Embed Size (px)
Citation preview
© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2 1
Řešení k o m u ni k a čníi nf r a s tr u k tu r y p o b o čk o v ý c h s ítí
NW4/L2 - Z d e n ěk R o u b a l
SponsorL og o
SponsorL og o
SponsorL og o
SponsorL og o
2© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
Agenda1. Úv o d2 . A r c h i t e k t u r a p o b o čk o v é i n f r a s t r u k t u r y
A r c h i t e k t u r a WA NA r c h i t e k t u r a p o b o čk y
3 . I n t e g r o v a n é s l u žb y4 . P l a t f o r m y I S R s m ěr o v a čů5 . S h r n u t í
3© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
Pros� Branch performance� Branch prod u ct i v i t y� L ocal i z ed d eci si on mak i ngC on s� M u l t i pl e appl i ances� O perat i onal i neffi ci ency� C ost w i t h b ranch scal e� A d mi ni st rat i on
Pros� S i mpl i fi ed ad mi ni st rat i on� O perat i onal effi ci ency� L ow er costC on s� P erformance� W A N d epend ence� P rod u ct i v i t y� D eci si on mak i ng
C ent r al i z ed D ec ent r al i z ed
Data Center B ranc h
4© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
I T C h al l enges I n T h e B r anc h O f f i c e
Empowered Branch-W A N
Optimized WAN,Ac c el er a ted Appl ic a tio n s
C o n s is ten t B r a n c h esa n d B r a n c h -H Q S er v ic es
S el f D ef en din g Netw o r k s
H ig h Av a il a b il ity , U n if iedWir el es s -Wir el in e B u s in es s
U n if ied V o ic e/D a ta /V ideo Netw o r k P l a tf o r m
S a tu r a ted WAN, P o o r R es po n s e T ime
L imited M o b il ity , L imited D is a s ter R ec o v er y
I n c o n s is ten t B r a n c h esa n d B r a n c h -H Q s o l u tio n s
Ag in g , D is pa r a te D a ta /V o ic e Netw o r k s
S tr u g g l in g to K eepU p w ith S ec u r ity
T oday ’s Branch-W A N
5© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
A r c h i t e kt u r a p o b o čko v éi n f r a s t r u kt u r y
6© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
App Opt Appl i a n c eI P S
C a l l P r o c e s s i n g Ag e n t
W AN Ag g / V P NR o u te r
W AN Ag g / V P N R o u te r
T r u n k
D a ta b a s e / F i l e S e r v e r s
V o i c e m a i l
Ac ti v e D i r e c to r y
L3 S w i t c h e s
W AAS M g r
App Opt Appl i a n c eI P S
P r i v a te L 2 / L 3 W AN
P r i v a te L 2 / L 3 W AN
E d g e R o u te r
M g t N e tw o r k
I n te r n e tS P 2
WAN EdgeWAN
B r a n c h
I n t er n et Edge
D a t a C en t er
S e c u r i ty M g t
M a n a gem en t / NO C
Ac c e s s C o n tr o l
C o r e N e tw o r k
I n te r n e tS P 1• WAN backup
• R e m o t e Acce s s• e m ai l t r af f i c• w e b t r af f i c
O O B M a n a g e m e n t T r a f f i cB r a n c h W A N P r i m a r y p a t hB r a n c h W A N B a c k u p p a t hB r a n c h p a t h t o I n t e r n e t
P S T N
A n a l o g F X O
B r anc h / W AN Ar c h i t ec t u r es
7© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
A r c h i t e kt u r a W A N
8© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
D ef i ni t i o n o f a W i de Ar ea N et w o r kA WAN is a network that covers a broad geographic areaof ten u ses transm ission f acil ities provided by com m on carriersW A N technol ogies f u nction at the l ower three l ay ers of the O S I ref erence m odel
Physical (L 1 )D at a L in k (L 2 )N e t w o r k (L 3 )
T o d ayE thernet A ccess is A ppl icabl e to M any W A N T ransports
R esidential / B u siness B roadband S ervicesE thernet over M P L SM etro E thernet S ervices
9© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
E t h er net W AN – T y p es o f O f f er i ngs
D i re c t L a y e r 2 A d j a c e nc y B e t w e e n C E R ou t e rs
L a y e r 2 ( L 2 ) S e r v i c e
C E
D i re c t L a y e r 2 A d j a c e nc i e s O nl y B e t w e e n C E a nd P E R ou t e rs
L a y e r 3 ( L 3 ) S e r v i c e
C E
C E C E
PE PE
PE PE
1 0© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
E t h er net W AN – Qo S at W AN E dge
