Professional Documents
Culture Documents
Delivery
BRKAPP-2017
BRKAPP-2017
14328_04_2008_c2
Cisco Public
Application Scalability
Application Networking
Quality of service
Network-based app recognition
Queuing, policing, shaping
Visibility, monitoring, control
Server load-balancing
Site selection
SSL termination and offload
Video delivery
Message transformation
Protocol transformation
Message-based security
Application visibility
WAN
Application Acceleration
WAN Acceleration
Application Optimization
Latency mitigation
Application data cache
Meta data cache
Local services
BRKAPP-2017
14328_04_2008_c2
Delta encoding
FlashForward optimization
Application security
Server offload
3
Cisco Public
GSS
ISR
WAAS
ACNS
ACE
AXG
Applications
Cisco Public
Agenda
Why Optimize?
Enterprise Framework for WAN/Application
Optimization
Technologies That Will Be Discussed
Deployment Scenario in Depth
Caveats
BRKAPP-2017
14328_04_2008_c2
Cisco Public
Why Optimize?
BRKAPP-2017
14328_04_2008_c2
Cisco Public
WAN Characteristics
Bandwidth
Bandwidth constraints keep applications from performing well
Too much data and too small of a pipe causes congestion, packet loss,
and backpressure
Cisco Public
Enterprise
WAN/Application
Optimization
Framework
BRKAPP-2017
14328_04_2008_c2
Cisco Public
Policy Configuration
& Management
Transactional
IP Communications
Classification
Interactive Services
Layer
Applications
Enterprise WAN/Application
Optimization Framework
Monitoring
WAN/Application
Optimization Services
Optimization
Control
Networked
Infrastructure
Layer
BRKAPP-2017
14328_04_2008_c2
Branch Office
Internet
IP WAN/FR
/MPLS
Cisco Public
Data Center
9
WAN/Application
Optimization
Technologies
BRKAPP-2017
14328_04_2008_c2
Cisco Public
10
WAN/Application Optimization
TechnologiesSSLDeploy
ACE:
Offload and SLB
Deploy NetQoS
Monitoring tools
DMVPN
Deploy
WAAS
Farm
Data
Center
Deploy
WAAS
Si
Si
Campus
Internet
QoS
Branch
IP SLAs
Measurements
WAN
IP SLAs
Measurements
IOS
FW
Branch
Deploy
WAAS
PfR and
QoS
NBAR Protocol Discovery
and NetFlow Monitoring
Deploy
WAAS
Branch
BRKAPP-2017
14328_04_2008_c2
Cisco Public
11
Cisco Public
12
Deployment
BRKAPP-2017
14328_04_2008_c2
Deployment
Step 1Visibility
Obtain visibility into applications running across the network
Application discovery and reporting per location
Including encapsulated applications
13
Cisco Public
Voice
Best
Effort
25%
P2P
Supported by Partner
products (Concord|CA,
InfoVista, Micromuse|IBM)
and MRTG
BRKAPP-2017
14328_04_2008_c2
E-mail
Backup,
etc.
Bulk
RealTime
33%
InteractiveVideo
Critical
Data
StreamingVideo
Routing
Call-Signaling
Net Mgmt
Transactional
Mission-Critical
Link Utilization
2008 Cisco Systems, Inc. All rights reserved.
Cisco Public
14
Application DiscoveryNBAR
Real-Time Application Visibility
Configure NBAR on the
LAN interface on the
branch router
ip nbar protocol-discovery
BRKAPP-2017
14328_04_2008_c2
Cisco Public
15
Application Discovery
NBAR and NetQOS
NetQOS supports SNMP
Configure NetQOS to
take
in NBAR info
Map NetQOS to
recognize applications
BRKAPP-2017
14328_04_2008_c2
Cisco Public
16
NetFlow
Characterize and analyze application traffic flow
Understand who is utilizing the network and top talkers
Diagnose slow network performance, bandwidth hogs
and bandwidth utilization in real-time
Information for network capacity and traffic engineering
Used for anomaly detection, worm diagnosis, and
DOS attacks
BRKAPP-2017
14328_04_2008_c2
Cisco Public
17
BRKAPP-2017
14328_04_2008_c2
Cisco Public
18
Cisco Public
19
BRKAPP-2017
14328_04_2008_c2
Cisco Public
20
10
Responder
Network
Network Perspective
User Perspective
Active Agent
Sampling method
Synthetic/active
Collection method
Embedded agents as supposed
to external probes
Perspective of measurement
Network perspective
Scope of measurement
End-to-end/path
BRKAPP-2017
14328_04_2008_c2
Cisco Public
21
Cisco Public
22
11
Remote
Office
MC/BR
BR
MC
SP B
SP A
Headquarters
SP C
BR
Bottlenecks!
BR
SP D
SP E
MC/BR
PFR Components
Optimize by:
Reachability, Delay, Loss, Jitter*,
MOS*, Throughput, Load and/or $Cost
Telecommuter
BRBorder Router
MCMaster Controller (decision maker)
BRKAPP-2017
14328_04_2008_c2
Cisco Public
23
Multi-Path BaseliningPfR
Cisco Public
24
12
Multi-Path BaseliningPfR
BRKAPP-2017
14328_04_2008_c2
Cisco Public
25
Cisco Public
26
13
Cisco Public
27
Deployment
Step 2Visibility and Control
Assumes visibility tools are already deployed and all applications
have been recognized and appropriate priorities mapped
Provide application-level SLAs for prioritized traffic flows
Apply application based QoS within the networkshaping, queuing, marking
Ability to apply per branch and per application QoS policies
Cisco Public
28
14
WAN
WAN
Access Layer
Classification and Trust
Boundary
Marking / Remarking
Egress Queue Scheduling
Buffer Management
BRKAPP-2017
14328_04_2008_c2
Intelligent Classification
Bandwidth Provisioning
Admission Control
Shaping
Link Fragmentation and
Interleaving
Header Compression
Distribution Layer
Layer 3 Policing
Egress Scheduling
(multiple queues with
WRR)
Priority Queuing for Voice
over IP (VoIP)
Buffer Management
Cisco Public
29
Cisco Public
30
15
Cisco Public
31
Cisco Public
32
16
BRKAPP-2017
14328_04_2008_c2
Cisco Public
33
Path OptimizationPfR
Configure PfR to monitor
and route traffic based on
appropriate application
specific policies
Configure the branch
router to be both PfR
master and border router
Tag the appropriate
internal(ingress) and
external(exit) interfaces
Define appropriate policy to
enable PfR load balance
traffic across both the
WAN exits
BRKAPP-2017
14328_04_2008_c2
Cisco Public
34
17
BRKAPP-2017
14328_04_2008_c2
Cisco Public
35
Cisco Public
36
18
Cisco Public
37
BRKAPP-2017
14328_04_2008_c2
Cisco Public
38
19
Cisco Public
39
Cisco Public
40
20
Window Scaling
Large Initial Windows
Congestion Mgmt
Improved Retransmit
LAN TCP
Behavior
BRKAPP-2017
14328_04_2008_c2
LAN TCP
Behavior
41
Cisco Public
Data Compression
Reduce overall WAN consumption based on redundancy
Maintain active database of previously sent and received traffic
Send database index on behalf of traffic that has been seen before
Realize 5x50x compression, minimize WAN bandwidth consumption
ABCDEFGHIJKLMN
OPQRSTUVWXYZ
ABCDEFGHIJKLMN
OPQRSTUVWXYZ
L1+MNOP+L2
IP
Network
DRE CACHE
BRKAPP-2017
14328_04_2008_c2
Label
Data
L1
ABCDEFGHIJKL
L2
QRSTUVWXYZ
Cisco Public
DRE CACHE
42
21
Configure appropriate
optimization policies
on the WideArea Application
Engine (WAE) for different
kinds of traffic
TCP flow
Data Redundancy Elimination
(DRE)
LZ
Full
BRKAPP-2017
14328_04_2008_c2
Cisco Public
43
No of packets
redirected by WCCP
Cisco Public
No of bypassed
packets returned by
WAE
44
22
TCP Optimization
Show Commands
Full
optimization
Cisco Public
45
TCP Optimization
NetQOS
Cisco Public
46
23
ACE Optimization at
Data Center
BRKAPP-2017
14328_04_2008_c2
47
Cisco Public
Clients send
Clients send
traffictraffic
to a to
SSL
aVirtual
VirtualIPIP
SLB makes a L7
decision on the traffic
and sends the
connection to the best
serverfarm
Cisco Public
48
24
Application
Control Engine
BRKAPP-2017
14328_04_2008_c2
Cisco Public
49
WAN Optimization
and Security
BRKAPP-2017
14328_04_2008_c2
Cisco Public
50
25
Support Center
India
MPLS
WAN
US
Assembly
US
Customer
.
.
.
Manufacturing
Europe
WAN
Manufacturing
China
US
CallCenter
BRKAPP-2017
14328_04_2008_c2
51
Cisco Public
Support Center
India
MPLS
WAN
US
Assembly
US
Customer
.
.
.
WAN
US
CallCenter
Manufacturing
Europe
Manufacturing
China
IPSec tunnel mode security is a typical hub and spoke overlay network
Get VPN - Scalable architecture for any-to-any connectivity and encryption
No overlays native routing. Any-to-any instant connectivity.
BRKAPP-2017
14328_04_2008_c2
Cisco Public
52
26
Branch Offices
Broadband,
Frac-T1, T1 Branch Router
VPN
Head-end
DMVPN
DS3, OC3,
OC12
IP WAN
NHRP
Home Offices
DMVPN
Hub Site 2
Routing
Control Plane
Dynamic NHRP
Routing
Dynamic NHRP
Routing
GRE
Control Plane
Multipoint
GRE
Multipoint
GRE
IPSec
Control Plane
Tunnel
DPD
Protection
Tunnel DPD
Protection
Good For:
Customers already
using routing
Broadband
Head-End
BRKAPP-2017
14328_04_2008_c2
Key Features:
Multipoint GRE (mGRE)
WAN Router
IP multicast
requirementshub and
spoke only
Customers with dynamic
partial or full mesh
requirements
Cisco Public
53
Cisco Public
54
Deployment
Summary
BRKAPP-2017
14328_04_2008_c2
27
DMVPN
Internet
Deploy
WAAS
Farm
Deploy ACE:
SSL Offload and SLB
Data
Center
Deploy
WAAS
Si
NAM
Troubleshooting
Si
Campus
QoS
Branch
IP SLAs
Measurements
WAN
IP SLAs
Measurements
IOS
FW
Branch
Deploy
WAAS
PfR and
QoS
NBAR Protocol Discovery
And NetFlow Monitoring
Deploy
WAAS
Branch
BRKAPP-2017
14328_04_2008_c2
Cisco Public
55
BRKAPP-2017
14328_04_2008_c2
Cisco Public
56
28
BRKAPP-2017
14328_04_2008_c2
Cisco Public
57
Suggested Branch
Deployment Designs
BRKAPP-2017
14328_04_2008_c2
Cisco Public
58
29
BRKAPP-2017
14328_04_2008_c2
Cisco Public
59
Cisco Public
60
30
Deployment Caveat
PfR: Lacks Support for Multipoint Interfaces
PfR supports only single next hop per interface
Will work with:
PPP/HDLC/Frame Relay
GRE
DMVPN (point to point GRE)
Cisco Public
61
Deployment Caveat
PfR Only Supports Static or BGP Routes
PfR currently supports route learning with only static or
BGP routes for path control
Support for other routing protocols like EIGRP or OSPF
does not exist
Workaround is to add summary static routes and use
PfR for only route unreachability mitigation
Support for EIGRP will be available from IOS version
12.5(pi4)T in late 2008 or early 2009
Plans are there to add support for OSPF
BRKAPP-2017
14328_04_2008_c2
Cisco Public
62
31
Deployment Caveat
WAE TCP Options and Firewalls
WAEs add TCP options (0x21) to the TCP header that help in
WAE peer discovery and negotiations
Many firewalls do not understand these options and clear them
WAEs peer discovery and negotiation fails and hence no
optimization can take place
Wokaround: configure firewalls to allow TCP options
Many Cisco firewalls like IOS Firewall, PIX and the Firewall
Service Module (FWSM) can be configured to allow TCP options
BRKAPP-2017
14328_04_2008_c2
Cisco Public
63
Deployment Caveat
WAE Sequence Numbers and Firewalls
Introduction of WAEs causes
three different TCP sessions
to be established
WAEs jump sequence numbers
on the optimized TCP session
once TCP handshake is done
Many firewalls do not like this and
will drop subsequent traffic
Workaround: sequence check can
be disabled on the firewalls or
traffic from WAEs can be
tunneled, say, with GRE
Cisco software and firewall
modules can be configured to
support this behavior.
PIX 7.2(3)/FWSM v3.2.1
BRKAPP-2017
14328_04_2008_c2
Cisco Public
64
32
Cisco Public
65
Suggested Data
Center Deployment
Designs
BRKAPP-2017
14328_04_2008_c2
Cisco Public
66
33
WAAS
WCCP redirects
packet to WAAS
WAE device
Core
MAN
DATA CENTER 2
Distribution
Uncompressed /
unoptimized Packets
pass thru Firewall to the
Server Farm Load
Balanced By ACE
BRKAPP-2017
14328_04_2008_c2
67
Cisco Public
d
re
cu N
Se WA
d
re
cu
Se
AN
Packets need to
traverse Firewalls
so open
appropriate ports
Core
MAN
DATA CENTER 2
Distribution
Uncompressed
/ unoptimized
packets are
spanned to the
NAM for
Monitoring
BRKAPP-2017
14328_04_2008_c2
WAAS
Cisco Public
ACE redirects
and Load
Balances
across the
WAAS Farm
68
34
Deployment Caveat
WCCP and DMVPN
DMVPN uses NHRP to create
spoke-to-spoke shortcuts
When spoke to spoke traffic
hits the DMVPN hub, a NHRP
redirect gets generated
In a DMVPN environment,
WCCP is redirected on the
tunnel interfaces
WCCP breaks this NHRP
redirect in both IP return and
GRE return
Workaround: use WCCP
redirect out on client facing
interface on HUB; will affect
performance
BRKAPP-2017
14328_04_2008_c2
Cisco Public
69
Deployment Caveat
WCCP/WAEs Do Not Support VRFs
Current WCCP versions do not support VRF
Also WAEs do not support multi-tenant, or overlapping
address ranges
VRF support is being planned
BRKAPP-2017
14328_04_2008_c2
Cisco Public
70
35
Q and A
BRKAPP-2017
14328_04_2008_c2
Cisco Public
71
Recommended Reading
Continue your Cisco Live
learning experience with further
reading from Cisco Press
Check the Recommended
Reading flyer for suggested
books
Cisco Public
72
36
BRKAPP-2017
14328_04_2008_c2
Cisco Public
73
BRKAPP-2017
14328_04_2008_c2
Cisco Public
74
37
Backup Slides
BRKAPP-2017
14328_04_2008_c2
75
Cisco Public
US
Customer
Support Center
India
US
Assembly
WAN
Manufacturing
Europe
Manufacturing
China
US
CallCenter
.
.
BRKAPP-2017
14328_04_2008_c2
Cisco Public
76
38
US
Customer
Support Center
India
US
Assembly
WAN
Manufacturing
Europe
Manufacturing
China
US
CallCenter
.
.
BRKAPP-2017
14328_04_2008_c2
Cisco Public
77
39