ASR1K Update
Transcript of ASR1K Update
1 © 2012 Cisco and/or its affiliates. All rights reserved.
ASR1K Update Cisco Expo Serbia 2012
Gerd Pflueger – CSE Central Europe
Vers. 0.4
March 21 2012
© 2011 Cisco and/or its affiliates. All rights reserved. 2
• ASR 1000 Overview
• ASR1K under the Hood
• ASR1K IOS-XE Features
© 2011 Cisco and/or its affiliates. All rights reserved. 3
Compact, Most Powerful
Routers on the Market
Business Critical
Resiliency
Scalable On-Chip
Service Delivery
2.5 Gbps 80+ Gbps
Cisco
Quantum
Flow
Processor
Active
Forwarding
Processor
Active
Route
Processor
Standby
Route
Processor
Standby
Forwarding
Processor
SIP
SPA SPA
SPA SPA
SIP
SPA SPA
SPA SPA
SIP
SPA SPA
SPA SPA
Zero
Packet
Loss
RP fails
HW or SW
Standby
Becomes
Active
Tailor Subscriber
Services to Each
User
Video and Voice
can Both Have
High Priority
Full Security
Services
Full
Payload
Access
Enable
TelePresence,
VoIP
QoS
Dual High
Priority
Queue
Smaller
Carbon
Footprint
Service
Provider
Market
Enterprise
Market
Investment
Protection
Cross Platform SPA FE/GE/10GE, POS, SERIAL, ATM
Security
NAT
Firewall
IPSec
App Aware
DPI
NBAR
Control
SBC
Medianet
Personal
ISG
Policy
AAA
© 2011 Cisco and/or its affiliates. All rights reserved. 4
ASR 1000
Perf
orm
an
ce a
nd
Scala
bil
ity
7200 Series
ISR Series
7600 Series
ASR 9000
20 – 360GB Per System
Broadband
Route Reflector
Distributed PE
Hosted Firewall
IP Sec
SBC/VoIP
40G per Slot
Carrier Ethernet
IP RAN
Mobile Gateways
SBC/VoIP
Broadband
Vidmon
200G per Slot
Carrier Ethernet
+ BNG
IP RAN
L2/L3 VPNs
Vidmon
Managed L2 / L3 VPNS Integrated Security Application Recognition
Enterprise Edge / DC
Service Provider Edge Routers
© 2011 Cisco and/or its affiliates. All rights reserved. 5
Forwarding Processor
(active)
FECP Crypto Assist
QFP Subsystem
Interconn.
Forwarding Processor (standby)
FECP Crypto Assist
QFP Subsystem
Interconn.
Route Processor (standby)
RP
Interconn.
Route Processor
(active)
RP
Interconn.
RP (Route Processor) • Handles control plane traffic
• Manages system
ESP (Embedded Services Processor) • Handles forwarding plane traffic
SPA (Shared Port Adaptor) • SPA’s provide the physical interfaces
SIP (SPA Interface Processor) • SIP provides the physical termination
for the SPA’s
• Accepts up to four half-height or two full
height SPA’s
Centralized Forwarding Architecture • All traffic flows through the active ESP,
standby is synchronized with all flow state
with a dedicated 10Gbps link
Distributed Control Architecture • All major system components have a
powerful control processor dedicated
for control and management planes
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
ESI, (Enhanced Serdes Interface) 11.5Gbps
SPA Agg.
SPA SPA
Interconn.
IOCP SPA Agg.
SPA SPA
Interconn.
IOCP SPA Agg.
SPA SPA
Interconn.
IOCP
© 2011 Cisco and/or its affiliates. All rights reserved. 6
RP1 (in slots
“r0” & “r1”)
ESP10
SIP
SPAs
Rack Mounts and Cable Management not shown
Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. 7
© 2011 Cisco and/or its affiliates. All rights reserved. 8
8
SPA Slots 1-slot/IDC 3-slot 8-slot 12-slot 24-slot
ESP Slots Integrated 1 1 2 2
RP Slots Integrated Integrated 1 2 2
SIP slots Integrated Integrated 2 3 6
IOS
Redundancy
Software (8- GB)*
No ISSU
Software (4-GB)
No ISSU
Software (4-GB)
No ISSU
Hardware
ISSU
Hardware
ISSU
Built-in GE 4 4 N/A N/A N/A
Height 1.75” (1RU) 3.5” (2RU) 7” (4RU) 10.5” (6RU) 22.7” (13RU)
Bandwidth 2.5/5.0 Gbps
BW upgradeable
via license
5-10 Gbps 10-40 Gbps 10-40 Gbps 40 Gbps
Maximum
output Power 400W 470W 765W 1275W 3200W
Airflow Front to back Front to back Front to back Front to back Front to back
ASR1002
ASR1004 ASR1006
ASR1013
ASR1001
* ASR1001 default memory is 4GB and can be upgraded to either 8GB or 16GB (16GBDRAM is available as of 3.3S).
© 2011 Cisco and/or its affiliates. All rights reserved. 9
9
ESP-2.5G ESP-5G ESP-10G ESP20G ESP-40G
System
Bandwidth 2.5Gbps 5Gbps 10Gbps 20Gbps 40Gbps
Performance 4Mpps 7.5 Mpps 17Mpps 23Mpps 23/46Mpps
# of Processors 10 20 40 40 40
Clock Rate 900 Mhz 900 Mhz 900 Mhz 1.2 GHz 1.2 GHz
Crypto Engine BW
(1400 Byte) 1.8Gbps 1.8Gbps 4Gbps 7Gbps 11Gbps
QFP Resource
Memory 256MB 256MB 512MB 1GB 1GB
Packet Buffer 64MB 64MB 128MB 256MB 256MB
Control CPU 800 MHz 800 MHz 800 MHz 1.2 GHz 1.8 GHz
Control Memory 1GB 1GB 2GB 4GB 8GB
TCAM 10Mb 10Mb 10Mb 40Mb 40Mb
Chassis Support
ASR1001 (integrated)
Upgrade to 5-Gbps via license
ASR1001 (integrated)
ASR 1002
ASR 1002, 1004, 1006
ASR 1004, 1006 ASR 1004 (3.2S),
1006, 1013
Based on Quantum Flow Processor (QFP)
http://www.cisco.com/en/US/partner/prod/collateral/routers/ps9343/data_sheet_c78-450070.html
© 2011 Cisco and/or its affiliates. All rights reserved. 10
10
ASR1001
RP1
RP2
CPU Dual-Core 2.2GHz Processor
General Purpose CPU based
on 1.5GHz
Dual-Core 2.66GHz Processor
Memory 4GB default (2x2GB)
8GB maximum (4x2GB)
16GB maximum (4X4GB) (as
of 3.3S)
2GB default (2x1GB)
4GB maximum (2x2GB)
RP1 with 4GB built in
toASR1002
8GB default (4x2GB)
16GB maximum (4x4GB)
Built-in eUSB bootflash 8GB
1GB (8GB on integrated RP1
on ASR-1002)
2GB
Storage External USB
40GB HDD & external USB 80GB HDD & external USB
Cisco IOS XE Operating
System 64 bit
32 bit 64 bit
Chassis Support ASR1001 route processor is
integrated into the ASR1001
chassis
RP1 module supported on
ASR1004 and ASR1006.
RP1 is integrated on the
ASR1002 chassis
RP2 module supported on
ASR1004, ASR1006, and
ASR1013
Data Sheet: http://www.cisco.com/en/US/partner/prod/collateral/routers/ps9343/data_sheet_c78-441072.html
© 2011 Cisco and/or its affiliates. All rights reserved. 11
ASR1000-SIP ASR1000-SIP
Bandwidth 10G 40G
Ingress Buffering 128MB 128MB
Egress Buffering 8MB 8MB
ESI Frequency 3.125GHz 6.25GHz or 3.125GHz
Bandwidth per ESI Link 11Gbps 23Gbps
ESI Links used 1 1 or 2
Total Bandwidth 11Gbps 23Gbps/46Gbps
© 2011 Cisco and/or its affiliates. All rights reserved. 12
Optics
SFP-GE-S
SFP-GE-L
SFP-GE-Z
SFP-GE-T
CWDM
XFP-10GLR-OC192SR
XFP-10GER-OC192IR
XFP-10GZR-OC192LR
GLC-GE-100FX
GLC-BX-U
GLC-BX-D
Channelized
SPA-8XCHT1/E1
SPA-2XCT3/DS0
SPA-4XCT3/DS0
SPA-1XCHSTM1/OC3
SPA-1xCHOC12/DS0
ATM SPA
SPA-1XOC3-ATM-V2
SPA-3XOC3-ATM-V2
SPA-1XOC12-ATM-V2
SPA-1CHOC3-CE-ATM
SPA-2CHT3-CE-ATM
SPA-24CHT1-CE-AT\M
Optics
SFP-OC3-MM
SFP-OC3-SR
SFP-OC3-IR1
SFP-OC3-LR1
SFP-OC3-LR2
SFP-OC12-MM
SFP-OC12-SR
SFP-OC12-IR1
SFP-OC12-LR1
SFP-OC12-LR2
SFP-OC48-SR
SFP-OC48-IR1
SFP-OC48-LR2
XFP-10GLR-OC192SR
XFP-10GER-OC192IR
XFP-10GZR-OC192LR
Serial / POS
SPA-4XT-Serial
SPA-2XT3/E3
SPA-4XT3/E3
SPA-2XOC3-POS
SPA-4XOC3-POS
SPA-8XOC3-POS
SPA-1XOC12-POS
SPA-2XOC12-POS
SPA-4XOC12-POS
SPA-8XOC12-POS
SPA-1XOC48POS/RPR (POS mode)
SPA-2XOC48POS/RPR (POS mode)
SPA-4XOC48POS/RPR (POS mode)
SPA-OC192POS-XFP (POS Mode)
Ethernet SPA
SPA-4X1FE-TX-V2
SPA-8X1FE-TX-V2
SPA-2X1GE-V2
SPA-5X1GE-V2
SPA-8X1GE-V2
SPA-10XGE-V2
SPA-1X10GE-L-V2
Service SPAs
SPA-WMA-K9
SPA-DSP
Clocking/Sync SPA
SPA-2X1GE-SYNCE
© 2011 Cisco and/or its affiliates. All rights reserved. 13
Chassis
Version ESP
Version SIP
Version SIP Slot
Number
Max.
Bandwidth
per SIP Slot
(Gbps)
Max. SIP
Interconnect
Oversubscription
Bandwidth
on ESP
(Gbps)
ESP (System
Bandwidth)
Oversubscription
System
(Chassis)
Oversubscription
ASR 1001 ESP2.5 n.a. n.a. n.a. n.a. 2.5 5.6:1 5.6:1
ASR 1002 ESP5 n.a. n.a. n.a. n.a. 5 6.8:1 6.8:1
ESP10 n.a. n.a. n.a. n.a. 10 3.4:1 3.4:1
ASR 1004 ESP10 SIP10 1, 2 10 4:1 10 2:1 8:1
ESP20 SIP10 1, 2 10 4:1 20 1:1 4:1
ASR 1006
ESP10 SIP10 1, 2, 3 10 4:1 10 3:1 12:1
ESP20 SIP10 1, 2, 3 10 4:1 20 3:2 6:1
ESP40 SIP10 1, 2, 3 10 4:1 40 3:4 4:1
ESP40 SIP40 1, 2, 3 40 1:1 40 3:1 3:1
ASR 1013
ESP40 SIP10 1, 2, 3, 4,
5, 6 10 4:1 40 3:2 6:1
ESP40 SIP40 1, 2, 3, 4 40 1:1
40 5:1 6:1 SIP40 5, 6 20 2:1
ESP and SIP Ingress QOS functions were integrated into the ASR 1000 design to deal with this apparent oversubscription
© 2011 Cisco and/or its affiliates. All rights reserved. 14
http://www.cisco.com/cdc_content_elements/flash/netsol/sp/quantum_flow/demo.html
Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. 15
© 2011 Cisco and/or its affiliates. All rights reserved. 16
Embedded Services Processor
Route Processor
SPA Interface Processor
Control Messaging
Kernel Kernel
Kernel
QFP Client/Driver
Chassis Manager
Forwarding Manager
SPA Driver
SPA Driver
SPA Driver
SPA Driver
IOS
(Standby)
Forwarding Manager
Chassis Manager
IOS
(Active)
IOS XE Platform Adaptation Layer (PAL)
Chassis Manager
• IOS XE = IOS + IOS XE Middleware + Platform Software
• Operational Consistency—same look and feel as IOS Router
• IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc.) Capable of 64-bit operation
• Linux kernel with multiple processes running in protected memory for
Fault containment
Re-startability
ISSU of individual SW packages
• ASR 1000 HA Innovations
Zero-packet-loss RP Failover
<50ms ESP Failover
“Software Redundancy”
© 2011 Cisco and/or its affiliates. All rights reserved. 17
OTV – Phase 1
• OTV with GETVPN
• Interop between ASR1k and
Nexus 7k in the same site
• Interop between ASR1k and
Nexus 7k in the same overlay
• Not supported: non-multicast
core and OTV adjacent server
Network Positioning System –
Phase 1
• Data-Center dynamic selection
based on:
• Proximity
• Performance metrics
• Data Center Capabilities
• User-defined policies
• Ranking of multiple data-
centers based on policies
• API for data-center capability
advertisements & service
orchestration
LISP – Phase 2
• LISP MS/MR Virtualization
• LISP Map Notify Support
• LCAF support
• LISP with GETVPN
• LISP xTR virtualization
• Support EID instance-ID and EID
VRF qualified configuration
NAT
• Match-in-vrf for NAT44
• Stateful NAT64 - Intra-chassis
redundancy
• NAT64 Stateful - IETF Draft Catch
up
• Asymmetric Routing for NAT44
B2B Redundancy
Routing
• BGP MD5 for IPv6
• FNF: IPv6 FNF –NBAR Integration ,
Flexible NetFlow - Ingress VRF
Support
• PfR enhancements :Target
discovery, PfR Simplification -
SNMP MIB 1.0
• OSPFv3 Authentication using
IPSec
• ATM Cell Relay (Packed Cell, Port
Mode)
• E3 ATM support
• ERSPAN for low speed WAN links
QoS
• DSCP Tunnel Marking
• 1000 class maps per policy
• Policy Aggregator - multiple
service-fragment support within
one policy-map
• dVTI: QoS for low speed access:
PBR + dual tunnels
© 2011 Cisco and/or its affiliates. All rights reserved. 18
Medianet
• Passive RTP & TCP-based
measurements
• Video-related stats (RTP
jitter, RTT, application
packet rates)
• Mediatrace
• Reporting of stats over FNF
• Cisco video monitoring MIB
Security- Threat Defense - Firewall
•TrustSec –
• SGT (Identity Firewall)
• Monitor Mode (Policy to pass &
log)
• FW Policy Integration (Security
ID Groups and Hierarchical
Classes)
•Nested Class Map
•Asymmetric Routing (FW/NAT)
•Out of Order (OOP) Handling - Disable
HTTP Check
AVC – Phase 2 • Classification over Virtual
Interface (VASI, IPSec, VTI,
GRE)
• Native IPv6 classification
• Support IPv6 protocols in MQC
• VRF Reporting
• Insight: Usage and transaction
based reports per Virtual
Interfaces
Security- Cyrpto • IPv6 over v4 GRE tunnel protection
• USGv6 Compliance Phase I
• IKEv2 + AnyConnect for FlexVPN
Security- Threat Defense - ALG
•ALGs:
• MSRPC
• SCCP v17
• SIP ALG Enhancements (SIP over TCP)
• FTP64 ALG
© 2011 Cisco and/or its affiliates. All rights reserved. 19
• PIM
• PIM BiDir
• IPv6 Multicast Routing
• IPv6 BSR
• MVPN
• MVPN Extranet
• Multicast NAT
• Multicast CAC
• MVPN NSF/SSO
• IGMPv2/v3
• Extended ACL for
Multicast
• IPv4 / IPv6 routing
• BGP, RIP, IS-IS, OSPF,
Static routes
• GRE
• MPLS LDP
• MPLS VPN
• Inter-AS & CsC
• MPLSoGRE
• MPLS TE FRR
• VRF-aware features
• CRoMPLS
• EoMPLS
• PW redundancy
• MLPPP
• GEC
• PBR
• Netflow (v5, v8, v9)
• BGP policy accounting
• BGP NSF
• BGP 4-byte AS (DOT)
• BGP PIC Core
• IPv4 selective Download
• Ethernet, POS, ATM
• GLBP, HSRP, VRRP
• IP event dampening
• BFD for IS-IS, OSPF, Static
(IPv4 & IPv6)
• WCCP
• 8000 eBGP/iBGP
• 4000 VRF
• BGP PE-CE Opt.
• mVPN
• Half-duplex VRF
• BGP Pic Best External
• IPv4 over IPv6 Tunnels
• PfR
• L2TPv3
• HQF support
• 2PQs, 128K queues
• MQC: classification, marking, action
• Egress traffic shaping
• dual/single rate 3 color policing
• 4K policy Maps
• 256 class Maps
• 4-level hierarchical scheduling
• Bandwidth remaining ratio
• Policies aggregation
• ATM shaping per VP/VC
• Egress classification on QoS group
• ATM service policies (VP/VC)
• NBAR
• FPM
Routing &
MPLS & L2
(IPv4 / IPv6)
Multicast
LAC& PTA (v4 & v6) –
PPPoE, PPPoEoQinQ,
PPPoEoA & PPPoA
LNS (v4 & v6)
L2TS
ISG v4: PPP & IPoE - TC,
Prepaid, PBHK, L4R etc)
ISGv6: Dual stack PPP
sessions (PTA & LNS);
IPv6oE (unclassified IP)
BB HA: PPP, AAA, L2TP,
DHCPv4 & v6, QoS
Accounting, AAA
accounting, Radius-based LI
ISG HA: Dual-stack PPP,
IPoE (IPv4 only)
DHCP Relay & Server (vrf
aware)– v4 & v6
RA-MPLS-IPv4 & IPv6(LNS &
vrf-lite)
Per-session Firewall (PPP)
4-level Hierarchical QoS
ANCP + ANCP values to LN
& HA
Dynamic QOS Policy Control
(Service Template)
PPPoE Server Selection
(Stateless Cluster)
Service Accounting (Turbo
Button)
LI (SNMP, RADIUS, Circuit-
id)
QoS accounting – QoS stats
included in AAA records
accounting records.
Per-session PBR (max 1K
sessions)
IPv4 & IPv6 Template ACL
for BB Scaling
NAT44 and NAT64, 6rd
MLPPPoE & MLPPPoA
(single link-LFI)
PPPoE client
Broadband
QoS
© 2011 Cisco and/or its affiliates. All rights reserved. 20
• Config Synch
• SNMP, ARP, NAT
•Stateful IS-IS
• IPv6
• FR, PPP, MLPPP, HDLC,
VLAN
• DHCPv4/v6
• IPSec
•MPLS, MPLS-VPN, LDP,
VRF-lite
• hardware assisted IPSec
• IPSec VPN 3DES/AES
• DMVPN
• GETVPN
• Zone-based Firewall
• NAT
• RTSP Firewall ALG
• Control Plane Policing
• FIPS compliance
• IPv6 IPSec static VI
• VRF-aware zone-based
Firewall
• VRF-aware NAT
• DMVPN Hierarchical Hub
• VRF-aware IPSec
• VRF-aware Zone-based FW
• LAN Management Solution
• Cisco Information Center
• QoS Policy Manager
• IP Solution Center
• MPLS Diagnostics Expert
• Netflow Collector
• Cisco Security Manager
• Cisco Multicast Manager
• Traffic Engineering Manger
• MPLS LSP Ping / Traceroute
• MIBs
• SNMP
• Syslog
• VRF-aware NF
• Distributed and Integrated
SBC
• Topology Identity hiding
• DoS Protection
• Pinhole/filter control
• SIP Signaling/latching
• NAPT
• Megaco/H.248
• Flow-based QoS control
• DBE control interface
H.248, V4 transport, UDP,
TCP, etc
• Twice NAT for IPv4
• No NAT for IPv6
• H.248 ACK 3-way
• H.248 interim accounting
• SIP-H.323, H.323-H.323
• Flexible header
manipulation
• Privacy Header
• Signaling congestion
control
• IPv6 support
• SBC Endpoint switching
Security
SBC
HA
Network
Management
© 2011 Cisco and/or its affiliates. All rights reserved. 21
• ASR 1000 designed with QoS throughout system architecture from ingress to egress
• QFP Traffic Manager has full visibility into the packet
Enables sophisticated QoS processing, including DPI
• QFP ASIC embodies state-of-the art egress QoS
5+ levels of scheduling
128K user queues
Priority propagation & dual priority queues
3-parameter scheduling
• All interconnects allow for high/low priority queues
Xon-Xoff used to backpressure
• Scheduler exhibits industry-leading accuracy
ASR 1000 Traffic Manager
EF
AF1
AF4
VLAN
Physical Interface
Physical Interface
SIP
default
EF
AF1
AF4
default
VLAN
© 2011 Cisco and/or its affiliates. All rights reserved. 22
ASR 1006
• ASR 1000 offers fantastic HA support
Redundant ESP / RP on ASR 1006 and ASR 1013
Software Redundancy on ASR 1001, ASR 1002, ASR 1004
• Zero packet loss on RP Fail-over!
• Full support for ISSU
• Intra-chassis SSO support for
Configuration
Protocols: FR, ML(PPP), HDLC, VLAN , IS-IS, BGP, CEF, SNMP, MPLS, MPLS VPN, LDP, VRF-lite
Stateful features: PPPoX, AAA, DHCP, IPSec, NAT, Firewall
• IOS XE also provides full support for Network Resiliency
NSF/GR for BGP, OSPFv2/v3, IS-IS, EIGRP, LDP
IP Event Dampening
BFD (BGP, IS-IS, OSPF)
GLBP, HSRP, VRRP
• Stateful inter-chassis redundancy available for NAT, Firewall, SBC
Active
Forwarding
Processor
Active
Route
Processor
Standby
Route
Processor
Standby
Forwarding
Processor
SPA Carrier Card
SPA SPA
SPA SPA
SPA Carrier Card
SPA SPA
SPA SPA
SPA Carrier Card
SPA SPA
SPA SPA
Zero
Packet
Loss
RP fails
HW or SW
Standby
Becomes
Active
© 2011 Cisco and/or its affiliates. All rights reserved. 23
• Support for Any-transport-over-MPLS, including EoMPLS
Port/VLAN/.1q modes with interworking and local switching!
• Support for EVC infrastructure VLAN tags (single, double, ambiguous)
Untagged traffic
Unclassified traffic (default)
802.1ad S-VLANs
Custom EtherType (eg. IPv4/v6, PPPoE Discovery, PPPoE Session)
CoS (802.1p bits)
• Flexible EVC forwarding services
• OTV support Including Multihoming with per VLAN load-balancing and VM Mobility, MAC moves from one site to another
• VPLS Support
• Ethernet OAM Support
EVC Infrastructure
EFPs
Ports
MP
LS
BD BD L2 Interworking
ATM/FR EFPs
BD Subintf
BD L2 VFI
L3/VRF Routed
Pseud
o
wire
Pseud
o
wire
Pseud
o
wire
Available TBD
L2 MP Bridging
connect
(hair-pin)
connect
xconnect
© 2011 Cisco and/or its affiliates. All rights reserved. 24
• ESP-embedded Crypto ASIC enables high-performant encryption services
Up to 11 Gbps with ESP40
Up to 8000 site-site IPSec CM tunnels
Up to 4000 sVTI, dVTI, GRE/TP tunnels
• QFP processing-to-completion using the FIA allows for IPSec computation in combination with other features (QoS, MPLS, GRE…)
• Remote-access, site-to-site VPN services
GETVPN, DMVPN, Easy VPN w/ or w/o dVTI
• VASI
Enables services such as FW/NAT to be applied to traffic going across different VRFs
• VRF-aware IPSec
With Dynamic crypto maps or dVTI
MPLS VPN or IEEE 802.1q
• Multi-SA for dVTI to enable connection with non-Cisco VPN routers
Enables simple migration from crypto-maps to VTI
• IKEv2 Site to site VPN & Windows client support
support for VPN mobility extension
Including Remote access VPN with Windows native clients
• IPV6 support: IPv6oIPv4/GRE with encryption, v6 sVTI, VASI, NAT64, ACLs, USGv6 compliance (phase 1)
GigabitEthernet0/2/0VRF Blue
VasiLeft1VRF Blue
VasiRight1VRF Red
GigabitEthernet0/3/0VRF Red
1
2 3 4
© 2011 Cisco and/or its affiliates. All rights reserved. 25
• ASR 1000 Architecture ideally suited to perform deep-packet inspection
QFP has full visibility into each packet payload
• DPI enabled via the Application Visibility and Control (AVC) infrastructure
NBAR2 + Reporting + FNF
• NBAR2 allows classification of over 900 applications
Integrated into MQC infrastructure
Allows QoS control at the application level
• Insight reporter offers
GUI for application reports (interface / system)
Top talkers
Top applications
Usage trends
On-line monitoring
Etc.
Class-map match-all business-critical match protocol citrix match access-group 101 class-map match-any browsing match protocol attribute category browsing class-map match-any internal-browsing match protocol http url “*myserver.com*”
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Overlay Transport Virtualization
Interconnecting Data Center with MAC routing (NO MPLS)
Ethernet traffic (frames) between sites is encapsulated in IP: “MAC in IP”
Dynamic encapsulation based on MAC routing table
Unlike EoMPLS or VPLS, no Pseudo-Wire or Tunnel state maintained
West
Site
East
Site
OTV OTV
VLAN MAC IF
100 MAC1 Eth1
100 MAC2 IP B
100 MAC3 IP B
IP A IP B
Encap Decap
Ethernet Frame IP packet Ethernet Frame Ethernet Frame
VLAN MAC IF
100 MAC1 IP A
100 MAC2 Eth 1
100 MAC3 Eth 2
Communication between MAC1 (West) and MAC2 (East)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
• Cat6k running VPLS connects to ASR1K via L2 internal link and uses ASR1K as OTV/DCI gateway to get to N7K. VPLS and OTV domains are connected. Deployed at one site.
N7k OTV
ASR1k
OTV L1/L2/L3 Service
Cat 6k
VPLSoGRE
Cat 6k
VPLSoGRE
Plain L2
Internal to the site
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
•LISP Virtualization Features supported on ASR1K in 3.5S release:
LISP Ingress Tunnel Router /Egress Tunnel Router
LISP Proxy Ingress Tunnel Router /Proxy Egress Tunnel Router
LISP Map server/Map Resolver
Nine EID/RLOC Combinations supported
-IPv4 EID / IPv4 RLOC
-IPv4 EID / IPv6 RLOC
-IPv4 EID / IPv4 & IPv6 RLOCS
-IPv6 EID / IPv4 RLOC
-IPv6 EID / IPv6 RLOC
-IPv6 EID / IPv4 & IPv6 RLOCS
-IPv4 & IPv6 EID / IPv4 RLOC
-IPv4 & IPv6 EID / IPv6 RLOC
-IPv4 & IPv6 EIDS / IPv4 & IPv6 RLOCS
IPv4 / IPv6 ACL with LISP
NAT with LISP
Net flow with LISP
QOS with LISP (Only Classification and Marking)
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
ITR Map Cache 10,000
PITR Map Cache 100,000
ETR Database Mapping 10
Map Resolver 10K BGP Routes
Announced by MS
Map Server 100K BGP LISP Routes
VRFs on xTR or PxTR 250
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
• LISP is completely open
Started in the IRTF
Currently has an IETF working group
No known IPR
• 100s of Researchers and Operators Contributed to Design
• Multiple Vendors Interested
• Pilot Network up for nearly 4 years
121 nodes in 25 countries
• Building a LISP-MN Pilot Network
Testing server capabilities on Android phones
Experimenting new mapping database systems and security mechanisms
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Locator/ID split enables other (more important) benefits…
Internet
Device IPv4 or IPv6
address represents
identity and location
x.y.z.1
When the device moves, it
gets a new IPv4 or IPv6
address for its new identity
and location
w.z.y.9
Device IPv4 or
IPv6 address
represents
identity only
When the device moves,
keeps its IPv4 or IPv6
address.
It has the same identity
Internet
a.b.c.1
e.f.g.7
Only the location changes
x.y.z.1
x.y.z.1
Today’s Internet Behavior
LISP Behavior
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Prefix Next-hop w.x.y.1 e.f.g.h
x.y.w.2 e.f.g.h
z.q.r.5 e.f.g.h
z.q.r.5 e.f.g.h
MS
ITR
PTR
ETR
ETR
Non-LISP
EID Space
EID Space
RLOC Space
EID RLOC a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
EID RLOC a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
EID RLOC a.a.a.0/24 w.x.y.1
b.b.b.0/24 x.y.w.2
c.c.c.0/24 z.q.r.5
d.d.0.0/16 z.q.r.5
Map DB
EID (Endpoint Identifier) is the host IP address
Creates a “Level of indirection” by using two namespaces – EID and RLOC
RLOC (Routing Locator) is the infrastructure IP address of the LISP router
Mapping Database (M-DB) is the distributed database and policy repository
Network-based solution
No host changes
Minimal configuration
No DNS changes
Address Family agnostic
Incrementally deployable (support LISP and non-LISP)
Support for mobility
LISP – A Level of Indirection for IP Addressing
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
IPv6 Transition Support
v6-over-v4, v6-over-v6
v4-over-v6, v4-over-v4
IPv4
Internet
IPv6
Internet
v6
v6 v4 v6
LISP
router LISP
router
v6
services
VM-Mobility
Cloud / Layer 3 VM
moves
Segmentation
Data
Center 1
Data
Center 2
a.b.c.1
VM
a.b.c.1
VM
VM move
LISP
router LISP
router
Internet
VPNs and Segmentation
Over-the-Top
Multi-tenency
HQ LISP
Site
Internet
Data
Center User
Network
Remote
LISP Site Remote
LISP Site Remote
LISP Site
Remote
LISP Site . . 10k . .
Efficient Multi-Homing
IP Portability
Ingress Traffic Engineering without BGP
LISP
routers
LISP
Site
Internet
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Routing
• BGP Graceful shutdown
• IPv6 access lists to filter
hop-by-hop protocol
• OSPFv3 Vrf-lite CE-PE
• eBGP+NSR scale – 3k
SPA
•2xCHT3-CEoP SPA - Circuit
Emulation support
SIP40 combinations
• ESP10, ESP20, RP1, RP2
combinations
HA
• BFD: Multihop, 1000
peers,GEC, EIGRP IPv6
• GRE HA
• NSR for MP-iBGP
• BGP NSR/SSO without
route refresh
Target FCS: Mar 2012
BNG
• Per-session NAT (PPP)
• MLPPPoE (multilink-8) –
PTA&LNS
• ISGv6
• Native session
downstream passthrough
• Bi-directional Idle timeout
MSE
• MPLS TE-FRR: Auto-tunnel
(Mesh groups), CBTS, FRR
LP Prefix independent
• VPLS/EoMPLS: Routed
Pseudowire support
• GEC support for PW
• EOAM + Y.1731
• AToM: ATM-FR interworking,
FR-FR local switching
• ATM: VC bundling
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
IPv6 Firewall Ph 1
• Dual-Stack IPv4/IPv6 L4 Inspection
• v6 Network-v4 Internet v6 Network-v4
Network
• v6 Network-v6 Network
• Intra-chassis HA
• v4 level scale, perf
• Syslog, Netflow
• MIBs, NAT64
• DDOS-all v4 level protection
Security
• RSA E-Token 64k support for cert,
configuration etc.
• DMVPN per-tunnel/SA QoS
• Scale up to 2K tunnels
• Physical interface shaping + DMVPN
Service Policy
• GETVPN Key Server Support
Medianet
• Performance Monitoring - IPv6 support
• Transport packet out-of-order counter
Target FCS: Mar 2012
CUBE-SP
• H.323 v5 support
CUBE-ENT
• Voice code componentization
• Conditional header manipulation of SIP headers
• Mid-call Re-INVITE support
• Inbound dial-peer match by remote IP address
• Support for SIP UPDATE message per RFC 3311
• Session Time Support
• ASP/NR (CUBE ASR1k)
• PCM Capture (CUBE ASR1k)
• VQ Stats (CUBE ASR1k)
NBAR2 •MGRE MQC, PPPoE, PPPoA & L2TP (LNS) support
Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. 36
© 2011 Cisco and/or its affiliates. All rights reserved. 37
Cross Architecture
Support- Seamless
Interconnect with
Service Provider
Services
Best in Class
Availability
and
Resiliency
Best in Class ASIC
Technology
Support for
Service Provider
IP NGN
Architecture and
Enterprise
Borderless
Network,
Collaboration and
Data Center
Architectures
Enterprise IOS
Features with Modular
OS and Software
Redundancy or
Hardware Redundancy
and ISSU
Quantam Flow
Processor (QFP)
Thank you.