Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Intelligent WAN (IWAN)

Similar presentations

Presentation on theme: "Cisco Intelligent WAN (IWAN)"— Presentation transcript:

1 Cisco Intelligent WAN (IWAN)
Right-size your Network without Compromise Michael Waas Systems Engineer

2 The Branch is More Relevant Than Ever
Where You Engage Customers Source of Business Intelligence Up to 80% of Your Employees Reside To Grow Your Business & Innovate Your Remotes Sites Must Keep Pace with HQ

3 Emerging Branch Demands The Application Landscape Is Changing
Cloud Applications are Moving to the Data Center and Cloud Data Centers Internet Edge Is Moving to the Branch Branch Pressures on the WAN 50 Cloud of CIOs Expect to Operate via the Cloud by 2015 % Mobility Fat Apps 6X 2/3 More Mobile Data Traffic by 2015 Of Mobile Traffic will be Video

4 Rethink your Branch-WAN Strategy
The Branch Conundrum USER SUFFERING BUDGET WAN Demands Rethink your Branch-WAN Strategy

5 Why Move to Internet as WAN?
Low Cost Alternative Of organizations do are planning to transition to connections % 46 1. Internet Transit Pricing based on surveys & informal data collection primarily from Internet Operations Forums – ‘street pricing’ estimates 2. Packet delivery based on 15 years of ping data from PingER for WORLD (global server sample) from EDU.STANFORD.SLAC in California Source: William Norton (; Stanford ping end-to-end reporting (PingER)

6 Internet Becoming an Extension of Enterprise WAN
Commodity Transports Viable Now Dramatic Bandwidth, Price Performance Benefits Commodity Transports Viable Now Changing application delivery  Cloud, Saas, Virtualized Ubiquitous access to cellular & broadband technologies (Eth, FTTH, 3G/4G (LTE), xDSL, PON) Dramatic Bandwidth, Price Performance Benefits Changing application content  Rich, Dynamic, Web based (Video, VDI) Augment premium MPLS transport for additional capacity Improved Network Availability Changing application consumption  Mobile, Tablets, Smartphones Combining multiple transports to increase effective availability and diversity Improved Performance Over Internet Home Offices, Public Cloud (WebEx) and Collaboration (Jabber, Skype, FaceTime) Increased bandwidth can mitigate many application problems Higher Network Availability Improved Performance Over Internet

7 Cisco IWAN Deployment Models
Dual MPLS Hybrid Dual Internet Public Public Enterprise Internet MPLS MPLS Internet Internet Internet MPLS Yesterday: Centralized Apps with DC Consolidation User Experience and Latency Pressures Tightly Controlled and Secure Today Apps distributed across DC and Cloud (example: VDI, Unpredictable performance / congestion (Example: VDI latency of 150ms and bandwidth of 150Kps per desktop) Reduced control over security and ops (Example: third party cloud infrastructure or applications) Future Application and user aware Optimized experience with WAN/Internet Consistent security and operations Dual MPLS Highest reliability, security & availability Inflexible for new services Expensive Hybrid Enable SaaS and/or high BW apps Balanced availability Dual WAN+Dual Router = % Reliability Dual Internet Best price/performance Least dependent on contracts Dual WAN+Dual Router = % Reliability Consistent VPN Overlay enables Security across Transition

8 Introducing Cisco Intelligent WAN (IWAN) Enhanced Connectivity over any Transport
AVC Internet 3G/4G-LTE Branch Data Center WAAS PfR MPLS Transport Independent Intelligent Path Control Secure Connectivity Application Optimization DMVPN IPsec overlay design Consistent operational model Simple transport migrations Scalable and Modular design Performance Routing (PfR) full utilization of all bandwidth Application best path based on delay, loss, jitter and path preference Improved network availability Suite-B strong encryption ASA & IOS Firewall/IPS comprehensive threat defense Cloud Web Security (CWS) for direct Internet Access Application Visibility & Control (AVC) WAAS Application Acceleration and bandwidth savings

9 Cisco ISR-AX: Enabling the Next Generation (I)WAN Secure and Optimized Connectivity over any Transport Intelligent Path Control Services Consistency Secure Access Optimized Connectivity Application Visibility and Control Dynamic Optimal path selection NBAR2, QoS Media Monitoring WAN Path Selection (PfR) WAN Optimization Application Acceleration TCP Compression Data Redundancy Elimination Security VPN Encryption IOS Firewall Intrusion Prevention Cloud Web Security Services Delivery Superior Business Uptime and Reliability SRE or Max DRAM Option for UCS-E Series Server Transport Independent – Consistent overlay design (Ethernet, Fiber, 3G/4G (LTE), xDSL, PON)

