Cisco ASR 1000 Series Aggregation Services Routers

Cisco ASR 1000 Series Aggregation Services Routers: A New Paradigm for the Enterprise WAN

  • Viewing Options

  • PDF (487.2 KB)
  • Feedback

As enterprises expand globally, while simultaneously integrating a new wave of applications, the WAN edge has become a critical gateway for business success. The Cisco® ASR 1000 Series Aggregation Services Routers are new wide-area edge routers that represent a dramatic advance in technology innovation based on the company’s understanding of evolving customer requirements. These routers set new expectations for industry-leading performance and scalability of embedded services atop a secure, resilient hardware and software architecture.

With this innovative series of platforms and the accompanying solution framework--Cisco Unified WAN Services--Cisco enters a new era for the enterprise WAN, providing best-of-class WAN services aggregation products, architectures, guidance, and support to help enterprises transform their network into the platform to aid business excellence.

The Network as the Platform for Business Opportunity

The Enterprise Landscape is Changing

Businesses are expanding globally. Industries are consolidating through mergers and acquisitions. Increasingly, IT managers are finding themselves with more locations to manage--in more geographically diverse regions of the world.

At the same time, the workforce is becoming more mobile, escalating the demand for anytime, everywhere access to network resources.

Emerging applications are being deployed globally as enterprises seek to take advantage of the benefits of Web 2.0. Voice, video, interactivity, online collaboration, and real-time responsiveness put new stresses on the existing network infrastructure.

As corporations expand into a 24-hour global market, requirements mount to comply with governmental, industry, and local regulations; provide heightened levels of security; and eliminate downtime.

Overall, the scale, scope, and complexity of enterprise networks are expanding. This outward expansion enables enterprise businesses to accelerate their growth potential significantly. At the same time, it defines a new set of challenges for network architects and designers.

At the nexus of these changing requirements is the network infrastructure, which acts as the platform for such exciting, business-enhancing opportunities as globalization, mobility, and Web 2.0. In particular, the WAN edge plays a pivotal role as the enterprise expands its global reach. Although the WAN edge was formerly considered a simple hub for reliable connectivity and data transport, it now has new, rapidly evolving responsibilities in the transformation of the enterprise business model.

This new role of the WAN edge as a gateway to the world; a branch-office aggregation point; or a secure and converged pathway for information, communication, and collaboration requires:

   Increased WAN edge infrastructure performance: Enterprises need to deliver higher-performance, higher-bandwidth services over their converged WANs, along with capacity headroom to operate efficiently.

     The emergence of new business applications and a new communication paradigm has caused an unprecedented increase in bandwidth and scalability requirements for the WAN.

     Enterprises involved in data center consolidation need increased WAN performance and reliability to provide consistent experiences to their branch-office employees and remote locations.

     Older infrastructure cannot support high-bandwidth WAN aggregation and Internet edge applications.

     For Ethernet WAN services, enterprise customers are looking for a small-form-factor, high-performance router to provide services at multigigabit Ethernet speeds.

   Highly available WAN infrastructure: Enterprises need to provide continuous, uninterrupted access to applications and services over the WAN. This provision requires a more highly available, resilient, and adaptive infrastructure than they have today. Customers need their WAN edge infrastructure to support:

     Rapid failover without service disruption

     Streamlined change management and service turn-up without WAN disruption—and with fewer errors

     Increased system redundancy at the platform level

   Full WAN security for data protection and compliance: Businesses need to satisfy industry regulations regarding data privacy, and adhere to regulations such as the Sarbanes-Oxley Act (SOX), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), etc. Customers need their WAN edge infrastructure to:

     Deliver network resiliency with a self-defending architecture

     Secure all critical business and client information without creating a performance bottleneck

     Integrate and embed security services within the network to reduce the need for standalone devices

     Inspect traffic flows at high speeds for attack prevention, policy enforcement, and application security

   Consistent service delivery with application intelligence: Enterprises need to meet demanding internal service-level agreements (SLAs), with improved service delivery and application performance over the WAN. To accomplish this level of service, customers need their WAN edge infrastructure to:

     Fulfill internal SLAs while containing WAN and telecom expenses

     Speed service and feature deployment to quickly adapt to changing network requirements

     Provide advanced services that interoperate with critical network functions to ensure application performance and security

Cisco ASR 1000 Series Routers

The Cisco ASR 1000 Series Routers are an innovative new line of Cisco routers designed to address the emerging needs of the Cisco Unified WAN Services edge. While combining the best attributes of existing Cisco routers, the Cisco ASR 1000 Series Routers deliver a resilient and secure next-generation WAN infrastructure, with powerful performance and scalability for embedded services.

Service Consolidation Without Compromise

Traditionally, the network architect’s dilemma has always been to achieve the service richness required at the WAN edge without making difficult trade-offs regarding speed, scalability, and complexity. Layering multiple services on a single platform often resulted in high CPU usage and decreased packet throughput. Taking the alternate approach--distributing service functions to a set of discreet appliances--has further drawbacks in terms of increased operational and training costs, software maintenance expenses, integration and testing challenges, and higher total cost of ownership (TCO).

The Cisco ASR 1000 Series Routers fundamentally change this equation. By consolidating network services within a single high-performance, resilient, service-rich platform, the network architect attains many tangible benefits. These benefits include reduced rack-space and power requirements, simplified single-point management and monitoring, transparent service integration with routing, easy in-service software upgrade, and concurrent deployment of multiple high-touch services. Taken together, these advantages can significantly simplify network design and lower the TCO.

The Cisco Flow Processor

At the heart of the innovation found in the Cisco ASR 1000 Series Routers is the new Cisco Flow Processor (FP). This processor combines the best attributes of both purpose-built application-specific integrated circuits (ASICs) and general-purpose network processors--providing hardware-accelerated speed without sacrificing flexibility.

Massive Parallel Processing: High-Performance Integrated Services

The Cisco Flow Processor is built around 40 custom Cisco Flow Processor Packet Processing Engines (PPEs), each of which supports 4 threads of execution. With up to 160 independent processor threads running in parallel, the Cisco Flow Processor can avoid the high CPU usage and excess latency found in less-sophisticated hardware architectures. At a practical level, this architecture allows the processor to provide concurrent deployment of multiple advanced services--such as Cisco IOS® Firewall, intrusion-detection services, Network Address Translation (NAT), Flexible Packet Matching (FPM), and deep packet inspection--without accruing the performance penalties usually associated with such services.

Advanced Memory Management: High-Bandwidth, Low-Latency Execution

With all this computational power at its disposal, the Cisco Flow Processor has been designed with a sophisticated memory-management architecture to best enable its innovative capabilities.

With high-speed, multilevel instruction caches, the Cisco Flow Processor has immediate access to the necessary code to apply multiple services to any packet. If many flows transiting the router require the same set of services (often the case), the instruction memory for this service chain is readily available to the processor, drastically decreasing the time spent processing any individual packet.

Furthermore, at any given time the PPEs on the Cisco Flow Processor have access to the entire packet, not just packet headers, as is the case in other architectures. For complex operations such as deep packet inspection, this access effectively eliminates several steps in the processing, dramatically reducing overall onboard latency.

As applications such as unified communications, digital video, conferencing, and collaboration become more interactive and real-time, the need to reduce latency is paramount. The user experience and acceptance of these new, business-enhancing applications will hinge upon their responsiveness.

Customized Quality of Service: Enabling Consistent Service Delivery

With so many different flows passing through the Cisco Flow Processor, and at such high speed, advanced quality-of-service (QoS) mechanisms are a prerequisite. The Cisco Flow Processor boasts more than 100,000 hardware queues that you can allocate in an arbitrary hierarchy, facilitating a sophisticated, tiered traffic-management system that allows for application of multiple levels of QoS to a packet on a single pass through the Cisco Flow Processor.

The Cisco FP Traffic Manager can monitor millions of events per second across multiple channels, making it one of the most accurate scheduling engines found in the industry today.

Even hardware resources external to the Cisco Flow Processor--such as the encryption engine, shared port adapters (SPAs), and the route processor--can benefit from the sophisticated traffic-management capabilities of the Cisco ASR 1000 Series Routers. Traffic to these devices is always queued in such a manner as to prevent oversubscription, while maintaining appropriate priority. Thus, for example, you can schedule high-value business-critical traffic for encryption and transmission before less-important bulk traffic.

As businesses move to voice, video, and interactive, real-time, collaborative applications, packet latency becomes a genuine concern. Latency can lead to dropped frames, misordered packets, and--from a user perspective--garbled voice and video, or frustrating lag in application response time. With sub-100-microsecond latency for high-priority packets, the sophisticated QoS algorithms on the Cisco ASR 1000 Series Routers remove bottlenecks and can significantly improve your experience.

Integrated Services and Programmability: Speeding Service Deployment

Perhaps the most unique innovation in the Cisco Flow Processor is its capability to combine the speed of an ASIC with the flexibility and programmability of a general-purpose processor. Rather than proprietary microcode, the Cisco Flow Processor provides a standard ANSI C application programming interface (API) for programming new functions. As a result of this ease of programming, Cisco can implement new services--even those not invented yet--on the Cisco Flow Processor with a simple software upgrade. Moreover, because of the unique multiprocessor, parallel processing architecture of the Cisco Flow Processor, new services are immediately hardware-accelerated without any special development effort. For the enterprise customer, this new architecture provides a faster “time to service” for new functions and a hardware investment that will retain its value over time.

Embedded Security: Ensuring Data Protection and Compliance

Enterprises are striving to accommodate a more mobile workforce by providing secure, global network access. In addition, more nonemployees, in the form of business partners, contractors, and customers, are gaining expanded access to the enterprise network. Although such developments encourage productivity and business growth, there is a natural concern about the effects of such openness on network security.

Here again, the Cisco ASR 1000 Series Router provides a comprehensive toolset to facilitate business flexibility without assuming additional risk.

The Cisco ASR 1000 Series Router features built-in, multilevel threat detection and containment through 5-, 10-, and 20-Gbps scalable, highly available, embedded firewall services. You can further supplement firewall services by intrusion-detection services. As noted, all services are hardware-accelerated, so the Cisco ASR 1000 Series Router can continue to provide high performance, even with multiple security services enabled.

The ability to classify application traffic at hardware speeds is the foundation of a well-designed security solution. As waves of new Web 2.0 applications come onto the network, the Cisco ASR 1000 Series Routers are prepared with advanced application intelligence. The widely deployed Cisco Network-Based Application Recognition (NBAR) technology is built into the Cisco ASR 1000 Series Router and operates at hardware-enabled speeds. NBAR can classify dozens of the most common applications found in enterprise networks, and--as you introduce new applications--you can dynamically enhance the NBAR engine to recognize them through Protocol Description Language Modules (PDLMs).

For enterprise networks looking for even more fine-grained control over application data, the Cisco ASR 1000 Series Router also implements Cisco Flexible Packet Matching (FPM) technology.

Cisco FPM allows the network administrator to identify and classify packets--even for emerging or in-house applications--by using a simple XML-based language.

For remote access, the Cisco ASR 1000 Series Router contains an integrated multigigabit cryptography engine to support IP Security (IPsec) encryption. In addition to standard remote-access solutions, such as Multiprotocol Label Switching (MPLS) VPN and IPsec VPN, the Cisco ASR 1000 Series Router also supports innovations such as Cisco Dynamic Multipoint VPN (DMVPN) and Cisco Group Encrypted Transport VPN, which can vastly simplify the provisioning and deployment of large numbers of branch offices.

No security implementation would be complete without the capability to manage and monitor network flows. The Cisco ASR 1000 Series Router supports NetFlow Version 9, a Cisco innovation that has been adopted as the industry standard for application monitoring, network planning, security analysis, IP accounting, and traffic engineering. NetFlow boasts a large partner ecosystem, with most well-known systems management vendors providing the capability to capture and analyze NetFlow data.

If more detailed traffic analysis is needed, the Cisco ASR 1000 Series Router supports up to 1024 Encapsulated Remote Switched Port Analyzer (ERSPAN) sessions. ERSPAN allows traffic on a switch port to be replicated and tunneled to another location, to aid in advanced troubleshooting, security analysis, compliance verification, or archival purposes.

Cisco ASR 1000 Series Routers provide standards-based and certified security services, delivered at exceptional speed, and they facilitate a simplified, single-point solution for the management and monitoring of network security.

Performance and Scalability: Increased Capacity for Efficient Operations

The processing power of these routers is contained on the Cisco ASR 1000 Series Embedded Services Processor (ESP), which is the forwarding processor containing the Cisco Flow Processor, encryption engine, and other hardware assists. The routers offer powerful performance and scalability:

Note:    All performance figures are based on the Cisco ASR 1000 Series ESP with a 20-Gbps forwarding or services engine and a 6-Gbps encryption engine. You can also deploy the Cisco ASR 1002 Router with an entry-level 5-Gbps forwarding or services engine and a 1.5-Gbps encryption engine.

   Throughput of 20 Gbps even with Cisco IOS Firewall, NAT, QoS, generic routing encapsulation (GRE), and other services enabled

   High-speed event logging of 40,000 sessions per second with NetFlow Version 9

   Support for 2,000,000 concurrent sessions and 200,000 sessions per second for Cisco IOS Firewall

   Support for 10,000 sessions per second for IPsec site-to-site or remote tunnels (Note: The Cisco ASR 1000 Series ESP20 has been tested internally to support up to 4,000 tunnels, but the ESP20 hardware itself can support up to 10,000 IPsec tunnels.)

   Support for 60,000 IP Multicast groups

   Less than 100-microseconds latency for high-priority applications

   Support for up to 4,000,000 IPv4 routes and 2,00,000 IPv6 routes with Cisco ASR 1000 Series Route Processor 2 (RP2)

   Support for up to 16,000 access control lists (ACLs)

   Support for 2,000,000 NetFlow records

Although raw numbers alone do not tell the whole story of the Cisco ASR 1000 Series Router, these figures represent a powerful price-to-performance ratio.

In terms of an investment decision, the performance numbers indicate that the Cisco ASR 1000 Series Router has substantial headroom to accommodate the future business needs of even the largest of enterprises.

High-Value Integrated Services: Application Intelligence for the WAN Edge

Much has already been said about many of the familiar integrated services available on the Cisco ASR 1000 Series Router, such as Cisco IOS Firewall, NAT, QoS, and IPsec VPN. Because the Cisco ASR 1000 Series Router runs the Cisco IOS XE Software, it also benefits from several innovative features available in this software.

One example of this is the Cisco Unified Border Element (SP Edition). Formerly known only as Session Border Controller (SBC), the Cisco Unified Border Element (SP Edition) allows service providers and large enterprises to connect isolated voice, video, and unified communications networks directly over IP-IP interconnection, avoiding PSTN. End-to-end IP enables services such as SIP trunking, service provider VoIP peering, residential triple play, and business-to-business Cisco TelePresence™ and provides new revenue opportunities, enhances quality, increases scalability, lowers costs, and reduces network complexities.

The Cisco Unified Border Element (SP Edition) on the Cisco ASR 1000 Series builds on the continuous operation and service aggregation provided by the powerful and flexible Cisco ASR 1000 Series Aggregation Services Routers. With media-forwarding performed on an embedded services processor (ESP) and control functions on a route processor, the Cisco ASR 1000 Series delivers an extensible pay-as-you-grow SBC solution through modular ESPs and route processors. The Cisco Unified Border Element (SP Edition) on the Cisco ASR 1000 Series completely integrates the SBC with other Layer 2 and Layer 3 Cisco IOS XE Software services without requiring additional application-specific hardware (service blades). Additionally, the clean separation of control and forwarding planes helps ensure that the multimedia signaling and control processing remain separate from the actual media processing. Phone calls or video sessions are never lost or delayed because the system is too busy to handle the necessary signaling.

More importantly, because SBC functions are usually implemented in an external appliance, consolidating these functions into the Cisco ASR 1000 Series Router saves on power, rack space, and training costs, and allows for a consolidated location for monitoring and management.

Another important service delivered in Cisco IOS XE Software is Cisco Performance Routing. Using built-in tools such as NetFlow, NBAR, and Cisco IP SLAs, Cisco Performance Routing can monitor both the availability and performance of wide-area links. If an application is not receiving its desired performance attributes, Cisco Performance Routing can reroute the application through an alternate path to achieve the proper performance. Using this technology, network designers can dynamically route around performance bottlenecks or service provider “brown-outs”. Cisco Performance Routing can increase overall network availability and improve response time for critical applications, as well as improving your experience.

Enterprises are constantly looking at new ways to cut costs, increase productivity, and provide innovative services to their customers and employees. The Cisco WebEx™ node for the Cisco ASR 1000 Series offers simplified management, reduced external bandwidth, more granular security, and an enhanced user experience for on-premises WebEx Meeting Centers to reduce costs and improve collaboration without having to travel. The Cisco WebEx node, a shared port adapter for the Cisco ASR 1000, can help large enterprises reduce WebEx WAN bandwidth usage by up to 80 percent. The adapter is easy to install and functions transparently as a part of the WebEx collaboration cloud. This results in reduced WAN costs and reduced firewall load.

Business-Critical Resiliency: Delivering Nonstop Communications

As the Cisco ASR 1000 Series Router becomes the central conduit for high-value, business-critical traffic, it is vital that it embody a best-of-class high-availability solution. The router was architected for this type of resiliency.

All forwarding on the Cisco ASR 1000 Series Router is handled directly in hardware by the Cisco Flow Processor and shared port adapters. The control-plane function is implemented by a separate route processor. This clean separation--both physical and logical--of the routing and forwarding planes helps ensure that the critical functions of the route processor are never affected during times of high traffic. Further, this setup leaves the route-processor CPU free to perform vital operations such as route convergence at the greatest possible speed.

Unplanned downtime resulting from a hardware or software service outage can also be mitigated. Using the field-proven Cisco Nonstop Forwarding with Stateful Switchover (NSF/SSO) technology, the Cisco ASR 1000 Series Router can respond to any software-related outage by providing fault containment and dynamic restartability with zero packet loss. Unique among routers in this class, the Cisco ASR 1000 Series Router can run dual copies of the Cisco IOS XE Software on a single route processor, switching to the recovery software image instantaneously upon detection of an outage. For larger enterprise customers who want even further levels of resiliency, the Cisco ASR 1006 Router supports redundant hardware routing and forwarding processors, also capable of zero packet loss during a service outage. (Zero packet loss is based upon route-processor failure. For forwarding-processor failure, minimal packet loss may occur for packets in transit at the time of the failover.)

As more businesses move toward 24-hour operations, finding a maintenance window to perform software upgrades becomes increasingly challenging. In addition to unplanned downtime, the Cisco ASR 1000 Series Routers can also account for these incidents of planned downtime through their industry-leading In Service Software Upgrade (ISSU) function. ISSU permits the complete upgrade of the operating system while the router is actively passing traffic. As with NSF/SSO, you can perform the upgrade operation in a hitless manner--with zero packet loss throughout the procedure. Thus, you can enable new features and functions while business operations remain uninterrupted.

As enterprises expand into a global market, network downtime--whether planned or unplanned--has become a business- and revenue-affecting event. The Cisco ASR 1000 Series Routers are architected with state-of-the-art resiliency to help ensure that mission-critical business functions are always available.

Cisco ASR 1000 Series Routers Quick Fact Sheet

Table 1 compares the Cisco ASR 1000 Series chassis and gives router specifications.

Table 1.       Cisco ASR 1000 Series: Chassis Comparison and Product Specifications


Cisco ASR 1002

Cisco ASR 1004

Cisco ASR 1006


Size: 2 rack units (2RU)

DC power (maximum): 590W

AC power (maximum): 560W

Scalable to 10 Gbps

Software failover

Size: 4RU

DC power (maximum): 1020W

AC power (maximum): 960W

Scalable to 40 Gbps

Software failover

Size: 6RU

DC power (maximum): 1700W

AC power (maximum): 1600W

Scalable to 40 Gbps

Hardware failover

Forwarding cards

One 5-Gbps Cisco ASR 1000 Series ESP (ESP5)

(part number ASR1000-ESP5) or one 10-Gbps Cisco ASR 1000 Series ESP (ESP10)

(part number ASR1000-ESP10) or one 10-Gbps Cisco ASR 1000 Series non crypto ESP (ESP10-N) ( part number ASR1000-ESP10-N)

4–8 millions of packets per second (Mpps)

5-Gbps forwarding

One Cisco ASR 1000 Series ESP10 (ASR1000-ESP10)


one Cisco ASR 1000 Series non crypto ESP (ASR1000-ESP10-N)


One Cisco ASR 1000 Series ESP20 (ASR1000-ESP-20)

16 Mpps

20-Gbps forwarding

One or two Cisco ASR 1000 Series ESP10s (ASR1000-ESP10)


one Cisco ASR 1000 Series non crypto ESP (ASR1000-ESP10-N)


One or two Cisco ASR 1000 Series ESP20s (ASR1000-ESP20)

1 + 1 redundancy

16 Mpps

20-Gbps forwarding

Route processor


Integrated in the chassis

4-GB memory


One Cisco ASR 1000 Series Route Processor 1 (RP1)



One Cisco ASR 1000 Series Route Processor 2 (RP2)


2- or 4-GB memory

Optional 40-GB hard disk drive (RP1 only)

Optional 80-GB hard disk drive (RP2 only)

One or two Cisco ASR 1000 Series RP1s



One Cisco ASR 1000 Series Route Processor 2 (RP2)


1 + 1 redundancy

2- or 4-GB memory

Optional 40-GB hard disk drive

(RP1 only)

Optional 80-GB hard disk drive (RP2 only)

SPA Interface Processor (SIP)

Integrated: 3 SPA slots

Up to two Cisco ASR 1000 Series SPA Interface Processors (SIPs)


8 SPA slots

Up to three Cisco ASR 1000 Series SIPs


12 SPA slots


Cisco IOS XE Software

Minimum release: 2.1
Based on Cisco IOS Software Release 12.2SR

Cisco IOS XE Software

Minimum release: 2.1
Based on Cisco IOS Software Release 12.2SR

Cisco IOS XE Software

Minimum release: 2.1
Based on Cisco IOS Software Release 12.2SR

Cisco ASR 1000 Series Routers: An Investment in the Future, Available Now

The Cisco ASR 1000 Series Routers have been crafted to meet and exceed the most exacting standards that rapidly evolving enterprise business requirements can demand:

   Consolidation of services into a single, high-performance chassis, eliminating the need for multiple, single-function appliances: Savings in power budget, rack space, training, integration and testing costs, and lower TCO

   Massive forwarding power, even with multiple features enabled: Extremely low latency for delay-sensitive voice, video, real-time, and collaborative applications, without sacrificing security

   Software upgradable for new, hardware-accelerated services: Significant investment protection, longevity of deployment, and faster “time to service”

   Integrated high-speed security and encryption: Suitable for high-density aggregation of thousands of remote sites, while concurrently supporting mobile workforce, contractors, partners, and customers

   Industry-leading high availability and resiliency: Support for 24-hour global operations and mitigation of costly, business-affecting service outages

With such significant processing power on a single Cisco ASR 1000 Series ESP, plus the capability to enable new hardware-accelerated services with a straightforward software upgrade, the Cisco ASR 1000 Series Router is an investment not just for the short term, but for years to come.

Cisco Services for the Enterprise WAN Edge

Cisco and our partners help make your enterprise WAN edge deployment a success with a broad portfolio of services based on proven methodologies. We can help you establish a secure, resilient WAN architecture and successfully integrate Cisco® Unified Communications, Cisco TelePresence™, security, and mobility technologies with bandwidth to support video, collaboration, branch solutions, and growth in alignment with your business goals. Planning and design services align technology with business goals and can increase the accuracy, speed, and efficiency of deployment. Technical services help maintain operational health, strengthen software application functionality, solve performance issues, and lower expenses. Optimization services are designed to continually improve performance and help your team succeed with new technologies. For more information, visit

For More Information

For more information about the Cisco ASR 1000 Series Routers, visit