TOMORROW starts here.
Many Service Provider and Enterprise customers are looking to converge their network edge architectures. On the Service Provider side, firewall, security or deep-packet inspection functionality is being integrated into Provider Edge or BNG systems. Similarly, on the Enterprise side multiple functionalities are activated in a converged WAN edge router, thus yielding operational savings and efficiencies. The Cisco ASR 1000 takes this convergence to the next level. Based on the Cisco Quantum Flow Processor, the ASR 1000 enables the integration of voice, firewall, security or deep packet inspection services in a single system, with exceptional performance and high-availability support. The processing power of the Quantum Flow Processor allows this integration without the need for additional service modules. This technical seminar describes the system architecture of the ASR 1000. The different hardware modules (route processor, forwarding processor, interface cards) and Cisco IOS XE software modules are described in detail. Examples of how different packets flows traverse and ASR 1000 illustrate how the hard and software modules work in conjunction. The session also discusses the expected performance characteristics in converged service deployments. Particular attention is also given to sample use cases on how the ASR 1000 can be deployed in different Service Provider and Enterprise architectures in a converged services role. The session is targeted for network engineers and network architects who seek to gain an in-depth understanding of the ASR 1000 system architecture for operational or design purposes. Attendees from both the Service Provider as well as Enterprise market segments are welcome.
## Glossary

<table>
<thead>
<tr>
<th>Term</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>AAA</td>
<td>Authentication, authorization and Accounting</td>
</tr>
<tr>
<td>ACL</td>
<td>Access Control List</td>
</tr>
<tr>
<td>ACT</td>
<td>Active, referring to ESP or RP in an ASR 1006</td>
</tr>
<tr>
<td>AF1</td>
<td>Assured Forwarding Per Hop behaviour class 1</td>
</tr>
<tr>
<td>AF2</td>
<td>Assured Forwarding Per Hop behaviour class 2</td>
</tr>
<tr>
<td>AF3</td>
<td>Assured Forwarding Per Hop behaviour class 3</td>
</tr>
<tr>
<td>AF4</td>
<td>Assured Forwarding Per Hop behaviour class 4</td>
</tr>
<tr>
<td>ALG</td>
<td>Application Layer Gateway</td>
</tr>
<tr>
<td>ASR</td>
<td>As in ASR1000; Aggregation Services Router</td>
</tr>
<tr>
<td>B2B</td>
<td>Business to Business in the context of WebEx or Telepresence</td>
</tr>
<tr>
<td>BB</td>
<td>Broadband</td>
</tr>
<tr>
<td>BGP</td>
<td>Border Gateway Protocol</td>
</tr>
<tr>
<td>BITS</td>
<td>Building Integrated Timing Supply</td>
</tr>
<tr>
<td>BNG</td>
<td>Broadband Network Gateway</td>
</tr>
<tr>
<td>BOS</td>
<td>Buffer, Queuing and Scheduling chip on the QFP</td>
</tr>
<tr>
<td>BRAS</td>
<td>Broadband remote Access Server</td>
</tr>
<tr>
<td>BW</td>
<td>Bandwidth</td>
</tr>
<tr>
<td>CAC</td>
<td>Connection Admission Control</td>
</tr>
<tr>
<td>CCO</td>
<td>Cisco Connection Online (<a href="http://www.cisco.com">www.cisco.com</a>)</td>
</tr>
<tr>
<td>CDR</td>
<td>Call Detail Records</td>
</tr>
<tr>
<td>CF</td>
<td>Checkpointing Facility</td>
</tr>
<tr>
<td>CLI</td>
<td>Command Line Interface</td>
</tr>
<tr>
<td>CM</td>
<td>Chassis Manager</td>
</tr>
<tr>
<td>CPE</td>
<td>Customer Premise Equipment</td>
</tr>
<tr>
<td>CPU</td>
<td>Central Processing Unit</td>
</tr>
<tr>
<td>CRC</td>
<td>Cyclic Redundancy Check</td>
</tr>
<tr>
<td>Ctrl</td>
<td>Control</td>
</tr>
<tr>
<td>DBE</td>
<td>Data Border Element (in Session Border Controller)</td>
</tr>
<tr>
<td>DMVPN</td>
<td>Dynamic Multipoint Virtual Private Network</td>
</tr>
<tr>
<td>DPI</td>
<td>Deep Packet Inspection</td>
</tr>
<tr>
<td>DSCP</td>
<td>DiffServ Code Point (see also AF, EF)</td>
</tr>
<tr>
<td>DSLAM</td>
<td>Digital subscriber Line Access Multiplier</td>
</tr>
<tr>
<td>DST</td>
<td>Destination</td>
</tr>
<tr>
<td>DST</td>
<td>Destination</td>
</tr>
<tr>
<td>EF</td>
<td>Expedited Forwarding (see also DSCP)</td>
</tr>
<tr>
<td>EOBC</td>
<td>Ethernet out-of-band control channel on the ASR 1000</td>
</tr>
<tr>
<td>ESI</td>
<td>Enhanced SerDes Interface</td>
</tr>
<tr>
<td>ESP</td>
<td>Embedded Services Processor on the ASR 1000</td>
</tr>
<tr>
<td>FECP</td>
<td>Forwarding Engine (ESP) Control Processor</td>
</tr>
<tr>
<td>FH</td>
<td>Full Height (SPA)</td>
</tr>
<tr>
<td>FIB</td>
<td>Forwarding Information Base</td>
</tr>
<tr>
<td>FM</td>
<td>Forwarding Manager</td>
</tr>
<tr>
<td>FPM</td>
<td>Flexible Packet Matching</td>
</tr>
<tr>
<td>FR-DE</td>
<td>Frame Relay Discard Eligible</td>
</tr>
<tr>
<td>FW</td>
<td>Firewall</td>
</tr>
<tr>
<td>GigE</td>
<td>Gigabit Ethernet</td>
</tr>
<tr>
<td>GRE</td>
<td>Generic Route Encapsulation</td>
</tr>
<tr>
<td>HA</td>
<td>High Availability</td>
</tr>
<tr>
<td>HDTV</td>
<td>High Definition TV</td>
</tr>
<tr>
<td>HH</td>
<td>Half-height (SPA)</td>
</tr>
<tr>
<td>HQF</td>
<td>Hierarchical Queuing Framework</td>
</tr>
<tr>
<td>H-QoS</td>
<td>Hierarchical Quality of Service</td>
</tr>
<tr>
<td>HW</td>
<td>hardware</td>
</tr>
<tr>
<td>I2C</td>
<td>Inter-Integrated Circuit</td>
</tr>
<tr>
<td>IOCP</td>
<td>Input output Control Processor</td>
</tr>
<tr>
<td>IOS XE</td>
<td>Internet Operating system XE (on the ASR 1000)</td>
</tr>
<tr>
<td>IPC</td>
<td>Inter-process communication</td>
</tr>
<tr>
<td>IPS</td>
<td>Intrusion Prevention System</td>
</tr>
<tr>
<td>ISG</td>
<td>Intelligent Services Gateway</td>
</tr>
<tr>
<td>ISP</td>
<td>Internet Service Provider</td>
</tr>
<tr>
<td>ISSU</td>
<td>In-service software upgrade</td>
</tr>
<tr>
<td>L2TP CC</td>
<td>Layer 2 Transport Protocol Control connection</td>
</tr>
<tr>
<td>LAC</td>
<td>L2TP access concentrator</td>
</tr>
<tr>
<td>Glossary</td>
<td>Description</td>
</tr>
<tr>
<td>--------------------------</td>
<td>-----------------------------------------------------------------------------</td>
</tr>
<tr>
<td>LNS</td>
<td>L2TP network Server</td>
</tr>
<tr>
<td>MFIB</td>
<td>Multicast FIB</td>
</tr>
<tr>
<td>mGRE</td>
<td>multipoint GRE</td>
</tr>
<tr>
<td>MPLS</td>
<td>Multiprotocol label switching</td>
</tr>
<tr>
<td>MPLS-EXP</td>
<td>MPLS Exp bits in the MPLS header</td>
</tr>
<tr>
<td>MPV Video</td>
<td></td>
</tr>
<tr>
<td>MQC</td>
<td>Modular QoS CLI</td>
</tr>
<tr>
<td>mVPN</td>
<td>multicast VPN</td>
</tr>
<tr>
<td>NAPT</td>
<td>Network address port translation</td>
</tr>
<tr>
<td>NAT</td>
<td>network address translation</td>
</tr>
<tr>
<td>NBAR</td>
<td>network based application recognition</td>
</tr>
<tr>
<td>Nr</td>
<td>receive sequence number (field in TCP header)</td>
</tr>
<tr>
<td>Ns</td>
<td>send sequence number (field in TCP header)</td>
</tr>
<tr>
<td>NF</td>
<td>Netflow</td>
</tr>
<tr>
<td>NSF</td>
<td>non-stop forwarding</td>
</tr>
<tr>
<td>OBFL</td>
<td>on board failure logging</td>
</tr>
<tr>
<td>OIR</td>
<td>online insertion and removal</td>
</tr>
<tr>
<td>OLT</td>
<td>optical line termination</td>
</tr>
<tr>
<td>P1</td>
<td>Priority 1 queue</td>
</tr>
<tr>
<td>P2</td>
<td>priority 2 queue</td>
</tr>
<tr>
<td>PAL</td>
<td>Platform Adaption layer (middleware in the ASR 1000)</td>
</tr>
<tr>
<td>PE</td>
<td>Provider Edge</td>
</tr>
<tr>
<td>POST</td>
<td>Power on self test</td>
</tr>
<tr>
<td>POT</td>
<td>Plain old telephony system</td>
</tr>
<tr>
<td>PQ</td>
<td>priority queue</td>
</tr>
<tr>
<td>PTA</td>
<td>PPP termination and aggregation</td>
</tr>
<tr>
<td>PWR</td>
<td>power</td>
</tr>
<tr>
<td>QFP</td>
<td>Quantum Flow Processor</td>
</tr>
<tr>
<td>QFP-MPE</td>
<td>QFP packet Processing elements</td>
</tr>
<tr>
<td>QFP-TM</td>
<td>QFP traffic Manager (see also BQS)</td>
</tr>
<tr>
<td>QoS</td>
<td>Quality of Service</td>
</tr>
<tr>
<td>RACS</td>
<td>Resource and admission control subsystem</td>
</tr>
<tr>
<td>RA-MPLS</td>
<td>Remote access into MPLS</td>
</tr>
<tr>
<td>RF</td>
<td>redundancy facility (see also CF)</td>
</tr>
<tr>
<td>RIB</td>
<td>routing information base</td>
</tr>
<tr>
<td>RP</td>
<td>Route processor</td>
</tr>
<tr>
<td>RP1</td>
<td>1st generation RP on the ASR 1000</td>
</tr>
<tr>
<td>RP2</td>
<td>2nd generation RP on the ASR 1000</td>
</tr>
<tr>
<td>RR</td>
<td>Route reflector</td>
</tr>
<tr>
<td>RU</td>
<td>rack unit</td>
</tr>
<tr>
<td>SBC</td>
<td>session border controller</td>
</tr>
<tr>
<td>SBE</td>
<td>signaling border element (of an SBC)</td>
</tr>
<tr>
<td>SBY</td>
<td>standby</td>
</tr>
<tr>
<td>SDTV</td>
<td>standard definition TV (see also HDTV)</td>
</tr>
<tr>
<td>SIP</td>
<td>Session initiation protocol</td>
</tr>
<tr>
<td>SPA</td>
<td>shared port adapter</td>
</tr>
<tr>
<td>SPA SPI</td>
<td>SPA Serial Peripheral Interface</td>
</tr>
<tr>
<td>SPV Video</td>
<td></td>
</tr>
<tr>
<td>SRC</td>
<td>Source</td>
</tr>
<tr>
<td>SSL</td>
<td>Secure Socket Layer</td>
</tr>
<tr>
<td>SSO</td>
<td>stateful switch over</td>
</tr>
<tr>
<td>SW</td>
<td>software</td>
</tr>
<tr>
<td>TC</td>
<td>traffic class (field in the IPv6 header)</td>
</tr>
<tr>
<td>TCAM</td>
<td>Ternary content addressable memory</td>
</tr>
<tr>
<td>TOS</td>
<td>Type of service (field in the IPv4 header)</td>
</tr>
<tr>
<td>VAI</td>
<td>virtual access interface</td>
</tr>
<tr>
<td>VLAN</td>
<td>virtual local area network</td>
</tr>
<tr>
<td>VOD</td>
<td>video on demand</td>
</tr>
<tr>
<td>VTI</td>
<td>virtual tunnel interface</td>
</tr>
<tr>
<td>WAN</td>
<td>wide area network</td>
</tr>
<tr>
<td>WRED</td>
<td>weighted random early discard</td>
</tr>
</tbody>
</table>
Key Next Generation Cloud Services
ASR1000 Integrated Services Router

Best in Class ASIC Technology
Quantum Flow Processor (QFP) for high scale services and sophisticated QoS with minimum performance impact

Voice and Video Services (CUBE)
Application Performance Services (AVC, PfR)

Security Services (Firewall, VPN, Encryption)
Multi-Service, Secure WAN Aggregation Services

Best in Class Availability
Enterprise IOS Features with Modular OS and Software Redundancy or Hardware Redundancy and ISSU

Ethernet WAN and Provider Edge Services

Best in Class

Quantum Flow Processor (QFP) for high scale services and sophisticated QoS with minimum performance impact
Agenda

• Introducing the ASR1000
• ASR1000 System Architecture
• ASR 1000 Building Blocks
• ASR 1000 Software Architecture
• ASR 1000 Packet Flows
• QoS on the ASR 1000
• High-Availability on the ASR 1000
• Operations Highlights
• Applications
Introducing the ASR1000
# Cisco ASR 1000 Series Routers: Overview

2.5 Gbps to 200Gbps Range—Designed Today for up to 360 Gbps in the Future

<table>
<thead>
<tr>
<th>COMPACT, POWERFUL ROUTER</th>
<th>BUSINESS-CRITICAL RESILIENCY</th>
<th>INSTANT ON SERVICE DELIVERY</th>
</tr>
</thead>
<tbody>
<tr>
<td>• Line-rate performance 2.5G to 200G+ with services enabled</td>
<td>• Resilient, high performance services router</td>
<td>• Integrated firewall, VPN, encryption, NBAR2, CUBE-ENT,CUBE-SP</td>
</tr>
<tr>
<td>• Investment protection with modular engines, IOS CLI and SPAs and Ethernet Line Cards for I/O</td>
<td>• Fully separated control and forwarding planes</td>
<td>• Scalable on-chip service provisioning through software licensing</td>
</tr>
<tr>
<td>• Hardware-based QoS engine with 464K queues</td>
<td>• Hardware and software redundancy</td>
<td></td>
</tr>
<tr>
<td></td>
<td>• In-service software upgrades</td>
<td></td>
</tr>
</tbody>
</table>

**ASR 1000 Series Models**

- **ASR 1001-X**
  - New
- **ASR 1001**
- **ASR 1002**
- **ASR 1002-X**
- **ASR 1004**
- **ASR 1006**

**Bandwidth Ranges**

- **ASR 1001-X**: 2.5 to 20 Gbps
- **ASR 1002**: 5 to 10 Gbps
- **ASR 1002-X**: 5 to 36 Gbps
- **ASR 1004**: 10 to 40 Gbps
- **ASR 1006**: 10 to 100 Gbps
- **ASR 1013**: 40 to 360 Gbps

---

9
Where the ASR 1000 Fits

MANAGED SERVICES CPE Routers
Managed L2/L3 VPNS
Integrated Security
Application Recognition

7200 Series

ISR Series

7600 Series

ASR 1000
2.5-360G per System
Broadband
Route Reflector
Distributed PE
Hosted Firewall
IP Sec
SBC/VoIP

Up to 2 Tbps per system
Carrier Ethernet
IP RAN
Mobile Gateways
SBC/VoIP
Broadband
Vidmon

Up to 48 Tbps per system
Carrier Ethernet
IP RAN
L2/L3 VPNs
Vidmon
BNG

SERVICE PROVIDER EDGE Routers

ASR 9000

Cisco Public
ASR 1000: SP Applications

MANAGED CPE SERVICES

Embedded Services Deployed at the Customer Premise

Services:
- L2/L3 VPNS
- Firewall/NAT
- SBC—SIP Trunking and TP
- IPSec
- WebEx Node
- NBAR

BNG SP WiFi

Distributed BNG or LNS, ISG

Services:
- PPP or IP Aggregation
- ATM or Ethernet
- ISG
- LNS
- WiFi Access Gateway

MSE, RR

Multi Services Edge: L2 VPN, L3 VPN
Network-Based Security
ASR 1000: Enterprise Applications
ASR1000 SYSTEM ARCHITECTURE
ASR 1000 Series Building Blocks

- **Route Processor (RP)**
  - Handles control plane traffic
  - Manages system

- **Embedded Service Processor (ESP)**
  - Handles forwarding plane traffic

- **SPA Interface Processor (SIP)**
  - Shared Port Adapters provide interface connectivity

- **Centralized Forwarding Architecture**
  - All traffic flows through the active ESP, standby is synchronized with all flow state with a dedicated 10-Gbps link

- **Distributed Control Architecture**
  - All major system components have a powerful control processor dedicated for control and management planes
ASR 1000 Data Plane Links

- Enhanced SerDes Interconnect (ESI) links – high speed serial communication
  - ESIs can run at 11.5Gbps or 23Gbps
- ESIs run over midplane and carry
  - Packets between ESP and the other cards (SIPs, RP and other ESP)
  - Network traffic to/from SPA SIPs
  - Punt/inject traffic to/from RP (e.g. network control pkts)
  - State synchronization to/from standby ESP
- Two ESIs between ESPs and to every card in the system
- Additional full set of ESI links to/from standby ESP (not shown)
- CRC protection of packet contents
- ESP-10G: 1 x 11.5G ESI to each SIP slot
- ESP-20G: 2 x 11.5G ESI to two SIP slots; 1 x 11.5G to third SIP slot
- ESP-40G: 2 x 23G ESI to all SIP slots
ASR 1000 Control Plane Links

- **Ethernet out-of-band Channel (EOBC)**
  - Run between ALL components
  - Indication if cards are installed and ready
  - Loading images, stats collection
  - State information exchange for L2 or L3 Protocols

- **I²C**
  - Monitor health of hardware components
  - Control resets
  - Communicate active/standby, Real time presence and ready indicators
  - Control the other RP (reset, power-down, interrupt, report Power-supply status, signal ESP active/standby)
  - EEPROM access

- **SPA control links**
  - Run between IOCP and SPAs
  - Detect SPA OIR
  - Reset SPAs (via I²C)
  - Power-control SPAs (via I²C)
  - Read EEPROMs
# ASR1000 Systems

<table>
<thead>
<tr>
<th></th>
<th>ASR 1001</th>
<th>ASR1001-X</th>
<th>ASR 1002</th>
<th>ASR 1002-X</th>
<th>ASR 1004</th>
<th>ASR 1006</th>
<th>ASR 1013</th>
</tr>
</thead>
<tbody>
<tr>
<td>SPA Slots</td>
<td>1-slot</td>
<td>1-slot</td>
<td>3-slot</td>
<td>3-slot</td>
<td>8-slot</td>
<td>12-slot</td>
<td>24-slot</td>
</tr>
<tr>
<td>RP Slots</td>
<td>Integrated</td>
<td>Integrated</td>
<td>Integrated</td>
<td>Integrated</td>
<td>1</td>
<td>2</td>
<td>2</td>
</tr>
<tr>
<td>ESP Slots</td>
<td>Integrated</td>
<td>Integrated</td>
<td>1</td>
<td>Integrated</td>
<td>1</td>
<td>2</td>
<td>2</td>
</tr>
<tr>
<td>SIP Slots</td>
<td>Integrated</td>
<td>Integrated</td>
<td>Integrated</td>
<td>Integrated</td>
<td>2</td>
<td>3</td>
<td>6</td>
</tr>
<tr>
<td>IOS Redundancy</td>
<td>Software</td>
<td>Software</td>
<td>Software</td>
<td>Software</td>
<td>Software</td>
<td>Hardware</td>
<td>Hardware</td>
</tr>
<tr>
<td>Built-In GE</td>
<td>4</td>
<td>6GE + 2 TenGE</td>
<td>4</td>
<td>6</td>
<td>N/A</td>
<td>N/A</td>
<td>N/A</td>
</tr>
<tr>
<td>Height</td>
<td>1.75” (1RU)</td>
<td>1.75” (1RU)</td>
<td>3.5” (2RU)</td>
<td>3.5” (2RU)</td>
<td>7” (4RU)</td>
<td>10.5” (6RU)</td>
<td>22.7” (13RU)</td>
</tr>
<tr>
<td>Bandwidth</td>
<td>2.5 to 5 Gbps</td>
<td>2.5 to 20 Gbps</td>
<td>5 to 10 Gbps</td>
<td>5 to 36 Gbps</td>
<td>10 to 40 Gbps</td>
<td>10 to 100 Gbps</td>
<td>40-100+ Gbps</td>
</tr>
<tr>
<td>Maximum Output Power</td>
<td>400W</td>
<td>250W</td>
<td>470W</td>
<td>470W</td>
<td>765W</td>
<td>1275W</td>
<td>3200W</td>
</tr>
<tr>
<td>Airflow</td>
<td>Front to back</td>
<td>Front to back</td>
<td>Front to back</td>
<td>Front to back</td>
<td>Front to back</td>
<td>Front to back</td>
<td>Front to back</td>
</tr>
</tbody>
</table>
ASR1000 Series SPA Interface Processor
SIP10 and SIP40

- Physical termination of SPA
- 10 or 40 Gbps aggregate throughput options
- Supports up to 4 SPAs
  - 4 half-height, 2 full-height, 2 HH+1FH
  - full OIR support
- Does not participate in forwarding
- Limited QoS
  - Ingress packet classification – high/low
  - Ingress over-subscription buffering (low priority) until ESP can service them.
  - Up to 128MB of ingress oversubscription buffering
- Capture stats on dropped packets
- Network clock distribution to SPAs, reference selection from SPAs
- IOCP manages Midplane links, SPA OIR, SPA drivers
ASR1000 SIP40 and SIP10

Major Functional Differences

- Sustained throughput of 40Gbps vs 10Gbps for SIP10
- Different ESI modes depending on the ESP being used (1x10G vs 2x20G)
- Packet classification enhancements to support more L2 transport types (e.g. PPP, HDLC, FR, ATM…)
- Support for more queues (96 vs 64), allows up to 12 Ethernet ports per half-height SPA
- 3-level priority scheduler (Strict, Min, Excess) vs 2-level (Min, Excess)
- Addition of per-port and per-VLAN/VC ingress policers
- Network clocking support
  - DTI clock distribution to SPAs
  - Timestamp and time-of-day clock distribution
SIP40 Block Diagram

ESI Links: 2x 20G to each ESP (2x10G for SIP10)

