Branch - Cisco ISR 4000 with iwan (ducho@cisco.com) System Engineer @ Enterprise Cisco Systems Korea 2014. Dec. 11 th
Background Branch router?
,, App Application Delivery Application Consumption Next Gen Applications UHD Web SaaS App?
,, PRESSURE ON THE BRANCH Branch 80 % of employees and customers are served by branches. They need a LAN-like experience
WAN /
Cisco Intelligent WAN Any Connection Any Application Any Cloud IT
New ISR 4K Branch router ISR router Branch Solution
Cisco ISR 4000 Application Experience Pay-as-You-Grow UCS E-Series Integrated compute 8 cores Service-awareness Data Plane ( ) Appliance Cisco ISR 4000 Powering the Intelligent WAN!! L2-7, 4-10X Faster (ISR G2 )
ISR 4K Cisco ISR 4400/4300 Series NEW ISR 4451-X 1-2Gbps NEW NEW ISR 4351 200-400 Mbps ISR 4431 500-1000 Mbps NEW ISR 4321 50-100 Mbps ISR 4331 100-300 Mbps Available September 2014 Purpose Built Branch Application Centric Infrastructure
SM-X Ethernet Switching Module ISR G2 and 4000 Series ISR Ethernet Switching Module Catalyst 3560-X Architecture Cisco ISR G2 ISR 4K router Layer 2/3 feature (LAN Base/IP Base/IP Service) What is new? PoE/PoE+, CTS, MACSec Catalyst 3560-X License Will ship with LAN base (layer 2-only features) MGF(Multi-Giga Fabric) High Performance Switching OIR (Online Insert and Removal) Module PID SM-X-ES3-16-P SM-X-ES3-24-P SM-X-ES3D-48-P
GE Routed Port Interfaces Gigabit Ethernet Interface Port-density Cisco 4451 16 Fiber port Branch Router 10G SFP+ interface SFP or UTP port option 2 SKU model SM-X-6X1G (6-ports 1GE SFP/UTP interface module) SM-X-4X1G-1X10G (1-port 10 GE (SFP+) + 4-ports 1GE interface module) Module PID SM-X-6X1G SM-X-4X1G-1X10G
Branch UCS-E series WAN Technology Consolidation Branch Services Unified Communications Scalability UCS-E140S Intel E3 4 Core Processor 8-16GB x RAM, 2 TB UCS-E160D Intel E5 6 Core Processor 8-48 GB RAM, 200GB - 3 TB Feature Richness UCS-E180D Intel E5 8 Core Processor 8-48 GB RAM, 200 GB - 3 TB NEW
Service Containers Hypervisor, Reference Hypervisor, IOS, VM 1 VM 2 VM 3 WAAS Energywise Future App
Cisco Intelligent WAN ISR4000-AX Transport Independent Intelligent Path Control Application Optimization Secure Connectivity / CWS(Cloud Web Security) Application Experience
Transport- Independent Design WAN
Transport Independent Full-mesh WAN WAN Dynamic Full-Meshed Connectivity Security Carrier service multihoming, Utilization media site-to-site IPSec hub configuration cryptography The image Internet WAN ASR 1000 Branch ISR 4K router MPLS ASR 1000 Data Center
Intelligent Path Control IWAN Application
WAN Utilization App SLA Critical App bandwidth utilization Set Policy Actions App (App SLA, link status) / Delay, Jitter, BW 2X WAN Utilization Path A Path B Data Centers App Priority Path Loss Jitter Delay Voice/Video Path A x x x Business Critical Path B x x Remaining Load balance WAN Bandwidth App Performance
PfR Bandwidth Critical Applications Hybrid IWAN Dual Internet WAN Detect Loss Greater Than 10% Detect High Jitter Cloud Services Best-Effort Traffic Voice and Video Best-Effort Traffic VDI SP1 (MPLS) ISP (Internet) ISP-1 (Cable) ISP-2 (DSL) Cloud Services and Load-Balancing Policy Multimedia and Critical Data Policy application Quality. Loss less than 5% WAN traffic load-sharing Bandwidth. Voice Video Latency less than 150 ms; Jitter less than 20 ms Voice and video (SP-A) VDI (SP-B) Application : SP1 (MPLS) MPLS + Internet Line VDI application Loss less than 5% Load-Sharing Utilization
PfR Classical Routing PfR PATH CONTROL cost path Static Performance METRICS Path cost + Delay Jitter Bandwidth ADAPTIVE RESPONDS TO: Node (up/ down) RESPONDS TO: Performance (Degradation)
Optimize Application Performance Application
Application Traffic Cisco AVC(Application Visibility and Control) PROBES App HW NetFlow v9/ipfix reporting tool 1000 Application Rule IP/ ACL Application HTTP flow Bandwidth, application / Proliferation of Devices 60% of IT Professionals Cite Performance as Key Challenge for Cloud CSR AVC Enterprise Edge Branch ISR 4K AVC WAN NetFlow v9 ASR AVC Private Cloud DC/Headquarters AVC
Application WAN Application Reduce load WAN bandwidth Real-time Application Service Quality App Data redundancy elimination (DRE), compression, and TCP optimization Application Fewer protocol messages and metadata caching 4 3 2 Bandwidth (Mbps) Latency (Seconds) 160 120 80 Reduction in bandwidth Reduction in latency Application bandwidth natively Application bandwidth with Cisco WAAS Application latency natively Application latency with Cisco WAAS 1 40 0 0 Application Application Bandwidth Latency
WAAS E-mail 5 MB Attachment File Transfer 5 MB File 0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 Time in Seconds Send and receive email over native WAN First optimized with WAAS Second pass optimized with WAAS MS SharePoint 5 MB Document T1 (1.54Mbps) 80 ms Latency 0 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 Time in Seconds File drag and drop over native WAN First optimized with WAAS Second pass optimized with WAAS VDI (CITRIX) 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Time in Seconds SharePoint file download over native WAN First optimized with WAAS Second pass optimized with WAAS 0 2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 Time in Seconds Launch Citrix XenDesktop over native Citrix ICA/ SSL Launch Citrix XenDesktop with WAAS Site navigation over native Citrix ICA/SSL Site navigation with WAAS
Cisco WAAS + Akamai Solution Akamai Caching, Cashing Cisco Intelligent WAN with Akamai Connect World s Best Optimization Solution for HTTP Traffic Intranet HTTP Caching AKAMAI WEB ACCELERATION Dynamic OTT HTTP Caching Akamai Connected Cache Content Pre-positioning LZ Compression TCP Optimization CISCO WAAS Data De-duplication Application Specific Acceleration
Securing Your IWAN
Backhaul Secure Transport + Internet Access OFF-LOAD CORPORATE WAN DMVPN Firewall/IPS Application ( ) AVC Web Filtering Malware Branch ISR Cloud Connector to CWS datacenters CWS Encapsulated HTTP, HTTPS WAN2 (Internet) Web Filtering, Adv. Malware Detection & Threat Analytics WAN1 (IP-VPN) Cisco Cloud Web Security CWS IWAN Tunnels for HQ/DC Traffic Secure Public Cloud and Internet Access Private Cloud Public Cloud Internet
Cisco Cloud Web Security (CWS) Direct Internet Access Web Filtering Web Reputation Malware Signature File Reputation File Behavior File Retrospection Threat Analytics Application Visibility and Control Roaming Users Headquarters Branch Office
Cloud Web Security (CWS) for Dedicated Internet Access Attack Continuum BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Web Filtering Signature-based AV File Retrospection Reputation Filtering Acceptable Use Policy Heuristic Analysis File Reputation Threat Analytics Actionable Reporting Application Visibility Control File Behavior
IWAN Management and Integration tool
!,! Intelligent WAN App with APIC-EM Prime Infrastructure 2.2 IWAN System Release 2.0 FCS April 2015 CA Dec 2014 FCS Nov 2014 Available Dec 2014 Workflow provisioning Capacity trending workflow Topology visualization End-to-End Validated Design Secure WAN (Day 1) (Day 2)
Ecosystem Tool Lifecycle Management Cloud-based Orchestration Management & Visibility Cisco Prime Plug and Play deployment Health Assurance Compliance Prime 2.2 Day 1 support for ISR 4000 IWAN Work flows Topology Visualization configuration OnePK for app aware WANs GlueWare Day 1 support for ISR 4000 AVC support (Sep 2014) On-premise option (Nov 2014) Live Action Day 1 support for ISR 4000
Session Summary Branch
Branch! 1 2 3 4 5 / App 4-10 Direct Internet access App Device deployment 4G, LTE interface Day 2 network-wide monitoring Probe Hop OS Network, compute, storage APIC-EM Unified Access
Cisco ISR 4000 Family Branch IT B A C 4-10X Faster Application-aware Data Plane Revolution Architecture TCO /Programmability All-in-one ISR 4321 (50-100 Mbps) ISR 4331 (100-300 Mbps) ISR 4351 (200-400 Mbps) ISR 4431 (500-1000 Mbps) ISR 4451-X (1-2Gbps)
E-learning Tablet PC HD Wi-Fi On-line store Local store Product catalogs Web sales point Direct Internet access Application Wi-Fi HD video Virtual offices
Thank you.