iwan under the hood -d2zmdbbm9feqrf.cloudfront.net/2016/anz/pdf/brkrst-2362.pdf · iwan under the...

IWAN Under the Hood -Next Gen Performance Routing and DMVPN

David Prall, Communication Architect

CCIE 6508 (R&S/SP/Security)

[email protected]

• Introduction

• Intelligent Path Control

• PfRv3 Operations

• Deployment Considerations

• Troubleshooting

• Key Takeaways

Agenda

Intelligent Path Control –Performance Routing v3

Intelligent WAN Solution Components

MPLS

Unified

Branch

3G/4G-LTE

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloud

Application Optimisation

Enhanced Application

Visibility and Performance

Secure Connectivity

Comprehensive

Threat Defence

Intelligent Path Control

Application

Aware Routing

TransportIndependent

Simplified

Hybrid WAN

Management Automation

Hybrid WAN: Intelligent Path ControlLeveraging the Internet

Branch

MPLS

Internet

Virtual PrivateCloud

Private Cloud

• PfR monitors network performance and routes applications

based on application performance policies

• PfR load balances traffic based upon link utilisation levels

to efficiently utilise all available WAN bandwidth

Other traffic is load

balanced to maximise

bandwidth

Voice/Video/Critical will be

rerouted if the current path

degrades below policy thresholds

Voice/Video/Critical take

the best delay, jitter, and/or

loss path

Master Controller

commands path changes

based on traffic class

policy definitions

Best

Path

MC+BR MC+BR BR MC+BR

Path Enforcement

BR BR

MC

Measure the traffic flow

and network performance

and report metrics to the

Master Controller

Performance

Measurements

MC+BR MC+BR MC+BR MC+BR

MC

Measurement

MC

BR BR

Border Routers learn

current traffic classes

going to the WAN based

on classifier definitions

Learning

Active TCs

MC+BR MC+BR MC+BR MC+BR

Traffic

Classes

Learn the Traffic

BR BR

MC

How PfR Works – Key Operations

Define Traffic Classes

and service level

Policies based on

Applications or DSCP

Define Your Traffic Policy

Advanced Topology

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R31 R41 R51 R52

R12

R10

IWAN POP1 IWAN POP2

R10

DMVPNMPLS

DMVPNINET

R11 R14R13 R22R21 R24R23

10.1.0.0/1610.2.0.0/1610.0.0.0/8

10.1.0.0/1610.2.0.0/1610.0.0.0/8

• Support for multiple BRs per cloud

• Horizontal scaling

• Support for Multiple POPs

• Different Prefix

• Common Prefix

DC1DCI

WAN Core

DC2

IOS-XE 3.15

IOS 15.5(2)T

PfRv3 Operations

Overlay routing over tunnels

Overlay tunnels - DMVPN

Internet Routing

Transport routing

Perimeter

Security

Perimeter

Security

MPLS-VPN Routing

PfR path selection policies

PfR intelligent routing

IWAN Layered Solution – leveraging point to multipoint WAN connections with secure tunnel overlay

architecture and intelligent policy routing to provide cost optimisation and dynamic load balancing

AVC/QoSAVC/QoS

IWAN Solution Components

IWAN Domain – DMVPN

• IWAN Prescriptive Design – Transport Independent Design based on DMVPN

• Branch spoke sites establish an IPsec tunnel to and register with the hub site

• Data traffic flows over the DMVPN tunnels

• WAN interface IP address used for the tunnel source address (in a Front-door VRF)

• One tunnel per user inside VRF

• Overlay Routing

• BGP or EIGRP are typically used for scalability

• IP routing exchanges prefix information for each site

• Per-tunnel QOS is applied to prevent hub site oversubscription to spoke sites

R31 R41

R11 R12 R21 R22

R10

IWAN POP1 IWAN POP2

R20

ATBTMPLS

ISLANDINET

DCIWAN Core

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R51 R52

• IWAN Profiles are based upon iBGP and EIGRP for scalability and optimal Intelligent Path Control

• Intelligent Path Control:

• PfR can be used with any routing protocols by relying on the routing table (RIB). • Requires all valid WAN paths be ECMP so that each valid path is in the RIB.

• For BGP and EIGRP, PfR can look into protocol’s topology information to determine both best paths and secondary paths thus, ECMP is not required.

• PfRv3 always checks for a parent route before being able to control a Traffic Class. Parent route check is done as follows:

• Check to see if there is an NHRP shortcut route

• If not – Check in the order of BGP, EIGRP, Static and RIB

• Make sure that all Border Routers have a route over each external path to the destination sites, PfR will NOT be able to effectively control traffic otherwise.

Which Routing Protocol Should I Use?

SITE1

Performance Monitoring

MPLS

INET

Bandwidth on egressPer Traffic Class

(dest-prefix, DSCP, AppName)

2

3

2CPE1 CPE11

CPE12

CPE10

CPE2

Passive Monitoring

Performance Monitor• Collect Performance Metrics

• Per Channel- Per DSCP

- Per Source and Destination Site

- Per Interface

3

SITE3Single CPE

SITE2Dual CPE

Performance Monitoring

MPLS

INET

Integrated Smart Probes• Traffic driven – intelligent on/off

• Site to site and per DSCP

Performance Monitor• Collect Performance Metrics

• Per Channel- Per DSCP

- Per Source and Destination Site

- Per Interface

CPE1 CPE11

CPE12

CPE10

CPE2

Smart Probing

SITE3Single CPE

SITE2Dual CPE

SITE1

3

2

3

PfR Components

• The Decision Maker: Master Controller (MC)

• Apply policy, verification, reporting

• No packet forwarding/ inspection required

• Standalone of combined with a BR

• VRF Aware

• IPv4 only (IPv6 Future)

• The Forwarding Path: Border Router (BR)

• Gain network visibility in forwarding path (Learn, measure)

• Enforce MC’s decision (path enforcement)

• VRF aware

• IPv4 only (IPv6 Future)

MC1

BR1 BR2

MC/BR

MC/BR BR

Central Sites

Branch Sites

Branch Sites

IWAN Domain

Site ID 10.3.0.31

R31 R41 R51 R52

R11 R12 R21 R22

R10 R20

PATH1 PATH2

• Collection of sites that share the same set of policies

• An IWAN domain includes:

– A mandatory Hub site,

– Optional Transit sites,

– As well as Branch sites.

• Each site has a unique identifier (Site-Id)

– Derived from the loopback address of the local MC

• Central and headquarter sites play a significant role in PfR and are called an IWAN Point of Presence (POP).