IO Control (IOCP) Processor Complex

128MB Ingress Buffering

HW-based 3-priority Scheduler Strict, Min, Excess SIP10: Min, Excess only

Enhanced Classifier (PPP, HDLC, ATM, FR)
# Shared Port Adapters (SPA) and SFPs

<table>
<thead>
<tr>
<th>Optics</th>
<th>Optics</th>
<th>POS SPA</th>
<th>Serial/Channelized/Clear Channel SPA</th>
<th>Ethernet SPA</th>
<th>Service SPA</th>
<th>CEOP SPA</th>
</tr>
</thead>
<tbody>
<tr>
<td>SFP-OC3-MM</td>
<td>SFP-GE-S / GLC-SX-MMD</td>
<td>SPA-2XOC3-POS</td>
<td>SPA-4XT-Serial</td>
<td>SPA-4X1FE-TX-V2</td>
<td>SPA-WMA-K9</td>
<td>SPA-1CHOC3-CE-ATM</td>
</tr>
<tr>
<td>SFP-OC3-SR</td>
<td>SFP-GE-L / GLC-LH-SMD</td>
<td>SPA-4XOC3-POS</td>
<td>SPA-8XCHT1/E1</td>
<td>SPA-8X1FE-TX-V2</td>
<td>SPA-DSP</td>
<td>SPA-24CHT1-CE-ATM</td>
</tr>
<tr>
<td>SFP-OC3-IR1</td>
<td>SFP-GE-Z</td>
<td>SPA-8XOC3-POS</td>
<td>SPA-4XCT3/DS0</td>
<td>SPA-2X1GE-V2</td>
<td></td>
<td></td>
</tr>
<tr>
<td>SFP-OC3-LR1</td>
<td>SFP-GE-T</td>
<td>SPA-1XOC12-POS</td>
<td>SPA-2XCT3/DS0</td>
<td>SPA-5X1GE-V2</td>
<td></td>
<td></td>
</tr>
<tr>
<td>SFP-OC3-LR2</td>
<td>CWDM</td>
<td>SPA-2XOC12-POS</td>
<td>SPA-1XCHSTM1/OC3</td>
<td>SPA-8X1GE-V2</td>
<td></td>
<td></td>
</tr>
<tr>
<td>SFP-OC12-MM</td>
<td>XFP-10GLR-OC192SR / XFP10GLR-192SR-L</td>
<td>SPA-4XOC12-POS</td>
<td>SPA-1XCHOC12/DS0</td>
<td>SPA-10X1GE-V2</td>
<td></td>
<td></td>
</tr>
<tr>
<td>SFP-OC12-SR</td>
<td>XFP-10GER-192IR+ / XFP10GER-192IR-L</td>
<td>SPA-8XOC12-POS</td>
<td>SPA-2XT3/E3</td>
<td>SPA-1X10GE-L-V2</td>
<td></td>
<td></td>
</tr>
<tr>
<td>SFP-OC12-IR1</td>
<td>XFP-10GZR-OC192LR</td>
<td>SPA-1XOC48-POS/RPR</td>
<td>SPA-4XT3/E3</td>
<td>SPA-1X10GE-WL-V2</td>
<td></td>
<td></td>
</tr>
<tr>
<td>SFP-OC12-LR1</td>
<td>XFP-10G-MM-SR</td>
<td>SPA-2XOC48POS/RPR</td>
<td></td>
<td>SPA-2X1GE-SYNE</td>
<td></td>
<td></td>
</tr>
<tr>
<td>SFP-OC12-LR2</td>
<td>GLC-GE-100FX</td>
<td>SPA-4XOC48POS/RPR</td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>SFP-OC48-SR</td>
<td>GLC-BX-U</td>
<td>SPA-4XOC48POS/RPR</td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>SFP-OC48-IR1</td>
<td>GLC-BX-D</td>
<td>SPA-OC192POS-XFP</td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>SFP-OC48-LR2</td>
<td>DWDM-XFP 32 fixed channels</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>XFP-10GLR-OC192SR</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>XFP-10GER-OC192IR</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>XFP-10GZR-OC192LR</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</tbody>
</table>

# Ethernet SPA
- SPA-4X1FE-TX-V2
- SPA-8X1FE-TX-V2
- SPA-2X1GE-V2
- SPA-5X1GE-V2
- SPA-8X1GE-V2
- SPA-10X1GE-V2
- SPA-1X10GE-L-V2
- SPA-1X10GE-WL-V2
- SPA-2X1GE-SYNE

# Service SPA
- SPA-WMA-K9
- SPA-DSP

# CEOP SPA
- SPA-1CHOC3-CE-ATM
- SPA-24CHT1-CE-ATM

**Optics**
- SFP-OC3-MM
- SFP-OC3-SR
- SFP-OC3-IR1
- SFP-OC3-LR1
- SFP-OC3-LR2
- SFP-OC12-MM
- SFP-OC12-SR
- SFP-OC12-IR1
- SFP-OC12-LR1
- SFP-OC12-LR2
- SFP-OC48-SR
- SFP-OC48-IR1
- SFP-OC48-LR2
- XFP-10GLR-OC192SR
- XFP-10GER-OC192IR
- XFP-10GZR-OC192LR

**Optics**
- SFP-GE-S / GLC-SX-MMD
- SFP-GE-L / GLC-LH-SMD
- SFP-GE-Z
- SFP-GE-T
- CWDM
- XFP-10GLR-OC192SR / XFP10GLR-192SR-L
- XFP-10GER-192IR+ / XFP10GER-192IR-L
- XFP-10GZR-OC192LR
- XFP-10G-MM-SR
- GLC-GE-100FX
- GLC-BX-U
- GLC-BX-D
- DWDM-XFP 32 fixed channels

**POS SPA**
- SPA-2XOC3-POS
- SPA-4XOC3-POS
- SPA-8XOC3-POS
- SPA-1XOC12-POS
- SPA-2XOC12-POS
- SPA-4XOC12-POS
- SPA-8XOC12-POS
- SPA-1XOC48-POS/RPR
- SPA-2XOC48POS/RPR
- SPA-4XOC48POS/RPR
- SPA-OC192POS-XFP

**ATM SPA**
- SPA-1XOC3-ATM-V2
- SPA-3XOC3-ATM-V2
- SPA-1XOC12-ATM-V2
- SPA-2CHT3-CE-ATM
Route Processors: RP1, RP2 and ASR1001 RP  
– Two Generations of ASR1000 Route Processor

• First Generation
  – 1.5GHz PowerPC architecture
  – Up to 4GB IOS Memory
  – 1GB Bootflash
  – 33MB NVRAM
  – 40GB Hard Drive

• Second Generation:
  – 2.66Ghz Intel dual-core architecture
  – 64-bit IOS XE
  – Up to 16GB IOS Memory
  – 2GB Bootflash (eUSB)
  – 33MB NVRAM
  – Hot swappable 80GB Hard Drive
ASR 1000 Route Processor Architecture
Highly Scalable Control Plane Processor

- Manages all chassis functions
- Runs IOS—with over 2500 features!

Runs IOS, Linux OS
Manages board and Chassis functions

IOS Memory: RIB, FIB & Other Processes
Determines Route Scale
RP1: 4GB
RP2: 8 & 16GB

CPU Memory
(1.5/2.66 GHz Dual-core)

Card Infrastructure
USB
Mgmt ENET
Console and Aux
2.5" Hard disk

Bits (input & output)

nvram
Bootdisk
Stratum-3 Network clock circuit

CPU

Chassis Mgmt Bus
Interconn.
GE Switch

Input clocks
Output clocks

SIPs
ESPs
RP
Misc Ctrl

SIPs
ESPs
SIPs
ESPs
RP

System Logging
Core Dumps

Not a traffic interface! Mgmt only

Runs IOS, Linux OS
Manages board and Chassis functions

RP1: 1GB
RP2: 2GB

33MB

GE, 1Gbps
PC
SPA
SPA Control
SPA Bus

ESI, 11.2Gbps
SPA-SPI, 11.2Gbps
Hypertransport, 10Gbps
Other
## Route Processors (RP)

<table>
<thead>
<tr>
<th></th>
<th>ASR1001-X</th>
<th>ASR1002-X</th>
<th>RP1</th>
<th>RP2</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>CPU</strong></td>
<td>Dual-Core 2.0GHz Processor</td>
<td>Quad-Core 2.13GHz Processor</td>
<td>General Purpose CPU Based on 1.5GHz Processor</td>
<td>Dual-Core Processor, 2.66GHz</td>
</tr>
<tr>
<td><strong>Memory</strong></td>
<td>8GB default (4x2GB) 16GB maximum (4x4GB)</td>
<td>4GB default 8GB 16GB</td>
<td>2GB default (2x1GB) 4GB maximum (2x2GB) RP1 with 4GB built in ASR 1002</td>
<td>8GB default (4x2GB) 16GB maximum (4x4GB)</td>
</tr>
<tr>
<td><strong>Built-In eUSB Bootflash</strong></td>
<td>8GB</td>
<td>8GB</td>
<td>1GB (8GB on ASR 1002)</td>
<td>2GB</td>
</tr>
<tr>
<td><strong>Storage</strong></td>
<td>SSD (200G or 400G)</td>
<td>160GB HDD (optional) &amp; External USB</td>
<td>40GB HDD and External USB</td>
<td>80GB HDD and External USB</td>
</tr>
<tr>
<td><strong>Cisco IOS XE Operating System</strong></td>
<td>64 bit</td>
<td>64 bit</td>
<td>32 bit</td>
<td>64 bit</td>
</tr>
<tr>
<td><strong>Chassis Support</strong></td>
<td>Integrated in ASR1001-X chassis</td>
<td>Integrated in ASR1002-X chassis</td>
<td>ASR1002 (integrated), ASR1004, and ASR1006</td>
<td>ASR1004, ASR1006, and ASR1013</td>
</tr>
</tbody>
</table>

**New!**
Embedded Services Processors (ESP)
Scalable Bandwidth from 5Gbps to 200Gbps+

- Centralized, programmable, multiprocessor forwarding engine providing full-packet processing

- Packet Buffering and Queuing/Scheduling (BQS)
  - For output traffic to carrier cards/SPAs
  - For special features such as input shaping, reassembly, replication, punt to RP, etc.
  - 5 levels of HQoS scheduling, 128K Queues, Priority Propagation

- Dedicated Crypto Co-processor

- Interconnect providing data path links (ESI) to/from other cards over midplane
  - Transports traffic into and out of the Cisco Quantum Flow Processor (QFP)
  - Input scheduler for allocating QFP BW among ESIs

- FECP CPU managing QFP, crypto device, midplane links, etc.
ASR 1000 Forwarding Processor
Quantum Flow Flow Processor (QFP) Drives Integrated Services & Scalability

- Class/Policy Maps: QoS, DPI, FW
- ACL/ACE storage
- IPSec Security Association class groups, classes, rules
- NAT Tables

- Runs Linux
- Performs board management
- Program QFP & Crypto
- Stats collection

- Memory for FECP
- QFP client / driver
- OBFL
- QoS Class maps
- FM FP
- Statistics
- ACL ACEs copy
- NAT config objects
- IPSec/IKE SA
- NF config data
- ZB-FW config objects

- QoS Mark/Police
- NAT sessions
- IPSec SA
- Netflow Cache

- FW hash tables
- Per session data (FW, NAT, Netflow, SBC)
- QoS Queuing
- NAT VFR re-assembly
- IPSec headers

- System Bandwidth
  - 5, 10, 20 or 40 Gbps

NF: Netflow
ZBFW: Zone-based Firewall
FW: Firewall
SA: Security Association
VFR: Virtual Fragmentation Reassembly
OBFL: On-board Failure Logs
Embedded Services Processors
ESP 100G and Future ESP200G

ESP-100G

- Total Bandwidth
  - 100 Gbps
- Performance
  - Up to 32 Mpps
- QuantumFlow Processors
  - Resource Memory
  - TCAM
  - Packet Buffer
- Control CPU
  - Dual-core CPU
  - 1.73 GHz
  - 16 GB
- Broadband QoS
- IPSec Bandwidth (1400 B)
- FW/NAT
- Chassis Route Processor
  - ASR 1006, ASR 1013
  - RP2 + Future

ESP-200G

- Total Bandwidth
  - 200 Gbps
- Performance
  - Up to 64 Mpps
- QuantumFlow Processors
  - Resource Memory
  - TCAM
  - Packet Buffer
- Control CPU
  - Dual-core CPU
  - 1.73 GHz
  - 32 GB
- Broadband QoS
- IPSec Bandwidth (1400 B)
- FW/NAT
- Chassis Route Processor
  - ASR 1013
  - RP2 + Future

NSA “Suite-B” Security

New!
ESP-100 Block Diagram

Card Infrastructure

Memory

Boot Flash (OBFL, …)

Chassis Mgmt Bus

FECP (Dual-Core)

Crypto

Interconnect

ASR 1000 System BW (69 Gbps Each)

ESI, 11.5 & 23 Gbps
Interlaken 69 Gbps
PCle
I2C
GE, 1Gbps
Other

RPs

Memory

Processor pool

Dispatcher/Pkt Buffer

Pkt Buffer DRAM (512MB)

Resource DRAM (2GB)

TCAM4 (1x80Mbit)

QFP

Buffer, queue, schedule (BQS)

QFP

Dispatcher/Pkt Buffer

SIPs

ESP RPs

ASR 1000 System BW (69 Gbps Each)

Cisco Public
## Embedded Services Processors (ESP)

Based on Quantum Flow Processor (QFP)

<table>
<thead>
<tr>
<th>System Bandwidth</th>
<th>ESP-2.5G</th>
<th>ESP-5G</th>
<th>ESP-10G</th>
<th>ESP-20G</th>
<th>ASR1001-X ESP</th>
<th>ASR1002-X ESP</th>
<th>ESP-40G</th>
<th>ESP-100G</th>
<th>ESP-200G</th>
</tr>
</thead>
<tbody>
<tr>
<td>2.5 Gbps</td>
<td>5 Gbps</td>
<td>10 Gbps</td>
<td>20 Gbps</td>
<td>2.5/5/10/20 Gbps</td>
<td>5/10/20/36 Gbps</td>
<td>40 Gbps</td>
<td>100 Gbps</td>
<td>200 Gbps</td>
<td></td>
</tr>
<tr>
<td>Performance</td>
<td>3 Mpps</td>
<td>8 Mpps</td>
<td>17 Mpps</td>
<td>24 Mpps</td>
<td>13 Mpps</td>
<td>30 Mpps</td>
<td>24 Mpps</td>
<td>58 Mpps</td>
<td>130 Mpps</td>
</tr>
<tr>
<td># of Processors</td>
<td>10</td>
<td>20</td>
<td>40</td>
<td>40</td>
<td>31</td>
<td>8/16/32/62</td>
<td>40</td>
<td>128</td>
<td>256</td>
</tr>
<tr>
<td>Clock Rate</td>
<td>900 MHz</td>
<td>900 MHz</td>
<td>900 MHz</td>
<td>1.2 GHz</td>
<td>1.5 GHz</td>
<td>1.2 GHz</td>
<td>1.5 GHz</td>
<td>1.5 GHz</td>
<td>1.5 GHz</td>
</tr>
<tr>
<td>Crypto Engine BW (1400 bytes)</td>
<td>1 Gbps</td>
<td>1.8 Gbps</td>
<td>4.4 Gbps</td>
<td>8.5 Gbps</td>
<td>8 Gbps</td>
<td>4 Gbps</td>
<td>11 Gbps</td>
<td>29 Gbps</td>
<td>78 Gbps</td>
</tr>
<tr>
<td>QFP Resource Memory</td>
<td>256MB</td>
<td>256MB</td>
<td>512MB</td>
<td>1GB</td>
<td>4 GB</td>
<td>1GB</td>
<td>1GB</td>
<td>4GB</td>
<td>8GB</td>
</tr>
<tr>
<td>Packet Buffer</td>
<td>64MB</td>
<td>64MB</td>
<td>128MB</td>
<td>256MB</td>
<td>512MB</td>
<td>512MB</td>
<td>256MB</td>
<td>1GB</td>
<td>2GB</td>
</tr>
<tr>
<td>Control CPU</td>
<td>Single core 800 MHz</td>
<td>Single core 800 MHz</td>
<td>Single core 1.2 GHz</td>
<td>Quad core* 2.0 GHz</td>
<td>Quad core 2.13 GHz</td>
<td>Dual core 1.8 GHz</td>
<td>Dual core 1.73 GHz</td>
<td>Dual core 1.73 GHz</td>
<td></td>
</tr>
<tr>
<td>Control Memory</td>
<td>1 GB</td>
<td>1 GB</td>
<td>2 GB</td>
<td>4 GB</td>
<td>8 GB</td>
<td>4/8/16 GB</td>
<td>8 GB</td>
<td>16 GB</td>
<td>32 GB</td>
</tr>
<tr>
<td>TCAM</td>
<td>5 Mb</td>
<td>5 Mb</td>
<td>10 Mb</td>
<td>40 Mb</td>
<td>10 Mb</td>
<td>40 Mb</td>
<td>40 Mb</td>
<td>80 Mb</td>
<td>2 x 80 Mb</td>
</tr>
<tr>
<td>Chassis Support</td>
<td>ASR 1001 (Integrated)</td>
<td>ASR 1001 (Integrated), ASR 1002</td>
<td>ASR 1002, 1004, 1006</td>
<td>ASR 1004, 1006</td>
<td>ASR 1001-X</td>
<td>ASR1002-X</td>
<td>ASR 1004, 1006, 1013</td>
<td>ASR 1006, 1013</td>
<td>ASR 1013</td>
</tr>
</tbody>
</table>
Cisco Quantum Flow Processor

ASR1000 Series Innovation

- Five year design and continued evolution – now on 3rd generation
- Massively parallel, 64 multi-threaded cores; 4 threads per core
- QFP Architecture designed to scale to >100Gbit/sec
- 256 processes available to handle traffic
- High-priority traffic is prioritised
- Packet replication capabilities for Lawful Intercept
- Full visibility of entire L2 frame
- 3rd generation QFP is capable of 70Gbit/sec, 32Mpps processing
- Can cascade 1, 2 or 4 chips to build higher capacity ESPs
- Latency: tens of microseconds with features enabled

QFP Chip Set

Cisco QFP Packet Processor

Cisco QFP Traffic Manager
(Buffering, Queueing, Scheduling)
Quantum Flow Processor
Why Custom vs. Off-the-Shelf?

• Custom design needed for next-gen Network Integrated Services
  – Existing CPUs do not offer forwarding power required
  – Memory architecture of general purpose CPUs relies on large caches (64B/128B) -> Inefficient for network features

• QFP uses small memory access sizes (16B)
  – minimizes wasted memory reads and increases memory access
  – for the same raw memory BW, a 16B read allows 4-8 times the number of memory accesses/sec as a CPU using 64/128B accesses

• Preserves C-language programming support
  – Differentiator as compared to NPUs
  – Key to feature velocity
  – Support for portable, large-scale development

• Add hardware assists to further boost performance
  – TCAM, Pointer Lookup, Flow Locks, ACL Range Lookup, Weighted RED Controller…
  – Trade-off power requirement vs. board space

• Full Software and Configuration Consistency across Family
Third Generation QFP Details
Used on ASR1002-X, ESP-100 and ESP-200

• 3rd Gen QFP integrates both the PPE engine and the Traffic manager
  – 64 PPEs
  – 116K queues per 3rd gen QFP ASIC (128K queues for previous QFP)
  – 3rd gen QFP can be cascaded, so ESP 100 has total of 232K queues

• PPEs on 3rd gen QFP run the same Microcode as QFP
  – Features executed in PPEs have same behavior

• Full Configuration consistency with QFP

• Same feature behavior (e.g. TCP, policing accuracy…)

• In-service hardware upgrade & downgrade from ESP40 to ESP 100/200 supported

• Differences
  – Minor behavioral show-command differences
  – Deployment differences in deployments with large number of schedules
Cisco Enterprise Routing NPU Leadership
Continuing Investment in Networking Processor Technology

Increasing Branch and Network Edge Requirements

2005
Gen1 20G
QFP1
#cores: 40
#Threads: 160

Gen2 40G
QFP2
#cores: 64
#Threads: 256

Gen3 200G
QFP3 family
#cores: 32-256
#Threads: 128-1024

Lower Cost fully integrated NPU and IO device

2010
QFP4 family
#cores: >800
#Threads: >3200

Gen4 > 200G

2015
Next-Gen: Emphasis on Line-Rate Security and Advanced Feature Processing

High Speed Backplane Aggregation ASIC
IO Oversubscription & Aggregation ASIC

Number of Packet Processing Engines
Concurrent, parallel threads processed

Performance
ASR1001 Overview
Compact & Powerful 1RU for Secure High-end Branch, Router Reflector, Managed Services

- Performance 2.5 to 5-Gbps; License upgrade
- 4G (Default) & 8G & 16G Memory options
- Up to 1.8 Gbps crypto throughput built-in
- 1 single height SPA slot for I/O connectivity and 4 built-in GE ports + optional daughter card
- High Availability: Dual Power Supply with SW redundancy support

- Same IOS XE Feature Set
- Integrated I/O Options
  - ASR1001-2XOC3POS
  - ASR1001-4XT3 (no E3 support)
  - ASR1001-8XCHT1E1
  - ASR1001-4X1GE
ASR1001 Block Diagram

- **CPU (2.13 Ghz Dual Core)**
  - CPU Memory
  - Boot Flash (OBFL, ...)
  - JTAG Ctrl

- **Route Processor (Built-in)**
  - CPU Memory
  - nvram
  - Bootdisk

- **Interconnect**
  - ASR1001
  - SIP-10 (Built-in)
  - SPA Aggregation ASIC
  - Ingress Buffers (per port)
  - Egress Buffers (per port)

- **Processor pool**
  - Crypto
  - QFP
  - Dispatcher
  - Packet Buffer

- **BPW Upgradeable ESP-10**
  - Processor pool
  - Crypto
  - QFP
  - Dispatcher
  - Packet Buffer

- **Route Processor**
  - RP2-Class Route Processor
  - 4G/8G/16G Memory Options

- **No Network Sync Capability (BITs, etc)**

- **Soft Upgradeable BW ESP: 2.5G, 5G**

- **Built-in 4x1GE SPA**

- **Modular I/O via SPA And IDC**
ASR1002-X
Next Generation ASR1002

Chassis & HW
• 2RU form factor
• Integrated RP, ESP & SIP
• Redundant AC/DC PSU, same as ASR1002

System BW
• 5G, 10G, 20G, 36G, via software upgrade

Performance
• Up to 32 Mpps

Crypto BW
• 4Gbps

Control Plane
• Quad-core @2.13GHz processor
• 4/8/16 GB Memory Options

Data Plane
• Integrated ESP with SW selectable BW from 5G to 36G

I/O
• 3 SPA bays + 6 built-inGE ports (SyncE capable)
• Console / MGMT Ethernet / Aux
• External USB storage
• Optional HDD (160GB)

FW/NAT
• 36G FW/NAT, 2 M sessions

Network Timing
• Stratum 3/G.813 Clocking, BITS timing, GPS, SyncE, 1588

Image Security
• Secure boot
• Code Signing (FIPS-140-3)
ASR 1002-X Block Diagram

2nd Generation QFP: 40 Gbps Forwarding and Feature processing

New Octeon II
- 4G Crypto
- Suite-B

Integrated Control Plane - Quad Core CPU

Integrated SIP-40

Timing/Sync
BITS, GPS

PCIe
SPA Control
SPA Bus
I/L 69Gbps
11.6 Gbps
Other

SA table DRAM

TCAM4 (10Mbit)
Resource DRAM (512MB)
Pkt Buffer DRAM (128MB)
Fan Ctrl BW SRAM

CPU Memory

CPU
(2.13GHz Quad-Core)

ASR1002-X

Boot Flash (OBFL, ...)
JTAG Ctrl

Interconnect

SPAs

PPE0
PPE0
PPE0
PPE0
PPE1
PPE0
PPE0
PPE0
PPE5
PPE0
PPE0
PPE0
PPE2
PPE0
PPE0
PPE0
PPE40
PPE0
PPE0
PPE0
PPE4

Dispatcher/Pkt Buffer

CPU

Temp Sensor
Power Ctrl
E EEPROM

Interconnect

SPA Control
SPA Bus

New Octeon II
- 4G Crypto
- Suite-B
ASR 1001-X
New Next Generation ASR1001

Management/USB Ports
- RJ45 Management GE
- 2x USB Ports

Pay As You Grow
- 2.5G Default
- Upgradeable to 5G, 10G, and 20G
- Up to 8G Crypto Throughput

Control Plane
- Quad Cores; each core clocked at 2.0G Hz
- 8G DDR3 default shared memory

Built-in I/O
- 2x10G
- 6x1G
- Multipoint MACsec Capable

System Management
- Auxiliary Port
- RJ45 Console

Network Interface Modules
- SSD Drive
- ISR 4K Modules

Multi-Core Network Processor
- 32 Cores
- 4 Packet Processing Engines / Core
- 128 Threads are processed simultaneously

Mini Console
- 1x Mini USB Console

Shared Port Adapter
- 1x SPA slot

Launched at CiscoLive 2014!
ASR 1000 Fixed Ethernet Linecards
Higher Density Solution for Ethernet Interfaces

Available Now

Three Variants

- 2x10GE+20xGE - Now!
- 6x10GE – Now!
- 40x1GE –(Future)

Key Features

- All Ethernet related features currently supported on GE / 10GE SPAs on ASR1k
- SyncE
- IEEE 1588
- Y.1731
- 40 Gbps BW
- No SIP needed

Chassis

- ASR1004, ASR1006*, ASR1013
- ASR1013/06 power supply

RP

- RP2

ESP

- ESP40/100/200

*with 1600W ASR1013/06 power supply
ASR 1000 System Oversubscription

Key Oversubscription Points

• Total bandwidth of the system is determined by the following factors
  – Type of forwarding engine: eg. ESP-10, ESP-20, ESP40 or ESP100
  – Type of SIP: SIP10 or SIP40
  – The SIP bandwidth is the bandwidth of the link between one SPA Interface Processor and the ESP

• Step 1: SPA-to-SIP Oversubscription
  – Up to 4 x 10Gbps SPAs per SIP 10 = 4:1 Oversubscription Max
  – No over subscription for SIP-40 = 1:1
  – Calculate your configured SPA BW to SIP capacity ratio

• Step 2: SIP-to-ESP Oversubscription
  – Up to 2, 3 or 6 SIPs share the ESP bandwidth, depending on the ASR1000 chassis used
  – Calculate configured SIP BW to ESP capacity ratio

• Total Oversubscription = Step1 x Step2
**SIP Interconnect BW Depends on ESP & Chassis**

- Each ESP has a different Interconnect ASIC with different numbers of ESI ports
  - ESP-10G: 10G to all slots
    - 1 x 11.5G ESI to each SIP slot
  - ESP-20G: 20G to all slots except ASR1006 slot 3
    - 2 x 11.5G ESI to two SIP slots; 1 x 11.5G to third SIP slot
  - ESP-40G: 40G to all slots except ASR1013 slots 4 and 5
    - 2 x 23G ESI to all three SIP slots in ASR1006
    - 1 x 23G ESI to slots 4 and 5 in ASR1013
  - ESP-100G: 40G to all slots
    - 2 x 23G ESI to all SIP slots
- Be aware of these exceptions!
## ASR 1000 System Oversubscription (Cont.)

