Upload
kds20850
View
4
Download
0
Tags:
Embed Size (px)
DESCRIPTION
as
Citation preview
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKAPP-201714328_04_2008_c2 2
Optimizing Application Delivery
BRKAPP-2017
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
2
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 3BRKAPP-201714328_04_2008_c2
WAN AccelerationData redundancy eliminationWindow scalingLZ compressionAdaptive congestion avoidance
Application AccelerationLatency mitigationApplication data cacheMeta data cacheLocal services
Application OptimizationDelta encodingFlashForward optimizationApplication securityServer offload
Application NetworkingMessage transformationProtocol transformationMessage-based securityApplication visibility
Application ScalabilityServer load-balancingSite selectionSSL termination and offloadVideo delivery
Network ClassificationQuality of serviceNetwork-based app recognitionQueuing, policing, shapingVisibility, monitoring, control
Cisco Application Delivery Networks
WAN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 4BRKAPP-201714328_04_2008_c2
Other Cisco Live Breakout Sessions that You May Want to Attend
BRKAPP-2014 Deploying AXG
BRKAPP-2013 Best Practices for Application Optimization illustrated with SAP, Seibel and Exchange
BRKAPP-2011 Scaling Applications in a Clustered Environment
BRKAPP-2010 How to build and deploy a scalable video communication solution for your organization
BRKAPP-1009 Introduction to Web Application Security
BRKAPP-1008 What can Cisco IOS do for my application?
BRKAPP-3006 Troubleshooting WAASBRKAPP-2005 Deploying WAAS
BRKAPP-2018 Optimizing Oracle Deployments in Distributed Data Centers
BRKAPP-2017 Optimizing Application DeliveryBRKAPP-1016 Running Applications on the Branch Router
BRKAPP-1015 Web 2.0, AJAX, XML, Web Services for Network Engineers
BRKAPP-1004 Introduction WAAS
BRKAPP-3003 Troubleshooting ACEBRKAPP-2002 Server Load Balancing Design
ApplicationsISRGSS WAAS ACE AXGACNS
Relevancy
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
3
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 5BRKAPP-201714328_04_2008_c2
Agenda
Why Optimize?
Enterprise Framework for WAN/Application Optimization
Technologies That Will Be Discussed
Deployment Scenario in Depth
Caveats
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 6BRKAPP-201714328_04_2008_c2
Why Optimize?
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
4
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 7BRKAPP-201714328_04_2008_c2
WAN Characteristics
BandwidthBandwidth constraints keep applications from performing wellToo much data and too small of a pipe causes congestion, packet loss, and backpressure
Packet loss, congestion, and retransmissionPacket loss and congestion cause retransmission which hinders application performance and throughputCommonly caused by saturated device transmit queues in the network path
Packet LossCongestion
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 8BRKAPP-201714328_04_2008_c2
Enterprise WAN/Application Optimization Framework
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
5
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 9BRKAPP-201714328_04_2008_c2
Net
wor
ked
Infr
astr
uctu
reLa
yer
App
licat
ions
Inte
ract
ive
Serv
ices
La
yer WAN/Application
Optimization Services
Secure and Highly Available Network Infrastructure
Enterprise WAN/Application Optimization Framework
TransactionalIP Communications Bulk File / Storage
Data Center
Branch Office
IP WAN/FR/MPLS
Internet
Polic
y C
onfig
urat
ion
& M
anag
emen
t
Optimization
Control
Monitoring
Classification
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 10BRKAPP-201714328_04_2008_c2
WAN/Application Optimization Technologies
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
6
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 11BRKAPP-201714328_04_2008_c2
WAN/Application Optimization Technologies
Data Center
CampusSiSi SiSi
Branch
Branch
Internet
WAN
Branch
IP SLAsMeasurements
Deploy WAASFarm
Deploy WAAS
Deploy WAAS
NBAR Protocol Discoveryand NetFlow Monitoring
Deploy NetQoSMonitoring tools
IP SLAsMeasurements
Deploy ACE: SSL Offload and SLB
QoS
PfR and QoS
PfR and QoSDeploy WAAS
IOS FW
DMVPN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 12BRKAPP-201714328_04_2008_c2
Deployment
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
7
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 13BRKAPP-201714328_04_2008_c2
DeploymentStep 1—Visibility
Obtain visibility into applications running across the networkApplication discovery and reporting per location
Including encapsulated applications
Get visibility into end-to-end application performanceApplication bandwidth/throughput usage—per user, per site, per prefix
Application performance metrics—loss, RTT, one-way delay, jitter, latency, ART, MOS
Top talkers—applications, sessions, prefixes
TCP session stats—complete, open, expired
Historical and real-time
Network-wide congestion points
Application behavior analysis
Behavioral based application analysis
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 14BRKAPP-201714328_04_2008_c2
Link Utilization
Voice
P2P
E-mailBackup,
etc.
