cisco wide area application services (waas) … · cisco wide area application services (waas) ......
TRANSCRIPT
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1
Cisco Wide Area Application Services (WAAS)
Christian Bock, Systems Engineer
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
LAN
Switch Server LAN
switch Client WAN
Round Trip Time ~ 10’s – 100’s ms
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
75%
99% 50% 20%
90%
80%
95%
90%
85%
99%
File Sharing
Protocols Applications Typical Reduction Maximum Reduction
Response-Time Reduction
Web Apps
Software Distribution
Enterprise Application
Backup Apps
Data Replication
CIFS NFS
Exchange OWA
Lotus Notes
HTTP HTTPS
System Center Config. Manager
Microsoft Oracle, SAP
Documentum
System Center Data Protection Manager
Legato, Veritas
NetApp SnapMirror Data Domain, Double Take,
Veritas Vol Replicator
VDI Microsoft RDP
Citrix ICA VMWare View RDP
90% Video Live Video
Video on Demand
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 5
Platform Management and Services
Cisco WAAS Operating System
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Configuration
Management
System
(CMS)
SMB2/
CIFS
AO
TCP Proxy with Scheduler Optimizer (SO)
DRE, LZ, TFO
eMAPI
AO
HTTP
AO
SSL
AO
Video
AO
WoW
Virtual
Blade
# 2
Virtual
Blade
# 3
NFS
AO
Disk Storage (Cache, VB storage etc.) I/O
Multiple, Independent Processes Fault Isolation and Containment
Linux Kernel KVM
ICA
AO
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Standard TCP
Time (RTT) Slow Start Congestion Avoidance
cwnd
1 2
3
WAAS TFO
Cisco
WAAS TFO
Standard
TCP
Bandwidth Utilization
Time (RTT)
1
2 3
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Synchronized
Compression
History
DRE
LZ LZ
DRE
WAN
Solutions
Data Redundancy Elimination (DRE)
Persistent LZ compression
Benefits
• New innovative context - aware
DRE
• Up to 100:1 compression
• Session-based compression
• Up to an additional 10:1 compression
even after DRE
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 8
Today Emerging
HTTP
MAPI CIFS
HTTPS
VDI
Streaming Video
Pre-positioned content
Traffic Flow
Cloud apps
Uni- Directional
Balanced
Applications
Systems Implications: Mix of Applications - SLA’s
Latency & Jitter
End to End QoS
Transparency
Balanced & uni-directional traffic
Signatures (in memory)
BranchN Signatures
Branch2 Signatures
Branch1 Signatures
Data Store (disk)
zip doc JPG ZIP JPG
Local Object Cache
File pre-positioning Ideal for high latency/low bandwidth
Application Aware Cache Manager
• Per branch signature fault isolation avoids branch starvation lowest data store access latency
• Adaptive DRE memory manager improved cache utilization increased throughput reduced latency
Adaptive DRE Cache
Uni-Directional mode - only written to destination cache
Bi-Directional mode- written to both caches
Unified Data Store- Single store for all peers
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Full application support
Asynchronous Writes
Read Ahead
Messages Decompression-
DRE hints
EndPoint Mapper
MAPI Application Optimizer
WAN Client
SERVER
File and Metadata caching
Read-ahead
Message pipelining
Scheduled preposition to pre-populate
Transparent integration
Dedicated CIFS cache
CIFS Application Optimizer
WAN
CACHE
Files
FILE.DOC
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Exchange Server
Active Directory
Controller
(Kerberos KDC)
Core WAAS Branch WAAS
Outlook Client
WAN
Encrypted MAPI
Request
Securely transfer key
to remote branch.
Temporary keys allow
access to
Encrypt/Read/Sign Data
Application Data:
Encrypted
Authentication:
Kerberos
Application Data:
Optimized, Encrypted
Authentication:
Kerberos
Application Data:
Encrypted
Authentication:
Kerberos
WAN-Secure
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Fast Connection Reuse
Proxy Connect to SSL Servers
Local HTTP responses through
Metadata cache
Content-aware optimization
DRE hints
Server compression offload
HTTP Application Optimizer
WAN
Connect (SYN, SYN-ACK, ACK)
HTTP Request
HTTP Response
Connect
HTTP Request
HTTP Response
WAN
Send “session key”
SSL Session Core WAE to Server
- Core WAE: Server Private Key SSL Session Client to Core WAE (WAAS)
Edge WAE Core WAE
Transparent
Secure Channel
Original Data - Encrypted Optimized & Encrypted Original Data - Encrypted
SSL Handshake SSL Handshake Client Server
SSL Application Optimizer
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
WAN Conn Cache
Reuse WAN Connection
Mitigate
Latency
Local
TCP Handshake Response
Advanced HTTP Parser
Cache HTTP Meta Data
Mitigate
Latency
Local HTTP
Freshness Response
Local HTTP
Redirect Response
Local HTTP Auth-
needed Response
Send DRE Hints
Mitigate Latency
DRE Flush
Stream
Improve
Performance
DRE Skip
Bytes
DRE Skip LZ
Modify Compression
Directive
Improve Perf.
Offload Server
Disables Server Com-
pression
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 13
• Seamless interoperability with existing Citrix infrastructure
• Requires no changes to XenDesktop or XenApp configuration
Branch Clients
WAN
Cisco WAAS Cisco WAAS
HTTP/HTTPS ✓
✓
✓
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Branch Office
WAAS
Service
Module WAN
Internet
Branch Office
WAAS
Express
Branch Office
WAAS
Appliance
Regional Office
WAAS
Appliance
WAAS
Mobile
Server VPN
vWAAS
WAE
Server
VMs
VMware ESXi Server
Nexus 1000v vPATH
UCS /x86 Server
FC SAN
Nexus 1000v VSM
Virtual Private
Cloud
Data Center or
Private Cloud WAAS
Appliances
VPN
VMware ESXi vWAAS
Appliances
Server VMs
AppNav
+ WAAS
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 16
Virtual WAAS
• Application acceleration from
Private/Virtual Private Cloud
• VMWare ESX/ESXi and UCS
deployments
• Agile, elastic, multi-tenant deployment
• vCM: common virtualized management
for physical/virtual WAAS
WAAS Appliance
• Application acceleration
• Virtual blades in branch offices
• Scalable platforms for range of
deployments
• Virtualize WAN optimization
resources into pools of elastic
resources
• Deployed in-path or Out of path to
scale up to 8 AppNav modules &
32 WAAS or vWAAS Appliances.
AppNav
• Integrated ISR G2
• On-demand IOS-based
• Bandwidth optimization
• Inline IOS features (Security, QoS)
• Small footprint, Cost-effective, Single CLI
WAAS Express
• Integrated ISR G2
• Application Acceleration
• Software on-demand provisioning
• No fork lift upgrade
WAAS Service Ready Engine
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Data Center Head End, Regional Hub
Large Branch, Regional Office
Low Density Branch Retail Office
Tele Worker Regional Office,
Commercial Head
End
Large Enterprise /SP DC & High Performance DC-DC
WAAS
Appliances
WAAS ISR
Modules
WAAS
Express
vWAAS
SM-SRE-710 SM-SRE-910
890 29xx 39xx 1941/2901
Branch Config DC/Cloud Configs
WAVE-8541 WAVE-7541 WAVE-7571
WAVE-294 WAVE-594 WAVE-694
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
WAN
SrcIP 1.1.1.1
DstIP 2.2.2.2
SrcPort 1434
DstPort 80 Application Data
SrcIP 1.1.1.1
DstIP 2.2.2.2
SrcPort 1434
DstPort 80 Optimized
Data
Cisco Wide Area Application Services
Application Optimizers
Advanced Compression
Transport Optimization
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
WAE1 WAE2
WCCPv2
or PBR
WCCPv2
or PBR
A:B TCP SYN A:B TCP SYN
(marked)
A:B TCP SYN
(marked)
I know WAE1 is
in the path, let’s
accelerate!
Need to accelerate
this connection!
Here are my details
B:A TCP SYN/ACK
Acknowledge
Acceleration!
Here are my details
ACCELERATION
CONFIRMED!