1. P e r V L A N s h a p i n g – a t s i t e s w i t h m u l t i p l e V L A N S2 . H i e r a r c h i c a l Q o S – w h e n s i n g l e t r a f f i c c l a s s
E t hernet W A N S erv i ce P rov i d er I nb ou nd
P ol i c i ng
T ra f f i c Sh a pi ng10 / 10 0 / 10 0 0 M b p s
B r a n c hH e a d E n d
VPN tunnel
V P N T e rm i na t i on
T raffi c fl ow
1 1© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
D y nam i c M u l t i p o i nt V P N ( D M V P N )1. C o n f i g u r a t i o n r e d u c t i o n a n d n o -t o u c h d e p l o y m e n t2 . S u p p o r t s r e m o t e p e e r s w i t h d y n a m i c a l l y a s s i g n e d
a d d r e s s e s .3 . S u p p o r t s s p o k e r o u t e r s b e h i n d d y n a m i c N A T a n d
h u b r o u t e r s b e h i n d s t a t i c N A T .4 . D y n a m i c s p o k e -s p o k e t u n n e l s f o r s c a l i n g
p a r t i a l / f u l l m e s h V P N s .5 . S u p p o r t s I P u n i c a s t , I P m u l t i c a s t a n d d y n a m i c
R o u t i n g P r o t o c o l s .
1 2© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
D M V P N D es i gns1. H u b -a n d -s p o k e
S p o k e -t o -sp o k e t r a f f i c v i a h u b ( h a i r p i n )P hase 1 : H u b b and w i d t h and C P U l i mi t V P NS L B: M any “i d ent i cal ” hu b s i ncrease C P U l i mi t at i on
2 . S p o k e -t o -s p o k e – D y n a m i c s p o k e -t o -s p o k e t u n n e l sC o n t r o l t r a f f i c — H u b a n d sp o k e ; H u b t o h u b
P hase 2 : S i ng l e H u b -and -S pok e l ay erP hase 3 : H i erarchi cal H u b -and -S pok e l ay ers
U n i c a st D a t a t r a f f i c — D y n a m i c m e shS pok e rou t ers su pport spok e-hu b and spok e-spok e t u nnel s cu rrent l y i n u se.H u b su pport s spok e-hu b t raffi c and ov erfl ow from spok e-spok e t raffi c.
1 3© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
D M V P N D es i gns Spoke-t o-h u b t u n n el sSpoke-t o-s poke pa t h
H u b -a n d -sp ok e S p ok e -t o-sp ok e ( Ph a se 2 )
S e rv e r L oa d B a l a n c i n g H i e ra rc h i c a l ( Ph a se 3 )
1 4© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
G E T V P N T ec h no l o gy1. A n y -t o -a n y e n c r y p t i o n2 . T u n n e l -l e s s V P N
t e c h n o l o g y , e l i m i n a t i n g “H u b a n d S p o k e ” m o d e l
3 . G r o u p k e y -b a s e d m o d e l p r o v i d i n g e n d -t o -e n d s e c u r i t y f o r u n i c a s t a n d m u l t i c a s t
4 . I P h e a d e r p r e s e r v a t i o n
1 5© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
Tunnel-les s V P N – B ef o r e a nd A f t er G E TV P N
� S c a l a b il ity —a n is s u e ( N^ 2 pr o b l em)� Ov er l a y r o u tin g� An y -to -a n y in s ta n t c o n n ec tiv ity c a n ’t b e do n e to s c a l e
� M u l tic a s t r epl ic a tio n in ef f ic ien t
� S c a l a b l e a r c h itec tu r e f o r a n y -to -a n y c o n n ec tiv ity a n d en c r y ptio n
� No o v er l a y s —n a tiv e r o u tin g� An y -to -a n y in s ta n t c o n n ec tiv ity� E f f ic ien t M u l tic a s t r epl ic a tio n
W A N
Multicast
B e f o r e : I P se c P 2P T u n n e l s A f t e r : T u n n e l -Le ss V P N
1 6© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
B as i c G E T V P N Ar c h i t ec t u r eT w o R o l e s :
V P N G at ew ay s ( a. k . a. “g rou p memb ers”) G rou p C ont rol l er/ K ey S erv er ( a. k . a. “k ey serv er”)
GM
K S
G M 1
G M 2
G M 3 G M 4
G M 5
G M 6
G M 7G M 8G M 9 K S
Step 1: V P N G a tew a y s “r eg i s ter ” w i th th e K S� K S au t hent i cat es and au t hori z es t he G M
� K S ret u rns a set of I P sec S A s for t he V P N G at ew ay s t o u se
1 7© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
B as i c G E T V P N Ar c h i t ec t u r e
G M 1
G M 2
G M 3 G M 4
G M 5
G M 6
G M 7G M 8G M 9 K S
Step 2 : V P N G a tew a y s ex c h a n g e en c r y pted tr a f f i c u s i n g th e g r o u p k ey s . T h e tr a f f i c u s es th e “a d d r es s pr es er v a ti o n ”tu n n el m o d e
