This document provides an overview and student guide for the "Implementing Cisco MPLS (MPLS) Version 2.2" course. It introduces basic MPLS concepts including the MPLS architecture, labels, label stacks, and applications such as MPLS VPNs and traffic engineering. It also covers frame-mode MPLS implementation on Cisco IOS platforms, including configuration, monitoring, and troubleshooting tasks. Finally, it discusses MPLS VPN technology in depth, including the MPLS VPN architecture, routing model, and packet forwarding mechanisms.
This document provides an overview and configuration instructions for deploying Carrier Ethernet services on the Cisco ASR 9000 router. It begins with an introduction to Carrier Ethernet and the Cisco ASR 9000 platform. It then covers the configuration of Ethernet flow points (EFPs) to classify and rewrite VLAN tags. The document details various Ethernet service types including point-to-point local connect and VPWS services, as well as multipoint bridging and VPLS services. It concludes with sections on operations, administration, and maintenance (OAM) and best practices.
The document discusses MPLS VPN configurations. It covers VPN concepts like overlay and peer models, benefits of MPLS VPNs, and how routing information is propagated between provider edge (PE) routers using MP-BGP. Key aspects include using virtual routing and forwarding (VRF) instances to isolate customer routes, extending prefixes with route distinguishers (RDs) to handle overlapping addresses, and exchanging VPN routes between PE routers in the provider network.
Segment routing is a technology that is gaining popularity as a way to simplify MPLS networks. It has the benefits of interfacing with software-defined networks and allows for source-based routing. It does this without keeping state in the core of the network and needless to use LDP and RSVP-TE.
This document provides an overview and student guide for the "Implementing Cisco MPLS (MPLS) Version 2.2" course. It introduces basic MPLS concepts including the MPLS architecture, labels, label stacks, and applications such as MPLS VPNs and traffic engineering. It also covers frame-mode MPLS implementation on Cisco IOS platforms, including configuration, monitoring, and troubleshooting tasks. Finally, it discusses MPLS VPN technology in depth, including the MPLS VPN architecture, routing model, and packet forwarding mechanisms.
This document provides an overview and configuration instructions for deploying Carrier Ethernet services on the Cisco ASR 9000 router. It begins with an introduction to Carrier Ethernet and the Cisco ASR 9000 platform. It then covers the configuration of Ethernet flow points (EFPs) to classify and rewrite VLAN tags. The document details various Ethernet service types including point-to-point local connect and VPWS services, as well as multipoint bridging and VPLS services. It concludes with sections on operations, administration, and maintenance (OAM) and best practices.
The document discusses MPLS VPN configurations. It covers VPN concepts like overlay and peer models, benefits of MPLS VPNs, and how routing information is propagated between provider edge (PE) routers using MP-BGP. Key aspects include using virtual routing and forwarding (VRF) instances to isolate customer routes, extending prefixes with route distinguishers (RDs) to handle overlapping addresses, and exchanging VPN routes between PE routers in the provider network.
Segment routing is a technology that is gaining popularity as a way to simplify MPLS networks. It has the benefits of interfacing with software-defined networks and allows for source-based routing. It does this without keeping state in the core of the network and needless to use LDP and RSVP-TE.
Juniper SRX Quickstart 12.1R3 by Thomas SchmidtNam Nguyen
This document provides an overview and introduction to using SRX firewalls with JUNOS. It includes sections on login procedures, CLI basics, switching capabilities, and interface configuration. The document is intended for users familiar with ScreenOS who are new to JUNOS and need guidance on common tasks and commands.
E-VPN and PBB-EVPN are next generation MPLS-based L2VPN technologies that use BGP to distribute Ethernet segment and MAC address reachability information across the MPLS core. They provide all-active multi-homing and load balancing capabilities to maximize bandwidth utilization. PBB-EVPN encapsulates customer frames with backbone MAC addresses to enable split horizon filtering and optimize multicast forwarding.
This document provides an overview of MPLS (Multi-Protocol Label Switching). It discusses the basic idea behind MPLS, the history and components. MPLS assigns labels to IP flows to create label switched paths between ingress and egress routers. Routers forward packets based on lookups of these labels rather than long IP addresses. MPLS supports traffic engineering and quality of service across networks while integrating technologies like IP, ATM, and Frame Relay.
The document provides information about an upcoming training course on deploying MPLS L3 VPNs. It includes details about the trainers, Nurul Islam Roman and Jessica Wei, their backgrounds and areas of expertise. It also outlines the course agenda which will cover topics such as MPLS VPN models, terminology, operation, configuration examples and service deployment scenarios.
this pdf contain simple method to install one of important MPLS service MPLS L3VPN and explain how mpls distribute labels
use simple routing protocol with customer (static route) to initiate L3VPN
Synopsis: A high-level technical introduction to ConfD. Introduction to ConfD architecture, data model driven paradigm, core engine features and northbound interfaces.
This document provides an overview of basic network and routing concepts for the CCNP ROUTE certification. It discusses differentiating between dynamic routing protocols, network types including non-broadcast multi-access networks, connecting remote locations using various technologies, and understanding how different traffic types and overlay networks influence routing. The objectives cover routing protocols, branch connectivity options, and IPv6 neighbor discovery.
Segment Routing Technology Deep Dive and Advanced Use CasesCisco Canada
The document provides an overview of Segment Routing technologies including SRv6. It begins with a recap of Segment Routing concepts and how it simplifies network operations. It then covers SRv6 which extends Segment Routing to IPv6 networks to take advantage of growing IPv6 adoption. The document discusses how SRv6 can further simplify networks and support new services and traffic patterns from 5G, IoT, and container-based microservices.
A presentation to help new network operators plan a project to improve their network traffic management. Useful for inbound and outbound heavy networks. Lists the things you need to do to reach routing and peering nirvana.
The advent of Network Function Virtualization (NFV) is dramatically changing the way in which telecommunication networks are designed and operated. Traditional specialized physical appliances are replaced with software modules, called Virtual Network functions(VNFs), running on a virtualization infrastructure made up of general purpose servers. Examples of VNFs categories are NATs (Network Address Translation), firewalls, DPIs (Deep Packet Inspection), IDSs (Intrusion Detection System), load balancers, HTTP proxies. Service Function Chaining (SFC) denotes the process of forwarding packets through the sequence of VNFs. IPv6 Segment Routing (SRv6) is a source routing paradigm that allows to steer packets through an ordered list of VNFs in a simple and scalable manner. In this slides, we present the architecture of SFC using SRv6 for both cases of SRv6-aware and SRv6-unaware VNFs. We provide an open source implementation and easy replicable testbed for the presented work.
MPLS L3 VPN allows companies to offer Layer 3 VPN services with advantages like scalability, security, and support for duplicate IP addresses and different network topologies. The key components that enable this are VRF tables on PE routers that separate routing information for each customer to avoid duplicate IP issues, and MP-BGP which customizes VPN routing information using a Route Distinguisher, VPN label, and Route Target to support different VPN topologies. MPLS L3 VPN provides services like multi-homed sites for redundancy, hub-and-spoke networks, internet access with security, and extranets for inter-company communication.
The document discusses the configuration of static MPLS label switched paths (LSPs) across a network topology consisting of routers in various cities. It describes how each router is configured to either push a label, swap a label, or pop the top label as packets traverse the LSP from Jakarta to Makasar and back. Traceroute outputs are provided to show the functioning LSP paths versus normal IGP routing. Complete configuration snippets are included in an appendix.
This document discusses overlay networking using VXLAN. It provides definitions of key concepts like logical overlay networks, physical underlay networks, and tunnel end points (VTEPs). It describes how VXLAN works by encapsulating Ethernet frames with IP/UDP and a VXLAN header that includes a VNI to identify different virtual networks. It covers VXLAN terminology, frame formats, control plane options, and how broadcast, unknown, and multicast traffic is forwarded between VTEPs using either IP multicast or head-end replication.
The document discusses Carrier Ethernet 2.0 and next generation Carrier Ethernet architectures. It provides an agenda for topics including Carrier Ethernet fundamentals, new CE 2.0 services like E-Tree and E-Access, and service enhancements. The focus is on how CE 2.0 helps service providers expand services, simplify operations, and extend service reach through standardized MEF specifications.
Cisco Catalyst 6500 Technical Deep Dive.pdfjuergenJaeckel
This document provides a technical deep dive into the Cisco Catalyst 6500 series of switches. It discusses the chassis architecture and power supplies of various Catalyst 6500 models. It then covers the supervisor engine and switch fabric architecture, including the Supervisor 720, Supervisor 32, and Supervisor 32 with PISA. The document also outlines the Cisco IOS boot process and module architecture before discussing layer 2, IPv4, and IPv4 multicast forwarding as well as packet walks.
EVPN is an Ethernet VPN technology that extends layer 2 networks over a layer 3 underlay. It uses BGP as the control plane to distribute MAC addresses and Ethernet segment information between provider edge (PE) devices. EVPN supports various data plane encapsulations like MPLS, VXLAN, and NVGRE. It provides an integrated solution for layer 2 and layer 3 VPNs that addresses scaling challenges in traditional VPLS deployments.
This document outlines an IPv6 lab and techtorial that covers IPv6 addressing, neighbor discovery, static routing, OSPFv3, BGP, and tunneling. The agenda includes lectures on these topics as well as corresponding labs to provide hands-on experience. Prerequisites for the session are basic network engineering knowledge and interest in Cisco technologies. The document then goes on to describe IPv6 addressing formats, types of addresses, and how addresses are allocated to interfaces.
Juniper SRX Quickstart 12.1R3 by Thomas SchmidtNam Nguyen
This document provides an overview and introduction to using SRX firewalls with JUNOS. It includes sections on login procedures, CLI basics, switching capabilities, and interface configuration. The document is intended for users familiar with ScreenOS who are new to JUNOS and need guidance on common tasks and commands.
E-VPN and PBB-EVPN are next generation MPLS-based L2VPN technologies that use BGP to distribute Ethernet segment and MAC address reachability information across the MPLS core. They provide all-active multi-homing and load balancing capabilities to maximize bandwidth utilization. PBB-EVPN encapsulates customer frames with backbone MAC addresses to enable split horizon filtering and optimize multicast forwarding.
This document provides an overview of MPLS (Multi-Protocol Label Switching). It discusses the basic idea behind MPLS, the history and components. MPLS assigns labels to IP flows to create label switched paths between ingress and egress routers. Routers forward packets based on lookups of these labels rather than long IP addresses. MPLS supports traffic engineering and quality of service across networks while integrating technologies like IP, ATM, and Frame Relay.
The document provides information about an upcoming training course on deploying MPLS L3 VPNs. It includes details about the trainers, Nurul Islam Roman and Jessica Wei, their backgrounds and areas of expertise. It also outlines the course agenda which will cover topics such as MPLS VPN models, terminology, operation, configuration examples and service deployment scenarios.
this pdf contain simple method to install one of important MPLS service MPLS L3VPN and explain how mpls distribute labels
use simple routing protocol with customer (static route) to initiate L3VPN
Synopsis: A high-level technical introduction to ConfD. Introduction to ConfD architecture, data model driven paradigm, core engine features and northbound interfaces.
