FastTrack Training. "Network Basics." “Building Routers, Cisco Routing Platforms.” Eddie Martin December 2012

  • Tutorial
About a year ago, I noticed an interesting and fascinating series of lectures by Eddie Martin, which is incredibly intelligible, thanks to its history and real life examples, as well as colossal experience in teaching, which allows us to gain an understanding of rather complex technologies.



We continue the cycle of 27 articles based on his lectures:

01/02: “Understanding the OSI Model” Part 1 / Part 2
03: “Understanding the Cisco Architecture”
04/05: “Fundamentals of Switching or Switches” Part 1 / Part 2
06: “ Switches from Cisco ”
07: “ The area of ​​use of network switches, the value of Cisco switches ”
08/09:“ Basics of a wireless LAN ” Part 1/ Part 2
10: “Products in the area of ​​wireless LANs”
11: “The value of Cisco wireless LANs”
12: “The basics of routing”
13: “The structure of routers, routing platforms from Cisco”
14: “The value of Cisco routers”
15/16: “Basics of data centers” Part 1 / Part 2
17: “Equipment for data centers”
18: “The value of Cisco in data centers”
19/20/21: “Fundamentals of telephony” Part 1 / Part 2 / Part 3
22: Cisco Collaboration Products
23:“Cisco Collaboration Product Value”
24: “Security Essentials”
25: “Cisco Security Software Products”
26: “Cisco Security Product Value”
27: “Understanding Cisco Architectural Games (Overview)”

And here is the thirteenth of them.

FastTrack Training. "Network Basics." “Building Routers, Cisco Routing Platforms.” Eddie Martin December 2012


Today we will have role-playing games. You will play the role of IT expert, and I will play the role of a dumb client. So let me tell you about my problem.

I have a headquarters. And I do not understand anything other than my business. I made millions of dollars on it, my family has been in this business for decades, and so on and so forth. But now I want to expand my business. I have a main office and a small data center in it, but I want to be closer to my clients and plan to open 5 more new offices within six months, 5 out of a dozen offices that I plan to open within 18 months. And if I do not do at least five now, my competitors will devour me.

So, I know that I will have to purchase everything that is needed to build a WAN. I know that you guys at Cisco are experts and know everything about networks, you have this little badge that tells me that I should ask you what are the requirements for the department?

I have spent countless years and money providing technology for these people at headquarters, which are very productive, but what technologies should I use in the departments, in order to make the employees in the departments as effective as in the head office ? Because I never did it. I will have 25-30 employees in each of the departments. What are my applications? Yes, whatever, we use a variety of software, computers, tablets.



So what do we need? You said: “WAN accelerator router”? Well, let's draw such a router here and sign it with WAN Accelerator. Then you tell me what this thing is, it sounds cool, but it certainly costs a lot of money!

We should discuss your needs at the beginning. If your employees should be as effective as the employees of the head office, you should be able to use the same applications. The same applications as at headquarters. Am I supposed to create a second data center? Of course not. What do we need then? That's right, communication to transfer our applications and information back and forth. What else? Wireless connection? Do you mean access points? Yes, in new offices we need access points, but we will call everything that is needed to create a working network, in a word - WLAN. Next, we need security, otherwise customers will not want to do business with us. I will “hook” the necessary identification, encryption, and so on services to security.

Add IPS, IP telephony services. In order for an employee to work from home, for example, during a snowstorm, when it is impossible to get to work, we need to add a VPN service to the branch. And, of course, employees will work with the Internet, so we need a firewall.

We will also need voice equipment, that is, telephones. If I have a phone, then I have the functions of VM - voice messaging. And I should be able to make an external call, that is, I need a connection to the PSTN public telephone network. We'll also need WebEX for video conferencing and the Jabber instant messaging protocol. We add here the video.



Since I am in sales, I will put a server here and add PoE.
Do you know what we just did? We identified IT resources that should be processed by the router. And, here's another thing we missed - you need to put a switch here, next to the router. Now we must cram all these resources into one box so that they work simultaneously. And such a box is our integrated services router - ISR G2 Router (Integrated Services Router Generation 2). He does everything we just talked about.



Inside it are the most innovative Cisco technologies. Inside this box is the motherboard on which the multi-core processor is located. It works based on our iOS. In the chips of each ISR, we lay the capabilities of VPN and FW (Fire Wall), at the hardware level, we also place them on the motherboard. You said ASA (Adaptive Security Appliance or Adaptive Security Appliance), yes, it is the same chip as in the ASA, it provides a firewall. Why is this an enterprise class device? Because it all scales to 200 people. You can buy a larger box and put more chips in it. Thus, the largest ASA can handle up to 20 Gbps of traffic and protect it with a firewall. And some large customers need it. The same device, capable of processing 185 Mbps,



As for WAN acceleration, this is possible thanks to our iOS, which you can install on your device and try it for 30 days for free, or you can add a separate server to this device, which will provide great opportunities. Now I will show you such a “box”, they come in different sizes.



This is a modular design, it has several slots that provide connection of modules to the motherboard.



A large slot is for the server, smaller ones for expansion cards. The router may have a larger size, now I will show you a big "box".



Thus, choosing the appropriate size of the case, you can place everything you need in it and insert everything you want there. What needs to be done to enhance the safety effect? Provide our data with IPS, VPN and FW technologies. All this is bought and activated under license. It is all inside initially, and if you need these functions, you buy a license key and turn them on. You activate data encryption via VPN when you use MPLS, start your firewall, and use IPS technology. Now you can put your authentication server (AAA server) here if you need a WLAN, together with a WLAN controller. We call this solution ESP - a deployable service platform.

The WLAN controller has a smaller processor on this daughter card and therefore can support up to 10 access points. This is what we call ISM, an integrable service module. And such an amount may well be enough for my needs.

Now let's talk about the voice. Inside iOS there is a protocol CME - Communication Manager Express. Depending on the size of the router, it can become your voice switch and provide the ability to support up to 450 telephones or video communication devices, configure and manage your calls, and our recommendation here is to use the TX 200 here. And how can you install it and manage it? Inside our iOS, there are licenses for this.

On the motherboard is a DSP - digital signal processor. It provides voice communication and processing of voice and video signals inside the router, which completely destroys PSTN (standard telephone network). Thus, all the necessary hardware is located inside the router, which is what the hardware of our equipment is today. It is all united by a common motherboard. You can place cards inside the router that are designed to access a standard telephone network, for a local network, for connecting to the Internet, put a fax machine for working with analog phones, and a slot for connecting up to 4 analog phones. We can put in the router boards for medianet, video transfer controllers (h.323 at the controller level), PoE,



This is where the 3 Cisco architectures converge, this is where the unlimited field for collaboration. I will circle the collaboration block with a green marker. In the data centers that we will talk about today, we use B-series, C-series and E-series routers, which we are talking about now.



What is the difference between all this and Business Edition 6K? Business Edition 6K is a virtual server that is equipped with all our communication management systems and more, and it can provide work for up to 1000 clients. And this is a router. We will talk to you about this tomorrow.

Now, let's go to the Cisco website and I'll show you something else. Here is the page where the routers for our branches are shown. These are solutions for remote offices. Here, on this page of the site, it says: “Transform your experience in managing branches.”



It has everything you need to build an architecture. So, which routers do we use to communicate with CVO (virtual office)? These are 800 series ISR routers. They are ideally suited for this task, have a built-in VPN, firewall, everything we need. This series is designed for small home offices. Serious routers are the 1900, 2900, 3900 series. Consider the 3900 ISR series router.



In this router we can have more than 72 ports for connections, or, if you want these ports to be PoE-enabled, up to 48 ports, which is quite enough for an office with 35 employees. And it can be a level 3 switch (L3), it is actually a module for the chassis of the 3560 series of switches. This router does not have a supervisor board, it is actually running on the processor on the iOS side, but it has a redundant power supply. It has a service module and 4 slots for interface cards.

