Cisco Wide Area Application Services
(WAAS)
Christian Bock, Systems Engineer
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
1
Round Trip Time ~ 10’s – 100’s ms
Client
© 2010 Cisco and/or its affiliates. All rights reserved.
LAN
Switch
WAN
LAN
switch
Server
Cisco Confidential
2
Response-Time Reduction
Applications
Protocols
File Sharing
CIFS
NFS
Email
Exchange
OWA
Lotus Notes
Web Apps
HTTP
HTTPS
Software
Distribution
System Center
Config. Manager
Enterprise
Application
Microsoft
Oracle, SAP
Documentum
Backup Apps
System Center Data
Protection Manager
Legato, Veritas
Data
Replication
NetApp SnapMirror
Data Domain, Double Take,
Veritas Vol Replicator
VDI
Microsoft RDP
Citrix ICA
VMWare View RDP
Video
Live Video
Video on Demand
© 2010 Cisco and/or its affiliates. All rights reserved.
Typical Reduction
20%
Maximum Reduction
50%
99%
90%
80%
95%
90%
85%
99%
75%
90%
Cisco Confidential
3
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
Platform Management and Services
SMB2/
CIFS
AO
eMAPI HTTP
AO
AO
SSL
AO
Video
AO
ICA
AO
NFS
AO
Configuration
Management
System
(CMS)
TCP Proxy with Scheduler Optimizer (SO)
DRE, LZ, TFO
WoW
Virtual Virtual
Blade Blade
#2
#3
Cisco WAAS Operating System
Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Linux Kernel
Disk Storage (Cache, VB storage etc.)
 Multiple, Independent Processes
© 2010 Cisco and/or its affiliates. All rights reserved.
KVM
I/O
 Fault Isolation and Containment
Cisco Confidential
5
cwnd
Standard TCP
3
2
1
Slow Start Congestion Avoidance
Bandwidth
Utilization
Time (RTT)
WAAS TFO
3
2
1
Cisco
WAAS TFO
Standard
TCP
© 2010 Cisco and/or its affiliates. All rights reserved.
Time (RTT)
Cisco Confidential
6
Solutions
Benefits
 Data Redundancy Elimination (DRE)
• New innovative context - aware
DRE
• Up to 100:1 compression
 Persistent LZ compression
• Session-based compression
• Up to an additional 10:1 compression
even after DRE
WAN
LZ
LZ
DRE
DRE
Synchronized
Compression
History
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
7
Traffic Flow
UniDirectional
VDI
Pre-positioned
content
Balanced
HTTP
CIFS
MAPI
Systems Implications:
Streaming
Video
Mix of Applications - SLA’s
Latency & Jitter
End to End QoS
Transparency
Balanced & uni-directional traffic
Cloud apps
HTTPS
Today
Applications
Emerging
zip
Application Aware Cache Manager
• Per branch signature
 fault isolation
 avoids branch starvation
 lowest data store access
latency
• Adaptive DRE memory manager
 improved cache utilization
 increased throughput
 reduced latency
© 2010 Cisco and/or its affiliates. All rights reserved.
JPG
doc
JPG
ZIP
Local Object Cache
 File pre-positioning
 Ideal for high latency/low bandwidth
Signatures (in memory)
Branch1
Branch2
BranchN
Signatures
Signatures
Signatures
Data Store (disk)
Adaptive DRE Cache
 Uni-Directional mode - only written to
destination cache
Bi-Directional mode- written to both
caches
Unified Data Store- Single store for all
peers
Cisco Confidential
8
WAN
Files
FILE.DOC
CACHE
 File and Metadata caching
 Read-ahead
 Message pipelining
 Scheduled preposition to pre-populate
 Transparent integration
 Dedicated CIFS cache
MAPI Application Optimizer
 Full application support
 Asynchronous Writes
 Read Ahead
 Messages Decompression DRE hints
 EndPoint Mapper
Client
© 2010 Cisco and/or its affiliates. All rights reserved.
CIFS Application Optimizer
SERVER
WAN
Cisco Confidential
9
Temporary keys allow
access to
Encrypt/Read/Sign Data
Securely transfer key
to remote branch.
Core WAAS
Branch WAAS
Encrypted MAPI
Request
Active Directory
Controller
(Kerberos KDC)
WAN-Secure
WAN
Outlook Client
Application Data:
Encrypted
Authentication:
Kerberos
© 2010 Cisco and/or its affiliates. All rights reserved.
Application Data:
Optimized, Encrypted
Authentication:
Kerberos
Application Data:
Encrypted
Authentication:
Kerberos
Exchange Server
Cisco Confidential
10
HTTP Application Optimizer
WAN
 Fast Connection Reuse
 Proxy Connect to SSL Servers
 Local HTTP responses through
Metadata cache
 Content-aware optimization
 DRE hints
 Server compression offload
Connect (SYN, SYN-ACK, ACK)
HTTP Request
HTTP Response
Connect
HTTP Request
HTTP Response
SSL Application Optimizer
Edge WAE
Send “session key”
Core WAE
Transparent
Secure Channel
Client
SSL Handshake
Server
SSL Handshake
WAN
Original Data - Encrypted
Optimized & Encrypted
SSL Session Client to Core WAE (WAAS)
© 2010 Cisco and/or its affiliates. All rights reserved.
Original Data - Encrypted
SSL Session Core WAE to Server
- Core WAE: Server Private Key
Cisco Confidential
11
WAN Conn
Cache
Reuse WAN
Connection
Advanced HTTP Parser
Cache HTTP Meta Data
Mitigate
Latency
Local
TCP
Handshake
Response
© 2010 Cisco and/or its affiliates. All rights reserved.
Mitigate
Latency
Local
HTTP
Freshness
Response
Local
HTTP
Redirect
Response
Send DRE Hints
Mitigate
Latency
Local
HTTP
Authneeded
Response
DRE
Flush
Stream
Improve
Performance
DRE
Skip
Bytes
DRE
Skip
LZ
Modify
Compression
Directive
Improve
Perf.
Offload
Server
Disables
Server
Compression
Cisco Confidential
12
Branch Clients
✓
HTTP/HTTPS
Cisco WAAS
Cisco WAAS
WAN
✓
✓
• Seamless interoperability with existing Citrix infrastructure
• Requires no changes to XenDesktop or XenApp configuration
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
13
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
14
Virtual Private
Cloud
Server
VMs
vWAAS
WAE
Nexus 1000v
WAAS
Express
Branch Office
VMware ESXi Server
Nexus 1000v VSM
UCS /x86 Server
FC SAN
WAAS
Service
Module
Branch Office
vPATH
WAN
Data Center or
Private Cloud
WAAS
Appliances
AppNav
+ WAAS
WAAS
Appliance
Branch Office
Internet
Server VMs
VMware ESXi
WAAS
Appliance
Regional Office
vWAAS
Appliances
VPN
WAAS
Mobile
Server
© 2010 Cisco and/or its affiliates. All rights reserved.
VPN
Cisco Confidential
15
WAAS Appliance
• Application acceleration
• Virtual blades in branch offices
• Scalable platforms for range of
deployments
Virtual WAAS
• Application acceleration from
Private/Virtual Private Cloud
• VMWare ESX/ESXi and UCS
deployments
• Agile, elastic, multi-tenant deployment
• vCM: common virtualized management
for physical/virtual WAAS
AppNav
• Virtualize WAN optimization
resources into pools of elastic
resources
• Deployed in-path or Out of path to
scale up to 8 AppNav modules &
32 WAAS or vWAAS Appliances.
WAAS Express
WAAS Service Ready Engine
• Integrated ISR G2
• Application Acceleration
• Software on-demand provisioning
• No fork lift upgrade
© 2010 Cisco and/or its affiliates. All rights reserved.
• Integrated ISR G2
• On-demand IOS-based
• Bandwidth optimization
• Inline IOS features (Security, QoS)
• Small footprint, Cost-effective, Single CLI
Cisco Confidential
16
vWAAS
Branch Config
WAAS
Appliances
WAVE-294
DC/Cloud Configs
WAVE-694
WAVE-594
WAVE-7541
WAVE-7571
WAVE-8541
WAAS ISR
Modules
SM-SRE-710
SM-SRE-910
WAAS
Express
890
Tele Worker
© 2010 Cisco and/or its affiliates. All rights reserved.
1941/2901
Low Density Branch
Retail Office
29xx
Large Branch,
Regional Office
39xx
Regional Office,
Commercial Head
End
Data Center Head End,
Regional Hub
Large Enterprise /SP DC &
High Performance DC-DC
Cisco Confidential
17
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
18
Cisco Wide Area Application Services
Application Optimizers
Advanced Compression
Transport Optimization
WAN
SrcIP 1.1.1.1
DstIP 2.2.2.2
SrcIP 1.1.1.1
DstIP 2.2.2.2
© 2010 Cisco and/or its affiliates. All rights reserved.
SrcPort 1434
DstPort 80
SrcPort 1434
DstPort 80
Optimized
Data
Application Data
Cisco Confidential
19
WCCPv2
or PBR
A
A:B TCP SYN
B:A TCP SYN/ACK
WAN
WCCPv2
or PBR
A:B TCP SYN
(marked)
B:A TCP SYN/ACK
A:B TCP
B:ASYN
TCP SYN/ACK
(marked)
(marked)
ACCELERATION
CONFIRMED!
Need to accelerate
WAE1
© 2010 Cisco and/or its affiliates. All rights reserved.
this connection!
Here are my details
B
WAE2
I know
Acknowledge
WAE1 is
in the
Acceleration!
path, let’s
accelerate!
Here are my details
Cisco Confidential
20
LAN
Ingress
Security,
Control, and
Visibility
Security
- Stateful Inspection
- Firewall Policies
- Signature Matching
Control
- Classification
- Drop or Mark
- Policing
Visibility
- NetFlow
Intercept
and
Optimize
Intercept
- Inline
- WCCP
- IOS packet flow
Optimize
- Specific Application
Acceleration
- Compression
- Flow Optimization
Route
Selection
Routing
- Static
- Dynamic
- Optimized
Egress
Security,
Control, and
Visibility
WAN
Security
- Stateful Inspection
- Firewall Policies
- Link Encryption
Control
- Shaping
Visibility
- NetFlow
Secure
- Disk Encryption
- Firewall Compliance
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
21
Inline
Plug-and-Play
• No network changes
• Mechanical fail-to-wire
Remote
Office
Scalability and High Availability
• Up to 2
• Redundant network paths &
asymmetry
• Load-sharing and fail-over
Transparent Integration
• Transparency and auto discovery
• 802.1q VLAN trunking
• All WAE appliances
• Interception access list
WAN
WCCPv2
• Active/active clustering up to 32
devices
• Automatic load-balancing
• Load redistribution
• Fail-over
• Fail-through operation
• Near-linear scalability & performance
WAN
Data Center
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
22
WAN
WAN optimization Pools
Exchange
WEB Apps
WAE
WAVE
vWAAS
vWAAS
Business Unit1
Business Unit2
WAVE Appliance
AppNav IO Module
•
•
© 2010 Cisco and/or its affiliates. All rights reserved.
Virtualizes up to 32 WAVE
instances
Scales to ~1M connections
Cisco Confidential
23
InPath
OffPath
WAN
GRE
Encapsulated
© 2010 Cisco and/or its affiliates. All rights reserved.
