Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get Learn about the latest router feature innovations, architectural designs, and configuration information with Cisco expert Daniel de la Rosa. Daniel is a technical marketer for the edge routing business unit. He has been with Cisco for more than 10 years in postsales support and marketing. He has experience with IP Routing, MPLS, QoS, and WAN aggregation architectures, with several internal white papers and presentations to his credit on all these topics. He holds CCIE certification #4622.
Remember to use the rating system to let Daniel know if you have received an adequate response.
Daniel might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through January 30, 2009. Visit this forum often to view responses to your questions and the questions of other community members.
CME in the context of supporting the ASR 1000 ESP20? ASR1000 support for CM is still in our radar and we don't have an specific date yet. in the other hand, CME 7.1 is supposed is to be on CCO any day now. Please contact your AT to get more details
could you please give us some overview what this topic is all about. I've tried to do search for "20G EMBEDDED SERVICES PROVIDER" and received zero hits :( Then I've figured out is it probably about Embedded Services Processors.
I'm particularly interested in SBCs but would also like to know what were the reasons to create this products and some hints what are the plans for the future.
Sorry for the confusion. This is about the ASR1000 ESP20, as you mentioned. ESP20 is the latest hardware addition to the ASR1000 series options. As you probably found out, ASR1004 and ASR1006 were initially launched with the ESP10, to deliver 10Gbps of total BW. With ESP20, they can be upgraded to 20 Gbps.
SBC in IOS XE 2.1, 2.2 and 2.3 is only supported in a distributed model fashion, but you can expect a lot more SBC options and features this year.
The reason behind ASR1000 is the need from both SP and Enterprise customers to have a flexible platform such as the 7200, but with a much higher throughput such as the Cat 6500 and 7600. ASR1000 is our proposal for those customer who need a platform in between those two.
Hope that answers your questions.
A question not specific to the ESP20: the specifications list DDoS mitigation features for the ASR100x. Could you please describe these in detail, as there does not appear to be much information about it. E.g. can it replace a Guard 5650?
Hi, ASR1000 IOS XE is primarily based on IOS, so we have IOS FW and FPM. Specifically for DDoS mitigation, we can use the following FW configuration:
We are working on an specific IOS XE configuration for this subject but for now, you can use that.
Thanks for the DDoS information. It does not appear that the IOS FW can blackhole source IPs which exceed certain rates, so we will look at some other device.
Goodday, Could you please show us a detailed link documentations for ASR1000 20G ESR?
I would also like to know where exactly ASR1000 ESR stands in terms of your recommendation to the customers? In other word, when do you recommend & advise ASR1000 20G ESR?
Great talking to you,,
Hi Mohamed, sorry for the confusion. This is actually about the ASR1000 ESP20, and here it's where you can read more about this.
Regarding your specific question, we recommend ASR1000 ESP20 to all those customers who need higher IPSec and IP Fwding performance to what they can get from ESP10, in their ASR1004 and ASR1006. That's the only recommendation since both ESP10 and ESP20 support the exact set of IOS XE features.
Hope that answers the question. Thanks
I need to decide upon a device which is MPLS L3 VPN capable & We can terminate L2TP, IPSEC tunnels , & SSL VPNs too in large numbers.. How is ASR 1000 with 20G ESP in this respect?
ASR1000 does not support SSL VPNs at the moment but it is in our long term roadmap. With regards to L3VPN, L2TPv2 ( LAC and LNS) and IPSec, ASR1000 supports them all, at a very high scale ( 1k VRF's with RP1 and ESP10/20, 4k IPSec tunnels, etc) but we don't have that many customers that have combined them all in one box. So it's highly recommended to test this in the lab to see what numbers you get with all these features
I have a problem when I try to move a SPA and its configurations from slot 4/1 to slot 11/1 in a Cat6513 chassi. I can't apply the configuration to the new interfaces after the module is installed in a new slot. I read some documents in web cisco pages and I did not found a solution.
Could you help me to understand if it's necessary any command to remove the configuration associated to interface 4/1 or if it's necessary another type of configuration?
I found a document explaining how to remove a configuration in a module. I'd like to know if this can be applied to SPA's and if it's necessary to use the command no module clear-config after I removed the module, because I just want to remove the configuration from a specific module.
Follow the document
If a module is physically removed and the configuration is not needed anymore, then apply the module
clear-config command from the global configuration mode before you physically remove the module.
Note: The module clear-config command is currently available only in Cisco Catalyst 6500/6000 Series
Note: The command works when applied before you remove the module.
This is an example of the command usage from the switch:
ContentServicesGateway Configure a CSG module
ContentSwitchingModule configure a CSM SLB module
clear-config To clear configuration when module is removed
provision Configure module provision status
Complete these steps:
Apply the module clear-config command in global configuration mode.
Once the command is applied and the configuration is saved, check the output of the show run
command to see if the command is there.
This forum is specifically meant to address questions about Cisco ASR 1000 Series. Please check out for Catalyst 6500 related NetPro forums and post your above question there. Currently, there aren't any Cat6k specific "Ask the Expert" . So you can contact your local Cisco account team to help you with your question.
This forum is specifically meant to address questions about Cisco ASR 1000 Series. Please check out any UC or ISR related NetPro forums and post your above question there. Currently, there aren't any UC or ISR specific "Ask the Expert" . So you can contact your local Cisco account team to help you with your question.
BTW, you can find information about the UC support on 1861 here:
The core components of UC on 1861 are:
1. Cisco Unified Communications Manager Express (CME) or Cisco Unified Survivable Remote Site Telephony (SRST) for call processing
2. Cisco UnityÂ® Express for voice messaging and Automated Attendant.
This forum is specifically meant to address questions about Cisco ASR 1000 Series. Please check out any mobility or UC related NetPro forums and post your above question there. Currently, there aren't any UC or mobility specific "Ask the Expert" . So you can contact your local Cisco account team to help you with your question.
Does ASR1000 support WCCP (Web Cache Control Protocol) Version 2 that is inter-operable with Cisco WAAS WAN optimization technology?
Yes. WCCPv2 is already supported on the Cisco ASR 1000 Series starting Cisco IOSÂ® Software XE Release 2.2 and works in conjunction with the Cisco WAAS technology.
We have a white paper on deploying and troubleshooting WCCPv2 on the Cisco ASR 1000 Series. Here's the link
What is the rated performance for the 20G ESP with v4 forwarding, QoS, and IPSEC? Is it still 20Gbps?
hi Shaun, the IPSec performance for ESP20 is around 7 Gbps. So if you all traffic needs to be encrypted, that's the maximum throughput you can get. In addition to that you can get around 13 Gbps additional throughput of non-encrypted traffic. NW recently tested this and here are the results: