Cisco Intelligent WAN (IWAN)

Book description

The complete guide to Cisco® IWAN: features, benefits, planning, and deployment

Using Cisco Intelligent WAN (IWAN), businesses can deliver an uncompromised experience, security, and reliability to branch offices over any connection. Cisco IWAN simplifies WAN design, improves network responsiveness, and accelerates deployment of new services. Now, there’s an authoritative single-source guide to Cisco IWAN: all you need to understand it, design it, and deploy it for maximum value.

In Cisco Intelligent WAN (IWAN), leading Cisco experts cover all key IWAN technologies and components, addressing issues ranging from visibility and provisioning
to troubleshooting and optimization. They offer extensive practical guidance on migrating to IWAN from your existing WAN infrastructure.

This guide will be indispensable for all experienced network professionals who support WANs, are deploying Cisco IWAN solutions, or use related technologies such as DMVPN or PfR.

  • Deploy Hybrid WAN connectivity to increase WAN capacity and improve application performance

  • Overlay DMVPN on WAN transport to simplify operations, gain transport independence, and improve VPN scalability

  • Secure DMVPN tunnels and IWAN routers

  • Use Application Recognition to support QoS, Performance Routing (PfR), and application visibility

  • Improve application delivery and WAN efficiency via PfR

  • Monitor hub, transit, and branch sites, traffic classes, and channels

  • Add application-level visibility and per-application monitoring to IWAN routers

  • Overcome latency and bandwidth inefficiencies that limit application performance

  • Use Cisco WAAS to customize each location’s optimizations, application accelerations, and virtualization

  • Smoothly integrate Cisco WAAS into branch office network infrastructure

  • Ensure appropriate WAN application responsiveness and experience

  • Improve SaaS application performance with Direct Internet Access (DIA)

