© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Core Routing for Enterprise
Odd-Rune MoltuConsulting Systems EngineerCisco Systems [email protected]
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 2
Cisco Service-Oriented Network Architecture (SONA) Framework
InstantMessaging
UnifiedMessaging
MeetingPlace
IPCC IP Phone VideoDelivery
PLM CRM ERP
HCM Procurement SCM
CollaborationApplications
AN
ALY
TIC
S &
A
DA
PTIV
E PO
LIC
Y
Traditional Architecture / Service Oriented Architecture
Server
Network Virtualization Services
Storage ClientsNET
WO
RK
EDIN
FRA
STR
UC
TUR
ELA
YER
INTE
RA
CTI
VESE
RVI
CES
LAYE
RA
PPLI
CA
TIO
NLA
YER
CO
LLA
BO
RA
TIO
NLA
YER
Security ServicesMobility ServicesStorage Services
Voice & Collaboration Services
Compute ServicesIdentity Services
Infrastructure EnhancingServices
Infrastructure EnhancingServices
BusinessApplications
Application Delivery Application-Oriented Networking
Data CenterBranchCampus TeleworkerWAN/MANEnterprise
EdgePlaces in the Network
Infrastructure ManagementServ
ices
Man
agem
ent Advanced Analytics and Decision Support
Infrastructure Enhancing Services
Application Networking Services
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 3
Cisco Enterprise Routing Portfolio
Scale
3800 ISR
7200VXR7201
XR12K
2800 ISR
7600
Access/WAN-EdgeCore Routers
ASR 1000
73017304-NSE
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 4
Cisco: History of Innovation Getting Ahead of Market Trends
Then
1984
1986
1995
2001
2004
2005
Employees exceed 63,000Cisco founded by two people, developing the first mainstream IP router
More than 60 million routers shippedShips first router
Shipped in excess of 30,000 unitsCisco introduces 7200 series optimized WAN aggregation router
More than 50,000 shipped, $1B annual run rate
Cisco introduces 7600 series, establishing Carrier Ethernet
More than 1000 shipped in less than three years
CRS-1 introduced for core, declared overkill by some with predictions of no more than 50 ever needed
More than 2,000,000 shipped in first two years
Integrated services router introduced for CPE
Cisco Aggregation Services Router Series Introduced for Edge2008
Now
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 5
Introducing The First of New Edge Series:The Cisco Aggregation Services Router 1000
New Class of Price/
Performance
Smaller Carbon
Footprint
ASR 1000
Purpose Built to Meet Networking Challenges at the Edge
‘Instant On’ServiceDelivery
Most powerful compact routerOne ASR = 160 x 7200 routers
40G scale at 25% of CapEx and 42% of space than
market alternatives
Embedded Services
Permit faster, more cost
efficient speed-to-service
(video, TelePresence,
security..)
Power EfficientCompetitive multi-device
solution requires 47% more power, deployment flexibility for small POPs
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 6
ASR 1000Next-generation of Midrange router family
2RU/4RU/6RU chassis5 / 10 / 20 / 40 Gbps forwardingSupporting same feature set at different price performance points
ASR 1000 DifferentiatorsHighly available carrier-class designIntegrated services (SBC, FPM, Security..)State of the art QoSUnmatched midrange scalability & performanceFeature velocity
Feature richness provides deployment flexibilitySupport for Service Provider & Enterprise features BNG (BRAS, LAC, LNS)IPSec TerminationDistributed PE / MSEHigh-speed CPE…
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 7
2 RU2 RU
4 RU4 RU
6 RU6 RUASR 1000 Product Family
SPA Slots# of ESP Slots# of RP Slots# of SIP SlotsIOS RedundancyBuilt in GigEHeightBandwidthPerformanceAir FlowPower Supply (Watts)
3-slot1
Integrated (RP1)Integrated (SIP-10G)
S/W4
3.5” (2RU)5-10 Gbps4-8 Mpps
Front to Back470
8-slot112
S/Wn/a
7” (4RU)10-40+ Gbps8-16+ Mpps
Front to Back765
12-slot223
H/Wn/a
10.5” (6RU)10-40+ Gbps8-16+ Mpps
Front to Back1275
Aggregated Services & Scale
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 8
ASR 1000 – Product Positioning
3845
7200< 3G
>300G
5G
List Price
7600, GSR,CRS
7304-NSE
10G
Syst
em B
andw
idth
ASR 1000 with ESP-10G
ASR 1000 with ESP-20G
ASR 1000 2RU w/ ESP-5G
10KPRE-3
Price includes Chassis, engine
20G18G
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 9
ASR 1000Hardware & System
Architecture
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 10
ASR 1000 Building Blocks
RP (Route Processor)Handles control plane traffic Manages system
ESPHandles forwarding plane traffic
SPA Interface ProcessorHouses the SPAs
SPAsProvide interface connectivity
Centralized Forwarding Architecture
All traffic flows through the ESP
Route Processor (standby)
RP
Interconn.
Forwarding Processor
(active)
FECP
Interconn.
QFP subsys-
temCrypto assist
Forwarding Processor(standby)
FECP
Interconn.
QFP subsys-
temCrypto assist
SPASPA
IOCPSPA
Agg.
…
Interconn.
SPASPA
IOCPSPA
Agg.
…
Interconn.
SPASPA
IOCPSPA
Agg.
…
Interconn.
Midplane
Route Processor
(active)
RP
Interconn.
SPA-SPI, 11.2GbpsHypertransport, 10Gbps
ESI, (Enhanced Serdes Interface) 11.5Gbps
RPRPESP ESP
SPA SPA
SIPSIP SIP
SPA
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 11
Route Processor – RP1General Purpose CPU based on 1.5GHz Freescale 8548
Memory:
1. DRAM: Default: 2 GB; Max: 4 GB
2. NVRAM: 1G of Internal Flash for code storage, boot, config, logs, etc.
Management Interfaces:
– Management ethernet management port, auxiliary port, console port
Storage:
– For core dumps, failure capture, etc; 40 GB Hard Disk Drive (rotary) initially; Solid-state drive (SSD) option at FCS (TBD)
– External USB flash for IOS configs or File copying
Communications paths to other cards (for control and for network control packets)
Stratum-3 network clock circuitry and BITS reference input (for synchronizing SONET links, etc.)
Miscellaneous control functions for card presence detection, card ID, power/reset control, alarms, redundancy, etc.
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 12
Embedded Services Processor – ESP-5G, ESP-10G
Centralized, programmable forwarding engine (i.e. QFP subsystem (PPE) and crypto engine) providing full-packet processingPacket buffering and queuing/scheduling (BQS)
For output traffic to SPA Interface Processors/SPA’sFor special features such as input shaping, reassembly, replication, punt to RP, etc.
Interconnect providing data path links (ESI) to/from other cards over midplane
Transports traffic into and out of QFP10 Input scheduler for allocating QFP10 BW among ESI’s
FECP CPU managing QFP, crypto device, midplane links, etc
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 13
Quantum Flow Processor Architecture
+ +Quantum
Flow Processor Software
Traffic Manager (BQS)Multi-Core (40) Packet Processor
1. Scale 100s of resources & massive feature scale2. Performance Designed to deliver 5-100s of Gbps3. Feature Velocity Software designed to deliver a
common forwarding plane for multiple systems.4. Multi-Generational This is only the 1st Generation!
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 14
QFP Summary
• Packet Processing Engine (QFP-PPE)
– 40 Packet Processors – 4 Contexts (threads) each
– Up to 1.2GHz (Tensilica ISA) processors + DRAM packet memory
– Single TCAM4 I/F (can cascade 1-4 devices)
– C-language for feature development (extensive development support tools)
– HW assist for flow-locks, look-ups, stats, WRED, policers, range lookup, crypto, CRC
• Buffer/queue subsystem (QFP-BQS)
– HW hierarchical 3-parameter (min, max & excess) scheduler
– Fully configurable # of layers based on HQF
– Priority propagation through the multiple layers
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 15
SPA Interface Processor – SIP-10G
Physical termination of SPA Supports up to 4 SPA’s4 half-height, 2 full-height, 2 HH+1FHfull OIR support
Does not participate in forwarding QoS– Ingress packet classification – high/low – Ingress over-subscription buffering (low
priority) until ESP can service them. Up to 128MB of ingress oversubscription buffering
Capture stats on dropped packetsNetwork clock distribution to SPA’s, reference selection from SPA’sIOCP manages Midplane links, SPA OIR, SPA drivers
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 16
System Architecture - Dataplane
Route Processor (standby)
RP
Interconn.
Forwarding Processor
(active)
FECP
Interconn.SP
I4.2 QFP
subsys-tem
Crypto assist
Forwarding Processor(standby)
FECP
Interconn.
SPI4
.2 QFP subsys-
temCrypto assist
SPASPA
IOCPSPA
Agg.
…
Interconn.
SPASPA
IOCPSPA
Agg.
…
Interconn.
SPASPA
IOCPSPA
Agg.
…
Interconn.
Midplane
Route Processor
(active)
RP
Interconn.
All data forwarding is through ESP
Exception: Punt path for Legacy protocols –handled by the RP
Interconnect ASIC in each of the functional elements provides the backplane connection through ESI links
ESI (Enhanced SerdesInterconnect) links are used for Data forwarding
SPA-SPI links connect to the backplane through the SPA-AggASIC
SPA-SPI, 11.2GbpsHypertransport, 10Gbps
ESI, 11.5Gbps
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 17
System Architecture - Control Plane
SPASPA
IOCPSPA
Agg.
…
Interconn.
SPASPA
IOCPSPA
Agg.
…
Interconn.
SPASPA
IOCPSPA
Agg.
…
Interconn.
Route Processor (Standby)
Route Processor
(active)
Forwarding Processor(Standby)
FECP
Interconn.
QFP subsys-
temCrypto assist
Forwarding Processor
(active)
FECP
Interconn.
QFP subsys-
temCrypto assist
Midplane
RP RP
Two different control plane links separate from the dataplane links– Ethernet out-of-band
Channel (EOBC). – I2C - Monitor health of
hardware componentsSPA control links Run between IOCP and
SPAs
EOBC - 1GbpsI2C – Inter Integrated CircuitSPA ControlSPA Bus
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 18
Investment Protection Cross Platform Integration with SPA
Simpler Operations, Lower Spares Inventory Across the Edge/Aggregation and Core Network
Cisco XR 12000 Series
Cisco ASR 1000 Series
Cisco 7600 Series Cisco CRS-1 MC
Cisco 10000 Series
18
Shared Port Adapters (SPA)FE/GE/10GE, POS, TDM, Circuit Emulation, ATM
Cisco CRS-14, 8, 16 Slot
Complete Investment Protection
Same Interfaces Edge to Core
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 19
I/O – Shared Port Adapters
ATM:ATM: • T3/E3• OC3• OC12
• T3/E3• OC3• OC12
POS:POS: • OC3• OC12• OC48• OC192
• OC3• OC12• OC48• OC192
POS/DPT/RPR:POS/DPT/RPR: Channelized:Channelized: • T1/E1• T3• STM1• OC12• OC48
• T1/E1• T3• STM1• OC12• OC48
Ethernet:Ethernet: • FE• GE• 10GE
• FE• GE• 10GE
Clear Chan.:Clear Chan.: • T3/E3• T3/E3
• SPAs currently supported in other Cisco Platforms will be supported on ASR 1000
• Please refer to Roadmap for roll-out plan
• SPAs currently supported in other Cisco Platforms will be supported on ASR 1000
• Please refer to Roadmap for roll-out plan
CEOP:CEOP: • OC3• T3/E3• T1/E1
• OC3• T3/E3• T1/E1
RPRRPR • GE• 10GE• GE• 10GE
Double- WideSPA
Double- WideSPA
Single-HeightSPA
Single-HeightSPA
Double- HeightSPA
Double- HeightSPA
Not supported on ASR 1000Not supported on ASR 1000
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 20
ASR 1000High Availability
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 21
ASR 1000 HA HighlightsASR 1000 leverages Cisco IOS HA infrastructure – NSF/SSO, ISSU1+1 redundancy option for RP and ESP
– Active and standby– No load balancing
RP’s are separate from ESP’s– Switchover of ESP does not result in switchover of RP– Switchover of RP/IOS does not result in switchover of ESP
Single RP may be configured with dual IOS for SW redundancy (single RP only)No redundancy for SIP or other I/O cards
– SPA plugs into a single SIP
Protection against SPA or SIP failure is via APS or Y-cable redundancy feature (Future: requires SPA support)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 22
System Architecture – Distributed Control Plane
ActiveForwardingProcessor
ActiveRoute
Processor
StandbyRoute
Processor
StandbyForwardingProcessor
SPA Interface Processor
SPA SPA
SPA SPA
SPA Interface Processor
SPA SPA
SPA SPA
SPA Interface Processor
SPA SPA
SPA SPAGE Link
GE Link
ZeroPacketLossRP fails
HW or SW
StandbyBecomes
Active
Separate and independent internal communication link for control plane (GE)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 23
System Architecture – Centralized Data Plane
ActiveForwardingProcessor
ActiveRoute
Processor
StandbyRoute
Processor
StandbyForwardingProcessor
SPA Interface ProcessorSPA Interface ProcessorSPA Interface Processor
Punt Path
ESI ESI –– 11.5G11.5G
SPA SPA SPA SPA SPA SPA
SPA SPA SPA SPA SPA SPA
ESP fails – SW or HW StandbyBecomes Active
MinimalDataInterruption
Punt Path
• All packets processed by QFP for forwarding
• Separate and Independent links for Data Plane communication (ESI 11.5G)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 24
Software Architecture – IOS-XERoute Processor
Embedded Services Processor
SPA Interface Processor
Control Messaging
Kernel Kernel
Kernel
QFPClient/Driver
IOS-XE = IOS + IOS-XE Middleware + Platform Software
Operational Consistency - same look and feel as IOS Router
IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc). 32bit and 64bit options.
Linux kernel with multiple processes running in protected memory for
– Fault containment
– Re-startability
– ISSU of individual SW packages
ASR 1000 HA– Zero-packet-loss RP Failover
– <50ms ESP Failover
– “Software Redundancy”
Chassis Manager
InterfaceManager
ForwardingManager
SPADriver
SPADriver
SPADriver
SPADriver
ForwardingManager
ChassisManager
IOS 12.2SR
(Active)
IOS-XE “Middleware”
InterfaceManager
ChassisManager
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 25
Software Redundancy on 4RU/2RU Single RP/ESP
Route Processor
Linux Kernel
IOSBackup
IOSActive
Active IOS ProcessStand-by IOS
Process
Chassis Manager
InterfaceManager
ForwardingManager
IOS-XE “Middleware”
Stand-by IOS process in RP in the single-engine 4RU/2RU systemTwo IOS process in a single RP function similar to different processes on separate RPSupport all NSF/SSO features supported by dual-RP systemsRequires additional RP memory – 4G
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 26
ASR 1000Solutions OverView
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 27
EthernetWAN Services
Application Optimization
Services
Voice and Multimedia
Services(SBC)
Integrated ThreatDefense Services
Multi-Service, Secure WAN Aggregation
Services
ASR 1000 – Enterprise Target Solutions
ASR 1000 Series
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 28
ASR 1000 vs. Complexity:Size & Complexity
Integrated Router, SBC, Security, DPI,
Broadband Agg
vs.
Other SolutionsCisco Solution
Powered by Cisco QuantumFlow
More Space, Power, CapEx, OpEx, Complexity
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 29
Multi-service, Secure WAN Aggregation Services
VPN
WAN
Big BranchSmall Branch
Headquarters
ASR 1000 as WAN Router
Internet
ISRISR ISR
Telecommuter
ASR 1000 Solution
Benefits
w/ ESP-10G: secure, scalable WAN Aggregation router Scalable: 10K site-to-site and remote tunnels, 3.5G IPsec encryption with services enabledKey Attributes: IPsec, VPN services, Application Intelligence - NBAR, FPM
Need to readily adapt to new business requirementsLong qualification time for new deploymentsNeed proactive and pervasive integrated security servicesRegulations requiring confidential communications
Business Problem
Scalable solution to meet bandwidth requirementsReduced maintenance and lower TCO with one deviceSeamless security with minimal loss in performanceFlexible architecture for a future proof investmentSimplified network management and fast deployment
WAN
Remote Access VPNSite-to-Site VPN
QFPQFP
NBAR, FPM
App
licat
ions
(e.g
. Voi
ce, V
ideo
)
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 30
WAN Edge Integrated Threat Defense Services
NAT/VPN
Hub Site
WAN
ASR 1000 Solution
Benefits
Integrated security: 10Gb Firewall, 3.5Gb encryption services, hierarchical QoS servicesManagement/Monitoring: High-speed Netflow v9 logging, Cisco Security Manager, LAN Mgmt Solution, ERSPANKey features: Firewall, NAT, NAC, NBAR, PfR, MPLS VPN, QoS, ACL
Need security, bandwidth management services at WAN edgeNeed efficient network monitoring and planningHigh performance router as internet gateway for the enterprise
Business Problem
Wide range of connectivity options (GE/10GE) to the ISPCarrier class availability for consistent reliable services Simplified network management and fast deploymentSeamless security with no loss in performanceBranch
ISR
ASR 1000 as WAN Router and Internet
Gateway
ISR
InternetService Provider
QFP
FWNAC
Branch
© 2008 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 31
Ethernet WAN Services
ASR 1000 2RU as CPE
Hub Site
ASR 1000 Solution
Benefits
ASR 1002 with GE/10GE SPA interfaces and redundancyBuilt-in 5Gb/10Gb firewall, NAT, 1.5/3.5Gbps IPSec VPN encryption
Require full integrated services with higher performanceNeed managed WAN connectivity, security and VPN services
Business Problem
More bandwidth for applications at a cheaper costScaleable Services at large branch with high performanceHigh performance with features enabled—QoS, NAT, ACLsManaged or unmanaged high-end CPE
ASR 1000 (4RU or 6RU)
as WAN Router
Ethernet WANSP
QFP
Ethernet Services
QFP
ISR
Large OfficeFull Service
Ethernet-Connected
Branch Office
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 32
Cisco Enterprise Core Routing
Summary
http://www.cisco.com/go/asr1000