This presentation discusses the disrupting networking trends that are changing the Enterprise landscape, scope of these changes include the areas of network security, services delivery, application performance optimization and cloud access in tomorrow's borderless networks. The biggest challenge is to help Enterprise IT scale. Borderless Networks is an architectural approach to networking that, if designed correctly, can automate business and network processes driving down operational cost, thus allowing IT to scale. Cisco ISR G2 and ASR 1000 platforms offer the best in class service richness and flexibility that is needed to deliver the promise of borderless networks and allow users to turn on services on-demand.

1. #CNSF2011
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1

2. • NG Network – Introducing the Borderless Routing Infrastructure
• Platform Overview
ISR G2
ASR 1k
• Enabling Technologies
WAN Optimization
Video/MediaNet
QOS
Security
• Deployment Templates – Branch and Head End
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

3. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3

4. Borderless Network Architecture
Architecture for Agile Delivery of the Borderless Experience
BORDERLESS END-
POLICY POINT/USER SERVICES
Securely, Reliably, Seamlessly: AnyConnect
MANAGEMENT
BORDERLESS NETWORK Energy App Multimedia
Mobility: Security:
CISCO SMART SERVICES Management: Performance: Optimization:
Motion TrustSec
SERVICES EnergyWise App Velocity Medianet
CISCO BORDERLESS
NETWORK Unified Core Extended Extended
LIFECYCLE Access Fabric Edge Cloud
SYSTEMS
SERVICES
APIs
Application
BORDERLESS Wireless Routing Switching Networking/ Security
INFRASTRUCTURE Optimization
PROFESSIONAL SERVICES:
Realize the Value of Borderless Networks Faster
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4

5. Borderless Routing Infrastructure
Borderless Routing Infrastructure provides
• A prescriptive design to support deployment and access to enterprise and cloud resources
Not a list of all configuration options
• Focus on Large Enterprise and Public Sector organizations
• Provides an infrastructure for adding Borderless Services
Multi-Phase plan to support future services
• Incorporates application awareness and control for data, video and unified communications
IPv6
Cloud Access
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5

6. Which Reference Architecture?
Smart Business Architecture Scope Borderless Routing
(SBA) Infrastructure (BRI)
Campus Multiple Regional WANs
Single Regional WAN Routing Core for transport
Internet Edge Advanced WAN Capabilities
Scale
Up to 500 remote sites Theater and Global WANs
Up to 10,000 users Enterprise Interconnect
Fixed variants
Complexity
Prescriptive designs Enterprise MPLS
Detailed deployment guidance Multiple routing domains
Emphasis on best practices Carrier-class Services
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6

7. High Level Topology – BRI
In Theater WAN Global WAN In Theater WAN
Country A Country C
Services Services
Voice, Video, Etc. Voice, Video, Etc.
In Theater WAN
Country B
Services
Voice, Video, Etc.
Services Customer
Remote Voice, Video, Etc.
premise
Customer
premise
Regional Metro MAN
WANs
Interconnect
Internet
Unmanaged WAN
Data Center
Services
WEB Service
Cloud Cloud Provider
Campus Data Center
Enterprise RTR
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

8. Internet for Enterprise WAN
•Terminating remote networks into the
Regional
Location Primary WAN link Enterprise Edge
VPN
•VPN Termination, FW policies
Remote
Location •Allow primary or redundant links
VPN
Enterprise Internet •QOS on outbound interfaces
Borderless •No expectation of differentiated
Network services
Central Location
VPN •Makes Edge part of Enterprise Branch
Service
Provider
WAN design
WAN link
Typical flow
Optional Back location
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8

9. Enterprise Branch WAN - Overview
• Extensible to any branch size
Standardized Branch • Migration to NG connectivity (ethernet, WWAN)
Profiles • SP and Internet access models
• Designs to support 1500 to 15,000 branches
Scalable WAN • Support for specific branch QOS requirements
aggregation • High performance for applications data
• Security and Availability pervasive throughout
Embedded Core Services • UC&C incorporated as core functionality
• Consistent end-to-end QOS model
• Video monitoring and troubleshooting
Infrastructure for • Secure Cloud access
Borderless services • IPv6
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9

10. Enterprise Branch WAN
Interconnect
Local Campus Data Center
ASR 1k providing Redundant, Scalable
WAN Aggregation ASR1K
head-end
ASR1K
ASR1K ASR1K
Internet Internet Edge
SP A SP B DMVPN Head End
MPLS MPLS
OC3, GE
DS3, FE
ASR1K ASR1K 3G/4G WWAN
T1/E1, Ethernet
Ultra High-End
Branch Office High End Branch
Standard Branch MobileBranch
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10

11. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11

12. ISR G2 Line up
WAN Access Speeds with Services
3945E
Line Rate
N x FE 3925E
WAN Access Speed With Services
3945
Line Rate
FE + 3925
2951
2921
VDSL2+/Sub-rate FE
2911
2901
EFM
SubrateFE 1941
1921
800
10 Mb 15 Mb 25 Mb 35 Mb 50 Mb 75 Mb 100 Mb 150 Mb 250 Mb 350 Mb
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12

13. Integrated Services Routers G2 –
Technical Overview
Under the Covers
Services Performance Engine Multi-core Multi Gigabit Fabric NG DSP Modules
(3900) Network Processor § Module to module § Video ready DSP modules
§ Upgradeable engines § 5x- 7x performance increase communications § 4x increase in audio conferencing and
§ SPE-200 & SPE-250 § Packet prioritization transcoding
and shaping § Configurable power savings modes
EHWIC GE Ports
§ 2x performance increase § 4 on 3900E
§ HWIC/WIC/VWIC/VIC support § 3 on 2911+
natively § SFP slots on 2921
§ EPoE capable and above
Service Modules Internal Services Module USB
§ 3x-7x increase in service module performance § 3x increase in service § Console over USB
§ Existing NM support through adapter module performance § Convenience storage
§ EPoE capable § Configurable power savings mode § Security credentials
§ Not available on 3900E & 1941W
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13

14. Cisco ASR 1000 Series Routers: Overview
Compact, Business-Critical Resiliency Instant On
Powerful Router Service Delivery
§ Line-rate performance 2.5G to 100G+ with § Fully separated control and forwarding § Integrated firewall, VPN, encryption,
services enabled planes NBAR, CUBE-ENT,CUBE-SP
§ Investment protection with modular § Hardware and software redundancy § Scalable on-chip service provisioning
engines, IOS CLI and SPAs for I/O through software licensing
§ In-service software upgrades
§ Hardware based QoS engine with 128K
queues
Embedded High-Performance Resilient Services
ASR 1013
ASR 1001 ASR 1002 ASR 1004 ASR 1006
2.5 -5Gbps 2.5–10 10-40 10-40+ 40-360
Gbps Gbps Gbps Gbps
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14

15. ASR 1000 Series Chassis ASR1013
ASR1001 ASR1002 ASR1004 ASR1006
SPA Slots 1-slot/IDC 3-slot 8-slot 12-slot 24-slot
ESP Slots Integrated Integrated 1 2 2
SIP slots Integrated Integrated 2 3 6
Software
IOS Redundancy No ISSU
Software Software Hardware Hardware
Built-in GE 4 4 N/A N/A N/A
Height 1.75” (2RU) 3.5” (2RU) 7” (4RU) 10.5” (6RU) 22.7” (13RU)
Bandwidth 2.5/5.0 Gbps 5-10 Gbps 10-20 Gbps 10-40 Gbps 40+ Gbps
Maximum output
400W 470W 765W 1275W 3200W
Power
Airflow Front to back Front to back Front to back Front to back Front to back
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15

16. Cisco Router Security Certifications
http://www.cisco.com/go/securitycert
FIPS Common Criteria
140-2,
EAL4
Level 2
Cisco 880 Series ISR ü Aug 2011
Cisco 1900 Series ISR ü Aug 2011
Cisco 2900 Series ISR ü Aug 2011
Cisco 3900 Series ISR P Aug 2011
Cisco 3900E Series ISR Nov 2011 Aug 2011
Cisco ASR 1k P ü
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16

17. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17

18. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18

19. Cisco WAAS: WAN Optimization Solution
Flexible deployment options
One-box solution
Full WAAS functionality
WAAS
Branch Office on SRE
WAAS
WAN Appliances Data Center
WAN
WAN
Internet WAAS
VPN
WAAS
Branch Office Express
Fully integrated in IOS
No additional HW required
Integrates with overall WAAS deployment
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19

20. Key WAAS Express Features
§ Optimization
§ Auto-Discovery
§ TFO
§ LZ Compression
§ DRE
§ Management
§ Offers simplified CLI configuration
§ WAAS Central Manager for management and provisioning
§ Network Integration
§ Compatible with WAAS appliances
§ Inline IOS feature - Interoperates with IOS Security and QoS
§ Support for mixed devices (WAAS appliances, WAAS on SRE, WAAS Express
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20

21. Cisco PfR and Cisco WAAS Integration
Adaptive WAN-Optimized Network
• Cisco Wide Area Application Services (WAAS) optimizes the
TCP session
• Cisco PfR monitors and optimizes WAN path selection
• Cisco WAAS network transparency allows individualized session placement by Cisco PfR
over best WAN path
Cisco WAE
Cisco PfR Places SQL Traffic on Best-
Performing WAN Path
Cisco WAE
MPLS-VPN
BR
MC
BR
PfR Master Controller (MC) IPSec over Servers
Client & Border Router (BR) Internet
Cisco WAE
Branch Office Cisco PfR Data Center
© 2010 Cisco and/or its affiliates. All rights reserved.
Domain Cisco Confidential 21

22. WAAS 4.4 New Features and Benefits
4.4
Application Integrated APM
aware DRE • Increased Visibility into
Application and network
• Improved Performance (traditional, performance
emerging and cloud based • Improve operational and
applications) management efficiency
• Fair performance amongst • Rapid detection of application
branches performance issues
• Improved overall bandwidth
utilization
eCDS on VB
High Availability WCCP
enhancements • Complete WAN optimization + Video CDN
solution
• Improved WCCP timers for HA • Hierarchical CDN with advanced prepositioning
• Multiple WCCP service groups improving and dedicated Video cache
optimization performance •Scheduled events (live and multicast)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22

23. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23

24. Enterprise Campus
7 classes of service,
12 classifications
Queuing structure
Remote campus 4 Queues Multiple Thresholds
Data Center locations
locations
Queue
12 Classifications 7 Classes of Service
WAN
Telephony EF Voice PQ
Main campus
Real-Time Interactive CS4
locations T1 Real-time Interactive Q1
Multimedia Conferencing AF41
Network Control
CS6
Operations / Management CS2
T3 Low latency-Data
Signaling CS3
T2
Low-Latency Data AF21
T1 Q2
Multimedia Streaming AF31
Data
Broadcast Video CS5
Standard BE Best Effort
T2
High-Throughput AF11 Bulk Q3
T1
Low-Priority / Scavenger CS1 Scavenger
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24

25. Service Provider IP WAN 6 Classes of Service
Campus to WAN
SP IP WAN Service
Transition to 6 Classes of Service
Service provider
Queue
Queue Service Provider
Honored markings
12 Classifications CS6
7 Classes of Service PQ NM NM CS6 & CS7
CS2
Telephony EF Voice EF EF COS1
PQ EF & CS5
PQ
CS4
Q1
AF41 & CS4
CS4 AF41 COS2V
Real-Time Interactive CS4 T1 AF42 & AF43
T1 Real-time Interactive AF41
Multimedia Conferencing AF41
CS5 to AF41
Network Control CS6 CS3
CS2 CS6 AF31 & CS3
Operations / Management COS2
T3 Low latency-Data Q2 T1 AF32 & AF33
CS2
Signaling CS3 AF31
T2 CS3
Low-Latency Data AF21
T1 AF21 COS3
AF21 & CS2
Multimedia Streaming AF31 AF21 T1 AF22/ & AF23
Data CS5
Broadcast Video CS5
AF31
BE COS4 BE
Q3
Standard BE Best Effort
T2 BE
High-Throughput AF11 Bulk
T1 AF11 AF11 AF11/ & CS1
COS5
Low-Priority / Scavenger CS1 Scavenger T1 AF12 & AF13
CS1 CS1
LLQ-CBWFQ
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25

26. Restoring Original Marking
WAN to Campus
SP IP WAN Service
6 Classes of Service
Transition to Transition from
Service provider Service provider Campus
Queue
Service Provider
Honored markings
CS6 CS6
NM NM CS6
CS2 CS2
EF COS1 EF
PQ EF
PQ
CS4 CS4
AF41 & CS4 Solution B AF41 requires
AF41 COS2V T1 AF41
AF42 & AF43 WAN Encryption re-classification to CS5
CS5 to AF41 AF41 to CS5
1. Originating router remarks the
Encryption or tunnel header while
CS3 CS3
AF31 & CS3 reserving original marking.
COS2 T1 Solution A
AF32 & AF33
AF31 2. Terminating router removes AF31
Access Control List/NBAR
header and process traffic based
AF21 & CS2 on original DSCP markings Straight forward since
AF21 COS3 T1 AF21
AF22/ & AF23 1. DSCP mapping was one-to-one.
2. Broadcast Video has static
BE COS4 BE BE • Know IP source
• Know IP Multicast sink
AF11 AF11/ & CS1 AF11
COS5 T1
CS1 AF12 & AF13 CS1
LLQ-CBWFQ
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

27. policy-map WAN-SP-CLASS-OUTPUT
QOS 12-to-6 Mapping class VOICE
priority percent 10
class VIDEO-RT-INTERACTIVE
class-map match-any VOICE
priority percent 23
match ip dscp ef
class NETWORK-MGMT-OAM
class-map match-any VIDEO-RT-INTERACTIVE
bandwidth percent 5
match ip dscp cs4 af41
class BROADCAST-VIDEO
class-map match-any NETWORK-MGMT-OAM
set ip dscp af41
match ip dscp cs2 cs6
bandwidth percent 7
class-map match-any STREAMING-SIGNALLING
class STREAMING-SIGNALLING
match ip dscp cs3 af31
bandwidth percent 10
class-map match-any CRITICAL-DATA
class CRITICAL-DATA
match ip dscp af21 af22 af23
bandwidth percent 15
class-map match-any BULK-SCAVENGER
class BULK-SCAVENGER
match ip dscp cs1 af11
bandwidth percent 5
class-map match-any BROADCAST-VIDEO
match ip dscp cs5 random-detect
class-map match-any BEST-EFFORT class class-default
match ip dscp default bandwidth percent 25
random-detect
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27

28. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28

29. Video Conferencing Services
HQ/Campus
Video mixing MCU • Multiple video streams traverse the WAN
Branch
A
to a central MCU resource – non-optimal
use of limited WAN BW
WAN
• Video is mixed by a centralized MCU
controlled by CUCM
Signaling
Media
HQ/Campus
MCU § Video is mixed by the ISR G2 DSPs
Branch
controlled by CUCM or UCME
A
Video mixing
§ Keeps traffic local in the branch if all
participants are located in the branch
WAN
§ Ad-hoc and MeetMe conferences
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29

30. Branch MCU on ISR
sccp local GigabitEthernet0/2.2 dspfarm profile 1 conference video
homogeneous
sccp ccm 10.4.200.15 identifier 1 version 7.0
codec g711ulaw
sccp
codec g711alaw
sccp ccm group 1 IP addr of CUCM or CME for
control codec g729ar8
bind interface GigabitEthernet0/2.2
codec g729abr8
associate ccm 1 priority 1
codec g729r8
associate profile 1 register VCBc471fe671782
codec g729br8
keepalive retries 5
codec h264 4cif frame-rate 30 bitrate
keepalive timeout 10 1mbps
maximum sessions 8
associate application SCCP
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30

31. Media Monitoring
Performance Monitor
LiveAction
MPLS
Internet VPN
Branch Headend
Apply to in/out direction of
voice/video VLAN
• Monitor video traffic traversing different network types
• Generate alert based on user configurable threshold
• Enable on voice/video VLAN
• Provide metrics including jitter, packet loss, latency, bitrate, etc.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31

