You are on page 1of 14

ISG and NAT Combination on the Cisco ASR 1000

Series Routers
The Intelligent Services Gateway (ISG) and Network Address Translation (NAT) Combination feature aims
to deploy both traditional ISG and NAT functionalities on a single Cisco ASR 1000 Series Aggregation
Services Router. This document describes the integration of ISG Internet Protocol over Ethernet (IPoE)
sessions and IPv4 NAT.

• Finding Feature Information, page 1


• Information About ISG and NAT Combination on the Cisco ASR 1000 Series Routers, page 2
• Best Practices for Configuring the ISG and NAT on the Cisco ASR 1000 Series Routers, page 7
• Configuration Examples for the ISG and NAT Combination on the Cisco ASR 1000 Series Routers,
page 8
• Additional References, page 12
• Feature Information for ISG and NAT Combination on the Cisco ASR 1000 Series Routers, page 13

Finding Feature Information


Your software release may not support all the features documented in this module. For the latest caveats and
feature information, see Bug Search Tool and the release notes for your platform and software release. To
find information about the features documented in this module, and to see a list of the releases in which each
feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
1
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
Information About ISG and NAT Combination on the Cisco ASR 1000 Series Routers

Information About ISG and NAT Combination on the Cisco ASR


1000 Series Routers
Overview of the ISG and NAT Combination on the Cisco ASR 1000 Series
Routers
To understand the impact of combining NAT with the ISG, it is important to understand the logical and
physical interfaces in which the ISG and NAT are configured.
The following figure shows a topology diagram depicting the combining of the ISG and NAT on the Cisco
ASR 1000 Series Aggregation Services Router. Interfaces marked as 1, 2, and 3 are associated with the ISG,
and interfaces marked as 4 and 5 are associated with NAT. The table below describes the various interfaces
associated with this topology.

Figure 1: ISG and NAT Combined Topology

Table 1: Interfaces Associated with ISG and NAT Combined Topology

No. Interface Description


Name
1 Access This interface on the Cisco ASR 1000 Series Routers faces the access network. It receives
interface the traffic from client devices first. This interface can be in virtual routing and forwarding
(VRF), with multiple access interfaces being present in different VRFs.

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
2
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
Call Flow for ISG and NAT Combination on the Cisco ASR 1000 Series Routers

No. Interface Description


Name
2 Uplink or This interface provides connectivity to the service provider's core network, and is
core-facing ultimately the location to which traffic that is bound to the Internet is forwarded.
interface
3 Portal-facing This interface provides connectivity to the service provider's portal. When the Port-Bundle
interface Host Key (PBHK) is deployed, this is known as the port bundle outside interface.
4 NAT inside —
interface
5 NAT outside —
interface

When NAT is combined with the ISG on the same device, the following deployment models are available:
• The ISG access interface configured as a NAT inside interface
• The ISG uplink interface configured as a NAT outside interface

Call Flow for ISG and NAT Combination on the Cisco ASR 1000 Series Routers
The following figure shows the call flow for ISG and NAT combination on a Cisco ASR 1000 Series
Aggregation Services Router.

Figure 2: Call Flow for ISG and NAT Combination on a Cisco ASR 1000 Series Router

The following procedure describes the possible packet flow for traffic coming from a client device:

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
3
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
ISG Port-Bundle Host Key and NAT Considerations

1 A packet with source address 10.0.0.1 and TCP port 32000 is received on the ISG access interface and
the NAT inside interface.
2 The ISG classification is performed first. If an IP session exists for the client 10.0.0.1, all the ISG features
are applied to the packet, as required.
3 If the packet is forwarded to a NAT outside interface and is classified by the applicable NAT Access
Control List (ACL), the NAT function is performed on the packet and a NAT translation for the flow is
created in the Cisco QuantumFlow Processor (QFP), for example, the source address and port are translated
from 10.0.0.1:32000 to 2.2.2.2:4000.
The following procedure describes the possible packet flow for traffic returning to a client device:
1 Packet is received on the ISG uplink interface, which is also the NAT outside interface. The destination
address:port is 2.2.2.2:4000 (as shown in Figure 2: Call Flow for ISG and NAT Combination on a Cisco
ASR 1000 Series Router).
2 NAT is checked first. If the packet matches an active NAT translation in the QFP, the destination
address:port is translated, for example, 2.2.2.2:4000 is translated to 10.0.0.1:32000.
3 IP forwarding table lookup is performed. Because 10.0.0.1 maps to an IPoE session, all the relevant ISG
features can now be applied to the packet.

