Welcome from Cisco

► History of WAN Connections

► Conclusion

► Introducing Cisco IWAN Technology

► Call To Action About Your Host Brian Avery Territory Business Manager, Cisco Systems, Inc.

[email protected]

Cisco Confidential 4 © 2013- 2014 C isco and/or its affiliates . All rights reserved.

Who Is Cisco?


C omputer s c ientis ts , Len Bos ack and S andy Lerner found C is co S ys tems

B osack and Lerner run network cables between two different buildings on the S tanford Univers ity campus

A technology has to be invented to deal with disparate local area protocols ; the multi- protocol router is born

1984

Cisco Confidential 6

Who Is Cisco?

Chuck Robbins, CEO, Cisco

• Dow Jones Industrial Average Fortune 100 Company

• $145B Market Capitalization

• $48B in Revenue

• $8B in Annual Profits

• $33B More Cash than Debt

• $5.9B in Research and Development

http:/ / finance.yahoo.com/q/ks?s=CSCO+Key+Statistics

http://finance.yahoo.com/q/ks?s=CSCO+Key+Statistics


Market Leadership Matters

No. 1

Voice

39%

No. 1

TelePresence

43%

No. 1

Web Conferencing

41%

No. 1

Wireless LAN

50%

No. 2

x86 Blade Servers 27%

No. 1

Routing Edge/Core/

Access

45%

No. 1

Security

33%

No. 1

Switching Modular/Fixed

64%

No. 1

Storage Area Networks

47%

Q1CY14


§ C C E is an educational s es s ion for current and pros pective C is co cus tomers

§ Des igned to help you unders tand the capabilities and bus ines s benefits of C is co technologies

§ Allow you to interact directly with C is co s ubject matter experts and as k ques tions

§ Offer as s is tance if you need/want more information, demons trations , etc .

What Is the Cisco Customer Education Series?

Cisco Confidential ©2015 Cisco and/or its affiliates. All rights reserved.

Evolution of the Intelligent WAN to Revolutionize the Branch


The Victorian Internet

4The Telegraph

4 Invented in the 1840s.

4Signals sent over wires that were established over vast distances

4Used extensively by the U.S. Government during the American Civil War, 1861 - 1865

4Morse Code was dots and dashes, or short signals and long signals

4The electronic signal standard of +/- 15 v. is still used in network interface cards today.


Why Do WANs Exist?

4Originally built to provide network connectivity between disparate locations for transport of private network traffic and information

4Initial WANs were literally dedicated links (“wires”) in the ground – VERY EXPENSIVE

4WANs today are connected via many different forms of transport and

4WANs today encompass branch locations, remote users, teleworkers, mobile users and more.

Cisco Confidential ©2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

WAN Evolution

1969 ---

1985 ---

1990 ---

1995 ---

2000 ---

2015

Year

ARPANET TDM Frame

Relay ATM MPLS iWAN

Price/Performance


Enterprise WAN Today – What Challenges Are We Facing?

4WAN bandwidth needs are growing! • Cloud Application

• Apple iOS Updates

• BYOD

• VoIP & Video Collaboration Tools

4 IT budgets are flat or declining • Transport/Bandwidth costs are a huge part of my IT budgets

• The Need for cost effective WAN bandwidth (Internet)

4Security Challenges & Threats are Growing • Vulnerable Devices and Software

• Inherent Insecurity of WAN Transports

Cisco Confidential

Cloud

50% of CIOs Expect to Operate via the Cloud by 2015

Mobility

6X More Mobile Data Traffic by 2015

Fat Apps

2/3 of Mobile Traffic Will Be Video

Cisco Confidential ©2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential ©2015 Cisco and/or its affiliates. All rights reserved.

58% of IT Branch Budgets Spent on WAN Connectivity

Source: IDG


Deliver More Bandwidth for Lower Cost

What If Your WAN Can…

Improve Your Application Performance

Backhaul Local & Cloud

Device-by-device System

Hours Minutes 1x 2x -20x

Pinpoint Application Issues Instantly Increase WAN Utilization

Ensure Security Over Any Connection Reduce Network Complexity

Consistent Security Policies Simplify Operations


Cisco Intelligent WAN Technical Overview - IWAN

Jacob Sacharok – Technical Marketing Engineer – IWAN

August 10th 2015

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

Low-Cost Alternative

of Organizations Are Planning to Transition to

Internet Connections 1Internet Transit Pricing based on surveys and informal data collection primarily from Internet Operations Forums—‘street pricing’ estimates

2Packet delivery based on 15 years of ping data from PingER for WORLD (global server sample) from EDU.STANFORD.SLAC in California

Source: William Norton (DrPeering.net); Stanford ping end-to-end reporting (PingER)

Internet Pricing vs. Reliability, 1998-2012


Benefits of Intelligent Path Control

Data Center Branch

ASR 1000

ASR 1000

WAAS PfR

AVC

ISR G2

WAN

Internet

Enabling Internet-Based WANs

Efficient Distribution of Traffic Based Upon Load, Circuit Cost, and Path Preference

Per Application Best Path Based on Delay, Loss, Jitter Measurements

Protection From Carrier Black Holes

and Brownouts

Lower WAN Costs

Full Utilization of All WAN Bandwidth

Improved Application Performance

Lower WAN Costs


MPLS

Branch

3G/4G-LTE

AVC

Internet

Private Cloud

Virtual Private Cloud

Public Cloud WAAS PfR

Application Optimization

• Application visibility with performance monitoring

• Application acceleration and bandwidth optimization

Secure Connectivity

• Certified strong encryption • Comprehensive threat

defense • Cloud Managed Security for

secure direct Internet access

Intelligent Path Control

• Dynamic Application best path based on policy

• Load balancing for full utilization of bandwidth

• Improved availability

Transport Independent

• Consistent operational model • Simple provider migrations • Scalable and modular design • IPsec routing overlay design

Control & Management Automation

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 20

Transport-Independent Design Simplifying Internet-Based WANs


Simplifies WAN Design Dynamic Full-Meshed Connectivity Proven Robust Security

Dynamic Multipoint VPN (DMVPN) Secure Flexible

• Easy multi-homing over any carrier service offering

• Single routing control plane with minimal peering to the provider

• Consistent design over all transports

• Automatic site-to-site IPsec tunnels

• Zero-touch hub configuration for new spokes

• Certified crypto and firewall for compliance

• Scalable design with high- performance cryptography in hardware

ISR-G2

WAN

MPLS

Internet ASR 1000

ASR 1000

Transport-Independent

Data Center Branch


• Proven IPsec VPN technology Widely deployed, large scale Standards based IPsec and Routing Advanced QOS: hierarchical, per tunnel and adaptive

• Flexible & Resilient Over any transport: MPLS, Carrier Ethernet, Internet, 3G/4G,.. Scalable-Mesh or Hub & Spoke Topologies Multiple encryption, key management, routing options Multiple redundancy options: platform, hub, transports

• Secure Industry Certified IPsec and Firewall NG Strong Encryption: AES-GCN-256 (Suite B) IKE Version 2 IEEE 802.1AR Secure unique device identifier

• Simplified IWAN Deployments Prescriptive validated IWAN designs Automated provisioning – Prime, APIC, Glueware

SECURE ON-DEMAND TUNNELS

Branch 2

Traditional Static Tunnels DMVPN On-Demand Tunnels Static Known IP Addresses Dynamic Unknown IP Addresses

ISR G2

Branch 1

Hub

IPsec VPN

Branch 3

ASR 1000

ISR G2 ISR G2


Traditional and IWAN

Internet MPLS

Branch

DMVPN GETVPN

Internet MPLS

Branch

DMVPN DMVPN

Two IPsec Technologies GETVPN/MPLS DMVPN/Internet

Two WAN Routing Domains MPLS: eBGP or Static Internet: iBGP, EIGRP or OSPF Route Redistribution Route Filtering Loop Prevention

Active/Standby WAN Paths Primary With Backup

One IPsec Overlay DMVPN

One WAN Routing Domain iBGP, EIGRP, or OSPF

Active/Active WAN Paths

ISR-G2

ASR 1000 ASR 1000

ISP A SP V

ISR-G2

ISP A SP V

ASR 1000 ASR 1000

TRADITIONAL HYBRID

Data Center

IWAN HYBRID

Data Center


Consistent deployment models simplify operations

Internet MPLS

Branch

DMVPN DMVPN

IWAN HYBRID

Data Center

ISR-G2

ASR 1000 ASR 1000

ISP A SP V

Internet Internet

Branch

DMVPN DMVPN

IWAN DUAL INTERNET

Data Center

ISR-G2

ISP A DSL

ISP C Cable

ASR 1000 ASR 1000

MPLS

Branch

MPLS

DMVPN

IWAN Dual MPLS

Data Center

ISR-G2

ASR 1000 ASR 1000

ISP A SP V

DMVPN


Intelligent Path Control Improving Application Delivery and WAN Efficiency


Benefits of Intelligent Path Control

Data Center Branch

ASR 1000

ASR 1000

WAAS PfR

AVC

ISR G2

WAN

Internet

Enabling Internet-Based WANs

Efficient Distribution of Traffic Based Upon Load, Circuit Cost, and Path Preference

