Professional Documents
Culture Documents
L
u
P
M
8
W
8
C
S
8
A
M
u
8
A
M
0
u
8
A
M
7
Sl/P1 Sl/P1
C
u
e
u
l
n
g
8
o
u
n
d
a
r
y
Cisco QFP Architecture
Pl erf. Memory
- 1CAM4: 200 M
searches/
second wlLh Cl
- u8AM: 1.6 bllllon
cache llne accesses
per second
8uerlng, Cueulng,
and Schedullng (8CS)
- PCl/MCC compauble
- 128k queues
- llexlble allocauon of
schedule resources
- 3+ levels of schedullng
hlerarchy
40 Ls
- 1enslllca (MlS-llke) lnsLrucuon seL archlLecLure
- uaLa cache (1k8 per Lhread, 168 cache llne)
- lour PW Lhreads per L
- Ls operaLe aL 1.2CPz speed
- LxLenslve PW AsslsLs: ACL, 18M-lookup, W8Lu, llow
Locks
ulsLrlbuLor Ass|gns Lach
ackeL Lo a L/ConLexL
- Cl ls noL dolng ow-based
load-balanclng among
processors
- ulsLrlbuuon ls Lo any ellglble
L/ConLexL
- Pardware locks for orderlng
and muLual excluslon
42
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Second Generation QFP Details
! 2
nd
Gen QFP integrates both the PPE engine and the Traffic manager
! 64 PPEs
! 116K queues per 2
nd
gen QFP ASIC (128K queues for previous QFP)
! But 2
nd
gen QFP can be latched together, so ESP 100 has total of 232K queues
! PPEs on 2
nd
gen QFP run the same Microcode as QFP
! Features executed in PPEs have same behavior
! Full Configuration consistency with QFP
! Same feature behavior (e.g. TCP, policing accuracy)
! In-service hardware upgrade & downgrade from ESP40 to ESP 100 supported
! Differences
! Minor behavioral show-command differences
! Deployment differences in deployments with large number of schedules
Used on ASR1002-X and ESP-100
43
IOS-XE Software Architecture
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Embedded Services
Processor
Route Processor
SPA Interface Processor
Contro| Messag|ng
kerne| kerne|
kerne|
I
C||ent]Dr|ver
Chass|s
Manager
Iorward|ng
Manager
SA
Dr|ver
SA
Dr|ver
SA
Dr|ver
SA
Dr|ver
ICS
(Standby)
Iorward|ng
Manager
Chass|s
Manager
ICS
(Acnve)
IOS XE Platform Adaptation Layer (PAL)
Chass|s
Manager
Software ArchitectureIOS XE
! IOS XE = IOS + IOS XE Middleware + Platform
Software
! Operational Consistencysame look and feel as
IOS Router
! IOS runs as its own Linux process for control
plane (Routing, SNMP, CLI etc.) Capable of 64-bit
operation
! Linux kernel with multiple processes running in
protected memory for
! Fault containment
! Re-startability
! ISSU of individual SW packages
! ASR 1000 HA Innovations
! Zero-packet-loss RP Failover
! <50ms ESP Failover
! Software Redundancy
43
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 Software Architecture
LS ILC
Interconn.
Crypto ass|st
k
CU
Chass|s Mgr.
Iorward|ng Mgr.
Chass|s Mgr.
Iorward|ng Mgr.
I
C||ent ]
Dr|ver
Interconn.
Interconn.
SI
SA SA
ICC
SA Agg.
Interconn.
kerne| (|nc|. un||nes)
Chass|s Mgr.
SA
dr|ver
SA
dr|ver
SA
dr|ver
SA
dr|ver
ICS
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
I subsys-tem
I code
- kuns Contro| |ane
- Generates conhguranons
- opu|ates and ma|nta|ns rounng tab|es (kI8, II8.)
- rov|des abstracnon |ayer between hardware and ICS
- Manages LS redundancy
- Ma|nta|ns copy of II8 and |nterface ||st
- Commun|cates II8 status to acnve & standby LS
(or bu|k-down|oad state |nfo |n case of restart)
- Ma|nta|ns copy of II8s
- rograms I forward|ng p|ane and I DkAM
- Stansncs co||ecnon and commun|canon to k
- Commun|cates w|th Iorward|ng manager on k
- rov|des |nterface to I C||ent ] Dr|ver
- Imp|ements forward|ng p|ane
- rograms Ls w|th forward|ng |nformanon
- Dr|ver Sohware for SA |nterface cards. Loaded separate|y and
|ndependent|y
- Ia||ure or upgrade of dr|ver does not aect other SAs |n same
or d|erent SIs
- In|na||zanon and boot of k rocesses
- Detects CIk of other cards and coord|nates |n|na||zanon
- Manages system]card status, Lnv|ronmenta|s, ower ct|, LC8C
46
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
SI
SA SA
ICC
SA
Agg.
LS ILC
Interconn.
I subsys-tem
Crypto ass|st
k
CU
ICS
Chass|s Mgr.
Iorward|ng Mgr.
kerne| (|nc|. un||nes)
Chass|s Mgr.
Iorward|ng Mgr.
I
C||ent ]
Dr|ver
Interconn.
Chass|s Mgr.
SA
dr|ver
SA
dr|ver
SA
dr|ver
SA
dr|ver
Interconn.
I
code
ICS
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
Forwarding
Control
messages
OIR / Chassis
messages
ESI, 11.2Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
Interconn.
Control Plane Process Communication
GE, 1Gbps
I
2
C
SPA Control
SPA Bus
IPC Messages
47
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Feature Invocation Array in QFP code
Feature Processing Follows a Pre-defined Execution Sequence
L2/L3
Classify
IPv4 Validation
SSLVPN
ERSPAN
MLP
IP Hdr. Compress.
VASI
LI
LISP
FPM
ACL
BGP Policy Acct.
ISG
QPPB
IPSec
uRPF
NAT
PBR
SBC
WCCP
ISG
Marking
Policing
Accounting
TCP MSS Adjust
Netflow
LI
BDI
IP Tunnels
NAT
APS
WCCP
Classify
SSLVPN
Firewall
IPSec
ACL
GEC
FPM
MLP
IPHC
Queuing
Forwarding
IP Unicast
Loadbalancing
IP Multicast
MPLS Imposit.
MPLS Dispos.
MPLS Switch.
FRR
AToM Dispos.
MPLSoGRE
IPv6 IPv4 MPLS XConnect L2 Switch
For Your
Reference
48
IOS XE Releases and Packaging for ASR
1000
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
SI
SA SA
ICC
SA
Agg.
Interconn.
I ILC
Interconn.
C subsys-tem
Crypto ass|st
k
CU
Chass|s Mgr.
Iorward|ng Mgr.
Interface Mgr.
kerne| (|nc|. un||nes)
Chass|s Mgr.
Iorward|ng Mgr.
C C||ent ]
Dr|ver
Interconn.
Interface Mgr.
Chass|s Mgr.
SA
dr|ver
SA
dr|ver
SA
dr|ver
SA
dr|ver
Interconn.
C
code
ICS
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
Software Sub-packages
1. RPBase: RP OS
Why?: Upgrading of the OS will require reload to the RP
and expect minimal changes
2. RPIOS: IOS
Why?: Facilitates Software Redundancy feature
3. RPAccess (K9 & non-K9): Software required for Router
access; 2 versions available. One that contains open SSH
& SSL and one without
Why?: To facilitate software packaging for export-
restricted countries
4. RPControl : Control Plane processes that interface
between IOS and the rest of the platform
Why?: IOS XE Middleware
5. ESPBase: ESP OS + Control processes + QFP client/
driver/ucode:
Why?: Any software upgrade of the ESP requires reload of
the ESP
6. SIPBase: SIP OS + Control processes
Why?: OS upgrade requires reload of the SIP
7. SIPSPA: SPA drivers and FPD (SPA FPGA image)
Why?: Facilitates SPA driver upgrade of specific SPA slots
SSL/SSP
1
2
3 4
S
6
7
30
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Cisco IOS XE Images
For Enterprise and Managed Services
Cisco ASR1000 Series RP1
Advanced Enterprise
Services w/o Crypto
(SASR1R1-AES)
Broadband
L2 & L3 VPN
MPLS
IPv6
ATOM, VPLS
PfR
Multicast
SBC
Legacy IPX, Appletalk,
DecNet, etc
BGP, EIGRP, ISIS, OSPF, RIP
ACL
HSRP/VRRP
NAT
HA: BFD, ISSU
Netflow
QoS, WCCPv2
IPv6
Cisco ASR1000 Series
IP Base
(SASR1R1-IPBK9)
BGP, EIGRP, ISIS, OSPF, RIP
ACL
HSRP/VRRP
HA: BFD, ISSU
NAT
Netflow
QoS, WCCPv2
IPv6
SSL, SSH
Cisco ASR1000 Series IP
Base w/o Crypto
(SASR1R1-IPB)
BGP, EIGRP, ISIS, OSPF, RIP
ACL
HSRP/VRRP
HA: BFD, ISSU
NAT
Netflow
QoS, WCCPv2
IPv6
Cisco ASR1000 Series RP1
Advanced Enterprise
Services
(SASR1R1-AESK9)
SSL, SSH
Broadband
L2 & L3 VPN
MPLS
IPv6
ATOM, VPLS
PfR
Security, LI
Multicast
SBC
Legacy IPX, Appletalk,
DecNet, etc
BGP, EIGRP, ISIS, OSPF, RIP
ACL
HSRP/VRRP
NAT
HA: BFD, ISSU
Netflow
QoS, WCCPv2
IPv6
SW Redundancy
SBC
IPSec
Firewall
Flexible Packet Inspection
Cisco ASR 1000 Series
Feature Licenses
Cpnona| Ieatures
Legacy Protocols
not part of Service
Provider Images
31
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 IOS XE Release Process Today
Current Software Lifecycle (Pre IOS XE 3.7)
Frequency of Extended
Maintenance Branches
Frequency of
Releases
Length of Standard
Maintenance Branch
Standard
maintenance rebuild
Interval (months)
Length of Extended Maintenance
Branch
Extended Maintenance
Rebuild Interval (months)
Every 4 (16 months) 4 months 5 months 2-3 24 months 2-3-4-4
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
Legend
Initial CCO
Standard
throttle rebuild
Extended
throttle rebuild
Platform
Optional
PSIRT
PSIRT
IOS 15.3(1)S
IOS XE 3.8 S
IOS 15.3(4)S
IOS XE 3.11S
IOS 15.2(4)S
IOS XE 3.7S
IOS 15.3(2)S
IOS XE 3.9 S
IOS 15.3(3)S
IOS XE 3.10S
PSIRT S1 S2 S3 S4
S1 S2
S1 S2
S1 S2
PSIRT S1 S2 S3 S4
For Your
Reference
MonLh #
32
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 IOS XE Release Process New Plan
Planned New Software Lifecycle (Starting IOS XE 3.7)
Frequency of Extended
Maintenance Branches
Frequency of
Releases
Length of Standard
Maintenance Branch
Standard
maintenance rebuild
Interval (months)
Length of Extended Maintenance
Branch
Extended Maintenance
Rebuild Interval (months)
Every 12 months 4 months 6 months 3 48 months 3-3-3-3-6-6-6
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
Legend
Initial CCO
Standard
throttle rebuild
Extended
throttle rebuild
Platform
Optional
PSIRT
IOS 15.3(1)S
IOS XE 3.8 S
IOS 15.2(4)S
IOS XE 3.7S
IOS 15.3(2)S
IOS XE 3.9 S
IOS 15.3(3)S
IOS XE 3.10S
PSIRT S1 S2
PSIRT S1 S2 S3 S4 S5 S6 S7
PSIRT S1 S2
PSIRT
S1 S2 S3 S4 S5 S6 S7
MonLh #
33
ASR1000 QoS
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 Forwarding Path
QoS View
1. SPA classification
2. Ingress SIP packet buffering
3. Port rate limiting & weighting
for forwarding to ESP
4. Advanced classification
5. Ingress MQC based QoS
6. Egress MQC based QoS
7. Hierarchical packet scheduling
& queuing
8. Egress SIP packet buffering
SPA-SPI, 11.2Gbps each direct
Hypertransport, 8Gbps each direction
ESI, 40Gbps each direction
Midplane
SPA
Ingress classifier,
scheduler & buffers
Interconnect
SPA SPA
Packet buffers
Interconnect
SPA
ESP (backup)
Cisco
QFP
TCAM Buffers
Interconnect
ESP (active)
Cisco
QFP
TCAM Buffers
Interconnect
RP (active)
IOS Process
Interconnect
RP (backup)
IOS Process
Interconnect
3
4
2
1
5 6
7
8
33
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 SIP Ingress Path
QoS View
! Ingress packet priority
classification
! Classification based on 802.1p,
IPv4 TOS, IPv6 TC, MPLS EXP
! Configurable per port or VLAN
! Ingress SIP buffering
! 128 Mbyte input buffer
! 2 queues, high and low priority
! Ingress SIP scheduler
! Defaults to weighted fair
amongst ingress ports
! Excess bandwidth is shared
! Excess weight per port is
configurable
SPAs
4 SPAs
Ingress Buffers
Ingress H/L pkt
classifier
Ingress
scheduler
Egress Buffers
Egress buffer
status reporting
Interconnect
FP1 FP0
1
2
3
36
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
SIP Egress QoS Path
! 2 Mbyte of egress buffering per SIP
card
! No need for additional SIP based
classification or queuing.
! Heavy lifting already done by QFP
engine.
! Egress SIP has high and low priority
buffers in case there is backpressure
from a SPA
SPAs
4 SPAs
Ingress Buffers
Ingress H/L
pkt classifier
Ingress
scheduler
Egress Buffers
Interconnect
FP1 FP0
Egress buffer
status
reporting
8
37
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 ESP QoS
! The following QoS functions are handled by PPEs:
! Classification
! Marking
! Policing
! WRED
! After all the above QoS functions (along with other packet forwarding features
such as NAT, Netflow, etc.) are handled the packet is put in packet buffer
memory handed off to the Cisco QFP Traffic Manager
QFP Processing
38
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 QoS
! Cisco QFP Traffic Manager implements a 3 parameter scheduler which gives advanced
flexibility
! Minimum - bandwidth
! Excess - bandwidth remaining
! Maximum - shape
! Priority propagation (via minimum) ensures that high priority packets are forwarded first
without loss
! Packet memory is one large pool. Interfaces do not reserve a specific amount of packet
memory.
! Out of resources memory exhaustion conditions
! Non-priority user data dropped at 85% packet memory utilization
! Priority user data dropped at 97% packet memory utilization
! Selected IOS control plane packets and internal control packets only dropped at 100% memory
utilization
The QFP Traffic Manager (BQS) performs all packet scheduling decisions.
39
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 QoS
! show plat hard qfp active stat drop all | inc BqsOor
! This gives a counter which shows if any packets have been dropped because of packet
buffer memory exhaustion.
! show plat hard qfp active infra bqs status
! Gives metrics on how many active queues and schedules are in use. Also gives
statistics on QFP QoS hierarchies that are under transition.
! show plat hard qfp active bqs 0 packet-buffer util
! Gives metrics on current utilization of packet buffer memory
Traffic Manager Statistics
For Your
Reference
60
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 QoS
! Multilayer hierarchies (5 layers in total)
! SIP, interface, 3 layers of queuing MQC QoS
! Two levels of priority traffic (1 and 2)
! Strict and conditional priority rate limiting
! 3 parameter scheduler (min, max, & excess)
! Priority propagation for no loss priority
forwarding via minimum parameter
! Shaping average and peak options, burst
parameters are accepted but not used
! Backpressure mechanism between hardware
components to deal with external flow control
Queuing Highlights
Interface/Port
schedule
Level 1 VLAN
schedule
Level 2 Class
schedules
Level3 Class
queues/schedule
SIP schedule
61
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 QoS
! Classification
! IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, ACL, packet-
length, ATM CLP, COS, inner/outer COS (QinQ), vlan, input-interface, qos-group,
discard-class
! QFP is assisted in hardware by TCAM
! Marking
! IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, discard-class,
qos-group, ATM CLP, COS, inner/outer COS
! Enhanced match and marker stats may be enabled with a global configuration
option
! platform qos marker-statistics
! platform qos match-statistics per-filter
Classification and Marking
62
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 QoS
! Policing
! 1R2C 1 rate 2 color
! 1R3C 1 rate 3 color
! 2R2C 2 rate 2 color
! 2R3C 2 rate 3 color
! color blind and aware in XE 3.2 and
higher software
supports RFC 2697 and RFC 2698
! explicit rate and percent based
configuration
! dedicated policer block in QFP
hardware
! WRED
! precedence (implicit MPLS EXP),
dscp, and discard-class based
! ECN marking
! byte, packet, and time based CLI
! packet based configurations limited
to exponential constant values 1
through 6
! dedicated WRED block in QFP
hardware
Policing and Congestion Avoidance
63
IPSec on ASR1000
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
IPSec on ASR1000
Nitrox II Capabilities:
! 8-core crypto coprocessor on ESP10G
! 18-core crypto coprocessor on ESP20G, ESP40G
! Supports up to 500 IKE sessions setups per second
! Supports up to 2
22
IPSec SA with full IPSec packet processing
! QFP has 10Gbps interface to the Nitrox for IPSec packet processing
! Each Nitrox core provides around 0.475-0.5 Gbps of encryption throughput
! Max. MTU size supported is 10KB on Nitrox II
ASR1000 IPSec HA:
! In-Box High Availability (HA) 6 RU configuration:
ESP to ESP - stateful
RP to RP stateless
Cavium Nitrox II and IPSec Capabilities
63
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ESP-100 and ASR1002-X NextGen Encryption
! ESP-100
! 24 core processor
! 800MHz clock frequency
! 2GB DDR3 SDRAM
! Up to 20Gbps (512B packets)
! ASR-1002X
! 6 core processor
! 1.1 GHz clock frequency
! Up to 4Gbps (512B packets)
Cavium Octeon II Details
66
! Crypto support:
! AES, SHA-1, ARC4, DES, 3-DES
! IKEv1 or IKEv2
! Next Gen Suite B crypto support
! Encryption: AES-128-GCM
! Authentication: HMAC-SHA-256
! Hashing: SHA-256
! Protocol: IKEv2
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
FECP
Card
Infrastructure
8oot I|ash
Memory
Interconn.
Chassis
Mgmt Bus
kt 8uer
DkAM
kesource
DkAM
Crypto
RPs RPs
RPs ESP SIPs
1CAM4
Memory
Processor pool
L0
L0
L0
L1
L0
L0
L0
L6
L0
L0
L0
L2
L0
L0
L0
LS
L0
L0
L0
L3
L0
L0
L0
L40
L0
L0
L0
L4
Buffer, queue, schedule (BQS)
QFP
Buffer, queue, schedule (BQS)
Buffer, queue, schedule (BQS)
Dispatcher/
Pkt Buffer
ESI, 10/40Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
GE, 1Gbps
I
2
C
SPA Control
SPA Bus
Anti-replay check
Encryption / decryption
(Diffie-Helman)
NAT Traversal
Traffic-based lifetime expiry
Outbound packet classification
Formatting of packets to Crypto chip
(internal header)
Receiving packets from crypto chip
Removal of internal crypto header
Re-assembly of fragmented IPSec
packets
IPSec SA class groups
Classes
Rules (ACE or IPSec SA)
ASR 1000 Forwarding Processor
IPSec Processing is done with Nitrox-II Crypto Assist
IPSec SA Database
IKE SA Database
Crypto-map
DH key pairs
IPSec SA Database IPSec Headers
67
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 IPSec Software Architecture
Function Partitioning
LS ILC
Interconn.
Crypto ass|st
k
CU
Chass|s Mgr.
Iorward|ng Mgr.
Chass|s Mgr.
Iorward|ng Mgr.
I
C||ent ]
Dr|ver
Interconn.
Interconn.
SI
SA SA
ICC
SA Agg.
Interconn.
kerne| (|nc|. un||nes)
Chass|s Mgr.
SA
dr|ver
SA
dr|ver
SA
dr|ver
SA
dr|ver
ICS
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
kerne| (|nc|. un||nes)
I subsys-tem
I code
- Creanon of ISec Secur|ty Assoc|anons (SA)
- IkL Contro| |ane (IkL negog|anon, exp|ry, tunne| setup)
- Commun|cates II8 status to acnve & standby LS (or bu|k-
down|oad state |nfo |n case of restart)
- Copy of ISec SAs
- Copy of IkL Sas
- Synchron|zanon of SA Databases w|th standby LS
- Commun|cates w|th Iorward|ng manager on k
- rov|des |nterface to I C||ent ] Dr|ver
- Lncrypnon ] Decrypnon of packets
- unnng of Lncrypted packets to the Crypto Ass|st
For Your
Reference
68
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 IPSec Performance
Throughput and Scalability
69
ASR1000-
ESP5
ASR1000-
ESP10
ASR1000-
ESP20
ASR1000
ESP40
Supported Chassis ASR1001 ASR 1002
ASR 1002,
1004, 1006
ASR 1004 &
1006
ASR1006 &
1013
Encryption Throughput
(Max/IMIX)
1.8/1 Gbps 1.8/1 Gbps 4/2.5 Gbps 7/6 Gbps 11/7 Gbps
VRFs (RP2/RP1) 4,000 1,000 4,000 / 1,000 4,000 / 1,000 4,000 / 1,000
Total Tunnels
(Site to Site IPSec) *
4,000 4,000 4,000 8,000 8,000
Tunnel Setup Rate w/ RP2
(IPSec, per sec)
130 N/A 130 130 130
Tunnel Setup Rate w/ RP1
(IPSec, per sec)
NA 90 90 90 90
DMVPN / BGP Adjacencies
(RP2/RP1, 5 routes per peer)
3000 3000 3000 3000 3000
DMVPN / EIGRP
Adjacencies
(RP2/RP1, 5 routes per peer)
1,250 1,000 1,250 / 1,000 1,250 / 1,000 1,250 / 1,000
EasyVPN + dVTI 2,000 2,000 2,000 2,000 2,000
* Total tunnels are for IPSec and GRE+IPSec only
For Your
Reference
Packet Flows Data Plane
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
g
Interconn.
Ingress
c|ass|her
Ingress
Schedu|er
Lgress
8uer
Status
ESI, 11.2Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
4 SPAs
Ingress Buffers
(per port)
Egress Buffers
(per port)
ESPs
SPA Agg.
Data Packet Flow: From SPA Through SIP
1. SPA receives packet data from its network interfaces and
transfers the packet to the SIP
2. SPA Aggregation ASIC classifies the
packet into H/L priority
3. SIP writes packet data to external 128B memory (at 40Gbps
from 4 full-rate SPAs)
4. Ingress buffer memory is carved into 64 queues. The queues
are arranged by SPA-SPI channel and optionally H/L. Channels
on channelized SPAs share the same queue.
5. SPA ASIC selects among ingress queues for next pkt to send
to ESP over ESI. It prepares the packet for internal
transmission
6. The interconnect transmits packet data of selected packet over
ESI to active ESP at up to 11.5 Gbps
7. Active ESP can backpressure SIP via ESI ctl message to slow
pkt transfer over ESI if overloaded (provides separate
backpressure for Hi vs. Low priority pkt data)
SPA
aggregation
ASIC
Data
2011 Clsco and/or lLs amllaLes. All rlghLs reserved. Clsco ubllc 1LCC1-2401
71 71
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Data Packet Flow: Through ESP10
1. Packet arrives on QFP
2. Packet assigned to a PPE thread.
3. The PPE thread processes the packet in a feature chain
similar to 12.2S IOS (very basic view of a v4 use case):
! Input Features applied
NetFlow, MQC/NBAR Classify, FW, RPF, Mark/Police, NAT, WCCP etc.
! Forwarding Decision is made
Ipv4 FIB, Load Balance, MPLS, MPLSoGRE, Multicast etc.
! Output Features applied
NetFlow, FW, NAT, Crypto, MQC/NBAR Classify, Police/Mark etc.
! Finished
4. Packet released from on-chip memory
to Traffic Manager (Queued)
5. The Traffic Manager schedules which traffic to send to which
SIP interface (or RP or Crypto Chip) based on priority and what
is configured in MQC
6. SIP can independently backpressure ESP via ESI control
message to pace the packet transfer if overloaded
Interconnect
kt 8uer
DkAM
(128M8)
art Len]
8W SkAM
kesource
DkAM
(S12M8)
SIP-10
1CAM4
(10Mb|t)
Processor pool
L0
L0
L0
L1
L0
L0
L0
L6
L0
L0
L0
L2
L0
L0
L0
LS
L0
L0
L0
L3
L0
L0
L0
L40
L0
L0
L0
L4
Buffer, queue, schedule
(BQS)
Quantum Flow
Processor
Buffer, queue, schedule
(BQS)
Buffer, queue, schedule (BQS)
D|spatcher]
kt 8uer
Data
ESI, 11.2Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
ASR System BW
(Depends on ESP)
72
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
g
Interconn.
Ingress
c|ass|her
Ingress
Schedu|er
Lgress
8uer
Status
ESI, 46 Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
4 SPAs
Ingress Buffers
(per port)
Egress Buffers
(per port)
ESPs
SPA Agg.
SPA
Aggregation
ASIC
Data Packet Flow: Through SIP to SPA
1. Interconnect receives packet data over ESI from
the active ESP at up to 46 Gbps
2. SPA Aggregation ASIC receives the packet and
writes it to external egress buffer memory
3. Egress buffer memory is carved into 64 queues.
The queues are arranged by
egress SPA-SPI channel and optionally H/L.
Channels on channelized SPAs share
the same queue.
4. SPA Aggregation ASIC selects and transfers
packet data from eligible queues to SPA-SPI
channel (Hi queue are selected before Low)
5. SPA can backpressure transfer of packet data
burst independently for each SPA-SPI channel
using SPI FIFO status
6. SPA transmits packet data on network interface
Data
73
High Availability Overview
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASk 1006
High-Availability on the ASR 1000
! Redundant ESP / RP on ASR 1006 and ASR 1013
! Software Redundancy on ASR 1001, ASR 1002, ASR
1004
! Zero packet loss on RP Fail-over! Max 100ms loss for
ESP fail-over
! Intra-chassis Stateful Switchover (SSO) support for
! Configuration
! Protocols: FR, ML(PPP), HDLC, VLAN , IS-IS, BGP, CEF, SNMP, MPLS,
MPLS VPN, LDP, VRF-lite
! Stateful features: PPPoX, AAA, DHCP, IPSec, NAT, Firewall
! IOS XE also provides full support for Network Resiliency
! NSF/GR for BGP, OSPFv2/v3, IS-IS, EIGRP, LDP
! IP Event Dampening; BFD (BGP, IS-IS, OSPF)
! GLBP, HSRP, VRRP
! Support for ISSU
! Stateful inter-chassis redundancy available for NAT,
Firewall, SBC
ASR1000 Built for Carrier-grade HA
Acnve
Iorward|ng
rocessor
Acnve
koute
rocessor
Standby
koute
rocessor
Standby
Iorward|ng
rocessor
SA Carr|er Card
SA SA
SA SA
SA Carr|er Card
SA SA
SA SA
SA Carr|er Card
SA SA
SA SA
Zero
Packet
Loss
k fa||s
nW or SW
Standby
8ecomes
Acnve
73
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
! Provides hitless or
near hitless
switchover
! Reliable IPC
transport used for
synchronization
! HA operates in a
similar manner to
other protocols on the
ASR 1000
k
act
IM
k
I C||ent
k
sby
kI kI
IPC Message Qs
IDB State Update Msg IDB State Update Msg
IOS
act IOS
sby
I
P
C
I
P
C
CI CI
Interconnect
Used for
IPC and
Check-
pointing
Non-nA-Aware
App||canon
Non-nA-Aware
App||canon
Dr|ver]Med|a
Layer
Mcast
CLI
Conhg
Dr|ver]Med|a
Layer
Mcast
CLI
Conhg
MLD MLD
IPC Message Qs
ESP
sby
ESP
act
I C||ent
IM
k
FIB MFIB FIB MFIB
IM
LS
IM
LS
IDB RIB RT MRIB IDB RIB RT MRIB
FIB MFIB FIB MFIB
IDB
ASR 1006 High Availability Infrastructure
Infrastructure for Stateful Redundancy
SAs
76
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Embedded Services
Processor
Route Processor
SPA Interface Processor
Contro| Messag|ng
Kernel Kernel
kerne|
I
C||ent]Dr|ver
Chassis
Manager
Forwarding
Manager
SA
Dr|ver
SA
Dr|ver
SA
Dr|ver
SA
Dr|ver
ICS
(Standby)
Forwarding
Manager
Chassis
Manager
ICS
(Acnve)
IOS XE Platform Adaptation Layer (PAL)
Chassis
Manager
Software Redundancy IOS XE
! IOS runs as its own Linux process for control
plane (Routing, SNMP, CLI etc.)
! Linux kernel runs IOS process in protected
memory for:
! Fault containment
! Restart-ability of individual SW processes
! Software redundancy helps when there is a RP-
IOS failure/crash
! Active process will switchover to the standby,
while forwarding continues with zero packet loss
! Can be used for ISSU of RP-IOS package for
control-plane bug fixes and PSIRTs
! Other software crashes (example: SIP or ESP)
cannot benefit from Software redundancy
ASR1002 and ASR1004
IOS
Process
fail
Standby
Becomes
Active
77
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 ISSU Innovation
Ability to perform upgrade of the IOS image on
the single-engine systems
Support for software downgrade
In Service component upgrades (SIP-Base,
SIP-SPA, ESP-Base) without requiring reboot to
the system
Hitless upgrade of some software packages
Pre-provisioning Capability
RP Portability - installing & configuring hardware
that are physically not present in the chassis
This allows the user to configure an RP in one system i.e. a
4RU and then move it to another system i.e. a fully
populated 6RU
One-shot ISSU procedure available for H/W
redundant platforms
Software Release
From \ To
3.1.0 3.1.1 3.1.2 3.2.1 3.2.2
3.1.0 N/A SSO Tested SSO SSO via 3.1.2 SSO via 3.1.2
3.1.1 SSO Tested N/A SSO Tested SSO via 3.1.2 SSO via 3.1.2
3.1.2 SSO SSO Tested N/A SSO Tested SSO Tested
3.2.1 SSO via 3.1.2 SSO via 3.1.2 SSO Tested N/A SSO Tested
3.2.2 SSO via 3.1.2 SSO via 3.1.2 SSO Tested SSO Tested N/A
In-Service Software Upgrade
78
Performance Data
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Unidimensional Routing Performance
Uni-dimensional Scale
ASR
1001(ESP
2.5)
RP1/ESP5
RP1/
ESP10
RP2/
ESP20
RP2/
ESP40
VLAN/QinQ (per port/per SPA/per system) 4K/16K/16K 4K/32K/32K 4K/32K/32K 4K/32K/64K 4K/32K/64K
Ipv4 routes 1M 0.5M 1.7M 4M 4M
Ipv6 routes 1M 125K 500K 4M 4M
Number of Sessions 8K 12K 24K 32K 32K
Number of L2TP Tunnels 4K 6K 12K 16K 16K
Number of BGP neighbors 4K 4K 4K 8K 8K
Number of OSPF Neighbors 1K 1K 1K 2K 2K
Unique QOS policy maps / class maps per system 1K/4K 1K/4K 1K/4K 4K/4K 4K/4K
ACL/ACE 4K/32K 4K/25K 4K/50K 4K/119K 4K/119K
Number of Mcast Groups (IGMP or MLD) 1000 1000 1000 1000 1000
Number of IPv4/v6 mroutes 64K 64K 64K 64K 64K
Number of IPv4 mVRFs 300 300 300 600 600
Number of Firewall Sessions 250K 500K 1M 2M 2M
Number of NAT + Firewall Sessions 125K 125K 500K 1M 1M
Number of NetFlow Cache Entries 250K/500K 500K 1M 2M 2M
VRF 4K 1K 1K 4K 4K
Number of BFD Sessions 512 512 512 512 512
Number of SBC ipv4 signaling and media pinholes n.a. 22.5K 32K 32K 32K
Non-drop rate (with uRPF, security ACL, NetFlow
and QOS on VLAN subinterfaces)
3Mpps/
2.5Gbps
4Mpps/
5Gbps
9Mpps/
10Gbps
12Mpps/
20Gbps
12Mpps/
40Gbps
80
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
RP1/ESP5 Feature Impact Performance
! Individual features have small impact with small packet sizes (76B)
! Individual features have no impact at large packet sizes (above 260B)
! QFP has excellent behavior even with combined features for larger packet sizes!
!
#
$
%
&
'
(
)
*
+
#!
)( #%$ $(! '#( #!$* #'#*
!"#$ &'()*+' "'+,-+.(/0' !.1(0) 2"3456"37
,-./ 011. 234 011. 567 011. 89:; 011. <; 011. 36=>?@/A 011.
,-./ B>1. 234 B>1. 567 B>1. 89:; B>1. <; B>1. 36=>?@/A B>1.
G
b
p
s
o
r
M
P
P
S
Pkt Size (Bytes)
81
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
RP2/ESP40 Feature Impact Performance
! Individual features have small impact with small packet sizes
! Individual features have miniscule impact at large packet sizes (above 516B)
! QFP has excellent behavior even with combined features for larger packet sizes!
!
#
$!
$#
%!
%#
&!
&#
'!
'#
#!
() $&% %)! #$) $!%* $#$*
!"#$ &'()*+' "'+,-+.(/0' !.1(0) 2"3456"$7
+,-. /00- 123 /00- 456 /00- 789: /00- ;: /00- 25<=>?.@ /00-
+,-. A=0- 123 A=0- 456 A=0- 789: A=0- ;: A=0- 25<=>?.@ A=0-
G
b
p
s
o
r
M
P
P
S
Pkt Size (Bytes)
82
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Latency Performance Example
! For details on the Test setup and feature configuration, see
RFC 2544 Latency Testing on Cisco ASR 1000 Series
0
500
1000
1500
2000
2500
3000
3500
90 91 92 93 94 95 96 97 98 99 100
L
a
t
e
n
c
y
i
n
u
s
(
m
i
c
r
o
s
e
c
o
n
d
s
)
Percentage Load
Latency (us - Min)
Latency (us - Avg)
Latency (us - Max)
Avg 50-55us
Min 25us
Max 1.1-1.4ms
83
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000
RP1 (2GB)
ASR1000
RP1 (4GB)
ASR1001
(4GB)
ASR1001
(8GB)
ASR1000
RP2 (8GB)
ASR1000
RP2 (16GB)
ipv4 routes
2M* 7M*
2M*
(450K)
9M*
(800K)
12M* 29M*
vpnv4
routes
2M 6M 2M 8M 10M 24M
ipv6 routes
1.5M* 5M*
2M*
(500K)
8M*
(1M)
9M* 24M*
vpnv6
routes
2M 5M 1.5M 7.5M 9M 21M
BGP
sessions
4000 4000 TBD TBD 8000 8000
*Tested with BGP selective download feature for ipv4/ipv6 for dedicated RR application. This
feature prevents ipv4/ipv6 BGP routes to be installed in RIB and FIB. It reduces memory usage per
ipv4/ipv6 prefix and CPU utilization.
ASR 1001 Route Reflector Performance
For Your
Reference
84
ASR1000 Applications
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Next Gen Regional WAN
ASR1000 & ISRG2 Validated Designs
Redundant, scalable
Headend (ASR1K)
Standard
Branch
(2900)
High End
Branch
(3900)
Mobile
Branch
(800, 1900)
Serial,
Ethernet
DS3,
FE
3G/4G
Satellite
Ultra High-End
Branch
(ASR1000)
Internet
SP B
MPLS
OC3,
GE
Local
Campus
uaLa
CenLer
AS8 1000 uMvn
Pead Lnd
LnLerprlse
lnLerconnecL
AS81k
AS81k AS81k
lS8 C2
lS8 C2
lS8 C2
lS8 C2
LnLerprlse Ldge
SP A
MPLS
ASR1k as NAT64 Appliance providing access to v6 services for IPv4 clients
AS81k
Integrated Solutions
Full IOS Routing Services
Secure WAN: DMVPN, GETVPN
Firewall
Integrated UC CUBE
PfR Performance Routing
IPv6 Migration
Flexible Interconnect
With Performance/Scale:
ASR1002X: 36G forwarding with
up to 4G Crypto
ESP100: 100G forwarding with up
to 20G Crypto
Instant-on Services
86
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 in the Cloud
ASR 1000 as Cloud Edge router
Cloud Edge
FW / NAT
! ASR 1002X: up to 36 Gbps of forwarding +
4Gbps IPSec
! Up to 100 Gbps forwarding with ESP-100
! ASR 1000 as Cloud Firewall / NAT router /
appliance
! Features
! DMVPN / GETVPN secure cloud access
! VRF-awareness
! High-Availability
! NAT
! Firewall (incl. inter-chassis redundancy, IPv6)
! PfR Performance Routing
! AVC (DPI) application level traffic handling
87
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Cloud
Provider
HQ
Edge
ASR 1000 accessing the Cloud
Network and Traffic Aware Routing Features
Branch
Branch
Branch
Internet /
MPLS
VPN
ASR 1000 as WAN Edge /
Internet Edge / high-end
branch
Intelligent application re-
direction using AVC
Optimal cloud access using
PfR / NPS Network
Provisioning System
88
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR 1000 as Cloud Router with NPS
Network Proximity Service
Better Application Experience
Invoke applications closer to the
user
Use latency, delay, performance
to for SP Cloud selection
Based dynamic network
knowledge
Optimize and monetize existing
architecture - just add NPS
Optimize WAN utilization
compared to conventional
methods which are unaware of
topology
lnLerneL
Servlce rovlder
Core neLwork
LnLerprlse
uC3
ISk
MLS
vn
uC1
uC2
SP Cloud
SP Cloud
SP Cloud
ASR1K
ASR1K
ASR1K
ASR1K
ASk1k as C|oud kouter suppornng Network os|non|ng System (NS)
Servlce rovlder
uCs
89
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Network Positioning System (NPS) Overview
Target SP Cloud Resources Based on Network Proximity, Load and Other metrics
Partners
Enterprise w/ Private DC
rlvaLe
Cloud
uaLa
CenLer
Service Access
NGN with NPS Cloud Service Provider
Service Advertisement
Interface
(XML over XMPP)
Service Access
Interface
(XML over REST)
NPS SRE
Enabled PEs
http://www.lightreading.com/document.asp?doc_id=217014
Branch Office
PE3
PE2
PE1
PE2
Remote Worker
SP DC #1
SP DC #2
IT Service
Manager
(ITSM)
Service
Capability
Directory
0
0
0
1
1
3
2
2
3
4
uC Servlce capablllues are querled
by S8L and adverused Lo peer S8Ls
on each L. Lach L has a global
vlew of uC servlces and resources.
Cloud servlce user or uC 1enanL
requesLs uC resources Lhrough l1SM
l1SM sends requlremenLs Lo S8L on
lnsLance runnlng L1.
S8L evaluaLes requesL, based on
Capablllues, ollcy, roxlmlLy,
erformance
S8L responds Lo l1SM wlLh
recommended daLa cenLer - uC2 -
and recommended L rouLers Lo
provlde LransporL.
l1SM sends a message Lo uC edge
devlce Lo provlslon Lhe servlce
4
90
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
APIs provided to perform Client requests / service
advertisement
RESTful APIs on top of HTTPS
Routing update interaction configured on PE
NPS runs as a separate process on top of ASR
1000 Linux
NPS Routing Proximity
Network Aware Routing
S
A
B
C
Network
Proximity
Service
Resolution API
Service Resolution
Engine (SRE)
Capability
Directory
NGN
Performance
Routing
Updates
Perf.
Data
Service
Advert.
Who is Closer to S
among (A, B, C}?
Ranked List {C,A,B}
91
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Performance Aware WAN
PfR Performance Routing
Example Scenario
Branches connected to more than one WAN,
e.g. MPLS VPN and Internet via DSL
Enterprise Edge connecting to multiple
providers/links
How it works
1. " " Master Controller sends a message to the BRs
to collect statistics and send them to the MC
2. MC sorts information from all the BRs based on the
policy (e.g. policy to reduce latency), and picks the
worst performers
3. " " Once MC has decided that a route may need
to be enforced to improve the worst performer, it will
tell that BR to repeatedly send stats, and then will
insert the route to the BR whilst monitoring the stats
this cycle is continuous to optimize the
performance!
WAN 2
WAN 1
In[ect route: dst
network I, new
next hop |s k
New de|ay: d1
new LhroughpuL: L1
lS8
lS8
AS8/lS8
AS81000
PfR Border Routers
Learn: uelay, 1hroughpuL
Src/usL neLwork 1:
uelay 1 1hroughpuL 1
Src/usL neLwork n:
uelay x 1hroughpuL ?
.
PfR Master Controller
88=l8 8order 8ouLer
92
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 Application Visibility and Performance
Quality of Experience for Cloud-based Applications
Features
Application-based QoS Policy
1000+ apps recognized
3-Level HQoS w/ Priority
Performance monitoring and
application profiling
Cisco Insight Reporting
Benefits
Prioritize Business Critical
Traffic
No new Hardware
Combine with IOS
Performance Agent on ISR
for application SLA
n
ISk
lnLerneL
MLS
vn
ASR1K
ASR1K
8esL LorL
8esL LorL
Av
lCS
A
93
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
2547oDMVPN
IPSec VPN Applications
IP Service
MPLS
Campus/
MAN
E-P
E-PE
E-PE E-PE
Remote
Branches
RR RR
GRE
Tunnels
mGRE
Campus-PE
Hub as P or
PE
VRF-lite over DMVPN
IP
Service
MPLS
Campus
or MAN
E-PE
Multi-
VRF CE
Remote
Branches
RR
NHRP
Server
Multi-VRF
CE
mGRE
per VRF
Branch LAN
! GETVPN
! VRF-lite, Group Key Mgmt, Compliance-mode
Cipher&Hash selection, Key Server
! DMVPN
! 2547oDMVPN, VRF-aware DMVPN (iVRF), BGP, EIGRP,
per tunnel QoS
! EasyVPN
! Dynamic Crypto Map
! Site-to-Site and Flex VPN
! IKEv2
! SVTI (IPv4 & IPV6), dVTI, crypto-maps
! GRE+IPSec
! VRF-aware IPSec
94
ASR1000 For Data Center Interconnect
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 DCI Solutions
Supported Layer 2 Extension Protocols
LoMLS
vLS
L21v3
I
C1v
96
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 OTV Use Case
! Hardware lifecycle may be up to 5-7 years for
depreciation
! Not always practical to upgrade to all DCs
! Deploy Nexus 7000 in new DC and leverage
existing Catalyst 6000 in other DCs.
! ASR1000 front-ends the Catalysts to provide
OTV functionality at that DC
! Cat6000 running VPLS connects to ASR1000 via
L2 internal link and uses ASR1K as OTV/DCI
gateway to get to Nexus 7000.
! VPLS and OTV domains are connected.
! Can be deployed at a single site or multiple if
desired
N7k OTV
L1/L2/L3
Service
Cat 6k
VPLSoGRE
Simple L2
(Internal to the
site)
ASR1k
OTV
Cat 6k
VPLSoGRE
Legacy Migration
97
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Site 2
Local
Datacenter
ASR1000
ASR1000
ASR1000
Hosts Hosts
N7000 N7000
Hosts
Main or HQ
Datacenter
ASR1000
ASR1000 OTV Use Case
! Building a new small data center
(branch site) using ASR 1000
! Nexus 7000 will be used in the main site
! Data Center size definition = throughput
needed
! ASR1000 brings up to 10 Gbps throughput
with OTV enabled IMIX traffic, and 20
Gbps with 1400 byte packet
! IP/MPLS Core network has to support
multicast
! Unicast Core support is on the roadmap
Site 1
Disaster
Recovery
New Small Data Center/Disaster Recovery
98
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
ASR1000 Secure Datacenter Interconnect
! Customers requiring DCI encryption can deploy ASR1000 at the edge of the
DC
! ASR1000 provides OTV transport as well as encryption via IPSec or GETVPN
! Single box solution without added complexity
! Deployment options:
ASR1000 at each Datacenter for OTV over IPSec or GETVPN
ASR1000 OTV over IPSec or GETVPN peered with Nexus 7000 (IPSec will be
terminated in security appliance front-ending Nexus 7000)
OTV with Encryption (IPSEC/GETVPN)
99
Summary
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Summary and Key Takeaways
! ASR 1000 is Ciscos strategic next-generation Midrange router leveraging ground-breaking
hardware capabilities of QFP
Horsepower of 40 Cisco 7200 on a single chip; State-of-the-art QoS in hardware
Rich IOS feature set protecting your investment in training and experience
! ASR 1000 is positioned for both Service Provider and Enterprise Architectures
SP: Broadband Network Gateway, PE, Manage CPE,
Enterprise: WAN aggregation / optimization, Unified Communications
! ASR 1000 enables reduction in network edge complexity by
Enabling single-platform consolidated PoP / Edge architectures
Integrating advanced services without additional hardware blades
(SBC, NBAR, IPSec, Firewall, BNG, PE etc)
Reduction in power consumption through integration of feature
! ASR1000 is designed with High-Availability in mind
Fully redundant forwarding and control processors; backplane
Fault tolerant SW architecture with process restart-ability and protected memory architecture
101
2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Cisco ASR1013
BNG, MSE, ESE, DCI, IPSec Aggregation
103
! 13-rack unit height chassis
! Modular platform
! Embedded Services Processor ESP40
! Route Processor RP2
! SIP carrier card SIP10 and SIP40
! Designed for 40 to 360 Gbps throughput support
! ESP and RP Superslots; more power & cooling
! Up to 12 Gbps crypto throughput built-in with
ESP40
! 24 SPA slot for I/O connectivity
! High Availability with HW redundancy support
! One IOS-XE across entire ASR1000 Family
Designed for up
to 360 Gbps
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
One shot ISSU Procedure
! Simplifies multiple step process.
! Single CLI which will execute the multiple steps
! request platform software package install node file
<filename> sip-delay <1-172800>
! SIP-delay will allow delay for each SIP upgrade in the
sub-package mode
! Command is automatically adapted to consolidated
mode or sub-package mode running in the system
! In sub-package mode, CLI will execute the step-by-step
procedure documented in ASR1000 ISSU Procedures on
CISCO.COM
Consolidated
package
Sub-packages
ASR 1013 Support Support
ASR 1006 Support Support
ASR 1004 N/A Not Supported
ASR 1002 N/A Not Supported
ASR 1001 N/A Not Supported
104
Integrated Services Use Case
ASR 1000 as Virtualized WAN and IPSec
Aggregator
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
MPLS over Point-to-Point GRE
IPv4
Cloud
MPLS
Campus/
MAN
E-P
E-PE
E-PE E-PE
Remote
Branches
RR RR
GRE tunnel
carries service
label (VC or VPN)
Enterprise
GRE
Tunnels
802.1q trunk
Physical cable
Branch LAN
IP/MPLS/LDP
over GRE Tunnel
No
MPLS
! Tunnels carries
! LDP, IGP and MP-BGP
! Tunnel configuration is manual
(no signaling)
! Event detection includes GRE
keepalive, BFD, IGP hellos over
the tunnel
106
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
VRF-Lite over DMVPN
IP
Service
MPLS
Campus
or MAN
E-PE
Multi-VRF
CE
Remote
Branches
RR
NHRP
Server
Multi-VRF
CE
mGRE
per VRF
Branch LAN
! Requires DMVPN domain per
VRF (i.e. a cloud/VRF)
! mGRE per VRF on each HUB
and Spoke
! Spoke-to-spoke signaling within
each VRF the same as with
normal DMVPN
! Tunnel address origination can
exist in VRF or global table
! Scale limitation same as with
non-VRF DMVPN
! Ideal deployment?
! There is already an existing
DMVPN network
! Number of VRFs are minimal (< ~8)
107
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
RFC 2547 over DMVPN
IP
Service
MPLS
Campus/
MAN
E-P
E-PE
E-PE E-PE
Remote
Branches
RR RR
Enterprise
GRE
Tunnels
mGRE
Campus-PE
Two Modes at HUB:
! Hub as P
Used when extending to larger
MPLS network in Campus/MAN
! Hub as PE
Common when Hub terminates
Campus VRFs
This Topic Is Covered in Detail in the
DMVPN Session BRKSEC-4012
! Allows bulk IPSec encryption
for MPLS L3 VPN traffic
! Leverages DMVPN control
plane (NHRP)
! Spoke-to-spoke requirements
use Hub as P router
function
! No IGP over the tunnels
needed
(MP-iBGP only)
! Common Deployments:
! Large amount of VRFs is required
! Extends into large MPLS network in
campus/MAN
108
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
RFC 2547 over Tunneless GRE
IP
Service
MPLS
Campus
/MAN
c-P
c-PE
c-PE c-PE
Remote
Branches
RR RR
Enterprise
GRE
Tunnels
Branch LAN
802.1q trunk
Physical cable
MPLS-VPN label
over GRE encapsulation
mGRE
Campus-PE
! Allows 2547 over GRE without
manual GRE tunnel
configuration
! Leverages multipoint GRE
(mGRE) and the tunnel is not
connection oriented
! mGRE is a multipoint
unidirectional GRE tunnel
! BGP signaling is key to
exchanging next-hop over
GRE
! Support for multicast is MVPN
! Target deployments are large
networks that require any to
any L3 VPN connectivity
109
Integrated Services Use Case 1
ASR 1000 for WAN Aggregation /
Managed CPE w/ HQOS
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Internet / IP VPN
neadend shou|d not overow th|s
||m|ted bandw|dth AND share
between departments AND r|or|nze
Vo|ce and]or C|oud App||canon
tramc.
CIFS Exchg
Branch #
1 / Dept # 1
WAAS ERP / CRM
Branch # 1 / Dept # 2 or Site # 1 /
Customer # 1
QFP
8andw|dth
needs to be
shared here
outbound
between dept ]
customers.
neadend shou|d not overow th|s
||m|ted bandw|dth AND share
between departments AND
r|or|nze Vo|ce and]or C|oud
App||canon tramc.
CPE
CPE
L|m|ted or no
SLA
Optimized WAN Aggregation
ASR1K
lSec
AggregaLor
ASR1K
llrewall
111
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Gig0/0/0
Cueue Level
(ext. kLDkAM) 2
nd
- arenL
3
rd
- Aggr.
4
Lh
- lnL.
3
Lh
- Sl/LC
Best Effort
Hierarchy
V
L
A
N
/
T
u
n
n
e
l
$$ / CAC
Hierarchy
Best Effort
Hierarchy
V
L
A
N
/
T
u
n
n
e
l
$$ / CAC
Hierarchy
Ten0/1/0
SIP0s
ESI BW
10Gbps
ASR 1000 QFP-TM Queue Hierarchies
112
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Clsco.com: hup://www.clsco.com/en/uS/docs/los/qos/congurauon/gulde/
qos_pollcles_agg_ps9387_1Su_roducLs_Congurauon_Culde_ChapLer.hLml
L
I
N
K
E
D
policy-map Branch/Dept1 (VLAN100)
class class-default fragment ALL-P
bandwidth remaining ratio 24
service-policy ALL-CHILD
policy-map ALL-CHILD
class EF
priority
class AF4
bandwidth remaining ratio 25
class AF41
bandwidth remaining ratio 15
class class-default
bandwidth remaining ratio 50
This queue is shaped at
main interface
v
L
A
n
2
0
0
S
h
a
p
e
d
s
t
u
f
f
(
4
0
M
b
p
s
L
o
c
a
l
p
o
l
i
c
y
)
E
g
r
e
s
s
P
o
r
t
U
n
u
s
e
d
B
W
v
L
A
n
1
0
0
v
L
A
n
2
0
0
v
L
A
n
3
0
0
V
L
A
N
p
o
l
i
c
i
e
s
!
Policy-map main-interface (local)
Class data service-fragment ALL-P
shape average 40 Mbps
policy-map Branch/Dept2 (VLAN200)
class class-default fragment ALL-P
bandwidth remaining ratio 24
service-policy ALL-CHILD
policy-map ALL-CHILD
class EF
priority
class AF4
bandwidth remaining ratio 25
class AF41
bandwidth remaining ratio 15
class class-default
bandwidth remaining ratio 50
Policies Aggregation: Variant 1 No CAC
New IOS Feature (only on ASR1000 series)
That Allows You to Apply Policies Together
Flexibly
113
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Clsco.com: hup://www.clsco.com/en/uS/docs/los/qos/congurauon/gulde/qos_
pollcles_agg_ps9387_1Su_roducLs_Congurauon_Culde_ChapLer.hLml
Policy-map main-interface
Class data service-fragment ALL-P
shape average 400 Mbps
L
I
N
K
E
D
policy-map Department2 (VLAN200)
class EF
priority level 1
class AF4
priority level 2
class class-default fragment ALL-P
shape average 150 Mbps
bandwidth remaining ratio 2
service-policy AF1plusDefault
policy-map AF1plusDefault
class AF1
bandwidth percent 35
class class-default
bandwidth percent 65
policy-map Department1 (VLAN100)
class EF
priority level 1
class AF4
priority level 2
class class-default fragment ALL-P
shape average 150 Mbps
bandwidth remaining ratio 2
service-policy AF1plusDefault
policy-map AF1plusDefault
class AF1
bandwidth percent 35
class class-default
bandwidth percent 65
These queues are not
shaped at main
interface
These queues are not
shaped at main
interface
S
h
a
p
e
d
s
t
u
f
f
(
4
0
0
M
b
p
s
)
E
g
r
e
s
s
P
o
r
t
N
o
t
S
h
a
p
e
d
S
t
u
f
f
(
C
A
C
d
)
V
L
A
N
1
0
0
A
I
1
V
L
A
N
2
0
0
A
I
1
v
L
A
n
1
0
0
L
l
/
A
l
4
v
L
A
n
2
0
0
L
l
/
A
l
4
Policies Aggregation: Variant 2 w/CAC
114
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Policy-map main-interface
Class data service-fragment ALL-P
shape average 400 Mbps
policy-map Tunnel2
class EF
priority level 1
class AF4
priority level 2
class class-default fragment ALL-P
shape average 150 Mbps
bandwidth remaining ratio 2
service-policy AF1plusDefault
policy-map AF1plusDefault
class AF1
bandwidth percent 35
class class-default
bandwidth percent 65
policy-map Tunnel1
class EF
priority level 1
class AF4
priority level 2
class class-default fragment ALL-P
shape average 150 Mbps
bandwidth remaining ratio 2
service-policy AF1plusDefault
policy-map AF1plusDefault
class AF1
bandwidth percent 35
class class-default
bandwidth percent 65
These queues are not
shaped at main
interface
These queues are not
shaped at main
interface
L
I
N
K
E
D
S
h
a
p
e
d
s
t
u
f
f
(
4
0
0
M
b
p
s
)
E
g
r
e
s
s
P
o
r
t
N
o
t
S
h
a
p
e
d
S
t
u
f
f
(
C
A
C
d
)
1
U
N
1
A
I
1
1
U
N
2
A
I
1
1
u
n
1
L
l
/
A
l
4
1
u
n
2
L
l
/
A
l
4
Policies Aggregation: Variant 3 for GRE
113
2012 Cisco and/or its affiliates. All rights reserved. BRKARC-2001 Cisco Public
Hierarchical QoS with GRE Tunnel
Policy-map PARENT
class class-default
shape average 20000000
service-policy output CHILD
Policy-map CHILD
class EF
priority level 1
class AF4
priority level 2
class AF1
bandwidth remaining ratio 9
class class-default
bandwidth remaining ratio 1
interface tunnel 0
service-policy output PARENT
interface tunnel 1
service-policy output PARENT
1wo MCC Levels
Gig 0/1.1001
20 Mbps
VRF = GREEN
(GRE Tunnel 1)
Service
Level =
VRF GREEN
20 Mbps
VRF = RED
(GRE Tunnel 0)
Service
Level =
VRF RED
Voice
Video
Best
Effort
Scav
Voice
Video
Best
Effort
Scav
C8L 1unnels
116