Cisco Integrated Services Routers

Session Number

Cisco Integrated Services Routers

Platform Technical Breakout

Architectural & Services Review

Vienna, October 19, 2004

Agenda

•

Architectural Innovations of ISR

•

Review of ISR Platforms

•

Applications and Services

NEW Architecture

Core/Memory

Non- Blocking PCI transfers-Module to module communication 1G DDR ECC/256 CF NEW DRAM/Flash Custom ASIC

Current

NEW

NEW Architecture

WICs/Network Modules

Internal in-Line Power (up to 360W) WICs(8Mb/s) NM (400Mbps) Current Up to 4 HWICs-400Mb/s NME (1.0 Gbps) NEW NMs WICs

Current

NEW

New Interfaces:

HWIC Slot vs. WIC Slot

3W or 5W 3W

Operating Power

Yes, including 802.3af No

POE

(Inline Power Support)

Single-wide or Double-wide format available

Single-Wide Only Density

HWICs, WICs, VWICs, VICs WICs, VWICs** Flexibility Up to 400Mbps Dedicated*** Up to 8Mbps Shared* Performance per Interface Slot

HWIC Slot WIC Slot

*Note: In WICs the 8Mbps was the maximum available across all available WIC slots, with HWICs there is no such limitation

**Note: VICs are also supported on 1751 / 1760 in WIC/VIC slots ***400Mbps Full Duplex

New Interface:

NME Slot vs NM Slot

Single Wide: 40W Extra Double Wide: 50W Single Wide: 15-25W Double Wide: 40W Power Yes* No Ability to use GE interconnect

Yes, including 802.3af Yes

(note: not 802.3af compliant)

POE

(Inline Power Support)

Single, Double-wide, Extended Single and Extended

Double-wide formats available Single or Double-Wide Only Density NMs, NMEs, EVMs* NMs Flexibility Up to 1.0 Gbps Up to 400Mbps Performance NME Slot NM Slot

NEW Architecture

AIMs/USB/LAN Interfaces

2 USB ports per chassis N/A USB GE SFP HWIC Option 1-2 AIMs Single/Dual FE Current 1-2 AIMs –Higher speed Dual FE/GE NEW SLOTS/Interface AIMs

Current

NEW

NEW Architecture

Security

Current

NEW

NEW Architecture

Voice

Current

DSPs shared between modules

HWICs support VICs

NEW

Voice

Cisco 3825 and 3845 Routers

Flagship for Concurrent Services In Enterprise Branch Offices

• Highest-Density, Maximum Performance Services Integration

Highest performance for maximum concurrent services at up to T3/E3 rates

Integrated GE ports with copper/fiber support

• Maximum Modularity and Investment Protection

Up to 4 NME, DSP slots to run unprecedented number of services concurrently

Supports existing NM, WIC/VIC/VWIC, AIMs

• Superior Availability

Hot swappable network modules Integrated redundant power supply

Field replaceable motherboard, fan trays and power supplies 256MB / 1G 256MB / 1G Default/Max. Memory Yes N/A

Dual Internal Power Supplies 4 4 Onboard DSP Slots 4 2 NME Slots 3845 3825 GE GE SFPSFP HWIC

HWIC HWICHWIC HWICHWIC HWICHWIC

NME

NME NMENME NME

NME NMENME

USB

USB

USB

Cisco 2801, 2811, 2821, 2851 Routers

Performance and Density for Small to Medium Enterprise Branch Offices

• Mid/High-Density, High Performance Services

High-performance concurrent security, voice and advanced services to

multiple T1/E1 WAN rates

Integrated FE or GE ports with copper support

Integrated L2 switching with PoE

• Enhanced Modularity and Investment Protection

Flexible expansion (HWIC NME, EVM), additional concurrent services

Existing NM, WIC/VIC/VWIC, AIM support

• Scalability and Availability

Built-in connector with external RPS (except 2801) 256MB / 1G 256MB / 1G 256MB / 760MB 128MB/ 384MB Default/Max. Memory 2RU 2RU 1RU 1RU Form Factor 2 GE 3 1/1 2821 2 FE 2 1/0 2811 2 GE 2 FE Onboard LAN 3 2 Onboard DSP Slots 1/1 0/0

NME / EVM Slot

2851 2801

NME

NME

HWIC

HWIC HWICHWIC HWIC

HWIC HWICHWIC

EVM

EVM USBUSB

USB

USB

GE

GE GEGE

HWIC

HWIC VWICVWIC

FE

FE

FE

FE HWICHWIC VWICVWIC

USB

Cisco 1841 Router

Secure, Concurrent Services for SMB and Small Branch Offices

•

Entry Services and Performance

Integration

Integrated FE Ports

Optional modular layer 2 switching

•

AIM, HWIC, and VWIC Modularity

Wide range of connectivity options Supports existing WIC/VIC/VWIC interfaces; investment protection

•

Flexibility and Availability

Flexible and adaptable services deployment; entry-level availability features 128MB / 384MB Default/Max. Memory Desk Form Factor 1 AIM Slots N/A Onboard DSP Slots 2 HWIC Slots 1841 FE FE FE

FE _{HWICHWIC HWICHWIC}

USB

What Are Concurrent Services?

