Cisco Wide Area Application Services (WAAS) v4.1 Technical ...€¦ · Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 BRKAPP-1004 14617_05_2008_c1

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1BRKAPP-100414617_05_2008_c1

Cisco Wide Area Application Services (WAAS) v4.1

Technical Overview

Hicham El Alaoui - [email protected]


Agenda

Enterprise Application Delivery ChallengesIntroducing Cisco Wide Area Application ServicesCisco WAAS Product ArchitectureApplication Specific Acceleration Deployment and IntegrationNetwork-embedded virtualizationManagement and WAE PlatformsSummaryQ&A


I/T’s Application Delivery Problem

Distribution of Services

Distribution of Services

Data center consolidation Data center

consolidation

Increasingly distributed workforce drives need for distribution of I/T resources to remote locations

Enable productivity

Drive revenue and profits

Increasingly distributed workforce drives need for distribution of I/T resources to remote locations

Enable productivity

Drive revenue and profits

Data protection, availability, compliance, and management drives need for consolidation

Fewer devices to manage

Fewer points to protect

Data protection, availability, compliance, and management drives need for consolidation

Fewer devices to manage

Fewer points to protect

Primary Data Center Primary

Data CenterRemote OfficesRemote Offices

Regional OfficesRegional Offices

Home OfficesHome Offices

Secondary Data Center Secondary Data Center


Applications perform well in LAN:High bandwidth

Low latency

Reliability

Applications perform poorly in WAN:Already congested

Low bandwidth

Latency

Packet Loss

The WAN Is A Barrier To Consolidation

Round Trip Time (RTT) ~ 0mS

Client LAN Switch Server

Round Trip Time (RTT) ~ many many milliseconds

ServerClient LAN SwitchLAN Switch

WAN


The Impact of Latency and Loss

1.544Mbps

500Kbps

Coefficient of Latency and Loss

Thro

ughp

ut

ActualActual

ExpectedExpected

Low

5.02.1

pRTTMSSR =

R : Average Throughput

MSS: Packet Size

RTT: Round-Trip Time

P : Packet Loss

High


Agenda



Cisco WAAS Comprehensive WAN Optimization Solution

Accelerates applications over the WAN

Delivers video to the branch

Provides local hosting of branch IT services

Data CenterRemote Office

Remote Office

Remote Office

WAN

Optimized Connections


Optimized ConnectionsOptimized Connections



VPN

InternetOptimized Connections


Mobile


The Solution: Make WAN Perform Like LAN

WAN in LAN Speed

Cisco WAAS

Cisco WAAS

Data Redundancy Elimination

TCP Optimization

App-Specific Acceleration

Data Center

Branch Users

Mobile Users

Video delivery optimization

Accelerates TCP performance over the WAN

Redundant data does not need to transit the WAN – reduces overall bandwidth usage

Optimizes application protocols, such as MAPI, CIFS, NFS, HTTP, Print – eliminates protocol inefficiencies

Streamlined video delivery ensures one copy of live streaming transits the WAN


Application Performance ImprovementsCategory Applications 2X 5X 10X 25X 50X 100X+

File Sharing CIFSNFS

Email Microsoft ExchangeLotus NotesInternet Mail

Web andCollaboration

HTTPWebDAVFTPMicrosoft Sharepoint

Software Distribution

Microsoft SMSAltirisHP Radia

EnterpriseApplications

Microsoft SQLOracle, SAPLotus Notes

BackupApplications

Microsoft NTBackupLegato NetworkerVeritas NetbackupCommVault Galaxy

Data Replication EMC SRDF/AEMC IP ReplicatorNetApp SnapMirrorData DomainDouble-TakeVeritas Vol Replicator

