Introduction to Cisco Wide Area Application Services BRKAPP , Cisco Systems, Inc. All rights reserved. Presentation_ID.

(1)

14617_05_2008_c2

2 Introduction to

Cisco Wide Area

Application Services

(2)

3

BRKAPP-1004 14617_05_2008_c2

Agenda

Overview

Wide-Area Application Engine (WAE)

WAN Optimization

Application Acceleration

Virtual Blades

Network Integration

Central Management

WAN Acceleration

Data redundancy elimination

Window scaling

LZ compression

Application Acceleration

Latency mitigation

Application data cache

Meta data cache

Application Optimization

Delta encoding

FlashForward optimization

Application security

Application Networking

Message transformation

Protocol transformation

Message-based security

Application visibility

Application Scalability

Server load-balancing

Site selection

SSL termination and offload

Video delivery

Network Classification

Quality of service

Network-based app recognition

Queuing, policing, shaping

Visibility, monitoring, control

Cisco Application Delivery Networks

(3)

5

BRKAPP-1004 14617_05_2008_c2

Other Cisco Live Breakout Sessions

that You May Want to Attend

BRKAPP-2002

Server Load Balancing Design

BRKAPP-3003

Troubleshooting ACE

BRKAPP-1004

Introduction WAAS

BRKAPP-2005

Deploying WAAS

BRKAPP-3006

Troubleshooting WAAS

BRKAPP-1008

What can Cisco IOS do for my application?

BRKAPP-1009

Introduction to Web Application Security

BRKAPP-2010

How to build and deploy a scalable video

communication solution for your organization

BRKAPP-2011

Scaling Applications in a Clustered

Environment

BRKAPP-2013

Best Practices for Application Optimization

illustrated with SAP, Seibel and Exchange

BRKAPP-2014

Deploying AXG

BRKAPP-1015

Web 2.0, AJAX, XML, Web Services for

Network Engineers

BRKAPP-1016

Running Applications on the Branch Router

BRKAPP-2017

Optimizing Application Delivery

BRKAPP-2018

Optimizing Oracle Deployments in

Distributed Data Centers

Applications ISR

GSS WAAS ACNS ACE AXG

Relevancy

6

BRKAPP-1004 14617_05_2008_c2

(4)

7

BRKAPP-1004 14617_05_2008_c2

Branch IT Infrastructure Challenges

Infrastructure cost/complexity

File, print and application servers

Storage and backup

Plethora of networking equipment

Data protection concerns

Failing backups/lost data

Costly off-site vaulting

Regulatory compliance

WAN limitations inhibit

centralization

Bandwidth and throughput

limitations

Latency and packet loss

Poor end-user experience

App/file/print Servers Local Storage Backup Users Router Security Voice WLAN

Companies spend 6 billion dollars per year on branch

servers, storage, backup and management

-Source: IDC,

Gartner, Cisco

Branches consume 70- 90% of business resources.

-Source: NetworkWorld

Most enterprises have many servers running at 15% or less

utilization, but still requiring 100% administration

-Source:

Gartner

Rising Costs of Branch Offices

Companies spend 6 billion dollars per year on branch servers,

storage, backup and management

-Source: IDC, Gartner, Cisco Analysis

Branches consume 70- 90% of business resources

-Source: NetworkWorld

80% of enterprise workers work outside headquarters

-Source: Nemertes Research

Most enterprises have many servers running at 15% or less

utilization, but still requiring 100% administration

-Source: Gartner

The average branch has 4-6 servers

(5)

9

BRKAPP-1004 14617_05_2008_c2

Security and Compliance Worries

Rising Incidents of Branch Data Leakage

A top financial firm lost a file server with 930,000 customers information

-Source: CNN, March 2006

A bank lost 3.9 million customers credit information on unencrypted tapes

-Source: Wall Street Journal, June 2005

February 2005, Bank … lost unencrypted computer backup tapes containing information

from 1.2 million federally issued credit cards

Regulations Are Responding

HIPAA

- Health information of patients

GLBA

- Consumer Financial Information

SOX

- Business Financial and Accounting Information

CA SB 1386

- Consumer Personal Information

PCI

- Credit Card Information

*As of July 18, 2006, 34 US states had passed security breach notification laws

Organizations Are Responding

The top emerging technology trend, regardless of site type or timeframe, is the integration

of security features like firewall, VPN, IDS, etc. into routers

-Source: Infonetics

Compliance

10

BRKAPP-1004 14617_05_2008_c2

WAN and Application Optimization

Application protocol aware

Windows file services (CIFS)

Windows print services

Server offload technology

Data redundancy elimination

(Up to 100:1 compression)

Persistent LZ compression

(additional 10:1 compression)

LAN-like TCP behavior

Loss mitigation

Slow-start mitigation

LAN-Like

Throughput

Bandwidth Savings

Fewer Roundtrips

T h roughput Throughput 60Mbps 10 Mbps 20 Mbps 30 Mbps 40 Mbps 50 Mbps 01:20 01:21 01:22 01:23 01:24 01:25 01:26 T h roughput Throughput 3 Mbps .5 Mbps 1 Mbps 1.5 Mbps 2 Mbps 2.5 Mbps 01:20 01:21 01:22 01:23 01:24 01:25 01:26

End User Throughput

Goes up 5x

WAN Consumption

Drops 67%

Optimization Enabled

Advanced

Compression/Cache

Application Specific

Acceleration

TCP Flow

Optimization (TFO)

WAN

(6)

11

BRKAPP-1004 14617_05_2008_c2

Application Performance Improvements

Applications

2X

5X

10X

25X

50X

100X+

File Sharing

CIFS

NFS

Email

Microsoft Exchange

Lotus Notes

Internet Mail

Web and

Collaboration

HTTP

WebDAV

FTP

Microsoft Sharepoint

Software

Distribution

Microsoft SMS

Altiris

HP Radia

Enterprise

Applications

Microsoft SQL

Oracle, SAP

Lotus Notes

Backup

Applications

Microsoft NTBackup

Legato Networker

Veritas Netbackup

CommVault Galaxy

Data Replication

EMC SRDF/A

_{EMC IP Replicator}

NetApp SnapMirror

Data Domain

Double-Take

Veritas Vol Replicator

2-20X Avg

>100X Peak

2-5X Avg

20X Peak

2-10X Avg

100X Peak

2-20X Avg

>100X Peak

2-5X Avg

20X Peak

2-10X Avg

50X Peak

2-10X Avg

50X Peak

Applications

2X

5X

10X

25X

50X

100X+

File Sharing

CIFS

NFS

Email

Microsoft Exchange

Lotus Notes

Internet Mail

Web and

Collaboration

HTTP

WebDAV

FTP

Microsoft Sharepoint

Software

Distribution

Microsoft SMS

Altiris

HP Radia

Enterprise

Applications

Microsoft SQL

Oracle, SAP

Lotus Notes

Backup

Applications

Microsoft NTBackup

Legato Networker

Veritas Netbackup

CommVault Galaxy

Data Replication

EMC SRDF/A

_{EMC IP Replicator}

NetApp SnapMirror

Data Domain

Double-Take

Veritas Vol Replicator

2-20X Avg

>100X Peak

2-5X Avg

20X Peak

2-10X Avg

100X Peak

2-20X Avg

>100X Peak

2-5X Avg

20X Peak

2-10X Avg

50X Peak

2-10X Avg

50X Peak

WAN Bandwidth Optimization

Bandwidth Usage

Reduction

Improve VoIP

Quality

Up to 95% savings

Avoid bandwidth upgrade

De-commission bandwidth

More room on wire

Better quality and reliability

Use existing QoS policies

Optimization On

Improved Application

Perf. Management

Report Apps SLA accurately

Find bottlenecks quickly

Invest confidently

(7)

13

BRKAPP-1004 14617_05_2008_c2

WAN Optimization with Accurate

Visibility

Granular, robust, extensive QoS

Dynamic bandwidth allocation

Hierarchical queuing/scheduling

Integration with NetQoS

End to end response time SLA

WAN bandwidth utilization

Always the latest Netflow

Unified Netflow analysis

Unified QoS analysis

Accurate Perf.

Management

Integration With

Existing Router QoS

Ease of Operations

and Management

Application Response Time

Application Data Rate

Link Utilization

Protocol Analysis

Before After

Before

After

Before

After

Before After

14

BRKAPP-1004 14617_05_2008_c2

WAAS Overview Summary

Solutions and Benefits

Application acceleration

Branch and data center

consolidation

WAN bandwidth optimization

Improved data protection

and compliance

Technologies

Compression and acceleration

Router integration

Security integration

Application perf. mgmt. integration

Key Success Factors

Most secure WAN acceleration

Highest scalability and

performance

Best reliability and

interoperability

Lowest total cost of ownership

Branch Office Data Center Branch Office WAAS WAAS WAAS

WAN

(8)

15

BRKAPP-1004 14617_05_2008_c2

Wide-Area Application

Engine (WAE)

Wide Area Application

Engine (WAE)

Object

Storage

Wide Area Application Services (WAAS) Version 4.1

IOS Platform with Services and CLI

Cisco Linux Kernel

Policy Engine, Filter-Bypass, Egress Method, Directed Mode, Auto-Discovery

Flash

IOS Shell

Linux

Application

Storage

Windows On WAAS

Virtual Blades

Configuration

Management

System

(CMS)

CIFS

AO

TCP Proxy with Scheduler Optimizer (SO)

DRE, LZ, TFO

EPM

AO

MAPI

AO

HTTP

AO

SSL

AO

RTSP

AO

WoW

Virtual

Blade

# 2

Virtual

Blade

# 3

NFS

AO

DRE

Storage

Virtual Blade

Storage

/vbspace

Ethernet

Network

I/O

(9)

17

BRKAPP-1004 14617_05_2008_c2

Wide Area Application Engine

WAAS Portfolio

$

Performance (TCP Connections/Throughput/Storage)

NME

250-800/4Mbps

80-160GB

WAE-512

750-1,500/20Mbps

250GB

WAE-612

2,000-6,000/90Mbps

300GB

WAE-674*

2,000-7,500/155Mbps

600GB

WAE-7341*

12K/300Mbps

900GB

WAE-7371*

50K/1Gbps

1400GB

* Supports Windows on WAAS

18

BRKAPP-1004 14617_05_2008_c2

Cisco WAE Family

Performance and Scalability

Hardware

Configuration

Max

Opt

TCP

Conn

Max

CIFS

Session

Drive (GB) /

Max Usable

Capacity

(GB)

Max

Drive

Memory (GB)

WAN

Capacity

(Mbps)

Video

Capacity

SSL

Capacity

CM Scale

(Devices

Managed)

Core

Fan-out

(No of

Peers)

NME-WAE-302

250 N/A

80/80

1 .5

4 N/A

1 NME-WAE-502

500

500 120/120

1

4 N/A

1 NME-WAE-522

800

800 160/160

1

2

8 N/A

1 WAE-512-1GB

750

750 250/250

2

1

8

500

5 WAE-512-2GB

1500

250/250

2

20 1000

10 WAE-612-2GB

2000

300/300

2

45 2000

30 WAE-612-4GB

6000

2500

300/300

2

4

90 2500

50 WAE-674-4GB

2000

300/600

2

4

90 2000

100 WAE-674-8GB

7500

2500

300/600

2

8

155 2500

200 WAE-7341

12000

300/900

4

8

310 N/A

200 WAE-7371

50000

32000

300/1400

6

24 1000

N/A

400 Note: These Are Guidelines for Sizing Based on Certain Assumptions. Enabling

Multiple Features Will Have an Impact on Scalability.

(10)

19

BRKAPP-1004 14617_05_2008_c2

Device Mode—Central Manager

Provides a GUI interface to

centrally manage the entire

WAAS deployment

Requires a dedicated

appliance

Sole purpose is to provide

configuration management

and reporting—no user

traffic is accelerated by CM

Secure communication with

registered WAEs using SSL

Supports a single primary

and multiple warm standby

central managers

Device Mode—Application

Accelerator

Optimized for a large number of low to

medium-throughput TCP connections

Default device mode used for branch office environments

Available on all WAE appliance and network module

form factors

Only negotiates optimized connections with other

WAEs in the same mode

(11)

21

BRKAPP-1004 14617_05_2008_c2

Device Mode—

Replication Accelerator

Optimized for a small number of high-throughput TCP

connections

Focused on EMC SRDF/A and NetApp SnapMirror traffic

Available on the WAE-7341 and WAE-7371 platforms

Only negotiates optimized connections with other

WAEs in the same mode

* Requires WAAS 4.0.19 or Later

22

BRKAPP-1004 14617_05_2008_c2

WAE Device Security Features

Disk encryption

All user cache data is encrypted using AES-256

Encryption key not stored locally

All WAE-to-CM communication encrypted

Common Criteria Certification*

Alphanumeric rules for password strength

Password aging and history

Account lockout

Secure store API used to encrypt/decrypt credentials

Secure random key generator

Secure key destruction

* Requires WAAS 4.0.19 or Later

(12)

23

BRKAPP-1004 14617_05_2008_c2

WAN Optimization

Application Definition

The

application definition

provides a logical grouping of

traffic types

Statistics from traffic classifiers

mapped to an application

through a policy map report

through the application

definition

Monitoring is enabled per

application definition

Applications are

assigned to devices

or device groups

Traffic

Classifier

Policy

Map

Application

Definition

(13)

25

BRKAPP-1004 14617_05_2008_c2

Traffic Classifier

The

traffic classifier

is used to

identify a connection as a

specific type

Actions are taken against the

classifier based upon the

configured policy map

Statistics count toward the

application definition that the

classifier is assigned to via the

policy map

Classification is based on

source or destination L3 and

L4 parameters

Application

Definition

Policy

Map

Traffic

Classifier

Valid Match Conditions Include:

Source IP address

Source IP subnet

Destination IP address

Destination IP subnet

Source TCP port or range

Destination TCP port or range

All traffic

26

BRKAPP-1004 14617_05_2008_c2

Policy Map

A

policy map

performs two

primary functions:

Associates a traffic classifier to an

application definition for reporting

purposes

Assigns an action to be taken

against traffic that matches a traffic

classifier

Policy maps are applied based

on their ordering within Central

Manager, or on the device

itself

Traffic

Classifier

Application

Definition

Policy

Map

Policy Map Actions Include:

Pass-through

Optimize

TFO

TFO + LZ

TFO + DRE

Full (TFO + DRE + LZ)

Accelerate

(14)

27

BRKAPP-1004 14617_05_2008_c2 1 2 3 4

TCP Performance Challenges

TCP performance across the WAN is heavily influenced

by two factors:

Bandwidth Delay Product (BDP)

Maximum Windows Size (MWS)

If MWS < BDP, a host will be unable to fully utilize the

available WAN bandwidth

BDP versus MWS

WAAS Overview

TFO Improves Transport Performance

TFO overcomes TCP and WAN bottlenecks

Shields nodes connections from WAN conditions

Clients experience fast acknowledgement

Minimize perceived packet loss

Eliminate need to use inefficient congestion handling

Window Scaling

Large Initial Windows

Congestion Mgmt

Improved Retransmit

Packet Aggregation

LAN TCP

Behavior

LAN TCP

Behavior

WAN

(15)

29

BRKAPP-1004 14617_05_2008_c2

TCP Performance Challenges

Time (RTT)

Slow Start

Congestion Avoidance

cwnd

TCP

Inability to Use Available Bandwidth

Inefficient Response to Packet

Loss/Congestion

Bandwidth Starvation for Short-Lived

Connections

30

BRKAPP-1004 14617_05_2008_c2

WAAS TCP Optimizations

RFC896—Nagle Algorithm *

RFC1323—Window Scaling

RFC2018/2883—Selective Acknowledgements (SACK)

RFC3168—Explicit Congestion Notification

RFC3390—Large Initial Windows

BIC-TCP

Dynamic Right-Sizing: TCP Flow Control Adaptation

Improving Throughput and Congestion Control

(16)

31

BRKAPP-1004 14617_05_2008_c2

Comparing TCP and WAAS TFO

Time (RTT) Slow Start Congestion Avoidance

cwnd

TCP

TFO

Cisco TFO Provides Significant Throughput

Improvements over Standard TCP Implementations

Application Acceleration Transparency

WAAS optimizes TCP-based

applications while preserving

L3 and L4 packet header

information

Network transparency allows

application acceleration

components to maintain

compliance with existing

network features

Quality of Service (QoS)

NBAR

NetFlow, monitoring, reporting

Security functions (ACLs, firewall

policies)

Src Mac AAA Dst Mac BBB Src IP 1.1.1.10 Dst IP 2.2.2.10 Src TCP 15131 Dst TCP 80 Src Mac BBB Dst Mac AAA Src IP 1.1.1.10 Dst IP 2.2.2.10 Src TCP 15131Dst TCP 80

App Data

Optimized

(17)

33

BRKAPP-1004 14617_05_2008_c2

WAN

TFO Auto Discovery

WAEs automatically discovers peers through in-band

TCP option marking

Auto discovery exchange allows WAEs to negotiate

capabilities and policy settings

Auto discovery adapts to topology changes

automatically

WAE1 WAE2

A:B TCP ACK

A:B TCP ACK A:B TCP ACKA:B TCP ACK

A:B TCP ACK A:B TCP ACK ACCELERATION CONFIRMED! ACCELERATION CONFIRMED! WCCPv2 or PBR WCCPv2 or PBR A B

34

BRKAPP-1004 14617_05_2008_c2

Cisco WAAS Advanced Compression

Data Redundancy Elimination (DRE)

Persistent LZ compression (PLZ)

DRE DRE LZ Synchronized Context Original Message LZ Compressed Message Original Message

Cisco WAAS Employs Two (2) Forms of

Advanced Compression:

(18)

35

BRKAPP-1004 14617_05_2008_c2

Fingerprinting and Chunk Identification

DRE analyzes incoming

data streams using a sliding

window to identify chunks

Each chunk is assigned

a 5-byte signature

A single-pass is used to

identify chunks at multiple

levels:

Basic chunks

Chunk aggregation (nesting)

After chunks are identified,

DRE begins pattern matching:

Looks for largest chunks first

Looks for smaller chunks if

necessary

Window Window Window Window Window Window No Boundary Found No Boundary Found No Boundary Found No Boundary Found Boundary Identified! Chunk1 5-Byte Signature

DRE Pattern Matching

DRE Database

NO MATCH NO MATCH NO MATCH NO MATCH

Original

Message

Original

Message

Encoded

Message

Encoded

Message

(19)

37

BRKAPP-1004 14617_05_2008_c2

Lempel-Ziv (LZ) Compression

Searches redundancy within a message

Uses a small compression context

Provides compression for 1st time transfers

Cisco WAAS uses a modified version of LZ, referred

to as Persistent LZ (PLZ)

Compression context is shared across all messages for a

TCP connection

Provides improved compression rates, especially for application

protocols that utilize small messages

WAAS PLZ implementation is also adaptive

Bypasses LZ for highly compressed (DRE) messages or

messages with a low probability of good compression

38

BRKAPP-1004 14617_05_2008_c2

Classify

Redirect

Prioritize

&

Optimize

Prioritize

&

Transmit

Replication

Sales Portal

Email

IOS

WAAS

Resource Prioritization

Offers deterministic application processing priority

Reduces processing latency for business critical

application

Integrates with existing QoS marking policies

Leverages WFQ schedules for processing of

(20)

39

BRKAPP-1004 14617_05_2008_c2

Connections

DSCP Marking Weights

Service Class Weights

Precedence Bits

Priority-Weight

00 10 (10 %)

01 20 (20 %)

10 30 (30 %)

11 40 (40 %)

The Two Low-Order Bits of the

IP Precedence (Tos) Portion

of the DSCP Marking Is

Mapped to a Weight.

Service Class

Combination of service class and DSCP marking

weights determine how the connection is scheduled

by DRE

Scheduling queue:

Power of WAAS WAN Optimization

LAN-Like

Throughput Bandwidth SavingsFewer Roundtrips

T h ro ug h p ut Throughput 60Mbps 10 Mbps 20 Mbps 30 Mbps 40 Mbps 50 Mbps 01:20 01:21 01:22 01:23 01:24 01:25 01:26 T h ro ug h p ut Throughput 3 Mbps .5 Mbps 1 Mbps 1.5 Mbps 2 Mbps 2.5 Mbps 01:20 01:21 01:22 01:23 01:24 01:25 01:26

LAN Throughput WAN Throughput

(21)

41

BRKAPP-1004 14617_05_2008_c2

Application

Acceleration

42

BRKAPP-1004 14617_05_2008_c2

The Need for Application Acceleration

For some application protocol, throughput is not the

performance limiting factor:

“Chatty” protocols generates large numbers of synchronous

messages between hosts

As RTT latency increases, latency-bound application suffer

Application-specific acceleration focuses on latency

mitigation techniques:

Local acknowledgment - remove WAN RTT penalty

Asynchronous message handing enables faster exchanges

WAAS includes application-specific acceleration for the

following enterprise protocols:

(22)

43

BRKAPP-1004 14617_05_2008_c2

WAAS Application Accelerators

CIFS

HTTP

SSL

MAPI

NFS

RTSP

In this example of a

2MB Word document

open, over 1000

messages are

exchanged.

With a 40ms RTT

WAN, this equates to

more than 52 seconds

of wait time before the

document is usable.

(23)

45

BRKAPP-1004 14617_05_2008_c2

Sessions are maintained end-to-end to

ensure no security reconfiguration

Auditing, access-control, and quotas are

fully preserved

Scheduled preposition to prepopulate Data

Redundancy Elimination and edge data

cache

Advanced WAN optimization layer improves

throughput and efficiency

DRE eliminates redundant network data

TCP optimizations to improve protocol

ability to fully use the network

CIFS Accelerator

Intelligent local handling and optimization of

protocol mitigates latency

File caching removes the need for

unnecessary file transfer; validation ensures

stale data is never served

Transparent integration ensures no client or

server changes to apply optimization

FILE.DOC

Cache

Files

WAN

46

BRKAPP-1004 14617_05_2008_c2

CIFS Accelerator

Edge file segment caching and metadata caching:

Data is cached on demand as files or directories are opened

Prepopulation of edge cache via prepositioning

Coherency, concurrency, and ACL:

Cache validation guarantees that no stale data is served

File locking and AAA are handled synchronously with server

FILE.DOC

Files

OPEN

FILE.DOC

AAA, OPEN, LOCK

APPROVED, LOCKED, VALIDATED

IP

Network

Data Caching and Integrity

(24)

47

BRKAPP-1004 14617_05_2008_c2

CIFS Accelerator

Intelligent prepositioning capabilities with flexible

configuration to prepopulate cache with files before the

first user request

Leverages DRE and LZ compression to improve

transfer performance and user save performance

Preposition

FILE.DOC

at 3am

Fetch

FILE.DOC

Intelligent File Prepositioning

IP

Network

NAS

FILE.DOC

Files

The Need for Windows Print Acceleration

Windows print traffic is composed of:

CIFS/MSRPC between the client and print server

Print job traffic (IPP, socket, etc.) between the print server

and printer

CIFS/MSRPC protocols are “chatty”

RPC calls over SMB are fragmented

Maximum fragment size is 4280 bytes

Print job traffic can consume lots of bandwidth

(25)

49

BRKAPP-1004 14617_05_2008_c2

Windows Print Accelerator

RPC command fragments are handled asynchronously

Can boost WAN utilization

Significantly increases rate of commands issued from client

Asynchronous Command Handling

StartDocPrinter

StartPagePrinter

WritePrinter

StartDocPrinterReply

StartPagePrinterReply

StartPagePrinter

WritePrinter

WritePrinterReply

StartPagePrinterReply

WritePrinterReply

50

BRKAPP-1004 14617_05_2008_c2

Windows Print Accelerator

Established printer connection teardown postponed for

30 seconds

Subsequent OPEN requests are answered locally

Delayed Close of Printer Handles

OpenPrinterEx

ClosePrinter

OpenPrinterEx

OpenPrinterExReply

ClosePrinterReply

OpenPrinterExReply

(26)

51

BRKAPP-1004 14617_05_2008_c2

Windows Print Accelerator

Responses for the following printer commands

are cached:

GetPrinter

GetPrinterData

EnumPrintProcessorDataTypes

Metadata cache TTL depends on frequency of

data change

There are three TTL values used:

15 seconds

5 minutes

1 hour

Metadata Caching

WAAS Application Accelerators

CIFS

HTTP

SSL

MAPI

NFS

RTSP

(27)

53

BRKAPP-1004 14617_05_2008_c2

The Need for HTTP Acceleration

Constant connection open/close when servers don’t

support HTTP 1.1 or connection reuse

Complex web pages contain many small objects

Each object retrieved using a single connection

For HTTP over WAN the time required to establish a

connection is substantial

WAAS 4.1

release

decreases the load time

of complex

web pages when persistent connections are not

available

54

BRKAPP-1004 14617_05_2008_c2

HTTP Accelerator

Reuses an existing TCP connection across the WAN

WAN connection bound to a single client

Eliminates connection setup penalty for subsequent client

connections

Tuned to offset connection “bursts”

Bounded session and idle timeouts

Connect (SYN, SYN-ACK, ACK)

Connect

HTTP Request

HTTP Response

HTTP Request

HTTP Response

(28)

55

BRKAPP-1004 14617_05_2008_c2

HTTP Accelerator

Explicit web proxy configuration complicates detection

of SSL sessions

CONNECT method creates client-to-server tunnel via proxy

WAAS ATP is aware of proxy IP:Port, not target SSL server

First HTTP request on every new LAN segment is

inspected

Known HTTP methods are handled by the HTTP Acclerator

CONNECT method generates query to SSL Accelerator to

determine if SSL server is accelerated

In all other cases (unrecognized methods, unsupported SSL

servers, etc.) the connection is handed off to the generic TCP

accelerator

Proxy Connect to SSL Servers

WAAS Application Accelerators

CIFS

HTTP

SSL

MAPI

NFS

RTSP

(29)

57

BRKAPP-1004 14617_05_2008_c2

The Need for SSL Acceleration

WAAS optimization benefits are maximized only when applied to

decrypted payload

WAAS 4.1

release

decreases load time

of complex web pages

when persistent connections are not available

SSL Handshake

“session key” derived

Encrypted Data Exchange

WAN

58

BRKAPP-1004 14617_05_2008_c2

WAN

Cisco WAAS SSL Optimization Solution

Core WAE acts as a Trusted Intermediary Node for SSL requests by client

Private Key and Server Certificate are stored on the Core WAE device

Core WAE participates in SSL Handshake to derive “session key”

Distributes the “session key” securely in-band to the Edge WAE over the

established connection between the Edge WAE and Core WAE

Send “session key”

SSL Session Core WAE to Server

- Core WAE: Server Private Key

SSL Session Client to Core WAE (WAAS)

Edge WAE

_{Core WAE}

Transparent

Secure Channel

Original Data - Encrypted

Optimized & Encrypted

Original Data - Encrypted

SSL Handshake

(30)

59

BRKAPP-1004 14617_05_2008_c2

WAAS Application Accelerators

CIFS

HTTP

SSL

MAPI

NFS

RTSP

The Need for MAPI Acceleration

TCP ports used between client/server are dynamically

negotiated

MAPI uses MSRPC, which is “chatty”

Data encoding is negotiated by client/server

Outlook 2000 obfuscates data

Outlook 2003 and 2007 compress data (LZ) or obfuscate if

uncompressible

WAAS 4.1

release accelerates Outlook 2000–2007

traffic, including:

Emails, calendar items, OAB, messages in public folders

(31)

61

BRKAPP-1004 14617_05_2008_c2

MAPI Accelerator

Required for MAPI Accelerator to function

Listens to client communication with PortMapper server

Creates dynamic ATP entry for negotiated port

EndPoint Mapper (EPM)

Resolve Service a4f1db00

Connect tcp/2218

Service a4f1db00 uses tcp/2218

MAPI Request

MAPI Response

Dynamic Policy Created: tcp/2218 = MAPI Accelerate

62

BRKAPP-1004 14617_05_2008_c2

MAPI Accelerator

Asynchronous Writes

Write operations for sending email and attachments are

acknowledged locally

Generating local responses allows clients to fully utilize WAN

bandwidth

Read Ahead

MAPI Accelerator pre-fetches data during idle periods

Always happens in the context of an existing user session

Messages Decompression

WAAS modifies client/server messages to disable host

compression

Recognizes remote operations and instructs DRE to exclude

their headers from the compression input stream

(32)

63

BRKAPP-1004 14617_05_2008_c2

WAAS Application Accelerators

CIFS

HTTP

SSL

MAPI

NFS

RTSP

The Need for NFS Acceleration

‘Chatty’ nature of the protocol

Ex:

File creation generates 4+ RPC calls, each one handled

synchronously

Client optimizations insufficient for high BDP

environments

Ex:

Client read/write buffers are too small (128-512KB)

Coherency mechanisms increase “chatter”

Ex:

Every file open results in an attribute check with the server

WAAS 4.1

release focuses on accelerating

large file

(33)

65

BRKAPP-1004 14617_05_2008_c2

NFS Accelerator

Write optimizations applied to requests with the

‘UNSTABLE’ flag set

Local acknowledgement generated for consecutive

write requests

Data Write Optimization

Write #1

Write #2

WriteReply #1

WriteReply #2

66

BRKAPP-1004 14617_05_2008_c2

NFS Accelerator

Read ahead initiated per connection in presence of

sequential read requests and connection inactivity

Edge WAE instructs CORE WAE to start/stop

read-ahead based on protocol indicators

Data Read Optimization

Read #1

Read #2

ReadAhead #2

Read #3

Read #2 …

ReadReply #2 …

ReadReply #3

Read #4

ReadReply #4

(34)

67

BRKAPP-1004 14617_05_2008_c2

NFS Accelerator

A FH cache is maintained per connection (client)

Provides local replies to GETATTR requests

Attribute requests are

always

forwarded to the

origin server

Local response to client is provided if FH entry is cached and

less than 15 seconds old

Cache eviction is a combination of random and LRU

Cache performs random eviction when cache size is less than

watermark value

Above watermark, cache performs eviction based on LRU

Attribute Caching

WAAS Application Accelerators

CIFS

HTTP

SSL

MAPI

NFS

RTSP

(35)

69

BRKAPP-1004 14617_05_2008_c2

Live video streaming is bandwidth intensive

Bandwidth consumption = StreamRate x NumUsers

Separate stream for each individual user

WAAS 4.1

accelerates Windows Media live stream

requests on RTSP

The Need for RTSP Acceleration

Media

Players

WAN

70

BRKAPP-1004 14617_05_2008_c2

RTSP Accelerator

Each new client request (over LAN) will reuse existing

incoming stream (over WAN) for the same stream URL

Creates a “splitting” effect

For incoming accelerated stream (over WAN),

compression is disabled

Reduces resource overhead

Client requests over RTSP/UDP

automatically

rolled

over to RTSP/TCP

RTSP/TCP used for streaming over WAN

(36)

71

BRKAPP-1004 14617_05_2008_c2

WAN

RTSP Accelerator

Acceleration Example

Media

Players

Video AO

(Edge side Stream

Split)

On match, One incoming stream play will be split into

multiple outgoing streams

End to End connections for transparent

authentication and url & asf-hdr check

for match

Very high WAN bandwidth savings !!

Integration with WAN Optimization

TFO enables the protocols to more effectively and

efficiently use available WAN resources

DRE+PLZ improves the performance through

compression and data suppression

DRE Cache

Transport Flow Optimization

FILE.DOC

Edge

Files DRE Cache

Core

LZ LZ WAN

WAAS Application Accelerators Leverage WAN

Optimization Capabilities Provided by TFO+DRE+PLZ

(37)

73

BRKAPP-1004 14617_05_2008_c2

Virtual Blades

74

BRKAPP-1004 14617_05_2008_c2

Fully Distributed Branch IT

Branch IT Infrastructure:

Main Approaches Today

(+) Everything available

(-) Cost of management

(+) Centralized management

(-) Application performance

(-) Limited local services

Fully Centralized Branch IT

Router Users App/file/print Servers Router Backup Local Storage Users

(38)

75

BRKAPP-1004 14617_05_2008_c2

Branch IT Infrastructure:

Cisco WAAS Approach

Data Center

Storage Backup Business and Communication Apps Cisco WAAS

Flexible, Optimized Branch IT

Servers Router Backup Local Storage Users WAN Cisco WAAS

9 Centralize what you can with

Cisco WAAS

9 Locally host Window services on

same WAAS device

WAAS and Windows Server:

Providing Best Mix of Distributed and Centralized IT

Services

Virtual Blade—Sample Flow

Allocate Resources and Deploy Image

Allocate resources and start Virtual-Blade instance

Easy and simple—from WAAS CM or from CLI

Centrally deploy server image over to WAE

From CLI or WAAS CM, using FTP or HTTP

WAE#virtual-blade 1 show virtual-blade 1 description WIN2008-SERVER memory 1500MB disk size 150GB cpu-count 1 cpu-list 1

cd-image disk /local1/Longhorn.iso

boot-from disk

interface 1 bridge GigabitEthernet 1/0 mac-address 00:13:24:35:35:35 not shutdown

running

serial console session inactive

WAN Remote Office WAASAppliance ISR Remote Office WAASAppliance ISR

Data Center

V B 2 V B 3 V B 1 V B 2 V B 3 V B 1 WAAS Appliance

(39)

77

BRKAPP-1004 14617_05_2008_c2

Network Integration

78

BRKAPP-1004 14617_05_2008_c2

IP

Network

Network Integration Overview: In-Path

WAE sits physically in-path between two (2) network

elements (such as a branch router and switch)

Inspects all traffic passing through the device and

determines which traffic to intercept

Intercepts packets in both direction of flow

Passes through non-TCP traffic at a low layer

Fully transparent solution—maintains compatibility with

most existing IOS features

(40)

79

BRKAPP-1004 14617_05_2008_c2

Cisco WAE Physical Inline Deployment

Physical inline interception:

Physical in-path deployment between

switch, and router or firewall

Mechanical fail-to-wire upon hardware,

software, or power failure

Requires no router configuration

Scalability and high availability:

Two two-port groups

Serial clustering with load-sharing and

fail-over

Redundant network paths and

asymmetric routing

Seamless integration:

Transparency and automatic discovery

802.1q support, configurable VLANs

Supported on all WAE appliances

Cisco WAE 4-Port Inline Card

Network Integration Overview: Off-Path

WAE devices rely on packet interception and

redirection to enable application acceleration and WAN

optimization:

Interception in each site where deployed

Interception in both directions of packet flow

Transparent optimizations maintain compatibility with

most IOS features and other platforms

Cisco WAE

IP

Network

Cisco WAE Devices Attach to the LAN as an

Appliance

(41)

81

BRKAPP-1004 14617_05_2008_c2

IP

Network

Network Interception

Generally deployed at network entry/exit points

Rely on network interception to supply flows to optimize

Cisco Wide Area Application Engine Intercepted Flow

Non-Optimized Flow

Optimized Flow

Network Attached Optimizations Rely on Devices

Physically Attached to the Network at Strategic Locations

82

BRKAPP-1004 14617_05_2008_c2

Cisco WAE WCCPv2 Deployment

WCCPv2 interception

Out-of-path with redirection of

flows to be optimized (all flows or

selective via redirect-list)

Automatic load-balancing, load

redistribution, over, and

fail-through operation

Scalability and high availability

Up to 32 WAEs within a service

group and up to 32 routers

Linear performance and scalability

increase as devices are added

Seamless integration

Transparency and automatic

discovery

Supported on all WAE platforms

Optimized Flow Optimized Flow Original Flow Original Flow Interception Redirection Interception Redirection Service Group Service Group

(42)

83

BRKAPP-1004 14617_05_2008_c2

Cisco WAE ACE Deployment

Application Control Engine (ACE)

Industry-leading scalability and

performance for the most demanding

data center networks

Supports up to 16Gbps throughput, 4M

concurrent TCP connections, and 350K

connections/sec setup

Seamless integration

Fully integrated with the Catalyst 6500

series of intelligent switches

Transparency and automatic discovery

Supported on all WAE appliances

Industry Leading Functionality

Solution for scaling servers, appliances,

and network devices

Virtual partitions, flexible resource

assignment, security, and control

Catalyst 650X w/ ACE Catalyst 650X w/ ACE Original Flow Original Flow Optimized Flow Optimized Flow

WAN

Central Management

(43)

85

BRKAPP-1004 14617_05_2008_c2

WAAS Central Manager

Central Manager Navigation

Context-based Menus – based on

device group or device selection

Organized for intuitive access

Reporting Capabilities

Choose pre-defined reports or

create your own

Scheduled report generation and email

Report per device or device group

RBAC capabilities

Support for User Group

authorization

Privileges, including

Read-only access

Reporting views

SOA-ready Monitoring

Standard XML Web

Service (SOAP)

Integration with external reporting

and monitoring portals

Virtual Blade Management

Centralized creation, deployment,

management and monitoring for

Virtual Blades

86

BRKAPP-1004 14617_05_2008_c2

(44)

87

BRKAPP-1004 14617_05_2008_c2

Device Home Page

(45)

89

BRKAPP-1004 14617_05_2008_c2

Complete Your Online

Session Evaluation

Give us your feedback and you could win

fabulous prizes. Winners announced daily.

Receive 20 Passport points for each session

evaluation you complete.

Complete your session evaluation online now

(open a browser through our wireless network

to access our portal) or visit one of the Internet

stations throughout the Convention Center.

Don’t forget to activate

your Cisco Live

virtual

account for access to

all session material

on-demand and return

for our live virtual event

in October 2008.

Go to the Collaboration

Zone in World of

Solutions or visit

www.cisco-live.com.

(46)

91

BRKAPP-1004 14617_05_2008_c2

Introduction to Cisco Wide Area Application Services BRKAPP , Cisco Systems, Inc. All rights reserved. Presentation_ID.

2

Introduction to

Cisco Wide Area

Application Services

3

Agenda



Overview



Wide-Area Application Engine (WAE)



WAN Optimization



Application Acceleration



Virtual Blades



Network Integration



Central Management

WAN Acceleration



Data redundancy elimination



Window scaling



LZ compression

Application Acceleration



Latency mitigation



Application data cache



Meta data cache

Application Optimization



Delta encoding



FlashForward optimization



Application security

Application Networking



Message transformation



Protocol transformation



Message-based security



Application visibility

Application Scalability



Server load-balancing



Site selection



SSL termination and offload



Video delivery

Network Classification



Quality of service



Network-based app recognition



Queuing, policing, shaping



Visibility, monitoring, control

Cisco Application Delivery Networks

5

Other Cisco Live Breakout Sessions

that You May Want to Attend

BRKAPP-2002

Server Load Balancing Design

BRKAPP-3003

Troubleshooting ACE

BRKAPP-1004

Introduction WAAS

BRKAPP-2005