Professional Documents
Culture Documents
An application of SONA
Presentation_ID
Business Agility
Business Challenges
Simplification
IT Solutions
Differentiation
SONA Framework
Network Systems
Campus
Data Center
Branch
Presentation_ID
What Is SONA?
SONA is an architectural approach to connect Network Services to Applications to deliver Business Solutions.
Presentation_ID
AUTOMATION
Dynamic Provisioning and Information Lifecyle Management (ILM) to Enable Business Agility Business Policies On-Demand Service Oriented
SAN
VIRTUALIZATION
Management of Resources Independent of Underlying Physical Infrastructure to Increase Utilization, Efficiency and Flexibility
Compute
CONSOLIDATION
Centralization and Standardization to Lower Costs, Improve Efficiency and Uptime Compute Network Storage
Network
Storage
Presentation_ID
Client
Server
Remote Office
WAN
Optimized C onnections
tions
Data Center
Remote Office
ized Optim
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.
ec Conn
Client Workstation
LAN Switch
Edge Device
Firewall
WAN Router
NAS
Traditional WAN Optimization changes header information Result: Services may not work Extra integration required Risk of downtime due to dedicated links
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.
Cisco WAAS:
Cisco WAAS
LAN Switch Firewall WAN Router
Client Workstation
LAN Switch
WAN Router
IP Network
NAS
Edge WAE
Core WAE
Robust Application Adapters to Offload WAN and Data Center Local Services
Transport and Flow Optimizations Data Redundancy Elimination Accelerates ALL TCP Traffic
Presentation_ID
WAN
WAN
Scavenger
ERP
Presentation_ID
10
Catalyst 6500 series module or standalone appliance form factor Solution for scaling servers, appliances, and network devices Virtual partitions, flexible resource assignment, security, and control
Presentation_ID
Benefit: flexible configuration and management of all infrastructure resources to reduce costs and increase agility
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.
12
Access Control
Branch - Campus
Path Isolation
WAN MAN - Campus
Services Edge
Data Center - Campus
Grant _controlled_ access or prevent access Map client VLAN to transport technology Transport client traffic through isolated path Terminate isolated path @ destination edge Map isolated path to destination VLAN Apply policy at VLAN entry point Isolate Application environments
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.
1.
2.
3.
1.
2.
3.
13
Path Isolation
Device Virtualization
Control Plane Virtualization Data Plane Virtualization Management Virtualization
Tags / circuits
Tags / circuits
Presentation_ID
14
Path Isolation
Policy Enforcement
Layer 3 Core
VRF-Lite
Builds on existing campus protocols Medium complexity Scales up to a dozen segments
MPLS
High scalability (256+ segments) High complexity Requires new protocol
ACLs/PBR
Widely deployed Seamless services integration Limited scalability High complexity
GRE
Builds on existing campus protocols Limited scalability Medium complexity
Presentation_ID
15
Application of V3PN
IPSec VPNs are replacing traditional WAN media to save costs and enable new work habits Common design issues for both Remote VPN and Branch-to-DC deployments QoS critical in key areas Design IPSec VPNs with QoS today to transport VoIP tomorrow Deploy broadband and IPSec VPNs so WORK IS AN ACTIVITYNOT A PLACE
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.
V3PN QoS
16
VTI Consideration
Branch Router
Presentation_ID
17
VTI - IPSec
Virtual Tunnel Interface:
VTI feature enables Implementing QoS features from crypto head-end to branch routers. Provides a routable interface Interface Tunnel 0 Supports per-tunnnel features / peer (session) configurations Supports Encryption of IP Multicast Head-end routers only need Virtual Templates, not pre-configured tunnel interfaces Load balancing function of Routing Protocol
Presentation_ID
18
Voice
Predicable Flows Drop + Delay Sensitive UDP Priority 150 ms one-way delay 30 ms jitter 1% loss 17 kbps-106 kbps VoIP + Call-Signaling
Video
Unpredicable Flows Drop + Delay Sensitive UDP Priority 150 ms one-way delay 30 ms jitter 1% loss Overprovision stream by 20% to account for headers + bursts
Voice InteractiveVideo
Data
No one-size fits all Smooth/Bursty Benign/Greedy TCP Retransmits/ UDP does not
Bulk Streaming-Video
19
DC 3.0 - DCNA
Data Center 1.0
Mainframe
Service Orchestration App Delivery Server Switching Storage Switching SLB / Firewall LAN Switching IP Routing
CENTRALIZED
DECENTRALIZED
VIRTUALIZED
20
IP
SAN
FC FC
Network Virtualization
Independent Path/Policies for Network Segments Independent Network Services & Policies for Application Independent Storage for Individual Application Independent Compute Resources wrt Application Services
VSAN, Storage
Server Virtualization
Presentation_ID
21
ACE compliments Green DCNA Improving Power, Cooling, and Rack Space
8 Isolated Applications at 2GB Throughput Each
16X
15X
Power Consumption
Mid-Size Enterprise
32 Isolated Applications
Products
4 ACE Modules OR 32 Low-End Competing Devices
12 KW increase for Competing Solution Five year Power and Cooling savings:
ACE Savings
$335K-$419K
22
Presentation_ID
FT VLAN
TRP protocol packets Heart-beats Configuration sync packets State replication packets
Red-grp4 Standby Active
Red-grp1
ACE-1 ACE-2
Active Standby
23
3 Types of CVDs Network Services (Mobility, Security, Unified Communication) Industry Solutions (Retail PCI, Healthcare Translation) Places in the Network (Campus, Data Center, Branch)
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.
24
Services Edge
VNs
User VN User VN User VN User VN Extranet VN
Services
VN specific VN specific Resource specific VN/resource specific Fusion Router
Resources
Shared
Shared Dedicated
VN Specific logical policy services - Dedicated per VN Resource Specific policy services - Shared across VNs Fusion routing
Access shared resources Inter-VN communication
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.
25
FW contexts:
VPN isolation / protection Per VPN policies: ACL, NAT 256 contexts per FW Map to VLANs
Presentation_ID
26
Understanding VRFs
Route Targets
VRF VRF
Export 3:3 Import 3:3 Import 2:2 Export 1:1 VRF VRF
VRF VRF
Import/export routes to/from MP-BGP updates Globally significantcreates the VPN Allows hub and spoke connectivity (central services)
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.
27
No routes exchanged between blue/red No transitivity: imported routes are not re-exported
Blue and red remain isolated
28
Application Assignment
29
Summary: The Network as a Platform - DCNA IT need not be a cost centre but a strong driver for business by addressing key challenges with DCNA which offers:
1) Business agility Ability to response rapidly to varying economic condition Ability to adjust rapidly to the changes in a business environment 2) Differentiation from traditional business Enabling SLAs with ease and permits to create layers of differentiated services Address time to market issues Address regulatory compliance that could impact future business 3) Operation Simplification Reduce Opex and Capex through Consolidation, Virtualization and Standardization with an architectural approach validated by Cisco.
Presentation_ID 2006 Cisco Systems, Inc. All rights reserved.
30
Business Architecture
Virtualization
Automation
31
Presentation_ID
32
Presentation_ID
33