Cisco 1100 Series Integrated

Services Router
Product Overview and architecture

Stefan Mansson
Sr. TME, Enterprise Routing, Cisco Systems

BRKARC-2005
Cisco Webex Teams

Questions?
Use Cisco Webex Teams to chat
with the speaker after the session

How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
 Stefan Mansson
Sr. Technical Marketing Engineer - SDWAN & Branch Routing

1985 2020

35 years in Network Business

30 years with Cisco Branch Routers and Routing Solutions

• 10 years as Cisco consultant @ Swedish Gold Partner

• 20 years @ Cisco, based in 5 countries

CCIE # 3516 22 years since -98

CCSI # 20145 Cisco Instructor 23 years since -97

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda
• Introduction
• ISR 1100 Portfolio Overview
• ISR 1100 Platform Architecture
• ISR 1100 SDWAN
• ISR 1100 – SDWAN Use Cases
• New ISR 1100 with Viptela OS
• SDWAN Security – ISR 1100 Capabilities

• Basic Troubleshooting & Monitoring

• Key Takeaways
• Q&A

For your refererence - Might or might not be elaborated on

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
 BRKRST-2791
Building and using Policies with Cisco SD-
BRKRST-2377 WAN
08:00
SD-WAN Security 08:00 BRKRST-2560
Keynote 09:30
SD-Wan Machine Analytics, Machine
08:00
Learnings and IA

BRKCRS-1579 BRKRST-2096
SD-Wan Proof Of Concept
11:00
SD-WAN Powered by 11:00 BRKRST-2095 BRKRST-2093
Meraki SD-WAN Routing 16:00 Deploy, monitor and troubleshoot
11:00 BRKRST-2091
BRKRST-2041 Migration
BRKARC-2012 SD-WAN Datacenter and Branch 09:00
WAN Architecture 11:00 ENFV Architecture, Configuration and
11:00 Integration Design
troubleshooting
and Design Principal
BRKARC-2005 BRKRST-2559
BRKCRS-2110 ISR1100 Product 14:45 3 Steps to design SD-WAN On Prem
14:00
Overview & Architecture
Delivering Cisco Next 14:00 BRKRST-2097 BRKOPS-2826
gen SD-WAN with Conquer the Cloud with SD-WAN SD-WAN as Managed Services 11:00
14:45
Viptela BRKRST-2095
BRKRST-3404 SD-WAN Routing Migrations
16:45
BRKCRS-2113 How to choose the
correct branch device
16:00
Keynote 17:00
Cloud Ready WAN for 17:00 Cisco Live
IAAS and SAASA with Celebration
Cisco SD-WAN 18:30

SD-WAN
#CLEMEA
Breakouts
ISR 1100 Series
Overview
Traditional WAN, SDWAN,
Comprehensive Security,
Wired and Wireless Access…
…all in a single, high-performance
platform.
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Cisco 1100 Series Integrated Services Routers
Your Network Rack in a Box

High Performance Connectivity & WAN & Application Comprehensive

Advanced Mobility Assurance Security

Multi-core hardware Gigabit Ethernet WAN, DSL App aware FW, IPS, URL-F,
Centralized management
architecture (G.fast), AMP & TG, DNS/web-layer
and orchestration with
LTE Advanced Pro Cisco DNA Center and security on SD-WAN
Open and programmable
operating system IOS® XE vManage
Gigabit Ethernet LAN , Advanced threat defense
802.11ac wave2 with Zero touch with encryption at
Mobility Express deployment and high-performance
provisioning

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
ISR 890 vs ISR 1100

ISR 1100

LTE 10 Cisco
Advanced Wireless 802.11ac IPSec @ SD-
Pro PoE+ Domains Wave 2 480Mbps Quad Core 100 VLANs IOS XE SDWAN

LTE PoE 2 Wireless 802.11n IPSec @ Dual Core 25 VLANs IOS No

Domains 100Mbps Classic SDWAN

ISR 890

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
 For your refererence
ISR 890 versus ISR 1100
ISR 1100 is an extension to the ISR fixed router portfolio

Branch Needs Features ISR 890 ISR 1100 Benefits

Throughput 100 Mbps 1Gbps Up to 10 times performance increase

Separate data and Minimal performance impact as network services

control planes are added and throughput increases

Connectivity & Scale Next-gen WAN Faster connectivity with LTE Advanced
w/High Performance

Cisco IOS® XE Open Programmable operating system

Faster wireless access with 802.11ac Wave 2

Wireless
Supports Catalyst 9100 802.11ax APs in ME

Higher performance for encrypted traffic

Security VPN acceleration
Dedicated Crypto off-load

Costs & Business Ability to buy what you need today and upgrade
Pay-as-you-grow
Agility anytime with no equipment upgrades

• Boot Protections Trustworthy Systems

Cyber Threat
• Runtime Defenses Assurance and peace of mind with hardware and
Protection • H/W & S/W Security operating system integrity

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
ISR1100 Use case

Mobility
1000
Users

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Mobility Express – Enterprise Class WLAN for
Your Branch
Virtual WLAN ME controller in embedded access point
Mobility Express
Enables simple and fast initial setup
Less than 10 minutes.

