cisco wide area application services (waas) … · cisco wide area application services (waas) ......

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1

Cisco Wide Area Application Services (WAAS)

Christian Bock, Systems Engineer

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

LAN

Switch Server LAN

switch Client WAN

Round Trip Time ~ 10’s – 100’s ms


75%

99% 50% 20%

90%

80%

95%

90%

85%

99%

File Sharing

Protocols Applications Typical Reduction Maximum Reduction

Response-Time Reduction

Email

Web Apps

Software Distribution

Enterprise Application

Backup Apps

Data Replication

CIFS NFS

Exchange OWA

Lotus Notes

HTTP HTTPS

System Center Config. Manager

Microsoft Oracle, SAP

Documentum

System Center Data Protection Manager

Legato, Veritas

NetApp SnapMirror Data Domain, Double Take,

Veritas Vol Replicator

VDI Microsoft RDP

Citrix ICA VMWare View RDP

90% Video Live Video

Video on Demand


Platform Management and Services

Cisco WAAS Operating System

Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery

Configuration

Management

System

(CMS)

SMB2/

CIFS

AO

TCP Proxy with Scheduler Optimizer (SO)

DRE, LZ, TFO

eMAPI

AO

HTTP

AO

SSL

AO

Video

AO

WoW

Virtual

Blade

# 2

Virtual

Blade

# 3

NFS

AO

Disk Storage (Cache, VB storage etc.) I/O

Multiple, Independent Processes Fault Isolation and Containment

Linux Kernel KVM

ICA

AO


Standard TCP

Time (RTT) Slow Start Congestion Avoidance

cwnd

1 2

3

WAAS TFO

Cisco

WAAS TFO

Standard

TCP

Bandwidth Utilization

Time (RTT)

1

2 3


Synchronized

Compression

History

DRE

LZ LZ

DRE

WAN

Solutions

Data Redundancy Elimination (DRE)

Persistent LZ compression

Benefits

• New innovative context - aware

DRE

• Up to 100:1 compression

• Session-based compression

• Up to an additional 10:1 compression

even after DRE

http://images.google.com/imgres?imgurl=http://withcoupon.com/images/envelope.gif&imgrefurl=http://www.withcoupon.com/gettingstarted.cfm&h=149&w=150&sz=7&tbnid=qmH44IwYmq9HNM:&tbnh=89&tbnw=90&hl=en&start=12&prev=/images?q=email+envelope&svnum=10&hl=en&lr=

http://images.google.com/imgres?imgurl=http://withcoupon.com/images/envelope.gif&imgrefurl=http://www.withcoupon.com/gettingstarted.cfm&h=149&w=150&sz=7&tbnid=qmH44IwYmq9HNM:&tbnh=89&tbnw=90&hl=en&start=12&prev=/images?q=email+envelope&svnum=10&hl=en&lr=


Today Emerging

HTTP

MAPI CIFS

HTTPS

VDI

Streaming Video

Pre-positioned content

Traffic Flow

Cloud apps

Uni- Directional

Balanced

Applications

Systems Implications: Mix of Applications - SLA’s

Latency & Jitter

End to End QoS

Transparency

Balanced & uni-directional traffic

Signatures (in memory)

BranchN Signatures

Branch2 Signatures

Branch1 Signatures

Data Store (disk)

zip doc JPG ZIP JPG

Local Object Cache

File pre-positioning Ideal for high latency/low bandwidth

Application Aware Cache Manager

• Per branch signature fault isolation avoids branch starvation lowest data store access latency

• Adaptive DRE memory manager improved cache utilization increased throughput reduced latency

Adaptive DRE Cache

Uni-Directional mode - only written to destination cache

Bi-Directional mode- written to both caches

Unified Data Store- Single store for all peers


Full application support

Asynchronous Writes

Read Ahead

Messages Decompression-

DRE hints

EndPoint Mapper

MAPI Application Optimizer

WAN Client

SERVER

File and Metadata caching

Read-ahead

Message pipelining

Scheduled preposition to pre-populate

Transparent integration

Dedicated CIFS cache

CIFS Application Optimizer

WAN

CACHE

Files

FILE.DOC


Exchange Server

Active Directory

Controller

(Kerberos KDC)

Core WAAS Branch WAAS

Outlook Client

WAN

Encrypted MAPI

Request

Securely transfer key

to remote branch.

