Enterprise Routing
ISR4k Overview, Roadmap & Update
Stefan Mansson
CCIE 18 years #3516
TME, ISR Product team ENG
Feb 2016
Stefan Mansson
Co-founder of ISR G2 & ISR4000 Series
31 years in the Network Business
26 years working solely with Cisco Branch Routers and Routing Solutions
•
•
11 years as Sr. Consultant @ a Swedish Cisco Gold Partner
•
15 years within Cisco, based in 6 different countries
•
10 years in Cisco RTP, NC
# 3516 since -98
Cisco Instructor CCSI # 20145 since -98
Agenda
 ISR4K Update
 ISR4K Architecture Overview
 Modules Roadmap
 4k IOS Update / Feature support
 ISR G1 & G2 EoS Update
 Security
 Service Integration through Open Services Container
Cisco ISR 4000 Series
- Development Drivers
C97-731146-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
4
Everything goes cloudified
Information
Music
Movies
Services
Intelligent WAN: Leveraging the Internet
Hybrid WAN
Transport
MPLS
Private
Cloud
$$$
Internet backhaul
Branch
Internet
Direct
Internet
Access

Cisco
Cloud
Web Security
$
Secure WAN transport across MPLS
and/or Internet for private cloud / DC access
Increase WAN Capacity
Virtual
Private
Cloud
Public
Cloud

Leverage local Internet path for
public cloud and Internet access
Improve App Performance
Scale Security at the Branch
And the Internet Transition Pays Off Fast
EXAMPLE: San Francisco Single MPLS VPN vs. Dual Business Internet ($ per Month)
$1,014
$885
$830
-75%
10 Mbps
$220
1.5 Mbps
$303
MPLS VPN
CoS1
$274
MPLS VPN
CoS2
$260
MPLS VPN
CoS3
$140
iWAN
Dual Internet Links
Combined for Ent SLA
Source: Telegeography MPLS VPN pricing for San Francisco as of March 2013; Comcast Web site; Verizon website
$665
Savings/Month x
12 Months X 1,000
Sites
= $8M Savings
per Year
IWAN Message = Money on the table
Asian oil and gas company
• 2 x 2Mbps MPLS VPN lines connecting each Branch
office
• Yearly spend on last mile Branch WAN access: $10M
• Annual estimated savings with IWAN: $ 4M
• Estimated cost of IWAN deployment: $ 2M
Intelligent WAN Solution Components
AVC
Private
Cloud
MPLS
3G/4G-LTE
Virtual
Private
Cloud
Branch
Internet
WAAS
Akamai
Public
Cloud
PfRv3
Management & Orchestration
Transport
Independence
Intelligent
Path Control
Application
Optimization
Secure
Connectivity
 IPSec WAN Overlay
 Optimal application routing
 Performance monitoring
 NG Strong Encryption
 Consistent Operational
Model
 Efficient use of bandwidth
 Optimization and Caching
 Threat Defense
DMVPN
Performance Routing
AVC, WAAS, Akamai
Suite-B, CWS, ZBFW
Cisco Confidential
Single CPU Router Challenge: IWAN Services
Payload packet
CWS
PfR
NBAR2
Payload packet
F-Netflow
IKEv2
HTTP
PfR
CWS
NBAR2
CWS
Payload packet
IKEv2
NBAR2
F-Netflow
PfR
NBAR2
IKEv2
F-Netflow
HTTP
NBAR2
CWS
IKEv2
NBAR2
HTTP
PfR
PfR
CWS
F-Netflow
F-Netflow
IKEv2
PfR
NBAR2
What Makes
ISR 4k Different From G2
C97-731146-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
11
Cisco Branch Router Evolution
ISR G1 family
1800, 2800, 3800
The first architecture
custom designed for
integrated services
ISR G2 family
800, 1900, 2900 &
3900
Taking ISR G1
architecture to the next
level
Cisco 2600
Superseded 2500.
Considered one of Cisco's
premier products ever.
Cisco 2500
Cisco’s first family of
branch routers for 23
different deployments
2014
2013
2009
2004

1998

1993
ISR 4451-X
First ISR based on
IOS XE.
