La présentation est en train de télécharger. S'il vous plaît, attendez

La présentation est en train de télécharger. S'il vous plaît, attendez

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Réseau WAN vu de lentreprise Gilles Clugnac

Présentations similaires


Présentation au sujet: "© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Réseau WAN vu de lentreprise Gilles Clugnac"— Transcription de la présentation:

1 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Réseau WAN vu de lentreprise Gilles Clugnac

2 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 2 Quelles demandes pour un fournisseur dinfrastructure de communication? La quadrature du cercle ? Je veux pouvoir accéder à mon SI où et quand je le désire avec le terminal le plus adapté !! Flexibilité, Agilité Mon travail a évolué de la production vers les transactions et maintenant les interactions => Valeur ajoutée vers le client Plus de services pour moins cher => Contrôle des coûts, risques & complexité PROCESSES BUSINESS PROCESSES BUSINESS MANUFACTURING HR SALES FINANCE INFRASTRUCTURE TECHNOLOGIQUE CORE STORAGE SECURITY WIRELESS IPT APPLICATIONS ET SERVICES ERP E-SALES SUPPLY CHAIN

3 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 3 Convergence des réseaux

4 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 4 Changement de paradigme Exemple : Vidéosurveillance intégrée ID CREDENTIAL MANAGEMENT CCTV & DIGITAL VIDEO SURVEILLANCE DATA & NETWORK SECURITY VISITOR MANAGEMENT ACCESS CONTROL Major Segments of Security INTRUSION DETECTION FIRE ALARM

5 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 5 Temperature La vague suivante LInternet des ordinateurs IP Telephones Barcode Scanners PCs PDAs/Handhelds Objets connectés à travers les tags à travers les tags Informations connectées à travers les capteurs Informations connectées à travers les capteurs Products Livestock Tires Currency Pharmaceuticals Shipping containers Cartons Pallets Rations Weapons People Pets Medical Assets Video Cameras Location Intrusion Shock/movement Elevation Direction Pressure Light Chemicals Speed LInternet des objets

6 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 6 Computers Phones Mobile Assets Static Assets Controllers Smart Sensors Microprocessors and Microcontrollers Users 2005 Forecast, Million Units 500 1, ,000 Source: Harbor Research, Inc., Forrester Research, Inc., IBSG Réseaux Actuels Réseaux Etendus Les nouveaux systèmes seront connectés sur le réseau IP universel Le réseau va connecter des milliards dobjets !!

7 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 7 Un environnement IT complexe Infrastructure actuelle Disponibilité et conformité Operational Risk Management Continuité dactivités Agilité Business Service Oriented Architecture Intégration applicative Contrôle des coûts On-Demand, Utility Infrastructure Automatisation Consolidation Gestion de linformation Information Lifecycle Management SLAs applicatifs Application Awareness and Optimization Securité Conformité Virtualisation Croissance Agilité Disponibilité Performance Tiered Storage Content Delivery Data Classification

8 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 8 Approche modulaire Architectures de bout-en-bout Data Center AgenceCampus Télétravaill eur WAN/MAN ServeurStockageClients COUCHE DINFRASTRUCTURE EN RESEAU ExtranetInternet Site B Fondamentaux du réseau Règles darchitecture Architectures de référence par zone Interopérabilité forte entre les zones Continuité des Services Garantie des SLAs de bout-en-bout Solution Cisco Recommandations validées par zone Orientées déploiement de Services Architectures cohérentes et globales Campus Data Center Extranet Internet WAN/MAN Agence Télétravailleur Modules du réseau Networked Infrastructure Layer ServerStorageDevices Network Areas

9 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 9 CampusCampus AgenceAgence Data Center MAN/WANMAN/WAN TélétravailTélétravail COUCHE DINFRASTRUCTURE EN RESEAU Services de Virtualisation du réseau Consolidated Data Center RR 7301 L3 Switch with VRF- Lite 802.1Q VRF-Data VRF-Voice PE 7600 IGP between VRFs BGP between PEs MPLS MAN (L1/2 P-P or Ring) P P 7600 EoMPLS ORG- A Voice VRF-Data VRF-Voice ORG- A Data MPLS-BGP VPN (2547-bis) NG WAN Users LAN/ WAN Compute SAN Disk/ Tape RS Adaptable Campus RR 7301 L3 Switch with VRF- Lite 802.1Q VRF-Data VRF-Voice PE 7600 IGP between VRFs BGP between PEs MPLS MAN (L1/2 P-P or Ring) P P 7600 EoMPLS ORG-A Voice VRF-Data VRF-Voice ORG-A Data MPLS-BGP VPN (2547- bis) NG WAN WANWAN VPN opéré VPN déployé par lEntreprise VPN opéré VPN déployé par lEntreprise NG WAN Infrastructure Réseau WAN Evolution des architectures de bout-en-bout

10 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 10 HA QoS Multi- cast Sécurité Network Management/Provisioning Construire une infrastructure cohérente Lexemple de lIP Communications

11 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 11 Architectures WAN Pourquoi une Nouvelle Génération? HierAujourdhui Le WAN est un problème de transport Facteurs critiques Coût Disponibilité Débit Approche architecturale fragmentée Le WAN est un problème de généralisation de la fourniture de services Facteurs critiques: Coût/Disponibilité/Débit Sécurité Intégration de Services Approche architecturale intégrée Le WAN fait partie de larchitecture globale du réseau

12 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 12 Un Besoin de Segmentation Accès invité Internet access for customers, visitors, etc. Contrôle dAccès au Réseau Quarantine and/or isolation during remediation Accès partenaires Onsite partners, limited server/application access Séparation Groupes/Départments Closed User Groups for divisions/teams sharing common work locations (e.g. Financial Banking/Trading) Isolation des Applications/Systèmes Isolating critical applications or devices, such as IPC, factory robots, point-of-sale terminals, etc. Services Externalisés Participating in multiple client networks (e.g. India ITS model) Filiales / Fusions & Acquisitions Enabling staged network consolidation, while companies are being merged Entreprise Fournisseur de Services Réseaux (éventuellement source de revenus) Shared service locations (e.g. Munich Airport virtual gate access) Retail stores providing kiosk/on-location network access (e.g. Best Buy, Albertsons, etc.) Cisco Connected Real Estate (CCRE) (e.g. multi-tenant, strip malls, etc.) Dynamique forte de création de projets Closed User Groups between multiple companies during joint-ventures/collaborations Lisolation des groupes est le principal besoin. Les attaques, virus, vers sont plus facilement confinés. Ils ne se progagent pas partout Lisolation des groupes est le principal besoin. Les attaques, virus, vers sont plus facilement confinés. Ils ne se progagent pas partout

13 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 13 ACHETER UN SERVICE L3, IP VPN ACHETER un Service L1 ou L2 VPN Ratio is moving to 64% Mgd-VPN / 36% Enjeux du WAN ACHETER un service VPN ou CONSTRUIRE son réseau VPN?

