Extending Enterprise Network into Public Cloud with Cisco CSR1000v
|
|
- Olivia Simmons
- 6 years ago
- Views:
Transcription
1
2 Extending Enterprise Network into Public Cloud with Cisco CSR1000v Fan Yang, Technical Marketing Engineer Tony Banuelos, Product Manager BRKARC-2749
3 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, cs.co/ciscolivebot#brkarc Cisco and/or its affiliates. All rights reserved. Cisco Public
4 Your Speaker Tony Banuelos Product Manager Product Manager at Cisco and at the company for 17 years working across different technologies like VoIP, UC Interoperability, SONET, Cisco VXI and public cloud solution. Fan Yang Technical Marketing Engineer 5 years in Cisco Youtube Channel: BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 4
5 Related Cisco Live Las Vegas 2017 Sessions BRKSDN-2411 NFV Performance - Challenges and Solutions BRKSEC-3007 Advanced Cisco IOS Security BRKSEC-2064 NGFWv and ASAv in Public Cloud (AWS and Azure) BRKARC-2023 Building Hybrid Clouds in Amazon Web Services with the CSR 1000v [LAB] LTRVIR-2100 Deploying Cisco Cloud Services Router CSR 1000V on AWS and Azure BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6 Agenda Introduction of Cisco CSR1000V in Public Cloud CSR Use Cases on Public Cloud Transit solution Licensing and Resources
7 Introduction of Cisco CSR1000V in Public Cloud
8 What is Public Cloud? On-demand extensible network and compute resources Supports IaaS model, allowing users to create virtual machines, storage, networking, security, and other services Supports open API to automate deployment of application services Amazon AWS and Microsoft Azure are leaders in public cloud BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 Enterprises are Moving Applications to Cloud Numerous Challenges to Adopt Enterprise adoption of cloud continues to grow Security is still top of the list concern 70% of enterprise cloud solutions are hybrid approach where both private and public clouds are used Multi-Cloud becomes strategy for enterprise customers BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 Cloud Adoption Numbers Data is collected from 1000 cloud customers across different business segments In 2016 Private Cloud Adoption fell to 72% from 77% the previous year, which impacted hybrid cloud which fell to 67% from 71% 95 percent of organizations surveyed are running applications or experimenting with infrastructure-as-aservice (Public Cloud) 85 percent of enterprises have a multi-cloud strategy, up from 82 percent in 2016 Most customers run their application in the cloud, with 41% running apps in public cloud and 38% in private cloud Source: RightScale 2017 State of the Cloud BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 How do I Size Cisco CSR 1000V? CSR is offered on Amazon AWS and Microsoft Azure CSR1000V pricing based on technology package, throughput, license term PLUS platform cost How do I choose the platform for CSR on AWS or Azure? Notice: Actual cost will depend on negotiated terms and discounts BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 Cisco CSR 1000V Cloud Platform Options CSR on AWS Size CEF(Mbps) IPSEC(Mbps) T2.medium M3.Medium C4.large C4.xlarge C3.2xlarge C4.2xlarge C4.4xlarge C4.8xlarge CSR on Azure Size CEF(Mbps) IPSEC(Mbps) D2_v DS2_v D3_v DS3_v D4_v DS4_v BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 Cisco CSR1000V on AWS Cloud Platform Cisco CSR1000V is supported on EC2 Instance Types: C3, C4, M3, T2 (R4 coming soon) Cost of CSR VM hosting depends on instance type model, size, term and region AWS offers pay-as-you-go (hourly) and pay-upfront (1Y or 3y term) consumption models Instance type size determines achievable CSR1000V performance Use AWS Simple Monthly Calculator to calculate cost Next slide shows an example on calculating AWS costs BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14
15 Cisco CSR1000V on Azure Cloud Platform Cisco CSR1000V is supported on VM Types: D-series, Dv2-series and DSv2-series Cost of CSR VM hosting depends on instance type model, size, term and region Azure offers month-to-month consumption model VM type size determines achievable CSR1000V performance Use Azure Simple Monthly Calculator to calculate cost Next slide shows an example on calculating Azure costs BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 CSR1000V on Azure Cloud Platform Azure cost calculator BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Cisco Cloud Services Router (CSR) 1000V Cisco IOS XE Software in a Virtual Appliance Form-Factor App OS App OS CSR 1000V Software Familiar IOS XE software with ASR1000 and ISR4000 Infrastructure Agnostic Runs on x86 platforms Supported Hypervisors: VMware ESXi, Linux KVM, Citrix Xen, Microsoft Hyper-V, Cisco NFVIS and CSP2100 Supported Cloud Platforms: Amazon AWS, Microsoft Azure Virtual Switch Hypervisor Server Enterprise-class Networking with Rapid Deployment and Flexibility Performance Elasticity Available licenses range from 10 Mbps to 10 Gbps CPU footprint ranges from 1vCPU to 8vCPU License Options Term based 1 year, 3 year or 5 year Smart License enabled Programmability NetConf/Yang, RESTConf, Guest Shell and SSH/Telnet *Only Available on Amazon AWS. BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 IOS-XE Coverage for All Deployment Types CSR 1000v CSR 1000v ISR 4400 ASR 1000 Hypervisor Cloud Platform Enterprise Data Center or Branch BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 The Benefits of Bringing IOS XE into Public Clouds Extends Existing Routing Topology Integrates With Existing VPN Topology (Eg. DMVPN) Shares Existing Zone Based Firewall Policies Network Logging to Existing Tools Identifies Cloud Performance Problems IOS XE Supportable by Existing IT Staff Existing Monitoring Tools Existing Troubleshooting Steps BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 Public Cloud 101
21 Region and Availability Zone Concepts VM (Virtual Machines) is hosted in multiple data centers across the world. A region is a separate geographic area VM instances have to be launched into a specific region. Locating instances close to end users can reduce latency Region is consisted by multiple AZs (Availability Zone). Each AZ is isolated, but AZs in a region are connected through low latency and high bandwidth links. BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 Virtual Private Cloud () Concepts is isolated from other s environment. s IP ranges (RFC 1918) can overlap. IGW (Internet Gateway) provides external access. Granular subnets can be created in. Route Table can be associated to subnets UDR (User Defined Route) can be added to route table Security Options: - Network ACLs protect subnets - Security Groups protect instances Internet EIP to EIP communication is going through Cloud Provider s backbone James Bond CIDR /16 Internet Gateway Elastic IP Mappings Route Table Subnet A /24 Subnet B /24 WebApp1 Instance IP: BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 No Link Local Broadcast in the No Link local multicast or broadcast Affected Services Include: IGPs HSRP/VRRP BFD Proxy ARP, Gratuitous ARP > LISP-VM Mobility GRE as work-around for some services, some cloud BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 Multiple Ways to Insert CSR 1000V as Gateway Two Armed Mode: CSR has one interface in each network. Two options to change gateway 1. Change application VM s default gateway to CSR IP 2. Change application subnet s route table pointing to CSR as gateway. (Recommended, more flexible and scalable) Limitation on # of interfaces for CSR imposed by different cloud providers. One Armed Mode: CSR has single interface and a default gateway pointed towards Internet Gateway. Other subnets have route added to their route table, pointing to the CSR as gateway. Instances in other subnets don t need their default gateway manually changed. Number of subnets is not limited by number of interfaces IGW IGW g1 Public subnet /24 g1 Route Table g2 Private subnet BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 CSR1000v Use Cases