– Each of these sites will have a unique identifier called a POP-ID

• Each site runs PfR and gets its path control configuration and policies from the logical IWAN domain controller through the IWAN Peering Service

Site ID 10.4.0.41

Site ID 10.5.0.51

DC-East

Site ID 10.1.0.10

Site ID 10.2.0.20

DC-WestDCI

WAN

Core

IWAN Sites

• Hub Site

• Located in an enterprise central site or headquarter location.

• Can act as a transit site to access servers in the datacentres or for spoke-to-spoke traffic

• Only one Hub site exists per IWAN domain

• The logical domain controller functionality resides on this site’s master controller (Hub MC).

• Transit Site

• Located in an enterprise central site or headquarter location.

• Can act as a Transit site

• The local MC peers with the Hub MC

• Branch Site

• DMVPN spoke, and are a stub site where traffic transit is not allowed.

• The local MC peers with the Hub MC

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R11 R12 R21 R22

R10

HUB SITESite ID = 10.1.0.10

DMVPNMPLS

DMVPNINET

R20

R31 R41

10.1.0.0/16 10.2.0.0/16

R51 R52

Hub Site

• One central site is assigned the role of Hub Site

– Each central site is allocated a unique POP-ID in the entire domain.

– POP-ID = 0 for the Hub Site

• The MC is assigned the Domain Controller (DC) role

– DC + MC = Hub Master Controller

– Central point of provisioning for PfR policies

– Listen for incoming peering request

• BRs are Hub BRs

– Peer with the local MC

POP-ID 0

R11 R12

R10


10.1.0.0/16

PfR Deployment – Hubdomain IWAN

vrf default

master hub

source-interface Loopback0

enterprise-prefix prefix-list ENTERPRISE_PREFIX

site-prefixes prefix-list SITE1_PREFIX

domain IWAN

vrf default

border

master 10.1.0.10


!

interface Tunnel100

description -- Primary Path --

domain IWAN path MPLS path-id 1

R10

R11

Path MPLSId 1

Path INETId 2

domain IWAN

vrf default

border

master 10.1.0.10


!

interface Tunnel200

description – Secondary Path --

domain IWAN path INET path-id 2

R12

Site Prefix: static definition of prefixes for a site

MANDATORY

POP-ID 0

2 31

• Performance Monitors instances (PMI)

• Monitor1 – Site Prefix Learning (egress direction)

• Monitor2 – Aggregate Bandwidth per Traffic Class (egress direction)

• Monitor3 – Performance measurements (ingress direction)

Policies

Monitors

Enterprise Prefix List

• The main use of the enterprise prefix list is to determine the enterprise boundary.

• With enterprise-prefix

• If a prefix doesn't match any site-prefix but matches enterprise-prefix then the prefix belongs to a site that is not participating in PfRv3 but it does belong to the enterprise.

• PfR will not influence traffic towards sites that have NOT enabled PFR.

• Without enterprise-prefix

• All the traffic that would be going towards a spoke that is NOT PfR enabled will be learnt as internet traffic class and therefore subjected to load balancing. domain IWAN

vrf default

master hub


enterprise-prefix prefix-list ENTERPRISE_PREFIX

!

ip prefix-list ENTERPRISE_PREFIX seq 10 permit 10.0.0.0/8

R10

R11 R12

R31 R41 R51 R52

Redundant MC – Anycast IP

Backup Hub MC10.1.0.10/31R100

Hub MC10.1.0.10/32

HUB SITE

• What happens when a MC fails?

• Traffic forwarded based on routing information –IE: no drop

• What happens when the Hub MC fails?

• Branch MCs keep their configuration and policies

• Continue to optimise traffic

• A backup MC can be defined on the hub.

• Using the same IP address as the primary

• Routing Protocol is used to make sure BRs and branch MC connect to the primary

• Stateless redundancy

• Backup MC will re-learn the traffic

DMVPNMPLS

DMVPNINET

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R11 R12 R21 R22

R10


TRANSIT SITESite ID = 10.2.0.20

DMVPNMPLS

DMVPNINET

R20

R31 R41

10.1.0.0/16 10.2.0.0/16

R51 R52

Transit Site

• Introduce “Transit Site" concept for the 2nd Central site

• Up to 63 in theory

• Each POP is allocated a unique POP-ID in the entire domain

• POP-ID configured

• Transit MC

• Behaves like a Hub MC without provisioning

• Peers with the Hub MC

• Transit BRs

• Similar as a Hub BR

• Peer with the local MC

IOS-XE 3.15

IOS 15.5(2)T

POP-ID 1

R21 R22


R20

10.2.0.0/16

POP-ID 1PfR Deployment – Transit Sitedomain IWAN

vrf default

master transit 1


site-prefixes prefix-list SITE2_PREFIX

hub 10.1.0.10

domain IWAN

vrf default

border

master 10.2.0.20


!

interface Tunnel100

description -- Primary Path --

domain IWAN path MPLS path-id 1

domain IWAN

vrf default

border

master 10.2.0.20


!

interface Tunnel200

description – Secondary Path --

domain IWAN path INET path-id 2

R20

R21

Path MPLSId 1

Path INETId 2

Site Prefix: static definition of prefixes for a site

MANDATORY

R22

2 31

• Performance Monitors instances (PMI)




10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R11 R12 R21 R22

R10



DMVPNMPLS

DMVPNINET

R20

R31 R41

10.1.0.0/16 10.2.0.0/16

R51 R52

Branch Sites

• Hub MC listening for incoming requests

• Branch MC connects to Hub MC

• Service Exchange

– Timers

– Policies and Monitor configurations

– Site Prefixes

MC Peering

BRANCH SITE Site3Site ID = 10.3.0.31

PfR Deployment – Single CPE Branch

• Single CPE Branch Sites

• Branch MCs connect to the Hub

domain IWAN

vrf default

master branch


hub 10.8.3.3

border

master local


R31

R41

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R11 R12 R21 R22

R10



DMVPNMPLS

DMVPNINET

R20

R31 R41

10.1.0.0/16 10.2.0.0/16

R51 R52

PfR Deployment – Dual CPE Branch

• Dual CPE Branch Sites

• Branch MCs connect to the Hub

• BRs directly connected (mandatory)

domain IWAN

vrf default

border

master 10.2.12.12


R52

domain IWAN

vrf default

master branch


hub 10.8.3.3

border

master local


R51

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R11 R12 R21 R22

R10



DMVPNMPLS

DMVPNINET

R20

R31 R41

10.1.0.0/16 10.2.0.0/16

R51 R52

Automatic Interface Discovery

R12

R31 R41 R51 R52

R11 R21 R22

R10 R20

• Transit BRs have path names manually defined, ie MPLS and INET

• Transit BRs send Discovery Packet with path names from to all discovered sites

• Discovery probes generated from the Hub/Transit Border Routers

MPLSPath-Id 1

INETPath-Id 2

INETPath-ID 2

MPLSPath-ID 1

DMVPNMPLS

DMVPNINET

WAN Path is detected on the branch

- Path Name

- Path Id

- DSCP

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24



WAN Interface – Performance Monitors

• Apply 3 Performance Monitors instances (PMI) over external interfaces




R31

2 31 2 31

Site Prefix Discovery

• Every MC in the domain owns a Site Prefix database

• Gives the mapping between site and prefixes

• 2 options:

