Everything you love about SD-WAN on vEdge, now on the ISR

Ever wish you could take the best of Cisco SD-WAN software and combine it with the best routing platform? Well, you’ll be pleased to know we’re introducing new models, the ISR 1100-4G and ISR 1100-6G, which run Viptela OS on ISR hardware. Now you get best-in-class SD-WAN with best-in-class hardware. All the SD-WAN features you’ve loved on vEdge devices are now available with the ISR 1000 Series.

The ISR 1100-4G and 1100-6G are feature-rich platforms with Cisco SD-WAN delivering WAN, security and multi-cloud capabilities. Viptela OS and Cisco SD-WAN’s vManage provide automated, network-wide deployment, configuration, monitoring, and troubleshooting as well as transport independence, network services, and endpoint flexibility. So, if you are looking to upgrade from the vEdge 100B or vEdge 1000 the ISR 1100-4G/6G provide a powerful replacement.

Give me the specs!

◉ Up to 4 built-in 10/100/1000 Ethernet ports for WAN or LAN with SFP support

◉ 4 GB DRAM, 8 GB bulk flash

◉ Dedicated control plane for service reliability, multicore data plane for higher performance

◉ Embedded device security with high platform reliability

◉ Fanless, compact form factor perfect for branch offices

What can you accomplish with the ISR 1100-4G/6G?

◉ Create a secure automated WAN – Using Cisco SD-WAN you can automatically provision and maintain secure connections across the WAN.

◉ Optimize application performance – Provide a consistent user and application quality of experience for optimal performance across any transport, location and cloud.

◉ Provide secure Direct Internet Access – Multi-layer cloud security delivers comprehensive protection against external and internal threats and provides your users with direct internet access. With Cisco SD-WAN you’ll get cost effective and secure access over the internet and secure access to business critical applications for remote sites.

◉ Simplify management and operations – A single, centralized user interface that is open and programmable gives you the ability to easily scale to thousands of sites.

Not only do the new ISR platforms provide full SD-WAN feature parity with Cisco vEdge devices, they also offer investment protection with the ability to switch to IOS XE SD-WAN in the future.

Continue reading

The Legacy Continues with a Modern Classic

With the ISR 900 Series, Cisco continues a 26 year pedigree.

1993 was a much simpler time. A gallon of gas cost $1.16. The Space Shuttle was still flying. Beanie Babies were launched. Intel introduced the Pentium processor to power Windows 3.1. Jurassic Park and Mrs. Doubtfire were leading the box office while Snoop Dogg and Rage Against the Machine had breakout hits. Is this making anyone else feel nostalgic or just old?

1993 was also the year that Cisco introduced something that would forever change the landscape of networking in remote offices – the Cisco 2500 Series. For the first time there was a compact affordable Enterprise router with a huge spectrum of available interfaces and features to hammer just about any networking nail. The 2500 was so reliable that they can still be found in offices and data centers around the world more than a quarter century after being introduced. (I confess that I still use several 2511-RJ as terminal servers.)

Capability with Simplicity

So, what made the Cisco 2500 so great and how does that relate to a router being introduced in 2019? The answer is simple – literally. Simplicity with capability in the form of features and interfaces. The 2500 was never the fastest router in the market, but the flexibility and reliability made it a trusted friend for IT staff. With literally thousands of features and any interface type you were likely, or even unlikely, to run into, the 2500 could do it all.

That initial success led to the Cisco 2600 and 3600 Series which would morph into the first generation of Integrated Services Routers followed by the ISR G2 and 800 Series routers all running the same Cisco IOS® operating system. That’s a direct unbroken line of platforms running the same operating system since the earliest Cisco Routers, while adding new features and hardening the whole time. There just isn’t another piece of software with that pedigree anywhere.

Modern Hardware for a New Take on a Classic

The ISR 900 Series builds on that solid foundation with rock-solid 21st century hardware. The Cisco 900 Series is a silent, fan-less chassis designed to fit into any office. With that comes the interfaces you need today including LTE (available soon), ADSL/VDSL, Gigabit Ethernet WAN and switching. Modern components bring Cisco IOS performance on par with current branch routers including high performance encrypted VPN and firewall. Thousands of features you expect from a Cisco Branch Router, including some the 2500 never dreamed of, are built in such as MPLS, IPSLA, AVC, PfR and more with performance that’s more than 100 times what the 2500 could dream of.

Just One More Thing

There’s also one more throwback to classic small branch routers you might notice in the new Cisco 900 Series ISR and that’s the internal power supply. The Cisco 921 & 931 ISRs do away with the external power supply “brick” common to branch office devices and brings the power supply inside the router which can really clean up a cluttered branch environment.  Getting the power supply inside a passively cooled chassis with a wide temperature range is a big engineering deal. Yes, I really did just geek out over a power supply.

The Cisco 900 Series is a modern classic. It complements other members of the ISR portfolio, such as the ISR 1000 Series and ISR 4000 Series, while providing an easy migration path for Cisco 800 Series users. It isn’t the fastest or flashiest member of the ISR family. What it is is a solid, reliable performer with the features you need to sort out the most complex of network nightmares. Isn’t that what most IT professionals really want when the business is on the line?

This is just a teaser for what you can expect from the Cisco ISR 900 Series. Head on over to the Cisco ISR 900 Series page, cisco.com/go/isr900, for all the details.

Continue reading

Miercom Tests Endorse Cisco 1000 Series ISRs’ IPsec Encryption Performance

In both traditional and future SD-WAN network architectures, IPsec encryption performance is one of the most important technologies for secure delivery of customer traffic in branch routers. Higher IPsec throughput performance can also translate into improved customer experience and even revenue.

Miercom recently validated a few models of Cisco and Huawei fixed branch routers, measuring RFC 2544 IPsec encryption throughput performance. The testing shows that the Cisco 1111 Integrated Services Router (ISR) demonstrated the highest average IPsec throughput performance of 365 Mbps, compared to Huawei and HPE fixed branch routers. The Huawei AR1220E shows only 245 Mbps. The result is the average of 20 test results, so it is very reliable.

Table 1 shows the overall throughput performance comparison chart from the Miercom report.

Table 1. Competitive WAN performance

Let’s look at the result variation among the 20 test runs. See Table 2.

Table 2. WAN performance variation

The Huawei AR1220E fixed router shows the largest throughput variations. In other words, Huawei fixed router throughput performance is not the same when measured at different times under the same setup conditions and environments. To customers, this could mean very inconsistent throughput due to complex processing of I/O, buffering, table lookup, queuing, and forwarding sessions. For a service provider, this could result in poor customer satisfaction.

If we look at the overall test result variations reported by Miercom, the two Cisco fixed ISRs, the 1117 and 1111, have the lowest variations in IPsec throughput results, while the three Huawei fixed routers, the AR1220E, AR169FGW-L, and AR201, show the highest variations. See Table 3. To customers, this means that if you pick Cisco fixed routers as your branch router for WAN services, you will get better and more consistent IPsec throughput performance, while if you pick Huawei fixed routers, the service may be very inconsistent.

Table 3. Competitive WAN performance variability

For the full details, download the comprehensive Miercom report and accompanying test results.

Continue reading

What is SD-WAN?

The SD-WAN market is in high gear. The concept is solid and the benefits are real. There are, in fact, very few WAN situations that would not benefit greatly from this technology. However, all SD-WAN is not the same. There are multiple paths you choose as you endeavor to take your existing, running, trusted network…to a brand new modern one.

What is SD-WAN?

The primary value proposition for SD-WAN centers on the high cost of traditional WAN. As the internet has grown, it has become easier (and cheaper) to get broadband internet circuits just about anywhere. For many users, high speed bandwidth was no longer a benefit of driving to the office. I has become harder to explain why we had to build the networks that we did and as traffic patterns have migrated cloud-wise, these designs are showing their age.

More Options. Less Complexity.

MPLS has been the dominant form of enterprise WAN over the past few decades but it finally has a very viable competitor in SD-WAN. MPLS circuits provide a dedicated network that is completely distinct from any other network. Every remote connection has a specifically sized circuit delivered to them so you know exactly how much bandwidth you get at each site…it is all very predictable. Which is important. If any location needs to access ‘the internet’ than this is commonly done by routing that connection through a central office which has big pipes to the internet and various security mechanisms for filtering it.

Two big issues have come out of this:

1. All internet traffic from branch sites is using those precious/expensive MPLS in two directions. This is secure….but wasteful.

2. Internet use is rising fast along with it’s business critical nature with multiple Saas or IaaS resources are now used by the entire enterprise.

Enterprise IT has long been able to connect to the Internet directly from any remote office. This is not a new idea. It just came with too much risk.

SD-WAN is now offering a credible option for enabling a secure ‘hybrid’ WAN. The hybrid is a reference for how SD-WAN is here to augment, not necessarily replace those expensive MPLS circuits with a less expensive broadband internet.

There will be multiple, physical circuit terminations into the same edge point. Does the vendor have hardware routing experience? Some locations may need an MPLS line, pus two different sources of Internet connectivity. If it’s a really critical area, consider adding cellular failover, 4G LTE or other wireless that might be available. Make sure you can run active/active on those cabled circuits as well so that you are not paying for something ‘just in case.’

When SD-WAN is done right, it should offer a simplified ability to route enterprise traffic in a secure manner with a consistent quality of experience that is as good or better than what you are doing now.

If you are considering an SD-WAN solution, there are quite a few options in the market. Here is my shortlist for things you should make sure you dig into with any option under consideration:

1. Simplicity – the software defined part of SD-WAN refers to the control portion of your routers now being handled somewhere else. This is generally a cloud based that you access with what is hopefully a simple interface. Couple of quick things to check for here:

◈ Does the controller HAVE to be in the cloud? You may run a network that does not allow for this…make sure you know what you can do.

◈ Is ALL the policy control handled through this same interface? How granular can it get? You should be able to define and manage unique policies for every remote location down to the individual application requirements. Set it and forget it.

2. Security should be more than a passing mention to IPsec encryption.

◈ Check for how security is being handled across three dimensions: encryption, authentication and integrity. Zero-trust models are the goal but make sure that it’s not just a marketing term.

◈ The ease of bringing new sites onto the network is a common benefit. Ask what security is in place when doing this. Remote connections back to the centralized controller should have an authorization process that precedes any traffic flows.

◈ Security is very personal, unique to every organization. Make sure you like the options available for expanding security controls outside of the ones provided by your SD-WAN vendor.

◈ This move to SD-WAN is being driven by the incredible growth of cloud based applications we all now depend on. Security controls need to extend to these services as well..striking that balance between ‘secure connection’ and ‘most optimal route.’

◈ SD-WAN brings a lot of flexibility we have not had before. Take fully meshed connections for example. These were once too complex to configure in most situations. Dynamic, policy based routing should be easy for SD-WAN such that performance remains aligned with security. There should be no trade-offs here.

3. Quality of Experience – as opposed the ease of use pointer above, this QoE mention is really about the controls and design in place that benefit the end-user.

◈ The internet is still not controllable in the same sense as a private network. However, there are quite a few things that can now be done to minimize this. Hybrid network connectivity, combined with granular controls should allow for policies that can dictate the conditions under which an MPLS path might be chosen. This is a new middle ground option that previously did not exist. The idea is that your SD-WAN implementation should allow you to reduce the size of your MPLS circuits (which reduces operating costs) because you have policies that say that certain applications may work just fine over the internet ‘most of the time.’ What you want is a real time measurement that can choose that MPLS route for a specific conversation at a specific time…because the network is smart enough to pull it off.

◈ Non-core applications are generally the first to move to the cloud model. HR, scheduling, administrative stuff, these have become SaaS applications like Office 365 and Salesforce for example. User experience will vary by the state of multiple things that constantly change: from the internet gateway on one end, all the through to the hosting location on the other. How is this variation measured and then used to optimize the routing path?

Track Record

There are no shortage of SD-WAN vendors right now. This is truly where WAN networking is going, it is not a fad of any sort. But as much as networking changes, it still remains the same. Don’t overlook the importance of a good track record in both networking and security. Most vendors seem to have some experience in one but are then partnering for the other. Partnerships are hard. We do it. But if any one element that is important to you, is being handled through a partnership…make sure you are comfortable with how that will work for you if something goes awry. This is your network after all…everything and everyone is impacted.

Don’t run towards SD-WAN ONLY because it offers tremendous cost savings when compared to your private lines. There should be no increased risk or settling for sub-standard control options. SD-WAN is a technology your network should aspire to with better security, better visibility, control and ease of use. It’s all here and it’s fun to show off.

Continue reading

Delivering 1 Gbps over DSL with Cisco’s ISR 1000

I still remember the day I first got ADSL at home in 2000. The top speed was only 2 Mbps, but I was purely fascinated by everything I could do at home, especially playing video games. Not before long, ADSL was replaced with VDSL, which changed my use of the internet from playing games to downloading video and music files in bulk, thanks to Napster and Torrent.

Putting memories aside, the general landscape of the internet has completely changed over the last decade. No longer are the days of one desktop serving an entire family, instead each family member has at least one smartphone and possibly a laptop which are used constantly for streaming videos, music and more. Businesses have an immense scale of data to process and share over the internet. What this means is that bandwidth is the key to keeping families happy and businesses running.

DSL innovation has been relentless when it comes to meeting the growing demand for higher bandwidth in the market. The latest form of DSL that has been introduced is G.fast, which is expanding aggressively in the UK and Switzerland. G.fast is a DSL technology that has stretched its frequency spectrum up to 106 MHz with the additional capability to increase up to 212 MHz. Compared to the common VDSL2 deployment with 17 MHz, G.fast at 106MHz is capable of offering throughput up to 1 Gbps. In addition to its high bandwidth, G.fast is a more affordable option compared to fiber, since it is deployed over copper wires.

Today’s internet landscape has also played a major role in propelling local governments and service providers to work hand-in-hand to provide faster internet services to the general public. For example, the EU has launched an initiative to support access to internet connections with 1 Gbps by 2025 for all schools, transport hubs and main providers of public services, as well as digitally intensive enterprises. In order to support this initiative, it is no surprise that G.fast is highly favored by many service providers in Europe. British Telecom and Swisscom are at the forefront in leading their services with G.fast.

G.fast in Detail

G.fast is a DSL technology, but it sets itself apart in a few aspects from its predecessors, such as VDSL. First, the frequency spectrum used in G.fast is far wider compared to most profiles in VDSL2. The latest VDSL2 profile, deployed in Italy and Germany, is only at 35MHz, offering a throughput of 300 Mbps. Early G.fast deployments used a frequency spectrum of 22-106MHz to avoid interference from the range used by VDSL, which resulted in approximately 100 Mbps less throughput compared to using the full spectrum from 2 MHz. To increase the throughput on G.fast, the current frequency spectrum is being evaluated for an extension down to 2 MHz and up to 212 MHz. Particularly, 212MHz promises a peak aggregate throughput of 2 Gbps, which will enable 1Gbps for both downstream and upstream.

Another technical difference that makes G.fast unique is Time Domain Duplex (TDD). ADSL and VDSL have traditionally used Frequency Domain Duplex (FDD), where downstream and upstream had one frequency band for each to communicate. Since the frequency band for each direction of traffic was fixed, it was difficult to dynamically adjust the throughput per direction depending on need.

TDD enables both downstream and upstream to use the same frequency band, which allows G.fast to make throughput adjustments flexibly for both directions. The benefit of using TDD for G.fast is huge for service providers who have more flexibility to design different classes of service offerings on the same link.

G.fast Deployment

DSL, by design, is vulnerable to attenuation occurring on copper wires, which means that throughput varies depending on the distance from the CPE to DSLAM. G.fast is no exception to attenuation. Though it is able to reach 1Gbps in theory, in a very short loop length, it is impossible to maintain such short loop length in an actual deployment. Different studies would show different throughput results over distance, but the throughput range between the distance of 200 to 400 meters falls between 500 Mbps to 200 Mbps. For this reason, current G.fast deployments in the UK and Switzerland are designed for the distance between 200 – 300 meters with a target throughput between 200 Mbps to 500 Mbps. With the introduction of 212 MHz in the future, the serviceable areas with G.fast will be extended with higher levels of throughput.

Cisco’s Solution

Cisco never shied away from accommodating new changes in the market and meeting the most challenging demands from the customers. Cisco’s flagship product family, the Integrated Services Router Series, has evolved ever since its inception to stay competitive and relevant in the market by adding new routers with the latest innovations.

Cisco introduced the ISR 1000 Series routers in late 2017. It was the latest addition to the Integrated Services Routers family. The routers perform at an unmatched level to meet today’s growing demand for high throughput while offering a diverse set of WAN connectivity options including LTE Advanced, VDSL, Ethernet and Fiber.

In July 2018, G.fast was added to the list of supported WAN options on the 8 LAN port ISR 1000 Series routers with the creation of new models: C1112 and C1113. G.fast on the C1112 and C1113 will be supported over both POTS and ISDN to serve a wider list of countries. In addition to G.fast, both models will support ADSL and VDSL, including Profile 35b, to provide customers with flexible DSL deployment options. As early as November 2018, C1112 and C1113 will also be integrated with Cisco SD-WAN.

C1112 and C1113 are the only enterprise-grade routers in the market to provide secure and reliable connection with the ability to provide the high bandwidth required by today’s G.fast deployments. Both routers will not only enable customers to expand their service offerings with G.fast, but help them to protect their investment in the existing infrastructure.

Continue reading

Introducing a New Era in Branch Routing

Why the ISR 1000 Series is a Really Big Deal.

Today Cisco is introducing a new addition to the Integrated Services Router (ISR) portfolio of branch routers. The ISR 1000 Series follows the new sleek design popping up across Cisco platforms, so it looks sexy, but that’s not why it’s so important. What’s so remarkable about the ISR 1000 Series is that for the first time it brings an architecture normally reserved for higher-end networking platforms down to a place accessible to branch offices of just about any size. Let me explain.

Continue reading