Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Hawaii Tech Day - Routing Platform Update

3 556 vues

Publié le

Routing Platform Update presented at Hawaii Tech Day February 2017

Publié dans : Technologie
  • Identifiez-vous pour voir les commentaires

Hawaii Tech Day - Routing Platform Update

  1. 1. Peyton Schouest - Solutions Architect Routing Platform Update Hawaii Tech Day Feb 2017 pschoues@cisco.com @Net20234
  2. 2. Cisco Digital Network Architecture Automation Abstraction and Policy Control from Core to Edge Open and Programmable | Standards-Based Open APIs | Developers Environment Cloud Service Management Policy | Orchestration Virtualization Physical and Virtual Infrastructure | App Hosting Analytics Network Data, Contextual Insights Insights and Experiences Automation and Assurance Security and Compliance Network-enabled Applications Cloud-enabled | Software-delivered Principles Cisco ONE Software Delivered
  3. 3. Cisco Confidential 3 ISR Series
  4. 4. • End-of-Sale Announced on Sep 9th, 2016 (15 month notice. • Actual End-of-Sale on Dec 9th, 2017 • ISR G1 End of Support October 2016 • EoS Announcement for Cisco 2900 Series ISR • EoS Announcement for Cisco 3900 Series ISR End-of-Sale Announcement for 2900 and 3900 Series Important Note: No changes for the 1900 series
  5. 5. Cisco Confidential 5 ISR Series: New Products 4221
  6. 6. ISR 4221 • USB file storage • RJ45 Console & Aux combo • 1 RJ45 GE WAN • 1 RJ45 + 1 SFP • External AC Power • Rack & Wall mounts 35 – 75 Mbps 2 NIM slots 4G, DSL, Serial, T1, GE LAN + WAN IOS-XE Snort IPS 1 RU Desktop 13.5” wide 4 GB RAM 8 GB Flash
  7. 7. Intel Rangeley 1.25GHz 4 core Atom SoC Polaris Linux Kernel CPP SW Data plane RP IOS Control Plane LXC on Service Plane CPU Core CPU Core CPU Core CPU Core 4221 System Architecture Generic KVM container not supported
  8. 8. ISR4221 ISR4321 ISR4221 vs. ISR4321 I/O Design 13.50” / 343 mm 14.55” / 370mm
  9. 9. Platform Comparison 1921 4221 1941 4321 Performance Positioning 15 Mbps 35 – 75 Mbps 25 Mbps 50 – 100 Mbps Maximum throughput with popular services (FW, NAT, QoS) 50 Mbps 75 Mbps 80 Mbps 100 Mbps RU 1 RU Desktop 1 RU Desktop 2 RU Desktop 1 RU Desktop EHWIC / NIM slots 2 2 2 2 GE / SFP 2 / 0 2 / 1 2 / 0 2 / 1 Power Supply Internal External Internal External ISC (DSP) slot No No No Yes Power supply 150 W 90 W 190 W 260 W PoE support 80 W No 80 W 120 W CPU Cavium 2-core Intel 4-core Cavium 2-core Intel 4-core RAM 512 MB 4 GB 512 MB, 2.5 GB 4 GB, 8 GB DIMM slot No No 1 1 Flash 1 (Internal USB) 1 (eMMC) 2 (External CF) 1 (Internal eUSB) Disk No No No Optional mSATA, NIM USB 1 1 2 1 Management Port (GE) 0 0 0 1
  10. 10. Cisco Confidential 10 ISR 4k Modules General Roadmap
  11. 11. • Targeted for Terminal Server use • Two versions • NIM-16A and NIM-24A • New serial cable to accommodate both 16 ports and 24 ports SKUs • NIM-16A • Use existing G2 cables for both 8-port connectors. • NIM-24A • Use existing G2 cables for both 8-port connectors. • New cable needed for 3rd port NIM-Async FCS Target: Oct 2016 IOS Release: XE: 16.3
  12. 12. Cisco ISR 4000 Family Modules (1 of 2) Category Type Name Available LAN SM-X Ethernet Switches: 16, 24 & 48 ports Yes NIM Ethernet Switches: 4 & 8 ports Yes UCS E-Series SM-X CPU: 2, 4, 6 & 8 cores Yes NIM CPU: 4 cores Yes Voice NIM T1/E1: 1, 2, 4 & 8 ports Yes NIM FXS/FXO: 2 & 4 ports. Also, 4FXS+2FXO combo NIM. Yes NIM E/M & BRI Voice Yes PVDM PVDM4: 32, 64, 128 & 256 channels Yes SM-X High-density DSP farm Yes WAN Ethernet SM-X 1GE: 4 ports OR 1-port 10GE Yes SM-X 1GE: 6 ports Yes NIM 1GE: 1 & 2 ports Yes WAN 4G / LTE NIM USA, Canada, Europe, Australia Yes NIM LATAM / APAC (Incl. Band 28 for Australia and LTE TDD for China/India) XE 16.3.2 ISR G2 - EHWIC and 800BB LATAM / APAC (Incl. Band 28 for Australia and LTE TDD for China/India) 15.6(2)T1 For Your Reference
  13. 13. Cisco ISR 4000 Family Modules (2 of 2) Category Type Name Available WAN T3/E3 SM-X T3/E3: 1-port Yes WAN T1/E1 NIM T1/E1: 1 & 2 ports Yes NIM T1/E1: 8 ports Yes WAN xDSL NIM Multi-mode VDSL2 / ADSL Annex A, B & M Yes WAN Serial NIM Synchronous Serial: 1, 2 & 4 ports Yes NIM Asynchronous Serial: 16 & 24 ports + new cable for 24 port version Oct 2016 Storage NIM Dual SSD carrier. Each SSD may be 200G or 400G. Yes mSATA 200G SSD Yes NIM Adaptor SM-X Converts SM-X slot to 1 NIM slot Yes NIM-ISDN BRI-Data CC / Target release 16.6 NIM-G.SHDSL CC / EC pending / Timeline TBD For Your Reference
  14. 14. Single Wide High Density Analog module for the ISR4K • Feature parity • Feature Parity with Venom (EVM modules on ISRG2) • Compatible with CUCM (MGCP/H323/SCCP) • Support FXS fall back to SRST or FXS registered to CME • Enhancement: Direct FXO bypass (FXO Failover) • Enhancement: Support Long loop length for FXS Ports(FXS-E) • Cost Parity • Cost Parity with ISRG2 Modules • DSP on board VG350 SM-D-72FXS /48FXS-E SM-X-72FXS FIXED / Only for ISR4K • Feature parity (with VG350) • Long Loop Length (FXS-E) • Compatible with CUCM (MGCP/H323/SCCP) • Energy wise feature • Cost parity • Cost Parity with Palestrina (VG350) • DSP on board Double Wide High Density Analog modules for the ISR4K EVM-ISRG2 8FXS MB, FXS/FXO DB SM-X-24FXS/4FXO FIXED / Only for ISR4K SM-X-8FXS/12FXO FIXED / Only for ISR4K SM-X-16FXS/2FXO FIXED / Only for ISR4K
  15. 15. Cisco Confidential 15 Security
  16. 16. Cisco Leadership – ISR 4000 Series Platform Integrity Protects the Network Counterfeit Protections OS Validation Secure Boot Modern Crypto Hardware Trust Anchor Runtime Defenses Incident Response Firepower ISE Manager Packet AnalysisAgent Stealthwatch Learning Network License Firepower Management Center Security Culture PSIRT Advisories Security Training Product Security Baseline Threat Modeling Open Source Registration Supply Chain Management
  17. 17. Internet Direct Internet Access (DIA) Corporate Network v Secure WAN Transport v Leverage Local Internet Path v Threat Detection Techniques v Improve Application Performance v Reduce WAN Bandwidth Consumption Branch Public Direct Internet Access IPsec VPN IPS Firewall Firewall
  18. 18. Branch DIA use cases Use Case Security requirements Security Technology Visibility PCI and Regulatory Compliance FW, IPS ZBFW, Snort IPS Guest User Wi-fi FW, Web Security, IPS (optional) ZBFW, Cisco Umbrella Branch (OpenDNS), Snort IPS Partial Direct Internet Access (Public Cloud, Partner Sites) FW, IPS, Web Security ZBFW, Snort IPS, Cisco Umbrella Branch (OpenDNS) or Firepower Threat Defense Full Direct Internet Access FW, IPS, Web Security, Malware Protection, AVC Firepower Threat Defense StealthwatchLearning NetworkLicense
  19. 19. Snort IDS/IPS Cisco ISR 4000 Series Snort Now Orderable! Helps meet PCI compliance mandate at the Branch Office Threat protection built into ISR 4000 branch routers Complement ISR 4000 Integrated Security Lightweight Threat Defense with low TCO and automated signature updates Splunk monitoring available Ø Over 4 million downloads Ø 500,000 registered users Ø Widely deployed IPS in the world Ø Solution requires: Ø SEC license Ø Signature updates term subscriptions (1Y or 3Y)
  20. 20. Cisco Umbrella Branch (a.k.a OpenDNS) Your first layer of defense at branch offices Cisco Umbrella Branch Devices on branch network • Visibility & enforcement at the DNS-layer • Block requests to malicious domains and IPs • Predictive intelligence: uncover current & emergent threats • Protect all devices on your branch network against: o Malware o Phishing o C2 callbacks MALWARE C2 CALLBACKS PHISHING Block Cisco ISR
  22. 22. Branch Office Headquarters Guests Employees VPN SECURITY • Prevent guest or corporate users from connecting to malicious domains & IPs • Prevent already-infected devices from connecting to C&C ACCESS CONTROL • Guest: Inappropriate content • Corporate: Loss of productivity ISR4k INTRANET TRAFFIC Protecting Branch Guest and Corporate Internet Traffic Cisco Umbrella Branch Internet Direct to Internet Access WAN SEC license required + term subscription for OpenDNS cloud services (1Y or 3Y)
  23. 23. Cisco Firepower Threat Defense for ISR • Capitalize on DIA Without Compromising Security • Industry-Leading Threat Protection for Branch and Remote Offices • Consolidated Footprint Frees Revenue-Generating Square Footage • Centralized Management with Clearly Divided Roles and Responsibilities • Lower Total Cost of Ownership Network Visibility Granular App Control Modern Threat Control NGIPS Security Intelligence URL Filtering BEFORE Discover Enforce Harden DURING Detect Block Defend AFTER Scope Contain Remediate Attack Continuum Firepower Threat Defense Visibility and Automation Advanced Malware Protection Retrospective Security IoCs/Incident Response
  24. 24. Stealthwatch Learning Network License (SLNL) Brings self-learning attributes to the Cisco 4000 ISR Needs no programming of firewall rules, malware signatures, or access control lists (ACLs) Uses machine learning, network context, and packet capture to determine what’s normal and what’s not Uses advanced analytics and models to identify and block true anomalies Adapts as conditions change ISR ISR Headquarters Branch 1 Branch 2 Learning Network Agents Learning Network Manager DLA DLA
  25. 25. Integrated Security Offerings in One Box The Ultimate Converged Branch – No More Appliances Native, Service virtualization, AVC, WAN Opt, UC Security for regulatory compliance Threat Centric Advanced security Network, Compute and Storage VPN ZBFW Snort IPS Umbrella Branch (OpenDNS) Stealthwatch Learning Network Firepower Delivering true multi-layer security
  26. 26. Integrated Cloud Security for Managed Services Shifting deployments from on-prem to the cloud Internet SP Cloud Eliminate security appliance at the customer premise Any IPsec capable CPE can be deployed at the customer premise Security intelligence moves to the cloud. Stack available on CSR1000V: • IPsec VPN • SSL VPN • ZBFW • Snort IPS • Web Filtering Low footprint: 100 Mbps of combined throughput @2vCPUCloud Management Data Traffic
  27. 27. Cisco Confidential 27 WAAS
  28. 28. O365 and Single Sided SSL FCS 6.2.1 May 2016 6.2.3 July 2016 • Office 365 optimization support • SMART-SSL acceleration for YouTube • SMART-SSL HTTPS content caching from the branch • Full SMBv3 optimization and prepositioning with signing and encryption • Akamai Connect connection counts scale beyond 6,000 connections. • Prepositioning proxy and User Agent Support • Redhat/CentOS KVM Support WAN Branch DC Branch DIA Azure/Managed cloud DIA
  29. 29. WAAS is available on Azure Marketplace • Supported on release 6.2.x • Optimize IaaS and SaaS (O365) applications • Hourly licensing • 200,750,1300, 2500, 6000 and 12000 • D2_v2 and D3_v2 VM • Only routed and PBR redirection supported (Azure doesn’t support GRE) • One click solution template for easy deployment
  30. 30. Cisco Confidential 30 Polaris Feature Update
  31. 31. Manageability Support (ASR1K and ISR4K) • TR111 Support • TR069 Support Security Support (ASR1K and ISR 4K) • NAT HA + VASI • Snort IPS Enhancements & integrations (logging, signatures) • Flex VPN and IKEv2 fast Convergence • ESON Support (Scheduled Rekey, Policy & Monitoring) • DMVPN (with Tunnel Sub-Interface, Native Multicast, per-Tunnel support) • VMS Cloud UTM • CWS (FQDN Enhancements, Active Identity integration) • SVTI-Multi Security Association (SA) Data Center Interconnect (ASR1K) • ACI L3 DCI and TrustSec Integration: • ACI L3 DCI EVPN with iVXLAN and SGT • LISP and VXLAN GPO on WAN • NSH with Service Chaining Voice Support for Federal Customer • SHA1_80 on ISR4K SIP IP TDM (PRI/BRI) • Support for Smart Licensing ISR4K Feature Parity • DDR Support • Broadband Support for ISR 4000 Series (PPPoE, ISDN PRI integration, QoS, MLPPP etc) • Ethernet over GRE ASR Specific Features • Segment Routing • Security (ARP/NDP cache entries, ACL, punt policing) • Static IPoE session roaming, with Parameterized QoS, Framed Route • Software Technology Re-Package for ASR New Software Features Areas IOS XE 16.4.1 (Nov 2016) and 16.5.1 (March 2017)
  32. 32. Elements / Features VPN BGP QoS Others en conf t Interface en0 Ip address Script CLI BGP Cfg State QoS Cfg State VPN Cfg State Data-Model A BGP QOSVPN Data-Model B BGP QOSVPN Platform BPlatform A Manual Configuration State & Config stored per Feature Inconsistent Data Models Physical and Virtual Infrastructure Platform Automation Systems OSS/BSS SDN Controllers Configuration Management Tools Programmatic Interfaces RESTConf, NETConf, OpenFlow Network DevOps IOS-XE16 Programmability (NETConf and YANG)
  33. 33. Software Patches: SMU In-service bug-fixes Less downtime with reduced reboots IOS-XE16 IOS-XE Now enables Emergency Point Fixes through Patching OSPF OSPF System Upgrade In Place Upgrade Config Preserved asr1k.iso OSPFasr1k.iso Feature Upgrade* Upgrade Single Feature Installed like SMU BGP 6.0 OSPFBGP 6.1 Not available for all features* What is Patching • Emergency Point Fix positioned for Expedited delivery • Addresses a Network problem that brings Business to a Standstill Benefits of Patching • Reduce time to resolution in your network. • Simplify Network Operations for defect resolution and code qualification.
  34. 34. Cisco Confidential 34 ISR 4K Open Services Containers
  35. 35. What is a Service Container? A Service Container is a virtual machine running within the network itself. Service Containers use virtualization technology (LXC and KVM) to provide a hosting environment on Cisco routers/switches for applications. Use Case Cisco Virtual Services: • Lightweight Application Hosting • Example: ISR-WAAS ( KVM ) • Example: SNORT ( LXC ) Use Case Third Party Services: • KVM Hosted Applications Container Network OS Virtual Service Now Available IOS Release: XE: 16.3.1 (Polaris)
  36. 36. Common Service Container Use Cases General purpose virtual machine with custom and open-source troubleshooting tools. (Wireshark, Speedtest, IXIA etc.) Troubleshooting VM Common network functions such as Print Server, Domain Controller, File Storage, etc. Network Functions Network Analysis and Application Performance Monitoring without a dedicated probe. Analytics Augment the capabilities of the host platform in some way. (Custom encryption, business- based routing, specialized API interface) Device Customization
  37. 37. Cisco Confidential 37 Web GUI
  38. 38. • First release is 16.2 (March 2016) • Come with the image - nothing needs to be installed • All is needed is to enable the http or https server • Access via http://<router-ip>/webui • Features in the March 2016 release: 1. Monitoring dashboard with device stats: CPU and memory utilization 2. Monitoring dashboard with AVC – show layer 7 application visibility for up to 48 hours usage 3. Configure AVC interfaces 4. Configure physical and logical interfaces 5. Configure static routes, DHCP, DNS 6. Enable smart call home 7. View active licenses 8. View syslog 9. Send exec and configuration commands WebUI for ISR4K, ASR1K, CSR1000v
  39. 39. WebUI Dashboard 16.3(1)
  40. 40. CPU / Mem Utilization
  41. 41. What’s being sent through the router
  42. 42. Define AVC Policies – out of the box we support the 1300+ NBAR 2 Apps Custom Apps support URL, Server/Port, Protocol, DSCP
  43. 43. Configuration
  44. 44. Cisco Confidential 44 CSR Update
  45. 45. Packaged for NFVIS Branch-Specific Features Branch-Specific Pricing Look-and-feel of an ISR 4000 Not available separately Cloud and VDC Deployments Aggregation Use-Cases Flexible Pricing & Packaging Virtual ASR 1000 Series Available on multiple platforms ISRv and CSR – 16.3.1 Integrated Services Router - Virtual Cloud Services Router
  46. 46. Cisco Confidential 46 UCS E-Series Updates
  47. 47. UCS E-Series Portfolio Scalability Performance UCS-E160D 6-core, 2.0 GHz, 96 GB RAM UCS-E180D 8-core, 1.8 GHz, 96 GB RAM 6-core, 1.9 GHz, 32 GB RAM M1 blades will be EOS by Q1 FY16 UCS-E140S 4-core, 1.8 GHz, 16 GB RAM UCS-E160S 2-core, 2.0 GHz, 16 GB RAM UCS-EN140N 4-core, 1.0 GHz, 8 GB RAM UCS-EN120S Shipping New
  48. 48. UCS-E160S-M3/K9 6-core, 32 GB, 2 Disks Up to 4TB SATA Storage Dual External 10G USB 3.0 port for external device connectivity 6-core, Intel Broadwell, 2.0 GHz Dual EMMC Storage with RAID Available Now Only on ISR 4K Up to 32 GB DRAM options Upgraded LSI controller for higher performance
  49. 49. Cisco Confidential 49 Enterprise NFV
  50. 50. What is Enterprise NFV? Freedom of Choice Hardware Platform Add Software Intelligence to the Hardware Virtualization Layer Consistent, trusted network services across all the platforms Virtual Network Functions (VNFs) Central and Prescriptive Automation Orchestration and Management
  51. 51. Cisco 4000 Series ISR + UCS® E-Series Cisco® UCS C-Series Enterprise Network Compute System (ENCS) Network Functions Virtualization Infrastructure Software (NFVIS) Cisco Enterprise Service Automation (ESA) on APIC-EM Network Services Orchestrator (NSO) Introducing Cisco Enterprise NFV Network Services in Minutes, on Any Platform Virtual Router (ISRv) Virtual Firewall (ASAv) Virtual WAN Optimization (vWAAS) Virtual Wireless LAN Controller (vWLC) Third-Party VNFs
  52. 52. Packaged for Branch Network Services Enterprise NFV Infrastructure Software (NFVIS) Network Hypervisor Enables segmentation of virtual networks Abstract CPU, memory, storage resources Zero Touch Deployment Automatic connection to PnP server Secure connection to the orchestration system Easy day 0 provisioning Life Cycle Management Provisioning and launch of VNFs Failure and recovery monitoring Stop and restart services Dynamically add and remove services Service Chaining No hardware offload with UCS External connectivity and to other services Multiple service access options Open API Programmable API for service orchestration REST and NETCONF API
  53. 53. ASAv vWAAS vWLCISRv Best-of-breed Trusted Services from Cisco Consistent software across physical and virtual High Performance Rich Features End-to-end Support Proven Software Leader in Gartner MQ #1 Unit Shipped Superior Caching with Akamai Connect Survivability & Scale Consistency across the Data Center and Switches Built for small and medium branches Comprehensive Protection Full DC-class Featured Functionality Designed for NFV Cost-effective with NFV
  54. 54. Freedom of Choice Cisco Intelligent Branch Virtual Router Virtual Services ENCS License Portability Services Consistency Business Continuity Enterprise NFV Physical Router Virtual Services ISR 4000 Series + UCS E-Series Traditional Physical Router ISR 4000 Series Centralized Services Fixed Integrated Services Conservative Upgradable H/W Deterministic Routing Performance Late Adopter Elastic Routing and Services Performance Early Adopter
  55. 55. ENCS 5400 Series - Bezel New Industrial Design First platform with new Cisco design language Intended to create a common look across Cisco products Status Indicators using Universal Icons LED Backlit LogoRounded Corners Aluminum Bezel with “Logo” Vents Raised Bezel Edge
  56. 56. ENCS 5400 Series 6, 8, or 12-Core Intel Xeon-D 8 - 64 GB DRAM 8 Integrated LAN Ports with Optional POE Network Interface Module for LTE & legacy WAN Dedicated Board Management Controller 2 HDD or SSD RAID 0 & 1 Internal M.2 Storage USB 3.0 Storage 2 Onboard Gigabit Ethernet ports with SFP Optional Hardware RAID Controller Integrated Power Supply Optional Hardware Crypto Module Hardware Acceleration for VM Traffic
  57. 57. ENCS 5400 Portfolio - Chassis Options ENCS5412 12-CoreENCS5408 8-CoreENCS5406 6-Core ENCS5406 ENCS5408 ENCS5412 CPU 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz Base List Price $4,000 $6,000 $8,000 PoE No 200W 200W Capacity Guidance ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs
  58. 58. Cisco Solutions for Digital Branch Customer Experience AVC & NBAR2, Prime WAAS with Akamai Connect UC: CUBE, CME/SRST, Voice Gateway Branch Automation IWAN App on APIC-EM Prime: Lifecycle | Assurance | Compliance Plug-n-Play Automation Pervasive Security Network: Stealthwatch Learning Network, MACSec Branch: FirePower, Snort IPS, VPN DIA: OpenDNS, CWS Platform Independence: Virtualize Any App, Anywhere PHYSICAL ISR 4000 Series , ASR 1K Series CONVERGED UCS E-Series on ISR 4000 VIRTUAL KVM VM on IOS XE VNFs: ISRv, ASAv, vWAAS, vWLC Dynamic Multipoint VPN WAAS VRF, ZBFW Intelligent Path Control (PfR) Software Defined WAN and Beyond
  59. 59. Cisco Confidential 59 ASR Series
  60. 60. Up to 78Gbps Crypto capacity More flexible power supply configuration Support for up to 200 Gbps in every slot with ESP200-X and up Hardware redundancy ASR1000 Product Family Evolution ASR1002-X ASR1006-X ASR1009-X ASR1013 ASR1001-X 2.5 - 20 Gbps 5 - 36 Gbps 40 – 200+ Gb/sec ASR1002-HX EPA 100 Gbps for slots 2 and 3 Hardware redundancy 40 - 200 Gb/sec EPA ESP100-X, ESP200-X and ESP400-X on roadmap with line rate crypto More power flexibility 200 Gbps in every Hardware redundancy 40 - 100 GbpsEPA RP3 RP3 High performance control plane with crypto assist. RP3 RP3 ESPX ASR1001-HX Up to 39Gbps crypto 40 – 100 GbpsEPA 8 or 20Gbps crypto 60 Gbps
  61. 61. ASR 1006-X and 1009-X Chassis Power Shelf ASR 1009-X ASR 1006-X ASR 1006-X (Modular Redundant ) ASR 1009-X (Modular Redundant) Timeline Available Now Available Now Height 6RU 9RU RP Slots 2 2 ESP Slots 2 (regular) 2 (super) SIP/MIP Slots (I/O Slots) 2 (SIP40/MIP100) 3 (SIP40/MIP100) SPA Slots 8 12 EPA Slots 4 6 NIM Slots N/A N/A Built-In GE N/A N/A Slot Bandwidth 100G(Future 200G) 100G(Future 200G) Forwarding Bandwidth (based on current QFP) 40 to 100G 40 to 200G Forwarding Bandwidth (with Next-Gen QFP) Up to 200G (Future) Up to 400G (Future) Maximum Output Power 1100W power modules N+1, Max 6 1100W power modules N+1, Max 6 Available Now! Available Now!
  62. 62. ASR1006-X – Next-Gen 6RU with 100G per Slot Forwarding Plane (ESP) § Up to 100Gbps per system § Supports ESP40, ESP100 and future ESPs Control Plane § Supports RP2 and RP3 (future) § Default 8G memory (max. 16G) § FIPS-140-3 certification I/O Connectivity § 8x SPA slots (with SIP40) § 4x EPA slots (with MIP100) § 100 Gbps I/O slot bandwidth System Management § RJ45 Console § Auxiliary Port § 2x USB Ports Power Supply § Modular power supply with N+1 redundancy § High efficiency, Load sharing, Hot-swappable § AC (1100W) or DC (950W) BITS clocking § Stratum 3 built-in Modular Fan Tray § Field Replaceable without the need to replace power supplies Cryptography § Up to 29/16 Gbps (1400B/IMIX) crypto throughput using ESP100 § Suite-B crypto support Hardware Redundancy § Dual ESP and RP slots for data plane and control plane redundancy § ISSU Available Now!
  63. 63. ASR1009-X – Power Efficient 9RU with 100G per Slot Forwarding Plane (ESP) § Up to 200Gbps per system § Supports ESP40, ESP100, ESP200 and future ESPs Control Plane § Supports RP2 and RP3 (future) § 8G – 64G DDR3 memory (RP3) § FIPS-140-3 certification I/O Connectivity § 12x SPA slots § 6x EPA slots § 100 Gbps I/O slot bandwidth with ASR1000-MIP100 System Management § RJ45 Console § Auxiliary Port § 2x USB Ports Power Supply § Modular power supply with N+1 redundancy § High efficiency, Load sharing, Hot- swappable § AC (1100W) or DC (950W) BITS clocking § Stratum 3 built-in Modular Fan Tray § Field Replaceable § 30% improvement in airflow per slot vs integrated Fan module Cryptography § Up to 78/59 Gbps (1400B/IMIX) crypto throughput using ESP 200 § Suite-B crypto support Hardware Redundancy § Dual ESP and RP slots for data plane and control plane redundancy § ISSU Available Now!
  64. 64. Multi-Core Network Processor § 124 Cores § 4 Packet Threads / Core § 496 simultaneous threads Miscellaneous § RJ45 & mini-USB console § SSD § Secure Boot ASR 1002-HX (Kahuna) 100G Fixed Network Interface Module § 1 double wide NIM slot or § 2 single wide NIM slots § NIM - Compatibility with ISR4400 and ASR1001-X EPA - Ethernet Port Adapter § 1x EPA slot Built in I/O § 8x TenGigabit Ethernet interfaces enabled by license § 8x Gigabit Ethernet interfaces in base § Multipoint MACSEC for linerate encryption (1G & 10G) Pay as you go § 50 Gbps base performance § Max performance of 120 Gbps, licensed Application level service performance § 58M Packets Per Second § Up to 25G Crypto IMIX w/ Suite B § Diverse VPN security solutions, 25G IMIX § 13M Firewall and traditional NAT Sessions Control plane § CPU: Quad Core @ 2.5 GHz § Memory: 16GB DDR3 default memory, upgradeable to 32GB System management § Cisco Prime § Glue Networks Crypto module § Field upgradeable Available Now!
  65. 65. • Crypto capacity up to 39Gbps • Base version of 1002-HX can be delivered without the crypto hardware • Upgrade crypto performance on fielded units…on demand, without truck roll • Upgrade only the fielded units that really needs to support Crypto • Order units to be upgraded in the factory prior to shipment. ASR1002-HX Crypto Module
  66. 66. ASR1002-HX – Capability Comparison Platform ISR4451-X ASR1001-X ASR1002-X ASR1002-HX PAYG Bandwidth 1-2G 2.5-20G 5-36G 44G-100G PPS Performance 1-2 Mbps 11 Mpps 30Mpps 58Mpps IPv4 Routes 500K (4G)/IM (8G/16G) 1M (8G)/ 3.5M (16G) 500K (4G)/1M (8G)/ 3.5M (16G) 500K (4G)/1M (8G)/ 3.5M (16G) Built-in I/O 4x1GE 6x1GE; 2x10GE 6x1GE 8x1GE, 8x10GE Extensible I/O 3XNIM,2XSM 1x SPA, 1x NIM 3x SPA 1x EPA, 1x NIM Encryption Throughput 1.4G(IMIX) 5G (IMIX) 4G (IMIX) 25G (IMIX) MACsec Point to Point Point to Multipoint N/A Point to Multipoint ZB Firewall Sessions 500K (200K FW+K2) 2M 2M 6M NAT Sessions 500K 2M 2M 6M AVC 1G 5G 18G 52G CUBE(Ent) 8K 10K Subscribers 10K subscribers 10K subscribers BB N/A 10K subscribers 29K subscribers 58K subscribers QoS (Queues) TBD 16K 116K 232K MACsec Yes (128-bits only) Yes N/A Yes Suite-B Yes Yes Yes Yes High Availability No Yes (Redundant IOS) Yes (Redundant IOS) Yes (Redundant IOS) Clocking Yes ( In Future) Yes (SyncE) Yes (SyncE, GPS, BITS) Yes (SyncE,BITS) TCAM Software 10Mbits 40Mbits 80Mbits
  67. 67. ASR1000 Forwarding Where does ASR1002-HX fit in Performance and Throughput? Jackpot ESP-10G ASR1001- X ESP-20G ASR1002- X ESP-40G ESP-100G ASR1002- HX ESP-200 System Bandwidth* 2.5 - 5 Gbps 10 Gbps 2.5 – 20 Gbps 20 Gbps 5 – 36 Gbps 40 Gbps 100 Gbps 44-100 Gbps 200G Performance 3 - 8 Mpps 17 Mpps 11 Mpps 23 Mpps 23 Mpps 30 Mpps 58 Mpps 58 Mpps 130 Mpps # of Processors 20 40 31 40 64 40 128 128 256 Clock Rate 900 MHz 900 MHz 1.5 GHz 1.2 GHz 1.2 Ghz 1.2 GHz 1.5 GHz 1.5 GHz 1.5 GHz Crypto Engine BW (1400 Bytes) 1 Gbps 4.4 Gbps 8 Gbps 8.5 Gbps 4 Gbps 11 Gbps 29 Gbps 39 Gbps 78 Gbps QFP Resource Memory 256MB 512 MB 4 GB (Unified) 1 GB 1 GB 1 GB 4 GB 4 GB 8 GB Packet Buffer 64 MB 128 MB 512 MB (Unified) 256 MB 512 MB 256 MB 1 GB 1 GB 2 GB Control CPU Dual core* 2.13 GHz 800 MHz Quad Core* 2.0GHz 1.2GHz Quad core* 2.1 GHz Dual core 1.86 GHz Dual core 1.73 GHz Quad core* 2.5 GHz Dual core 1.73 GHz TCAM 5 Mbits 10 Mbits 10 Mbits 40 Mbits 40 Mbits 40 Mbits 80 Mbits 80 Mbits 2x 80 Mbits Chassis Support ASR 1001 ASR 1002, 1004, 1006 ASR 1001- X ASR 1004, 1006 ASR 1002- X ASR 1004, 1006 1006- X, 1009-X, 1013 ASR 1006, 1006-X, 1009-X, 1013 ASR 1002- HX ASR1009-X, 1013 Ø * For non-modular systems (1001 & 1002) the “Control CPU” is also the Route Processor CPU and requires more processing capability
  68. 68. ASR 1001-HX 60G Fixed System Management § RJ45 GE Ethernet § 2x USB Ports § 8x 1GE Ports § MACSec enabled § 4x 10GE Ports + § 4x configurable 10GE / 1GE Ports enabled by license § MACSec enabled Power Supplies § 2x AC or DC Memory § 2x DIMM slots (8GB each) Crypto module § Field upgradeable (8 or 16Gbps) 6x Fans System Management § Console § AUX Multi-Core Network Processor § 62 Cores § 4 Packet Threads / Core § 248 simultaneous threads Control plane § CPU: Quad Core @ 2.5 GHz § Memory: 8GB DDR3 default memory, upgradeable to 16GB Pay as you go § 60 Gbps system performance § 16 Built-in 10GE/1GE ports enabled via software license Application level service performance § 30M+ Packets Per Second § Up to 20G Crypto IMIX w/ Suite B for diverse VPN security solutions § 6M Firewall and traditional NAT Sessions
  69. 69. High Density Modular Ethernet – MIP100 Carrier Card + EPAs 100G Carrier Card + 2xEthernet Port Adapters Possible EPA options • 1x100GE • 2x40GE via breakout cable from 1x100GE • 10x10GE • 18X1GE • 2x40GE native ports (not EC’ed yet) Throughput • 200G I/0 with up to 100G1 throughput per line card Key Features • Feature Parity to 2x10GE+20xGE Plus • WAN-PHY for 10GE (post-FCS) • 256-bit MACSEC & TAGS in the clear (post-FCS) RP • RP2 + Future ESP • ESP100 + Future • ESP200 + Future Chassis Slots BW 1013 Slots 2 & 3 100G 1013 Slots 0,1,4&5 40G 1006-X All Slots 100G 1009-X All Slots 100G ASR1002-HX Integrated CC 100G 1x100G 10x10GE 18x1GE ASR1000-MIP100 1Max Bandwidth per slot for EPAs (ESP100 and ESP200) 2x40GE 2No MACsec 2No MACsec 3Breakout cable from 1x100GE 2 2,3 Available now!
  70. 70. RP3 – Next Gen Route Processor § Positioned to help customers migrate from RP1s & RP2s § Investment protection – Supports most of existing and all planned ESPs (ESP100-X, ESP200-X, ESP400-X), interface cards (SIP40, MIP100) and modular chassis (ASR1013, ASR1006-X and ASR1009-X) § Higher maximum DRAM capacity - 8G default, expandable to 64GB § Built-in SSD drive - 100GB default, upgradeable to 400GB+ for log / core /data collection and for running container apps in the future § Larger Flash memory - 8G default for NVRAM contents § Dedicated Crypto Assist chip for better crypto performance and scale (CPS) USB Solid state drive BITS clocking DRAM Management Enet Console/Aux
  71. 71. RP3 Customer Benefits Higher Performance and Scale • Average 20-30% faster than RP2 • Up to 64GB on RP3 for highest IOS XE scale • SSD instead of HDD • Crypto assist chip for up to 2X faster IPsec tunnel CPS Lower TCO • Savings from power and cooling • Support HA and ISSU through redundant ESP/RP • Futureproof to support new forwarding engines and I/O cards Familiar Look and Feel • Supported on ASR1006- X, ASR1009-X and ASR1013 • Same faceplate as RP2 • Same SW and licenses as RP2 • Easy upgrade from RP2
  72. 72. ASR1000 Route Processors RP1 (EOS) RP2 RP3 CPU General Purpose CPU Based on 1.5GHz Processor Intel Dual-core Wolfdale 2.66GHz Intel Quad-core Broadwell 2.2GHz Memory 4GB 8, 16GB 8, 16, 32, 64GB Built-in Boot flash 1GB 2GB 8GB Storage 40GB HDD, External USB 80GB HDD, External USB 100 – 400 GB SSD, External USB Chassis Support ASR1004 ASR1006 ASR1004 ASR1006 ASR1006-X ASR1009-X ASR1013 ASR1006-X ASR1009-X ASR1013
  73. 73. Cisco Confidential 73 Q & A
  74. 74. Cisco Confidential 74 Thank You