  • Perform pre-migration tasks, and prepare your current WAN for IWAN

  • Migrate current point-to-point and multipoint technologies to IWAN

  • Table of contents

    1. About This E-Book
    2. Title Page
    3. Copyright Page
    4. About the Authors
    5. About the Technical Reviewers
    6. Dedications
    7. Acknowledgments
    8. Contents at a Glance
    9. Contents
    10. Icons Used in This Book
    11. Command Syntax Conventions
    12. Foreword
    13. Introduction
      1. Who Should Read This Book?
      2. How This Book Is Organized
      3. Learning in a Lab Environment
      4. Additional Reading
    14. Part I: Introduction to IWAN
      1. Chapter 1. Evolution of the WAN
        1. WAN Connectivity
          1. Leased Circuits
          2. Internet
          3. Multiprotocol Label Switching VPNs (MPLS VPNs)
        2. Increasing Demands on Enterprise WANs
          1. Server Virtualization and Consolidation
          2. Cloud-Based Services
          3. Collaboration Services
          4. Bring Your Own Device (BYOD)
          5. Guest Internet Access
        3. Quality of Service for the WAN
        4. Branch Internet Connectivity and Security
          1. Centralized Internet Access
          2. Distributed Internet Access
        5. Cisco Intelligent WAN
          1. Transport Independence
          2. Intelligent Path Control
          3. Application Optimization
          4. Secure Connectivity
          5. Software-Defined Networking (SDN) and Software-Defined WAN (SD-WAN)
        6. Summary
    15. Part II: Transport Independent Design
      1. Chapter 2. Transport Independence
        1. WAN Transport Technologies
          1. Dial-Up
          2. Leased Circuits
          3. Virtual Circuits
          4. Peer-to-Peer Networks
          5. Broadband Networks
          6. Cellular Wireless Networks
          7. Virtual Private Networks (VPNs)
          8. Multiprotocol Label Switching (MPLS) VPNs
          9. Link Oversubscription on Multipoint Topologies
          10. Dynamic Multipoint VPN (DMVPN)
        2. Benefits of Transport Independence
          1. Managing Bandwidth Cost
          2. Leveraging the Internet
          3. Intelligent WAN Transport Models
        3. Summary
      2. Chapter 3. Dynamic Multipoint VPN
        1. Generic Routing Encapsulation (GRE) Tunnels
          1. GRE Tunnel Configuration
          2. GRE Example Configuration
        2. Next Hop Resolution Protocol (NHRP)
        3. Dynamic Multipoint VPN (DMVPN)
          1. Phase 1: Spoke-to-Hub
          2. Phase 2: Spoke-to-Spoke
          3. Phase 3: Hierarchical Tree Spoke-to-Spoke
        4. DMVPN Configuration
          1. DMVPN Hub Configuration
          2. DMVPN Spoke Configuration for DMVPN Phase 1 (Point-to-Point)
          3. Viewing DMVPN Tunnel Status
          4. Viewing the NHRP Cache
          5. DMVPN Configuration for Phase 3 DMVPN (Multipoint)
        5. Spoke-to-Spoke Communication
          1. Forming Spoke-to-Spoke Tunnels
          2. NHRP Route Table Manipulation
          3. NHRP Route Table Manipulation with Summarization
        6. Problems with Overlay Networks
          1. Recursive Routing Problems
          2. Outbound Interface Selection
          3. Front-Door Virtual Route Forwarding (FVRF)
        7. IP NHRP Authentication
        8. Unique IP NHRP Registration
        9. DMVPN Failure Detection and High Availability
          1. NHRP Redundancy
          2. NHRP Traffic Statistics
          3. DMVPN Tunnel Health Monitoring
        10. DMVPN Dual-Hub and Dual-Cloud Designs
        11. IWAN DMVPN Sample Configurations
        12. Sample IWAN DMVPN Transport Models
        13. Backup Connectivity via Cellular Modem
          1. Enhanced Object Tracking (EOT)
          2. Embedded Event Manager
        14. IWAN DMVPN Guidelines
        15. Troubleshooting Tips
        16. Summary
        17. Further Reading
      3. Chapter 4. Intelligent WAN (IWAN) Routing
        1. Routing Protocol Overview
        2. Topology
        3. WAN Routing Principles
          1. Multihomed Branch Routing
          2. Route Summarization
          3. Traffic Engineering for DMVPN and PfR
        4. EIGRP for IWAN
          1. Base Configuration
          2. Verification of EIGRP Neighbor Adjacencies
          3. EIGRP Stub Sites on Spokes
          4. EIGRP Summarization
          5. EIGRP Traffic Steering
          6. Complete EIGRP Configuration
          7. Advanced EIGRP Site Selection
        5. Border Gateway Protocol (BGP)
          1. BGP Routing Logic
          2. Base Configuration
          3. BGP Neighbor Sessions
          4. Default Route Advertisement into BGP
          5. Routes Learned via DMVPN Tunnel Are Always Preferred