Security Services -

IPSec VPN, Firewall, IPS, NAC

Routing Services –

QOS, Control Plane Policing,

Routing Protocols, ACLs

Voice & IPC Services -

H.323/MGCP Gateway,

Call Manager Express, SRST, CUE

Additional Services –

Content Networking, URL

Filtering, Network Analysis, Switching

Platform Positioning With Services Enabled for IMIX traffic

Positioning with Services

Enabled

(IMIX traffic)

Platform

4 and 9 Port Etherswitch HWIC

•

Low density L2 switching

•

Standards based POE (802.3af) support for IP phones,

wireless access points and any 802.3af devices

– delivers 48V DC Power over a standard copper Ethernet cable

– Requires AC-IP system power supply

•

Supports 802.1Q and 802.1P up to 15 VLANs

•

Ports based authentication and access control by 802.1x

•

Auto MDIX to automatically detect cable type

•

Can stack with 16 and 36 ports Etherswitch NM

New

IP Phone Power Support and Etherswitch Stacking

IP Phone Power

• AC or AC+IP power options

• Supports Cisco and .af Standards

• Chassis SKUs With/Without

• Up to 15W per switch port

52 44 24 24 16 6 Max. num switch ports 240 HWIC HWIC/NM 2821 360 HWIC HWIC/NM 2851 360 HWIC HWIC/NM 3825 HWIC/NM HWIC n/a CIP Support Power (W) 802.af Support 160 HWIC 2811 120 HWIC 2801 n/a n/a 1841 Chassis Etherswitch Density • Up to 2 Etherswitches of any form factor per

platform

• Need to be stacked

through external cable for VLAN database

Gigabit Ethernet HWIC

• Offers Optical and Copper connectivity without NM occupancy

• Support in 2811, 2821, 2851 & 3800

• Supports SX, LX/LH, ZX, CWDM and Copper Cisco SFPs for different distance, cost, existing infrastructure and future expansion requirements

• Gigabit EtherChannel for layer 3 link redundancy

• Jumbo frame up to 9576 bytes

Hot insertion and removal of SFP for field replacement

• 1 supported on 2800 and up to 2 on 3800

Small Form Factor Pluggable (SFP) GE Transceiver

Hi-Speed WAN Interface Card (HWIC)

New

CEoIP Network Module

Leased Line Network Headquarter Legacy CPE Branch Office Legacy CPE Packet Network

Circuit Emulation = imitation of a physical communication link

CEoIP imitates a physical communication link across an IP network Allows the transport of any type of communication over IP

Ideal for TDM or Leased Line replacement and legacy network consolidation

Two versions available: NM-CEM-4TE1

4 T1/E1 ports NM-CEM-4SER

4 serial ports

Supports X.21, V.35, RS232/449/530/530A

Ingress data accepted with no expectation of packet structure, cell format, etc.

Data bits encapsulated into IP packets and routed to a similar port elsewhere in the network.

This is a bit-transparent service. Data bits are not examined, interpreted, or

Solution: EtherSwitch

and IOS Transparent Firewall

Router-Integrated Services

LAN Switching with Transparent Firewall

Providing LAN segmentation with security

in multiple branch sites can be costly and

time consuming to deploy

WAN

Branch Office

Cisco Integrated

Services Router _QuartersHead

NM-ESW

16 and 36 ports of 10/100 Ethernet

HWIC-ESW

4 and 9 port

Hi-Speed WAN Interface Card

Wireless data base How do you allow only

some devices in?

• VLAN and transparent IOS FW enables segmented networks with secure access control

• Simplify subnets, no changing IP addresses on a device by device basis

• Configure the router and integrated switch without visiting the remote site

Web applications, intranet portals, and business video consume expensive wide-area-network (WAN) bandwidth As companies extend Web applications and Internet

access to employees, they need to manage what the Internet is used for and potential threats from

“un-trusted” sites/content

Router-Integrated Services

Application & Content Networking (NM-CE)

Solution: Cisco ACNS

• Web application acceleration:

Siebel, SAP, intranet portals, file/software distribution

• Business video:

Pre-load rich media; deliver RN, WMT, QT, MPEG, ASF, PDF, etc.

