Migrating Your Existing WAN to Cisco s IWAN
|
|
- Melvin Bruce
- 6 years ago
- Views:
Transcription
1
2 Migrating Your Existing WAN to Cisco s IWAN BRKCRS-2007 Brad Edgeworth, CCIE#31574, Systems Mani Ganesan, CCIE#27200, Consulting Systems
3 Introduction Housekeeping Who we are? For your reference only Preferred or Recommended Advanced Class This is not an Introduction to IWAN session This is not an IWAN Design session. Some design aspects will be discussed This session is about how to migrate your existing WAN to Cisco s Intelligent WAN A lot of things will technically work, but IWAN is prescriptive design. The design keeps thing simple.. This session is focused primarily on transport independence and performance routing. Specifically how to deploy it. We tried to keep things in a logical order as much as possible, but there are some couldn t; so STAY AWAKE! BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 3
4 BRKCRS-2007: Migrating Your Existing WAN to Cisco s IWAN Sequence of Migration Migration Planning and Tools End State IWAN Concepts: QoS DMVPN and Routing DMVPN Hub Router Placement Strategies Migrating Branch Routers Other Migration Scenarios (Dual MPLS Hybrid Model Migration, IPsec Migration) Performance Routing (PfR)
5 Introduction
6 Intelligent WAN Solution Components AVC Internet Private Cloud 3G/4G-LTE Virtual Private Cloud Branch WAAS PfR MPLS Public Cloud Transport Independent Intelligent Path Control Application Optimization Secure Connectivity Consistent operational model Simple provider migrations Scalable and modular design DMVPN IPsec overlay design Application best path based on delay, loss, jitter, path preference Load balancing for full utilization of all bandwidth Improved network availability Performance Routing (PfR) AVC: Application monitoring with Application Visibility and Control WAAS: Intelligent Edge Caching with Akamai Connect WAAS: Application Acceleration and bandwidth savings Certified strong encryption Comprehensive threat defense with ASA and IOS firewall/ips Cloud Web Security (CWS) for scalable secure direct Internet access
7 Where to start? IWAN is not all or nothing so deploy in phases if that s easier DIA and App Optimization ( WAAS and Akamai ) can be deployed anytime during the process. Start with transport independence before adding path control - DMVPN is needed to run Performance Routing (PfRV3) - Provides us consistent overlay routing across all transports This session is focused on Transport Independence, PfR and Connectivity. This matters the most during migration BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8 IWAN Topology Lan Prefixes: /8 (Site Location is 2 nd Octet) HQ is /16 & /16 Remote Sites: / / /16 DMVPN Hub Routers R11 & R21 MPLS Transport R12 & R22 Internet Transport Transport: /16 MPLS /16 Internet DC1 DC2 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 Planning the Migration
10 Mastering The Migration People + Process + Technology.. Avoid implementation that doesn t map back to logical design determined necessary to address key requirements. Must have strong understanding of current state environment to ensure implementation success BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 Why Migration Planning is critical? Moving all branch traffic from underlay to Overlay tunnels Can be complicated WAN Migration may last for weeks for months Need to Maintain Universal connectivity between legacy and IWAN sites that are migrated Choose the right sites to act as migration sites ( during migration phase ) based on circuit speeds and device capacity What is being migrated? All Branches or leaving some sites on the legacy WAN? BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 Where Do We Start Our IWAN Migration? Gather Information and document them Inventory Licenses Software Version Top applications with AVC Existing Routing Design QoS Design Sites with Backdoor Links BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 Capacity Management - WAN/Backbone WAN Interface Utilization >60% Dropped Packets > 1% Delay > 1 Internet Carrier 1 VPN Carrier 2 VPN Internet Internet WAN Interface Utilization >75% Dropped Packets > 5% Delay > 2 opco STATE_PROCITY Network Element Name Product ID capacity maxdelay mindelay rxavgutil rxbusy4avgutil txavgutil txbusy4avgutil FXE CO DENVER BKFArspm01 CISCO MB CO Total GA MACON MCNArm01 CISCO MB GA Total MA SOUTH BOSTON BVYArm01 CISCO MB MA Total FXF TN MEMPHIS MEM-2811-SPRINT CISCO MB MEM-2811-VOIP-ATT CISCO MB MB TN Total WAN Interface Utilization >60% Dropped Packets > 1% Delay > 1 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 Capacity Management - Branch Branch Optimization Analysis Mon 21 Oct :16 PM ATL-xxx AT&T/SPRINT MPLS Si Si Internet Input Output Protocol 5min (bps) 5min (bps) 5min Max (bps) 5min Max (bps) exchange skype rtp ftp h edonkey Total Media Gateway WLC Access Switches APs Cache Engine V Si Si PC Core/Dist Switches HDTV Signage Branch Optimization Analysis c881#show flow monitor FLOWMON cache agg app name Processed 32 flows Aggregated to 9 flows APP NAME flows bytes pkts ============= ========== ========== ========== prot icmp port http port netbios-ns cisco unclass port ms-wbt port ssh cisco dhcp port dropbox port isakmp Video Conferencing IP Desktop Video Surveillance Camera BRKCRS
15 Capacity Management Branch NBAR View BU3 (top 10 apps) 3Mbps sites Max bps (input) * Max bps (output) * Observations HTTP 2.9Mbps 2Mbps Bandwidth Hog Skype 2.4Mbps 2.2Mbps Unauthorized App/Bandwidth Hog Exchange 2.7Mbps 1.6Mbps Bandwidth Hog FTP 1.9Mbps negligible High Bandwidth Usage edonkey 1Mbps 1Mbps Unauthorized/High Bandwidth Usage RTP 1.3Mbps 750Kbps High Volume/High Bandwidth Usage Novadigm 1.1Mbps 400Kbps Investigate Skinny 1.6Mbps negligible High Volume/High Bandwidth Usage Fasttrack 700Kbps 270Kbps Unauthorized/High Bandwidth Usage Citrix 1.2Mbps negligible High Bandwidth Usage/Monitor Latency BU1 (top 10 apps) 3-6Mbps sites Max bps (input) * Max bps (output) * Observations SYSLOG negligible Max Capacity Bandwidth Hog HTTP Max Capacity 1Mbps Bandwidth Hog Secure HTTP Max Capacity 600Kbps Bandwidth Hog IMAP 950Kbps 700Kbps High Bandwidth Usage SMTP 30Kbps 800Kbps High Bandwidth Usage Exchange 1.7Mbps 400Kbps High Bandwidth Usage Skype 600Kbps 1.2Mbps Unauthorized/High Bandwidth Usage edonkey 250Kbps 600Kbps Unauthorized/High Bandwidth Usage Citrix 450Kbps 200Kbps Monitor Latency Xwindows 500Kbps 500Kbps Check Security Impact Depending on the type of network traffic, DIA deployment could be accelerated. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Application Profile (Branch) Application Weekly Average Kbps Daily Average Kbps Peak Kbps Average Delay Max Delay Voice/Video Variance Classification http ms 9s Transactional secure-http ms 3s Transactional ssl ms 3s Transactional outlook-web-service ms 3s Transactional ldap, cifs, active-directory, sqlnet ms ms Transactional sqlserver ms 68ms Transactional share-point, ms-office-web-apps, ms-office-365, msupdate, oracle-sqlnet, sap ms 36-84ms Transactional rtp ms jitter (97% within) Voice ms-lync ms 124ms Voice webex-meeting, h Interactive Video sip-tls, skinny, rtsp, mgcp, rtcp, rsvp 2 89 VoIP Control youtube ms 2s Streaming Video unknown ms 3s Bulk amazon-instant-video, rtmpt, amazon-web-services, flash-video ms 52ms Bulk video-over-http ms 48ms Bulk binary-over-http ms 11s Bulk facebook, gmail ms ms Bulk itunes ms 3s Bulk audio-over-http ms 40ms Bulk BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 IWAN/Offload Application Benefits Classification* Branch Traffic Volume PfR Primary Path Offload Option VOICE 151 Kbps MPLS N VOIP CONTROL 42 Kbps MPLS N INTERACTIVE_VIDEO 89 Kbps MPLS N STREAMING_VIDEO 3778 Kbps INET Y TRANSACTIONAL_DATA 1711 Kbps MPLS Y (Selected Cloud Apps) BULK_DATA 776 Kbps INET Y IWAN will provide distinct paths to improve the application performance for key transactional and voice/video apps, redirecting bulk and streaming video to the alternate Internet backhaul path CWS and direct offload will then allow cloud apps and general Internet traffic to be directly offloaded avoiding backhaul bandwidth expense BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 Migration steps Finalize the Design Deploy IWAN via a POC or Production Pilot Learn the technology Learn the applications Test the migration strategy Collect results from any POC/Production Pilot Identify sites for migration Make changes to infrastructure (if H/W upgrades are needed) Hub deployment Cut-Over Branches Clean-Up BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 Tools to simplify Deployment and Migration Application Policy Infrastructure Controller (APIC-EM) Prime Infrastructure IWAN Workflow CLI BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 Cisco Intelligent WAN App for APIC-EM Business Policy: App SLA APP DMVPN SLA QoS Security Path Selection NETWORK IT Admin Access Application Network Profile SDN Simple Workflow Templates Zero Touch Provisioning Network, Applications Monitoring Business Level Policies Open Architecture Business Policy Dictates Network Action BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Cisco Prime IWAN Workflows Simplifying Configuration and Deployment Launch the IWAN workflow from the new Converged Menu How can I easily connect new sites to the data center and enable the IWAN technologies? BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 21
22 End State IWAN Concepts
23 Dynamic Multipoint VPN Tunneling Technology that uses: mgre, NHRP, and IPsec. DMVPN Hub R11 Zero-touch provisioning Scalable Deployment Dynamic Spoke-to-Spoke Communication DMVPN Spoke R31 R51 DMVPN Spoke Spoke-to-Spoke Tunnels requires traffic to hair-pin on the Hub tunnel interface R41 DMVPN Spoke Provides Transport Independence BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 DMVPN Spoke-To-Spoke Tunnel Creation 1 Traffic has hairpinned on my DMVPN tunnel 2 3 Traffic has hairpinned on my DMVPN tunnel 4 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 DMVPN Spoke-To-Spoke Tunnel Creation (continued) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 25
26 End State IWAN Concepts: Quality of Service
27 Need for QoS from IWAN Perspective Replacing expensive MPLS service with business class internet PfR to load balance / provide resiliency / best path DMVPN overlay on MPLS and Internet Up to 2,000 remote sites per hub router in a single domain MPLS transport will have SP QoS, but with Internet transport we assume none BRKRST-2043 IWAN AVC-QoS Design BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 27
28 IWAN QoS Requirements Bandwidth Sharing Between Tunnels Shape for Service Rate Shape for Remote Site Last Mile 1.5 Mbps 1.5 Mbps T1 Branch T1 Branch Hub BR GE 80 Mbps Service Rate Per Site Bandwidth Sharing Within Tunnel 45 Mbps 10 Mbps 45 Mbps T3 Branch T3 Branch 10 Mbps Branch BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 28
29 DMVPN Per Tunnel QoS Per-Site Shaping to Avoid Overruns Hub to spoke only CE CE 100 Mbps 802.1q trunk Shape only (100 Mbps) 100 Mbps in to DMVPN cloud can easily overrun the lower speed committed rates at spoke sites 50 Mbps 10 Mbps CE CE 50 Mbps CE CE 20 Mbps CE 20 Mbps CE 10 Mbps CE CE BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 29
30 Per-Tunnel QoS Tunnels created from Hub to Spoke sites will have QoS applied per-tunnel Pre-configured QoS policy applied to the tunnel based on NHRP Group name passed from Spoke to Hub Although many spokes can be put into the same NHRP group, the tunnel traffic for each spoke is measured individually for shaping and policing. Per-tunnel QOS policy controls only Hub to Spoke traffic, it is not bidirectional - Branches run their own QOS policies from spoke side BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 30
31 DMVPN Hub Per Tunnel QoS Implementing Per-Site Traffic Shaping policy-map RS-GROUP-50MBPS-POLICY class class-default shape average service-policy WAN policy-map RS-GROUP-20MBPS-POLICY class class-default shape average service-policy WAN policy-map RS-GROUP-10MBPS-POLICY class class-default shape average service-policy WAN Separate shaper policies for each remote-site bandwidth policy-map POLICY-TRANSPORT-1-SHAPE-ONLY class class-default shape average ! interface GigabitEthernet0/0/3 bandwidth service-policy output POLICY-TRANSPORT-1-SHAPE-ONLY Signal from the spoke to the hub to use the correct policy for each remote site interface Tunnel10 nhrp map group RS-GROUP-10MBPS service-policy output RS-GROUP-10MBPS-POLICY nhrp map group RS-GROUP-20MBPS service-policy output RS-GROUP-20MBPS-POLICY nhrp map group RS-GROUP-50MBPS service-policy output RS-GROUP-50MBPS-POLICY 10 Mbps spoke 20 Mbps spoke 50 Mbps spoke 50 Mbps 50 Mbps 20 Mbps 20 Mbps Spoke Tunnel Configurations interface GigabitEthernet0/0 bandwidth service-policy output POLICY-TRANSPORT-1! interface Tunnel10 bandwidth nhrp group RS-GROUP-10MBPS tunnel source GigabitEthernet0/0 tunnel vrf IWAN-TRANSPORT-1 interface GigabitEthernet0/0 bandwidth service-policy output POLICY-TRANSPORT-1! interface Tunnel10 bandwidth nhrp group RS-GROUP-20MBPS tunnel source GigabitEthernet0/0 tunnel vrf IWAN-TRANSPORT-1 interface GigabitEthernet0/0 bandwidth service-policy output POLICY-TRANSPORT-1! interface Tunnel10 bandwidth nhrp group RS-GROUP-50MBPS tunnel source GigabitEthernet0/0 tunnel vrf IWAN-TRANSPORT-1 Per tunnel shapers Parent shaper Shape (100 Mbps) List all available policies as map groups on hub tunnel interface Add a class-default shape-only policy on the hub physical interface 10 Mbps 10 Mbps BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 31
32 IPSec Anti-Replay Packets In Crypto Engine (Adds Sequence Number) Decryption side keeps a sliding history of packets received (default is 64 packets) Provides anti-replay protection against an attacker duplicating encrypted packets Increasing the anti-replay window size has no impact on throughput or security The impact on memory is insignificant because only an extra 128 bytes per incoming IPsec SA is needed Enqueue 25 Police Dropped By Policer priority data class-default P1 Queue Tail Drop IWAN Conclusion: Use the maximum replay window-size of 1024 for each supported platform crypto ipsec security-association replay window-size Packets Out BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 32
33 PfR Policies rely on QOS marking domain IWAN vrf default master hub load-balance class VOICE sequence 10 match dscp ef policy voice path-preference MPLS fallback INET class INTERACTIVE_VIDEO sequence 20 match dscp cs4 policy real-time-video match dscp af41 policy real-time-video match dscp af42 policy real-time-video match dscp af43 policy real-time-video path-preference MPLS fallback INET class LOW_LATENCY_DATA sequence 30 match dscp cs2 policy low-latency-data match dscp cs3 policy low-latency-data match dscp af21 policy low-latency-data match dscp af22 policy low-latency-data match dscp af23 policy low-latency-data path-preference MPLS fallback INET class BULK_DATA sequence 40 match dscp af11 policy bulk-data match dscp af12 policy bulk-data match dscp af13 policy bulk-data path-preference MPLS fallback INET class SCAVENGER sequence 50 match dscp cs1 policy scavenger path-preference INET fallback MPLS class DEFAULT sequence 60 match dscp default policy best-effort path-preference INET fallback MPLS Create the PfR classes with matching policy names and DSCP values to simplify the configuration Define the path preference for traffic Load balance non-priority traffic IWAN Master Controller BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 33
34 QOS settings for PFR QoS is based upon the following logic: Ingress traffic is classified and marked accordingly (if not done elsewhere) Egress traffic is shaped/queue based on QoS marking PFR maps traffic to classes based on the DSCP marking or application names. LAN Traffic should be marked on Ingress or before hitting the BRs As a best practice, use the same class names in PFR that were used for the QoS policies. Match DSCP for each PfR class with the DSCP used for the QoS policies. Ensures DSCP is consistent between QOS and PFR policies Makes it easier to identify the PFR policies BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 34
35 Enterprise to SP QoS Mapping The Diffserv class view is preserved across the enterprise even though we are treating it differently in the router and sending it to different channels within the SP network. The classes remain intact on the inner header and the outer header is discarded after leaving the tunnel interface BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 35
36 Enterprise to SP Mapping Default SP Marking class-map match-all MULTIMEDIA_CONFERENCING-NBAR match protocol attribute traffic-class multimedia-conferencing match protocol attribute business-relevance business-relevant! policy-map traffic-marking class MULTIMEDIA_CONFERENCING-NBAR set dscp af41! int gig0/0/0 service-policy in traffic-marking GRE Tunnel Tun Term-A SP Network Gig0/0/ Gig0/0/ Video Flow from Term-A To Term-B Packet View 3 L2 Dest L2 Src Packet View 1 L2 Dest L2 Src Packet View 2 L2 Dest Type L2 Src Type Type GRE IP Header Src IP: Dst IP: DSCP: af41 User IP Header Src IP: Dst IP: DSCP: 0 User IP Header Src IP: Dst IP: DSCP: af41 User IP Header Src IP: Dst IP: DSCP: af41 User Data User Data User Data Tun Term-B DSCP copied Inner-to-Outer Packet View 4 L2 Dest L2 Src Type User IP Header Src IP: Dst IP: DSCP: af41 User Data BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 36
37 Enterprise to SP Mapping Set dscp outbound on physical (Branch) class-map match-all MULTIMEDIA_CONFERENCING-NBAR match protocol attribute traffic-class multimedia-conferencing match protocol attribute business-relevance business-relevant! policy-map traffic-marking class MULTIMEDIA_CONFERENCING-NBAR set dscp af41! int gig0/0/0 service-policy in traffic-marking class-map INTERACTIVE-VIDEO match dscp af41! policy-map egress-queuing class INTERACTIVE-VIDEO set dscp af31! int gig0/0/1 service-policy out egress-queuing GRE Tunnel Tun Tun Term-A SP Network Term-B Gig0/0/ Gig0/0/ Video Flow from Term-A To Term-B Packet View 3 L2 Dest L2 Src Packet View 1 L2 Dest L2 Src Packet View 2 L2 Dest Type L2 Src Packet View 4 L2 Dest Type Type Src IP: Dst IP: DSCP: af31 L2 Src GRE IP Header Type User IP Header Src IP: Dst IP: DSCP: 0 User IP Header Src IP: Dst IP: DSCP: af41 User IP Header Src IP: Dst IP: DSCP: af41 User IP Header Src IP: Dst IP: DSCP: af41 User Data User Data User Data DSCP copied Inner-to-Outer *BUT* we over-write Outer after the copy User Data BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 37
38 Enterprise to SP Mapping Set dscp tunnel outbound on tunnel (Hub) class-map match-all MULTIMEDIA_CONFERENCING-NBAR match protocol attribute traffic-class multimedia-conferencing match protocol attribute business-relevance business-relevant! policy-map traffic-marking class MULTIMEDIA_CONFERENCING-NBAR set dscp af41! int gig0/0/0 service-policy in traffic-marking class-map INTERACTIVE-VIDEO match dscp af41! policy-map egress-queuing class INTERACTIVE-VIDEO set dscp tunnel af31! int tun10 service-policy out egress-queuing GRE Tunnel Tun Tun Term-A SP Network Gig0/0/ Gig0/0/ Video Flow from Term-A To Term-B Packet View 3 L2 Dest L2 Src Packet View 1 L2 Dest L2 Src Packet View 2 L2 Dest Type L2 Src Type Type GRE IP Header Src IP: Dst IP: DSCP: af31 User IP Header Src IP: Dst IP: DSCP: 0 User IP Header Src IP: Dst IP: DSCP: af41 User IP Header Src IP: Dst IP: DSCP: af41 User Data User Data User Data Set dscp tunnel means don t copy but instead remember and mark this value once tunnel header is imposed Packet View 4 L2 Dest L2 Src Type User IP Header User Data Term-B Src IP: Dst IP: DSCP: af41 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 38
39 DSCP remarking - Impact on PFR channels Use set dscp tunnel on Hub s per tunnel, set dscp remarks inner header at hub Branch policy applied on physical uses set dscp : just remarks Ipsec, inner untouched If set dscp used on hub, DSCP Values for Traffic Class from branch and hub will not be the same, as a result channels will not establish BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 39
40 IWAN QOS Summary Hub - Per-Tunnel QoS for Branches, child policy drives per-app bandwidth ( voice, video ) - with per-tunnel, the encapsulating interface ( physical ) supports only a class default shaper Branch - Shaper and Child-Policy on Physical WAN Interface - No shaper required if line-rate interface BRKRST-2043 IWAN AVC-QoS Design Maximize or Disable anti-replay window as queueing is done post encryption - Window size varies with platform. Make as large as possible BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 40