          6. Branch Router Configuration
          7. Changing BGP Administrative Distance
          8. Route Advertisement on DMVPN Hub Routers
          9. Traffic Steering
          10. Complete BGP Configuration
          11. Advanced BGP Site Selection
        6. FVRF Transport Routing
        7. Multicast Routing
          1. Multicast Distribution Trees
          2. Rendezvous Points
          3. Protocol Independent Multicast (PIM)
          4. Source Specific Multicast (SSM)
          5. Multicast Routing Table
          6. IWAN Multicast Configuration
          7. Hub-to-Spoke Multicast Stream
          8. Spoke-to-Spoke Multicast Traffic
        8. Summary
        9. Further Reading
      4. Chapter 5. Securing DMVPN Tunnels and Routers
        1. Elements of Secure Transport
        2. IPsec Fundamentals
          1. Security Protocols
          2. Key Management
          3. Security Associations
          4. ESP Modes
        3. IPsec Tunnel Protection
          1. Pre-shared Key Authentication
          2. Verification of Encryption on IPsec Tunnels
          3. Private Key Infrastructure (PKI)
        4. IKEv2 Protection
          1. Basic IOS CA Management
        5. Securing Routers That Connect to the Internet
          1. Access Control Lists (ACLs)
          2. Zone-Based Firewalls (ZBFWs)
        6. Control Plane Policing (CoPP)
          1. IOS Embedded Packet Capture (EPC)
          2. IOS XE Embedded Packet Capture
          3. Analyzing and Creating the CoPP Policy
        7. Device Hardening
        8. Summary
        9. Further Reading
    16. Part III: Intelligent Path Control
      1. Chapter 6. Application Recognition
        1. What Is Application Recognition?
        2. What Are the Benefits of Application Recognition?
        3. NBAR2 Application Recognition
        4. NBAR2 Application ID, Attributes, and Extracted Fields
          1. NBAR2 Application ID
          2. NBAR2 Application Attributes
          3. NBAR2 Layer 7 Extracted Fields
        5. NBAR2 Operation and Functions
          1. Phases of Application Recognition
          2. NBAR2 Engine and Best-Practice Configuration
        6. Custom Applications and Attributes
          1. Auto-learn Traffic Analysis Engine
          2. Traffic Auto-customization
          3. Manual Application Customization
          4. Manual Application Attributes Customization
        7. NBAR2 State with Regard to Device High Availability
        8. Encrypted Traffic
        9. NBAR2 Interoperability with Other Services
        10. NBAR2 Protocol Discovery
          1. Enabling NBAR2 Protocol Discovery
          2. Displaying NBAR2 Protocol Discovery Statistics
          3. Clearing NBAR2 Protocol Discovery Statistics
        11. NBAR2 Visibility Dashboard
        12. NBAR2 Protocol Packs
          1. Release and Download of NBAR2 Protocol Packs
          2. NBAR2 Protocol Pack License
          3. Application Customization
          4. NBAR2 Protocol Pack Types
          5. NBAR2 Protocol Pack States
          6. Identifying the NBAR2 Software Version
          7. Verifying the Active NBAR2 Protocol Pack
          8. Loading an NBAR2 Protocol Pack
          9. NBAR2 Taxonomy File
          10. Protocol Pack Auto Update
        13. Validation and Troubleshooting
          1. Verify the Software Version
          2. Check the Device License
          3. Verifying That NBAR2 Is Enabled
          4. Verifying the Active NBAR2 Protocol Pack
          5. Checking That Policies Are Applied Correctly
          6. Reading Protocol Discovery Statistics
          7. Granular Traffic Statistics
          8. Discovering Generic and Unknown Traffic
          9. Verifying the Number of Flows
        14. Summary
        15. Further Reading
      2. Chapter 7. Introduction to Performance Routing (PfR)
        1. Performance Routing (PfR)
          1. Simplified Routing over a Transport-Independent Design
          2. “Classic” Path Control Used in Routing Protocols
          3. Path Control with Policy-Based Routing
          4. Intelligent Path Control—Performance Routing
          5. Introduction to PfRv3
        2. Introduction to the IWAN Domain
          1. IWAN Sites
          2. Device Components and Roles
          3. IWAN Peering
          4. Parent Route Lookups
        3. Intelligent Path Control Principles
          1. PfR Policies
          2. Site Discovery
          3. Site Prefix Database
          4. PfR Enterprise Prefixes
          5. WAN Interface Discovery
          6. Channel
          7. Smart Probes
          8. Traffic Class
          9. Path Selection
          10. Performance Monitoring
          11. Threshold Crossing Alert (TCA)
          12. Path Enforcement
        4. Summary