2-20X Avg >100X Peak

2-5X Avg 20X Peak

2-10X Avg 100X Peak


2-5X Avg 20X Peak

2-10X Avg 50X Peak

2-10X Avg 50X Peak

Category Applications 2X 5X 10X 25X 50X 100X+

File Sharing CIFSNFS

Email Microsoft ExchangeLotus NotesInternet Mail

Web andCollaboration

HTTPWebDAVFTPMicrosoft Sharepoint

Software Distribution

Microsoft SMSAltirisHP Radia

EnterpriseApplications

Microsoft SQLOracle, SAPLotus Notes

BackupApplications

Microsoft NTBackupLegato NetworkerVeritas NetbackupCommVault Galaxy

Data Replication EMC SRDF/AEMC IP ReplicatorNetApp SnapMirrorData DomainDouble-TakeVeritas Vol Replicator


2-5X Avg 20X Peak

2-10X Avg 100X Peak


2-5X Avg 20X Peak

2-10X Avg 50X Peak

2-10X Avg 50X Peak


SharePoint Response Time (14.5MB Excel Download)

0

50

100

150

200

250

300

Without WAAS With WAAS (1stdownload)

With WAAS (2nddownload)

SecondsChallenges:Customers scattered in rural areasR&D scientists distributed globallyTime to market relied on real-time collaboration

Strategy:Microsoft SharePoint portal centrally deployed for onceLAN-like performance ensured for all

Results:Average response time: From 270 to 8 secondsBandwidth usage: From 90 to 50%

WAN Bandwidth Consumption

0%10%20%30%40%50%60%70%80%90%

Without WAAS With WAAS

Percentage

See Monsanto video testimonial: www.cisco.com/go/waas

Improve Remote User Productivity Microsoft SharePoint Acceleration Case Study

http://www.cisco.com/go/waas


Agenda



Cisco WAAS Product Architecture

Platform Management and Services

Cisco WAAS Operating System

Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery

Embedded virtualization

ConfigurationManagement

System(CMS)

CIFSAO

TCP Proxy with Scheduler Optimizer (SO)DRE, LZ, TFO

MAPIAO

HTTPAO

SSLAO

VideoAO WoW

VirtualBlade

# 2

VirtualBlade

# 3NFSAO

Disk Storage (Cache, VB storage etc.)EthernetNetwork

I/O

New


Data Redundancy Elimination (DRE):–Application-agnostic compression–Up to 100:1 compression

Persistent LZ Compression: –Session-based compression–Up to an additional 10:1 compression even after DRE

DRE DRE

LZ LZ

Advanced Compression

Synchronized Compression

History

WAN

http://images.google.com/imgres?imgurl=http://withcoupon.com/images/envelope.gif&imgrefurl=http://www.withcoupon.com/gettingstarted.cfm&h=149&w=150&sz=7&tbnid=qmH44IwYmq9HNM:&tbnh=89&tbnw=90&hl=en&start=12&prev=/images%3Fq%3Demail%2Benvelope%26svnum%3D10%26hl%3Den%26lr%3D

http://images.google.com/imgres?imgurl=http://withcoupon.com/images/envelope.gif&imgrefurl=http://www.withcoupon.com/gettingstarted.cfm&h=149&w=150&sz=7&tbnid=qmH44IwYmq9HNM:&tbnh=89&tbnw=90&hl=en&start=12&prev=/images%3Fq%3Demail%2Benvelope%26svnum%3D10%26hl%3Den%26lr%3D


DRE Chunk Identification

Level-0 Chunk “Basic Chunk”

~256 bytes

Level-0 Chunk “Basic Chunk”

~256 bytesLevel-1 Chunk

~1024 bytes Level-1 Chunk

~1024 bytes Level-2 Chunk ~4096 bytes

Level-2 Chunk ~4096 bytes Level-3 Chunk

~16384 bytes Level-3 Chunk ~16384 bytes

Original Data

Each chunk is assigned a 5-byte signature


DRE Pattern Matching

DRE Database

NO MATCHNO MATCHNO MATCHNO MATCHOriginal

Message Original Message

Encoded Message Encoded Message


Improves application throughputImproves existing WAN bandwidth utilizationShield end-nodes from unruly WAN conditions

