© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 1
Subscriber Aware Ethernet: Traditional Broadband Functions over Next-Gen Carrier Ethernet Networks Brian Cox Technical Marketing Engineer
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 2
Agenda
� The Next Wave of Broadband ‒ User Centric Network
‒ Identity and Services
‒ Access Technology Abstraction
‒ Intelligent Services Gateway—ISG
� ISG Overview ‒ What is ISG?
‒ Northbound Interfaces
‒ ISG Sessions
‒ ISG Services
‒ Cisco Policy Language
� ISG Configuration Example
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 3
The Next Wave of Broadband
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 4
Evolution in Service Provider Network Architectures
Increased revenue by decreasing cost of managing
and maintaining multiple networks
Increased overall revenue by increasing revenue per user:
� Customized services � Rapid deployment of new
services based on market trends � Subscriber Self Subscription and
Self Care
Diverged “per Service”
Networks
Converged “All in One”
Networks
Converged “User Centric”
Networks
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 5
The New User Experience Enabling the Next Wave of Broadband
Add Subscribers
Pay As You Go!
Buy credit
Pay What You Use!
Buy
Broadband Light
Buy: $19.99
Broadband Basic
Buy: $29.99
Broadband Premium Buy: $39.99
Branded VoD ($4.99/movie)
Branded TV ($29.99)
Branded Phone ($15.99 + LD)
Add Value
Add Services
Register Log in
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 6
Subscriber identified using multiple dimensions. Identity gathered: � From multiple sources and events � Over session lifecycle
Services and Rules updated based on : � How subscriber behaves � What he requires NOW
Different Services and Rules applied based on: � Who subscriber is � Where he is � What he requires
The Elements of Customization
Identity
Differentiated Services
Dynamic Service Management
Intelligent Services Gateway
Subscriber Services
Subscriber Sessions
Subscriber Services
Session creation/ authentication
Dynamic Policy Push and Pull
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 7
Building the Identity and Assigning Services
MAC Addr: 00:DE:34:F1:C0:28 IP Addr: ? Username: ? Service: DEFAULT_SRV
Subscriber Session
T0
DHCP Exchange Starts
MAC Addr: 00:DE:34:F1:C0:28 IP Addr: 10.1.1.211 Username: ? Service: DEFAULT_SRV
Subscriber Session
T1
DHCP Exchange Completes(*)
MAC Addr: 00:DE:34:F1:C0:28 IP Addr: 10.1.1.211 Username: Brian Service: PPU_SRV
Brian Subscriber Session
T2
Subscriber Authentication(*)
MAC Addr: 00:DE:34:F1:C0:28 IP Addr: 10.1.1.211 Username: Brian Service: PREMIUM_FR_SRV
Brian Subscriber Session
TN
Dynamic Service Update
Identities
Services
DEFAULT_SRV Only permits management traffic through the session
PPU_SRV Pay Per Use Service: - Permits all traffic - 512K/1Mbps US./DS - Accounting enabled on session
PREMIUM_FR_SRV Flat Rate Premium Data Service: - Permits all traffic - 1M/8Mbps US/DS
ISG
Subscriber
(*) Order of operations not representative of a real call flow
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 8
Open Garden Walled Garden
Access Technology Abstraction
ATM/Ethernet Switch
DSL
802.11 or 802.16
Access Distribution Ethernet
CMTS Cable
� Subscriber-centric services regardless of: Access Technology Access Protocol
� Access Technology: Legacy DSL/ATM Metro Ethernet, Wireless LAN, Cable
� Access Protocol: IP PPP
DSLAM
BRAS/BNG
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 9
Policy Server
What Is ISG?
Cisco Intelligent Services Gateway (ISG) is a licensed feature set on Cisco IOS that provides Session Management and Policy Management services to a variety of access networks Addresses PPPoE to IPoE migration while maintaining all subscriber management functions
Subscriber Identity
Management
Policy Management
and Enforcement
DHCP Server AAA
Server
ISG
Web Portal
Open Northbound Interfaces
Subscriber Policy Layer
So focal, that the entire device is often referred as an: Intelligent Services Gateway router or simply “The ISG”
ISG
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 10
ASR 5000
Fixed Mobile Convergence
ASR 9000 Emerging Large Scale BNG
Platform
ASR 1000 Current Primary BNG
Platform
Platforms Different Products for Different Solution Segments
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 11
ISG Overview
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 12
ISG’s Place in the Network
� Subscriber Identification � Subscriber Authentication � Subscriber Services
Determination and Enforcement � Dynamic Service update
� Deployed at access or service edge
� Communicates with other devices to control all aspects of subscriber access in the network
� Single point of contact
Walled Garden Open Garden
Guest Portal
AAA Server
Policy Server
Web Portal
DHCP Server
Subscriber Policy Layer
Video Audio Servers
Internet/Core
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 13
Walled Garden Open Garden
Guest Portal
DHCP Server
Subscriber Policy Layer
ISG’s Dynamic Policy Activation
Walled Garden Open Garden
Guest Portal
DHCP Server
AAA Server
Subscriber Policy Layer
Dynamic Policy Push (e.g. “Turbo Button”)
Policy Server
Application/ Service Layer event
Web Portal
Dynamic Policy Pull (e.g. Automatic Service-Profile
Download on Session Establishment)
Web Portal
Policy Server
Network Layer Event
AAA Server
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 14
The Subscriber Session in ISG
� Construct within Cisco IOS that represents a subscriber ‒ subscriber: billable entity and/or an entity that should be authenticated/authorize
� Common context on which services are activated � Created at first sign of peer activity (FSOL = First Sign Of Life)
Walled Garden Open Garden
Internet/Core
Guest Portal
Subscriber Policy Layer
Video Audio Servers
Subscriber 1
Subscriber 2
Subscriber 3
Subscriber 1 session
