application optimization and provisioning the intelligent...
TRANSCRIPT
Application Optimization and Provisioning the Intelligent WAN (IWAN)
BRKRST-2514
Bill Reilly – Technical Marketing Engineer
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
ping – OK
show ip route - OK
traceroute - OK
show interface - OK
What is
happening?
Your Internet
is slow!!
Must be the
network
End Users Application Team
Network Admin
3
© 2015 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKRST-2514
Agenda
• IWAN Application Optimization
• Leveraging Akamai Connect
• Deploying WAN Optimization
• WAN Optimization Deployment tools
• WAN Optimization and AVC tools
• Next Steps
4
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Applications Landscape Evolution
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Intelligent WAN Solution ComponentsApplication Optimization
Internet
Branch
3G/4G-LTE
AVC
MPLS
PrivateCloud
VirtualPrivateCloud
PublicCloudWAAS PfR
Application Optimization
• Application visibility with
performance monitoring
• Application
acceleration
and bandwidth
optimization
Secure Connectivity
• Certified strong encryption
• Comprehensive threat
defense
• Cloud Web Security for
secure direct Internet
access
Intelligent Path Control
• Dynamic Application best
path based on policy
• Load balancing for full
utilization of bandwidth
• Improved network
availability
TransportIndependent
• Consistent operational model
• Simple provider migrations
• Scalable and modular design
• IPsec routing overlay design
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
WAAS: Application Optimiztion
ISR AXPhysical Appliances Virtualized with UCS
10,000+ Companies Use WAAS
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Cisco WAAS: WAN Optimization Deployment
Branch Office
WAAS
Service
Module/ UCSe
Branch OfficeWAAS
Express
Branch Office
WAAS
Appliance
Regional OfficeWAAS
Appliance
Data Center or
Private CloudWAAS
Appliances
VMware ESXi
vWAAS
Appliances
Server VMs
AppNav +
WAAS
Regional OfficeWAAS-XE
on 4451
WAN
Internet
vWAAS
WAEServer
VMs
VMware ESXi Server
Nexus 1000v vPATH
UCS /x86 Server
FC SAN
Nexus 1000v VSM
Virtual Private Cloud
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Application Context Critical for High Performance
Bi-Directional
DC Client
Uni-Directional
DC Client
web
file
Client Server
VMotion
VDI
Video
Backup
How WAAS Works
10
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
WAAS Engine
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Object Versus Byte Caching
Byte caching
End-user
Data Center
WAAS
Branch
WAAS+AC
Object 1 Object 1
Data transferred over link
WAN
Symmetric deployment over WAN/MPLS
Functions at TCP layer
WAN / Internet
Object caching
End-user
Data Center
WAAS
Branch
WAAS+AC
Object 1 Object 1Data transferred
over link
Both symmetric & asymmetric deployment over WAN/MPLS & Internet
Functions at HTTP layer
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Context Aware DRE: High Performance for All Apps
DRE Content Signatures
file
web
file
web file
web
VDI
Video
Virtualization
VDI
Video
Virtualization
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Context Aware DRE: High Performance for All Apps
DRE Content Signatures
file
web
file
web file
web
Application Performance
Extensive
DRE Cacheweb file email
High
Throughput
Performance
VDI VideoVirtualization
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Application Specific OptimizersSecurity AO – SSL and EMAPI
KDC/AD/DC
Original Data – Encrypted/Signed Optimized & Encrypted/Signed Original Data – Encrypted/Signed
WAN Secure: Session
Key exchanged
One-time Windows domain configuration allows WAE to participate in Windows security.
Kerberos/GSSAPI – Microsoft Security Protocol - integration in dataPath
WAN Secure - SSL
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Citrix- Desktop Virtualization
16
WAN
Datacenter
Resources
Traditional
Desktop
Virtualized
Desktop
Branch Data
Center
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Understanding the Citrix ICA Handshake with WAASWAAS acts as a transparent, trusted Man in the Middle
Transparent insertion into
encrypted ICA/CGP
communication.
WAAS applies TCP flow
optimization to maximize bandwidth
usage and mitigate packet loss.
WAAS delivers Citrix-aware multi-user
Context-Aware Data Redundancy that
removes redundant data from across all
end user connections.
WAAS applies inline compression
algorithm over the optimized data,
maximizing savings
Optimized NormalNormal
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Application Optimization - Citrix
Cisco WAAS offers WAN Performance at Scale
Response Time
Seco
nd
s (
s)
70%
faster
Up to 70% Faster
Kb
ps
Up to 2X+ More Users
Bandwidth Consumption
0
5
10
15
20
25
30
LAN WAN
HD Quality
Pixelated
Choppy
Out of Sync
HD Experience
Video Quality
Fra
me
s p
er
se
co
nd
Before Cisco WAAS
After Cisco WAAS
80ms 1.5Mbps WAN
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Bandwidth Reduction
0
5
10
15
20
25
30
35
40
45
50
0:50 0:53 0:56 0:59 1:02 1:05 1:08 1:11 1:14 1:17 1:20 1:23 1:26 1:29 1:32
MMR Video: 90% Bandwidth Reduction
Original (MB) Optimized (MB)
Overall Bandwidth
Consumption.: 20 MB
Overall Bandwidth
Consumption.: 1.75 MB
(After WAAS Optimization)
Akamai Connect
20
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
ISR-AX with
Akamai Connect
ASR1000-AX
Transport
Independent
Provider Flexibility
Modular Design
Common Operational Model
Load Balancing
Policy-Based Path Selection
Network Availability
Application Visibility
App Acceleration with Akamai Connect
Bandwidth Reduction
Scalable, Strong Encryption
App-Aware Threat Defense
Cloud Web Security
Intelligent
Path Control
Application
Optimization
Secure
Connectivity
Private
3G/4G-LTE
Internet
MPLS Public
VirtualPrivate Cloud
Akamai Connect Turbo Charges Cisco IWAN SolutionProvides Application Optimization Pervasively Across the WAN Fabric
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
App Performance Impacts Business Productivity
REVENUE LOSS
Source: Walmart Source: Akamai
EMPLOYEE PRODUCTIVITY
Load Time Abandonment Rate
0 142 4 6 8 10 12
0
5
15
20
25
30
Abandonm
ent
Rate
(sec)
>150-1 3-4 7-8 11-12
Page Load Time (sec)
Population % Conversion Rate
Page Load Time (sec)
iPhone
Employee Experience
Source: Aberdeen Group
Decreased employee satisfaction
58%
Lost Revenue opportunity
50%
Decreased responsiveness to needs
47%
Damage to brand reputation
32%
Decreased effectiveness of IT staff
31%
Slower Pages Low Conversion RateEmployee
Experience
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Cisco and AkamaiBringing Together Next Generation Optimization
Networking Leader
Leverage existing Cisco routers
All-in-one solution: Application Services, WAN Optimization, VPN, Firewall and Web Security
Cloud Services Leader
Global Delivery Platform (150,000 servers)
Industry-leading in Web Acceleration, Content Delivery, Internet Traffic Engineering
Cisco IWAN
with Akamai
Better Together:
Complementary Platforms, Technology and Expertise
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Akamai Intelligent Platform
Extending Akamai to the Branch with Akamai Connect
Akamai Intelligence Inside the Cisco ISR-AX
COMPLETING THE LAST MILE
Data CenterBranch
Optimal Experience Regardless of Device, Connectivity or CloudAll HTTP Traffic in Private, Public, Akamai Cloud
Prepositioning | Dynamic HTTP Caching (YouTube) | Any Transport
WAN/MPLS
Internet
ISR-AX
Akamai
Connect
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Now SupportsAkamai Cloud | Single-sided Optimization | Secure Direct Internet Access
Building On Cisco WAAS SolutionEdge Caching Enhances the User Experience
AKAMAI CONNECTWorld’s Best Optimization Solution for HTTP Traffic
AKAMAI CACHING AND ACCELERATION
Transparent HTTP
Caching
Dynamic URL OTT
HTTP Caching
Akamai
Connected Cache
Content
Pre-positioning
CISCO WAAS
LZ Compression
TCP Optimization
Data De-duplication
Application Specific Acceleration
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Object Versus Byte Caching – 1st Pass
Byte caching
End-user
Data Center
WAAS
Branch
WAAS+AC
Object 1 Object 1
Data transferred over link
WAN
Symmetric deployment over WAN/MPLS
Functions at TCP layer
WAN / Internet
Object caching
End-user
Data Center
WAAS
Branch
WAAS+AC
Object 1 Object 1Data transferred
over link
Both symmetric & asymmetric deployment over WAN/MPLS & Internet
Functions at HTTP layer
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Object Versus Byte Caching – 2nd Pass
Byte caching
End-user
Data Center
WAAS
Branch
WAAS+AC
Object 1 Object 1Data transferred over link
WAN
Symmetric deployment over WAN/MPLS
Functions at TCP layer
WAN / Internet
Object caching
End-user
Data Center
WAAS
Branch
WAAS+AC
Object 1
No data transferred over link
Both symmetric & asymmetric deployment over WAN/MPLS & Internet
Functions at HTTP layer
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Data CenterBranch
CISCO CISCO
WAN/MPLS
Akamai Connect Edge Caching–Use Cases
Internet
Akamai Intelligent Platform
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Data CenterBranch
CISCO
Mobile Assisted Selling:Intranet Content Cache
