ASR 1000 Architecture Overview and Use Cases

BRKARC-2001
ASR 1000 Architecture

Overview and Use Cases
Jason Yang, Technical Marketing Engineer – CCIE #10467

Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#BRKARC-2001
© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
• Introducing the ASR 1000

• ASR 1000 System Architecture
• ASR 1000 Software Architecture
• Applications & Solutions
• Conclusion
Introducing the ASR 1000
Cisco ASR 1000 Series Routers: Overview
2.5 Gbps to 200Gbps – Designed today to scale up in the future
COMPACT, INSTANT ON
BUSINESS-CRITICAL RESILIENCY
POWERFUL ROUTER SERVICE DELIVERY
• Line-rate performance 2.5G to 200G • Fully separated control and forwarding • Scalable on-chip service enablement
planes through software licensing
• Investment protection with modular
engines, IOS CLI and SPAs for I/O • Hardware and software redundancy • Industry leading VPN/Crypto solutions
• Hardware assists for ACL, QoS, etc. • In-service software upgrades • Optimal user/app experience with AVC,
Path Control, and AppNav
• Hardware-based QoS engine with up to • Inter and Intra-chassis redundancy
464k queues • Software consumption model with
• DCI to support clustering across
CiscoONE
• New Ethernet CC, 100GE & 40GE EPA geographically dispersed DC
Fixed Chassis IOS-XE Modular Chassis

ASR 1013
ASR 1009-X
ASR 1006 ASR 1006-X
ASR 1004
ASR 1001-X ASR 1002-X ASR 1001-HX ASR 1002-HX
2.5 to 20 5 to 36 44 to 60 44 to 100 10 to 40 20 to 100 40 to 100 40 to 200 40 to 200

Gbps Gbps Gbps Gbps Gbps Gbps Gbps Gbps Gbps
BRKARC-2001 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
ASR 1000 Enterprise Applications
Flexible WAN Services Edge & CPE
Mobile subscriber WAN aggregation
DCI
Corporate office
Internet gateway
High end branch Cloud
High Speed CPE WAN Aggregation Data Center Interconnect

SDA Border IPSec VPN Internet gateway
L2 and L3 VPN Cloud Services Edge
SD-WAN
ASR 1000 Service Provider Applications
A Wide Variety of Use Cases
Mobile Access and Aggregation
Subscriber
Edge
ISP
L2/L3 VPNs CGN Peering
Wireless IPsec/NAT/FW
NBAR2
LNS
Business
Wire line
iWAG
ETTx
RR IP/MPLS Core
CPE
xDSL BNG
CPE
DSLAM
xPON PE
Residence OLT
PPP or IP Aggregation
ATM or Ethernet
Cable Intelligent Services Gateway
M-CMTS Wireless Access Gateway Content Farm
DOCSIS
VOD TV SIP
ASR 1000 System Architecture
ASR 1000 Building Blocks
• Centralized Forwarding Architecture
RPstby
CPU • AllCPU
RPact
FECP
FECP FECP
FECP
traffic flows through the active ESP,
ESPstby
standby is synchronized with all the states
ESPact
interconn GE switch interconn. GE switch QFP

Crypto QFP Crypto
Crypto
Assist.
• Distributed Control Architecture
Crypto
Assist.
Assist. PPE BQS Assist.havePPE
• All major system components a BQS
Route Processor powerful control processor dedicated for
interconnect
interconn.
• Handle control plane interconnect
control and management planes
interconn.
• Manages system
Embedded Service Processor
Midplane
• Handles forwarding plane traffic
interconnect interconnect interconnect
ELC
SIP
MIP
AGG AGG AGG
IOCP IOCP IOCP
ASIC ASIC ASIC
SPA SPA Built-in GE/10GEs EPA EPA
SPA Interface Processor Ethernet Linecard Modular Interface Processor

• Houses Shared Port Adapter (SPA) • Built-in GE/10GE ports • Houses Ethernet Port Adapter (EPA)
• Packets buffer • Packets buffer • Packets buffer
ASR 1000 Modular Chassis Overview
ASR 1004 ASR 1006 ASR1006-X ASR 1009-X
ASR 1013
RP Slots 1 2 2 2 2
ESP Slots 1 2 2 2 (super) 2 (super)
SIP/MIP Slots 2 (SIP only) 3 (SIP only) 2 3 6
Built-In Ethernet N/A N/A N/A N/A N/A
Redundancy Software Hardware Hardware Hardware Hardware
Height 7” (4RU) 10.5” (6RU) 10.5” (6RU) 15.7” (9RU) 22.7” (13RU)
Bandwidth 10 – 40 Gbps 10 -100 Gbps 40 - 100 Gbps 40 - 200 Gbps 40 - 200 Gbps
1100 power modules 1100 power modules

