Cisco 10000 Series Routers

Cisco 10000 Series Router

Product Bulletin No. 2254

Cisco 10000 Series Router

The Cisco® 10000 Series Router introduces new forwarding hardware, interface modules, and Cisco IOS® Software. The application and utility of the platform has expanded, offering exciting opportunities for service providers in the areas of service definition and reduced operational expenditure. The focus of the Cisco 10000 Series remains at the edge of the service provider network.

The network edge has seen transformation over the past years, with ever-increasing demands on scalability, performance, availability, and cost reductions. With its new capabilities, the Cisco 10000 Series is positioned to lead this market and define the next wave of services and solutions.

The Cisco 1000 Series Performance Routing Engine (PRE-2) offers a quantum leap in scalability, performance, and features over its predecessor (the PRE-1). Coupled with the introduction of OC-48c/STM-16c uplink modules, the solution is positioned for higher-speed, higher-density edge applications. The latest Cisco IOS Software expands the Cisco 10000 Series legacy in high-density leased-line and Multiprotocol Label Switching (MPLS) applications, to include a full-featured broadband aggregation suite.

This document provides a guideline to applications best suited for the Cisco 10000 Series with its latest enhancements.

Broadband Aggregation

The term "broadband" covers many access technologies, including high-speed, fixed-access circuits and wireless solutions. For the purposes of this document, broadband access is defined as subscriber connections (business and residential) accessing the service provider network over DSL technologies. The Cisco 10000 Series does not physically terminate DSL circuits (this is the role of a DSL access multiplexer [DSLAM]). Its role is to aggregate the many thousands of ATM virtual circuits between central office locations and a service provider's IP network.

Ethernet is another broadband technology. Long-range Ethernet is emerging as an alternative to DSL technology in many metropolitan regions throughout the world It is likely to appear as an alternative transport medium for DSLAMs competing with ATM.

Ethernet is placed under the "broadband" umbrella The Cisco 10000 Series offers aggregation services for subscribers arriving through traditional ATM broadband as well as Ethernet broadband. With a rich history in ATM connectivity and services, the Cisco 10000 Series is optimized for ATM-based broadband aggregation, offering world-class scalability, performance, and features.

Leased-Line Aggregation

Leased-line aggregation includes "fixed-access" circuits generally focused on connecting business customers to a service provider network. Products or services offered over such circuits usually fall into one of two categories: Internet access and virtual private networks (VPNs).

Three main access mediums exist for the leased-line space—time-division multiplexing (TDM) circuits in the form of point-to-point connections, Frame Relay permanent virtual circuits (PVCs), and ATM PVCs. As with the broadband application space, Ethernet is becoming more prevalent, with many providers offering alternative high-speed applications with the technology.

Internet Access and VPNs

Access medium and Layer 2 protocol selection are extremely important to the service provider—they ultimately define the infrastructure, scalability, performance, and cost of a network. However, many customers of service providers do not buy access circuits—these are just a means to an end product, such as Internet access or VPNs.

Internet Access

Internet access has been the mainstay for service providers over the past five years with literally tens of thousands of businesses worldwide connecting through access networks to the Internet.


VPNs have become a critical business driver as organizations worldwide rely more on the distribution of Web-based information and applications. Most enterprise and medium-sized businesses now offer intranet-based services for everyday operations, and service providers want to be part of this next wave of IT by offering outsourced services. Much of the high revenue growth over the coming years for the service provider will come from the VPN market.

Many protocols and follow-on applications have been driven by the VPN requirements including protocols and applications. Cisco has been at the forefront defining such technologies and standards. Multiprotocol Label Switching (MPLS) is the leading technology used to build scalable VPNs. Many of the world's largest service providers have built extensive MPLS networks with Cisco products, and are now offering VPN services to thousands of business organizations.