CISCO
WAN/MPLS
Akamai Connect Edge Caching–Use Cases
Internet
Akamai Intelligent Platform
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Data CenterBranch
CISCO CISCO
Omni Channel: Akamai Content
Connected Cache (CC)
WAN/MPLS
Akamai Connect Edge Caching–Use Cases
Internet
Akamai Intelligent Platform
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Data CenterBranch
CISCO CISCO
Guest WiFi: Generic InternetContent Cache
WAN/MPLS
Akamai Connect Edge Caching–Use Cases
Internet
Akamai Intelligent Platform
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Data CenterBranch
CISCO CISCO
Training: Dynamic URL Cache –YouTube over HTTPS
WAN/MPLS
Akamai Connect Edge Caching–Use Cases
Internet
Akamai Intelligent Platform
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Cache POS data at the branch
Reduce Round Trip Time
Reduce Latency
Reduce network congestion
Pre-position content
WAN optimization with WAAS
Intranet Applications — Transparent Cache
“Intranet”, HTTP/S
Web Content, POS data,
Image files, Retail Catalog
Branch User
Data Center WAAS
SSL Handling, Transport Optimization, Deduplication
and Application Optimization provided by WAAS
Transparent
Caching
WAN bandwidth is expensive
Users want instant response
Multiple Omni-Channel apps
Businesses moving to rich media experiences
Akamai Connect SolutionNetwork Challenges
Any IP Network
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Generic Internet Content — Transparent Caching
Generic HTTP Web Content Transparent
Caching
Akamai Connect SolutionNetwork Challenges
Internet
Branch User
Cache popular web content
Reduce network congestion
Better WiFi experience
Generic and specific caching rules at the branch
Guest WiFi constrains bandwidth from critical applications
Large file downloads
Comparison shopping
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Authentication to Akamai
Intelligent Platform
Akamaized Content — Akamai Connected Cache
Extranet
HTTP Akamaized Web
Content
Akamai Connected
Cache
Akamai Connect SolutionNetwork Challenges
Branch User
Akamai Intelligent Platform
Inherit Akamai Edge Server caching rules inside the branch to cache content other caching solutions can not
Utilizes the breadth and scale of the Akamai Intelligent Platform
Automatically takes advantages of changes in the Akamai Intelligent Platform – Akamai caching rules
Customer’s own content already cached in the Akamai Intelligent Platform
Last mile access may still be an issue
Users access their own and 3rd party Akamaizedcontent from the branch
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Akamai Connected Cache
100ms200ms
125ms
15ms
10ms
HTTP Akamaized Web Content
Internet
Branch/DC
Akamaized Content has special caching rules
Greatly improves page loading performance
General Internet content is not cached in cloud platform
Benefit today ends at nearest edge server to datacenter or directly connected user
Edge Caching — Cloud Platform
With Akamai Connect caching no longer ends at nearest edge server and extends to the Branch/ DC
Akamai Connect uses an authenticated Akamai service to automatically get up to date caching rules
Edge Caching — Akamai Connect
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Cache POS data at the branch
Schedule WAAS device to access list of URLs during non business hours
Allows first access to be LAN speed
Keeps digital displays updated automatically without consuming bandwidth during business hours
Off Peak Hour Cache Warming — Prepositioning
Branch User Transparent
Caching
“Intranet”,
HTTP Content
Data Center
WAAS
Access common high resolution video files at start of normal business hours
Common websites accessed at start of work day
Digital product catalogue displays need to be updated
Akamai Connect SolutionNetwork Challenges
Any IP
Network
Generic HTTP
Web Content
Internet
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Prepositioning and Warming
Cache Prepositioning and Warming
Cache prepositioning is a scheduled pre-fetch of
content from a URL
You specify the depth of the link level that
content is retrieved from
You can exclude different object types
Ability to limit bandwidth consumed by the task
It caches based on existing caching rules
Status report for all devices assigned to the task
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
WAAS & Akamai Cache Integration Model
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
WAAS and Cache Engine Integration
CE
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
WAAS and Cache Engine Integration
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
CE Process Model
• CE uses an asynchronous thread execution model that relies on WAAS for thread creation, management, and dynamic resource allocation and access.
