Download - Cisco Routing Portfolio Update
Speaker name
Speaker titleDate
Subtitle goes here
Presentation Title Goes Here
Cisco Tech Talks 2021
Cisco Routing Portfolio Update
Andrii Ovrashko
Systems Engineer
08 June 2021
WAN Challenges1
Agenda
Traditional WAN and SD-WAN2
WAN Upgrade Strategy3
Cisco SDWAN4
Cisco Catalyst 8000 series5
Headend. Branch. Cloud. Remote Worker.6
WAN Challenges1
Agenda
It’s a Multicloud World
WAN
Devices & Things
Campus & Branch UsersMobile Users
DC/Private Cloud
IaaSSaaS
Application Conversion (Container/Serverless apps)
Monolithic(3-Tier On-prem apps)
IaaS Migration(3-Tier Cloud apps)
Эволюция приложений
ServerlessOn Premise Data Center
PaaS
Новые подходы к дизайну приложений требуют пересмотра стратегии построения WAN сетей
Cloud
Native
Apps
Cloud
Optimized
Apps
Cloud
Ready
Apps
Existing
Apps and
Services
Traditional WAN to SD-WAN Shift
WAN Challenges
2
1
Agenda
Branch 1 Branch 2
Networking Needs to Evolve to Support Cloud Apps
Traditional Network Multi-Cloud Network
WAN
IPSec Tunnels
LB
Private DC
BGP +IPSEC Peering
SD-WAN Fabric Overlay
Branch 1 Branch 2
APP VPC 1
VGW
APP VNET 1
VGW
APP VPC 1
VGW
• Cloud Connectivity Automation
• M icro Segmentation
• Application Policies
• App Autoscaling
• VRF Routing
• Per VRF NAT
• IPsec/Firewall
• Lo ad Balancing
• N e tFlow
• Qo S
Cloud networking is different from traditional networking
Network as a Platform forReducing Cost and Complexity While Lowering Risk
Network
Transformation
for WAN
Uncompromised &
Secure Experience
Over Any
Connection
DNA
SD-WAN Market Growth
40.4% CAGR | $5.25B Market by 2023
95%
Of customers will deploy SD-WAN
within 2 years
Traditional WAN to SD-WAN Shift
WAN Challenges
2
1
Agenda
WAN Upgrade Strategy3
Уникальность предложения Cisco по обновлению аппаратной части WAN
• Cisco DMVPN (текущая сеть)
• Cisco SDWAN (перспективная)
• SDWAN-ready hardware
SDN технологии достигли зрелости
Совместимость с классическими подходами
Миграция
Стратегии обновления – ”SDN Ready”
End of PSIRT Support : Dec 2021
ISR G2 (2900/3900) Catalyst 8200/8300
SD-WAN | Voice Survivability | Interface Richness
Migration Path
End Of Support ISR G2
ISR 800 - Migration Path
New Platform with ✓ Higher Throughput✓ SD-WAN ✓ LTE Advanced✓ PoE Support✓ Security – UTD, Firewall,
Umbrella
New Platform with ✓ Increased Throughput✓ Consistent Packaging &
Feature support✓ No SD-WAN
ISR800
ISR1K
ISR900
Cisco 900 Series Integrated Services RoutersEnterprise-class connectivity and security for SMB’s
Advanced Connectivity
Ethernet ADSL and VDSLCAT4 LTE
Ease to Deploy and Manage
Application visibility & controlCisco DNA Center, CCP ExpressFixed, fanless, compact designCisco IOS
High Performance
WAN-WAN and LAN-WANUp to 250 Mbps VPN throughput
Integrated Security
High performance VPNFirewall
Dynamic load balancingTrustworthy Systems
ISR 921 ISR 931 ISR 926 ISR 927
WAN Ethernet 2 GE 2 GE 1 GE 1 GE
CAT 4 LTE Yes Yes Yes Yes
SFP No No No No
VDSL2/ADSL2/2+ No No Yes Yes
802.11ac Wave 2 Dual
RadioNo No No No
Managed Switch
Ports4 GE 4 GE 4 GE 4 GE
Voice No No No No
VLANs 50 50 50 50
Switching Capacity Line-rate Line-rate Line-rate Line-rate
Internal PoE Option No No No No
Cisco ISR 900 Series Overview
Feature ISR 1000 ISR 900
Software OS IOS XE Cisco IOS
SD-WAN support Yes No
Centralized management
vManageCisco DNA Center
Cisco DNA Center
Security stack SD-WAN Security Firewall, VPN
Cisco Umbrella Yes No
VPN throughput Up to 350 Mbps Up to 250 Mbps
DSL G.FAST, 35b, VADSL, G.SHDSL VADSL
LTE CAT6, CAT4 CAT4 (Single SIM)
Wifi 802.11AC Wave 2, Mobility Express No
Switch ports Up to 8 4
PoE/PoE+ Up to 4 POE or 2 POE+ No
ISR 900 vs ISR 1000
Branch Needs Benefits ISR 800 ISR 1000 Features
Cisco SD-WANBetter user experience, greater agility, advanced
threat protectionNo Yes
Transport independence, App
QoE, cloud management
Security Right security, right place. Simplified. No YesApplication Firewall, IPS, URL-
filtering and Cisco Umbrella
Connectivity & Scale w/HighPerformance
Up to 10 times performance increaseUp to 100
Mbps
Up to 480
MbpsThroughput
Minimal performance impact as network services are
added and throughput increasesNo Yes
Separate data and control
planes
Faster connectivity with LTE Advanced No Yes Next-gen WAN
Programmable operating system No Yes Cisco IOS® XE
Faster wireless access with 802.11acWave 2 No Yes Wireless
Costs & Business Agility
Ability to buy what you need today and upgrade
anytime with no equipment upgradesNo Yes Pay-as-you-grow
Trustworthy Solutions
Assurance and peace of mind with hardware and
operating system integrityNo Yes
• Secure Boot
• Runtime Defenses• Trust Anchor Module
ISR 1000 vs ISR 800Upgrade from ISR 800 to ISR 1000
Trustworthy Systems
Boot integrity visibilityAttacker compromises the very code that is supposed to protect against compromised code
Secure storageAttacker steals device - uses forensic techniques to read secrets & credentials from non-volatile RAM
Simplified factory resetResets all writable file systems, licenses, ROMMON variables, User credentials etc.
Secure guest shellPrevents Open Container hosted applications and their users from manipulating underlying Linux system on ISR 1000
Trustworthy Systems
Trustworthy Systems
Management Plane Protections
Recovery Mechanisms
Secure Storage
Secure Boot
Run Time Defenses
Integrity Verification
Attack Surface Reduction
Authentication
Strong Crypto
Audits & Logging
Signed Images
Modified OS Binaries
In-Memory Modifications
ROMMON changes
Infection Method
Trustworthy Systems
ISR 1000 Portfolio
C1161X-8P * C112xX-8P * C1111X-8P * C111x-8P C1101-4P C1109-4P C1109-2P
Crypto 480 Mbps 350 Mbps 250 Mbps 200 Mbps
Cisco
SD-WAN Yes
SD-WAN
SecurityYes* No
LTECAT18/CAT6/C
AT4
CAT18/CAT6/C
AT4No CAT6
CAT18/CAT6/C
AT4
CAT18/CAT6/C
AT4CAT4
WifiNo Yes No Yes No
DSL No Yes No Yes No
PoE Yes No
* 4GB DRAM/FLASH variants available – Supports only Ent. FW App aware, DNS/web-layer security on SD-WAN
Status and physical security• Status LED• Power button• Reset button• Power connector
DRAM/FLASH **8GB/8GB
External PSU
SD-WAN Ready
* 4 Port (2 PoE or 1 PoE+) variants available** 4GB versions available in C1161 models
C1161X-8PLTEP
LTE Technology • CAT 4/6/18 Pluggable
Management Interface• USB 3.0, Type A• Micro-USB• LTE Debug Port, Micro-USB
Data Interfaces• 4 PoE or 2 PoE+ Capable*
Ethernet LAN• RJ45/SFP GE WAN
Status and physical security• Status LED• Power button• Reset button• Power connector
DRAM/FLASH **8GB/8GB
External PSU
SD-WAN Ready
* 4 Port (2 PoE or 1 PoE+) variants available ** 4GB versions available in C1121 models
C1121X-8PLTEPWx
• CAT 4/6/18 Pluggable LTE Technology
Management Interface• USB 3.0, Type A• Micro-USB• LTE Debug Port, Micro-USB
Data Interfaces• 4 PoE or 2 PoE+ Capable*
Ethernet LAN• RJ45/SFP GE WAN
802.11ac Wave2
WAN Challenges1
Agenda
Traditional WAN and SD-WAN2
WAN Upgrade Strategy3
Cisco SDWAN4
Cisco Software Defined WAN Architecture
APIs
Внешняя интеграция
vManage
4GMPLS
INET
ЦОД CoLo Кампус ФилиалОблако
WAN Edge
• Программируемость
• Распространение политик
• Простота и высокая масштабируемость
Управление
Передача данных
• Аппаратные или виртуализированные
• Zero Touch Provisioning
• Частное или публичное облако
vAnalytics• Единый интерфейс
• Мониторинг и поиск неисправностей
• RBAC и API
Оркестрация и настройка Аналитика
• Машинное обучение
• Производительность
• Прогнозирование
vSmart
MultiCloudOnRamp
ApplicationQoE
Security(+Cloud)
Представляем Cloud-Scale SD-WANУникальные инновации
Circuit Load Balancing
Direct Internet Access
Centralized Management & Orchestration
Circuit Cost Savings
Basic SD-WAN*
Cisco SD-WAN Extended Capabilities
Multi-Domain
Circuit Load Balancing
Direct Internet Access
Centralized Management & Orchestration
Circuit Cost Savings
Summary of Basic SD-WAN
Capabilities*
Multi-Cloud Optimization
Multi-Domain IBN Network
*Gartner Critical Capabilities for WAN Edge Infrastructure, December 2019
SaaSOptimizatio
n
IaaSOnboardin
g
SD-WAN Fabric
App Aware Dynamic Routing
VoicevAnalytics
Cloud / OnPrem Security
Multi-layered Security
Secure Segmentation
Any Transport
Any Service
Any Deployment
Any Location
Multi-Layer
Security
Branch Colocation Cloud
On-premise | Cloud | Multi-tenant
Automation | Network Insights | Machine Learning | AI
Open | Programmable | Scalable
Powered by secure cloud scale SD-WANCisco’s flexible architecture for Intent-based Networking
Management
& Analytics
Multi-Domain
IBN Policy Analytics
Multicloud
Optimization Voice
Internet 5G/LTEMPLSSatellite
Remote Work
SDCI*
* Software Defined Cloud Interconnect
Multicloud Partners: SD-WAN Beyond the Branch
Easy network extension to Amazon AWS using virtual
instances of on-prem devices
Native integration of SD-WAN end points into AWS Transit
Gateway (TGW) Network
Equinix
Office 365 path selection and optimization improves the end
user experience
Centralized management, automated configuration and policy changes with Azure
Microsoft
Ease of management with the ability to extend Cisco SD-WAN fabric into colocation
Establish direct and secure, private interconnection
between branch and public clouds
Amazon
These Partnerships Will Help Accelerate Enterprise Cloud Strategy
Industry’s first application-centric multicloud networking
fabric
Exchange service-level agreement settings, security policy, and compliance data, between SD-WAN and GCP
Cisco SD-WANSecurity
Enterprise FirewallLayer 3 to 7 apps classified
Intrusion Protection SystemMost widely deployed IPS engine in the world
URL-FilteringWeb reputation score using 82+ web categories
Secure Internet GatewayDNS Security/Cloud FW with Cisco Umbrella
Cisco SD-WAN SecurityConsistent across on-prem and cloud
Adv. Malware ProtectionWith File Reputation and Sandboxing (TG)
SSL ProxyDetect Threats in Encrypted Traffic
Портфолио SDWAN-ready маршрутизаторовCisco
Офис Агрегация
ASR 1000
CSR 1000VISR 4000ISR 1000
CSP 5000ENCS 5400
Виртуализация
Облако
vEdge 2000 vEdge 2000vEdge 5000ISR 1100-4G/6G/LTE
SD-WAN(Viptela OS)
vEdge Cloud
SD-WAN +
Services(IOS XE)
Catalyst 8200 Catalyst 8500 Catalyst 8000V
Cloud EdgeSRIOV
Hypervisor/Cloud
Catalyst 8000V
Catalyst 8300
WAN Challenges1
Agenda
Traditional WAN and SD-WAN2
WAN Upgrade Strategy3
Cisco SDWAN4
Cisco Catalyst 8000 series5
Introducing
Catalyst 8000 Edge Platforms Family
Cisco Catalyst 8000 Edge Platforms Family
Built on Cisco’s Innovative Hardware & Open IOS-XE
Catalyst 8500
Catalyst 8300
User Centric Design
Headend QFP
Bra
nch
x86
Clo
ud
VNFCatalyst 8000V
SRIOVHypervisor/Cloud
x86
Catalyst 8200
ISR4k
ASR1k
CSR1kv
Catalyst 8000Human centric design powered by machine centric intelligence
Open andExtensible Cisco IOS XE
Model-driven APIsStreaming telemetry
Scalable on-chip services at Aggregation
Custom ASIC enabled Scale
x86 multicore CPU
Secure containersApplication hosting
x86
IOS XE ‘Autonomous’
mode
Easy operations with single Image & simplifiedlLicensing
IOS XE SD-WAN
‘Controller’mode
Perpetual
Network Stack
Term based
DNA Stack
IOS XE
IMAGE
IOS XE
SD-WAN
IMAGE
Single Image
Cisco DNA Premier
Cisco DNA Advantage
Cisco DNA Essentials
Network AdvantageNetwork EssentialsCatalyst 8300 only
Network Essentials Perpetual
Network Advantage (Inclusive of Essentials)
Perpetual
Routing Essentials: Routing Protocols, Vrf-lite, Multicast, NAT
Security: MACSEC-128, VPNs, ZBFW, PKI, ACLs, Umbrella Connector, Snort IPS
Application Experience: HQOS, PfR, PBR, AVC, NBAR, IPSLA, FnF
Unified Communication: Cube Connector
Router Management: TACACS+, NETCONF, AAA, DNS, DHCP
Overlay Technologies: MPLS, VPLS, LISP, VXLAN, OTV, EVC, OAM
Security: MACSEC-256, ALG for ZBFW, VASI
Cisco Innovation: SMU Patching, SGTs, ETA, ISSU, mDNS Bonjour, EPC
Unified Communication: SRST, Support for Voice Modules
WAN Optimization: Cisco WAAS RTU*
With DNA Essentials With DNA Advantage and DNA Premier
IOS
XE
*Available on UCS-E on C8300
Cisco Catalyst 8000 Edge Platforms LicensingNetwork Stack Capabilities
SD-WAN
SD-WAN Hub, Branch and Cloud
100G, 40G, 10G Connectivity
High SD-WAN Performance
High SD-WAN Scale
1RU form factor
10G WAN, LTE/5G, DSL, PoE
SASE, Cloud on-ramp
On-prem security stack
UC/Voice Integration
Up to 30 Gbps SD-WAN AggregationUp to 5 Gbps SD-WAN Branch
Hypervisor / Cloud
Vi rtual Switch / SRIOV
C 8Kv
Catalyst 8300/8200/C8200L Catalyst 8500/8500L
Catalyst 8000V
Cisco Catalyst 8000 Edge Platforms FamilyThe Leading SD-WAN Edge Platforms with Rich Services
C8300-1N1S-6T (2Gbps)
C8300-2N2S-6T (2Gbps)
C8300-1N1S-4T2X (4Gbps)
C8300-2N2S-4T2X (6Gbps)
C8500-12X (22Gbps)
C8500-12XQC (30Gbps)
Scalable Architecture with x86 and QFP
Pe
rfo
rmance
and
Ric
h S
erv
ice
s
C8500L-8S4X (8Gbp)
C8200-1N1S-4T (1Gbps)
C8200-uCPE-1N8 (500Mbps)
Number in () is SD-WAN IPsec throughput with IMIX
100+Mbps
1+ Gbps
10+ Gbps
Там ничего нет☺
Там ISR1k
Там модульные
ASR1k
Cisco Catalyst 8000 Edge Platforms DNA LicensingDetail
Cisco DNA Essentials
Cisco DNA Advantage
Cisco DNA Premier
Connectivity/Mgmt
• Cloud or On-Prem Management
• Flexible Topology
• Hub and Spoke
• Full Mesh/Partial Mesh
• App and SLA based policy
• Dynamic Routing (BGP, OSPF)
• VNF Lifecycle Management
Security
• Enterprise Firewall with Talos-powered IPS and application controls
• Cisco Umbrella DNS Monitoring (visibility only)
SD-WAN Services
• Basic Path optimization withFEC and Packet Duplication
• TCP Optimization
Cloud/Analytics
• Cloud OnRamp for IaaS and SaaS
• Automated Service Stitching
• Encrypted Traffic Analytics
• vAnalytics
Security
• Segmentation (Unlimited VPNs)
• Cisco AMP and SSL proxy
• URL filtering
• Cisco Umbrella app discovery
X-domain Innovations
• Integrated Border for Campus (SD-Access)
• Integration with ACI for Application SLA
Services
• Web Caching, DRE (incl. SSL proxy)
• Voice Module and SRST Integration
• Multicast
Security
Cisco Umbrella SIG Essentials
Transactional
• Tier 0: 25 Licenses
• Tier 1: 40 Licenses
• Tier 2: 100 Licenses
• Tier 3: 285 Licenses
Enterprise Agreement
• Tier 0: Not Available in Premier
• Tier 1: 45 Licenses
• Tier 2: 110 Licenses
• Tier 3: 325 Licenses
• Additional Cisco Umbrella SIG Essentials licenses can be purchased separately.
Cisco Threat Grid
• Provides entitlement for 200 files per day per customer account
• Files sent to Threat Grid cloud for sandboxing. On-premises Threat Grid not available in Premier
• Global entitlement across all customer sites
• Additional Cisco Threat Grid licenses can be purchased separately.
Cisco DNA Essentials Cisco DNA Essentials
Cisco DNA Advantage
WAN Challenges1
Agenda
Traditional WAN and SD-WAN2
WAN Upgrade Strategy3
Cisco SDWAN4
Cisco Catalyst 8000 series5
Headend. Branch. Cloud. Remote Worker.6
Headend
SD-WAN Headend PlatformsHighly Capable WAN Aggregation
C8500L-8S4X
SD-WAN IPsec: up to 6.6 GbpsMax. 4x 10GE / 12x 1GE
C8500-12X4QC
SD-WAN IPsec: up to 33 GbpsMax. 2x 100GE / 4x 40GE /12x 10GE
C8500-12X
SD-WAN IPsec: up to 22 GbpsMax. 12x 10GE
All Throughput numbers are Aggregate IMIX (352B average) values
ASR1006-X
SD-WAN IPsec: up to 50 GbpsMax. 4x 100GE / 8x 40GE / 40x 10GE
Pe
rfo
rmance
FIXED MODULAR
Third Generation QFP ASIC Innovation
Scalable & Programmable ASIC – Adapts to the New Technologies
2x queues256k
Up to 3x CEFUp to 200Gbps
Inline CryptoUp to 137Gbps
Up to 2x NBARUp to 80Gbps
8x DRAM32M CGN | 6M FW Sessions
Integrated L2 MAC
Compact, Powerful100/40/10/1 GE
Enhanced QoS/BufferingIngress classification, oversubscription
SecurityWAN MACsec
QFP
Catalyst 8500 Series Edge Platforms
12 SFP+10G, 1G‘X’
Up to 200 Gbps CEF, High Performance IPsec
3rd Generation QFP, Hardware Accelerated Services
User Centric Design, RFID, Label Tray, FRUs
2 QSFP28, 2 QSFP12 SFP+
100G, 40G‘C’ ‘Q’
C8500-12X
C8500-12X4QC
ASR1002-HX vs C8500-12X4QC Product Comparison
QFP 3.0, 224 Cores, Inbuilt Crypto & L2
16GB to 64GB upgradable DRAM
32GB DP Memory, 256K Queues
16M NAT/PAT, 32M CGN Sessions
QFP 2.0, 124 Cores, extra Crypto HW
Ports: 8x 1G, 8x 10G, One EPA Slot
4GB DP Memory, 232K Queues
8M NAT/PAT, 12M CGN Sessions
Up to 100Gbps CEF, 25Gbps Crypto
Up to 18Gbps SD-WAN, 6000 tunnels
Up to 200Gbps CEF, 46Gbps Crypto
Up to 33Gbps SD-WAN, 8000 tunnels
Ports: 12x 1/10G, 2x 40/100G, 2x 40G
16GB to 32GB upgradable DRAM
All perf numbers are aggregate IMIX throughput
ASR1001-HX vs C8500-12XProduct Comparison
QFP 3.0, 224 Cores, Inbuilt Crypto & L2
16GB to 64GB upgradable DRAM
32GB DP Memory, 256K Queues
12M NAT/PAT, 24M CGN Sessions
QFP 2.0, 124 Cores, extra. Crypto HW
Ports: 8x 1G, 4x 10G, 4x 1/10G
1GB DP Memory, 116K Queues
2M NAT/PAT, 4M CGN Sessions
Up to 60Gbps CEF, 16Gbps Crypto
Up to 11.5Gbps SD-WAN, 6000 tunnels
Up to 120Gbps CEF, 30Gbps Crypto
Up to 23Gbps SD-WAN, 8000 tunnels
Ports: 12x 1/10G
16GB to 32GB upgradable DRAM
All perf numbers are aggregate IMIX throughput
Catalyst 8500L Series Edge Platforms
Up to 20 Gbps CEF, High Performance IPSec
Advanced Flow BasedForwarding Algorithms
User Centric Design, RFID, Label Tray, FRUs
8 SFP, 4 SFP+1G, 10G‘S’ ‘X’
C8500L-8S4X
ASR1001-X vs C8500L-8S4XProduct Comparison
x86, 12 Cores, Flow Based Architecture
16GB to 64GB upgradable DRAM
Max 4GB DP Memory, 16K Queues
2M NAT/PAT, 17 Gbps NAT perf
QFP 2.0, 31 Cores
Ports: 6x 1G, 2x 10G
4GB DP Memory, 16K Queues
2M NAT/PAT, 15 Gbps NAT perf
Up to 20Gbps CEF, 5.5Gbps Crypto
Up to 4.5 Gbps SD-WAN, 6000 tunnels
Up to 20Gbps CEF, 13Gbps Crypto
Up to 8.5Gbps SD-WAN, 8000 tunnels
Ports: 8x 1G, 4x 1/10G
8GB to 32GB upgradable DRAM
All perf numbers are aggregate IMIX throughput
Branch
Cisco Branch Routing Portfolio
• Up to 250 Mbps
• Fixed and fanless
• Cisco IOS based
• High performance VPN
ISR 900
ISR 1000
• Up to 350 Mbps
• Cisco SD-WAN
• Integrated wired and wireless access
• Cisco SD-WAN Security
• 802.11AC WiFi
ISR 4000
• Up to 3 Gbps
• WAN and voice module flexibility
• Cisco SD-WAN
• Compute with UCS E-Series
• Cisco SD-WAN Security
Catalyst 8300
• Up to 10 Gbps
• DNA Only
• WAN and voice module flexibility
• Cisco SD-WAN
• Compute with UCS E-Series
• Cisco SD-WAN Security
FIXED
SDWAN ready
MODULAR
Non-SDWAN
Catalyst 8200
Cisco Catalyst 8300/8200 Series Edge Platforms Multi Gig SD-WAN branch with Accelerated Services – All in One!
5x Data plane Performance
4x Services Performance
Gigabit+ Cellular, 5G Ready
SD-WANVoice Integration
High Speed Cloud Access With 10/1G Ports
Hardware Accelerated Services
SoC Architecture forDynamic Core allocations
x86
Up to 6000 SD-WAN IPsec Tunnels
User Centric Design (RFID, QR label, FRUs)
M.2 USB/ NVMe Storage
UADP-based switch modules/10G WAN module
4 RJ452 SFP+
4 RJ452 SFP
C8300-2N2S-4T2X (12C)
C8300-2N2S-6T (8C)
C8300-1N1S-4T2X (8C)
C8300-1N1S-6T (8C)
Cisco Catalyst 8300 Series Edge PlatformsIntroducing 10G in Access with higher port density
10G WAN Ports ‘X’& 5G IPsec
1G WAN Ports ‘T’& 2G IPsec
Higher-efficiency AC and DC power supplies
ISR 4451 vs C8300-2N2SProduct Comparison
X86 SoC, 12C/8C Cores, HW Crypto
Ports/Slots:4P+2xGE/TE, 2NIM/2SM/1PIM
900Mbps IPS/IDS + URL-Filtering
Up to 12Gbps CEF, 5Gbps Crypto
Split CP/DP, 4C+6C
4GB to 16GB upgradable DRAM
240Mbps IPS/IDS + URL-Filtering
Up to 3.8Gbps CEF, 2Gbps Crypto
Up to 1.4Gbps SD-WAN IPsec
Up to 4000 IPsec Tunnels
Up to 5Gbps SD-WAN IPsec
Up to 6000 IPsec Tunnels
8GB to 32GB upgradable DRAM
Ports/Slots: 4P , 2NIM/2SM
All perf numbers are aggregate throughput
ISR 4431 vs C8300-1N1SProduct Comparison
All perf numbers are aggregate throughput
X86 SoC, 8C Cores, HW Crypto
Ports/Slots:4P+2xGE/TE, 1NIM/1SM/1PIM
600Mbps IPS/IDS + URL-Filtering
Up to 12Gbps CEF, 5 Gbps Crypto
Split CP/DP, 4C+6C
4GB to 16GB upgradable DRAM
150Mbps IPS/IDS + URL-Filtering
Up to 3.8Gbps CEF, 1Gbps Crypto
Up to 750Mbps SD-WAN IPsec
Up to 3500 IPsec Tunnels
Up to 4.7Gbps SD-WAN IPsec
Up to 6000 IPsec Tunnels
8GB to 32GB upgradable DRAM
Ports/Slots: 4P , 1NIM/1SM
ISR 4321 vs C8200L-1N-4TProduct Comparison
X86 SoC, 4 Cores, Intel QAT Crypto
Ports/Slots: 4P, 1NIM/1PIM
Up to 3 Gbps CEF, 500 Mbps Crypto
X86 SoC, 4 Cores
4GB to 8GB upgradable DRAM
Up to 1.8 Gbps CEF, 300 Mbps Crypto
Up to 240 Mbps SD-WAN IPsec
Up to 250 SD-WAN Tunnels
Up to 500 Mbps SD-WAN IPsec
Up to 1500 SD-WAN Tunnels
4GB to 32GB upgradable DRAM
Ports/Slots: 2P, 2NIM
All perf numbers are aggregate throughput
Cisco Catalyst 8200 Series Edge PlatformsOptimized for Multicloud SD-WAN branch
5G Ready
5G Integrated Module5G External Gateway
Integrated Rich Services
Voice Survivability, Forward Error Correction& Packet Duplication, TCP Optimization
Scale
Up to 2x IPsec and IP CEF PerformanceCore Availability for 2x Services Performance
Multi-layer Security
SSL AccelerationApplication Firewall
IPS/IDS, URL FilteringAMP, Threat Grid
Umbrella SIG
2 RJ452 SFP
C8200-1N-4T1G WAN Ports ‘T’
& 1G IPsec
Manageability
vManage DNA Center
Open APIs Analytics
ISR 4331 vs C8200-1N-4TProduct Comparison
All perf numbers are aggregate throughput
X86 SoC, 8C Cores, HW Crypto
Ports/Slots:4P , 1NIM/1PIM
Up to 3.8 Gbps CEF, 1 Gbps Crypto
X86 SoC, 8 Cores
4GB to 16GB upgradable DRAM
Up to 1.8 Gbps CEF, 0.57 Gbps Crypto
Up to 500 Mbps SD-WAN IPsec
1500 Up to IPsec Tunnels
Up to 1 Gbps SD-WAN IPsec
Up to 2500 IPsec Tunnels
8GB to 32GB upgradable DRAM
Ports/Slots: 4P , 1NIM/1SM
Cisco Catalyst 8200L-1N-4THigh Throughput SASE Compliant Secure Cloud
Connectivity Manageability
vManage DNA Center
Open APIs Analytics
Higher WAN Port
density
Default 4G DRAM
PIMSupport
Less than 12” depth
5G ReadyYES
Modularity
SASE Compliance
Cloud based Security for the small branch
Integrated Rich Services
Voice Survivability, Forward Error Correction& Packet Duplication, TCP Optimization
Scale
Up to 2x IPSec and CEF Performance*Up to 1500 SDWAN tunnels
SASE Compliant Security
High Throughput IPsecTrustworthy Solutions
Umbrella SIG
* Compared to ISR4321/Boost license
Unified Communication OfferingsVoice Routers Network Modules
Analog Voice Gateways UC Software and Call Control
CUBE
• Catalyst 8300, 8200 & ISR 4000 UC router for TDM and IP Voice support• ASR 1000, ISR 1000 support UC IP services.• CSR1000v/CSR 8000v for virtual UC IP services
• NIM modules for Digital and Analog connections• SM modules for high density PVDM, FXS ports, NIM
adaptors• 4 th Gen Packet Voice DSP card (PVDM4) & NIM-
DSP for IP and TDM services
• Communications Manager Express (CME) for Call control• Unified messaging with Cisco Unity Express(CUE)• Cisco Unified Border Element (CUBE) SBC for SIP calls• Survivable Remote Site Telephony (SRST) for backup• Secure voice Calling
PVDM4
CME/SRST CUBE
ISR 4000
ASR 1000
ISR 1000
SM/NIM
VG Series
• Supports traditional devices (analog phones, fax machines, paging solution)• Fixed port analog voice gateway (VG202XM, VG204XM, VG400)• Low to ultra high-density gateways (VG310,VG320,VG450)
Catalyst 8300
NIM-PVDM
Catalyst 8200
Modular Branch UC Design Catalyst 8300/8200 & ISR 4000
VVVV
FX
S N
IM
FXO NIM
T1/E1 NIM
PSTN
ITSP
Gig
TDM circuit
FXO Line
Analog Phone
CUCM
IP Phone
BR
I NIM
PBX
E&M NIM
Firewall
SIP/MGCP/SCCP
Analog Fax
IP Phone
Call Control: CME /CUCM/SRST
Analog connection: FXS/FXO/E&M/BRI
TDM Connection:T1/E1 PRI
IP-IP Connection:CUBE (SIP)
BRI
O
O DSP On-board
DSP Module
P V DM4
P V DM4
P V DM4
O O
O
Gig Interface
17.2.1 Single Image & Voice
Firewall
CUBE
CUBE
Gig
Cisco Webex Calling
Webex C
alling LG
W
CUBE
Gig Webex E
dge A
udio
CME not supported on Catalyst 8300/8200
SD-WAN Voice
Analog Voice
DSP Modules
T1/E1 Voice Modules Analog Voice Modules
SRST
4 RJ45 & 2 SFP
Digital Voice
CUBE SBC
C-SM-NIM-ADPT
4 RJ45 & 2 SFP
4 RJ45 (1G) & 2 SFP+ 4 RJ45 (1G) & 2 SFP+
C8300-2N2S-6T C8300-1N1S-6T
C8300-2N2S-4T2X C8300-1N1S-4T2X
1G
10G
Unified Communication on Cisco Catalyst 8300
NIM-PVDM
New Modules
UC Coverage
CME ( Roadmap)
SD-WAN Voice
Analog Voice
DSP Modules
T1/E1 Voice Modules Analog Voice Modules
SRST
Digital Voice
CUBE SBC
Unified Communication on Cisco Catalyst 8200
NIM-PVDM
New Modules
UC Coverage
CME ( Roadmap)
2 RJ45 & 2 SFP
C8200-1N-4T
1G
No SM-X Slot
T1/E1 Port Density
T1/E1 Feature
Catalyst 8300/820
0ISR4000 VG450**
Port Density
1-48 1-48 1-24
Note:
Each T1/E1 NIM module has its own clock synch circuitry allowing source clocking from incoming T1/E1 signal
8
24 24
40*
10
40
20
30
40*
48*
*With SM to NIM adapter card
VG
45
0
44
61
44
51
44
31
43
51
43
31
43
21
**With C-SM-NIM-ADPT carrier card
No SM-X-NIM-ADPTR support
24
C8
30
0-1
N1S
-4T2
X
C8300
-1N
1S
-6
T
C8
30
0-2
N2
S-4
T2
X
C8
30
0-2
N2
S-6
T
48** 48**
24** 24**
C8200
-1N
-4T
8
ISR
110
0 ISR
43
51
ISR
44
31
ISR
44
51
CS
R 1
00
0v
AS
R 1
00
1-X
AS
R 1
00
2-X
AS
R 1
00
4
AS
R 1
00
6
500
2000
3000
6000 6000
12000
14000
16000 16000
50
500
3000
6000
12000
14000
16000
7070
55
50
3040
15
13
5
CPS
Requires DRAM upgrade for max sessions
Maximum sustainable calls per second
CUBE Session Capacity By Platform
ISR
44
61
10000
55
10000
10000
55
C8
30
0-2
N2
S-4
T2
X
Based on unencrypted RTP(G711)-RTP(G711) calls
45
C8
30
0-1
N1
S-4
T2
X
8000
C8
30
0-2
N2
S-6
T
7500
42
C8
30
0-1
N1
S-6
T
7000
40
ISR
80
0
2
50
ISR
432
1
500
4
ISR
43
31
10
10001000
2000C
82
00
-1N
-4
T
2500
14
ISR
88
0
ISR
432
1
ISR
43
31
ISR
43
51
ISR
44
31
ISR
44
51
ISR
44
61
5
50
100
700
1200
2000 2000
50
100
700
1200
2000
Requires DRAM upgrade for max sessions
SRST IP Phone Capacity By Platform
Max number of SCCP or SIP phones is same
5
2500 2500 2500 2500
C8
30
0-1
N1
S-4
T2
X
C8
30
0-1
N1
S-6T
C8
30
0-2
N2
S-4
T2
X
C8
30
0-2
N2
S-6
T
2500
C8
20
0-1
N-4T
• Mandatory DNA Subscription based Licenses.
• DNA Essentials enables CUBE support as add-on license.
• DNA Advantage for advanced UC support:
• Voice Modules
• SRST (add-on)
Licensing Model – Catalyst 8300 / 8200
Catalyst 8300/8200 Series Edge Platforms Ordering Guide
Enterprise Routing UC Key Benefits
PSTN & PBX Termination
FXO,BRI, T1/E1 & SIP based PSTN connection
SIP Trunk to IP PBX such as CUCM (as CUBE)
Call Control
Distributed call control & processing
Unified Messaging(CUE, Unity Connection)
Easy Maintenance and Troubleshooting
Legacy Solution Support
Plain old telephony support covering FXS/FXO/E&M
connections
Interoperability with legacy PBX, Fax and paging
solution
Supplementary services
Enterprise Features
Survivable Remote Site Telephony, IOS based conferencing ,media
termination, audio recording
Bandwidth saving via IOS transcoding
911 Emergency Calling
Cloud
Cisco Catalyst 8000V Edge SoftwareEnterprise-class Networking and Security with Flexibility of a x86 Based VNF
Highlights Manageability
17.4.1
SRIOVHypervisor/Cloud
Catalyst 8000V
Up to 10 Gbps IPsec
in cloud
ENCS NIM support
TGW and vWAN
integrationDPDK IO
SD-WAN in AWS, Azure,
and GCP
vManage DNA Center*
Open APIs Analytics
Cloud Integration
Extends connectivity, visibility, security into public and private cloudsAuto-scaling capabilityIntegration with Azure vWAN and AWS TGWSupports wide variety of cloud instances
Multiservices Support
Feature-rich IOS XE and XE SD-WAN software Supported features such as NAT, Firewall, NBAR QoS, etc.Runs on any x86 VM platform
Performance Elasticity
CPU Hypervisors: 1 – 8 vCPUCloud Providers: 1- 16 vCPUs
Memory Scale: 4 – 16Gb
Multi-layer Security
Secure object storageHigh Throughput IPsec
IPS/IDS, URL Filtering, AMP/TG
SRIOVHypervisor/Cloud
Catalyst 8000V
*Roadmap
Virtual Router Convergence
Virtual Router Unified
IOS-XE
‘Autonomous’
Mode
IOS-XE SD-WAN
‘Controller’mode
// 3rd
Party
Network Consistency
ISRvIOS XE
CSR 1000VIOS XE
ISRvXE SD-WAN
CSR 1000VXE SD-WAN
vEdgeCloudViptela OS
17.1.x and earlier 17.4.117.2/17.3
vEdgeCloudViptela OS
ISRv on ENCSUnified
CSR 1000VUnified
vEdgeCloudViptela OS
VNF Convergence Approach
Catalyst 8000VUnified
Catalyst 8000V continues to build on CSR 1000V
SRIOVHypervisor/Cloud
Catalyst 8000V
Catalyst 8000V
Secure Object Store
ENCS NIM Support
SD-WAN on Google Cloud
Azure Virtual WAN Integration
Licensing
CSR 1000V
DNA Licensing Classic + DNA licensing
up to25G**Expected throughput, actual performance number is subject to change, will be published at FCS
SD-WAN vHub
up to10G*
Public Cloud ApplicationsAWS Transit VPC, Azure Transit VNET
Active Tunnel
Standby Tunnel
Transit VPC
Spoke VPC
C8Kv1 C8Kv2
Amazon DXOR Internet
Private DC Spoke
VPCA B
VPC VPCC
VPC
Transit HUB VNET
Spoke VNET
C8Kv1 C8Kv2
Express RouteOR Internet
Private DC Spoke
VNETA B C
VNET
VNET VNET
V M V M V M
Dynamic VPN Overlay
AZ1 AZ2
Cisco Catalyst 8000 Edge Platforms FamilyHigh Performance SD-WAN Headend, Intelligent Branch and Agile Cloud Edge
1st 100/40GE Port 1RU SD-WAN
Platform
3rd Gen QFP, HW Accelerated
ServicesHigh Performance
Automation & Telemetry
Cloud Security and on-prem Security
10GE WAN, Rich connectivity
Ready for the Agile Cloud Journey• High Speed Cloud Access
• Multi-Cloud Application Optimization
• Compact, Powerful 1RU/2RU
Ready for 5G, Edge Compute• QFP and x86 higher performance
• SASE driven Feature Innovations• Full-stack on-premise security
Ready for Edge Intelligence• Headend 100/40/10/1GE Port
flexibility• Branch for 10/1G WAN, LTE, DSL,
PoE+
Equipped with User Centric Design• Operational Ease for better Tracing
• Passive Radio Frequency ID• Easy Access Label Tray
• Field Upgradable Options
Q FP
H ypervisor / C loud
Virtual Switch / SRIOV
C8Kv
Remote Worker
Remote Worker
Cisco 1101 Integrated Service Router
Cisco 1121X Integrated Service Router
Licensing
Lan ports 4 8
Remote workersupport for L2/3 routing
(incl IPv6), essential security, basic S-DWAN
& AppQoE
Wan ports x1 X2 (1GE/SFP)
LTE support Pluggable Cat 6 Pluggable Cat 6 & Cat 18
Wi-Fi support 802.11ac Wave 2
PoE (PoE+) ports 0 4 (2)
IPSec performance
300Mbps 400Mbps
Essential security Application aware firewall
Advanced security
No ISSL Proxy, URL-filtering, AMPRemote worker
advanced support for COR,
vAnalytics, advanced on-prem Security
vAnalytics Yes
Cloud OnRamp Yes
Umbrella Yes Umbrella SIG essential
Category 6 Pluggable LTE Module
Dying Gasp
Multiple PDN
Auto SIM
GPS
PMIPv6
Carrier Aggregation
Dual SIM Slots
LTE Antenna Connector
GPS Antenna
LTE Antenna Connector
Micro-USB Debug
Category 18 Pluggable LTE Module
Dying Gasp
4 x 4 MIMO
Auto SIM
1.2 Gbps downlink
CBRS Band 46,48,66,71
Carrier Aggregation
Main Antenna
Diversity Antenna
Micro-USB Debug
Diversity Antenna
Main Antenna
Category 4 USB Dongle
Supported on ISR 1000 Series
only
Single Micro SIM
75/50 Mbps
CAT 4 LTE
M odem Types Region Bands
D-LTE-GB Global Bands 1,3,7,8,20,28
D-LTE-AS ASEAN Bands 1,3,5,8,40,41
D-LTE-NA North America Bands 2,4,5,12,13,14,17
LTE Antenna
ISR1000 Platforms Supported with LTE Dongle
C1101-4PC1121-4P
C1121-8PC1121X-8P
C1161-8P
C1161X-8P
C1101-4PLTEPC1121-4PLTEP
C1121-8PLTEPC1121X-8PLTEP
C1127-8PLTEP
C1127X-8PLTEPC1126-8PLTEP
C1126X-8PLTEPC1127-8PMLTEP
C1127X-8PMLTEPC1128-8PLTEP
C1161-8PLTEP
C1161X-8PLTEP
C1101-4PLTEPWX*X* = A,B,D,E,F,H,N,Q,R,Z
C1121-8PLTEPWX**X** = E,B,Z,Q
C1121X-8PLTEPWY*Y* = E,B,Z,A