Purpose built for 21st
century branch
requirements
ISR 4431 & 4300 family
Making for a complete
ISR 4000 family
Not shown here: IGS, 2000, 3000, 700,
1600, 1700, 4000/4500, 3600 & 3700
series routers
All very solid workhorses of their time
So how do we solve this problem?
Payload packet
CWS
PfR
NBAR2
F-Netflow
Payload packet
IKEv2
HTTP
PfR
CWS
NBAR2
CWS
Payload packet
IKEv2
NBAR2
F-Netflow
PfR
NBAR2
IKEv2
F-Netflow
HTTP
NBAR2
CWS
IKEv2
NBAR2
HTTP
PfR
PfR
CWS
F-Netflow
F-Netflow
IKEv2
PfR
NBAR2
ASR1K Distributed Control Architecture
ASR 1000
• Route Processor (RP)
Route
Processor
(Controlplane)
Embedded Service
Processor
(Dataplane)
Crypto Assist
• Handles control plane traffic
• Manages system
• Embedded Service Processor (ESP)
RP
FECP
• Handles forwarding plane traffic
• SPA Interface Processor (SIP)
Interconn.
QFP Subsystem
• Shared Port Adapters provide interface
connectivity
Interconn.
• Centralized Forwarding Architecture
• All traffic flows through the active ESP,
standby is synchronized with all flow state
with a dedicated 10-Gbps link
Interconn.
Interconn.
IOCP
SPA
IOCP
SPA
SPA
Agg.
Agg.
SPA
SPA
SPA
• Distributed Control Architecture
• All major system components have a
powerful control processor dedicated for
control and management planes
ISR4k = an ASR1K in an ISR disguise
ASR 1000
ISR 4000
Crypto Assist
Forwarding
Processor
(Dataplane)
Route
Processor
(Controlplane)
Forwarding
Processor
(Dataplane)
Route & Service
Processor
(Controlplane)
IOSd
RP
FECP
Forwarding
CPUs
Interconn.
QFP Subsystem
Serviceplane
Interconn.
MGF
Interconn.
Interconn.
IOCP
SPA
IOCP
SPA
SPA
Agg.
Agg.
SPA
SPA
SPA
FPGE
SM-X
NIM
ESP
For comparison: ASR1K ESP Architecture
Quantum Flow Processor
Packet Buffer
OverallDRAM
packet forwarding
Resource
DRAM
(512MB)
TCAM
(10Mbit)
Packet Processor Engine
BQS
PPE1
PPE2
PPE3
PPE4
PPE5
PPE6
PPE7
PPE8
…
PPE40
E-CSR
JTAG Ctrl
E-RP*
Dispatcher
Packet Buffer
Packet Processor Engine
Multicore CPU
Routes and applies features to
packets
Crypto
(Nitrox-II CN2430)
Reset / Pwr Ctrl
RPs
SA table
DRAM
RPs
PPE
BQS
QFP
DDRAM
PCI*
QFP
Part Len / BW
SRAM
(128MB)
EEPROM
FECP
Crypto
Assist.
intercon.
Forwarding Engine Control
ProcessorReset / Pwr Ctrl
Manages board
Programs QBS,
Crypto
TempPPE,
Sensor
Linux Kernel
Boot Flash
(OBFL,…)
FECP
SPI Mux
Interconnect
ESP RPs
Interconnect
SIPs
Buffering Queuing & Scheduling
Executes complex QoS scheduling
(shapers, LLQ’s,…)
Queues and schedules packets in
due time
GE, 1Gbps
I2C
SPA Control
SPA Bus
ESI, 11.2Gbps
SPA-SPI,
11.2Gbps
Hypertransport,
10Gbps
Other
ISR 4451 Hardware Diagram
Inline Cryptography
No Crypto Assist chip
Crypto “locks” core
True run-to-completion
10 Cores, 1 thread / core
5 fwd cores by default
4 remaining cores license
activated
DDR3
DRAM
Control Plane
4xPCIe
1 Control Plane Core
RP and FECP-like roles
4xSGMI
Data Plane
(4 cores)
(10 core)
Ctrl
SVC1
PPE1
PPE2
PPE3
PPE4
PPE5
SVC2
SVC3
PPE6
PPE7
PPE8
PPE9
PPE10
BQS onFPGE
a core
One Core dedicated to BQS
Always active
DDR3(5+1 or 9+1 cores)
DRAM
3 Services Core
No hardware TCAM
10 Gbps XAUI
System
FPGA
Mgmt Ethernet