14 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 14 Enjeux de lagence Amener les Services aux utilisateurs Information disponible dans tous les sites de lentreprise Besoin de performances dans le DataCenter comme pour lutilisateur Fiabilité de tout le système dinformation Architecture et Services réseaux transparents pour lutilisateur Les sites distants ou de télétravail ont des besoins au- delà de la simple connexion !

15 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 15 Backup NAS Application Servers Siège Consolidation des Ressources Optimisation de laccès Agence IP Network Tape Drives And Libraries Disk Arrays Client Workstations Printer Consolidation Engine 20% des utilisateurs80% des utilisateurs Au global : Concentration des serveurs + utilisateurs distants

16 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 16 SiègeAgenceOpérateurs Campus/ Data Center Internet (ISP, Broadband, etc.) IP VPN WAN principalement fourni (IP, MPLS VPN, IPSEC) par un opérateur de connectivité [driver principal : le coût; services: IP, VPN (+ QoS)] Services dentreprises fournis par un intégrateur ou un opérateur à valeur ajouté [driver principal: le contrat de services; services: VPN chiffré, QoS, sécurité, IP Com, mobilité, optimisation applicative] Délégation de Services via Role Based Access Control Combien de routeurs ?

17 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 17 SiègeAgenceOpérateurs Campus/ Data Center Internet (ISP, Broadband, etc.) IP VPN HSRP GLBP WAN principalement fourni (IP, MPLS VPN, IPSEC) par un opérateur de connectivité [driver principal : le coût; services: IP, VPN (+ QoS)] Services dentreprises fournis par un intégrateur ou un opérateur à valeur ajouté [driver principal: le contrat de services; services: VPN chiffré, QoS, sécurité, IP Com, mobilité, optimisation applicative] Délégation de Services via Role Based Access Control Combien de routeurs ?

18 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 18 VPN OPERE

19 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 19 MPLSCore VPN A VPN B VPN C VPN A VPN B VPN C Core label VPN label IP data VPN label IP data VPN label IP data IP data IP data MP-iBGP or LDP MP-iBGP or LDP MPLS – Virtualisation Une hiérarchie de labels

20 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 20 MPLS PSTN ISDN Branch Home Travel ADSL/Cable Branch Home INTERNET Shared Services Regional Site LL Frame-Relay ATM Remote Sites INTERNET Branch Home Travel IPSec Central Site TDM MUX (Fiber / WDM / POS / Ethernet / ATM / FR / PPP, Tunnel) L3 VPN – MPLS-VPN Même service sur tous types de liens

21 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 21 Site Central Sites Distants Sites Regionaux End-to-End SLA mesurement MPLS IP-VPN L2 VPN QoS Domaine DiffServ Hiérarchique / Ajout de TE pour le core QoS de bout en bout QoS niveau Application Modèle Par Classe Service Level Agreement Transparence QoS L3 VPN – MPLS-VPN Qos de bout en bout

22 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 22 50% 75% 100% 25% 100% 75% 50% 25% 0% BusinessClassicStandardExecutiveFirst Port % Best-Effort Data-LAN2LAN Data-Interactive Real-Time # CoS 50% 75% 50% RELATIVE PORT PRICE Evolution vers 5 ou 6 Classes de Service PE-CE L3 VPN – Exemple Typique de QoS 5 profiles et 4 Cos

23 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 23 L3 VPN – Carrier Supporting Carrier Internet MPLS IP VPN mpls Customer VRF Sub-VPNsSub-VPNs Customer routing SP offre uniquement une VRF au client entreprise Utilisation de labels entre le PE et CE (et non pas IP) Le client utilise le backbone MPLS de lopérateur pour construire son propre service MPLS VPN

24 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 24 L3 VPN – Multi-VRF CE (VRF-lite) VRF : Création de plusieurs tables de routage et commutation séparées Tables de routage séparées Tables de forwarding séparées (FIB) Association des interfaces (physiques ou logiques) dans les VRFs Aujourdhui, une solution assez classique Demande plusieurs VRF sur le PE – Dépendance forte envers le SP Exige plusieurs liens physiques ou logiques entre le PE et le CE – xDSL ? (utilisation possible de tunnels GRE CE-PE) 802.1q GRE VRF

25 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 25 Multi-VRF CE Extension de la fonctionnalité VPN dans le CPE et dans le campus pour continuer à fournir une segmentation sans avoir à mettre en place les fonctionnalités dun PE complet Partners Contractors Resources Guests/NAC Quarantine SP IP VPN PE2 PE1 PE3 Multi-VRF CE1 Multi-VRF CE2 Multi-VRF CE3 Site 1 Site 2 Site 3 Séparation Logique dans le campus via des VLANs ou même VRF sur les Catalyst Séparation logique de niveau 3 à lintérieur du CE au travers de la fonction Multi-VRF Le SP fournit plusieurs VPNs pour la même entreprise L3 VPN – Multi-VRF (VRF-Lite)

26 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 26 L2 VPNs Le modèle de référence Pseudo Wire Ethernet 802.1Q (VLAN) ATM VC or VP HDLC PPP Frame Relay VC Les types de service Point à Point: PWES EMULATED SERVICE PWES PSN Tunnel PWES Site A2 Site A1 Site B1 Site B2 PE Pseudo Wires Pseudo Wire (PW) Pseudo Wire End-Services (PWESs) Un Pseudo Wire (PW) est une connexion entre deux PE permettant de connecter deux Pseudo Wire End-Services (PWESs)

27 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 27 L2 VPNs AToM vs VPLS Central Site L2VPN Remote Sites L2 Full mesh Point-to-Multipoint Virtual Private LAN Service VPLS Service Multipoint Access Ethernet vers le SP Le backbone SP émule un bridge LAN (réseau commuté à plat) Evolutivité ? Traitement des flux Multicast Central Site L2VPN Remote Sites L2 Hub and Spoke Point-to-Point Any Transport over MPLS AToM Service Point à point Hub and Spoke au travers de plusieurs circuits P2P circuits depuis le site central Support interworking pour des circuits de type différents Idéal pour Remplacement du WAN traditionnel (Modèle Frame Relay) Liaison dédiée P2P dans le MAN

28 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 28 VPN DEPLOYE PAR LENTREPRISE

29 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 29 L2VPN – Interconnexion de DataCenters Utilisation de EoMPLS pseudowire-class eompls encapsulation mpls interface GigabitEthernet1/4.601 encapsulation dot1Q 601 xconnect pw-class eompls 7600-LC-PE2#sh mpls l2transport vc det Local interface: Gi1/4.601 up, line protocol up, Eth VLAN 601 up Destination address: , VC ID: 601, VC status: up Tunnel label: 103, next hop Output interface: Gi1/3, imposed label stack {103 89} Create time: 1w3d, last status change time: 1d02h Signaling protocol: LDP, peer :0 up MPLS VC labels: local 49, remote 89 Group ID: local 0, remote 0 MTU: local 9000, remote 9000 Remote interface description: Sequencing: receive disabled, send disabled PE2PE1 Red-6500 CE2CE Payload VC Label Tunnel Label Data Center 1 Data Center 2 MPLS Network Jumbo frame support: Ensure all interfaces have it enabled in the forwarding path Loop

30 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 30 VRF LDP iBGPVPNv4 Label Exchange iBGPVPNv4 PE CE PE-CE Routing Protocol Service de L3 VPN MPLS-VPN par lentreprise elle-même

31 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 31 IPSec VPN dans le WAN Enterprise Applications Clients Encryption sur les liens WAN traditionnels (par exemple FR, ATM, LL) Conformité aux nouvelles législations : HIPAA, Sarbanes-Oxley (S- Ox), Basel Agreement (Europe), etc. Migration dun WAN traditionnel vers un service bas-coût (exemple Internet, broadband) Utilisation dun service Internet comme WAN secondaire, comme backup ou comme lien pour le trafic non critique et bande passante importante Extension des services de sites vers les télétravailleurs Pourquoi utiliser un VPN IPSec ?

32 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 32 Utilisation dun IP-VPN Opérateur Architecture Typique Internet SP IP VPN eBGP eBGP HSRPOriBGP

33 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 33 Internet IP VPN eBGP mptp 1.Backup avec les fonctionnalités de lIGP rapidité, réglable avec les backoff timers 2.Routage site isolé du SP 3.Support des flux multicast mGRE avec NHRP (RFC2332) Utilisation de Tunnels sur IP-VPNs Multi-point GRE

34 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 34 Internet IP VPN eBGP mptp DMVPN sur MPLS-VPN Utilisation de Tunnels sur IP-VPNs Multi-point GRE + IPSEC 1.Backup avec les fonctionnalités de lIGP rapidité, réglable avec les backoff timers 2.Routage site isolé du SP 3.Support des flux multicast 4.Les flux sont encryptés 5.Les PKI sont gérées par lentreprise

35 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 35 Synthèse Opéré versus Déployé par lEntreprise VPN OPERE Stratégie doutsourcing (CPE/Routage/QoS managés) Pas de MPLS demandé sur le CE Bien adapté pour un petit nombre de VRFs Possibilité de garder la main sur quelques services, mais assez peu Mais Mais Augmentation dépendance envers le SP Lajout dun VPN se traduit par la création dune sous-interface sur tous les sites concernés Le coût peut devenir prohibitif en fonction du nombre de VRF et de sites VPN DEPLOYE PAR ENTREPRISE Stratégie dinsourcing Services de Segmentation IP Accroissment de la Sécurité (Closed Users Groups) Isolation/réduction des vers Construction dun réseau de type SP à destination de clients internes à lentreprise Facilité dintégration des nouvelles entités ou des partenaires Consolidation datacenter Virtualisation accès Front-end Centralisation services réseaux extension VLAN via MAN/WAN

36 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 36 Qualité de service

37 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 37 Multiservice IP Applications Bandwidth in 10Kbps Rare Loss Latency < 150ms Jitter < 30ms VoIP ERP Multimedia VPN Web/URL Non-Uniform Network Traffic Demands QoS Bursty Bandwidth Resilient to Loss No Latency control Do not care of Jitter Bandwidth in Mbps Rare Loss Latency < 300ms Jitter < 300ms Latency in S Jitter in S Bandwidth in 10Kbps TCP Controlled Loss Latency < 300ms No Jitter sensitivity

38 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 38 Collection of technologies which allows applications/users to request and receive predictable service levels in terms of data throughput capacity (bandwidth), latency variations (jitter) and delay So, What Is Quality of Service?

39 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 39 QoS Factors Delay(Latency)Delay-Variation(Jitter)PacketLoss

40 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 40 Avoid the Human Ethernet Time (msec) CB Zone Satellite Quality Fax Relay, Broadcast High Quality Delay Target ITUs G.114 Recommendation: 150msec One-Way Delay Effects of Latency on Voice Hello?

41 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 41 Elements That Affect Latency and Jitter Campus Branch Office SRST router IP WAN PSTN G.729A: 25 ms CODEC Variable Serialization Fixed (6.3 s / Km) + Network Delay (Variable) (6.3 s / Km) + Network Delay (Variable) Propagation & Network ms Jitter Buffer End-to-End Delay (Must be 150 ms) Variable Queuing

42 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 42 Router Latency Router Latency: less than 100 usec for Cisco 7500 (64-byte packets, varies with packet sizes) Insertion Delay Insertion Delay (a.k.a. Serialization Delay) Example with 250-byte packet: 16 msec on 256 Kbps link 1 msec on 2 Mbps link 0,2 msec on 10 Mbps link 0,02 msec on 100Mbps link Queuing Delay Queuing Delay = queue depth x insertion delay Example: Queue-length = 40 at 256Kbps = 640ms delay Queue-length = 40 at 2 Mbps = 80ms delay Effect of RTT with 16k window 500µs 270 Mbps 12ms 10 Mbps 120ms 1 Mbps Delay and Latency

43 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 43 Voice 1 Voice 1 Voice 2 Voice 2 Voice 3 Voice 3 Voice 4 Voice 4 Packet Loss Limitations Cisco DSP Codecs can use predictor algorithms to compensate for a single lost packet in a row two lost packets in a row will cause an audible clip in the conversation Voice 1 Voice 1 Voice 2 Voice 2 Voice 3 Voice 3 Voice 4 Voice 4 Voice 3 Voice 3 Voice 3 Voice 3 Reconstructed Voice Sample

44 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 44 Latency 150 ms Jitter 30 ms Loss 1% kbps guaranteed priority bandwidth per call 150 bps (+ layer 2 overhead) guaranteed bandwidth for Voice-Control traffic per call QoS Requirements for Voice Smooth Benign Drop Sensitive Delay Sensitive UDP Priority Voice One-way requirements

45 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 45 QoS Requirements for Video-Conferencing Latency 150 ms Jitter 30 ms Loss 1% Minimum priority bandwidth guarantee required is: Video-Stream + 20% e.g. a 384 kbps stream would require 460 kbps of priority bandwidth BurstyGreedy Drop Sensitive Delay Sensitive UDP Priority Video One-way requirements

46 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 46 QoS Requirements for Data Smooth/BurstyBenign/Greedy Drop Insensitive Delay Insensitive TCP Retransmits Data Different applications have different traffic characteristics Different versions of the same application can have different traffic characteristics Classify Data into relative-priority model with no more than four classes: Gold: Mission-Critical Apps (ERP Apps, Transactions) Silver: Guaranteed-Bandwidth (Intranet, Messaging) Bronze: Best-Effort ( , Internet) Less-Than-Best-Effort: Scavenger (FTP, Backups, Napster/Kazaa)

47 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 47 No state Per-flow state IntServ / DiffServ Models 2. Per application flow reservation 1. The original IP service state Best Effort IntServ/ RSVP DiffServ 5. Per Class of Service Bandwidth Reservation SLA

48 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 48 Differentiated Services Share ressources via Classes of Services Gold Bronze Silver Guaranted service, (AF=RFC 2597) Guaranted bandwidth low level of drop Best effort Minimum bandwidth guaranted High level of Overbooking Premium IP, (AF=RFC 2597) Guaranted bandwidth Legacy (SNA, …) , Web E-Commerce, E-business (ERP, SCM,...) Platinium Voice (ToIP / Video) Real time queue (EF=RFC 3246) Streaming Guaranted service, (AF=RFC 2597) Minimum / Maximum controled Video distribution Architecture RFC 2474, 2475 DSCPCU DS field DS field RFC 2474

49 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 49 Classification Shaping Access queueing Core Queueing Policing VoIP Bus Best- Effort VoIP Bus Best- Effort VoIP Bus Best- Effort VoIP Bus Best- Effort Diffserv Architecture: RFC2475

50 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 50 Design Approach to Enabling QoS Campus Branch Office IP WAN PSTN Classification: Mark the packets with a specific priority denoting a Classification: Mark the packets with a specific priority denoting a requirement for class of service from the network requirement for class of service from the network Trust Boundary: Define and enforce a trust boundary at the network edge Trust Boundary: Define and enforce a trust boundary at the network edge Provisioning: Accurately calculate the required bandwidth Provisioning: Accurately calculate the required bandwidth for all applications plus element overhead for all applications plus element overhead Scheduling: Assign packets to one of multiple queues (based on classification) for expedited treatment throughout the classification) for expedited treatment throughout the network; use congestion avoidance for data network; use congestion avoidance for data

51 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 51 QoS Tools Mapped To Design Requirements Campus Branch Office SRST router IP WAN PSTN Multiple Queues Multiple Queues 802.1Q/p 802.1Q/p DSCP DSCP CampusDistribution LLQ LLQ CBWFQ CBWFQ WRED WRED LFI/FRF.12 LFI/FRF.12 cRTP cRTP FRTS, dTS FRTS, dTS DSCP DSCP WANAggregator LLQ LLQ CBWFQ CBWFQ WRED WRED LFI/FRF.12 LFI/FRF.12 cRTP cRTP FRTS FRTS 802.1Q/p 802.1Q/p DSCP DSCP NBAR NBAR Branch Router Inline Power Inline Power Multiple Queues Multiple Queues 802.1Q/p 802.1Q/p Branch Switch BandwidthProvisioning Inline Power Inline Power Multiple Queues Multiple Queues 802.1Q/p 802.1Q/p DSCP DSCP Fast link convergence Fast link convergence Campus Access

52 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 52 QoS Toolset Classification Policing / Shaping Scheduling / Queueing Congestion Avoidance

53 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 53 Classification Tools: Ethernet 802.1Q Class of Service TAG 4 bytes Three Bits Used for CoS (802.1p User Priority)DataFCSPTSADASFDPream.Type 802.1Q/p Header PRI VLAN ID CFI Ethernet Frame 802.1p User Priority field also called Class of Service (CoS) Different types of traffic are assigned different CoS values CoS 6 and 7 are reserved for network use Best Effort Data Medium Priority Data High Priority Data Call Signaling Video Conferencing Voice Bearer Reserved ReservedCoSApplication

54 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID Classification Tools: IPv4 IP Precedence and DiffServ Code Points IDOffsetTTLProtoFCSIP SAIP DADataLen Version Length ToS Byte DiffServ Code Point (DSCP) Flow Ctrl IPv4 Packet IP Precedence Unused Standard IPv4 DiffServ Extensions IPv4: Three Most Significant Bits of ToS byte are called IP Precedence (IPP)other bits unused DiffServ: Six Most Significant Bits of ToS byte are called DiffServ Code Point (DSCP)remaining two bits used for flow control DSCP is backward-compatible with IP Precedence

55 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 55 Classification Tools: QoS Classification Summary Best Effort Data Medium Priority Data High Priority Data Call Signaling Video Conferencing Voice Bearer Reserved ReservedApplication Less-than-Best-Effort Data 10,14,16 18,20, AF1y AF2y AF31 AF41 EF - - BE IPPPHBDSCP L3 Classification 2,4,6-0 CoS L20 MPLS EV L20

56 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 56 Classification Tools: Network-Based Application Recognition DATA Frame MAC/CoS DE/CLP/MPLS EV IP Packet ToS/ DSCP Source IP Dest IP TCP/UDP Segment Src Port Dst Port Data Payload NBAR PDLM citrix http nntp ssh cuseeme custom exchange fasttrack ftp gnutella imap irc kerberos ldap napster netshow notes novadigm pcanywhere pop3 realaudio rcmd smtp snmp socks sqlserver sqlnet sunrpc streamwork syslog telnet Secure-telnet tftp vdolive xwindows

57 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 57 Classification Tools: Trust Boundaries A device is trusted if it correctly classifies packets For scalability, classification should be done as close to the edge as possible The outermost trusted devices represent the trust boundary 1 and 2 are optimal, 3 is acceptable (if access switch cannot perform classification) Endpoints AccessDistribution Core WAN Agg. Trust Boundary

58 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 58 Classification Tools: Connecting the IP Phone Auxiliary VLAN = 110 PC VLAN = 10 (PVID) Desktop PC IP Phone Q Trunk with 802.1p Layer 2 CoS Native VLAN (PVID); No Configuration Changes Needed on PC Catalyst 6000

59 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 59 Classification Tools: Extended Trust.. A new concept of assigning trust to a device not directly connected to the switch port… Allows intermediate trusted device to modify priority assigned by downstream device Trusted DeviceUn-Trusted Device Trust Boundary Feature will allow specification (via CDP) of the priority of downstream (un-trusted) device by the trusted device Data

60 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 60 Classification Tools: PC CoS Settings Are Not Trusted CoS=5 CoS=0

61 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 61 Policers and Shapers Policers Policers typically drop traffic (NO buffering, TCP retransmit), bi-directionnal Shapers Shapers typically delay excess traffic, smoothing bursts and preventing unnecessary drops LineRate ShapedRate Traffic shaping limits the transmit rate to a value lower than line rate without Traffic Shaping with Traffic Shaping

62 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 62 Traffic Shaping and Policing Mechanisms Shaping mechanisms: Class-based shaping Frame Relay traffic shaping (FRTS) Generic traffic shaping (GTS) Policing mechanisms: Two rate policer Class-based policing Committed access rate (CAR)

63 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 63 RFC 2697: Single Rate Policer overflow Bc = Burst Commited Bc = CIR * Tc (Be = Burst Excess)

64 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID Scheduling Tools: Queuing Algorithms congestion can occur at any point in the network where there are speed mismatches Low-Latency Queuing (LLQ) used for highest-priority traffic (voice/video) Class-Based Weighted-Fair Queuing (CBWFQ) used for guaranteeing bandwidth to data applications Voice Video Data

65 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 65 Hardware Queue (TxQ) Hardware Queue (TxQ) Software Queuing System Software Queuing System Output Interface Forwarder Any supported queuing mechanism Always FIFO Output Interface Queue Structure Each interface has its hardware and software queuing system. The hardware queuing system (transmit queue, or TxQ) always uses FIFO queuing. The software queuing system can be selected and configured depending on the platform and Cisco IOS version.

66 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 66 Best Effort Transmit Queue... DSCP TOS ACL 20% 30% Strict Priority (15%) LLQ CB- WFQ FB- WFQ WRED threshold. per classes or. overall Multiple LLQ class max bandwidth shaping Expedite Business Normal Class-Based Queueing

67 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 67 Scheduling Tools: Congestion Avoidance Algorithms TAIL DROP 3 33 WRED Queue Queueing algorithms manage the front of the queue i.e. which packets get transmitted first Congestion Avoidance algorithms, like Weighted-Random Early-Detect (WRED), manage the tail of the queue i.e. which packets get dropped first when queueing buffers fill WRED can operate in a DiffServ compliant mode which will drop packets according to their DSCP markings WRED works best with TCP-based applications, like Data

68 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 68 Provisioning Tools: Link-Fragmentation and Interleaving serialization delay is the finite amount of time required to put frames on a wire for links 768 kbps serialization delay is a major factor affecting latency and jitter for such slow links, large data packets need to be fragmented and interleaved with smaller, more urgent voice packets Voice DATA Serialization can cause excessive delay With fragmentation and interleaving serialization delay is minimized

69 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 69 LFI Fragment Information Fragment Size Recommendations LFI Fragment Information 56kbps 64kbps 128kbps 256kbps 512kbps 64 Bytes 9ms 8ms 4ms 2ms 1ms 18ms 128 Bytes 16ms 8ms 4ms 2ms 36ms 256 Bytes 32ms 16ms 8ms 4ms 72ms 512 Bytes 64ms 32ms 16ms 8ms 144ms 1024 Bytes 128ms 64ms 32ms 16ms 1500 Bytes 46ms 214ms 187ms 93ms 23ms Serialization Delay Matrix 768kbps 640usec 1.2ms 2.6ms 5ms 10ms 15ms 56 kbps 70 Bytes Frag Size 64 kbps 80 Bytes 128 kbps 160 Bytes 256 kbps 512 kbps 768 kbps 1536 kbs 320 Bytes 640 Bytes 1000 Bytes 2000 Bytes Link Speed Fragmentation Size Matrix (based on 10msec delay) Fragmentation Size Matrix (based on 10msec delay) X

70 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 70 Provisioning for Voice: VoIP Bandwidth Reference Tables CODEC Sampling Rate Voice Payload in Bytes Voice Payload in Bytes Packets per Second Packets per Second Bandwidth per Conversion Bandwidth per Conversion G msec kbps G.711 G.729A 30 msec 20 msec 30 msec kbps 24 kbps 19 kbps CODEC 801.Q Ethernet + 32 L2 Bytes 801.Q Ethernet + 32 L2 Bytes MLP + 13 L2 Bytes MLP + 13 L2 Bytes Frame-Relay + 8 L2 Bytes Frame-Relay + 8 L2 Bytes ATM + Variable L2 Bytes (Cell Padding) ATM + Variable L2 Bytes (Cell Padding) G.711 at 50 pps 93 kbps 86 kbps 84 kbps 106 kbps 78 kbps 77 kbps 30 kbps 28 kbps G.711 at 33 pps G.729A at 50 pps G.729A at 33 pps 83 kbps 37 kbps 27 kbps 22 kbps 21 kbps 84 kbps 43 kbps 28 kbps A more accurate method for provisioning is to include the Layer 2 Overhead into the bandwidth calculations:

71 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 71 IP WAN Router/ Gateway Call Manager Provisioning for Voice: Call Admission Control (CAC): Why Is It Needed? PSTN Circuit-SwitchedNetworksPacket-SwitchedNetworks PBX Physical Trunks STOP IP WAN Link IP WAN link provisioned for 2 VoIP calls (equivalent to 2 virtual trunks) 3 rd call rejected No physical limitation on IP links If 3 rd call accepted, voice quality of all calls degrades No physical limitation on IP links If 3 rd call accepted, voice quality of all calls degrades CAC limits # of VoIP calls on each WAN link

72 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 72 Link Capacity WAN Scheduling Design Principles LLQ (Voice) + LLQ (Video) 33% of Link Capacity LLQ (Voice) + LLQ (Video) 33% of Link Capacity LLQ (Voice) + LLQ (Video) + CBWFQ (All Data) 75% of Link LLQ (Voice) + LLQ (Video) 33% of Link Capacity LLQ (Voice) + LLQ (Video) 33% of Link Capacity LLQ (Voice) + LLQ (Video) + CBWFQ (All Data) 75% of Link 75% of Link Capacity Voice Reserved Video Voice/Video Control Data Routing + L2 Overhead 33% of Link

73 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 73 Management Tools QoS is efficiently scaled with a centralized management server QoS deployment is best followed by ongoing monitoring to ensure that targeted service-levels are being provided QoS policies need periodic tuning to adjust to changing business needs

74 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 74 show policy WAN-AGG-7200#show policy Policy Map WAN-EDGE Class VOICE Weighted Fair Queueing Strict Priority Bandwidth 17 (%) Class VIDEO Weighted Fair Queueing Strict Priority Bandwidth 16 (%) Burst (Bytes) Class VOICE-CONTROL Weighted Fair Queueing Bandwidth 2 (%) Max Threshold 64 (packets) Class GOLD-DATA Weighted Fair Queueing Bandwidth 25 (%) exponential weight 9 dscp min-threshold max-threshold mark-probablity … af /10 af /10 af /10 …

75 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 75 show policy interface WAN-AGG-7200#show policy interface multilink 1 Multilink1 Service-policy output: WAN-EDGE Class-map: VOICE (match-all) packets, bytes 30 second offered rate bps, drop rate 0 bps Match: ip dscp 46 Weighted Fair Queueing Strict Priority Output Queue: Conversation 264 Bandwidth 17 (%) Bandwidth 522 (kbps) Burst (Bytes) (pkts matched/bytes matched) / (total drops/bytes drops) 0/0 Class-map: VIDEO (match-all) packets, bytes 30 second offered rate bps, drop rate 0 bps Match: ip dscp 34 Weighted Fair Queueing Strict Priority Output Queue: Conversation 264 Bandwidth 16 (%) Bandwidth 491 (kbps) Burst (Bytes) (pkts matched/bytes matched) 64538/ (total drops/bytes drops) 0/0

76 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 76 show policy interface (continued) – Gold Data Class-map: GOLD-DATA (match-any) packets, bytes 30 second offered rate bps, drop rate bps Match: ip dscp packets, bytes 30 second rate bps Match: ip dscp packets, bytes 30 second rate bps Match: ip dscp packets, bytes 30 second rate bps Weighted Fair Queueing Output Queue: Conversation 266 Bandwidth 25 (%) Bandwidth 768 (kbps) (pkts matched/bytes matched) 93816/ (depth/total drops/no-buffer drops) 29/2327/0 deep queues + drops exponential weight: 9 mean queue depth: 28 dscp Transmitted Random drop Tail drop Minimum Maximum Mark pkts/bytes pkts/bytes pkts/bytes thresh thresh prob … af / / / /10 af / / / /10 af / / / /10

77 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 77 Un élément CLE : Ladministration du réseau Objectifs Objectifs 1.Faciliter la configuration des équipements –Management embarqué –Déploiement à grande échelle 2.Gérer les SLA 3.Apporter la visibilité : instrumentation NBAR, Netflow Moyens Moyens 1.Linstrumentation : – SLA : IOS IPSLA, CBQOS, CorviL –Visibilité : NBAR, Netflow, RMON2 et extensions 2.Les outils intégrés 3.Plateformes logicielles

78 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 78 Configuration graphique de lensemble de la gamme ISR Wizards et outils de management et configuration de: Interfaces LAN/WAN/VLAN VPN: Easy VPN, DMVPN Firewall, IPS Routage QoS, NBAR NAC Connexion sécurisée SSH Fonction auto-secure One Touch Router Lock- down, Auto Secure Security Device Manager (SDM) Management embarqué

79 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 79 Déploiement à grande échelle Agents CNS et CNS configuration Engine Cisco Configuration Engine Cisco Configuration Engine Solution de configuration et provisionning réseau supportant jusquà 5000 CPE Cisco par appliance. Communications sécurisées entre les agents CNS embarqués dans lIOS des devices et le Configuration Engine. Distribution des upgrades ou de modifications sur un parc de routeurs Cisco ISR quelque soit la technologie daccès. Application embarquée (GUI web) Technologie flexible pour génération de template de configuration (Velocity template) Interface de programmation XML-SOAP et Java/C++ based

80 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 80 Configuration Engine SP/Enterprise Core ISR ISR expédié avec un bootstrap générique soit du manufacturing Cisco (Cisco Configuration Express) soit du distributeur. Les techniciens connectent les cables et mettent sous tension. Avec la configuration de bootstrap ISR se synchronise pour obtenir la connectivité L1 L2 ISR récupère une adresse IP (aggregator) ISR contacte le Cisco Configuration Engine Identification unique Requête de configuration sur lien encryptés SSL ISR notifie le Cisco Configuration Engine du résultat du déploiement les services clients peuvent maintenant être provisionnés Zero Touch Deployment

