ios advantage - creating zero-touch carrier ethernet services

7/27/2019 IOS Advantage - Creating Zero-Touch Carrier Ethernet Services

1/65


2/65

2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2

SpeakersAmrit Hanspal

Product Manager

[email protected]

Jose Liste

Technical Marketing Engineer

[email protected]

PanelistsSamer Salam

Principal Engineer

[email protected]

S. Akshaya Kumar

Technical Marketing Engineer

[email protected]
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]


3/65


Submit questions in Q&A panel and send to AllPanelistsAvoid CHAT window for better access to panelists

ForWebex audio, select COMMUNICATE > JoinAudio Broadcast

ForWebex call back, click ALLOW Phone button at

the bottom of Participants side panel

Where can I get the presentation?

https://communities.cisco.com/docs/DOC-26449

Or send email to: [email protected]

Please fill in Survey at end of event

Join us on November 2 for our next IOS AdvantageWebinar: The Evolution of IP Mobility Solutions
https://communities.cisco.com/docs/DOC-26449mailto:[email protected]:[email protected]://communities.cisco.com/docs/DOC-26449https://communities.cisco.com/docs/DOC-26449https://communities.cisco.com/docs/DOC-26449


4/65


At the end of the session, you will be able to: Understand the evolution of DESA and where it would be

positioned in a SP network

Understand the motivation to evolve from Carrier Ethernetto zero-touch Dynamic Ethernet

Understand key use cases & call flows

Understand key configurations for enabling zero-touch

Carrier Ethernet Services


5/65


What is DESA? Where does it fit?

Converging paths

Evolution of Session based offerings

Evolution of Carrier Ethernet Services

Technical Building Blocks

Call Flows

Sample Configurations

Summary


6/65


What is DESA?


7/65 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7

Ethernet infrastructure with programmatic interface

Intelligent Service Management engine

Power of dynamic subscriber management from ISG to automate provisioning ofEthernet Services

Automated, customized Ethernet service provisioning infrastructure that savesOPEX

Competitive advantage Industry first, Cisco only capability

Available on Cisco 7600 today

Ethernet Virtual

Circuit (EVC)

Framework

Intelligent Services

Gateway (ISG)DESA



Carrier Ethernet (Access) Ethernet Services with Pseudowire (or VPLS) and DESA accounting/provisioning

SP Edge Services Layer 2/3 based offering providingrouting overlay or shared services. Targets Corporate

Broadband Session (PPP/IP) based subscriberoffering, driven by AAA/ISG policy. Targets Residential

Corporate

Residential

Cable/DSL/PON

Aggregation Network

IP/MPLSIP/MPLS

Core NetworkCMTS,DSLAM

Last Mile Ethernet

BNG/MSE

Bo ttom Line: There is a stron g co rrelat ion between

Carrier Ethernet, SP Edge & Broadband



Network Access

Session

Identity/ Policy

Serial, ATM

PPPoA (andother PPPoXoA)

AAA

BRAS

Ethernet

PPPoE

AAA/ISG

BNG forResidential

Wireline

Ethernet

IP

AAA/ISG

IP BNG forPublic Wifi

DESA can be viewed as a Broadb and and /or Carr ier Ethernet Techno log y

Ethernet/EoMPLS

EVC

AAA/ISG

Ethernet Sessionfor CorporateSubscribers



IP, PPP(PPPoE, PPPoA),Tunnel Termination,

Interfaces, Ports, MobileWireless, Ethernet, WLAN

Identification,Authentication,

Authorization, SingleSign On

Per-Session Features,Forwarding/Routing,

Accounting, Firewalls,QoS

Access

Services Identity

ISG



PSTN

Dial

ATM SwitchDSLAM

DSL

Wireless

AccessDistributionEthernet

Fiber NodeCable

MobileRAN

Common Generic Session Type

Created at first sign of subscriber activity

Common context on which session-services/policies areactivated

InherentPart of the Network Operating System

FSOL/Initiator - Layer 2 or Layer 3; Unclassified, DHCP, Radius

Dial DSL Cable Ethernet 802.11 Future

Access

IdentityServices

Different Access Media and

Protocols



ISG builds a composite Multi-dimensional Identifierfor every Session

IdentityAccess

IdentityServices

User 1

User 2

MPLS / IP

Aggregation

Internet

MPLS / IP

Core

Data Plane

Control Plane

Policy Plane

Session

Multidimensional Identity

Portal, AAA, Billing

Corporate

VPN



A Service is a group of 1 or more features A Feature is just any feature supported by IOS

Commonly used features with ISG include:

Services

Access

IdentityServices

Accounting

Session, Service,Flow

Billing Postpaid,Prepaid, Tariff

Switching, Timebased, Volume

based

Timeouts Idle,Session Keepalives

Routing/Forwarding VRF Transfer Traffic ClassSecurity - Per-

Session Filter, Per-user ACL

Control Policy Service Profile QoSPacket FlowOptimization


14/65


15/65


ServiceAbstraction

FlexibleMapping

Mu lt ip le xin g S tan dar ds

Key Benefits: Provides Local VLAN

significance to scale Ethernet

remove limitation of 4094

VLANs per device

Provides Service Providersthe ability to model Ethernet

Services including EVC/UNI

attributesVLAN

Service

Instances

Bridge

Domains

UNI

Attributes to

map multiple

C-VLAN to

Service

Instance

VLAN

VLAN Bridge

EVC Bridge

Physical

Ethernet

Interfaces Traffic Flows


16/65


ServiceAbstraction

FlexibleMapping

Mu lt ip le xin g St an dar ds

Key Benefits:

Provides a mechanism to

offer Ethernet services (retail

and wholesale) as well as

Ethernet transport for L3

services

Provides a create richer

services with advanced

VLAN tag manipulation

(Push, Pull, Translate,

Rewrite)

Service Instances

Q-in-Q, Double tags

.1Q, Single Tag

Untagged Ethernet

VLAN

Operations

Push, Pull,

Translate,

Rewrite

Physical Ethernet

interface (GE/10GE)


17/65


ServiceAbstraction

FlexibleMapping

Multiplexing Standards

Key Benefits: Provides the ability to

build richer service

offering with concurrent

support of Layer 2

services e.g. Point-to-

Point, Multi-point

Provides the flexibility to

offer a combination of

Layer 2 and Layer 3

services on same

physical port e.g.

Service Instance to IP

VPN,Layer 2 Multipointbridged

Layer 2 Point-to-Point

Local Hair-pin

Split Horizon

Service

Instances

Routed

Interfaces

Physical

Interfaces

SVI

PW

PW

Layer 3 Service IP

VPN

Legend

BD = Bridge Domain

VFI = Virtual Fwd Instance

PW = Pseudowire

SVI = Switch Virtual Instance

BD

Mapping Service

Instance to PW e.g.EoMPLS

VFI


18/65


ServiceAbstraction

FlexibleMapping

Multiplexing Standards

Standards Organization Standard Description

Institute of Electrical &

Electronics Engineers (IEEE)

IEEE 802.1q Virtual LANs

IEEE 802.1adQ-in-Q/Provider Bridging - Outer S-VLAN (service),

Inner C-VLAN (customer)

IEEE 802.1ahProvider Backbone Bridges (PBB) with Service

Instances

Metro Ethernet Forum (MEF)

MEF 4 Metro Ethernet Network Architecture Framework

MEF 6 Metro Ethernet Services Definitions

MEF 10 Ethernet Services Attributes

MEF 11 User Network Interface (UNI)

Internet Engineering Task

Force (IETF)

rfc4447 Virtual Private Wire Services (VPWS)

rfc4762/4761 Virtual Private Line Services (VPLS)


19/65


Residential

Corporate

Wireless

Cell Phones

Cable/CMTS

DSL/DSLAM

Fiber / OLT

Ethernet

Agg Switch

Mobility

Agg Switch

Agg Switch Agg Switch

MPLS/IP

network

Subscriber Access Aggregation Network Edge

OAM Subsystem

MPLS/IPnetwork

MPLS/IP

Edge

Services

Broadband

Network

Gateway

Core Network

DESAApplicability

AAA, DHCP, DNS Policy, Inventory, Billing EMS, NMS Service/Performance Mgmt


20/65


Dynamic L3Services over

Ethernet

Dynamic L2

ServicesEnable EVC FlexibleEthernetencapsulations tosupport existing ISGIP sessions

Service is Layer 3,Ethernet is the

Transport

Enable ISG policyplane to control EVC

Ethernet Flow Pointaccess and transportpolicies

Ethernet is the Service


21/65


1. Customer orders L2service at portal

CPE is shipped to customer

Customer plugs in CPE

2. First L2-traffic triggersRADIUS request toactivate services

3. L2 Service profile applied(ACLs, QOS,Pseudowire, etc.)

4. Activates billing and

inventory functions5. Customer changes

profile dynamically on-demand

Self-care

Dynamic

Service

Profile

L2-Session

L2-Session

DESA

DynamicPseudowire

RADIUS

Accounting

CPE

12 5

5

4

2

3 5

3


22/65


Webinar participant company type (Check one):

Enterprise

Wireline Service Provider

Mobile Operator

Ethernet Service Provider

Other (e.g., system integrator)

What are the key business applications/drivers for using Ethernet services? (Check all that apply)

Data Center Interconnect

Branch WAN connectivity

Mobile Backhaul

Internet access /L3VPN traffic backhaul (CE-PE)

Other

Which existing services do you already offer today? (Check all that apply)

Layer 3 MPLS/IP VPNs

Layer 2 offerings

Residential Broadband wireline

Public Wireless LAN offerings

Other (Please specify)


23/65


24/65


ISG Infrastructure

Automates service provisioning

EVC Infrastructure

Provides flexible, next-generation Ethernet infrastructure

L2VPN Infrastructure

Provides transport over MPLS network

Ethernet OAM Infrastructure

Provides service monitoring capabilities


25/65


Technical BuildingBlocks

Intelligent Services Gateway(ISG)


26/65


PolicyServer

Cisco Intelligent Services Gateway

(ISG) is a licensed feature set onCisco IOS that provides SessionManagement and PolicyManagement services to a variety ofaccess networks

SubscriberIdentity

Management

PolicyManagement

andEnforcement

DHCPServer

AAAServer

ISG

WebPortal

OpenNorthbound

Interfaces

Subscriber Policy Layer

So focal, that the entire device is often referred as an:Intelligent Services Gateway routeror simply The ISG

ISG

Subscriber Identification

Subscriber Authentication

Subscriber ServicesDetermination and Enforcement

Dynamic Service update


27/65


Based on Subscriber Access Protocol Sessions Supported:

Dynamically Created Sessions:

PPP sessionsIP sessions

IP Subnet sessions

Ethernet sessions

Statically Created Sessions:

Interface sessions (IP-based)

Ethernet sessions

Session

Initiation

Authentication Termination

ServiceActivation

NEW with

DESA

ISG Session


28/65


Dynamic Ethernet Sessions

Triggered by arrival ofFirst Sign OfLife (FSOL) traffic on an interface

Associated with dynamic Service

Instances (not saved in nvram)

All features downloaded fromRADIUS profiles at session-start

Selected features1 downloaded anytime through RADIUS CoA

Support MEF Type III UNI

Static Ethernet Sessions

Administratively configuredSessions

Associated with manual/regular

Service Instances (CLI-created)

Selected features1 downloadedfrom RADIUS profiles at session-start

Selected features1 downloaded anytime through RADIUS CoA

Support MEF Type I & II UNI

ISG Session

(1) Quality of Service, Access Control List, Accounting, Iddle-Timeout


29/65


Walled GardenOpen Garden

GuestPortal

DHCPServer



GuestPortal

DHCPServer

AAAServer


Dynamic Policy PUSH

(e.g. Turbo Button)

PolicyServer

Application/Service Layer event

WebPortal

Dynamic Policy PULL

(e.g. Automatic Service-ProfileDownload on Session

Establishment)

WebPortal

PolicyServer

Network

LayerEvent

AAAServer

Subscriber Subscriber

Administrator

RADIUSAcc-req

RADIUSAcc-accept RADIUS

CoA or SGIRequest


30/65



Internet/Core

GuestPortal

AAAServer

PolicyServer

WebPortal

DHCPServer


VideoAudioServers

RADIUS Interface, for subscriber AAA functionalities andservice download

RADIUS Extensions (RFC 3576) and XML based (SGI*)Open Interfaces, for dynamic, administrator or subscriberdriven, session and service management functions

PolicyPULL

PolicyPUSH

(*) SGI: Services Gateway Interface


31/65


Technical BuildingBlocks

EVC Framework


32/65


Cisco Ethernet Virtual Circuit (EVC) is the next-generation cross-platform Carrier Ethernet SoftwareInfrastructure

Addresses Flexible Ethernet Edge requirements

Flexible Service Mapping

Advanced Frame Manipulation

Multiplexed Forwarding Services

Supports service convergence over Ethernet Complies with MEF, IEEE, IETF standards


33/65


Provide classification of L2flows on Ethernet interfaces

Are also referred to as EVCservice-instances

Support dot1q and Q-in-Q

Support VLAN lists

Support VLAN ranges

Support VLAN Lists andRanges combined

Coexist with routedsubinterfaces

Ethernet Flow PointsEFPs on Interface

100

101

102

MatchVLAN range:

100-102

200

203

210

Match

VLAN list:200, 203, 210

300,100Match

VLAN: 300,100

400,1

400,2

400,3

Match

outer VLAN 400,

inner VLANrange: 1-3

400,11

400,17

400,34

Match

outer 400,

inner VLAN list:

11,17,34

14Match

VLAN: 14

Physical Ethernetinterface (GE/10GE)


34/65


3125SADA2010SADA

31SADA2010SADA

3125SADA10SADA

2025SADA20SADA

3125SADASADA

25SADA10SADA

SADA2010SADA

20SADA2010SADA

PUSH operations

POP operations

TRANSLATION operations

VLAN Tag Manipulation


35/65


Multiplexed ServiceInterface

Mix of L2 and L3services on same port

Different types ofL2 services

Point-to-Point

Multipoint

Service

Instances

BD

BD VFI

BD

PW

PW

PW

SVI/BDI

BD = Bridge Domain VFI = Virtual Fwd Instance

PW = Pseudowire SVI = Switch Virtual Instance

BDI = Bridge Domain Interface


36/65

Cisco Confidential 2010 Cisco and/or its affiliates. All rights reserved. 36

Cisco EVC introduces the following new concepts:

Ethernet Virtual Circuit (EVC)

Device local object (container) for network-wide service parameters

Ethernet Service Instance

Transport-agnostic abstraction of an Ethernet service on an interface

Also referred as Ethernet Flow Point (EFP)

Bridge Domain (BD)

Ethernet Broadcast Domain local to a device

Bridge Domain Interface (BDI)

Logical Layer 3 interface associated with a BD to perform integrated routing andbridging

NEW with DESA

Dynamic EFPs Dynamic Ethernet sessions

Static EFP Static Ethernet sessions

NEW with DESA

Dynamic BDs

NEW with DESA

Dynamic EVCs


37/65


VPLS

EoMPLS PW

EoMPLS PW

EoMPLS PW

L3

X

P2P VPWS

P2Plocal

connect

Multipoint bridging

Bridging

Bridging

Routing

DESA enables ISG policy plane to control EVCEthernet Flow Point access and transport policies

FSOLUnclassified

vlan traffic;

e.g.:

PPPoE

discovery

DHCP opt

82/60

ARP broadcast

FSOL = First Sign Of Life

FSOLLDP VC Label adv.


38/65


Call Flows


39/65


Mult iserv ice

Core Network

Aggregation Node

MPLS

Access Node Distribution Node

Large Scale

Aggregation NetworkIntel l igent

Services EdgeEff ic ient

Access Network

Ethernet NNIEthernet UNI MPLS / IP

DESA

MPLS / IPDSL, PON, Ethernet

BNG / MSE

ISG

FSOL: unclassified VLAN

Dynamic bridge-domain(s) w/

split-horizon

Data (HSI): Static SVI with

xconnect to Distribution node

Multicast Video: Static SVI with

IP Address & IGMP snooping

Dynamic service instance with

rewrite, QoS, ACL on UNI-AGG

FSOL: PPPoE,

DHCP, Unclassified

MAC

Static sub-interface

(dot1q or Q-in-Q) with

ISG session or PPPoE

Potential Accounting Points

Session level accounting (per subscriber)


40/65


Mult iserv ice

Core Network

Aggregation Node

MPLS


Large Scale



Access Network

Ethernet NNI

BNG / MSE

Ethernet UNI MPLS / IP

DESA DESA

DESA


FSOL: Unclassified VLAN

Dynamic EoMPLS PW (xconnect

under Dynamic service

instance) w/ Distribution node

IP addr & VC-ID determined via

RADIUS

Dynamic service instance withrewrite, QoS, CFM, ACL on UNI-

AGG

FSOL: LDP VC Label

Advertisement

Dynamic service instance

with rewrite, QoS, CFM, ACL

on NNI-DIST

Dynamic EoMPLS PW

(xconnect under Dynamic

service instance) w/

Aggregation node IP addr

& VC-ID determined via

RADIUS

FSOL: Unclassified

VLAN

Potential points for Accounting

Session-based accounting (per service)

Retailer X

Retailer Y

Dynamic service

instance with rewrite,

CFM, QoS, ACL on NNI-

BNG/MSE

E-LINE


under Dynamic service instance)

w/ peer IP addr & VC-ID determinedvia RADIUS

Dynamic bridge domain (under

dynamic service instance) w/ static

SVI configured with xconnect to a

static l2vfi (with or w/o BGP auto-discovery)

E-LAN


41/65


Mult iserv ice

Core Network

Aggregation Node

MPLS


Large Scale



Access Network

Ethernet NNIEthernet UNI MPLS / IP

DESA DESA


BNG / MSE

ISG / DESA

Retailer X

Retailer Y

FSOL: unclassified VLAN


under Dynamic service

instance) w/ Distribution node

IP addr & VC-ID determined via

RADIUS

Dynamic service instance with

rewrite, QoS, CFM, ACL on UNI-

AGG

FSOL: LDP VC Label

Advertisement


with rewrite, QoS, CFM, ACL

on NNI-DIST

Dynamic EoMPLS PW

(xconnect under Dynamicservice instance) w/

Aggregation node IP addr

& VC-ID determined via

RADIUS

Potential Accounting Points

Session level accounting (per subscriber)

Potential points for Accounting

Session-based accounting (per service)

FSOL: PPPoE,

DHCP, Unclassified

MAC

Static sub-interface

(dot1q or Q-in-Q) with ISG

IP or PPPoE session

FSOL: Unclassified

VLAN


with dynamic BD & static

SVI configured with IP

VRF


42/65


RADIUS Profilesand Detailed Call Flows

Dynamic BD / Dynamic L2VPNVPWS


43/65


Bridged ServicesUser (EFP) Profile

EFP attributes (e.g. description,

encapsulation, rewrite, evc name, QoS

policy, L2/L3/L4 ACLs, MAC security, CFM

MEP/MIP)

Bridge Domain profile name

EVC profile name (opt.)

CFM Maintenance Association profile

name (opt.)

Bridge Domain Profile

BD attributes (e.g. BD ID, MAC limit, BD

type (c-mac))

802.1ah I-Tag profile name (opt.)

EVC Profile

EVC attributes (e.g. UNI count, OAM

Interworking parameters)

CFM MA Profile

CFM Maintenance Association attributes

(e.g. ShortMA name, direction, CCMparameters)

802.1ah I-Tag Profile

I-Tag attributes (e.g. ISID value)

802.1ahMAC-Tunnel profile name

MAC-Tunnel Profile

MAC-Tunnel attributes (e.g. ID, description,

B-tag VID, B-mac)


44/65


MPLS L2VPN Services

User (EFP) Profile

EFP attributes (e.g. description,

encapsulation, rewrite, evc name, QoS

policy, L2/L3/L4 ACLs, MAC security, CFM

MEP/MIP)

L2VPN VPWS profile name

EVC profile name (opt.)

CFM Maintenance Association profilename (opt.)

L2VPN VPWS Profile

L2 VPN VPWS atttributes (e.g. PW

redundancy parameters)

VPWSPeer IP profilename

VPWS Peer IP profile name (BackupPW) (opt.)

EVC Profile

EVC attributes (e.g. UNI count, OAM

Interworking parameters)

CFM MA Profile

CFM Maintenance Association attributes

(e.g. ShortMA name, direction, CCM

parameters)

L2VPN Peer-IP Profile

PW attributes (e.g. Remote Peer IP

address, VC ID, primary / backup (priority),

encapsulation, PW class)


45/65


RADIUS Profilesand Detailed Call Flows

Ethernet Accounting


46/65


Accounting supported for the following:

Dynamic and Static Ethernet sessions at session-start time

Dynamic and Static Ethernet sessions via RADIUS CoA

Per-session accounting support at FCS

Accounting attribute can be added to User profile

Cisco-AVPair = subscriber:accounting-list=


47/65


Ethernet Accounting Dynamic Service Instance

Simplified call flow

DESA

Access-Request:username (authorization keys)

Access-Accept:User Profile definitionIncluding Accounting VSA

FSOL:unclassified VLAN

Session-start

event posted

Service-startevent posted

Accounting-Request:Acct-Status-Type = start

Accounting-Response

Accounting-Request:Acct-Status-Type = interim-update

Accounting-Response

Interim-update

Interim-update

Interim-update

Accounting-Request:Acct-Status-Type = stop

Accounting-Response

Session-Idletimeout event

posted


48/65


Ethernet Accounting via CoAon Static Service Instance


DESA

Static EFPManual ethernet session

configured

Session-start

event posted

2


CoA Request Service Activateservice:

Access-Request:service:

Access-Accept: definitionIncluding Accounting VSA


Accounting-Response

CoAACK

Service Activate


Accounting-Response

Portal Request

for Accounting


49/65


Does your company have plans to implement any of the following? (Check all

that apply):

Low-touch / Dynamic Layer 2 (Ethernet) services to Enterprise, Mobile Backhaul orRetail SP customers

Dynamic Layer 2 (Ethernet) transport for Layer 3 services

Elastic Ethernet services with on-demand customer changes through Portal

Self-managed Ethernet services with accounting / performance data through Portal

No plans for Dynamic Ethernet

What do you expect your companys timeframe for deploying Dynamic Ethernetare? (Check one):

Next 6 months

Next 12-24 months

More than 24 months

No plans


50/65


What do you think would be the most relevant First Sign of Life (FSOL) types

for Ethernet Sessions in your network? (Check all that apply)

Unclassified VLAN

Unclassified MAC

IEEE 802.1X

DHCP Discovery

PPPoE PADI/R

Other

Would you expect to perform Customer Equipment (CE) Authentication forDynamic Ethernet sessions? (Check One):

Yes, using IEEE 802.1X

Yes, using PPP Challenge

Yes, using DHCP-based

No, I do not expect to use authentication


51/65


End to End Scenarios

Sample Configurations


52/65


Single-Sided Dynamic L2VPN VPWS


DESA DESA

Access-Request:username (authorization keys)

Access-Accept:User Profile definition (basic EFP config)Service Profile(s) (e.g. BD, 802.1ah, L2VPN VPWS, CFM)



Session-start

event postedARP for 10.1.1.2 on Vlan X

Access-Request(s):service:

Access-Accept(s): definition(s)

FSOL: LDP VC labeladvertisement

Session-start

event posted



Access-Request:Peer IP Service Profile

Access-Accept:

Peer IP Profile definitionService Profile(s)


PW establishment phase

ARP Reply

ARP Request

Pseudowire


53/65


Single-Sided Dynamic L2VPN VPWS (cont.)

PE1 L2VPN VPWSl2 subscriber authorization group atom_test1

service-policy type control atom_rule1

peer network 101.101.101.101 255.255.0.0 1 4294967295

L2 ContextRouterB#show running-config interface gig2/4

interface GigabitEthernet2/4

service instance dynamic 90 ethernet

description L2 context for single-tag FSOL

encapsulation dot1q 1000-2000

ethernet subscriber

initiator unclassified vlan

service-policy type control DYNAMIC_EVC *

Dynamic Service InstanceRouterB#show derived-config interface gig2/4


(snip)

service instance 102 ethernet

description Dynamic customer 1

encapsulation dot1q 1000

rewrite ingress tag pop 1 symmetric

xconnect 101.101.101.101 111111 encapsulation mpls

PE2 L2VPN VPWSl2 subscriber authorization group atom_test1

service-policy type control atom_rule1

peer network 102.102.102.102 255.255.0.0 1 4294967295

L2 ContextRouterA#show running-config interface gig2/3


service instance dynamic 90 ethernet

description L2 context for single-tag FSOL


ethernet subscriber



Dynamic Service InstanceRouterA#show derived-config interface gig2/3


(snip)





xconnect 102.102.102.102 111111 encapsulation mpls

DESA DESAGig2/3 Gig2/4

Loopback0 101.101.101.101 Loopback0 102.102.102.102

(*) See next slide for its definition


54/65


RouterA#sh run | beg DYNAMIC_EVC

policy-map type control DYNAMIC_EVC

class type control always event session-start

10 authorize identifier hostname plus nas-portplus stag-vlan-id

!

!

RouterB#sh run | beg DYNAMIC_EVC

policy-map type control DYNAMIC_EVC

class type control always event session-start

10 authorize identifier hostname plus nas-port plus

stag-vlan-id

!

!


55/65


Single-Sided Dynamic L2VPN VPWS (cont.)

PE1 PE2

User Profile (Username: RouterA:nas-port:2/0/3/0:1000)

Cisco-AVPair = subscriber:sss-service=vpws

Cisco-AVPair = l2vpn:redundancy-group=1

Cisco-AVPair = l2vpn:service-id=pe1_vpws_pw_customer1

Cisco-AVPair = ethernet-service-instance:service-instance-description=Dynamic

customer 1

Cisco-AVPair = ethernet-service-instance:stag-vlan-id=1000

Cisco-AVPair = ethernet-service-instance:rewrite-ingress=1Cisco-AVPair = ethernet-service-instance:rewrite-ingress-tag-operation=Pop1

Cisco-AVPair = ethernet-service-instance:rewrite-ingress-symmetric=TRUE

User Profile (Username: RouterB:nas-port:2/0/4/0:1000)



Cisco-AVPair = l2vpn:service-id=pe2_vpws_pw_customer1

Cisco-AVPair = ethernet-service-instance:service-instance-description=Dynamic

customer 1

Cisco-AVPair = ethernet-service-instance:stag-vlan-id=1000

Cisco-AVPair = ethernet-service-instance:rewrite-ingress=1

Cisco-AVPair = ethernet-service-instance:rewrite-ingress-tag-operation=Pop1

Cisco-AVPair = ethernet-service-instance:rewrite-ingress-symmetric=TRUE

RADIUS Profile

Peer IP Profile (Username: peer-ip:102.102.102.102:vc-id:111111)

Cisco-AVPair = l2vpn:vcid=111111

Cisco-AVPair= l2vpn:service-id=pe1_vpws_pw_customer1



Cisco-AVPair = l2vpn:pw-encapsulation=mpls

Cisco-AVPair = l2vpn:peer-ip-address=102.102.102.102

RADIUS Profile

Peer IP Profile (Username: peer-ip:101.101.101.101:vc-id:111111)

Cisco-AVPair = l2vpn:vcid=111111

Cisco-AVPair= l2vpn:service-id=pe2_vpws_pw_customer1



Cisco-AVPair = l2vpn:pw-encapsulation=mpls

Cisco-AVPair = l2vpn:peer-ip-address=101.101.101.101

L2VPN Profile (Username: pe1_vpws_pw_customer1)

Cisco-AVPair = l2vpn:member=ethernet-service-instance:Gi2/3 -stag-type:0x8100 -

stag-vlan-id:1000

Cisco-AVPair = l2vpn:member=pseudowire:peer-ip:102.102.102.102:vc-id:111111

L2VPN Profile (Username: pe2_vpws_pw_customer1)

Cisco-AVPair = l2vpn:member=ethernet-service-instance:Gi2/4 -stag-type:0x8100 -

stag-vlan-id:1000

Cisco-AVPair = l2vpn:member=pseudowire:peer-ip:101.101.101.101:vc-id:111111

DESA DESAGig2/3 Gig2/4

Loopback0 101.101.101.101 Loopback0 102.102.102.102


56/65


Dynamic Bridge-Domain / Static VPLS

DESA


Session-start

event posted

ARP for 10.1.1.2 on VID 1006 Access-Request:username (authorization keys)

Access-Accept:

User Profile definition (basic EFP config)Bridge-Domain (BD) Service ProfileAccess-Request(s):

service:



VFI

Static VFIStatic SVI

2

Static VFIStatic SVI

2

ARP ReplyARP Request

Non-DESA

device


57/65


Static SVI / VPLSl2 vfi vfi-2001 manual

vpn id 2001

neighbor 102.102.102.102 encapsulation mpls no-split-horizon

interface Vlan2001

xconnect vfi vfi-2001

L2 ContextRouterA#show interface gig2/3interface GigabitEthernet2/3

service instance dynamic 90 ethernetdescription L2 context for single-tag FSOL


ethernet subscriber



Dynamic Service InstanceRouterA#show derived-config interface gig2/3interface GigabitEthernet2/3





bridge-domain 2001

RADIUS Profile

User Profile (Username: RouterA:nas-port:2/0/3/0:1006)Cisco-AVPair = subscriber:sss-service=bridge

Cisco-AVPair = bridge-domain:bridge-domain-id=2001Cisco-AVPair = ethernet-service-instance:service-instance-description=Dynamic customer 3Cisco-AVPair = ethernet-service-instance:stag-vlan-id=1006Cisco-AVPair = ethernet-service-instance:rewrite-ingress=1Cisco-AVPair = ethernet-service-instance:rewrite-ingress-tag-operation=Pop1Cisco-AVPair = ethernet-service-instance:rewrie-ingress-symmetric=TRUE

Dynamic Bridge-Domain / Static VPLS

(*) See slide 65 for its definition


58/65


Ethernet Accounting Static Service Instance


DESA


Access-Accept(s): definition(s)Including Accounting VSA


Accounting-Response



Accounting-Response

Interim-update

Interim-update

Interim-update

Accounting-Request:Acct-Status-Type = stop

Accounting-Response

Manual EFPStatic ethernet session

configured

Session-start

event posted

2


59/65


CE1PE 1

7600

AAAserver

E-LINE service

interface gig2/3service instance 3 ethernetencapsulation dot1q 40ethernet subscriber staticservice-policy type control DEMO1bridge-domain 40!

CE2PE 2

7600

DESA DESAEVC

Static

Ethernet session

Configuration Example


60/65


policy-map type control DEMO1class type control always event session-start1 service-policy type service name ACCT-SERVICE!!policy-map type service ACCT-SERVICEclass type traffic DUMMYTCaccounting aaa list default!!class-map type traffic match-any DUMMYTC!

Configuration Example (Cont.)


61/65


DESA Summary


62/65


Self-Service

Creates new service opportunities

Improves customer satisfaction

Lowers Opex

Dynamic PW creation

Simplifies configuration


Improves operations

Zero-Touch Provisioning

Improves scale

Reduces IT investment

Improves SLA response times

Granular Ethernet accounting

Improves customer satisfaction


Lowers OPEX -- improves operations


63/65


64/65


DESA Configuration Guide

http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-1s/Dynamic_Ethernet_Service_Activation.html

Command References

http://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-

book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/isg/command/isg-cr-book.html

Contacts

Amrit Hanspal (PM) / Jose Liste (TME)

[email protected]
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-1s/Dynamic_Ethernet_Service_Activation.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-1s/Dynamic_Ethernet_Service_Activation.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/isg/command/isg-cr-book.htmlmailto:[email protected]:[email protected]://www.cisco.com/en/US/docs/ios-xml/ios/isg/command/isg-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/isg/command/isg-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/isg/command/isg-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/isg/command/isg-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/isg/command/isg-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/isg/command/isg-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/isg/command/isg-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/command/ce-cr-book.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-1s/Dynamic_Ethernet_Service_Activation.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-1s/Dynamic_Ethernet_Service_Activation.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-1s/Dynamic_Ethernet_Service_Activation.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-1s/Dynamic_Ethernet_Service_Activation.htmlhttp://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/15-1s/Dynamic_Ethernet_Service_Activation.html


65/65

ios advantage - creating zero-touch carrier ethernet services

Documents