Professional Documents
Culture Documents
Well get started a few minutes past the top of the hour.
Note: you may not hear any audio until we get started.
2010 Cisco and/or its affiliates. All rights reserved. 1
Speakers
Amrit Hanspal
Product Manager
Panelists
Samer Salam
Principal Engineer
ahanspal@cisco.com
ssalam@cisco.com
Jose Liste
Technical Marketing Engineer jliste@cisco.com
S. Akshaya Kumar
Technical Marketing Engineer sakskuma@cisco.com
Cisco Confidential
Panelists
Audio Broadcast
Please fill in Survey at end of event Join us on November 2 for our next IOS Advantage
Cisco Confidential
positioned in a SP network
Understand the motivation to evolve from Carrier Ethernet
Cisco Confidential
Converging paths
Evolution of Session based offerings Evolution of Carrier Ethernet Services
Cisco Confidential
What is DESA?
Cisco Confidential
DESA
Ethernet infrastructure with programmatic interface Intelligent Service Management engine Power of dynamic subscriber management from ISG to automate provisioning of
Automated, customized Ethernet service provisioning infrastructure that saves Competitive advantage Industry first, Cisco only capability Available on Cisco 7600 today
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Corporate
Last Mile
CMTS,DSLAM
Aggregation Network
Ethernet
Core Network
BNG/MSE
Cable/DSL/PON
Residential
IP/MPLS
IP/MPLS
Broadband Session (PPP/IP) based subscriber offering, driven by AAA/ISG policy. Targets Residential
SP Edge Services Layer 2/3 based offering providing routing overlay or shared services. Targets Corporate
Carrier Ethernet (Access) Ethernet Services with Pseudowire (or VPLS) and DESA accounting/provisioning
Bottom Line: There is a strong correlation between Carrier Ethernet, SP Edge & Broadband
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
BRAS
Identity/ Policy
AAA
AAA/ ISG
AAA/ ISG
AAA/ ISG
Session
PPPoE
IP
EVC
Network Access
Serial, ATM
Ethernet
Ethernet
Ethernet/ EoMPLS
Cisco Confidential
Access
IP, PPP(PPPoE, PPPoA), Tunnel Termination, Interfaces, Ports, Mobile Wireless, Ethernet, WLAN
ISG
Per-Session Features, Forwarding/Routing, Accounting, Firewalls, QoS Identification, Authentication, Authorization, Single Sign On
Services
Identity
Cisco Confidential
10
Access
Services
Identity
Mobile
RAN
Wireless
Fiber Node
Common Generic Session Type Created at first sign of subscriber activity Common context on which session-services/policies are activated Inherent Part of the Network Operating System FSOL/Initiator - Layer 2 or Layer 3; Unclassified, DHCP, Radius
Cable
Dial
Access Ethernet Distribution
DSL
Cable
Ethernet
802.11
Future
PSTN Dial
Cisco Confidential
11
Identity
Access
Services
Identity
Multidimensional Identity <MAC, DHCP Option 82, VLAN ID, VRF-ID, CLID, Source IP, PBHK, NAS-Port, SessionID, Ascend Server Key, GUID, domain name, username >
Internet
Cisco Confidential
12
Access
Services
Services Identity
A Service is a group of 1 or more features A Feature is just any feature supported by IOS
Keepalives
Routing/Forwarding
VRF Transfer
Traffic Class
Control Policy
Service Profile
QoS
Cisco Confidential
13
Service Abstraction
Flexible Mapping
EVC
Multiplexing
Standards
Cisco Confidential
14
Service Abstraction
Flexible Mapping
Multiplexing
Standards
VLAN Bridge
VLAN
Traffic Flows
EVC Bridge
VLAN
Key Benefits: Provides Local VLAN significance to scale Ethernet remove limitation of 4094 VLANs per device Provides Service Providers the ability to model Ethernet Services including EVC/UNI attributes
Service Instances
Bridge Domains
Cisco Confidential
15
Service Abstraction
Flexible Mapping
Multiplexing
Standards
Service Instances
Untagged Ethernet
Provides a create richer services with advanced VLAN tag manipulation (Push, Pull, Translate, Rewrite)
Cisco Confidential
16
Service Abstraction
Flexible Mapping
Multiplexing
Standards
Key Benefits:
Provides the ability to build richer service offering with concurrent support of Layer 2 services e.g. Point-toPoint, Multi-point Provides the flexibility to offer a combination of Layer 2 and Layer 3 services on same physical port e.g. Service Instance to IP VPN,
SVI
PW
BD
VFI
PW
Split Horizon
Service Instances
Physical Interfaces
Legend BD = Bridge Domain VFI = Virtual Fwd Instance PW = Pseudowire SVI = Switch Virtual Instance
Cisco Confidential 17
Service Abstraction
Flexible Mapping
Multiplexing
Standards
Standards Organization
Description
Q-in-Q/Provider Bridging - Outer S-VLAN (service), Inner C-VLAN (customer) Provider Backbone Bridges (PBB) with Service Instances
MEF 4
MEF 6 Metro Ethernet Forum (MEF) MEF 10 MEF 11 Internet Engineering Task Force (IETF) rfc4447 rfc4762/4761
Cisco Confidential
18
OAM Subsystem
AAA, DHCP, DNS Policy, Inventory, Billing EMS, NMS Service/Performance Mgmt
Subscriber
Residential
Access
Cable/CMTS
Aggregation Network
Edge
Core Network
Agg Switch
MPLS/IP network
Cell Phones
Mobility
19
Dynamic L2 Services
Enable EVC Flexible Ethernet encapsulations to support existing ISG IP sessions Service is Layer 3, Ethernet is the Transport
Enable ISG policy plane to control EVC Ethernet Flow Point access and transport policies Ethernet is the Service
Cisco Confidential
20
1.
2.
First L2-traffic triggers RADIUS request to activate services L2 Service profile applied (ACLs, QOS, Pseudowire, etc.) Activates billing and inventory functions Customer changes profile dynamically ondemand
CPE
1
Self-care
5
RADIUS Accounting
3.
4 2
L2-Session L2-Session Dynamic Pseudowire DESA
4. 5.
Cisco Confidential
21
What are the key business applications/drivers for using Ethernet services? (Check all that apply)
Data Center Interconnect Branch WAN connectivity Mobile Backhaul Internet access /L3VPN traffic backhaul (CE-PE) Other
Which existing services do you already offer today? (Check all that apply)
Layer 3 MPLS/IP VPNs
Layer 2 offerings
Residential Broadband wireline Public Wireless LAN offerings Other (Please specify)
Cisco Confidential
22
Cisco Confidential
23
ISG Infrastructure
Automates service provisioning
EVC Infrastructure
Provides flexible, next-generation Ethernet infrastructure
L2VPN Infrastructure
Provides transport over MPLS network
Cisco Confidential
24
Cisco Confidential
25
Subscriber Policy Layer AAA Server Policy Server Web Portal DHCP Server
Cisco Intelligent Services Gateway (ISG) is a licensed feature set on Cisco IOS that provides Session Management and Policy Management services to a variety of access networks
ISG
ISG
So focal, that the entire device is often referred as an: Intelligent Services Gateway router or simply The ISG
Cisco Confidential
26
ISG Session
Sessions Supported:
Dynamically Created Sessions: PPP sessions IP sessions NEW with DESA IP Subnet sessions Ethernet sessions
Authentication Initiation
Session
Termination
Cisco Confidential
27
ISG Session
Subscriber Policy Layer DHCP Web Policy AAA Server Portal Server Server
Subscriber Policy Layer DHCP Web Policy AAA Server Portal Server Server
RADIUS Acc-req
RADIUS Acc-accept
Internet/Core
Policy PULL
RADIUS Extensions (RFC 3576) and XML based (SGI*) Open Interfaces, for dynamic, administrator or subscriber Policy PUSH driven, session and service management functions
2010 Cisco and/or its affiliates. All rights reserved.
30
Cisco Confidential
31
Cisco Confidential
32
EFPs on Interface
Match VLAN: 14
100 101
service-instances
Support dot1q and Q-in-Q Support VLAN lists Support VLAN ranges
102
300,100
Ranges combined
Coexist with routed
Match outer VLAN 400, inner VLAN range: 1-3 Match outer 400, inner VLAN list: 11,17,34
Cisco Confidential 33
subinterfaces
400,11
400,17 400,34
DA SA
DA SA 25 31
DA SA 10 20
DA SA 20
DA SA 10 20
DA SA
DA SA 10
DA SA 25
DA SA 10
DA SA 25 31
DA SA 10 20
DA SA 31
DA SA 10 20
DA SA 25 31
Cisco Confidential
34
Multiplexed Service
Interface
Mix of L2 and L3
PW
BD BD
VFI
PW PW
L2 services
Point-to-Point Multipoint
BD
Service Instances
2010 Cisco and/or its affiliates. All rights reserved.
SVI/BDI
BD = Bridge Domain VFI = Virtual Fwd Instance PW = Pseudowire SVI = Switch Virtual Instance BDI = Bridge Domain Interface
Cisco Confidential 35
Logical Layer 3 interface associated with a BD to perform integrated routing and bridging
Cisco Confidential
36
DESA enables ISG policy plane to control EVC Ethernet Flow Point access and transport policies
L3
Routing
EoMPLS PW
FSOL
Unclassified vlan traffic; e.g.: PPPoE discovery DHCP opt 82/60 ARP broadcast
Bridging
FSOL
LDP VC Label adv.
X
P2P local connect
Bridging
Multipoint bridging
Call Flows
Cisco Confidential
38
Aggregation Node
MPLS / IP
Distribution Node
Ethernet NNI
DESA ISG
MPLS / IP
MPLS
Dynamic service instance with rewrite, QoS, ACL on UNI-AGG Static sub-interface (dot1q or Q-in-Q) with ISG session or PPPoE
Cisco Confidential
39
Potential points for Accounting Session-based accounting (per service) Efficient Access Network Large Scale Aggregation Network Intelligent Services Edge Multiservice Core Network
Aggregation Node
MPLS / IP
Distribution Node
Ethernet NNI
Retailer X Retailer Y
DESA
DESA DESA
MPLS / IP
MPLS
FSOL: Unclassified VLAN Dynamic service instance with rewrite, CFM, QoS, ACL on NNIBNG/MSE E-LINE
Dynamic EoMPLS PW (xconnect under Dynamic service instance) w/ peer IP addr & VC-ID determined via RADIUS Dynamic bridge domain (under dynamic service instance) w/ static SVI configured with xconnect to a static l2vfi (with or w/o BGP autodiscovery) 40 Cisco Confidential
Dynamic service instance with rewrite, QoS, CFM, ACL on UNIAGG Dynamic EoMPLS PW (xconnect under Dynamic service instance) w/ Distribution node IP addr & VC-ID determined via RADIUS
2010 Cisco and/or its affiliates. All rights reserved.
Dynamic EoMPLS PW (xconnect under Dynamic service instance) w/ Aggregation node IP addr & VC-ID determined via RADIUS
E-LAN
Potential points for Accounting Session-based accounting (per service) Efficient Access Network Large Scale Aggregation Network
Potential Accounting Points Session level accounting (per subscriber) Intelligent Services Edge Multiservice Core Network
Aggregation Node
MPLS / IP
Distribution Node
Ethernet NNI
Retailer X Retailer Y
DESA
DESA
ISG / DESA
MPLS / IP
MPLS
FSOL: PPPoE, DHCP, Unclassified MAC FSOL: Unclassified VLAN Static sub-interface (dot1q or Q-in-Q) with ISG IP or PPPoE session Dynamic service instance with dynamic BD & static SVI configured with IP VRF
Cisco Confidential 41
Dynamic service instance with rewrite, QoS, CFM, ACL on UNIAGG Dynamic EoMPLS PW (xconnect under Dynamic service instance) w/ Distribution node IP addr & VC-ID determined via RADIUS
2010 Cisco and/or its affiliates. All rights reserved.
Dynamic EoMPLS PW (xconnect under Dynamic service instance) w/ Aggregation node IP addr & VC-ID determined via RADIUS Dynamic service instance with rewrite, QoS, CFM, ACL on NNI-DIST
Cisco Confidential
42
Bridged Services
EVC Profile
EVC attributes (e.g. UNI count, OAM Interworking parameters)
CFM MA Profile
CFM Maintenance Association attributes (e.g. ShortMA name, direction, CCM parameters)
MAC-Tunnel Profile
MAC-Tunnel attributes (e.g. ID, description, B-tag VID, B-mac)
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
EVC Profile
EVC attributes (e.g. UNI count, OAM Interworking parameters)
CFM MA Profile
CFM Maintenance Association attributes (e.g. ShortMA name, direction, CCM parameters)
Cisco Confidential
45
Accounting supported for the following: Dynamic and Static Ethernet sessions at session-start time Dynamic and Static Ethernet sessions via RADIUS CoA Per-session accounting support at FCS
Cisco Confidential
46
Accounting-Request: Acct-Status-Type = start Accounting-Response Accounting-Request: Acct-Status-Type = interim-update Accounting-Response Interim-update Interim-update
Session-Idle timeout event posted
Interim-update
Accounting-Request: Acct-Status-Type = stop Accounting-Response 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
47
CoA Request Service Activate service: <sample_service_profile> Access-Request: service: <sample_service_profile> Access-Accept: <sample_service_profile> definition Including Accounting VSA
Cisco Confidential
48
Does your company have plans to implement any of the following? (Check all
that apply):
Low-touch / Dynamic Layer 2 (Ethernet) services to Enterprise, Mobile Backhaul or Retail SP customers
What do you expect your companys timeframe for deploying Dynamic Ethernet
Cisco Confidential
49
What do you think would be the most relevant First Sign of Life (FSOL) types
Cisco Confidential
50
Cisco Confidential
51
Access-Request: username (authorization keys) Access-Accept: User Profile definition (basic EFP config) Service Profile(s) (e.g. BD, 802.1ah, L2VPN VPWS, CFM)
Session-start event posted
Access-Request(s): service: <sample_service_profile> Access-Accept(s): <sample_service_profile> definition(s) Access-Request: Peer IP Service Profile Access-Accept: Peer IP Profile definition Service Profile(s)
PW establishment phase
Pseudowire ARP Request
2010 Cisco and/or its affiliates. All rights reserved.
ARP Reply
Cisco Confidential
52
PE1
L2VPN VPWS
Loopback0 101.101.101.101
Loopback0 102.102.102.102
PE2
L2VPN VPWS
l2 subscriber authorization group atom_test1 service-policy type control atom_rule1 peer network 101.101.101.101 255.255.0.0 1 4294967295
l2 subscriber authorization group atom_test1 service-policy type control atom_rule1 peer network 102.102.102.102 255.255.0.0 1 4294967295
L2 Context
RouterA#show running-config interface gig2/3 interface GigabitEthernet2/3 service instance dynamic 90 ethernet description L2 context for single-tag FSOL encapsulation dot1q 1000-2000 ethernet subscriber initiator unclassified vlan service-policy type control DYNAMIC_EVC *
L2 Context
RouterB#show running-config interface gig2/4 interface GigabitEthernet2/4 service instance dynamic 90 ethernet description L2 context for single-tag FSOL
53
RouterA#sh run | beg DYNAMIC_EVC policy-map type control DYNAMIC_EVC class type control always event session-start 10 authorize identifier hostname plus nas-port plus stag-vlan-id ! !
RouterB#sh run | beg DYNAMIC_EVC policy-map type control DYNAMIC_EVC class type control always event session-start 10 authorize identifier hostname plus nas-port plus stag-vlan-id ! !
Cisco Confidential
54
PE1
Loopback0 101.101.101.101
Loopback0 102.102.102.102
PE2
User Profile (Username: RouterA:nas-port:2/0/3/0:1000) Cisco-AVPair = subscriber:sss-service=vpws Cisco-AVPair = l2vpn:redundancy-group=1 Cisco-AVPair = l2vpn:service-id=pe1_vpws_pw_customer1 Cisco-AVPair = ethernet-service-instance:service-instance-description=Dynamic customer 1 Cisco-AVPair = ethernet-service-instance:stag-vlan-id=1000 Cisco-AVPair = ethernet-service-instance:rewrite-ingress=1 Cisco-AVPair = ethernet-service-instance:rewrite-ingress-tag-operation=Pop1 Cisco-AVPair = ethernet-service-instance:rewrite-ingress-symmetric=TRUE
User Profile (Username: RouterB:nas-port:2/0/4/0:1000) Cisco-AVPair = subscriber:sss-service=vpws Cisco-AVPair = l2vpn:redundancy-group=1 Cisco-AVPair = l2vpn:service-id=pe2_vpws_pw_customer1 Cisco-AVPair = ethernet-service-instance:service-instance-description=Dynamic customer 1 Cisco-AVPair = ethernet-service-instance:stag-vlan-id=1000 Cisco-AVPair = ethernet-service-instance:rewrite-ingress=1 Cisco-AVPair = ethernet-service-instance:rewrite-ingress-tag-operation=Pop1 Cisco-AVPair = ethernet-service-instance:rewrite-ingress-symmetric=TRUE
L2VPN Profile (Username: pe1_vpws_pw_customer1) Cisco-AVPair = l2vpn:member=ethernet-service-instance:Gi2/3 -stag-type:0x8100 stag-vlan-id:1000 Cisco-AVPair = l2vpn:member=pseudowire:peer-ip:102.102.102.102:vc-id:111111
L2VPN Profile (Username: pe2_vpws_pw_customer1) Cisco-AVPair = l2vpn:member=ethernet-service-instance:Gi2/4 -stag-type:0x8100 stag-vlan-id:1000 Cisco-AVPair = l2vpn:member=pseudowire:peer-ip:101.101.101.101:vc-id:111111
RADIUS Profile Peer IP Profile (Username: peer-ip:102.102.102.102:vc-id:111111) Cisco-AVPair = l2vpn:vcid=111111 Cisco-AVPair = l2vpn:service-id=pe1_vpws_pw_customer1 Cisco-AVPair = subscriber:sss-service=vpws Cisco-AVPair = l2vpn:redundancy-group=2 Cisco-AVPair = l2vpn:pw-encapsulation=mpls Cisco-AVPair = l2vpn:peer-ip-address=102.102.102.102
RADIUS Profile Peer IP Profile (Username: peer-ip:101.101.101.101:vc-id:111111) Cisco-AVPair = l2vpn:vcid=111111 Cisco-AVPair = l2vpn:service-id=pe2_vpws_pw_customer1 Cisco-AVPair = subscriber:sss-service=vpws Cisco-AVPair = l2vpn:redundancy-group=2 Cisco-AVPair = l2vpn:pw-encapsulation=mpls Cisco-AVPair = l2vpn:peer-ip-address=101.101.101.101
Cisco Confidential
55
2
VFI
Non-DESA device
Access-Request: username (authorization keys) Access-Accept: User Profile definition (basic EFP config) Bridge-Domain (BD) Service Profile
ARP Reply
Cisco Confidential 56
L2 Context
RouterA#show interface gig2/3 interface GigabitEthernet2/3 service instance dynamic 90 ethernet description L2 context for single-tag FSOL encapsulation dot1q 1000-2000 ethernet subscriber initiator unclassified vlan service-policy type control DYNAMIC_EVC *
RADIUS Profile User Profile (Username: RouterA:nas-port:2/0/3/0:1006) Cisco-AVPair = subscriber:sss-service=bridge Cisco-AVPair = bridge-domain:bridge-domain-id=2001 Cisco-AVPair = ethernet-service-instance:service-instancedescription=Dynamic customer 3 Cisco-AVPair = ethernet-service-instance:stag-vlan-id=1006 Cisco-AVPair = ethernet-service-instance:rewrite-ingress=1 Cisco-AVPair = ethernet-service-instance:rewrite-ingress-tagoperation=Pop1 Cisco-AVPair = ethernet-service-instance:rewrie-ingresssymmetric=TRUE
Accounting-Request: Acct-Status-Type = start Accounting-Response Accounting-Request: Acct-Status-Type = interim-update Accounting-Response Interim-update Interim-update Interim-update Accounting-Request: Acct-Status-Type = stop Accounting-Response
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
58
Configuration Example
AAA server
CE1
EVC
DESA
PE 1 7600
PE 2 7600
CE2
interface gig2/3 service instance 3 ethernet encapsulation dot1q 40 ethernet subscriber static service-policy type control DEMO1 bridge-domain 40 !
2010 Cisco and/or its affiliates. All rights reserved.
E-LINE service
Cisco Confidential
59
!
policy-map type service ACCT-SERVICE class type traffic DUMMYTC accounting aaa list default ! ! class-map type traffic match-any DUMMYTC !
Cisco Confidential
60
DESA Summary
Cisco Confidential
61
Self-Service
Creates new service opportunities Improves customer satisfaction
Dynamic PW creation
Simplifies configuration Creates new service opportunities
Lowers Opex
Improves operations
Zero-Touch Provisioning
Improves scale
Reduces IT investment Improves SLA response times
Cisco Confidential
62
Dynamic Ethernet = Carrier Ethernet + Broadband Targeted for Business & Wholesale subscribers
Cisco Confidential
63
Contacts
Amrit Hanspal (PM) / Jose Liste (TME) Alias
ask_iosadvantage@cisco.com
Cisco Confidential
64
Cisco Confidential
65