Home > Articles > Networking > Routing & Switching

  • Print
  • + Share This
This chapter is from the book

Scalable and Flexible Internet Edge

When we talk about a router to be placed at the edge of the network facing the public Internet, a few things come to mind. An ideal router needs to be flexible and scalable with regard to features and variety of interfaces, without requiring service modules for every basic service, such as Network Based Application Recognition (NBAR), Flexible Packet Matching (FPM), firewalls, and IPsec. Other critical attributes include high availability, deep packet inspection, and near-line-rate quality of service (QoS).

High availability enables applications to remain available in case of software or hardware failure that causes a data- or control-plane problem. Deep packet inspection helps classify the data based on application header or payload; it also addresses zero-day attacks.

Use Case: Internet Gateway/Edge Router

An enterprise is looking for, in a smaller-compact factor, an Internet edge that can natively accelerate NAT, firewall, NetFlow, and access control lists (ACL), along with ISSU and RP SSO. This device should also be able to scale up to 10 Gbps if needed in the future.

To meet these requirements, you could use the ASR 1002 with ASR1000-ESP5, which provides 5-Gbps system bandwidth with four built-in Gigabit Ethernet ports ready to be used as fiber or copper and facing either the inside LAN or Internet (usually provisioned via an Ethernet link).

The ASR 1002 can also take the ASR1000-ESP10, which satisfies the requirements of 10 Gbps, essentially doubling the bandwidth from initial deployment.

Figure 12-7 shows the ASR 1002/ASR1000-ESP5 deployed at the Internet edge.

Figure 12-7

Figure 12-7 Single router used for both the WAN edge and Internet gateway router.

There are no configurations to be shared in this use case, but note the performance and scale numbers for the ASR 1000 series routers relevant to the previously mentioned features.

Table 12-2 shows the various features and their respective performance and scale relevant to Internet edge.

Table 12-2. Various ESPs and Their Scale and Performance for IOS Zone-Based Firewall, NetFlow, and IPsec

Feature

ASR1000-ESP5

ASR1000-ESP10

ASR1000-ESP20

IOS zone-based firewall (L4 inspection)

5 Gbps

10 Gbps

20 Gbps

NetFlow (v5, v8, v9)

500K flow cache entries

1M flow cache entries

2M flow cache entries

IPsec

1 Gbps at IMIX

4000 tunnels

90 tunnels/sec with ASR1000-RP1

2.5 Gbps at IMIX

4000 tunnels

90 tunnels/sec with ASR1000-RP1

5.2 Gbps at IMIX

4000 tunnels

90 tunnels/sec with ASR1000-RP1

Dual IOSD failover

< 50 ms

< 50 ms for ASR 1002-F/ASR 1002/ASR 1004 chassis

< 50 ms for ASR 1002-F/ASR 1002/ASR 1004 chassis

The Cisco ASR 1000 not only meets the typical Internet gateway router requirements here, but also exceeds them from both control- and data-plane perspectives. The capability to have two IOS daemons running at the same time, and providing IOSD-based SSO, is second to none!

  • + Share This
  • 🔖 Save To Your Account