1© 2004 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID
Cisco’s Integrated Services Routers
Thomas [email protected]
0664-4234611
222© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Agenda
• Market Trends and Momentum for Services
• Cisco Integrated Services Routing Architecture
• Cisco’s Integrated Services Routing Portfolio
• Wireless Services on the Cisco 2800 & 3800 Series Integrated Services Routers
333© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
MARKET TRENDS AND MOMENTUM FOR SERVICES
333© 2004, Cisco Systems, Inc. All rights reserved.Presentation_ID
444© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Customer Priorities
Q. What functions that SHOULD be router-integrated?
Cisco-Sponsored Yankee Survey: June 03 n=3310 50 100 150 200 250
MulticastingStreaming
QoSCaching
Content FilteringCompressionIP Telephony
Anti-Virus SoftwareIntrusion Detection
VPNFirewall
555© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
New Router Portfolio That Extends Integrated Services to Businesses of All Sizes
• FIRST portfolio engineered for secure, wire-speed delivery of concurrent data, voice and video services
• Cisco’s integrated systems approach to embedded services speeds deployment and reduces operating costs and complexity
• Founded on more than 20 years of innovation and leadership—FIRST to embed security and voice services into a single routing system
666© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Cisco’s New Integrated Services RoutersNew Systems Approach For Services
Up to… 5X service density, 7X performance,
4X memory!
Industry-leading network
availability and resilience
Backward compatibility with
existing router modules for solid
investment protection
Integrated Services Routers
Embedded Security tightly integrated with Voice Sustained wire-speed
performance with concurrent services3800 series
2800 series
1800 series
777© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
The Value of a Systems ApproachTightly Integrated Services
DMVPN(IPSec, NHRP, OSPF)Enables on-demand
and scalable full VPN mesh and easy to
manage.
V3PN(IPSec, QoS, GRE)
Deliver latency-sensitive data,
voice, video traffic across the VPN
Network Admission Control
(EAP, Radius ACLs)Limits network access
to compliant and trusted endpoints
Toll-Quality Secure Voice
(Voice, QoS, sRTP)Deliver toll quality IP Telephony over an IP
WANVoice Security
Routing Services
888© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
3800 Series
2800 Series
1800 Series
FCS Sept 04
FCS Sept 04
FCS Oct 04Highest Density and Performance for Concurrent ServicesEmbedded, Advanced Voice, Video, Data & Security Services
Integrated Security & Data
Scalable from Small Business to Large EnterprisesRight-Sized Router, Right-Sized Requirements
Perf
orm
ance
and
Ser
vice
s D
ensi
ty
Enterprise Branch SMBSM Branch
999© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Investment Protection and Migration Path
Cross compatibility with existing router modulesIncreased default memoryAdditional DRAM, reduced costsNew feature development and additions until IOS 12(5) mainlineNo EOS for at least 18-24 monthsContinued software support for 5 years after last sale
FCS Sept 04FCS Oct 04
Cisco 3800
Series Cisco 2800
Series
Cisco 1800
SeriesCisco 3700
Series Cisco 2600XM Series Cisco
1721
Cisco 1751/1760
FCS Sept 04
101010© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
CISCO 3845$13000
Cisco’s Integrated Services Routers
CISCO 3825$9500
CISCO 1841$1395
CISCO 2851$6495
CISCO 2811$2495
CISCO 2821$3895
CISCO 2801$1995
111111© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Wan Bandwidth
38451 T3/E3
CME:240SRST:720
3825½½ T3/E3CME:168SRST:336
28516 T1/E1CME:96SRST:96
28214 T1/E1CME:48SRST:48
28112 T1/E1CME:36SRST:36
18411 T1/E1
18/28/3800 Concurrent Services at Wire Speed
2801 1 T1/E1CME:24SRST:24
T1/E1/xDSL
Multiple T1/E1/xDSL
T3/E3
121212© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
HWIC HWIC FEFEHWIC HWIC
NME USBUSB
2811 130-160kpps64F/256D DDR
NMEGEGE HWIC HWIC
HWIC HWIC EVMUSBUSB
2821180-210kpps64F/256D DDR
NME
GEGEHWIC HWICHWIC HWIC EVM USB
USB
2851200-250kpps64F/256D DDR
HWIC VWICFEFE HWIC VWICUSB
280170-100kpps64F/128D DDR
2800/3800 Platform Overview
GEGE
SFPHWIC HWIC HWIC HWIC
NME NMENME NME
USBUSB
3845400-500kpps64F/256D
GEGE
SFPNME HWIC HWICHWIC HWIC
NMEUSBUSB
3825280-350kpps64F/256D
• Complete New Line of Full Service Branch Access Routers• 2-5x Increased routing performance *• 2-10x services performance *• Concurrent Services running at Wire-Rate• Increased Memory• Integrated 10/100/1000 LAN, Security and Voice options• New Modules (GE, Switch, Voice)• New higher speed module technologies• NMEs, HWICs, EVMs• Supports most current 1700/2600 modules
131313© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
CISCO’S INTEGRATED SERVICES ROUTING ARCHITECTURE
131313© 2004, Cisco Systems, Inc. All rights reserved.Presentation_ID
141414© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Time-of-day on system power up. Necessary for certificatesN/AReal Time
Clock
Up to 250MbpsUp to 40MbpsProcessor
Module Integration communication (HWIC, NM, AIM, DSPs,etc…)N/ACustom ASIC
256M EDO/48MCurrent
Up to 4X the density NEW
DRAM/Flash
CPU
ASIC
NEW Architecture-Core/Memory
CPU
PCI
DRAMFlash DRAMFlash
RTC
151515© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Up to 4 HWICs (800Mbps aggregate)Up to 3 WICs (8Mbps shared)External Device for Inline Power (exception 3700
Up to 4 NMs (400Mbps aggregate)Current
Internal Inline Power (up to 360W)
Up to 4-NME (up to 1.2Gbps aggregate)New
NEW Architecture-WICs/Network Modules
CPU
DRAMFlash WIC
WIC
AIM
PCI
In-line Power
FE
FE
DRAMFlash
NME
HWICHWIC
HWICHWIC
In-line Power
ASICGE
USBUSB
CPU
AIM
AIM
VPN
EVM
DSP
GE
NM
RTC
161616© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
NEW Architecture-AIMs/USB/LAN Interfaces
CPU
DRAMFlash WIC
WIC
AIM
PCI
In-line Power
FE
FE
DRAMFlash
NME
HWICHWIC
HWICHWIC
In-line Power
ASICGE
USBUSB
CPU
AIM
AIM
VPN
EVM
DSP
GE
NM
1-2 AIMs – Higher speed1-2 AIMsNo USB ports
Single/Dual FECurrent
1-2 USB ports per chassis
Dual FE/GE, Optional GE SFP HWIC NEW
RTC
171717© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
NEW Architecture-Security
CPU
DRAMFlash WIC
WIC
AIM
PCIFE
FE
DRAMFlash
NME
HWICHWIC
HWICHWIC
In-line Power
ASICGE
USBUSB
CPU
AIM
AIM
VPN
EVM
DSP
GE
NM
DES/3DES/AES128,192,256Requires AIM
CurrentBuilt-in VPN or AIM
NEW
RTC
In-line Power
181818© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
NEW Architecture-Voice
CPU
DRAMFlash WIC
WIC
AIM
PCIFE
FE
DRAMFlash
NME
HWICHWIC
HWICHWIC
In-line Power
ASICGE
USBUSB
CPU
AIM
AIM
VPN
EVM
DSP
GE
NM
Shared DSP slots on MBDedicated DSPsTDM switching 3700 only
Requires Voice NMCurrent
TDM switching supported in 2800/3800 series
HWICs support VICs and EVM slotNEW
RTC
In-line Power
191919© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
CISCO’S INTEGRATED SERVICES ROUTING PORTFOLIO
191919© 2004, Cisco Systems, Inc. All rights reserved.Presentation_ID
202020© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
New Cisco 3845 Router
Power + 802.3af
Power + 802.3afVPN AIM AIM
USBUSB
NME XNME X
NME D XDNME D XD
GEGE SFP
HWICHWIC HWIC
HWIC
1-2 (AC, AC+IP, DC), RPS supportInternal Power Supplies2500 (AIM), or 700 (VPN on-board)VPN Tunnels
4Onboard DSP Slots
4 single-wides /4 single-widesCan accommodate up to 2 EVMs in any NME slotNME/HWIC Slots
212121© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
New Network Module and WIC Slot Types
NME
NME-X
NMD
NME-XD
i.e EVM-HD-xxx
Future Use
i.e. 36ESW
Future Use
removable slot dividers
HWIC HWIC-D
NM i.e16ESW
222222© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
New Cisco 3825 Router
Power + 802.3afVPN AIM AIM
NME X
NME X D XD
1 (AC, AC+IP, DC), RPS supportInternal Power Supplies2000 (AIM), or 500 (VPN on-board)VPN Tunnels
4Onboard DSP Slots
2 single-wides /4 single-wides Can accommodate up to 1 EVM in any NME slotNME/HWIC Slots
HWIC HWIC
HWIC HWIC GEGE
USBUSBSFP
232323© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
New Cisco 2851/2821 Router
AIMAIM AIMAIMVPNPower + 802.3af
USBUSB
EVMHWICHWIC
HWICHWICGE GE
HWICHWIC
HWICHWICGE GE EVM USB
USB
NME X D XD
NME X
242424© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
New Cisco 2811/2801 Router
HWICHWIC
HWICHWIC USB
USBNME FE
FE
Power + 802.3afVPN AIMAIM AIMAIM
USB FE FE HWIC VWIC HWIC VWIC
252525© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
2800 Comparison
2 GE2 GE2 FE2 FEOnboard LAN
300/1800250/1800150/1800100/800VPN Tunnels (VPN on-board/AIM)
332 2 Onboard DSP Slots
1/Yes1/Yes1/Yes1/NoInternal Power Supply/RPS support
4442HWIC1/11/11/00/0NME / Dedicated EVM Slot
2851282128112801
262626© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
New Cisco 1841 Router
AIMVPNPower
USB FE FE HWIC HWIC
1 (AC only), no RPS supportInternal Power Supply800 (AIM), or 100 (VPN on-board)VPN Tunnels
None, Data OnlyOnboard DSP Slots2 single-widesHWIC Slots
The only Desktop form factor model
272727© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Cisco Access Router Interface Cards and Modules
• Supports 90+ existing NM, WIC/VIC/VWIC, AIM
• Flexible expansion (HWIC NME, EVM), additional concurrent services
• Updated Cisco Access Router Quick Reference Guide
282828© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
High-Speed WAN Interfaces
9 & 4 port Etherswitch HWICsNewNew
• Support in 1800/2800/3800• Low density L2 switching• Supports standards based POE (802.3af)
with optional inline power supply
292929© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
High-Speed WAN Interfaces
• Offers Optical and Copper connectivity without NM occupancy
• Support in 2811, 2821, 2851 & 3800 only
Gigabit Ethernet HWICNewNew
303030© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
RJ21 Connector
Extended Voice Module (EVM-HD)
• EVM (voice/fax expansion modules) supports high-density FXS, FXO, Analog-DID and BRI ports
• Baseboard: EVM-HD-8FXS/DID• Expansion Modules:
EM-HDA-8FXS EM-HDA-3FXS/4FXOEM-4BRI-NT/TE EM-HDA-6FXO
EM 0 EM 1 NewNew
313131© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Removing Compact Flash (CF)
• Storage of IOS image, SDM, CME files, VLAN, etc…• Do not remove CP from operating router
Removing CF1. Press ejector button and
arm extends2. Push ejector arm in and
CF comes out
Installing CF6. Ejector arm pushed in7. Insert CF into slot and
push in
1
2
323232© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Integrated Power Supply
Field Replaceable AC/DC and AC+POE
333333© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
PVDM2 Installation
1. Angle PVDM into slot to seat
343434© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
PVDM2 Installation
Installation order:Installation order: PVDM0PVDM0 PVDM1PVDM1 PVDM2PVDM2
2. Push up and snap into place
Removal order:Removal order:PVDM2PVDM2PVDM1PVDM1PVDM0PVDM0
To removeTo removePrey open tabs Prey open tabs on both sideson both sides
353535© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
NME Slot
Align NME with groovesRemovable slot dividers
363636© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Wireless Services on the Cisco 2800 & 3800 Series Integrated Services Routers
363636© 2004, Cisco Systems, Inc. All rights reserved.Presentation_ID
373737© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Outline
• Wireless Services on RoutersCisco Integrated Services RoutersWireless Services for Branch OfficesFast, Secure MobilitySurvivable Local AuthenticationScalabilityFeature Sets
• Future Services – SWAN supportRogue DetectionAssisted Site Surveys
383838© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Wireless Services Integrated With Wired Infrastructure
LAN with site-widewireless VLANs
LAN access layer
Guest EmployeePhone
LAN access layer withper-switch wireless VLANs
WideArea
Network(Intranet)
LAN core & WAN
W
W
W
W
HQ / CAMPUS BRANCH 1
BRANCH 2
Catalyst 6500Series WLSM
Catalyst 6500Series WLSM
Cisco 3800 &2800 Routers
393939© 2004 Cisco Systems, Inc. All rights reserved.Presentation_IDLayer 2
Wireless Services –Fast Secure Mobility for Voice, Video, VPN
LAN with site-widewireless VLANs
LAN access layer
WLSEACS
LAN access layer withper-switch wireless VLANs
WideArea
Network(Intranet)
LAN core & WAN
W
W
W
W
Layer 3
Layer 3
Fast securemobility (aslittle as 50ms)maintainslatency-sensitiveconnections
404040© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Wireless Services –Fast Secure Mobility for Voice, Video, VPN
• Fast secure mobility enables wireless clients to maintain voice, video, VPN connections when moving between access points
• Mobility time is reduced from ~500ms to as low as 50ms through WDS-based authentication for the handoff
No need to go back to the ACS server across the WAN for authentication again (note that the initial authentication still requires access to the ACS server)
• Supported with:Cisco Aironet Access Points, andCisco Aironet or Cisco Compatible client devices that support the Cisco Centralized Key Management protocol and Cisco LEAP
414141© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Wireless Services –Survivable Local Authentication
LAN with site-widewireless VLANs
LAN access layer
WLSEACS
Guest EmployeePhone
LAN access layer withper-switch wireless VLANs
WideArea
Network(Intranet)
LAN core & WAN
W
W
W
W
ACSFailure
SurvivableLocalAuthentication
SurvivableLocalAuthentication
SurvivableLocalAuthentication
WANFailure
BackupSwitch &WLSM
424242© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Wireless Services –Survivable Local Authentication
• The wireless LAN can survive a variety of failures:WAN Link Failures – through dial backup & local authenticationACS Server Failures – through local authentication
• During a loss of connectivity to the ACS server:Clients already connected to the network maintain their WLAN accessNew clients trying to authenticate to the network are authenticated by the local authentication server
• Supported with:Cisco Aironet Access Points, andCisco Aironet or Cisco Compatible client devices that support the Cisco Centralized Key Management protocol and Cisco LEAP
434343© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Wireless Services –Scalable for Branch Offices of All Sizes
505Cisco 2600XM
50050Cisco 3825Cisco 3745
FutureCisco 2801
10
2025
100 APs
Access Points
Supported
200Cisco 2851
100Cisco 2821Cisco 2811Cisco 2691
250Cisco 3725
1000 clientsCisco 3845
Local Authentication
Client Database
444444© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Wireless Services –Feature Sets Supported
IOS Advanced IP Services feature set (K9)
IOS Advanced Enterprise Services feature set (K9)
WirelessServices
IOS Enterprise Services feature set (K9)
IOS SP Services feature set (K9)
IOS Advanced Security feature set (K9)
IOS 12.3(11)T or later
Note – The above feature sets include the wireless services – no additional feature License is required.
454545© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Outline
• Wireless Services on RoutersCisco Integrated Services RoutersWireless Services for Branch OfficesFast, Secure MobilitySurvivable Local AuthenticationScalabilityFeature Sets
• Future Services – SWAN supportRogue DetectionAssisted Site Surveys
464646© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Wireless Services –RM Aggregation for Rogue Detection
LAN with site-widewireless VLANs
LAN access layer
WLSEACS
Guest EmployeePhone
LAN access layer withper-switch wireless VLANs
WideArea
Network(Intranet)
LAN core & WAN
W
W
W
Rogue AccessPoint
RM RM
RM
RM
Rogue AP
RM Aggregation
W
474747© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
1. CiscoWorks WLSE instructs APs to measure and report the Radio Frequency (RF) environment and pushes optimal RF configurations to APs2. CiscoWorks WLSE uses measurements from a client as it walks the perimeter of the coverage area to further fine-tune RF coverage
CiscoWorks WLSE controls the process
Wireless Services –Radio Management Aggregation for Site Surveys
WLSE
W
484848© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Wireless Services –Roadmap
AP-IOSFluorine
AP-IOS 12.3(11)JA
AP1100, AP1200 compatible
Access point support (minimum release)
Rogue Detection, Site Survey,
SWAN
High Availability
Security,Fast Mobility
Benefit
Spring’05 12.3(6th)T, WLSE 3.0
RM aggregationWLSE support
IEEE 802.1X (backup) local authentication for LEAP clients
WDS with fast, secure layer 2 roaming
Future Releases
Router-IOS 12.3(11)T
494949© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
New IOS Software Architecture in 12.3IOS Software Architecture in 12.3Simplified Image SelectionSimplified Image Selection
• Simplifies options (from 44 to 8)• “Advanced Security” replaces:
IP/FW/IDS IP FWIP Plus IPSec IP/FW/IDS/IPSec
• Security featuresNetwork Admission ControlIOS FirewallIntrusion PreventionDMVPN, AESSSH and SNMPV3 (DES)
• As you step up, all features below are inherited
• www.cisco.com/go/fnIP Base
IP Voice
Advanced Security
Advanced IP Services
Enterprise Base
Enterprise Services
SP Services
Advanced Enterprise Services
NAC
NAC
NACSSH
SSH
SSH SSH
SSH
SSH
505050© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Cisco 1800/2800/3800 Release Plan
• 3800, 2800, 1800 Platforms Announcement:External Announcement – Sept 14, 2004
• For 1800/2800 Platforms:T train release – 12.3(8)T Target CCO date 9/13/2004Target Orderability date – 9/16/2004Target FCS date - End of Sept 2004
• For 3800 Platforms:T train release - 12.3(11)TTarget CCO date – Oct 2004Target FCS Oct 2004
515151© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID
Q and A
515151© 2004, Cisco Systems, Inc. All rights reserved.Presentation_ID
525252© 2004 Cisco Systems, Inc. All rights reserved.Presentation_ID 525252© 2003, Cisco Systems, Inc. All rights reserved.Presentation_ID