Over the past few weeks I’ve had the chance to come up from my rabbit hole of deployment projects and catch up on the tech news. In particular, the announcement at Interop New York where Cisco announced the new ISR 4400 family of routers along with a fewotherarticles got me to thinking about how far branch office connectivity has come in the past decade or so and to a question: is one method of branch connectivity better than another?
In the Beginning…
In the past decade or so we have seen substantial change in how we connect to the internet and how fast we do so. Early on (circa early 2000s) the internet was fairly flat. Real time voice and video were still a thing of science fiction. In the enterprise we connected remote offices back to the central office via leased lines over a frame relay network. T1s were considered good and if you had a DS-3 link you must have been in a big IT shop. Compute services were limited to corporate email (Outlook/Exchange were the new kids on the block) and client/server based systems. Read More »
In my last blog I talked about the value of Pfr to the IWAN solution. This week I wanted to talk about DMVPN and why it is going to be a critical component of your IWAN deployment.
Your IWAN topology will most likely consist of one or more internet connections which means that your data will be traveling over untrusted connections and shared environments so security is going to be top of mind. So how do you secure your data over the internet and other untrusted or shared environments? Well DMVPN (Dynamic Multi-point Virtual Private Network) is based on VPN the same technology that many of you use today to securely connect back to your office when you are traveling or working from home. A VPN will create a tunnel between two end-points and then encrypt all data traveling over the tunnel. VPN’s can connect users to a remote site, client-to-site VPN, or connect two remote sites, site-to-site VPN. Unlike VPN, DMVPN can securely connect multiple points together dynamically.
So how does DMVPN work and what is the benefit to IWAN? DMVPN works on top of your WAN infrastructure which means that DMVPN tunnels will be established between branch sites as traffic flow demands. In a common hub and spoke topology example, when data needs to be sent from the spoke to the hub site, the spoke will establish a VPN tunnel to the hub by registering first with the hub. In order for each tunnel to function a new dynamic IP address is created at the branch since the hub site will initiate the connection. In order for data to be routed between sites over the DMVPN tunnels, routing information will need to be exchanged. As more tunnels are created there will be more dynamically created IP addresses and traditional routing protocols like BGP or EIGRP are used to efficiently share routing information so all sites can talk to each other. Lastly QoS is applied to each tunnel to ensure that the hub site does not oversubscribe the spoke sites.
Networking as a technology has been around for decades now and most people consider it to be mature with a crawling pace of innovation. But with big market transitions like cloud computing, nothing can be further from the truth as the Cloud Services Router (CSR) 1000V has proven with its announcement at Cisco Live! – San Diego on June 12th as part of our Cloud Connected Solution launch
One of the great things about being at Cisco HQ in Silicon Valley is the wonderful diversity we have here. Although you don’t really get seasons you do get an awesome mix of people. A recent stroll around the lake at Shoreline Park revealed people speaking English, Russian, German, Japanese, Chinese, Korean, Vietnamese, Hindi and some other languages I could not identify. Similarly sushi, butter chicken and naan, pho, bulgoki and bahn mi are all easy to find for the diversified, international foodie.
However, when I go out for Indian food with my friends, they almost always insist on going to a buffet in Mountain View called Passage to India. Partially because they usually have a huge assortment of “desi-chinese” dishes such as Gobi Manchurian and Chilli Chicken but largely because they see the buffet being a tremendous value. Little chicken tikka masala, little tandoori, little goat curry, some gulab jamun – enjoy them all, they are all included in a well integrated package. A la carte approaches make it hard to enjoy such variety, as each additional dish is usually priced like the main part of a meal.
Reminds me of the whole Cisco vs Juniper thing for the branch.
We took a look at the cost of building a modern, secure, integrated services network for the branch, incorporating the functionality and services that you would want in a new branch deployment, you know, things like security (firewall, IPS, VPN), video, server virtualization, WAN optimization, video optimization, 4G backup and Unified Communications. Doing all this with Cisco was pretty easy, all you need is an ISR, which we spec’ed out as an ISR 3945 for our hypothetical 150 person branch (with a 45Mbps WAN bandwidth). Implementation was cheap and easy, particularly when you consider all the capabilities that you were getting.
For years, I rode a Suzuki Hayabusa, a hypersports motorcycle with a very large engine. Felt like Han Solo’s (he shot first, you know) Millenium Falcon when you opened the throttle – instant, strong forward movement regardless of speed or gear. Open throttle and you are heaved down the road. Thus, I had to name the machine something. It was a grotesque bronze color, so for a while I called her the Copper Rhino, but eventually I settled on the name Aluminum Falcon (Hayabusa is the Japanese name for a variant of the Peregrin Falcon) as a good play on the name Hayabusa and also because the intake system set up a resonance in the upper midrange that reminded me of the warbling cry of a Wookie.