Cisco SD-WAN Application BRKRST-2514 PDF

BRKRST-2514
Cisco SD-WAN Application

Acceleration
Sukruth Srikantha, Technical Marketing Engineer

Hamzah Kardame, Technical Marketing Engineer
Atif Khan, Sr. Director Enterprise Routing
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#BRKRST-2514
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Introduction
• SD-WAN Introduction and Architecture
• SD-WAN Application Acceleration
• Next-Gen WAAS Application Optimization
• SD-WAN WAAS Deployment
• Demo
• Conclusion
Introduction
Current WAN Challenges
Insufficient
Bandwidth
Complex Limited Application

Operations Awareness
Is Your WAN
High Applications
Cost Business Downtime
Ready ?
Limited Fragmented
Scale Security
No Cloud Apps
Readiness
BRKRST-2514 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Why SD-WAN in Enterprise?
50%
of Apps accessed
via Internet
70% 32.4%
Cite management of
Have either 2 or 3 WAN
connectivity at branch
connections/branch
as a challenge
48.6%
Cite poor application
performance and latency as
corporate WAN concern
SD-WAN Introduction and Architecture
Cisco SD-WAN Solution Pillars
Cloud-Delivered
Architecture
Agile Cisco Application

Operations SD-WAN Quality of Experience
Comprehensive
Security
Cisco SD-WAN Secure Extensible Network
vManage
Orchestration Plane vOrchestrator
vSmart
vBond
MANAGEMENT
vEdge
API
Management Plane
(Multi-tenant or Dedicated) ANALYTICS
ORCHESTRATION
Control Plane
(Containers or VMs)
CONTROL
INTERNET MPLS 4G
Data Plane
(Physical or Virtual)
Data Center Campus Branch Home Office
SD-WAN Application Acceleration
Application Performance Influencers
Bandwidth
High Latency
User Experience
Brownouts
Lossy Links
Chatty Apps Cloud Adoption
All of them contribute to bad Application Performance
Application Acceleration Techniques
App-Aware
Routing
1001
TCP
Protocol Specific 0001 Optimization
1110
Cloud
Compression
OnRamp
QoS SD-WAN Native

Deduplication
SD-WAN WAAS
Caching
Application Visibility and Recognition
Deep Packet Inspection
Cloud
Data Center App 1
App 2
App 3,000
Data Center vEdge Router
MPLS 4G
INET
Small Office
 App Firewall
Home Office
 Traffic prioritization
Campus
 Transport selection
Branch
Data Plane Liveliness and Quality
vEdge • Bidirectional Forwarding Detection (BFD)

• Path liveliness and quality measurement
- Up/Down, loss/latency/jitter, IPSec tunnel MTU
• Runs between all vEdge and vEdge Cloud routers in
the topology
- Inside IPSec tunnels
vEdge vEdge - Operates in echo mode
- Automatically invoked at IPSec tunnel establishment
- Cannot be disabled
• Uses hello (up/down) interval, poll (app-aware)

interval and multiplier for detection
vEdge vEdge - Fully customizable per-vEdge, per-color
Critical Applications SLA
 vEdge Routers continuously vManage App Aware Routing Policy

