As enterprises expand globally, while simultaneously integrating a new wave of applications, the WAN edge has become a critical gateway for business success. The Cisco® ASR 1000 Series Aggregation Services Routers are new wide-area edge routers that represent a dramatic advance in technology innovation based on Cisco's understanding of evolving customer requirements. The Cisco ASR 1000 Series Routers set new expectations for industry-leading performance and scalability of embedded services atop a secure, resilient hardware and software architecture.
With this innovative series of platforms and the accompanying solution framework Unified WAN Services - Cisco enters a new era for the enterprise WAN, providing the best-of-class WAN services aggregation products, architectures, guidance, and support to help enterprises transform their network into the platform to aid business excellence.
The Network as the Platform for Business Opportunity
The enterprise landscape is changing.
Businesses are expanding globally. Industries are consolidating through mergers and acquisitions. Increasingly, IT managers are finding themselves with more locations to manage - and in more geographically diverse regions of the world.
At the same time, the workforce is becoming more mobile, escalating the demand for anytime, everywhere access to network resources.
Emerging applications are being deployed globally as enterprises seek to take advantage of the benefits of Web 2.0. Voice, video, interactivity, online collaboration, and real-time responsiveness put new stresses on the existing network infrastructure.
As corporations expand into a 24-hour global market, requirements mount to comply with governmental, industry, and local regulations; provide heightened levels of security; and eliminate downtime.
Overall, the scale, scope, and complexity of enterprise networks are expanding. This outward expansion enables enterprise businesses to accelerate their growth potential significantly. At the same time, it defines a new set of challenges for network architects and designers.
At the nexus of these changing requirements is the network infrastructure, which acts as the platform for such exciting, business-enhancing opportunities as globalization, mobility, and Web 2.0. In particular, the WAN edge plays a pivotal role as the enterprise expands its global reach. Although the WAN edge was formerly considered a simple hub for reliable connectivity and data transport, it now has new, rapidly evolving responsibilities in the transformation of the enterprise business model.
This new role of the WAN edge as a gateway to the world; a branch aggregation point; or a secure and converged pathway for information, communication, and collaboration requires:
• Increased WAN edge infrastructure performance: Enterprises need to deliver higher-performance, higher-bandwidth services over their converged WANs, along with capacity headroom to operate efficiently
– Emergence of new business applications and a new communication paradigm has caused an unprecedented increase in bandwidth and scalability requirements for the WAN
– Older infrastructure cannot support high-bandwidth WAN aggregation and Internet edge applications
– For Ethernet WAN services, enterprise customers are looking for a small-form-factor, high-performance router to provide services at multigigabit Ethernet speeds
• Highly available WAN infrastructure: Enterprises need to provide continuous, uninterrupted access to applications and services over the WAN. This provision requires a more highly available, resilient, and adaptive infrastructure than they have today. Customers need their WAN edge infrastructure to support
– Rapid failover without service disruption
– Streamlined change management and service turn-up without WAN disruption -- and with fewer errors
– Increased system redundancy at the platform level
• Full WAN security for data protection and compliance: Businesses need to satisfy industry regulations regarding data privacy, and adhere to regulations such as the Sarbanes-Oxley Act (SOX), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), etc. Customers need their WAN edge infrastructure to:
– Deliver network resiliency with a self-defending architecture
– Secure all critical business and client information without creating a performance bottleneck
– Integrate and embed security services within the network to reduce the need for standalone devices
– Inspect traffic flows at high speeds for attack prevention, policy enforcement, and application security
• Consistent service delivery with application intelligence: Enterprises need to meet demanding internal service-level agreements (SLAs), with improved service delivery and application performance over the WAN. To accomplish this level of service, customers need their WAN edge infrastructure to:
– Fulfill internal SLAs while containing WAN and telecom expense
– Speed service and feature deployment to quickly adapt to changing network requirements
– Provide advanced services that interoperate with critical network functions to ensure application performance and security
Cisco ASR 1000 Series Routers
The Cisco ASR 1000 Series Routers are an innovative new line of Cisco routers designed to address the emerging needs of the Unified WAN Services edge. While combining the best attributes of existing Cisco routers, the Cisco ASR 1000 Series Routers deliver a resilient and secure next-generation WAN infrastructure, with powerful performance and scalability for embedded services.
Service Consolidation Without Compromise
Traditionally, the network architect's dilemma has always been to achieve the service richness required at the WAN edge without making difficult trade-offs regarding speed, scalability, and complexity. Layering multiple services on a single platform often resulted in high CPU usage and decreased packet throughput. Taking the alternate approach - distributing service functions to a set of discreet appliances - has further drawbacks in terms of increased operational and training costs, software maintenance expenses, integration and testing challenges, and higher total cost of ownership.
The Cisco ASR 1000 Series Routers fundamentally change this equation. By consolidating network services within a single high-performance, resilient, service-rich platform, the network architect attains many tangible benefits. These benefits include reduced rack-space and power requirements, simplified single-point management and monitoring, transparent service integration with routing, easy in-service software upgrade, and concurrent deployment of multiple high-touch services. Taken together, these advantages can significantly simplify network design and lower the total cost of ownership.
The Cisco QuantumFlow Processor
At the heart of the innovation found in the Cisco ASR 1000 Series Routers is the new Cisco QuantumFlow Processor (QFP). This processor combines the best attributes of both purpose-built application-specific integrated circuits (ASICs) and general-purpose network processors - providing hardware-accelerated speed without sacrificing flexibility.
The Cisco QuantumFlow Processor is built around 40 custom Cisco QuantumFlow Processor Packet Processing Engines (PPEs), each of which supports 4 threads of execution. With up to 160 independent processor threads running in parallel, the Cisco QuantumFlow Processor can avoid the high CPU usage and excess latency found in less-sophisticated hardware architectures. At a practical level, this architecture allows the Cisco QuantumFlow Processor to provide concurrent deployment of multiple advanced services - such as Firewall, intrusion-detection services, Network Address Translation (NAT), and Deep Packet Inspection - without accruing the performance penalties usually associated with such services.
With all this computational power at its disposal, the Cisco QuantumFlow Processor has been designed with a sophisticated memory-management architecture to best enable its innovative capabilities.
With high-speed, multilevel instruction caches, the Cisco QuantumFlow Processor has immediate access to the necessary code to apply multiple services to any packet. If many flows transiting the router require the same set of services (often the case), the instruction memory for this service chain is readily available to the processor, drastically decreasing the time spent processing any individual packet.
Furthermore, at any given time the PPEs on the Cisco QuantumFlow Processor have access to the entire packet, not just packet headers, as is the case in other architectures. For complex operations such as Deep Packet Inspection, this access effectively eliminates several steps in the processing, dramatically reducing overall onboard latency.
As applications such as unified communications, digital video, conferencing, and collaboration become more interactive and real-time, the need to reduce latency is paramount. The user experience and acceptance of these new, business-enhancing applications will hinge upon their responsiveness.
Customized Quality of Service: Enabling Consistent Service Delivery
With so many different flows passing through the Cisco QuantumFlow Processor, and at such high speed, advanced quality-of-service (QoS) mechanisms are a prerequisite. The Cisco QuantumFlow Processor boasts more than 100,000 hardware queues that you can allocate in an arbitrary hierarchy, facilitating a sophisticated, tiered traffic-management system that allows for application of multiple levels of QoS to a packet on a single pass through the Cisco QuantumFlow Processor.
The Cisco QFP Traffic Manager can monitor millions of events per second across multiple channels, making it one of the most accurate scheduling engines found in the industry today.
Even hardware resources external to the Cisco QuantumFlow Processor - such as the encryption engine, shared port adapters (SPAs), and the route processor - can benefit from the sophisticated traffic-management capabilities of the Cisco ASR 1000 Series Routers. Traffic to these devices is always queued in such a manner as to prevent oversubscription, while maintaining appropriate priority. Thus, for example, you can schedule high-value business-critical traffic for encryption and transmission before less-important bulk traffic.
As businesses move to voice, video, and interactive, real-time, collaborative applications, packet latency becomes a genuine concern. Latency can lead to dropped frames, misordered packets, and - from a user perspective - garbled voice and video, or frustrating lag in application response time. With sub-100-microsecond latency for high-priority packets, the sophisticated QoS algorithms on the Cisco ASR 1000 Series Routers remove bottlenecks and can significantly improve your experience.
