Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
© 2007 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Services Exchange Framework Overview
Peter Gaspar, Consulting System Engineer
© 2008 Cisco Systems, Inc. All rights reserved. 2
Agenda
SEF Introduction
SEF Architecture
Cisco Solution Elements
Use Cases
Summary
© 2008 Cisco Systems, Inc. All rights reserved. 3
SEFIntroduction
© 2008 Cisco Systems, Inc. All rights reserved. 4
The Rise of the Empowered Consumer Evolutionary Phases of Experience
Provider to User Dynamic
User to Provider Dynamic
PassiveBroadcast TV, Web Access
PickService Bundles, VoD
ParticipateInteractiveGaming, Collaborative Services
ProduceCreate Playlists, Remix, Blogs
ConnectOne Service Fits All, Discrete Model
TransactE-Wallet,E-Ticket
InteractPersonalization, Socialization
EmpowerComplete Customization
Experience
© 2008 Cisco Systems, Inc. All rights reserved. 5
A World of Agile Attackers and Potential Partners
Device Services
Facilities-Based Players
―Over the Top‖ Players
Value Chain
Content Providers
© 2008 Cisco Systems, Inc. All rights reserved. 6
Over-the-Top Providers (OTTP)Value-Add Partners or Disintermediators? Or Both?
OTT Communications Providers like Vonage, Skype, Google Talk… represent Service Substitution and Pricing threats to Traditional Voice
OTT Content Providers like Disney and CinemaNow are looking for opportunities touse The Internet as a means to disintermediate video distribution businesses
Drivers ofCompetition
Access to OTT Services and Applications drives penetration of consumer broadband
Time Sensitive Applications like Video and Voice create opportunities for Guaranteed delivery
Drivers ofCollaboration
© 2008 Cisco Systems, Inc. All rights reserved. 7
Access andNetworkServices
NGSPServiceDelivery
Role
ApplicationServices
Business Model ―Closed‖Coopetition Coopetition―Utility‖
A New Business Model for SPs:Monetize the Growth of OTTPs
Innovation
Leverage partner strengths(e.g. brand, content relationships)
Enhance regulatory position
Guaranteed delivery
Customer’s agent/intermediary
Simplicity, reliability and trust/security
Driversfor
Open/PartnerDelivery
Private IPPublic IP (Internet)
NGSP-Enabled ServicesInternet/Over-the-Top Apps
Tiered Services and Fair Use
PoliciesPartnership Delivery and Control
New Middle Ground
Exclusive andIntegrated Delivery
and Control
Service Exchange Framework
Source: Cisco IBSG, December 2006
SP-VoIP
IPTVVoD
P2P File-Sharing
Web Music Games
VoIP
Video
© 2008 Cisco Systems, Inc. All rights reserved. 8
Access andNetworkServices
ApplicationServices
Business Model DB CA
Private IPPublic IP (Internet)
Exclusive and
Integrated Delivery and Control
Partnership Delivery and Control
NGSP-Enabled ServicesInternet/Over-the-Top Apps
Volume Quota Based TieringInternet OTT Video vs. On-Net Service Offering
SP Shareof ValueChain
Tiered Services
and Fair Use Policies
X
2GB6GB
40GB
Quota Counting
Video File Size: 2.2 GB
Unbox Video Downloads
No Quota concept
On-Net Download Service
NGSPServiceDelivery
Role
© 2008 Cisco Systems, Inc. All rights reserved. 9
The Experience Provider Transition Requires New Business Models for Growth and Success
Build… Partner…
Innovate… Deliver…
IP NGNs support more services,
provide greater efficiencies, and enable better network, service, and business control
With content, OTT, facilities-based,
device, and financial partners (et al.) to open new markets and opportunities including expanding
advertisement revenue
By blending services, content,
and convenience to create unique experiences that build brand recognition and loyalty
Personalized services to any
device, to any location, at any time with greater access, content, and billing control
© 2008 Cisco Systems, Inc. All rights reserved. 10
SEFArchitecture
© 2008 Cisco Systems, Inc. All rights reserved. 11
Cisco IP NGN ArchitectureAchieving a Whole Greater Than the Sum of the Parts
Intelligent Networking
Tele-Presence
CollaborationPresence-
Based Telephony
Web ServicesMobile Apps
IPContact Center
IntelligentEdge
CustomerElement
MultiserviceCore
Access/ Aggregation
Ap
plica
tio
n
La
ye
rS
erv
ice
L
aye
rN
etw
ork
L
aye
r
Transport
Op
era
tio
na
l La
ye
r
Service Exchange
Framework
Identity Policy Billing
Mobility
Self Service
Open Framework
for Enabling “Any Play” Delivery
(Any service, to any device,
to any location)
© 2008 Cisco Systems, Inc. All rights reserved. 12
Ne
two
rk
La
ye
rS
erv
ice
L
aye
rA
pp
lica
tion
L
aye
r
Cisco IP NGN: Universal NGN ArchitectureEnabling all Emerging Network Architecture Standards
Generic Service Subsystems
Identity and Mobility Management
Service Policy and Resource Management
Session and Media Management
SEF Common Service Subsystem
―Anything IP‖ SubsystemOther SIP or Non-SIP SS IMS Service Subsystem
Aggregation Intelligent EdgeMultiservice
Core
Network Element Service Control and Peering
SCEISG SBC
WirelineAccess
WirelessAccess
CoreFunctions
Optimal Interopwith Intelligent NEs
Any IP ApplicationCurrent and Future
―Over-The-Top-Applications‖
IMS-enabled SIP Applications
―Future Feature Attractions‖
Application Support Functions
… …
… …
© 2008 Cisco Systems, Inc. All rights reserved. 13
Service Exchange Framework Enabling Unique Subscriber Experiences
Session and Media Management
Call Control Session Border Control Rich-Media Control Diff Bandwidth & QoS per Session Accounting / Billing
Service Policy and Resource Management
Subscriber Policy Application / Chaining Per-Subscriber Service Service Invocation
Identity and Mobility Management
User / Device ID Subscriber Awareness Location / Presence Service Registration Audit / Logging
Assured Authentication Device Roaming Service Mobility User Mobility
Cisco Service
ExchangeFramework
© 2008 Cisco Systems, Inc. All rights reserved. 14
Cisco IP NGN Standards SupportUnderstanding Unique Segment Requirements
Mobile
Since 1999
3GPP IMS3GPP2 MMD
Wireline
Since 2004 Since 2005
Cable
ITU ITU SG13 NGNETSI TISPAN
ATIS NGN
CableLabs PacketCable 2.0
IETF Protocols e.g., SIP, Diameter…
Many Efforts, Dynamically Evolving,
but All Focused on SIP
© 2008 Cisco Systems, Inc. All rights reserved. 15
Cisco SEF and IMS Alignment
Ne
two
rk
La
ye
rS
erv
ice
La
ye
rA
pp
lica
tion
L
aye
r
Identity and Mobility Management
Service Policy and Resource Management
Session and Media Management
SEF Common Service Subsystem
―Anything IP‖ SubsystemOther SIP or Non-SIP SS IMS Service Subsystem
Aggregation Intelligent EdgeMultiservice
Core
Network Element Service Control and Peering
WirelineAccess
WirelessAccess
Any IP ApplicationCurrent and Future ―Over-The-Top-
Applications‖
IMS-enabled SIP Applications
―Future Feature Attractions‖
Application Support Functions
… …
… …
IMS
AS ..
Presence ASMessaging
ASConferencing
AS
I-CSCFHSS
P-CSCF
S-CSCF
BGCFMGCF
© 2008 Cisco Systems, Inc. All rights reserved. 16
Cisco SEF and TISPAN Alignment
Ne
two
rk
La
ye
rS
erv
ice
La
ye
rA
pp
lica
tion
L
aye
r
Identity and Mobility Management
Service Policy and Resource Management
Session and Media Management
SEF Common Service Subsystem
―Anything IP‖ SubsystemOther SIP or Non-SIP SS IMS Service Subsystem
Aggregation Intelligent EdgeMultiservice
Core
Network Element Service Control and Peering
WirelineAccess
WirelessAccess
Any IP ApplicationCurrent and Future ―Over-The-Top-
Applications‖
IMS-enabled SIP Applications
―Future Feature Attractions‖
Application Support Functions
… …
… …
NASS RACS
Common Components
IMSPES
AF-1 AF-2
AMF
BGF
Future SS…
BGF
RCEF
AMF RCEF
© 2008 Cisco Systems, Inc. All rights reserved. 17
Cisco SEF and PacketCable Alignment
Ne
two
rk
La
ye
rS
erv
ice
La
ye
rA
pp
lica
tion
L
aye
r
Identity and Mobility Management
Service Policy and Resource Management
Session and Media Management
SEF Common Service Subsystem
―Anything IP‖ SubsystemOther SIP or Non-SIP SS IMS Service Subsystem
Aggregation Intelligent EdgeMultiservice
Core
Network Element Service Control and Peering
WirelineAccess
WirelessAccess
Any IP ApplicationCurrent and Future ―Over-The-Top-
Applications‖
IMS-enabled SIP Applications
―Future Feature Attractions‖
Application Support Functions
… …
… …
AS (IMS)
Application Manager
Policy Repository
Policy Server
CMTS
SG
AS (Conf)
AS (UM)
MGC
MG
Border Element
Subscriber Data Server
Service Proxy
Registrar
Location Server
Presence Server
© 2008 Cisco Systems, Inc. All rights reserved. 18
Cisco Service Exchange FrameworkCisco SEF Provides Unmatched Network/Subscriber/Application Awareness
Solution Core Functions
BRAS / uBR: Cisco 7x00, 10000 Series Broadband Aggregation
VoBB: Cisco Catalyst 3K/4K, 7600 Series Optimized Video Service Delivery
Cisco Mobile Exchange Mobility Service Management
Cisco CNS Access Registrar Identity Management, AAA
Cisco Intelligent Services Gateway (ISG) Multi-dimensional Identity, Service Personalization
Cisco Service Control Engine Integrated Policy Management
Policy Manager Policy Control
Cisco BTS10200 Softswitch Packet Voice
Cisco PGW2200 PSTN Gateway VoIP to PSTN Interconnect
MGX 8880 Media Gateway Packet Voice / Advanced Services
Cisco SBC and IP-to-IP Gateways Session Border Control
Cisco Content Delivery System (CDS) Intelligent Content Distributon
Service Access Platforms
Identity & Location Management
Policy & Resource Management
Session & Media Management
© 2008 Cisco Systems, Inc. All rights reserved. 19
Cisco Wireline SEF Solution:Functional Architecture
PGW2200BGCF
_____SPDF
BPMA-RACF
10k ISG / SCERCEF / [AMF]
12k / 7600C-BGF
PartnerI-CSCF
PartnerS-CSCF
PGW2200MGCF
BPMC-RACF
BPMSPDF
12k / 7600I-BGF
IP / MPLSCore
12k / 7600IBCF
IMS ApplicationsNon IMS Applications
MGX/VxSMAS5x00
Media Gw
CNRNACF
CARUUAF/NACF
BACCNGCF
P DirectorCLF
LinksysCNG
ITPSGF
Other
IMS
Other IPNetwork
Other TDMNetwork
e2
IaRe
e4
Mw
Mw
Mn
Ie
a1a3e3
NASS
Network Layer
RACS
a2a4
Mk
Mw
Mi
Rq
Gm
IMS Subsystem
Rf
12k / 7600P-CSCF
Gq’
_____SPDF
Interfaces:
= Diameter
= H.248
= SIP
= TR-69
= <tbd>
Legend
Components:
= Cisco
= Partner
PSTN
e1
© 2008 Cisco Systems, Inc. All rights reserved. 20
SEFPolicy Control Solution
© 2008 Cisco Systems, Inc. All rights reserved. 21
Cisco Service Exchange FrameworkCisco SEF Provides Unmatched Network/Subscriber/Application Awareness
Solution Core Functions
BRAS / uBR: Cisco 7x00, 10000 Series Broadband Aggregation
VoBB: Cisco Catalyst 3K/4K, 7600 Series Optimized Video Service Delivery
Cisco Mobile Exchange Mobility Service Management
Cisco CNS Access Registrar Identity Management, AAA
Cisco Intelligent Services Gateway (ISG) Multi-dimensional Identity, Service Personalization
Cisco Service Control Engine Integrated Policy Management
Policy Manager Policy Control
Cisco BTS10200 Softswitch Packet Voice
Cisco PGW2200 PSTN Gateway VoIP to PSTN Interconnect
MGX 8880 Media Gateway Packet Voice / Advanced Services
Cisco SBC and IP-to-IP Gateways Session Border Control
Cisco Content Delivery System (CDS) Intelligent Content Distributon
Service Access Platforms
Identity & Location Management
Policy & Resource Management
Session & Media Management
Cisco Intelligent Services Gateway (ISG)
Cisco Service Control Engine
Policy Manager
© 2008 Cisco Systems, Inc. All rights reserved. 22
The TrilogyIntegrated SEF Solution Example
Service
Control
Engine
Policy Manager
Internet
Core
AAA
ISG/
eGGSN
Application Server
IP Television
Softswitch
© 2008 Cisco Systems, Inc. All rights reserved. 23
Cisco Intelligent Services Gateway (ISG)for Cisco 10000, 7200/7300 and 7600 Series
Many Services to Many Screens
IdentityBillingDHCPRadiusOSS/BSS
ISG
Dynamic Personalized
Services
Multi-Dimensional
Identity
Integrated Policy Server
Operational Integration
Point
IPTV/VoD BroadbandAccess
Gaming
Messaging MusicVoiceNetwork
intelligence enables scalable
efficiency
Subscriber and/or application driven
Enables tailored services delivery
Speed to service
IPNetwork
Designed to Support Both IMS and non-IMS based Applications
© 2008 Cisco Systems, Inc. All rights reserved. 24
Generic Session:Common Services, Media Independent
PSTN
Dial
ATM SwitchDSLAM
DSL
Wireless
AccessDistribution
Ethernet
Fiber NodeCable
Mobile RAN
Common Generic Session Type
Common Session-Services
Different Access Media and Protocols
Dial DSL WiMax Ethernet 802.11 802.16 Future..
Created at first sign of subscriber activity
Common context on which session-services/policies are activated
InherentPart of the Network Operating System
Well-known and new Session-Services in IOS:
Examples: Port Bundle Host Key, Prepaid, Layer 4 Redirect, MAC based authorization, VRF Transfer,DHCP Proxy with Policy, Session Dynamic QoS Control,…
Access
© 2008 Cisco Systems, Inc. All rights reserved. 25
ISG Multi-Dimensional ID
CustomerEquipment
Aggregation
ISG
Service/Policy Control
ISG builds a composite Multi-dimensional Identifier for every Session. The mxID includes a composite of any and all of the following as applicable:
Data Plane
Control Plane
Policy PlaneS
essio
nMultidimensional Identity
<MAC, DHCP Option 82, VLAN ID,
VRF-ID, CLID, Source IP, PBHK,
NAS-Port, Session-ID, Ascend
Server Key, GUID, domain name,
username >
Identity
© 2008 Cisco Systems, Inc. All rights reserved. 26
NetworkService
AC
LA
CL
AC
L
FeatureFeatureFeature
ISG Session ModelISG Subscriber Session Data Plane
Session-Features:Apply to the
entire session
Traffic Classification(using traffic classes:
class-map typetraffic)
Network Service:Forwarding (at L2, e.g.
L2TP) orRouting (L3, e.g.
connection to a VRF)
Flow-Features:Apply to the
classified flow(a portion of
the entire sessiondata)
Flow
Flow
Flow
Subscriber Session
Data
© 2008 Cisco Systems, Inc. All rights reserved. 27
ISG: Integrated Policy ServerNetwork Intelligence Enabling Scale and Efficiency
Leverages local policy intelligence and existing infrastructure for delivery of well-understood services
IntegratedPolicyServer
AAA
CiscoBPM
Policy Manager administrates end-to-end network QoS for premium content
ISG updates QoS policy for faster download times of premium content
Internet
ISGISGAAA
Hybrid ArchitectureExample: Premium Content Access
Decentralized ArchitectureExample: Dial-Up Migration
to Quota-Based BB
Local Policy for Basic Service
Internet
End-to-EndQoS
IPTV/VoD GamingMusic
© 2008 Cisco Systems, Inc. All rights reserved. 28
ISG Platforms
C7206/c7301
/c7201C10000 C7600 w/
SIP400SAMI ASR1000
Image of first support
12.2(31)SB 12.2(31)SB 12.2(33)SRC 12.2(33)SRD Release 2
Scale 4,000 (NPE-G1)6,000 (NPE-G2)(up to 16,000 with low bandwidth per
sub)
40,000 w/o QoS32,000 with QoS
48,000 total 8,000 per SIP400
16K per ES-40
100,000 Sessions600,000 per chassis
32,000 – phase 1
64,000 – phase 2
Through-put
260Mbps (NPE-G1)390Mbps (NPE-G2)
5.1Gbps 720Gbps Fabric40Gbps per slot
6Gbps 5Gbps – 20 Gbps
Primary Deployments
PWLAN, SericeMesh, Small Broadband/DSL, Wholesale
Broadband/DSL, Wholesale
FTTx, Metro WiMax, Large Mesh/PWLAN
Broadband/DSL, Small FTTx, Small Metro, Wholesale
Traffic Classifica-
tion
Yes Yes No Yes Yes
© 2008 Cisco Systems, Inc. All rights reserved. 29
Content Based
Service Control
SCE: An Intelligent ―Service Controlled‖ Network
Service Control-enabled Networks
Access
Network
Intelligence
Content
Provider
Internet
Enterprise
Network
Walled
Garden
Revenue model is value-based, high-usage customers are appropriately managed
Granular control over differentiated bandwidth, per-session, per application control capabilities, 2-way QoS management…
© 2008 Cisco Systems, Inc. All rights reserved. 30
Process of Service Control
Intelligent Inspection and Control of IP Packets
Classify to end-user application; determine application semantics
Map to subscriber identity, policy and state
Select action based on conditions - time of day, congestion, usage, other concurrent activities
Take action and report
Block
Redirect
Set QoS
Mark
Service Control Engine
Report
© 2008 Cisco Systems, Inc. All rights reserved. 31
PP#09 [Jun 07]
• Joost• Zattoo• Sony LocationFree• MSN Messenger• Microsoft PUSH e-mail• Skype 3.1• POCO 2207• PPLive• Gnuttela
Service Control Engine Protocol SupportProtocol Pack Updates
Cisco’s SCE keeps customers on top of the game
Updated protocol packs issued once every 2 months
Enhancements for existing clients/protocols/applications
New protocol or application signatures
Extensible protocol signature development toolkit to roll-your-own
Rapid time to market
PP#10 [Aug 07]
eMule 0.48a• Pando• KuGoo• Fring• Winny• Skype• Yahoo IM• ICQ IM• Gnuttela• Baidu• PPLive• PPStream
© 2008 Cisco Systems, Inc. All rights reserved. 32
Us
ag
e A
naly
sis
Se
rvic
e C
rea
tio
n
Service Control Engine DeploymentApproaches
Implement Traffic Analysis:• Implement traffic monitoring, analysis, and reporting,• Determine subscriber and application usage patterns,
1
Implement Fair-Use Policies (FUPs):• Manage bandwidth-intensive applications through packet flow
optimization techniques,• Multimedia (Voice/Video) Traffic Prioritization
2
Implement Revenue Generating Services:• Implement tiered services using volume and time-base quotas• Implement Service Self Selection• Implement Over-The-Top (OTT) Application Strategy and
Blended Services• Implement Security Services (Anti-X, Quarantine, etc.)• Innovate other Differentiated Services such as Parental
Controls, Content Filtering, Turbo Buttons, Allowance Based Services, Prioritized App. Services, Pay-as-you-go Services
3
Portal
DHCP
AAA
Subs Profile
Policy
© 2008 Cisco Systems, Inc. All rights reserved. 33
Service Control ExamplePeer to Peer Management
Improved Customer Experience and Network Costs
P2P
Web
Video
Subscriber friendly P2P management policies
Reduce congestion to improve end-user experience
Savings on CAPEX, OPEX and Transit costs
Savings on call-center and customer churn
Reduced Transit Costs
More BW for Interactive Apps =Improved Performance,
Reduced Support and Churn
© 2008 Cisco Systems, Inc. All rights reserved. 34
SCE1000 SCE2000 SCE8000
Interfaces 2-GBE (Fiber SX/LX) 4-GBE (Fiber SX/LX) 2 or 4 - 10G
Mgmt. Interface 10/100 FE 2 x 10/100 FE 2 x 10/100 GE
Max. Flows
2M Concurrent
Unidirectional Application Flows
2M Concurrent
Unidirectional Application Flows
16M Concurrent
Unidirectional Application Flows
Max Subscriber-Contexts
40,000 80,000 250,000
Network Configuration
Out of Line
Inline
Out of Line
Inline
Clustering
Out of Line
Inline
Clustering
Service Control Platforms
© 2008 Cisco Systems, Inc. All rights reserved. 35
Policy Server Vendors(non-exhaustive list)
© 2008 Cisco Systems, Inc. All rights reserved. 36
SEFUse Cases
© 2008 Cisco Systems, Inc. All rights reserved. 37
Self-Subscription ServiceVia Personalized Web Portal
Enable Zero-Touch Provisioning, for Full Self-Service Account Setup
Enable Customers to Self-Select and Modify Services and Features
© 2008 Cisco Systems, Inc. All rights reserved. 38
Internet
VideoVoIP
Residential
Business
Subscriber
Subscriber Service Control Applications and Services
Converged
Packet Core
Access,
Aggregation and Service Control
BRAS/ISG
Service Control Engine
User Self Subscription with RedirectionUse Case
1. A new session is identified by ISG or by the SCE
2. Depending upon the specific deployment scenario:
Either ISG applies default service profile. If service profile not locally available, ISG downloads service profile from policy server via RADIUS, and/or the SCE applies default service profile, or uses event login pull to download service profile from policy server
3. The policy server responds with the respective service policy to ISG or SCE and generates any required billing events
4. ISG or SCE applies policy to subscriber session, which applies L4-redirection to redirect user to web portal with all other traffic denied or limited
3
41
2
© 2008 Cisco Systems, Inc. All rights reserved. 39
Internet
VideoVoIP
Residential
Business
Subscriber
Subscriber Service Control Applications and Services
Converged
Packet Core
Access,
Aggregation and Service Control
BRAS/ISG
Service Control Engine
Portal-Based Self Service SelectionUse Case
1. User starts web browser
2. ISG or SCE redirects user’s browser to subscriber self management portal
3. User logs into the web portal and requests an unmetered Internet
access service at a defined upstream or downstream rate
4. Web portal passes service change request to the policy server
5. The policy server confirms change to service and applies the respective service policy to ISG or the SCE,
which is then applied to the user session. The policy server can also generate any required billing events
6. User has rate limited unmetered
Internet access
3
12
4
6
5
© 2008 Cisco Systems, Inc. All rights reserved. 40
Parental Controls and Content FilteringGetting Involved in Your Child’s Experience