Step 3 : K S pu s h es o u t r epl a c em en t I P s ec k ey s b ef o r e c u r r en t I P s ec k ey s ex pi r e; th i s i s c a l l ed a “r ek ey ”
G M 1
G M 2
G M 3 G M 4
G W 5
G M 6
G M 7G M 8G M 9 K S
1 8© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
G E T V P N R edu ndanc y O n e G D O I K e y S e r v e r S e t u p
S i n g l e Poi n t of F a i l u re
M u l t i p l e C o o p e r a t i v eK e y S e r v e r s
R e d u n d a n c y
K S
G M G M
G M
I P N e t w ork
G M
C o o p e r a t i v e K S 1 C o o p e r a t i v e K S 2
I P N e t w ork
1 9© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
E z V P N Spoke
G E T G MD M V P N Spoke
D M V P N Spoke
D a t a C en t er
Internet E d g e
W A N E d g e
G E T G M G E T G M
MP L S / P r i v a t e N e t w o r k
KSKS
G MG M
IP s ec IP s ec
I n t e r n e t /S h a r e d N e t w o r k *
* Note: DMVPN can also be used on MPLS/Private network
V P N T ec h no l o gy P o s i t i o ni ng
20© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
A r c h i t e kt u r a p o b o čky
21© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
H e a d q u a r t e r s
A p p licatio n S e r v e r s
S i ngl e-T i er E nt er p r i s e B r anc h P r o f i l e
B r a n c h O f f i c e
W A N I nt e rne t
W A NServices
1 . T 1 w i t h A D SL b a c k u p
LA NServices
1 . I nt e g ra t e d E t h e rsw i t c h2 . N e t w ork m od u l e3 . L 2 sw i t c h i ng , 8 0 2 . 3 a f i n-l i ne
pow e r
NetworkF undam entals
1 . D u a l l i nk a v a i l a b i l i t y2 . Q oS on sw i t c h a nd rou t e r3 . E I G R P rou t i ng prot oc ol
SecurityServices
1 . I nf ra st ru c t u re prot e c t i on2 . Se c u re c onne c t i v i t y : D M V P N3 . T h re a t d e f e nse :
I O S F W , I O S I P S , A C L sC ataly st S e cur ity F e atur e s
22© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
D u al -T i er E nt er p r i s e B r anc h P r o f i l e
W A NServices
1 . P ri v a t e W A N —f ra m e re l a y
LA NServices
1 . E x t e rna l C a t a l y st sw i t c h2 . L 2 sw i t c h i ng , 8 0 2 . 3 a f i n-l i ne
pow e r
NetworkF undam entals
1 . D u a l l i nk a v a i l a b i l i t y2 . D u a l rou t e r a v a i l a b i l i t y3 . H SR P4 . Q oS on sw i t c h a nd rou t e r5 . E I G R P rou t i ng prot oc ol
SecurityServices
1 . I nf ra st ru c t u re prot e c t i on2 . Se c u re c onne c t i v i t y :
P ri v a t e W A N 3 . T h re a t d e f e nse :
I O S F W , I O S I P S, A C L sC a t a l y st se c u ri t y f e a t u re s
H e a d q u a r t e r s
B r a n c h O f f i c e
P ri v a t e W A N
A p p licatio n S e r v e r s
23© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
H e a d q u a r t e r s
M u l t i -T i er E nt er p r i s e B r anc h P r o f i l e
B r a n c h O f f i c e
M P L S W A N
W A NServices
1 . M P L S
LA NServices
1 . E x t e rna l C a t a l y st sw i t c h2 . St a c k w i se t opol og y3 . L 3 sw i t c h i ng , 8 0 2 . 3 a f i n-l i ne
pow e rNetwork
F undam entals1 . D u a l l i nk a v a i l a b i l i t y2 . D u a l rou t e r a v a i l a b i l i t y3 . H SR P4 . O b j e c t t ra c k i ng5 . Q oS on sw i t c h a nd rou t e r6 . E I G R P rou t i ng prot oc ol
SecurityServices
1 . I nf ra st ru c t u re 2 . P rot e c t i on3 . Se c u re c onne c t i v i t y :
M P L S V P N 4 . T h re a t d e f e nse :
A SA F W , I O S I P S, A C L s5 . C a t a l y st se c u ri t y f e a t u re s
A p p licatio n S e r v e r s
24© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
I n t e g r o v a n é s l u žb y
25© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
L AN S er v i c es
1.L A N C o n n e c t i v i t yE t h e r C h a n n e l , S t a c k Wi se , P o E
2 .L A N S e r v i c e sS T P , V LA Ns, V T P
26© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
B as i c N et w o r k S er v i c es
1. R o u t i n gE I G R P , O S P F , B G P , R I P v 2,M u l t i c a st