perform path liveliness and App A path must have:
Latency < 150ms
quality measurements Loss < 2%
Jitter < 10ms
Internet
MPLS
Remote Site Path 2 Data Center
4G LTE
Path1: 10ms, 0% loss, 5ms jitter
Path2: 200ms, 3% loss, 10ms jitter
Path3: 140ms, 1% loss, 10ms jitter IPSec Tunnel
TCP Optimization
Optimized
TCP Connections TCP Connections TCP Connections
SD-WAN
Fabric
Users vEdge vEdge Servers
High Latency Path
• High latency path between users and • Optimized TCP connection uses selective
applications, i.e. geo-distances acknowledgement to prevent unnecessary
retransmissions and large initial TCP
• vEdge routers terminate TCP sessions and
window size to maximize throughput
provide local acknowledgements
- Hosts don’t have to wait for end-to-end TCP • Hosts using older TCP/IP stacks will see the
ACKs and pause TCP transmission most benefit
Bandwidth Augmentation
• Augment MPLS with vManage
Internet bandwidth
• Create traffic engineering Traffic Engineering Policy
policy to steer application (data policy)
App A -> MPLS TLOC
traffic
App B -> Internet TLOC
- Active/Active if no policy
Remote Site
Internet
A
Data Center
B
MPLS
App A -> MPLS TLOC
App B -> Internet TLOC
SDWAN Tunnel SDWAN Fabric
Direct Internet Access
• Can use one or more local DIA exits or
Internet backhaul traffic to the regional hub through
the SD-WAN fabric and exit to Internet from
there
- Per-VPN behavior enforcement
INET
• VPN default route for all traffic DIA or data
NAT
policy for selective traffic DIA
Regional • Network Address Translation (NAT) on the
Data Center vEdge router only allows response traffic
NAT
INET
back
SD-WAN - Any unsolicited Internet traffic will be blocked
INET by IP table filters
Fabric
MPLS
Data Center • For performance based routing toward SaaS
Remote Site applications use Cloud onRamp
Cloud onRamp for SaaS - DIA
• vEdge router at the remote site performs

quality probing for selected SaaS
applications across each local DIA exit
- Simulates client connection using HTTP ping
Loss/
• Results of quality probing are quantified as
Latency vQoE score (combination of loss and
Regional
Data Center
latency)
!
ISP1 • Local DIA exit with better vQoE score is
chosen to carry the traffic for the selected
SD-WAN
Fabric SaaS application
ISP2 - Initial application flow may choose sub-
Remote Site Data Center optimal path until DPI identification is
complete and cache table is populated
Quality Probing
Cloud onRamp for SaaS - Gateway
• vEdge routers at the remote site and regional
hub perform quality probing for selected
SaaS applications across their local Internet
exits
- Simulate client connection using HTTP ping
ISP2 • Results of quality probing are quantified as
Loss/ vQoE score (combination of loss and
Latency latency)
Regional
Data Center - HTTP ping for local DIA and App-
! Route+HTTP ping for regional Internet exit
ISP1
• Internet exit with better vQoE score is
SD-WAN chosen to carry the traffic for the selected
Fabric
MPLS SaaS application
Remote Site Data Center - Initial application flow may choose sub-
optimal path until DPI identification is
complete and cache table is populated
Quality Probing
Quality of Experience Score
• Every site where SaaS application is

enabled, is classified as performing
Good, Average or Bad
Score Color
8-10 Green
• Sites are color coded based on the
5-8 Yellow
performance
0-5 Red
vEdge Router Device QoS Overview
Data Policy
vManage Classification of application traffic into QoS
forwarding classes (queues)
Ingress Interface Egress Interface

QoS forwarding QoS
classes Scheduler
FC Q
In FC Q Out
FC Q
Policing Map into FCs Policing Shaping Bandwidth %

Buffer %
Scheduling Priority
Rewrite inner DSCP Map into Rewrite outer DSCP Drop
Egress Queue
Next-Gen WAAS Application
Optimization
Building Blocks of WAAS
AO AO AO
Application Behavior
TCP Flow
Optimization
Latency
Object
DRE LZ
Cache
Bandwidth
Akamai Caching Technology
1 Transparent Caching: with four (4) different mode settings

BASIC STANDARD ADVANCED BYPASS
 Follows IETF HTTP 1.1  Default mode  Caches media files more  Turns off caching for a
guidelines for standard aggressively, and all configured site(s)
 Also caches objects with
object caching object types for longer
no explicit cache marker
times (when there is no
 Only caches responses and with a last- modified
explicit expiration time)
marked explicitly as date. It ignores “reload”
cacheable headers from clients
2 3 4
Connected Cache (CC): Over-the-Top Caching (OTT): Cache Warming or

Retrieves content from Caching content of 3rd party Prepositioning: Scheduled
Akamai’s Intelligent Platform Web sites using a predefined fetch and cache of content
configuration from a Web site
Use Case: Accelerate Live Video
Without
WAN Cisco
vs LAN WAAS withfor
throughput Akamai Connect
Multiple Video Streams
Challenges
• Delivering corporate live video over the 1 2 3 5 7
enterprise network - serving 70K+ end users
across 250 branches globally
WAN/Internet Router
• End-users in South America and Asia suffer
Private/Public LAN Branch
from WAN congestion and video quality issues Cloud Throughput
with frequent re-buffering and slow load times
Benefits
With Cisco WAAS with Akamai Connect
WAN
• Cisco WAAS with Akamai Connect caches live Throughput
and on-demand HTTP video fragments
• Resulted in significant WAN offload while
improving video quality & end-user experiences WAN/Internet
ISR-AX+AC
• Reduced IT tickets related to corporate video Private/Public Branch
webcast quality/performance issues Cloud
Use Case: Software Download
Software updates keep growing and consuming

more enterprise network bandwidth
iOS 8 Update = ~1.1MB; iOS 9 Update = ~ 1.2GB
Akamai Connect can help by caching iOS and OS X

updates locally in the branch
Improving performance
Offloading the enterprise network Updating 3 iPads resulted in
2.67GB of WAN offload
Cloud and SaaS
WAAS 6.4 : Dual-Sided and Smart SSL
Ability to cache both HTTP and SSL in DIA scenario
WAN
Branch DC
Internet
Office365
Optimization
Optimization
Caching only
Dual-Sided SSL Optimization Solution
send session key
Transparent
Secure Channel
Edge WAE Core WAE
Client SSL server
SSL Handshake SSL Handshake
SSL Session: client to core WAE SSL Session: core WAE to server
Original Data - Encrypted Optimized & Encrypted
AppNav Redirection
AppNav Solution
Data Center Data Center
Optimization AppNav
Distribution
Load
Redirection
Interception
AppNav-XE
Asymmetric Traffic and H.A.
AppNav Affinity Features
Branch Office_1
Cisco
AppNav
Br3_WAAS
• AppNav’s powerful policy engine
allows for easy separation of branch
WAN
Branch Office_2 Br2_WAAS traffic
Branch1 Traffic
• No knowledge of IP addresses or
Br1_WAAS
Branch2 Traffic
ACLs required
Branch Office_3 Branch3 Traffic
Data Center
Branch Office
• Split traffic into separate application
HTTP Cluster
Cisco clusters
AppNav
WAN • Allows WAAS to easily adapt to
Branch Office SSL Cluster
application traffic increases and
HTTP Traffic changes.
SSL Traffic Other Cluster
Branch Office Other Traffic
NG-WAAS
Cisco Application Optimization Form Factors
Next-Gen WAAS
WAAS Appliance
Appliance
 Application acceleration
 Application acceleration
 Scalable platforms for
range of deployments  Improved HW and
performance
 200 – 150,000 optimized
flows  200 – 6000 optimized
flows
Virtual WAAS in ISR-WAAS on ISR4K

the cloud Cisco  Identical features and
management as other WAAS
 For public cloud and SaaS
acceleration WAAS 
options
Simple installation has you up
 200 – 12,000 Connections
and running in 7 minutes
 Hourly based/BYOL
 Included in Cisco One
 Solution template for ease of Foundation and AX
deployment
WAAS NFV on ENCS Virtual WAAS on

 Scale as you grow
UCS-E
 WAAS 200 Conn- 750 conn  Ideal for hosting on UCS-E on
ISR 4K with other apps
 Interop/Service Chaining with
other NFVs  No forklift upgrade
 Included in WAN Foundation  Included with Cisco and AX on