41 End State IWAN Concepts: DMVPN Tunnels and Routing
42 Various Acceptable DMVPN Layouts Direct Connection CE Router at Hub and Spoke FW Protects Hub Complex Scenario R11 DMVPN Hub R41 DMVPN Spoke BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 42
43 Internet Access Models Centralized Access Model Internet and Internal traffic routes across the WAN A simple default route can be used for Internet traffic and Internal traffic Distributed Access Model Internet traffic routes direct to the ISP A simple default route can be used for Internet traffic pointing to ISP Internal traffic routes across the WAN A simple default route can NOT be used for Internal traffic. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 43
44 Default Route /16 DC /8 Summary Route /16 DC2 Default Route Route Summarization All DMVPN hubs advertise Enterprise prefix summary routes ( /8) for all the LAN and WAN networks Internet Internet DMVPN hubs advertise a default route that provides Internet connectivity. DC Specific Summaries: / /16 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 44
45 NHRP Interaction with Route Table Routing Table with Spoke-to-Hub Traffic R31-Spoke#show ip route D C C /8 is variably subnetted, 3 subnets, 3 masks /8 [90/ ] via , 00:29:28, Tunnel100 Summary Route from DMVPN Hub /24 is directly connected, GigabitEthernet0/ /24 is variably subnetted, 2 subnets, 2 masks /24 is directly connected, Tunnel100 Routing Table with Spoke-to-Spoke Traffic R31-Spoke#show ip route /8 is variably subnetted, 4 subnets, 3 masks D /8 [90/ ] via , 00:31:06, Tunnel100 C /24 is directly connected, GigabitEthernet0/2 H /24 [250/255] via , 00:00:22, Tunnel100 NHRP Installed Route /24 is variably subnetted, 3 subnets, 2 masks C /24 is directly connected, Tunnel100 H /32 is directly connected, 00:00:22, Tunnel100 NHRP Installed Route BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 45
46 IWAN Routing Protocol Selection Prescriptive design that uses EIGRP or IBGP for scalability. EIGRP and BGP do not flood routes IBGP supports dynamic peers, supports zero-touch DMVPN hub and templatable spoke configuration IBGP allows usage of Local Preference to allow centralized routing policy change DMVPN topologies can support up to 2,000 spokes. Routing protocol must be able scalable. PfR interacts with EIGRP and BGP BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 46
47 IWAN EIGRP Routing Design Same EIGRP AS # for LAN and WAN DMVPN Hub advertise Default and Summary Route Delay added on to influence PfR uncontrolled traffic EIGRP Stub Site Feature on Branches BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 47
48 EIGRP Stub router eigrp IWAN address-family ipv4 unicast autonomous-system 1 eigrp stub BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 48
49 EIGRP Stub-Site router eigrp IWAN address-family ipv4 unicast autonomous-system 1 af-interface Tunnel100 stub-site wan-interface exit-af-interface! af-interface Tunnel200 stub-site wan-interface exit-af-interface eigrp stub-site 1:4 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 49
50 IWAN Deployment EIGRP Single EIGRP process for Branch, WAN and POP/hub sites Extend Hello/Hold timers for WAN Adjust tunnel interface delay to ensure WAN path preference (MPLS primary, INET secondary)\ Adjust LAN interface delay to ensure proper path selection Hubs Disable Split-Horizon Advertise Site summary, enterprise summary, default route to spokes Summary metrics: A summary-metric is used to reduce computational load on the DMVPN hubs. Ingress filter summary routes on tunnels. Spokes EIGRP Stub-Site functionality builds on stub functionality that allows a router to advertise itself as a stub to peers on specified WAN interfaces, but allows for it to exchange routes learned on LAN interface Site1 R10 Delay 1,000 Set Tunnel Delay to influence best path EIGRP Stub Site R31 MPLS R41 DCI WAN Core INET Site2 R20 Delay Delay Delay Delay 25,000 Delay 24,000 Delay 24,000 R11 R12 R21 R22 Delay 1,000 Delay 20,000 Delay 2,000 Delay 1,000 R51 Delay 20,000 R52 Delay 20,000 Delay 20,100 Delay 20,100 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 50
51 IWAN BGP Routing Flow Branches with Directly Connected Branches with Multiple Routers BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 51
52 IWAN Deployment BGP on WAN & OSPF on LAN A single ibgp routing domain is used for WAN Appropriate Hello/Hold timers for WAN (20 hello / 60 hold) BGP Neighbor Weight is set to 50k Hub: DMVPN hub routers function as BGP routereflectors for the spokes. BGP dynamic peer feature configured for Tunnel Networks Spokes: Peer to the DMVPN hubs for that transport RR RR For your reference only BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 52
53 IWAN Deployment BGP on WAN & OSPF on LAN Traffic Engineering for traffic when PfR is uncontrolled state. Set Local-Preference: 100,000 for first selection (MPLS DC1) 20,000 for second selection (MPLS DC2) 3,000 for third selection (Internet DC1) 400 for fourth selection (Internet DC2) LP LP LP 100,000 RR 3,000 20,000 RR LP 400 R31-Spoke# show bgp ipv4 unicast! Output omitted for brevity Network Next Hop Metric LocPrf Weight Path * i i * i i * i i *>i i * i i * i i * i i *>i i * i / i *>i i * i / i *>i i For your reference only BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 53
54 DMVPN Migration: Hub Routers and Routing Logic
55 We did a lot of research in Vegas! Not Everyone s WAN is the same. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 55
56 Network Traffic Flows During Migration Site-to-Site Traffic in Legacy WAN Site-to-Site Traffic in IWAN Traffic between Legacy and IWAN networks must flow through a migration site. This is located with the DMVPN hubs BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 56
57 Three Methods of Hub Deployment or Migration Greenfield Intermediate (IBlock) Condensed New DMVPN Hub Routers New DMVPN Hub Routers Existing CE Routers New Circuits Existing Circuits Existing Circuits Simple Design Medium Design Increased Complexity DMVPN Hub* DMVPN Hub* Spoke Migration is not impacted by the Hub model Cisco and/or its affiliates. All rights reserved. Cisco Public 57
58 Transport Drawing Connectivity showed logical structure Physical connectivity looks like Sub-Interfaces can separate: P2P traffic (/30 IP on Sub-Interface) Transit switching (VLAN on MLS) The same concept can apply to transport connectivity too BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 58
59 Greenfield Deployment Greenfield New DMVPN Hub Routers New Circuits Simple Design Not restricted to constraints of existing network The only routing interaction required with the existing network is connectivity to the LAN (Migration Site) Simple Post-Migration Cleanup Removal of CE1 and CE2 Typically used when deploying new circuits or a parallel network BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 59
60 Greenfield Migration Routing Pattern Benefits: Isolated environment. Changes on CE1 do not impact IWAN environment. Simple routing configuration Easy to troubleshoot and trace packet flows Bandwidth is sized appropriately for DMVPN traffic only. QoS policy on DMVPN hub is separated from Legacy QoS policy Cons: Cost and timeline for new circuits BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 60
61 Intermediate Deployment Intermediate (IBlock) New DMVPN Hub Routers Existing Circuits Medium Design Some constraints of existing network Existing circuits to SP are used. New links (logical/physical) between CEs and DMVPN hubs are required. CEs must advertise these new links to the SP so that spokes know how to reach the DMVPN hubs. Connectivity to the LAN is straightforward. Post-migration cleanup may be required BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 61
62 Intermediate Migration Routing Pattern Benefits: Simple routing configuration Easy to troubleshoot and trace packet flows QoS policy on DMVPN hub is separated from Legacy QoS policy Cons: Bandwidth for CE1 to the SP network must be sized accordingly. Changes on CE1 could impact IWAN environment. Some Clean-Up after Migration BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 62
63 IWAN Routing Protocol Diagram During Migration EIGRP BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 63
64 IWAN Routing Protocol Diagram During Migration BGP BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 64
65 Condensed Deployment Condensed Existing CE Routers (verify capability) Existing Circuits Increased Complexity (QoS / Routing) Do not Deviate from the IWAN CVD with this model, or be prepared to face problems or complications during migration BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 65
66 Condensed Migration Routing Pattern Benefits: Cost No real Clean-Up after Migration Cons: Outage to all WAN networks is required during cutover. Advanced Routing (VRF Leaking) Hiearchical QoS is Not Supported on transport interface. If needed for legacy network, this prevents pertunnel-qos on DMVPN tunnel. Does your existing WAN have per-tunnel QoS? This could be enabled later BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 66
67 Condensed - Leaking Routes Between BGP Global & VRF Tables vrf definition MPLS01 address-family ipv4 import ipv4 unicast map VRF-LEAK-TO-MPLS01 export ipv4 unicast map VRF-LEAK-FROM-MPLS01! These route-maps are used to Permit/Block Routes between the! VRF and Global BGP Tables route-map VRF-LEAK-TO-MPLS01 permit 10 match ip address prefix-list LEAK-TO-MPLS01 route-map VRF-LEAK-FROM-MPLS01 permit 10 match ip address prefix-list LEAK-FROM-MPLS01 ip prefix-list VRF-LEAK-TO-MPLS01 permit /0 le 32 ip prefix-list VRF-LEAK-FROM-MPLS01 permit /0 le 32 router bgp 10 address-family ipv4 vrf MPLS01 neighbor remote-as neighbor activate! The local-as command is not required; but allows you to use a standard ASN! for IWAN and still peer to MPLS SP using the ASN they want you to use neighbor local-as 11 no-prepend replace-as dual-as BRKCRS
68 Condensed - Leaking Routes Between BGP Global & VRF Tables R11-DC1-Hub1#show bgp ipv4 unicast Network Next Hop Metric LocPrf Weight Path *> i *> / i s> / ? s> / ? s> / ? s>i / ? s>i / ? s> / ? s> / ? s> / ? s> / ? BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 68
