Brkapp 2013

Best Practices for
Application Optimization
Illustrated with SAP,
Seibel and Exchange
BRKAPP-2013
BRKAPP-2013
14361_04_2008_c1
2008 Cisco Systems, Inc. All rights reserved.
2006, Cisco Systems, Inc. All rights reserved.

Presentation_ID.scr
Cisco Public
Cisco Application Delivery Networks

Network Classification
Application Scalability
Application Networking
Quality of service
Network-based app recognition
Queuing, policing, shaping
Visibility, monitoring, control
Server load-balancing
Site selection
SSL termination and offload
Video delivery
Message transformation
Protocol transformation
Message-based security
Application visibility
WAN
Application Acceleration
WAN Acceleration
Application Optimization
Latency mitigation
Application data cache
Meta data cache
Local services
BRKAPP-2013
14361_04_2008_c1
Data redundancy elimination

Window scaling
LZ compression
Adaptive congestion avoidance
Delta encoding
FlashForward optimization
Application security
Server offload
3
Cisco Public
Other Cisco Live Breakout Sessions

that You May Want to Attend
Relevancy
GSS
ISR
WAAS
ACNS
ACE
AXG
Applications
BRKAPP-2002 Server Load Balancing Design

BRKAPP-3003 Troubleshooting ACE
BRKAPP-1004 Introduction WAAS
BRKAPP-2005 Deploying WAAS
BRKAPP-3006 Troubleshooting WAAS
BRKAPP-1008 What can Cisco IOS do for my application?
BRKAPP-1009 Introduction to Web Application Security
BRKAPP-2010 How to build and deploy a scalable video
communication solution for your organization
BRKAPP-2011 Scaling Applications in a Clustered
Environment
BRKAPP-2013 Best Practices for Application Optimization
illustrated with SAP, Seibel and Exchange
BRKAPP-2014 Deploying AXG
BRKAPP-1015 Web 2.0, AJAX, XML, Web Services for
Network Engineers
BRKAPP-1016 Running Applications on the Branch Router
BRKAPP-2017 Optimizing Application Delivery
BRKAPP-2018 Optimizing Oracle Deployments in
Distributed Data Centers
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
Agenda
Cisco Validated Designs
Data Center Infrastructure
Service Integration
Data Center Evolution
BRKAPP-2013
14361_04_2008_c1
Cisco Public

The Program
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public

What Is the Value?
BRKAPP-2013
14361_04_2008_c1
Cisco Public

Continuously Improving the Solution
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
Agenda
Service Integration
BRKAPP-2013
14361_04_2008_c1
Cisco Public
DC Functional Layers
Layers and Services
Core
Aggregation
Access
Firewall Services
Server Balancing
Intrusion Detection
SSL Offloading
Network Analysis
DoS Protection
File Caching
Content Caching
VPN Termination
Server Farms
Server Clusters
Edge
Virtual Fabrics (VSANs)
Storage Virtualization
Data Replication Services
Fabric Routing Services
Fabric Gateway Services
Server Virtualization
Virtual I/O
Compute Fabric Services
Remote DMA Services
Clustering Services
Fabric Gateway Services
Storage/Tape Farms
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Core
Cisco Public
10
Data Center Architecture Overview

Layers of the Enterprise Multi-Tier Model
Enterprise Core
DC Core
DC Aggregation
DC Access
Blade Chassis with

Integrated Switch
Blade Chassis with

Pass Thru
BRKAPP-2013
14361_04_2008_c1
L2 with Clustering
and NIC Teaming
Cisco Public
Mainframe
with OSA
L3 Access
11
Aggregation Layer
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
12
Aggregation Layer Design

Spanning Tree Design
Core
Root Secondary
HSRP Secondary
Standby Context
Root Primary
HSRP Primary
Active Context
Rootguard
LoopGuard
BPDU Guard
UDLD Global
BRKAPP-2013
14361_04_2008_c1
13
Cisco Public

Integrated Services: Firewall, Load Balancing, SSL
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
14

Active-Standby Service Design
Core
Root Secondary
HSRP Secondary
Standby Context
Root Primary
HSRP Primary
Active Context
BRKAPP-2013
14361_04_2008_c1
15
Cisco Public