Max Output Pwr 765W 1275W
N+1, Max 6 N+1, Max 6
3200W
Airflow Front to back Front to back Front to back Front to back Front to back
ASR 1009-X Forwarding Plane (ESP)
System Management  Up to 200Gbps per

system
 RJ45 Console
 Supports ESP40,
 Auxiliary Port ESP100, ESP200 and
 2x USB Ports future ESPs
Hardware Redundancy
I/O Connectivity
 Dual ESP and RP slots
 12x SPA slots (SIP-40) for data plane and control
 3x ELC slots plane redundancy
 6x EPA (MIP-100)  ISSU
Modular Fan Tray

 Field Replaceable Control Plane
 30% improvement in  Support RP2 and RP3
airflow per slots vs
 8 - 64 GB Memory
integrated Fan module
 FIPS-140-2 certification
BITS clocking Power Supply

 Stratum 3 built-in  Modular power supply with N+1 redundancy
 High efficiency, Load sharing, Hot-swappable
 AC (1100W) or DC (950W)
ASR 1000 Modular Chassis Compatibility Matrix
Chassis RP2 RP3 SIP40 ELC MIP100 ESP20 ESP40 ESP100 ESP200
ASR1004 Yes No Yes Yes No Yes Yes No No
ASR1006 Yes No Yes Yes No Yes Yes Yes No
ASR1013 Yes Yes Yes Yes Yes(2)(3) No Yes Yes Yes
ASR1006-X Yes(1) Yes Yes Yes Yes(3) No Yes Yes No
ASR1009-X Yes(1) Yes Yes Yes Yes(3) No Yes Yes Yes
(1)RP2 with new CPLD

(2)100G support in Slots 2&3; others at 40G
(3)ASR1000-MIP100 is not supported with ESP40
ASR1000-MIP100 (Modular Interface Processor)
1006-X/1009-X with
ESP100/ESP200
ESP100/200
10x10G
 Line rate
 No oversubscription
Mid plane
1x100G
 Line rate
100G
 No oversubscription
MIP100 1x100G
1x100G
 2 to 1 oversubscription
100G
Ethernet Port Adapter (EPA)
EPA Modular Chassis ASR1002-HX Optics Modules
with MIP-100
EPA-QSFP-1X100GE XE 16.9.1 (MACSec) XE 16.9.1 (MACSec) MMF, SMF, SR, LR, ER, –S Class transceivers
EPA-1x40GE XE 16.6.2 XE 16.6.2 MMF, SMF, SR, LR, ER, –S Class transceivers
EPA-2x40GE XE 16.8.1 (MACSec) XE 16.8.1 (MACSec)
EPA-1x100GE XE 3.16.1 XE 16.4.1

XE 16.2.1
CPAK-100G-SR10 CPAK-100G-LR4
EPA-CPAK-2x40GE XE 3.16.2 XE 16.4.1
XE 16.3.1
CPAK-100G-SR10 CAB-MPO24-2XMPO12 QSFP-40G-SR4
EPA-10x10GE XE 3.16.4 XE 16.3.1 SFP-10G-SR, SFP-10G-SR-X, SFP-10G-LR,

