Sunteți pe pagina 1din 46

Introduction to

Cisco Wide Area


Application Services

BRKAPP-1004

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

Agenda
Overview
Wide-Area Application Engine (WAE)
WAN Optimization
Application Acceleration
Virtual Blades
Network Integration
Central Management

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

Cisco Application Delivery Networks


Network Classification

Application Scalability

Application Networking

Quality of service
Network-based app recognition
Queuing, policing, shaping
Visibility, monitoring, control

Server load-balancing
Site selection
SSL termination and offload
Video delivery

Message transformation
Protocol transformation
Message-based security
Application visibility

WAN

Application Acceleration

WAN Acceleration

Application Optimization

Latency mitigation
Application data cache
Meta data cache
Local services

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Data redundancy elimination


Window scaling
LZ compression
Adaptive congestion avoidance
Cisco Public

Delta encoding
FlashForward optimization
Application security
Server offload
4

Other Cisco Live Breakout Sessions


that You May Want to Attend
Relevancy
GSS

ISR

WAAS

ACNS

ACE

AXG

Applications

BRKAPP-2002 Server Load Balancing Design


BRKAPP-3003 Troubleshooting ACE
BRKAPP-1004 Introduction WAAS
BRKAPP-2005 Deploying WAAS
BRKAPP-3006 Troubleshooting WAAS
BRKAPP-1008 What can Cisco IOS do for my application?
BRKAPP-1009 Introduction to Web Application Security
BRKAPP-2010 How to build and deploy a scalable video
communication solution for your organization
BRKAPP-2011 Scaling Applications in a Clustered
Environment
BRKAPP-2013 Best Practices for Application Optimization
illustrated with SAP, Seibel and Exchange
BRKAPP-2014 Deploying AXG
BRKAPP-1015 Web 2.0, AJAX, XML, Web Services for
Network Engineers
BRKAPP-1016 Running Applications on the Branch Router
BRKAPP-2017 Optimizing Application Delivery
BRKAPP-2018 Optimizing Oracle Deployments in
Distributed Data Centers
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

Cisco Public

Overview

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Branch IT Infrastructure Challenges


Infrastructure cost/complexity

Backup
Local
Storage

File, print and application servers

App/file/print
Servers

Storage and backup


Plethora of networking equipment

Data protection concerns


Users

Failing backups/lost data

Security
Router

Costly off-site vaulting


Voice

WLAN

Regulatory compliance
Companies spend 6 billion dollars per year on branch
servers, storage, backup and management -Source: IDC,
Gartner, Cisco
Branches consume 70- 90% of business resources. Source: NetworkWorld
Most enterprises have many servers running at 15% or less
utilization, but still requiring 100% administration -Source:
Gartner
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

WAN limitations inhibit


centralization
Bandwidth and throughput
limitations
Latency and packet loss
Poor end-user experience

Cisco Public

Rising Costs of Branch Offices


Companies spend 6 billion dollars per year on branch servers,
storage, backup and management
-Source: IDC, Gartner, Cisco Analysis

Branches consume 70- 90% of business resources


-Source: NetworkWorld

80% of enterprise workers work outside headquarters


-Source: Nemertes Research

Most enterprises have many servers running at 15% or less


utilization, but still requiring 100% administration
-Source: Gartner

The average branch has 4-6 servers


-Source: Nemertes Research

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

Security and Compliance Worries


Rising Incidents of Branch Data Leakage
A top financial firm lost a file server with 930,000 customers information
-Source: CNN, March 2006
A bank lost 3.9 million customers credit information on unencrypted tapes
-Source: Wall Street Journal, June 2005
February 2005, Bank lost unencrypted computer backup tapes containing information
from 1.2 million federally issued credit cards

Regulations Are Responding


HIPAA - Health information of patients
GLBA - Consumer Financial Information
SOX - Business Financial and Accounting Information

Compliance

CA SB 1386 - Consumer Personal Information


PCI - Credit Card Information
*As of July 18, 2006, 34 US states had passed security breach notification laws

Organizations Are Responding


The top emerging technology trend, regardless of site type or timeframe, is the integration
of security features like firewall, VPN, IDS, etc. into routers
-Source: Infonetics

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

WAN and Application Optimization


WAN
LAN-Like
Throughput

60Mbps

End User Throughput


Goes up 5x

2 Mbps

40 Mbps
30 Mbps
20 Mbps

1.5 Mbps
1 Mbps
.5 Mbps

10 Mbps
Throughput

WAN Consumption
Drops 67%

3 Mbps
2.5 Mbps

Throughput

Throughput

50 Mbps

Bandwidth Savings
Fewer Roundtrips

01:20

01:21

01:22

01:23

01:24

01:25

01:26

Throughput

01:20

01:21

01:22

01:23

01:24

01:25

01:26

Optimization Enabled

Advanced
Compression/Cache
Data redundancy elimination
(Up to 100:1 compression)
Persistent LZ compression
(additional 10:1 compression)
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Application Specific
Acceleration

