Product Description
High-performance networking systems have historically been divided into routing or switching classes, with distinct hardware and software. Over time, this distinction has become less pronounced. This convergence has occurred with the evolution of feature-rich switching chips and routing chips that balance traditional Service Provider (SP)–class capabilities with many benefits of switching Application-Specific Integrated Circuits (ASICs).
Cisco 8000 Series routers complete this journey. They deliver provider-class routing functionality at unmatched density, performance, and power. This enables Cisco 8000 Series to be deployed into an unprecedented range of routing roles – all supported with a single ASIC architecture and operating system – thus streamlining qualification, deployment, and operations.
The Cisco 8000 Series combines the revolutionary Cisco Silicon One, IOS XR software, and a set of clean sheet chassis to deliver a breakthrough in high-performance routers. The 8000 Series comprises a full range of feature-rich, highly scalable, deep-buffered, on-chip High Bandwidth Memory (HBM) and 400 Gigabit Ethernet (GbE)-optimized routers ranging from 10.8 to 25.6 Tbps in a 1 RU footprint. It is also available in an industry leading, rack-mountable modular system capable of 518.4 Tbps of full-duplex, line rate forwarding.
The Cisco 8000 Series includes three distinct router architectures that utilize the Cisco Silicon One ASICs: distributed/modular, centralized, and fixed. Only the distributed/modular (8800 series) and fixed (8100/8200 series) architectures will be covered in this datasheet. Learn more about centralized router architecture here.
The Cisco 8100 and 8200 Series utilize Cisco’s Router-on-Chip (RoC) architecture to deliver full routing functionality with a single ASIC per router. Both support the full routing feature set, but the 8200 has deep buffers and expanded forwarding tables, while the 8100 Series is targeted for data center applications with lower buffering and forwarding table scale requirements.
The RoC architecture is distinguished from System-on-Chip (SoC) switches by supporting large forwarding tables, deep buffers, more flexible packet operations, and enhanced programmability. The Cisco 8100 and 8200 provide up to 25.6 Tbps of network bandwidth with lower power than similar systems.
Silicon innovation with the Cisco Silicon One ASIC
Cisco Silicon One is the first routing silicon architecture to break through the 10-Tbps benchmark for network bandwidth. This is accomplished without sacrificing route capacity, packet-per-second forwarding performance, or feature flexibility. The first-generation Q100 ASIC delivers 10.8 Tbps of throughput in 16-nm process technology, while the second-generation Q200 ASIC increases the performance to 12.8 Tbps in 7-nm process technology and now the new P100 ASIC pushes the performance even further to 19.2Tbps in 7-nm technology. Q100, Q200 and P100 ASICs deliver high-scale routing and deep buffering that typically require off-chip memories. In case of external memories, data path bandwidth is reduced due to frequent memory access. The Cisco Silicon One architecture achieves high-performance and full routing capabilities without external memories. This is enabled by the clean-sheet internal architecture that includes an on-chip High Bandwidth Memory (HBM). HBM provides a significant increase in performance while lowering power consumption. It is located on the chip package and connects to the Cisco Silicon One ASIC via an ultra-fast silicon interface. HBM is used to increase the scale of the forwarding table. G100 ASIC with 25.6Tbps performance does not use HBM and it is optimized for certain applications such as Top of Rack (ToR), leaf, spine, etc. in Data Centers and large scale AI/ML (Artificial Intelligence/ Machine Learning) networks.
The Cisco Silicon One architecture supports multiple modes of operation. It can function as an RoC, a line card network processor, and a switch fabric element. This flexibility enables consistent software in multiple roles and rapid silicon evolution.
System design innovation
Supporting the 8000 Series capabilities demanded a wide range of new approaches to platform design. By leveraging over 25 years of high-performance system design, Cisco has delivered unprecedented capacity without compromising forwarding performance or requiring oversubscription. This required new power supplies, a redesigned cooling architecture, and future-proof connectors.
The Cisco 8100 and 8200 Series routers required extensive innovation like consolidation of multiple components into a single ASIC to support high densities. Cisco Silicon One brings the capabilities of multiple chips into one single device, greatly increasing the power efficiency of the solution. As with all modern networking devices the power density of the ASIC creates a challenging thermal problem. In addition, 400GbE optics require up to six times the power of 100GbE QSFP28 modules. These challenges are addressed via advanced system design, including state-of-the-art fans and heat sinks, and QSFP-DD modular optics.
The 8800 chassis utilize a state-of-the-art orthogonal direct design with advanced cooling, high power capacity and new power supplies. The chassis and all data path components for the 8800 Series benefit from a clean-sheet design that allows the systems to take full advantage of the latest technologies and Cisco’s design expertise. This design connects all forwarding path components directly without a backplane or midplane. In the 8800 Series, the line cards are oriented horizontally, and the eight fabric cards are oriented vertically. Every major component of the 8800 Series was developed with a clean sheet approach – representing unprecedented investment and commitment to a long lifecycle for the 8000 Series.
The 8800 chassis deliver significant improvements over previous orthogonal chassis, including:
● State-of-the-art redundant fans
● Network Equipment Building System (NEBS)–compliant air filters with doors for simplified line card access
● Future-proof power capacity with power-saving internal distribution
● New power supplies for power feed redundancy with reduced provisioning
● Cable management for up to 864 fibers
Security
Security is a major concern for all Cisco customers. Attacks on networking equipment can have disastrous results. Network operators need assurance that their equipment is secure and running authorized Cisco software. Cisco 8000 Series routers support hardware root of trust based on the Trusted Computing Group (TCG) and IEEE 802.1 AR standards. This approach is far more reliable than a software-based security approach. All Cisco 8200 routers are FIPS 140-2 Level 2 compliant and support advance security features to ensure platform and OS integrity.
● Cisco secures the supply chain of every system at manufacturing time. A technology called “Chip Protection” allows customers to be assured that the hardware they receive from Cisco has no counterfeit components. This is accomplished with the use of unique identifiers that are stored inside the Trusted Anchor Module (TAM) device as a way to identify and track components through the entire lifecycle of the Cisco 8000. The checks cover all major components, including network processors, CPUs, and Field-Programmable Gate Arrays (FPGAs).
● Every image that a customer downloads from the Cisco site is cryptographically signed using Cisco private keys. Each platform has a TAM (based on the TCG standard) that uses built-in cryptographic functions to validate the image signature. Once the signature is validated, the software is considered authentic and is ready for install.
● During normal operation, the JTAG (Joint Test Action Group – a method of chip testing and verification) ports on chips are monitored. JTAG is one of the most common attack surfaces and therefore must be secured. Cisco uses a technology called “Secure JTAG” to monitor the port. If any illegal activity is detected, it is flagged and the system CPU is held in reset mode.
● Secure Boot root of trust is anchored in the TAM. It establishes an authentication chain in which each software module authenticates the next module in the boot process.
Cisco IOS XR software
Cisco IOS XR7 is a unified network OS spanning access, aggregation, edge, and core. The networking protocol stack within XR7 can be cut down by two-thirds when the IP transport architecture is simplified. Improvements to XR7 internal architecture have reduced the memory footprint by 35 percent. By reducing code size and the resources required, XR7 can be installed onto even the most constrained hardware designs with full security features without impact to boot times.
Modernizing XR7 with install procedures using standard Linux software package managers has also improved operations. Instead of “one-size-fits-all,” XR7 provides modularity, so customers only load what they will use.
Service providers can easily access new software packages from trusted Cisco Red Hat Package Manager (RPM) repositories. Alternatively, they can build their own repository of both Cisco and custom software packages, which can be fetched for final system configuration without spending time trying to sort out software dependencies. All the required Cisco software packages, home-grown/third-party software packages, and router configurations can be pulled into a single Cisco software image known as a “Golden ISO.” Customized images can now be installed consistently and with confidence across devices in the network.
Cisco IOS XR7 brings an unmatched level of openness for programmability and customization.
IOS XR 7 supports open, model-driven APIs at all layers of the software stack. At the management layer, XR supports a comprehensive list of both native and industry-driven OpenConfig models with multiple encoding (XML and JSON) and transport (gRPC, Netconf) options. The APIs at the management layer allow operators to apply configuration to the device or retrieve the state of the system. The APIs also address advanced traffic engineering use cases, allowing applications to control the route followed by traffic within the network. These APIs can be used independently or combined with other ecosystem abstraction layers such as SONIC or P4Runtime.
IOS XR 7 also supports the OFA (Open Forwarding Abstraction) API, which provides a logical representation of all the forwarding and telemetry capabilities of the underlying hardware. In addition, IOS XR 7 provides a flexible consumption model, allowing third-party application software to run on the device alongside IOS XR to enable customization options for the customer network. With application hosting capabilities, operators can host their own controller agent or custom protocol; use various hosting apps for telemetry collection, traffic engineering, and configuration management; or manage the box like a Linux machine using third-party software such as Chef, Puppet, or Ansible.
Cisco IOS XR 7 is the industry’s most trusted network operating system.
XR7 is the most advanced network operating system for improving the security posture of the router. The Cisco Secure Boot subsystem ensures that the device boot image is genuine and untampered. With advanced signing technology, XR7 can establish software integrity enforcement and measurement. To further enhance the trusted defense posture, multiple runtime defenses within XR7 guard against malicious actors and make exploitation of bugs more difficult. Even if booted securely, a router may run for months or years without rebooting, which could leave vulnerabilities at runtime undetected for a long time. XR7 leverages Integrated Measurement Architecture (IMA) to significantly enhance security by verifying the integrity of running software. In the IMA appraisal mode, signature validations prevent unauthorized images to launch. In the IMA measurement mode, the hashes of all images are logged in a secure location used for verification. Records of run time processes can be sent for analysis, so the operator knows that system software, updates, or patches are running as intended.