Active-Active Service Design
Core
Root Secondary
HSRP Secondary
Standby Context
Root Primary
HSRP Primary
Active Context
VLAN 5:
Root Secondary
HSRP Secondary
Standby Context
VLAN 6:
Root Secondary
HSRP Secondary
Standby
Context
vlan5
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
vlan6
vlan6
vlan5
16

Establishing Path Preference
for Applications
Core
3. Route Map on Host Route

Sets Preferred Metric of Route
route-map RHI permit 10
match ip address 44
set metric-type type-1
4. If Context Failover
Occurs, RHI and Route
Preference Follow
2. If Healthy, Installs
Host Route to VIP on
Local MSFC
vlan5
vlan6
vlan6
vlan5
1. ACE Probes to Real

Servers in VIP to
Determine Health
BRKAPP-2013
14361_04_2008_c1
17
Cisco Public
Core and Aggregation Layer Design

STP, HSRP and Service
Context Alignment
Core
Root Secondary
HSRP Secondary
Standby Context
Root Primary
HSRP Primary
Active Context
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
18

Using VRFs in the DC (1)
MPLS or
Other Core
VRF-Green
VRF-Blue
DC Core
VRF-Red
Agg1
Agg2
Alternate Primary
Contexts on
Agg1 and 2 to
Achieve ActiveActive Design
Firewall and SLB

Contexts for Green,
Blue, and Red
VLANs Isolate
Contexts on Access
802.1Q
Trunks
BRKAPP-2013
14361_04_2008_c1
19
Cisco Public

Using VRFs in the DC (2)
Red VRF
Green VRF Blue VRF
Red VRF
Green VRF Blue VRF
WAN/Branch
Campus
Core: P-Nodes
Agg Module 1
DC Core

Presentation_ID.scr
PE
Agg Module 2
802.1Q
Trunks
802.1Q
Trunks
BRKAPP-2013
14361_04_2008_c1
PE
Cisco Public
20
10
Access Layer Design
BRKAPP-2013
14361_04_2008_c1
21
Cisco Public
Access Layer Design

Defining Layer 2 Access
DC Core
Agg1
L3
Inter-Switch
Link
Agg2
L2
Secondary Root
Secondary HSRP
Standby Services
80
2. 1
qT
r un
ks
Primary Root
Primary HSRP
Active Services
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
22
11
Access Layer Design

Establish a Deterministic Model
DC Core
L3+L4 Hash
Path
Pref
Agg1
L3
Inter-Switch
Link
Agg2
Secondary Root
Secondary HSRP
Standby Services
Def gwy
80
2. 1
qT
r un
ks
L2
BRKAPP-2013
14361_04_2008_c1
23
Cisco Public
Scaling B/W with GEC and 10GE

Migrating Access Layer Uplinks to 10GE
DC Core
Aggregation
Access Pair 1
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
24
12
Scaling B/W with GEC and 10GE

Service Layer Switch
DC Core
Service
Switch1
Aggregation
Service
Switch2
(Redundant)
Access
BRKAPP-2013
14361_04_2008_c1
25
Cisco Public
Data Center Network

Best Practices: STP, HSRP, Other
Rapid PVST+
UDLD Global
Spanning Tree Pathcost Method=Long
LACP+L4 Port Hash

Dist EtherChannel for FT and Data
VLANs
L3+ L4 CEF Hash
Agg1:
STP Primary Root
HSRP Primary
HSRP Preempt and Delay
Dual Sup with NSF+SSO
FT
Data
Agg2:
STP Secondary Root
HSRP Secondary
HSRP Preempt and Delay
Single Sup
LACP+L4 Hash
Dist EtherChannel
Min-Links
Rootguard
LoopGuard
Blade Chassis
with Integrated
Switch
Portfast + BPDUguard
Rapid PVST+: Maximum Number of STP Active Logical Ports- 8000 and Virtual Ports
Per Linecard-1500
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
26
13
Agenda
Service Integration
BRKAPP-2013
14361_04_2008_c1
Cisco Public
27
Service Integration Goals
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
28
14
Application Examples
BRKAPP-2013
14361_04_2008_c1
29
Cisco Public
Exchange 2007
Logical Layout
Remote Clients
CAS
Mailbox
(OWA, ActiveSync, Anywhere,

POP3, IMAP4)
MAPI
Mail
Client
Internet
SMTP
Messages
Edge
Transport
Hub
Transport
External Communications
BRKAPP-2013
14361_04_2008_c1
Internal Exchange Communications


Presentation_ID.scr
Cisco Public
30
15
SAP
Logical Layout
SAPGUI
TCP:32xx
HTTP(S) (ABAP)
Default TCP:8000
HTTP (J2EE)
HTTP:5xx00
HTTPS: 5xx01
RFC
Web
Services
JCo/RFC
SAP Web Application Server
Operating System and Database Agnostic
BRKAPP-2013
14361_04_2008_c1
31
Cisco Public
Oracle 11i
Logical Topology
Desktop
Tier
Application
Tier
Database
Tier
Web
Server
Web Server
(HTTP/HTTPs
Listener)
Desktop Tier
Web Client
Form Server
Forms
Server
Web
Browser
Concurrent
Server
Reports
Server
(HTTP/HTTPs
Listener)
Database
Server
Web Server
(HTTP/HTTPS
Listener)
Admin
Server
Desktop Tier
Web Client
Discoverer
Server
Forms
Listener
Servlet
Form Server
(HTTP/HTTPS
Listener)
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
32
16
Common Application Expectations

Transaction Processing Applications
BRKAPP-2013
14361_04_2008_c1
33
Cisco Public
Service Integration and Network Design

Application Delivery Services
Enterprise Core
DC Core
DC Aggregation
DC Access
Security and Monitoring Services

Blade Chassis with
Integrated Switch
Blade Chassis with

Pass Thru
L2 with Clustering
and NIC Teaming
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
Mainframe
with OSA
L3 Access
34
17
Data Center Technology

Application Control Engine Overview
ACE Service Module
BRKAPP-2013
14361_04_2008_c1
Cisco Public
35

Application Control Engine Appliance
Front
Rear
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
36
18

Firewall Service Module
Firewall Service Module
BRKAPP-2013
14361_04_2008_c1
Cisco Public
37

Adaptive Security Appliance (ASA) 5580
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
38
19
Service Chaining
Virtualized Network Services
Cisco Catalyst 6500
BRKAPP-2013
14361_04_2008_c1
BU-1
BU-2
BU-3
BU-4
BU-5
One Arm
Mode
Routed
Mode
Routed
Mode
Bridged
Mode
Bridged
Mode
Cisco Public
39
Service Chaining
Consolidated Secure Infrastructure
user Mark pass abc role Security-Admin

user Tom pass xyz role SLB-Admin
domain SRM
add-object policy-map SRM-policy
username tom password 123 role SLB-Admin domain SRM
ACE-1/sap(config)# policy-map type loadbalance first Portal-policy
Error: object being referred to is not part of User's domain
ACE-1/sap(config)# policy-map type loadbalance first SRM-policy
ACE-1/sap(config-pmap-lb)#
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
40
20
ACE-FWSM Example Design Options

Bridge Mode
Routed Mode
One Arm Mode
default gw
PBR
S-NAT
ospf
neighbors
bpdu
forwarding
default gw
default gw
BRKAPP-2013
14361_04_2008_c1
41
Cisco Public
Application Scalability and Availability

Via ACE
Server selection
Health checks
Server offload
Load distribution mechanisms
Backup server farms
Back-end encryption
Scales AVS, WAAS and

server farms
Fault-tolerant groups
Route health injection
Session persistence
TCP reuse
Servers
WAE
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
AVS
42
21
Health Probes
SAP Enterprise Portal Example
/ i nde
l
x.htm
/irj/p
ortal
Configuration
probe http PORTAL-50000
description http-probe
port 50000
interval 20
passdetect interval 10
request method get url /irj/portal
expect status 200 200
BRKAPP-2013
14361_04_2008_c1
43
Cisco Public
Health Monitoring
Health Checks
Web Services
NetWeaver Web
Administrator
ACE/dc# telnet 169.145.90.16 50100
Trying 169.145.90.16...
Connected to 169.145.90.16.
Escape character is '^]'.
GET /nwa HTTP/1.1
Host: 169.145.90.16
HTTP/1.1 302 Found
server: SAP NetWeaver Composition Environment 7.1 / AS Java 7.1
content-type: text/html
location:
http://169.145.90.16/webdynpro/dispatcher/sap.com/tc~lm~itsam~co
~ui~nwa~localnavigation~wd/NWAApp
content-length: 0
date: Fri, 30 Nov 2007 04:15:04 GMT
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
probe http BACK-1

port 50100
interval 20
passdetect interval 10
request method get url
/webdynpro/dispatcher/sap.com/tc~lm~i
tsam~co~ui~nwa~localnavigation~wd/NWA
App
expect status 200 200
44
22
Session Persistence
Options
BRKAPP-2013
14361_04_2008_c1
Cisco Public
45
ACE Session Persistence

Cookie Sticky Case Study: Oracle 11i
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
46
23
Session Persistence

Header Parsing: SAP Case Study
switch/SAP-Datacenter# sh stat http
+------------------------------------------+
+-------------- HTTP statistics -----------+
+------------------------------------------+
LB parse result msgs sent : 151
, TCP data msgs sent
: 152
Inspect parse result msgs : 0
, SSL data msgs sent
: 495
sent
TCP fin/rst msgs sent : 8
, Bounced fin/rst msgs sent: 8
SSL fin/rst msgs sent : 18
, Unproxy msgs sent
: 14
Drain msgs sent
: 118
, Particles read
: 1718
Reuse msgs sent
:0
, HTTP requests
: 156
Reproxied requests
:0
, Headers removed
:0
Headers inserted
: 254
, HTTP redirects
:0
HTTP chunks
: 37
, Pipelined requests
:0
HTTP unproxy conns
: 14
, Pipeline flushes
:0
Whitespace appends
:0
, Second pass parsing
:0
Response entries recycled : 110
, Analysis errors
:0
Header insert errors
:0
, Max parselen errors
:3
Static parse errors
:0
, Resource errors
:0
Invalid path errors
:0
, Bad HTTP version errors : 0
Configuration
parameter-map type http PERSIST
set header-maxparse-length 4096
policy-map multi-match SLB-policy
class epSAP-s
appl-parameter http advanced-options PERSIST
BRKAPP-2013
14361_04_2008_c1
Cisco Public
47

Cookie Sticky Case Study: SAP
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
48
24

Case Study: Outlook Anywhere
sticky ip-netmask 255.255.255.255
address source SRC-STCKY-GRP
serverfarm CAS_FARM
Outlook Anywhere Enabled Client
BRKAPP-2013
14361_04_2008_c1
49
Cisco Public

Database Connection
parameter-map type connection DB

set timeout inactivity 0
class-map match-all DB-class
match port tcp eq 1521
Policy applied only to server initiated

connections on specified port
policy-map multi-match DB-policy

class DB-class
connection advanced-options DB
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
interface vlan 10
description server side interface
service-policy input DB-policy
50
25
ACE SSL Server Offload

NAM
Encrypted to
VIP:443
BRKAPP-2013
14361_04_2008_c1
IDS
Clear Text to
Servers:50XX0
51
Cisco Public
SSL Server Offload

ACE Configuration
1. Acquire Key and Cert in PEM format
switch/sap# crypto import ?
ftp
Import a key/certificate from an ftp server
non-export Mark this key/certificate as non-exportable
sftp
Import a key/certificate from an sftp server
terminal
Accept a key/certificate from terminal
tftp
Import a key/certificate from a tftp server
2. Configure Proxy and apply

ssl-proxy service SAP
key testkey.key
cert SAPcert.cer
policy-map multi-match SLB
class epSAP-s
ssl-proxy server SAP
switch/sap# show crypto files

Filename
File File Expor
Key/
Size Type table
Cert
----------------------------------------------------------------------testkey.key
497 PEM Yes
KEY
SAPcert.cer
855 PEM Yes
CERT
ACE-1/sap# crypto verify testkey.key SAPcert.cer

Keypair in testkey.key matches certificate in SAPcert.cer.
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
52
26
ACE SSL Offload

HTTP Header Insert
http://----/irj
https://----/irj
http://----/irj/
http://----/irj/index.html
Header Insert Configuration
Persistence Rebalance
policy-map type loadbalance first-match EP-HTTPS

class class-default
insert-http ClientProtocol header-value "https"

persistence-rebalance
class epSAP-s
BRKAPP-2013
14361_04_2008_c1
53
Cisco Public
ACE SSL Offload

Back-End Encryption
Encrypted to
VIP:443
Encrypted to
Servers:443
SSL Termination
SSL Initiation
Configuration
ssl-proxy service testsslclient
class class-default
ssl-proxy client testsslclient
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
54
27
SSL Offload Reference

SAP

class class-default
insert-http ClientProtocol header-value "https
class epSAP-s
BRKAPP-2013
14361_04_2008_c1
Cisco Public
55

BEA Weblogic
policy-map type loadbalance first-match VIP-POLICY-10

class class-default
sticky-serverfarm learn
insert-http WL-Proxy-SSL header-value "true"

class xyz
appl-parameter http advanced-options PERSIS
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
56
28

Oracle 11i
BRKAPP-2013
14361_04_2008_c1
Cisco Public
57

Siebel 8.0
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
58
29

Exchange 2007 Client Access Server
BRKAPP-2013
14361_04_2008_c1
Cisco Public
59

Microsoft SharePoint
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
60
30
SSL Offload
Back-End Encryption with SSL Reuse
Verification
switch/sap# show crypto session
SSL Session Cache Stats for Context
-----------------Number of Client Sessions
2
Number of Server Sessions
4
parameter-map type ssl sslparams

session-cache timeout 600
Reuse Definition
ssl-proxy service testsslclient

ssl advanced-options sslparams
Server Side Reuse
ssl-proxy service sap

key sap-private
cert sap-cert
ssl advanced-options sslparams
Client Side Reuse
BRKAPP-2013
14361_04_2008_c1
61
Cisco Public
Scaling IDS Capacity

RSPAN + VACL Redirect
NAM
all
RSPAN
VLAN
IDS1
All VLAN
Traffic
Subnet1
IDS2
VACL Filter
HTTP
IDSx
Telnet Subnet3
VLANs 10, 20, 30,
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
62
31
Transport Policy
Enforce Security
http://----/irj
https://----/irj/
https://----/irj
BRKAPP-2013
14361_04_2008_c1
Cisco Public
63
ACE OWA Case Study

Persistence, Offload and Redirection
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
64
32
ACE TCP Multiplexing

Server Offload
ACE-TCP1 Pool1
ACE-TCP2 Pool2
Source NAT Configuration

interface vlan 201
description server interface
nat-pool 123 169.145.90.90 169.145.90.90 netmask
255.255.255.255 pat
TCP Reuse Configuration

server-conn reuse
Applied to Multi-Match Policy

class epSAP-s
nat dynamic 123 vlan 201
BRKAPP-2013
14361_04_2008_c1
Cisco Public
65
ACE TCP Multiplexing

Case Study with Exchange 2007
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
66
33
Cisco Technology Highlights

ACE Global Site Selector (GSS)
ACE GSS
Appliance
ACE GSS
Appliance
BRKAPP-2013
14361_04_2008_c1
67
Cisco Public
Site Selection Example

A Cohesive Solution: GSS, ACE and CNR
Client DNS
Server
Internet
GSS MX Record Request

BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
68
34

GSS Keepalive Configuration
ACE CONFIGURATION
kalap udp
ip address 10.210.1.4 encryption md5
<password>
class-map type management match-any
<MANAGEMENT>
2 match protocol kalap-udp any
policy-map type management first-match
<P-MANAGEMENT>
class <MANAGEMENT>
permit
interface vlan <VLAN>
description ** Public Facing Interface
**
service-policy input <P-MANAGEMENT>
BRKAPP-2013
14361_04_2008_c1
Cisco Public
69

GSS Answer Configuration
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
70
35
Service Integration
WAN Optimizations
BRKAPP-2013
14361_04_2008_c1
71
Cisco Public
The Application Delivery Problem
Remote Offices
Distribution of
Resources
Data Center
Regional Offices
Data Center
Consolidation
Home Offices
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
72
36
5MB Document Download

from SAP NetWeaver Portal
Continental WAN
Scenario
Office
US East
West Coast
Distance
0 km
5,000 km
LAN
60 ms,
T3, 0%
1.06 sec
5.3 sec
Latency,
Bandwidth,
Packet Loss
Direct SAP
(https)
5MB File
(40 mbits)
45 Mbps: <1 second

Theoretical Wire Speed
5X
Source: SAP TechEd 2007, Session LCM222
BRKAPP-2013
14361_04_2008_c1
73
Cisco Public
Intercontinental Transfer Increases Delay

Data: 5MB
Scenario
Office
Asia US
Distance
0 km
15,000
20,000 km
LAN
300 ms,
T3, 0%
1.06 sec
25 sec
Latency,
Bandwidth,
Packet Loss
Direct SAP
(https)
Transfer Time: 1 second + 300 ms ?
or
(data): 65KB + 65KB + 65KB + 65KB ...
(ms): 300 + 300 + 300 + 300 ...
25X
More Windows =
More Delay
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
74
37
Packet Loss Magnifies Effect of Delay

300 300 300 300 300...
Scenario
Office
Asia US
Distance
0 km
15,00020,000 km
Latency,
Bandwidth,
Packet Loss
Direct SAP
(https)
Loss
LAN
300 ms,
T3, 0%
300 ms,
T3, 1%
1.06 sec
25 sec
142 sec
Congestion Response:
More, Smaller
Windows = More Delay
142X
BRKAPP-2013
14361_04_2008_c1
75
Cisco Public
Bandwidth Also Affects Transfer Times
Scenario
Office
US East
West Coast
Dial-In (East
West Coast)
Distance
0 km
5,000 km
5,000 km
LAN
60 ms,
T3, 0%
60 ms,
786 kbps, 0%
1.06 sec
5.3 sec
56 sec
Latency,
Bandwidth,
Packet Loss
Direct SAP
(https)
5MB File
(40 mbit)
45M
<1s
56X
768K
52s
Minimum Wire Delay

BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
76
38
TCP re-use
ACE Tuning for Slow WAN

TCP Flow Control
vs.
Buffering
< 1 ms
300ms
Selective
Acks
Loss
Delay
Loss
parameter-map type connection WAN

set tcp buffer-share 262143
tcp-options selective-ack allow
policy-map multi-match SAP-LB
class SSL-VIP
connection advanced-options WAN
BRKAPP-2013
14361_04_2008_c1
77
Cisco Public
Cisco Technology Highlights

Wide Area Application Engine (WAE)
Wide Area
Application Engine
WAE
Appliances and Modules
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
78
39
SAP Test Topology for

WAN Optimization
Load Runner
ipsec Encrypted Tunnel
wccp
Enterprise
Portal
wccp
ACE
ERP
Business
Logic
BRKAPP-2013
14361_04_2008_c1
WAAS
WAAS
79
Cisco Public
Test 1:
Enterprise Portal Login/Logout
Baseline
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
80
40
Test 1:
Enterprise Portal Login/Logout
Branch WAE Encode

Branch WAE Decode
Data Center WAE Encode
Data Center WAE Decode
Note: LZ operates on 521 MB out of 1621 MB overall (32% of 9.49% = 3%)

BRKAPP-2013
14361_04_2008_c1
81
Cisco Public
Login/Logout Result Summary

Transaction Time
Data Reduction
55%
99%
26%
3% LZ
52% DRE
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
82
41
Test 2:
Knowledge Management
Baseline
Portal
Client
BRKAPP-2013
14361_04_2008_c1
83
Cisco Public
Knowledge Management
Result Summary
Transaction Time
Data Reduction
97%
97%
89%
3% LZ
86% DRE
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
84
42
Test 3:
Technical Document Management
Composite App
EP
1. Request Doc
2.
5. Notification
Back-End
3.
4. PDF Post
1MB PDF
Random Data
BRKAPP-2013
14361_04_2008_c1
85
Cisco Public
Technical Document Management

Result Summary
Transaction Time
Data Reduction
26%
<1%
60%
21% LZ
5% DRE
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
86
43
Test 4:
Customer Fact Sheet
50 Requests for
Customer Fact Sheets
ERP
Composite App
Web Services Request to

ERP for CFS
BRKAPP-2013
14361_04_2008_c1
ERP Returns CFS
87
Cisco Public
Customer Fact Sheet

Result Summary
Transaction Time
Data Reduction
71%
77%
70%
77% LZ
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
88
44
WAAS Configuration Essentials

CM Config
Client
Network
Enable WCCP on
User Interface
device mode central-manager

interface GigabitEthernet 1/0
ip address 169.145.92.92 255.255.255.0
ip default-gateway 169.145.92.1
ntp server 169.145.93.1
Exclude WCCP to
WAE interface
0/0.92
Server
Network
0/0.962
WAN
0/0.93
WAN
Router
Config
hostname C2851
ip wccp 61
ip wccp 62
hostname dc-waas
device mode application-accelerator
primary-interface GigabitEthernet 1/0
interface GigabitEthernet 1/0
ip address 169.145.93.93 255.255.255.0
ip default-gateway 169.145.93.1
interface GigabitEthernet0/0.93
description DC-wae
ip wccp redirect exclude in
!
interface GigabitEthernet0/0.962
description server VLAN
ip wccp 61 redirect in
ip wccp 62 redirect out
!
ntp master 2
BRKAPP-2013
14361_04_2008_c1
WAE
Config
ntp server 169.145.93.1

wccp router-list 1 169.145.92.1 169.145.93.1
wccp tcp-promiscuous router-list-num 1
wccp version 2
Cisco Public
central-manager address 169.145.92.92

cms enable
89
Network Services Cheat Sheet

Exchange 2007 Example
Microsoft Exchange Server 2007 Role and Load-Balance, Fault Tolerance, High-Availability Methods Supported
Microsoft
Exchange
2007 Role
Site Load-Balancing
Server LoadBalancing
Fault Tolerance
Network
Optimization
SSLOffloading
Cisco Global Site

Selector (GSS)
and/or DNS
Round-Robin
Cisco ACE,
Microsoft Network
Load-Balancing
(NLB) or DNS
Round-Robin
NIC-Teaming,
Multiple CAS Roles
Cisco WAE
Cisco ACE
Hub
Transport
Server
N/A
Handled Internally
by Microsoft
Exchange
NIC-Teaming,
Multiple Hub
Transport Servers
N/A
N/A
Mailbox
Server
N/A
N/A
NIC-Teaming,
Clusters (LCR,
CCR, SCR, SCC)
Cisco WAE
N/A
Cisco Global Site

Selector (GSS)
and/or DNS
Round-Robin
Cisco ACE,
Microsoft NLB or
DNS Round-Robin
NIC-Teaming,
Multiple Edge
Transport Servers
N/A
N/A
Client
Access
Server
Edge
Transport
Server
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
90
45
Agenda
Service Integration
BRKAPP-2013
14361_04_2008_c1
91
Cisco Public
Virtual Switch
Cisco Catalyst 6500 Virtual Switching System (VSS)
Virtual Switch Link (VSL)

Virtual Switch Domain
Si
Switch 1
BRKAPP-2013
14361_04_2008_c1
Si

Presentation_ID.scr
Switch 2
Cisco Public
VSS
92
46
Virtual Switching System

Single Control Plane
Line CardDFC
Line CardDFC
Line CardDFC
Line CardDFC
Line CardDFC
Sup
MSFC
Line CardDFC
PFC
Sup
Active Supervisor
BRKAPP-2013
14361_04_2008_c1
MSFC
PFC
Standby Supervisor
Line CardDFC
Line CardDFC
Line CardDFC
Line CardDFC
Line CardDFC
Line CardDFC
93
Cisco Public
Increased Operational Efficiency

System Virtualization Simplifying the Network
Traditional Layer 2/Layer 3
Si
VSS
Si
Si
Si
VSS
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
94
47
Virtual Switch System

Multi-Chassis EtherChannel
Multi-Chassis EtherChannel
BRKAPP-2013
14361_04_2008_c1
Cisco Public
95
Virtual Switch System

Deployment Considerations
Si
BRKAPP-2013
14361_04_2008_c1
Si

Presentation_ID.scr
Cisco Public
96
48
VSS in the Data Center

Aggregation Layer
Core
L3
L2
Aggregation
Services
Chassis
Access
Server Farm
BRKAPP-2013
14361_04_2008_c1
97
Cisco Public
Service Chassis Models

Service Layer Switch
MSFC
MSFC
Layer 3
ACE Context
Layer 2
ACE Context
Layer 2
FWSM Context
FWSM Context
Transparent
Service Chain
ACE in
Routed Mode
MSFC
VRF
ACE Context
FWSM
Context(s)
Layer 3
ACE Context
MSFC
VRF
VRF-Enabled FWLB
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
98
49
Evolving Data Center

Consider impact of new technologies to traffic
patterns in the data center
Network service integration must consider these
new data center capabilities
Today, VSS does not support service modules;
July 2008 service module support is introduced
with Whitney 2
Virtual services with a virtual switch (ACE/FWSM)
BRKAPP-2013
14361_04_2008_c1
Cisco Public
99
Cisco Public
100
Summary
BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
50
Q and A
BRKAPP-2013
14361_04_2008_c1
Cisco Public
101
Recommended Reading
Continue your Cisco Live
learning experience with further
reading from Cisco Press
Check the Recommended
Reading flyer for suggested
books
Available Onsite at the Cisco Company Store

BRKAPP-2013
14361_04_2008_c1

Presentation_ID.scr
Cisco Public
102
51
Complete Your Online

Session Evaluation
Give us your feedback and you could win
fabulous prizes; winners announced daily
Receive 20 Passport points for each session
evaluation you complete
Complete your session evaluation online now
(open a browser through our wireless network
to access our portal) or visit one of the Internet
stations throughout the Convention Center
Dont forget to activate

your Cisco Live virtual
account for access to
all session material
on-demand and return
for our live virtual event
in October 2008.
Go to the Collaboration
Zone in World of
Solutions or visit
www.cisco-live.com.
BRKAPP-2013
14361_04_2008_c1
Cisco Public
103
BRKAPP-2013
14361_04_2008_c1
Cisco Public
104

Presentation_ID.scr
52

Brkapp 2013

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Brkapp 2013

Uploaded by

Copyright:

Available Formats

Best Practices for

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

Cisco Application Delivery Networks

2008 Cisco Systems, Inc. All rights reserved.

Data redundancy elimination

Other Cisco Live Breakout Sessions

BRKAPP-2002 Server Load Balancing Design

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

2008 Cisco Systems, Inc. All rights reserved.

Cisco Validated Designs

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

Cisco Validated Designs

2008 Cisco Systems, Inc. All rights reserved.

Cisco Validated Designs

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

2008 Cisco Systems, Inc. All rights reserved.

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

Data Center Architecture Overview

Blade Chassis with

Blade Chassis with

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

Aggregation Layer Design

2008 Cisco Systems, Inc. All rights reserved.

Aggregation Layer Design

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

Aggregation Layer Design

2008 Cisco Systems, Inc. All rights reserved.

Aggregation Layer Design

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

Aggregation Layer Design

3. Route Map on Host Route

1. ACE Probes to Real

2008 Cisco Systems, Inc. All rights reserved.

Core and Aggregation Layer Design

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

Aggregation Layer Design

Firewall and SLB

2008 Cisco Systems, Inc. All rights reserved.

Aggregation Layer Design

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

Access Layer Design

2008 Cisco Systems, Inc. All rights reserved.

Access Layer Design

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

Access Layer Design

2008 Cisco Systems, Inc. All rights reserved.

Scaling B/W with GEC and 10GE

2008 Cisco Systems, Inc. All rights reserved.

2006, Cisco Systems, Inc. All rights reserved.

Scaling B/W with GEC and 10GE

2008 Cisco Systems, Inc. All rights reserved.

Data Center Network