intelligent wan - cisco.com · traffic by 2015 (cisco vni, 2012) mobility explosion . accelerating...
TRANSCRIPT
Intelligent WAN
Rupesh Chakkingal Cisco Product Management (Market Strategy) | Enterprise Products and Solution
Customer IT Challenges What they are telling us…
of IT decision makers claimed applications
are rolled out without IT engagement
(Cisco IT Impact Survey - May 2013)
APPLICATION
PROLIFERATION
of organizations will have no
additional WAN budget
(Nemertes 2013)
BUDGET
LOWER
OPEX
of IT resources
is spent keeping
the lights on
(Gartner)
COMPLEXITY
COST
of organizations
backhaul traffic
through the data
center
(Metzler & Associates, 2012)
SECURITY
IMPLICATIONS
More Mobile Traffic by 2015
(Cisco VNI, 2012)
MOBILITY
EXPLOSION
Accelerating Innovation The NEW Branch
Education
• Extend learning beyond classroom walls
• Deliver HD content to tablets for students
• Real-time online education system
Retail
• Increase shopper dwell time with guest Wi-Fi
• Seamless online and in-store experience (Omni channel)
• Online concierge
• Product catalogs
• Web Point-of-Sale
Enterprise
• Accelerate business apps from all clouds
• On-demand video sales or new hire training
• Direct Internet access for faster app performance
Banking
• Guest Wi-Fi
• Digital signage
• HD video
• Virtual offices
80% of employees and customers begin their mobility experience at the Branch
What’s Holding You Back?
Likely, some or all of the following:
An inflexible branch network
An overabundance of manual
tasks
A complex collection of
hardware
Slow application performance
Budget and resource limitations
Security risks
Low-Cost Alternative
Why Move to Internet as WAN?
% 46 of Organizations
Are Planning to
Transition to Internet
Connections
1Internet Transit Pricing based on surveys and informal data collection
primarily from Internet Operations Forums—‘street pricing’ estimates 2Packet delivery based on 15 years of ping data from PingER for WORLD
(global server sample) from EDU.STANFORD.SLAC in California
Source: Will iam Norton (DrPeering.net); Stanford ping end-to-end reporting (PingER)
Internet Pricing vs. Reliability, 1998-2012
Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access
Secure WAN
Transport
Branch
MPLS (IP-VPN)
Internet Direct
Internet
Access
Private Cloud
Virtual Private Cloud
Public Cloud
• Secure WAN transport for private and virtual private cloud access
• Leverage local Internet path for public cloud and Internet access
Increased WAN transport capacity, cost effectively!
Improve application performance (right flows to right places)
Intelligent WAN Deployment Models
Dual MPLS
Internet
Highest SLA guarantees
– Tightly coupled to SP ẋ Expensive
Public
MPLS
Branch
MPLS
Hybrid
More BW for key applications
Balanced SLA guarantees – Moderately priced
Public Enterprise
Branch
MPLS+ Internet
Dual Internet
Consistent VPN Overlay Enables Security Across Transition
Best price/performance
Most SP flexibility – Enterprise responsible for SLAs
Internet
Branch
Enterprise Public
Intelligent WAN Solution Components
Internet
Branch
3G/4G-LTE
AVC
MPLS
Private Cloud
Virtual Private Cloud
Public Cloud WAAS PfR
Application Optimization
• Application visibility with
performance monitoring
• Application acceleration
and bandwidth optimization
Secure Connectivity
• Certified strong encryption
• Comprehensive threat defense
• Cloud Web Security for secure direct Internet access
Intelligent Path Control
• Dynamic Application best
path based on policy
• Load balancing for full
utilization of bandwidth
• Improved network
availability
Transport Independent
• Consistent operational model
• Simple provider migrations
• Scalable and modular design
• IPsec routing overlay design
Simplifies WAN Design Dynamic Full-Meshed
Connectivity Proven Robust Security
Flexible Secure WAN Design Over Any Transport Dynamic Multipoint VPN (DMVPN)
Secure Flexible
• Easy multi-homing over any carrier service offering
• Single routing control plane with minimal peering to the provider
• Consistent design over all transports
• Automatic site-to-site IPsec tunnels
• Zero-touch hub configuration for new spokes
• Certified crypto and firewall for compliance
• Scalable design with high- performance cryptography in hardware
ISR-G2
WAN
Internet
MPLS ASR 1000
ASR 1000
Transport-Independent
Data Center Branch
Hybrid WAN Designs Traditional and IWAN