2 . A d d r e s s i n gNA T /P A T , D H C P
3 . Q o S8 a n d 5 c l a ss h i e r a r c h i c a lQ o S , A u t o Q o S
4 . H i g h A v a i l a b i l i t yR e d u n d a n c y , H S R P
27© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
S ec u r i t y S er v i c es
1. P e r i m e t e r P r o t e c t i o nA u t o S e c u r e , La y e r 2 S e c u r i t y
2 . A c c e s s C o n t r o lA A A w i t h T A C A C S + , R A D I U S
3 . S e c u r e C o n n e c t i v i t yH a r d w a r e : A I M -V P N/S S LD M V P N, G E T V P N, S S LV P N
4 . T h r e a t D e f e n s eI P S , Z P F , A C Ls, u R P F
28© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
A S A S eri es
C i s c o F i r ew a ll f o r N et w o r k P o li c y E nf o r c em entT y p i c a l l y u se d t o e n f o r c e p o l i c y o n t r a f f i c a t n e t w o r k b o u n d a r i e s
P ol i ci es may b e appl i ed on l ay ers L 2 -L 7E nab l es st at efu l fi rew al l , net w ork access rest ri ct i ons, et c.
� C o s t-ef f ec tiv e, in teg r a ted f ir ew a l l
� C l a s s ic o r Z o n e-B a s ed F W ( Z B F W)Z B F W is str ate g ic F W C S M sup p o r t f o r Z B F W p lan n e d f o r C S M 3 . 3
I O S F i rew al l
� H ig h l y s c a l a b l e, h ig h per f o r ma n c e, f u l l y f ea tu r ed
� S ta tef u l f a il o v er� E n a b l es s epa r a te a dmin is tr a tiv e do ma in s
29© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
I P S S eri es
C i s c o I P S f o r Th r ea t D et ec t i o n a nd M i t i g a t i o nK e y t o t h e m o n i t o r i n g , d e t e c t i o n a n d m i t i g a t i o n o f g e n e r a l
t h r e a t s a n d a n o m a l i e s i n u se r c l i e n t t r a f f i cW orms, v i ru ses, appl i cat i on ab u se, et c.
C e n t r a l i z e d v s. D i st r i b u t e d D e p l o y m e n t
� C o s t-ef f ec ti v e, i nteg r a ted I PS , s ub -s et o f s i g na tur es
� No c o lla b o r a ti o n w i th W L A N c o ntr o ller
I O S I P S
� H i g h ly s c a la b le, h i g h a v a i la b i li ty , r i c h s i g na tur e s et
� E na b les s ep a r a te a d m i ni s tr a ti v e d o m a i n
� D ed i c a ted a p p li a nc es a nd i nteg r a ted m o d ules f o r I S R a nd A S AMo d u l e s e n a b l e a c o s t -e f f e c t i v e , c o n s i s t e n t I P S d e p l o y m e n t a c r o s s t h e E n t e r p r i s e
30© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
W L AN I nt egr at i o n1 . M o b i l i t y se r v i c e s
8 0 2 . 1 1 n su pportA ccess cont rol
2. U n i f i e d Wi r e l e ss Ne t w o r k C o n t r o lL ocal W L C for consi st ency of ri ch W L A N serv i ces across corporat el ocat i onsC ent ral i z ed W C S for cross-W L A N moni t ori ng
W A N
B r a n c hL oc a l W L C A ppl i a n c e
L A PC o r p o r a t e
C en t r a l W C SC or por a t e
31© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
V o i c e S er v i c es
1.C o n n e c t i v i t yP S T N: V I WC 2-2M F T -T 1 /E 1 A n a l o g p h o n e s: V I C -4F X S /D I D
2 .G a t e w a yH . 3 23 , S I P , S C C P , T . 3 8 F a x R e l a y , F a x -P a ss T h r o u g h , E 9 1 1
3 .I P T e l e p h o n yC M E , S R S T , R S V P , T r a n sc o d i n g , C o n f e r e n c i n g
4 .C o d e cG . 7 1 1 , G . 7 29 a , c R T P
32© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
WAN
B r a n c h
P S T N
1 . Al l c o r e U C c o mpo n en ts ma in ta in ed in c en tr a l ized da ta c en ter s
2. C o s t-ef f ec tiv e, c o n s is ten t U C s er v ic es a c r o s s s ites , c en tr a l ized depl o y men t, a dmin is tr a tio n a n d o n g o in g ma in ten a n c e
1 . Al l U C c o mpo n en ts l o c a ted a t r emo te l o c a tio n s
2. H ig h er s c a l a b il ity , dis tr ib u ted a dmin is tr a tiv e c o n tr o l
C e n t r a l i z e d C a l l C o n t r o l D i st r i b u t e d C a l l C o n t r o l
C al l P r o c es s i ng M o del
� C u st omers w i l l g eneral l y hav e a mi x of b ot h mod el s d epend i ng on si t e. . .