Application protocol aware


Windows file services (CIFS)
Windows print services
Server offload technology
Cisco Public

TCP Flow
Optimization (TFO)
LAN-like TCP behavior
Loss mitigation
Slow-start mitigation
10

Application Performance Improvements


Category

Applications

File Sharing

CIFS
NFS
Microsoft Exchange
Lotus Notes
Internet Mail

Web and
Collaboration

HTTP
WebDAV
FTP
Microsoft Sharepoint

Software
Distribution

Microsoft SMS
Altiris
HP Radia

10X

25X

50X

2-5X Avg

Microsoft SQL
Oracle, SAP
Lotus Notes

Backup
Applications

Microsoft NTBackup
Legato Networker
Veritas Netbackup
CommVault Galaxy
EMC SRDF/A
EMC IP Replicator
NetApp SnapMirror
Data Domain
Double-Take
Veritas Vol Replicator

2008 Cisco Systems, Inc. All rights reserved.

20X Peak

2-10X Avg

2-5X Avg

100X+
>100X Peak

100X Peak

2-20X Avg

Enterprise
Applications

BRKAPP-1004
14617_05_2008_c2

5X

2-20X Avg

Email

Data Replication

2X

>100X Peak

20X Peak

2-10X Avg

50X Peak

2-10X Avg

50X Peak

11

Cisco Public

WAN Bandwidth Optimization


Optimization On

Bandwidth Usage
Reduction
Up to 95% savings
Avoid bandwidth upgrade
De-commission bandwidth
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Improve VoIP
Quality
More room on wire
Better quality and reliability
Use existing QoS policies
Cisco Public

Optimization On

Improved Application
Perf. Management
Report Apps SLA accurately
Find bottlenecks quickly
Invest confidently
12

WAN Optimization with Accurate


Visibility
Application Response Time
Before

Application Data Rate


Before

After

Before

After

After

Before

After

Link Utilization

Protocol Analysis

Accurate Perf.
Management

Integration With
Existing Router QoS

Integration with NetQoS


End to end response time SLA
WAN bandwidth utilization

Granular, robust, extensive QoS


Dynamic bandwidth allocation
Hierarchical queuing/scheduling

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Ease of Operations
and Management
Always the latest Netflow
Unified Netflow analysis
Unified QoS analysis
13

Cisco Public

WAAS Overview Summary

WAAS

Branch Office

WAN

WAAS
WAAS

Branch Office

Data Center

Solutions and Benefits


Application acceleration
Branch and data center
consolidation
WAN bandwidth optimization
Improved data protection
and compliance

BRKAPP-1004
14617_05_2008_c2

Technologies

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Compression and acceleration


Router integration
Security integration
Application perf. mgmt. integration

Cisco Public

Key Success Factors


Most secure WAN acceleration
Highest scalability and
performance
Best reliability and
interoperability
Lowest total cost of ownership

14

Wide-Area Application
Engine (WAE)

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

15

Cisco Public

Wide Area Application


Engine (WAE)
Wide Area Application Services (WAAS) Version 4.1
IOS Platform with Services and CLI

CIFS
AO

MAPI
AO

HTTP
AO

SSL
AO

RTSP
AO

NFS
AO

TCP Proxy with Scheduler Optimizer (SO)


DRE, LZ, TFO

EPM
AO

WoW

Virtual Virtual
Blade Blade
#2
#3

Configuration
Management
System
(CMS)

Windows On WAAS
Virtual Blades

Cisco Linux Kernel


Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery
Flash
IOS Shell
Linux

BRKAPP-1004
14617_05_2008_c2

Application
Storage

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Object
Storage

Cisco Public

DRE
Storage

Virtual Blade
Storage
/vbspace

Ethernet
Network
I/O

16

Wide Area Application Engine


WAAS Portfolio
WAE-7371*
50K/1Gbps
1400GB
WAE-7341*
12K/300Mbps
900GB
WAE-674*
2,000-7,500/155Mbps
600GB

WAE-612
2,000-6,000/90Mbps
300GB
WAE-512
750-1,500/20Mbps
250GB
NME
250-800/4Mbps
80-160GB

Performance (TCP Connections/Throughput/Storage)


* Supports Windows on WAAS
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

17

Cisco Public

Cisco WAE Family


Performance and Scalability
Hardware
Configuration

Max
Opt
TCP
Conn

Max
CIFS
Session

Drive (GB) /
Max Usable
Capacity
(GB)

Max
Drive

Memory (GB)

WAN
Capacity
(Mbps)

CM Scale
(Devices
Managed)

Core
Fan-out
(No of
Peers)

NME-WAE-302

250

NME-WAE-502

500

N/A

80/80

.5

500

120/120

N/A

N/A

NME-WAE-522
WAE-512-1GB

800

800

160/160

750

750

250/250

N/A

500

WAE-512-2GB

1500

1500

250/250

WAE-612-2GB

2000

2000

300/300

20

1000

10

45

2000

30

WAE-612-4GB

6000

2500

WAE-674-4GB

2000

2000

300/300

90

2500

50

300/600

90

2000

100

WAE-674-8GB

7500

2500

300/600

155

2500

200

WAE-7341

12000

WAE-7371

50000

12000

300/900

310

N/A

200

32000

300/1400

24

1000

N/A

400

Video
Capacity

SSL
Capacity

Note: These Are Guidelines for Sizing Based on Certain Assumptions. Enabling
Multiple Features Will Have an Impact on Scalability.
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

18

Device ModeCentral Manager


Provides a GUI interface to
centrally manage the entire
WAAS deployment
Requires a dedicated
appliance
Sole purpose is to provide
configuration management
and reportingno user
traffic is accelerated by CM
Secure communication with
registered WAEs using SSL
Supports a single primary
and multiple warm standby
central managers
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

19

Cisco Public

Device ModeApplication
Accelerator
Optimized for a large number of low to mediumthroughput TCP connections
Default device mode used for branch office environments

Available on all WAE appliance and network module


form factors
Only negotiates optimized connections with other
WAEs in the same mode

WAN

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

20

Device Mode
Replication Accelerator
Optimized for a small number of high-throughput TCP
connections
Focused on EMC SRDF/A and NetApp SnapMirror traffic

Available on the WAE-7341 and WAE-7371 platforms


Only negotiates optimized connections with other
WAEs in the same mode

* Requires WAAS 4.0.19 or Later


BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

21

WAE Device Security Features


Disk encryption
All user cache data is encrypted using AES-256
Encryption key not stored locally

All WAE-to-CM communication encrypted


Common Criteria Certification*
Alphanumeric rules for password strength
Password aging and history
Account lockout
Secure store API used to encrypt/decrypt credentials
Secure random key generator
Secure key destruction
* Requires WAAS 4.0.19 or Later
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

22

WAN Optimization

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

23

Cisco Public

Application Definition
The application definition
provides a logical grouping of
traffic types
Statistics from traffic classifiers
mapped to an application
through a policy map report
through the application
definition
Monitoring is enabled per
application definition

Traffic
Classifier

Application
Definition

Policy
Map

Applications are
assigned to devices
or device groups

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

24

Traffic Classifier
The traffic classifier is used to
identify a connection as a
specific type

Application
Definition

Actions are taken against the


classifier based upon the
configured policy map
Statistics count toward the
application definition that the
classifier is assigned to via the
policy map
Classification is based on
source or destination L3 and
L4 parameters

Policy
Map

Traffic
Classifier

Valid Match Conditions Include:


Source IP address
Source IP subnet
Destination IP address
Destination IP subnet
Source TCP port or range
Destination TCP port or range
All traffic

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

25

Cisco Public

Policy Map
A policy map performs two
primary functions:

Traffic
Classifier

Associates a traffic classifier to an


application definition for reporting
purposes
Assigns an action to be taken
against traffic that matches a traffic
classifier

Policy maps are applied based


on their ordering within Central
Manager, or on the device
itself

Application
Definition

Policy
Map

Policy Map Actions Include:


Pass-through
Optimize
TFO
TFO + LZ
TFO + DRE
Full (TFO + DRE + LZ)

Accelerate
Application adapter or UUID
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

26

TCP Performance Challenges


BDP versus MWS

TCP performance across the WAN is heavily influenced


by two factors:
Bandwidth Delay Product (BDP)
Maximum Windows Size (MWS)
If MWS < BDP, a host will be unable to fully utilize the
available WAN bandwidth
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

27

Cisco Public

WAAS Overview
TFO Improves Transport Performance
TFO overcomes TCP and WAN bottlenecks
Shields nodes connections from WAN conditions
Clients experience fast acknowledgement
Minimize perceived packet loss
Eliminate need to use inefficient congestion handling
WAN

LAN TCP
Behavior

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Window Scaling
Large Initial Windows
Congestion Mgmt
Improved Retransmit
Packet Aggregation

Cisco Public

LAN TCP
Behavior

28

TCP Performance Challenges


Bandwidth Starvation for Short-Lived
Connections
Inability to Use Available Bandwidth
cwnd

TCP

Slow Start

Congestion Avoidance

Time (RTT)

Inefficient Response to Packet


Loss/Congestion

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

29

WAAS TCP Optimizations


Improving Throughput and Congestion Control
RFC896Nagle Algorithm *
RFC1323Window Scaling
RFC2018/2883Selective Acknowledgements (SACK)
RFC3168Explicit Congestion Notification
RFC3390Large Initial Windows
BIC-TCP
Dynamic Right-Sizing: TCP Flow Control Adaptation

*Replication Accelerator Mode Only


BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

30

Comparing TCP and WAAS TFO


Cisco TFO Provides Significant Throughput
Improvements over Standard TCP Implementations

TFO

cwnd

TCP

Slow Start

BRKAPP-1004
14617_05_2008_c2

Congestion Avoidance

2008 Cisco Systems, Inc. All rights reserved.

Time (RTT)

31

Cisco Public

Application Acceleration Transparency


WAAS optimizes TCP-based
applications while preserving
L3 and L4 packet header
information

Src Mac AAA


Dst Mac BBB

Src IP 1.1.1.10
Dst IP 2.2.2.10

Src TCP 15131


Dst TCP 80

App Data

Network transparency allows


application acceleration
components to maintain
compliance with existing
network features
Quality of Service (QoS)
NBAR
NetFlow, monitoring, reporting
Security functions (ACLs, firewall
policies)

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

Src Mac BBB


Dst Mac AAA

Src IP 1.1.1.10
Dst IP 2.2.2.10

Src TCP 15131


Dst TCP 80

Optimized

32

TFO Auto Discovery


WAEs automatically discovers peers through in-band
TCP option marking
Auto discovery exchange allows WAEs to negotiate
capabilities and policy settings
Auto discovery adapts to topology changes
automatically
WCCPv2
or PBR

A:B
A:BTCP
TCPACK
ACK

A:B
A:BTCP
TCPACK
ACK

A:B
A:BTCP
TCPACK
ACK

WAE1

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

WCCPv2
or PBR

WAN

WAE2

ACCELERATION
ACCELERATION
CONFIRMED!
CONFIRMED!

33

Cisco Public

Cisco WAAS Advanced Compression


Cisco WAAS Employs Two (2) Forms of
Advanced Compression:
Data Redundancy Elimination (DRE)
Persistent LZ compression (PLZ)

Original
Message

Compressed
Message

Original
Message

LZ

LZ

DRE

DRE
Synchronized
Context

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

34

Fingerprinting and Chunk Identification


Window
No Boundary Found
Window
No Boundary Found

DRE analyzes incoming


data streams using a sliding
window to identify chunks
Each chunk is assigned
a 5-byte signature

Window
No Boundary Found
Window
No Boundary Found

A single-pass is used to
identify chunks at multiple
levels:

Window

Basic chunks

Boundary Identified!

Chunk aggregation (nesting)


Chunk1

After chunks are identified,


DRE begins pattern matching:

Window

5-Byte Signature

Looks for largest chunks first


Looks for smaller chunks if
necessary

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

35

Cisco Public

DRE Pattern Matching

DRE Database

NO MATCH
NO MATCH
NO MATCH
NO MATCH

Original
Original
Message
Message

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Encoded
Encoded
Message
Message

Cisco Public

36

Lempel-Ziv (LZ) Compression


Searches redundancy within a message
Uses a small compression context
Provides compression for 1st time transfers

Cisco WAAS uses a modified version of LZ, referred


to as Persistent LZ (PLZ)
Compression context is shared across all messages for a
TCP connection
Provides improved compression rates, especially for application
protocols that utilize small messages

WAAS PLZ implementation is also adaptive


Bypasses LZ for highly compressed (DRE) messages or
messages with a low probability of good compression
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

37

Cisco Public

Resource Prioritization
Offers deterministic application processing priority
Reduces processing latency for business critical
application
Integrates with existing QoS marking policies
Leverages WFQ schedules for processing of
application traffic
Classify
IOS
Replication

Prioritize &
Transmit

Sales Portal
Email

Redirect

WAAS
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

Prioritize &
Optimize
38

Service Class
Combination of service class and DSCP marking
weights determine how the connection is scheduled
by DRE
Connections

Scheduling queue:

DSCP Marking Weights


Service Class Weights

Precedence Bits

Priority-Weight

00

10 (10 %)

01

20 (20 %)

10

30 (30 %)

11

40 (40 %)

The Two Low-Order Bits of the


IP Precedence (Tos) Portion
of the DSCP Marking Is
Mapped to a Weight.

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

39

Cisco Public

Power of WAAS WAN Optimization


WAN

LAN-Like
Throughput

Bandwidth Savings
Fewer Roundtrips

WAN Throughput
3 Mbps

50 Mbps

2.5 Mbps
2 Mbps

40 Mbps
Throughput

Throughput

LAN Throughput
60Mbps

30 Mbps
20 Mbps

1 Mbps
.5 Mbps

10 Mbps
Throughput

1.5 Mbps

01:20

01:21

01:22

01:23

01:24

01:25

01:26

Throughput

01:20

01:21

01:22

01:23

01:24

01:25

01:26

Optimization Enabled
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

40

Application
Acceleration

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

41

The Need for Application Acceleration


For some application protocol, throughput is not the
performance limiting factor:
Chatty protocols generates large numbers of synchronous
messages between hosts
As RTT latency increases, latency-bound application suffer

Application-specific acceleration focuses on latency


mitigation techniques:
Local acknowledgment - remove WAN RTT penalty
Asynchronous message handing enables faster exchanges

WAAS includes application-specific acceleration for the


following enterprise protocols:
CIFS, HTTP, SSL, MAPI, NFS, RTSP
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

42

WAAS Application Accelerators


CIFS
HTTP
SSL
MAPI
NFS
RTSP

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

43

The Need for CIFS Acceleration


In this example of a
2MB Word document
open, over 1000
messages are
exchanged.
With a 40ms RTT
WAN, this equates to
more than 52 seconds
of wait time before the
document is usable.

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

44

CIFS Accelerator
Intelligent local handling and optimization of
protocol mitigates latency

Sessions are maintained end-to-end to


ensure no security reconfiguration

File caching removes the need for


unnecessary file transfer; validation ensures
stale data is never served

Auditing, access-control, and quotas are


fully preserved

Transparent integration ensures no client or


server changes to apply optimization

Scheduled preposition to prepopulate Data


Redundancy Elimination and edge data
cache

WAN
Files

FILE.DOC

Cache

Advanced WAN optimization layer improves


throughput and efficiency
DRE eliminates redundant network data

BRKAPP-1004
14617_05_2008_c2

TCP optimizations to improve protocol


ability to fully use the network
2008 Cisco Systems, Inc. All rights reserved.

45

Cisco Public

CIFS Accelerator
Data Caching and Integrity
Edge file segment caching and metadata caching:
Data is cached on demand as files or directories are opened
Prepopulation of edge cache via prepositioning

Coherency, concurrency, and ACL:


Cache validation guarantees that no stale data is served
File locking and AAA are handled synchronously with server
IP
Network
OPEN
FILE.DOC

NAS

Files
AAA, OPEN, LOCK

FILE.DOC
APPROVED, LOCKED, VALIDATED

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

46

CIFS Accelerator
Intelligent File Prepositioning
Intelligent prepositioning capabilities with flexible
configuration to prepopulate cache with files before the
first user request
Leverages DRE and LZ compression to improve
transfer performance and user save performance

IP
Network

NAS

Files
Preposition
FILE.DOC
at 3am

Fetch
FILE.DOC

FILE.DOC

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

47

Cisco Public

The Need for Windows Print Acceleration


Windows print traffic is composed of:
CIFS/MSRPC between the client and print server
Print job traffic (IPP, socket, etc.) between the print server
and printer

CIFS/MSRPC protocols are chatty


RPC calls over SMB are fragmented
Maximum fragment size is 4280 bytes

Print job traffic can consume lots of bandwidth

CIFS / MSRPC

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

IPP, socket, etc.

48

Windows Print Accelerator


Asynchronous Command Handling
RPC command fragments are handled asynchronously
Can boost WAN utilization
Significantly increases rate of commands issued from client

StartDocPrinter
StartDocPrinterReply
StartPagePrinter

StartPagePrinter

StartPagePrinter

StartPagePrinterReply
StartPagePrinterReply
WritePrinter

WritePrinter

WritePrinter

WritePrinterReply
WritePrinterReply

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

49

Windows Print Accelerator


Delayed Close of Printer Handles
Established printer connection teardown postponed for
30 seconds
Subsequent OPEN requests are answered locally

OpenPrinterEx
OpenPrinterExReply
ClosePrinter
ClosePrinterReply
OpenPrinterEx
OpenPrinterExReply

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

50

Windows Print Accelerator


Metadata Caching
Responses for the following printer commands
are cached:
GetPrinter
GetPrinterData
EnumPrintProcessorDataTypes

Metadata cache TTL depends on frequency of


data change
There are three TTL values used:
15 seconds
5 minutes
1 hour
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

51

WAAS Application Accelerators


CIFS
HTTP
SSL
MAPI
NFS
RTSP

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

52

The Need for HTTP Acceleration


Constant connection open/close when servers dont
support HTTP 1.1 or connection reuse
Complex web pages contain many small objects
Each object retrieved using a single connection

For HTTP over WAN the time required to establish a


connection is substantial
WAAS 4.1 release decreases the load time of complex
web pages when persistent connections are not
available

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

53

HTTP Accelerator
Fast Connection Setup
Reuses an existing TCP connection across the WAN
WAN connection bound to a single client
Eliminates connection setup penalty for subsequent client
connections

Tuned to offset connection bursts


Bounded session and idle timeouts

Connect (SYN, SYN-ACK, ACK)


HTTP Request
HTTP Response
Connect
HTTP Request
HTTP Response
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

54

HTTP Accelerator
Proxy Connect to SSL Servers
Explicit web proxy configuration complicates detection
of SSL sessions
CONNECT method creates client-to-server tunnel via proxy
WAAS ATP is aware of proxy IP:Port, not target SSL server

First HTTP request on every new LAN segment is


inspected
Known HTTP methods are handled by the HTTP Acclerator
CONNECT method generates query to SSL Accelerator to
determine if SSL server is accelerated
In all other cases (unrecognized methods, unsupported SSL
servers, etc.) the connection is handed off to the generic TCP
accelerator
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

55

WAAS Application Accelerators


CIFS
HTTP
SSL
MAPI
NFS
RTSP

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

56

The Need for SSL Acceleration


WAAS optimization benefits are maximized only when applied to
decrypted payload
WAN
SSL Handshake

session key derived


Encrypted Data Exchange

WAAS 4.1 release decreases load time of complex web pages


when persistent connections are not available
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

57

Cisco Public

Cisco WAAS SSL Optimization Solution


Core WAE acts as a Trusted Intermediary Node for SSL requests by client
Private Key and Server Certificate are stored on the Core WAE device
Core WAE participates in SSL Handshake to derive session key
Distributes the session key securely in-band to the Edge WAE over the
established connection between the Edge WAE and Core WAE
Edge WAE

Send session key

Core WAE

Transparent
Secure Channel
SSL Handshake

SSL Handshake

WAN
Original
Original Data
Data -- Encrypted
Encrypted

Optimized
Optimized &
& Encrypted
Encrypted

SSL Session Client to Core WAE (WAAS)

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

Original
Original Data
Data -- Encrypted
Encrypted

SSL Session Core WAE to Server


- Core WAE: Server Private Key

58

WAAS Application Accelerators


CIFS
HTTP
SSL
MAPI
NFS
RTSP

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

59

The Need for MAPI Acceleration


TCP ports used between client/server are dynamically
negotiated
MAPI uses MSRPC, which is chatty
Data encoding is negotiated by client/server
Outlook 2000 obfuscates data
Outlook 2003 and 2007 compress data (LZ) or obfuscate if
uncompressible

WAAS 4.1 release accelerates Outlook 20002007


traffic, including:
Emails, calendar items, OAB, messages in public folders

Accelerates both cached and non-cached mode traffic


BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

60

MAPI Accelerator
EndPoint Mapper (EPM)
Required for MAPI Accelerator to function
Listens to client communication with PortMapper server
Creates dynamic ATP entry for negotiated port

Resolve Service a4f1db00


Service a4f1db00 uses tcp/2218
Dynamic Policy Created: tcp/2218 = MAPI Accelerate
Connect tcp/2218
MAPI Request
MAPI Response

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

61

MAPI Accelerator
Asynchronous Writes
Write operations for sending email and attachments are
acknowledged locally
Generating local responses allows clients to fully utilize WAN
bandwidth

Read Ahead
MAPI Accelerator pre-fetches data during idle periods
Always happens in the context of an existing user session

Messages Decompression
WAAS modifies client/server messages to disable host
compression
Recognizes remote operations and instructs DRE to exclude
their headers from the compression input stream
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

62

WAAS Application Accelerators


CIFS
HTTP
SSL
MAPI
NFS
RTSP

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

63

The Need for NFS Acceleration


Chatty nature of the protocol
Ex: File creation generates 4+ RPC calls, each one handled
synchronously

Client optimizations insufficient for high BDP


environments
Ex: Client read/write buffers are too small (128-512KB)

Coherency mechanisms increase chatter


Ex: Every file open results in an attribute check with the server

WAAS 4.1 release focuses on accelerating large file


copies between a client and server

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

64

NFS Accelerator
Data Write Optimization
Write optimizations applied to requests with the
UNSTABLE flag set
Local acknowledgement generated for consecutive
write requests

Write #1
Write #1
Write #2
Write #2
WriteReply #1
WriteReply #1

WriteReply #2
WriteReply #2

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

65

Cisco Public

NFS Accelerator
Data Read Optimization
Read ahead initiated per connection in presence of
sequential read requests and connection inactivity
Edge WAE instructs CORE WAE to start/stop readahead based on protocol indicators

Read #1
Read #1
Read #2
ReadAhead #2
Read #3
ReadReply #3

Read #2
ReadReply #2

ReadReply #2

Read #4
ReadReply #4

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

66

NFS Accelerator
Attribute Caching
A FH cache is maintained per connection (client)
Provides local replies to GETATTR requests

Attribute requests are always forwarded to the


origin server
Local response to client is provided if FH entry is cached and
less than 15 seconds old

Cache eviction is a combination of random and LRU


Cache performs random eviction when cache size is less than
watermark value
Above watermark, cache performs eviction based on LRU

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

67

WAAS Application Accelerators


CIFS
HTTP
SSL
MAPI
NFS
RTSP

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

68

The Need for RTSP Acceleration


Live video streaming is bandwidth intensive
Bandwidth consumption = StreamRate x NumUsers
Separate stream for each individual user
Media
Players

WAN

WAAS 4.1 accelerates Windows Media live stream


requests on RTSP
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

69

RTSP Accelerator
Acceleration Algorithm
Each new client request (over LAN) will reuse existing
incoming stream (over WAN) for the same stream URL
Creates a splitting effect

For incoming accelerated stream (over WAN),


compression is disabled
Reduces resource overhead

Client requests over RTSP/UDP automatically rolled


over to RTSP/TCP
RTSP/TCP used for streaming over WAN

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

70

RTSP Accelerator
Acceleration Example

Video AO
(Edge side Stream
Split)

Media
Players

WAN

On match, One incoming stream play will be split into


multiple outgoing streams

End to End connections for transparent


authentication and url & asf-hdr check
for match
Very high WAN bandwidth savings !!
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

71

Cisco Public

Integration with WAN Optimization


WAAS Application Accelerators Leverage WAN
Optimization Capabilities Provided by TFO+DRE+PLZ
TFO enables the protocols to more effectively and
efficiently use available WAN resources
DRE+PLZ improves the performance through
compression and data suppression

WAN
FILE.DOC

Transport Flow Optimization

LZ

Edge

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Files
DRE Cache

DRE Cache

LZ

Core

Cisco Public

72

Virtual Blades

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

73

Cisco Public

Branch IT Infrastructure:
Main Approaches Today
Fully Distributed Branch IT

Fully Centralized Branch IT

Local
Storage
Backup

Users
Users
App/file/print
Servers
Router
Router

(+) Everything available

(+) Centralized management

(-) Cost of management

(-) Application performance


(-) Limited local services

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

74

Branch IT Infrastructure:
Cisco WAAS Approach
9 Centralize what you can with
Cisco WAAS

Flexible, Optimized Branch IT

9 Locally host Window services on


same WAAS device

Local
Storage
Backup

Data Center

Cisco
WAAS
Cisco
WAAS

Users
WAN

Servers

Router
Business and
Communication Apps

WAAS and Windows Server:


Providing Best Mix of Distributed and Centralized IT
Services

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Storage

Backup

75

Cisco Public

Virtual BladeSample Flow


Allocate Resources and Deploy Image
Allocate resources and start Virtual-Blade instance
Easy and simplefrom WAAS CM or from CLI

Centrally deploy server image over to WAE


From CLI or WAAS CM, using FTP or HTTP

Remote Office
WAE#virtual-blade 1 show
virtual-blade 1
V V V
description WIN2008-SERVER
B B B
memory 1500MB
1 2 3
disk size 150GB
cpu-count 1
WAASAppliance
cpu-list 1
cd-image disk /local1/Longhorn.iso
boot-from disk
interface 1 bridge GigabitEthernet 1/0 mac-address 00:13:24:35:35:35
Remote Office
not shutdown
running
serial console session inactive
V V V
B B B
1 2 3

Data Center
ISR

WAN

WAAS
Appliance

ISR

WAASAppliance

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

76

Network Integration

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

77

Cisco Public

Network Integration Overview: In-Path


Cisco WAEs Can Be Deployed Physically In-Path
WAE sits physically in-path between two (2) network
elements (such as a branch router and switch)
Inspects all traffic passing through the device and
determines which traffic to intercept
Intercepts packets in both direction of flow
Passes through non-TCP traffic at a low layer

Fully transparent solutionmaintains compatibility with


most existing IOS features
IP
Network

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

78

Cisco WAE Physical Inline Deployment


Physical inline interception:
Physical in-path deployment between
switch, and router or firewall
Mechanical fail-to-wire upon hardware,
software, or power failure
Requires no router configuration

Scalability and high availability:


Two two-port groups
Serial clustering with load-sharing and
fail-over
Redundant network paths and
asymmetric routing

Seamless integration:

Cisco WAE
4-Port Inline Card

Transparency and automatic discovery


802.1q support, configurable VLANs
Supported on all WAE appliances
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

79

Cisco Public

Network Integration Overview: Off-Path


Cisco WAE Devices Attach to the LAN as an
Appliance
WAE devices rely on packet interception and
redirection to enable application acceleration and WAN
optimization:
Interception in each site where deployed
Interception in both directions of packet flow

Transparent optimizations maintain compatibility with


most IOS features and other platforms
IP
Network

Cisco WAE

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

80

Network Interception
Network Attached Optimizations Rely on Devices
Physically Attached to the Network at Strategic Locations
Generally deployed at network entry/exit points
Rely on network interception to supply flows to optimize

Non-Optimized Flow

IP
Network
Optimized Flow
Intercepted Flow
Cisco Wide Area
Application Engine

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

81

Cisco Public

Cisco WAE WCCPv2 Deployment


WCCPv2 interception
Out-of-path with redirection of
flows to be optimized (all flows or
selective via redirect-list)
Automatic load-balancing, load
redistribution, fail-over, and failthrough operation

Original
Original
Flow
Flow

Scalability and high availability


Up to 32 WAEs within a service
group and up to 32 routers

Service
Service
Group
Group
Interception
Interception
Redirection
Redirection

Linear performance and scalability


increase as devices are added
Optimized
Optimized
Flow
Flow

Seamless integration
Transparency and automatic
discovery
Supported on all WAE platforms
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

82

Cisco WAE ACE Deployment


Application Control Engine (ACE)
Industry-leading scalability and
performance for the most demanding
data center networks

WAN

Supports up to 16Gbps throughput, 4M


concurrent TCP connections, and 350K
connections/sec setup

Seamless integration
Fully integrated with the Catalyst 6500
series of intelligent switches
Transparency and automatic discovery

Optimized
Optimized
Flow
Flow

Catalyst
Catalyst
650X
650Xw/
w/
ACE
ACE

Original
Original
Flow
Flow

Supported on all WAE appliances

Industry Leading Functionality


Solution for scaling servers, appliances,
and network devices
Virtual partitions, flexible resource
assignment, security, and control
BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

83

Central Management

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

84

WAAS Central Manager


Central Manager Navigation
Context-based Menus based on
device group or device selection
Organized for intuitive access

Reporting Capabilities
Choose pre-defined reports or
create your own
Scheduled report generation and email
Report per device or device group

RBAC capabilities
Support for User Group
authorization
Privileges, including Readonly access
Reporting views

SOA-ready Monitoring
Standard XML Web
Service (SOAP)
Integration with external reporting
and monitoring portals

Virtual Blade Management


Centralized creation, deployment,
management and monitoring for
Virtual Blades

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

85

Davis Central Manager Dashboard

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

86

Device Home Page

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

87

Cisco Public

88

Q and A

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Recommended Reading
Continue your Cisco Live
learning experience with further
reading from Cisco Press
Check the Recommended
Reading flyer for suggested
books

Available Onsite at the Cisco Company Store


BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

Cisco Public

89

Complete Your Online


Session Evaluation
Give us your feedback and you could win
fabulous prizes. Winners announced daily.
Receive 20 Passport points for each session
evaluation you complete.
Complete your session evaluation online now
(open a browser through our wireless network
to access our portal) or visit one of the Internet
stations throughout the Convention Center.

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

Dont forget to activate


your Cisco Live virtual
account for access to
all session material
on-demand and return
for our live virtual event
in October 2008.
Go to the Collaboration
Zone in World of
Solutions or visit
www.cisco-live.com.

90

BRKAPP-1004
14617_05_2008_c2

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.


Presentation_ID.scr

Cisco Public

91

S-ar putea să vă placă și