Adults Can Access a Web Portal and Set Internet Controls for Children, Including Blocking Accessto Certain Types of Websites, and Imposing Time Limits on Online Access
Parental Controls and Content Filtering
© 2008 Cisco Systems, Inc. All rights reserved. 41
Internet
VideoVoIP
Residential
Business
Subscriber
Subscriber Service Control Applications and Services
Converged
Packet Core
Access,
Aggregation and Service Control
Service Control Engine
Parental Control Use Case
1. User logs in to web portal and subscribes to parental control service
2. Web portal passes service change request to Policy Server
3. Policy Server pushes the respective URL filtering package to the SCE, which filters the traffic for that users session
4. This could make use of the Surf Control URL filtering database
3
1
2
CMTS, BRAS/ISG, GGSN/CMX
© 2008 Cisco Systems, Inc. All rights reserved. 42
Bandwidth-On-DemandMeeting Subscriber Needs on Demand
Subscribers Who May Have a Standard Lower-Speed Internet Service May Visit a Web Page on the Provider’s Site and Click on a Turbo Button to Boost Their Bandwidth for a Set Period of Time or to Leave the Button Engaged Until They Return and Deselect It
Turbo Button
© 2008 Cisco Systems, Inc. All rights reserved. 43
Internet
VideoVoIP
Residential
Business
Subscriber
Subscriber Service Control Applications and Services
Converged
Packet Core
Access,
Aggregation and Service Control
Service Control Engine
Turbo Button ServiceUse Case
1. User logs in to the web portaland requests a time quota based Internet access service at a defined upstream/ downstream rate
2. Web portal passes service change request to Policy Server
3. Policy Server confirms change to service and applies the respective service policy to the SCE, which is then applied to the user session. Policy Server can also generate any required billing events. User has increased rate of Internet access
4. Policy Server tracks time scheduler for subscriber session (user can view remaining time quota at portal)
5. Time quota expires and Policy Server pushes policy to SCE, which re-applies the subscriber’s previous service
2
1
4
35
CMTS, BRAS/ISG, GGSN/CMX
© 2008 Cisco Systems, Inc. All rights reserved. 44
Allowance or Quota Based ServicesBuy Time or Bandwidth as Needed
This Feature Allows Subscribers to Choose
Volume Quota-Based or Time-Based Bandwidth for a Set Period of Time, for Example on a Monthly Basis
Allowance Based Subscription
This Option Is Ideal for Subscribers Who Use the Internet Intermittently and Only Want to Buy Time or Bandwidth as Needed; When Users Launch Their Browsers, They Are Redirected to a Web Portal Where They Select the Two-hour “Pay As You Go” Option; After Two Hours, the Session Could Either Be Terminated or the User Could Purchase More Usage
Pay-as-You-Go Subscription Service
© 2008 Cisco Systems, Inc. All rights reserved. 45
Internet
VideoVoIP
Residential
Business
Subscriber
Subscriber Service Control Applications and Services
Converged
Packet Core
Access,
Aggregation and Service Control
BRAS/ISG
Service Control Engine
Prepaid ServiceUse Case
1. User logs in to the web portal and requesta usage-based Internet access service
2. Web portal passes servicechange request to the policy server
3. The policy server confirms change to service and applies the respective service policy to ISG or the SCE, which is then applied to the user session. The policy server can also generate any required billing events. User has usage limited Internet access
4. The policy server tracks usage quota based upon accounting from the ISG or SCE forthe subscriber session (user canview remaining quota at portal)
5. Usage quota expires and the policy server pushes a penalization policy to ISG or the SCE, which limits or blocks the subscriber’s service and applies HTTP redirection to redirect the user’s browser to the subscriber self management portal
6. User’s browser is redirected to the sub-scriber self management portal, wherethey can buy additional usage quota
1
4
5
6
3
2
© 2008 Cisco Systems, Inc. All rights reserved. 46
P2P Management and Network OptimizationAnalyze, Manage, and Optimize Traffic
Peer-to-Peer Management and Network Optimization
