Dubrovnik, Croatia, South East Europe 20-22 May, 2013 Cloud Intelligent Network Mitko Vasilev CIN Lead Central Europe mitko@cisco.com 2011 2012 Cisco and/or its affiliates. All rights reserved. 1
New Application Trends Require the Network to Evolve Market Trends IT Trends Infrastructure Requirements By 2015 50% of CIOs expect to operate in the cloud 90% of organizations backhaul traffic through DC 2/3 of mobile data traffic will be video LOB alignment Direct Internet Access Private, Public and Hybrid Clouds Webification of Applications From Packets to Apps Application Level Visibility Intelligent Path Selection App-level Optimization App-level Security Sources: Gartner, Information Week, The Register/Xiotech, Enterprise Strategies Group, and FalconStor surveys, Cisco Visual Networking Index; Metzler Cloud Networking Report 2011
Opportunity to Increase Business Value of the Network HRK $ BGN Critical applications prioritized Other traffic managed / dropped Optimal routes selected Probe-less deployment Wired/Wireless view of 1000+ apps Rapid root cause analysis Smarter use of costly bandwidth Smarter capacity planning Business-oriented SP offers Presentation_ID LOWER COST
Application Visibility and Control
What is Application Visibility and Control (AVC) App Visibility & User Experience Report App BW Transaction Time NFv9/IPFIX SAP 3M 150 ms Sharepoint 10M 500 ms High High Low Reporting Tools Application Discovery Reporting App Performance Tool Info Exporting Management Tool Apps Control Identify applications using Deep Packet Inspection Collect application performance metrics, and export to management tool Advanced reporting GUI tools report application metrics Prioritize the Core Business Applications
DISCOVER - CLASSIFICATION
Application Recognition in Enterprise Access Control List (ACL) Up to Layer 4 analysis AVC >1000 application signatures Up to the application level AVC and Metadata Interact with application to go deeper into the end user flows >1000 application signatures Up to the application level
Network Based Application Recognition (NBAR2) 1500 Number of Applications Supported 1000+ HTTP Hostname HTTP URI Browser Type 1000 500 NBAR1 NBAR2 0 NBAR1 NBAR2 More than 1000 applications support and growing Categorization to simplify application management In-service signature update through Protocol Pack Field Extraction collect application specific information in addition to identify applications Sub-port Classification match parameters of the applications
NBAR2 Regular Updates PPX (Major) 1M PPX.1 (Minor) 1M PPY (Major) 1M PPY.1 (Minor) protocols~ 10 updates and fixes Bug fixes small updates Protocols~10 updates and fixes Bug fixes small updates Standard Protocol Pack Includes only subset of protocols No periodic releases and SLA Advanced Protocol Pack Includes all supported Protocols / Applications Periodic releases and Offers SLA Protocol Pack PP 4.1 Available NBAR2 Protocol1 Protocol2 Protocoln
MONITORING Application Performance Reporting
What you can monitor with AVC Traffic Statistics Application Usage per client IP/subnet/site Top clients per application URL Visibility Most visited web-site Per-URL application response time Application Response Time Per-application end-to-end latency Application response time & transaction time Media Performance Per-stream jitter and packet loss RTP conversations HTTP HTTP
Prime Infrastructure: AVC Configuration For Your Reference Enable AVC with just ON/ OFF button With Cisco Prime Infrastructure 2.0
For Your Reference
Application Response Time Clients Request Client Network ISR/ ASR/ CSR Server Network ISR/ ASR/ CSR Application Servers Response Client Network Delay (CND) Server Network Delay (SND) Application Delay (AD) Network Delay (ND) Total Delay Application response time provides insight into application behavior (network vs server bottleneck) to accelerate problem isolation Separate application delivery path into multiple segments Server Network Delay (SND) approximates WAN Delay Latency per application
For Your Reference
CONTROL QoS and Performance Routing (PfR)
Maximize Application Performance with PfR Stop bittorrent and netflix. Prioritize salesforce, oracle WAN1 Backup WAN2 Application-aware QoS Intelligent Path Selection Identify 1000+ applications using NBAR2 and control bandwidth with Cisco industry leading QoS Limit unwanted traffic and prioritize critical applications Deliver critical applications over the path which can meet application performance requirement using PfR Automatic load share to maximize bandwidth use on available links
Example: Stop P2P Applications with AVC For Your Reference After apply control policy class-map match-any bittorrent! match protocol attribute sub-category p2p-file-transfer! match protocol bittorrent-networking! match protocol dht! policy-map drop-bittorrent! class bittorrent! police 8000 conform-action drop exceed-action drop violate-action drop! interface GigabitEthernet0/0/0! service-policy input drop-bittorrent! service-policy output drop-bittorrent!
Introducing Performance Routing (PfR) Application aware adaptive routing Full utilization of expensive WAN bandwidth Efficient distribution of traffic based upon load, circuit cost and path preference Improved Application Performance Per application best path based on delay, loss, jitter measurements Increased Application Availability Protection from carrier black holes and brownouts Email VMs Master Controller (MC) Border Router (BR) WAE Cluster PfR MCs Headquarter ISR G2 ASR1K ASR1K PfR BRs ASR1K ASR1K Internet DMVPN SP A MPLS SP B GETVPN MPLS GETVPN PfR MC/BR Email Path Video Path Branch
CIN makes the biggest impact today in: Access Distribu6on Si Si Si Si Si Si Core Si Si Distribu6on Si Si Si Si Access Branches Data Center Internet Edge
Network IT Complexity with Overlay Appliances Application Visibility and Control Internal Resources WAAS Access Router Firewall and VPN WAN Path Control Corporate Network Firewall Internet
Cisco s Approach: One Network with Unified Services One Network UNIFIED SERVICES Application Visibility and Control L4-L7 Application Services Internal Resources Visibility Control Optimization Simplify Application Delivery WAAS Firewall and VPN Access Router L2-L3 Transport WAN Path Routing Redefined Control Corporate Network Security Routing Firewall Internet
VLANs: 10,11,12 Data: 10.1.10.x Voice: 10.1.11.x VLANs: 20,21,22 Data: 10.2.10.x Voice: 10.2.11.x FlexConnect VLANs: 30,31,32 Data: 10.3.10.x Voice: 10.3.11.x FlexConnect VLANs: 40,41,42 Data: 10.4.10.x Voice: 10.4.11.x FlexConnect VLANs: 50,51,52 Data: 10.5.10.x Voice: 10.5.11.x VLANs: 60,61,62 Data: 10.6.10.x Voice: 10.6.11.x CINAT.info Solution Testbed All Information Avaialble at www.cinat.info Floor 1 Access Switch BGP AS 65010 897 172.20.10.2/30 br1-r1 1941 Data: 10.1.10.254 br2-r1 Voice: 10.1.11.254 812 Wiring closet switches (2) VLANs 10,11,12 Floor 2 Access Switch br2-r2 br4-r2 br3-r1 br4-r1 172.20.50.2/30 br6-r1 ASR1k 172.20.50.6/30 ASR1k br5-r1 Branch routers 172.20.60.6/30 ASR1k (MPLS CE) 172.20.60.2/30 br6-r2 Data r1,r2,hsrp 10.6.10.252,253,254 Voice r1,r2,hsrp 10.6.11.252,253,254 Branch Routers (CPEs) 65020 172.20.20.2/30 3G 2951 +4G 2951 897 DSL 4G PE Switch VLAN 450 SEC VLAN 451 PRI BGP AS 65100 PE2 PE1 MPLS PE Routers MPLS 65200 P Routers MPLS Service Providers (2) Micorosoft Lync 10.9.2.12 Data Center Applications asr-internet1 10.9.10.250 Internet Edge PE3 173.36.254.146/27 VLAN 491 CUCM 10.9.2.4 65090 VMware ESXi 10.9.2.91 ASR1k OSPF AS 1 ASR1k asr-internet2 10.9.10.251 WAN Agg (MPLS CE) VMware vcenter 10.9.2.90 173.36.254.147/27 Prime Infrastructure 10.9.2.1 DMZ GW 173.36.254.158 Internet Edge DC Switch vmnic0 vmnic1 Microsoft Active Directory, DHCP server, DNS server 10.9.2.2 Microsoft Exchange 10.9.2.3 4451-X Citrix 10.9.2.6 4451-X 5508 WLC 10.100.1.2 ISE 1.1.3 10.9.2.11 LiveAction 10.9.2.7
SUMMARY
Cloud Intelligent Network Architectural approach to solving business requirements Visibility Control Assess Monitor Prioritize Optimize Accelerate Network readiness for Apps SLA, App performance Business critical apps Access to Apps End user experience Common classification, management and reporting with Cisco Prime INTEGRATED in the Cisco ISR/ASR/CSR Routers, Catalyst Switches, Wireless Controllers, ASA Firewalls