Console / Aux
USB
Flash
1xSGMI
Multi Gigabit
Fabric
Peripheral
Interconnect
2Gb/slot
NIM
NIM
NIM
10 Gbps/slot
DSP
SM-X
SM-X
4351 Hardware Diagram
8 Cores @ 2.4 Ghz / 1 thread per core
1 core for RP/IOSd
1 core acting for Crypto & QoS
4 cores @ 1 thread/core for features
2 service cores
1 core
as
Rangeley
CPU
DRAM
PPE1
PPE2
PPE3
RP hosting IOSd
PPE4
PPE5
Front Panel Ethernet
Front Panel Ethernet
Front Panel Ethernet
mSATA
(MO-300)
2 service cores
Mgmt Ethernet
System Glue Logic
FPGA
PPE6
SPI Flash
PPE7
PPE8
1 core as Crypto and BQS GE Switch
Console, Aux & USB
Console
I2C to Modules
2 cores QFP
2 cores QFP license activated
USB Host Ports
PCIe Switch
eMMc
USB-to-SD
NIM Slots x 2
NIM Slots x 2
NGSM Slots x 2
NGSM slots x 2
4331 similar; but CPU clocking @ 2Ghz
Cisco ISR 4000 Series
ISR 4451
1-2Gbps
ISR 4351
200-400 Mbps
ISR 4431
500-1000 Mbps
ISR 4331
100-300 Mbps
ISR 4321
50-100 Mbps
4-10X Faster than G2
Deterministic Performance
Add services anytime
ISR 4000 Performance license limit
• Notice that many of the results are at the exact licensed max limit.
• This means router hit shaper before bottoming out
• How much CPU is then left?
@22%
CPU
@53%
CPU
@43%
CPU
@81%
CPU
@65%
CPU
@20%
CPU
@89%
CPU
@54%
CPU
@33%
CPU
Cisco ISR 4000 Family I/O Design
Management Interface
Front-Panel GE
out-of-band control plane
connection directly to a
management network

RJ45/SFP GE Interfaces

PoE+ available on some
models
Network Interface Modules
(NIMs)



Larger and more powerful
than EHWICs
Up to 8 ports per module
DSPs directly on modules
Optional Drive NIM for
Embedded Applications


RAID 1 for data protection
Single HD (future) and
dual SSD options
Enhanced Service Modules
USB Connections


2 times type A for file storage
USB type B console in addition to RJ45 console and aux ports



Compatible with Cisco® ISR G2
Up to 10-Gbps connection to system
Faster and more powerful than SMs
ISR 4k Modules
General Roadmap
C97-731146-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
23
Cisco ISR 4000 Family Modules (1 of 2)
Category
LAN
Type
Name
SM-X
Ethernet Switches: 16, 24 & 48 ports
Now
Ethernet Switches: 4 & 8 ports
Now
CPU: 2, 4, 6 & 8 cores
Now
NIM
CPU: 4 cores
Now
NIM
T1/E1: 1, 2, 4 & 8 ports
Now
NIM
FXS/FXO: 2 & 4 ports. Also, 4FXS+2FXO combo NIM.
Now
NIM
E/M & BRI Voice
Now
PVDM
PVDM4: 32, 64, 128 & 256 channels
Now
SM-X
High-density DSP farm
SM-X
1GE: 4 ports OR 1-port 10GE
Now
SM-X
1GE: 6 ports
Now
NIM
1GE: 1 & 2 ports
Now
NIM
USA, Canada, Europe, Australia
Now
NIM
LATAM / APAC (Incl. Band 28 for Australia and LTE TDD for China/India)
Roadmap
ISR G2 EHWIC and
800BB
LATAM / APAC (Incl. Band 28 for Australia and LTE TDD for China/India)
Roadmap
NIM
SM-X
UCS E-Series
Voice
WAN Ethernet
WAN 4G / LTE
Availability
Roadmap
Cisco ISR 4000 Family Modules (2 of 2)
Category
WAN T3/E3
Type
Name
Availability
SM-X
T3/E3: 1-port
Now
NIM
T1/E1: 1 & 2 ports
Now
NIM
T1/E1: 8 ports
Now
NIM
Multi-mode VDSL2 / ADSL Annex A, B & M
Now
NIM
Synchronous Serial: 1, 2 & 4 ports
Now
NIM
Asynchronous Serial: 16 ports
NIM
Dual SSD carrier. Each SSD may be 200G or 400G.
Now
200G SSD
Now
Converts SM-X slot to 1 NIM slot
Now
WAN T1/E1
WAN xDSL
WAN Serial
Roadmap
Storage
mSATA
NIM Adaptor
SM-X
ISR IOS Update
C97-731146-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
26
Not Supported Legacy Protocols
Legacy Protocols
 SNA, DLSw
 STUN, BSTUN
 Token Ring related services (SRB & STRB)
 Legacy Routing Protocols X.25, XoT, Novell, Appletalk
Legacy Protocols Now and Future
Today 2014
EoSw Support ISR G2
Dec 2022*
IOS Release T Train
SNAsw LLC SDLC FRAS DSPU QLLC VDLC
DLSw CLNS, Src Rt Bridge (SRB)
Src Rt Trans Bridge(STRB), STUN BSTUN
BSC (Async/BiSync) DECnet X.25/XoT Novell
Legacy protocols are not supported on IOS XE
(ASR1k, ISR 4k) and no plans to introduce in the
future XE releases.
*Assuming ISR G2 EoL in Dec 2017 – subject to change
FUTURE
No Support for
Legacy protocols
ISR EoS / EoL Update
C97-731146-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
29
What about EoS dates for G2
If I just had a dollar for each time I’ve answered this question...
No date set.
The ISR G2 EOS dates are not firm, but likely around Dec-2017,
with one year of notice and 5 years of support
Applies 2900 + 3900
1900 EoS is planned for a later date
Time to bid the ISR G1 farewell
End Of Support October 2016
January 30 2016 - End of Service Contract Renewal Date: HW
October 31 2016 - Last date of Hardware support
ISR Security Update
C97-731146-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
32
FirePOWER Threat Defense for ISR
Available Now!
FirePOWER Threat Defense
• Capitalize on DIA Without
Compromising Security
Attack Continuum
BEFORE
DURING
AFTER
Discover
Enforce
Harden
Detect
Block
Defend
Scope
Contain
Remediate
Network Visibility
NGIPS
Advanced Malware
Protection
Granular App
Control
Security Intelligence
Retrospective Security
Modern Threat
Control
URL Filtering
IoCs/Incident
Response
Visibility and Automation
• Industry-Leading Threat Protection
for Branch and Remote Offices
• Consolidated Footprint Frees
Revenue-Generating
Square Footage
• Centralized Management
with Clearly Divided Roles
and Responsibilities
• Lower Total Cost of Ownership
FirePOWER Threat Defense
BEFORE
DURING
AFTER
Discover
Enforce
Harden
Detect
Block
Defend
Scope
Contain
Remediate
Network
Visibility
NGIPS
Advanced Malware
Protection
Granular App
Control
Security
Intelligence
Retrospective Security
Modern Threat
Control
URL Filtering
IoCs/Incident
Response
Cisco® 4000 Series ISR
Cisco UCS®
OR
Visibility and Automation
+
Cisco ISR G2 Series
AppX + Security
License
Free Up Valuable Square Footage Generate More Revenue $$$
Centralized monitoring
ESXi
HQ
FireSIGHT Management
Center
Internet connection
Branch Office
VPN tunnel
ESXi
Branch Office
FireSIGHT
Management
Center Model
Max. Devices
FS-VMW-SW
2,10,25(ISR)
FS 750
10
FS 1500
35
FS 2000
70
FS 3500
150
FS 4000
300
ESXi
Branch Office
• Host the Sensor on the UCS-E
• IPS is in inline mode
• Packets ingress via the UCS-E front panel port
• SF sensor examines traffic; allowed packets egress the WAN interface
ESXi
UCS-E front panel Port
UCS-E
ucse 1/0
LAN port
ucse 1/1
WAN port
• Host the Sensor on the UCS-E
• IPS is in inline mode
• Packets ingress via the LAN interface of the router
• SF sensor examines traffic; allowed packets egress the WAN interface of the router
ESXi
UCS-E
ucs-e 2/0/1.10
LAN port
ucs-e 2/0/0.20
WAN port
Scalability
Cisco UCSE180D
Cisco UCSE160D
Cisco UCSE140S
Cisco UCS-EN120S
Cisco UCS-EN140N
Cisco UCS-EN120E
•
IPS Only
•
•
•
•
•
•
•
SKU: UCS•
EN120E
EWHIC - ISR G2 •
•
Cores: 2
RAM: 4-8GB
•
(1DIMM)
HDD: up to 200GB
SSD Storage
SKU: UCSEN140N
Price: $1495*
Cores: 4
RAM: 4-8GB