– Static

– Automatic LearningINETMPLS

R10

R11 R12

R31 R41 R51 R52

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24


1

1

INETMPLS

R10

R11 R12

R31 R41 R51 R52

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24



Source Destination DSCP App

10.1.10.200 10.8.1.200 AF41 AppXY

R10

MC

Site-Pfx Mask

10.3.3.0 /24

SAF - Site 3

10.3.3.0/24

SAF - Site 3

10.3.3.0/24

SAF- Site 3

10.3.3.0/24

• Source Prefix and Mask collected from Performance Monitor

• Monitor interval is 30 sec

• BR send to its local MC

• MC send information to all peers via Peering

SAF - Site 3

10.3.3.0/24


Site Prefix List

Site1 10.1.0.0/16

Site2 10.2.0.0/16

Site3 10.3.3.0/24

Site4 10.4.4.0/24

Site5 10.5.5.0/24

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R11 R12 R21 R22

R10



DMVPNMPLS

DMVPNINET

R20

R31 R41

10.1.0.0/16 10.2.0.0/16

R51 R52

Site Prefixes – Static Configuration

• This allows configuring site-prefix manually instead of learning.

• This configuration should be used at the site if the site is used for transit.

• For example, Site A reaches Site B via Hub-Site, where Hub-Site is transit site. The configuration is used to prevent learning of Site A prefix as Hub-Site prefix when it is transiting from Hub.

domain IWAN

vrf default

master hub


site-prefixes prefix-list DC1_PREFIX

!

ip prefix-list DC1_PREFIX seq 10 permit 10.8.0.0/16

!

MC1

BR1 BR2

Hub MC10.8.3.3/32

Source Destination DSCP App

10.1.10.200 10.1.11.200 AF41 AppXY

IWAN POP1

Define PfR Traffic Policies

Define your Traffic Policy

Identify Traffic Classes based on Application or DSCP

Performance thresholds (loss, delay and Jitter), Preferred Path

Centralised on a Domain Controller

CLASS MATCH ADMIN PERFORMANCE

VoiceDSCP

Application

Preferred: MPLS

Fallback: INET

Next Fallback: 4G

Delay threshold

Loss threshold

Jitter threshold

Interactive VideoDSCP

Application

Preferred: MPLS

Fallback: INET

Delay threshold

Loss threshold

Jitter threshold

Critical DataDSCP

Application

Preferred: MPLS

Fallback: INET

Delay threshold

Loss threshold

Jitter threshold

Best EffortDSCP

Application

- Delay threshold

Loss threshold

Jitter threshold

IWAN Policies – DSCP or App Based

domain IWAN

vrf default

master hub

load-balance

class MEDIA sequence 10

match application <APP-NAME1> policy real-time-video

match application <APP-NAME2> policy custom

priority 1 one-way-delay threshold 200

priority 2 loss threshold 1

path-preference MPLS fallback INET

class VOICE sequence 20

match dscp <DSCP-VALUE> policy voice

path-preference MPLS fallback INET

class CRITICAL sequence 30

match dscp af31 policy low-latency-data

• Policies:

– DSCP or Application Based Policies (NBAR2)

– DSCP marking can be used with NBAR2 on the LAN interface (ingress on BR)

• Default Class is load balanced

R10

• Pre-defined thresholds

• Custom thresholds

Built-in Policy Templates

Pre-defined

Template

Threshold Definition

Voice priority 1 one-way-delay threshold 150 threshold 150 (msec)

priority 2 packet-loss-rate threshold 1 (%)

priority 2 byte-loss-rate threshold 1 (%)

priority 3 jitter 30 (msec)

Real-time-video priority 1 packet-loss-rate threshold 1 (%)


priority 2 one-way-delay threshold 150 (msec)

priority 3 jitter 20 (msec)

Low-latency-data priority 1 one-way-delay threshold 100 (msec)



Pre-

defined

Template

Threshold Definition

Bulk-data priority 1 one-way-delay threshold 300 (msec)



Best-effort priority 1 one-way-delay threshold 500 (msec)



scavenger priority 1 one-way-delay threshold 500 (msec)



PfRv3 works on Traffic Class – DSCP Based

Traffic with EF, AF41, AF31 and 0

DSCP Based Policies

Prefix DSCP AppID Dest SiteNext-Hop

10.3.3.0/24 EF N/A Site 3 ?

10.3.3.0/24 AF41 N/A Site 3 ?

10.3.3.0/24 AF31 N/A Site 3 ?

10.3.3.0/24 0 N/A Site 3 ?

10.4.4.0/24 EF N/A Site 4 ?

10.4.4.0/24 AF41 N/A Site 4 ?

10.4.4.0/24 AF31 N/A Site 4 ?

10.4.4.0/24 0 N/A Site 4 ?

10.5.5.0/24 EF N/A Site 5 ?

10.5.5.0/24 AF41 N/A Site 5 ?

10.5.5.0/24 AF31 N/A Site 5 ?

10.5.5.0/24 0 N/A Site 5 ?

Traffic Class

Destination Prefix

DSCP Value

Application (N/A when DSCP policies used)

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R11 R12 R21 R22

R10



DMVPNMPLS

DMVPNINET

R20

R31 R41

10.1.0.0/16 10.2.0.0/16

R51 R52

PfRv3 works on Traffic Class– Application Based

Traffic with EF, AF41, AF31 and 0App1, App2, etc

Application based Policies

Prefix DSCP AppID Dest Site Next-Hop

10.3.3.0/24 EF N/A Site 3 ?

10.3.3.0/24 AF41 App1 Site 3 ?