The Cisco 10000 Series offers a comprehensive and scalable MPLS feature set and is a leading provider-edge router in the Cisco portfolio. The product's MPLS capabilities span both leased-line and broadband applications, the latter being a growth market in remote working environments. Broad MPLS feature support is becoming increasingly important as the market matures. The integration of leased-line and broadband capabilities is critical to meet the needs of service providers wishing to consolidate infrastructure at the network edge.

Cisco 10000 Series Application Guide

General Overview of Broadband Remote Access Server

The Cisco 10000 Series provides aggregation and connectivity services between the service provider's access network and the core IP network (Figure 1).

Figure 1
Service Provider Network Architecture

The access network consists of two main elements: DSL connections between the central office and customer premises, and an ATM network connecting central offices to the service provider points of presence (POPs). The access network is responsible for delivering subscriber connections in bulk to the service provider's IP edge.

The core network usually consists of high-speed routers meshed together with high-speed optical circuits, providing connectivity between regional POPs and peering points for Internet access.

The Cisco 10000 Series performs a pivotal role in the aggregation and termination of access technologies, authentication services, and the switching and routing of IP packets to and from the core.

Baseline Attributes for the Cisco 10000 Series Broadband Remote Access Aggregator

ATM services—A full spectrum of ATM interfaces is available from DS3/E3 copper through to OC-12/STM-4 high-speed optical. Interface choice is coupled with industry-leading densities and the highest scalability of virtual circuits. The Cisco 10000 Series offers several ATM service classes, including unspecified bit rate (UBR); UBR+; variable bit rate, non-real time (VBR-nrt); and constant bit rate (CBR) with scalable, accurate shaping at both the virtual circuit and virtual path layers.

Scalable provisioning services—Industry-leading authentication, authorization, and accounting (AAA) and Remote Authentication Dial-In User Services (RADIUS) provisioning of bulk configurations with the "Virtual Circuit Range" application. Zero-touch provisioning of virtual circuits with the "Auto-Configure" application.

Widest range of high-touch services—Using the Cisco 10000 Series Parallel Express Forwarding (PXF) adaptive architecture, many per-virtual circuit services are available with zero effect on system performance or scalability. From per-virtual circuit access control lists (ACLs) through IP multicast to extensive IP quality of service (QoS), the Cisco 10000 Series continues to lead the industry with high-value embedded services.

High availability—The Cisco 10000 Series has set the standard with high-availability features for the edge leased-line aggregation space. Much of the same technology and applications are used for broadband, enabling service providers to confidently scale subscriber sessions and performance attributes without the fear of prolonged network outages. As the concentration of subscriber aggregation on the Cisco 10000 Series increases, the requirement for advanced high-availability features becomes greater.

Broadband Architectures and Applications

RFC 1483/2668 and Remote Bridge Encapsulation

RFC 1483/2668 and Remote Bridge Encapsulation (RBE) are synonymous with ATM virtual circuits—they are traditionally used by service providers that "terminate" subscriber virtual circuits at the network edge and "route" traffic into the core for Internet or VPN services. The main difference between the two protocols is in the area of IP management. RFC 1483/2668 relies heavily on manual provisioning of addresses and routes per subscriber, while RBE uses Dynamic Host Configuration Protocol (DHCP) technology to automate the provisioning of addresses and routes. RBE is much simpler to provision and offers far greater scalability attributes than RFC 1483/2668.

Many service providers use these protocols for business-class Internet access, particularly where cheaper DSL access circuits are replacing leased lines. The point-to-point and "always-on" nature of these services make them ideal candidates for such access protocols. Both protocols are used extensively throughout the broadband application space, with an installed base of many millions of subscribers.

The subscriber experience is often defined at the broadband remote access server (BRAS) by using ATM or IP-level rate-limiting capabilities. Both ATM traffic shaping and IP policing/shaping are supported on the Cisco 10000 Series platform, offering scalable and accurate solutions for both environments (Figure 2).

Figure 2
RFC1483/2668 and RBE

The Cisco 10000 Series offers a comprehensive Cisco IOS Software feature set that has proven reliability, interoperability, scalability, and performance for both applications. RFC 1483/2668 is also used extensively for leased-line applications. The Cisco 10000 Series has supported this protocol for more than three years, and has thousands of ports terminated.

Point-to-Point Protocol Termination and Aggregation

Two main types of Point-to-Point Protocol (PPP) are used throughout the broadband space: PPP over ATM (PPPoA) and PPP over Ethernet (PPPoE). PPPoE can be transported on either ATM virtual circuits (PPPoEoA) or over Ethernet (PPPoEoE). In this section, all subscriber connections will arrive on ATM virtual circuits.

PPP has the flexibility to span two broadband architectures. The PPP Termination and Aggregation (PTA) method is typical for retail applications, and the "tunneled" method is typical for the wholesale architecture. This section will concentrate on the PTA solution (Figure 3).

Figure 3

Service providers that wish to terminate the ATM and PPP access protocols and route subscribers' IP packets into the core network can choose either the PPPoA or PPPoEoA protocols in the PTA architecture. The PPPoE protocol uses a PPP client on the subscriber PC and offers the ability to run multiple PCs (or sessions) over a single ATM virtual circuit. Conversely, the PPPoA protocol offloads the client to the customer premises equipment (CPE). This makes the configuration of the PC much simpler, but only a single PPP session is supported per DSL connection.

PPPoX protocols are synonymous with the residential broadband market. This popular protocol provides a well-understood method for subscriber authentication and IP address management. It has a strong legacy in the dial market; consequently, many service providers are comfortable with its deployment. It also offers many features that enhance scalability and flexibility of service offerings. The Cisco 10000 Series supports a comprehensive PPPoX application suite, including extensive AAA/RADIUS attributes to allow flexible and scalable provisioning of services.

One advantage of PPPoX with authentication is service selection. Here, a subscriber can choose a destination network or service attributes by selecting different logons or using a Web-based application. This capability is known as Service Selection Gateway.

Layer 2 Tunneling Protocol Architectures

Many service providers offer access to DSL-connected subscribers for the purposes of wholesale services. In other words, they give subscriber connections to the Internet service provider (ISP) for a percentage of the subscriber's monthly subscription. In some cases, a provider will offer both retail and wholesale services. Retail services are usually reserved for a service provider's own ISP and will use a PTA architecture, while wholesale services are offered for alternative ISPs and use tunneling technologies such as Layer 2 Tunneling Protocol (L2TP).

L2TP technology allows the carrier to present subscriber PPP sessions in bulk to the alternative ISP at a given remote location, and offloads authentication and IP address management services to the destination ISP. In the L2TP model, there are two main devices: the L2TP access concentrator (LAC) and the L2TP network server (LNS). The Cisco 10000 Series is usually configured as an LAC.

The LAC is situated in the carrier's POP and provides aggregation for the Layer 2 access medium (such as ATM). It also provides a PPP switching service for subscriber sessions into the appropriate ISP's L2TP tunnel (Figure 4). After the session arrives at the destination ISP's LNS, the PPP session is fully authenticated and IP services are started. Subscriber IP packets from the LNS are routed to the Internet.

The wholesale provider has little to do with subscriber connections. The main purpose of this architecture is for mass transportation of sessions from the POP to the ISP LNS.

Figure 4
L2TP Tunneled Architecture

The Cisco 10000 Series operates as a highly scalable LAC with a comprehensive set of PPP, AAA/RADIUS, and L2TP attributes. In many cases, an ISP will contract the service provider to dictate the service rate for the subscriber. This is usually implemented by ATM traffic shaping capabilities on the Cisco 10000 Series. A single LAC can support subscriber sessions for many remote ISPs, and it is common to provision a unique L2TP tunnel per destination ISP.

Remote Access to MPLS

Remote Access to MPLS (RA-MPLS) offers service providers an alternative to L2TP for the provisioning of wholesale services. Instead of building unique L2TP tunnels per ISP, a unique VPN per ISP is provisioned over an MPLS core (Figure 5). Layer 2 access protocols are terminated at the service provider's edge and placed into the appropriate VPN. Subscriber traffic is routed through the VPN to the destination ISP's network, and then onto the Internet.

Figure 5

The Cisco 10000 Series operates as a highly flexible provider edge MPLS device, supporting the widest range of Layer 2 encapsulations. It offers an array of per-VPN services, including Hot Standby Router Protocol (HSRP), AAA/RADIUS, and DHCP.

Leased-Line Aggregation—General

The Cisco 10000 Series has provided leased-line aggregation services for tens of thousands of business customers and hundreds of carriers (Figure 6). The provider edge is the dividing line between the various access technologies and networks used to present customer connections to the carrier and the core IP transport network used for Internet or VPN connectivity.

Figure 6
Leased-Line Architecture

The Cisco 10000 Series provides several services at the edge, from Layer 2 circuit termination to advanced switching and IP routing, along with many IP services.

Baseline Attributes for the Cisco 10000 Series Leased-Line Aggregator

Interface diversity and density—Offers one of the broadest ranges of physical and logical interfaces in the industry, from low-speed copper to high-speed optical channelized. All major worldwide interfaces are supported, enabling the global service provider to select a single product for worldwide deployments. Using high-speed channelized interfaces, the Cisco 10000 Series is able to boast the highest interface densities in the industry.

High-performance IP services—Using the Cisco 10000 Series PXF adaptive processing architecture, the range of IP services continues to expand as the product and market matures. The Cisco 1000 Series Performance Routing Engine (PRE-2) expands the Cisco 10000 Series link efficiency mechanisms to include Multilink Frame Relay, and many other IP services have been enhanced over the PRE-1 implementation.

Rich MPLS feature set—Many service providers are deploying VPN-based solutions for additional revenue growth in 2003 and beyond. The Cisco 10000 Series has proven its versatility, performance, and availability as a next-generation provider edge router. The PRE-2/Full Sail release builds on this feature set to expand and increase performance in this important application space

Leased-Line Aggregation Architectures and Applications

Channelized Aggregation Architecture

The Cisco 10000 Series was introduced to the service provider market more than three years ago. From the start, it has focused on the aggregation of low-speed, very-high-density leased-line circuits by using channelized interfaces (Figure 7).

Figure 7
Channelized Architecture

The Cisco 10000 Series offers the widest suite of channelized modules, ranging from copper E1/T1 to optical O-12/STM-4, allowing the Cisco 10000 Series the diversity for all leased-line applications. Recent channelization enhancements to the optical modules help ensure worldwide coverage of configuration options. In a typical Cisco 10000 Series application, the provider usually situates the aggregator in a centrally located POP and backhauls individual customer connections from central offices across the SONET/SDH networks. Add-drop multiplexers are devices at either end of the optical network that provide aggregation of low-speed customer connections (T1/E1) and aggregation into higher-order optical interfaces in the central POP. Popular Layer 2 encapsulations include PPP and High-Level Data Link Control (HDLC), both with comprehensive support on the platform. Numerous IP services are fully supported over channelized interfaces, including IP QoS, ACLs, IP multicast, and security services.

Frame Relay Aggregation

Frame Relay continues to dominate service provider markets in many regions and is the preferred technology for Layer 2 VPNs. Over the past three years, many providers have taken advantage of their investment in Frame Relay networks for overlay IP services (Figure 8).

Figure 8
Frame Relay Architecture

Many service providers offer IP Internet access and VPN products over existing Frame Relay access networks. Frame Relay packet switched networks allow flexibility to build in contention and to better dimension infrastructure resources based on traffic profiles, allowing better economies of scale. When aggregating Frame Relay circuits, the Cisco 10000 Series is usually located in a central POP and connects to local switch nodes through copper or optical interfaces. Typically, these connections are effected with nonchannelized interfaces. Frame Relay data-link connection identifiers (DLCIs) are terminated on the Cisco 10000 Series with customer IP traffic routed through the core network. Frame Relay encapsulation is supported on the full range of packet interfaces, including channelized and nonchannelized modules. Numerous Frame Relay options and services are supported on the platform, including traffic shaping and QoS.

ATM Aggregation

ATM is prevalent in many incumbent local exchange carrier (ILEC) and PTT access networks, and many providers use the technology as the foundation for multiservice platforms. Over the past several years, ATM has been used to provide transport services for many applications, including backhaul for DSL services and leased-line emulation for Internet and VPN services.

Figure 9
ATM Architecture

When used as an ATM aggregator, the Cisco 10000 Series is usually placed in a central POP and connected to a local ATM switching node through optical interfaces. ATM virtual circuits are terminated on the device, and customer IP traffic destined for the Internet or VPN is routed onto the core network.

The Cisco 10000 Series offers a full range of ATM interfaces, from DS3/E3 copper through OC-12/STM-4. The platform supports ATM classes of service (CoSs), including UBR, UBR+, VBR-nrt, and CBR with extensive IP QoS to ATM CoS interworking. A rich ATM feature set is supported, including accurate and scalable traffic shaping as well as operations, administration, and maintenance (OAM) facilities.

Ethernet Aggregation

Ethernet is becoming more prevalent in metropolitan areas throughout the world, with many providers now offering high-speed Internet and VPN access over local fiber-optic networks (Figure 10).

Figure 10
Ethernet Architecture

Many enterprise customers use Ethernet technology for the "hub" site within a VPN network. "Spoke" sites are generally connected to the service provider's infrastructure with lower speed fixed circuits, such as those mentioned previously. Customer connections are usually defined as 802.1Q virtual LAN (VLAN) logical interfaces under the main Ethernet interface. The Cisco 10000 Series supports both Gigabit and Fast Ethernet interfaces with a rich set of high-value IP services, including QoS and ACLs.

MPLS Provider Edge Applications

Figure 11
MPLS Architecture

Most providers now offer Layer 3 VPN services as service offering of higher value than Internet access. MPLS technology has allowed providers to target small to medium-sized businesses for outsourced VPN services. The "build once, sell many" approach of the network design provides scalability and flexibility with respect to VPN products and services. MPLS provider edge functions and a valuable array of associated features and services are offered on the Cisco 10000 Series, spanning all interfaces and encapsulations from low-speed broadband to traditional leased-line applications to high-speed Ethernet.

Combined Broadband and Leased-Line Applications

Figure 12
A Combined Leased-Line and Broadband Architecture

The demarcation between leased-line and broadband applications has become less clear over the past few years. DSL circuits are competing in the traditional leased-line space, with many service providers offering Internet and VPN services over these lower-cost alternatives to dedicated TDM. The role of the leased-line aggregator has been expanded to include the termination of many traditional broadband interfaces and encapsulations. In today's market, the provider is continuously looking at ways to reduce costs and consolidate the number of edge products. Combining leased-line and business-class DSL access is one option that many providers are introducing.


The introduction of the Cisco 10000 Series Performance Routing Engine (PRE-2) and associated line cards greatly expands the utility of the Cisco 10000 Series across numerous service provider edge applications. The introduction of scalable broadband services and the enhancements to the leased-line application position the Cisco 10000 Series with Performance Routing Engine (PRE-2) as the market leader. The importance of leased-line and broadband applications in a single edge device is likely to increase over the coming years, as service providers continue to look at ways to consolidate infrastructure costs. The Cisco 10000 Series is best positioned to take advantage of the "new edge" application with increased flexibility, performance, scalability, and availability.