Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks April 2014 www.liveaction.com
Contents 1. Introduction... 1 2. WAN Networks... 2 3. Using LiveAction with Common WAN Technologies... 4 Multi Protocol Label Switching (MPLS)... 4 Frame Relay... 5 Dynamic Multipoint VPN (DPVPN) and Standard VPN Connected Branches... 5 Complete WAN Management... 5 4. Campus Local Area Network Core... 6 5. Conclusion... 7 www.liveaction.com
Introduction Successful organizations tend to grow over time, expanding their reach into new markets and new geographies. A common result of this growth is the opening of offices in locations other than where the company s headquarters resides. With the practice of consolidating services and IT infrastructure at the headquarters office, one of the critical tasks for the company to tackle is providing reliable and secure data and voice connectivity between the headquarters and the new branches. This technical note explains some of the common WAN technologies and where and how LiveAction can be useful in managing WAN networks for optimal performance. www.liveaction.com 1
WAN Networks The following diagram represents a typical branch office network architecture. As can be seen, the WAN connections are the lifeline for the critical network-based services hosted at the headquarters office. The lower speed WAN links will require QoS policies and monitoring to ensure optimal performance of the mission-critical services running over them. When monitoring the network the WAN aggregation router will give you the most visibility into the traffic conditions between offices. In this example, the headquarters is multi-homed to the WAN for realiabilty. The WAN edge is where all branch to HQ traffic traverses as it accesses services hosted in the campus data center. Each branch WAN router should also be monitored and managed under LiveAction, thereby giving you full analysis and QoS configuration capability across the WAN. www.liveaction.com 2
Another critical connection to manage is the one used for Internet connectivity for your organization. Because this link provides access to recreational traffic, legitimate business Internet traffic and cloud computing applications, it is important to monitor and manage QoS here as well. There are multiple ways Internet connectivity can be served for the organization. It may be another interface connection on the WAN aggregation router or an entirely separate edge router. Additionally, branch office Internet connectivity may be accessed through the corporate WAN, or locally at each branch. If using the latter architecture the interface used for Internet at each branch should also be managed by LiveAction. www.liveaction.com 3
Using LiveAction with Common WAN Technologies There are three primary technologies offered by service providers for WAN connectivity between headquarter and branch office sites: Multi Protocol Label Switching (MPLS) Frame Relay Dynamic Multipoint VPN (DMVPN) over standard internet links Each has their own characteristics, but LiveAction can optimize these WAN links regardless of the protocol being used and the services provided by the carrier. Multi Protocol Label Switching (MPLS) MPLS is a technology that allows service providers to connect an organization s sites privately through the service provider cloud creating either a Layer 2 or Layer 3 Virtual Private Network. The service provider has an edge router that is generally located on the customer premises which contains a routing table for the service provider network as well as the customer network. The customer will also have an edge router connecting directly to the provider s router. This is the device that LiveAction will be managing in this architecture. MPLS services can be provided with differentiated service classes as well allowing voice and video traffic to receive special treatment in the service provider s cloud. LiveAction can perform the following functions on the edge router for a service class enabled MPLS connection: Mark voice, video, or critical application traffic to be handled appropriately by the service provider in the MPLS cloud Display traffic usage per service class. Typically the service provider will provide a pre-determined amount of bandwidth for each service class required. LiveAction can display this utilization in real-time. Verify service provider connection quality using visual Cisco IP SLA tools. These tools can proactively monitor the quality of connections being provided over the MPLS network. In a multi-site topology connected over MPLS, it is possible to monitor the performance of the remote sites as well as the headquarters from a single location in LiveAction. Having this high level view of the network can quickly display problem areas in a large, geographically dispersed organization. www.liveaction.com 4
Frame Relay Frame Relay networks have been in use for many years to connect sites together without the use of leased lines. These connections tend to be much lower speed than MPLS connections from service providers and thus require even more planning and consideration for quality of service. LiveAction can provision the advanced quality of service functions on these links without digging through cumbersome CLI modes. Setting up priority queuing, RTP header compression, as well as QoS marking and classification can be done from a single menu as shown below. Dynamic Multipoint VPN (DPVPN) and Standard VPN Connected Branches Dynamic Multipoint VPN is a relatively new technology allowing secure multipoint networks to be dynamically generated as needed. This technology uses a combination of Generic Routing Encapsulation (GRE), Next Hop Routing Protocol (NHRP), and IPSec tunnels to allow a router to learn about other routers it is not directly connected to and generate new IPSec tunnels directly to them. In these network designs, the IPSec tunnels are generally running over a standard internet connection with no quality of service capabilities. These low cost links are often used to provide all the data and voice services to a given branch requiring traffic to be differentiated easily. LiveAction allows a user to easily setup a priority queue for voice traffic, dedicate bandwidth for transaction processing applications and prevent malicious traffic such as BitTorrent, edonkey and others from saturating the link. Complete WAN Management Regardless of the VPN topology (dynamic or static) and technology, LiveAction s flow monitoring and QoS configuration capabilities can allow priority applications to run at their highest performance over a besteffort link. LiveAction s congestion monitoring capabilities can give a network administrator proactive warning when a branch s connectivity is having problems. Having a team working on the issue before the first ticket comes in can help reduce downtime and increase productivity across an organization. www.liveaction.com 5
Campus Local Area Network Core Local Area Networks deployed in campus environments are generally designed with Access, Distribution, and Core layers per Cisco s Campus design guidelines. Depending on the size of the network and the types of equipment used, 2 of the 3 layers can be collapsed. Designs of this nature might include using L3 switches at the access layer that connect to a redundant core thus collapsing the distribution layer. In these campus environments, it can be useful to understand how bandwidth is being utilized for proactive addition of EtherChannel links or switch upgrades. The real-time traffic flow analysis capabilities included in LiveAction can provide these details on core switches such as the Catalyst 6500 and Cisco 7600. Catalyst 4500 switches with the appropriate NetFlow daughter cards can also be monitored. Other vendor switches that support sflow and J-Flow can be monitored as well. Simply adding core devices to the LiveAction tool can give quick visibility into how traffic flows through the campus network. A NetFlow-enabled core monitored by LiveAction will provide statistics and troubleshooting capabilities to ensure high network availability and scalable growth. www.liveaction.com 6
Conclusion A comprehensive view of a geographically and technologically diverse network allows one to see how individual problems are impacting the network as a whole. The many technologies used to connect branches to a headquarters and to one another can be integrated seamlessly into LiveAction. By leveraging this over-arching view of the network and its current status, network problems can be detected in less time or avoided all together. By monitoring the bandwidth and link quality at all the branches simultaneously, one can very easily determine when a branch has outgrown its connectivity or when a service provider violates their service level agreement. Copyright 2014 ActionPacked Networks, Inc. dba LiveAction. All rights reserved. LiveAction, the LiveAction logo and LiveAction Software are trademarks of ActionPacked Networks, Inc. Other company and product names are the trademarks of their respective companies. LiveAction 825 San Antonio Road, Suite 209 Palo Alto, CA 94303 N0003-001A-0414 www.liveaction.com 7