(1DIMM)
HDD: up to 200GB
SSD Storage
•
•
•
•
SKU: UCSEN120S-M2/K9
Price: $3,400*
Cores: 2
RAM: 4-16GB (2
DIMMs)
HDD: 2 harddrives, available in
2 SAS and SATA
options
•
•
•
•
SKU: UCSE140S-M2/K9
Price: $3,870*
Cores: 4
RAM: 8-16GB
(2 DIMMs)
HDD: 2 harddrives, available
in 3 SSD, SAS
and SATA
options
•
•
•
•
•
SKU: UCSE160D-M2/K9
Price: $5,130*
Cores: 6
RAM: 8-48GB
(3 DIMMs)
HDD: 3 harddrives,
available in
SSD, SAS and
SATA options
•
•
•
•
•
SKU: UCSE180D-M2/K9
Price: $5,849*
Cores: 8
RAM: 8-48GB (3
DIMMs)
HDD: 3 harddrives, available
in SSD, SAS and
SATA options
Feature Richness
* Hard drives Not included
SNORT powered IPS/IDS
FCS Target
Nov 2015
Introducing
LXC
Product Overview
 Open source intrusion prevention system for real-time traffic analysis
 Lightweight threat defense for price sensitive customers
 Integrated in ISR 4K service container
 IPS/IDS functionality with an IOS IPS look and feel
Positioning IPS/IDS Solution for the WAN
Regulatory/ PCI
Compliance
Direct Internet access to partner sites or public cloud
(i.e. Office365, Salesforce.com)
Internet guest
access
Full DIA
ISR 4451
115 – 270 Mbps
MSSP
ISR 4351
75 – 170 Mbps
ISR 4331
60 – 140 Mbps
ISR 4321
Up to 50 Mbps
Full DIA
ISR 4K
Open Services Containers
- Roadmap -
C97-731146-00 © 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
44
Why Virtualization of Branch Functions
Branch
CUBE
CUBE
F/D/C
F/D/C
•
Current Branch infrastructure often contains physical appliances that complicate
architecture
•
•
Purpose built devices consume space and complicate deployments
Costly to operate
•
•
WAN
Campus /
DC
Branch Appliances
• Router: Routing, ACL, NAT, SNMP..
• Switch: port aggregation
• Services realized with appliances
• Full redundancy
• Could be multi-vendor (Best of breed)
Upgrades / service extensions often require branch visits to install / swap equipment
Difficult to manage
•
Adding services requires new hardware and an expensive truck-roll
Branch Virtualization – On premise Options
Branch
F/D
WAN
Branch
F/D
WAN
Physical Router + virtualized L4-7 service on server
• E.g ISR4K + UCS-E
• Router performs transport functions (Routing, ACL, NAT, SNMP..)
• Less attack surface
• Services and Applications virtualized on server
• VNFs Could be multi-vendor (Best of breed)
• Flexible compute options for service and application needs
Router + integrated L4-7 services
• E.g. ISR4K + Service Containers
• Router performs transport functions
• Services (WAAS, AD, Probes..) virtualized internally
• Best-of-Breed options for Services
Application Hosting Spectrum
Different models for different application needs.
Native Process
•Very Tight Integration
•Best Performance
LXC
•Strict Kernel
Requirements
•Good performance
with some security
Docker
•Emerging Industry
Standard
•Future Support
Linux Containers
Service Containers
KVM
•Any OS
•Complete separation
•Linux host OS
normally
•Type 2 hypervisor
Type 1
Hypervisor
•Service Module Only
•VMWare, HyperV,
Zen…
Benefits of Service Hosting in the Network
Reduction of network
elements to manage & deploy
Automated network
operations
Service Elasticity
Capex reduction by
deployment of standard
x86-based servers
Operational efficiencies
through virtualization
Deployment of
best-of-breed
Reduced complexity
for High Availability
OPEX decrease by
reduction of branch visits
Cisco ISR 4400 Service Container Architecture
IOS
Service containers
live here
Control Plane (1
core) and Services
Plane (3 cores)
Data Plane
(6 or 10 cores)
FPGE
Service Container
Multigigabit
Fabric
KVM - Hypervisor
Service Plane
(control plane CPU)
NIM
ISC
SM-X
What is a Service Container?
Service Containers use virtualization technology
(LXC and KVM) to provide a hosting environment
on Cisco routers/switches for applications which
may be developed and released independent of
platform release cycles.
Virtualized environment on a cisco device.
Use Case Cisco Virtual Services:
• Lightweight Application Hosting
• Example: ISR-WAAS ( KVM )
• Example: SNORT ( LXC )
Use Case Third Party Services:
• KVM Hosted Applications
Network OS
Container
Virtual Service
What are Containers - Basics & Terminology
• Type-2 Hypervisor & Virtual
Machines- Includes not only the
application, binaries & libraries, but
also an entire guest OS.
Only KVM is supported for
unsigned (3rd party) apps in Open
Services container
GBs
• Linux Container (LXC) - OS level
virtualization method for running
multiple isolated Linux systems
(containers) on a single control host.
MBs
• Docker Container – Is a format for
Linux containers that makes the
process of creating and maintaining
containers easier.
Useful App on LXC container
LXC
Product Overview
 Works directly on a Linux service container – Single core
 Open source intrusion prevention system for real-time traffic analysis
 Good Enough Security at the Branch to Meet Compliance needs
 IPS/IDS functionality with an IOS IPS look and feel
App better suited for server module
Available Now!
FirePOWER Threat Defense
BEFORE
DURING
AFTER
Discover
Enforce
Harden
Detect
Block
Defend
Scope
Contain
Remediate
Network
Visibility
NGIPS
Advanced Malware
Protection
Granular App
Control
Security
Intelligence
Retrospective Security
Modern Threat
Control
URL Filtering
IoCs/Incident
Response
Cisco® 4000 Series ISR
Cisco UCS®
OR
Visibility and Automation
+
Cisco ISR G2 Series
AppX + Security
License
Free Up Valuable Square Footage Generate More Revenue $$$
Application Hosting Spectrum
Different models for different application needs.
Native
Process
• Very Tight
Integration
• Best Performance
LXC
• Strict Kernel
Requirements
• Good
performance with
some security
Docker
KVM
• Emerging Industry
Standard
• Future Support
• Any OS
• Complete
separation
• Linux host OS
normally – Type 2
hypervisor
Type 1
Hypervisor
• Service Module
Only
• VMWare, HyperV,
Zen…
Application Hosting Spectrum
Open Service Containers
Native
Process
• Very Tight
Integration
• Best Performance
LXC
• Strict Kernel
Requirements
• Good
performance with
some security
Docker
KVM
• Emerging Industry
Standard
• Future Support
• Any OS
• Complete
separation
• Linux host OS
normally – Type 2
hypervisor
Type 1
Hypervisor
• Service Module
Only
• VMWare, HyperV,
Zen…
Services Container Options
Available at ISR4K FCS
Closed
Controlled
Only Cisco Applications
•
•
•
ISR-WAAS
Joulex
Snort
No 3rd party applications
UCS E-Series for
apps
3rd
party
Early Availability Nov ‘15
Open
Cisco Approved 3rd party
partner applications
Open architecture for 3rd party
app on boarding
Support provided by partner
Support on ISR4K, ASR1K &
CSR1Kv
Supported in theory but not in
practice
Easier for customers to
enable apps on the container
No restrictions for customer
or 3rd party KVM applications.
Common Service Container Use Cases
Troubleshooting VM
General purpose virtual machine with custom and open-source troubleshooting tools.
(Wireshark, Speedtest, IXIA etc.)
Network Functions
Common network functions such as Print Server, Domain Controller, File Storage, etc.
Analytics
Network Analysis and Application Performance Monitoring without a dedicated probe.
