Unanswered Question
Mar 14th, 2008

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on building scalable, secure, and reliable WAN network with the new Cisco ASR 1000 Series with Cisco experts Prashanth Shenoy and Kirk Spessard. Prashanth Shenoy is a product marketing manager in the Network Systems and Security Solutions Marketing Group at Cisco, responsible for Cisco's high-end routing portfolio including Cisco 7200, 7300, and 7600 Series, the Cisco ASR 1000 Series, and the Cisco Catalyst 6500 Series. Kirk Spessard is a technical marketing engineer for the Midrange Routing Business Unit in Cisco. There his responsibilities include Layer 3 VPN, traffic engineering, IP RAN, Multicast, and convergence. From hands-on network operations to the network design of multisite topologies, Spessard brings more than 20 years of design and operational experience to his role. He holds a bachelor of science degree in electrical engineering.

Remember to use the rating system to let Prashanth and Kirk know if you have received an adequate response.

Prashanth and Kirk might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through April 4, 2007. Visit this forum often to view responses to your questions and the questions of other community members.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (10 ratings)
thomas.chen Mon, 03/24/2008 - 12:10


Does Cisco IOS XE Software use the same command-line interface (CLI) as Cisco IOS Software?



kspessar Mon, 03/24/2008 - 12:22

Yes. From a casual user standpoint, IOS XE has the same classic IOS look and feel. Its not until users start taking advantage of enhanced IOS XE features that they will start noticing the differences. Enhance IOS XE features include:

1. The ability to run active and standby IOS processes on a single route processor.

2. The ability to perform ISSU upgrades on both redundant and non-redundant hardware systems.

3. The ability to upgrade individual SPA software drivers.

4. The ability to telnet/ssh into the router even though IOS is not running.

5. The ability to ftp/scp files into the router even though IOS is not running.

marikakis Mon, 03/24/2008 - 12:43


All those features sound very impressive, but I think for 4 and 5 to be possible, some kind of software must be running in the router :-) Do you mean that 4 and 5 are possible when some kind of enhanced bootloader software is running in the router ?

Kind Regards,


kspessar Mon, 03/24/2008 - 13:23

Cisco IOS XE is a Linux based, modular operating system. What this means from a practical standpoint is that each line card, i.e. the Route-Processor (RP), Embedded Services Processor (ESP) and SPA Interface Processor (SIP) is running a Linux kernel with protected memory processes running.

So one of the advantages of running a Linux based operating system is we can take advantage of features such as telnet, ssh, ftp and scp in the event that IOS is no longer running. (Note: This is referred to as 'Persistant Mode.')

In the event that IOS is no longer running, IOS XE will allow users access to the router with the ability to reload linecards, upload and download files and to boot a new image.


marikakis Mon, 03/24/2008 - 13:34


Thanks a lot for your reply.

I have been reading the product bulletin about the end-of-sale and end-of-life policy for the Cisco ASR 1000 with Cisco IOS XE and got a bit confused. Does this policy mean that software in a production router must be upgraded every 2 years or less to receive adequate support ? Could you please explain in simple terms what this policy means in terms of regular maintenance ?

Kind Regards,


kspessar Mon, 03/24/2008 - 14:48

Cisco IOS XE is going to a fixed software release schedule. For feature releases, we will be releasing software images on the following yearly schedule:

Apr - 1 year support

Aug - 1 year support

Dec - 2 year support

For each feature release, we will have two scheduled rebuilds. The first rebuild will take place two months after FCS of the feature release. The second rebuild will take place four months after FCS of the feature release.


marikakis Mon, 03/24/2008 - 15:16


Thanks a lot for your reply.

I would like to ask something about this router's hardware architecture. Is this a bus based system ? I mean are the various modules connected by an internal bus (or buses) ? If so, what is the internal bus architecture and relevant bus speeds ? (It seems to me like some architecture somewhere between the 7200 and 7500 architecture.) Or is there some switch matrix inside ?

Kind Regards,


kspessar Mon, 03/24/2008 - 15:32

The ASR 1000 utilizes a centralized forwarding architecture, i.e. all non-legacy protocol traffic is forwarded by the ESP forwarding processor. So in other words unlike other Cisco platforms, the only packet forwarding the SIP carrier performs is from the SPA to the ESP. (Note: The ASR 1000 has implemented a simple high/low priority scheme between the SIP and ESP.)

Connectivity between each SIP-10 and ESP is via an 11.5 Gbps ESI bus. On the ESP, a schedular chip will perform weighted fair queuing (with equal weighting for each SIP-10)between each SIP-10. In the event of congestion between the SIP and ESP, the ESP will backpressure the SIP resulting in ingress buffering on the SIP card.


marikakis Mon, 03/24/2008 - 16:48


Great :-) Seems quite an interesting product. Thanks a lot for all your responses.

Kind Regards,


scytmax_2 Mon, 03/24/2008 - 16:46

Dear Sir!

I've such questions:

1. When ASR1002 will be added to DCT (Dynamic Configuration Tool)? - I'm interesting for its price.

2. Can you explan to me, how licensing schema for ASR are working?

For example: some features on PIX/ASA don't working without activation-key command. Is it true for ASR? For example, will be this router works for my 900 PPPoE sessions without FLASR1-BB-RTU/

Or will be IPsec VPN's works without FLASR1-IPSEC-RTU? Or this license types describes so called "AS-TRUST"-model - i.e. it's need for appropriate use for commercial purposes. But if I will want to test this functions at LAB - can I test this functions without license?

3. Why SASR1R1-AESK9-21SR (Advanced Enterprise Services) costs $10000US (GPL), but SASR1R1-AISK9-21SR (Advanced IP Services) cost s $15000US (GPL) in DCT. Is it true? I cannot find what are the difference between them through Feature Navigator.

Best regards,


kspessar Mon, 03/24/2008 - 17:23

1. The latest word is early April for orderability. Sind an email to ask-mcp-marketing if you would like to see pricing information before that time.

2. We are using the honor system. So as long as the correct IOS XE release is selected, the feature should just work.

3. From a BU perspect, in order to create an Advanced IP Services we have to remove features from Advanced Enterprise Services. Since this requires additional resources from a support and testing perspective, the BU has decided to charge an additional cost.

kspessar Mon, 03/24/2008 - 19:34

Yes, PPPoE is supported. In fact we currently have ASR1000's serving this role in the field.

scytmax_2 Mon, 03/24/2008 - 22:42

Dear Sir!

Can you tell to me, does ASR1000 supports EoMPLS and VPLS?

Best regards,


pushenoy Mon, 03/24/2008 - 23:34


ASR, at FCS, does not support EoMPLS and VPLS. Please check with your Cisco account team or local Cisco representative for more details on future feature support / roadmap on the ASR 1000.

marikakis Tue, 03/25/2008 - 03:58

Hello again :-),

I would like to ask about the ASR 1000 inherent capability as a hardware platform compared to other Cisco aggregation platforms. Other such platforms might currently have more features implemented (such as the MPLS features just mentioned), but those kind of things are not set in stone. How would you compare it to the 7200, 7600, 10K for example ? Where does the ASR 1000 fit compared to those (or other platforms you have in mind) ? If you have some presentation or document or demo with comparisons between platforms, I would be glad to see it.

By the way, the platform numbering scheme where higher number indicates more powerful platform is quite intuitive for me, since I tend to forget performance numbers :-) Why did Cisco chose the 1000 number for ASR ? Should we expect a new numbering scheme for future platforms ?

Kind Regards,


kspessar Tue, 03/25/2008 - 06:58

The ASR 1000 is a mid-ranged platform that is being positioned between the lower bandwidth Cisco 7200 series and the higher bandwidth routers such as the 7600 and CRS.

As far as the numbering schema, historically the higher product number does not always mean more capacity. For example the Cisco 10000 vs the Cisco 7600...

bbaley Wed, 03/26/2008 - 20:23

Does the ASR 1000 platform use CEF as the switching path?


johnnylingo Wed, 03/26/2008 - 23:39

Hi Guys - We're very excited to hear about this product and how it would fit in to our Service Provider Edge!

A couple questions:

1) Do the ASR 1000s support 10 GE Interfaces?

2) What is a theoretical throughput with and without encryption/filtering/packet inspection, etc

kspessar Thu, 03/27/2008 - 06:14

1) Yes, 10 GE interfaces will be supported.

2) We are quoting 10 Gbps for IMIX traffic with QoS, Netflow, ACL's enabled, and 3 Gbps with IPSEC, QoS, NetFlow and ACLs.

Just to be clear, the traffic rate quoted is traffic leaving the router. For example 10 Gbps of unicast traffic coming in and 10 Gbps of unicast traffic coining out.

johnnylingo Sun, 03/30/2008 - 23:32

Good stuff. In a deployment where the traffic is mixed (some IPSec, some non-IPSec) how would this affect throughput. Also, what about when using GET?

Also a question about the Firewall features...I assume CLI is the primary management interfaces, but is there a GUI as well? If so, is it the same as PDM or ASDM?

kspessar Mon, 03/31/2008 - 10:53

Since IPSec traffic is offloaded to a crypto chip, non-IPSec traffic performance should not be effected.

NM GUI planned so far is CSM at first, PDM/ASDM is on the radar.


pushenoy Mon, 03/31/2008 - 12:20

Also, when we say 3Gbps for IPsec traffic throughput, the remaining 7Gbps of throughput can be still be utilized for clear-text non-encrypted traffic. So we still get 10G throughput with IPsec enabled on ASR 1000.



binhtra Tue, 04/01/2008 - 21:03

do we have serial port for ASR1000? I checked config tool but don't have.

kspessar Tue, 04/01/2008 - 21:09

At FCS, the ASR1000 will support the following serial SPA's:

SPA-8xCHT1/E1 - Cisco 8-Port Channelized T1/E1 Shared Port Adapter

SPA-4XCT3-DS0 - Cisco 4-Port Channelized T3 (DS0) Shared Port Adapter

SPA-2XCT3/DS0 - Cisco 2-Port Channelized T3 (DS0) Shared Port Adapter

SPA-2XT3/E3 - Cisco 2-Port Clear Channel T3/E3 Shared Port Adapter

SPA-4XT3/E3 - Cisco 4-Port Clear Channel T3/E3 Shared Port Adapter

SPA-4XT-Serial -Cisco 4-Port Serial Interface Shared Port Adapter

binhtra Tue, 04/01/2008 - 21:17

SPA-4XT-Serial -Cisco 4-Port Serial Interface Shared Port Adapter

I can't run it on config tool. Pls check

lxcollin1 Wed, 04/02/2008 - 21:33


You mentioned that the ASR will support 3Gb of IPSec traffic with an onboard chip. Does the chip come with the base ASR, or is must it be purchased seperately?



kspessar Wed, 04/02/2008 - 21:36

The chip is installed on the Embedded Services Processor (ESP) which is the centralized forwarding processor for the router. Use of security features is based on purchasing a software licence.


nokia_japan Fri, 04/04/2008 - 01:43


How's the firewall performance (sustained) on different ASR's? I'm thinking about deploying ASR's in the datacentre core and I need to do stateful inspection of all traffic. No VPN's are required. 6500's would do the distribution layer, 10G up and downlinks.

How's centralized management for those firewalls if I deploy these in multiple datacetre's?

kspessar Fri, 04/04/2008 - 11:34

With the ASR1000's centralized forwarding engine, i.e. ESP, firewall performance is dependant on the installed ESP not the chassis. With that said, the ESP-5G and ESP-10G both can support beyond a million packets per second.

In regards to centralized management, the ASR1000 will support Cisco CSM.

For more specific details, please contact your local account team.



This Discussion