Académique Documents
Professionnel Documents
Culture Documents
Cisco Confidential
ASR 9000
Managed L2 / L3 VPNS Integrated
Security Application Recognition
7600 Series
ASR 1000
7200 Series
ISR-G2
Series
Cisco Confidential
Business-Critical
Resiliency
Instant On
Service Delivery
ASR 1002
ASR 1002-F
2.5 5Gbps
2010 Cisco and/or its affiliates. All rights reserved.
2.510
Gbps
ASR 1004
10-40
Gbps
ASR 1006
10-40+
Gbps
40+
Gbps
Cisco Confidential
Cisco 7200
IOS CLI
Yes
Yes
Forwarding
Hardware
Software
Connectivity
Oversubscription
Up to 20Gbps/10+ Mpps
(Aggregate up to 10GE)
Encryption Performance
Hardware Redundancy
Available on ASR1006/ASR1013
(Control and Forwarding plane)
Not available
Software Redundancy
Available for
ASR1001,ASR1002,ASR1004
Not available
Yes
No
Cisco Confidential
High-End Branch, RR, LNS and Managed Services upgrade from 7200
Solution Insertion +Benefits
Now Shipping
2.5-5 Gbps
Cisco Confidential
High-End Branch, RR, LNS and Managed Services upgrade from 7200
Product Features
Small Footprint (1-rack unit height)
Performance range of 2.5 to 5-Gbps
4G (DEFAULT) & 8G Memory options
Up to 1.8 Gbps crypto throughput built-in
1 single height SPA slot for I/O connectivity and 4
built-in GE ports + optional daughter card
Three versions shipping as of IOS XE 3.2S
(Nov10)
Now Shipping
ASR1001
ASR1001-2XOC3POS
2.5-5 Gbps
ASR1001-4XT3
Three additional versions with IOS XE 3.3S
(Mar11)
ASR1001-8XCHT1E1
ASR1001-4X1GE
ASR1001-HDD (160 GB HDD)
High Availability with SW redundancy support
Cisco Confidential
IOS XE
Release
PID
Description
3.2.0S
SASR1001U-32S
3.2.0S
3.2.0S
SASR1001UK9-32S
TABLE B. ASR 1001 feature set licenses (aka technology package licenses)
PID
Description
SLASR1-IPB
SLASR1-AIS
SLASR1-AES
Cisco Confidential
ASR 1013
Supported as of IOS XE 3.1S (Jul10)
Now Shipping
Modular platform
Cisco Confidential
Now Shipping
ESP-40G
SIP-40G
Cisco Confidential
Cisco Confidential
10
Consumer Home
IPv4 Host
6VPE
Enterprise v6
VRF
Enterprise v4 & v6
VRF
BRAS/BNG
CMTS
DSL/Cable/FTTH
NAT
IPv6
Service/Content
Dual-Stack
AFBR
6PE
DS-Lite
SP Core
6rd
L2TP
Dual stack
Consumer Home
Dual-Stack
Host
DS-Lite
Mobility / Wireless
6rd
L2TP
CPE/RG
NAT
IPv4
Internet
Provider-managed
IPv6 connectivity
across IPv4
Mobile IPv6
connectivity to
IPv4 Internet
v6
Cisco Confidential
11
IPv6
Internet
IPv4
Internet
IPv4 core
Dual stack
Access/Core
P
ASR1k
NAT44
ISP
dual stack Core
PE
ASR1k
NAT64
ISP
Dual stack Core
ASR1kP
ISP
dual stack Core
PE
6rd BR/LNSASR1k
NAT44
IPv6 Access
Network
IPv4 Access
Network
IPv6 Access
Network
PE
PE
PE
PE
PE
CPE
CPE
Subscriber
Network
Dual Stack: IPv6 Native
SUPPORTED
NOW
NAT44
Subscriber
Network
Translator: NAT44
SUPPORTED
NOW
CPE
Subscriber
Network
Translator: AFT
Stateless supported
now. Stateful in 3.4S
(July 2011)
CPE
6RD or L2TP
IPv4 Access
Network
6rd RG/LAC
NAT44
CPE
Subscriber
Network
Subscriber
Network
Automatic Tunnel:
6RD or L2TP
Automatic Tunnel:
DS-Lite or dIVI or 4rd
SUPPORTED
NOW
Roadmap
Cisco Confidential
12
Solution Characteristics
BGP Route reflector to power SP core
networks
BGP routing architecture with full-mesh
to other iBGP peers
AAL5
FE
RR
IP/MPLS Core
GE
RR
802.1q
Cisco Confidential
13
Cisco Confidential
14
ASR1000
RP1 (2GB)
ASR1000
RP1 (4GB)
ASR1000
RP2 (8GB)
ASR1000
RP2 (16GB)
ipv4 routes 4M
2M*
7M*
12M*
29M*
vpnv4
routes
2M
6M
10M
24M
ipv6 routes 2M
500K
1.5M
3M
7M
vpnv6
routes
6M
2M
5M
9M
21M
BGP
sessions
<1000
4000
4000
8000
8000
7M
*Tested with BGP selective download feature for ipv4 for dedicated RR application. This feature prevents ipv4 BGP routes to be
installed in RIB and FIB. It reduces memory usage per ipv4 prefix and CPU utilization. This feature will be implemented for ipv6
address family in future release.
To enable this feature, configure
route-map bgp-to-rib deny 10
!
router bgp <AS number>
address-family ipv4 unicast
table-map bgp-to-rib filter
L2VPN address family (for BGP based VPLS Autodiscovery) and CLNS address family support is on roadmap
Cisco Confidential
15
ASR1000 RP1
Convergence
(in seconds)
ASR1000 RP2
Convergence
(in seconds)
1Billion
220
75
1Billion
680
221
1Billion
720
194
1Billion
877
293
2 Billion
375
138
2 Billion
1285
394
2 Billion
1126
284
2 Billion
1766
551
Cisco Confidential
16
Solution Characteristics
Layer 3 and Layer 2 VPNs over MPLS
40G throughput
QoS
MP-BGP
eBGP
EIGRP
IP/MPLS Core
T1/E1
FE
MP-BGP
OSPF
GE
RIP
MP-BGP
2010 Cisco and/or its affiliates. All rights reserved.
STM1/STM4
Cisco Confidential
17
Solution Characteristics
Broadband Aggregation with single or cluster of
BRAS
Ethernet or ATM
Up to 64k sessions/tunnels
Subscriber
LAC
WiFi Mesh
Mobile
Access
Aggregation
Edge
IP / MPLS Core
Residential
Aggregation Network
MPLS/IP
Business
Corporate
Core
Network
MPLS /IP
Access Node
Cisco Confidential
18
Solution Characteristics
Up to 64k sessions/tunnels
QoS support
MPLS etc
Content Farm
Subscriber
LNS
WiFi Mesh
Mobile
VOD TV
Access
Aggregation
Edge
SIP
IP / MPLS Core
Residential
Aggregation Network
MPLS/IP
Business
Corporate
Core
Network
MPLS /IP
Access Node
Cisco Confidential
19
Solution Characteristics
Typically deployed in Public Hotspots (Eg:
Starbucks)
32K sessions & 96K TCs now with higher scaling in future
Content Farm
Subscriber
ISG
Mobile
VOD
Access
Aggregation
TV
SIP
Service Edge
IP / MPLS Core
Billing
Smartphone
AAA
IP
Aggregation Network
MPLS/IP
MPLS /IP
Cisco Confidential
20
Benefits
Solution
CUBE(SP) for Service Provider Edge: SIP
Trunking (SP Premises SBC), residential
Telephony, SP VoIP Peering, SP B2B
TelePresence (SP Exchange SBC
Residence
Residential
IP Telephony
SP VoIP Peering
CUBE (SP)
CUBE (SP)
Enterprise A
2010 Cisco and/or its affiliates. All rights reserved.
CUBE (SP)
Service Provider
SIP Trunking
Other VoIP
Operators
Call Control
Infrastructure
HGW
CUBE (Ent)
CUBE
Enterprise CUBE
CUBE (Ent)
A
Enterprise B
Cisco Confidential
21
Solution Characteristics
Remote-access, site-to-site VPN services
(GETVPN, DMVPN, dVTI, IPSec+GRE)
Up to 7Gbps IPsec encryption + up to 13G
non-encrypt throughput, HW capable of 10K
tunnels
Network based and CPE based security
Optimized for QoS & Multicast
ISR 2900
Small Branch
Internet
Private
WAN
WAN
VPN
Site-to-Site VPN
ISR 3900
Big Branch
MPLS
VPN
ISP-1
ISP-1
ISR 800
Telecommuter
Cisco Confidential
22
Solution Characteristics
Up to 40G Firewall and NAT services
Compliance requirements
Rapid first line of defense against threats
Denial of service protection
Private
Zone
ISP-1
Site-to-Site VPN
IPsec
Zone
Router
Firewall
DMZ Zone
Public
Internet
Services
ISR 2900/3900
Branch Offices
ISP-2
ISR 800
Telecommuter
Cisco Confidential
23
Cisco Confidential
24
ASR1001
ASR1002-F
ASR 1002
ASR 1004
ASR 1006
ASR 1013
SPA Slots
1-slot
1-slot
3-slot
8-slot
12-slot
24-slot
ESP Slots
Integrated
Integrated
Integrated
SIP slots
Integrated
Integrated
Integrated
IOS
Redundancy
Software
Software
Software
Software
Hardware
Hardware
Built-in GE
N/A
N/A
N/A
Height
1.75 (1RU)
3.5 (2RU)
3.5 (2RU)
7 (4RU)
10.5 (6RU)
22.7 (13RU)
Bandwidth
2.5 to 5 Gbps
2.5 Gbps
5 to 10 Gbps
10 to 40 Gbps
40 Gbps as of
3.2S
10 to 40 Gbps
40+ Gbps
Maximum
output Power
400W
470W
470W
765W
1275W
3200W
Airflow
Front to back
Front to back
Front to back
Front to back
Front to back
Front to back
Integrated I/O
1
Daughtercard
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
25
ASR1001 with
integrated ESP
@ 2.5Gbps
System
Bandwidth
ASR1001
with
integrated
ESP @
5Gbps
ESP-5G
ESP-10G
ESP-20G
ESP-40G
2.5Gbps
5Gbps
5Gbps
10Gbps
20Gbps
40Gbps
3Mpps
8Mpps
8Mpps
15Mpps
23Mpps
23Mpps
10
10
20
40
40
40
900 Mhz
900 Mhz
900 Mhz
900 Mhz
1.2 GHz
1.2 GHz
1.8Gbps
1.8Gbps
1.8Gbps
4.4Gbps
8.5Gbps
11Gbps
256MB
256MB
256MB
512MB
1GB
1GB
64MB
64MB
64MB
128MB
256MB
256MB
Control CPU
N/A
N/A
800 MHz
800 MHz
1.2 GHz
1.8 GHz
Control Memory
1GB
1GB
1GB
2GB
4GB
8GB
TCAM
10Mb
10Mb
10Mb
10Mb
40Mb
40Mb
ASR 1002
ASR 1002,
1004, 1006
ASR 1004,
1006
ASR 1004,
1006, 1013
Performance
# of Processors
Clock Rate
Crypto Engine
BW (1400 bytes)
QFP Resource
Memory
Packet Buffer
ASR1001
Chassis Support
ASR 1001
(via upgrade
license)
Cisco Confidential
26
ASR1001 with
integrated RP
RP1
RP2
Orderable
as of
IOS XE 3.2S
CPU
Dual-Core 2.66GHz
Processor
8GB
2GB
32 bit
64 bit
Integrated in ASR1002,
ASR1004 and ASR1006
Memory
External USB
64 bit
Chassis Support
ASR1001
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
27
Orderable
as of
IOS XE 3.1S
ASR1000-SIP10
ASR1000-SIP40
Bandwidth
10G
40G
Ingress Buffering
128MB
128MB
Egress Buffering
8MB
8MB
ESI Frequency
3.125GHz
6.25GHz or 3.125GHz
11Gbps
23Gbps
1 or 2
Total Bandwidth
11Gbps
23Gbps/46Gbps
Cisco Confidential
28
Ethernet SPA
Serial / POS
SPA-4X1FE-TX-V2
SPA-4XT-Serial
SPA-8X1FE-TX-V2
SPA-2XT3/E3
SPA-2X1GE-V2
SPA-4XT3/E3
SPA-5X1GE-V2
SPA-2XOC3-POS
SPA-8X1GE-V2
SPA-4XOC3-POS
SPA-10XGE-V2
SPA-1X10GE-L-V2
Optics
SFP-GE-S
SFP-GE-L
SFP-GE-Z
SFP-GE-T
CWDM
SPA-8XOC3-POS
Channelized
SPA-8XCHT1/E1
SPA-2XCT3/DS0
SPA-4XCT3/DS0
SPA-1XCHSTM1/OC3
SPA-1xCHOC12/DS0
SFP-OC3-IR1
SFP-OC3-LR1
SFP-OC3-LR2
SFP-OC12-MM
SFP-OC12-SR
SPA-2XOC12-POS
SPA-1XOC3-ATM-V2
SFP-OC12-IR1
SPA-4XOC12-POS
SPA-3XOC3-ATM-V2
SPA-8XOC12-POS
SPA-1XOC12-ATM-V2
SFP-OC12-LR1
SFP-OC12-LR2
SFP-OC48-SR
SFP-OC48-IR1
SFP-OC48-LR2
XFP-10GLR-OC192SR
XFP-10GER-OC192IR
XFP-10GZR-OC192LR
XFP-10GZR-OC192LR
GLC-BX-D
SFP-OC3-SR
SPA-1XOC12-POS
XFP-10GER-OC192IR
GLC-BX-U
SFP-OC3-MM
ATM SPA
XFP-10GLR-OC192SR
GLC-GE-100FX
Optics
Clocking/Sync SPA
Service SPAs
SPA-2X1GE-SYNCE
SPA-WMA-K9
SPA-DSP
Cisco Confidential
29
Cisco Confidential
30
Now Shipping
Software Features
Software Features
Routing
PfR Enhancements
LISP Phase 1
NSR for OSPF
MPLS TE over GRE
BFDv6 single hop
BFD for RIP
Router Server
Broadband
PPPoA
IPv6 RA-MPLS (LNS & vrf-lite)
DHCPv6 Server/Relay VRF aware
PD
BB Scaling
48K PPP with HA/queues & 64K
without (no ISG)
L2TP Tunnel Scaling 64K
L2VPN
AToM Interworking, local-switching
L2TPv3: HDLC and Pseudowire
redundancy
EVC Enhancements: VLAN range,
QoS Classification, Marking,
Policing, Custom Ethertype
ATM Phase 2
MPLS over ATM
ATM VP Shaping
8K ATM OAM (RP2)
QoS
Show packet match statistics
Show QoS packet marking
statistics with scale
Security Services
IPSec IKEv2 & Other enhancements
Firewall per-VRF resource
protection
Firewall/NAT Stateful Inter-Chassis
Redundancy - Support for ASR
1006/1013 (single RP/ESP)
VASI
Increased scale to 1000 pairs
Flexible Netflow
IPv6 support and ISSU
NBAR Enhancements
CUBE (SP)
CUBE (ENT)
MIB
MIB support for monitoring ASR
1000 crypto asic utilization
Hardware
SPA
10GE Wan-phy: SPA-1X10GE-WLV2
OC3 Circuit Emulation: SPA1CHOC3-CE-ATM (CEM support
only
ASR 1013 Power Supply on
ASR1006 chassis
Cisco Confidential
31
Now Shipping
AToM Phase 2
Interworking
(Routed &
Bridged)
Ethernet to
DLCI
Ethernet
(Port&VLAN
) to ATM
Ethernet to
HDLC
Ethernet to
PPP
PfR
Enhancements
NBAR
IPSec
CUBE-SP
Master
Controller
Support
HSRP Support
for ASR 1000 as
Master
Controller
Performance
Routing - Link
Groups
Performance
Routing Application
Interfaces
PfR Master
Controller
Enhancementmonitoring of up
to 200 External
interfaces
(CSCsi05590)
IPv6 Static
IANA NBAR
(protocol
discovery
only)
~20
new/updated
L7 stateful
Ipv4 protocols
In-service
protocol pack
upgrade/down
grade and
enablement.
Capacity
enhancement
s
VRF support
IKEv2 Site
to site VPN
and Windows
client support
Multi-SA for
dVTI
Suport for
SVTI
RRI support
Static &
dynamic
initialization
Use of AAA
for VRF, ACL
etc
assignment
Advanced SIP
Header
Manipulations
H.239
Voice
Transcoding per
adjacency
Statistics
Message and
Policy Statistics
enhancements
Flow Statistics
QoS
enhancements
Selective Radius
billing
SPA-DSP: Call
preservation,
recover upon
crashed DSP
Cisco Confidential
32
Execute Committed
Software Features
Routing
IPFRR (ISIS, OSPF)
GEC-IPv6 load-balancing
BGP Diverse Path in RR
GRE Enhancements (BFD, IGP/LDP
Sync)
MLFR
PfR RSVP CAC + PfR
Simplification - NetFlow v9
Performance Data Export (IOS XE)
ERSPAN: Support GRE/mgre tunnel
interfaces as SPAN/ERSPAN source
(if tunnel encrypted, after
decryption) + Support ipsec v4/v6
SVTI interface as SPAN/ERSPAN
source (after decryption)
Multicast:
Multicast service reflection
IPv6 vrf-lite
Broadband
MLPPPoE - LFI (LNS)
ISGv6 Phase 1
Stateful NAT64 (MIBs & High Speed
Logging)
CUBE (SP) enhancements
SIP/SDP editor
QOS flow statistics
Mobile
PMIPv6 (MAG)
Software Features
L2VPN
AToM Pseudowire Load-balancing
Security Services
IKEv2 + AnyConnect for FlexVPN
Trustsec Identity aware FW
Dynamic VTI QoS
IPSec Scale improvements
IP multicastdynamic NAT
FW/NAT-ALG/AIC: GTP (GPRS
Tunneling Protocol), FTP64
DDOS Prevention
SCEASR Phase 1
NBAR2 classification
Reporting per application
Control Per application (QoS)
QoS
QoS on dVTI scaling of up to
2000 dVTI tunnels
ISSU
Single-shot CLI automation
Hardware
RP1 minimum memory is 4GB (2GB
RP1 is not supported)
SPA
SPA-2CHT3-CE-ATM (ATM mode
only for T3)
SPA-24CHT1-CE-ATM (CE mode
only; channelized)
Cisco Confidential
33
Execute Committed
ISGv6
CUBE (SP)
Security Features
DDOS Prevention
Half-Open UDP Attack
prevention
ICMP Echo Flood
Prevention
Trustsec
TrustSec SXP IPv4
TrustSec SXP Version
Negotiation
L2 SGT Imposition and
Forwarding
TrustSec SXP SNMP and
Syslogs (Monitoring only)
Cisco Confidential
34
ASR 1013
(RLS 3.1.0S)
ASR 1002
RP-3
Future
RP-2
RP-1
40G
5G
10G
20G
(RLS 3.1.0S)
80/160G +
Future
Cisco Confidential
35
Utilizes NBAR for Data DPI (what) and FNF for Flow information (who,
where, when)
Use Cases
Enterprise Internet Edge
Market Leading
Technology
WAN Aggregation
SP BRAS LNS
2010 Cisco and/or its affiliates. All rights reserved.
Availability
Starting in July 2011
Cisco Confidential
36
INTEGRATED DEPLOYMENT
ASR1k
+
SCE
37
System
Scalability
High Availability
Modular HW / SW
Architecture
In Service Software
Upgrade (ISSU)
Inter-chassis
Hardware / Software
Redundancy
Carrier Class
Design
Service
Richness
Cisco Confidential
38
Thank you.
Cisco Confidential
39