IOS Advantage - Creating Zero-Touch Carrier Ethernet Services

Cisco IOS Advantage Webinars Creating Zero-Touch Carrier Ethernet Services
Amrit Hanspal & Jose Liste
Well get started a few minutes past the top of the hour.
Note: you may not hear any audio until we get started.
2010 Cisco and/or its affiliates. All rights reserved. 1
Speakers
Amrit Hanspal
Product Manager
Panelists
Samer Salam
Principal Engineer
ahanspal@cisco.com
ssalam@cisco.com
Jose Liste
Technical Marketing Engineer jliste@cisco.com
S. Akshaya Kumar
Technical Marketing Engineer sakskuma@cisco.com
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Submit questions in Q&A panel and send to All
Panelists
Avoid CHAT window for better access to panelists
For Webex audio, select COMMUNICATE > Join
Audio Broadcast
For Webex call back, click ALLOW Phone button at
the bottom of Participants side panel
Where can I get the presentation?

https://communities.cisco.com/docs/DOC-26449 Or send email to: ask_iosadvantage@cisco.com
Please fill in Survey at end of event Join us on November 2 for our next IOS Advantage
Webinar: The Evolution of IP Mobility Solutions
Cisco Confidential
At the end of the session, you will be able to:

Understand the evolution of DESA and where it would be
positioned in a SP network
Understand the motivation to evolve from Carrier Ethernet
to zero-touch Dynamic Ethernet

Understand key use cases & call flows Understand key configurations for enabling zero-touch
Carrier Ethernet Services
Cisco Confidential
What is DESA? Where does it fit?
Converging paths
Evolution of Session based offerings Evolution of Carrier Ethernet Services
Technical Building Blocks

Call Flows Sample Configurations Summary
Cisco Confidential
What is DESA?
Cisco Confidential
Ethernet Virtual Circuit (EVC) Framework
DESA
Intelligent Services Gateway (ISG)
Ethernet infrastructure with programmatic interface Intelligent Service Management engine Power of dynamic subscriber management from ISG to automate provisioning of
Ethernet Services OPEX
Automated, customized Ethernet service provisioning infrastructure that saves Competitive advantage Industry first, Cisco only capability Available on Cisco 7600 today
2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Corporate
Last Mile
CMTS,DSLAM
Aggregation Network
Ethernet
Core Network
BNG/MSE
Cable/DSL/PON
Residential
IP/MPLS
IP/MPLS
Broadband Session (PPP/IP) based subscriber offering, driven by AAA/ISG policy. Targets Residential
SP Edge Services Layer 2/3 based offering providing routing overlay or shared services. Targets Corporate
Carrier Ethernet (Access) Ethernet Services with Pseudowire (or VPLS) and DESA accounting/provisioning
Bottom Line: There is a strong correlation between Carrier Ethernet, SP Edge & Broadband
BRAS
BNG for Residential Wireline
IP BNG for Public Wifi
Ethernet Session for Corporate Subscribers
Identity/ Policy
AAA
AAA/ ISG
AAA/ ISG
AAA/ ISG
Session
PPPoA (and other PPPoXoA)
PPPoE
IP
EVC
Network Access
Serial, ATM
Ethernet
Ethernet
Ethernet/ EoMPLS
DESA can be viewed as a Broadband and/or Carrier Ethernet Technology
Cisco Confidential
Access
IP, PPP(PPPoE, PPPoA), Tunnel Termination, Interfaces, Ports, Mobile Wireless, Ethernet, WLAN
ISG
Per-Session Features, Forwarding/Routing, Accounting, Firewalls, QoS Identification, Authentication, Authorization, Single Sign On
Services
Identity
Cisco Confidential
10
Access
Services
Identity
Mobile
RAN

Wireless

Fiber Node
Common Generic Session Type Created at first sign of subscriber activity Common context on which session-services/policies are activated Inherent Part of the Network Operating System FSOL/Initiator - Layer 2 or Layer 3; Unclassified, DHCP, Radius
Cable
Dial
Access Ethernet Distribution
DSL
Cable
Ethernet
802.11
Future
DSL DSLAM ATM Switch
Different Access Media and Protocols
PSTN Dial
Cisco Confidential
11
Identity
Access
Services
Identity
ISG builds a composite Multi-dimensional Identifier for every Session

Policy Plane Session Control Plane Data Plane
Multidimensional Identity <MAC, DHCP Option 82, VLAN ID, VRF-ID, CLID, Source IP, PBHK, NAS-Port, SessionID, Ascend Server Key, GUID, domain name, username >
Corporate VPN User 1 MPLS / IP Aggregation MPLS / IP Core
Portal, AAA, Billing

User 2
Internet
Cisco Confidential
12
Access
Services
Services Identity
A Service is a group of 1 or more features A Feature is just any feature supported by IOS
Commonly used features with ISG include:

Accounting Session, Service, Flow Billing Postpaid, Prepaid, Tariff Switching, Time based, Volume based Timeouts Idle, Session
Keepalives
Routing/Forwarding
VRF Transfer
Traffic Class
Security - PerSession Filter, Peruser ACL
Control Policy
Service Profile
QoS
Packet Flow Optimization
Cisco Confidential
13
Service Abstraction
Flexible Mapping
EVC
Multiplexing
Standards
Cisco Confidential
14
Service Abstraction
Flexible Mapping
Multiplexing
Standards
VLAN Bridge
VLAN
Physical Ethernet Interfaces
Traffic Flows
EVC Bridge
VLAN
Key Benefits: Provides Local VLAN significance to scale Ethernet remove limitation of 4094 VLANs per device Provides Service Providers the ability to model Ethernet Services including EVC/UNI attributes
Service Instances
Bridge Domains
UNI Attributes to map multiple C-VLAN to Service Instance
Cisco Confidential
15
Service Abstraction
Flexible Mapping
Multiplexing
Standards
Service Instances
Physical Ethernet Key Benefits: interface (GE/10GE) Provides a mechanism to

offer Ethernet services (retail and wholesale) as well as Ethernet transport for L3 services
VLAN Operations Push, Pull, Translate, Rewrite
Untagged Ethernet
Q-in-Q, Double tags
Provides a create richer services with advanced VLAN tag manipulation (Push, Pull, Translate, Rewrite)
.1Q, Single Tag
Cisco Confidential
16
Service Abstraction
Flexible Mapping
Multiplexing
Standards
Layer 3 Service IP VPN
Key Benefits:
Provides the ability to build richer service offering with concurrent support of Layer 2 services e.g. Point-toPoint, Multi-point Provides the flexibility to offer a combination of Layer 2 and Layer 3 services on same physical port e.g. Service Instance to IP VPN,
Layer 2 Point-to-Point Local Hair-pin Routed Interfaces
SVI
Mapping Service Instance to PW e.g. EoMPLS
PW
BD
VFI
PW
Split Horizon
Layer 2 Multipoint bridged
Service Instances
Physical Interfaces
Legend BD = Bridge Domain VFI = Virtual Fwd Instance PW = Pseudowire SVI = Switch Virtual Instance
Cisco Confidential 17
Service Abstraction
Flexible Mapping
Multiplexing
Standards
Standards Organization
Standard IEEE 802.1q Virtual LANs
Description
Institute of Electrical & Electronics Engineers (IEEE)
IEEE 802.1ad IEEE 802.1ah
Q-in-Q/Provider Bridging - Outer S-VLAN (service), Inner C-VLAN (customer) Provider Backbone Bridges (PBB) with Service Instances
MEF 4
MEF 6 Metro Ethernet Forum (MEF) MEF 10 MEF 11 Internet Engineering Task Force (IETF) rfc4447 rfc4762/4761
Metro Ethernet Network Architecture Framework

Metro Ethernet Services Definitions Ethernet Services Attributes User Network Interface (UNI) Virtual Private Wire Services (VPWS) Virtual Private Line Services (VPLS)
Cisco Confidential
18
OAM Subsystem
AAA, DHCP, DNS Policy, Inventory, Billing EMS, NMS Service/Performance Mgmt
Subscriber
Residential
Access
Cable/CMTS
Aggregation Network
Edge
Core Network
Agg Switch DSL/DSLAM Corporate Fiber / OLT MPLS/IP network Wireless
Agg Switch
MPLS/IP Edge Services
MPLS/IP network
Ethernet Agg Switch Agg Switch Broadband Network Gateway
Cell Phones
Mobility
DESA Applicability Cisco Confidential
19
Dynamic L2 Services
Enable EVC Flexible Ethernet encapsulations to support existing ISG IP sessions Service is Layer 3, Ethernet is the Transport
Enable ISG policy plane to control EVC Ethernet Flow Point access and transport policies Ethernet is the Service
Dynamic L3 Services over Ethernet
Cisco Confidential
20
1.
Customer orders L2 service at portal

CPE is shipped to customer Customer plugs in CPE
2.
First L2-traffic triggers RADIUS request to activate services L2 Service profile applied (ACLs, QOS, Pseudowire, etc.) Activates billing and inventory functions Customer changes profile dynamically ondemand
CPE
1
Self-care
5
RADIUS Accounting
3.
4 2
L2-Session L2-Session Dynamic Pseudowire DESA
4. 5.
Dynamic Service Profile
Cisco Confidential
21
Webinar participant company type (Check one):

Enterprise Wireline Service Provider Mobile Operator Ethernet Service Provider
Other (e.g., system integrator)
What are the key business applications/drivers for using Ethernet services? (Check all that apply)
Data Center Interconnect Branch WAN connectivity Mobile Backhaul Internet access /L3VPN traffic backhaul (CE-PE) Other
Which existing services do you already offer today? (Check all that apply)
Layer 3 MPLS/IP VPNs
Layer 2 offerings
Residential Broadband wireline Public Wireless LAN offerings Other (Please specify)
Cisco Confidential
22
Cisco Confidential
23
ISG Infrastructure
Automates service provisioning
EVC Infrastructure
Provides flexible, next-generation Ethernet infrastructure
L2VPN Infrastructure
Provides transport over MPLS network
Ethernet OAM Infrastructure

Provides service monitoring capabilities
Cisco Confidential
24

Intelligent Services Gateway (ISG)
Cisco Confidential
25
Subscriber Policy Layer AAA Server Policy Server Web Portal DHCP Server
Cisco Intelligent Services Gateway (ISG) is a licensed feature set on Cisco IOS that provides Session Management and Policy Management services to a variety of access networks
Open Northbound Interfaces Policy Management and Enforcement
Subscriber Identification Subscriber Authentication
Subscriber Identity Management
ISG
Subscriber Services Determination and Enforcement

Dynamic Service update
ISG
So focal, that the entire device is often referred as an: Intelligent Services Gateway router or simply The ISG
Cisco Confidential
26
ISG Session
Based on Subscriber Access Protocol
Sessions Supported:
Dynamically Created Sessions: PPP sessions IP sessions NEW with DESA IP Subnet sessions Ethernet sessions
Authentication Initiation
Session
Termination
Statically Created Sessions: Interface sessions (IP-based) Ethernet sessions

Service Activation
Cisco Confidential
27
ISG Session
Dynamic Ethernet Sessions

Triggered by arrival of First Sign Of Life (FSOL) traffic on an interface Associated with dynamic Service Instances (not saved in nvram) All features downloaded from RADIUS profiles at session-start Selected features1 downloaded any time through RADIUS CoA Support MEF Type III UNI
Static Ethernet Sessions

Administratively configured Sessions Associated with manual/regular Service Instances (CLI-created) Selected features1 downloaded from RADIUS profiles at sessionstart Selected features1 downloaded any time through RADIUS CoA
Support MEF Type I & II UNI

(1) Quality of Service, Access Control List, Accounting, Iddle-Timeout
Dynamic Policy PULL (e.g. Automatic Service-Profile Download on Session Establishment)
Dynamic Policy PUSH (e.g. Turbo Button)

Application/ Service Layer event
Administrator
Subscriber Policy Layer DHCP Web Policy AAA Server Portal Server Server
Subscriber Policy Layer DHCP Web Policy AAA Server Portal Server Server
RADIUS Acc-req
RADIUS Acc-accept
Network Layer Event

Subscriber
Guest Portal Open Garden
RADIUS CoA or SGI Request
Subscriber Guest Portal Walled Garden Open Garden Walled Garden

Subscriber Policy Layer

AAA Server Policy Server Web Portal DHCP Server
Internet/Core
Guest Portal Open Garden
Video Audio Servers Walled Garden
RADIUS Interface, for subscriber AAA functionalities and service download
Policy PULL
RADIUS Extensions (RFC 3576) and XML based (SGI*) Open Interfaces, for dynamic, administrator or subscriber Policy PUSH driven, session and service management functions
(*) SGI: Services Gateway Interface Cisco Confidential
30

EVC Framework
Cisco Confidential
31
Cisco Ethernet Virtual Circuit (EVC) is the next-
generation cross-platform Carrier Ethernet Software Infrastructure

Addresses Flexible Ethernet Edge requirements
Flexible Service Mapping Advanced Frame Manipulation Multiplexed Forwarding Services
Supports service convergence over Ethernet

Complies with MEF, IEEE, IETF standards
Cisco Confidential
32
Ethernet Flow Points

Provide classification of L2
EFPs on Interface
Match VLAN: 14
100 101
Physical Ethernet interface (GE/10GE)
flows on Ethernet interfaces

14
Are also referred to as EVC
service-instances
Support dot1q and Q-in-Q Support VLAN lists Support VLAN ranges
Match VLAN range: 100-102
102
200 203 210
Match VLAN list: 200, 203, 210 Match VLAN: 300,100
300,100
Support VLAN Lists and
Ranges combined
Coexist with routed
400,1 400,2 400,3
Match outer VLAN 400, inner VLAN range: 1-3 Match outer 400, inner VLAN list: 11,17,34
subinterfaces
400,11
400,17 400,34
VLAN Tag Manipulation

PUSH operations POP operations TRANSLATION operations
DA SA 20 DA SA 25 20
DA SA
DA SA 25 31
DA SA 10 20
DA SA 20
DA SA 10 20
DA SA
DA SA 10
DA SA 25
DA SA 10
DA SA 25 31
DA SA 10 20
DA SA 31
DA SA 10 20
DA SA 25 31
Cisco Confidential
34
Multiplexed Service
Interface
Mix of L2 and L3
PW
BD BD
VFI
PW PW
services on same port

Different types of
L2 services
Point-to-Point Multipoint
BD
Service Instances
SVI/BDI
BD = Bridge Domain VFI = Virtual Fwd Instance PW = Pseudowire SVI = Switch Virtual Instance BDI = Bridge Domain Interface
Cisco EVC introduces the following new concepts:

Ethernet Virtual Circuit (EVC)
NEW with DESA Dynamic EVCs
Device local object (container) for network-wide service parameters
Ethernet Service Instance

Transport-agnostic abstraction of an Ethernet service on an interface Also referred as Ethernet Flow Point (EFP)
NEW with DESA Dynamic EFPs Dynamic Ethernet sessions Static EFP Static Ethernet sessions NEW with DESA Dynamic BDs
Bridge Domain (BD)

Ethernet Broadcast Domain local to a device
Bridge Domain Interface (BDI)
Logical Layer 3 interface associated with a BD to perform integrated routing and bridging
Cisco Confidential
36
DESA enables ISG policy plane to control EVC Ethernet Flow Point access and transport policies
L3
Routing
EoMPLS PW
FSOL
Unclassified vlan traffic; e.g.: PPPoE discovery DHCP opt 82/60 ARP broadcast
Bridging
VPLS EoMPLS PW P2P VPWS EoMPLS PW
FSOL
LDP VC Label adv.
X
P2P local connect
Bridging
Multipoint bridging
FSOL = First Sign Of Life

Call Flows
Cisco Confidential
38
Potential Accounting Points Session level accounting (per subscriber)
Efficient Access Network
Large Scale Aggregation Network
Intelligent Services Edge
Multiservice Core Network
BNG / MSE Access Node

Ethernet UNI
Aggregation Node
MPLS / IP
Distribution Node
Ethernet NNI
DESA ISG
DSL, PON, Ethernet
MPLS / IP
MPLS
FSOL: unclassified VLAN
FSOL: PPPoE, DHCP, Unclassified MAC
Dynamic service instance with rewrite, QoS, ACL on UNI-AGG Static sub-interface (dot1q or Q-in-Q) with ISG session or PPPoE
Dynamic bridge-domain(s) w/ split-horizon

Data (HSI): Static SVI with xconnect to Distribution node Multicast Video: Static SVI with IP Address & IGMP snooping
Cisco Confidential
39
Potential points for Accounting Session-based accounting (per service) Efficient Access Network Large Scale Aggregation Network Intelligent Services Edge Multiservice Core Network

Ethernet UNI
Aggregation Node
MPLS / IP
Distribution Node
Ethernet NNI
Retailer X Retailer Y
DESA
DESA DESA
DSL, PON, Ethernet
MPLS / IP
MPLS
FSOL: Unclassified VLAN
FSOL: LDP VC Label Advertisement
FSOL: Unclassified VLAN Dynamic service instance with rewrite, CFM, QoS, ACL on NNIBNG/MSE E-LINE
Dynamic EoMPLS PW (xconnect under Dynamic service instance) w/ peer IP addr & VC-ID determined via RADIUS Dynamic bridge domain (under dynamic service instance) w/ static SVI configured with xconnect to a static l2vfi (with or w/o BGP autodiscovery) 40 Cisco Confidential
Dynamic service instance with rewrite, QoS, CFM, ACL on UNIAGG Dynamic EoMPLS PW (xconnect under Dynamic service instance) w/ Distribution node IP addr & VC-ID determined via RADIUS
Dynamic EoMPLS PW (xconnect under Dynamic service instance) w/ Aggregation node IP addr & VC-ID determined via RADIUS
Dynamic service instance with rewrite, QoS, CFM, ACL on NNI-DIST
E-LAN
Potential points for Accounting Session-based accounting (per service) Efficient Access Network Large Scale Aggregation Network
Potential Accounting Points Session level accounting (per subscriber) Intelligent Services Edge Multiservice Core Network

Ethernet UNI
Aggregation Node
MPLS / IP
Distribution Node
Ethernet NNI
Retailer X Retailer Y
DESA
DESA
ISG / DESA
DSL, PON, Ethernet
MPLS / IP
MPLS
FSOL: LDP VC Label Advertisement
FSOL: PPPoE, DHCP, Unclassified MAC FSOL: Unclassified VLAN Static sub-interface (dot1q or Q-in-Q) with ISG IP or PPPoE session Dynamic service instance with dynamic BD & static SVI configured with IP VRF
Dynamic service instance with rewrite, QoS, CFM, ACL on UNIAGG Dynamic EoMPLS PW (xconnect under Dynamic service instance) w/ Distribution node IP addr & VC-ID determined via RADIUS
Dynamic EoMPLS PW (xconnect under Dynamic service instance) w/ Aggregation node IP addr & VC-ID determined via RADIUS Dynamic service instance with rewrite, QoS, CFM, ACL on NNI-DIST
RADIUS Profiles and Detailed Call Flows

Dynamic BD / Dynamic L2VPN VPWS
Cisco Confidential
42
Bridged Services
User (EFP) Profile

EFP attributes (e.g. description, encapsulation, rewrite, evc name, QoS policy, L2/L3/L4 ACLs, MAC security, CFM MEP/MIP) Bridge Domain profile name EVC profile name (opt.) CFM Maintenance Association profile name (opt.)
Bridge Domain Profile

BD attributes (e.g. BD ID, MAC limit, BD type (c-mac)) 802.1ah I-Tag profile name (opt.)
EVC Profile
EVC attributes (e.g. UNI count, OAM Interworking parameters)
CFM MA Profile
CFM Maintenance Association attributes (e.g. ShortMA name, direction, CCM parameters)
802.1ah I-Tag Profile

I-Tag attributes (e.g. ISID value) 802.1ah MAC-Tunnel profile name
MAC-Tunnel Profile
MAC-Tunnel attributes (e.g. ID, description, B-tag VID, B-mac)
MPLS L2VPN Services

User (EFP) Profile
EFP attributes (e.g. description, encapsulation, rewrite, evc name, QoS policy, L2/L3/L4 ACLs, MAC security, CFM MEP/MIP) L2VPN VPWS profile name EVC profile name (opt.) CFM Maintenance Association profile name (opt.)
L2VPN VPWS Profile

L2 VPN VPWS atttributes (e.g. PW redundancy parameters) VPWS Peer IP profile name VPWS Peer IP profile name (Backup PW) (opt.)
EVC Profile
EVC attributes (e.g. UNI count, OAM Interworking parameters)
CFM MA Profile
CFM Maintenance Association attributes (e.g. ShortMA name, direction, CCM parameters)
L2VPN Peer-IP Profile

PW attributes (e.g. Remote Peer IP address, VC ID, primary / backup (priority), encapsulation, PW class)
RADIUS Profiles and Detailed Call Flows

Ethernet Accounting
Cisco Confidential
45
Accounting supported for the following: Dynamic and Static Ethernet sessions at session-start time Dynamic and Static Ethernet sessions via RADIUS CoA Per-session accounting support at FCS
Accounting attribute can be added to User profile

Cisco-AVPair = subscriber:accounting-list=<accnt_list>
Cisco Confidential
46
Ethernet Accounting Dynamic Service Instance

DESA
Session-start event posted
Access-Request: username (authorization keys)

Service-start event posted
Accounting-Request: Acct-Status-Type = start Accounting-Response Accounting-Request: Acct-Status-Type = interim-update Accounting-Response Interim-update Interim-update
Session-Idle timeout event posted
Access-Accept: User Profile definition Including Accounting VSA
Interim-update
Accounting-Request: Acct-Status-Type = stop Accounting-Response 2010 Cisco and/or its affiliates. All rights reserved.
Simplified call flow
Cisco Confidential
47
Ethernet Accounting via CoA on Static Service Instance

DESA
Static EFP Manual ethernet session configured 2

Portal Request for Accounting
CoA Request Service Activate service: <sample_service_profile> Access-Request: service: <sample_service_profile> Access-Accept: <sample_service_profile> definition Including Accounting VSA
Accounting-Request: Acct-Status-Type = start Accounting-Response
CoA ACK Service Activate

Accounting-Request: Acct-Status-Type = interim-update Accounting-Response
Cisco Confidential
48
Does your company have plans to implement any of the following? (Check all
that apply):
Low-touch / Dynamic Layer 2 (Ethernet) services to Enterprise, Mobile Backhaul or Retail SP customers
Dynamic Layer 2 (Ethernet) transport for Layer 3 services

Elastic Ethernet services with on-demand customer changes through Portal Self-managed Ethernet services with accounting / performance data through Portal No plans for Dynamic Ethernet
What do you expect your companys timeframe for deploying Dynamic Ethernet
are? (Check one):

Next 6 months Next 12-24 months More than 24 months No plans
Cisco Confidential
49
What do you think would be the most relevant First Sign of Life (FSOL) types
for Ethernet Sessions in your network? (Check all that apply)

Unclassified VLAN Unclassified MAC IEEE 802.1X DHCP Discovery PPPoE PADI/R Other
Would you expect to perform Customer Equipment (CE) Authentication for
Dynamic Ethernet sessions? (Check One):

Yes, using IEEE 802.1X Yes, using PPP Challenge Yes, using DHCP-based No, I do not expect to use authentication
Cisco Confidential
50
End to End Scenarios Sample Configurations
Cisco Confidential
51
Single-Sided Dynamic L2VPN VPWS

DESA DESA
FSOL: unclassified VLAN ARP for 10.1.1.2 on Vlan X

Access-Request: username (authorization keys) Access-Accept: User Profile definition (basic EFP config) Service Profile(s) (e.g. BD, 802.1ah, L2VPN VPWS, CFM)
Access-Request(s): service: <sample_service_profile> Access-Accept(s): <sample_service_profile> definition(s) Access-Request: Peer IP Service Profile Access-Accept: Peer IP Profile definition Service Profile(s)
FSOL: LDP VC label advertisement

Access-Request(s): service: <sample_service_profile> Access-Accept(s): <sample_service_profile> definition(s)
PW establishment phase
Pseudowire ARP Request
ARP Reply
Cisco Confidential
52
Single-Sided Dynamic L2VPN VPWS (cont.)

Gig2/3 Gig2/4
DESA DESA
PE1
L2VPN VPWS
Loopback0 101.101.101.101
Loopback0 102.102.102.102
PE2
L2VPN VPWS
l2 subscriber authorization group atom_test1 service-policy type control atom_rule1 peer network 101.101.101.101 255.255.0.0 1 4294967295
l2 subscriber authorization group atom_test1 service-policy type control atom_rule1 peer network 102.102.102.102 255.255.0.0 1 4294967295
L2 Context
RouterA#show running-config interface gig2/3 interface GigabitEthernet2/3 service instance dynamic 90 ethernet description L2 context for single-tag FSOL encapsulation dot1q 1000-2000 ethernet subscriber initiator unclassified vlan service-policy type control DYNAMIC_EVC *
L2 Context
RouterB#show running-config interface gig2/4 interface GigabitEthernet2/4 service instance dynamic 90 ethernet description L2 context for single-tag FSOL
encapsulation dot1q 1000-2000

ethernet subscriber initiator unclassified vlan service-policy type control DYNAMIC_EVC *
Dynamic Service Instance

RouterA#show derived-config interface gig2/3 interface GigabitEthernet2/3 (snip) service instance 101 ethernet

RouterB#show derived-config interface gig2/4 interface GigabitEthernet2/4 (snip) service instance 102 ethernet description Dynamic customer 1 encapsulation dot1q 1000 rewrite ingress tag pop 1 symmetric xconnect 101.101.101.101 111111 encapsulation mpls
description Dynamic customer 1

encapsulation dot1q 1000 rewrite ingress tag pop 1 symmetric xconnect 102.102.102.102 111111 encapsulation mpls
(*) See next slide for its definition Cisco Confidential
53
RouterA#sh run | beg DYNAMIC_EVC policy-map type control DYNAMIC_EVC class type control always event session-start 10 authorize identifier hostname plus nas-port plus stag-vlan-id ! !
RouterB#sh run | beg DYNAMIC_EVC policy-map type control DYNAMIC_EVC class type control always event session-start 10 authorize identifier hostname plus nas-port plus stag-vlan-id ! !
Cisco Confidential
54
Single-Sided Dynamic L2VPN VPWS (cont.)

Gig2/3 Gig2/4
DESA DESA
PE1
Loopback0 101.101.101.101
Loopback0 102.102.102.102
PE2
User Profile (Username: RouterA:nas-port:2/0/3/0:1000) Cisco-AVPair = subscriber:sss-service=vpws Cisco-AVPair = l2vpn:redundancy-group=1 Cisco-AVPair = l2vpn:service-id=pe1_vpws_pw_customer1 Cisco-AVPair = ethernet-service-instance:service-instance-description=Dynamic customer 1 Cisco-AVPair = ethernet-service-instance:stag-vlan-id=1000 Cisco-AVPair = ethernet-service-instance:rewrite-ingress=1 Cisco-AVPair = ethernet-service-instance:rewrite-ingress-tag-operation=Pop1 Cisco-AVPair = ethernet-service-instance:rewrite-ingress-symmetric=TRUE
User Profile (Username: RouterB:nas-port:2/0/4/0:1000) Cisco-AVPair = subscriber:sss-service=vpws Cisco-AVPair = l2vpn:redundancy-group=1 Cisco-AVPair = l2vpn:service-id=pe2_vpws_pw_customer1 Cisco-AVPair = ethernet-service-instance:service-instance-description=Dynamic customer 1 Cisco-AVPair = ethernet-service-instance:stag-vlan-id=1000 Cisco-AVPair = ethernet-service-instance:rewrite-ingress=1 Cisco-AVPair = ethernet-service-instance:rewrite-ingress-tag-operation=Pop1 Cisco-AVPair = ethernet-service-instance:rewrite-ingress-symmetric=TRUE
L2VPN Profile (Username: pe1_vpws_pw_customer1) Cisco-AVPair = l2vpn:member=ethernet-service-instance:Gi2/3 -stag-type:0x8100 stag-vlan-id:1000 Cisco-AVPair = l2vpn:member=pseudowire:peer-ip:102.102.102.102:vc-id:111111
L2VPN Profile (Username: pe2_vpws_pw_customer1) Cisco-AVPair = l2vpn:member=ethernet-service-instance:Gi2/4 -stag-type:0x8100 stag-vlan-id:1000 Cisco-AVPair = l2vpn:member=pseudowire:peer-ip:101.101.101.101:vc-id:111111
RADIUS Profile Peer IP Profile (Username: peer-ip:102.102.102.102:vc-id:111111) Cisco-AVPair = l2vpn:vcid=111111 Cisco-AVPair = l2vpn:service-id=pe1_vpws_pw_customer1 Cisco-AVPair = subscriber:sss-service=vpws Cisco-AVPair = l2vpn:redundancy-group=2 Cisco-AVPair = l2vpn:pw-encapsulation=mpls Cisco-AVPair = l2vpn:peer-ip-address=102.102.102.102
RADIUS Profile Peer IP Profile (Username: peer-ip:101.101.101.101:vc-id:111111) Cisco-AVPair = l2vpn:vcid=111111 Cisco-AVPair = l2vpn:service-id=pe2_vpws_pw_customer1 Cisco-AVPair = subscriber:sss-service=vpws Cisco-AVPair = l2vpn:redundancy-group=2 Cisco-AVPair = l2vpn:pw-encapsulation=mpls Cisco-AVPair = l2vpn:peer-ip-address=101.101.101.101
Cisco Confidential
55
Dynamic Bridge-Domain / Static VPLS

DESA
Static VFI Static SVI
2
VFI
Static VFI Static SVI
Non-DESA device
FSOL: unclassified VLAN ARP for 10.1.1.2 on VID 1006

Access-Request: username (authorization keys) Access-Accept: User Profile definition (basic EFP config) Bridge-Domain (BD) Service Profile
Access-Request(s): service: <sample_BD_profile> Access-Accept(s): <sample_BD_profile> definition(s) ARP Request

ARP Reply
Dynamic Bridge-Domain / Static VPLS

Static SVI / VPLS
l2 vfi vfi-2001 manual vpn id 2001 neighbor 102.102.102.102 encapsulation mpls no-split-horizon interface Vlan2001 xconnect vfi vfi-2001
L2 Context
RouterA#show interface gig2/3 interface GigabitEthernet2/3 service instance dynamic 90 ethernet description L2 context for single-tag FSOL encapsulation dot1q 1000-2000 ethernet subscriber initiator unclassified vlan service-policy type control DYNAMIC_EVC *

RouterA#show derived-config interface gig2/3 interface GigabitEthernet2/3 service instance 104 ethernet description Dynamic customer 3 encapsulation dot1q 1006 rewrite ingress tag pop 1 symmetric bridge-domain 2001
RADIUS Profile User Profile (Username: RouterA:nas-port:2/0/3/0:1006) Cisco-AVPair = subscriber:sss-service=bridge Cisco-AVPair = bridge-domain:bridge-domain-id=2001 Cisco-AVPair = ethernet-service-instance:service-instancedescription=Dynamic customer 3 Cisco-AVPair = ethernet-service-instance:stag-vlan-id=1006 Cisco-AVPair = ethernet-service-instance:rewrite-ingress=1 Cisco-AVPair = ethernet-service-instance:rewrite-ingress-tagoperation=Pop1 Cisco-AVPair = ethernet-service-instance:rewrie-ingresssymmetric=TRUE
(*) See slide 65 for its definition

Ethernet Accounting Static Service Instance

DESA
Manual EFP Static ethernet session configured 2

Access-Request(s): service: <sample_service_profile> Access-Accept(s): <sample_service_profile> definition(s) Including Accounting VSA
Accounting-Request: Acct-Status-Type = start Accounting-Response Accounting-Request: Acct-Status-Type = interim-update Accounting-Response Interim-update Interim-update Interim-update Accounting-Request: Acct-Status-Type = stop Accounting-Response
Cisco Confidential
58
Configuration Example
AAA server
Static Ethernet session

DESA
CE1
EVC
DESA
PE 1 7600
PE 2 7600
CE2
interface gig2/3 service instance 3 ethernet encapsulation dot1q 40 ethernet subscriber static service-policy type control DEMO1 bridge-domain 40 !
E-LINE service
Cisco Confidential
59
Configuration Example (Cont.)

policy-map type control DEMO1
class type control always event session-start 1 service-policy type service name ACCT-SERVICE !
!
policy-map type service ACCT-SERVICE class type traffic DUMMYTC accounting aaa list default ! ! class-map type traffic match-any DUMMYTC !
Cisco Confidential
60
DESA Summary
Cisco Confidential
61
Self-Service
Creates new service opportunities Improves customer satisfaction
Dynamic PW creation
Simplifies configuration Creates new service opportunities
Lowers Opex
Improves operations
Zero-Touch Provisioning
Improves scale
Reduces IT investment Improves SLA response times
Granular Ethernet accounting

Improves customer satisfaction
Creates new service opportunities Lowers OPEX -- improves operations
Cisco Confidential
62
Dynamic Ethernet = Carrier Ethernet + Broadband Targeted for Business & Wholesale subscribers
Provides Service Providers additional revenue income

Evolves Carrier Ethernet capabilities works with non-DESA nodes An Industry first standards compliant capability
Cisco Confidential
63
DESA Configuration Guide http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/151s/Dynamic_Ethernet_Service_Activation.html Command References http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-crbook.html http://www.cisco.com/en/US/docs/ios-xml/ios/isg/command/isg-cr-book.html
Contacts
Amrit Hanspal (PM) / Jose Liste (TME) Alias
ask_iosadvantage@cisco.com
Cisco Confidential
64
Thank you! Please complete the post-event survey.

Join us November 2, 2011 for our next
IOS Advantage Webinar:
The Evolution of IP Mobility Solutions

To register, go to www.cisco.com/go/iosadvantage
Cisco Confidential
65

IOS Advantage - Creating Zero-Touch Carrier Ethernet Services

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IOS Advantage - Creating Zero-Touch Carrier Ethernet Services

Uploaded by

Copyright:

Available Formats

Cisco IOS Advantage Webinars Creating Zero-Touch Carrier Ethernet Services

Amrit Hanspal & Jose Liste

2010 Cisco and/or its affiliates. All rights reserved.

Submit questions in Q&A panel and send to All

Avoid CHAT window for better access to panelists

For Webex audio, select COMMUNICATE > Join

For Webex call back, click ALLOW Phone button at

the bottom of Participants side panel

Where can I get the presentation?

Webinar: The Evolution of IP Mobility Solutions

2010 Cisco and/or its affiliates. All rights reserved.

At the end of the session, you will be able to:

to zero-touch Dynamic Ethernet

Carrier Ethernet Services

2010 Cisco and/or its affiliates. All rights reserved.

What is DESA? Where does it fit?

Technical Building Blocks

2010 Cisco and/or its affiliates. All rights reserved.

2010 Cisco and/or its affiliates. All rights reserved.

Ethernet Virtual Circuit (EVC) Framework

Intelligent Services Gateway (ISG)

Ethernet Services OPEX

BNG for Residential Wireline

IP BNG for Public Wifi

Ethernet Session for Corporate Subscribers

PPPoA (and other PPPoXoA)

2010 Cisco and/or its affiliates. All rights reserved.

DESA can be viewed as a Broadband and/or Carrier Ethernet Technology

2010 Cisco and/or its affiliates. All rights reserved.

DSL DSLAM ATM Switch

Different Access Media and Protocols

2010 Cisco and/or its affiliates. All rights reserved.

ISG builds a composite Multi-dimensional Identifier for every Session

Corporate VPN User 1 MPLS / IP Aggregation MPLS / IP Core

Portal, AAA, Billing

2010 Cisco and/or its affiliates. All rights reserved.

Commonly used features with ISG include:

Security - PerSession Filter, Peruser ACL

Packet Flow Optimization

2010 Cisco and/or its affiliates. All rights reserved.

2010 Cisco and/or its affiliates. All rights reserved.

Physical Ethernet Interfaces

UNI Attributes to map multiple C-VLAN to Service Instance

2010 Cisco and/or its affiliates. All rights reserved.

Physical Ethernet Key Benefits: interface (GE/10GE) Provides a mechanism to

Q-in-Q, Double tags

.1Q, Single Tag

2010 Cisco and/or its affiliates. All rights reserved.

Layer 3 Service IP VPN

Layer 2 Point-to-Point Local Hair-pin Routed Interfaces

Mapping Service Instance to PW e.g. EoMPLS

Layer 2 Multipoint bridged

2010 Cisco and/or its affiliates. All rights reserved.

Standard IEEE 802.1q Virtual LANs

Institute of Electrical & Electronics Engineers (IEEE)

IEEE 802.1ad IEEE 802.1ah

Metro Ethernet Network Architecture Framework

2010 Cisco and/or its affiliates. All rights reserved.

Agg Switch DSL/DSLAM Corporate Fiber / OLT MPLS/IP network Wireless

MPLS/IP Edge Services

Ethernet Agg Switch Agg Switch Broadband Network Gateway

2010 Cisco and/or its affiliates. All rights reserved.

DESA Applicability Cisco Confidential

Dynamic L3 Services over Ethernet