This document provides an overview of basic network and routing concepts for the CCNP ROUTE certification. It discusses differentiating between dynamic routing protocols, network types including non-broadcast multi-access networks, connecting remote locations using various technologies, and understanding how different traffic types and overlay networks influence routing. The objectives cover routing protocols, branch connectivity options, and IPv6 neighbor discovery.
Segment Routing Technology Deep Dive and Advanced Use CasesCisco Canada
The document provides an overview of Segment Routing technologies including SRv6. It begins with a recap of Segment Routing concepts and how it simplifies network operations. It then covers SRv6 which extends Segment Routing to IPv6 networks to take advantage of growing IPv6 adoption. The document discusses how SRv6 can further simplify networks and support new services and traffic patterns from 5G, IoT, and container-based microservices.
A presentation to help new network operators plan a project to improve their network traffic management. Useful for inbound and outbound heavy networks. Lists the things you need to do to reach routing and peering nirvana.
The advent of Network Function Virtualization (NFV) is dramatically changing the way in which telecommunication networks are designed and operated. Traditional specialized physical appliances are replaced with software modules, called Virtual Network functions(VNFs), running on a virtualization infrastructure made up of general purpose servers. Examples of VNFs categories are NATs (Network Address Translation), firewalls, DPIs (Deep Packet Inspection), IDSs (Intrusion Detection System), load balancers, HTTP proxies. Service Function Chaining (SFC) denotes the process of forwarding packets through the sequence of VNFs. IPv6 Segment Routing (SRv6) is a source routing paradigm that allows to steer packets through an ordered list of VNFs in a simple and scalable manner. In this slides, we present the architecture of SFC using SRv6 for both cases of SRv6-aware and SRv6-unaware VNFs. We provide an open source implementation and easy replicable testbed for the presented work.
MPLS L3 VPN allows companies to offer Layer 3 VPN services with advantages like scalability, security, and support for duplicate IP addresses and different network topologies. The key components that enable this are VRF tables on PE routers that separate routing information for each customer to avoid duplicate IP issues, and MP-BGP which customizes VPN routing information using a Route Distinguisher, VPN label, and Route Target to support different VPN topologies. MPLS L3 VPN provides services like multi-homed sites for redundancy, hub-and-spoke networks, internet access with security, and extranets for inter-company communication.
The document discusses the configuration of static MPLS label switched paths (LSPs) across a network topology consisting of routers in various cities. It describes how each router is configured to either push a label, swap a label, or pop the top label as packets traverse the LSP from Jakarta to Makasar and back. Traceroute outputs are provided to show the functioning LSP paths versus normal IGP routing. Complete configuration snippets are included in an appendix.
This document discusses overlay networking using VXLAN. It provides definitions of key concepts like logical overlay networks, physical underlay networks, and tunnel end points (VTEPs). It describes how VXLAN works by encapsulating Ethernet frames with IP/UDP and a VXLAN header that includes a VNI to identify different virtual networks. It covers VXLAN terminology, frame formats, control plane options, and how broadcast, unknown, and multicast traffic is forwarded between VTEPs using either IP multicast or head-end replication.
The document discusses Carrier Ethernet 2.0 and next generation Carrier Ethernet architectures. It provides an agenda for topics including Carrier Ethernet fundamentals, new CE 2.0 services like E-Tree and E-Access, and service enhancements. The focus is on how CE 2.0 helps service providers expand services, simplify operations, and extend service reach through standardized MEF specifications.
Cisco Catalyst 6500 Technical Deep Dive.pdfjuergenJaeckel
This document provides a technical deep dive into the Cisco Catalyst 6500 series of switches. It discusses the chassis architecture and power supplies of various Catalyst 6500 models. It then covers the supervisor engine and switch fabric architecture, including the Supervisor 720, Supervisor 32, and Supervisor 32 with PISA. The document also outlines the Cisco IOS boot process and module architecture before discussing layer 2, IPv4, and IPv4 multicast forwarding as well as packet walks.
EVPN is an Ethernet VPN technology that extends layer 2 networks over a layer 3 underlay. It uses BGP as the control plane to distribute MAC addresses and Ethernet segment information between provider edge (PE) devices. EVPN supports various data plane encapsulations like MPLS, VXLAN, and NVGRE. It provides an integrated solution for layer 2 and layer 3 VPNs that addresses scaling challenges in traditional VPLS deployments.
This document outlines an IPv6 lab and techtorial that covers IPv6 addressing, neighbor discovery, static routing, OSPFv3, BGP, and tunneling. The agenda includes lectures on these topics as well as corresponding labs to provide hands-on experience. Prerequisites for the session are basic network engineering knowledge and interest in Cisco technologies. The document then goes on to describe IPv6 addressing formats, types of addresses, and how addresses are allocated to interfaces.
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Cisco Russia
The document discusses the internal architecture of Cisco IOS-XE software and hardware platforms like ASR1000 and ISR4000 routers. It describes the key components like the Route Processor (RP), Embedded Services Processor (ESP), Quantum Flow Processor (QFP), and how they work together. Diagnostic tools for troubleshooting traffic forwarding like conditional debugging, packet tracer and embedded packet capture are also covered.
The document summarizes testing done on the Cisco ASR1000 Series router, specifically the ASR1004. Router Analysis tested the forwarding performance and functionality of the router under various conditions. Key findings include the ASR1004 exceeding the claimed forwarding rate for basic IPv4 and achieving above-minimum rates when features like ACLs and uRPF were enabled. QoS was found to function properly, protecting higher priority traffic. No head-of-line blocking was observed. Background traffic did not impact QoS performance. The router also supported the intended number of MPLS tunnels without issues. Overall, the ASR1004 performed as expected or better in Router Analysis' tests.
Обзор возможностей продукта Cisco TelePresence ServerCisco Russia
Обзор возможностей продукта Cisco TelePresence Server. Интеграция с CUCM и VCS. Использование TelePresence Conductor.
