Imagine that you have several branch offices that are using WAN demanding applications like Salesforce.com, Office 365, Virtual Desktops, Video Teleconferencing and more.  You are using those expensive MPLS/VPN WAN connections as you don’t want to risk it and probably because when you started to work there it was already there and … why mess around with something that is working, right?  Normally I would agree with that but when IT budgets are shrinking and the network needs to step up and support those business critical apps, there is no other way but to innovate.

At any given time your network carries information from LAN to WAN and vice versa, some is important and some is less important. In many cases as a network admin you don’t have the visibility to distinguish between them, so what do you do when those critical apps are starting to act up? Usually the answer will be to buy more WAN bandwidth and that will give the apps and the user experience behind them some breathing space. But all you’re doing is buying time.  Buying time never solves the problem because you will need to treat the symptoms again in a few weeks or months.

However, you can solve the problem and not just treat the symptoms using Cisco Intelligent WAN or IWAN for short.

Cisco’s IWAN is the solution that gives IT the visibility and control over the network. With Cisco Integrated Services Router (ISR) together with the ISR-AX license bundle, you can run services like Application Visibility and Control (AVC), that gives you visibility to see your network traffic from a Layer 7 point of view and see the actual application name and the protocol that it’s using. With more than 1000 application unique signatures that AVC knows how to recognize you will have the proper visibility into your bandwidth usage, but this is just the first part of the story.


Ok, now you have visibility to your network traffic but what’s next? Should you go to each user and ask them to turn off their Netflix, Hulu, Gaming, File sharing etc because some other users are trying to work and their Citrix VDI sessions are dropping? Of course not!  You need the ability to set policies and control the network behavior automatically and prioritize (L7 QoS) the correct APPLICATION (not by using old school QoS of 802.1p or DSCP), and what better location to do that than the router that is the heart and center of your network and your gateway to the expensive WAN connection.

At this point you probably saved some money and increased the app performance and user experience but wait, there is more :). AVC is a great service within the router but if you complement it with two more services, than you really going into the savings money business.

The first service is Wide Area Application Services (WAAS), which is the secret sauce that we added into the ISR to be able to optimize your WAN traffic. It reduces the WAN bandwidth needs dramatically and latency for those app response time issues your users hates so much. WAAS is using cutting edge technology to maximize your WAN connection to its fullest potential and all within your branch router without the need for an external appliance to support and maintain.

The second service is the unsung hero feature that is called Performance Routing (PfR), that is the part of the ISR that can take two or more WAN connections and do DYNAMIC path selection between them. Think about it this way, if you have one expensive MPLS/VPN connection (optimized with WAAS) and one inexpensive business class internet connection, you can route dynamically on the fly based on some policy configuration that you set in advance, which application will take which path using the AVC and PfR service. Now you can set it this way that YouTube traffic will go through the internet connection and Citrix traffic will go to your headquarters or private data center through the MPLS/VPN connection in a fully automatic way and on the fly.

Bonus feature, if you want to save even more money, I would suggest replacing the expensive MPLS connection with a business class Internet connection. I know it probably sounds like crazy talk but with PfR and two internet lines your reliability is very close to the 99.999% that we like so much and will probably cost half the price. The really cool part about it is that with DMVPN your security is the same as the expensive MPLS connection even though it is over the public internet. The PfR will also give you full use of your main WAN connection and your backup WAN connection and make it active-active instead of an active-standby topology, so you will actually use the backup connection as part as your internet off-loading from the main WAN connection.

This is the simple explanation of the Cisco IWAN solution :). I truly believe that it is amazing that one box that is 2RU or 3RU can do all of that and much more. I didn’t even talk about the cost saving in energy bills or UCS E-Series that can run hypervisors like VMware inside the server (think for example on a Windows 2008 server running INSIDE your router), I didn’t even mention the variety of WAN connections including 4G-LTE or the rest of the capabilities that makes the ISR the bestselling router in the world.

— Did You Like This Post? —
Subscribe or  


Ido Glazer

No Longer with Cisco