Per Application Best Path Based on Delay, Loss, Jitter Measurements

Protection From Carrier Black Holes

and Brownouts

Lower WAN Costs

Full Utilization of All WAN Bandwidth

Improved Application Performance

Lower WAN Costs


Voice and Video Use-Case

Branch

MPLS

Internet Virtual Private

Cloud

Private Cloud

• PfR monitors network performance and routes applications based on application performance policies

• PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth

Other traffic is load balanced to maximize bandwidth Voice/Video will be

rerouted if the current path degrades below policy thresholds

Voice/Video take the best delay, jitter, and/or loss path


Tooling for Intelligent Path Control

DSL Cable

Branch MC+BR

BR BR

Data Center

MC

“Performance Routing (PfR) provides additional intelligence to classic routing technologies to track the performance of, or verify the quality of, a path between two devices over a Wide Area Networking (WAN) infrastructure to determine the best egress or ingress path for application traffic....”

• Cisco IOS technology

• Two components: Master controller and border router


PATH CONTROL

METRICS

ADAPTIVE

• Topological state • Least cost path • Static user preference

• Path cost • Interface state

• Application-aware • Policy controlled • Measured performance

• Delay • Jitter • Bandwidth

Responds To: • Measured performance

changes (degradation)

Responds To: • Link and node state

changes (up/down)

+

Classical PfR


SP1 (MPLS) ISP (Internet)

• Protect voice and video quality

Latency < 150 ms; Jitter < 20 ms

• Protect VDI applications from brownouts

Loss < 5%

• Voice and video preferred path SP-A

• VDI preferred path SP-B • Increase utilization

by load sharing

Multimedia and Critical Data Policy

Business App

Hybrid IWAN

Best-Effort Traffic

7% Loss Detected

ISP-1 (Cable) ISP-2 (DSL)

Voice and Video

Dual Internet IWAN

High Jitter Detected

VDI

Best-Effort Traffic

• Protect business cloud applications from brownouts

Loss < 5% • Preferred path for business

applications: SP1 (MPLS)

• Increase WAN bandwidth efficiency by load-sharing traffic over all WAN paths, MPLS + Internet

Business App and Load-Balancing Policy


Optimize Application Performance AVC NetFlow v9 & WAAS


• Static port classification is no longer enough

• More and more apps are opaque

• Increasing use of encryption and obfuscation

• Application consists of multiple sessions (video, voice, data)

• In many cases the user experience is not meeting business needs.

FTP IM

RPC SOAP Video

HTTP is the new TCP

Information Collaboration SaaS


Branch

Proliferation of Devices

Users/ Machines

Private Cloud

DC/Headquarters

Public Cloud

60% of IT Professionals Cite Cloud Performance as Key Challenge

No Probes

4 Rich data collection – Flexible NetFlow

4 No additional hardware, AX license

4 Many reporting tool options

Smart Capacity Planning

4 Per-application per-site level reporting

4 Better information improves planning accuracy

Business Aligned Privacy Enforcement

4 Intuitive application policies

4 Identify specific products and applications within http traffic

Cisco AVC


What applications, how much bandwidth, flow direction? (NBAR2 and Flexible Netflow) Basic Monitoring

Integrated performance monitoring and advanced metrics for different type of applications and use cases

HTTP HTTP

Voice and Video Performance (Media Monitoring)

Advanced Monitoring

30% of traffic is voice and video

Critical Applications Performance (Application Response Time)

40% of traffic is critical applications


Solution

• Reduce load Data redundancy elimination (DRE), compression, and TCP optimization

• Application optimization Fewer protocol messages and metadata caching

Problem

• Application latency • WAN bandwidth

inefficiencies

Application bandwidth with Cisco® WAAS

Application bandwidth natively

Application latency natively

Application latency with Cisco WAAS 0 0

1

2

3

4

40

80

120

160

Application Bandwidth

Application Latency

Bandwidth

(Mbps)

Latency (Seconds

) Reduction in

bandwidth

Reduction in latency

Enhancing User Experience and WAN Efficiency


Now Supports Akamai Cloud | Single-sided Optimization | Secure Direct Internet Access

Edge Caching Enhances the User Experience

AKAMAI CONNECT World’s Best Optimization Solution for HTTP Traffic

AKAMAI CACHING AND ACCELERATION Transparent HTTP

Caching Dynamic URL OTT

HTTP Caching Akamai

Connected Cache Content

Pre-positioning

CISCO WAAS LZ

Compression TCP

Optimization Data

De-duplication Application Specific

Acceleration


Extending Akamai to the Branch with Edge Caching Akamai Inside Cisco

Available Now!

