ASR1000 System and Solution Architecture

ASR1000 System and Solution Architecture
BRKARC-2001
Steven Wood, Senior Manager – Technical Marketing

Session Abstract
Many Service Provider and Enterprise customers are looking to converge their network edge architectures. On the Service Provider
side, firewall, security or deep-packet inspection functionality is being integrated into Provider Edge or BNG systems. Similarly, on the
Enterprise side multiple functionalities are activated in a converged WAN edge router, thus yielding operational savings and
efficiencies. The Cisco ASR 1000 takes this convergence to the next level. Based on the Cisco Quantum Flow Processor, the ASR
1000 enables the integration of voice, firewall, security or deep packet inspection services in a single system, with exceptional
performance and high-availability support. The processing power of the Quantum Flow Processor allows this integration without the
need for additional service modules. This technical seminar describes the system architecture of the ASR 1000. The different
hardware modules (route processor, forwarding processor, interface cards) and Cisco IOS XE software modules are described in
detail. Examples of how different packets flows traverse and ASR 1000 illustrate how the hard and software modules work in
conjunction. The session also discusses the expected performance characteristics in converged service deployments. Particular
attention is also given to sample use cases on how the ASR 1000 can be deployed in different Service Provider and Enterprise
architectures in a converged services role. The session is targeted for network engineers and network architects who seek to gain an
in-depth understanding of the ASR 1000 system architecture for operational or design purposes. Attendees from both the Service
Provider as well as Enterprise market segments are welcome.
BRKARC-2001 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Glossary
AAA Authentication, authorization and Accounting DSLAM Digital subscriber Line Access Multiplexer
ACL Access Control List DST Destination
ACT Active; referring to ESP or RP in an ASR 1006 EF Expedited Forwarding (see also DSCP)
AF1 Assured Forwarding Per Hop behaviour class 1 EOBC Ethernet out-of-band control channel on the ASR 1000
AF2 Assured Forwarding Per Hop behaviour class 2 ESI Enhanced SerDes Interface
AF3 Assured Forwarding Per Hop behaviour class 3 ESP Embedded Services Processor on the ASR 1000
AF4 Assured Forwarding Per Hop behaviour class 4 FECP Forwarding Engine (ESP) Control Processor
ALG Application Layer Gateway FH Full Height (SPA)
ASR As in ASR1000; Aggregation Services Router FIB Forwarding Information Base
B2B Business to Business in the context of WebEx or Telepresence FM Forwarding Manager
BB Broadband FPM Flexible Packet Matching
BGP Border Gateway Protocol FR-DE Frame Relay Discard Eligible
BITS Building Integrated Timing Supply FW Firewall
BNG Broadband Network Gateway GigE Gigabit Ethernet
BQS Buffer, Queuing and Scheduling chip on the QFP GRE Generic Route Encapsulation
BRAS Broadband remote Access Server HA High Availability
BW Bandwidth HDTV High Definition TV
CAC Connection Admission Control HH Half-height (SPA)
CCO Cisco Connection Online (www.cisco.com) HQF Hierarchical Queuing Framework
CDR Call Detail Records H-QoS Hierarchical Quality of Service
CF Checkpointing Facility HW hardware
CLI Command Line Interface I2C Inter-Integrated Circuit
CM Chassis Manager IOCP input output Control Processor
CPE Customer Premise Equipment IOS XE Internet Operating system XE (on the ASR 1000)
CPU Central Processing Unit IPC Inter-process communication
CRC Cyclic Redundancy Check IPS Intrusion Prevention System
Ctrl Control ISG Intelligent Services Gateway
DBE Data Border Element (in Session Border Controller) ISP Internet Service Provider
DMVPN Dynamic Multipoint Virtual Private Network ISSU In-service software upgrade
DPI Deep Packet Inspection L2TP CC Layer 2 Transport Protocol Control connection
DSCP Diffserv Code Point (see also AF, EF) LAC L2TP access concentrator
Glossary
LNS L2TP network Server QoS Quality of Service
MFIB Multicast FIB RACS Resource and admission control subsystem
mGRE multipoint GRE RA-MPLS Remote access into MPLS
MPLS Multiprotocol label switching RF redundancy facility (see also CF)
MPLS-
EXP MPLS Exp bits in the MPLS header RIB routing information base
MPV Video RP Route processor
MQC Modular QoS CLI RP1 1st generation RP on the ASR 1000
mVPN multicast VPN RP2 2nd generation RP on the ASR 1000
NAPT Network address port translation RR Route reflector
NAT network address translation RU rack unit
NBAR network based application recognition SBC session border controller
Nr receive sequence number (field in TCP header) SBE signaling border element (of an SBC)
Ns send sequence number (field in TCP header) SBY standby
Nr receive sequence number (field in TCP header) SDTV standard definition TV (see also HDTV)
NF Netflow
NSF non-stop forwarding SIP Session initiation protocol
OBFL on board failure logging SPA shared port adapter
OIR online insertion and removal SPA SPI SPA Serial Peripheral Interface
OLT optical line termination SPV Video
P1 Priority 1 queue SRC Source
P2 priority 2 queue SSL Secure Socket Layer
PAL Platform Adaption layer (middleware in the ASR 1000) SSO stateful switch over
PE Provider Edge SW software
POST Power on self test TC traffic class (field in the IPv6 header)
POTS Plain old telephony system TCAM Ternary content addressable memory
PQ priority queue TOS Type of service (field in the IPv4 header)
PSTN public switched telephone network VAI virtual access interface
PTA PPP termination and aggregation VLAN virtual local area network
PWR power VOD video on demand
QFP Quantum Flow Processor VTI virtual tunnel interface
QFP-PPE QFP packet Processing elements WAN wide area network
QFP-TM QFP traffic Manager (see also BQS) WRED weighted random early discard
Key Next Generation Cloud Services
ASR1000 Integrated Services Router
Application
Performance Services
(AVP, PfR)
Best in Class ASIC Best in Class

Voice and Availability
Technology Video
Security Services
(Firewall, VPN,
Services Encryption)
Quantum Flow Processor (CUBE) Enterprise IOS Features
(QFP) for high scale services with Modular OS and
and sophisticated QoS with Software Redundancy or
minimum performance impact Hardware Redundancy
and ISSU
Ethernet Multi-Service, Secure

WAN and Provider WAN Aggregation
Edge Services Services
6
BRKARC-2001 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
Introducing the ASR1000
 ASR1000 System Architecture  Applications

 ASR 1000 Building Blocks – Routing, Security, Unified Communications
– Application Visibility and Control for Application
 ASR 1000 Software Architecture Experience
– AppNav – Powerful and Simplified WAAS
 ASR 1000 Packet Flows Redirection
 QoS on the ASR 1000 – Flexible WAN Aggregation – PfR
– Hierarchical QoS for WAN
 High-Availability on the ASR 1000 – Medianet
 Performance and Operations – WiFi Subscriber Gateway
INTRODUCING ASR1000
Introducing Cisco ASR 1000 Series Routers
Compact, Business-Critical Instant On
Powerful Router Resiliency Service Delivery
 Line-rate performance 2.5G to  Fully separated control and  Integrated firewall, VPN,
100G+ with services enabled forwarding planes encryption, NBAR, CUBE
 Hardware based QoS engine  Hardware and software  Scalable on-chip service
with 128K queues redundancy provisioning through
 Investment protection with software licensing
 In-service software
modular engines, IOS CLI upgrades
and SPAs for I/O
One IOS-XE Feature Set
ASR 1013
ASR 1001 ASR 1002 ASR 1004 ASR 1006
2.5 -5 2.5–10 10-40 10-100+ 10-360

Gbps Gbps Gbps Gbps Gbps
Where the ASR 1000 Fits
Service Provider Edge Routers

Performance and Scalability
Enterprise Edge / DC ASR 9000

Managed L2 / L3 VPNS Integrated Security
Application Recognition 7600 Series
ASR 1000
200G per Slot
Carrier Ethernet
7200 Series + BNG
40G per Slot
IP RAN
Carrier Ethernet
L2/L3 VPNs
IP RAN
20 – 360GB Per System Vidmon
SBC/VoIP
ISR Series Broadband
Broadband
Route Reflector
Vidmon (Video Monitoring)
Distributed PE
Hosted Firewall
IP Sec
SBC/VoIP
DPI
ASR 1000 in Service Provider IP Next Generation
Network
Mobile Subscriber Access &
Edge ISP
Aggregation
Wireless
WiMAX Peering
WAG
LNS
BNG
Business
A Wireline IPSec
RR IP/MPLS Core
CPE
Corporate
DSLAM
PE
xDSL
OLT
Residence
xPON SBC
Cable Content Farm

HGW DOCSIS
VOD TV SIP
• High Speed CPE • WiFi Access Gateway • LNS

• BNG-PPPoE, IPoE • Route Reflector
• LAC, PTA, ISG • Internet Peering
• IPSec Aggregator
• VoIP SBC
• PE (L3VPN and L3VPN)
Enterprise Deployment Scenarios
Mobile Subscriber
Secure WAN Aggregation DCI
Data Centre
WAN Aggregation DCI Peering
IPSec
High Business Internet Gateway
End A Internet
Internet
Branch IPSec
Edge
Corporate CPE
IPSec
Residence
Secure WAN Cloud
Cloud Provider
HGW Cloud
Svcs
• High Speed CPE • WAN Aggregation • Data Centre Interconnect

• High-end Branch • IPSec • Cloud Services Edge
• Internet Gateway • Internet
• Zone-Based Firewall
ASR1000 SYSTEM ARCHITECTURE
ASR 1000 Series Building Blocks
Embedded Services Route Route Embedded Services

Processor
 Route Processor (RP)
Processor Processor Processor
(active) (active) (standby) (standby) Handles control plane traffic
Manages system
FECP RP RP FECP
 Embedded Service Processor (ESP)

QFP
Interconn. Interconn. Handles forwarding plane traffic
QFP
Crypto subsys- Crypto subsystem
assist tem assist
 SPA Interface Processor (SIP)
Interconn. Interconn. Shared Port Adapters provide
interface connectivity
Passive Midplane  Centralized Forwarding Architecture

All traffic flows through the active ESP, standby is
synchronized with all flow state with a dedicated 10-
Interconn. Interconn. Interconn.
Gbps link
SPA IOCP SPA IOCP SPA IOCP  Distributed Control Architecture

Agg. Agg. Agg.
All major system components have a
powerful control processor dedicated for
SPA … SPA SPA … SPA SPA … SPA control and management planes
ESI, (Enhanced Serdes) 11.5Gbps
SPA-SPI, 11.2Gbps
HyperTransport, 10Gbps
ASR 1000 Data Plane Links
 Enhanced SerDes Interconnect (ESI) links – high
Embedded Services Route Route Embedded Services speed serial communication
Processor Processor Processor Processor
(active) (active) (standby) (standby) – ESIs can run at 11.5Gbps or 23Gbps
FECP RP RP FECP  ESIs run over midplane and carry

Packets between ESP and the other cards (SIPs, RP and other ESP)
Network traffic to/from SPA SIPs
Interconn. Interconn.
QFP QFP
subsys-
Punt/inject traffic to/from RP (e.g. network control pkts)
Crypto Crypto subsystem
assist tem assist State synchronization to/from standby ESP
Interconn. Interconn.  Two ESIs between ESPs and to every card in the
system
Passive Midplane  Additional full set of ESI links to/from standby ESP (not
shown)
Interconn. Interconn. Interconn.

