ponc asr9k update_v3_3-3-15

Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved.

Evolving the High-End Router Portfolio and Network

Craig Hill Distinguished SE [email protected] CCIE #1628

PONC – March 3-4, 2015

Greg Johnson Consulting SE [email protected] CCIE #10397

© 2013 Cisco and/or its affiliates. All rights reserved. 3 © 2013 Cisco and/or its affiliates. All rights reserved. 3

TDM Era

IP NGN Era

Evolved Programmable Network (EPN) Era

IP unleashes new wave of innovation and service revenues

Network Function Virtualization and Service orchestration optimizes

resource capacity accelerating innovation and new revenues

SDN enables open and dynamic reconfiguration at all layers

Intelligent Convergence of network and data center reduces costs and

complexity

Discontinuity #1: TDM rigidity limits new services

and efficiency, forces shift to network architecture

convergence

Discontinuity #2: Commoditization of IP services

plus high traffic growth limits profitability, forces architectural

convergence


Evolved Programmable Network Framework

Network APIs (REST) and Services Catalog

Resource Orchestration Multi-Layer Control, Service Chaining and Policy

Enforcement

Controllers, Collectors

Netconf / Yang Data Models

nLight IP+Optical

Virtualized Infrastructure Programming and Managing of

Virtual Resources

Physical Infrastructure Programming and Managing of

Physical Resources

Applications Unified Service Delivery

CRS ASR 9000 ASR 903 M-series

Virtual PE Virtualized IOS-XR VM Cisco nV

vGiLAN

VM

vFirewall

VM

vDPI

VM

vNAT

VM

vBNG

VM

vDDoS

VM

vSLB

VM

NCS 4000 NCS 6000

UCS

Intelligent, Ultra-Scalable Network Architecture


Choice

Control

Capacity

•  100GE Density Leadership •  400G IPoDWDM •  Cisco + Merchant Silicon •  High-Perf vRouter with Features •  100GE Line-rate Encryption

•  Data Model-based Config (Netconf/Yang) •  Service Orchestration (ESP, Tail-f, ODL, WAE) •  Open XR; Linux Kernel, 3rd-party App Hosting

•  Virtualized or Physical Routing •  CapEx or OpEx-based Consumption •  Term or Perm Software Licensing •  Traditional NMS or Controller-led Model

The 3C Strategy


CRS-3/CRS-X NCS2000/4000 Node

ASR9K with IPoDWDM card

•  Compatible optical technology from core to edge glues separated product families into unified 100GE solution

•  Common management via CTC and Prime

•  Unified XR CLI across platforms •  Economically reasonable option for

wide application range: metro, long haul, ultra long haul

One card fits all (same HW, license): - 2 x 200G DWDM (CFP2) or - 2 x 100G DWDM (CFP2) + 20 x 10G (SFP+) or - 1 x 100G + 1x200G DWDM (CFP2) + 10 x 10G (SFP+) Target FCS 2H 2015


•  400G bandwidth •  2xCFP2 based DWDM ports (50G, 100G, 200G)

•  BPSK, QPSK, 16 QAM modulation •  96 channels, ITU-T 50GHz spacing •  FlexSpectrum •  HD FEC, SD FEC (3000+ km w/o regen)

•  20x10GE SFPP ports (SR, LR, ZR, CWDM, DWDM)

© 2013 Cisco and/or its affiliates. All rights reserved. 11 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco NDA 11

ASR 9000 Series


ASR 9904

ASR 9001 / 9001-S

ASR 9006

ASR 9010

ASR 9912

High Density Service Edge and Core Flexible Service Edge Compact, Powerful, Small Access/Aggregation Routers

•  Scalable, ultra high density service routers

•  Ideal for large, high-growth sites

•  > 2Tbps/slot capability

•  Optimized for Service Edge •  High M-D scale •  Ideal for Medium to Large sites •  Up to 1Tbps/ slot capability

•  Small footprint •  Complete IOS-XR feature

capabilities •  Ideal for Distributed

environments •  Widely used for BNG and vRR

Fixed 240 Gbps

2 LC 8Tbps

8 LC 7 Tbps

10 LC 40 Tbps

20 LC 80 Tbps

4 LC 3.5 Tbps

ASR 9922

*Total Fabric BW MSE E-MSE Peering P/PE CE Mobility Broadband

One Platform, One OS, One Family

ASR-901/903 as Satellites

nV Satellites ASR 9000v


•  Decoupled, multi-stage switch fabric hardware •  Add bandwidth per slot easily & independently •  Increased serviceability & availability

•  Similar architecture to CRS

•  Up To 7 Switch Fabric Cards Per System

•  N+1 Fabric Redundancy (active-active)

Today 6+1 SFC1 = 770G/slot 6+0 SFC1 = 660G/Slot

With SF2

6+1 SFC2 = 1.6T/slot 6+0 SFC2 = 1.38 T/Slot

In-Service Upgrade

ASR 9912 ASR 9922

7 x SFC2

7 x SFC2


Fixed High Density Linecards Modular Ethernet Linecards

A9K-‐MOD80

A9K-‐MOD160

MPAs 20x1GE 2x10GE 4x10GE 8x10GE 1x40GE 2x40GE A9K-‐36x10GE

A9K-‐2x100GE A9K-‐24x10GE


•  Typhoon NPU based linecard with 40G capacity

•  Ideal replacement for Trident linecards and 7600 migrations

•  Fixed form-factor card with 40 1GE ports, 4x10GE+16x1GE follow on

•  Based on SFP optics

•  Powered by Typhoon NPU

•  Available in two scale variants: SE and TR

•  Supported in all ASR9k chassis except ASR9001

•  Provides up to 45% savings over the equivalent MOD80 configuration


•  High performance NPU •  Pioneering 28nm technology, Massive power efficiency •  Designed for demanding SP applications

Simplified 100G

New Pricing Models

Power Savings

ACI

Tomahawk ASIC

FleXR*

MACSec*

ESP / EPN Ready

•  Industry leading Edge densities •  Universal line card (100G, 40G, 10G) •  nV Satellite for 100G to 10G access

•  New SW based pricing model •  Align price to customer feature

usage and bandwidth / port growth

•  Flexible power savings mode to lower OpEx

•  Provides a “Green” solution

•  Designed for the ACI architecture for network wide application policies

•  Facilitates data center interconnect

•  Built-in Security •  Encryption solution for up to 800G

•  Cornerstone of new EPN architecture •  New programmable deployment

models (SDN, NfV, NetConf Yang)

•  Next-gen XR w/ 64-bit OS •  FleXR enables high scale profiles with up

to 10M routes per line card •  High availability

* MACSec and FleXR in 5.4 (July’15)


2015 Tomahawk

Class 800G

Tomahawk 28nm

240 Gbps

Tigershark 28nm

200 Gbps

SM15 28nm

1.20 Tbps

X86 6 Core 2 Ghz

2013 Typhoon

Class 360G

Typhoon 55nm

60 Gbps

Skytrain 65nm

60 Gbps

Sacramento 65nm

220 Gbps

PowerPC Quad Core

1.5 Ghz

Trident 90nm

15 Gbps

Octopus 130nm

60 Gbps

Santa Cruz 130nm

90 Gbps

PowerPC Dual Core 1.2 Ghz

2010 Trident Class 120G

• 240Gbps & 150Mpps • Ultra-fast 4Tbps on-chip mem. • Internal TCAM for ACL/QoS

High Performance

• 1M policers & 1M queues • 64k subscribers/NPU Rich QoS

• Cost per Bit and ultimately Service Delivery Cost Decreases as Density Increases

Economies of Scale

• Pioneer 28nm device • Massive Power Efficiency

Silicon Innovation

• Coupled with Silicon photonics technology for size, cost, and power optimization

• Flexible 10GE, 40GE, & 100GE

Optical Innovation


Customized Cutting Edge

Efficient Flexible

•  CPAK Delivers Anyport Technology: 10G, 40G or 100G on any Interface

•  LAN PHY, WAN PHY or OTN •  One-time qualification, common

sparing

•  Unprecedented Scale – 240Gbps in one ASIC!

•  Hardware Integration of CPU Intensive Protocols

•  High Availability Customized Silicon – Hitless FPD Upgrades

•  Embedded MACSec for Inline 100G linerate encryption

•  Power Down Unused Linecard Slices to Increase Efficiency

•  Lowest Watts per Gbps with CPAK and Optimized Silicon


Tomahawk 8x100GE CPAK Line Card

Tomahawk 4x100GE CPAK Line Card


Single CPAK Product ID à Three SW selectable Options

21

Configurable 100GE Interconnect Options for 100GE interfaces:

10GE Interconnect Options

40GE Interconnect Options

hw-module 0/x/cpu0 port z breakout TenGigE!

hw-module 0/x/cpu0 port z breakout FortyGigE!

DUPLEX SC TO LC /SC/ST SM

CPAK-100G-LR4

LGX Panel

MPO24 TO 10X DUPLEX LC/SC/ST MM

CPAK-100G-SR10

CPAK-10X10G-LR MPO24 TO 10X DUPLEX

LC /SC/ST SM

LGX Panel

LGX Panel

CPAK-2X40G-LR4 LC TO DUPLEX LC/

SC/ST SM

LGX Panel

Interface HunGigE 0/x/y/z !


•  Increased processing capability with 8 core processor

•  Increased memory capacity via EP 4 channel memory

•  Integrated security engine

•  Increased fabric link bandwidth with 15G per link capacity while keeping 7.5G & 3.125G backward compatibility

•  Increased punt path support up to 40G

•  Increased cluster/service front panel support with 4 SFP/SFP+ 1G/10G ports

•  Increased control plane bandwidth to support 10G from each Linecard to RSP while being backward compatible with 1G.

