Introduction
The Cisco Intelligent WAN (IWAN) enables organization to deliver an uncompromised experience over any WAN transport. With the Cisco IWAN architecture, organizations can provide more bandwidth to their branch office connections using cost-effective WAN transports without affecting performance, security, or reliability.
The authors’ goal was to provide a multifunction self-study book that explains the technologies used in the IWAN architecture that would allow the reader to successfully deploy the technology. Concepts are explained in a modular structure so that the reader can learn the logic and configuration associated with a specific feature. The authors provide real-world use cases that will influence the design of your IWAN network.
Knowledge learned from this book can be used for deploying IWAN via CLI or other Cisco management tools such as Cisco Prime Infrastructure or Application Policy Infrastructure Controller Enterprise Module (APIC-EM).
Who Should Read This Book?
This book is for network engineers, architects, and consultants who want to learn more about WAN networks and the Cisco IWAN architecture and the technical components that increase the effectiveness of the WAN. Readers should have a fundamental understanding of IP routing.
How This Book Is Organized
Although this book can be read cover to cover, it is designed to be flexible and allow you to easily move between chapters and sections of chapters so that you can focus on just the material that you need.
Part I of the book provides an overview of the evolution of the WAN.
Chapter 1, “Evolution of the WAN”: This chapter explains the reasons for increased demand on the WAN and why the WAN has become more critical to businesses in any market vertical. The chapter provides an introduction to Cisco Intelligent WAN (IWAN) and how it enhances user experiences while lowering operational costs.
Part II of the book explains transport independence through the deployment of Dynamic Multipoint VPN (DMVPN).
Chapter 2, “Transport Independence”: This chapter explains the history of WAN technologies and the current technologies available to network architects. Dynamic Multipoint VPN (DMVPN) is explained along with the benefits that it provides over other VPN technologies.
Chapter 3, “Dynamic Multipoint VPN”: This chapter explains the basic concepts of DMVPN and walks the user from a simple topology to a dual-hub, dual-cloud topology. The chapter explains the interaction that NHRP has with DMVPN because that is a vital component of the routing architecture.
Chapter 4, “Intelligent WAN (IWAN) Routing”: This chapter explains why EIGRP and BGP are selected for the IWAN routing protocols and how to configure them. In addition to explaining the logic for the routing protocol configuration, multicast routing is explained.
Chapter 5, “Securing DMVPN Tunnels and Routers”: This chapter examines the vulnerabilities of a network and the steps that can be taken to secure the WAN. It explains IPsec DMVPN tunnel protection using pre-shared keys and PKI infrastructure. In addition, the hardening of the router is performed through the deployment of Zone-Based Firewall (ZBFW) and Control Plane Policing (CoPP).
Part III of the book explains how to deploy intelligent routing in the WAN.
Chapter 6, “Application Recognition”: This chapter examines how an application can be identified through the use of traditional ports and through deep packet inspection. Application classification is essential for proper QoS policies and intelligent routing policies.
Chapter 7, “Introduction to Performance Routing (PfR)”: This chapter discusses the need for intelligent routing and a brief evolution of Cisco Performance Routing (PfR). The chapter also explains vital concepts involving master controllers (MCs) and border routers (BRs) and how they operate in PfR version 3.
Chapter 8, “PfR Provisioning”: This chapter explains how PfRv3 can be configured and deployed in a topology.
Chapter 9, “PfR Monitoring”: This chapter explains how PfR can be examined to verify that it is operating optimally.
Chapter 10, “Application Visibility”: This chapter discusses how PfR can view and collect application performance on the WAN.
Part IV of the book discusses and explains how application optimization integrates into the IWAN architecture.
Chapter 11, “Introduction to Application Optimization”: This chapter covers the fundamentals of application optimization and how it can accelerate application responsiveness while reducing demand on the current WAN.
Chapter 12, “Cisco Wide Area Application Services (WAAS)”: This chapter explains the Cisco WAAS architecture and methods that it can be inserted into a network. In addition, it explains how the environment can be sized appropriately for current and future capacity.
Chapter 13, “Deploying Application Optimizations”: This chapter explains how the various components of WAAS can be configured for the IWAN architecture.
Part V of the book explains the specific aspects of QoS for the WAN.
Chapter 14, “Intelligent WAN Quality of Service (QoS)”: This chapter explains NBAR-based QoS policies, Per-Tunnel QoS policy, and other changes that should be made to accommodate the IWAN architecture.
Part VI of the book discusses direct Internet access and how it can reduce operational costs while maintaining a consistent security policy.
Chapter 15, “Direct Internet Access (DIA)”: This chapter explains how direct Internet access can save operational costs while providing additional services at branch sites. The chapter explains how ZBFW or Cisco Cloud Web Security can be deployed to provide a consistent security policy to branch network users.
Part VII of the book explains how IWAN can be deployed.
Chapter 16, “Deploying Cisco Intelligent WAN”: This chapter provides an overview of the steps needed to successfully migrate an existing WAN to Cisco Intelligent WAN.
The book ends with a closing perspective on the future of the Cisco software-defined WAN (SD-WAN) and the management tools that are being released by Cisco.
Learning in a Lab Environment
This book contains new features and concepts that should be tested in a lab environment first. Cisco VIRL (Virtual Internet Routing Lab) provides a scalable, extensible network design and simulation environment that includes several Cisco Network Operating System virtual machines (IOSv, IOS-XRv, CSR 1000V, NX-OSv, IOSvL2, and ASAv) and has the ability to integrate with third-party vendor virtual machines or external network devices.
The authors will be releasing a VIRL topology file so that readers can learn the technologies as they are explained in the book. More information about VIRL can be found at http://virl.cisco.com.
Additional Reading
The authors tried to keep the size of the book manageable while providing only necessary information about the topics involved. Readers who require additional reference material may find the following books to be a great supplementary resource for the topics in this book:
Bollapragada, Vijay, Mohamed Khalid, and Scott Wainner. IPSec VPN Design. Indianapolis: Cisco Press, 2005. Print.
Edgeworth, Brad, Aaron Foss, and Ramiro Garza Rios. IP Routing on Cisco IOS, IOS XE, and IOS XR. Indianapolis: Cisco Press, 2014. Print.
Karamanian, Andre, Srinivas Tenneti, and Francois Dessart. PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks. Indianapolis: Cisco Press, 2011. Print.
Seils, Zach, Joel Christner, and Nancy Jin. Deploying Cisco Wide Area Application Services. Indianapolis: Cisco Press, 2008. Print.
Szigeti, Tim, Robert Barton, Christina Hattingh, and Kenneth Briley Jr. End-to-End QoS Network Design: Quality of Service for Rich-Media & Cloud Networks, Second Edition. Indianapolis: Cisco Press, 2013. Print.