Manages our full suite of Access Points

(Aironet 700, 1540, 1560, 1600, 1700, 1815, 1830, 1850, 2600, 2700,
2800, 3600, 3700, 3800, 4800 + Catalyst 9115, 9117, 9120 & 9130)

Controller supports 802.11ac Wave 2 & 802.11ax technology

Scales up 50 APs & 1000 clients Simple yet
sophisticated deployment
Supports WLAN controller features and High Availability Enterprise Class HA
with no price premium

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
 For your refererence
Wireless LAN Hardware Overview

4MB
• WLAN Module based on the Cisco Aironet 1815i 1GB 128MB
Boot
Memory Flash
Flash
• 1GB DRAM, 128MB Flash, 4MB Boot Flash
• 802.11ac Wave 2 Dual Radio (2.4GHz & 5GHz)
• 2x2, 2 SS MU-MIMO
2.4GHz
WLAN 5GHz
• Max throughput of 870Mbps PHY layer Module
• Internal antenna ME Controller
• Console access via the router console
1Gbps
• 1Gbps uplink to the host CPU
Switching Module

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
 For your refererence
Mobility Express Setup on PC
Step 1 Step 2 Step 3
1) Open a web browser, and
1) Power up the router access 1) Connect another AP in the
2) From PC, connect to SSID http://mobilityexpress.cisco/screens/day0- same L2 domain.
“CiscoAirProvision” config.html 2) The new AP will join the
3) Password is “password” 2) Go through the setup wizard Master AP as a subordinate
3) Confirm the setting, and AP.
Mobility Express Controller 3) Monitor and control
will reboot wirelessly by connecting to
the Master AP

Please follow the link for more details:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_cisco_mobility_express_8_8.html

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
 Concerned about
Threats to Your CPE?
(You should be)

ISR1100 will be your

Bastion

BRKRST-3404 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Trustworthy Systems in an Untrustworthy World
Attack 1 : IPSec decryption Malware (2011 – 2012, Only 2800 and 3800 routers )
Malware installing modified version of IOS file on the host system, Targeting the DH key exchange in IPsec.
Attacker able to easily decrypt IPsec tunnel data.

Solution : Signed Binary and Trust anchor

Attack 2: Accessing unencrypted credentials on NVRAM (ISR G1 and G2 )

1-Attacker steals operational device. 2-Analysing NVRAM content in lab (NVRAM content used to be stored in clear text )
3-Gaining access to usernames, passwords and crypto credentials 4-Putting rogue router back into network.
5-Full visibility to EVERYTHNING

Solution : Strong Encrypted Secure Storage

Attack 3: SYNful Knock Malware

Changed the image sitting in flash and installed it on the router. Then used TCP for command and control communication hence
named SYN(from TCP)ful attack. Reboot or image upgrade had no effect.

Solution : Only allowing signed image from trusted source.

Authentic hardware and Run-

Secure storage Secure passwords Secure and signed images
time defense

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
ISR Built-in Cyber Threat Defense

Boot integrity visibility – Protects against...

• Attacker compromises the code that is supposed to
protect against compromised code

Secure NVRAM Storage – Protects against...

• Attacker steals device - Uses forensic techniques to
read secrets & credentials from non-volatile RAM

Simplified Factory Reset

• Resets all writable file systems, licenses, ROMMON
variables, User credentials etc..

Secure Guest Shell

• Prevents Open Container hosted applications and their
users from manipulating underlying Linux system on
ISR4k & 1100
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
 ISR1100 Superior Security in One Box

Tools for Protecting Your Branch Assets

Umbrella Stealthwatch Advanced
Advanced URL
App Aware FW Snort IPS Branch Learning Malware
Filtering
(OpenDNS) Network Protection

Secure Hardware Trust Counterfeit Runtime Modern

OS Validation
Boot Anchor Protections Defenses Crypto

ISR1100 - Protecting what’s Protecting Your Branch Assets

All XE based ISR’s & ASR’s ship with built in Cyber Resiliency

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
 Next
Generation
DSL

WLAN
ISR1100 Innovation
Controller-less
Maximum
Throughput

Architecture & HW
Multicore CPU
Design

Overview
LTE
SD-WAN
Advanced
Ready
Pro

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
ISR 1100 Hardware Overview
Two major HW Variations
• C1100-4: 2 WAN + 4 LAN Ports
• C1100-8: 2 WAN + 8 LAN Ports
Quad Core CPU Architecture
• Dedicated cores for Data Plane and Control Plane
• A separate Crypto Engine for ciphering and hashing operation
PoE
• C1100-4P: 2 PoE or 1 PoE+
• C1100-8P: 4 PoE or 2 PoE+
Fanless
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Cisco ISR1100 Family
Architecture

Control Plane C1100

(2 cores)
4-Core SoC*
4GB DRAM IOS SVC WLAN AP

4GB Flash 1 Gbps Connection

Crypto
PPE I/O
Engine

WAN GE Phy Data Plane Ethernet

WAN GE Phy
(2 cores)
Linux Switch
PoE

• C1100-8P: 2.5 Gbps

VDSL LTE • C1100-4P: 1 Gbps
SoC Modem

* SoC – System on Chip Microcontroller

FPGA Includes some or all of the peripheral resources typically
used by a CPU in the same package as the actual CPU core

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
 For your refererence
C1100-8P
Ethernet + LTE + WLAN

LTE LTE
Antenna Antenna

GPS Console/
Antenna uSIM*2 Micro USB
8xGE LAN

KENSINGTON
SLOT

Micro USB
2xGE RJ45 SFP USB3.0 LTE Debug
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
 For your refererence
C1110-4P
Ethernet + DSL + LTE

LTE LTE
Antenna Antenna

GPS Console/
4xGE LAN Antenna uSIM*2 Micro USB

KENSINGTON
SLOT

Micro USB
1xGE RJ45 SFP USB3.0 LTE Debug DSL
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
C1101-4P

SKU Detail

C1101-4P Compact format

C1101-4PLTEP With pluggable LTE

C1101-4PLTEPWX With pluggable LTE and

embedded 802.11 ac WiFi

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
C1109 – Hardened Platform
LTE Antennas

Dual pluggable LTE

Modules SKU Detail
=
C1109-2PLTEXX Compact form factor, Embedded LTE
Active/Active LTE
Cat4 , temperature range 0-50C
C1109-4PLTE2P Dual LTE pluggable slots
Temp range -15-55C
C1109-4PLTE2PWX Dual pluggable LTE and embedded
802.11 ac WiFi, Temp range -15-55C
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
SD-WAN Ready, New, C1120 & C1160

Multi-core CPU Trustworthy Systems High IPSec performance

DSL

ADSL2/2+/VDSL/G.SHDSL Pluggable LTE Advanced 802.11ac WAVE2

Mobility Express

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
 For your refererence
ISR 1100 Portfolio
New!

