Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000

Subscriber Traffic and

Policy Management

(BNG) on the ASR9000

and ASR1000

Agenda

The next wave of Broadband

ISG Overview

ASR1k as BNG/ISG

ASR 9k as BNG

#CiscoPlusCA

The Next Wave of Broadband

#CiscoPlusCA

Evolution in SP Network Architectures

• Increased revenue by decreasing cost of managing and maintaining multiple networks

• Increased overall revenue by increasing revenue per user

• Customized services

• Rapid deployment of new services based on market trends

• Subscriber Self Subscription and Self Care

Diverged “per Service” Networks

Converged “All in One”

Networks

Converged “User Centric”

Networks

The New User Experience – Cisco ISG Enabling the Next Wave of Broadband

Add Subscribers

Pay As You Go!

Buy credit

Pay What You Use!

Buy

Broadband Light

Buy: $19.99

Broadband Basic

Buy: $29.99

Broadband Premium

Buy: $39.99

Branded VoD ($4.99/movie)

Branded TV ($29.99)

Branded Phone ($15.99 + LD)

Add Value

Add Services

Register Log in

The elements of customization Subscriber identified using multiple dimensions. Identity gathered:

From multiple sources and events

Over session lifecycle

Services and Rules updated based on :

How subscriber behaves

What he requires NOW

Different Services and Rules applied based on:

Who subscriber is

Where he is

What he requires

Identity

Differentiated Services

Dynamic Service Management

Intelligent Services Gateway

Subscriber Services

Subscriber Sessions

Subscriber Services

Session creation/

authentication

Dynamic Policy Push and Pull

Building the Identity and Assigning Services

MAC Addr: 00:DE:34:F1:C0:28

IP Addr: ?

Username: ?

Service: DEFAULT_SRV

Subscriber Session

T0

DHCP Exchange Starts


IP Addr: 10.1.1.211

Username: ?

Service: DEFAULT_SRV

Subscriber Session

T1

DHCP Exchange Completes(*)


IP Addr: 10.1.1.211

Username: Bhavani

Service: PPU_SRV

BHAVANI Subscriber Session

T2

Subscriber Authentication(*)


IP Addr: 10.1.1.211

Username: Bhavani

Service: PREMIUM_FR_SRV

BHAVANI Subscriber Session

TN

Dynamic Service Update

Identities

Services

DEFAULT_SRV Only permits management traffic through the session

PPU_SRV Pay Per Use Service: - Permits all traffic - 512K/1Mbps US./DS - Accounting enabled on session

PREMIUM_FR_SRV Flat Rate Premium Data Service: - Permits all traffic - 1M/8Mbps US/DS

ISG

Subscriber

(*) Order of operations not representative of a real call flow

Example

Access Technology Abstraction

Open Garden Walled Garden

ATM/Ethernet

Switch

DSL

802.11 or

802.16

Access Distribution Ethernet

CMTS Cable

Subscriber-centric services regardless of: Access Technology

Access Protocol

Access Technology: Legacy DSL/ATM

Metro Ethernet, Wireless LAN, Cable

Access Protocol: IP

PPP

DSLAM

BRAS/BNG

PPP to IP Migration Key Requirements

Subscriber Access Detection

Subscriber authentication and authorization

Subscriber address management

G0/1.10

Create a per subscriber construct over a shared interface (“subscriber session”)

G0/1.10

John

Mike

Ted

John Mike Ted

Subscribers are John, Mike and Ted.

