Cisco Routing Portfolio Update

Speaker name

Speaker titleDate

Subtitle goes here

Presentation Title Goes Here

Cisco Tech Talks 2021

Cisco Routing Portfolio Update

Andrii Ovrashko

Systems Engineer

[email protected]

08 June 2021

WAN Challenges1

Agenda

Traditional WAN and SD-WAN2

WAN Upgrade Strategy3

Cisco SDWAN4

Cisco Catalyst 8000 series5

Headend. Branch. Cloud. Remote Worker.6

WAN Challenges1

Agenda

It’s a Multicloud World

WAN

Devices & Things

Campus & Branch UsersMobile Users

DC/Private Cloud

IaaSSaaS

Application Conversion (Container/Serverless apps)

Monolithic(3-Tier On-prem apps)

IaaS Migration(3-Tier Cloud apps)

Эволюция приложений

ServerlessOn Premise Data Center

PaaS

Новые подходы к дизайну приложений требуют пересмотра стратегии построения WAN сетей

Cloud

Native

Apps

Cloud

Optimized

Apps

Cloud

Ready

Apps

Existing

Apps and

Services

Traditional WAN to SD-WAN Shift

WAN Challenges

2

1

Agenda

Branch 1 Branch 2

Networking Needs to Evolve to Support Cloud Apps

Traditional Network Multi-Cloud Network

WAN

IPSec Tunnels

LB

Private DC

BGP +IPSEC Peering

SD-WAN Fabric Overlay

Branch 1 Branch 2

APP VPC 1

VGW

APP VNET 1

VGW

APP VPC 1

VGW

• Cloud Connectivity Automation

• M icro Segmentation

• Application Policies

• App Autoscaling

• VRF Routing

• Per VRF NAT

• IPsec/Firewall

• Lo ad Balancing

• N e tFlow

• Qo S

Cloud networking is different from traditional networking

Network as a Platform forReducing Cost and Complexity While Lowering Risk

Network

Transformation

for WAN

Uncompromised &

Secure Experience

Over Any

Connection

DNA

SD-WAN Market Growth

40.4% CAGR | $5.25B Market by 2023

95%

Of customers will deploy SD-WAN

within 2 years

Traditional WAN to SD-WAN Shift

WAN Challenges

2

1

Agenda


Уникальность предложения Cisco по обновлению аппаратной части WAN

• Cisco DMVPN (текущая сеть)

• Cisco SDWAN (перспективная)

• SDWAN-ready hardware

SDN технологии достигли зрелости

Совместимость с классическими подходами

Миграция

Стратегии обновления – ”SDN Ready”

End of PSIRT Support : Dec 2021

ISR G2 (2900/3900) Catalyst 8200/8300

SD-WAN | Voice Survivability | Interface Richness

Migration Path

End Of Support ISR G2

ISR 800 - Migration Path

New Platform with ✓ Higher Throughput✓ SD-WAN ✓ LTE Advanced✓ PoE Support✓ Security – UTD, Firewall,

Umbrella

New Platform with ✓ Increased Throughput✓ Consistent Packaging &

Feature support✓ No SD-WAN

ISR800

ISR1K

ISR900

Cisco 900 Series Integrated Services RoutersEnterprise-class connectivity and security for SMB’s

Advanced Connectivity

Ethernet ADSL and VDSLCAT4 LTE

Ease to Deploy and Manage

Application visibility & controlCisco DNA Center, CCP ExpressFixed, fanless, compact designCisco IOS

High Performance

WAN-WAN and LAN-WANUp to 250 Mbps VPN throughput

Integrated Security

High performance VPNFirewall

Dynamic load balancingTrustworthy Systems

ISR 921 ISR 931 ISR 926 ISR 927

WAN Ethernet 2 GE 2 GE 1 GE 1 GE

CAT 4 LTE Yes Yes Yes Yes

SFP No No No No

VDSL2/ADSL2/2+ No No Yes Yes

802.11ac Wave 2 Dual

RadioNo No No No

Managed Switch

Ports4 GE 4 GE 4 GE 4 GE

Voice No No No No

VLANs 50 50 50 50

Switching Capacity Line-rate Line-rate Line-rate Line-rate

Internal PoE Option No No No No

Cisco ISR 900 Series Overview

Feature ISR 1000 ISR 900

Software OS IOS XE Cisco IOS

SD-WAN support Yes No

Centralized management

vManageCisco DNA Center

Cisco DNA Center

Security stack SD-WAN Security Firewall, VPN

Cisco Umbrella Yes No

VPN throughput Up to 350 Mbps Up to 250 Mbps

DSL G.FAST, 35b, VADSL, G.SHDSL VADSL

LTE CAT6, CAT4 CAT4 (Single SIM)