69 Condensed - Routing Table with Route Leaking R11-DC1-Hub1#show ip route bgp!snip /8 is variably subnetted, 24 subnets, 4 masks B /8 [19/0], 04:34:53, Null0 B /16 [19/0], 04:34:53, Null0 B /32 [19/0] via , 00:22:19 B /24 [19/0] via , 00:22:19 B /32 [201/0] via (MPLS01), 00:28:19 B /24 [201/0] via (MPLS01), 00:28:19 B /32 [201/0] via (MPLS01), 00:28:19 B /32 [201/0] via (MPLS01), 00:28:19 B /24 [201/0] via (MPLS01), 00:28:19 B /24 [201/0] via (MPLS01), 00:28:19 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 69
70 Other Condensed Techniques May Technically Work.. Be aware of your traffic patterns: IWAN to Legacy IWAN to DC Legacy to DC Additional load for transit traffic Clean-up is still needed later on: Encapsulating tunnel IP changes Going off the tried and true path may lead to problems later! BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 70
71 Hub Deployment Summary Greenfield Intermediate (IBlock) Condensed DMVPN Hub* DMVPN Hub* Keep It Simple Stupid (KISS). Remember your operations staff. Use Greenfield or IBlock when possible Depending on bandwidth CSR1000Vs could be used Don t go crazy if you go Condensed BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 71
72 DMVPN Migration: Branch Routers
73 Branch Pre-Migration Tasks Make a list of what network applications work and what applications do not work before migrating the branch Backup the existing router configurations to the local router & centralized repository. Allow local authentication / authorization. to allow access to the router in a timely manner (assuming that TACACS or radius servers cannot be reached). Allow remote console sessions on routers from the workstation, and any peer routers. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 73
74 Branch Migration Activities During the migration the following tasks are done: - DMVPN tunnel configuration - Certificate enrollment if IPsec Tunnel Protection uses PKI - Association of FVRF to the Encapsulating Interface - Routing protocol changes - PfR configuration deployed BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 74
75 Connectivity During Migration When the FVRF is associated to the transport interface, the IP address is removed from that interface. R31-Site3(config-if)#vrf forwarding MPLS01 % Interface GigabitEthernet0/1 IPv4 disabled and address(es) removed due to enabling VRF MPLS01 R31-Site3(config-if)#ip address If there is a backdoor between sites, migrate those sites together - prevents possibility of route loops and transit routing BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 75
76 Assess the Connectivity Model at Branch Depending on the site s connectivity model, the migration could be executed without loss of service to the users at the branch. Single router with single transport Cold Migration Only Single router with dual transport Cold Migration Warm Migration Dual router with dual transport Cold Migration Warm Migration Decide if migrations are remote or on-site 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
77 Migration Scripts Cisco tools use these or can be used for CLI Prevents for Typos/Fat-Fingering Allows for off-site migration Example: EEM script allows for multiple commands to be entered even if console connectivity is lost. event manager applet MIGRATE-PORTION event none action 010 cli command "enable" action 020 cli command "configure terminal" action 030 cli command "interface GigabitEthernet0/2" action 040 cli command "vrf forwarding INET01" action 050 cli command "ip address dhcp! Wait 20 seconds to allow DHCP to get a packet before no shutting tunnel action 060 wait 20 action syslog msg FVRF Associated to Gi0/2" BRKCRS
78 Advanced EEM Script that Configures Routing Too! event manager applet MIGRATE event none action 010 cli command "enable" action 020 cli command "configure terminal"! This section enables the MPLS FVRF and No Shuts the MPLS Tunnel action 030 cli command "interface GigabitEthernet0/1" action 040 cli command "vrf forwarding MPLS01" action 050 cli command "ip address " action 060 cli command "ip route Tunnel " action 070 cli command "interface Tunnel 100" action 080 cli command "no shut"! This section enables the Internet FVRF and No Shuts the Internet Tunnel action 090 cli command "interface GigabitEthernet0/2" action 100 cli command "vrf forwarding INET01" action 110 cli command "ip address dhcp"! The wait command allows for the interface to obtain an IP address from DHCP! Before the Internet DMVPN tunnel is brough online action 120 wait 15 action 130 cli command "interface Tunnel 200" action 140 cli command "no shut" action 150 syslog msg "Interface Configurations Performed "! The last section is to remove the previous routing protocol configuration.! And then configure the routing protocols. Only a portion of this activity! is shown, but this section should be completed based on your design. action 160 cli command "no router bgp 65000" action 170 cli command "no router ospf 1" action 180 cli command "router eigrp IWAN"! Continue with rest of routing protocol configuration action 999 syslog msg "Migration Complete" 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
79 Migrating a Branch Router Configure DMVPN Tunnel will remain down with no FVRF interface Configure EEM applet ** Copy run start ** Reload in 15 Connect back to router Either on Tunnel or FVRF Configure overlay routing The entire process could be captured by an script Remove any existing routing ** reload cancel Execute EEM Verify connectivity ** Recommended for CLI Migrations BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public
80 Post-Migration Cleanup
81 Post- Migration If the final IWAN design does not migrate all devices to IWAN, then stop here! Migration is considered complete once : All of the planned sites are communicating only via overlay tunnels The service provider network is used only for transport between DMVPN routers. The last task is to clean up the environment: Greenfield Remove previous WAN routers Intermediate (IBlock) Removal of link between LAN and CE Routers Potential removal of CE links Condensed Remove BGP Route Leaking Configuration BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 81
82 Post-Migration Clean-Up for Intermediate Link Not Needed BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 82
83 Removal of the CE Device CE1 could be removed depending on the following factors: Who owns the device? Your organization or the service provider? What additional value does CE1 add to the design or operational perspective? BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 83
84 Post Migration Clean up CE Removal While removing CE1, if the cable connecting to the MPLS network & CE1 is pulled from CE1 and plugged into R11, DMVPN connectivity is going to break. R11 s IP address is on the /30 network and the service provider s PE router is on the /30 network. One of the devices will have to change their IP address. DMVPN Spoke mappings is configured to the NBMA Address. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 84
85 Post Migration Clean up How to fix IP Addressing Problem Connectivity is restored by: Re-configure the NHRP on every branch site Either add a second NBMA address (only 1 active at a time on each spoke) Terminate the DMVPN Tunnel on a Loopback Little more complexity in VRF Routing & additional IP addresses consumed. Coordinate IP address change with SP and migrate 1 DMVPN hub at a time. SP would change the IP addressing on the peer link. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 85
86 Migration of VPLS or Metro Ethernet Topologies
87 DMVPN Hub Setup for VPLS Migration Router cannot forward L3 and L2 on the same interface Requires Insertion of a Switch from VPLS Hand-off QoS Shaping can be done outbound on newly inserted switch Same Subnet on CE1 and DMVPN FVRF Interface BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 87
88 Migration from Dual MPLS to Hybrid Model
89 Migration from Dual MPLS to Hybrid Model Traditional Dual MPLS with Mutual Redistribution between IGP and BGP Install new MPLS1 DMVPN Hub (Just like shown earlier) Install new Internet DMVPN Hub Turn up DMVPN interfaces on MPLS and Internet Hubs Migrate Branch Sites. MPLS1 MPLS1 DMVPN Tunnel Install new Internet Circuit Internet DMVPN Tunnel turned up MPLS2 Shutdown and Circuit termination BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 89
90 Clean-Up from Dual MPLS to Hybrid Model Now that all sites have migrated on to IWAN, there is not a need for connectivity to the MPLS SP2. Remove CE2 (Connected to MPLS SP2) Remove the link between MLS5 and CE1 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 90
91 Clean-Up from Dual MPLS to Hybrid Model (continued) Now comes the decision to remove CE1 or keep it. If it is removed, then this is what your topology will look like. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 91
92 Alternative to Using a Migration Site
93 Alternative to Using a Migration Site Sometimes routing traffic through a Migration site may not work due to: End-to-End Latency Bandwidth at Hubs Where possible, see if you can add another Hub and advertise more specific routes. If that cannot be done, there is another option for routing experts, and requires route leaking at the IWAN branch. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 93
94 Alternative to Using a Migration Site Receiving Routes (IWAN Path) Hub receives the route, but advertises a summary that contains it. Branch receives the hub summary and tags it. That route is not leaked from Global to FVRF /24 Branch tags on receipt and blocked from insertion to FVRF VRF Export Map Blocks Tag BRKCRS
95 Alternative to Using a Migration Site Receiving Routes (Transport Path) Branch receives the branch route in a FVRF routing protocol and tags it. Route is leaked from FVRF into Global. Route is blocked from being advertised to the hubs. Branch tags on receipt and blocked from advertisement to Hub BRKCRS
96 Alternative to Using a Migration Site Receiving Routes Longest match wins. IWAN Branch will go direct through SP transport BRKCRS
97 Alternative to Using a Migration Site Advertising Routes (Branch via Hub) Branch advertises the route to Hub Hub advertises to CE router CE router prepends AS or blocks SP advertises to R /24 AS100:100 BRKCRS
