Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved.
Evolving the High-End Router Portfolio and Network
Craig Hill Distinguished SE [email protected] CCIE #1628
PONC – March 3-4, 2015
Greg Johnson Consulting SE [email protected] CCIE #10397
© 2013 Cisco and/or its affiliates. All rights reserved. 3 © 2013 Cisco and/or its affiliates. All rights reserved. 3
TDM Era
IP NGN Era
Evolved Programmable Network (EPN) Era
IP unleashes new wave of innovation and service revenues
Network Function Virtualization and Service orchestration optimizes
resource capacity accelerating innovation and new revenues
SDN enables open and dynamic reconfiguration at all layers
Intelligent Convergence of network and data center reduces costs and
complexity
Discontinuity #1: TDM rigidity limits new services
and efficiency, forces shift to network architecture
convergence
Discontinuity #2: Commoditization of IP services
plus high traffic growth limits profitability, forces architectural
convergence
© 2013 Cisco and/or its affiliates. All rights reserved. 5 © 2013 Cisco and/or its affiliates. All rights reserved. 5
Evolved Programmable Network Framework
Network APIs (REST) and Services Catalog
Resource Orchestration Multi-Layer Control, Service Chaining and Policy
Enforcement
Controllers, Collectors
Netconf / Yang Data Models
nLight IP+Optical
Virtualized Infrastructure Programming and Managing of
Virtual Resources
Physical Infrastructure Programming and Managing of
Physical Resources
Applications Unified Service Delivery
CRS ASR 9000 ASR 903 M-series
Virtual PE Virtualized IOS-XR VM Cisco nV
vGiLAN
VM
vFirewall
VM
vDPI
VM
vNAT
VM
vBNG
VM
vDDoS
VM
vSLB
VM
NCS 4000 NCS 6000
UCS
Intelligent, Ultra-Scalable Network Architecture
© 2013 Cisco and/or its affiliates. All rights reserved. 6 © 2013 Cisco and/or its affiliates. All rights reserved. 6
Choice
Control
Capacity
• 100GE Density Leadership • 400G IPoDWDM • Cisco + Merchant Silicon • High-Perf vRouter with Features • 100GE Line-rate Encryption
• Data Model-based Config (Netconf/Yang) • Service Orchestration (ESP, Tail-f, ODL, WAE) • Open XR; Linux Kernel, 3rd-party App Hosting
• Virtualized or Physical Routing • CapEx or OpEx-based Consumption • Term or Perm Software Licensing • Traditional NMS or Controller-led Model
The 3C Strategy
© 2013 Cisco and/or its affiliates. All rights reserved. 9 © 2013 Cisco and/or its affiliates. All rights reserved. 9
CRS-3/CRS-X NCS2000/4000 Node
ASR9K with IPoDWDM card
• Compatible optical technology from core to edge glues separated product families into unified 100GE solution
• Common management via CTC and Prime
• Unified XR CLI across platforms • Economically reasonable option for
wide application range: metro, long haul, ultra long haul
One card fits all (same HW, license): - 2 x 200G DWDM (CFP2) or - 2 x 100G DWDM (CFP2) + 20 x 10G (SFP+) or - 1 x 100G + 1x200G DWDM (CFP2) + 10 x 10G (SFP+) Target FCS 2H 2015
© 2013 Cisco and/or its affiliates. All rights reserved. 10 © 2013 Cisco and/or its affiliates. All rights reserved. 10
• 400G bandwidth • 2xCFP2 based DWDM ports (50G, 100G, 200G)
• BPSK, QPSK, 16 QAM modulation • 96 channels, ITU-T 50GHz spacing • FlexSpectrum • HD FEC, SD FEC (3000+ km w/o regen)
• 20x10GE SFPP ports (SR, LR, ZR, CWDM, DWDM)
© 2013 Cisco and/or its affiliates. All rights reserved. 11 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco NDA 11
ASR 9000 Series
© 2013 Cisco and/or its affiliates. All rights reserved. 12 © 2013 Cisco and/or its affiliates. All rights reserved. 12
ASR 9904
ASR 9001 / 9001-S
ASR 9006
ASR 9010
ASR 9912
High Density Service Edge and Core Flexible Service Edge Compact, Powerful, Small Access/Aggregation Routers
• Scalable, ultra high density service routers
• Ideal for large, high-growth sites
• > 2Tbps/slot capability
• Optimized for Service Edge • High M-D scale • Ideal for Medium to Large sites • Up to 1Tbps/ slot capability
• Small footprint • Complete IOS-XR feature
capabilities • Ideal for Distributed
environments • Widely used for BNG and vRR
Fixed 240 Gbps
2 LC 8Tbps
8 LC 7 Tbps
10 LC 40 Tbps
20 LC 80 Tbps
4 LC 3.5 Tbps
ASR 9922
*Total Fabric BW MSE E-MSE Peering P/PE CE Mobility Broadband
One Platform, One OS, One Family
ASR-901/903 as Satellites
nV Satellites ASR 9000v
© 2013 Cisco and/or its affiliates. All rights reserved. 13 © 2013 Cisco and/or its affiliates. All rights reserved. 13
• Decoupled, multi-stage switch fabric hardware • Add bandwidth per slot easily & independently • Increased serviceability & availability
• Similar architecture to CRS
• Up To 7 Switch Fabric Cards Per System
• N+1 Fabric Redundancy (active-active)
Today 6+1 SFC1 = 770G/slot 6+0 SFC1 = 660G/Slot
With SF2
6+1 SFC2 = 1.6T/slot 6+0 SFC2 = 1.38 T/Slot
In-Service Upgrade
ASR 9912 ASR 9922
7 x SFC2
7 x SFC2
© 2013 Cisco and/or its affiliates. All rights reserved. 14 © 2013 Cisco and/or its affiliates. All rights reserved. 14
Fixed High Density Linecards Modular Ethernet Linecards
A9K-‐MOD80
A9K-‐MOD160
MPAs 20x1GE 2x10GE 4x10GE 8x10GE 1x40GE 2x40GE A9K-‐36x10GE
A9K-‐2x100GE A9K-‐24x10GE
© 2013 Cisco and/or its affiliates. All rights reserved. 15 © 2013 Cisco and/or its affiliates. All rights reserved. 15
• Typhoon NPU based linecard with 40G capacity
• Ideal replacement for Trident linecards and 7600 migrations
• Fixed form-factor card with 40 1GE ports, 4x10GE+16x1GE follow on
• Based on SFP optics
• Powered by Typhoon NPU
• Available in two scale variants: SE and TR
• Supported in all ASR9k chassis except ASR9001
• Provides up to 45% savings over the equivalent MOD80 configuration
© 2013 Cisco and/or its affiliates. All rights reserved. 16 © 2013 Cisco and/or its affiliates. All rights reserved. 16
• High performance NPU • Pioneering 28nm technology, Massive power efficiency • Designed for demanding SP applications
Simplified 100G
New Pricing Models
Power Savings
ACI
Tomahawk ASIC
FleXR*
MACSec*
ESP / EPN Ready
• Industry leading Edge densities • Universal line card (100G, 40G, 10G) • nV Satellite for 100G to 10G access
• New SW based pricing model • Align price to customer feature
usage and bandwidth / port growth
• Flexible power savings mode to lower OpEx
• Provides a “Green” solution
• Designed for the ACI architecture for network wide application policies
• Facilitates data center interconnect
• Built-in Security • Encryption solution for up to 800G
• Cornerstone of new EPN architecture • New programmable deployment
models (SDN, NfV, NetConf Yang)
• Next-gen XR w/ 64-bit OS • FleXR enables high scale profiles with up
to 10M routes per line card • High availability
* MACSec and FleXR in 5.4 (July’15)
© 2013 Cisco and/or its affiliates. All rights reserved. 17 © 2013 Cisco and/or its affiliates. All rights reserved. 17
2015 Tomahawk
Class 800G
Tomahawk 28nm
240 Gbps
Tigershark 28nm
200 Gbps
SM15 28nm
1.20 Tbps
X86 6 Core 2 Ghz
2013 Typhoon
Class 360G
Typhoon 55nm
60 Gbps
Skytrain 65nm
60 Gbps
Sacramento 65nm
220 Gbps
PowerPC Quad Core
1.5 Ghz
Trident 90nm
15 Gbps
Octopus 130nm
60 Gbps
Santa Cruz 130nm
90 Gbps
PowerPC Dual Core 1.2 Ghz
2010 Trident Class 120G
• 240Gbps & 150Mpps • Ultra-fast 4Tbps on-chip mem. • Internal TCAM for ACL/QoS
High Performance
• 1M policers & 1M queues • 64k subscribers/NPU Rich QoS
• Cost per Bit and ultimately Service Delivery Cost Decreases as Density Increases
Economies of Scale
• Pioneer 28nm device • Massive Power Efficiency
Silicon Innovation
• Coupled with Silicon photonics technology for size, cost, and power optimization
• Flexible 10GE, 40GE, & 100GE
Optical Innovation
© 2013 Cisco and/or its affiliates. All rights reserved. 18 © 2013 Cisco and/or its affiliates. All rights reserved. 18
Customized Cutting Edge
Efficient Flexible
• CPAK Delivers Anyport Technology: 10G, 40G or 100G on any Interface
• LAN PHY, WAN PHY or OTN • One-time qualification, common
sparing
• Unprecedented Scale – 240Gbps in one ASIC!
• Hardware Integration of CPU Intensive Protocols
• High Availability Customized Silicon – Hitless FPD Upgrades
• Embedded MACSec for Inline 100G linerate encryption
• Power Down Unused Linecard Slices to Increase Efficiency
• Lowest Watts per Gbps with CPAK and Optimized Silicon
© 2013 Cisco and/or its affiliates. All rights reserved. 19 © 2013 Cisco and/or its affiliates. All rights reserved. 19
Tomahawk 8x100GE CPAK Line Card
Tomahawk 4x100GE CPAK Line Card
© 2013 Cisco and/or its affiliates. All rights reserved. 21 © 2013 Cisco and/or its affiliates. All rights reserved. 21
Single CPAK Product ID à Three SW selectable Options
21
Configurable 100GE Interconnect Options for 100GE interfaces:
10GE Interconnect Options
40GE Interconnect Options
hw-module 0/x/cpu0 port z breakout TenGigE!
hw-module 0/x/cpu0 port z breakout FortyGigE!
DUPLEX SC TO LC /SC/ST SM
CPAK-100G-LR4
LGX Panel
MPO24 TO 10X DUPLEX LC/SC/ST MM
CPAK-100G-SR10
CPAK-10X10G-LR MPO24 TO 10X DUPLEX
LC /SC/ST SM
LGX Panel
LGX Panel
CPAK-2X40G-LR4 LC TO DUPLEX LC/
SC/ST SM
LGX Panel
Interface HunGigE 0/x/y/z !
© 2013 Cisco and/or its affiliates. All rights reserved. 22 © 2013 Cisco and/or its affiliates. All rights reserved. 22
• Increased processing capability with 8 core processor
• Increased memory capacity via EP 4 channel memory
• Integrated security engine
• Increased fabric link bandwidth with 15G per link capacity while keeping 7.5G & 3.125G backward compatibility
• Increased punt path support up to 40G
• Increased cluster/service front panel support with 4 SFP/SFP+ 1G/10G ports
• Increased control plane bandwidth to support 10G from each Linecard to RSP while being backward compatible with 1G.
• Higher scale as well as support for more standard Linux distributions
• USB
• 2x Management ports on RJ-45
• AUX, console on RJ-45 connectors
• LED’s
• 2x BITS ports on RJ-45
• 100Mbps, 1588 port – RJ-45
© 2013 Cisco and/or its affiliates. All rights reserved. 23 © 2013 Cisco and/or its affiliates. All rights reserved. 23
ASR 9000 VSM
• Data Center Compute: 4 x Intel 8-core x86 CPU • 2 Typhoon NPU for hardware network processing • 120 Gbps of Raw processing throughput • Crypto Support
• 40 Gbps of hardware assisted Crypto throughput
• 8k Tunnels • Virtualization Hypervisor • Services Chaining • SDN SDK for 3rd Party Apps (OnePK)
OS / Hypervisor
VMM
VM-4
WSG
VM-1
IPSec VPATH
VM-3
3rd Party VPATH
VM-2
CGN VPATH
© 2013 Cisco and/or its affiliates. All rights reserved. 24 © 2013 Cisco and/or its affiliates. All rights reserved. 24
ASR 9000
External Service Appliance
Flexible Ordering of Services
Residential Customer Group A
Residential Customer Group B
Business Internet
Business VPN “Corp X”
VSM Services
IPSec Analytics
CGN
DPI
Security
DPI Virus/Malware Scan
CGN
Firewall
Firewall
CGN DDOS Protection Firewall
IPSec Virus/Malware Scan SBC
Easy to Deploy True MultiService
Virus / Malware Scan
CDN SBC
© 2013 Cisco and/or its affiliates. All rights reserved. 26 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco NDA 26
High-Speed Encryption on the ASR 9000
© 2013 Cisco and/or its affiliates. All rights reserved. 27 © 2013 Cisco and/or its affiliates. All rights reserved. 27
Leveraging MACsec for Line-rate Encryption over Optical
• Ethernet is growing rapidly as a WAN & Metro “transport” service • Ethernet services apply to many areas of the WAN/MAN:
WAN links for core/edge/remote branch PE-CE links (leveraging L3 VPN services), Metro-E service hand-offs (P2P, P2MP)
• IPSec cannot meet encryption performance requirements of all applications
• MACSec target line-rate encryption solutions (1Gb - 100Gb+) for the WAN
• Design goals target NIAP and future CSFC requirements
• MACsec Extended Package is being worked on by NIAP (targeting completion next few months.
• Optical Encryption - currently no EP from NIAP, however if customers require High Speed Line-Rate Encryption (Optical+MACSec) please have them email [email protected] and ask for a Tailored COTS solution
© 2013 Cisco and/or its affiliates. All rights reserved. 29 © 2013 Cisco and/or its affiliates. All rights reserved. 29
What is WAN MACsec? • Offer line-rate MACsec capabilities on routers interfaces for 1/10/40G and
100Gbps • Ability to support 802.1Q tags in clear
Offset 802.1Q tags in clear before encryption (2 tags is optional) or 30B?
• AES-256 (AES/GCM) support Target Next Generation Encryption (NGE) profile that currently leverages Suite B
• Enhance MKA key framework (defined in 802.1X-2010) within Cisco security development (Cisco “NGE”) Leverage NSA Suite B algorithm set in target compliance with CSFC
• System Interoperability Create a common MACsec integration among all MACsec platforms in Cisco
• Vital Network Features to Interoperate over Public Carrier Ethernet Providers
802.1Q tag in the clear Ability to configure MKA EAPoL Destination Address type, Anti-replay window sizes
© 2013 Cisco and/or its affiliates. All rights reserved. 30 © 2013 Cisco and/or its affiliates. All rights reserved. 30
Usecase #2: Link MACSEC over LAG members
MACSEC Links
MACSEC on LAG
Member link Inheritance CE CE PE PE P
Usecase #1: Link MACSEC in MPLS/IP Topology
MACSEC Links
ASR9k
CE CE
Usecase #3 CE Port Mode MACSEC over L2VPN
MKA
L2VPN CE/WAN
MACSEC Links
port mode
port mode
ASR9k ASR9k
CE CE
Usecase #4 VLAN Clear Tags MACSEC over L2VPN
MKA
L2VPN CE/WAN
MACSEC Links
vlan clear-tags
vlan clear-tags
ASR9k ASR9k
© 2013 Cisco and/or its affiliates. All rights reserved. 31 © 2013 Cisco and/or its affiliates. All rights reserved. 31
• MACSEC Security Standards Compliant with:
IEEE 802.1EA-2006
IEEE 802.1AEbn- 2011 (256-bit key)
IEEE 802.1AEbw-2013 (extended packet numbering)
• Security Suites Supported: AES-GCM-128, 128-bit key (32 bits)
AES-GCM-256, 256-bit key (32 bits)
AES-GCM-XPN-128, provides extended packet number counter (64 bits)
AES-GCM-XPN-256, provides extended packet number counter (64 bits)
• Unique Security Attributes Per Security Association (SA):
10G port = 32 SA
40G port = 128 SA
100G port = 256 SA
• Per Slice Port Combination Supported (CPAK)
2x100G, 20x10G, 4x40G, 1x100G + 10x10G, 2x40G + 10x10G, 2x40G + 1x100G
• All Tomahawk LC variations support MACSEC
8x100G, 4x100G, MOD-400, MOD-200
© 2013 Cisco and/or its affiliates. All rights reserved. 32 © 2013 Cisco and/or its affiliates. All rights reserved. 32
• 100G/200G IP over DWDM
• Dynamic DDoD Mitigation Solutions
• BGP FlowSpec
• VXLAN L2 and L3 Gateway Functions
• EVPN integration with VXLAN for DCI
• Introduction of Segment Routing
• Leveraging WAN SDN through the use of the WAN Automation Engine (WAE)
• Netconf/Yang programmability
• IPSec, Carrier Grade NAT, 3rd party application support on VSM
Top Related