Professional Documents
Culture Documents
BRKARC-2091
Cisco Public
Housekeeping
Please switch your mobile phones to STUN We value your feedbackdon't forget to complete your online session evaluations after each session and complete the Overall Conference Evaluation which will be available online from Thursday
BRKARC-2091
Cisco Public
How do you design a network if you dont know where the applications reside?
Private Cloud?
What if the applications move to a different DC? Or, Hybrid Cloud offering?
The Internet and Web have revolutionized how Application Service Providers deliver applications.
Mobile devices enable users to access applications from anywhere at anytime Work Your Way
Agenda
The Borderless Network Next Generation Enterprise WAN Private Cloud Services Hybrid Cloud Services Public Cloud Services Platform Overview Wrap Up / Summary
BRKARC-2091
Cisco Public
Enterprise Megatrends
IMMERSIVE COLLABORATION
Pervasive Video
MOBILITY
BYOD
Enterprise Megatrends
SECURITY, IT EFFECTIVENESS,
CLOUD
Private, Public Hybrid
$
BRKARC-2091
COST CONTROL,
Cisco Public
Location Border
IT Consumerization
Device Border
Video/Cloud
Application Border
IaaS,SaaS
BRKARC-2091
Cisco Public
BYOD
Desktop Virtualization
Pervasive Video
Remote Expert
Cloud Computing
Key IT Initiatives
Connected Industries
Systems Excellence
Medianet
Multimedia Optimization
EnergyWise
Energy Management
TrustSec
Policy Enforcement
Cloud Connectors
Cloud Optimization
Routing
Switching
Technology Innovation
BRKARC-2091
Cisco Public
ASR 1000
AVC, WAAS UCS-E
Private Cloud
Security
vPath
VXLAN
Nexus 1000V
Webex CCA
3rd party
HCS Services
AnyConnect VPN, ScanSafe, WebEx, and HCS Cloud Connectors
Public Cloud
BRKARC-2091
Cisco Public
BRKARC-2091
Cisco Public
WAN Core
East Region
South Region
Remote Branch
Remote Branch
Consistent Security
Regional WAN
Interconnect
Metro
Internet
Public Cloud
Hybrid Cloud
Services Voice, Video, Etc.
Service Provider
Local Campus
Data Center
Data Center
BRKARC-2091
WAN Core
East Region
Regional WAN
South Region
Remote Branch Remote Branch
Regional WAN
Interconnect
Metro
Internet
Public Cloud
Hybrid Cloud
Services Voice, Video, Etc.
Service Provider
Local Campus
Data Center
Data Center
BRKARC-2091
Cisco Public
12
Local Campus
Data Center
ASR1K
ASR1K
ASR1K
ASR1K
Optimized Performance
Intelligent, Per-Application, Adaptive Routing Pervasive, Scalable End-to-end Security
SP A MPLS
OC3, GE
SP V MPLS
DS3, FE
Internet
Cisco Prime
Serial, Ethernet
ASR1K
ASR1K
ISR G2 ISR G2 ISR G2 ISR G2
3G/4G Satellite
Standard Branch
Mobile Branch
BRKARC-2091
Cisco Public
13
Standard Branch Most common deployment Migration from Serial to Ethernet SP MPLS VPN with Internet VPN backup Application performance 4-9s availability Deliver SD video
Typical branch office
Ultra High-end Branch/Campus Very high Bandwidth up to 1Gb Software and hardware redundancy Same profile as High-end Branch Services scaled up by dedicated appliance engines
Remote campus
MPLS
Internet
MPLS
MPLS
MPLS
MPLS
3G/4G Satellite
ISR G2 ISR G2 ISR G2 ISR G2 ASR1K ASR1K
BRKARC-2091
Cisco Public
14
High-end Branch
Standard Branch
Mobile Branch
Standard Aggregation Scale to support 1500 sites 4-9s availability One device serves multiple roles Hardware/software redundancy
GETVPN KS
ISR G2
Two WAN Aggregation Profiles for different availability and scalability requirements
GETVPN GM/PfR MC
ASR1K
MPLS
COOP GETVPN KS
ISR G2
GETVPN GM
MPLS MPLS
Standard Aggregation
ASR1K
Internet
PfR MC
ASR1K
High-end Aggregation
ASR1K
ASR1K
Internet
DMVPN
DMVPN
15
BRKARC-2091
Cisco Public
Private Cloud
Used only by a single company or organization, the Private Cloud looks a lot like the traditional Enterprise Data Centers were familiar with although they tend to focus on virtualized services. They might be operated by a third party instead of the company using them.
Source: NIST
Security
vPath
VXLAN
Nexus 1000V
HCS Services
Public Cloud
BRKARC-2091
Cisco Public
17
Static port classification is no longer enough More and More apps are opaque Increasing use of Encryption and Obfuscation Application consists of multiple sessions (Video, Voice, Data)
BRKARC-2091
Cisco Public
Gain visibility into application running in the network, performance trend, and user experiences
BRKARC-2091
Cisco Public
20
ISR G2
ASR1K
NFv9/IPFIX
Sharepoint 10M
Reporting Tools
Application Recognition
Identify applications using L3 to L7 information
&
Management Tool
Advanced reporting tool aggregates and reports application performance
Cisco Public
Control
Control application usage to maximize application performance
BRKARC-2091
ISR G2
ASR1K
NFv9/IPFIX
Sharepoint 10M
Reporting Tools
Application Recognition
&
Exporting
Metric Mediation Agent FNF ART MMON
Management Tool
Cisco Prime Infrastructure Cisco Insight 3rd Party Tools
Cisco Public
Control
NBAR2
QOS PfR
BRKARC-2091
Application Recognition
Innovations
Native IPv6 Classification Open API 3rd Party Integration..
NBAR2
Provides Advanced Application Classification and Field Extraction capabilities In-service upgradable Protocol Definitions
No IOS upgrade or reboot for new Protocol Packs
Integrated performance monitoring and advanced metrics for different type of applications and use cases
Advanced Monitoring Voice and Video Performance (Media Monitoring) 30% of traffic is voice and video Basic Monitoring Critical Applications Performance (Application Response Time)
What applications, how much bandwidth, flow direction? (Flexible Netflow and NBAR/NBAR2)
HTTP
HTTP
BRKARC-2091
Cisco Public
Flexible NetFlow
Extensible to support new and future metrics
L3 and L4
L2
L3 and L4
L7 (NBAR)
Other Metrics
Flexible Netflow
Netflow to FNF Migration Guide: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/ps6965/white_paper_c11-545581.html
BRKARC-2091 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Application Information exported in FNF records Reporting tools display top client & server
Output -----Packet Count Byte Count 30sec Bit Rate (bps) 30sec Max Bit Rate (bps) -----------------------163458047 129842885217 5998000 7799000 156155174 103187176646 4715000 5077000
bittorrent
BRKARC-2091
Cisco Public
27
Passive Monitoring
FNF
MMON ART
Cisco Public
29
WAN
Branch
NFv9/IPFIX
Key Features
Benefits
27 Application Response Time (ART) Metrics Interact with NBAR2 for Application ID and field extraction information
Visibility into application usage and performance Quantify user experience Troubleshoot application performance
Cisco Public
Client Network
Branch ISR-G2
Server Network
Application Servers
Response
Total Delay
Control
BW Committed 50% 30% (=15% of the line) 60% (Out of Browsing) 70% (=35% of the line)
Normal
BRKARC-2091
Control
DSCP CS5
DSCP CS5 By Default ToS Values is Copied To IPSec Header
BRKARC-2091
Control
PfR MCs
WAE Cluster
Email VMs
ISR G2
ASR1K ASR1K
Internet DMVPN
Branch
PfR MC/BR
PfR BRs
Headquarter
ASR1K ASR1K
BRKARC-2091
Cisco Public
35
Control
Internet
WAN
VDI
Cloud Service
Voice&Video
Voice & Video preferred path SP-A VDI preferred path SP-B Maximize utilization by load sharing
BRKARC-2091
Cisco Public
36
Management Tool
Configuration of AVC features* Network Monitoring Service Monitoring Reporting and Trends Multi-NAM Manager Packet and Flows Analysis Application Response Time Voice and Video Metrics Distributed SNMP and Netflow Collection
BRKARC-2091
Cisco Public
37
38
Cisco WAAS
Enhancing user experience and WAN efficiency
Problem
Poor Application Reduce load
Data Redundancy Elimination, Compression, TCP optimization
Solution
Bandwidth (Mbps)
4
responsiveness
WAN Bandwidth costs
Latency (Seconds)
160
Application Optimization
Fewer protocol messages, Meta data caching,...
3 120
Bandwidth Saved
80
Reduced Latency
Application Bandwidth
Application Latency
BRKARC-2091
Cisco Public
39
Video Source
Data Center
Campus
Display Protocol
BRKARC-2091
WAAS will optimize encrypted and compressed ICA desktop session traffic (no changes required on ICA client, HVD, or DC infrastructure) for all versions of XenDesktop and XenApp Includes WAAS 4.4 Application aware DRE feature for unidirectional caching of desktop session traffic which improves the scalability and Application performance
Data Center Branch Router
Display Protocol WAAS
Display Protocol Acceleration
Aggregation Router
Citrix HVD
ICA client
WAAS
Note: Multi-Session ICA (MSI) in XenDesktop 5.5 is not supported in the current release. If MSI is used only one initial session (port 1498) will be optimized automatically. Other flows will be treated as regular TCP flows
BRKARC-2091 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Branch Office
Branch Office
WAN
Branch Office
Internet
Server VMs
VMware ESXi
vWAAS Appliances
VPN
Regional Office
BRKARC-2091
Cisco Public
44
BRKARC-2091
Cisco Public
46
UCS E
Extend Cloud Services into Branch Infrastructure
Platform for WAN Edge Applications
Microsoft Windows
App
OS App OS
App
OS
App OS
Server Virtualization
Cisco SRE Virtualization Powered by
Server-Certified
SRE-V Hypervisor SRE-V Hypervisor
SRE Blade
CIMCE
SRE Blade
Management Controller
Consistent management
Engine modules
House up to four server
blades in ISR G2
BRKARC-2091
Cisco Public
47
Medianet
Introduction
I want a network infrastructure so that I should not worry when tomorrow Ill be asked to implement video applications.
Massimo Fogaroli IT Manager, Mediolanum Bank
Media Aware
Detection and Optimization of different media and applications
Endpoint aware
Automatic detection and configuration
Network Aware
Automatically respond to changes in devices and service availability
Performance Monitoring
Visibility
BRKARC-2091
Diagnostics
Network Assessment
Cisco Public 49
What path and where is the problem? Mediatrace and Performance Monitor
Network-initiated mediatrace collecting path and performance metrics of media stream Cisco Collaboration Manager displays mediatrace results
Cisco Prime Collaboration Manager
Generate Initiate TelePresence mediatrace traffic
MPLS
ISR G2
ASR1K
IP SLA Initiator
Internet DMVPN
IP SLA Responder
BRKARC-2091
Cisco Public
50
Media Monitoring
Performance Monitor
LiveAction
MPLS
WAN Headend
Monitor video traffic traversing different network types Generate alert based on user configurable threshold Enable on voice/video VLAN
Diagnostics
Media Troubleshooting
Mediatrace
Initiate Mediatrace for traffic from Branch phone to Headend phone
Collaboration Manager
MPLS
Internet Branch
VPN Headend
Use Mediatrace to further troubleshoot media issues Initiate Mediatrace to discover path, system resource, or quality metrics on devices in the media path
Visibility
Marylou
This packet has a DSCP=EF This packet comes from Fast1/0 This packet comes from location Desk1 This packet comes from user Marylou
John
How to enforce a consistent network policy when classification is different along the path?
Eg: Rule: Prioritize Voice communication from Marylou to John?
Visibility
IP Src
IP Dst
Prot
L4 Src
L4 Dst
Application
Vendor
Dial From
Dial To
Caller ID
10.1.1.2
20.1.1.2
UDP
2000
4000
VideoConference (Audio)
Cisco
83922564
85268229
Albert Albatross
Metadata DB
10.1.1.2
2. Metadata Announcement
BRKARC-2091
3. Media Flow
Metadata DB
10.1.1.2
Cisco Public
Branch
WAN
Multiple video streams traverse the WAN to a central MCU resource non-optimal use of limited WAN BW Video is mixed by a centralized MCU controlled by CUCM
Signaling Media
MCU
HQ/Campus
Video is mixed by the ISR G2 DSPs controlled by CUCM or UCME Keeps traffic local in the branch if all participants are located in the branch Ad-hoc and MeetMe conferences
Branch
A
BRKARC-2091
Cisco Public
60
+ ECDS
WAN
Contextaware DRE CDN Infrastructure
Data Center
+ ECDS
HR VOD Channel
Branch Office
Multiple Publish and Subscribe Channels for simplified management Broad live broadcast protocol support-wmf, silverlight, flash Video Pre-positioning
BRKARC-2091 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Interoperation with QoS and PfR ensures service performance TrustSec simplified access control SGT, SXP, SGACL and SG Firewall
Data Center GETVPN COOP KS
WAE Cluster
Internet
ISR G2
ASR1K ASR1K
DMVPN
SP A MPLS B SP GETVPN MPLS
Standard Branch
ISR G2
Branch
DMVPN Hub
ASR1K
Headquarter
ASR1K ASR1K
Private Cloud
SGT
SG FW
GETVPN
GETVPN
Cisco Public 64
BRKARC-2091
VPN
Spoke 1
Spoke 2
Cisco Public
65
New
BRKARC-2091
Cisco Public
WAN
Multicast
Scalabilityan issue (N^2 problem) Overlay routing Any-to-any connectivity may require
tunnel setup Inefficient Multicast replication
Scalable architecture for any-to-any connectivity and encryption No overlaysnative routing Any-to-any instant connectivity Efficient Multicast replication
Private IP WANs
Cisco Public 68
FIPS
140-2, Level 2 Cisco ISR 890 Series Cisco ISR 1900 Series Cisco ISR 2900 Series Cisco ISR 3900 Series
N/A
** ** **
http://www.cisco.com/go/securitycert
* NSA Suite B RFC-4869 cryptographic algorithm for both unclassified and most-classified information
** 1900s and lower 2900 Series require ISMs. Only ASR 1002-X and ESP-100 based ASR 1000s
BRKARC-2091 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
AP
Finance
Catalyst Switch
ISE
SGT
Sales
Branch Network
SGT
Nexus 5000/2000
SGT
MPLS
ISR G2
GETVPN
ASR1k
Catalyst Switch
ISR G2
Catalyst 6500
Nexus 7000
Data Center
Internet
Catalyst Switch
Egress Enforcement
WAN ISR G2/ASR1k, SG Firewall Campus Aggregation: Cat6K/Sup2 SGACL Data Center Enforcement Nexus 7000 SGT/SGACL
Admin
ISR G2
DMVPN
SGT
HR
DMVPN Inline Tagging ISR G2 (IOS 15.2(2)T) SGToGETVPN support on ISR G2 (IOS PI21*) and ASR1k (XE 3.9*) SG Firewall for Egress Enforcement SGT Capability exchange during DMVPN IKEv2 negotiations and GETVPN group membership registration Learn SGT from SXP or Auth-methods Simple one command configuration DMVPN crypto ikev2 cts sgt; GETVPN tag cts sgt
* ISR G2 IOS (PI21) and ASR1k IOS (XE3.9) will be available in Spring 2013.
BRKARC-2091 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
SGT or SXP
C P I
ASR1k Enforcement
Enterprise WAN
SGFW
ISR Enforcement
IP Address 10.1.10.1 SGT 10
SGACL
Enforcement on a switch
Data Center
Consistent Classification/enforcement between ISR/ASR SGFW and switching In general SGACL and SGFW policy should be syncd via policy administration UI SGT allows more dynamic classification in the branch and WAN aggregation Rich Logging requirements will be fulfilled on SGFW URL logging, etc. Active/Active support in ZBFW allows for async routing* SGFW in ISR G2 IOS 15.2(2)T and ASR1k IOS XE 3.5
2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
IPv6
Why?
3 Feb 11 last day of
IPv4 address allocations
IPv6 Routing
ISR G2, ASR 1000 designed for IPv6
Anyone, Anything, Anywhere, Anytime
IPv6 Transitioning
All transition mechanisms supported
IPv4 address exhaustion Government mandate IPv6 device and content growth Mergers and Acquisitions Gain familiarity with IPv6
BRKARC-2091
Cisco Public
74
Dual-stack
Campus/ Datacenter
WAN Aggregation
Tunnel
Dual-stack
ISR G2
IPv4
ASR1K ASR1K
Branch office
ASR1K
IPv4 services
Internet Edge
IPv6
IPv6 devices
Translate (nat64)
BRKARC-2091 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
BRKARC-2091
Cisco Public
Private Cloud
Hybrid Clouds exist on the premisis and are maintained by a cloud provider. Resources are allocated to individual companies or organizations providing them the look and feel of a private cloud within a shared cloud environment.
Source: NIST
Security
vPath
VXLAN
Nexus 1000V
HCS Services
Public Cloud
BRKARC-2091
Cisco Public
77
Department A
VSG
Department B
AppNav vPath
vWAAS
WAN Optimization Application Traffic
ASA 1000V
Edge Firewall Protocol Inspection
VSG
Zone-based Firewall VM-level Control
Nexus 1000V
Distributed Switch NX-OS Consistency
BRKARC-2091
Cisco Public
CSR 1000V
App
App OS
VPC/vDC
Virtual Route Processor (RP) Virtual Forwarding Processor (FP) Optimized for single tenant use cases Hypervisor agnostic Virtual switch agnostic Server agnostic
OS
Hypervisor
Virtual Switch
Server
BRKARC-2091
Cisco Public
Private Cloud
Security
vPath
VXLAN
Nexus 1000V
HCS Services
Public Cloud
BRKARC-2091
Cisco Public
81
Cloud Connector
ASR1K ASR1K
Email VMs
Headquarter Campus
ASR1K ASR1K
BRKARC-2091
Cisco Public
82
ASR1K ASR1K
Internet
Headquarter Campus
ASR1K ASR1K
BRKARC-2091
Cisco Public
Internet
ASR1K ASR1K
Headquarter Campus
ASR1K ASR1K
BRKARC-2091
Cisco Public
84
MSP Network
Branch Office
BRKARC-2091 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Platform Overview
BRKARC-2091
Cisco Public
ISR G2 Portfolio
Line Rate N x FE
High-End Branch
Standard Branch
2951
Mobile Branch
EFM SubrateFE
1921 800
1941
10 Mb
BRKARC-2091
15 Mb
25 Mb
35 Mb
50 Mb
75 Mb
100 Mb
150 Mb
250 Mb 350 Mb
Business-Critical Resiliency
Fully separated control and forwarding planes Hardware and software redundancy In-service software upgrades
2.5 -5 Gbps
BRKARC-2091
2.510 Gbps
536 Gbps
10-40 Gbps
10-100+ Gbps
Cisco Public
10-360 Gbps
Wrap Up / Summary
Seamlessly
ANYONE
Private Clouds
Hybrid Clouds
ANY DEVICE
ANYWHERE
ANYTIME
MediaNet
TrustSec
Cloud Connect
IPv6 Transition
Operational Simplicity
BRKARC-2091
Cisco Public
95
ASR 1000 series high performance Secure WAN aggregation router ISR G2 series for integrated branch services security, voice, video and cloud access Virtualized Networks Services CSR 1000v, vWAAS, ASA 1000v, Nexus 1000v Cisco PrimeUnique Ability to Manage Entire Solution
BRKARC-2091
Cisco Public
BRKARC-2091
Cisco Public
98