1© 2005 Cisco Systems, Inc. All rights reserved.Service ExchangeFramework_1205 Cisco Public
Cisco Service Exchange Frameworkand Policy Management
March 2006
2© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Agenda
Service Provider Marketand the Service Exchange
Cisco Service Control EngineReview and update
Service Exchange FrameworkPolicy Management and services
3© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Representsa CompoundAnnual GrowthRate (CAGR)of 95.6% from2002–2007
2001 2002 2003 2004 2005 2006 2007
SP Business Model Dilemma
81K
180K
500K
750K
1.5M2.6M
5.2M
0
400K
700K
1M
3M
5M
100K
50K
Terabits per Day
75K
400B
350B
300B
250B
200B
100B
150B
50B
0
$ Billions
Total Retail Calls
Total Retail Dataand Internet
Source: Gartner 2003 95.6%
Service Providers are Turningto New Service Platforms for
Business Growth
4© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Market is Primed…Consumers are Spending Heavily on Communications
Evolution of Household Spending in OECD Countries, 1990–2000
Source: OECD 2003
CommunicationsIndex: 1990=100
1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000
Health
Education
Water, Electricity & Gas
Recreation and Culture
Transport
Restaurants & Hotels
Alcohol, Tobacco & Narcotics
Household Equipment
Clothing & Footwear
Food
160
150
140
130
120
110
100
90
80
70
60
5© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
…And are Willing to PayMore for Valued Services
SecuritySimplicityIntegration
PersonalizationControl
Speed ReliabilityLow Cost
VoiceData
Video
WiredWireless
Innovation
Share households spent on communications rose by50% in developed countries over the past decade
6© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
More Than Just RevenueOther Tangible Benefits Can Be Measured
MarketShare
CompetitivePosition
CustomerRetention
Advancing Upthe Value Chain
with theCustomer
Servicescrossing overinto othersegmentstraditionalareas
Deployingservices asdefensivemove versuscompetitors
Moreservices percustomerreduces churn
Deployingunique servicesfends againstcommoditizationor beingrelegated to‘only transport’for applicationproviders
7© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Today’s Universe of ApplicationsRequires Support for SIP and Non-SIP Applications
Session BasedNon-Session Based
Web, HTML P2P
Business IP - VPN
Messaging–SMS, MMS
Voice Push-to-Talk
Push-to-Video
StreamingVideo
IM
Group Chat
Video onDemand
OnlineGames
IPTV
DualMode
EnterpriseIntegration
E-Commerce
SIP (IMS) OnlyApps
SIP (IMS)OR
Non-SIPApps
Non-SIP OnlyApps
Rea
l Tim
eN
on-R
eal T
ime
8© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
What is IP Multimedia Subsystem (IMS)?
• Layered architecture—separates transport,control and application functions
• Access-agnostic—initially defined formobile carriers, but allows convergence offixed and mobile networks and applications
• Real-time IP applications—Enhances and“blends” SIP-based services
A standards-based effortdeveloped as a means for
voice-centric mobileoperators to more efficiently
deploy and handle SIPservices
9© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Service Exchange FrameworkComprehensive Support for BOTH IMS and Non-SIP Apps
Intelligent Networking
Video &Gaming
DataCenter
Presence-Based
TelephonyWeb
ServicesMobileApps
IPContactCenter
IntelligentEdge
CustomerElement
MultiserviceCore
Access/Aggregation
App
licat
ion
Laye
rSe
rvic
eLa
yer
Net
wor
kLa
yer
Transport
Ope
ratio
nal L
ayer
ServiceExchange
OpenFrameworkfor Enabling
‘Triple Play onthe Move’(Data, Voice,
Video, Mobility)
Identity Policy Billing
Mobility
SelfService
Traffic Traffic EngineeringEngineering MulticastMulticast SecuritySecurity
CoS/QoSCoS/QoS MPLSMPLS
PeeringPeering
L2L2//L3 VPNL3 VPN
VPLSVPLS
FastFastReroutingRerouting
Routing ProtocolsRouting Protocols
IPoDWDMIPoDWDM
PPP/FR/ATM/EthernetPPP/FR/ATM/Ethernet
IPv4/IPv6IPv4/IPv6
IMS Non-IMS
10© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Cisco IP NGN ArchitectureAchieving a Whole Greater Than the Sum of the Parts
Intelligent Networking
GamingData
Center
Presence-Based
TelephonyWeb
ServicesMobileApps
IPContactCenter
IntelligentEdge
CustomerElement
MultiserviceCore
Access/Aggregation
App
licat
ion
Laye
rSe
rvic
eLa
yer
Net
wor
kLa
yer
Transport
Ope
ratio
nal L
ayer
ServiceExchange
OpenFrameworkfor Enabling
‘Triple Play onthe Move’(Data, Voice,
Video, Mobility)
Identity Policy Billing
Mobility
SelfService
11© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Service Exchange FrameworkEnabling Personalized Rich Media Services
MOBILITY SERVICES MANAGEMENTDevice RoamingService MobilityUser Mobility
MULTIDIMENSIONAL IDENTITY MANAGEMENTUser / Device IDSubscriber AwarenessLocation / PresenceService RegistrationAudit / LoggingAssured Authentication
DYNAMIC SESSION MANAGEMENTCall ControlSession Border ControlRich-Media ControlDiff Bandwidth & QoS per SessionAccounting / Billing
POLICY AND RESOURCE MANAGEMENTSubscriber PolicyApplication / ChainingPer-Sub ServiceService Invocation
Who?• Who is the user?
• Devices• Profile• Location• Presence
What?• What can the user do?
• Within what timeframe• To what extent• Under what rules
How?• How can I dynamically control resources?
• Interwork & provide rich media control• Monitor & charge on a per
service / per user basis• Enable application awareness
Where?• Where can the user roam?
• Track/recognize user devicesacross carriers
• Maintain user sessions acrossmultiple networks
• Offer all services in all locations
ServiceExchange
Framework
12© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Cisco Service Exchange FrameworkCase Studies
GreaterEfficiencies
Efficient Management ofVideo Oversubscription
• Preserves quality of experience• Provides network-based graceful busy
signal when demand exceeds capacity• In trials at major MSO, critical for IPTV
Video Call Admission Control• Enable new business models between
content and service providersDetect and manage affiliatedapplications and align QoSCo-branding and fee sharing
Service Prioritization viaDeep Packet Inspection
Reduced TransitCosts
Web
P2P
Actual Customer
Data
Actual Customer
Data
220,000200,000180,000160,000140,000120,000100,00080,00060,00040,00020,000
0
KB
ITS
/SE
C
Week #1 Week #3 Week #5
Hourly Total Bandwidth (Kbits/Sec) Per Serv ice
Managing P2P Applications
13© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Cisco Service Exchange FrameworkCase Studies
Implement Fair Use Policy
• Eliminates bandwidth bottlenecks• Enhanced user experience
User quota based on 7-day timeframe16 kbps28 kbps28 kbps48 kbps P2P
48 kbps65 kbps128 kbpsNo Limitaudio /video streaming
256 kbps
256 kbps No LimitNo Limite-mail + WWW
over 5.6 GB
less then 5.6 GB
less then 4.2 GB
less than 2.8 GB
Usage
16 kbps28 kbps28 kbps48 kbps P2P
48 kbps65 kbps128 kbpsNo Limitaudio /video streaming
256 kbps
256 kbps No LimitNo Limite-mail + WWW
over 5.6 GB
less then 5.6 GB
less then 4.2 GB
less than 2.8 GB
Usage
BetterControl
Enhanced Security Services• DDoS service provider
infrastructure protection• Peering edge DDoS
protection• Managed service models
DefendDefend
DetectDetectMitigateMitigate
InjectInject DivertDivert
Infrastructure
ProtectionClean diverted
Traffic using
Cisco guard
Re-inject
cleaned
traffic
Proactive threat
Detection
Enhanced Security-DDoS Protection
14© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Typical Tiered Service Model Pricing ExampleAdding Value to Differentiate Services
MEMBER SERVICE FAMILY SERVICE BUSINESS SERVICE•One IP Address•2MB Down•512K Uplink
•One IP Address•4MB Down•512K Uplink
•Three IP Addresses•6MB Down•1MB Uplink
•500 Minutes paid •Unlimited •Unlimited
$19.95 $49.95$9.95
•Email•Basic Internet•P2P Marked
•Email / Video•Full Internet•100 TCP Sessions•P2P Traffic Marking•Child-safe Internet•Pop-up Blocker
•Email / Video / Voice• Wireless Internet• No TCP Limits• P2P Traffic• Firewall• IPSEC VPN Speed Up
NEW
$29.95 $69.95$39.95
BetterControl
15© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Enhanced VoBB Service ExamplesImproving the Quality and Control of the User Experience
Video on DemandTV on Demand / nPVR
Broadcast Television Video StreamingVideo Phone /Video Conferencing
Gaming / Interactive TV
“Over the Top”Video
ManagedVideo
Applications
VideoCommunications
Services
Video to Other Devices
BetterControl
16© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
• Geoff talk at latestApricot meeting in Perth.
• Can large incumbentimplement a convergedNGN network?
• Are they able toinnovate?
• Unfortunately, SP EMEAperspective is missingfrom this presetnation...
• Also listen to Geoffspeach at NANOG:http://www.nanog.org/mtg-0510/huston.futures.html
Apricot 2006 (http://www.apricot.net/)
17© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
• Service Control talk atApricot 2006 meeting inPerth.
• Exponential increase inpeering bandwidth andtransit costs.
• Need for P2Poptimization.
Apricot 2006 (http://www.apricot.net/)
18© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Traffic Distribution Patterns
Network Usage by Traffic Type
19© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
What Do We Download?
Source: Leibowitz, N., Ripeanu, M., Wierzbicki, A. “Desconstructing the KaZaA network”
Images
Songs
Movies
20© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Agenda
Cisco Service Control EngineReview and update
Service Provider Marketand the Service Exchange
Service Exchange FrameworkPolicy Management and services
21© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Service Control – Solution Components
AccessNetwork
Backbonenetwork
Reporting Tool
EngageConsole
SubscriberManager
AAA DHCP RADIUSBilling
PolicyServer
Service Portal
CollectionManager
22© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
SCE 1000 and SCE 2000
2,000,000100,0004 Gbps2 x 10/100/1000 RJ-45
8 x FE RJ-45SCE2020-4/8FE
2,000,000100,0004 Gbps2 x 10/100/1000 RJ-45
4 x GE
• SX (850 nm)
• LX (1310 nm)
SCE2020-4GBE
2,000,000Max flows (unidir)40,000Max # subscribers2 GbpsMax throughput2 x Eth 10/100 RJ-45Management
2 x GE
• SX (850 nm)
• LX (1310 nm)
InterfacesSCE1010
23© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Key Advantage –Hardware Accelerated Platform
• Hardware only processingof most traffic (80%)
• Flexibility through CPUs andintelligent interaction with hardware
• Load balanced CPUs with zeroprocessor wait-states
• Fast-path for delay sensitive (e.g.voice) traffic. Average delay of lessthan 30micro-seconds
• 4Gbps of processing• No sampling; full processing of
every packet• Programmable inspection and
policies• Performance not dependant on
policy complexity
FF
CLS
DP0 DP1
Processing Unit 1
RX
PPC
Processing Unit 1
RX
PPC
Processing Unit 1
RX
PPC
Processing Unit 1
RX
PPC
TX
NIC (RX part)LIC0 LIC1
Port 3 Port 4
NIC (TX part)LIC0 LIC1
Port 1 Port 2
Port 3 Port 4Port 1 Port 2
24© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Reliability
• L3/4 traffic filter (isolate traffic)Traffic filtering
• Electrical / Optical bypass• 1+1 Cascade redundancy• N+1 Cluster redundancy
System redundancy
• Redundant Power Supplies andfans
• Field replaceable PSU / FAN• AC / DC power dual-feeds• Redundant management port• No HD
• MTBF 80,890
Component Reliability
25© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
• First signature release: 1 week• Final signature: 4 weeks
Protocol: Skype (P2P VoIP Application)
• Development time: 3 weeks• Signature update after application ‘morphed’: 1 day
Protocol: Winny (popular Japanese P2P application)
Key Advantage: Programmability
• Flexible, bi-directional multi packet signatures• Programmable device core
• Dedicated team of experts focused on service-providerrequirements
Examples:
26© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Network Analysis andSubscriber Intelligence
Bandwidth/Capacity Reports• What is eating up my network resources?• When do I need a capacity upgrade?• What is causing congestion?
Subscriber Demographic Reports• What percentage is using P2P/gaming application?• What are the usage patterns of different subscriber groups?• What is the cost-impact of my top subscribers?
Server Activity• What are the popular web-hosts used?• What are the popular streaming sites?
27© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Network Analysis andSubscriber Intelligence
Robust Collection Environment
Security Reports• Which subscribers are infected and attacking others?• Which subscribers are spamming?• Which subscriber is attacking network resources?
Voice Reports• Quality of experience of VoIP calls• Minutes spent on VoIP services• Total and concurrent calls per VoIP service• Compare managed vs. non-facility service
• Efficient and reliable usage export protocol
• Stand alone of integrated into upstream management or billing systems
• Scaleable collection software
• Powerful and easy to use, template-driven reporting tool
28© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Intelligent Flow Management:BitTorrent Dormant Flows
• BitTorrent multiple connectionsSingle client creates 100’s ofconcurrent flowsFlow are frequently revisited but not alwaysusedBitTorrent signature only available on firstclient contact (flow start)Order of magnitude more than other P2Papplications
• DPI dilemma: How to manage flows?Slow aging: Exhaust DPI engine flow-table(1,000 active BT clients can consume hundredof thousand flows)Quick aging: Loose classification accuracy ofmost popular P2P application
• A choice between two “bad options”?Available as part of 2.5.6 and 3.0
29© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Intelligent Flow Management—BitTorrent Dormant Flows
• Cisco SCE Solution: Dormant FlowRepository
• Main flow database holds active flows
• Compressed dormant flows db usedto age inactive flows
Dormant DB holds flow classification history
Flow reactivated when more packets areseen
Allows for quick aging without loss ofclassification information
• Result:Flow efficiency of quick aging
Classification accuracy of slow aging
SCE Flow Database
FL 0x1FL 0x2FL 0x3
FL 0xN
.
.
.
DF1 DF2 DF3 DF4DF5 DF6 DF7 DF8DF9 DF10 DF11 DF12
DFN DFN DFN DFN
.
.
.
Inactive Flows
ReactivatedFlows
Available as part of 2.5.6 and 3.0SCE Dormant
Flow Database
30© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Intelligent Flow Management:BitTorrent Dormant Flows
• Dormant flow databasesupports 1M dormantflows in addition to mainflow database (1M flows)
• Unique Cisco solution andinfrastructure
Useful for other aggressiveapplications
• BitTorrent popularitynecessitates approach tomaintain effectiveness ofP2P solution
Other solutions forced toloose accuracy or cannot scale
29%(15%Misclassifiedas “Generic”)
240,000
DFDisabled
5min BTAging
47%45%BTClassifiedTraffic
240,000640,000Avg.ActiveFlows
DF EnabledDFDisabled
60min BTAging
Conclusion:40% Resource Savingwith No Sacrifices to
Classification
* Based on Production Network Data
Available as part of 2.5.6 and 3.0
31© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Platformintegration andnext-generation
SCE
Deep packetinspection
engine
Integrationenhancements,
Provisioning andcontrol
IPv6,Integration
with ISG/IPS,Netflow v9,
Voice Control,MPLS VPN,Clustering
Voice Mgmt,MPLS VPN,
URL Filtering,Reporting
enhancements,Redundant
management
Stateful L7 applicationrecognition,
Dynamic PolicyControl
SCE2020 8xFE,Clustering,Enhanced
Policy Model,Quota
management
Solution Strategy and Evolution
32© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
New and Enhanced Classification model
• Structured, rich andflexible classificationprocess
Protocol Signature,ports, zones andflavors all usedfor determining aservice
• Protocol signaturelookup on all traffic(not restricted byport)
33© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
VoIP Functionality
• Continuing themomentum from 2.5.5
Enhanced protocolsupportSupport forTransaction UsageRDRs for MGCP andSIP sessions usingthe same SCA BBVoIP RDR templateused for the H.323protocol.
SIP domain basedclassification
34© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Reporting—Global VoIP MOS
Global VoIP MOSTime Span: 1998-03-03 09:50:43—2005-11-28 15:50:43
MO
S
Date and Time
New!(Available: 3.0.3)Reports to identifyand TroubleshootVoIP Quality Issues(MOS, Jitter, PacketLoss)
Highlight:VoIP Service Is Operating Well... Most Hours of the Day
ActualCustomer
Data
35© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
MPLS-VPN—Per VRF DPI
BGP
MPLS-TAGto
VPN Mapping
VPN A
VPN B
VPN A
VPN B
VPN CCE Routers
PERouters
PRouters
Example Network—Managed Corporate VPNs
SCEs
InternetCore
• SCA BB 3.0 supports insertion into MPLS-VPN with overlapping privateIP address spaces
• Each VPN (A, B,C) managed separately—VPN as a “subscriber”
• MPLS-VPN packet tags automatically extracted from PE BGP
• Flow concept is extended to contain MPLS tag—ensures consistency ofpacket to flow mapping
36© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
MPLS-VPN—Per VRF DPI
VPN-A VPN-B VPN-C10.1.1.1 10.1.1.1 10.1.1.1
Previous
SCA 3.0
10.1.1.1 <-> 10.1.1.2
[VPN-A] 10.1.1.1 <-> 10.1.1.2
[VPN-B] 10.1.1.1 <-> 10.1.1.2
[VPN-A] 10.1.1.1 <-> 10.1.1.2
???10.1.1.2 10.1.1.2
• DPI support for private/overlapping IP address spaces• Upstream/downstream VPN-tags mapped through
flow trackingSCE identifies new flow from VPN-A, and correlates return packet’sVPN tag
37© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
URL Filtering – General Approach
• API’s for dynamicallyintegrating with URL DBvendors
In addition to the built inURL lists mechanism
• Allows the solution to limita subscriber’s access toweb sites based on“categorization” of content
• Useful forValue added service forsubscribersLegal purposes (in somecountries legislationrequires that certaincontent is blocked)
3.03
38© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Dual link BW control
• In 2.x release global controllers for 2 GBE links wereseparated for each link
In order to enforce 300Mbps limit on upstream P2P traffic, theuser had to configure 2 global-controllers, one for each link, whileeach enforces the P2P to 150Mbps
• On 3.0 a new mode is introduced, where the SCE enforces theglobal controllers policy on the aggregate traffic from the 2ports
A user can define a single P2P global-controller that will enforceaggregate of 300M limit for the upstream P2P traffic
• The old mode is still supported for backward compatibilitypurposes
39© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Management—Network Navigator
• Group devices into sitesSCE, CM, SM, database
• Batch management ofdevices/sites
Apply configurationUpdate signaturesUpdate software
• Common managementoperations
View device statusRetrieve logActivate/bypass
Single Interface toManage All SolutionComponents
40© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Signature Editor
• Customer definedsignatures
• GUI based
• Rich signaturelanguage
Multi-packet, Bi-Directional Patterns,Binary Characters, String-Match, HTTP
User-Agent, HTTP X-Header
41© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Integrated Reporter
• Integrated Java-based reporting tool
• Works with Oracle,MySQL or SybaseCM backend
• Context sensitiveDrill down betweenreports andconfiguration
INTERACTIVE: Click on TopSubscriber to Activate Subscriber
Real-Time Report
42© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Hitless Upgrade (3.03)
• Graceful phase-in ofnew protocol pack issupported by the SCOSinfrastructure
• This Complements theService Controlframework for ongoingprotocol support
Protocol upgrades areposted periodically onCCO (since 2.5.7)No service downtime isincurred to the operatorduring upgrade
3.03
43© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Service Security Dashboard
• Integrated console tomanage servicesecurity functionality
View/load/editsignaturesConfigurationidentificationthresholdsSetup mitigationactionsView reports
Availability: 3.0.3
44© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Redundant Management Ports
• SCE2020/1010 managementinterface redundancy
• Protects from physical failure ornetwork partition
• Active/standby ports
• Transparent—Same IP/MAC forboth ports
• 300 ms failure detection with activeARP to expedite recovery
SubscriberManager
PolicyServer
CollectionManager
RADIUS DHCP Billing Portal
Not Available on SE1010 1.5UHardware (“P-Cube Box”)
Critical High-Availabilityfor Service CreationScenarios
45© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Subscriber Management
• “Subscriber-aware” solutions• Manages Subscriber-contexts
Subscriber-ID: ID of subscriber-contextNetwork-ID: IP addresses used to map traffic to contextPolicy-ID: ID of policy (package) defining rulesSubscriber-quotas: set/add/read usage quota buckets
• Integration into back-office/AAARADIUS AAAPolicy Control Systems (Tazz Networks)
• Cisco Subscriber Manager (CSM) servesas integration point
46© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Multi-Gig Cluster Solution
• Split flows between morethan two GBE links
• SCE(s) are hair pinned toredundant 6500/7600matching EtherChannels on6500/7600 ensure traffic ofsingle subscriber flows tosame SCE
Can use PBR as well
• Support for N+1configuration through ECfailover
BRASs/CMTSs
Core Routers
SCE 2000s
7600/6500
7600/6500
47© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Agenda
Service Provider Marketand the Service Exchange
Cisco Service Control EngineReview and update
Service Exchange FrameworkPolicy Management and services
48© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Services (PDP)
Policy Control(PEP / PDP)
Access & Aggregation& CPE(PEP)
Policy Control Framework
PolicyServerAccounting Authorisation
Standards based transport protocol
Standards based transport protocol
Info
rmat
ion
Mod
el
WebPortal
PolicyServer
3.3. Application PlaneApplication Plane
2.2. Policy PlanePolicy Plane
1.1. Network PlaneNetwork Plane
49© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Policy Server Components
Applications / portals via Northbound interface
Policy Engine = {Rules processor + Message Router}
Application schemas
Device schemas
COPS-PR Webservices:SOAP, BEEP / XML CORBA CLIRADIUS
COPS-PR Webservices:SOAP / BEEP, XML CORBA CLIRADIUS
Network devices via Southbound interface
PolicyPolicyRepositoryRepository
50© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
A. User self subscription with redirection
PolicyRepository
PolicyServer
AddressManagement AAA
Portal
Presence
Internet
VideoVoIP
Subscriber / Service Control Applications / Services
ISP
1 2
3
4
5
1. New session identified by SCE2. SCE applies HTTP redirect to
redirect user to web portal3. Portal captures credentials / user
authenticated4. Policy server confirms subscription5. Policy server pushes change to SCE
to remove L4 redirect for session6. User now has Internet access
61 2
3
4
5
51© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
B. User bandwidth selection
AAAPolicyServer
AddressManagement
PolicyRepository
Portal
Presence
Internet
VideoVoIP
Subscriber / Service Control Applications / Services
ISP
1
2
3
1. USER logs in to web portal and requests anasymmetrical 512Mbps/256kbps(downstream/upstream) non-meteredservice
2. Policy server confirms subscription3. Policy server pushes the respective QOS
policy to ISG / SCE that is applied to theuser session
1
2
52© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
Customer self-provisioning
• Customer subscribed to an-entry-level profile.
• All customer’s accesslines are identicallyprovisoned (i.e. DSL profileat max access speed).
• Service exchange enforcescurrent customer speedand traffic profile.
• Customers candynamically changeprofiles with no manualintervention.
• Profile change can bepermanent (new tariff plan)or time-limited (turbobutton, promotional offers).
53© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205
To conclude …
• Cable, mobile, and DSL standards bodies are defining theneed for policy server functionality
• Policy control layer is of growing importance and is beingdefined in all evolving access technologies
Significant commonality between evolving access technologiesAdds intelligence to base network transport solution - theequivalent to the Intelligent Networks (IN) capability in the voiceworld
• Policy control layer server is becoming the access agnosticservice convergence plane
• Cisco Systems’ Service Exchange Framework provides theservice/application convergence layer for next generationnetworks
54© 2005 Cisco Systems, Inc. All rights reserved. Cisco PublicService ExchangeFramework_1205