10 Optimize Application Performance

11 Are these applications?
What is An Application? What about these? HTTP 80 20/21 25 110 143 443 Are these applications? FTP POP3 Yesterday: Centralized Apps with DC Consolidation User Experience and Latency Pressures Tightly Controlled and Secure Today Apps distributed across DC and Cloud (example: VDI, Unpredictable performance / congestion (Example: VDI latency of 150ms and bandwidth of 150Kps per desktop) Reduced control over security and ops (Example: third party cloud infrastructure or applications) Future Application and user aware Optimized experience with WAN/Internet Consistent security and operations IMAP Or just ports? HTTPS SMTP 11

12 What is Application Visibility and Control (AVC) What is Needed
Advanced reporting tool aggregates and reports application performance App Visibility & User Experience Report Management Tool App BW Transaction Time SAP 3M 150 ms Sharepoint 10M 500 ms High NFv9/IPFIX Med Low Reporting Tools Application Recognition Perf. Collection & Exporting Reporting Tool Control Control application network usage to improve application performance Identify applications using L3 to L7 information Collect application performance metrics, and export to management tool 3

13 What is Application Visibility and Control (AVC) Enabled Technologies
Cisco Prime Infrastructure 3rd Party Tools App Visibility & User Experience Report Management Tool App BW Transaction Time SAP 3M 150 ms Sharepoint 10M 500 ms High NFv9/IPFIX Med Low Reporting Tools Application Recognition Perf. Collection & Exporting Reporting Tool Control QoS (w/ NBAR2) PfR NBAR2 Metadata Unified Monitoring Traffic Statistics Response Time Voice/Video Monitoring URL Collection 3

14 AVC Configuration Prime Infrastructure
Enable AVC with just ON/OFF button With Cisco Prime Infrastructure 2.0 3

15 AVC Configuration Prime AVC One-Click
Enable AVC in one-click One device at a time Two simple steps Select interface(s) Enable 2 3 1


17 Maximize Application Performance Controls application bandwidth usage and selects optimal path
Stop bittorrent and netflix. Prioritize salesforce, oracle WAN1 Backup Backup WAN2 Identify applications using NBAR2 and control bandwidth with Cisco industry leading QoS Limit unwanted traffic and prioritize critical applications Deliver critical applications over the path which can meet application performance requirement using PfR Automatic load share to maximize bandwidth use on available links Application-aware QoS Intelligent Path Selection

18 Performance Routing Topologies
Enterprise WAN Branch ISP2 ISP1 MC/BR WAN1 (IP-VPN) Internet Edge BR BR HQ MC MC BR MC/BR BR WAN2 (IPVPN, DMVPN) BR Full utilization of expensive WAN bandwidth Efficient distribution of traffic based upon load, circuit cost and path preference Improved Application Performance Per application best path based on delay, loss, jitter measurements Increased Application Availability Protection from carrier black holes and brownouts MC/BR Optimize by: Reachability, Loss, Delay, Jitter, MOS, Throughput, Load, and/or $Cost

19 Add WAN Optimization Speed and Bandwidth Benefits on top of the IWAN
Proliferation of Devices Users/ Machines WAN Accelerate Any TCP Connection CSR WAVE Private Cloud vWAAS WAAS Express AppNav-XE Controller Branch DC/Headquarters Faster Applications, More Users, Less Bandwidth 90% HD Video optimization and better user experience Twice as many Citrix users over same WAN, 70% faster Toyota: ROI in less than one year, 65% BW cost savings Easy to Deploy Works with existing branch routers (and existing AX license) Scalable AppNav Controller and WAVE pool is scalable Native HA capability