Integrated Services and Programmability: Speeding Service Deployment
Perhaps the most unique innovation in the Cisco QuantumFlow Processor is its capability to combine the speed of an ASIC with the flexibility and programmability of a general-purpose processor. Rather than proprietary microcode, the Cisco QuantumFlow Processor provides a standard ANSI C application programming interface (API) for programming new functions. As a result of this ease of programming, Cisco can implement new services - even those not invented yet - on the Cisco QuantumFlow Processor with a simple software upgrade. Moreover, because of the unique multiprocessor, parallel processing architecture of the Cisco QuantumFlow Processor, new services are immediately hardware-accelerated without any special development effort. For the enterprise customer, this new architecture provides a faster "time to service" for new functions and a hardware investment that will retain its value over time.
Embedded Security: Ensuring Data Protection and Compliance
Enterprises are striving to accommodate a more mobile workforce by providing secure, global network access. In addition, more nonemployees, in the form of business partners, contractors, and customers, are gaining expanded access to the enterprise network. Although such developments encourage productivity and business growth, there is a natural concern about the effects of such openness on network security.
Here again, the Cisco ASR 1000 Series Router provides a comprehensive toolset to facilitate business flexibility without assuming additional risk.
The Cisco ASR 1000 Series Router features built-in, multilevel threat detection and containment through 5- and 10-Gbps scalable, highly available, embedded firewall services. You can further supplement firewall services by intrusion detection services. As noted, all services are hardware-accelerated, so the Cisco ASR 1000 Series Router can continue to provide high performance, even with multiple security services enabled.
The ability to classify application traffic at hardware speeds is the foundation of a well-designed security solution. As waves of new Web 2.0 applications come onto the network, the Cisco ASR 1000 Series Routers are prepared with advanced application intelligence. The widely deployed Cisco Network Based Application Recognition (NBAR) technology is built into the Cisco ASR 1000 Series Router and operates at hardware-enabled speeds. NBAR can classify dozens of the most common applications found in enterprise networks, and - as you introduce new applications - you can dynamically enhance the NBAR engine to recognize them through Protocol Description Language Modules (PDLMs).
For enterprise networks looking for even more fine-grained control over application data, the Cisco ASR 1000 Series Router also implements Cisco Flexible Packet Matching (FPM) technology.1 Cisco FPM allows the network administrator to identify and classify packets - even for emerging or in-house applications - by using a simple Extensible Markup Language (XML)-based language.
For remote access, the Cisco ASR 1000 Series Router contains an integrated multigigabit cryptography engine to support IP Security (IPsec) and Secure Sockets Layer (SSL) VPN encryption. In addition to standard remote-access solutions, such as Multiprotocol Label Switching (MPLS) VPN and IPsec VPN, the Cisco ASR 1000 Series Router also supports innovations such as Cisco Dynamic Multipoint VPN (DMVPN), which can vastly simplify the provisioning and deployment of large numbers of branch offices.
No security implementation would be complete without the capability to manage and monitor network flows. The Cisco ASR 1000 Series Router supports NetFlow Version 9, a Cisco innovation that has been adopted as the industry standard for application monitoring, network planning, security analysis, IP accounting, and traffic engineering. NetFlow boasts a large partner ecosystem, with most well-known systems management vendors providing the capability to capture and analyze NetFlow data.
If more detailed traffic analysis is needed, the Cisco ASR 1000 Series Router supports up to 1024 Encapsulated Remote Switch Port Analyzer (ERSPAN) sessions. ERSPAN allows traffic on a switch port to be replicated and tunneled to another location, to aid in advanced troubleshooting, security analysis, compliance verification, or archival purposes.
Cisco ASR 1000 Series Routers provide standards-based and certified security services, delivered at exceptional speed, and they facilitate a simplified, single-point solution for the management and monitoring of network security.
Performance and Scalability: Increased Capacity for Efficient Operations
The processing power of these routers is contained on the Cisco ASR 1000 Series Embedded Services Processor (ESP), which is the forwarding processor containing the Cisco QuantumFlow Processor, encryption engine, and other hardware assists. The routers offer powerful performance and scalability:2
• 10-Gbps throughput even with Firewall, NAT, QoS, generic routing encapsulation (GRE) and other services enabled
• High-speed logging of 40,000 sessions per second with NetFlow Version 9
• 20,000 sessions per second for Firewall or NAT
• 10,000 sessions per second for IPsec site-to-site or remote tunnels
• 60,000 IP Multicast groups
• Less than 100-microseconds latency for high-priority applications
• Up to 1,000,000 IPv4 routes and 250,000 IPv6 routes
• Up to 16,000 access control lists (ACLs)
Although raw numbers alone do not tell the whole story of the Cisco ASR 1000 Series Router, these figures represent a powerful price-to-performance ratio.