Device Customization
Augment the capabilities of the host platform in some way. (Custom encryption, businessbased routing, specialized API interface)
IOS-XE Container Architecture
IOSd
Control Plane
Snort
Cisco Apps
ISR-WAAS
Customer and 3rd Party
Applications (KVM only)
KVM
Virtual Ethernet
Linux OS
Platform-Specific Data Plane
AppNav
Cisco ISR 4400 Series Architecture
IOS
Service containers
live here
Control Plane (1
core) and Services
Plane (3 cores)
Data Plane
(6 or 10 cores)
FPGE
Service Container
Multigigabit
Fabric
KVM - Hypervisor
Service Plane
(control plane CPU)
NIM
ISC
SM-X
Cisco ISR 4300 Series Architecture
Data Plane Cores
IOS
FPGE
Service Container
Multigigabit
Fabric
Service Container
ISC
SM-X
KVM - Hypervisor
Service Plane
(control plane CPU)
NIM
Note:4321 uses 2DP, 1CP & 1SC cores
ISR4K Services Core Specifications
For Your
Reference
Service Cores
Speed
(GHz)
Relative Compute
Power
ISR4451
3
2
6P
4GB
200GB
1TB
ISR4431
3
1
3P
4GB
200GB
1TB
ISR4351
3
2.4
3P
4GB
50GB
1TB
ISR4331
3
2.0
2.5 P
4GB
50GB
1TB
ISR4321
1
2.4
P
4GB
50GB
1TB
UCS-E NIM
4
1.6
2.6 P
N/A
N/A
N/A
UCS-E EHWIC
2
1.6
1.3 P
N/A
N/A
N/A
Platform
Min Additional Min Additional Min Additional
DRAM
SSD
HDD
Normalize to Rangley 2.4 GHz core = 1P
Gladden 1GHz = Rangley 2.4 GHz
What do I need to add to an ISR4K system?
Memory
•
•
Service Containers (currently) REQUIRE additional DRAM beyond the 4GB system default
Additional DRAM beyond 4GB will be available to a KVM application
• Example: 8GB DRAM will have 4GB available to Service Containers
• Example: 16GB DRAM will have 12GB available to Service Containers
Storage
•
•
•
No storage is included by default and applications do not have access to bootflash.
Options include internal MSATA SSD on 4300 Series, NIM-SSD or NIM-HD on all ISR4K.
Smaller sizes and lower reliability SSD options at lower price will be available in late CY15.
Note: ASR1K/CSR requirements will be similar.
Storage Options
NIM-SSD:
•
1 or 2 hot-swappable 200GB SSD drives
•
400GB option in CY15
NIM-HD:
•
1 hot-swappable 1TB drive
•
Available late 2015
SSD-MSATA-200G:
•
Doesn’t consume a NIM slot!
•
Embedded 50GB or 200GB SSD storage
•
Not available on 4431/4451
Cisco UCS E-Series Network Compute Engine
Cisco UCS EN140N M2
Certified for Bare-metal OS like Microsoft 2012 R2 and Redhat Linux and Hypervisors like Vmware
ESXi 5.5 and Microsoft Hyper-V
Up to 8 GB RAM
Intel® Atom
quad-core processor
50, 100, 200 GB mSATA
SSD options
One 2GB SD card
for CIMC (8GB SD
Dedicated
management port
USB 2.0 port for
external device
connectivity
optional)
KVM console
connector
One external Gigabit Ethernet
port/ Two internal Gigabit
Ethernet ports
Open Service Container Support Model
Cisco Support:
Call TAC and they’ll help you out.
IOSd
Control Plane
WAAS
Customer and 3rd
Party Applications
Virtual Ethernet
KVM/LXC
Linux OS
Platform-Specific Data Plane
Cisco Devnet Provides:
• Community support for developers
• Documentation
• Developer Tools
• Access to Cisco Engineers
• Sample open source VMs
• Share open source projects
• Examples from Cisco Engineers
Open Service Container Support Model
Third Party & Community Support:
TAC will redirect you.
IOSd
Control Plane
WAAS
Customer and 3rd
Party Applications
Virtual Ethernet
KVM/LXC
Linux OS
Platform-Specific Data Plane
Cisco Devnet Provides:
• Community support for developers
• Documentation
• Developer Tools
• Access to Cisco Engineers
• Sample open source VMs
• Share open source projects
• Examples from Cisco Engineers