 CRC protection of packet contents
SPA IOCP SPA IOCP SPA IOCP  ESP-10G: 1 x 11.5G ESI to each SIP slot
Agg. Agg. Agg.
 ESP-20G: 2 x 11.5G ESI to two SIP slots; 1 x 11.5G to
third SIP slot
SPA … SPA SPA … SPA SPA … SPA
ESI, (Enhanced Serdes) 11.5Gbps  ESP-40G: 2 x 23G ESI to all SIP slots
SPA-SPI, 11.2Gbps
HyperTransport, 10Gbps
ASR 1000 Control Plane Links
 Ethernet out-of-band Channel (EOBC) Forwarding Route Route Forwarding
– Run between ALL components Processor Processor Processor Processor
(active) (active) (Standby) (Standby)
– Indication if cards are installed and ready
– Loading images, stats collection FECP FECP
RP RP
– State information exchange for
L2 or L3 Protocols
QFP QFP
 I2C Crypto
assist
subsys-
tem
Crypto
assist
subsys-
tem
– Monitor health of hardware components
– Control resets Interconn. Interconn.
– Communicate active/standby, Real time

presence and ready indicators
– Control the other RP (reset, power-down, Midplane
interrupt, report Power-supply
status, signal ESP active/standby) Interconn. Interconn. Interconn.
– EEPROM access
SPA IOCP SPA IOCP SPA IOCP
 SPA control links Agg. Agg. Agg. GE, 1Gbps
I2C
– Run between IOCP and SPAs SPA Control
– Detect SPA OIR SPA
SPA Bus
… SPA SPA
… SPA SPA
… SPA
– Reset SPAs (via I2C)
– Power-control SPAs (via I2C)
– Read EEPROMs
For Your
Reference
ASR1000 Systems
g ASR 1001 ASR 1002 ASR 1002-X ASR 1004 ASR 1006 ASR 1013
SPA Slots 1-slot 3-slot 3-slot 8-slot 12-slot 24-slot
RP Slots Integrated Integrated Integrated 1 2 2
ESP Slots Integrated 1 Integrated 1 2 2
SIP Slots Integrated Integrated Integrated 2 3 6
IOS Redundancy Software Software Software Software Hardware Hardware
Built-In GE 4 4 6 N/A N/A N/A
Height 1.75” (1RU) 3.5” (2RU) 3.5” (2RU) 7” (4RU) 10.5” (6RU) 22.7” (13RU)
Bandwidth 2.5 to 5 Gbps 5 to 10 Gbps 5 to 36 Gbps 10 to 40 Gbps 10 to 100 Gbps 40-100+ Gbps
Maximum
400W 470W 470W 765W 1275W 3200W
Output Power
Airflow Front to back Front to back Front to back Front to back Front to back Front to back
ASR1000 Building Blocks: Under the Hood
ASR1000 Series SPA Interface Processor
SIP10 and SIP40
 Physical termination of SPA

 10 or 40 Gbps aggregate throughput options
 Supports up to 4 SPAs
– 4 half-height, 2 full-height, 2 HH+1FH
– full OIR support
 Does not participate in forwarding

 Limited QoS
– Ingress packet classification – high/low
– Ingress over-subscription buffering (low priority)
until ESP can service them.
– Up to 128MB of ingress oversubscription buffering
 Capture stats on dropped packets

 Network clock distribution to SPAs, reference selection from SPAs
 IOCP manages Midplane links, SPA
OIR, SPA drivers
ASR1000 SIP40 and SIP10
Major Functional Differences
 Sustained throughput of 40Gbps vs 10Gbps for SIP10

 Different ESI modes depending on the ESP being used (1x10G vs 2x20G)
 Packet classification enhancements to support more SPAs (e.g. PPP, HDLC, FR,
ATM…)
 Support for more queues (96 vs 64), allows up to 12 Ethernet ports per half-height SPA
 3-level priority scheduler (Strict, Min, Excess) vs 2-level (Min, Excess)
 Addition of per-port and per-VLAN/VC ingress policers
 Network clocking support
– DTI clock distribution to SPAs
– Timestamp and time-of-day clock distribution
SIP40 Block Diagram
To RPs RPs RPs
ESI Links: ESPs
2x 20G to each ESP
(2x10G for SIP10)
Card Output
Infrastructure reference Input reference
clocks clocks
Egress
IO Control Ingress Buffer
Memory
(IOCP) Scheduler Status
Processor IOCP 8MB Egress

Complex Boot Flash Buffering
(OBFL, …) …
SPA Network
Egress Buffers
128MB Ingress Aggregation (per port) clock Network/Interface
distributio
… Clock Selection
Buffering ASIC n
Ingress
Buffers (per
port)
HW-based
Network
3-priority Ingress clocks
Chassis
Scheduler Strict, Mgmt. Bus
classifier
C2W
Min, Excess
SIP10: Min, Excess
only
RPs RPs 4 4 4 SPAs 4 SPAs 4 SPAs
Enhanced Classifier
(PPP, HDLC, ATM, SPAs SPAs GE, 1Gbps ESI, 11.5 or 23Gbps
I2C SPA-SPI, 11.2Gbps
FR) SPA Control Hypertransport, 10Gbps
SPA Bus Other
For Your
Shared Port Adapters (SPA) and SFPs Reference
Optics Optics POS SPA Serial/Channelized/ Ethernet SPA

Clear Channel SPA
SFP-OC3-MM SFP-GE-S / GLC-SX-MMD SPA-2XOC3-POS SPA-4X1FE-TX-V2
SPA-4XT-Serial
SFP-OC3-SR SFP-GE-L / GLC-LH-SMD SPA-4XOC3-POS SPA-8X1FE-TX-V2
SPA-8XCHT1/E1
SFP-GE-Z SPA-8XOC3-POS SPA-2X1GE-V2
SFP-OC3-IR1 SPA-4XCT3/DS0
SFP-GE-T SPA-5X1GE-V2
SFP-OC3-LR1 SPA-1XOC12-POS SPA-2XCT3/DS0
CWDM SPA-8X1GE-V2
SFP-OC3-LR2 SPA-2XOC12-POS SPA-1XCHSTM1/OC3
XFP-10GLR-OC192SR / SPA-10X1GE-V2
SFP-OC12-MM XFP10GLR-192SR-L SPA-4XOC12-POS SPA-1XCHOC12/DS0 SPA-1X10GE-L-V2
SFP-OC12-SR XFP-10GER-192IR+ / SPA-8XOC12-POS SPA-2XT3/E3 SPA-1X10GE-WL-V2
SFP-OC12-IR1 XFP10GER-192lR-L SPA-1XOC48-POS/RPR SPA-4XT3/E3 SPA-2X1GE-SYNCE
XFP-10GZR-OC192LR
SFP-OC12-LR1 SPA-2XOC48POS/RPR
XFP-10G-MM-SR Service SPA
SFP-OC12-LR2 SPA-4XOC48POS/RPR
GLC-GE-100FX SPA-WMA-K9
SFP-OC48-SR SPA-OC192POS-XFP
GLC-BX-U SPA-DSP
SFP-OC48-IR1
GLC-BX-D ATM SPA CEOP SPA
SFP-OC48-LR2
DWDM-XFP SPA-1XOC3-ATM-V2 SPA-1CHOC3-CE-ATM
XFP-10GLR-OC192SR 32 fixed channels
SPA-3XOC3-ATM-V2 SPA-24CHT1-CE-ATM
XFP-10GER-OC192IR
SPA-1XOC12-ATM-V2
XFP-10GZR-OC192LR
SPA-2CHT3-CE-ATM
Route Processors: RP1, RP2 and ASR1001 RP
Two Generations of ASR1000 Route Processor
 First Generation
– 1.5GHz PowerPC architecture
– Up to 4GB IOS Memory
– 1GB Bootflash
RP1
– 33MB NVRAM
– 40GB Hard Drive
HDD Enclosure
 Second Generation:
– 2.66Ghz Intel dual-core architecture
– 64-bit IOS XE
– Up to 16GB IOS Memory
– 2GB Bootflash (eUSB)
– 33MB NVRAM
– Hot swappable 80GB Hard Drive RP2
ASR 1000 Route Processor Architecture
Highly Scalable Control Plane Processor
 Manages all chassis functions
 Runs IOS—with over 2500 features!
System Logging
Not a traffic interface!
Core Dumps
Mgmt only
Mgmt Console BITS

USB 2.5”
ENET and Aux
Hard disk (input & output)
Card
Runs IOS, Linux OS Infrastructure
Manages board and
Chassis functions
nvram 33MB
Bootdisk RP1: 1GB
IOS Memory: RIB, FIB & CPU RP2: 2GB
Other Processes CPU Memory
(1.5/2.66 GHz Dual-core) Stratum-3 Network
Determines Route Scale
clock circuit
RP1: 4GB GE, 1Gbps
RP2: 8 & 16GB Chassis Mgmt I2C
Interconn. GE Switch SPA Control
Bus
SPA Bus
Output Input
clocks clocks
ESI, 11.2Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
SIPs ESPs RP Misc ESPs SIPs ESPs RP SIPs SIPs RP
Ctrl
Route Processors (RP) For Your
Reference Recommended
Purchase
ASR1001 ASR1002-X RP1 RP2
General Purpose CPU Based

Quad-Core 2.13GHz Dual-Core Processor,
CPU Dual-Core 2.2GHz Processor on
Processor 2.66GHz
1.5GHz Processor
2GB default (2x1GB)
4GB default (4x1GB) 4GB default
4GB maximum (2x2GB) 8GB default (4x2GB)
Memory 8GB(4x2GB) 8GB
RP1 with 4GB built in ASR 16GB maximum (4x4GB)
16GB maximum (4x4GB) 16GB
1002
Built-In eUSB
8GB 8GB 1GB (8GB on ASR 1002) 2GB
Bootflash
160GB HDD (optional) & 40GB HDD and External 80GB HDD and External
Storage External USB
External USB USB USB
Cisco IOS XE
64 bit 64 bit 32 bit 64 bit
Operating System
ASR1002 (integrated),
Integrated in Integrated in ASR1004, ASR1006, and
Chassis Support ASR1004, and
ASR1001 chassis ASR1002-X chassis ASR1013
ASR1006
Embedded Services Processors (ESP)
Scalable Bandwidth from 5Gbps to 100Gbps+
 Centralized, programmable forwarding engine providing full-packet

processing
 Packet Buffering and Queuing/Scheduling (BQS)

– For output traffic to carrier cards/SPAs
– For special features such as input shaping, reassembly,
replication, punt to RP, etc.
– 5 levels of HQoS scheduling, 128K Queues, Priority Propagation
 Dedicated Crypto Co-processor
 Interconnect providing data path links (ESI) to/from other cards over
midplane
–Transports traffic into and out of the Cisco Quantum
Flow Processor (QFP)
–Input scheduler for allocating QFP BW among ESIs
 FECP CPU managing QFP, crypto device, midplane links, etc.
ASR 1000 Forwarding Processor
Quantum Flow Processor Drives Integrated Services & Scalability
• Class/Policy Maps: QoS, DPI, FW • QoS Mark/Police • FW hash tables
• ACL/ACE storage • NAT sessions • Per session data
• IPSec Security Association class groups, classes, rules • IPSec SA (FW, NAT, Netflow,
• NAT Tables • Netflow Cache SBC)
• Runs Linux • QoS Queuing

• Performs board • NAT VFR re-assembly
management TCAM4 Resource Pkt Buffer • IPSec headers
DRAM DRAM
• Program QFP & Crypto Card
• Stats collection Infrastructure Processor pool
• Memory for FECP PPE0
PPE0
PPE0
PPE0 PPE0
PPE0
PPE0
PPE0 QFP
PPE0 PPE4
• QFP client / driver

PPE0 PPE2 PPE0
PPE0
PPE1 PPE3
• OBFL Memory GE, 1Gbps

• QoS Class maps PPE0
PPE0
PPE0
PPE0
PPE0 … PPE0
PPE0 Buffer, queue, schedule (BQS)
Buffer, queue, schedule (BQS)
I2C
FECP PPE0
PPE5
PPE6 PPE0
PPE40
Buffer, queue, schedule (BQS) SPA Control
• FM FP SPA Bus
Boot Flash
• Statistics ESI, 11.2Gbps
• ACL ACEs copy SPA-SPI, 11.2Gbps
Dispatche Hypertransport, 10Gbps
• NAT config objects r/Pkt Other
• IPSec/IKE SA Buffer
• NF config data
• System Bandwidth
• ZB-FW config objects
Chassis • 5, 10, 20 or 40 Gbps
NF: Netflow Mgmt Bus Crypto Interconn.
Memory
ZBFW: Zone-based Firewall
FW: Firewall
SA: Security Association
VFR: Virtual Fragmentation Reassembly RPs RPs SIPs
ESP RPs
OBFL: On-board Failure Logs
Embedded Services Processors
ESP 100G and Future ESP200G
Available ESP-100G Target ESP-200G

Today End-2013
NSA NSA
“Suite-B” “Suite-B”
Total Bandwidth • 100 Gbps Total Bandwidth • 200 Gbps
Security Security
Performance • Up to 32 Mpps Performance • Up to 64 Mpps
QuantumFlow Processors • 2 QuantumFlow Processors • 4
- Resource Memory • 2 x 2 GB - Resource Memory • 4 x 2 GB
- TCAM • 1 x 80 Mb • 2 x 80 Mb
- TCAM
• 2 x 512 MB • 4 x 512 MB
- Packet Buffer - Packet Buffer
Control CPU • Dual-core CPU Control CPU • Dual-core CPU
- Frequency • 1.73 GHz - Frequency • 1.73 GHz
- Memory • 16 GB - Memory • 32 GB
Broadband • Up to 58 K sessions Broadband • Up to 128 K sessions
QoS • Up to 232 K queues QoS • Up to 464 K queues
IPSec Bandwidth (1400 B) • 25 Gbps IPSec Bandwidth (1400 B) • 50 Gbps
FW/NAT • 6 M sessions FW/NAT • 13 M sessions
Chassis • ASR 1006, ASR 1013 Chassis • ASR 1013
Route Processor • RP2 + Future Route Processor • RP2 + Future
ESP-100 Block Diagram
TCAM4
Pkt Buffer
(1x80Mbit) Resource Pkt Buffer Resource
DRAM (512MB)
DRAM (512MB) DRAM (2GB)
DRAM (2GB)
Card Processor pool

Processor pool
Infrastructure PPE0
QFP PPE0
PPE0
PPE0 PPE0
PPE0
PPE0
PPE0
QFP
PPE0 PPE0
PPE2 PPE0 PPE4
PPE0 PPE0
PPE0 PPE0
PPE0 PPE0 PPE0
PPE0 PPE3
PPE0 PPE0 PPE4
PPE2 PPE1
PPE0 PPE0
PPE0 PPE3
PPE1

PPE0
PPE0
PPE0 … PPE0
…
PPE0 PPE6 PPE0
PPE0
PPE0
PPE0
PPE0
PPE6
PPE0
PPE0
PPE0
PPE0
PPE5
PPE40
PPE0
PPE5
PPE40
Memory
FECP
(Dual-Core) Dispatcher/Pkt
Dispatcher/Pkt
Buffer
Boot Flash Buffer
(OBFL, …)
Chassis Mgmt
Bus Crypto
Memory Interconnect
ASR 1000
RPs RPs SIPs
ESP RPs
ESI, 11.5 & 23 Gbps
System BW
Interlaken 69 Gbps (69 Gbps Each)
GE, 1Gbps PCIe
I2C Other
Embedded Services Processors (ESP) For Your
Reference
Based on Quantum Flow Processor (QFP)

ESP-2.5G ESP-5G ESP-10G ESP-20G ASR1002-X ESP ESP-40G ESP-100G
System
2.5Gbps 5Gbps 10Gbps 20Gbps 5/10/20/ 36Gbps 40Gbps 100Gbps
Bandwidth
Performance 3Mpps 8Mpps 17Mpps 24Mpps 30Mpps 24Mpps 59Mpps
# of Processors 10 20 40 40 8/16/32/62 40 128
Clock Rate 900 MHz 900 MHz 900 MHz 1.2 GHz 1.2 GHz 1.2 GHz 1.5 GHz
Crypto Engine
1Gbps 1.8Gbps 4.4Gbps 8.5Gbps 4Gbps 11Gbps 29Gbps
BW (1400 bytes)
QFP Resource
256MB 256MB 512MB 1GB 1GB 1GB 4GB
Memory
Packet Buffer 64MB 64MB 128MB 256MB 512MB 256MB 1GB
Dual core 1.73
Control CPU 800 MHz 800 MHz 800 MHz 1.2 GHz 2.13 GHz 1.8 GHz
GHz
Control Memory 1GB 1GB 2GB 4GB 4/8/16GB 8GB 16GB
TCAM 5Mb 5Mb 10Mb 40Mb 40Mb 40Mb 80Mb

ASR1001
ASR1001 ASR1002, 1004, ASR1004, ASR1004,1006,
Chassis Support (integrated), ASR1002-X ASR1006, 1013
(Integrated) 1006 1006 1013
ASR 1002
Cisco Quantum Flow Processor
ASR1000 Series Innovation
QFP Chip Set
• Five year design and continued evolution – now on 3nd generation
• Massively parallel, 64 multi-threaded cores; 4 threads per core
• QFP Architecture designed to scale to >100Gbit/sec
• 256 processes available to handle traffic
Cisco QFP
• High-priority traffic is prioritised Packet Processor
• Packet replication capabilities for Lawful Intercept

• Full visibility of entire L2 frame
• Latency: tens of microseconds with features enabled
• Interfaces on-chip for external cryptographic engine
• 3rd generation QFP is capable of 70Gbit/sec, 32Mpps processing Cisco QFP Traffic Manager
(Buffering, Queueing, Scheduling)
• Can cascade 1, 2 or 4 chips to build higher capacity ESPs

Quantum Flow Processor
Why Custom vs. Off-the-Shelf?
 Custom design needed for next-gen Network Integrated Services

–Existing CPUs do not offer forwarding power required
–Memory architecture of general purpose CPUs relies on large caches (64B/128B) -> Inefficient mapping for network features
 QFP uses small memory access sizes (16B)
–minimizes wasted memory reads and increases memory access
–for the same raw memory BW, a 16B read allows 4-8 times the number of memory accesses/sec as a CPU using 64/128B
accesses
 Preserves C-language programming support
–Including stacking for nested procedures
–Differentiator as compared to NPUs
–Key to feature velocity
–Support for portable, large-scale development
 Add hardware assists to further boost performance
–TCAM, PLU, HMR…
–Trade-off power requirement vs. board space
Third Generation QFP Details
Used on ASR1002-X, ESP-100 and Beyond
 3rd Gen QFP integrates both the PPE engine and the Traffic manager
– 64 PPEs
– 116K queues per 3rd gen QFP ASIC (128K queues for previous QFP)
– But 3rd gen QFP can be latched together, so ESP 100 has total of 232K queues
 PPEs on 3rd gen QFP run the same Microcode as QFP

– Features executed in PPEs have same behavior
 Full Configuration consistency with QFP

 Same feature behavior (e.g. TCP, policing accuracy…)
 In-service hardware upgrade & downgrade from ESP40 to ESP 100 supported
 Differences
– Minor behavioral show-command differences
– Deployment differences in deployments with large number of schedules
ASR1001 Overview
Compact & Powerful 1RU for Secure High-end Branch, Router Reflector,
Managed Services
Single-Height SPA Card Slot
Here: 5-Port 1GE SPA Is Plugged In
Management Interface 4 Built-In GE Ports
 Performance 2.5 to 5-Gbps; License upgrade  Same IOS XE Feature Set

 4G (Default) & 8G & 16G Memory options  Integrated I/O Options
 Up to 1.8 Gbps crypto throughput built-in ASR1001-2XOC3POS
 1 single height SPA slot for I/O connectivity and 4 built-in GE ASR1001-4XT3 (no E3 support)
ports + optional daughter card ASR1001-8XCHT1E1
 High Availability: Dual Power Supply with SW redundancy ASR1001-4X1GE
support
ASR1001 Block Diagram
Mgmt Console
TCAM4
(10Mbit) Resource Pkt Buffer Temp
ENET and Aux
Route Processor
DRAM Part Len/ Sensor USB
BW DRAM
(512MB) (128MB) BW SRAM
Power (Built-in)
Upgradeable Ctlr
RP2-Class Route
ESP-10 Processor pool EEPROM
PPE0
PPE0
PPE0
PPE1
PPE0
PPE0
PPE0
PPE2 PPE0
PPE0
PPE0
PPE3
PPE0
PPE0
PPE0
PPE4 QFP Processor
CPU 4G/8G/16G
PPE0
PPE0
PPE0
PPE0
PPE0
PPE0
PPE6 … PPE0
PPE0
PPE0 Buffer, queue,
Buffer,Buffer, queue, (BQS) Memory
Memory Options
PPE5 PPE40 queue, schedule
schedule(BQS)
(BQS) nvram
schedule CPU (2.13 Ghz Dual
Core) Bootdisk
Dispatcher SDRAM
/Pkt Buffer MiniDIMM
No Network Sync
Boot Flash
Crypto
(OBFL, …) Capability (BITs, etc)
JTAG Ctrl
SA table
DRAM Soft Upgradeable BW
ESP: 2.5G, 5G
Interconnect
Ingress Egress
…
Schedul
er
Buffer
Status … Built-in 4x1GE SPA
Ingress
SPA Egress
Buffers Aggregation Buffers
(per port) ASIC (per port)
Ingress
classifier
4x1GE
Modular I/O via SPA
SIP-10 SPA
And IDC
ASR1001 (Built-in) IDC*
SPA
New!
ASR1002-X Available Now!
Next Generation ASR1002
Chassis & HW • 2RU form factor

• Integrated RP, ESP & SIP
• Redundant AC/DC PSU, same as ASR1002
System BW • 5G, 10G, 20G, 36G, via software upgrade
Performance • Up to 32 Mpps
Crypto BW • 4Gbps (8Gbps option in a future release)
Control Plane • Quad-core @2.13GHz processor
• 4/8/16 GB Memory Options
Data Plane • Integrated ESP with SW selectable BW from 5G to 36G Up to 4X Performance of
ASR1002
I/O • 3 SPA bays + 6 built-inGE ports (SyncE capable)
• Console / MGMT Ethernet / Aux One IOS-XE Feature Set
• External USB storage
• Optional HDD (160GB)
FW/NAT • 36G FW/NAT, 2 M sessions NSA “Suite-B” Security
Network Timing • Stratum 3/G.813 Clocking, BITS timing, GPS, SyncE, 1588
Image Security • Secure boot

• Code Signing (FIPS-140-3)
ASR 1002-X Block Diagram Integrated Control Plane
- Quad Core CPU
ASR1002-X
TCAM4 Pkt Buffer Temp
2nd Generation QFP: (10Mbit)
Resource
DRAM DRAM Part Len/
BW
Sensor
Power Ctlr
USB
Mgmt
ENET
Console
and Aux
Hard disk
(512MB) (128MB)
40 Gbps Forwarding SRAM
EEPROM
Processor pool
and Feature PPE0
PPE0
PPE0
PPE0
PPE0
PPE0
PPE2 PPE0
PPE0
PPE0
PPE0
PPE0
PPE0
PPE4 QFP
PPE1 PPE3
processing CPU
Memory
PPE0
PPE0
PPE0
PPE5
PPE0
PPE0
PPE0
PPE6 … PPE0
PPE0
PPE0
PPE40
Buffer,
Buffer, queue,
queue, schedule
schedule (BQS)
(BQS)
SDRAM
CPU
nvram
MiniDIMM
Dispatcher/Pk (2.13GHz Quad-Core)
t Buffer Boot Flash
Bootdisk
(OBFL, …)
Stratum-3 Network
clock circuit
New Octeon II JTAG Ctrl
- 4G Crypto
- 8G capable
- Suite-B Crypto Interconnect Interconnect
SA table Timing/Syn
DRAM
GE GE GE GE GE GE c
BITS, GPS
SPA SPA
PCIe
SPA Control
SPA Bus
I/L 69Gbps Integrated SIP-40
11.Gbps
Other
ASR 1000 Fixed Ethernet Linecards
Fixed Line Card replacing SIPs and SPAs
IOS XE 3.10
Bandwidth up to 40Gbps (July 2013)
ASR 1000 2x10G+20xGE fixed linecard
Three Variants • 2x10GE+20x1GE (Mid CY13) Key Features • All Ethernet related features currently
• 40x1GE –(Future) supported on GE / 10GE SPAs on ASR1k
• 4x10GE –(Future)
• SyncE
Chassis • ASR1004,ASR1006,ASR1013 • IEEE 1588
• Y.1731
RP • RP2
• 40 Gbps BW
ESP • ESP40/100/200 • No SIP needed
ASR 1000 System Oversubscription
Key Oversubscription Points
 Total bandwidth of the system is determined by the following factors

– Type of forwarding engine: eg. ESP-10, ESP-20, ESP40 or ESP100
– Type of SIP: SIP10 or SIP40
– The SIP bandwidth is the bandwidth of the link between one SPA Interface Processor and the ESP
 Step1: SPA-to-SIP Oversubscription

– Up to 4 x 10Gbps SPAs per SIP 10 = 4:1 Oversubscription Max
– No over subscription for SIP-40 = 1:1
– Calculate your configured SPA BW to SIP capacity ratio
 Step 2: SIP-to-ESP Oversubscription

– Up to 2,3 or 6 SIPs share the ESP bandwidth, depending on the ASR1000 chassis used
– Calculate configured SIP BW to ESP capacity ratio
 Total Oversubscription = Step1 x Step2
SIP Interconnect BW Depends on ESP & Chassis
ESP-xxx Card  Each ESP has a different Interconnect
ASIC with different numbers of ESI
QFP Complex ports
10G 10G 20G 40G 140G
 ESP-10G: 10G to all slots
ESP-10G Interc. ESP-10G Interc. – 1 x 11.5G ESI to each SIP slot
ESP-20G Interconnect  ESP-20G: 20G to all slots except

ASR1006 slot 3
ESP-40G Interconnect – 2 x 11.5G ESI to two SIP slots;
– 1 x 11.5G to third SIP slot
ESP-100G Interconnect
 ESP-40G: 40G to all slots except
ASR1013 slots 4 and 5
– 2 x 23G ESI* to all three SIP slots in ASR1006
“Other” RP1 RP0 SIP 0 SIP 1 SIP 2

 ESP-100G: 40G to all slots
SIP 3 SIP 4 SIP 5
ESP
ASR1004
– 2 x 23G ESI to all SIP slots
ASR1006 ASR1013
Primary ESI Link (11G only)
Primary ESI Link (23G capable)
 Be aware of these exceptions!
Secondary ESI Link (11G only)
Secondary ESI Link (23G capable)
Ctl Plane ESI Links
For Your
ASR 1000 System Oversubscription (Cont.) Reference
Max. Bandwidth
Chassis SPA to SIP SIP to ESP I/O to ESP
ESP Version SIP Version SIP Slots Bandwidth per on ESP
Version Oversubscription Oversubscription Oversubscription
IP Slot (Gbps) (Gbps)
Example:
ASR 1001 ESP2.5 n.a. n.a. n.a. 2:1 2.5 5.6:1 5.6:1
ASR 4x10G SPAs max
ESP5 n.a. n.a. n.a. 4:1 5 6.8:1 6.8:1 1 per SIP
1001/ASR1002
ESP10 n.a. n.a. n.a. 4:1 10 3.4:1 3.4:1
ASR 1002-X ESP40 SIP40 n.a. n.a. 9:10 36 1:1 9:10
ASR 1004 ESP10 SIP10 2 10 4:1 10 2:1 8:1 2 3 SIPs max per ESP
ESP20 SIP10 2 10 4:1 20 1:1 4:1
ESP40 SIP10 2 10 4:1 40 1:2 4:1 12x10G SPAs max
ASR 1006 ESP10 SIP10 3 10 1 4:1 10 2 3:1 3 12:1 3 per ESP
ESP20 SIP10 3 10 4:1 20 3:2 6:1
ESP40 SIP 10 3 10 4:1 40 3:4 4:1
ESP40 SIP 40 3 40 1:1 40 3:1 3:1
ESP100 SIP40 3 40 1:1 100 6:5 6:5
ASR 1013 ESP40 SIP10 6 10 4:1 40 3:2 6:1
Slots 1, 2, 3,
40 1:1
ESP40 SIP40 4 40 9:2 6:1
Slots 5, 6 10 4:1
ESP100 SIP40 6 40 1:1 100 12:5 12:5
SOFTWARE ARCHITECTURE
Software Architecture–IOS XE
Route Processor
 IOS XE = IOS + IOS XE Middleware + Platform
IOS IOS
Software. Not a new OS!
(Active) (Standby)
 Operational Consistency—same look and feel as
IOS Router IOS XE Platform Adaptation Layer (PAL)
Chassis Forwarding
Manager Manager
 IOS runs as its own Linux process for control
plane (Routing, SNMP, CLI etc.) Capable of 64- Kernel
bit operation
 Linux kernel with multiple processes running in Control Messaging

protected memory for
– Fault containment
SPASPASPASPA QFP
– Re-startability Driver
Driver
Driver
Driver Client/Driver
– ISSU of individual SW packages
Chassis Forwarding Chassis
 ASR 1000 HA Innovations Manager Manager Manager
– Zero-packet-loss RP Failover Kernel Kernel

– <50ms ESP Failover
– “Software Redundancy” SPA Interface Processor Embedded Services
Processor
ASR 1000 Software Architecture
• Initialization and boot of RP Processes
• Detects OIR of other cards and coordinates initialization
• Manages system/card status, Environmentals, Power ctl, EOBC
RP
• Runs Control Plane CPU
Chassis Mgr.
• Generates configurations IOS Forwarding Mgr.
• Populates and maintains routing tables (RIB, FIB…)
• Provides abstraction layer between hardware and IOS Kernel Kernel

(incl. utilities)
(incl. utilities)
• Manages ESP redundancy
Interconn.
• Maintains copy of FIB and interface list
• Communicates FIB status to active & standby ESP
(or bulk-download state info in case of restart)
ESP FECP QFP Chassis Mgr.
• Maintains copy of FIBs Client /
Forwarding Mgr.
Driver
• Programs QFP forwarding plane and QFP DRAM
• Statistics collection and communication to RP Kernel Kernel
(incl. utilities)
(incl. utilities)
• Communicates with Forwarding manager on RP Interconn. QFP subsys-tem

• Provides interface to QFP Client / Driver QFP code
Interconn.
• Implements forwarding plane Crypto assist
• Programs PPEs with forwarding information
SIP IOCPSPA
Interconn. SPA
Chassis Mgr.
driv SPASPA
• Driver Software for SPA interface cards. Loaded separately and

driv
er er driv
drive
er r
SPA Agg.
independently Kernel (incl. utilities)
• Failure or upgrade of driver does not affect other SPAs in same or
different SIPs SPA SPA
…
Control Plane Process Communication
RP
CPU
Chassis Mgr.
IOS Forwarding Mgr.
Kernel (incl. utilities)
Interconn.
ESP FECP Chassis Mgr.

QFP
Client /
Driver Forwarding Mgr.
Kernel (incl. utilities)
QFP subsys-tem
Interconn.
QFP
code
Interconn. OIR / Chassis
Crypto assist messages
Forwarding SIP
IOCP
Control Interconn. SPSP
Chassis Mgr.
A ASP
messages dridriASPA
ver drive
dri
ver
SPA ver r
ESI, 11.2Gbps Kernel (incl. utilities) IPC Messages

SPA-SPI, 11.2Gbps
Agg. GE, 1Gbps
Hypertransport, 10Gbps I2C
Other SPA Control
SPA Bus
SPA … SPA
Feature Invocation Array in QFP μcode For Your
Reference
Feature Processing Follows a Pre-defined Execution Sequence
Use this command

to see your detailed
L2/L3 IPv6 IPv4 MPLS XConnect L2 Switch
FIA per interface
Classify
IPv4 Validation
show platform hardware qfp active interface if-
name<interface/subintf>
SSLVPN Netflow Forwarding NAT ISG

ERSPAN ISG APS Marking
• IP Unicast
MLP QPPB • Loadbalancing WCCP Policing
• IP Multicast
IP Hdr. Compress. QoS Classify/Police • MPLS Imposit. Classify Accounting
VASI • MPLS Dispos. SSLVPN TCP MSS Adjust
IPSec • MPLS Switch.
LI uRPF • FRR Firewall Netflow
• AToM Dispos.
LISP NAT • MPLSoGRE IPSec LI
FPM PBR ACL BDI & Bridging
ACL SBC GEC IP Tunnels
BGP Policy Acct. WCCP FPM IPHC
MLP Queuing
Software Sub-packages
RP CPU
Chassis Mgr. 4
2
IOS 3
SSL/SSH
Forwarding Mgr.
1. RPBase: RP OS Interface Mgr.
Why?: Upgrading of the OS will require reload to the RP and 1
expect minimal changes Kernel (incl. utilities)
2. RPIOS: IOS Interconn.

Why?: Facilitates Software Redundancy feature
3. RPAccess (K9 & non-K9): Software required for Router FP
access; 2 versions available. One that contains open SSH &
FECP CPP Chassis Mgr.
Client /
SSL and one without Driver Forwarding Mgr.
Why?: To facilitate software packaging for export-restricted Kernel (incl. utilities)
countries 5
CPP subsys-tem
4. RPControl : Control Plane processes that interface between Interconn. CPP
IOS and the rest of the platform code
Why?: IOS XE Middleware Interconn.
Crypto assist
5. ESPBase: ESP OS + Control processes + QFP
client/driver/ucode:
Why?: Any software upgrade of the ESP requires reload of SIP IOCP
Interconn. SPA Chassis Mgr.
the ESP SPA
7
SPA
drive SPA
drive
r drive
r drive Interface Mgr.
6. SIPBase: SIP OS + Control processes SPA r r
6
Why?: OS upgrade requires reload of the SIP Agg. Kernel (incl. utilities)
7. SIPSPA: SPA drivers and FPD (SPA FPGA image)
Why?: Facilitates SPA driver upgrade of specific SPA slots
SPA … SPA
ASR 1000 IOS XE Release Process
Software Lifecycle as of IOS XE 3.7
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
Month #
S1 S2 S3 S4 S5 S6 S7 PSIRT
IOS Legend
15.2(4)S
IOS XE 3.7S Initial CCO
Standard throttle
S1 S2 PSIRT rebuild
Extended
IOS 15.3(1)S throttle rebuild
IOS XE 3.8 S
Platform
Optional
S1 S2 PSIRT PSIRT
IOS 15.3(2)S
IOS XE 3.9 S
S1 S2 S3 S4 S5 S6 S7 PSIRT
IOS 15.3(3)S
IOS XE 3.10S
Standard maintenance
Frequency of Extended Frequency of Length of Standard Maintenance Length of Extended Maintenance Extended Maintenance
rebuild Interval
Maintenance Branches Releases Branch Branch Rebuild Interval (months)
(months)
Every 12 months 4 months 6 months 3 48 months 3-3-3-3-6-6-6
Packet Flows – Data Plane
Data Packet Flow: From SPA Through SIP
ESPs
1. SPA receives packet data from its network interfaces and

transfers the packet to the SIP
Interconn.
2. SPA Aggregation ASIC classifies the
packet into H/L priority
Egress 3. SIP writes packet data to external 128MB memory (at

Ingress Buffer
Scheduler Status 40Gbps from 4 full-rate SPAs)
4. Ingress buffer memory is carved into 64 queues. The

g queues are arranged by SPA-SPI channel and optionally
… SPA … H/L. Channels on “channelized” SPAs share the same
aggregation queue.
Ingress Egress
Buffers (per
ASIC Buffers (per
port) port) 5. SPA ASIC selects among ingress queues for next pkt to
send to ESP over ESI. It prepares the packet for internal
transmission
Ingress
classifier SPA
Agg. 6. The interconnect transmits packet data of selected packet
over ESI to active ESP at up to 11.5 Gbps
7. Active ESP can backpressure SIP via ESI ctl message to

ESI, 11.2Gbps slow pkt transfer over ESI if overloaded (provides separate
SPA-SPI, 11.2Gbps
4 SPAs backpressure for Hi vs. Low priority pkt data)
Other
Data
BRKARC-2001
TECOPT-2401 © 2013
© 2011 Cisco and/or its affiliates. Cisco
All rights and/or
reserved. its affiliates. All rights reserved.
Cisco Public Cisco Public
50 50
Data Packet Flow: Through ESP10
1. Packet arrives on QFP
Resource Pkt Buffer
TCAM4 Part Len/
(10Mbit)
DRAM DRAM
BW SRAM
2. Packet assigned to a PPE thread.
(512MB) (128MB)
3. The PPE thread processes the packet in a feature chain
Processor pool Quantum Flow similar to 12.2S IOS (very basic view of a v4 use case):
PPE0
PPE0 PPE0
PPE0
PPE0
Processor – Input Features applied
PPE0 PPE0
PPE2 PPE0 PPE0
PPE4
PPE0
PPE0 PPE0
PPE1 PPE3
 NetFlow, MQC/NBAR Classify, FW, RPF, Mark/Police, NAT, WCCP etc.
– Forwarding Decision is made

PPE0
PPE0
PPE0
PPE5
PPE0
PPE0
PPE0
PPE6
… PPE0
PPE0
PPE0
PPE40
Buffer, queue, schedule
(BQS) –
 Ipv4 FIB, Load Balance, MPLS, MPLSoGRE, Multicast etc.
Output Features applied

 NetFlow, FW, NAT, Crypto, MQC/NBAR Classify, Police/Mark etc.
– Finished
Dispatcher/
Pkt Buffer 4. Packet released from on-chip memory
to Traffic Manager (Queued)
5. The Traffic Manager schedules which traffic to send to
which SIP interface (or RP or Crypto Chip) based on
priority and what is configured in MQC
Interconnect 6. SIP can independently backpressure ESP via ESI control
message to pace the packet transfer if overloaded
ESI, 11.2Gbps
SPA-SPI, 11.2Gbps
SIP-10
BRKARC-2001
Data Other
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Data Packet Flow: Through SIP to SPA
Data
ESPs
1. Interconnect receives packet data over ESI from
the active ESP at up to 46 Gbps
Interconn.
2. SPA Aggregation ASIC receives the packet and
writes it to external egress buffer memory
Egress 3. Egress buffer memory is carved into 64 queues.

Buffer
Ingress
Scheduler Status The queues are arranged by
egress SPA-SPI channel and optionally H/L.
Channels on “channelized” SPAs share
g the same queue.
… SPA …
Ingress Aggregation Egress 4. SPA Aggregation ASIC selects and transfers

Buffers (per Buffers (per
port) ASIC port) packet data from eligible queues to SPA-SPI
channel (Hi queue are selected before Low)
Ingress
classifier SPA 5. SPA can backpressure transfer of packet data
Agg. burst independently for each SPA-SPI channel
using SPI FIFO status
ESI, 46 Gbps 6. SPA transmits packet data on network interface
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps 4 SPAs
Other
ASR1000 QoS
ASR 1000 Forwarding Path
QoS View
ESP (active) RP (active) RP (backup) ESP (backup)
1.SPA classification
7
TCAM Buffers IOS Process IOS Process TCAM Buffers
2.Ingress SIP packet buffering 4
Interconnect Interconnect
3.Port rate limiting & weighting 5 Cisco 6 Cisco
QFP QFP
for forwarding to ESP
Interconnect Interconnect
4.Advanced classification
5.Ingress MQC based QoS Midplane
6.Egress MQC based QoS
7.Hierarchical packet Interconnect Interconnect

3
scheduling & queuing Ingress classifier, 8
2
scheduler & buffers Packet buffers
8.Egress SIP packet buffering
1 ESI, 40Gbps each direction
SPA SPA SPA SPA SPA-SPI, 11.2Gbps each direct
Hypertransport, 8Gbps each direction
ASR 1000 ESP QoS
QFP Processing
 The following QoS functions are handled by PPEs:

– Classification
– Marking
– Policing
– WRED
 After all the above QoS functions (along with other packet forwarding features
such as NAT, Netflow, etc.) are handled the packet is put in packet buffer
memory handed off to the Cisco QFP Traffic Manager
 All ESP QoS functions are configured using MQC CLI
ASR 1000 QoS
The QFP Traffic Manager (BQS) performs all packet scheduling decisions.
 Cisco QFP Traffic Manager implements a 3 parameter scheduler which gives advanced
flexibility. Only 2 parameters can be configured at any level (min/max or max/excess)
– Minimum - bandwidth
– Excess - bandwidth remaining
– Maximum - shape
 Priority propagation (via minimum) ensures that high priority packets are forwarded first
without loss
 Packet memory is one large pool. Interfaces do not reserve a specific amount of packet
memory.
 Out of resources memory exhaustion conditions
– Non-priority user data dropped at 85% packet memory utilization
– Priority user data dropped at 97% packet memory utilization
– Selected IOS control plane packets and internal control packets only dropped at 100% memory utilization
For Your
Reference
ASR 1000 QoS

Traffic Manager Statistics
 show plat hard qfp active stat drop all | inc BqsOor
– This gives a counter which shows if any packets have been dropped because of packet
buffer memory exhaustion.
 show plat hard qfp active infra bqs status
– Gives metrics on how many active queues and schedules are in use. Also gives
statistics on QFP QoS hierarchies that are under transition.
 show plat hard qfp active bqs 0 packet-buffer util
– Gives metrics on current utilization of packet buffer memory
ASR 1000 QoS
Level3 “Class”
Queuing Highlights queues
 Multilayer hierarchies (5 layers in total)

– SIP, interface, 3 layers of queuing MQC QoS
 Two levels of priority traffic (1 and 2)

 Strict and conditional priority rate limiting
Level 2 “Class”
 3 parameter scheduler (min, max, & excess) schedules
 Priority propagation for no loss priority

forwarding via minimum parameter Level 1 “VLAN”
schedule
 Shaping average and peak options, burst Interface/Port

parameters are accepted but not used schedule
 Backpressure mechanism between hardware SIP schedule

components to deal with external flow control
ASR 1000 QoS
Classification and Marking
 Classification
– IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, ACL, packet-
length, ATM CLP, COS, inner/outer COS (QinQ), vlan, input-interface, qos-group,
discard-class
– QFP is assisted in hardware by TCAM
 Marking
– IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, discard-class,
qos-group, ATM CLP, COS, inner/outer COS
 Enhanced match and marker stats may be enabled with a global configuration
option
– platform qos marker-statistics
– platform qos match-statistics per-filter
ASR 1000 Policing and Congestion Avoidance
 Policing
 WRED
– 1R2C – 1 rate 2 color
– precedence (implicit MPLS EXP),
– 1R3C – 1 rate 3 color dscp, and discard-class based
– 2R2C – 2 rate 2 color – ECN marking
– 2R3C – 2 rate 3 color – byte, packet, and time based CLI
– color blind and aware in XE 3.2 and – packet based configurations
higher software limited to exponential constant
 supports RFC 2697 and RFC 2698 values 1 through 6
– explicit rate and percent based – dedicated WRED block in QFP
configuration hardware
– dedicated policer block in QFP
hardware
IPSEC ON ASR1000
ESP-100 and ASR1002-X NextGen Encryption
Introduces Improved Octeon-II Crypto Processor
 ESP-100  Crypto support:

– 24 core processor – AES, SHA-1, ARC4, DES, 3-DES
– 800MHz clock frequency – IKEv1 or IKEv2
– 2GB DDR3 SDRAM
 Next Gen “Suite B” crypto
– Up to 20Gbps (512B packets)
support
 ASR-1002X – Encryption: AES-128-GCM
– 6 core processor – Authentication: HMAC-SHA-256
– 1.1 GHz clock frequency – Hashing: SHA-256
– Up to 4Gbps (512B packets) – Protocol: IKEv2
 NOTE: In-Box High Availability ASR1006
 Compare to ESP10/20/40 configuration:
– 350Mhz Nitrox II with 8 & 18 cores ESP to ESP - stateful
respectively RP to RP – stateless
ASR 1000 Forwarding Processor
IPSec Processing is done with Crypto Co-processor Assist
• IPSec SA class groups • IPSec SA Database

• IPSec SA Database • Classes
• IKE SA Database • Rules (ACE or IPSec SA) • IPSec Headers
• Crypto-map
• DH key pairs
•Outbound packet classification
TCAM4 Resource Pkt Buffer
DRAM DRAM •Formatting of packets to Crypto chip
Card (internal header)
Infrastructure Processor pool
•Receiving packets from crypto chip
PPE0
PPE0
PPE0
PPE1
PPE0
PPE0
PPE0
PPE2
PPE0
PPE0
PPE0
PPE3
PPE0
PPE0
PPE0
PPE4
QFP •Removal of internal crypto header
Memory •Re-assembly of fragmented IPSec
PPE0
PPE0
PPE0
PPE0 … PPE0
FECP PPE0
PPE0
PPE5
PPE6 PPE0
PPE40
Buffer, queue, schedule (BQS) packets
Boot Flash
•Anti-replay check
•Encryption / decryption Dispatche
r/Pkt
(Diffie-Helman) Buffer
•NAT Traversal GE, 1Gbps
•Traffic-based lifetime expiry

I2C
Chassis SPA Control
Mgmt Bus Crypto Interconn.

SPA Bus
Memory ESI, 10/40Gbps
SPA-SPI, 11.2Gbps
RPs RPs SIPs Other

ESP RPs
ASR 1000 IPSec Software Architecture For Your
Reference
Function Partitioning
RP
CPU
Chassis Mgr.
• Creation of IPSec Security Associations (SA)
• IKE Control Plane (IKE negogiation, expiry, tunnel IOS Forwarding Mgr.
setup)
Kernel Kernel
(incl. utilities)
(incl. utilities)
• Communicates FIB status to active & standby ESP (or
bulk-download state info in case of restart)
Interconn.
ESP FECP QFP Chassis Mgr.

• Communicates with Forwarding manager on RP Client /
Forwarding Mgr.
Driver
• Provides interface to QFP Client / Driver
Kernel Kernel
(incl. utilities)
(incl. utilities)
• Copy of IPSec SAs
• Copy of IKE Sas QFP subsys-tem
Interconn.
• Synchronization of SA Databases with standby ESP QFP code
Interconn.
• Punting of Encrypted packets to the Crypto Assist Crypto assist
SIP IOCPSPA Chassis Mgr.

• Encryption / Decryption of packets Interconn. SPA
driv SPA
driv
SPA
er er driv
drive
er r
SPA Agg. Kernel (incl. utilities)
SPA SPA
…
For Your
Reference
ASR1000 IPSec Performance

Throughput and Scalability
ASR1000- ASR1000- ASR1000- ASR1000 ASR1000
ESP5 ESP10 ESP20 ESP40 ESP100
ASR 1002, 1004, ASR 1004 & ASR1004 1006 & ASR1006 &
Supported Chassis ASR1001 ASR 1002
1006 1006 1013 1013
Encryption Throughput
1.8/1 Gbps 1.8/1 Gbps 4/2.5 Gbps 7/6 Gbps 11/7 Gbps 29/16 Gbps
(Max/IMIX)
VRFs (RP2/RP1) 4,000 1,000 4,000 / 1,000 4,000 / 1,000 4,000 / 1,000 4,000 / 8,000
Total Tunnels
4,000 4,000 4,000 8,000 8,000 8,000
(Site to Site IPSec) *
Tunnel Setup Rate w/ RP2
130 N/A 130 130 130 130
(IPSec, per sec)
Tunnel Setup Rate w/ RP1
NA 90 90 90 90 90
(IPSec, per sec)
DMVPN / BGP Adjacencies
3000 3000 3000 3000 3000 4000
(RP2/RP1, 5 routes per peer)
DMVPN / EIGRP Adjacencies

1,250 1,000 1,250 / 1,000 1,250 / 1,000 1,250 / 1,000 1000
(RP2/RP1, 5 routes per peer)
EasyVPN + dVTI 2,000 2,000 2,000 2,000 2,000 4000
* Total tunnels are for IPSec and GRE+IPSec only

HIGH AVAILABILITY
High-Availability on the ASR 1000
ASR1000 Built for Carrier-grade HA
 Redundant ESP / RP on ASR 1006 and ASR 1013
ASR 1006
 Software Redundancy on ASR 1001, ASR 1002, ASR
1004
Active Standby
Standby Zero
 Zero packet loss on RP Fail-over! Max 100ms loss for RP fails
Route
Processor
HW or SW
Becomes
Route
Processor
Active
Packet
Loss
ESP fail-over
 Intra-chassis Stateful Switchover (SSO) support for
– Configuration Active Standby
Forwarding Forwarding
– Protocols: FR, ML(PPP), HDLC, VLAN , IS-IS, BGP, CEF, SNMP, Processor Processor
MPLS, MPLS VPN, LDP, VRF-lite
– Stateful features: PPPoX, AAA, DHCP, IPSec, NAT, Firewall
 IOS XE also provides full support for Network Resiliency SPA SPA SPA SPA SPA SPA
SPA Carrier Card SPA Carrier Card SPA Carrier Card

– NSF/GR for BGP, OSPFv2/v3, IS-IS, EIGRP, LDP
SPA SPA SPA SPA SPA SPA
– IP Event Dampening; BFD (BGP, IS-IS, OSPF)
– GLBP, HSRP, VRRP
 Support for ISSU

 Stateful inter-chassis redundancy available for NAT,
Firewall, SBC
Software Redundancy – IOS XE
ASR1002 and ASR1004
IOS Standby
Process Becomes
 IOS runs as its own Linux process for control fail Active
plane (Routing, SNMP, CLI etc.) IOS IOS
 Linux kernel runs IOS process in protected (Active) (Standby)
memory for: IOS XE Platform Adaptation Layer (PAL)

– Fault containment Chassis Forwarding
Manager Manager
– Restart-ability of individual SW processes
Kernel
 Software redundancy helps when there is a RP-
IOS failure/crash Route Processor
Control Messaging
 Active process will switchover to the standby,
while forwarding continues with zero packet
loss SPASPASPASPA QFP
Driver
Driver
Driver
Driver Client/Driver
 Can be used for ISSU of RP-IOS package for Chassis Forwarding Chassis
control-plane bug fixes and PSIRTs Manager Manager Manager
Kernel Kernel
 Other software crashes (example: SIP or ESP)
cannot benefit from Software redundancy SPA Interface Processor Embedded Services
Processor
ASR 1006 High Availability Infrastructure
Infrastructure for Stateful Redundancy
RPact RPsby
Non-HA-Aware IOSact IOSsby Non-HA-Aware
Application Application  Provides hitless or
Config
MLD
Config
MLD
near hitless
CF CF switchover
…
…
CEF
I Interconnect
I CEF
Used for
Mcast IPC Message Qs P IPC and P IPC Message Qs Mcast
Driver/Media
Layer
C Check-
pointing
C Driver/Media
Layer
 Reliable IPC
RF RF
IDB State Update Msg IDB State Update Msg
transport used for
MFIB FIB RIB IDB MRIB RT
synchronization
IDB
FMRP
MFIB FIB
FMRP
 HA operates in a
similar manner to
ESPact ESPsby
other protocols on
the ASR 1000
FMESP QFP Client FMESP QFP Client
SPAs
ASR 1000 In-Service Software Upgrade
 Ability to perform upgrade of the IOS image on  RP Portability - installing & configuring
the single-engine systems hardware that are physically not present in
the chassis
 Support for software downgrade
 This allows the user to configure an RP in
 “In Service” component upgrades (SIP-Base, one system i.e. a 4RU and then move it to
SIP-SPA, ESP-Base) without requiring reboot another system i.e. a fully populated 6RU
to the system
 One-shot ISSU procedure available for H/W
 Hitless upgrade of some software packages redundant platforms
Software Release
3.1.0 3.1.1 3.1.2 3.2.1 3.2.2
From \ To
3.1.0 N/A SSO Tested SSO SSO via 3.1.2 SSO via 3.1.2
3.1.1 SSO Tested N/A SSO Tested SSO via 3.1.2 SSO via 3.1.2
3.1.2 SSO SSO Tested N/A SSO Tested SSO Tested
3.2.1 SSO via 3.1.2 SSO via 3.1.2 SSO Tested N/A SSO Tested
3.2.2 SSO via 3.1.2 SSO via 3.1.2 SSO Tested SSO Tested N/A
OPERATIONS & PERFORMANCE
RP2/ESP40 Feature Impact Performance
IPv4 Feature Performance Impact RP2/ESP40
50
45
40
Gbps or MPPS
35
30
25
20
15
10
0
76 132 260 516 1028 1518
Base Mpps ACL Mpps QoS Mpps uRPF Mpps NF Mpps Combined Mpps
Pkt Size (Bytes)
Base Gbps ACL Gbps QoS Gbps uRPF Gbps NF Gbps Combined Gbps
 Individual features have small impact with small packet sizes

 Individual features have miniscule impact at large packet sizes (above 516B)
 QFP has excellent behavior even with combined features for larger packet sizes!
Latency Performance Example
3500
Latency (us - Min)
3000 Latency (us -

Avg)
Latency (us -
(microseconds)
Max)
Latency in us
2500
2000
Max – 1.1-1.4ms
1500
Avg – 50-55us
1000
Min – 25us
500
0
90 91 92 93 94 95 96 97 98 99 100
Percentage Load
 For details on the Test setup and feature configuration, see

RFC 2544 Latency Testing on Cisco ASR 1000 Series
Key System Resources to Monitor
75%
75%
85%
Show platform hardware

qfp active bqs 0 packet-
buffer utilization
Example: QFP TCAM Utilization
QFP TCAM usage can be found in following command:
ASR1000#show platform hardware qfp active tcam resource-manager

usage
QFP TCAM Usage Information
320 Bit Region Information
--------------------------
Name : Leaf Region #2
--------------------------
Number of cells per entry : 4
Current 320 bits entries used : 0
Current used cell entries : 0
Current 80 bit entries used : 0
Current free cell entries : 0
Total TCAM Cell Usage Information
----------------------------------
--------------------------
Name : TCAM #0 on CPP #0
Total number of regions : 3
Total tcam used cell entries : 12
Current 160 bits entries used : 6
Total tcam free cell entries : 524276
Threshold status : below critical limitt
Which Features Use the TCAM?
TCAM Definition Ternary Content-Addressable Memory is designed for rapid, hardware- For Your
based table lookups of Layer 3 and Layer 4 information. In the TCAM, a Reference
single lookup provides all Layer 2 and Layer 3 forwarding information.
Which ASR 1000 • Security Access Control Lists (ACL) .

features use • Firewall – policy maps, ACLs
• IPSec – SA groups, classes, rules
TCAM?
• Ethernet Flow Point for Ethernet Virtual Circuits
• Flexible Packet Matching – class maps / policy maps
• Lawful Intercept
• Multi Topology Routing
• NAT
• Policy Based Routing
• QoS – class maps, policy maps
• NBAR / SCEASR
• Web Cache Control Protocol
• Edge Switching Services
• Event Monitoring
Save Your TCAM!
Strategies to Optimize your TCAM Usage
Old Method: 15 TCAM Entries
Avoid use of “Deny” action ACL Entries as ip access-list extended ACL_User1
10 permit ip any 62.6.69.88 0.0.0.7
ip access-list extended ACL_User2
10 permit ip any 62.6.69.88 0.0.0.7
this will cause TCAM entry explosion! 20 permit ip 62.6.69.88 0.0.0.7 any
30 permit ip any 62.6.69.112 0.0.0.15
20 permit ip 62.6.69.88 0.0.0.7 any
30 permit ip any 62.6.69.112 0.0.0.15
40 permit ip 62.6.69.112 0.0.0.15 any 40 permit ip 62.6.69.112 0.0.0.15 any
 Deny will be converted to equivalent set 50 permit ip any 62.6.69.128 0.0.0.15 50 permit ip any 62.6.69.128 0.0.0.15
of “Permit” statements 60 permit tcp any eq bgp host 1.2.3.1

70 permit tcp any host 1.2.3.1 eq bgp
60 permit tcp any eq bgp host 7.8.9.6
70 permit tcp any host 7.8.9.6 eq bgp
80 permit icmp any host 1.2.3.1
 Implicit Deny at end of ACL is ok!
New Method: 10 TCAM Entries
ip access-list extended common_acl
10 permit ip any 62.6.69.88 0.0.0.7
Use new ACL Chaining feature coming 1
20 permit ip 62.6.69.88 0.0.0.7 any
30 permit ip any 62.6.69.112 0.0.0.15
in IOS XE 3.11 to group and optimize 40 permit ip 62.6.69.112 0.0.0.15 any
50 permit ip any 62.6.69.128 0.0.0.15
common ACL Entries:
ip access-list extended ACL_User1 ip access-list extended ACL_User2
1.
1 Common ACEs can be moved into new 10 permit tcp any eq bgp host 1.2.3.1 10 permit tcp any eq bgp host 7.8.9.6
20 permit tcp any host 1.2.3.1 eq bgp 20 permit tcp any host 7.8.9.6 eq bgp
ACL that can be chained to any ACL 30 permit icmp any host 1.2.3.1
2
2.2 Newly formed ACLs can be “Chained” Interface GigabitEthernet 0/0/0
ip access-group common common_acl
Interface GigabitEthernet 0/0/1
ip access-group common common_acl
by applying both onto respective ACL_User1 in ACL_User2 in
interface
ASR1000 APPLICATIONS
ASR1000 Network Applications
Routing, PE, Broadband, WiFi Secure WAN and PE
• IPv4 / IPv6 Routing, Transition • IPSec VPN – DES, 3DES, AES-128-GCM
• BGP, RIP, IS-IS, OSPF, Static routes • DMVPN, GETVPN, FLEXVPN
• GRE, MPLSoGRE, EoMPLSoGREoIPSec, 2700+ Features! • VRF-lite, MPLS-VPN, over DMVPN
ATMoMPLS
• Secure VPLS
• MPLS L3 VPN
• IOS Zone-based Firewall, many ALGs
• L2VPN (ATM, Circuit Emulation)
• Carrier Grade NAT
• VPLS, H-VPLS PE; Carrier Ethernet
Services • VRF-aware
• Route Reflector, Internet Peering • Hardware accelerated (Crypto + TCAM)
• Internet & WAN Edge Application Layer Services

• Broadband & WiFi Aggregation
• SBC: CUBE Enterprise, CUBE SP (HCS, CTX)
• Subscriber Management
• SIP, NAPT, Megaco/H.248, Topology Hiding
Multicast • AppNav – Advanced WAAS redirection

• IPv4 / IPv6 Multicast Router • AVC: NBAR2, hardware accelerated DPI
• MVPN (GRE, mLDP), MVPN Extranet • Application-aware QoS Policy
• IGMPv2/v3 • Medianet – Mediatrace, Monitor
• NAT & CAC • OnePK – SDN API
IPSec VPN Applications 2547oDMVPN MPLS
Campus/
MAN
Hub as P or RR RR
 GETVPN PE E-P
Campus-PE
mGRE
 VRF-lite, Group Key Mgmt, Compliance-mode GRE
Tunnels IP
Cipher&Hash selection, Key Server Servic
e
 DMVPN E-PE
E-PE E-PE
 2547oDMVPN, VRF-aware DMVPN (iVRF), BGP,

EIGRP, per tunnel QoS Remote
Branches
 EasyVPN
VRF-lite over DMVPN MPLS
 Dynamic Crypto Map Campus
or MAN
RR
NHRP
 Site-to-Site and Flex VPN mGRE Server
E-PE
Branch LAN
per
 IKEv2 VRF
IP
 FlexVPN Multi
-VRF
Service
CE
 GRE+IPSec
Multi-
VRF CE
 VRF-aware IPSec Remote
Branches
 NSA Suite-B Cryptography
80
ASR1000 Unified Communications Applications
Session Border Controller Medianet
• Cisco Unified Border Element (ENT) • Performance aware statistics based on
(CUBE(ENT)) media traffic analysis
• Full trunk-side SBC functionality • Packet loss, Jitter, Delay for media flows
• Session Mgmt, Demarcation, Security,
• Media trace (traceroute for mediaflows)
Interworking
• Connect CUCM to SIP trunks • Class Specific threshold crossing alerts
• Connect 3rd party IP BPX to SIP trunks • Netflow and SNMP/MIB based reporting
• DSP-based transcoding up to 9000 calls • Compatible with Cisco Media architecture
with DSP SPA module; Noise cancellation. and equipment
• Hi density Media forking
• UC Service API Routing Baseline
• 3rd Party API for call control • IPv4 / IPv6 Routing, Transition
• SRTP Encryption HW (ESP) - Hi density • BGP, RIP, IS-IS, OSPF, Static routes
SRTP calls
• MPLS L3 VPN, L2VPN, GRE, IPSec
• Line Side SBC functionality for voice
endpoints • VPLS, H-VPLS PE; Carrier Ethernet Services
Cisco Unified Call Manager (CUCM) • IPv4 / IPv6 Multicast Router

• Software Media Termination Point (MTP) • MVPN (GRE, mLDP), IGMPv2/v3
• Scales to 5000 Sessions • Rich connectivity options
Application Visibility and Control
Deep Dive: BRKAPP-2030 Application Visibility and Control in Enterprise WAN
Application Visibility and Control (AVC)
How the Solution Works
App Visibility and
User Experience Report
ISR G2 IOS PA ISR G2
FNF App BW Transaction Time …
ASR1K ASR1K
ISR G2
WebEx 3 Mb 150 ms …
ASR1K
Reporting High
Tools
Citrix 10 Mb 500 ms …
Me
NFv9
d
Low
Perf. Collection
Identify Applications Management Tool Control
and Exporting
DPI Engine (NBAR2) ISR G2 and ASR Collect Cisco Prime Infrastructure Use QoS and PfR to
Identifies Applications Application Bandwidth and Advanced Reporting Tool Control Application
Using L7 Signatures Response Time Metrics, Aggregates and Reports Network Usage to
1000+ applications and Export to Application Performance Improve Application
supported today Management Tool Performance
PfR = Performance-based Routing
Next Generation NBAR (NBAR2)
Deep Packet Inspection (DPI)
Number of Applications HTTP URI
Supported
1200
HTTP Browser
1000+ Hostname Type
1000
800
600 NBAR1
400 NBAR2
200
0
NBAR1 NBAR2
 More than 1000 applications support and  Field Extraction – collect application
growing specific information in addition to
identify applications
 Categorization to simplify application
management  Sub-port Classification – match
parameters of the applications
 In-service signature update through
Protocol Pack
Application-Aware QoS
class-map match-all business-critical
match protocol citrix Application BW Priority
match access-group 101 Committed BW
Business-Critical Committed 50% High (50% of the Line)
class-map match-any browsing

Browsing 30% (=15% of the Line) Normal
match protocol attribute category browsing
• Internal browsing • 60% (Out of Browsing) Excess BW
(50% of the Line)
class-map match-any internal-browsing Remaining 70% (=35% of the Line) Normal

match protocol http url “*myserver.com*”
policy-map internal-browsing-policy Business-Critical:

class internal-browsing Internal-Browsing:
High Priority
bandwidth remaining percent 60 60% of Browsing
50% Committed
policy-map my-network-policy
class business-critical
priority
police percent 50
class browsing
bandwidth remaining percent 30
service-policy internal-browsing-policy Browsing: Remaining:
30% of Excess BW 70% of Excess BW
interface Serial0/0/0 (= 15% of the Line) (= 35% of Line)
service-policy output my-network-policy
What is Really in Your Network?
Port Application
Monitoring Monitoring
HTTP?
UNKNOWN?
HTTPS
Monitor Application Usage and Detect Performance Issues

Intelligent Path Control
Deep Dive: BRKRST-2362 Deploying Performance Routing
Common WAN Topologies
Adoption
Increasing
Dual MPLS Hybrid Dual Internet
Internet Internet Internet
MPLS MPLS Internet MPLS Internet Internet
Dual MPLS Hybrid Dual Internet

 Highest reliability, security & availability  Leverages low cost bandwidth  Lowest bandwidth costs
± Tightly coupled to provider(s)  Balanced availability & performance  Flexible transport options
– Expensive ± Thoughtful design required – No provider guarantees
Pervasive Security Throughout
Introducing Performance Routing (PfR)
Intelligent Path Control
Email Path
PfR MCs
Video Path
Internet
ASR1K DMVPN Branch
ISR G2 PfR
ASR1K
MC/BR
Email VMs
PfR BRs
SP A ASR1K
Headquarter MPLS
ASR1K SP B
ASR1K GETVPN
Master Controller (MC) MPLS
Border Router (BR) GETVPN
 Dynamically re-route traffic paths based on real-time Network Performance

 Full utilization of expensive WAN bandwidth
– Efficient distribution of traffic based upon load, circuit cost and path preference
 Improved Application Performance
– Per application best path based on delay, loss, jitter measurements, MOS (Mean Opinion Score)
 Increased Application Availability
– Protection from carrier black holes and brownouts
Performance Routing – Components
The Decision Maker: Master Controller (MC)

 Apply policy, verification, reporting MC
 No packet forwarding/ inspection required
The Forwarding Path: Border Router (BR)

 Gain network visibility in forwarding path (Learn, measure) BR BR
 Enforce MC’s decision (path enforcement)
Optimize by:
WAN1 WAN2
 Reachability, Delay, Loss, Jitter, MOS,
 Throughput, Load, and/or $Cost
Performance Routing – The Journey …
Learning Get the Traffic Classes

in the MC database
Monitoring (Passive – Active) Get the Traffic Classes

Performance Metrics
Choosing Your Policies

Check Delay, loss,
threshold, Bandwidth
and more …
Enforcing the Path Use a good performing
path per Traffic Class
Enterprise WAN Use Case HQ
Blackout and Brownout
Voice - Video
 Problem Statement: Critical Application
MC
– Recent carrier routing problem cause a network outage Rest of the Traffic
(Blackout).
– Fluctuating performance over the WAN is causing
intermittent application problems (Brownout) BR BR
The Rest of the
Voice, Video,
– Secondary/Backup WAN path under utilized Critical Traffic
 Solution: PfR Application based optimization

– Protect Voice and Video traffic: primary path, check WAN1 WAN2
delay, loss, jitter – fallback secondary (IP-VPN) (IPVPN, DMVPN)
– Protect Business Applications: primary path, check loss,

utilization – fallback secondary
– Best effort Applications – Maximize bandwidth
utilization: load balanced across SPs or use the MC/BR MC/BR MC/BR BR
secondary path
AppNav for WAN Optimization
Deep Dive: TECAPP-2001 Inserting and Scaling Virtual and Physical Network Services
WAAS Deployment Challenges Today
WAN
Mask Value Result
Branch office1
CPU/SUP utilization
Branch Office2 00:00:03:00 00:00:00:00 WAE-1
TCAM Entries
Branch Office3 00:00:03:00 00:00:01:00 WAE-2
00:00:03:00 00:00:02:00 WAE-3
Redirect ACL
• Un-deterministic Branch to DC Hundreds of ACL Entries
• Heavy administration for redirect ACLs

WAN
• TCAM memory and high CPU utilization
• Traditional In-Line has limited scale
AppNav Addresses the Challenges
Virtualize WAN optimization resources into pools of elastic

resources with business driven bindings.
Greatly simplify deployment and management of WAAS
Previous
Path
Application Affinity Custom
Persistence Affinity Rules
WAN WAAS
WAAS I/O Device
Load Status
WEB Apps WAAS
Exchange WAAS Traffic
Optimization
Load
WAVE Load
WAVE
AppNav
WAAS High
High
Availability
vWAAS Availability
vWAAS
Region 1 Region 2
WAN optimization Pools
AppNav Components
AppNav Controllers (ANC)
• Provides service aware flow distribution,
WAAS Node Groups (WNG) to direct traffic to the WAAS Nodes within
the cluster.
• Group of up to 32 WNGs per
cluster.
• Each WNG services a set of AppNav Controller Groups (ANCGs)
traffic flows identified by AppNav • Group of up to 8 ANCs per cluster
policies
• All ANCs in an ANCG share flow state
• Any current WAAS appliance information, for handling of asymmetric
version 5.0 and above can be a traffic and HA conditions
WN, including WAAS appliances
and vWAAS.
Service Context Cluster

• A Cluster with and associated Service Policy • The group of all ANC and WAAS devices within a service
context.
• Determines flow scalability
• Member ANCs discover each other via heartbeats. Member
WAAS nodes are discovered by ANCs using probes.
• One flow distribution policy per cluster
Example DC Deployment: WAN Edge with VRF
Branch 1
AppNav Controller Service Cluster

VRF B
Group Service Node Group
ISR
10.1.1.1 (VRF B)
WAAS
Service Node Group
Branch 2
ASR1000 vWAAS
ISR WAN Edge
VRF A
Isolate one WAAS

10.1.2.1 (VRF A) GRE Tunnels instance
Per VRF
HQoS for WAN Traffic Optimization
Optimized WAN Aggregation
Bandwidth
Branch # 1 / Dept # 2 or Site # needs to be
1 / Customer # 1 Headend should not overflow
shared here
outbound this limited bandwidth AND
between dept share between departments AND
/ customers. Prioritize Voice and/or Cloud
CIFS WAAS Exchg ERP / CRM
Application traffic.
IPSec
Aggregator
QFP
CPE
ASR1K
Branch #
1 / Dept # ASR1K
1
Internet / IP VPN Firewall
CPE
Headend should not overflow

Limited or no this limited bandwidth AND
SLA share between departments
AND Prioritize Voice and/or
Cloud Application traffic.
ASR 1000 Traffic Manager Queue Hierarchies
Gig0/0/0
VLAN / Tunnel
$$ / CAC
Hierarchy
Best Effort
Hierarchy
…
SIP
VLAN / Tunnel
$$ / CAC ESI BW
Hierarchy 10/40
Gbps
Best Effort
Hierarchy
Queue Level Ten0/1/0

(ext. RLDRAM) 2nd – “Parent”
3rd – “Aggr.”
4th – Int. 5th – SIP/LC
Policies Aggregation Example: No CAC
• New IOS Feature (only on ASR1000 series)
That Allows You to Apply Policies Together policy-map Branch/Dept1 (VLAN100)
Flexibly class class-default fragment ALL-P
bandwidth remaining ratio 24
service-policy ALL-CHILD
Policy-map main-interface (local)
policy-map ALL-CHILD
Class data service-fragment class EF
ALL-P priority This queue is shaped at
class AF4 main interface
shape average 40 Mbps
LINKED
class AF41
class class-default
policy-map Branch/Dept2 (VLAN200)

class class-default fragment ALL-P
service-policy ALL-CHILD
policy-map ALL-CHILD
class EF
priority
class AF4
class AF41
Cisco.com: class class-default
http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_policies_agg_ps9587_TSD_Prod
ucts_Configuration_Guide_Chapter.html
Policies Aggregation Example : with CAC
policy-map Department1 (VLAN100)

class EF
priority level 1
These queues are not
class AF4 shaped at main
Policy-map main-interface priority level 2 interface
Class data service-fragment ALL-P class class-default fragment ALL-P
shape average 400 Mbps shape average 150 Mbps
service-policy AF1plusDefault
policy-map AF1plusDefault
class AF1
bandwidth percent 35
LINKED
class class-default
policy-map Department2 (VLAN200)

class EF
priority level 1
These queues are not
class AF4 shaped at main
priority level 2 interface
class class-default fragment ALL-P
shape average 150 Mbps
service-policy AF1plusDefault
policy-map AF1plusDefault
class AF1
class class-default
Cisco.com: http://www.cisco.com/en/US/docs/ios/qos/configuration/guide/qos_ bandwidth percent 65
policies_agg_ps9587_TSD_Products_Configuration_Guide_Chapter.html
Medianet
Lab: LTREVT-2300 Enterprise Medianet: Video Applications and Network Design Lab:A
What is Medianet?
Medianet is:
• An architecture for successful deployment of multiple media and business applications
Medianet solutions include:

• Automatic, plug & play deployment
• Media performance monitoring, troubleshooting and capacity planning
• Media Awareness for bandwidth management
Medianet solutions:
• Include compliant products and features in both Smart Endpoints/Applications and Smart Network
Infrastructure
• DO NOT REQUIRE an entirely end-to-end Cisco network with medianet enabled in every hop
ASR1000 Medianet Features
 Performance Monitor – Detects voice/video issues and reports to Cisco Prime
– RTP, TCP and IP-CBR traffic
– A la carte metric selection (loss, latency, jitter etc.)
– Fault isolation and network span validation
– Thresholding and action triggering (Alarms, SNMP traps, Syslog); Netflow-based metrics
 MediaTrace – collects information from multiple routers along the media path
– Like traceroute for Media! Can also be requested by a remote device.
– Discover & query medianet capable nodes along path at L2 and L3
– Gather key resource, interface and flow Performance Monitor stats
– Consolidate information on a single-screen: what I/F is dropping packets? where is DSCP getting reset?
 IPSLA Video Operation (VO) – generates synthetic traffic for simulation/troubleshooting

– Synthetic traffic measurements for stress-testing network;
– Realistic video traffic profile (packet sizes, burstiness, rate, etc..)
– Prepackaged profiles
– IPSLA probes for measuring performance
Medianet Metadata Integration
Putting it all Together
 Flow Metadata –network devices

understand Metadata from MSI-enabled
endpoints
– Can be configured globally or per interface
– When used with Performance Monitor, it will
export application information
 Media Services Proxy (MSP) – Generates

Metadata on behalf of endpoints
– Configured on closest switch or router to
endpoints
– Lightweight DPI, used to generate Flow
Metadata for endpoints that are not MSI-
enabled
 Metadata integration with QoS!

– Ability to have traffic classification using
calling/called numbers, or QoS for
authenticated/unauthenticated users
WiFi Aggregation with Mobile Core Integration
WiFi Subscriber Aggregation
Enabling Roaming and Wholesale Services with iWAG MNO Home Network
Policy
HLR OCS PCRF CG
F
AP
Portal DHCP AAA
WLC
WLC
AP Roaming Internet Services
Partner Core
Access Network Policy

Hotspot PGW/LMA
AP
GTP
Aggregation Roaming Internet Services
Switch Gn’ Partner Core
AP
iWAG
Optional
GGSN
Public/Large NAT Retailer
Venue Providers
AP/CPE
Home Internet Services
Network
Core
Wholesale Provider
Community
WiFi
Intelligent WiFi Access Gateway
Common Subscriber Management and Routing Functions
 Subscriber and Service Aware Aggregation Function

– Key to support for Local Breakout
– Per subscriber APN selection and control
 Policy-controlled subscriber routing, mobility services (PMIP, GTP)

– Anchoring to the GGSN, PGW or local-breakout based on subscriber profile
– Integrated subscriber service management for home network provider as well!
– Interprovider Roaming with policy control
 Policy interface options:

– Radius-based (BNG evolution)
 Integrated Accounting for Wholesale and Retail Services
 IP Aggregation support:
– DHCP Server and Relay capability
– Support for routed and switched access networks
– Efficient solution for IP control-plane to Mobile network control plane interworking – i.e. link model mediation
SUMMARY
Summary and Key Takeaways
 ASR 1000 is Cisco’s strategic next-generation Midrange router leveraging powerful hardware
capabilities of QFP
Horsepower of 64 Cisco 7200 on a single chip; State-of-the-art QoS in hardware
Rich IOS feature set protecting your investment in training and experience
 ASR 1000 is positioned for both Service Provider and Enterprise Architectures
SP: Broadband Network Gateway,Wifi Offload, PE, Manage CPE,
Enterprise: WAN aggregation / optimization, Unified Communications
 ASR 1000 enables reduction in network edge complexity by
Enabling single-platform consolidated PoP / Edge architectures
Integrating advanced services without additional hardware blades
(SBC, NBAR, IPSec, Firewall, BNG, PE etc)
Reduction in power consumption through integration of feature
 ASR1000 is designed with High-Availability in mind
Fully redundant forwarding and control processors; backplane
Fault tolerant SW architecture with process restart-ability and protected memory architecture
Complete Your Online Session Evaluation
 Give us your feedback and
you could win fabulous prizes.
Winners announced daily.
 Receive 20 Cisco Daily Challenge
points for each session evaluation
you complete.
 Complete your session evaluation
online now through either the mobile
app or internet kiosk stations.
Maximize your Cisco Live experience with your
free Cisco Live 365 account. Download session
PDFs, view sessions on-demand and participate in
live activities throughout the year. Click the Enter
Cisco Live 365 button in your Cisco Live portal to
log in.
RP1/ESP5 Feature Impact Performance
IPv4 Feature Performance Impact RP1/ESP10
10
8
Gbps or MPPS
0
76 132 260 516 1028 1518
Base Mpps ACL Mpps QoS Mpps uRPF Mpps NF Mpps Combined Mpps Pkt Size (Bytes)
Base Gbps ACL Gbps QoS Gbps uRPF Gbps NF Gbps Combined Gbps
 Individual features have small impact with small packet sizes (76B)
 Individual features have no impact at large packet sizes (above 260B)
 QFP has excellent behavior even with combined features for larger packet sizes!
ASR1002-X Performance Summary
NDR with features 30
NDR by traffic Type
30
25 25
20 20
Mpps
Mpps
15 15
10 10
5 5
0 0
Base ACL uRPF Netflow FW NAT AVC IPv4 Unicast IPv6 Unicast IPv4 Multicast IPv6 Multicast
ASR1002-X-36G 28 25 25 19 15 10 6 ASR1002-X-36G 28 20 17 15
ESP Type Encryption VRFs Total Tunnels DMVPN w/ DMVPN w/ DMVPN w/ Easy Firewall
Throughput Tunnel Setup Rate BGP Adj (5 EIGRP Adj (5 OSPF Adj (5 VPN + Sessions
(IMIX/MAX) s routes/peer) routes/peer) routes/peer) dVTI
ASR1001 1.8/1 Gbps 1000 4000 130cps 3500 3500 1000 2000 250K
ESP1002-X 4G/4G 1000 8000 130cps 4000 4000 1000 4000 2M

ASR1000 System and Solution Architecture

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ASR1000 System and Solution Architecture

Uploaded by

Copyright:

Available Formats

ASR1000 System and Solution Architecture

Steven Wood, Senior Manager – Technical Marketing

Best in Class ASIC Best in Class

Ethernet Multi-Service, Secure

 ASR1000 System Architecture  Applications

2.5 -5 2.5–10 10-40 10-100+ 10-360

Service Provider Edge Routers

Enterprise Edge / DC ASR 9000

Cable Content Farm

• High Speed CPE • WiFi Access Gateway • LNS

• High Speed CPE • WAN Aggregation • Data Centre Interconnect

Embedded Services Route Route Embedded Services

 Embedded Service Processor (ESP)

Passive Midplane  Centralized Forwarding Architecture

SPA IOCP SPA IOCP SPA IOCP  Distributed Control Architecture

FECP RP RP FECP  ESIs run over midplane and carry

Interconn. Interconn. Interconn.

– Communicate active/standby, Real time

SPA Slots 1-slot 3-slot 3-slot 8-slot 12-slot 24-slot

RP Slots Integrated Integrated Integrated 1 2 2

ESP Slots Integrated 1 Integrated 1 2 2

SIP Slots Integrated Integrated Integrated 2 3 6

IOS Redundancy Software Software Software Software Hardware Hardware

Built-In GE 4 4 6 N/A N/A N/A

 Physical termination of SPA

 Does not participate in forwarding

 Capture stats on dropped packets

 Sustained throughput of 40Gbps vs 10Gbps for SIP10

Processor IOCP 8MB Egress

Optics Optics POS SPA Serial/Channelized/ Ethernet SPA

Mgmt Console BITS

General Purpose CPU Based

 Centralized, programmable forwarding engine providing full-packet

 Packet Buffering and Queuing/Scheduling (BQS)

 Dedicated Crypto Co-processor

 FECP CPU managing QFP, crypto device, midplane links, etc.

• Runs Linux • QoS Queuing

• QFP client / driver

• OBFL Memory GE, 1Gbps

Available ESP-100G Target ESP-200G

Card Processor pool

PPE0 Buffer, queue, schedule (BQS)

Based on Quantum Flow Processor (QFP)

# of Processors 10 20 40 40 8/16/32/62 40 128

TCAM 5Mb 5Mb 10Mb 40Mb 40Mb 40Mb 80Mb

• Packet replication capabilities for Lawful Intercept

• Can cascade 1, 2 or 4 chips to build higher capacity ESPs

 Custom design needed for next-gen Network Integrated Services

 PPEs on 3rd gen QFP run the same Microcode as QFP

 Full Configuration consistency with QFP

Management Interface 4 Built-In GE Ports

 Performance 2.5 to 5-Gbps; License upgrade  Same IOS XE Feature Set

Next Generation ASR1002

Chassis & HW • 2RU form factor

Image Security • Secure boot

 Total bandwidth of the system is determined by the following factors

 Step1: SPA-to-SIP Oversubscription

 Step 2: SIP-to-ESP Oversubscription

ESP-20G Interconnect  ESP-20G: 20G to all slots except

“Other” RP1 RP0 SIP 0 SIP 1 SIP 2

ASR 1000 System Oversubscription (Cont.) Reference

 Linux kernel with multiple processes running in Control Messaging

 ASR 1000 HA Innovations Manager Manager Manager

– Zero-packet-loss RP Failover Kernel Kernel