Q. What is Cisco
® Network Capacity Expansion (NCE)?
A. Cisco NCE is a transport layer performance enhancing proxy (PEP) that increases the amount of available bandwidth at small to midsized branch offices and remote locations. It is designed to cost-effectively accelerate data transfer over the WAN by overcoming bandwidth and latency limitations. With Cisco NCE, multisite organizations get more data through and more value out of their existing WAN links.
Q. What advantages does Cisco NCE provide?
A. Cisco NCE provides advantages in three primary areas:
• Fast data transfer: Cisco NCE focuses on transferring the greatest amount of data in the shortest amount of time through a skinny, latent, or congested WAN link.
• Network integration: Cisco NCE is an extension of Cisco IOS® Software and is tightly integrated into the Cisco Express Forwarding switching path, providing complete transparency to all network services and security provisions.
• Cost effectiveness: Cisco NCE offers superior price for performance.
Q. What are the primary IT benefits that Cisco NCE provides?
A. With a Cisco NCE solution, IT systems at remote and mobile locations can benefit in three primary ways:
• Expansion of available bandwidth: The net effect of using Cisco NCE is 300 to 600 percent increase in available bandwidth*.
• Reduction in bandwidth utilization: The net effect of using Cisco NCE is 100 to 900 percent improvement in bandwidth utilization*.
• Increased data transfer rates: The net effect of using Cisco NCE is 3x to 20x throughput improvement over TCP*.
*Files: Standard Canterbury Corpus,
http://www.data-compression.info/Corpora/CanterburyCorpus/. Performance ranges established from HTTP downloads/uploads with 1, 25, 50, 75, 100, 200, 300, 400, 500, and 600 ms network latencies, and 0.001, 0.01, 0.1, 1, and 2 percent packet loss rate (PLR).
Q. What business value does Cisco NCE provide?
A. A Cisco NCE solution provides multisite and global businesses with three primary value propositions:
• Lower operational expenses (OpEx): Cisco NCE significantly expands available WAN capacity and eliminates or postpones the need to upgrade bandwidth.
• High return on investment (ROI): Cisco NCE is a cost-effective solution that offers the combination of low cost with considerable savings on bandwidth. Payback time can be as little as a few weeks to a few months.
• Low total cost of ownership (TCO): Cisco NCE integrates with Cisco integrated services routers, which can lower operating expenses by as much as 70 percent.
Q. What type of organizations can benefit from Cisco NCE?
A. Cisco NCE is ideal for multisite and global organizations for which the following are true:
• Have remote (geographically separated) or mobile (in transit) sites that are connected with each other or to a parent site by the WAN
• Have or want a modular integrated services router
• Are limited by bandwidth (64 kbps to 4Mbps), network latency (>100 ms round-trip time [RTT] typically seen in satellite, 3G/wireless, or >3000-mile terrestrial links), or both
• Have fewer than 50 users per remote site
Q. How is Cisco NCE different from Cisco Wide Area Application Services (WAAS)?
A. Cisco NCE is a network-level device that increases the amount of available bandwidth at small to midsized branch offices. It is designed to cost-effectively accelerate data transfer over the WAN by overcoming bandwidth and latency limitations.
Cisco WAAS is a powerful application acceleration and WAN optimization solution for the branch office that improves the performance of any TCP-based application operating in a WAN environment.
Cisco WAAS contains a richer superset of functions than those found in Cisco NCE.
Q. How does Cisco NCE provide a high data transfer rate (throughput) over the WAN?
A. Bandwidth specifies the maximum data transfer rate achievable on a WAN link. Latency and congestion determine the actual transfer rate (throughput). Cisco NCE uses two techniques to take throughput past the bandwidth limit:
• Virtual bandwidth expansion: Cisco NCE uses compression with multipacket compression dictionaries, redundant header elimination, efficient packet packing, and acknowledgment bundling.
• Improved bandwidth utilization: Cisco NCE uses Stream Control Transmission Protocol (SCTP) encapsulated TCP optimization, packet flow control, and intelligent bandwidth management.
The combined effect of these technologies results in a dramatic expansion of available WAN link capacity, enabling extremely fast data transfer rates over the WAN.
Q. How does Cisco NCE provide full transparency to other network services and security provisions?
A. Cisco NCE is tightly integrated into the Cisco Express Forwarding switching path, which is the preferred packet processing path inside of Cisco IOS Software. When a TCP packet enters the router, its header and payload are examined, and various networking services (for example, Network Address Translation [NAT] and quality of service [QoS]) and security provisions (for example, intrusion prevention systems [IPSs] and access control lists [ACLs]) are applied. Cisco NCE is strategically inserted into the Cisco Express Forwarding switching path right before encryption services. This ensures that all payload processing services (for example, deep packet inspection by intrusion prevention) have had a chance to process the packet. The packet is then processed by Cisco NCE, and its original header information is mapped to a new SCTP packet header. Based on the type of service (TOS) configuration in the packet header, the packet is then assigned to a corresponding SCTP stream. Finally, the new SCTP packet is reinserted at the start of the Cisco Express Forwarding switching path, and it undergoes processing again as if it were the original TCP packet. During the second pass Cisco NCE does not intercept the SCTP packet, and it is forwarded to encryption services (if enabled).
On the return path, the SCTP packet is processed right after decryption (if enabled), mapped to a new TCP packet, and immediately inserted back into the Cisco Express Forwarding switching path.
Integration of Cisco NCE with the Cisco Express Forwarding switching path ensures that network services and security provisions such as the following are not broken:
Q. How does Cisco NCE preserve type of service (TOS) byte?
A. Cisco NCE uses Stream Control Transmission Protocol (SCTP) encapsulation to optimize TCP. Single SCTP connection between end nodes provides multiple associations (channels) for data delivery. Each SCTP association is further divided into multiple streams. Cisco NCE creates eight SCTP associations, each corresponding to one of the eight possible TOS values. When a TCP packet is processed by NCE it is assigned to an SCTP association with a matching TOS byte. The TOS setting on SCTP packets is then enforced by Cisco IOS Software as it is for any other packet with equivalent TOS value.
Q. How does Cisco NCE provide ease of deployment and maintenance?
A. Installation of Cisco NCE involves insertion of an AIM into the integrated services router, upload of Cisco NCE software, assignment of network addresses, and configuration of remote peers. From start to end this procedure usually takes less than 15 minutes first time around. In the next release of Cisco NCE software, a graphical user interface (GUI) manager and autodiscovery of remote peers will simplify deployment even further.
After it is installed, the device requires no additional maintenance, tuning, or monitoring. Status commands are provided for statistical information.
Q. Which Cisco products make up a complete WAN capacity expansion solution?
A. Cisco NCE is a symmetric solution that integrates into the Cisco integrated services routers. Therefore, a complete solution requires a pair of Cisco NCE modules with two Cisco integrated services routers:
• At a remote site an AIM module and one of Cisco 1841, 2801, 2811, 2821, 2851, 3825, or 3845 ISRs
• At the headend NME module and one of Cisco 2811, 2821, 2851, 3825, or 3845 ISRs
Q. How is the Cisco NCE solution deployed?
A. At remote sites Cisco NCE integrates directly into one of the Cisco integrated services routers. At the headend various deployment options exist depending on the amount of bandwidth and number of remote sites supported. A Cisco Integrated Services Router with a Cisco NCE module attaches to a headend WAN aggregation router such as Cisco 7200, 7600 Series Routers or Cisco Catalyst
® 6500 Series Switches. The headend ISR supports in-path deployment and out-of-path deployment using policy based routing (PBR) configured at the WAN aggregation router.
Q. What is the meaning of K9 in the product software part number?
A. K9 is the designator of strong encryption, including Triple Digital Encryption Standard (3DES) and Advanced Encryption Standard (AES). Even though the Cisco NCE is supported in nonsecurity images such as IP Base, the card is designated as a K9 product because the card itself includes strong encryption in the Secure Shell (SSH) Protocol. The K9 designation allows Cisco to control shipment of cryptography-enabled devices and software and comply with U.S. State Department rules on the export of such devices.
Q. What Cisco IOS Software release supports Cisco NCE?
A. Cisco NCE is supported on Cisco IOS Software Release 12.4(15)XY.