Cisco Cisco ASR 1000 Series 40Gbps SPA Interface Processor Hoja De Datos
All contents are Copyright © 1992–2006 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 5
KEY FEATURES AND BENEFITS
Table 1 lists the primary features of the Cisco IPsec VPN SPA.
Table 1.
Features of Cisco XR 12000 IPsec VPN SPA
Feature
Description
Next-generation encryption technology
In addition to supporting Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES), the Cisco
IPsec VPN SPA supports Advanced Encryption Standard (AES), including all key sizes (128-, 192-, and 256-bit
keys). Designed to be the next-generation encryption technology, AES offers the ultimate in IPsec VPN security and
interoperability.
IPsec VPN SPA supports Advanced Encryption Standard (AES), including all key sizes (128-, 192-, and 256-bit
keys). Designed to be the next-generation encryption technology, AES offers the ultimate in IPsec VPN security and
interoperability.
High-speed VPN performance
High-speed VPN performance provides up to 2.5 Gbps of AES and 3DES IPsec throughput with large packets and
1.6 Gbps with Internet mix (IMIX) traffic.
1.6 Gbps with Internet mix (IMIX) traffic.
Scalability
Up to 20 Cisco IPsec VPN SPAs can be installed in a Cisco 12416 Router (10 slots with 2 SPAs per slot, plus 2
route processors and 4 line cards with line interfaces) to provide up to 50 Gbps of total throughput.
route processors and 4 line cards with line interfaces) to provide up to 50 Gbps of total throughput.
The Cisco IPsec SPA can scale up to 16,000 tunnels for remote access and remote user VPN access. Tunnel
establishment is relatively constant for all 16,000 tunnels with an average rate of 100 tunnels per second.
establishment is relatively constant for all 16,000 tunnels with an average rate of 100 tunnels per second.
Attractive form factor
Using the Cisco SIP cards, up to 2 Cisco IPsec VPN SPAs can be installed in each slot, or any mixture of the IPsec
VPN SPA with other interface SPA types. The half-slot form factor of the SPA reduces slot consumption and
increases total performance per slot for flexible mixing and matching.
VPN SPA with other interface SPA types. The half-slot form factor of the SPA reduces slot consumption and
increases total performance per slot for flexible mixing and matching.
Note: Support for SPA mixture on the same SIP LC will be introduced in IOS-XR3.5 release.
Jumbo-frame support
The Cisco IPsec VPN SPA supports jumbo frames of up to 9200 bytes without the need for fragmentation.
Full integration of secure VPN into the
network infrastructure
network infrastructure
The Cisco IPsec VPN SPA supports all the Cisco XR 12000 Series Router interfaces in the chassis. No separate
VPN devices are needed within the network, intranet, Internet data center, or point of presence (POP).
VPN devices are needed within the network, intranet, Internet data center, or point of presence (POP).
Comprehensive VPN features
The Cisco IPsec VPN SPA provides hardware acceleration for IPsec and generic routing encapsulation (GRE),
comprehensive support of site-to-site IPsec, remote-access IPsec, and certificate authority/public key infrastructure
(CA/PKI).
comprehensive support of site-to-site IPsec, remote-access IPsec, and certificate authority/public key infrastructure
(CA/PKI).
Diverse network traffic types and
topologies
topologies
Cisco IOS XR Software supports secure, reliable transport of virtually any type of network traffic, including multicast
and IP telephony across the IPsec VPN.
and IP telephony across the IPsec VPN.
VPN resiliency and high availability
The Cisco IPsec VPN support on XR12K harnesses the high-availability capabilities of Cisco IOS XR Software, such
as Stateful Switch Over (SSO), In Service Software Upgrade (ISSU), etc. It also supports routing over IPsec tunnels,
dead-peer detection (DPD), reverse route injection (RRI), and intra-chassis stateful failover (active-active) for IPsec
and GRE. The IPsec capabilities provide superior VPN resiliency and high availability.
as Stateful Switch Over (SSO), In Service Software Upgrade (ISSU), etc. It also supports routing over IPsec tunnels,
dead-peer detection (DPD), reverse route injection (RRI), and intra-chassis stateful failover (active-active) for IPsec
and GRE. The IPsec capabilities provide superior VPN resiliency and high availability.
Virtual Route Forwarding (VRF)-aware
IPsec VPN
IPsec VPN
VRF-aware IPsec features help enable mapping of IPsec tunnels to VRF instances to provide network-based IPsec
VPNs, and the integration of IPsec with Multiprotocol Label Switching (MPLS) VPNs. This feature helps service
providers, large enterprises, and other organizations to build secure, scalable, and virtualized VPN services across
their network infrastructures.
VPNs, and the integration of IPsec with Multiprotocol Label Switching (MPLS) VPNs. This feature helps service
providers, large enterprises, and other organizations to build secure, scalable, and virtualized VPN services across
their network infrastructures.
QoS
The Cisco IPsec VPN SPA provides complete and consistent QoS to support service-level agreements (SLAs) with
the same level of QoS that is provided on the Cisco XR 12000 Series for traditional VPN access technologies such
as Frame Relay, ATM, and VLANs.
the same level of QoS that is provided on the Cisco XR 12000 Series for traditional VPN access technologies such
as Frame Relay, ATM, and VLANs.
The features listed in Table 1 provide the following benefits for service providers and enterprises:
●
Security integrated into network infrastructure – The Cisco IPsec VPN SPA supports Cisco XR 12000 Series Routers. By
integrating VPN capabilities into these infrastructure platforms, VPN services can be delivered over a network in which the service
provider has no physical presence and remote users can access their corporate VPN securely. Furthermore, the broad range of Cisco
XR 12000 Series interfaces and services (including Session Border Control and virtual firewall in the future) can be used within the
same platform.
●
Industry-leading technology – In addition to DES and 3DES, the Cisco IPsec VPN SPA introduces AES, the new standard in
encryption technology demanded by most government agencies and leading financial institutions in the most secure network
environments.
●
High performance – Each Cisco IPsec VPN SPA can deliver up to 2.5 Gbps of AES and 3DES encrypted data traffic. Additionally,
it can terminate up to 16,000 site-to-site or remote-access IPsec tunnels simultaneously and can set up those tunnels at an average
establishment rate of 100 new tunnels per second for all 16,000 tunnels.