Cisco Intelligent WAN (IWAN)

Brad Edgeworth, CCIE No. 31574 (R/S & SP), Cisco Systems Engineer and Technical Leader, and author of IP Routing on Cisco IOS, IOS XE, and IOS XR. A Distinguished Speaker at Cisco Live, he has architected networks for multiple Fortune® 500 companies. He has nearly 20 years of IT experience, specializing in routing for enterprise and service provider environments. Jean-Marc Barozet is a Principal Engineer with the Intelligent WAN (IWAN) product management team, helping to architect and lead the Cisco SD-WAN solution. He has more than 25 years of enterprise and service provider networking experience, and has been with Cisco for more than 19 years. David Prall, CCIE No. 6508 (R/S, SP, and Security), is a Communications Architect on the Enterprise Networks Technical Strategy Team for Cisco. He previously held system engineering positions supporting US federal agencies. Prall’s primary focus is complex routing and switching, including design, deployment, and troubleshooting of large-scale networks. Anthony Lockhart, Technical Marketing Engineer at Cisco, has 15 years of experience with Cisco technologies, network infrastructure, architecture, and the design and implementation of datacenters and call centers. As POC Engineer at HCL America, he provided design and pre-sales engineering for Cisco WAAS products. Nir Ben-Dvora, Senior Technical Leader at Cisco, technically leads architecture for the Application Visibility and Control (AVC) solution for Cisco, collaborating with teams worldwide. He has 17 years of Cisco management and architecture experience.

Part I Introduction to IWAN

Chapter 1 Evolution of the WAN

WAN Connectivity

Increasing Demands on Enterprise WANs

Quality of Service for the WAN

Branch Internet Connectivity and Security

Cisco Intelligent WAN

Summary

Part II Transport Independent Design

Chapter 2 Transport Independence

WAN Transport Technologies

Benefits of Transport Independence

Summary

Chapter 3 Dynamic Multipoint VPN

Generic Routing Encapsulation (GRE) Tunnels

Next Hop Resolution Protocol (NHRP)

Dynamic Multipoint VPN (DMVPN)

DMVPN Configuration

Spoke-to-Spoke Communication

Problems with Overlay Networks

IP NHRP Authentication

Unique IP NHRP Registration

DMVPN Failure Detection and High Availability

DMVPN Dual-Hub and Dual-Cloud Designs

IWAN DMVPN Sample Configurations

Sample IWAN DMVPN Transport Models

Backup Connectivity via Cellular Modem

IWAN DMVPN Guidelines

Troubleshooting Tips

Summary

Further Reading

Chapter 4 Intelligent WAN (IWAN) Routing

Routing Protocol Overview

Topology

WAN Routing Principles

EIGRP for IWAN

Border Gateway Protocol (BGP)

FVRF Transport Routing

Multicast Routing

Summary

Further Reading

Chapter 5 Securing DMVPN Tunnels and Routers

Elements of Secure Transport

IPsec Fundamentals

IPsec Tunnel Protection

IKEv2 Protection

Securing Routers That Connect to the Internet

Control Plane Policing (CoPP)

Device Hardening

Summary

Further Reading

Part III Intelligent Path Control

Chapter 6 Application Recognition

What Is Application Recognition?

What Are the Benefits of Application Recognition?

NBAR2 Application Recognition

NBAR2 Application ID, Attributes, and Extracted Fields

NBAR2 Operation and Functions

Custom Applications and Attributes

NBAR2 State with Regard to Device High Availability

Encrypted Traffic

NBAR2 Interoperability with Other Services

NBAR2 Protocol Discovery

NBAR2 Visibility Dashboard

NBAR2 Protocol Packs

Validation and Troubleshooting

Summary

Further Reading

Chapter 7 Introduction to Performance Routing (PfR)

Performance Routing (PfR)

Introduction to the IWAN Domain

Intelligent Path Control Principles

Summary

Further Reading

Chapter 8 PfR Provisioning

IWAN Domain

Topology

PfR Configuration

Advanced Parameters

Path Selection

Summary

Further Reading

Chapter 9 PfR Monitoring

Topology

Checking the Hub Site

Checking the Transit Site

Check the Branch Site

Monitoring Operations

Summary

Further Reading

Chapter 10 Application Visibility

Application Visibility Fundamentals

Performance Metrics

Flexible NetFlow

Evolution to Performance Monitor

Metrics Export

Deployment Considerations

Summary

Further Reading

Part IV Application Optimization

Chapter 11 Introduction to Application Optimization

Application Behavior

Cisco Wide Area Application Services (WAAS)

Caching and Compression

Application-Specific Acceleration

Summary

Further Reading

Chapter 12 Cisco Wide Area Application Services (WAAS)

Cisco WAAS Architecture

Cisco WAAS Platforms

WAAS Design and Performance Metrics

Cisco WAAS Operational Modes

Interception Techniques and Protocols

WAAS Interception Network Integration Best Practices

Summary

Further Reading

Chapter 13 Deploying Application Optimizations

GBI: Saving WAN Bandwidth and Replicating Data

WAN Optimization Solution

Deploying Cisco WAAS

AppNav-XE

GBI Branch Deployment

Summary

Part V QoS

Chapter 14 Intelligent WAN Quality of Service (QoS)

QoS Overview

Ingress QoS NBAR-Based Classification

Ingress LAN Policy Maps

Egress QoS DSCP-Based Classification

Egress QoS Policy Map

Hierarchical QoS

DMVPN Per-Tunnel QoS

QoS and IPSec Packet Replay Protection

Complete QoS Configuration

Summary

Further Reading

Part VI Direct Internet Access

Chapter 15 Direct Internet Access (DIA)

Guest Internet Access

Guest Access Quality of Service (QoS)

Guest Access Web-Based Acceptable Use Policy

Internal User Access

Fully Specified Static Default Route

Verification of Internet Connectivity

Network Address Translation (NAT)

Policy-Based Routing (PBR)

Internal Access Zone-Based Firewall (ZBFW)

Cloud Web Security (CWS)

Baseline Configuration

Outbound Proxy

WAAS and WCCP Redirect

Prevention of Internal Traffic Leakage to the Internet

Summary

References in this Chapter

Part VII Migration

Chapter 16 Deploying Cisco Intelligent WAN

Pre-Migration Tasks

Migration Overview

Deploying DMVPN Hub Routers

Migrating the Branch Routers

Post-Migration Tasks

Migrating from a Dual MPLS to a Hybrid IWAN Model

Migrating IPsec Tunnels

PfR Deployment

Testing the Migration Plan

Summary

Further Reading

Part VIII Conclusion

Chapter 17 Conclusion and Looking Forward

Intelligent WAN Today

Intelligent WAN Architecture

Intelligent WAN Tomorrow

Appendix A Dynamic Multipoint VPN Redundancy Models

Appendix B IPv6 Dynamic Multipoint VPN

Index