C1161X-8P * C112xX-8P * C1111X-8P * C111x-4P C1101-4P C1109-4P C1109-2P

Crypto 480 Mbps 350 Mbps 250 Mbps 200 Mbps

Cisco
SD-WAN Yes

SD-WAN
Security
Yes No

CAT18/CAT6/ CAT18/CAT6/ CAT18/CAT6/ CAT18/CAT6/

LTE No CAT6 CAT4
CAT4 CAT4 CAT4 CAT4
Wi-Fi
No Yes No Yes No

DSL No Yes No Yes No

PoE Yes No

* 4GB DRAM/FLASH variants available – Supports only Ent. FW App aware, DNS/web-layer security on SD-WAN

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
How to read ISR1100 PIDs*
For your refererence

Supported Wireless DSL PIDs

Domains for C1121 *
Name of the Series
E Europe C1126 DSL Annex B&J

B North America 8 port Ethernet LAN C1127 DSL Annex A&M

Z Australia/Brazil
New Zealand C1128 G.SHDSL

Q Japan
C 1 1 2 1 X – 8P L T E P WE

Supported Wireless Series Variants

Domains for C1121X * Cisco
E Europe C112x CPU 1.2 GHz
Name of the
B North America sub-series
C1161 CPU 1.6 GHz
Pluggable
Z Australia/Brazil LTE Module
New Zealand 8 GB
DRAM/FLASH *Only for IOS-XE based ISR1100
A Canada Wireless E Doesn’t apply to Vipela OS based
WAN Interface Type domain ISR1100-4G/6G

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Wireless WAN Overview
LTE-Advanced Pro
Maximum Data Rate
Region Modem
(DL/UL) Mbps
• 1.2 Gbps Download
• Carrier aggregation AT&T, T-Mobile

• CBRS – Band 46,48, 66, 71 Global CAT 4 150/50

• Dying gasp Verizon

Europe, North America

300/50
CAT 6
Latin America, APAC,
• Auto SIM switching ANZ

• Mobile IP - PMIPv6 Global CAT 18 1200/150

• 4x4 MIMO

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Category 4 USB Dongle

Single Micro SIM

CAT 4 LTE

Supported on
LTE Antenna
ISR 1000 Series
75/50 Mbps
only

Modem Types Region Bands

D-LTE-GB Global Bands 1,3,7,8,20,28

D-LTE-AS ASEAN Bands 1,3,5,8,40,41

North Bands
D-LTE-NA
America 2,4,5,12,13,14,17

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
ISR 1100 Non SD-WAN
Licensing and packaging model

IP Security Performance
HSEC* (Optional Add-on License)
Removes Performance Security License Mandatory
shaper & tunnel count
for IPSec 1100 Series 4 Port: 100 Mbps upgrade
1100 Series 8 Port: 200 Mbps upgrade

Application Experience Security

(Optional Add-on License) (Optional Add-on License)

MPLS, PfR, AVC,NBAR, IP SLA Probe… VPN ( DMVPN, GETVPN, Flex VPN..), Firewall, Open DNS Connector… 50
Mbps Crypto Throughput Default

IP Base
(Default)
Routing Protocols, ACL, NAT, QoS, BFD…
* Available with IOS XE 16.7.1

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
 References: For your refererence

Software Feature Set Overview

C1100 Additional License C1100 Additional License
RIPv1/v2  Easy VPN  SEC License
EIGRP  GETVPN/DMVPN  SEC License

Security
Protocols
Routing

BGP  Firewall  SEC License

OSPF  OpenDNS
 SEC License
IPv6  Connector

PfR  AppX License Snort IPS -

VLANs 
DMVPN  SEC License
Storm Control -
PfR  AppX License
SPAN 
AVC  AppX License
Switching

PoE/PoE+ 

SD-WAN
ZBFW  SEC License
MAC Filtering 
NETCONF/YANG From IOS XE 16.9
802.1x 
Snort IPS -
Port Security 
WAAS Express /
-
Protected Port  ISR-WAAS

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
 References: For your refererence

Software Feature Set Overview

C1100 Additional License
Autonomous / Unified Mode 
Wireless

802.11ac Wave 2 
Mobility Express 

Carrier Aggregation 
LTE

PMIPv6  AppX License

EEM
Management


Embedded

IP SLA Initiator  AppX License

Flexible NetFlow 

WFQ/CBWFQ 
LLQ 
HQoS 
QoS

RSVP 
NBAR  AppX License
DiffServ 

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Understanding Cisco 1100 Performance
1100 Non-crypto throughput is unshaped
• Performance level in between 4221 and 4321
1100 IPsec Crypto throughput is shaped
• 50 Mbps @ Factory default

Activating IPsec Performance license

• Up to 250 Mbps with IPSec - 256 AES (C1100-8P)
• Up to 150 Mbps with IPSec - 256 AES (C1100-4P)

HSEC License disables the shaper for crypto throughput

• Up to 480 Mbps with IPSec - 256 AES (C1161-8P)
• Up to 230 Mbps with IPSec - 256 AES (C1100-4P)

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
 For your refererence
ISR 1100 Performance

C1100-4P with HSEC C1100-8P with HSEC C1161-8P with HSEC

CPU Clocking 800MHz 1.2GHz 1.6GHz

CEF IMIX 1.2 Gbps 1.7 Gbps 1.8 Gbps

IPsec (AES256) IMIX 230 Mbps 335 Mbps 480 Mbps

NAT IMIX 660 Mbps 960 Mbps 1130 Mbps

HQoS IMIX 650 Mbps 910 Mbps 1230 Mbps

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
ISR 1100
SDWAN Use cases

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
 SD-WAN Cloud Edge Portfolio with New Platforms
Branch Aggregation
NEW
ISR 1000 ISR1120 / 1160 ISR 4000
(New 25 SKUs) ASR 1000
XE SD-WAN
IOS-XE /

• WAN and voice module flexibility

• Integrated wired and • High Performance • High-performance service with
wireless access • Compute with UCS E hardware assist
• WWAN pluggable
• LTE Advanced Pro flexibility • Container Architecture • Modular ASR 1K is not supported
• VDSL2,ADSL2/2+ • PIM: 4G LTE • Slot Modularity, RPS
CAT4/6/18 • 1GE, 10GE options

NEW
vEdge 2000 vEdge5000
Viptela OS

ISR1100-4G ISR1100-4GLTE ISR1100-6G vEdge 100 vEdge 1000

4 GE WAN ports 4G LTE (CAT4) 6 WAN ports (4GE and 2 SFP) RPS, PIM options Modularity, RPS
4 GE RJ45 WAN ports 8 GE SFP WAN ports

Virtualized
Cisco ENCS • Service chaining virtual functions • Extend Enterprise routing,
vEdge Cloud CSR 1000V
• Options for WAN connectivity security & management to
• Software Router Platform
• Open for 3rd party services & apps Cloud
• Can be deployed in private,
• NFVIS Hypervisor • Cisco DNA virtualization
public, and hybrid cloud

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
ISR 1100-4G & ISR 1100-6G
ISR1100 routers for SD-WAN with Viptela OS

Robust Performance SD-WAN Support Branch Optimized

• Multicore x86 architecture • Powered by Viptela OS • Compact form factor

• Dedicated core for control plane • Central management w/ vManage • Unmatched prize/performance
• Integrated LTE modem option * • Feature parity with vEdge platforms • Fiber Uplinks**

Investment Protection
Planned for future IOS-XE support
** ISR1100-4GLTE models only
** ISR1100-6G only

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Platform Evolution for vEdge Powered by Viptela OS 19.2
vEdge Series Next-Generation vEdge

vEdge 100B ISR 1100-4G

• 4 Ethernet WAN ports

vEdge 100M ISR 1100-4GLTExx*

* xx = LTE domain

• 4 Ethernet WAN ports

• Integrated LTE (CAT4)

vEdge 1000 ISR 1100-6G

• 6 WAN ports (4GE and 2 SFP)

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
 For your refererence
Cisco ISR1100-4GLTE

Throughput on par with Next Generation

vEdge 100m vEdge

4 x 10/100/1000 Ethernet Fanless design

Cisco Built Hardware with

4GB Memory
TWS*

Cat-4 LTE (4GLTE model) Viptela OS

* Trust Worthy Systems

Cyber Threat protection

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
 For your refererence
Cisco ISR1100-6G

Throughput on par with Next Generation

vEdge 1000 vEdge

4 x 10/100/1000 Ethernet
Fanless design
2 x 1G SFP Ethernet

4 GB Memory Cisco Built Hardware with

TWS*

Supported SFPs
Viptela OS • VIP-SFP-1GE-BASET
• VIP-SFP-1GE-SX
• VIP-SFP-1GE-LX
* Trust Worthy Systems
Cyber Threat protection

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
ISR1100-4GLTE Block Diagram

2 cores enabled
C1100 Integrated
4GB DRAM IOS PP1 2-Core X86 LTE Modem
Intel X86
8GB Flash PPE Crypto
Engine
USB 3.0
Type A Viptela OS
Quad PHYs

GE GE GE GE
RJ45 RJ45 RJ45 RJ45

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
ISR1100-6G Block Diagram

4 x cores enabled
C1100
4GB DRAM IOS PP1 4-Core X86
Intel X86
WAN GE Phy
8GB Flash PP2
PPE PP3 Crypto
Engine
USB 3.0 WAN GE Phy
Type A Viptela OS
Quad PHYs

GE GE GE GE
RJ45 RJ45 RJ45 RJ45

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
 For your refererence
ISR1100-4/6G Performance and Scale

ISR1100-6G ISR1100-4G(LTE)

SDWAN:
845 / 301 Mbps 449 / 125 Mbps
IPSec+QoS+DPI+CFLOWD+NAT
(vEdge 1000 @ IMIX – 345Mbps) (vEdge 100 @ IMIX – 112Mbps)
Perf., 1400B / IMIX
SD-WAN Tunnel 1500 247*

IPv4 Routes 128,000 10,000*

VPNs 64 64

CFLOWD 65,000 8,000

* Release 19.2 Planned to be improved.

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
SFP Support on ISR1100-6G

SKU Description Standard(s) supported

VIP-SFP-1GE-BASET Pluggable transceiver 10BASE-T

1GE BaseT 10/100/1000 100BASE-TX
1000BASE-T
VIP-SFP-1GE-SX Small form-factor pluggable transceiver 1000BASE-SX
1GE SX Multimode 850nm
VIP-SFP-1GE-LX Small form-factor pluggable transceiver 1000BASE-LX
1GE LX Singlemode 1310nm

Cisco SFPs not planned to be tested for Viptela OS

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
 ISR 1100
SDWAN Security
Capabilities
&
Requirements

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
 Cisco SD-WAN Security – Platform Support
All Services
URL-Filtering
ISR 4000 Onboard, using 82+ web categories

Intrusion Protection System

ISR 1100 Onboard IPS engine powered by TALOS

CSR 1000v
Adv. Malware Protection
File Reputation and Sandboxing

App Aware FW and ENCS 5400

DNS/web-layer security Enterprise Firewall
+1400 layer 7 apps classified

DNS/web-layer security
Simplified Cloud Security
ASR 1000 Cisco Umbrella
vEdge & ISR1100-4/6G

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
SD-WAN Security Support on vEdge &
ISR1100-4G/6G
Viptela OS 19.2
Viptela DNS/web-layer
Platforms/Features DPI
Ent FW Monitoring**
ISR1100*, vEdge100, 1000, 2000
Y Qosmos Y
and 5000

* Viptela OS ISR1100-4G/6G models only

• Support for IOS-XE planned for 2nd half CY20
** Need Umbrella Subscription for enforcement

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
 SD-WAN Security IOS-XE Routers – 16.10.1

Ent App URL DNS/web-layer

Platforms/Features IPS/IDS
Aware FW Filtering Monitoring *
Cisco - CSR Y Y Y Y

Cisco – ENCS (ISRv) Y Y Y Y

Cisco – ISR4K (4451, 4431, 4351,

Y Y Y Y
4331, 4321, 4221-X)

Cisco – ISR1K Y Y** Y** Y

Cisco - ASR1K 1001-HX, 1002-HX,

Y N/A N/A Y
1001-X, 1002-X)

* Need Umbrella Subscription for enforcement

Ent FW App Aware and DNS/web-layer security will work with default 4 GB DRAM
** 1100X 8GB DRAM models only

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Security App Hosting Profile and Resources

App Hosting Security Profile Features Memory requirement Platform

Profile Supported
IPS + URLF (Cloud Lookup only) 8GB Bootflash 8GB Memory 1100X/4221/4321
Default 4/8 vCPU CSR/ISRv
( X-SKUs only for 1100) 4331/4351/44xx
IPS + URLF (On-box DB + Cloud 16GB Bootflash & 16GB 4/8 vCPU CSR/ISRv
High Lookup) Memory 4331/4351/44xx
( Not supported on 1100)

Ent FW App Aware and DNS/web-layer security will work with default 4 GB DRAM

Ent FW App Aware and DNS/web-layer security will work with default 4 GB DRAM
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
 For your refererence
SD-WAN Security ISR4K/1K Throughput
1024K Object Size - 780B

ISR4461 ISR4451-X ISR4431 ISR4351 ISR4331 ISR4321 ISR4221 C1111X-8P

(Mbps) (Mbps) (Mbps) (Mbps) (Mbps) (Mbps) (Mbps) (Mbps)

100%DIA(NAT+FW+DPI) 2490 1029 714 530 440 230 178 240

100%DIA(NAT+FW+DPI+IPS+URLF) 680 310 166* 205 170 83 62 75

100%DIA(NAT+FW+DPI+IPS+AMP+TG) 504 259 144* 195 165 81 60 71

* Security features like IPS/URLF/AMP/TG run in the service plane core

* ISR 4431 service plane core clock rate @1.0GHz, while ISR 4351 service plane core clock rate @2.4GHz, and 4331 service plane core
clock rate @2.0GHz, therefore lower throughput.

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Cisco SDWAN Performance License Matrix
IOS-XE SDWAN ISR 4321/4221/1100 Platforms

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
 Bandwidth Metering
Cisco DNA Subscriptions

With Cisco DNA subscription, bandwidth entitlement

3Mbps Up
3Mbps Down
6Mbps Up
15Mbps Down
20Mbps Up
75Mbps Down
is the sum of total bandwidth utilization (either
upstream or downstream) across all WAN circuits.
MPLS LTE Internet

Examples:

In the example, bandwidth utilization adds to

For a 100 Mbps license, 3+15+75= 93 Mbps (downstream) and to 3+6+20=
1 2 3 utilization can be up to 29 Mbps (upstream). Considering the maximum
100 Mbps upstream and utilization, you will need a 100 Mbps license,
100 Mbps downstream permitting you to use 100 Mbps up and 100 Mbps
down for 200 Mbps of aggregate bandwidth.

Aligned with how service providers sell WAN bandwidth

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
 • WebUI Introduction
• Hardware Utilization
• Monitoring Resources

ISR 1100 • Packet Flow

• Dataplane health check

Troubleshooting
&
Monitoring

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
IOS-XE WebUi – Graphical User Interface

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
WebUi – Configuration Wizard
WebUi equivalence of Cli config: ip nat inside source list 102 interface GigabitEthernet0/0/0 overload

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
WebUi – Application Visibility
• Requires Appx Feature package
• One additional line of interface configuration
required:
ip nbar protocol-discovery
Let’s look
closer at the
Green traffic

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
WebUi - Troubleshooting Tools

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
WebUi – Troubleshooting Tools

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
 C1101#sh pla har qf act infrastructure exm stat

QFP exmem statistics

Type: Name: DRAM, QFP: 0

Total: 201326592
InUse: 82447360
Free: 118879232
Lowest free water mark: 118878208
Type: Name: IRAM, QFP: 0
Total: 2097152
C1101#show platform hardware qfp active datapath utilization
InUse: 211968
CPP 0: Subdev 0 5 secs 1 min 5 min 60 min
Free: 1885184

Monitoring my HW
Input: Priority (pps) 0 0 0 0
Lowest free water mark: 1885184
(bps) 0 0 0 0
Non-Priority (pps) 13 10 10 9

resources in Cli
(bps) 8952 13976 15136 9824
Total (pps) 13 10 10 9
(bps) 8952 13976 15136 9824
Output: Priority (pps) 0 0 0 0
(bps) 0 0 0 0
Non-Priority (pps) 1 3 3 2
C1101#sh platform hardware qfp active datapath infrastructure sw-cio
(bps) 2088 15184 15208 15176
Credits Usage:
Total (pps) 1 3 3 2
(bps) 2088 15184 15208 15176
Core Utilization
Processing: Load (pct) 1 1 1 1
----------------
ID: 0 1
% PP: 3.24 0.00
% RX: 0.00 4.09
% TM: 0.00 3.67
% CRYPTO: 0.00 0.00
% IDLE: 96.76 92.24
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Monitoring CPU Resources on my C1100
IOSd processor only
C1101# show processes cpu
CPU utilization for five seconds: 3% one minute: 3%; five minutes: 3%

Core 0: Always same as

sh process cpu C1100
C1101# show processes cpu platform sorted
IOS Control Plane
CPU utilization for five seconds: 18%, one minute: 18%, five minutes: 18% SVC
(2 cores)
Core 0: CPU utilization for five seconds: 3%, one minute: 3%, five minutes: 3%
Core 1: CPU utilization for five seconds: 2%, one minute: 3%, five minutes: 3% PPE I/O
Data Plane
(2 cores)
Core 2: CPU utilization for five seconds: 8%, one minute: 7%, five minutes: 7%
Core 3: CPU utilization for five seconds: 60%, one minute: 61%, five minutes: 61%
Pid PPid 5Sec 1Min 5Min Status Size Name
--------------------------------------------------------------------------------
19866 18993 74% 74% 74% S 699367424 qfp-ucode-tsn
Last core - I/O scheduler
22816 22582 1% 1% 1% S 27967488 ngiolite core. High % = Normal
13314 12505 1% 1% 1% S 1752436736 linux_iosd-imag
23760 23754 0% 0% 0% S 144998400 nginx

“Looking for work” process.

High % = Normal

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Monitoring PPE (Data Plane) Forwarding state

Show summary of Dataplane load in Packets & Percentage

C1101#show platform hardware qfp active datapath utilization
C1100
CPP 0: Subdev 0 5 secs 1 min 5 min 60 min
Input: Priority (pps) 0 0 0 0 IOS SVC Control Plane
(bps) 0 0 0 0 (2 cores)

Non-Priority (pps) 13 10 10 9
Data Plane
(bps) 8952 13976 15136 9824 PPE I/O (2 cores)

Total (pps) 13 10 10 9
(bps) 8952 13976 15136 9824
Output: Priority (pps) 0 0 0 0
(bps) 0 0 0 0
Non-Priority (pps) 1 3 3 2
(bps) 2088 15184 15208 15176
Total (pps) 1 3 3 2
(bps) 2088 15184 15208 15176
Processing: Load (pct) 1 1 1 1

Tip: Lowest most line got the total load in %

(Taken from my idling lab router, hence the low%)

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Monitoring Overall PPE load – C1100
Look at every core assigned to packet forwarding (PPE), regardless of what license you’re running

C1101# show platform hardware qfp active datapath infrastructure sw-cio

Credits Usage:

Core Utilization
----------------
ID: 0 1
% PP: 3.24 0.00
% RX: 0.00 4.09
% TM: 0.00 3.67
% CRYPTO: 0.00 0.00
% IDLE: 96.76 92.24

C1100 For each PPE core

Control Plane
• look at % used for packet processing (PP)
IOS SVC (2 cores)

For I/O assigned core look at

Data Plane
(2 cores)
PPE I/O

• % used for In-Out packet scheduling (RX & TM)

• % used for crypto operation, where applicable
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Monitoring PPE Usage
Looking for bottlenecks – 4331 Example
show platform hardware qfp active datapath infra sw-cio

stefs_Sword# show platform hardware qfp active datapath infra sw-cio

Core Utilization
----------------
ID: 0 1 2 3 4 5
% PP: 42.15 41.55 41.76 41.71 41.97 0.00
% RX: 0.00 0.00 0.00 0.00 0.00 43.02
% TM: 0.00 0.00 0.00 0.00 0.00 30.00
% CRYPTO: 0.00 0.00 0.00 0.00 0.00 26.98
% IDLE: 57.85 58.45 58.24 58.29 58.03 0.00

Uh-oh ! Core 5 (I/O) out of capacity Well..Whaddaya know...

Crypto maxed it out
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
 For your refererence
Build an Early Warning System Hey !!
It’s getting a
bit sweaty
here

Warn me when my data plane load exceeds 90% C1100

PPE I/O Data Plane
(2 cores)
C1101(config)# platform qfp utilisation monitor load 90

IOS SVC

Control Plane
(2 cores)

When traffic exceeds 90% load

Jan 29 03:28:03.647: %IOSXE_QFP-2-LOAD_EXCEED: Slot: 0, QFP:0, Load 93% exceeds the setting threshold.

After traffic is falling back under the limit:

Jan 29 01:57:33.591: %IOSXE_QFP-2-LOAD_RECOVER: Slot: 0, QFP:0, Load 54% recovered.

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
 For your refererence
Health-Check-Control Plane
Router# show platform Router#show platform software status control-processor brief

Chassis type: C1111-8P Load Average

Slot Status 1-Min 5-Min 15-Min
Slot Type State Insert time (ago) RP0 Healthy 1.56 1.61 0.99
--------- ------------------- --------------------- -----------------
0 C1111-8P ok 00:03:16 Memory (kB)
0/0 C1111-2x1GE ok 00:01:07 Slot Status Total Used (Pct) Free (Pct) Committed (Pct)
0/1 C1111-ES-8 ok 00:01:07 RP0 Healthy 3446320 2188804 (64%) 1257516 (36%) 1934740 (56%)
R0 C1111-8P ok, active 00:03:16
F0 C1111-8P ok, active 00:03:16 CPU Utilization
P0 PWR-12V ok 00:02:52 Slot CPU User System Nice Idle IRQ SIRQ IOwait
RP0 0 1.11 1.52 0.00 97.36 0.00 0.00 0.00
Slot CPLD Version Firmware Version 1 0.81 1.52 0.00 97.65 0.00 0.00 0.00
--------- ------------------- --------------------------------------- 2 1.58 5.19 0.00 93.22 0.00 0.00 0.00
0 17100501 16.6(1r) 3 9.01 29.79 0.00 61.18 0.00 0.00 0.00
R0 17100501 16.6(1r)
F0 17100501 16.6(1r)

Router# show platform diag

Router# show facility-alarm status critical Chassis type: C1117-4PLTEEA

system Totals Critical: 4 Major: 0 Minor: 0
Source Time Severity Description [Index] Slot: 0, C1117-4PLTEEA
------ ------ -------- ------------ ------- Running state : ok
GigabitEthernet0/1/0 Jul 12 2017 22:27:25 CRITICAL Physical Port Link Down [1] Internal state : online
GigabitEthernet0/1/1 Jul 12 2017 22:27:25 CRITICAL Physical Port Link Down [1] Internal operational state : ok
GigabitEthernet0/1/2 Jul 12 2017 22:27:25 CRITICAL Physical Port Link Down [1] Physical insert detect time : 00:01:52 (09:02:14 ago)
GigabitEthernet0/1/3 Jul 12 2017 22:27:25 CRITICAL Physical Port Link Down [1] Software declared up time : 00:03:12 (09:00:54 ago)
CPLD version : 17100501
Firmware version : 16.6(1r)RC3

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
 For your refererence
Health Check Continue- Data Plane
C1100#show platform hardware throughput level
The current throughput level is unthrottled

C1100#show platform hardware throughput crypto

The current crypto level is 50000 kb/s

C1100#sh platform hardware throughput-monitor parameters

Throughput monitor parameters

Throughput monitor threshold: 95 percent

Throughput monitor interval: 300 seconds
C1100#show platform hardware qfp active infrastructure exmem statistics Throughput monitor status: enabled
QFP exmem statistics
Type: Name: DRAM, QFP: 0
Total: 134217728
InUse: 15271936 C1100#sh platform hardware qfp active statistics drop
Free: 118945792 -------------------------------------------------------------------------
Lowest free water mark: 118556672 Global Drop Stats Packets Octets
Type: Name: IRAM, QFP: 0 -------------------------------------------------------------------------
Total: 2097152 L2ESInputInvalidSvi 1 90
InUse: 211968
Free: 1885184
Lowest free water mark: 1885184
Type: Name: SRAM, QFP: 0
Total: 0
Session update : Advanced
InUse: 0
Free: 0 troubleshooting of the ASR1K and ISR
Lowest free water mark: 0
(IOS-XE) made easy - BRKCRS-3147
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Did You bring
enough Memory
to the Party?
Monitoring Your
Memory resources

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
ISR Memory
Which Partition Does What?
• Control Plane Memory partítion:
• IOS: Holds the IOS daemon
• This daemon holds the IOS system as well Control Plane Tables (Routing Information Base etc.)
• Linux: Holds the Linux kernel
• Linux also allocates memory for service containers
• The Linux portion grows when IOS is growing due to information replication into other processes

• Data Plane Memory / Memory partition:

Used exclusively for data plane services
• Buffer: Packet Buffering
• System: Runs forwarding process - CPP Dataplane internal Microcode on ISR4400
• EXMEM: EX Memory, Used for forwarding process
• Holds FIA ( Feature Invocation Array )
• Grows when scalable features are configured (MPLS FIB, NAT Table, ZBFW etc.).
• Fixed partition size

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
ISR Memory allocation Overview
ISR4400 - 4GB CP + 2 GB DP
Linux
EXMEM
IOSd

750 MB Linux 750 MB 750 MB free 1000 MB 470 MB 280 MB 750 MB packet 750 MB 40 MB 472 MB
OS Linux Cache IOS dHeap IOSd IOSd buffer system EXMEM EXMEM
used free free free used used free

ISR4300.4200,1100 - 4GB CP + DP
IOSd

Linux

Packet Buffer
950 MB 750 MB 1000 MB 530 MB 220 MB

300 MB
100 MB
Linux OS Linux Cache IOS dHeap IOSd IOSd

free
used free free free used

236 MB 20 MB
EXMEM EXMEM
free used
BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Monitoring C1101#show platform hardware qfp active infrastructure exmem statistics
QFP exmem statistics

C1100 4GB DRAM Type: Name: DRAM, QFP: 0

Total: 201326592
InUse: 82447360
C1101#sh memory platform information
Free: 118879232
Memory (kB)
Lowest free water mark: 118878208
Physical : 3758800
Type: Name: IRAM, QFP: 0
Total : 3758800
Total: 2097152
Used : 2397200
InUse: 211968
Free : 1361600
Free: 1885184
Active : 2241576
Lowest free water mark: 1885184
Inactive : 709888

Buffers (kB) : 292612

Packet Buffer
680 MB 750 MB

200 MB
EXMEM
292 MB
2GB
IOS dHeap IOSd
Linux OS

C1101#sh memory
Tracekey : 1#55a11728f207abb2b0754ca9d14819aa
434MB 316 MB 118 MB
IOSd IOSd EXMEM 82 MB
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b) free used free EXMEM
Processor 7F52DE3010 1488163048 316431268 1171731780 775041760 713031588 used
lsmpi_io 7F521821A8 6295128 6294304 824 824 412
Dynamic heap limit(MB) 680 Use(MB) 0

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
 Monitoring C1100 Control Plane Memory
( Same on ISR 4000 )
C1101# show version
Cisco IOS XE Software, Version 16.09.02
< snip>
System image file is "bootflash:c1100-universalk9_ias.16.09.02.SPA.bin"
<snip>
cisco C1101-4P (1RU) processor with 1453284K/6147K bytes of memory.
Processor board ID FGL2302154D Reserved IOS Memory
1 Virtual Ethernet interface
Total CP&DP 5 Gigabit Ethernet interfaces
Memory 32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
2863103K bytes of flash memory at bootflash:.
Total Flash Memory

Total reserved Total used Total free IOS Memory

IOS Memory (includes dHeap) IOS Memory (includes dHeap)
C1101# show memory

Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)

Processor 7F52DE3010 1488163048 316431268 1171731780 775041760 713031588
lsmpi_io 7F521821A8 6295128 6294304 824 824 412
Dynamic heap limit(MB) 680 Use(MB) 0

Total available dHeap dHeap used

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Monitoring C1100 Data Plane EXMEM
( Same on 42/43/4400 )

Cli output – 4GB DRAM C1101

C1101#show platform hardware qfp active infrastructure exmem statistics
QFP exmem statistics

Type: Name: DRAM, QFP: 0

Total: 201326592 DP Memory reserved (DRAM + IRAM)*
InUse: 82447360 * IRAM = Internal RAM
DP Memory used (DRAM + IRAM) • Mem allocation used by the system
Free: 118879232
Free DP Memory (DRAM + IRAM) • ~ 2 MB on ISR1100

C1101#show platform resources

**State Acronym: H - Healthy, W - Warning, C - Critical
Resource Usage Max Warning Critical State
----------------------------------------------------------------------------------------------------
Total CP DRAM used - Linux + IOS Total CP DRAM available – Linux + IOS
RP0 (ok, active) H
Control Processor 7.70% 100% 80% 90% H
DRAM 2339MB(63%) 3670MB 88% 93% H
ESP0(ok, active) H
QFP H
DRAM 80515KB(40%) 196608KB 80% 90% H

80MB DP EXMEM used 197MB Total DP EXMEM Available

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Monitoring DP Memory in WebUi

WebUi output – 4GB DRAM C1101

DP & EXMEM partition

DP & EXMEM partition

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
 Monitoring DRAM – Looking for bottlenecks
show platform hardware qfp
show platform resources show memory show platform software active infrastructure
IPv4 BGP
status control-processor brief exmem statistics
Routes
Total Total Heap
Reserved CP Reserved DP used Free Used committed InUse Free
0 3773MB(97%) 22MB(8%) 229MB 1498MB 0MB 2302MB (58%) 23MB 244MB
100000 3830MB(99%) 49MB(18%) 366MB 1362MB 0MB 2457MB (62%) 50MB 218MB
200000 3830MB(99%) 59MB(22%) 507MB 1220MB 0MB 2609MB (66%) 60MB 207MB
300000 3830MB(99%) 67MB(25%) 641MB 1087MB 0MB 2762MB (70%) 69MB 199MB
400000 3829MB(99%) 77MB(29%) 782MB 946MB 112MB 3030MB (77%) 79MB 188MB
500000 3828MB(99%) 86MB(33%) 919MB 808MB 240MB 3313MB (84%) 88MB 179MB
600000 3828MB(99%) 96MB(36%) 1056MB 671MB 368MB 3598604 (91%) 98MB 170MB

Example shown: 4300 @ 4GB DRAM

EXMEM / QFP (data plane) memory
• Only marginally impacted by Control plane tasks
• Memory usage will increase with complex configuratoins ( no actual traffic needed )
Should be monitored closely when using large RIBs:
• Committed memory: IOS + Heap + Linux Memory earmarked for processes

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Memory Bottlenecks
There are 3 main possible memory bottlenecks:
1. IOSd Memory
• Even including dHeap there is a limit to how big IOSd can grow
2. Linux Memory
• Linux memory grows at about the same rate as IOSd memory
• You can protect Linux by restricting IOS memory
C1101(config)#platform memory set 1000 (750MB + 250MB = IOS + a limited HEAP of 250MB )

3. EXMEM (Data Plane memory)

• Could in extreme cases pose a limitation as it can’t be increased
• Consider in those cases 4400 series with up to 5x the EXMEM size than C1100

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
 • Future proof device accommodating
current market needs
• A true Branch-in-a-box platform.
• Routing, Comprehensive Security,
Cisco ISR 1100 Switching, Advanced LTE & WLAN - All in
one small form factor platform
Key Takeaways • Same architecture on all IOS-XE based
C1100 platforms
• ISR1100-4G & 6G Available with Viptela OS
• Easy, elaborate Monitoring &
Troubleshooting through WebUi

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Questions

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Complete your
online session
survey • Please complete your session survey
after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live t-shirt.
• All surveys can be taken in the Cisco Events
Mobile App or by logging in to the Content
Catalog on ciscolive.com/emea.

Cisco Live sessions will be available for viewing on

demand after the event at ciscolive.com.

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Continue your education

Demos in the
Walk-In Labs
Cisco Showcase

Meet the Engineer

Related sessions
1:1 meetings

BRKARC-2005 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Thank you