XE 16.2.1 XE 16.3.2 (MACSec) SFP-10G-LRM, SFP-10G-LR-X, SFP-10G-ER
XE 16.3.1 (MACSec)
EPA-18x1GE XE 16.2.1 XE 16.2.1 GLC-GE-100FX, GLC-SX-MMD, GLC-LH-SMD, SFP-GE-T,
GLC-BX-U, GLC-BX-D, GLC-TE, GLC-SX-MM, GLC-LH-SM,
XE 16.3.2 (MACSec) XE 16.3.1 (MACSec)
GLC-EX-SMD, GLC-ZX-SMD, CWDM-SFP, DWDM-SFP
Modular Route Processors: RP2 & RP3
RP2 RP3 30%+
Faster!
60%+
Scale!
CPU 2.66GHz Intel Xeon Dual-core 2.2GHz Intel Broadwell Quad-core
Default memory 8GB (4x2GB) – DDR2 8GB (2x4GB) – DDR4
Memory upgrade options 16GB (4x4GB) 16GB (2x8GB), 32GB (4x8GB); 64GB (4x16GB)
Built-In eUSB Bootflash 2GB 8GB
80GB HDD 100GB SSD default, 200GB and 400GB upgrade options
Storage
external USB external USB
IOS XE OS 64 bits 64 bits
ASR 1004
ASR 1006 ASR 1006-X
Chassis Support ASR 1013 ASR 1009-X
ASR 1006-X ASR 1013
ASR 1009-X
ASR1000 Embedded Services Processor (ESP)
 Centralized, programmable, multiprocessor forwarding engine providing full-packet processing
 Packet Buffering and Queuing/Scheduling (BQS) ESP40
 For output traffic to carrier cards/SPAs/EPAs
 For special features such as traffic shaping, reassembly,
replication, punt to RP, cryptography, etc.
 5 levels of HQoS scheduling, up to 464K Queues,
Priority Propagation
 Dedicated crypto co-processor
 Interconnect providing data path links (ESI) to/from
other cards over midplane
 Transports traffic into and out of the Cisco
Quantum Flow Processor (QFP)
 Input scheduler for allocating QFP BW among ESIs
 FECP CPU manages QFP, crypto device, midplane links, etc.
ESP100
ESP Bandwidth
• Overall throughput is determined by the type of ESP and SIPs used in modular platforms.
• Modular platforms are rate limited by speed of bus from QFP complex to backplane ASIC
• Bandwidth is expressed in terms of aggregated throughput, use ESP100 as example:
50 Gbps 50 Gbps 10G 80G

• 50G Unicast in each direction • 10G Multicast with 8X replication in one direction
• Total Output bandwidth 50+50=100 • 20G unicast in the other direction
• Total Output bandwidth 80+20=100G
• 50Gbps Unicast in one direction and 70Gbps Unicast in • 10Gbps Multicast with 10X replication in one direction
the other direction • 10Gbps Unicast in the other direction
• Total output bandwidth (50+70=120) exceeds 100Gbps; • Total bandwidth (100+20=110) exceeds 100Gbps; only
only 100Gbps will be forwarded. 100 Gbps will be forwarded
Cisco Quantum Flow Processor (QFP)
ASR1000 series innovation
QFP Chip Set
• Five year design and continued evolution – now on 3rd generation

• Architected to scale to > 100Gbps
• Multiprocessor with 64 multi-threaded cores; 4 threads per core
• 256 processes per chip available to handle traffic
• High-priority traffic is prioritized Cisco QFP
Packet Processor
• Packet replication capabilities for Multicast
• Many H/W assists for accelerated processing
• 3rd generation QFP is capable for 70Gbps, 32Mpps processing
• Mesh-able: 1, 2 or 4 chips to build higher capacity ESPs
• Latency: tens of microseconds with features enabled
Cisco QFP Traffic Manager
(Buffering, Queueing, Scheduling)
Cisco Enterprise Routing NPU Leadership 4th Gen QFP
> 200G
Continuing Investment in Network Processor Technology
3rd Gen QFP linerate security

200G and high perf
Over 100 Lower Cost fully SD-WAN
Patents integrated NPU
Awarded! 2nd Gen QFP and IO device
Performance
40G
1st Gen QFP

20G
#cores: Number of Packet Processing Engines

NPU #threads: concurrent, parallel threads processed
High Speed Backplane Aggregation ASIC
IO Oversubscription & Aggregation ASIC
Increasing network intelligent and services requirements

2008 2012 2018
ASR 1000 Fixed Chassis Overview
ASR 1001-X ASR 1002-X ASR 1001-HX ASR 1002-HX
SPA Slots 1 3 N/A N/A

EPA Slots N/A N/A N/A 1
NIM Slots 1 N/A N/A 1
Built-In GE 6 6 8 8
Built-In TenGE 2 N/A 4 + 4 (configurable 10GE/GE) 8
CPU 2.0GHz quad-core 2.13GHz quad-core 2.5GHz quad-core 2.5GHz quad-core
8GB; upgradable to 4GB; upgradable to 16GB; upgradable to
Memory 8GB; upgradable to 16GB
16GB 8GB/16GB 32GB
eUSB(8GB) eUSB(8GB) eUSB(32GB)
Storage eUSB(32GB)
SSD (200GB, 400GB) Optional HDD (160GB) SSD (200GB, 400GB)
IOS Redundancy Software Software Software Software
Height 1.75” (1RU) 3.5” (2RU) 1.75” (1RU) 3.5” (2RU)
Throughput 2.5 to 20Gbps 5 to 36Gbps 60Gbps 100Gbps
Maximum Output Power 250W 470W 360W 500W
Airflow Front to back Front to back Front to back Front to back
ASR 1001-HX
Control plane Pay as you grow
Multi-Core Network Processor
 CPU: Quad Core @ 2.5 GHz  License on built-in ports
 60Gbps forwarding capacity
 Memory: 8GB DDR3 default  4x TenGE+ 4xGE enabled by default
 62 Cores
memory, upgradeable to 16GB  The remaining ports can be enabled in pairs
 4 HW Threads / Core
 Secure Boot + Image Signing
 248 simultaneous threads
Miscellaneous
 RJ45 & mini-USB console
 Secure Boot
Built in I/O Crypto module

 8x Gigabit Ethernet interfaces  Field upgradeable
 8x TenGigabit Ethernet interfaces (4 configurable 10G/1G ports)  16 Gbps crypto throughput
 Multipoint MACSEC for linerate encryption (1G & 10G)  Suite B support
ASR 1001-HX Crypto Module
• ASR 1001-HX can be ordered with or without the crypto module
• Crypto module can be installed in the field unit when it need the function
• Crypto bandwidth licensed from factory
(default 8Gbps, upgradeable to 16Gbps on demand)
• 16Gbps crypto license unlocks crypto
performance cap of 29Gbps (1400bytes)
ASR 1002-HX
Multi-Core Network Processor
 100 Gbps forwarding capacity
Pay as you grow  124 Cores
 License on built-in ports  4 HW Threads / Core
 4x TenGE+ 4xGE enabled by default  496 simultaneous threads
 The remaining ports can be enabled in pairs Miscellaneous Network Interface Module
Control plane  RJ45 & mini-USB console  1 double wide or 1 single wide
 CPU: Quad Core @ 2.5 GHz  eUSB: 32GB NIM
 Memory: 16GB DDR3  Secure Boot
default memory,
upgradeable to 32GB
 Secure Boot + Image Signing
Power Supply & Fans

 Modular PS, FRUable
 Fan Tray
Ethernet Port Adapter Crypto module
Built in I/O
 1x EPA slot  Field upgradeable
 8x Gigabit Ethernet interfaces
 25 Gbps crypto throughput
 8x TenGigabit Ethernet interfaces
 Suite B support
 Multipoint MACSEC for linerate encryption
(1G & 10G)
ASR 1002-HX Crypto Module
• ASR 1002-HX can be ordered with or without the crypto hardware
• Crypto module can be installed in the field unit when it need the function
• Crypto bandwidth licensed from factory (default 8Gbps, upgradeable to 16Gbps and
25Gbps on demand)
• 25Gbps crypto license unlocks crypto performance cap of 39Gbps (1400bytes)
• ASR 1002-HX must be powered down to install/remove crypto module
Software Architecture
IOS XE Software architecture IOS IOS
active standby
• IOS XE = IOS + IOS XE Middleware + Platform Software Platform Adaptation Layer
RP
(PAL)
• Operational Consistency—same look and feel as IOS Router Chassis Forwarding
manager manager
• IOS runs as its own Linux process for control plane
(Routing, SNMP, CLI etc.) 64-bit operation Linux Kernel
• Linux kernel with multiple processes running in

protected memory Control
messaging
• Fault containment
• Re-startability
QFP client SPASPA
driver
driver
SPA/EPA
• ISSU of individual SW packages
SIP/MIP
driver
• ASR 1000 HA Innovations QFP driver
ESP
Chassis
Chassis Forwarding manager
• Zero packet loss with RP Failover manager manager
• <50ms ESP Failover
Linux Kernel Linux Kernel
• Software redundancy
Software Architecture – Modular Platform
• Runs Control Plane IOS

• Generates configurations
• Maintains routing tables (RIB, FIB…) Platform Adaptation Layer
RP
(PAL) • Provides abstraction layer between
• Initialization of RP processes Chassis Forwarding hardware & IOS
• Initialization of installed cards
manager manager • Manages ESP redundancy
• Detects and manages OIR of cards • Maintains copy of FIB and interface list
• Manages system status, Linux Kernel • Communicates FIB status to active &
environments, power, EOBC standby ESP
Control
messaging
• Driver Software for SPA/EPA
• Programs QFP forwarding plane and interface
QFP DRAM QFP client / driver SPASPA
driver cards is loaded independently
driver
SPA/EPA •
• Statistics collection & RP Failure or upgrade of driver
SIP/MIP
driver
communication QFP code does not affect other
ESP
Chassis SPAs/EPAs in the chassis

manager
• Communicates with forwarding Chassis Forwarding
manager manager
manager on RP
• Maintains copy of FIBs Linux Kernel
Linux Kernel
• Provides interface to QFP client &
driver
Software Architecture – Fixed Platform
• Single Control CPU
• Quad-core
Chassis Mgr.
• 64 bit OS IOSact
Forwarding Mgr.
• 8GB, 16GB, 32GB memory support IOSstby
RP Subsystem
Kernel (incl. utilities)

