The constantly increasing capacity and reliability of the Internet have changed every aspect of IT, and branch office networks are no exception.
Simply connecting branches to the central data center through a private WAN was sufficient when applications and data were concentrated there. However, now a large portion of branch traffic is directed toward cloud-based applications using the Internet.
Yet funneling Internet traffic through the data center is inefficient. The heavy and constantly increasing load causes backups at both ends of the WAN, making interactive applications unusable and web access painfully slow. Adding WAN capacity to handle these applications is possible, but it doesn’t make sense considering the Internet has proven to be a less expensive alternative.
The answer is to use a combination of private WAN and the Internet in a WAN aggregation model, but it can be difficult to determine how to divide applications and data on these resources.
Cisco Intelligent WAN aims to ease this problem by adding a set of components to Cisco’s Integrated Services Routers, which makes it possible to connect branch networks both to the Internet and the WAN, dynamically making decisions based on the need of the application.
Eliminating the need for Internet traffic to travel across the WAN and back reduces load on the WAN and improves application responsiveness. IWAN-equipped router models support branch networks of a range of sizes.
Flexible routing options in Cisco iWAN
Directing traffic to the WAN or to the Internet isn’t simply a matter of sending web and cloud traffic one way and internal traffic the other. IWAN routes traffic based on destination, application and the current status of each connected network.
In most cases, web and cloud traffic will be sent through the Internet connection, but not all internal traffic must be routed through the WAN. Applications that require dedicated bandwidth and QoS guarantees are often best suited to an MPLS WAN that can make those guarantees.
But other applications don’t require those guarantees. Some traffic between branches and the data center can be safely routed via the Internet, further reducing the need for WAN capacity. Taking advantage of this cost savings requires accurately determining the application to which each packet belongs.
Application Visibility and Control (AVC), an IWAN component, monitors network traffic and identifies individual data streams by application. AVC combines the Cisco products Next Generation Network-Based Application Recognition (NBAR2) and NetFlow. NBAR2 uses Deep Packet Inspection (DPI) to identify data by application. Netflow then reports on which applications are currently active on the network and the quantity of data generated by each.
Network conditions are another factor in the routing decision, and conditions can change quickly. Shifting traffic reduces performance on one network while another improves. IWAN utilizes the Performance Routing (PfR) component of IOS to continually evaluate the status of each connected network and routes each application’s data stream along the best path to meet bandwidth , QOS and SLA guarantees. PfR balances traffic across connections to make use of all available network resources. By quickly redirecting traffic across networks, it attempts to maintain maximum application performance without end users noticing any interruption.
IWAN-equipped routers support Cisco’s Dynamic Multipoint VPN (DMVPN) solution. With DMVPN, both static and on-demand IPsec tunnels can be created over any network technology, including dedicated links via the Internet or through the cell network.
Minimizing branch network traffic with Cisco iWAN
Cisco has partnered with Akamai Technologies to reduce bottlenecks between the branch router and the public Internet. IWAN with Akamai Connect creates a cache on the branch router, making it unnecessary to transfer the same web pages or download files multiple times.
Content pre-positioning further reduces traffic delays. Any content with a URL can be transferred to the branch cache during off-peak hours. Large files such as product catalogs, training videos or product demonstrations can be immediately available as soon as business hours begin.
IWAN also includes Cisco Wide Area Application Services (WAAS) to reduce traffic load and latency across dedicated links. Working with application vendors, Cisco has optimized network performance for widely used applications by reducing the amount of data exchanged between application components.
Tackling security and management in a WAN aggregation model
Adding an Internet interface at the branch offers advantages but also brings with it well-known dangers. Protection devices and software previously installed at the central data center must be installed at each branch. IWAN includes certified strong encryption, Cisco IOS Firewall with Intrusion Prevention System (Firewall/IPS) and Cisco Cloud Web Security (CWS).
Extending SDN to the branch network with Cisco iWAN
SDN has proven its worth in large data centers. By viewing the network as a whole through a controller, it has simplified the task of configuring and maintaining the network for maximum efficiency. Managing a branch network offers similar challenges. Each of the IOS components included in IWAN can be configured and managed using the same methods explored in the past, but Cisco has greatly simplified the process by enhancing its Application Policy Infrastructure Controller (APIC) SDN controller to support IWAN devices.
Using APIC, centrally located network managers can define a consistent configuration across the branch network without having to configure each individual device. Maintaining the network for maximum performance and security as new devices and applications are added requires much less effort and is less error prone using APIC compared to traditional management methods.
Managing performance in LiveAction
Cisco has partnered with LiveAction to provide a GUI-based management tool that displays data generated by the AVC component resident on each IWAN router. Network managers can see which applications are active on the network, as well as how much bandwidth is used by each application on each link. Managers can view end-to-end data paths through the network, see whether QOS requirements are being met and identify bottlenecks. LiveAction’s point and click interface makes it easy to switch displays or drill down to a detailed view of a single-data stream.
Cisco has combined existing IOS features such as AVC, MPVPN and WAAS with Akamai Connect and LiveAction to create its iWAN series of branch routers. Network managers who have seen the benefits of SDN in their data centers can now extend those benefits to their branch network. These products will help its customers deal with the constantly increasing loads placed on networks while at the same time reducing overall network costs.
About the author
David B. Jacobs of The Jacobs Group has more than twenty years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software start-ups.
Cisco APIC controller extended to the WAN
WAN aggregation vs. WAN optimization
Talari WAN aggregation makes MPLS not so necessary
Glue Networks brings orchestration to Cisco WAN
Start-ups tackle hybrid WAN complexity