Since 2008, the ASR 1000 platforms have dramatically changed the WAN edge router’s capabilities. With its very own QuantumFlow Processor (QFP) innovation, the data plane was powered to offer advanced scalable services along with high performance. Fast forward to 2014, the ASR1006-X modular platform is the latest in the modular ASR 1000 portfolio that can host top performer ASR1000-ESP200X data plane module. The ESP200-X module is built using mesh architecture with two Third Generation Quantum Flow Processor (QFP 3.0) ASICs to deliver the scalable performance.
Cisco SD-WAN supports IOS XE routing platforms to offer the flexible architecture for secure cloud scale SD-WAN. With IOS XE 17.5.1 and controller version 20.5.1, ASR1006-X modular platform joins the Cisco SD-WAN platform bandwagon to serve as the most powerful SD-WAN headend!
ASR1006-X is the only modular platform from the Cisco ASR 1000 family to serve SD-WAN aggregation use-cases. This platform can be deployed either at data center hub location sites or large campus/branch edge sites. The platform is suitable for addressing high throughput demands. With the high IPsec and scalable services throughput capabilities, the ASR1006-X SD-WAN headend is quite suitable for today’s remote workforce aggregation needs in the post-pandemic world.
The platform modularity enables a unique benefit of flexible I/O connectivity using 10 GE, 40 GE, or 100 GE port adaptor (EPA) modules. It can offer up to 8000 SD-WAN tunnel aggregation with high throughput IPsec. It aids interface speed choices for current high-speed direct internet and direct cloud access requirements.
All integrated rich services that are necessary for SD-WAN aggregation operation are available. ASR1006-X SD-WAN headend has feature parity with Catalyst 8500 Series Edge Platforms. With two QFP 3.0 ASICs in data plane, we can achieve the best multicast replication performance in the SD-WAN world using the ASR1006-X platform. High throughput crypto is derived from the QFP 3.0 ASIC’s inline cryptography engines, which makes it as there is no longer dependency on a dedicated crypto ASIC/module.
We have enabled ‘IOS XE Single Image’ operation for the ASR1000-RP3 control plane module. With this addition, the migration from traditional WAN edge to SD-WAN edge becomes stress-free.
ASR1006-X is a 6 rack-unit platform. By default, it has two slots for control plane, two slots for data plane, and two slots for line card modules. Let us understand what modules are supported with the SD-WAN use-cases.
The image above illustrates various module slots and their placements supported for the SD-WAN use-case. We support ASR1000-RP3 module for control plane, ASR1000-ESP200X module for data plane, and ASR1000-MIP100 modules for line card. The EPA-10X10GE, EPA-2X40GE, and EPA-QSFP-1X100GE can be placed in any combination in the four available EPA slots using MIP100s in CC0 and CC1 slots.
In controller driven architectures, the controllers take responsibility of overlay level redundancy and resiliency. The device level redundancy options with dual RP and dual FP combination are not supported for SD-WAN. Only one RP3 module is supported in slot R0 and one ESP200-X module is supported in slot F0. The slots R1 and F1 are disabled for SD-WAN deployment. So, when RP3 software is in ‘controller mode’ operation from 17.5.1 release onwards, it will bring up the device only if supported modules are present in the modular chassis at supported slots.
Once the hardware modules are set in place, the device bring up is easy and straight forward. If you have an existing ASR1006-X deployment for traditional routing, you can migrate the device to SD-WAN controller mode using one of the following methods:
- CLI driven provisioning: Straight forward way of using ‘controller-mode enable’ CLI on router console. This will reload the device and bring up in SD-WAN mode. You then need to provision the required SD-WAN configuration to connect the device to the overlay network.
- Bootstrap configuration provisioning: You can use ‘ciscosdwan.cfg’ bootstrap configuration file in bootflash or USB on the device and reload the device in factory default settings using config-register 0x2142. This will bring up the device with factory settings and then the bring up sequence will reference the ciscosdwan.cfg file from available storage location to orchestrate desired SD-WAN mode.
- PnP automated provisioning: Cisco’s Plug-and-Play is the most popular method to automatically provision the SD-WAN edge in a controller driven overlay network. You need to add the device details in the PnP portal, attach a controller profile, and reload the device with factory default configuration. The call-home PnP agent function on the device enables controller communication and provisions the device further. You would need to have internet access available via front panel interface on the device for this to function.
Being modular platform, ASR1006-X PnP process needs special attention. The key details for the PnP portal are the device serial number, base PID, SUDI and certificate serial number. We make use of the RP3 module serial number in combination with ASR10006-X chassis serial number details to achieve the uniqueness for ASR1006-X PnP device identification.
As shown in the image above, ‘show pnp version’ will point us to the base PID (ASR1006-X) and the serial number marked in green. These are chassis specific details that are used for PnP identification. For the SUDI certificate, details are achieved from ‘’ CLI output as highlighted in orange. These are derived from RP3 module specific parameters.
Once these details are correctly entered into the PnP portal and the device is attached to the right SD-WAN controller profile, we are all set for PnP provisioning.
The ASR 1000 platform family hardware has a rich history and is well-proven in the Enterprise Routing world. With the introduction of the top end ASR1006-X platform in Cisco’s SD-WAN portfolio, we enable the Cisco SD-WAN platform’s bandwagon with a powerful aggregation platform.
To summarize, the key highlight of the ASR1006-X for SD-WAN use-case is 2 x QFP 3.0 data plane ASIC made available via ESP200-X module that contributes to data plane power for high scale services. Hardware accelerated crypto and services in data plane are well supplemented with RP3 module’s scalable control plane. And the I/O connectivity is significantly enhanced with flexible module options in the form of EPAs.
The proven ASR1006-X headend is here to serve increasing throughput demands in the SD-WAN world!
Additional References:
1 Comment
