From DocWiki

(Redirected from PfRv3:IWAN Overview)
Jump to: navigation, search


IWAN Overview



The Cisco Intelligent WAN (IWAN) is a system that enhances collaboration and cloud application performance while reducing the operating cost of the WAN. The IWAN solution provides design and implementation guidance for organizations looking to deploy a transport independent WAN with intelligent path control, application optimization, and secure connectivity to the Internet and branch locations while reducing the operating cost of the WAN. IWAN takes full advantage of premium WAN and cost-effective Internet services to increase bandwidth capacity without compromising performance, reliability, or security of collaboration or cloud-based applications. Organisations can use IWAN to leverage the Internet as a WAN transport, as well as, for direct access to Public Cloud applications. (See Figure 1.)

Figure 1. Cisco IWAN works with both private and public clouds.


IWAN allows you to:

  • Augment your network with lower-cost connectivity options, like the Internet
  • Realize the cost benefits of provider flexibility and higher WAN utilization
  • Offload the corporate WAN with application optimization, intelligent caching, and highly secure direct Internet access.

Technology Overview

With the advent of globalization, wide area networks (WAN) have become a major artery for communication between remote offices and customers in any corner of the world. Additionally, with data center consolidation, applications are moving to centralized data centers and clouds. The WAN now plays an even more critical role as business survival is dependent on the availability and performance of the network.

Until now, the only way to get reliable connectivity with predictable performance was to take advantage of a private WAN using MPLS or leased line service. However, carrier-based MPLS and leased line service can be expensive and are not always cost-effective for an organization to use for WAN transport to support growing bandwidth requirements for remote-site connectivity. Organizations are looking for ways to lower operating budget while adequately providing the network transport for a remote site.

Cisco Intelligent WAN (IWAN) can enable organisations to deliver an uncompromised experience over any connection. With Cisco IWAN IT organization can provide more bandwidth to their branch office connections using less expensive WAN transport options without affecting performance, security, or reliability. With the IWAN solution, traffic is dynamically routed based on application service-level agreement (SLA), endpoint type, and network conditions to deliver the best quality experience. The realized savings from IWAN not only pays for the infrastructure upgrades, but also frees resources for business innovation.

IWAN allows you to:

  • Augment your network with lower-cost connectivity options, like the Internet
  • Realize the cost benefits of provider flexibility and higher WAN utilization
  • Offload the corporate WAN with application optimization, intelligent caching, and highly secure direct Internet access.

With IWAN, you can quickly roll out bandwidth-intensive applications, such as video, virtual desktop infrastructure (VDI), and guest Wi-Fi services. And it doesn’t matter which transport model you prefer, whether Multiprotocol Label Switching (MPLS), the Internet, cellular, or a hybrid WAN access model. The savings from IWAN often pay for the branch infrastructure investments, and may also free up resources for new, innovative business services.

The following figure outlines the components of the IWAN solution. Performance Routing is a key pillar of this initiative:


The four components of Cisco Intelligent WAN are:

  • Secure and flexible transport-independent design: Using Dynamic Multipoint VPN (DMVPN) IWAN provides capabilities for easy multi-homing over any carrier service offering, including Multiprotocol Label Switching (MPLS), broadband, and cellular 3G/4G/LTE. More importantly, the design simplifies the routing design with a single routing control plane and minimal peering to providers, making it easy for organizations to mix and match and change providers and transport options. Two or more WAN transport providers are recommended to increase network availability up to 99.999%. Additionally, the Cisco DMVPN solution provides an industry-proven and U.S. government FIPS 140-2 certified IPsec solution for data privacy and integrity protection, and automatic site-to-site IP Security (IPsec) tunnels.
    • Technology: DMVPN/IPsec overlay design

  • Intelligent path control: By using Cisco Performance Routing (PfR), this component improves application delivery and WAN efficiency. PfR dynamically controls data packet forwarding decisions by looking at application type, performance, policies, and path status. PfR protects business applications from fluctuating WAN performance while intelligently load-balancing traffic over the best performing path based on the application policy. PfR monitors the network performance - jitter, packet loss, delay - and makes decisions to forward critical applications over the best performing path based on the application policy. Cisco PfR consists of border routers that connect to the broadband service, and a master controller application supported by Cisco IOS® Software on a router. The border routers collect traffic and path information and send it to the master controller, which detects and enforces the service policies to match the application requirement. Cisco PfR can select an egress WAN path to intelligently load-balance traffic based on circuit costs, to reduce a company's overall communications expenses. IWAN intelligent path control is the key to providing a business-class WAN over Internet transport.
    • Technology: Performance routing (PfR). PfR evolves to a major new release called PfRv3.

  • Application optimization: Cisco Application Visibility and Control (AVC) and Cisco Wide Area Application Services (WAAS) provide application performance visibility and optimization over the WAN. With applications becoming increasingly opaque due to increase reuse of well-known ports such as HTTP (port 80), static port classification of application is no longer sufficient. Cisco AVC provides application awareness with deep packet inspection of traffic to identify and monitor applications' performance. Visibility and control at the application level (layer 7) is provided through AVC technologies such as Network-Based Application Recognition 2 (NBAR2), NetFlow, quality of service (QoS), Performance Monitoring, Medianet, and more. Cisco AVC allows IT to determine what traffic is running across the network, tune the network for business- critical services, and resolve network problems. With increased visibility into the applications on the network, better QoS and PfR policies can be enabled to help ensure that critical applications are properly prioritized across the network. Cisco WAAS provides application-specific acceleration capabilities that improve response times while reducing WAN bandwidth requirements.
    • Technologies: Application Visibility and Control (AVC), WAAS, Akamai Connect

  • Secure connectivity: protects the WAN and offloads user traffic directly to the Internet. Strong IPsec encryption, zone-based firewalls, and strict access lists are used to protect the WAN over the public Internet. Routing branch users directly to the Internet improves public cloud application performance while reducing traffic over the WAN. Cisco Cloud Web Security (CWS) service provides a cloud-based web proxy to centrally manage and secure user traffic accessing the Internet.
    • Technologies: Cisco IOS Firewall/IPS, Cloud Web Security (CWS)

Rating: 4.3/5 (22 votes cast)

Personal tools