Technical Overview for TRYG
per@cisco.com
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
Enterprise WAN - What’s Going on?
•
WAN bandwidth needs are growing!
Cloud, BYOD/IOE and Video making it worse
•
IT budgets flat or declining
Transport/bandwidth costs are majority of WAN budget
•
These factors are driving WAN modernization
Lower cost transports – Internet, LTE, Carrier Ethernet,
Cloud application performance monitoring and optimization
Security – strong encryption and threat protection
Cisco IWAN addressing this market demand!
© 2013 Cisco and/or its affiliates. All rights reserved.
Cloud
50%
of CIOs Expect to
Operate via the
Cloud by 2015
Mobility
6X
More Mobile Data
Traffic by 2015
Fat Apps
2/3
of Mobile Traffic
Will Be Video
Cisco Confidential
2
Cisco Confidential
Internet Pricing vs. Reliability, 1998-2012
Low-Cost Alternative
of Organizations Are
Planning to Transition to
Internet Connections
© 2013 Cisco and/or its affiliates. All rights reserved.
1Internet
Transit Pricing based on surveys and informal data collection
primarily from Internet Operations Forums—‘street pricing’ estimates
2Packet delivery based on 15 years of ping data from PingER for WORLD
(global server sample) from EDU.STANFORD.SLAC in California
Source: William Norton (DrPeering.net); Stanford ping end-to-end reporting (PingER)
Cisco Confidential
3
Secure WAN Transport and Internet Access
Hybrid WAN Transport
IPsec Secure
MPLS (IP-VPN)
Private
Cloud
Virtual
Private
Cloud
Branch
Internet
Direct Internet
Access
Public
Cloud
• Secure WAN transport for private
• Increased WAN transport
and virtual private cloud access
• Leverage local Internet path for
public cloud and Internet access
capacity; and cost effectively!
• Improve application performance
(right flows to right places)
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
Dual MPLS
Hybrid
Dual Internet
Internet
Public
Enterprise
MPLS+
Internet
MPLS
MPLS
Branch
Public
Branch
Highest SLA guarantees
– Tightly coupled to SP
αΊ‹ Expensive
More BW for key applications
Balanced SLA guarantees
– Moderately priced
Internet
Branch
Best price/performance
Most SP flexibility
– Enterprise responsible for SLAs
Consistent VPN Overlay Enables Security Across Transition
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
5
AVC
Private
Cloud
MPLS
3G/4G-LTE
Virtual
Private
Cloud
Branch
Internet
WAAS
Public
Cloud
PfR
Control & Management Automation
Transport
Independent
Intelligent
Path Control
Application
Optimization
Secure
Connectivity
• Consistent operational model
• Dynamic Application best
• Application visibility with
• Certified strong encryption
• Simple provider migrations
path based on policy
• Load balancing for full
utilization of bandwidth
• Improved availability
performance monitoring
• Application acceleration
and bandwidth
optimization
• Comprehensive threat
• Scalable and modular design
• IPsec routing overlay design
© 2013 Cisco and/or its affiliates. All rights reserved.
defense
• Cloud Managed SSV29
Security for
secure direct Internet access
Cisco Confidential
6
Slide 6
SSV29
I swapped AO to be before Security.
Scott Van de Houten (svandeho); 15-11-2013
• IWAN is a Solution Architecture
Solves a network problem
Use Case Driven
Systems Development Approach
• Prescribed. Tested. Interoperable.
Bounded Scope and Complexity
NEW!
Enables Automation and Quality
• Delivers Business Outcomes
Reduce WAN costs. Increase bandwidth
Improve and Protect application
performance
Direct Internet Access
Guest Access Offload
OpEx Reduction
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
An Automated Platform
Business
Value
App
Internet
App
• WAN bonding
• Performance
Application Awareness (QoS, Control)
awareness
• Traffic optimization
Intelligent Path Control
Automated
IWAN
Platform
Secure Tunnel
Secure Tunnel
...
Secure Tunnel
• Overlay tunnels
• Transport
independent
• Private
WAN 1
...
WAN 2
WAN n
• Multiple WANs
for availability
IWAN
© 2013 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
8
Transport-Independent Design
Simplifying Internet-Based WANs - SHORTENED
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
9
Dynamic Multipoint VPN (DMVPN)
Transport-Independent
Flexible
Secure
Simplifies WAN Design
Dynamic Full-Meshed
Connectivity
• Easy multi-homing over any
• Consistent design over all
• Certified crypto and firewall for
carrier service offering
• Single routing control plane with
minimal peering to the provider
transports
• Automatic site-to-site IPsec
tunnels
• Zero-touch hub configuration
for new spokes
compliance
• Scalable design with highperformance cryptography in
hardware
Proven Robust Security
MPLS
WAN
ASR 1000
ISR-G2
Branch
© 2013 Cisco and/or its affiliates. All rights reserved.
Internet
ASR 1000
Data Center
Cisco Confidential
10
Traditional and IWAN
IWAN HYBRID
TRADITIONAL HYBRID
Active/Standby
WAN Paths
Active/Active
WAN Paths
Primary With Backup
Data Center
Two IPsec Technologies
GETVPN/MPLS
DMVPN/Internet
Two WAN Routing
Domains
Data Center
ASR 1000
ASR 1000
SP V
ISP A
DMVPN
GETVPN
MPLS
Internet
ASR 1000
ASR 1000
ISP A
SP V
DMVPN
DMVPN
DMVPN
MPLS
Internet
One WAN
Routing Domain
MPLS: eBGP or Static
Internet: iBGP, EIGRP or OSPF
Route Redistribution
Route Filtering Loop Prevention
iBGP, EIGRP, or OSPF
ISR-G2
© 2013 Cisco and/or its affiliates. All rights reserved.
One IPsec Overlay
Branch
ISR-G2
Branch
Cisco Confidential
11
Same Design Over MPLS, Internet, 3G/4G
IWAN HYBRID
IWAN DUAL INTERNET
Data Center
Data Center
One Active/Active WAN Paths
ASR 1000
ASR 1000
One DMVPN IPsec Overlay
SP V
ISP A
DMVPN
DMVPN
MPLS
Internet
ASR 1000
ASR 1000
ISP A
ISP C
DSL
Cable
DMVPN
DMVPN
Internet
Internet
One WAN Routing Domains
iBGP, EIGRP, or OSPF
ISR-G2
© 2013 Cisco and/or its affiliates. All rights reserved.
Branch
ISR-G2
Branch
Cisco Confidential
12