        5. Further Reading
      3. Chapter 8. PfR Provisioning
        1. IWAN Domain
        2. Topology
          1. Overlay Routing
          2. Traffic Engineering for PfR
          3. PfR Components
        3. PfR Configuration
          1. Master Controller Configuration
          2. BR Configuration
          3. NetFlow Exports
          4. Domain Policies
          5. Complete Configuration
        4. Advanced Parameters
          1. Unreachable Timer
          2. Smart Probes Ports
          3. Transit Site Affinity
        5. Path Selection
          1. Routing—Candidate Next Hops
          2. Routing—No Transit Site Preference
          3. Routing—Site Preference
          4. PfR Path Preference
          5. PfR Transit Site Preference
          6. Using Transit Site Preference and Path Preference
        6. Summary
        7. Further Reading
      4. Chapter 9. PfR Monitoring
        1. Topology
        2. Checking the Hub Site
          1. Check the Routing Table
          2. Checking the Hub MC
          3. Checking the Hub BRs
          4. Verification of Remote MC SAF Peering with the Hub MC
        3. Checking the Transit Site
        4. Check the Branch Site
          1. Check the Routing Table
          2. Check Branch MC Status
          3. Check the Branch BR
        5. Monitoring Operations
          1. Routing Table
          2. Monitor the Site Prefix
          3. Monitor Traffic Classes
          4. Monitor Channels
          5. Transit Site Preference
        6. Summary
        7. Further Reading
      5. Chapter 10. Application Visibility
        1. Application Visibility Fundamentals
          1. Overview
          2. Components
          3. Flows
        2. Performance Metrics
          1. Application Response Time Metrics
          2. Media Metrics
          3. Web Statistics
        3. Flexible NetFlow
          1. Flexible NetFlow Overview
          2. Configuration Principles
          3. Flexible NetFlow for Application Visibility
          4. Monitoring NetFlow Data
          5. Flexible NetFlow Summary
        4. Evolution to Performance Monitor
          1. Principles
          2. Performance Monitor Configuration Principles
          3. Easy Performance Monitor (ezPM)
          4. ezPM Configuration Steps
          5. Monitoring Performance Monitor
        5. Metrics Export
          1. Flow Record, NetFlow v9, and IPFIX
          2. Terminology
          3. NetFlow Version 9 Packet Header Format (RFC 3954)
          4. IPFIX Packet Header Format (RFC 7011)
          5. Monitoring Exports
          6. Monitoring Performance Collection on Network Management Systems
        6. Deployment Considerations
          1. Performance Routing
          2. Interoperability with WAAS
        7. Summary
        8. Further Reading
    17. Part IV: Application Optimization
      1. Chapter 11. Introduction to Application Optimization
        1. Application Behavior
          1. Bandwidth
          2. Latency
        2. Cisco Wide Area Application Services (WAAS)
          1. Cisco WAAS Architecture
          2. TCP Optimization
        3. Caching and Compression
          1. Compression
          2. Object Caching
        4. Application-Specific Acceleration
          1. Microsoft Exchange Application Optimization
          2. HTTP Application Optimization
          3. SharePoint Application Optimization
          4. SSL Application Optimization
          5. Citrix Application Optimization
          6. CIFS Application Optimization
          7. SMB Application Optimization
          8. NFS Acceleration
          9. Akamai Connect
        5. Summary
        6. Further Reading
      2. Chapter 12. Cisco Wide Area Application Services (WAAS)
        1. Cisco WAAS Architecture
          1. Central Management Subsystem
          2. Interface Manager
          3. Monitoring Facilities and Alarms
          4. Network Interception and Bypass Manager
          5. Application Traffic Policy Engine
          6. Disk Encryption
        2. Cisco WAAS Platforms
          1. Router-Integrated Network Modules
          2. Appliances
          3. ISR-WAAS
          4. WAAS Performance and Scalability Metrics
        3. WAAS Design and Performance Metrics
          1. Device Memory
          2. Disk Capacity
          3. Number of Optimized TCP Connections
          4. WAN Bandwidth and LAN Throughput
          5. Number of Peers and Fan-out Each
          6. Central Manager Sizing
          7. Licensing
        4. Cisco WAAS Operational Modes
          1. Transparent Mode
          2. Directed Mode
        5. Interception Techniques and Protocols
          1. Web Cache Communication Protocol
          2. Policy-Based Routing (PBR)
          3. Inline Interception