10.3.3.0/24 AF41 App2 Site 3 ?

10.3.3.0/24 AF41 N/A Site 3 ?

10.3.3.0/24 AF31 N/A Site 3 ?

10.3.3.0/24 0 N/A Site 3 ?

10.4.4.0/24 EF N/A Site 4 ?

10.4.4.0/24 AF41 App1 Site 4 ?

10.4.4.0/24 AF31 N/A Site 4 ?

10.4.4.0/24 0 N/A Site 4 ?

10.5.5.0/24 EF N/A Site 5 ?

10.5.5.0/24 AF41 App2 Site 5 ?

10.5.5.0/24 AF31 N/A Site 5 ?

10.5.5.0/24 0 N/A Site 5 ?

Traffic Class

Destination Prefix

DSCP Value

Application (N/A when DSCP policies used)

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R11 R12 R21 R22

R10



DMVPNMPLS

DMVPNINET

R20

R31 R41

10.1.0.0/16 10.2.0.0/16

R51 R52

Channels from Branch to Central Sites

INETMPLS

MC1

BR1 BR3

R10 R11 R12 R13

Hub MC10.1.0.10/32

Present Channel 10

• Site 1

• MPLS

• Path 1

• DSCP AF41Backup Channel 12

• Site 1

• INET

• Path 3

• DSCP AF41

IWAN POP

BR2

Present Channel 11

• Site 1

• MPLS

• Path 2

• DSCP AF41

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

Channel Between Branch Sites

INETMPLS

MC1

BR1 BR2

R31 R41 R51 R52

Present Channel 13

• Site 4

• MPLS

• DSCP EF

Backup Channel 14

• Site 4

• INET

• DSCP EF

Between Any Pair

of Sites that has

traffic!

IWAN POP

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

Hub MC10.1.0.10/32

Channel

• Monitoring performance per channel

• Channel per destination site, DSCP, Path Name and Path Id

• Destination Prefix from Site Prefix database

• Include all sites advertising that prefix

• Load balance may be done between POPs if prefix is shared between multiple transit sites

• Track individual BR performance on the hub

• A PfR-label uniquely identify a path between sites across clouds (embedded in GRE encapsulation)

10.3.3.0/16

R31

R11 R12 R21 R22

R10

Path MPLSId 1

Path MPLSId 1

R20

DMVPNMPLS

DMVPNINET

Path INETId 2

Path INETId 2

POP-ID PATH-ID POP-ID PATH-ID

10.1.0.0/1610.2.0.0/16

10.1.0.0/1610.2.0.0/16

10.1.0.0/1610.2.0.0/16

IOS-XE 3.15

IOS 15.5(2)T



TC to Channel Mapping

R31-Site3-Spoke#sh domain IWAN master channel dscp ef

Channel Id: 53 Dst Site-Id: 10.1.0.10 Link Name: MPLS DSCP: ef [46] pfr-label: 0:1 | 0:0 [0x10000] TCs: 1

Channel Created: 3w5d ago

Provisional State: Initiated and open

Operational state: Available

Channel to hub: TRUE

Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

10.2.0.0/16 (Routable)

• Channel created for each destination site, path name, next-hop (path identifier) and DSCP.

• Destination Prefix announced by destination site

• TC => Destination Prefix, DSCP => Mapped to the corresponding Channel

R31-Site3-Spoke#sh domain IWAN master channel dscp ef

Channel Id: 57 Dst Site-Id: 10.1.0.10 Link Name: INET DSCP: ef [46] pfr-label: 0:2 | 0:0 [0x20000] TCs:

0

Channel Created: 3w5d ago




Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

10.2.0.0/16 (Routable)

Destination Site: Collecting Performance MetricsSmart Probes

• Without actual traffic

• 20 pps for channel without traffic

• IOS-XE: BR sends 10 probes spaced 20ms apart in the first 500ms and another similar 10 probes in the next 500ms

• IOS: BR sends one packet every 50ms

• With actual traffic

• Lower frequency when real traffic is observed over the channel

• Probes sent every 1/3 of [Monitor Interval], ie every 10 sec by default

• Measured by Performance Monitor just like other data traffic

Performance Violation

10.3.3.0/24 10.4.4.0/24 10.5.5.0/24

R11 R12 R21 R22

R10



DMVPNMPLS

DMVPNINET

R20

R31 R41

10.1.0.0/16 10.2.0.0/16

R51 R52

• Performance notification exported ONLY when there is a violation on a specific channel

• Generated from ingress monitor attached on destination BRs to the source site MC

• Based on Monitor interval (30 sec default, configurable)

• Via all available external interfaces.

R31

TCA Delay

DSCP AF41

Path MPLS

Policy Decision and Path Enforcement

• Search MC database for TC to site R31 with DSCP EF going over path MPLS

• Auto Tunnel between Border Routers

• Option1: next hop is local to the BR

• Option2: next hop is another BR, forward through the auto-tunnel (GRE encap used)

Auto-tunnel

mGRE interface

Flow

MPLS INETOption1

Option2

R10

R11 R12


Deployment Considerations

IWAN 2.0 – Hub/Transit MC Scaling

ISR 443150 sites

ASR 1001-X1000 sites

ISR 4451200 sites

ASR 1002-X2000 sites

CSR1000v1 vCPU

200 sites

CSR1000v 2 vCPU

500 sites

IWAN Application Policies

R11 R12 R21 R22

R10 R20



R51 R52

DMVPNMPLS

DMVPNINET

• NBAR2:

– Asymmetric routing issue

– Some applications require DPI to see both sides of the flow

– Inherent to all DPI engines

• Workaround

– HSRP Master

– PBR statement on the return path

Unreachable Timer

10.3.3.0/24

R31

R11 R12 R21 R22

R10

Path MPLSId 1

Path MPLSId 1

R20

DMVPNMPLS

DMVPNINET



Path INETId 2

Path INETId 2

• Channel Unreachable

• PfRv3 considers a channel reachable as long as the site receives a PACKET on that channel

• A channel is declared unreachable in both directions if

• There is NO traffic on the Channel, probes are the only way of detecting unreachability. So if no probe is received within 1 sec, PfR detects unreachability.

• When there IS traffic on the channel, if PfR does not see any packet for more than a second on a channel PfR detects unreachability.

Default: 1 Sec

Recommended: 4 sec

Advanced options – with 3.16 15.5(3)S / 15.5(3)Mchannel-unreachable-timer 4

Failover Time

R11 R12 R21 R22

R10

Path MPLSId 1

Path MPLSId 1

R20

DMVPNMPLS

DMVPNINET

Path INETId 2

Path INETId 2

• Ingress Performance Violation detected

• Delay, loss or jitter thresholds

• Based on Monitor-interval

• Default 30 Seconds

• Single Fast Monitor Interval Configurable

domain IWAN

vrf default

master hub

monitor-interval 4 dscp ef

monitor-interval 4 dscp af41

monitor-interval 4 dscp cs4

monitor-interval 4 dscp af31

R31

10.3.3.0/24



Load Balancing

• Current Situation

- Load balancing works on physical links

- Load sharing on NH on the same DMVPN network (XE 3.16.1 and IOS 15.5(3)M1) :- between R11 and R21

- Between R12 and R22

• Default Classes TCs

- Load balancing at any time (not only at creation time).

- TC will be moved to ensure bandwidth on all links is within the defined range

• Performance TCs

- Initial load-balancing while placing the TCs, on a per TC basis. PfR does not account for the TCs getting fatter.

R11 R12 R21 R22

R10

Path MPLSId 1

Path INETId 2

R20

Path MPLSId 1

Path INETId 2

R31

MPLS INET



10.1.0.0/1610.2.0.0/16

10.1.0.0/1610.2.0.0/16

Path SelectionDirection from POPs to Spokes

• Each POP is a unique site by itself and so it will only control traffic towards the spoke on the WAN’s that belong to that POP.

• PfRv3 will NOT be redirecting traffic between POP across the DCI or WAN Core. If it is required that all the links are considered from POP to spoke, then the customer will need to use a single MC.

• Only one next hop (on branch) per DMVPN network

• No PfR control between Transit Sites

R11 R12 R21 R22

R10

Path MPLSId 1

Path MPLSId 1

R20

DMVPNMPLS

DMVPNINET

Path INETId 2

Path INETId 2

R31

10.3.3.0/24



Hub MCPOP-ID 0

Transit MCPOP-ID 1

Path SelectionDirection from Spokes to POPs

• The spoke considers all the paths (multiple NH’s) towards the POPs

• The concept of "active" and "standby" next hops based on routing metrics and advertised mask length in routing is used to gather information about the preferred POP for a given prefix.

• Example: If the best metric for a given prefix is on DC1 then all the next hops on that DC for all the ISPs are tagged as active (only for that prefix).

R11 R12 R21 R22

R10

Path MPLSId 1

Path MPLSId 1

R20

DMVPNMPLS

DMVPNINET

Path INETId 2

Path INETId 2

R31

10.3.3.0/24

DC1Site ID = 10.1.0.10

DC2Site ID = 10.2.0.20

LP 100000 LP 3000LP 20000 LP 400

10.1.0.0/24 10.1.0.0/24

Next Hop Status for Prefix

• Active next hop: A next hop is considered active if it is located at the POP site which has the next hop with the best routing metric for a given prefix

• Standby next hop: A next hop is considered standby if it is located at the POP site which advertises a route for prefix but does not have any next hop with best metric.

• Routable* next hop: A next hop is considered routable for a given prefix if it advertises one or more routes for the prefix and it was not a candidate channel for any traffic class

• Unreachable next hop: A next hop is considered unreachable for a given prefix if it is down or does not advertise any route for the prefix

• The sorting for active/standby considers all the channels/next hops on all WAN interfaces which are “Routable”.

Note: Routable is a new status visible starting from XE

3.16.1/15.5(3)M1. On the border prior to XE 3.16.1/15.5(3)M1

active, standby and unreachable were supported.

PfRv3 Routing DefinitionsBest Metric

• A next hop in a given list is considered to have a best metric based on following metrics/criteria:

• Advertised mask length ()

• BGP: Weight() , Local-Preference ()

• EIGRP : FD () , Successor FD ()

• Mask length takes precedence. Only if advertised mask lengths are equal, the protocol specific metrics are used.

Channels

• Channel to all next-hops, per DSCP

• Depending on the routing prefix advertisements, metrics and PfR Site Prefix List, destination-prefix will be active/standby/routable

R11 R12 R21 R22

R10

Path MPLSId 1

Path MPLSId 1

R20

Path INETId 2

Path INETId 2

R31

10.3.3.0/24

Ch1 Ch2 Ch3 Ch4CHANNEL PATH NEXT HOPS PREFIX STATUS

1 MPLS R11 10.1.0.0/16 ?

2 INET R12 10.1.0.0/16 ?

3 MPLS R21 10.1.0.0/16 ?

4 INET R22 10.1.0.0/16 ?

10.1.0.0/16 10.1.0.0/16

DC1Site ID = 10.1.0.10

DC2Site ID = 10.2.0.20

Use Case #1 – Separate Prefix

R12 R21 R22

R10 R20

R11

10.1.0.0/16

10.0.0.0/8

BGP

10.2.0.0/16

10.0.0.0/8

BGP

• BGP

– Site1 advertises 10.1.0.0/16 and 10.0.0.0/8

– Site2 advertises 10.2.0.0/16 and 10.0.0.0/8

• PfR:

– Site1 Site-Prefix: 10.1.0.0/16

– Site2 Site-Prefix: 10.2.0.0/16

SITE1

PfR Site-Prefix

10.1.0.0/16

SITE2

PfR Site-Prefix

10.2.0.0/16

10.1.0.0/16 10.2.0.0/16

R31

10.3.3.0/24

Ch1 Ch2 Ch3 Ch4

Path MPLSId 1

Path MPLSId 1

Path INETId 2

Path INETId 2

CHANNEL PATH NEXT HOP PREFIX STATUS

1 MPLS R11 10.1.0.0/16 Active

2 INET R12 10.1.0.0/16 Active

3 MPLS R21 10.2.0.0/16 Active

4 INET R22 10.2.0.0/16 Active

Path Selection

DMVPNMPLS

DMVPNINET

R31

R12 R21 R22

R10 R20

R11

10.3.3.0/24

PREFIXPATH

PREFERENCE

NEXT-HOPS

ORDERStatus

10.1.0.0/16

MPLS Preferred

INET Fallback

R11

R12

Active

Active

No Preference R11, R12 Active

R31 PfR View

10.1.0.0/16

10.0.0.0/8

BGP

10.2.0.0/16

10.0.0.0/8

BGP

10.1.0.0/16 10.2.0.0/16

SITE1

PfR Site-Prefix

10.1.0.0/16

SITE2

PfR Site-Prefix

10.2.0.0/16

Channels – Site1

R31-Site3-Spoke#show domain IWAN master channel dscp ef


Channel Created: 00:03:56 ago




Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

Channel Id: 6 Dst Site-Id: 10.1.0.10 Link Name: INET DSCP: ef [46] pfr-label: 0:2 | 0:0 [0x20000] TCs: 0





Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

[Output omitted for brevity]

Label 0:1

POP 0 Path-ID 1

R11

Label 0:2

POP 0 Path-ID 2

R12

Channels – Site2







Site Prefix List

10.2.0.20/32 (Routable)

10.2.0.0/16 (Active)






Site Prefix List

10.2.0.20/32 (Routable)

10.2.0.0/16 (Active)

Label 1:1

POP 1 Path-ID 1

R21

Label 1:2

POP 1 Path-ID 2

R22


Use Case #2 – Shared PrefixDC Stickiness with more Specific Prefix

R12 R21 R22

R10 R20

R11

10.1.0.0/16

10.0.0.0/8

BGP

10.2.0.0/16

10.0.0.0/8

BGP

• Dual datacentre

• Same prefixes shared across Site1/Site2

• Site1 preferred for 10.1.0.0/16

• Site2 preferred for 10.2.0.0/16

R31 PfR View

SITE1

PfR Site-Prefix

10.1.0.0/16

10.2.0.0/16

SITE2

PfR Site-Prefix

10.1.0.0/16

10.2.0.0/16


1 MPLS R1110.1.0.0/16

10.2.0.0/16

Active

Standby

2 INET R1210.1.0.0/16

10.2.0.0/16

Active

Standby

3 MPLS R2110.1.0.0/16

10.2.0.0/16

Standby

Active

4 INET R2210.1.0.0/16

10.2.0.0/16

Standby

Active

R31

10.3.3.0/24

Ch1 Ch2 Ch3 Ch4

Path MPLSId 1

Path MPLSId 1

Path INETId 2

Path INETId 2

10.1.0.0/1610.2.0.0/16

Path Selection

R12 R21 R22

R10 R20

R11

PREFIXPATH

PREFERENCE

NEXT-HOPS

ORDERStatus

10.1.0.0/16

MPLS Preferred

INET Fallback

R11

R12

R21

R22

Active

Active

Standby

Standby

No PreferenceR11, R12

R21, R22

Active

Standby

R31 PfR View

SITE1

PfR Site-Prefix

10.1.0.0/16

10.2.0.0/16

SITE2

PfR Site-Prefix

10.1.0.0/16

10.2.0.0/16

R31

10.3.3.0/24

Ch1 Ch2 Ch3 Ch4

Path MPLSId 1

Path MPLSId 1

Path INETId 2

Path INETId 2

10.1.0.0/1610.2.0.0/16

Channels – Site1







Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

10.2.0.0/16 (Standby)






Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

10.2.0.0/16 (Standby)

Label 0:1

POP 0 Path-ID 1

R11

Label 0:2

POP 0 Path-ID 2

R12


Channels – Site2







Site Prefix List

10.2.0.20/32 (Routable)

10.1.0.0/16 (Standby)

10.2.0.0/16 (Active)






Site Prefix List

10.2.0.20/32 (Routable)

10.1.0.0/16 (Standby)

10.2.0.0/16 (Active)

Label 1:1

POP 1 Path-ID 1

R21

Label 1:2

POP 1 Path-ID 2

R22


10.1.0.0/1610.2.0.0/16

Use Case #3 – Shared PrefixDC Stickiness with Different Metrics

LP100000

LP3000

LP20000

LP400

R12 R21 R22

R10 R20

R11

10.1.0.0/16

10.2.0.0/16

10.0.0.0/8

BGP

10.1.0.0/16

10.2.0.0/16

10.0.0.0/8

BGP

• BGP: Both Site1 and Site2 advertise 10.1.0.0/16 and 10.2.0.0/16

• DC preference can be determined per branch

SITE1

PfR Site-Prefix

10.1.0.0/16

10.2.0.0/16

SITE2

PfR Site-Prefix

10.1.0.0/16

10.2.0.0/16

R31

10.3.3.0/24

Ch1 Ch2 Ch3 Ch4

R31 PfR View


1 MPLS R1110.1.0.0/16

10.2.0.0/16

Active

Active

2 INET R1210.1.0.0/16

10.2.0.0/16

Active

Active

3 MPLS R2110.1.0.0/16

10.2.0.0/16

Standby

Standby

4 INET R2210.1.0.0/16

10.2.0.0/16

Standby

Standby

10.1.0.0/1610.2.0.0/16

Path Selection

R12 R21 R22

R10 R20

R11

PREFIXPATH

PREFERENCE

NEXT-HOPS

ORDERStatus

10.1.0.0/16

MPLS Preferred

INET Fallback

R11

R12

R21

R22

Active

Active

Standby

Standby

No PreferenceR11, R12

R21, R22

Active

Standby

• Transit Site Affinity introduced in 15.5(3)M1 and XE 3.16.1

R31 PfR ViewLP100000

LP3000

LP20000

LP400

R31

10.3.3.0/24

Ch1 Ch2 Ch3 Ch4

SITE1

PfR Site-Prefix

10.1.0.0/16

10.2.0.0/16

SITE2

PfR Site-Prefix

10.1.0.0/16

10.2.0.0/16

10.1.0.0/16

10.2.0.0/16

10.0.0.0/8

BGP

10.1.0.0/16

10.2.0.0/16

10.0.0.0/8

BGP

Channels – Site1







Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

10.2.0.0/16 (Active)






Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

10.2.0.0/16 (Active)

Label 0:1

POP 0 Path-ID 1

R11

Label 0:2

POP 0 Path-ID 2

R12


Channels – Site2







Site Prefix List

10.2.0.20/32 (Routable)

10.1.0.0/16 (Standby)

10.2.0.0/16 (Standby)






Site Prefix List

10.2.0.20/32 (Routable)

10.1.0.0/16 (Standby)

10.2.0.0/16 (Standby)

Label 1:1

POP 1 Path-ID 1

R21

Label 1:2

POP 1 Path-ID 2

R22


10.1.0.0/1610.2.0.0/16

Use Case #4 – No DC StickinessDual Central Sites – Same Prefix

BGP

domain IWAN

vrf default

master hub

advanced

no transit-site-affinity

• To disable and come back to previous default:

R12 R21 R22

R10 R20

R11

LP1000

LP1000

LP1000

LP1000

R31

10.3.3.0/24

Ch1 Ch2 Ch3 Ch4

SITE1

PfR Site-Prefix

10.1.0.0/16

SITE2

PfR Site-Prefix

10.1.0.0/16

R31 PfR View


1 MPLS R11 10.1.0.0/16 Active

2 INET R12 10.1.0.0/16 Active

3 MPLS R21 10.1.0.0/16 Active

4 INET R22 10.1.0.0/16 Active

10.1.0.0/16

10.2.0.0/16

10.0.0.0/8

BGP

10.1.0.0/16

10.2.0.0/16

10.0.0.0/8

BGP

10.1.0.0/1610.2.0.0/16

Path Selection

PREFIXPATH

PREFERENCE

NEXT-HOPS

ORDERStatus

10.1.0.0/16

MPLS Preferred

INET Fallback

R11, R21

R12, R22

Active,

Active

Active,

Active

No Preference R11, R12, R21, R22

Active,

Active,

Active,

Active

R31 PfR View

BGP

R12 R21 R22

R10 R20

R11

LP100000

LP3000

LP20000

LP400

10.1.0.0/16

10.0.0.0/8

10.1.0.0/16

10.0.0.0/8

BGP

R31

10.3.3.0/24

Ch1 Ch2 Ch3 Ch4

SITE1

PfR Site-Prefix

10.1.0.0/16

10.2.0.0/16

SITE2

PfR Site-Prefix

10.1.0.0/16

10.2.0.0/16

Channels – Site1







Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

10.2.0.0/16 (Active)






Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

10.2.0.0/16 (Active)

Label 0:1

POP 0 Path-ID 1

R11

Label 0:2

POP 0 Path-ID 2

R12


Channels – Site2








Site Prefix List

10.2.0.20/32 (Routable)

10.1.0.0/16 (Active)

10.2.0.0/16 (Active)






Site Prefix List

10.2.0.20/32 (Routable)

10.1.0.0/16 (Active)

10.2.0.0/16 (Active)

Label 1:1

POP 1 Path-ID 1

R21

Label 1:2

POP 1 Path-ID 2

R22


Use Case #5 – Path of Last Resort

DMVPNMPLS

DMVPNINET

R31

R12 R21 R22

R10 R20

R11

10.3.3.0/24

SITE1Site ID = 10.1.0.10

SITE2Site ID = 10.2.0.20

DMVPNLTE

R13 R23

• Path of last resort (PLR) option for metered links

• PLR Channels muted when in standby mode

• Once it is active, smart probes will only be sent on dscp 0 (zero sla) to conserve bandwidth

• Smart probe frequency will be reduced to 1 packet every 10 secsfrom 20 packets per secs.

• Unreachable detection will be extended to 60 secs

R13 – R23

interface Tunnel300

description – LTE Path --

domain IWAN path LTE path-id 3 path-last-resort

Troubleshooting

Check Traffic Classes Summary

R31-Site3-Spoke#show domain IWAN master traffic-classes summary

APP - APPLICATION, TC-ID - TRAFFIC-CLASS-ID, APP-ID - APPLICATION-ID

SP - SERVICE PROVIDER, PC = PRIMARY CHANNEL ID,

BC - BACKUP CHANNEL ID, BR - BORDER, EXIT - WAN INTERFACE

UC - UNCONTROLLED, PE - PICK-EXIT, CN - CONTROLLED, UK - UNKNOWN

Dst-Site-Pfx Dst-Site-Id APP DSCP TC-ID APP-ID State SP PC/BC BR/EXIT

20.1.100.0/28 Internet N/A af21 10 N/A CN INET 19/NA 10.3.0.31/Tunnel200

10.4.4.0/24 10.4.0.41 N/A ef 7 N/A CN MPLS 13/14 10.3.0.31/Tunnel100

10.1.0.0/16 10.1.0.10 N/A default 9 N/A CN INET 3/1 10.3.0.31/Tunnel200

10.1.0.0/16 10.1.0.10 N/A ef 8 N/A CN MPLS 4/5 10.3.0.31/Tunnel100

Total Traffic Classes: 4 Site: 3 Internet: 1

R31-Site3-Spoke#

Traffic Class Controlled Path Information - Channels

Check Traffic Classes Details

R31-Site3-Spoke#show domain IWAN master traffic-classes dscp ef

Dst-Site-Prefix: 10.1.0.0/16 DSCP: ef [46] Traffic class id:8

Clock Time: 15:46:41 (EST) 01/15/2016

TC Learned: 00:20:40 ago

Present State: CONTROLLED

Current Performance Status: in-policy

Current Service Provider: MPLS since 00:20:10

Previous Service Provider: Unknown

BW Used: 20 Kbps

Present WAN interface: Tunnel100 in Border 10.3.0.31

Present Channel (primary): 4 MPLS pfr-label:0:1 | 0:0 [0x10000]

Backup Channel: 5 INET pfr-label:0:2 | 0:0 [0x20000]

Destination Site ID bitmap: 1

Destination Site ID: 10.1.0.10

Class-Sequence in use: 10

Class Name: VOICE using policy User-defined

priority 2 packet-loss-rate threshold 5.0 percent

priority 1 one-way-delay threshold 150 msec

priority 2 byte-loss-rate threshold 5.0 percent

BW Updated: 00:00:10 ago

Reason for Latest Route Change: Delay

Check Traffic Class

Voice for site 1

Check Channels used (Primary and Backup)

Path name and Path Id (Next Hop)

reason for last change

Active Path used

Check Traffic Classes Details

R31-Site3-Spoke#show domain IWAN master traffic-classes dscp ef


Reason for Latest Route Change: Delay

Route Change History:

Date and Time Previous Exit Current Exit

Reason

1: 15:50:27 (EST) 01/15/16 MPLS(0:1|0:0)/10.3.0.31/Tu100 (Ch:4) INET(0:2|0:0)/10.3.0.31/Tu200 (Ch:5)

Out-of-Policy (One Way Delay : 283 msec)

2: 15:26:31 (EST) 01/15/16 None(0:0|0:0)/0.0.0.0/None (Ch:0) MPLS(0:1|0:0)/10.3.0.31/Tu100 (Ch:4)

Uncontrolled to Controlled Transition

• History of Route Changes: Last 5 reasonsRoute change from MPLS to INET

due to Delay

Monitoring Channels

R31-Site3-Spoke#sh domain IWAN master channels dscp ef

Channel Id: 4 Dst Site-Id: 10.1.0.10 Link Name: MPLS DSCP: ef [46] pfr-label: 0:1 | 0:0 [0x10000]

TCs: 0





Interface Id: 15

Supports Zero-SLA: Yes

Muted by Zero-SLA: No

Estimated Channel Egress Bandwidth: 40 Kbps

Immitigable Events Summary:

Total Performance Count: 0, Total BW Count: 0

Site Prefix List

10.1.0.10/32 (Routable)

10.1.0.0/16 (Active)

ODE Statistics:

Received: 484

[SNIP]

Monitoring Channels (Cont’d) – ODE

[CONTD]

ODE Stats Bucket Number: 1

Last Updated : 00:00:01 ago

Packet Count : 38

Byte Count : 3192

One Way Delay : 283 msec*

Loss Rate Pkts: 0.0 %

Loss Rate Byte: 0.0 %

Jitter Mean : 4783 usec

Unreachable : FALSE

ODE Stats Bucket Number: 2


Packet Count : 37

Byte Count : 3108


Loss Rate Pkts: 0.0 %

Loss Rate Byte: 0.0 %

Jitter Mean : 5081 usec

Unreachable : FALSE

On Demand Export (ODE)

Delay Out of Policy

Monitoring Channels (Cont’d) – TCA

[CONTD]

TCA Statistics:

Received: 441 ; Processed: 128 ; Unreach_rcvd: 0 ; Local Unreach_rcvd: 0

TCA lost byte rate: 0

TCA lost packet rate: 7

TCA one-way-delay: 0

TCA network-delay: 434

TCA jitter mean: 0

Latest TCA Bucket



Loss Rate Pkts: NA

Loss Rate Byte: NA

Jitter Mean : NA

Unreachability: FALSEThreshold Crossing Alert (TCA)

One Way Delay OOP

Key Takeaways

Performance Routing Phases – Summary IWAN 2.0

PfR version 3

IOS 15.4(3)M

IOS-XE 3.13

PfR version 3

IOS 15.5(1)T

IOS-XE 3.14

PfR version 3

IOS 15.5(2)T

IOS-XE 3.15

PfR version 3

IOS 15.5(3)M

IOS-XE 3.16

IWAN 2.1PfR version 3

IOS 15.5(3)M1

IOS-XE 3.16.1

• PfR Domain

• One touch provisioning

• Auto Discovery of sites

• NBAR2 support

• Passive Monitoring

(performance monitor)

• Smart Probing

• VRF Awareness

• IPv4/IPv6 (Future)

• <10 lines of configuration

and centralised

• Zero SLA

• WCCP Support

• Transit Sites

• Multiple Next Hop per

DMVPN

• Multiple POPs

• Syslog (TCA)

• Show last 5 TCA

• Path of Last Resort

• EIGRP IWAN

Simplification (Stub

site)

• POP Affinity

• Blackout ~ sub second

• Brownout ~ 2 sec

• Scale 2000 sites

Performance Routing – Platform Support

Cisco ISR G2 family

3900-AX2900-AX1900-AX

890

Cisco ISR 4000

44004300

Cisco ASR-1000

Cisco CSR-1000

MCBR

MCBR

MCBR

MCBR*

* BR support 3.18

Key Takeaways

• IWAN Intelligent Path Control pillar is based upon Performance Routing (PfR)

• Maximises WAN bandwidth utilisation

• Protects applications from performance degradation

• Enables the Internet as a viable WAN transport

• Provides multisite coordination to simplify network wide provisioning.

• Application-based policy driven framework and is tightly integrated with existing AVC components.

• Smart and Scalable multi-sites solution to enforce application SLAs while optimising network resources utilisation.

• PfRv3 is the 3rd generation Multi-Site aware Bandwidth and Path Control/Optimisation solution for WAN/Cloud based applications.

• Available on ASR1k, ISR4k, and ISR-G2

More Information• Cisco.com IWAN and PfRv3 Page:

• http://www.cisco.com/go/iwan

• http://www.cisco.com/go/pfr

• DocWiki

• http://docwiki.cisco.com/wiki/PfRv3:Home

• dCloud

• http://dcloud.cisco.com

• dCloud IWAN 4D Lab: https://dcloud-cms.cisco.com/demo/16360

• CVD IWAN 2.x

• WAN CVD’s http://www.cisco.com/go/cvd/wan

• Intelligent WAN Technology Design Guide - February 2016: http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Feb2016/CVD-IWANDesignGuide-FEB16.pdf

• Intelligent WAN Configuration Files Guide - February 2016:http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Feb2016/CVD-IWANConfigurationFilesGuide-FEB16.pdf

• IWAN Security for Remote Site DIA and Guest Wireless Design Guide – March 2015: http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Mar2015/CVD-IWAN-DIADesignGuide-Mar15.pdf

• IWAN Application Optimisation using Cisco WAAS and Akamai Connect Technology Design Guide - March 2015: http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Mar2015/CVD-IWAN-WAASDesignGuide-Mar15.pdf

http://www.cisco.com/go/iwan

http://www.cisco.com/go/pfr

http://docwiki.cisco.com/wiki/PfRv3:Home

http://www.cisco.com/go/cvd/wan

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Feb2016/CVD-IWANDesignGuide-FEB16.pdf

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Feb2016/CVD-IWANConfigurationFilesGuide-FEB16.pdf

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Mar2015/CVD-IWAN-DIADesignGuide-Mar15.pdf

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Mar2015/CVD-IWAN-DIADesignGuide-Mar15.pdf

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Mar2015/CVD-IWAN-WAASDesignGuide-Mar15.pdf

IWAN Book

• Pre-order available

• https://t.co/CsSeG1GkFK

• VIRL lab available

https://t.co/CsSeG1GkFK

Complete Your Online Session Evaluation

Learn online with Cisco Live!

Visit us online after the conference

for full access to session videos and

presentations.

www.CiscoLiveAPAC.com

Give us your feedback and receive a

Cisco 2016 T-Shirt by completing the

Overall Event Survey and 5 Session

Evaluations.– Directly from your mobile device on the Cisco Live

Mobile App

– By visiting the Cisco Live Mobile Site http://showcase.genie-connect.com/ciscolivemelbourne2016/

– Visit any Cisco Live Internet Station located

throughout the venue

T-Shirts can be collected Friday 11 March

at Registration

http://www.ciscoliveapac.com/

http://showcase.genie-connect.com/ciscolivemelbourne2016/

Thank you

iwan under the hood -d2zmdbbm9feqrf.cloudfront.net/2016/anz/pdf/brkrst-2362.pdf · iwan under the...

Documents