Ever since Meraki announced iWAN support – I have been thinking “Hmm, if Meraki does iWAN as easy as they do everything else, that’s one hell of a compelling story”
When I speak to collegues who have done iWAN on Cisco ISR platforms – it is
iWAN is still something many have not played with – but the value prop is pretty simple right? It boils down to two simple concepts
- I can use my internet to transport some of my WAN traffic
- I can lower costs by using smaller MPLS circuits because I can use my cheap internet pipe for that.
So really we are moving away from passive/active world of MPLS + Internet, and VPN over internet if MPLS fails. Everything is active/active, but unlike traditional load sharing type arrangements, we make intelligent decisions of what traffic goes where and when.
So the iWAN concept looks like this….
Sounds like marketing right? Well, it is a little bit. It’s really a concept based on a bunch of ideas.
Transport Independence – We can send the data on any link we have to get to the other side, that uses DMVPN
Application Optimization – That’s QOS and AVC
Intelligent Path Control – The ability to control what flows over what path and when – That’s PFR
Put all that together, and you get iWAN. Keep in mind your endpoints might also be running ZBFW, Voice or other applications that will make this difficult.
I’m sure some will disagree with me — but iWAN is difficult. Not in a lab, in real world, it is alot to configure. Here is one document — on just the PFR part of iWAN.. http://docwiki.cisco.com/wiki/PfR3:Solutions:IWAN
So the concept is good, and sound but in practice, it requires a lot of skill to deploy, and to maintain the same skills are continually needed.
This is why many customers have not looked at it yet, if they have the skills in house, with time to burn – then perhaps, but to bring in someone from outside, is costly. As someone who is constantly working with clients to reduce cost and deliver value, it’s hard to say “Yes go spend $50,000 deploying iWAN to save yourself $1000 a month” — the math doesn’t work.
APIC-EM Managing iWAN
The APIC-EM is an ever evolving product but it quickling becoming the bespoke “software defined” network platform for edge, WAN and access. The benefits including path visualization, and application control are very cool and provide us with visibility like we have never had before.
Ok don’t get me wrong here, yes this is a GUI, and I am a hard core CLI guy, from the early telecom days and 3 letter mnemonics I love my CLI’s but there simply isn’t a way to visualize 10 pages of policies without a GUI, or I suppose if I was 20 again and had that level of brain power – but it simply isn’t there for me.
First we can see very clearly the status, and configuration of what our iWAN network looks like, including health, and a quick review of what is set up where and how, nice pictures, make things easier.
The APIC-EM gives us the ability to build, in a GUI the network policies that meet our business needs for our WAN. This means that people who are not network savvy, application owners can now understand and make intelligence decisions based on provided information . Where do we learn about the network? APIC-EM uses the NBAR data to find out what applications are running, and those that are not, we can define. 1200 Applications are in there by default.
Once defined, we can drag/drop/GUI Design what fits where, and over what link we want to use, either Internet, MPLS, or even balanced over both. All with full fail over, and remember we have not touched a CLI yet!
APIC manages all your certs, configures the DMVPN, handles IOS version deployment and takes care of endpoints. I make these statements from what I am told — is it really this easy? Well, that is a good question. I am working with the @ciscoDCloud team to see if we can get a real demo of it up to try out.
So that’s the question, iWAN was marketed well, but the costs / time and difficulty wasn’t really well explained until you get down into it. Is this going to make it easier? It sure looks like it. I just need to get my hands on it to find out – is it that simple?
When I find out – I will let you all know.
TechWise TV with @robbboyd has a good overview