Bulk
Streaming-Video
Mission-Critical
Routing
Interactive-Video
Call-SignalingNet Mgmt
Transactional
Real-Time ≤ 33%
Critical Data
Best Effort≥ 25%
Network Based Application Recognition (NBAR)
Protocol Discovery: discover what apps are running on your network and provide real-time statistics
Per-interface, per-protocol, bi-directional statistics
bit rate (bps); packet count; byte count
SNMP accessible for centralized monitoring
Supported by Partner products (Concord|CA, InfoVista, Micromuse|IBM) and MRTG
Stateful Application Intelligence
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
8
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 15BRKAPP-201714328_04_2008_c2
Application Discovery—NBAR
Configure NBAR on the LAN interface on the branch router
ip nbar protocol-discovery
Identify all applications (NBAR can detect more than 500 applications and protocols)Determine application specific SLAs
Real-Time Application Visibility
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 16BRKAPP-201714328_04_2008_c2
Application Discovery—NBAR and NetQOS
NetQOS supports SNMP
Configure NetQOS to take in NBAR info
Map NetQOS to recognize applications
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
9
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 17BRKAPP-201714328_04_2008_c2
NetFlow
Characterize and analyze application traffic flow
Understand who is utilizing the network and top talkers
Diagnose slow network performance, bandwidth hogs and bandwidth utilization in real-time
Information for network capacity and traffic engineering
Used for anomaly detection, worm diagnosis, and DOS attacks
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 18BRKAPP-201714328_04_2008_c2
Making Sense of Your Network Traffic
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
10
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 19BRKAPP-201714328_04_2008_c2
Configure NetFlow on LAN and WAN interfaces (ingress)ip flow ingress
Identify flows using “show ip cache flow” command.
Monitoring Application Performance Identifying Flows—NetFlow
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 20BRKAPP-201714328_04_2008_c2
Monitoring Application PerformanceIdentifying Flows—NetFlow and NetQOS
Configure NetFlow to export statistics to NetQOS
ip flow-export source FastEthernet3/1.3051
ip flow-export version 5
ip flow-export destination 52.1.1.22 9995
Use NetQOS reports to identify top protocols and network-wise traffic
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
11
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 21BRKAPP-201714328_04_2008_c2
IP SLA—Response Time Measurement
Active AgentSampling method
Synthetic/active
Collection methodEmbedded agents as supposedto external probes
Perspective of measurementNetwork perspective
Scope of measurementEnd-to-end/path
Network Perspective
User Perspective
Source Responder
Network
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 22BRKAPP-201714328_04_2008_c2
Monitoring Application PerformanceIP SLA and NetQOS
Configure IP SLAs manually or with NetQOS for the flows identified
Use NetQOS to track these SLAs
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
12
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 23BRKAPP-201714328_04_2008_c2
Remote Office
WAN Access Links Are Biggest End-to-End Bottleneck!
Telecommuter
Headquarters
Bottlenecks!MCBR
BRBR
MC/BR
MC/BRSP A SP B SP C
SP D SP E
By Default BGP Chooses Best Path Based on Fewest As-
Path Hops!
Performance Routing Overview
PFR Components
BR—Border Router
MC—Master Controller (decision maker)
What Is PFR?Routing Based on Performance
Optimize by: Reachability, Delay, Loss, Jitter*,
MOS*, Throughput, Load and/or $Cost
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 24BRKAPP-201714328_04_2008_c2
Multi-Path Baselining—PfR
The router is configured with PfR in monitoring mode to learn jitter, delay, mos etc for automating multi-path baselining
Helps develop appropriate PfR policies for path optimization
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
13
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 25BRKAPP-201714328_04_2008_c2
Multi-Path Baselining—PfR
PfR can learn and track prefixes and associated delay, jitter etc.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 26BRKAPP-201714328_04_2008_c2
Establishing Application Performance Baselines—NetQOS
Various NetQOS reports can be used to establish application performance baselines
Drill down reports provide greater granularity
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
14
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 27BRKAPP-201714328_04_2008_c2
Identify What Can Be Optimized and Where
Top traffic in New York is voice and low latency queues with higher bandwidth for voice traffic might provide optimum delay, jitter and performance
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 28BRKAPP-201714328_04_2008_c2
Deployment Step 2—Visibility and Control
Assumes visibility tools are already deployed and all applications have been recognized and appropriate priorities mappedProvide application-level SLAs for prioritized traffic flows
Apply application based QoS within the network—shaping, queuing, markingAbility to apply per branch and per application QoS policies
If application SLA are not met based on monitored performance, behavioral based anomaly following actions should be taken:
For local congestion, the local hierarchical QoS policies will be in playIf above don’t suffice then have ability to change application class of service per policy
Local and remoteIf alternate path exist which meets SLA, reroute traffic per policy
Local and remote congestionOnce SLAs are met on the congested path revert back to defaultsIf traffic is anomalous drop the traffic or redirect for forensic analysis
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
15
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 29BRKAPP-201714328_04_2008_c2
QoS Deployment for Converged NetworksGoal: To Deploy Consistent, End-to-End QoSfor Voice, Video, and Data
• Layer 3 Policing• Egress Scheduling
(multiple queues with WRR)
• Priority Queuing for Voice over IP (VoIP)
• Buffer Management
Distribution Layer• Classification and Trust
Boundary• Marking / Remarking• Egress Queue Scheduling• Buffer Management
Access Layer WAN
• Intelligent Classification • Bandwidth Provisioning• Admission Control• Shaping• Link Fragmentation and
Interleaving• Header Compression
WAN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 30BRKAPP-201714328_04_2008_c2
NBAR Application Discovery and QOS Marking
Configure NBAR classification policies on the LAN interface to recognize different application traffic
match protocol HTTP url *cisco*
match protocol sipmatch protocol rtcp
Configure QOS policies to mark those traffic with appropriate DSCP/TOS markings
match all class HTTP
Set precedence 3 match all class rtcp
Set precedence 6match all class sip
Set precedence 7
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
16
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 31BRKAPP-201714328_04_2008_c2
NBAR Application Discovery and QOS Marking Show Command Outputs
MQC markings before TCP optimization help in applying appropriate application specific QOS policies on the exit after optimization
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 32BRKAPP-201714328_04_2008_c2
Control Policies with QOS
Configure appropriate congestion management QOS policies on the WAN interfaces for both optimized and unoptimized traffic
match ip precedence 5
set bandwidth 20
match ip precedence 3
Set bandwidth 30
Ensure real time traffic like voice are prioritized with appropriate low latency queues
If using a DMVPN tunnel for security, configure appropriate policy and apply the policy map to the physical interface mapped to the tunnel
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
17
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 33BRKAPP-201714328_04_2008_c2
Control Policies with QOSShow Commands
Verify that the QOS policies are adhered to with appropriate show commands
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 34BRKAPP-201714328_04_2008_c2
Path Optimization—PfR
Configure PfR to monitor and route traffic based on appropriate application specific policies
Configure the branch router to be both PfRmaster and border router
Tag the appropriate internal(ingress) and external(exit) interfaces
Define appropriate policy to enable PfR load balance traffic across both the WAN exits
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
18
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 35BRKAPP-201714328_04_2008_c2
PfR Path Optimization—Load Balancing
Effective bandwidth utilization using both the links
Distinctive treatment for different kids of traffic
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 36BRKAPP-201714328_04_2008_c2
PfR Path Optimization—Congestion
Passive or active monitoring of network parameters like delay, jitter, etc.
Fast switch over to alternate path in case of failure
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
19
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 37BRKAPP-201714328_04_2008_c2
PfR Path Optimization—Congestion Show Command
PfR continuously monitors and verifies that the network parameters are within the defined policy for path optimization
During congestion the delay increases in that path
PfR compares this delay with that of the alternate path and switches path
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 38BRKAPP-201714328_04_2008_c2
PfR Path Optimization—Path Failure
Passive or active monitoring of path reachability
Fast switch over to alternate path in case of failure
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
20
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 39BRKAPP-201714328_04_2008_c2
PfR Path Optimization—Path FailureDebug Command
As soon as PfR detects reachability has gone down it switches to alternate path
Alternate path held in “HOLDDOWN” state for a period of time (configurable) to prevent flapping
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 40BRKAPP-201714328_04_2008_c2
Deployment: Step 3—Visibility, Control and Optimization
Assumes visibility and control service already running or is part of this serviceProvide application optimization
TCP accelerationDate CompressionApplication acceleration and caching
DC to DC Active Application Load Distribution
Should support both native and hardware acceleration optimizationAbility for the monitoring tool to extract and present pre/post optimization data—compressions stats, ART, latency, etc.
Per user, per application, per siteShould be consistent across all implementations (native or Hw)—NBI and Instrumentation
Should be transparent to other services (interop and co-exist) already deployed
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
21
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 41BRKAPP-201714328_04_2008_c2
WAN
TCP Performance Improvement
Transport flow optimization overcomes TCP and WAN bottlenecksShields nodes connections from WAN conditions
Clients experience fast acknowledgementMinimize perceived packet lossEliminate need to use inefficient congestion handling
LAN TCPBehavior
LAN TCPBehavior
Window ScalingLarge Initial Windows
Congestion MgmtImproved Retransmit
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 42BRKAPP-201714328_04_2008_c2
Data CompressionReduce overall WAN consumption based on redundancy
Maintain active database of previously sent and received trafficSend database index on behalf of traffic that has been seen beforeRealize 5x–50x compression, minimize WAN bandwidth consumption
Compress all outbound traffic with LZ compressionAdditional 2x compression beyond data suppressionVery good compression for non-redundant data
Label Data
L1
L2
ABCDEFGHIJKL
QRSTUVWXYZ
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHIJKLMNOPQRSTUVWXYZL1+”MNOP”+L2
DRE CACHE DRE CACHE
IPNetwork
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
22
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 43BRKAPP-201714328_04_2008_c2
TCP Optimization with Web Cache Communication Protocol (WCCP)
Configure WCCP interception on LAN and WAN interfaces
ip wccp 61 redirect in (LAN)ip wccp 62 redirect in (WAN)
Configure appropriate optimization policies on the WideArea Application Engine (WAE) for different kinds of traffic
TCP flowData Redundancy Elimination (DRE)LZFull
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 44BRKAPP-201714328_04_2008_c2
TCP Optimization with WCCPShow Commands
“show ip wccp” command on routers
No of packets redirected by WCCP
No of bypassed packets returned by
WAE
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
23
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 45BRKAPP-201714328_04_2008_c2
TCP Optimization Show Commands
“show tfo connection summary” on WAEs
Full optimization
Only TCP Flow optimization
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 46BRKAPP-201714328_04_2008_c2
TCP Optimization NetQOS
“NetQOS trend charts can be used to track optimization efficiency by tracking throughput
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
24
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 47BRKAPP-201714328_04_2008_c2
ACE Optimization at Data Center
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 48BRKAPP-201714328_04_2008_c2
Server Load Balancing (SLB) andSecure Socket Layer (SSL) Offload with ACE
Load Balancing Algorithms (Round Robin, Least Connections, Hash)Stickiness (session persistence mechanisms—Source IP/Source Subnet Sticky, Cookie sticky, HTTP Redirection sticky, SSL sticky)Health Monitoring (Return code checking, TcL scripts) Redundancy (stateful versus stateless redundancy, session and sticky state replication)Offload of CPU-intensive SSL processing Servers resources are dedicated to serving requests and running applications, rather than encrypting dataAllows packet inspection and advanced content switching (cookie sticky) of SSL traffic
Clients send traffic to a Virtual IP SLB makes a L7
decision on the traffic and sends the connection to the best serverfarm
SLB load balances to the selected SSL Module
SSL Module decrypts traffic & returns it to SLB
Clients send SSL traffic to a Virtual IP
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
25
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 49BRKAPP-201714328_04_2008_c2
SLB and SSL Offloading with ACE
Offload of CPU-intensive SSL processing
Servers resources are dedicated to serving requests and running applications, rather than encrypting data
Allows packet inspection and advanced content switching (cookie sticky) of SSL traffic
Application Control Engine
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 50BRKAPP-201714328_04_2008_c2
WAN Optimization and Security
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
26
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 51BRKAPP-201714328_04_2008_c2
MPLS WAN Optimization
. L2 WAN is a typical hub and spoke network
Support CenterIndia
USHeadQuarters
ManufacturingChina
USCustomer
USAssembly WAN
USCallCenter
MPLS WAN
USCallCenter
ManufacturingEurope
. All spoke to spoke traffic go through the hub
. MPLS provides direct path between branches
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 52BRKAPP-201714328_04_2008_c2
Group Encrypted Technology VPN—GET VPN
Support CenterIndia
ManufacturingChina
USCustomer
USAssembly WAN
USCallCenter
MPLS WAN
USCallCenter
ManufacturingEurope
. Get VPN - Scalable architecture for any-to-any connectivity and encryption
. IPSec tunnel mode security is a typical hub and spoke overlay network
. No overlays – native routing. Any-to-any instant connectivity.
USHeadQuarters
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
27
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 53BRKAPP-201714328_04_2008_c2
Dynamic Multipoint VPNs—DMVPN
Key Features:
Multipoint GRE (mGRE)
Dynamic IGP routing (EIGRP, OSPF, etc.)
NHRP
Good For:
Customers already using routing
IP only branch offices
IP multicast requirements—hub and spoke only
Customers with dynamic partial or full mesh requirements
DynamicRouting
Routing Control Plane
DPD DPDIPSec Control Plane
TunnelProtection
DynamicRouting
NHRPNHRP
TunnelProtection
GREControl Plane
MultipointGRE
MultipointGRE
IP WAN
DS3, OC3, OC12
Broadband
Hub Site 1
Hub Site 2 Primary DMVPN Tunnel
Branch OfficesBroadband, Frac-T1, T1
Home Offices
Secondary DMVPN Tunnel
DM
VPN
DM
VPN
Head-End Branches
Spoke-to-Spoke Tunnel
WAN RouterVPNHead-end
Branch Router
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 54BRKAPP-201714328_04_2008_c2
Deployment Summary
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
28
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 55BRKAPP-201714328_04_2008_c2
Where to Apply WAN/Application Optimization Technologies
Data Center
CampusSiSi SiSi
Branch
Branch
Internet
WAN
Branch
IP SLAsMeasurements
PfR and QoS
Deploy WAASFarm
Deploy WAAS
QoS
NBAR Protocol DiscoveryAnd NetFlow Monitoring
Deploy WAAS
Deploy NetQoSMonitoring Tools
IP SLAsMeasurements
Deploy ACE: SSL Offload and SLB
NAM Trouble-shooting
PfR and QoSDeploy WAAS
IOS FW
DMVPN
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 56BRKAPP-201714328_04_2008_c2
Quick Look—Before Optimization
At around 300 mseclatency, 10 users could sustain connection rate of around 20 connections per second
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
29
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 57BRKAPP-201714328_04_2008_c2
Quick Look—After Optimization
At around 130 mseclatency, 10 users could sustain a connection rate of around 110 connections per second
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 58BRKAPP-201714328_04_2008_c2
Suggested Branch Deployment Designs
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
30
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 59BRKAPP-201714328_04_2008_c2
Branch Deployment Scenarios 1 and 2
Single Homed Small Branch Office Dual Homed Small Branch Office
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 60BRKAPP-201714328_04_2008_c2
Branch Deployment Scenario 3
MC—PfR master controllerRecommended not to be placed in the forwarding path
GLBP—can provide load balancing
Dual homed Medium Branch Office
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
31
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 61BRKAPP-201714328_04_2008_c2
Deployment CaveatPfR: Lacks Support for Multipoint Interfaces
PfR supports only single next hop per interface
Will work with:PPP/HDLC/Frame Relay
GRE
DMVPN (point to point GRE)
Will not work with:VPLS
Common Ethernet VLAN
DMVPN (multipoint GRE)
Support will be available from IOS version 12.5(pi4)T expected in late 2008
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 62BRKAPP-201714328_04_2008_c2
Deployment CaveatPfR Only Supports Static or BGP Routes
PfR currently supports route learning with only static or BGP routes for path control
Support for other routing protocols like EIGRP or OSPF does not exist
Workaround is to add summary static routes and use PfR for only route unreachability mitigation
Support for EIGRP will be available from IOS version 12.5(pi4)T in late 2008 or early 2009
Plans are there to add support for OSPF
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
32
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 63BRKAPP-201714328_04_2008_c2
Deployment CaveatWAE TCP Options and Firewalls
WAEs add TCP options (0x21) to the TCP header that help in WAE peer discovery and negotiations
Many firewalls do not understand these options and clear them
WAEs peer discovery and negotiation fails and hence no optimization can take place
Wokaround: configure firewalls to allow TCP options
Many Cisco firewalls like IOS Firewall, PIX and the Firewall Service Module (FWSM) can be configured to allow TCP options
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 64BRKAPP-201714328_04_2008_c2
Deployment CaveatWAE Sequence Numbers and Firewalls
Introduction of WAEs causes three different TCP sessions to be established
WAEs jump sequence numbers on the optimized TCP session once TCP handshake is done
Many firewalls do not like this and will drop subsequent traffic
Workaround: sequence check can be disabled on the firewalls or traffic from WAEs can be tunneled, say, with GRE
Cisco software and firewall modules can be configured to support this behavior.
PIX 7.2(3)/FWSM v3.2.1
IOS Zone based FW 12.4(11)T2
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
33
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 65BRKAPP-201714328_04_2008_c2
Branch Deployment Scenario 4
MC—PfR master controllerRecommended not to be placed in the forwarding path
IPSec protection for traffic optional (GetVPN)
Dual homed Large Branch Office
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 66BRKAPP-201714328_04_2008_c2
Suggested Data Center Deployment Designs
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
34
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 67BRKAPP-201714328_04_2008_c2
Core
Distribution
MAN
Data Center View—WAE at WAN-Edge
WAAS
WCCP redirects packet to WAAS
WAE device
Uncompressed / unoptimized Packets
pass thru Firewall to the Server Farm Load Balanced By ACE
DATA CENTER 2
DATA CENTER 1
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 68BRKAPP-201714328_04_2008_c2
MAN
Secured WAN
Secured
WAN
Core
Distribution
Data Center View—ACE Load Balancing WAE
WAAS ACE redirects and Load Balances across the
WAAS Farm
DATA CENTER 2
Packets need to traverse Firewalls
so open appropriate ports
DATA CENTER 1
Uncompressed / unoptimizedpackets are
spanned to the NAM for
Monitoring
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
35
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 69BRKAPP-201714328_04_2008_c2
Deployment CaveatWCCP and DMVPN
DMVPN uses NHRP to create spoke-to-spoke shortcuts
When spoke to spoke traffic hits the DMVPN hub, a NHRP redirect gets generated
In a DMVPN environment, WCCP is redirected on the tunnel interfaces
WCCP breaks this NHRP redirect in both IP return and GRE return
Workaround: use ‘WCCP redirect out’ on client facing interface on HUB; will affect performance
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 70BRKAPP-201714328_04_2008_c2
Deployment CaveatWCCP/WAEs Do Not Support VRFs
Current WCCP versions do not support VRF
Also WAEs do not support multi-tenant, or overlapping address ranges
VRF support is being planned
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
36
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 71BRKAPP-201714328_04_2008_c2
Q and A
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 72BRKAPP-201714328_04_2008_c2
Recommended Reading
Continue your Cisco Live learning experience with further reading from Cisco Press
Check the Recommended Reading flyer for suggested books
Available Onsite at the Cisco Company Store
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
37
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 73BRKAPP-201714328_04_2008_c2
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Receive 20 Passport points for each session evaluation you complete.
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live virtual account for access to all session material on-demand and return for our live virtual event in October 2008.
Go to the Collaboration Zone in World of Solutions or visit www.cisco-live.com.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 74BRKAPP-201714328_04_2008_c2
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
38
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 75BRKAPP-201714328_04_2008_c2
Backup Slides
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 76BRKAPP-201714328_04_2008_c2
Enterprises Becoming Global
WAN
Support CenterIndia
USHeadQuarters
ManufacturingChina
ManufacturingEurope
. As enterprises evolve so do the applications
. As enterprises keep growing so do applications
USCustomer
USCallCenter
USAssembly
© 2006, Cisco Systems, Inc. All rights reserved.Presentation_ID.scr
39
© 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 77BRKAPP-201714328_04_2008_c2
Enterprises Becoming Global
WAN
Support CenterIndia
USHeadquarters
ManufacturingChina
ManufacturingEurope
. As enterprises and applications grow so do their need for bandwidth
. Murphy’s law
USCustomer
USCallCenter
USAssembly