98 Alternative to Using a Migration Site Advertising Routes (Branch) Branch advertises route to SP with BGP community. Branch route is filtered on CE inbound from transport SP advertises route to Migration CE, and is blocked by community. Route via IWAN Path is preferred. SP advertises route to remote branch BRKCRS
99 Alternative to Using a Migration Site Advertising Routes (Branch) Shortest AS-Path Wins Traffic from R31 s transport (leaked) interface is preferred BRKCRS
100 Alternative to Using a Migration Site Advertising Routes (CE) CE advertises routes to SP with BGP Community 100:200 SP advertises route to Remote Branch which accepts the route. SP advertises route to IWAN Branch which discards based on community. IWAN Branch uses Summary Route (via R11) IWAN Branch discards route based on 100:200 BGP Community BRKCRS
101 Keep in Mind About Not Using a Migration Site There is a lot of route tagging and leaking between VRFs. This can cause confusion for operation staff and Junior Network Engineers If this is the path you want to pursue, please engage Cisco or a Cisco Partner for assistance BRKCRS
102 Migration of Existing Point-to-Point IPsec Topologies
103 Migrating P2P IPSEC WAN to IWAN Add the DMVPN hub router into the network R1 DMVPN Hub R2 The placement of hub depends on where the IPSEC tunnels are currently terminated Firewall or a router DMVPN Tunnel If IPSEC is terminated on FW, then place the hub router behind it ( passthrough) Migrate sites based on traffic patterns - Non-transit sites first R3 R4 R5 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 103
104 Important PfR Concepts for IWAN
105 Performance Routing v3 Running in an Enterprise Domain BRKRST-3362 Implementing Performance Routing MC/BR Branch Master Controller BR1 Branch MPLS MC BR2 Central Site MC/BR Internet Branch One Master Controller defined as the Hub MC Centralized location for policy definition Hub Master Controller BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 105
106 Enterprise Domain WAN Edge peers, learns SP SLA, manages congestion Send performance feedback to peers Branch MC/BR MPLS Peering & Coordination at WAN Edge BR1 BR2 Central Site MC Internet Network Discovers the Applications WAN Edge measures application performance BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 106
107 Deploying Intelligent Path Control - Best practices DMVPN is a requirement for the PFR solution - Can t support multiple next-hops and multiple data centers with the same prefix when the carrier is your routing partner Tunnel Bandwidth must be configured (otherwise default is 100kbps) - Load Balancing - Performance classes when first controlled have no bandwidth, but before they can be moved available bandwidth is verified BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 107
108 Deploying Intelligent Path Control Prepare to run PFR Policy Start with a Single Class and Load Balancing disabled - All other classes will follow routing Enable an additional class - Monitor Traffic Classes and Load on the Network ( CPU, Interface Utilization etc..) Enable additional classes and load balancing Three Performance Classes, Voice, Video, and Critical Application, plus Load Balancing is a good start to baseline. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 108
109 Built-in Policy Templates Matching QoS Best Practices Pre-defined Template Threshold Definition Voice priority 1 one-way-delay threshold 150 threshold 150 (msec) priority 2 packet-loss-rate threshold 1 (%) priority 2 byte-loss-rate threshold 1 (%) priority 3 jitter 30 (msec) Pre-defined Template Threshold Definition Real-time-video priority 1 packet-loss-rate threshold 1 (%) priority 1 byte-loss-rate threshold 1 (%) Low-latencydata priority 2 one-way-delay threshold 150 (msec) priority 3 jitter 20 (msec) priority 1 one-way-delay threshold 100 (msec) priority 2 byte-loss-rate threshold 5 (%) priority 2 packet-loss-rate threshold 5 (%) Bulk-data Best-effort scavenger priority 1 one-way-delay threshold 300 (msec) priority 2 byte-loss-rate threshold 5 (%) priority 2 packet-loss-rate threshold 5 (%) priority 1 one-way-delay threshold 500 (msec) priority 2 byte-loss-rate threshold 10 (%) priority 2 packet-loss-rate threshold 10 (%) priority 1 one-way-delay threshold 500 (msec) priority 2 byte-loss-rate threshold 50 (%) priority 2 packet-loss-rate threshold 50 (%) BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 109
110 Deploying Intelligent Path Control Prepare to run PFR Ensure Parent Route is present to match site-prefix in PFR Routing Protocols are checked in this order: NHRP, BGP, EIGRP, Static, RIB If a route is found in the BGP table for /8 over your discovered paths and you are looking for /16 which is in EIGRP and the RIB, BGP will be utilized. PfRv3 is an Enterprise Protocol and does not expect multiple routing protocols within a single Enterprise. BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 110
111 Deploying Intelligent Path Control - Best Practices Use Standard attributes in site and enterprise prefix-list, they do not support extended prefix-list attributes Examples : ip prefix-list site-prefix seq only permit is supported 5 deny /24 invalid, ip prefix-list site-prefix seq 10 permit /16 le 24 invalid, it will be advertised as /16 alone BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 111
112 Deploying Intelligent Path Control -Best Practices With an increase in number of traffic-classes to the Data Center, Manually break the site-prefix into smaller blocks to increase loadbalancing granularity. ip prefix-list site-prefix seq 5 permit /24 ip prefix-list site-prefix seq 10 permit /20 ip prefix-list site-prefix seq 15 permit /20 ip prefix-list site-prefix seq 20 permit /20 ip prefix-list site-prefix seq 25 permit /16 Longest prefix always wins BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 112
113 Pfr Topology BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 113
114 PFR Enterprise & Site Prefix Lists Branch Site Prefixes Site prefixes for particular sites with PFRv3 enabled Branches learn Site Prefixes Dynamically (or statically configured) PfR Internet **Legacy Site Prefixes Enterprise Prefix Hub Site Prefixes **Placing Legacy Site Prefixes at Hub Sites, provides PfR for half of the path Hubs act as transit sites siteprefix statically defined Without Enterprise-Prefix: all the traffic between PfR sites will be learned as PfR Internet traffic class and delay, jitter, etc. cannot be monitored. * Only Routing is used between Non-PfR and PfR enabled site in Enterprise Prefix BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 114
115 Hubs: Site-Prefix lists before anything is migrated SITE1 PfR Site-Prefix /16 SITE2 PfR Site-Prefix /16 R10 R / /16 Enterprise Prefix /8 Site Prefix is /16 BGP / /8 R11 DMVPN MPLS R12 R21 R22 DMVPN INET / /8 BGP R /24 R /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 115
116 Hub1 Site-Prefix Table Before Anything is Migrated Hub MC (R10) domain IWAN vrf default master hub enterprise-prefix prefix-list ENTERPRISE_PREFIX site-prefixes prefix-list SITE_PREFIX! ip prefix-list ENTERPRISE_PREFIX seq 10 permit /8 ip prefix-list SITE_PREFIX seq 10 permit /16 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 116
117 Hub1 Site-Prefix Table Before Anything is Migrated R10-DC1-MC#show domain IWAN master site-prefix Change will be published between 5-60 seconds Next Publish 01:46:29 later Prefix DB Origin: Prefix Flag: S-From SAF; L-Learned; T-Top Level; C-Configured; M- shared Site-id Site-prefix Last Updated DC Bitmap Flag /32 00:13:41 ago 0x1 L /16 00:13:41 ago 0x1 C,M * /8 00:13:41 ago 0x1 T BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 117
118 R31 on Site 3 migrated to IWAN SITE1 PfR Site-Prefix /16 SITE2 PfR Site-Prefix /16 R10 R / /16 Enterprise Prefix /8 Site Prefix is / /16 BGP / /8 R11 DMVPN MPLS R12 R21 R22 R31 DMVPN INET R / /8 BGP / /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 118
119 Hub1 Site Prefix Table After R31 is Migrated R10-DC1-MC#show domain IWAN master site-prefix Change will be published between 5-60 seconds Next Publish 01:46:29 later Prefix DB Origin: Prefix Flag: S-From SAF; L-Learned; T-Top Level; C-Configured; M- shared Site-id Site-prefix Last Updated DC Bitmap Flag /32 00:23:41 ago 0x1 L /16 00:23:41 ago 0x1 C,M /32 00:01:11 ago 0x0 S /24 00:01:11 ago 0x0 S * /8 00:23:41 ago 0x1 T BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 119
120 No PFR control for Site 3 to Site 4 traffic ( IWAN to Non-IWAN site ) Routing SITE1 PfR Site-Prefix /16 SITE2 PfR Site-Prefix /16 R10 R / /16 Enterprise Prefix /8 Site Prefix is /16 BGP / /8 R11 DMVPN MPLS R12 R21 R22 DMVPN INET / /8 BGP R /24 R /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 120
121 Add /8 to Hub1 Site-Prefix Hub MC (R10) domain IWAN vrf default master hub enterprise-prefix prefix-list ENTERPRISE_PREFIX site-prefixes prefix-list SITE_PREFIX! ip prefix-list ENTERPRISE_PREFIX seq 10 permit /8 ip prefix-list SITE_PREFIX seq 10 permit /16 ip prefix-list SITE_PREFIX seq 20 permit /8 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 121
122 After /8 is added to Hub1 Site-Prefix R10-DC1-MC#show domain IWAN master site-prefix Change will be published between 5-60 seconds Next Publish 01:46:29 later Prefix DB Origin: Prefix Flag: S-From SAF; L-Learned; T-Top Level; C-Configured; M- shared Site-id Site-prefix Last Updated DC Bitmap Flag /32 00:28:42 ago 0x1 L /16 00:28:42 ago 0x1 C,M /32 00:06:19 ago 0x0 S /24 00:06:19 ago 0x0 S * /8 00:00:30 ago 0x1 T Previously this was BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 122
123 PFR After /8 is added to Hub1 Site-Prefix R10 SITE1 PfR Site-Prefix / /16 R20 SITE2 PfR Site-Prefix / / / /16 Enterprise Prefix /8 Site Prefix is / /16 BGP / /8 R11 DMVPN MPLS R12 R21 R22 R31 DMVPN INET R / /8 BGP / /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 123
124 Hub1 Site-Prefix Table After Site4 is Migrated R10-DC1-MC#show domain IWAN master site-prefix Change will be published between 5-60 seconds Next Publish 01:46:29 later Prefix DB Origin: Prefix Flag: S-From SAF; L-Learned; T-Top Level; C-Configured; M- shared Site-id Site-prefix Last Updated DC Bitmap Flag /32 00:33:41 ago 0x1 L /16 00:33:41 ago 0x1 C,M /32 00:11:24 ago 0x0 S /24 00:11:24 ago 0x0 S /32 00:01:09 ago 0x0 S /24 00:01:09 ago 0x0 S * /8 00:05:19 ago 0x1 T BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 124
125 R41 on site 4 is migrated to IWAN SITE1 PfR Site-Prefix /16 SITE2 PfR Site-Prefix /16 R10 R / /16 Enterprise Prefix /8 Site Prefix is / /16 BGP / /8 R11 DMVPN MPLS R12 R21 R22 P F R R31 DMVPN INET R / /8 BGP / /24 BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 125
126 Deploying Intelligent Path Control Prepare to run PFR Dual Router Branch Must be Layer 2 Adjacent for SAF Establishment Can use static GRE tunnel, dedicated, or dot1q sub-interface BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 126
127 Deploying Intelligent Path Control VRF considerations 5 VRFs supported by default IOS- XE adds support to configure up to 20 VRF s ( requires TCAM re-carving ) Global Table is configured as one vrf default VRF-Lite, no label support BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 127
128 Deploying Intelligent Path Control - Best Practices Spoke-to-spoke Considerations for PFR If the interface does not have routes in the RIB (blind interface), then NHRP will not allow a shortcut to be installed. PfR is verifying Parent Routes via the BGP Table or EIGRP Topology. So NHRP s check must be disabled, no nhrp route-watch Only a NHRP host route to the destination sites site-id, PfR Master Controller source interface, will be installed. PfR will then control traffic on this path. Check using show domain <name> border traffic-class or show ip route overrides pfr BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 128
129 Summary
130 Session Summary Documenting the existing network. Create a high-level migration plan. Deploy a proof-of-concept or production pilot of the network. The first remote site should always be in a lab. This allows for the operational teams to be comfortable with the technology while they start to learn about the actual applications in use in the network. As well, any issues to the IWAN routing architecture should not impact production during this phase. Testing the execution plans in a lab environment and modify accordingly. Deploying DMVPN hub routers. Migrate Branch routers. Post-migration cleanup tasks. Migrating other WAN transports/technologies PfR Ask your boss for a raise! You improved business application responsiveness while saving the company $$$$ BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 130
131 Recommended Reading Coming Soon BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 131
132 Other IWAN Related Sessions TECCRS-2004 Implementing the Intelligent WAN BRKCRS-2000 Intelligent WAN Architecture BRKRST-2043 IWAN AVC/QoS Design BRKCRS-2002 IWAN Design and Deployment Workshop BRKRST-2362 IWAN Implementing Performance Routing (PfRv3) BRKRST-3413 IWAN Serviceability: Deploying/Monitoring/Operating BRKCRS-2007 Migrating Your Existing WAN to Cisco s IWAN BRKRST-2514 IWAN Application Optimization and Provisioning CCSRST-2000 IWAN Migration Case Study BRKNMS-1040 IWAN Management with Cisco Prime Infrastructure BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 132
133 Cisco Live On Demand Cisco Live U.S. Content will be out in about 3-4 weeks BRKCRS
134 Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card. Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online BRKCRS Cisco and/or its affiliates. All rights reserved. Cisco Public 134
Intelligent WAN Multiple VRFs Deployment Guide
Cisco Validated design Intelligent WAN Multiple VRFs Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deploying the Cisco IWAN Multiple VRFs...
More informationIWAN AVC/QoS Design. Kelly Fleshner, Communications Architect. CCIE # years BRKRST-2043
IWAN AVC/QoS Design Kelly Fleshner, Communications Architect CCIE #1852 21 years BRKRST-2043 Cisco Spark How Questions? Use Cisco Spark to chat with the speaker after the session 1. Find this session in
More informationNávrh inteligentní WAN sítě
Návrh inteligentní WAN sítě EN2 Jaromír Pilař, CSE Agenda Úvod a základní pilíře inteligentní WAN sítě Tranport Independent Design Inteligentní výběr cesty Shrnutí Presentation Title: Intelligent WAN:
More informationIntelligent WAN Multiple Data Center Deployment Guide
Cisco Validated design Intelligent WAN Multiple Data Center Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deployment Details...1 Deploying
More informationARCHIVED DOCUMENT. - The topics in the document are now covered by more recent content.
ARCHIVED DOCUMENT This document is archived and should only be used as a historical reference and should not be used for new deployments for one of the following reasons: - The topics in the document are
More informationIntelligent WAN Deployment Guide
Cisco Validated design Intelligent WAN Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deployment Details...1 Configuring DMVPN Hub Router...2
More informationIWAN APIC-EM Application Cisco Intelligent WAN
IWAN APIC-EM Application Cisco Intelligent WAN René og Per Cisco DK SE s Feb 23 th 2016 AVC MPLS Private Cloud 3G/4G-LTE Virtual Private Cloud Branch WAAS PfR Internet Public Cloud Control, Management,
More informationIntelligent WAN High Availability and Scalability Deployment Guide
Cisco Validated design Intelligent WAN High Availability and Scalability Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deployment Details...1
More informationWAN Edge MPLSoL2 Service
4 CHAPTER While Layer 3 VPN services are becoming increasing popular as a primary connection for the WAN, there are a much larger percentage of customers still using Layer 2 services such Frame-Relay (FR).
More informationIWAN AVC/QoS Design. Kelly Fleshner, Communications Architect CCIE # years BRKRST-2043
IWAN AVC/QoS Design Kelly Fleshner, Communications Architect CCIE #1852 20 years BRKRST-2043 Housekeeping Who am I? (kfleshne@cisco.com) Intermediate Class This is not an Introduction to IWAN session This
More informationGRE and DM VPNs. Understanding the GRE Modes Page CHAPTER
CHAPTER 23 You can configure Generic Routing Encapsulation (GRE) and Dynamic Multipoint (DM) VPNs that include GRE mode configurations. You can configure IPsec GRE VPNs for hub-and-spoke, point-to-point,
More informationIntelligent WAN : CVU update
Intelligent WAN : CVU update Deliver enhanced mobile experience at the branch with Intelligent WAN Soren D. Andreasen (sandreas@cisco.com) Technical Solution Architect CCIE# 3252 Agenda IWAN 2.0/2.1 overview
More informationIWAN Under the Hood - Next Gen Performance Routing and DMVPN. David Prall, Communication Architect CCIE 6508 (R&S/SP/Security)
IWAN Under the Hood - Next Gen Performance Routing and DMVPN David Prall, Communication Architect CCIE 6508 (R&S/SP/Security) dprall@cisco.com Agenda Introduction Intelligent Path Control PfRv3 Operations
More informationREFERENCE NETWORK ARCHITECTURE
REFERENCE NETWORK ARCHITECTURE CISCO VALIDATED DESIGN Intelligent WAN Technology Design Guide February 2016 REFERENCE NETWORK ARCHITECTURE Table of Contents Table of Contents Introduction... 1 Technology
More informationSD-WAN Deployment Guide (CVD)
SD-WAN Deployment Guide (CVD) All Cisco Meraki security appliances are equipped with SD-WAN capabilities that enable administrators to maximize network resiliency and bandwidth efficiency. This guide introduces
More informationDMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458
DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458 BRKCCIE-3003 @CCIE6458 2015 Cisco and/or its affiliates. All rights reserved. Cisco Public About the Presenter Johnny Bass Networking industry since
More informationIntelligent WAN (IWAN) Design and Deployment
Intelligent WAN (IWAN) Design and Deployment Adam Groudan, Technical Solutions Architect David Prall, Communications Architect BRKCRS-2002 Cisco Spark How Questions? Use Cisco Spark to communicate with
More informationIntelligent WAN Design Summary
Cisco Validated design Intelligent WAN Design Summary September 2017 Table of Contents Table of Contents WAN Strategy... 1 IWAN Introduction... 4 Business Use Cases for IWAN...4 Business Use Cases for
More informationMigrating from Dynamic Multipoint VPN Phase 2 to Phase 3: Why and How to Migrate to the Next Phase
Migration Guide Migrating from Dynamic Multipoint VPN Phase 2 to Phase 3: Why and How to Migrate to the Next Phase This guide shows how a Dynamic Multipoint VPN (DMVPN) deployment can be migrated to make
More informationCloud Intelligent Network
Dubrovnik, Croatia, South East Europe 20-22 May, 2013 Cloud Intelligent Network Mitko Vasilev CIN Lead Central Europe mitko@cisco.com 2011 2012 Cisco and/or its affiliates. All rights reserved. 1 New Application
More informationLARGE SCALE DYNAMIC MULTIPOINT VPN
LARGE SCALE DYNAMIC MULTIPOINT VPN NOVEMBER 2004 1 INTRODUCTION Presentation_ID 2004, Cisco Systems, Inc. All rights reserved. 2 Dynamic Multipoint VPN Facts Dynamic Multipoint VPN (DMVPN) can work with
More informationFlexVPN HA Dual Hub Configuration Example
FlexVPN HA Dual Hub Configuration Example Document ID: 118888 Contributed by Piotr Kupisiewicz, Wen Zhang, and Frederic Detienne, Cisco TAC Engineers. Apr 08, 2015 Contents Introduction Prerequisites Requirements
More informationCisco Intelligent WAN
Cisco Intelligent WAN Ľuboš Lontoš Systems Engineer SP/R&S ALEF NULA a.s. Agenda Cisco iwan Architecture Overview Tranport Independent Design Intelligent Path Control- PfRv3 Product PorMolio Tradi4onal
More informationCisco Group Encrypted Transport VPN
Cisco Group Encrypted Transport VPN Q. What is Cisco Group Encrypted Transport VPN? A. Cisco Group Encrypted Transport is a next-generation WAN VPN solution that defines a new category of VPN, one that
More informationIntelligent WAN 2.0 Traffic Independent Design and Intelligent Path Selection
Intelligent WAN 2.0 Traffic Independent Design and Intelligent Path Selection Tech-WAN Jaromír Pilař Consulting Systems Engineer, CCIE #2910 Cisco Intelligent WAN (IWAN) AVC Private Cloud ISR-AX 3G/4G-LTE
More informationIWAN Security for Remote Site Direct Internet Access and Guest Wireless
IWAN Security for Remote Site Direct Internet Access and Guest Wireless Technology Design Guide (ISR4K) March 2015 Table of Contents Preface...1 CVD Navigator...2 Use Cases... 2 Scope... 2 Proficiency...
More informationDeploying IWAN Routers
Deploying IWAN Routers Cisco Prime Infrastructure 3.1 Job Aid Copyright Page THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
More informationIntelligent WAN Remote Site 4G LTE Deployment Guide
Cisco Validated design Intelligent WAN Remote Site 4G LTE Deployment Guide September 2017 Table of Contents Table of Contents Deploying the Cisco Intelligent WAN... 1 Deployment Details...1 Deploying Remote
More informationPressures on the WAN
IWAN Radek Boch, Systems Engineer, Cisco, rboch@cisco.com CCIE#7095 14.11.2013 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 1 The Application Landscape Is Changing Applications Are
More informationNetwork Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016
Network Automation and Branch Agility The Network Helps Enable Digital Business Rajinder Singh Product Sales Specialist June 2016 Agenda WAN Market Drivers Cisco Intelligent WAN (IWAN) Cisco Intelligent
More informationPerformance Routing Version 3 Configuration Guide
First Published: 2014-07-22 Last Modified: 2016-04-20 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
More informationDMVPN for R&S CCIE Candidates
DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458 BRKCCIE-3003 @CCIE6458 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public About the Presenter Johnny Bass Networking industry since
More informationIntelligent WAN. Technology Design Guide
Intelligent WAN Technology Design Guide January 2015 Table of Contents Preface... 1 CVD Navigator... 2 Use Cases...2 Scope...2 Proficiency...2 Introduction... 3 Technology Use Cases...3 Use Case: Secure
More informationEnterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies)
CVP CVP Enterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies) 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
More informationManaging Site-to-Site VPNs: The Basics
CHAPTER 23 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels
More informationPfRv3 Zero SLA Support
The Performance Routing v3 (PfRv3) Zero SLA Support feature enables users to reduce probing frequency on various ISP links, such as 3G, 4G, and LTE When the Zero SLA (0-SLA) feature is configured on an
More informationChapter H through R. loss (PfR), page 28. load-balance, page 23 local (PfR), page 24 logging (PfR), page 26
Chapter H through R holddown (PfR), page 3 host-address (PfR), page 5 hub, page 7 inside bgp (PfR), page 8 interface (PfR), page 10 interface tunnel (global configuration), page 12 jitter (PfR), page 13
More informationScalability Considerations
3 CHAPTER This chapter presents the following steps to selecting Cisco products for a VPN solution: Sizing the headend Choosing Cisco products that can be deployed for headend devices Product sizing and
More informationExam Questions Demo Cisco. Exam Questions CCIE SP CCIE Service Provider Written Exam
Cisco Exam Questions 400-201 CCIE SP CCIE Service Provider Written Exam Version:Demo 1. Which is one difference between H-VPLS and VPLS? A. VPLS is a point-to-point Layer-2 services and H-VPLS is a multipoint
More informationCCIE Routing & Switching
CCIE Routing & Switching Cisco Certified Internetwork Expert Routing and Switching (CCIE Routing and Switching) certifies the skills required of expert-level network engineers to plan, operate and troubleshoot
More informationCisco Performance Routing
Cisco Performance Routing As enterprise organizations grow their businesses, the demand for real-time application performance and a better application experience for users increases. For example, voice
More informationCisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications
Data Sheet Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Product Overview Cisco Dynamic Multipoint VPN (DMVPN) is a Cisco IOS Software-based security solution for building
More informationManaging Site-to-Site VPNs
CHAPTER 21 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels
More informationImplementing Next Generation Performance Routing PfRv3
Implementing Next Generation Performance Routing PfRv3 Jean-Marc Barozet Technical Leader IWAN Solution Group Agenda Business Trends PfRv3 Principles Monitoring Details The Life of a Packet Path Enforcement
More informationCisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications
Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Product Overview Cisco Dynamic Multipoint VPN (DMVPN) is a Cisco IOS Software-based security solution for building scalable
More informationCVP Enterprise Cisco SD-WAN Retail Profile (Hybrid WAN, Segmentation, Zone-Based Firewall, Quality of Service, and Centralized Policies)
CVP CVP Enterprise Cisco SD-WAN Retail Profile (Hybrid WAN, Segmentation, Zone-Based Firewall, Quality of Service, and Centralized Policies) 2018 Cisco and/or its affiliates. All rights reserved. This
More informationQuestion: 1 Which three parameters must match to establish OSPF neighbor adjacency? (Choose three.)
Volume: 217 Questions Question: 1 Which three parameters must match to establish OSPF neighbor adjacency? (Choose three.) A. the process ID B. the hello interval C. the subnet mask D. authentication E.
More informationCisco Certified Network Associate ( )
Cisco Certified Network Associate (200-125) Exam Description: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that
More informationZero To Hero CCIE CCNP
Zero To Hero CCIE CCNP CCIE CCNP CCIE CCNP Week 1 Simple Network Design Understanding the Host-to-Host Communications Model Understanding the TCP/IP Internet Layer Addresses in a Network Introduction to
More informationSmall Enterprise Design Profile(SEDP) WAN Design
CHAPTER 3 Small Enterprise Design Profile(SEDP) WAN Design This chapter discusses how to design and deploy WAN architecture for Small Enterprise Design Profile. The primary components of the WAN architecture
More informationManaging Site-to-Site VPNs: The Basics
CHAPTER 21 A virtual private network (VPN) consists of multiple remote peers transmitting private data securely to one another over an unsecured network, such as the Internet. Site-to-site VPNs use tunnels
More informationCCNA Routing and Switching (NI )
CCNA Routing and Switching (NI400+401) 150 Hours ` Outline The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment that is
More informationConfiguring MPLS and EoMPLS
37 CHAPTER This chapter describes how to configure multiprotocol label switching (MPLS) and Ethernet over MPLS (EoMPLS) on the Catalyst 3750 Metro switch. MPLS is a packet-switching technology that integrates
More informationCCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, ,
CCNA Cisco Certified Network Associate (200-125) Exam DescrIPtion: The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50 60 question assessment
More informationCCIE Route & Switch Written (CCIERSW) 1.0
CCIE Route & Switch Written (CCIERSW) 1.0 COURSE OVERVIEW: CCIE Route and Switch Written (CCIERSW) preparation course is a five-day course that prepares the student for the written exam portion of the
More informationTechnology Brief. VeloCloud Dynamic. Multipath Optimization. Page 1 TECHNOLOGY BRIEF
Technology Brief Page 1 This document discusses the key functionalities and benefits of (DMPO) that assures enterprise and cloud application performance over Internet and hybrid WAN. Contents Page 2 Introduction
More informationCCNA Routing and Switching Study Guide Chapters 7 & 21: Wide Area Networks
CCNA Routing and Switching Study Guide Chapters 7 & 21: Wide Area Networks Instructor & Todd Lammle Chapter 21 objectives The ICND2 topics covered in this chapter include: 2 Chapter 21 objectives (con
More informationPREREQUISITES TARGET AUDIENCE. Length Days: 5
Cisco Implementing Cisco IP Routing v2.0 (ROUTE) ROUTE v2.0 includes major updates and follows an updated blueprint. However, note that this course does not cover all items listed on the blueprint. Some
More informationImplementing Cisco IP Routing
300-101 Implementing Cisco IP Routing NWExam.com SUCCESS GUIDE TO CISCO CERTIFICATION Exam Summary Syllabus Questions Table of Contents Introduction to 300-101 Exam on Implementing Cisco IP Routing...
More informationIPv6 Switching: Provider Edge Router over MPLS
Multiprotocol Label Switching (MPLS) is deployed by many service providers in their IPv4 networks. Service providers want to introduce IPv6 services to their customers, but changes to their existing IPv4
More informationCCIE R&S LAB CFG H2/A5 (Jacob s & Jameson s)
Contents Section 1 Layer 2 Technologies... 2 1.1 Jameson s Datacenter: Access port... 2 1.2 Jameson s Datacenter: Trunk ports... 4 1.3 Jameson s Datacenter: Link bundling... 5 1.4 Jameson s Branch Offices...
