Enhanced Aggregation in Broadband Deployment

ACC-2002
8116_05_2003_c2
1
© 2003, Cisco Systems, Inc. All rights reserved.
Enhanced Aggregation in
Broadband Deployment
ACC-2002
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
2
Agenda
• Services for Broadband
Infrastructure
• Reducing Operating
Expense (OPEX)
• Minimizing Downtime
• Reducing Capital
Expenditure (CAPEX)
• Case Study
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
3
Agenda
• Services for Broadband
Infrastructure
• Reducing Operating
Expense (OPEX)
• Minimizing Downtime
• Reducing Capital
Expenditure (CAPEX)
• Case Study
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
4
Aggregation Device in Broadband Network
Last
Mile
Layer 2
Access
Aggregation Backbone/Core
Device
Service
Edge
PSTN
Dial
DSL
DSLAM
ATM Switch
Circuit
Core
ISP
(a, b, c)
Fiber Node
Cable
ATM Core
Access
Ethernet
Distribution
Aironet
802.11
IP Core
Mobile
ACC-2002
8116_05_2003_c2
Corporate
Gateway
(a, b, c)
RAN
© 2003, Cisco Systems, Inc. All rights reserved.
5
Infrastructure for Revenue
Generating Services
•
Profitable service deployment needs proper service
infrastructure
•
Infrastructure on BB Aggregation Router—features
that can be used to deploy revenue generating
Broadband services
•
Some of the infrastructure include:
1.
Dynamic Subscriber Bandwidth Selection (DBS)
2.
Per-user service differentiation
3.
Quality of service
4.
Per-user security
5.
Advertising/Walled Garden
(Service selection/Walled Garden)
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
6
Dynamic Bandwidth Selection (DBS)
• Allows subscribers to change bandwidth dynamically
• Generates AAA accounting records for billing
• Works by changing the ATM VC shaping parameters
• Helps subscriber:
Higher bandwidth for services that need it, when they need it
High bandwidth service (video) at lower overall
subscription cost
• Helps service provider:
Offer financially attractive service to customers
Bill customers for high bandwidth usage
ACC-2002
8116_05_2003_c2
7
© 2003, Cisco Systems, Inc. All rights reserved.
Dynamic Bandwidth Selection
with Web Portal
Personalized
Settings
Personalized
Menu of
Services
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
8
DBS—Basic Operation
AAA
TURBO
Button
256 K
SP
Network
Internet
512
512 K
K
Subscriber
• A subscriber’s RADIUS user-profile contains ATM VC shaping rate
•
User authentication (PPPoEoA or PPPoA):
Downloads the shaping rate (AAA authorization)
Changes subscriber’s VC parameters accordingly
Supports UBR and VBR-nrt VCs
Doesn’t delete and reinstall VC, or bring down PPP session
Layer two; hence no performance impact
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
9
DBS—Configuration—UBR VCs
RADIUS Profile
john Password = "cisco"
avpair="vpdn:tunnel-id=lac",
avpair="vpdn:tunnel-type=l2tp",
avpair="vpdn:l2tp-tunnel-password=lab",
avpair="vpdn:ip-addresses=222.1.1.2",
avpair="atm:peak-cell-rate=256000“
Router Configuration
interface atm0/0/0.1 multipoint
ip address 10.0.0.0 255.255.255.0
range pvc 1/32 1/8031
dbs enable
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
10
DBS—Configuration—VBR VCs
RADIUS Profile
John Password = "cisco"
avpair="vpdn:tunnel-id=lac",
avpair="vpdn:tunnel-type=l2tp",
avpair="vpdn:l2tp-tunnel-password=lab",
avpair="vpdn:ip-addresses=222.1.1.2",
avpair="atm:peak-cell-rate=256000“
avpair=“atm:sustainable-cell-rate=256000”
Router Configuration
interface atm0/0/0.1 multipoint
ip address 10.0.0.0 255.255.255.0
range pvc 0/50 0/70
vbr-nrt 5000 50
dbs enable
ACC-2002
8116_05_2003_c2
11
© 2003, Cisco Systems, Inc. All rights reserved.
DBS Configuration Options
Configuration on VC
Configuration with PVCPVC-in
in--Range
interface ATM0/0/0.5 point-to-point
ip address 172.1.2.3
pvc 0/100
dbs enable
protocol pppoe
interface ATM0/0/0.1 multipoint
range pvc 0/50 0/70
pvc-in-range 60
dbs enable
Configuration on VC Range
Configuration with VC Class
Inheritance
interface ATM0/0/0.1 multipoint
ip address 172.1.2.3
range pvc 0/50 0/70
dbs enable
Configuration on VC Class
vc-class atm pppoe
dbs enable
ACC-2002
8116_05_2003_c2
vc-class atm pppoe
dbs enable
interface ATM0/0/0.5 point-to-point
pvc 0/90
no dbs enable
vbr-nrt 5000 50
class-vc pppoe
protocol pppoe
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
12
DBS Configuration Options
1. No sessions on a VC => PCR/SCR configured
for VC by CLI is used
2. When a session with DBS comes up, the VC’s
SCR/PCR are modified per DBS
RADIUS parameters have precedence over CLI
After all PPPoX sessions on a VC die, PCR/SCR
configured by CLI take effect
3. For VC with multiple PPPoE sessions:
Max SCR/PCR among all sessions are applied to VC
When session with max PCR/SCR dies, next highest
PCR/SCR is used
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
13
DBS—Accounting Records
QoS values applied by DBS for a particular user will be sent to the AAA
server in START/STOP accounting record for that user.
Accounting attributes in a typical record looks like this.
Cisco-Avpair = "peak-cell-rate=155000" [flags = 0x00014000]
Cisco-Avpair = "sustainable-cell-rate=145000" [flags = 0x00014000]
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
14
DBS—Verification
dbs# show atm pvc dbs
VCD / Peak Avg/Min Burst
Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells Sts
1/0.7
3
1 95 PVC MUX
VBR 2000 700
94 UP
More Information on DBS At:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/
products_feature_guide09186a0080110ba8.html
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
15
Hierarchical Policing—QoS at IP Layer
Works with Service Selection Gateway (SSG)
• Per subscriber policing: subscribers upstream
and/or down stream traffic is policed based
on the parameters configured in the
subscriber profile
• Per Service Policing: defined on service profile;
Defines max service traffic for any single
connected subscriber; This is also known
as per-session policing; Used to differentiate
individual flows from a subscriber
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/
122newft/122limit/122b/122b_4/122b4_sg/12b_hier.htm
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
16
Hierarchical Policing—Basic Operation
AAA
TURBO
Button
AAA
SP
Network
256 K
Internet
512
512 K
K
Subscriber
AAA
• Operates the similar way as DBS
• Downloads profile from RADIUS server
• Uses IP Policing instead of ATM CoS
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
17
Hierarchical Policing—Basic Operation
• SSG does not Police the following traffic
DNS traffic
Open Garden traffic
Multicast traffic
Default network traffic
Process switched traffic
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
18
Hierarchical Policing—Configuration
a) To enable per user policing:
[no] ssg qos police user
b) To enable the per session policing.