          4. AppNav Overview
          5. AppNav IOM
          6. AppNav-XE
          7. Advantages of Using the AppNav-XE Component
          8. Guidelines and Limitations
        6. WAAS Interception Network Integration Best Practices
        7. Summary
        8. Further Reading
      3. Chapter 13. Deploying Application Optimizations
        1. GBI: Saving WAN Bandwidth and Replicating Data
        2. WAN Optimization Solution
        3. Deploying Cisco WAAS
          1. WAAS Data Center Deployment
          2. Primary Central Manager
          3. Standby Central Manager
        4. AppNav-XE
          1. Initial GBI AppNav-XE Deployment
          2. Deploying a Data Center Cluster
          3. Deploying a Separate Node Group and Policy for Replication
          4. Deploying a New Policy for Data Center Replication
        5. GBI Branch Deployment
          1. Branch 1 Sizing
          2. Branch 1 Deployment
          3. Branch 12 Sizing
          4. Branch 12 WAAS Deployment
        6. Summary
    18. Part V: QoS
      1. Chapter 14. Intelligent WAN Quality of Service (QoS)
        1. QoS Overview
        2. Ingress QoS NBAR-Based Classification
        3. Ingress LAN Policy Maps
        4. Egress QoS DSCP-Based Classification
        5. Egress QoS Policy Map
        6. Hierarchical QoS
        7. DMVPN Per-Tunnel QoS
          1. Per-Tunnel QoS Tunnel Markings
          2. Bandwidth-Based QoS Policies
          3. Bandwidth Remaining QoS Policies
          4. Subrate Physical Interface QoS Policies
          5. Association of Per-Tunnel QoS Policies
          6. Per-Tunnel QoS Verification
          7. Per-Tunnel QoS Caveats
        8. QoS and IPSec Packet Replay Protection
        9. Complete QoS Configuration
        10. Summary
        11. Further Reading
    19. Part VI: Direct Internet Access
      1. Chapter 15. Direct Internet Access (DIA)
        1. Guest Internet Access
          1. Dynamic Host Configuration Protocol (DHCP)
          2. Network Address Translation (NAT)
          3. Verification of NAT
          4. Zone-Based Firewall (ZBFW) Guest Access
          5. Verification of ZBFW for Guest Access
        2. Guest Access Quality of Service (QoS)
        3. Guest Access Web-Based Acceptable Use Policy
          1. Guest Network Consent
          2. Guest Authentication
        4. Internal User Access
        5. Fully Specified Static Default Route
        6. Verification of Internet Connectivity
        7. Network Address Translation (NAT)
        8. Policy-Based Routing (PBR)
        9. Internal Access Zone-Based Firewall (ZBFW)
        10. Cloud Web Security (CWS)
        11. Baseline Configuration
        12. Outbound Proxy
        13. WAAS and WCCP Redirect
        14. Prevention of Internal Traffic Leakage to the Internet
        15. Summary
        16. References in this Chapter
    20. Part VII: Migration
      1. Chapter 16. Deploying Cisco Intelligent WAN
        1. Pre-Migration Tasks
          1. Document the Existing WAN
          2. Network Traffic Analysis
          3. Proof of Concept
          4. Finalize the Design
        2. Migration Overview
          1. IWAN Routing Design Review
          2. EIGRP for the IWAN and the LAN
          3. BGP for the IWAN and an IGP (OSPF) for the LAN
          4. Routing Design During Migration
        3. Deploying DMVPN Hub Routers
        4. Migrating the Branch Routers
          1. Migrating a Single-Router Site with One Transport
          2. Migrating a Single-Router Site with Multiple Transports
          3. Migrating a Dual-Router Site with Multiple Transports
        5. Post-Migration Tasks
        6. Migrating from a Dual MPLS to a Hybrid IWAN Model
        7. Migrating IPsec Tunnels
        8. PfR Deployment
        9. Testing the Migration Plan
        10. Summary
        11. Further Reading
    21. Part VIII: Conclusion
      1. Chapter 17. Conclusion and Looking Forward
        1. Intelligent WAN Today
        2. Intelligent WAN Architecture
        3. Intelligent WAN Tomorrow
    22. Appendix A. Dynamic Multipoint VPN Redundancy Models
      1. NHRP Clusterless Model
      2. NHRP Clustered Model
      3. NHRP Clustered Model Configuration
      4. Further Reading
    23. Appendix B. IPv6 Dynamic Multipoint VPN
      1. IPv6-over-IPv6 Sample Configuration
      2. IPv6 DMVPN Verification
      3. IPv4 over IPv6 Sample Configuration
      4. IPv4-over-IPv6 Verification
        1. Further Reading
    24. Index
    25. Code Snippets

    Product information

    • Title: Cisco Intelligent WAN (IWAN)
    • Author(s): Brad Edgeworth, Jean-Marc Barozet, David Prall, Anthony Lockhart, Nir Ben-Dvora
    • Release date: October 2016
    • Publisher(s): Cisco Press
    • ISBN: 9780134423760