Intelligent WAN : CVU update

Similar documents
IWAN APIC-EM Application Cisco Intelligent WAN

Intelligent WAN 2.0 Traffic Independent Design and Intelligent Path Selection

Implementing Next Generation Performance Routing PfRv3

Návrh inteligentní WAN sítě

IWAN Under the Hood - Next Gen Performance Routing and DMVPN. David Prall, Communication Architect CCIE 6508 (R&S/SP/Security)

Cisco Intelligent WAN

Network Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016

Cloud Intelligent Network

Pressures on the WAN

Technology Overview. Overview CHAPTER

Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)

Performance Routing Version 3 Configuration Guide

Intelligent WAN (IWAN) Design and Deployment

PfRv3 Inter-DC Optimization

PfRv3 Zero SLA Support

Deploying IWAN Routers

Power Your Branch with Intelligent WAN

Intelligent WAN Multiple VRFs Deployment Guide

Cisco Virtual Managed Services

IWAN Intelligent WAN, Next Generation Branch Architecture. Lars Thoren Technical Marketing Engineer, ENG

SD-WAN Deployment Guide (CVD)

Intelligent WAN Multiple Data Center Deployment Guide

LiveAction IWAN Management

Cisco SD-WAN and DNA-C

Intelligent WAN NetFlow Monitoring Deployment Guide

Intelligent WAN Design Summary

Cisco recommends that you have basic knowledge of Performance Routing (PfR).

Cisco Customer Education

Intelligent WAN. Rupesh Chakkingal Cisco Product Management (Market Strategy) Enterprise Products and Solution

Performing Path Traces

Intelligent WAN Deployment Guide

ARCHIVED DOCUMENT. - The topics in the document are now covered by more recent content.

Borderless Networks. Tom Schepers, Director Systems Engineering

Intelligent WAN High Availability and Scalability Deployment Guide

Deploying Performance Routing

Actualtests questions. Cisco Enterprise Networks Core and WAN Exam

CVP Enterprise Cisco SD-WAN Retail Profile (Hybrid WAN, Segmentation, Zone-Based Firewall, Quality of Service, and Centralized Policies)

Chapter H through R. loss (PfR), page 28. load-balance, page 23 local (PfR), page 24 logging (PfR), page 26

OpenFlow: What s it Good for?

Cisco IWAN Application 2.2 on DNA Center, Quick Start Guide

Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN

Cisco Group Encrypted Transport VPN

AVC Configuration. Unified Policy CLI CHAPTER

One Management Realized, with Cisco Prime Infrastructure Manage Complexity. Manage Effectively. Manage Intelligently. Closing

Applications of SDN in Cisco

Enterprise SD-WAN Financial Profile (Hybrid WAN, Segmentation, Quality of Service, Centralized Policies)

IWAN Security for Remote Site Direct Internet Access and Guest Wireless

Cisco Path Trace Application on APIC-EM User Guide, Release x

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Cisco Path Trace Application on APIC-EM User Guide, Release x

Configuring AVC to Monitor MACE Metrics

Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access

PfRv3 Path of Last Resort

Cisco IWAN Application on DNA Center Quick Start Guide, Release 1.1 Patch 1, Limited Availability

CCIE Routing & Switching

Enterprise. Nexus 1000V. L2/L3 Fabric WAN/PE. Customer VRF. MPLS Backbone. Service Provider Data Center-1 Customer VRF WAN/PE OTV OTV.

Cisco recommends that you have basic knowledge of Performance Routing (PfR).

Intelligent WAN. Technology Design Guide

Voice of the Customer First American Title SD-WAN Transformation

Cisco Performance Routing

Implementing and Configuring Cisco SDWAN (ICSDWAN-CT)

Cisco Service Advertisement Framework Deployment Guide

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Intelligent WAN Architecture Enabling the Digital Branch

Help! BRKRST Cisco and/or its affiliates. All rights reserved. Cisco Public 2

Configuring Application Visibility and Control for Cisco Flexible Netflow

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Virtualized Network Services SDN solution for enterprises

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

Introduction to IWAN. Davin Gibb Technical Solutions Architect. #clmel BRKRST-2642

Cisco SD-WAN Application Acceleration

Building Service-Aware Networks

Cisco SD-AVC User Guide, Release 1.1.0

Virtualized Network Services SDN solution for service providers

Solution Overview. Cisco Intelligent WAN as a Service: Provide Businesses with Intelligent WAN Services. What You Will Learn.