WAN
GRE
Encapsulated
Cisco Confidential
24
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
25
vWAAS
Web
Server
DB
Server
vPATH
Nexus 1000V
VMware ESXi Server
Web
Server
Web
Server
App
Server
vCM
vPATH
Nexus 1000V
VMware ESXi Server
Optimize Port-Profile
Non Opt Port-Profile
vWAAS Port-Profile
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
26
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
27
IOS 15.2(3)T
Available
Now!
Extend Cisco WAAS product portfolio across ISR G2s
Cisco
WAAS
Cisco
WAAS Express
WAN
Branch
Office
QoS
VPN
NAT
ACL
FW
NetFlow
WAAS Express
WAAS
Central
Manager
Data
Center
Select Application Acceleration
Network
Integration
Unified Management
L4: Throughput
Optimization
Compression (LZ)
TCP Flow
Optimizations
(TFO)
Data Redundancy
Elimination (DRE)
TCP Proxy
Policy Engine
CEF Interception and reinsertion
IOS Forwarding Path
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
28
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
31
Remote
Office
WAAS
Appliance
WAAS
Appliances
Data
Center
WAN
Remote
Office
WAAS
Appliance
• Joint architecture development
• Joint customer support
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
32
No optimization
Optimization Enabled
Client
Server
Cisco NAM VB in
DC WAAS
© 2010 Cisco and/or its affiliates. All rights reserved.
Central Manager
Cisco Confidential
33
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
34
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
35
• NAM extends visibility to remote
sites with PA
Integrated application
performance and network
usage statistics
PA as a new data sources
Cisco NAM with Software 5.1
Cisco Performance Agent
• Cisco PA available as software
feature in base IOS image
Available in 15.1(4)T
Supported platforms - 880,
890, and ISR G2
ISR Platforms
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
36
No optimization
WAAS CM:
View both Application Performance
& optimization performance
(compression ratio, lateny savings)
Branch
Office
WAAS
Express
(ISR G2)
NAM data sources:
Flexible Netflow (FNF)
WAAS Flow Agent (FA)
IOS Performance Agent (PA)
Optimization Enabled
NAM
WAAS4.4
CM
Data
Center
ISR G2
Branch
Office
Branch
Office
WAAS SM-SRE
• FNF: applications and their BW use
• WAAS FA, IOS PA: application performance (user
experience
WAAS
inline
ISR G2
Branch
Office
© 2010 Cisco and/or its affiliates. All rights reserved.
WAAS
off path
WAN
NAM5.1 can consume PA data from ISR G2 routers
providing Application Response Time (ART) charts
for WAAS Express deployments.
Cisco Confidential
37
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
38
Virtual Private
Cloud
Server
VMs
vWAAS
WAE
Nexus 1000v
WAAS
Express
Branch Office
VMware ESXi Server
Nexus 1000v VSM
UCS /x86 Server
FC SAN
WAAS
Service
Module
Branch Office
vPATH
Data Center or
Private Cloud
WAN
WAAS
Appliances
WAAS
Appliance
Branch Office
Internet
Server VMs
VMware ESXi
vWAAS
Appliances
VPN
WAAS
Appliance
Platform Management and Services
Regional Office
CIFS
AO
WAAS
Mobile
Server
MAPI
AO
HTTP
AO
SSL
AO
DRE, LZ, TFO
VPN
NFS
AO
W
O
W
V
B
#2
V
B
#3
Configuration
Management
Embedded
virtualization
Cisco WAAS Operating System
Multi-core CPUs
© 2010 Cisco and/or its affiliates. All rights reserved.
Video
AO
Disk Storage (Cache, VB)
Network
I/O
Cisco Confidential
45
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
47
Platform
Total
DRAM
Required
Maximum WAN
Recommended
bandwidth
Number of Users
Supported
Max TCP
Connections
88x
768 M
1.5Mbps
1-10
75
89x
768 M
2 Mbps
1-10
75
1921*
512 M
512 Kbps
1–5
50
1941
2.5 G
4 Mbps
15-20
150
2901
2.5 G
6 Mbps
15-20
150
2911
2.5 G
6 Mbps
25
200
2921
2.5 G
6 Mbps
25
200
2951
4G
6 Mbps
25
200
3925
4G
10 Mbps
50
400
3945
4G
10 Mbps
50
 WAAS Express requires maximum DRAM installed as indicated
400
 Typical Interfaces – 3G, T1, E1, Multi T1s, Multi E1s, and Serial
 Performance Testing Conducted with IOS FW, VPN (IPsec), NAT, and, QoS
* 1921 – no DRE support – only TFO/LZ, no additional memory required
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
48
Hardware
Configuration
Memory
(GB)
Max Opt
TCP
Conn
Number
of
Virtual
Blades
Drive
(GB)
RAID
WAN
Capacity
(Mbps)
Connectivity
Options
NME-WAE-302
.5
250
N/A
80
N/A
4
N/A
NME-WAE-502
1
400
N/A
120
N/A
4
N/A
NME-WAE-522
2
800
N/A
160
N/A
8
N/A
SM-SRE700/710
4
500
N/A
500
N/A
20
N/A
SM-SRE900/910
4
1000
N/A
500
RAID-1
50
N/A
4
200
2
WAVE-294
10
250
8
400
2
8
750
2
WAVE-594
20
500
12
1,300
4
16
2,500
4
24
6,000
6
WAVE-694
N/A
Optional
2nd HDD
for RAID1
50
4 port GE Cu
8 port GE Cu
100
4 port GE fiber
200
2x600
RAID-1
200
* Final recommendations requires a detailed sizing exercise that include application traffic mix, traffic characteristics, application load and other factors
mentioned in the sizing guidelines.
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
49
Performance results
based on
Cisco UCS C210 M2
Cisco UCS B250 M2
© 2010 Cisco and/or its affiliates. All rights reserved.
Hardware
Configuration
Memory
(GB)
Max Opt
TCP Conn
Drive
(GB)
RAID
WAN
Capacity
(Mbps)
WAVE-7541
24
18,000
6 x 450
RAID-5
500
WAVE-7571
48
60,000
8 x 450
RAID-5
1,000
WAVE-8541
96
150,000
8 x 600
RAID-5
2,000
Connectivity
Options
2 port 10GE SFP+
8 port GE Cu
4 port GE fiber
Model
MAX
Devices
Virtual
Cores
Memory
GB
Hard Disk
GB
WAAS
Model
vCM-100N
100
2
2
250
-
vCM-2000N
2000
4
8
600
694
Model
OPT TCP
Conn
WAN BW
Mbps
Virtual
Cores
Memory
GB
Hard Disk
GB
WAAS
Model
vWAAS-200
200
10
1
2
160
294
vWAAS-750
750
50
2
4
250
594
vWAAS-6000
6000
200
4
8
500
694
vWAAS-12000
12000
310
4
12
750
-
vWAAS-60000
60000
1000
8*
48
1500
7571
Cisco Confidential
50
Part Number
2 port 10GE
Module
4 port GE Cu
Module
8 port GE Cu
Module
4 port GE Fiber
Module
WAVE-10GE-2SFP
WAVE-INLN-GE-4T
WAVE-INLN-GE-8T
WAVE-INLN-GE-4SX
✓
✓
✓
N/A
N/A
N/A
Inline Mode
Media
SFP+ SR
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
51
5.0
WAAS 5.0
Cisco WAVE Appliance
Cisco AppNav IOM:
12 x 1G copper
12 x 1G SFP
Cisco
AppNav
WAAS
+
Cisco AppNav
Cisco WAVE:
WAVE-8541
WAVE-7571
WAVE-7541
WAVE-694
Cisco AppNav 1Gbps
Off path or in path deployment
WAAS 5.0
Cisco AppNav 10Gbps
AppNav Off path deployment only appliance
4 x 10G SFP+
© 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
52