Cisco Intelligent WAN Demonstration

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome to a little bit of Cisco labrat fun playing a lab networking with fish today we're going to go ahead and play a little bit with some aiwei and stuff specifically a little bit of dmvpn and a little bit about PFR v3 do a little bit of impairment on a link see of the PFR v3 intelligent win magic so what we have in front of us is we have three branches we have branch one that has two routers on it both of them are 43 21s the top hockey-puck router is branch one router one that is connected to the MPLS cloud branch one router two is connected to the internet cloud and since I live in a lab environment I can go ahead and have the addressing be that everything that's at branch one is ten dot 1/16 similarly branch two is one router there it's also a 4300 but that actually has two links off of that one router one link to the MPLS one link to the Internet and again the addressing is 10.2 slash 16 branch three is a 44 51 and it also is one router at the branch one leg in the MPLS the other link over in the Internet and again address can be very simple 10.3 slash 16 up at the hub site everything at the hub site is 1 7 to 16 0 dot 0 / 6 teen so once I'm into 16/16 is anything at the hub site what we have is connected to the MPLS cloud we have an ASR 1000 2x which is acting as the DM VPN hub for Tunnel 1 now when I say tunnel 1 and it's not imperative that all the branches necessary at all that all the branches actually have their MPLS connection be on a tunnel interface called tunnel one however I am of the belief that I would like to design my network and begin with the end in mind and beginning with the end in mind I would like to go ahead and have a network where I have some consistency and things have meaning so I do what Russ white told me to do which was you configure with intent you have your configurations show you what your intent is my intent is that everything that is tunnel one is on the MPLS cloud and it is in the range of 10 0.224 0/24 where my dmvpn head end is dot one then the router below that connected to the internet is my dmvpn internet hub which is tunnel 2 on that ASR 1,002 so it's dmvpn tunnel to 10.0 2/3 2.0 / 24 for the m GRE for the subnet for every one connected to that dmvpn tunnel and one again for my Iowan hub now what we're going to do is we're going to go ahead and focus on branch 1 and branch 3 so if you look at branch 1 right now you'll see that if you look up at branch one up at the phone I have an IP address up there from a DHCP binding that I got 10.1.1.1 dot 104 for that phone if you look at the phone over in branch 3 I have 10.3 dot 101 101 we're going to go ahead and we actually have I actually have a phone call going up voice and video between those two Cisco phones now let's go ahead and go over to live action and see a little bit about this now if you actually notice right here this is my phone call only I have taken live action and I have gone from the default of please show me all of the traffic that's going on in my little lab environment Network which is a little just a lab environment Network but it's still all of this and I have said you know what I'm going to go ahead and I'm going to ask you to just drill down into anything that has an AF 41 in it so if it has an AF 41 in it that is my video that is on this phone call so as we can see this is branch one we have the phone going into branch one router one it's branch one router one because that is my H SRP primary to get out of the branch for that subnet and I'm going out to the MPLS cloud and this is actually telling me live action is actually telling me I am NOT going up to the head end I am NOT going up to the head end of this tunnel I'm actually going out to the ambulance cloud and from the MPLS cloud I am not bothering the ASR 1000 2x I am not bothering the dmvpn head end of this I am actually going into the MPLS cloud going out of the MPLS cloud and I'm going directly to branch 3 and this is actually going in the other way as well so that's very interesting so what actually happens is there's a dmvpn tunnel here and what I have done is I have put a config in up on the head end tunnel which actually says you know what I want you to be able to do n HRP redirects I have also gone ahead and on the tunnels on the branches said you know what I want you to install n HRP shortcuts so let's see what that looks like so if we go over here at a branch one and we do is show her we will see that this is actually a 4321 and we're running what we what I internally call 3.14 and so we're running that and if we do a show run interface tunnel one this is our dmvpn tunnel in the Iowan model actually a lot of this is very prescriptive you can actually go ahead and do this on all the branches in fact all of my branches look just like this except that the fourth octet for tunnel one is different I actually didn't put this in live-action put this in so this is different and this is different and I could I guess to change the bandwidth but everything else is the same so it's a very template able deployment so what is the config on here so it's IP n HRP shortcut that IP n HRP shortcut says that i would like to install shortcuts so i do not have to go up to the hub via the tunnel from branch 1 to the hub and then back out the tunnel to go to branch 3 now how do I configure that up here on the head end and it is right there IP n h RP redirect now if you actually use prime for example 2.2 and you look at the templates the CBD templates for dmvpn are in there again this is a very typical hub template and it's pretty much cookie cutter from your perspective as far as what you put in here so I'm going to go ahead and go back in here so that means that I'm supposed to install shortcuts so if we do a show IP route what we're actually doing and this is very much your decision what we're doing is we're not actually disabling a split horizon up on the hub what we're doing is we are we know we're going to go ahead and go to the hub in the beginning to get the redirect so we're just going to go ahead and go to the hub so we have the hub actually send us sorry about that just a 10/8 which means the hub is sending you know what I can get you to anything in the 10 Network I can get you to 10.2 I can get you to 10 three I can get you to 10.4 I can get you to whatever it is that you want to get to so you'll notice that I actually have no control plane no eigrp for 10.3 16 over here so again from that perspective that's what we chose to do in our lab environment now if you look down here we are branch 1 which is 10.1 and we are talking - we have an active phone call conversation going on with 10.3 dot 101 which is right here and it has a little H in it and the H means it's n HRP you'll also notice that the administrative distance is actually 250 because this was actually installed via n HR p via a redirect with the n HR P dmvpn hub that told us you know if you want to go ahead and get to this just go ahead and go over here so we can actually do a show IP route next top override 10.3 dot 101 dot 0 and it'll say ok you know what if you want to go ahead and get there just go directly to it so you can do a show IP and HRP shortcut which says ok look if you want to get to 10.3 dot 101 hmm which is on this tunnel you're going to go ahead you're going to go to the nvm a address 11.11 dot 13.1 o - so what is that address that address is right here it is right here on this branch which is beautiful because I can go ahead and go right to a directly attached connection to the MPLS service provider and because I'm doing crypto I will also go ahead so if we do a show dmvpn you'll see that I am actually talking with and so 30 is actually branch 3 so I'm actually talking with branch 3 right here and if you look at the DT 1 this is dynamic and the route is installed and I have a shortcut and that's the reason why this is happening we do not have to go up to the dmvpn head end now the default behavior with dmvpn is to not have those two commands in so if for regulatory reasons or whatever reasons you want to force your spokes to actually go up to the hub before you hairpin back out that's going to be the default if you want to go ahead and allow them to do shortcuts you do the IPN HRP redirects up at the dmvpn head end and you do the IP and HRP shortcut down at the spokes which is what we have in our environment we're allowing the spokes to actually talk now let me ask you a question what if so we know that it's going this way this is what's live action is telling us what if I were to cause impairment now obviously if branch 1 router 1 out-and-out lost its MPLS link routing would tell us to go ahead and go via branch 1 router 2 because branch 1 router 1 would have lost its information on how to get over there but what if I do 2% loss I have a wham bridge which you can actually download from the internet it's an OVA and you can go ahead and put it in line and you can cause loss so what if there is 2% loss here more of a brownout type environment as opposed to complete loss so what we can do is we can now go ahead and introduce the intelligent path control portion of Iowan which you have this master controller you have a master controller a domain master controller these three branches and the hub that are all in the same domain I call it domain default and so we have a domain master controller at 172 1603 so let's go ahead and look over at that so if we go over to the domain master controller at 172 1603 the first thing that's kind of cool about this is this is actually a CSR 1000v so this is iOS XE on a VM so it's in CSR 1000 v as my master controller because the master controller is really more of a control plane brain so if I do a show run and then section domain this is the policies that I have that I want to push out to everyone in this domain now I'm not going to specifically teach you I way in here what I'm going to do is just give you a little taste of a little bit of this stuff keep it simple keep it short so I'm not going to get into all of this but I am the master at the hub site I am the domain master my IP address is 170 216 0.3 and we have a voice phone call which has EF in it and it has AF 41 so it has a voice video phone call the voice is going over EF the video is going over AF 41 my policy for this from a intelligent path control perspective is to prefer the MPLS link and if this if there is an impairment on that link that crosses what I have defined as a threshold crossing event then it is going to go ahead and fall over to the internet so I have actually gone with the Cisco Iowans cvd thresholds so I actually do not have I have not overridden those thresholds so let's go ahead and do a show domain default master policy now a couple things that you'll notice about this first the first thing you'll notice is is that I have no policy published pending no policy publish pending at all which means that I have already pushed out to all of the borders and everybody else what the policies are in our PFR v3 domain class voice now you already saw a class voice was matched dscp EF and make it policy voice so did you notice this no this was not in there this was not something that I had to configure the PF our master controller width this is actually already in the Cisco cvd for the I win if you look at the CBD for the I win for the January 2015 you'll notice I believe it's on page 182 love to go grab my book right now but it's over there which actually already has in it these are what we recommend so you can go ahead and say you know what this is voice so since it's voice these are the CBD thresholds that are already there when you say voice when you say real-time video these are already the thresholds and there as well if you use the word on low latency these are the thresholds if you use the word bulk data these are the thresholds again all in the CVD so let's go ahead and there was no publishing pending so if we go over to branch one router one and we do a show run section domain and for those of you who have ever played with Oh er or PFR version two this is not that this is really really simple branch one router one it just says okay I am the master for this site so I am the branch master I am the master for this branch and I am also a boarder any pfr device that sits on one of the two ends of a dmvpn tunnel is the border so I want you to hear when you hear border I want you to hear a forwarding of traffic classification of traffic when you hear master I want you to hear control plane so every sight branch one will go ahead and it will actually have so branch one has branch one router one which has a dmvpn tunnel two over the mpls and branch one router two so that means since there are two routers there that are both at the ends of a dmvpn tunnel branch one has two borders one in branch one router one one and branch to router Brent branch one router two branch one is also a site so as a site it has a master there we have made the master branch one router one and if we look back here it is this branch master that talks back to 172 1603 so we can actually look here show domain default master policy and we can see that if we run this we have the same policies here as we did over on the domain master now let's go ahead and actually get rid of this one so let's go over to the domain master do a show run I just up our old sheet will do an up arrow and I'm going to go ahead and do a config T and I'm going to go ahead and I'm going to get rid of no class your app so it's been deleted so if we look it's gone and now if we go ahead and repeat and do the show domain default master policy we will see that we have a published pending in one second and the publish that we have pending is for that thing to be gone so now we can go ahead and see that there is no publishing pending so I should be able to go over to branch one router one where we saw the last time we did this this was in there we're going to up arrow and we're going to see that it's gone so again we actually have the policies for your intelligent path control in one specific location up at the domain master so now what do we do with this we have policies but how does that help us with the two-percent so let's go ahead and look and we're going to look at the traffic classes so what we actually have is we actually have our phone call here it has already been classified so the we have the 10.3 dot 101 dot 0 which is the destination site prefix and we've got the DSC p-value is EF so that should be adhering to our voice policy and then we have the video part of the voice video phone call which is AF 41 which should be adhering to our video part work we have CN which means that we are told that we're supposed to control it so we have identified it we have classified it it is a traffic class that we're supposed to take care of and we have it on service provider MPLS and we have a primary Channel and check that out we have a backup Channel we have a backup channel that is already ready to go so let's go ahead and look at the video so if we look at the video it is controlled traffic it is in policy so we are on an MPLS link that is in policy we've been on the link for five minutes and 26 seconds because I've played a little bit we were on I knit before we'll go ahead and do that again we are coming out of tunnel one we know that since tunnel one is actually MPLS everywhere we're going out the MPLS link which means we're going out of router one branch one and we have a backup channel that is already going it is backup channel 42 and if we go over to branch one router two and let's do a zip backup channel 42 so the present channel is a forty one backup channel is a forty two so let's go ahead and do this let's do it begin channel ID 42 now what you'll notice is I am over on branch one router two because our backup channel for impairment of the MPLS link is interestingly enough on branch one in another router which is the reason why I picked this one it's a lot easier if we were going to do this on branch three because it's one router so branch one router two is actually configured to be a border and the master that it is talking to is the site master so it is branch one router one now before I up arrow again and look at the channel ID I want you to see that we actually have at the end here at sixteen eight four six ready and now it's 17 964 so what does that mean that we're doing what that means that we're doing is over here branch 1 router 2 has been instructed by the site master to be probing over on the internet for this back up channel traffic class both for the EF and for af 41 which means that branch 1 router 2 is sending probes it's sending PFR v3 probes over to the other border which is branch 3 router 1 it is sending two types it is sending one with EF markings to see and probe the health delay jitter loss for the EF traffic class it is also doing it for AF 41 and it is checking the health of that because of course what we don't want to do is get 2 percent loss on the MPLS only to then move it over to something that has 3 percent loss so we're going to probe in advance so what we're going to go ahead and do is we're going to go back over here and what I'm going to do is I'm going to go ahead and I have a video recording going on that I'm going to use my iPhone and actually record myself waving at the phone so that we can actually see the blip it is going to be almost imperceptible so what you're going to need to do is to look for like a flash or slight pixelation or slight color change and I'm sorry but that's the event because we already have this backup channel going and it is that fast so as we can see right now a of 41 we're going over the MPLS we are going out router 1 in branch 1 out tunnel 1 which brings us on the MPLS what I'm going to go ahead and do is you'll notice on the diagram we have these little things called WB's these are our wham bridge again you can get VA you can actually put it in the only gotcha is is that when you put it in it doesn't like a delay of 0 so you have to put a delay of 1 in now should a delay of one cause us any problems so if we go ahead and come back here and say master policy no it shouldn't because our delay threshold is actually 150 for voice and 150 for video so what we're going to do is we're over on the mpls I am going to come over to here and I am going to go into this VM up at the top you'll see it says when bridge bridge one bridge one router one two PE so I'm going to go ahead and come in here and I'm going to do custom my bandwidth here between branch 1 router 1 and the in plus clause up that's not good let's try that again so nothing nothing let's try that again so custom 1501 and we're going to do 2 percent loss okay we're going to go ahead and make sure before I hit enter there that we're still good over here and I didn't just mess that up so we're still in the MPLS and our backup is still a channel 42 so I'm going to go ahead and come over here and I'm going to hit enter what I am going to record myself waving my and so I'm waving and I'm waving and now I'm going to come over here and I'm going to hit loss and I'm waving and I'm waving and I hate to tell you this but I think nothing really exciting happened and we're over on the internet so I don't even think I saw it so now we're over on the Internet and so our primary channel is 42 and our backup channel is now 41 so we're actually going out branch one router two on Tunnel two and this is the reason why I would suggest that you make it deterministic I mean branch one router two is in a separate box you could have made it tunnel one also but personally I think it's really easy to go ahead and go down here and see internet internet MPLS internet internet internet my personal opinion and so that's it and now we're actually saying the traffic over so let's go over to live action and see what it sees and let's go ahead and do a refresh click Mouse to gain control refresh live action tell me what I'm doing now and what I am doing now is I am going over the internet and I am off the mpls and that is how you handle a brownout with a backup circuit already in place and probing on the backup link and I hope you had fun in the lab with me have a great day
Info
Channel: Cisco CPOC
Views: 31,965
Rating: 4.9085712 out of 5
Keywords: Wide Area Network Cisco Systems, Inc. (Business Operation) Intelligent WAN Cisco CPOC IWAN
Id: D0K9OuVNKZg
Channel Id: undefined
Length: 28min 13sec (1693 seconds)
Published: Mon Aug 10 2015
Related Videos
What is Cisco IWAN (Intelligent WAN)?
Kevin Wallace Training, LLC
37K
Cisco iWan
Adcap Network Systems, Inc.
10K
What is SD-WAN and why do you need it? Quick Explainer Video
Dell
112K
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
Cisco router WAN Redundancy/WAN Failover and Change Routing dynamicaly Using IP SLA - Route Tracking
Tariq Abosallout
84K
CompTIA Network+ Certification Video Course
PowerCert Animated Videos
3.5M
LabMinutes# SEC0061 - Introduction to Cisco TrustSec
Lab Minutes
19K
POP3 vs IMAP - What's the difference?
PowerCert Animated Videos
914K
WAN optimization on-demand with SD-WAN
Silver Peak
7.3K
Securing SD-WAN: 5 Considerations
The CISO Perspective
5.5K
How to Make a WAN Emulator Out of Old Computer
Cisco Sal
4.3K
VoiP DDoS Mitigation Explained With Ray Orsini from OITVoiP
Lawrence Systems
13K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.