Yesterday, Cisco officially announced its next generation, frontline, cyber superiority Battlestar, known as the Cisco ASR 1000 series routers. This new edge router series offers a 10 fold+ increase in routing, IPSEC, and Firewall performance versus previous midrange aggregation routers with these services enabled. Much has already been reported on it, but I wanted to focus on security. Is the new Cisco ASR 1000 Series unmatched in the raw combat power it is capable of unleashing on its enemies in cyberspace? Let’s dig into the performance characteristics and combat power of this next-gen edge router to see. And keeping in mind that raw combat power per se cannot guarantee cyber combat success, we’ll also look into the technological advances that it offers.
The 40 core, quantum flow process engine (QFPE) of the ASR 1000 Series, one piece of the quantum flow processor (QFP) architecture, stands at the heart of its war fighting capability. Think of it as an autonomous CIC (combat information center). The QFPE hyper-accelerates the various security features using advanced hardware acceleration and queuing techniques. This advanced silicon allows the platform to employ all of its security features simultaneously (both offensive and defensive) without incurring a massive loss in the combat effectiveness of any one feature or the system as a whole.
The QFP architecture also includes a multi-core (8 cores) encryption assist chip. Its function is to hyper accelerate IPSEC encryption processing.
Let’s take a look at how this kind of quantum flow processing translates into increases in the platforms armament and load out.
The Cisco ASR 1000 Series specifications – Combat Power:
The modularity inherent in the ASR 1000 platform allows for future performance scalability without a fork lift upgrade. For example, the Embedded Services Processor (ESP) is a blade that can be swapped out later when a new version comes out. The new ESP contains the crypto hardware assist and the Quantum Flow Processor. So a new ESP can increase performance on all QFP services (FW, VPN, QoS, etc) as well as increase your IPSEC performance.
If you have any specific questions on the security features inherent in the new Cisco ASR 1000 series battle system just post them and I’ll try my best to get you an answer.
For more information about the security features offered in the ASR 1000 series see here:
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/data_sheet__network_security_features_for_cisco_asr_1000_series_routers.html
For general ASR1000 info see here
http://www.cisco.com/go/asr1000
The opinions and information presented here are my personal views and not those of my employeer.
Jamey Heary, CCIE No. 7680, is a security consulting systems engineer at Cisco. He leads its Western Security Asset team and is a field advisor for Cisco's global security virtual team. Jamey is the author of the recently published Cisco NAC Appliance: Enforcing Host Security with Clean Access. His areas of expertise include network and host security design and implementation, security regulatory compliance, and routing and switching. His other certifications include CISSP, CCSP, and Microsoft MCSE. He is also a Certified HIPAA Security Professional. Jamey has been working in the IT field for 14 years and in IT security for 9 years.
|
|
