CISCO - ASR 1000 series hardware

Started by ganeshbala, Mar 24, 2009, 08:12 PM

Previous topic - Next topic

ganeshbala

CISCO - ASR 1000 series hardware

ASR 1000 series hardware -- which began shipping last April and was upgraded in November (see announcement blogs) -- has three components: an embedded service processor (ESP) for data-plane traffic, a route processor (RP) for control-plane functions and one or more line cards. The ASR family includes two-, four- and six-slot models; for this test Cisco supplied the top-of-the-line six-slot ASR 1006 with redundant RP and ESP modules and power supplies.

The ASR's most notable new feature is its ESP module, all of which features the 40-core Quantum Flow Processor (QFP).Through separate software licenses, QFP supports numerous services such as firewalls, NetFlow and Nbar classifiers and, in the future, caching load balancers. The ESP module also offers powerful QoS features, with 128,000 queues and support for up to 1,000 global policies and classification maps.

While the RP is functionally similar to Cisco 7200 routing modules, it scales higher; a million Border Gateway Protocol routes and hundreds of thousands of Open Shortest Path First (OSPF) routes are possible. Scalability also extends to the number of routing sessions: Our tests involved hundreds of concurrent OSPF sessions, something we haven't been able to set up with earlier midrange Cisco routers. The RP also offers an integrated session border controller for VoIP traffic and unified communications.

ASR line cards use the same shared port adapter (SPA) design as Cisco Catalyst 7600, Cisco 12000 and CRS-1 routers and are interchangeable among them, which should help control sparing costs. The SPA modules in turn fit into SPA interface processor (SIP) line cards.

The ASR's operating system is IOS XE, a Linux-based variant of Cisco's IOS software. XE looks and feels similar to IOS on 7200 routers, but it's actually just another process running under Linux. Unlike earlier versions where a problem with one process could crash the whole system, this modular design should help contain faults.

On the downside, the IOS XE command-line interface doesn't leverage powerful Unix/Linux shell features. Pattern matching of command output is limited; there's no inline configuration editing; and IOS XE does not accept IPv4 addresses entered using classless inter-domain routing (CIDR) notation.

ganeshbala

IPSec tunnel capacity

We also validated the ability of the ASR 1006 to handle 2,000 concurrent IPSec tunnels, fielding both encrypted and a mix of encrypted and cleartext traffic. We connected a pair of ASR 1006s using a Cisco Catalyst 7604 as an intermediate router. One ASR emulated a headquarters router at a large enterprise while the other emulated 2,000 remote "sites."

We offered cleartext frames from Spirent TestCenter from the remote "sites" bound for networks at headquarters, and used a packet sniffer to verify that the ASRs put all traffic into 2,000 unique IPSec tunnels. As is common with tests of security devices, throughput was significantly lower than with cleartext traffic alone because of the extra processing required for encryption and authentication.

Throughput for 64-, 256- and 1400-byte frames was equivalent to 14%, 41% and 81% of line rate, respectively – far lower than the line-rate results we saw for midsized and large packets in the unicast tests.

But lower crypto performance doesn't mean lower overall performance. We retested IPSec with a mix of encrypted and cleartext traffic. This time, aggregate throughput was essentially line rate in both directions. This suggests enabling encryption won't cause any performance penalty for other traffic.

High availability

We assessed high-availability and resiliency features with four sets of failover and software installation tests. Since the ESP and RP modules directly handle packets, we conducted separate failover tests of each. Failover was virtually instantaneous with both: The ESP module dropped 408 packets out of more than 600 million offered, for a cutover time of 39 microsec. The RP modules failed over perfectly: They dropped zero packets in the transition from active to standby modules.

Cisco noted that the upgrade/downgrade times were a result of not using redundant interfaces in this test. We'd agree that adding redundancy would mitigate or eliminate downtime caused by SIP module software changes. Also, we conducted the high availability tests with 64-byte frames offered at the throughput rate; downtime would have been lower with less heavy traffic loads.


Source : networkworld

pradeep prem

in this hardware it has three component embedded service processor, for data-plane traffic, a route processor,for control-plane functions and one or more line cards.
in this module all feature has 40-core Quantum Flow Processor
The SPA modules in turn fit into SPA interface processor  line cards.