26 CSR 1000V use cases for all public clouds Extend Enterprise Routing Architecture to Cloud Common routing fabric securely extended to cloud DMVPN, FlexVPN, GETVPN* Support up to 1000 tunnels corporate office/branch Remote Worker VPN Access FlexVPN IPSEC or SSLVPN via AnyConnect Flexible AAA server options for authentication Launch applications in regions near your users Cloud, US West Across Region/Cloud Provider Interconnection Distribute applications globally Accessibility across on-prem and cloud locations Overcomes VPN tunnel limitation on AWS and Azure Extend on-prem routing architecture into Public Cloud Monitor/Analyze/Shape traffic in Public Cloud Security(vFW, VRF, AVC, Snort IPS/URL Filtering) Assurance(IP SLA, BFD, QoS) Scale to hundreds of across regions/accounts (Transit ) Monitoring and troubleshooting with known common tools virtual private cloud Cloud, US East virtual private cloud *GETVPN supported on DX/ER only (no NAT) BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 26
27 CSR 1000V Routing High Availability on Cloud No virtual IP as with HSRP, since Cloud Provider doesn t allow multicast or broadcast. BFD over GRE tunnel(aws), IPSEC or VXLAN-GPE (Azure*) is enabled between two CSRs to detect failure Failure detection is automatic. Route Tables for app subnets are repointed to surviving CSR. CSR itself calls Cloud Provider s REST API to shift Route Table routes. IGW CSR Subnet BFD Cloud REST API App Subnet A App Subnet B Before HA Failover / After HA Failover *Azure drop GRE packets BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 Traffic Flow During Failover IGW CSR-A CSR-A Internet BFD Internet BFD CSR-B CSR-B *Asymmetric routing may exist CSR-A CSR-A Internet BFD Internet BFD CSR-B CSR-B Cloud REST API BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 Two deployment models Application Gateway CSR deployed in application Provide IPSEC gateway for entire Need high availability Transit Hub Router CSR deployed in dedicated Transit Hub, not in application High speed traffic routing for spoke High availability is built-in natively Application AZ1 AZ2 Transit Hub BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 CSR1000v Performance in AWS and Azure Max 10 NICs Support on HVM instance types including T2, M3, C3, C4 Performance go up to 5Gbps L3 Routing and 4.5Gbps IPSEC 2, 4, 8 NICs deployment template Support on D2_V2, DS2_V2, D3_V2, DS3_V2, D4_V2, DS4_V2 instances Performance with 2Gbps L3 Routing and 1.8Gbps IPSEC BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 Technical comparison between AWS and Azure for CSR 1000v Feature AWS Azure IPSEC Throughput 4.5 Gbps 1.8 Gbps Number of vnic supported today 10 2/4/8 High Availability (Routing) Supported Supported Multiple IP addresses on vnic Supported Supported Allow Overlapping IP addresses Yes Yes GRE Tunnel support in /VNet Supported Not supported L2 Broadcast and Multicast Not supported Not supported Add or remove interfaces on running CSR 1000V VM Yes No (need to stop instance) BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 Connection Options
33 Cloud to On-Premise Connection Internet Customer Network New York Co-location VGW (Virtual Private Gateway) WAN Customer Network San Jose Connection Option Use Cases Limitations VPN Dedicated Circuit* IPSEC VPN connections for to across regions Consistent 1G/10G connection to Cloud Provider Co-Location Throughput limited by VGW or VPN instance Point to Point High Cost Relationship required for 3 rd party * AWS DX (Direct Connect) and Azure ER (Express Route) BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 to Connection VGW (Virtual Private Gateway) Dev QA Prod Peering Co-lo Co-lo us-west WAN Connection Option Use Cases Limitations us-east Peering High bandwidth to connection No across region peering Point to Point VPN* IPSEC VPN connections for to across regions Throughput limited by VGW or VPN instance Point to Point Dedicated Circuit* Consistent 1G/10G connection to Cloud Provider Co-Location VGW to VGW connection is only supported on Azure today High Cost Relationship required for 3 rd party BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 Peering High Bandwidth to Interconnection Share Private IP CIDR blocks between the s Point to Point No Across Region Peering No Transit Peering Dev Peering QA us-west BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 Dedicated Circuit (Direct Connect) Overview Dedicated connection between the enterprise and AWS Provides (1) private access to s and (2) public access to AWS services (S3, etc) Sub-interface on corporate DC router for each service BGP peering for route exchange for each service 1G and 10G dedicated connections; sub-1g connections available via partners Multiple connections for redundancy No Native Encryption Corporate DC Direct Connect Circuit Virtual Private Cloud Cisco ISR/ASR Virtual Private Gateway (VGW) BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 A Closer Look At VGW (Virtual Private Gateway) VGW is an easy to use VPN service provided by AWS. It supports IPSEC VPN with pre-shared key (no certificate based). It supports static route and BGP routing (no route-map and fixed BGP AS number) VGW uses two end-points for high availability CGW (Customer Gateway) is needed to establish a IPSEC VPN. IPSEC can t be established between two VGWs VGW is also used in DX (Direct Connect) Static route and BGP routing No encryption BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 Comparison: CSR 1000v, VGW and Peering Features Enterprise Grade CSR 1000v Hub Spoke network design Active/Active for Tunnels Across regions and accounts Site-to-Site/DMVPN network Full Transit Routing functions Full Traffic Control (QoS) and visibility Provide HA Redundancy VGW Full mesh network design Active/Standby for Tunnels Across regions and accounts Only Site-to-Site IPSEC Basic BGP No Traffic Control and visibility Provide HA (Two Tunnels per ) Simple Conn Peering Full mesh network design Same region No Transit Routing No Traffic Control Max 50 peers on AWS(up to 125 by contact support) Max 10 peers on Azure(up to 40 by contact support) Performance Op to 5Gbps CEF and 4.5Gbps IPSEC Two CSRs doubles to 10Gbps Max 500Mbps on AWS (up to 1Gbps by contact support) 200Mbps on Azure Same bandwidth between instances in same 400K BGP routes 100 routes Price Hourly and Annual BYOL(Bring Your Own License) Data Transfer* Hourly (per VPN connection) Data Transfer* *same cost for Data Transfer across three solutions, 0.02$/GB bi-directional Data Transfer* BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 Transit with CSR1000v
40 Public Cloud Transit Routing Challenge -A Transit Routing NOT supported Full mesh A-to-C-thru-B A-B Peering B-C Peering -B 2 Private DC Backhaul -C No transit routing capability See next slide Don t support across region peering BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41 Transit Hub Point Network transit hub connecting multiple, geographically disperse networks High speed routing point in a centralized location Source: BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 41
42 Across regions, accounts/subscriptions Transit Design A B C Dedicated : Simplifies routing by not combining with other shared services.... Spoke CSR1000v Virtual Network Appliances: Provide dynamic routing and VPN network tunnels Redundancy: Dynamic routing combined with multi-az deployment creates a robust network infrastructure. VGW: virtual gateways provide highly available connections to transit virtual network appliances. Automated solution is available on AWS. Customer can build same solution without automation on Azure. AZ1 CSR1 Direct Connect Express Route Internet Transit ASR Private DC AZ2 CSR2 Other Provider Networks BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 42 VGW IGW
