Transcription
Cisco paraSUA infraestruturaFrederico Vasconcelos (CCIE & CISSP)Engenheiro de Sistemas
Por que estamos aqui hoje? Prestigiar evento Apresentar ASR 9000 Ouvir/dar sugestões, tirar dúvidas, participar
Cisco ASR 9000 System
Edge Routing -- Cisco ASR9000 Market Roles1. High-End Aggregation &TransportCarrier EthernetCable/MSO1.2.3.4.Mobile BackhaulMultiservice EdgeWeb/OTTDC gatewayBroadbandGatewayMobile BackhaulL2/Metro AggregationCMTS AggregationVideo Distribution & Services2. DC Gateway Router1.2.3.DC InterconnectDC WAN EdgeWEB/OTT3. Services RouterLarge EnterpriseWAN1.2.3.4.BRKARC-2003Business ServicesResidential BroadbandConverged Edge/CoreEnterprise WAN4
IOS-XR Architecture
Cisco IOS – A RecapSNMPXMLNetFlowACLQoSLPTSXR Code v2BGPOSPFPIMACLQoSLPTSXR Code PDataPlaneVirtual IOS-XRSNMPXMLNetFlowIOSControlPlaneOSPFIOSdClassic IOS-XRHosted App 2Cisco IOS-XEHosted App 1Cisco IOSSystemAdminOperational InfraDistributed InfraDistributed InfraDistributed InfraKernelKernelKernelKernelKernelLinux-BinOSQNX, 32bitLinux, 64bitLinux, 64bitLinux, 64bitVirtualization Layer1990s2000s2003-04Present DayIncremental Development, with Industry leading investment protectionBRKARC-20036
WAN MACSec TopologyBasic Site to Site Example – Today ScenarioService ProviderOwned Routers/BridgesDataCenterDataCenterPublic Carrier ec Secured Path / MKASessionMACsec Capable RouterDataCenterRemoteCampus/DCDataCenterSecured Ethernet WireCentralCampus/DCMACsec Capable PHYSP Owned EthernetTransport Device
ASR 9000 Security: vDDoS Protection SolutionVirtual Network Embedded DDoS Protection at Network EdgeCisco ASR9000 RouterSPPeers itsArbor Networks TMSrunning on VSM[DDoS Mitigation]DDoS Mitigation: NetworkEmbedded Leverage existing ASR 9000 Routers Detect DDoS attacks as fast as 1 second Port rate blacklisting done automatically Scrubbing on box - no backhaulingArbor Networks SPrunning onCisco UCS[DDoS Detection]DDoS Detection: 100% Virtual Netflow sampling used to monitor network for DDoS threats Programs ACLs on Tomahawk/Typhoon line cards toautomatically block threatsArbor Powered Industry-leading SP solution Complete surgical DDoS protection Scales from 10 Gbps to Tbps Powered by ATLAS threat feeds
ASR 9000 Models
Cisco ASR 9000 System Comprehensive PortfolioCompact & PowerfulAccess/Aggregation Small footprint with full IOS-XR fordistributed environmentsHigh Density Service Edgeand CoreFlexible Service Edge Optimized for ESE and MSE with high M-Dscale for medium to large sites Scalable, ultra high density servicerouters for large, high-growth sitesASR 9922One Platform, One OS, One FamilyASR 9912nV SatellitesASR 9000v, 901, 920ASR 9010ASR 9910ASR 9006ASR 9904ASRASR9001Fixed 2RU2 LC/6RU4 LC/10RU8 LC/21RU8 LC/21RU10 LC/30RU20 LC/44RU240 Gbps16 Tbps7 Tbps14 Tbps64 Tbps80 Tbps160 and10
ASR 9001/ASR 9001-S Compact ChassisSide-to-Side airflow2RUFront-to-back air flow with air flowbaffles, 4RU, require V2 fanSub-slot 0 with MPA*Redundant(AC or DC)Power SuppliesField ReplaceableSub-slot 1 with MPA*Supported MPAs:Fixed 4x10G SFP ports20x1GE2x10GE4x10GE1x40GEFan TrayField Replaceable*MPA: Modular Port AdapterBRKARC-200311
Cisco ASR 9006 OverviewFront-to-back air flowwith air flow baffles,13RU, verticalSide-to-side airflow, 10 RUFeatureDescriptionTotal Capacity3.68TCapacity per Slot920GSlots6 slots - 4 Line Cards and 2 RSPsRack size10RUPower1 Power Shelf, 4 Power Modules2.1 KW DC / 3.0 KW AC suppliesFan:Side to Side AirflowOptional Baffle for Front-to-Back Airflow2 Fan Trays, FRURSPsIntegrated Fabric, 1 1 RedundancyLine cardsTomahawkTyphoonVSMSIP700 & SPAsBRKARC-200312
ASR 9000 Hardware Components – RP/RSPASR 9010ASR 9922ASR 9910ASR 9912ASR 9006ASR 9904BRKARC-200313
ASR 9000 Route Switch ProcessorASR 9010 Common for ASR 9904, ASR 9006, and ASR 9010Common internal HW with RP for feature parity on IOS XRIntegrated Multi-Stage Switch FabricTR and SE Memory optionsTime and Synchronization SupportRPS440ASR 9006ASR 9904RSP880AvailabilityQ1CY12Q1CY15ProcessorFour Cores - 2.1GHzEight Cores - 2.2GHzNPU Bandwidth60G240GFabric Capacity440G880GMemory6G for TR12G for SE16G for TR32G for SESSD2x 16GB Slim SATA2x 32GB Slim SATALC SupportTyphoonTomahawk/TyphoonBRKARC-200314
ASR9000 Line Card Details
ASR 9K Ethernet Line Card Overview2nd LC TyphoonNPU: 60Gbps, A9K-4T16GE3rd LC TomahawkNPU: 240Gbps, 9K-8x100GEA9K-4x100GEMPAs1x100GE2x100GE20x10GE TyphoonMPAs-TR, -SEBRKARC-200316
Flex 100G CPAKInvestmentProtectionStart with 10 GEand upgrade to100 GE in thefuture100 GE LR4CPAK Options10x10 GE2x40 GE100 GE SR10CPAK 100 GE ER4CPAK 100 GE LR4CPAK 100 GE SR10BRKARC-2003CPAK10x10-LR17
Tomahawk Scale DifferencesMetricMPLS LabelsMAC AddressesFIB Routes (v4/v6) – SearchMemoryMroute/MFIB (v4/v6)VRFBridge DomainsTCAM (acl space v4/v6)Packet BufferEFPsL3 Subif (incl. BNG)IP/PPP/LAC subscriber sessionsper LCEgress QueuesPolicersQOS/ACL (v4/v6)Tomahawk-TR ScaleTomahawk-SE Scale1M2M10M(v4) / 5M(v6)128k/32k8K64KTCAM – 1/4 -SETCAM (80Mbit)Packet Buffer – 100ms (6G/NPU) Packet Buffer – 200ms (12G/NPU)16K/LC8K128K/LC (64K/NP)128K (64K/NP)16K256K (64K/NP)8 Queues / port nV Sat Q’s32K/NPU16k v4 or 4k v6 ACEs/LC1M/NPU (4M for 8x100GE!)512K/NPU98k v4 / 16k v6 ACEsBRKARC-200318
Switch Fabric Architecture
ASR 9000 Switch Fabric OverviewSeparated fabric cardFabric is integrated on RSP1 1 redundancyIntegrated SeparatedFabric6 1 redundancy6 1 redundancyIntegrated fabric/RP/LC9904RSP880: 805G 805G/slot9001, 2RU, 120G99109001-S, 2RU, 60G1.38Tb 230G /slot99129006901099221.38Tb 230G /slotRSP880: 450G 450G /slotBRKARC-200320
ASR90xx – RSP880 and Mixed LCStage 1Ingress LinecardFabricSM15FabricStage 38x115GbpsEgress omahawk Line CardTyphoon LinecardFabric bandwidth:Stage 2FabricSM158x55Gbps8x55Gbps 440Gbps/slot with dual RSP4x55Gbps 220Gbps/slot with single RSPArbiterFabric bandwidth:RSP8808x115Gbps 900Gbps/slot with dual RSP4x115Gbps 450Gbps/slot with single RSPBRKARC-200321
Quero saber mais
Como podemos te ajudar? Mais informações sobre o ASR lscomparison.html Novo modelo de Softwares Ciscowww.cisco.com/go/one Sessões semanais GRÁTIS Cisco:http://www.cisco.com/web/BR/eventos/quintas quinze.html
E por último
Virtual Network Embedded DDoS Protection at Network Edge Peers & Transit Providers SP Firewall IPS Enterprise Arbor Networks SP running on Cisco UCS [DDoS Detection] Arbor Networks TMS running on VSM [DDoS Mitigation] Cisco ASR 9000 Router DDoS Mitigation: Network Embedded Leverage existing ASR 9000 Routers Detect DDoS attacks as fast as 1 second Port rate blacklisting done .
