Brkarc 2001

ASR 1000 System & Solution
Architectures
Jason Yang CCIE #10467, Technical Marketing Engineer

BRKARC-2001
Agenda
Introducing the ASR 1000

ASR 1000 System Architecture
ASR 1000 Building Blocks Companion Session:
BRKARC-2019: Operating an ASR 1000
ASR 1000 Software Architecture
ASR 1000 Packet Flows
QoS on the ASR 1000
High-Availability on the ASR 1000
Applications & Solutions
Introducing the ASR 1000
ASR 1000 Aggregation Service Router
Key Design Principles
Application
Performance
Optimization
(AVC, PfR)
Best in Class ASIC Best in Class

Technology Voice and Security Services Availability
Video (Firewall, VPN,
Services Encryption)
Quantum Flow Processor (CUBE) Enterprise IOS Features
(QFP) for high scale services with Modular OS and
and sophisticated QoS with Software Redundancy or
minimum performance impact Hardware Redundancy
and ISSU
Ethernet Multi-Service, Secure

WAN and Provider WAN Aggregation
Edge Services Services
BRKARC-2001 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Cisco ASR 1000 Series Routers: Overview
2.5 Gbps to 200Gbps Designed today to scale up in the future
COMPACT, INSTANT ON
BUSINESS-CRITICAL RESILIENCY
POWERFUL ROUTER SERVICE DELIVERY
Line-rate performance 2.5G to 200G Fully separated control and forwarding Scalable on-chip service enablement
planes through software licensing
Investment protection with modular
engines, IOS CLI and SPAs for I/O Hardware and software redundancy Industry leading VPN/Crypto solutions
Hardware assists for ACL, QoS, etc. In-service software upgrades Optimal user/app experience with AVC,
PfRv3, and AppNav
Hardware-based QoS engine with up to Inter and Intra-chassis redundancy
464K queues Feature UC services with CUBE(Ent)
DCI to support clustering across
Ethernet LC and EPA for High Density geographically dispersed data centers Scalable NAT44, NAT64 solutions
GE/10GE services
Fixed Chassis IOS-XE Modular Chassis
ASR 1009-X ASR 1013
ASR 1006-X
ASR 1004
ASR 1002-X ASR 1002-HX
ASR 1001-X
2.5 to 20 5 to 36 44 to 100 10 to 40 40 to 100 40 to 200 40 to 200

Gbps Gbps Gbps Gbps Gbps Gbps Gbps
ASR 1000 Positioning
Enterprise Edge and Managed Services Routers

ASR 9000
Managed L2/L3 Application
Integrated Security
VPNs Recognition
Performance and Scalability
7600 Series
ASR1000
Up to 48 Tbps per
Up to 2 Tbps per system
ISR4000 Series 2.5-200Gbps per system
System Carrier Ethernet
Carrier Ethernet
Distributed PE, IP RAN
ISR Series Firewall, IPsec IP RAN
1-2 Gbps per System L2/L3 VPNs
Route Reflector Mobile Gateways
Separate Services
850 Mbps per System CUBE/VoIP SBC/VoIP Vidmon
Planes for Continuity
350 Mbps with Services Pay-As-You-Grow Broadband Video Monitoring BNG
Service Provider Edge Routers
ASR 1000 Enterprise Applications
Flexible WAN Services Edge & CPE
Mobile subscriber WAN aggregation

DCI
Corporate office
Internet gateway
High end branch Cloud
High Speed CPE WAN Aggregation Data Center Interconnect

High-end Branch IPSec VPN Internet gateway
Campus Edge L2 and L3 VPN Cloud Services Edge
IWAN
ASR 1000 Service Provider Applications
A Wide Variety of Use Cases
Mobile Access and Aggregation

Subscriber
Edge
ISP
L2/L3 VPNs CGN Peering
Wireless IPsec/NAT/FW
NBAR2
LNS
Business
Wire line
iWAG
ETTx
RR IP/MPLS Core
CPE
xDSL BNG
CPE
DSLAM
xPON PE
Residence OLT
PPP or IP Aggregation
ATM or Ethernet
Cable Intelligent Services Gateway
M-CMTS WiFi Access Gateway Content Farm
DOCSIS
VOD TV SIP
ASR 1000 System Architecture
ASR 1000 Building Blocks
Centralized Forwarding Architecture
FECP
FECP CPU AllCPU
traffic flows through the active
FECP ESP,
FECP
RP
RP
standby is synchronized with all the states
ESP
ESP
interconn GE switch interconn. GE switch QFP

Crypto
Crypto
QFP Distributed Control Architecture
Crypto
Crypto
Assist.
Assist. PPE BQS All major system components
Assist.
Assist. havePPE
a BQS
Route Processor powerful control processor dedicated for
interconnect
interconn.
Handle control plane interconnect
control and management planes interconn.
Manages system
Embedded Service Processor
Midplane
Handles forwarding plane traffic
interconnect interconnect interconnect
ELC
SIP
MIP
AGG AGG AGG
IOCP IOCP IOCP
ASIC ASIC ASIC
SPA SPA Built-in GE/10GEs EPA EPA
SPA Interface Processor Ethernet Linecard Modular Interface Processor

Houses Shared Port Adapter (SPA) Built-in GE/10GE ports Houses Ethernet Port Adapter (EPA)
Packets buffer Packets buffer Packets buffer
ASR 1000 Data Plane Architecture
FECP
FECP CPU CPU SerDes Interconnect
Enhanced (ESI)
FECP
FECP
RP
RP
interconn.
serial communication via midplane
ESP
ESP
interconn. GE switch GE switch
Crypto QFP Crypto QFP
Crypto
Assist. can run at 11.5Gbps, 23Gbps
Crypto
Assist. orPPE110Gbps
Assist. PPE BQS BQS Assist.
interconnect
interconn. Provides data packet communication
interconnect
interconn.
data packets between ESPs and other linecards

Midplane
punt/inject traffic to/from RP
state synchronization between ESPs
interconnect two ESI links between
interconnect each ESP and linecards
interconnect
(single ESI with MIP100)
ELC
SIP
MIP
AGG AGG
ASIC
IOCP
ASIC
Additional full setAGG
IOCP of ESI links
IOCP to standby ESP
ASIC
CRC protection of packet contents
ASR 1000 Control Plane Architecture
FECP
FECP CPU CPU FECP
FECP
RP
RP
ESP
ESP
interconn. GE switch interconn. GE switch QFP

Crypto
Crypto
QFP Crypto
Crypto
Assist. Assist.
Assist.
Assist. PPE BQS PPE BQS
interconnect
interconn. interconnect
interconn.
Midplane
interconnect interconnect interconnect
ELC
SIP
MIP
AGG AGG AGG
IOCP IOCP IOCP
ASIC ASIC ASIC

Ethernet Out of Band Channel (EOBC) Interface Control Link Inter-integrated Circuit (I2C ) Bus
1Gbps Ethernet Bus Detect interfaces OIR Monitor health of hw (i.e. temp, volt)
Load images, pass control messages, Reset interfaces (via I2C) Communicate active/standby
statistics and program QFP Power Control interfaces (via I2C) control reset
report power supply status
ASR 1000 Building Blocks:
Modular Chassis
ASR 1000 Modular Chassis Overview
ASR 1004 ASR 1006 ASR1006-X ASR 1009-X
ASR 1013
RP Slots 1 2 2 2 2
ESP Slots 1 2 2 2 (super) 2 (super)
SIP/MIP Slots 2 (SIP only) 3 (SIP only) 2 3 6
Built-In Ethernet N/A N/A N/A N/A N/A
Redundancy Software Hardware Hardware Hardware Hardware
Height 7 (4RU) 10.5 (6RU) 10.5 (6RU) 15.7 (9RU) 22.7 (13RU)
Bandwidth 10 40 Gbps 10 -100 Gbps 40 - 100 Gbps 40 - 200 Gbps 40 - 200 Gbps
1100 power modules 1100 power modules

Max Output Pwr 765W 1275W
N+1, Max 6 N+1, Max 6
3200W
Airflow Front to back Front to back Front to back Front to back Front to back
ASR 1000 Modular Chassis Compatibility Matrix
Chassis RP2 SIP40 ELC MIP100 ESP20 ESP40 ESP100 ESP200

& EPA
ASR1004 Yes Yes Yes No Yes Yes No No
ASR1006 Yes Yes Yes No Yes Yes Yes No
ASR1013 Yes Yes Yes Yes(2)(3) No Yes Yes Yes
ASR1006-X Yes(1) Yes Yes Yes(3) No Yes Yes No
ASR1009-X Yes(1) Yes Yes Yes(3) No Yes Yes Yes
(1)RP2 with new CPLD
(2)100G support in Slots 2&3; others at 40G

