1 / 29

Cisco Intelligent WAN (IWAN) Right-size your Network without Compromise

Cisco Intelligent WAN (IWAN) Right-size your Network without Compromise. Michael Waas Systems Engineer. Where You Engage Customers Source of Business Intelligence Up to 80% of Your Employees Reside. The Branch is More Relevant Than Ever.

alpha
Download Presentation

Cisco Intelligent WAN (IWAN) Right-size your Network without Compromise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cisco Intelligent WAN (IWAN) Right-size your Network without Compromise Michael Waas Systems Engineer

  2. Where You Engage Customers Source of Business Intelligence Up to 80% of Your Employees Reside The Branch is More Relevant Than Ever To Grow Your Business & Innovate Your Remotes Sites Must Keep Pace with HQ

  3. Emerging Branch DemandsThe Application Landscape Is Changing Applications are Moving to the Data Center and Cloud Internet Edge Is Moving to the Branch Cloud Fat Apps Mobility Branch Pressures on the WAN Cloud 50 % of CIOs Expect to Operate via the Cloud by 2015 Data Centers 2/3 6X More Mobile Data Traffic by 2015 Of Mobile Traffic will be Video

  4. USER SUFFERING The Branch Conundrum BUDGET WAN Demands Rethink your Branch-WAN Strategy

  5. Why Move to Internet as WAN? Low Cost Alternative 46 Of organizations do are planning to transition to connections % 1. Internet Transit Pricing based on surveys & informal data collection primarily from Internet Operations Forums – ‘street pricing’ estimates 2. Packet delivery based on 15 years of ping data from PingER for WORLD (global server sample) from EDU.STANFORD.SLAC in California Source: William Norton (DrPeering.net); Stanford ping end-to-end reporting (PingER)

  6. Internet Becoming an Extension of Enterprise WAN Commodity Transports Viable Now Dramatic Bandwidth, Price Performance Benefits Higher Network Availability Improved Performance Over Internet

  7. Cisco IWAN Deployment Models Dual MPLS Dual Internet Hybrid Consistent VPN Overlay enables Security across Transition Public Enterprise Public Internet Internet Internet Internet MPLS MPLS MPLS • Dual MPLS • Highest reliability, security & availability • Inflexible for new services • Expensive • Hybrid • Enable SaaS and/or high BW apps • Balanced availability • Dual WAN+Dual Router = 99.999% Reliability • Dual Internet • Best price/performance • Least dependent on contracts • Dual WAN+Dual Router = 99.999% Reliability

  8. Introducing Cisco Intelligent WAN (IWAN) Enhanced Connectivity over any Transport AVC Data Center Branch MPLS WAAS PfR Secure Connectivity ApplicationOptimization TransportIndependent Intelligent Path Control 3G/4G-LTE Internet • Application Visibility & Control (AVC) • WAAS Application Acceleration and bandwidth savings • DMVPN IPsec overlay design • Consistent operational model • Simple transport migrations • Scalable and Modular design • Suite-B strong encryption • ASA & IOS Firewall/IPScomprehensive threat defense • Cloud Web Security (CWS) for direct Internet Access • Performance Routing (PfR) full utilization of all bandwidth • Application best path based on delay, loss, jitter and path preference • Improved network availability

  9. Optimize Application Performance

  10. What is An Application? What about these? 80 HTTP 20/21 Are these applications? FTP 110 POP3 143 443 IMAP Or just ports? 25 HTTPS SMTP 11

  11. What is Application Visibility and Control (AVC)What is Needed App Visibility & User Experience Report High NFv9/IPFIX Med Management Tool Low Advanced reporting tool aggregates and reports application performance Reporting Tools ApplicationRecognition Control Perf. Collection & Exporting Reporting Tool Control application network usage to improve application performance Identify applications using L3 to L7 information Collect application performance metrics, and export to management tool 3

  12. What is Application Visibility and Control (AVC)Enabled Technologies App Visibility & User Experience Report High NFv9/IPFIX Med Management Tool Low • Cisco Prime Infrastructure • 3rd Party Tools Reporting Tools ApplicationRecognition Control Perf. Collection & Exporting Reporting Tool • QoS (w/ NBAR2) • PfR • NBAR2 • Metadata • Unified Monitoring • Traffic Statistics • Response Time • Voice/Video Monitoring • URL Collection 3

  13. AVC ConfigurationPrime Infrastructure • Enable AVC with just ON/OFF button • With Cisco Prime Infrastructure 2.0 3

  14. AVC ConfigurationPrime AVC One-Click • Enable AVC in one-click One device at a time • Two simple steps Select interface(s) Enable 2 3 1

  15. Maximize Application PerformanceControls application bandwidth usage and selects optimal path Stop bittorrent and netflix. Prioritize salesforce, oracle WAN1 Backup Backup WAN2 Identify 1000+ applications using NBAR2 and control bandwidth with Cisco industry leading QoS Limit unwanted traffic and prioritize critical applications Deliver critical applications over the path which can meet application performance requirement using PfR Automatic load share to maximize bandwidth use on available links Application-aware QoS Intelligent Path Selection

  16. Performance Routing Topologies Enterprise WAN Branch ISP2 ISP1 MC MC/BR MC/BR BR MC/BR WAN1 (IP-VPN) BR Internet Edge HQ BR MC BR BR WAN2 (IPVPN, DMVPN) • Full utilization of expensive WAN bandwidth Efficient distribution of traffic based upon load, circuit cost and path preference • Improved Application Performance Per application best path based on delay, loss, jitter measurements • Increased Application Availability Protection from carrier black holes and brownouts • Optimize by: • Reachability, Loss, • Delay, Jitter, MOS, • Throughput, Load, and/or $Cost

  17. Add WAN OptimizationSpeed and Bandwidth Benefits on top of the IWAN Accelerate Any TCP Connection CSR Users/Machines Proliferationof Devices PrivateCloud WAN vWAAS WAAS Express AppNav-XE Controller Branch DC/Headquarters WAVE Faster Applications, More Users, Less Bandwidth Easy to Deploy Scalable • 90% HD Video optimization and better user experience • Twice as many Citrix users over same WAN, 70% faster • Toyota: ROI in less than one year, 65% BW cost savings • Works with existing branch routers (and existing AX license) • AppNav Controller and WAVE pool is scalable • Native HA capability

  18. Cisco WAAS Enhancing User Experience and WAN Efficiency PROBLEM SOLUTION • Application latency • WAN bandwidth inefficiencies Bandwidth(Mbps) Latency(Seconds) • Reduce load • Data redundancy elimination (DRE), compression, and TCP optimization • Application optimization • Fewer protocol messages andmetadata caching 4 160 Reduction inbandwidth 3 120 2 Reductionin latency 80 Application bandwidth natively 1 40 Application bandwidth with Cisco® WAAS Application latency natively Application latency with Cisco WAAS 0 0 ApplicationBandwidth ApplicationLatency

  19. Securing Your IWAN

  20. Securing the IWANIPSec VPN and Firewall Step 1: Secure Transport • IPSec with DMVPN or FlexVPN overlay • Secure transport independent overlay • Add Strong Cryptography: IKEv2 + AES-GCM 256 Step 2: Threat Defense • IOS Zone-based Firewall • Minimize exposure • DHCP addressing for Internet and tunnel interfaces • Don’t put tunnel addresses into DNS Step 3: Choose your performance level • Size router based on Encryption with Services and WAN bandwidth • Head-end: ASR1000 or ISR4451X • Branch: ISR-G2 Data Center ASR 1000 ASR 1000 ISP C ISP A DSL ISR-G2 Cable Branch

  21. Add Network Integrated Threat DefenseIOS Zone-Based Firewall Control the Perimeter: • External and internal protection: internal network is no longer trusted • Protocol anomaly detection and stateful inspection Communicate Securely: • Call flow awareness (SIP, SCCP, H323) • Prevent DoS attacks Flexible: • Split Tunnel-Branch/Remote Office/Store/Clinic • Internal FW—International or un-trusted locations/segments, addresses regulatory compliances Integrated: • No need for additional devices, expenses and power • Works with other Cisco Services: SRE, Scansafe, WaaS Express Manageable: • Supports CLI, SNMP, CCP, and CSM • Supports Cisco Configuration Engine Data Center ASR 1000 ASR 1000 ISP C ISP A DSL ISR-G2 Cable Branch

  22. Flexible Secure WAN Design over any transportDynamic Multipoint VPN (DMVPN) or FlexVPN Flexible Secure Transport Independent ASR 1000 ASR 1000 Dynamic Full Meshed Connectivity Consistent design over all transports Automatic site-to-site IPsec tunnels Zero-touch hub configuration fornew spokes Proven RobustSecurity Certified crypto and firewall for compliance Scalable design with high performance cryptography in hardware Simplifies WANDesign Easy multi-homing over any carrier service offering Single routing control plane with minimal peering to the provider Internet ISR-G2 Branch Data Center MPLS WAN

  23. Why Cisco IWAN?

  24. Why Cisco IWAN Integrated Platform for IT Simplicity Granular Control Everywhere Proven Security at Scale Unmatched Context-based Routing Quick ROI Faster than Alternatives $$$ Up to 72% in Savings Many pay off in 6-12 months The Alternative: • App-Aware • Branch  ISR-AX • Any to Any Security Router Overlay Appliances • Savings enablesBusiness Innovation • WAN Path Selection • Endpoint-Aware • Protect All Branch Resources • DC  ASR1K-AX App Visibility & Control WAN Opt. • Network-Aware Firewall • Secure Direct Internet Access • Cloud  CSR1000V IP Sec VPN

  25. Start with Cisco AXRoutersIWAN Capabilities Embedded in the Router Visibility One Network ASR1000-AX L4-L7ApplicationServices UNIFIED SERVICES Control Optimization Transport Independent Secure Routing ISR 4451-X-AX L2-L3Transport Simplify Application Delivery ISR-AX Cisco AX Routers 3900 | 2900 | 1900 | 800 | 4451 | ASR1002-X

  26. What makes the ISR-AX different? Introducing the ISR App License IP Base Extends and replaces the Data license with application router services. All previous Data license features included. All Application Visibility and Control (AVC) features included. Enables powerful, comprehensive application monitoring and management. Right-To-Use license for WAAS License enables WAAS Express, WAAS SRE, or WAAS on UCS-E with no additional software cost. U.C. Security App App & Security includedwith the ISR-AX!

  27. Cisco IWANUncompromised Experience Over Any Connection Lower Costs without Tradeoffs Maximize Your WAN Investment Unleash Your Business Potential

More Related