Запись вебинара: https://www.youtube.com/watch?v=ZOUhY2MVzIk
Пять шагов для защиты ЦОД. Почему традиционная защита может оказаться неэффек...Cisco Russia
Перед администраторами центров обработки данных (ЦОД) стоит очень непростая задача. Они должны защитить ЦОД без ущерба для производительности и функциональности систем. Многие рассчитывают защитить ЦОД с помощью решений для интернет-периметра, однако этих решений недостаточно.
ЦОД предъявляет уникальные требования к выделению ресурсов, производительности, виртуализации, приложениям и трафику. Устройства обеспечения безопасности интернет-периметра просто
не предназначены для удовлетворения таких требований.
The presentation covers the basics of packet forwarding and simplified architecture of the router. Additionally it explains what problem Cisco Express Forwarding (CEF) solves and how. At the end static routing is covered.
Delivered by Dmitry Figol, CCIE R&S #53592.
Разработка OpenFlow-коммутатора на базе сетевого процессора EZchipARCCN
Доклад Васина Вячеслава (ЦПИКС) на семинаре Консорциума университетов по изучению и развитию передовых технологий в сфере компьютерных сетей. 20 октября 2016 года
Архитектура и уникальные особенности магистральной платформы Cisco NCS 6000Cisco Russia
1. Архитектура линейного шасси
2. Линейные карты для Cisco NCS6000
3. Оптические трансиверы
4. Архитектура мультистоечной конфигурации
5. Особенности операционной системы
Обзор Сервисных Услуг Cisco в России и странах СНГ.Cisco Russia
Обзор Сервисных Услуг в России и странах СНГ.
Сервисные Услуги в России и странах СНГ делятсяна Базовую и Расширенную техническую поддержку.
БАЗОВАЯ ТЕХНИЧЕСКАЯ ПОДДЕРЖКА 1. Центр Технической Поддержки (ТАС) Центр технической поддержки Cisco TAC предоставляет Заказчикам быстрый доступ к технологическим экспертам с опытом диагностики и решения самых сложных проблем.
Cisco TAC обладает развитой системой управления запросами, которая позволяет оперативно направить проблему в соответствующую технологическую команду или перевести на следующий уровень поддержки, если проблема не решена в заданный период.
Cisco TAC предоставляет круглосуточную поддержку по всему миру.
Клиентские контракты на техническую поддержку Cisco Smart Net Total CareCisco Russia
Клиентские контракты на услуги технической поддержки Cisco Smart Net Total Care
Cisco Smart Net Total Care (SNTC) — это контракт на услуги технической поддержки Cisco.
Cервис сочетает в себе ведущие в отрасли и получившие множество наград технические сервисы с дополнительно встроенными инструментами бизнес-аналитики, которые получает Заказчик через встроенные интеллектуальные возможности на портале Smart Net Total Care.
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Запись вебинара "Решения компании Cisco для операторов связи по защите от взлома и вредоносного программного обеспечения": https://ciscoclub.ru/resheniya-kompanii-cisco-dlya-operatorov-svyazi-po-zashchite-ot-vzloma-i-vredonosnogo-programmnogo-o
Профессиональные услуги Cisco для Software-Defined AccessCisco Russia
Как реализовать SDA, создать стратегию, которая будет сопоставлена с бизнес задачами, оценить готовность к трансформации, успешно и максимально надежно реализовать намеченные планы.
Обнаружение известного вредоносного кода в зашифрованном с помощью TLS трафик...Cisco Russia
О работе группы исследователей компании Cisco, в которой доказана применимость традиционных методов статистического и поведенческого анализа для обнаружения и атрибуции известного вредоносного ПО, использующего TLS в качестве метода шифрования каналов взаимодействия, без дешифровки или компрометации TLS-сессии. Также рассказано о решении Cisco Encrypted Traffic Analytics, реализующем принципы, заложенные в данном исследовании, его архитектуре и преимуществах.
Промышленный Интернет вещей: опыт и результаты применения в нефтегазовой отраслиCisco Russia
Как компания Cisco способствует цифровой трансформации предприятий нефтегазовой отрасли. Описание внедренных проектов, полученных результатов, обзор примененных архитектур.
2. План презентации:
1. Aрхитектура ASR1000:
компоненты - шасси, RP, ESP, SIP
новинки 2012 года - ESP-100, ASR1002-X
2. Программное обеспечение ASR1000
3. Сценарии использования ASR1000
4. Планы развития
4. Общая схема работы маршрутизатора
Control Plane
CPU - RIB (Routing
Route DRAM Information Base)
Flash, NVRAM, - ACL, FW/NAT и т.д.
Control Packet
CON, AUX,...
IOS RIB
NP Packet DRAM
FIB Data Packet Data Plane
- FIB (Forwarding
Information Base)
interfaces Interconnect interfaces
CPU под управлением IOS – выполняет функции control plane
NP (Network Processor) – выполняет функции data plane
CPU выполняет также функции Management Plane
5. Архитектура ASR1000
• RP (Route Processor) - control plane + управление системой
• ESP (Embedded Services Processor) - data-plane
ASR1000
SIP
SPA
ESP (active) RP (active)
SPA
QFP IOS
buff.
SIP
SPA
SPA ESP (standby) RP (standby)
buff.
SIP QFP IOS
SPA
QFP (Quantum Flow Processor)
SPA - От 5 до 57 Mpps
- C-programmable,
1-3 SIP slots
SIP (SPA Interface Processor) - чип для QOS: BQS
подулючение Shared Port Adapters к - 1.3млрд. транзисторов
системе
6. Внешний вид маршрутизаторов Cisco ASR 1000
SIP
SIP
SPA
ESP
RP
RP
Cisco ASR1006
ESP
SIP SPA
0/0 0/1 RP
0/2 0/3
ESP
RP
Cisco ASR1004 SIP
ESP
SPA
Cisco ASR1002 Cisco ASR 1013
SPA
Cisco ASR 1001
7. СИСТЕМА ПИТАНИЯ И ОХЛАЖДЕНИЯ
ASR1000 PEM (Power Entry Module) = P/S + Integrated FANs
ASR1006 ASR1001
PEM1
PEM2
ASR1013
3xMulti-Speed Fans на каждом PEM PEM1
ASR1004
PEM2 PEM2
PEM1
PEM3
3xMulti-Speed Fans на каждом PEM
ASR1002 PEM4
PEM1 PEM2
3xMulti-Speed Fans for each PEM
2xMulti-Speed Fans на каждом PEM
8. Архитектура ASR1000
• RP (Route Processor)
ESP RP RP ESP – функции control plane
управление системой
Embedded Services Route Route Embedded Services
Processor Processor Processor Processor
(active) (active) (standby) (standby) • ESP (Embedded Services
Processor)
FECP
FECP RP RP – функции data plane,
обработка трафика
Interconn. Interconn.
QFP QFP
• SIP (SPA Interface Processor)
– подключение модулей SPA
Crypto Crypto
assist assist
Interconn. Interconn. • Централизованная
архитектура
– Весь трафик проходит через
активный ESP
Passive Midplane
• Распределенная архитектура
Interconn. Interconn. Interconn. управления системой
– Все компоненты имеют
SPA IOCP SPA IOCP SPA IOCP
контрольный процессор
Agg. Agg. Agg.
SPA SPA SPA SPA SPA SPA SPA SPA SPA
SPA SPA SPA SPA
ESI 46Гбит/с
SIP SIP SIP
SPA-SPI, 11.2Гбит/с
Hypertransport, 10Гбит/с
9. Control Plane
• Два набора соединений control plane:
–Ethernet out-of-band Channel (EOBC) – управление компонентами
системы
–Inter Integrated Circuit (I2C) – управление и мониторинг состояния
компонент
ESP RP RP ESP
(active) (active) (Standby) (Standby)
FECP FECP
RP RP
QFP QFP
EOBC (Ethernet out-of- Crypto subsys- Crypto subsys-
band Channel) assist tem assist tem
I2C – Inter Integrated Circuit Interconn. Interconn.
Midplane
SPA Control
Interconn. Interconn. Interconn.
SPA IOCP SPA IOCP SPA IOCP
SPA Bus
Agg. Agg. Agg.
SPA … SPA SPA … SPA SPA … SPA
10. SIP: SIP10 и SIP40
SIP10 SIP40
Полоса пропускания 10G 40G
Входной буфер 128MB 128MB
Выходной буфер 8MB 8MB
Частота работы ESI 3.125GHz 6.25GHz or 3.125GHz
Полоса пропускания ESI 11Gbps 2x23G bps
Link
Количество ESI Link 1 1 or 2
Общая полоса 11Gbps 23Gbps/46Gbps
пропускания
11. Процессорные карты Route Processor
RP1 и RP2
RP1 RP2
Dual-Core Intel Xeon 2.66
ЦПУ 1.5 GHz Freescale 8548
GHz
Память 4GB От 8GB до 16GB
Встроенная bootflash 1GB 2GB
Порты управления CON / AUX / ETH CON / AUX / ETH
HDD 40HDD 80HDD
Поддержка внеш. USB Да Да
14. ASR1000-ESP100
• Полоса пропускания 100Гбит/с
• Шифрование на скорости до 29Гбит/с
• модуль обеспечивает полную обработку
пакета данных
• имеет QFP и Crypto Engine.
• В QFP выполняет и буферизацию пакета
и queuing
• Interconnect обеспечивает соединения
ESI с другими модулям и поддреживает
до 46Гбит/с на ESI соединении к
каждому слоту SIP (2 режима: 1 x
11Гбит/с или 2 x 23Гбит/с)
Процессор управления модулем: Intel
CPU (1.73GHz dual core CPU , 16GB
памяти) управляет модулем , QFP,
crypto-процессором, соединениями и т.д.
15. QFP третьего поколения
• QFP третьего поколения содержит и ядра PPE и Traffic manager
64 ядра PPE на одном QFP
118 тыс очередей на каждом QFP
Всего ESP100 имеет в сумме 126 ядер PPE и 236 тыс.
очередей
• PPE на QFP третьего поколения имеет тот-же микрокод что и предыдущий QFP
Функции выполняетмые на PPE работают так же как и на предыдущих
• Полная конфигурационная совместимость с предыдущими типами ESP
• Поддерживается In-service hardware upgrade с ESP40 на ESP80/100
• Отличия
Небольшое различие в выводе show команд
Deployment differences in deployments with large number of schedules
17. 1. Пакет прибывает на QFP
Прохождение трафика через ESP100 2. Interconnect ASIC посылает пакет одному из двух
QFP выбирая их по очереди
3. Пакет прикрепляется к одному из PPE.
4. PPE обрабатывает пакет:
Resource Pkt Buffer Resource Pkt Buffer
TCAM4(80M
Применяются Входные фичи
DRAM DRAM DRAM DRAM
(128MB) (128MB) bit)
(512MB) (512MB)
Processor pool
Quantum Flow Processor
(QFP0)
Processor pool
Quantum Flow Processor
(QFP1) NetFlow, MQC/NBAR Classify, FW, RPF,
Mark/Police, NAT, WCCP etc.
PPE0
PPE0
PPE0
PPE0
PPE0
PPE0
PPE2
PPE0
PPE0
PPE0
PPE3
PPE0
PPE0
PPE0
PPE4 PPE0
PPE0
PPE0
PPE0
PPE0
PPE0
PPE2
PPE0
PPE0
PPE0
PPE3
PPE0
PPE0
PPE0
PPE4 Решение по маршрутизации
PPE1 PPE1
Ipv4 FIB, Load Balance, MPLS,
PPE0
PPE0
PPE0 … PPE0
Buffer, queue, schedule (BQS)
Buffer, queue, schedule (BQS) PPE0
PPE0
PPE0 … PPE0
Buffer, queue, schedule (BQS)
Buffer, queue, schedule (BQS)
MPLSoGRE, Multicast etc.
PPE0 PPE0 PPE0 PPE0 PPE0 PPE0
PPE0 PPE6 PPE0 Buffer, queue, schedule (BQS) PPE0 PPE6 PPE0 Buffer, queue, schedule (BQS)
PPE64 PPE64
Применяются Выходные фичи
PPE5 PPE5
NetFlow, FW, NAT, Crypto, MQC/NBAR
Classify, Police/Mark etc..
Dispatcher
/Pkt Buffer
Dispatcher
/Pkt Buffer Хотя TCAM физически прикреплена к QFP1,
но QFP0 имеет доступ к TCAM через Mesh
SerDes (скорость линка 32x10GE), Поэтому с
точки зрения TCAM нет никакой разницы
обрабатывается пакет QFP0 или QFP
ASR
System BW 5. Пакет перемещается из памяти на PPE в Traffic
– 2x69G Manager (очередезация). В зависимости от
размещения выходного интерфейса может
понадобится передать пакет в другой BQC на
Interconnect другом QFP.
6. Traffic Manager составляет расписание какой
трафик в какой интерфейс посылать и в каком
ESI, 10/40Gbps
порядке
SIP SPA-SPI, 11.2Gbps 7. SIP в случае перегрузки может независимо
Hypertransport, 10Gbps выставить в сторону ESP при помощи контрольных
Data Other
сообщений сигнал остановки передачи данных
18. ESP100 – зоны ответственности двух QFP
• ESP100 имеет два QFP ASIC третьего
поколения
• Оба QFP обслуживают весь трафик, по
принципу: свободный PPE берет
очередной пакет на обработку, но:
• Выходной queuing и scheduling каждый
QFP выполняет для половины SPA-
слотов в шасси
• Это надо принимать во внимание при
планировании QoS и GEC
• ESP100 требует блоков питания
последнего поколения:
ASR1013/06-PWR-AC
ASR1013/06-PWR-DC
20. АППАРАТНАЯ ЧАСТЬ CISCO ASR1002-X
BITS
GPS
Console
MGMT
AUX
2 USB ports 3 SPA slots HDD or Blank
6 GE ports
2x GPS
1pps 10 MHz
Redundant Power Supplies (AC or DC)
21. БЛОК-ДИАГРАММА CISCO ASR 1002-X
ASR1002-X
Temp
TCAM4 Sensor Mgmt Console
Resource Pkt Buffer
(10Mbit)
DRAM Part Len/ USB ENET and Aux Hard
DRAM Power Ctlr
(512MB) (128MB) BW SRAM disk
EEPROM
Processor pool
PPE0
PPE0
PPE0
PPE1
PPE0
PPE0
PPE0
PPE2 PPE0
PPE0
PPE0
PPE3
PPE0
PPE0
PPE0
PPE4
QFP
CPU
Memory
PPE0
PPE0
PPE0
PPE5
PPE0
PPE0
PPE0
PPE6 … PPE0
PPE0
PPE0
PPE64 Buffer,Buffer, schedule (BQS)
queue, queue,
schedule (BQS) CPU nvram
SDRAM
MiniDIMM
Dispatcher/
(2.13GHz Quad-Core) Bootdisk
Pkt Buffer
Boot Flash
(OBFL, …)
Stratum-3 Network
clock circuit
JTAG Ctrl
Crypto Interconnect Interconnect PCIe
SPA Control
SPA Bus
SA table I/L 69Gbps
DRAM 40/11.Gbps
GE GE GE GE GE GE
Other
SPA SPA SPA
RP, ESP, SIP-40 итергированы в шасси
22. ХАРАКТЕРИСТИКИ
ASR1002-X
ASR1002-X • Размер 2RU
• Встроенные RP, ESP и SIP
• Два блока питания AC/DC
Полоса пропускания • 5Гбит/с, 10Гбит/с, 20Гбит/с, 36Гбит/с – зависит от лицензии
Производительность • До 30 Млн. пак. в сек
Полоса шифрования • 4Гбит/с
Процессор RP, DRAM • Quad-core @2.13GHz processor, 4GB-16GB
Коммутационный • Встроенный ESP с производительность от 5Гбит/с до
процессор 36Гбит/с в зависимости от лицензии
Интерфейсы Ввода- • 3 слота SPA + 6 встроенных GE (SFP, поддерживаютSyncE )
вывода • Порты Console / Management Ethernet / Aux
• Порт USB для внешнего USB storage
• Optional HDD (160GB)
Производительность • 36Гбит/с , 2 Млн трансляций
FireWall / NAT
Network Timing • Stratum 3/G.813 Clocking, BITS timing, GPS, SyncE, 1588
25. ПРОГРАММНОЕ ОБЕСПЕЧЕНИЕ CISCO ASR1000
RP CPU
Chassis Mgr.
• Процесс Control Plane
• Составление конфигурации IOS Forwarding Mgr.
• Формирование таблиц маршрутизации (RIB, FIB…)
Kernel Kernel (incl. utilities)
(incl. utilities)
• Обеспечение уровня абстракции между железом и
IOS (управление вторым ESP) Interconn.
• Хранение копии FIB и списка интерфейсов
• Обеспечение статуса FIB для active & standby ESP
ESP FECP QFP Chassis Mgr.
Client /
• Общение с Forwarding manager на RP Driver Forwarding Mgr.
• Обеспечивает общение с драйверами QFP Kernel Kernel (incl. utilities)
(incl. utilities)
• Хранение копии тиблиц FIB Interconn.
QFP subsys-tem
• Управлени QFP forwarding plane и QFP DRAM QFP code
• Сбор статистики и передача в сторону RP Interconn.
Crypto assist
• Выполняет функции обработки трафика
SIP
• ПРограммирует PPE информацией для обработки Interconn.
IOCP
SPA SPA
SPA
Chassis Mgr.
трафика drive SPA
drive
r r
drive
r driver
SPA Agg. Kernel (incl. utilities)
SPA … SPA
26. Для более точных сведений необходимо проверять
наличие функционала в CFN
Cisco IOS XE типы наборов ПО
Cisco ASR1000 Cisco ASR1000 Cisco ASR1000 Advanced
• ACL IP Base Advanced IP Services Enterprise Services
• BGP, EIGRP, ISIS, OSPF, RIP, • ATOM, VPLS • DECNet V
EEM • BFD • IPX
• ACL • Broadband (BNG/ISG)
• ERSPAN
• CUBE (SP)/CUBE (ENT)
• HSRP/VRRP/GLBP
• ISSU • Firewall + IP Base features
• Multicast • L2 & L3 VPN +Advanced IP
• NAT • MPLS Services features
• NBAR • OTV
• Netflow
• PfR
• QoS
• LISP
• PPPoE client*
• SNMP • IPSec
• TACACS • EVC/BDI
• WAN: ATM/FR/PPP/HDLC • E-OAM
• WCCPv2
• IP Services: ARP, GRE, NTP,
PBR, DHCP, IP SLA + IP Base features
• IPv6 parity to IPv4 features in IP
base Примечание: Некоторые из
• LI функций требуют наличия
• SSL/SSH (K9 images only) лицензий.
*Начиная с 3.7.1S
27. ОТКАЗОУСТОЙЧИВОСТЬ В IOS XE
Route Processor
• IOS XE = IOS + IOS XE Middleware +
Platform Software
IOS IOS
• Выгляит так же как IOS Router (Active) (Standby)
• IOS запускается в своем Linux процессе
выполня функционал (Routing, SNMP, IOS XE “Middleware”
CLI, и т.д.) Chassis
Manager
Forwarding
Manager
• Ядро Linux с несколькими процессами Kernel
запущенными в защищенных областях
памяти:
CONTROL MESSAGING
• Отказоустойчивость ASR 1000
– Zero-packet-loss RP Failover (ASR1006) SPA SPA SPA SPA QFP
DriverDriver
Driver
Driver Client/Driver
– <50ms ESP Failover
– “Software Redundancy” (ASR1001/2/4) Chassis
Manager
Forwarding
Manager
Chassis
Manager
Kernel Kernel
SPA Interface Enhanced Services
Processor Processor
30. Отказоустойчивая схема в случае асимметричной
маршрутизации
Два канала, один ISP Два канала, два ISP
• Типична для компании среднего • Типично для компании большого
размера размера
• Ситуация с асимметричным • Очень часто возникает
роутингом встречается не часто асимметричный роутинг
• A/R is considered to be transitional • A/R will be more long term
and temporary • Интерлинк должен быть
достаточной пропускной
способности
ISP 1
QFP QFP
InterLink InterLink
ISP
ISP 2
QFP QFP
32. Использование ASR 1000 в Enterprise сети
• WAN Aggregation, Secure WAN
• Internet Gateway – FW/NAT
• Data Center Interconnect
• Ultra High End Branch
ISP1 ISP2 Branch AGG/
WAN Cloud
WAN Aggregation, Secure
Private WAN
Internet Edge WAN
DC Internet Campus DC WAN Block
Zone/DMZ Core
Block
CUBE (Ent)
Extranet
Internet WAN
Data Center Interconnect Branch
Office Branch
Data Center Core
34. INTERNET ШЛЮЗ - FIREWALL / NAT
Corporate Internet
ASR1K
FW/NAT
Параметры производительности при одновременном
исопльзовании функций FireWall + NAT:
ASR1001 – 1,2 Млн пак сек, 125 тыс сессий
ASR1002-Х – около 6 Млн пак сек, 1 млн сессий
ASR1004-ASR1006 (ESP10) – 5,5 Млн пак сек, 500 тыс сессий
ASR1004-ASR1006 (ESP20) – 6 Млн пак сек, 1 млн сессий
ASR1004-ASR1013 (ESP40) – 6 Млн пак сек, 1 млн сессий
ASR1006-ASR1013 (ESP100) – около 12 Млн пак сек, 6 млн сессий
35. INTERNET ШЛЮЗ 1 Dep Inspection NBAR2
Функции маршрутизатора:
ASR 1000 собирает
статистику сетевого
FW/NAT, IPv6, NAT64, Dual Stack, ACL, AVC, PfR, HQoS, WCCP, трафика по приложениям
IPSec, GRE, DMVPN, GETVPN, FLEXVPN, MPLSVPN, EoMPLS, и абонентам
VPLS, L2TPv3
2 Visibility FNF+
Application Visibility and Control (AVC) Cisco Collection-Manager
(CM) агрегирует и
сохраняет данные
4 ASR1000
3 Insight Reporter
1 Удобные графический
3 Insight Reporter интерфейс, генерация
Flexible
отчетов, интеграция с e-
Netflow mail, PDF отчеты и др.
(FNF)
4 Control QoS+
Collection
Data
Base
Manager & Расширенный QoS
Database
2
36. DATA CENTER INTERCONNECT - DCI
Функции маршрутизатора: OTV, VPLS, EoMPLS, LISP, L2TPv3, IPSec VPN, GETVPN, ACL
Overlay Transport Virtualization (OTV)
Соединение ЦОД с MAC-маршрутизацией (без MPLS)
Ethernet трафик (frames) между сайтами инкапсулируется в IP: “MAC in IP”
Динамическая инкапсуляция основанная на MAC routing table
Непохоже на EoMPLS или VPLS, нет Pseudo-Wire
Ethernet Frame IP packet Ethernet Frame Ethernet Frame
Encap Decap
VLAN MAC IF VLAN MAC IF
100 MAC1 Eth1 OTV OTV 100 MAC1 IP A
100 MAC2 Eth 1
100 MAC2 IP B IP A IP B
100 MAC3 IP B 100 MAC3 Eth 2
Соединение между MAC1 и MAC2
ЦОД 1 ЦОД 2
37. ASR1000 В СЕТИ СЕРВИС-ПРОВАЙДЕРА
Mobile Subscriber Access &
Edge
Aggregation
Internet
Wireless ISP Peering
WiMAX Border
BNG
Business
RR
A Wireline IPSec
CPE IP/MPLS Core
Corporate
DSLAM
PE
xDSL
OLT
Residence
xPON
SBC
Cable
DOCSIS
VOD TV SIP
• Managed CPE • BNG-IPoE/PPPoE • Route Reflector
FW/NAT • IPSec Aggregator • Internet Peering
• PE L2/L3VPN/VPLS • CGN NAT
• CUBE SP - SBC
38. BROADBAND NETWORK GATEWAY – BNG/ISG
AAA
Server
• Per-session NAT ( для PPP)
BNG
• Dual stack PPP sessions RADIUS
Username:
PPP Username
• ISGv4, ISGv6 Pwd: pwd
PPPoE / IPoE
• Сосуществование IPv4 и IPv6 IPoE сессий
ASR1004,1006,1013 – RP2/ESP40
32 тыс сессий, 128 тыс очередей IPoE/PPPoE sessions, Hierarchical QoS, ISG
48 тыс сессий, 128 тыс очередей IPoE/PPPoE sessions, Hierarchical QoS, no ISG
64 тыс. сессий IPoE/PPPoE sessions, simple QoS (policing) , no
ISG
ASR1002-Х
29 тыс. сессий IPoE/PPPoE sessions, Hierarchical QoS, ISG
ASR1006,1013 – ESP100
около 64 тыс cессий, 232 тыс IPoE/PPPoE sessions, Hierarchical QoS, ISG
очередей
39. ASR1000 – PROVIDER EDGE (PE)
Функции: L3VPN, L2VPN, EoMPLS, VPLS, Inter-AS/CsC, MPLS TE/FRR
MP-BGP
eBGP
EIGRP IP/MPLS Core
OSPF MP-BGP
GE RIP
MP-BGP
Параметры масштабируемости:
• 4 тыс VRF
• 8 тыс PE-CE eBGP сессий
• 1 тыс OSPF или 1 тыс EIGRP или 4 тыс RIPv2 PE-CE сессий
• 4 тыс ISIS соседей
• 4 млн v4, v6 или VPNv4 маршрутов (16GB памяти на RP2 )
• 2 тыс LDP сессий
• 500 BFD сессий
• 32 тыс VLAN и 1 млн ARP записей
• 4 тыс QOS policy maps
• 4 тыс ACL и 100 тыс access list entries
40. Virtual Private LAN Service (VPLS)
Масштабируетмость VPLS на
PE PE ASR1000:
CE CE
• 16K MAC на VFI
MPLS • 64К MAC на ASR1K (128К - март 2013)
• 4k VFI на ASR1K
• 32K PW на ASR1K
PE • 128 PW на VFI (Bridge Domain)
• BGP auto-discovery with LDP signaling -- RFC6074 – не нужно настраивать VPLS-соседей вручную
• BGP auto-discovery with BGP signaling -- RFC4761 (Kompella draft) – ноябрь 2012
• VPLS over GRE over IPSec
• VPLS Inter-AS - option A, B. Option C - март 2013
• Иерархический VPLS
• Routed Pseudowire - VPLS/EoMPLS – PW сходятся на PE и объединятеся в Bridge Domain, BD имеет L3
интерфейс (BDI) для выходя в L3-мир
• MAC Limit – настраивается необходимое ограничение кол-ва МАС на: интерфейс, VPN, все устройство
• QoS – VPLS QoS настраивается на EVC, не на PW
Примечание: VPLS требует Advanced Image (AES или AIS). Дополнительных лицензий не требуется.
41. ПЛАНЫ РАЗВИТИЯ НА 2013 ГОД Март
2013
Port Density • 2x10GE+20x1GE
Key Features • All Ethernet related
features currently
supported on GE /
10GE SPAs on ASR1k
• SyncE
• 1588
• Y.1731
• 40 Gbps BW
• No SIP needed
Chassis ASR 1004, ASR1006,
ASR1013
RP RP2
ESP ESP40, 100, 160
42. Cisco ASR1000
грандиозный успех на рынке
• 10,900+ клиентов • 13 версий ПО начиная с мая
– 2 160+ Service Providers 2008
– 8 700+ Enterprise • Более 2,400 фич
customers • Две новые платформы в 2012
• Продано более 79 000 шасси году
Количество функций
43. Заполняйте анкеты он-лайн и получайте подарки в
Cisco Shop: http://ciscoexpo.ru/expo2012/quest
Ваше мнение очень важно для нас!
Спасибо!