Intelligent WAN (IWAN) Design and Deployment

Similar documents
VRF, MPLS and MP-BGP Fundamentals

IWAN APIC-EM Application Cisco Intelligent WAN

Cisco Intelligent WAN

Intelligent WAN : CVU update

DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458

Deploying and Administering Cisco s Digital Network Architecture (DNA) and Intelligent WAN (IWAN) (DNADDC)

Návrh inteligentní WAN sítě

DMVPN for R&S CCIE Candidates

Intelligent WAN Multiple VRFs Deployment Guide

DNA Automation Services Offerings

Intelligent WAN Sumanth Kakaraparthi Principal Product Manager PSOCRS-2010

Network Automation and Branch Agility The Network Helps Enable Digital Business. Rajinder Singh Product Sales Specialist June 2016

IWAN Under the Hood - Next Gen Performance Routing and DMVPN. David Prall, Communication Architect CCIE 6508 (R&S/SP/Security)

Performance Routing Version 3 Configuration Guide

Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN

Serviceability of SD-WAN

CCIE ROUTING & SWITCHING V5.0

Intelligent WAN Multiple Data Center Deployment Guide

Cisco CCNP ROUTE: Implementing Cisco IP Routing (ROUTE) 2.0. Upcoming Dates. Course Description. Course Outline

Resilient WAN and Security for Distributed Networks with Cisco Meraki MX

Cisco SD-WAN (Viptela) Migration, QoS and Advanced Policies Hands-on Lab

APIC-EM / EasyQoS - End to End Orchestration of QoS in Enterprise Networks

Next generation branch with SD-WAN and NFV

SD-WAN Deployment Guide (CVD)

Introduction to Cisco SD- WAN (Viptela)

PassTorrent. Pass your actual test with our latest and valid practice torrent at once

IWAN Security for Remote Site Direct Internet Access and Guest Wireless

Zero To Hero CCIE CCNP

Hands-On ROUTE Implementing Cisco IP Routing CCNP Course 1

Pressures on the WAN

PfRv3 Zero SLA Support

Fundamentals and Deployment of Cisco SD-WAN Duration: 3 Days (24 hours) Prerequisites

CCIE Routing & Switching

The Cisco 360 Learning Program for Cisco CCIE Routing and Switching

CCNA Security ( ) and CCNP ( , , )

Intelligent WAN Design Summary

Implementing Cisco IP Routing (ROUTE)

Implementing Next Generation Performance Routing PfRv3

The CCIE Candidate s Introduction to MPLS L3VPN Networks

Intelligent WAN 2.0 Traffic Independent Design and Intelligent Path Selection

ARCHIVED DOCUMENT. - The topics in the document are now covered by more recent content.

NetDevOps for the Network Dude How to get started with API's, Ansible and Python

Cisco SD-Access Hands-on Lab

Cisco Group Encrypted Transport VPN

Cisco SD-WAN and DNA-C

Automatisierung im LAN Der Start in eine neue Ära des Networkings

IWAN Intelligent WAN, Next Generation Branch Architecture. Lars Thoren Technical Marketing Engineer, ENG

Intelligent WAN High Availability and Scalability Deployment Guide

PfRv3 Inter-DC Optimization

Benefits of SDN Modeling and Analytics tool for complex Service Provider Network

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

"Charting the Course... Interconnecting Cisco Networking Devices Accelerated 3.0 (CCNAX) Course Summary

Chapter H through R. loss (PfR), page 28. load-balance, page 23 local (PfR), page 24 logging (PfR), page 26

IWAN AVC/QoS Design. Kelly Fleshner, Communications Architect CCIE # years BRKRST-2043

VPN World. MENOG 16 Istanbul-Turkey. By Ziad Zubidah Network Security Specialist

Deploying IWAN Routers

Intelligent WAN Deployment Guide

FlexVPN HA Dual Hub Configuration Example

Advanced CSR Lab with High Availability and Transit VPC

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

PnP Deep Dive Hands-on with APIC-EM and Prime Infrastructure

Chapter 10: Review and Preparation for Troubleshooting Complex Enterprise Networks

CISCO QUAD Cisco CCENT/CCNA/CCDA/CCNA Security (QUAD)

CCNA Routing and Switching Courses. Scope and Sequence. Target Audience. Curriculum Overview. Last updated August 22, 2018

Get Hands On With DNA Center APIs for Managing Intent

We re ready. Are you?

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Cloud Intelligent Network

CCIE Collaboration Lab

Cisco Exam Questions & Answers

VPN Overview. VPN Types

IWAN AVC/QoS Design. Kelly Fleshner, Communications Architect. CCIE # years BRKRST-2043

The Transformation of Media & Broadcast Video Production to a Professional Media Network

Intuit Application Centric ACI Deployment Case Study

REFERENCE NETWORK ARCHITECTURE

Managing Site-to-Site VPNs: The Basics

New CCNP Passport. 2,895 saving 1,890 from individual courses. CCNP v6 Routing and Switching Courses

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

BGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab

Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access

NXOS in the Real World Using NX-API REST

Migrating Your Existing WAN to Cisco s IWAN

Cisco Certified Network Associate ( )

PREREQUISITES TARGET AUDIENCE. Length Days: 5

Course Outline. Pearson Cisco: CCNA Routing and Switching (ICND ) Official Cert Guide. 28 Jun 2018

Secure Extension of L3 VPN s over IP-Based Wide Area Networks

Campus Fabric. How To Integrate With Your Existing Networks. Kedar Karmarkar - Technical Leader BRKCRS-2801

Cisco Tetration Analytics

CCNP R&S. Plan, implement, secure, maintain, and troubleshoot converged enterprise networks. Prepare for Cisco CCNP Routing & Switching certification

Cisco Service Advertisement Framework Deployment Guide

CCNA Routing and Switching (NI )

Inside Cisco IT: Zero Touch Deployment Using Cisco Prime Infrastructure

Cisco SD-Access Building the Routed Underlay

CCNA. Murlisona App. Hiralal Lane, Ravivar Karanja, Near Pethe High-School, ,

Cisco Firepower NGIPS Tuning and Best Practices

Any individual involved in implementation and verification of routing protocols in the enterprise networks

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Interconnecting Cisco Networking Devices: Accelerated

Pearson: CCNP Routing and Switching ROUTE Course Outline. Pearson: CCNP Routing and Switching ROUTE

VRF, MPLS and MP-BGP Fundamentals

Transcription:

Intelligent WAN (IWAN) Design and Deployment Adam Groudan, Technical Solutions Architect David Prall, Communications Architect BRKCRS-2002

Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space Cisco Spark spaces will be available until July 3, 2017. cs.co/ciscolivebot#sessionid E.g: session ID = BRKCRS-2002 cs.co/ciscolivebot#brkcrs-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Demo 1 IWAN with Prime Custom Templates

Demo 1 Topology BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 5

Agenda Demo 1 IWAN with Prime Custom Templates SD-WAN and IWAN Demo 2 IWAN Application Walkthrough IWAN technology Demo 3 - IWAN Live Interactive Configuration Review Next Steps, Q&A 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

What problem is the industry trying to solve with SD WAN? to Simplify the administration of the network and find a way for Applications to have greater control over the network BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

Design Consideration - Migration Recommended Approach Remote Site Application Visibility ISP-RT Internet WAN New Application Optimization Path Control MSP-RT MPLS Existing New Data Center Roadmap to Success Identify Baseline Transport Independent Intelligent Path Control Simplified Management Understand existing application traffic Determine existing QoS policy Evaluate impact of proposed changes Leverage overlay through existing equipment at data center for transport agnostic redesign Replace remote site equipment or leverage overlay Select test application as candidate for intelligent path control Test blackout and brownout failover scenarios Script creation Automation BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

Demo 2 APIC-EM IWAN App Walkthrough

Prebuilt APIC-EM Dual DC Lab Topology Reference Design BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 10

Transport Independent Transport Independent Design Consistent operational model Simple provider migrations Scalable and modular design IPsec routing overlay design F-VRF and DMVPN BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 11

Front Door VRF VRFs have independent routing and forwarding planes Inside Network VRF Global IPSec Tunnel Interface ACL to permit only authorised traffic; i.e. IPsec F-VRF Branch LAN 198.18.128.0/18 Front Door Provider Interface VRF Provider Assigned WAN IP Address 198.10.0.1/30 BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

DMVPN BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

DMVPN The Magic Overlay Branch spoke sites establish an IPsec tunnel to and register with the hub site IP routing exchanges prefix information for each site BGP or EIGRP are typically used for scalability Only the WAN IP addresses need to be known by the WAN transport Physical: 172.17.0.5 Tunnel1: 10.0.1.1 Dual DMVPN Design Single mgre tunnel on Hub, two mgre tunnels on Spokes 192.168.0.0/24 Physical: 172.17.0.1 Tunnel0: 10.0.0.1 Physical: (dynamic) Tunnel0: 10.0.0.12 Tunnel1: 10.0.1.12 WAN interface IP address can be used for the tunnel source address Data traffic flows over the DMVPN tunnels When traffic flows between spoke sites, dynamic site-to-site tunnels are established Per-tunnel QOS can be applied to prevent hub site oversubscription to spoke sites.1 192.168.1.0 /24 Physical: (dynamic) Tunnel0: 10.0.0.11 Tunnel1: 10.0.1.11.1 192.168.3.0/24.1 192.168.2.0 /24 BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 14

DMVPN Encryption BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

Assuring Confidentiality IKEv2 + Strong Cryptography Strong, certified cryptography and IPsec architecture to protect transport Branch AES-256- GCM Internet WAN Edge IKEv2 Anti-replay PKI Private DC Protects from eavesdropping and man-inthe-middle attacks 256-bit Advanced Encryption Standard Elliptical Curve Cryptography (AES-256- GCM) for 192-bit Security Level IKEv2 for secure, trusted transport security establishment Eavesdropper Man-in-the- Middle Uncontrolled Access Strongest authentication and Key exchange algos: ECDSA, ECDH and SHA-2 (SHA-256/384) NSA certified for both unclassified and most-classified information categories BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

QoS BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 17

Remote Site QoS Configuration Inbound Hub Configuration int tunnel X nhrp map group prm-20mbps servicepolicy output prm-dscp#iwan-8#shape#20.0 100 Mbps Data Center DMVPN Hub 1Gbps Ethernet 20Mbps WAN ISPX 20 Mbps 10 Mbps 30 Mbps 10 Mbps Headend IPsec Remote Site Router Spoke 1 Spoke 2 Spoke 3 Spoke 4 20Mbps Spoke Configuration int tunnel X nhrp group nhrp group prm-20mbps Committed Information Rate Per-Tunnel QoS Shaper BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

Overlay Routing BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

IWAN Routing Best Practices No peering with MPLS or Internet providers Static routing to providers to establish DMVPN tunnels Simplifies adding or changing WAN transport services Single WAN routing domain BGP or IGP over DMVPN Simplifies deployment and troubleshooting BR DC/MC BR PUBLIC (DMVPN) BR MC BR MPLS (DMVPN) MC/BR MC/BR MC/BR BR BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

Intelligent Path Control Intelligent Path Control Dynamic Application best path based on policy and network conditions Load balancing for full utilization of bandwidth Improved availability PfRv3 BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 21

Command Line Review Point 2 Key Operations - Intelligent Path Control with PfR ISR G2 ASR1K MC Traffic Classes Learning Active TCs MC Performance Measurements MC Best Path BR BR BR BR BR BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR MC+BR Define Your Traffic Policy Learn the Traffic Measurement Path Enforcement Identify Traffic Classes based on Applications or Transport Classifiers ISR G2 and ASR Learn traffic classes flowing through Border Routers (BRs) based on your policy definitions Measure the traffic flow and network performance actively or passively and report metrics to the Master Controller Master Controller commands path changes based on your traffic policy definitions BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

Built-in Policy Templates Matching QoS Best Practices Pre-defined Template Threshold Definition Voice priority 1 one-way-delay threshold 150 threshold 150 (msec) priority 2 packet-loss-rate threshold 1 (%) priority 2 byte-loss-rate threshold 1 (%) priority 3 jitter 30 (msec) Pre-defined Template Threshold Definition Real-time-video priority 1 packet-loss-rate threshold 1 (%) priority 1 byte-loss-rate threshold 1 (%) Low-latencydata priority 2 one-way-delay threshold 150 (msec) priority 3 jitter 20 (msec) priority 1 one-way-delay threshold 100 (msec) priority 2 byte-loss-rate threshold 5 (%) priority 2 packet-loss-rate threshold 5 (%) Bulk-data Best-effort scavenger priority 1 one-way-delay threshold 300 (msec) priority 2 byte-loss-rate threshold 5 (%) priority 2 packet-loss-rate threshold 5 (%) priority 1 one-way-delay threshold 500 (msec) priority 2 byte-loss-rate threshold 10 (%) priority 2 packet-loss-rate threshold 10 (%) priority 1 one-way-delay threshold 500 (msec) priority 2 byte-loss-rate threshold 50 (%) priority 2 packet-loss-rate threshold 50 (%) BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

Performance Routing Version 3 Route Controller Components The Domain Controller (DC) Discover Peers Advertise policy and services; topology discovery One per domain, Collocated with MC. Domain Controller Master Controller DC/MC MC Master Transit The Master Controller (Route Controller) Verification, reporting and route controller No packet forwarding/ inspection required Determines optimal paths and commands BR to enforce BR BR BR BR The Forwarding Path: Border Router (BR) Gain network visibility in forwarding path (Learn, measure) Enforce MC s decision (path enforcement) Monitoring: IWAN Domain PUBLIC (DMVPN) MPLS (DMVPN) Unified Monitoring - Passive Smart Probes Optimise by: Reachability, Delay, Loss, Jitter, Link Utilization, Load Balancing, Path Preference MC/BR MC/BR MC/BR BR Scaling: recommended 2000 sites max BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 24

Troubleshooting Tip Local Command Logging archive log config logging enable notify syslog contenttype plaintext Add these commands to device configuration before deployment with GUI tools. Archive of executed commands is logged: 677: Sep 13 18:34:33: %PARSER-5-CFGLOG_LOGGEDCMD: User:apic-em logged command:interface Port-channel41 678: Sep 13 18:34:33: %PARSER-5-CFGLOG_LOGGEDCMD: User:apic-em logged command:service-policy input prm-nbar-12-cls 679: Sep 13 18:34:33: %SYS-5-CONFIG_I: Configured from console by apic-em on vty1 (10.5.100.166) 680: Sep 13 18:34:35: %PARSER-5-CFGLOG_LOGGEDCMD: User:apic-em logged command:!exec: enable 681: Sep 13 18:35:01: %PARSER-5-CFGLOG_LOGGEDCMD: User:apic-em logged command:interface Port-channel41 682: Sep 13 18:35:02: %PARSER-5-CFGLOG_LOGGEDCMD: User:apic-em logged command:service-policy input prm-nbar-12-cls 683: Sep 13 18:35:02: %SYS-5-CONFIG_I: Configured from console by apic-em on vty4 (10.5.100.166) BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 25

Demo 3 Live Prebuilt Verification

Q & A

Recommended Reading Available Now BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 28

Complete Your Online Session Evaluation Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card. Complete your session surveys through the Cisco Live mobile app or on www.ciscolive.com/us. Don t forget: Cisco Live sessions will be available for viewing on demand after the event at www.ciscolive.com/online. 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public

Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Lunch & Learn Meet the Engineer 1:1 meetings Related sessions BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

Thank you

R&S Related Cisco Education Offerings Course Description Cisco Certification CCIE R&S Advanced Workshops (CIERS-1 & CIERS-2) plus Self Assessments, Workbooks & Labs Implementing Cisco IP Routing v2.0 Implementing Cisco IP Switched Networks V2.0 Troubleshooting and Maintaining Cisco IP Networks v2.0 Interconnecting Cisco Networking Devices: Part 2 (or combined) Interconnecting Cisco Networking Devices: Part 1 Expert level trainings including: instructor led workshops, self assessments, practice labs and CCIE Lab Builder to prepare candidates for the CCIE R&S practical exam. Professional level instructor led trainings to prepare candidates for the CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in self study elearning formats with Cisco Learning Labs. Configure, implement and troubleshoot local and wide-area IPv4 and IPv6 networks. Also available in self study elearning format with Cisco Learning Lab. Installation, configuration, and basic support of a branch network. Also available in self study elearning format with Cisco Learning Lab. CCIE Routing & Switching CCNP Routing & Switching CCNA Routing & Switching CCENT Routing & Switching For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 33

Network Programmability Cisco Education Offerings Course Description Cisco Certification Developing with Cisco Network Programmability (NPDEV) Designing and Implementing Cisco Network Programmability (NPDESI) Provides Application Developers with comprehensive curriculum to develop infrastructure programming skills; Addresses needs of software engineers who automate network infrastructure and/or utilize APIs and toolkits to interface with SDN controllers and individual devices Provides network engineers with comprehensive soup-to-nuts curriculum to develop and validate automation and programming skills; Directly addresses the evolving role of network engineers towards more programmability, automation and orchestration Cisco Network Programmability Developer (NPDEV) Specialist Certification Cisco Network Programmability Design and Implementation (NPDESI) Specialist Certification Programming for Network Engineers (PRNE) Learn the fundamentals of Python programming within the context of performing functions relevant to network engineers. Use Network Programming to simplify or automate tasks Recommended pre-requisite for NPDESI and NPDEV Specialist Certifications Cisco Digital Network Architecture Implementation Essentials (DNAIE) This training provides students with the guiding principles and core elements of Cisco s Digital Network Architecture (DNA) architecture and its solution components including; APIC-EM, NFV, Analytics, Security and Fabric. None For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth BRKCRS-2002 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback