hawaii tech day - routing platform update

Peyton Schouest - Solutions Architect

Routing Platform Update Hawaii Tech Day Feb 2017

[email protected] @Net20234

Cisco Digital Network Architecture

AutomationAbstraction and Policy Control

from Core to Edge

Open and Programmable | Standards-Based

Open APIs | Developers Environment

Cloud Service ManagementPolicy | Orchestration

VirtualizationPhysical and Virtual Infrastructure | App Hosting

AnalyticsNetwork Data,

Contextual Insights

Insights and Experiences

Automationand Assurance

Security and Compliance

Network-enabled Applications

Cloud-enabled | Software-delivered

Principles

Cisco ONE Software Delivered

Cisco Confidential 3

ISR Series

• End-of-Sale Announced on Sep 9th, 2016 (15 month notice.

• Actual End-of-Sale on Dec 9th, 2017• ISR G1 End of Support October 2016

• EoS Announcement for Cisco 2900 Series ISR• EoS Announcement for Cisco 3900 Series ISR

End-of-Sale Announcement for 2900 and 3900 Series

Important Note: No changes for the 1900 series


ISR Series: New Products4221

ISR 4221

• USB file storage• RJ45 Console & Aux

combo

• 1 RJ45 GE WAN• 1 RJ45 + 1 SFP

• External AC Power• Rack & Wall mounts

35 – 75 Mbps

2 NIM slots

4G, DSL, Serial, T1,

GE LAN + WAN

IOS-XESnort IPS

1 RU Desktop

13.5” wide

4 GB RAM8 GB Flash

Intel Rangeley 1.25GHz 4 core Atom SoC

Polaris Linux Kernel

CPP SW Data plane

RP IOS Control Plane

LXC onService Plane

CPU Core

CPU Core

CPU Core

CPU Core

4221 System Architecture

Generic KVM container not supported

ISR4221

ISR4321

ISR4221 vs. ISR4321 I/O Design13.50” / 343 mm

14.55” / 370mm

Platform Comparison1921 4221 1941 4321

Performance Positioning 15 Mbps 35 – 75 Mbps 25 Mbps 50 – 100 Mbps

Maximum throughput with popular services (FW, NAT, QoS) 50 Mbps 75 Mbps 80 Mbps 100 Mbps

RU 1 RU Desktop 1 RU Desktop 2 RU Desktop 1 RU Desktop

EHWIC / NIM slots 2 2 2 2

GE / SFP 2 / 0 2 / 1 2 / 0 2 / 1

Power Supply Internal External Internal External

ISC (DSP) slot No No No Yes

Power supply 150 W 90 W 190 W 260 W

PoE support 80 W No 80 W 120 W

CPU Cavium 2-core Intel 4-core Cavium 2-core Intel 4-core

RAM 512 MB 4 GB 512 MB, 2.5 GB 4 GB, 8 GB

DIMM slot No No 1 1

Flash 1 (Internal USB) 1 (eMMC) 2 (External CF) 1 (Internal eUSB)

Disk No No No Optional mSATA, NIM

USB 1 1 2 1

Management Port (GE) 0 0 0 1


ISR 4k Modules General Roadmap

• Targeted for Terminal Server use • Two versions

• NIM-16A and NIM-24A

• New serial cable to accommodate both 16 ports and 24 ports SKUs• NIM-16A

• Use existing G2 cables for both 8-port connectors.• NIM-24A

• Use existing G2 cables for both 8-port connectors.• New cable needed for 3rd port

NIM-Async FCS Target: Oct 2016IOS Release: XE: 16.3

Cisco ISR 4000 Family Modules (1 of 2)Category Type Name Available

LANSM-X Ethernet Switches: 16, 24 & 48 ports Yes

NIM Ethernet Switches: 4 & 8 ports Yes

UCS E-SeriesSM-X CPU: 2, 4, 6 & 8 cores Yes

NIM CPU: 4 cores Yes

Voice

NIM T1/E1: 1, 2, 4 & 8 ports Yes

NIM FXS/FXO: 2 & 4 ports. Also, 4FXS+2FXO combo NIM. Yes

NIM E/M & BRI Voice Yes

PVDM PVDM4: 32, 64, 128 & 256 channels Yes

SM-X High-density DSP farm Yes

WAN EthernetSM-X 1GE: 4 ports OR 1-port 10GE Yes

SM-X 1GE: 6 ports Yes

NIM 1GE: 1 & 2 ports Yes

WAN 4G / LTE

NIM USA, Canada, Europe, Australia Yes

NIM LATAM / APAC (Incl. Band 28 for Australia and LTE TDD for China/India) XE 16.3.2

ISR G2 -EHWIC and

800BBLATAM / APAC (Incl. Band 28 for Australia and LTE TDD for China/India) 15.6(2)T1

For YourReference

Cisco ISR 4000 Family Modules (2 of 2)

Category Type Name Available

WAN T3/E3 SM-X T3/E3: 1-port Yes

WAN T1/E1NIM T1/E1: 1 & 2 ports Yes

NIM T1/E1: 8 ports Yes

WAN xDSL NIM Multi-mode VDSL2 / ADSL Annex A, B & M Yes

WAN SerialNIM Synchronous Serial: 1, 2 & 4 ports Yes

NIM Asynchronous Serial: 16 & 24 ports + new cable for 24 port version Oct 2016

StorageNIM Dual SSD carrier. Each SSD may be 200G or 400G. Yes

mSATA 200G SSD Yes

NIM Adaptor SM-X Converts SM-X slot to 1 NIM slot Yes

NIM-ISDN BRI-DataCC / Target release 16.6

NIM-G.SHDSLCC / EC pending / Timeline TBD

For YourReference

Single Wide High Density Analog module for the ISR4K • Feature parity

• Feature Parity with Venom (EVM modules on ISRG2)

• Compatible with CUCM (MGCP/H323/SCCP)

• Support FXS fall back to SRST or FXS registered to CME

• Enhancement: Direct FXO bypass (FXO Failover)

• Enhancement: Support Long loop length for FXS Ports(FXS-E)

• Cost Parity• Cost Parity with ISRG2 Modules

• DSP on board

VG350SM-D-72FXS /48FXS-E

SM-X-72FXSFIXED / Only for ISR4K

• Feature parity (with VG350)• Long Loop Length (FXS-E)

• Compatible with CUCM (MGCP/H323/SCCP)

• Energy wise feature

• Cost parity • Cost Parity with Palestrina (VG350)

• DSP on board

Double Wide High Density Analog modules for the ISR4K

EVM-ISRG28FXS MB, FXS/FXO DB

SM-X-24FXS/4FXOFIXED / Only for ISR4K




Security

Cisco Leadership – ISR 4000 Series

Platform Integrity

Protects the Network

Counterfeit Protections

OS Validation

Secure Boot

ModernCrypto

Hardware Trust

Anchor

Runtime Defenses

Incident Response

Firepower

ISE ManagerPacket

AnalysisAgent

Stealthwatch Learning Network License

Firepower Management

Center

SecurityCulture

PSIRT Advisories

Security Training

Product Security Baseline

Threat Modeling

Open Source Registration

Supply Chain Management

Internet

Direct Internet Access (DIA)

CorporateNetwork

v Secure WAN Transportv Leverage Local Internet Pathv Threat Detection Techniquesv Improve Application Performancev Reduce WAN Bandwidth Consumption

Branch PublicDirect Internet

Access

IPsec VPN

IPS

Firewall

Firewall

Branch DIA use casesUse Case Security requirements Security Technology Visibility

PCI and Regulatory Compliance

FW, IPS ZBFW, Snort IPS

Guest User Wi-fi FW, Web Security, IPS (optional)

ZBFW, Cisco Umbrella Branch (OpenDNS), Snort IPS

Partial Direct Internet Access (Public Cloud, Partner Sites)

FW, IPS, Web Security ZBFW, Snort IPS, Cisco Umbrella Branch (OpenDNS) or Firepower Threat Defense

Full Direct Internet Access

FW, IPS, Web Security, Malware Protection, AVC

Firepower Threat Defense

Stea

lthw

atch

Lear

ning

N

etw

ork

Lice

nse

Snort IDS/IPS

Cisco ISR 4000 Series

SnortNow

Orderable!

Helps meet PCI compliance mandate at the Branch Office

Threat protection built into ISR 4000 branch routers

Complement ISR 4000 Integrated Security

Lightweight Threat Defense with low TCO and automated signature updates

Splunk monitoring available

Ø Over 4 million downloadsØ 500,000 registered usersØ Widely deployed IPS in the worldØ Solution requires:

Ø SEC licenseØ Signature updates term subscriptions (1Y or 3Y)

Cisco Umbrella Branch (a.k.a OpenDNS)Your first layer of defense at branch offices

Cisco Umbrella Branch208.67.222.222

Devices on branch network

• Visibility & enforcement at the DNS-layer

• Block requests to malicious domains and IPs

• Predictive intelligence: uncover current & emergent threats

• Protect all devices on your branch network against:o Malwareo Phishingo C2 callbacks

MALWARE

C2 CALLBACKSPHISHING

Block

Cisco ISR

OpenDNS - Endpoint security

INBOUND

OUTBOUND

PREVENTSMALWARE

CONTAINSBOTNETS

BLOCKS PHISHING ATTEMPTS & INAPPROPRIATE USAGE

CONTENT

THE INTERNET YOUR CUSTOMERS

ANY PORT &ANY PROTOCOL

Branch Office

Headquarters

Guests

Employees

VPN

SECURITY• Prevent guest or corporate users from

connecting to malicious domains & IPs

• Prevent already-infected devices from connecting to C&C

ACCESS CONTROL• Guest: Inappropriate content• Corporate: Loss of productivity

ISR4k

INTRANETTRAFFIC

Protecting Branch Guest and Corporate Internet Traffic

Cisco Umbrella Branch

Internet

Direct to Internet Access

WAN

SEC license required + term subscription for OpenDNS cloud services (1Y or 3Y)

Cisco Firepower Threat Defense for ISR

• Capitalize on DIA Without Compromising Security

• Industry-Leading Threat Protection for Branch and Remote Offices

• Consolidated Footprint Frees Revenue-Generating Square Footage

• Centralized Management with Clearly Divided Roles and Responsibilities

• Lower Total Cost of Ownership

Network Visibility

Granular App Control

Modern Threat Control

NGIPS

Security Intelligence

URL Filtering

BEFOREDiscover EnforceHarden

DURINGDetect Block

Defend

AFTERScope

ContainRemediate

Attack Continuum

Firepower Threat Defense

Visibility and Automation

Advanced Malware Protection

Retrospective Security

IoCs/Incident Response

Stealthwatch Learning Network License (SLNL)

Brings self-learning attributes to the Cisco 4000 ISR

Needs no programming of firewall rules, malware signatures, or access control lists (ACLs)

Uses machine learning, network context, and packet capture to determine what’s normal and what’s not

Uses advanced analytics and models to identify and block true anomalies

Adapts as conditions change

ISR ISR

Headquarters

Branch 1 Branch 2

Learning Network Agents

Learning Network Manager

DLA DLA

Integrated Security Offerings in One Box

The Ultimate Converged Branch – No More Appliances

Native, Service virtualization, AVC, WAN Opt, UC

Security for regulatory complianceThreat Centric Advanced security

Network, Computeand Storage

VPN ZBFW Snort IPSUmbrella Branch

(OpenDNS)

StealthwatchLearning Network

Firepower

Delivering true multi-layer security

Integrated Cloud Security for Managed ServicesShifting deployments from on-prem to the cloud

Internet

SP Cloud

Eliminate security appliance at the customer premise

Any IPsec capable CPE can be deployed at the customer premiseSecurity intelligence moves to the cloud. Stack available on CSR1000V:• IPsec VPN• SSL VPN• ZBFW• Snort IPS• Web FilteringLow footprint: 100 Mbps of combined throughput @2vCPUCloud Management

Data Traffic


WAAS

O365 and Single Sided SSL

FCS6.2.1 May 20166.2.3 July 2016

• Office 365 optimization support• SMART-SSL acceleration for YouTube• SMART-SSL HTTPS content caching from

the branch• Full SMBv3 optimization and

prepositioning with signing and encryption• Akamai Connect connection counts scale

beyond 6,000 connections.• Prepositioning proxy and User Agent

Support• Redhat/CentOS KVM Support

WAN

Branch

DC

Branch

DIA

Azure/Managed cloud

DIA

WAAS is available on Azure Marketplace• Supported on release 6.2.x• Optimize IaaS and SaaS (O365)

applications• Hourly licensing• 200,750,1300, 2500, 6000 and 12000• D2_v2 and D3_v2 VM• Only routed and PBR redirection

supported (Azure doesn’t support GRE) • One click solution template for easy

deployment


Polaris Feature Update

Manageability Support (ASR1K and ISR4K)• TR111 Support• TR069 Support

Security Support (ASR1K and ISR 4K)• NAT HA + VASI• Snort IPS Enhancements & integrations (logging, signatures)• Flex VPN and IKEv2 fast Convergence• ESON Support (Scheduled Rekey, Policy & Monitoring)• DMVPN (with Tunnel Sub-Interface, Native Multicast, per-Tunnel support)• VMS Cloud UTM• CWS (FQDN Enhancements, Active Identity integration)• SVTI-Multi Security Association (SA)

Data Center Interconnect (ASR1K)• ACI L3 DCI and TrustSec Integration:• ACI L3 DCI EVPN with iVXLAN and SGT• LISP and VXLAN GPO on WAN• NSH with Service Chaining

Voice Support for Federal Customer• SHA1_80 on ISR4K SIP IP TDM (PRI/BRI) • Support for Smart Licensing

ISR4K Feature Parity• DDR Support• Broadband Support for ISR 4000 Series (PPPoE, ISDN PRI integration,

QoS, MLPPP etc)• Ethernet over GRE

ASR Specific Features• Segment Routing• Security (ARP/NDP cache entries, ACL, punt policing)• Static IPoE session roaming, with Parameterized QoS,

Framed Route• Software Technology Re-Package for ASR

New Software Features Areas IOS XE 16.4.1 (Nov 2016) and 16.5.1 (March 2017)

Elements / Features

VPN BGP QoS Others

enconf tInterface en0 Ip addressScript CLI

BGP CfgState

QoS CfgState

VPN CfgState

Data-Model A

BGP QOSVPN

Data-Model B

BGP QOSVPN

Platform BPlatform A

Manual ConfigurationState & Config stored

per Feature

Inconsistent Data Models

Physical and Virtual Infrastructure

Platform

Automation Systems

OSS/BSS SDN Controllers Configuration Management Tools

Programmatic InterfacesRESTConf, NETConf, OpenFlow

Network

DevOps

IOS-XE16Programmability (NETConf and YANG)

Software Patches: SMU

In-service bug-fixesLess downtime with reduced reboots

IOS-XE16IOS-XE Now enables Emergency Point Fixes through Patching

OSPF OSPF

System UpgradeIn Place UpgradeConfig Preserved

asr1k.iso OSPFasr1k.iso

Feature Upgrade*Upgrade Single Feature

Installed like SMUBGP 6.0 OSPFBGP 6.1

Not available for all features*

What is Patching

• Emergency Point Fix positioned for Expedited delivery

• Addresses a Network problem that brings Business to a Standstill

Benefits of Patching• Reduce time to resolution in your

network.• Simplify Network Operations for

defect resolution and code qualification.


ISR 4KOpen Services Containers

What is a Service Container?A Service Container is a virtual machine running within the network itself. Service Containers use virtualization technology (LXC and KVM) to provide a hosting environment on Cisco routers/switches for applications.

Use Case Cisco Virtual Services:• Lightweight Application Hosting• Example: ISR-WAAS ( KVM )• Example: SNORT ( LXC )

Use Case Third Party Services:• KVM Hosted Applications

Container

Network OS

Virtual Service

Now AvailableIOS Release: XE: 16.3.1

(Polaris)

Common Service Container Use CasesGeneral purpose virtual machine with custom and open-source troubleshooting tools. (Wireshark, Speedtest, IXIA etc.)

Troubleshooting VM

Common network functions such as Print Server, Domain Controller, File Storage, etc.

Network Functions

Network Analysis and Application Performance Monitoring without a dedicated probe.

Analytics

Augment the capabilities of the host platform in some way. (Custom encryption, business-based routing, specialized API interface)

Device Customization


Web GUI

• First release is 16.2 (March 2016)• Come with the image - nothing needs to be installed• All is needed is to enable the http or https server• Access via http://<router-ip>/webui • Features in the March 2016 release:

1. Monitoring dashboard with device stats: CPU and memory utilization

2. Monitoring dashboard with AVC – show layer 7 application visibility for up to 48 hours usage

3. Configure AVC interfaces4. Configure physical and logical interfaces5. Configure static routes, DHCP, DNS6. Enable smart call home7. View active licenses8. View syslog9. Send exec and configuration commands

WebUI for ISR4K, ASR1K, CSR1000v

WebUI Dashboard16.3(1)

CPU / Mem Utilization

What’s being sent through the router

Define AVC Policies –out of the box we support the 1300+ NBAR 2 Apps

Custom Apps support URL, Server/Port, Protocol, DSCP

Configuration


CSR Update

Packaged for NFVISBranch-Specific FeaturesBranch-Specific PricingLook-and-feel of an ISR 4000Not available separately

Cloud and VDC DeploymentsAggregation Use-CasesFlexible Pricing & PackagingVirtual ASR 1000 SeriesAvailable on multiple platforms

ISRv and CSR – 16.3.1

Integrated Services Router - Virtual Cloud Services Router


UCS E-Series Updates

UCS E-Series PortfolioSc

alab

ility

Performance

UCS-E160D

6-core, 2.0 GHz, 96 GB RAM

UCS-E180D



M1 blades will be EOS by Q1 FY16

UCS-E140S


UCS-E160S


UCS-EN140N


UCS-EN120S

Shipping New

UCS-E160S-M3/K96-core, 32 GB, 2 Disks

Up to 4TB SATA StorageDual External 10G USB 3.0 port for external device

connectivity

6-core, Intel Broadwell, 2.0 GHz

Dual EMMC Storage with RAID

Available NowOnly on ISR 4K

Up to 32 GB DRAM options

Upgraded LSI controller for higher performance


Enterprise NFV

What is Enterprise NFV?

Freedom of ChoiceHardware Platform

Add Software Intelligence to the HardwareVirtualization Layer

Consistent, trusted network services across all the platformsVirtual Network Functions (VNFs)

Central and Prescriptive AutomationOrchestration and Management

Option 2a

Cisco 4000 Series ISR + UCS® E-Series

Cisco® UCS C-Series

Enterprise Network Compute System(ENCS)

Network Functions Virtualization Infrastructure Software (NFVIS)

Cisco Enterprise Service Automation (ESA) on APIC-EMNetwork Services Orchestrator (NSO)

Introducing Cisco Enterprise NFVNetwork Services in Minutes, on Any Platform

Virtual Router(ISRv)

Virtual Firewall(ASAv)

Virtual WAN Optimization

(vWAAS)

Virtual Wireless LAN Controller

(vWLC)Third-Party VNFs

Packaged for Branch Network ServicesEnterprise NFV Infrastructure Software (NFVIS)

Network HypervisorEnables segmentation of

virtual networksAbstract CPU, memory,

storage resources

Zero Touch DeploymentAutomatic connection to PnP server

Secure connection to the orchestration system

Easy day 0 provisioning

Life Cycle ManagementProvisioning and launch of VNFsFailure and recovery monitoring

Stop and restart services

Dynamically add and remove services

Service ChainingNo hardware offload with UCS

External connectivity and to other services

Multiple service access options

Open APIProgrammable API for service orchestration

REST and NETCONF API

ASAv vWAAS vWLCISRv

Best-of-breed Trusted Services from CiscoConsistent software across physical and virtual

High PerformanceRich Features

End-to-end Support

Proven Software

Leader in Gartner MQ#1 Unit Shipped

Superior Caching with Akamai Connect

Survivability & ScaleConsistency across the

Data Center and Switches

Built for small and medium branches

Comprehensive ProtectionFull DC-class Featured

Functionality

Designed for NFV Cost-effective with NFV

Freedom of ChoiceCisco Intelligent Branch

Virtual RouterVirtual Services

ENCS

License Portability

Services Consistency

Business Continuity

Enterprise NFV

Physical RouterVirtual Services

ISR 4000 Series + UCS E-Series

Traditional

Physical Router

ISR 4000 Series

Centralized ServicesFixed Integrated Services

Conservative

Upgradable H/WDeterministic Routing Performance

Late Adopter

Elastic Routing and Services PerformanceEarly Adopter

ENCS 5400 Series - BezelNew Industrial Design

First platform with new Cisco design languageIntended to create a common look across Cisco products

Status Indicators using Universal Icons

LED Backlit LogoRounded Corners Aluminum Bezel with “Logo” Vents

Raised Bezel Edge

ENCS 5400 Series

6, 8, or 12-Core Intel Xeon-D

8 - 64 GB DRAM

8 Integrated LAN Portswith Optional POE

Network Interface Module for LTE & legacy WAN

Dedicated Board Management Controller

2 HDD or SSDRAID 0 & 1

InternalM.2 Storage

USB 3.0 Storage

2 Onboard Gigabit Ethernet ports

with SFP

Optional Hardware RAID Controller

Integrated Power Supply

Optional Hardware Crypto Module

Hardware Acceleration for VM Traffic

ENCS 5400 Portfolio - Chassis Options

ENCS541212-CoreENCS5408

8-CoreENCS54066-Core

ENCS5406 ENCS5408 ENCS5412

CPU 6-core, 1.9GHz 8-core, 2.0GHz 12-core, 1.5GHz

Base List Price $4,000 $6,000 $8,000

PoE No 200W 200W

Capacity Guidance ISRv + 2 VNFs ISRv + 3 VNFs ISRv + 5 VNFs

Cisco Solutions for Digital Branch

Customer Experience

AVC & NBAR2, PrimeWAAS with Akamai ConnectUC: CUBE, CME/SRST, Voice Gateway

Branch Automation

IWAN App on APIC-EMPrime: Lifecycle | Assurance | Compliance Plug-n-Play Automation

Pervasive Security

Network: Stealthwatch Learning Network, MACSecBranch: FirePower, Snort IPS, VPNDIA: OpenDNS, CWS

Platform Independence: Virtualize Any App, Anywhere

PHYSICALISR 4000 Series , ASR 1K Series

CONVERGEDUCS E-Series on ISR 4000

VIRTUALKVM VM on IOS XE

VNFs: ISRv, ASAv, vWAAS, vWLC

Dynamic Multipoint VPN

WAAS VRF, ZBFW Intelligent Path Control (PfR)

Software Defined WAN and Beyond


ASR Series

Up to 78Gbps Crypto capacityMore flexible power supply configurationSupport for up to 200 Gbps in every slot with ESP200-X and upHardware redundancy

ASR1000 Product Family Evolution

ASR1002-X

ASR1006-X

ASR1009-X

ASR1013

ASR1001-X 2.5 - 20 Gbps5 - 36 Gbps

40 – 200+ Gb/sec

ASR1002-HX

EPA

100 Gbps for slots 2 and 3Hardware redundancy

40 - 200 Gb/secEPA

ESP100-X, ESP200-X and ESP400-X on roadmap with line rate crypto

More power flexibility200 Gbps in everyHardware redundancy

40 - 100 GbpsEPA

RP3

RP3

High performance control plane with crypto assist.

RP3

RP3

ESPX

ASR1001-HXUp to 39Gbps crypto40 – 100 GbpsEPA

8 or 20Gbps crypto60 Gbps

ASR 1006-X and 1009-X Chassis

Power Shelf

ASR 1009-X

ASR 1006-XASR 1006-X

(Modular Redundant )ASR 1009-X

(Modular Redundant)

Timeline Available Now Available Now

Height 6RU 9RURP Slots 2 2ESP Slots 2 (regular) 2 (super)SIP/MIP Slots (I/O Slots) 2 (SIP40/MIP100) 3 (SIP40/MIP100)SPA Slots 8 12EPA Slots 4 6NIM Slots N/A N/ABuilt-In GE N/A N/ASlot Bandwidth 100G(Future 200G) 100G(Future 200G)Forwarding Bandwidth (based on current QFP) 40 to 100G 40 to 200G

Forwarding Bandwidth (with Next-Gen QFP) Up to 200G (Future) Up to 400G (Future)

Maximum Output Power

1100W power modulesN+1, Max 6

1100W power modules N+1, Max 6

Available Now!

Available Now!

ASR1006-X – Next-Gen 6RU with 100G per Slot

Forwarding Plane (ESP)§ Up to 100Gbps per system§ Supports ESP40, ESP100 and

future ESPs

Control Plane§ Supports RP2 and RP3 (future) § Default 8G memory (max. 16G)§ FIPS-140-3 certification

I/O Connectivity§ 8x SPA slots (with SIP40)§ 4x EPA slots (with MIP100)§ 100 Gbps I/O slot bandwidth

System Management§ RJ45 Console§ Auxiliary Port§ 2x USB Ports

Power Supply§ Modular power supply with N+1 redundancy§ High efficiency, Load sharing, Hot-swappable§ AC (1100W) or DC (950W)

BITS clocking§ Stratum 3 built-in

Modular Fan Tray§ Field Replaceable without

the need to replace power supplies

Cryptography§ Up to 29/16 Gbps

(1400B/IMIX) crypto throughput using ESP100

§ Suite-B crypto support

Hardware Redundancy§ Dual ESP and RP slots for

data plane and control plane redundancy

§ ISSU

Available Now!

ASR1009-X – Power Efficient 9RU with 100G per Slot

Forwarding Plane (ESP)§ Up to 200Gbps per system§ Supports ESP40, ESP100,

ESP200 and future ESPs

Control Plane§ Supports RP2 and RP3 (future)§ 8G – 64G DDR3 memory (RP3)§ FIPS-140-3 certification

I/O Connectivity§ 12x SPA slots§ 6x EPA slots§ 100 Gbps I/O slot bandwidth

with ASR1000-MIP100

System Management§ RJ45 Console§ Auxiliary Port§ 2x USB Ports

Power Supply§ Modular power supply with N+1

redundancy§ High efficiency, Load sharing, Hot-

swappable§ AC (1100W) or DC (950W)

BITS clocking§ Stratum 3 built-in

Modular Fan Tray§ Field Replaceable§ 30% improvement in

airflow per slot vs integrated Fan module

Cryptography§ Up to 78/59 Gbps

(1400B/IMIX) crypto throughput using ESP 200

§ Suite-B crypto support

Hardware Redundancy§ Dual ESP and RP slots for

data plane and control plane redundancy

§ ISSU

Available Now!

Multi-Core Network Processor§ 124 Cores§ 4 Packet Threads / Core§ 496 simultaneous threadsMiscellaneous§ RJ45 & mini-USB console§ SSD§ Secure Boot

ASR 1002-HX (Kahuna) 100G Fixed

Network Interface Module§ 1 double wide NIM slot or§ 2 single wide NIM slots§ NIM - Compatibility with

ISR4400 and ASR1001-X

EPA - Ethernet Port Adapter§ 1x EPA slot

Built in I/O§ 8x TenGigabit Ethernet interfaces enabled

by license§ 8x Gigabit Ethernet interfaces in base§ Multipoint MACSEC for linerate

encryption (1G & 10G)

Pay as you go§ 50 Gbps base performance§ Max performance of 120 Gbps,

licensed

Application level service performance§ 58M Packets Per Second§ Up to 25G Crypto IMIX w/ Suite B§ Diverse VPN security solutions, 25G IMIX§ 13M Firewall and traditional NAT Sessions

Control plane§ CPU: Quad Core @ 2.5 GHz§ Memory: 16GB DDR3

default memory,upgradeable to 32GB

System management§ Cisco Prime§ Glue Networks

Crypto module§ Field upgradeable

Available Now!

• Crypto capacity up to 39Gbps

• Base version of 1002-HX can be delivered without the crypto hardware • Upgrade crypto performance on fielded units…on demand, without truck roll• Upgrade only the fielded units that really needs to support Crypto • Order units to be upgraded in the factory prior to shipment.

ASR1002-HX Crypto Module

ASR1002-HX – Capability ComparisonPlatform ISR4451-X ASR1001-X ASR1002-X ASR1002-HX

PAYG Bandwidth 1-2G 2.5-20G 5-36G 44G-100G

PPS Performance 1-2 Mbps 11 Mpps 30Mpps 58Mpps

IPv4 Routes 500K (4G)/IM (8G/16G)

1M (8G)/ 3.5M (16G) 500K (4G)/1M (8G)/ 3.5M (16G)

500K (4G)/1M (8G)/ 3.5M (16G)

Built-in I/O 4x1GE 6x1GE; 2x10GE 6x1GE 8x1GE, 8x10GE

Extensible I/O 3XNIM,2XSM 1x SPA, 1x NIM 3x SPA 1x EPA, 1x NIM

Encryption Throughput

1.4G(IMIX) 5G (IMIX) 4G (IMIX) 25G (IMIX)

MACsec Point to Point Point to Multipoint N/A Point to Multipoint

ZB Firewall Sessions 500K (200K FW+K2) 2M 2M 6M

NAT Sessions 500K 2M 2M 6M

AVC 1G 5G 18G 52G

CUBE(Ent) 8K 10K Subscribers 10K subscribers 10K subscribers

BB N/A 10K subscribers 29K subscribers 58K subscribers

QoS (Queues) TBD 16K 116K 232K

MACsec Yes (128-bits only) Yes N/A Yes

Suite-B Yes Yes Yes Yes

High Availability No Yes (Redundant IOS)

Yes (RedundantIOS)

Yes (RedundantIOS)

Clocking Yes ( In Future) Yes (SyncE) Yes (SyncE, GPS, BITS)

Yes (SyncE,BITS)

TCAM Software 10Mbits 40Mbits 80Mbits

ASR1000 ForwardingWhere does ASR1002-HX fit in Performance and Throughput?

Jackpot ESP-10G ASR1001-X ESP-20G ASR1002-

X ESP-40G ESP-100G ASR1002-HX ESP-200

System Bandwidth*

2.5 - 5 Gbps 10 Gbps 2.5 – 20

Gbps 20 Gbps 5 – 36 Gbps 40 Gbps 100 Gbps 44-100

Gbps 200G

Performance 3 - 8 Mpps 17 Mpps 11 Mpps 23 Mpps 23 Mpps 30 Mpps 58 Mpps 58 Mpps 130 Mpps

# of Processors 20 40 31 40 64 40 128 128 256

Clock Rate 900 MHz 900 MHz 1.5 GHz 1.2 GHz 1.2 Ghz 1.2 GHz 1.5 GHz 1.5 GHz 1.5 GHz

Crypto Engine BW (1400 Bytes)

1 Gbps 4.4 Gbps 8 Gbps 8.5 Gbps 4 Gbps 11 Gbps 29 Gbps 39 Gbps 78 Gbps

QFP Resource Memory

256MB 512 MB4 GB

(Unified)1 GB 1 GB 1 GB 4 GB 4 GB 8 GB

Packet Buffer 64 MB 128 MB512 MB

(Unified)256 MB 512 MB 256 MB 1 GB 1 GB 2 GB

Control CPUDual

core* 2.13 GHz

800 MHzQuad Core*

2.0GHz1.2GHz Quad core*

2.1 GHzDual core 1.86 GHz

Dual core 1.73 GHz

Quad core* 2.5 GHz

Dual core 1.73 GHz

TCAM 5 Mbits 10 Mbits 10 Mbits 40 Mbits 40 Mbits 40 Mbits 80 Mbits 80 Mbits 2x 80 Mbits

Chassis Support ASR 1001

ASR 1002, 1004, 1006

ASR 1001-X

ASR 1004, 1006

ASR 1002-X

ASR 1004, 1006 1006-X, 1009-X,

1013

ASR 1006, 1006-X, 1009-X,

1013

ASR 1002-HX

ASR1009-X, 1013

Ø * For non-modular systems (1001 & 1002) the “Control CPU” is also the Route Processor CPU and requires more processing capability

ASR 1001-HX 60G Fixed

System Management§ RJ45 GE Ethernet

§ 2x USB Ports

§ 8x 1GE Ports§ MACSec enabled

§ 4x 10GE Ports +§ 4x configurable 10GE / 1GE Ports

enabled by license§ MACSec enabled

Power Supplies§ 2x AC or DC

Memory§ 2x DIMM slots

(8GB each)

Crypto module§ Field upgradeable (8

or 16Gbps)

6x Fans

System Management§ Console§ AUX

Multi-Core Network Processor§ 62 Cores§ 4 Packet Threads / Core§ 248 simultaneous threads

Control plane§ CPU: Quad Core @ 2.5 GHz§ Memory: 8GB DDR3

default memory,upgradeable to 16GB

Pay as you go§ 60 Gbps system performance§ 16 Built-in 10GE/1GE ports enabled via

software license

Application level service performance§ 30M+ Packets Per Second§ Up to 20G Crypto IMIX w/ Suite B for diverse VPN

security solutions§ 6M Firewall and traditional NAT Sessions

High Density Modular Ethernet –MIP100 Carrier Card + EPAs

100G Carrier Card + 2xEthernet Port AdaptersPossible EPA

options• 1x100GE • 2x40GE via breakout cable from 1x100GE • 10x10GE • 18X1GE• 2x40GE native ports (not EC’ed yet)

Throughput • 200G I/0 with up to 100G1 throughput per line card

Key Features • Feature Parity to 2x10GE+20xGE Plus

• WAN-PHY for 10GE (post-FCS)• 256-bit MACSEC & TAGS in the clear (post-FCS)

RP • RP2 + FutureESP • ESP100 + Future

• ESP200 + Future

Chassis Slots BW1013 Slots 2 & 3 100G1013 Slots 0,1,4&5 40G1006-X All Slots 100G1009-X All Slots 100GASR1002-HX Integrated CC 100G

1x100G 10x10GE 18x1GE

ASR1000-MIP100

1Max Bandwidth per slot for EPAs (ESP100 and ESP200)

2x40GE

2No MACsec 2No MACsec3Breakout cable from 1x100GE

2 2,3

Available now!

RP3 – Next Gen Route Processor§ Positioned to help customers migrate from RP1s & RP2s

§ Investment protection – Supports most of existing and all planned ESPs (ESP100-X, ESP200-X, ESP400-X), interface cards (SIP40, MIP100) and modular chassis (ASR1013, ASR1006-X and ASR1009-X)

§ Higher maximum DRAM capacity - 8G default, expandable to 64GB

§ Built-in SSD drive - 100GB default, upgradeable to 400GB+ for log / core /data collection and for running container apps in the future

§ Larger Flash memory - 8G default for NVRAM contents

§ Dedicated Crypto Assist chip for better crypto performance and scale (CPS)

USB

Solid state drive

BITS clocking

DRAM

Management Enet

Console/Aux

RP3 Customer BenefitsHigher Performance and Scale

• Average 20-30% faster than RP2

• Up to 64GB on RP3 for highest IOS XE scale

• SSD instead of HDD

• Crypto assist chip for up to 2X faster IPsec tunnel CPS

Lower TCO

• Savings from power and cooling

• Support HA and ISSU through redundant ESP/RP

• Futureproof to support new forwarding engines and I/O cards

Familiar Look and Feel

• Supported on ASR1006-X, ASR1009-X and ASR1013

• Same faceplate as RP2

• Same SW and licenses as RP2

• Easy upgrade from RP2

ASR1000 Route ProcessorsRP1 (EOS) RP2 RP3

CPU General Purpose CPU Based on 1.5GHz Processor

Intel Dual-core Wolfdale 2.66GHz

Intel Quad-coreBroadwell 2.2GHz

Memory 4GB 8, 16GB 8, 16, 32, 64GB

Built-inBoot flash 1GB 2GB 8GB

Storage 40GB HDD,External USB

80GB HDD,External USB

100 – 400 GB SSD,External USB

Chassis Support

ASR1004ASR1006

ASR1004ASR1006

ASR1006-XASR1009-XASR1013

ASR1006-XASR1009-XASR1013


Q & A


Thank You