COMPLETING THE LAST MILE WITH AKAMAI IN THE BRANCH

Data Center WAN/MPLS

Branch

Akamai Intelligent Platform

Optimal Experience Regardless of Device, Connectivity or Cloud All HTTP Traffic in Private, Public, Akamai Cloud

Prepositioning | Dynamic HTTP Caching (YouTube) | Any Transport

ISR- AX AKAMAI INSIDE

AKAMAI CACHE


Akamai Connect Caching & Prepositioning

Branch

MPLS (IP-VPN) Private Cloud


Public Cloud

Akamai Intelligent Platform

WAAS Optimization + Akamai Connect improves both Private and Public Cloud

performance

Cached & Prepositioned content improves application response time dramatically

Prepositioning of internet and Private cloud content, including dynamic URLS like YouTube

Caches HTTP Content

Akamai Connect works over WAN and

directly from the Internet


Branch Internet Access


Branch

MPLS (IP-VPN)

Internet Direct

Internet Access

Private Cloud


Public Cloud

• Leverage Local Internet path for Public Cloud and Internet access • Improve application performance (right flows to right places)


Secure Public Cloud and

Internet Access

ISR Connector to CWS Firewall towers

Web Filtering, Access Policy, Malware Detect

WAN1 (IP-VPN)

CWS

Private Cloud

Public Cloud

Branch

WAN2 (Internet)

IWAN IPsec VPN for Private

Cloud Traffic IOS Firewall to protect Internet

Edge

Internet


Centralized Policy and Granular Reporting • Flexible reporting with over 75 attributes

• Deep, drill down visibility

• Overview, trending and forensic data

Administrator

CWS

CWS Offers Consistent, Enforceable, High-Performance Web Security and Policy, Regardless of Where or How Users Access the Internet

User Granularity

• Integration with existing network infrastructure (e.g., routers, firewalls)

• Integration with Directory Services • Numerous deployment options

Policy Control

• Web 2.0 content control • BI-directional content control • Dynamic Web Classification • HTTP/HTTPS scanning • SearthAhead

Security

• Outbreak intelligence • Billions of Web requests every

day • Real-time content analysis of all

Web content • Effective zero-day threat

protection

Office Based User

Roaming User

Mobile Devices

Internet


Cisco ScanCenter Portal

43


Simplified Branch Deployments


• Advanced provisioning, life cycle management, and customized policies

• Multi-tenant

• System-wide network

consistency assurance • Lean IT OR IT Network

team

On- Prem

Cisco Prime Infrastructure

• Feature rich configurable enterprise network management and end-to-end monitoring product

• One Assurance across Cisco portfolio from Branch to Datacenter

• IT Network Team

Enterprise Network Mgmt and Monitoring

Cloud-Based

Cisco APIC IWAN App

• Enables simplicity and operational automation

• Small CVD Deployments • Highly consistent network

requirement with prescriptive Cisco Validated Designs

• Lean IT

Prescriptive Policy Automation

• Uncompromising Netflow visibility and collection for advanced monitoring and network visualization

• Network troubleshooting and QoS/ PfR/ AVC configuration

• Real-time analytics and flow/device scalability

• IT Network team

Application Aware Performance Mgmt

Advanced Orchestration


No CLI Skills Required

PnP 1

PnP 2

PnP 3

USB stick to bootstrap the ISR • Installer connects LAN/WAN cables • ISR loads bootstrap config from USB memory stick

Prime Plug-n-Play Application • Installer connects LAN/WAN cables + a USB console cable to a Laptop/iPhone/iPad • PnP Application bootstraps the router

Cisco Configuration Professional Express (ISR Device GUI) • Installer connects LAN/WAN cables + a PC to a LAN port • CCP Express Application to bootstrap the router


