IWAN

Software Defined WAN

xuhliu GC ENT Team

Oct 2016

Automation

Abstraction and Policy Control from Core to Edge

Open and Programmable | Standards-Based

Open APIs | Developers Environment

Cloud Service Management

Policy | Orchestration

Virtualization

Physical and Virtual Infrastructure | App Hosting

Analytics

Network Data, Contextual Insights

Insights and Experiences Automation and Assurance Security and Compliance

Network-enabled Applications

Cloud-enabled | Software-delivered

Principles

Cisco Digital Network Architecture

Cloud Enabled | Cisco ONE Software Delivered

Applications

Network-Wide Abstractions Simplify the Network with APIC-EM

Security Orchestration Automation Collaboration

SOUTHBOUND ABSTRACTION LAYER

REST API

CATALYST® CISCO NEXUS® ASR ISR WIRELESS ASA OTHER

SDN Ideal: Controller as the

Application Platform

The SDN

Ideal: Controller as

the Application

Platform

Virtualization

IWAN APP

`

Cisco Intelligent WAN App for the APIC-EM

NETWORK

Business Policy Dictates Network Action

Simple

Workflow

Plug and

Play

Network, Applications

Monitoring

Business-Level

Policies

Open

Architecture

SDN

IT Admin Access

Business

Policy:

App SLA

Application

Network Profile

DMVPN

SLA

QoS

Security

Path Selection

IWAN Is a Prescriptive Solution

IWAN APP

The Enterprise NFV Approach

Enterprise NFV Solution Architecture

ISR-4K + UCS-E UCS x86 Server

NFVIS

ISRv ASAv WAAS vWLC 3rd

VNFn

App1 Appn App2

ESA + APIC-EM + Prime Infrastructure

… …

Various Host options for different Branch Sizes

Software host managing virtualization and

hardware

VNF and Application hosting with 3rd party

support

Common Orchestration and Management

across virtual & physical network

API Interface Platform

Management Hypervisor

Virtual Switching

NFVIS = Network Function Virtualization Infrastructure Software

ENCS

Orchestration & Management for Day 0/1

WAN SN

, IP fo

r ho

st

Office

NFVIS

IPS

WAAS

vSwitch

Pro

file

to

SN

m

app

ing

Pro

visi

on

ing

Pro

visi

on

ing

APIC-EM Prime Infrastructure PnP

Day 0/1 config

repository REST

ESC-Lite

Enterprise Services Automation (ESA)

• Policy

• Orchestration

• Controller

• Automation

• Management

ASAv/FTD vWAAS vWLC ISRv

Best-of-breed Trusted Services from Cisco Consistent software across physical and virtual

High Performance

Rich Features

End-to-end Support

Proven Software

Application Optimization

Superior Caching with Akamai Connect

Survivability & Scale

Consistency across the Data Center and Switches

Built for small and medium branches

Comprehensive Protection

Full DC-class Featured Functionality

Designed for NFV

Cost-effective with NFV

* FirePOWER Threat Defense for ENFV June/July 2016

*

Windows 2012 and Linux Server also supported

Cisco Intelligent WAN Platforms

ASR 1002-HX&1001-HX ( ASR1K精品) Architecture Overview

PCIe Punting

path

ASR1002-HX Hardware Block Diagram

FP: Yoda0 FP: Yoda1

40Gbps Crypto

Interconnect ASIC

Scheduling and Buffering

RP / IOS XE

75Gbps 75Gbps

75 Gbps

1 x NIM

1Gbps 10Gbps 8 x10 Gbps

8 x1 Gbps

150Gbps

12 x 10Gbps

System Flow Cntrl

4 x DIMM DRAM up to

32GB

1 x EPA 8 x 10Gbps SFP+

8 x 1Gbps SFP

2 x USB TypeA

RJ45 + USB CONS

RJ45 ENET Mnmt

TCAM

40 Gbps

CPU Complex

ASR 1001-HX 60G Fixed

System Management

RJ45 GE Ethernet

2x USB Ports

8x 1GE Ports

MACSec enabled

8x 10GE / 1GE Ports

Enabled by license

Configurable to 1 or 10GE

MACSec enabled

Power Supplies

2x AC or DC

Memory

2x DIMM slots (8GB each)

Crypto module

Field upgradeable (8 or 20Gbps)

6x Fans

System Management

Console

AUX

Multi-Core Network Processor

62 Cores

4 Packet Threads / Core

248 simultaneous threads

Control plane

CPU: Quad Core @ 2.5 GHz

Memory: 8GB DDR3 default memory, upgradeable to 16GB

Pay as you go

60 Gbps system performance

16 Built-in 10GE/1GE ports enabled via software license

No modular interfaces

Application level service performance

30M+ Packets Per Second

Up to 20G Crypto IMIX w/ Suite B for diverse VPN security solutions

6M Firewall and traditional NAT Sessions

ASR1001-HX Hardware Block Diagram

FP: Yoda0

20Gbps Crypto

Interconnect ASIC

Scheduling and Buffering

RP / IOS

75 Gbps

50 Gbps

8 x 10 Gbps or

8 x 1 Gbps

8 x 1 Gbps

150 Gbps

System Flow Cntrl

DRAM up to 16GB

8 x 10Gbps SFP+

8 x 1Gbps SFP

2 x USB TypeA

RJ45 + USB CONS

RJ45 ENET Mnmt

TCAM

50 Gbps

CPU Complex

1 x EPA 1 x NIM

FP: Yoda1

400 Mhz

800 Mhz

550Mhz

• No NIM or EPA slots

• Built in 8 x 1GE ports and 8 ports that can be either 1GE or 10GE

• No BITS interface for clocking

• CPU DDR3 Memory – 8GB default, field upgradable to 16GB of DDR3

• 16G configuration is comprised of two 8GB UDIMM

• 8G configuration is comprised of two 4GB UDIMM

• IP-Sec bandwidth with up to 20Gbps crypto bandwidth on ASR1001-HX

• Based on ESP-100 Crypto architecture - 32 core Octeon II CN6870-800Mhz

• Some ASICs running at slower speeds to lower cooling requirements

• Feature scale will generally track ASR1002-X numbers

• 116K QoS queues

ASR1002-HX to ASR1001-HX deltas

Cisco 4000 Series Integrated Services Routers

Cisco Branch Router Evolution

ISR 4431 & 4300 family Making for a complete ISR 4000 family ISR 4451-X

First ISR based on IOS XE

ISR G2 family 800, 1900, 2900 & 3900 Taking the ISR concept to the next level

ISR G1 family 1800, 2800, 3800 The first architecture custom designed for integrated services

Cisco 2500 Cisco’s first family of branch routers for 23 different deployments

Cisco 2600 Superseded 2500. Considered one of Cisco's premier products.

2014

2013

2009

2004

1998

1993

Not shown here: 700, 1600, 1700, 4000/4500, 3600 & 3700 series routers