Technology Overview

: Guy C. Fedorkow has been with Cisco Systems since January 1995. While at Cisco, Mr. Fedorkow has served as system architect for a number of programs, including the LS2020 multiservice ATM switch and the Cisco 10000 Edge Services Router.
: Prior to joining Cisco, Mr. Fedorkow developed communications and high-throughput parallel computer architectures at Bolt, Beranek and Newman. Mr. Fedorkow received his BASc and MASc in Engineering Sciences at the University of Toronto.

In response to the rapid and extensive growth of Internet traffic, Internet service providers (ISPs) are experiencing constant demands for expanded services and network features. The Internet's explosive growth is driving requirements for higher quality, faster connectivity, and more software features for an ever-growing number of customers.

The Cisco 10000 Edge Services Router (ESR) was designed specifically to meet these requirements. This router is optimized to provide services at the "edge," where network subscribers attach to the ISP network.

The Cisco 10000 has many capabilities that make it a perfect fit for this unique position in an ISP's network. The key features are

1. Scalability and high bandwidth to meet increased customer demand for data, voice, and video transmission

2. Advanced security and reliability features to ensure continued uptime in the face of routine failures and increasingly sophisticated network attackers

3. High port density to meet the continued growth in the number of customers

4. Advanced high-touch features such as quality of service (QoS) to support new ISP business models

Note High-touch features are those that enable the router, through packet header manipulation, to offer services beyond high-speed packet forwarding. They provide value-added features in security, virtual networking, and other areas.

5. Performance-optimized forwarding engine incorporating parallel processing to handle high volume traffic aggregation

This chapter has three main sections:

"Structure of an ISP Network" describes the network environment into which the Cisco 10000 fits and discusses some of the key features required of an edge services router.
"A Router Specialized for Aggregation" describes the hardware and software features of the Cisco 10000 ESR.
"Cisco 10000 Technology" discusses some of the innovative technologies that enable the Cisco 10000 ESR to achieve these goals in a cost-effective and efficient platform.

Structure of an ISP Network

Physically, the Internet is composed of routers interconnected by links. Simple networks are built from a few general purpose routers interconnected by links owned or leased by ISPs.

As the networks become more complex, with greater numbers of elements, more structure is required. Elements become specialized in their applications, management and security become more important, physical location is a consideration, and the capability to handle higher densities of customers is critical.

In a complex network, structure can be imposed on routers by assigning specific jobs to particular routers. A common approach for ISP networks is to divide assignments among routers in the following way:

Access routers provide individual subscribers with access to the network. They tend to focus more on large numbers of relatively low-speed ports connecting to subscribers.
Backbone routers provide Internet backbone transport. Here the emphasis is on achieving the highest possible forwarding rates on the fastest available interfaces.

Figure 1-1 illustrates this router specialization scheme in a typical ISP network.

Figure 1-1: A Typical ISP Network

Most ISPs also impose physical structure on their networks by organizing them into points of presence (POPs). A POP is a physical location where a set of access and backbone routers is located. An ISP network usually consists of a number of POPs.

Figure 1-2 shows how the ISP network in the preceding figure might be physically structured at various POPs.

Figure 1-2: ISP POPs

Characteristics of Access and Backbone Routers

Although real networks are always more complicated than theoretical architectures, it is possible to make general distinctions between the two router types. Table 1-1 summarizes the principal differences between backbone and access routers.

Table 1-1: Access Router versus Backbone Router

Variable Backbone Router Access Router

Packet-per-second throughput

Extremely high

High

Packet processing feature set

Minimal, focused on fast forwarding

High-touch value-added features

Interface types

Modest number of very high-speed interfaces

Large number of relatively low-speed interfaces

Traffic patterns

Any interface to any interface

Predominantly subscriber-to-trunk and trunk-to-subscriber (also called "north south")

Variable	Backbone Router	Access Router
Packet-per-second throughput	Extremely high	High
Packet processing feature set	Minimal, focused on fast forwarding	High-touch value-added features
Interface types	Modest number of very high-speed interfaces	Large number of relatively low-speed interfaces
Traffic patterns	Any interface to any interface	Predominantly subscriber-to-trunk and trunk-to-subscriber (also called "north south")

The differences listed in this table are not absolute, and it often happens that a particular router can fulfill either role. However, as Internet traffic continues to grow, the demands for access routers to handle increased density and backbone routers to handle greater throughput become more important. These requirements can be met most efficiently with platforms designed for the specific application.

The Aggregation Router

The Cisco 10000 was designed specifically for use as an aggregation router. An aggregation router is an access router that aggregates large numbers of leased lines from ISP customers into a few trunk lines for entry onto the Internet backbone.

POP Design

An ISP can simplify network design and maintenance by using a "cookie cutter" design for its POPs. In this approach, all POPs have a similar structure, with variations for the size or specific needs of each site. A typical POP design is shown in Figure 1-3. (Keep in mind, however, that there are as many POP designs as there are ISPs.)

Figure 1-3: Typical POP Design

This design has a number of desirable characteristics:

Backbone and access routers are separate, so that backbone router configuration can be kept relatively stable over time. Backbone routers are not affected when individual customers are added to or removed from access routers, or when individual customers add or remove value-added services.
Two backbone routers are used in each POP to enhance network availability.
Access routers are equipped with redundant trunk connections, again allowing enhanced network availability.
Access routers can be added as new subscribers are brought onto the network.

The Cisco 10000 is flexible enough to serve as an access router in a variety of POP architectures.

The Drive for Density

A significant factor for an access router is the drive for increased density, that is, an increase in the number of subscriber ports that can be terminated on a single router. Increased density has a number of advantages for the ISP:

Floor space in a POP can be very expensive. Real estate costs are lowered by simply reducing the number of racks required to terminate a large number of customer connections.
Network management is simplified by deploying a smaller number of larger routers. Fewer individual routers to configure, manage, and monitor results in a more efficient operation.
Larger numbers of interfaces on the access router improve the statistical performance of a network. Packet networks are usually designed to take advantage of statistical multiplexing, capitalizing on the fact that not all links are busy all of the time. The use of larger numbers of interfaces reduces the chances that a fluke burst of traffic from many sources at once will cause temporary network congestion.

: The appropriate degree of statistical multiplexing is not a "one size fits all" proposition. ISPs have different views on the trade-off between a network that is rich in bandwidth resources and does not rely on multiplexing, versus one that uses a lower-cost infrastructure but risks occasional congestion. For this reason, the Cisco 10000 can be configured with different combinations of interface cards for a wide range of multiplexing ratios.

About Leased Lines---the Last Mile

The access router serves as the ISP's front line, connecting directly to routers on its customers' premises. However, there is usually a complex circuit-switched infrastructure that transports the leased line signal the "last mile" between the customer premises and the ISP POP.

There are many ways of constructing the last-mile network; one common technique for new installations is based on metropolitan-area fiber-optic ring technology. Figure 1-4 shows a simple network that transports 1.544-Mbps DS1 and 44.736-Mbps DS3 signals from a subscriber site, across a fiber-optic ring, to an ISP POP.

Figure 1-4: SONET Metropolitan-Area Transport Network

Most new fiber-optic networks are based on Synchronous Optical Network (SONET) standards in North America or Synchronous Digital Hierarchy (SDH) standards in much of the rest of the world. SONET/SDH technology is important in transport networks that provide leased line connectivity to subscriber routers. This is so for two reasons:

The high capacity of fiber-optic cables provides a critical advantage in simply reducing the mass of copper wiring that would otherwise have to be deployed.
SONET/SDH also provides a high-density, industry-wide standard interface between network transport equipment and the equipment that uses the transported signals, such as aggregation routers.

Through the use of channelized SONET/SDH interfaces, the Cisco 10000 provides industry-leading density for terminating DS1 and DS3 connections. A single Cisco 10000 line card can terminate hundreds of DS1 circuits, carried on a single fiber. As a result, unlike POPs designed prior to the introduction of standard channelized interfaces, today's POPs do not need numerous racks of data service units (DSUs).

A Router Specialized for Aggregation

The Cisco 10000 is specifically designed for use in aggregation applications. To fit into this application, the product offers a number of key features:

Compliance with Network Equipment Building Systems (NEBS) standards to make it suitable for central office deployment
High interface density to minimize rack space requirements
High port count for subscriber connections to minimize the number of routers that must be monitored and configured
High-touch features such as extended access lists and QoS classification for value-added services
Redundant components for high availability
Optimized performance, including parallel processing, to provide fast throughput despite additional packet analyses required for intelligent services offerings

The remainder of this section discusses the Cisco 10000 and some of the features that provide industry-leading capabilities for leased line aggregation.

The Hardware View

The Cisco 10000 is a chassis-based product that meets all requirements for deployment in central office environments. The product has several major units:

A NEBS-compliant chassis equipped with redundant cooling and power management.
An engine card called the performance routing engine (PRE) that provides packet forwarding and routing services. A second PRE can be added for redundancy.
Eight slots that can be filled with line cards of various types.

Figure 1-5 shows the layout of components in the Cisco 10000 chassis, along with some key specifications for the product.

Figure 1-5: Cisco 10000 Chassis Layout

Central Office Features

Several features make the Cisco 10000 particularly well suited to central office installations:

The chassis complies with recommendations contained in Telcordia's NEBS generic requirements. Products that pass NEBS testing can be deployed safely and efficiently in a central office environment.
The chassis adheres to the 12-inch depth form-factor commonly used by central office transmission equipment. Adherence to this form-factor provides additional flexibility for placement of the product in existing central offices.
Both 48V DC and 110/220V AC power options are provided, ensuring that the Cisco 10000 can be powered by existing central office power facilities.
The 21.75-inch chassis height makes it possible to fit three Cisco 10000 routers into a standard 7-foot rack.
In an environment that uses racks with a 30-inch depth, Cisco 10000 routers can be places in both the front and rear of the rack. This makes it possible to fit six Cisco 10000 routers on a standard 7-foot rack.

Interface Types

Deployment at the edge of the network requires several specialized interfaces. Theoretically, any of these interfaces could be used for connections on either the subscriber side or the Internet backbone side. However, in typical installations, different interface types are used for these two application areas.

For subscriber-side connections, the initial deployment of the Cisco 10000 includes

Six-port channelized DS3 line cards
Single-port channelized OC-12 line cards

Both of the subscriber-side interface cards support full-rate (unchannelized) DS3, as well as channelization to DS1 (1.544 Mbps) and NxDS0 (Nx64 kbps). The interfaces also support "subrate" DS3, in which the rate of data transfer across a DS3 can be reduced to limit peak access rate. Subrate modes are included to interoperate with Cisco port adapters such as the PA-T3 and PA-2T3, and with customer premises DSUs from Quick Eagle Networks, Inc. (formerly Digital Link Corporation), Larscom Incorporated, ADC Telecommunications, Inc. (formerly ADC Kentrox), Verilink Corporation, and ADTRAN, Inc.

Connections to the backbone network can be made with several additional interface cards:

Single-port STS-12c (unchannelized OC-12) packet over SONET line card
Single-port gigabit Ethernet line card

Subsequent releases of the platform will include OC-12 ATM interface cards, plus new SDH line cards, designed for use outside of North America.

Density Summary

In a typical application, the Cisco 10000 would be configured with two cards connecting to the network backbone and six subscriber cards. Channelized DS3 or channelized OC-12 yields the overall densities shown in Table 1-2.

Table 1-2: Overall Density for Line Cards

Subscriber Interface Card Type DS1 Density (Sessions)

Per Chassis Per Rack (12-inch depth) Per Rack (30-inch depth)

Six-port channelized DS3 card

1008

3024

6048

Channelized OC-12 card

2016

6048

12096

Subscriber Interface Card Type	DS1 Density (Sessions)
Per Chassis	Per Rack (12-inch depth)	Per Rack (30-inch depth)
Six-port channelized DS3 card	1008	3024	6048
Channelized OC-12 card	2016	6048	12096

High-Touch Feature Set

In its role as a gateway to an ISP network, the Cisco 10000 is uniquely positioned to protect the network and also to offer new, value-added features to ISP customers. This section summarizes some of the situations in which advanced router features are critical to ISP networks in today's evolving Internet market.

Underlying the Cisco 10000 feature set is the Cisco IOS software. This system software supports standard routing protocols and network configuration and monitoring. It also offers support for a variety of network interfaces.

Some areas that have received special attention in the development of the Cisco 10000 include

Value-added services, such as MPLS-based virtual private networks (VPNs), quality of service (QoS) differentiation, and advanced multicast support
Flexible access rate mechanisms, such as Multilink PPP and DS3 subrate
Network security features such as extended access lists and reverse path forwarding checks

Virtual Private Networks

Internet access is one important networking application for many ISPs, but it is not the only one. Many ISP customers also want the ability to build private networks, in which they have paths among geographically diverse sites, with carefully limited access to the Internet. Private networks allow enhanced security, by limiting access to the Internet to a few protected locations in an enterprise network.

In the past, private networks have been built by enterprise information technology departments either by leasing dedicated circuits between sites, or by the use of a virtual circuit technology such as Frame Relay or ATM. In each case, the enterprise operating the private network incurred substantial expense building and maintaining the network. ISPs often had to build several wide-area networks, one for Internet traffic, another for Frame Relay, and a third for ATM.

An ISP can reduce network costs by moving all of this traffic onto one common network and then creating VPNs, built on top of a common Internet backbone. This allows the ISP to maintain one network instead of several and also makes it economical for the ISP to offer a total private network package to businesses that want to outsource management of their corporate wide-area network.

There are several techniques and technologies available for creating IP-based virtual private networks (IP VPNs). Two emerging technologies, Multiprotocol Label Switching (MPLS) and IPsec tunneling, are the leading choices for IP VPNs for service providers. The Cisco 10000 supports MPLS VPNs natively in the box and IPsec VPNs through use of the Cisco 5002 and 5008 platforms as external IPsec appliances.

With MPLS, the VPN is encoded in the MPLS label applied to each incoming packet by the provider's edge router (such as the Cisco 10000). Once labeled, packets can be forwarded across an ISP network by means of forwarding rules specific to that particular label. This allows for the creation of multiple virtual networks on one network infrastructure. Forwarding rules associated with the labels on packets prevent the packets from being forwarded outside the bounds of the virtual network. These rules can also allow packets to be forwarded between the virtual network and the Internet at large under controlled circumstances. Figure 1-6 shows a simple application of MPLS to provide two VPNs.

Figure 1-6: MPLS VPNs

In Figure 1-6 the following events take place:

The enterprise router at headquarters (Enterprise A) sends normal IP packets destined for a remote site in the corporate network (1).
An ISP access router tags packets from Enterprise A with a special label (2).
Each packet is carried across the ISP backbone with a label indicating that the packet should be routed on the Enterprise A virtual network (3).
At the egress from the ISP network, the label is removed and each original packet is forwarded to the Enterprise A sales office (4).

Each Cisco 10000 can support over 1000 distinct VPNs, allowing ISPs to plan for large-scale deployments.

Quality of Service Features

The traditional Internet access model is based on a "one size fits all" approach, where all packets in the network are treated equally. As network connectivity becomes a more critical resource for companies, ISPs are responding by offering value-added services that yield different degrees of access to network services.

For example, many ISPs are beginning to offer

Business class data service (differentiated from economy class)
Voice over IP services

Business Class Data Service

In the Internet today, all packets are treated equally, whether they belong to a consumer paying low monthly rates and downloading the latest MP3 music files, or a large corporation transferring a business-to-business e-commerce order for a thousand custom-manufactured industrial engines. When network congestion happens, packets can be delayed or lost without regard to who sent them, how much traffic they are sending, or how much the owners of the data are willing to pay for reliable transport.

ISPs who employ quality of service (QoS) differentiation can provide value-added services ensuring that more important traffic has an improved chance of reaching its destination, no matter how much congestion is being caused by less important traffic.

The Cisco 10000 offers several features that allow ISPs to offer QoS differentiation. These features include

Flexible packet classification using access lists, IP type of service (IP ToS), differentiated services code point (DSCP), and several other keying techniques
Packet marking, allowing the IP ToS or DSCP to be updated by the aggregation router
Weighted random early detection (WRED), to allow certain packets to enjoy a lower loss probability at congested routers
Class-based queuing, to give guaranteed bandwidth to certain classes of traffic

Voice-over-IP Services

A second important application that requires special QoS treatment is the transport of real-time packet data, particularly traffic associated with packet telephony or voice over IP (VoIP).

Successful deployment of a VoIP service requires careful attention to latency through the network, given that small variations in delay caused by network congestion can annoy listeners and can cause high error rates in fax and modem traffic.

The following Cisco 10000 features enable ISPs to offer controlled-latency services:

Priority queuing mechanisms allow some classes of traffic to be configured for the lowest possible latency in spite of network congestion.
Careful design throughout the Cisco 10000 ensures that latency-sensitive packets cannot get held up in queues behind long backlogs of latency-insensitive traffic.

Access Rate Control

As network bandwidths increase, more and more leased line users are moving from Nx64 kbps circuits to DS1 (1.544-Mbps) circuits, and from DS1 to DS3 (44.736-Mbps) circuits, with some subscribers going to direct optical connections at OC-3 (155 Mbps) or faster rates.

For subscribers who are starting to outgrow a single 1.544-Mbps DS1 circuit, this poses a problem: It's a big jump from DS1 at 1.544 Mbps to DS3 at 44.736 Mbps!

The Cisco 10000 offers two features to help bridge this gap:

High-Performance Multilink PPP
Subrate DS3

High-Performance Multilink PPP

Progressing from one DS1 to several DS1s can be accomplished through the use of the high-performance Multilink PPP feature on the Cisco 10000. This industry-standard protocol (Internet Engineering Task Force RFC 1990) uses special packet headers and procedures to distribute a single stream of packets onto several parallel links and put the stream back together at the receiving end.

The Cisco 10000 implementation allows up to ten DS1 links to be combined into a parallel path that is up to ten times faster than a single DS1. Multilink PPP is implemented in the Cisco 10000 with special microcode in the parallel express forwarding (PXF) network processor (see the "Forwarding Path" section) for high performance and scalability in the central office aggregation application. To terminate MLP connections at the customer premises, CPE routers must be configured with MLP support.

Figure 1-7: Multilink PPP Application

Subrate DS3

Multilink PPP operates by combining several DS1 circuits to get a rate that is between the rates for DS1 and DS3. A second way to get to an intermediate rate is to start with a DS3 and slow it down.

Although the rate at which bits are clocked across a DS3 is fixed at 44.736 Mbps, vendors of data service units (DSUs) have created various hardware mechanisms to limit the rate of user traffic that can be sent across a DS3. These rate-limiting mechanisms allow ISPs to offer graded rates of access to their networks, along with a flexible pricing structure. These mechanisms are typically simple and reliable, although special hardware is required on both ends of the DS3 link.

The Cisco 10000 line cards can provide subrate DS3 support compatible with PA-T3 and PA-2T3 port adapters on the Cisco 7200 and 7500 series, and also with products from several popular DS3 DSU vendors. Each unchannelized DS3 attached to the Cisco 10000 can be configured for rates ranging from 1 Mbps up to the full rate of the DS3, 44.736 Mbps.

Subrate DS3 provides an additional benefit in flexibility. Once the DS3 circuit is installed, ISPs can upgrade customer access rates with a simple software reconfiguration of the line cards at each end of the link. Figure 1-8 shows how a subrate DS3 configuration can be set up.

Figure 1-8: Subrate DS3 Configurations

Network Security

ISPs are putting increased emphasis on network security, because they want to defend their networks and their customers' computers from sophisticated denial of service attacks. Many standard security features can be implemented on the Cisco 10000 through use of Cisco IOS Release 12.0S commands. These security features include

Password encryption
Authentication, authorization, and accounting (AAA) support
Router authentication
Kerberos authentication and client support on Telnet

Some additional special measures are implemented in the Cisco 10000 to resist denial of service attacks. These are discussed in the following sections.

Access Lists

The Cisco 10000 implements high-performance access lists (standard and extended), allowing providers to specify exactly which traffic can be forwarded through the router. A new algorithm called turbo ACL is used in the Cisco 10000. This algorithm provides an improved evaluation rate for any size of access list; large lists can be processed with a minimum throughput penalty.

Reverse Path Forwarding Check

Many common denial of service attacks involve forged IP source addresses. The packets appear to be coming from a source that either does not exist or exists at some other point in the network. By using forged source addresses, attackers are better able to hide the attacking machines' identities, making it more challenging to find the culprits.

The Cisco 10000 implements a feature called reverse path forwarding (RPF) check, which can be used with both unicast and multicast traffic. This feature checks all packets forwarded through the router to ensure that each one has a plausible source address. The RPF check supplements the usual verifications performed on the destination address and other fields in the IP header.

The RPF feature does not affect the packet forwarding rate through the Cisco 10000. Hence, network administrators will not be forced to disable it to improve throughput, which is sometimes necessary when a security check impairs performance.

Fast-Path Internet Control Message Protocol

Most denial of service attacks are directed against host computers or web servers and use routers as a means of accessing the target. However, attacks can also be launched against the router itself through operations that are not normally optimized for throughput. The resultant flooding can consume large amounts of router memory or processor cycles.

Internet Control Message Protocol (ICMP) is the network layer Internet protocol (documented in RFC 792) that reports errors and provides other information relevant to IP packet processing. The Cisco 10000 implements many of the normal ICMP response functions in the high-speed forwarding path, to ensure that floods of ping packets or other ICMP messages cannot preempt more important router functions.

In addition, messages that are sent from the high-speed forwarding path to the router's internal processor are categorized by priority. This helps ensure that the router cannot become so busy responding to an overload of unimportant traffic that it neglects essential packets, such as keep-alives and route updates, that keep the network itself operating.

High Availability

Availability corresponds to the probability that a network or network element will function properly at a given moment. From the outset, achieving high availability has been a critical design goal for the Cisco 10000.

Cisco 10000 availability has been increased in the following ways:

More highly integrated designs reduce the number of electronic components and attendant connections that can fail.

Redundant elements allow a system to continue operations in spite of component failures.
Software can detect and correct failures with decreased latency and increased accuracy.

The Cisco 10000 incorporates several mechanisms to reduce its downtime:

The chassis infrastructure provides redundant cooling and power distribution, accommodating failure of internal power supplies, external power sources, or mechanical air-movers, with no disruption to the operation of the box.

The principal data paths on the backplane are implemented with point-to-point wiring between line cards and the routing engine, preventing failures on one line card from interrupting traffic on other line cards. This approach also reduces problems caused by adding or removing cards during operation.
The chassis is configured so that a second PRE can be added for redundancy, allowing a backup for the element that provides the packet processing and forwarding capabilities for the product.
Line cards and external links can be protected through the use of the SONET automatic protection switching mechanism (also known as 1+1 APS). APS uses redundant pairs of cards and external fiber connections to protect against failures of either the line cards or the fiber links.

Cisco 10000 Technology

This section describes some aspects of the advanced technology used in the Cisco 10000 to make it a highly available, scalable, aggregation router that delivers high throughput and high-touch software services.

What's Inside---Cisco 10000 Block Diagram

The Cisco 10000 is partitioned internally into two major blocks:

Line cards, which are optimized for terminating large numbers of subscriber circuits and for handling physical layer conversions unique to each kind of interface
The performance routing engine (PRE), which is responsible for performing feature processing on each packet forwarded through the router

Line cards are linked to the PRE across the Cisco 10000 backplane by means of a unique point-to-point interconnect system. Figure 1-9 shows the internal arrangement of components in the Cisco 10000.

Figure 1-9: Cisco 10000 Top-Level Block Diagram

A Backplane that Accommodates Expansion

The design of the backplane that interconnects circuit boards in a router is critical to longevity of the product and the degree of investment protection that can be provided over the lifetime of the device. The Cisco 10000 backplane was designed with future growth in mind.

Many communications devices are based on a shared system bus, to which all circuit cards are attached. Systems based on PCI or similar bus standards are relatively straightforward to design with off-the-shelf components. However, the shared-bus approach has several limiting characteristics for the leased line aggregation application:

Limited throughput---A shared bus presents a very challenging electrical environment for achieving maximum throughput. Buses with many loads often suffer electrical reflections and signal degradation that cannot be corrected by improved semiconductor technology.

Availability---Shared buses can present a challenge for highly available designs, in that a component failure on any interface card can disrupt operation of all traffic on the shared bus. This can be addressed by the use of redundant buses, but only at a relatively high cost.
Online insertion and removal---Shared buses also present a challenging environment for nondisruptive insertion and removal of cards. Extremely careful design is required to allow a new card to be attached to a high-speed bus with no service disruption.

The Cisco 10000 eliminates shared buses. The shared bus is replaced by a Cisco-developed line card interconnect that uses point-to-point links between each line card and the PRE. Each line card has its own private path to the PRE, and no backplane resources relating to packet forwarding are shared between line cards.

This plan counters the difficulties of the shared-bus approach in the following ways:

High bandwidth---Point-to-point links, in which each backplane signal has only one driver and one receiver, provide a very clean electrical environment. Throughput is limited more by semiconductor technology than by backplane physics. This provides high bandwidth at product introduction and the possibility for increasing bandwidth in the future as silicon technology improves.

Fault isolation---Point-to-point links provide excellent fault isolation. Each signal has only one driver and one receiver, so no line card failure can disrupt traffic from other line cards.

The Cisco 10000 backplane supports full PRE redundancy by providing links from each line card to each of the two possible PREs (see Figure 1-10). With these point-to-point links duplicated, failures of backplane interface circuitry cannot disable another line card or the other PRE.

Figure 1-10: Cisco 10000 Packet-Forwarding Backplane Wiring Connectivity

The point-to-point backplane technology also provides scalable bandwidth. Bus modes are defined that allow lower-cost implementations with as little as 800 Mbps in each direction between line card and PRE. Line cards that take advantage of all backplane connectivity with current silicon technology can achieve 3.2 Gbps in each direction across the backplane. Future improvements in silicon technology will allow Cisco to take advantage of the clean electrical environment to boost backplane throughput even more.

Line Cards

Line cards link the PRE to the outside world over various kinds of copper or fiber physical interfaces. All of the line cards used in the Cisco 10000 follow the same pattern, providing these basic services:

Termination of the physical interface and delineation of packet boundaries
Restructuring interface-specific packet formats into a generic packet encapsulation used across the backplane links
Management of physical interface functions, such as monitoring alarms for SONET/SDH, and maintaining statistics required by the T1 facility data link (FDL)

Figure 1-11 shows a block diagram of a channelized line card.

Figure 1-11: Cisco 10000 Optical Interface Line Card

Within the Cisco 10000, the PRE executes most of the intensive packet processing tasks. This frees the line cards for other tasks---providing the highest possible interface density, supplying the unique circuitry required for each physical interface type, and handling interface-specific functions that require low-latency response such as alarms, FDL, and SONET APS.

Performance Routing Engine

The performance routing engine (PRE) is responsible for all of the Cisco 10000 Layer 3 functionality. The PRE consists of two elements (see Figure 1-12):

The forwarding path (FP), which executes packet forwarding algorithms on every packet flowing through the router
The route processor (RP), which runs routing protocols, does route update calculations and handles other control plane functions such as the SNMP agent and command line interface (CLI).

Figure 1-12: Performance Routing Engine

The two PRE elements have complementary functions:

The FP executes relatively simple algorithms on every packet at the highest speeds, to provide high overall throughput.
The RP executes the complicated control plane algorithms required for initialization and management of the forwarding path.

Allocating these two classes of functions to separate processing paths yields the best possible balance between packet throughput and feature set flexibility.

Forwarding Path

The Cisco 10000 forwarding path comprises a unique blend of hardware and microcoded processors that yields high forwarding rates with considerable flexibility for future growth in packet processing features.

The forwarding path is centered around a pair of Cisco-designed multiprocessor ASICs called parallel express forwarding (PXF) network processors. Each PXF network processor provides a packet processing pipeline consisting of 16 microcoded processors, arranged as multiple pipelines.

Each of the 16 processors in a PXF network processor is an independent, high-performance processor, customized for packet processing. Each processor, called an eXpress Micro Controller (XMC), provides a sophisticated dual-instruction-issue execution unit, with a variety of special instructions designed to execute packet processing tasks efficiently.

In addition to processing packets, eXpress Micro Controllers have access to various on-chip resources such as register files and timers. They also have shared access to very large off-chip memories for storing state information, such as routing tables and packet queues.

Within a single PXF network processor, the 16 eXpress Micro Controllers are linked together in four parallel pipelines. Each pipeline comprises four microcontrollers arranged as a systolic array, where each processor can efficiently pass its results to its neighboring downstream processor. Four parallel pipelines are used, further increasing throughput.

Within the Cisco 10000, two PXF network processor ASICs are used, yielding four parallel processing pipelines, each containing eight processors in a row (see Figure 1-13).

Figure 1-13: Cisco 10000 ESR Forwarding Path Processor Array

In the array of processors shown in Figure 1-13, hardware, microcode, and IOS software resources are combined to provide advanced, high-touch feature processing on the Cisco 10000. The exact allocation of features to microcontrollers in the processor pipeline is completely flexible and will continue to change as new features are added in future product releases. However, Figure 1-14 shows how some of the features could be partitioned among the eight stages in the PXF engine.

Figure 1-14: Feature Allocation in the Cisco 10000 Forwarding Path Processor Array

The PXF network processor architecture allows all 32 independent processors to work efficiently on per-packet feature processing, yielding high throughput while still allowing substantial feature processing. By centralizing packet processing in the PRE, the Cisco 10000 ESR architecture frees up space on line cards, enabling high interface density, yet retaining the compact NEBS transmission equipment form factor.

Route Processor

The second component of the PRE is a high-speed, conventional microprocessor, known as the route processor (RP). This processor has several special interfaces to the forwarding path:

A high-speed direct memory access (DMA) channel is provided to send packets back and forth between the FP and the RP. Packets such as route updates that are not processed by the FP are sent via this link to the RP. Similarly, the RP sends packets by passing them to the FP for transmission to line cards.
The RP also has memory-mapped access to all of the state information used by the eXpress Micro Controllers (XMCs). The RP is responsible for configuring the tables and lists used by the XMCs.

The RP also includes such standard IOS facilities as Flash memory, NVRAM for storing configuration files, and Ethernet connections for network management. This familiar environment makes possible a simple transition from existing IOS-based routers to the new Cisco 10000 platform.

Technology Summary

The Cisco 10000 ESR contains many elements of new technology, each one focused on meeting a specific challenge being posed by the rapid development of the Internet. Table 1-3 summarizes some of the technology developed for the Cisco 10000 and relates these technology developments to specific issues of concern to growing ISPs.

Table 1-3: Cisco 10000 Technology Summary

Requirement Technology

Bandwidth scalability

High-speed backplane interconnect allows for future bandwidth scaling without any need for chassis modification.

Availability

Numerous enhancements, including redundant PREs, point-to-point backplane links, SONET APS, and advanced software recovery, provide increased platform and network availability.

Feature flexibility

Microcoded packet forwarding path allows evolution of packet processing features without hardware replacement.

IOS compatibility

The IOS route processor provides a rich feature set consistent with existing IOS platforms.

Platform throughput

Microcode and hardware-assisted forwarding provide high throughput with a centralized forwarding engine.

Interface density

The centralized forwarding engine allows high interface density in a platform that adheres to a compact NEBS form factor.

Requirement	Technology
Bandwidth scalability	High-speed backplane interconnect allows for future bandwidth scaling without any need for chassis modification.
Availability	Numerous enhancements, including redundant PREs, point-to-point backplane links, SONET APS, and advanced software recovery, provide increased platform and network availability.
Feature flexibility	Microcoded packet forwarding path allows evolution of packet processing features without hardware replacement.
IOS compatibility	The IOS route processor provides a rich feature set consistent with existing IOS platforms.
Platform throughput	Microcode and hardware-assisted forwarding provide high throughput with a centralized forwarding engine.
Interface density	The centralized forwarding engine allows high interface density in a platform that adheres to a compact NEBS form factor.

Conclusion

The Cisco 10000 is an advanced Layer 3 aggregation router that meets the needs of today's ISPs, but also provides the flexibility to satisfy future requirements. It can aggregate thousands of leased line connections, contribute processor-intensive IP software services, and still satisfy the performance and availability requirements of today's Internet market.

The Cisco 10000 offers the following advantages to an ISP:

Compliance with central office requirements
Conservation of POP space
Redundancy and hot-swapping features
Scalability and line card flexibility
Cost effective software-based upgrades that do not require new hardware purchases
A flexible Layer 3 feature set that facilitates the delivery of new network services
High-density subscriber termination

To ISP customers, the Cisco 10000 offers the following advantages:

High availability and performance
Differentiated services
Quality of service differentiation for newly evolving applications such as VoIP, video transmission, and virtual private networks (VPNs)

To ISPs and their customers, the Cisco 10000 ESR offers reliability, availability, and the capacity to handle future growth. It arises from and contributes to the synergy among developers, providers, and users that is requisite in today's telecommunications market.

Table of Contents

Technology Overview