• Web content security:

Internet and application access control and use policy enforcement

URL filtering with Internet traffic

logging and reporting Branch Users

Internet

Cisco Integrated Services Router (IOS IPS option) NM-CE

• Radio-over-IP Transport

IP transport eliminates leased-line or repeater costs for remote dispatch (e.g., Herndon to Raleigh, NC)

• Radio Interoperability with

Phones, PCs, …

Phone/PC users can listen & talk with radio users across IP network– no longer a closed user-group.

Dispatchers can create user groups & interoperability in real time.

(e.g., Mayor listens to police radio on mobile phone in an emergency)

• Interoperability between different

Radio Systems

Allows communication between multiple radio systems or agencies with push-to-talk conferencing (e.g., police, fire, medical, corporate security)

Router-Integrated Services

Land Mobile Radio over IP Services (LMR)

LMR GW LMR GW Site 1 Radio System Dispatcher Site 2 Radio System PC Client with PTT IP Phone with PTT application PSTN IVR & Conferencing Servers Dispatch App Mgmt / Admin PSTN Land Mobile Radio Handsets (push-to-talk) IP

New

IOS Software Architecture in 12.3

IOS Software Architecture in 12.3

Simplified Image Selection

Simplified Image Selection

• Simplifies feature set options (from 44

to 8)

• “Advanced Security” replaces:

IP/FW/IDS IP FW

IP Plus IPSec IP/FW/IDS/IPSec

• SSH are now in 6 of the 8 feature sets

• As you step up, all features below are

inherited

• Additionally, 3 specialized feature sets

Advanced Enterprise Services with SNA switching

Integrated Voice/Video gateway, IP/IP gateway

Integrated Voice/Video gateway with AES IP Voice Advanced Security Advanced IP Services Enterprise Base Enterprise Services SP Services

Advanced Enterprise Services

NAC NAC NAC SSH SSH SSH SSH SSH SSH

•

Reduces downtime for

planned upgrades for single

RP platforms

•

Builds upon Warm Reload

•

The new image does not

have to support Warm

Upgrade

Warm Upgrade process

• Normal Reloading without Cisco IOS Warm Upgrade

Router loses packet forwarding for about 3.5 minutes

• With Cisco IOS Warm Upgrade Router loses packet forwarding for about 30 seconds

System Level Resiliency:

Warm Upgrade

Extending High Availability

PE PE PE PE IP IP IP IP Netflow Servers Servers IP or MPLS IP or MPLS Netflow Netflow Egress Manageability

Netflow Enhancement

• Extends Netflow tracking to flows exiting a Cisco IOS device

• Enables tracking of flows after features (ie: QoS, NAT) have made changes to the IP packet

NetFlow MIB with Top Talkers

• Provides critical information about Top N talkers and top conversations (NetFlow cache)

• Retrieves NetFlow information when traditional UDP export is impractical

• Users can configure and modify NetFlow using an SNMP interface

New SNMP MIB

Interface With

Traffic Monitoring

Network Analysis (NM-NAM, NAM Application Software 3.2)

NM-NAM

•

Quick to deploy and easy to use

with embedded web based Traffic

Analyzer GUI

•

Analyzes traffic flows for

applications, hosts, conversations,

and IP-based services such as QoS

and VoIP

•

Collects NetFlow Data Export to

provide broad application-level

visibility

•

Tracks response times using the

ART MIB to isolate application

performance problems related to

the network or to the server

Cisco Router and Security Device Manager

Cisco Router and Security Device Manager

(SDM 2.0) for Simplified Management

(SDM 2.0) for Simplified Management

• Built-in GUI available for all 1800, 2800, 3800 series

• SDM 2.0 now includes

•QoS policy configuration

•Router and network resource monitoring

•Role-based access

• Implements NSA guidelines , ICSA, and TAC

recommendations

• Industry leading router and security management tool for:

•VPN

•Firewall

•Routing

•LAN/WAN Interfaces

Summary

• Redundant power option with online insertion and removal

• Increased environmental thresholds

• Increased high speed slots — up to 1.2 Gbps

• High density and larger form factor network modules

• New ASIC, Bus design and processor boost performance for services

• Double services density

• Double memory defaults

Services

Enhanced Management

Extended Services, Headroom and Investment Protection