81 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 81 Métriques Disponibilité Mean Time to diagnose (MTD) Mean Time To Repair (MTTR) Mean Time Between Failure (MTBF) Performance des services différenciés Bande passante Latence Perte de paquets Variation de latence(Gigue) MOS Gestion des SLAs Enterprise and Small/Medium Business Service Providers Understand Network Performance and Ease Deployment Verify Service Levels Verify Outsourced SLAs Measure and Provide SLAs Process de prise en compte des anomalies Engagements de retour à la normale Pénalités

82 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 82 Observée Synthétique Méthode déchantillonnage Agent embarqué Sondes Externes Méthode de collecte Utilisateur Réseau Perspective des mesures Stratégie de mesure de performances

83 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 83 Technologies de mesures Cisco IPSLAs MEASURES: Latency and Jitter Between Source Router and Specified Target Sampling:Active Collection:Embedded Scope:Link/End-to-End Perspective:User/Network NBAR/NAM/CBQOS/CORVIL MEASURES: Response Time of Live Application Traffic to Server Device, QoS Sampling:Passive Collection:External Probe/Embedded Scope:Link/End-to-End Perspective:User/Network SNMP MIBs and Embedded Event Management MEASURES: CPU/Memory Utilization, Availability, QoS Sampling:Passive Collection:Embedded Scope:Device/Link Perspective:User/Network Cisco CallManager MEASURES: Voice Calls, Voice Quality, Cisco CallManager Performance Sampling:Passive Collection:Embedded Scope:Link/End-to-End Perspective:User/Network NetFlow MEASURES: Device Interface Traffic Rate by S/D IP Address, Port Number or AS Sampling:Passive Collection:Embedded Scope:Link/End-to-End Perspective:Network

84 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 84 Latency Network Jitter Dist. of Stats Connectivity Packet Loss FTPDNSDHCPTCPJitterICMPUDPDLSWHTTP Network Performance Monitoring Service Level Agreement(SLA)MonitoringNetworkAssessment Multiprotocol Label Switching (MPLS) MonitoringVoIPMonitoring Availability Trouble Shooting Operations Measurement Metrics Applications IP Server MIB Data Active Generated Traffic to measure the network Destination Source Defined Packet Size, Spacing COS and Protocol IP Server Responder LDPH.323SIPRTP IP SLAs Cisco IOS Software IP SLAs Cisco IOS Software IP SLAs Cisco IOS Software Mesures multi-protocolaires avec Cisco IOS IP SLA RadiusVideo

85 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 85 IP Host Fonctionnement IP SLA Management Application Trigger Other Operations Based on Thresholds/Timeouts Trigger Other Operations Based on Thresholds/Timeouts IP SLAs Measure Measure Performance IP SLAs Responder Target Source 1.Configure source router 2.If needed, configure responder 3.Schedule operations 4.If needed, set thresholds 5.Measure Network 6.Poll SNMP or CLI for measurement results

86 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 86 Cisco IOS IP SLAs Operation et Responder Round-Trip Delay (without Responder) TS5 - TS1 – T Proc(Source) Round-Trip Delay (with Responder) (TS5 – TS1) – T Proc(Source) – T Proc(Target) One-Way Delay (with Responder) TS2 – TS1 IP SLAs Source IP SLAs Target Network Time TS1 TS3 TS2 TS4 TS5 Locally an IP SLAs packet will perceive the same scheduling latency as any packet from its class Source Processing Time (T Proc =TS5-TS4) Target Processing Time (T Proc = TS3-TS2)

87 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 87 Exemple : Opération UDP Jitter IP SLAs IP Core Responder Sends train of packets with constant Interval Receives train of packets at interval impacted by the network Add a receive time stamp and calculate delta (the processing time) Responder replies to packets (does not generate its own) Per-direction inter-packet delay (Jitter) Per-direction packet loss Average Round Trip Delay

88 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 88 Exemple : Opération UDP Jitter IP SLAs RTx = receive tstamp for packet x. Send Packets ST2 P2 ST1 P1P2 i1 RT2 RT1 Receive packets P2 P1 i2 RT1+d1RT2+d2 Reply to packets P2 P1 i2 AT1AT2 Reflected packets P2 P1 i3 Responder dx = processing time spent between packet arrival and treatment. IP Core STx = sent tstamp for packet x. Each packet contains STx, RTx, ATx, and dx The source can now calculate: JitterSD = (RT2-RT1)-(ST2-ST1) = i2-i1 JitterDS = (AT2-AT1)-((RT2+d2)-(RT1+d1)) = i3-i2 ATx = receive tstamp for packet x.

89 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 89 MIB Class-Based QoS (CBQoSMIB) La MIB CBQoS permet de connaitre les statistiques des services différenciés (par classe de service) : -Trafic Avant application de la QoS -Trafic Après application de la QoS Visualisation de la bonne configuration et de lefficacité de la QoS..Lexploitation de la MIB CBQOs est indispensable dans le cas de déploiement de QoS pour accueillir de la téléphonie sur IP et/ou des applications métier critiques. Dans chaque classe de service la bande passante peut être estimée automatiquement en fonction dun SLA (latence, perte de paquets).