32. Performance Monitor
Sample CLI Output
Match: ipv4 src addr = 40.40.195.1, ipv4 dst addr = 40.40.222.1, ipv4 prot = udp, trns transport packets lost rate ( % ) : 1.02
src port = 31492, trns dst port = 16990, SSRC = 4075548911 *transport packets lost rate min ( % ) : 1.02
Policy: video-mon, Class: video-class, Interface: GigabitEthernet0/1, Direction: input *transport packets lost rate max ( % ) : 1.02
*transport tcp flow count : 0
*transport round-trip-time sum (msec) : NA
*counter flow : 1 *transport round-trip-time samples : NA
counter bytes : 3902031 transport round-trip-time (msec) : NA
counter bytes rate (Bps) : 130067 *transport round-trip-time min (msec) : NA
*counter bytes rate per flow (Bps) : 130067 *transport round-trip-time max (msec) : NA
*counter bytes rate per flow min (Bps) : 130067
*counter bytes rate per flow max (Bps) : 130067
counter packets : 5574
counter packets dropped : 0
routing forwarding-status reason : Unknown
interface input
interface output
: Gi0/1
: NA
show performance monitor status
monitor event : false
ipv4 dscp : 34
ipv4 ttl
application media bytes counter
: 252
: 3790551
Display performance metrics of the flows such
application media packets counter
application media bytes rate
: 5574
(Bps) : 126351 as
*application media bytes rate per flow (Bps) : 126351
*application media bytes rate per flow min (Bps) : 126351
*application media bytes rate per flow max (Bps) : 126351
*application media packets rate variation min ( % ) : NA • Packet rate
*application media packets rate variation max ( % ) : NA
application media event : Normal
*transport rtp flow count
transport rtp jitter mean
: 1
(usec) : 16967 • Jitter
transport rtp jitter minimum (usec) : 9029
transport rtp jitter maximum (usec) : 24120
*transport rtp payload type : 97
transport event packet-loss counter
*transport event packet-loss counter min
: 58
: 58
• Packet loss
*transport event packet-loss counter max : 58
transport packets expected counter : 5632
transport packets lost counter : 58
*transport packets lost counter minimum : 58
*transport packets lost counter maximum : 58
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32

33. Performance Monitor
Setting Threshold and Syslog Alert
policy-map type performance-monitor <vidmon_policy> • Monitoring policy can contain threshold and
class rtsp-video
flow monitor vidmon-monitor
action
react 1 transport-packets-lost-rate
threshold value ge 5.00 • Syslog contains flow information and value
alarm severity alert
action syslog of metric that exceeds the threshold
Feb 22 18:28:29.866 PST: %PERF_TRAFFIC_REACT-1-ALERTSET: TCA RAISE.
Detailed info: Threshold value crossed - current value 14.55%
Flow info: src ip 172.30.0.1, dst ip 172.30.102.6
src port 5004, dst port 3381
ssrc 3618346598
Policy info: Policy-map vidmon-policy, Class rtsp-video, Interface GigabitEthernet0/1,
Direction input
React info: id 1, criteria transport-packets-lost-rate, severity alert, alarm type
discrete, threshold range [5.00%, 100.00%]
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33

34. Media Monitoring
Mediatrace
Collaboration
Manager
Initiate Mediatrace for
traffic from Branch
phone to Headend
phone
MPLS
Internet VPN
Branch Headend
• Use Mediatrace to further troubleshoot media issues
• Initiate Mediatrace to discover path, system resource, or quality metrics on devices in the media
path
• Mediatrace responders collect the requested metrics and return to initiator
• Works with Cisco Collaboration Manager
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34

35. Mediatrace
Cisco Collaboration Manager
Identify the device causing media
issue
Display media path
Display media flow performance
Display the path taken by the media stream statistics
Identify the device in the path where problem is seen
Display the media flow performance metrics
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35

36. Mediatrace
Sample CLI Output
Two types of mediatrace profiles – system and perf-monitor Memory
mediatrace profile system <name> Mediatrace Hop Number: 1 (host=branch1-router, ttl=253)
metric-list cpu|intf|memory Metrics Collection Status: Success
Reachability Address: 10.1.0.128
Ingress Interface: Gi0/1
mediatrace profile perf-monitor <name>
Egress Interface: Gi0/0.21
metric-list tcp|rtp Metrics Collected:
Collection timestamp: 16:23:21.193 PST Tue Feb 15 2011
Processor memory utilization (%): 5
CPU Intf
Mediatrace Hop Number: 1 (host=branch1-router, ttl=253) Mediatrace Hop Number: 1 (host=branch1-router, ttl=253)
Metrics Collection Status: Success Metrics Collection Status: Success
Reachability Address: 10.1.0.128 Reachability Address: 10.1.0.128
Ingress Interface: Gi0/1 Ingress Interface: Gi0/1
Egress Interface: Gi0/0.21 Egress Interface: Gi0/0.21
Metrics Collected: Metrics Collected:
Collection timestamp: 16:23:07.209 PST Tue Feb 15 2011 Collection timestamp: 16:22:49.825 PST Tue Feb 15 2011
One min CPU utilization (%): 2 Octet input at Ingress (KB): 388610.651
Five min CPU utilization (%): 2 Octet output at Egress (KB): 271010.426
Pkts rcvd with err at Ingress (pkts): 0
Pkts errored at Egress (pkts): 0
Pkts discarded at Ingress (pkts): 0
Pkts discarded at Egress (pkts): 0
Ingress i/f speed (mbps): 1000.000000
Egress i/f speed (mbps): 1000.000000
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36

37. Mediatrace
Sample Output (Cont.)
RTP TCP
Mediatrace Hop Number: 1 (host=branch1-router, ttl=253)
Mediatrace Hop Number: 1 (host=branch1-router, ttl=253)
Metrics Collection Status: Success
Metrics Collection Status: Success
Reachability Address: 10.1.0.128
Reachability Address: 10.1.0.128
Ingress Interface: Gi0/1
Ingress Interface: Gi0/1
Egress Interface: Gi0/0.21
Egress Interface: Gi0/0.21
Metrics Collected:
Metrics Collected:
Flow Sampling Start Timestamp: 21:36:54
Flow Sampling Start Timestamp: 16:09:22
Loss of measurement confidence: FALSE
Loss of measurement confidence: FALSE
Media Stop Event Occurred: FALSE
Media Stop Event Occurred: FALSE
IP Packet Drop Count (pkts): 0
IP Packet Drop Count (pkts): 0
IP Byte Count (KB): 2025.305
IP Byte Count (KB): 1224.162
IP Packet Count (pkts): 1566
IP Packet Count (pkts): 1201
IP Byte Rate (Bps): 67510
IP Byte Rate (Bps): 40805
Packet Drop Reason: 0
Packet Drop Reason: 0
IP DSCP: 40
IP DSCP: 0
IP TTL: 125
IP TTL: 125
IP Protocol: 6
IP Protocol: 17
Media Byte Count (KB): 1962.665
Media Byte Rate Average (Bps): 40004
TCP Connect Round Trip Delay (ms): 4294.967295
Media Byte Count (KB): 1200.142
TCP Lost Event Count: 14
Media Packet Count (pkts): 1201
RTP Interarrival Jitter Average (usec): 52808
RTP Packets Lost (pkts): 7
RTP Packets Expected (pkts): 1208
RTP Packet Lost Event Count: 7
RTP Loss Percent (%): 0.57
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37

38. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38

39. GET VPN Technology
Key Server Key Server
Group
Group Member
Member
Group
Member
§ IETF Standards based - Group Domain of Interpretation (GDOI)
Registration
§ Key Management Protocol
Rekey § Group Members authenticate and register to the key server
§ Key Server distributes keys and policies
Encrypted data flow § Periodic refresh of keys from key server
COOP Protocol § Separation of control and data plane
© 2010 Cisco and/or its affiliates. All rights reserved.
§ High Availability built into the key server protocol Cisco Confidential 39

40. Cooperative Key Server
• Primary: Elected by eligible set of KS
Creates Keys, Registers GM, Distributes Keys, Notifies Secondary
§ Secondary: Eligible KS in cooperative state for a group
Registers GM, Monitors Primary, Notifies Primary of New GM
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40

41. DMVPN Phase 3
• Full meshed connectivity w/ simple configuration of hub Secure On-Demand Meshed Tunnels
and spokes
Hub
• Supports dynamically addressed spokes
• Zero touch configuration for addition of new spokes
§ Hierarchical hub network design for improved
resiliency and network scalability VPN
§ Dynamic discovery of shortest path between hubs for Spoke B
improved resiliency for inter-hub connection
§ Route summarization for improved bandwidth
utilization & reduced routing protocol load on hub and
spokes Spoke A
§ OSPF not limited to two hubs for improved routing = DMVPN Tunnels
= Traditional Static Tunnels
protocol scalability in DMVPN = Static Known IP Addresses
= Dynamic Unknown IP Addresses
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41

42. © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42

43. Enterprise Branch WAN
Interconnect
Local Campus Data Center
ASR 1k providing Redundant, Scalable
WAN Aggregation ASR1K
head-end
ASR1K
ASR1K ASR1K
Internet Internet Edge
SP A SP B DMVPN Head End
MPLS MPLS
OC3, GE
DS3, FE
ASR1K ASR1K 3G/4G WWAN
T1/E1, Ethernet
Ultra High-End
Branch Office High End Branch
Standard Branch MobileBranch
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43

44. Transitions in Enterprise Branch WANs
• T1/E1 deployments diminishing
New Access Circuits • Cheap Ethernet Bandwidth becoming prevalent
• WWAN (3G/4G) popularity
Maximize use of all • Broadband connections provide cheap secondary bandwidth
bandwidth • Intelligent traffic shaping across all access
• Public cloud resources make hub & spoke WANs obsolete
Cloud access • Internet edge functionality has to be distributed to multiple sites
• Planned and unplanned video eats WAN bandwidth
Video • Support and control of wanted video traffic
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44

45. Enterprise Branch WAN – Branch Profiles
Mobile Branch Standard Branch
• Prime requirement is mobility of • Deliver Std Def video
branch • BW up to 10Mb ethernet
• Connection via 3G/3G or satellite • Migration from T1/E1 to ethernet
• WAN Optimization to provide best • SP MPLS link with Internet backup
application performance (xDSL, WWAN)
• Limited QOS now, expandable with • 4 9s availability
4G delivery
High-End Branch Ultra-High End Branch
• HD video capable • Very high BW (up to 1Gb), high
• Migrate from DS3 to ethernet availability requirements
• Dual SP MPLS connectivity – load • Redundancy and performance a key
balance and failover drivers
• 5 9s availability • Many services broken out into
dedicated platforms
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45

46. BRI Management Components
ü Simplifies the configuration and management of endpoints
ü Medianet “plug-in” provides workflows for provisioning autoconfiguration and location settings and
Cisco Prime LAN tracking of medianet endpoints
Management Solution ü More info: http://cisco.com/go/lms
ü Supports timely end-to-end visibility and isolation of video-related issues for TelePresence sessions,
endpoints, and the network
ü Provides deeper network path visibility, down to the granularity of video flow statistics, wherever
Cisco Prime Medianet-capable devices are deployed in the network
Collaboration Manager ü More info: http://www.cisco.com/go/cpcm
ü Site-based monitoring
ü Interactive reports with advanced filters and contextual navigation
ü Application performance intelligence
Cisco Prime
NAM
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46

47. Enterprise Branch WAN – Mobile Branch
• Focus on flexible deployment of the branch
itself
• Retail Banking
• Retail
• Public Sector Headquarters
• Others
• Security enabled branch supports primary
connectivity via WWAN link ASR1K ASR1K
• 3G/4G
• Satellite
• Optimized connection to maximize application
performance Internet
Mobile Branch Office
with 3G WWAN
HWIC
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47

48. Technical Details – Mobile Branch
Platform WAN Int SW Releases Services
Cisco 1941W 3G/4G IOS 15.1(4)M Security – ZBF, DMVPN, IPS*
QOS – egress only
IPv6 – 6to4 tunneling
WAAS Express
UC & Video – Best effort
WAAS Express
interface Tunnel10
bandwidth 8192
waas enable Single IOS command on the interface
sh int g0/0
30 second output rate 3731000 bits/sec, 352 packets/sec (original bandwidth )
sh int tun 10
Checksumming of packets disabled
30 second input rate 290000 bits/sec, 54 packets/sec (optimized bandwidth in the WAN)
sh waas status Optimization saves 800kb on cellular
Maximum Flows : 200
Total Active connections : 29 interface with 23 connections
Total optimized connections : 23
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48

49. Enterprise Branch WAN – Standard Branch
•Most typical branch deployment across all sectors
•Load balance across redundant links with PfR
•Encrypt all traffic
•Map LAN QOS to SP QOS offering
•Service Advertisement
•MediaNet deployment
Enterprise Carriers Remote Sites
Interconnect
SP B
primary
QFP
MPLS
GETVPN
Headquarters primary
primary
Access
ISR G2
secondary
QFP
Internet
WAAS
DMVPN
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49

