IWAN Intelligent WAN, Next Generation Branch Architecture. Lars Thoren Technical Marketing Engineer, ENG

IWAN Intelligent WAN, Next Generation Branch Architecture Lars Thoren Technical Marketing Engineer, ENG

Mobile Device Network Traffic Average Number of Apps per Device* Average App Size** OS Update File Size*** ios ios 7 for iphone 5 Android Jelly Beans 4.1 Windows Windows 7 Sources: * http://www.nielsen.com/us/en/newswire/2012/state-of-the-appnation-%c3%a2%c2%80%c2%93-a-year-of-change-and-growth-in-u-ssmartphones.html ** https://www.abiresearch.com/press/average-size-of-mobile-games-for-ios-increased-by- *** http://www.wirelessandmobilenews.com/2013/05/samsung-galaxy-s3-iii-update-android-4.2.1-jelly-bean.html http://theiphonewiki.com/wiki/firmware#ipad_4 http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_update/what-is-average-monthly-size-of-updatedownloads/dfe9bb34-c2dd-478e-a6cb-0a26228cf552 2013 Cisco and/or its affiliates. All rights reserved. 3

Chromebook Creates an Average of 152 Times More Traffic Third-Party Lab Test Chromebook vs. Windows 8 Laptop Chromebook creates as high as 692.2 times more network traffic On average, Chromebook creates152 times more network traffic Document Manipulation Photo Manipulation Video Manipulation Music Manipulation Web Browsing Note Taking 0.14 0.27 2.73 0.21 6.06 41.33 10.80 57.84 211.29 145.56 77.39 18.30 Test Taking 5.00 8.65 http://principledtechnologies.com/microsoft/chromebook_pc_network_traffic_0613.pdf 0 2 4 6 8 10 Asus VivoBook S200E Notebook Running Microsoft Windows 8 Samsung Chromebook Running Chrome OS 2013 Cisco and/or its affiliates. All rights reserved. 4

Emerging Branch Demands The Application Landscape is Changing Applications Are Moving to the Data Center and Cloud Cloud Branch Edge Is Moving to the Branch Pressures on the WAN Data Centers Cloud of CIOs Expect to Operate via the Cloud by 2015 Mobility More Mobile Data Traffic by 2015 Fat Apps of Mobile Traffic Will Be Video 2013 Cisco and/or its affiliates. All rights reserved. 5

Becoming an Extension of Enterprise WAN Commodity Transports Viable Now Dramatic Bandwidth, Price Performance Benefits Higher Network Availability Improved Performance Over 2013 Cisco and/or its affiliates. All rights reserved. 6

Why Move to as WAN? Low-Cost Alternative Pricing vs. Reliability, 1998-2012 of Organizations Are Planning to Transition to Connections 1 Transit Pricing based on surveys and informal data collection primarily from Operations Forums street pricing estimates 2 Packet delivery based on 15 years of ping data from PingER for WORLD (global server sample) from EDU.STANFORD.SLAC in California Source: William Norton (DrPeering.net); Stanford ping end-to-end reporting (PingER) 2013 Cisco and/or its affiliates. All rights reserved. 7

And the Transition Pays Off Fast EXAMPLE: San Francisco Single MPLS VPN vs. Dual Business ($ per Month) $1,014 10 Mbps $885 $830-75% $665 Savings/Month x 12 Months X 1,000 Sites = $8M Savings per Year $220 1.5 Mbps $303 $274 $260 $140 MPLS VPN CoS1 MPLS VPN CoS2 MPLS VPN iwan CoS3 Dual Links Combined for Ent SLA Source: Telegeography MPLS VPN pricing for San Francisco as of March 2013; Comcast Web site; Verizon website 2013 Cisco and/or its affiliates. All rights reserved. 8

Intelligent WAN: Leveraging the Secure WAN Transport and Access Hybrid WAN Transport IPsec Secure Branch MPLS (IP-VPN) Private Cloud Virtual Private Cloud Direct Access Public Cloud Secure WAN transport for private and virtual private cloud access Leverage local path for public cloud and access Increased WAN transport capacity; and cost effectively! Improve application performance (right flows to right places) 2013 Cisco and/or its affiliates. All rights reserved. 9

Intelligent WAN: Leveraging the So What is New Here? Hybrid WAN Transport IPsec Secure as WAN with High Reliability Branch MPLS (IP-VPN) Private Cloud SLAs for Business-Critical Applications Virtual Private Cloud Direct Access Public Cloud Centralized Security Policy for Access Secure WAN transport for private and virtual private cloud access Leverage local path for public cloud and access Increased WAN transport capacity; and cost effectively! Dramatically Lower WAN Costs Without Compromise Improve application performance (right flows to right places) 2013 Cisco and/or its affiliates. All rights reserved. 10

Intelligent WAN Solution Components AVC Private Cloud 3G/4G-LTE Virtual Private Cloud Branch WAAS PfR MPLS Public Cloud Transport Independent Intelligent Path Control Application Optimization Secure Connectivity Consistent operational model Simple provider migrations Scalable and modular design DMVPN IPsec overlay design Application best path based on delay, loss, jitter, path preference Load balancing for full utilization of all bandwidth Improved network availability Performance Routing (PfR) Application monitoring with Application Visibility and Control (AVC) Application Acceleration and bandwidth savings with WAAS Certified strong encryption Comprehensive threat defense with ASA and IOS firewall/ips Cloud Web Security (CWS) for scalable secure direct access 2013 Cisco and/or its affiliates. All rights reserved. 11

Intelligent WAN Deployment Models Dual MPLS Hybrid Dual Public Enterprise Public MPL MPL S S MPLS + Intern et Branch Branch Branch Inter net Highest SLA guarantees Tightly coupled to SP ẋ Expensive More BW for key applications Balanced SLA guarantees Moderately priced Best price/performance Most SP flexibility Enterprise responsible for SLAs Consistent VPN Overlay Enables Security Across Transition 2013 Cisco and/or its affiliates. All rights reserved. 12

Flexible Secure WAN Design Over Any Transport Dynamic Multipoint VPN (DMVPN) Transport-Independent Flexible Secure Simplifies WAN Design Easy multi-homing over any carrier service offering Single routing control plane with minimal peering to the provider Dynamic Full-Meshed Connectivity Consistent design over all transports Automatic site-to-site IPsec tunnels Zero-touch hub configuration for new spokes Proven Robust Security Certified crypto and firewall for compliance Scalable design with high- performance cryptography in hardware WAN ASR 1000 ISR-G2 Branch MPLS ASR 1000 Data Center 2013 Cisco and/or its affiliates. All rights reserved. 14

What is Dynamic Multipoint VPN? DMVPN Is a Cisco IOS Software Solution for Building IPsec + GRE VPNs in an Easy, Dynamic, and Scalable Manner Relies on Two Proven Technologies Next-Hop Resolution Protocol (NHRP) Creates a distributed mapping database of VPN (tunnel interface) to real (public interface) addresses Multipoint GRE tunnel interface Single GRE interface to support multiple GRE/IPsec tunnels and endpoints Simplifies size and complexity of configuration Supports dynamic tunnel creation Major Features Configuration reduction and notouch deployment supports: Passenger protocols (IP(v4/v6) unicast, multicast, and dynamic routing protocols) Transport protocols (NBMA) (IPv4 and IPv6) Remote peers with dynamically assigned transport addresses Spoke routers behind dynamic NAT; hub routers behind static NAT Dynamic spoke-spoke tunnels for partial/full mesh scaling Works with MPLS; GRE tunnels and/or data packets in VRFs and MPLS switching over the tunnels Wide variety of network designs and options 2013 Cisco and/or its affiliates. All rights reserved. 15

Hybrid WAN Designs Traditional and IWAN TRADITIONAL HYBRID IWAN HYBRID Active/Standby WAN Paths Primary With Backup Data Center Data Center Active/Active WAN Paths Two IPsec Technologies GETVPN/MPLS DMVPN/ ISP A ASR 1000 ASR 1000 SP V ISP A ASR 1000 ASR 1000 SP V One IPsec Overlay DMVPN Two WAN Routing Domains MPLS: ebgp or Static : ibgp, EIGRP or OSPF Route Redistribution Route Filtering Loop Prevention DMVPN GETVPN MPLS DMVPN DMVPN MPLS One WAN Routing Domain ibgp, EIGRP, or OSPF ISR-G2 Branch ISR-G2 Branch 2013 Cisco and/or its affiliates. All rights reserved. 16

Traditional WAN to IWAN Transition Migration Steps ADDING DMVPN TO MPLS WAN MPLS ISR G2 MPLS MPLS ISR G2 MPLS 0 1 2 MPLS ISR G2 MPLS REPLACING A WAN SERVICE WITH AN INTERNET SERVICE 3 MPLS ISR G2 MPLS MPLS MPLS 4 ISR G2 5 MPLS ISR G2 OTHER INTERESTING IWAN TOPOLOGIES ISR G2 3G/4G-LTE MPLS ISR G2 3G/4G-LTE ISR G2 * Typical MPLS and Business Grade Broadband Availability SLAs and Downtime per Year. 2013 Cisco and/or its affiliates. All rights reserved. 17

Building Highly Available WANs With Cisco IWAN Redundancy and Path Diversity Matter SINGLE ROUTER, SINGLE PATH SINGLE ROUTER, DUAL PATHS Downtime per Year 4 9 Hours 26 Minutes Downtime 99.95%* per Year 99.90%* 8 Hours MPLS 46 Minutes ISR G2 MPLS MPLS MPLS ISR G2 IWAN Solution ISR G2 ISR G2 99.995% 99.995% 99.995% ISR G2 99.999% 99.999% 99.999% DUAL ROUTERS, DUAL PATHS 5 Minutes MPLS ISR G2 MPLS ISR G2 MPLS ISR G2 ISR G2 ISR G2 ISR G2 * Typical MPLS and Business Grade Broadband Availability SLAs and Downtime per Year, calculated with Cisco AS DAAP tool. 2013 Cisco and/or its affiliates. All rights reserved. 18

Getting the Most Out of Your WAN Investment Benefits of Intelligent Path Control Lower WAN Costs Full Utilization of All WAN Bandwidth Improved Application Performance Enabling -Based WANs Efficient Distribution of Traffic Based Upon Load, Circuit Cost, and Path Preference Per Application Best Path Based on Delay, Loss, Jitter Measurements Protection From Carrier Black Holes and Brownouts AVC ISR G2 ASR 1000 ASR 1000 Branch WAAS PfR WAN Data Center 2013 Cisco and/or its affiliates. All rights reserved. 20

Intelligent Path Control with PfR Voice and Video Use-Case Voice/Video take the best delay, jitter, and/or loss path MPLS Private Cloud Branch Other traffic is load balanced to maximize bandwidth PfR monitors network performance and routes applications based on application performance policies PfR load balances traffic based upon link utilization levels to efficiently utilize all available WAN bandwidth Virtual Private Cloud Voice/Video will be rerouted if the current path degrades below policy thresholds 2013 Cisco and/or its affiliates. All rights reserved. 21

What is Performance Routing (PfR)? Tooling for Intelligent Path Control Performance Routing (PfR) provides additional intelligence to classic routing technologies to track the performance of, or verify the quality of, a path between two devices over a Wide Area Networking (WAN) infrastructure to determine the best egress or ingress path for application traffic... Data Center BR MC BR Cisco IOS technology DSL Cable Two components: Master controller and border router MC+BR Branch 2013 Cisco and/or its affiliates. All rights reserved. 22

PfR Enhances Classical Routing Classical PfR PATH CONTROL Topological state Least cost path Static user preference Application-aware Policy controlled Measured performance METRICS Path cost Interface state + Delay Jitter Bandwidth ADAPTIVE Responds To: Link and node state changes (up/down) Responds To: Measured performance changes (degradation) 2013 Cisco and/or its affiliates. All rights reserved. 23

What PfR Does Protecting Critical Applications While Increasing Bandwidth Utilization Detect Loss Greater Than 10% Hybrid IWAN Detect High Jitter Dual IWAN Cloud Services Best-Effort Traffic Voice and Video Best-Effort Traffic VDI SP1 (MPLS) ISP () ISP-1 (Cable) ISP-2 (DSL) Cloud Services and Load-Balancing Policy Multimedia and Critical Data Policy Protect business cloud applications from brownouts Loss less than 5% Preferred path for critical applications: SP1 (MPLS) Increase WAN bandwidth efficiency by load-sharing traffic over all WAN paths, MPLS + Protect voice and video quality Latency less than 150 ms; Jitter less than 20 ms Protect VDI applications from brownouts Loss less than 5% Voice and video preferred path SP-A VDI preferred path SP-B Increase utilization by load sharing 2013 Cisco and/or its affiliates. All rights reserved. 24

Performance Routing Components The Decision Maker: Master Controller (MC) Discover BRs, collect statistics Apply policy, verification, reporting No packet forwarding/inspection required Data Center MC The Forwarding Path: Border Router (BR) Gain network visibility in forwarding path (Learn, measure) Enforce MC s decision (path enforcement) Does all packet forwarding BR DSL BR Cable Optimize By: Reachability, Delay, Loss, Jitter, MOS, Throughput, Load, and/or $Cost MC+BR Branch 2013 Cisco and/or its affiliates. All rights reserved. 25

PfR Evolution Focusing on Simplification and Scale PfR/OER Edge Basic WAN Provisioning per site per policy 1000s of lines of config Today Summer 2014 PfRv2 Policy simplification App Path Selection Blackout ~6s Brownout ~9s Scale 500 sites 10s of lines of config PfRv3 Centralized provisioning AVC Infrastructure VRF Awareness Blackout ~ 2s Brownout ~ 2s Scale 2000 sites Hub config only 2013 Cisco and/or its affiliates. All rights reserved. 26

Static port classification is no longer enough Collaboration Information SaaS More and more apps are opaque Increasing use of encryption and obfuscation Application consists of multiple sessions (video, voice, data) FTP IM What if user experience is not meeting business needs? SOA P RP C Vide o HTTP is the new TCP 2013 Cisco and/or its affiliates. All rights reserved. 28

Make Your IWAN Application Aware Add Cisco AVC Users/ Machines Proliferation of Devices Public Cloud Private Cloud Branch DC/Headqua rters Cisco AVC FNF/NBAR2/QoS/Pfr No Probes Rich data collection using NetFlow v9/ipfix No additional hardware (and included in AX license) Easy to integrate into many reporting tools Smart Capacity Planning Better use of costly bandwidth Per-branch and perapplication level reporting Business Aligned Privacy Enforcement No need for complex IP and port ACLs See inside HTTP flows to identify specific Cloud applications 60% of IT Professionals Cite Performance as Key Challenge for Cloud 2013 Cisco and/or its affiliates. All rights reserved. 29

Add WAN Optimization Speed and Bandwidth Benefits on Top of the IWAN Users/ Machines Proliferation of Devices Accelerate Any TCP Connection CSR WAN Private Cloud Branch vwaas WAAS Express AppNav-XE Controller WAVE DC/Headqua rters Faster Applications, More Users, Less Bandwidth 90% HD Video optimization and better user experience Twice as many Citrix users over same WAN, 70% faster Toyota: ROI in less than one year, 65% BW cost savings Easy to Deploy Works with existing branch routers (and existing AX license Scalable AppNav Controller and WAVE pool is scalable Native HA capability 2013 Cisco and/or its affiliates. All rights reserved. 30

Intelligent WAN Direct Access Branch Direct Access MPLS (IP-VPN) Private Cloud Virtual Private Cloud Public Cloud Leverage Local path for Public Cloud and access Improve application performance (right flows to right places) 2013 Cisco and/or its affiliates. All rights reserved. 32

Secure Access with Cisco Cloud Web Security (CWS) IOS Firewall to protect Edge WAN1 (IP-VPN) IWAN IPsec VPN for Private Cloud Traffic Private Cloud Branch WAN2 () Secure Public Cloud and Access ISR Connector to CWS Firewall towers CWS Public Cloud Web Filtering, Access Policy, Malware Detect 2013 Cisco and/or its affiliates. All rights reserved. 33

1. Cisco Prime Infrastructure Provides Enterprise and Integrator life-cycle network management applications 2. Glue Networks Delivers Cloud based simplified deployment portal 3. Live Action 1. - On Premise IWAN Management solution 4. SDN ready with OnePK Comprehensive programmability kit to enable SDN provisioning applications 5. APIC-EM, IWAN app Enterprise SDN Controller with IWAN app (Future) 2013 Cisco and/or its affiliates. All rights reserved. 35

IWAN Capabilities Embedded in the Router One Network UNIFIED SERVICES Visibility L4-L7 Applicati Control Services Optimization ASR1000-AX Simplify Application Delivery Transport L2-L3 Independent Transpor Secure t Routing ISR-AX Cisco AX Routers 3900 2900 1900 800 4451 ASR1002-X 2013 Cisco and/or its affiliates. All rights reserved. 37

Redefining Branch Routing with ISR 4451-X Unprecedented Performance and Service Scalability with IT Simplicity Appliance-level Services Performance 1-2 Gbps Performance Separate Services Planes for Continuity Pay-As-You-Grow Model No Disruptions or Truck Rolls Simplified Service Integration Ease of L2-L7 Service Deployment Native, Full-featured WAN Optimization Security with Application Visibility Application Service Assurance Cisco ISR 4451-X The Ultimate ISR with Application Experience

Just in, hot of the press!!!!!!! Best of Interop 2014, Networking Network Computing article http://www.networkcomputing.com/data-networking-management/best-of-interop-2014-winners-unveiled/240166898?pgno=2 Link to video with solution overview http://youtu.be/jvaxi5hsbpi Cisco is transforming a product line that began as a way to connect remote sites to corporate networks and the into a smallscale data center in a box...a very small, 2U box. Kurt Marko, Judge Interop

Integrated Platform for IT Simplicity Granular Control Everywhere Proven Security at Scale Unmatched Contextbased Routing Quick ROI Faster than Alternatives Up to in Savings Many pay off in The Alternative: Overlay Appliances Router WAN Path Selection Branch ISR-AX DC ASR1K-AX Cloud CSR1000V Any to Any Security Protect All Branch Resources Secure Direct Access App-Aware Endpoint-Aware Network-Aware Savings enables Business Innovation App Visibility andcontrol WAN Opt. Firewall IP Sec VPN 2013 Cisco and/or its affiliates. All rights reserved. 41