• Standard IOS XE Processes
• Running over a single Linux kernel
Chassis Mgr.
QFP Client
• High Availability / Driver Forwarding Mgr.
• IOS redundancy
ESP Subsystem
• Fault Containment
• Process Restartability
Chassis Mgr.
• Operational Consistency SPA driver
SPA/EPA
SPA driver Interface Mgr.
• Same look and feel as standard IOS driver
I/O Subsystem
• Ethernet Out of Band Channel
• Method by which processes in different
ASR1001-X Control Plane CPU
subsystems communicate
IOS XE Release and support timelines
Standard releases – twice a year (March, November) supported for 18 months
• 6 months of active bug-fix, 6 months of limited bug fix, and 6 months of PSIRT
• Rebuild Intervals: 3 + 3 + 6 + 6 (PSIRT build as needed) PSIRT Phase

Optional
3 months 3 months 6 months 6 months PSIRT build
.1S .2S .3S .4S
FCS EoSales EoSM EoVS
Extended releases - Once a year (July) supported for 48 months

• 30 months of active bug-fix, 6 months of limited bug fix, and 12 months of PSIRT
• Rebuild Intervals: 3 + 3 + 4 + 4 + 4 + 6 + 6 + 6 + 6 + 6 (PSIRT builds as needed) Optional

PSIRT builds
3m 3m 4m 4m 4m 6m 6m 6m 6m 6m
.1S .2S .3S .4S .5S .6S .7S .8S .9S .10S
FCS HPC EoSales EoSales EoSM EoVS

Notification
16.6
IOS XE Software Innovation 16.6
Software Maintenance Upgrade (SMU) - Patches
Use Cases
 Security Vulnerabilities/PSIRTs
Cost  Critical Issues
• Expensive Upgrades - Business Loss

• Each device upgrade causes Network outage
SMU
Time Point Fixes
Reduces Validation
Scope & Time
• Reduced IT staff slows software roll out
• Physical presence required
Scope
• New Code requires bug analysis, certification
IOS XE SMU Features
Components Components Components Components
NAT Multicast/PIM/MVPN AAA IPSec / IKEv2 / VPN
FW Trustsec DHCP LISP (VxLAN)
ALG RBAC QoS L2VPN
MPLS
MACSec ISIS SNMP
(TE/RSVP/OAM/LDP)
Crypto BGP CDP LLDP
CGN/NPTv6 RIB ACL
ALG OSPF SSH
IOS XE Software Innovation
Programmable Interface “Stack”
NETCONF RESTconf gRPC
YANG Data Model
Open Native Open Native

Programmable
Configuration Operational
Interfaces
Device Features
SNMP
Physical and Virtual Network Infrastructure Interface BGP QoS ACL …
16.7
Telemetry
Publication Subscription
• Periodic or on change
• Structured data
NETCONF RESTconf gRPC
• XML encoding
• Increased Scale
• Reduced CPU YANG Data Model
Open Native Open Native
Configuration Operational
Device Features
SNMP
Physical and Virtual Network Infrastructure Interface BGP QoS ACL …
16.7
Guest Shell Application
• Maintain IOS-XE system integrity
• Isolated User Space
• Fault Isolation
• Resource Isolation
Linux
• On-box rapid prototyping applications
• Device-level API Integration
• Scripting (Python) Guest Shell
• Linux Commands
Open Application Container
• Application Hosting API
• Integrate into your Linux workflow Network OS
Using Python with IOS XE
“Off-Box” Python
“On-Box” Python 16.7
External Python
Python
Execution Environment
Python SSH/NETCONF
IOS-XE Device
IOS
IOS IOS-XE Device
• scripts executed locally on switch or router • scripts executed externally from switch or
• Ideal for: router
• provisioning automation (ZTP) • Ideal for:
• automating Embedded Event Manager • configuration management automation
responses • telemetry / operational data
• application development • controller use cases including DNA-C / Cisco
• IOT Network PNP
Provisioning Automation
Zero Touch 16.7 Cisco Network Plug
Provisioning and Play
ZTP Booting PNP Booting