ISG Port-Bundle Host Key and NAT Considerations


A PBHK is a service, which is applied on the TCP traffic targeted at a service provider's web portal. With the
PBHK, the ISG performs Port Address Translation (PAT) and NAT on the TCP traffic between the subscriber
and the portal. The ISG PBHK feature enables a single portal to be deployed for multiple VRFs even when
there are subscribers with overlapping IP addresses.
The PBHK service should remain applied to the subscriber session during the entire life span of the session
to ensure that the end-user has reachability to the web portal. Removing the PBHK service immediately after
a successful web logon prevents the end user from communicating with the web portal. Therefore, we
recommend that you do not remove PBHK after the Web logon. This service enables subscribers to authenticate
themselves using the service provider's web portal. Because PBHK also performs address translation, avoid
applying both PBHK and NAT to a packet because this may result in unpredictable behavior and is likely to
affect the ability of the subscriber to access the web portal.
The following must be taken into consideration when deploying NAT in combination with the ISG services
that include PBHK:
• The PBHK outside interface must be logically separated from the NAT outside interface. For example,
configuring the PBHK outside interface on a separate VLAN ensures that traffic going to or coming
from the web portal never traverses the NAT outside interface. This is expected to be the typical
deployment scenario.
• If the PBHK outside interface must be the same as the NAT outside interface, ensure that the NAT ACL
does not match any of the packets being sent to the web portal. Therefore, avoid performing NAT on a
packet that is already handled by the PBHK service.

ISG and NAT Scaling Considerations


When combining the ISG with NAT, the main scalability concern is utilization of QFP DRAM. The ISG uses
QFP DRAM to store session-state information and NAT uses QFP DRAM to store translation mappings. As
the number of sessions scaled is higher, the client traffic flows are more, and leads to more NAT.

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
4
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
NAT Overloading and Port Parity

The following are the two types of NAT:


• Traditional NAT
• Carrier Grade NAT (CGN)

We recommend that you configure CGN using the ip nat setting mode cgn command to achieve the maximum
scalability in terms of the total number of translations. CGN does not show the outside entries (destination IP
addresses or port entries) in the NAT table. CGN reduces the amount of QFP DRAM required to store NAT
translations, and enables the platform to scale to a higher number of translations.

Table 2: Sample Carrier Grade Network Address Translation

Protocol Inside Global IP Inside Local IP Outside Local IP Outside Global IP address:port
address:port address:port address:port
TCP 2.2.2.2:4000 10.0.0.1:32000 — —

Depending on the available QFP DRAM, a higher number of sessions or translations can be achieved, as
shown in the following example:

Router# show platform hardware qfp active infrastructure exmem statistics

QFP exmem statistics

Type: Name: DRAM, QFP: 0


Total: 1073741824 #For ESP40 total available memory is 1 GB
InUse: 566236160 #Shows the ESP memory currently in use
Free: 507505664
Lowest free water mark: 507505664
Type: Name: IRAM, QFP: 0
Total: 134217728
InUse: 9028608
Free: 125189120
Lowest free water mark: 125189120
Type: Name: SRAM, QFP: 0
Total: 32768
InUse: 14848
Free: 17920
Lowest free water mark: 17920

The default TCP translations timeout is 2 hour and 4 minutes.


The default UDP translations timeout is 5 minutes.
As soon as the subscriber is disconnected, translations time out depending on the configured or default values.
These default timeout values are considered to be very high and may result in resource exhaustion even at
low levels of session scale if they are not modified.

NAT Overloading and Port Parity


You can preserve the addresses in the global address pool by allowing a device to use one global address for
many local addresses. This type of NAT configuration is called overloading.
When an Interface IP is overloaded for the translations and a single IP address is used for all the expected
translations, a maximum of 60,000 translations can be achieved with this configuration depending on the
traffic ports and the port parity involved. You can use the NAT Pool Overload configuration to achieve
maximum translations.

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
5
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
NAT Interface Overloading with VRF

There is a concept of port parity (even/odd) in NAT and NAT64. If a source port is in the port range of 0 to
1023, it is translated between ports 512 to 1023. If a source port range is more than 1023, it takes ports from
1024 onwards.

NAT Interface Overloading with VRF


The NAT Interface Overloading with VRF scenario assumes that the service provider is only interested in
performing application-specific NAT, for example, the service provider perform NAT only on the DNS
requests from clients and the rest of the traffic will proceed as it is. Therefore, we can use Interface Overloading
instead of a pool. With this, we can have a maximum of 60000 translations per interface, which is deemed
good for the application-specific NAT. Also, the IP sessions and NAT are in a VRF (named
PROVIDER_WIFI_01, in the example below).

Example: Configuring NAT Interface Overloading with VRF


vrf definition PROVIDER_WIFI_01
rd 100:100
address-family ipv4
exit-address-family

interface GigabitEthernet0/0/5.200
description ISG Access interface for WIFI SSID PROVIDERWIFI_01
encapsulation dot1Q 200
vrf forwarding PROVIDER_WIFI_01
ip nat inside # NAT inside interface config
ip address 10.232.0.3 255.248.0.0
service-policy type control default ISP_DEFAULT_RULES
service-policy type control ISP_RULES
ip subscriber l2-connected
initiator unclassified mac-address
arp ignore local

interface GigabitEthernet0/0/0
description Outside Interface
vrf forwarding PROVIDER_WIFI_01
ip address 192.168.66.20 255.255.255.240
ip nat outside #NAT outside interface
negotiation auto
end

interface Loopback100
description PROVIDER_WIFI_NAT source
vrf forwarding PROVIDER_WIFI_01
ip address 107.14.25.215 255.255.255.255

ip access-list extended PROVIDER_WIFI_NAT_ACL


permit udp 10.232.0.0 0.0.255.255 host 4.4.4.4 eq domain
permit udp 10.232.0.0 0.0.255.255 host 3.4.4.4 eq domain

ip nat inside source list PROVIDER_WIFI_NAT_ACL interface Loopback100 vrf PROVIDER_WIFI_01


overload

Note From the client IP range 10.232.0.0/16, the service provider perform NAT only on the traffic for DNS
query (acl PROVIDER_WIFI_NAT_ACL), and the IP address of loopback100 is used for the inside global
address.

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
6
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
Best Practices for Configuring the ISG and NAT on the Cisco ASR 1000 Series Routers

Best Practices for Configuring the ISG and NAT on the Cisco
ASR 1000 Series Routers
The following are the recommended best practices to configure the ISG and NAT on the Cisco ASR 1000
Series Aggregation Services Routers:
• Restriction on the total QFP DRAM usage
At 97 percent DRAM utilization, depletion messages are displayed in the syslog as a warning message
to make the operator aware of low QFP DRAM availability. We recommend that you configure QFP
DRAM CAC in the system to avoid any unexpected behavior. The Call Admission Control (CAC)
functionality ensures that new subscriber sessions cannot be established when QFP DRAM utilization
exceeds the configured threshold.
The configuration example below demonstrates configuration of a QFP DRAM threshold set to 95
percent:
platform subscriber cac mem qfp 95.
• Set the maximum limit for total number of NAT translations:
◦ESP40: ip nat translation max-entries 1000000
◦ESP100: ip nat translation max-entries 4000000

• The ip nat translation max-entries all-host command can be used in scenarios where the Cisco ASR
1000 Series Router acting as ISG, performs NAT on all or most of the subscriber traffic. This helps the
operator to prevent a single host from occupying the entire translation table, while allowing a reasonable
upper limit to each host.
• The maximum number of translations per host can be configured using either of these ways:
◦Configuring the same number of maximum translation entries for all the subscribers using the
following command:
ip nat translation max-entries all-host maximum number of NAT entries for each host
◦Configuring the maximum translation entries for a given subscriber using the following command:
ip nat translation max-entries host ip-address [per-host NAT entry limit]

• Ensure that you keep the translations timeout low, around 2 minutes for TCP, and 1 minute for UDP
translations:
◦ip nat translation timeout 120
◦ip nat translation tcp-timeout 120
◦ip nat translation udp-timeout 60

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
7
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
Configuration Examples for the ISG and NAT Combination on the Cisco ASR 1000 Series Routers

Configuration Examples for the ISG and NAT Combination on


the Cisco ASR 1000 Series Routers
Example: Configuring Authentication, Authorization, and Accounting
aaa new-model
!
!
aaa group server radius AAA_SERVER1
server-private 99.0.7.10 auth-port 1812 acct-port 1813 key cisco
!
aaa authentication login default none
aaa authentication login WEB_LOGON group AAA_SERVER1
aaa authorization network ISG_PROXY_LIST group AAA_SERVER1
aaa authorization network ISG_PROXY_LIST_INVALID group AAA_SERVER_INVALID
aaa authorization subscriber-service default local group AAA_SERVER1
aaa accounting network ISG_PROXY_LIST start-stop group AAA_SERVER1
aaa accounting network ACCT_SERVER
action-type start-stop
group AAA_SERVER1
!
aaa server radius dynamic-author
client 99.0.7.10 server-key cisco
auth-type any
ignore server-key
!
aaa session-id common
aaa policy interface-config allow-subinterface
clock timezone EDT -4 0
!
subscriber templating
!
redundancy
mode sso
!
!

Example: Configuring Class Maps for ISG-Specific Services


class-map type traffic match-any TC_L4R
match access-group input name acl_in_l4r
!
class-map type traffic match-any TC_POSTPAID
match access-group output name POSTPAID_ACL_OUT
match access-group input name POSTPAID_ACL_IN
!
class-map type traffic match-any TC_INTERNET
match access-group output name ACL_OUT_INTERNET
match access-group input name ACL_IN_INTERNET
!
class-map type traffic match-any EMPTY_TC
!
class-map type traffic match-any TC_OPENGARDEN
match access-group input name acl_in_opengarden
match access-group output name acl_out_opengarden
!
class-map type control match-all ISP_TAL_USER
class type control name ISP_TAL_MATCH
match transitioned-from-default no

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
8
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
Example: Configuring Class Maps to Include Subscriber Traffic

!
!

Example: Configuring Class Maps to Include Subscriber Traffic


class-map type control match-any ISP_TAL_MATCH
match source-ip-address 191.0.0.0 255.0.0.0
match source-ip-address 192.0.0.0 255.0.0.0
match source-ip-address 193.0.0.0 255.0.0.0
!
policy-map type service OPENGARDEN_SERVICE
10 class type traffic TC_OPENGARDEN
!
class type traffic default in-out
drop
!
!
policy-map type service NO_SERVICE
20 class type traffic EMPTY_TC
!
class type traffic default in-out
drop
!
!
!

Example: Configuring Internet Service


policy-map type service INTERNET_SERVICE
20 class type traffic TC_INTERNET
accounting aaa list ACCT_SERVER
police input 6000000 6000000 6000000
police output 6000000 6000000 6000000
!
class type traffic default in-out
drop
!
!
!

Example: Configuring Postpaid Service


policy-map type service POSTPAID_SERVICE
10 class type traffic TC_POSTPAID
accounting aaa list ACCT_SERVER
police input 7000000 7000000 7000000
police output 7000000 7000000 7000000
!
class type traffic default in-out
drop
!
!
policy-map type service L4REDIRECT_SERVICE
10 class type traffic TC_L4R
redirect to ip 99.0.7.10
!
class type traffic default in-out
drop
!
!
!

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
9
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
Example: Configuring ISG Control Policy for Full and Lite Sessions

Example: Configuring ISG Control Policy for Full and Lite Sessions
policy-map type control ISG_NAT_CONTROL_DEFAULT
class type control ISP_TAL_MATCH event session-start
10 default-exit
!
class type control always event session-start
10 service-policy type service name NO_SERVICE
!
!
policy-map type control ISG_NAT_CONTROL
class type control ISP_TAL_USER event session-start
20 service-policy type service name INTERNET_SERVICE
30 service-policy type service name POSTPAID_SERVICE
40 authorize aaa list ISG_PROXY_LIST_INVALID password lab1 identifier mac-address
50 service-policy type service name L4REDIRECT_SERVICE
90 default-apply
!
class type control always event service-stop
1 service-policy type service unapply identifier service-name
!
class type control always event account-logon
10 authenticate aaa list WEB_LOGON
20 service-policy type service unapply name L4REDIRECT_SERVICE
30 service-policy type service name INTERNET_SERVICE
40 service-policy type service name POSTPAID_SERVICE
!
!
interface GigabitEthernet0/0/1
ip address 99.0.7.11 255.255.0.0
negotiation auto
!
interface GigabitEthernet0/0/2
description To N2X connection 802/3
ip address 191.0.0.1 255.0.0.0
ip nat inside # NAT inside interface
negotiation auto
service-policy type control default ISG_NAT_CONTROL_DEFAULT
service-policy type control ISG_NAT_CONTROL
ip subscriber l2-connected
initiator unclassified mac-address
!
interface GigabitEthernet0/0/3
description To N2X connection 802/2
ip address 192.0.0.1 255.0.0.0
ip nat inside # NAT inside interface
negotiation auto
service-policy type control default ISG_NAT_CONTROL_DEFAULT
service-policy type control ISG_NAT_CONTROL
ip subscriber l2-connected
initiator unclassified mac-address
!
!
interface GigabitEthernet0/3/0
description To N2X connection 201/1
ip address 193.0.0.1 255.0.0.0
ip nat inside # NAT inside interface
negotiation auto
service-policy type control default ISG_NAT_CONTROL_DEFAULT
service-policy type control ISG_NAT_CONTROL
ip subscriber l2-connected
initiator unclassified mac-address
!
interface GigabitEthernet0/3/4
description To N2X connection 803/3
ip address 194.0.0.1 255.0.0.0
ip nat outside #NAT outside interface
negotiation auto
!

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
10
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
Example: Configuring Network Address Translation

!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 5.28.8.15 255.255.0.0
negotiation auto
!
ip default-gateway 5.28.0.1
!

Example: Configuring Network Address Translation


ip nat settings mode cgn # nat cgn configuration command
no ip nat settings support mapping outside
ip nat translation max-entries 1000000
ip nat pool pool1 1.0.0.1 1.0.255.254 netmask 255.255.0.0
ip nat pool pool2 2.0.0.1 2.0.255.254 netmask 255.255.0.0
ip nat pool pool3 3.0.0.1 3.0.255.254 netmask 255.255.0.0
ip nat inside source list 1 pool pool1 overload
ip nat inside source list 2 pool pool2 overload
ip nat inside source list 3 pool pool3 overload
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 5.28.0.0 255.255.0.0 5.28.0.1
ip route vrf Mgmt-intf 5.28.0.0 255.255.0.0 5.28.0.1
ip route vrf Mgmt-intf 223.0.0.0 255.0.0.0 5.28.0.1
!
!

Example: Configuring ISG ACLs to Match Subscriber Traffic


ip access-list extended ACL_IN_INTERNET
permit udp any any
ip access-list extended ACL_OUT_INTERNET
permit udp any any
ip access-list extended POSTPAID_ACL_IN
permit udp any any
ip access-list extended POSTPAID_ACL_OUT
permit udp any any
ip access-list extended acl_in_l4r
permit udp any any
ip access-list extended acl_in_opengarden
permit udp any eq 5555 any
ip access-list extended acl_out_opengarden
permit udp any eq 5555 any
!

Example: Configuring NAT ACLs


access-list 1 permit 191.0.0.0 0.255.255.255
access-list 2 permit 192.0.0.0 0.255.255.255
access-list 3 permit 193.0.0.0 0.255.255.255
!
!
!
radius-server attribute 44 include-in-access-req default-vrf
radius-server attribute 6 on-for-login-auth
radius-server attribute 8 include-in-access-req
radius-server attribute 32 include-in-access-req
radius-server attribute 32 include-in-accounting-req

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
11
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
Additional References

radius-server attribute 55 include-in-acct-req


radius-server attribute 55 access-request include
radius-server throttle accounting 300
!
!
control-plane
!
call admission new-model
call admission limit 4000
call admission cpu-limit 80
call admission ip 10 1
!
alias exec pingv ping vrf Mgmt-intf
!

Additional References
Related Documents

Related Topic Document Title


ISG commands Cisco IOS Intelligent Services Gateway Command
Reference

Carrier Grade Network Address Translation IP Addressing: NAT Configuration Guide, Cisco IOS
XE Release 3S (ASR 1000)

MIBs

MIB MIBs Link


No new or modified MIBs are supported by this To locate and download MIBs for selected platforms,
feature. Cisco software releases, and feature sets, use Cisco
MIB Locator found at the following URL:
http://www.cisco.com/go/mibs

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
12
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
Feature Information for ISG and NAT Combination on the Cisco ASR 1000 Series Routers

Technical Assistance

Description Link
The Cisco Support website provides extensive online http://www.cisco.com/public/support/tac/home.shtml
resources, including documentation and tools for
troubleshooting and resolving technical issues with
Cisco products and technologies.
To receive security and technical information about
your products, you can subscribe to various services,
such as the Product Alert Tool (accessed from Field
Notices), the Cisco Technical Services Newsletter,
and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website
requires a Cisco.com user ID and password.

Feature Information for ISG and NAT Combination on the Cisco


ASR 1000 Series Routers
The following table provides release information about the feature or features described in this module. This
table lists only the software release that introduced support for a given feature in a given software release
train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support.
To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 3: Feature Information for ISG and NAT Combination on the Cisco ASR 1000 Series Routers

Feature Name Releases Feature Information


ISG and NAT Combination on the Cisco IOS XE Release 3.12S In Cisco IOS XE Release 3.12S,
Cisco ASR 1000 Series Routers this feature was implemented on
the Cisco ASR 1000 Series
Aggregation Services Routers.

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
13
ISG and NAT Combination on the Cisco ASR 1000 Series Routers
Feature Information for ISG and NAT Combination on the Cisco ASR 1000 Series Routers

Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
14

You might also like