Upload
truongngoc
View
307
Download
17
Embed Size (px)
Citation preview
ASR 1000 Architecture Overview and Use Cases
Jason Yang – CCIE#10467, Technical Marketing Engineer
BRKARC-2001
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Spark
Questions? Use Cisco Spark to chat with the speaker after the session
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
How
cs.co/ciscolivebot#BRKARC-2001Cisco Spark spaces will be available until July 3, 2017.
• Introducing the ASR 1000
• ASR 1000 System Architecture
• ASR 1000 Software Architecture
• Applications & Solutions
• Conclusion
Agenda
Introducing the ASR 1000
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Aggregation Service RouterKey Design Principles
Ethernet
WAN and Provider
Edge Services
Voice and
Video
Services
(CUBE)
Security Services
(Firewall, VPN,
Encryption)
Multi-Service, Secure WAN Aggregation
Services
Application
Performance
Optimization
(AVC, PfR)
Best in Class
Availability
Enterprise IOS Features
with Modular OS and
Software Redundancy or
Hardware Redundancy
and ISSU
Best in Class ASIC
Technology
Quantum Flow Processor
(QFP) for high scale services
and sophisticated QoS with
minimum performance impact
BRKARC-2001 6
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco ASR 1000 Series Routers: Overview2.5 Gbps to 200Gbps – Designed today to scale up in the future
INSTANT ON
SERVICE DELIVERY BUSINESS-CRITICAL RESILIENCY
COMPACT,
POWERFUL ROUTER
• Scalable on-chip service enablement through software licensing
• Industry leading VPN/Crypto solutions
• Optimal user/app experience with AVC, PfRv3, and AppNav
• Software consumption model with CiscoONE
• Fully separated control and forwarding planes
• Hardware and software redundancy
• In-service software upgrades
• Inter and Intra-chassis redundancy
• DCI to support clustering across geographically dispersed DC
• Line-rate performance 2.5G to 200G
• Investment protection with modular engines, IOS CLI and SPAs for I/O
• Hardware assists for ACL, QoS, etc.
• Hardware-based QoS engine with up to 464k queues
• New Ethernet CC and 100GE EPA: ASR1000-MIP100, EPA-1x100GE
ASR 1004
ASR 1009-X
ASR 1001-HX
5 to 36
Gbps
10 to 40
Gbps
40 to 100
Gbps
40 to 200
Gbps
2.5 to 20
Gbps
ASR 1001-X
Fixed Chassis Modular ChassisIOS-XE
ASR 1013
40 to 200
Gbps
ASR 1006-X
ASR 1002-HX
44 to 100
Gbps
ASR 1002-X
44 to 60
Gbps
20 to 100
Gbps
ASR 1006
BRKARC-2001 7
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Enterprise ApplicationsFlexible WAN Services Edge & CPE
Mobile subscriber
Corporate office
High end branch
High Speed CPE
High-end Branch
SDA Border
WAN aggregation
WAN Aggregation
IPSec VPN
L2 and L3 VPN
IWAN
DCI
Internet gateway
Cloud
Data Center Interconnect
Internet gateway
Cloud Services Edge
BRKARC-2001 8
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Service Provider ApplicationsA Wide Variety of Use Cases
CPE
Access and AggregationMobile Subscriber
Business
Residence
Wireless
Wire line
Cable
ISP
IP/MPLS Core
Edge
CGN
LNS
CPE
OLT
xPON
xDSLDSLAM
DOCSIS
ETTx
M-CMTS
PE
BNG
iWAG
VOD TV SIP
Content Farm
Peering
RR
L2/L3 VPNsIPsec/NAT/FWNBAR2
PPP or IP AggregationATM or EthernetIntelligent Services GatewayWiFi Access Gateway
BRKARC-2001 9
ASR 1000 System Architecture
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Midplane
ASR 1000 Building BlocksE
SP
act
FECP
QFPCrypto
Assist.
interconn.
