Cisco’s Integrated Services Routers

Thomas Krewedl
tkrewedl@cisco.com
0664-4234611

Session Number Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

1

Agenda

• Market Trends and Momentum for Services • Cisco Integrated Services Routing Architecture • Cisco’s Integrated Services Routing Portfolio • Wireless Services on the Cisco 2800 & 3800 Series Integrated Services Routers

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

2

MARKET TRENDS AND MOMENTUM FOR SERVICES

Presentation_ID

© 2004, Cisco Systems, Inc. All rights reserved. © 2004 Cisco Systems, Inc. All rights reserved.

3

Customer Priorities
Q. What functions that SHOULD be router-integrated?
Firewall VPN Intrusion Detection Anti-Virus Software IP Telephony Compression Content Filtering Caching QoS Streaming Multicasting
0 50 100 150 200 250 n=331
4

Cisco-Sponsored Yankee Survey: June 03
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

New Router Portfolio That Extends Integrated Services to Businesses of All Sizes
• FIRST portfolio engineered for secure, wire-speed delivery of concurrent data, voice and video services • Cisco’s integrated systems approach to embedded services speeds deployment and reduces operating costs and complexity • Founded on more than 20 years of innovation and leadership— FIRST to embed security and voice services into a single routing system
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

5

Cisco’s New Integrated Services Routers
New Systems Approach For Services
Embedded Security tightly integrated with Voice

3800 series
Up to… 5X service density, 7X performance, 4X memory! Backward compatibility with existing router modules for solid investment protection
Presentation_ID

Sustained wire-speed performance with concurrent services

Integrated Services Routers 1800 series

2800 series
Industry-leading network availability and resilience
6

© 2004 Cisco Systems, Inc. All rights reserved.

The Value of a Systems Approach Tightly Integrated Services
V3PN
(IPSec, QoS, GRE) Deliver latencysensitive data, voice, video traffic across the VPN

Toll-Quality Secure Voice
(Voice, QoS, sRTP) Deliver toll quality IP Telephony over an IP WAN

Voice

Security

DMVPN
(IPSec, NHRP, OSPF) Enables on-demand and scalable full VPN mesh and easy to manage.
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

Routing Services

Network Admission Control
(EAP, Radius ACLs) Limits network access to compliant and trusted endpoints
7

Scalable from Small Business to Large Enterprises
Right-Sized Router, Right-Sized Requirements

3800 Series
Performance and Services Density

2800 Series
FCS Oct 04 Highest Density and Performance for Concurrent Services

1800 Series
FCS Sept 04 FCS Sept 04

Embedded, Advanced Voice, Video, Data & Security Services Integrated Security & Data Enterprise Branch SM Branch

SMB
8

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

Investment Protection and Migration Path
FCS Oct 04 Cisco 3800 Series FCS Sept 04 Cisco 2800 Series FCS Sept 04 Cisco 1800 Series Cisco 3700 Series Cross compatibility with existing router modules Increased default memory Additional DRAM, reduced costs New feature development and additions until IOS 12(5) mainline No EOS for at least 18-24 months Continued software support for 5 years after last sale
9

Cisco 2600XM Series

Cisco 1751/ 1760

Cisco 1721

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

Cisco’s Integrated Services Routers
CISCO 3825
$9500

CISCO 2801
$1995

CISCO 2811 CISCO 3845
$13000

$2495

CISCO 2821
$3895

CISCO 1841
$1395

CISCO 2851
$6495

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

10

18/28/3800 Concurrent Services at Wire Speed
3845 1 T3/E3 CME:240 SRST:720 3825 ½ T3/E3 CME:168 SRST:336 2821 2851 2811 6 T1/E1 2 T1/E1 4 T1/E1 2801 CME:36 CME:48 CME:96 1 T1/E1 SRST:36 SRST:48 SRST:96 CME:24 SRST:24 1841 1 T1/E1

T3/E3

Multiple T1/E1/xDSL

T1/E1/xDSL

Wan Bandwidth
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

11

2800/3800 Platform Overview
70-100kpps 64F/128D DDR
VWIC HWIC VWIC

2801
USB

FE FE

HWIC

2811
NME
HWIC HWIC

130-160kpps 64F/256D DDR
HWIC HWIC
FE FE
USB USB

• • • • • • • • • •

Complete New Line of Full Service Branch Access Routers 2-5x Increased routing performance * 2-10x services performance * Concurrent Services running at Wire-Rate Increased Memory Integrated 10/100/1000 LAN, Security and Voice options New Modules (GE, Switch, Voice) New higher speed module technologies NMEs, HWICs, EVMs Supports most current 1700/2600 modules

2821
GE GE HWIC HWIC

180-210kpps 64F/256D DDR

3825
NME NME
HWIC HWIC HWIC GE USB USB HWIC GE SFP

280-350kpps 64F/256D

NME

HWIC HWIC

EVM

USB USB

2851
GE GE

200-250kpps 64F/256D DDR
EVM
USB USB USB USB

3845
HWIC HWIC HWIC HWIC

400-500kpps 64F/256D
GE GE SFP

HWIC HWIC

HWIC HWIC

NME
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

NME NME

NME NME
12

CISCO’S INTEGRATED SERVICES ROUTING ARCHITECTURE

Presentation_ID

© 2004, Cisco Systems, Inc. All rights reserved. © 2004 Cisco Systems, Inc. All rights reserved.

13

NEW Architecture-Core/Memory
Flash DRAM Flash RTC DRAM

CPU PCI

CPU ASIC NEW

Current DRAM/Flash Processor Real Time Clock Custom ASIC
Presentation_ID

256M EDO/48M Up to 4X the density Up to 40Mbps N/A N/A Up to 250Mbps Time-of-day on system power up. Necessary for certificates Module Integration communication (HWIC, NM, AIM, DSPs,etc…)
14

© 2004 Cisco Systems, Inc. All rights reserved.

NEW Architecture-WICs/Network Modules
Flash DRAM CPU PCI AIM In-line Power NM
Current

WIC WIC FE FE

Flash RTC DSP VPN AIM AIM

DRAM

USB USB HWIC HWIC HWIC HWIC GE GE EVM NME

CPU

ASIC

In-line Power

New

Up to 4 NMs (400Mbps aggregate) Up to 4-NME (up to 1.2Gbps aggregate) Up to 3 WICs (8Mbps shared) External Device for Inline Power
(exception 3700
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

Up to 4 HWICs (800Mbps aggregate) Internal Inline Power (up to 360W)
15

NEW Architecture-AIMs/USB/LAN Interfaces
Flash DRAM CPU PCI AIM In-line Power
Current

WIC WIC FE FE

Flash RTC DSP VPN AIM AIM

DRAM

USB USB HWIC HWIC HWIC HWIC GE GE EVM NME

CPU

ASIC

NM

In-line Power
NEW

Single/Dual FE 1-2 AIMs No USB ports
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

Dual FE/GE, Optional GE SFP HWIC 1-2 AIMs – Higher speed 1-2 USB ports per chassis
16

NEW Architecture-Security
Flash DRAM CPU PCI AIM In-line Power
Current

WIC WIC FE FE

Flash RTC DSP VPN AIM AIM

DRAM

USB USB HWIC HWIC HWIC HWIC GE GE EVM NME

CPU

ASIC

NM

In-line Power
NEW

Requires AIM

Built-in VPN or AIM DES/3DES/AES128,192,256
17

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

NEW Architecture-Voice
Flash DRAM CPU PCI AIM In-line Power
Current

WIC WIC FE FE

Flash RTC DSP VPN AIM AIM

DRAM

USB USB HWIC HWIC HWIC HWIC GE GE EVM NME

CPU

ASIC

NM

In-line Power
NEW

Requires Voice NM Dedicated DSPs TDM switching 3700 only
Presentation_ID

HWICs support VICs and EVM slot Shared DSP slots on MB TDM switching supported in 2800/3800 series
18

© 2004 Cisco Systems, Inc. All rights reserved.

CISCO’S INTEGRATED SERVICES ROUTING PORTFOLIO

Presentation_ID

© 2004, Cisco Systems, Inc. All rights reserved. © 2004 Cisco Systems, Inc. All rights reserved.

19

New Cisco 3845 Router
Power + 802.3af Power + 802.3af USB USB VPN AIM GE GE D D SFP XD XD AIM

HWIC HWIC HWIC HWI C NME NME X X NME NME

NME/HWIC Slots Onboard DSP Slots Internal Power Supplies VPN Tunnels
Presentation_ID

4 single-wides /4 single-wides Can accommodate up to 2 EVMs in any NME slot 4 1-2 (AC, AC+IP, DC), RPS support 2500 (AIM), or 700 (VPN on-board)
20

© 2004 Cisco Systems, Inc. All rights reserved.

New Network Module and WIC Slot Types NM NME NME-X NMD NME-XD HWIC
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

i.e16ESW i.e EVM-HD-xxx Future Use i.e. 36ESW
removable slot dividers

Future Use

HWIC-D
21

New Cisco 3825 Router

Power + 802.3af NME NME X X

VPN

AIM D

AIM XD USB USB SFP

HWIC HWIC

HWIC HWIC

GE GE

NME/HWIC Slots Onboard DSP Slots Internal Power Supplies VPN Tunnels
Presentation_ID

2 single-wides /4 single-wides Can accommodate up to 1 EVM in any NME slot 4 1 (AC, AC+IP, DC), RPS support 2000 (AIM), or 500 (VPN on-board)
22

© 2004 Cisco Systems, Inc. All rights reserved.

New Cisco 2851/2821 Router
Power + 802.3af GE GE HWIC HWIC HWIC HWIC NME X

VPN EVM

AIM

AIM USB USB

D

XD

GE GE HWIC HWIC HWIC HWIC NME
Presentation_ID

EVM

USB USB
23

X

© 2004 Cisco Systems, Inc. All rights reserved.

New Cisco 2811/2801 Router

NME

HWIC HWIC HWIC HWIC

FE FE

USB USB

Power + 802.3af USB FE FE

VPN HWIC

AIM VWIC HWIC

AIM VWIC

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

24

2800 Comparison

2801 2811 2821 2851 NME / Dedicated EVM Slot 0/0 1/0 1/1 1/1 HWIC 2 4 4 4 Onboard DSP Slots 2 2 3 3 Onboard LAN 2 FE 2 FE 2 GE 2 GE Internal Power Supply/RPS support 1/No 1/Yes 1/Yes 1/Yes VPN Tunnels (VPN on-board/AIM) 100/800 150/1800 250/1800 300/1800

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

25

New Cisco 1841 Router
Power

VPN FE FE

AIM HWIC HWIC

USB

The only Desktop form factor model
HWIC Slots Onboard DSP Slots Internal Power Supply VPN Tunnels 2 single-wides None, Data Only 1 (AC only), no RPS support 800 (AIM), or 100 (VPN on-board)

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

26

Cisco Access Router Interface Cards and Modules
• Supports 90+ existing NM, WIC/VIC/VWIC, AIM • Flexible expansion (HWIC NME, EVM), additional concurrent services • Updated Cisco Access Router Quick Reference Guide

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

27

High-Speed WAN Interfaces New
9 & 4 port Etherswitch HWICs

• Support in 1800/2800/3800 • Low density L2 switching • Supports standards based POE (802.3af) with optional inline power supply
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

28

High-Speed WAN Interfaces New
Gigabit Ethernet HWIC

• Offers Optical and Copper connectivity without NM occupancy • Support in 2811, 2821, 2851 & 3800 only

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

29

Extended Voice Module (EVM-HD)
EM 0 EM 1

New
RJ21 Connector

• EVM (voice/fax expansion modules) supports highdensity FXS, FXO, Analog-DID and BRI ports • Baseboard: EVM-HD-8FXS/DID • Expansion Modules:
EM-HDA-8FXS EM-4BRI-NT/TE
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

EM-HDA-3FXS/4FXO EM-HDA-6FXO
30

Removing Compact Flash (CF) 1
Removing CF
1. Press ejector button and arm extends 2. Push ejector arm in and CF comes out

2
Installing CF
6. Ejector arm pushed in 7. Insert CF into slot and push in

• Storage of IOS image, SDM, CME files, VLAN, etc… • Do not remove CP from operating router
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

31

Integrated Power Supply

Field Replaceable AC/DC and AC+POE
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

32

PVDM2 Installation

1. Angle PVDM into slot to seat
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

33

PVDM2 Installation

Removal order: PVDM2 PVDM1 PVDM0
To remove Prey open tabs on both sides

Installation order: PVDM0 PVDM1 PVDM2

2. Push up and snap into place
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

34

NME Slot

Align NME with grooves
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

Removable slot dividers
35

Wireless Services on the Cisco 2800 & 3800 Series Integrated Services Routers

Presentation_ID

© 2004, Cisco Systems, Inc. All rights reserved. © 2004 Cisco Systems, Inc. All rights reserved.

36

Outline
• Wireless Services on Routers
Cisco Integrated Services Routers Wireless Services for Branch Offices Fast, Secure Mobility Survivable Local Authentication Scalability Feature Sets

• Future Services – SWAN support
Rogue Detection Assisted Site Surveys

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

37

Wireless Services Integrated With Wired Infrastructure
HQ / CAMPUS BRANCH 1
W Catalyst 6500 Series WLSM

LAN core & WAN

Catalyst 6500 Series WLSM

W

W Wide Area Network (Intranet)

LAN access layer with per-switch wireless VLANs

LAN access layer

BRANCH 2
Cisco 3800 & 2800 Routers W
LAN with site-wide wireless VLANs

Presentation_ID

Guest

Phone Employee
© 2004 Cisco Systems, Inc. All rights reserved.

38

Wireless Services – Fast Secure Mobility for Voice, Video, VPN
ACS WLSE W

LAN core & WAN LAN access layer with per-switch wireless VLANs

W

W Wide Area Network (Intranet)

LAN access layer

Layer 3 Fast secure mobility (as little as 50ms) maintains latency-sensitive connections

W
LAN with site-wide wireless VLANs

Layer 3
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

Layer 2

39

Wireless Services – Fast Secure Mobility for Voice, Video, VPN
• Fast secure mobility enables wireless clients to maintain voice, video, VPN connections when moving between access points • Mobility time is reduced from ~500ms to as low as 50ms through WDS-based authentication for the handoff
No need to go back to the ACS server across the WAN for authentication again (note that the initial authentication still requires access to the ACS server)

• Supported with:
Cisco Aironet Access Points, and Cisco Aironet or Cisco Compatible client devices that support the Cisco Centralized Key Management protocol and Cisco LEAP

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

40

Wireless Services – Survivable Local Authentication
ACS ACS Failure WLSE W Survivable Local Authentication

LAN core & WAN

Survivable Local Authentication

W

W

Backup Switch & WLSM Wide Area Network (Intranet)

LAN access layer with per-switch wireless VLANs

LAN access layer

WAN Failure

W
LAN with site-wide wireless VLANs

Survivable Local Authentication

Presentation_ID

Guest

Phone Employee
© 2004 Cisco Systems, Inc. All rights reserved.

41

Wireless Services – Survivable Local Authentication
• The wireless LAN can survive a variety of failures:
WAN Link Failures – through dial backup & local authentication ACS Server Failures – through local authentication

• During a loss of connectivity to the ACS server:
Clients already connected to the network maintain their WLAN access New clients trying to authenticate to the network are authenticated by the local authentication server

• Supported with:
Cisco Aironet Access Points, and Cisco Aironet or Cisco Compatible client devices that support the Cisco Centralized Key Management protocol and Cisco LEAP
© 2004 Cisco Systems, Inc. All rights reserved.

Presentation_ID

42

Wireless Services – Scalable for Branch Offices of All Sizes
Local Authentication Client Database 1000 clients 500 250 200 100 50 Future
43

Cisco 3845 Cisco 3825 Cisco 3745 Cisco 3725 Cisco 2851 Cisco 2821 Cisco 2811 Cisco 2691 Cisco 2600XM Cisco 2801
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

Access Points Supported 100 APs 50 25 20 10 5

Wireless Services – Feature Sets Supported
IOS 12.3(11)T or later IOS Advanced Enterprise Services feature set (K9) IOS Advanced IP Services feature set (K9) IOS Advanced Security feature set (K9) IOS SP Services feature set (K9) IOS Enterprise Services feature set (K9) Wireless Services

    
44

Note – The above feature sets include the wireless services – no additional feature License is required.
Presentation_ID
© 2004 Cisco Systems, Inc. All rights reserved.

Outline
• Wireless Services on Routers
Cisco Integrated Services Routers Wireless Services for Branch Offices Fast, Secure Mobility Survivable Local Authentication Scalability Feature Sets

• Future Services – SWAN support
Rogue Detection Assisted Site Surveys

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

45

Wireless Services – RM Aggregation for Rogue Detection
ACS WLSE W Rogue AP
LAN core & WAN LAN access layer with per-switch wireless VLANs

W

W Wide Area Network (Intranet)
RM Aggregation

LAN access layer

W
LAN with site-wide wireless VLANs
RM RM

Rogue Access Point

Presentation_ID

Guest

Phone Employee
© 2004 Cisco Systems, Inc. All rights reserved.

RM

46

Wireless Services – Radio Management Aggregation for Site Surveys
1. CiscoWorks WLSE instructs APs to measure and report the Radio Frequency (RF) environment and pushes optimal RF configurations to APs 2. CiscoWorks WLSE uses measurements from a client as it walks the perimeter of the coverage area to further fine-tune RF coverage

W

WLSE

CiscoWorks WLSE controls the process

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

47

Wireless Services – Roadmap

Benefit WDS with fast, secure layer 2 roaming IEEE 802.1X (backup) local authentication for LEAP clients Access point support (minimum release) RM aggregation WLSE support Security, Fast Mobility High Availability AP1100, AP1200 compatible Rogue Detection, Site Survey, SWAN

Router-IOS 12.3(11)T

Future Releases

 
AP-IOS 12.3 (11)JA AP-IOS Fluorine Spring’05 12.3(6th)T, WLSE 3.0

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

48

New IOS Software Architecture in 12.3
Simplified Image Selection
Advanced Enterprise Services
SSH

• Simplifies options (from 44 to 8) “Advanced Security” replaces:
IP/FW/IDS IP FW IP Plus IPSec IP/FW/IDS/IPSec

NAC•

Advanced IP Services NAC SSH Advanced Security SSH NAC

Enterprise Services

SSH

• Security features Network Admission Control IOS Firewall Intrusion Prevention DMVPN, AES SSH and SNMPV3 (DES) • As you step up, all features below are inherited • www.cisco.com/go/fn
49

SP Services SSH IP Voice IP Base

Enterprise Base
SSH

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

Cisco 1800/2800/3800 Release Plan
• 3800, 2800, 1800 Platforms Announcement:
External Announcement – Sept 14, 2004

• For 1800/2800 Platforms:
T train release – 12.3(8)T Target CCO date 9/13/2004 Target Orderability date – 9/16/2004 Target FCS date - End of Sept 2004

• For 3800 Platforms:
T train release - 12.3(11)T Target CCO date – Oct 2004 Target FCS Oct 2004

Presentation_ID

© 2004 Cisco Systems, Inc. All rights reserved.

50

Q and A

Presentation_ID

© 2004, Cisco Systems, Inc. All rights reserved. © 2004 Cisco Systems, Inc. All rights reserved.

51

Presentation_ID

© 2003, Cisco Systems, Inc. All rights reserved. © 2004 Cisco Systems, Inc. All rights reserved.

52

Sign up to vote on this title
UsefulNot useful