Wifi 802.11AC Wave 2, Mobility Express No

Switch ports Up to 8 4

PoE/PoE+ Up to 4 POE or 2 POE+ No

ISR 900 vs ISR 1000

Branch Needs Benefits ISR 800 ISR 1000 Features

Cisco SD-WANBetter user experience, greater agility, advanced

threat protectionNo Yes

Transport independence, App

QoE, cloud management

Security Right security, right place. Simplified. No YesApplication Firewall, IPS, URL-

filtering and Cisco Umbrella

Connectivity & Scale w/HighPerformance

Up to 10 times performance increaseUp to 100

Mbps

Up to 480

MbpsThroughput

Minimal performance impact as network services are

added and throughput increasesNo Yes

Separate data and control

planes

Faster connectivity with LTE Advanced No Yes Next-gen WAN

Programmable operating system No Yes Cisco IOS® XE

Faster wireless access with 802.11acWave 2 No Yes Wireless

Costs & Business Agility

Ability to buy what you need today and upgrade

anytime with no equipment upgradesNo Yes Pay-as-you-grow

Trustworthy Solutions

Assurance and peace of mind with hardware and

operating system integrityNo Yes

• Secure Boot

• Runtime Defenses• Trust Anchor Module

ISR 1000 vs ISR 800Upgrade from ISR 800 to ISR 1000

Trustworthy Systems

Boot integrity visibilityAttacker compromises the very code that is supposed to protect against compromised code

Secure storageAttacker steals device - uses forensic techniques to read secrets & credentials from non-volatile RAM

Simplified factory resetResets all writable file systems, licenses, ROMMON variables, User credentials etc.

Secure guest shellPrevents Open Container hosted applications and their users from manipulating underlying Linux system on ISR 1000

Trustworthy Systems

Trustworthy Systems

Management Plane Protections

Recovery Mechanisms

Secure Storage

Secure Boot

Run Time Defenses

Integrity Verification

Attack Surface Reduction

Authentication

Strong Crypto

Audits & Logging

Signed Images

Modified OS Binaries

In-Memory Modifications

ROMMON changes

Infection Method

Trustworthy Systems

ISR 1000 Portfolio

C1161X-8P * C112xX-8P * C1111X-8P * C111x-8P C1101-4P C1109-4P C1109-2P

Crypto 480 Mbps 350 Mbps 250 Mbps 200 Mbps

Cisco

SD-WAN Yes

SD-WAN

SecurityYes* No

LTECAT18/CAT6/C

AT4

CAT18/CAT6/C

AT4No CAT6

CAT18/CAT6/C

AT4

CAT18/CAT6/C

AT4CAT4

WifiNo Yes No Yes No

DSL No Yes No Yes No

PoE Yes No

* 4GB DRAM/FLASH variants available – Supports only Ent. FW App aware, DNS/web-layer security on SD-WAN

Status and physical security• Status LED• Power button• Reset button• Power connector

DRAM/FLASH **8GB/8GB

External PSU

SD-WAN Ready

* 4 Port (2 PoE or 1 PoE+) variants available** 4GB versions available in C1161 models

C1161X-8PLTEP

LTE Technology • CAT 4/6/18 Pluggable

Management Interface• USB 3.0, Type A• Micro-USB• LTE Debug Port, Micro-USB

Data Interfaces• 4 PoE or 2 PoE+ Capable*

Ethernet LAN• RJ45/SFP GE WAN

Status and physical security• Status LED• Power button• Reset button• Power connector

DRAM/FLASH **8GB/8GB

External PSU

SD-WAN Ready

* 4 Port (2 PoE or 1 PoE+) variants available ** 4GB versions available in C1121 models

C1121X-8PLTEPWx

• CAT 4/6/18 Pluggable LTE Technology

Management Interface• USB 3.0, Type A• Micro-USB• LTE Debug Port, Micro-USB

Data Interfaces• 4 PoE or 2 PoE+ Capable*

Ethernet LAN• RJ45/SFP GE WAN

802.11ac Wave2

WAN Challenges1

Agenda



Cisco SDWAN4

Cisco Software Defined WAN Architecture

APIs

Внешняя интеграция

vManage

4GMPLS

INET

ЦОД CoLo Кампус ФилиалОблако

WAN Edge

• Программируемость

• Распространение политик

• Простота и высокая масштабируемость

Управление

Передача данных

• Аппаратные или виртуализированные

• Zero Touch Provisioning

• Частное или публичное облако

vAnalytics• Единый интерфейс

• Мониторинг и поиск неисправностей

• RBAC и API

Оркестрация и настройка Аналитика

• Машинное обучение

• Производительность

• Прогнозирование

vSmart

MultiCloudOnRamp

ApplicationQoE

Security(+Cloud)

Представляем Cloud-Scale SD-WANУникальные инновации

Circuit Load Balancing

Direct Internet Access

Centralized Management & Orchestration

Circuit Cost Savings

Basic SD-WAN*

Cisco SD-WAN Extended Capabilities

Multi-Domain

Circuit Load Balancing

Direct Internet Access

Centralized Management & Orchestration

Circuit Cost Savings

Summary of Basic SD-WAN

Capabilities*

Multi-Cloud Optimization

Multi-Domain IBN Network

*Gartner Critical Capabilities for WAN Edge Infrastructure, December 2019

SaaSOptimizatio

n

IaaSOnboardin

g

SD-WAN Fabric

App Aware Dynamic Routing

VoicevAnalytics

Cloud / OnPrem Security

Multi-layered Security

Secure Segmentation

Any Transport

Any Service

Any Deployment

Any Location

Multi-Layer

Security

Branch Colocation Cloud

On-premise | Cloud | Multi-tenant

Automation | Network Insights | Machine Learning | AI

Open | Programmable | Scalable

Powered by secure cloud scale SD-WANCisco’s flexible architecture for Intent-based Networking

Management

& Analytics

Multi-Domain

IBN Policy Analytics

Multicloud

Optimization Voice

Internet 5G/LTEMPLSSatellite

Remote Work

SDCI*

* Software Defined Cloud Interconnect

Multicloud Partners: SD-WAN Beyond the Branch

Easy network extension to Amazon AWS using virtual

instances of on-prem devices

Native integration of SD-WAN end points into AWS Transit

Gateway (TGW) Network

Equinix

Office 365 path selection and optimization improves the end

user experience

Centralized management, automated configuration and policy changes with Azure

Microsoft

Ease of management with the ability to extend Cisco SD-WAN fabric into colocation

Establish direct and secure, private interconnection

between branch and public clouds

Amazon

These Partnerships Will Help Accelerate Enterprise Cloud Strategy

Google

Industry’s first application-centric multicloud networking

fabric

Exchange service-level agreement settings, security policy, and compliance data, between SD-WAN and GCP

Cisco SD-WANSecurity

Enterprise FirewallLayer 3 to 7 apps classified

Intrusion Protection SystemMost widely deployed IPS engine in the world

URL-FilteringWeb reputation score using 82+ web categories

Secure Internet GatewayDNS Security/Cloud FW with Cisco Umbrella

Cisco SD-WAN SecurityConsistent across on-prem and cloud

Adv. Malware ProtectionWith File Reputation and Sandboxing (TG)

SSL ProxyDetect Threats in Encrypted Traffic

Портфолио SDWAN-ready маршрутизаторовCisco

Офис Агрегация

ASR 1000

CSR 1000VISR 4000ISR 1000

CSP 5000ENCS 5400

Виртуализация

Облако

vEdge 2000 vEdge 2000vEdge 5000ISR 1100-4G/6G/LTE

SD-WAN(Viptela OS)

vEdge Cloud

SD-WAN +

Services(IOS XE)

Catalyst 8200 Catalyst 8500 Catalyst 8000V

Cloud EdgeSRIOV

Hypervisor/Cloud

Catalyst 8000V

Catalyst 8300

WAN Challenges1

Agenda



Cisco SDWAN4


Introducing

Catalyst 8000 Edge Platforms Family

Cisco Catalyst 8000 Edge Platforms Family

Built on Cisco’s Innovative Hardware & Open IOS-XE

Catalyst 8500

Catalyst 8300

User Centric Design

Headend QFP

Bra

nch

x86

Clo

ud

VNFCatalyst 8000V

SRIOVHypervisor/Cloud

x86

Catalyst 8200

ISR4k

ASR1k

CSR1kv

Catalyst 8000Human centric design powered by machine centric intelligence

Open andExtensible Cisco IOS XE

Model-driven APIsStreaming telemetry

Scalable on-chip services at Aggregation

Custom ASIC enabled Scale

x86 multicore CPU

Secure containersApplication hosting

x86

IOS XE ‘Autonomous’

mode

Easy operations with single Image & simplifiedlLicensing

IOS XE SD-WAN

‘Controller’mode

Perpetual

Network Stack

Term based

DNA Stack

IOS XE

IMAGE

IOS XE

SD-WAN

IMAGE

Single Image

Cisco DNA Premier

Cisco DNA Advantage

Cisco DNA Essentials

Network AdvantageNetwork EssentialsCatalyst 8300 only

Network Essentials Perpetual

Network Advantage (Inclusive of Essentials)

Perpetual

Routing Essentials: Routing Protocols, Vrf-lite, Multicast, NAT

Security: MACSEC-128, VPNs, ZBFW, PKI, ACLs, Umbrella Connector, Snort IPS

Application Experience: HQOS, PfR, PBR, AVC, NBAR, IPSLA, FnF

Unified Communication: Cube Connector

Router Management: TACACS+, NETCONF, AAA, DNS, DHCP

Overlay Technologies: MPLS, VPLS, LISP, VXLAN, OTV, EVC, OAM

Security: MACSEC-256, ALG for ZBFW, VASI

Cisco Innovation: SMU Patching, SGTs, ETA, ISSU, mDNS Bonjour, EPC

Unified Communication: SRST, Support for Voice Modules

WAN Optimization: Cisco WAAS RTU*

With DNA Essentials With DNA Advantage and DNA Premier

IOS

XE

*Available on UCS-E on C8300

Cisco Catalyst 8000 Edge Platforms LicensingNetwork Stack Capabilities

SD-WAN

SD-WAN Hub, Branch and Cloud

100G, 40G, 10G Connectivity

High SD-WAN Performance

High SD-WAN Scale

1RU form factor

10G WAN, LTE/5G, DSL, PoE

SASE, Cloud on-ramp

On-prem security stack

UC/Voice Integration

Up to 30 Gbps SD-WAN AggregationUp to 5 Gbps SD-WAN Branch

Hypervisor / Cloud

Vi rtual Switch / SRIOV

C 8Kv

Catalyst 8300/8200/C8200L Catalyst 8500/8500L

Catalyst 8000V

Cisco Catalyst 8000 Edge Platforms FamilyThe Leading SD-WAN Edge Platforms with Rich Services

C8300-1N1S-6T (2Gbps)

C8300-2N2S-6T (2Gbps)

C8300-1N1S-4T2X (4Gbps)

C8300-2N2S-4T2X (6Gbps)

C8500-12X (22Gbps)

C8500-12XQC (30Gbps)

Scalable Architecture with x86 and QFP

Pe

rfo

rmance

and

Ric

h S

erv

ice

s

C8500L-8S4X (8Gbp)

C8200-1N1S-4T (1Gbps)

C8200-uCPE-1N8 (500Mbps)

Number in () is SD-WAN IPsec throughput with IMIX

100+Mbps

1+ Gbps

10+ Gbps

Там ничего нет☺

Там ISR1k

Там модульные

ASR1k

Cisco Catalyst 8000 Edge Platforms DNA LicensingDetail

Cisco DNA Essentials

Cisco DNA Advantage

Cisco DNA Premier

Connectivity/Mgmt

• Cloud or On-Prem Management

• Flexible Topology

• Hub and Spoke

• Full Mesh/Partial Mesh

• App and SLA based policy

• Dynamic Routing (BGP, OSPF)

• VNF Lifecycle Management

Security

• Enterprise Firewall with Talos-powered IPS and application controls

• Cisco Umbrella DNS Monitoring (visibility only)

SD-WAN Services

• Basic Path optimization withFEC and Packet Duplication

• TCP Optimization

Cloud/Analytics

• Cloud OnRamp for IaaS and SaaS

• Automated Service Stitching

• Encrypted Traffic Analytics

• vAnalytics

Security

• Segmentation (Unlimited VPNs)

• Cisco AMP and SSL proxy

• URL filtering

• Cisco Umbrella app discovery

X-domain Innovations

• Integrated Border for Campus (SD-Access)

• Integration with ACI for Application SLA

Services

• Web Caching, DRE (incl. SSL proxy)

• Voice Module and SRST Integration

• Multicast

Security

Cisco Umbrella SIG Essentials

Transactional

• Tier 0: 25 Licenses




Enterprise Agreement

• Tier 0: Not Available in Premier




• Additional Cisco Umbrella SIG Essentials licenses can be purchased separately.

Cisco Threat Grid

• Provides entitlement for 200 files per day per customer account

• Files sent to Threat Grid cloud for sandboxing. On-premises Threat Grid not available in Premier

• Global entitlement across all customer sites

• Additional Cisco Threat Grid licenses can be purchased separately.

Cisco DNA Essentials Cisco DNA Essentials

Cisco DNA Advantage

WAN Challenges1

Agenda



Cisco SDWAN4


Headend. Branch. Cloud. Remote Worker.6

Headend

SD-WAN Headend PlatformsHighly Capable WAN Aggregation

C8500L-8S4X

SD-WAN IPsec: up to 6.6 GbpsMax. 4x 10GE / 12x 1GE

C8500-12X4QC

SD-WAN IPsec: up to 33 GbpsMax. 2x 100GE / 4x 40GE /12x 10GE

C8500-12X

SD-WAN IPsec: up to 22 GbpsMax. 12x 10GE

All Throughput numbers are Aggregate IMIX (352B average) values

ASR1006-X

SD-WAN IPsec: up to 50 GbpsMax. 4x 100GE / 8x 40GE / 40x 10GE

Pe

rfo

rmance

FIXED MODULAR

Third Generation QFP ASIC Innovation

Scalable & Programmable ASIC – Adapts to the New Technologies

2x queues256k

Up to 3x CEFUp to 200Gbps

Inline CryptoUp to 137Gbps

Up to 2x NBARUp to 80Gbps

8x DRAM32M CGN | 6M FW Sessions

Integrated L2 MAC

Compact, Powerful100/40/10/1 GE

Enhanced QoS/BufferingIngress classification, oversubscription

SecurityWAN MACsec

QFP

Catalyst 8500 Series Edge Platforms

12 SFP+10G, 1G‘X’

Up to 200 Gbps CEF, High Performance IPsec

3rd Generation QFP, Hardware Accelerated Services

User Centric Design, RFID, Label Tray, FRUs

2 QSFP28, 2 QSFP12 SFP+

100G, 40G‘C’ ‘Q’

C8500-12X

C8500-12X4QC

ASR1002-HX vs C8500-12X4QC Product Comparison

QFP 3.0, 224 Cores, Inbuilt Crypto & L2

16GB to 64GB upgradable DRAM

32GB DP Memory, 256K Queues

16M NAT/PAT, 32M CGN Sessions

QFP 2.0, 124 Cores, extra Crypto HW

Ports: 8x 1G, 8x 10G, One EPA Slot



Up to 100Gbps CEF, 25Gbps Crypto

Up to 18Gbps SD-WAN, 6000 tunnels



Ports: 12x 1/10G, 2x 40/100G, 2x 40G


All perf numbers are aggregate IMIX throughput

ASR1001-HX vs C8500-12XProduct Comparison

QFP 3.0, 224 Cores, Inbuilt Crypto & L2




QFP 2.0, 124 Cores, extra. Crypto HW

Ports: 8x 1G, 4x 10G, 4x 1/10G




Up to 11.5Gbps SD-WAN, 6000 tunnels



Ports: 12x 1/10G



Catalyst 8500L Series Edge Platforms

Up to 20 Gbps CEF, High Performance IPSec

Advanced Flow BasedForwarding Algorithms

User Centric Design, RFID, Label Tray, FRUs

8 SFP, 4 SFP+1G, 10G‘S’ ‘X’

C8500L-8S4X

ASR1001-X vs C8500L-8S4XProduct Comparison

x86, 12 Cores, Flow Based Architecture


Max 4GB DP Memory, 16K Queues

2M NAT/PAT, 17 Gbps NAT perf

QFP 2.0, 31 Cores

Ports: 6x 1G, 2x 10G


2M NAT/PAT, 15 Gbps NAT perf

Up to 20Gbps CEF, 5.5Gbps Crypto

Up to 4.5 Gbps SD-WAN, 6000 tunnels


Up to 8.5Gbps SD-WAN, 8000 tunnels

Ports: 8x 1G, 4x 1/10G



Branch

Cisco Branch Routing Portfolio

• Up to 250 Mbps

• Fixed and fanless

• Cisco IOS based

• High performance VPN

ISR 900

ISR 1000

• Up to 350 Mbps

• Cisco SD-WAN

• Integrated wired and wireless access

• Cisco SD-WAN Security

• 802.11AC WiFi

ISR 4000

• Up to 3 Gbps

• WAN and voice module flexibility

• Cisco SD-WAN

• Compute with UCS E-Series


Catalyst 8300

• Up to 10 Gbps

• DNA Only

• WAN and voice module flexibility

• Cisco SD-WAN

• Compute with UCS E-Series


FIXED

SDWAN ready

MODULAR

Non-SDWAN

Catalyst 8200

Cisco Catalyst 8300/8200 Series Edge Platforms Multi Gig SD-WAN branch with Accelerated Services – All in One!

5x Data plane Performance

4x Services Performance

Gigabit+ Cellular, 5G Ready

SD-WANVoice Integration

High Speed Cloud Access With 10/1G Ports

Hardware Accelerated Services

SoC Architecture forDynamic Core allocations

x86

Up to 6000 SD-WAN IPsec Tunnels

User Centric Design (RFID, QR label, FRUs)

M.2 USB/ NVMe Storage

UADP-based switch modules/10G WAN module

4 RJ452 SFP+

4 RJ452 SFP

C8300-2N2S-4T2X (12C)

C8300-2N2S-6T (8C)

C8300-1N1S-4T2X (8C)

C8300-1N1S-6T (8C)

Cisco Catalyst 8300 Series Edge PlatformsIntroducing 10G in Access with higher port density

10G WAN Ports ‘X’& 5G IPsec

1G WAN Ports ‘T’& 2G IPsec

Higher-efficiency AC and DC power supplies

ISR 4451 vs C8300-2N2SProduct Comparison

X86 SoC, 12C/8C Cores, HW Crypto

Ports/Slots:4P+2xGE/TE, 2NIM/2SM/1PIM

900Mbps IPS/IDS + URL-Filtering


Split CP/DP, 4C+6C



Up to 3.8Gbps CEF, 2Gbps Crypto

Up to 1.4Gbps SD-WAN IPsec

Up to 4000 IPsec Tunnels

Up to 5Gbps SD-WAN IPsec



Ports/Slots: 4P , 2NIM/2SM

All perf numbers are aggregate throughput

ISR 4431 vs C8300-1N1SProduct Comparison


X86 SoC, 8C Cores, HW Crypto

Ports/Slots:4P+2xGE/TE, 1NIM/1SM/1PIM


Up to 12Gbps CEF, 5 Gbps Crypto

Split CP/DP, 4C+6C



Up to 3.8Gbps CEF, 1Gbps Crypto

Up to 750Mbps SD-WAN IPsec


Up to 4.7Gbps SD-WAN IPsec




ISR 4321 vs C8200L-1N-4TProduct Comparison

X86 SoC, 4 Cores, Intel QAT Crypto

Ports/Slots: 4P, 1NIM/1PIM

Up to 3 Gbps CEF, 500 Mbps Crypto

X86 SoC, 4 Cores


Up to 1.8 Gbps CEF, 300 Mbps Crypto

Up to 240 Mbps SD-WAN IPsec

Up to 250 SD-WAN Tunnels


Up to 1500 SD-WAN Tunnels


Ports/Slots: 2P, 2NIM


Cisco Catalyst 8200 Series Edge PlatformsOptimized for Multicloud SD-WAN branch

5G Ready

5G Integrated Module5G External Gateway

Integrated Rich Services

Voice Survivability, Forward Error Correction& Packet Duplication, TCP Optimization

Scale

Up to 2x IPsec and IP CEF PerformanceCore Availability for 2x Services Performance

Multi-layer Security

SSL AccelerationApplication Firewall

IPS/IDS, URL FilteringAMP, Threat Grid

Umbrella SIG

2 RJ452 SFP

C8200-1N-4T1G WAN Ports ‘T’

& 1G IPsec

Manageability

vManage DNA Center

Open APIs Analytics

ISR 4331 vs C8200-1N-4TProduct Comparison


X86 SoC, 8C Cores, HW Crypto

Ports/Slots:4P , 1NIM/1PIM

Up to 3.8 Gbps CEF, 1 Gbps Crypto

X86 SoC, 8 Cores


Up to 1.8 Gbps CEF, 0.57 Gbps Crypto


1500 Up to IPsec Tunnels

Up to 1 Gbps SD-WAN IPsec




Cisco Catalyst 8200L-1N-4THigh Throughput SASE Compliant Secure Cloud

Connectivity Manageability

vManage DNA Center

Open APIs Analytics

Higher WAN Port

density

Default 4G DRAM

PIMSupport

Less than 12” depth

5G ReadyYES

Modularity

SASE Compliance

Cloud based Security for the small branch

Integrated Rich Services

Voice Survivability, Forward Error Correction& Packet Duplication, TCP Optimization

Scale

Up to 2x IPSec and CEF Performance*Up to 1500 SDWAN tunnels

SASE Compliant Security

High Throughput IPsecTrustworthy Solutions

Umbrella SIG

* Compared to ISR4321/Boost license

Unified Communication OfferingsVoice Routers Network Modules

Analog Voice Gateways UC Software and Call Control

CUBE

• Catalyst 8300, 8200 & ISR 4000 UC router for TDM and IP Voice support• ASR 1000, ISR 1000 support UC IP services.• CSR1000v/CSR 8000v for virtual UC IP services

• NIM modules for Digital and Analog connections• SM modules for high density PVDM, FXS ports, NIM

adaptors• 4 th Gen Packet Voice DSP card (PVDM4) & NIM-

DSP for IP and TDM services

• Communications Manager Express (CME) for Call control• Unified messaging with Cisco Unity Express(CUE)• Cisco Unified Border Element (CUBE) SBC for SIP calls• Survivable Remote Site Telephony (SRST) for backup• Secure voice Calling

PVDM4

CME/SRST CUBE

ISR 4000

ASR 1000

ISR 1000

SM/NIM

VG Series

• Supports traditional devices (analog phones, fax machines, paging solution)• Fixed port analog voice gateway (VG202XM, VG204XM, VG400)• Low to ultra high-density gateways (VG310,VG320,VG450)

Catalyst 8300

NIM-PVDM

Catalyst 8200

Modular Branch UC Design Catalyst 8300/8200 & ISR 4000

VVVV

FX

S N

IM

FXO NIM

T1/E1 NIM

PSTN

ITSP

Gig

TDM circuit

FXO Line

Analog Phone

CUCM

IP Phone

BR

I NIM

PBX

E&M NIM

Firewall

SIP/MGCP/SCCP

Analog Fax

IP Phone

Call Control: CME /CUCM/SRST

Analog connection: FXS/FXO/E&M/BRI

TDM Connection:T1/E1 PRI

IP-IP Connection:CUBE (SIP)

BRI

O

O DSP On-board

DSP Module

P V DM4

P V DM4

P V DM4

O O

O

Gig Interface

17.2.1 Single Image & Voice

Firewall

CUBE

CUBE

Gig

Cisco Webex Calling

Webex C

alling LG

W

CUBE

Gig Webex E

dge A

udio

CME not supported on Catalyst 8300/8200

SD-WAN Voice

Analog Voice

DSP Modules

T1/E1 Voice Modules Analog Voice Modules

SRST

4 RJ45 & 2 SFP

Digital Voice

CUBE SBC

C-SM-NIM-ADPT

4 RJ45 & 2 SFP

4 RJ45 (1G) & 2 SFP+ 4 RJ45 (1G) & 2 SFP+

C8300-2N2S-6T C8300-1N1S-6T

C8300-2N2S-4T2X C8300-1N1S-4T2X

1G

10G

Unified Communication on Cisco Catalyst 8300

NIM-PVDM

New Modules

UC Coverage

CME ( Roadmap)

SD-WAN Voice

Analog Voice

DSP Modules

T1/E1 Voice Modules Analog Voice Modules

SRST

Digital Voice

CUBE SBC

Unified Communication on Cisco Catalyst 8200

NIM-PVDM

New Modules

UC Coverage

CME ( Roadmap)

2 RJ45 & 2 SFP

C8200-1N-4T

1G

No SM-X Slot

T1/E1 Port Density

T1/E1 Feature

Catalyst 8300/820

0ISR4000 VG450**

Port Density

1-48 1-48 1-24

Note:

Each T1/E1 NIM module has its own clock synch circuitry allowing source clocking from incoming T1/E1 signal

8

24 24

40*

10

40

20

30

40*

48*

*With SM to NIM adapter card

VG

45

0

44

61

44

51

44

31

43

51

43

31

43

21

**With C-SM-NIM-ADPT carrier card

No SM-X-NIM-ADPTR support

24

C8

30

0-1

N1S

-4T2

X

C8300

-1N

1S

-6

T

C8

30

0-2

N2

S-4

T2

X

C8

30

0-2

N2

S-6

T

48** 48**

24** 24**

C8200

-1N

-4T

8

ISR

110

0 ISR

43

51

ISR

44

31

ISR

44

51

CS

R 1

00

0v

AS

R 1

00

1-X

AS

R 1

00

2-X

AS

R 1

00

4

AS

R 1

00

6

500

2000

3000

6000 6000

12000

14000

16000 16000

50

500

3000

6000

12000

14000

16000

7070

55

50

3040

15

13

5

CPS

Requires DRAM upgrade for max sessions

Maximum sustainable calls per second

CUBE Session Capacity By Platform

ISR

44

61

10000

55

10000

10000

55

C8

30

0-2

N2

S-4

T2

X

Based on unencrypted RTP(G711)-RTP(G711) calls

45

C8

30

0-1

N1

S-4

T2

X

8000

C8

30

0-2

N2

S-6

T

7500

42

C8

30

0-1

N1

S-6

T

7000

40

ISR

80

0

2

50

ISR

432

1

500

4

ISR

43

31

10

10001000

2000C

82

00

-1N

-4

T

2500

14

ISR

88

0

ISR

432

1

ISR

43

31

ISR

43

51

ISR

44

31

ISR

44

51

ISR

44

61

5

50

100

700

1200

2000 2000

50

100

700

1200

2000

Requires DRAM upgrade for max sessions

SRST IP Phone Capacity By Platform

Max number of SCCP or SIP phones is same

5

2500 2500 2500 2500

C8

30

0-1

N1

S-4

T2

X

C8

30

0-1

N1

S-6T

C8

30

0-2

N2

S-4

T2

X

C8

30

0-2

N2

S-6

T

2500

C8

20

0-1

N-4T

• Mandatory DNA Subscription based Licenses.

• DNA Essentials enables CUBE support as add-on license.

• DNA Advantage for advanced UC support:

• Voice Modules

• SRST (add-on)

Licensing Model – Catalyst 8300 / 8200

Catalyst 8300/8200 Series Edge Platforms Ordering Guide

https://www.cisco.com/c/en/us/products/collateral/routers/catalyst-8300-series-edge-platforms/guide-c07-744100.html?oid=gidetr02316

Enterprise Routing UC Key Benefits

PSTN & PBX Termination

FXO,BRI, T1/E1 & SIP based PSTN connection

SIP Trunk to IP PBX such as CUCM (as CUBE)

Call Control

Distributed call control & processing

Unified Messaging(CUE, Unity Connection)

Easy Maintenance and Troubleshooting

Legacy Solution Support

Plain old telephony support covering FXS/FXO/E&M

connections

Interoperability with legacy PBX, Fax and paging

solution

Supplementary services

Enterprise Features

Survivable Remote Site Telephony, IOS based conferencing ,media

termination, audio recording

Bandwidth saving via IOS transcoding

911 Emergency Calling

Cloud

Cisco Catalyst 8000V Edge SoftwareEnterprise-class Networking and Security with Flexibility of a x86 Based VNF

Highlights Manageability

17.4.1


Catalyst 8000V

Up to 10 Gbps IPsec

in cloud

ENCS NIM support

TGW and vWAN

integrationDPDK IO

SD-WAN in AWS, Azure,

and GCP

vManage DNA Center*

Open APIs Analytics

Cloud Integration

Extends connectivity, visibility, security into public and private cloudsAuto-scaling capabilityIntegration with Azure vWAN and AWS TGWSupports wide variety of cloud instances

Multiservices Support

Feature-rich IOS XE and XE SD-WAN software Supported features such as NAT, Firewall, NBAR QoS, etc.Runs on any x86 VM platform

Performance Elasticity

CPU Hypervisors: 1 – 8 vCPUCloud Providers: 1- 16 vCPUs

Memory Scale: 4 – 16Gb

Multi-layer Security

Secure object storageHigh Throughput IPsec

IPS/IDS, URL Filtering, AMP/TG


Catalyst 8000V

*Roadmap

Virtual Router Convergence

Virtual Router Unified

IOS-XE

‘Autonomous’

Mode

IOS-XE SD-WAN

‘Controller’mode

// 3rd

Party

Network Consistency

ISRvIOS XE

CSR 1000VIOS XE

ISRvXE SD-WAN

CSR 1000VXE SD-WAN

vEdgeCloudViptela OS

17.1.x and earlier 17.4.117.2/17.3


ISRv on ENCSUnified

CSR 1000VUnified


VNF Convergence Approach

Catalyst 8000VUnified

Catalyst 8000V continues to build on CSR 1000V


Catalyst 8000V

Catalyst 8000V

Secure Object Store

ENCS NIM Support

SD-WAN on Google Cloud

Azure Virtual WAN Integration

Licensing

CSR 1000V

DNA Licensing Classic + DNA licensing

up to25G**Expected throughput, actual performance number is subject to change, will be published at FCS

SD-WAN vHub

up to10G*

Public Cloud ApplicationsAWS Transit VPC, Azure Transit VNET

Active Tunnel

Standby Tunnel

Transit VPC

Spoke VPC

C8Kv1 C8Kv2

Amazon DXOR Internet

Private DC Spoke

VPCA B

VPC VPCC

VPC

Transit HUB VNET

Spoke VNET

C8Kv1 C8Kv2

Express RouteOR Internet

Private DC Spoke

VNETA B C

VNET

VNET VNET

V M V M V M

Dynamic VPN Overlay

AZ1 AZ2

Cisco Catalyst 8000 Edge Platforms FamilyHigh Performance SD-WAN Headend, Intelligent Branch and Agile Cloud Edge

1st 100/40GE Port 1RU SD-WAN

Platform

3rd Gen QFP, HW Accelerated

ServicesHigh Performance

Automation & Telemetry

Cloud Security and on-prem Security

10GE WAN, Rich connectivity

Ready for the Agile Cloud Journey• High Speed Cloud Access

• Multi-Cloud Application Optimization

• Compact, Powerful 1RU/2RU

Ready for 5G, Edge Compute• QFP and x86 higher performance

• SASE driven Feature Innovations• Full-stack on-premise security

Ready for Edge Intelligence• Headend 100/40/10/1GE Port

flexibility• Branch for 10/1G WAN, LTE, DSL,

PoE+

Equipped with User Centric Design• Operational Ease for better Tracing

• Passive Radio Frequency ID• Easy Access Label Tray

• Field Upgradable Options

Q FP

H ypervisor / C loud

Virtual Switch / SRIOV

C8Kv

Remote Worker

Remote Worker

Cisco 1101 Integrated Service Router

Cisco 1121X Integrated Service Router

Licensing

Lan ports 4 8

Remote workersupport for L2/3 routing

(incl IPv6), essential security, basic S-DWAN

& AppQoE

Wan ports x1 X2 (1GE/SFP)

LTE support Pluggable Cat 6 Pluggable Cat 6 & Cat 18

Wi-Fi support 802.11ac Wave 2

PoE (PoE+) ports 0 4 (2)

IPSec performance

300Mbps 400Mbps

Essential security Application aware firewall

Advanced security

No ISSL Proxy, URL-filtering, AMPRemote worker

advanced support for COR,

vAnalytics, advanced on-prem Security

vAnalytics Yes

Cloud OnRamp Yes

Umbrella Yes Umbrella SIG essential

Category 6 Pluggable LTE Module

Dying Gasp

Multiple PDN

Auto SIM

GPS

PMIPv6

Carrier Aggregation

Dual SIM Slots

LTE Antenna Connector

GPS Antenna

LTE Antenna Connector

Micro-USB Debug

Category 18 Pluggable LTE Module

Dying Gasp

4 x 4 MIMO

Auto SIM

1.2 Gbps downlink

CBRS Band 46,48,66,71

Carrier Aggregation

Main Antenna

Diversity Antenna

Micro-USB Debug

Diversity Antenna

Main Antenna

Category 4 USB Dongle

Supported on ISR 1000 Series

only

Single Micro SIM

75/50 Mbps

CAT 4 LTE

M odem Types Region Bands

D-LTE-GB Global Bands 1,3,7,8,20,28

D-LTE-AS ASEAN Bands 1,3,5,8,40,41

D-LTE-NA North America Bands 2,4,5,12,13,14,17

LTE Antenna

ISR1000 Platforms Supported with LTE Dongle

C1101-4PC1121-4P

C1121-8PC1121X-8P

C1161-8P

C1161X-8P

C1101-4PLTEPC1121-4PLTEP

C1121-8PLTEPC1121X-8PLTEP

C1127-8PLTEP

C1127X-8PLTEPC1126-8PLTEP

C1126X-8PLTEPC1127-8PMLTEP

C1127X-8PMLTEPC1128-8PLTEP

C1161-8PLTEP

C1161X-8PLTEP

C1101-4PLTEPWX*X* = A,B,D,E,F,H,N,Q,R,Z

C1121-8PLTEPWX**X** = E,B,Z,Q

C1121X-8PLTEPWY*Y* = E,B,Z,A

Documents

Cisco Routing Portfolio Update