Using Cisco Intelligent WAN (IWAN), businesses can deliver an uncompromised experience, security, and reliability to branch offices over any connection. Cisco IWAN simplifies WAN design, improves network responsiveness, and accelerates deployment of new services. Now, there's an authoritative single-source guide to Cisco IWAN: all you need to understand it, design it, and deploy it for maximum value.
In Cisco Intelligent WAN (IWAN), leading Cisco experts cover all key IWAN technologies and components, addressing issues ranging from visibility and provisioning to troubleshooting and optimization. They offer extensive practical guidance on migrating to IWAN from your existing WAN infrastructure. This guide will be indispensable for all experienced network professionals who support WANs, are deploying Cisco IWAN solutions, or use related technologies such as DMVPN or PfR.
Deploy Hybrid WAN connectivity to increase WAN capacity and improve application performance Overlay DMVPN on WAN transport to simplify operations, gain transport independence, and improve VPN scalability Secure DMVPN tunnels and IWAN routers Use Application Recognition to support QoS, Performance Routing (PfR), and application visibility Improve application delivery and WAN efficiency via PfR Monitor hub, transit, and branch sites, traffic classes, and channels Add application-level visibility and per-application monitoring to IWAN routers Overcome latency and bandwidth inefficiencies that limit application performance Use Cisco WAAS to customise each location's optimisations, application accelerations, and virtualisation Smoothly integrate Cisco WAAS into branch office network infrastructure Ensure appropriate WAN application responsiveness and experience Improve SaaS application performance with Direct Internet Access (DIA) Perform pre-migration tasks, and prepare your current WAN for IWAN Migrate current point-to-point and multipoint technologies to IWAN
, David Prall
, Jean Marc Barozet
, Anthony Lockhart
, Nir Ben-Dvora
Country of Publication:
28 October 2016
Professional and scholarly
Part I Introduction to IWAN Chapter 1 Evolution of the WAN WAN Connectivity Increasing Demands on Enterprise WANs Quality of Service for the WAN Branch Internet Connectivity and Security Cisco Intelligent WAN Summary Part II Transport Independent Design Chapter 2 Transport Independence WAN Transport Technologies Benefits of Transport Independence Summary Chapter 3 Dynamic Multipoint VPN Generic Routing Encapsulation (GRE) Tunnels Next Hop Resolution Protocol (NHRP) Dynamic Multipoint VPN (DMVPN) DMVPN Configuration Spoke-to-Spoke Communication Problems with Overlay Networks IP NHRP Authentication Unique IP NHRP Registration DMVPN Failure Detection and High Availability DMVPN Dual-Hub and Dual-Cloud Designs IWAN DMVPN Sample Configurations Sample IWAN DMVPN Transport Models Backup Connectivity via Cellular Modem IWAN DMVPN Guidelines Troubleshooting Tips Summary Further Reading Chapter 4 Intelligent WAN (IWAN) Routing Routing Protocol Overview Topology WAN Routing Principles EIGRP for IWAN Border Gateway Protocol (BGP) FVRF Transport Routing Multicast Routing Summary Further Reading Chapter 5 Securing DMVPN Tunnels and Routers Elements of Secure Transport IPsec Fundamentals IPsec Tunnel Protection IKEv2 Protection Securing Routers That Connect to the Internet Control Plane Policing (CoPP) Device Hardening Summary Further Reading Part III Intelligent Path Control Chapter 6 Application Recognition What Is Application Recognition? What Are the Benefits of Application Recognition? NBAR2 Application Recognition NBAR2 Application ID, Attributes, and Extracted Fields NBAR2 Operation and Functions Custom Applications and Attributes NBAR2 State with Regard to Device High Availability Encrypted Traffic NBAR2 Interoperability with Other Services NBAR2 Protocol Discovery NBAR2 Visibility Dashboard NBAR2 Protocol Packs Validation and Troubleshooting Summary Further Reading Chapter 7 Introduction to Performance Routing (PfR) Performance Routing (PfR) Introduction to the IWAN Domain Intelligent Path Control Principles Summary Further Reading Chapter 8 PfR