20 Cisco WAAS Enhancing User Experience and WAN Efficiency
PROBLEM Application latency WAN bandwidth inefficiencies SOLUTION Reduce load Data redundancy elimination (DRE), compression, and TCP optimization Application optimization Fewer protocol messages and metadata caching Application bandwidth with Cisco® WAAS Application bandwidth natively Application latency natively Application latency with Cisco WAAS 1 2 3 4 40 80 120 160 Application Bandwidth Application Latency Bandwidth (Mbps) Latency (Seconds) Reduction in bandwidth Reduction in latency As applications continue to evolve and become larger and more complex, the network load grows and the performance characteristics of the WAN affect application delivery even more. The challenges of data-retention policies, business-continuance, disaster-recovery, and compliance requirements further exacerbate the problem, given a heavily distributed infrastructure and already overburdened WAN environment. Having a centralized IT infrastructure enables operational and capital cost savings while streamlining data-protection processes. Furthermore, cloud-based models are likely to change the consumption model for technology, allowing enterprises to increase their business agility and save costs through on-demand provisioning and tear-down of infrastructure and services while being charged through a utility-based model. From user point of view the dynamics of the above can appear as inefficiencies in WAN bandwidth or latency in applications. The solutions offered by Cisco WAAS which is a comprehensive, cost-effective, cloud-ready WAN optimization solution which accelerates applications (and are vendor validated), optimizes bandwidth, provides local hosting of branch IT services, and enables cloud services, all with comprehensive network integration options. Application accelerations include Microsoft file services (Common Internet File System [CIFS]) and Microsoft Exchange (Messaging Application Programming Interface Remote Procedure Call [MAPI-RPC]), plus numerous other application protocols. Data Redundancy Elimination (DRE) inspects TCP traffic to identify redundant data patterns at the byte level and then quickly replaces them with signatures if they have been previously seen so that the peer Cisco WAAS device can use them to reproduce the original data. Cisco WAAS implements persistent Lempel Ziv compression with a connection-oriented compression history to further reduce the amount of bandwidth consumed by a TCP connection. PLZ compression can be used in conjunction with DRE or independently. The Cisco WAAS TCP Flow Optimization (TFO) feature provides optimizations that help improve TCP behavior under problematic WAN conditions to meet challenges associated with packet loss, congestion, and recovery. With Cisco WAAS TFO, communicating nodes are shielded from WAN conditions, and Cisco WAAS devices manage WAN conditions on behalf of the nodes to help ensure that available capacity can be used advantageously, the effect of packet loss and congestion is mitigated, and throughput is increased. Cisco WAAS provides application-specific acceleration capabilities that, unlike competitive solutions, have been approved by the application vendors themselves.

21 Securing Your IWAN

22 Securing the IWAN IPSec VPN and Firewall
Step 1: Secure Transport IPSec with DMVPN or FlexVPN overlay Secure transport independent overlay Add Strong Cryptography: IKEv2 + AES-GCM 256 Step 2: Threat Defense IOS Zone-based Firewall Minimize exposure DHCP addressing for Internet and tunnel interfaces Don’t put tunnel addresses into DNS Step 3: Choose your performance level Size router based on Encryption with Services and WAN bandwidth Head-end: ASR1000 or ISR4451X Branch: ISR-G2 Data Center ASR 1000 ASR 1000 ISP A ISP C DSL Cable ISR-G2 Branch 22

23 Add Network Integrated Threat Defense IOS Zone-Based Firewall
Control the Perimeter: External and internal protection: internal network is no longer trusted Protocol anomaly detection and stateful inspection Communicate Securely: Call flow awareness (SIP, SCCP, H323) Prevent DoS attacks Flexible: Split Tunnel-Branch/Remote Office/Store/Clinic Internal FW—International or un-trusted locations/segments, addresses regulatory compliances Integrated: No need for additional devices, expenses and power Works with other Cisco Services: SRE, Scansafe, WaaS Express Manageable: Supports CLI, SNMP, CCP, and CSM Supports Cisco Configuration Engine Data Center ASR 1000 ASR 1000 ISP A ISP C Firewall Perimeter Control External and internal protection: internal network is no longer trusted Protocol anomaly detection and stateful inspection Securing Unified Communications Cisco UC Trusted FW Voice Signatures (SIP, SCCP, H323) Virtualized UC (VRF aware) Call flow awareness Prevent DoS attacks DSL Cable ISR-G2 Branch 23

24 Transport Independent Dynamic Full Meshed Connectivity
Flexible Secure WAN Design over any transport Dynamic Multipoint VPN (DMVPN) or FlexVPN Simplifies WAN Design Easy multi-homing over any carrier service offering Single routing control plane with minimal peering to the provider Transport Independent Dynamic Full Meshed Connectivity Consistent design over all transports Automatic site-to-site IPsec tunnels Zero-touch hub configuration for new spokes Flexible Proven Robust Security Certified crypto and firewall for compliance Scalable design with high performance cryptography in hardware Secure MPLS Internet Data Center Branch ASR 1000 ISR-G2 WAN