Temporary keys allow

access to

Encrypt/Read/Sign Data

Application Data:

Encrypted

Authentication:

Kerberos

Application Data:

Optimized, Encrypted

Authentication:

Kerberos

Application Data:

Encrypted

Authentication:

Kerberos

WAN-Secure


Fast Connection Reuse

Proxy Connect to SSL Servers

Local HTTP responses through

Metadata cache

Content-aware optimization

DRE hints

Server compression offload

HTTP Application Optimizer

WAN

Connect (SYN, SYN-ACK, ACK)

HTTP Request

HTTP Response

Connect

HTTP Request

HTTP Response

WAN

Send “session key”

SSL Session Core WAE to Server

- Core WAE: Server Private Key SSL Session Client to Core WAE (WAAS)

Edge WAE Core WAE

Transparent

Secure Channel

Original Data - Encrypted Optimized & Encrypted Original Data - Encrypted

SSL Handshake SSL Handshake Client Server

SSL Application Optimizer


WAN Conn Cache

Reuse WAN Connection

Mitigate

Latency

Local

TCP Handshake Response

Advanced HTTP Parser

Cache HTTP Meta Data

Mitigate

Latency

Local HTTP

Freshness Response

Local HTTP

Redirect Response

Local HTTP Auth-

needed Response

Send DRE Hints

Mitigate Latency

DRE Flush

Stream

Improve

Performance

DRE Skip

Bytes

DRE Skip LZ

Modify Compression

Directive

Improve Perf.

Offload Server

Disables Server Com-

pression


• Seamless interoperability with existing Citrix infrastructure

• Requires no changes to XenDesktop or XenApp configuration

Branch Clients

WAN

Cisco WAAS Cisco WAAS

HTTP/HTTPS ✓

✓

✓


Branch Office

WAAS

Service

Module WAN

Internet

Branch Office

WAAS

Express

Branch Office

WAAS

Appliance

Regional Office

WAAS

Appliance

WAAS

Mobile

Server VPN

vWAAS

WAE

Server

VMs

VMware ESXi Server

Nexus 1000v vPATH

UCS /x86 Server

FC SAN

Nexus 1000v VSM

Virtual Private

Cloud

Data Center or

Private Cloud WAAS

Appliances

VPN

VMware ESXi vWAAS

Appliances

Server VMs

AppNav

+ WAAS


Virtual WAAS

• Application acceleration from

Private/Virtual Private Cloud

• VMWare ESX/ESXi and UCS

deployments

• Agile, elastic, multi-tenant deployment

• vCM: common virtualized management

for physical/virtual WAAS

WAAS Appliance

• Application acceleration

• Virtual blades in branch offices

• Scalable platforms for range of

deployments

• Virtualize WAN optimization

resources into pools of elastic

resources

• Deployed in-path or Out of path to

scale up to 8 AppNav modules &

32 WAAS or vWAAS Appliances.

AppNav

• Integrated ISR G2

• On-demand IOS-based

• Bandwidth optimization

• Inline IOS features (Security, QoS)

• Small footprint, Cost-effective, Single CLI

WAAS Express

• Integrated ISR G2

• Application Acceleration

• Software on-demand provisioning

• No fork lift upgrade

WAAS Service Ready Engine


Data Center Head End, Regional Hub

Large Branch, Regional Office

Low Density Branch Retail Office

Tele Worker Regional Office,

Commercial Head

End

Large Enterprise /SP DC & High Performance DC-DC

WAAS

Appliances

WAAS ISR

Modules

WAAS

Express

vWAAS

SM-SRE-710 SM-SRE-910

890 29xx 39xx 1941/2901

Branch Config DC/Cloud Configs

WAVE-8541 WAVE-7541 WAVE-7571

WAVE-294 WAVE-594 WAVE-694


WAN

SrcIP 1.1.1.1

DstIP 2.2.2.2

SrcPort 1434

DstPort 80 Application Data

SrcIP 1.1.1.1

DstIP 2.2.2.2

SrcPort 1434

DstPort 80 Optimized

Data

Cisco Wide Area Application Services

Application Optimizers

Advanced Compression

Transport Optimization


WAE1 WAE2

WCCPv2

or PBR

WCCPv2

or PBR

A:B TCP SYN A:B TCP SYN

(marked)

A:B TCP SYN

(marked)

I know WAE1 is

in the path, let’s

accelerate!

Need to accelerate

this connection!

Here are my details

B:A TCP SYN/ACK

Acknowledge

Acceleration!

Here are my details

ACCELERATION

CONFIRMED!