Provisioning IWAN Domain Topology PfR Configuration Advanced Parameters Path Selection Summary Further Reading Chapter 9 PfR Monitoring Topology Checking the Hub Site Checking the Transit Site Check the Branch Site Monitoring Operations Summary Further Reading Chapter 10 Application Visibility Application Visibility Fundamentals Performance Metrics Flexible NetFlow Evolution to Performance Monitor Metrics Export Deployment Considerations Summary Further Reading Part IV Application Optimization Chapter 11 Introduction to Application Optimization Application Behavior Cisco Wide Area Application Services (WAAS) Caching and Compression Application-Specific Acceleration Summary Further Reading Chapter 12 Cisco Wide Area Application Services (WAAS) Cisco WAAS Architecture Cisco WAAS Platforms WAAS Design and Performance Metrics Cisco WAAS Operational Modes Interception Techniques and Protocols WAAS Interception Network Integration Best Practices Summary Further Reading Chapter 13 Deploying Application Optimizations GBI: Saving WAN Bandwidth and Replicating Data WAN Optimization Solution Deploying Cisco WAAS AppNav-XE GBI Branch Deployment Summary Part V QoS Chapter 14 Intelligent WAN Quality of Service (QoS) QoS Overview Ingress QoS NBAR-Based Classification Ingress LAN Policy Maps Egress QoS DSCP-Based Classification Egress QoS Policy Map Hierarchical QoS DMVPN Per-Tunnel QoS QoS and IPSec Packet Replay Protection Complete QoS Configuration Summary Further Reading Part VI Direct Internet Access Chapter 15 Direct Internet Access (DIA) Guest Internet Access Guest Access Quality of Service (QoS) Guest Access Web-Based Acceptable Use Policy Internal User Access Fully Specified Static Default Route Verification of Internet Connectivity Network Address Translation (NAT) Policy-Based Routing (PBR) Internal Access Zone-Based Firewall (ZBFW) Cloud Web Security (CWS) Baseline Configuration Outbound Proxy WAAS and WCCP Redirect Prevention of Internal Traffic Leakage to the Internet Summary References in this Chapter Part VII Migration Chapter 16 Deploying Cisco Intelligent WAN Pre-Migration Tasks Migration Overview Deploying DMVPN Hub Routers Migrating the Branch Routers Post-Migration Tasks Migrating from a Dual MPLS to a Hybrid IWAN Model Migrating IPsec Tunnels PfR Deployment Testing the Migration Plan Summary Further Reading Part VIII Conclusion Chapter 17 Conclusion and Looking Forward Intelligent WAN Today Intelligent WAN Architecture Intelligent WAN Tomorrow Appendix A Dynamic Multipoint VPN Redundancy Models Appendix B IPv6 Dynamic Multipoint VPN Index
Brad Edgeworth, CCIE No. 31574 (R/S & SP), Cisco Systems Engineer and Technical Leader, and author of IP Routing on Cisco IOS, IOS XE, and IOS XR. A Distinguished Speaker at Cisco Live, he has architected networks for multiple Fortune (R) 500 companies. He has nearly 20 years of IT experience, specializing in routing for enterprise and service provider environments. Jean-Marc Barozet is a Principal Engineer with the Intelligent WAN (IWAN) product management team, helping to architect and lead the Cisco SD-WAN solution. He has more than 25 years of enterprise and service provider networking experience, and has been with Cisco for more than 19 years. David Prall, CCIE No. 6508 (R/S, SP, and Security), is a Communications Architect on the Enterprise Networks Technical Strategy Team for Cisco. He previously held system engineering positions supporting US federal agencies. Prall's primary focus is complex routing and switching, including design, deployment, and troubleshooting of large-scale networks. Anthony Lockhart, Technical Marketing Engineer at Cisco, has 15 years of experience with Cisco technologies, network infrastructure, architecture, and the design and implementation of datacenters and call centers. As POC Engineer at HCL America, he provided design and pre-sales engineering for Cisco WAAS products. Nir Ben-Dvora, Senior Technical Leader at Cisco, technically leads architecture for the Application Visibility and Control (AVC) solution for Cisco, collaborating with teams worldwide. He has 17 years of Cisco management and architecture experience.