asr 1000 system & solutiond2zmdbbm9feqrf.cloudfront.net/2016/usa/pdf/brkarc-2001.pdf · asr...

ASR 1000 System & Solution Architectures

Jason Yang – CCIE #10467, Technical Marketing Engineer

BRKARC-2001

• Introducing the ASR 1000

• ASR 1000 System Architecture

• ASR 1000 Building Blocks

• ASR 1000 Software Architecture

• ASR 1000 Packet Flows

• QoS on the ASR 1000

• High-Availability on the ASR 1000

• Applications & Solutions

Agenda

Companion Session:

BRKARC-2019: Operating an ASR 1000

Introducing the ASR 1000

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public

ASR 1000 Aggregation Service RouterKey Design Principles

Ethernet

WAN and Provider

Edge Services

Voice and

Video

Services

(CUBE)

Security Services

(Firewall, VPN,

Encryption)

Multi-Service, Secure WAN Aggregation

Services

Application

Performance

Optimization

(AVC, PfR)

Best in Class

Availability

Enterprise IOS Features

with Modular OS and

Software Redundancy or

Hardware Redundancy

and ISSU

Best in Class ASIC

Technology

Quantum Flow Processor

(QFP) for high scale services

and sophisticated QoS with

minimum performance impact

BRKARC-2001 5


Cisco ASR 1000 Series Routers: Overview2.5 Gbps to 200Gbps – Designed today to scale up in the future

INSTANT ON

SERVICE DELIVERY BUSINESS-CRITICAL RESILIENCY

COMPACT,

POWERFUL ROUTER

• Scalable on-chip service enablement through software licensing

• Industry leading VPN/Crypto solutions

• Optimal user/app experience with AVC, PfRv3, and AppNav

• Feature UC services with CUBE(Ent)

• Scalable NAT44, NAT64 solutions

• Fully separated control and forwarding planes

• Hardware and software redundancy

• In-service software upgrades

• Inter and Intra-chassis redundancy

• DCI to support clustering across geographically dispersed data centers

• Line-rate performance 2.5G to 200G

• Investment protection with modular engines, IOS CLI and SPAs for I/O

• Hardware assists for ACL, QoS, etc.

• Hardware-based QoS engine with up to 464K queues

• Ethernet LC and EPA for High Density GE/10GE services

ASR 1004

ASR 1009-X

ASR 1002-X

5 to 36

Gbps

10 to 40

Gbps

40 to 100

Gbps

40 to 200

Gbps

2.5 to 20

Gbps

ASR 1001-X

Fixed Chassis Modular ChassisIOS-XE

ASR 1013

40 to 200

Gbps

ASR 1006-X

ASR 1002-HX

44 to 100

Gbps

BRKARC-2001 6


ASR 1000 Positioning

Perf

orm

ance a

nd S

cala

bili

ty

Service Provider Edge Routers

ISR Series

ASR1000

2.5-200Gbps perSystem

Distributed PE, Firewall, IPsec

Route Reflector

CUBE/VoIP

Broadband

7600 Series

Up to 2 Tbps per system

Carrier Ethernet

IP RAN

Mobile Gateways

SBC/VoIP

Video Monitoring

Enterprise Edge and Managed Services Routers

Managed L2/L3 VPNs

Integrated SecurityApplication Recognition

ISR4000 Series

1-2 Gbps per System

Separate Services Planes for Continuity

Pay-As-You-Grow

850 Mbps per System

350 Mbps with Services

BRKARC-2001 7

ASR 9000

Up to 48 Tbps per system

Carrier Ethernet

IP RAN

L2/L3 VPNs

Vidmon

BNG


ASR 1000 Enterprise ApplicationsFlexible WAN Services Edge & CPE

Mobile subscriber

Corporate office

High end branch

High Speed CPE

High-end Branch

Campus Edge

WAN aggregation

WAN Aggregation

IPSec VPN

L2 and L3 VPN

IWAN

DCI

Internet gateway

Cloud

Data Center Interconnect

Internet gateway

Cloud Services Edge

BRKARC-2001 8


ASR 1000 Service Provider ApplicationsA Wide Variety of Use Cases

CPE

Access and AggregationMobile Subscriber

Business

Residence

Wireless

Wire line

Cable

ISP

IP/MPLS Core

Edge

CGN

LNS

CPE

OLT

xPON

xDSLDSLAM

DOCSIS

ETTx

M-CMTS

PE

BNG

iWAG

VOD TV SIP

Content Farm

Peering

RR

L2/L3 VPNsIPsec/NAT/FWNBAR2

PPP or IP AggregationATM or EthernetIntelligent Services GatewayWiFi Access Gateway

BRKARC-2001 9

ASR 1000 System Architecture


Midplane

ASR 1000 Building BlocksE

SP

FECP

QFPCrypto

Assist.

interconn.

PPE BQS

FECP

Crypto

Assist.

interconnect

RP CPU

interconn GE switchS

IP

SPA SPA

IOCPAGG

ASIC

interconnect

RP CPU

interconn. GE switch

Embedded Service Processor

• Handles forwarding plane traffic

ES

P

FECP

QFPCrypto

Assist.

interconn.

PPE BQS

FECP

Crypto

Assist.

interconnectRoute Processor

• Handle control plane

• Manages system

EL

CBuilt-in GE/10GEs

IOCPAGG

ASIC

interconnect

MIP

EPA EPA

IOCPAGG

ASIC

interconnect

SPA Interface Processor

• Houses Shared Port Adapter (SPA)

• Packets buffer

• Centralized Forwarding Architecture • All traffic flows through the active ESP,

standby is synchronized with all the states

• Distributed Control Architecture• All major system components have a

powerful control processor dedicated for control and management planes

Ethernet Linecard

• Built-in GE/10GE ports

• Packets buffer

Modular Interface Processor

• Houses Ethernet Port Adapter (EPA)

• Packets buffer

BRKARC-2001 11


ASR 1000 Data Plane Architecture

Midplane

ES

P

FECP

QFPCrypto

Assist.

interconn.

PPE BQS

FECP

Crypto

Assist.

interconnect

RP CPU


RP CPU


ES

P

FECP

QFPCrypto

Assist.

interconn.

PPE BQS

FECP

Crypto

Assist.

interconnect

SIP

SPA SPA

IOCPAGG

ASIC

interconnect

EL

C

Built-in GE/10GEs

IOCPAGG

ASIC

interconnect

MIP

EPA EPA

IOCPAGG

ASIC

interconnect

• Enhanced SerDes Interconnect (ESI)

• serial communication via midplane

• can run at 11.5Gbps, 23Gbps or 110Gbps

• Provides data packet communication

• data packets between ESPs and other linecardspunt/inject traffic to/from RP

• state synchronization between ESPs

• two ESI links between each ESP and linecards(single ESI with MIP100)

• Additional full set of ESI links to standby ESP CRC protection of packet contents

BRKARC-2001 12


ASR 1000 Control Plane Architecture

Midplane

ES

P

FECP

QFPCrypto

Assist.

interconn.

PPE BQS

FECP

Crypto

Assist.

interconnect

ES

P

FECP

QFPCrypto

Assist.

interconn.

PPE BQS

FECP

Crypto

Assist.

interconnect

RP CPU


RP CPU


SIP

SPA SPA

IOCPAGG

ASIC

interconnect

EL

CBuilt-in GE/10GEs

IOCPAGG

ASIC

interconnect

MIP

EPA EPA

IOCPAGG

ASIC

interconnect

Ethernet Out of Band Channel (EOBC)

• 1Gbps Ethernet Bus

• Load images, pass control messages,

statistics and program QFP

Inter-integrated Circuit (I2C ) Bus

• Monitor health of hw (i.e. temp, volt…)

• Communicate active/standby

• control reset

• report power supply status

Interface Control Link

• Detect interfaces OIR

• Reset interfaces (via I2C)

• Power Control interfaces (via I2C)

BRKARC-2001 13

ASR 1000 Building Blocks:Modular Chassis


ASR 1000 Modular Chassis OverviewASR 1004 ASR 1006 ASR1006-X ASR 1009-X

AS

R 1

01

3

RP Slots 1 2 2 2 2

ESP Slots 1 2 2 2 (super) 2 (super)

SIP/MIP Slots 2 (SIP only) 3 (SIP only) 2 3 6

Built-In Ethernet N/A N/A N/A N/A N/A

Redundancy Software Hardware Hardware Hardware Hardware

Height 7” (4RU) 10.5” (6RU) 10.5” (6RU) 15.7” (9RU) 22.7” (13RU)

Bandwidth 10 – 40 Gbps 10 -100 Gbps 40 - 100 Gbps 40 - 200 Gbps 40 - 200 Gbps

Max Output Pwr 765W 1275W1100 power modules

N+1, Max 6

1100 power modules

N+1, Max 63200W

Airflow Front to back Front to back Front to back Front to back Front to back

BRKARC-2001 15


ASR 1000 Modular Chassis Compatibility Matrix

Chassis RP2 SIP40 ELC MIP100

& EPA

ESP20 ESP40 ESP100 ESP200

ASR1004 Yes Yes Yes No Yes Yes No No

ASR1006 Yes Yes Yes No Yes Yes Yes No

ASR1013 Yes Yes Yes Yes(2)(3) No Yes Yes Yes

ASR1006-X Yes(1) Yes Yes Yes(3) No Yes Yes No

ASR1009-X Yes(1) Yes Yes Yes(3) No Yes Yes Yes

*

(1)RP2 with new CPLD

(2)100G support in Slots 2&3; others at 40G

(3)ASR1000-MIP100 is not supported with ESP40

BRKARC-2001 16


ASR 1009-X

Forwarding Plane (ESP)

Up to 200Gbps per system

Supports ESP40, ESP100, ESP200 and future ESPs

Control Plane

Supports RP2 and RP3 (future)

8G – 64G DDR3 memory (RP3)

FIPS-140-3 certification

I/O Connectivity

12x SPA slots(SIP-40)

3 x ELC slots

6 x EPA (MIP-100)

System Management

RJ45 Console

Auxiliary Port

2x USB Ports

Power Supply

Modular power supply with N+1 redundancy

High efficiency, Load sharing, Hot-swappable

AC (1100W) or DC (950W)

BITS clocking

Stratum 3 built-in

Modular Fan Tray

Field Replaceable

30% improvement in airflow per slot vs integrated Fan module

Cryptography

Up to 78/59 Gbps(1400B/IMIX) crypto throughput using ESP 200

Suite-B crypto support

Hardware Redundancy

Dual ESP and RP slots for data plane and control plane redundancy

ISSU

BRKARC-2001 17


ASR1000-MIP100 (Modular Interface Processor)

1x100G

100G

100G Line rate

No oversubscription

1x100G

2 to 1 oversubscription

1x100G

10x10G

Line rate

No oversubscription

Mid

pla

ne

ESP100/200

MIP100

1006-X/1009-X with

ESP100/ESP200

BRKARC-2001 18


MIP100 ArchitectureRPs

GE, 1Gbps

I2C

EPA Control

ESI, 110 Gbps

Hypertransport, 10Gbps

Other

2 EPAs 2 EPAs

Standby ESP

SPA Agg.

Interface

Aggregation ASIC

Ingress

Scheduler

Egress

Buffer

Status

Ingress

Classifier

Egress

buffers

IOCP

…

Ingress

buffers

…

InterconnectDDRAM

Boot Flash

JTAG Ctrl

EEPROM

Temp Sensor

Reset / Pwr Ctrl

RPs

Chassis

management

Active ESPInput ref clocks

Netw

ork

clo

cks

2 EPAs 2 EPAs

RPs

Network

clock

distribution

Output ref clocks

BRKARC-2001 19


Ethernet Port Adapter (EPA)

EPA Modular Chassis with

MIP-100

ASR1002-HX Optics Modules

EPA-1x100GE XE 3.16.1

XE 16.2.1

XE 16.4.1

EPA-CPAK-2x40GE XE 3.16.2 (no XE3.17)

XE 16.3.1

XE 16.4.1

EPA-10x10GE XE 16.2.1

XE 16.3.1 (MACSec)

XE 16.3.1

XE 16.3.2

(MACSec)

SFP-10G-SR, SFP-10G-SR-X, SFP-10G-LR, SFP-

10G-LRM, SFP-10G-LR-X, SFP-10G-ER

EPA-18x1GE XE 16.3.1

XE 16.3.2 (MACSec)

XE 16.2.1

XE 16.3.1

(MACSec)

GLC-GE-100FX, GLC-SX-MMD, GLC-LH-SMD,

SFP-GE-T, GLC-BX-U, GLC-BX-D, GLC-TE, GLC-

SX-MM, GLC-LH-SM, GLC-EX-SMD, GLC-ZX-

SMD, CWDM-SFP, DWDM-SFP

CAB-MPO24-2XMPO12CPAK-100G-SR10 QSFP-40G-SR4

10 Metres

CPAK-100G-SR10 CPAK-100G-LR4

BRKARC-2001 20


Ethernet Line Cards

Fixed Ethernet Line card for ASR1k

Port Density 2x10GE+20x1GE

Throughput 40G

Key Features Feature parity with SIP40 + GE/10GE SPA

Plus: SyncE

Chassis ASR1004, ASR1006, ASR1013

ASR1006-X, ASR1009-X

RP RP2

ESP ESP40, ESP100, ESP200

Fixed Ethernet Line card for ASR1k

Port Density 6x10GE

Throughput 60G I/O with 40G Throughput

Key Features Feature parity with SIP40 + 10GE SPA

Exception: MDR not supported

Chassis ASR1004, ASR1006, ASR1013

ASR1006-X, ASR1009-X

RP RP2

ESP ESP40, ESP100, ESP200

BRKARC-2001 21


ASR1000 SPA interface processor (SIP)

SIP40 and SIP10 models

40bps and 10Gbps throughput

Supports up to 4 SPAs 4 HH, 2 FH, 2 HH+1 FH, full OIR support

Does not participate in forwarding decisions

Preliminary QoS Ingress packet classification – high & low priority Ingress over-subscription buffering 128MB of ingress oversubscription buffering

BRKARC-2001 22


Supported SPAs and SFPsWAN optics Ethernet Optics POS SPAs Serial SPAs Ethernet SPAs

SFP-OC3-MM

SFP-OC3-SR

SFP-OC3-IR1

SFP-OC3-LR1

SFP-OC3-LR2

SFP-OC12-MM

SFP-OC12-SR

SFP-OC12-IR1

SFP-OC12-LR1

SFP-OC12-LR2

SFP-OC48-SR

SFP-OC48-IR1

SFP-OC48-LR2

XFP-10GLR-OC192SR

XFP-10GER-OC192IR

XFP-10GZR-OC192LR

SFP-GE-S

SFP-GE-L

SFP-GE-T

SFP-GE-Z

GLC-TE

GLC-BX-D

GLC-BX-U

GLC-SX-MMD

GLC-LH-SMD

GLC-SX-MM

GLC-LH-SM

GLC-EX-SMD

GLC-ZX-SMD

GLC-GE-100FX

CWDM-SFP

DWDM-SFP

SFP-10G-SR

SFP-10G-SR-X

SFP-10G-LR

SFP-10G-LR-X

SFP-10G-ER

SFP-10G-ZR

XFP-10G-MM-SR

XFP-10GER-192IR+

XFP-10GER-192IR-L

XFP-10GLR-192SR-L

SPA-2XOC3-POS

SPA-4XOC3-POS

SPA-2XOC3-POS-V2

SPA-4XOC3-POS-V2

SPA-8XOC3-POS

SPA-1XOC12-POS

SPA-2XOC12-POS

SPA-4XOC12-POS

SPA-8XOC12-POS

SPA-1XOC48-POS/RPR

SPA-2XOC48POS/RPR

SPA-4XOC48POS/RPR

SPA-OC192POS-XFP

SPA-4XT-Serial

SPA-8XCHT1/E1

SPA-2XCT3/DS0

SPA-4XCT3/DS0

SPA-1XCHSTM1/OC3

SPA-1XCHOC12/DS0

SPA-2XT3/E3-V2

SPA-4xT3/E3-V2

SPA-8xT3/E3-V2

SPA-1XCHOC12/DS0

SPA-4X1FE-TX-V2

SPA-8X1FE-TX-V2

SPA-2X1GE-V2

SPA-5X1GE-V2

SPA-8X1GE-V2

SPA-10X1GE-V2

SPA-1X10GE-L-V2

SPA-1X10GE-WL-V2

ATM SPAs Service SPAs CEOPs SPAs

SPA-1XOC3-ATM-V2

SPA-3XOC3-ATM-V2

SPA-1XOC12-ATM-V2

SPA-DSPSPA-2X1GE-SYNCE

SPA-1CHOC3-CE-ATM

SPA-24CHT1-CE-ATM

SPA-2CHT3-CE-ATM

BRKARC-2001 23


Modular Route Processors: RP2RP2

CPU 2.66GHz Intel dual-core architecture

Default memory 8GB (4x2GB)

Memory upgrade options 16GB (4x4GB)

Built-In eUSB Bootflash 2GB

Storage80GB HDD

external USB

IOS XE OS 64 bit

Chassis Support

ASR 1004

ASR 1006

ASR 1013

ASR 1006-X

ASR 1009-X

BRKARC-2001 24


ASR 1000 Route Processor ArchitectureHighly Scalable Control Plane Processor

ESPs

2.5’’

Hard disk

Output clocks

SIPs ESPs RP SIPs RPESPs SIPs SIPs

Inputclocks

RP

CPU

2.66 GHz dual-core

I2C Chassis

Management Bus

Interconnect EOBC Switch

CPU Memory

Management

EthernetUSBConsole

& Aux

NVRAM

Bootflash

Stratum-3 Network

clock circuit

BITS

(input & output)

RP

GE, 1Gbps

I2C

ESI, 11.2 Gbps

BRKARC-2001 25


ASR1000 Embedded Services Processor (ESP) Centralized, programmable forwarding engine providing full-packet processing

Packet Buffering and Queuing/Scheduling (BQS)

For output traffic to carrier cards/SPAs

For special features such as traffic shaping, reassembly,replication, punt to RP, cryptography, etc.

5 levels of HQoS scheduling, up to 464K Queues,Priority Propagation

Dedicated crypto co-processor

Interconnect providing data path links (ESI) to/fromother cards over midplane

Transports traffic into and out of the CiscoQuantum Flow Processor (QFP)

Input scheduler for allocating QFP BW among ESIs

FECP CPU manages QFP, crypto device, midplane links, etc.

ESP40

ESP100

BRKARC-2001 26


ESP Bandwidth

• Overall throughput is determined by the type of ESP and SIPs used in modular platforms.

• Modular platforms are rate limited by speed of bus from QFP complex to backplane ASIC

• Bandwidth is expressed in terms of aggregated throughput.

50 Gbps 50 Gbps

50 Gbps50 Gbps

• 50G Unicast in each direction

• Total Output bandwidth 50+50=100

• 10G Multicast with 8X replication in one direction

• 20G unicast in the other direction

• Total Output bandwidth 80+20=100G

10G 80G

20G 20G

• 50Gbps Unicast in one direction and 70Gbps Unicast in the other direction

• Total output bandwidth (50+70=120) exceeds 100Gbps; only 100Gbps will be forwarded.

• 10Gbps Multicast with 10X replication in one direction• 10Gbps Unicast in the other direction• Total bandwidth (100+10=110) exceeds 100Gbps; only

100 Gbps will be forwarded

50 Gbps 50 Gbps 10G 100G

70 Gbps70 Gbps 10G10G

BRKARC-2001 27


ASR 1000 Forwarding ProcessorQuantum Flow Processor (QFP) Drives Integrated Services & Performance

QFP complex

Crypto

FECPGE, 1Gbps

I2C

ESI


Other

RPs RPs RPsESP SIPs

TCAMResource

DRAM

Packet Buffer

DRAM

Dispatcher Packet Buffer

Memory

…

Packet Processor Engines

PPE1 PPE2 PPE3 PPE4

PPE5 PPE6 PPE40

BQS

Chassis

Mgmt BusInterconnect

Bootflash

Memory

BRKARC-2001 28


ASR 1000 ESPs in Modular ChassisESP20 ESP40 ESP100 ESP200

System bandwidth (1500B) 20 Gbps 40 Gbps 100 Gbps 200 Gpbs

Performance (64B) 25 Mpps 25 Mpps 79 Mpps 151 Mpps

QFP cores 40 40 128 256

Clock Rate 1.2 GHz 1.2 GHz 1.5 GHz 1.5 GHz

Suite B support No No Yes Yes

Crypto BW (IMIX/1400B) 6.3/9.2 Gbps 7.4/12.9 Gbps 16/29 Gbps 59/78 Gbps

QFP Resource Mem 1GB 1GB 4GB2 GB / QFP

8GB total

Packet Buffer 256MB 256MB 1GB 2GB

Control CPUSingle core

1.2 GHzDual core

1.8 GHzDual core1.73 GHz

Dual core1.73 GHz

Control Memory 4 GB 8 GB 16 GB 32 GB

TCAM 40 Mb 40 Mb 80 Mb 2 x 80 Mb

Chassis SupportASR1004 ASR1006

ASR1004 ASR1006 ASR1013

ASR1006-X ASR1009-X

ASR1006 ASR1013

ASR1006-X ASR1009-X

ASR1013 ASR1009-X

BRKARC-2001 29


System Oversubscription in Modular Chassis (1)

Chassis

Version

ESP

Version

SIP/ELC/MIP

version

SIP/ELC/MIP

slots

Bandwidth per

I/O Slot (Gbps)

SPA/EPA to SIP/MIP

Oversubscription

Bandwidth

on ESP

(Gbps)

SIP/ELC/MIP to ESP

Oversubscription

I/O to ESP

Oversubscription

ASR 1006-X ESP40 SIP40 2 40 1:1 40 2:1 2:1

ESP40 ELC 2 40 1:1; 3:2* 40 2:1 2:1; 3:1*

ESP100 SIP40 2 40 1:1 100 4:5 4:5

ESP100 ELC 2 40 1:1; 3:2* 100 4:5 4:5; 2:3*

ESP100 MIP100 2 100 2:1 100 2:1 4:1

ASR 1009-X ESP40 SIP40 3 40 1:1 40 3:1 3:1

ESP40 ELC 3 40 1:1; 3:2* 40 3:1 3:1; 9:2*

ESP100 SIP40 3 40 1:1 100 6:5 6:5

ESP100 ELC 3 40 1:1; 3:2* 100 6:5 6:5; 9:5*

ESP100 MIP100 3 100 2:1 100 3:1 6:1

ESP200 SIP40 3 40 1:1 200 3:5 3:5

ESP200 ELC 3 40 1:1; 3:2* 200 3:5 3:5; 9:10*

ESP200 MIP100 3 100 2:1 200 3:2 3:1

* ASR1000-6TGE has 40Gbps ESI connection to ESP

BRKARC-2001 30


System Oversubscription in Modular Chassis (2)Chassis

Version

ESP

Version

SIP/ELC/MIP

version

SIP/ELC/MIP

slots

Bandwidth per

I/O Slot (Gbps)

SPA/EPA to SIP/MIP

Oversubscription

Bandwidth

on ESP

(Gbps)

SIP/ELC/MIP to ESP

Oversubscription

I/O to ESP

Oversubscription

ASR 1013 ESP40 SIP40 6 40 1:1 40 6:1 6:1

ESP40 ELCSlots 1, 2, 3, 4 40 1:1; 3:2*

40 9:2 9:2; 9:1*

Slots 5, 6 10 4:1; 6:1*

ESP100 SIP40 6 40 1:1 100 12:5 12:5

ESP100 ELC 6 40 1:1; 3:2* 100 12:5 12:5; 18:5*

ESP100 MIP100Slots 2, 3 100 2:1

100 18:5 12:1Slots 0, 1, 4, 5 40 5:1

ESP200 SIP40 6 40 1:1 200 6:5 6:5

ESP200 ELC 6 40 1:1; 3:2* 200 6:5 6:5; 9:5*

ESP200 MIP100Slots 2, 3 100 2:1

200 9:5 6:1Slots 0, 1, 4, 5 40 5:1

* ASR1000-6TGE has 40Gbps ESI connection to ESP

BRKARC-2001 31


Cisco Quantum Flow Processor (QFP)ASR1000 series innovation

• Five year design and continued evolution – now on 3rd generation

• Architected to scale to > 100Gbps

• Multiprocessor with 64 multi-threaded cores; 4 threads per core

• 256 processes per chip available to handle traffic

• High-priority traffic is prioritized

• Packet replication capabilities for Multicast

• Many H/W assists for accelerated processing

• 3rd generation QFP is capable for 70Gbps, 32Mpps processing

• Mesh-able: 1, 2 or 4 chips to build higher capacity ESPs

• Latency: tens of microseconds with features enabled

Cisco QFP

Packet Processor

Cisco QFP Traffic Manager

(Buffering, Queueing, Scheduling)

QFP Chip Set

BRKARC-2001 32


Cisco Enterprise Routing NPU LeadershipContinuing Investment in Network Processor Technology

Increasing network intelligent and services requirements

Over 100

Patents

Awarded!

1st Gen QFP

20G

2nd Gen QFP

40G

3rd Gen QFP

200GLower Cost fully

integrated NPU

and IO device

4th Gen QFP

> 200G

linerate security

and high perf

intelligent WAN

Perf

orm

ance

20122008 2016

#cores: Number of Packet Processing Engines

#threads: concurrent, parallel threads processed

High Speed Backplane Aggregation ASIC

IO Oversubscription & Aggregation ASIC

NPU

BRKARC-2001 33

ASR 1000 Fixed Platforms


ASR 1001-X ASR 1002-X ASR 1002-HX

SPA Slots 1 3 N/A

EPA Slots N/A N/A 1

NIM Slots 1 N/A 1

Built-In GE 6 6 8

Built-In TenGE 2 N/A 8

CPU 2.0GHz quad-core 2.13GHz quad-core 2.5GHz quad-core

Memory 8GB; upgradable to 16GB 4GB; upgradable to 8GB/16GB 16GB; upgradable to 32GB

StorageeUSB(8GB)

SSD (200GB, 400GB)

eUSB(8GB)

Optional HDD (160GB)

eUSB(32GB)

SSD (200GB, 400GB)

IOS Redundancy Software Software Software

Height 1.75” (1RU) 3.5” (2RU) 3.5” (2RU)

Throughput 2.5 to 20Gbps 5 to 36Gbps 44 to 100Gbps

Maximum Output Power 250W 470W 600W

Airflow Front to back Front to back Front to back

ASR 1000 Fixed Chassis Overview

BRKARC-2001 35


Multi-Core Network Processor

100Gbps forwarding capacity

124 Cores

4 Packet Threads / Core

496 simultaneous threads

Miscellaneous

RJ45 & mini-USB console

eUSB: 32GB

Secure Boot

ASR 1002-HX

Network Interface Module

1 double wide or 1 single wide NIM

NIM - Compatibility with ISR4400 and ASR1001-X

EPA - Ethernet Port Adapter

1x EPA slotBuilt in I/O

8x Gigabit Ethernet interfaces

8x TenGigabit Ethernet interfaces

Multipoint MACSEC for linerateencryption (1G & 10G)

Pay as you grow

License on built-in ports

4x TenGE+ 4xGE enabled by default

The remaining ports can be enabled in pairs

Application level service performance

58M Packets Per Second

Diverse VPN security solutions, up to 25G IMIX, SuiteB crypto support

Power Supply & Fans

Modular PS, FRUable

Fan Tray

Crypto module

Field upgradeable

Control plane

CPU: Quad Core @ 2.5 GHz

Memory: 16GB DDR3default memory,upgradeable to 32GB

BRKARC-2001 36


• ASR 1002-HX can be ordered with or without the crypto hardware

• Crypto module can be installed in the field unit when it need the function

• Crypto bandwidth licensed from factory (default 8Gbps, upgradeable to 16Gbps and 25Gbps)

• 25Gbps crypto license unlocks crypto performance cap of 39Gbps, which can be reached at 1400bytes packet size

• Upgrade crypto performance on the field units on demand

ASR 1002-HX Crypto Module

BRKARC-2001 37


ASR 1002-HX Architecture

CPU

2.5 GHz Quad-core I2C Chassis

Management Bus

CPU Memory

Management

EthernetUSB

Console

& Aux NVRAM

Boot Flash

QFP1

TCAM

(80Mbit)

BQS

PPEs

PPE1 PPE2 PPE3

PPE4 PPE62

Crypto

8xGE8x10

GEEPANIM

Dispatcher

Pkt Buffer

QFP2

BQS

PPEs

PPE1 PPE2 PPE3

PPE4 PPE62

Dispatcher

Pkt Buffer

Interconnect

Interface Aggregation ASIC

75Gbps75Gbps

150Gbps

Resource

DRAM

(2GB)

Pkts Buffer

DRAM

(512MB)

Resource

DRAM

(2GB)

Pkts Buffer

DRAM

(512MB)

80Gbps 8Gbps11Gbps 120Gbps

75Gbps Memory

(4GB)

I2C

Serdes Interface

Hypertransport

BRKARC-2001 38


ASR 1002-XPay As You Grow

License on system throughput

5 Gbps Default

Upgradeable to 10, 20, or 36 Gbps

Control Plane

CPU: Quad Core @ 2.13 GHz

Memory: 4GB default memory,upgradeable to 8/16GB

Secure Boot


Shared Port Adapter

3x SPA slots

System Management

RJ45 Console

Auxiliary Port

Management GE

2x USB Ports

Built-in I/O

6x1GE

syncE

BITS clocking

GPS input

Stratum 3 built-in

Cryptography

4 Gbps crypto throughput

SuiteB crypto support

Optional

160 GB hard disk


62 cores

4 threads per core


BRKARC-2001 39


ASR 1001-XPay As You Grow

License on system throughput

2.5 Gbps Default

Upgradeable to 5, 10, or 20 Gbps

License on built-in TenGE ports

Control Plane

Quad cores clocked at 2.0GHz

8G DDR3 default memory, upgradeable to 16GB

Secure Boot


Shared Port Adapter

1x SPA slot


31 cores

4 threads per Core


System Management

Management GE

RJ45 Console

Auxiliary Port

Mini-USB Console

2x USB Ports

Network Interface Modules (NIM)

2xSSD Drives

ISR 4000 modules

Built-in I/O

2x10GE

6x1GE

Multipoint MACsecsupport

Cryptography

5 Gbps crypto throughput

SuiteB crypto support

BRKARC-2001 40


ASR 1000 QFP in the Fixed Chassis

ASR1001-X ASR1002-X ASR1002-HX

System bandwidth 2.5 - 20Gbps 5 - 36Gbps 100Gbps

Performance 19Mpps 30Mpps 58Mpps

QFP cores 31 62 124

Clock Rate 1.5 GHz 1.2 GHz 1.5 GHz

QFP Resource Mem 4GB (unified)

256MB

1GB 4GB

Packet Buffer 512MB 1GB

TCAM 10 Mb 40 Mb 80 Mb

BRKARC-2001 41


System Oversubscription in the Fixed Chassis

ChassisQFP Throughput

(Gbps)

Built-in Ports

(Gbps)

SPA Ports

(Gbps)

EPA Ports

(Gbps)

I/O Aggregation BW

(Gbps)

Ports to I/O Aggregation

Oversubscription

I/O Aggregation to QFP

Oversubscription

I/O to QFP

Oversubscription

ASR 1001-X 20 26 10 n.a. n.a.(1) n.a. n.a. 9:5

ASR 1002-X 36 6 30 n.a. 40 9:10 10:9 1:1

ASR 1002-HX 100 88 n.a 100 150 94:75 3:2 47:25

(1) ASR1001-X I/O Aggregation directly integrated into QFP, each ports have linerate access to the forwarding complex.

(2) NIM is not counted as it only support low speed (T1/E1) interfaces.

BRKARC-2001 42

Software Architecture


• IOS XE = IOS + IOS XE Middleware + Platform Software

• Operational Consistency—same look and feel as IOS Router

• IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc.) 64-bit operation

• Linux kernel with multiple processes running in protected memory

• Fault containment

• Re-startability

• ISSU of individual SW packages

• ASR 1000 HA Innovations

• Zero packet loss with RP Failover

• <50ms ESP Failover

• Software redundancy

IOS XE Software architecture

ES

P

RP

IOS

active

Platform Adaptation Layer

(PAL)

Forwarding

manager

SIP

IOS

standby

Chassis

manager

Linux Kernel

Forwarding

managerChassis

manager

Linux Kernel

QFP client

QFP driver

Linux Kernel

Chassis

manager

SPA driverSPA driverSPA driver

Control

messaging

BRKARC-2001 44


Software Architecture – Modular Platform

ES

P

RP

IOS

active


(PAL)

Forwarding

manager

SIP

IOS

standby

Chassis

manager

Linux Kernel

Forwarding

managerChassis

manager

Linux Kernel

QFP client / driver

QFP code

Linux Kernel

Chassis

manager


Control

messaging

• Initialization of RP processes

• Initialization of installed cards

• Detects and manages OIR of cards

• Manages system status,

environments, power, EOBC

• Provides abstraction layer between

hardware & IOS

• Manages ESP redundancy

• Maintains copy of FIB and interface list

• Communicates FIB status to active &

standby ESP

• Runs Control Plane

• Generates configurations

• Maintains routing tables (RIB, FIB…)

• Communicates with forwarding

manager on RP

• Maintains copy of FIBs

• Provides interface to QFP client &

driver

• Programs QFP forwarding plane and

QFP DRAM

• Statistics collection & RP

communication

• Driver Software for SPA interface

cards is loaded independently

• Failure or upgrade of driver does not

affect other SPAs in the chassis

BRKARC-2001 45


• Single Control CPU

• Quad-core

• 64 bit OS

• 8GB, 16GB, 32GB memory support

• Standard IOS XE Processes

• Running over a single Linux kernel

• High Availability

• IOS redundancy

• Fault Containment

• Process Restartability

• Operational Consistency

• Same look and feel as standard IOS

• Ethernet Out of Band Channel

• Method by which processes in different subsystems communicate

Software Architecture – Fixed Platform

IOSChassis Mgr.

Forwarding Mgr.IOS

RP Subsystem

Ke

rne

l (in

cl. u

tilit

ies)

Interface Mgr.

Chassis Mgr.

SPA driver

I/O Subsystem

Chassis Mgr.

Forwarding Mgr.QFP Client / Driver

ESP Subsystem

ASR1001-X Control Plane CPU

SPA driver SPA driver

BRKARC-2001 46


ES

P

RP

IOS

active


(PAL)

Forwarding

manager

SIP

IOS

standby

Chassis

manager

Linux Kernel

Forwarding

managerChassis

manager

Linux Kernel

QFP client

QFP driver

Linux Kernel

Chassis

manager


Control

messaging

1. RPBase: RP Linux operating system

Upgrading of the OS will require reload to the RP and expect minimal changes

2. RPIOS: IOS executable

facilitates Software Redundancy feature

3. RPAccess (K9 & non-K9): Software required for Router access

Two versions available (with and without open SSH & SSL)

facilitates software packaging for export-restricted countries

4. RPControl : control plane processes for IOS / hardware interface

IOS XE Middleware

5. ESPBase: All ESP code

Any software upgrade of the ESP requires reload of the ESP

6. SIPBase/ELCBase: SIP/ELC OS & control processes

OS upgrade requires reload of the SIP/ELC

7. SIPSPA/ELCSPA: SPA drivers and SPA FPD

Facilitates SPA driver upgrade of specific SPA slots

Software Sub-packages

1

3

2

4

5

6

7

BRKARC-2001 47


IOS XE Release and support timelines

FCS EoVS

PSIRT Phase

EoSMEoSales

Standard releases – twice a year (March, November) supported for 18 months

• 6 months of active bug-fix, 6 months of limited bug fix, and 6 months of PSIRT

• Rebuild Intervals: 3 + 3 + 6 + 6 (PSIRT build as needed)

3 months 6 months 6 months3 months

.1S .2S .3S

Optional PSIRT build

.4S

FCS EoVS

Extended releases - Once a year (July) supported for 48 months

• 30 months of active bug-fix, 6 months of limited bug fix, and 12 months of PSIRT

• Rebuild Intervals: 3 + 3 + 4 + 4 + 4 + 6 + 6 + 6 + 6 + 6 (PSIRT builds as needed)

EoSMEoSalesEoSales

Notification

HPC

3 m 3 m 4 m 4 m 4 m 6 m 6 m 6 m 6 m 6 m

Optional PSIRT builds

.1S .2S .3S .4S .5S .6S .7S .8S .9S .10S

BRKARC-2001 48

Packet Flows – Data Plane


SIP/MIP ingress data pathRPs

4 SPAs 4 SPAs

SPA Agg.

Interface

Aggregation ASIC

Ingress

Scheduler

Egress

Buffer

Status

Ingress

Classifier

Egress

buffers

IOCP

…

Ingress

buffers

…

Interconnect

Active ESP1. SPA receives packet data from its

network interfaces and transfers the

packet to the SIP

2. SPA Aggregation ASIC classifies the

packet into H/L priority

3. SIP writes packet data to external

ingress buffers

4. Interface Agg ASIC selects among

ingress queues for next pkt to send

to ESP over ESI. It prepares the

packet for internal transmission

5. The interconnect transmits packet

data of selected packet over ESI to

active ESP.

BRKARC-2001 50


ESP data processing path

QFP complex

Crypto

FECP

RPsESP SIPs

TCAMResource

DRAM

Packet

Buffer DRAM


…

Packet Processor Engines

PPE1 PPE2 PPE3 PPE4 PPE5

PPE6 PPE7 PPE8 PPE40

BQS

Interconnect

1. Packet arrives at ESP via interconnect

2. Packet assigned to an available PPE a

by dispatcher

3. Input FIA invoked

• Netflow, MQC/NBAR Classify, FW, RPF,

WCCP…

4. Potentially forward through BQS to

crypto

5. Forwarding decision is made

• FIB lookup, MPLS, GRE, Multicast …

6. Egress FIA invoked

• Netflow, NAT, Police/Mark, Crypto…

7. Packet forwarded through BQS for

scheduling based on QoS and interface

bandwidth

8. Packet leaves ESP via interconnectBRKARC-2001 51


RPs

4 SPAs 4 SPAs

SPA Agg.

Interface

Aggregation ASIC

Ingress

Scheduler

Egress

Buffer

Status

Ingress

Classifier

Egress

buffers

IOCP

…

Ingress

buffers

…

Interconnect

Active ESP

SIP/MIP egress data path 1. Interconnect receives packet data

over ESI from the active ESP

2. SPA Aggregation ASIC receives the

packet and writes it to external

egress buffer memory

3. SPA Aggregation ASIC selects and

transfers packet data from eligible

queues to SPA-SPI channel (Hi

queue are selected before Low)

4. SPA transmits packet data on

network interface

BRKARC-2001 52

ASR 1000 QoS


ASR 1000 Forwarding PathQoS View

SPA

Classifiers

Buffers

IOS Process

TCAM

Interconnect

Interconnect

Interconnect

Interconnect

SPA SPA SPA

Scheduling

QFP

Buffers

Buffers

• Port rate limiting & weighting

for forwarding to ESP

• Ingress packet buffering

• Basic ingress classification

• Packet buffers used by QFP

• Advanced classification, policing, WRED

• Hierarchical egress packet scheduling

• Egress SIP packet buffering

BRKARC-2001 54


ASR 1000 QoSSIP Ingress Path

• Ingress packet priority classification

Classification based on:802.1p, IPv4 TOS, IPv6 TC, MPLS EXP

Configurable per port or VLAN

• Ingress SIP buffering

2 queues, high & low per port

High priority pkts from all ports will be sent to ESP before low priority queues

• Ingress SIP scheduler

By default all ports have a weight proportional to the interface bandwidth

Excess bandwidth is shared

Excess weight per port is configurable

Classifiers

Ingress

Buffers

Scheduling

SPASPA

SPASPAs

Buffer status

reporting

Egress

Buffers

Interconnect

BRKARC-2001 55


• Packets are accepted into the Cisco QFP and allocated to a free PPE thread to handle the packet

• Multiple packets are handles simultaneously in the Cisco QFP

• The following QoS functions are handled by PPEs:

• Classification

• Marking

• Policing

• WRED

• After all the above QoS functions (along with other packet forwarding features such as NAT, Netflow, etc.) are handled the packet is put in packet buffer memory handed off to the Cisco QFP Traffic Manager

ASR 1000 ESP QoSPPE Processing

BRKARC-2001 56


ASR 1000 MQC based QoSClassification and Marking

• Classification

IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, ACL, packet-length, ATM CLP, COS, inner/outer COS (QinQ), vlan, input-interface, qos-group, discard-class

QFP is assisted in hardware by TCAM

• Marking

IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, discard-class, qos-group, ATM CLP, COS, inner/outer COS

• Enhanced match & marker stats are enabled with a global configuration options

platform qos marker-statistics

platform qos match-statistics per-filter

platform qos match-statistics per-ace

BRKARC-2001 57


ASR 1000 MQC based QoSPolicing and Congestion Avoidance

Policing

1R2C – 1 rate 2 color




color blind and aware in XE 3.2 and higher software

supports RFC 2697 and RFC 2698

explicit rate & percent based configuration

dedicated policer block in QFP hardware

WRED

Precedence (implicit MPLS EXP), dscp, and discard-class based

ECN marking

Byte, packet and time based CLI

Packet based configurations limited to exponential constant values 1 through 6

Dedicated WRED block in QFP hardware

BRKARC-2001 58


Level 3 “Class”

queues

Level 2 “Class”

schedule

• Multilayer hierarchies (5 layers in total)

SIP, interface, up to 3 layers of queuing configured with MQC QoS

• Two levels of priority traffic (1 and 2)

• Strict and conditional priority rate limiting

• 3 parameter scheduler (min, max, & excess)

• Priority propagation to ensure no loss priority forwarding via minimum parameter

ASR 1000 MQC based QoSQueuing

SIP root

schedule

Interface

default queue

Level 1 “Vlan”

schedule

interface

schedule

BRKARC-2001 59


• Interface default queues have 50 ms of buffering in a packets based configuration (except on ESP-40 which uses 25 ms)

𝑞𝑢𝑒𝑢𝑒_𝑙𝑖𝑚𝑖𝑡𝑝𝑎𝑐𝑘𝑒𝑡𝑠 =𝑖𝑛𝑡𝑒𝑟𝑓𝑎𝑐𝑒_𝑠𝑝𝑒𝑒𝑑𝑏𝑖𝑡𝑠/𝑠𝑒𝑐 × 0.050𝑠𝑒𝑐

𝑖𝑛𝑡𝑒𝑟𝑓𝑎𝑐𝑒_𝑚𝑡𝑢𝑏𝑦𝑡𝑒𝑠/𝑝𝑎𝑐𝑘𝑒𝑡 × 8𝑏𝑖𝑡𝑠𝑏𝑦𝑡𝑒

• Queue-limit maybe manually configured with various units (packets, time, or bytes)

Packets based queue-limit deals well with bursts of variable size packets while providing a maximum limit to introduced latency when all packets are MTU sized.

Time or byte based queue-limit provides more exact control over maximum latency but will hold a variable number of packets based on the size of packets enqueued.

ASR 1000 MQC based QoSqueue limit management

BRKARC-2001 60


• The QFP Traffic Manager performs all packet scheduling decisions.

• Packets move through the QoS hierarchy even if MQC QoS is not configured.

• Cisco QFP Traffic Manager implements a 3 parameter scheduler which gives advanced flexibility.

Minimum - bandwidth or priority. Guaranteed to receive the min BW.

Excess - bandwidth remaining. By default classes have remaining ratio of 1.

Maximum - shape. Traffic rates beyond the shaper rates held in queues.

• Only 2 parameters can be configured at any level (min/max or max/excess)

• Priority propagation (via minimum) ensures that high priority packets are forwarded first without loss

ASR 1000 QoSScheduling

BRKARC-2001 61


ASR 1000 QoSThree parameter scheduler

2 Mb/sec

6 Mb/sec

5 Mb/sec

25

Mb

/s

6 Mb/sec

policy-map childclass voice

priority level 1police cir 2000000

class critical_servicesbandwidth 5000

class internal_servicesshape average percent 80

class class-default!policy-map parent

class class-defaultshape average 25000000service-policy child

Minimums

Excess

Maxim

um

6 Mb/sec

• Maximum is implemented by shapers.

• Excess is defined by the

bandwidth remaining, default ratio

of 1 if not configured.

• Minimum is defined by the bandwidth or priority classes.

BRKARC-2001 62


ASR 1000 QoSSIP Egress Path

• Egress buffering per SIP card

• No need for additional SIP based classification or queuing.

• Heavy lifting already done by QFP engine.

• Egress SIP has high and low priority buffers in case there is backpressure from a SPA

Classifiers

Ingress

Buffers

Scheduling

SPASPA

SPASPAs

Buffer status

reporting

Egress

Buffers

Interconnect

BRKARC-2001 63

Integrated Security on ASR 1000


ASR 1000 Cryptography SupportImproved Octeon Crypto Processor on X-series Chassis

ASR1001-X ASR1002-X ASR1002-HX ESP100 ESP200

Number of Crypto

Processor

1 1 1 1 2

Cores per

processor

10 6 32 22 32

Clock Rate 800MHz 800MHz 1200MHz 1100MHz 1100MHz

DRAM 1GB 1GB 4x1GB 2GB 2x4GB

Crypto Throughput

(IMIX)

5Gbps 4Gbps 25Gbps 16Gbps 59Gbps

Suite B

crypto

BRKARC-2001 65


Next Generation Encryption

Suite

BKey Establishment ECDH

Digital Signatures ECDSA

Hashing SHA-2

Authenticated

EncryptionAES-GCM

Authentication HMAC-SHA-2

Entropy SP800-90

ProtocolsTLSv1.2, IKEv2, IPsec,

MACSec

BRKARC-2001 66


ASR 1000 Forwarding ProcessorIPsec Processing is done with Crypto Co-processor Assist

QFP complex

Crypto

FECP

GE, 1Gbps

I2C

ESI


OtherRPs RPs RPsESP SIPs

TCAMResource

DRAM

Packet Buffer

DRAM


Memory

…

Packet Processor

Engines

PPE1 PPE2 PPE3 PPE4

PPE5 PPE6 PPE40

BQS

Chassis

Mgmt BusInterconnect

Bootflash

Memory

Anti-reply Check

Encryption/decryption (Diffie-Hellman)

NAT Traversal

Traffic-based lifetime expiry

IPSec SA Database

IKE SA Database

Crypto-map

DH Key pairs

IPSec SA class groups

Classes

Rules (ACE or IPSec SA)

IPSec SA Database

Outbound packet classification

Formatting of packets to crypto chip (internal header)

Receiving packets from crypto chip

Removal of internal crypto header

Re-assembly of fragmented IPSecpackets

BRKARC-2001 67


ASR 1000 IPSec Software ArchitectureFunction Partitioning

ES

P

RP

IOS

active


(PAL)

Forwarding

manager

SIP

IOS

standby

Chassis

manager

Linux Kernel

Forwarding

manager

Chassis

manager

Linux Kernel

QFP client

QFP driver

Linux Kernel

Chassis

manager


Control

messaging

• Creation of IPSec Security Associations (SA)

• IKE Control Plane (IKE negotiation, expiry, tunnel setup)

• Communicates FIB status to active & standby ESP

• Communicates with Forwarding manager on RP

• Provide interface to QFP Client / Driver

• Copy of IPSec SAs

• Copy of IKE SAs

• Synchronization of SA Database with standby ESP

• Punting of encrypted packets to the Crypto Assist

• Encryption / Decryption of packets

Crypto

assist

BRKARC-2001 68


Protects against TCP SYN Flood to the FW Session

Database

SYN Cookie Protection

Per Zone

Per VRF

Per BoX

Conformance checking, state tracking, security checks with

granular policy control

Over 20 Inspection Engines:

UC: SIP, Skinny, H.323, RSTP…

Enterprise Apps: Voice/Soft phones

Core Protocols: FTP, FTP66, SNMP, DNS, POP3, …

Database & O/S: LDAP, NetBIOS, Microsoft RPC, …

Protects Firewall Session Table from attacks that could be

based on UDP, TCP and ICMP

Half Open Session Limits are configurable:

Per Box and VRF Level

Per Class supported initially

FW resources are managed effectively with half open session

limit configuration knobs

Logs are generated when limits are crossed

ASR 1000 Integrated Zone-Based Firewall ProtectionDoS, DDoS and Application Layer Detection and Prevention

Enables detection of possible threats, anomalies and

attacks per Zone

Monitors rate of pre-defined events in the system;

alerts sent to Sys/HSL logs

Report drops due to: Basic FW check failures, L4

inspection failures, and count of the # of dropped

SYNs

Application Layer Protocol Inspection

Basic Threat DetectionTCP SYN Attack Prevention

Half Open Session Limit

Strictly Cisco Confidential BRKARC-2001 69

http://images.google.com/imgres?imgurl=http://www.ehs.washington.edu/images/BIOSGN2.jpg&imgrefurl=http://www.ehs.washington.edu/Manuals/BSManual/AppendixA.pdf&h=1028&w=850&sz=124&tbnid=HeNi2BPYUAgJ:&tbnh=149&tbnw=124&start=14&prev=/images?q=biohazard&hl=en&lr=&safe=off

http://images.google.com/imgres?imgurl=http://www.ehs.washington.edu/images/BIOSGN2.jpg&imgrefurl=http://www.ehs.washington.edu/Manuals/BSManual/AppendixA.pdf&h=1028&w=850&sz=124&tbnid=HeNi2BPYUAgJ:&tbnh=149&tbnw=124&start=14&prev=/images?q=biohazard&hl=en&lr=&safe=off


ASR 1000 Security Certifications

FIPS

14002, Level 2

Common Criteria

EAL4NSA Suite B

Hardware Assist

Cisco ASR 1000 Series

BRKARC-2001 70


ASR 1000 IPSec Performance & Scale

ASR 1001-X ASR 1002-X ASR 1002-HX RP2/ESP20 RP2/ESP40 RP2/ESP100 RP2/ESP200

Encryption

Throughput (IMIX)

5Gbps 4Gbps 25Gbps 6.3Gbps 7.3Gbps 16Gbps 59Gbps

VRFs 8k 8k 8k 8k 8k 8k 8k

Total Tunnels

(Site to Site IPSec)

8k 8k 8k 8k 8k 8k 8k

Tunnel Setup Rate

(per second)

130 130 130 130 130 130 130

DMVPN / BGP

Adjacencies

4k 4k 4k 6k 6k 6k 6k

DMVPN / EIGRP

Adjacencies

4k 4k 4k 4k 4k 4k 4k

FlexVPN

(IKEv2/DVTI)

10k 10k 10k 10k 10k 10k 10k

BRKARC-2001 71

High Availability


RP CPURP CPU

ES

P

QFPCrypto

Assist.PPE BQS

FECP

CryptoES

P

QFPCrypto

Assist.PPE BQS

FECP

Crypto

ASR 1000 High AvailabilityHardware Redundancy

• Redundant ESP / RP on ASR 1006, 1006-X, 1009-X, 1013

• Zero packet loss on RP rail-over

• Max 50ms loss for ESP fail-over

Intra-chassis Stateful Switchover (SSO)

Stateful features: PPPoX, AAA, DHCP, NAT, Firewall

• IOS XE also provides full support for Network Resiliency

NSF/GR/NSR for BGP, OSPFv2/v3, IS-IS, EIGRP, LDP

BFD (BGP, IS-IS, OSPF, PIM, HSRP); IP Event Dampening;

first hop redundancy protocols: GLBP, HSRP, VRRP

• Support for ISSU upgrade/downgrade

RP CPU

Crypto

Assist.

RP CPU

ES

P

QFPPPE BQS

FECP

Crypto ES

P

QFPCrypto

Assist.PPE BQS

FECP

Crypto

ELC

Built-in GE/10GE

IOCPIntf

Agg.

MIP

EPA EPA

IOCPIntf

Agg.

SIP

SPA SPA

IOCPIntf

Agg.

BRKARC-2001 73


ASR1000 High AvailabilitySoftware Redundancy

• IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc.)

• Linux kernel runs IOS process in protected memory for:

Fault containment

Restart-ability of individual SW processes

• Software redundancy helps when there is a IOS failure/crash

• Active process will switchover to the standby, while forwarding continues with zero packet loss

• Other software crashes (example: SIP or ESP) do not benefit from Software redundancy

• Support subpackage software upgrade

RP

Linux Kernel

ES

P

QFPPPE BQS

FECP

Crypto

SIP

SPA SPA

IOCPSPA

Aggreg.

SIP

SPA SPA

IOCPSPA

Aggreg.

stby

IOSd

active

IOSd

BRKARC-2001 74


• In Service Software Upgrade (ISSU) is a procedure backed by Cisco IOS infrastructure to accomplish an upgrade/downgrade while packet forwarding continues

• This procedure takes advantage of redundant processors, Routing protocols Graceful Restart, Non Stop Routing, SSO/NSF

• Minimal Disruptive Restart (MDR) keep interface UP and minimizes traffic disruption during ASR1k ELC/SIP/SPA upgrade by not resetting the hardware or reprogramming the data paths

ISSU and MDR

BRKARC-2001 75


ASR 1000 Super-Package ISSU

ACT

RP SIP

VersionX

VersionX

VersionX

STBY

RP

VersionX

VersionX

ACT

RPSIP

VersionX

STBY

RP

VersionY

VersionX

issu loadversion

STBY

RP

SIP

MDR

VersionX

ACT

RP

ACT

ESP

VersionY

VersionY

VersionY

issu runversion

(switchover)

issu acceptversion

(stop rollbacktimer)

issu commitversion

(finalizes new file version)

issu abortversion

Automatic rollback

or

issu abortversion

STBY

RP

STBY

ESPSIP

VersionY

ACT

RP

ACT

ESP

VersionY

VersionY

hw-module slot

<STBY_RP> reload

VersionY

VersionY

STBY

ESP

VersionY

ACT

ESP

VersionX

STBY

ESP

VersionX

Entire procedure can be automated by one shot ISSU command:

request platform software package install node file <filename> mdr

ACT

ESPSTBY

ESP

BRKARC-2001 76


ASR 1000 Stateful Inter-chassis Redundancy • 2 Cluster Members

• single redundancy group Act/Stby

• 2 redundancy groups Act/Stby – Stby/Act

• Supported Topology

• LAN-LAN

• LAN-WAN with asymmetric routing

• WAN-WAN with symmetric routing

• Connection between 2 members for RG control traffic & application data

• Used to exchange control traffic (RG hellos, RG state, fail-over signaling etc.) with object tracking

• Synchronization of NAT/Firewall/Cube state tables

• Addition interlink to divert the asymmetric routing traffic

• Direct connections between 2 members to avoid split-brain condition

• Configuration & FIB are not synchronized by RG infrastructure

• Inter-chassis and intra-chassis redundancy can not co-exist

RGact

RGsby

BRKARC-2001 77

ASR 1000 Applications & Solutions

ASR 1000 APPLICATIONS:Carrier Ethernet & MPLS VPN


MPLS L3VPN Applications

• VRF-Lite/Multi-VRF CE

• Sub-interface per VRF for CE/PE

• Up to 8,000 VRFs

• MPLS VPN (RFC 2547)

• IPv4 & IPv6

• MPLS QoS

• MPLS over (m)GRE overlay for large enterprise VPN

• MPLS TE FRR

• FRR Link, Path & Node protection

• RSVP & BFD triggered FRR

• Multicast VPN

• Encapsulation: IP/GRE, LSM

• Core Tree Signalling: PIM, mLDP

• C-Multicast Signaling: PIM, BGP

• Service: IPv4, IPv6

Multicast VPN

PMSI Instance

PMSI Instance

Multicast

Receiver

Multicast

Source

Provider Network

PE

PE

PE

PE

SP IP Service

WestEast

North

WAN-PE

WAN-PE

WAN-PEGRE

MPLS VPN o GRE

BRKARC-2001 80


ASR 1000 Carrier Ethernet Capabilities

• Support for Ethernet Virtual Circuit (EVC) infrastructure

• VLAN tags (single, double, ambiguous, untagged)

• 802.1ad S-VLANs

• Custom EtherType (e.g. IPv4/v6, PPPoE Discovery, PPPoE session)

• CoS Support

• Flexible EVC Forwarding Service

• Bridge Domain, Xconnect, Bridge Domain Interface, Pseudowire

• Ethernet OAM

• Link OAM, CFM, 802.1ag + Y.1731 extension, 802.3ah, Loopback, ELMI

• Support for E-Line, E-Lan, E-Tree

• Port/VLAN modes with interworking and local switching

• Strong UNI features

• HQoS, Security ACL, MAC Security

• Flexible Tag Matching and Manipulation

EF

Ps

Ports

MP

LS

BD BD

L2 Interworking

(not yet supported)

ATM/FREFPs

BD BDI

BD L2 VFI

L3/VRF

Routed

Pseudowire

Pseudowire

L2 MP Bridging

connect

(hair-pin)

connect

xconnect

Pseudowire

Ports

Ports

EF

Ps

EF

Ps

Ethernet Flow point (EFP) service

instance is a logical interface that

connects a bridge domain to a physical

port.

BRKARC-2001 81


Can ASR 1000 Be a Layer 2 Switch ?

Yes!

• EVC addresses flexible ethernet edge requirements

• Flexible VLAN manipulation

• Virtual interface (BDI) similar to SVI on a switch

• Support Spanning tree protocols (MST, PVST, RPVST+)

• Support various ethernet encapsulations (802.1q, 802.1ad, Q-in-Q, 802.1ah)

• VLAN to forwarding service (L3/BDI, P2P, P2MP)

• Support E-OAM capabilities

No!

• LAN Switch port density

• Lowest cost per port

• Rich IOS LAN switch functionality & capability

Answer:

• Handy solution to absorb a switch/trunk in some situations especially for integrated L3 edge applications

BRKARC-2001 82


VPLS Services

• VPLS Full-mesh, Hub/Spoke & H-VPLS Provider Edge

• 1M MAC Addresses

• Broadcast, Unknown Unicast and Multicast (BUM) control

• VPLS over GRE/IPSec

• VPLS Auto-discovery

• LDP Signal (RFC 6074)

• BGP Signal (RFC 4761)

• Inter-AS support

• Option A (BGP Signal)

• Option B, C (LDP Signal)

• U-PE dual-homing

• Multiple spanning tree with control pseudowire

• Routed Pseudowire

• VPLS circuit terminated on Bridge Domain Interface

N-PE

N-PE

N-PECE CE

U-PE/H-VPLS PE

Full mesh of

Targeted LDP

exchange VC lables

Attachment VCs

are port mode or

VLAN ID

CE: Customer Edge Device

N-PE: Network Facing Provider Edge

U-PE: User Facing Provider Edge

VSI/VFI: Virtual Switching/Forwarding Instance

Tunnel LSP

BRKARC-2001 83


Segment RoutingSimplifying the Transport

• Source Routing: the source chooses a path and encodes it in the packet header as an ordered list of segment

• Segment: an identifier for any type of instructions: forwarding or service

• IGP only: no LDP, no RSVT-TE

• ECMP

• Interworking with LDP: ease of migration

• Topology independent 50msec FRR

• Support all existing VPN services

• Engineered for SDN

SR WAN

SR

IGP

VPN

VPN

pktpktvpn

16006

pktvpn

BRKARC-2001 84

ASR 1000 APPLICATIONS:Internet Edge


Enterprise Internet Edge Profile

Te

nG

ig3

Te

nG

ig4

ASR1013-2

switch2

Te

nG

ig4

Port-channelRG

ACT

RG

STD

Y

ISP1

LAN

VSS

Inet II

ISP3

IPv6ISP2

• Routing: up to 5 full ISP peerings

• HQoS, ACL, FNF, CoPP

• Services:

• NAT: NAT44/NAT64, VRF Aware, VASI

• ZBFW

• ALG

• AVC

• Stateful Inter-chassis redundancy

• Topology: LAN-WAN, LAN-LAN

• Platforms: ASR1001-X/ASR1002-X, RP2/ESP40

BRKARC-2001 86

ASR 1000 APPLICATIONS:Secure VPN


VPN Solutions Overview

DMVPN

Multipoint GRE Tunnels

NHRP

GETVPN

Crypto Map

GDOI

FlexVPN

Dynamic VTI

IKEv2

Easy VPN

Dynamic VTI

Crypto Map

IKEv1

SSLVPN

TLS

IKEv1/

IKEv2

IKEv1/

IKEv2

IPsec–based VPNs

BRKARC-2001 88


DMVPN and GETVPN Comparison

Routing

Dynamic or static routing on the overlay and provider networks

Minimal-to-no Peering With Provider

Easy Multi-Homing Designs

DMVPN

Data Plane

Any WAN Transport: Internet, MPLS

Site-to-Site Requires Tunnel Setup

Hub-site Multicast Replication

Per-Tunnel QoS- Hub-Spoke, Spoke-Spoke

IPsec

Pair-Wise Keys: Per tunnel keys

VPN is based on mGRE Overlay

Client IP Addressing Hidden From Provider

Dynamic and Static Routing With Provider

Provider Routes Traffic Between Sites

Less Control Plane Overhead Traffic

Private WANs Only: MPLS

No Tunnels for Site-to-Site Connectivity

Multicast Replication in Provider Network

QoS and SLA are provider driven

Group Keys: Single Group Key for All Sites

VPN is based on MPLS

Client IP Addressing Exposed to Provider

Key ServerHub

GETVPN

SpokeSpoke

Spoke Group Member

Group MemberGroup Member

BRKARC-200189


VPN Selection Criteria for Key Solutions

• The roadmap on VPN Services aligned with Cisco recommendation

Key Solutions DMVPN GETVPN FlexVPN

(dVTI, IKEv2)

SSLVPN

(TLS)

Easy VPN (IPsec

tunnels, IKEv1)

IPsec VPN (CM,

VTI, p-pGRE)

Remote Access

(SW Clients)

N/A N/A SR SR S S

IOT SR SR SR SR S S

IWAN SR N/A N/A N/A N/A N/A

DCI N/A SR N/A N/A N/A S

MPLS VPN over

MGRE

N/A SR N/A N/A N/A S

SR = Supported and Recommended

S = Supported

BRKARC-2001 90


WAN MACSec Applications

• MKA based keying (IEEE 802.1X-2010)

• 802.1AE strong encryption

• 128/256 bits AES-GCM, NIST approved, line rate performance

• Vlan tag in clear option

• Point-to-point

• Port based E-LINE Service

• VLAN based E-LINE Service

• Point-to-Multipoint

• Port based E-LAN Service

• VLAN based E-LAN Service

• 32 peers on 10GE; 8 peers on GE

DC1

DC2

Metro

E-LINE

Building 3

Metro

E-LAN

Main Building 1

Building 2 Building 4

BRKARC-2001 91

Data Center Interconnect Connect large branch, regional aggregate site to DC

ASR 1000 APPLICATIONS:Datacenter Interconnect (DCI)


DCI with OTV

Security

• IPsec or GETVPN

Use Cases

Datacenter maintenance/DR

workload mobility (i.e. Vmotion)

Active/Active Datacenters (HA

Clustering, i.e. MSCS, Vmware

Cluster)

Legacy Application (non-

IP/Routable apps, i.e. NetBios)

High Availability

• Built-in loop prevention

• Built-in multi-homing

• Preserve failure boundary

• All paths active

• FHRP

Connectivity

• IP Core (unicast & mcast)

• Optimal multicast replication

• +LSIP for optimal routing

• Up to 20 sites

• Interop with N7k

• Support Fragmentation

MAC IF

MAC1 Eth1

MAC2 IP B

MAC3 IP B

Edge Device A

IP B

Edge Device B

Encap Decap

Ethernet Frame IP packet Ethernet Frame Ethernet Frame

MAC IF

MAC1 IP A

MAC2 Eth 1

MAC3 Eth 2ASR1K

ASR1K

IP Core

OTV Join Intf OTV Join Intf

ASR1K

Edge Device B

Edge Device C

BRKARC-2001 93


VXLAN Enables Scale and Flexibility in the Datacenter

IP/MPLS coreuni or multicast

VxLAN (MAC in IP)

VXLAN L2 Gateway• VXLAN to 802.1q

VXLAN L3 Gateway• VXLAN to Routed

• VXLAN to L3 VRF mapping

Internet

Hypervisor

Scale

• 4,000 VXLAN Tunnel

Endpoints (VTEPs)

• Up to 16k VXLAN Network

Identifiers (VNIs)

• Up to 16k Bridge Domain

Interfaces (BDIs)

• Up to 1M MAC addresses

Use Cases

• VXLAN-VXLAN Interworking

• VLAN-VXLAN Interoperability

• VXLAN-VPLS Interoperability

• VXLAN-VRF Integration

Standard

• MAC-in-IP: RFC 7348

• Unicast (Ingress replication)

or Multicast (BiDir) for

peering and MAC

reachability

Connectivity

• Provides L2 connectivity between virtual switches in hypervisors, hardware switches and hardware routers

• VXLAN extends subnets to virtualized resources

BRKARC-2001 94


EVPN L3 DCI ASR1k as a Border Leaf connects with Standalone ACI Fabric using EVPN and VXLAN in DC Side, GETVPN on the WAN

95BRKARC-2001

Enterprise Site

iBGP

IPVPN

PE-CECE-PE

MPLS

IPIP

RD, Prefix , RT, L3 VNINext Hop – VTEP IPTunnel Encap – VXLANRouter MAC

PrefixNext Hop

EVPN Route

IP Route

Feature InteractionSolution Characteristics

• ASR1k Border Leaf Connecting WAN with DC

• Multi-tenant VRF Lite solution where a VRF is

assigned to a tenant

• Services: QoS, NAT, IPsec, AVC, PfR,

AppNav, ZBFW, etc.

• WAN side: Back to Back VRFs with dedicated

L3 sub-interfaces between DC & WAN

• DC side: EVPN – VRF Lite integration

• Orchestration: VTS, Cisco Prime

GETVPN over MPLS

Spine

Leaf

Fabric Extenders

N9500 N9500 N9500 N9500

N9300 N9300 N9300 N9300 N9300 N9300 N9300 N9500 N9500

Data Center 1

VXLAN

MP-BGP

EVPN IP40G links

DC

ASR 1000 APPLICATIONS:Intelligent WAN (IWAN)

IWAN Sessions this week:

BRKCRS-2000 Intelligent WAN (IWAN) Architecture

BRKCRS-2002 IWAN Design and Deployment Workshop

TECCRS-2004 Implementing the Intelligent WAN (IWAN)

BRKRST-2362 Implementing Performance Routing (PfRv3)

BRKRST-2514 Application Optimization and Provisioning the Intelligent WAN (IWAN)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 97BRKARC-2001

Intelligent WAN Solution Components

MPLS

Branch

3G/4G-LTE

AVC

Internet

PrivateCloud

VirtualPrivateCloud

PublicCloudWAAS PfR

Application Optimization

• Application visibility with

performance monitoring

• Application acceleration

and bandwidth

optimization

Secure Connectivity

• Certified strong encryption

• Comprehensive threat

defense

• Cloud Managed Security for

secure direct Internet access

Intelligent Path Control

• Dynamic Application best

path based on policy

• Load balancing for full

utilization of bandwidth

• Improved availability

TransportIndependent

• Consistent operational model

• Simple provider migrations

• Scalable and modular design

• IPsec routing overlay design

Control & Management Automation


Start with Cisco AX RoutersIWAN Capabilities Embedded in the Router

Simplify Application

Delivery

One Network

UNIFIED SERVICES

ASR1000-AX

ISR-AX

Cisco AX Routers 3900 | 2900 | 1900 | 800 | 4000 | ASR1000

Transport Independent

Secure Routing

Optimization

Control

Visibility

Summary and Take away


• ASR 1000 is the Swiss Army Knife to solve your tough network problems

• Reduce complexity in your network edge.

• ASR 1000 is well positioned for both Enterprise and Service Provider Architectures.

• ASR 1000 is at the heart of Cisco IWAN solutions

• Come see live at our WoS Booth!

Summary and Key Takeaways

BRKARC-2001 100


Relevant Sessions at Cisco Live 2016

Breakout Sessions

• BRKARC-2009 Operating an ASR 1000

• BRKARC-2031 QoS Config Migrations From Classic IOS to IOS XE

• BRKCRS-3147 Advanced troubleshooting of the ASR1K and ISR 4451-X made easy

BRKARC-2001 101


Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.

BRKARC-2001 102

CiscoLive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/Online

http://ciscolive.com/us

http://ciscolive.com/us


Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Lunch & Learn

• Meet the Engineer 1:1 meetings

• Related sessions

103Presentation ID

Please join us for the Service Provider Innovation Talk featuring:

Yvette Kanouff | Senior Vice President and General Manager, SP Business

Joe Cozzolino | Senior Vice President, Cisco Services

Thursday, July 14th, 2016

11:30 am - 12:30pm, In the Oceanside A room

What to expect from this innovation talk

• Insights on market trends and forecasts

• Preview of key technologies and capabilities

• Innovative demonstrations of the latest and greatest products

• Better understanding of how Cisco can help you succeed

Register to attend the session live now or

watch the broadcast on cisco.com

Thank you


R&S Related Cisco Education OfferingsCourse Description Cisco Certification

CCIE R&S Advanced Workshops (CIERS-1 &

CIERS-2) plus

Self Assessments, Workbooks & Labs

Expert level trainings including: instructor led workshops, self

assessments, practice labs and CCIE Lab Builder to prepare candidates

for the CCIE R&S practical exam.

CCIE® Routing & Switching

• Implementing Cisco IP Routing v2.0

• Implementing Cisco IP Switched

Networks V2.0

• Troubleshooting and Maintaining

Cisco IP Networks v2.0

Professional level instructor led trainings to prepare candidates for the

CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in

self study eLearning formats with Cisco Learning Labs.

CCNP® Routing & Switching

Interconnecting Cisco Networking Devices:

Part 2 (or combined)

Configure, implement and troubleshoot local and wide-area IPv4 and IPv6

networks. Also available in self study eLearning format with Cisco Learning

Lab.

CCNA® Routing & Switching

Interconnecting Cisco Networking Devices:

Part 1

Installation, configuration, and basic support of a branch network. Also

available in self study eLearning format with Cisco Learning Lab.

CCENT® Routing & Switching

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact [email protected]

BRKARC-2001 107

http://learningnetwork.cisco.com/

mailto:[email protected]


Design Cisco Education OfferingsCourse Description Cisco Certification

Designing Cisco Network Service Architectures

(ARCH) Version 3.0

Provides learner with the ability to perform conceptual, intermediate, and

detailed design of a network infrastructure that supports desired capacity,

performance, availability required for converged Enterprise network

services and applications.

CCDP® (Design Professional)

(Available Now)

Designing for Cisco Internetwork Solutions

(DESGN) Version 3.0

Instructor led training focused on fundamental design methodologies used

to determine requirements for network performance, security, voice, and

wireless solutions. Prepares candidates for the CCDA certification exam.

CCDA® (Design Associate)

(Available Now)



BRKARC-2001 108




Service Provider Cisco Education OfferingsCourse Description Cisco Certification

Deploying Cisco Service Provider Network Routing

(SPROUTE) & Advanced (SPADVROUTE)

Implementing Cisco Service Provider Next-Generation

Core Network Services (SPCORE)

Edge Network Services (SPEDGE)

SPROUTE covers the implementation of routing protocols (OSPF, IS-IS, BGP),

route manipulations, and HA routing features; SPADVROUTE covers advanced

routing topics in BGP, multicast services including PIM-SM, and IPv6;

SPCORE covers network services, including MPLS-LDP, MPLS traffic engineering,

QoS mechanisms, and transport technologies;

SPEDGE covers network services, including MPLS Layer 3 VPNs, Layer 2 VPNs,

and Carrier Ethernet services; all within SP IP NGN environments.

CCNP Service Provider®

Building Cisco Service Provider Next-Generation

Networks, Part 1&2 (SPNGN1), (SPNGN2)

The two courses introduce networking technologies and solutions, including OSI

and TCP/IP models, IPv4/v6, switching, routing, transport types, security, network

management, and Cisco OS (IOS and IOS XR).

CCNA Service Provider®

Implementing Cisco Service Provider Mobility UMTS

Networks (SPUMTS);

Implementing Cisco Service Provider Mobility CDMA

Networks (SPCDMA);

Implementing Cisco Service Provider Mobility LTE

Networks (SPLTE)

The three courses (SPUMTS, SPCDMA, SPLTE) cover knowledge and skills

required to understand products, technologies, and architectures that are found in

Universal Mobile Telecommunications Systems (UMTS) and Code Division Multiple

Access (CDMA) packet core networks, plus their migration to Long-Term Evolution

(LTE) Evolved Packet Systems (EPS), including Evolved Packet Core (EPC) and

Radio Access Networks (RANs).

Cisco Service Provider Mobility

CDMA to LTE Specialist;

Cisco Service Provider Mobility UMTS

to LTE Specialist

Implementing and Maintaining Cisco Technologies

Using IOS XR (IMTXR)

Service Provider/Enterprise engineers to implement, verification-test, and optimize

core/edge technologies in a Cisco IOS XR environment.

Cisco IOS XR Specialist



BRKARC-2001 109




Data Center / Virtualization Cisco Education OfferingsCourse Description Cisco Certification

Introducing Cisco Data Center Networking (DCICN);

Introducing Cisco Data Center Technologies (DCICT)

Learn basic data center technologies and skills to build a

data center infrastructure.

CCNA® Data Center

Implementing Cisco Data Center Unified Fabric (DCUFI);

Implementing Cisco Data Center Unified Computing (DCUCI)

Designing Cisco Data Center Unified Computing (DCUDC)

Designing Cisco Data Center Unified Fabric (DCUFD)

Troubleshooting Cisco Data Center Unified Computing

(DCUCT)

Troubleshooting Cisco Data Center Unified Fabric (DCUFT)

Obtain professional level skills to design, configure,

implement, troubleshoot data center network infrastructure.

CCNP® Data Center

Product Training Portfolio: DCNMM, DCAC9K, DCINX9K,

DCMDS, DCUCS, DCNX1K, DCNX5K, DCNX7K

Gain hands-on skills using Cisco solutions to configure,

deploy, manage and troubleshoot unified computing, policy-

driven and virtualized data center network infrastructure.

Designing the FlexPod® Solution (FPDESIGN);

Implementing and Administering the FlexPod® Solution

(FPIMPADM)

Learn how to design, implement and administer FlexPod

solutions

Cisco and NetApp Certified

FlexPod® Specialist



BRKARC-2001 110




Network Programmability Cisco Education OfferingsCourse Description Cisco Certification

Integrating Business Applications with Network

Programmability (NIPBA);

Integrating Business Applications with Network

Programmability for Cisco ACI (NPIBAACI)

Learn networking concepts, and how to deploy and troubleshoot

programmable network architectures with these self-paced courses.

Cisco Business Application

Engineer Specialist Certification

Developing with Cisco Network Programmability

(NPDEV);

Developing with Cisco Network Programmability

for Cisco ACI (NPDEVACI)

Learn how to build applications for network environments and effectively

bridge the gap between IT professionals and software developers.

Cisco Network Programmability

Developer Specialist Certification

Designing with Cisco Network Programmability

(NPDES);

Designing with Cisco Network Programmability

for Cisco ACI (NPDESACI)

Learn how to expand your skill set from traditional IT infrastructure to

application integration through programmability.


Design Specialist Certification

Implementing Cisco Network Programmability

(NPENG);

Implementing Cisco Network Programmability

for Cisco ACI (NPENGACI)

Learn how to implement and troubleshoot open IT infrastructure

technologies.


Engineer Specialist Certification



BRKARC-2001 111




Cloud Cisco Education OfferingsCourse Description Cisco Certification

Understanding Cloud Fundamentals

(CLDFND)

Learn how to perform foundational tasks related to Cloud computing, and the essentials

of Cloud infrastructureCCNA Cloud

Introducing Cloud Administration

(CLDADM)

Learn the essentials of Cloud administration and operations, including how to provision,

manage, monitor, report and remediate.

Implementing and Troubleshooting the

Cisco Cloud Infrastructure (CLDINF)

Learn how to implement and troubleshoot Cisco Cloud infrastructure: compute,

network, storage.

CCNP Cloud

Designing the Cisco Cloud (CLDDES)*Learn how to design private and hybrid Clouds including infrastructure, automation,

security and virtual network services

Automating the Cisco Enterprise Cloud

(CLDAUT)*

Learn how to automate Cloud deployments – provisioning IaaS (private, private with

network automation and hybrid) and applications, life cycle management

Building the Cisco Cloud with Application

Centric Infrastructure (CLDACI)*

Learn how to build Cloud infrastructures based on Cisco Application Centric

Infrastructure, including design, implementation and automation

UCS Director Foundation (UCSDF)Learn how to manage physical and virtual infrastructure using orchestration and

automation functions of UCS Director.

* Available Q2CY2016



BRKARC-2001 112



asr 1000 system & solutiond2zmdbbm9feqrf.cloudfront.net/2016/usa/pdf/brkarc-2001.pdf · asr...

Documents