asr 1000 system & solutiond2zmdbbm9feqrf.cloudfront.net/2016/usa/pdf/brkarc-2001.pdf · asr...
TRANSCRIPT
ASR 1000 System & Solution Architectures
Jason Yang – CCIE #10467, Technical Marketing Engineer
BRKARC-2001
• Introducing the ASR 1000
• ASR 1000 System Architecture
• ASR 1000 Building Blocks
• ASR 1000 Software Architecture
• ASR 1000 Packet Flows
• QoS on the ASR 1000
• High-Availability on the ASR 1000
• Applications & Solutions
Agenda
Companion Session:
BRKARC-2019: Operating an ASR 1000
Introducing the ASR 1000
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Aggregation Service RouterKey Design Principles
Ethernet
WAN and Provider
Edge Services
Voice and
Video
Services
(CUBE)
Security Services
(Firewall, VPN,
Encryption)
Multi-Service, Secure WAN Aggregation
Services
Application
Performance
Optimization
(AVC, PfR)
Best in Class
Availability
Enterprise IOS Features
with Modular OS and
Software Redundancy or
Hardware Redundancy
and ISSU
Best in Class ASIC
Technology
Quantum Flow Processor
(QFP) for high scale services
and sophisticated QoS with
minimum performance impact
BRKARC-2001 5
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ASR 1000 Series Routers: Overview2.5 Gbps to 200Gbps – Designed today to scale up in the future
INSTANT ON
SERVICE DELIVERY BUSINESS-CRITICAL RESILIENCY
COMPACT,
POWERFUL ROUTER
• Scalable on-chip service enablement through software licensing
• Industry leading VPN/Crypto solutions
• Optimal user/app experience with AVC, PfRv3, and AppNav
• Feature UC services with CUBE(Ent)
• Scalable NAT44, NAT64 solutions
• Fully separated control and forwarding planes
• Hardware and software redundancy
• In-service software upgrades
• Inter and Intra-chassis redundancy
• DCI to support clustering across geographically dispersed data centers
• Line-rate performance 2.5G to 200G
• Investment protection with modular engines, IOS CLI and SPAs for I/O
• Hardware assists for ACL, QoS, etc.
• Hardware-based QoS engine with up to 464K queues
• Ethernet LC and EPA for High Density GE/10GE services
ASR 1004
ASR 1009-X
ASR 1002-X
5 to 36
Gbps
10 to 40
Gbps
40 to 100
Gbps
40 to 200
Gbps
2.5 to 20
Gbps
ASR 1001-X
Fixed Chassis Modular ChassisIOS-XE
ASR 1013
40 to 200
Gbps
ASR 1006-X
ASR 1002-HX
44 to 100
Gbps
BRKARC-2001 6
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Positioning
Perf
orm
ance a
nd S
cala
bili
ty
Service Provider Edge Routers
ISR Series
ASR1000
2.5-200Gbps perSystem
Distributed PE, Firewall, IPsec
Route Reflector
CUBE/VoIP
Broadband
7600 Series
Up to 2 Tbps per system
Carrier Ethernet
IP RAN
Mobile Gateways
SBC/VoIP
Video Monitoring
Enterprise Edge and Managed Services Routers
Managed L2/L3 VPNs
Integrated SecurityApplication Recognition
ISR4000 Series
1-2 Gbps per System
Separate Services Planes for Continuity
Pay-As-You-Grow
850 Mbps per System
350 Mbps with Services
BRKARC-2001 7
ASR 9000
Up to 48 Tbps per system
Carrier Ethernet
IP RAN
L2/L3 VPNs
Vidmon
BNG
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Enterprise ApplicationsFlexible WAN Services Edge & CPE
Mobile subscriber
Corporate office
High end branch
High Speed CPE
High-end Branch
Campus Edge
WAN aggregation
WAN Aggregation
IPSec VPN
L2 and L3 VPN
IWAN
DCI
Internet gateway
Cloud
Data Center Interconnect
Internet gateway
Cloud Services Edge
BRKARC-2001 8
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Service Provider ApplicationsA Wide Variety of Use Cases
CPE
Access and AggregationMobile Subscriber
Business
Residence
Wireless
Wire line
Cable
ISP
IP/MPLS Core
Edge
CGN
LNS
CPE
OLT
xPON
xDSLDSLAM
DOCSIS
ETTx
M-CMTS
PE
BNG
iWAG
VOD TV SIP
Content Farm
Peering
RR
L2/L3 VPNsIPsec/NAT/FWNBAR2
PPP or IP AggregationATM or EthernetIntelligent Services GatewayWiFi Access Gateway
BRKARC-2001 9
ASR 1000 System Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Midplane
ASR 1000 Building BlocksE
SP
FECP
QFPCrypto
Assist.
interconn.
PPE BQS
FECP
Crypto
Assist.
interconnect
RP CPU
interconn GE switchS
IP
SPA SPA
IOCPAGG
ASIC
interconnect
RP CPU
interconn. GE switch
Embedded Service Processor
• Handles forwarding plane traffic
ES
P
FECP
QFPCrypto
Assist.
interconn.
PPE BQS
FECP
Crypto
Assist.
interconnectRoute Processor
• Handle control plane
• Manages system
EL
CBuilt-in GE/10GEs
IOCPAGG
ASIC
interconnect
MIP
EPA EPA
IOCPAGG
ASIC
interconnect
SPA Interface Processor
• Houses Shared Port Adapter (SPA)
• Packets buffer
• Centralized Forwarding Architecture • All traffic flows through the active ESP,
standby is synchronized with all the states
• Distributed Control Architecture• All major system components have a
powerful control processor dedicated for control and management planes
Ethernet Linecard
• Built-in GE/10GE ports
• Packets buffer
Modular Interface Processor
• Houses Ethernet Port Adapter (EPA)
• Packets buffer
BRKARC-2001 11
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Data Plane Architecture
Midplane
ES
P
FECP
QFPCrypto
Assist.
interconn.
PPE BQS
FECP
Crypto
Assist.
interconnect
RP CPU
interconn. GE switch
RP CPU
interconn. GE switch
ES
P
FECP
QFPCrypto
Assist.
interconn.
PPE BQS
FECP
Crypto
Assist.
interconnect
SIP
SPA SPA
IOCPAGG
ASIC
interconnect
EL
C
Built-in GE/10GEs
IOCPAGG
ASIC
interconnect
MIP
EPA EPA
IOCPAGG
ASIC
interconnect
• Enhanced SerDes Interconnect (ESI)
• serial communication via midplane
• can run at 11.5Gbps, 23Gbps or 110Gbps
• Provides data packet communication
• data packets between ESPs and other linecardspunt/inject traffic to/from RP
• state synchronization between ESPs
• two ESI links between each ESP and linecards(single ESI with MIP100)
• Additional full set of ESI links to standby ESP CRC protection of packet contents
BRKARC-2001 12
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Control Plane Architecture
Midplane
ES
P
FECP
QFPCrypto
Assist.
interconn.
PPE BQS
FECP
Crypto
Assist.
interconnect
ES
P
FECP
QFPCrypto
Assist.
interconn.
PPE BQS
FECP
Crypto
Assist.
interconnect
RP CPU
interconn. GE switch
RP CPU
interconn. GE switch
SIP
SPA SPA
IOCPAGG
ASIC
interconnect
EL
CBuilt-in GE/10GEs
IOCPAGG
ASIC
interconnect
MIP
EPA EPA
IOCPAGG
ASIC
interconnect
Ethernet Out of Band Channel (EOBC)
• 1Gbps Ethernet Bus
• Load images, pass control messages,
statistics and program QFP
Inter-integrated Circuit (I2C ) Bus
• Monitor health of hw (i.e. temp, volt…)
• Communicate active/standby
• control reset
• report power supply status
Interface Control Link
• Detect interfaces OIR
• Reset interfaces (via I2C)
• Power Control interfaces (via I2C)
BRKARC-2001 13
ASR 1000 Building Blocks:Modular Chassis
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Modular Chassis OverviewASR 1004 ASR 1006 ASR1006-X ASR 1009-X
AS
R 1
01
3
RP Slots 1 2 2 2 2
ESP Slots 1 2 2 2 (super) 2 (super)
SIP/MIP Slots 2 (SIP only) 3 (SIP only) 2 3 6
Built-In Ethernet N/A N/A N/A N/A N/A
Redundancy Software Hardware Hardware Hardware Hardware
Height 7” (4RU) 10.5” (6RU) 10.5” (6RU) 15.7” (9RU) 22.7” (13RU)
Bandwidth 10 – 40 Gbps 10 -100 Gbps 40 - 100 Gbps 40 - 200 Gbps 40 - 200 Gbps
Max Output Pwr 765W 1275W1100 power modules
N+1, Max 6
1100 power modules
N+1, Max 63200W
Airflow Front to back Front to back Front to back Front to back Front to back
BRKARC-2001 15
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Modular Chassis Compatibility Matrix
Chassis RP2 SIP40 ELC MIP100
& EPA
ESP20 ESP40 ESP100 ESP200
ASR1004 Yes Yes Yes No Yes Yes No No
ASR1006 Yes Yes Yes No Yes Yes Yes No
ASR1013 Yes Yes Yes Yes(2)(3) No Yes Yes Yes
ASR1006-X Yes(1) Yes Yes Yes(3) No Yes Yes No
ASR1009-X Yes(1) Yes Yes Yes(3) No Yes Yes Yes
*
(1)RP2 with new CPLD
(2)100G support in Slots 2&3; others at 40G
(3)ASR1000-MIP100 is not supported with ESP40
BRKARC-2001 16
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1009-X
Forwarding Plane (ESP)
Up to 200Gbps per system
Supports ESP40, ESP100, ESP200 and future ESPs
Control Plane
Supports RP2 and RP3 (future)
8G – 64G DDR3 memory (RP3)
FIPS-140-3 certification
I/O Connectivity
12x SPA slots(SIP-40)
3 x ELC slots
6 x EPA (MIP-100)
System Management
RJ45 Console
Auxiliary Port
2x USB Ports
Power Supply
Modular power supply with N+1 redundancy
High efficiency, Load sharing, Hot-swappable
AC (1100W) or DC (950W)
BITS clocking
Stratum 3 built-in
Modular Fan Tray
Field Replaceable
30% improvement in airflow per slot vs integrated Fan module
Cryptography
Up to 78/59 Gbps(1400B/IMIX) crypto throughput using ESP 200
Suite-B crypto support
Hardware Redundancy
Dual ESP and RP slots for data plane and control plane redundancy
ISSU
BRKARC-2001 17
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR1000-MIP100 (Modular Interface Processor)
1x100G
100G
100G Line rate
No oversubscription
1x100G
2 to 1 oversubscription
1x100G
10x10G
Line rate
No oversubscription
Mid
pla
ne
ESP100/200
MIP100
1006-X/1009-X with
ESP100/ESP200
BRKARC-2001 18
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
MIP100 ArchitectureRPs
GE, 1Gbps
I2C
EPA Control
ESI, 110 Gbps
Hypertransport, 10Gbps
Other
2 EPAs 2 EPAs
Standby ESP
SPA Agg.
