cisco integrated services router g2d2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/brkarc-3001.pdf ·...
TRANSCRIPT
Cisco Integrated Services Router G2 Architectural Overview and Use Cases BRKARC-3001
Matt Bolick – Technical Marketing Engineer
Stefan Mansson – Technical Marketing Engineer
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Agenda
Mega-Trends in Branch Environments
– Next Generation Enterprise WAN
ISR G2 Portfolio Overview
Geeky ISR G2 Architecture
Cisco Cloud Intelligent Network
– Application Hosting
– Cloud Connectors
Integrated Application Awareness
– Application Visibility and Control
– Cisco WAAS
– OnePK
3
Branch Routers in 90+ Minutes
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Changing Business Environment
4
Video and Collaboration
Cloud and Virtualization
Mobility and Wireless
• Seven Billion New Wireless Devices by 2015
• 50% of Enterprises Surveyed Allow Personal Devices Use for Work
• 40% of Customers Are Planning to Move to Cloud
• Cloud Computing Services to Grow Dramatically ($44.2 Billion) by 2013
• “Collaboration Enthusiasts” Use an Average of 22 Tools to Connect with Colleagues
• 45% Employed Millennials Use Social Networking Sites
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
IoE Trends: The Only Constant Is Change Cisco ISR 4451-X Prepare IT for Business Impact
CHANGING ROLE OF IT
Internet of Things Mobility / Video New Breed of Apps Cloud Big Data and Analytics
Growth and Productivity
Opportunities
User Experience
and Expectations
New
Business Models Globalization
Security
and Regulatory
Compliance
Business Implications
Technology Transitions
5
Next-Generation Enterprise WAN Regional WAN Solution
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Meet IT Challenges with Cisco Next Generation Enterprise WAN
7
An Architecture Blueprint to Transform Enterprise WAN to Support Changing Business Environments and Applications
Secure and Scalable WAN Architecture
Rich Network Services Simplified Operation and
Implementation
• Secure to access Hardened
from attacks
• Scales to 1000s of sites globally
• Pre-validated designs utilizing
Cisco best practices
• Multiservice—voice, video, data
• Multiuse—any device or app
• Intelligent network services
for optimal user experience
• Reduced complexity with
integrated management
• Application visibility—proactive
optimization and troubleshooting
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Next Generation Enterprise WAN High Level Topology
8
Management
IPv4/v6
Security
Mobility
Multimedia
Application Performance
Cloud
Local Campus Data Center
Interconnect
Remote Branch
South Region
Efficient Use
of Resources
Seamless
Any-to-Any
Services
Consistent
Security
Regional
WAN
Inter Connect
Inter Connect
West
Region
East
Region
WAN Core
Internet
Public
Cloud
Hybrid
Cloud Service
Provider
Services
Voice, Video, Etc.
Metro
Remote Branch
Data Center
Private
Cloud
Headquarters /
Datacenter
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Regional WAN Branch Profiles
9
ISR G2 ISR G2 ISR G2 ISR G2 ASR1K ASR1K
MPLS Intern
et MPLS MPLS MPLS MPLS
Mobile Branch • 3G/4G or Satellite
• WAAS Express to boost
application performance
• Branch mobility
• Deliver video over 4G*
Standard Branch • Most common
deployment
• Migration from Serial to Ethernet
• SP MPLS with Internet as backup
• Application performance
• 4-9s availability
• Deliver SD video
High-end Branch • Migration from DS3 to
FastEthernet
• Dual SP MPLS
• Redundant router
• Application performance
• 5-9s availability
• Deliver HD video
Ultra High-end Branch • Very high BW—up to
1Gb
• Software and hardware redundancy
• Same profile as High-end Branch
• Services are provided by dedicated appliance
Pe
rfo
rman
ce a
nd
Ava
ilab
ility
Flexible Deployment Options for
Different Service Requirements
3G/4G
Satellit
e
Retail Banking, Kiosk,
Vehicles, Cruises
Typical Branch
Office
Financial Branch,
Med/Large Branch Office
Remote Campus
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
For more information….
10
BRKARC-2091 - Next Generation Enterprise WAN - Branch & Head-End
Tuesday, Jun 25, 8:00 AM - 9:30 AM or Cisco Live 365
This breakout session discusses the disrupting networking trends that are changing the Enterprise landscape, scope of these changes include the areas of network security, service delivery , application performance optimization and cloud access in tomorrow's borderless networks. Borderless Networks is an architectural approach to networking that can automate business and network processes driving down operational cost, thus allowing IT to scale. Cisco ISR G2 and ASR 1000 platforms offer the best in class service richness and flexibility that is needed to deliver the promise of borderless networks and allow users to turn on services on-demand. This session discusses the end to end WAN architectures that include both branch and head-end solutions.
Introducing the new ISR 4451-X
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Redefining Branch Routing Unprecedented Performance and Service Scalability with IT Simplicity
Cisco ISR 4451-X The Ultimate ISR with Application Experience
• 1-2 Gbps Performance
• Separate Services Planes for Continuity
• Pay-As-You-Grow Model
• No Disruptions or Truck Rolls
• Ease of L2-L7 Service Deployment
• Native, Full-featured WAN Optimization
• Security with Application Visibility
• Application Service Assurance
Appliance-level
Services Performance
Simplified Service
Integration
12
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Cisco Branch Platform Portfolio
3900(E) (3RU, 100M–350M)
75Mb
350Mb
500Mb
1Gb
Forw
ard
ing P
erf
orm
ance w
ith S
erv
ices
2Gb
5Gb
10Gb ASR1002-X
(5G–36G)
2900 (2RU, 35M–75M)
ASR1001 (2.5G–5G)
ISR 4451-X
(2 RU, 1G–2G)
13
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Integrated Services Router Portfolio
Forwarding with Services
Inte
rface D
ensity
800 Series
1900 Series
2901
2911
2921
2951
3900 Series 3900E Series
4451-X
2Gbps 500Mbps 350Mbps 250Mbps 100Mbps 75Mbps 50Mbps 25Mbps 35Mbps
14
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
ISR 4451-X Typical Deployment High-End Branch
Local Campus Data Center
Interconnect
SP A
MPLS
SP B
MPLS
Redundant,
Scalable
Head End ASR 1000 ASR 1000
ISR 4451-X ISR 4451-X
High-End
Branch
ASIC-like Consistent Performance
Integrated Application Hosting
Pervasive, Scalable
End-to-End Security
Embedded, Full-Featured
Appliance-like Services
Optimized Application Performance
Consistent Operations, Monitoring, and
Troubleshooting
1-2Gbps with Rich Branch Services
15
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
ISR 4451-X Typical Deployment Regional Branch Aggregation
Local Campus Data Center
Interconnect
Campus or
Regional
Head-End ISR 4451-X
Regional
Branches
and Users ASIC-like Consistent Performance
Performance-on-Demand
Scalable VPN Aggregation
Embedded WAAS and AppNav for
Scalable WAN Optimization
Optimized Application Performance
Consistent Features and
Management
Low-Scale Branch Aggregation
ISR G2 ISR G2
Internet
ISR G2
Regional
Aggregation
16
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
ISR 4451-X IO Design
USB Connections
• 2 x Type A for file storage and
charging your cell phone
• USB Type B Console in addition
to RJ45 Console and Aux ports
Management Interface
Connects control plane directly
to a management network.
Front Panel GE
• 4 RJ45/SFP GE Interfaces
• PoE available on 2 Interfaces
Network Interface Modules (NIM)
• Larger & more powerful than EHWICs
• Up to 8 ports per module
• DSPs directly on modules
Optional Drive NIM for
Embedded Applications
• RAID 1 for data protection
• Single HD (future) &
Dual SSD Options
Enhanced Service Modules
• Compatible with ISR G2
• Up to 10Gb connection to system
• Faster & more powerful than SMs
17
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
4G LTE with Cisco 812 controlled from 4451-X
Branch Router buried in
basement or closet with
poor wireless coverage
Cisco 812 with built-in 4G/LTE
and 802.11n located where
coverage is best
Standard cat5 cable provides
power, data, configuration &
management*
* Configuration &
Management functions
are a roadmap feature.
18
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Platform Specific Data Plane
Linux OS
ISR 4451-X Architecture
IOSd Control Plane
ISR-WAAS Future Cisco Embedded Network Services
Common API (onePK)
AVC
Internal Services
Blade (UCS E-
Series)
External Services
Blade (UCS)
onePK onePK
AppNav
19
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
For more information….
20
BRKARC-2016 - Integrating Services in the Branch Without Compromise
Tuesday, Jun 25, 8:00 AM - 9:30 AM
Wednesday, Jun 26, 8:00 AM - 9:30 AM
or Cisco Live 365
Here is where you'll learn all the technical details about a new router and how it fits in with the rest of the ISR portfolio from Cisco. You'll learn the way this new multi-core IOS XE architecture forwards packets and how the services virtualization layer allow you to run integrated services, such as WAAS, within the router just like they're on an appliance. You'll become the expert on this new flagship of the ISR portfolio and know more about the technology under the hood than anyone else you know.
ISR G2 Portfolio
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
High-End Branch
Standard Branch
Mobile Branch
ISR G2 Portfolio
22
WA
N A
ccess S
peed
Wit
h S
ervic
es
2911
1921 1941
2901
3945
150 Mb 100 Mb 75 Mb 50 Mb 35 Mb 25 Mb
EFM SubrateFE
VDSL2+/Sub-rate FE
Line Rate FE +
Line Rate N x FE
3945E
3925E
350 Mb
2921
2951
3925
800
15 Mb 250 Mb 10 Mb
Secure Remote Cloud Access, WAN
Acceleration and Smart Install
Voice and Video Collaboration
in the Branch Cloud
Server Virtualization
Recommended Positioning with Services
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Service Modules 3x-7x increase in service module
performance
Existing NM support through adapter
EPoE capable
Internal Services Module 3x increase in service
module performance
Configurable power savings mode
Not available on 3900E & 1941W
EHWIC 2x performance
increase
HWIC/WIC/VWIC/VIC support natively
EPoE capable
Multi-core Network Processor 5x- 7x performance
increase
Multi Gigabit Fabric Module to module
communications
Packet prioritization and shaping
NG DSP Modules Video ready DSP modules
4x increase in audio conferencing and transcoding
Configurable power savings modes
GE Ports 4 on 3900E
3 on 2911+
SFP slots on 2921 and above
USB Console over USB
Convenience storage
Security credentials
Services Performance Engine (3900) Upgradeable engines
SPE-200 & SPE-250
Under the Covers
Ingegrated Services Router Generation 2
23
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
ISR G2 Models
Cisco 81x/86x/88x/89x
•Fixed Platforms for Ethernet, xDSL, 3G interfaces
•New 892-F offers 1 SFP port
•802.11n Wifi, Integrated Switch w/POE, SRST optio
•Machine-2-Machine Models
Cisco 1921/1941/1941W
•Modular platform with 2xEHWIC slots
•1941/1941W Can support 9-port switch plus WAN interface
•1921 provides 1 RU option
•Factory 802.11n Wifi on 1941W
Cisco 2901/2911/2921/2951
•UC and Video Ready platforms
•Increased density on GE and SFP ports, Service Module slots and PVDM3 slots
•Performance increase across the line with 2951 at 75Mbps WAN Access
•External RPS option on 2911-2951
Cisco 3925/3945/3925E/3945E
•Field replaceable Service Performance Engine (SPE) to upgrade performance up to 350 Mbps
•Online Insertion and Removal (OIR) support for Service Modules
•Support up to 4 Service Module slots
•Optional integrated Redundant Power Supply 24 24
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Cisco 800 Series Overview 812 819
860VAE 880 890
Eth WAN 1*GE 1*GE 1*GE 1*FE 1-2 FE or GE
SFP No No No No MD
VDSL2 No No Yes MD MD
ADSL2/2+ No No Yes MD MD
G.SHDSL No No No MD MD
ISDN BRI No No No MD MD
V.92 No No No No MD
WWAN 3G, 3.7G 3G, 3.7G, 4G No 3G, 3.7G No
PSTN
interconnect No No No
FXO or BRI Voice
(MD) No
FXS Ports No No No 4 (MD) No
802.11n 2.4 & 5 GHz (MD) 2.4 & 5 GHz (MD) No 2.4 & 5 GHz (MD) 2.4 & 5 GHz (MD)
* MD = Model Dependent
25
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Cisco 800 Series Overview (Cont.) 812 819 860VAE 880 890
Switch Ports 0 4 * FE 4* FE, 0-1*GE (MD) 4 * FE 8 * FE or GE (MD)
VLANs 0 8 5 8 14
Hardware-Based IPsec Encryption
Yes Yes No Yes Yes
Flash 512 MB 256 or 1024 MB (MD) 56, 64 or 128 MB (MD) 128 or 256 MB (MD) 256M
Flash upgradeable No No No No No
DRAM 512 MB 512 or 1024 MB 256 MB 256 – 1024 MB (MD)* 256 – 1024 MB (MD)*
DRAM upgradeable No No No MD* Yes*
Internal PoE Option No No No 2 Ports 4 Ports, MD
USB Ports 0 0 1 (2.0) 1 (1.1) 1-2 (2.0) MD
IOS Feature Set Adv. Security or Adv. IP Services (upgradeable)
Adv. Security or Adv. IP Services (upgradeable)
IP Base or Adv. Security (MD)
Adv. Security or Adv. IP Services (upgradeable)
Adv. IP Services
* The default and max memory varies per model
26
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Downlink 100 Mbps / Uplink 50
Mbps
Super Low Latency (< 50 ms) -
5x Lower than 3G
819 M2M 3G Gateway
w/ Wifi & 4G 812 MiFI (Cellular plus Wifi) 4G LTE HWIC
ISR w/ 3G in AP Form Factor
Portable, Rapid Deployment
POE Powered (Optional)
Compact, Hardened
802.11 a/b/g/n Dual Radio
4G/LTE , GPS, Mobile IP Ready
What’s New?
27
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Security Cable Lock
Memory Flash Default: 256 MB Max: 256 MB
DRAM Default: 512 MB Max: 1G
• Desktop chassis with external power supply
• One USB 2.0 flash memory or security e-token
• Default Cisco IOS Advanced IP Services feature set
Console & AUX Port
Reset
Button
8-Port 10/100/1000 FE Managed Switch
4 Port PoE
Power
Connector
USB 2.0 Port
RJ45/SFP
Combo WAN
Power
Switch
VDSL2/ADSL2+
Over POTS Integrated 2.4 & 5
GHz Antenna
Cisco 897VAMW Series
28
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
860VAE-W Hardware
• Only Advanced Security Models
• Single WAN option – Multimode xDSL either/or GE
• 2 x GE + 3 x FE
• FCC and ETSI 2.4 Ghz WiFi Compliance
• “No Fan” design, 9.5”x9.5”, Sheet Metal, Same 1RU Industrial Design as 860VAE
• 1 x PoE port on special SKU ( US WiFi )
Target FCS
2H2013
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
800 Series – What’s Coming? 860VAE-W (Aug ‘13)
– WiFi + Flex VPN + Nano Cube
NANO CUBE – Lightweight CUBE (Aug ’13)
– Expands CUBE to 860VAE, 880, 890
4G LTE
– EHWIC – Canada (2HCY2013)
– EHWIC – Japan (2HCY2014)
– 880, 890 & 819 (new chipset) (1HCY2014)
IPv6 in Adv Sec, 15.2(4)M
– Previous only in AIS
Smart Install in 8xx, 15.2(4)M
Lead Free RoHS6 compliant Products
– Phase1 (Eth+V/ADSL units) 2H2013
– Phase 2 ( WLAN+G.SHDSL units ) 2H2014
– Functionally equivalent to their predecessors SKUs....or better.
– Fanless
– 89x all GE LAN/WAN ports
VDSL2 Bonding & Vectoring (Future)
– Two-pair VDSL interface (Bonding) – Increasing bandwidth by 100%
– Reducing cross talk (Vectoring) – Increasing bandwidth 50% +
– Extending range
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public 31
Cisco VPN ISM for ISR G2 Delivering High Performance VPN for Branch Routers
Availability
IOS Requirement: 15.2(1)T1 or later
Supported Platforms: 1941, 2901, 2911, 2921, 2951, 3925, 3945
‒ (Note: Not supported on 1941W, 3925E, 3945E)
Features
Plug and play Internal Service Module (ISM) for VPN acceleration
Hardware encryption support for both IPsec and SSL VPN
Hardware support for IKEv2 and Suite B crypto algorithms
Performance
High IPsec VPN throughput (Up to 1.2Gbps)
Up to 3X throughput and 2X supported IPsec tunnels over onboard crypto engine
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
IPsec Performance & Scale with ISM-VPN
Note: Single stream of IPsec traffic with AES encryption is used for the throughput measurement
Platform IMIX Throughput
ISM-VPN
IMIX Throughput
IOS only
1400-Byte Throughput Max Number of
Supported Tunnels
1941 140 Mbps 60 Mbps 500 Mbps 500
2901 145 Mbps 60 Mbps 550 Mbps 750
2911 150 Mbps 65 Mbps 600 Mbps 1000
2921 220 Mbps 80 Mbps 700 Mbps 1500
2951 385 Mbps 150 Mbps 900 Mbps 2000
3925 550 Mbps 210 Mbps 1100 Mbps 2500
3945 600 Mbps 245 Mbps 1200 Mbps 3000
For Your Reference
32
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Ethernet Switch Module Overview
* No CTS PHY Encryption , or POE+ (30w)
o Higher availability, up to 2x when compared to a standalone switch
o Designed to promote Borderless Networks
o Support the same features and configurations in the branch are in the headquarters
o Integrates the latest enterprise switch features into the router
o Increased Power Over Ethernet
o Enhanced POE (ePOE) Up to 20 watts per port
o Takes advantage of 2900/3900 increased power levels offering up to 1040 watts per chassis
o Per port autosensing and configuration of power levels
o EnergyWise per port-based and per slot-based power saving controls
o Gigabit Ethernet 10/100/1000
o One L2/L3 and one pure L2 family offered
o 16, 24, and 48 ports of GE or FE LAN, Local line-rate Layer 2/3 switching
o Same feature set and roadmap as the latest LSBU Catalyst 3560-X/2960-S switches*
o Integration with the router’s Multi Gigabit Fabric LAN optimizes traffic between modules, with no impact on CPU/WAN performance
o Smart Install
o Zero touch Install/Replace/Backup
o AutoImage, AutoConfig
o Treat the ESM like a line-card or a standalone switch
33
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Smart Install Automatically Deploy Switches in the Branch
Director
ISR/ISRG2
Client EtherSwitch
Switch Clients
Routers:
Director only - 15.1(3)T
Switches:
Client – 12.2(52)SE
Director - 12.2(55)SE
Zero Touch Installation
Zero Touch Upgrade
Zero Touch Replacement
Director ISRG2, ISR G1, Catalyst 3xxx series
Mix-and-Match Clients Catalyst 3750, 3750-E, 3560, 3560-E, 2960,
2975, All NME and SM EtherSwitch modules
34
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Cisco Integrated Customization Services (CICS)
High Volume, Zero Touch deployment solution from Cisco
New Service from Cisco that supports Cisco Integrated Service Router (ISR) G2
Helps customers realize cost savings, increase operational efficiency, and deliver services faster (time-to-market)
Open to all Cisco customers
Supported on Cisco Commerce Workspace (CCW) only – Cisco Commerce Workspace (CCW) provides a simplified commerce experience that allows partners to configure, price, and quote
products, software and related service, and to submit orders from one screen
– http://www.cisco.com/web/go/ccw
– http://www.cisco.com/web/services/ordering/downloads/cisco_commerce_workspace_vod.mp4
Tiered service 2
Support all ISR G2
routers 3
Zero-Touch, High-Volume Deployment
Integrated with
Ordering system 1
35
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Cisco Integrated Customization Services (CICS) Tiered offering
Pri
ce
Silver IOS config file
Standard labels
Gold Includes Silver features
Scripts
Unlisted IOS / FW version
Modules in specific slots
ConfigMerge
Platinum Includes Gold features
Accessories – SIM, cables
Documents (multi language)
Custom labels (multi language)
Levels of customization
Summer
CY’13
36
Q4 CY’13
Packet Flow in an ISR
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
ISR G2 Architecture 1941 and Above
CPU
MGF
HWIC
EHWIC
NM
SM
ISM PVDM
Gigabit Ethernet
PCI-Express
HWIC DDR
38
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
ISR G2 Packet Flow
Normal Layer 3 Routing
CPU
MGF
HWIC
EHWIC
NM
SM
ISM PVDM
Gigabit Ethernet
PCI-Express
HWIC DDR
39
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
ISR G2 Packet Flow Module-To-Module Communication
CPU
MGF
HWIC
EHWIC
NM
SM
ISM PVDM
Gigabit Ethernet
PCI-Express
HWIC DDR
40
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
ISR 4451-X Block Diagram
Control Plane
(1 core) &
Services Plane (3 cores)
Data Plane
(10 cores)
4xPCIe FPGE
4xSGMII
DRAM
DRAM DRAM
Multi
Gigabit
Fabric
Platform
Controller
Hub
Mgt Eth
Cons/Aux
USB
Flash SM-X
ISC 2Gbps
10G/slot
10G
XA
UI
4xP
CIe
SM-X NIM
2G/slot
PCIe & SERDES
management links
not shown.
System
FPGA
41
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
4xPCIe
ISR 4451-X Packet Flow
Data Plane
(10 cores) FPGE
4xSGMII
DRAM
DRAM DRAM
Multi
Gigabit
Fabric
Platform
Controller
Hub
Mgt Eth
Cons/Aux
USB
Flash SM-X
ISC 1G SGMII
10G/slot
10G
XA
UI
4xP
CIe
SM-X NIM
2G/slot
System
FPGA
Control Plane
(1 core) &
Services Plane (3 cores)
42
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Multi-Gigabit Fabric Configuration Most new modules include MGF and legacy links.
– Interfaces will appear as two internal connections to the same module (SM1/0 and SM1/1 for example).
Configuration for the module-side MGF connection is performed on the router-side “0” connection.
– Configuration information is passed to the module on this interface.
– The router-side MGF connection is a layer-2 trunk port and is not directly configurable.
Layer 3 MGF configuration on the router is handled with VLAN interfaces.
Note: MGF configuration not available when a HWIC-ESW is in the system.
43
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Multi-Gigabit Fabric Configuration
Typical Configuration with an SRE Service Module interface SM1/0
description PCI connection to SRE-900 module in slot 1
ip address 10.10.20.1 255.255.255.0
service-module ip address 10.10.20.2 255.255.255.0
!Application: SRE-V Running on SMV
service-module ip default-gateway 10.10.20.1
service-module mgf ip address 10.1.30.2 255.255.255.0
service-module mgf ip default-gateway 10.1.30.1
!
interface SM1/1
description MGF connection to SRE-900 module in slot 1
switchport access vlan 1
switchport mode access
! Other switchport commands, such as switchport trunk,
! would be configured here.
!
interface Vlan1
ip address 10.1.30.1 255.255.255.0
!
44
CPU
MGF
HWIC
EHWIC
NM
SM
ISM PVDM
SM1/0
SM1/1
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
IOS Order of Operations
1. RITE 2. EPC 3. QoS Drop 4. VRF Classify 5. Packet Debug 6. Netflow 7. LISP 8. BGP Policy Map 9. QoS Classify 10.Fragment Assembly 11.LI 12. IPS 13.Firewall 14.ACL 15.SBC
16.FPM 17. IPSec Decrypt 18.QoS Marking 19.Policing 20.QoS post-crypto Classify 21.WAAS 22.EZVPN 23.Accounting 24.NAT Outside 25.Policy Routing 26.WCCP 27.VRF Select 28.BOOTP/DHCP Reply
Input Feature Processing in 15.1(3)T
For Your Reference
45
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
IOS Order of Operations
1. QoS Classification 2. NAT Inside 3. NHRP 4. WCCP 5. NAT Outside 6. BGP Policy Map 7. IPSec Classify 8. CTS 9. QoS Classification 10.Firewall 11. IPS 12.QoS Drop 13.ACL 14.FPM
15.WAAS 16.QoS Marking 17.Accounting 18.RSVP 19.Policing 20.Netflow 21. IPSec Encrypt 22.Packet Debug 23.Packet Capture 24.HW Checks
Output Feature Processing in 15.1(3)T
For Your Reference
46
Cloud Intelligent Network UCS E-Series
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Lean Branch Office Applications Edge Applications That Defy Centralization
Core Windows Services
Mission Critical Business Applications
Client Management Services
DNS and DHCP Servers
Microsoft Active Directory
Windows Print Services
Windows File Services
Others …
Point of Sale Server
Bank Teller Control Point
Electronic Medical Records
Inventory Management
Others …
Software Update Service
Client Monitoring Service
Backup and Recovery
Terminal Server Gateway
Others …
48
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Cisco ISR G2 as Blade Server Enclosure Use Slots on Most Widely Deployed Branch Device
Direct blade to
LAN connectivity
Redundant power
supply options Long service life 2x
typical blade system
Secure platform with
small attack surface
All-in-One Device for Branch Services
Performance
Connectivity
Mobility
Applications
Collaboration
Security
2 and 3 RU
options 1, 2, 4 blade
slots options
49
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Cisco UCS E-Series Components Simplifying Lean Branch Office Infrastructure
Platform for Edge Applications Microsoft Windows Server certified
Various Cisco Virtual Appliances also supported
Server Virtualization VMWare vSphere (ESXi) or other
Hypervisor/Operating System
Dedicated Blade Management Cisco Integrated Management Controller
Consistent management for UCS family
Multipurpose x86 Blades Cisco UCS E-Series modules
House up to 4 server blades in ISR G2
Single-device Network Integration House all devices in ISR G2 chassis
Multi-Gigabit Fabric backplane switch
IOS, MGF Backplane Switch
UCS E Series
Hypervisor
OS
App
OS
App
CIMCE UCS E Series
Hypervisor
OS
App
OS
App
50
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
UCS E Series Single-Wide
51
Up to 2 SATA, SAS or SSD hard
drives
Lights Out
Configuration
and
Management
Through CIMC
Intel Xeon E3 family
quad-core processor
On board Hardware RAID 0/1
with Hot-Swap Capability
One External and
Two
Internal GE Ports
USB 2.0 Port for External Device
Connectivity
8 GB , 12 GB
and 16 GB
DRAM
Options
Maximum 65 W Power
Draw
80% Less Than Server
Wire-Free, Plug-and-Play
Modularity,
Low Shipping Weight (2.5 lb/1.1 kg)
Remote and
Schedulable Power
Management
iSCSI Initiator
Hardware
Offload
KVM Console connector
10/100 Ethernet
Management Port
Two SD cards: one for
the CIMC and
temporary storage of
OS and one for a blank
virtual drive
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
UCS E Series Double-Wide
52
Up to 3 SATA, SAS, SSD hard
drives or 2 HDD and a PCIe card
Intel Xeon E5-2400 quad
core or six-core processor
On board hardware RAID 0, 1 and
5 •Configuration Options with Hot-Swap
Capability Two External and Two Internal GE Ports
with TCP/IP Acceleration
Front-panel VGA, 2 USB, and
serial connections
8 GB - 48 GB
DRAM Options
Maximum 130 W Power Draw
80% Less Than Server
Wire-Free, Plug-and-Play Modularity,
Low Shipping Weight (7 lb / 3.2 kg)
Remote and
Schedulable Power
Management
iSCSI Initiator
Hardware Offload
Two SD cards: one for the CIMC and
temporary storage of OS and one for a blank
virtual drive
Lights Out
Configuration
& MGMT
Through
CIMC
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
UCS E Series Specs
53
UCS-E140S
UCS-E140D(P)
UCS-E160D(P)
Processor Intel Xeon (Sandy Bridge)
E3-1105C (1 GHz)
Intel Xeon (Sandy Bridge)
E5-2428L (2 GHz) / E5-2418L
(1.8 GHz)
Core 4 4 / 6
Memory 8 - 16 GB
DDR3 1333MHz
8 - 48 GB
DDR3 1333MHz
Storage
200 GB- 2 TB (2 HDD)
SATA, SAS, SED, SSD
200 GB- 3 TB (3 HDD*)
SATA, SAS, SED, SSD
RAID RAID 0 & RAID 1 RAID 0, RAID 1 & RAID 5*
Network Port
Internal: 2 GE Ports
External: 1 GE Port
Internal: 2 GE Ports
External: 2 GE Ports
PCIE Card: 4 GE or 1 10 GE
FCOE
For Your Reference
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Distributed VDI on UCS E-series Fully distributed solution
DataCenter/Headquarters
WAN
Remote Office clients
ISR G2 & UCS E WAAS
WAAS
• VDI and applications resiliency
• Best user-experience
• DataCenter Compute offloading
• Simplified management Branch Office
Cloud Intelligent Network Cloud Connectors
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Cloud Difficulties in the Branch Wide-Area Constraints Make Branch Users Suffer
56
Branch Office
WAN Connection
Users expect the same
experience as local apps
Higher-Latency, Lower-
Bandwidth and Less
Reliable than Local Network
Apps often designed for
LAN performance
not WAN constraints
RESULT: Applications under-perform and are less reliable when
delivered across the WAN than when hosted locally.
OS
Cloud
App
OS
IaaS SaaS
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Cloud Connectors for Better Cloud Applications Cloud Intelligence in the Branch Improves User Experience
57
Branch Office
WAN Connection
Users expect the same
experience as local apps
Higher-Latency, Lower-
Bandwidth and Less
Reliable than Local Network
Apps often designed for
LAN performance
not WAN constraints
RESULT: Application experience is improved by incorporating
cloud intelligence into the branch network.
OS
Cloud
App
OS
IaaS SaaS
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public 58
Secure Public Cloud Access with Cisco Cloud Web Security (ScanSafe) Protect Internet Edge at Enterprise Branches
Key Benefits:
Avoid expensive backhaul of internet and
public cloud traffic through the
HQ/Datacenter
Single policy portal, easy of deployment and
management
Enhanced security for all users
Solution:
Integrate ScanSafe Connector in ISR G2.
Router redirects Internet Web traffic to
ScanSafe cloud
‒ Content analysis, detect/stop malware
‒ Web usage control – administrator can control
access to websites
Complement the integrated security
(ZBF, IPS) on the router
Internet
Branch Branch
Internet
WAN
Centralized Reporting
Consistent Policy Control
Web Security Web Filtering
HQ
Secure VPN Integrated
Security
Web
Security
ASR1K
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public 59
Cloud Storage Connector Third Party Connector
End-User Virtual Portal • Users access their own cloud
backups and folders, restore and
share files.
MSP Admin Portal • Manage end-user accounts,
service provisioning and billing
Cisco ISR G2 and UCS® E-Series with Cloud Storage Gateway
MSP Network
Backup Agent for
Roaming Laptop
Branch Office Agent-Less Solution
Cloud storage is cached
in the branch. Branch
files are backed up to
the cloud.
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Build Your Own Cloud Connector Home Brewed Connection to the Cloud
60
ISR G2 Branch Router
UCS Express
VM
Cloud
Service
VM
VM
Clo
ud
Co
nn
ecto
r
onePK
Cloud
Connected
Service
Custom cloud connectors run
in a Virtual Machine within
router.
Familiar set of application
deployment and management
tools from VMWare.
Rich network integration and
awareness through
standardized API
Cloud Intelligent Network onePK – Universal API
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
How We Interact With Routers & Switches Today
62
CLI
AAA
SNMP
HTML
XML
Syslog
Span
Netflow
CDP
Routing Protocols
Data
Plane
Monitoring
QoS
Security
Routing
Discovery
Interfaces
Vast Toolkit
• Familiar
• Many knobs
• Controlled Access
• Special Purpose Tools
Not Vast Enough
• Gaps
• Inconsistencies
• Not programmatic A
PP
LIC
AT
ION
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
What’s Missing from Today’s Interactions?
63
Consistency Across
Platforms Rich Actions
Modern Programming Languages
Multiple Deployment
Models
Data Plane Interaction
Routing
Discovery
Interfaces
Monitoring
QoS
Security
Data Plane
AP
PL
ICA
TIO
N
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
OnePK Architecture
64
Thrift / Sockets
Application
C
APIs
Java
APIs
Python
APIs
IOS IOSd/XE XR
Network
Abstraction
NX-OS
Network
Abstraction
Network
Abstraction Network
Abstraction
1) Write An App
2) App Talks To
Devices
3) Devices Do
Stuff
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
OnePK Provides Three Deployment Models
65
Container
Container
End-Point Hosting Process Hosting Blade Hosting
Cisco Network
Operating
System OnePK
Apps
Cisco Network
Operating
System
OnePK Apps
Bla
de
Cisco Network
Operating
System
Exte
rna
l
Se
rve
r
OnePK
Apps
Best For:
•Real Time
•Data Plane
Best For:
•Powerful RPs
•Low Latency
Best For:
•Less Delay Sensitive
•Multi-Element Apps
ISR-AX Application Visibility and Control (AVC) Cisco WAAS
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Cisco ISR-AX—What’s Inside? Build on the Cisco ISR G2
Operational Simplification and Manageability
Application Visibility and Control
• NBAR2
• QoS
• Media Monitoring
• WAN Path Selection (PfR)
WAN Optimization
• Application Acceleration
• TPC Compression
• Data Redundancy Elimination
Hardware for ISR-AX
• SRE or Max DRAM
• Option for UCS-E Series Server
• Disks for 4451
Security
• VPN Encryption
• IOS Firewall
• Intrusion Prevention
• Cloud Web Security
67
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
“Today Network is an IT Blind Spot”
Static port classification is no longer enough
More and More apps are opaque
Increasing use of Encryption and Obfuscation
Application consists of multiple sessions (Video, Voice, Data)
68
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Application Visibility and Control
69
Use QoS or PfR to
control application
network usage to
improve application
performance
ASR1K
ISR
Control
High
Med
Low
Advanced reporting
tool aggregates and
reports application
performance
App Visibility &
User Experience Report
Reporting Tool
ISR G2 & ASR collect
application bandwidth
and response time
metrics, and export to
management tool
ASR1K
ISR
NFv9
FNF
IOS PA
Reporting Tool Perf. Collection & Exporting
Reporting Tools
App BW Transaction
Time
…
WebEx 3 Mb 150 ms …
Citrix 10 Mb 500 ms …
DPI engine (NBAR2)
identifies applications
using L7 signatures
ASR1K
ISR
Deep Packet Inspection
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
WAAS Express • Integrated ISR G2
• On-demand IOS-based
• Bandwidth optimization
• Inline IOS features (Security, QoS)
• Small footprint, Cost-effective, Single CLI
Virtual WAAS • Application acceleration from
Private/Virtual Private Cloud
• VMWare ESX/ESXi and UCS
deployments
• Agile, elastic, multi-tenant deployment
• vCM: common virtualized management
for physical/virtual WAAS
WAAS Service Ready Engine • Integrated ISR G2
• Application Acceleration
• Software on-demand provisioning
• No fork lift upgrade
WAAS Appliance • Application acceleration
• Virtual blades in branch offices
• Scalable platforms for range of
deployments
Cisco WAAS Improve application performance and user experience
70
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
“All in a box – simple to
deploy”
FULL FEATURED WAAS
ACCELERATOR INSIDE
• Tighter Integration
• Service aware data
plane – AppNav
• Dedicated Resources
• 3 steps to setup
within 10 minutes
• Up to 2500 connections
150Mbps optimized WAN
• Embedded AppNav to
expand w/ vWAAS on
UCS-E or externally
Native Simple Scalable
Key Benefits with ISR4451-X ISR-WAAS
71
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Summary: Cisco ISR G2 and ISR 4451-X
Industry’s richest and most innovative integrated services platform – Addresses needs of any branch of any size Industry’s only router integrated secure WAN Optimization solution – Doubles your bandwidth and gives you a < 1 year ROI Video-ready architecture to enable a dynamic, adaptable branch network – Provides integrated video assessment, monitoring, and troubleshooting Network integrated security with reliable wired-wireless LAN/WAN services – Scalable VPN services with data protection and business continuity Make your network application and cloud aware – Extensive services that tie applications and networks together for the best experience
1
2
3
4
5
72
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Other Sessions of Interest
73
Product Updates:
BRKARC-2016 - Integrating Services in the Branch Without Compromise
BRKAPP-2030 - Application Visibility and Control in Enterprise WAN
BRKAPP-3006 - Advanced Troubleshooting Cisco Wide Area Application Services (WAAS)
BRKARC-2012 - Application Hosting and OnePK Architecture Overview
Network Troubleshooting:
BRKARC-2002 - Network Diagnosis: Prevent Prepare Repair
Enterprise WAN Design:
BRKARC-2091 - Next Generation Enterprise WAN - Branch & Head-End
BRKRST-2041 - WAN Architectures and Design Principles
© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public
Maximize your Cisco Live experience with your
free Cisco Live 365 account. Download session
PDFs, view sessions on-demand and participate in
live activities throughout the year. Click the Enter
Cisco Live 365 button in your Cisco Live portal to
log in.
Complete Your Online Session Evaluation
Give us your feedback and you could win fabulous prizes. Winners announced daily.
Receive 20 Cisco Daily Challenge points for each session evaluation you complete.
Complete your session evaluation online now through either the mobile app or internet kiosk stations.
74