Vous êtes sur la page 1sur 38

ASR1K – 102

IOS XE Software Architecture

Matt Falkner
Technical Marketing SRTG

January 2012

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1
• ASR 1000 Software
Architecture
• Packet Flow Example

• IOS XE Feature Highlights

• IOS XE Releases and


Packaging
• Summary

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Route Processor

• IOS XE = IOS + IOS XE Middleware + IOS IOS


Platform Software
(Active) (Standby)

• Operational Consistency—same look


IOS XE Platform Adaptation Layer (PAL)
and feel as IOS Router Chassis Forwarding
Manager Manager
• IOS runs as its own Linux process for
control plane (Routing, SNMP, CLI Kernel
etc.) Capable of 64-bit operation
• Linux kernel with multiple processes Control Messaging
running in
protected memory for
Fault containment SPASPASPASPA QFP
Driver
Driver
Driver
Driver Client/Driver
Re-startability
ISSU of individual SW packages Chassis Forwarding Chassis
Manager Manager Manager

• ASR 1000 HA Innovations


Kernel Kernel
Zero-packet-loss RP Failover
<50ms ESP Failover SPA Interface Processor Embedded Services
“Software Redundancy”
Processor

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
• Runs Control Plane
• Generates configurations RP CPU
• Populates and maintains routing tables (RIB, FIB…) Chassis Mgr.
IOS Forwarding Mgr.
• Provides abstraction layer between hardware and IOS
(manages ESP redundancy)
• Maintains copy of FIB and interface list Kernel Kernel
(incl. utilities)
(incl. utilities)
• Communicates FIB status to active & standby ESP (or
bulk-download state info in case of restart) Interconn.

• Process scheduling, memory management, interrupts


• Suite of low-level applications (OBFL, debugging..) ESP FECP QFP Chassis Mgr.
• Provides IPC to other system components Client /
Forwarding Mgr.
Driver
• Maintains copy of FIBs Kernel Kernel
(incl. utilities)
(incl. utilities)
• Programs QFP forwarding plane and QFP DRAM
• Statistics collection and communication to RP QFP subsys-tem
Interconn.
QFP code
• Communicates with Forwarding manager on RP Interconn.
• Provides interface to QFP Client / Driver Crypto assist

• Implements forwarding plane for all features


• Programs PPEs with forwarding information
• Executes Egress QoS in Hardware SIP
Interconn.
IOCP
SPA SPA Chassis Mgr.
SPA
drive SPA
drive
drive
r r
r driver
SPA Agg. Kernel (incl. utilities)

SPA … SPA

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
RP
CPU
Chassis Mgr.
IOS Forwarding Mgr.

Kernel (incl. utilities)

Interconn.

ESP FECP QFP Chassis Mgr.


Client /
Driver Forwarding Mgr.
Kernel (incl. utilities)

QFP subsys-tem
Interconn.
QFP
code
Interconn. OIR / Chassis
Crypto assist
messages
Forwarding
Control
SIP
messages IOCP
Chassis Mgr.
Interconn. SPA
SPA
SPA
driv
driv SPA
driv
erer
driver
er
SPA
ESI, 10/40Gbps IPC Messages
Agg. Kernel (incl. utilities)
SPA-SPI, 11.2Gbps GE, 1Gbps
Hypertransport, 10Gbps I2C
Other SPA Control
SPA Bus
© 2011 Cisco and/or its affiliates. All rights reserved. SPA … SPA Cisco Confidential 6
• Feature processing follows a pre-defined executing sequence, e.g.

L2/L3 IPv6 IPv4 MPLS XConnect L2 Switch


Classify
IPv4 Validation

SSLVPN BGP Policy Acct. Forwarding NAT ISG


ERSPAN ISG APS Marking
• IP Unicast
MLP QPPB • Loadbalancing WCCP Policing
• IP Multicast
IP Hdr. Compress. IPSec • MPLS Imposit. Classify Accounting
• MPLS Dispos. TCP MSS Adjust
VASI uRPF • MPLS Switch. SSLVPN
LI NAT • FRR Firewall Netflow
• AToM Dispos.
LISP PBR • MPLSoGRE IPSec LI
FPM SBC ACL BDI
ACL WCCP GEC IP Tunnels
FPM IPHC
MLP Queuing
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
SIP RP ESP
POST POST POST
HW Initialization HW Initialization HW Initialization
Initialize EOBC Initialize EOBC Initialize EOBC
Wait for RP Master Boot Linux Kernel and Middleware Wait for RP Master
Start IOS
CMRP detects cards via CPLD
CMRP determines Master RP and ESP
Detect RPact via ROMMON CMRP informs SIPs & ESP about Master via I2C Detect RPact via ROMMON
Upload inventory via CPLD CMRP downloads SIP & ESP software packages Upload inventory via CPLD
ROMMON download software to SIP / ESP ROMMON download
package software package
Boot Kernel Boot Kernel
CMSIP registers with CMRP CMESP registers with CMRP
CMSIP starts IOS-XE for SPAs CMESP starts QFP
CMRP sends ESI config to CMSIP and CMESP CMESP signals ready to RP
CMSIP sends ESI link status CMESP sends ESI link status

• Master RP determines which RP becomes RPact (and which RP becomes RPsby)


• Status of ASR 1000 hardware component is kept in the RPs chassis management process CM RP
• Failure in the bring-up of any component will make it unavailable
Could result in single-RP chassis or single ESP chassis, for example

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
ESPs
1. SPA receives packet data from its network
interfaces and transfers the packet to the SIP

Interconn. 2. SPA Aggregation ASIC classifies the


packet into H/L priority

3. SIP writes packet data to external 128B memory


Egress (at 40Gbps from 4 full-rate SPAs)
Ingress Buffer
Scheduler Status
4. Ingress buffer memory is carved into 64 queues.
The queues are arranged by SPA-SPI channel
g and optionally H/L. Channels on “channelized”
… SPA … SPAs share the same queue.
aggregation
Ingress Buffers
ASIC
Egress Buffers 5. SPA ASIC selects among ingress queues for next
(per port) (per port)
pkt to send to ESP over ESI. It prepares the
packet for internal transmission
Ingress 6. The interconnect transmits packet data of selected
classifier SPA Agg.
packet over ESI to active ESP at up to 40 Gbps

7. Active ESP can backpressure SIP via ESI ctl


message to slow pkt transfer over ESI if
overloaded (provides separate backpressure
ESI, 10/40Gbps
SPA-SPI, 11.2Gbps
for Hi vs. Low priority pkt data)
Hypertransport, 10Gbps
4 SPAs
Other
© 2011 Cisco and/or its affiliates. All rights reserved.
Data Cisco Confidential 10
TECOPT-2401 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
1. Packet arrives on QFP

Resource Pkt Buffer


2. Packet assigned to a PPE thread.
TCAM4 DRAM Part Len/
DRAM
(10Mbit)
(512MB) (128MB) BW SRAM 3. The PPE thread processes the packet in a
feature chain similar to 12.2S IOS (very
Processor pool Quantum Flow basic view of a v4 use case):
PPE0
PPE0 PPE0
PPE0
Processor Input Features applied
PPE0 PPE0
PPE2 PPE0
PPE0 PPE0
PPE4
PPE0
PPE0 PPE0
PPE3 NetFlow, MQC/NBAR Classify, FW, RPF,
PPE1
Mark/Police, NAT, WCCP etc.
Forwarding Decision is made
PPE0
PPE0
PPE0
PPE5
PPE0
PPE0
PPE0
PPE6 … PPE0
PPE0
PPE0
PPE40
Buffer, queue, schedule
Buffer, queue, schedule
Buffer, queue, (BQS)
schedule (BQS) Ipv4 FIB, Load Balance, MPLS, MPLSoGRE,
(BQS)
Multicast etc.
Output Features applied
NetFlow, FW, NAT, Crypto, MQC/NBAR
Dispatcher/ Classify, Police/Mark etc.
Pkt Buffer Finished
4. Packet released from on-chip memory
to Traffic Manager (Queued)
ASR System BW 5. The Traffic Manager schedules which
(Depends on ESP) traffic to send to which SIP interface (or
Interconnect RP or Crypto Chip) based on priority and
what is configured in MQC
ESI, 10/40Gbps
6. SIP can independently backpressure ESP
SIP-10 SPA-SPI, 11.2Gbps via ESI control message to pace the
© 2011 Cisco and/or its affiliates. All rights reserved.
Data Hypertransport, 10Gbps packet transfer if overloaded Cisco Confidential 11
Other
Data
ESPs
1. Interconnect receives packet data over ESI
from the active ESP at up to 40 Gbps
Interconn.
2. SPA Aggregation ASIC receives the packet
and writes it to external egress buffer
memory
Egress
Ingress Buffer 3. Egress buffer memory is carved into 64
Scheduler Status
queues. The queues are arranged by
egress SPA-SPI channel and optionally H/L.
g Channels on “channelized” SPAs share
… SPA …
the same queue.
Ingress Buffers Aggregation Egress Buffers
(per port) (per port) 4. SPA Aggregation ASIC selects and transfers
ASIC packet data from eligible queues to SPA-SPI
channel (Hi queue are selected before Low)
Ingress
classifier SPA Agg. 5. SPA can backpressure transfer of packet
data burst independently for each SPA-SPI
channel using SPI FIFO status
ESI, 10/40Gbps 6. SPA transmits packet data on network
SPA-SPI, 11.2Gbps
interface
Hypertransport, 10Gbps 4 SPAs
Other
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
RP CPU
Chassis Mgr.
• By example of OSPF LSA IOS
IOS FIB Forwarding Mgr.

• OSPF LSA arrives on the SPA and is forwarded to the SIP


Kernel (incl.
Kernel utilities)
(incl. utilities)
• SIP performs ingress H/L classification and sends packet
to ESP Interconn.

• QFP receives OSPF LSA and sends to a PPE for


processing
ESP FECP QFP Chassis Mgr.
Client /
• PPE executes features and realizes this is an OSPF LSA Driver Forwarding Mgr.

• PPE marks internal header to forward packet to the RP Kernel (incl.


Kernelutilities)
(incl. utilities)

• PPE releases OSPF LSA to BQS QFP subsys-tem


Interconn.
QFP
code
• BQS Scheduler sends packet to RP Interconn.
Crypto assist
• RP receives packet over ESI link and sends to IOS

• IOS Processes OSPF LSA and performs SPF SIP IOCP


Interconn. SPSP
Chassis Mgr.
• IOS updates RIB/FIB and sends to FMRP A A SP
drivA
driv SPA
ererdriv
driver
SPA er
• FMRP keeps copy of FIB and sends also down to FMESP
Agg. Kernel (incl. utilities)
ESI, 10/40Gbps
• FMESP keeps a copy of the FIB and programs QFP SPA-SPI, 11.2Gbps
Hypertransport, 10Gbp
Other
SPA … SPA IPC Messages
GE, 1Gbps
I2C
SBE
© 2011 Cisco and/or its affiliates. All rights reserved.
LSA
SPA Control 13
Cisco Confidential
SPA Bus
1. Packet arrives on QFP
TCAM4
2. Packet assigned to a PPE thread.
Resource Pkt Buffer Part Len/
DRAM BW
Input Features applied
DRAM
SRAM Netflow, MQC/NBAR Classify, FW, RPF,
Mark/Police, NAT, WCCP etc.
Processor pool
3. Packet replicated
PPE0
PPE0 PPE0
PPE0
QFP
PPE0
PPE0
PPE0
PPE1
PPE0
PPE2 PPE0
PPE0
PPE0
PPE3
PPE0
PPE4 4. The PPE thread processes the packet
in a feature chain similar to 12.2S IOS
(very basic view of a v4 packet):
PPE0
PPE0
PPE0
PPE5
PPE0
PPE0
PPE0
PPE6 … PPE0
PPE0
PPE0
PPE40
Buffer, queue, schedule
Buffer, queue, schedule
Buffer,
(BQS) queue, schedule (BQS)
Forwarding Decision is made
(BQS)
IPv4 / IPv6 MFIB
Output Features applied
Netflow, FW, NAT, Crypto, MQC/NBAR
Dispatcher/
Classify, Police/Mark etc.
Pkt Buffer Finished
5. Packet released from on-chip memory
to Traffic Manager (Queued)
6. The Traffic Manager schedules which
traffic to send to which SIP interface
(or RP or Crypto Chip) based on
Interconn. priority and what is configured in MQC
7. SIP can independently backpressure
ESI, 10/40Gbps ESP via ESI control message to pace
SIPs SPA-SPI, 11.2Gbps the packet transfer if overloaded.
© 2011 Cisco and/or its affiliates. All rights reserved. Mcst
Mcst Hypertransport, 10Gbps Cisco Confidential 14
Other
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Routing & • IPv4 / IPv6 routing • CRoMPLS • BGP PIC Core • BGP PE-CE Opt.
MPLS & L2 • BGP, RIP, IS-IS, OSPF, • EoMPLS • IPv4 selective Download • mVPN
Static routes • PW redundancy • Ethernet, POS, ATM • Half-duplex VRF
(IPv4 / IPv6) • GRE • MLPPP • GLBP, HSRP, VRRP • BGP Pic Best External
• MPLS LDP • GEC • IP event dampening • IPv4 over IPv6 Tunnels
• MPLS VPN • PBR • BFD for IS-IS, OSPF, Static • PfR
• Inter-AS & CsC • Netflow (v5, v8, v9) (IPv4 & IPv6) • L2TPv3
• MPLSoGRE • BGP policy accounting • WCCP
• MPLS TE FRR • BGP NSF • 8000 eBGP/iBGP
• VRF-aware features • BGP 4-byte AS (DOT) • 4000 VRF
 LAC& PTA (v4 & v6) – DHCPv4 & v6, QoS & HA  Per-session PBR (max 1K
Broadband PPPoE, PPPoEoQinQ, Accounting, AAA  Dynamic QOS Policy Control sessions)
PPPoEoA & PPPoA accounting, Radius-based LI (Service Template)  IPv4 & IPv6 Template ACL
 LNS (v4 & v6)  ISG HA: Dual-stack PPP,  PPPoE Server Selection for BB Scaling
 L2TS IPoE (IPv4 only) (Stateless Cluster)  NAT44 and NAT64, 6rd
 ISG v4: PPP & IPoE - TC,  DHCP Relay & Server (vrf  Service Accounting (Turbo  MLPPPoE & MLPPPoA
Prepaid, PBHK, L4R etc) aware)– v4 & v6 Button) (single link-LFI)
 ISGv6: Dual stack PPP  RA-MPLS-IPv4 & IPv6(LNS &  LI (SNMP, RADIUS, Circuit-  PPPoE client
sessions (PTA & LNS); vrf-lite) id)
IPv6oE (unclassified IP)  Per-session Firewall (PPP)  QoS accounting – QoS stats
 BB HA: PPP, AAA, L2TP,  4-level Hierarchical QoS included in AAA records
 ANCP + ANCP values to LN accounting records.
Multicast • PIM • MVPN Extranet • Extended ACL for
• PIM BiDir • Multicast NAT Multicast
• IPv6 Multicast Routing • Multicast CAC
• IPv6 BSR • MVPN NSF/SSO
• MVPN • IGMPv2/v3

QoS • HQF support • 256 class Maps • ATM service policies (VP/VC)
• 2PQs, 128K queues • 4-level hierarchical scheduling • NBAR
• MQC: classification, marking, action • Bandwidth remaining ratio • FPM
• Egress traffic shaping • Policies aggregation
• dual/single rate 3 color policing • ATM shaping per VP/VC
• 4K policy Maps • Egress classification on QoS group
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Security • hardware assisted IPSec • Control Plane Policing • VRF-aware IPSec
• IPSec VPN 3DES/AES • FIPS compliance • VRF-aware Zone-based FW
• DMVPN • IPv6 IPSec static VI
• GETVPN • VRF-aware zone-based
• Zone-based Firewall Firewall
• NAT • VRF-aware NAT
• RTSP Firewall ALG • DMVPN Hierarchical Hub

SBC • Distributed and Integrated • DBE control interface manipulation


SBC H.248, V4 transport, UDP, • Privacy Header
• Topology Identity hiding TCP, etc • Signaling congestion
• DoS Protection • Twice NAT for IPv4 control
• Pinhole/filter control • No NAT for IPv6 • IPv6 support
• SIP Signaling/latching • H.248 ACK 3-way • SBC Endpoint switching
• NAPT • H.248 interim accounting
• Megaco/H.248 • SIP-H.323, H.323-H.323
• Flow-based QoS control • Flexible header

HA • Config Synch • FR, PPP, MLPPP, HDLC, •MPLS, MPLS-VPN, LDP,


• SNMP, ARP, NAT VLAN VRF-lite
•Stateful IS-IS • DHCPv4/v6
• IPv6 • IPSec

Network • LAN Management Solution • Cisco Multicast Manager


Management • Cisco Information Center • Traffic Engineering Manger
• QoS Policy Manager • MPLS LSP Ping / Traceroute
• IP Solution Center • MIBs
• MPLS Diagnostics Expert • SNMP
• Netflow Collector • Syslog
• Cisco Security Manager • VRF-aware NF
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
• ASR 1000 designed with QoS throughout system architecture from ingress to egress
• QFP Traffic Manager has full visibility into the packet
Enables sophisticated QoS processing, including DPI

• QFP ASIC embodies state-of-the art egress QoS


5+ levels of scheduling
128K user queues
Priority propagation & dual priority queues
3-parameter scheduling
ASR 1000 Traffic Manager
• All interconnects allow for high/low priority queues
Xon-Xoff used to backpressure

• Scheduler exhibits industry-leading accuracy

EF

AF4

AF1 VLAN

default
Physical
Interface
EF

AF4 VLAN SIP


AF1
Physical
© 2011 Cisco and/or its affiliates. All rights reserved. Interface Cisco Confidential 18
default
1. Classification
Precedence, DSCP, MPLS EXP, 802.1p, FR-DE,
ACL, packet-length, ATM CLP, Inner/Outer CoS
(QinQ)
HW-assist: TCAM
2. Marking
Precedence, DSCP, MPLS EXP, 802.1p, FR-DE,
discard-class, qos-group, ATM CLP, etc
HW-assist: none, done in QFP
3. Policing
1 rate 3 color, 2 rate 3 color, percent-based
policing
HW-assist: Policing block in QFP
4. WRED
Precedence, DSCP, discard-class, ECN, Byte or
packet based queue-limits & thresholds
HW-assist: WRED block in QFP

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
1. Ingress packets are temporarily
Cisco QFP Engine ESP10 stored in small internal pkt
buffer until processed
PPE0
PPE0 PPE0
PPE0
Resource PPE0 PPE0
PPE2 PPE0
PPE0 PPE3
Memory PPE0
PPE1 2. Free QFP Engine is allocated for this
3
packet and SW begins processing
Buffer, queue,
Ciscoqueue,
QFP Traffic packet (MAC classification, QOS
Buffer,
schedule(BQS)
(BQS)
TCAM4
PPE0
PPE0
PPE0
PPE5
… PPE0
PPE0
PPE0
PPE40
schedule
Manager 5 Packet classification, ACL’s, forwarding
2 Buffer lookup, police, WRED, etc.) including
Memory modifying packet contents

3. SW accesses tables in resource


4 DRAM and TCAM to perform lookups
1 Dispatcher / Buffer for features enabled for this packet,
update statistics, update state for
stateful features, etc.

4. Once packet processing is complete


and packet has been modified, SW
issues request to enqueue packet to
Interconnect an output queue

5. The packet contents is copied from


the internal pkt buffer to the deep
output packet buffer where it is
stored until scheduled for output
From SIP

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
• ASR 1000 offers fantastic HA support
Redundant ESP / RP on ASR 1006 and ASR 1013
ASR 1006
Software Redundancy on ASR 1001, ASR 1002, ASR
1004
Active Standby
Standby Zero
• Zero packet loss on RP Fail-over! RP fails
Route Becomes
Route Packet
Processor
HW or SW Processor
Active Loss
• Full support for ISSU
• Intra-chassis SSO support for
Configuration Active Standby
Forwarding Forwarding
Protocols: FR, ML(PPP), HDLC, VLAN , IS-IS, BGP, CEF, Processor Processor
SNMP, MPLS, MPLS VPN, LDP, VRF-lite
Stateful features: PPPoX, AAA, DHCP, IPSec, NAT,
Firewall
SPA SPA SPA SPA SPA SPA
• IOS XE also provides full support for Network SPA Carrier Card SPA Carrier Card SPA Carrier Card
Resiliency
SPA SPA SPA SPA SPA SPA
NSF/GR for BGP, OSPFv2/v3, IS-IS, EIGRP, LDP
IP Event Dampening
BFD (BGP, IS-IS, OSPF)
GLBP, HSRP, VRRP

• Stateful inter-chassis redundancy available for NAT,


Firewall, SBC

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
• Ability to perform software upgrade of the IOS image on the single-engine systems
• Support for in-service software downgrade
• “In Service” component upgrades (SIP-Base, SIP-SPA, ESP-Base) without requiring reboot to the
system
• Hitless upgrade of some of the software packages in a single engine system
• Hitless upgrade of some software packages in the active RP of a redundant engine system
• Pre-provisioning Capability
• RP Portability - installing & configuring hardware that are physically not present in the chassis
This allows the user to configure an RP in one system i.e. a 4RU and then move it to another system i.e. a fully
populated 6RU

Software Release
3.1.0 3.1.1 3.1.2 3.2.1 3.2.2
From \ To
3.1.0 N/A SSO Tested SSO SSO via 3.1.2 SSO via 3.1.2

3.1.1 SSO Tested N/A SSO Tested SSO via 3.1.2 SSO via 3.1.2

3.1.2 SSO SSO Tested N/A SSO Tested SSO Tested

3.2.1 SSO via 3.1.2 SSO via 3.1.2 SSO Tested N/A SSO Tested

3.2.2 SSO via 3.1.2 SSO via 3.1.2 SSO Tested SSO Tested N/A

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Procedure Intended Use Prerequisites (what to High Level Procedure Impact1
do/know before you
start)

Consolidated Easy upgrade • Homogen Build / 1. ISSU loadversion standby RP 100sec traffic loss
package mode of a redundant Stby’s HOT 2. ISSU runversion
6RU • 6RU w/ red. h/w & 3. ISSU acceptversion (optional)
new supers in both 4. ISSU commitversion
active/standby RPs 5. hw-module slot RP-slot reload
Sub-package Sliding • Homogen Build / 1. Upgrade all standby RP sub- 1. 0 traffic loss
mode 1 Minimum Stby’s HOT pkgs 2. 100sec traffic loss per SIP
disruption to • RPs booted in sub- 2. Rolling upgrade of SIP slots 3. 50ms traffic loss
redundant pkg mode & new 3. Rolling upgrade of ESPs 4. 0 traffic loss
6RU chassis supers expanded 4. Upgrade active RP & switchover

Sub-package SPA FIRST • Homogen Build / 1. Upgrade selective SPA 1. 30sec traffic loss
mode 2 Upgrade to Stby’s HOT 2. Rolling upgrade of ESPs 2. 50ms traffic loss
redundant • RPs booted in sub- 3. Rolling upgrade of SIP slots 3. 100sec traffic loss per SIP
6RU chassis pkg mode & new 4. Upgrade all standby RP sub- 4. 0 traffic loss
supers expanded pkgs 5. 0 traffic loss
5. Upgrade active RP & switchover
Sub-package PSIRT • Homogen Build / 1. Upgrade standby RPIOS sub-pkg 1. 0 packet loss
mode 3 upgrade of Stby’s HOT Switchover (End here)
RPIOS only on • Booted in sub-pkg
any chassis mode
type

1 Times indicated in this column denotes the total time for the specific module to be ready to process packets.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
• Software failure
– Software redundancy helps when there is a RP-IOS failure/crash; the active process will
switchover to the standby, while forwarding continues with zero packet loss
– Other software crashes (example: SIP or ESP) cannot benefit from Software redundancy
• Software upgrade
– The software upgrade procedure for ASR1002/ASR1004 allows customers to upgrade the RP-IOS
package only as the first step of the software upgrade procedure and defer all the other steps to a
later time – example: Maintenance window
– This allows customers to take advantage of any bug fixes of RP-IOS (or in the case of a PSIRT)
available in the next rebuild while maintaining the router in service.
– The heterogeneous configuration of RP-IOS in one version vs the rest of the sub-packages in a
different version is a supported configuration. It is however required that the configuration
become homogeneous (i.e all sub-packages in the same version) before upgrading to the next
software version.

Procedure Intended Use Prerequisites (what to High Level Procedure Impact1


do/know before you
start)

Sub-package Sliding • Homogen Build / 1. Upgrade standby ‘bay’ & 1. 0 traffic loss
mode 1 Minimum Stby’s HOT switchover 2. 100sec traffic loss per SIP
disruption to • RP booted in sub-pkg 2. Rolling upgrade of SIPs (if 3. 100sec traffic loss
s/w redundant mode & new super possible) 4. X sec – depends on configuration
2/4RU chassis’ expanded 3. Upgrade ESP (you take a hit)
4. Upgrade remaining RP sub-pkgs

Sub-package PSIRT upgrade • Homogen Build / 1. Upgrade standby bay RPIOS sub- 1. 0 packet loss
mode 2 of RPIOS only Stby’s HOT pkg & Switchover (End here)
on any chassis • Booted in sub-pkg
type mode

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
• Existing ISSU procedure is a multiple step process. This enhancement greatly simplifies the
ISSU process by a single CLI which will execute the multiple steps

• CLI: request platform software package install node file <filename> sip-delay <1-172800>
Sip-delay will allow delay for each SIP upgrade in the sub=package mode

• When this command is executed, it will automatically be adapted to ‘consolidated mode’ or ‘sub-
package mode’ running in the system

• In sub-package mode, this CLI will execute the step-by-step procedure documented in
CISCO.COM

• This table summarizes the support matrix of one shot ISSU in terms of ASR 1000 platform and
package mode running in the system
Consolidated package Sub-packages
ASR 1013 Support Support
ASR 1006 Support Support
ASR 1004 N/A Support
ASR 1002 N/A Support
ASR 1001 N/A Not Supported

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
• Support for Any-transport-over-MPLS,
including EoMPLS
EVC Infrastructure
Port/VLAN/.1q modes with interworking and local
switching! connect
(hair-pin)

• Support for EVC infrastructure xconnect Pseud


o
wire
VLAN tags (single, double, ambiguous) connect

Untagged traffic Pseud


BD L2 VFI o
Unclassified traffic (default) wire

MPLS
Pseud
802.1ad S-VLANs o
wire

Custom EtherType Ports


(eg. IPv4/v6, PPPoE Discovery, BD Subintf L3/VRF
Routed
PPPoE Session)
CoS (802.1p bits)
BD BD L2 Interworking
• Flexible EVC forwarding services EFPs

• OTV support L2 MP Bridging


Including Multihoming with per VLAN load-balancing
and VM Mobility, MAC moves from one site to another EFPs ATM/FR

• VPLS Support
Available TBD
• Ethernet OAM Support

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
•Prepaid services, Per subscriber Firewall, Portal integration for self-
Feature richness & services support provisioning, Policy server solutions, Services accounting within a
session, Integrated DPI (roadmap) etc

•LNS
Wholesale Broadband Deployment •PW based backhaul
•RA-MPLS

•HA for PPP, L2TP, AAA - supported now


High Availability and ISSU
•HA for IPoEv4 and TCs

•Dual-stack subscribers - PPPoE now and IPoE (future)


IPv6 Subscriber Support •IPv6 native sessions with ISG
•IPv6 subscribers tunneled in L2TP

•NAT44 - maximum of 2M NAT sessions


IPv4 Address Exhaust solutions •NAT64 - stateless and stateful NAT64 models
•6RD - IPv6 Rapid Deployment tunneling model

•LNS - aggregating the hotspots


•ISG - Managing individual subscriber authentication, services, billing
SP WiFi PWLAN Aggregation
etc
•NAT - Providing translation for private IPv4 address to public

•PPPoEoA
Legacy Broadband Migration options •PPPoA
•RBE

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
• ESP-embedded Crypto ASIC enables high- • VRF-aware IPSec
performant encryption services
With Dynamic crypto maps or dVTI
Up to 11 Gbps with ESP40
Up to 8000 site-site IPSec CM tunnels MPLS VPN or IEEE 802.1q
Up to 4000 sVTI, dVTI, GRE/TP tunnels
• Multi-SA for dVTI to enable connection with
• QFP processing-to-completion using the FIA non-Cisco VPN routers
allows for IPSec computation in combination Enables simple migration from crypto-maps to VTI
with other features (QoS, MPLS, GRE…)
• Remote-access, site-to-site VPN services • IKEv2 Site to site VPN & Windows client
GETVPN, DMVPN, Easy VPN w/ or w/o dVTI support
support for VPN mobility extension
• VASI Including Remote access VPN with Windows native
clients
Enables services such as FW/NAT to be applied to traffic
going across different VRFs
• IPV6 support: IPv6oIPv4/GRE with encryption,
v6 sVTI, VASI, NAT64, ACLs, USGv6
compliance (phase 1)

2 3 4
GigabitEthernet0/2/0 GigabitEthernet0/3/0
VRF Blue VRF Red

1
VasiLeft1 VasiRight1
VRF Blue VRF Red

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
I’m a contractor.
Aggregation or Data Center
My group is HR.
SXP (TCP) connection between ISR and ASR 1000
Finance (SGT=4)

WAN
HR (SGT=10)
ISR
802.1X/MAB/Web Auth. Contactor
ASR
& HR SGACL
SGT = 100

High Availability Scale How it works?


•Intra-Box support for SGT •RP1* – 100K SGT Bindings with • ASR1K will get the Secure
Bindings replication is available 1000 SXP Connections** Group Tag bindings from ISRs
in IOS XE 3.4S •RP2 – 200K Bindings with 2000 (Listen Mode)
•Inter-Box support for SGT SXP Connections • ASR1K will communicate the
Bindings replication (Roadmap) SGT Bindings to Nexus switch for
the Policy Enforcement

* RP1 with 4G Memory is the only supported configuration


** Each SXP Connection represents a Branch Router (i.e. ISR)

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Class-map match-all business-critical
• ASR 1000 Architecture ideally suited to match protocol citrix
perform deep-packet inspection match access-group 101
QFP has full visibility into each packet payload class-map match-any browsing
match protocol attribute category browsing
• DPI enabled via the Application
class-map match-any internal-browsing
Visibility and Control (AVC) match protocol http url “*myserver.com*”
infrastructure
NBAR2 + Reporting + FNF

• NBAR2 allows classification of over


900 applications
Integrated into MQC infrastructure
Allows QoS control at the application level

• Insight reporter offers


GUI for application reports (interface / system)
Top talkers
Top applications
Usage trends
On-line monitoring
Etc.
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
1. RPBase: RP OS
RP
Why?: Upgrading of the OS will require reload to CPU
Chassis Mgr.
the RP and expect minimal changes IOS 3 4
2 Forwarding Mgr.
SSL/SSH
2. RPIOS: IOS Interface Mgr.
Why?: Facilitates Software Redundancy feature 1
Kernel (incl. utilities)
3. RPAccess (K9 & non-K9): Software required for
Router access; 2 versions will be available. One Interconn.
that contains open SSH & SSL and one without
Why?: To facilitate software packaging for export-
restricted countries
FP FECP CPP Chassis Mgr.
4. RPControl : Control Plane processes that interface Client /
between IOS and the rest of the platform Driver Forwarding Mgr.
Why?: IOS XE Middleware Kernel (incl. utilities)
5. ESPBase: ESP OS + Control processes + QFP 5
client/driver/ucode: CPP subsys-tem
Interconn.
Why?: Any software upgrade of the ESP requires CPP
code
reload of the ESP Interconn.
Crypto assist
6. SIPBase: SIP OS + Control processes
Why?: OS upgrade requires reload of the SIP
7. SIPSPA: SPA drivers and FPD (SPA FPGA image) SIP
IOCP
Why?: Facilitates SPA driver upgrade of specific Interconn. SPA
Chassis Mgr.
SPA
SPA
SPA slots 7
driv
drivSPA
driv
erer driv Interface Mgr.
erer
SPA
6
Agg. Kernel (incl. utilities)

© 2011 Cisco and/or its affiliates. All rights reserved. SPA … SPA Cisco Confidential 32
Optional Features
Cisco ASR1000 Series
RP1 Advanced Enterprise
Cisco ASR 1000 Series Services
(SASR1R1-AESK9)
Feature Licenses Cisco ASR1000 Series
RP1 Advanced Enterprise
Services w/o Crypto •Legacy – IPX,
• SW Redundancy (SASR1R1-AES) Appletalk, DecNet, etc
• SBC
• IPSec •Legacy – IPX, • Broadband
Appletalk, DecNet, etc
• Firewall • L2 & L3 VPN
• Flexible Packet • Broadband • MPLS
Inspection • IPv6
• L2 & L3 VPN
• MPLS • ATOM, VPLS
Cisco ASR1000 • PfR
Series IP Base • IPv6
(SASR1R1-IPBK9) • ATOM, VPLS • Security, LI
Cisco ASR1000 Series
IP Base w/o Crypto • PfR • Multicast
(SASR1R1-IPB)
• Multicast • SBC
•SSL, SSH
• SBC •SSL, SSH
• BGP, EIGRP, ISIS, • BGP, EIGRP, ISIS,
OSPF, RIP OSPF, RIP • BGP, EIGRP, ISIS, • BGP, EIGRP, ISIS,
• ACL • ACL OSPF, RIP OSPF, RIP
• HSRP/VRRP • HSRP/VRRP • ACL • ACL
• HA: BFD, ISSU • HA: BFD, ISSU • HSRP/VRRP • HSRP/VRRP
• NAT • NAT • NAT • NAT
• Netflow • Netflow • HA: BFD, ISSU • HA: BFD, ISSU
• QoS, WCCPv2 • QoS, WCCPv2 • Netflow • Netflow
• IPv6 (rls5) • IPv6 (rls5) • QoS, WCCPv2 • QoS, WCCPv2

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Optional Features

Cisco ASR 1000 Series


Feature Licenses Cisco ASR1000 Series
RP1 Advanced IP
Services
• SW Redundancy (SASR1R1-AISK9)
Cisco ASR1000 Series
• SBC RP1 Advanced IP
• Flexible Packet Services w/o Crypto • Broadband
Inspection (SASR1R1-AIS) • L2 & L3 VPN
• BB subscribers • MPLS
• Broadband
• IPv6
• L2 & L3 VPN
• ATOM, VPLS
Cisco ASR1000 • MPLS
Series IP Base • PfR
• IPv6
(SASR1R1-IPBK9) • Security, LI
Cisco ASR1000 Series • ATOM, VPLS
IP Base w/o Crypto • Multicast
• PfR
(SASR1R1-IPB)
•SSL, SSH • SBC
• Multicast
• SBC •SSL, SSH
• BGP, EIGRP, ISIS, • BGP, EIGRP, ISIS,
OSPF, RIP OSPF, RIP
• BGP, EIGRP, ISIS, • BGP, EIGRP, ISIS,
• ACL • ACL OSPF, RIP OSPF, RIP
• HSRP/VRRP • HSRP/VRRP • ACL • ACL
• HA: BFD, ISSU • HA: BFD, ISSU • HSRP/VRRP • HSRP/VRRP
• NAT • NAT • HA: BFD, ISSU • HA: BFD, ISSU
• Netflow • Netflow • NAT • NAT
• QoS, WCCPv2 • QoS, WCCPv2 • Netflow • Netflow
• IPv6 (rls5) • IPv6 (rls5) • QoS, WCCPv2 • QoS, WCCPv2

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
For the equivalent feature set on ASR To order In Technology Package
1000 Series Universal Software Combination License Part Number
(Cisco ASR 1002-F, ASR1002, ASR1004, Image Part Number With
ASR1006, ASR1013)
IP Base without crypto (IPB) SASR1001U + SLASR1-IPB

IP Base (IPBK9) SASR1001NPEK9 SLASR1-IPB


+
Advanced IP Services without crypto SASR1001U SLASR1-AIS
(AIS) +
Advanced IP Services (AISK9) SASR1001UK9 SLASR1-AIS
+
Advanced Enterprise Services without SASR1001U SLASR1-AES
crypto (AES) +
Advanced Enterprise Services (AESK9) SASR1001UK9 SLASR1-AES
+

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Frequency of Extended release is still under
BU discussion:
Option a: every 3 releases (12/12/48)?
Option b: every 4 releases (12/12/12/48)?

Number of re-builds and frequency TBD

Frequency of Frequency Length of Standard Standard Length of Extended Extended


Extended of Releases Maintenance Branch maintenance Maintenance Branch Maintenance
Maintenance Branches rebuild Schedule Rebuild Schedule
Every 4 (16 months) 4 months 5 months (12 months) 2-3-7 24 months (48 months) 2-3-4-4-5-6-12

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
Legend
Initial CCO

S1 S2 S3 S4 S5 S6 S7 S8 S9 PSIRT Standard
throttle rebuild
15.2(4)S Extended
IOS XE 3.7S S1 S2 S3 PSIRT throttle rebuild

IOS 15.3(1)S Platform


Optional
IOS XE 3.8 S S1 S2 S3 PSIRT
PSIRT
IOS 15.3(2)S
IOS XE 3.9 S S1 S2 S3 PSIRT

IOS 15.3(3)S
IOS XE 3.10S
S1 S2 S3 S4 S5 S6 S7

IOS 15.3(4)S
IOS XE 3.11S S1 S2 S3 PSIRT

IOS 15.4(1)S
IOS XE 3.12S S1 S2 S3 PSIRT

IOS 15.4(2)S
IOS XE 3.13S S1 S2 S3 PSIRT

IOS 15.4(3)S
S1 S2 S3 S4
IOS XE 3.14S

IOS 15.4(4)S
IOS XE 3.15S
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
MCP_Dev
© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Cross Architecture
Support- Seamless Best in Class
Interconnect with Availability
Service Provider and
Services Resiliency
Support for Enterprise IOS
Service Provider Features with Modular
IP NGN OS and Software
Architecture and Redundancy or
Enterprise Hardware Redundancy
Borderless and ISSU
Network,
Collaboration and
Data Center Best in Class ASIC
Architectures Technology
Quantam Flow
Processor (QFP)

© 2011 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38