John and Mike are HSI users, Ted is VoIP user

There are 3 subscribers connected through G0/1.10

G0/1.10

John

John Mike Ted

Subscribers addresses should be:

10.1.1.10 John

10.1.1.20 Mike

10.1.1.30 Ted Mike

Uniquely establish subscriber identity and determine services and service levels per subscriber

Goal

10.1.1.30 10.1.1.20 10.1.1.10

Assign a unique IP address to each subscriber based on provider domain

Ted

What is ISG? Policy Server

Cisco Intelligent Services Gateway (ISG) is a licensed feature set on Cisco IOS that provides Session Management and Policy Management services to a variety of access networks

Addresses PPPoE to IPoE migration while maintaining all subscriber management functions

Subscriber Identity

Management

Policy Management

and Enforcement

DHCP Server

… AAA

Server

ISG

Web Portal

Open Northbound Interfaces

Subscriber Policy Layer

So focal, that the entire device is often referred as an: Intelligent Services Gateway router or simply “The ISG”

ISG

ISG Overview

#CiscoPlusCA

• Deployed at access or service edge

• Communicates with other devices to control all aspects of subscriber access in network

• Single point of contact

ISG’s place in the network

Internet/Core

AAA Policy DHCP

Aggregation

Portal

Subscriber Identification:

based on:

- who he is,

- where he is,

- how he behaves

- what he requires

Subscriber Authentication:

- PPP CHAP/PAP

- Transparent Auto Logon (TAL)

- Web Logon

- RADIUS

Subscriber Services Determination and Enforcement

Dynamic Service update

Session Lifecycle Management: establishment, configuration and tear down

ISG’s Subscriber Policy Layer

Walled Garden Open Garden

Internet/Core

Guest Portal


Video Audio Servers

AAA Server

Subscriber Authentication

Subscriber Authorization: User and Service Profile Repository

Per access and Per Service Accounting

Front-end toward billing system

Policy Server Dynamic Policy Push (Application Level Trigger)

Web Portal

Front end toward the subscriber for:

Self Subscription

Web Logon

Service Selection (Application Level Trigger)

DHCP Server Hand over of addresses to subscribers

Class-based address handover for ISG driven address pool selection

AAA Server

Policy Server

Web Portal

DHCP Server

Note: AAA Server, Policy Server, Web Portal can co-reside in the sample appliance

ISG’s Dynamic Policy Activation


Guest Portal

DHCP Server



Guest Portal

DHCP Server

AAA Server


Dynamic Policy Push (e.g. “Turbo Button”)

Policy Server

Application/ Service Layer event

Web Portal

Dynamic Policy Pull (e.g. Automatic Service-Profile

Download on Session Establishment)

Web Portal

Policy Server

Network Layer Event

AAA Server

ISG’s Northbound Interfaces

RADIUS Interface, for subscriber AAA functionalities and service download

RADIUS Extensions (RFC 3576) and XML based (SGI(*)) Open Interfaces, for dynamic, administrator or subscriber driven, session and service management functions


Internet/Core

Guest Portal

AAA Server

Policy Server

Web Portal

DHCP Server


Video Audio Servers

Policy PULL

Policy PUSH

(*) SGI: Services Gateway Interface

The Subscriber Session in ISG

• Construct within Cisco IOS that represents a subscriber – subscriber: billable entity and/or an entity that should be authenticated/authorize

• Common context on which services are activated

• Created at first sign of peer activity (FSOL = First Sign Of Life)


Internet/Core

Guest Portal


Video Audio Servers

Subscriber 1

Subscriber 2

Subscriber 3

Subscriber 1

session

Subscriber 2

session

Subscriber 3

session

AAA Server

Policy Server

Web Portal

DHCP Server

ISG Session

Dynamic Session Initiation • ISG sessions are initiated at the First Sign of Life (FSOL)

• FSOL depends on the Session Type

PPP Sessions - FSOL IP Sessions - FSOL .... there are options .....

