20-22 may, 2013 dubrovnik, croatia, south east europe ... · dubrovnik, croatia, south east europe...

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 1 © 2012 Cisco and/or its affiliates. All rights reserved.

Dubrovnik, Croatia, South East Europe 20-22 May, 2013

Cloud Intelligent Network Mitko Vasilev

[email protected] CIN Lead Central Europe

Market Trends Infrastructure Requirements IT Trends

By 2015 50% of CIOs expect to operate

in the cloud

90% of organizations backhaul traffic through DC

2/3 of mobile data traffic will be video

From Packets to Apps Application Level Visibility

Intelligent Path Selection

App-level Optimization

App-level Security

LOB alignment Direct Internet Access

Private, Public and Hybrid Clouds

Webification of Applications

Sources: Gartner, Information Week, The Register/Xiotech, Enterprise Strategies Group, and FalconStor surveys, Cisco Visual Networking Index; Metzler Cloud Networking Report 2011

New Application Trends Require the Network to Evolve

© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public

Critical applications prioritized

Other traffic managed / dropped

Optimal routes selected

Probe-less deployment

Wired/Wireless view of 1000+ apps

Rapid root cause analysis

Smarter use of costly bandwidth

Smarter capacity planning

Business-oriented SP offers

LOWER COST

Opportunity to Increase Business Value of the Network

£ € BGN

$ HRK

Application Visibility and Control

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public

Prioritize the Core Business

Applications

Apps Control

Advanced reporting GUI tools report

application metrics

App Visibility & User Experience Report

Management Tool

Collect application performance

metrics, and export to management tool

Reporting Tool App Performance Info Exporting

Reporting Tools

NFv9/IPFIX

3

App BW Transaction Time

…

SAP 3M 150 ms …Sharepoint 10M 500 ms …

Identify applications using Deep Packet

Inspection

Application Discovery

What is Application Visibility and Control (AVC)

High

High

Low

DISCOVER - CLASSIFICATION


Application Recognition in Enterprise

Access Control List (ACL)

Up to Layer 4 analysis

>1000 application signatures

Up to the application level

AVC Interact with application to go deeper into the end user flows

>1000 application signatures

Up to the application level

AVC and Metadata


Network Based Application Recognition (NBAR2)

  More than 1000 applications support and growing

  Categorization to simplify application management

  In-service signature update through Protocol Pack

  Field Extraction – collect application specific information in addition to identify applications

  Sub-port Classification – match parameters of the applications

0

500

1000

1500

NBAR1 NBAR2

Number of Applications Supported

NBAR1

NBAR2

1000+

HTTP URI

HTTP Hostname Browser Type


NBAR2 – Regular Updates

  Standard Protocol Pack –  Includes only subset of protocols –  No periodic releases and SLA

  Advanced Protocol Pack –  Includes all supported Protocols / Applications –  Periodic releases and Offers SLA

Protocol Pack

Pro

toco

l1

Pro

toco

l2

Pro

toco

ln

NBAR2

PPX (Major)

• protocols~ 10 •  updates and fixes

1M PPX.1 (Minor)

• Bug fixes • small updates

1M PPY (Major)

•  Protocols~10 •  updates and fixes

1M PPY.1 (Minor)

• Bug fixes • small updates

PP 4.1 Available

MONITORING Application Performance Reporting


What you can monitor with AVC

HTTP HTTP

Traffic Statistics

•  Application Usage per client IP/subnet/site

•  Top clients per application

Application Response

Time •  Per-application

end-to-end latency

•  Application response time & transaction time

Media Performance

•  Per-stream jitter and packet loss

•  RTP conversations

URL Visibility

•  Most visited web-site

•  Per-URL application response time


Prime Infrastructure: AVC Configuration

  Enable AVC with just ON/OFF button

 With Cisco Prime Infrastructure 2.0

For Your Reference


For Your Reference


Application Response Time

  Application response time provides insight into application behavior (network vs server bottleneck) to accelerate problem isolation

  Separate application delivery path into multiple segments   Server Network Delay (SND) approximates WAN Delay   Latency per application

Application Servers

Total Delay

Client Network

Clients

Client Network Delay (CND)

Application Delay (AD)

Network Delay (ND)

ISR/ASR/CSR

Server Network

Request

Response Server Network Delay (SND)

ISR/ASR/CSR


For Your Reference

CONTROL QoS and Performance Routing (PfR)


Maximize Application Performance with PfR

Identify 1000+ applications using NBAR2 and control bandwidth with Cisco industry leading QoS

Limit unwanted traffic and prioritize critical applications

Application-aware QoS

Deliver critical applications over the path which can meet application performance requirement using PfR

Automatic load share to maximize bandwidth use on available links

Intelligent Path Selection

Stop bittorrent and netflix. Prioritize salesforce,

oracle

Backup

WAN1

WAN2


class-map match-any bittorrent! match protocol attribute sub-category p2p-file-transfer! match protocol bittorrent-networking! match protocol dht!policy-map drop-bittorrent! class bittorrent! police 8000 conform-action drop exceed-action drop violate-action drop!interface GigabitEthernet0/0/0! service-policy input drop-bittorrent! service-policy output drop-bittorrent!

Example: Stop P2P Applications with AVC

After apply control policy

For Your Reference


Introducing Performance Routing (PfR) Application aware adaptive routing

  Full utilization of expensive WAN bandwidth   Efficient distribution of traffic based upon load, circuit cost and path preference

  Improved Application Performance   Per application best path based on delay, loss, jitter measurements

  Increased Application Availability   Protection from carrier black holes and brownouts

SP A MPLS

GETVPN

WAE Cluster

Internet DMVPN ASR1K

ASR1K

PfR MCs

Headquarter

ISR G2

SP B MPLS

GETVPN ASR1K

ASR1K

Branch

PfR BRs

PfR MC/BR

Master Controller (MC) Border Router (BR)

Email VMs

Email Path Video Path


CIN makes the biggest impact today in:

Data Center Branches Internet Edge

SiSi SiSi SiSi SiSi SiSi SiSi

SiSi SiSi

SiSi SiSi SiSi SiSi

Access

Core

Distribu6on

Distribu6on

Access


Network IT Complexity with Overlay Appliances

Firewall Internet

Internal Resources

Corporate Network

Access Router WAAS


Firewall and VPN WAN Path

Control


L2-L3 Transport

L4-L7 Application

Services

Simplify Application

Delivery

One Network UNIFIED SERVICES

Routing Redefined

Access Router

Firewall Internet

Internal Resources

Corporate Network


Firewall and VPN WAN Path

Control

Cisco’s Approach: One Network with Unified Services

WAAS

Control

Optimization

Security

Visibility

Routing


CINAT.info Solution Testbed All Information Avaialble at www.CINAT.info VLANs: 10,11,12

Data: 10.1.10.x Voice: 10.1.11.x

VLANs: 20,21,22 Data: 10.2.10.x Voice: 10.2.11.x





Wiring closet switches (2)

Floor 1 Access Switch

Branch routers (MPLS CE)

Floor 2 Access Switch

br1-r1 br2-r1

br2-r2

br3-r1

br4-r1

br4-r2

br5-r1

br6-r1

br6-r2

Data: 10.1.10.254 Voice: 10.1.11.254

VLAN

s 10

,11,

12

Data r1,r2,HSRP 10.6.10.252,253,254 Voice r1,r2,HSRP 10.6.11.252,253,254

897 1941

812

2951 +4G

2951

897

ASR1k ASR1k

ASR1k

PE Switch

172.20.10.2/30

172.20.20.2/30

172.20.60.6/30 172.20.60.2/30

MPLS P Routers

MPLS PE Routers

MPLS Service Providers (2)

PE3 VLAN 451 PRI VLAN 450 SEC

172.20.50.6/30 172.20.50.2/30

PE1

PE2

VLAN 491

DC Switch

Internet Edge

Prime Infrastructure 10.9.2.1

Microsoft Active Directory, DHCP server, DNS server 10.9.2.2 VMware

vCenter 10.9.2.90

VMware ESXi 10.9.2.91

Data Center Applications

asr-internet1 asr-internet2

ASR1k

ASR1k

173.36.254.146/27

173.36.254.147/27

DMZ GW 173.36.254.158

10.9.10.250 10.9.10.251

10.100.1.2

5508 WLC

OSPF AS 1

BGP AS 65010

BGP AS 65100

65020

65200

65090

LiveAction 10.9.2.7

CUCM 10.9.2.4

Microsoft Exchange 10.9.2.3

ISE 1.1.3

10.9.2.11

3G

4G

DSL

FlexConnect

Branch Routers (CPEs)

Internet Edge

WAN Agg (MPLS CE) vm

nic0

vmni

c1

Citrix 10.9.2.6

FlexConnect

FlexConnect

4451-X

4451-X

Micorosoft Lync 10.9.2.12

SUMMARY


Cloud Intelligent Network

Architectural approach to solving business requirements

Assess Network

readiness for Apps

Monitor SLA, App

performance

Prioritize

Business critical apps

Optimize Access to

Apps

Accelerate End user

experience

Visibility Control

Common classification, management and reporting with Cisco Prime

INTEGRATED in the Cisco ISR/ASR/CSR Routers, Catalyst Switches, Wireless Controllers, ASA Firewalls

20-22 may, 2013 dubrovnik, croatia, south east europe ... · dubrovnik, croatia, south east europe...

Documents