Branch

- Cisco ISR 4000 with iWAN

(ducho@cisco.com)
System Engineer @ Enterprise
Cisco Systems Korea
2014. Dec. 11th

Background
Branch router
?


, , App

Application Delivery

Application Consumption

Next Gen Applications

UHD
Web SaaS App


, ,

PRESSURE
ON THE
BRANCH

Branch

%
80

of employees and
customers are served
by branches.

They need a
LAN-like experience

 WAN

Cisco Intelligent WAN

Any Connection

Any Application

IT

Any Cloud

New ISR 4K
Branch router
ISR router
Branch Solution

 Cisco ISR 4000

Application Experience
UCS E-Series

Pay-as-You-Grow

Integrated compute 8 cores

Service-awareness
Data Plane
( )

L2-7

Cisco ISR
4000

Appliance

4-10X Faster
(ISR G2 )

Powering the Intelligent WAN!!

ISR 4K
Cisco ISR 4400/4300 Series
NEW
NEW

NEW

ISR 4451-X
1-2Gbps

ISR 4431
500-1000 Mbps

ISR 4351
200-400 Mbps

ISR 4331
100-300 Mbps

NEW

ISR 4321
50-100 Mbps

Available September 2014

Purpose Built Branch Application Centric Infrastructure

SM-X Ethernet Switching Module

ISR G2 and 4000 Series ISR
Ethernet Switching Module
Catalyst 3560-X Architecture
Cisco ISR G2 ISR 4K router
Layer 2/3 feature (LAN Base/IP Base/IP Service)
What is new?
PoE/PoE+, CTS, MACSec

Module PID

Catalyst 3560-X License

SM-X-ES3-16-P

Will ship with LAN base (layer 2-only features)

MGF(Multi-Giga Fabric) High Performance Switching
OIR (Online Insert and Removal)

SM-X-ES3-24-P
SM-X-ES3D-48-P

GE Routed Port Interfaces

Gigabit Ethernet Interface Port-density
Cisco 4451 16 Fiber port

Branch Router 10G SFP+ interface

SFP or UTP port option
2 SKU model
SM-X-6X1G (6-ports 1GE SFP/UTP interface module)
SM-X-4X1G-1X10G (1-port 10 GE (SFP+) + 4-ports 1GE interface module)

Module PID
SM-X-6X1G
SM-X-4X1G-1X10G


Branch

Scalability

WAN

UCS-E series
Technology
Consolidation
Branch
Services

Unified
Communications

UCS-E140S
Intel E3 4 Core Processor
8-16GB x RAM, 2 TB

UCS-E180D
UCS-E160D
Intel E5 6 Core Processor
8-48 GB RAM, 200GB - 3 TB

Feature Richness

Intel E5 8 Core Processor

8-48 GB RAM, 200 GB - 3 TB

NEW


Service Containers

Hypervisor

,
Reference

Hypervisor ,

IOS ,

VM 1

VM 2

VM 3

WAAS

Energywise

Future App

Cisco Intelligent WAN

ISR4000-AX

Transport
Independent

Intelligent
Path Control

Application
Optimization

Secure
Connectivity

/

CWS(Cloud Web Security)

Application Experience

TransportIndependent
Design
WAN

Transport Independent
Full-mesh WAN

WAN

Dynamic Full-Meshed Connectivity

Security

Carrier service multi-

homing
,

Utilization

media

site-to-site IPSec

cryptography

hub configuration

Internet

The
image

WAN

ASR 1000

ISR 4K router

Branch

Data Center

MPLS
ASR 1000

Intelligent
Path Control
IWAN
Application


WAN Utilization

App SLA
Critical App

bandwidth utilization

Set Policy Actions

Path A

App

(App SLA, link status)

Path B

Data Centers

/
Delay, Jitter, BW

2X WAN Utilization

WAN

App Priority

Path

Loss

Jitter

Delay

Voice/Video

Path A

Business Critical

Path B

Remaining

Load balance

Bandwidth

App
Performance

PfR
Bandwidth Critical Applications
Hybrid IWAN
Detect Loss
Greater Than 10%

Dual Internet WAN

Detect
High Jitter

Voice and
Video

Cloud Services
Best-Effort Traffic
SP1 (MPLS)

Best-Effort Traffic

ISP (Internet)

ISP-1 (Cable)

Cloud Services and Load-Balancing Policy

application

Quality .
Loss less than 5%

Application

: SP1 (MPLS)

WAN traffic

load-sharing
Bandwidth .
MPLS + Internet Line

VDI

ISP-2 (DSL)

Multimedia and Critical Data Policy

Voice Video
Latency less than 150 ms;
Jitter less than 20 ms
VDI application

Loss less than 5%

Voice and video (SP-A)

VDI (SP-B)
Load-Sharing

Utilization

PfR Classical Routing

PATH CONTROL

METRICS

ADAPTIVE

PfR

cost path

Static

Performance

Path cost

RESPONDS TO:
Node (up/
down)

Delay
Jitter
Bandwidth

RESPONDS TO:
Performance
(Degradation)

Optimize
Application
Performance
Application

 Application Traffic
Cisco AVC(Application Visibility and Control)
PROBES

1000 Application

App

Rule

HW
NetFlow v9/IPFIX

reporting tool

IP/ ACL
Application
HTTP flow

Bandwidth
, application

60% of IT Professionals Cite Performance as Key Challenge for Cloud

AVC
/

CSR

Proliferation
of Devices

Enterprise Edge
AVC

AVC
ISR
4K

Branch

Private
Cloud

WAN
NetFlow v9

AVC

DC/Headquarters
ASR

Application
WAN

Application
WAN bandwidth
Real-time Application

Service Quality

App

Reduce load
Data redundancy

elimination (DRE),
compression, and
TCP optimization

Application

Bandwidth
(Mbps)

Latency
(Seconds)

160

Reduction in
bandwidth
3

120

80

40

Fewer protocol messages

and metadata caching

Application bandwidth natively

Application bandwidth with Cisco WAAS
Application latency natively
Application latency with Cisco WAAS

Application
Bandwidth

Application
Latency

Reduction
in latency

WAAS
E-mail 5 MB Attachment

10

20

30

40

50

60

70

80

90

100

110

File Transfer

120

130

140

150

10

20

30

40

50

60

Time in Seconds

Send and receive email over native WAN

First optimized with WAAS
Second pass optimized with WAAS

10

12

14

16

18

20

22

24

T1
(1.54Mbps)
80 ms
Latency

SharePoint file download over native WAN

First optimized with WAAS
Second pass optimized with WAAS

90

100

110

120

130

140

150

26

28

30

22

24

26

28

30

File drag and drop over native WAN

First optimized with WAAS
Second pass optimized with WAAS

VDI (CITRIX)

Time in Seconds

80

Time in Seconds

MS SharePoint 5 MB Document

70

5 MB File

10

12

14

16

18

20

Time in Seconds

Launch Citrix XenDesktop over native Citrix ICA/

SSL
Launch Citrix XenDesktop with WAAS
Site navigation over native Citrix ICA/SSL
Site navigation with WAAS

Cisco WAAS + Akamai Solution

Akamai Caching , Cashing

Cisco Intelligent WAN with Akamai Connect

Worlds Best Optimization Solution for HTTP Traffic
AKAMAI WEB ACCELERATION
Intranet HTTP
Caching

Dynamic OTT
HTTP Caching

Akamai
Connected Cache

CISCO WAAS
LZ
Compression

TCP
Optimization

Data
De-duplication

Content
Pre-positioning

Application
Specific
Acceleration

Securing
Your IWAN


Backhaul Secure Transport + Internet Access

OFF-LOAD CORPORATE WAN

DMVPN
Firewall/IPS

Application
( )

AVC Web
Filtering
Malware

IWAN Tunnels for

HQ/DC Traffic

ISR Cloud Connector to

CWS datacenters

WAN1
(IP-VPN)

Branch

WAN2
(Internet)

Secure Public Cloud

and Internet Access

CWS Encapsulated
HTTP, HTTPS
Web Filtering, Adv.
Malware Detection &
Threat Analytics

Private
Cloud

Cisco
Cloud Web
Security CWS

Public
Cloud

Internet

Cisco Cloud Web Security (CWS)

Direct Internet Access

Threat Analytics

File Retrospection

File Behavior

File Reputation

Malware Signature

Web Reputation

Web Filtering

Application Visibility and Control

Roaming Users

Headquarters

Branch Office


Cloud Web Security (CWS) for Dedicated Internet Access
Attack Continuum

BEFORE

DURING

AFTER

Discover
Enforce
Harden

Detect
Block
Defend

Scope
Contain
Remediate

Web Filtering

Signature-based AV

File Retrospection

Reputation Filtering

Heuristic Analysis

Threat Analytics

Acceptable Use Policy

File Reputation

Actionable Reporting

Application Visibility Control

File Behavior

IWAN
Management
and Integration

tool

 ! , !
Intelligent WAN App

Prime Infrastructure 2.2

with APIC-EM
FCS
April 2015
CA Dec
2014

FCS
Nov 2014

Workflow

provisioning

(Day 1)

IWAN System Release 2.0

Capacity trending
workflow
Topology visualization

(Day 2)

Available
Dec 2014

End-to-End Validated Design

Secure WAN

 Ecosystem
Tool
Lifecycle Management

Cloud-based Orchestration

Management & Visibility

Cisco Prime
Plug and Play deployment

configuration

Health Assurance

OnePK for app aware WANs

Compliance
Prime 2.2
Day 1 support for ISR 4000
IWAN Work flows

GlueWare
Day 1 support for ISR 4000
AVC support (Sep 2014)

Topology Visualization

On-premise option (Nov 2014)

Live Action
Day 1 support for ISR 4000

Session
Summary
Branch

 Branch !

1
2
3
4
5

4-10

App

Direct Internet access

App

Device deployment
4G, LTE interface

Day 2 network-wide monitoring

Probe
Hop

OS
Network, compute, storage
APIC-EM Unified Access

Cisco ISR 4000 Family

Branch

IT

A
B C

TCO

4-10X Faster

Revolution Architecture

/Programmability

Application-aware Data Plane

ISR 4321
(50-100 Mbps)

ISR 4331
(100-300 Mbps)

ISR 4351
(200-400 Mbps)

All-in-one

ISR 4431
(500-1000 Mbps)

ISR 4451-X
(1-2Gbps)

E-learning

Wi-Fi

Tablet PC
HD

On-line store Local store

Product catalogs
Web sales point

Wi-Fi

Direct Internet access

Application

HD video

Virtual offices

Thank you.