*
(3)ASR1000-MIP100 is not supported with ESP40
ASR 1009-X
Forwarding Plane (ESP)
System Management
Up to 200Gbps per
RJ45 Console system
Auxiliary Port Supports ESP40,
2x USB Ports ESP100, ESP200 and
future ESPs
I/O Connectivity
12x SPA slots(SIP-40)
Hardware Redundancy
3 x ELC slots
Dual ESP and RP slots
6 x EPA (MIP-100) for data plane and control
plane redundancy
ISSU
Modular Fan Tray
Field Replaceable Control Plane
30% improvement in Supports RP2 and RP3 (future)
airflow per slot vs
8G 64G DDR3 memory
integrated Fan module
(RP3)
Cryptography FIPS-140-3 certification
BITS clocking Power Supply
Up to 78/59 Gbps
Stratum 3 built-in Modular power supply with N+1 redundancy
(1400B/IMIX) crypto
throughput using ESP 200 High efficiency, Load sharing, Hot-swappable
Suite-B crypto support AC (1100W) or DC (950W)
ASR1000-MIP100 (Modular Interface Processor)
1006-X/1009-X with
ESP100/ESP200
ESP100/200
10x10G
Line rate
No oversubscription
Mid plane
1x100G
Line rate
100G
No oversubscription
MIP100 1x100G
1x100G
2 to 1 oversubscription
100G
MIP100 Architecture
RPs
RPs Output ref Input ref
Active ESP Standby ESP clocks clocks
DDRAM Interconnect
Boot Flash
JTAG Ctrl Egress ESI, 110 Gbps
Ingress EPA Control
Buffer
Scheduler Hypertransport, 10Gbps
Status Other
IOCP GE, 1Gbps
I2C
Interface
Network
Aggregation ASIC clock
Reset / Pwr Ctrl distribution
Temp Sensor
Network
clocks
EEPROM
Ingress Ingress Egress
Chassis buffers SPA Agg.
Classifier buffers
management
RPs 2 EPAs 2 EPAs 2 EPAs

2 EPAs
Ethernet Port Adapter (EPA)
EPA Modular Chassis with ASR1002-HX Optics Modules
MIP-100
EPA-1x100GE XE 3.16.1 XE 16.4.1
XE 16.2.1
CPAK-100G-SR10 CPAK-100G-LR4
10 Metres
EPA-CPAK-2x40GE XE 3.16.2 (no XE3.17) XE 16.4.1
XE 16.3.1
CPAK-100G-SR10 CAB-MPO24-2XMPO12 QSFP-40G-SR4
EPA-10x10GE XE 16.2.1 XE 16.3.1 SFP-10G-SR, SFP-10G-SR-X, SFP-10G-LR, SFP-

XE 16.3.1 (MACSec) XE 16.3.2 10G-LRM, SFP-10G-LR-X, SFP-10G-ER
(MACSec)
EPA-18x1GE XE 16.3.1 XE 16.2.1 GLC-GE-100FX, GLC-SX-MMD, GLC-LH-SMD,

XE 16.3.2 (MACSec) XE 16.3.1 SFP-GE-T, GLC-BX-U, GLC-BX-D, GLC-TE, GLC-
(MACSec) SX-MM, GLC-LH-SM, GLC-EX-SMD, GLC-ZX-
SMD, CWDM-SFP, DWDM-SFP
Ethernet Line Cards
Fixed Ethernet Line card for ASR1k Fixed Ethernet Line card for ASR1k
Port Density 2x10GE+20x1GE Port Density 6x10GE
Throughput 40G Throughput 60G I/O with 40G Throughput

Key Features Feature parity with SIP40 + GE/10GE SPA Key Features Feature parity with SIP40 + 10GE SPA
Plus: SyncE Exception: MDR not supported
Chassis ASR1004, ASR1006, ASR1013 Chassis ASR1004, ASR1006, ASR1013

ASR1006-X, ASR1009-X ASR1006-X, ASR1009-X
RP RP2 RP RP2
ESP ESP40, ESP100, ESP200 ESP ESP40, ESP100, ESP200
ASR1000 SPA interface processor (SIP)
SIP40 and SIP10 models
40bps and 10Gbps throughput
Supports up to 4 SPAs
4 HH, 2 FH, 2 HH+1 FH, full OIR support
Does not participate in forwarding decisions
Preliminary QoS
Ingress packet classification high & low priority
Ingress over-subscription buffering
128MB of ingress oversubscription buffering
Supported SPAs and SFPs
WAN optics Ethernet Optics POS SPAs Serial SPAs Ethernet SPAs
SFP-OC3-MM SFP-GE-S SPA-2XOC3-POS SPA-4XT-Serial SPA-4X1FE-TX-V2
SFP-GE-L
SFP-OC3-SR SFP-GE-T SPA-4XOC3-POS SPA-8XCHT1/E1 SPA-8X1FE-TX-V2
SFP-OC3-IR1 SFP-GE-Z SPA-2XOC3-POS-V2 SPA-2XCT3/DS0 SPA-2X1GE-V2
GLC-TE
SFP-OC3-LR1 SPA-4XOC3-POS-V2 SPA-4XCT3/DS0 SPA-5X1GE-V2
GLC-BX-D
SFP-OC3-LR2 GLC-BX-U SPA-8XOC3-POS SPA-1XCHSTM1/OC3 SPA-8X1GE-V2
SFP-OC12-MM GLC-SX-MMD SPA-1XOC12-POS SPA-1XCHOC12/DS0 SPA-10X1GE-V2
GLC-LH-SMD
SFP-OC12-SR GLC-SX-MM
SPA-2XOC12-POS SPA-2XT3/E3-V2 SPA-1X10GE-L-V2
SFP-OC12-IR1 GLC-LH-SM SPA-4XOC12-POS SPA-4xT3/E3-V2 SPA-1X10GE-WL-V2
SFP-OC12-LR1 GLC-EX-SMD SPA-8XOC12-POS SPA-8xT3/E3-V2
GLC-ZX-SMD
SFP-OC12-LR2 GLC-GE-100FX SPA-1XOC48-POS/RPR SPA-1XCHOC12/DS0
SFP-OC48-SR CWDM-SFP SPA-2XOC48POS/RPR
DWDM-SFP
SFP-OC48-IR1 SPA-4XOC48POS/RPR
SFP-10G-SR
SFP-OC48-LR2 SFP-10G-SR-X SPA-OC192POS-XFP
XFP-10GLR-OC192SR SFP-10G-LR
SFP-10G-LR-X
XFP-10GER-OC192IR SFP-10G-ER
ATM SPAs Service SPAs CEOPs SPAs
XFP-10GZR-OC192LR SFP-10G-ZR
XFP-10G-MM-SR SPA-1XOC3-ATM-V2 SPA-DSP SPA-1CHOC3-CE-ATM
XFP-10GER-192IR+ SPA-3XOC3-ATM-V2 SPA-2X1GE-SYNCE SPA-24CHT1-CE-ATM
XFP-10GER-192IR-L
XFP-10GLR-192SR-L SPA-1XOC12-ATM-V2 SPA-2CHT3-CE-ATM
Modular Route Processors: RP2
RP2
CPU 2.66GHz Intel dual-core architecture

Default memory 8GB (4x2GB)
Memory upgrade options 16GB (4x4GB)
Built-In eUSB Bootflash 2GB
80GB HDD
Storage
external USB
IOS XE OS 64 bit
ASR 1004
ASR 1006
Chassis Support ASR 1013
ASR 1006-X
ASR 1009-X
ASR 1000 Route Processor Architecture
Highly Scalable Control Plane Processor
2.5 Management BITS

Console Ethernet (input & output)
USB
& Aux Hard disk
ESI, 11.2 Gbps
Bootflash
GE, 1Gbps
I2C
NVRAM
CPU
CPU Memory 2.66 GHz dual-core
I2C Chassis
Management Bus
Stratum-3 Network
clock circuit
Interconnect EOBC Switch Output Input

clocks clocks
SIPs ESPs RP ESPs SIPs ESPs RP SIPs SIPs RP RP
ASR1000 Embedded Services Processor (ESP)
Centralized, programmable forwarding engine providing full-packet processing
Packet Buffering and Queuing/Scheduling (BQS)
ESP40
For output traffic to carrier cards/SPAs
For special features such as traffic shaping, reassembly,
replication, punt to RP, cryptography, etc.
5 levels of HQoS scheduling, up to 464K Queues,
Priority Propagation
Dedicated crypto co-processor
Interconnect providing data path links (ESI) to/from
other cards over midplane
Transports traffic into and out of the Cisco
Quantum Flow Processor (QFP)
Input scheduler for allocating QFP BW among ESIs
FECP CPU manages QFP, crypto device, midplane links, etc. ESP100
ESP Bandwidth
Overall throughput is determined by the type of ESP and SIPs used in modular platforms.
Modular platforms are rate limited by speed of bus from QFP complex to backplane ASIC
Bandwidth is expressed in terms of aggregated throughput.
50 Gbps 50 Gbps 10G 80G

50G Unicast in each direction 10G Multicast with 8X replication in one direction
Total Output bandwidth 50+50=100 20G unicast in the other direction
Total Output bandwidth 80+20=100G
50Gbps Unicast in one direction and 70Gbps Unicast in 10Gbps Multicast with 10X replication in one direction
the other direction 10Gbps Unicast in the other direction
Total output bandwidth (50+70=120) exceeds 100Gbps; Total bandwidth (100+10=110) exceeds 100Gbps; only
only 100Gbps will be forwarded. 100 Gbps will be forwarded
ASR 1000 Forwarding Processor
Quantum Flow Processor (QFP) Drives Integrated Services & Performance
Resource Packet Buffer
TCAM DRAM
DRAM
QFP complex
Memory Packet Processor Engines BQS
FECP
PPE1 PPE2 PPE3 PPE4
GE, 1Gbps
Bootflash
I2C
ESI
PPE5 PPE6 PPE40 Hypertransport, 10Gbps
Other
Dispatcher Packet Buffer
Memory
Crypto
Chassis Interconnect
Mgmt Bus
RPs RPs ESP RPs SIPs
ASR 1000 ESPs in Modular Chassis
ESP20 ESP40 ESP100 ESP200
System bandwidth (1500B) 20 Gbps 40 Gbps 100 Gbps 200 Gpbs
Performance (64B) 25 Mpps 25 Mpps 79 Mpps 151 Mpps

QFP cores 40 40 128 256
Clock Rate 1.2 GHz 1.2 GHz 1.5 GHz 1.5 GHz
Suite B support No No Yes Yes
Crypto BW (IMIX/1400B) 6.3/9.2 Gbps 7.4/12.9 Gbps 16/29 Gbps 59/78 Gbps
2 GB / QFP
QFP Resource Mem 1GB 1GB 4GB
8GB total
Packet Buffer 256MB 256MB 1GB 2GB
Single core Dual core Dual core Dual core

Control CPU
1.2 GHz 1.8 GHz 1.73 GHz 1.73 GHz
Control Memory 4 GB 8 GB 16 GB 32 GB
TCAM 40 Mb 40 Mb 80 Mb 2 x 80 Mb
ASR1004
ASR1006
ASR1006
ASR1004 ASR1013 ASR1013
Chassis Support ASR1013
ASR1006 ASR1006-X ASR1009-X
ASR1006-X
ASR1009-X
ASR1009-X
System Oversubscription in Modular Chassis (1)
Bandwidth
Chassis ESP SIP/ELC/MIP SIP/ELC/MIP Bandwidth per SPA/EPA to SIP/MIP SIP/ELC/MIP to ESP I/O to ESP
on ESP
Version Version version slots I/O Slot (Gbps) Oversubscription Oversubscription Oversubscription
(Gbps)
ASR 1006-X ESP40 SIP40 2 40 1:1 40 2:1 2:1
ESP40 ELC 2 40 1:1; 3:2* 40 2:1 2:1; 3:1*
ESP100 SIP40 2 40 1:1 100 4:5 4:5
ESP100 ELC 2 40 1:1; 3:2* 100 4:5 4:5; 2:3*
ESP100 MIP100 2 100 2:1 100 2:1 4:1
ASR 1009-X ESP40 SIP40 3 40 1:1 40 3:1 3:1
ESP40 ELC 3 40 1:1; 3:2* 40 3:1 3:1; 9:2*
ESP100 SIP40 3 40 1:1 100 6:5 6:5
ESP100 ELC 3 40 1:1; 3:2* 100 6:5 6:5; 9:5*
ESP100 MIP100 3 100 2:1 100 3:1 6:1
ESP200 SIP40 3 40 1:1 200 3:5 3:5
ESP200 ELC 3 40 1:1; 3:2* 200 3:5 3:5; 9:10*
ESP200 MIP100 3 100 2:1 200 3:2 3:1
* ASR1000-6TGE has 40Gbps ESI connection to ESP
System Oversubscription in Modular Chassis (2)
Bandwidth
Chassis ESP SIP/ELC/MIP SIP/ELC/MIP Bandwidth per SPA/EPA to SIP/MIP SIP/ELC/MIP to ESP I/O to ESP
on ESP
Version Version version slots I/O Slot (Gbps) Oversubscription Oversubscription Oversubscription
(Gbps)
ASR 1013 ESP40 SIP40 6 40 1:1 40 6:1 6:1
Slots 1, 2, 3, 4 40 1:1; 3:2*
ESP40 ELC 40 9:2 9:2; 9:1*
Slots 5, 6 10 4:1; 6:1*
ESP100 SIP40 6 40 1:1 100 12:5 12:5
ESP100 ELC 6 40 1:1; 3:2* 100 12:5 12:5; 18:5*
Slots 2, 3 100 2:1
ESP100 MIP100 100 18:5 12:1
Slots 0, 1, 4, 5 40 5:1
ESP200 SIP40 6 40 1:1 200 6:5 6:5
ESP200 ELC 6 40 1:1; 3:2* 200 6:5 6:5; 9:5*
Slots 2, 3 100 2:1
ESP200 MIP100 200 9:5 6:1
Slots 0, 1, 4, 5 40 5:1
* ASR1000-6TGE has 40Gbps ESI connection to ESP
Cisco Quantum Flow Processor (QFP)
ASR1000 series innovation
QFP Chip Set
Five year design and continued evolution now on 3rd generation

Architected to scale to > 100Gbps
Multiprocessor with 64 multi-threaded cores; 4 threads per core
256 processes per chip available to handle traffic
High-priority traffic is prioritized Cisco QFP
Packet Processor
Packet replication capabilities for Multicast
Many H/W assists for accelerated processing
3rd generation QFP is capable for 70Gbps, 32Mpps processing
Mesh-able: 1, 2 or 4 chips to build higher capacity ESPs
Latency: tens of microseconds with features enabled
Cisco QFP Traffic Manager
(Buffering, Queueing, Scheduling)
Cisco Enterprise Routing NPU Leadership 4th Gen QFP
Continuing Investment in Network Processor Technology > 200G
3rd Gen QFP linerate security

200G and high perf
Over 100 Lower Cost fully intelligent WAN
Patents integrated NPU
Awarded! 2nd Gen QFP and IO device
Performance
40G
1st Gen QFP

20G
#cores: Number of Packet Processing Engines

NPU #threads: concurrent, parallel threads processed
High Speed Backplane Aggregation ASIC
IO Oversubscription & Aggregation ASIC
Increasing network intelligent and services requirements

2008 2012 2016
ASR 1000 Fixed Platforms
ASR 1000 Fixed Chassis Overview
ASR 1001-X ASR 1002-X ASR 1002-HX
SPA Slots 1 3 N/A

EPA Slots N/A N/A 1
NIM Slots 1 N/A 1
Built-In GE 6 6 8
Built-In TenGE 2 N/A 8
CPU 2.0GHz quad-core 2.13GHz quad-core 2.5GHz quad-core
Memory 8GB; upgradable to 16GB 4GB; upgradable to 8GB/16GB 16GB; upgradable to 32GB
eUSB(8GB) eUSB(8GB) eUSB(32GB)
Storage
SSD (200GB, 400GB) Optional HDD (160GB) SSD (200GB, 400GB)
IOS Redundancy Software Software Software
Height 1.75 (1RU) 3.5 (2RU) 3.5 (2RU)
Throughput 2.5 to 20Gbps 5 to 36Gbps 44 to 100Gbps
Maximum Output Power 250W 470W 600W
Airflow Front to back Front to back Front to back
ASR 1002-HX Multi-Core Network Processor
100Gbps forwarding capacity
Pay as you grow 124 Cores
License on built-in ports 4 Packet Threads / Core Network Interface Module
4x TenGE+ 4xGE enabled by default 496 simultaneous threads 1 double wide or 1 single
The remaining ports can be enabled in pairs Miscellaneous wide NIM
RJ45 & mini-USB console NIM - Compatibility with
Control plane eUSB: 32GB ISR4400 and ASR1001-X
CPU: Quad Core @ 2.5 GHz Secure Boot
Memory: 16GB DDR3
default memory,
upgradeable to 32GB
Power Supply & Fans

Modular PS, FRUable
Fan Tray EPA - Ethernet Port Adapter
Built in I/O
1x EPA slot
Application level service performance 8x Gigabit Ethernet interfaces
58M Packets Per Second 8x TenGigabit Ethernet interfaces
Diverse VPN security solutions, up to 25G Multipoint MACSEC for linerate Crypto module
IMIX, SuiteB crypto support encryption (1G & 10G) Field upgradeable
ASR 1002-HX Crypto Module
ASR 1002-HX can be ordered with or without the crypto hardware
Crypto module can be installed in the field unit when it need the function
Crypto bandwidth licensed from factory (default 8Gbps, upgradeable to 16Gbps and 25Gbps)
25Gbps crypto license unlocks crypto performance cap of 39Gbps, which can be reached at 1400bytes
packet size
Upgrade crypto performance on the field units on demand
ASR 1002-HX Architecture
Resource Pkts Buffer Resource Pkts Buffer
TCAM
DRAM DRAM DRAM DRAM
(80Mbit)
(2GB) (512MB) (2GB) (512MB)
PPEs QFP1 PPEs QFP2

PPE1 PPE2 PPE3 PPE1 PPE2 PPE3
Console Management
USB
& Aux Ethernet NVRAM
PPE4 PPE62 PPE4 PPE62
BQS BQS Boot Flash
CPU Memory
CPU
Dispatcher Dispatcher 2.5 GHz Quad-core I2C Chassis
Pkt Buffer Pkt Buffer Management Bus
75Gbps 75Gbps
Interconnect
75Gbps Crypto Memory
(4GB)
150Gbps
Interface Aggregation ASIC
11Gbps 80Gbps 8Gbps 120Gbps
8x10 I2C
NIM 8xGE EPA
GE Serdes Interface
Hypertransport
ASR 1002-X Pay As You Grow
BITS clocking License on system throughput
System Management GPS input 5 Gbps Default
Built-in I/O Upgradeable to 10, 20, or 36 Gbps
RJ45 Console Stratum 3 built-in
6x1GE Optional
Auxiliary Port
syncE 160 GB hard disk
Management GE
2x USB Ports
Shared Port Adapter Control Plane

3x SPA slots CPU: Quad Core @ 2.13 GHz
Memory: 4GB default memory,
Multi-Core Network Processor upgradeable to 8/16GB
Cryptography
62 cores Secure Boot
4 Gbps crypto throughput
4 threads per core FIPS-140-3 certification
SuiteB crypto support
248 simultaneous threads
ASR 1001-X Pay As You Grow
System License on system throughput
Management 2.5 Gbps Default
Management GE Upgradeable to 5, 10, or 20 Gbps
RJ45 Console License on built-in TenGE ports
Auxiliary Port
Built-in I/O Mini-USB Console
2x10GE 2x USB Ports Shared Port Adapter
6x1GE 1x SPA slot
Multipoint MACsec
support
Network Interface
Modules (NIM)
2xSSD Drives
ISR 4000 modules Control Plane
Quad cores clocked at 2.0GHz
Multi-Core Network Processor
8G DDR3 default memory,
Cryptography 31 cores
upgradeable to 16GB
5 Gbps crypto throughput 4 threads per Core
Secure Boot
SuiteB crypto support 124 simultaneous threads
FIPS-140-3 certification
ASR 1000 QFP in the Fixed Chassis
ASR1001-X ASR1002-X ASR1002-HX
System bandwidth 2.5 - 20Gbps 5 - 36Gbps 100Gbps

Performance 19Mpps 30Mpps 58Mpps
QFP cores 31 62 124
Clock Rate 1.5 GHz 1.2 GHz 1.5 GHz
QFP Resource Mem 4GB (unified) 1GB 4GB
Packet Buffer 256MB 512MB 1GB

TCAM 10 Mb 40 Mb 80 Mb
System Oversubscription in the Fixed Chassis
QFP Throughput Built-in Ports SPA Ports EPA Ports I/O Aggregation BW Ports to I/O Aggregation I/O Aggregation to QFP I/O to QFP
Chassis
(Gbps) (Gbps) (Gbps) (Gbps) (Gbps) Oversubscription Oversubscription Oversubscription
ASR 1001-X 20 26 10 n.a. n.a.(1) n.a. n.a. 9:5

ASR 1002-X 36 6 30 n.a. 40 9:10 10:9 1:1
ASR 1002-HX 100 88 n.a 100 150 94:75 3:2 47:25
(1) ASR1001-X I/O Aggregation directly integrated into QFP, each ports have linerate access to the forwarding complex.
(2) NIM is not counted as it only support low speed (T1/E1) interfaces.
Software Architecture
IOS XE Software architecture
IOS IOS
IOS XE = IOS + IOS XE Middleware + Platform active standby
Software
Platform Adaptation Layer
RP
Operational Consistencysame look and feel as IOS (PAL)
Chassis Forwarding
Router manager manager
IOS runs as its own Linux process for control plane Linux Kernel
(Routing, SNMP, CLI etc.) 64-bit operation
Linux kernel with multiple processes running in protected Control
messaging
memory
Fault containment
QFP client SPASPA
driver
driver
Re-startability SPA driver
QFP driver
ESP
SIP
ISSU of individual SW packages Chassis
Chassis Forwarding manager
ASR 1000 HA Innovations manager manager
Zero packet loss with RP Failover Linux Kernel Linux Kernel

<50ms ESP Failover
Software redundancy
Software Architecture Modular Platform
IOS IOS
Runs Control Plane active standby
Generates configurations
Maintains routing tables (RIB, FIB) Platform Adaptation Layer
RP
(PAL)
Forwarding Provides abstraction layer between
Initialization of RP processes Chassis
manager manager hardware & IOS
Initialization of installed cards
Manages ESP redundancy
Detects and manages OIR of cards
Linux Kernel Maintains copy of FIB and interface list
Manages system status,
Communicates FIB status to active &
environments, power, EOBC
standby ESP
Control
messaging
Programs QFP forwarding plane and

QFP DRAM QFP client / driver SPASPA
driver Driver Software for SPA interface
driver
Statistics collection & RP SPA driver cards is loaded independently
communication QFP code Failure or upgrade of driver does not
ESP
SIP
Chassis
affect other SPAs in the chassis
Chassis Forwarding manager
Communicates with forwarding manager manager
manager on RP
Maintains copy of FIBs Linux Kernel Linux Kernel
Provides interface to QFP client &
driver
Software Architecture Fixed Platform
Single Control CPU
Quad-core
64 bit OS Chassis Mgr.
8GB, 16GB, 32GB memory support IOS Forwarding Mgr.
RP Subsystem
Kernel (incl. utilities)

Standard IOS XE Processes
Running over a single Linux kernel
Chassis Mgr.
QFP Client
High Availability / Driver Forwarding Mgr.
IOS redundancy ESP Subsystem
Fault Containment
Process Restartability
Chassis Mgr.
Operational Consistency SPA driver
SPA
SPA driver Interface Mgr.
driver
Same look and feel as standard IOS I/O Subsystem
Ethernet Out of Band Channel

ASR1001-X Control Plane CPU
Method by which processes in different
subsystems communicate
Software Sub-packages 2
IOS IOS
3
active standby
1. RPBase: RP Linux operating system
Platform Adaptation Layer 4
Upgrading of the OS will require reload to the RP and expect minimal changes
RP
(PAL)
2. RPIOS: IOS executable Chassis Forwarding
manager manager
facilitates Software Redundancy feature
3. RPAccess (K9 & non-K9): Software required for Router access Linux Kernel 1
Two versions available (with and without open SSH & SSL)
facilitates software packaging for export-restricted countries Control
4. RPControl : control plane processes for IOS / hardware interface messaging
IOS XE Middleware
5. ESPBase: All ESP code QFP client SPASPA
driver 7
5 driver
SPA driver
Any software upgrade of the ESP requires reload of the ESP
QFP driver
ESP
SIP
Chassis
6. SIPBase/ELCBase: SIP/ELC OS & control processes manager
Chassis Forwarding 6
OS upgrade requires reload of the SIP/ELC manager manager
7. SIPSPA/ELCSPA: SPA drivers and SPA FPD Linux Kernel Linux Kernel
Facilitates SPA driver upgrade of specific SPA slots
IOS XE Release and support timelines
Standard releases twice a year (March, November) supported for 18 months

6 months of active bug-fix, 6 months of limited bug fix, and 6 months of PSIRT
Rebuild Intervals: 3 + 3 + 6 + 6 (PSIRT build as needed) PSIRT Phase

Optional
3 months 3 months 6 months 6 months PSIRT build
.1S .2S .3S .4S
FCS EoSales EoSM EoVS
Extended releases - Once a year (July) supported for 48 months

30 months of active bug-fix, 6 months of limited bug fix, and 12 months of PSIRT
Rebuild Intervals: 3 + 3 + 4 + 4 + 4 + 6 + 6 + 6 + 6 + 6 (PSIRT builds as needed) Optional

PSIRT builds
3m 3m 4m 4m 4m 6m 6m 6m 6m 6m
.1S .2S .3S .4S .5S .6S .7S .8S .9S .10S
FCS HPC EoSales EoSales EoSM EoVS

Notification
Packet Flows Data Plane
SIP/MIP ingress data path
RPs Active ESP
1. SPA receives packet data from its
network interfaces and transfers the
Interconnect packet to the SIP
Egress 2. SPA Aggregation ASIC classifies the

Ingress
Buffer packet into H/L priority
Scheduler
Status
IOCP 3. SIP writes packet data to external
ingress buffers
Interface
Aggregation ASIC 4. Interface Agg ASIC selects among

ingress queues for next pkt to send
to ESP over ESI. It prepares the
packet for internal transmission
Ingress Ingress Egress 5. The interconnect transmits packet
buffers SPA Agg.
Classifier buffers data of selected packet over ESI to
active ESP.
4 SPAs 4 SPAs
ESP data processing path 1. Packet arrives at ESP via interconnect
2. Packet assigned to an available PPE a

by dispatcher
Resource Packet
TCAM
DRAM Buffer DRAM
3. Input FIA invoked
QFP complex Netflow, MQC/NBAR Classify, FW, RPF,

WCCP
Packet Processor Engines BQS
4. Potentially forward through BQS to
FECP PPE1 PPE2 PPE3 PPE4 PPE5 crypto
5. Forwarding decision is made
PPE6 PPE7 PPE8 PPE40
FIB lookup, MPLS, GRE, Multicast
Dispatcher Packet Buffer 6. Egress FIA invoked
Crypto Netflow, NAT, Police/Mark, Crypto
Interconnect 7. Packet forwarded through BQS for

scheduling based on QoS and interface
bandwidth
ESP RPs SIPs
8. Packet leaves ESP via interconnect
SIP/MIP egress data path 1. Interconnect receives packet data
over ESI from the active ESP
RPs Active ESP
2. SPA Aggregation ASIC receives the
packet and writes it to external
Interconnect egress buffer memory
Egress 3. SPA Aggregation ASIC selects and

Ingress
Buffer transfers packet data from eligible
Scheduler
Status queues to SPA-SPI channel (Hi
IOCP
queue are selected before Low)
Interface 4. SPA transmits packet data on

Aggregation ASIC network interface

Ingress Ingress Egress

buffers SPA Agg.
Classifier buffers
4 SPAs 4 SPAs
ASR 1000 QoS
ASR 1000 Forwarding Path
QoS View Packet buffers used by QFP
TCAM
IOS Process
Buffers Advanced classification, policing, WRED
Interconnect QFP
Hierarchical egress packet scheduling
Interconnect
Port rate limiting & weighting

for forwarding to ESP
Interconnect
Egress SIP packet buffering
Ingress packet buffering Interconnect
Scheduling
Basic ingress classification Buffers Buffers
Classifiers
SPA SPA SPA SPA
ASR 1000 QoS
SIP Ingress Path
Ingress packet priority classification

Interconnect
Classification based on:
802.1p, IPv4 TOS, IPv6 TC, MPLS EXP
Configurable per port or VLAN Scheduling
Buffer status
reporting
Ingress SIP buffering
2 queues, high & low per port Ingress Egress
High priority pkts from all ports will be sent to ESP Buffers Buffers
before low priority queues
Classifiers
Ingress SIP scheduler
By default all ports have a weight proportional to the
interface bandwidth SPA
SPA
SPA
Excess bandwidth is shared SPAs
Excess weight per port is configurable
ASR 1000 ESP QoS
PPE Processing
Packets are accepted into the Cisco QFP and allocated to a free PPE thread to handle the
packet
Multiple packets are handles simultaneously in the Cisco QFP
The following QoS functions are handled by PPEs:

Classification
Marking
Policing
WRED
After all the above QoS functions (along with other packet forwarding features such as
NAT, Netflow, etc.) are handled the packet is put in packet buffer memory handed off to the
Cisco QFP Traffic Manager
ASR 1000 MQC based QoS
Classification and Marking
Classification
IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, ACL, packet-length, ATM CLP,
COS, inner/outer COS (QinQ), vlan, input-interface, qos-group, discard-class
QFP is assisted in hardware by TCAM
Marking
IPv4 precedence/DSCP, IPv6 precedence/DSCP, MPLS EXP, FR-DE, discard-class, qos-group, ATM
CLP, COS, inner/outer COS
Enhanced match & marker stats are enabled with a global configuration options
platform qos marker-statistics
platform qos match-statistics per-filter
platform qos match-statistics per-ace
Policing and Congestion Avoidance
Policing WRED
1R2C 1 rate 2 color Precedence (implicit MPLS EXP), dscp,
and discard-class based
1R3C 1 rate 3 color
ECN marking
2R2C 2 rate 2 color
Byte, packet and time based CLI
2R3C 2 rate 3 color Packet based configurations limited to
color blind and aware in XE 3.2 and exponential constant values 1 through 6
higher software Dedicated WRED block in QFP
supports RFC 2697 and RFC 2698 hardware
explicit rate & percent based
configuration
dedicated policer block in QFP
hardware
Queuing
Level 3 Class
Multilayer hierarchies (5 layers in total) queues
SIP, interface, up to 3 layers of queuing

configured with MQC QoS Level 2 Class
schedule
Two levels of priority traffic (1 and 2)
Strict and conditional priority rate limiting

Level 1 Vlan
schedule
3 parameter scheduler (min, max, &
excess)
Priority propagation to ensure no loss Interface interface

default queue schedule
priority forwarding via minimum
parameter
SIP root
schedule
queue limit management
Interface default queues have 50 ms of buffering in a packets based configuration (except

on ESP-40 which uses 25 ms)
_/ 0.050
_ =

_/ 8

Queue-limit maybe manually configured with various units (packets, time, or bytes)
Packets based queue-limit deals well with bursts of variable size packets while providing a maximum limit to introduced
latency when all packets are MTU sized.
Time or byte based queue-limit provides more exact control over maximum latency but will hold a variable number of
packets based on the size of packets enqueued.
ASR 1000 QoS
Scheduling
The QFP Traffic Manager performs all packet scheduling decisions.
Packets move through the QoS hierarchy even if MQC QoS is not configured.
Cisco QFP Traffic Manager implements a 3 parameter scheduler which gives advanced
flexibility.
Minimum - bandwidth or priority. Guaranteed to receive the min BW.
Excess - bandwidth remaining. By default classes have remaining ratio of 1.
Maximum - shape. Traffic rates beyond the shaper rates held in queues.
Only 2 parameters can be configured at any level (min/max or max/excess)
Priority propagation (via minimum) ensures that high priority packets are forwarded first
without loss
ASR 1000 QoS
Three parameter scheduler
policy-map child
class voice Minimum is defined by the bandwidth or priority classes.
priority level 1
police cir 2000000 2 Mb/sec
class critical_services Minimums
bandwidth 5000 5 Mb/sec
class internal_services
25 Mb/s
Maximum
shape average percent 80 Excess is defined by the
class class-default 6 Mb/sec
bandwidth remaining, default ratio
! of 1 if not configured.
policy-map parent Excess
6 Mb/sec
class class-default
shape average 25000000
service-policy child 6 Mb/sec
Maximum is implemented by shapers.
ASR 1000 QoS
SIP Egress Path
Egress buffering per SIP card
Interconnect
No need for additional SIP based classification or
queuing.
Buffer status
Scheduling
Heavy lifting already done by QFP engine. reporting
Egress SIP has high and low priority buffers in case Ingress Egress
there is backpressure from a SPA Buffers Buffers
Classifiers
SPA
SPA
SPA
SPAs
Integrated Security on ASR 1000
ASR 1000 Cryptography Support Suite B
Improved Octeon Crypto Processor on X-series Chassis crypto
ASR1001-X ASR1002-X ASR1002-HX ESP100 ESP200
Number of Crypto 1 1 1 1 2
Processor
Cores per 10 6 32 22 32
processor
Clock Rate 800MHz 800MHz 1200MHz 1100MHz 1100MHz
DRAM 1GB 1GB 4x1GB 2GB 2x4GB
Crypto Throughput 5Gbps 4Gbps 25Gbps 16Gbps 59Gbps
(IMIX)
Next Generation Encryption
Authenticated
AES-GCM
Encryption
Authentication HMAC-SHA-2
Suite B
Key Establishment ECDH
Digital Signatures ECDSA
Hashing SHA-2
Entropy SP800-90
TLSv1.2, IKEv2, IPsec,

Protocols
MACSec
ASR 1000 Forwarding Processor
IPsec Processing is done with Crypto Co-processor Assist
IPSec SA class groups
Classes Resource Packet Buffer
IPSec SA Database Rules (ACE or IPSec SA)
TCAM
DRAM DRAM
IKE SA Database Outbound packet
classification
Crypto-map
QFP complex Formatting of packets to
DH Key pairs crypto chip (internal
header)
Memory Packet Processor
Engines
BQS Receiving packets from
FECP crypto chip
PPE1 PPE2 PPE3 PPE4
Bootflash Removal of internal crypto
header
Anti-reply Check PPE5 PPE6 PPE40 Re-assembly of
Encryption/decryption fragmented IPSec
(Diffie-Hellman) packets
NAT Traversal Dispatcher Packet Buffer
Traffic-based lifetime expiry
Memory
Crypto
Chassis Interconnect GE, 1Gbps
Mgmt Bus
I2C
ESI
IPSec SA Database Hypertransport, 10Gbps
Other
RPs RPs ESP RPs SIPs
ASR 1000 IPSec Software Architecture
Function Partitioning IOS IOS
active standby
Creation of IPSec Security Associations (SA) Platform Adaptation Layer
RP
(PAL)
IKE Control Plane (IKE negotiation, expiry, tunnel setup) Forwarding Chassis
manager manager
Communicates FIB status to active & standby ESP Linux Kernel
Communicates with Forwarding manager on RP Control

Provide interface to QFP Client / Driver messaging
Copy of IPSec SAs QFP client SPASPA

driver
driver
ESP
SPA driver
Copy of IKE SAs
QFP driver
SIP
Synchronization of SA Database with standby ESP Chassis
manager
Punting of encrypted packets to the Crypto Assist Crypto
Forwarding
manager
Chassis
manager
assist Linux Kernel
Linux Kernel
Encryption / Decryption of packets
ASR 1000 Integrated Zone-Based Firewall Protection
DoS, DDoS and Application Layer Detection and Prevention
TCP SYN Attack Prevention Basic Threat Detection

Protects against TCP SYN Flood to the FW Session Enables detection of possible threats, anomalies and
Database attacks per Zone
Monitors rate of pre-defined events in the system;
SYN Cookie Protection
alerts sent to Sys/HSL logs
Per Zone Report drops due to: Basic FW check failures, L4
Per VRF inspection failures, and count of the # of dropped
Per BoX SYNs
Half Open Session Limit Application Layer Protocol Inspection

Protects Firewall Session Table from attacks that could be Conformance checking, state tracking, security checks with
based on UDP, TCP and ICMP granular policy control
Half Open Session Limits are configurable: Over 20 Inspection Engines:
Per Box and VRF Level UC: SIP, Skinny, H.323, RSTP
Per Class supported initially Enterprise Apps: Voice/Soft phones
FW resources are managed effectively with half open session Core Protocols: FTP, FTP66, SNMP, DNS, POP3,
limit configuration knobs
Database & O/S: LDAP, NetBIOS, Microsoft RPC,
Logs are generated when limits are crossed
Strictly Cisco Confidential BRKARC-2001 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
ASR 1000 Security Certifications
FIPS Common Criteria NSA Suite B

14002, Level 2 EAL4 Hardware Assist
Cisco ASR 1000 Series
ASR 1000 IPSec Performance & Scale
ASR 1001-X ASR 1002-X ASR 1002-HX RP2/ESP20 RP2/ESP40 RP2/ESP100 RP2/ESP200
Encryption 5Gbps 4Gbps 25Gbps 6.3Gbps 7.3Gbps 16Gbps 59Gbps

Throughput (IMIX)
VRFs 8k 8k 8k 8k 8k 8k 8k
Total Tunnels 8k 8k 8k 8k 8k 8k 8k
(Site to Site IPSec)
Tunnel Setup Rate 130 130 130 130 130 130 130
(per second)
DMVPN / BGP 4k 4k 4k 6k 6k 6k 6k
Adjacencies
DMVPN / EIGRP 4k 4k 4k 4k 4k 4k 4k
Adjacencies
FlexVPN 10k 10k 10k 10k 10k 10k 10k
(IKEv2/DVTI)
High Availability
ASR 1000 High Availability
Hardware Redundancy
RP
RP
CPU CPU
Redundant ESP / RP on ASR 1006, 1006-X, 1009-X, 1013
Zero packet loss on RP rail-over FECP FECP
ESP
ESP
ESP
ESP
Max 50ms loss for ESP fail-over Crypto
QFP Crypto
QFP
Crypto
Crypto
Assist. PPE BQS
Crypto
Crypto
Assist. PPE BQS
Intra-chassis Stateful Switchover (SSO)