<table>
<thead>
<tr>
<th>Chassis Version</th>
<th>ESP Version</th>
<th>SIP Version</th>
<th>SIP Slots</th>
<th>Max. Bandwidth per IP Slot (Gbps)</th>
<th>SPA to SIP Oversubscription</th>
<th>Bandwidth on ESP (Gbps)</th>
<th>SIP to ESP Oversubscription</th>
<th>I/O to ESP Oversubscription</th>
</tr>
</thead>
<tbody>
<tr>
<td>ASR 1001</td>
<td>ESP2.5</td>
<td>n.a.</td>
<td>n.a.</td>
<td>2:1</td>
<td>2.5</td>
<td>5.6:1</td>
<td>5.6:1</td>
<td></td>
</tr>
<tr>
<td>ASR 1001/ASR1002</td>
<td>ESP5</td>
<td>n.a.</td>
<td>n.a.</td>
<td>4:1</td>
<td>5</td>
<td>6.8:1</td>
<td>6.8:1</td>
<td></td>
</tr>
<tr>
<td></td>
<td>ESP10</td>
<td>n.a.</td>
<td>n.a.</td>
<td>4:1</td>
<td>10</td>
<td>3.4:1</td>
<td>3.4:1</td>
<td></td>
</tr>
<tr>
<td>ASR 1002-X</td>
<td>ESP40</td>
<td>SIP40</td>
<td>n.a.</td>
<td>9:10</td>
<td>36</td>
<td>1.1</td>
<td>9:10</td>
<td></td>
</tr>
<tr>
<td>ASR 1004</td>
<td>ESP10</td>
<td>SIP10</td>
<td>2</td>
<td>4:1</td>
<td>10</td>
<td>2.1</td>
<td>8:1</td>
<td></td>
</tr>
<tr>
<td></td>
<td>ESP20</td>
<td>SIP10</td>
<td>2</td>
<td>4:1</td>
<td>20</td>
<td>1.1</td>
<td>4:1</td>
<td></td>
</tr>
<tr>
<td></td>
<td>ESP40</td>
<td>SIP10</td>
<td>2</td>
<td>4:1</td>
<td>40</td>
<td>1.2</td>
<td>4:1</td>
<td></td>
</tr>
<tr>
<td>ASR 1006</td>
<td>ESP10</td>
<td>SIP10</td>
<td>3</td>
<td>4:1</td>
<td>10</td>
<td>3:1</td>
<td>12:1</td>
<td></td>
</tr>
<tr>
<td></td>
<td>ESP20</td>
<td>SIP10</td>
<td>3</td>
<td>4:1</td>
<td>20</td>
<td>3:2</td>
<td>6:1</td>
<td></td>
</tr>
<tr>
<td></td>
<td>ESP40</td>
<td>SIP 10</td>
<td>3</td>
<td>4:1</td>
<td>40</td>
<td>3:4</td>
<td>4:1</td>
<td></td>
</tr>
<tr>
<td></td>
<td>ESP40</td>
<td>SIP 40</td>
<td>3</td>
<td>1:1</td>
<td>40</td>
<td>3:1</td>
<td>3:1</td>
<td></td>
</tr>
<tr>
<td></td>
<td>ESP100</td>
<td>SIP40</td>
<td>3</td>
<td>1:1</td>
<td>100</td>
<td>6:5</td>
<td>6:5</td>
<td></td>
</tr>
<tr>
<td>ASR 1013</td>
<td>ESP40</td>
<td>SIP10</td>
<td>6</td>
<td>4:1</td>
<td>40</td>
<td>3:2</td>
<td>6:1</td>
<td></td>
</tr>
<tr>
<td>ESP40</td>
<td>SIP40</td>
<td>Slots 1, 2, 3, 4</td>
<td>40</td>
<td>1:1</td>
<td>40</td>
<td>9:2</td>
<td>6:1</td>
<td></td>
</tr>
<tr>
<td>ESP100</td>
<td>SIP40</td>
<td>Slots 5, 6</td>
<td>10</td>
<td>4:1</td>
<td>100</td>
<td>12:5</td>
<td>12:5</td>
<td></td>
</tr>
</tbody>
</table>

Example:

1. 4x10G SPAs max per SIP
2. 3 SIPs max per ESP
3. 12x10G SPAs max per ESP
SOFTWARE ARCHITECTURE
Software Architecture–IOS XE

• IOS XE = IOS + IOS XE Middleware + Platform Software. Not a new OS!

• Operational Consistency—same look and feel as IOS Router

• IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc.) Capable of 64-bit operation

• Linux kernel with multiple processes running in protected memory for
  – Fault containment
  – Re-startability
  – ISSU of individual SW packages

• ASR 1000 HA Innovations
  – Zero-packet-loss RP Failover
  – <50ms ESP Failover
  – “Software Redundancy”
ASR 1000 Software Architecture

- Initialization and boot of RP Processes
  - Generates configurations
  - Populates and maintains routing tables (RIB, FIB...)
- Provides abstraction layer between hardware and IOS
  - Manages ESP redundancy
  - Maintains copy of FIB and interface list
  - Communicates FIB status to active & standby ESP (or bulk-download state info in case of restart)
- Maintains copy of FIBs
  - Programs QFP forwarding plane and QFP DRAM
  - Statistics collection and communication to RP
- Communicates with Forwarding manager on RP
  - Provides interface to QFP Client / Driver
- Implements forwarding plane
  - Programs PPEs with forwarding information
- Driver Software for SPA interface cards. Loaded separately and independently
  - Failure or upgrade of driver does not affect other SPAs in same or different SIPs
Control Plane Process Communication

- CPU
- IOS
- Chassis Mgr.
- Forwarding Mgr.
- Kernel (incl. utilities)

- FECP
- QFP Client / Driver
- Chassis Mgr.
- Forwarding Mgr.
- Kernel (incl. utilities)

- QFP subsys-temp
- QFP code
- Crypto assist

- Interconn.
- OIR / Chassis messages

- ESP
- OCP
- SPA Agg.
- SPA drive r
- Chassis Mgr.
- Kernel (incl. utilities)

- Interconn.
- IPC Messages
- GE, 1Gbps
- PC
- SPA Control
- SPA Bus

- SIP
- SPA...
Feature Invocation Array in QFP μcode

Feature Processing Follows a Pre-defined Execution Sequence

For Your Reference

Use this command to see your detailed FIA per interface

show platform hardware qfp active interface if-name<interface/subintf>

Forwarding
- IP Unicast
- Loadbalancing
- IP Multicast
- MPLS Imposit.
- MPLS Dispos.
- MPLS Switch.
- FRR
- AToM Dispos.
- MPLSoGRE

R2/L3 Classify
- L2/L3 Classify
- IPv6
- IPv4
- MPLS
- XConnect
- L2 Switch

- IPv4 Validation

- SSLVPN
- ERSSPAN
- MLP
- IP Hdr. Compress.
- VASI
- LI
- LISP
- FPM
- ACL
- BGP Policy Acct.

- Netflow
- ISG
- QPPB
- QoS Classify/Police
- IPSec
- uRPF
- NAT
- PBR
- SBC
- WCCP

- NAT
- APS
- WCCP
- Classify
- SSLVPN
- Firewall
- IPSec
- ACL
- GEC
- FPM
- MLP

- ISG
- Marking
- Policing
- Accounting
- TCP MSS Adjust
- Netflow
- LI
- BDI & Bridging
- IP Tunnels
- IPHC
- Queuing

BRKARC-2001 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
1. **RPBase**: RP OS  
   Why?: Upgrading the OS will require reload to the RP and expect minimal changes

2. **RPIOS**: IOS  
   Why?: Facilitates Software Redundancy feature

3. **RPAccess (K9 & non-K9)**: Software required for Router access; 2 versions available. One that contains open SSH & SSL and one without  
   Why?: To facilitate software packaging for export-restricted countries

4. **RPControl**: Control Plane processes that interface between IOS and the rest of the platform  
   Why?: IOS XE Middleware

5. **ESPBase**: ESP OS + Control processes + QFP clint/driver/ucode:  
   Why?: Any software upgrade of the ESP requires reload of the ESP

6. **SIPBase**: SIP OS + Control processes  
   Why?: OS upgrade requires reload of the SIP

7. **SIPSPA**: SPA drivers and FPD (SPA FPGA image)  
   Why?: Facilitates SPA driver upgrade of specific SPA slots
### Frequency of Extended Maintenance Branches

| Every 12 months | 4 months | 6 months | 3 | 48 months | 3-3-3-6-6-6 |

### Frequency of Releases

| Standard maintenance rebuild Interval (months) | Length of Standard Maintenance Branch | Standard maintenance rebuild Interval (months) | Length of Extended Maintenance Branch | Extended Maintenance Rebuild Interval (months) | 3-3-3-6-6-6 |
Packet Flows – Data Plane
Data Packet Flow: From SPA Through SIP

1. SPA receives packet data from its network interfaces and transfers the packet to the SIP
2. SPA Aggregation ASIC classifies the packet into H/L priority
3. SIP writes packet data to external 128MB memory (at 40Gbps from 4 full-rate SPAs)
4. Ingress buffer memory is carved into 64 queues. The queues are arranged by SPA-SPI channel and optionally H/L. Channels on “channelized” SPAs share the same queue.
5. SPA ASIC selects among ingress queues for next pkt to send to ESP over ESI. It prepares the packet for internal transmission
6. The interconnect transmits packet data of selected packet over ESI to active ESP at up to 11.5 Gbps
7. Active ESP can backpressure SIP via ESI ctl message to slow pkt transfer over ESI if overloaded (provides separate backpressure for Hi vs. Low priority pkt data)
Data Packet Flow: Through ESP10

1. Packet arrives on QFP
2. Packet assigned to a PPE thread.
3. The PPE thread processes the packet in a feature chain similar to 12.2S IOS (very basic view of a v4 use case):
   - Input Features applied
     - NetFlow, MQC/NBAR Classify, FW, RPF, Mark/Police, NAT, WCCP etc.
   - Forwarding Decision is made
     - Ipv4 FIB, Load Balance, MPLS, MPLSoGRE, Multicast etc.
   - Output Features applied
     - NetFlow, FW, NAT, Crypto, MQC/NBAR Classify, Police/Mark etc.
   - Finished
4. Packet released from on-chip memory to Traffic Manager (Queued)
5. The Traffic Manager schedules which traffic to send to which SIP interface (or RP or Crypto Chip) based on priority and what is configured in MQC
6. SIP can independently backpressure ESP via ESI control message to pace the packet transfer if overloaded
1. Interconnect receives packet data over ESI from the active ESP at up to 46 Gbps

2. SPA Aggregation ASIC receives the packet and writes it to external egress buffer memory

3. Egress buffer memory is carved into 64 queues. The queues are arranged by egress SPA-SPI channel and optionally H/L. Channels on “channelized” SPAs share the same queue.

4. SPA Aggregation ASIC selects and transfers packet data from eligible queues to SPA-SPI channel (Hi queue are selected before Low)

5. SPA can backpressure transfer of packet data burst independently for each SPA-SPI channel using SPI FIFO status

6. SPA transmits packet data on network interface
ASR1000 QoS
ASR 1000 Forwarding Path

QoS View

1. SPA classification
2. Ingress SIP packet buffering
3. Port rate limiting & weighting for forwarding to ESP
4. Advanced classification
5. Ingress MQC based QoS
6. Egress MQC based QoS
7. Hierarchical packet scheduling & queuing
8. Egress SIP packet buffering
ASR 1000 ESP QoS

QFP Processing

• The following QoS functions are handled by PPEs:
  – Classification
  – Marking
  – Policing
  – WRED

• After all the above QoS functions (along with other packet forwarding features such as NAT, Netflow, etc.) are handled the packet is put in packet buffer memory handed off to the Cisco QFP Traffic Manager

• All ESP QoS functions are configured using MQC CLI
ASR 1000 QoS
The QFP Traffic Manager (BQS) performs all packet scheduling decisions.

- Cisco QFP Traffic Manager implements a 3 parameter scheduler which gives advanced flexibility. Only 2 parameters can be configured at any level (min/max or max/excess)
  - Minimum - bandwidth
  - Excess - bandwidth remaining
  - Maximum - shape

- Priority propagation (via minimum) ensures that high priority packets are forwarded first without loss

- Packet memory is one large pool. Interfaces do not reserve a specific amount of packet memory.

- Out of resources memory exhaustion conditions
  - Non-priority user data dropped at 85% packet memory utilization
  - Priority user data dropped at 97% packet memory utilization
  - Selected IOS control plane packets and internal control packets only dropped at 100% memory utilization
ASR 1000 QoS
Traffic Manager Statistics

- `show plat hard qfp active stat drop all | inc BqsOor`
  - This gives a counter which shows if any packets have been dropped because of packet buffer memory exhaustion.

- `show plat hard qfp active infra bqs status`
  - Gives metrics on how many active queues and schedules are in use. Also gives statistics on QFP QoS hierarchies that are under transition.

- `show plat hard qfp active bqs 0 packet-buffer util`
  - Gives metrics on current utilization of packet buffer memory
ASR 1000 QoS
Queuing Highlights

- Multilayer hierarchies (5 layers in total)
  - SIP, interface, 3 layers of queuing MQC QoS
- Two levels of priority traffic (1 and 2)
- Strict and conditional priority rate limiting
- 3 parameter scheduler (min, max, & excess)
- Priority propagation for no loss priority forwarding via minimum parameter
- Shaping average and peak options, burst parameters are accepted but not used
- Backpressure mechanism between hardware components to deal with external flow control
**ASR 1000 QoS**

Classification and Marking

- **Classification**
  - IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, ACL, packet-length, ATM CLP, COS, inner/outer COS (QinQ), vlan, input-interface, qos-group, discard-class
  - QFP is assisted in hardware by TCAM

- **Marking**
  - IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, discard-class, qos-group, ATM CLP, COS, inner/outer COS

- **Enhanced match and marker stats may be enabled with a global configuration option**
  - platform qos marker-statistics
  - platform qos match-statistics per-filter
ASR 1000 Policing and Congestion Avoidance

• Policing
  – 1R2C – 1 rate 2 color
  – 1R3C – 1 rate 3 color
  – 2R2C – 2 rate 2 color
  – 2R3C – 2 rate 3 color
  – color blind and aware in XE 3.2 and higher software
    • supports RFC 2697 and RFC 2698
    • explicit rate and percent based configuration
    – dedicated policer block in QFP hardware

• WRED
  – precedence (implicit MPLS EXP), dscp, and discard-class based
  – ECN marking
  – byte, packet, and time based CLI
  – packet based configurations limited to exponential constant values 1 through 6
  – dedicated WRED block in QFP hardware
IPSEC ON ASR1000
ASR1000 NextGen Encryption

Improved Octeon-II Crypto Processor on new platforms

- **ESP-100 / 200**
  - 24 core processor
  - 800MHz clock frequency
  - 2GB DDR3 SDRAM
  - Up to 20Gbps (512B packets)

- **ASR 1002-X**
  - 6 core processor
  - 1.1 GHz clock frequency
  - Up to 4Gbps (512B packets)

- **ASR 1001-X**
  - Up to 8 Gbps Crypto

- Compare to ESP10/20/40
  - 350Mhz Nitrox II with 8 & 18 cores respectively

- **Crypto support:**
  - AES, SHA-1, ARC4, DES, 3-DES
  - IKEv1 or IKEv2

- **Next Gen “Suite B” crypto support**
  - Encryption: AES-128-GCM
  - Authentication: HMAC-SHA-256
  - Hashing: SHA-256
  - Protocol: IKEv2

- **NOTE:** In-Box High Availability ASR1006 configuration:
  ESP to ESP - stateful
  RP to RP – stateless
ASR 1000 Forwarding Processor
IPSec Processing is done with Crypto Co-processor Assist

- IPSec SA Database
- IKE SA Database
- Crypto-map
- DH key pairs
- IPSec SA class groups
- Classes
- Rules (ACE or IPSec SA)
- Outbound packet classification
- Formatting of packets to Crypto chip (internal header)
- Receiving packets from crypto chip
- Removal of internal crypto header
- Re-assembly of fragmented IPSec packets

- Anti-replay check
- Encryption / decryption (Diffie-Helman)
- NAT Traversal
- Traffic-based lifetime expiry

- Anti-replay check
- Encryption / decryption (Diffie-Helman)
- NAT Traversal
- Traffic-based lifetime expiry
ASR 1000 IPSec Software Architecture
Function Partitioning

- Creation of IPSec Security Associations (SA)
- IKE Control Plane (IKE negotiation, expiry, tunnel setup)
- Communicates FIB status to active & standby ESP (or bulk-download state info in case of restart)
- Communicates with Forwarding manager on RP
- Provides interface to QFP Client / Driver
- Copy of IPSec SAs
- Copy of IKE SAs
- Synchronization of SA Databases with standby ESP
- Punting of Encrypted packets to the Crypto Assist
- Encryption / Decryption of packets

For Your Reference
## ASR 1000 IPSec Performance & Scale

<table>
<thead>
<tr>
<th></th>
<th>ASR 1001</th>
<th>ASR 1001-X</th>
<th>ASR 1002-X</th>
<th>ESP5</th>
<th>ESP10</th>
<th>ESP20</th>
<th>ESP40</th>
<th>ESP100</th>
<th>ESP200</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Supported Chassis</strong></td>
<td>ASR1001</td>
<td>ASR 1001-X</td>
<td>ASR1002-X</td>
<td>ASR 1002</td>
<td>ASR 1002, 1004, 1006</td>
<td>ASR 1004 &amp; 1006</td>
<td>ASR1004 1006 &amp; 1013</td>
<td>ASR1006 &amp; 1013</td>
<td>ASR1013</td>
</tr>
<tr>
<td><strong>Encryption Throughput</strong> (Max/IMIX)</td>
<td>1.8/1 Gbps</td>
<td>8/5.8Gbps</td>
<td>4/4Gbps</td>
<td>1.8/1 Gbps</td>
<td>4/2.5 Gbps</td>
<td>9.2/6.3 Gbps</td>
<td>12.9/7.4 Gbps</td>
<td>29/16 Gbps</td>
<td>78/59 Gbps</td>
</tr>
<tr>
<td><strong>VRFs (RP2/RP1)</strong></td>
<td>4000</td>
<td>4000</td>
<td>8000</td>
<td>1000</td>
<td>1000</td>
<td>8000/1000</td>
<td>8000/1000</td>
<td>8000</td>
<td>8000</td>
</tr>
<tr>
<td><strong>Total Tunnels</strong></td>
<td>4000</td>
<td>8000</td>
<td>8000</td>
<td>4000</td>
<td>4000</td>
<td>8000</td>
<td>8000</td>
<td>8000</td>
<td>8000</td>
</tr>
<tr>
<td><strong>Tunnel Setup Rate w/ RP2</strong> (IPSec, per sec)</td>
<td>130</td>
<td>Under Test</td>
<td>130</td>
<td>N/A</td>
<td>130</td>
<td>130</td>
<td>130</td>
<td>130</td>
<td>130</td>
</tr>
<tr>
<td><strong>Tunnel Setup Rate w/ RP1</strong> (IPSec, per sec)</td>
<td>N/A</td>
<td>N/A</td>
<td>N/A</td>
<td>90</td>
<td>90</td>
<td>90</td>
<td>90</td>
<td>90</td>
<td>N/A</td>
</tr>
<tr>
<td><strong>DMVPN / BGP Adjacencies</strong> (RP2/RP1, 5 routes per peer)</td>
<td>3500</td>
<td>4000</td>
<td>4000</td>
<td>3000</td>
<td>3000</td>
<td>4000</td>
<td>4000</td>
<td>4000</td>
<td>4000</td>
</tr>
<tr>
<td><strong>DMVPN / EIGRP Adjacencies</strong> (RP2/RP1, 5 routes per peer)</td>
<td>3500</td>
<td>4000</td>
<td>4000</td>
<td>3000</td>
<td>3000</td>
<td>4000</td>
<td>4000</td>
<td>4000</td>
<td>4000</td>
</tr>
<tr>
<td><strong>FlexVPN + dVTI</strong></td>
<td>2000</td>
<td>Under Test</td>
<td>4000</td>
<td>2000</td>
<td>2000</td>
<td>4000</td>
<td>4000</td>
<td>4000</td>
<td>4000</td>
</tr>
</tbody>
</table>

*RP2 is not recommended with ESP10; RP1 is not recommended with ESP20
HIGH AVAILABILITY
High-Availability on the ASR 1000
ASR1000 Built for Carrier-grade HA

- Redundant ESP / RP on ASR 1006 and ASR 1013
- Software Redundancy on ASR 1001, ASR 1002, ASR 1004
- Zero packet loss on RP Fail-over! Max 100ms loss for ESP fail-over
- Intra-chassis Stateful Switchover (SSO) support for
  - Configuration
  - Protocols: FR, ML(PPP), HDLC, VLAN, IS-IS, BGP, CEF, SNMP, MPLS, MPLS VPN, LDP, VRF-lite
  - Stateful features: PPPoX, AAA, DHCP, IPSec, NAT, Firewall
- IOS XE also provides full support for Network Resiliency
  - NSF/GR for BGP, OSPFv2/v3, IS-IS, EIGRP, LDP
  - IP Event Dampening; BFD (BGP, IS-IS, OSPF)
  - GLBP, HSRP, VRRP
- Support for ISSU
- Stateful inter-chassis redundancy available for NAT, Firewall, SBC
Software Redundancy – IOS XE
ASR1002 and ASR1004

• IOS runs as its own Linux process for control plane (Routing, SNMP, CLI etc.)

• Linux kernel runs IOS process in protected memory for:
  – Fault containment
  – Restart-ability of individual SW processes

• Software redundancy helps when there is a RP-IOS failure/crash

• Active process will switchover to the standby, while forwarding continues with zero packet loss

• Can be used for ISSU of RP-IOS package for control-plane bug fixes and PSIRTs

• Other software crashes (example: SIP or ESP) cannot benefit from Software redundancy
ASR 1006 High Availability Infrastructure
Infrastructure for Stateful Redundancy

- Provides hitless or near hitless switchover
- Reliable IPC transport used for synchronization
- HA operates in a similar manner to other protocols on the ASR 1000
ASR 1000 In-Service Software Upgrade

- Ability to perform upgrade of the IOS image on the single-engine systems
- Support for software downgrade
- “In Service” component upgrades (SIP-Base, SIP-SPA, ESP-Base) without requiring reboot to the system
- Hitless upgrade of some software packages

- RP Portability - installing & configuring hardware that are physically not present in the chassis
- This allows the user to configure an RP in one system i.e. a 4RU and then move it to another system i.e. a fully populated 6RU
- One-shot ISSU procedure available for H/W redundant platforms

<table>
<thead>
<tr>
<th>Software Release</th>
<th>3.1.0</th>
<th>3.1.1</th>
<th>3.1.2</th>
<th>3.2.1</th>
<th>3.2.2</th>
</tr>
</thead>
<tbody>
<tr>
<td>From \ To</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>3.1.0</td>
<td>N/A</td>
<td>SSO</td>
<td>SSO</td>
<td>SSO via 3.1.2</td>
<td>SSO via 3.1.2</td>
</tr>
<tr>
<td>3.1.1</td>
<td>SSO</td>
<td>N/A</td>
<td>SSO</td>
<td>SSO via 3.1.2</td>
<td>SSO via 3.1.2</td>
</tr>
<tr>
<td>3.1.2</td>
<td>SSO</td>
<td>SSO</td>
<td>N/A</td>
<td>SSO Tested</td>
<td>SSO Tested</td>
</tr>
<tr>
<td>3.2.1</td>
<td>SSO via 3.1.2</td>
<td>SSO via 3.1.2</td>
<td>SSO Tested</td>
<td>N/A</td>
<td>SSO Tested</td>
</tr>
<tr>
<td>3.2.2</td>
<td>SSO via 3.1.2</td>
<td>SSO via 3.1.2</td>
<td>SSO Tested</td>
<td>SSO Tested</td>
<td>N/A</td>
</tr>
</tbody>
</table>
Attend the Deep-Dive Breakout Session: BRKARC-2019
RP2/ESP40 Feature Impact Performance

- Individual features have small impact with small packet sizes
- Individual features have miniscule impact at large packet sizes (above 516B)
- QFP has excellent behavior even with combined features for larger packet sizes!
Latency Performance Example

- For details on the Test setup and feature configuration, see RFC 2544 Latency Testing on Cisco ASR 1000 Series

Max – 1.1-1.4ms

Avg – 50-55us

Min – 25us
Key Resources to Monitor

**Software View**
- IOS
- Forwarding Manager
- Forwarding Manager
- QFP Client Driver
- QFP Datapath S/W

**System View**
- Route Processor
  - RP Memory
  - RP CPU
  - GE MAC
  - Interconnect
- Forwarding Processor (Active)
  - FP CPU
  - ESP Memory
  - TCAM
  - Resource DRAM
  - Packet Buffer DRAM
  - Crypto Assist
  - PPEs
  - QFP
  - BQS
  - Interconnect

**SPA Carrier Card**

**Legend:**
- Supported by MIBs
- Not supported by MIBs
- Forwarding Information Paths
- Control Plane traffic
- Transit Path

**Show Commands:**
- `show proc CPU sort`
- `show mem statistics`
- `show platform software status control-processor status brief`
- `show platform hardware qfp active tcam resource-manager usage`
- `show platform hardware qfp active infrastructure exmem statistics`
- `show platform hardware qfp active qfp infrastructure bqs status`
- `show platform hardware qfp active bqs 0 packet buffer utilization`

*75%*
Facility & Environment Monitoring

- Facilities & Environment can be monitored via:
  1. **SNMP:**
     - **CISCO-ENTITY-ALARM-MIB** : power supplies and fans
     - **ENTITY-SENSOR-MIB** : Sensors
  2. Show command

- Recommended traps to monitor:
  - cefcModuleStatusChange
  - cefcPowerStatusChange
  - cefcFRUInterupted
  - cefcFRURemoved
  - entConfigChange
  - entSensorThresholdNotification

- **CISCO-ENVMON-MIB** is not supported on ASR1k

---

### ASR1000#show facility-alarm status

<table>
<thead>
<tr>
<th>Source</th>
<th>Severity</th>
<th>Description [Index]</th>
</tr>
</thead>
<tbody>
<tr>
<td>Cisco ASR1004 AC Power Sup</td>
<td>Critical</td>
<td>Power Supply Failure [0]</td>
</tr>
<tr>
<td>SPA subslot 0/1</td>
<td>MAJOR</td>
<td>Unknown state [0]</td>
</tr>
</tbody>
</table>

### BRAS-1#sh environment all | inc R0

- **V1:** VMA R0 Normal 1201 mV
- **V1:** VMB R0 Normal 2495 mV
- **V1:** VMC R0 Normal 3295 mV
- **V1:** VMD R0 Normal 2495 mV
- **V1:** VME R0 Normal 1796 mV
- **V1:** VMF R0 Normal 1528 mV

- **Temp:** Outlet R0 Normal 28 Celsius
- **Temp:** CPU AIR R0 Normal 30 Celsius
- **Temp:** Inlet R0 Normal 21 Celsius
- **Temp:** SCBY AIR R0 Normal 41 Celsius
- **Temp:** MCH DIE R0 Normal 48 Celsius
- **Temp:** MCH AIR R0 Normal 36 Celsius
- **Temp:** C2D C0 R0 Normal 32 Celsius
- **Temp:** C2D C1 R0 Normal 32 Celsius
ASR1000 CPU & Mem Utilization

Remember!

ASR1000 has multiple CPUs and QFP!

show proc CPU only shows IOS load!

This is Linux - there are multiple processes!

Load Average is the process queue or process contention for CPU resources.
1. Single core processor: Load of “7” would means seven processes “ready to run”, one of which is currently running.
2. Dual core processor: Load of “7” would means seven processes “ready to run”, two of which are currently running.

ASR1000#show platform software status control-processor brief

<table>
<thead>
<tr>
<th>Slot</th>
<th>Status</th>
<th>1-Min</th>
<th>5-Min</th>
<th>15-Min</th>
</tr>
</thead>
<tbody>
<tr>
<td>RP0</td>
<td>Healthy</td>
<td>0.06</td>
<td>0.06</td>
<td>0.01</td>
</tr>
<tr>
<td>RP1</td>
<td>Healthy</td>
<td>0.06</td>
<td>0.04</td>
<td>0.01</td>
</tr>
<tr>
<td>ESP0</td>
<td>Healthy</td>
<td>0.01</td>
<td>0.00</td>
<td>0.00</td>
</tr>
<tr>
<td>ESP1</td>
<td>Healthy</td>
<td>0.00</td>
<td>0.00</td>
<td>0.00</td>
</tr>
<tr>
<td>SIP1</td>
<td>Healthy</td>
<td>0.04</td>
<td>0.03</td>
<td>0.01</td>
</tr>
<tr>
<td>SIP2</td>
<td>Healthy</td>
<td>0.00</td>
<td>0.00</td>
<td>0.00</td>
</tr>
</tbody>
</table>
ASR1000 CPU & Mem Utilization – cont’d

• Memory Utilization:
  – Total – Total card memory
  – Used – Consumed memory
  – Free – Available memory
  – Committed – Virtual memory committed to processes

<table>
<thead>
<tr>
<th>Slot</th>
<th>Status</th>
<th>Total</th>
<th>Used (Pct)</th>
<th>Free (Pct)</th>
<th>Committed (Pct)</th>
</tr>
</thead>
<tbody>
<tr>
<td>RP0</td>
<td>Critical</td>
<td>3919788</td>
<td>3891940 (94%)</td>
<td>27848 (0%)</td>
<td>2005100 (48%)</td>
</tr>
<tr>
<td>RP1</td>
<td>Healthy</td>
<td>3919788</td>
<td>1164924 (28%)</td>
<td>2754864 (66%)</td>
<td>1994212 (48%)</td>
</tr>
<tr>
<td>ESP0</td>
<td>Healthy</td>
<td>2030288</td>
<td>520744 (24%)</td>
<td>1509544 (71%)</td>
<td>2816620 (134%)</td>
</tr>
<tr>
<td>ESP1</td>
<td>Healthy</td>
<td>2030288</td>
<td>514972 (24%)</td>
<td>1515316 (72%)</td>
<td>2816356 (134%)</td>
</tr>
<tr>
<td>SIP1</td>
<td>Healthy</td>
<td>484332</td>
<td>311868 (59%)</td>
<td>172464 (32%)</td>
<td>262472 (50%)</td>
</tr>
<tr>
<td>SIP2</td>
<td>Healthy</td>
<td>484332</td>
<td>332252 (63%)</td>
<td>152080 (29%)</td>
<td>317648 (60%)</td>
</tr>
</tbody>
</table>

CPU Utilization

<table>
<thead>
<tr>
<th>Slot</th>
<th>CPU</th>
<th>User</th>
<th>System</th>
<th>Nice</th>
<th>Idle</th>
<th>IRQ</th>
<th>SIRQ</th>
<th>IOwait</th>
</tr>
</thead>
<tbody>
<tr>
<td>RP0</td>
<td>0</td>
<td>1.28</td>
<td>1.15</td>
<td>0.00</td>
<td>97.25</td>
<td>0.01</td>
<td>0.10</td>
<td>0.20</td>
</tr>
<tr>
<td>RP1</td>
<td>0</td>
<td>0.94</td>
<td>1.23</td>
<td>0.00</td>
<td>97.48</td>
<td>0.00</td>
<td>0.02</td>
<td>0.30</td>
</tr>
<tr>
<td>ESP0</td>
<td>0</td>
<td>0.56</td>
<td>0.66</td>
<td>0.00</td>
<td>98.76</td>
<td>0.00</td>
<td>0.00</td>
<td>0.00</td>
</tr>
<tr>
<td>ESP1</td>
<td>0</td>
<td>0.52</td>
<td>0.64</td>
<td>0.00</td>
<td>98.82</td>
<td>0.00</td>
<td>0.00</td>
<td>0.00</td>
</tr>
<tr>
<td>SIP1</td>
<td>0</td>
<td>0.47</td>
<td>0.45</td>
<td>0.00</td>
<td>99.04</td>
<td>0.00</td>
<td>0.01</td>
<td>0.00</td>
</tr>
<tr>
<td>SIP2</td>
<td>0</td>
<td>0.58</td>
<td>0.53</td>
<td>0.00</td>
<td>98.85</td>
<td>0.00</td>
<td>0.01</td>
<td>0.00</td>
</tr>
</tbody>
</table>

• Card CPU Utilization:
  – Recall: Distributed control architecture
  – Each card has its own control processor
  – Monitor each individually
  – UNIX-style information
ASR1000 CPU & Mem Utilization – cont’d

- This is Linux
- There’s Multiple Threads!
- Use the “Top” command to check on each module
- TAC may request FMAN or CPP process load

Example for “FP” (ie. ESP) - replace with SIP, RP as required

```
ASR1000#monitor platform software process fp active

Tasks: 80 total, 4 running, 76 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.0% us, 0.3% sy, 0.0% ni, 98.7% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 2030288k total, 525260k used, 1505028k free, 21228k buffers
Swap: 0k total, 0k used, 0k free, 192024k cached

PID USER   PR NI VIRT  RES  SHR  S %CPU %MEM    TIME+ COMMAND
4750 root   20   0  645m  92m  31m  S  0.7  4.6  26:36.97 cpp_cp_svr
5597 root   20   0  502m  45m  24m  S  0.3  2.3   6:00.44 fman_fp_image
5737 root   20  16108 5732 4104 R  0.3  0.3  12:39.08 hman
7321 root   20  8876 2200 1712 R  0.3  0.1   0:00.03 in.telnetd
7392 binos  20   0 2496 1212  976 R  0.3  0.1   0:00.10 top
 1 root    20   0 2132  632  544 S  0.0  0.0   0:10.63 init
```

NOTE: the "monitor" command does not work with console, vty works by default.
ASR 1000 Route Scale vs. Memory Allocation

<table>
<thead>
<tr>
<th>RP and Physical Memory</th>
<th>Memory Allocated to IOSd (w/o IOSd redundancy enabled)</th>
<th>Memory Allocated to Kernel and other processes</th>
<th>IPv4 Route/FIB Scale</th>
</tr>
</thead>
<tbody>
<tr>
<td>ASR 1001/1002-X (4GB)</td>
<td>1.2GB</td>
<td>2.8GB</td>
<td>500K/500K</td>
</tr>
<tr>
<td>ASR 1001-X*/1002-X (8GB)</td>
<td>4GB</td>
<td>4GB</td>
<td>1M/1M</td>
</tr>
<tr>
<td>ASR 1001-X*/1002-X (16GB)</td>
<td>7GB</td>
<td>9GB</td>
<td>1M/3.5M</td>
</tr>
<tr>
<td>RP1 (4GB)</td>
<td>1.7GB</td>
<td>2.3GB</td>
<td>1M</td>
</tr>
<tr>
<td>RP2 (8GB)</td>
<td>4.2GB</td>
<td>3.8GB</td>
<td>1M</td>
</tr>
<tr>
<td>RP2 (16GB)</td>
<td>10GB</td>
<td>6GB</td>
<td>4M</td>
</tr>
</tbody>
</table>

* - ASR1001 values identical

- Memory allocation is fixed by design, not configurable.
- ASR 1001-X/1002-X memory is shared among RP, ESP, SIP. Recommend 8GB for Internet Gateway deployment and do not turn on dual IOSd.
- Additional ISP peering results in BGP multi-paths, can be additional ~20% BGP memory consumption overhead. Deployed Examples: 2-5 peerings on ASR1001/1002-X (8GB).
- If using IOSd redundancy, memory allocated to each IOSd is further reduced by more than half. Dual IOSd requires minimum 8GB.
Monitoring QFP TCAM Utilization
Key an Eye on your TCAM usage

ASR1000#show platform hardware qfp active tcam resource-manager usage
QFP TCAM Usage Information

80 Bit Region Information
-------------------------------
Name : Leaf Region #0
Number of cells per entry : 1
Current 80 bit entries used : 0
Current used cell entries : 0
Current free cell entries : 0

160 Bit Region Information
-------------------------------
Name : Leaf Region #1
Number of cells per entry : 2
Current 160 bits entries used : 6
Current used cell entries : 12
Current free cell entries : 4084

320 Bit Region Information
-----------------------------
Name : Leaf Region #2
Number of cells per entry : 4
Current 320 bits entries used : 0
Current used cell entries : 0
Current free cell entries : 0

Total TCAM Cell Usage Information
----------------------------------
Name : TCAM #0 on CPP #0
Total number of regions : 3
Total tcam used cell entries : 12
Total tcam free cell entries : 524276
Threshold status : below critical limit

Best Practice: test out TCAM utilization before deployment, just apply the configuration to the box, and run the show command.
Which Features Use the TCAM?

TCAM Definition

Ternary Content-Addressable Memory is designed for rapid, hardware-based table lookups of Layer 3 and Layer 4 information. In the TCAM, a single lookup provides all Layer 2 and Layer 3 forwarding information.

Which ASR 1000 features use TCAM?

- Security Access Control Lists (ACL)
- Firewall – policy maps, ACLs
- IPSec – SA groups, classes, rules
- Ethernet Flow Point for Ethernet Virtual Circuits
- Flexible Packet Matching – class maps / policy maps
- Lawful Intercept
- Multi Topology Routing
- NAT
- Policy Based Routing
- QoS – class maps, policy maps
- NBAR / SCEASR
- Web Cache Control Protocol
- Edge Switching Services
- Event Monitoring
Save Your TCAM!
Strategies to Optimize your TCAM Usage

Avoid use of “Deny” action ACL Entries as this will cause TCAM entry explosion!
• Deny will be converted to equivalent set of “Permit” statements
• Implicit Deny at end of ACL is ok!

Use new **ACL Chaining feature** to group and optimize common ACL Entries:

1. Common ACEs can be moved into new ACL that can be chained to any ACL
2. Newly formed ACLs can be “Chained” by applying both onto respective interface

Old Method: 15 TCAM Entries

New Method: 10 TCAM Entries

```
interface GigabitEthernet 0/0/0
ip access-group common common_acl
ACL_User1 in

interface GigabitEthernet 0/0/1
ip access-group common common_acl
ACL_User2 in
```
ASR1000 GE Management Port Design

- ASR 1000 has a dedicated, out-of-band GE management port
- Interface is in a VRF (mgmt-intf) but it is not tied to general MPLS VPNs
- Mgmt VRF can be associated with connected, static and dynamic routing
- There is only one inside interface. No other interfaces can join the Management VRF. This VRF has its own dedicated routing and CEF tables.
- Designed to prevent any routing/forwarding between the RP and ESP. No transit traffic can pass to/from the management interface.
  - The design helps secure the router against attacks to the internal operations network.
- Many management features must be configured with vrf options or use Gig0 as source interface.
  - eg: tftp, ntp, snmp, syslogging, tacacs/radius
- External dynamic routing changes will not affect the Linux Kernel state.
Management Interface - Important Notes

- Flexible Netflow Export & NAT/FW High Speed Logging (HSL) are not supported via Mgmt GE interface,

- These are supported directly exported by QFP via interface connected to SIP/SPA or built-in GE ports.

- Why? The HSL export rate ~78k events/sec. QFP is much faster than RP CPU

- 3rd party Management tools with ASR1K export support:
  - Isarflow, Lancope, LiveAction.
  - These tools are available and supported by respective vendors
# IOS XE 'show version' Display Improvement

<table>
<thead>
<tr>
<th>Before</th>
<th>After</th>
</tr>
</thead>
</table>
It is general best practice that ASR 1000 in live deployment RP/IOS/ESP CPU and Memory utilization do not exceed 75% in steady state.

It is general best practice that ASR 1000 in live deployment QFP DRAM utilization do not exceed 85% in steady state.

For TCAM monitoring:

1. Keep an eye on if Threshold status: below critical limit, when threshold above critical limit, it will generate syslog "%QFPTCAMRM-6-TCAM_RSRC_ERR: F0: QFP_sp: Allocation failed because of insufficient TCAM resources in the system". It is easy to test out TCAM utilization before deploy the system, just apply the configuration to the box, and run the show command.

2. Always there should be unused TCAM entries which are equal or greater than the size of biggest ACL configured on the router.

3. Be aware of the TCAM deny jump issue (often seen in NAT/FW/IPsec deployment) and workaround/solution.
Mitigation Plan for High Resource Usage

• Reduce NAT max-entries:
  ip nat translation max-entries <number of entries>
  nat64 translation max-entries <number of entries>

• Reduce FW session limit:
  parameter-map type inspect global
  session total <count>

• Reduce FNF cache limit:
  flow monitor M1
  cache entries <number of entries>

• Reduce prefixes received from a peer
  neighbor { ip-address} maximum-prefix <number of prefixes>

• Turn off Software Redundancy
  redundancy
  mode none
ASR1000 Network Applications

Routing, PE, Broadband, WiFi
- IPv4 / IPv6 Routing, Transition
- BGP, RIP, IS-IS, OSPF, Static routes
- GRE, MPLS GRE, EoMPLS GRE, EoIPSec, ATMoMPLS
- MPLS L3 VPN
- L2VPN (ATM, Circuit Emulation)
- VPLS, H-VPLS PE; Carrier Ethernet Services
- Route Reflector, Internet Peering
- Internet & WAN Edge
- Broadband & WiFi Aggregation
- Subscriber Management

Multicast
- IPv4 / IPv6 Multicast Router
- MVPN (GRE, mLDP), MVPN Extranet
- IGMPv2/v3
- NAT & CAC

Secure WAN and PE
- IPSec VPN – DES, 3DES, AES-128-GCM
- DMVPN, GETVPN, FLEXVPN
- VRF-lite, MPLS-VPN, over DMVPN
- Secure VPLS
- IOS Zone-based Firewall, many ALGs
- Carrier Grade NAT
- VRF-aware
- Hardware accelerated (Crypto + TCAM)

Application Layer Services
- SBC: CUBE Enterprise, CUBE SP (HCS, CTX)
- SIP, NAPT, Megaco/H.248, Topology Hiding
- AppNav – Advanced WAAS redirection
- AVC: NBAR2, hardware accelerated DPI
- Application-aware QoS Policy
- Medianet – Mediatrace, Monitor
- OnePK – SDN API

2700+ Features!
IPSec VPN Applications

- **GETVPN**
  - VRF-lite, Group Key Mgmt, Compliance-mode Cipher&Hash selection, Key Server

- **DMVPN**
  - 2547oDMVPN, VRF-aware DMVPN (iVRF), BGP, EIGRP, per tunnel QoS

- **EasyVPN**
  - Dynamic Crypto Map

- **Site-to-Site and Flex VPN**
  - IKEv2

- **FlexVPN**

- **GRE+IPSec**

- **VRF-aware IPSec**

- **NSA Suite-B Cryptography**
Cisco Unified Call Manager (CUCM)
- Software Media Termination Point (MTP)
- Scales to 5000 Sessions

Session Border Controller
- Cisco Unified Border Element (ENT) (CUBE(ENT))
- Full trunk-side SBC functionality
- Session Mgmt, Demarcation, Security, Interworking
- Connect CUCM to SIP trunks
- Connect 3rd party IP BPX to SIP trunks
- DSP-based transcoding up to 9000 calls with DSP SPA module; Noise cancellation.
- Hi density Media forking
- UC Service API
- 3rd Party API for call control
- SRTP Encryption HW (ESP) - Hi density SRTP calls
- Line Side SBC functionality for voice endpoints

Medianet
- Performance aware statistics based on media traffic analysis
- Packet loss, Jitter, Delay, Metadata for media flows
- Media trace (traceroute for mediaflows)
- Class Specific threshold crossing alerts
- Netflow and SNMP/MIB based reporting
- Compatible with Cisco Media architecture and equipment

Routing Baseline
- IPv4 / IPv6 Routing, Transition
- BGP, RIP, IS-IS, OSPF, Static routes
- MPLS L3 VPN, L2VPN, GRE, IPSec
- VPLS, H-VPLS PE; Carrier Ethernet Services
- IPv4 / IPv6 Multicast Router
- MVPN (GRE, mLDP), IGMPv2/v3
- Rich connectivity options
ASR1000 and Cisco Intelligent WAN (IWAN)

IWAN Sessions this week:
BRKARC-2000 IWAN Architecture
BRKARC-2014 Application Optimization and Visibility for IWAN
BRKNMS-1040 - Application Visibility and Control: Managing AVC and iWAN with Cisco Prime infrastructure
BRKRST-2362 - Implementing Next Generation Performance Routing – PfRv3
Internet Becoming an Extension of Enterprise WAN

- Commodity Transports Viable Now
- Dramatic Bandwidth, Price Performance Benefits
- Higher Network Availability
- Improved Performance Over Internet
Intelligent WAN: Leveraging the Internet
Secure WAN Transport and Internet Access

- Secure WAN transport for private and virtual private cloud access
- Leverage Local Internet path for public cloud and Internet access
- Increased WAN transport capacity; and cost effectively!
- Improve application performance (right flows to right places)
Intelligent WAN Solution Components

**Transport Independent**
- Consistent operational model
- Simple provider migrations
- Scalable and modular design
- DMVPN IPsec overlay design

**Intelligent Path Control**
- Application best path based on delay, loss, jitter, path preference
- Load balancing for full utilization of all bandwidth
- Improved network availability
- Performance Routing (PfR)

**Application Optimization**
- Akamai Caching and Best Path selection
- Performance Monitoring with Application Visibility and Control (AVC)
- Acceleration and bandwidth savings with WAAS

**Secure Connectivity**
- Certified strong encryption
- Comprehensive threat defense with ASA and IOS firewall/IPS
- Cloud Web Security (CWS) for scalable secure direct Internet access
Start with Cisco AX Routers
Embedded IWAN Capabilities: 3900 | 2900 | 1900 | 800 | 4451 | ASR1000

One Network
UNIFIED SERVICES

Simplify Application Delivery

Visibility
Control
Optimization
Transport Independent Secure Routing

ASR1000-AX
ISR-AX
Summary and Key Takeaways

- **ASR 1000** is Cisco’s strategic **next-generation Midrange router** leveraging powerful hardware capabilities of QFP
  - Horsepower of 64 Cisco 7200 on a single chip; State-of-the-art QoS in hardware
  - Rich IOS feature set protecting your investment in training and experience

- **ASR 1000** is positioned for **both Service Provider and Enterprise Architectures**
  - SP: Broadband Network Gateway, Wifi Offload, PE, Manage CPE,
  - Enterprise: WAN aggregation / optimization, Unified Communications

- **ASR 1000** enables **reduction in network edge complexity** by
  - Enabling single-platform consolidated PoP / Edge architectures
  - Integrating advanced services without additional hardware blades (SBC, NBAR, IPSec, Firewall, BNG, PE etc)
  - Reduction in power consumption through integration of feature

- **ASR1000** is designed with **High-Availability in mind**
  - Fully redundant forwarding and control processors; backplane
  - Fault tolerant SW architecture with process restart-ability and protected memory architecture
Complete Your Online Session Evaluation

• Give us your feedback and you could win fabulous prizes. Winners announced daily.

• Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center.

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online
Continue Your Education

- Demos in the Cisco Campus
- Walk-in Self-Paced Labs
- Table Topics
- Meet the Engineer 1:1 meetings
Thank you.