ISR4K router
What’s new with WAAS?
• On September 30th 2017, End-of-Sale and End-of-Life was announced for the
Cisco WAVE x94, 7541, 7571 and 8541 platforms as well as the AppNav IOM
cards.
• Replacement solutions will be released in phases, starting with branch-side
WAVE replacements by Jan 2018.
• At a high-level the current replacement offerings are as follows:
• For DC-side WAVE (8541/7571/7541), move to BYOH model and run vWAAS
(150K*/50K/12K)
• For branch-side WAVE (694/594/294), move to new WAAS HW platform (ENCS-W)
• For AppNav IOM, move to AppNav-XE which is a software feature available on
CSR/ISR4K/ASR platforms.
SD-WAN WAAS Deployment
SD-WAN WAAS Inline
LAN
DC/Remote Office
SD-WAN MPLS
Internet
Fabric
OMP-to-BGP/OSPF vEdge
BGP/OSPF-to-OMP
Local prefixes
(OSPF/BGP)
SD-WAN Traffic
(WAAS, UC, Akamai Connect)
LAN
SD-WAN WAAS Offpath
LAN
VPN1
DC/Remote Office VPN2
SD-WAN MPLS
Internet
Fabric
vEdge VPN2
VPN1 (WAAS, UC, Akamai Connect)
SD-WAN Traffic
LAN
SD-WAN WAAS Redirection
DATA POLICY ON VSMART CONTROL POLICY ON VSMART
policy data-policy WAAS-REDIRECT policy control-policy WAAS-EXTRANET
WAN From WAN sequence 10
vpn-list VPN-1
sequence 10 match route
match vpn-list VPN1
protocol 6 action accept
VPN 0
action export-to
set next-hop 10.1.2.2 vpn-list VPN2
default-action accept sequence 20
match route
apply-policy site-list Branches vpn-list VPN2
data-policy WAAS-REDIRECT from-tunnel action accept
VPN 2 export-to
vEdge vpn-list VPN1
10.1.2.1 POLICY ON VEDGE default-action accept
10.1.2.2 policy access-list WAAS-REDIRECT
sequence 10 apply-policy site-list Branches
VPN 1
match control-policy WAAS-EXTRANET in

protocol 6
From LAN
Ge0/1 action
set next-hop 10.1.2.2
default-action accept
int ge0/1
access-list WAAS-REDIRECT in
Demo
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#BRKRST-2514
• Please complete your Online Complete Your Online
Session Evaluations after each
session
Session Evaluation
• Complete 4 Session Evaluations
& the Overall Conference
Evaluation (available from
Thursday) to receive your Cisco
Live T-shirt
• All surveys can be completed via
the Cisco Live Mobile App or the
Communication Stations
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
www.ciscolive.com/global/on-demand-library/.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you

Cisco SD-WAN Application BRKRST-2514 PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco SD-WAN Application BRKRST-2514 PDF

Uploaded by

Copyright:

Available Formats

BRKRST-2514

Cisco SD-WAN Application

Sukruth Srikantha, Technical Marketing Engineer

Complex Limited Application

Agile Cisco Application

Chatty Apps Cloud Adoption

All of them contribute to bad Application Performance

QoS SD-WAN Native

Deep Packet Inspection

vEdge • Bidirectional Forwarding Detection (BFD)

• Uses hello (up/down) interval, poll (app-aware)

 vEdge Routers continuously vManage App Aware Routing Policy

• vEdge router at the remote site performs

• Every site where SaaS application is

Ingress Interface Egress Interface

Policing Map into FCs Policing Shaping Bandwidth %

1 Transparent Caching: with four (4) different mode settings

Connected Cache (CC): Over-the-Top Caching (OTT): Cache Warming or

Software updates keep growing and consuming

Akamai Connect can help by caching iOS and OS X

Ability to cache both HTTP and SSL in DIA scenario

send session key

Client SSL server

SSL Handshake SSL Handshake

Original Data - Encrypted Optimized & Encrypted

Data Center Data Center

Asymmetric Traffic and H.A.

Branch Office Other Traffic

Virtual WAAS in ISR-WAAS on ISR4K

WAAS NFV on ENCS Virtual WAAS on

 Included in WAN Foundation  Included with Cisco and AX on

DC/Remote Office VPN2

VPN1 (WAAS, UC, Akamai Connect)

match control-policy WAAS-EXTRANET in

You might also like