Configuring Data Export for Flexible NetFlow with Flow Exporters

Simplifying WAN Architecture

FlexVPN HA Dual Hub Configuration Example

Cisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab

Flexible NetFlow IPFIX Export Format

REFERENCE NETWORK ARCHITECTURE

Cisco IOS Performance Routing Version 3 Command Reference

CCNA Routing and Switching Study Guide Chapters 7 & 21: Wide Area Networks

Software-Defined WAN. Andrii Ovrashko Systems Engineer. May 18 th, 2016

We re ready. Are you?

Operating and Monitoring the Network

Learning Express for SP ISRG2 Value Added Services

Exam Code: Exam Code: Exam Name: Advanced Borderless Network Architecture Systems Engineer test.

Configuring Basic Performance Routing

"Charting the Course... Implementing Cisco Quality of Service (QOS) Course Summary

Implementing Cisco Quality of Service 2.5 (QOS)

WAN Edge MPLSoL2 Service

Cisco ONE New Way Buying & Consuming Cisco NW Software! Thomas Latzer Enterprise Networking Lead Cisco Systems

Using NetFlow Filtering or Sampling to Select the Network Traffic to Track

Optimized Edge Routing Configuration Guide, Cisco IOS Release 15.1MT

IWAN AVC/QoS Design. Kelly Fleshner, Communications Architect. CCIE # years BRKRST-2043

Next generation branch with SD-WAN and NFV

Managing Site-to-Site VPNs: The Basics

Aruba SD-WAN. John Schaap 25 October #ArubaAirheads

Implementing MPLS VPNs over IP Tunnels

Transcription:

Intelligent WAN : CVU update Deliver enhanced mobile experience at the branch with Intelligent WAN Soren D. Andreasen (sandreas@cisco.com) Technical Solution Architect CCIE# 3252

Agenda IWAN 2.0/2.1 overview and latest development

Intelligent WAN Solution Components AVC MPLS Private Cloud ISR-AX 3G/4G-LTE ASR1000-AX Virtual Private Cloud Branch WAAS Akamai PfRv3 Internet Public Cloud Management & Orchestration Transport Independence Intelligent Path Control Application Optimization Secure Connectivity IPSec WAN Overlay Consistent Operational Model Optimal application routing Efficient use of bandwidth Performance monitoring Optimization and Caching NG Strong Encryption Threat Defense DMVPN Performance Routing AVC, WAAS, Akamai Suite-B, CWS, ZBFW Cisco Confidential

IWAN 2.0/2.1 Developments

IWAN Layers AVC PfR QoS Intelligent Path Selection Overlay Routing Protocol (BGP, EIGRP) Overlay routing over tunnels Transport Independent Design (DMVPN) Transport Overlay MPLS Routing Internet Routing ZBFW CWS Infrastructure Routing 6

Intelligent WAN Solution Components AVC MPLS Private Cloud ISR-AX 3G/4G-LTE ASR1000-AX Virtual Private Cloud Branch WAAS Akamai PfRv3 Internet Public Cloud Management & Orchestration Transport Independence Intelligent Path Control Application Optimization Secure Connectivity IPSec WAN Overlay Consistent Operational Model Optimal application routing Efficient use of bandwidth Performance monitoring Optimization and Caching NG Strong Encryption Threat Defense DMVPN Performance Routing AVC, WAAS, Akamai Suite-B, CWS, ZBFW Cisco Confidential

IWAN Transport Independent Design Summary IPsec Overlay DMVPN Phase 3 Site-to-site dynamic tunnels Per-Tunnel QOS PfRv3 Path Control (SD-WAN automation) Multiple DMVPNs for Path Diversity Separate failure domains Brownout circumvention PfR Load balancing PfR and routing protocol Single Routing Domain Simplified operations and support Simple ECMP or best path provisioning EIGRP or BGP Security Protecting the network from external threats Path Control Domain DC-East MC ASR-AX ATBT MPLS ISR-AX Branch-1 DCI WAN Core MC ASR-AX Island ADSL ISR-AX DC-West DMVPN 1 DMVPN 2 Branch-513 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

Intelligent WAN Solution Components AVC MPLS Private Cloud ISR-AX 3G/4G-LTE ASR1000-AX Virtual Private Cloud Branch WAAS Akamai PfRv3 Internet Public Cloud Management & Orchestration Transport Independence Intelligent Path Control Application Optimization Secure Connectivity IPSec WAN Overlay Consistent Operational Model Optimal application routing Efficient use of bandwidth Performance monitoring Optimization and Caching NG Strong Encryption Threat Defense DMVPN Performance Routing AVC, WAAS, Akamai Suite-B, CWS, ZBFW Cisco Confidential