WAN
B r a n c hC U C M C l u s t e r
C o r p o r a t e
AC e n t r a l i z e d D C
P S T N
WAN
B r a n c h
P S T N
A
33© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
C ent r al i z ed C al l C o nt r o l and S R S T1 . C ent ral i z ed C al l C ont rol C hal l eng e:
L o s s o f c o n n ec tiv ity to c en tr a l ized C U C M c l u s ter2 . S ol u t i on: I O S S u rv i v ab l e R emot e S i t e T el ephony ( S R S T )
C a l l c o n tr o l f a l l b a c k to S R S T in b r a n c h I S R in c a s e o f l o s s o f c o n n ec tiv ity to c en tr a l ized C U C M c l u s terC a l l s r o u ted o v er P S T N
C U C M C l u s t e r
C o r p o r a t e
A
C e n t r a l i z e d D C
WAN
B r a n c h
I SR w i t h I O S SR STP S T N
X
34© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
C i sc o U n i f i e d C o m m u n i c a t i o n s M a n a g e r E x p r e ss ( C U C M E )
Lo c a l C U C M C l u st e r a t B r a n c h
D i s t r i b u t ed C al l C o nt r o l D ep l o y m ent s
1 . L o c a l c a l l pr o c es s in g to C U C M E s o f tw a r e in b r a n c h I S R
2. C o s t-ef f ec tiv e, l imited s c a l a b il ity , s o me f ea tu r e dis pa r ity
1 . L o c a l c a l l pr o c es s in g to l o c a l C U C M c l u s ter a t b r a n c h s ite
2. H ig h l y s c a l a b l e, f u l l y f ea tu r ed, c o n s is ten t s er v ic es
I SR w i t h I O S V o i c e G a t e w a y+ C U E M o d u l e
WAN
B r a n c h
P S T N
A
I n t e r -c l u s t e r T r u n k o v e r P r i v a t e W A N
WAN
B r a n c h
P S T N
SI P T r u n k t o C e n t r a l i z e d C U C M o v e r P r i v a t e W A N I SR w i t h C U C M E
So f t w a r e+ C U E M o d u l e
35© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
N et w o r k M o ni t o r i ng S er v i c es
M o n i t o r i n gC C P M o n i t o r i n g , Ne t F l o w , I P S LA s, NB A R , S y sl o g , S NM P
36© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
N AM ( N et w o r k Anal y s i s M o du l e)
37© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
E E M ( E m b edded E v ent M anager )
38© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
C i s c o I O S C o nt r o l P l ane P o l i c i ng1 . M i t i g at es D oS at t ack s on cont rol pl ane ( rou t e processor), e. g . I C M P fl ood s2 . P ol i ces and t hrot t l es i ncomi ng t raffi c t o cont rol pl ane, mai nt ai ns pack et forw ard i ng and prot ocol st at es d u ri ng at t ack s or heav y t raffi c l oad
I N C O M I N GP AC K E T S
C O N T R O L P L AN E P O L I C I N G( Al l e v i a t e s D o S a t t a c k s )
S I L E N T M O D E( P r e v e n t s
R e c o n n a i s s a n c e )
P AC K E TB U F F E R
O U T P U T P AC K E T B U F F E R
L o c a l l yS w i t c h e d P a c k e t s
C E F / F I B L O O K U P
P r o c e s s o rS w i t c h e d P a c k e t s
C O N T R O L P L AN EM a n a g e m e n tSN M P , T e l n e t I C M P I P v 6 R o u t i n g
U p d a t e sM a n a g e m e n tSSH , SSL …
O U T P U T f r o m C o n t r o l P l a n e
I N P U T t o C o n t r o l P l a n e
39© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
C i s c o C o nf i gu r at i o n P r o f es s i o nal
1 . N ew G raphi cal T ool M u l t i -d e v i c e m a na g e m e ntD e l i v e re d on C D w i t h e v e ry I SRU p t o 1 0 d e v i c e s i n c om m u ni t yU p t o 2 5 5 c om m u ni t i e s
2 . I nt eg rat i on confi g u rat i on of:R ou t i ng , Se c u ri t yC i sc o® U ni f i e d C om m u ni c a t i ons M a na g e r E x pre ssC i sc o U ni t y ® E x pre ss
3 . S mart W i z ard s for: L A N , W L A N , a nd W A NF i re w a l l , I P S, a nd V P NQ oS, A C L sO ne -St e p Se c u ri t y L oc k d ow n
40© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