DHCP

DHCP discover

Data Traffic

Unclassified MAC or IP IP packet with unknown MAC

or IP source address Use MAC for L2-connected IP

sessions

Use IP for routed IP sessions

DHCP Discover message

ISG must be DHCP Relay or Server

RADIUS Access/Accnt Start

ISG must be a Radius Proxy

Typically used in PWLAN and WiMAX environments

ISG Session

RADIUS

AP Wireless Client

RADIUS Access Request OR

Accounting Start

PPP Call Request (LCP)

Session Authentication

Authentication models supported: • Access Protocol Native Authentication:

– PPP: CHAP/PAP

– IP: EAP for wireless client

– DHCP Authentication

• Transparent Auto Logon (TAL): – Authenticates using subscriber related

network identifiers

– e.g. MAC/IP address, DHCP Option 82, PPPoE Tags...

• Web Logon

Authentication Is Not Mandatory on a Session, but Used in Most Situations

ISG Session

Authentication: Allow Access to Network Resources Only to Recognized Users

• Access Switch inserts Option82 Circuit and Remote ID in DHCP Requests

• ISG performs authentication using a combination of Circuit and RemoteID

• ISG session must be DHCP initiated

IP – common scenarios

• ISG performs authentication using identifiers from subscriber traffic (source IP/MAC)

• Typically used in topologies w/ L2 connected subscribers to support clients w/ static IP address or in IP-routed topologies

+ • User traffic redirected to Web Portal to enter credentials

• User Credentials propagated to ISG

• ISG uses credentials to authenticate user with AAA server

• Applicable to all session types

-

• User starts EAP authentication with Access Point (AP)

• ISG impersonates RADIUS server toward AP, and RADIUS client toward real server

• ISG learns session authentication status by proxying RADIUS messages betw/ real RADIUS client and Server

• ISG session must be RADIUS initiated

EAP Auth

RADIUS Username:

EAP username

AAA Server

AP Wireless Client

RADIUS (EAP based auth) EAP

RADIUS Username:

MAC/RemoteID:CircuitID

AAA Server

TAL: Option82 Auth

Access SW inserts Option 82 CircuitID/RemoteID

DHCP exchange

AAA Server

RADIUS Username:

MAC or IP

Data Traffic

TAL:IP/MAC

RADIUS Username: WebLogon Username

AAA Server

Web Portal

Web Logon

redirection

Data Traffic

ISG’s Subscriber Authentication

- IP sessions

Session Termination ISG Session

PPP Sessions Exclusively IP Sessions Exclusively ICMP/ARP keepalive failure

Keepalive failure

ICMP Keepalives used for routed sessions

ARP keepalives used for l2-connected sessions

PPP and PPPoX protocol events

ppp disconnect; ppp keepalives or L2TP hellos failure

RADIUS PoD

Policy Manager

RADIUS PoD (Packet Of Disconnect)

DHCP

DHCP Release

OR DHCP lease expiry

DHCP initiated sessions only

Web Portal

Web Logoff

RADIUS CoA Account-Logoff

Idle and Absolute Timeouts/Timer Expiry

IP and PPP Sessions

RADIUS

Wireless Client

RADIUS Accounting Stop EAP

AP

RADIUS initiated sessions only

ISG Services • Service: A collection of features that are applicable on a subscriber session Service =

{feat.1, feat.2,...,feat.n}

Session

Administration

Portbundle (PBHK)

Keepalives: ICMP and ARP based

Timeouts: Idle, Absolute

Traffic Conditioning QoS: Policing, MQC

Security: Per User ACLs

Traffic Forwarding

Control

Subscriber Address Assignment Control

Redirection: Initial, Permanent, Periodic

VRF assignment: Initial, Transfer

L2TP assignment

Traffic Accounting

PostPaid

Prepaid: Time/Volume based

Tariff Switching

Interim

Broadcast

Featu

res

Associated to Primary Services

ISG services

Primary Service: Contains one “traffic forwarding” feature and optionally other features; only one primary service can be active on a session

ISG Feature Granularity

• ISG Classification resembles

Modular QoS CLI (MQC)

• IP ACL (standard or extended)

are used to create differential

flows (Traffic Classes)

• Each Traffic Class can have a different set of features applied

• A Traffic Class and associated features also referred as TC service

• A Default TC can be used to drop traffic that could not be classified

SubscriberX Data

TC1

TC2

TC3

Flow Features

Session Features

Cla

ssific

ation

A

CL

AC

L

AC

L

grouped in Session Services

Subscriber Session

Defining Services

AAA Server

Policy Manager (supporting the SGI Interface)

Services defined in Service Profiles

Standard and Vendor Specific RADIUS attributes used

On demand download on a need basis

Services defined in XML

Pre-download of all existing services

RADIUS Access-request Username: Premium_HSI Password: <service pwd>

RADIUS Access-accept Features associated w/ service

2 Premium HSI service

should be activated on the session

No definition yet available

1

Service Activated on session Service Stored in local cache

while in use by at least 1 sessions

3

4

SGI Request Premium, Standard, Basic

HSI service definitions

SGI Response

1

• Definition of all existing Services typically pre-downloaded on Box

Services permanently stored in local database 2

3

ISG Services pre-configured using CLI

Services defined on Service Policies: policy-map type service <name>

Services permanently stored in local database

How Services Are Activated on a Session?

AAA Server

DHCP Server

Subscriber Policy Layer Administrator

Via an External Policy Manager/Web Portal

During Subscriber Authentication/ Authorization

Subscriber

RADIUS CoA or SGI

Request

Web Portal / Policy Server

DHCP Server


Web Portal / Policy Server

Subscriber

RADIUS Acc-req

Subscriber is successfully authenticated

RADIUS Response includes Services and Features to activate on Session (from UserProfile)

Service Activation request sent by External Policy Managers via a RADIUS CoA or a SGI Request message

Via the On-Box Policy Manager

Policy Plane determines what actions to take on session based on events

actions *include* applying a service

Control Plane ensures actions are taken –i.e. provisions the data plane

Data Plane enforces traffic conditioning policies to the session

AAA Server

RADIUS Acc-accept

Po

licy

pla

ne

C

on

trol

pla

ne

D

ata

p

lan

e

actions

eve

nts

from external PM

from data plane

ASR1000 as BNG/ISG

#CiscoPlusCA

Broadband Aggregation Architecture

Mobile Core Content Farm

Aggregation

Aggregation Network MPLS/IP

Edge IP / MPLS Core

Core

Network

MPLS /IP

VOD TV SIP

Access

Access Node

Subscriber

Business

Corporate

Residential

GGSN HA PDN GW

WiFi Mesh

Mobile

ESE+BNG

LNS

BNG

MSE+BNG

ISG (SP-WiFi)

ASR1000 BNG/ISG Subscriber Services

Subscriber auto provisioning

Dynamic service creation

IPv4 & IPv6-based services

Deployment models –

LAC/LNS/ISG Migration from Legacy Broadband

networks – ATM & Ethernet

Wholesale and Retail options

Wireline and Wireless (WiFi)

aggregation

Range of scale for small to

Large networks Sub-4K to 64K sessions scale

5G to 40G (160G future)

128K queues

1RU to 13RU form-factor

HA & ISSU

Stateful Intra-chassis

redundancy

In Service Software

Upgrade

Why ASR1000 for BNG/ISG? •Prepaid services, Per subscriber Firewall, Portal integration for self-provisioning, Policy server solutions, Services accounting within a session, Integrated DPI (by mid-CY11) etc

Feature richness & services support

•Dual-stack subscribers - PPPoE now and IPoE by mid-CY11)

•IPv6 native sessions with ISG

•IPv6 subscribers tunneled in L2TP

IPv6 Subscriber Support:

•NAT44 - maximum of 2M NAT sessions

•NAT64 - stateless model now and stateful NAT64 by mid-CY11

•6RD - IPv6 Rapid Deployment tunneling model

IPv4 Address Exhaust solutions

•LNS - aggregating the hotspots

•ISG - Managing individual subscriber authentication, services, billing etc

•NAT - Providing translation for private IPv4 address to public

SP WiFi Aggregation

•PPPoEoA

•PPPoA

•RBE

Legacy Broadband Migration options

•LNS

•PW based backhaul

•RA-MPLS

Wholesale Broadband Deployment

•HA for PPP, L2TP, AAA

•HA for IPoE and TCs High Availability and ISSU

ASR1k in SP Wi-Fi - Today

Internet

Portal DHCP

ISG ASR1K

L3 Connected

AP

AP

L2 Connected

AP

WLC

AP

AAA Mobile Home Network Policy

Residential WiFi

AP/CPE

AZR L2 Switch

Tunnel (L2TP)

LNS

PCRF HLR OCS CGF

Access Network Policy

Gy Gx Ga

L3

VL

AN

LAC

Features & Scale – (IOS XE 3.6S)

IPoE Sessions:

DHCP initiated,

unclassified IP or

MAC-address

initiator, Radius-

Proxy initiator

L4 Redirect

Traffic Classes

Postpaid & Prepaid

Accounting

Dynamic Rate

Limiting

LI

Radius CoA Interface

Per-User ACLs

IP Session Keep-alives,

timeouts

• VRF Transfer

• Port Bundle Host Key

(PBHK)

Stateful inter-chassis

redundancy with HSRP

Max scale: 32k Sessions

with ESP40/RP2

SP Wi-Fi Target Architecture

4G Core

Internet

Portal

GGSN

DHCP

IWAG ASR1K

GTP

PGW/LMA

3G Core

L3 Connected

AP

AP

L2 Connected

AP

WLC

AP

AAA

Mobile Home Network Policy

Residential WiFi

AP/CPE

AZR L2 Switch

LMA/sGRE agg

PCRF HLR OCS CGF


Gy Gx Ga

Gn’ L3

MAG/sGRE Initiator Target Scale: 128k sessions

ASR1000 iWAG – Phase 1: IOS XE 3.8S

4G Core

Internet

Portal

GGSN

DHCP

IWAG ASR1K

GTP

PGW/LMA

3G Core

L2 Connected

AP

WLC

AP

AAA

Mobile Home Network Policy

PCRF HLR OCS CGF


Gy Gx Ga

Gn’ Features:

• L2 Access & AAA Policy

1. EAP - FSOL: Radius Proxy/DHCP

2. TAL - FSOL: Unclassified MAC

3. Web Logon - FSOL: DHCP

• GGSN/LMA selection via AAA attribute

• Overlapping MNO address support with multiple SSID

Scale:

• 32k authenticated

ASR 9000 BNG

#CiscoPlusCA

ASR 9001 ASR 9006 ASR 9010 ASR 9922

2 RU 6 slots (¼ rack) 10 slots (½ rack) 22 slots (fullrack)

LC / Chassis 2 IO Slots 4 LC + 2 RSP 8 LC + 2 RSP 20 LC

Max Bandwidth / Slot 440G 440G 1.2TB

BW / Chassis 240 Gb 3.2 Tb 6.4 Tb 48 Tb

Double your system capacity by upgrading any ASR 9000 product to an ASR 9000 nV System

ASR 9000 System Portfolio One Edge System to meet all of your needs

• 240G Line Cards

• From 512K to 2M MACs learned in Hardware

• From 1.3M to 4M IPv4 prefixes

• From 512k to 2M IPv6 prefixes

• Hyper-Intelligent

• Video buffering for lossless multicast

• In-line video monitoring

• Integrated G.709

• SyncE / IEEE 1588-2008 PTP timing

• Tunneling services optimized

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 35

Route Switch Processor 440

Redundant

NextGen

Switch Fabric

Linecard w/

Ultra High Capacity

Fabric Access

Multi-Stage Switch-fabric

System Design

Linecard w/

Ultra High Capacity

Fabric Access

• More than 2x boosted System Capacity

• 220Gbps FDX per Slot (220G in + 220G out)

• Fully compatible and supported on all existing chassis types

(9006 & 9010)

• Ultra High Speed Control Plane

• MultiCore Intel CPU (Nehalem Class)

• Huge Scale through High Memory option

• 12GB Memory at FCS for -SE version

• Time and Synchronization

• IEEE 1588 v2 PTP support

• GPS ToD

• BITS

• Dedicated Virtualization Cluster EoBC 10GE ports on-board


ASR 9000 BNG: IPoE Sessions IPoE sessions

• 1G and 10G ports

• Support for LAG

• Logical (dot1q or QinQ) interfaces with ambiguous vlan definition

• Configurable on 1:1 and N:1 relationships betw/VLAN and IPoE Session

• DHCP based Discovery and packet based triggers

• Session lifecycle based on DHCP Lease Tracking and Split Lease

• authentication methods

• Transparent : NAS port

– DHCP Option 82

– DHCP Option 60

– vlan encap

• Web Based with HTTP redirection

• Forwarding model can be Native IP, MPLS ans L3VPN

Residential

Residential

STB

A

STB

RADIUS

IPoE CPE

Routed

GPON

MSAN

VDSL IPoE

sessions

IPoE CPE

Bridged


Coexistence of PPPoEoE and IP/DHCP based subscribers on same Ethernet interface

Enables step-wise migration

Unified Session management provide seamless management

RADIUS based methods to authenticate and account IP/DHCP based subscribers

NAS port

DHCP Option 82

DHCP Option 60

DHCP Proxy IP/DHCP Session Flexibility

IP based and VLAN based DHCP sessions enable support for 1:1 and N:1 VLAN models

ASR 9000 BNG: PPP and IP/DHCP Enabling Smooth Coexistence

RADIUS Portal

HTTP-R

Self-provisioning / Selfcare

RADIUS / AAA push/pull

Per Sub/Service Accounting

Internet

Subscriber Sessions

PPPoEoE

IPoE

DHCP

IP address Mgt. DHCP Proxy

BNG and CGN NAT44 on ISM

Outside

VRF

Private IPv4 Subscribers

Public IPv4

Inside

VRF

AppSVI ISM AppSVI

Interface

VLAN

Subscriber session

traffic sent to ISM

through VRF mapping

or ABF

ISM performs

translation and

forward packet

into outside VRF

Translated

subscriber’s traffic

forwarded on

interface in outside

VRF

ingress LC ISM egress LC CGN supported

at full session

scale

Compliant with standard NAT behaviors (RFC4787, RFC5382, RFC5508)

Increased Service

Velocity Quickly deploy new services

Multi-dimensional

Scale System and services scale

ASR 9000 “nV System”

ASR

9000v

ASR 9000

ASR

9000v

nV

nV

Network

Cloud

Client

ASR 9000 nV (Network Virtualization) Technology Simplify operations & scale

Simplify Operations Reduce overall TCO

Integrated A to Z

Management


BNG Satellite + Cluster

• Geo-redundant Dual Homing

• High Availability

• Huge 1GE Fan-out toward DSLAM

• Single-Chassis-like look & feel and

Management of Cluster Members

and Satellite

• Increase capacity

• Satellites appear like ASR 9000

Linecards

• Simplified topology, No Spanning

tree/MC-LAG or other L2

redundancy protocols needed

Home

MSAN

VDSL ASR 9000

BNG nV

nxGE

Satellite

ASR 9000

Distribution

Core

Third-Party Services/ Content

Aggregat

ion

Acce

ss

Virtualized control plane achieved via EOBC between

RSP’s provides hitless outage upon node failure.

Virtualized data plane achieved through linecard inter-

chassis connections.

A self-protected virtual chassis is created doubling the

system capacity.

Remote nodes are viewed as linecards and

remote platforms are discovered automatically.

Remote nodes are provisioned by the host.

Software images for remote nodes can be

upgraded automatically and features are in sync.

A self-managed access is created allowing scale

to be decoupled from a single platform.

Virtualized Control & Data Plane

Inter-chassis Connections

Activ

e

RSP

Standb

y

RSP

L

C

L

C

L

C

L

C

0 Activ

e

RSP

Standb

y

RSP

L

C

L

C

L

C

L

C

1

Creating an ASR 9000 Virtual System with nV Technology Enables a self protected, self managed ASR 9000 virtualized system

Edg

e

Core

Control

plane

Data

plane

ASR 9K

Series

Remote

Remote

Control

plane

Data

plane

http://www.vonage.com/lp/US/searchmsn/


BNG nV Edge – Distributed Architectures BNG on Aggregation – Access Node Dual Homing

• single access bundle (LAG) for Access Node dual homing

– Active/Standby member link, OR

– Source based (US), Destination based (DS) loadbalancing

– No MC-LAG, PADO delay (PPPoE), Access redundancy protocol

• single access subnet to subscriber – Single subscriber subnet advertised toward

core (minimizes subnet fragmentation issues)

– No split subnets

– No host route advertisement

• stateful failover – no session re-establishment on node failure

Core

LAG Agg. Dist.

A1

A2

D1

D2

Act.

Stb.

H1-A

H1-B

H2-A

H2-B

Agg.

LAG


BNG nV Edge – Centralized Architectures

ASR 9000

Virtual Cluster

Core

LAG

Announce all Subscriber IP Address Pools


• Upstream Core routers perform Flow Based ECMP

• Since only one link per LAG is active,

all traffic to a given subscriber will end on a single chassis

• Subscriber SLA integrity is kept

MC-LAG MC-LAG

Agg. Dist.

A

1

A

2

D

1

D

2

R

0

R

1

Act.

Stb.

Act.

Stb.

Act.

Stb.

LAG

or other

Act./Stb.

method Act.

Stb.

H1-A

H1-B

H2-A

H2-B


BNG nV Edge – Centralized

Architectures Failover and Packet Flow ASR 9000

Virtual Cluster

Core

LAG



• Upstream Core routers perform Flow Based ECMP

• Since only one link per LAG is active, all

traffic to a given subscriber will end up on a single chassis

• Subscriber SLA integrity is kept

MC-LAG MC-LAG

Agg. Dist.

A

1

A

2

D

1

D

2

R

0

R

1

Act.

Stb.

Act.

Stb.

Act.

LAG

or other

Act./Stb.

method Act.

Stb.

H1-A

H1-B

H2-A

H2-B


BNG Satellite – Low Total Cost of Ownership

• Huge 1GE Fan-out toward

DSLAM

• Auto detect and provisioning

between nV Host and Satellites

• Satellites appear like ASR 9000

Linecards, same features and

consistency

• Single image upgrade

• Simplified architecture

Home

MSAN

VDSL ASR 9000

BNG nV

nxGE

Satellite

ASR 9000

Distribution

Core

ASR 9000v ASR 903 ASR 901

Q&A

#CiscoPlusCA

Follow @CiscoCanada and join the #CiscoPlusCA conversation

Access today’s presentations at cisco.com/ca/plus

We value your feedback. Please be sure to complete the Evaluation Form for this session.

ISG’s Subscriber Identification

Internet/Core

AAA Policy

Portal DHCP

Aggregation

ISG subscriber session: created at First Sign Of Life (FSOL)

N:1 relationship between session and interface

FSOL

PPP Sessions PPP call request

IP Session

Received Packet w/ unknown IP or MAC source address

DHCP Discover

RADIUS Request

A construct in

Cisco IOS that

represents

subscriber

IP or MAC initiated IP session

DHCP initiated IP session

RADIUS initiated IP session

Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000

Technology

Transcript of Subscriber Traffic & Policy Management (BNG) on the ASR9000 & ASR1000