Peer-to-Peer Traffic Can Cause Massive Traffic Peaks and Require Providers to Upgrade Expensive Backbone Links or Pay More at Peering Points; the Cisco Service Exchange Framework Enables Providers to Apply a Broad Set of Fair Use Policies to Effectively Manage All Network Traffic
© 2008 Cisco Systems, Inc. All rights reserved. 47
Managing P2P Traffic:Packet Flow Optimization Example
Enable new business models between content and service providers
Detect and manage affiliated applications and align QoS
Co-branding and fee sharing
220,000
200,000
180,000
160,000
140,000
120,000
100,000
80,000
60,000
40,000
20,000
0
Kb
its/S
ec
Week #1 Week #3 Week #5
Hourly Total Bandwidth (Kbits/Sec) per Service
Service Prioritization via Packet Flow Optimization
Reduced Transit Costs
Actual Customer
Data
Managing P2P Applications
P2P
Web
© 2008 Cisco Systems, Inc. All rights reserved. 48
Internet
VideoVoIP
Residential
Business
Subscriber Service Control Applications and Services
Converged
Packet Core
Service Control Engine
Prioritized Over-the-Top Appl. ServiceUse Case
1. User logs in to the web portal and requests a service which prioritizes the subscribers Over-The-Top (OTT) VoIP and/or video applications
2. Web portal passes service change request to Policy Server
3. Policy Server confirms change to service and applies the respective service policy the SCE, which is then applied to the user session. Policy Server can also generate any required billing events. The user has prioritized OTT VoIP and/or video applications
2
3
1
Subscriber
Access, Aggregation and Service Control
CMTS, BRAS/ISG, GGSN/CMX
© 2008 Cisco Systems, Inc. All rights reserved. 49
Subscriber Profiling
SCE inspects and analyzes all subscriber traffic passing through it
A couple of integration options are available, for maximum flexibility
Information can be summarized in per-flow data records and sent out to profiling servers
Relevant part of traffic flow can be replicated and diverted through the profiling servers
Profiling servers create a subscriber profile to be later used in targeting
SCE Subscriber awareness allows for providing opt-in/opt-out capabilities to subscribers
© 2008 Cisco Systems, Inc. All rights reserved. 50
Subscriber Profiling – Intelligent Traffic Mirroring
1Subscribers browse web
2SCE mirrors (or filters) relevant traffic to profiling servers
3Profiling servers process traffic, extract relevant attributes and compose subscriber profiles
SCE mirrors (or filters) relevant* subscriber traffic to profiling servers
Relevance is defined based on profiling vendor preference, and may include all/part of web traffic and/or other applications
Mirrored traffic is sent out over designated VLANs
Most traffic is only handled by the SCE and is offloaded from servers
Profiling servers process traffic to create subscriber profile
Alice: automotive, stock trading, PDAs…..
Bob: cookware, online gaming, baby outfit…..
…
© 2008 Cisco Systems, Inc. All rights reserved. 51
Service Security Challenges
Key challenges:
Open access: SP cannot apply restriction on usage (e.g. block certain port numbers)
No mandatory security tools: end-users may not have any security protection
End-users are not educated on security best practices,
New “triple-play” services increase potential threat (i.e. VoIP viruses, EPG hacking, etc.)
Affect on SP business:
Increased cost for carrier from network management and downtime
Subscriber churn and customer support costs
Ability to Identify and Mitigate Attacks Emanating from Its Own Users
© 2008 Cisco Systems, Inc. All rights reserved. 52
Service Security Protection
Mitigates security threats in the open broadband network
DoS: DoS attacks from subscribers
Spam: Spam activity from botnets or
malicious users
Worms: Worm infections and propagation attempts
Three-tier solution; uses a combination of anomaly detection and signature matching to:
Identify: Threat using stateful traffic
processing and alert SP operations
Protect: Block/mitigate threat based on configured policy
Notify: Quarantine subscriber and notify of
security risk
Email Servers
Internet
Service Control
Dear Valued Subscriber:
We are advising you that your PC may have become infected with an "email zombie" generating spam mail and could potentially cause additional security issues for you. Click here for technical assistance: www.technicalsupport.com.
© 2008 Cisco Systems, Inc. All rights reserved. 53
Internet
VideoVoIP
Residential
Business
Subscriber Service Control Applications and Services
Converged
Packet CoreBRAS/ISG
Service Control Engine
Anomaly DetectionUse Case
1. Infected PC is used for
TCP SYN attack
2. SCE detects SYN attack and sends notification to policy server
3. The policy server pushes policy to
SCE, which applies HTTP redirection to redirect user to web portal (all other traffic
is blocked or limited)
4. User browser is redirected to web portal, where they are informed of infection and appropriate actions
to take to clear infection (they mayalso be informed via other means such as e-mail)
Subscriber
Access, Aggregation and Service Control
4
1
2
3
© 2008 Cisco Systems, Inc. All rights reserved. 54
VAS Server
Internet
X
Inbound Traffic
Outbound Traffic
X Traffic Blocked
1
2
3
4
SCE
Carrier EthernetMPLS/IP
Subscriber 1 attempts to retrieve e-mail from a mail server or download file from Website or Peer application
The SCE identifies subscriber traffic flows matches Virus Protection Package
The VAS server receives traffic from the SCE with a VLAN tag used in communication between User 1 and the server
The server transmits the file, which contains a virus or other malware. VAS will detect the embedded malware and drop remaining packets so file isn’t loaded on user machine
1
2
3
4
Virus and Malware ProtectionRemove Malware Destined to Users
User 1
© 2008 Cisco Systems, Inc. All rights reserved. 55
Internet
VideoVoIP
Residential
Business
Subscriber
Subscriber Service Control Applications and Services
Converged
Packet Core
Access, Aggregation and Service Control
BRAS/ISG
Content And Context Filtering ServiceAnti-X Use Case
1. User logs in to web portal and
subscribes to Anti-X control service
2. Web portal passes service change request to Policy Server
3. Policy server pushes a package to the
SCE which applies a VAS package to the subscriber subjects the subscribers traffic
4. The respective URL filtering package
to the SCE, such that the user traffic is subjected to an external appliance providing the appropriate service (e.g.
Streamshield, Ironport)
4
2
1
VASAppliance
SCE
3
© 2008 Cisco Systems, Inc. All rights reserved. 56
SEFSummary
© 2008 Cisco Systems, Inc. All rights reserved. 57
Benefits of Service Control
Increased visibility:
Understand usage patterns and network performance
Usage billing, acceptable usage monitoring
Conditioning the networkReduce costs on network OPEX and CAPEX
Improve network performance and end-user experience
Protect network from outbound attacks
Profit from new and differentiated servicesRapidly roll-out new services,
Support multiple/converged access technologies
Advanced billing schemes, bandwidth on demand and QoS differentiation
Follows industry standards and trends
Cisco Service Exchange Framework —Delivers Personalized, Application-Aware Broadband Experience
© 2008 Cisco Systems, Inc. All rights reserved. 58
Possible Approach
Create a Platform for Future Service Evolution
End-to-end integrated service visibility and control
Improve Network Visibility and Performance
Service mix monitoring per application and user, improved network yield through improved visibility, behavior anomaly monitoring (for troubleshooting and security)
Enable New Services
Bandwidth-on-demand, application plus user traffic differentiation, usage-based service, and fine granularity reporting
Initially Deploy SEF Components
SCE: For application/user awareness and policy enforcement
Policy Server: For dynamic provisioning and policy mgmt.
ISG/SSG: For application awareness and policy enforcement
© 2008 Cisco Systems, Inc. All rights reserved. 59
Subscription Self-Service Examples
Parental Controls and Content FilteringSet Internet controls for children, including blocking access and imposing time limits on online use
Bandwidth On-DemandA Turbo Button to boost bandwidth for a set or undetermined period of time
Allowance-based SubscriptionChoose quota-based or time-based bandwidth for a set period of time
Pay-as-You-Go Subscription Service
Buy time or bandwidth as needed
Personalized Subscriber Management Service Examples
Optimized Operational Services Examples
Broadband LightEncourage dial users to migrate to broadband with tiered access speeds
P2P Management and Network Optimization
Apply a broad set of policies to manage all traffic
© 2008 Cisco Systems, Inc. All rights reserved. 60
Cisco IP NGN Vision and ArchitectureEnabling Unique Connected Life Experiences
Partner
Content Providers, Middleware, System Integrators
Build
CRS-1, ISG, 7600, 7200/7300
Aquire
Scientific Atlanta, Linksys, Arroyo
Resources
Comprehensive IP NGN Portfolio
IP DNA
Unmatched IP Expertise and Experience
Commitment
Over $1.4B R&D FY’05 for SPs
© 2008 Cisco Systems, Inc. All rights reserved. 61
Q and A
© 2008 Cisco Systems, Inc. All rights reserved. 62