B:A TCP SYN/ACK

(marked)

B:A TCP SYN/ACK

A B WAN


Security

- Stateful Inspection

- Firewall Policies

- Signature Matching

Control

- Classification

- Drop or Mark

- Policing

Visibility

- NetFlow

Intercept

- Inline

- WCCP

- IOS packet flow

Optimize

- Specific Application

Acceleration

- Compression

- Flow Optimization

Secure

- Disk Encryption

- Firewall Compliance

Routing

- Static

- Dynamic

- Optimized

Security

- Stateful Inspection

- Firewall Policies

- Link Encryption

Control

- Shaping

Visibility

- NetFlow

WAN

Egress

Security,

Control, and

Visibility

Route

Selection

Intercept

and

Optimize

Ingress

Security,

Control, and

Visibility

LAN


Remote

Office

WAN

WCCPv2 • Active/active clustering up to 32

devices

• Automatic load-balancing

• Load redistribution

• Fail-over

• Fail-through operation

• Near-linear scalability & performance

Data Center

WAN

Inline Plug-and-Play

• No network changes • Mechanical fail-to-wire

Scalability and High Availability • Up to 2 • Redundant network paths & asymmetry • Load-sharing and fail-over

Transparent Integration • Transparency and auto discovery • 802.1q VLAN trunking • All WAE appliances • Interception access list


WAN

Exchange WEB Apps

Business Unit2 Business Unit1

WAN optimization Pools

vWAAS

WAVE WAE

vWAAS

AppNav IO Module

• Virtualizes up to 32 WAVE

instances

• Scales to ~1M connections

WAVE Appliance


InPath

WAN WAN

OffPath

GRE

Encapsulated GRE

Encapsulated


VMware ESXi Server

Nexus 1000V vPATH

VMware ESXi Server

Nexus 1000V vPATH

Web

Server DB

Server vWAAS

Web

Server App

Server vCM Web

Server

Non Opt Port-Profile

vWAAS Port-Profile

Optimize Port-Profile


Extend Cisco WAAS product portfolio across ISR G2s

Cisco WAAS Express

Cisco WAAS

Data Center

Branch Office

WAN QoS

VPN

NAT

ACL

FW

NetFlow

WAAS Express

WAAS Central

Manager

IOS 15.2(3)T

Available

Now!

IOS Forwarding Path

CEF Interception and reinsertion

Compression (LZ) TCP Flow

Optimizations (TFO)

Data Redundancy Elimination (DRE)

TCP Proxy

Network Integration

L4: Throughput Optimization

Un

ified

Ma

nag

em

en

t

Policy Engine

Select Application Acceleration


WAN

Remote

Office

Data

Center

Remote

Office

WAAS

Appliance

WAAS

Appliance

V

B

1

V

B

2

V

B

3

V

B

1

V

B

2

V

B

3

WAAS

Appliances

• Joint architecture development

• Joint customer support


Server

Client

Central Manager

Cisco NAM VB in

DC WAAS

No optimization

Optimization Enabled


• NAM extends visibility to remote sites with PA

Integrated application performance and network usage statistics

PA as a new data sources

• Cisco PA available as software feature in base IOS image

Available in 15.1(4)T

Supported platforms - 880, 890, and ISR G2

Cisco NAM with Software 5.1

Cisco Performance Agent

ISR Platforms


Branch

Office

WAAS

Express

(ISR G2) Data

Center

NAM

WAAS4.4

CM

NAM data sources: Flexible Netflow (FNF)

WAAS Flow Agent (FA)

Branch

Office WAAS SM-SRE

Branch

Office

Branch

Office WAAS

off path

WAAS

inline

WAN

• FNF: applications and their BW use • WAAS FA, IOS PA: application performance (user experience

IOS Performance Agent (PA)

NAM5.1 can consume PA data from ISR G2 routers providing Application Response Time (ART) charts for WAAS Express deployments.

WAAS CM:

View both Application Performance

& optimization performance

(compression ratio, lateny savings)