IWAN Management & Visualization

• End-to-End topology, flow and trace visualization

• Search capability • Alert drilldown to

applicable flows • Point-and-click FnF

configurations

• QoS dashboard and alert drill-down

• Pre and post-QoS graphs

• Congestion indicators

• Single-click QoS audit

• QoS/ACL graphical configurator

• Customized policies with 25+ QoS templates

• Apply policy to multiple devices w/ single click

• CLI preview

• LAN path and Spanning Tree connections

• Trunk and access bandwidth

• Layer 2 QoS stats • VLAN filtering in

topology view

• IP SLA topology view

• IP SLA dashboard • Graphical IP SLA

configurator • Support all IP SLA

tests including Video Operations

• Topology view of active routes

• Graphical Policy Based Routing (PBR)

• Trace path to destination with return route

• Supports EIGRP, OSPF, IS-IS, BGP, RIP

Flow QoS Monitor QoS Configure Routing LAN IP SLA

• An Application-aware Network Performance Management + QoS Control tool • Fast, simple, cost effective way to monitor and control application performance leveraging Cisco

capabilities

See Visualize Point Troubleshoot, Decision Making

Click Control, Deploy

Fix

Improve


Cisco Intelligent WAN APIC-EM APP The IWAN App for the APIC-EM simplifies network management in an intuitive browser-based GUI and enables IT automation through centrally-managed policies. The IWAN App features:

•Simplified workflows — use case driven with step-by-step provisioning •Zero-touch provisioning – plug-and-play for remote devices without user intervention •Business-level policies – application rules drive network actions and abstraction of underlying policy configurations •Open architecture – northbound API for third party GUIs, Scripting,or Reporting •Network and application monitoring – status, alerting of network issues


Cisco ISR G2 family 3900-AX 2900-AX 1900-AX

890

Cisco ISR 4000 4400 4300

Cisco ASR-1000

Cisco CSR-1000

MC BR

MC BR

MC BR

MC BR

AX License

• Application Visibility & Control (AVC) • Performance Routing (PFR)


Deployment & Scale

Network Capacity Optimization

Automation & Simplification

App Visibility, & Optimization

Security

IWAN 2.0

• Validated 2000 site / domain

• Prime Infra 2.2, LiveAction ZTD Provisioning

Life Cycle Mgmt Monitoring & Reporting

• Application Performance Protection – PfRv3 • Application Performance Optimization – Akamai Connect • Application Performance Monitoring – AVC

Outcomes

• Application Path Preference • Path Load-balancing

Today

• Validated Hardened Infrastructure FIPS 140-2, Common Criteria, AES-GCM-256

• Cloud Managed Internet Access


Deployment & Scale

Network Capacity Optimization

Automation & Simplification

App Visibility, & Optimization

Security

Outcomes IWAN 2.1 IWAN 3.0

• Large Complex Designs Multiple DCI Data Centers Additional Redundancy

• Metered Interface Support (3G/4G) • Path of Last Resort (3G/4G)

• APIC-EM SDN Automation Enablement & policy administration Zero touch deployment PKI Automation

• IWAN App • Prime 3.0 (IWAN Reporting)

• Adaptive QOS

• IPv6 support • Virtual Branch support • Segmentation scalability

• Cloud/Internet Path Preference • Enhanced Internet Transport

(Akamai Transport)

• Identity based policies • DNS App Classification

• CWS connector on ISR4k • Advance Threat Detection

FirePower NG IPS & Firewall OpenDNS Access Control

• Simplification & Centralization of Key management

1st half CY 2016 2nd half CY 2015

• PKI Automation & Simplification • IOS-XE IPS


Uncompromised Experience Over Any Connection

Unleash Your Business Potential

Lower Costs without Tradeoffs

Maximize Your WAN Investment


Thank You and Next Steps

Brian Avery bravery@ cis co.com

C ontact Your C is co Partner https ://tools .c isco.com/WW C hannels/LOC ATR/performBasicS earch.do

www.

Learn more about C is co intelligent W AN: www.cis co.com/go/iwan/

mailto:[email protected]

https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

https://tools.cisco.com/WWChannels/LOCATR/performBasicSearch.do

http://www.cisco.com/go/iwan/


§ C C E s es s ions are held weekly on a variety of topics

§ C C E s es s ions can help you unders tand the capabilities and bus ines s benefits of C is co technologies

§ W atch replays of pas t events and regis ter for upcoming events !

Vis it http://cs .co/c is co101 for details

Join us again for a future Cisco Customer Education Event

http://cs.co/cisco101

Cisco Confidential ©2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Thank you.

Documents

Cisco Customer Education - Cisco Files · ASR 1000 . ASR 1000 . WAAS . PfR . AVC . ISR G2 . WAN . Internet . Enabling Internet-Based WANs . ... Join us again for a future Cisco Customer