Bandwidth scalability - help certain applications ‘fill-the-pipe’Connection fairness - ensure bandwidth is allocated fairly amongst flowsLoss mitigation - selective acknowledgement and retransmissionSlow-start mitigation - improve connection setup time

TCP Proxy architecture provides LAN-like TCP behavior and provides higher levels of compression than per-packet compressionTFO provides adaptive buffering to help ensure that connections requiring additional memory to achieve higher throughput

TCP Flow Optimization (TFO)

LAN-like TCP Behavior

WAN DRE PLZ

DRE PLZ

TCP TCPTCP TCPLAN-like TCP BehaviorOptimized TCP Connections


TCP Performance Challenges

Time (RTT)Slow Start Congestion Avoidance

cwnd

TCP

Inability to Use Available Bandwidth

Inefficient Response to Packet Loss/Congestion

Bandwidth Starvation for Short-Lived Connections


Comparing TCP and TFO

Time (RTT)Slow start Congestion avoidance

cwnd

TCPTCP

TFOTFO

Cisco TFO provides significant throughput improvements over standard TCP implementations

Cisco TFO provides significant throughput improvements over standard TCP implementations


Agenda



Application Optimizers (AO)

Platform Management and Services

Cisco WAAS Operating System

Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery

Embedded virtualization

ConfigurationManagement

System(CMS)

CIFSAO

TCP Proxy with Scheduler Optimizer (SO)DRE, LZ, TFO

MAPIAO

HTTPAO

SSLAO

VideoAO WoW

VirtualBlade

# 2

VirtualBlade

# 3NFSAO

Disk Storage (Cache, VB storage etc.)EthernetNetwork

I/O


Application-Specific Acceleration

Application and Protocol AwarenessMinimize chatter through protocol proxy-caching, read-ahead, write- behind, and other optimizationSafe caching preserves coherency, integrity while improving performance and saving WAN bandwidthScheduled File preposition enables intelligent distribution of large objects to improve performance

Intelligent Server OffloadCaching and optimizations minimize workload on accelerated servers enabling consolidation along with centralization

WAAS Application AcceleratorsCIFS, NFS, MAPI, Video, HTTP, SSLWindows printing

Licensed developed and validated with application vendors

Remote Office Data Center

WAN

Object Cache VerificationSecurity and Control WAN Optimization

Server Safely Offloaded Fewer Servers Needed Power/Cooling SavingsLAN-like Performance

WAN Bandwidth Savings

New


Solution

File and Metadata caching

Read-ahead

Message pipelining

Scheduled preposition to pre-populate

Transparent integration

Dedicated CIFS cache (SMS distribution point, user home area)

CIFS Application OptimizerProblem CIFS is a "chatty" protocols and when used in an environment with high latency,

packet loss, and bandwidth constraints such as a WAN, file server access over the WAN is significantly diminished.

FILE.DOC

Cache

Files

WAN

BenefitsEnable consolidation of distributed file and print resources into the data center without compromising performance. Offload of Data Center Servers


HTTP Application OptimizerProblem

Slow page load on Interactive Web applications Browsers serially open and close connections to fetch small objects (e.g graphics)Latency in a connection open/close could be higher than object transmit time.

SolutionFast Connection Reuse - Optimized connections on the WAN remain active for a short period of time to be re-used should additional data between the client-server pair need to be exchangedProxy Connect to SSL Servers – Each HTTP request is being inspected and forwarded to the HTTP or SSL AO or general optimization

BenefitsThis eliminates the latency caused by establishing multiple connections between clients and servers Tuned to offset connection “bursts”

Bounded session and idle timeoutsTransparency is maintained

Only same pair of client and server requests are reusedCompliments and preserves http application pipelining

Connect (SYN, SYN-ACK, ACK)

Connect

HTTP Request

HTTP Response

HTTP Request

HTTP Response

New


The Need for SSL Acceleration

WAAS optimization benefits are maximized only when applied to decrypted payload

SSL Handshake

“session key” derived

Encrypted Data Exchange

WAN

New


WAN

Cisco WAAS SSL Optimization Solution

Core WAE acts as a Trusted Intermediary Node for SSL requests by clientPrivate Key and Server Certificate are stored on the Core WAE deviceCore WAE participates in SSL Handshake to derive “session key”Distributes the “session key” securely in-band to the Edge WAE over the established connection between the Edge WAE and Core WAE

Send “session key”

SSL Session Core WAE to Server- Core WAE: Server Private Key

SSL Session Client to Core WAE (WAAS)

Edge WAE Core WAE

TransparentSecure Channel

Original Data - EncryptedOriginal Data - Encrypted Optimized & EncryptedOptimized & Encrypted Original Data - EncryptedOriginal Data - Encrypted

SSL HandshakeSSL Handshake

New


MAPI Application OptimizerProblem

MAPI is using MS-RPC which is a chatty request-response protocol. MAPI exchanges many interactive control messages, perform meta-data operations and large object transfers. MAPI traffic is negotiated using MS Port Mapper (port 135) and is using dynamic ports Data encoding is negotiated by client/server Outlook 2000 obfuscates data ,Outlook 2003 and 2007 compress data (LZ) or obfuscate if uncompressible

Solution Full application support - Developed in conjunction with Microsoft Asynchronous Writes Read Ahead Messages Decompression-DRE hintsEndPoint Mapper - Listens to client communication with PortMapper server and creates dynamic ATP entry for negotiated port

New

WAN

BenefitsReduced send and receive time and improves response time of interactive control operations – very important for Outlook 2000 usersCleans up the outbox faster – important for cached

mode usersFaster downloads of OAB, while significantly reducing

BW consumption as this is a redundant transfer across user populationOptimizes native Outlook 2007 operations (Note: requires encryption to be disabled on server)Transparent, automatic optimization. Simple

enable/disable control, no requirement for modification of MAPI ports as Riverbed does. Integrated with EPM adapter for classificationNo reverse engineering (MSFT licensing) - Full protocol

compliance with the different protocol versions –No security hole of keeping sessions open even after users have logged out


Agenda



Simple Transparent In-path Deployment

Simple Plug-and-Play DeploymentPhysical in-path deployment between switch and router or firewall requires no network changesMechanical fail-to-wire upon hardware, software, or power failure

Scalability and High AvailabilityTwo two-port fail-to-wire groups provides support for redundant network paths and asymmetric routingSerial in-path clustering with load-sharing and fail-over

Seamless Transparent IntegrationTransparency and automatic discovery802.1q VLAN trunking supportSupported on all WAE appliance models

Remote Office

WAN


Network-Integrated Off-path Interception

Transparent integration and automatic discovery regardless of interception methodWCCPv2 Interception

Active/active clustering supports up to 32 WAEs and 32 routers with automatic load-balancing, load redistribution, failover, and fail-through operationNear-linear scalability and performance improvement when adding devices

Policy-Based Routing InterceptionRouting of flows to be optimized through a Cisco WAE as a next-hop routerActive/passive clustering provides high availability and failover using IP SLAs as a tracking mechanism

WAN

Optimized Flow

Optimized Flow

Original Flow

Original Flow

Interception Redirection Monitoring

Interception Redirection Monitoring

WAE Cluster WAE

Cluster

Remote Office


Seamless and Transparent Integration

Compliance with critical network servicesIndustry’s only holistic and secure optimization, visibility, and control solutionQuality of Service (QoS)

Classification, NBAR, markingPolicing, shaping, queuing, WREDLFI, header compression

Network ManagementNAM, PVM, NetFlowNetQoS, IP SLA

SecurityIOS Firewall, IDS, IPS, ACL, VPN

Optimized RoutingNetwork Path Affinity (NPA)Optimized Edge Routing, PBR

SrcIP 1.1.1.1 DstIP 2.2.2.2

SrcPrt 1434 DstPort 80 APP DATA

WAN

SrcIP 1.1.1.1 DstIP 2.2.2.2

SrcPrt 1434 DstPort 80 optimized

Cisco Integrated Services Router

Cisco Wide Area Application Services

Quality of Service (QoS)Network Analysis/NetFlowIOS FirewallIntrusion Prevention

Optimized Edge RoutingPolicy Based RoutingIP Service Level AgreementsVPN

Application OptimizersAdvanced Compression

Transport Optimization


Agenda



Flexible, Optimized Branch IT

Cisco WAAS

Virtualized App Delivery for Branch Office Cisco WAAS 4.1 with Virtual Blade Technology

