Subscriber Traffic and Policy Management (BNG) on the ... · DSLAM BRAS/BNG . PPP to IP Migration...
Transcript of Subscriber Traffic and Policy Management (BNG) on the ... · DSLAM BRAS/BNG . PPP to IP Migration...
Subscriber Traffic and
Policy Management
(BNG) on the ASR9000
and ASR1000
Agenda
The next wave of Broadband
ISG Overview
ASR1k as BNG/ISG
ASR 9k as BNG
#CiscoPlusCA
The Next Wave of Broadband
#CiscoPlusCA
Evolution in SP Network Architectures
• Increased revenue by decreasing cost of managing and maintaining multiple networks
• Increased overall revenue by increasing revenue per user
• Customized services
• Rapid deployment of new services based on market trends
• Subscriber Self Subscription and Self Care
Diverged “per Service” Networks
Converged “All in One”
Networks
Converged “User Centric”
Networks
The New User Experience – Cisco ISG Enabling the Next Wave of Broadband
Add Subscribers
Pay As You Go!
Buy credit
Pay What You Use!
Buy
Broadband Light
Buy: $19.99
Broadband Basic
Buy: $29.99
Broadband Premium
Buy: $39.99
Branded VoD ($4.99/movie)
Branded TV ($29.99)
Branded Phone ($15.99 + LD)
Add Value
Add Services
Register Log in
The elements of customization Subscriber identified using multiple dimensions. Identity gathered:
From multiple sources and events
Over session lifecycle
Services and Rules updated based on :
How subscriber behaves
What he requires NOW
Different Services and Rules applied based on:
Who subscriber is
Where he is
What he requires
Identity
Differentiated Services
Dynamic Service Management
Intelligent Services Gateway
Subscriber Services
Subscriber Sessions
Subscriber Services
Session creation/
authentication
Dynamic Policy Push and Pull
Building the Identity and Assigning Services
MAC Addr: 00:DE:34:F1:C0:28
IP Addr: ?
Username: ?
Service: DEFAULT_SRV
Subscriber Session
T0
DHCP Exchange Starts
MAC Addr: 00:DE:34:F1:C0:28
IP Addr: 10.1.1.211
Username: ?
Service: DEFAULT_SRV
Subscriber Session
T1
DHCP Exchange Completes(*)
MAC Addr: 00:DE:34:F1:C0:28
IP Addr: 10.1.1.211
Username: Bhavani
Service: PPU_SRV
BHAVANI Subscriber Session
T2
Subscriber Authentication(*)
MAC Addr: 00:DE:34:F1:C0:28
IP Addr: 10.1.1.211
Username: Bhavani
Service: PREMIUM_FR_SRV
BHAVANI Subscriber Session
TN
Dynamic Service Update
Identities
Services
DEFAULT_SRV Only permits management traffic through the session
PPU_SRV Pay Per Use Service: - Permits all traffic - 512K/1Mbps US./DS - Accounting enabled on session
PREMIUM_FR_SRV Flat Rate Premium Data Service: - Permits all traffic - 1M/8Mbps US/DS
ISG
Subscriber
(*) Order of operations not representative of a real call flow
Example
Access Technology Abstraction
Open Garden Walled Garden
ATM/Ethernet
Switch
DSL
802.11 or
802.16
Access Distribution Ethernet
CMTS Cable
Subscriber-centric services regardless of: Access Technology
Access Protocol
Access Technology: Legacy DSL/ATM
Metro Ethernet, Wireless LAN, Cable
Access Protocol: IP
PPP
DSLAM
BRAS/BNG
PPP to IP Migration Key Requirements
Subscriber Access Detection
Subscriber authentication and authorization
Subscriber address management
G0/1.10
Create a per subscriber construct over a shared interface (“subscriber session”)
G0/1.10
John
Mike
Ted
John Mike Ted
Subscribers are John, Mike and Ted.
John and Mike are HSI users, Ted is VoIP user
There are 3 subscribers connected through G0/1.10
G0/1.10
John
John Mike Ted
Subscribers addresses should be:
10.1.1.10 John
10.1.1.20 Mike
10.1.1.30 Ted Mike
Uniquely establish subscriber identity and determine services and service levels per subscriber
Goal
10.1.1.30 10.1.1.20 10.1.1.10
Assign a unique IP address to each subscriber based on provider domain
Ted
What is ISG? Policy Server
Cisco Intelligent Services Gateway (ISG) is a licensed feature set on Cisco IOS that provides Session Management and Policy Management services to a variety of access networks
Addresses PPPoE to IPoE migration while maintaining all subscriber management functions
Subscriber Identity
Management
Policy Management
and Enforcement
DHCP Server
… AAA
Server
ISG
Web Portal
Open Northbound Interfaces
Subscriber Policy Layer
So focal, that the entire device is often referred as an: Intelligent Services Gateway router or simply “The ISG”
ISG
ISG Overview
#CiscoPlusCA
• Deployed at access or service edge
• Communicates with other devices to control all aspects of subscriber access in network
• Single point of contact
ISG’s place in the network
Internet/Core
AAA Policy DHCP
Aggregation
Portal
Subscriber Identification:
based on:
- who he is,
- where he is,
- how he behaves
- what he requires
Subscriber Authentication:
- PPP CHAP/PAP
- Transparent Auto Logon (TAL)
- Web Logon
- RADIUS
Subscriber Services Determination and Enforcement
Dynamic Service update
Session Lifecycle Management: establishment, configuration and tear down
ISG’s Subscriber Policy Layer
Walled Garden Open Garden
Internet/Core
Guest Portal
Subscriber Policy Layer
Video Audio Servers
AAA Server
Subscriber Authentication
Subscriber Authorization: User and Service Profile Repository
Per access and Per Service Accounting
Front-end toward billing system
Policy Server Dynamic Policy Push (Application Level Trigger)
Web Portal
Front end toward the subscriber for:
Self Subscription
Web Logon
Service Selection (Application Level Trigger)
DHCP Server Hand over of addresses to subscribers
Class-based address handover for ISG driven address pool selection
AAA Server
Policy Server
Web Portal
DHCP Server
Note: AAA Server, Policy Server, Web Portal can co-reside in the sample appliance
ISG’s Dynamic Policy Activation
Walled Garden Open Garden
Guest Portal
DHCP Server
Subscriber Policy Layer
Walled Garden Open Garden
Guest Portal
DHCP Server
AAA Server
Subscriber Policy Layer
Dynamic Policy Push (e.g. “Turbo Button”)
Policy Server
Application/ Service Layer event
Web Portal
Dynamic Policy Pull (e.g. Automatic Service-Profile
Download on Session Establishment)
Web Portal
Policy Server
Network Layer Event
AAA Server
ISG’s Northbound Interfaces
RADIUS Interface, for subscriber AAA functionalities and service download
RADIUS Extensions (RFC 3576) and XML based (SGI(*)) Open Interfaces, for dynamic, administrator or subscriber driven, session and service management functions
Walled Garden Open Garden
Internet/Core
Guest Portal
AAA Server
Policy Server
Web Portal
DHCP Server
Subscriber Policy Layer
Video Audio Servers
Policy PULL
Policy PUSH
(*) SGI: Services Gateway Interface
The Subscriber Session in ISG
• Construct within Cisco IOS that represents a subscriber – subscriber: billable entity and/or an entity that should be authenticated/authorize
• Common context on which services are activated
• Created at first sign of peer activity (FSOL = First Sign Of Life)
Walled Garden Open Garden
Internet/Core
Guest Portal
Subscriber Policy Layer
Video Audio Servers
Subscriber 1
Subscriber 2
Subscriber 3
Subscriber 1
session
Subscriber 2
session
Subscriber 3
session
AAA Server
Policy Server
Web Portal
DHCP Server
ISG Session
Dynamic Session Initiation • ISG sessions are initiated at the First Sign of Life (FSOL)
• FSOL depends on the Session Type
PPP Sessions - FSOL IP Sessions - FSOL .... there are options .....
DHCP
DHCP discover
Data Traffic
Unclassified MAC or IP IP packet with unknown MAC
or IP source address Use MAC for L2-connected IP
sessions
Use IP for routed IP sessions
DHCP Discover message
ISG must be DHCP Relay or Server
RADIUS Access/Accnt Start
ISG must be a Radius Proxy
Typically used in PWLAN and WiMAX environments
ISG Session
RADIUS
AP Wireless Client
RADIUS Access Request OR
Accounting Start
PPP Call Request (LCP)
Session Authentication
Authentication models supported: • Access Protocol Native Authentication:
– PPP: CHAP/PAP
– IP: EAP for wireless client
– DHCP Authentication
• Transparent Auto Logon (TAL): – Authenticates using subscriber related
network identifiers
– e.g. MAC/IP address, DHCP Option 82, PPPoE Tags...
• Web Logon
Authentication Is Not Mandatory on a Session, but Used in Most Situations
ISG Session
Authentication: Allow Access to Network Resources Only to Recognized Users
• Access Switch inserts Option82 Circuit and Remote ID in DHCP Requests
• ISG performs authentication using a combination of Circuit and RemoteID
• ISG session must be DHCP initiated
IP – common scenarios
• ISG performs authentication using identifiers from subscriber traffic (source IP/MAC)
• Typically used in topologies w/ L2 connected subscribers to support clients w/ static IP address or in IP-routed topologies
+ • User traffic redirected to Web Portal to enter credentials
• User Credentials propagated to ISG
• ISG uses credentials to authenticate user with AAA server
• Applicable to all session types
-
• User starts EAP authentication with Access Point (AP)
• ISG impersonates RADIUS server toward AP, and RADIUS client toward real server
• ISG learns session authentication status by proxying RADIUS messages betw/ real RADIUS client and Server
• ISG session must be RADIUS initiated
EAP Auth
RADIUS Username:
EAP username
AAA Server
AP Wireless Client
RADIUS (EAP based auth) EAP
RADIUS Username:
MAC/RemoteID:CircuitID
AAA Server
TAL: Option82 Auth
Access SW inserts Option 82 CircuitID/RemoteID
DHCP exchange
AAA Server
RADIUS Username:
MAC or IP
Data Traffic
TAL:IP/MAC
RADIUS Username: WebLogon Username
AAA Server
Web Portal
Web Logon
redirection
Data Traffic
ISG’s Subscriber Authentication
- IP sessions
Session Termination ISG Session
PPP Sessions Exclusively IP Sessions Exclusively ICMP/ARP keepalive failure
Keepalive failure
ICMP Keepalives used for routed sessions
ARP keepalives used for l2-connected sessions
PPP and PPPoX protocol events
ppp disconnect; ppp keepalives or L2TP hellos failure
RADIUS PoD
Policy Manager
RADIUS PoD (Packet Of Disconnect)
DHCP
DHCP Release
OR DHCP lease expiry
DHCP initiated sessions only
Web Portal
Web Logoff
RADIUS CoA Account-Logoff
Idle and Absolute Timeouts/Timer Expiry
IP and PPP Sessions
RADIUS
Wireless Client
RADIUS Accounting Stop EAP
AP
RADIUS initiated sessions only
ISG Services • Service: A collection of features that are applicable on a subscriber session Service =
{feat.1, feat.2,...,feat.n}
Session
Administration
Portbundle (PBHK)
Keepalives: ICMP and ARP based
Timeouts: Idle, Absolute
Traffic Conditioning QoS: Policing, MQC
Security: Per User ACLs
Traffic Forwarding
Control
Subscriber Address Assignment Control
Redirection: Initial, Permanent, Periodic
VRF assignment: Initial, Transfer
L2TP assignment
Traffic Accounting
PostPaid
Prepaid: Time/Volume based
Tariff Switching
Interim
Broadcast
Featu
res
Associated to Primary Services
ISG services
Primary Service: Contains one “traffic forwarding” feature and optionally other features; only one primary service can be active on a session
ISG Feature Granularity
• ISG Classification resembles
Modular QoS CLI (MQC)
• IP ACL (standard or extended)
are used to create differential
flows (Traffic Classes)
• Each Traffic Class can have a different set of features applied
• A Traffic Class and associated features also referred as TC service
• A Default TC can be used to drop traffic that could not be classified
SubscriberX Data
TC1
TC2
TC3
Flow Features
Session Features
Cla
ssific
ation
A
CL
AC
L
AC
L
grouped in Session Services
Subscriber Session
Defining Services
AAA Server
Policy Manager (supporting the SGI Interface)
Services defined in Service Profiles
Standard and Vendor Specific RADIUS attributes used
On demand download on a need basis
Services defined in XML
Pre-download of all existing services
RADIUS Access-request Username: Premium_HSI Password: <service pwd>
RADIUS Access-accept Features associated w/ service
2 Premium HSI service
should be activated on the session
No definition yet available
1
Service Activated on session Service Stored in local cache
while in use by at least 1 sessions
3
4
SGI Request Premium, Standard, Basic
HSI service definitions
SGI Response
1
• Definition of all existing Services typically pre-downloaded on Box
Services permanently stored in local database 2
3
ISG Services pre-configured using CLI
Services defined on Service Policies: policy-map type service <name>
Services permanently stored in local database
How Services Are Activated on a Session?
AAA Server
DHCP Server
Subscriber Policy Layer Administrator
Via an External Policy Manager/Web Portal
During Subscriber Authentication/ Authorization
Subscriber
RADIUS CoA or SGI
Request
Web Portal / Policy Server
DHCP Server
Subscriber Policy Layer
Web Portal / Policy Server
Subscriber
RADIUS Acc-req
Subscriber is successfully authenticated
RADIUS Response includes Services and Features to activate on Session (from UserProfile)
Service Activation request sent by External Policy Managers via a RADIUS CoA or a SGI Request message
Via the On-Box Policy Manager
Policy Plane determines what actions to take on session based on events
actions *include* applying a service
Control Plane ensures actions are taken –i.e. provisions the data plane
Data Plane enforces traffic conditioning policies to the session
AAA Server
RADIUS Acc-accept
Po
licy
pla
ne
C
on
trol
pla
ne
D
ata
p
lan
e
actions
eve
nts
from external PM
from data plane
ASR1000 as BNG/ISG
#CiscoPlusCA
Broadband Aggregation Architecture
Mobile Core Content Farm
Aggregation
Aggregation Network MPLS/IP
Edge IP / MPLS Core
Core
Network
MPLS /IP
VOD TV SIP
Access
Access Node
Subscriber
Business
Corporate
Residential
GGSN HA PDN GW
WiFi Mesh
Mobile
ESE+BNG
LNS
BNG
MSE+BNG
ISG (SP-WiFi)
ASR1000 BNG/ISG Subscriber Services
Subscriber auto provisioning
Dynamic service creation
IPv4 & IPv6-based services
Deployment models –
LAC/LNS/ISG Migration from Legacy Broadband
networks – ATM & Ethernet
Wholesale and Retail options
Wireline and Wireless (WiFi)
aggregation
Range of scale for small to
Large networks Sub-4K to 64K sessions scale
5G to 40G (160G future)
128K queues
1RU to 13RU form-factor
HA & ISSU
Stateful Intra-chassis
redundancy
In Service Software
Upgrade
Why ASR1000 for BNG/ISG? •Prepaid services, Per subscriber Firewall, Portal integration for self-provisioning, Policy server solutions, Services accounting within a session, Integrated DPI (by mid-CY11) etc
Feature richness & services support
•Dual-stack subscribers - PPPoE now and IPoE by mid-CY11)
•IPv6 native sessions with ISG
•IPv6 subscribers tunneled in L2TP
IPv6 Subscriber Support:
•NAT44 - maximum of 2M NAT sessions
•NAT64 - stateless model now and stateful NAT64 by mid-CY11
•6RD - IPv6 Rapid Deployment tunneling model
IPv4 Address Exhaust solutions
•LNS - aggregating the hotspots
•ISG - Managing individual subscriber authentication, services, billing etc
•NAT - Providing translation for private IPv4 address to public
SP WiFi Aggregation
•PPPoEoA
•PPPoA
•RBE
Legacy Broadband Migration options
•LNS
•PW based backhaul
•RA-MPLS
Wholesale Broadband Deployment
•HA for PPP, L2TP, AAA
•HA for IPoE and TCs High Availability and ISSU
ASR1k in SP Wi-Fi - Today
Internet
Portal DHCP
ISG ASR1K
L3 Connected
AP
AP
L2 Connected
AP
WLC
AP
AAA Mobile Home Network Policy
Residential WiFi
AP/CPE
AZR L2 Switch
Tunnel (L2TP)
LNS
PCRF HLR OCS CGF
Access Network Policy
Gy Gx Ga
L3
VL
AN
LAC
Features & Scale – (IOS XE 3.6S)
IPoE Sessions:
DHCP initiated,
unclassified IP or
MAC-address
initiator, Radius-
Proxy initiator
L4 Redirect
Traffic Classes
Postpaid & Prepaid
Accounting
Dynamic Rate
Limiting
LI
Radius CoA Interface
Per-User ACLs
IP Session Keep-alives,
timeouts
• VRF Transfer
• Port Bundle Host Key
(PBHK)
Stateful inter-chassis
redundancy with HSRP
Max scale: 32k Sessions
with ESP40/RP2
SP Wi-Fi Target Architecture
4G Core
Internet
Portal
GGSN
DHCP
IWAG ASR1K
GTP
PGW/LMA
3G Core
L3 Connected
AP
AP
L2 Connected
AP
WLC
AP
AAA
Mobile Home Network Policy
Residential WiFi
AP/CPE
AZR L2 Switch
LMA/sGRE agg
PCRF HLR OCS CGF
Access Network Policy
Gy Gx Ga
Gn’ L3
MAG/sGRE Initiator Target Scale: 128k sessions
ASR1000 iWAG – Phase 1: IOS XE 3.8S
4G Core
Internet
Portal
GGSN
DHCP
IWAG ASR1K
GTP
PGW/LMA
3G Core
L2 Connected
AP
WLC
AP
AAA
Mobile Home Network Policy
PCRF HLR OCS CGF
Access Network Policy
Gy Gx Ga
Gn’ Features:
• L2 Access & AAA Policy
1. EAP - FSOL: Radius Proxy/DHCP
2. TAL - FSOL: Unclassified MAC
3. Web Logon - FSOL: DHCP
• GGSN/LMA selection via AAA attribute
• Overlapping MNO address support with multiple SSID
Scale:
• 32k authenticated
ASR 9000 BNG
#CiscoPlusCA
ASR 9001 ASR 9006 ASR 9010 ASR 9922
2 RU 6 slots (¼ rack) 10 slots (½ rack) 22 slots (fullrack)
LC / Chassis 2 IO Slots 4 LC + 2 RSP 8 LC + 2 RSP 20 LC
Max Bandwidth / Slot 440G 440G 1.2TB
BW / Chassis 240 Gb 3.2 Tb 6.4 Tb 48 Tb
Double your system capacity by upgrading any ASR 9000 product to an ASR 9000 nV System
ASR 9000 System Portfolio One Edge System to meet all of your needs
• 240G Line Cards
• From 512K to 2M MACs learned in Hardware
• From 1.3M to 4M IPv4 prefixes
• From 512k to 2M IPv6 prefixes
• Hyper-Intelligent
• Video buffering for lossless multicast
• In-line video monitoring
• Integrated G.709
• SyncE / IEEE 1588-2008 PTP timing
• Tunneling services optimized
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 35
Route Switch Processor 440
Redundant
NextGen
Switch Fabric
Linecard w/
Ultra High Capacity
Fabric Access
Multi-Stage Switch-fabric
System Design
Linecard w/
Ultra High Capacity
Fabric Access
• More than 2x boosted System Capacity
• 220Gbps FDX per Slot (220G in + 220G out)
• Fully compatible and supported on all existing chassis types
(9006 & 9010)
• Ultra High Speed Control Plane
• MultiCore Intel CPU (Nehalem Class)
• Huge Scale through High Memory option
• 12GB Memory at FCS for -SE version
• Time and Synchronization
• IEEE 1588 v2 PTP support
• GPS ToD
• BITS
• Dedicated Virtualization Cluster EoBC 10GE ports on-board
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 36
ASR 9000 BNG: IPoE Sessions IPoE sessions
• 1G and 10G ports
• Support for LAG
• Logical (dot1q or QinQ) interfaces with ambiguous vlan definition
• Configurable on 1:1 and N:1 relationships betw/VLAN and IPoE Session
• DHCP based Discovery and packet based triggers
• Session lifecycle based on DHCP Lease Tracking and Split Lease
• authentication methods
• Transparent : NAS port
– DHCP Option 82
– DHCP Option 60
– vlan encap
• Web Based with HTTP redirection
• Forwarding model can be Native IP, MPLS ans L3VPN
Residential
Residential
STB
A
STB
RADIUS
IPoE CPE
Routed
GPON
MSAN
VDSL IPoE
sessions
IPoE CPE
Bridged
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 37
Coexistence of PPPoEoE and IP/DHCP based subscribers on same Ethernet interface
Enables step-wise migration
Unified Session management provide seamless management
RADIUS based methods to authenticate and account IP/DHCP based subscribers
NAS port
DHCP Option 82
DHCP Option 60
DHCP Proxy IP/DHCP Session Flexibility
IP based and VLAN based DHCP sessions enable support for 1:1 and N:1 VLAN models
ASR 9000 BNG: PPP and IP/DHCP Enabling Smooth Coexistence
RADIUS Portal
HTTP-R
Self-pro- visioning / Selfcare
RADIUS / AAA push/pull
Per Sub/Service Accounting
Internet
Subscriber Sessions
PPPoEoE
IPoE
DHCP
IP address Mgt. DHCP Proxy
BNG and CGN NAT44 on ISM
Outside
VRF
Private IPv4 Subscribers
Public IPv4
Inside
VRF
AppSVI ISM AppSVI
Interface
VLAN
Subscriber session
traffic sent to ISM
through VRF mapping
or ABF
ISM performs
translation and
forward packet
into outside VRF
Translated
subscriber’s traffic
forwarded on
interface in outside
VRF
ingress LC ISM egress LC CGN supported
at full session
scale
Compliant with standard NAT behaviors (RFC4787, RFC5382, RFC5508)
Increased Service
Velocity Quickly deploy new services
Multi-dimensional
Scale System and services scale
ASR 9000 “nV System”
ASR
9000v
ASR 9000
ASR
9000v
nV
nV
Network
Cloud
Client
ASR 9000 nV (Network Virtualization) Technology Simplify operations & scale
Simplify Operations Reduce overall TCO
Integrated A to Z
Management
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 42
BNG Satellite + Cluster
• Geo-redundant Dual Homing
• High Availability
• Huge 1GE Fan-out toward DSLAM
• Single-Chassis-like look & feel and
Management of Cluster Members
and Satellite
• Increase capacity
• Satellites appear like ASR 9000
Linecards
• Simplified topology, No Spanning
tree/MC-LAG or other L2
redundancy protocols needed
Home
MSAN
VDSL ASR 9000
BNG nV
nxGE
Satellite
ASR 9000
Distribution
Core
Third-Party Services/ Content
Aggregat
ion
Acce
ss
Virtualized control plane achieved via EOBC between
RSP’s provides hitless outage upon node failure.
Virtualized data plane achieved through linecard inter-
chassis connections.
A self-protected virtual chassis is created doubling the
system capacity.
Remote nodes are viewed as linecards and
remote platforms are discovered automatically.
Remote nodes are provisioned by the host.
Software images for remote nodes can be
upgraded automatically and features are in sync.
A self-managed access is created allowing scale
to be decoupled from a single platform.
Virtualized Control & Data Plane
Inter-chassis Connections
Activ
e
RSP
Standb
y
RSP
L
C
L
C
L
C
L
C
0 Activ
e
RSP
Standb
y
RSP
L
C
L
C
L
C
L
C
1
Creating an ASR 9000 Virtual System with nV Technology Enables a self protected, self managed ASR 9000 virtualized system
Edg
e
Core
Control
plane
Data
plane
ASR 9K
Series
Remote
Remote
Control
plane
Data
plane
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 44
BNG nV Edge – Distributed Architectures BNG on Aggregation – Access Node Dual Homing
• single access bundle (LAG) for Access Node dual homing
– Active/Standby member link, OR
– Source based (US), Destination based (DS) loadbalancing
– No MC-LAG, PADO delay (PPPoE), Access redundancy protocol
• single access subnet to subscriber – Single subscriber subnet advertised toward
core (minimizes subnet fragmentation issues)
– No split subnets
– No host route advertisement
• stateful failover – no session re-establishment on node failure
Core
LAG Agg. Dist.
A1
A2
D1
D2
Act.
Stb.
H1-A
H1-B
H2-A
H2-B
Agg.
LAG
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 45
BNG nV Edge – Centralized Architectures
ASR 9000
Virtual Cluster
Core
LAG
Announce all Subscriber IP Address Pools
Announce all Subscriber IP Address Pools
• Upstream Core routers perform Flow Based ECMP
• Since only one link per LAG is active,
all traffic to a given subscriber will end on a single chassis
• Subscriber SLA integrity is kept
MC-LAG MC-LAG
Agg. Dist.
A
1
A
2
D
1
D
2
R
0
R
1
Act.
Stb.
Act.
Stb.
Act.
Stb.
LAG
or other
Act./Stb.
method Act.
Stb.
H1-A
H1-B
H2-A
H2-B
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 46
BNG nV Edge – Centralized
Architectures Failover and Packet Flow ASR 9000
Virtual Cluster
Core
LAG
Announce all Subscriber IP Address Pools
Announce all Subscriber IP Address Pools
• Upstream Core routers perform Flow Based ECMP
• Since only one link per LAG is active, all
traffic to a given subscriber will end up on a single chassis
• Subscriber SLA integrity is kept
MC-LAG MC-LAG
Agg. Dist.
A
1
A
2
D
1
D
2
R
0
R
1
Act.
Stb.
Act.
Stb.
Act.
LAG
or other
Act./Stb.
method Act.
Stb.
H1-A
H1-B
H2-A
H2-B
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 47
BNG Satellite – Low Total Cost of Ownership
• Huge 1GE Fan-out toward
DSLAM
• Auto detect and provisioning
between nV Host and Satellites
• Satellites appear like ASR 9000
Linecards, same features and
consistency
• Single image upgrade
• Simplified architecture
Home
MSAN
VDSL ASR 9000
BNG nV
nxGE
Satellite
ASR 9000
Distribution
Core
ASR 9000v ASR 903 ASR 901
Q&A
#CiscoPlusCA
Follow @CiscoCanada and join the #CiscoPlusCA conversation
Access today’s presentations at cisco.com/ca/plus
We value your feedback. Please be sure to complete the Evaluation Form for this session.
ISG’s Subscriber Identification
Internet/Core
AAA Policy
Portal DHCP
Aggregation
ISG subscriber session: created at First Sign Of Life (FSOL)
N:1 relationship between session and interface
FSOL
PPP Sessions PPP call request
IP Session
Received Packet w/ unknown IP or MAC source address
DHCP Discover
RADIUS Request
A construct in
Cisco IOS that
represents
subscriber
IP or MAC initiated IP session
DHCP initiated IP session
RADIUS initiated IP session