90 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 90 Class Map Stats Table CMPrePolicyPkt CMPrePolicyByte Bronze Silver Gold Bronze Silver Gold CMPostPolicyPktCMDropPkt CMDropByte CMNoBufDropPkt Drop=Pre- Post Bronze Silver After QOS Policies have been applied Before QOS

91 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 91 Netflow – Fonctionnement Data exportées Cache NetFlow 7 identifiers Other data Flow identifiers Flow data Flow identifiers Flow data Flow data update Flow identifiers Flow data 7 critères autres data Adresse IP Source Adresse IP Destination port Source port Destination Protocole L3 TOS byte Ifindex interface dentrée

92 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 92 Principales utilisations Service ProviderEnterprise Peering arrangements Internet access monitoring (protocol distribution, where traffic is going/coming) Network planningUser monitoring Traffic engineeringApplication monitoring Accounting and billingCharge back billing for departments Security monitoring

93 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 93 NetFlow Cache : exemple 1.Create and update flows in NetFlow cache SrclfSrclPaddDstlfDstlPaddProtocolTOSFlgsPkts Src Port Src Msk Src AS Dst Port Dst Msk Dst AS NextHop Bytes/ Pkt ActiveIdle Fa1/ Fa0/ A2/24500A2/ Fa1/ Fa0/ / / Fa1/ Fa0/ A1/ A1/ Fa1/ Fa0/ / / Inactive timer expired (15 sec is default) Active timer expired (30 min (1800 sec) is default) NetFlow cache is full (oldest flows are expired) RST or FIN TCP flag 2.Expiration SrclfSrclPaddDstlfDstlPaddProtocolTOSFlgsPkts Src Port Src Msk Src AS Dst Port Dst Msk Dst AS NextHop Bytes/ Pkt ActiveIdle Fa1/ Fa0/ A2/24500A2/ Aggregation 4.Export version 5.Transport protocol ie: Protocol-port aggregation scheme becomes Aggregated flowsexport Version8 or 9 Export packet Payload (flows) Non-aggregated flowsexport Version5 or 9 Yes No ProtocolPktsSrcPortDstPortBytes/Pkt A Heade r 30 Flows per 1500 byte export packet

94 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 94 NetFlow – Infrastructure Router/Switch: Cache creation Data export Aggregation Cisco Collector: Collection Filtering Aggregation Storage Cisco and Partners RMON/NAM Applications: Accounting Billing Network Planning Data processing Data presentation Partners RMON Application

95 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 95 Découverte des protocoles Network-Based Application Recognition (NBAR) Analyse des data L3 à L7 Utilisation dans la classification Stateful inspection pour les trafics avec ports dynamiques PDLM (Packet Description Language Modules) pour définition des applications Critères de reconnaissances configurables pour identifier les applications basées TCP ou UDP MIB NBAR- PROTOCOL DISCOVERY: bit/s,bytes, paquets Voice Traffic Data Traffic P2P Application volumes MQC packet classification Flexible threshold notifications Internet Video Traffic

96 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 96 Sondes danalyses intégrées HTTP/SSNMP Hardware Configuration NAMs Agrégation/corrélation des données de trafic (y compris Netflow) GUI analyseur NAM data sources: SPAN RSPAN (remote SPAN) Netflow v1/5/6/7/8 (broad) VLAN ACL (specific) Visibilité intégrée au réseau Catalyst 6500/7600 Routeur daccès Multiservice 2600/3660/3700/ISR2800/ISR3800 Layer 3-7 RMON I,II, HCRMON SMON, DSMON ART, Voice Analysis Layer 2 mini-RMON par port, par interface

97 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 97 NAM : Analyse temps réel

98 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID jours dhistorisation des rapports Informations détaillées aidant au troubleshooting. Complément doutils tiers de capacity planning Capture et décode de paquets Filtres Pre et post capture ; Save et Export Déclenchement de capture sur évènements prédéfinis Historisation, reporting et isolation, troubleshooting

99 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 99 Uncontrolled (1ms - 10 Seconds) Low (< ms, <0.1%) Very Low (< ms, <0.01%) Ultra Low (<1-10 ms, <0.001%) Controle Latence / perte Algorithmic Trading Grid Computing Telepresence VoIP Citrix Web 2.0 FTP HTTP Objectif : Contrôler latence/perte Outils traditionnels de gestion de performances Bandwidth Quality Manager

100 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 100 En 100 ms sur un LAN a 1 Gb/s beaucoup de choses peuvent arriver Jusquà 12 MB de data générées ~100,000 paquets peuvent êtres perdus !! Diversisté des profils applicatifs Sensibilité à la latence, à la perte de paquets Caractéristiques des réseaux IP actuels Consolidation des datacentres et augmentation du nombre de sites remote Coût de la bande passante Différence des débits LAN/WAN DATA CENTER REMOTE SITE WAN

101 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 101 Les outils courants sont incapables de détecter, troubleshooter et de déterminer quoi faire : Granularité des évènements ; milliseconde Analyse dans un contexte QoS La micro-congestion peut conduire à un comportement imprévisible des applications La probabilité davoir des problèmes de performances applicatives saccroit Dynamic network congestion impacte les applications micro bursts La Solution nest pas toujours évidente Plus de Bande passante –au bon endroit) Techniques de QoS ( traffic shaping, priority queuing ) DATA CENTER REMOTE SITE WAN

102 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 102 Mesure de latence BQM 1180 BQM 2120 Market Data Gigabit Ethernet 10Mb/s Trading Client A Traditional 1 Sec PING Latency View BQM PNQM Latency View 99% Latency of 4ms 99% Latency of 50ms WAN BQM 2120 PNQM What is the Latency of Market Data Feed to Trading Client A?

103 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 103 Mesure de trafic Traditional 5min View BQM 5ms View 20% Link Utilization 20,000% Link Utilization BQM 1180 Citrix Metaframe Fast Ethernet 2Mb/s (0.5Mb/s for Citrix Class) Site A WAN What is the utilization of the access link to Site A?

104 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 104 Analyse de la bande passante BQM Expected Latency View BQM Bandwidth Requirement View Up to 330ms of Latency induced Upgrade to 2.5Mb/s for Citrix Class Required BQM 1180 Citrix Metaframe Fast Ethernet 2Mb/s (0.5Mb/s for Citrix Class) Site A WAN What is the Expected Latency induced on Site A link by Citrix traffic? What is the Bandwidth needed by Citrix to achieve no worse than 200ms for 99.9% of packets?

105 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 105 Solution de SLM Graphiques détaillés des mesures Turning a Cisco Network into a powerful SLM solution Appliance avec un Portail Web centralisant : Les mesures de performance par les probes IP-SLA Lanalyse des MIBs CBQos (classes de service) & NBAR (protocol discovery) Le suivi des trafics Netflow Solution évolutive pour : Le suivi des SLA réseaux ….. et des infrastructures VoIP Préparer ou améliorer la mise en œuvre dapplications « critiques »

106 © 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 106


Télécharger ppt "© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Réseau WAN vu de lentreprise Gilles Clugnac"

Présentations similaires


Annonces Google