50. Technical Details – Standard Branch
Platform WAN Int SW Releases Services
Cisco 2951 4xT1 IOS 15.1(4)M •Security – GETVPN (6to4), DMVPN (6to4)
GE (rate limited to WAAS v4.4 (on SRE) •QOS – Per tunnel QOS, RSVP session control
10Mb) •IPv6 – Dual stack
DSL, WWAN •WAAS (on SRE), PfR
•UC & Video – SAF, SRST, Inline montioring
•FNF, IPSLA, Multicast, NBAR
T1 Configuration
10 Mb Ethernet Config
controller T1 0/0/0
cablelength long 0db interface GigabitEthernet0/1
channel-group 0 timeslots 1-24 bandwidth 10000
! (bandwidth provisioned for 10Mbps)
controller T1 0/0/1 ip address 10.4.81.114 255.255.255.252
cablelength long 0db ip nbar protocol-discovery
channel-group 0 timeslots 1-24 ip flow ingress
ip flow egress
interface Multilink1 load-interval 30
ip address 10.4.81.114 255.255.255.252 duplex auto
ip virtual-reassembly in speed auto
ppp multilink
ppp multilink group 1
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50

51. Technical Details – Standard Branch
• Performance Routing
pfr-map MAP-STD-BR1 10 pfr-map MAP-STD-BR1 20
Master Controller (MC) & Border Router (BR)
match pfr learn list STD_BRANCH1_VIDEO match pfr learn list STD_DATA
set mode monitor fast set mode monitor active throughput
border 10.6.8.254 key-chain BRI-PFR
set resolve loss priority 2 variance 5 set max-xmit-utilization percentage 80
resolve utilization priority 2 variance 10
SP B
set resolve jitter priority 3 variance 5 set unreachable threshold 200000 link)
MPLS interface GigabitEthernet0/0 external
set resolve delay priority 4 variance 5 set probe frequency 30
GETVPN
set loss threshold 50000 set link-group MPLS fallback DMVPN
ISR G2 link-group MPLS-A (Primary MPLS
set jitter threshold 30
Internet interface Tunnel10 external
set probe frequency 4 ip access-list extended critical-data
DMVPN
link-group DMVPN (DMVPN link)
set link-group MPLS-A fallback DMVPN and Critical Data permit ip any any dscp cs3
permit ip any any dscp af31
ip access-list extended 10 refname STD_BRANCH1_VIDEO
list seq DSCP_VIDEO
2 classes of traffic – Video
(learn list for Video)
permit ip any any dscp af41access-list DSCP_VIDEO filter HQ_VIDEO
traffic-class ip prefix-list HQ_VIDEO seq 5 permit 10.4.98.0/24
aggregation-type prefix-length 32
permit ip any any dscp cs4
list seq 20 refname STD_DATA (learn list for Data)
ip prefix-list HQ_DATA seq 5 permit 10.4.97.0/24
traffic-class access-list critical-data filter HQ_DATA
aggregation-type prefix-length 27
throughput
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51

52. Enterprise Branch WAN – High End Branch
• All features from Standard Branch
• HD Video ready
• Higher availability requirements
• Redundant routers
• Redundant MPLS carriers, no Internet
WAN
Enterprise
Interconnect
Carriers Remote Site
WAAS SP B
MPLS
ASR1K
GETVPN
ISR G2
Headquarters ISR G2
ASR1K
SP A
MPLS
GETVPN 52
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

53. Technical Details – High End Branch
Platform WAN Int SW Releases Services
Cisco 3945E DS3 IOS 15.1(4)M •HA – HSRP, Redundant PS
GE (rate limited to WAAS v4.4 •Security – GETVPN (6to4),
100Mb) to each SP •QOS – Per tunnel QOS, RSVP session control
•IPv6 – Dual stack
•WAAS, PfR
•UC & Video – SAF, SRST, Inline montioring, TP, Video streaming,
Physical security, UCM int for MCU
•FNF, IPSLA
•L3VPN for segregation (3VRFs)
T3 Config Ethernet Config
interface Serial1/0 interface GigabitEthernet0/0
ip address 10.4.81.10 255.255.255.252 bandwidth 100000 (bandwidth configured for 100Mbps)
ip wccp 62 redirect in ip address 10.4.82.10 255.255.255.252
ip flow ingress ip mtu 1400
ip flow egress ip wccp 62 redirect in
encapsulation ppp load-interval 30
load-interval 30 duplex auto
dsu bandwidth 44210 speed auto
crypto map GN2 crypto map GN2
service-policy output WAN service-policy output WAN
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53