N et w ork as t he P l at formN et w ork as t he P l at form
I P C a mer a s
An a l o g V ideo S u r v eil l a n c e
M a n a g erM u l tis er v ic esP l a tf o r m Ac c es s C o n tr o l
I n teg r a tedC o mms
P o l ic y E n g in e
Web C l ien t
L eg a c y I n teg r a tio n
G
C apt u re S t ore V i ew R espond
V i deo S u r v ei l l anc e
41© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
I S R P o r t f o l i o f o r V i deo S u r v ei l l anc e
E n t e r p r i s e B r a n c h O f f i c e
C i s c o 2821
C i s c o 285 1
C i s c o 3 825
C i s c o 3 84 5
H i g h -D e n s i t y S e r v i c e s
E V M-I P V S -1 6 A : A n a l o g V i d e o Ga t e w a y Mo d u l e
E x te n d e d Mo d ular C o n n e ctiv ity ( E V M, N M, A I M, W I C / V I C )
Mu l t i p l e S e r v i c e s Mo d ular ity w ith P e r f o r m an ce O p tim iz e d f o r “A ll-in -o n e ”S o lutio n ( H S D M, N M, E V M, A I M, W I C / V I C )
C i s c o I P V i d e o S u r v e i l l a n c e S o l u t i o n
N ME -V MS S : V i d e o Ma n a g e m e n t a n d S t o r a g e S y s t e m N e t w o r k Mo d u l e
42© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
1 . A c c e l e r a t e s a p p l i c a t i o n s o v e r t h e WA N2. D e l i v e r s v i d e o t o t h e b r a n c h3 . P r o v i d e s l o c a l h o st i n g o f b r a n c h I T se r v i c e s
D a ta C enterR e m o t e O f f i c e
R e m o t e O f f i c e
R e m o t e O f f i c e
W A N
���� ��� ��� � � ��� � �� � ����
���� ��� ��� � � �� � �� � �� �
��� �� � �� � �� �� � �� �� � � �
� � �� � �� � � � �� � �� �� � � �
!" # $% $& ' ( )* + + ' , # $* + -
! " # $% $& ' ( )* + + ' , # $* + -V P N
I n t er n et.0/12 32 456 798: : 5; 12 8:<
./12 32 456 798: : 5; 12 8: <
Mo b i l e
W AN O p t i m i z at i o n S er v i c es
43© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
Ob j ec tS to r a g e
Wi d e A r e a A p p l i c a t i o n S e r v i c e s ( WA A S )
I O S P l at form w i t h S erv i ces and C L I
C i sco L i nu x K ernelP ol i cy E ng i ne, F i l t er-By pass, E g ress M et hod , D i rect ed M od e, A u t o-D i scov eryF l a s h
I OS S h el lL in u x
Appl ic a tio nS to r a g e
V i rt u a l B l a d e s
C onf i g u ra t i onM a na g e m e nt
Sy st e m( C M S)
C I F SA O
T C P P rox y w i t h Sc h e d u l e r O pt i m i z e r ( SO )D R E , P L Z , T F O
E P MA O
M A P IA O
H T T PA O
SSLA O
R T SPA O
W i nd ow sO n
W A A S( W O W )
V i rt u a lB l a d e# 2
V i rt u a lB l a d e# 3
N F SA O
D R ES to r a g e
V ir tu a l B l a deS to r a g e/v b s pa c e
E th er n etNetw o r kI /O
W AAS S o f t w ar e Ar c h i t ec t u r e
44© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
N et w o r k C ap ac i t y E x p ans i o n ( N C E )
A p p sC o r p o r a t e H QN C E A g g r e g a t i o n
R e m o t e O f f i c e
L A N
T C PT C P
W A NSC T P
S o l u t i o n s�Wir el es s 3 G a c c el er a tio n� S a tel l ite I n ter n et o ptimiza tio n� S ma l l b r a n c h WAN l in k o ptimiza tio n
T e c h n o l o g i e s� L 4 h a r dw a r e c o mpr es s io n� S C T P -b a s ed T C P o ptimiza tio n� I n teg r a ted in to r o u ter a n d I OS� S u ppo r ted o n a l l mo du l a r I S R s
�Branch: AI M M o du l es� H Q / D C : 3 80 0 I S R s + NM E M o du l e( s )
D e p l o y m e n t
45© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
A X P A ppl i c a t i on Se rv i c e s:
A X P B l a d e Se rv i c e s:
I SR R ou t e r Se rv i c e s:
A X P
App
ISR
Services Stack
E a c h l a y e r a f f o r d s se r v i c e s t o t h e o v e r a l l so l u t i o n , w h e r e se r v i c ei n t e g r a t i o n c o m p r i se s o v e r a l l c o m p o si t e se r v i c e t o a p p l i c a t i o n s.