43 Traffic Segregation Traffic segregation is built-in natively CSR1 -A -B -C CSR2 Each Spoke is represented as a different VRF in CSR -A VRF -B VRF -C VRF Routing is controlled through RT (Route Target) MP-BGP Different s can communicate by export/import same RT On-Premise VRF Follow same mechanism to create customized VRF like on-premise VRF Private DC BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 High Availability in Transit Active Tunnel Standby Tunnel Spoke VGW has two tunnels with both CSRs. Spoke VGW doesn t support load balance across two tunnels. It s using active standby. A B... Spoke C It s possible different VGW uses different CSR as active. Both CSRs are forwarding traffic independently at same time. CSR1 CSR2 In case of CSR fail, the other CSR will take over all traffic. Transit VGW IGW BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 Connect to DX (Direct Connect) Detached VGW Create a Detached VGW which is not attached to any. DX connection is terminated on Detached VGW ASR doesn t learn CIDR of Transit Routes will be exchanged through VGW like a middle hop Specify same tag on VGW and tunnels will be automatically provisioned like another spoke Throughput will be restrained by VGW doing IPSEC encryption (Current 1Gbps) IPSEC Encrypted Non-Encrypted CSR1 Detached VGW Transit ASR Private DC AWS Direct Connect CSR2 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 45 BGP1 BGP2
46 Connect to DX (Direct Connect) Attached VGW Create a VGW for DX and attach it to Transit DX connection is terminated on Detached VGW ASR learns CIDR of Transit CSR1 VGW CSR2 Transit CSR builds BGP peering with ASR directly BGP2 Manual configuration needed, can t leverage previous Lambda scripts Tunnel AWS Direct Connect BGP1 Throughput goes up to 10Gbps with 2xCSR ASR Private DC BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 Multi Region Deployment us-west us-east CSR2 Tunnel Tunnel CSR3 CSR1 CSR4 Transit Transit DX/ER Internet DX/ER Internet VGW IGW ASR Private DC 1 Keep localized traffic in same region ASR Private DC 2 BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 47
48 Scale Out Add another pair of CSRs to scale out Remote end (VGW) has multiple tunnels and do L3 ECMP (Equal Cost Multiple Path) Elasticity as you go: monitor CSR real-time throughput and spin up new CSRs on demand. CSR1 CSR2 CSR3 CSR4 Transit DX/ER Internet ASR Private DC... VGW IGW BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 48
49 Transit Architecture and Components on AWS Transit : deployed with two Cisco CSR instances in separate AZs S3 bucket: Storage location for transit config files KMS (Key Management Service): All data in the S3 bucket is encrypted using a solution-specific AWS KMS managed customer master key (CMK). VGW Tags: Customer-specified opt-in tags to automatically join a spoke to the transit network VGW Poller (Lambda function): Identifies and configures VGWs to connect to the transit network (checks all regions every minute) Writes new VPN connection details to an S3 bucket Cisco Configurator (Lambda function): Pushes VPN configuration to CSR instances when config files are saved to S3 Spoke A AZ 1 Transit Corporate Data Center Spoke B AZ 2 VGW Poller Other Provider Networks Spoke n Amazon S3 bucket AWS KMS Cisco Configurator BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 49
50 Transit Security Configuration Transit : No inbound traffic all VPN connections originate from CSRs CSR Hardening: SSH restricted to Cisco Configurator function security group SSH public key auth only (password auth disabled) Enables EC2 Auto Recovery for CSR instances Cisco Configurator: Runs inside Uses automation-specific, unique SSH keys for auth S3 bucket: AES-256 SSE for all files Bucket policy controls which additional accounts may join the transit network BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 50
51 Transit workflow Adding new transit spoke VGW Poller Amazon S3 bucket Cisco Configurator 4 A C B 5 CSR 1 CSR 2 AZ 1 AZ 2 Transit BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52 Transit workflow (cont.) VGW Poller Logic VGW Poller 1 2 Amazon S3 bucket Does the VGW have the appropriate tag? yes Is there an existing VPN connection? No Create Customer Gateways (if required) for the IPs of the CSR instances A B Create a VPN connection to the Customer Gateway Download the VPN configuration file in XML and push it to Amazon S3 C VGW Poller logic BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 52
53 Transit workflow (cont.) Adding new transit spoke Copy the XML VPN configuration file and SSH keys from the Amazon S3 bucket From the XML file, extract VPN, BGP, and interface parameters. Create a Cisco config using these values. Amazon S3 bucket 3 Cisco Configurator 4 SSH into the CSR instances Apply the Cisco config onto the CSR instances Cisco Configurator logic CSR 1 CSR 2 AZ 1 AZ 2 Transit BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 53
54 Transit Best Practice (1) Is CSR dropping packets? Make sure CSR is running at licensed throughput BYOL (Bring Your Own License) CSR-BYOL#show license all License Store: Primary License Storage StoreIndex: 0 Feature: ax_2500m Version: 1.0 License Type: Permanent Start Date: N/A, End Date: May License State: Active, In Use License Count: Non-Counted License Priority: Medium CSR-BYOL#show platform hardware throughput level The current throughput level is kb/s Hourly CSR-hourly#show license all License Store: Primary License Storage CSR-hourly#show platform hardware throughput level The current throughput level is kb/s Check Packet drop BR #show platform hardware qfp active statistics drop Global Drop Stats Packets Octets Ipv4NoAdj BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 54
55 Transit Best Practice (2) I observe tunnel status on VGW is down on AWS console. Check tunnel status on CSR. VGW status might be a little bit delayed. If tunnel on CSR is down or no tunnel info, check if CSR has correct configurations pushed. If CSR has configurations, tunnels should be up typically. If CSR doesn t have correct configurations. It means Lambda function has at least one of following problems. 1. VGW Poller can t poll tag or wrong tag specified on VGW 2. Cisco Configurator can t push configurations to CSR Check Cloud Watch logs to identify root cause for Lambda Note: CSR security group doesn t need inbound rule of UDP 500/4500 since IPSEC session is initialized from CSR to VGW. Security group doesn t restrict any outbound traffic. BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 55
56 Transit Best Practice (3) I want to choose active CSR for spoke. This is used to enable state full features, like ZBFW and etc. By default two CSRs are forwarding traffic at same time. Spoke VGW randomly picks one CSR as active, the other CSR as standby. You can use preferred tag and set specific CSR as active and standby. VGW Preferred tag=csr1 Active Tunnel Standby Tunnel CSR1 CSR2 BGP as-path prepend Transit BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 56
57 Transit Best Practice (4) How to do maintenance on CSR? For example, version upgrade. CSR supports inline upgrade in b version and onwards. It will be the same process as upgrading a physical IOS-XE router (Upload bin and change boot). Two CSRs are working as active active. Let one CSR stop forwarding traffic gracefully by shutdown tunnels on CSR. All traffic will be forwarded to the other CSR. Upgrade the CSR to correct version and bring up tunnels. Traffic will be load balanced across two CSRs. Redo same steps on the other CSR. BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 57
58 Transit Best Practice (5) How do I manage CSR through private IP, rather than EIP. Customer wants to manage CSR through private IP since most NMS (Network Management System) or Network Engineers sits in on premise network. For security concern, security group on CSR is only open to internal IPs. Create a MGMT VRF and tie to a Loopback interface Redistribute this loopback interface into BGP domain ip vrf mgmt rd 64512:2 route-target export 64512:0 route-target import 64512:0 interface Loopback0 ip vrf forwarding mgmt ip address router bgp address-family ipv4 vrf mgmt redistribute connected BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 58
59 Transit Sizing Sizes include*: 2 x 500 Mbps (c4.large) 2 x 1 Gbps (c4.xlarge) 2 x 2.5 Gbps (c4.2xlarge) 2 x 4.5 Gbps (c4.4xlarge) 2 x 5 Gbps (c4.8xlarge) Need SEC technology pack (BGP routing, IPSEC, VRF-Lite) Number of connections: 100 out-of-the-box (VGW limits) 1000s with customized route summarization *Additional virtual appliances can be added to increase aggregate bandwidth and to create additional network paths using BGP multi-path BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 59
60 Transit Variations
61 What if I want to push more throughput to spoke and have traffic visibility?
62 Variation #1 DMVPN Transit High Throughput: spoke scales up to 4.5Gbps, 400K routes on CSR, while 1Gbps, 100 routes on VGW Inter Traffic: spoke to spoke communication directly which saves Transit CSR throughput Redundancy: two CSRs in spoke acts as high availability pair to provide redundancy Application Visibility: provide application level visibility in spoke with NBAR capability on CSR Advanced Security: push security policy to edge. Provide ZBFW, IPS and URL filtering A CSR1 Direct Connect Internet B DMVPN Private DC... Transit ASR Spoke CSR2 Other Provider Networks BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 62 C IGW
63 What if I want to enable security policy and DIA (Direct Internet Access)?
64 Central versus DIA (Direct Internet Access) VM software/os update and etc. Central Internet Access Leverage existing enterprise internet connection and security perimeter All traffic traverses the VPN Tunnel DIA (Direct Internet Access) Optimal access to cloud based resources Offload Internet traffic from DX or ER Doesn t lose central security enforcement -A -B -C -A -B -C Internet Security Internet Transit Transit Security Private DC Private DC BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 64
65 Variation #2 Integrated Security Features on CSR Support Coming Integrated Security Low TCO by enabling security services Built-in high availability with routing ACL VRF Zone Based Firewall Single device to manage routing and security Snort IPS Web Root URL Filtering Umbrella CSR1 CSR2 IPSEC Trust Sec AAA Transit Hub BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 65
66 Variation #3.1 Secured DMZ by extending Transit A B... Spoke C CISCO VERIFIED Internet CSR1 CSR2 NGFWv Transit VGW IGW Routing: CSR redirects Internet traffic to NGFWv Security: NGFWv as standalone IPS VM provides full IPS features and easily managed through FMCv NAT: NGFWv acts as NAT device. NAT/PAT supported Automation: One click Launch by using template and scripts NGFWv (Next Generation FireWall Virtual) FMCv (Firepower Management Center Virtual) Deployment Video BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 66
67 Variation #3.2 Deploy IDS In Passive Mode CISCO VERIFIED Internet IDS (NGFWv) deployed in Passive Mode CSR1000v sends traffic through ERSPAN session NGFWv inspects traffic over ERSPAN session passively Spoke to spoke traffic is agnostic to IDS device CSR1 ERSPAN CSR2 * ERSPAN= Encapsulated Remote Switch Port Analyzer Port NGFWv Transit VGW NGFWv (Next Generation FireWall Virtual) FMCv (Firepower Management Center Virtual) IGW BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 67
68 Variation #4 Dedicated Security Internet Separate security services into dedicated Network team manages Transit A Security FW IPS B Security team manages Security /0 No end-to-end automation, manual configuration needed Additional Internet traffic cost going to Security. Transit Additional hop for latency. VGW Private DC IGW BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 68
69 Summary on 5 Variations Variations /Features Hub-Spoke Spoke-Spoke Spoke Throughput IOS-XE Features at Spoke #0 Transit Solution 1Gbps Lower Cost #1 DMVPN Transit 5Gbps Higher Variations /Features L4 FW L7 FW IPS/IDS Routing Security Separation Domain Separation Traffic Latency #2 Integrated Security Lower Lower Cost #3 Secured DMZ Medium Higher #4 Dedicated Security Higher Higher BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 69
70 Summary on 5 Variations Variations Pros Cons #0 Transit Solution Lower TCO by using VGW on spoke Centralized routing domain and security enforcement Highly automated #1 DMVPN Transit Higher throughput at spoke Spoke to spoke connection, not limited by transit CSRs throughput Full enterprise features including traffic control and visibility at spoke Security policy pushed to edge spoke Highly automated #2 Integrated Security Lower TCO by leveraging existed features on CSR L4 firewall, IPS and URL filtering Central security enforcement Native high availability on CSR VGW s throughput and routes limited at spoke No traffic control and visibility at spoke Capacity limited by two CSRs throughput Higher TCO by using CSR on spoke (price close to VGW if using for 5 years) Throughput impact based on security features enabled No L7 firewall and full IPS functions #3 Secured DMZ Advanced security features offered by 3 rd party VNF Separate VNFs for routing and security Shared for routing and security #4 Dedicated Security Advanced security features offered by 3 rd party VNF Separate VNFs for routing and security Separate for routing and security Higher TCO by adding 3 rd party VNF (FW, IPS or IDS) High availability depends on 3 rd party VNF Throughput limited by 3 rd party VNF Higher TCO by adding 3 rd party VNF (FW, IPS or IDS) High availability depends on 3 rd party VNF Throughput limited by 3 rd party VNF One more to manage and additional traffic cost BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 70
71 CSR 1000V IWAN on Amazon AWS us-west Branch 1 CSR Subnet us-east App Subnet A csr1000v csr1000v BR1 virtual private cloud Internet csr1000v App Subnet B csr1000v us-west Branch 2 BR2 MC csr1000v virtual private cloud MPLS/DX APIC-EM Physical branch Cloud Data Center BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 71
72 CSR Programmability
73 CSR1000v Automation Cloud Center APIC EM NSO Guest Shell Ansible Deploy Infra SD-WAN Function Pack Cloud, US West Cloud Formation virtual private cloud Lambda Public Cloud SP Infrastructure Devops BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 73
74 CSR1000v Web GUI BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 74
75 Application Visibility on CSR1000v BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 75
76 Guest Shell Guest Shell runs in a LXC container It gives you native Linux Shell (Command) access to run customized scripts Access to IOS-XE CLI, boot flash Python is the language we support today Linux applications You can install AWS CLI and SDK to automate day-to-day jobs through scripts EEM can be leveraged to create Crontab tasks calling Guest Shell scripts Cisco Devnet Lab Guest Shell Open Application Container API Network OS BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 76
77 Enable Guest Shell Guest shell uses VPG as source interface and connect to outside through NAT interface GigabitEthernet1 ip address dhcp ip nat outside ip nat inside source list GS_NAT_ACL interface GigabitEthernet1 overload ip access-list standard GS_NAT_ACL permit IOS Guest Shell Container interface VirtualPortGroup0 ip address ip nat inside G1 VPG CSR 1000v eth guestshell enable virtualportgroup 0 guest-ip name-server BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 77
78 Enter Guest Shell Same Linux Shell Access Install AWS CLI and Python SDK ip #guestshell ~]$ pwd /home/guestshell ~]$ ls scripts ~]$ uname -a Linux guestshell #1 SMP Wed Mar 22 07:08:50 PDT 2017 x86_64 x86_64 x86_64 GNU/Linux sudo -E pip install awscli sudo -E pip install boto3 aws configure or configure ~/.aws/config and ~/.aws/credentials BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 78
79 Use Case #1: Monitor CSR Real-Time Throughput by AWS Cloud Watch Python script in Guest Shell Gather CSR throughput by show platform hardware qfp active datapath utilization Send key metric to AWS Cloud Watch through AWS python SDK boto3 EEM(Embedded Event Manager) script Trigger python script based on regular time interval Visualize throughput on Cloud Watch event manager applet get-throughput event timer watchdog time 15 action 0.0 cli command "enable" action 1.0 cli command "guestshell run /home/guestshell/get-sys-throughput-fyang2.py" action 10.0 syslog msg "guestshell-get-throughput executed!" BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 79
80 Use Cases #2: Network Services Zone Failover Firewall and IPS EIP failover Virtual network functions (router, firewall, IPS and etc) deployed across multiple AZs for redundancy FW EIP FW In case of AZ failure, all networking functions need to failover to a different AZ IPS IPS Hard to push all vendors to have same failover mechanism AZ1 CSR1 AZ2 CSR2 Write your own Python scripts to do seamless failover Cloud REST API BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 80
81 Guest Shell Demo
82 Licensing
83 CSR 1000v Licensing Structure Pick one option from each column Technology Package (See next slide for details) Throughput License Type Example: IPBase 250 Mbps 1-Year IPBase SEC AppX AX 10 Mbps 50 Mbps 100 Mbps 250 Mbps 500 Mbps 1 Gbps 2.5 Gbps 5 Gbps 10 Gbps Subscription (1-year, 3-year or 5-year) Utility Based Note: CSR add-on license options not shown above BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 83
84 CSR 1000v Technology Package Features Technology Package IP Base IOS-XE Features Basic Networking: BGP, OSPF, EIGRP, RIP, ISIS, IPv6, GRE, VRF-LITE, NTP, QoS, PBR, BFD Multicast: IGMP, PIM High Availability: HSRP, VRRP, GLBP Addressing: 802.1Q VLAN, EVC, NAT, DHCP, DNS Basic Security: ACL, AAA, RADIUS, TACACS+ Management: IOS-XE CLI, SSH, Flexible NetFlow, SNMP, EEM, NETCONF SEC IP Base Plus Advanced Security: Zone Based Firewall, IPSec VPN, EZVPN, DMVPN, FlexVPN, SSLVPN, GETVPN High Availability: Box-to-box HA for FW and NAT AppX IP Base Plus Advanced Networking: L2TPv3, MPLS, VRF, VXLAN (Except L3 VXLAN-GPE) Application Experience: WCCPv2, AppNAV, NBAR2, AVC, IP SLA Hybrid Cloud Connectivity: LISP, OTV, VPLS, EoMPLS AX ALL FEATURES Feature in Red will not work in AWS/Azure limitation of public cloud infrastructure(lack of L2 support, Multicast not support) BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 84
85 Flexible Licensing Options on Public Cloud Purchase Model Cloud Provider Subscription Model BYOL (Bring Your Own License) 1-year, 3-year and 5-year Hourly Annual AWS No TAC TAC TAC convertible Non-convertible Azure TAC Management Model License Model PAK Smart Licensing UDI Independent 1-click Re-host License Utilization BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 85
86 License Behavior Change Licensed Period + 1 Year Throughput CLI will be blocked 1Mbps after Kbps before 16.5 Running at Licensed throughput Loss connectivity to SL Server Keep running at previous throughput Sending expiration Warning Syslog Keep running at previous Throughput CLI will be blocked Throttle to 1Mbps or 100Kbps Boot Up Licensed 90days Grace Period 90days Expiration Date 1 year SL ID_TOKEN Expires 1 Year BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 86
87 Additional Resources
88 Joint Webinar with Under Armour and Adobe Webinar recording on Youtube: Webinar deck on Slideshare: BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 88
89 Book: Virtual Routing in the Cloud Available now at Virtual Routing in the Cloud, First Edition By: Arvind Durai, Stephen Lynn, Amit Srivastava Publisher: Cisco Press Pub. Date: April 22, 2016 Print ISBN: BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 89
90 Miercom Performance testing of CSR1000V Miercom is a world leading independent testing and consultant provider. It provides unbiased hands-on testing, research and certification services. CSR1000V on private cloud platforms delivers up to 20Gbps on a single x86 server, across 3 CSRs CSR1000V on Amazon AWS delivers up to 5Gbps of encrypted traffic running on Instance type C4.8xlarge Miercom tested different combinations of features enabled to determine real world performance (IPV4 Forwarding, QoS, NBAR, Firewall, IPSEC) Cisco CSR1000V Miercom report: BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 90
91 Additional Resources Free CSR Test Drive Program on AWS Public Documentation: 20+ Demo Videos on CSR 1000V Youtube Channel CSR 1000V Configuration Guide for AWS CSR 1000V Configuration Guide for Azure AWS Mailer Azure Mailer BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 91
92 Key Takeaways
93 Summary: CSR 1000V is built for the cloud CSR 1000V runs industry-leading Cisco IOS-XE software. CSR 1000V supports comprehensive networking features to best suit enterprise needs in cloud journey. CSR 1000V abstracts different public cloud networking capability and gives customer an unified view of management. BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 93
94 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on Don t forget: Cisco Live sessions will be available for viewing on demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public
95 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKARC Cisco and/or its affiliates. All rights reserved. Cisco Public 95
96 Thank you
97
Advanced CSR Lab with High Availability and Transit VPC
Advanced CSR Lab with High Availability and Transit VPC Fan Yang, Cisco, Engineer, Technical Marketing Nikolai Pitaev, Cisco, Engineer, Technical Marketing LTRVIR-3004 Agenda Slides (30 Min.): CSR 1000V
More informationLTRDCN-2100 Cloud networking solutions with Cisco Cloud Services Router (CSR 1000V) on AWS and Azure
LTRDCN-2100 Cloud networking solutions with Cisco Cloud Services Router (CSR 1000V) on AWS and Azure Fan Yang, Cisco, Engineer, Technical Marketing Raghavendra K S, Cisco, Engineer, Technical Marketing
More informationCisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13
Q&A Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13 Q. What is the Cisco Cloud Services Router 1000V? A. The Cisco Cloud Services Router 1000V (CSR 1000V) is a router in virtual
More informationCisco Integrated Services Virtual Router
Data Sheet Cisco Integrated Services Virtual Router The Cisco Integrated Services Virtual Router (ISRv) is a virtual form-factor Cisco IOS XE Software router that delivers comprehensive WAN gateway and
More informationCisco Cloud Services Router 1000v
Data Sheet Cisco Cloud Services Router 1000v Cisco IOS XE Software The Cisco Cloud Services Router 1000v (CSR 1000v) is a virtual-form-factor router that delivers comprehensive WAN gateway and network
More informationNGFWv & ASAv in Public Cloud (AWS & Azure)
& in Public Cloud (AWS & Azure) Anubhav Swami, CCIE# 21208 Technical Marketing Engineer Your Speaker Anubhav Swami answami@cisco.com Technical Marketing Engineer 5 years in Cisco TAC 2 years in ASA BU
More informationCisco CSR1000V Overview. Cisco CSR 1000V Use Cases in Amazon AWS
Cisco CSR1000V Overview The Cisco Cloud Services Router 1000V (CSR 1000V) sets the standard for enterprise network services and security in the Amazon Web Services (AWS) cloud. The Cisco CSR 1000V is based
More informationNGFWv and ASAv in Public Cloud
and ASAv in Amazon Web Services (AWS) and Azure Jesper Rathsach jrathsac@cisco.com Consulting cybersecurity systems engineer, Cisco Systems 29 th August 2018 Introduktion til public cloud Overblik over,
More informationNext generation branch with SD-WAN and NFV
Next generation branch with SD-WAN and NFV Kiran Ghodgaonkar, Senior Manager, Enterprise Marketing Mani Ganeson, Senior Product Manager PSOCRS-2004 @ghodgaonkar Cisco Spark How Questions? Use Cisco Spark
More informationvedge Cloud Datasheet PRODUCT OVERVIEW DEPLOYMENT USE CASES EXTEND VIPTELA OVERLAY INTO PUBLIC CLOUD ENVIRONMENTS
vedge Cloud Datasheet PRODUCT OVERVIEW Viptela vedge Cloud is a software router platform that supports entire range of capabilities available on the physical vedge-100, vedge-1000 and vedge-2000 router
More informationCisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab
Cisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab Ali Shaikh Technical Leader Faraz Shamim Sr. Technical Leader Mossaddaq Turabi Distinguished ENgineer Cisco Spark How Questions?
More informationBuilding Hybrid Clouds with CSR 1000v Steven Carter, Solutions Architect Chris Hocker, Consulting Systems Engineer BRKARC-2023
Building Hybrid Clouds with CSR 1000v Steven Carter, Solutions Architect Chris Hocker, Consulting Systems Engineer BRKARC-2023 Agenda CSR Deployment in AWS On-Prem Deployment Options in VMware & OpenStack
More informationCisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002
Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002 Agenda Joint Cisco and Microsoft Integration Efforts Introduction to CCA-MCP What is a Pattern?
More informationIntelligent WAN Multiple VRFs Deployment Guide
Cisco Validated design Intelligent WAN Multiple VRFs Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deploying the Cisco IWAN Multiple VRFs...
More informationCisco Multicloud Portfolio: Cloud Connect
Design and Deployment Guide Cisco Multicloud Portfolio: Cloud Connect Design and Deployment Guide for Private Data Center to AWS VPC October 2018 2018 Cisco and/or its affiliates. All rights reserved.
More informationNGF0502 AWS Student Slides
NextGen Firewall AWS Use Cases Barracuda NextGen Firewall F Implementation Guide Architectures and Deployments Based on four use cases Edge Firewall Secure Remote Access Office to Cloud / Hybrid Cloud
More informationMulticloud Networking: An Overview. Shannon McFarland CCIE #5245 Distinguished
Multicloud Networking: An Overview Shannon McFarland CCIE #5245 Distinguished Engineer @eyepv6 Agenda Hybrid Cloud Networking vs Multicloud Networking - A Level Set Extending on-premises private cloud
More informationCisco SD-WAN and DNA-C
Cisco SD-WAN and DNA-C SD-WAN Cisco SD-WAN Intent-based networking for the branch and WAN 4x Improved application experience Better user experience Deploy applications in minutes on any platform with consistent
More informationCisco Virtual Managed Services
Data Sheet Cisco Virtual Managed Services SD-WAN Made Simple for Service Providers Cisco Virtual Managed Services (VMS) is a cloud native solution for service providers to automate, innovate and accelerate
More informationCVP Enterprise Cisco SD-WAN Retail Profile (Hybrid WAN, Segmentation, Zone-Based Firewall, Quality of Service, and Centralized Policies)
CVP CVP Enterprise Cisco SD-WAN Retail Profile (Hybrid WAN, Segmentation, Zone-Based Firewall, Quality of Service, and Centralized Policies) 2018 Cisco and/or its affiliates. All rights reserved. This
More informationBest Practices for Extending the WAN into AWS (IaaS) with SD-WAN
Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN Ariful Huq Product Management @arifulhuq & Rob McBride Marketing @digitalmcb Industry trends impacting networking Cloud Mobile Social 2
More informationThe vedge Cloud router targets the follow ing main deployment use cases: 1. Extend SD-WAN Overlay into Public Cloud Environments
Data Sheet Cisco vedge Cloud Product Overview Cisco vedge Cloud is a softw are router platform that supports an entire range of capabilities available on the physical vedgerouter platforms. The vedge Cloud
More informationTransit VPC Deployment Using AWS CloudFormation Templates. White Paper
Transit VPC Deployment Using AWS CloudFormation Templates White Paper Introduction Amazon Web Services(AWS) customers with globally distributed networks commonly need to securely exchange data between
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More informationEnterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies)
CVP CVP Enterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies) 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
More informationIWAN APIC-EM Application Cisco Intelligent WAN
IWAN APIC-EM Application Cisco Intelligent WAN René og Per Cisco DK SE s Feb 23 th 2016 AVC MPLS Private Cloud 3G/4G-LTE Virtual Private Cloud Branch WAAS PfR Internet Public Cloud Control, Management,
More informationCloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN
BRKCRS-2113 Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN Sumanth Kakaraparthi Product Leader SD-WAN Manan Shah Director Of Product Management Cisco Spark How Questions? Use Cisco Spark
More informationIntelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access
Now a part of Cisco We bought Viptela Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access Branch Hybrid WAN Transport IPsec Secure MPLS (IP-VPN) Private Cloud Virtual Private
More informationConfiguring Cisco Nexus 7000 Series Switches
Configuring Cisco Nexus 7000 Series Switches DCNX7K v3.1; 5 Days, Instructor-led Course Description The Configuring Cisco Nexus 7000 Switches (DCNX7K) v3.0 course is a 5-day ILT training program that is
More informationEnterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.
2 CHAPTER Cisco's Disaster Recovery as a Service (DRaaS) architecture supports virtual data centers that consist of a collection of geographically-dispersed data center locations. Since data centers are
More informationIntelligent WAN Multiple Data Center Deployment Guide
Cisco Validated design Intelligent WAN Multiple Data Center Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deployment Details...1 Deploying
More informationVeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH
VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. 1 Agenda 1. Overview and company presentation 2. Solution presentation 3. Main benefits to show to customers 4. Deployment models 2 VeloCloud Company
More informationExtending Enterprise Security to Multicloud and Public Cloud
Extending Enterprise Security to Multicloud and Public Cloud Paul Kofoid Sr. Consulting Engineer: Security & Cloud This statement of direction sets forth Juniper Networks current intention and is subject
More informationRouting Underlay and NFV Automation with DNA Center
BRKRST-1888 Routing Underlay and NFV Automation with DNA Center Prakash Rajamani, Director, Product Management Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session
More informationUnity EdgeConnect SP SD-WAN Solution
As cloud-based application adoption continues to accelerate, geographically distributed enterprises increasingly view the wide area network (WAN) as critical to connecting users to applications. As enterprise
More informationCisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018
Cisco SD-WAN Intent-based networking for the branch and WAN Carlos Infante PSS EN Spain March 2018 Aug-12 Oct-12 Dec-12 Feb-13 Apr-13 Jun-13 Aug-13 Oct-13 Dec-13 Feb-14 Apr-14 Jun-14 Aug-14 Oct-14 Dec-14
More informationCisco Group Encrypted Transport VPN
Cisco Group Encrypted Transport VPN Q. What is Cisco Group Encrypted Transport VPN? A. Cisco Group Encrypted Transport is a next-generation WAN VPN solution that defines a new category of VPN, one that
More informationCisco Virtual Networking Solution for OpenStack
Data Sheet Cisco Virtual Networking Solution for OpenStack Product Overview Extend enterprise-class networking features to OpenStack cloud environments. A reliable virtual network infrastructure that provides
More informationCisco CSR 1000v Series Cloud Services Router Deployment Guide for Amazon Web Services
Cisco CSR 1000v Series Cloud Services Router Deployment Guide for Amazon Web Services Last Modified: 2018-03-23 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA
More informationIntelligent WAN (IWAN) Design and Deployment
Intelligent WAN (IWAN) Design and Deployment Adam Groudan, Technical Solutions Architect David Prall, Communications Architect BRKCRS-2002 Cisco Spark How Questions? Use Cisco Spark to communicate with
More informationSD-WAN on Cisco IOS XE Routers: An End-to-End View
SD-WAN on Cisco IOS XE Routers: An End-to-End View Summary This white paper presents an overview of the Cisco Software-Defined WAN (SD-WAN) solution on Cisco IOS XE routers. It is a good introduction for
More informationSyllabus. Cisco Certified Design Professional. Implementing Cisco IP Routing
Syllabus Cisco Certified Design Professional Implementing Cisco IP Routing 1.0 Network Principles 1.1 Identify Cisco Express Forwarding concepts 1.1.a FIB 1.1.b Adjacency table 1.2 Explain general network
More informationCCIE Routing & Switching
CCIE Routing & Switching Cisco Certified Internetwork Expert Routing and Switching (CCIE Routing and Switching) certifies the skills required of expert-level network engineers to plan, operate and troubleshoot
More informationServiceability of SD-WAN
BRKCRS-2112 Serviceability of SD-WAN Chandrabalaji Rajaram & Ali Shaikh Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
LHC2103BU NSX and VMware Cloud on AWS: Deep Dive Ray Budavari, Senior Staff Technical Product Manager NSX @rbudavari #VMworld #LHC2103BU Disclaimer This presentation may contain product features that are
More informationDeploying Cloud Network Services Prime Network Services Controller (formerly VNMC)
Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC) Dedi Shindler - Sr. Manager Product Management Cloud System Management Technology Group Cisco Agenda Trends Influencing
More informationBorderless Networks. Tom Schepers, Director Systems Engineering
Borderless Networks Tom Schepers, Director Systems Engineering Agenda Introducing Enterprise Network Architecture Unified Access Cloud Intelligent Network & Unified Services Enterprise Networks in Action
More informationARCHIVED DOCUMENT. - The topics in the document are now covered by more recent content.
ARCHIVED DOCUMENT This document is archived and should only be used as a historical reference and should not be used for new deployments for one of the following reasons: - The topics in the document are
More informationAWS Networking & Hybrid Cloud Connectivity
AWS Networking & Hybrid Cloud Connectivity Gold Coast AWS User Group Nov 2015 Kent Plummer - VPN Solutions Managed Private IP Networks for Business vpnsolutions.com.au AWS Networking & Hybrid Cloud Connectivity
More informationConfiguring High Availability
This section contains the following topics: Information about High Availability, on page 1 Error Messages for Amazon Web Services High Availability, on page 3 How to Configure High Availability, on page
More informationIntelligent WAN Deployment Guide
Cisco Validated design Intelligent WAN Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deployment Details...1 Configuring DMVPN Hub Router...2
More informationWINNER 2007 WINNER 2008 WINNER 2009 WINNER 2010
2010 2009 2008 2007 WINNER 2007 WINNER 2008 WINNER 2009 WINNER 2010 DATA SHEET VIRTUAL ACCELERATOR Six Reasons to say Yes to Expand 1. Comprehensive Whether the WAN is used to connect file servers, email
More informationDeploying the Cisco CSR 1000v on Amazon Web Services
Deploying the Cisco CSR 1000v on Amazon Web Services This section contains the following topics: Prerequisites, page 1 Information About Launching Cisco CSR 1000v on AWS, page 1 Launching the Cisco CSR
More informationCisco Configuring Cisco Nexus 7000 Switches v3.1 (DCNX7K)
Course Overview View Course Dates & Register Today This course is designed for systems and field engineers who configure the Cisco Nexus 7000 Switch. This course covers the key components and procedures
More informationEdgeConnect for Amazon Web Services (AWS)
Silver Peak Systems EdgeConnect for Amazon Web Services (AWS) Dinesh Fernando 2-22-2018 Contents EdgeConnect for Amazon Web Services (AWS) Overview... 1 Deploying EC-V Router Mode... 2 Topology... 2 Assumptions
More informationTestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE. Modified
TestOut Routing and Switching Pro - English 6.0.x COURSE OUTLINE Modified 2017-07-10 TestOut Routing and Switching Pro Outline- English 6.0.x Videos: 133 (15:42:34) Demonstrations: 78 (7:22:19) Simulations:
More informationModule 5: Cisco Nexus 7000 Series Switch Administration, Management and Troubleshooting
The Detailed course Modules for (DCNX7K) Configuring Cisco Nexus 7000 Switches Training Online: Module 1: Cisco Nexus 7000 Series Switches Cisco unified fabric trends Nexus 7000 series switch Deployment
More informationSupported Platforms for Cisco Path Trace, Release x. This document describes the supported platforms for the Cisco Path Trace, Release x.
Cisco Path Trace Application for APIC-EM Supported Platforms, Release 1.5.0.x First Published: 2017-06-23, Release 1.5.0.x This document describes the supported platforms for the Cisco Path Trace, Release
More informationPower Your Branch with Intelligent WAN
Power Your Branch with Intelligent WAN Introducing the ISR4400 series Updating the ASR1000 series Enterprise Networking David Roten - Technical Marketing Engineer What s Happening in Your World? MOBILITY,
More informationGRE and DM VPNs. Understanding the GRE Modes Page CHAPTER
CHAPTER 23 You can configure Generic Routing Encapsulation (GRE) and Dynamic Multipoint (DM) VPNs that include GRE mode configurations. You can configure IPsec GRE VPNs for hub-and-spoke, point-to-point,
More informationDisclaimer CONFIDENTIAL 2
Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally
More informationDeploying Transit VPC for Amazon Web Services
This section contains the following topics: How to Deploy Transit VPC for DMVPN, page 1 How to Deploy Transit VPC for DMVPN Information About Deploying Transit VPC This is a summary about the deploying
More informationIntroduction to the Cisco ASAv
Hypervisor Support The Cisco Adaptive Security Virtual Appliance (ASAv) brings full firewall functionality to virtualized environments to secure data center traffic and multitenant environments. You can
More informationWAN Edge MPLSoL2 Service
4 CHAPTER While Layer 3 VPN services are becoming increasing popular as a primary connection for the WAN, there are a much larger percentage of customers still using Layer 2 services such Frame-Relay (FR).
More informationIntelligent WAN : CVU update
Intelligent WAN : CVU update Deliver enhanced mobile experience at the branch with Intelligent WAN Soren D. Andreasen (sandreas@cisco.com) Technical Solution Architect CCIE# 3252 Agenda IWAN 2.0/2.1 overview
More information21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal. By Adeyemi Ademola E. Cloud Engineer
21CTL Disaster Recovery, Workload Mobility and Infrastructure as a Service Proposal By Adeyemi Ademola E. Cloud Engineer 1 Contents Introduction... 5 1.2 Document Purpose and Scope...5 Service Definition...
More informationImplementing and Configuring Cisco SDWAN (ICSDWAN-CT)
Implementing and Configuring Cisco SDWAN (ICSDWAN-CT) COURSE OVERVIEW: This course discusses the Cisco s SDWAN solution using Viptela. In this class, students will configure and manage the Viptela Fabric.
More informationCisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications
Data Sheet Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Product Overview Cisco Dynamic Multipoint VPN (DMVPN) is a Cisco IOS Software-based security solution for building
More informationIWAN Security for Remote Site Direct Internet Access and Guest Wireless
IWAN Security for Remote Site Direct Internet Access and Guest Wireless Technology Design Guide (ISR4K) March 2015 Table of Contents Preface...1 CVD Navigator...2 Use Cases... 2 Scope... 2 Proficiency...
More informationCisco Multicloud Portfolio: Cloud Connect
Design and Deployment Guide Cisco Multicloud Portfolio: Cloud Connect AWS Transit VPC with Cisco Cloud Services Router 1000V June 2018 2018 Cisco and/or its affiliates. All rights reserved. This document
More informationAWS Administration. Suggested Pre-requisites Basic IT Knowledge
Course Description Amazon Web Services Administration (AWS Administration) course starts your Cloud Journey. If you are planning to learn Cloud Computing and Amazon Web Services in particular, then this
More informationImplementing Cisco IP Routing
300-101 Implementing Cisco IP Routing NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 300-101 Exam on Implementing Cisco IP Routing...
More informationVRF, MPLS and MP-BGP Fundamentals
VRF, MPLS and MP-BGP Fundamentals Jason Gooley, CCIEx2 (RS, SP) #38759 Twitter: @ccie38759 LinkedIn: http://www.linkedin.com/in/jgooley Agenda Introduction to Virtualization VRF-Lite MPLS & BGP Free Core
More informationLayer 4 to Layer 7 Design
Service Graphs and Layer 4 to Layer 7 Services Integration, page 1 Firewall Service Graphs, page 5 Service Node Failover, page 10 Service Graphs with Multiple Consumers and Providers, page 12 Reusing a
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationFlexVPN HA Dual Hub Configuration Example
FlexVPN HA Dual Hub Configuration Example Document ID: 118888 Contributed by Piotr Kupisiewicz, Wen Zhang, and Frederic Detienne, Cisco TAC Engineers. Apr 08, 2015 Contents Introduction Prerequisites Requirements
More informationManaging Site-to-Site VPNs: The Basics
CHAPTER 23 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels
More informationDeploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)
Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC) COURSE OVERVIEW: Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent
More informationCCNP (Routing & Switching and T.SHOOT)
CCNP (Routing & Switching and T.SHOOT) Course Content Module -300-101 ROUTE 1.0 Network Principles 1.1 Identify Cisco Express Forwarding concepts 1.1.a FIB 1.1.b Adjacency table 1.2 Explain general network
More informationConfiguring High Availability on the Cisco CSR 1000v
Configuring High Availability on the Cisco CSR 1000v High Availability refers to the ability to establish redundancy of networking functionality and configuration data between two peer routers. Information
More informationMPLS VPN Inter-AS Option AB
First Published: December 17, 2007 Last Updated: September 21, 2011 The feature combines the best functionality of an Inter-AS Option (10) A and Inter-AS Option (10) B network to allow a Multiprotocol
More informationCisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications
Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Product Overview Cisco Dynamic Multipoint VPN (DMVPN) is a Cisco IOS Software-based security solution for building scalable
More informationImplementing Cisco IP Routing ( )
Implementing Cisco IP Routing (300-101) Implementing Cisco IP Routing (ROUTE 300-101) is a 120-minute qualifying exam with 50 60 questions for the Cisco CCNP and CCDP certifications. The ROUTE 300-101
More informationCisco Certified Network Associate ( )
Cisco Certified Network Associate (200-125) Exam Description: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that
More informationOverview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP
Networking in AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,
More informationCisco - ASA Lab Camp v9.0
Cisco - ASA Lab Camp v9.0 Code: 0007 Lengt h: 5 days URL: View Online Based on our enhanced SASAC v1.0 and SASAA v1.2 courses, this exclusive, lab-based course, provides you with your own set of equipment
More informationPassTorrent. Pass your actual test with our latest and valid practice torrent at once
PassTorrent http://www.passtorrent.com Pass your actual test with our latest and valid practice torrent at once Exam : 352-011 Title : Cisco Certified Design Expert Practical Exam Vendor : Cisco Version
More informationEmpowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA. Bruno Barba Systems Engineer Mexico & CACE
Empowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA Bruno Barba Systems Engineer Mexico & CACE bbarba@brocade.com Brocade Who is Vyatta? Leader in software-based networking Founded in 2006
More informationVirtual Tech Update Intercloud Fabric. Michael Petersen Systems Engineer, Cisco Denmark
Virtual Tech Update Intercloud Fabric Michael Petersen Systems Engineer, Cisco Denmark michaep2@cisco.com Agenda Introduction Intercloud and Intercloud Fabric Intercloud Fabric - New Features Intercloud
More informationDeploy the Firepower Management Center Virtual On the AWS Cloud
Deploy the Firepower Management Center Virtual On the AWS Cloud Amazon Virtual Private Cloud (Amazon VPC) enables you to launch Amazon Web Services (AWS) resources into a virtual network that you define.
More informationCisco Multicloud Portfolio: Cloud Connect
Deployment Guide Cisco Multicloud Portfolio: Cloud Connect Private Network to Azure Transit Virtual Network October 2018 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public
More informationInstalling Cisco CSR 1000v Licenses
Activating Cisco CSR 1000v Licenses, page 2 Cisco Software Licensing (CSL), page 2 Troubleshooting CSL License Issues, page 16 Cisco Smart Licensing, page 18 Prerequisites for Cisco Smart Licensing, page
More informationSecure Extensible Network. Solution and Technology Introduction
Secure Extensible Network Solution and Technology Introduction Agenda Company Overview Current WAN Challenges Viptela Solution Migration Strategy Product Lineup 2 Viptela At A Glance $110M VC funding:
More information1. Click on "IaaS" to advance to the Windows Azure Scenario. 2. Click to configure the "CloudNet" Virtual Network
Introduction to the Virtual Network Lab Scenario Steps Description 1. Click on "IaaS" to advance to the Windows Azure Scenario Windows Azure Infrastructure Services ( IaaS ) provides us with the capability
More informationCloud Security Best Practices
Cloud Security Best Practices Cohesive Networks - your applications secured Our family of security and connectivity solutions, VNS3, protects cloud-based applications from exploitation by hackers, criminal
More informationCloud-Managed Security for Distributed Networks with Cisco Meraki MX
Cloud-Managed Security for Distributed Networks with Cisco Meraki MX Joe Aronow, Product Architect Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this
More informationVM-SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES
SERIES ON GOOGLE CLOUD DEPLOYMENT GUIDELINES Organizations are adopting Google Cloud Platform to take advantage of the same technologies that drive common Google services. Many business initiatives, such
More informationRemote Access MPLS-VPNs
First Published: August 12, 2002 Last Updated: May 4, 2009 The feature allows the service provider to offer a scalable end-to-end Virtual Private Network (VPN) service to remote users. This feature integrates
More informationMPLS VPN--Inter-AS Option AB
The feature combines the best functionality of an Inter-AS Option (10) A and Inter-AS Option (10) B network to allow a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) service provider
More informationVirtual Private Cloud. User Guide. Issue 03 Date
Issue 03 Date 2016-10-19 Change History Change History Release Date What's New 2016-10-19 This issue is the third official release. Modified the following content: Help Center URL 2016-07-15 This issue
More information