Getting the Most Out of Your WAN Investment Benefits of Intelligent Path Control Lower WAN Costs Enabling Internet-Based WANs Full Utilization of WAN Bandwidth Efficient Distribution of Traffic Based Upon Load, Circuit Cost, and Path Preference Improved Application Performance Per Application Best Path Based on Delay, Loss, Jitter Measurements Higher Application Availability Protection From Carrier Black Holes and Brownouts AVC ISR Internet ASR 1000 Branch WAAS PfR MPLS ASR 1000 Data Center

Enterprise Domain MC/ Site-id 10.2.11.11 Site-id 10.8.3.3 MPLS MC/ ANCH Dual CPE DC/MC Master Controller Site-id 10.2.10.10 Hub INET MC/ ANCH Single CPE The Decision Maker: Master Controller (MC) Apply policy, verification, reporting No packet forwarding/ inspection required Standalone of combined with a The Forwarding Path: Border Router () Gain network visibility in forwarding path (Learn, measure) Enforce MC s decision (path enforcement) 15

Enterprise Domain Domain Controller Site-id 10.2.11.11 Site-id 10.8.3.3 MPLS MC/ ANCH Dual CPE DC/MC Domain Controller Site-id 10.2.10.10 Hub INET MC/ ANCH Single CPE One of the MC is assigned the Domain Controller role Central point of provisioning for the Enterprise Domain Branch sites connect to the Hub Master Controller Service Announcement Framework (SAF) Peering 16

Domain Policies and Monitors Peering and Distribution Site-id 10.2.11.11 Site-id 10.8.3.3 Policies Monitors DC/MC MPLS MC/ ANCH Dual CPE Domain Controller Site-id 10.2.10.10 Hub INET MC/ ANCH Single CPE Domain policies and monitor instances are configured on the Hub MC. Then distributed to branch sites using the peering infrastructure 17

Performance Monitoring Passive Monitoring MPLS MC/ ANCH Dual CPE MC HUB Master MC INET MC/ ANCH Single CPE Bandwidth on egress Per Traffic Class Performance on Ingress RTP and TCP metrics Per DSCP and site 20

Monitoring Smart Probing MPLS MC/ ANCH Dual CPE MC HUB Master MC INET MC/ ANCH Single CPE Smart Probes Generated from the dataplane Traffic driven intelligent on/off Site to site and per DSCP Performance Monitor Collect Performance Metrics 21

Smart Probing Help for Measurement Over Channels MC INET MC 3 Site10 MPLS 10.1.10.0/24 3 Traffic Flow Without actual traffic sends 10 probes spaced 20ms apart in the first 500ms and another similar 10 probes in the next 500ms, thus achieving 20pps for channels without traffic. With actual traffic Lower frequency when real traffic is observed over the channel Probes sent every 1/3 of [Monitor Interval], ie every 10 sec by default Measured by Unified Monitoring just like other data traffic

Monitoring Threshold Crossing Alerts MPLS MC/ ANCH Dual CPE MC HUB Master MC INET MC/ ANCH Single CPE Threshold Crossing Alert (TCA) Sent to source site loss, delay, jitter, unreachable 23

Path Enforcement Policy Decision TC DATABASE MC Local MC Selects Traffic-class (TC) that are affected by TCA Move them to alternate path destination-prefix, nbar-app-id, dscp. Each traffic-class entry contains output interface nexthop ip address s Impose Next Hop on Internal Interfaces Input Direction Maintains a single database of traffic-class Each traffic-class entry contains output interface and a nexthop ip address. Lookup per packet - output-if/next hop retrieved Packet Forwarded If no entry Uses RIB entry MC/ MC/ MC/ Site10 10.1.10.0/24 DMVPN MPLS Site10 10.1.10.0/24 DMVPN INET Site10 10.1.10.0/24 24

Horizontal Scaling Architecture HUB SITE Site ID = 10.8.3.3 Requirements Multiple DMVPN Hubs per cloud for redundancy and scaling HA - If the current exit/channel to a remote site fails, converge over to an alternate exit/channel on the same (DMVPN1) network. Else, converge over to the alternate (DMVPN2) network. Scale - Distribute traffic across multiple s/exits on a single (DMVPN) to utilize all WAN and router capacity. - Convergence across hubs/pops should only occur when all exits/channels in a hub/pop fail or reach max-bw limits. MC1 Multiple path to the same DMVPN Multiple next hops in the same DMVPN 1 2 3 4 MPLS 10.1.10.0/24 10.1.11.0/24 INET MC/ MC/ MC/ 10.1.12.0/24 10.1.13.0/24

Current Situation up to 3.14/15.5(1)T PfR Limitations: Path name is unique and cannot be used on multiple external interfaces Spokes have multiple next hops on the same DMVPN tunnel Only one is currently used by PfRv3 PfR Channel definition: local site id + remote site id + DSCP + Interface + path Both spoke to 1 and spoke to 2 channels are the same, we can t differentiate them MC1 Path MPLS? Hub MC 10.8.3.3/32 MPLS 10.1.10.0/24 10.1.11.0/24 HUB SITE Site ID = 10.8.3.3? 1 2 3 4 Path MPLS? INET MC/ MC/ MC/ 10.1.12.0/24 10.1.13.0/24

Solution Multiple Next Hop Per Tunnel Solution: Need to add an identifier to differentiate channels in the same DMVPN New PATH-ID added to each external Interface Path-id unique per POP Branches/spokes peer with each Hub s Active/Active or Active/Backup mode Targeted for XE 3.15 / 15.5(2)T MC1 Path MPLS Id 1 Hub MC 10.8.3.3/32 1 2 3 4 MPLS HUB SITE Site ID = 10.8.3.3 Path MPLS Id 2 INET interface Tunnel 100 domain IWAN path MPLS path-id 1 MC/ 10.1.10.0/24 interface Tunnel 100 domain IWAN path MPLS path-id 2

Multiple POPs Common Prefixes Requirements: 2 (or more) Transit Sites advertise the very same set of prefixes Datacenter may not be collocated with the Transit Sites DCs/DMZs are reachable across the WAN Core for each Transit Site Branches can access any DC or DMZ across either POP(hub). And, DC/DMZs can reach any branch across multiple Transit Sites (hubs). Multiple s per DMVPN per site may be required for crypto and bandwidth horizontal scaling 10.8.0.0/16 IWAN POP1 MC1 DC1 1 2 3 4 DMVPN MPLS MC/ MC/ MC/ 10.1.10.0/24 10.1.11.0/24 DCI WAN Core DCn DMVPN INET IWAN POP2 10.1.12.0/24 10.1.13.0/24 MC2 10.8.0.0/16

Introducing PfR Transit Sites Transit Sites Enterprise POPs or Hubs Transit to DC or spoke to spoke MC1 HUB SITE Site ID = 10.8.3.3 Hub MC TRANSIT SITE Site ID = 10.9.3.3 MC2 Transit MC Branch Sites Stub Site Definition: Controlled by a local Master Controller (MC) Site ID the IP address of the MC loopback One/Multiple s Each one/multiple links ANCH SITE Site10 Site ID = 10.2.10.10 1 2 3 4 DMVPN MPLS 10.1.10.0/24 10.1.11.0/24 DMVPN INET MC/ MC/ MC/ 10.1.12.0/24 10.1.13.0/24

Transit Master Controller Separate independent MC in each POP Introduce Transit Master Controller" concept for the 2nd Transit site Behaves like a Hub without provisioning Allows transit Smart Probes (initial spoke to spoke probe traffic goes through the POP) Allows its to configure WAN interface, and sends out SMP with WAN discovery flag set Each POP is allocated an unique POP-ID in the entire domain, this is done by CLI in the POP MC. MC1 in POP1 is the Hub MC POP-ID 0 MC2 in POP2 is a Transit MC POP-ID 1 Each external interface is allocated a unique PATH-ID per POP MC1 Path MPLS Id 1 HUB SITE Site ID = 10.8.3.3 Hub MC 1 2 3 4 Path INET Id 2 DMVPN MPLS 10.1.10.0/24 10.1.11.0/24 Path MPLS Id 1 TRANSIT SITE Site ID = 10.9.3.3 MC2 DMVPN INET Transit MC POP ID 0 POP ID 1 10.1.12.0/24 10.1.13.0/24 Path INET Id 2 MC/ MC/ MC/

Intelligent WAN Solution Components AVC MPLS Private Cloud ISR-AX 3G/4G-LTE ASR1000-AX Virtual Private Cloud Branch WAAS Akamai PfRv3 Internet Public Cloud Management & Orchestration Transport Independence Intelligent Path Control Application Optimization Secure Connectivity IPSec WAN Overlay Consistent Operational Model Optimal application routing Efficient use of bandwidth Performance monitoring Optimization and Caching NG Strong Encryption Threat Defense DMVPN Performance Routing AVC, WAAS, Akamai Suite-B, CWS, ZBFW Cisco Confidential

