BRKAPP-1004_Introduction to Cisco Wide Area Application Services (WAAS)

7/25/2019 BRKAPP-1004_Introduction to Cisco Wide Area Application Services (WAAS)

1/78

Cisco Public 1 2008 Cisco Systems, Inc. All rights reserved.

Introduction toCisco Wide Area

Application Services

(WAAS)

BRKAPP-1004

Richard Schulting


2/78

2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2

BRKAPP-1004

This session introduces Cisco Wide Area Application Services (WAAS) as

a key technology for application acceleration and WAN optimization. We

will begin with an overview of the challenges Enterprise IT organizations

face supporting a distributed workforce, followed by how a Cisco WAAS

solution can help address the impact the WAN has on application

performance.

The session will then dive into the details of various WAAS components,

including Transport Flow Optimization (TFO), Data RedundancyElimination (DRE), Advanced Compression, and Wide Area File Services.

An overview of network integration and deployment techniques will also

be covered including in-path and off-path deployments.

This session is designed for network managers and engineers responsiblefor application acceleration and WAN optimization technologies.

Attendees should have a basic understanding of TCP/IP and IP routing.


3/78


Application NetworkingBusiness Ready Enterprise

Application Networking ServicesApplication Delivery and Application-Oriented Networking

Transport InfrastructureEth, FC, IB, WAN, MAN

CRMCustomer

RelationshipManagement

SCMSupplyChain

Management

ERMEnterpriseResource

Management

ERPEnterprise

RequirementsPlanning

Business-Ready Enterprise

Server Com-munications

Productivity

OfficeApplications

Productivity

SFASalesForce

Automation

ServerOS, Hardware

Storage InfrastructureSAN, NAS, DAS

Optimizing Application Performance with Existing

Server, Storage, and Network Infrastructure


4/78 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4

WAN Acceleration Data redundancy elimination

Window scaling

LZ compression

Adapt ive congestion avoidance

Application Acceleration Latency mitigation

Applicat ion data cache

Meta data cache

Local services

Application Optimization Delta encoding

FlashForward opt imization

Appl icat ion securi ty

Server offload

Application Networking Message transformation

Protocol transformation

Message-based security

Applicat ion visibili ty

Application Scalability Server load-balancing

Site selection

SSL termination and offload

Video delivery

Network Classification Quality of service

Network-based app recognit ion

Queuing, policing, shaping

Visibility, monitoring, control

Application Optimization Infrastructure

WAN



Associated Sessions

BRKAPP-2005: Deploying Cisco Wide Area ApplicationServices (WAAS)

BRKAPP-3006: Troubleshooting Cisco Wide AreaApplication Services (WAAS)



Agenda

Distributed Workforce Challenges

Addressing WAN Application Performance Transport Flow Optimizations

Advanced Compression

Application Acceleration

Transparent Network Integration

Hardware Options



DistributedWorkforce

Challenges



The Application Delivery Problem

Increasingly distributedworkforce drives the need for

distribution of IT resources toremote locations

Enable productivity

Drive revenue and profits

Data protection, availability,compliance, and management

drives need for consolidationFewer devices to manage

Fewer points to protect

Distribution of

Resources

Data Center

Consolidation

Remote Offices

Regional Offices

Home Offices

Data Center



Typical Distributed Enterprise

Expensive distributed ITinfrastructure:

File and print servers

Email servers

Tape backup

Application delivery woes:

Congested WAN

Bandwidth and latency

Poor productivity

Data protection risks:

Failing backups

Costly off-site vaulting

Compliance

WAN



The WAN Is the Barrier toApplication Performance

Applications aredesigned for LANenvironments:

High bandwidth

Low latency

Reliability

WAN characteristicshinder consolidation:

Already congested

Low bandwidth

Latency

Packet Loss

Round Trip Time (RTT) ~ 0mS

Client Switch Server

Round Trip Time (RTT) ~ Many Mill iseconds

ServerClient Switch SwitchRouted Network



The Impact of Latency

2Mbps

500Kbps

Round Trip Time (RTT)

Throughput

Actual

Expected

80 Ms

R =MSSRTT

1.2p0.5

R: Average Throughput

MSS: Max Segment SizeRTT: Round Trip Time

P: Packet Loss



The Impact of Packet Loss

10

510

1,010

1,510

2,010

2,510

3,010

3,510

4,010

4,510

0.00001% 0.0001% 0.001% 0.01% 0.1% 1.0%

Packet Loss Probability

Throughput(Mbps)

Assuming 1250-Byte Packet Size and 100ms RTT

R =MSSRTT

1.2p0.5

R: Average Throughput

MSS: Max Segment SizeRTT: Round Trip Time

P: Packet Loss


13/78


Addressing WANApplication

Performance


14/78


Cisco Provides a ComprehensiveSolution

Session-basedCompression

ProtocolOptimization

Data RedundancyElimination

TCP FlowOptimization

Object Caching

Local Services

Queuing

Shaping

Policing

PfR

NetFlow

Performance

Visibility

Monitoring

IP SLAs DynamicAuto-Discovery

Network TransparencyCompliance

Cisco WAASIntegrated with

Cisco IOS

Appl ication Accelerat ion

Wide-AreaFile Services

QoS andControl

Preserve Network Services

Monitor andProvision

WANOptimization

ConsolidatedBranch

Applicat ionsMeet Goals

EasilyManage WAN

Reduced WANExpenses


15/78


Cisco WAAS Overcomes the WAN

Cisco WAAS is a solution that leverages a hardwarefootprint in the Remote Offices and Data Center(s) to

improve the application performance across the WAN

Data CenterRemote Office

Remote Office

OptimizedCo

nnections

WAN

OptimizedConnections

NME-WAE

WAE

WAEs


16/78


Cisco WAAS Enables Consolidation

Cisco WAAS featuresinclude:

Transparent integration

Robust optimizations

Auto discovery

Policy-based configuration

Consolidation benefits

include:Remove costly branchservers

Centralize data protection

Save WAN resources

Improvements include:

Application acceleration

WAN optimization

Local infrastructure services

WAN


17/78


WAAS Accelerates Broad Rangeof Applications

Applicat ion Protocol Typical Improvement

File Sharing Windows (CIFS)

UNIX (NFS)

2X-400X

2X-10X

Email Exchange (MAPI) Notes

SMTP/POP3, IMAP

2X-10X 2X-10X

2X-50X

Internet and Intranet HTTP, HTTPS, WebDAV 2X-50X

Data Transfer FTP 2X-50X

Software Distribution SMS

Altiris 2X-400X

Database Applications SQL

Oracle 2X-10X

Data Protection Backup Applications

Replication Applications

2X-10X

Terminal Citrix ICA

Microsoft Terminal Services, RDP 2X-5X

Other Any TCP-based Application 2X-10X

* Performance improvement varies based on user workload, compressibility of data, and WANcharacteristics and utilization. Actual numbers are case-specific and results might vary.


18/78


Transport FlowOptimizations


19/78


TCP Overview

TCP acts as an intermediarybetween application databuffers awaiting transmissionand the unreliable networkinfrastructure

As the network is able

to handle transmission,TCP drains data from theapplication buffer and sendsit through the network layer

TCP

Operating System

IP

Tx

Bu

ffers

Rx

Bu

ffers

TxData

RxData


20/78


TCP Connection Establishment

At tempt Connect ionSrc Port, Dst PortSequence Number

Window Size, ChecksumOptions (MSS, SACK, etc.) Acknowledge ConnectionAt tempt Connection

Src Port, Dst portSequence Number

Acknowledgement NumberWindow Size, Checksum

Options (MSS, SACK, etc.)

Acknowledge ConnectionSequence Number

Acknowledgement NumberWindow Size, Checksum

Options (MSS, SACK, etc.)

GET HTTP/1.1

TCP SYN

TCP ACK

TCP SYN, ACK

Application Data


21/78


RTT 10 ms

Bandwidth

155 Mbps

(OC-3)

Amount of Data that CanBe In-Transit at Any Time:

155Mbps = 19.375MBps

19.375MBps * 10mS

BDP = 193KB

RTT 200 ms

Bandwidth

155 Mbps

(OC-3)

Amount of Data that Can

Be In-Transit at Any Time:

155Mbps = 19.375MBps

19.375MBps * 200mS

BDP = 3860KB

TCP Performance ChallengesBandwidth Delay Product (BDP)


22/78


1234

Maximum Window Size (MWS)

TCP Performance Challenges

The MWS is the maximum amount of a data a node canhave unacknowledged and outstanding in the network

The node cannot continue transmission until previoustransmissions have been acknowledged

If MWS < BDP, a host will be unable to fully utilize theavailable WAN bandwidth


23/78


X?Timeout! Resend

Host Systems Feel the Effect


WAN


24/78


X

No RetransmissionNecessary: Packet

Loss Is Handledby the WAE

Client Receives LANTCP Behavior

Server Receives LANTCP Behavior

Window ScalingLarge Initial Windows

Congestion MgmtImproved Retransmit

LAN-Like Performance over the WAN

WAAS TFO: Improving TCP Performance

WAN


25/78



Time (RTT)Slow Start Congestion Avoidance

cwnd

TCP

Inabili ty to Use Available Bandwidth

Inefficient Response to Packet Loss/Congestion

Bandwidth Starvation for Short-Lived Connections


26/78


Segments

perRoundT

rip(cwnd)

Round Trips

TCP

TFO

Packet Loss

Slow-Start(Discovery)

CongestionAvoidance

(High-Throughput)

WAAS TFO: Improving TCP PerformanceRFC3390Large Initial Windows


27/78


Latency

Bandwidth

BDP

MWS

Impact of BDP and MWS on Performance


Unusable Network Capacity

Link Utilization


28/78


Latency

Bandwidth

BDP

Original MWS

Cisco WAAS TFO

Able to Fill the Pipe

RFC1323Window Scaling



29/78


3 2 1

3 2 1

Transmit

Retransmit

ACK

2 1

3 2 1

Receive

3 2 1ACK

Cumulative TCP Acknowledgements


Standard TCP implementations acknowledge receipt ofdata by acknowledging that the entire window has been

received

Loss of a packet causes retransmission of the entireTCP window, causing performance degradation as the

window becomes larger


30/78



Cisco WAAS Uses Selective Acknowledgement andExtensions to Improve Acknowledgement of Transmitted

Data, Improve Delivery of Missing Segments, andMinimize Unnecessary Retransmission

3

3 2 1

Retransmit

2

3 2 1

2ACK

3 2 1ACK

1

1

3 2 1

Transmit Receive

ACK

3 2 1

3 2 1

Transmit Receive

3 2 1

Transmit Receive

ACK

RFC2018: Selective Acknowledgement (SACK)

WAN


31/78


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

Loss

Loss

Segmentspe

rRoundTrip(Co

ngestionWindow)

Round Trips

Exponential

Slow Start(2x Pkts per RTT)

Low ThroughputDuring This Period

Packet Loss Causes Connection to Enter intoLinear Congestion Avoidance (+1 cwnd Per ACK)

cwnd Dropped by 50% on Packet Loss

Linear CongestionAvoidance

(+1 cwnd per ACK)

Return to MaximumThroughput Could Take

a Very Long Time!

Poor Response to Congestion



32/78



Packet Loss Packet Loss Packet Loss

cwnd

Packet Loss

Adaptive Increase to cwndcwnd = cwnd + f(cwnd, History)

Cwnd Decreased by 1/8 onPacket Loss vs. 1/2 with TCP

BIC-TCPAdvanced Congestion Control


Standard

TCP

CiscoWAAS TFO


33/78


Comparing TCP and WAAS TFO


cwnd

TCP

TFO

Cisco TFO Provides Signi ficant ThroughputImprovements over Standard TCP Implementations


34/78


Application Acceleration Transparency

Packet network transparency(L3/L4 headers) allows applicationacceleration components to

maintain compliance with existingnetwork features

Quality of Service (QoS), NBAR

NetFlow, monitoring, reporting

Security functions (ACLs, firewall

policies)

If source/destination L3/L4information is not preserved (notwith Cisco WAAS), these featuresmay need to be reconfigured to

support application acceleration

Src Mac AAA

Dst Mac BBB

Src IP 1.1.1.10

Dst IP 2.2.2.10

Src TCP 15131

Dst TCP 80

Src Mac BBBDst Mac AAA

Src IP 1.1.1.10Dst IP 2.2.2.10

Src TCP 15131Dst TCP 80

App Data

Optimized


35/78


Auto-Discovery TCP SYN

WAN

When the client sends a TCP-SYN packet, WAE1 will apply TCPoptions to identify itself and specify the optimizations that it wouldlike to apply

The modified TCP-SYN packet is then forwarded to the server,and intercepted on the other side

WAE1 WAE2

WCCPv2or PBR

WCCPv2or PBR

A:B TCP SYNA:B TCP SYN A:B TCP SYN(marked)

A:B TCP SYN(marked)

AB

I would like

to acceleratethis connection!Here are my details

I would liketo accelerate

this connection!Here are my details


36/78


Auto-Discovery TCP SYN (Cont.)

WAN

Once WAE2 receives the TCP-SYN packet with theoptions marked, it then knows WAE1s details and

desire to optimize this connection The TCP-SYN packet is then forwarded to the server

WAE1 WAE2

A:B TCP SYN(marked)

A:B TCP SYN(marked)

Now I know aboutWAE1 and which

optimizations aredesired.

Now I know aboutWAE1 and which

optimizations aredesired.

WCCPv2or PBR

WCCPv2or PBR

AB


37/78


Auto-Discovery TCP SYN-ACK

WAN

When the server responds with the TCP SYN-ACK,WAE2 then marks TCP options to acknowledge

optimization and to identify itself to WAE1 The marked TCP SYN-ACK packet is then forwarded

towards the client and intercepted on the other side

WAE1 WAE2

B:A TCP SYN/ACKB:A TCP SYN/ACKB:A TCP SYN/ACK(marked)

B:A TCP SYN/ACK(marked)

Acknowledgeacceleration!

Here are my details.

Acknowledgeacceleration!

Here are my details .

WCCPv2or PBR

WCCPv2or PBR

AB


38/78


Auto-Discovery TCP SYN-ACK (Cont.)

WAN

When WAE1 receives the TCP SYN-ACK with the optimizationconfirmation and details about WAE2, the defined policy (or negotiatedoptimizations) can then be acknowledged

The TCP SYN-ACK packet is then forwarded to the client

WAE1 WAE2

B:A TCP SYN/ACKB:A TCP SYN/ACK

ACCELERATION

CONFIRMED!

ACCELERATIONCONFIRMED!

WCCPv2or PBR

WCCPv2or PBR

AB


39/78


Auto-Discovery TCP ACK

WAN

After the SYN-ACK is received, the TCP proxy isinitiated for the connection, and WAE1 sends a TCP

ACK to WAE2 to acknowledge optimizations WAE2 can then send a TCP ACK to Server B

Client A sends a TCP ACK to WAE1

WAE1 WAE2

A:B TCP ACKA:B TCP ACK A:B TCP ACKA:B TCP ACKA:B TCP ACKA:B TCP ACK

ACCELERATION

CONFIRMED!

ACCELERATIONCONFIRMED!

WCCPv2or PBR

WCCPv2or PBR

AB


40/78


WAAS TFO Summary

WAAS TFO enables applications that are TCPthroughput bound to achieve higher levels of

throughput and overall performance WAAS TFO uses a TCP proxy architecture and Layer 4

TCP options markings on connection establishment

packetsOptimizations are performed for each TCP connection

Used to auto-discover peer WAAS devices

After WAAS devices have been discovered,optimizations can be applied to the TCP connection


41/78


AdvancedCompression


42/78


The Need for WAN Compression

Advanced compression technologies allow customersto virtually increase WAN bandwidth capacity

Advanced compression technologies allow customersto leverage existing WAN capacity, and mitigate theneed for costly WAN bandwidth upgrades

WAN WithoutCompression

WAN with Compression


43/78


Data Transfer Without Compression

Congestion!

WAN

WAN


44/78


Cisco WAAS Advanced Compression

Cisco WAAS Employs Two (2) Forms of AdvancedCompression:

Data Redundancy Elimination (DRE)

Persistent LZ Compression (PLZ)

DRE DRE

LZ

SynchronizedContext

OriginalMessage

LZ

CompressedMessage

OriginalMessage

Fi i ti d Ch k Id tifi ti


45/78


Fingerprinting and Chunk Identification

DRE analyzes incomingdata streams using a slidingwindow to identify chunks

Each chunk is assigneda 5-byte signature

A single-pass is used to

identify chunks at multiplelevels:

Basic chunks

Chunk aggregation (nesting)

After chunks are identified,DRE begins pattern matching:

Looks for largest chunks first

Looks for smaller chunks ifnecessary

Window

Window

Window

Window

Window

Window

No Boundary Found

No Boundary Found

No Boundary Found

No Boundary Found

Boundary Identified!

Chunk1

5-Byte Signature

DRE Ch k Id tifi ti


46/78


DRE Chunk Identification

Level-0 Chunk

Basic Chunk~256 bytes

Level-0 Chunk

Basic Chunk~256 bytes

Level-1 Chunk

~1024 bytes

Level-1 Chunk

~1024 bytes

Level-2 Chunk

~4096 bytes

Level-2 Chunk

~4096 bytes

Level-3 Chunk

~16384 bytes

Level-3 Chunk

~16384 bytes

Original Data

Each chunk is assigned a 5-byte signature

DRE P tt M t hi


47/78


DRE Pattern Matching

DRE Database

NO MATCH

NO MATCH

NO MATCH

NO MATCHOriginalMessage

OriginalMessage

EncodedMessage

EncodedMessage

L l Zi (LZ) C i


48/78


Lempel-Ziv (LZ) Compression

Searches redundancy within a message

Uses a small compression context

Compression rate is low (compared to DRE)

Can work well on encrypted data

Provides compression for 1st time transfers Cisco WAAS uses a modified version of LZ, referred

to as Persistent LZ (PLZ)

Compression context is shared across all messages for aTCP connection

Provides improved compression rates, especially for applicationprotocols that utilize small messages

Adapti e LZ Compression


49/78


Adaptive LZ Compression

LZ computation is CPU intensive

Cisco WAAS will adaptively bypass LZ compression if the

gain is smallBased on the DRE compression results

Uses an entropy calculation to detect messages that will not compresswell with LZ

DRE LZ

DRE Compression> 90%

LZ Bypass

Combined Power of TFO and DRE/LZ


50/78


Combined Power of TFO and DRE/LZ

WAN

LAN-LikeThroughput

Bandwidth SavingsFewer Roundtrips

Throughput

Throughput

60Mbps

10 Mbps

20 Mbps

30 Mbps

40 Mbps

50 Mbps

01:20 01:21 01:22 01:23 01:24 01:25 01:26

Throughput

Throughput

3 Mbps

.5 Mbps

1 Mbps

1.5 Mbps

2 Mbps

2.5 Mbps

01:20 01:21 01:22 01:23 01:24 01:25 01:26

LAN Throughput WAN Throughput

Optimization Enabled


51/78


ApplicationAcceleration

Application Latency


52/78


Application Latency

Application latency is defined as the amount ofresponse time increase caused by the exchange of

application-layer messageApplications can be considered chatty when their

protocols require the exchange of many messages

Common examples of chatty applications include

Common Internet File System (CIFS) file sharing

Transactional applications using Hypertext Transport

Protocol (HTTP)

Application Latency Example CIFS


53/78


Application Latency ExampleCIFS

In this simple exampleof a 1MB Worddocument open, over

1,000 messages areexchanges

With a 40mS RTTWAN, this equatesto over 52 secondsof wait time beforethe document isusable

WAFS Application Optimizer Overview


54/78


Intelligent local handling and optimizationof protocol mitigates latency

File caching removes the need forunnecessary file transfer; validation

ensures stale data is never served Transparent integration ensures no client

or server changes to apply optimization

Disconnected mode of operationallows R/O access to fully-cachedcontent when the server is unreachable

Sessions are maintained end-to-endto ensure no security reconfiguration

Auditing, access-control, and quotas arefully preserved

Scheduled preposition to prepopulate DataRedundancy Elimination (DRE) and edgedata cache

Advanced WAN optimization layer improvesthroughput and efficiency

DRE eliminates redundant network data

TCP optimizations to improve protocolability to fully use the network

Files

FILE.DOC

Cache

WAFS Application Optimizer Overview

IPNetwork

Data Caching and Integrity


55/78


Data Caching and Integrity

WAFS Edge caching and metadata caching

Data is cached on-demand as files or directories are opened

Can also be pre-populated using CDN-like prepositioning

Coherency, Concurrency, and Access Control

Cache validation guarantees stale content is not served

File locking and AAA are all handled synchronously with the origin file server

Files

FILE.DOC

OpenFile.Doc

AAA, Open, Lock

Approved, Locked, Validated

CoreEdge

NASIP

Network

Integration with WAN Optimization


56/78


WAFS leverages WAN optimization capabilities providedby TFO+DRE+PLZ

TFO enables the protocol to more effectively and efficiently useavailable WAN resources

DRE+PLZ improves the performance or Open and Save operationsthrough compression and data suppression

DRE Cache

Transport Flow Optimization

FILE.DOC

Edge

FilesDRE Cache

CoreLZ LZ

Integration with WAN Optimization

WAN

Intelligent File Prepositioning


57/78


Intelligent File Prepositioning

WAFS provides intelligent prepositioning capabilitiesto prepopulate the cache with content prior to the first

user request Improves overall cache hit rate

Allows for large amounts of content to be transferred

during off-peak hours

Files

FILE.DOC CoreEdge

NAS

DistributeFILE.DOC

at 3am

FetchFILE.DOC

IPNetwork

Impact of Application Proxy-Caching


58/78


Impact of Application Proxy Caching

Application proxy-caching eliminates themajority of messaging

from the WAN

Safely responds to orotherwise handlesapplication messageexchanges

The same 1MBdocument that took 52

seconds without WAAS,takes only 2 secondsto open with WAAS!


59/78


TransparentNetwork

Integration

Network Integration Overview: In-Path


60/78


IPNetwork

Network Integration Overview: In Path

Cisco WAEs can be deployed physically in-path

WAE sits physically in-path between two (2) network elements

(such as a branch router and switch) Inspects all traffic passing through the device and determines

which traffic to intercept

Intercepts packets in both direction of flow

Passes through non-TCP traffic at a low layer

Fully transparent solutionmaintains compatibility with mostexisting IOS features

Cisco WAE Physical Inline Deployment


61/78


Cisco WAE Physical Inline Deployment

Physical inline interception:

Physical in-path deployment between switch, androuter or firewall

Mechanical fail-to-wire upon hardware, software,or power failure

Requires no router configuration

Scalability and high availability:Two two-port groups

Serial clustering with load-sharing and fail-over

Redundant network paths and asymmetric routing

Seamless integration:

Transparency and automatic discovery

802.1q support, configurable VLANs

Supported on all WAE appliances

Cisco WAE4-Port Inl ine Card

Network Integration Overview: Off-Path


62/78


g

Cisco WAE Devices Attach to the LAN as an Appliance

WAE devices rely on packet interception and redirection to enable

application acceleration and WAN optimization:Interception in each site where deployed

Interception in both directions of packet flow

Transparent optimizations maintain compatibility with most IOSfeatures and other platforms.

Cisco WAE

IP

Network

Network Interception


63/78


IPNetwork

p

Network Attached Optimizations Rely on DevicesPhysically Attached to the Network at Strategic Locations

Generally deployed at network entry/exit points

Rely on network interception to supply flows tooptimize

Cisco Wide AreaApplication Engine

Intercepted Flow

Non-Optimized Flow

Optimized Flow

Cisco WAE WCCPv2 Deployment


64/78


WAN

p y

WCCPv2 interception

Out-of-path with redirection of flows tobe optimized (all flows or selective via

redirect-list)Automatic load-balancing, loadredistribution, fail-over, and fail-throughoperation

Scalability and high availabilityUp to 32 WAEs within a service groupand up to 32 routers

Linear performance and scalability

increase as devices are added Seamless integration


Supported on all WAE platforms

OptimizedFlow

OptimizedFlow

OriginalFlow

OriginalFlow

InterceptionRedirection

InterceptionRedirection

ServiceGroup

ServiceGroup

Cisco WAE PBR Deployment


65/78


WAN

p y

Policy-Based Routing (PBR)

Out-of-path with redirection of flowsto be optimized (all flows or selective

via access-list)WAE treated as a next-hop router

High availability

Failover capability allows asecondary WAE to be used shouldthe primary WAE fail

IP SLAs ensure availability bytracking WAE liveliness

Seamless integration

Transparency and automaticdiscovery

Supported on all WAE platforms

Policy RouteWAE = Next Hop

Policy RouteWAE = Next Hop

OptimizedFlow

OptimizedFlow

OriginalFlow

OriginalFlow

Cisco WAE ACE Deployment


66/78


WAN

y

Application Control Engine (ACE)

Industry-leading scalability and performancefor the most demanding data centernetworks

Supports up to 16Gbps throughput, 4Mconcurrent TCP connections, and 350Kconnections/sec setup

Seamless integration

Fully integrated with the Catalyst 6500 seriesof intelligent switches


Supported on all WAE appliances

Industry Leading Functionality

Solution for scaling servers, appliances, andnetwork devices

Virtual partitions, flexible resource

assignment, security, and control

Catalyst

650X w/ACE

Catalyst650X w/ACE

OriginalFlow

OriginalFlow

OptimizedFlow

OptimizedFlow


67/78


Hardware Options

Cisco WAAS Router Modules


68/78


NME-WAERouter-Integrated Network Module

for the Cisco Integrated Services Router

Provides the lowest CapEx and OpEx;integrates within the ISR; addresses 80percent of remote branch offices

Single processor system, can be clustered

with WCCPv2, PBR, and is supported in ISRmodels 2811, 2821, 2851, 3825, and 3845

Model NME-WAE-302

512MB of RAM, 80GB of disk

Up to 4Mbps WAN connections and up to 250optimized TCP connections

Model NME-WAE-502

1GB of RAM, 120GB of disk

Up to 4Mbps WAN connections and up to 500optimized TCP connections

Model NME-WAE-522

2GB of RAM, 160GB of disk

Up to 8Mbps WAN connections and up to 800

optimized TCP connections

Cisco Integrated Services

Router (ISR) Series

WAE Hardware Options


69/78


WAE-512 ApplianceSingle processor, 1 or 2GB of memory

Supports up to 20Mbps WAN andup to 1,500 optimized TCP connections

Software RAID-1, No Hot Swap Support

WAE-612 ApplianceDual-core processor, 2 or 4GBof memory

Supports up to 155Mbps WAN andup to 6,000 optimized TCP connections

Software RAID-1, Hot Swap Support*

WAE-7326 ApplianceDual processor, 4GB of memory

Supports up to 310Mbps WANand up to 7,500 optimized TCP connections

Software RAID-1, Hot Swap Support*

WAE-512Remote Office Appliance

WAE-612Regional Hub and Data Center Appl iance

WAE-7326Enterprise Data Center Appliance

* Requires WAAS 4.0.13 or later

WAE Hardware Options


70/78


WAE-7341 Appliance

Quad-core processor,8GB of memory

Supports up to 310Mbps WANand up to 12,000 optimized TCPconnections

Hardware RAID-6, Hot Swap Support*

WAE-7371 ApplianceDual Quad-core processor,24GB of memory

Supports up to 1000Mbps WAN

and up to 50,000 optimized TCPconnections

Hardware RAID-6, Hot Swap Support*

WAE-7371

Enterprise Data Center Appl iance

WAE-7341

Enterprise Data Center Appl iance

* Requires WAAS 4.0.13 or later

Cisco WAE FamilyPerformance and Scalability


71/78


CURRENT HARDWARE PLATFORMS

HardwareConfiguration

Max OptimizedTCP

Connections

Max CIFSSessions

Drive UnitCapacity (GB) /

Maximum UsableCapacity (GB)

MaxDrives

Memory(GB)

WAN LinkCapacity(Mbps)

CMScalability(Devices

Managed)

CoreFan-out(Numberof Peers)

NME-WAE-302 250 N/A 80/80 1 .5 4 N/A 1

NME-WAE-502 500 500 120/120 1 1 4 N/A 1

NME-WAE-522 800 800 160/160 1 2 8 N/A 1

WAE-512-1GB 750 750 250/250 2 1 8 500 5

WAE-512-2GB 1500 1500 250/250 2 2 20 1000 10

WAE-612-2GB 2000 2000 300/300 2 2 45 2000 30

WAE-612-4GB 6000 2500 300/300 2 4 90 2500 50

WAE-7326 7500 2500 300/900 6 4 155 N/A 96

WAE-7341 12000 12000 300/840 4 12 310 N/A 200

WAE-7371 50000 32000 300/1400 6 24 1000 N/A 400

Note: These are guidelines for sizing based on certain assumptions. Enabling multiple features will have an impact on scalability.


72/78


Recently AddedFeatures

Scalable, Secure Central Management


73/78


Centralized Management

Robust management, monitoring, andreporting for up to 2500 nodes

Device grouping for simplified rollout

of configuration changes

Device and system alarms, as well asintegration with SNMP and syslog

Secure Management Platform

SSL-encrypted HTTP GUI and intra-device communication

Roles-based Access Control (RBAC)to isolate users to specific capabilitiesand domains of management

Integrated IOS-like CLI accessible viaSSH (also telnet, serial)

High Availability Configurations

Active/standby deployments withautomatic failover, replication ofCentral Manager database, andencryption keys

Configurable Comprehensive Reporting


74/78


Device Dashboard

Configurable list of reports to displayon a device or device-grouphomepage

Traffic StatisticsOptimized vs pass-through traffic mixincluding pass-through reason

Application traffic mix over period oftime (hr/day/wk/mo/custom)

Per-Connection StatisticsConnection monitoring shows nearreal-time view of optimizedconnections and details

Compression Statistics

Bandwidth savings per applicationover time (hr/day/wk/mo/custom)

Acceleration Statistics

Examine accelerated connections,open files, cached resources, cache

hit ratio, and average throughput

Enterprise Performance MonitoringIntegration


75/78


Transparent Integration

Packet header preservation ensurescompliance with enterprise performancemonitoring systems

Enables visibility to end-nodes involved inperformance data collection

Full compatibility with NetQoS Super Agentand infrastructure to support Cisco PVM andothers

Flow Export AgentTransmit connection data to monitoringsystems to ensure correct response timeanalysis

Eliminates WOC distortion of TCP RTTanalysis caused by TCP proxy architectures

Data Center

Remote Office

WAN

TCP Flow Export Agent

Super Agent

No optimizationWithout Flow ExportAgent (Inaccurate)

Flow Export AgentEnabled (Accurate)

Optimization Enabled

Cisco WAE Disk Encryption


76/78


Cisco WAE Disk Encryption

Optional feature applied against datapartitions within the WAE to mitigateconcern of data theft due to stolen drives

or physically compromised WAE devices

Keys fetched from CM upon boot andstored in memory only, WAE will pass-through if keys are unavailable

Keys synchronized amongst CentralManagers to ensure high availability

Data Center

Remote Office

WAN

Fetch Disk EncryptionKey and Store in RAM

Cisco WAASCentral Manager

Disk Disk

Disk

Standards-Based Strong Encryption

Follows FIPS 140-2 level 2 specificationwith certification to follow

256-bit Advanced Encryption Standard(AES) cipher, which is the standard for USGovernment data protection and thestrongest commercially-availableencryption

Cisco WAAS is In Evaluation withCommon Criteria certification

Encrypted Data Store

Recommended Reading


77/78


Continue your Networkers atCisco Live learning experience withfurther reading from Cisco Press

Check the Recommended Readingflyer for suggested books

Available Onsite at the Cisco Company Store


78/78


Documents

BRKAPP-1004_Introduction to Cisco Wide Area Application Services (WAAS)