Switch Switch
DHCP ZTP DNA-C / Network

Server Plug and Play
ZTP Booting PNP Booting Service
Router Router
PNP Access
Point
Image source Device Device
Interfaces Open / standards based “Turn-key” solution with PnP App
Key Values Heterogeneous / multi-vendor network • Optimized for Cisco enterprise networks
environments • Highly secure
• Scalable
Resources on GitHub & DevNet
• https://github.com/YangModels/yang/tree/master/vendor/cisco/xe • https://developer.cisco.com/site/odp/
Applications & Solutions
Joint
Validated
Cloud Edge to Microsoft Azure via ExpressRoute Design
VPC GW
• MSEE: Private, dedicated, high-throughput network

Azure
Office 365 connection between on-premises and Microsoft Azure.
• Require redundant BGP peering to MSEE.
MSEE
• Sub interface per peering, typically QinQ, C-VLAN identify

Connectivity Provider
customer MS peering or Azure private peering, S-VLAN
at co-location facility
identify the primary and secondary virtual circuits.
• Cloud Edge provides
Cloud Edge 1. Connectivity service – BGP, NAT
2. Value-added service – Flexible Netflow, QoS
On-Premises
Network
3. Advanced service – AVC, Ipsec
Microsoft Peering for Office 365, Dynamic 365

• Joint Service Support
Azure Private Peering for Virtual Networks and VMs
IPsec Tunnels
WAN MACSec Applications
DC1 DC2
• Standards Based MKA key framework
• IEEE 802.1x, PKI (EAP-TLS) Carrier Ethernet
Service
• IEEE 802.1X-2010, PSK
(1) High Speed Site to Site
• 802.1AE strong encryption
• 128/256 bits AES-GCM, NIST approved Branch
• Line rate performance @ 1G, 10G, 40G, 100G
• Adapting to SP Ethernet Service DC

• 802.1Q Tag in the clear Branch Carrier Ethernet
• Ability to change EAPoL destination-address broadcast Service
• Ability to change EAPoL eth-type 876F
(2) High Speed Branch Backhaul
• P2P, P2MP
• Port based E-LINE, E-LAN Service Branch
• VLAN based E-LINE, E-LAN Service
• 256/128/32/8 peers on 100/40/10/1GE PHY DC

Branch Carrier Ethernet
• Transporting SGT tag with WAN MACSec Service
(3) High Speed Any-to-Any Topology
Segment Routing
Simplifying the Transport
• Source Routing: the source chooses a path and
encodes it in the packet header as an ordered list SR
of segment IGP
VPN
• Segment: an identifier for any type of instructions:
forwarding or service VPN
• IGP only: no LDP, no RSVT-TE

Node segment to T (16006)
• ECMP
16006
• Interworking with LDP: ease of migration vpn B C
vpn
pkt
pkt
• Topology independent 50msec FRR
segment
to N
Adj
• Support all existing VPN services H T
N O
SR WAN
• Engineered for SDN
Segment Routing Traffic Engineering
IGP Topology + LSP DB

TE link attributes PCE
+ SR SID + SRGB TED
= TED
16001
24005 BGP Link State
16006 Export TED
TED vpn 16001 24005
pkt
16006
PCC RR RR
Headend Tail Headend Tail
Single IGP Domain IGP Domain 1 IGP Domain 2
1. BGP-LS specify sets of TLV’s that define three objects:

1. Information Distribution: IGP (OSPF or IS-IS) SR Nodes, Links and IP Prefixes in new NLRI type, the BGP-
extensions used to flood bandwidth information between
LS attribute encodes the properties of the objects, such as
routers & SR SIDs, SRGB
Node-names, IGP metric, TE-metric…
2. CSPF does Path Calculation on headend only – uses IGP
advertisements to compute SRTE “constrained” paths 2. Path Compute Element (PCE) compute the network path
or route based on a network graph and applying
3. Forwarding traffic: Static route, auto route announce,.etc. computational constraints
3. Path Compute Client (PCC) initiates LSPs and delegates

path computation to PCE or PCE initiated LSPs
Ethernet VPN – NG L2VPN Solution
Control Plane Learning
ES1 (dual home single-active) PEs advertise MAC Addresses and Next Hops via MP-BGP
• Scale - Control Plane Address PE1
RR
Learning in Core ES3 (single home)
PE2
• Simple – Auto Discovery and Easy CE1
MPLS/SR Core
Provisioning CE2
CE3
• Resiliency - Active-Standby Multi- PE3
PE4
Data Plane Learning
homing, All-Active Multi-homing ES2 (dual home all-active) Dynamic or Static (Provisioned)
• Rich Services - vlan-based, vlan Vlan 1 Intf PE

Vlan 1
Intf PE LSPs
LSPs Vlan 2 EFP BD 1 EVI 1
bundle, vlan-aware bundle Vlan 2
EFP BD 1 EVI 1 Vlan 3
LSPs
Vlan 3 Vlan 4
Vlan 5 EFP BD 2 EVI 2
• Flow Optimization – MAC Mobility, (1) Port Based Service Instance (2) VLAN Bundle Service Instance
ARP/ND flooding suppression. PE Intf PE

Intf LSPs
Vlan 1 EVI 1
EFP BD 1 Vlan 1 EFP BD 1 LSPs
Vlan 2 LSPs Vlan 2 EVI
EFP BD 2 EVI 2 EFP BD 2
(3) VLAN Based Service Instance (4) VLAN Aware Bundle Service Instance
EVPN Components
EVPN Instance (EVI) BGP NLRI
Ethernet Segment
& MAC-VRF & Communities
ESI1 Route Types Extended Communities
CE1 PE1
[1] Ethernet AD Route ESI Label
PE
[2] MAC Advertisement Route ES-Import RT
MAC-VRF1
ESI2 [3] Inclusive Multicast Route MAC Mobility
MAC-VRF2 [4] Ethernet Segment Route Default Gateway
CE2 PE2 [5] IP Prefix Route
• EVI identifies a VPN in the • ES: Represents a site (device or • AFI 25 (L2VPN), • Carry information:
network network) is connected to one or SAFI 70 (EVPN) MAC address moves
• MAC-VRF: A VRF table for MAC more PEs via a set of Ethernet • Purposes: C-MAC flush notification
MAC address reachability Redundancy mode
addresses on a PE links, then that set of links is MAC / IP bindings of GW
MAC mass withdraw
• Encompass one or more bridge- referred to as an Ethernet Split-Horizon label adv Split-Horizon label encoding
domains, depending on service Segment Aliasing
interface type: • Could be Multicast endpoint
discovery
Port Based Service Interface Single-Homed Device (SHD) Redundancy group
VLAN Based Service Interface Multi-homed Device (MHD) discovery
Vlan Bundle Service Interface Designated forwarder
Single-homed Network (SHN) election
Vlan-Aware Bundle Service Interface Multi-Homed Network (MHN)
SDA Border Deployment
Shared Services with LISP Extranet Host Entry
100.0.0.0/24
VRF
P
Location
Border
10.1.1.1 G Edge 1
• Extranet Provider: Provider VRF or 10.1.1.3 G Edge 3
Instance (IID) is where provider
of the shared services or internet C 20.1.1.1 R Edge 1
20.1.1.2 R Edge 2
located.
Shared Services
• Extranet Subscriber: Subscriber B (100.0.0.0/24)
VRF or Instance (IID) is where VRF P

users of the shared services
DNS DHCP ISE
located. This is the user VRFs
that are created in SDA
fabric.
Edge1 Edge2 Edge3
• Subscriber can only VRF G (10.1.1.0/24)
VRF R (20.1.1.0/24)
communicate to provider
and vice versa
• One subscriber can not
communicate to another subscriber
in Provider VRF
ASR 1000 support in DNA Assurance
Router Insights Router Features Router KPIs

• Device 360 with guided • CPU/Memory utilization
• High CPU
• High Memory
issue troubleshooting • Interface buffer usage:
• Network Health queue depth, buffer
• Interface High Utilization
• Search discards, output drops
• BGP: AS mismatch, Flaps
• Path trace • Interface stats: rate/load,
• Not able to reach ISP /
• Topology Tx/Rx individual vs
MPLS SP gateway
• OSPF/EIGRP adjacency bidirectional
failure • Route Peering (LAN, WAN)
• LAN connectivity down • WAN connectivity
(down/flap) • Uptime
Conclusion
Summary and Key Takeaways
• ASR 1000 is the Swiss Army Knife to solve your tough
network problems
• Reduce complexity in your network edge.
• ASR 1000 is well positioned for both Enterprise and Service
Provider Architectures.
• ASR 1000 is fully embedded in the Cisco Digital Network
Architecture
Cisco Spark
Questions?
Use Cisco Spark to communicate
with the speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
cs.co/ciscolivebot#BRKARC-2001
• Please complete your Online Complete Your Online
Session Evaluations after each
session
Session Evaluation
• Complete 4 Session Evaluations
& the Overall Conference
Evaluation (available from
Thursday) to receive your Cisco
Live T-shirt
• All surveys can be completed via
the Cisco Live Mobile App or the
Communication Stations
Don’t forget: Cisco Live sessions will be available
for viewing on-demand after the event at
www.ciscolive.com/global/on-demand-library/.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Tech Circle
• Meet the Engineer 1:1 meetings
• Related sessions
• BRKCRS-3147 - Advanced troubleshooting of the ASR1K and ISR (IOS-XE) made easy
• BRKRST-2124 - Introduction to Segment Routing
• BRKMPL-2333 - EVPN: the NG of MPLS-based L2VPN
• BRKCRS-2811 - Connecting the Fabric to External Networks
• BRKRST-2309 - Aligning Encryption Technologies with WAN Transport
Thank you

ASR 1000 Architecture Overview and Use Cases

Uploaded by

Copyright:

Available Formats

ASR 1000 Architecture Overview and Use Cases

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ASR 1000 Architecture Overview and Use Cases

Uploaded by

Copyright:

Available Formats

BRKARC-2001

ASR 1000 Architecture

Jason Yang, Technical Marketing Engineer – CCIE #10467

• Introducing the ASR 1000

Fixed Chassis IOS-XE Modular Chassis

2.5 to 20 5 to 36 44 to 60 44 to 100 10 to 40 20 to 100 40 to 100 40 to 200 40 to 200

High end branch Cloud

High Speed CPE WAN Aggregation Data Center Interconnect

interconn GE switch interconn. GE switch QFP

interconnect interconnect interconnect

SPA SPA Built-in GE/10GEs EPA EPA

SPA Interface Processor Ethernet Linecard Modular Interface Processor

ESP Slots 1 2 2 2 (super) 2 (super)

SIP/MIP Slots 2 (SIP only) 3 (SIP only) 2 3 6

Built-In Ethernet N/A N/A N/A N/A N/A

Redundancy Software Hardware Hardware Hardware Hardware

1100 power modules 1100 power modules

System Management  Up to 200Gbps per

 6x EPA (MIP-100)  ISSU

Modular Fan Tray

BITS clocking Power Supply

ASR1006 Yes No Yes Yes No Yes Yes Yes No

ASR1013 Yes Yes Yes Yes Yes(2)(3) No Yes Yes Yes

ASR1006-X Yes(1) Yes Yes Yes Yes(3) No Yes Yes No

ASR1009-X Yes(1) Yes Yes Yes Yes(3) No Yes Yes Yes

(1)RP2 with new CPLD

EPA-1x100GE XE 3.16.1 XE 16.4.1

EPA-10x10GE XE 3.16.4 XE 16.3.1 SFP-10G-SR, SFP-10G-SR-X, SFP-10G-LR,

50 Gbps 50 Gbps 10G 80G

• Five year design and continued evolution – now on 3rd generation

3rd Gen QFP linerate security

1st Gen QFP

#cores: Number of Packet Processing Engines

High Speed Backplane Aggregation ASIC

IO Oversubscription & Aggregation ASIC

Increasing network intelligent and services requirements

SPA Slots 1 3 N/A N/A

Built in I/O Crypto module

Power Supply & Fans

• Linux kernel with multiple processes running in

• Runs Control Plane IOS

Chassis SPAs/EPAs in the chassis

Kernel (incl. utilities)

• Rebuild Intervals: 3 + 3 + 6 + 6 (PSIRT build as needed) PSIRT Phase

FCS EoSales EoSM EoVS

Extended releases - Once a year (July) supported for 48 months

• Rebuild Intervals: 3 + 3 + 4 + 4 + 4 + 6 + 6 + 6 + 6 + 6 (PSIRT builds as needed) Optional

FCS HPC EoSales EoSales EoSM EoVS

Software Maintenance Upgrade (SMU) - Patches

• Expensive Upgrades - Business Loss

• New Code requires bug analysis, certification

NAT Multicast/PIM/MVPN AAA IPSec / IKEv2 / VPN

FW Trustsec DHCP LISP (VxLAN)

ALG RBAC QoS L2VPN

Crypto BGP CDP LLDP

CGN/NPTv6 RIB ACL

ALG OSPF SSH

NETCONF RESTconf gRPC

YANG Data Model

Open Native Open Native