Interface
Aggregation ASIC
Ingress
Scheduler
Egress
Buffer
Status
Ingress
Classifier
Egress
buffers
IOCP
…
Ingress
buffers
…
InterconnectDDRAM
Boot Flash
JTAG Ctrl
EEPROM
Temp Sensor
Reset / Pwr Ctrl
RPs
Chassis
management
Active ESPInput ref clocks
Netw
ork
clo
cks
2 EPAs 2 EPAs
RPs
Network
clock
distribution
Output ref clocks
BRKARC-2001 19
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ethernet Port Adapter (EPA)
EPA Modular Chassis with
MIP-100
ASR1002-HX Optics Modules
EPA-1x100GE XE 3.16.1
XE 16.2.1
XE 16.4.1
EPA-CPAK-2x40GE XE 3.16.2 (no XE3.17)
XE 16.3.1
XE 16.4.1
EPA-10x10GE XE 16.2.1
XE 16.3.1 (MACSec)
XE 16.3.1
XE 16.3.2
(MACSec)
SFP-10G-SR, SFP-10G-SR-X, SFP-10G-LR, SFP-
10G-LRM, SFP-10G-LR-X, SFP-10G-ER
EPA-18x1GE XE 16.3.1
XE 16.3.2 (MACSec)
XE 16.2.1
XE 16.3.1
(MACSec)
GLC-GE-100FX, GLC-SX-MMD, GLC-LH-SMD,
SFP-GE-T, GLC-BX-U, GLC-BX-D, GLC-TE, GLC-
SX-MM, GLC-LH-SM, GLC-EX-SMD, GLC-ZX-
SMD, CWDM-SFP, DWDM-SFP
CAB-MPO24-2XMPO12CPAK-100G-SR10 QSFP-40G-SR4
10 Metres
CPAK-100G-SR10 CPAK-100G-LR4
BRKARC-2001 20
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ethernet Line Cards
Fixed Ethernet Line card for ASR1k
Port Density 2x10GE+20x1GE
Throughput 40G
Key Features Feature parity with SIP40 + GE/10GE SPA
Plus: SyncE
Chassis ASR1004, ASR1006, ASR1013
ASR1006-X, ASR1009-X
RP RP2
ESP ESP40, ESP100, ESP200
Fixed Ethernet Line card for ASR1k
Port Density 6x10GE
Throughput 60G I/O with 40G Throughput
Key Features Feature parity with SIP40 + 10GE SPA
Exception: MDR not supported
Chassis ASR1004, ASR1006, ASR1013
ASR1006-X, ASR1009-X
RP RP2
ESP ESP40, ESP100, ESP200
BRKARC-2001 21
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR1000 SPA interface processor (SIP)
SIP40 and SIP10 models
40bps and 10Gbps throughput
Supports up to 4 SPAs 4 HH, 2 FH, 2 HH+1 FH, full OIR support
Does not participate in forwarding decisions
Preliminary QoS Ingress packet classification – high & low priority Ingress over-subscription buffering 128MB of ingress oversubscription buffering
BRKARC-2001 22
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Supported SPAs and SFPsWAN optics Ethernet Optics POS SPAs Serial SPAs Ethernet SPAs
SFP-OC3-MM
SFP-OC3-SR
SFP-OC3-IR1
SFP-OC3-LR1
SFP-OC3-LR2
SFP-OC12-MM
SFP-OC12-SR
SFP-OC12-IR1
SFP-OC12-LR1
SFP-OC12-LR2
SFP-OC48-SR
SFP-OC48-IR1
SFP-OC48-LR2
XFP-10GLR-OC192SR
XFP-10GER-OC192IR
XFP-10GZR-OC192LR
SFP-GE-S
SFP-GE-L
SFP-GE-T
SFP-GE-Z
GLC-TE
GLC-BX-D
GLC-BX-U
GLC-SX-MMD
GLC-LH-SMD
GLC-SX-MM
GLC-LH-SM
GLC-EX-SMD
GLC-ZX-SMD
GLC-GE-100FX
CWDM-SFP
DWDM-SFP
SFP-10G-SR
SFP-10G-SR-X
SFP-10G-LR
SFP-10G-LR-X
SFP-10G-ER
SFP-10G-ZR
XFP-10G-MM-SR
XFP-10GER-192IR+
XFP-10GER-192IR-L
XFP-10GLR-192SR-L
SPA-2XOC3-POS
SPA-4XOC3-POS
SPA-2XOC3-POS-V2
SPA-4XOC3-POS-V2
SPA-8XOC3-POS
SPA-1XOC12-POS
SPA-2XOC12-POS
SPA-4XOC12-POS
SPA-8XOC12-POS
SPA-1XOC48-POS/RPR
SPA-2XOC48POS/RPR
SPA-4XOC48POS/RPR
SPA-OC192POS-XFP
SPA-4XT-Serial
SPA-8XCHT1/E1
SPA-2XCT3/DS0
SPA-4XCT3/DS0
SPA-1XCHSTM1/OC3
SPA-1XCHOC12/DS0
SPA-2XT3/E3-V2
SPA-4xT3/E3-V2
SPA-8xT3/E3-V2
SPA-1XCHOC12/DS0
SPA-4X1FE-TX-V2
SPA-8X1FE-TX-V2
SPA-2X1GE-V2
SPA-5X1GE-V2
SPA-8X1GE-V2
SPA-10X1GE-V2
SPA-1X10GE-L-V2
SPA-1X10GE-WL-V2
ATM SPAs Service SPAs CEOPs SPAs
SPA-1XOC3-ATM-V2
SPA-3XOC3-ATM-V2
SPA-1XOC12-ATM-V2
SPA-DSPSPA-2X1GE-SYNCE
SPA-1CHOC3-CE-ATM
SPA-24CHT1-CE-ATM
SPA-2CHT3-CE-ATM
BRKARC-2001 23
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Modular Route Processors: RP2RP2
CPU 2.66GHz Intel dual-core architecture
Default memory 8GB (4x2GB)
Memory upgrade options 16GB (4x4GB)
Built-In eUSB Bootflash 2GB
Storage80GB HDD
external USB
IOS XE OS 64 bit
Chassis Support
ASR 1004
ASR 1006
ASR 1013
ASR 1006-X
ASR 1009-X
BRKARC-2001 24
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Route Processor ArchitectureHighly Scalable Control Plane Processor
ESPs
2.5’’
Hard disk
Output clocks
SIPs ESPs RP SIPs RPESPs SIPs SIPs
Inputclocks
RP
CPU
2.66 GHz dual-core
I2C Chassis
Management Bus
Interconnect EOBC Switch
CPU Memory
Management
EthernetUSBConsole
& Aux
NVRAM
Bootflash
Stratum-3 Network
clock circuit
BITS
(input & output)
RP
GE, 1Gbps
I2C
ESI, 11.2 Gbps
BRKARC-2001 25
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR1000 Embedded Services Processor (ESP) Centralized, programmable forwarding engine providing full-packet processing
Packet Buffering and Queuing/Scheduling (BQS)
For output traffic to carrier cards/SPAs
For special features such as traffic shaping, reassembly,replication, punt to RP, cryptography, etc.
5 levels of HQoS scheduling, up to 464K Queues,Priority Propagation
Dedicated crypto co-processor
Interconnect providing data path links (ESI) to/fromother cards over midplane
Transports traffic into and out of the CiscoQuantum Flow Processor (QFP)
Input scheduler for allocating QFP BW among ESIs
FECP CPU manages QFP, crypto device, midplane links, etc.
ESP40
ESP100
BRKARC-2001 26
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ESP Bandwidth
• Overall throughput is determined by the type of ESP and SIPs used in modular platforms.
• Modular platforms are rate limited by speed of bus from QFP complex to backplane ASIC
• Bandwidth is expressed in terms of aggregated throughput.
50 Gbps 50 Gbps
50 Gbps50 Gbps
• 50G Unicast in each direction
• Total Output bandwidth 50+50=100
• 10G Multicast with 8X replication in one direction
• 20G unicast in the other direction
• Total Output bandwidth 80+20=100G
10G 80G
20G 20G
• 50Gbps Unicast in one direction and 70Gbps Unicast in the other direction
• Total output bandwidth (50+70=120) exceeds 100Gbps; only 100Gbps will be forwarded.
• 10Gbps Multicast with 10X replication in one direction• 10Gbps Unicast in the other direction• Total bandwidth (100+10=110) exceeds 100Gbps; only
100 Gbps will be forwarded
50 Gbps 50 Gbps 10G 100G
70 Gbps70 Gbps 10G10G
BRKARC-2001 27
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Forwarding ProcessorQuantum Flow Processor (QFP) Drives Integrated Services & Performance
QFP complex
Crypto
FECPGE, 1Gbps
I2C
ESI
Hypertransport, 10Gbps
Other
RPs RPs RPsESP SIPs
TCAMResource
DRAM
Packet Buffer
DRAM
Dispatcher Packet Buffer
Memory
…
Packet Processor Engines
PPE1 PPE2 PPE3 PPE4
PPE5 PPE6 PPE40
BQS
Chassis
Mgmt BusInterconnect
Bootflash
Memory
BRKARC-2001 28
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 ESPs in Modular ChassisESP20 ESP40 ESP100 ESP200
System bandwidth (1500B) 20 Gbps 40 Gbps 100 Gbps 200 Gpbs
Performance (64B) 25 Mpps 25 Mpps 79 Mpps 151 Mpps
QFP cores 40 40 128 256
Clock Rate 1.2 GHz 1.2 GHz 1.5 GHz 1.5 GHz
Suite B support No No Yes Yes
Crypto BW (IMIX/1400B) 6.3/9.2 Gbps 7.4/12.9 Gbps 16/29 Gbps 59/78 Gbps
QFP Resource Mem 1GB 1GB 4GB2 GB / QFP
8GB total
Packet Buffer 256MB 256MB 1GB 2GB
Control CPUSingle core
1.2 GHzDual core
1.8 GHzDual core1.73 GHz
Dual core1.73 GHz
Control Memory 4 GB 8 GB 16 GB 32 GB
TCAM 40 Mb 40 Mb 80 Mb 2 x 80 Mb
Chassis SupportASR1004 ASR1006
ASR1004 ASR1006 ASR1013
ASR1006-X ASR1009-X
ASR1006 ASR1013
ASR1006-X ASR1009-X
ASR1013 ASR1009-X
BRKARC-2001 29
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
System Oversubscription in Modular Chassis (1)
Chassis
Version
ESP
Version
SIP/ELC/MIP
version
SIP/ELC/MIP
slots
Bandwidth per
I/O Slot (Gbps)
SPA/EPA to SIP/MIP
Oversubscription
Bandwidth
on ESP
(Gbps)
SIP/ELC/MIP to ESP
Oversubscription
I/O to ESP
Oversubscription
ASR 1006-X ESP40 SIP40 2 40 1:1 40 2:1 2:1
ESP40 ELC 2 40 1:1; 3:2* 40 2:1 2:1; 3:1*
ESP100 SIP40 2 40 1:1 100 4:5 4:5
ESP100 ELC 2 40 1:1; 3:2* 100 4:5 4:5; 2:3*
ESP100 MIP100 2 100 2:1 100 2:1 4:1
ASR 1009-X ESP40 SIP40 3 40 1:1 40 3:1 3:1
ESP40 ELC 3 40 1:1; 3:2* 40 3:1 3:1; 9:2*
ESP100 SIP40 3 40 1:1 100 6:5 6:5
ESP100 ELC 3 40 1:1; 3:2* 100 6:5 6:5; 9:5*
ESP100 MIP100 3 100 2:1 100 3:1 6:1
ESP200 SIP40 3 40 1:1 200 3:5 3:5
ESP200 ELC 3 40 1:1; 3:2* 200 3:5 3:5; 9:10*
ESP200 MIP100 3 100 2:1 200 3:2 3:1
* ASR1000-6TGE has 40Gbps ESI connection to ESP
BRKARC-2001 30
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
System Oversubscription in Modular Chassis (2)Chassis
Version
ESP
Version
SIP/ELC/MIP
version
SIP/ELC/MIP
slots
Bandwidth per
I/O Slot (Gbps)
SPA/EPA to SIP/MIP
Oversubscription
Bandwidth
on ESP
(Gbps)
SIP/ELC/MIP to ESP
Oversubscription
I/O to ESP
Oversubscription
ASR 1013 ESP40 SIP40 6 40 1:1 40 6:1 6:1
ESP40 ELCSlots 1, 2, 3, 4 40 1:1; 3:2*
40 9:2 9:2; 9:1*
Slots 5, 6 10 4:1; 6:1*
ESP100 SIP40 6 40 1:1 100 12:5 12:5
ESP100 ELC 6 40 1:1; 3:2* 100 12:5 12:5; 18:5*
ESP100 MIP100Slots 2, 3 100 2:1
100 18:5 12:1Slots 0, 1, 4, 5 40 5:1
ESP200 SIP40 6 40 1:1 200 6:5 6:5
ESP200 ELC 6 40 1:1; 3:2* 200 6:5 6:5; 9:5*
ESP200 MIP100Slots 2, 3 100 2:1
200 9:5 6:1Slots 0, 1, 4, 5 40 5:1
* ASR1000-6TGE has 40Gbps ESI connection to ESP
BRKARC-2001 31
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Quantum Flow Processor (QFP)ASR1000 series innovation
• Five year design and continued evolution – now on 3rd generation
• Architected to scale to > 100Gbps
• Multiprocessor with 64 multi-threaded cores; 4 threads per core
• 256 processes per chip available to handle traffic
• High-priority traffic is prioritized
• Packet replication capabilities for Multicast
• Many H/W assists for accelerated processing
• 3rd generation QFP is capable for 70Gbps, 32Mpps processing
• Mesh-able: 1, 2 or 4 chips to build higher capacity ESPs
• Latency: tens of microseconds with features enabled
Cisco QFP
Packet Processor
Cisco QFP Traffic Manager
(Buffering, Queueing, Scheduling)
QFP Chip Set
BRKARC-2001 32
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Enterprise Routing NPU LeadershipContinuing Investment in Network Processor Technology
Increasing network intelligent and services requirements
Over 100
Patents
Awarded!
1st Gen QFP
20G
2nd Gen QFP
40G
3rd Gen QFP
200GLower Cost fully
integrated NPU
and IO device
4th Gen QFP
> 200G
linerate security
and high perf
intelligent WAN
Perf
orm
ance
20122008 2016
#cores: Number of Packet Processing Engines
#threads: concurrent, parallel threads processed
High Speed Backplane Aggregation ASIC
IO Oversubscription & Aggregation ASIC
NPU
BRKARC-2001 33
ASR 1000 Fixed Platforms
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1001-X ASR 1002-X ASR 1002-HX
SPA Slots 1 3 N/A
EPA Slots N/A N/A 1
NIM Slots 1 N/A 1
Built-In GE 6 6 8
Built-In TenGE 2 N/A 8
CPU 2.0GHz quad-core 2.13GHz quad-core 2.5GHz quad-core
Memory 8GB; upgradable to 16GB 4GB; upgradable to 8GB/16GB 16GB; upgradable to 32GB
StorageeUSB(8GB)
SSD (200GB, 400GB)
eUSB(8GB)
Optional HDD (160GB)
eUSB(32GB)
SSD (200GB, 400GB)
IOS Redundancy Software Software Software
Height 1.75” (1RU) 3.5” (2RU) 3.5” (2RU)
Throughput 2.5 to 20Gbps 5 to 36Gbps 44 to 100Gbps
Maximum Output Power 250W 470W 600W
Airflow Front to back Front to back Front to back
ASR 1000 Fixed Chassis Overview
BRKARC-2001 35
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multi-Core Network Processor
100Gbps forwarding capacity
124 Cores
4 Packet Threads / Core
496 simultaneous threads
Miscellaneous
RJ45 & mini-USB console
eUSB: 32GB
Secure Boot
ASR 1002-HX
Network Interface Module
1 double wide or 1 single wide NIM
NIM - Compatibility with ISR4400 and ASR1001-X
EPA - Ethernet Port Adapter
1x EPA slotBuilt in I/O
8x Gigabit Ethernet interfaces
8x TenGigabit Ethernet interfaces
Multipoint MACSEC for linerateencryption (1G & 10G)
Pay as you grow
License on built-in ports
4x TenGE+ 4xGE enabled by default
The remaining ports can be enabled in pairs
Application level service performance
58M Packets Per Second
Diverse VPN security solutions, up to 25G IMIX, SuiteB crypto support
Power Supply & Fans
Modular PS, FRUable
Fan Tray
Crypto module
Field upgradeable
Control plane
CPU: Quad Core @ 2.5 GHz
Memory: 16GB DDR3default memory,upgradeable to 32GB
BRKARC-2001 36
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• ASR 1002-HX can be ordered with or without the crypto hardware
• Crypto module can be installed in the field unit when it need the function
• Crypto bandwidth licensed from factory (default 8Gbps, upgradeable to 16Gbps and 25Gbps)
• 25Gbps crypto license unlocks crypto performance cap of 39Gbps, which can be reached at 1400bytes packet size
• Upgrade crypto performance on the field units on demand
ASR 1002-HX Crypto Module
BRKARC-2001 37
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1002-HX Architecture
CPU
2.5 GHz Quad-core I2C Chassis
Management Bus
CPU Memory
Management
EthernetUSB
Console
& Aux NVRAM
Boot Flash
QFP1
TCAM
(80Mbit)
BQS
PPEs
PPE1 PPE2 PPE3
PPE4 PPE62
Crypto
8xGE8x10
GEEPANIM
Dispatcher
Pkt Buffer
QFP2
BQS
PPEs
PPE1 PPE2 PPE3
PPE4 PPE62
Dispatcher
Pkt Buffer
Interconnect
Interface Aggregation ASIC
75Gbps75Gbps
150Gbps
Resource
DRAM
(2GB)
Pkts Buffer
DRAM
(512MB)
Resource
DRAM
(2GB)
Pkts Buffer
DRAM
(512MB)
80Gbps 8Gbps11Gbps 120Gbps
75Gbps Memory
(4GB)
I2C
Serdes Interface
Hypertransport
BRKARC-2001 38
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1002-XPay As You Grow
License on system throughput
5 Gbps Default
Upgradeable to 10, 20, or 36 Gbps
Control Plane
CPU: Quad Core @ 2.13 GHz
Memory: 4GB default memory,upgradeable to 8/16GB
Secure Boot
FIPS-140-3 certification
Shared Port Adapter
3x SPA slots
System Management
RJ45 Console
Auxiliary Port
Management GE
2x USB Ports
Built-in I/O
6x1GE
syncE
BITS clocking
GPS input
Stratum 3 built-in
Cryptography
4 Gbps crypto throughput
SuiteB crypto support
Optional
160 GB hard disk
Multi-Core Network Processor
62 cores
4 threads per core
248 simultaneous threads
BRKARC-2001 39
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1001-XPay As You Grow
License on system throughput
2.5 Gbps Default
Upgradeable to 5, 10, or 20 Gbps
License on built-in TenGE ports
Control Plane
Quad cores clocked at 2.0GHz
8G DDR3 default memory, upgradeable to 16GB
Secure Boot
FIPS-140-3 certification
Shared Port Adapter
1x SPA slot
Multi-Core Network Processor
31 cores
4 threads per Core
124 simultaneous threads
System Management
Management GE
RJ45 Console
Auxiliary Port
Mini-USB Console
2x USB Ports
Network Interface Modules (NIM)
2xSSD Drives
ISR 4000 modules
Built-in I/O
2x10GE
6x1GE
Multipoint MACsecsupport
Cryptography
5 Gbps crypto throughput
SuiteB crypto support
BRKARC-2001 40
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 QFP in the Fixed Chassis
ASR1001-X ASR1002-X ASR1002-HX
System bandwidth 2.5 - 20Gbps 5 - 36Gbps 100Gbps
Performance 19Mpps 30Mpps 58Mpps
QFP cores 31 62 124
Clock Rate 1.5 GHz 1.2 GHz 1.5 GHz
QFP Resource Mem 4GB (unified)
256MB
1GB 4GB
Packet Buffer 512MB 1GB
TCAM 10 Mb 40 Mb 80 Mb
BRKARC-2001 41
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
System Oversubscription in the Fixed Chassis
ChassisQFP Throughput
(Gbps)
Built-in Ports
(Gbps)
SPA Ports
(Gbps)
EPA Ports
(Gbps)
I/O Aggregation BW
(Gbps)
Ports to I/O Aggregation
Oversubscription
I/O Aggregation to QFP
Oversubscription
I/O to QFP
Oversubscription
ASR 1001-X 20 26 10 n.a. n.a.(1) n.a. n.a. 9:5
ASR 1002-X 36 6 30 n.a. 40 9:10 10:9 1:1
ASR 1002-HX 100 88 n.a 100 150 94:75 3:2 47:25
(1) ASR1001-X I/O Aggregation directly integrated into QFP, each ports have linerate access to the forwarding complex.
(2) NIM is not counted as it only support low speed (T1/E1) interfaces.
BRKARC-2001 42
Software Architecture
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• IOS XE = IOS + IOS XE Middleware + Platform Software
• Operational Consistency—same look and feel as IOS Router
• IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc.) 64-bit operation
• Linux kernel with multiple processes running in protected memory
• Fault containment
• Re-startability
• ISSU of individual SW packages
• ASR 1000 HA Innovations
• Zero packet loss with RP Failover
• <50ms ESP Failover
• Software redundancy
IOS XE Software architecture
ES
P
RP
IOS
active
Platform Adaptation Layer
(PAL)
Forwarding
manager
SIP
IOS
standby
Chassis
manager
Linux Kernel
Forwarding
managerChassis
manager
Linux Kernel
QFP client
QFP driver
Linux Kernel
Chassis
manager
SPA driverSPA driverSPA driver
Control
messaging
BRKARC-2001 44
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Software Architecture – Modular Platform
ES
P
RP
IOS
active
Platform Adaptation Layer
(PAL)
Forwarding
manager
SIP
IOS
standby
Chassis
manager
Linux Kernel
Forwarding
managerChassis
manager
Linux Kernel
QFP client / driver
QFP code
Linux Kernel
Chassis
manager
SPA driverSPA driverSPA driver
Control
messaging
• Initialization of RP processes
• Initialization of installed cards
• Detects and manages OIR of cards
• Manages system status,
environments, power, EOBC
• Provides abstraction layer between
hardware & IOS
• Manages ESP redundancy
• Maintains copy of FIB and interface list
• Communicates FIB status to active &
standby ESP
• Runs Control Plane
• Generates configurations
• Maintains routing tables (RIB, FIB…)
• Communicates with forwarding
manager on RP
• Maintains copy of FIBs
• Provides interface to QFP client &
driver
• Programs QFP forwarding plane and
QFP DRAM
• Statistics collection & RP
communication
• Driver Software for SPA interface
cards is loaded independently
• Failure or upgrade of driver does not
affect other SPAs in the chassis
BRKARC-2001 45
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Single Control CPU
• Quad-core
• 64 bit OS
• 8GB, 16GB, 32GB memory support
• Standard IOS XE Processes
• Running over a single Linux kernel
• High Availability
• IOS redundancy
• Fault Containment
• Process Restartability
• Operational Consistency
• Same look and feel as standard IOS
• Ethernet Out of Band Channel
• Method by which processes in different subsystems communicate
Software Architecture – Fixed Platform
IOSChassis Mgr.
Forwarding Mgr.IOS
RP Subsystem
Ke
rne
l (in
cl. u
tilit
ies)
Interface Mgr.
Chassis Mgr.
SPA driver
I/O Subsystem
Chassis Mgr.
Forwarding Mgr.QFP Client / Driver
ESP Subsystem
ASR1001-X Control Plane CPU
SPA driver SPA driver
BRKARC-2001 46
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ES
P
RP
IOS
active
Platform Adaptation Layer
(PAL)
Forwarding
manager
SIP
IOS
standby
Chassis
manager
Linux Kernel
Forwarding
managerChassis
manager
Linux Kernel
QFP client
QFP driver
Linux Kernel
Chassis
manager
SPA driverSPA driverSPA driver
Control
messaging
1. RPBase: RP Linux operating system
Upgrading of the OS will require reload to the RP and expect minimal changes
2. RPIOS: IOS executable
facilitates Software Redundancy feature
3. RPAccess (K9 & non-K9): Software required for Router access
Two versions available (with and without open SSH & SSL)
facilitates software packaging for export-restricted countries
4. RPControl : control plane processes for IOS / hardware interface
IOS XE Middleware
5. ESPBase: All ESP code
Any software upgrade of the ESP requires reload of the ESP
6. SIPBase/ELCBase: SIP/ELC OS & control processes
OS upgrade requires reload of the SIP/ELC
7. SIPSPA/ELCSPA: SPA drivers and SPA FPD
Facilitates SPA driver upgrade of specific SPA slots
Software Sub-packages
1
3
2
4
5
6
7
BRKARC-2001 47
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
IOS XE Release and support timelines
FCS EoVS
PSIRT Phase
EoSMEoSales
Standard releases – twice a year (March, November) supported for 18 months
• 6 months of active bug-fix, 6 months of limited bug fix, and 6 months of PSIRT
• Rebuild Intervals: 3 + 3 + 6 + 6 (PSIRT build as needed)
3 months 6 months 6 months3 months
.1S .2S .3S
Optional PSIRT build
.4S
FCS EoVS
Extended releases - Once a year (July) supported for 48 months
• 30 months of active bug-fix, 6 months of limited bug fix, and 12 months of PSIRT
• Rebuild Intervals: 3 + 3 + 4 + 4 + 4 + 6 + 6 + 6 + 6 + 6 (PSIRT builds as needed)
EoSMEoSalesEoSales
Notification
HPC
3 m 3 m 4 m 4 m 4 m 6 m 6 m 6 m 6 m 6 m
Optional PSIRT builds
.1S .2S .3S .4S .5S .6S .7S .8S .9S .10S
BRKARC-2001 48
Packet Flows – Data Plane
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
SIP/MIP ingress data pathRPs
4 SPAs 4 SPAs
SPA Agg.
Interface
Aggregation ASIC
Ingress
Scheduler
Egress
Buffer
Status
Ingress
Classifier
Egress
buffers
IOCP
…
Ingress
buffers
…
Interconnect
Active ESP1. SPA receives packet data from its
network interfaces and transfers the
packet to the SIP
2. SPA Aggregation ASIC classifies the
packet into H/L priority
3. SIP writes packet data to external
ingress buffers
4. Interface Agg ASIC selects among
ingress queues for next pkt to send
to ESP over ESI. It prepares the
packet for internal transmission
5. The interconnect transmits packet
data of selected packet over ESI to
active ESP.
BRKARC-2001 50
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ESP data processing path
QFP complex
Crypto
FECP
RPsESP SIPs
TCAMResource
DRAM
Packet
Buffer DRAM
Dispatcher Packet Buffer
…
Packet Processor Engines
PPE1 PPE2 PPE3 PPE4 PPE5
PPE6 PPE7 PPE8 PPE40
BQS
Interconnect
1. Packet arrives at ESP via interconnect
2. Packet assigned to an available PPE a
by dispatcher
3. Input FIA invoked
• Netflow, MQC/NBAR Classify, FW, RPF,
WCCP…
4. Potentially forward through BQS to
crypto
5. Forwarding decision is made
• FIB lookup, MPLS, GRE, Multicast …
6. Egress FIA invoked
• Netflow, NAT, Police/Mark, Crypto…
7. Packet forwarded through BQS for
scheduling based on QoS and interface
bandwidth
8. Packet leaves ESP via interconnectBRKARC-2001 51
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
RPs
4 SPAs 4 SPAs
SPA Agg.
Interface
Aggregation ASIC
Ingress
Scheduler
Egress
Buffer
Status
Ingress
Classifier
Egress
buffers
IOCP
…
Ingress
buffers
…
Interconnect
Active ESP
SIP/MIP egress data path 1. Interconnect receives packet data
over ESI from the active ESP
2. SPA Aggregation ASIC receives the
packet and writes it to external
egress buffer memory
3. SPA Aggregation ASIC selects and
transfers packet data from eligible
queues to SPA-SPI channel (Hi
queue are selected before Low)
4. SPA transmits packet data on
network interface
BRKARC-2001 52
ASR 1000 QoS
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Forwarding PathQoS View
SPA
Classifiers
Buffers
IOS Process
TCAM
Interconnect
Interconnect
Interconnect
Interconnect
SPA SPA SPA
Scheduling
QFP
Buffers
Buffers
• Port rate limiting & weighting
for forwarding to ESP
• Ingress packet buffering
• Basic ingress classification
• Packet buffers used by QFP
• Advanced classification, policing, WRED
• Hierarchical egress packet scheduling
• Egress SIP packet buffering
BRKARC-2001 54
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 QoSSIP Ingress Path
• Ingress packet priority classification
Classification based on:802.1p, IPv4 TOS, IPv6 TC, MPLS EXP
Configurable per port or VLAN
• Ingress SIP buffering
2 queues, high & low per port
High priority pkts from all ports will be sent to ESP before low priority queues
• Ingress SIP scheduler
By default all ports have a weight proportional to the interface bandwidth
Excess bandwidth is shared
Excess weight per port is configurable
Classifiers
Ingress
Buffers
Scheduling
SPASPA
SPASPAs
Buffer status
reporting
Egress
Buffers
Interconnect
BRKARC-2001 55
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Packets are accepted into the Cisco QFP and allocated to a free PPE thread to handle the packet
• Multiple packets are handles simultaneously in the Cisco QFP
• The following QoS functions are handled by PPEs:
• Classification
• Marking
• Policing
• WRED
• After all the above QoS functions (along with other packet forwarding features such as NAT, Netflow, etc.) are handled the packet is put in packet buffer memory handed off to the Cisco QFP Traffic Manager
ASR 1000 ESP QoSPPE Processing
BRKARC-2001 56
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 MQC based QoSClassification and Marking
• Classification
IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, ACL, packet-length, ATM CLP, COS, inner/outer COS (QinQ), vlan, input-interface, qos-group, discard-class
QFP is assisted in hardware by TCAM
• Marking
IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, discard-class, qos-group, ATM CLP, COS, inner/outer COS
• Enhanced match & marker stats are enabled with a global configuration options
platform qos marker-statistics
platform qos match-statistics per-filter
platform qos match-statistics per-ace
BRKARC-2001 57
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 MQC based QoSPolicing and Congestion Avoidance
Policing
1R2C – 1 rate 2 color
1R3C – 1 rate 3 color
2R2C – 2 rate 2 color
2R3C – 2 rate 3 color
color blind and aware in XE 3.2 and higher software
supports RFC 2697 and RFC 2698
explicit rate & percent based configuration
dedicated policer block in QFP hardware
WRED
Precedence (implicit MPLS EXP), dscp, and discard-class based
ECN marking
Byte, packet and time based CLI
Packet based configurations limited to exponential constant values 1 through 6
Dedicated WRED block in QFP hardware
BRKARC-2001 58
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Level 3 “Class”
queues
Level 2 “Class”
schedule
• Multilayer hierarchies (5 layers in total)
SIP, interface, up to 3 layers of queuing configured with MQC QoS
• Two levels of priority traffic (1 and 2)
• Strict and conditional priority rate limiting
• 3 parameter scheduler (min, max, & excess)
• Priority propagation to ensure no loss priority forwarding via minimum parameter
ASR 1000 MQC based QoSQueuing
SIP root
schedule
Interface
default queue
Level 1 “Vlan”
schedule
interface
schedule
BRKARC-2001 59
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Interface default queues have 50 ms of buffering in a packets based configuration (except on ESP-40 which uses 25 ms)
𝑞𝑢𝑒𝑢𝑒_𝑙𝑖𝑚𝑖𝑡𝑝𝑎𝑐𝑘𝑒𝑡𝑠 =𝑖𝑛𝑡𝑒𝑟𝑓𝑎𝑐𝑒_𝑠𝑝𝑒𝑒𝑑𝑏𝑖𝑡𝑠/𝑠𝑒𝑐 × 0.050𝑠𝑒𝑐
𝑖𝑛𝑡𝑒𝑟𝑓𝑎𝑐𝑒_𝑚𝑡𝑢𝑏𝑦𝑡𝑒𝑠/𝑝𝑎𝑐𝑘𝑒𝑡 × 8𝑏𝑖𝑡𝑠𝑏𝑦𝑡𝑒
• Queue-limit maybe manually configured with various units (packets, time, or bytes)
Packets based queue-limit deals well with bursts of variable size packets while providing a maximum limit to introduced latency when all packets are MTU sized.
Time or byte based queue-limit provides more exact control over maximum latency but will hold a variable number of packets based on the size of packets enqueued.
ASR 1000 MQC based QoSqueue limit management
BRKARC-2001 60
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• The QFP Traffic Manager performs all packet scheduling decisions.
• Packets move through the QoS hierarchy even if MQC QoS is not configured.
• Cisco QFP Traffic Manager implements a 3 parameter scheduler which gives advanced flexibility.
Minimum - bandwidth or priority. Guaranteed to receive the min BW.
Excess - bandwidth remaining. By default classes have remaining ratio of 1.
Maximum - shape. Traffic rates beyond the shaper rates held in queues.
• Only 2 parameters can be configured at any level (min/max or max/excess)
• Priority propagation (via minimum) ensures that high priority packets are forwarded first without loss
ASR 1000 QoSScheduling
BRKARC-2001 61
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 QoSThree parameter scheduler
2 Mb/sec
6 Mb/sec
5 Mb/sec
25
Mb
/s
6 Mb/sec
policy-map childclass voice
priority level 1police cir 2000000
class critical_servicesbandwidth 5000
class internal_servicesshape average percent 80
class class-default!policy-map parent
class class-defaultshape average 25000000service-policy child
Minimums
Excess
Maxim
um
6 Mb/sec
• Maximum is implemented by shapers.
• Excess is defined by the
bandwidth remaining, default ratio
of 1 if not configured.
• Minimum is defined by the bandwidth or priority classes.
BRKARC-2001 62
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 QoSSIP Egress Path
• Egress buffering per SIP card
• No need for additional SIP based classification or queuing.
• Heavy lifting already done by QFP engine.
• Egress SIP has high and low priority buffers in case there is backpressure from a SPA
Classifiers
Ingress
Buffers
Scheduling
SPASPA
SPASPAs
Buffer status
reporting
Egress
Buffers
Interconnect
BRKARC-2001 63
Integrated Security on ASR 1000
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Cryptography SupportImproved Octeon Crypto Processor on X-series Chassis
ASR1001-X ASR1002-X ASR1002-HX ESP100 ESP200
Number of Crypto
Processor
1 1 1 1 2
Cores per
processor
10 6 32 22 32
Clock Rate 800MHz 800MHz 1200MHz 1100MHz 1100MHz
DRAM 1GB 1GB 4x1GB 2GB 2x4GB
Crypto Throughput
(IMIX)
5Gbps 4Gbps 25Gbps 16Gbps 59Gbps
Suite B
crypto
BRKARC-2001 65
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Next Generation Encryption
Suite
BKey Establishment ECDH
Digital Signatures ECDSA
Hashing SHA-2
Authenticated
EncryptionAES-GCM
Authentication HMAC-SHA-2
Entropy SP800-90
ProtocolsTLSv1.2, IKEv2, IPsec,
MACSec
BRKARC-2001 66
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Forwarding ProcessorIPsec Processing is done with Crypto Co-processor Assist
QFP complex
Crypto
FECP
GE, 1Gbps
I2C
ESI
Hypertransport, 10Gbps
OtherRPs RPs RPsESP SIPs
TCAMResource
DRAM
Packet Buffer
DRAM
Dispatcher Packet Buffer
Memory
…
Packet Processor
Engines
PPE1 PPE2 PPE3 PPE4
PPE5 PPE6 PPE40
BQS
Chassis
Mgmt BusInterconnect
Bootflash
Memory
Anti-reply Check
Encryption/decryption (Diffie-Hellman)
NAT Traversal
Traffic-based lifetime expiry
IPSec SA Database
IKE SA Database
Crypto-map
DH Key pairs
IPSec SA class groups
Classes
Rules (ACE or IPSec SA)
IPSec SA Database
Outbound packet classification
Formatting of packets to crypto chip (internal header)
Receiving packets from crypto chip
Removal of internal crypto header
Re-assembly of fragmented IPSecpackets
BRKARC-2001 67
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 IPSec Software ArchitectureFunction Partitioning
ES
P
RP
IOS
active
Platform Adaptation Layer
(PAL)
Forwarding
manager
SIP
IOS
standby
Chassis
manager
Linux Kernel
Forwarding
manager
Chassis
manager
Linux Kernel
QFP client
QFP driver
Linux Kernel
Chassis
manager
SPA driverSPA driverSPA driver
Control
messaging
• Creation of IPSec Security Associations (SA)
• IKE Control Plane (IKE negotiation, expiry, tunnel setup)
• Communicates FIB status to active & standby ESP
• Communicates with Forwarding manager on RP
• Provide interface to QFP Client / Driver
• Copy of IPSec SAs
• Copy of IKE SAs
• Synchronization of SA Database with standby ESP
• Punting of encrypted packets to the Crypto Assist
• Encryption / Decryption of packets
Crypto
assist
BRKARC-2001 68
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Protects against TCP SYN Flood to the FW Session
Database
SYN Cookie Protection
Per Zone
Per VRF
Per BoX
Conformance checking, state tracking, security checks with
granular policy control
Over 20 Inspection Engines:
UC: SIP, Skinny, H.323, RSTP…
Enterprise Apps: Voice/Soft phones
Core Protocols: FTP, FTP66, SNMP, DNS, POP3, …
Database & O/S: LDAP, NetBIOS, Microsoft RPC, …
Protects Firewall Session Table from attacks that could be
based on UDP, TCP and ICMP
Half Open Session Limits are configurable:
Per Box and VRF Level
Per Class supported initially
FW resources are managed effectively with half open session
limit configuration knobs
Logs are generated when limits are crossed
ASR 1000 Integrated Zone-Based Firewall ProtectionDoS, DDoS and Application Layer Detection and Prevention
Enables detection of possible threats, anomalies and
attacks per Zone
Monitors rate of pre-defined events in the system;
alerts sent to Sys/HSL logs
Report drops due to: Basic FW check failures, L4
inspection failures, and count of the # of dropped
SYNs
Application Layer Protocol Inspection
Basic Threat DetectionTCP SYN Attack Prevention
Half Open Session Limit
Strictly Cisco Confidential BRKARC-2001 69
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Security Certifications
FIPS
14002, Level 2
Common Criteria
EAL4NSA Suite B
Hardware Assist
Cisco ASR 1000 Series
BRKARC-2001 70
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 IPSec Performance & Scale
ASR 1001-X ASR 1002-X ASR 1002-HX RP2/ESP20 RP2/ESP40 RP2/ESP100 RP2/ESP200
Encryption
Throughput (IMIX)
5Gbps 4Gbps 25Gbps 6.3Gbps 7.3Gbps 16Gbps 59Gbps
VRFs 8k 8k 8k 8k 8k 8k 8k
Total Tunnels
(Site to Site IPSec)
8k 8k 8k 8k 8k 8k 8k
Tunnel Setup Rate
(per second)
130 130 130 130 130 130 130
DMVPN / BGP
Adjacencies
4k 4k 4k 6k 6k 6k 6k
DMVPN / EIGRP
Adjacencies
4k 4k 4k 4k 4k 4k 4k
FlexVPN
(IKEv2/DVTI)
10k 10k 10k 10k 10k 10k 10k
BRKARC-2001 71
High Availability
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
RP CPURP CPU
ES
P
QFPCrypto
Assist.PPE BQS
FECP
CryptoES
P
QFPCrypto
Assist.PPE BQS
FECP
Crypto
ASR 1000 High AvailabilityHardware Redundancy
• Redundant ESP / RP on ASR 1006, 1006-X, 1009-X, 1013
• Zero packet loss on RP rail-over
• Max 50ms loss for ESP fail-over
Intra-chassis Stateful Switchover (SSO)
Stateful features: PPPoX, AAA, DHCP, NAT, Firewall
• IOS XE also provides full support for Network Resiliency
NSF/GR/NSR for BGP, OSPFv2/v3, IS-IS, EIGRP, LDP
BFD (BGP, IS-IS, OSPF, PIM, HSRP); IP Event Dampening;
first hop redundancy protocols: GLBP, HSRP, VRRP
• Support for ISSU upgrade/downgrade
RP CPU
Crypto
Assist.
RP CPU
ES
P
QFPPPE BQS
FECP
Crypto ES
P
QFPCrypto
Assist.PPE BQS
FECP
Crypto
ELC
Built-in GE/10GE
IOCPIntf
Agg.
MIP
EPA EPA
IOCPIntf
Agg.
SIP
SPA SPA
IOCPIntf
Agg.
BRKARC-2001 73
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR1000 High AvailabilitySoftware Redundancy
• IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc.)
• Linux kernel runs IOS process in protected memory for:
Fault containment
Restart-ability of individual SW processes
• Software redundancy helps when there is a IOS failure/crash
• Active process will switchover to the standby, while forwarding continues with zero packet loss
• Other software crashes (example: SIP or ESP) do not benefit from Software redundancy
• Support subpackage software upgrade
RP
Linux Kernel
ES
P
QFPPPE BQS
FECP
Crypto
SIP
SPA SPA
IOCPSPA
Aggreg.
SIP
SPA SPA
IOCPSPA
Aggreg.
stby
IOSd
active
IOSd
BRKARC-2001 74
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• In Service Software Upgrade (ISSU) is a procedure backed by Cisco IOS infrastructure to accomplish an upgrade/downgrade while packet forwarding continues
• This procedure takes advantage of redundant processors, Routing protocols Graceful Restart, Non Stop Routing, SSO/NSF
• Minimal Disruptive Restart (MDR) keep interface UP and minimizes traffic disruption during ASR1k ELC/SIP/SPA upgrade by not resetting the hardware or reprogramming the data paths
ISSU and MDR
BRKARC-2001 75
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Super-Package ISSU
ACT
RP SIP
VersionX
VersionX
VersionX
STBY
RP
VersionX
VersionX
ACT
RPSIP
VersionX
STBY
RP
VersionY
VersionX
issu loadversion
STBY
RP
SIP
MDR
VersionX
ACT
RP
ACT
ESP
VersionY
VersionY
VersionY
issu runversion
(switchover)
issu acceptversion
(stop rollbacktimer)
issu commitversion
(finalizes new file version)
issu abortversion
Automatic rollback
or
issu abortversion
STBY
RP
STBY
ESPSIP
VersionY
ACT
RP
ACT
ESP
VersionY
VersionY
hw-module slot
<STBY_RP> reload
VersionY
VersionY
STBY
ESP
VersionY
ACT
ESP
VersionX
STBY
ESP
VersionX
Entire procedure can be automated by one shot ISSU command:
request platform software package install node file <filename> mdr
ACT
ESPSTBY
ESP
BRKARC-2001 76
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Stateful Inter-chassis Redundancy • 2 Cluster Members
• single redundancy group Act/Stby
• 2 redundancy groups Act/Stby – Stby/Act
• Supported Topology
• LAN-LAN
• LAN-WAN with asymmetric routing
• WAN-WAN with symmetric routing
• Connection between 2 members for RG control traffic & application data
• Used to exchange control traffic (RG hellos, RG state, fail-over signaling etc.) with object tracking
• Synchronization of NAT/Firewall/Cube state tables
• Addition interlink to divert the asymmetric routing traffic
• Direct connections between 2 members to avoid split-brain condition
• Configuration & FIB are not synchronized by RG infrastructure
• Inter-chassis and intra-chassis redundancy can not co-exist
RGact
RGsby
BRKARC-2001 77
ASR 1000 Applications & Solutions
ASR 1000 APPLICATIONS:Carrier Ethernet & MPLS VPN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
MPLS L3VPN Applications
• VRF-Lite/Multi-VRF CE
• Sub-interface per VRF for CE/PE
• Up to 8,000 VRFs
• MPLS VPN (RFC 2547)
• IPv4 & IPv6
• MPLS QoS
• MPLS over (m)GRE overlay for large enterprise VPN
• MPLS TE FRR
• FRR Link, Path & Node protection
• RSVP & BFD triggered FRR
• Multicast VPN
• Encapsulation: IP/GRE, LSM
• Core Tree Signalling: PIM, mLDP
• C-Multicast Signaling: PIM, BGP
• Service: IPv4, IPv6
Multicast VPN
PMSI Instance
PMSI Instance
Multicast
Receiver
Multicast
Source
Provider Network
PE
PE
PE
PE
SP IP Service
WestEast
North
WAN-PE
WAN-PE
WAN-PEGRE
MPLS VPN o GRE
BRKARC-2001 80
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Carrier Ethernet Capabilities
• Support for Ethernet Virtual Circuit (EVC) infrastructure
• VLAN tags (single, double, ambiguous, untagged)
• 802.1ad S-VLANs
• Custom EtherType (e.g. IPv4/v6, PPPoE Discovery, PPPoE session)
• CoS Support
• Flexible EVC Forwarding Service
• Bridge Domain, Xconnect, Bridge Domain Interface, Pseudowire
• Ethernet OAM
• Link OAM, CFM, 802.1ag + Y.1731 extension, 802.3ah, Loopback, ELMI
• Support for E-Line, E-Lan, E-Tree
• Port/VLAN modes with interworking and local switching
• Strong UNI features
• HQoS, Security ACL, MAC Security
• Flexible Tag Matching and Manipulation
EF
Ps
Ports
MP
LS
BD BD
L2 Interworking
(not yet supported)
ATM/FREFPs
BD BDI
BD L2 VFI
L3/VRF
Routed
Pseudowire
Pseudowire
L2 MP Bridging
connect
(hair-pin)
connect
xconnect
Pseudowire
Ports
Ports
EF
Ps
EF
Ps
Ethernet Flow point (EFP) service
instance is a logical interface that
connects a bridge domain to a physical
port.
BRKARC-2001 81
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Can ASR 1000 Be a Layer 2 Switch ?
Yes!
• EVC addresses flexible ethernet edge requirements
• Flexible VLAN manipulation
• Virtual interface (BDI) similar to SVI on a switch
• Support Spanning tree protocols (MST, PVST, RPVST+)
• Support various ethernet encapsulations (802.1q, 802.1ad, Q-in-Q, 802.1ah)
• VLAN to forwarding service (L3/BDI, P2P, P2MP)
• Support E-OAM capabilities
No!
• LAN Switch port density
• Lowest cost per port
• Rich IOS LAN switch functionality & capability
Answer:
• Handy solution to absorb a switch/trunk in some situations especially for integrated L3 edge applications
BRKARC-2001 82
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VPLS Services
• VPLS Full-mesh, Hub/Spoke & H-VPLS Provider Edge
• 1M MAC Addresses
• Broadcast, Unknown Unicast and Multicast (BUM) control
• VPLS over GRE/IPSec
• VPLS Auto-discovery
• LDP Signal (RFC 6074)
• BGP Signal (RFC 4761)
• Inter-AS support
• Option A (BGP Signal)
• Option B, C (LDP Signal)
• U-PE dual-homing
• Multiple spanning tree with control pseudowire
• Routed Pseudowire
• VPLS circuit terminated on Bridge Domain Interface
N-PE
N-PE
N-PECE CE
U-PE/H-VPLS PE
Full mesh of
Targeted LDP
exchange VC lables
Attachment VCs
are port mode or
VLAN ID
CE: Customer Edge Device
N-PE: Network Facing Provider Edge
U-PE: User Facing Provider Edge
VSI/VFI: Virtual Switching/Forwarding Instance
Tunnel LSP
BRKARC-2001 83
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Segment RoutingSimplifying the Transport
• Source Routing: the source chooses a path and encodes it in the packet header as an ordered list of segment
• Segment: an identifier for any type of instructions: forwarding or service
• IGP only: no LDP, no RSVT-TE
• ECMP
• Interworking with LDP: ease of migration
• Topology independent 50msec FRR
• Support all existing VPN services
• Engineered for SDN
SR WAN
SR
IGP
VPN
VPN
pktpktvpn
16006
pktvpn
BRKARC-2001 84
ASR 1000 APPLICATIONS:Internet Edge
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Enterprise Internet Edge Profile
Te
nG
ig3
Te
nG
ig4
ASR1013-2
switch2
Te
nG
ig4
Port-channelRG
ACT
RG
STD
Y
ISP1
LAN
VSS
Inet II
ISP3
IPv6ISP2
• Routing: up to 5 full ISP peerings
• HQoS, ACL, FNF, CoPP
• Services:
• NAT: NAT44/NAT64, VRF Aware, VASI
• ZBFW
• ALG
• AVC
• Stateful Inter-chassis redundancy
• Topology: LAN-WAN, LAN-LAN
• Platforms: ASR1001-X/ASR1002-X, RP2/ESP40
BRKARC-2001 86
ASR 1000 APPLICATIONS:Secure VPN
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VPN Solutions Overview
DMVPN
Multipoint GRE Tunnels
NHRP
GETVPN
Crypto Map
GDOI
FlexVPN
Dynamic VTI
IKEv2
Easy VPN
Dynamic VTI
Crypto Map
IKEv1
SSLVPN
TLS
IKEv1/
IKEv2
IKEv1/
IKEv2
IPsec–based VPNs
BRKARC-2001 88
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
DMVPN and GETVPN Comparison
Routing
Dynamic or static routing on the overlay and provider networks
Minimal-to-no Peering With Provider
Easy Multi-Homing Designs
DMVPN
Data Plane
Any WAN Transport: Internet, MPLS
Site-to-Site Requires Tunnel Setup
Hub-site Multicast Replication
Per-Tunnel QoS- Hub-Spoke, Spoke-Spoke
IPsec
Pair-Wise Keys: Per tunnel keys
VPN is based on mGRE Overlay
Client IP Addressing Hidden From Provider
Dynamic and Static Routing With Provider
Provider Routes Traffic Between Sites
Less Control Plane Overhead Traffic
Private WANs Only: MPLS
No Tunnels for Site-to-Site Connectivity
Multicast Replication in Provider Network
QoS and SLA are provider driven
Group Keys: Single Group Key for All Sites
VPN is based on MPLS
Client IP Addressing Exposed to Provider
Key ServerHub
GETVPN
SpokeSpoke
Spoke Group Member
Group MemberGroup Member
BRKARC-200189
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VPN Selection Criteria for Key Solutions
• The roadmap on VPN Services aligned with Cisco recommendation
Key Solutions DMVPN GETVPN FlexVPN
(dVTI, IKEv2)
SSLVPN
(TLS)
Easy VPN (IPsec
tunnels, IKEv1)
IPsec VPN (CM,
VTI, p-pGRE)
Remote Access
(SW Clients)
N/A N/A SR SR S S
IOT SR SR SR SR S S
IWAN SR N/A N/A N/A N/A N/A
DCI N/A SR N/A N/A N/A S
MPLS VPN over
MGRE
N/A SR N/A N/A N/A S
SR = Supported and Recommended
S = Supported
BRKARC-2001 90
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
WAN MACSec Applications
• MKA based keying (IEEE 802.1X-2010)
• 802.1AE strong encryption
• 128/256 bits AES-GCM, NIST approved, line rate performance
• Vlan tag in clear option
• Point-to-point
• Port based E-LINE Service
• VLAN based E-LINE Service
• Point-to-Multipoint
• Port based E-LAN Service
• VLAN based E-LAN Service
• 32 peers on 10GE; 8 peers on GE
DC1
DC2
Metro
E-LINE
Building 3
Metro
E-LAN
Main Building 1
Building 2 Building 4
BRKARC-2001 91
Data Center Interconnect Connect large branch, regional aggregate site to DC
ASR 1000 APPLICATIONS:Datacenter Interconnect (DCI)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
DCI with OTV
Security
• IPsec or GETVPN
Use Cases
Datacenter maintenance/DR
workload mobility (i.e. Vmotion)
Active/Active Datacenters (HA
Clustering, i.e. MSCS, Vmware
Cluster)
Legacy Application (non-
IP/Routable apps, i.e. NetBios)
High Availability
• Built-in loop prevention
• Built-in multi-homing
• Preserve failure boundary
• All paths active
• FHRP
Connectivity
• IP Core (unicast & mcast)
• Optimal multicast replication
• +LSIP for optimal routing
• Up to 20 sites
• Interop with N7k
• Support Fragmentation
MAC IF
MAC1 Eth1
MAC2 IP B
MAC3 IP B
Edge Device A
IP B
Edge Device B
Encap Decap
Ethernet Frame IP packet Ethernet Frame Ethernet Frame
MAC IF
MAC1 IP A
MAC2 Eth 1
MAC3 Eth 2ASR1K
ASR1K
IP Core
OTV Join Intf OTV Join Intf
ASR1K
Edge Device B
Edge Device C
BRKARC-2001 93
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
VXLAN Enables Scale and Flexibility in the Datacenter
IP/MPLS coreuni or multicast
VxLAN (MAC in IP)
VXLAN L2 Gateway• VXLAN to 802.1q
VXLAN L3 Gateway• VXLAN to Routed
• VXLAN to L3 VRF mapping
Internet
Hypervisor
Scale
• 4,000 VXLAN Tunnel
Endpoints (VTEPs)
• Up to 16k VXLAN Network
Identifiers (VNIs)
• Up to 16k Bridge Domain
Interfaces (BDIs)
• Up to 1M MAC addresses
Use Cases
• VXLAN-VXLAN Interworking
• VLAN-VXLAN Interoperability
• VXLAN-VPLS Interoperability
• VXLAN-VRF Integration
Standard
• MAC-in-IP: RFC 7348
• Unicast (Ingress replication)
or Multicast (BiDir) for
peering and MAC
reachability
Connectivity
• Provides L2 connectivity between virtual switches in hypervisors, hardware switches and hardware routers
• VXLAN extends subnets to virtualized resources
BRKARC-2001 94
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN L3 DCI ASR1k as a Border Leaf connects with Standalone ACI Fabric using EVPN and VXLAN in DC Side, GETVPN on the WAN
95BRKARC-2001
Enterprise Site
iBGP
IPVPN
PE-CECE-PE
MPLS
IPIP
RD, Prefix , RT, L3 VNINext Hop – VTEP IPTunnel Encap – VXLANRouter MAC
PrefixNext Hop
EVPN Route
IP Route
Feature InteractionSolution Characteristics
• ASR1k Border Leaf Connecting WAN with DC
• Multi-tenant VRF Lite solution where a VRF is
assigned to a tenant
• Services: QoS, NAT, IPsec, AVC, PfR,
AppNav, ZBFW, etc.
• WAN side: Back to Back VRFs with dedicated
L3 sub-interfaces between DC & WAN
• DC side: EVPN – VRF Lite integration
• Orchestration: VTS, Cisco Prime
GETVPN over MPLS
Spine
Leaf
Fabric Extenders
N9500 N9500 N9500 N9500
N9300 N9300 N9300 N9300 N9300 N9300 N9300 N9500 N9500
Data Center 1
VXLAN
MP-BGP
EVPN IP40G links
DC
ASR 1000 APPLICATIONS:Intelligent WAN (IWAN)
IWAN Sessions this week:
BRKCRS-2000 Intelligent WAN (IWAN) Architecture
BRKCRS-2002 IWAN Design and Deployment Workshop
TECCRS-2004 Implementing the Intelligent WAN (IWAN)
BRKRST-2362 Implementing Performance Routing (PfRv3)
BRKRST-2514 Application Optimization and Provisioning the Intelligent WAN (IWAN)
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 97BRKARC-2001
Intelligent WAN Solution Components
MPLS
Branch
3G/4G-LTE
AVC
Internet
PrivateCloud
VirtualPrivateCloud
PublicCloudWAAS PfR
Application Optimization
• Application visibility with
performance monitoring
• Application acceleration
and bandwidth
optimization
Secure Connectivity
• Certified strong encryption
• Comprehensive threat
defense
• Cloud Managed Security for
secure direct Internet access
Intelligent Path Control
• Dynamic Application best
path based on policy
• Load balancing for full
utilization of bandwidth
• Improved availability
TransportIndependent
• Consistent operational model
• Simple provider migrations
• Scalable and modular design
• IPsec routing overlay design
Control & Management Automation
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Start with Cisco AX RoutersIWAN Capabilities Embedded in the Router
Simplify Application
Delivery
One Network
UNIFIED SERVICES
ASR1000-AX
ISR-AX
Cisco AX Routers 3900 | 2900 | 1900 | 800 | 4000 | ASR1000
Transport Independent
Secure Routing
Optimization
Control
Visibility
Summary and Take away
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
• ASR 1000 is the Swiss Army Knife to solve your tough network problems
• Reduce complexity in your network edge.
• ASR 1000 is well positioned for both Enterprise and Service Provider Architectures.
• ASR 1000 is at the heart of Cisco IWAN solutions
• Come see live at our WoS Booth!
Summary and Key Takeaways
BRKARC-2001 100
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Relevant Sessions at Cisco Live 2016
Breakout Sessions
• BRKARC-2009 Operating an ASR 1000
• BRKARC-2031 QoS Config Migrations From Classic IOS to IOS XE
• BRKCRS-3147 Advanced troubleshooting of the ASR1K and ISR 4451-X made easy
BRKARC-2001 101
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.
• Complete your session surveys through the Cisco Live mobile app or from the Session Catalog on CiscoLive.com/us.
BRKARC-2001 102
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
103Presentation ID
Please join us for the Service Provider Innovation Talk featuring:
Yvette Kanouff | Senior Vice President and General Manager, SP Business
Joe Cozzolino | Senior Vice President, Cisco Services
Thursday, July 14th, 2016
11:30 am - 12:30pm, In the Oceanside A room
What to expect from this innovation talk
• Insights on market trends and forecasts
• Preview of key technologies and capabilities
• Innovative demonstrations of the latest and greatest products
• Better understanding of how Cisco can help you succeed
Register to attend the session live now or
watch the broadcast on cisco.com
Thank you
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
R&S Related Cisco Education OfferingsCourse Description Cisco Certification
CCIE R&S Advanced Workshops (CIERS-1 &
CIERS-2) plus
Self Assessments, Workbooks & Labs
Expert level trainings including: instructor led workshops, self
assessments, practice labs and CCIE Lab Builder to prepare candidates
for the CCIE R&S practical exam.
CCIE® Routing & Switching
• Implementing Cisco IP Routing v2.0
• Implementing Cisco IP Switched
Networks V2.0
• Troubleshooting and Maintaining
Cisco IP Networks v2.0
Professional level instructor led trainings to prepare candidates for the
CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in
self study eLearning formats with Cisco Learning Labs.
CCNP® Routing & Switching
Interconnecting Cisco Networking Devices:
Part 2 (or combined)
Configure, implement and troubleshoot local and wide-area IPv4 and IPv6
networks. Also available in self study eLearning format with Cisco Learning
Lab.
CCNA® Routing & Switching
Interconnecting Cisco Networking Devices:
Part 1
Installation, configuration, and basic support of a branch network. Also
available in self study eLearning format with Cisco Learning Lab.
CCENT® Routing & Switching
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKARC-2001 107
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Design Cisco Education OfferingsCourse Description Cisco Certification
Designing Cisco Network Service Architectures
(ARCH) Version 3.0
Provides learner with the ability to perform conceptual, intermediate, and
detailed design of a network infrastructure that supports desired capacity,
performance, availability required for converged Enterprise network
services and applications.
CCDP® (Design Professional)
(Available Now)
Designing for Cisco Internetwork Solutions
(DESGN) Version 3.0
Instructor led training focused on fundamental design methodologies used
to determine requirements for network performance, security, voice, and
wireless solutions. Prepares candidates for the CCDA certification exam.
CCDA® (Design Associate)
(Available Now)
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKARC-2001 108
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Service Provider Cisco Education OfferingsCourse Description Cisco Certification
Deploying Cisco Service Provider Network Routing
(SPROUTE) & Advanced (SPADVROUTE)
Implementing Cisco Service Provider Next-Generation
Core Network Services (SPCORE)
Edge Network Services (SPEDGE)
SPROUTE covers the implementation of routing protocols (OSPF, IS-IS, BGP),
route manipulations, and HA routing features; SPADVROUTE covers advanced
routing topics in BGP, multicast services including PIM-SM, and IPv6;
SPCORE covers network services, including MPLS-LDP, MPLS traffic engineering,
QoS mechanisms, and transport technologies;
SPEDGE covers network services, including MPLS Layer 3 VPNs, Layer 2 VPNs,
and Carrier Ethernet services; all within SP IP NGN environments.
CCNP Service Provider®
Building Cisco Service Provider Next-Generation
Networks, Part 1&2 (SPNGN1), (SPNGN2)
The two courses introduce networking technologies and solutions, including OSI
and TCP/IP models, IPv4/v6, switching, routing, transport types, security, network
management, and Cisco OS (IOS and IOS XR).
CCNA Service Provider®
Implementing Cisco Service Provider Mobility UMTS
Networks (SPUMTS);
Implementing Cisco Service Provider Mobility CDMA
Networks (SPCDMA);
Implementing Cisco Service Provider Mobility LTE
Networks (SPLTE)
The three courses (SPUMTS, SPCDMA, SPLTE) cover knowledge and skills
required to understand products, technologies, and architectures that are found in
Universal Mobile Telecommunications Systems (UMTS) and Code Division Multiple
Access (CDMA) packet core networks, plus their migration to Long-Term Evolution
(LTE) Evolved Packet Systems (EPS), including Evolved Packet Core (EPC) and
Radio Access Networks (RANs).
Cisco Service Provider Mobility
CDMA to LTE Specialist;
Cisco Service Provider Mobility UMTS
to LTE Specialist
Implementing and Maintaining Cisco Technologies
Using IOS XR (IMTXR)
Service Provider/Enterprise engineers to implement, verification-test, and optimize
core/edge technologies in a Cisco IOS XR environment.
Cisco IOS XR Specialist
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKARC-2001 109
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Data Center / Virtualization Cisco Education OfferingsCourse Description Cisco Certification
Introducing Cisco Data Center Networking (DCICN);
Introducing Cisco Data Center Technologies (DCICT)
Learn basic data center technologies and skills to build a
data center infrastructure.
CCNA® Data Center
Implementing Cisco Data Center Unified Fabric (DCUFI);
Implementing Cisco Data Center Unified Computing (DCUCI)
Designing Cisco Data Center Unified Computing (DCUDC)
Designing Cisco Data Center Unified Fabric (DCUFD)
Troubleshooting Cisco Data Center Unified Computing
(DCUCT)
Troubleshooting Cisco Data Center Unified Fabric (DCUFT)
Obtain professional level skills to design, configure,
implement, troubleshoot data center network infrastructure.
CCNP® Data Center
Product Training Portfolio: DCNMM, DCAC9K, DCINX9K,
DCMDS, DCUCS, DCNX1K, DCNX5K, DCNX7K
Gain hands-on skills using Cisco solutions to configure,
deploy, manage and troubleshoot unified computing, policy-
driven and virtualized data center network infrastructure.
Designing the FlexPod® Solution (FPDESIGN);
Implementing and Administering the FlexPod® Solution
(FPIMPADM)
Learn how to design, implement and administer FlexPod
solutions
Cisco and NetApp Certified
FlexPod® Specialist
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKARC-2001 110
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Network Programmability Cisco Education OfferingsCourse Description Cisco Certification
Integrating Business Applications with Network
Programmability (NIPBA);
Integrating Business Applications with Network
Programmability for Cisco ACI (NPIBAACI)
Learn networking concepts, and how to deploy and troubleshoot
programmable network architectures with these self-paced courses.
Cisco Business Application
Engineer Specialist Certification
Developing with Cisco Network Programmability
(NPDEV);
Developing with Cisco Network Programmability
for Cisco ACI (NPDEVACI)
Learn how to build applications for network environments and effectively
bridge the gap between IT professionals and software developers.
Cisco Network Programmability
Developer Specialist Certification
Designing with Cisco Network Programmability
(NPDES);
Designing with Cisco Network Programmability
for Cisco ACI (NPDESACI)
Learn how to expand your skill set from traditional IT infrastructure to
application integration through programmability.
Cisco Network Programmability
Design Specialist Certification
Implementing Cisco Network Programmability
(NPENG);
Implementing Cisco Network Programmability
for Cisco ACI (NPENGACI)
Learn how to implement and troubleshoot open IT infrastructure
technologies.
Cisco Network Programmability
Engineer Specialist Certification
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKARC-2001 111
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cloud Cisco Education OfferingsCourse Description Cisco Certification
Understanding Cloud Fundamentals
(CLDFND)
Learn how to perform foundational tasks related to Cloud computing, and the essentials
of Cloud infrastructureCCNA Cloud
Introducing Cloud Administration
(CLDADM)
Learn the essentials of Cloud administration and operations, including how to provision,
manage, monitor, report and remediate.
Implementing and Troubleshooting the
Cisco Cloud Infrastructure (CLDINF)
Learn how to implement and troubleshoot Cisco Cloud infrastructure: compute,
network, storage.
CCNP Cloud
Designing the Cisco Cloud (CLDDES)*Learn how to design private and hybrid Clouds including infrastructure, automation,
security and virtual network services
Automating the Cisco Enterprise Cloud
(CLDAUT)*
Learn how to automate Cloud deployments – provisioning IaaS (private, private with
network automation and hybrid) and applications, life cycle management
Building the Cisco Cloud with Application
Centric Infrastructure (CLDACI)*
Learn how to build Cloud infrastructures based on Cisco Application Centric
Infrastructure, including design, implementation and automation
UCS Director Foundation (UCSDF)Learn how to manage physical and virtual infrastructure using orchestration and
automation functions of UCS Director.
* Available Q2CY2016
For more details, please visit: http://learningnetwork.cisco.com
Questions? Visit the Learning@Cisco Booth or contact [email protected]
BRKARC-2001 112