-
BBAGG
Volume 1
Implementing Broadband Aggregation on Cisco 10000 Series
Version 1.0
Student Guide
-
The products and specifications, configurations, and other
technical information regarding the products in this manual are
subject to change without notice. All statements, technical
information, and recommendations in this manual are believed to be
accurate but are presented without warranty of any kind, express or
implied. You must take full responsibility for their application of
any products specified in this manual. LICENSE PLEASE READ THESE
TERMS AND CONDITIONS CAREFULLY BEFORE USING THE MANUAL,
DOCUMENTATION, AND/OR SOFTWARE (MATERIALS). BY USING THE MATERIALS
YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS LICENSE.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS LICENSE, PROMPTLY RETURN
THE UNUSED MATERIALS (WITH PROOF OF PAYMENT) TO THE PLACE OF
PURCHASE FOR A FULL REFUND. Cisco Systems, Inc. (Cisco) and its
suppliers grant to you (You) a nonexclusive and nontransferable
license to use the Cisco Materials solely for Your own personal
use. If the Materials include Cisco software (Software), Cisco
grants to You a nonexclusive and nontransferable license to use the
Software in object code form solely on a single central processing
unit owned or leased by You or otherwise embedded in equipment
provided by Cisco. You may make one (1) archival copy of the
Software provided You affix to such copy all copyright,
confidentiality, and proprietary notices that appear on the
original. EXCEPT AS EXPRESSLY AUTHORIZED ABOVE, YOU SHALL NOT:
COPY, IN WHOLE OR IN PART, MATERIALS; MODIFY THE SOFTWARE; REVERSE
COMPILE OR REVERSE ASSEMBLE ALL OR ANY PORTION OF THE SOFTWARE; OR
RENT, LEASE, DISTRIBUTE, SELL, OR CREATE DERIVATIVE WORKS OF THE
MATERIALS. You agree that aspects of the licensed Materials,
including the specific design and structure of individual programs,
constitute trade secrets and/or copyrighted material of Cisco. You
agree not to disclose, provide, or otherwise make available such
trade secrets or copyrighted material in any form to any third
party without the prior written consent of Cisco. You agree to
implement reasonable security measures to protect such trade
secrets and copyrighted Material. Title to the Materials shall
remain solely with Cisco. This License is effective until
terminated. You may terminate this License at any time by
destroying all copies of the Materials. This License will terminate
immediately without notice from Cisco if You fail to comply with
any provision of this License. Upon termination, You must destroy
all copies of the Materials. Software, including technical data, is
subject to U.S. export control laws, including the U.S. Export
Administration Act and its associated regulations, and may be
subject to export or import regulations in other countries. You
agree to comply strictly with all such regulations and acknowledge
that it has the responsibility to obtain licenses to export,
re-export, or import Software. This License shall be governed by
and construed in accordance with the laws of the State of
California, United States of America, as if performed wholly within
the state and without giving effect to the principles of conflict
of law. If any portion hereof is found to be void or unenforceable,
the remaining provisions of this License shall remain in full force
and effect. This License constitutes the entire License between the
parties with respect to the use of the Materials Restricted Rights
- Ciscos software is provided to non-DOD agencies with RESTRICTED
RIGHTS and its supporting documentation is provided with LIMITED
RIGHTS. Use, duplication, or disclosure by the U.S. Government is
subject to the restrictions as set forth in subparagraph C of the
Commercial Computer Software - Restricted Rights clause at FAR
52.227-19. In the event the sale is to a DOD agency, the U.S.
Governments rights in software, supporting documentation, and
technical data are governed by the restrictions in the Technical
Data Commercial Items clause at DFARS 252.227-7015 and DFARS
227.7202. DISCLAIMER OF WARRANTY. ALL MATERIALS ARE PROVIDED AS IS
WITH ALL FAULTS. CISCO AND ITS SUPPLIERS DISCLAIM ALL WARRANTIES,
EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR
TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE
FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES,
INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO
DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN
IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES. In no event shall Ciscos or its suppliers liability
to You, whether in contract, tort (including negligence), or
otherwise, exceed the price paid by You. The foregoing limitations
shall apply even if the above-stated warranty fails of its
essential purpose. The following information is for FCC compliance
of Class A devices: This equipment has been tested and found to
comply with the limits for a Class A digital device, pursuant to
part 15 of the FCC rules. These limits are designed to provide
reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment
generates, uses, and can radiate radio-frequency energy and, if not
installed and used in accordance with the instruction manual, may
cause harmful interference to radio communications. Operation of
this equipment in a residential area is likely to cause harmful
interference, in which case users will be required to correct the
interference at their own expense. The following information is for
FCC compliance of Class B devices: The equipment described in this
manual generates and may radiate radio-frequency energy. If it is
not installed in accordance with Ciscos installation instructions,
it may cause interference with radio and television reception. This
equipment has been tested and found to comply with the limits for a
Class B digital device in accordance with the specifications in
part 15 of the FCC rules. These specifications are designed to
provide reasonable protection against such interference in a
residential installation. However, there is no guarantee that
interference will not occur in a particular installation.
-
You can determine whether your equipment is causing interference
by turning it off. If the interference stops, it was probably
caused by the Cisco equipment or one of its peripheral devices. If
the equipment causes interference to radio or television reception,
try to correct the interference by using one or more of the
following measures: Turn the television or radio antenna until the
interference stops. Move the equipment to one side or the other of
the television or radio. Move the equipment farther away from the
television or radio. Plug the equipment into an outlet that is on a
different circuit from the television or radio. (That is, make
certain the equipment and the television or radio are on circuits
controlled by different circuit breakers or fuses.) Modifications
to this product not authorized by Cisco Systems, Inc. could void
the FCC approval and negate your authority to operate the product.
The following third-party software may be included with your
product and will be subject to the software license agreement:
CiscoWorks software and documentation are based in part on HP
OpenView under license from the Hewlett-Packard Company. HP
OpenView is a trademark of the Hewlett-Packard Company. Copyright
1992, 1993 Hewlett-Packard Company. The Cisco implementation of TCP
header compression is an adaptation of a program developed by the
University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved.
Copyright 1981, Regents of the University of California. Network
Time Protocol (NTP). Copyright 1992, David L. Mills. The University
of Delaware makes no representations about the suitability of this
software for any purpose.
Point-to-Point Protocol. Copyright 1989, Carnegie-Mellon
University. All rights reserved. The name of the University may not
be used to endorse or promote products derived from this software
without specific prior written permission.
The Cisco implementation of TN3270 is an adaptation of the
TN3270, curses, and termcap programs developed by the University of
California, Berkeley (UCB) as part of UCBs public domain version of
the UNIX operating system. All rights reserved. Copyright
1981-1988, Regents of the University of California.
Cisco incorporates Fastmac and TrueView software and the
RingRunner chip in some Token Ring products. Fastmac software is
licensed to Cisco by Madge Networks Limited, and the RingRunner
chip is licensed to Cisco by Madge NV. Fastmac, RingRunner, and
TrueView are trademarks and in some jurisdictions registered
trademarks of Madge Networks Limited. Copyright 1995, Madge
Networks Limited. All rights reserved.
XRemote is a trademark of Network Computing Devices, Inc.
Copyright 1989, Network Computing Devices, Inc., Mountain View,
California. NCD makes no representations about the suitability of
this software for any purpose.
The X Window System is a trademark of the X Consortium,
Cambridge, Massachusetts. All rights reserved.
Cisco Systems has more than 200 offices in the following
countries and regions. Addresses, phone numbers, and fax numbers
are listed on the Cisco Web site at www.cisco.com/go/offices.
Argentina Australia Austria Belgium Brazil Bulgaria Canada Chile
China PRC Colombia Costa Rica Croatia Czech Republic Denmark Dubai,
UAE Finland France Germany Greece Hong Kong SAR Hungary India
Indonesia Ireland Israel Italy Japan Korea Luxembourg Malaysia
Mexico The Netherlands New Zealand Norway Peru Philippines Poland
Portugal Puerto Rico Romania Russia Saudi Arabia Scotland Singapore
Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan
Thailand Turkey Ukraine United Kingdom United States Venezuela
Vietnam Zimbabwe
Copyright 2003, Cisco Systems, Inc. All rights reserved.
AccessPath, AtmDirector, Browse with Me, CCDA, CCDE, CCDP, CCIE,
CCNA, CCNP, CCSI, CD-PAC, CiscoLink, the Cisco NetWorks logo, the
Cisco Powered Network logo, Cisco Systems Networking Academy, Fast
Step, Follow Me Browsing, FormShare, FrameShare, GigaStack, IGX,
Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ
FastTrack, the iQ logo, iQ Net Readiness Scorecard, MGX, the
Networkers logo, Packet, RateMUX, ScriptBuilder, ScriptShare,
SlideCast, SMARTnet, TransPath, Unity, Voice LAN, Wavelength
Router, and WebViewer are trademarks of Cisco Systems, Inc.;
Changing the Way We Work, Live, Play, and Learn, Discover All Thats
Possible, and Empowering the Internet Generation, are service marks
of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, Cisco,
the Cisco Certified Internetwork Expert Logo, Cisco IOS, the Cisco
IOS logo, Cisco Systems, Cisco Systems Capital, the Cisco Systems
logo, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub,
FastSwitch, IOS, IP/TV, LightStream, MICA, Network Registrar, PIX,
Post -Routing, Pre-Routing, Registrar, StrataView Plus, Stratm,
SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco
Systems, Inc. and/or its affiliates in the U.S. and certain other
countries.
All other brands, names, or trademarks mentioned in this
document or Web site are the property of their respective owners.
The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (0104R)
Book Title, Revision xx.x: Student Guide Copyright 2003, Cisco
Systems, Inc. All rights reserved. Printed in USA.
-
2003 Cisco Systems, Inc. Version 1.0 v
Course Overview
Intended Audience
This course is for technical professionals who need to know how
to implement broadband aggregation on the Cisco 10000 Series
router. The following are considered the primary audience for this
course:
Customer technicians
Cisco System Engineers (SEs)
System Integrators (SIs)
Course Level
This course is basic and intermediate training for the topics
that it covers.
Prerequisites
Students attending this course should have successfully
completed the following training:
Interconnecting Cisco Network Devices (ICND) or equivalent
experience
Campus ATM (CATM) or equivalent experience
Basic DSL End To End Architecture either video on demand or
leader-led or equivalent experience
-
vi Version 1.0 Implementing Broadband Aggregation
Additional Information Cisco Systems Technical Publications
You can print technical manuals and release notes directly from
the Internet. Go to http://www.cisco.com/univercd/home/home.htm.
Find the Cisco Systems product for which you need documentation.
Then locate the specific category and model or version for your
hardware or software product. Using Adobe Acrobat Reader, you can
open the manuals and release notes, search for the sections you
need, and print them on most standard printers. You can download
Acrobat Reader free from the Adobe Systems website,
www.adobe.com.
Documentation sets and CDs are available through your local
Cisco Systems sales office or account representative.
Cisco Systems Service
Comprehensive network support is available from Cisco Systems
Service & Support solutions. Go to
http://www.cisco.com/public/support_solutions.shtml for a listing
of services.
-
2003 Cisco Systems, Inc. Version 1.0 vii
Course Agenda
Day 1
Broadband Aggregation Architectures
RBE and RFC 1483 Routing
PPPoA
Day 2
PPPoE
Cisco Aggregation Optimization Features
AAA Service
Day 3
L2TP
Cisco 10000 Series Router Hardware Overview
Cisco 10000 Series Router Software Overview
-
viii Version 1.0 Implementing Broadband Aggregation
-
2003 Cisco Systems, Inc. Version 1.0 ix
Course Introduction and Objectives
Overview
Description
This course is intended for customer technicians and system
integrators who need to implement various broadband aggregation
technologies on Cisco routers. This course also enables Cisco
System Engineers (SEs) to present and demonstrate various broadband
aggregation technologies on Cisco routers for customers. Students
learn about RBE, PPPoA, PPPoE, and L2TP, and learn how to configure
and verify operation of these technologies on Cisco routers. This
course also explains the Cisco 10000 Series router hardware
architecture and software features.
The course is instructor-led and includes hands-on lab
exercises. Lecture topics are reinforced with supporting student
exercises.
This course focuses on implementing broadband aggregation
technologies on the Cisco 10000 Series router, however, most
learning experiences from this course may be applied to other Cisco
routers that support these technologies.
Objectives
After completing this course, you will be able to do the
following:
Compare and contrast the various broadband aggregation
architectures available with Cisco routers
Explain how RBE and RFC 1483 routing work, describe their
typical architectures and benefits, and configure them on Cisco
routers
Explain how PPPoA and PPPoE work, along with descriptions of
their typical architecture and benefits, and configure them on
Cisco routers
-
x Version 1.0 Implementing Broadband Aggregation
Explain and configure various methods for optimizing subscriber
connections including PVC range, auto detect PPPoX encapsulation,
VC class, ATM PVC autoprovisioning, and BBA groups
Explain AAA services available on Cisco routers and RADIUS
servers and configure AAA services on Cisco routers
Explain how L2TP works, describe its typical architecture and
benefits, and configure it on Cisco routers
Describe the Cisco 10000 Series router and explain the features
and functions of system-wide hardware and software components
Identify and describe system modules and services on the Cisco
10000 Series router that are utilized in broadband aggregation
deployment scenarios
-
2003 Cisco Systems, Inc. Version 1.0 xi
Contents Course Overview
...........................................................................................................v
Course Agenda
............................................................................................................vii
Course Introduction and
Objectives........................................................................
ix
Overview......................................................................................................................
ix
Module 1 Broadband Aggregation Architectures
..........................................11
Overview...................................................................................................................
11 Broadband Aggregation Introduction
.........................................................................
12 Retail and Wholesale Services
.................................................................................
112 VC
Service...............................................................................................................
116 ATM Bridging and Routing Methods
.......................................................................
118 PPP Review
.............................................................................................................
120 PPP Broadband Access Methods
..............................................................................
124
PTA.........................................................................................................................
126 L2TP
.......................................................................................................................
128 AAA
........................................................................................................................
130 Managed LNS
.........................................................................................................
132 Remote Access into MPLS
.......................................................................................
134 SSG and SESM
.......................................................................................................
136 Summary
................................................................................................................
140 Review Questions
....................................................................................................
141
Module 2 RBE and RFC 1483
Routing...............................................................21
Overview...................................................................................................................
21 Typical RBE
Architecture..........................................................................................
22 RFC 1483 Bridging Protocol
Stack.............................................................................
24 How Does RBE Work?
...............................................................................................
28 RBE Configuration
..................................................................................................
212 RBE Advantages and Disadvantages
.......................................................................
218 Typical RFC 1483 Routing Architecture
..................................................................
222 RFC 1483 Routing Protocol Stack
............................................................................
224
-
xii Version 1.0 Implementing Broadband Aggregation
How Does RFC 1483 Routing Work?
........................................................................
226 RFC 1483 Routing Configuration
.............................................................................
228 RFC 1483 Routing Advantages and Disadvantages
................................................. 232 Summary
................................................................................................................
234 Review Questions
....................................................................................................
235
Module 3 PPPoA
.....................................................................................................31
Overview...................................................................................................................
31 Typical PPPoA Architecture
......................................................................................
32 PPPoA with PTA Protocol Stack
................................................................................
36 PPPoA with Tunneling Protocol Stack
.....................................................................
310 How Does PPPoA Work with PTA?
..........................................................................
312 How Does PPPoA Work with Tunneling?
.................................................................
314 PPPoA IP Address
Management..............................................................................
316 PPPoA Configuration
..............................................................................................
318 PPPoA Advantages and Disadvantages
...................................................................
328 Summary
................................................................................................................
332 Review Questions
....................................................................................................
333
Module 4
PPPoE......................................................................................................41
Overview...................................................................................................................
41 Typical PPPoE Architecture
......................................................................................
42 PPPoE Protocol
Stack................................................................................................
46 How Does PPPoE Discovery
Work?............................................................................
48 PPPoEoA with PTA Protocol Stack
..........................................................................
410 PPPoEoA with Tunneling Protocol Stack
.................................................................
414 How Does PPPoE Work with PTA?
..........................................................................
416 How Does PPPoE Work with Tunneling?
.................................................................
418 PPPoE IP Address
Management..............................................................................
420 PPPoEoA Configuration
..........................................................................................
422 PPPoE Advantages and Disadvantages
...................................................................
434 PPPoEoE and
PPPoEo892.1q...................................................................................
438 PPPoEoE and PPPoEo892.1q Configuration
............................................................ 440
Summary
................................................................................................................
442 Review Questions
....................................................................................................
443
Module 5 Cisco Aggregation Optimization Features
....................................51
Overview...................................................................................................................
51
-
2003 Cisco Systems, Inc. Version 1.0 xiii
Optimization Features Introduction
..........................................................................
52 Minimizing ATM PVC Provisioning
...........................................................................
54 PVC
Range................................................................................................................
56 VC Class
.................................................................................................................
514 ATM PVC Autoprovisioning
....................................................................................
518 Autosense PPPoX Encapsulation
.............................................................................
522 PPPoE Profiles
........................................................................................................
528 Summary
................................................................................................................
532 Review Questions
....................................................................................................
533
Module 6 AAA
Services.........................................................................................61
Overview...................................................................................................................
61 Introduction to AAA
..................................................................................................
62 Authentication
..........................................................................................................
68 Authorization
..........................................................................................................
610 Accounting
..............................................................................................................
612 AAA-Supported Protocols
........................................................................................
614 RADIUS Attributes
.................................................................................................
616 Radius Files
............................................................................................................
620 AAA Implementations
.............................................................................................
628 RADIUS
Protocol.....................................................................................................
632 Cisco Implementation of
AAA..................................................................................
644 Troubleshooting
Aids...............................................................................................
656 Cisco IOS Commands
..............................................................................................
658 UNIX Commands
....................................................................................................
670 Review Questions
....................................................................................................
677
Module 7 L2TP
.........................................................................................................71
Overview...................................................................................................................
71 L2TP
Overview..........................................................................................................
72 L2TP
Components.....................................................................................................
74 L2TP Tunnel and Session
Identifiers.........................................................................
76 Encapsulations
Supported.........................................................................................
78 L2TP Message
Format.............................................................................................
710 Incoming Call
Sequence...........................................................................................
712 Forwarding PPP Frames
.........................................................................................
716 Call Disconnect Sequence
........................................................................................
718 Typical L2TP
Scenarios...........................................................................................
720
-
xiv Version 1.0 Implementing Broadband Aggregation
L2TP Configuration Overview
.................................................................................
724 L2TP Tunnel Attributes
..........................................................................................
726 L2TP Configuration Without
RADIUS.....................................................................
728 L2TP Configuration with RADIUS
..........................................................................
736 Tunnel Verification
.................................................................................................
750 Summary
................................................................................................................
758 Review Questions
....................................................................................................
759
Module 8 Cisco 10000 Series Router Hardware Overview
..........................81
Overview...................................................................................................................
81 Cisco 10000 Series Router Introduction
.....................................................................
82 Broadband Aggregation Deployment Scenarios
......................................................... 84 Cisco
10000 Series Router Components
Overview...................................................... 86
Chassis Description
...................................................................................................
88 Modules Used with Broadband Aggregation
............................................................ 814
Cisco 10000 Series Router Architecture Overview
................................................... 818 Functional
Block Diagram
.......................................................................................
820 Router Buffer Management
.....................................................................................
824 Router
Backplane....................................................................................................
826 Performance Routing Engine-2
................................................................................
830 PRE-2 Front Panel
..................................................................................................
832 PRE-2 Architecture
.................................................................................................
834 PRE-2 Packet
Flow..................................................................................................
842 PXF Technology and Operation
...............................................................................
850 PRE Comparison
.....................................................................................................
860 High Availability
.....................................................................................................
862 PRE
Redundancy.....................................................................................................
864 Cisco 10000 Series Router Broadband Aggregation Line
Cards................................ 874 ATM Line Cards
......................................................................................................
876 ATM Line Card Common Features
..........................................................................
882 Assigning VPI/VCIs for ATM VC Scaling
.................................................................
888 LAN Line Cards
......................................................................................................
892 Packet over SONET Line
Cards..............................................................................8106
Common POS/SDH Line Card Features
.................................................................8112
Summary
...............................................................................................................8114
Review Questions
...................................................................................................8115
-
2003 Cisco Systems, Inc. Version 1.0 xv
Module 9 Cisco 10000 Series Router Software
Overview............................91
Overview...................................................................................................................
91 Software
Architecture................................................................................................
92 Software
components.................................................................................................
94 Cisco 10000 Router Software
.....................................................................................
96 Supported Encapsulations
.......................................................................................
914 Frame Relay Support
..............................................................................................
918 Broadband Features and Scaling
.............................................................................
920 Leased-Line Features and Scaling
...........................................................................
928 High Availability and Management Functionality
................................................... 934 QoS
Features and
Functions....................................................................................
936 Class-Map Match Options
.......................................................................................
938 Policy-Map Keywords
..............................................................................................
940 Policy-Map Actions
..................................................................................................
942 QoS Facts
................................................................................................................
946 Policing Considerations
...........................................................................................
952 VC Scaling with QoS
...............................................................................................
954 System Status and Alarms
......................................................................................
958 Checking the Data Path
..........................................................................................
966 System-Wide Statistics and
Performance.................................................................
980 Summary
................................................................................................................
996
Glossary
..........................................................................................................................
1 Technology Acronyms
....................................................................................................2
Cisco 10000 Series Router Acronyms
.............................................................................5
Appendix A Review Question
Answers...........................................................
A1 Appendix Contents
....................................................................................................A1
Module 1 Broadband Aggregation Architectures
.....................................................A2 Module 2
RBE and RFC 1483
.................................................................................A4
Module 3
PPPoA.....................................................................................................A7
Module 4
PPPoE...................................................................................................A10
Module 5 Cisco Aggregation Optimization
Features..............................................A13 Module 7
AAA
Services.........................................................................................A14
Module 7 L2TP
.....................................................................................................A16
Module 8 Cisco 10000 Series Router Hardware Overview
.....................................A18
-
xvi Version 1.0 Implementing Broadband Aggregation
Appendix B Router Starting Configurations
..................................................B1 Appendix
Contents
....................................................................................................B1
P1R1 Configurations
.................................................................................................B2
P1R2 Configurations
...............................................................................................B16
P1R3 Configuration
.................................................................................................B30
Core Routers Configurations
...................................................................................B32
PC CPE Configurations
...........................................................................................B36
-
2003 Cisco Systems, Inc. Version 1.0 11
Module 1 Broadband Aggregation Architectures
Overview
Description
In this module, you will learn about the various broadband
aggregation architectures available with Cisco routers.
Objectives
After completing this module, you will be able to do the
following:
List various broadband aggregation architectures
Identify the technologies used by each architecture and describe
how each architecture functions
Identify the benefits of each architecture
-
Broadband Aggregation Architectures Module 1
12 Version 1.0 Implementing Broadband Aggregation
Broadband Aggregation Introduction
This section describes the various segments that constitue a
broadband subscriber network environment.
Network Segments
You can view the access and core network that serve broadband
subscribers as being divided into three segments.
Customer Premises Equipment (CPE)
Network Access Provider (NAP)
Network Service Provider (NSP)
The NAP and NSP may be owned by different businesses or by one
company. This is described in more detail in the Retail and
Wholesale Services section. Although the drawing illustrates
digital subscriber line (DSL) access, the same functional segments
apply to other broadband access methods, such as cable and
wireless.
-
Module 1 Broadband Aggregation Introduction
2003 Cisco Systems, Inc. Version 1.0 13
Broadband Aggregation Introduction
CPECustomer Premises EquipmentNAPNetwork Access
ProviderNSPNetwork Service Provider
CPE NAP NSP
Video
Voice
Content
ATU-RDSLAM
AggregationService Selection
Core
TerminationService
Selection
Enterprise
Internet
ISP
Internet
-
Broadband Aggregation Architectures Module 1
14 Version 1.0 Implementing Broadband Aggregation
Broadband Aggregation Introduction (continued)
CPE
The term CPE refers to the equipment required on the customer
premises, typically a modem and personal computer. The modem type
varies with the access method, such as DSL and cable.
The modem generally provides Layer 1 and Layer 2 functions and
in some applications Layer 3 functions.
Physical layer transport of data according to the subscriber
connection type; for example, asymmetric digital subscriber line
(ADSL)
Data Link layer encapsulation of data for transport across the
physical link; for example, ATM, bridging, and Point-to-Point
Protocol (PPP)
Network layer provides routing, Network Address Translation
(NAT), and DHCP functions typically using IP
-
Module 1 Broadband Aggregation Introduction
2003 Cisco Systems, Inc. Version 1.0 15
Broadband Aggregation Introduction (continued)
CPECustomer Premises EquipmentNAPNetwork Access
ProviderNSPNetwork Service Provider
CPE NAP NSP
Video
Voice
Content
ATU-RDSLAM
AggregationService Selection
Core
TerminationService
Selection
Enterprise
Internet
ISP
Internet
-
Broadband Aggregation Architectures Module 1
16 Version 1.0 Implementing Broadband Aggregation
Broadband Aggregation Introduction (continued)
NAP
The NAP portion of the network provides at least the following
components:
Subscriber termination devices such as a digital subscriber line
access multiplexers (DSLAMs) or cable headend systems
Aggregation systems
Core network for transporting data to the NSP
Subscriber Termination
Subscriber termination devices terminate the physical layer
connection and transport of data from the subscriber. The data is
then transported to aggregation devices typically by using an ATM
or Ethernet/IP infrastructure.
Aggregation
Aggregation systems may be ATM switches or routers or a
combination of both depending on several factors, such as whether
the NAP is providing retail or wholesale services. The types of
functions that aggregators may provide include
ATM switching
Bridging
PPP termination
Routing
Core Network
Typical core networks are either ATM based or IP based. If a
legacy ATM network is in place, then the NAP may continue to use it
to transport data to the NSP. NAPs are migrating to using IP cores
rather than ATM switching or building new IP cores using Gigabit
Ethernet. Additionally, IP cores are evolving to Multiprotocol
Label Switching (MPLS).
-
Module 1 Broadband Aggregation Introduction
2003 Cisco Systems, Inc. Version 1.0 17
Broadband Aggregation Introduction (continued)
CPECustomer Premises EquipmentNAPNetwork Access
ProviderNSPNetwork Service Provider
CPE NAP NSP
Video
Voice
Content
ATU-RDSLAM
AggregationService Selection
Core
TerminationService
Selection
Enterprise
Internet
ISP
Internet
-
Broadband Aggregation Architectures Module 1
18 Version 1.0 Implementing Broadband Aggregation
Broadband Aggregation Introduction (continued)
NSP
The NSP is responsible for offering services to subscribers,
which may be residential or business users. Services the NSP
provides include
E-mail
Internet access
Video and voice services
Access to corporations
Termination of service selection
NSP use aggregation devices, typically routers, to terminate
virtual circuit (VC) or PPP connections from the subscribers. The
Layer 3 data is then extracted and forwarded to the destination.
Like aggregators in the NAP, the aggregation devices may perform
bridging, routing, and PPP termination for various types of
encapsulation methods.
-
Module 1 Broadband Aggregation Introduction
2003 Cisco Systems, Inc. Version 1.0 19
Broadband Aggregation Introduction (continued)
CPECustomer Premises EquipmentNAPNetwork Access
ProviderNSPNetwork Service Provider
CPE NAP NSP
Video
Voice
Content
ATU-RDSLAM
AggregationService Selection
Core
TerminationService
Selection
Enterprise
Internet
ISP
Internet
-
Broadband Aggregation Architectures Module 1
110 Version 1.0 Implementing Broadband Aggregation
Broadband Aggregation Introduction (continued)
In this course we will focus on the aggregation aspects of
broadband subscribers. You will learn about Ciscos implementation
of aggregation services on routers that have been optimized to
perform aggregation functions.
-
Module 1 Broadband Aggregation Introduction
2003 Cisco Systems, Inc. Version 1.0 111
Broadband Aggregation Introduction (continued)
CPE NAP NSP
Video
Voice
Content
ATU-RDSLAM
AggregationService Selection
Core
TerminationService
Selection
Enterprise
Internet
ISP
Internet
Training Focus
-
Broadband Aggregation Architectures Module 1
112 Version 1.0 Implementing Broadband Aggregation
Retail and Wholesale Services
Service providers may be categorized in terms of their operating
models: retail services and wholesale services.
Characteristics of a Retail Service
A service provider that operates a retail service performs the
roles of both the NAP and the NSP. A retailer provides broadband
access, termination, and value-added services to the subscriber,
that is, both NAP and NSP functions. A retail provider can offer
data, voice, and video to residential customers and can also offer
Virtual Private Network (VPN) capability to business customers.
The following are key aspects of a retail provider:
Owns the subscriber
Dictates the class of service
Provides access to the Internet
-
Module 1 Retail and Wholesale Services
2003 Cisco Systems, Inc. Version 1.0 113
Retail and Wholesale Services
Characteristics of a Retail Service Owns the subscriber service
(gets the monthly
subscription)
Dictates the class of service (the line rate)
Provides access to the Internet and other value-added services
such as email
Subscriber Service Provider
-
Broadband Aggregation Architectures Module 1
114 Version 1.0 Implementing Broadband Aggregation
Retail and Wholesale Services (continued)
Characteristics of a Wholesale Service
A service provider that operates a wholesale service provides
the NAP functions. It provides the access connection to the
subscriber and connects the subscriber to the NSP. The wholesaler
has ISPs and corporations as its primary customers.
The following are key aspects of a wholesale provider:
Connects the subscriber to the NSP
Sells various infrastructure capabilities to the ISPs and
corporations
ISPs and corporations still own subscribers
______________________________Note
__________________________
Because of governmental regulation, wholesalers are not
permitted to provide services that are limited to retailers.
Through an unregulated portion of their business, some service
providers provide a retail service in addition to wholesale
service.
_____________________________________________________________
-
Module 1 Retail and Wholesale Services
2003 Cisco Systems, Inc. Version 1.0 115
Retail and Wholesale Services (continued)
Characteristics of a Wholesale Service Carrier connects
subscriber to service provider Offers a range of network
architectures to achieve this Retailer still owns the customer but
pays percentage of
monthly subscription to wholesaler for connectivity services
Wholesaler often has retail business
Subscriber Service Provider
Carrier
ILEC
-
Broadband Aggregation Architectures Module 1
116 Version 1.0 Implementing Broadband Aggregation
VC Service
Description
A virtual circuit (VC) service is one in which the subscriber
permanent virtual circuit (PVC) is switched all the way to the ISP,
NSP, or corporation. The ISP, NSP, or corporation is responsible
for terminating the PVC, retrieving the IP data, and providing IP
addressing to the subscriber. A VC service is commonplace with NAPs
who are simply providing a wholesale service.
Advantages and Disadvantages of VC Service
The following are some of advantages and disadvantages of a VC
service model:
NAPs do not manage IP addresses
The various encapsulation methods are transparent to VC
service
End-to-end PVC provisioning takes time
Does not scale well
In some situations, lack of control over bandwidth offered to
subscribers and ISP
-
Module 1 VC Service
2003 Cisco Systems, Inc. Version 1.0 117
VC Service
DSLAMs
(Local Exchanges)
BRAS
ISP1.com
Local Loops
Local Loops
Local Loops
Local Loops ISP2.com
ATM Core Network
ATM Access Network
ISP2.com
ISP1.com
Each subscriber is presented as a unique VC to the ISP
-
Broadband Aggregation Architectures Module 1
118 Version 1.0 Implementing Broadband Aggregation
ATM Bridging and Routing Methods
RFC 1483 describes two methods for transporting data over ATM
networks: bridging and routing.
RFC 1483 Bridging
With RFC 1483 bridging, the CPE simply acts as a bridge between
the subscriber PC and the aggregation device. The PC encapsulates
Layer 3 data into 802.3 (Ethernet), which is then encapsulated into
ATM cells. On the aggregation device, the Ethernet frames are
terminated into a bridge group and forwarded using bridging or
routing to the final destination.
Even though it is simple and easy to deploy, this method has
security limitations, is no longer widely used with Cisco routers
and will not be discussed in this course.
RFC 1483 with RBE
RFC 1483 with RBE is often referred to as Route Bridge
Encapsulation (RBE) by Cisco. RBE builds upon some of the features
and advantages of RFC 1483 bridging and overcomes the security
limitations of bridging. From the PC and CPE perspective, there is
no change in their configuration and operation. The key difference
is that the subscriber traffic is terminated at the aggregator by
using routing rather than by using bridging.
RFC 1483 Routing
RFC 1483 routing incorporates some of the same principles as RFC
1483 bridging with the key difference that the CPE is in a routing
mode rather than bridging mode. As a router, it can support
multiple networks on the subscriber side of the CPE and can
exchange routing updates, making it ideal for business
applications. RFC 1483 routing can also implement NAT or PAT and
conserve IP addresses.
-
Module 1 ATM Bridging and Routing Methods
2003 Cisco Systems, Inc. Version 1.0 119
ATM Bridging and Routing Methods
RFC 1483 Bridging RFC 1483 Bridging with RBE RFC 1483
Routing
DSLAM
AggregationDevice
Core
Routed CPE
Bridged CPE
Bridged CPE
BridgeGroup
Routing
Bridging
RBE
Routing
ISP1.com
ISP2.com
-
Broadband Aggregation Architectures Module 1
120 Version 1.0 Implementing Broadband Aggregation
PPP Review
Description of PPP
Point-to-Point Protocol (PPP), defined in RFC 1661, is a
standard method of encapsulating upper layer protocols, such as IP
and IPX, across point-to-point links. It was originally intended
for dial-up application, but it is also suitable for applications
requiring authentication of subscribers in a broadband environment.
In a dial-up environment, PPP offers several functions, but with
broadband implementations, its principle function is to provide
user authentication using Password Authentication Protocol (PAP) or
Challenge Handshake Authentication Protocol (CHAP) and additionally
support for multiple protocols.
PPP Fundamentals
The following are fundamental concepts of PPP that you should
know. Beside the RFC, there are numerous publications that explain
PPP in detail.
PPP is comprised of three main components and phases:
High-Level Datalink Control (HDLC) encapsulates multiprotocol
datagrams.
Link Control Protocol (LCP) establishes, configures, and tests
the data-link connection.
- If authentication using PAP or CHAP is implemented, it occurs
before the NCP phase.
Network Control Protocols (NCPs) establish and configure
different network-layer protocols.
- An example of NCP is IP Control Protocol (IPCP) which is used
for transporting IP datagrams.
-
Module 1 PPP Review
2003 Cisco Systems, Inc. Version 1.0 121
PPP Review
PPP uses HDLC framingPPP packet types LCP Link Control
Protocol
- Link establishment, termination, & maintenance-
Authentication PAP or CHAP
NCP Network Control Protocol- Encapsulation of Layer 3 protocol-
for example IPCP
point-to-point link
Layer 3
NCPLCP
HDLCPHY
Layer 3
NCPLCP
HDLCPHY
Layer 3
ATM,FR,etc.PHY
Layer 3
ATM,FR,Etc.PHY
ATM, FR, etc.
-
Broadband Aggregation Architectures Module 1
122 Version 1.0 Implementing Broadband Aggregation
PPP Review (continued)
PPP Link Operation
A PPP link is initialized using both LCP and NCP. The PPP link
goes through five distinct phases.
Link Dead Phase
This phase determines the physical readiness of the link. Once
the physical layer is initialized, the link goes into the Link
Establishment phase.
Link Establishment Phase
During this phase, each end uses Configure Request packets to
initialize LCP and negotiate datalink layer parameters. When a
Configure Ack is received at both ends of the link, the link enters
the open state and goes into the Authentication phase. The
following options may be exchanged during this phase:
- Maximum Receive Unit
- Authentication Protocol
- Quality Protocol
- Magic Number
- Protocol Field Compression
- Address and Control Field Compression
Authentication Phase (optional)
During this phase, each end of the link authenticates each other
using an agreed upon protocol such as PAP or CHAP. The link does
not proceed to the Network Layer Protocol phase until
authentication is successful. If authentication fails, then the
link goes to the Link Termination phase.
Network Layer Protocol Phase
During this phase, each end exchanges Configure Request and
Configure Ack packets to active any supported network layer
protocols using the appropriate NCP. Once an NCP is opened, the PPP
link transports data across the link.
Link Termination Phase
This phase terminate the PPP link, which may be caused by
physical link failure, link quality failure, configuration
rejection, or authentication failure. The network administrator can
also disable the link for diagnostic purposes. LCP uses Terminate
Request packets to terminate the link and notifies the appropriate
NCPs that the link is terminating.
-
Module 1 PPP Review
2003 Cisco Systems, Inc. Version 1.0 123
PPP Link Operation
PPP Link Operation
Link Dead PhaseLink Establishment Phase
Authentication Phase
Network-Layer Protocol Phase
Data Exchange
Link Termination Phase
Configure Request
Configure Ack
IPCP Configure Request
IPCP Configure Ack
Data
Terminate Request
Terminate Ack
Configure AckConfigure Request
IPCP Configure AckIPCP Configure Request
Data
Terminate AckTerminate Request
Authentication Packets Authentication Packets
-
Broadband Aggregation Architectures Module 1
124 Version 1.0 Implementing Broadband Aggregation
PPP Broadband Access Methods
PPP Methods
In broadband applications, there are two general ways in which
PPP is implemented.
PPP over ATM (PPPoA)
PPP over Ethernet (PPPoE)
You will o ften see the abbreviation to PPPoX, which
collectively refers to all methods of PPP over ATM, Ethernet, and
so on.
PPPoA
PPPoA works in an ATM environment. It relies on the presence of
a VC between the CPE and the aggregation device. The PPP session is
between CPE and the aggregator. The CPE is responsible for
authenticating with the aggregator.
With PPPoA, the CPE can run NAT for multiple users behind the
CPE and conserve IP addresses. However, since there is a single PPP
session per VC, the users are limited to selecting a single
service, that is, a single ISP.
PPPoE
PPPoE is similar PPPoA in that it establishes a PPP session with
the aggregation device. PPPoE has the following key differences
from PPPoA:
Each host behind the CPE establishes it own PPP session.
The CPE acts as a bridge.
PPPoE is not restricted for use over ATM
PPPoE is suitable for residential customers with multiple PCs
behind the CPE that need the flexibility to access multiple
services simultaneously. An important consideration, though, is
that the PPPoE client software needs to be installed on the PC.
There are multiple variations of PPPoE that we will learn about
later:
PPPoEoA
PPPoEoE
PPPoEo802.1q
-
Module 1 PPP Broadband Access Methods
2003 Cisco Systems, Inc. Version 1.0 125
PPP Broadband Access Methods
PPPoA PPP session initiated by CPE PPPoE PPP sessions initiated
by the client
DSLAM
AggregationDevice
Core
Bridged CPE
CPE
PPPoA
PPPoE
PPP Session
PPP Sessions
ISP1.com
ISP2.com
-
Broadband Aggregation Architectures Module 1
126 Version 1.0 Implementing Broadband Aggregation
PTA
PPP termination and aggregation (PTA) is the point at which
PPPoX session are terminated, that is, the aggregation device. From
this point, user data is extracted from the PPP frames and
forwarded to its destination, such as an ISP or corporation.
With PTA, the service is selected based on structured domain
name ([email protected]), and it supports one service at a time.
The IP traffic is forwarded to a single routing domain.
PTA is generally used by providers for their own customer if
regulations allow it.
-
Module 1 PTA
2003 Cisco Systems, Inc. Version 1.0 127
PTA
PPP termination and aggregation Terminate PPP sessions at the
aggregation device Route IP data to the ISP or corporate site
DSLAM
AggregationDevice Internet
Bridged CPE
CPE
PPPoA
PPPoE
PPP Session
PPP Sessions
PTA IP Route
-
Broadband Aggregation Architectures Module 1
128 Version 1.0 Implementing Broadband Aggregation
L2TP
Description
Layer 2 Tunneling Protocol (LT2P) is an extension to PPP. It was
introduced to allow use of PPP between different networks and
multiple communication links.
L2TP extends the PPP session beyond the PTA that you saw in the
previous illustration to a destination closer to the service that
the user wants to access. L2TP accomplishes this by setting up a
tunnel over multiple links and networks between an access
concentrator and a network server. The PPP session that would have
been terminated at the concentrator is then continued through the
tunnel to the server.
L2TP is an important component of VPNs. Between the access
concentrator and network server, the service provider does not look
at the subscriber traffic beyond the Layer 2 information after the
session is established.
Benefits of L2TP
The following are benefits of L2TP:
Supports multiple protocols
Allows use of unnumbered IP addresses
Centralization of login and authentication operations
Shares access to core network components
Overlapping CPE IP addresses
Components of L2TP
The following are some o f the major components of L2TP:
L2TP access concentrator (LAC) initiates the tunnel to the LNS.
It forwards PPP traffic between the subscriber and the LNS.
L2TP network server (LNS) terminates the tunnel from the LAC. It
terminates the PPP session and extracts user data for further
forwarding.
L2TP Tunnel exits between the LAC and LNS. It encapsulates the
PPP traffic with header information necessary to support the
tunnel.
-
Module 1 L2TP
2003 Cisco Systems, Inc. Version 1.0 129
L2TP
Layer 2 Tunneling Protocol
Terminate PPP sessions at the ISP or corporate site
DSLAM
AggregationDevice
IPCore
Bridged CPE
CPE
PPPoA
PPPoE
PPP Session
PPP Session
ISP1.com
ISP2.com
LAC
Tunnel
LNS
LNS
-
Broadband Aggregation Architectures Module 1
130 Version 1.0 Implementing Broadband Aggregation
AAA
Authentication, authorization, and accounting (AAA) provides
three functions, provided by an AAA server that maintains a
database of users.
AAA Functions
Authentication identifies the users. The user login name and
password are checked against the AAA database to determine whether
a user is allowed to access the network.
Authorization determines what the users can do. The AAA database
stores attributes that determine the users capabilities and
restrictions.
Accounting tracks what the users have done. Accounting collects
information in the database about user access, traffic statistics,
and resource usage. This information can then be used for billing
and network management.
AAA Methods
Three methods are generally used to provide AAA services. One or
more of these may be used concurrently.
Local the router or access server consults its local database.
Username/password pairs are configured in Cisco IOS software.
Remote Authorization Dial-In User Service (RADIUS) a client
(router) and server (UNIX or NT) model. Each username and
associated attributes are stored within the RADIUS database.
Terminal Access Control Access Control Server + (TACACS+) a
server that separates authentication, authorization, and accounting
functions. The router accesses the TACACS+ servers database where
user information and capabilities are maintained.
AAA Usage
AAA plays an important role with PPP and L2TP in controlling
user sessions and tunnels. AAA services are used at the PTA, LAC,
and/or LNS and are commonly provided by means of RADIUS servers.
These are some of the important functions that AAA provides:
Authenticates subscriber PPP sessions
Provides L2TP tunnel attributes to the LAC
Provide subscriber IP addresses
-
Module 1 AAA
2003 Cisco Systems, Inc. Version 1.0 131
AAA
Authentication, authorization, and accounting (AAA)- Who can
access the network- What can they access- Usage tracking
Authentication methods- Local- RADIUS- TACACS+
AAAUser
RADIUS
TACACS+
LocalAAA
PPP L2TP
-
Broadband Aggregation Architectures Module 1
132 Version 1.0 Implementing Broadband Aggregation
Managed LNS
Description
Managed LNS is a term used to identify an implementation of
session termination. It makes use of virtual routing and forwarding
(VRF) at the LNS or PTA. The LNS/PTA aggregator terminates the L2TP
tunnel or PPP sessions and places the sessions in the appropriate
VRF. The sessions are then forwarded through a separate logical and
physical interface to their respective upstream customer sites.
______________________________Note
__________________________
An earlier Cisco implementation of this function was PTA
Multi-Domain (PTA-MD).
_____________________________________________________________
Benefits
Some of the benefits of using a managed LNS architecture include
the following:
Subscribers communicate directly with customer AAA without
needing a proxy AAA server.
Multiple VRFs separate customer traffic without the overhead of
L2TP tunneling.
IP addresses are conserved by allowing use of overlapping IP
address space.
-
Module 1 Managed LNS
2003 Cisco Systems, Inc. Version 1.0 133
Managed LNS
Deploy virtual router (LNS/PTA) for each upstream customer to
improve service scale
Communicate directly with customer AAA without needing proxy
Multiple VRFs separate customer traffic without overhead of L2TP
tunneling
Customer B
Customer A
SPNetwork
AAA
AAA
LNS/PTA
VRFClients
DHCP
DHCP
AAA
VRFL2TP or PPP
-
Broadband Aggregation Architectures Module 1
134 Version 1.0 Implementing Broadband Aggregation
Remote Access into MPLS
Description
Remote Access into MPLS (RA-MPLS) is very similar to the
previous architecture managed LNS. Like managed LNS, subscriber
logical connections are placed into a VRF instance at the broadband
remote access server (BRAS).
The distinction with RA-MPLS is that the VRFs are MPLS tag
interfaces. Additionally, the BRAS router that terminates the VPN
tunnels functions as a provider edge (PE) router.
RA-MPLS may start as the managed LNS model using multiple VRFs
as a migration towards MPLS.
MPLS core networks are typically more flexible and scalable than
pure IP networks, but they are more complex to initially
deploy.
Benefits
RA-MPLS offer these same benefits as managed LNS:
Subscribers communicate directly with customer AAA without
needing a proxy AAA server.
Multiple VRFs separate customer traffic without the overhead of
L2TP tunneling.
IP addresses are conserved by allowing use of overlapping IP
address space
Additional benefits of RA-MPLS include the following:
Supports RBE and RFC 1483 Routing besides PPPoX
Can be an alternative to L2TP
-
Module 1 Remote Access into MPLS
2003 Cisco Systems, Inc. Version 1.0 135
Remote Access into MPLS
PPPoX to MPLS VPN RBE to MPLS VPN L2TP to MPLS VPN 1483 Routed
to MPLS VPN
NSP
CorporationPEPE
AAA
AAA
BRASBRASPEPE
PEPE
MPLS Network
Clients
AAADHCP
-
Broadband Aggregation Architectures Module 1
136 Version 1.0 Implementing Broadband Aggregation
SSG and SESM
SAM Overview
Subscriber Access and Management (SAM) allows subscribers to
manage the services they wish to use. SAM consists of the following
components:
Service Selection Gateway (SSG)
Subscriber Edge Service Manager (SESM)
AAA server
Lightweight Directory Access Protocol (LDAP) directory
SAM is independent of the type of subscriber access technology;
that is, it works with DSL, dial, leased line, and wireless
technologies. Additionally, users can use this service with their
PC, WAP or PDA access device.
SSG
SSG is an Cisco IOS feature that is available on selected Cisco
aggregation routers. The following are some of the key features and
functions of SSG:
Imposes sophisticated access control on a per-subscriber basis
to network resources
Enables subscribers to selectively access different services
based on their Layer 2 or Layer 3 connectivity to the service
providers
SESM
SESM is a Cisco software application that runs on Windows
2000/NT or Solaris and Linux platforms. SESM enables users to
manage their service selection experience by allowing them to
perform the following functions:
Personalized service lists
Service connect/d isconnect
Personal firewall provisioning
Service subscription
Self-care account management
Subaccount creation
SESM also has a service developer kit that enables third-party
and application developers to build their own applications or to
integrate directly to their existing operations infrastructure.
-
Module 1 SSG and SESM
2003 Cisco Systems, Inc. Version 1.0 137
SSG and SESM
AAA Directory
Dial
ADSL
GGSN/PDSN
Notebook
PDA
WAP
Leased Line
SESM
PC
Internet
CorporateVPN
Open Garden802.11b
ContentServicesGateway(CSG)
-
Broadband Aggregation Architectures Module 1
138 Version 1.0 Implementing Broadband Aggregation
SSG and SESM (continued)
Service Provider Benefits
In addition to the user benefits that SAM provides, service
providers may wish to provide the service for the following
reasons:
Access alone will not make money
Advertise and sell value-added services to their subscribers
Retain their subscribers with services that lock them in
-
Module 1 SSG and SESM
2003 Cisco Systems, Inc. Version 1.0 139
SSG and SESM (continued)
AAA Directory
Dial
ADSL
GGSN/PDSN
Notebook
PDA
WAP
Leased Line
SESM
PC
Internet
CorporateVPN
Open Garden802.11b
ContentServicesGateway(CSG)
-
Broadband Aggregation Architectures Module 1
140 Version 1.0 Implementing Broadband Aggregation
Summary
Broadband Aggregation Architectures
In this module, you learned the following:
Various broadband aggregation architectures
The technologies used by each architecture and how each
architecture functions
Benefits of each architecture
-
Module 1 Review Questions
2003 Cisco Systems, Inc. Version 1.0 141
Review Questions
Broadband Aggregation Architectures
1. List the segments that make up a broadband subscriber network
environment.
_________________________________________________________
2. A service provider that provides the access connection to the
subscriber and connects the subscriber to the NSP is characteristic
of a _________________________ service.
3. Which of the following is not characteristic of a VC
service?
a. NAPs do not need to deal with IP address management.
b. The NAP determines the users encapsulation method.
c. End-to-end provisioning takes time.
d. It is a wholesale service that a NAP would provide.
e. It does not scale well.
4. Which of the following is a reason that RBE is preferred over
strict RFC 1483 bridging?
a. With RBE, the CPE is in routing mode rather than in bridging
mode.
b. The PC encapsulates Layer 3 data into Ethernet.
c. RBE is more secure and scalable than RFC1483 bridging.
d. RBE is more suitable for business applications.
5. Which of the following statements are true when comparing
PPPoA to PPPoE? Choose three.
a. The CPE functions as a router with PPPoA and as a bridge with
PPPoE.
b. The PPP session is initiated by the CPE with PPPoA and by the
PC with PPPoE.
c. The CPE is able to run NAT for both methods and conserve IP
addresses.
d. PPPoA functions only with ATM access methods and PPPoE
functions only with Ethernet access methods.
e. When there are multiple users behind the CPE, PPPoE is more
flexible than PPPoA for selection of multiple services.
-
Broadband Aggregation Architectures Module 1
142 Version 1.0 Implementing Broadband Aggregation
6. What is the preferred method for authenticating PPP sessions?
______________________________
7. When comparing L2TP to PTA, which of the following identify
distinct advantages of L2TP over PTA? Choose two.
a. PPP sessions may be terminated at the NSP rather than the
NAP.
b. L2TP supports multiple protocols.
c. L2TP shares access to core components.
d. The access provider only looks at the Layer 2
information.
8. What functionality on a Cisco router do managed LNS and
RA-MPLS make use of?
__________________________________________________
9. Which of the following distinguishes RA-MPLS from managed
LNS?
a. RA-MPLS supports RBE.
b. RA-MPLS allows use of overlapping IP addresses.
c. RA-MPLS does not require L2TP.
d. RA-MPLS supports PPPoX.
10. What does SSG enable subscribers to do?
________________________________________________________________
-
2003 Cisco Systems, Inc. Version 1.0 21
Module 2 RBE and RFC 1483 Routing
Overview
Description
In this module, you will learn how Routed Bridge Encapsulation
(RBE) and RFC 1483 routing work, along with their typical
architectures and benefits. You will then perform hands-on
exercises to configure, test, and verify RBE and RFC 1483
routing.
Objectives
After completing this module, you will be able to do the
following:
Describe the typical architecture of RBE
Identify the protocol stack elements associated with RBE and
describe how RBE works
Configure RBE on Cisco routers
Identify the advantages and disadvantages of RBE
Describe the typical architecture of RFC 1483 routing
Identify the protocol stack elements associated with RFC 1483
routing and describe how RFC 1483 routing works
Configure RFC 1483 routing on Cisco routers
Identify the advantages and disadvantages of RFC 1483
routing
-
RBE and RFC 1483 Routing Module 2
22 Version 1.0 Implementing Broadband Aggregation
Typical RBE Architecture
Foundation
Routed Bridge Encapsulation (RBE) is based on RFC 1483 bridging
architecture. RBE is designed to overcome some of the limitations
of RFC 1483 bridging, including broadcast storms, scalability, and
security. It makes use of the routed bridge function in the
aggregation router.
Key Functional Components
The following are key functional components of RBE.
Bridged CPE
With RBE, the CPE functions as a bridge using RFC 1483 bridging.
From the perspective of a PC and customer premises equipment (CPE),
there is no functional difference between pure RFC 1483 bridging
and RBE. The 802.3 encapsulated protocol data units (PDU) are sent
to the CPE, which then encapsulates them into ATM cells and
forwards them over a virtual connection (VC) to the aggregation
device.
Aggregator
At the aggregation device we see the key difference between pure
RFC 1483 bridging and RBE. With RFC 1483 bridging, the aggregator
receives the Ethernet PDU into a bridge group and determines
whether to bridge or route based upon the contents of the Layer 2
and Layer 3 headers. With RBE, the aggregator receives the Ethernet
PDU into an ATM routed bridge and makes a forwarding decision based
upon the Layer 3 information.
______________________________Note
__________________________
When you configure the aggregator for RBE, part of the Cisco IOS
configuration process is to include the ATM routed bridge for IP
traffic on the ATM subinterfaces.
_____________________________________________________________
-
Module 2 Typical RBE Architecture
2003 Cisco Systems, Inc. Version 1.0 23
Typical RBE Architecture
DSLAMAggregation
Device
Core
Bridged CPE
Bridged CPE
RFC 1483 bridged PDUs802.3 Routed
Bridge
-
RBE and RFC 1483 Routing Module 2
24 Version 1.0 Implementing Broadband Aggregation
RFC 1483 Bridging Protocol Stack
The illustration shows the protocol layers used to transport
upper layer data through the network. Although RFC 1483 is not
restricted to 802.3 and IP for transporting Layer 2 and Layer 3
protocol data units (PDUs), they are used to explain its
operation.
802.3
The IP datagram is encapsulated in the 802.3 frame, also know as
the bridge protocol data unit (BPDU), by the PC and the aggregation
router.
CPE Encapsulation
The illustration shows the combination protocol stack used by
the PC and the xDSL Termination Unitremote (xTU-R). The PC takes
the upper layer protocol data, encapsulates it in the 802.3 header,
and forwards it to the xTU-R. The xTU-R provides the ATM related
services and layers to exchange ATM cells with the aggregation
device, including RFC 1483, ATM adaptation layer 5 (AAL5), ATM, and
physical layer functions.
-
Module 2 RFC 1483 Bridging Protocol Stack
2003 Cisco Systems, Inc. Version 1.0 25
RFC 1483 Bridging Protocol Stack
AggregatorCustomerPremises
AggregatorDSLAM
PC/xTU-R
DSLAM NSP/CorporateNetwork
RouterL3core
IP
802.31483AAL5ATMPHY
IP
ATM,FR,Etc.PHY
IP
ATM,FR,Etc.PHY
IP
802.31483AAL5ATMPHY
ATMPHY
ATMPHY
RFC 1483 over ATM
PVC
IP
-
RBE and RFC 1483 Routing Module 2
26 Version 1.0 Implementing Broadband Aggregation
RFC 1483 Bridging Protocol Stack (continued)
RFC 1483
The RFC 1483 standard describes two encapsulation methods for
multiplexing and transporting datalink and network layer protocols
over AAL5 over ATM:
Multiple protocols multiplexed over a single ATM virtual
connection
Each protocol is carried over a separate ATM virtual
connection
For the first method, additional headers are included to
identify the PDU. A common implementation is to include the 3-byte
logical link control (LLC) and 5-byte Subnetwork Access Protocol
(SNAP) header to identify the bridged or routed PDU that
follows.
With virtual connection (VC) multiplexing, each unique bridged
or routed protocol is carried over a unique VC.
______________________________Note
__________________________
It is important that you understand the two multiplexing
methods. You must choose one of the two when you configure the VC.
The method you choose must match at both ends of the VC. The VC is
in this illustration is the PVC.
_____________________________________________________________
AAL5
ATM Adaptation Layer 5 (AAL5) is a common means of encapsulating
connectionless PDUs. An 8-byte trailer is added to the PDU.
ATM and PHY
The AAL5-encapsulated PDU is segmented into 48-byte payloads
that make up the 53-byte ATM cells. The physical layer then
transports the cells.
-
Module 2 RFC 1483 Bridging Protocol Stack
2003 Cisco Systems, Inc. Version 1.0 27
RFC 1483 Bridging Protocol Stack (continued)
AggregatorCustomerPremises
AggregatorDSLAM
PC/xTU-R
DSLAM NSP/CorporateNetwork
RouterL3core
IP
802.31483AAL5ATMPHY
IP
ATM,FR,Etc.PHY
IP
ATM,FR,Etc.PHY
IP
802.31483AAL5ATMPHY
ATMPHY
ATMPHY
RFC 1483 over ATM
PVC
IP
-
RBE and RFC 1483 Routing Module 2
28 Version 1.0 Implementing Broadband Aggregation
How Does RBE Work?
The following steps describe how RBE operates using IP as the
Layer 3 protocol.
CPE and Aggregator
Between the CPE and the aggregation router, the following
operations occur:
The CPE encapsulates the BPDUs using RFC 1483, AAL5, and ATM
protocols.
The ATM cells are switched through the ATM network to the
aggregation router.
At the aggregation router, the cells are reassembled.
The reassembled BPDUs are received at the ATM interface, which
operates as a routed bridge interface when RBE is enabled.
Incoming Frames
For frames originating from the subscriber end, the following
events happen at the aggregation device.
The aggregation router ignores the bridge header and examines
the IP datagram header to make a forwarding decision.
The packet is forwarded based upon the destination IP
address.
-
Module 2 How Does RBE Work?
2003 Cisco Systems, Inc. Version 1.0 29
How Does RBE Work?
CPE is standard bridge Subscriber traffic is carried in BPDU The
routed bridge interface is treated as routed
interface
For packets originating from the subscriber end- Ethernet header
is skipped- Packet forwarded based on Layer 3 information
DSLAM AggregationDevice
CoreBridged CPE
-
RBE and RFC 1483 Routing Module 2
210 Version 1.0 Implementing Broadband Aggregation
How Does RBE Work? (continued)
Outgoing Frames
For frames destined for the subscriber end, the following
happens at the aggregation device.
The router checks the destination IP address in the packet
The outbound interface is determined from the IP routing
table
The Address Resolution Protocol (ARP) table is checked for the
destination MAC address. If none is found, then an ARP request is
sent out only on the destination interface, not all interfaces as
with bridging.
If the datagram is multicast traffic, then it is forwarded only
on the interfaces where Internet Group Management Protocol (IGMP)
joins were received.
-
Module 2 How Does RBE Work?
2003 Cisco Systems, Inc. Version 1.0 211
How Does RBE Work? (continued)
For packets destined to the subscriber end- Destination IP
address is checked on the packet- Outbound interface is determined
from routing table- ARP table is checked for the destination MAC
address, if
none found then ARP request sent out only on destination
interface
- Multicast traffic is forwarded only on interfaces where IGMP
joins were received
DSLAM AggregationDevice
CoreBridged CPE
-
RBE and RFC 1483 Routing Module 2
212 Version 1.0 Implementing Broadband Aggregation
RBE Configuration
Configuration Methods
The configuration of the Cisco aggregation router is based on
the drawing that follows. There are four general ways that RBE can
be configured on the aggregation router.
Numbered subinterfaces Unique addresses are assigned to each ATM
subinterface, and static addresses are assigned on subscriber
hosts.
Numbered subinterfaces with DHCP Unique addresses are assigned
to each ATM subinterface, and DHCP-assigned addresses for
subscriber hosts.
Unnumbered subinterfaces An unnumbered loopback address is
assigned to each ATM subinterface with static routes to each
subscriber, and static addresses are assigned on subscriber
hosts.
Unnumbered subinterface with DHCP An unnumbered loopback address
is assigned to each ATM subinterface with DHCP-assigned addresses
for subscriber hosts.
Of these methods, the first two are the least preferred because
they require individual subnets on each ATM subinterface and waste
IP address space. The example configurations that follow show the
last two methods.
-
Module 2 RBE Configuration
2003 Cisco Systems, Inc. Version 1.0 213
RBE Configuration
IP=192.168.1.2GW= 192.168.1.1
IP=192.168.1.1
IP=192.168.1.4GW= 192.168.1.1
DSLAM AggregationDevice
Core
Bridged CPE
Bridged CPE
IP=192.168.1.3GW= 192.168.1.1
Four methods:Numbered subinterfacesNumbered subinterfaces with
DHCPUnnumbered subinterfacesUnnumbered subinterfaces with DHCP
-
RBE and RFC 1483 Routing Module 2
214 Version 1.0 Implementing Broadband Aggregation
RBE Configuration (continued)
RBE Configuration Unnumbered Interfaces with Static
Addressing
Complete the following steps on the Cisco aggregat ion router to
support RBE using unnumbered interfaces. DHCP is not used with this
method; instead host addresses must be assigned to each subscriber
host.
1. Create a loopback interface with an IP address from the range
of addresses assigned to the subscribers.
2. For each subscriber, create a point-to-point ATM
subinterface.
3. On the subinterface, assign an IP unnumbered association to
the loopback interface.
4. On the subinterface, add an ATM route-bridged for IP.
5. On the subinterface, add a PVC.
6. On the PVC, indicate the AAL5 encapsulation type: SNAP or VC
mux.
7. Create static routes to the subscriber IP addresses.
-
Module 2 RBE Configuration
2003 Cisco Systems, Inc. Version 1.0 215
RBE Configuration Unnumbered Interfaces with Static
Addressing
interface Loopback0ip address 192.168.1.1 255.255.255.0no ip
directed-broadcast
!interface ATM0/0/0.132 point-to-pointip unnumbered Loopback0no
ip directed-broadcastatm route-bridged ippvc 1/32 encapsulation
aal5snap
!interface ATM0/0/0.133 point-to-pointip unnumbered Loopback0no
ip directed-broadcastatm route-bridged ippvc 1/33encapsulation
aal5snap
!interface ATM0/0/0.134 point-to-pointip unnumbered Loopback0no
ip directed-broadcastatm route-bridged ippvc 1/34encapsulation
aal5snap
ip route 172.168.1.2 255.255.255.255 ATM0/0/0.132ip route
172.168.1.3 255.255.255.255 ATM0/0/0.133ip route 172.168.1.4
255.255.255.255 ATM0/0/0.134
1
23
456
7
-
RBE and RFC 1483 Routing Module 2
216 Version 1.0 Implementing Broadband Aggregation
RBE Configuration (continued)
RBE Configuration Unnumbered Interfaces with DHCP
Complete the following general steps on the Cisco aggregation
router to support RBE using unnumbered interfaces with DCHP
support. Subscriber hosts are assigned addresses from the DHCP pool
in Cisco IOS or from an external DHCP server. Configuration steps
for using either Cisco IOS DHCP or an external DHCP server are
shown in the example.
______________________________Note
__________________________
This method avoids the need to create static routes for
subscriber hosts.
_____________________________________________________________
1. Create a loopback interface with an IP address in the range
of addresses assigned to the subscribers.
______________________________Note
__________________________
Perform steps 2 and 3 when Cisco IOS DHCP server is used.
_____________________________________________________________
2. Identify the IP address of the loopback interface within the
DHCP pool that should be excluded from assignment to clients.
3. Create a DHCP pool including the network range of addresses
and default router IP address.
4. Create a point-to-point ATM subinterface.
5. On the subinterface, assign an IP unnumbered association to
the loopback interface.
6. On the subinterface, add an ATM route-bridged for IP.
7. On the subinterface, add a PVC.
8. On the PVC, indicate the AAL5 encapsulation type; SNAP or VC
mux.
______________________________Note
__________________________
Perform step 9 when an external DHCP server is used.
_____________________________________________________________
9. On the subinterface, use the ip helper-address command to
point to an external DHCP server.
It is possible to use multiple loopback interfaces. The IP
address associated with the loopback interface identifies the
subnet addresses used for DHCP address assignment.
-
Module 2 RBE Configuration
2003 Cisco Systems, Inc. Version 1.0 217
RBE Configuration Unnumbered Interfaces with DHCP
ip dhcp excluded-address 192.168.1.1!ip dhcp pool RBE
network 192.168.1.0 255.255.255.0default-router 192.168.1.1
!interface Loopback1ip address 192.168.1.1 255.255.255.0
!interface ATM2/0/0.132 point-to-pointip unnumbered Loopback1atm
route-bridged ippvc 1/32encapsulation aal5snap
ip helper-address 52.20.10.100!interface ATM2/0/0.133
point-to-pointip unnumbered Loopback1atm route-bridged ippvc
1/33encapsulation aal5snap
ip helper-address 52.20.10.100!interface ATM2/0/0.134
point-to-pointip unnumbered Loopback1atm route-bridged ippvc
1/34encapsulation aal5snap
ip helper-address 52.20.10.100
2
3
45678
1
9
Mutually exclusive
-
RBE and RFC 1483 Routing Module 2
218 Version 1.0 Implementing Broadband Aggregation
RBE Advantages and Disadvantages
Advantages
RBE was developed to address some of the issues faced by the RFC
1483 bridging architecture. RBE retains the major advantages of RFC
1483 bridging architecture, while eliminating most of its
drawbacks.
Is requires minimal configuration at the CPE, which is important
for service providers.
It is easy to migrate from pure bridging architecture to RBE, as
there is no change at the subscriber end.
RBE overcomes security problems with pure bridging by avoiding
IP hijacking and ARP spoofing.
RBE prevents broadcast storms by using point-to-point
connections.
Compared to pure bridging, RBE provides superior performance
because of routing implementation at the aggregation device. RBE is
more scalable because it does not have bridge group
limitations.
-
Module 2 RBE Advantages and Disadvantages
2003 Cisco Systems, Inc. Version 1.0 219
RBE Advantages and Disadvantages
Advantages
Minimal configuration of CPE
Compared to RFC 1483 with IRB, RBE separates shared bridging
domain into individual routed interfaces which give
- Control of broadcast domains No broadcast attacks- Increased
security No spoofing of IP addresses via ARP
RBE is CEF switched and provides bet