Application Visibility and Control

Make Your IWAN Application Aware Add Cisco AVC AO Users/ Machines Proliferation of Devices Public Cloud Private Cloud Branch DC/Headquarters Cisco AVC No Probes Rich data collection using NetFlow v9/ipfix No additional hardware (and included in AX license) Easy to integrate into many reporting tools Smart Capacity Planning Better use of costly bandwidth Per-branch and per-application level reporting Business Aligned Privacy Enforcement No need for complex IP and port ACLs See inside HTTP flows to identify specific Cloud applications 60% of IT Professionals Cite Performance as Key Challenge for Cloud

Deep Packet Inspection Next Generation NBAR (NBAR2) ISR G2: 15.2(2)T1 ASR1K: 3.4S 1000+ Signatures Advanced Classification Techniques Native IPv4/IPv6 Classification Advanced Field Extraction NBAR2 New DPI engine provides Advanced Application Classification and Field Extraction Capabilities Categorization to simplify application management Protocol Pack allows adding more applications without upgrading or reloading IOS 36

Define Your Own Application in NBAR2 Custom App ISR G2: 15.2(4)M2 ASR1K: 3.8S Port TCP or UDP 16 static ports per application Range of ports (1000 maximum) IP and Port IOS-XE 3.12 IOS 15.4(3)M Payload Search the first 255 bytes of TCP or UDP payload ASCII (16 characters) Hex (4 bytes) Decimal (1-4294967295) Variable (4 bytes Hex) HTTP URI regex Host regex DNS 37

NBAR2 and Encrypted Traffic Overview 70+ With heuristics based classification, NBAR can classify 70+ encrypted applications.

Performance Monitoring Foundation Overview Devices Collector IETF Scope 2 Export Process NetFlow v9 IPFIX Capacity Planning Security Performance Analysis Visibility 1 Metering Process Flexible NetFlow Unified Monitor 39

IWAN Adaptive QoS How Does It Work? Adapt Sender shape rate based on the available bandwidth to Receiver Configure MQC Policy with Adaptive Shaping Collect Periodic bw Stats on received traffic Transport Monitoring Enable DMVPN Sender Calculate Available Bandwidth over the WAN Adjust Egress Shaper to observed rate Transport Received Rate Receiver

Intelligent WAN Solution Components AVC MPLS Private Cloud ISR-AX 3G/4G-LTE ASR1000-AX Virtual Private Cloud Branch WAAS Akamai PfRv3 Internet Public Cloud Management & Orchestration Transport Independence Intelligent Path Control Application Optimization Secure Connectivity IPSec WAN Overlay Consistent Operational Model Optimal application routing Efficient use of bandwidth Performance monitoring Optimization and Caching NG Strong Encryption Threat Defense DMVPN Performance Routing AVC, WAAS, Akamai Suite-B, CWS, ZBFW Cisco Confidential

Cisco IWAN Management On-Prem Management Specialized Management Cloud-Based Management Prime Infrastructure 2.2 End-to-End Assurance of Application Experience Single-pane view of IWAN IWAN deployment workflows Plug and Play DMVPN, QoS, AVC deployment and monitoring PfR v3 deploy/monitoring (April 2015) License includes IWAN App and APIC- EM controller! Application Aware Network Performance Management Integrates with Cisco AVC and PfR Monitor and analyze application traffic End-to-end flow visualization Flow & App-based Troubleshooting Fix and Verify in Realtime Automates Deployment and Lifecycle Management Eliminates manual building of WANs Automated SD-WAN orchestration Centralized hybrid WAN management Quick config updates and IOS upgrades Leverages onepk and REST APIs 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42

Prime Infra workflow for IWAN Prime Infra will provide: IWAN workflow wizard with PnP Template-based config for IWAN PINs PfRv3 Domain, MC and AVC One-Click provision QoS Provisioning Single or Dual Router Branch CVD-based, Customizable AVC Readiness Assessment AVC, QoS, PfR Visibility Leverages APIC EM services

PfR dashboard look at events at sites

Router Provider Server

Link details Link Details PfR threshold crossing

LiveAction 4.3 and Performance Routing PfR path change visualization Alert and report on PfR Out of Policy events Reports on traffic class/application path changes Before Brown-Out (Northern Path) After Brown-Out (Southern Path) Out-Of-Policy Threshold Crossing Alert 47

Typical IWAN App deployment topology Datacenter (POP) Aggregation Branch Dual Links

www.cisco.com/go/iwan

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback