Published by Cisco Press (November 4, 2016) © 2017
Brad Edgeworth | David Prall | Jean Marc Barozet | Anthony Lockhart | Nir Ben-DvoraThe complete guide to Cisco® IWAN: features, benefits, planning, and deployment
Using Cisco Intelligent WAN (IWAN), businesses can deliver an uncompromised experience, security, and reliability to branch offices over any connection. Cisco IWAN simplifies WAN design, improves network responsiveness, and accelerates deployment of new services. Now, there’s an authoritative single-source guide to Cisco IWAN: all you need to understand it, design it, and deploy it for maximum value.
In Cisco Intelligent WAN (IWAN), leading Cisco experts cover all key IWAN technologies and components, addressing issues ranging from visibility and provisioning
to troubleshooting and optimization. They offer extensive practical guidance on migrating to IWAN from your existing WAN infrastructure.
This guide will be indispensable for all experienced network professionals who support WANs, are deploying Cisco IWAN solutions, or use related technologies such as DMVPN or PfR.
- Deploy Hybrid WAN connectivity to increase WAN capacity and improve application performance
- Overlay DMVPN on WAN transport to simplify operations, gain transport independence, and improve VPN scalability
- Secure DMVPN tunnels and IWAN routers
- Use Application Recognition to support QoS, Performance Routing (PfR), and application visibility
- Improve application delivery and WAN efficiency via PfR
- Monitor hub, transit, and branch sites, traffic classes, and channels
- Add application-level visibility and per-application monitoring to IWAN routers
- Overcome latency and bandwidth inefficiencies that limit application performance
- Use Cisco WAAS to customize each location’s optimizations, application accelerations, and virtualization
- Smoothly integrate Cisco WAAS into branch office network infrastructure
- Ensure appropriate WAN application responsiveness and experience
- Improve SaaS application performance with Direct Internet Access (DIA)
- Perform pre-migration tasks, and prepare your current WAN for IWAN
- Migrate current point-to-point and multipoint technologies to IWAN
Part I Introduction to IWAN
Chapter 1 Evolution of the WAN
WAN Connectivity
Increasing Demands on Enterprise WANs
Quality of Service for the WAN
Branch Internet Connectivity and Security
Cisco Intelligent WAN
Summary
Part II Transport Independent Design
Chapter 2 Transport Independence
WAN Transport Technologies
Benefits of Transport Independence
Summary
Chapter 3 Dynamic Multipoint VPN
Generic Routing Encapsulation (GRE) Tunnels
Next Hop Resolution Protocol (NHRP)
Dynamic Multipoint VPN (DMVPN)
DMVPN Configuration
Spoke-to-Spoke Communication
Problems with Overlay Networks
IP NHRP Authentication
Unique IP NHRP Registration
DMVPN Failure Detection and High Availability
DMVPN Dual-Hub and Dual-Cloud Designs
IWAN DMVPN Sample Configurations
Sample IWAN DMVPN Transport Models
Backup Connectivity via Cellular Modem
IWAN DMVPN Guidelines
Troubleshooting Tips
Summary
Further Reading
Chapter 4 Intelligent WAN (IWAN) Routing
Routing Protocol Overview
Topology
WAN Routing Principles
EIGRP for IWAN
Border Gateway Protocol (BGP)
FVRF Transport Routing
Multicast Routing
Summary
Further Reading
Chapter 5 Securing DMVPN Tunnels and Routers
Elements of Secure Transport
IPsec Fundamentals
IPsec Tunnel Protection
IKEv2 Protection
Securing Routers That Connect to the Internet
Control Plane Policing (CoPP)
Device Hardening
Summary
Further Reading
Part III Intelligent Path Control
Chapter 6 Application Recognition
What Is Application Recognition?
What Are the Benefits of Application Recognition?
NBAR2 Application Recognition
NBAR2 Application ID, Attributes, and Extracted Fields
NBAR2 Operation and Functions
Custom Applications and Attributes
NBAR2 State with Regard to Device High Availability
Encrypted Traffic
NBAR2 Interoperability with Other Services
NBAR2 Protocol Discovery
NBAR2 Visibility Dashboard
NBAR2 Protocol Packs
Validation and Troubleshooting
Summary
Further Reading
Chapter 7 Introduction to Performance Routing (PfR)
Performance Routing (PfR)
Introduction to the IWAN Domain
Intelligent Path Control Principles
Summary
Further Reading
Chapter 8 PfR Provisioning
IWAN Domain
Topology
PfR Configuration
Advanced Parameters
Path Selection
Summary
Further Reading
Chapter 9 PfR Monitoring
Topology
Checking the Hub Site
Checking the Transit Site
Check the Branch Site
Monitoring Operations
Summary
Further Reading
Chapter 10 Application Visibility
Application Visibility Fundamentals
Performance Metrics
Flexible NetFlow
Evolution to Performance Monitor
Metrics Export
Deployment Considerations
Summary
Further Reading
Part IV Application Optimization
Chapter 11 Introduction to Application Optimization
Application Behavior
Cisco Wide Area Application Services (WAAS)
Caching and Compression
Application-Specific Acceleration
Summary
Further Reading
Chapter 12 Cisco Wide Area Application Services (WAAS)
Cisco WAAS Architecture
Cisco WAAS Platforms
WAAS Design and Performance Metrics
Cisco WAAS Operational Modes
Interception Techniques and Protocols
WAAS Interception Network Integration Best Practices
Summary
Further Reading
Chapter 13 Deploying Application Optimizations
GBI: Saving WAN Bandwidth and Replicating Data
WAN Optimization Solution
Deploying Cisco WAAS
AppNav-XE
GBI Branch Deployment
Summary
Part V QoS
Chapter 14 Intelligent WAN Quality of Service (QoS)
QoS Overview
Ingress QoS NBAR-Based Classification
Ingress LAN Policy Maps
Egress QoS DSCP-Based Classification
Egress QoS Policy Map
Hierarchical QoS
DMVPN Per-Tunnel QoS
QoS and IPSec Packet Replay Protection
Complete QoS Configuration
Summary
Further Reading
Part VI Direct Internet Access
Chapter 15 Direct Internet Access (DIA)
Guest Internet Access
Guest Access Quality of Service (QoS)
Guest Access Web-Based Acceptable Use Policy
Internal User Access
Fully Specified Static Default Route
Verification of Internet Connectivity
Network Address Translation (NAT)
Policy-Based Routing (PBR)
Internal Access Zone-Based Firewall (ZBFW)
Cloud Web Security (CWS)
Baseline Configuration
Outbound Proxy
WAAS and WCCP Redirect
Prevention of Internal Traffic Leakage to the Internet
Summary
References in this Chapter
Part VII Migration
Chapter 16 Deploying Cisco Intelligent WAN
Pre-Migration Tasks
Migration Overview
Deploying DMVPN Hub Routers
Migrating the Branch Routers
Post-Migration Tasks
Migrating from a Dual MPLS to a Hybrid IWAN Model
Migrating IPsec Tunnels
PfR Deployment
Testing the Migration Plan
Summary
Further Reading
Part VIII Conclusion
Chapter 17 Conclusion and Looking Forward
Intelligent WAN Today
Intelligent WAN Architecture
Intelligent WAN Tomorrow
Appendix A Dynamic Multipoint VPN Redundancy Models
Appendix B IPv6 Dynamic Multipoint VPN
Index