Internet MPLS
Branch
DMVPN GETVPN
Internet MPLS
Branch
DMVPN DMVPN
Two IPsec Technologies GETVPN/MPLS DMVPN/Internet
Two WAN Routing
Domains MPLS: eBGP or Static Internet: iBGP, EIGRP or OSPF Route Redistribution Route Filtering Loop Prevention
Active/Standby
WAN Paths Primary With Backup
One IPsec Overlay DMVPN
One WAN
Routing Domain iBGP, EIGRP, or OSPF
Active/Active
WAN Paths
ISR
ASR 1000 ASR 1000
ISP A SP V
ISR
ISP A SP V
ASR 1000 ASR 1000
TRADITIONAL HYBRID
Data Center
IWAN HYBRID
Data Center
Getting the Most Out of Your WAN Investment Benefits of Intelligent Path Control
Data Center Branch
ASR 1000
ASR 1000
WAAS PfR
AVC
ISR G2
MPLS
Internet
Enabling Internet-Based WANs
Efficient Distribution of Traffic Based Upon Load,
Circuit Cost, and Path Preference
Per Application Best Path Based on Delay,
Loss, Jitter Measurements
Protection From Carrier Black Holes
and Brownouts
Lower WAN Costs
Full Utilization of WAN Bandwidth
Improved Application
Performance
Higher Application Availability
Intelligent Path Control with PfR Voice and Video Use-Case
Branch
MPLS
Internet
Virtual Private Cloud
Private Cloud
• PfR monitors network performance and routes applications based on application performance policies
• PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth
Other traffic is load
balanced to maximize bandwidth
Voice/Video will be rerouted if the current path degrades below policy thresholds
Voice/Video take the best delay, jitter, and/or loss path
SP1 (MPLS) ISP (Internet)
• Protect voice and
video quality
Latency < 150 ms;
Jitter < 20 ms
• Protect VDI applications
from brownouts
Loss < 5%
• Voice and video preferred
path SP-A
• VDI preferred path SP-B
• Increase utilization
by load sharing
Multimedia and Critical Data Policy
Business App
Hybrid
IWAN
Best-Effort Traffic
7% Loss Detected
ISP-1 (Cable) ISP-2 (DSL)
Voice and Video
Dual Internet
IWAN High Jitter Detected
VDI
Best-Effort Traffic
Protecting Critical Applications While Increasing Bandwidth Utilization
• Protect business cloud
applications from
brownouts
Loss < 5%
• Preferred path for business
applications: SP1 (MPLS)
• Increase WAN bandwidth
efficiency by load-sharing
traffic over all WAN paths,
MPLS + Internet
Business App and Load-Balancing Policy
Today’s Network is an IT Blind Spot
Static port classification is no longer enough
More and more apps are opaque
Increasing use of encryption and obfuscation
Application consists of multiple sessions (video, voice, data)
What if user experience is not meeting business needs?
• QoS (w/ NBAR2) • PfR
Control
High
Med
Low
• Cisco Prime Infrastructure
• 3rd Party Tools
App Visibility &
User Experience Report
Management
Tool
• Unified Monitoring - Traffic Statistics
- Response Time - Voice/Video
Monitoring - URL Collection
Reporting Tool Perf. Collection & Exporting
Reporting Tools
3
App BW Transaction Time
…
SAP 3M 150 ms …
Sharepoint 10M 500 ms …
• NBAR2 • Metadata
Application
Recognition
What is Application Visibility and Control (AVC) Add Cisco AVC
NFv9/IPFIX
15
3
What is Application Visibility and Control (AVC) Enabled Technologies
Gigabytes
Ap
plicati
on
s
unknown
http
https
ica
sip
dns
cifs
hsrp
icmp
ldap
msnp
sap
Megabytes
bittorrent
Netflix
share-point
gtalk-voip
google-docs
rtp
cirix
Ssl
sip
skype
webex-meeting
https
flash-video
dns
Ap
plicati
on
s
Cisco AVC with NBAR2 Provides Deep Packet Inspection at the Application Level
Port monitoring Application Monitoring
Private Cloud
Add WAN Optimization Speed and Bandwidth Benefits on Top of the IWAN
Branch DC/Headquarters
Faster Applications, More Users, Less
Bandwidth • 90% HD Video optimization
and better user experience
• Twice as many Citrix users over same WAN, 70% faster
• Toyota: ROI in less than one year, 65% BW cost savings
Easy to Deploy
• Works with existing branch routers (and existing AX license
Scalable
• AppNav Controller and WAVE pool is scalable
• Native HA capability
vWAAS
WAAS Express
Proliferation
of Devices
Users/ Machines
AppNav-XE Controller
CSR
WAVE
WAN
Accelerate Any TCP Connection
Akamai
Intelligent Platform
Data Center Branch
CISCO
Mobile Assisted Selling: Intranet Content Cache
CISCO
Omni Channel: Akamai Content
Connected Cache (CC) Guest WiFi: Generic Internet Content Cache
Training: Over-the-top Cache
WAN/MPLS
Akamai Connect Edge Caching–Use Cases Optimal User Experience and WAN Offload
Intelligent WAN—Direct Internet Access
Branch
MPLS (IP-VPN)
Internet
Direct
Internet
Access
Private Cloud
Virtual Private Cloud
Public Cloud
• Leverage Local Internet path for Public Cloud and Internet access
• Improve application performance (right flows to right places)
Solutions
On Premise – Zone Based Firewall
Cloud Based – Cloud Web Security
CWS
ISR-AX ZBFW
BUSINESS AGILITY Cisco Intelligent WAN Management Portfolio
Plug and Play deployment
Health Assurance
Compliance
Cloud-based, automated configuration
Compatible with onePK for app aware WANs
Monitors and visualizes your traffic flows
Troubleshoots hop-by-hop to pinpoint issues
On-Prem Lifecycle Management
Cloud-Based Orchestration
Management & Visibility
Cisco Prime
Intelligent WAN Competitive Advantage
Network Services Simplify
Application Delivery
One Network
UNIFIED SERVICES
Routing Redefined
Routing Switching WLAN
ISR-AX + UCS-E ASR AX
Application Services
Optimization
Collaboration
Server Hosting
Access Router
Security
Optimization Vendor
Security Appliance Vendor
Collaboration Vendor
1
2
3
4
5 Router Vendor
Server Vendor
Cisco Intelligent Solution ISR AX Competitive Solution – Multiple Vendors
IWAN: ISR G2 ISR 4K Mapping B
ran
ch
co
nso
lid
ati
on
Application services
4451-X
(2 RU, 1000-2000 Mb)
4431
(1 RU, 500-1000 Mbps)
4351
(2 RU, 200-400 Mbps)
4331
(1 RU, 100-300 Mbps)
4321
(1 RU (Desktop), 50-100 Mbps)
3945E
3925E
3945
3925
2951
2921
2911
2901
1921/1941
NEW
NEW
NEW
NEW
Converged Branch Infrastructure Server Virtualization with UCS E-Series Server Modules
Server Blades with Storage
Cisco UCS® E140S
Intel E3 4 core processor
8-16 GB x RAM, 2 TB
Cisco® UCS E160D
Intel E5 6 core processor
8-48 GB RAM, 200 GB - 3 TB
Cisco UCS E180D
Intel E5 8 core processor
8-48 GB RAM, 200 GB - 3 TB
Technology Consolidation Routing
Security
WAN Optimization
Unified Communications
Mobility
Case Studies: Large Bank
Reduction in WAN costs 40%
› Driver: Reduce costs
› 14,000 bank branches worldwide
› MPLS dual broadband
› ISR 2901 and ASR1004
› PfR and IPSEC
› 40% Reduction in WAN costs
› Completed 200 UK branches
› Next 300 Germany branch
› Followed by Global rollout
Case Studies: Mid-Size Insurance Company
Increase in BW utilization
› Cisco ISR G2 with PfR, WAAS
› Enable Active-Active MPLS + Internet
› Doubled bandwidth utilization (4X with WAAS) at no additional costs
› Dynamic network response; less manual configuration
2- 4x
› WAN expansion with growing costs
› Addressing MPLS upstream issues
› Real-time apps (voice) quality
Case Studies: Luxury Global Retailer
Reduction in mobile app response time 38→6
› Re-energize customer in-store experience
› Improve mobile application performance
› Cisco ISR-AX featuring IWAN with Akamai
› Pilots in Hong Kong, Paris, NYC experience faster app response
› Sales Apps from 36 6 sec
› Catalogs available instantly
SECONDS
Case Studies: Large US School District
WAN off-load after initial user 100%
› Support iPad apps for all students
› HD Video curriculum
› Limited bandwidth in classrooms
› Cisco ISR-AX with AVC, WAAS
› Cisco featuring IWAN with Akamai
› Moving forward to provide 750K iPads to students
› Able to deliver online rich media content with minimal WAN impact—100% offload after initial user
Case Studies: Financial Company
Savings per year with first phase of deployment $95K
› Lower operational costs with broadband
› Overcome Internet variability, and provide quality user experience
› Cisco 800 ISR
› DMVPN, PfR
› 190 branches deployed with 200 more coming
› OpEx saving: $500/store/month in bandwidth
› Rapid branch rollout
Built to Enable the Cisco Intelligent WAN
Security and reliability
without compromise
IT agility with
simplified operations
Ease of access to
cloud networking
services
Virtualize WAN over
any transport
Bandwidth costs
optimized
Apps run with LAN-like
performance Intelligent
WAN
Best of Interop Networking Winner! Cisco 4451 ISR Converged Branch Infrastructure
Cisco® 4451 with Cisco UCS® E-Series and SM-X Layer 2/3 Switch Module
Interop Las Vegas and Tokyo
The 4451 is poised to address the gap between networking functions that are fully virtualized and
those that are still embedded in dedicated
networking devices … transforming a product line that began as a way to connect remote sites to
corporate networks and the Internet into a
small-scale data center in a box.
Kurt Marko, Best of Interop Judge
“ “