PPE BQS
FECP
Crypto
Assist.
interconnect
RP
act
CPU
interconn GE switchS
IP
SPA SPA
IOCPAGG
ASIC
interconnect
RP
stb
y
CPU
interconn. GE switch
Embedded Service Processor
• Handles forwarding plane traffic
ES
Pstb
y
FECP
QFPCrypto
Assist.
interconn.
PPE BQS
FECP
Crypto
Assist.
interconnectRoute Processor
• Handle control plane
• Manages system
EL
CBuilt-in GE/10GEs
IOCPAGG
ASIC
interconnect
MIP
EPA EPA
IOCPAGG
ASIC
interconnect
SPA Interface Processor
• Houses Shared Port Adapter (SPA)
• Packets buffer
• Centralized Forwarding Architecture • All traffic flows through the active ESP,
standby is synchronized with all the states
• Distributed Control Architecture• All major system components have a
powerful control processor dedicated for control and management planes
Ethernet Linecard
• Built-in GE/10GE ports
• Packets buffer
Modular Interface Processor
• Houses Ethernet Port Adapter (EPA)
• Packets buffer
BRKARC-2001 11
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Modular Chassis OverviewASR 1004 ASR 1006 ASR1006-X ASR 1009-X
AS
R 1
01
3
RP Slots 1 2 2 2 2
ESP Slots 1 2 2 2 (super) 2 (super)
SIP/MIP Slots 2 (SIP only) 3 (SIP only) 2 3 6
Built-In Ethernet N/A N/A N/A N/A N/A
Redundancy Software Hardware Hardware Hardware Hardware
Height 7” (4RU) 10.5” (6RU) 10.5” (6RU) 15.7” (9RU) 22.7” (13RU)
Bandwidth 10 – 40 Gbps 10 -100 Gbps 40 - 100 Gbps 40 - 200 Gbps 40 - 200 Gbps
Max Output Pwr 765W 1275W1100 power modules
N+1, Max 6
1100 power modules
N+1, Max 63200W
Airflow Front to back Front to back Front to back Front to back Front to back
BRKARC-2001 12
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1009-XSystem Management
RJ45 Console
Auxiliary Port
2x USB Ports
I/O Connectivity
12x SPA slots (SIP-40)
3x ELC slots
6x EPA (MIP-100)
BITS clocking
Stratum 3 built-in
Power Supply
Modular power supply with N+1 redundancy
High efficiency, Load sharing, Hot-swappable
AC (1100W) or DC (950W)
Control Plane
Support RP2 and RP3
8 - 64 GB Memory
FIPS-140-2 certification
Hardware Redundancy
Dual ESP and RP slots for data plane and control plane redundancy
ISSU
Forwarding Plane (ESP)
Up to 200Gbps per system
Supports ESP40, ESP100, ESP200 and future ESPs
Modular Fan Tray
Field Replaceable
30% improvement in airflow per slots vs integrated Fan module
BRKARC-2001 13
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1000 Modular Chassis Compatibility Matrix
Chassis RP2 RP3 SIP40 ELC MIP100 ESP20 ESP40 ESP100 ESP200
ASR1004 Yes No Yes Yes No Yes Yes No No
ASR1006 Yes No Yes Yes No Yes Yes Yes No
ASR1013 Yes Yes Yes Yes Yes(2)(3) No Yes Yes Yes
ASR1006-X Yes(1) Yes Yes Yes Yes(3) No Yes Yes No
ASR1009-X Yes(1) Yes Yes Yes Yes(3) No Yes Yes Yes
(1)RP2 with new CPLD
(2)100G support in Slots 2&3; others at 40G
(3)ASR1000-MIP100 is not supported with ESP40
BRKARC-2001 14
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR1000-MIP100 (Modular Interface Processor)
1x100G
100G
100G Line rate
No oversubscription
1x100G
2 to 1 oversubscription
1x100G
10x10G
Line rate
No oversubscription
Mid
pla
ne
ESP100/200
MIP100
1006-X/1009-X with
ESP100/ESP200
BRKARC-2001 15
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Ethernet Port Adapter (EPA)EPA Modular Chassis with
MIP-100
ASR1002-HX Optics Modules
EPA-1x100GE XE 3.16.1
XE 16.2.1
XE 16.4.1
EPA-CPAK-2x40GE XE 3.16.2
XE 16.3.1
XE 16.4.1
EPA-10x10GE XE 3.16.4
XE 16.2.1
XE 16.3.1 (MACSec)
XE 16.3.1
XE 16.3.2
(MACSec)
SFP-10G-SR, SFP-10G-SR-X, SFP-10G-LR, SFP-
10G-LRM, SFP-10G-LR-X, SFP-10G-ER
EPA-18x1GE XE 16.2.1
XE 16.3.2 (MACSec)
XE 16.2.1
XE 16.3.1
(MACSec)
GLC-GE-100FX, GLC-SX-MMD, GLC-LH-SMD,
SFP-GE-T, GLC-BX-U, GLC-BX-D, GLC-TE, GLC-
SX-MM, GLC-LH-SM, GLC-EX-SMD, GLC-ZX-
SMD, CWDM-SFP, DWDM-SFP
CAB-MPO24-2XMPO12CPAK-100G-SR10 QSFP-40G-SR4
10 Metres
CPAK-100G-SR10 CPAK-100G-LR4
BRKARC-2001 16
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
RP2 RP3
CPU 2.66GHz Intel Xeon Dual-core 2.2GHz Intel Broadwell Quad-core
Default memory 8GB (4x2GB) – DDR2 8GB (2x4GB) – DDR4
Memory upgrade options 16GB (4x4GB) 16GB (2x8GB), 32GB (4x8GB); 64GB (4x16GB)
Built-In eUSB Bootflash 2GB 8GB
Storage80GB HDD
external USB
100GB SSD default, 200GB and 400GB upgrade options
external USB
IOS XE OS 64 bits 64 bits
Chassis Support
ASR 1004
ASR 1006
ASR 1013
ASR 1006-X
ASR 1009-X
ASR 1006-X
ASR 1009-X
ASR 1013
Modular Route Processors: RP2 & RP3
BRKARC-2001 17
30%+
Faster!
60%+
Scale!
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR1000 Embedded Services Processor (ESP) Centralized, programmable, multiprocessor forwarding engine providing full-packet processing
Packet Buffering and Queuing/Scheduling (BQS)
For output traffic to carrier cards/SPAs/EPAs
For special features such as traffic shaping, reassembly,replication, punt to RP, cryptography, etc.
5 levels of HQoS scheduling, up to 464K Queues,Priority Propagation
Dedicated crypto co-processor
Interconnect providing data path links (ESI) to/fromother cards over midplane
Transports traffic into and out of the CiscoQuantum Flow Processor (QFP)
Input scheduler for allocating QFP BW among ESIs
FECP CPU manages QFP, crypto device, midplane links, etc.
ESP40
ESP100
BRKARC-2001 18
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ESP Bandwidth
• Overall throughput is determined by the type of ESP and SIPs used in modular platforms.
• Modular platforms are rate limited by speed of bus from QFP complex to backplane ASIC
• Bandwidth is expressed in terms of aggregated throughput, use ESP100 as example:
50 Gbps 50 Gbps
50 Gbps50 Gbps
• 50G Unicast in each direction
• Total Output bandwidth 50+50=100
• 10G Multicast with 8X replication in one direction
• 20G unicast in the other direction
• Total Output bandwidth 80+20=100G
10G 80G
20G 20G
• 50Gbps Unicast in one direction and 70Gbps Unicast in the other direction
• Total output bandwidth (50+70=120) exceeds 100Gbps; only 100Gbps will be forwarded.
• 10Gbps Multicast with 10X replication in one direction• 10Gbps Unicast in the other direction• Total bandwidth (100+20=110) exceeds 100Gbps; only
100 Gbps will be forwarded
50 Gbps 50 Gbps 10G 100G
70 Gbps70 Gbps 20G20G
BRKARC-2001 19
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Quantum Flow Processor (QFP)ASR1000 series innovation
• Five year design and continued evolution – now on 3rd generation
• Architected to scale to > 100Gbps
• Multiprocessor with 64 multi-threaded cores; 4 threads per core
• 256 processes per chip available to handle traffic
• High-priority traffic is prioritized
• Packet replication capabilities for Multicast
• Many H/W assists for accelerated processing
• 3rd generation QFP is capable for 70Gbps, 32Mpps processing
• Mesh-able: 1, 2 or 4 chips to build higher capacity ESPs
• Latency: tens of microseconds with features enabled
Cisco QFP
Packet Processor
Cisco QFP Traffic Manager
(Buffering, Queueing, Scheduling)
QFP Chip Set
BRKARC-2001 20
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Enterprise Routing NPU LeadershipContinuing Investment in Network Processor Technology
Increasing network intelligent and services requirements
Over 100
Patents
Awarded!
1st Gen QFP
20G
2nd Gen QFP
40G
3rd Gen QFP
200GLower Cost fully
integrated NPU
and IO device
4th Gen QFP
> 200G
linerate security
and high perf
intelligent WAN
Perf
orm
ance
20122008 2018
#cores: Number of Packet Processing Engines
#threads: concurrent, parallel threads processed
High Speed Backplane Aggregation ASIC
IO Oversubscription & Aggregation ASIC
NPU
BRKARC-2001 21
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
ASR 1001-X ASR 1002-X ASR 1001-HX ASR 1002-HX
SPA Slots 1 3 N/A N/A
EPA Slots N/A N/A N/A 1
NIM Slots 1 N/A N/A 1
Built-In GE 6 6 8 8
Built-In TenGE 2 N/A 4 + 4 (configurable 10GE/GE) 8
CPU 2.0GHz quad-core 2.13GHz quad-core 2.5GHz quad-core 2.5GHz quad-core
Memory8GB; upgradable to
16GB
4GB; upgradable to
8GB/16GB8GB; upgradable to 16GB
16GB; upgradable to
32GB
StorageeUSB(8GB)
SSD (200GB, 400GB)
eUSB(8GB)
Optional HDD (160GB)eUSB(32GB)
eUSB(32GB)
SSD (200GB, 400GB)
IOS Redundancy Software Software Software Software
Height 1.75” (1RU) 3.5” (2RU) 1.75” (1RU) 3.5” (2RU)
Throughput 2.5 to 20Gbps 5 to 36Gbps 60Gbps 100Gbps
Maximum Output Power 250W 470W 360W 500W
Airflow Front to back Front to back Front to back Front to back
22BRKARC-2001
ASR 1000 Fixed Chassis Overview
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multi-Core Network Processor
60Gbps forwarding capacity
62 Cores
4 HW Threads / Core
248 simultaneous threads
Miscellaneous
RJ45 & mini-USB console
Secure Boot
ASR 1001-HX
Built in I/O
8x Gigabit Ethernet interfaces
8x TenGigabit Ethernet interfaces (4 configurable 10G/1G ports)
Multipoint MACSEC for linerate encryption (1G & 10G)
Pay as you grow
License on built-in ports
4x TenGE+ 4xGE enabled by default
The remaining ports can be enabled in pairs
Control plane
CPU: Quad Core @ 2.5 GHz
Memory: 8GB DDR3 default memory, upgradeable to 16GB
Secure Boot + Image Signing
Crypto module
Field upgradeable
16 Gbps crypto throughput
Suite B support
BRKARC-2001 23
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• ASR 1001-HX can be ordered with or without the crypto module
• Crypto module can be installed in the field unit when it need the function
• Crypto bandwidth licensed from factory (default 8Gbps, upgradeable to 16Gbps on demand)
• 16Gbps crypto license unlocks crypto performance cap of 29Gbps (1400bytes)
ASR 1001-HX Crypto Module
BRKARC-2001 24
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multi-Core Network Processor
100 Gbps forwarding capacity
124 Cores
4 HW Threads / Core
496 simultaneous threads
Miscellaneous
RJ45 & mini-USB console
eUSB: 32GB
Secure Boot
ASR 1002-HX
Network Interface Module
1 double wide or 1 single wide NIM
Ethernet Port Adapter
1x EPA slotBuilt in I/O
8x Gigabit Ethernet interfaces
8x TenGigabit Ethernet interfaces
Multipoint MACSEC for linerate encryption (1G & 10G)
Pay as you grow
License on built-in ports
4x TenGE+ 4xGE enabled by default
The remaining ports can be enabled in pairs
Power Supply & Fans
Modular PS, FRUable
Fan Tray
Crypto module
Field upgradeable
25 Gbps crypto throughput
Suite B support
Control plane
CPU: Quad Core @ 2.5 GHz
Memory: 16GB DDR3default memory,upgradeable to 32GB
Secure Boot + Image Signing
BRKARC-2001 25
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• ASR 1002-HX can be ordered with or without the crypto hardware
• Crypto module can be installed in the field unit when it need the function
• Crypto bandwidth licensed from factory (default 8Gbps, upgradeable to 16Gbps and 25Gbps on demand)
• 25Gbps crypto license unlocks crypto performance cap of 39Gbps (1400bytes)
• ASR 1002-HX must be powered down to install/remove crypto module
ASR 1002-HX Crypto Module
BRKARC-2001 26
Software Architecture
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• IOS XE = IOS + IOS XE Middleware + Platform Software
• Operational Consistency—same look and feel as IOS Router
• IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc.) 64-bit operation
• Linux kernel with multiple processes running in protected memory• Fault containment
• Re-startability
• ISSU of individual SW packages
• ASR 1000 HA Innovations• Zero packet loss with RP Failover
• <50ms ESP Failover
• Software redundancy
IOS XE Software architecture
ES
P
RP
IOS
active
Platform Adaptation Layer
(PAL)
Forwarding
manager
SIP
/MIP
IOS
standby
Chassis
manager
Linux Kernel
Forwarding
managerChassis
manager
Linux Kernel
QFP client
QFP driver
Linux Kernel
Chassis
manager
SPA driverSPA driverSPA/EPA
driver
Control
messaging
BRKARC-2001 28
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Software Architecture – Modular Platform
ES
P
RP
IOS
Platform Adaptation Layer
(PAL)
Forwarding
manager SIP
/MIP
Chassis
manager
Linux Kernel
Forwarding
managerChassis
manager
Linux Kernel
QFP client / driver
QFP code
Linux Kernel
Chassis
manager
SPA driverSPA driverSPA/EPA
driver
Control
messaging
• Initialization of RP processes
• Initialization of installed cards
• Detects and manages OIR of cards
• Manages system status,
environments, power, EOBC
• Provides abstraction layer between
hardware & IOS
• Manages ESP redundancy
• Maintains copy of FIB and interface list
• Communicates FIB status to active &
standby ESP
• Runs Control Plane
• Generates configurations
• Maintains routing tables (RIB, FIB…)
• Communicates with forwarding
manager on RP
• Maintains copy of FIBs
• Provides interface to QFP client &
driver
• Programs QFP forwarding plane and
QFP DRAM
• Statistics collection & RP
communication
• Driver Software for SPA/EPA
interface
cards is loaded independently
• Failure or upgrade of driver
does not affect other
SPAs/EPAs in the chassis
BRKARC-2001 29
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Single Control CPU
• Quad-core
• 64 bit OS
• 8GB, 16GB, 32GB memory support
• Standard IOS XE Processes
• Running over a single Linux kernel
• High Availability
• IOS redundancy
• Fault Containment
• Process Restartability
• Operational Consistency
• Same look and feel as standard IOS
• Ethernet Out of Band Channel
• Method by which processes in different subsystems communicate
Software Architecture – Fixed Platform
Chassis Mgr.
Forwarding Mgr.
IOSact
RP Subsystem
Ke
rne
l (in
cl. u
tilit
ies)
Interface Mgr.
Chassis Mgr.
SPA driver
I/O Subsystem
Chassis Mgr.
Forwarding Mgr.QFP Client / Driver
ESP Subsystem
ASR1001-X Control Plane CPU
SPA driver SPA/EPA
driver
IOSstby
BRKARC-2001 30
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
IOS XE Release and support timelines
FCS EoVS
PSIRT Phase
EoSMEoSales
Standard releases – twice a year (March, November) supported for 18 months
• 6 months of active bug-fix, 6 months of limited bug fix, and 6 months of PSIRT
• Rebuild Intervals: 3 + 3 + 6 + 6 (PSIRT build as needed)
3 months 6 months 6 months3 months
.1S .2S .3S
Optional PSIRT build
.4S
FCS EoVS
Extended releases - Once a year (July) supported for 48 months
• 30 months of active bug-fix, 6 months of limited bug fix, and 12 months of PSIRT
• Rebuild Intervals: 3 + 3 + 4 + 4 + 4 + 6 + 6 + 6 + 6 + 6 (PSIRT builds as needed)
EoSMEoSalesEoSales
Notification
HPC
3 m 3 m 4 m 4 m 4 m 6 m 6 m 6 m 6 m 6 m
Optional PSIRT builds
.1S .2S .3S .4S .5S .6S .7S .8S .9S .10S
BRKARC-2001 31
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Expensive Upgrades - Business Loss
• Each device upgrade causes Network outage
Cost
• Reduced IT staff slows software roll out
• Physical presence required
Time
• New Code requires bug analysis, certification
Scope
IOS XE Software InnovationSoftware Maintenance Upgrade (SMU)
SMUPoint Fixes
Reduces Validation
Scope & Time
Use Cases Security Vulnerabilities/PSIRTs
Critical Issues
16.6
BRKARC-2001 32
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
SMU Features Supported in 16.6.1
Components Components Components Components
NAT/CGN/NPTv6 Multicast/PIM/MVPN AAA IPSec / IKEv2 / VPN
FW Trustsec DHCP LISP (VxLAN)
ALG RBAC QoS L2VPN
MACSec ISIS SNMPMPLS
(TE/RSVP/OAM/LDP)
Crypto BGP CDP LLDP
CGN/NPTv6 RIB ACL
ALG OSPF SSH
BRKARC-2001 33
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Customer calls Cisco
TAC, Service-Request (SR) created for the critical issue
Customer Finds an
Issue
For customer SR, Cisco
TAC requests SMU from BU
(if not available already)
TAC/SE Requests
SMU
Once Cisco BU approves SMU request,
SMU is created for the
bug/PSIRT
BU Approves
SMU
SMU made available for download on Cisco CCO
Customer
Downloads SMU
Network
Admin
Cisco
TAC
• SMUs are applicable for specific release(s)
• Subsequent rebuilds include these bug fixes & PSIRT’s
• SMU Request link - same as IOS XR/NxOShttp://pi-web.cisco.com/pims-home/cgi-bin/pims_nav.cgi?Option=SMU
2
How to request a SMU?
1 3 4
BRKARC-2001 34
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF RESTconf gRPC
IOS XE Software Innovation Programmable Interface “Stack”
Device Features
Interface BGP QoS ACL …
SNMP
YANG Data Model
Open Native Open Native
Physical and Virtual Network Infrastructure
Configuration Operational
Programmable
Interfaces
BRKARC-2001 35
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
NETCONF RESTconf gRPC
IOS XE Software Innovation Telemetry
Device Features
Interface BGP QoS ACL …
SNMP
YANG Data Model
Open Native Open Native
Physical and Virtual Network Infrastructure
Configuration Operational
BRKARC-2001 36
Publication Subscription
• Periodic or on change
• Structured data
• XML encoding
• Increased Scale
• Reduced CPU
Target
16.7
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
In Service Model Updates
Addresses Native Configuration Model gaps outside IOS-XE software release lifecycles
• Downloadable from CCO
• Hitless (model package) updates
Target
16.7
BRKARC-2001 37
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
IOS XE Software InnovationGuest Shell Application
• Maintain IOS-XE system integrity
• Isolated User Space
• Fault Isolation
• Resource Isolation
• On-box rapid prototyping
• Device-level API Integration
• Scripting (Python)
• Linux Commands
• Application Hosting
• Integrate into your Linux workflowNetwork OS
Guest Shell
Open Application Container
API
Linuxapplications
Target
16.7
BRKARC-2001 38
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
IOS XE Software InnovationUsing Python with IOS XE
• scripts executed locally on switch or router
• Ideal for:
• provisioning automation (ZTP/PNP)
• automating Embedded Event Manager responses
• application development
• IOT
• scripts executed externally from switch or router
• Ideal for:
• configuration management automation
• telemetry / operational data
• controller use cases including APIC-EM / Cisco Network PNP
IOS-XE DeviceIOS
Python
IOS-XE DeviceIOS
Python
SSH/NETCONF
“Off-Box” Python
External Python
Execution Environment
“On-Box” Python
BRKARC-2001 39
Target
16.7
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
IOS XE Software InnovationProvisioning Automation
Zero Touch
Provisioning
Cisco Network Plug
and Play
Image source Device Device
Interfaces Open / standards based “Turn-key” solution
Key Values Heterogeneous / multi-vendor
network environments
• Optimized for Cisco enterprise
networks
• Highly secure
• Scalable
ZTP Booting
Router
ZTP Booting
Switch
DHCP ZTP
Server PNP Booting
Router
PNP Booting
Switch
APIC-EM / Network
Plug and Play
Server
PNP Access
Point
BRKARC-2001 40
Target
16.7
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Resources on GitHub & DevNet• https://github.com/YangModels/yang/tree/master/vendor/cisco/xe • https://developer.cisco.com/site/odp/
BRKARC-2001 41
Applications & Solutions
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Validated ProfilesEnterprise Internet Edge Profile
Te
nG
ig3
Te
nG
ig4
ASR1013-2
switch2
Te
nG
ig4
Port-channelRG
ACT
RG
STDY
ISP1
LAN
VSS
Inet II
ISP3
IPv6ISP2• Routing: up to 5 full ISP peerings
• HQoS, ACL, FNF, CoPP
• Services:
• NAT: NAT44/NAT64, VRF Aware, VASI
• ZBFW
• ALG
• AVC
• Stateful Inter-chassis redundancy for NAT/FW
• Topology: LAN-WAN, LAN-LAN
• http://www.cisco.com/c/en/us/solutions/design-zone/cisco-validated-profiles.html
BRKARC-2001 43
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
WAN MACSec Applications
• MKA based keying (IEEE 802.1X-2010) – Pre-shared key
• 802.1x authentication with EAP-TLS
• SCEP enrollement and manual enrollment
• ID Certificate Rollover and CA Server Certificate Rollover
• Local Auth/Remote Auth
• Local and Radius Linksec Policies - Should Secure, Must Secure and Must-Not-Secure
• Replay protection, confidentiality Offset
• CAK Rekey and SAK Rekey
• Authen syslog and MKA-MACSEC Stats
• 802.1AE strong encryption
• 128/256 bits AES-GCM, NIST approved, line rate performance
• Vlan tag in clear option
• P2P, P2MP
• Port based E-LINE, E-LAN Service
• VLAN based E-LINE, E-LAN Service
• 32 peers on 10GE; 8 peers on GE
• Transporting SGT tag with WAN MACSec
DC1
DC2
Metro
E-LINE
Building 3
Metro
E-LAN
Main Building 1
Building 2 Building 4
Data Center Interconnect Connect large branch, regional aggregate site to DC
BRKARC-2001 44
16.6
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Segment RoutingSimplifying the Transport
• Source Routing: the source chooses a path and encodes it in the packet header as an ordered list of segment
• Segment: an identifier for any type of instructions: forwarding or service
• IGP only: no LDP, no RSVT-TE
• ECMP
• Interworking with LDP: ease of migration
• Topology independent 50msec FRR
• Support all existing VPN services
• Engineered for SDN
SR WAN
SR
IGP
VPN
VPN
pktvpn
16006
pktvpn
Node segment to T (16006)
TH
B C
N O
Adj
segm
ent
to N
BRKARC-2001 45
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
1. Information Distribution: IGP (OSPF or IS-IS) SR extensions used to flood bandwidth information between routers & SR SIDs, SRGB
2. CSPF does Path Calculation on headend only – uses IGP advertisements to compute SRTE “constrained” paths
3. Forwarding traffic: Static route, auto route announce,.etc.
Segment Routing Traffic Engineering
Single IGP Domain
pktvpn
1600616001 24005
16006
2400516001
Headend
IGP Topology +
TE link attributes
+ SR SID + SRGB
= TED
TED
IGP Domain 1
PCC
IGP Domain 2
TED
LSP DB
RR RR
BGP Link State
Export TED
1. BGP-LS specify sets of TLV’s that define three objects: Nodes, Links and IP Prefixes in new NLRI type, the BGP-LS attribute encodes the properties of the objects, such as Node-names, IGP metric, TE-metric…
2. Path Compute Element (PCE) compute the network path or route based on a network graph and applying computational constraints
3. Path Compute Client (PCC) initiates LSP and delegates path computation to PCE
PCE
HeadendTail Tail
BRKARC-2001 46
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
EVPN L3 DCI – WAN Solution’GOLF’ Design
Spines
Leafs
WANBRANCH
DC Edge
PE
PE
PE
PE
Connecting to DC Edge from Spines (directly connected or IPN)
Single MP-BGP session to carry routes for multiple tenants (VRFs)
VXLAN handoff to DC Edge
DC can be
1. Standalone N9k fabric – ASR1k as a border leaf
2. ACI Mode – ASR1k as a border leaf using OpFlex
DC Edge WAN facing side can be
1. Back to back VRF-Lite with L3 sub-interfaces/tunnels
2. MPLS VPN PE or ASBR (IAS option B)
WAN – MPLS VPN(GETVPN), DMVPN, IWAN2.x
MP-BGP
= VXLAN Encap
VRF Green VRF Orange VRF Purple
BRKARC-2001 47
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
SDA Border DeploymentData Center Connectivity With Internal Border – ACI Fabric
ACI Policy DomainSDA Fabric Policy Domain
Edge Border N9k N9k ServerUser
LISP,SGT & VXLANClassification
SDA Fabric
ISE & APIC Exchange Groups
and Member information
ISE creates SGT to EPG
translation table
IP-ClassId, VNI bindingsSend translation table to
ASR1K
Spine Leaf
Cisco ISE 2.2
Cisco APIC-DC
Security Groups
SGT
End Point Groups
EPG
BGP EVPN, EPG &VXLAN
IP, SGT mappings
B
BRKARC-2001 48
SGT ClassID VNI VRF
100 5001 B G
102 4096 B G
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Intelligent WAN (IWAN) Architecture
10.3.3.0/24 10.4.4.0/24 10.5.5.0/24
DMVPNMPLS
DMVPNINET
BR31 BR41
10.1.0.0/16 10.2.0.0/16
BR51 BR52
IWAN POP1 IWAN POP2DC1
DCIWAN Core
DC2
10.2.0.0/1610.0.0.0/8
10.1.0.0/1610.0.0.0/8
IWAN2.2
BR11 BR12 BR21 BR22
TransportIndependence
Simplified Hybrid WAN
Intelligent Path Control
Application Aware Routing
Application Optimization
Enhanced Application
Visibility and Performance
Secure Connectivity
Comprehensive
Threat Defense
Ma
na
gem
en
t Au
tom
atio
n
BRKARC-2001 49
Conclusion
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• ASR 1000 is the Swiss Army Knife to solve your tough network problems
• Reduce complexity in your network edge.
• ASR 1000 is well positioned for both Enterprise and Service Provider Architectures.
• ASR 1000 is fully embedded in the Cisco Digital Network Architecture
Summary and Key Takeaways
BRKARC-2001 51
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 gift card.
• Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.
Complete Your Online Session Evaluation
Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
• BRKCRS-3147 - Advanced troubleshooting of the ASR1K and ISR (IOS-XE) made easy
• BRKCRS-2700 - Evolution of the Enterprise Network: the Cisco Digital Network Architecture
• BRKCRS-2000 - Intelligent WAN (IWAN) Architecture
• BRKRST-2124 - Introduction to Segment Routing
BRKARC-2001 53
Thank you