[no] ssg qos police session
Along with the above commands we need the following parameters in the
RADIUS profile. The QoS parameters are defined using the Q attribute
in the subscriber and service profile.
The syntax of the profile is as given below.
"QU;average rate;normal burst;excess burst;D;average rate;normal
burst;excess burst“
U = Upstream, D=Downstream
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
19
Hierarchical Policing—
Per-User/Per-Service Profile
# Radius Subscriber Profile
cisco Password = "cisco",
Service-Type = Framed-User,
Framed-Protocol = PPP,
Account-Info = "Avideo",
Account-Info = "QU;8000;16000;32000;D;5000000;16000;32000 "
# Radius Service Profile
video Password = "servicecisco", Service-Type = Outbound
Service-Info = "IVideo-on-Demand",
Service-Info = "R172.24.63.0;255.255.255.0",
Service-Info = "MS",
Service-Info = "D171.69.2.133",
Service-Info = "QU;8700;16300;42000;D;5000000;16000;32000 "
•"QU;average rate;normal burst;excess burst;D;average rate;normal burst;excess burst“
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
20
Hierarchical Policing—Verification
ssg-7200>show ssg host 201.168.99.10
------------------------ HostObject Content ----------------------Activated: TRUE
Interface:
User Name: rohit
Host IP: 201.168.99.10
Msg IP: 0.0.0.0 (0)
Host DNS IP: 0.0.0.0
Proxy logon from client IP: 192.168.51.55
NASIP : 192.168.51.55
MSISDN: 14085275678
APN : rad.cisco.com
Maximum Session Timeout: 0 seconds
Host Idle Timeout: 300 seconds
Class Attr: NONE
Qos Upstream Parameters
CIR(bps) = 8000, Normal Burst(bytes) = 4470 Excess Burst(bytes) = 5000
Qos Downstream Parameters
CIR(bps) = 8000, Normal Burst(bytes) = 5000 Excess Burst(bytes) = 5000
User logged on since: *04:21:58.000 PST Tue Oct 9 2001
User last activity at: *05:06:10.000 PST Tue Oct 9 2001
SMTP Forwarding: NO
Initial TCP captivate: NO
TCP Advertisement captivate: NO
Default Service: NONE
DNS Default Service: NONE
Active Services: NONE
AutoService: NONE
Subscribed Services: zap-com; vpdn-l2tp-36; vpn-ipsec -1;
Subscribed Service Groups: iptvqos; video-services;
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
21
Hierarchical Policing—Verification
ssg-7200# show ssg connection 11.0.0.2 video
------------------------ConnectionObject Content ----------------------User Name: rohit
Owner Host: 11.0.0.2
Associated Service: video
Connection State: 0 (UP)
Connection Started since: 12:10:26.000 PDT Thu Oct 10 2002
User last activity at: 12:10:55.000 PDT Thu Oct 10 2002
Connection Traffic Statistics:
Input Bytes = 13205532, Input packets = 9410
Output Bytes = 188469, Output packets = 4709
Qos Upstream Parameters
CIR(bps) = 840000,Normal Burst(bytes) = 32000, Excess Burst(byte s) = 32000
Qos Downstream Parameters
CIR(bps) = 9000000, Normal Burst(bytes) = 32000, Excess Burst(by tes) = 32000
For More Information:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5012/products
_feature_guide_chapter09186a008008773b.html
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
22
Quality of Service
• QoS—major infrastructure for differentiated service
Layer 2 QoS: ATM service class, DBS
Hardware assisted—no performance impact
Per subscriber (per VC) differentiation (not per-session)
Layer 3 QoS
Hardware assist —platform specific
Per session/per subscriber QoS—better flexibility
Major QoS features for Broadband
Classification
Policing
Marking
Queuing
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
23
IP Policing
Most Deployed IP Qos Feature in Broadband
1. Policing rate-limits traffic to specified rate (kbps)
Does not buffer exceeding packets (simply drops)
2. Shaping is similar, but:
It buffers exceeding traffic
Drops packets only when buffer is full
Uses more CPU resource (Vs. policing) due to buffering
3. IP policing is OK for rate-limiting Internet access
Policing shouldn’t drop loss/delay-sensitive
traffic (e.g., voice)
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
24
IP Policing—INET Access
1. Service providers have successfully
deployed policing for INET access (tiered
service)
For bandwidth differentiated tiered service
Allows uniform ATM provisioning across tiers
2. Downstream traffic policing typical
(upstream possible)
3. Policing parameter options:
1. Downloaded from radius
2. Locally defined in virtual template
ACC-2002
8116_05_2003_c2
25
© 2003, Cisco Systems, Inc. All rights reserved.
IP Policing—
CAR Versus MQC Policing
Committed Access
Rate (CAR)
Modular QoS CLI
(MQC) Policing
• Older feature
• Newer Feature
• Can be applied on
• Can be applied on
Interface,
Interface
Virtual template
Virtual template
VC
• Works with CEF only
• Can ‘mark’ with IP precedence • Works with CEF,fast, process
• Marks with IP precedence
or DSCP
• All future QoS development
on MQC
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
26
MQC Policing—Local Configuration
• Local per-session policing configuration
Configured on the virtual template
Uses globally defined QoS policy
• Simplest config: use class-default
(don’t define specific classes unless needed)
policy-map isp1-policy
// defines a policy map
class class-default
// all traffic matches this class
police 256000 32000 64000 conform-action transmit exceed-action drop
!
// 32000 = burst size, 64000= excess burst size
interface Virtual-Template1
ppp authentication chap
….
service-policy output isp1-policy // applies QoS policy above to each VA
interface cloned
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
27
MQC Policing—
Traditional AAA Download
•
•
Policing parameters downloaded via lcp:interface-config AV pair
Only service-policy command is downloaded, the policy itself
should be defined in router config
“virtual-profile AAA” Command is NOT Necessary
policy-map isp1-policy
class class-default
// all traffic matches this class
police 256000 32000 64000 conform-action transmit exceed-action drop
!
// 32000 = burst size, 64000 = excess burst size
interface Virtual-Template1
Affects Ppp Call Rate Due to Parsing of
ppp authentication chap
Downloaded Command String
….
Radius User Profile:
User1 Password = "cisco"
No Spaces Before/after =
Service-Type = Framed,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Cisco-Avpair = "lcp:interface-config=service-policy output isp1-policy"
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
28
MQC Policing—
New Download Configuration
To improve PPP call rate, 12.2(15)B introduces two new cisco VSA's:
• Cisco VSA type 37 -> Upstream policy for subscriber
• Cisco VSA type 38 -> Downstream policy for subscriber
For Merit server, in dictionary following lines need to be added
Cisco.attr
Cisco-Policy-Up
37
string (*, *)
Cisco.attr
Cisco-Policy-Down
38
string (*, *)
Radius user profile specifies the policyname & whether up/downstream
username Password = "cisco"
Service-Type = Framed,
Framed-Protocol = PPP,
Cisco:Cisco-Policy-Down =“isp1-policy“
Policies themselves are defined in router config,
policy-map isp1-policy
class class-default
// all traffic matches this class
police 256000 16000 32000 conform-action transmit exceed-action drop
ACC-2002
8116_05_2003_c2
29
© 2003, Cisco Systems, Inc. All rights reserved.
Quality of Service—
Queuing Configuration
class-map match-any voip
match ip precedence 5
class-map match-any video
match ip precedence 4
!
!
policy-map cbwfq_out_policy
class voip
priority 64
class video
bandwidth 3500
class class-default
bandwidth 128
ACC-2002
8116_05_2003_c2
interface ATM2/0/0.81833 point-to-point
pvc 81/833
vbr-nrt 7680 7680 32
encapsulation aal5snap
pppoe max-sessions 1
service-policy output cbwfq_out_policy
protocol pppoe
!
!
interface ATM2/0/0.81834 point-to-point
pvc 81/834
vbr-nrt 7680 7680 32
encapsulation aal5snap
pppoe max-sessions 1
service-policy output cbwfq_out_policy
protocol pppoe
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
30
Quality of Service—
Performance Impact
• Platforms with hardware assisted QoS:
little performance impact
E.g.: c10K: per session policing on 61500 sessions, with 8
OC-3 ports—no throughput impact with policing vs. without
• Platforms without hardware assisted QoS:
Performance impacted by CPU usage
(memory usage is low)
MQC Policing~30% throughput impact
CAR Policing~20–25% throughput impact
Note: One way policing, no ACL classification
CBWFQ—Higher impact due to queuing overhead
—Depends on # of queues and other factors
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
31
Service Infrastructure—
Per Subscriber Security Services
• Per user security can be
achieved via
Per user ACL
Unicast RPF
• Configured in RADIUS-user
profile—simplifies
subscriber provisioning
• Can be provided by SP
bundled with services
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
32
Per User ACL
Merit RADIUS
chaprtr Password = "chaprtr",
Service -Type = Framed,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254
Cisco:Avpair="ip:route#1=9.9.9.9 255.255.255.255 11.11.11.12"
Cisco:Avpair="ip:route#2=15.15.15.15 255.255.255.255 12.12.12.13"
Cisco:Avpair="ip:route#3=15.15.15.16 255.255.255.255 12.12.12.13"
Cisco:Avpair="ip:inacl#1=permit icmp 1.1.1.0 0.0.0.255 9.9.9.0 0 .0.0.255"
Cisco:Avpair="ip:inacl#2=permit tcp 1.1.1.0 0.0.0.255 15.15.15.0 0.0.0.255"
ACC-2002
8116_05_2003_c2
33
© 2003, Cisco Systems, Inc. All rights reserved.
Unicast Reverse Path Forwarding—uRPF
AAA
AAA
DHCP
Alice
Customer
ACL
Cisco
Aggregator
RPF
Internet
Attack
Mallard
• Verify source IP address to prevent DoS attacks
• Protects subscribers and also Internet
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
34
Unicast Reverse Path Forwarding—uRPF
Routing
Routing Table
Table::
210.210.0.0
210.210.0.0
172.19.0.0
172.19.0.0
via
via 172.19.66.7
172.19.66.7
is
is directly
directly connected,
connected, Fddi
Fddi 2/0/0
2/0/0
CEF
CEF Table:
Table:
210.210.0.0
172.19.66.7
210.210.0.0
172.19.66.7
172.19.0.0
attached
172.19.0.0
attached
Adjacency
Adjacency Table:
Table:
Fddi
Fddi 2/0/0
2/0/0 172.19.66.7
172.19.66.7
Data
IP Header
50000603E…AAAA03000800
50000603E…AAAA03000800
Unicast
RPF
In
Dest Addr: x.x.x.x
Src Addr: 210.210.1.1
Fddi
Fddi 2/0/0
2/0/0
Fddi
Fddi 2/0/0
2/0/0
If OK, RPF
Passed the
Packet to Be
Forwarded
by CEF
Data
IP Header
Out
Drop
RPF Checks to See If the
Source Address’s Reverse
Path Matches the Input Port
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
35
uRPF—Configuration
interface ATM1/0/1.1 multipoint
range pvc 2/32 2/65
encapsulation aal5autoppp Virtual-Template1
!
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool pool1
ppp authentication chap
ip verify unicast source reachable -via rx
!
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
36
RPFC—Verification
Router-3# show cef interface serial 2/0/0
Serial2/0/0 is up (if_number 8)
Internet address is 192.168.10.2/30
Per packet loadbalancing is disabled
IP unicast RPF check is enabled
Router# show ip traffic
…
Drop: 3 encapsulation failed, 0 unresolved, 0 no adjacency
0 no route, 10 unicast RPF, 0 forced drop
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
37
Service Infrastructure
Service Selection with SSG/SESM
• An extensible solution that supports value
added, billable services over any access media
• SSG (Service Selection Gateway)
Cisco IOS component available on edge
aggregation devices
• SESM (Subscriber Edge Services Manager)
Suite of applications working with the SSG
Subscriber and service management for
service providers
• Authentication/billing server
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
38
Service Selection Gateway (SSG)
RADIUS
RADIUS or
or
Directory
Directory
(Sub/services)
(Sub/services)
Subscriber GUI
SESM
SESM
Portals
Service Engine API
OSS
Service
Selection
GUI
control
Control
Service
Service
Selection
Selection
Commands
Commands
Billing
Billing
Service
Service
Activation
Activation
Service 1
Activation
data
Data
Service 2
Access
• SSG—Cisco IOS component (7200, 7301, 7400, 6400, 7600, c10K)
• Allows a subscriber concurrent access to subscribed “Services”
• Service: destination network (ISP, corporation, extranet),
Authentication (PPP, RADIUS proxy, none),
Authorizations (ACLs, session timeouts, policing)
Accounting (accounting destinations)
Pre-Paid (time based access)
Service connection type (routed, proxy, L2TP)
ACC-2002
8116_05_2003_c2
39
© 2003, Cisco Systems, Inc. All rights reserved.
Service Selection Gateway—Logical Model
Cisco IOS-SSG
1.0.0.1
Host
Objects
Connection Per interface
Objects
CEF
Walled Garden
GameNet
1.0.0.2
1.0.0.2
Quake
tihor
Extranet
1.0.0.3
1.0.0.3
jill
Company A
1.0.0.4
guest
1.0.0.4
1.0.0.5
Open Garden
Captive Portal
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Helpdesk
Free Services
40
Service Selection—SESM-Based Portal
Through the Portal, You Can
• Access personalized
service portfolio
• Access multiple services
simultaneously
• Select service security
and quality options
• Advertise your services
• Offer on-demand services
• Accounting and billing on usage
• Select service bandwidth
(Hierarchical Bandwidth Selection)
• Redirect new users to
Captive Portal
• WAP support
• Offer pre-paid services
ACC-2002
8116_05_2003_c2
41
© 2003, Cisco Systems, Inc. All rights reserved.
SSG/SESM Interaction
1. User connects to Access Network
and opens Web browser
2. Redirected to SESM login screen
listing subscribed services
SESM
Login
Screen
3. User may access free, Open
Garden services
SSG
Access
Network
Internet,
E-mail, VPN, etc.
4. To access Authenticated Services,
user must login to the service
5. Billing applies only to
Authenticated Services
AAA Server
Billing System
6. User then free to pass traffic
to the Internet, Web, E-mail,
VPN, etc.
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
42
SSG/SESM-Based Services
• SSG/SESM can be used to provide
Captive Portal
Pre-Paid service
Open Garden (free services)
Walled Garden (premium services)
Hierarchical policing (covered earlier)
Subscriber self-care
Advertising (POP ups)
Location branding (SESM can send different pages
based on connection information—PPP, wireless,
wireless LAN etc.)
ACC-2002
8116_05_2003_c2
43
© 2003, Cisco Systems, Inc. All rights reserved.
SSG/SESM-Based Services—
Captive Portal
• How does the subscriber know the SESM web portal address?
• How does the subscriber know he/she is not logged into a service?
• How does Service Provider send advertisements to subscriber?
Unauthenticated
Subscriber’s Traffic
Redirected to the
Login Page
User Logs in
Only then Can
He/she Access
Authorized Services
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products
_feature_guide_chapter09186a0080110bf0.html#1054227
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
44
SSG/SESM-Based Services—Pre Paid
• Air-time or data-volume based billing
• Connection terminated when quota is
exceeded
• Needs billing server support to maintain
usage on a per subscriber basis
Third party billing/RADIUS servers—MindCTI,
Digiquant, Portal
• Flexible billing allows providers to charge
for any service in any manner
RADIUS
Accounting
Records
Billing
Billing
System
System
RADIUS
RADIUS
Accounting
Accounting
Server
Server
Services
SSG Sends Usage Data to RADIUS via RADIUS Accounting Records
SSG Periodically Gets ‘Remaining Quota’ from RADIUS Server
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/
products_feature_guide_chapter09186a0080110bf8.html#wp1021949
ACC-2002
8116_05_2003_c2
45
© 2003, Cisco Systems, Inc. All rights reserved.
SSG/SESM-Based Services—
Open/Walled Garden
Walled-GARDEN
Walled
-GARDEN
(Authenticated
Services)
Services)
SESM
SSG
SSG
Backbone
• Subscription-Based Access
• Needs Service Log-on
• Radius Accounting
OPEN -GARDEN
(Free Services)
Services – Network or Application Access
Open Garden
•
Open Garden Services are free—subscription or service log-on not needed
•
E.g., flight info, weather, service of the week
•
No RADIUS accounting
•
TCP redirect used to ensure users don’t leave open garden w/o authentication
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/
products_feature_guide_chapter09186a0080110bf3.html#1015329
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
46
SSG/SESM-Based Services—
Hierarchical Policing
• Discussed earlier
• Per user policing, controlled by
user through web interface
http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/
products_feature_guide_chapter09186a0080110bf6.html
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
47
Per-User Service Differentiation
Using AAA
1.
Some per-user parameters are downloaded using
specific VSAs
2.
A few downloaded using lcp:interface config:
QoS parameters: service policy, CAR
Bandwidth: DBS
Security: ACLs, uRPF
Downloading routes
Downloading VRF names
3.
Scalability impact of lcp:interface-config
Commands have to be parsed when calls are brought up
New VSAs to improve scalability of service policy,
VRF name
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
48
Per-User Service Differentiation
Using AAA
• VSAs 37/38 for service policy download
• Allows downloading QoS policy name
from RADIUS server
• Available 12.2(15)B
• Policies are defined locally on the router
• Scales much better than
lcp:interface-config
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
49
Per-User Service Differentiation
Using AAA
VSA Type 37 – Upstream Traffic to Input policy name
peruser_qos_1 Password = "lab"
Service-Type = Framed,
Framed-Protocol = PPP,
Cisco:Cisco-Policy-Up ="policy_class_1_2"
VSA Type 38 – Downstream traffic to Output policy name
peruser_qos_2 Password = "lab"
Service-Type = Framed,
Framed-Protocol = PPP,
Cisco:Cisco-Policy-Down ="policy_class_1_2"
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
50
Per-User Service Differentiation
Using AAA
Scaling for MPLS VPN
New Cisco-AV pair to avoid lcp:interfaceconfig scaling issue
Old Profile:
• Cisco:Cisco-Avpair = "lcp:interface-config=ip vrf forwarding coke"
• Cisco:Cisco-Avpair = "lcp:interface-config=ip unnumbered Loopback 0"
New Profile:
• Cisco:Cisco-Avpair = "ip:vrf-id=coke"
• Cisco:Cisco-Avpair = "ip:ip-unnumbered=Loopback 0"
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
51
Per-User Service Differentiation
Without AAA
• Sometimes subscriber sessions are based on different
virtual templates
• Service differentiation what is configured under the
templates
• PPPoA allows multiple virtual templates allowing such
differentiation
• Difficult with PPPoE—only one virtual template allowed
(one VPDN group)
• BBA Group enables multiple templates for PPPoE
subscribers
No association with VPDN group
Multiple BBA groups can be used instead with PPPoEoA, PPPoEoE
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
52
Per-User Service Differentiation
Without AAA (PPPoE)
Available in 12.2(15)B
bba-group pppoe residential
virtual-template 1
!
interface ATM1/0/0.2 multipoint
range pvc 10/32 10/35
encapsulation aal5snap
protocol pppoe group residential
!
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool pool1
ppp authentication chap
!
ip local pool pool1 12.1.1.1 12.1.1.40
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
53
Summary of Services/Features
• Dynamic bandwidth selection using layer 2
• IP policing per session
• SSG hierarchical policing—most granular
• Per subscriber/session QoS
• Per user ACL
• Unicast RPF check
• Per user service differentiation
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
54
Agenda
• Services for Broadband
Infrastructure
• Reducing OPEX
• Minimizing Downtime
• Reducing CAPEX
• Case Study
ACC-2002
8116_05_2003_c2
55
© 2003, Cisco Systems, Inc. All rights reserved.
OPEX Reduction
Subscriber Provisioning Cost Break Up
5
Customer Premise
Central Office
PC and CPE Configuration
Truck Rolls: 1–3
Duration:
0–7 days
Cost:
$0 (Self Install 85%)
$150 (Truck Roll 15%)
Service Provider
1
Order Entry
Duration:
Cost:
Class 5
Switch
M
D
F
2
Loop Pre-Qual and
Pre-Order Process
Duration:
0–3 days
Cost:
$18
Real-Time
~$5
6
Update Databases
and Commence Billing
Duration:
1–3 Days
Cost:
$13
3
Loop Qual, Conditioning, and
Cross Connection
Duration:
1–3 days
Cost:
$134 (25% lines)
Total Time: 4–24+ Working Days
4
Network Design, Assign
and Provisioning
Duration:
2–8 days
Cost:
$300
PVC Provisioning
$0-200
End-to-End Service Test $100
Total Cost: $136–620 ($395 avg)
Source: Cisco Internal Modeling, Quintessent
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
Auto VC Provisioning
AutoPPP Provisioning
56
OPEX Reduction
Via Broadband Aggregation Router
• Aggregation router has the BB service
intelligence
• It controls large number of subscribers
• Ideal place to start looking for cost
reduction
• A $20/subscriber reduction => $640,000 for
32K subs at an aggregation router
• OPEX can be reduced by reducing
subscriber provisioning efforts:
ACC-2002
8116_05_2003_c2
57
© 2003, Cisco Systems, Inc. All rights reserved.
OPEX Reduction
Subscriber VC Provisioning—The Traditional Way
• Subscriber VC provisioned at
DSLAM
BB aggregation router
Large # of VCs (as many as 8K, 16K, 32K subscribers)
2-3 lines per VC (24000, 48000, 96000 config lines!)
2-3 Config Lines Per Subscriber
> 96000 Lines for 32k Subscribers
ATM
BBA Router
• Increased VC provisioning efforts at BBA router
• Difficulty in managing configuration, trouble shooting
• All configured VCs created at boot-up (whether used or not)
Longer boot time to create VCs
Wasted router resource (for unused VCs)
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
58
OPEX Reduction
VC Range and Auto VC
New Way for VC Provisioning
Add VC Ranges with One Command
ATM
BBA Router
Vcs Are Created Automatically,
on Demand
• VC range command—adds a range of VCs with
one command
• Create on-demand—VCs created automatically
when needed
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
59
OPEX Reduction
VC Range and Auto VC
New Way—Advantages
• VC range: minimizes VC provisioning effort
Single command can create all VCs of an interface
Reduces router config size by orders of magnitude
E.g., for 16000 subs, 3 lines per VC, 5 sets of VC shaping rates:
Old way: 16000 x 3 = 48000 lines
New way: 5 different ranges = 5 lines only!
Smaller config simplifies trouble-shooting
• Create on-demand—VCs are created on demand
Better resource utilization (e.g., memory)
Router boots faster, since VCs not created at boot-up
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
60
OPEX Reduction
VC Range and Auto VC Configurations
New Way
Old Way–2 Lines Per VC
vc-class atm pppoa
vbr-nrt 565 565 190
encapsulation aal5mux ppp Virtual-Template1
!
interface ATM1/0
…..
!
interface ATM1/0.1 multipoint
pvc 4/32
class-vc pppoa
!
pvc 4/33
class-vc pppoa
!
pvc 4/34
class-vc pppoa
!
-- -- -- <8000 VCs, 2 lines for each>
-- -- -interface ATM1/1
-- -- -- <8000 VCs, 2 lines for each>
-- -- --
2 lines per subscriber.
16,000 subscribers => 32000 lines
ACC-2002
8116_05_2003_c2
vc-class atm pppoa
vbr-nrt 565 565 190
encapsulation aal5mux ppp Virtual-Template1
create on-demand
!
Here, It Is Configured in
Be Under
interface ATM1/0
VC-class; Can
…..
VC Range
!
interface ATM1/0.1 multipoint
range pvc 4/32 4/8031
class-range pppoa
interface ATM1/1
…..
!
interface ATM1/1.1 multipoint
range pvc 5/32 5/8031
class-range pppoa
16,000 subscribers => 6 lines !!
61
© 2003, Cisco Systems, Inc. All rights reserved.
OPEX Reduction
VC Range and Auto VC Configurations
Create On-demand Configured Under VC Range
interface ATM1/0
…..
!
interface ATM1/0.1 multipoint
range pvc 4/32 4/65535
create on-demand Not Restricted to 8000
interface ATM1/1
…..
!
Since Vcs Are Created
On Demand: Total
Created Vcs Are
Restricted to 8000 Per
Pa-a6
interface ATM1/1.1 multipoint
range pvc 5/32 5/65535
Configured Under
create on-demand
Range PVC
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
• If VPI/VCI of an
incoming ATM cell
doesn’t match any
existing VC, but falls
within a configured
PVC range, then a
new VC is created
for the VPI/VCI
• (Else the cell is
dropped)
• So when a PPPoX
session is initiated,
the VC is created if it
doesn’t exist
62
OPEX Reduction
VC Range and Auto VC Configurations
VC Learning Without Any VC Range
vc-class atm auto-pppoe
create on-demand
idle-timeout 300 10
interface atm 5/0
class-int auto-pppoe
atm autovc retry 5
VC Removed If No Traffic for Specified Interval;
Ppp Keepalives Will Add Traffic Until Session
Exists, Even Without User Traffic
NO VC Configuration cmd
Under Interface Needed
ACC-2002
8116_05_2003_c2
Minimum Kbps to Consider That VC
Is Carrying Traffic; Default 0
•
If VPI/VCI of an incoming ATM cell doesn’t
match any existing VC, then a new VC is
created for the VPI/VCI
•
Useful, if you don’t know the VP/VC
range in advance
•
Only on Interface
© 2003, Cisco Systems, Inc. All rights reserved.
63
OPEX Reduction
VC Range and Auto VC Configurations
Idle-timeout <timeout-interval> <min-traffic>
• VC is removed if traffic less than <min-traffic> Kbps for
<timeout-interval> seconds
• Defaults: timeout value = 15 mins, min-traffic = 0 Kbps
AutoVC retry:
int atm 2/0
atm autovc retry <retry interval in minutes>
• if the VC can’t be created due to reasons such as max VC
limit reached, the VC is put on a retry queue. It will be put in
listen mode after the retry interval is over. If it gets a cell after
that interval, the VC will be created
• default interval = 1 min
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
64
OPEX Reduction
VC Range and Auto VC Configurations
VC Learning With PPPoA
• PPPoA typically sends confreq packets continuously
– VC can’t time out
• Configure interface pppatm passive under the
interface:
int atm1/0.1
atm pppatm passive
• Router establishes PPPoA session only on request
from a client
• VCs can time out
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
65
OPEX Reduction
Auto VC Verification
Before brining up sessions, verify that the ATM interfaces are up,
but do not have any VC created (due to create on-demand)
p2r1#sh atm vc summ
ATM Interface ATM1/0
Total Number of Vcs:
0
Number of Vcs in UP state:
0
Number of Vcs in DOWN state:
0
Number of Vcs in OAM loopback failed state:
0
Number of PVCs:
0
Number of SVCs:
0
ATM Interface ATM2/0
Total Number of Vcs:
0
Number of Vcs in UP state:
0
Number of Vcs in DOWN state:
0
Number of Vcs in OAM loopback failed state:
0
Number of PVCs:
0
Number of SVCs:
0
p2r1#
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
66
OPEX Reduction
Auto VC Verification
Bring up PPP0X sessions, and verify that VCs are created with
sessions (following example is for 16000 Sessions, 16000 VCs)
p2r1#sh atm vc summ
ATM Interface ATM1/0
Total Number of Vcs:
Number of Vcs in UP state:
Number of Vcs in DOWN state:
Number of Vcs in OAM loopback failed state:
Number of PVCs:
Number of SVCs:
ATM Interface ATM2/0
Total Number of Vcs:
Number of Vcs in UP state:
Number of Vcs in DOWN state:
Number of Vcs in OAM loopback failed state:
Number of PVCs:
Number of SVCs:
p2r1#
ACC-2002
8116_05_2003_c2
8000
8000
0
0
8000
0
8000
8000
0
0
8000
0
© 2003, Cisco Systems, Inc. All rights reserved.
67
OPEX Reduction
Auto PPP
Problem:
• SPs typically deploy CPEs with
PPPoE, or
PPPoA with LLC/SNAP encapsulation, or
PPPoA with VC -MUX encapsulation
• Traditionally, different config for each of the above at the agg. router
• Separate groups of VCs provisioned for PPPoE, PPPoA (SNAP or MUX)
• Inflexible configurations—increases subscriber provisioning efforts
Solution:
• Auto PPP allows one config to work for PPPoX, SNAP or MUX
Automatically detects PPPoX type and encapsulation
Dynamically creates appropriate interfaces
Can be used with Auto VC to reduce subscriber provisioning effort
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
68
OPEX Reduction
Auto PPP—How it Works
• NAS allocates resources for
PPPoA/PPPoE upon configuration
• With PPP Autosense, resources are only
allocated when client initiates a session
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
69
OPEX Reduction
Auto PPP—Configuration
vpdn enable
vpdn-group 1
accept dialin pppoe virtual-template 1
!
interface ATM1/0/1.1 multipoint
range pvc 2/32 2/65
encapsulation aal5autoppp Virtual-Template1
!
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool pool1
ppp authentication chap
!
ip local pool pool1 12.1.1.1 12.1.1.40
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
70
OPEX Reduction
Auto PPP—Verification
Router#show atm pvc 0/40
Router#show vpdn
ATM0/0/0.2: VCD: 1, VPI: 0, VCI:
40
PPPOE Tunnel and Session
UBR, PeakRate: 155000
Session count: 1
AAL5-LLC/SNAP, etype:0x0,
Flags: 0xC20, VCmode: 0x0
PPPoE Session Information
…
Status: UP
PPPOE enabled.
ACC-2002
8116_05_2003_c2
SID RemMAC LocMAC Intf VASt
OIntf VC
1 0010.54db.bc38 0050.7327.5dc3
Vi1 UP AT0/0/0 0/40
© 2003, Cisco Systems, Inc. All rights reserved.
71
OPEX Reduction
Putting it Together
• Configure VC ranges rather than
individual VCs
• Automatic creation of VC on Agg. router
when traffic sensed—Auto VC
• Automatic removal of inactive VCs—
Auto VC
• Flexible config to accept PPPoX sessions
with any enacaps—AutoPPP
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
72
OPEX Reduction
Putting it Together
AutoVC, AutoPPP and VC-Range
bba-group pppoe group1
Range PVC
virtual-template 1
!
interface ATM1/0/0.1 multipoint
atm pppatm passive
AutoPPP
range pvc 1/32 1/7718
encapsulation aal5autoppp Virtual-Template1 group group1
create on-demand
!
!
AutoVC
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool pool1
ppp authentication chap
!
ip local pool pool1 11.1.1.1 11.1.31.7
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
73
Agenda
• Services for Broadband
Infrastructure
• Reducing OPEX
• Minimizing Downtime
• Reducing CAPEX
• Case Study
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
74
Downtime Reduction
• High quality service delivery needs
minimal downtime
High PPPoX call rate brings up sessions faster
after an outage
High availability reduces down time
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
75
Downtime Reduction
High PPP Call Rate
• More and more subscribers are being aggregated
by BBA routers
4K, 8K, 16K, 32K, 60K
• One PPPoX session/subscriber à up to 60K sessions
• Setting up PPPoX sessions at high rates is critical
• Some events may increase heavy subscriber
log-in rate
News of natural disasters
After a failed part of a network is brought up
Aggregation router fails and boots up, or fails-over
• Cisco IOS offers high session setup rate to
alleviate this
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
76
Downtime Reduction
High PPP Call Rate—Config. Tips
• Tips for improving call rate
Use Vendor Specific Attributes (VSAs) instead
of lcp:interface-config in RADIUS profile
PPP hold-queue
Buffer tuning
Full vs. sub virtual-access interface
Interface hold queue
ACC-2002
8116_05_2003_c2
77
© 2003, Cisco Systems, Inc. All rights reserved.
Downtime Reduction
Full vs. Sub Virtual-Access Interface
Full Virtual Access Interface
• Less scalable
• Based on Interface Descriptor Block (IDBs)
• Each interface has an IDB
• Created when services are defined
PPPATM
Virtual -Access3
PPPoE
Virtual -Access1
Vtemp mgr
Virtual -Access2
Sub Virtual Access Interface
• More scalable
• Clone Virtual-Access Sub Interfaces
• Saves memory and processing power
Virtual -Access2.13
10.1.2.3
YES TFTP up
up
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
78
Downtime Reduction
High PPP Call Rate—Config. Tips
• lcp:interface-config in RADIUS profile:
Creates full virtual access interfaces
Reduces call set up rate due to command
line parsing
• Recommendations:
Use specific VSAs where possible e.g.,
service-policy name via VSA 37 and 38
(12.2(15)B)
Use muti VT PPPoE for differentiated per user
attribute
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
79
Downtime Reduction
High PPP Call Rate—Config. Tips
• Buffer tuning
Affects control plane traffic (e.g., PPP call rate)
If high PPP call rate is expected, small and
middle buffer pools needs to be fine tuned for
better call handling (show buffers)
Recommendation—start with:
Small buffer permanent = 5000
Middle buffer permanent = 2000
For data traffic, buffer tuning typically
not needed
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
80
Downtime Reduction
High PPP Call Rate—Config. Tips
Full vs. Sub Virtual-Access Interface
Router# test virtual-template 11 subinterface
Subinterfaces cannot be created using Virtual-Template11
Interface specific commands:
carrier-delay 45
ip rtp priority 2000 2010 500
Full list of commands that will create full virtual-access interfaces
http://www.cisco.com/univercd/cc/td/doc/product/aggr/10000/10kbbfg/scaling.htm#34735
ACC-2002
8116_05_2003_c2
81
© 2003, Cisco Systems, Inc. All rights reserved.
Downtime Reduction
Service Provider
High Availability at the Edge
Network Level
Redundancy
Service Provider
Backbone
Corp A
ISP2
SONET
Corp B
ISP1
Core
System Level
Redundancy
Agg
Customer
Premises
Cable
Cable
Head
Head-End
End
Agg
xDSL
xDSL
DSO-DS3
DSO-DS3
D/C
D/C
Cable
Cable
D/C
Switch
Switch
ISDN
ISDN
Wireless
Wireless
D/C
PCTS
PCTS
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
82
Downtime Reduction
High Availability
High Availability at the Edge Can Be Achieved by
• Hardware redundancy (Cisco Service Path)
Dual power supply
Redundant fan tray
Redundant switch fabric
Redundant route processor
• Hardware and software redundancy
Route Processor Redundancy (RPR)
Route Processor Redundancy + (RPR+)
Non-stop Forwarding/Stateful Switch Over
In Service Software Upgrade (ISSU)
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
83
Downtime Reduction
High Availability—Software Features
• High system availability: Two RPs—if one fails the system
reboots and the other becomes active
• RPR: Two RPs, secondary becomes active without
system reset; Line cards are still reset though
• RPR+: Two RPs, secondary becomes active without
resetting system, and without resetting line cards
• NSF/SSO (Non-Stop Forwarding/Stateful Switch Over)
—Mirrors PPP/routing protocol states so PPP doesn’t
have to be retrained when route processor switch over
Cisco 10000 has RPR+; Sessions have to be renegotiated at RP
switch over
No NSF/SSO yet
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
84
Sample Fail Over Time
5
Time in Minutes
4
SSO/NSF
~ 3–6 sec.
RPR+
14 sec.
(BBA Today)
3
2
RPR
26 sec.
1
HSA
N/A
0
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
85
Downtime Reduction
Putting it Together
• High call setup rate in IOS
• User vendor specific attributes when
possible
• Buffer tuning
• Full vs. sub virtual-access interfaces
• Interface hold queues
• RPR+ for route processor fail over
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
86
Agenda
• Services for Broadband
Infrastructure
• Reducing OPEX
• Minimizing Downtime
• Reducing CAPEX
• Case Study
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
87
Reducing CAPEX
• Additional services on aggregation router
• Increasing scalability of aggregation router
• Increasing performance
of aggregation router
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
88
Reducing CAPEX
Managed LNS
• Wholesale provider uses one LNS for multiple
enterprise customers
• Customer traffic are separated via VRFs
• Cost reduction due to sharing of aggregation
router for multiple customers
ACC-2002
8116_05_2003_c2
89
© 2003, Cisco Systems, Inc. All rights reserved.
Managed LNS
for Wholesale Broadband
AAA
Access
DHCP
xDSL
AAA
VRF
SP
Network
LNS
Customer A
Client
L2TP
DHCP
VRF
Customer B
AAA
Cable
• Deploy virtual (LNS) for each upstream customer
Dial
• Communicate directly with customer AAA without
needing proxy
• Multiple VRFs separate customer traffic without overhead
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
90
Per VRF AAA Cisco IOS Configuration
aaa new-model
!
! [Configure private server parameters]
aaa group server radius monsoon_vpnA
server-private 192.168.2.50 auth-port 1812 acct-port 1813 key cisco
ip vrf forwarding VPN-A
!
[Configure private server parameters]
aaa group server radius bulls_vpnB
server-private 192.168.2.80 auth-port 1812 acct-port 1813 key cisco
ip vrf forwarding VPN-B
!
[Configure AAA for VRF]
aaa authentication login console local
aaa authentication ppp monsoon_vpnA group monsoon_vpnA
aaa authentication ppp bulls_vpnB group bulls_vpnB
aaa authorization commands 1 default none
aaa authorization network method_list_vpna group monsoon_vpnA
aaa authorization network method_list_vpnb group bulls_vpnB
aaa nas port extended
aaa session-id common
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
91
Per VRF AAA Cisco IOS
Configuration (Cont.)
[Configures the interface used to connect to the AAA server]
interface GigabitEthernet2/0/0.1
encapsulation dot1Q 107
ip vrf forwarding VPN-B [Associates the VRF with the interface]
ip address 192.168.8.2 255.255.255.0
!
[Configures the interface used to connect to the AAA server]
interface GigabitEthernet2/0/0.2
encapsulation dot1Q 108
ip vrf forwarding VPN-A [Associates the VRF with the interface]
ip address 192.168.9.2 255.255.255.0
[Configures RADIUS-specific command for the VRF to force
RADIUS to use the IP address of a specified interface for all
outgoing RADIUS packets]
ip radius source-interface GigabitEthernet2/0/0.2 vrf VPN-A
ip radius source-interface GigabitEthernet2/0/0.1 vrf VPN-B
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
92
Managed LNS vs. RA MPLS-VPN
• RA MPLS-VPN requires MPLS support on
aggregator, managed LNS doesn’t
• Both support overlapping IP address
pools, separate routing tables
• Managed LNS can be used to interface
with MPLS PE Router
• VRF assignment done the same way
• Utilities like per-VRF AAA still apply in
both cases
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
93
Minimizing CAPEX
Improve Scalability/Performance
1. Pre-cloning
2. Buffer tuning
3. Interface hold queue
4. Turning off unnecessary services
5. Tuning PPP keepalives
6. Tuning L2TP parameters
7. Full vs. Sub Virtual-Access Interfaces
8. Downloading Cisco AV pairs
9. PPP retry count and interval
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
94
Minimizing CAPEX
Improve Scalability/Performance
Pre-cloning: pre-cloning on 12.2(15)B
• Accelerates your session setup time
• Recommended in 12.2(15)B image, only if full VA
is forced due to specific features, AAA
downloading of per-user params, or manual
override (“no virtual-template subint” in global
config mode)
• Pre-cloning creates full Virtual Access Interfaces
• Not needed if using Virtual Sub-Interfaces
BBA-Router(config)# virtual-template 1 Pre-clone 1000
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
95
Minimizing CAPEX
Improve Scalability/Performance
• Buffer tuning
• Affects control plane traffic (e.g., PPP call rate)
• If high PPP call rate is expected, small and middle buffer
pools needs to be fine tuned for better call handling
• Platform specific
• For 7200, start with
Small buffer permanent = 5000
Middle buffer permanent = 2000
• For Cisco 10000, refer to
http://www.cisco.com/univercd/cc/td/doc/product/aggr/
10000/10kbbfg/scaling.htm#34735
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
96
Minimizing CAPEX
Improve Scalability/Performance
• Interface hold queue:
• Primarily used for process switched/control
plane traffic:
Small hold queue may affect PPP call rate
If GE output TX-ring is full, date packets are temporarily
stored in output hold queue
• Recommendation: GE hold queue:
hold-queue 4096 in
hold-queue 4096 out
• Good practice to tune ATM input queue as well
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
97
Minimizing CAPEX
Improve Scalability/Performance
Turning off Unnecessary services
no ip gratuitous-arps, in global config mode
no virtual-template snmp, in global config mode
Under Virtual-Template interface
int Virtual-Template 1
no logging event link-status // No link up/down messages
no cdp enable // unless globally disabled via “no cdp run”
no snmp trap link-status // No snmp traps on link up/down
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
98
Minimizing CAPEX
Improve Scalability/Performance
• Tuning PPP keepalive setting
Default value (10 secs) => 3200 keepalives/sec
for 32K sessions
Default too low for high session count
Consider increasing to ~60 seconds, if high CPU
Although Cisco IOS automatically sends
fewer keepalives if it detects traffic, 50%
of subscribers may be idle
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
99
Minimizing CAPEX
Improve Scalability/Performance
• L2TP tunnel parameters
Tunnel hello, window size
Tunnel hello interval is reduced dynamically
by Cisco IOS if traffic is detected
Window size: 500 recommended
Router(config)# vpdn-group 1
Router(config-vpdn)# l2tp tunnel receive-window 500
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
100
Minimizing CAPEX
Improve Scalability/Performance
Full vs. Sub Virtual-Access Interfaces
• Some interface specific commands in the virtual
template create full VA
• IP tcp header-compression, carrier-delay <nn>,
IP rtp priority
• To list VTs and check which can’t generate
virtual-sub-interface:
sh vtemp
• To check commands in a VT that prevents
sub-interface creation:
test virtual-template <n> subinterface
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
101
Minimizing CAPEX
Improve Scalability/Performance
• Downloading Cisco AV pairs via
lcp:interface-config
Creates full virtual access interfaces
Reduces call set up rate due to command
line parsing
Recommendation: use specific VSAs where possible:
service-policy name via VSA 37 and 38 (12.2(15)B)
Use bba-group for PPPoE for differentiated
per user attribute configuration on the
virtual-template
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
102
Minimizing CAPEX
Improve Scalability/Performance
• PPP retry count and interval
Change values, if PPP call set up fails due to
timeouts
PPP timeout retry 15
PPP timeout authentication 15
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
103
Minimizing CAPEX
Putting it Together
• Deploy managed LNS on your aggregation devices with
per VRF features
• Tuning your aggregation devices to get better
performance
Pre-Cloning
Buffer tuning
Interface hold queue
Turning off unnecessary services
Tuning PPP keepalives
Tuning L2TP parameters
Full vs. sub virtual-access interfaces
Downloading Cisco AV pairs
PPP retry count and interval
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
104
Agenda
• Services for Broadband
Infrastructure
• Reducing OPEX
• Minimizing Downtime
• Reducing CAPEX
• Case Study
ACC-2002
8116_05_2003_c2
105
© 2003, Cisco Systems, Inc. All rights reserved.
Case Study
Aggregation
Last mile
Make Your
Life Easier
Layer 2
Access
Secure Your
Network—
Per User:
Core
Tune Up
New Services
Your Routers • Managed LNS
•
Auto-VC
•
Buffer Tuning
•
VC-range
•
RPF check
•
Queue tuning
•
AutoPPP
•
DBS
•
Call setup rate
•
Hierarchical
policing
•
IP policing
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
•
Ssg
106
Questions, Comments?
TM
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
107
Please Complete Your
Evaluation Form
Session ACC-2002
ACC-2002
8116_05_2003_c2
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
108
ACC-2002
8116_05_2003_c1
© 2003, Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
Presentation_ID.scr
109