B:A TCP SYN/ACK
(marked)
B:A TCP SYN/ACK
A B WAN
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Security
- Stateful Inspection
- Firewall Policies
- Signature Matching
Control
- Classification
- Drop or Mark
- Policing
Visibility
- NetFlow
Intercept
- Inline
- WCCP
- IOS packet flow
Optimize
- Specific Application
Acceleration
- Compression
- Flow Optimization
Secure
- Disk Encryption
- Firewall Compliance
Routing
- Static
- Dynamic
- Optimized
Security
- Stateful Inspection
- Firewall Policies
- Link Encryption
Control
- Shaping
Visibility
- NetFlow
WAN
Egress
Security,
Control, and
Visibility
Route
Selection
Intercept
and
Optimize
Ingress
Security,
Control, and
Visibility
LAN
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Remote
Office
WAN
WCCPv2 • Active/active clustering up to 32
devices
• Automatic load-balancing
• Load redistribution
• Fail-over
• Fail-through operation
• Near-linear scalability & performance
Data Center
WAN
Inline Plug-and-Play
• No network changes • Mechanical fail-to-wire
Scalability and High Availability • Up to 2 • Redundant network paths & asymmetry • Load-sharing and fail-over
Transparent Integration • Transparency and auto discovery • 802.1q VLAN trunking • All WAE appliances • Interception access list
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
WAN
Exchange WEB Apps
Business Unit2 Business Unit1
WAN optimization Pools
vWAAS
WAVE WAE
vWAAS
AppNav IO Module
• Virtualizes up to 32 WAVE
instances
• Scales to ~1M connections
WAVE Appliance
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
InPath
WAN WAN
OffPath
GRE
Encapsulated GRE
Encapsulated
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
VMware ESXi Server
Nexus 1000V vPATH
VMware ESXi Server
Nexus 1000V vPATH
Web
Server DB
Server vWAAS
Web
Server App
Server vCM Web
Server
Non Opt Port-Profile
vWAAS Port-Profile
Optimize Port-Profile
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Extend Cisco WAAS product portfolio across ISR G2s
Cisco WAAS Express
Cisco WAAS
Data Center
Branch Office
WAN QoS
VPN
NAT
ACL
FW
NetFlow
WAAS Express
WAAS Central
Manager
IOS 15.2(3)T
Available
Now!
IOS Forwarding Path
CEF Interception and reinsertion
Compression (LZ) TCP Flow
Optimizations (TFO)
Data Redundancy Elimination (DRE)
TCP Proxy
Network Integration
L4: Throughput Optimization
Un
ified
Ma
nag
em
en
t
Policy Engine
Select Application Acceleration
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
WAN
Remote
Office
Data
Center
Remote
Office
WAAS
Appliance
WAAS
Appliance
V
B
1
V
B
2
V
B
3
V
B
1
V
B
2
V
B
3
WAAS
Appliances
• Joint architecture development
• Joint customer support
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Server
Client
Central Manager
Cisco NAM VB in
DC WAAS
No optimization
Optimization Enabled
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
• NAM extends visibility to remote sites with PA
Integrated application performance and network usage statistics
PA as a new data sources
• Cisco PA available as software feature in base IOS image
Available in 15.1(4)T
Supported platforms - 880, 890, and ISR G2
Cisco NAM with Software 5.1
Cisco Performance Agent
ISR Platforms
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Branch
Office
WAAS
Express
(ISR G2) Data
Center
NAM
WAAS4.4
CM
NAM data sources: Flexible Netflow (FNF)
WAAS Flow Agent (FA)
Branch
Office WAAS SM-SRE
Branch
Office
Branch
Office WAAS
off path
WAAS
inline
WAN
• FNF: applications and their BW use • WAAS FA, IOS PA: application performance (user experience
IOS Performance Agent (PA)
NAM5.1 can consume PA data from ISR G2 routers providing Application Response Time (ART) charts for WAAS Express deployments.
WAAS CM:
View both Application Performance
& optimization performance
(compression ratio, lateny savings)
ISR G2
ISR G2
No optimization
Optimization Enabled
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Branch Office
WAAS
Service
Module WAN
Internet
Branch Office
WAAS
Express
Branch Office
WAAS
Appliance
Regional Office
WAAS
Appliance
WAAS
Mobile
Server VPN
vWAAS
WAE
Server
VMs
VMware ESXi Server
Nexus 1000v vPATH
UCS /x86 Server
FC SAN
Nexus 1000v VSM
Virtual Private
Cloud
Data Center or
Private Cloud WAAS
Appliances
VPN
VMware ESXi vWAAS
Appliances
Server VMs
Platform Management and Services
Cisco WAAS Operating System
Embedded
virtualization
Configuration
Management
CIFS
AO
DRE, LZ, TFO
MAPI
AO
HTTP
AO
SSL
AO
Video
AO
W
O
W
V
B
# 2
V
B
# 3
NFS
AO
Disk Storage (Cache, VB) Network
I/O Multi-core CPUs
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 48
Platform
Total
DRAM
Required
Maximum WAN
bandwidth
Supported
Recommended
Number of Users
Max TCP
Connections
88x 768 M 1.5Mbps 1-10 75
89x 768 M 2 Mbps 1-10 75
1921* 512 M 512 Kbps 1 – 5 50
1941 2.5 G 4 Mbps 15-20 150
2901 2.5 G 6 Mbps 15-20 150
2911 2.5 G 6 Mbps 25 200
2921 2.5 G 6 Mbps 25 200
2951 4 G 6 Mbps 25 200
3925 4 G 10 Mbps 50 400
3945 4 G 10 Mbps 50 400
WAAS Express requires maximum DRAM installed as indicated
Typical Interfaces – 3G, T1, E1, Multi T1s, Multi E1s, and Serial
Performance Testing Conducted with IOS FW, VPN (IPsec), NAT, and, QoS
* 1921 – no DRE support – only TFO/LZ, no additional memory required
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 49
Hardware Configuration
Memory (GB)
Max Opt TCP Conn
Number of
Virtual Blades
Drive (GB)
RAID WAN
Capacity (Mbps)
Connectivity Options
NME-WAE-302 .5 250 N/A 80 N/A 4 N/A
NME-WAE-502 1 400 N/A 120 N/A 4 N/A
NME-WAE-522 2 800 N/A 160 N/A 8 N/A
SM-SRE-700/710
4 500 N/A 500 N/A 20 N/A
SM-SRE-900/910
4 1000 N/A 500 RAID-1 50 N/A
WAVE-294
4 200 2
250 N/A
10
4 port GE Cu
8 port GE Cu
4 port GE fiber
8 400 2 20
WAVE-594
8 750 2
500 Optional 2nd HDD
for RAID1
50
12 1,300 4 100
WAVE-694
16 2,500 4
2x600 RAID-1
200
24 6,000 6 200
* Final recommendations requires a detailed sizing exercise that include application traffic mix, traffic characteristics, application load and other factors
mentioned in the sizing guidelines.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 50
Hardware Configuration
Memory (GB)
Max Opt TCP Conn
Drive (GB)
RAID WAN
Capacity (Mbps)
Connectivity Options
WAVE-7541 24 18,000 6 x 450 RAID-5 500 2 port 10GE SFP+
8 port GE Cu
4 port GE fiber
WAVE-7571 48 60,000 8 x 450 RAID-5 1,000
WAVE-8541 96 150,000 8 x 600 RAID-5 2,000
Model OPT TCP
Conn
WAN BW
Mbps
Virtual
Cores
Memory
GB
Hard Disk
GB
WAAS
Model
vWAAS-200 200 10 1 2 160 294
vWAAS-750 750 50 2 4 250 594
vWAAS-6000 6000 200 4 8 500 694
vWAAS-12000 12000 310 4 12 750 -
vWAAS-60000 60000 1000 8* 48 1500 7571
Model MAX
Devices
Virtual
Cores
Memory
GB
Hard Disk
GB
WAAS
Model
vCM-100N 100 2 2 250 -
vCM-2000N 2000 4 8 600 694
Performance results
based on
Cisco UCS C210 M2
Cisco UCS B250 M2
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
2 port 10GE
Module
4 port GE Cu
Module
8 port GE Cu
Module
4 port GE Fiber
Module
Part Number WAVE-10GE-2SFP WAVE-INLN-GE-4T WAVE-INLN-GE-8T WAVE-INLN-GE-4SX
Inline Mode ✓ ✓ ✓
Media SFP+ SR N/A N/A N/A
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Cisco AppNav 10Gbps AppNav Off path deployment only appliance
WAAS 5.0
4 x 10G SFP+
Cisco WAVE Appliance
Cisco AppNav
WAAS +
Cisco AppNav Cisco AppNav IOM:
12 x 1G copper
12 x 1G SFP
Cisco WAVE:
WAVE-8541
WAVE-7571
WAVE-7541
WAVE-694
WAAS 5.0
Cisco AppNav 1Gbps Off path or in path deployment
5.0