Se c u ri t yP e rf orm a nc eM a na g e m e ntA v a i l a b i l i t y
M u l t i -Se rv i c e I nt e g ra t i onA P I “h ook s”
“A ppl i a nc e -l i k e ”F l e x i b l e N e t w ork i ng
V i rt u a l i z a t i onSe c u ri t y
M a na g e m e nt
Services I n teg ratio n( ex am p l e)
N e t w ork Se rv i c e s: B r a n c hA r c h i t e c t u r e
B r anc h Ap p l i c at i o n S er v i c es
46© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
AXP
C i s c o ’s Ap p l i c at i o n eX t ens i o n P l at f o r m
A p p l i c a t i o n S e r v i c e s o n i n t e g r a t e d se r v i c e s m o d u l e sN et w ork M od u l e ( N M E ): I nt el P ent i u m C P U , H D D S t orag e, i nt ernal and ex t ernal G i g E i nt erfacesA d v anced I nt eg rat i on M od u l e ( A I M ): I nt el C el eron C P U , fl ash-b ased st orag e, i nt ernal G i g E i nt erface onl y
NME A I M
H o s t A p p l i c a t i o n S e r v i c e s o n C i s c o ’s I S R
47© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
ISR Router Support
S u p p o r t ed H ar dw ar eAIM 102
C P U : 3 0 0 M h zM e m o r y : 25 6 M BC o m p a c t F l a sh : 1 G B
N ME 3 02C P U : 1 . 0 G h zM e m o r y : 5 1 2 M BD i sk : 8 0 G B
N ME 5 22C P U : 1 . 4 G h zM e m o r y : 2 G BD i sk : 1 6 0 G B
A I M 1 0 2
N M E 3 0 2
N M E 5 2 2
1 8 4 1 Y2 8 0 1 Y2 8 1 1 Y Y2 8 2 1 Y Y2 8 5 1 Y Y3 8 2 5 Y Y Y3 8 4 5 Y Y Y
48© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
C isco I SR
I O S
G E -1 G E -2A U X
A X P M od u l e
S t a n d a r d s B a s e d H o s t i n g i n f r a s t r u c t u r e• H ard ened C i sco L i nu x O S• L i nu x V serv er “sand b ox i ng ”
D e d i c a t e d A p p l i c a t i o n r e s o u r c e s• C P U , M emory , S t orag e
C i s c o L i n u x O SE x t en s i b l e I O S-l i ke C L I
V i r t u a l i z e d O S V i r t u a l i z e d O S
Logging/Debugging facilities
ConfigurationConfiguration
IOS Interface
IOS Interface
M onitoringM onitoring
E v e ntE v e nt T rigge rsT rigge rs
ControlControl P l aneP l aneD ataD ata P l aneP l ane
( C / C + + )A p p
J a v aO SG I
J a v a A p p l i c a t i o n
P e r l / P y t h o n
A d d i t i o n a l F e a t u r e s :• S t and ard prog rammi ng su pport• I S R seri al port v i rt u al i z at i on• M oni t ori ng , C onfi g u rat i on, and E E M A P I ’s
S e r i a l D e v i c e
AX P T ec h ni c al O v er v i ew
49© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
AX P U s e C as es
A X P C en tral M an ag em en t1 . S o f tw a r e M a n a g emen t ( in s ta l l , u pg r a de, pa tc h es )
2. Appl ic a tio n /pl a tf o r m C o n f ig u r a tio n + mo n ito r in g
3 . E x ten s ib l e a r c h itec tu r e to ma n a g e c u s to m a pps
Network Services• A A A Se rv e r• D N S Se rv e r• N T P Se rv i c e s• F i l e Se rv i c e s• Sy sl og Se rv e r
H om e-G rown U til ities• M a na g e m e nt A g e nt s• M oni t ori ng T ool s• C u st om Sc ri pt s• N e t F l ow A na l y si s