25 Why Cisco IWAN?

26 Why Cisco IWAN $$$ 6-12 months Integrated Platform for IT Simplicity
Granular Control Everywhere Proven Security at Scale Unmatched Context-based Routing Quick ROI Faster than Alternatives $$$ Up to 72% in Savings Why Cisco? As the undisputed leader in networking, we have helped thousands of customers successfully make major technology transitions by using the network as the platform for business. Only Cisco can deliver an “Intelligent WAN” that can help IT navigate today’s challenges around cloud, mobility, and video. We offer a comprehensive solution at a cost-effective price with validated designs to help ensure customer success. And only Cisco can help you reach this goal with: A single integration platform that can drive significant cap ex savings that dramatically simplifies IT operations (which is opex) Granular control from the branch office to the Cloud for consistent management , only vendor that can cover all points in the network with righ network and app services Proven security at scale to protect all branch-office endpoints from threats, 10s of thousands of nodes having direct point to point connections and consistent policy enforcement across all sites Dynamic, real-time decisions through context-aware routing to deliver the best experience; with Performance Routing and Medianet the intelligent network can triangulate the best path based on App, Endpoint and Network conditions Significantly lower costs because it is a consolidated solution that pays for itself in just months … and opens resources to new business innovations Many pay off in 6-12 months The Alternative: Branch  ISR-AX App-Aware Any to Any Security Overlay Appliances Savings enables Business Innovation Endpoint-Aware DC  ASR1K-AX Protect All Branch Resources App Visibility & Control IP Sec VPN WAN Opt. Firewall WAN Path Selection Router Network-Aware Secure Direct Internet Access Cloud  CSR1000V

27 Start with Cisco AX Routers IWAN Capabilities Embedded in the Router
One Network UNIFIED SERVICES L2-L3 Transport L4-L7 Application Services ISR-AX Control Optimization Visibility Transport Independent Secure Routing ASR1000-AX Simplify Application Delivery Introducing Cisco ISR-AX (AX=Application Experience) With ISR-AX, Cisco is resetting the standard on baseline branch services by brining together routing, security and application services into one powerful platform, and help IT delivery the optimal application experience from anywhere. Cisco ISR-AX provides industry leading routing and security with a comprehensive suite of application services that provides visibility, control and optimization. Application-level visibility means you can see over 1000 applications across your network without expensive and difficult to deploy probes Application-level control means you have granular traffic prioritization, so mission critical applications get priority and the optimal path can be selected based on app type Application-level optimization means your network recognizes different app protocols and can tune your network to accelerate performance automatically while still reducing bandwidth And recognizing the growing need for application services across all size businesses, Cisco is dramatically changing the economics of the costs to acquire application services, by offering our solution 20-35% lower initial capital expense than point product offers and with greater capabilities. ISR 4451-X-AX Cisco AX Routers | 2900 | 1900 | 800 | 4451 | ASR1002-X

28 What makes the ISR-AX different?
Introducing the ISR App License IP Base Extends and replaces the Data license with application router services. All previous Data license features included. All Application Visibility and Control (AVC) features included. Enables powerful, comprehensive application monitoring and management. Right-To-Use license for WAAS License enables WAAS Express, WAAS SRE, or WAAS on UCS-E with no additional software cost. Security App U.C. App & Security included with the ISR-AX!

29 Cisco IWAN Uncompromised Experience Over Any Connection
Lower Costs without Tradeoffs Maximize Your WAN Investment With Cisco IWAN, there is none. You get the same reliability on your internet lines as you had before. You get the same robust security – because we apply security at the branch edge. You get the flexibility to go with whatever service providers you choose. All in a router that is application-aware, so it can optimize traffic flows to protect application performance… increasing your bandwidth capacity even more. So roll out more apps. Use more video. Work in the cloud. Support all those mobile devices and software updates. Without spending more on WAN bandwidth. It’s time you got the most from your WAN investment with the all-in-one solution that only Cisco can provide— Cisco IWAN. Unleash Your Business Potential


Download ppt "Cisco Intelligent WAN (IWAN)"

Similar presentations

Ads by Google