cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
520
Views
3
Helpful
6
Replies

ISR 4000 Series and DNA Software Subscription Licence

n.ogawa
Level 1
Level 1

Hi,

I appreciate any advice on how to select an appropriate ISR 4000 model and DNA software subscription licence.

Currently our site is using two ISR4331s with Tier 0 DNA software, connected to two Internet lines - one is 100Mbps and the other one is 60Mbps. We are planning to upgrade the 100Mbps line to the 3Gbps line, and we requested our vendor to upgrade the router model and its DNA software bandwidth. The vendor recommended to keep using the current ISR 4331s and just change DNA software from Tier 0 to Tier 1.

We are confused with their recommendation, because Tier 1 can support up to 200Mbps/400Mpbs as per Products - Cisco DNA Subscription Software for SD-WAN and Routing FAQ - Cisco, and the throughput of ISR4331 seems to be up to 300Mbps as per Cisco 4000 Family Integrated Services Router Data Sheet - Cisco.

The vendor explained that since the new 3Gbps line is a broadband line, we should consider the bandwidth as 10% of the offered bandwidth, thus 300Mbps. Even though I understand that 3Gbps will be not fully realised, I wonder if 10% is actually reasonable compression.

If you have any experience or knowledge on how to select ISR 4000 series model and DNA software options, please give your advice.

1 Accepted Solution

Accepted Solutions

Hi,

|Per documentation (which you shared also), TIER1 will not be enough, since it is license for 200Mbps (aggregate 400Mbps). You need TIER3 which is up to 10Gbps. But this is not for ISR4331 (ref: below link, table 9)

https://www.cisco.com/c/en/us/products/collateral/software/dna-subscription-routing/guide-c07-740642.html

In general, ISR4331 is not limited with 300Mbps, in legacy network 300 limit is with performance license, while boost allows over 2Gbps.So, "without any limitations" 4331 can handle 2Gbps+ CEF traffic (SD-WAN traffic is also approximate 2 Gbps since there is 1G/2G aggregate license for 4331).

4331 may not be enough platform if you need strict 3Gbps (I can't confirm 100%, but I think document had to write close to 3Gbps, but it is only written "over 2Gbps"+licensing issue described above).

Don't forget to buy HSEC license as well, since it is mandatory for 250+ Mbps.

Note: technically, in SD-WAN there is no enforcement, even if you have TIER0 router will use its maximum supported depending on configuration (ipsec/firewall/DRE etc.). Maybe this is the reason support-vendor said that TERI1 will be enough, but that is not normal (at least for me).

Q.    Are bandwidth or throughput tiers enforced?
A.     There is no hard enforcement of non-crypto throughput tiers on any platform except the Catalyst 8000V. In all other cases, if the customer chooses to configure a throughput tier for which they do not own a valid license, they will get out-of-compliance messages and will not be entitled to Cisco Technical Assistance Center (TAC) support for related issues. Note that for all platforms without a valid HSEC license, encrypted traffic will be throttled at 250Mbps.
https://www.cisco.com/c/en/us/products/collateral/software/one-wan-subscription/nb-06-dna-sw-rout-sub-faq-ctp-en.html
HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

6 Replies 6

Hi,

is router managed by SD-WAN Manager (vManage) or DNAC controllers?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

Hi @Kanan Huseynli  Thank you for your response. This is managed by SD-WAN Manager (vManage).

balaji.bandi
Hall of Fame
Hall of Fame

The router model does not support that speed and also 4K Model getting end of Life.

Suggest to use Cat 8K Model for higher throughput, But if this is best effort basis of ISP Link, then you are ok with performance License for tier License you mentioned.

we have many installation of SD-WAN for 100-200MB we used 4331, 200-300MB - 4431, 1GB we use 4451 and works.

recently we moved to 1GB Cisco 8200 works great.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

n.ogawa
Level 1
Level 1

Hi @Kanan Huseynli  Thank you for your response. This is managed by SD-WAN Manager (vManage).

Hi @balaji.bandi Thank you for sharing your experiences and suggeston to use Cat 8K model. Appreciated a lot

 

Hi,

|Per documentation (which you shared also), TIER1 will not be enough, since it is license for 200Mbps (aggregate 400Mbps). You need TIER3 which is up to 10Gbps. But this is not for ISR4331 (ref: below link, table 9)

https://www.cisco.com/c/en/us/products/collateral/software/dna-subscription-routing/guide-c07-740642.html

In general, ISR4331 is not limited with 300Mbps, in legacy network 300 limit is with performance license, while boost allows over 2Gbps.So, "without any limitations" 4331 can handle 2Gbps+ CEF traffic (SD-WAN traffic is also approximate 2 Gbps since there is 1G/2G aggregate license for 4331).

4331 may not be enough platform if you need strict 3Gbps (I can't confirm 100%, but I think document had to write close to 3Gbps, but it is only written "over 2Gbps"+licensing issue described above).

Don't forget to buy HSEC license as well, since it is mandatory for 250+ Mbps.

Note: technically, in SD-WAN there is no enforcement, even if you have TIER0 router will use its maximum supported depending on configuration (ipsec/firewall/DRE etc.). Maybe this is the reason support-vendor said that TERI1 will be enough, but that is not normal (at least for me).

Q.    Are bandwidth or throughput tiers enforced?
A.     There is no hard enforcement of non-crypto throughput tiers on any platform except the Catalyst 8000V. In all other cases, if the customer chooses to configure a throughput tier for which they do not own a valid license, they will get out-of-compliance messages and will not be entitled to Cisco Technical Assistance Center (TAC) support for related issues. Note that for all platforms without a valid HSEC license, encrypted traffic will be throttled at 250Mbps.
https://www.cisco.com/c/en/us/products/collateral/software/one-wan-subscription/nb-06-dna-sw-rout-sub-faq-ctp-en.html
HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

The vendor has explained that they have an agreement with Cisco on licence selection policies, and even if the actual traffic volume is much higher than the licence purchased, as long as we follow the policies, Cisco accepts it and they will not charge any additional costs.

As per the model, I wasn't sure if we can keep using SD-WAN with the boost licence enabled. The vendor has admitted the risk that ISR4331 could become a bottleneck, and they will provide a quote for a high-end model.

Review Cisco Networking for a $25 gift card