In terms of an investment decision, the performance numbers indicate that the Cisco ASR 1000 Series Router has substantial headroom to accommodate the future business needs of even the largest of enterprises.
High-Value Integrated Services: Application Intelligence for the WAN Edge
Much has already been said about many of the familiar integrated services available on the Cisco ASR 1000 Series Router, such as Firewall, NAT, QoS, and IPsec VPN. Because the Cisco ASR 1000 Series Router runs the Cisco IOS® XE Software, it also benefits from several innovative features available in this software.
The Cisco ASR 1000 Series Router contains an embedded Cisco Session Border Controller (SBC) to handle next-generation voice and multimedia. Supporting up to 32,000 simultaneous voice or multimedia sessions, the Cisco ASR 1000 Series Router can process up to 10 Gbps of multimedia data, even while concurrently providing customized accounting, firewall, and QoS services to these sessions. Additionally, the clean separation of control and forwarding planes helps ensure that the multimedia signaling and control processing remain separate from the actual media processing. Phone calls or video sessions are never lost or delayed because the system is too busy to handle the necessary signaling.
More importantly, because SBC functions are usually implemented in an external appliance, consolidating these functions into the Cisco ASR 1000 Series Router saves on power, rack space, and training costs, and allows for a consolidated location for monitoring and management.
Another important service delivered in Cisco IOS XE Software is Cisco Performance Routing .3 Using built-in tools such as NetFlow, NBAR, and Cisco IP SLAs, Cisco Performance Routing can monitor not only the availability of wide-area links, but their performance as well. If an application is not receiving its desired performance attributes, Cisco Performance Routing can reroute the application through an alternate path to achieve the proper performance. Using this technology, network designers can dynamically route around performance bottlenecks or service provider "brown-outs". Cisco Performance Routing can increase overall network availability and improve response time for critical applications, as well as improving your experience.
As the Cisco ASR 1000 Series Router becomes the central conduit for high-value, business-critical traffic, it is vital that it embody a best-of-class high-availability solution. The router was architected for this type of resiliency.
All forwarding on the Cisco ASR 1000 Series Router is handled directly in hardware by the Cisco QuantumFlow Processor and shared port adapters. The control-plane function is implemented by a separate route processor. This clean separation - both physical and logical - of the routing and forwarding planes helps ensure that the critical functions of the route processor are never affected during times of high traffic. Further, this setup leaves the route-processor CPU free to perform vital operations such as route convergence at the greatest possible speed.
Unplanned downtime resulting from a hardware or software service outage can also be mitigated. Using the field-proven Cisco Nonstop Forwarding with Stateful Switchover (NSF/SSO) technology, the Cisco ASR 1000 Series Router can respond to any software-related outage by providing fault containment and dynamic restartability with zero packet loss. Unique among routers in this class, the Cisco ASR 1000 Series Router can run dual copies of the Cisco IOS XE Software on a single route processor, switching to the recovery software image instantaneously upon detection of an outage. For larger enterprise customers, who want even further levels of resiliency, the Cisco ASR 1006 Router supports redundant hardware routing and forwarding processors, also capable of zero packet loss during a service outage.4
As more businesses move toward 24-hour operations, finding a maintenance window to perform software upgrades becomes increasingly challenging. In addition to unplanned downtime, the Cisco ASR 1000 Series Routers can also account for these incidents of planned downtime through their industry-leading In-Service Software Upgrade (ISSU) function. ISSU permits the complete upgrade of the operating system while the router is actively passing traffic. As with NSF/SSO, you can perform the upgrade operation in a hitless manner - with zero packet loss throughout the procedure. Thus, you can enable new features and functions while business operations remain uninterrupted.
As enterprises expand into a global market, network downtime - whether planned or unplanned - has become a business- and revenue-affecting event. The Cisco ASR 1000 Series Routers are architected with state-of-the-art resiliency to help ensure that mission-critical business functions are always available.
Cisco ASR 1000 Series Routers Quick Fact Sheet
Table 1 compares the Cisco ASR 1000 Series chassis and gives router specifications.
Table 1. Cisco ASR 1000 Series: Chassis Comparison and Product Specifications
Cisco ASR 1002
Cisco ASR 1004
Cisco ASR 1006
Chassis
Size: 2 rack units (2RU)
DC power (maximum): 590W
AC power (maximum): 560W
Scalable to 10 Gbps
Software failover
Size: 4RU
DC power (maximum): 1020W
AC power (maximum): 960W
Scalable to 40 Gbps
Software failover
Size: 6RU
DC power (maximum): 1700W
AC power (maximum): 1600W
Scalable to 40 Gbps
Hardware failover
Forwarding cards
One 5-Gbps Cisco ASR 1000 Series ESP (ESP5)
(part number ASR1000-ESP5) or one 10-Gbps Cisco ASR 1000 Series ESP (ESP10)
(part number ASR1000-ESP10)
4-8 millions of packets per second (Mpps)
5-Gbps forwarding
One Cisco ASR 1000 Series ESP10
(ASR1000-ESP10)
8 Mpps
10-Gbps forwarding
One or two Cisco ASR 1000 Series ESP10s
(ASR1000-ESP10)
1 + 1 redundancy
8 Mpps
10-Gbps forwarding
Route processor
Integrated
4-GB memory
One Cisco ASR 1000 Series Route Processor 1 (RP1)
(ASR1000-RP1)
2- or 4-GB memory
Optional 40-GB hard disk drive
One or two Cisco ASR 1000 Series RP1s
(ASR1000-RP1)
1 + 1 redundancy
2- or 4-GB memory
Optional 40-GB hard disk drive
Carrier card
Integrated: 3 SPA slots
Up to two Cisco ASR 1000 Series SPA Interface Processors (SIPs)
(ASR1000-SIP10)
8 SPA slots
Up to three Cisco ASR 1000 Series SIPs
(ASR1000-SIP10)
12 SPA slots
Software
Cisco IOS XE Software
Minimum Release: 2.1
Based on Cisco IOS Software Release 12.2SR
Cisco IOS XE Software
Minimum Release: 2.1
Based on Cisco IOS Software Release 12.2SR
Cisco IOS XE Software
Minimum Release: 2.1
Based on Cisco IOS Software Release 12.2SR
Cisco ASR 1000 Series Routers: An Investment in the Future, Available Now
The Cisco ASR 1000 Series Routers have been crafted to meet and exceed the most exacting standards that rapidly evolving enterprise business requirements can demand.
• Consolidation of services into a single, high-performance chassis, eliminating the need for multiple, single-function appliances: Savings in power budget, rack space, training, integration and testing costs, and lower total cost of ownership
• Massive forwarding power, even with multiple features enabled: Extremely low latency for delay-sensitive voice, video, real-time, and collaborative applications, without sacrificing security
• Software upgradable for new, hardware-accelerated services: Significant investment protection, longevity of deployment, and faster "time to service"
• Integrated high-speed security and encryption: Suitable for high-density aggregation of thousands of remote sites, while concurrently supporting mobile workforce, contractors, partners, and customers
• Industry-leading High Availability and resiliency: Supports 24-hour global operations and mitigates costly, business-affecting service outages
With such significant processing power on a single Cisco ASR 1000 Series ESP, plus the capability to enable new hardware-accelerated services with a straightforward software upgrade, the Cisco ASR 1000 Series Router is an investment not just for the short term, but for years to come.
1Cisco FPM will not be available at first customer shipment of the Cisco ASR 1000 Series Routers, but will be introduced in subsequent software releases. Although Cisco FPM operates at hardware speeds, a simple software upgrade is required to enable it.
2All performance figures are based on the Cisco ASR 1000 Series ESP with a 10-Gbps forwarding or services engine and a 3.5-Gbps encryption engine. You can also deploy the Cisco ASR 1002 Router with an entry-level 5-Gbps forwarding or services engine and a 1.5-Gbps encryption engine.
3Cisco Performance Routing will not be available at first customer shipment of the Cisco ASR 1000 Series Routers, but will be introduced in subsequent software releases. Although many portions of Cisco Performance Routing operate at hardware speeds, a simple software upgrade is required to enable it.
4Zero packet loss is based upon route-processor failure. For forwarding-processor failure, minimal packet loss may occur for packets in transit at the time of the failover.
