You are on page 1of 116

2012 Cisco and/or its affiliates. All rights reserved.

BRKARC-2001 Cisco Public


Cisco ASR 1000 System & Solution
Architectures
BRKARC-2001
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Session Abstract
BRKARC-2001
Many Service Provider and Enterprise customers are looking to converge their network edge architectures. On the Service Provider side,
firewall, security or deep-packet inspection functionality is being integrated into Provider Edge or BNG systems. Similarly, on the Enterprise
side multiple functionalities are activated in a converged WAN edge router, thus yielding operational savings and efficiencies. The Cisco ASR
1000 takes this convergence to the next level. Based on the Cisco Quantum Flow Processor, the ASR 1000 enables the integration of voice,
firewall, security or deep packet inspection services in a single system, with exceptional performance and high-availability support. The
processing power of the Quantum Flow Processor allows this integration without the need for additional service modules. This technical
seminar describes the system architecture of the ASR 1000. The different hardware modules (route processor, forwarding processor, interface
cards) and Cisco IOS XE software modules are described in detail. Examples of how different packets flows traverse and ASR 1000 illustrate
how the hard and software modules work in conjunction. The session also discusses the expected performance characteristics in converged
service deployments. Particular attention is also given to sample use cases on how the ASR 1000 can be deployed in different Service Provider
and Enterprise architectures in a converged services role. The session is targeted for network engineers and network architects who seek to
gain an in-depth understanding of the ASR 1000 system architecture for operational or design purposes. Attendees from both the Service
Provider as well as Enterprise market segments are welcome.
3
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Glossary
AAA Authentication, authorization and Accounting DSLAM Digital subscriber Line Access Multiplexer
ACL Access Control List DST Destination
ACT Active; referring to ESP or RP in an ASR 1006 EF Expedited Forwarding (see also DSCP)
AF1 Assured Forwarding Per Hop behaviour class 1 EOBC Ethernet out-of-band control channel on the ASR 1000
AF2 Assured Forwarding Per Hop behaviour class 2 ESI Enhanced SerDes Interface
AF3 Assured Forwarding Per Hop behaviour class 3 ESP Embedded Services Processor on the ASR 1000
AF4 Assured Forwarding Per Hop behaviour class 4 FECP Forwarding Engine (ESP) Control Processor
ALG Application Layer Gateway FH Full Height (SPA)
ASR As in ASR1000; Aggregation Services Router FIB Forwarding Information Base
B2B Business to Business in the context of WebEx or Telepresence FM Forwarding Manager
BB Broadband FPM Flexible Packet Matching
BGP Border Gateway Protocol FR-DE Frame Relay Discard Eligible
BITS Building Integrated Timing Supply FW Firewall
BNG Broadband Network Gateway GigE Gigabit Ethernet
BQS Buffer, Queuing and Scheduling chip on the QFP GRE Generic Route Encapsulation
BRAS Broadband remote Access Server HA High Availability
BW Bandwidth HDTV High Definition TV
CAC Connection Admission Control HH Half-height (SPA)
CCO Cisco Connection Online (www.cisco.com) HQF Hierarchical Queuing Framework
CDR Call Detail Records H-QoS Hierarchical Quality of Service
CF Checkpointing Facility HW hardware
CLI Command Line Interface I2C Inter-Integrated Circuit
CM Chassis Manager IOCP input output Control Processor
CPE Customer Premise Equipment IOS XE Internet Operating system XE (on the ASR 1000)
CPU Central Processing Unit IPC Inter-process communication
CRC Cyclic Redundancy Check IPS Intrusion Prevention System
Ctrl Control ISG Intelligent Services Gateway
DBE Data Border Element (in Session Border Controller) ISP Internet Service Provider
DMVPN Dynamic Multipoint Virtual Private Network ISSU In-service software upgrade
DPI Deep Packet Inspection L2TP CC Layer 2 Transport Protocol Control connection
DSCP Diffserv Code Point (see also AF, EF) LAC L2TP access concentrator
4
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Glossary
LNS L2TP network Server QoS Quality of Service
MFIB Multicast FIB RACS Resource and admission control subsystem
mGRE multipoint GRE RA-MPLS Remote access into MPLS
MPLS Multiprotocol label switching RF redundancy facility (see also CF)
MPLS-EXP MPLS Exp bits in the MPLS header RIB routing information base
MPV Video RP Route processor
MQC Modular QoS CLI RP1 1st generation RP on the ASR 1000
mVPN multicast VPN RP2 2nd generation RP on the ASR 1000
NAPT Network address port translation RR Route reflector
NAT network address translation RU rack unit
NBAR network based application recognition SBC session border controller
Nr receive sequence number (field in TCP header) SBE signaling border element (of an SBC)
Ns send sequence number (field in TCP header) SBY standby
Nr receive sequence number (field in TCP header) SDTV standard definition TV (see also HDTV)
NF Netflow
NSF non-stop forwarding SIP Session initiation protocol
OBFL on board failure logging SPA shared port adapter
OIR online insertion and removal SPA SPI SPA Serial Peripheral Interface
OLT optical line termination SPV Video
P1 Priority 1 queue SRC Source
P2 priority 2 queue SSL Secure Socket Layer
PAL Platform Adaption layer (middleware in the ASR 1000) SSO stateful switch over
PE Provider Edge SW software
POST Power on self test TC traffic class (field in the IPv6 header)
POTS Plain old telephony system TCAM Ternary content addressable memory
PQ priority queue TOS Type of service (field in the IPv4 header)
PSTN public switched telephone network VAI virtual access interface
PTA PPP termination and aggregation VLAN virtual local area network
PWR power VOD video on demand
QFP Quantum Flow Processor VTI virtual tunnel interface
QFP-PPE QFP packet Processing elements WAN wide area network
QFP-TM QFP traffic Manager (see also BQS) WRED weighted random early discard
3
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Cisco Cloud Intelligent Network
Delivering Optimal Experience, Pervasive Security, and Simplified Operations
8ranch rlvaLe/ubllc/Pybrld
ManagemenL and ollcy
Web
SecurlLy
Cloud
SLorage

Collaborauon
SurvlvablllLy

Cloud ConnecLors
Cloud-8eady neLwork Servlces
V|s|b|||ty Cpnm|zanon Co||aboranon App nosnng Secur|ty
Cloud-8eady lauorms
CS
Campus / uaLa CenLer Cloud
ISR G2 ASR 1K
CSR 1KV
8ranch Cmce

3
rd
arLy
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Optimal Experience
8ranch/user
rlvaLe
WAn/lnLerneL
rlvaLe/ubllc/Pybrld
lS8 C2
1radluonal uC
AvC, WAAS, f8
WAAS /
vWAAS
ISk G2-unled branch wlLh wlred/
wlreless WAn and lnLegraLed servlces
ASk 1000-WAn aggregauon up Lo
100Cbps, wlLh modular upgrades
CSk 1000v-llexlble vlrLual form facLor for
cloud deploymenLs
n|gh-erformance,
n|gh- Ava||ab|||ty |auorms
AVC-Cranular appllcauon vlslblllLy,
response ume, and SLA managemenL
WAAS-8andwldLh opumlzauon and
accelerauon for apps, vldeo & vul
fk-Cpumal paLh selecuon based on
performance & pollcy
App||canon V|s|b|||ty, Contro|,
and Cpnm|zanon
UC Gateways-Al conLrol and volce
quallLy enhancemenL for 1uM & Sl
CML]L-SkS1-8ranch opumlzed call
conLrol and enhanced survlvablllLy
nCS Connector-volce survlvablllLy for
PosLed Collaborauon Servlces
Lmc|ent k|ch
Med|a Co||aboranon
PCS
ConnecLor
AS8 1000
Cu8L
CML/
S8S1

CS8
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Ethernet
WAN and Provider
Edge Services
Voice and
Video
Services
(CUBE)
Security Services
(Firewall, VPN,
Encryption)
Multi-Service, Secure
WAN Aggregation
Services
Key Next Generation Cloud Services
ASR1000 Integrated Services Router
Application
Performance Services
(AVP, PfR)
Best in Class
Availability
Enterprise IOS Features
with Modular OS and
Software Redundancy or
Hardware Redundancy
and ISSU
Best in Class ASIC
Technology
Quantum Flow Processor
(QFP) for high scale services
and sophisticated QoS with
minimum performance impact
8
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Agenda
! Introducing the ASR1000
! ASR1000 System Architecture
! ASR 1000 Building Blocks
! ASR 1000 Software Architecture
! ASR 1000 Packet Flows
! QoS on the ASR 1000
! High-Availability on the ASR 1000
! Performance Data
! Use Cases
! ASR 1000 as a Cloud Services Router
! ASR 1000 for IPSec VPN
! ASR 1000 for DCI Applications
9
Introducing ASR1000
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Instant On
Service Delivery
Introducing Cisco ASR 1000 Series Routers
Compact,
Powerful Router
Business-Critical
Resiliency
ASR 1002
ASR 1004 ASR 1006
One IOS-XE Feature Set
2.510
Gbps
10-40
Gbps
10-100+
Gbps
! Integrated firewall, VPN,
encryption, NBAR, CUBE
! Scalable on-chip service
provisioning through
software licensing
! Fully separated control and
forwarding planes
! Hardware and software
redundancy
! In-service software upgrades
! Line-rate performance 2.5G to
100G+ with services enabled
! Hardware based QoS engine
with 128K queues
! Investment protection with
modular engines, IOS CLI and
SPAs for I/O
ASR 1001
2.5 -5
Gbps
10-360
Gbps
ASR 1013
11
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Where the ASR 1000 Fits
ASR 1000
P
e
r
f
o
r
m
a
n
c
e

a
n
d

S
c
a
l
a
b
i
l
i
t
y

7200 Series
ISR Series
7600 Series
ASR 9000
20 360GB Per System
Broadband
Route Reflector
Distributed PE
Hosted Firewall
IP Sec
SBC/VoIP
DPI
40G per Slot
Carrier Ethernet
IP RAN
SBC/VoIP
Broadband
Vidmon (Video Monitoring)
200G per Slot
Carrier Ethernet
+ BNG
IP RAN
L2/L3 VPNs
Vidmon
Managed L2 / L3 VPNS Integrated Security
Application Recognition
Enterprise Edge / DC
Service Provider Edge Routers
M
i
g
r
a
t
i
o
n

12
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
!"#$
Corporate

HGW
&$'("$)*$
+,'()$''
-./(0$ 1,/'*2(/$2
CL
&&
314
- 5(#6 17$$" 84! - +9:;444<!= 34.!
- >?8= 4@?= 31:
- 341$* ?##2$#AB.2
- C.34 1+8
- 4! D>EC49 4!F
- >91
- &.,B$ &$G$*B.2
- 3)B$2)$B 4$$2()#
CHI @C 134
8.)B$)B JA2K
+9:
341$*
1+8
4!
Access &
Aggregation
ETTx
OLT
xPON
xDSL
DSLAM
Wireless
Wireline
WiMAX
Cable
DOCSIS
M-CMTS
>91
34L-4>1 8.2$
?
>M@4 @,))$0
4$$2()#
ASR 1000 in Service Provider IP Next Generation
Network
13
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
1$*,2$ N?9 ?##2$#AO.)
Corporate

HGW
&$'("$)*$
+,'()$''
-./(0$ 1,/'*2(/$2
- 5(#6 17$$" 84!
- 5(#6;$)" +2A)*6
- N?9 ?##2$#AO.)
- 341$*
- 3)B$2)$B :AB$PAQ
- IABA 8$)B2$ 3)B$2*.))$*B
- 80.,"
- 3)B$2)$B
?
4$$2()#
Enterprise Deployment Scenarios
IABA 8$)B2$
3)B$2)$B
80.," 42.R("$2
3)B$2)$B
!"#$
I83
80.,"
1R*'
341$*
341$*
341$*
WAn Aggregauon
Plgh Lnd
8ranch
uCl
lnLerneL CaLeway
Secure WAn
CL
Cloud
14
ASR1000 System Architecture
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 Series Building Blocks
ESI, (Enhanced Serdes) 11.5Gbps
SPA-SPI, 11.2Gbps
HyperTransport, 10Gbps
Route
Processor
(standby)
RP
Interconn.
Embedded Services
Processor
(active)
FECP
Interconn.
QFP
subsys-
tem
Crypto
assist
Embedded Services
Processor
(standby)
FECP
Interconn.
QFP
subsystem Crypto
assist
SPA SPA
IOCP
SPA
Agg.

Interconn.
SPA SPA
IOCP
SPA
Agg.

Interconn.
SPA SPA
IOCP
SPA
Agg.

Interconn.
Passive Midplane
Route
Processor
(active)
RP
Interconn.
! Route Processor (RP)
Handles control plane traffic
Manages system
! Embedded Service Processor (ESP)
Handles forwarding plane traffic
! SPA Interface Processor (SIP)
Shared Port Adapters provide
interface connectivity
! Centralized Forwarding Architecture
All traffic flows through the active ESP, standby is
synchronized with all flow state with a dedicated 10-Gbps
link
! Distributed Control Architecture
All major system components have a powerful
control processor dedicated for control and
management planes
16
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 Data Plane Links
ESI, (Enhanced Serdes) 11.5Gbps
SPA-SPI, 11.2Gbps
HyperTransport, 10Gbps
Route
Processor
(standby)
RP
Interconn.
Embedded Services
Processor
(active)
FECP
Interconn.
QFP
subsys-
tem
Crypto
assist
Embedded Services
Processor
(standby)
FECP
Interconn.
QFP
subsystem Crypto
assist
SPA SPA
IOCP
SPA
Agg.

Interconn.
SPA SPA
IOCP
SPA
Agg.

Interconn.
SPA SPA
IOCP
SPA
Agg.

Interconn.
Passive Midplane
Route
Processor
(active)
RP
Interconn.
! Enhanced SerDes Interconnect (ESI) links high speed
serial communication
! ESIs can run at 11.5Gbps or 23Gbps
! ESIs run over midplane and carry
Packets between ESP and the other cards (SIPs, RP and other ESP)
Network traffic to/from SPA SIPs
Punt/inject traffic to/from RP (e.g. network control pkts)
State synchronization to/from standby ESP
! Two ESIs between ESPs and to every card in the
system
! Additional full set of ESI links to/from standby ESP (not
shown)
! CRC protection of packet contents
! ESP-10G: 1 x 11.5G ESI to each SIP slot
! ESP-20G: 2 x 11.5G ESI to two SIP slots; 1 x 11.5G to
third SIP slot
! ESP-40G: 2 x 23G ESI to all SIP slots
17
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 Control Plane Links
! Ethernet out-of-band Channel (EOBC)
! Run between ALL components
! Indication if cards are installed and ready
! Loading images, stats collection
! State information exchange for
L2 or L3 Protocols
! I
2
C
! Monitor health of hardware components
! Control resets
! Communicate active/standby, Real time
presence and ready indicators
! Control the other RP (reset, power-down,
interrupt, report Power-supply
status, signal ESP active/standby)
! EEPROM access
! SPA control links
! Run between IOCP and SPAs
! Detect SPA OIR
! Reset SPAs (via I
2
C)
! Power-control SPAs (via I
2
C)
! Read EEPROMs
SPA SPA
IOCP
SPA
Agg.

Interconn.
SPA SPA
IOCP
SPA
Agg.

Interconn.
SPA SPA
IOCP
SPA
Agg.

Interconn.
Route
Processor
(Standby)
Route
Processor
(active)
Forwarding
Processor
(Standby)
FECP
Interconn.
QFP
subsys-
tem
Crypto
assist
Forwarding
Processor
(active)
FECP
Interconn.
QFP
subsys-
tem
Crypto
assist
Midplane
RP RP
GE, 1Gbps
I
2
C
SPA Control
SPA Bus
18
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 Systems
ASR1001 ASR 1002 ASR 1004 ASR 1006 ASR 1013 ASR 1002-X
SPA Slots 1-slot 3-slot 8-slot 12-slot 24-Slot 3-slot
ESP Slots Integrated 1 1 2 2 Integrated
RP Slots Integrated Integrated 1 2 2 Integrated
SIP slots Software Integrated 2 3 6 Integrated
Redundancy Software (IOS) Software (IOS) Software (IOS) Hardware Hardware Software (IOS)
Built-in GE 4 4 N/A N/A N/A 6
Height 1.75 (1RU) 3.5 (2RU) 7 (4RU) 10.5 (6RU) 22.7 (13RU) 3.5 (2RU)
Bandwidth 2.5 to 5 Gbps 5-10 Gbps 10-20 Gbps 10-40 Gbps 40+ Gbps 5G-36G
Maximum
output Power
400W 470W 765W 1275W 3200W 470W
For Your
Reference
19
ASR100 Building Blocks:
Under the Hood
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 Series SPA Interface Processor
! Physical termination of SPA
! 10 or 40 Gbps aggregate throughput options
! Supports up to 4 SPAs
! 4 half-height, 2 full-height, 2 HH+1FH
! full OIR support
! Does not participate in forwarding
! Limited QoS
! Ingress packet classification high/low
! Ingress over-subscription buffering (low priority)
until ESP can service them.
! Up to 128MB of ingress oversubscription buffering
! Capture stats on dropped packets
! Network clock distribution to SPAs, reference selection from SPAs
! IOCP manages Midplane links, SPA
OIR, SPA drivers
SIP10 and SIP40
21
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 SIP40 and SIP10
! Sustained throughput of 40Gbps vs 10Gbps for SIP10
! Different ESI modes depending on the ESP being used (1x10G vs 2x20G)
! Packet classification enhancements to support more SPAs (e.g. PPP, HDLC, FR, ATM)
! Support for more queues (96 vs 64), allows up to 12 Ethernet ports per half-height SPA
! 3-level priority scheduler (Strict, Min, Excess) vs 2-level (Min, Excess)
! Addition of per-port and per-VLAN/VC ingress policers
! Network clocking support
! DTI clock distribution to SPAs
! Timestamp and clock distribution
! Packet latency measurement and statistics
Major Functional Differences
22
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ICC
8oot I|ash
(C8IL, .)
Memory
Chass|s Mgmt.
8us
RPs RPs



Ingress
c|ass|her
Ingress
Schedu|er
Lgress
8uer
Status
GE, 1Gbps
I
2
C
SPA Control
SPA Bus
ESI, 11.5 or 23Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
4 SPAs 4 SPAs

Ingress Buffers
(per port)

Egress Buffers
(per port)
To ESPs
4 SPAs
C2W
Network
clock
distribution
Input reference
clocks
Network
clocks
4 SPAs 4 SPAs
RPs RPs
SPA
Aggregation
ASIC
Card
lnfrasLrucLure
SIP40 Block Diagram
128MB Ingress
Buffering
8MB Egress
Buffering
Network/Interface
Clock Selection
ESI Links:
2x 20G to each ESP
(2x10G for SIP10)
IO Control
(IOCP)
Processor
Complex
HW-based
3-prlorlLy Scheduler
SLrlcL, Mln, Lxcess
Sl10: Mln, Lxcess only
RPs
Output
reference
clocks
Enhanced Classifier
(, PuLC, A1M, l8)
23
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Shared Port Adapters (SPA) and SFPs
Optics
SFP-GE-S
SFP-GE-L
SFP-GE-Z
SFP-GE-T
CWDM
XFP-10GLR-OC192SR
XFP-10GER-OC192IR
XFP-10GZR-OC192LR
GLC-GE-100FX
GLC-BX-U
GLC-BX-D
Channelized
SPA-8XCHT1/E1
SPA-2XCT3/DS0
SPA-4XCT3/DS0
SPA-1XCHSTM1/OC3
SPA-1xCHOC12/DS0
ATM SPA
SPA-1XOC3-ATM-V2
SPA-3XOC3-ATM-V2
SPA-1XOC12-ATM-V2
SPA-1CHOC3-CE-ATM
SPA-2CHT3-CE-ATM
SPA-24CHT1-CE-ATM
Optics
SFP-OC3-MM
SFP-OC3-SR
SFP-OC3-IR1
SFP-OC3-LR1
SFP-OC3-LR2
SFP-OC12-MM
SFP-OC12-SR
SFP-OC12-IR1
SFP-OC12-LR1
SFP-OC12-LR2
SFP-OC48-SR
SFP-OC48-IR1
SFP-OC48-LR2
XFP-10GLR-OC192SR
XFP-10GER-OC192IR
XFP-10GZR-OC192LR
Serial / POS
SPA-4XT-Serial
SPA-2XT3/E3
SPA-4XT3/E3
SPA-2XOC3-POS
SPA-4XOC3-POS
SPA-8XOC3-POS
SPA-1XOC12-POS
SPA-2XOC12-POS
SPA-4XOC12-POS
SPA-8XOC12-POS
SPA-1XOC48POS/RPR (POS mode)
SPA-2XOC48POS/RPR (POS mode)
SPA-4XOC48POS/RPR (POS mode)
SPA-OC192POS-XFP (POS Mode)
Ethernet SPA
SPA-4X1FE-TX-V2
SPA-8X1FE-TX-V2
SPA-2X1GE-V2
SPA-5X1GE-V2
SPA-8X1GE-V2
SPA-10XGE-V2
SPA-1X10GE-L-V2
Service SPAs
SPA-WMA-K9
SPA-DSP
Clocking/Sync SPA
SPA-2X1GE-SYNCE
For Your
Reference
24
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 Maximum Interface Capacity
1RU 2RU 4RU 6RU 13RU Comment
# SPAs (single-
height)
1 3 8 12 24
10GE 1 3 8 12 24 1-port 10GE
GE 12 28 64 96 192
8-port GE SPA;2RU/1RU have 4
built-in GE ports
FE 8 24 64 96 192 8-port FE
STM-4 1 3 8 12 24 1-port STM4 POS
STM-1 4 12 32 48 96 4-port STM1 POS
T3/E3 4 12 32 48 96 4-port T3/E3
ChT3 @T1 112 336 896 1344 2688 4-port Channelized T3
ChT3 @DS0 1023 3069 8184 12276 24552 4-port Channelized T3
ChT1 / ChE1 @DS0 192/256 576/768 1536/2048 2304/3072 4608/6144 8-port Channelized T1/E1
V.35/X.21/EIA-232 4 12 32 48 96 4-port Serial (12in1)
ChSTM1 @ T3 / E3 3/3 9/9 24/24 36/36 72/72 1-port Channelized STM1
ChSTM1 @ T1 / E1 84/63 252/189 672/504 1008 / 756
2016 /
1512
1-port Channelized STM1
ChSTM1 @ DS0 1023 3066 8176 12264 24528 1-port Channelized STM1
STM-64 n.s. 1 4 6 12 1-port OC192 (double-height)
STM-16 4 12 32 48 96 4-port OC48
! hyslcal lnLerface Lermlnauon capaclues only
! Assumes all SA sloLs are lled wlLh Lhe respecuve SA
For Your
Reference
23
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Route Processors: RP1, RP2 and ASR1001 RP
! First Generation
! 1.5GHz PowerPC architecture
! Up to 4GB IOS Memory
! 1GB Bootflash
! 33MB NVRAM
! 40GB Hard Drive
! Second Generation:
! 2.66Ghz Intel dual-core architecture
! 64-bit IOS XE
! Up to 16GB IOS Memory
! 2GB Bootflash (eUSB)
! 33MB NVRAM
! Hot swappable 80GB Hard Drive
Two Generations of ASR1000 Route Processor

HDD Enclosure
RP1
RP2
26
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 Route Processor Architecture
Industrys Fastest Control Plane Processor
ESPs
CU Memory
2.S
nard d|sk
US8
Stratum-3 Network
clock circuit
Conso|e and
Aux
Mgmt
LNL1
GL Sw|tch
Output
clocks
Chass|s Mgmt
8us
8ootd|sk
Card Infrastructure
CPU
(1.5/2.66 GHz Dual-core)
Interconn.
SIPs ESPs RP SIPs RP ESPs Misc
Ctrl
nvram
8I1S
(|nput & output)
SIPs SIPs
Input
clocks
RP
ESI, 11.2Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
GE, 1Gbps
I
2
C
SPA Control
SPA Bus
! Manages all chassis functions
! Runs IOSwith over 2500 features!
RP1: 1GB
RP2: 2GB
33MB
Runs IOS, Linux OS
Manages board and
Chassis functions
IOS Memory: RIB, FIB &
Other Processes
Determines Route Scale
RP1: 4GB
RP2: 8 & 16GB
System Logging
Core Dumps
Not a traffic interface!
Mgmt only
27
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
New for
IOS XE 3.7S
(July 2012)
Route Processors - RP
ASR1001 with
integrated RP
RP1 RP2 ASR1002X
CPU
Dual-Core 2.2GHz Processor
General Purpose 1.5GHz
CPU
Dual-Core 2.66GHz
Processor
Quad-core 2.1GHz
Processor
Memory
4GB default (4x1GB)
8GB (4x2GB)
16GB maximum (4x4GB)
4GB default (2x2GB)
RP1 with 4GB built in
ASR1002
8GB default (4x2GB)
16GB maximum (4x4GB)
8GB default
16GB maximum
Built-in eUSB bootflash
8GB 1GB (8GB on ASR-1002) 2GB 8GB
Storage
External USB 40GB HDD & external USB
80GB HDD & external
USB
Up to 160GB HDD &
external USB
Cisco IOS XE Operating
System
64 bit 32 bit 64 bit 64 bit
Chassis Support
N/A
Integrated in ASR1002,
ASR1004 and ASR1006
ASR1004, ASR1006 &
ASR1013
N/A
For Your
Reference
28
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Embedded Services Processors (ESP)
! Centralized, programmable forwarding engine (i.e. QFP
subsystem) providing full-packet processing
! Packet buffering and queuing/scheduling (BQS)
! For output traffic to carrier cards/SPAs
! For special features such as input shaping, reassembly,
replication, punt to RP, etc.
! 5 levels of HQoS scheduling, 128K Queues, Priority Propagation
! Dedicated Crypto Co-processor
! Interconnect providing data path links (ESI) to/from other cards over
midplane
! Transports traffic into and out of the Cisco Quantum
Flow Processor (QFP)
! Input scheduler for allocating QFP BW among ESIs
! FECP CPU managing QFP, crypto device, midplane links, etc.
Scalable Bandwidth from 5Gbps to 100Gbps+
29
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
QoS Mark/Police
NAT sessions
IPSec SA
Netflow Cache
FW hash tables
Per session data
(FW, NAT, Netflow,
SBC)
QoS Queuing
NAT VFR re-assembly
IPSec headers
ILC
Card
Infrastructure
8oot I|ash
Memory
Interconn.
Chass|s Mgmt
8us
kt 8uer
DkAM
kesource
DkAM
Crypto
ks ks
ks LS SIs
1CAM4
Memory
rocessor poo|
L0
L0
L0
L1
L0
L0
L0
L6
L0
L0
L0
L2
L0
L0
L0
LS
L0
L0
L0
L3
.
L0
L0
L0
L40
L0
L0
L0
L4
8uer, queue, schedu|e (8S)
I
8uer, queue, schedu|e (8S)
8uer, queue, schedu|e (8S)
D|spatcher]
kt 8uer
PyperLransporL, 10Cbps
LSl, 11.2Cbps
SA-Sl, 11.2Cbps
CLher
CL, 1Cbps
l
2
C
SA ConLrol
SA 8us
ASR 1000 Forwarding Processor
Quantum Flow Processor Drives Integrated Services & Scalability
Class/Policy Maps: QoS, DPI, FW
ACL/ACE storage
IPSec Security Association class groups, classes, rules
NAT Tables
Runs Linux
Performs board management
Program QFP & Crypto
Stats collection
System Bandwidth
5, 10, 20 or 40 Gbps
Memory for FECP
QFP client / driver
OBFL
QoS Class maps
FM FP
Statistics
ACL ACEs copy
NAT config objects
IPSec/IKE SA
NF config data
ZB-FW config objects
NF: Netflow
ZBFW: Zone-based Firewall
FW: Firewall
SA: Security Association
VFR: Virtual Fragmentation Reassembly
OBFL: On-board Failure Logs
30
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1002 Block Diagram
ass|ve M|dp|ane
CU
Memory
2.S nard
d|sk
US8
Stratum-3 Network
clock circuit
Conso|e
and Aux
Mgmt
LNL1
GL Sw|tch
Output
clocks
Chass|s Mgmt
8us
8ootd|sk
Card
Infrastructure
CPU
Interconn.
nvram
8I1S (|nput &
output)
In ref
clocks
ILC
1emp Sensor
ower Ct|r
LLkCM
8oot I|ash (C8IL,
.)
I1AG Ctr|
SDkAM
M|n|DIMM
Interconn.
keset ] wr
Ctr|
kt 8uer
DkAM
(128M8)
art Len]
8W SkAM
kesource
DkAM
(S12M8)
Crypto
1CAM4
(10Mb|t)
PCI*
SA tab|e
DkAM
Processor pool
L0 L0 L0 L1
L0 L0 L0 L6
L0 L0 L0 L2
L0 L0 L0 LS
L0 L0 L0 L3

L0 L0 L0 L40
L0 L0 L0 L4
Buffer, queue,
schedule (BQS)
QFP
Buffer, queue,
schedule (BQS)
Buffer, queue, schedule (BQS)
D|spatcher]kt
8uer
ICC
1emp Sensor
ower Ct|r
LLkCM
8oot I|ash (C8IL)
I1AG Ctr|
SDkAM
M|n|DIMM
keset ] wr Ctr|
Interconn.



Ingress
c|ass|her
Ingress
Schedu|e
r
Lgress
8uer
Status
3
SPAs
3
SPAs

Ingress
Buffers (per
port)

Egress
Buffers (per
port)
3
SPAs
C2W
Network clock
distribution
Network
clocks
3
SPAs
3
SPAs
SPA
Aggregation
ASIC
4x1GE
SPA
LSl, 11.2Cbps
SA-Sl, 11.2Cbps
CLher
CL, 1Cbps
l
2
C
SA ConLrol
SA 8us
31
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1001 Overview
! Ideal for secure/high-end branch, as Route Reflector, and for
managed services
! Integrated Architecture: ESP, RP and SIP10
! Performance of 2.5 Gbps or 5 Gbps
! Encryption support of up to 1.8 Gbps
! Integrated Services
! One IOS-XE Feature set across all ASR1000 platforms
! High Availability
! Dual AC/DC power supply
! IOS SW Redundancy
! IO Options
4 built-in GigE ports
1 single-height SPA bay
Integrated Daughter Card: 2xOC3 POS, 4xT3, 8 CHT1/E1, 4xGE
Compact & Powerful 1RU for Secure High-end Branch
One IOS-XE Feature Set
Highly scalable for NG
routing and services
32
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1001 Block Diagram
33
ASk1001
CU
Memory
US8
Conso|e
and Aux
Mgmt
LNL1
8ootd|sk
CPU (2.13 Ghz Dual
Core)
nvram
1emp Sensor
ower Ct|r
LLkCM
Interconnect
kt 8uer
DkAM
(128M8)
art Len]
8W SkAM
kesource
DkAM
(S12M8)
Crypto
1CAM4
(10Mb|t)
SA tab|e
DkAM
Processor pool
L0 L0 L0 L1
L0 L0 L0 L6
L0 L0 L0 L2
L0 L0 L0 LS
L0 L0 L0 L3

L0 L0 L0 L40
L0 L0 L0 L4
Buffer, queue,
schedule (BQS)
QFP
Buffer, queue,
schedule (BQS)
Buffer, queue, schedule (BQS)
D|spatcher]kt
8uer



Ingress
c|ass|her
Ingress
Schedu|e
r
Lgress
8uer
Status
SPA

Ingress
Buffers (per
port)

Egress
Buffers (per
port)
SPA
Aggregation
ASIC
4x1GE
SPA
8oot I|ash
(C8IL, .)
I1AG Ctr|
SDkAM
M|n|DIMM
IDC*
RP2-Class Route
Processor
4G/8G/16G
Memory Options
Route Processor
(Built-in) BW
Upgradeable
ESP-10
SIP-10
(Built-in)
Soft Upgradeable BW
ESP: 2.5G, 5G
Modular I/O via SPA
And IDC
Built-in 4x1GE SPA
No Network Sync
Capability (BITs, etc)
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1002-X
Chassis & HW 2RU form factor
Integrated RP, ESP & SIP
Redundant AC/DC PSU, same as ASR1002
System BW 5G, 10G, 20G, 36G, via software upgrade
Performance Up to 30 Mpps
Crypto BW 4Gbps (8Gbps option in a future release)
Control Plane Quad-core @2.13GHz processor
4/8/16 GB Memory Options
Data Plane Integrated ESP with SW selectable BW from 5G to 36G
I/O 3 SPA bays + 6 built-inGE ports (SyncE capable)
Console / MGMT Ethernet / Aux
External USB storage
Optional HDD (160GB)
FW/NAT 36G FW/NAT, 2 M sessions
Network Timing Stratum 3/G.813 Clocking, BITS timing, GPS, SyncE, 1588
Image Security Secure boot
Code Signing (FIPS-140-3)
Next Generation ASR1002

Up to 4X Performance of
ASR1002
One IOS-XE Feature Set
New!
Available Now!
34
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASk1002-k
CU Memory
US8
Conso|e and
Aux
Mgmt
LNL1
8ootd|sk
CPU
(2.13GHz Quad-Core)
nvram
ASR 1002-X Block Diagram
Crypto
SA tab|e
DkAM
1emp Sensor
ower Ct|r
LLkCM
kt 8uer
DkAM(128M8) art Len]
8W SkAM
kesource
DkAM
(S12M8)
1CAM4
(10Mb|t)
Processor pool
L0 L0 L0 L1
L0 L0 L0 L6
L0 L0 L0 L2
L0 L0 L0 LS
L0 L0 L0 L3

L0 L0 L0 L40
L0 L0 L0 L4 QFP
Buffer, queue, schedule
(BQS)
Buffer, queue, schedule (BQS)
D|spatcher]kt
8uer
Interconnect
SPA
SPA
8oot I|ash
(C8IL, .)
I1AG Ctr|
SDkAM
M|n|DIMM
nard d|sk
Interconnect
GE GE GE GE GE GE
Stratum-3 Network
clock circuit
I/L 69Gbps
11.Gbps
Other
PCIe
SPA Control
SPA Bus
New Octeon II
- 4G Crypto
- 8G capable
- Suite-B
2
nd
Generation QFP:
40 Gbps Forwarding
and Feature
processing
Integrated Control Plane
- Quad Core CPU
Integrated SIP-40
Timing/
Sync
BITS, GPS
33
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Total Bandwidth Up to 100 Gbps
Performance Up to 32 Mpps
QuantumFlow Processors
- Resource Memory
- TCAM
- Packet Buffer
2
4 GB
1 x 80 Mb
1 GB
Control CPU
- Frequency
- Memory
Dual-core CPU
1.73 GHz
16 GB
Broadband
QoS
IPSec Bandwidth (1400 B)
FW/NAT
Up to 64K sessions
Up to 232K queues
30 Gbps
6 M sessions
Chassis
Route Processor
ASR 1006, ASR 1013
RP2 + Future RP3
Embedded Services Processors
ESP-100: 100Gbps Forwarding
New!
Available Now!
36
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ESI, 11.5 & 23 Gbps
Interlaken 69 Gbps
PCIe
Other
GE, 1Gbps
I
2
C
FECP
(Dual-Core)
Card
Infrastructure
Boot Flash
(OBFL, )
Memory
Interconnect
Chassis Mgmt
Bus
Pkt Buffer
DRAM (512MB)
Resource
DRAM (2GB)
Crypto
RPs RPs
RPs ESP
TCAM4
(1x80Mbit)
Memory
Pkt Buffer
DRAM (512MB)
Resource
DRAM (2GB)
Processor pool
PPE0
PPE0
PPE0
PPE1
PPE0
PPE0
PPE0
PPE6
PPE0
PPE0
PPE0
PPE2
PPE0
PPE0
PPE0
PPE5
PPE0
PPE0
PPE0
PPE3

PPE0
PPE0
PPE0
PPE40
PPE0
PPE0
PPE0
PPE4
Buffer, queue, schedule (BQS)
QFP
Buffer, queue, schedule (BQS)
Buffer, queue, schedule (BQS)
Dispatcher/Pkt
Buffer
SIPs
Processor pool
PPE0
PPE0
PPE0
PPE1
PPE0
PPE0
PPE0
PPE6
PPE0
PPE0
PPE0
PPE2
PPE0
PPE0
PPE0
PPE5
PPE0
PPE0
PPE0
PPE3

PPE0
PPE0
PPE0
PPE40
PPE0
PPE0
PPE0
PPE4
Buffer, queue, schedule (BQS)
QFP
Buffer, queue, schedule (BQS)
Buffer, queue, schedule (BQS)
Dispatcher/Pkt
Buffer
ESP-100 Block Diagram
ASR 1000
System BW
(69 Gbps Each)
37
TexOpt-2401 2012 Cisco and/or its affiliates. All rights reserved. Cisco Public.
ESP-2.5 ESP-5 ESP-10 ESP-20 ESP-40 ESP-100
System Bandwidth 2.5Gbps 5Gbps 10Gbps 20Gbps 40Gbps 100Gbps
Performance 4Mpps 8Mpps 17Mpps 24Mpps 24Mpps 32Mpps
# of Processors 20 20 40 40 40 2x64
Clock Rate 900 Mhz 900 Mhz 900 Mhz 1.2 GHz 1.2 GHz 1.5 GHz
Crypto Engine BW (1400
bytes)
1.8Gbps 1.8Gbps 4.4Gbps 8.5Gbps 11Gbps 25 Gbps
Crypto Engine BW (IMIX) 1Gbps 1Gbps 2.5Gbps 6Gbps 7Gbps TBD
QFP Resource Memory 256MB 256MB 512MB 1GB 1GB 2x2GB
Packet Buffer 64MB 64MB 128MB 256MB 256MB 2x512MB
Control CPU 800 MHz 800 MHz 800 MHz 1.2 GHz 1.8 GHz 1.73 GHz dual-core
Control Memory 1GB 1GB 2GB 4GB 8GB 16GB
TCAM 10Mb 10Mb 10Mb 40Mb 40Mb 1x80Mb
Chassis Support
ASR 1001
(Integrated)
ASR 1002
ASR 1002, 1004,
1006
ASR 1004, 1006
ASR 1004, 1006,
1013
ASR 1006, 1013
Embedded Services Processors - ESP
38
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 Family Oversubscription Rates
Chassis
Version
ESP
Version
SIP
Version
SIP Slot
Number
Max.
Bandwidth
per SIP Slot
(Gbps)
Max. SIP
Interconnect
Oversubscription
Bandwidth
on ESP
(Gbps)
ESP (System
Bandwidth)
Oversubscription
System
(Chassis)
Oversubscription
ASR 1001 ESP2.5 n.a. n.a. n.a. n.a. 2.5 5.6:1 5.6:1
ASR 1002
ESP5 n.a. n.a. n.a. n.a. 5 6.8:1 6.8:1
ESP10 n.a. n.a. n.a. n.a. 10 3.4:1 3.4:1
ASR 1004
ESP10 SIP10 1, 2 10 4:1 10 2:1 8:1
ESP20 SIP10 1, 2 10 4:1 20 1:1 4:1
ASR 1006
ESP10 SIP10 1, 2, 3 10 4:1 10 3:1 12:1
ESP20 SIP10 1, 2, 3 10 4:1 20 3:2 6:1
ESP40 SIP10 1, 2, 3 10 4:1 40 3:4 4:1
ESP40 SIP40 1, 2, 3 40 1:1 40 3:1 3:1
ASR 1013
ESP40 SIP10
1, 2, 3, 4,
5, 6
10 4:1 40 3:2 6:1
ESP40
SIP40 1, 2, 3, 4 40 1:1
40 5:1 6:1
SIP40 5, 6 20 2:1
ESP and SIP Ingress QOS functions were integrated into the
ASR 1000 design to deal with this apparent oversubscription
4x10G SPAs max
per SIP
3 SIPs max per ESP
12x10G SPAs max
per ESP
1
1
2
2
3
3
Example:
39
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Cisco Quantum Flow Processor
ASR1000 Series Innovation
Cisco QFP
Packet Processor
Cisco QFP Traffic Manager
(Buffering, Queueing, Scheduling)
Five year design and continued evolution now on 2
nd
generation
Massively parallel, 40 multi-threaded cores
QFP Architecture designed to scale to >200Gbit/sec
160 processes available to handle traffic
High-priority traffic is prioritised
Packet replication capabilities for Lawful Intercept
Full visibility of entire L2 frame
Latency: tens of microseconds with features enabled
Interfaces on-chip for external cryptographic engine
Current generation QFP is capable of 70Gbit/sec, 32Mpps
processing
Can cascade 1, 2 or 4 chips
Cl Chlp SeL
40
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Quantum Flow Processor
! Custom design needed for next-gen Network Integrated Services
! Existing CPUs did not offer forwarding power required
! Memory architecture of general purpose CPUs relies on large caches (64B/128B) -> Inefficient mapping for network
features
! QFP uses small memory access sizes (16B)
! minimizes wasted memory reads and increases memory access
! for the same raw memory BW, a 16B read allows 4-8 times the number of memory accesses/sec as a CPU using 64/128B
accesses
! Preserves C-language programming support
! Including stacking for nested procedures
! Differentiator as compared to NPUs
! Key to feature velocity
! Support for portable, large-scale development
! Add hardware assists to further boost performance
! TCAM, PLU, HMR
! Trade-off power requirement vs. board space
Why Custom vs. Off-the-Shelf?
Cisco QFP
Sun
Ultrasparc
T2
Intel Core 2
Mobile U7600
Total number processes
(cores x threads)
160 64 2
Power per process 0.51W 1.01W 5W
Scalable traffic
management
128k
queues
None None
41
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
L rocesslng Array
uaLa aLh 8esources
Memory Access 8esources Memory 8esources Ceneral 8esources
lM CM CaLher 8CS CM
ulsL lL8
8esource lnLerconnecL
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
ppe
Memory lnLerconnecL
8
L
8

1
C
M

A
8
L

l
n
l
8
A

L
u

P
M
8

W
8
C

S
8
A
M

u
8
A
M
0

u
8
A
M
7

Sl/P1 Sl/P1
C
u
e
u
l
n
g

8
o
u
n
d
a
r
y

Cisco QFP Architecture
Pl erf. Memory
- 1CAM4: 200 M
searches/
second wlLh Cl
- u8AM: 1.6 bllllon
cache llne accesses
per second
8uerlng, Cueulng,
and Schedullng (8CS)
- PCl/MCC compauble
- 128k queues
- llexlble allocauon of
schedule resources
- 3+ levels of schedullng
hlerarchy
40 Ls
- 1enslllca (MlS-llke) lnsLrucuon seL archlLecLure
- uaLa cache (1k8 per Lhread, 168 cache llne)
- lour PW Lhreads per L
- Ls operaLe aL 1.2CPz speed
- LxLenslve PW AsslsLs: ACL, 18M-lookup, W8Lu, llow
Locks
ulsLrlbuLor Ass|gns Lach
ackeL Lo a L/ConLexL
- Cl ls noL dolng ow-based
load-balanclng among
processors
- ulsLrlbuuon ls Lo any ellglble
L/ConLexL
- Pardware locks for orderlng
and muLual excluslon
42
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Second Generation QFP Details
! 2
nd
Gen QFP integrates both the PPE engine and the Traffic manager
! 64 PPEs
! 116K queues per 2
nd
gen QFP ASIC (128K queues for previous QFP)
! But 2
nd
gen QFP can be latched together, so ESP 100 has total of 232K queues
! PPEs on 2
nd
gen QFP run the same Microcode as QFP
! Features executed in PPEs have same behavior
! Full Configuration consistency with QFP
! Same feature behavior (e.g. TCP, policing accuracy)
! In-service hardware upgrade & downgrade from ESP40 to ESP 100 supported
! Differences
! Minor behavioral show-command differences
! Deployment differences in deployments with large number of schedules
Used on ASR1002-X and ESP-100
43
IOS-XE Software Architecture
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Embedded Services
Processor
Route Processor
SPA Interface Processor
Contro| Messag|ng
kerne| kerne|
kerne|
I
C||ent]Dr|ver
Chass|s
Manager
Iorward|ng
Manager
SA
Dr|ver
SA
Dr|ver
SA
Dr|ver
SA
Dr|ver
ICS

(Standby)
Iorward|ng
Manager
Chass|s
Manager
ICS

(Acnve)
IOS XE Platform Adaptation Layer (PAL)
Chass|s
Manager
Software ArchitectureIOS XE
! IOS XE = IOS + IOS XE Middleware + Platform
Software
! Operational Consistencysame look and feel as
IOS Router
! IOS runs as its own Linux process for control
plane (Routing, SNMP, CLI etc.) Capable of 64-bit
operation
! Linux kernel with multiple processes running in
protected memory for
! Fault containment
! Re-startability
! ISSU of individual SW packages
! ASR 1000 HA Innovations
! Zero-packet-loss RP Failover
! <50ms ESP Failover
! Software Redundancy
43
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 Software Architecture
LS ILC
Interconn.
Crypto ass|st
k
CU
Chass|s Mgr.
Iorward|ng Mgr.
Chass|s Mgr.
Iorward|ng Mgr.
I
C||ent ]
Dr|ver
Interconn.
Interconn.
SI
SA SA
ICC
SA Agg.

Interconn.
kerne| (|nc|. un||nes)
Chass|s Mgr.
SA
dr|ver
SA
dr|ver
SA
dr|ver
SA
dr|ver
ICS
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
I subsys-tem
I code
- kuns Contro| |ane
- Generates conhguranons
- opu|ates and ma|nta|ns rounng tab|es (kI8, II8.)
- rov|des abstracnon |ayer between hardware and ICS
- Manages LS redundancy
- Ma|nta|ns copy of II8 and |nterface ||st
- Commun|cates II8 status to acnve & standby LS
(or bu|k-down|oad state |nfo |n case of restart)
- Ma|nta|ns copy of II8s
- rograms I forward|ng p|ane and I DkAM
- Stansncs co||ecnon and commun|canon to k
- Commun|cates w|th Iorward|ng manager on k
- rov|des |nterface to I C||ent ] Dr|ver
- Imp|ements forward|ng p|ane
- rograms Ls w|th forward|ng |nformanon
- Dr|ver Sohware for SA |nterface cards. Loaded separate|y and
|ndependent|y
- Ia||ure or upgrade of dr|ver does not aect other SAs |n same
or d|erent SIs
- In|na||zanon and boot of k rocesses
- Detects CIk of other cards and coord|nates |n|na||zanon
- Manages system]card status, Lnv|ronmenta|s, ower ct|, LC8C
46
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
SI
SA SA
ICC
SA
Agg.

LS ILC
Interconn.
I subsys-tem
Crypto ass|st
k
CU
ICS
Chass|s Mgr.
Iorward|ng Mgr.
kerne| (|nc|. un||nes)
Chass|s Mgr.
Iorward|ng Mgr.
I
C||ent ]
Dr|ver
Interconn.
Chass|s Mgr.
SA
dr|ver
SA
dr|ver
SA
dr|ver
SA
dr|ver
Interconn.
I
code
ICS
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
Forwarding
Control
messages
OIR / Chassis
messages
ESI, 11.2Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
Interconn.
Control Plane Process Communication
GE, 1Gbps
I
2
C
SPA Control
SPA Bus
IPC Messages
47
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Feature Invocation Array in QFP code
Feature Processing Follows a Pre-defined Execution Sequence
L2/L3
Classify
IPv4 Validation
SSLVPN
ERSPAN
MLP
IP Hdr. Compress.
VASI
LI
LISP
FPM
ACL
BGP Policy Acct.
ISG
QPPB
IPSec
uRPF
NAT
PBR
SBC
WCCP
ISG
Marking
Policing
Accounting
TCP MSS Adjust
Netflow
LI
BDI
IP Tunnels
NAT
APS
WCCP
Classify
SSLVPN
Firewall
IPSec
ACL
GEC
FPM
MLP
IPHC
Queuing
Forwarding

IP Unicast
Loadbalancing
IP Multicast
MPLS Imposit.
MPLS Dispos.
MPLS Switch.
FRR
AToM Dispos.
MPLSoGRE
IPv6 IPv4 MPLS XConnect L2 Switch
For Your
Reference
48
IOS XE Releases and Packaging for ASR
1000
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
SI
SA SA
ICC
SA
Agg.

Interconn.
I ILC
Interconn.
C subsys-tem
Crypto ass|st
k
CU
Chass|s Mgr.
Iorward|ng Mgr.
Interface Mgr.
kerne| (|nc|. un||nes)
Chass|s Mgr.
Iorward|ng Mgr.
C C||ent ]
Dr|ver
Interconn.
Interface Mgr.
Chass|s Mgr.
SA
dr|ver
SA
dr|ver
SA
dr|ver
SA
dr|ver
Interconn.
C
code
ICS
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
Software Sub-packages
1. RPBase: RP OS
Why?: Upgrading of the OS will require reload to the RP
and expect minimal changes
2. RPIOS: IOS
Why?: Facilitates Software Redundancy feature
3. RPAccess (K9 & non-K9): Software required for Router
access; 2 versions available. One that contains open SSH
& SSL and one without
Why?: To facilitate software packaging for export-
restricted countries
4. RPControl : Control Plane processes that interface
between IOS and the rest of the platform
Why?: IOS XE Middleware
5. ESPBase: ESP OS + Control processes + QFP client/
driver/ucode:
Why?: Any software upgrade of the ESP requires reload of
the ESP
6. SIPBase: SIP OS + Control processes
Why?: OS upgrade requires reload of the SIP
7. SIPSPA: SPA drivers and FPD (SPA FPGA image)
Why?: Facilitates SPA driver upgrade of specific SPA slots
SSL/SSP
1
2
3 4
S
6
7
30
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Cisco IOS XE Images
For Enterprise and Managed Services
Cisco ASR1000 Series RP1
Advanced Enterprise
Services w/o Crypto
(SASR1R1-AES)
Broadband
L2 & L3 VPN
MPLS
IPv6
ATOM, VPLS
PfR
Multicast
SBC
Legacy IPX, Appletalk,
DecNet, etc
BGP, EIGRP, ISIS, OSPF, RIP
ACL
HSRP/VRRP
NAT
HA: BFD, ISSU
Netflow
QoS, WCCPv2
IPv6
Cisco ASR1000 Series
IP Base
(SASR1R1-IPBK9)
BGP, EIGRP, ISIS, OSPF, RIP
ACL
HSRP/VRRP
HA: BFD, ISSU
NAT
Netflow
QoS, WCCPv2
IPv6
SSL, SSH
Cisco ASR1000 Series IP
Base w/o Crypto
(SASR1R1-IPB)
BGP, EIGRP, ISIS, OSPF, RIP
ACL
HSRP/VRRP
HA: BFD, ISSU
NAT
Netflow
QoS, WCCPv2
IPv6
Cisco ASR1000 Series RP1
Advanced Enterprise
Services
(SASR1R1-AESK9)
SSL, SSH
Broadband
L2 & L3 VPN
MPLS
IPv6
ATOM, VPLS
PfR
Security, LI
Multicast
SBC
Legacy IPX, Appletalk,
DecNet, etc
BGP, EIGRP, ISIS, OSPF, RIP
ACL
HSRP/VRRP
NAT
HA: BFD, ISSU
Netflow
QoS, WCCPv2
IPv6
SW Redundancy
SBC
IPSec
Firewall
Flexible Packet Inspection
Cisco ASR 1000 Series
Feature Licenses
Cpnona| Ieatures
Legacy Protocols
not part of Service
Provider Images
31
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 IOS XE Release Process Today
Current Software Lifecycle (Pre IOS XE 3.7)
Frequency of Extended
Maintenance Branches
Frequency of
Releases
Length of Standard
Maintenance Branch
Standard
maintenance rebuild
Interval (months)
Length of Extended Maintenance
Branch
Extended Maintenance
Rebuild Interval (months)
Every 4 (16 months) 4 months 5 months 2-3 24 months 2-3-4-4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
Legend
Initial CCO
Standard
throttle rebuild
Extended
throttle rebuild
Platform
Optional
PSIRT
PSIRT
IOS 15.3(1)S
IOS XE 3.8 S
IOS 15.3(4)S
IOS XE 3.11S
IOS 15.2(4)S
IOS XE 3.7S
IOS 15.3(2)S
IOS XE 3.9 S
IOS 15.3(3)S
IOS XE 3.10S
PSIRT S1 S2 S3 S4
S1 S2
S1 S2
S1 S2
PSIRT S1 S2 S3 S4
For Your
Reference
MonLh #
32
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 IOS XE Release Process New Plan
Planned New Software Lifecycle (Starting IOS XE 3.7)
Frequency of Extended
Maintenance Branches
Frequency of
Releases
Length of Standard
Maintenance Branch
Standard
maintenance rebuild
Interval (months)
Length of Extended Maintenance
Branch
Extended Maintenance
Rebuild Interval (months)
Every 12 months 4 months 6 months 3 48 months 3-3-3-3-6-6-6
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
Legend
Initial CCO
Standard
throttle rebuild
Extended
throttle rebuild
Platform
Optional
PSIRT
IOS 15.3(1)S
IOS XE 3.8 S
IOS 15.2(4)S
IOS XE 3.7S
IOS 15.3(2)S
IOS XE 3.9 S
IOS 15.3(3)S
IOS XE 3.10S
PSIRT S1 S2
PSIRT S1 S2 S3 S4 S5 S6 S7
PSIRT S1 S2
PSIRT
S1 S2 S3 S4 S5 S6 S7
MonLh #
33
ASR1000 QoS
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 Forwarding Path

QoS View
1. SPA classification
2. Ingress SIP packet buffering
3. Port rate limiting & weighting
for forwarding to ESP
4. Advanced classification
5. Ingress MQC based QoS
6. Egress MQC based QoS
7. Hierarchical packet scheduling
& queuing
8. Egress SIP packet buffering
SPA-SPI, 11.2Gbps each direct
Hypertransport, 8Gbps each direction
ESI, 40Gbps each direction
Midplane
SPA
Ingress classifier,
scheduler & buffers
Interconnect
SPA SPA
Packet buffers
Interconnect
SPA
ESP (backup)
Cisco
QFP
TCAM Buffers
Interconnect
ESP (active)
Cisco
QFP
TCAM Buffers
Interconnect
RP (active)
IOS Process
Interconnect
RP (backup)
IOS Process
Interconnect
3
4
2
1
5 6
7
8
33
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 SIP Ingress Path
QoS View
! Ingress packet priority
classification
! Classification based on 802.1p,
IPv4 TOS, IPv6 TC, MPLS EXP
! Configurable per port or VLAN
! Ingress SIP buffering
! 128 Mbyte input buffer
! 2 queues, high and low priority
! Ingress SIP scheduler
! Defaults to weighted fair
amongst ingress ports
! Excess bandwidth is shared
! Excess weight per port is
configurable
SPAs
4 SPAs
Ingress Buffers
Ingress H/L pkt
classifier
Ingress
scheduler
Egress Buffers
Egress buffer
status reporting
Interconnect
FP1 FP0
1
2
3
36
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
SIP Egress QoS Path
! 2 Mbyte of egress buffering per SIP
card
! No need for additional SIP based
classification or queuing.
! Heavy lifting already done by QFP
engine.
! Egress SIP has high and low priority
buffers in case there is backpressure
from a SPA
SPAs
4 SPAs
Ingress Buffers
Ingress H/L
pkt classifier
Ingress
scheduler
Egress Buffers
Interconnect
FP1 FP0
Egress buffer
status
reporting
8
37
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 ESP QoS
! The following QoS functions are handled by PPEs:
! Classification
! Marking
! Policing
! WRED
! After all the above QoS functions (along with other packet forwarding features
such as NAT, Netflow, etc.) are handled the packet is put in packet buffer
memory handed off to the Cisco QFP Traffic Manager
QFP Processing
38
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 QoS
! Cisco QFP Traffic Manager implements a 3 parameter scheduler which gives advanced
flexibility
! Minimum - bandwidth
! Excess - bandwidth remaining
! Maximum - shape
! Priority propagation (via minimum) ensures that high priority packets are forwarded first
without loss
! Packet memory is one large pool. Interfaces do not reserve a specific amount of packet
memory.
! Out of resources memory exhaustion conditions
! Non-priority user data dropped at 85% packet memory utilization
! Priority user data dropped at 97% packet memory utilization
! Selected IOS control plane packets and internal control packets only dropped at 100% memory
utilization
The QFP Traffic Manager (BQS) performs all packet scheduling decisions.
39
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 QoS
! show plat hard qfp active stat drop all | inc BqsOor
! This gives a counter which shows if any packets have been dropped because of packet
buffer memory exhaustion.
! show plat hard qfp active infra bqs status
! Gives metrics on how many active queues and schedules are in use. Also gives
statistics on QFP QoS hierarchies that are under transition.
! show plat hard qfp active bqs 0 packet-buffer util
! Gives metrics on current utilization of packet buffer memory
Traffic Manager Statistics
For Your
Reference
60
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 QoS
! Multilayer hierarchies (5 layers in total)
! SIP, interface, 3 layers of queuing MQC QoS
! Two levels of priority traffic (1 and 2)
! Strict and conditional priority rate limiting
! 3 parameter scheduler (min, max, & excess)
! Priority propagation for no loss priority
forwarding via minimum parameter
! Shaping average and peak options, burst
parameters are accepted but not used
! Backpressure mechanism between hardware
components to deal with external flow control

Queuing Highlights
Interface/Port
schedule
Level 1 VLAN
schedule
Level 2 Class
schedules
Level3 Class
queues/schedule
SIP schedule
61
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 QoS
! Classification
! IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, ACL, packet-
length, ATM CLP, COS, inner/outer COS (QinQ), vlan, input-interface, qos-group,
discard-class
! QFP is assisted in hardware by TCAM
! Marking
! IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, discard-class,
qos-group, ATM CLP, COS, inner/outer COS
! Enhanced match and marker stats may be enabled with a global configuration
option
! platform qos marker-statistics
! platform qos match-statistics per-filter


Classification and Marking
62
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 QoS
! Policing
! 1R2C 1 rate 2 color
! 1R3C 1 rate 3 color
! 2R2C 2 rate 2 color
! 2R3C 2 rate 3 color
! color blind and aware in XE 3.2 and
higher software
supports RFC 2697 and RFC 2698
! explicit rate and percent based
configuration
! dedicated policer block in QFP
hardware
! WRED
! precedence (implicit MPLS EXP),
dscp, and discard-class based
! ECN marking
! byte, packet, and time based CLI
! packet based configurations limited
to exponential constant values 1
through 6
! dedicated WRED block in QFP
hardware

Policing and Congestion Avoidance
63
IPSec on ASR1000
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
IPSec on ASR1000
Nitrox II Capabilities:
! 8-core crypto coprocessor on ESP10G
! 18-core crypto coprocessor on ESP20G, ESP40G
! Supports up to 500 IKE sessions setups per second
! Supports up to 2
22
IPSec SA with full IPSec packet processing
! QFP has 10Gbps interface to the Nitrox for IPSec packet processing
! Each Nitrox core provides around 0.475-0.5 Gbps of encryption throughput
! Max. MTU size supported is 10KB on Nitrox II
ASR1000 IPSec HA:
! In-Box High Availability (HA) 6 RU configuration:
ESP to ESP - stateful
RP to RP stateless
Cavium Nitrox II and IPSec Capabilities
63
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ESP-100 and ASR1002-X NextGen Encryption
! ESP-100
! 24 core processor
! 800MHz clock frequency
! 2GB DDR3 SDRAM
! Up to 20Gbps (512B packets)
! ASR-1002X
! 6 core processor
! 1.1 GHz clock frequency
! Up to 4Gbps (512B packets)
Cavium Octeon II Details
66
! Crypto support:
! AES, SHA-1, ARC4, DES, 3-DES
! IKEv1 or IKEv2
! Next Gen Suite B crypto support
! Encryption: AES-128-GCM
! Authentication: HMAC-SHA-256
! Hashing: SHA-256
! Protocol: IKEv2
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
FECP
Card
Infrastructure
8oot I|ash
Memory
Interconn.
Chassis
Mgmt Bus
kt 8uer
DkAM
kesource
DkAM
Crypto
RPs RPs
RPs ESP SIPs
1CAM4
Memory
Processor pool
L0
L0
L0
L1
L0
L0
L0
L6
L0
L0
L0
L2
L0
L0
L0
LS
L0
L0
L0
L3

L0
L0
L0
L40
L0
L0
L0
L4
Buffer, queue, schedule (BQS)
QFP
Buffer, queue, schedule (BQS)
Buffer, queue, schedule (BQS)
Dispatcher/
Pkt Buffer
ESI, 10/40Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
GE, 1Gbps
I
2
C
SPA Control
SPA Bus
Anti-replay check
Encryption / decryption
(Diffie-Helman)
NAT Traversal
Traffic-based lifetime expiry
Outbound packet classification
Formatting of packets to Crypto chip
(internal header)
Receiving packets from crypto chip
Removal of internal crypto header
Re-assembly of fragmented IPSec
packets
IPSec SA class groups
Classes
Rules (ACE or IPSec SA)
ASR 1000 Forwarding Processor
IPSec Processing is done with Nitrox-II Crypto Assist
IPSec SA Database
IKE SA Database
Crypto-map
DH key pairs
IPSec SA Database IPSec Headers
67
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 IPSec Software Architecture
Function Partitioning
LS ILC
Interconn.
Crypto ass|st
k
CU
Chass|s Mgr.
Iorward|ng Mgr.
Chass|s Mgr.
Iorward|ng Mgr.
I
C||ent ]
Dr|ver
Interconn.
Interconn.
SI
SA SA
ICC
SA Agg.

Interconn.
kerne| (|nc|. un||nes)
Chass|s Mgr.
SA
dr|ver
SA
dr|ver
SA
dr|ver
SA
dr|ver
ICS
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
I subsys-tem
I code
- Creanon of ISec Secur|ty Assoc|anons (SA)
- IkL Contro| |ane (IkL negog|anon, exp|ry, tunne| setup)
- Commun|cates II8 status to acnve & standby LS (or bu|k-
down|oad state |nfo |n case of restart)
- Copy of ISec SAs
- Copy of IkL Sas
- Synchron|zanon of SA Databases w|th standby LS
- Commun|cates w|th Iorward|ng manager on k
- rov|des |nterface to I C||ent ] Dr|ver
- Lncrypnon ] Decrypnon of packets
- unnng of Lncrypted packets to the Crypto Ass|st
For Your
Reference
68
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 IPSec Performance
Throughput and Scalability
69
ASR1000-
ESP5
ASR1000-
ESP10
ASR1000-
ESP20
ASR1000
ESP40
Supported Chassis ASR1001 ASR 1002
ASR 1002,
1004, 1006
ASR 1004 &
1006
ASR1006 &
1013
Encryption Throughput
(Max/IMIX)
1.8/1 Gbps 1.8/1 Gbps 4/2.5 Gbps 7/6 Gbps 11/7 Gbps
VRFs (RP2/RP1) 4,000 1,000 4,000 / 1,000 4,000 / 1,000 4,000 / 1,000
Total Tunnels
(Site to Site IPSec) *
4,000 4,000 4,000 8,000 8,000
Tunnel Setup Rate w/ RP2
(IPSec, per sec)
130 N/A 130 130 130
Tunnel Setup Rate w/ RP1
(IPSec, per sec)
NA 90 90 90 90
DMVPN / BGP Adjacencies
(RP2/RP1, 5 routes per peer)
3000 3000 3000 3000 3000
DMVPN / EIGRP
Adjacencies
(RP2/RP1, 5 routes per peer)
1,250 1,000 1,250 / 1,000 1,250 / 1,000 1,250 / 1,000
EasyVPN + dVTI 2,000 2,000 2,000 2,000 2,000
* Total tunnels are for IPSec and GRE+IPSec only
For Your
Reference
Packet Flows Data Plane
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
g
Interconn.



Ingress
c|ass|her
Ingress
Schedu|er
Lgress
8uer
Status
ESI, 11.2Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
4 SPAs

Ingress Buffers
(per port)

Egress Buffers
(per port)
ESPs
SPA Agg.
Data Packet Flow: From SPA Through SIP
1. SPA receives packet data from its network interfaces and
transfers the packet to the SIP
2. SPA Aggregation ASIC classifies the
packet into H/L priority
3. SIP writes packet data to external 128B memory (at 40Gbps
from 4 full-rate SPAs)
4. Ingress buffer memory is carved into 64 queues. The queues
are arranged by SPA-SPI channel and optionally H/L. Channels
on channelized SPAs share the same queue.
5. SPA ASIC selects among ingress queues for next pkt to send
to ESP over ESI. It prepares the packet for internal
transmission
6. The interconnect transmits packet data of selected packet over
ESI to active ESP at up to 11.5 Gbps
7. Active ESP can backpressure SIP via ESI ctl message to slow
pkt transfer over ESI if overloaded (provides separate
backpressure for Hi vs. Low priority pkt data)
SPA
aggregation
ASIC
Data
2011 Clsco and/or lLs amllaLes. All rlghLs reserved. Clsco ubllc 1LCC1-2401
71 71
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Data Packet Flow: Through ESP10
1. Packet arrives on QFP
2. Packet assigned to a PPE thread.
3. The PPE thread processes the packet in a feature chain
similar to 12.2S IOS (very basic view of a v4 use case):
! Input Features applied
NetFlow, MQC/NBAR Classify, FW, RPF, Mark/Police, NAT, WCCP etc.
! Forwarding Decision is made
Ipv4 FIB, Load Balance, MPLS, MPLSoGRE, Multicast etc.
! Output Features applied
NetFlow, FW, NAT, Crypto, MQC/NBAR Classify, Police/Mark etc.
! Finished
4. Packet released from on-chip memory
to Traffic Manager (Queued)
5. The Traffic Manager schedules which traffic to send to which
SIP interface (or RP or Crypto Chip) based on priority and what
is configured in MQC
6. SIP can independently backpressure ESP via ESI control
message to pace the packet transfer if overloaded

Interconnect
kt 8uer
DkAM
(128M8)
art Len]
8W SkAM
kesource
DkAM
(S12M8)
SIP-10
1CAM4
(10Mb|t)
Processor pool
L0
L0
L0
L1
L0
L0
L0
L6
L0
L0
L0
L2
L0
L0
L0
LS
L0
L0
L0
L3

L0
L0
L0
L40
L0
L0
L0
L4
Buffer, queue, schedule
(BQS)
Quantum Flow
Processor
Buffer, queue, schedule
(BQS)
Buffer, queue, schedule (BQS)
D|spatcher]
kt 8uer
Data
ESI, 11.2Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
ASR System BW
(Depends on ESP)
72
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
g
Interconn.



Ingress
c|ass|her
Ingress
Schedu|er
Lgress
8uer
Status
ESI, 46 Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
4 SPAs

Ingress Buffers
(per port)

Egress Buffers
(per port)
ESPs
SPA Agg.
SPA
Aggregation
ASIC
Data Packet Flow: Through SIP to SPA
1. Interconnect receives packet data over ESI from
the active ESP at up to 46 Gbps
2. SPA Aggregation ASIC receives the packet and
writes it to external egress buffer memory
3. Egress buffer memory is carved into 64 queues.
The queues are arranged by
egress SPA-SPI channel and optionally H/L.
Channels on channelized SPAs share
the same queue.
4. SPA Aggregation ASIC selects and transfers
packet data from eligible queues to SPA-SPI
channel (Hi queue are selected before Low)
5. SPA can backpressure transfer of packet data
burst independently for each SPA-SPI channel
using SPI FIFO status
6. SPA transmits packet data on network interface
Data
73
High Availability Overview
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASk 1006
High-Availability on the ASR 1000
! Redundant ESP / RP on ASR 1006 and ASR 1013
! Software Redundancy on ASR 1001, ASR 1002, ASR
1004
! Zero packet loss on RP Fail-over! Max 100ms loss for
ESP fail-over
! Intra-chassis Stateful Switchover (SSO) support for
! Configuration
! Protocols: FR, ML(PPP), HDLC, VLAN , IS-IS, BGP, CEF, SNMP, MPLS,
MPLS VPN, LDP, VRF-lite
! Stateful features: PPPoX, AAA, DHCP, IPSec, NAT, Firewall
! IOS XE also provides full support for Network Resiliency
! NSF/GR for BGP, OSPFv2/v3, IS-IS, EIGRP, LDP
! IP Event Dampening; BFD (BGP, IS-IS, OSPF)
! GLBP, HSRP, VRRP
! Support for ISSU
! Stateful inter-chassis redundancy available for NAT,
Firewall, SBC
ASR1000 Built for Carrier-grade HA
Acnve
Iorward|ng
rocessor
Acnve
koute
rocessor
Standby
koute
rocessor
Standby
Iorward|ng
rocessor
SA Carr|er Card
SA SA
SA SA
SA Carr|er Card
SA SA
SA SA
SA Carr|er Card
SA SA
SA SA
Zero
Packet
Loss

k fa||s
nW or SW
Standby
8ecomes
Acnve
73
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
! Provides hitless or
near hitless
switchover

! Reliable IPC
transport used for
synchronization

! HA operates in a
similar manner to
other protocols on the
ASR 1000
k
act
IM
k
I C||ent
k
sby
kI kI
IPC Message Qs
IDB State Update Msg IDB State Update Msg
IOS
act IOS
sby
I
P
C
I
P
C
CI CI
Interconnect
Used for
IPC and
Check-
pointing
Non-nA-Aware
App||canon
Non-nA-Aware
App||canon
Dr|ver]Med|a
Layer
Mcast
CLI
Conhg


Dr|ver]Med|a
Layer
Mcast
CLI
Conhg


MLD MLD
IPC Message Qs
ESP
sby
ESP
act
I C||ent
IM
k
FIB MFIB FIB MFIB
IM
LS
IM
LS
IDB RIB RT MRIB IDB RIB RT MRIB
FIB MFIB FIB MFIB
IDB
ASR 1006 High Availability Infrastructure
Infrastructure for Stateful Redundancy
SAs
76
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Embedded Services
Processor
Route Processor
SPA Interface Processor
Contro| Messag|ng
Kernel Kernel
kerne|
I
C||ent]Dr|ver
Chassis
Manager
Forwarding
Manager
SA
Dr|ver
SA
Dr|ver
SA
Dr|ver
SA
Dr|ver
ICS

(Standby)
Forwarding
Manager
Chassis
Manager
ICS

(Acnve)
IOS XE Platform Adaptation Layer (PAL)
Chassis
Manager
Software Redundancy IOS XE
! IOS runs as its own Linux process for control
plane (Routing, SNMP, CLI etc.)
! Linux kernel runs IOS process in protected
memory for:
! Fault containment
! Restart-ability of individual SW processes
! Software redundancy helps when there is a RP-
IOS failure/crash
! Active process will switchover to the standby,
while forwarding continues with zero packet loss
! Can be used for ISSU of RP-IOS package for
control-plane bug fixes and PSIRTs
! Other software crashes (example: SIP or ESP)
cannot benefit from Software redundancy
ASR1002 and ASR1004
IOS
Process
fail
Standby
Becomes
Active
77
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 ISSU Innovation
Ability to perform upgrade of the IOS image on
the single-engine systems
Support for software downgrade
In Service component upgrades (SIP-Base,
SIP-SPA, ESP-Base) without requiring reboot to
the system
Hitless upgrade of some software packages
Pre-provisioning Capability
RP Portability - installing & configuring hardware
that are physically not present in the chassis
This allows the user to configure an RP in one system i.e. a
4RU and then move it to another system i.e. a fully
populated 6RU
One-shot ISSU procedure available for H/W
redundant platforms
Software Release
From \ To
3.1.0 3.1.1 3.1.2 3.2.1 3.2.2
3.1.0 N/A SSO Tested SSO SSO via 3.1.2 SSO via 3.1.2
3.1.1 SSO Tested N/A SSO Tested SSO via 3.1.2 SSO via 3.1.2
3.1.2 SSO SSO Tested N/A SSO Tested SSO Tested
3.2.1 SSO via 3.1.2 SSO via 3.1.2 SSO Tested N/A SSO Tested
3.2.2 SSO via 3.1.2 SSO via 3.1.2 SSO Tested SSO Tested N/A
In-Service Software Upgrade
78
Performance Data
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Unidimensional Routing Performance
Uni-dimensional Scale
ASR
1001(ESP
2.5)
RP1/ESP5
RP1/
ESP10
RP2/
ESP20
RP2/
ESP40
VLAN/QinQ (per port/per SPA/per system) 4K/16K/16K 4K/32K/32K 4K/32K/32K 4K/32K/64K 4K/32K/64K
Ipv4 routes 1M 0.5M 1.7M 4M 4M
Ipv6 routes 1M 125K 500K 4M 4M
Number of Sessions 8K 12K 24K 32K 32K
Number of L2TP Tunnels 4K 6K 12K 16K 16K
Number of BGP neighbors 4K 4K 4K 8K 8K
Number of OSPF Neighbors 1K 1K 1K 2K 2K
Unique QOS policy maps / class maps per system 1K/4K 1K/4K 1K/4K 4K/4K 4K/4K
ACL/ACE 4K/32K 4K/25K 4K/50K 4K/119K 4K/119K
Number of Mcast Groups (IGMP or MLD) 1000 1000 1000 1000 1000
Number of IPv4/v6 mroutes 64K 64K 64K 64K 64K
Number of IPv4 mVRFs 300 300 300 600 600
Number of Firewall Sessions 250K 500K 1M 2M 2M
Number of NAT + Firewall Sessions 125K 125K 500K 1M 1M
Number of NetFlow Cache Entries 250K/500K 500K 1M 2M 2M
VRF 4K 1K 1K 4K 4K
Number of BFD Sessions 512 512 512 512 512
Number of SBC ipv4 signaling and media pinholes n.a. 22.5K 32K 32K 32K
Non-drop rate (with uRPF, security ACL, NetFlow
and QOS on VLAN subinterfaces)
3Mpps/
2.5Gbps
4Mpps/
5Gbps
9Mpps/
10Gbps
12Mpps/
20Gbps
12Mpps/
40Gbps
80
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
RP1/ESP5 Feature Impact Performance
! Individual features have small impact with small packet sizes (76B)
! Individual features have no impact at large packet sizes (above 260B)
! QFP has excellent behavior even with combined features for larger packet sizes!
!
#
$
%
&
'
(
)
*
+
#!
)( #%$ $(! '#( #!$* #'#*
!"#$ &'()*+' "'+,-+.(/0' !.1(0) 2"3456"37
,-./ 011. 234 011. 567 011. 89:; 011. <; 011. 36=>?@/A 011.
,-./ B>1. 234 B>1. 567 B>1. 89:; B>1. <; B>1. 36=>?@/A B>1.
G
b
p
s

o
r

M
P
P
S

Pkt Size (Bytes)
81
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
RP2/ESP40 Feature Impact Performance
! Individual features have small impact with small packet sizes
! Individual features have miniscule impact at large packet sizes (above 516B)
! QFP has excellent behavior even with combined features for larger packet sizes!
!
#
$!
$#
%!
%#
&!
&#
'!
'#
#!
() $&% %)! #$) $!%* $#$*
!"#$ &'()*+' "'+,-+.(/0' !.1(0) 2"3456"$7
+,-. /00- 123 /00- 456 /00- 789: /00- ;: /00- 25<=>?.@ /00-
+,-. A=0- 123 A=0- 456 A=0- 789: A=0- ;: A=0- 25<=>?.@ A=0-
G
b
p
s

o
r

M
P
P
S

Pkt Size (Bytes)
82
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Latency Performance Example
! For details on the Test setup and feature configuration, see
RFC 2544 Latency Testing on Cisco ASR 1000 Series
0
500
1000
1500
2000
2500
3000
3500
90 91 92 93 94 95 96 97 98 99 100
L
a
t
e
n
c
y

i
n

u
s

(
m
i
c
r
o
s
e
c
o
n
d
s
)

Percentage Load
Latency (us - Min)
Latency (us - Avg)
Latency (us - Max)
Avg 50-55us
Min 25us
Max 1.1-1.4ms
83
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000
RP1 (2GB)

ASR1000
RP1 (4GB)
ASR1001
(4GB)
ASR1001
(8GB)

ASR1000
RP2 (8GB)
ASR1000
RP2 (16GB)
ipv4 routes
2M* 7M*
2M*
(450K)
9M*
(800K)
12M* 29M*
vpnv4
routes
2M 6M 2M 8M 10M 24M
ipv6 routes
1.5M* 5M*
2M*
(500K)
8M*
(1M)
9M* 24M*
vpnv6
routes
2M 5M 1.5M 7.5M 9M 21M
BGP
sessions
4000 4000 TBD TBD 8000 8000
*Tested with BGP selective download feature for ipv4/ipv6 for dedicated RR application. This
feature prevents ipv4/ipv6 BGP routes to be installed in RIB and FIB. It reduces memory usage per
ipv4/ipv6 prefix and CPU utilization.
ASR 1001 Route Reflector Performance

For Your
Reference
84
ASR1000 Applications
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Next Gen Regional WAN

ASR1000 & ISRG2 Validated Designs


Redundant, scalable
Headend (ASR1K)
Standard
Branch
(2900)
High End
Branch
(3900)
Mobile
Branch
(800, 1900)
Serial,
Ethernet
DS3,
FE
3G/4G
Satellite
Ultra High-End
Branch
(ASR1000)
Internet
SP B
MPLS
OC3,
GE
Local
Campus
uaLa
CenLer
AS8 1000 uMvn
Pead Lnd
LnLerprlse
lnLerconnecL
AS81k
AS81k AS81k
lS8 C2
lS8 C2
lS8 C2
lS8 C2
LnLerprlse Ldge
SP A
MPLS
ASR1k as NAT64 Appliance providing access to v6 services for IPv4 clients
AS81k
Integrated Solutions
Full IOS Routing Services
Secure WAN: DMVPN, GETVPN
Firewall
Integrated UC CUBE
PfR Performance Routing
IPv6 Migration
Flexible Interconnect

With Performance/Scale:
ASR1002X: 36G forwarding with
up to 4G Crypto
ESP100: 100G forwarding with up
to 20G Crypto
Instant-on Services
86
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 in the Cloud
ASR 1000 as Cloud Edge router
Cloud Edge
FW / NAT
! ASR 1002X: up to 36 Gbps of forwarding +
4Gbps IPSec
! Up to 100 Gbps forwarding with ESP-100
! ASR 1000 as Cloud Firewall / NAT router /
appliance
! Features
! DMVPN / GETVPN secure cloud access
! VRF-awareness
! High-Availability
! NAT
! Firewall (incl. inter-chassis redundancy, IPv6)
! PfR Performance Routing
! AVC (DPI) application level traffic handling
87
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Cloud
Provider
HQ
Edge
ASR 1000 accessing the Cloud
Network and Traffic Aware Routing Features
Branch
Branch
Branch
Internet /
MPLS
VPN
ASR 1000 as WAN Edge /
Internet Edge / high-end
branch

Intelligent application re-
direction using AVC

Optimal cloud access using
PfR / NPS Network
Provisioning System
88
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 as Cloud Router with NPS


Network Proximity Service
Better Application Experience
Invoke applications closer to the
user
Use latency, delay, performance
to for SP Cloud selection
Based dynamic network
knowledge
Optimize and monetize existing
architecture - just add NPS
Optimize WAN utilization
compared to conventional
methods which are unaware of
topology
lnLerneL
Servlce rovlder
Core neLwork
LnLerprlse
uC3
ISk
MLS
vn
uC1
uC2
SP Cloud
SP Cloud
SP Cloud
ASR1K
ASR1K
ASR1K
ASR1K
ASk1k as C|oud kouter suppornng Network os|non|ng System (NS)
Servlce rovlder
uCs
89
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Network Positioning System (NPS) Overview
Target SP Cloud Resources Based on Network Proximity, Load and Other metrics

Partners
Enterprise w/ Private DC
rlvaLe
Cloud
uaLa
CenLer
Service Access
NGN with NPS Cloud Service Provider
Service Advertisement
Interface
(XML over XMPP)
Service Access
Interface
(XML over REST)
NPS SRE
Enabled PEs
http://www.lightreading.com/document.asp?doc_id=217014
Branch Office
PE3
PE2
PE1
PE2
Remote Worker
SP DC #1
SP DC #2
IT Service
Manager
(ITSM)
Service
Capability
Directory
0
0
0
1
1
3
2
2
3
4
uC Servlce capablllues are querled
by S8L and adverused Lo peer S8Ls
on each L. Lach L has a global
vlew of uC servlces and resources.
Cloud servlce user or uC 1enanL
requesLs uC resources Lhrough l1SM
l1SM sends requlremenLs Lo S8L on
lnsLance runnlng L1.
S8L evaluaLes requesL, based on
Capablllues, ollcy, roxlmlLy,
erformance
S8L responds Lo l1SM wlLh
recommended daLa cenLer - uC2 -
and recommended L rouLers Lo
provlde LransporL.
l1SM sends a message Lo uC edge
devlce Lo provlslon Lhe servlce
4
90
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
APIs provided to perform Client requests / service
advertisement
RESTful APIs on top of HTTPS
Routing update interaction configured on PE
NPS runs as a separate process on top of ASR
1000 Linux
NPS Routing Proximity
Network Aware Routing

S
A
B
C
Network
Proximity
Service
Resolution API
Service Resolution
Engine (SRE)
Capability
Directory
NGN
Performance
Routing
Updates
Perf.
Data
Service
Advert.
Who is Closer to S
among (A, B, C}?
Ranked List {C,A,B}
91
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Performance Aware WAN
PfR Performance Routing
Example Scenario
Branches connected to more than one WAN,
e.g. MPLS VPN and Internet via DSL
Enterprise Edge connecting to multiple
providers/links

How it works
1. " " Master Controller sends a message to the BRs
to collect statistics and send them to the MC
2. MC sorts information from all the BRs based on the
policy (e.g. policy to reduce latency), and picks the
worst performers
3. " " Once MC has decided that a route may need
to be enforced to improve the worst performer, it will
tell that BR to repeatedly send stats, and then will
insert the route to the BR whilst monitoring the stats
this cycle is continuous to optimize the
performance!
WAN 2
WAN 1
In[ect route: dst
network I, new
next hop |s k
New de|ay: d1
new LhroughpuL: L1
lS8
lS8
AS8/lS8
AS81000
PfR Border Routers
Learn: uelay, 1hroughpuL
Src/usL neLwork 1:
uelay 1 1hroughpuL 1
Src/usL neLwork n:
uelay x 1hroughpuL ?
.
PfR Master Controller
88=l8 8order 8ouLer
92
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 Application Visibility and Performance
Quality of Experience for Cloud-based Applications
Features
Application-based QoS Policy
1000+ apps recognized
3-Level HQoS w/ Priority
Performance monitoring and
application profiling
Cisco Insight Reporting

Benefits
Prioritize Business Critical
Traffic
No new Hardware
Combine with IOS
Performance Agent on ISR
for application SLA
n
ISk
lnLerneL
MLS
vn
ASR1K
ASR1K
8esL LorL
8esL LorL
Av
lCS
A
93
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
2547oDMVPN
IPSec VPN Applications
IP Service
MPLS
Campus/
MAN
E-P
E-PE
E-PE E-PE
Remote
Branches
RR RR
GRE
Tunnels
mGRE
Campus-PE
Hub as P or
PE
VRF-lite over DMVPN
IP
Service
MPLS
Campus
or MAN
E-PE
Multi-
VRF CE
Remote
Branches
RR
NHRP
Server
Multi-VRF
CE
mGRE
per VRF
Branch LAN
! GETVPN
! VRF-lite, Group Key Mgmt, Compliance-mode
Cipher&Hash selection, Key Server
! DMVPN
! 2547oDMVPN, VRF-aware DMVPN (iVRF), BGP, EIGRP,
per tunnel QoS
! EasyVPN
! Dynamic Crypto Map
! Site-to-Site and Flex VPN
! IKEv2
! SVTI (IPv4 & IPV6), dVTI, crypto-maps
! GRE+IPSec
! VRF-aware IPSec
94
ASR1000 For Data Center Interconnect

2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 DCI Solutions
Supported Layer 2 Extension Protocols
LoMLS
vLS
L21v3
I
C1v
96
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 OTV Use Case
! Hardware lifecycle may be up to 5-7 years for
depreciation
! Not always practical to upgrade to all DCs
! Deploy Nexus 7000 in new DC and leverage
existing Catalyst 6000 in other DCs.
! ASR1000 front-ends the Catalysts to provide
OTV functionality at that DC
! Cat6000 running VPLS connects to ASR1000 via
L2 internal link and uses ASR1K as OTV/DCI
gateway to get to Nexus 7000.
! VPLS and OTV domains are connected.
! Can be deployed at a single site or multiple if
desired
N7k OTV
L1/L2/L3
Service
Cat 6k
VPLSoGRE
Simple L2
(Internal to the
site)
ASR1k
OTV
Cat 6k
VPLSoGRE
Legacy Migration
97
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Site 2
Local
Datacenter
ASR1000
ASR1000
ASR1000
Hosts Hosts
N7000 N7000
Hosts
Main or HQ
Datacenter
ASR1000
ASR1000 OTV Use Case
! Building a new small data center
(branch site) using ASR 1000
! Nexus 7000 will be used in the main site
! Data Center size definition = throughput
needed
! ASR1000 brings up to 10 Gbps throughput
with OTV enabled IMIX traffic, and 20
Gbps with 1400 byte packet
! IP/MPLS Core network has to support
multicast
! Unicast Core support is on the roadmap
Site 1
Disaster
Recovery
New Small Data Center/Disaster Recovery
98
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 Secure Datacenter Interconnect
! Customers requiring DCI encryption can deploy ASR1000 at the edge of the
DC
! ASR1000 provides OTV transport as well as encryption via IPSec or GETVPN
! Single box solution without added complexity
! Deployment options:
ASR1000 at each Datacenter for OTV over IPSec or GETVPN
ASR1000 OTV over IPSec or GETVPN peered with Nexus 7000 (IPSec will be
terminated in security appliance front-ending Nexus 7000)
OTV with Encryption (IPSEC/GETVPN)
99
Summary

2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Summary and Key Takeaways
! ASR 1000 is Ciscos strategic next-generation Midrange router leveraging ground-breaking
hardware capabilities of QFP
Horsepower of 40 Cisco 7200 on a single chip; State-of-the-art QoS in hardware
Rich IOS feature set protecting your investment in training and experience
! ASR 1000 is positioned for both Service Provider and Enterprise Architectures
SP: Broadband Network Gateway, PE, Manage CPE,
Enterprise: WAN aggregation / optimization, Unified Communications
! ASR 1000 enables reduction in network edge complexity by
Enabling single-platform consolidated PoP / Edge architectures
Integrating advanced services without additional hardware blades
(SBC, NBAR, IPSec, Firewall, BNG, PE etc)
Reduction in power consumption through integration of feature
! ASR1000 is designed with High-Availability in mind
Fully redundant forwarding and control processors; backplane
Fault tolerant SW architecture with process restart-ability and protected memory architecture
101
2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Cisco ASR1013
BNG, MSE, ESE, DCI, IPSec Aggregation

103
! 13-rack unit height chassis
! Modular platform
! Embedded Services Processor ESP40
! Route Processor RP2
! SIP carrier card SIP10 and SIP40
! Designed for 40 to 360 Gbps throughput support
! ESP and RP Superslots; more power & cooling
! Up to 12 Gbps crypto throughput built-in with
ESP40
! 24 SPA slot for I/O connectivity
! High Availability with HW redundancy support
! One IOS-XE across entire ASR1000 Family
Designed for up
to 360 Gbps
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
One shot ISSU Procedure
! Simplifies multiple step process.
! Single CLI which will execute the multiple steps
! request platform software package install node file
<filename> sip-delay <1-172800>
! SIP-delay will allow delay for each SIP upgrade in the
sub-package mode
! Command is automatically adapted to consolidated
mode or sub-package mode running in the system
! In sub-package mode, CLI will execute the step-by-step
procedure documented in ASR1000 ISSU Procedures on
CISCO.COM
Consolidated
package
Sub-packages
ASR 1013 Support Support
ASR 1006 Support Support
ASR 1004 N/A Not Supported
ASR 1002 N/A Not Supported
ASR 1001 N/A Not Supported
104
Integrated Services Use Case
ASR 1000 as Virtualized WAN and IPSec
Aggregator
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
MPLS over Point-to-Point GRE
IPv4
Cloud
MPLS
Campus/
MAN
E-P
E-PE
E-PE E-PE
Remote
Branches
RR RR
GRE tunnel
carries service
label (VC or VPN)
Enterprise
GRE
Tunnels
802.1q trunk
Physical cable
Branch LAN
IP/MPLS/LDP
over GRE Tunnel
No
MPLS
! Tunnels carries
! LDP, IGP and MP-BGP
! Tunnel configuration is manual
(no signaling)
! Event detection includes GRE
keepalive, BFD, IGP hellos over
the tunnel
106
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
VRF-Lite over DMVPN
IP
Service
MPLS
Campus
or MAN
E-PE
Multi-VRF
CE
Remote
Branches
RR
NHRP
Server
Multi-VRF
CE
mGRE
per VRF
Branch LAN
! Requires DMVPN domain per
VRF (i.e. a cloud/VRF)
! mGRE per VRF on each HUB
and Spoke
! Spoke-to-spoke signaling within
each VRF the same as with
normal DMVPN
! Tunnel address origination can
exist in VRF or global table
! Scale limitation same as with
non-VRF DMVPN
! Ideal deployment?
! There is already an existing
DMVPN network
! Number of VRFs are minimal (< ~8)
107
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
RFC 2547 over DMVPN
IP
Service
MPLS
Campus/
MAN
E-P
E-PE
E-PE E-PE
Remote
Branches
RR RR
Enterprise
GRE
Tunnels
mGRE
Campus-PE
Two Modes at HUB:
! Hub as P
Used when extending to larger
MPLS network in Campus/MAN
! Hub as PE
Common when Hub terminates
Campus VRFs
This Topic Is Covered in Detail in the
DMVPN Session BRKSEC-4012
! Allows bulk IPSec encryption
for MPLS L3 VPN traffic
! Leverages DMVPN control
plane (NHRP)
! Spoke-to-spoke requirements
use Hub as P router
function
! No IGP over the tunnels
needed
(MP-iBGP only)
! Common Deployments:
! Large amount of VRFs is required
! Extends into large MPLS network in
campus/MAN
108
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
RFC 2547 over Tunneless GRE
IP
Service
MPLS
Campus
/MAN
c-P
c-PE
c-PE c-PE
Remote
Branches
RR RR
Enterprise
GRE
Tunnels
Branch LAN
802.1q trunk
Physical cable
MPLS-VPN label
over GRE encapsulation
mGRE
Campus-PE
! Allows 2547 over GRE without
manual GRE tunnel
configuration
! Leverages multipoint GRE
(mGRE) and the tunnel is not
connection oriented
! mGRE is a multipoint
unidirectional GRE tunnel
! BGP signaling is key to
exchanging next-hop over
GRE
! Support for multicast is MVPN
! Target deployments are large
networks that require any to
any L3 VPN connectivity
109
Integrated Services Use Case 1
ASR 1000 for WAN Aggregation /
Managed CPE w/ HQOS
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Internet / IP VPN
neadend shou|d not overow th|s
||m|ted bandw|dth AND share
between departments AND r|or|nze
Vo|ce and]or C|oud App||canon
tramc.
CIFS Exchg
Branch #
1 / Dept # 1
WAAS ERP / CRM
Branch # 1 / Dept # 2 or Site # 1 /
Customer # 1
QFP
8andw|dth
needs to be
shared here
outbound
between dept ]
customers.
neadend shou|d not overow th|s
||m|ted bandw|dth AND share
between departments AND
r|or|nze Vo|ce and]or C|oud
App||canon tramc.
CPE
CPE
L|m|ted or no
SLA
Optimized WAN Aggregation
ASR1K
lSec
AggregaLor
ASR1K
llrewall
111
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Gig0/0/0
Cueue Level
(ext. kLDkAM) 2
nd
- arenL
3
rd
- Aggr.
4
Lh
- lnL.
3
Lh
- Sl/LC
Best Effort
Hierarchy
V
L
A
N

/

T
u
n
n
e
l

$$ / CAC
Hierarchy
Best Effort
Hierarchy
V
L
A
N

/

T
u
n
n
e
l

$$ / CAC
Hierarchy


Ten0/1/0
SIP0s
ESI BW
10Gbps
ASR 1000 QFP-TM Queue Hierarchies
112
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Clsco.com: hup://www.clsco.com/en/uS/docs/los/qos/congurauon/gulde/
qos_pollcles_agg_ps9387_1Su_roducLs_Congurauon_Culde_ChapLer.hLml
L
I
N
K
E
D

policy-map Branch/Dept1 (VLAN100)
class class-default fragment ALL-P
bandwidth remaining ratio 24
service-policy ALL-CHILD

policy-map ALL-CHILD
class EF
priority
class AF4
bandwidth remaining ratio 25
class AF41
bandwidth remaining ratio 15
class class-default
bandwidth remaining ratio 50

This queue is shaped at
main interface
v
L
A
n
2
0
0

S
h
a
p
e
d

s
t
u
f
f

(
4
0
M
b
p
s


L
o
c
a
l

p
o
l
i
c
y
)
E
g
r
e
s
s

P
o
r
t
U
n
u
s
e
d

B
W

v
L
A
n
1
0
0

v
L
A
n
2
0
0

v
L
A
n
3
0
0

V
L
A
N

p
o
l
i
c
i
e
s

!

Policy-map main-interface (local)
Class data service-fragment ALL-P
shape average 40 Mbps
policy-map Branch/Dept2 (VLAN200)
class class-default fragment ALL-P
bandwidth remaining ratio 24
service-policy ALL-CHILD

policy-map ALL-CHILD
class EF
priority
class AF4
bandwidth remaining ratio 25
class AF41
bandwidth remaining ratio 15
class class-default
bandwidth remaining ratio 50

Policies Aggregation: Variant 1 No CAC
New IOS Feature (only on ASR1000 series)
That Allows You to Apply Policies Together
Flexibly
113
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Clsco.com: hup://www.clsco.com/en/uS/docs/los/qos/congurauon/gulde/qos_
pollcles_agg_ps9387_1Su_roducLs_Congurauon_Culde_ChapLer.hLml
Policy-map main-interface
Class data service-fragment ALL-P
shape average 400 Mbps
L
I
N
K
E
D

policy-map Department2 (VLAN200)
class EF
priority level 1
class AF4
priority level 2
class class-default fragment ALL-P
shape average 150 Mbps
bandwidth remaining ratio 2
service-policy AF1plusDefault

policy-map AF1plusDefault
class AF1
bandwidth percent 35
class class-default
bandwidth percent 65

policy-map Department1 (VLAN100)
class EF
priority level 1
class AF4
priority level 2
class class-default fragment ALL-P
shape average 150 Mbps
bandwidth remaining ratio 2
service-policy AF1plusDefault

policy-map AF1plusDefault
class AF1
bandwidth percent 35
class class-default
bandwidth percent 65
These queues are not
shaped at main
interface
These queues are not
shaped at main
interface
S
h
a
p
e
d

s
t
u
f
f

(
4
0
0
M
b
p
s
)

E
g
r
e
s
s

P
o
r
t
N
o
t

S
h
a
p
e
d

S
t
u
f
f
(
C
A
C

d
)

V
L
A
N
1
0
0

A
I
1

V
L
A
N
2
0
0

A
I
1
v
L
A
n
1
0
0

L
l
/
A
l
4

v
L
A
n
2
0
0

L
l
/
A
l
4

Policies Aggregation: Variant 2 w/CAC
114
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Policy-map main-interface
Class data service-fragment ALL-P
shape average 400 Mbps
policy-map Tunnel2
class EF
priority level 1
class AF4
priority level 2
class class-default fragment ALL-P
shape average 150 Mbps
bandwidth remaining ratio 2
service-policy AF1plusDefault

policy-map AF1plusDefault
class AF1
bandwidth percent 35
class class-default
bandwidth percent 65

policy-map Tunnel1
class EF
priority level 1
class AF4
priority level 2
class class-default fragment ALL-P
shape average 150 Mbps
bandwidth remaining ratio 2
service-policy AF1plusDefault

policy-map AF1plusDefault
class AF1
bandwidth percent 35
class class-default
bandwidth percent 65
These queues are not
shaped at main
interface
These queues are not
shaped at main
interface
L
I
N
K
E
D

S
h
a
p
e
d

s
t
u
f
f

(
4
0
0
M
b
p
s
)

E
g
r
e
s
s

P
o
r
t
N
o
t

S
h
a
p
e
d

S
t
u
f
f
(
C
A
C

d
)

1
U
N
1

A
I
1

1
U
N
2

A
I
1

1
u
n
1

L
l
/
A
l
4

1
u
n
2

L
l
/
A
l
4

Policies Aggregation: Variant 3 for GRE
113
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Hierarchical QoS with GRE Tunnel
Policy-map PARENT
class class-default
shape average 20000000
service-policy output CHILD
Policy-map CHILD
class EF
priority level 1
class AF4
priority level 2
class AF1
bandwidth remaining ratio 9
class class-default
bandwidth remaining ratio 1

interface tunnel 0
service-policy output PARENT

interface tunnel 1
service-policy output PARENT
1wo MCC Levels
Gig 0/1.1001
20 Mbps
VRF = GREEN
(GRE Tunnel 1)
Service
Level =
VRF GREEN
20 Mbps
VRF = RED
(GRE Tunnel 0)
Service
Level =
VRF RED
Voice
Video
Best
Effort
Scav
Voice
Video
Best
Effort
Scav
C8L 1unnels
116

You might also like