Subscriber 2 session
Subscriber 3 session
AAA Server
Policy Server
Web Portal
DHCP Server
ISG Session
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 15
ISG Session Types
� Based on Subscriber Access Protocol � Sessions Supported:
Dynamically Created Sessions:
PPP sessions
IP sessions
IP “Subnet” sessions
Ethernet sessions
ISG Session
Statically Created Sessions:
Interface sessions (IP-based)
Ethernet sessions
Session
Initiation
Authentication Termination
Service Activation
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 16
Subscriber Dynamic Sessions
Access Distribution
Ethernet
PPPoA
PPPoEoA
PPPoL2TP
ATM
PPP Sessions
Phy ATM AAL5 1483 PPP IP
Eth
IP PPP
PPPoE
Phy
IP PPP
Phy ATM AAL5 1483
PPPoEoE / PPPoEoVLAN/PPPoEoQnQ
Phy Eth
IP PPP
PPPoE .1Q QnQ
ATM
Eth
ATM Eth IP
IP/UDP L2TP
IP Sessions
Eth
Native IP capable transport technologies
802.11, 802.16
Any access technology
IP
IP
Phy Eth
IP
Phy Eth
IP–Layer2 Connected
IP–Routed
802.3 based main intfes Subinterfaces: .1q, QnQ
Virtual Template w/ Virtual Access (sub)Interfaces
ATM,Eth,..
ISG Session
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 17
Dynamic Session Initiation
� ISG sessions are initiated at the First Sign of Life (FSOL) � FSOL depends on the Session Type
PPP Sessions - FSOL IP Sessions - FSOL .... there are options .....
DHCP
DHCP discover
Data Traffic
Unclassified MAC or IP � IP packet with unknown MAC or IP source address
Use MAC for L2-connected IP sessions
Use IP for routed IP sessions
� DHCP Discover message � ISG must be DHCP Relay or
Server
� RADIUS Access/Accnt Start � ISG must be a Radius Proxy � Typically used in PWLAN and
WiMAX environments
ISG Session
RADIUS
AP Wireless Client
RADIUS Access Request OR
Accounting Start
PPP Call Request (LCP)
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 18
Session Authentication
Authentication models supported: � Access Protocol Native Authentication:
‒ PPP: CHAP/PAP
‒ IP: EAP for wireless client
‒ DHCP Authentication
� Transparent Auto Logon (TAL): ‒ Authenticates using subscriber related
network identifiers
‒ e.g. MAC/IP address, DHCP Option 82, PPPoE Tags...
� Web Logon
Authentication Is Not Mandatory on a Session, but Used in Most Situations
ISG Session
Authentication: Allow Access to Network Resources Only to Recognized Users
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 19
� Access Switch inserts Option82 Circuit and Remote ID in DHCP Requests
� ISG performs authentication using a combination of Circuit and RemoteID as username
� ISG session must be DHCP initiated
Session Authentication—IP
IP – common scenarios
� ISG performs authentication using identifiers from subscriber traffic (source IP/MAC)
� Mac typically used in IP-L2 connected topologies to support, IP used in IP-routed topologies
+ � User traffic redirected to Web Portal to enter credentials
� User Credentials propagated to the ISG � ISG uses credentials to authenticate user with AAA
server � Applicable to all session types
Dep
loym
ent l
ikel
ihoo
d
-
� User starts EAP authentication with Access Point (AP) � ISG impersonates RADIUS server toward AP and
RADIUS client toward real server � ISG learns session authentication status by proxying
RADIUS messages betw/ real RADIUS client and Server
� ISG session must be RADIUS initiated
EAP Auth
RADIUS Username: EAP username
AAA Server
AP Wireless Client
RADIUS (EAP based auth) EAP
RADIUS Username: MAC:RemoteID:CircuitID
AAA Server
TAL: Option82 Auth
Access SW inserts Option 82 CircuitID/RemoteID
DHCP exchange
AAA Server
RADIUS Username: MAC or IP
Data Traffic
TAL:IP/MAC
RADIUS Username: WebLogon Username
AAA Server
Web Portal
Web Logon
redirection Data Traffic
ISG Session
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 20
DHCP Client
AAA Server
DHCP Server
Mac Authentication for Routed IP sessions
L3 cloud
Data Traffic
DHCP LeaseQuery (Client IP) DHCP LeaseActive (Client IP->MAC)
DHCP Address Assignment exchange
RADIUS Access Request username: Client MAC RADIUS Access Accept username: Client MAC
� Client MAC address not directly available to ISG in routed scenarios with external DHCP server � DHCP Leasequery can be used to retrieve Client MAC address from DHCP Server � Retrieved MAC address can be used:
� for MAC based authentication � as Calling-Station-ID in Accounting Records
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 21
Session Termination ISG Session
PPP Sessions Exclusively IP Sessions Exclusively ICMP/ARP keepalive failure
Keepalive failure ICMP Keepalives used for routed sessions ARP keepalives used for l2-connected sessions
PPP and PPPoX protocol events
ppp disconnect; ppp keepalives or L2TP hellos failure
RADIUS PoD
Policy Manager
RADIUS PoD (Packet Of Disconnect)
DHCP
DHCP Release
OR DHCP lease expiry
DHCP initiated sessions only
Web Portal
Web Logoff
RADIUS CoA Account-Logoff
Idle and Absolute Timeouts/Timer Expiry
IP and PPP Sessions
RADIUS
Wireless Client
RADIUS Accounting Stop EAP
AP
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 22
ISG Services
� Service: A collection of features that are applicable on a subscriber session Service = {feat.1, feat.2,...,feat.n}
Session Administration
Portbundle (PBHK) Keepalives: ICMP and ARP based Timeouts: Idle, Absolute
Traffic Conditioning
QoS: Policing, MQC Security: Per User ACLs
Traffic Forwarding Control
Subscriber Address Assignment Control Redirection: Initial, Permanent, Periodic VRF assignment: Initial, Transfer L2TP assignment
Traffic Accounting
PostPaid Prepaid: Time/Volume based Tariff Switching Interim Broadcast
Feat
ures
Associated to Primary Services
ISG services
� Primary Service: Contains one “traffic forwarding” feature and optionally other features; only one primary service can be active on a session
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 23
ISG Feature Granularity Per Session or Per Traffic Class (TC)?
� ISG Classification resembles Modular QoS CLI (MQC)
� IP ACL (standard or extended) are used to create differential flows (Traffic Classes)
� Each Traffic Class can have a different set of features applied
� A Traffic Class and associated features also referred as TC service
� A Default TC can be used to drop traffic that could not be classified
SubscriberX Data
TC1
TC2
TC3
Flow Features
Session Features
Cla
ssifi
catio
n ACL
ACL
ACL
ISG services
grouped in Session Services
Subscriber Session
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 24
When Should I Use TC Services?
Walled Garden Open Garden
Internet/Core
Guest Portal
AAA Server
Policy Server
Web Portal
DHCP Server
Subscriber Policy Layer
Video Audio Servers
Subscriber Data
ISG services
To identify what traffic should be redirected to an external appliance (Web Logon, Periodic Advertisement)
To offer different QoS levels to different flows
For differentiated billing based on application usage
To permit Open Garden traffic over an unauthenticated session while dropping all other traffic (default drop)
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 25
What Goes Where... Applying Features to Session or TC ISG services
Session Administration
Portbundle (PBHK) x Absolute/Idle Timeouts x x ICMP and ARP keepalives x
Traffic Conditioning
Policing x x MQC x Per User ACLs x
Traffic Forwarding Control
Redirection x x VRF assignment x L2TP assignment x
Traffic Accounting
Postpaid Accounting x x Prepaid Accounting x
Session Traffic Class
(TC)
Note: Restrictions apply; verify feature availability on your platform with the feature navigator
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 26
How Many Features in a Service? How Many Services on a Session?
Subscriber Session
Feature 1 Feature 2
FeatureN
Session Service
ServiceM
Service3
ISG services
Feature
TC ACL Feature 1
FeatureN
TC Service
Session Services No limit in number of features per service A service is smallest atomic configuration unit that can be activated and deactivated
Deactivating a service implies deactivating all associated features
No limit in number of services per session
Good Practice: Different services have different set of features
TC Services No limit in number of features per service No limit in number of services per session
Only a single service at the time applied to traffic Priority based
Standalone features Features can be directly enabled on a session without using a service
Once activated, a standalone feature can be modified, but not removed
No limit in number of features per session
Good Practice: standalone features and session service features do not overlap
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 27
ISG Subscriber Session Building the Data Plane
Feature 1
Session Service
ISG services
Feature 3
Feature 2
TC1
TC2 Feature
1
Feature 2
Feature 1
Feature 3
Feature 2 Traffic
Forwarding Service
AC
L
Feature Feature Feature
TC1
TC2 Data AC
L
Default- Class
Subscriber Session
Forwarding Service Forwarding
(at L2, e.g. L2TP) or Routing
(at L3, e.g. VRF) Mutually exclusive
Flow-Features Apply to the
classified flow (a portion of
entire session traffic)
Session-Features
Apply to the entire session
e.g. per-user ACL, Policing, MQC,
Accounting
Traffic Classification (using traffic
classes: class-map type
traffic)
TC2Service
TC1Service
TC2Service: priority 20 TC1Service: priority 10
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 28
ISG Subscriber Session Traffic Forwarding
Feature 1
Session Service
Feature 3
Feature 2
TC1
TC2 Feature
1
Feature 2
Feature 1
Feature 3
Feature 2 Traffic
Forwarding Service
AC
L
Feature Feature Feature
TC1
TC2 Data AC
L
Default- Class
Subscriber Session
Forwarding Service Forwarding
(at L2, e.g. L2TP) or Routing
(at L3, e.g. VRF) Mutually exclusive
Flow-Features Apply to the
classified flow (a portion of
entire session traffic)
Session-Features
Apply to the entire session
e.g. per-user ACL, Policing, MQC,
Accounting
Traffic Classification (using traffic
classes: class-map type
traffic)
TC2Service
TC1Service
TC2Service: priority 20 TC1Service: priority 10
permit deny
deny
Allow traffic
drop traffic
permit
ISG services
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 29
Defining Services
AAA Server
Location
Policy Manager (supporting the SGI Interface)
Download
� Services defined in Service Profiles � Standard and Vendor Specific
RADIUS attributes used � On demand download on a
need basis
� Services defined in XML
� Pre-download of all existing services
RADIUS Access-request Username: Premium_HSI Password: <service pwd>
RADIUS Access-accept Features associated w/ service
2 � Premium HSI service
should be activated on the session
� No definition yet available
1
� Service Activated on session � Service Stored in local cache
while in use by at least 1 sessions
3
4
SGI Request Premium, Standard, Basic
HSI service definitions
SGI Response
1
• Definition of all existing Services typically pre-downloaded on Box
� Services permanently stored in local database 2
3
ISG � Services pre-configured using CLI
� Services defined on Service Policies: policy-map type service <name>
� Services permanently stored in local database
ISG services
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 30
How Services Are Activated on a Session?
AAA Server
DHCP Server
Subscriber Policy Layer
Administrator
Via an External Policy Manager/Web Portal
During Subscriber Authentication/ Authorization
Subscriber
RADIUS CoA or SGI
Request
Web Portal / Policy Server
DHCP Server
Subscriber Policy Layer
Web Portal / Policy Server
Subscriber
RADIUS Acc-req
� Subscriber is successfully authenticated
� RADIUS Response includes Services and Features to activate on Session (from UserProfile)
� Service Activation request sent by External Policy Managers via a RADIUS CoA or a SGI Request message
Via the On-Box Policy Manager
� Policy Plane determines what actions to take on session based on events
� actions *include* applying a service
� Control Plane ensures actions are taken – i.e. provisions the data plane
� Data Plane enforces traffic conditioning policies to the session
AAA Server
RADIUS Acc-accept
Pol
icy
plan
e C
ontro
l pl
ane
Dat
a pl
ane
actions
even
ts
from external PM
from data plane
ISG services
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 31
ISG Control Policy
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 32
The On-Box Policy Manager (PM)
Handles All Aspects of Subscriber Session Lifecycle, Not Just Service Activation!
Session Life Cycle
Session
Initiation
Authentication Termination described using
Cisco Policy Language
Through CPL and the On-Box PM, ISG Is Not Only a Policy Enforcement Point (PEP);
It Is Also a Policy Decision Point (PDP)
Service Activation
Session
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 33
Cisco Policy Language CLI
policy-map type control <name>
event 1 class type control <conditions> event <event type>
action1
Conditional class of events Control policy-map Actions
Typically applied on interface Defines all aspects of session processing
.......
event 2
action2 .......
Events are identified by their event type Common event types: � Session-start: New session detected � Account-logon: Account-Logon msg. received from
external source � Service-start: new service start req. from external
source � Service-stop: Service termination req. from external
source � Timed-policy-expiry: Set Timer expired
Event actions are executed only if <conditions> are met for the event � Multiple instances of same event w/ unique condition � Different set of actions for same event type � Conditions account for other aspects surrounding
the event
more events
more actions for event
Actions are in a ordered list Different set of actions per {event, condition} Common action types: � Service: Used to start a new service � Service Unapply: Used to terminate an active service � Authenticate: Used to authenticate a session using
subscriber’s credentials � Authorize: Used to authenticate a session using one
or more network identifiers (TAL) � Set-Timer: Used to generate an event after a
configured amount of time
Session
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 34
Control Policy Structure
� Configuring ISG mostly implies configuring the control policy � Control policy determines the operations to be executed on
a session upon different events
policy-
Event 1
Action 1 Action 2
Event 2
....
policy-map type control <map name>
class type control always event session-start
10 service-policy type service name <service name> 20 authorize aaa password lab identifier mac
Events: � Session-start
� Account-logon
� Service-start
� ...
Actions: � apply/unapply a service
� authenticate (Web Logon)
� authorize (TAL)
� ...
class type control <condition> event service-start
Condition: Qualify in what cases the event is valid Configured as a control class: class-map type control <name>
The event is always valid
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 35
Defining a Control Policy Policy-Map Type Control
Condition Event Condition Event Condition Event
Control Policy Associate Events and Conditions to an ordered list of Actions
Control Class: List of Actions
1. Enable Service X 2. Enable Service Y 3. Take Action R
1. Disable Service B 2. Enable Service A
policy-map type control SUBSCRIBER_RULE class type control always event session-start 10 service-policy type service name PBHK 20 authorize aaa password lab identifier mac-addr 30 service-policy type service name L4R 40 set-timer IP_UNAUTH_TIMER 15 ! class type control always event account-logon 10 authenticate aaa list IP_AUTH_LIST 20 service-policy type service unapply name L4R ! class type control CND_U event timed-policy-expiry 10 service disconnect !
Condition Event
Control Class: List of Actions
Control Class: List of Actions
1. Enable Service PBHK 2. Take action AAA 3. Enable Service L4R 4. Take action: Set Timer
Session
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 36
ISG as IP Session Aggregator
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 37
ISG as IP Session Aggregator (L2)
Once authenticated subscriber will be assigned a Pay Per Use Standard High Speed service: � 256Kbps upstream/ 768Kbps downstream via ISG policing
� Accounting
� Idle timeout (10 min)
Address Assmt. Session Initiator Interf. Authentication
DHCP
ISG is DHCP Relay DHCP GE (.1Q)
TAL (mac address) w/ Web Logon fall back for Self Subscription
192.168.110.0/24 .12 .10
.2
Lo0 = 10.0.0.1
f1/0
g0/0.1 Internet
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 38
Call Flows L2 IP Session
DHCP Discover
Session-start event posted
2 ISG session creation
3 PBHK service applied (*)
4a Access-Request username = mac
4b Access-Reject
5 OpenGarden and L4R services applied (*)
DHCP Discover
DHCP Exchange 1c
1a
6 Authentication Timer started
(*) assumes that the definition of PBHK, L4R and OpenGarden are already available on the ISG
class type control always event session-start 10 service-policy type service name PBHK_SRV 20 authorize aaa list IP_AUTHOR_LIST password cisco123 identifier mac-addr 30 service-policy type service name OG_SRV 40 service-policy type service name L4R_SRV 50 set-timer AUTHEN_TMR 10
2 3 4a
5 6
interface GigabitEthernet 0/0.1 encapsulation dot1Q 10 ip address ... service-policy type control IP_SESSION_RULE1 ip subscriber l2-connected initiator dhcp class-aware
policy-map type control IP_SESSION_RULE1 <snip>
2
1b
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 39
Call Flows
http://www.cisco.com 7 L4Redirect to Portal
8 HTTP Redirect. User self-registers 9
CoA Req. Account Logon username, password
11b Access-Accept service: BASIC_HSI_SRV
Access-Request username, password
Account-Logon event
posted
Service-start event posted
11a
12b Access-Accept BASIC_HSI_SRV definition
Access-Request BASIC_HSI_SRV, srvpwd 12a
13 BASIC_HSI_SRV is applied
15 L4R and OpenGarden services are unapplied
10a
CoA Ack. Account Logon
http://www.cisco.com 16
10c
class type control always event account-logon 10 authenticate aaa list IP_AUTHEN_LIST 20 service-policy type service unapply name L4R_SRV 30 service-policy type service unapply name OG_SRV ! class type control BASIC_HSI_SRV_CM event service-start 10 service-policy type service identifier service- name
policy-map type control IP_SESSION_RULE1 <snip>
11a
15
Service-Name: “BASIC_HSI_SRV” Service-Password: “servicecisco” Attr 28: idle-timeout = 600 AVPair: “subscriber:accounting-list= IP_ACCNT_LIST” ServiceInfo: QU;256000;D;768000;
12b 14 Accounting-Request (Start) and Response
Simplified call flow
10b 10b
11c
11c 12a
aaa author subscriber-service default SERVER_GRP1 subscriber service password servicecisco
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 40
aaa new-model aaa group server radius SERVER_GRP1 server 192.168.110.10 auth-port 1812 acct-port 1813 ! aaa authorization network default group SERVER_GRP1 aaa authorization subscriber-service default group SERVER_GRP1 subscriber service password servicecisco ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! ip radius source-interface Loopback0 radius-server attribute 4 10.0.0.1 radius-server attribute 6 on-for-login-auth radius-server attribute 8 include-in-access-req radius-server attribute 32 include-in-access-req radius-server attribute 32 include-in-accounting-req radius-server attribute 55 access-request include radius-server attribute 55 include-in-acct-req radius-server attribute 44 include-in-access-req radius-server host 192.168.110.10 auth-port 1812 acct-port 1813 key aaacisco radius-server vsa send authentication radius-server vsa send accounting
Use Case Full Configurations Northbound Interfaces I.
aaa server radius dynamic-author client 192.168.110.10 server-key cisco auth-type any port (1700)
Attribute 6 - Service-Type Attribute 8 - Framed-IP-Address Attribute 32 - NAS-Identifier Attribute 44 - Acct-Session-Id Attribute 55 - Event-Timestamp
RADIUS interface configuration
RADIUS Extensions interface configuration
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 41
Use Case Full Configurations Services
Service-Name = “PBHK_SRV” Service Password = “servicecisco” AVPair: ip:portbundle=enable
Service-Name: “BASIC_HSI_SRV” Service-Password: “servicecisco” Attr 28: idle-timeout = 600 AVPair: “subscriber:accounting-list= IP_ACCNT_LIST” ServiceInfo: QU;256000;D;768000;
AAA Server configuration Cfg required on ISG
OpenGarden service associated configurations
aaa accounting network IP_ACCNT_LIST group SERVER_GROUP1
Basic HSI service Associated configurations
interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface FastEthernet1/0 decription To WebPortal ip address 192.168.110.1 255.255.255.0 ip portbundle outside ! ip portbundle match access-list 198 source Loopback0 ! access-list 198 permit ip any host 192.168.110.10
PBHK service associated configurations
redirect server-group REDIR_GRP server ip 192.168.110.10 port <TCP port #> ! ip access-list extended L4R_ACL_IN permit tcp any any
II.
ip access-list extended OG_ACL_IN permit ip any 192.168.110.0 0.0.0.255 ip access-list extended OG_ACL_OUT permit ip 192.168.110.0 0.0.0.255 any
L4R service associated configurations
Service-Name = “L4R_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group name L4R_ACL_IN priority 20 AVPair: ip:l4redirect=redirect to group REDIR_GRP
Service-Name = “OG_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group name OG_ACL_IN priority 10 AVPair: ip:traffic-class=output access-group name OG_ACL_OUT priority 10 AVPair: ip:traffic-class=in default drop AVPair: ip:traffic-class=out default drop
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 42
Use Case Full Configurations Services
Service-Name = “PBHK_SRV” Service Password = “servicecisco” AVPair: ip:portbundle=enable
Service-Name: “BASIC_HSI_SRV” Service-Password: “servicecisco” Attr 28: idle-timeout = 600 AVPair: “subscriber:accounting-list= IP_ACCNT_LIST” ServiceInfo: QU;256000;D;768000;
AAA Server configuration Cfg required on ISG
OpenGarden service associated configurations
aaa accounting network IP_ACCNT_LIST group SERVER_GROUP1
Basic HSI service Associated configurations
interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface FastEthernet1/0 decription To WebPortal ip address 192.168.110.1 255.255.255.0 ip portbundle outside ! ip portbundle match access-list 198 source Loopback0 ! access-list 198 permit ip any host 192.168.110.10
PBHK service associated configurations
redirect server-group REDIR_GRP server ip 192.168.110.10 port <TCP port #> ! ip access-list extended L4R_ACL_IN permit tcp any any
II.
ip access-list extended OG_ACL_IN permit ip any 192.168.110.0 0.0.0.255 ip access-list extended OG_ACL_OUT permit ip 192.168.110.0 0.0.0.255 any
L4R service associated configurations
Service-Name = “L4R_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group name L4R_ACL_IN priority 20 AVPair: ip:l4redirect=redirect to group REDIR_GRP
Service-Name = “OG_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group name OG_ACL_IN priority 10 AVPair: ip:traffic-class=output access-group name OG_ACL_OUT priority 10 AVPair: ip:traffic-class=in default drop AVPair: ip:traffic-class=out default drop
PBHK – Port Bundle Host Key * Used to generate a host key -> common identifier that ISG & Portal can use to reference a subs. session - Extracted by the Portal from packets sourced by subscriber - If PBHK - disabled: host key: IP Source Address (Subscriber IP Address) - enabled: ISG performs a port NAT (PAT) like operation to subscriber packets destined to portal host key: ISG IP address + PBHK ID (L4Source Port (12MSBs))
* PBHK Benefits: Support for overlapping host IP addresses Subscribers needn’t be routable from Portal Single Portal can serve multiple ISGs
HTTP IP SA: 192.168.30.10 IP DA: 192.168.110.10 TCP: <SSAP>:80
Apply service to 10.0.0.1:<pbhk_id>
Activate Service GOLD_DATA
HTTP IP SA: 10.0.0.1 IP DA: 192.168.110.10 TCP: <pbhk l4 sport>:80
Lo0 =10.0.0.1 PBHK intf = Lo0
10.0.0.1:<pbhk_id>
192.168.110.10 192.168.30.10
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 43
Use Case Full Configurations Services
PBHK service associated configurations
interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface FastEthernet1/0 decription To WebPortal ip address 192.168.110.1 255.255.255.0 ip portbundle outside ! ip portbundle match access-list 198 source Loopback0 ! access-list 198 permit ip any host 192.168.110.10
Service-Name = “L4R_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group \ name L4R_ACL_IN priority 20 AVPair: ip:l4redirect=redirect to group REDIR_GRP
Service-Name = “OG_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group \ name OG_ACL_IN priority 10 AVPair: ip:traffic-class=output access-group \ name OG_ACL_OUT priority 10 AVPair: ip:traffic-class=in default drop AVPair: ip:traffic-class=out default drop
Service-Name = “PBHK_SRV” Service Password = “servicecisco” AVPair: ip:portbundle=enable
Service-Name: “BASIC_HSI_SRV” Service-Password: “servicecisco” Attr 28: idle-timeout = 600 AVPair: “subscriber:accounting-list= IP_ACCNT_LIST” ServiceInfo: QU;256000;D;768000;
AAA Server configuration Cfg required on ISG
OpenGarden service associated configurations
aaa accounting network IP_ACCNT_LIST group SERVER_GROUP1
Basic HSI service Associated configurations
redirect server-group REDIR_GRP server ip 192.168.110.10 port <TCP port #> ! ip access-list extended L4R_ACL_IN permit tcp any any
II.
ip access-list extended OG_ACL_IN permit ip any 192.168.110.0 0.0.0.255 ip access-list extended OG_ACL_OUT permit ip 192.168.110.0 0.0.0.255 any
L4R service associated configurations
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 44
Use Case Full Configurations Services
PBHK service associated configurations
interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface FastEthernet1/0 decription To WebPortal ip address 192.168.110.1 255.255.255.0 ip portbundle outside ! ip portbundle match access-list 198 source Loopback0 ! access-list 198 permit ip any host 192.168.110.10
Service-Name = “L4R_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group \ name L4R_ACL_IN priority 20 AVPair: ip:l4redirect=redirect to group REDIR_GRP
Service-Name = “OG_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group \ name OG_ACL_IN priority 10 AVPair: ip:traffic-class=output access-group \ name OG_ACL_OUT priority 10 AVPair: ip:traffic-class=in default drop AVPair: ip:traffic-class=out default drop
Service-Name = “PBHK_SRV” Service Password = “servicecisco” AVPair: ip:portbundle=enable
Service-Name: “BASIC_HSI_SRV” Service-Password: “servicecisco” Attr 28: idle-timeout = 600 AVPair: “subscriber:accounting-list= IP_ACCNT_LIST” ServiceInfo: QU;256000;D;768000;
AAA Server configuration Cfg required on ISG
OpenGarden service associated configurations
aaa accounting network IP_ACCNT_LIST group SERVER_GROUP1
Basic HSI service Associated configurations
redirect server-group REDIR_GRP server ip 192.168.110.10 port <TCP port #> ! ip access-list extended L4R_ACL_IN permit tcp any any
II.
ip access-list extended OG_ACL_IN permit ip any 192.168.110.0 0.0.0.255 ip access-list extended OG_ACL_OUT permit ip 192.168.110.0 0.0.0.255 any
L4R service associated configurations
L4 Redirect � Subscriber’s traffic,
matching a flow description, is redirected to a destination and a L4 port defined on the ISG
� Any TCP and UDP traffic can be redirected
� The target server responsible to handle the redirected traffic
HTTP IP SA: 192.168.30.10 IP DA: 198.133.219.25 TCP: <SSAP>:80
www.cisco.com
192.168.110.10 198.133.219.25
HTTP IP SA: 192.168.30.10 IP DA: 192.168.110.10 TCP: <SSAP>:<redirect port>
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 45
Use Case Full Configurations Services
Service-Name = “L4R_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group name L4R_ACL_IN priority 20 AVPair: ip:l4redirect=redirect to group REDIR_GRP
Service-Name = “OG_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group name OG_ACL_IN priority 10 AVPair: ip:traffic-class=output access-group name OG_ACL_OUT priority 10 AVPair: ip:traffic-class=in default drop AVPair: ip:traffic-class=out default drop
Service-Name = “PBHK_SRV” Service Password = “servicecisco” AVPair: ip:portbundle=enable
interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface FastEthernet1/0 decription To WebPortal ip address 192.168.110.1 255.255.255.0 ip portbundle outside ! ip portbundle match access-list 198 source Loopback0 ! access-list 198 permit ip any host 192.168.110.10
redirect server-group REDIR_GRP server ip 192.168.110.10 port <TCP port #> ! ip access-list extended L4R_ACL_IN permit tcp any any
ip access-list extended OG_ACL_IN permit ip any 192.168.110.0 0.0.0.255 ip access-list extended OG_ACL_OUT permit ip 192.168.110.0 0.0.0.255 any
aaa accounting network IP_ACCNT_LIST group SERVER_GROUP1
PBHK service associated configurations
AAA Server configuration Cfg required on ISG
OpenGarden service associated configurations
Basic HSI service Associated configurations
II.
L4R service associated configurations
permit
deny
TC Priority Defines order in which TC ACLs are matched against incoming traffic Lower numerical value -> Higher Priority First Match honored
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 46
Use Case Full Configurations Services
Service-Name = “L4R_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group name L4R_ACL_IN priority 20 AVPair: ip:l4redirect=redirect to group REDIR_GRP
Service-Name = “OG_SRV” Service Password = “servicecisco” AVPair: ip:traffic-class=input access-group name OG_ACL_IN priority 10 AVPair: ip:traffic-class=output access-group name OG_ACL_OUT priority 10 AVPair: ip:traffic-class=in default drop AVPair: ip:traffic-class=out default drop
Service-Name = “PBHK_SRV” Service Password = “servicecisco” AVPair: ip:portbundle=enable
Service-Name: “BASIC_HSI_SRV” Service-Password: “servicecisco” Attr 28: idle-timeout = 600 AVPair: “subscriber:accounting-list= IP_ACCNT_LIST” ServiceInfo: QU;256000;D;768000;
interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface FastEthernet1/0 decription To WebPortal ip address 192.168.110.1 255.255.255.0 ip portbundle outside ! ip portbundle match access-list 198 source Loopback0 ! access-list 198 permit ip any host 192.168.110.10
redirect server-group REDIR_GRP server ip 192.168.110.10 port <TCP port #> ! ip access-list extended L4R_ACL_IN permit tcp any any
ip access-list extended OG_ACL_IN permit ip any 192.168.110.0 0.0.0.255 ip access-list extended OG_ACL_OUT permit ip 192.168.110.0 0.0.0.255 any
aaa accounting network IP_ACCNT_LIST group SERVER_GROUP1
PBHK service associated configurations
AAA Server configuration Cfg required on ISG
OpenGarden service associated configurations
Basic HSI service Associated configurations
II.
L4R service associated configurations
Flow-Features Apply to the classified flow (a portion of the entire session data)
Traffic Classification TC priority is important (order of ACL evaluation) Traffic goes to next TC only if not matched by previous
Subscriber Session
Traffic Forwarding
Service Feature Feature Feature
TC1 10
Data
Traffic Class1
AC
L2 Traffic Class2
TC1 or
TC2 ?
TC2 20
AC
L1
Default Class
permit
Allow traffic
permit
deny
drop traffic
deny
• TC Priority Defines order in which TC ACLs are matched against incoming traffic • Lower numerical value -> Higher Priority • First Match honored
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 47
Use Case Full Configurations Control Policy
policy-map type control IP_SESSION_RULE1 class type control AUTH_TMR_CM event timed-policy-expiry 1 service disconnect ! class type control BASIC_HSI_SRV_CM event service-start 10 service-policy type service identifier service-name ! class type control BASIC_HSI_SRV_CM event service-stop 1 service-policy type service unapply service-name 10 service-policy type service name L4R_SRV 20 service-policy type service name OG_SRV ! class type control always event session-start 10 service-policy type service name PBHK_SRV 20 service-policy type service name OPENGARDEN_SRV 30 authorize aaa list IP_AUTHOR_LIST password cisco123 identifier mac-address 40 service-policy type service name L4R_SRV 50 set-timer AUTH_TMR 10 ! class type control always event account-logon 10 authenticate aaa list IP_AUTHEN_LIST 20 service-policy type service unapply name L4R_SRV 30 service-policy type service unapply name OG_SRV ! class type control always event account-logoff 1 service disconnect delay 5 !
Method Lists:
aaa authorization network IP_AUTHOR_LIST group SERVER_GRP1 aaa authentication login IP_AUTHEN_LIST group SERVER_GRP1
Control Classes: class-map type control match-any BASIC_HSI_SRV_CM match service-name BASIC_HSI_SRV class-map type control match-all AUTH_TMR_CM match timer AUTH_TMR match authen-status unauthenticated Interface
interface GigabitEthernet 0/0.1 encapsulation dot1Q 10 ip address 192.168.30.1 255.255.255.0 service-policy type control IP_SESSION_RULE1 ip subscriber l2-connected initiator DHCP
ip dhcp pool POOL_VLAN10 relay source 192.168.30.0 255.255.255.0 relay destination 192.168.110.12
DHCP Relay cfg
DHCP server address
III.
III.
V.
V.
IV.
IV.
IV.
V.
IV.
IV.
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 48
Summary
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 49
Summary Slide
� The Next Wave of Broadband ‒ User Centric Network
‒ Access Technology Abstraction
� ISG Overview ‒ What is ISG?
‒ ISG Sessions
‒ ISG Services
‒ Cisco Policy Language
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 50
Key Takeaways
� ISG is a Subscriber Aggregation device that provides Subscriber and Service Management functions � Can be deployed in several architectures to support
wired and wireless subscribers and for both PPP and IP-based subscriber access
� Offers a wide choice of subscriber authentication options—e.g. PPP CHAP/PAP, EAP,TAL, Web Auth, DHCP Authentication
� Multiple, open and standard based northbound interfaces simplify inter-working with existing BackOffice appliances
� Configuration model based on predefined events and user defined actions allows for flexible and fully customizable session and service management
Session
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 51
Glossary Acronyms
AAA Accounting Authentication Authorization
AAL5 ATM Adaptation Layer 5
ACL Access Control List
ATM Asynchronous Transfer Mode
BNG Broadband Network Gateway
BRAS Broadband Remote Access Server
CoA Change of Authorization
CHAP Challenge-Handshake Authentication Protocol
CLI Command Line Interface
CMTS Cable Modem Termination System
CPE Customer Premises Equipment
CPL Cisco Policy Language
DHCP Dynamic Host Configuration Protocol
DS Down Stream
DSL Digital Subscriber Line
DSLAM Digital Subscriber Line Access Multiplexer
EAP Extensible Authentication Protocol
FSOL First Sign Of Life
GE Gigabit Ethernet
IPoE IP over Ethernet
IPTV IP Television
HSI High Speed Internet
IOS Internetwork Operating System
IP Internet Protocol
Acronyms
IPoE IP over Ethernet
ISG Intelligent Services Gateway
ISP Internet Service Provider
L2TP Layer 2 Tunneling Protocol
LAC L2TP Access Concentrator
LAN Local Area Network
LNS L2TP Network Server
MPLS Multi Protocol Label Switching
MQC Modular QoS CLI
NAS Network Access Server
PAP Password Authentication Protocol
PBHK Port Bundle Host Key
PON Passive Optical Network
Phy Physical
PM Policy Manager
PPP Point to Point Protocol
PPPoA PPP over ATM
PPPoE PPP over Ethernet
PPPoX PPP over X X=Ethernet, ATM,
PTA PPP Aggregation and Termination
PWLAN Public Wireless LAN
QoS Quality of Service
RADIUS Remote Authentication Dial In User Service
RFC Request For Comments
Acronyms
SGI Services Gateway Interface
TAL Transparent Auto Logon
TC Traffic Class
US Upstream
VC Virtual Circuit
VLAN Virtual LAN
VoIP Voice over IP
VoD Video on Demand
VPN Virtual Private Network
VRF Virtual Routing Forwarding
VSA Vendor Specific Attribute
WiMAX Worldwide Inter-operability for Microwave Access
XML Extensible Markup Language
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 52
Q&A
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public BRKSPG-3304 53
Complete Your Online Session Evaluation � Give us your feedback and you
could win fabulous prizes. Winners announced daily.
� Receive 20 Passport points for each session evaluation you complete.
� Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Don’t forget to activate your Cisco Live Virtual account for access to all session material, communities, and on-demand and live activities throughout the year. Activate your account at the Cisco booth in the World of Solutions or visit www.ciscolive.com.
53
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public