More informationConfiguring VPLS. VPLS overview. Operation of VPLS. Basic VPLS concepts
Contents Configuring VPLS 1 VPLS overview 1 Operation of VPLS 1 VPLS packet encapsulation 4 H-VPLS implementation 5 Hub-spoke VPLS implementation 7 Multi-hop PW 8 VPLS configuration task list 9 Enabling
More informationPfRv3 Inter-DC Optimization
The PfRv3-Inter-DC-Optimization feature provides support by routing traffic from a hub site to another for specific traffic types such as data, voice, video, etc. Feature Information for PfRv3-Inter-DC-Optimization,
More informationImplementing Cisco IP Routing (ROUTE)
Implementing Cisco IP Routing (ROUTE) COURSE OVERVIEW: Implementing Cisco IP Routing (ROUTE) v2.0 is an instructor-led five-day training course developed to help students prepare for Cisco CCNP certification.
More informationFlexible Dynamic Mesh VPN draft-detienne-dmvpn-00
Flexible Dynamic Mesh VPN draft-detienne-dmvpn-00 Fred Detienne, Cisco Systems Manish Kumar, Cisco Systems Mike Sullenberger, Cisco Systems What is Dynamic Mesh VPN? DMVPN is a solution for building VPNs
More informationCisco Service Advertisement Framework Deployment Guide
Cisco Service Advertisement Framework Deployment Guide What You Will Learn Cisco Service Advertisement Framework (SAF) is a network-based, scalable, bandwidth-efficient approach to service advertisement
More informationCisco CCNP ROUTE: Implementing Cisco IP Routing (ROUTE) 2.0. Upcoming Dates. Course Description. Course Outline
Cisco CCNP ROUTE: Implementing Cisco IP Routing (ROUTE) 2.0 Implementing Cisco IP Routing (ROUTE) v2.0 is an instructor-led five day training course developed to help students prepare for Cisco CCNP certification.
More informationNetwork-Based Application Recognition
Network-Based Application Recognition Last updated: September 2008 Common questions and answers regarding Cisco Network-Based Application Recognition (NBAR) follow. Q. What is NBAR? A. NBAR, an important
More informationLab Guide CIERS1. Overview. Outline
CIERS1 Lab Guide Overview Outline This guide presents the instructions and other information concerning the activities for this course. You can find the recommended solutions in the Answer Key. This guide
More informationConfiguring FlexVPN Spoke to Spoke
Last Published Date: March 28, 2014 The FlexVPN Spoke to Spoke feature enables a FlexVPN client to establish a direct crypto tunnel with another FlexVPN client leveraging virtual tunnel interfaces (VTI),
More informationVPN WAN. Technology Design Guide
VPN WAN Technology Design Guide December 2013 Table of Contents Preface...1 CVD Navigator...2 Use Cases... 2 Scope... 2 Proficiency... 2 Introduction...3 Related Reading... 3 Technology Use Cases... 3
More informationIPv6 Switching: Provider Edge Router over MPLS
Multiprotocol Label Switching (MPLS) is deployed by many service providers in their IPv4 networks. Service providers want to introduce IPv6 services to their customers, but changes to their existing IPv4
More informationSecurizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN
Platformă de e-learning și curriculă e-content pentru învățământul superior tehnic Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN MPLS VPN 5-ian-2010 What this lecture is about: IP
More informationImplementing VXLAN. Prerequisites for implementing VXLANs. Information about Implementing VXLAN
This module provides conceptual information for VXLAN in general and configuration information for layer 2 VXLAN on Cisco ASR 9000 Series Router. For configuration information of layer 3 VXLAN, see Implementing
More informationVirtual Private Networks Advanced Technologies
Virtual Private Networks Advanced Technologies Petr Grygárek rek Agenda: Supporting Technologies (GRE, NHRP) Dynamic Multipoint VPNs (DMVPN) Group Encrypted Transport VPNs (GET VPN) Multicast VPNs (mvpn)
More informationScalability Considerations
CHAPTER 3 This chapter presents the steps to selecting products for a VPN solution, starting with sizing the headend, and then choosing products that can be deployed for headend devices. This chapter concludes
More informationDMVPN to Group Encrypted Transport VPN Migration
DMVPN to Group Encrypted Transport VPN Migration This document provides the steps for Dynamic Multipoint VPN (DMVPN) to Group Encrypted Transport VPN migration. DMVPN to Group Encrypted Transport VPN Migration
More informationImplementing Cisco IP Routing
ROUTE Implementing Cisco IP Routing Volume 3 Version 1.0 Student Guide Text Part Number: 97-2816-02 DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED AS IS. CISCO MAKES AND YOU RECEIVE NO WARRANTIES
More informationTEXTBOOK MAPPING CISCO COMPANION GUIDES
TestOut Routing and Switching Pro - English 6.0.x TEXTBOOK MAPPING CISCO COMPANION GUIDES Modified 2018-08-20 Objective Mapping: Cisco 100-105 ICND1 Objective to LabSim Section # Exam Objective TestOut
More informationCisco Virtual Office High-Scalability Design
Solution Overview Cisco Virtual Office High-Scalability Design Contents Scope of Document... 2 Introduction... 2 Platforms and Images... 2 Design A... 3 1. Configure the ACE Module... 3 2. Configure the
More informationExam Topics Cross Reference
Appendix R Exam Topics Cross Reference This appendix lists the exam topics associated with the ICND1 100-105 exam and the CCNA 200-125 exam. Cisco lists the exam topics on its website. Even though changes
More informationMPLS in the DCN. Introduction CHAPTER
CHAPTER 5 First Published: January 3, 2008 Last Updated: January 3, 2008 Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images Use Cisco Feature Navigator to find information
More informationA-B I N D E X. backbone networks, fault tolerance, 174
I N D E X A-B access links fault tolerance, 175 176 multiple IKE identities, 176 182 single IKE identity with MLPPP, 188 189 with single IKE identity, 183 187 active/standby stateful failover model, 213
More informationMPLS WAN. Technology Design Guide
MPLS WAN Technology Design Guide December 2013 Table of Contents Preface...1 CVD Navigator...2 Use Cases... 2 Scope... 2 Proficiency... 2 Introduction...3 Related Reading... 3 Technology Use Cases... 3
More informationDeploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)
Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC) COURSE OVERVIEW: Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent
More informationCisco IOS Performance Routing Version 3 Command Reference
First Published: 2017-04-07 Last Modified: 2017-04-07 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387)
More informationFUNDAMENTAL ROUTING CONCEPTS
PART I Chapter 1 FOUNDATION TOPICS Routing Protocol Fundamentals FUNDAMENTAL ROUTING CONCEPTS Characteristics of Routing Protocols Routing occurs when a router or some other Layer 3 device makes a forwarding
More informationImplementing MPLS VPNs over IP Tunnels
The MPLS VPNs over IP Tunnels feature lets you deploy Layer 3 Virtual Private Network (L3VPN) services, over an IP core network, using L2TPv3 multipoint tunneling instead of MPLS. This allows L2TPv3 tunnels
More informationQ-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ
Q-Balancer Range FAQ The Q-Balance LB Series The Q-Balance Balance Series is designed for Small and medium enterprises (SMEs) to provide cost-effective solutions for link resilience and load balancing
More informationMPLS VPN Carrier Supporting Carrier Using LDP and an IGP
MPLS VPN Carrier Supporting Carrier Using LDP and an IGP Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Carrier Supporting Carrier (CSC) enables one MPLS VPN-based service provider
More informationPerformance Routing Version 3 Commands
Performance Routing Version 3 Commands advanced, page 3 bandwidth (interface configuration), page 4 border (VRF configuration), page 7 class (master controller configuration), page 8 collector, page 9
More informationCCIE R&S v5.0. Troubleshooting Lab. Q1. PC 110 cannot access R7/R8, fix the problem so that PC 110 can ping R7
Troubleshooting Lab Q1. PC 110 cannot access R7/R8, fix the problem so that PC 110 can ping R7 Q2. R17 should have one default route which points to R12 via PPP as shown below R17# sh ip route S* 0.0.0.0/0
More informationMPLS VPN--Inter-AS Option AB
The feature combines the best functionality of an Inter-AS Option (10) A and Inter-AS Option (10) B network to allow a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) service provider
More informationCisco 5921 Embedded Services Router
Data Sheet Cisco 5921 Embedded Services Router The Cisco 5921 Embedded Services Router (ESR) is a Cisco IOS software router application. It is designed to operate on small, low-power, Linux-based platforms
More informationMedium Enterprise Design Profile (MEDP) WAN Design
CHAPTER 3 Medium Enterprise Design Profile (MEDP) WAN Design WAN Design The Medium Enterprise WAN Design Profile is a multi-site design where a site consists of multiple buildings and services. The sites
More informationConfiguring QoS CHAPTER
CHAPTER 34 This chapter describes how to use different methods to configure quality of service (QoS) on the Catalyst 3750 Metro switch. With QoS, you can provide preferential treatment to certain types
More informationCisco ASR 1000 Series Aggregation Services Routers: QoS Architecture and Solutions
Cisco ASR 1000 Series Aggregation Services Routers: QoS Architecture and Solutions Introduction Much more bandwidth is available now than during the times of 300-bps modems, but the same business principles
More informationOperating and Monitoring the Network
CHAPTER 6 Under the Operate tab, Prime NCS (WAN) provides tools to help you monitor your network on a daily basis, as well as perform other day-to-day or ad hoc operations relating to network device inventory
More informationCisco 921J Gigabit Ethernet security router with external power supply for Japan only
C921J-4P Datasheet Overview C921J-4P is the Cisco 921J Gigabit Ethernet security router with external power supply for Japan only. Cisco 900J Series Integrated Services Routers (ISRs) combine Internet
More informationASACAMP - ASA Lab Camp (5316)
ASACAMP - ASA Lab Camp (5316) Price: $4,595 Cisco Course v1.0 Cisco Security Appliance Software v8.0 Based on our enhanced FIREWALL and VPN courses, this exclusive, lab-based course is designed to provide
More information