Cisco ISR4321/K9 Product Data Sheet
White Paper
Cisco 4000 Series Integrated Services Routers: Architecture for Branch-Office Agility
The Cisco® 4000 Series Integrated Services Routers (ISRs) are designed for distributed organizations with multiple branch offices and remote sites. Today's branch offices offer full services through cloud, mobile, and multimedia applications, and require increased direct communication with both private data centers and public clouds across VPNs and the Internet. They also need a low total cost of ownership (TCO) for their networking hardware.
The Cisco 4000 Series ISRs extend the capabilities of previous-generation Cisco branch-office routers by offering increased bandwidth with fewer and physically smaller boxes, WAN traffic management to deal with new applications and use patterns, performance-on-demand capability, and consolidation of servers.
Challenges of the Branch Office
In the past, branch offices and remote sites provided static connectivity to local or data center–hosted applications. Because branch offices today serve up to 80 percent of employees, organizations are now facing the task of providing full-service branch offices with dynamic connectivity in order to accommodate a mobile workforce as well as the increased use of cloud-based applications. Businesses today are innovating with a new class of immersive applications, introducing highdefinition (HD) video, location services, and other rich media services to promote employee productivity and customer loyalty.
However, network operating resources have not increased in proportion to actual requirements, resulting in branch-heavy businesses finding themselves having to handle an increasingly complex network with a relatively small number of IT staff. Add to that limited rack space for additional, required appliances plus limited budgets for hardware, energy usage, and cooling. These limitations make it difficult to operate
a branch network consisting of an ever-increasing plethora of services, plus a growing number of required network service appliances.
Mobile users, cloud services, and multimedia applications have increased the demands on networks, with both higher network loads and new traffic patterns. WAN optimization, deep packet inspection, and advanced trafficmanagement techniques are more or less required today to support the new traffic patterns and application-based network policies that come from the use of cloud-based services. In addition, for services such as public cloudbased applications and guest networks, branch offices are realizing significant cost savings by using local Internet breakouts rather than hair pinning traffic through the data center. As effective as this practice may be, it adds a whole new dimension to a business’s security policy, since every branch will be exposed to the Internet. With that
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. |
Page 1 of 8 |
many points to protect, the security posture must be of the intelligent self-learning type to protect against day-zero attacks without manual intervention by network operators. Given the nature of today’s threats, the security policy must furthermore protect the business against threats from inside, in addition to the traditional attacks from outside that we’re used to protecting against.
Introducing the New Integrated Services Router Architecture from Cisco
The Cisco 4000 Series ISRs build on 20 years of branch-office routers, adding services and throughput for the needs of modern branch offices and allowing businesses to:
●Quickly open new remote offices or easily add services
●Operate an entire branch office with a single platform
●Give IT departments more time for innovation by automating repetitive tasks and orchestrating security and application services
●Provide solid, automated, intelligent security against today’s cyber threats at all points in the network
The new architecture addresses the problems that modern branch offices face without giving up any of the existing services of previous-generation Cisco branch-office routers. It also brings virtualization to networking so that IT can adopt services faster and repurpose resources as needs change. Virtualization furthermore delivers additional computing power for local application survivability, data backup, and local analytics processing.
The new architecture of the Cisco 4000 Series ISRs delivers up to 2 Gbps in a converged platform, making it 4 to 10 times faster, on average, than the previous-generation ISRs with typical branch services enabled. The WAN and application optimization services of the 4000 Series ISRs include Cisco Application Visibility and Control (AVC), allowing IT to assess capacity planning; and Cisco Performance Routing Version 3 (PfR v3), which automatically sends traffic across the best connection for current network conditions. Not only does this architecture allow a branch office to run the network with a single platform, it also allows the use of converged network, computing, and storage resources in the same platform. The virtualization technology available within the Cisco 4000 Series and through additional data center–class server modules offers new levels of converged capability.
The Cisco 4000 Series includes several important features that make it a perfect choice for today’s branch offices:
●Price for performance: The 4000 Series allows branch offices to handle increased bandwidth using a single box without the need for additional optimization appliances, and it can be managed by a small IT staff. The 4000 Series is built from the ground up to run complex service combinations in concurrent Intelligent WAN (IWAN) services, including security, application optimization, AVC, and PfRv3 for intelligent path selection.
●Performance on demand (pay as you grow): Branch offices can upgrade to a higher throughput without having to install a new platform. Each model in the 4000 Series offers additional performance over the base level that can be activated remotely when needed, simply by turning on a license. For example, a branch office might implement a Cisco 4351 ISR with a baseline performance of 200 Mbps. A couple of years later, when the use of new applications and traffic patterns mandates higher bandwidth, the network operator can log in and turn on the high-performance license, increasing the throughput to 400 Mbps. The entire operation is done in minutes and at a fraction of the cost of buying a new router.
●Services on demand: A built-in generic X86 architecture allows for KVM-based virtual machines to run within the 4000 Series. Essential branch-office services, which the branch office might already be running
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. |
Page 2 of 8 |
on discrete servers, can thus instead run natively on the router, thereby consolidating branch servers and appliances and reducing the branch’s hardware footprint and power usage.
Unprecedented built-in security: In addition to traditional security features such as zone-based firewall and encryption, the 4000 Series introduces a whole new range of highly intelligent built-in security offerings, specifically tailored to today’s cyber threats. Cisco Umbrella is a cloud security platform that provides the first line of defense against threats on the internet wherever users go. It is an agent built into Cisco IOS® Software that protects against malicious DNS traffic originating from inside the branch office. It keeps malware or already compromised hosts from reaching command and control servers and initializing or extracting data and using the branch as exit point. Cisco Stealthwatch® Learning Network (SLN), an app installed in a 4000 Series service container, provides artificial intelligence-like security with full dayzero protection, in that it learns the branch’s normal traffic pattern and then looks for anomalies. A specific traffic pattern preceding an attack will thus not need to be known in order to be acted upon.
●Market-leading cyber resiliency: All 4000 Series ISRs ship with market-leading built-in cyber resiliency to help protect the router itself from being compromised. Enhanced Secure Boot and OS Validation protect against malicious software at startup time. Hardware mechanisms prevent attackers from modifying the system in order to change functionality. Encrypted storage of credentials protects against physical tampering with the intent of stealing secrets.
●Scalable services: The Cisco 4000 Series ISRs support Cisco Unified Computing System™ (Cisco UCS®) E-Series blade servers, which are comparable to a full-size server. The UCS-E-Series server blades run autonomously from the host router system, in that they use only the system’s power and chassis. A reset of either the router or the E-Series server will hence not affect the other. The host router and the E-Series server can furthermore be managed completely separately from each other, allowing network operations to let a different department manage the E-Series server without having to provide any access to the host router. This setup gives an IT department all the benefits of a separate data center–class server without the need to maintain another physical appliance. In addition, a separate server virtual-machine license is not required, and troubleshooting involves only one point of contact instead of multiple vendors, resulting in better uptime and reliability. As an added bonus, hardware support costs through Cisco Smart Net Total Care™ Service are bundled into the router support cost. Any Cisco UCS E-Series Servers hosted in an ISR are covered at no additional fee. This is beneficial because support fees can add up when dealing with potential hard-drive failures in a server.
Cisco 4000 Series: Technical Highlights and Comparison
The Cisco 4000 Series uses Cisco IOS XE Software, the same Linux-based OS found on the bigger ASR 1000 Series platforms. Cisco IOS XE retains the design and user interface of the Cisco IOS OS used by previousgeneration Cisco routers, yet allows the use of multicore CPUs. This setup facilitates separation of the data and control planes and uses dedicated CPUs for services.
Because the services plane is separate from the data and control planes, the router can handle more and heavier services on a single platform, allowing an office to consolidate devices. Solutions such as Cisco Unified Border Element (CUBE), Cisco Unified Survivable Remote Site Telephony (SRST), or various routing services can be deployed more easily and efficiently on a single ISR. In addition, for many of the services, such as CUBE, the scalability is significantly greater without added costs per port. Performance also remains solid across most typical branch-office deployments, providing application-specific integrated circuit (ASIC)-like performance in a highly reliable platform.
© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. |
Page 3 of 8 |
Loading...