Stateful features: PPPoX, AAA, DHCP, NAT, Firewall
IOS XE also provides full support for Network Resiliency
Intf
IOCP
SIP
Agg.
NSF/GR/NSR for BGP, OSPFv2/v3, IS-IS, EIGRP, LDP
SPA SPA
BFD (BGP, IS-IS, OSPF, PIM, HSRP); IP Event Dampening;
Intf
ELC
IOCP
first hop redundancy protocols: GLBP, HSRP, VRRP Agg.
Built-in GE/10GE
Support for ISSU upgrade/downgrade
Intf
MIP
IOCP
Agg.
EPA EPA
ASR1000 High Availability
Software Redundancy
IOS runs as its own Linux process for control plane (Routing, active stby
IOSd IOSd
RP
SNMP, CLI etc.)
Linux Kernel
Linux kernel runs IOS process in protected memory for:
Fault containment FECP
ESP
Restart-ability of individual SW processes Crypto
QFP
PPE BQS
Software redundancy helps when there is a IOS failure/crash

Active process will switchover to the standby, while forwarding
continues with zero packet loss
SPA
Other software crashes (example: SIP or ESP) do not benefit from
SIP
IOCP
Aggreg.
Software redundancy SPA SPA
Support subpackage software upgrade SPA
SIP
IOCP
Aggreg.
SPA SPA
ISSU and MDR
In Service Software Upgrade (ISSU) is a procedure backed by Cisco IOS
infrastructure to accomplish an upgrade/downgrade while packet forwarding
continues
This procedure takes advantage of redundant processors, Routing protocols
Graceful Restart, Non Stop Routing, SSO/NSF
Minimal Disruptive Restart (MDR) keep interface UP and minimizes traffic
disruption during ASR1k ELC/SIP/SPA upgrade by not resetting the hardware or
reprogramming the data paths
ASR 1000 Super-Package ISSU
ACT ACT STBY STBY ACT ACT STBY STBY

RP ESP SIP issu loadversion
SIP
RP ESP RP ESP RP ESP
Version Version Version Version

issu abortversion Version Version Version Version Version
Version
X X X X X X X Y X X
Automatic rollback issu runversion

Entire procedure can be automated by one or shot ISSU command:
issu abortversion
(switchover)
request platform software package install node file <filename> mdr
STBY STBY ACT ACT SIP STBY STBY ACT ACT SIP
hw-module slot ESP RP ESP MDR
RP ESP RP ESP RP
<STBY_RP> reload
Version Version Version Version Version Version Version Version Version Version
Y Y Y Y Y X Y Y Y Y
issu acceptversion
(stop rollbacktimer)
issu commitversion
(finalizes new file version)
ASR 1000 Stateful Inter-chassis Redundancy
2 Cluster Members
single redundancy group Act/Stby
2 redundancy groups Act/Stby Stby/Act RGsby
Supported Topology
LAN-LAN
LAN-WAN with asymmetric routing
WAN-WAN with symmetric routing
Connection between 2 members for RG control traffic & application data
Used to exchange control traffic (RG hellos, RG state, fail-over signaling etc.) with
object tracking
Synchronization of NAT/Firewall/Cube state tables RGact
Addition interlink to divert the asymmetric routing traffic
Direct connections between 2 members to avoid split-brain condition
Configuration & FIB are not synchronized by RG infrastructure
Inter-chassis and intra-chassis redundancy can not co-exist
ASR 1000 Applications & Solutions
ASR 1000 APPLICATIONS:
Carrier Ethernet & MPLS VPN
MPLS L3VPN Applications
MPLS VPN o GRE
North
VRF-Lite/Multi-VRF CE WAN-PE
Sub-interface per VRF for CE/PE

Up to 8,000 VRFs
MPLS VPN (RFC 2547) SP IP Service
IPv4 & IPv6 West GRE

WAN-PE WAN-PE East
MPLS QoS
MPLS over (m)GRE overlay for large enterprise VPN
MPLS TE FRR Multicast VPN Multicast
Source
FRR Link, Path & Node protection

RSVP & BFD triggered FRR PE PE
Multicast VPN
Encapsulation: IP/GRE, LSM PE PMSI Instance
PE PMSI Instance
Core Tree Signalling: PIM, mLDP Provider Network
C-Multicast Signaling: PIM, BGP
Multicast
Service: IPv4, IPv6 Receiver
ASR 1000 Carrier Ethernet Capabilities
Support for Ethernet Virtual Circuit (EVC) infrastructure Ports
connect
VLAN tags (single, double, ambiguous, untagged) (hair-pin)
EFPs
xconnect
802.1ad S-VLANs Pseudowire
Custom EtherType (e.g. IPv4/v6, PPPoE Discovery, PPPoE session) connect
CoS Support Ports Pseudowire

BD L2 VFI
MPLS
Flexible EVC Forwarding Service
EFPs
Pseudowire
Bridge Domain, Xconnect, Bridge Domain Interface, Pseudowire
L3/VRF
Ethernet OAM BD BDI
Routed
Link OAM, CFM, 802.1ag + Y.1731 extension, 802.3ah, Loopback, ELMI
Ports
Support for E-Line, E-Lan, E-Tree
BD BD
EFPs
L2 MP Bridging
Port/VLAN modes with interworking and local switching
Strong UNI features
HQoS, Security ACL, MAC Security
EFPs
Flexible Tag Matching and Manipulation ATM/FR
Ethernet Flow point (EFP) service L2 Interworking
instance is a logical interface that (not yet supported)
connects a bridge domain to a physical
port.
Can ASR 1000 Be a Layer 2 Switch ?
Yes!
No!
EVC addresses flexible ethernet edge
LAN Switch port density
requirements
Lowest cost per port
Flexible VLAN manipulation
Rich IOS LAN switch functionality & capability
Virtual interface (BDI) similar to SVI on a switch
Support Spanning tree protocols (MST, PVST,

RPVST+) Answer:
Support various ethernet encapsulations (802.1q, Handy solution to absorb a switch/trunk in
802.1ad, Q-in-Q, 802.1ah) some situations especially for integrated L3
VLAN to forwarding service (L3/BDI, P2P, P2MP)
edge applications
Support E-OAM capabilities
VPLS Services
VPLS Full-mesh, Hub/Spoke & H-VPLS Provider Edge
1M MAC Addresses U-PE/H-VPLS PE
Broadcast, Unknown Unicast and Multicast (BUM) control

VPLS over GRE/IPSec N-PE
VPLS Auto-discovery
LDP Signal (RFC 6074) Attachment VCs
are port mode or Full mesh of
BGP Signal (RFC 4761) VLAN ID Targeted LDP
exchange VC lables
Inter-AS support
Tunnel LSP
Option A (BGP Signal) CE N-PE CE
N-PE
Option B, C (LDP Signal)
U-PE dual-homing CE: Customer Edge Device
N-PE: Network Facing Provider Edge
Multiple spanning tree with control pseudowire
U-PE: User Facing Provider Edge
Routed Pseudowire VSI/VFI: Virtual Switching/Forwarding Instance
VPLS circuit terminated on Bridge Domain Interface
Segment Routing
Simplifying the Transport
Source Routing: the source chooses a path and
encodes it in the packet header as an ordered list SR
IGP
of segment
VPN
Segment: an identifier for any type of instructions:

VPN
forwarding or service
IGP only: no LDP, no RSVT-TE
ECMP 16006
vpn vpn
pkt pkt
pkt
Interworking with LDP: ease of migration
Topology independent 50msec FRR
Support all existing VPN services SR WAN
Engineered for SDN

Internet Edge
Enterprise Internet Edge Profile
Routing: up to 5 full ISP peerings
ISP2 Inet II
HQoS, ACL, FNF, CoPP IPv6
ISP1 ISP3
Services: switch2
NAT: NAT44/NAT64, VRF Aware, VASI
TenGig4
TenGig3
TenGig4
ZBFW
ALG
Port-channel RG

RG
AVC ACT
STD
ASR1013-2
Y
Stateful Inter-chassis redundancy
Topology: LAN-WAN, LAN-LAN

VSS
Platforms: ASR1001-X/ASR1002-X, RP2/ESP40 LAN
Secure VPN
VPN Solutions Overview
IPsecbased VPNs
DMVPN GETVPN FlexVPN Easy VPN SSLVPN
Multipoint GRE
Crypto Map Dynamic VTI Dynamic VTI TLS
Tunnels
NHRP GDOI IKEv2 Crypto Map
IKEv1/ IKEv1/
IKEv1
IKEv2 IKEv2
DMVPN and GETVPN Comparison
Hub Key Server
Spoke Group Member

DMVPN GETVPN
Spoke Group Member
Spoke Group Member
Dynamic or static routing on the overlay and provider

Dynamic and Static Routing With Provider
networks
Routing Minimal-to-no Peering With Provider
Provider Routes Traffic Between Sites
Less Control Plane Overhead Traffic
Easy Multi-Homing Designs
Any WAN Transport: Internet, MPLS Private WANs Only: MPLS
Site-to-Site Requires Tunnel Setup No Tunnels for Site-to-Site Connectivity
Data Plane Hub-site Multicast Replication Multicast Replication in Provider Network
Per-Tunnel QoS- Hub-Spoke, Spoke-Spoke QoS and SLA are provider driven
Pair-Wise Keys: Per tunnel keys Group Keys: Single Group Key for All Sites
VPN is based on mGRE Overlay VPN is based on MPLS
IPsec Client IP Addressing Hidden Client IP Addressing Exposed
From Provider to Provider
BRKARC-2001 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
89
VPN Selection Criteria for Key Solutions
Key Solutions DMVPN GETVPN FlexVPN SSLVPN Easy VPN (IPsec IPsec VPN (CM,
(dVTI, IKEv2) (TLS) tunnels, IKEv1) VTI, p-pGRE)
Remote Access N/A N/A SR SR S S

(SW Clients)
IOT SR SR SR SR S S
IWAN SR N/A N/A N/A N/A N/A
DCI N/A SR N/A N/A N/A S
MPLS VPN over N/A SR N/A N/A N/A S

MGRE
The roadmap on VPN Services aligned with Cisco recommendation
SR = Supported and Recommended

S = Supported
WAN MACSec Applications
MKA based keying (IEEE 802.1X-2010)
802.1AE strong encryption
DC1
128/256 bits AES-GCM, NIST Main Building 1
approved, line rate performance
Vlan tag in clear option
Point-to-point Metro Metro
E-LINE E-LAN
Port based E-LINE Service Building 4
Building 2
VLAN based E-LINE Service
Point-to-Multipoint
Port based E-LAN Service
VLAN based E-LAN Service DC2 Building 3
32 peers on 10GE; 8 peers on GE

Data Center Interconnect Connect large branch, regional
aggregate site to DC
Datacenter Interconnect (DCI)
DCI with OTV
Ethernet Frame IP packet Ethernet Frame Ethernet Frame
Encap Decap
MAC IF MAC IF
MAC1 Eth1 Edge Device A MAC1 IP A
Edge Device C
MAC2 IP B MAC2 Eth 1
OTV Join Intf OTV Join Intf
MAC3 IP B ASR1K MAC3 Eth 2
ASR1K
IP B
Edge Device B
ASR1K
Edge Device B IP Core
Use Cases Connectivity High Availability Security
Datacenter maintenance/DR IP Core (unicast & mcast) Built-in loop prevention IPsec or GETVPN
workload mobility (i.e. Vmotion)
Optimal multicast replication Built-in multi-homing
Active/Active Datacenters (HA
+LSIP for optimal routing Preserve failure boundary
Clustering, i.e. MSCS, Vmware
Cluster) Up to 20 sites All paths active
Legacy Application (non- Interop with N7k FHRP
IP/Routable apps, i.e. NetBios) Support Fragmentation
VXLAN Enables Scale and Flexibility in the Datacenter
VxLAN (MAC in IP)

Internet
IP/MPLS core
uni or multicast
Hypervisor VXLAN L3 Gateway

VXLAN L2 Gateway VXLAN to Routed
VXLAN to 802.1q VXLAN to L3 VRF mapping
Use Cases Connectivity Standard Scale
VXLAN-VXLAN Interworking Provides L2 connectivity MAC-in-IP: RFC 7348 4,000 VXLAN Tunnel
VLAN-VXLAN Interoperability between virtual switches in Endpoints (VTEPs)
Unicast (Ingress replication)
VXLAN-VPLS Interoperability
hypervisors, hardware Up to 16k VXLAN Network
or Multicast (BiDir) for
switches and hardware Identifiers (VNIs)
VXLAN-VRF Integration peering and MAC
routers Up to 16k Bridge Domain
reachability
VXLAN extends subnets to Interfaces (BDIs)
virtualized resources Up to 1M MAC addresses
EVPN L3 DCI
ASR1k as a Border Leaf connects with Standalone ACI Fabric using EVPN and VXLAN in DC Side, GETVPN on the WAN
MPLS
MP-BGP
DC
Spine N9500 N9500 N9500 N9500
CE-PE iBGP PE-CE
40G links
EVPN IP GETVPN over MPLS
IPVPN Enterprise Site
Leaf
IP IP
N9300 N9300 N9300 N9300 N9300 N9500 N9500 N9300 N9300
Fabric
Extenders
VXLAN
EVPN RD, Prefix , RT, L3 VNI IP Prefix
Route Next Hop VTEP IP Route Next Hop
Tunnel Encap VXLAN
Data Center 1 Router MAC
Solution Characteristics Feature Interaction

ASR1k Border Leaf Connecting WAN with DC WAN side: Back to Back VRFs with dedicated
Multi-tenant VRF Lite solution where a VRF is L3 sub-interfaces between DC & WAN
assigned to a tenant DC side: EVPN VRF Lite integration
Services: QoS, NAT, IPsec, AVC, PfR, Orchestration: VTS, Cisco Prime
AppNav, ZBFW, etc.
Intelligent WAN (IWAN)
IWAN Sessions this week:
BRKCRS-2000 Intelligent WAN (IWAN) Architecture
BRKCRS-2002 IWAN Design and Deployment Workshop
TECCRS-2004 Implementing the Intelligent WAN (IWAN)
BRKRST-2362 Implementing Performance Routing (PfRv3)
BRKRST-2514 Application Optimization and Provisioning the Intelligent WAN (IWAN)
Intelligent WAN Solution Components
AVC Private
Cloud
MPLS
Virtual
Private
Cloud
3G/4G-LTE
Branch
Internet Public
WAAS PfR Cloud
Control & Management Automation
Transport Intelligent Application Secure

Independent Path Control Optimization Connectivity
Consistent operational model Dynamic Application best Application visibility with Certified strong encryption
Simple provider migrations path based on policy performance monitoring Comprehensive threat
Scalable and modular design Load balancing for full Application acceleration defense
IPsec routing overlay design
utilization of bandwidth and bandwidth Cloud Managed Security for
Improved availability optimization secure direct Internet access
Start with Cisco AX Routers
IWAN Capabilities Embedded in the Router
One Network
UNIFIED SERVICES Visibility
Control
ASR1000-AX
Optimization
ISR-AX
Simplify Transport
Application Independent
Secure
Delivery Routing
Cisco AX Routers 3900 | 2900 | 1900 | 800 | 4000 | ASR1000

2016 Cisco and/or its affiliates. All rights reserved. Cisco Public
Summary and Take away
Summary and Key Takeaways
ASR 1000 is the Swiss Army Knife to solve your tough

network problems
Reduce complexity in your network edge.
ASR 1000 is well positioned for both Enterprise and Service
Provider Architectures.
ASR 1000 is at the heart of Cisco IWAN solutions
Come see live at our WoS Booth!
Relevant Sessions at Cisco Live 2016
Breakout Sessions
BRKARC-2009 Operating an ASR 1000
BRKARC-2031 QoS Config Migrations From Classic IOS to IOS XE
BRKCRS-3147 Advanced troubleshooting of the ASR1K and ISR 4451-X made
easy
Complete Your Online Session Evaluation
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 Amazon gift card.
Complete your session surveys
through the Cisco Live mobile
app or from the Session Catalog
on CiscoLive.com/us.
Dont forget: Cisco Live sessions will be available

for viewing on-demand after the event at
CiscoLive.com/Online
Continue Your Education
Demos in the Cisco campus
Walk-in Self-Paced Labs
Lunch & Learn
Meet the Engineer 1:1 meetings
Related sessions
Presentation ID 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Please join us for the Service Provider Innovation Talk featuring:
Yvette Kanouff | Senior Vice President and General Manager, SP Business
Joe Cozzolino | Senior Vice President, Cisco Services
Thursday, July 14th, 2016

11:30 am - 12:30pm, In the Oceanside A room
What to expect from this innovation talk

Insights on market trends and forecasts
Preview of key technologies and capabilities
Innovative demonstrations of the latest and greatest products
Better understanding of how Cisco can help you succeed
Register to attend the session live now or

watch the broadcast on cisco.com
Thank you
R&S Related Cisco Education Offerings
Course Description Cisco Certification
CCIE R&S Advanced Workshops (CIERS-1 & Expert level trainings including: instructor led workshops, self CCIE Routing & Switching
CIERS-2) plus assessments, practice labs and CCIE Lab Builder to prepare candidates
Self Assessments, Workbooks & Labs for the CCIE R&S practical exam.
Implementing Cisco IP Routing v2.0 Professional level instructor led trainings to prepare candidates for the CCNP Routing & Switching
Implementing Cisco IP Switched CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in
Networks V2.0 self study eLearning formats with Cisco Learning Labs.
Troubleshooting and Maintaining
Cisco IP Networks v2.0
Interconnecting Cisco Networking Devices: Configure, implement and troubleshoot local and wide-area IPv4 and IPv6 CCNA Routing & Switching
Part 2 (or combined) networks. Also available in self study eLearning format with Cisco Learning
Lab.
Interconnecting Cisco Networking Devices: Installation, configuration, and basic support of a branch network. Also CCENT Routing & Switching
Part 1 available in self study eLearning format with Cisco Learning Lab.
For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com
Design Cisco Education Offerings
Designing Cisco Network Service Architectures Provides learner with the ability to perform conceptual, intermediate, and CCDP (Design Professional)
(ARCH) Version 3.0 detailed design of a network infrastructure that supports desired capacity,
performance, availability required for converged Enterprise network (Available Now)
services and applications.
Designing for Cisco Internetwork Solutions Instructor led training focused on fundamental design methodologies used CCDA (Design Associate)
(DESGN) Version 3.0 to determine requirements for network performance, security, voice, and
wireless solutions. Prepares candidates for the CCDA certification exam. (Available Now)

Service Provider Cisco Education Offerings
Deploying Cisco Service Provider Network Routing SPROUTE covers the implementation of routing protocols (OSPF, IS-IS, BGP), CCNP Service Provider
(SPROUTE) & Advanced (SPADVROUTE) route manipulations, and HA routing features; SPADVROUTE covers advanced
routing topics in BGP, multicast services including PIM-SM, and IPv6;
Implementing Cisco Service Provider Next-Generation
Core Network Services (SPCORE) SPCORE covers network services, including MPLS-LDP, MPLS traffic engineering,
QoS mechanisms, and transport technologies;
Edge Network Services (SPEDGE) SPEDGE covers network services, including MPLS Layer 3 VPNs, Layer 2 VPNs,
and Carrier Ethernet services; all within SP IP NGN environments.
Building Cisco Service Provider Next-Generation The two courses introduce networking technologies and solutions, including OSI CCNA Service Provider
Networks, Part 1&2 (SPNGN1), (SPNGN2) and TCP/IP models, IPv4/v6, switching, routing, transport types, security, network
management, and Cisco OS (IOS and IOS XR).
Implementing Cisco Service Provider Mobility UMTS The three courses (SPUMTS, SPCDMA, SPLTE) cover knowledge and skills Cisco Service Provider Mobility
Networks (SPUMTS); required to understand products, technologies, and architectures that are found in CDMA to LTE Specialist;
Implementing Cisco Service Provider Mobility CDMA Universal Mobile Telecommunications Systems (UMTS) and Code Division Multiple Cisco Service Provider Mobility UMTS
Networks (SPCDMA); Access (CDMA) packet core networks, plus their migration to Long-Term Evolution to LTE Specialist
Implementing Cisco Service Provider Mobility LTE (LTE) Evolved Packet Systems (EPS), including Evolved Packet Core (EPC) and
Networks (SPLTE) Radio Access Networks (RANs).
Implementing and Maintaining Cisco Technologies Service Provider/Enterprise engineers to implement, verification-test, and optimize Cisco IOS XR Specialist
Using IOS XR (IMTXR) core/edge technologies in a Cisco IOS XR environment.

Data Center / Virtualization Cisco Education Offerings
Introducing Cisco Data Center Networking (DCICN); Learn basic data center technologies and skills to build a CCNA Data Center
Introducing Cisco Data Center Technologies (DCICT) data center infrastructure.
Implementing Cisco Data Center Unified Fabric (DCUFI); Obtain professional level skills to design, configure, CCNP Data Center
Implementing Cisco Data Center Unified Computing (DCUCI) implement, troubleshoot data center network infrastructure.
Designing Cisco Data Center Unified Computing (DCUDC)
Designing Cisco Data Center Unified Fabric (DCUFD)
Troubleshooting Cisco Data Center Unified Computing
(DCUCT)
Troubleshooting Cisco Data Center Unified Fabric (DCUFT)
Product Training Portfolio: DCNMM, DCAC9K, DCINX9K, Gain hands-on skills using Cisco solutions to configure,
DCMDS, DCUCS, DCNX1K, DCNX5K, DCNX7K deploy, manage and troubleshoot unified computing, policy-
driven and virtualized data center network infrastructure.
Designing the FlexPod Solution (FPDESIGN); Learn how to design, implement and administer FlexPod Cisco and NetApp Certified
Implementing and Administering the FlexPod Solution solutions FlexPod Specialist
(FPIMPADM)

Network Programmability Cisco Education Offerings
Integrating Business Applications with Network Learn networking concepts, and how to deploy and troubleshoot Cisco Business Application
Programmability (NIPBA); programmable network architectures with these self-paced courses. Engineer Specialist Certification
Integrating Business Applications with Network
Programmability for Cisco ACI (NPIBAACI)
Developing with Cisco Network Programmability Learn how to build applications for network environments and effectively Cisco Network Programmability
(NPDEV); bridge the gap between IT professionals and software developers. Developer Specialist Certification
Developing with Cisco Network Programmability
for Cisco ACI (NPDEVACI)
Designing with Cisco Network Programmability Learn how to expand your skill set from traditional IT infrastructure to Cisco Network Programmability
(NPDES); application integration through programmability. Design Specialist Certification
Designing with Cisco Network Programmability
for Cisco ACI (NPDESACI)
Implementing Cisco Network Programmability Learn how to implement and troubleshoot open IT infrastructure Cisco Network Programmability
(NPENG); technologies. Engineer Specialist Certification
Implementing Cisco Network Programmability
for Cisco ACI (NPENGACI)

Cloud Cisco Education Offerings
Understanding Cloud Fundamentals Learn how to perform foundational tasks related to Cloud computing, and the essentials
(CLDFND) of Cloud infrastructure
CCNA Cloud
Introducing Cloud Administration Learn the essentials of Cloud administration and operations, including how to provision,
(CLDADM) manage, monitor, report and remediate.
Implementing and Troubleshooting the Learn how to implement and troubleshoot Cisco Cloud infrastructure: compute,
Cisco Cloud Infrastructure (CLDINF) network, storage.
Learn how to design private and hybrid Clouds including infrastructure, automation,
Designing the Cisco Cloud (CLDDES)*
security and virtual network services
CCNP Cloud
Automating the Cisco Enterprise Cloud Learn how to automate Cloud deployments provisioning IaaS (private, private with
(CLDAUT)* network automation and hybrid) and applications, life cycle management
Building the Cisco Cloud with Application Learn how to build Cloud infrastructures based on Cisco Application Centric
Centric Infrastructure (CLDACI)* Infrastructure, including design, implementation and automation
Learn how to manage physical and virtual infrastructure using orchestration and
UCS Director Foundation (UCSDF)
automation functions of UCS Director.
* Available Q2CY2016


Brkarc 2001

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Brkarc 2001

Загружено:

Авторское право:

Доступные форматы

ASR 1000 System & Solution

Jason Yang CCIE #10467, Technical Marketing Engineer

Introducing the ASR 1000

Best in Class ASIC Best in Class

Ethernet Multi-Service, Secure

2.5 to 20 5 to 36 44 to 100 10 to 40 40 to 100 40 to 200 40 to 200

Enterprise Edge and Managed Services Routers

Service Provider Edge Routers

Mobile subscriber WAN aggregation

High end branch Cloud

High Speed CPE WAN Aggregation Data Center Interconnect

Mobile Access and Aggregation

interconn GE switch interconn. GE switch QFP

interconnect interconnect interconnect

SPA SPA Built-in GE/10GEs EPA EPA

SPA Interface Processor Ethernet Linecard Modular Interface Processor

data packets between ESPs and other linecards

interconn. GE switch interconn. GE switch QFP

interconnect interconnect interconnect

SPA SPA Built-in GE/10GEs EPA EPA

ESP Slots 1 2 2 2 (super) 2 (super)

SIP/MIP Slots 2 (SIP only) 3 (SIP only) 2 3 6

Built-In Ethernet N/A N/A N/A N/A N/A

Redundancy Software Hardware Hardware Hardware Hardware

1100 power modules 1100 power modules

Chassis RP2 SIP40 ELC MIP100 ESP20 ESP40 ESP100 ESP200

ASR1006 Yes Yes Yes No Yes Yes Yes No

ASR1013 Yes Yes Yes Yes(2)(3) No Yes Yes Yes

ASR1006-X Yes(1) Yes Yes Yes(3) No Yes Yes No

ASR1009-X Yes(1) Yes Yes Yes(3) No Yes Yes Yes

(1)RP2 with new CPLD

(2)100G support in Slots 2&3; others at 40G

RPs 2 EPAs 2 EPAs 2 EPAs

CPAK-100G-SR10 CAB-MPO24-2XMPO12 QSFP-40G-SR4

EPA-10x10GE XE 16.2.1 XE 16.3.1 SFP-10G-SR, SFP-10G-SR-X, SFP-10G-LR, SFP-

EPA-18x1GE XE 16.3.1 XE 16.2.1 GLC-GE-100FX, GLC-SX-MMD, GLC-LH-SMD,

Port Density 2x10GE+20x1GE Port Density 6x10GE

Throughput 40G Throughput 60G I/O with 40G Throughput

Chassis ASR1004, ASR1006, ASR1013 Chassis ASR1004, ASR1006, ASR1013

CPU 2.66GHz Intel dual-core architecture

2.5 Management BITS

Interconnect EOBC Switch Output Input

SIPs ESPs RP ESPs SIPs ESPs RP SIPs SIPs RP RP

50 Gbps 50 Gbps 10G 80G

Dispatcher Packet Buffer

RPs RPs ESP RPs SIPs

System bandwidth (1500B) 20 Gbps 40 Gbps 100 Gbps 200 Gpbs

Performance (64B) 25 Mpps 25 Mpps 79 Mpps 151 Mpps

Single core Dual core Dual core Dual core

* ASR1000-6TGE has 40Gbps ESI connection to ESP

* ASR1000-6TGE has 40Gbps ESI connection to ESP

Five year design and continued evolution now on 3rd generation

3rd Gen QFP linerate security

1st Gen QFP

#cores: Number of Packet Processing Engines

High Speed Backplane Aggregation ASIC

IO Oversubscription & Aggregation ASIC

Increasing network intelligent and services requirements

SPA Slots 1 3 N/A

Power Supply & Fans

Upgrade crypto performance on the field units on demand

PPEs QFP1 PPEs QFP2

11Gbps 80Gbps 8Gbps 120Gbps