Data Center

Cisco WAAS Virtual Blade Technology Providing Best Mix of Distributed and Centralized IT Services

Validated by Microsoft for Windows Services

Centralize what you can with WAAS

Locally host services (e.g. Windows Server) on same WAAS device

Servers

Router

Cisco WAAS

Users

Storage Backup

Business and Communication Apps

WAN

Local StorageBackup

New


Virtual Blade – Sample Flow Centrally Manage

Remote access and management using Windows Management facilities

Example: Using Terminal Connection to Virtual Blade IP

New


Cisco WAAS with Virtualization

Microsoft and Cisco Solution

Branch optimized IT servicesRead-only Domain Controller

Print services

DNS/DHCP services

Complete WAN optimization + application acceleration

Ability to host Windows services locally

Microsoft Windows Server 2008 Server Core

Jointly developed architectureJoint customer support

Cisco WAAS with pre-packaged Windows Server 2008 services

New


Agenda



Scalable, Secure Central ManagementCentralized Management

Robust management, monitoring, and reporting for up to 2500 nodes

Device grouping for simplified rollout of configuration changes

Device and system alarms, as well as integration with SNMP and syslog

Secure Management PlatformSSL-encrypted HTTP GUI and intra-

device communicationRoles-based Access Control (RBAC) to

isolate users to specific capabilities and domains of management

Integrated IOS-like CLI accessible via SSH (also telnet, serial)

High Availability ConfigurationsActive/standby deployments with

automatic failover, replication of Central Manager database, and encryption keys

SOA-ready MonitoringStandard XML Web Service (SOAP) Integration with external reporting and

monitoring portals


Cisco WAAS Router Modules

NME-WAE Router-Integrated Network Module

for the Cisco Integrated Services Router

The Cisco Wide Area Application Services (WAAS) network modules provide integrated WAN optimization with Cisco Integrated Services Routers (ISR), enabling you to implement full feature WAN optimization while minimizing total cost of ownership

Can be clustered with WCCPv2, PBR, and is supported in ISR models 2811, 2821, 2851, 3825, and 3845Cisco Integrated Services

Router (ISR) Series

Reduce Branch Footprint

Reduce Cost with Integrated Support

Single Box Solution for Voice, Security, Wan Opt


Cisco Wide Area Virtualization Engine (WAVE) appliances extend the Cisco WAN optimization appliance portfolio to provide the industry's only branch-office appliance family that incorporates comprehensive WAN optimization, embedded virtualization for local hosting, and branch-office video delivery.

WAVE-274 Appliance

WAVE-574 Appliance

WAVE-474 Appliance

WAAS Virtual Blades-Capable Branch Appliances

WAE-674 Appliance


Agenda



Cisco WAAS AdvantagesApplication Vendor Validated

•Architecture leadership and joint R&D•Lower risks via technology licensing•Ease of integration and support escalation

Network Integrated•Ease of operations via network transparency•Accurate application SLA monitoring•Secure acceleration•Better with VoIP and video

Cost of Ownership Minimized•Minimized device complexity via router integration•Integrated high quality video•Reduced data center server OpEx via offload technology


Cisco Application Delivery Networking End-to-End Solution

Remote Users

Branch UsersWAAS

Applications

Web & Application

ServersSOA/Web Services

ACE AXGWAAS

WAASClient

Cisco IOS

Application:

Performance SecurityAvailability


Documents

Cisco Wide Area Application Services (WAAS) v4.1 Technical ...€¦ · Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 BRKAPP-1004 14617_05_2008_c1