•  Higher scale as well as support for more standard Linux distributions

•  USB

•  2x Management ports on RJ-45

•  AUX, console on RJ-45 connectors

•  LED’s

•  2x BITS ports on RJ-45

•  100Mbps, 1588 port – RJ-45


ASR 9000 VSM

•  Data Center Compute: 4 x Intel 8-core x86 CPU •  2 Typhoon NPU for hardware network processing •  120 Gbps of Raw processing throughput •  Crypto Support

•  40 Gbps of hardware assisted Crypto throughput

•  8k Tunnels •  Virtualization Hypervisor •  Services Chaining •  SDN SDK for 3rd Party Apps (OnePK)

OS / Hypervisor

VMM

VM-4

WSG

VM-1

IPSec VPATH

VM-3

3rd Party VPATH

VM-2

CGN VPATH


ASR 9000

External Service Appliance

Flexible Ordering of Services

Residential Customer Group A

Residential Customer Group B

Business Internet

Business VPN “Corp X”

VSM Services

IPSec Analytics

CGN

DPI

Security

DPI Virus/Malware Scan

CGN

Firewall

Firewall

CGN DDOS Protection Firewall

IPSec Virus/Malware Scan SBC

Easy to Deploy True MultiService

Virus / Malware Scan

CDN SBC


Leveraging MACsec for Line-rate Encryption over Optical

•  Ethernet is growing rapidly as a WAN & Metro “transport” service •  Ethernet services apply to many areas of the WAN/MAN:

WAN links for core/edge/remote branch PE-CE links (leveraging L3 VPN services), Metro-E service hand-offs (P2P, P2MP)

•  IPSec cannot meet encryption performance requirements of all applications

•  MACSec target line-rate encryption solutions (1Gb - 100Gb+) for the WAN

•  Design goals target NIAP and future CSFC requirements

•  MACsec Extended Package is being worked on by NIAP (targeting completion next few months.

•  Optical Encryption - currently no EP from NIAP, however if customers require High Speed Line-Rate Encryption (Optical+MACSec) please have them email [email protected] and ask for a Tailored COTS solution


What is WAN MACsec? •  Offer line-rate MACsec capabilities on routers interfaces for 1/10/40G and

100Gbps •  Ability to support 802.1Q tags in clear

Offset 802.1Q tags in clear before encryption (2 tags is optional) or 30B?

•  AES-256 (AES/GCM) support Target Next Generation Encryption (NGE) profile that currently leverages Suite B

•  Enhance MKA key framework (defined in 802.1X-2010) within Cisco security development (Cisco “NGE”) Leverage NSA Suite B algorithm set in target compliance with CSFC

•  System Interoperability Create a common MACsec integration among all MACsec platforms in Cisco

•  Vital Network Features to Interoperate over Public Carrier Ethernet Providers

802.1Q tag in the clear Ability to configure MKA EAPoL Destination Address type, Anti-replay window sizes


Usecase #2: Link MACSEC over LAG members

MACSEC Links

MACSEC on LAG

Member link Inheritance CE CE PE PE P

Usecase #1: Link MACSEC in MPLS/IP Topology

MACSEC Links

ASR9k

CE CE

Usecase #3 CE Port Mode MACSEC over L2VPN

MKA

L2VPN CE/WAN

MACSEC Links

port mode

port mode

ASR9k ASR9k

CE CE

Usecase #4 VLAN Clear Tags MACSEC over L2VPN

MKA

L2VPN CE/WAN

MACSEC Links

vlan clear-tags

vlan clear-tags

ASR9k ASR9k


•  MACSEC Security Standards Compliant with:

IEEE 802.1EA-2006

IEEE 802.1AEbn- 2011 (256-bit key)

IEEE 802.1AEbw-2013 (extended packet numbering)

•  Security Suites Supported: AES-GCM-128, 128-bit key (32 bits)

AES-GCM-256, 256-bit key (32 bits)

AES-GCM-XPN-128, provides extended packet number counter (64 bits)

AES-GCM-XPN-256, provides extended packet number counter (64 bits)

•  Unique Security Attributes Per Security Association (SA):

10G port = 32 SA

40G port = 128 SA

100G port = 256 SA

•  Per Slice Port Combination Supported (CPAK)

2x100G, 20x10G, 4x40G, 1x100G + 10x10G, 2x40G + 10x10G, 2x40G + 1x100G

•  All Tomahawk LC variations support MACSEC

8x100G, 4x100G, MOD-400, MOD-200


•  100G/200G IP over DWDM

•  Dynamic DDoD Mitigation Solutions

•  BGP FlowSpec

•  VXLAN L2 and L3 Gateway Functions

•  EVPN integration with VXLAN for DCI

•  Introduction of Segment Routing

•  Leveraging WAN SDN through the use of the WAN Automation Engine (WAE)

•  Netconf/Yang programmability

•  IPSec, Carrier Grade NAT, 3rd party application support on VSM

Thank you.

ponc asr9k update_v3_3-3-15

Technology

cisco andor

cisco confidential

g bpsk

g 1x200g dwdm cfp2

g bandwidth 2xcfp2

scalable network architecture

g sfp target fcs

dwdm ports