• CE Processes:
• appme - configuration and management
• gatekpd –AMG communication,
• authentication, and configurationtraffic_server –cache processing
• apprep –reporting
• applog –logging component
n threads per core
Asy
nchr
onou
s ev
ent p
roce
ssor
Asy
nchr
onou
s ev
ent p
roce
ssor
Asy
nchr
onou
s ev
ent p
roce
ssor
...
m threads per disk
Dis
k I/O
thre
ad
Dis
k I/O
thre
ad
Dis
k I/O
thre
ad
...
Vario
us "a
dmin
" thr
eads
Acc
ept t
hrea
ds (p
er p
ort)
Logg
ing
thre
ads
~10 threads
Shared Resources
RAM cache Disk cacheStats, logs
etc.
Reloadable
Configs
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Data Path
Single-sided Optimization Dual-sided Optimization
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Cache-Control HTTP Response Header Refresher
• max-age: number of seconds (Time-To-Live, TTL) that an object is considered to be fresh
• must-revalidate: indicates the freshness directive must be obeyed and stale object cannot be served from an intermediate source
• no-cache: that the object must be returned directly from the origin server to the client and cannot be cached by an intermediary
• no-store: that the object cannot be stored in a cache at any time
• private: directs that the content can only be stored by the cache associated with the client that makes the request, typically the browser’s cache
• proxy-revalidate: is identical to the must-revalidate header, but applied to proxy caches
• public: indicates that this is an authenticated response and that it can be cached
• s-maxage: the number of seconds that shared content used by proxies can be considered to be fresh
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
• TCP address headers don’t change
• Connection headers can change
• Mode Settings (Conservative (default),
Standard, Aggressive, No-cache)
Transparent Object Caching (OC)
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Transparent, Connected & Dynamic URL Object Caching
Cache & deliver content in-branch
• Intranet Web apps/content
• Akamai Platform Web apps/content
• Generic Internet apps/content
Four caching policies supported
• Basic – only caches objects marked explicitly as cacheable
• Standard – also caches objects with no explicit cache marker that include a last modified date
• Advanced – caches objects more aggressively for longer & GZIPs text files e.g. JS, CSS, etc.
• Bypass – turns off caching
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Connected Cache (CC)
Edge ServerBranch User
Akamai Network
AMG
Shared Secrets to CDN
Shared Secrets To Appliance Through AMG
CCAuthenticated
Request / Response
ExtranetHTTP Akamaized Web
ContentAkamai Grid Network
CE
Deploying WAN Optimization - AppNav
48
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Interception, Redirection, Flow DistributionOperational Step ChallengeGather info about all branch subnets Info not available & subject to changeMake determination about branch grouping Traffic patterns/volumes difficult to predictIdentify mask for connection distribution Complex and not always accurate
Identify asymmetric apps and flows NW admin does not control app deploymentPost-maintenance WAEs brought up in specific order Increases costs & likelihood of error
Deploying a new branch or device for scale Redo WCCP mask planning
0.0/24
:00001.0/24
:0001
2.0/24
:00103.0/24
:0011
4.0/24
:01005.0/24
:0101
6.0/24
:01107.0/24
:0111
WAE #1
:0000
:0001
WAE #2
:0010
:0011
WAE #3
:0100
:0101
WAE #4
:0110
:0111
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
1
23
4
SIP:10.10.01.01 DIP: 11.11.11.11
1
2
3
4Mask based flow Distribution
Mask based flow distribution is complex
Branch subnet awareness
Sub-optimal HA
Operational complexity
10.10.01.01
11.11.11.11
Mask: 00:00:03:00
Mask Value Result
00:00:03:00 00:00:00:00 WAE-1
00:00:03:00 00:00:01:00 WAE-2
00:00:03:00 00:00:02:00 WAE-3
00:00:03:00 00:00:03:00 WAE-4
TCAM Entries
4’
2’
3’
Cache
Relationship
Pre-AppNAv Deployment Challenges
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
AppNav Functionality
Data Center
Pre-5.x
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
AppNav Functionality
Data Center
Interception
Pre-5.x
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
AppNav Functionality
Data Center
Interception
Redirection
Pre-5.x
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
AppNav Functionality
Data Center
Interception
Lo
ad
Dis
trib
uti
on
Redirection
Pre-5.x
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
AppNav Functionality
Data Center
Interception
Lo
ad
Dis
trib
uti
onOptimization
Redirection
Pre-5.x
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
AppNav Functionality
Data Center
Interception
Lo
ad
Dis
trib
uti
onOptimization
Redirection
Asymmetric Traffic and H.A.
Pre-5.x
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Data Center
AppNav Functionality
Data Center
AppNav Cluster
Pre-5.x 5.x
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Intelligent Flow Distribution
Site A
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Intelligent Flow Distribution
Site A
• Site Affinity
• Identified via branch WAE id or Site IP subnet.
• Reserve optimization capacity for critical sites.
• Improve compression performance through DRE.
Site A
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Intelligent Flow Distribution
Site A
• Site Affinity
• Identified via branch WAE id or Site IP subnet.
• Reserve optimization capacity for critical sites.
• Improve compression performance through DRE.
• Application Affinity
• Identified via source/destination IP addresses and ports.
• Reserve optimization capacity for applications.
• Consolidate application-specific optimization options.
HTTP and SSL
Site A
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Intelligent Flow Distribution
Site A
• Site Affinity
• Identified via branch WAE id or Site IP subnet.
• Reserve optimization capacity for critical sites.
• Improve compression performance through DRE.
• Application Affinity
• Identified via source/destination IP addresses and ports.
• Reserve optimization capacity for applications.
• Consolidate application-specific optimization options.
• Site + Application (Combination)
HTTP and SSL MAPI and all
other Sites
Site A
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Intelligent Flow Distribution
Site A
• Site Affinity
• Identified via branch WAE id or Site IP subnet.
• Reserve optimization capacity for critical sites.
• Improve compression performance through DRE.
• Application Affinity
• Identified via source/destination IP addresses and ports.
• Reserve optimization capacity for applications.
• Consolidate application-specific optimization options.
• Site + Application (Combination)
HTTP and SSL MAPI and all
other Sites
Site A
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Deployment Options – Off-Path
All interfaces are have both
interception and distribution role
WAN
SCG SNG
Same VLAN
Simple WCCP required
here to distribute flows to
Service Controllers
Port-channeling and 802.1q
trunking supported
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Deployment Options - Inline
WAN
SCG
SNG
SN VLAN
Bridge groups required for interception
• No BVI
• No Fail-to-wire
• Port-channeling and 802.1q trunking
supported
• VLAN-filtering for passthrough
Control plane traffic
(SC-SC and SC-SN)
uses same distribution
interfaces
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
SC Architecture – Control Plane
Interception
Asymmetric
Traffic and H.A.
Cluster Membership
ManagerImplements the Cluster
Control Protocol that groups
the SCs and SNs.
Policy Manager Manages flow distribution
policies in the system
Flow Distribution
ManagerUses flow distribution policy
and dynamic load conditions
on SNs to update data plane
Redirection
Load Distribution
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
SC Architecture – Data Plane
Ingress Flows are checked against flow table. Active flows are passed to owner SN .
New flows are assigned an SN based on dynamic policy information and recorded in flow table.
Flows not requiring processing by an SN are passed through directly saving load on the SN
SC learns and syncs flow table with other SC(s).
I
N
G
R
E
S
S
Flow
LookupE
G
R
E
S
S
Flow
Classify
AssignSN or
Passthru
Pkt
EgressNew
Pass-through
Current Flow
State Sync
SN Return
Cluster
Membership
Manager
Policy
Manager
Flow
Distribution
Manager
Control Plane
Data Plane (AppNav NIC)
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
SC Architecture – A Comprehensive View
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
A Day In The Life Of A FlowTo Branches
To servers
SC-1 SC-2
SN-1 SN-2
• SC receives a TCP SYN packet, called green flow, from
one of the branches containing a WAAS device.
SN1
• The SE classifies green flow and a pending entry is
made into the flow database selecting SN-1.
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
A Day In The Life Of A FlowTo Branches
To servers
SC-1 SC-2
SN-1 SN-2
• SC receives a TCP SYN packet, called green flow, from
one of the branches containing a WAAS device.
SN1
• The SE classifies green flow and a pending entry is
made into the flow database selecting SN-1.
• The frame is encapsulated and is transmitted to SN-1.
SN-1 processes the frame and returns an indication the
green flow should continue to be intercepted.
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
A Day In The Life Of A FlowTo Branches
To servers
SC-1 SC-2
SN-1 SN-2
• SC receives a TCP SYN packet, called green flow, from
one of the branches containing a WAAS device.
SN1
• The SE classifies green flow and a pending entry is
made into the flow database selecting SN-1.
• The frame is encapsulated and is transmitted to SN-1.
SN-1 processes the frame and returns an indication the
green flow should continue to be intercepted.SN1
• The other SC(s) are updated with the flow information
and the frame is transmitted to destination.
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
A Day In The Life Of A FlowTo Branches
To servers
SC-1 SC-2
SN-1 SN-2
• SC receives a TCP SYN packet, called green flow, from
one of the branches containing a WAAS device.
SN1
• The SE classifies green flow and a pending entry is
made into the flow database selecting SN-1.
• The frame is encapsulated and is transmitted to SN-1.
SN-1 processes the frame and returns an indication the
green flow should continue to be intercepted.SN1
• The other SC(s) are updated with the flow information
and the frame is transmitted to destination.
• A TCP SYN-ACK frame is returned from the destination
device and in this example goes to SC-1. SC-1 checks
database, finds flow and sends the response frame to
SN-1.
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
A Day In The Life Of A FlowTo Branches
To servers
SC-1 SC-2
SN-1 SN-2
• SC receives a TCP SYN packet, called green flow, from
one of the branches containing a WAAS device.
SN1
• The SE classifies green flow and a pending entry is
made into the flow database selecting SN-1.
• The frame is encapsulated and is transmitted to SN-1.
SN-1 processes the frame and returns an indication the
green flow should continue to be intercepted.SN1
• The other SC(s) are updated with the flow information
and the frame is transmitted to destination.
• A TCP SYN-ACK frame is returned from the destination
device and in this example goes to SC-1. SC-1 checks
database, finds flow and sends the response frame to
SN-1.
• SN-1 processes the frame and returns it to SN-1 which
in turn forwards the frame to the destination device.
Deploying AppNav
73
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
AppNav Tools in the WAAS Central Manager
74
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
AppNav Workflow Options
75
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Configuring Flow Distribution Policies
– Class maps: Identify traffic according to one or more match condition, based on. Peer device ID.
3-tuple of source IP, destination IP, and destination port.
– Policy maps: Define actions for classified flows: Specify a primary SNG.
Specify a backup SNG.
Monitor the load of associated SN.
Specify a nested policy map
– Service context: Activates policy maps for a given SNG and SNGs.
Classify Traffic
Class Map
Define Actions
Policy Map
Activate Policy
Service Context
Deploying Akamai Connect
77
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Seamless ManagementAkamai Connect Delivered through WAAS Central Manager
Easy Scheduling for content pre-positioning
Visualization and Reporting using WAAS Central Manger
One Click Enablement
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
First Time Activation Scenario
1. In the WCM go to Akamai Connect
page and check the Enable check box
2. Accept the EULA
3. Enter the Akamai Connect license file
4. Click the Submit button
Configuration Process
Change Settings Scenario
1. On the Cache Settings page change
the options you desire:
Select a transparent caching mode, turn the CC
or OTT on/off, and/or define host rules
If enabling the CC then Akamai API client
credentials check is done
2. Click on the Submit button to apply your cache
settings to a device or device group
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
DONE!
Credentials Verified!
Intelligent default settings applied
View status of all devices in 1 screen
User Uploads Entitlement Key Emailed at Order Fulfillment and
clicks Submit
Enable Akamai Connect
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Site Specific Caching Policy Rules
CE turns on with transparent caching in Standard mode enabled as default
Over-the-Top caching is site specific; only YouTube.com is supported today
To enable transparent caching fora single site only:
Change Default Cache Policy to Bypass; then create a hostname rule with the caching type you want
Enabling Connected Cache will enable itfor all suitable Akamaized content
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Cache Statistics
Hits
Bar graph is absolute cache hit count for the
specified interval
Line graph represents % of total objects
requested that resulted in a cache hit for the
specified interval
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Cache Statistics
Bandwidth Savings
Bar graph is absolute byte count for data served
out of cache for the specified interval
Line graph represents % of total bytes requested
that were served out of the cache for the
specified interval
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Throughput Summary
The Throughput Summary displays throughput of
the Web traffic on the WAAS device
There is a link to toggle between LAN to WAN
(upload) direction, and WAN to LAN (download)
direction
Each chart shows the original throughput (actual
throughput observed by the endpoints – LAN
side), as contrasted to the optimized throughput
(after Akamai Connect optimization –WAN side)
A user can edit the view to include custom
applications in addition to the default Web
WAN Optimization with AVC tools
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
WAN
http://sharepoint.
cisco.com
Client-side
Un-optimized
(Segment 1)
Server-side
Optimized
(Segment 2)
Client-side
Optimized
(Segment 4)
Servers-side
Un-optimized
(Segment 8)
Pass-through
(Segment 16)
No WAAS
(Segment 0)
Optimized
Connection
Pass-thru &
Non-optimized
Connection
Client LAN WAN Server LAN
WAAS Segment
86
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
WAN Optimization Multi-segment Analysis
87
WA
N
Client LAN WAN Server LAN
Client HTTP Server
Collect from client segment
(unoptimized)
Collect from WAN segment
(optimized)Collect from server segment
(unoptimized)
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Monitor WAN Optimization Performance
88
• Multi-segment network latency
• LAN vs WAN traffic and Compression
• Response Time
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
ART
PA Monitoring & Export without WAASOverview
• Without WAAS, there is only one TCP segment seen by the router
• Segment ID of 0 indicates no WAAS
• Segment ID of 16 indicates pass-through
Segment
ID
Src IP Dst IP Dst Port Protocol
Type
Resp
Time
…
0 or 16 1.1.1.1 2.2.2.2 80 6 (TCP) 100
Keyed Field Non-keyed Field
HTTP Server
(IP=2.2.2.2)
Client
(IP=1.1.1.1) WA
N
TCP Connection
89
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
PA Monitoring & Export with WAAS ExpressOverview
• With WAAS Express, ART monitors both Un-optimized and Optimized segments
• Each device (branch and headend) exports two records per TCP connection
ARTUnoptimized
Keyed Field Non-keyed Field
HTTP Server
(IP=2.2.2.2)
Client
(IP=1.1.1.1) WAN
TCP ConnectionWAAS
Exp.ART
OptimizedTCP Connection
Segment
ID
Src IP Dst IP Dst Port Protocol
Type
Resp
Time
…
1 1.1.1.1 2.2.2.2 80 6 (TCP) 10
2 1.1.1.1 2.2.2.2 80 6 (TCP) 100
• With WAAS, a TCP connection between client and server is split into 3 TCP connections
90
Next Steps
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Call to Action
92
• Find out what is going on in your network
• Reach out to you own help desk teams
• Visit the Cisco Campus at the World of Solutions
• Get hands-on experience attending LTRCRS-2005
• Schedule 1 to 1 meeting with one of Cisco’s engineersat the Meet the Engineer center
• Follow me on Twitter @ReillyBill and my IWAN blog @ http://blogs.cisco.com
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
AVC – One Network, Simplify Application Delivery
93
Response Time
Network Latency
Traffic Volume
Transaction Time
Application Server Delay
Your
Internet is
so slow I
cannot get
any work
done today
It’s Time to
accelerate our
WAN
End Users
Network
Admin
ISR-AX
ASR1000-AX
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Call to Action
• Visit the World of Solutions for
– Cisco Campus
– Walk in Labs
– Technical Solution Clinics
• Meet the Engineer
• Lunch time Table Topics
• DevNet zone related labs and sessions
• Recommended Reading: for reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2015
94
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
Complete Your Online Session Evaluation
• Please complete your online sessionevaluations after each session.Complete 4 session evaluations& the Overall Conference Evaluation(available from Thursday)to receive your Cisco Live T-shirt.
• All surveys can be completed viathe Cisco Live Mobile App or theCommunication Stations
95
© 2015 Cisco and/or its affiliates. All rights reserved.BRKRST-2514 Cisco Public
IPv6-only Experimental SSID (with NAT64)
96
SSID: IPV6ONLYEXP
PASS: iknowbesteffort
Questions/support: @ayourtch
Hashtag: #IPV6ONLYEXP
SLA: it’s in the password
Addressing: SLAAC + stateless DHCPv6
Offsite NAT64 (Thanks to Go6 Institute)