cisco integrated services router g2d2zmdbbm9feqrf.cloudfront.net/2013/usa/pdf/brkarc-3001.pdf ·...

Cisco Integrated Services Router G2 Architectural Overview and Use Cases BRKARC-3001

Matt Bolick – Technical Marketing Engineer

Stefan Mansson – Technical Marketing Engineer

© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public

Agenda

Mega-Trends in Branch Environments

– Next Generation Enterprise WAN

ISR G2 Portfolio Overview

Geeky ISR G2 Architecture

Cisco Cloud Intelligent Network

– Application Hosting

– Cloud Connectors

Integrated Application Awareness

– Application Visibility and Control

– Cisco WAAS

– OnePK

3

Branch Routers in 90+ Minutes


Changing Business Environment

4

Video and Collaboration

Cloud and Virtualization

Mobility and Wireless

• Seven Billion New Wireless Devices by 2015

• 50% of Enterprises Surveyed Allow Personal Devices Use for Work

• 40% of Customers Are Planning to Move to Cloud

• Cloud Computing Services to Grow Dramatically ($44.2 Billion) by 2013

• “Collaboration Enthusiasts” Use an Average of 22 Tools to Connect with Colleagues

• 45% Employed Millennials Use Social Networking Sites


IoE Trends: The Only Constant Is Change Cisco ISR 4451-X Prepare IT for Business Impact

CHANGING ROLE OF IT

Internet of Things Mobility / Video New Breed of Apps Cloud Big Data and Analytics

Growth and Productivity

Opportunities

User Experience

and Expectations

New

Business Models Globalization

Security

and Regulatory

Compliance

Business Implications

Technology Transitions

5

Next-Generation Enterprise WAN Regional WAN Solution


Meet IT Challenges with Cisco Next Generation Enterprise WAN

7

An Architecture Blueprint to Transform Enterprise WAN to Support Changing Business Environments and Applications

Secure and Scalable WAN Architecture

Rich Network Services Simplified Operation and

Implementation

• Secure to access Hardened

from attacks

• Scales to 1000s of sites globally

• Pre-validated designs utilizing

Cisco best practices

• Multiservice—voice, video, data

• Multiuse—any device or app

• Intelligent network services

for optimal user experience

• Reduced complexity with

integrated management

• Application visibility—proactive

optimization and troubleshooting


Next Generation Enterprise WAN High Level Topology

8

Management

IPv4/v6

Security

Mobility

Multimedia

Application Performance

Cloud

Local Campus Data Center

Interconnect

Remote Branch

South Region

Efficient Use

of Resources

Seamless

Any-to-Any

Services

Consistent

Security

Regional

WAN

Inter Connect

Inter Connect

West

Region

East

Region

WAN Core

Internet

Public

Cloud

Hybrid

Cloud Service

Provider

Services

Voice, Video, Etc.

Metro

Remote Branch

Data Center

Private

Cloud

Headquarters /

Datacenter


Regional WAN Branch Profiles

9

ISR G2 ISR G2 ISR G2 ISR G2 ASR1K ASR1K

MPLS Intern

et MPLS MPLS MPLS MPLS

Mobile Branch • 3G/4G or Satellite

• WAAS Express to boost

application performance

• Branch mobility

• Deliver video over 4G*

Standard Branch • Most common

deployment

• Migration from Serial to Ethernet

• SP MPLS with Internet as backup

• Application performance

• 4-9s availability

• Deliver SD video

High-end Branch • Migration from DS3 to

FastEthernet

• Dual SP MPLS

• Redundant router

• Application performance

• 5-9s availability

• Deliver HD video

Ultra High-end Branch • Very high BW—up to

1Gb

• Software and hardware redundancy

• Same profile as High-end Branch

• Services are provided by dedicated appliance

Pe

rfo

rman

ce a

nd

Ava

ilab

ility

Flexible Deployment Options for

Different Service Requirements

3G/4G

Satellit

e

Retail Banking, Kiosk,

Vehicles, Cruises

Typical Branch

Office

Financial Branch,

Med/Large Branch Office

Remote Campus


For more information….

10

BRKARC-2091 - Next Generation Enterprise WAN - Branch & Head-End

Tuesday, Jun 25, 8:00 AM - 9:30 AM or Cisco Live 365

This breakout session discusses the disrupting networking trends that are changing the Enterprise landscape, scope of these changes include the areas of network security, service delivery , application performance optimization and cloud access in tomorrow's borderless networks. Borderless Networks is an architectural approach to networking that can automate business and network processes driving down operational cost, thus allowing IT to scale. Cisco ISR G2 and ASR 1000 platforms offer the best in class service richness and flexibility that is needed to deliver the promise of borderless networks and allow users to turn on services on-demand. This session discusses the end to end WAN architectures that include both branch and head-end solutions.

Introducing the new ISR 4451-X


Redefining Branch Routing Unprecedented Performance and Service Scalability with IT Simplicity

Cisco ISR 4451-X The Ultimate ISR with Application Experience

• 1-2 Gbps Performance

• Separate Services Planes for Continuity

• Pay-As-You-Grow Model

• No Disruptions or Truck Rolls

• Ease of L2-L7 Service Deployment

• Native, Full-featured WAN Optimization

• Security with Application Visibility

• Application Service Assurance

Appliance-level

Services Performance

Simplified Service

Integration

12


Cisco Branch Platform Portfolio

3900(E) (3RU, 100M–350M)

75Mb

350Mb

500Mb

1Gb

Forw

ard

ing P

erf

orm

ance w

ith S

erv

ices

2Gb

5Gb

10Gb ASR1002-X

(5G–36G)

2900 (2RU, 35M–75M)

ASR1001 (2.5G–5G)

ISR 4451-X

(2 RU, 1G–2G)

13


Integrated Services Router Portfolio

Forwarding with Services

Inte

rface D

ensity

800 Series

1900 Series

2901

2911

2921

2951

3900 Series 3900E Series

4451-X

2Gbps 500Mbps 350Mbps 250Mbps 100Mbps 75Mbps 50Mbps 25Mbps 35Mbps

14


ISR 4451-X Typical Deployment High-End Branch


Interconnect

SP A

MPLS

SP B

MPLS

Redundant,

Scalable

Head End ASR 1000 ASR 1000

ISR 4451-X ISR 4451-X

High-End

Branch

ASIC-like Consistent Performance

Integrated Application Hosting

Pervasive, Scalable

End-to-End Security

Embedded, Full-Featured

Appliance-like Services

Optimized Application Performance

Consistent Operations, Monitoring, and

Troubleshooting

1-2Gbps with Rich Branch Services

15


ISR 4451-X Typical Deployment Regional Branch Aggregation


Interconnect

Campus or

Regional

Head-End ISR 4451-X

Regional

Branches

and Users ASIC-like Consistent Performance

Performance-on-Demand

Scalable VPN Aggregation

Embedded WAAS and AppNav for

Scalable WAN Optimization

Optimized Application Performance

Consistent Features and

Management

Low-Scale Branch Aggregation

ISR G2 ISR G2

Internet

ISR G2

Regional

Aggregation

16


ISR 4451-X IO Design

USB Connections

• 2 x Type A for file storage and

charging your cell phone

• USB Type B Console in addition

to RJ45 Console and Aux ports

Management Interface

Connects control plane directly

to a management network.

Front Panel GE

• 4 RJ45/SFP GE Interfaces

• PoE available on 2 Interfaces

Network Interface Modules (NIM)

• Larger & more powerful than EHWICs

• Up to 8 ports per module

• DSPs directly on modules

Optional Drive NIM for

Embedded Applications

• RAID 1 for data protection

• Single HD (future) &

Dual SSD Options

Enhanced Service Modules

• Compatible with ISR G2

• Up to 10Gb connection to system

• Faster & more powerful than SMs

17


4G LTE with Cisco 812 controlled from 4451-X

Branch Router buried in

basement or closet with

poor wireless coverage

Cisco 812 with built-in 4G/LTE

and 802.11n located where

coverage is best

Standard cat5 cable provides

power, data, configuration &

management*

* Configuration &

Management functions

are a roadmap feature.

18


Platform Specific Data Plane

Linux OS

ISR 4451-X Architecture

IOSd Control Plane

ISR-WAAS Future Cisco Embedded Network Services

Common API (onePK)

AVC

Internal Services

Blade (UCS E-

Series)

External Services

Blade (UCS)

onePK onePK

AppNav

19


For more information….

20

BRKARC-2016 - Integrating Services in the Branch Without Compromise

Tuesday, Jun 25, 8:00 AM - 9:30 AM

Wednesday, Jun 26, 8:00 AM - 9:30 AM

or Cisco Live 365

Here is where you'll learn all the technical details about a new router and how it fits in with the rest of the ISR portfolio from Cisco. You'll learn the way this new multi-core IOS XE architecture forwards packets and how the services virtualization layer allow you to run integrated services, such as WAAS, within the router just like they're on an appliance. You'll become the expert on this new flagship of the ISR portfolio and know more about the technology under the hood than anyone else you know.

ISR G2 Portfolio


High-End Branch

Standard Branch

Mobile Branch

ISR G2 Portfolio

22

WA

N A

ccess S

peed

Wit

h S

ervic

es

2911

1921 1941

2901

3945

150 Mb 100 Mb 75 Mb 50 Mb 35 Mb 25 Mb

EFM SubrateFE

VDSL2+/Sub-rate FE

Line Rate FE +

Line Rate N x FE

3945E

3925E

350 Mb

2921

2951

3925

800

15 Mb 250 Mb 10 Mb

Secure Remote Cloud Access, WAN

Acceleration and Smart Install

Voice and Video Collaboration

in the Branch Cloud

Server Virtualization

Recommended Positioning with Services


Service Modules 3x-7x increase in service module

performance

Existing NM support through adapter

EPoE capable

Internal Services Module 3x increase in service

module performance

Configurable power savings mode

Not available on 3900E & 1941W

EHWIC 2x performance

increase

HWIC/WIC/VWIC/VIC support natively

EPoE capable

Multi-core Network Processor 5x- 7x performance

increase

Multi Gigabit Fabric Module to module

communications

Packet prioritization and shaping

NG DSP Modules Video ready DSP modules

4x increase in audio conferencing and transcoding

Configurable power savings modes

GE Ports 4 on 3900E

3 on 2911+

SFP slots on 2921 and above

USB Console over USB

Convenience storage

Security credentials

Services Performance Engine (3900) Upgradeable engines

SPE-200 & SPE-250

Under the Covers

Ingegrated Services Router Generation 2

23


ISR G2 Models

Cisco 81x/86x/88x/89x

•Fixed Platforms for Ethernet, xDSL, 3G interfaces

•New 892-F offers 1 SFP port

•802.11n Wifi, Integrated Switch w/POE, SRST optio

•Machine-2-Machine Models

Cisco 1921/1941/1941W

•Modular platform with 2xEHWIC slots

•1941/1941W Can support 9-port switch plus WAN interface

•1921 provides 1 RU option

•Factory 802.11n Wifi on 1941W

Cisco 2901/2911/2921/2951

•UC and Video Ready platforms

•Increased density on GE and SFP ports, Service Module slots and PVDM3 slots

•Performance increase across the line with 2951 at 75Mbps WAN Access

•External RPS option on 2911-2951

Cisco 3925/3945/3925E/3945E

•Field replaceable Service Performance Engine (SPE) to upgrade performance up to 350 Mbps

•Online Insertion and Removal (OIR) support for Service Modules

•Support up to 4 Service Module slots

•Optional integrated Redundant Power Supply 24 24


Cisco 800 Series Overview 812 819

860VAE 880 890

Eth WAN 1*GE 1*GE 1*GE 1*FE 1-2 FE or GE

SFP No No No No MD

VDSL2 No No Yes MD MD

ADSL2/2+ No No Yes MD MD

G.SHDSL No No No MD MD

ISDN BRI No No No MD MD

V.92 No No No No MD

WWAN 3G, 3.7G 3G, 3.7G, 4G No 3G, 3.7G No

PSTN

interconnect No No No

FXO or BRI Voice

(MD) No

FXS Ports No No No 4 (MD) No

802.11n 2.4 & 5 GHz (MD) 2.4 & 5 GHz (MD) No 2.4 & 5 GHz (MD) 2.4 & 5 GHz (MD)

* MD = Model Dependent

25


Cisco 800 Series Overview (Cont.) 812 819 860VAE 880 890

Switch Ports 0 4 * FE 4* FE, 0-1*GE (MD) 4 * FE 8 * FE or GE (MD)

VLANs 0 8 5 8 14

Hardware-Based IPsec Encryption

Yes Yes No Yes Yes

Flash 512 MB 256 or 1024 MB (MD) 56, 64 or 128 MB (MD) 128 or 256 MB (MD) 256M

Flash upgradeable No No No No No

DRAM 512 MB 512 or 1024 MB 256 MB 256 – 1024 MB (MD)* 256 – 1024 MB (MD)*

DRAM upgradeable No No No MD* Yes*

Internal PoE Option No No No 2 Ports 4 Ports, MD

USB Ports 0 0 1 (2.0) 1 (1.1) 1-2 (2.0) MD

IOS Feature Set Adv. Security or Adv. IP Services (upgradeable)

Adv. Security or Adv. IP Services (upgradeable)

IP Base or Adv. Security (MD)

Adv. Security or Adv. IP Services (upgradeable)

Adv. IP Services

* The default and max memory varies per model

26


Downlink 100 Mbps / Uplink 50

Mbps

Super Low Latency (< 50 ms) -

5x Lower than 3G

819 M2M 3G Gateway

w/ Wifi & 4G 812 MiFI (Cellular plus Wifi) 4G LTE HWIC

ISR w/ 3G in AP Form Factor

Portable, Rapid Deployment

POE Powered (Optional)

Compact, Hardened

802.11 a/b/g/n Dual Radio

4G/LTE , GPS, Mobile IP Ready

What’s New?

27


Security Cable Lock

Memory Flash Default: 256 MB Max: 256 MB

DRAM Default: 512 MB Max: 1G

• Desktop chassis with external power supply

• One USB 2.0 flash memory or security e-token

• Default Cisco IOS Advanced IP Services feature set

Console & AUX Port

Reset

Button

8-Port 10/100/1000 FE Managed Switch

4 Port PoE

Power

Connector

USB 2.0 Port

RJ45/SFP

Combo WAN

Power

Switch

VDSL2/ADSL2+

Over POTS Integrated 2.4 & 5

GHz Antenna

Cisco 897VAMW Series

28


860VAE-W Hardware

• Only Advanced Security Models

• Single WAN option – Multimode xDSL either/or GE

• 2 x GE + 3 x FE

• FCC and ETSI 2.4 Ghz WiFi Compliance

• “No Fan” design, 9.5”x9.5”, Sheet Metal, Same 1RU Industrial Design as 860VAE

• 1 x PoE port on special SKU ( US WiFi )

Target FCS

2H2013


800 Series – What’s Coming? 860VAE-W (Aug ‘13)

– WiFi + Flex VPN + Nano Cube

NANO CUBE – Lightweight CUBE (Aug ’13)

– Expands CUBE to 860VAE, 880, 890

4G LTE

– EHWIC – Canada (2HCY2013)

– EHWIC – Japan (2HCY2014)

– 880, 890 & 819 (new chipset) (1HCY2014)

IPv6 in Adv Sec, 15.2(4)M

– Previous only in AIS

Smart Install in 8xx, 15.2(4)M

Lead Free RoHS6 compliant Products

– Phase1 (Eth+V/ADSL units) 2H2013

– Phase 2 ( WLAN+G.SHDSL units ) 2H2014

– Functionally equivalent to their predecessors SKUs....or better.

– Fanless

– 89x all GE LAN/WAN ports

VDSL2 Bonding & Vectoring (Future)

– Two-pair VDSL interface (Bonding) – Increasing bandwidth by 100%

– Reducing cross talk (Vectoring) – Increasing bandwidth 50% +

– Extending range

© 2013 Cisco and/or its affiliates. All rights reserved. BRKARC-3001 Cisco Public 31

Cisco VPN ISM for ISR G2 Delivering High Performance VPN for Branch Routers

Availability

IOS Requirement: 15.2(1)T1 or later

Supported Platforms: 1941, 2901, 2911, 2921, 2951, 3925, 3945

‒ (Note: Not supported on 1941W, 3925E, 3945E)

Features

Plug and play Internal Service Module (ISM) for VPN acceleration

Hardware encryption support for both IPsec and SSL VPN

Hardware support for IKEv2 and Suite B crypto algorithms

Performance

High IPsec VPN throughput (Up to 1.2Gbps)

Up to 3X throughput and 2X supported IPsec tunnels over onboard crypto engine


IPsec Performance & Scale with ISM-VPN

Note: Single stream of IPsec traffic with AES encryption is used for the throughput measurement

Platform IMIX Throughput

ISM-VPN

IMIX Throughput

IOS only

1400-Byte Throughput Max Number of

Supported Tunnels

1941 140 Mbps 60 Mbps 500 Mbps 500

2901 145 Mbps 60 Mbps 550 Mbps 750

2911 150 Mbps 65 Mbps 600 Mbps 1000

2921 220 Mbps 80 Mbps 700 Mbps 1500

2951 385 Mbps 150 Mbps 900 Mbps 2000

3925 550 Mbps 210 Mbps 1100 Mbps 2500

3945 600 Mbps 245 Mbps 1200 Mbps 3000

For Your Reference

32


Ethernet Switch Module Overview

* No CTS PHY Encryption , or POE+ (30w)

o Higher availability, up to 2x when compared to a standalone switch

o Designed to promote Borderless Networks

o Support the same features and configurations in the branch are in the headquarters

o Integrates the latest enterprise switch features into the router

o Increased Power Over Ethernet

o Enhanced POE (ePOE) Up to 20 watts per port

o Takes advantage of 2900/3900 increased power levels offering up to 1040 watts per chassis

o Per port autosensing and configuration of power levels

o EnergyWise per port-based and per slot-based power saving controls

o Gigabit Ethernet 10/100/1000

o One L2/L3 and one pure L2 family offered

o 16, 24, and 48 ports of GE or FE LAN, Local line-rate Layer 2/3 switching

o Same feature set and roadmap as the latest LSBU Catalyst 3560-X/2960-S switches*

o Integration with the router’s Multi Gigabit Fabric LAN optimizes traffic between modules, with no impact on CPU/WAN performance

o Smart Install

o Zero touch Install/Replace/Backup

o AutoImage, AutoConfig

o Treat the ESM like a line-card or a standalone switch

33


Smart Install Automatically Deploy Switches in the Branch

Director

ISR/ISRG2

Client EtherSwitch

Switch Clients

Routers:

Director only - 15.1(3)T

Switches:

Client – 12.2(52)SE

Director - 12.2(55)SE

Zero Touch Installation

Zero Touch Upgrade

Zero Touch Replacement

Director ISRG2, ISR G1, Catalyst 3xxx series

Mix-and-Match Clients Catalyst 3750, 3750-E, 3560, 3560-E, 2960,

2975, All NME and SM EtherSwitch modules

34


Cisco Integrated Customization Services (CICS)

High Volume, Zero Touch deployment solution from Cisco

New Service from Cisco that supports Cisco Integrated Service Router (ISR) G2

Helps customers realize cost savings, increase operational efficiency, and deliver services faster (time-to-market)

Open to all Cisco customers

Supported on Cisco Commerce Workspace (CCW) only – Cisco Commerce Workspace (CCW) provides a simplified commerce experience that allows partners to configure, price, and quote

products, software and related service, and to submit orders from one screen

– http://www.cisco.com/web/go/ccw

– http://www.cisco.com/web/services/ordering/downloads/cisco_commerce_workspace_vod.mp4

Tiered service 2

Support all ISR G2

routers 3

Zero-Touch, High-Volume Deployment

Integrated with

Ordering system 1

35

http://www.cisco.com/web/go/ccw

http://www.cisco.com/web/services/ordering/downloads/cisco_commerce_workspace_vod.mp4


Cisco Integrated Customization Services (CICS) Tiered offering

Pri

ce

Silver IOS config file

Standard labels

Gold Includes Silver features

Scripts

Unlisted IOS / FW version

Modules in specific slots

ConfigMerge

Platinum Includes Gold features

Accessories – SIM, cables

Documents (multi language)

Custom labels (multi language)

Levels of customization

Summer

CY’13

36

Q4 CY’13

Packet Flow in an ISR


ISR G2 Architecture 1941 and Above

CPU

MGF

HWIC

EHWIC

NM

SM

ISM PVDM

Gigabit Ethernet

PCI-Express

HWIC DDR

38


ISR G2 Packet Flow

Normal Layer 3 Routing

CPU

MGF

HWIC

EHWIC

NM

SM

ISM PVDM

Gigabit Ethernet

PCI-Express

HWIC DDR

39


ISR G2 Packet Flow Module-To-Module Communication

CPU

MGF

HWIC

EHWIC

NM

SM

ISM PVDM

Gigabit Ethernet

PCI-Express

HWIC DDR

40


ISR 4451-X Block Diagram

Control Plane

(1 core) &

Services Plane (3 cores)

Data Plane

(10 cores)

4xPCIe FPGE

4xSGMII

DRAM

DRAM DRAM

Multi

Gigabit

Fabric

Platform

Controller

Hub

Mgt Eth

Cons/Aux

USB

Flash SM-X

ISC 2Gbps

10G/slot

10G

XA

UI

4xP

CIe

SM-X NIM

2G/slot

PCIe & SERDES

management links

not shown.

System

FPGA

41


4xPCIe

ISR 4451-X Packet Flow

Data Plane

(10 cores) FPGE

4xSGMII

DRAM

DRAM DRAM

Multi

Gigabit

Fabric

Platform

Controller

Hub

Mgt Eth

Cons/Aux

USB

Flash SM-X

ISC 1G SGMII

10G/slot

10G

XA

UI

4xP

CIe

SM-X NIM

2G/slot

System

FPGA

Control Plane

(1 core) &

Services Plane (3 cores)

42


Multi-Gigabit Fabric Configuration Most new modules include MGF and legacy links.

– Interfaces will appear as two internal connections to the same module (SM1/0 and SM1/1 for example).

Configuration for the module-side MGF connection is performed on the router-side “0” connection.

– Configuration information is passed to the module on this interface.

– The router-side MGF connection is a layer-2 trunk port and is not directly configurable.

Layer 3 MGF configuration on the router is handled with VLAN interfaces.

Note: MGF configuration not available when a HWIC-ESW is in the system.

43


Multi-Gigabit Fabric Configuration

Typical Configuration with an SRE Service Module interface SM1/0

description PCI connection to SRE-900 module in slot 1

ip address 10.10.20.1 255.255.255.0

service-module ip address 10.10.20.2 255.255.255.0

!Application: SRE-V Running on SMV

service-module ip default-gateway 10.10.20.1

service-module mgf ip address 10.1.30.2 255.255.255.0

service-module mgf ip default-gateway 10.1.30.1

!

interface SM1/1

description MGF connection to SRE-900 module in slot 1

switchport access vlan 1

switchport mode access

! Other switchport commands, such as switchport trunk,

! would be configured here.

!

interface Vlan1

ip address 10.1.30.1 255.255.255.0

!

44

CPU

MGF

HWIC

EHWIC

NM

SM

ISM PVDM

SM1/0

SM1/1


IOS Order of Operations

1. RITE 2. EPC 3. QoS Drop 4. VRF Classify 5. Packet Debug 6. Netflow 7. LISP 8. BGP Policy Map 9. QoS Classify 10.Fragment Assembly 11.LI 12. IPS 13.Firewall 14.ACL 15.SBC

16.FPM 17. IPSec Decrypt 18.QoS Marking 19.Policing 20.QoS post-crypto Classify 21.WAAS 22.EZVPN 23.Accounting 24.NAT Outside 25.Policy Routing 26.WCCP 27.VRF Select 28.BOOTP/DHCP Reply

Input Feature Processing in 15.1(3)T

For Your Reference

45


IOS Order of Operations

1. QoS Classification 2. NAT Inside 3. NHRP 4. WCCP 5. NAT Outside 6. BGP Policy Map 7. IPSec Classify 8. CTS 9. QoS Classification 10.Firewall 11. IPS 12.QoS Drop 13.ACL 14.FPM

15.WAAS 16.QoS Marking 17.Accounting 18.RSVP 19.Policing 20.Netflow 21. IPSec Encrypt 22.Packet Debug 23.Packet Capture 24.HW Checks

Output Feature Processing in 15.1(3)T

For Your Reference

46

Cloud Intelligent Network UCS E-Series


Lean Branch Office Applications Edge Applications That Defy Centralization

Core Windows Services

Mission Critical Business Applications

Client Management Services

DNS and DHCP Servers

Microsoft Active Directory

Windows Print Services

Windows File Services

Others …

Point of Sale Server

Bank Teller Control Point

Electronic Medical Records

Inventory Management

Others …

Software Update Service

Client Monitoring Service

Backup and Recovery

Terminal Server Gateway

Others …

48


Cisco ISR G2 as Blade Server Enclosure Use Slots on Most Widely Deployed Branch Device

Direct blade to

LAN connectivity

Redundant power

supply options Long service life 2x

typical blade system

Secure platform with

small attack surface

All-in-One Device for Branch Services

Performance

Connectivity

Mobility

Applications

Collaboration

Security

2 and 3 RU

options 1, 2, 4 blade

slots options

49


Cisco UCS E-Series Components Simplifying Lean Branch Office Infrastructure

Platform for Edge Applications Microsoft Windows Server certified

Various Cisco Virtual Appliances also supported

Server Virtualization VMWare vSphere (ESXi) or other

Hypervisor/Operating System

Dedicated Blade Management Cisco Integrated Management Controller

Consistent management for UCS family

Multipurpose x86 Blades Cisco UCS E-Series modules

House up to 4 server blades in ISR G2

Single-device Network Integration House all devices in ISR G2 chassis

Multi-Gigabit Fabric backplane switch

IOS, MGF Backplane Switch

UCS E Series

Hypervisor

OS

App

OS

App

CIMCE UCS E Series

Hypervisor

OS

App

OS

App

50


UCS E Series Single-Wide

51

Up to 2 SATA, SAS or SSD hard

drives

Lights Out

Configuration

and

Management

Through CIMC

Intel Xeon E3 family

quad-core processor

On board Hardware RAID 0/1

with Hot-Swap Capability

One External and

Two

Internal GE Ports

USB 2.0 Port for External Device

Connectivity

8 GB , 12 GB

and 16 GB

DRAM

Options

Maximum 65 W Power

Draw

80% Less Than Server

Wire-Free, Plug-and-Play

Modularity,

Low Shipping Weight (2.5 lb/1.1 kg)

Remote and

Schedulable Power

Management

iSCSI Initiator

Hardware

Offload

KVM Console connector

10/100 Ethernet

Management Port

Two SD cards: one for

the CIMC and

temporary storage of

OS and one for a blank

virtual drive


UCS E Series Double-Wide

52

Up to 3 SATA, SAS, SSD hard

drives or 2 HDD and a PCIe card

Intel Xeon E5-2400 quad

core or six-core processor

On board hardware RAID 0, 1 and

5 •Configuration Options with Hot-Swap

Capability Two External and Two Internal GE Ports

with TCP/IP Acceleration

Front-panel VGA, 2 USB, and

serial connections

8 GB - 48 GB

DRAM Options

Maximum 130 W Power Draw

80% Less Than Server

Wire-Free, Plug-and-Play Modularity,

Low Shipping Weight (7 lb / 3.2 kg)

Remote and

Schedulable Power

Management

iSCSI Initiator

Hardware Offload

Two SD cards: one for the CIMC and

temporary storage of OS and one for a blank

virtual drive

Lights Out

Configuration

& MGMT

Through

CIMC


UCS E Series Specs

53

UCS-E140S

UCS-E140D(P)

UCS-E160D(P)

Processor Intel Xeon (Sandy Bridge)

E3-1105C (1 GHz)

Intel Xeon (Sandy Bridge)

E5-2428L (2 GHz) / E5-2418L

(1.8 GHz)

Core 4 4 / 6

Memory 8 - 16 GB

DDR3 1333MHz

8 - 48 GB

DDR3 1333MHz

Storage

200 GB- 2 TB (2 HDD)

SATA, SAS, SED, SSD

200 GB- 3 TB (3 HDD*)

SATA, SAS, SED, SSD

RAID RAID 0 & RAID 1 RAID 0, RAID 1 & RAID 5*

Network Port

Internal: 2 GE Ports

External: 1 GE Port

Internal: 2 GE Ports

External: 2 GE Ports

PCIE Card: 4 GE or 1 10 GE

FCOE

For Your Reference


Distributed VDI on UCS E-series Fully distributed solution

DataCenter/Headquarters

WAN

Remote Office clients

ISR G2 & UCS E WAAS

WAAS

• VDI and applications resiliency

• Best user-experience

• DataCenter Compute offloading

• Simplified management Branch Office

Cloud Intelligent Network Cloud Connectors


Cloud Difficulties in the Branch Wide-Area Constraints Make Branch Users Suffer

56

Branch Office

WAN Connection

Users expect the same

experience as local apps

Higher-Latency, Lower-

Bandwidth and Less

Reliable than Local Network

Apps often designed for

LAN performance

not WAN constraints

RESULT: Applications under-perform and are less reliable when

delivered across the WAN than when hosted locally.

OS

Cloud

App

OS

IaaS SaaS


Cloud Connectors for Better Cloud Applications Cloud Intelligence in the Branch Improves User Experience

57

Branch Office

WAN Connection

Users expect the same

experience as local apps

Higher-Latency, Lower-

Bandwidth and Less

Reliable than Local Network

Apps often designed for

LAN performance

not WAN constraints

RESULT: Application experience is improved by incorporating

cloud intelligence into the branch network.

OS

Cloud

App

OS

IaaS SaaS


Secure Public Cloud Access with Cisco Cloud Web Security (ScanSafe) Protect Internet Edge at Enterprise Branches

Key Benefits:

Avoid expensive backhaul of internet and

public cloud traffic through the

HQ/Datacenter

Single policy portal, easy of deployment and

management

Enhanced security for all users

Solution:

Integrate ScanSafe Connector in ISR G2.

Router redirects Internet Web traffic to

ScanSafe cloud

‒ Content analysis, detect/stop malware

‒ Web usage control – administrator can control

access to websites

Complement the integrated security

(ZBF, IPS) on the router

Internet

Branch Branch

Internet

WAN

Centralized Reporting

Consistent Policy Control

Web Security Web Filtering

HQ

Secure VPN Integrated

Security

Web

Security

ASR1K

http://www.salesforce.com/


Cloud Storage Connector Third Party Connector

End-User Virtual Portal • Users access their own cloud

backups and folders, restore and

share files.

MSP Admin Portal • Manage end-user accounts,

service provisioning and billing

Cisco ISR G2 and UCS® E-Series with Cloud Storage Gateway

MSP Network

Backup Agent for

Roaming Laptop

Branch Office Agent-Less Solution

Cloud storage is cached

in the branch. Branch

files are backed up to

the cloud.


Build Your Own Cloud Connector Home Brewed Connection to the Cloud

60

ISR G2 Branch Router

UCS Express

VM

Cloud

Service

VM

VM

Clo

ud

Co

nn

ecto

r

onePK

Cloud

Connected

Service

Custom cloud connectors run

in a Virtual Machine within

router.

Familiar set of application

deployment and management

tools from VMWare.

Rich network integration and

awareness through

standardized API

Cloud Intelligent Network onePK – Universal API


How We Interact With Routers & Switches Today

62

CLI

AAA

SNMP

HTML

XML

Syslog

Span

Netflow

CDP

Routing Protocols

Data

Plane

Monitoring

QoS

Security

Routing

Discovery

Interfaces

Vast Toolkit

• Familiar

• Many knobs

• Controlled Access

• Special Purpose Tools

Not Vast Enough

• Gaps

• Inconsistencies

• Not programmatic A

PP

LIC

AT

ION


What’s Missing from Today’s Interactions?

63

Consistency Across

Platforms Rich Actions

Modern Programming Languages

Multiple Deployment

Models

Data Plane Interaction

Routing

Discovery

Interfaces

Monitoring

QoS

Security

Data Plane

AP

PL

ICA

TIO

N


OnePK Architecture

64

Thrift / Sockets

Application

C

APIs

Java

APIs

Python

APIs

IOS IOSd/XE XR

Network

Abstraction

NX-OS

Network

Abstraction

Network

Abstraction Network

Abstraction

1) Write An App

2) App Talks To

Devices

3) Devices Do

Stuff


OnePK Provides Three Deployment Models

65

Container

Container

End-Point Hosting Process Hosting Blade Hosting

Cisco Network

Operating

System OnePK

Apps

Cisco Network

Operating

System

OnePK Apps

Bla

de

Cisco Network

Operating

System

Exte

rna

l

Se

rve

r

OnePK

Apps

Best For:

•Real Time

•Data Plane

Best For:

•Powerful RPs

•Low Latency

Best For:

•Less Delay Sensitive

•Multi-Element Apps

ISR-AX Application Visibility and Control (AVC) Cisco WAAS


Cisco ISR-AX—What’s Inside? Build on the Cisco ISR G2

Operational Simplification and Manageability

Application Visibility and Control

• NBAR2

• QoS

• Media Monitoring

• WAN Path Selection (PfR)

WAN Optimization

• Application Acceleration

• TPC Compression

• Data Redundancy Elimination

Hardware for ISR-AX

• SRE or Max DRAM

• Option for UCS-E Series Server

• Disks for 4451

Security

• VPN Encryption

• IOS Firewall

• Intrusion Prevention

• Cloud Web Security

67


“Today Network is an IT Blind Spot”

Static port classification is no longer enough

More and More apps are opaque

Increasing use of Encryption and Obfuscation

Application consists of multiple sessions (Video, Voice, Data)

68


Application Visibility and Control

69

Use QoS or PfR to

control application

network usage to

improve application

performance

ASR1K

ISR

Control

High

Med

Low

Advanced reporting

tool aggregates and

reports application

performance

App Visibility &

User Experience Report

Reporting Tool

ISR G2 & ASR collect

application bandwidth

and response time

metrics, and export to

management tool

ASR1K

ISR

NFv9

FNF

IOS PA

Reporting Tool Perf. Collection & Exporting

Reporting Tools

App BW Transaction

Time

…

WebEx 3 Mb 150 ms …

Citrix 10 Mb 500 ms …

DPI engine (NBAR2)

identifies applications

using L7 signatures

ASR1K

ISR

Deep Packet Inspection

http://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQ

http://images.google.fr/imgres?imgurl=http://4.bp.blogspot.com/_UZImdYAiry8/Sb9qYmN0llI/AAAAAAAAPtc/a_qXEx69CB0/s400/oracle_logo.jpg&imgrefurl=http://vectorlogo.blogspot.com/2009/03/oracle-logo-eps.html&usg=__TTg6bQ4L8aDCa2kKWUD3Q4YWewM=&h=161&w=400&sz=7&hl=fr&start=3&sig2=xj4d94noyf1kS0Adw6tzJA&um=1&tbnid=LLEUA6II6jNxiM:&tbnh=50&tbnw=124&prev=/images?q=oracle+logo&hl=fr&safe=off&rlz=1T4GGLL_frFR328FR328&um=1&ei=FeHBSvDVKsjKjAeGsfDoBQ


WAAS Express • Integrated ISR G2

• On-demand IOS-based

• Bandwidth optimization

• Inline IOS features (Security, QoS)

• Small footprint, Cost-effective, Single CLI

Virtual WAAS • Application acceleration from

Private/Virtual Private Cloud

• VMWare ESX/ESXi and UCS

deployments

• Agile, elastic, multi-tenant deployment

• vCM: common virtualized management

for physical/virtual WAAS

WAAS Service Ready Engine • Integrated ISR G2

• Application Acceleration

• Software on-demand provisioning

• No fork lift upgrade

WAAS Appliance • Application acceleration

• Virtual blades in branch offices

• Scalable platforms for range of

deployments

Cisco WAAS Improve application performance and user experience

70


“All in a box – simple to

deploy”

FULL FEATURED WAAS

ACCELERATOR INSIDE

• Tighter Integration

• Service aware data

plane – AppNav

• Dedicated Resources

• 3 steps to setup

within 10 minutes

• Up to 2500 connections

150Mbps optimized WAN

• Embedded AppNav to

expand w/ vWAAS on

UCS-E or externally

Native Simple Scalable

Key Benefits with ISR4451-X ISR-WAAS

71


Summary: Cisco ISR G2 and ISR 4451-X

Industry’s richest and most innovative integrated services platform – Addresses needs of any branch of any size Industry’s only router integrated secure WAN Optimization solution – Doubles your bandwidth and gives you a < 1 year ROI Video-ready architecture to enable a dynamic, adaptable branch network – Provides integrated video assessment, monitoring, and troubleshooting Network integrated security with reliable wired-wireless LAN/WAN services – Scalable VPN services with data protection and business continuity Make your network application and cloud aware – Extensive services that tie applications and networks together for the best experience

1

2

3

4

5

72


Other Sessions of Interest

73

Product Updates:

BRKARC-2016 - Integrating Services in the Branch Without Compromise

BRKAPP-2030 - Application Visibility and Control in Enterprise WAN

BRKAPP-3006 - Advanced Troubleshooting Cisco Wide Area Application Services (WAAS)

BRKARC-2012 - Application Hosting and OnePK Architecture Overview

Network Troubleshooting:

BRKARC-2002 - Network Diagnosis: Prevent Prepare Repair

Enterprise WAN Design:

BRKARC-2091 - Next Generation Enterprise WAN - Branch & Head-End

BRKRST-2041 - WAN Architectures and Design Principles


Maximize your Cisco Live experience with your

free Cisco Live 365 account. Download session

PDFs, view sessions on-demand and participate in

live activities throughout the year. Click the Enter

Cisco Live 365 button in your Cisco Live portal to

log in.

Complete Your Online Session Evaluation

Give us your feedback and you could win fabulous prizes. Winners announced daily.

Receive 20 Cisco Daily Challenge points for each session evaluation you complete.

Complete your session evaluation online now through either the mobile app or internet kiosk stations.

74