ASR1K Update

1 © 2012 Cisco and/or its affiliates. All rights reserved.

ASR1K Update Cisco Expo Serbia 2012

Gerd Pflueger – CSE Central Europe

[email protected]

Vers. 0.4

March 21 2012

© 2011 Cisco and/or its affiliates. All rights reserved. 2

• ASR 1000 Overview

• ASR1K under the Hood

• ASR1K IOS-XE Features


Compact, Most Powerful

Routers on the Market

Business Critical

Resiliency

Scalable On-Chip

Service Delivery

2.5 Gbps 80+ Gbps

Cisco

Quantum

Flow

Processor

Active

Forwarding

Processor

Active

Route

Processor

Standby

Route

Processor

Standby

Forwarding

Processor

SIP

SPA SPA

SPA SPA

SIP

SPA SPA

SPA SPA

SIP

SPA SPA

SPA SPA

Zero

Packet

Loss

RP fails

HW or SW

Standby

Becomes

Active

Tailor Subscriber

Services to Each

User

Video and Voice

can Both Have

High Priority

Full Security

Services

Full

Payload

Access

Enable

TelePresence,

VoIP

QoS

Dual High

Priority

Queue

Smaller

Carbon

Footprint

Service

Provider

Market

Enterprise

Market

Investment

Protection

Cross Platform SPA FE/GE/10GE, POS, SERIAL, ATM

Security

NAT

Firewall

IPSec

App Aware

DPI

NBAR

Control

SBC

Medianet

Personal

ISG

Policy

AAA


ASR 1000

Perf

orm

an

ce a

nd

Scala

bil

ity

7200 Series

ISR Series

7600 Series

ASR 9000

20 – 360GB Per System

Broadband

Route Reflector

Distributed PE

Hosted Firewall

IP Sec

SBC/VoIP

40G per Slot

Carrier Ethernet

IP RAN

Mobile Gateways

SBC/VoIP

Broadband

Vidmon

200G per Slot

Carrier Ethernet

+ BNG

IP RAN

L2/L3 VPNs

Vidmon

Managed L2 / L3 VPNS Integrated Security Application Recognition

Enterprise Edge / DC

Service Provider Edge Routers


Forwarding Processor

(active)

FECP Crypto Assist

QFP Subsystem

Interconn.

Forwarding Processor (standby)

FECP Crypto Assist

QFP Subsystem

Interconn.

Route Processor (standby)

RP

Interconn.

Route Processor

(active)

RP

Interconn.

RP (Route Processor) • Handles control plane traffic

• Manages system

ESP (Embedded Services Processor) • Handles forwarding plane traffic

SPA (Shared Port Adaptor) • SPA’s provide the physical interfaces

SIP (SPA Interface Processor) • SIP provides the physical termination

for the SPA’s

• Accepts up to four half-height or two full

height SPA’s

Centralized Forwarding Architecture • All traffic flows through the active ESP,

standby is synchronized with all flow state

with a dedicated 10Gbps link

Distributed Control Architecture • All major system components have a

powerful control processor dedicated

for control and management planes

SPA-SPI, 11.2Gbps

Hypertransport, 10Gbps

ESI, (Enhanced Serdes Interface) 11.5Gbps

SPA Agg.

SPA SPA

Interconn.

IOCP SPA Agg.

SPA SPA

Interconn.

IOCP SPA Agg.

SPA SPA

Interconn.

IOCP


RP1 (in slots

“r0” & “r1”)

ESP10

SIP

SPAs

Rack Mounts and Cable Management not shown


8

SPA Slots 1-slot/IDC 3-slot 8-slot 12-slot 24-slot

ESP Slots Integrated 1 1 2 2

RP Slots Integrated Integrated 1 2 2

SIP slots Integrated Integrated 2 3 6

IOS

Redundancy

Software (8- GB)*

No ISSU

Software (4-GB)

No ISSU

Software (4-GB)

No ISSU

Hardware

ISSU

Hardware

ISSU

Built-in GE 4 4 N/A N/A N/A

Height 1.75” (1RU) 3.5” (2RU) 7” (4RU) 10.5” (6RU) 22.7” (13RU)

Bandwidth 2.5/5.0 Gbps

BW upgradeable

via license

5-10 Gbps 10-40 Gbps 10-40 Gbps 40 Gbps

Maximum

output Power 400W 470W 765W 1275W 3200W

Airflow Front to back Front to back Front to back Front to back Front to back

ASR1002

ASR1004 ASR1006

ASR1013

ASR1001

* ASR1001 default memory is 4GB and can be upgraded to either 8GB or 16GB (16GBDRAM is available as of 3.3S).


9

ESP-2.5G ESP-5G ESP-10G ESP20G ESP-40G

System

Bandwidth 2.5Gbps 5Gbps 10Gbps 20Gbps 40Gbps

Performance 4Mpps 7.5 Mpps 17Mpps 23Mpps 23/46Mpps

# of Processors 10 20 40 40 40

Clock Rate 900 Mhz 900 Mhz 900 Mhz 1.2 GHz 1.2 GHz

Crypto Engine BW

(1400 Byte) 1.8Gbps 1.8Gbps 4Gbps 7Gbps 11Gbps

QFP Resource

Memory 256MB 256MB 512MB 1GB 1GB

Packet Buffer 64MB 64MB 128MB 256MB 256MB

Control CPU 800 MHz 800 MHz 800 MHz 1.2 GHz 1.8 GHz

Control Memory 1GB 1GB 2GB 4GB 8GB

TCAM 10Mb 10Mb 10Mb 40Mb 40Mb

Chassis Support

ASR1001 (integrated)

Upgrade to 5-Gbps via license

ASR1001 (integrated)

ASR 1002

ASR 1002, 1004, 1006

ASR 1004, 1006 ASR 1004 (3.2S),

1006, 1013

Based on Quantum Flow Processor (QFP)

http://www.cisco.com/en/US/partner/prod/collateral/routers/ps9343/data_sheet_c78-450070.html





10

ASR1001

RP1

RP2

CPU Dual-Core 2.2GHz Processor

General Purpose CPU based

on 1.5GHz

Dual-Core 2.66GHz Processor

Memory 4GB default (2x2GB)

8GB maximum (4x2GB)

16GB maximum (4X4GB) (as

of 3.3S)

2GB default (2x1GB)

4GB maximum (2x2GB)

RP1 with 4GB built in

toASR1002

8GB default (4x2GB)

16GB maximum (4x4GB)

Built-in eUSB bootflash 8GB

1GB (8GB on integrated RP1

on ASR-1002)

2GB

Storage External USB

40GB HDD & external USB 80GB HDD & external USB

Cisco IOS XE Operating

System 64 bit

32 bit 64 bit

Chassis Support ASR1001 route processor is

integrated into the ASR1001

chassis

RP1 module supported on

ASR1004 and ASR1006.

RP1 is integrated on the

ASR1002 chassis

RP2 module supported on

ASR1004, ASR1006, and

ASR1013

Data Sheet: http://www.cisco.com/en/US/partner/prod/collateral/routers/ps9343/data_sheet_c78-441072.html





ASR1000-SIP ASR1000-SIP

Bandwidth 10G 40G

Ingress Buffering 128MB 128MB

Egress Buffering 8MB 8MB

ESI Frequency 3.125GHz 6.25GHz or 3.125GHz

Bandwidth per ESI Link 11Gbps 23Gbps

ESI Links used 1 1 or 2

Total Bandwidth 11Gbps 23Gbps/46Gbps


Optics

SFP-GE-S

SFP-GE-L

SFP-GE-Z

SFP-GE-T

CWDM

XFP-10GLR-OC192SR

XFP-10GER-OC192IR

XFP-10GZR-OC192LR

GLC-GE-100FX

GLC-BX-U

GLC-BX-D

Channelized

SPA-8XCHT1/E1

SPA-2XCT3/DS0

SPA-4XCT3/DS0

SPA-1XCHSTM1/OC3

SPA-1xCHOC12/DS0

ATM SPA

SPA-1XOC3-ATM-V2

SPA-3XOC3-ATM-V2

SPA-1XOC12-ATM-V2

SPA-1CHOC3-CE-ATM

SPA-2CHT3-CE-ATM

SPA-24CHT1-CE-AT\M

Optics

SFP-OC3-MM

SFP-OC3-SR

SFP-OC3-IR1

SFP-OC3-LR1

SFP-OC3-LR2

SFP-OC12-MM

SFP-OC12-SR

SFP-OC12-IR1

SFP-OC12-LR1

SFP-OC12-LR2

SFP-OC48-SR

SFP-OC48-IR1

SFP-OC48-LR2

XFP-10GLR-OC192SR

XFP-10GER-OC192IR

XFP-10GZR-OC192LR

Serial / POS

SPA-4XT-Serial

SPA-2XT3/E3

SPA-4XT3/E3

SPA-2XOC3-POS

SPA-4XOC3-POS

SPA-8XOC3-POS

SPA-1XOC12-POS

SPA-2XOC12-POS

SPA-4XOC12-POS

SPA-8XOC12-POS

SPA-1XOC48POS/RPR (POS mode)



SPA-OC192POS-XFP (POS Mode)

Ethernet SPA

SPA-4X1FE-TX-V2

SPA-8X1FE-TX-V2

SPA-2X1GE-V2

SPA-5X1GE-V2

SPA-8X1GE-V2

SPA-10XGE-V2

SPA-1X10GE-L-V2

Service SPAs

SPA-WMA-K9

SPA-DSP

Clocking/Sync SPA

SPA-2X1GE-SYNCE


Chassis

Version ESP

Version SIP

Version SIP Slot

Number

Max.

Bandwidth

per SIP Slot

(Gbps)

Max. SIP

Interconnect

Oversubscription

Bandwidth

on ESP

(Gbps)

ESP (System

Bandwidth)

Oversubscription

System

(Chassis)

Oversubscription

ASR 1001 ESP2.5 n.a. n.a. n.a. n.a. 2.5 5.6:1 5.6:1

ASR 1002 ESP5 n.a. n.a. n.a. n.a. 5 6.8:1 6.8:1

ESP10 n.a. n.a. n.a. n.a. 10 3.4:1 3.4:1

ASR 1004 ESP10 SIP10 1, 2 10 4:1 10 2:1 8:1

ESP20 SIP10 1, 2 10 4:1 20 1:1 4:1

ASR 1006

ESP10 SIP10 1, 2, 3 10 4:1 10 3:1 12:1

ESP20 SIP10 1, 2, 3 10 4:1 20 3:2 6:1

ESP40 SIP10 1, 2, 3 10 4:1 40 3:4 4:1

ESP40 SIP40 1, 2, 3 40 1:1 40 3:1 3:1

ASR 1013

ESP40 SIP10 1, 2, 3, 4,

5, 6 10 4:1 40 3:2 6:1

ESP40 SIP40 1, 2, 3, 4 40 1:1

40 5:1 6:1 SIP40 5, 6 20 2:1

ESP and SIP Ingress QOS functions were integrated into the ASR 1000 design to deal with this apparent oversubscription


http://www.cisco.com/cdc_content_elements/flash/netsol/sp/quantum_flow/demo.html

http://www.cisco.com/cdc_content_elements/flash/netsol/sp/quantum_flow/demo.html


Embedded Services Processor

Route Processor

SPA Interface Processor

Control Messaging

Kernel Kernel

Kernel

QFP Client/Driver

Chassis Manager

Forwarding Manager

SPA Driver

SPA Driver

SPA Driver

SPA Driver

IOS

(Standby)

Forwarding Manager

Chassis Manager

IOS

(Active)

IOS XE Platform Adaptation Layer (PAL)

Chassis Manager

• IOS XE = IOS + IOS XE Middleware + Platform Software

• Operational Consistency—same look and feel as IOS Router

• IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc.) Capable of 64-bit operation

• Linux kernel with multiple processes running in protected memory for

Fault containment

Re-startability

ISSU of individual SW packages

• ASR 1000 HA Innovations

Zero-packet-loss RP Failover

<50ms ESP Failover

“Software Redundancy”


OTV – Phase 1

• OTV with GETVPN

• Interop between ASR1k and

Nexus 7k in the same site

• Interop between ASR1k and

Nexus 7k in the same overlay

• Not supported: non-multicast

core and OTV adjacent server

Network Positioning System –

Phase 1

• Data-Center dynamic selection

based on:

• Proximity

• Performance metrics

• Data Center Capabilities

• User-defined policies

• Ranking of multiple data-

centers based on policies

• API for data-center capability

advertisements & service

orchestration

LISP – Phase 2

• LISP MS/MR Virtualization

• LISP Map Notify Support

• LCAF support

• LISP with GETVPN

• LISP xTR virtualization

• Support EID instance-ID and EID

VRF qualified configuration

NAT

• Match-in-vrf for NAT44

• Stateful NAT64 - Intra-chassis

redundancy

• NAT64 Stateful - IETF Draft Catch

up

• Asymmetric Routing for NAT44

B2B Redundancy

Routing

• BGP MD5 for IPv6

• FNF: IPv6 FNF –NBAR Integration ,

Flexible NetFlow - Ingress VRF

Support

• PfR enhancements :Target

discovery, PfR Simplification -

SNMP MIB 1.0

• OSPFv3 Authentication using

IPSec

• ATM Cell Relay (Packed Cell, Port

Mode)

• E3 ATM support

• ERSPAN for low speed WAN links

QoS

• DSCP Tunnel Marking

• 1000 class maps per policy

• Policy Aggregator - multiple

service-fragment support within

one policy-map

• dVTI: QoS for low speed access:

PBR + dual tunnels


Medianet

• Passive RTP & TCP-based

measurements

• Video-related stats (RTP

jitter, RTT, application

packet rates)

• Mediatrace

• Reporting of stats over FNF

• Cisco video monitoring MIB

Security- Threat Defense - Firewall

•TrustSec –

• SGT (Identity Firewall)

• Monitor Mode (Policy to pass &

log)

• FW Policy Integration (Security

ID Groups and Hierarchical

Classes)

•Nested Class Map

•Asymmetric Routing (FW/NAT)

•Out of Order (OOP) Handling - Disable

HTTP Check

AVC – Phase 2 • Classification over Virtual

Interface (VASI, IPSec, VTI,

GRE)

• Native IPv6 classification

• Support IPv6 protocols in MQC

• VRF Reporting

• Insight: Usage and transaction

based reports per Virtual

Interfaces

Security- Cyrpto • IPv6 over v4 GRE tunnel protection

• USGv6 Compliance Phase I

• IKEv2 + AnyConnect for FlexVPN

Security- Threat Defense - ALG

•ALGs:

• MSRPC

• SCCP v17

• SIP ALG Enhancements (SIP over TCP)

• FTP64 ALG


• PIM

• PIM BiDir

• IPv6 Multicast Routing

• IPv6 BSR

• MVPN

• MVPN Extranet

• Multicast NAT

• Multicast CAC

• MVPN NSF/SSO

• IGMPv2/v3

• Extended ACL for

Multicast

• IPv4 / IPv6 routing

• BGP, RIP, IS-IS, OSPF,

Static routes

• GRE

• MPLS LDP

• MPLS VPN

• Inter-AS & CsC

• MPLSoGRE

• MPLS TE FRR

• VRF-aware features

• CRoMPLS

• EoMPLS

• PW redundancy

• MLPPP

• GEC

• PBR

• Netflow (v5, v8, v9)

• BGP policy accounting

• BGP NSF

• BGP 4-byte AS (DOT)

• BGP PIC Core

• IPv4 selective Download

• Ethernet, POS, ATM

• GLBP, HSRP, VRRP

• IP event dampening

• BFD for IS-IS, OSPF, Static

(IPv4 & IPv6)

• WCCP

• 8000 eBGP/iBGP

• 4000 VRF

• BGP PE-CE Opt.

• mVPN

• Half-duplex VRF

• BGP Pic Best External

• IPv4 over IPv6 Tunnels

• PfR

• L2TPv3

• HQF support

• 2PQs, 128K queues

• MQC: classification, marking, action

• Egress traffic shaping

• dual/single rate 3 color policing

• 4K policy Maps

• 256 class Maps

• 4-level hierarchical scheduling

• Bandwidth remaining ratio

• Policies aggregation

• ATM shaping per VP/VC

• Egress classification on QoS group

• ATM service policies (VP/VC)

• NBAR

• FPM

Routing &

MPLS & L2

(IPv4 / IPv6)

Multicast

LAC& PTA (v4 & v6) –

PPPoE, PPPoEoQinQ,

PPPoEoA & PPPoA

LNS (v4 & v6)

L2TS

ISG v4: PPP & IPoE - TC,

Prepaid, PBHK, L4R etc)

ISGv6: Dual stack PPP

sessions (PTA & LNS);

IPv6oE (unclassified IP)

BB HA: PPP, AAA, L2TP,

DHCPv4 & v6, QoS

Accounting, AAA

accounting, Radius-based LI

ISG HA: Dual-stack PPP,

IPoE (IPv4 only)

DHCP Relay & Server (vrf

aware)– v4 & v6

RA-MPLS-IPv4 & IPv6(LNS &

vrf-lite)

Per-session Firewall (PPP)

4-level Hierarchical QoS

ANCP + ANCP values to LN

& HA

Dynamic QOS Policy Control

(Service Template)

PPPoE Server Selection

(Stateless Cluster)

Service Accounting (Turbo

Button)

LI (SNMP, RADIUS, Circuit-

id)

QoS accounting – QoS stats

included in AAA records

accounting records.

Per-session PBR (max 1K

sessions)

IPv4 & IPv6 Template ACL

for BB Scaling

NAT44 and NAT64, 6rd

MLPPPoE & MLPPPoA

(single link-LFI)

PPPoE client

Broadband

QoS


• Config Synch

• SNMP, ARP, NAT

•Stateful IS-IS

• IPv6

• FR, PPP, MLPPP, HDLC,

VLAN

• DHCPv4/v6

• IPSec

•MPLS, MPLS-VPN, LDP,

VRF-lite

• hardware assisted IPSec

• IPSec VPN 3DES/AES

• DMVPN

• GETVPN

• Zone-based Firewall

• NAT

• RTSP Firewall ALG

• Control Plane Policing

• FIPS compliance

• IPv6 IPSec static VI

• VRF-aware zone-based

Firewall

• VRF-aware NAT

• DMVPN Hierarchical Hub

• VRF-aware IPSec

• VRF-aware Zone-based FW

• LAN Management Solution

• Cisco Information Center

• QoS Policy Manager

• IP Solution Center

• MPLS Diagnostics Expert

• Netflow Collector

• Cisco Security Manager

• Cisco Multicast Manager

• Traffic Engineering Manger

• MPLS LSP Ping / Traceroute

• MIBs

• SNMP

• Syslog

• VRF-aware NF

• Distributed and Integrated

SBC

• Topology Identity hiding

• DoS Protection

• Pinhole/filter control

• SIP Signaling/latching

• NAPT

• Megaco/H.248

• Flow-based QoS control

• DBE control interface

H.248, V4 transport, UDP,

TCP, etc

• Twice NAT for IPv4

• No NAT for IPv6

• H.248 ACK 3-way

• H.248 interim accounting

• SIP-H.323, H.323-H.323

• Flexible header

manipulation

• Privacy Header

• Signaling congestion

control

• IPv6 support

• SBC Endpoint switching

Security

SBC

HA

Network

Management


• ASR 1000 designed with QoS throughout system architecture from ingress to egress

• QFP Traffic Manager has full visibility into the packet

Enables sophisticated QoS processing, including DPI

• QFP ASIC embodies state-of-the art egress QoS

5+ levels of scheduling

128K user queues

Priority propagation & dual priority queues

3-parameter scheduling

• All interconnects allow for high/low priority queues

Xon-Xoff used to backpressure

• Scheduler exhibits industry-leading accuracy

ASR 1000 Traffic Manager

EF

AF1

AF4

VLAN

Physical Interface

Physical Interface

SIP

default

EF

AF1

AF4

default

VLAN


ASR 1006

• ASR 1000 offers fantastic HA support

Redundant ESP / RP on ASR 1006 and ASR 1013

Software Redundancy on ASR 1001, ASR 1002, ASR 1004

• Zero packet loss on RP Fail-over!

• Full support for ISSU

• Intra-chassis SSO support for

Configuration

Protocols: FR, ML(PPP), HDLC, VLAN , IS-IS, BGP, CEF, SNMP, MPLS, MPLS VPN, LDP, VRF-lite

Stateful features: PPPoX, AAA, DHCP, IPSec, NAT, Firewall

• IOS XE also provides full support for Network Resiliency

NSF/GR for BGP, OSPFv2/v3, IS-IS, EIGRP, LDP

IP Event Dampening

BFD (BGP, IS-IS, OSPF)

GLBP, HSRP, VRRP

• Stateful inter-chassis redundancy available for NAT, Firewall, SBC

Active

Forwarding

Processor

Active

Route

Processor

Standby

Route

Processor

Standby

Forwarding

Processor

SPA Carrier Card

SPA SPA

SPA SPA

SPA Carrier Card

SPA SPA

SPA SPA

SPA Carrier Card

SPA SPA

SPA SPA

Zero

Packet

Loss

RP fails

HW or SW

Standby

Becomes

Active


• Support for Any-transport-over-MPLS, including EoMPLS

Port/VLAN/.1q modes with interworking and local switching!

• Support for EVC infrastructure VLAN tags (single, double, ambiguous)

Untagged traffic

Unclassified traffic (default)

802.1ad S-VLANs

Custom EtherType (eg. IPv4/v6, PPPoE Discovery, PPPoE Session)

CoS (802.1p bits)

• Flexible EVC forwarding services

• OTV support Including Multihoming with per VLAN load-balancing and VM Mobility, MAC moves from one site to another

• VPLS Support

• Ethernet OAM Support

EVC Infrastructure

EFPs

Ports

MP

LS

BD BD L2 Interworking

ATM/FR EFPs

BD Subintf

BD L2 VFI

L3/VRF Routed

Pseud

o

wire

Pseud

o

wire

Pseud

o

wire

Available TBD

L2 MP Bridging

connect

(hair-pin)

connect

xconnect


• ESP-embedded Crypto ASIC enables high-performant encryption services

Up to 11 Gbps with ESP40

Up to 8000 site-site IPSec CM tunnels

Up to 4000 sVTI, dVTI, GRE/TP tunnels

• QFP processing-to-completion using the FIA allows for IPSec computation in combination with other features (QoS, MPLS, GRE…)

• Remote-access, site-to-site VPN services

GETVPN, DMVPN, Easy VPN w/ or w/o dVTI

• VASI

Enables services such as FW/NAT to be applied to traffic going across different VRFs

• VRF-aware IPSec

With Dynamic crypto maps or dVTI

MPLS VPN or IEEE 802.1q

• Multi-SA for dVTI to enable connection with non-Cisco VPN routers

Enables simple migration from crypto-maps to VTI

• IKEv2 Site to site VPN & Windows client support

support for VPN mobility extension

Including Remote access VPN with Windows native clients

• IPV6 support: IPv6oIPv4/GRE with encryption, v6 sVTI, VASI, NAT64, ACLs, USGv6 compliance (phase 1)

GigabitEthernet0/2/0VRF Blue

VasiLeft1VRF Blue

VasiRight1VRF Red

GigabitEthernet0/3/0VRF Red

1

2 3 4


• ASR 1000 Architecture ideally suited to perform deep-packet inspection

QFP has full visibility into each packet payload

• DPI enabled via the Application Visibility and Control (AVC) infrastructure

NBAR2 + Reporting + FNF

• NBAR2 allows classification of over 900 applications

Integrated into MQC infrastructure

Allows QoS control at the application level

• Insight reporter offers

GUI for application reports (interface / system)

Top talkers

Top applications

Usage trends

On-line monitoring

Etc.

Class-map match-all business-critical match protocol citrix match access-group 101 class-map match-any browsing match protocol attribute category browsing class-map match-any internal-browsing match protocol http url “*myserver.com*”

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26

Overlay Transport Virtualization

Interconnecting Data Center with MAC routing (NO MPLS)

Ethernet traffic (frames) between sites is encapsulated in IP: “MAC in IP”

Dynamic encapsulation based on MAC routing table

Unlike EoMPLS or VPLS, no Pseudo-Wire or Tunnel state maintained

West

Site

East

Site

OTV OTV

VLAN MAC IF

100 MAC1 Eth1

100 MAC2 IP B

100 MAC3 IP B

IP A IP B

Encap Decap

Ethernet Frame IP packet Ethernet Frame Ethernet Frame

VLAN MAC IF

100 MAC1 IP A

100 MAC2 Eth 1

100 MAC3 Eth 2

Communication between MAC1 (West) and MAC2 (East)


• Cat6k running VPLS connects to ASR1K via L2 internal link and uses ASR1K as OTV/DCI gateway to get to N7K. VPLS and OTV domains are connected. Deployed at one site.

N7k OTV

ASR1k

OTV L1/L2/L3 Service

Cat 6k

VPLSoGRE

Cat 6k

VPLSoGRE

Plain L2

Internal to the site


•LISP Virtualization Features supported on ASR1K in 3.5S release:

LISP Ingress Tunnel Router /Egress Tunnel Router

LISP Proxy Ingress Tunnel Router /Proxy Egress Tunnel Router

LISP Map server/Map Resolver

Nine EID/RLOC Combinations supported

-IPv4 EID / IPv4 RLOC


-IPv4 EID / IPv4 & IPv6 RLOCS



-IPv6 EID / IPv4 & IPv6 RLOCS

-IPv4 & IPv6 EID / IPv4 RLOC

-IPv4 & IPv6 EID / IPv6 RLOC

-IPv4 & IPv6 EIDS / IPv4 & IPv6 RLOCS

IPv4 / IPv6 ACL with LISP

NAT with LISP

Net flow with LISP

QOS with LISP (Only Classification and Marking)


ITR Map Cache 10,000

PITR Map Cache 100,000

ETR Database Mapping 10

Map Resolver 10K BGP Routes

Announced by MS

Map Server 100K BGP LISP Routes

VRFs on xTR or PxTR 250

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30

• LISP is completely open

Started in the IRTF

Currently has an IETF working group

No known IPR

• 100s of Researchers and Operators Contributed to Design

• Multiple Vendors Interested

• Pilot Network up for nearly 4 years

121 nodes in 25 countries

• Building a LISP-MN Pilot Network

Testing server capabilities on Android phones

Experimenting new mapping database systems and security mechanisms


Locator/ID split enables other (more important) benefits…

Internet

Device IPv4 or IPv6

address represents

identity and location

x.y.z.1

When the device moves, it

gets a new IPv4 or IPv6

address for its new identity

and location

w.z.y.9

Device IPv4 or

IPv6 address

represents

identity only

When the device moves,

keeps its IPv4 or IPv6

address.

It has the same identity

Internet

a.b.c.1

e.f.g.7

Only the location changes

x.y.z.1

x.y.z.1

Today’s Internet Behavior

LISP Behavior


Prefix Next-hop w.x.y.1 e.f.g.h

x.y.w.2 e.f.g.h

z.q.r.5 e.f.g.h

z.q.r.5 e.f.g.h

MS

ITR

PTR

ETR

ETR

Non-LISP

EID Space

EID Space

RLOC Space

EID RLOC a.a.a.0/24 w.x.y.1

b.b.b.0/24 x.y.w.2

c.c.c.0/24 z.q.r.5

d.d.0.0/16 z.q.r.5


b.b.b.0/24 x.y.w.2

c.c.c.0/24 z.q.r.5

d.d.0.0/16 z.q.r.5


b.b.b.0/24 x.y.w.2

c.c.c.0/24 z.q.r.5

d.d.0.0/16 z.q.r.5

Map DB

EID (Endpoint Identifier) is the host IP address

Creates a “Level of indirection” by using two namespaces – EID and RLOC

RLOC (Routing Locator) is the infrastructure IP address of the LISP router

Mapping Database (M-DB) is the distributed database and policy repository

Network-based solution

No host changes

Minimal configuration

No DNS changes

Address Family agnostic

Incrementally deployable (support LISP and non-LISP)

Support for mobility

LISP – A Level of Indirection for IP Addressing


IPv6 Transition Support

v6-over-v4, v6-over-v6

v4-over-v6, v4-over-v4

IPv4

Internet

IPv6

Internet

v6

v6 v4 v6

LISP

router LISP

router

v6

services

VM-Mobility

Cloud / Layer 3 VM

moves

Segmentation

Data

Center 1

Data

Center 2

a.b.c.1

VM

a.b.c.1

VM

VM move

LISP

router LISP

router

Internet

VPNs and Segmentation

Over-the-Top

Multi-tenency

HQ LISP

Site

Internet

Data

Center User

Network

Remote

LISP Site Remote

LISP Site Remote

LISP Site

Remote

LISP Site . . 10k . .

Efficient Multi-Homing

IP Portability

Ingress Traffic Engineering without BGP

LISP

routers

LISP

Site

Internet


Routing

• BGP Graceful shutdown

• IPv6 access lists to filter

hop-by-hop protocol

• OSPFv3 Vrf-lite CE-PE

• eBGP+NSR scale – 3k

SPA

•2xCHT3-CEoP SPA - Circuit

Emulation support

SIP40 combinations

• ESP10, ESP20, RP1, RP2

combinations

HA

• BFD: Multihop, 1000

peers,GEC, EIGRP IPv6

• GRE HA

• NSR for MP-iBGP

• BGP NSR/SSO without

route refresh

Target FCS: Mar 2012

BNG

• Per-session NAT (PPP)

• MLPPPoE (multilink-8) –

PTA&LNS

• ISGv6

• Native session

downstream passthrough

• Bi-directional Idle timeout

MSE

• MPLS TE-FRR: Auto-tunnel

(Mesh groups), CBTS, FRR

LP Prefix independent

• VPLS/EoMPLS: Routed

Pseudowire support

• GEC support for PW

• EOAM + Y.1731

• AToM: ATM-FR interworking,

FR-FR local switching

• ATM: VC bundling


IPv6 Firewall Ph 1

• Dual-Stack IPv4/IPv6 L4 Inspection

• v6 Network-v4 Internet v6 Network-v4

Network

• v6 Network-v6 Network

• Intra-chassis HA

• v4 level scale, perf

• Syslog, Netflow

• MIBs, NAT64

• DDOS-all v4 level protection

Security

• RSA E-Token 64k support for cert,

configuration etc.

• DMVPN per-tunnel/SA QoS

• Scale up to 2K tunnels

• Physical interface shaping + DMVPN

Service Policy

• GETVPN Key Server Support

Medianet

• Performance Monitoring - IPv6 support

• Transport packet out-of-order counter

Target FCS: Mar 2012

CUBE-SP

• H.323 v5 support

CUBE-ENT

• Voice code componentization

• Conditional header manipulation of SIP headers

• Mid-call Re-INVITE support

• Inbound dial-peer match by remote IP address

• Support for SIP UPDATE message per RFC 3311

• Session Time Support

• ASP/NR (CUBE ASR1k)

• PCM Capture (CUBE ASR1k)

• VQ Stats (CUBE ASR1k)

NBAR2 •MGRE MQC, PPPoE, PPPoA & L2TP (LNS) support


Cross Architecture

Support- Seamless

Interconnect with

Service Provider

Services

Best in Class

Availability

and

Resiliency

Best in Class ASIC

Technology

Support for

Service Provider

IP NGN

Architecture and

Enterprise

Borderless

Network,

Collaboration and

Data Center

Architectures

Enterprise IOS

Features with Modular

OS and Software

Redundancy or

Hardware Redundancy

and ISSU

Quantam Flow

Processor (QFP)

Thank you.

ASR1K Update

Documents

Transcript of ASR1K Update