cisco aggregation services routers 1000 positioning

© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialISR G2 TDM © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Tomáš Kelemen

[email protected] Systems Engineer

CCIE #24395

Cisco Aggregation Services Routers 1000 Positioning

mailto:[email protected]

© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKARC-2001 2

Agenda

Introduction to ASR1000

Hardware Architecture

Software Architecture

Solution Architectures

Cisco ASR1000 Interfaces, Modules

Q&A


Agenda






Q&A


Perf

orm

ance a

nd S

erv

ices S

cala

bili

ty

Cisco Routing Platform Positioning

Branch

Head Office / WAN Aggregation

Routing System with Integrated Services — Security, Voice, Video, Wireless, WAN Optimization

Secure, Reliable, Concurrent WAN Services Aggregation

High-performance embedded Services, Services Flexibility

Hardware/Software Resiliency, Modular Software

Highest Capacity,

Highly Available,

Modular Services

Modular software,

Consistent

LAN/WAN services

ISR Series

7200 Series

ASR 1000 with

ESP-5G or 10G

7600 Series/

Catalyst 6500

SeriesSecure WAN Aggregation

Integrated Threat Control

Application Optimization

ASR 1000

with ESP-20G

ASR 1002-F

(ESP-2.5G)

New


Cisco ASR 1000 Series Introduction

SPA Interface Processor (SIP)

Can take Up to 4 HH SPAs

SPA Slots

Re-Uses existing SPAs

Embedded Services Processor

(ESP) 40 Cores with Traffic ManagerRoute Processor (RP)

1.5 GHz, Up to 4GB DRAM


Chassis Options: ASR1006

RP

ESP

SIP

SPAs

6RU

0

1

0

1

0

1

2


4RU


RP

ESP

SIP

SPAs

0/0 0/1

0/2 0/3



ESP

SIP

SPAs

2RU


Chassis Options: ASR1002-F1 x HH SPA

slot

Features:

Integrated ESP, SIP10, RP1 with 4GB DRAM

ESP 2.5 Gbps

1 HH SPA slot, /w 4 built-in GE ports

Dual AC/DC power supply

2RU


Route Processor: ASR1000-RP1

Features:

First Generation ASR1000 Route Processor (RP)

1.5GHz PowerPC Processing Complex

Up to 1M v4 / 256K v6 routes

HDD

Enclosure


Route Processor: ASR1000-RP2

Features:Second Generation ASR1000 Route Processor (RP)

Dual core 2.66 GHz Intel Xeon Processing Complex

Up to 4M v4, 1M v6 routes

Hot swappable HDD

16 GB DRAM

HDD

Enclosure


Forwarding Processor: ASR1000-ESP10

Features:

10 Gbps Performance

QFP (QuantumFlow Processor)

800MHz ESP CPU Processing Complex for Control

40 cores – 900MHz each

Cisco

QuantumFlow

Processor


Forwarding Processor: ASR1000-ESP20

Features:

20 Gbps Performance

QFP (QuantumFlow Processor)

1200MHz ESP CPU Processing Complex for Control

Cisco

QuantumFlow

Processor


SPA Interface Processor: ASR1000-SIP10

Features:

First Generation ASR1000 SIP

10 Gbps Aggregate Performance

800MHz SIP10 CPU Processing Complex for Control


Agenda






Q&A


Mid-plane

ASR1000 Building Blocks

RP (Route Processor)

Handles control plane traffic

Manages system

ESP

Handles forwarding plane traffic

SIP

Houses the SPAs

SPAs

Provide interface connectivity

Centralized Forwarding Architecture

All traffic flows through the ESP

SPA-SPI, 11.2Gbps

Hyper Transport, 10Gbps

ESI, (Enhanced Serdes Interface) 11.5Gbps

Route

Processor

(standby)

RP

Interconn.

Route

Processor

(active)

RP

Interconn.

Embedded

Services

Processor

(active)

Interconn.

QFP subsys-temCrypto

assist

SP

I4.2

ESP CPU

Embedded

Services

Processor

(standby)

SPASPA

SIP

CPUSPA

Agg.

…

Interconn.

SPASPA

SIP

CPUSPA

Agg.

…

Interconn.

SPASPA

SIP

CPUSPA

Agg.

…

Interconn.

Interconn.

QFP subsys-temCrypto

assist

SP

I4.2

ESP CPU


Route Processor—RP1

General Purpose CPU clocked at 1.5GHz Freescale CPU

Memory:1. DRAM: Default: 2 GB; Max: 4 GB

2. NVRAM: 32 MB

3. 1GB of Onboard Flash (eUSB) for code storage, boot, crashinfo, etc.

Management Interfaces:Management ethernet management port, auxiliary port, console port

Storage:For core dumps, failure capture, etc; 40 GB Hard Disk Drive (rotary)

External USB flash for IOS configs or File copying

Communications paths to other cards (for control and for network control packets)

Stratum-3 network clock circuitry and BITS reference input (for synchronizing SONET links, etc.)

Miscellaneous control functions for card presence detection, card ID, power/reset control, alarms, redundancy, etc.


Route Processor—RP2

General Purpose CPU based on Intel dual core

clocked at 2.66 GHz

Memory:1. DRAM: Default: 8 GB; Max: 16 GB

2. NVRAM: 32 MB

3. 2GB of Onboard Flash (eUSB) for code storage, boot, crashinfo, etc.

Management Interfaces:Management ethernet management port, auxiliary port, console port

Storage:For core dumps, failure capture, etc; 80 GB Hard Disk Drive (rotary)

External USB flash for IOS configs or File copying

Communications paths to other cards (for control and for network control packets)

Stratum-3 network clock circuitry and BITS reference input and output (for synchronizing SONET links, etc.)

Miscellaneous control functions for card presence detection, card ID, power/reset control, alarms, redundancy, etc.


Forwarding Processor—ESP-5G, ESP-10G

Centralized, programmable forwarding engine (i.e. QFP subsystem (PPE) and crypto engine) providing full-packet processing

Packet buffering and queuing/scheduling (BQS or Traffic Manager)

For output traffic to carrier cards/SPA’s

For special features such as input shaping, reassembly, replication, punt to RP, etc.

Interconnect providing data path links (ESI) to/from other cards over mid-plane

Transports traffic into and out of QFP10

Input scheduler for allocating QFP10 BW among ESI’s

ESP CPU managing QFP, crypto device, mid-plane links, etc


SPA Interface Processor—SIP-10G

Physical termination of SPA

Supports up to 4 SPA’s

4 half-height, 2 full-height, 2 HH+1FH

Full OIR support

Does not participate in forwarding

Limited QoS

Ingress packet classification—high/low

Ingress over-subscription buffering (low priority) until FP can service them. Up to 128MB of ingress oversubscription buffering

Capture stats on dropped packets

Network clock distribution to SPA’s, reference selection from SPA’s

SIP CPU manages Midplane links, SPA OIR, SPA drivers


QFPQFP

QFP

System Bandwidth and Oversubscription

ESP bandwidth denotes the total ‘output’ bandwidth of the system, regardless of the direction

As long as High priority traffic long is not over-subscribed, i.e., <=10G for ASR1000-ESP10)

5G 5G

5G5GQFP

5G Unicast in each direction

Total Output bandwidth 5+5=10

1G 8G

2G 2G

1G Multicast with 8X replication in one direction

2G unicast in the other direction

Total Output bandwidth 8+2=10G

5G 5G

6G6G

5G Unicast in one direction & 6G Unicast in the other

direction

Total output bandwidth (5+6=11) exceeds 10G; Only 10G

will go through

1G 10G

1G1G

1G Multicast with 10X replication in one direction

1G Unicast in the other direction

Total bandwidth (10+1=11) exceeds 10G; only 10G will go through

Oversubscribed Oversubscribed


ASR1000 HA Summary

ASR leverages Cisco IOS HA infrastructure—NSF/SSO, ISSU

1+1 redundancy option for RP and ESP

Active and standby

No load balancing

RP’s are separate from ESP’s

Switchover of ESP does not result in switchover of RP

Switchover of RP/IOS does not result in switchover of ESP

Single RP may be configured with dual IOS for SW redundancy (ASR1002 or ASR1004 only)

No redundancy for SIP or other I/O cards

SPA plugs into a single SIP


System Architecture—Distributed Control Plane

Zero

Packet

Loss

Separate and independent internal communication link for control plane (GE)

Active

Route

Processor

Standby

Route

Processor

RP fails

HW or SW

Standby

Becomes

Active

SPA Interface Processor

SPA SPA

SPA SPA


SPA SPA

SPA SPA


SPA SPA

SPA SPA

Active

Embedded Services

Processor

Standby

Embedded Services

Processor


System Architecture—Centralized Data Plane


SPA SPA

SPA SPA


SPA SPA

SPA SPA


SPA SPA

SPA SPA

Active

Route

Processor

Standby

Route

Processor

Active

Embedded Services

Processor

Standby

Embedded Services

Processor

ESP fails – SW or HWStandby

Becomes Active

Minimal

Data

Interruption

All packets processed by QFP for forwarding

Separate and Independent links for Data Plane communication (ESI 11.5G)


Agenda






Q&A


SIP

SPASPA

IOCP

SPA

Agg.

…

ESP FECP

Interconn.QFP subsystem

Crypto assist

RPCPU

IOSChassis Mgr.

Forwarding Mgr.

Linux Kernel

Chassis Mgr.

Forwarding Mgr.QFP

Software

Interconn.

Chassis Mgr.SPA driver

SPA driver

SPA driver

SPA driver

Interconn.

ESI, 11.2Gbps

SPA-SPI, 11.2Gbps

Hypertransport, 10Gbps

Other

QFP code

IOS

Kernel (incl. utilities)

Kernel (incl. utilities)

Linux Kernel

Linux Kernel

GE, 1Gbps

I2C

SPA Control

SPA Bus

IPC Messages

ASR1000 - Software Architecture (IOS XE)

Interconn.

IOS XE = IOS + Middleware + Platform Software

Operational Consistency—same look and feel as IOS Router

IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc) 32bit and 64bit options.

Linux kernel with multiple processes running in protected memory for

Fault containment

Re-startability

ISSU of individual SW packages

ASR1000 HA

Zero-packet-loss RP Failover

<50ms IOSD and ESP Failover

Software Redundancy


An IOS XE Innovation—Dual Cisco IOS

An option to run dual IOS images on single RP HW for 2/4 RU chassis results in zero service disruption during IOS upgrades

Failover of IOS instance or RP doesn’t cause service impact to IOS FW or NAT

Route Processor

Embedded Services

Processor

Kernel

QFP

ForwardingManager

ChassisManager

Kernel

Chassis Manager

InterfaceManager

ForwardingManager

IOS

12.2XN(Standby)

IOS

12.2XN(Active)

IOS XE Middleware

SPA Interface

Processor

Kernel

SPA

Driver

SPA

Driver

SPA

Driver

SPA

Driver

InterfaceManager

ChassisManager

Control Messaging


Connecting to an ASR1000

Console

Normal IOS console

Telnet, SSH

Needs to be configured, but otherwise, nothing new

AUX

Can be used for diagnostic access


Management Ethernet

ASR has dedicated GigE Management Ethernet

Not usable for ‘normal’ traffic

Supports only basic ACLs

Most forwarding features do not work on this port (traffic not processed by QFP)

Intended for out of band router access—has SW support for rate limiting but that takes CPU cycles to drop packets

Don’t connect to the ‘outside’ world

Must be configured in dedicated VRF


ASR filesystem Specifics

All media shows up as type ‘disk’ regardless of type of media (SATA disk, USB flash, etc)

harddisk: and bootflash: always formatted as ext2

External usb0:, usb1: can be formatted as FAT16, FAT32, or ext2

No support for multiple partitions at this time—only first partition on each device is visible

IOS does not control these devices directly (ie, no flash driver in IOS, no SATA driver in IOS—Linux has the drivers, does the mount/umount under the covers)


Agenda






Q&A


Unified Wan Services Solutions

Internet Edge

Private Wan

WAN Aggregation

Data Center Interconnect

Secure WAN


Unified WAN Services - Branch Agg

Business Technology Operations

ASR1000

Solution

Benefits

•Nurturing new business

opportunities by adapting to

new services, more bandwidth,

and increased traffic loads at

the Head-end

•Based on multi-generational

custom built network processor,

QFP

•Scalable and modular control,

data and IO plane design

•Integrated QoS, and HA

•Ease of provisioning using

industry standard Cisco IOS

CLI

•Sub-50 ms failover times for

both control and data planes

QFP

Solution

Benefits

•Strategic, highly sophisticated

network processor built in-

house

•Instant Services turn-on using

QFP silicon

•Faster qualification due to

unified data plane architecture

based on QFP


Unified WAN Services - Optimized


ASR1000

Solution

Benefits

•Adapting to higher BW

applications by adding

optimization, monitoring and

recognition to a Carrier Class

ASR1000

•Based on multi-generational

custom built network processor,

QFP

•Scalable and modular control,

data and IO plane design

•Integrated QoS, and HA


Cisco IOS CLI for NBAR, NF

and WCCP

QFP

Solution

Benefits

•Built-in WCCPv2, Application

recognition, and monitoring

in one single processor

•Instant WAN optimization and

application recognition using

QFP s processor

•Faster qualification due to

unified data plane architecture

based on QFP


Unified WAN Services - Secure


ASR1000

Solution

Benefits

•Highly scalable built-in

encryption engine for both

IPsec and SSLVPN based

solutions

•Scalable IOS Firewall solution

up to 20Gb

•Based on multi-core encryption

engine supporting both IKE and

IPsec acceleration

•Tighter QoS and HA integration

•Support for DMVPN, EasyVPN,

and GETVPN solutions

•Ease of provisioning due to

seamless crypto engine

integration into data plane

•Sub-50 ms failover times for

crypto data plane

QFP

Solution

Benefits

•Efficient QoS, and multicast

interaction with crypto engine

•IOS Zone-based Firewall

integrated with crypto solutions

•Instant Services turn-on using

embedded crypto engine

•IOS Firewall acceleration using

native QFP off-load

•Jumbo frame support

•Crypto feature consistency

across all Embedded Services

Processors (ESP)

•IOS Firewall CLI consistent

with ISRs



DMVPN GETVPN Easy VPN

•On-demand point to multipoint

Encrypted VPNs

•Integrated voice, video, and data

encryption with reduced TCO

•Simplified branch to branch connectivity

solutions

•OPEX reduction using zero-touch

deployment

•Resilient VPN solution combining both

crypto and routing control plane

•Tunnel-less Encrypted VPNs

•Any-to-Any VPN connectivity suitable

for IP VPNs

•No overlay routing

•Simplified QoS integration with Crypto

•Reduced latency and jitter due to direct

communication with no central hub

•Eliminates p2p IKE relationship with

group encryption keys

•High availability to avoid key server as

single point of failure

•LAN-like Encrypted VPN experience

for a diverse set of VPN clients

including software clients

•Uses existing basic crypto

technologies

•Enhances interoperability by

consolidating tunnels from teleworkers,

retail stores, or branch offices

•Centralized policy and management

control



Internet Firewall VPN Firewall DMZ Firewall

•IOS Firewall applied on Internet traffic

•Protecting Branch offices from attacks

coming from Internet via split tunnel

•Protecting Branch network from Guests

•Protecting Corporate HQ from attacks

coming from Internet

•IOS Firewall applied on VPN traffic

•Protecting both inside and VPN users

from Internet

•Applicable to both interface (VTI/GRE),

and non-interface (classical) IPsec VPNs

•Easy to integrate with DMVPN, Easy

VPNs

•Ability to apply firewalling intra-zone to

firewall traffic between software VPN

client users

•IOS Firewall applied on traffic to/from

DMZ network

•Protecting inside users, and DMZ

servers


Unified WAN Services - DCI


ASR1000

Solution

Benefits

•Highly scalable DCI solution

that reduces overall WAN TCO

•Support for both L2 and L3 DCI

options

•Loop prevention & redundancy

•Scalable and modular data and

IO plane design to provide an

easier migration beyond 10Gb



CLI

•Sub-second resilience using

remote port shutdown for end

to end DCI

QFP

Solution

Benefits

•Native acceleration for all

existing and future (such as

VPLS) services

•Instant Services turn-on for

Ethernet over MPLS, H-QoS,

Encryption, and WCCPv2

•Re-use of existing silicon and

easier to add-on services like

encryption


Unified WAN Services - DCI

MPLS Transport IP Transport Encryption (MPLS/IP)

•Active/Active EoMPLS PWs solution to

extend Layer 2 over MPLS

transport/cloud up to 10Gbps

•Integrated H-QoS, and WCCPv2 (for

Layer 3 DCI)

•MEC/VSS or VPC based Ether

Channel

•Remote port shutdown for sub-

second end to end convergence

•A/A EoMPLS over GRE solution to

extend Layer 2 over IP transport/cloud up

to 10Gbps

•Integrated H-QoS, and WCCPv2 (for

Layer 3 DCI)

•MEC/VSS or VPC based Ether Channel



•A/A EoMPLS over GRE over IPsec

using built-in encryption engine in a

seamless manner up to 7Gbps

•Simplified deployment for encryption

using existing IOS CLI

•Interoperable with Nexus 7000’s

802.1AE (TrustSec) solution using

802.1AE over EoMPLS PWs (port

mode)

•TrustSec over EoMPLS provides

native MPLS encryption




UWS - Private WAN Virtualization


ASR1000

Solution

Benefits

•Highly scalable WAN and

core VPN/Virtualization

solution that reduces overall

WAN TCO

•Support for both L2 and L3 options

•Fast convergence features,

interface agnostic (Any solution

over IP Tunnel) & redundancy

•Scalable and modular data and IO

plane design to provide an easier

migration beyond 10Gb



CLI

•Leverage existing IOS

convergence mechanisms and

tools for virtualization

management

QFP

Solution

Benefits

•Native acceleration for all

existing and future (MPLS

over mGRE, L2TPv3*)

services

•Instant Services turn-on for

L3VPN, Ethernet over MPLS, H-

QoS, Encryption,

•Re-use of existing silicon and

easier to add-on services like

encryption


Unified WAN Services - Internet Edge


ASR1000

Solution

Benefits

•Highly Scalable routing platform

•Extremely modular, flexible and

integrated design

•Investment Protection

•Scale up to millions of

IPv4/IPv6 internet routes

•Separation of control plane

and forwarding plane

•Application Aware via NBAR

•In Service Software Upgrade

•Sub-50ms failover time

•Small Form Factor and low

power requirement

•Consistent IOS CLI

QFP

Solution

Benefits

•Multicore processor gives powerful

parallel processing capability

•Highly efficient traffic scheduling

•Built-in hardware support for

Firewall, NAT and IPSec.

•Advanced and high scale

QoS support

•Instant Service Turn On

•Netflow processing in

hardware

•Hardware based Control

Plane Policing

Campus Core

Internet

QFP QFP

Campus Core

Branch Office

Internet

Branch OfficeBranch OfficeInternetInternet Internet

QFP QFP


Unified WAN Services – Internet Edge

Corporate Internet GW Branch Internet GW Teleworker Access

•Internet IPv4/v6 Peering with SPs

•Full Internet BGP routes

•Monitor all network flows extensively

•Protect Corporate network from

internet

•IOS Stateful FW inspection on all

interfaces

•Offer additional services such as NAT

and WCCPv2

•Internet IPv4/v6 Peering

•Protect Branch Network from internet

•Instant-on Services such as NBAR,

IPSec, NAT, etc

•Integrated H-QoS, and WCCPv2

•IOS Stateful FW inspection on internet

traffic as well as VPN traffic.

•Integrated Easy VPN

•Teleworker access internet via

corporate FW

•Protect teleworker’s network from

internet

•Advanced services such as FPM,

netflow, etc.

Campus Core

Internet

QFP QFP

Campus Core

Branch Office

Internet

Branch OfficeBranch OfficeInternetInternet Internet

QFP QFP

QFP

Campus Core

Branch Office

Internet

Branch OfficeInternetInternet

QFP QFP

QFP

Internet


Agenda






Q&A


Ethernet SPAs

Speed Ports Interface Form Factor

FE 4 and 8 TX Half Height

GE 2, 5, 8 SFP Half Height

GE 10 SFP Full Height

10GE 1 XFP Half Height

Detailed SPA/SFP support matrix: http://tinyurl.com/mvpgm2


Serial/Channelized/ SPAs

Speed Ports Interface Form Factor Details

Channelized T1/E1

8 Copper Half HeightClear Channel and Up to 256 DSO

Independent HDLC Channels

Clear Channel T3/E3

2 and 4 Copper Half Height

Full Duplex, Full Rate and Sub Rate Support

Integrated DSUs

Channelized T3 2 and 4 Copper Half Height

Up to 112 T1 Ports (28 T1 Multiplexed onto a Single T3)

Up to 1024 NxDSO Channels (N=1-24) or 400 with T3 Config

Channelized OC-3/STM-1

1 SFP Half Height

Up to 84 T1 or 63 E1 Ports

Up to 1024 NxDSO Channels (N=1-24) or 400 with T3 Config



POS/ATM SPAs

Speed Ports Interface Form Factor

OC-3/STM-1

POS2, 4, 8 SFP Half Height

OC-12/STM-4

POS1, 2, 4, 8 SFP Half Height

OC-48/STM-4

POS 2,4 SFP Half Height

OC3/STM1 ATM 1,3 SFP Half Height



ASR 1000 WebEx NodeIntegrating WebEx Meeting Zone Components on ASR 1000

SP Network

End Customer HQ

ASR 1000

ControlMultimedia & collaboration

ASR 1000

Better performance for user inside a company firewall.

Reduce the bandwidth going out of company firewall.

Seamless to end user

Better security by reducing traffic outside of company

Collaboration

Bridge

MultiMedia

Platform

MZM

MCC


WebEx without WebEx Node SPA


WebEx with WebEx Node SPA

QFP


Data Flow Through ASR 1000

Webex Node SPA has 2.5G internal interface created in the host to handle the TCP/IP traffic for the services running on the node.

The data enter and leaves the Webex Node SPA through the SPI4 interface connected to SIP

Packet arrives on I/O Interfaces, sent to ASR 1000 ESP then to SIP where WebEx Node is attached.

Packets from WebEx Node is sent to SIP where node is connected then to ESP that forwards it to the SIP that has the egress I/O interface

No meeting traffic is sent/received from/on the node to ASR 1000 RP.

ASR1000 Embedded Service

Processor

ASR1000 SPA Interface

Processor (SIP)

2-port GE SPA

Connection to WebEx Data

Center

Connections to WebEx Clients

WebEx Node SPA


Agenda






Q&A

cisco aggregation services routers 1000 positioning

Documents