A p p l ica tion s• B u si ne ss A ppl i c a t i ons• V e rt i c a l A ppl i c a t i ons• T e l e ph one A ppl i c a t i ons• Sof t w a re M g m t Sy st e m s
I n t e g r a t i n g B u s i n e s s V a l u e i n t o Y o u r B r a n c h R o u t e r
50© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
P l a t f o r m y I S R s m ěr o v a čů
51© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
C i s c o I S R P o r t f o l i o
E m b e d d e d W i re l e ss, Se c u ri t y a nd D a t a
8 0 0 S e r i e s
2 8 0 0 S e r i e s3 8 0 0 S e r i e s
1 8 0 0 S e r i e s1 8 6 1
T h e I n t e g r a t e d S e r v i c e s R o u t e r P o r t f o l i o
H i g h D e nsi t y a nd P e rf orm a nc ef or C onc u rre nt Se rv i c e s
E m b e d d e d , A d v a nc e d V oi c e , V i d e o, D a t a a nd Se c u ri t y Se rv i c e sPe
rform
ance
and S
ervice
s Den
sity
Sm a l l O f f i c e a nd T e l e w ork e r M e d i u m t o L a rg e B ra nc hSm a l l B ra nc h M e d i u m
B ra nc h
C i s c o8 6 0 / 8 8 0
52© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
C i s c o 8 6 0 and 8 8 0 S er i es O v er v i ew86 0 880 880 S R S T
F E WAN Y es Y es Y esV D S L 2 No Y es NoG . S H D S L No Y es Y esD a ta B a c k U p No I S D N B R I , 3 G NoP S T N I n ter c o n n ec t No No F X O o r B R I V o ic eF X S P o r ts No No 480 2. 1 1 n 2. 4 G H z 2. 4 G H z 2. 4 G H zS R S T No No Y esM a n a g ed 1 0 /1 0 0 S w itc h P o r ts 4 P o r ts 4 P o r ts 4 P o r tsV L ANs( Wir ed a n d Wir el es s ) 2 8 8
53© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
S h r n u t í
54© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
H ead q u arters
S w i t c h i n g a n d W i F i
S e c u r eC o n n e c t i v i t y
S e c u r i t y S e r v i c e s
A p p l i c a t i o n A c c e l e r a t i o n
E nc ry pt i on ( 3 D E S, A E S)V P N , V 3 P N , D M V P N , G E T V P NF i re w a l l , I D S, U R L f i l t e ri ng
V o i c e S e r v i c e sC a l l P roc e ssi ng , V oi c e M a i l A u t o A t t e nd a nt , SR ST G a t e w a y s, C onf e re nc i ng , V oW L A N , L M R ov e r I PW A N opt i m i z i ng , C a c h i ng , P re -P osi t i oni ng St re a m i ng , U R L F i l t e ri ng
L 2 Sw i t c h i ng , 8 0 2 . 3 a f I n-L i ne P ow e r, W i re l e ss L A N ( W i F i )
P h y s i c a l S e c u r i t y Su rv e i l l a nc e C a m e ra s, R e c ord i ng
A p p l i c a t i o n S e r v e r s
C i s c o I nt egr at ed S er v i c es R o u t er s
T o I n t er n et
V P N
W A N C o n n e c t i v i t y F ra m e R e l a y , A T M , L e a se dL i ne s D SL , Sa t e l l i t e
B ran ch O f f ice
C o n n e c t i v i t y S e r v i c e s
Q oS, C om pre ssi on,A c c e ss L i st s
Ser v i c e P r ov i d er P ST N
A p p l i c a t i o n s A ppl i c a t i on E x t e nsi on P l a t f orm
A d v a n c e d Mg t . F u l l R M O N f e a t u re s, a nd SD M
55© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
Q& A
56© 2 0 0 9 C i s c o S y s t e m s , I n c . A l l r i g h t s r e s e r v e d . C i s c o P u b l i cN W 4 / L 2