ISR G2

ISR G2

No optimization

Optimization Enabled


Branch Office

WAAS

Service

Module WAN

Internet

Branch Office

WAAS

Express

Branch Office

WAAS

Appliance

Regional Office

WAAS

Appliance

WAAS

Mobile

Server VPN

vWAAS

WAE

Server

VMs

VMware ESXi Server

Nexus 1000v vPATH

UCS /x86 Server

FC SAN

Nexus 1000v VSM

Virtual Private

Cloud

Data Center or

Private Cloud WAAS

Appliances

VPN

VMware ESXi vWAAS

Appliances

Server VMs

Platform Management and Services

Cisco WAAS Operating System

Embedded

virtualization

Configuration

Management

CIFS

AO

DRE, LZ, TFO

MAPI

AO

HTTP

AO

SSL

AO

Video

AO

W

O

W

V

B

# 2

V

B

# 3

NFS

AO

Disk Storage (Cache, VB) Network

I/O Multi-core CPUs


Platform

Total

DRAM

Required

Maximum WAN

bandwidth

Supported

Recommended

Number of Users

Max TCP

Connections

88x 768 M 1.5Mbps 1-10 75

89x 768 M 2 Mbps 1-10 75

1921* 512 M 512 Kbps 1 – 5 50

1941 2.5 G 4 Mbps 15-20 150

2901 2.5 G 6 Mbps 15-20 150

2911 2.5 G 6 Mbps 25 200

2921 2.5 G 6 Mbps 25 200

2951 4 G 6 Mbps 25 200

3925 4 G 10 Mbps 50 400

3945 4 G 10 Mbps 50 400

WAAS Express requires maximum DRAM installed as indicated

Typical Interfaces – 3G, T1, E1, Multi T1s, Multi E1s, and Serial

Performance Testing Conducted with IOS FW, VPN (IPsec), NAT, and, QoS

* 1921 – no DRE support – only TFO/LZ, no additional memory required


Hardware Configuration

Memory (GB)

Max Opt TCP Conn

Number of

Virtual Blades

Drive (GB)

RAID WAN

Capacity (Mbps)

Connectivity Options

NME-WAE-302 .5 250 N/A 80 N/A 4 N/A

NME-WAE-502 1 400 N/A 120 N/A 4 N/A

NME-WAE-522 2 800 N/A 160 N/A 8 N/A

SM-SRE-700/710

4 500 N/A 500 N/A 20 N/A

SM-SRE-900/910

4 1000 N/A 500 RAID-1 50 N/A

WAVE-294

4 200 2

250 N/A

10

4 port GE Cu

8 port GE Cu

4 port GE fiber

8 400 2 20

WAVE-594

8 750 2

500 Optional 2nd HDD

for RAID1

50

12 1,300 4 100

WAVE-694

16 2,500 4

2x600 RAID-1

200

24 6,000 6 200

* Final recommendations requires a detailed sizing exercise that include application traffic mix, traffic characteristics, application load and other factors

mentioned in the sizing guidelines.


Hardware Configuration

Memory (GB)

Max Opt TCP Conn

Drive (GB)

RAID WAN

Capacity (Mbps)

Connectivity Options

WAVE-7541 24 18,000 6 x 450 RAID-5 500 2 port 10GE SFP+

8 port GE Cu

4 port GE fiber

WAVE-7571 48 60,000 8 x 450 RAID-5 1,000

WAVE-8541 96 150,000 8 x 600 RAID-5 2,000

Model OPT TCP

Conn

WAN BW

Mbps

Virtual

Cores

Memory

GB

Hard Disk

GB

WAAS

Model

vWAAS-200 200 10 1 2 160 294

vWAAS-750 750 50 2 4 250 594

vWAAS-6000 6000 200 4 8 500 694

vWAAS-12000 12000 310 4 12 750 -

vWAAS-60000 60000 1000 8* 48 1500 7571

Model MAX

Devices

Virtual

Cores

Memory

GB

Hard Disk

GB

WAAS

Model

vCM-100N 100 2 2 250 -

vCM-2000N 2000 4 8 600 694

Performance results

based on

Cisco UCS C210 M2

Cisco UCS B250 M2


2 port 10GE

Module

4 port GE Cu

Module

8 port GE Cu

Module

4 port GE Fiber

Module

Part Number WAVE-10GE-2SFP WAVE-INLN-GE-4T WAVE-INLN-GE-8T WAVE-INLN-GE-4SX

Inline Mode ✓ ✓ ✓

Media SFP+ SR N/A N/A N/A


Cisco AppNav 10Gbps AppNav Off path deployment only appliance

WAAS 5.0

4 x 10G SFP+

Cisco WAVE Appliance

Cisco AppNav

WAAS +

Cisco AppNav Cisco AppNav IOM:

12 x 1G copper

12 x 1G SFP

Cisco WAVE:

WAVE-8541

WAVE-7571

WAVE-7541

WAVE-694

WAAS 5.0

Cisco AppNav 1Gbps Off path or in path deployment

5.0

cisco wide area application services (waas) … · cisco wide area application services (waas) ......

Documents