20-22 may, 2013 dubrovnik, croatia, south east europe ... · dubrovnik, croatia, south east europe...
TRANSCRIPT
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Connect 1 1 © 2012 Cisco and/or its affiliates. All rights reserved.
Dubrovnik, Croatia, South East Europe 20-22 May, 2013
Cloud Intelligent Network Mitko Vasilev
[email protected] CIN Lead Central Europe
Market Trends Infrastructure Requirements IT Trends
By 2015 50% of CIOs expect to operate
in the cloud
90% of organizations backhaul traffic through DC
2/3 of mobile data traffic will be video
From Packets to Apps Application Level Visibility
Intelligent Path Selection
App-level Optimization
App-level Security
LOB alignment Direct Internet Access
Private, Public and Hybrid Clouds
Webification of Applications
Sources: Gartner, Information Week, The Register/Xiotech, Enterprise Strategies Group, and FalconStor surveys, Cisco Visual Networking Index; Metzler Cloud Networking Report 2011
New Application Trends Require the Network to Evolve
© 2013 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
Critical applications prioritized
Other traffic managed / dropped
Optimal routes selected
Probe-less deployment
Wired/Wireless view of 1000+ apps
Rapid root cause analysis
Smarter use of costly bandwidth
Smarter capacity planning
Business-oriented SP offers
LOWER COST
Opportunity to Increase Business Value of the Network
£ € BGN
$ HRK
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
Prioritize the Core Business
Applications
Apps Control
Advanced reporting GUI tools report
application metrics
App Visibility & User Experience Report
Management Tool
Collect application performance
metrics, and export to management tool
Reporting Tool App Performance Info Exporting
Reporting Tools
NFv9/IPFIX
3
App BW Transaction Time
…
SAP 3M 150 ms …Sharepoint 10M 500 ms …
Identify applications using Deep Packet
Inspection
Application Discovery
What is Application Visibility and Control (AVC)
High
High
Low
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
Application Recognition in Enterprise
Access Control List (ACL)
Up to Layer 4 analysis
>1000 application signatures
Up to the application level
AVC Interact with application to go deeper into the end user flows
>1000 application signatures
Up to the application level
AVC and Metadata
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
Network Based Application Recognition (NBAR2)
More than 1000 applications support and growing
Categorization to simplify application management
In-service signature update through Protocol Pack
Field Extraction – collect application specific information in addition to identify applications
Sub-port Classification – match parameters of the applications
0
500
1000
1500
NBAR1 NBAR2
Number of Applications Supported
NBAR1
NBAR2
1000+
HTTP URI
HTTP Hostname Browser Type
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
NBAR2 – Regular Updates
Standard Protocol Pack – Includes only subset of protocols – No periodic releases and SLA
Advanced Protocol Pack – Includes all supported Protocols / Applications – Periodic releases and Offers SLA
Protocol Pack
Pro
toco
l1
Pro
toco
l2
Pro
toco
ln
NBAR2
PPX (Major)
• protocols~ 10 • updates and fixes
1M PPX.1 (Minor)
• Bug fixes • small updates
1M PPY (Major)
• Protocols~10 • updates and fixes
1M PPY.1 (Minor)
• Bug fixes • small updates
PP 4.1 Available
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
What you can monitor with AVC
HTTP HTTP
Traffic Statistics
• Application Usage per client IP/subnet/site
• Top clients per application
Application Response
Time • Per-application
end-to-end latency
• Application response time & transaction time
Media Performance
• Per-stream jitter and packet loss
• RTP conversations
URL Visibility
• Most visited web-site
• Per-URL application response time
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
Prime Infrastructure: AVC Configuration
Enable AVC with just ON/OFF button
With Cisco Prime Infrastructure 2.0
For Your Reference
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
For Your Reference
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
Application Response Time
Application response time provides insight into application behavior (network vs server bottleneck) to accelerate problem isolation
Separate application delivery path into multiple segments Server Network Delay (SND) approximates WAN Delay Latency per application
Application Servers
Total Delay
Client Network
Clients
Client Network Delay (CND)
Application Delay (AD)
Network Delay (ND)
ISR/ASR/CSR
Server Network
Request
Response Server Network Delay (SND)
ISR/ASR/CSR
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
For Your Reference
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
Maximize Application Performance with PfR
Identify 1000+ applications using NBAR2 and control bandwidth with Cisco industry leading QoS
Limit unwanted traffic and prioritize critical applications
Application-aware QoS
Deliver critical applications over the path which can meet application performance requirement using PfR
Automatic load share to maximize bandwidth use on available links
Intelligent Path Selection
Stop bittorrent and netflix. Prioritize salesforce,
oracle
Backup
WAN1
WAN2
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
class-map match-any bittorrent! match protocol attribute sub-category p2p-file-transfer! match protocol bittorrent-networking! match protocol dht!policy-map drop-bittorrent! class bittorrent! police 8000 conform-action drop exceed-action drop violate-action drop!interface GigabitEthernet0/0/0! service-policy input drop-bittorrent! service-policy output drop-bittorrent!
Example: Stop P2P Applications with AVC
After apply control policy
For Your Reference
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
Introducing Performance Routing (PfR) Application aware adaptive routing
Full utilization of expensive WAN bandwidth Efficient distribution of traffic based upon load, circuit cost and path preference
Improved Application Performance Per application best path based on delay, loss, jitter measurements
Increased Application Availability Protection from carrier black holes and brownouts
SP A MPLS
GETVPN
WAE Cluster
Internet DMVPN ASR1K
ASR1K
PfR MCs
Headquarter
ISR G2
SP B MPLS
GETVPN ASR1K
ASR1K
Branch
PfR BRs
PfR MC/BR
Master Controller (MC) Border Router (BR)
Email VMs
Email Path Video Path
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
CIN makes the biggest impact today in:
Data Center Branches Internet Edge
SiSi SiSi SiSi SiSi SiSi SiSi
SiSi SiSi
SiSi SiSi SiSi SiSi
Access
Core
Distribu6on
Distribu6on
Access
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
Network IT Complexity with Overlay Appliances
Firewall Internet
Internal Resources
Corporate Network
Access Router WAAS
Application Visibility and Control
Firewall and VPN WAN Path
Control
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
L2-L3 Transport
L4-L7 Application
Services
Simplify Application
Delivery
One Network UNIFIED SERVICES
Routing Redefined
Access Router
Firewall Internet
Internal Resources
Corporate Network
Application Visibility and Control
Firewall and VPN WAN Path
Control
Cisco’s Approach: One Network with Unified Services
WAAS
Control
Optimization
Security
Visibility
Routing
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
CINAT.info Solution Testbed All Information Avaialble at www.CINAT.info VLANs: 10,11,12
Data: 10.1.10.x Voice: 10.1.11.x
VLANs: 20,21,22 Data: 10.2.10.x Voice: 10.2.11.x
VLANs: 30,31,32 Data: 10.3.10.x Voice: 10.3.11.x
VLANs: 40,41,42 Data: 10.4.10.x Voice: 10.4.11.x
VLANs: 50,51,52 Data: 10.5.10.x Voice: 10.5.11.x
VLANs: 60,61,62 Data: 10.6.10.x Voice: 10.6.11.x
Wiring closet switches (2)
Floor 1 Access Switch
Branch routers (MPLS CE)
Floor 2 Access Switch
br1-r1 br2-r1
br2-r2
br3-r1
br4-r1
br4-r2
br5-r1
br6-r1
br6-r2
Data: 10.1.10.254 Voice: 10.1.11.254
VLAN
s 10
,11,
12
Data r1,r2,HSRP 10.6.10.252,253,254 Voice r1,r2,HSRP 10.6.11.252,253,254
897 1941
812
2951 +4G
2951
897
ASR1k ASR1k
ASR1k
PE Switch
172.20.10.2/30
172.20.20.2/30
172.20.60.6/30 172.20.60.2/30
MPLS P Routers
MPLS PE Routers
MPLS Service Providers (2)
PE3 VLAN 451 PRI VLAN 450 SEC
172.20.50.6/30 172.20.50.2/30
PE1
PE2
VLAN 491
DC Switch
Internet Edge
Prime Infrastructure 10.9.2.1
Microsoft Active Directory, DHCP server, DNS server 10.9.2.2 VMware
vCenter 10.9.2.90
VMware ESXi 10.9.2.91
Data Center Applications
asr-internet1 asr-internet2
ASR1k
ASR1k
173.36.254.146/27
173.36.254.147/27
DMZ GW 173.36.254.158
10.9.10.250 10.9.10.251
10.100.1.2
5508 WLC
OSPF AS 1
BGP AS 65010
BGP AS 65100
65020
65200
65090
LiveAction 10.9.2.7
CUCM 10.9.2.4
Microsoft Exchange 10.9.2.3
ISE 1.1.3
10.9.2.11
3G
4G
DSL
FlexConnect
Branch Routers (CPEs)
Internet Edge
WAN Agg (MPLS CE) vm
nic0
vmni
c1
Citrix 10.9.2.6
FlexConnect
FlexConnect
4451-X
4451-X
Micorosoft Lync 10.9.2.12
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Connect Cisco Public
Cloud Intelligent Network
Architectural approach to solving business requirements
Assess Network
readiness for Apps
Monitor SLA, App
performance
Prioritize
Business critical apps
Optimize Access to
Apps
Accelerate End user
experience
Visibility Control
Common classification, management and reporting with Cisco Prime
INTEGRATED in the Cisco ISR/ASR/CSR Routers, Catalyst Switches, Wireless Controllers, ASA Firewalls