A service module is a plug-in module equipped with a multi-core processor, a hard disk with a capacity of 1 TB, 48 GB of RAM, connectors for connecting to a network, and so on. This is essentially a server that is placed here. In the E series, there is support for VMWare and 4 processors are installed, also 48 GB RAM and you have the opportunity to run many VM virtual machines to run applications. And this is cool, it gives us perhaps a slight advantage over competitor solutions.



In this “box” there are a wide variety of things, practically everything that I may need. How many competitors offer something similar? If it weren’t for this decision, I would have to talk to someone who sells WLAN, and to another person who sells security and encryption systems, to a third who has equipment for medianet, and so on. You would need 7 different sellers that support these technologies, but when you use Cisco equipment, you only contact 1 seller. We are “number 1” in routing, switches, WLAN, virtual networks, security, streaming video, voice telephony, in all of these categories. In some categories, such as PoE, we are the only ones. That is why if you want to get the best-in-class solution, it is better to contact us.

If you have a network problem, one call fixes them all. I was faced with a situation when I had problems with telephone communications, and I called one guy, he replied: "These are not my problems!" I called another, he also said that this was not his problem, and so on. And if I did not arrange a meeting with them all, they simply redirected me to each other. And here you will need only one call to our support team!

Tell me, which of you knew about this? Just one or two people! So, our routers are unique, they strongly distinguish us from routers of other manufacturers, and any seller in our company should be aware of this. He should know that we have all 3 architectures concentrated in one box. When we sell our solutions to headquarters, they no longer stop using it and begin to order solutions already for branches. Thanks to this, we were able to deeply penetrate the market and occupy our own niche of network equipment. We do not stop in the development of routers, we are engaged in innovations.

I was asked how our equipment differs from the Juniper J-series? Great question! By the fact that they do not transmit or process the voice, they do not. Are you saying they have VoIP? Yes there is. They connect you to the regular PSTN telephone network. Can they create a video bridge? No, they can’t! If they have WLAN inside the “box” of the router? No, he is not there. They can do WLAN, but this is not integrated into their solution at the moment. Can they provide other characteristics of voice and video? Can not. They cannot provide phones and configure them. They have neither PoE nor routers with high density switching ports. They simply fabricate routers, while Cisco makes routers with faster processing. Do they make servers or software for virtual servers? I do not think.

Their routers are probably no better than our 1998 routers, when we did OverIP routing at Cisco. I had a neighbor, a very smart guy, he wrote programs, essentially a code for routers, and we worked together at Cisco. Once, at that moment I quit Cisco, I went out to the yard and he went out, then I took 2 beers and we went out to talk. He said that they started working on a new project at Cisco, and they want to abandon the first generation routers that could do all the things that you and I talked about, since Juniper released a router with faster packet processing, the J1 series, which can process 750,000 packets per second, while Cisco routers could provide only 500,000 pps. I said: "Really?" “Yes man, we have a problem.” I said, “Mickey, let me tell you something. Listen, if I start selling to my customers, network providers, equipment with this filling, Cisco just have to cut off my fingers with a very blunt knife, one at a time, since I do not deserve this product. Because at Juniper there is no support for everything that is in the G1 series, they will never do it better than us in a legal way. ” They tried to copy some of our solutions, and put them in their equipment, but they didn’t get anything out of this. A lot of companies have tried. Huawei is God in the IT industry, they tried to make such a copy, but even they could not defeat Cisco, because customers know that they are probably not as good as they say in these decisions. And this is our main difference. Because at Juniper there is no support for everything that is in the G1 series, they will never do it better than us in a legal way. ” They tried to copy some of our solutions, and put them in their equipment, but they didn’t get anything out of this. A lot of companies have tried. Huawei is God in the IT industry, they tried to make such a copy, but even they could not defeat Cisco, because customers know that they are probably not as good as they say in these decisions. And this is our main difference. Because at Juniper there is no support for everything that is in the G1 series, they will never do it better than us in a legal way. ” They tried to copy some of our solutions, and put them in their equipment, but they didn’t get anything out of this. A lot of companies have tried. Huawei is God in the IT industry, they tried to make such a copy, but even they could not defeat Cisco, because customers know that they are probably not as good as they say in these decisions. And this is our main difference. but even they could not defeat Cisco, because customers know that they are probably not as good as they say in these decisions. And this is our main difference. but even they could not defeat Cisco, because customers know that they are probably not as good as they say in these decisions. And this is our main difference.

We continue the conversation about the capabilities of our routers that are important for the client, returning to the Cisco website. Cisco has 3 different groups of routers, we will discuss 2 groups of three. Now we will talk about the different requirements that apply to routers for branches and routers for headquarters. The main office needs a comprehensive solution for processing large amounts of data, and since it is large, we will not put all the features in one device. Branches need slightly different equipment. Consider the differences in the characteristics of the ISR G2 family of routers that they support, that do not support.



As you can see from this table, the routers of this series start with the models 3540 and 3945 V and go down to the models of the 1941 and even 800 series, which support CVO and are necessary for organizing a virtual office at home, as we discussed. Depending on the qualities that we need, they have a different form factor and different capabilities. We provide a full-fledged firewall (firewall) for the entire product line, as clients will connect to the Internet. This is embedded in the hardware of the product, namely in the same ASIC that is used in the ASA. Moreover, for the entire product line, we provide hardware accelerated encryption. There is protection against external penetration, counters filters are also there. But all these routers contain different capabilities for voice transfer, video stream support, creating video bridges, the ability to process DSP to convert traditional telephony to IP-telephony, Cisco Unified Communications Manager Express (CME), essentially the functionality of PBX, corporate telephony systems. And we can support starting from 450 phones, depending on the device you choose. Untity Extress is a voice message. SIP allows you to establish SIP connections. Digital Voice support enables the installation of up to 660 PRI T1 connections. FXS and FXO connectivity access for all platforms. The ISR G2 series offers all these features in one solution, which allows the client to deploy it. Thus, we can ensure the same productivity of the branch staff as the headquarters staff possess. essentially the functionality of PBX, a corporate telephony system. And we can support starting from 450 phones, depending on the device you choose. Untity Extress is a voice message. SIP allows you to establish SIP connections. Digital Voice support enables the installation of up to 660 PRI T1 connections. FXS and FXO connectivity access for all platforms. The ISR G2 series offers all these features in one solution, which allows the client to deploy it. Thus, we can ensure the same productivity of the branch staff as the headquarters staff possess. essentially the functionality of PBX, a corporate telephony system. And we can support starting from 450 phones, depending on the device you choose. Untity Extress is a voice message. SIP allows you to establish SIP connections. Digital Voice support enables the installation of up to 660 PRI T1 connections. FXS and FXO connectivity access for all platforms. The ISR G2 series offers all these features in one solution, which allows the client to deploy it. Thus, we can ensure the same productivity of the branch staff as the headquarters staff possess. Digital Voice support enables the installation of up to 660 PRI T1 connections. FXS and FXO connectivity access for all platforms. The ISR G2 series offers all these features in one solution, which allows the client to deploy it. Thus, we can ensure the same productivity of the branch staff as the headquarters staff possess. Digital Voice support enables the installation of up to 660 PRI T1 connections. FXS and FXO connectivity access for all platforms. The ISR G2 series offers all these features in one solution, which allows the client to deploy it. Thus, we can ensure the same productivity of the branch staff as the headquarters staff possess.

Let's talk about the cost of these devices, the cost of the technologies embedded in them. For example, the 2600 series is a multifunctional equipment. We have the first generation of this series ISR G1 2600 and the second generation ISR G2 2900. So, the basic cost of the 2691 router that I chose to buy for my “home laboratory” without any additional functions is $ 6495. We, as employees of Cisco, naturally had discounts. But they gave me a modest discount and a price of $ 4,500 only due to the fact that adding a VPN function to this router would cost another $ 1,500. This is really an expensive box. I bought one, of course, but I had at least two. And on the second, my wife “caught” me. And for a whole year I could not talk about the bad Talbot women's clothing store in any bad sense.

And when the second generation of these routers came to replace the first one, which provided 4 times higher packet processing performance, the ISR G2 2900 router, with all the necessary “gadgets” and built-in functions (VPN, firewall, etc.), was not needed buy them separately for $ 1,500 each), do you know how much it cost? Only $ 3895, i.e. half the price! And now, when this generation of routers is leaving, and the new one provides 2-3 times more features, they cost the same money. I have already told you about this trend. The more technologies inside, the cheaper they cost the customer. What happens to the prices of our products? They are constantly decreasing as demand grows and technology develops. And that’s why I think renting such equipment is more profitable for our customers.

I note that 80% of our customers do not work at headquarters, but in branches. And for them, device mobility means a lot. And therefore we want to stimulate them to purchase our ISR G2 series routers, which is simply huge.



And the client can see a whole list of parts and extensions for them. And here is not a complete list, unfortunately, but here is a breakdown of what they may have inside the ISR G2 series routers. I just scroll quickly, we have HWIC for CDMA, we can establish VDSL connections for clients, if they need it, we have SRE - this is the Service Rating Engine with their servers that go with them. We have add-ons to speed up applications, it is possible to establish 72 FXS connections to the server in order to connect analog phones. All these parts are designed for these modular routers. Now you see why we have more types of goods than Walmart? And this is only for the ISR G2, and this is not a complete list, we really have more than what we show here.

As we approach the edge of the network, let's look at the ASR, our Aggregation Services Routers, the edge routers that are designed to bring all these branches together at headquarters. Since everyone connects through the network to the headquarters in which our small data center is located, this router should be large and capable of handling large bandwidth. And there may be different requirements. Consider the ASR 1000 Series routers. It comes in 6 different options.



And if we pay attention to the software-configured SDN network, which is based on the fact that the router is installed on the server, then it definitely will not be effective as an edge solution. It simply cannot provide the necessary volume of data exchange between headquarters and branches.

Cisco has been using ASR routers for a long time. We created our own processors for these routers and spent many millions of dollars on it. They are called the Quantum Flow Processor. It is such processors that can simultaneously perform many operations at the same time that are installed in the ASR 1000 series routers. Cisco created their own multiprocessors before multi-core processors appeared. We have created a 40 core processor that works with the ASR protocol. The ASR 1000, 5000, 9000 series all use QuantumFlow. Each of them has 40 cores, each core can process 4 threads, so you get 160 threads. It took 5 years to create Cisco, a lot of research and development (R&D), since we needed to manufacture the next generation of border router equipment for service providers,



These routers actually replaced routers that were capable of processing up to 2 million digital packets per second. Thanks to them, it has now become possible to process up to 100 million packets, and it is possible that your service provider has installed just such a router. They provide data transfer rates from 2.5 to 100 gigabits per second and will soon be able to work at speeds up to 320 Gb / s, as you have more and more bandwidth requirements due to video and more. What they did at Cisco was to separate the set of processors that were on the board and worked at the control plane (control plane) from the transmit level (data plane), which was handled by the processor integrated in the motherboard QuantumFlow. And the motherboard, the main processing card, actually set the program for the QuantumFlow processor, separating it from real traffic. I think this is the best Cisco development for the entire existence of the company. But unfortunately it came out a little late, we managed to put into operation the predecessor - the 7200 series, but this turned into a huge range of products with us, various models, all possible different interfaces. Such routers should be located at headquarters; they are not intended to be installed in branches, definitely.

Let's go back a little. It seems like the webmaster is a little crazy. What does the Catalist 6500 switch do among routers? It is placed here because it has a modular architecture and can be not only a switch, but also a router; it has such an opportunity. Before that, we had a hole in our portfolio, we had GSR (the gigabit switching router), a huge “box” for service providers, we had a 7200 series switch.



And we created the Catalist 6500, which allowed us to process up to 450 million packets and it can be used on networks of various levels, so we can say that the Catalist 6500 has “several lives”. Its providers called it OSR (optical switching router). The ASR series of routers has the same schemes as the 6500 series of switches, we sometimes call them “our switch routers”. The Catalist 6500 switch can be used as part of a routing service.

Next, I will introduce you to the model of the CRS-3 router, designed for the "Internet of the future." It provides providers with a connection speed of 100 gigabits per second, many connections, therefore it is optimally suited for working with data centers. This is the most powerful router to date, and it can skip up to 322 TB / s. It is very expensive. But this is what can be used to build the IP core of a service provider, which needs to bring all this big traffic together. In the beginning, we released a version that supported 92 TB, but just recently, about 18 months ago, we upgraded to CRS-3, making it possible to process 322 TB / s of data using this router. He is accompanied by the product of the ASR 9000 series, the "big brother" of the ASR 1000 series with a productivity of 96 TB / s.

This is what the 9000 series routers look like, it's real “heavy metal”.



And when you are at the edge of the network, you will have clients that need MPLS, which means I need MPLS support. Everything will go through IP. And we do not need to make a separate network for this, but another for this. This solution will be great for medium Tier providers and small providers. For larger ones, CRS-3 must be used. But for a larger service provider, the 9000 is actually the frontier. And they look at these service provider routers as the only place where intelligence on the network is possible. Where we can do everything on routers. When we enterpise-providers - we should do more on switches. There is a different philosophy on this.

And again, you understand that we sell much more switches than routers, many times more. For example, headquarters may need 100 switches and from one to 4 routers. It doesn’t matter what kind of data we receive at the network edge - video or voice, as a rule there is no separation of data type here, it is IP. Large providers use several MPLS in order to guarantee the quality of their IT services for lower level service providers.

Once again I note - the choice of a router depends on the needs of the client. And we must create the reason why the client wants our routers. They are not the cheapest, but the most “reasonable” among analogues. We must explain to our customers the advantages of our equipment, among which the complexity of solutions is important. A business can save time, effort and money due to the fact that it will not conclude an agreement with different sellers, but will only contact us. We will provide him with everything necessary, and he will be able to deploy everything much faster. The top management of the company should be interested in cooperation with us, as he will receive all the necessary solutions in the “one box” and will be able to reduce his risks associated with the acquisition of equipment from various suppliers and its further maintenance. And they think about how they can grow quickly and how to get reliability, discussion, etc. Because it is possible that their IT organization will not even be able to service it, and we can provide them with this service. So, I hope, ISR G2 has become a clear example of how 3 infrastructures converge in one and truly demonstrates our difference.



Continuation:

FastTrack Training. "Network Basics." "The value of Cisco routers." Eddie Martin December, 2012

Thank you for staying with us. Do you like our articles? Want to see more interesting materials? Support us by placing an order or recommending it to your friends, a 30% discount for Habr users on a unique analogue of entry-level servers that we invented for you: The whole truth about VPS (KVM) E5-2650 v4 (6 Cores) 10GB DDR4 240GB SSD 1Gbps from $ 20 or how to divide the server? (options are available with RAID1 and RAID10, up to 24 cores and up to 40GB DDR4).

Dell R730xd 2 times cheaper? Only we have 2 x Intel Dodeca-Core Xeon E5-2650v4 128GB DDR4 6x480GB SSD 1Gbps 100 TV from $ 249 in the Netherlands and the USA! Read aboutHow to build the infrastructure of the building. class using Dell R730xd E5-2650 v4 servers costing 9,000 euros for a penny?

Also popular now: