Services Exchange Framework Overviewpalo/Rozne/cisco-expo-2009/Presentati… · IP NGNs support more services, provide greater efficiencies, and enable better network, service,

© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

Services Exchange Framework Overview

Peter Gaspar, Consulting System Engineer

© 2008 Cisco Systems, Inc. All rights reserved. 2

Agenda

SEF Introduction

SEF Architecture

Cisco Solution Elements

Use Cases

Summary


SEFIntroduction


The Rise of the Empowered Consumer Evolutionary Phases of Experience

Provider to User Dynamic

User to Provider Dynamic

PassiveBroadcast TV, Web Access

PickService Bundles, VoD

ParticipateInteractiveGaming, Collaborative Services

ProduceCreate Playlists, Remix, Blogs

ConnectOne Service Fits All, Discrete Model

TransactE-Wallet,E-Ticket

InteractPersonalization, Socialization

EmpowerComplete Customization

Experience


A World of Agile Attackers and Potential Partners

Device Services

Facilities-Based Players

―Over the Top‖ Players

Value Chain

Content Providers

http://www.ebay.com/

http://www.google.com/webhp?hl=en

http://corporate.disney.go.com/corporate/moreinfo/pdfs/disney_abc_apple_deal.pdf

http://www.viacom.com/;jsessionid=0Y5EN1QPQNUZYCQBAHIQ4CY


Over-the-Top Providers (OTTP)Value-Add Partners or Disintermediators? Or Both?

OTT Communications Providers like Vonage, Skype, Google Talk… represent Service Substitution and Pricing threats to Traditional Voice

OTT Content Providers like Disney and CinemaNow are looking for opportunities touse The Internet as a means to disintermediate video distribution businesses

Drivers ofCompetition

Access to OTT Services and Applications drives penetration of consumer broadband

Time Sensitive Applications like Video and Voice create opportunities for Guaranteed delivery

Drivers ofCollaboration

http://www.cinemanow.com/default.aspx?grpID=0


Access andNetworkServices

NGSPServiceDelivery

Role

ApplicationServices

Business Model ―Closed‖Coopetition Coopetition―Utility‖

A New Business Model for SPs:Monetize the Growth of OTTPs

Innovation

Leverage partner strengths(e.g. brand, content relationships)

Enhance regulatory position

Guaranteed delivery

Customer’s agent/intermediary

Simplicity, reliability and trust/security

Driversfor

Open/PartnerDelivery

Private IPPublic IP (Internet)

NGSP-Enabled ServicesInternet/Over-the-Top Apps

Tiered Services and Fair Use

PoliciesPartnership Delivery and Control

New Middle Ground

Exclusive andIntegrated Delivery

and Control

Service Exchange Framework

Source: Cisco IBSG, December 2006

SP-VoIP

IPTVVoD

P2P File-Sharing

Web Music Games

VoIP

Video


Access andNetworkServices

ApplicationServices

Business Model DB CA

Private IPPublic IP (Internet)

Exclusive and

Integrated Delivery and Control

Partnership Delivery and Control

NGSP-Enabled ServicesInternet/Over-the-Top Apps

Volume Quota Based TieringInternet OTT Video vs. On-Net Service Offering

SP Shareof ValueChain

Tiered Services

and Fair Use Policies

X

2GB6GB

40GB

Quota Counting

Video File Size: 2.2 GB

Unbox Video Downloads

No Quota concept

On-Net Download Service

NGSPServiceDelivery

Role


The Experience Provider Transition Requires New Business Models for Growth and Success

Build… Partner…

Innovate… Deliver…

IP NGNs support more services,

provide greater efficiencies, and enable better network, service, and business control

With content, OTT, facilities-based,

device, and financial partners (et al.) to open new markets and opportunities including expanding

advertisement revenue

By blending services, content,

and convenience to create unique experiences that build brand recognition and loyalty

Personalized services to any

device, to any location, at any time with greater access, content, and billing control


SEFArchitecture


Cisco IP NGN ArchitectureAchieving a Whole Greater Than the Sum of the Parts

Intelligent Networking

Tele-Presence

CollaborationPresence-

Based Telephony

Web ServicesMobile Apps

IPContact Center

IntelligentEdge

CustomerElement

MultiserviceCore

Access/ Aggregation

Ap

plica

tio

n

La

ye

rS

erv

ice

L

aye

rN

etw

ork

L

aye

r

Transport

Op

era

tio

na

l La

ye

r

Service Exchange

Framework

Identity Policy Billing

Mobility

Self Service

Open Framework

for Enabling “Any Play” Delivery

(Any service, to any device,

to any location)


Ne

two

rk

La

ye

rS

erv

ice

L

aye

rA

pp

lica

tion

L

aye

r

Cisco IP NGN: Universal NGN ArchitectureEnabling all Emerging Network Architecture Standards

Generic Service Subsystems

Identity and Mobility Management

Service Policy and Resource Management

Session and Media Management

SEF Common Service Subsystem

―Anything IP‖ SubsystemOther SIP or Non-SIP SS IMS Service Subsystem

Aggregation Intelligent EdgeMultiservice

Core

Network Element Service Control and Peering

SCEISG SBC

WirelineAccess

WirelessAccess

CoreFunctions

Optimal Interopwith Intelligent NEs

Any IP ApplicationCurrent and Future

―Over-The-Top-Applications‖

IMS-enabled SIP Applications

―Future Feature Attractions‖

Application Support Functions

… …

… …


Service Exchange Framework Enabling Unique Subscriber Experiences


Call Control Session Border Control Rich-Media Control Diff Bandwidth & QoS per Session Accounting / Billing


Subscriber Policy Application / Chaining Per-Subscriber Service Service Invocation


User / Device ID Subscriber Awareness Location / Presence Service Registration Audit / Logging

Assured Authentication Device Roaming Service Mobility User Mobility

Cisco Service

ExchangeFramework


Cisco IP NGN Standards SupportUnderstanding Unique Segment Requirements

Mobile

Since 1999

3GPP IMS3GPP2 MMD

Wireline

Since 2004 Since 2005

Cable

ITU ITU SG13 NGNETSI TISPAN

ATIS NGN

CableLabs PacketCable 2.0

IETF Protocols e.g., SIP, Diameter…

Many Efforts, Dynamically Evolving,

but All Focused on SIP


Cisco SEF and IMS Alignment

Ne

two

rk

La

ye

rS

erv

ice

La

ye

rA

pp

lica

tion

L

aye

r







Core


WirelineAccess

WirelessAccess

Any IP ApplicationCurrent and Future ―Over-The-Top-

Applications‖




… …

… …

IMS

AS ..

Presence ASMessaging

ASConferencing

AS

I-CSCFHSS

P-CSCF

S-CSCF

BGCFMGCF


Cisco SEF and TISPAN Alignment

Ne

two

rk

La

ye

rS

erv

ice

La

ye

rA

pp

lica

tion

L

aye

r







Core


WirelineAccess

WirelessAccess


Applications‖




… …

… …

NASS RACS

Common Components

IMSPES

AF-1 AF-2

AMF

BGF

Future SS…

BGF

RCEF

AMF RCEF


Cisco SEF and PacketCable Alignment

Ne

two

rk

La

ye

rS

erv

ice

La

ye

rA

pp

lica

tion

L

aye

r







Core


WirelineAccess

WirelessAccess


Applications‖




… …

… …

AS (IMS)

Application Manager

Policy Repository

Policy Server

CMTS

SG

AS (Conf)

AS (UM)

MGC

MG

Border Element

Subscriber Data Server

Service Proxy

Registrar

Location Server

Presence Server


Cisco Service Exchange FrameworkCisco SEF Provides Unmatched Network/Subscriber/Application Awareness

Solution Core Functions

BRAS / uBR: Cisco 7x00, 10000 Series Broadband Aggregation

VoBB: Cisco Catalyst 3K/4K, 7600 Series Optimized Video Service Delivery

Cisco Mobile Exchange Mobility Service Management

Cisco CNS Access Registrar Identity Management, AAA

Cisco Intelligent Services Gateway (ISG) Multi-dimensional Identity, Service Personalization

Cisco Service Control Engine Integrated Policy Management

Policy Manager Policy Control

Cisco BTS10200 Softswitch Packet Voice

Cisco PGW2200 PSTN Gateway VoIP to PSTN Interconnect

MGX 8880 Media Gateway Packet Voice / Advanced Services

Cisco SBC and IP-to-IP Gateways Session Border Control

Cisco Content Delivery System (CDS) Intelligent Content Distributon

Service Access Platforms

Identity & Location Management

Policy & Resource Management

Session & Media Management


Cisco Wireline SEF Solution:Functional Architecture

PGW2200BGCF

_____SPDF

BPMA-RACF

10k ISG / SCERCEF / [AMF]

12k / 7600C-BGF

PartnerI-CSCF

PartnerS-CSCF

PGW2200MGCF

BPMC-RACF

BPMSPDF

12k / 7600I-BGF

IP / MPLSCore

12k / 7600IBCF

IMS ApplicationsNon IMS Applications

MGX/VxSMAS5x00

Media Gw

CNRNACF

CARUUAF/NACF

BACCNGCF

P DirectorCLF

LinksysCNG

ITPSGF

Other

IMS

Other IPNetwork

Other TDMNetwork

e2

IaRe

e4

Mw

Mw

Mn

Ie

a1a3e3

NASS

Network Layer

RACS

a2a4

Mk

Mw

Mi

Rq

Gm

IMS Subsystem

Rf

12k / 7600P-CSCF

Gq’

_____SPDF

Interfaces:

= Diameter

= H.248

= SIP

= TR-69

= <tbd>

Legend

Components:

= Cisco

= Partner

PSTN

e1


SEFPolicy Control Solution


Cisco Service Exchange FrameworkCisco SEF Provides Unmatched Network/Subscriber/Application Awareness

Solution Core Functions

BRAS / uBR: Cisco 7x00, 10000 Series Broadband Aggregation

VoBB: Cisco Catalyst 3K/4K, 7600 Series Optimized Video Service Delivery

Cisco Mobile Exchange Mobility Service Management

Cisco CNS Access Registrar Identity Management, AAA

Cisco Intelligent Services Gateway (ISG) Multi-dimensional Identity, Service Personalization

Cisco Service Control Engine Integrated Policy Management

Policy Manager Policy Control

Cisco BTS10200 Softswitch Packet Voice

Cisco PGW2200 PSTN Gateway VoIP to PSTN Interconnect

MGX 8880 Media Gateway Packet Voice / Advanced Services

Cisco SBC and IP-to-IP Gateways Session Border Control

Cisco Content Delivery System (CDS) Intelligent Content Distributon

Service Access Platforms

Identity & Location Management

Policy & Resource Management

Session & Media Management

Cisco Intelligent Services Gateway (ISG)

Cisco Service Control Engine

Policy Manager


The TrilogyIntegrated SEF Solution Example

Service

Control

Engine

Policy Manager

Internet

Core

AAA

ISG/

eGGSN

Application Server

IP Television

Softswitch


Cisco Intelligent Services Gateway (ISG)for Cisco 10000, 7200/7300 and 7600 Series

Many Services to Many Screens

IdentityBillingDHCPRadiusOSS/BSS

ISG

Dynamic Personalized

Services

Multi-Dimensional

Identity

Integrated Policy Server

Operational Integration

Point

IPTV/VoD BroadbandAccess

Gaming

Messaging MusicVoiceNetwork

intelligence enables scalable

efficiency

Subscriber and/or application driven

Enables tailored services delivery

Speed to service

IPNetwork

Designed to Support Both IMS and non-IMS based Applications

http://images.google.com/imgres?imgurl=http://img.clubic.com/photo/00FA000000148135.jpg&imgrefurl=http://www.clubic.com/actualite-23062-yahoo-messenger-accessible-depuis-i-mode.html&h=195&w=160&sz=8&tbnid=ub5IfKQZwmuUsM:&tbnh=98&tbnw=80&hl=en&start=26&prev=/images%3Fq%3Dyahoo%2Bmessenger%26start%3D20%26svnum%3D10%26hl%3Den%26lr%3D%26rls%3DRNWK,RNWK:2005-17,RNWK:en%26sa%3DN

http://images.google.com/imgres?imgurl=http://buyathread.com/images/WEBDesigns/Music%2520%26%2520Arts/notes.jpg&imgrefurl=http://buyathread.com/musicarts.html&h=224&w=225&sz=5&tbnid=-gBTwgYllRE59M:&tbnh=101&tbnw=102&hl=en&start=14&prev=/images%3Fq%3Dmusical%2Bnotes%26svnum%3D10%26hl%3Den%26lr%3D%26rls%3DRNWK,RNWK:2005-17,RNWK:en%26sa%3DG


Generic Session:Common Services, Media Independent

PSTN

Dial

ATM SwitchDSLAM

DSL

Wireless

AccessDistribution

Ethernet

Fiber NodeCable

Mobile RAN

Common Generic Session Type

Common Session-Services

Different Access Media and Protocols

Dial DSL WiMax Ethernet 802.11 802.16 Future..

Created at first sign of subscriber activity

Common context on which session-services/policies are activated

InherentPart of the Network Operating System

Well-known and new Session-Services in IOS:

Examples: Port Bundle Host Key, Prepaid, Layer 4 Redirect, MAC based authorization, VRF Transfer,DHCP Proxy with Policy, Session Dynamic QoS Control,…

Access


ISG Multi-Dimensional ID

CustomerEquipment

Aggregation

ISG

Service/Policy Control

ISG builds a composite Multi-dimensional Identifier for every Session. The mxID includes a composite of any and all of the following as applicable:

Data Plane

Control Plane

Policy PlaneS

essio

nMultidimensional Identity

<MAC, DHCP Option 82, VLAN ID,

VRF-ID, CLID, Source IP, PBHK,

NAS-Port, Session-ID, Ascend

Server Key, GUID, domain name,

username >

Identity


NetworkService

AC

LA

CL

AC

L

FeatureFeatureFeature

ISG Session ModelISG Subscriber Session Data Plane

Session-Features:Apply to the

entire session

Traffic Classification(using traffic classes:

class-map typetraffic)

Network Service:Forwarding (at L2, e.g.

L2TP) orRouting (L3, e.g.

connection to a VRF)

Flow-Features:Apply to the

classified flow(a portion of

the entire sessiondata)

Flow

Flow

Flow

Subscriber Session

Data


ISG: Integrated Policy ServerNetwork Intelligence Enabling Scale and Efficiency

Leverages local policy intelligence and existing infrastructure for delivery of well-understood services

IntegratedPolicyServer

AAA

CiscoBPM

Policy Manager administrates end-to-end network QoS for premium content

ISG updates QoS policy for faster download times of premium content

Internet

ISGISGAAA

Hybrid ArchitectureExample: Premium Content Access

Decentralized ArchitectureExample: Dial-Up Migration

to Quota-Based BB

Local Policy for Basic Service

Internet

End-to-EndQoS

IPTV/VoD GamingMusic

http://images.google.com/imgres?imgurl=http://buyathread.com/images/WEBDesigns/Music%2520%26%2520Arts/notes.jpg&imgrefurl=http://buyathread.com/musicarts.html&h=224&w=225&sz=5&tbnid=-gBTwgYllRE59M:&tbnh=101&tbnw=102&hl=en&start=14&prev=/images%3Fq%3Dmusical%2Bnotes%26svnum%3D10%26hl%3Den%26lr%3D%26rls%3DRNWK,RNWK:2005-17,RNWK:en%26sa%3DG


ISG Platforms

C7206/c7301

/c7201C10000 C7600 w/

SIP400SAMI ASR1000

Image of first support

12.2(31)SB 12.2(31)SB 12.2(33)SRC 12.2(33)SRD Release 2

Scale 4,000 (NPE-G1)6,000 (NPE-G2)(up to 16,000 with low bandwidth per

sub)

40,000 w/o QoS32,000 with QoS

48,000 total 8,000 per SIP400

16K per ES-40

100,000 Sessions600,000 per chassis

32,000 – phase 1

64,000 – phase 2

Through-put

260Mbps (NPE-G1)390Mbps (NPE-G2)

5.1Gbps 720Gbps Fabric40Gbps per slot

6Gbps 5Gbps – 20 Gbps

Primary Deployments

PWLAN, SericeMesh, Small Broadband/DSL, Wholesale

Broadband/DSL, Wholesale

FTTx, Metro WiMax, Large Mesh/PWLAN

Broadband/DSL, Small FTTx, Small Metro, Wholesale

Traffic Classifica-

tion

Yes Yes No Yes Yes


Content Based

Service Control

SCE: An Intelligent ―Service Controlled‖ Network

Service Control-enabled Networks

Access

Network

Intelligence

Content

Provider

Internet

Enterprise

Network

Walled

Garden

Revenue model is value-based, high-usage customers are appropriately managed

Granular control over differentiated bandwidth, per-session, per application control capabilities, 2-way QoS management…


Process of Service Control

Intelligent Inspection and Control of IP Packets

Classify to end-user application; determine application semantics

Map to subscriber identity, policy and state

Select action based on conditions - time of day, congestion, usage, other concurrent activities

Take action and report

Block

Redirect

Set QoS

Mark

Service Control Engine

Report


PP#09 [Jun 07]

• Joost• Zattoo• Sony LocationFree• MSN Messenger• Microsoft PUSH e-mail• Skype 3.1• POCO 2207• PPLive• Gnuttela

Service Control Engine Protocol SupportProtocol Pack Updates

Cisco’s SCE keeps customers on top of the game

Updated protocol packs issued once every 2 months

Enhancements for existing clients/protocols/applications

New protocol or application signatures

Extensible protocol signature development toolkit to roll-your-own

Rapid time to market

PP#10 [Aug 07]

eMule 0.48a• Pando• KuGoo• Fring• Winny• Skype• Yahoo IM• ICQ IM• Gnuttela• Baidu• PPLive• PPStream


Us

ag

e A

naly

sis

Se

rvic

e C

rea

tio

n

Service Control Engine DeploymentApproaches

Implement Traffic Analysis:• Implement traffic monitoring, analysis, and reporting,• Determine subscriber and application usage patterns,

1

Implement Fair-Use Policies (FUPs):• Manage bandwidth-intensive applications through packet flow

optimization techniques,• Multimedia (Voice/Video) Traffic Prioritization

2

Implement Revenue Generating Services:• Implement tiered services using volume and time-base quotas• Implement Service Self Selection• Implement Over-The-Top (OTT) Application Strategy and

Blended Services• Implement Security Services (Anti-X, Quarantine, etc.)• Innovate other Differentiated Services such as Parental

Controls, Content Filtering, Turbo Buttons, Allowance Based Services, Prioritized App. Services, Pay-as-you-go Services

3

Portal

DHCP

AAA

Subs Profile

Policy


Service Control ExamplePeer to Peer Management

Improved Customer Experience and Network Costs

P2P

Web

Video

Subscriber friendly P2P management policies

Reduce congestion to improve end-user experience

Savings on CAPEX, OPEX and Transit costs

Savings on call-center and customer churn

Reduced Transit Costs

More BW for Interactive Apps =Improved Performance,

Reduced Support and Churn


SCE1000 SCE2000 SCE8000

Interfaces 2-GBE (Fiber SX/LX) 4-GBE (Fiber SX/LX) 2 or 4 - 10G

Mgmt. Interface 10/100 FE 2 x 10/100 FE 2 x 10/100 GE

Max. Flows

2M Concurrent

Unidirectional Application Flows

2M Concurrent


16M Concurrent


Max Subscriber-Contexts

40,000 80,000 250,000

Network Configuration

Out of Line

Inline

Out of Line

Inline

Clustering

Out of Line

Inline

Clustering

Service Control Platforms


Policy Server Vendors(non-exhaustive list)


SEFUse Cases


Self-Subscription ServiceVia Personalized Web Portal

Enable Zero-Touch Provisioning, for Full Self-Service Account Setup

Enable Customers to Self-Select and Modify Services and Features


Internet

VideoVoIP

Residential

Business

Subscriber

Subscriber Service Control Applications and Services

Converged

Packet Core

Access,

Aggregation and Service Control

BRAS/ISG


User Self Subscription with RedirectionUse Case

1. A new session is identified by ISG or by the SCE

2. Depending upon the specific deployment scenario:

Either ISG applies default service profile. If service profile not locally available, ISG downloads service profile from policy server via RADIUS, and/or the SCE applies default service profile, or uses event login pull to download service profile from policy server

3. The policy server responds with the respective service policy to ISG or SCE and generates any required billing events

4. ISG or SCE applies policy to subscriber session, which applies L4-redirection to redirect user to web portal with all other traffic denied or limited

3

41

2


Internet

VideoVoIP

Residential

Business

Subscriber


Converged

Packet Core

Access,


BRAS/ISG


Portal-Based Self Service SelectionUse Case

1. User starts web browser

2. ISG or SCE redirects user’s browser to subscriber self management portal

3. User logs into the web portal and requests an unmetered Internet

access service at a defined upstream or downstream rate

4. Web portal passes service change request to the policy server

5. The policy server confirms change to service and applies the respective service policy to ISG or the SCE,

which is then applied to the user session. The policy server can also generate any required billing events

6. User has rate limited unmetered

Internet access

3

12

4

6

5


Parental Controls and Content FilteringGetting Involved in Your Child’s Experience

Adults Can Access a Web Portal and Set Internet Controls for Children, Including Blocking Accessto Certain Types of Websites, and Imposing Time Limits on Online Access

Parental Controls and Content Filtering


Internet

VideoVoIP

Residential

Business

Subscriber


Converged

Packet Core

Access,



Parental Control Use Case

1. User logs in to web portal and subscribes to parental control service

2. Web portal passes service change request to Policy Server

3. Policy Server pushes the respective URL filtering package to the SCE, which filters the traffic for that users session

4. This could make use of the Surf Control URL filtering database

3

1

2

CMTS, BRAS/ISG, GGSN/CMX


Bandwidth-On-DemandMeeting Subscriber Needs on Demand

Subscribers Who May Have a Standard Lower-Speed Internet Service May Visit a Web Page on the Provider’s Site and Click on a Turbo Button to Boost Their Bandwidth for a Set Period of Time or to Leave the Button Engaged Until They Return and Deselect It

Turbo Button


Internet

VideoVoIP

Residential

Business

Subscriber


Converged

Packet Core

Access,



Turbo Button ServiceUse Case

1. User logs in to the web portaland requests a time quota based Internet access service at a defined upstream/ downstream rate


3. Policy Server confirms change to service and applies the respective service policy to the SCE, which is then applied to the user session. Policy Server can also generate any required billing events. User has increased rate of Internet access

4. Policy Server tracks time scheduler for subscriber session (user can view remaining time quota at portal)

5. Time quota expires and Policy Server pushes policy to SCE, which re-applies the subscriber’s previous service

2

1

4

35



Allowance or Quota Based ServicesBuy Time or Bandwidth as Needed

This Feature Allows Subscribers to Choose

Volume Quota-Based or Time-Based Bandwidth for a Set Period of Time, for Example on a Monthly Basis

Allowance Based Subscription

This Option Is Ideal for Subscribers Who Use the Internet Intermittently and Only Want to Buy Time or Bandwidth as Needed; When Users Launch Their Browsers, They Are Redirected to a Web Portal Where They Select the Two-hour “Pay As You Go” Option; After Two Hours, the Session Could Either Be Terminated or the User Could Purchase More Usage

Pay-as-You-Go Subscription Service


Internet

VideoVoIP

Residential

Business

Subscriber


Converged

Packet Core

Access,


BRAS/ISG


Prepaid ServiceUse Case

1. User logs in to the web portal and requesta usage-based Internet access service

2. Web portal passes servicechange request to the policy server

3. The policy server confirms change to service and applies the respective service policy to ISG or the SCE, which is then applied to the user session. The policy server can also generate any required billing events. User has usage limited Internet access

4. The policy server tracks usage quota based upon accounting from the ISG or SCE forthe subscriber session (user canview remaining quota at portal)

5. Usage quota expires and the policy server pushes a penalization policy to ISG or the SCE, which limits or blocks the subscriber’s service and applies HTTP redirection to redirect the user’s browser to the subscriber self management portal

6. User’s browser is redirected to the sub-scriber self management portal, wherethey can buy additional usage quota

1

4

5

6

3

2


P2P Management and Network OptimizationAnalyze, Manage, and Optimize Traffic

Peer-to-Peer Management and Network Optimization

Peer-to-Peer Traffic Can Cause Massive Traffic Peaks and Require Providers to Upgrade Expensive Backbone Links or Pay More at Peering Points; the Cisco Service Exchange Framework Enables Providers to Apply a Broad Set of Fair Use Policies to Effectively Manage All Network Traffic


Managing P2P Traffic:Packet Flow Optimization Example

Enable new business models between content and service providers

Detect and manage affiliated applications and align QoS

Co-branding and fee sharing

220,000

200,000

180,000

160,000

140,000

120,000

100,000

80,000

60,000

40,000

20,000

0

Kb

its/S

ec

Week #1 Week #3 Week #5

Hourly Total Bandwidth (Kbits/Sec) per Service

Service Prioritization via Packet Flow Optimization

Reduced Transit Costs

Actual Customer

Data

Managing P2P Applications

P2P

Web


Internet

VideoVoIP

Residential

Business


Converged

Packet Core


Prioritized Over-the-Top Appl. ServiceUse Case

1. User logs in to the web portal and requests a service which prioritizes the subscribers Over-The-Top (OTT) VoIP and/or video applications


3. Policy Server confirms change to service and applies the respective service policy the SCE, which is then applied to the user session. Policy Server can also generate any required billing events. The user has prioritized OTT VoIP and/or video applications

2

3

1

Subscriber

Access, Aggregation and Service Control



Subscriber Profiling

SCE inspects and analyzes all subscriber traffic passing through it

A couple of integration options are available, for maximum flexibility

Information can be summarized in per-flow data records and sent out to profiling servers

Relevant part of traffic flow can be replicated and diverted through the profiling servers

Profiling servers create a subscriber profile to be later used in targeting

SCE Subscriber awareness allows for providing opt-in/opt-out capabilities to subscribers


Subscriber Profiling – Intelligent Traffic Mirroring

1Subscribers browse web

2SCE mirrors (or filters) relevant traffic to profiling servers

3Profiling servers process traffic, extract relevant attributes and compose subscriber profiles

SCE mirrors (or filters) relevant* subscriber traffic to profiling servers

Relevance is defined based on profiling vendor preference, and may include all/part of web traffic and/or other applications

Mirrored traffic is sent out over designated VLANs

Most traffic is only handled by the SCE and is offloaded from servers

Profiling servers process traffic to create subscriber profile

Alice: automotive, stock trading, PDAs…..

Bob: cookware, online gaming, baby outfit…..

…


Service Security Challenges

Key challenges:

Open access: SP cannot apply restriction on usage (e.g. block certain port numbers)

No mandatory security tools: end-users may not have any security protection

End-users are not educated on security best practices,

New “triple-play” services increase potential threat (i.e. VoIP viruses, EPG hacking, etc.)

Affect on SP business:

Increased cost for carrier from network management and downtime

Subscriber churn and customer support costs

Ability to Identify and Mitigate Attacks Emanating from Its Own Users


Service Security Protection

Mitigates security threats in the open broadband network

DoS: DoS attacks from subscribers

Spam: Spam activity from botnets or

malicious users

Worms: Worm infections and propagation attempts

Three-tier solution; uses a combination of anomaly detection and signature matching to:

Identify: Threat using stateful traffic

processing and alert SP operations

Protect: Block/mitigate threat based on configured policy

Notify: Quarantine subscriber and notify of

security risk

Email Servers

Internet

Service Control

Dear Valued Subscriber:

We are advising you that your PC may have become infected with an "email zombie" generating spam mail and could potentially cause additional security issues for you. Click here for technical assistance: www.technicalsupport.com.

http://www.technicalsupport.com/


Internet

VideoVoIP

Residential

Business


Converged

Packet CoreBRAS/ISG


Anomaly DetectionUse Case

1. Infected PC is used for

TCP SYN attack

2. SCE detects SYN attack and sends notification to policy server

3. The policy server pushes policy to

SCE, which applies HTTP redirection to redirect user to web portal (all other traffic

is blocked or limited)

4. User browser is redirected to web portal, where they are informed of infection and appropriate actions

to take to clear infection (they mayalso be informed via other means such as e-mail)

Subscriber


4

1

2

3


VAS Server

Internet

X

Inbound Traffic

Outbound Traffic

X Traffic Blocked

1

2

3

4

SCE

Carrier EthernetMPLS/IP

Subscriber 1 attempts to retrieve e-mail from a mail server or download file from Website or Peer application

The SCE identifies subscriber traffic flows matches Virus Protection Package

The VAS server receives traffic from the SCE with a VLAN tag used in communication between User 1 and the server

The server transmits the file, which contains a virus or other malware. VAS will detect the embedded malware and drop remaining packets so file isn’t loaded on user machine

1

2

3

4

Virus and Malware ProtectionRemove Malware Destined to Users

User 1


Internet

VideoVoIP

Residential

Business

Subscriber


Converged

Packet Core


BRAS/ISG

Content And Context Filtering ServiceAnti-X Use Case

1. User logs in to web portal and

subscribes to Anti-X control service


3. Policy server pushes a package to the

SCE which applies a VAS package to the subscriber subjects the subscribers traffic

4. The respective URL filtering package

to the SCE, such that the user traffic is subjected to an external appliance providing the appropriate service (e.g.

Streamshield, Ironport)

4

2

1

VASAppliance

SCE

3


SEFSummary


Benefits of Service Control

Increased visibility:

Understand usage patterns and network performance

Usage billing, acceptable usage monitoring

Conditioning the networkReduce costs on network OPEX and CAPEX

Improve network performance and end-user experience

Protect network from outbound attacks

Profit from new and differentiated servicesRapidly roll-out new services,

Support multiple/converged access technologies

Advanced billing schemes, bandwidth on demand and QoS differentiation

Follows industry standards and trends

Cisco Service Exchange Framework —Delivers Personalized, Application-Aware Broadband Experience


Possible Approach

Create a Platform for Future Service Evolution

End-to-end integrated service visibility and control

Improve Network Visibility and Performance

Service mix monitoring per application and user, improved network yield through improved visibility, behavior anomaly monitoring (for troubleshooting and security)

Enable New Services

Bandwidth-on-demand, application plus user traffic differentiation, usage-based service, and fine granularity reporting

Initially Deploy SEF Components

SCE: For application/user awareness and policy enforcement

Policy Server: For dynamic provisioning and policy mgmt.

ISG/SSG: For application awareness and policy enforcement


Subscription Self-Service Examples

Parental Controls and Content FilteringSet Internet controls for children, including blocking access and imposing time limits on online use

Bandwidth On-DemandA Turbo Button to boost bandwidth for a set or undetermined period of time

Allowance-based SubscriptionChoose quota-based or time-based bandwidth for a set period of time

Pay-as-You-Go Subscription Service

Buy time or bandwidth as needed

Personalized Subscriber Management Service Examples

Optimized Operational Services Examples

Broadband LightEncourage dial users to migrate to broadband with tiered access speeds

P2P Management and Network Optimization

Apply a broad set of policies to manage all traffic


Cisco IP NGN Vision and ArchitectureEnabling Unique Connected Life Experiences

Partner

Content Providers, Middleware, System Integrators

Build

CRS-1, ISG, 7600, 7200/7300

Aquire

Scientific Atlanta, Linksys, Arroyo

Resources

Comprehensive IP NGN Portfolio

IP DNA

Unmatched IP Expertise and Experience

Commitment

Over $1.4B R&D FY’05 for SPs


Q and A


Documents

Services Exchange Framework Overviewpalo/Rozne/cisco-expo-2009/Presentati… · IP NGNs support more services, provide greater efficiencies, and enable better network, service,