思科移动交换CMX课件.ppt

1、1 2004 Cisco Systems,Inc.All rights reserved.Cisco Mobile Exchange2 2 2 2004 Cisco Systems,Inc.All rights reserved.SLAmonitoringSLAmonitoringSLAmonitoringAccessYours,anyonesCoreYours,anyonesServicesYours,anyonesOperatorControl point1OperatorControl point2Cisco Mobile Exchange Solution Set:Giving con

2、trol back to the operatorMS:Mobile StationSGSN:Servicing GPRS Support NodeGGSN:Gateway GPRS Support NodePDSN:Packet Data Serving NodeCMX:Cisco Mobile ExchangeMSFC:Multilayer Switch Feature CardRLB:Radius Load-balancerFWLB:Firewall Load-balancer SSG:Service Selection Gateway POP:Point of Presence CSG

3、:Content Services Gateway BMA:Billing Mediation AgentSESM:Subscriber Edge Service Manager3 3 3 2004 Cisco Systems,Inc.All rights reserved.The Cisco Mobile Exchange Scope Radio EdgeMobile Internet EdgeAggregationMSCRadius Web PortalServices SelectionMIPL2TPGREIPSecMPLSIPV4IPV6CMXSession establishment

4、IP routing&forwardingAddress allocationUser authenticationAccess selectionAccountingVPN edge functionService profileContent billing/accounting Charging gatewayLoad balancingNetwork managementVPNIntranetInternetInternetISP/ASPMVNOOpen GardenVPNWalledGardenWLAN2.5/3 GBSC/PCFCDMA 1X/DO/DVSGSNGGSNPDSNHA

5、Packet GWGGSN HA PDSN 802.11 VPN SGSNService Proxy Passthrough TunnelSSGs4 4 4 2004 Cisco Systems,Inc.All rights reserved.Framework of solutions targeted at the Subscriber Internet EdgeA collection of Cisco devices that provide consistent mobile and IP servicesDelivers cost effective and scalable so

6、lutions to meet the needs of Mobile OperatorsDemonstrates Cisco IOS/IP value add servicesLeverage Catalyst 7600 family with IP,mobile&content functionalityWhat is CMX?Cisco Mobile ExchangeNetwork Managementand OperationsPlatforms forPerformance and ReliabilityLoad Balancing and continuous availabili

7、ty.Mobile ServicesService SelectionContent MonitoringAdvanced BillingPacket Gateways(GPRS/UMTS,PDSN,HA,)5 5 5 2004 Cisco Systems,Inc.All rights reserved.Agenda SSG CSG Billing Hardware6 6 6 2004 Cisco Systems,Inc.All rights reserved.Service SelectionEnable Service SelectionSSG Service TypesService A

8、ccessSSGProxyPassthruUsernamePasswordInternet accessTunnelAccessing content partner networksCorporate accessAuto services logon(based on user configured settings)7 7 7 2004 Cisco Systems,Inc.All rights reserved.Typical Service Selection Call FlowRouterSESMAAA ServerPPPWeb RequestRedirectionUnAuth Us

9、er PageLogin ResponseLogin InfoAuthentication Get ProfileAccess control and service selectionService access based on user profileSSGClientAccess ControlPDSNAccounting-StartAccounting-Start8 8 8 2004 Cisco Systems,Inc.All rights reserved.Service Selection(SSG,SESM,AAA.)Features Include:Captive Portal

10、Open Garden(Free services)Walled Garden(Premium services)Prepaid ServicesHierarchical Policing Subscriber Self-CareAdvertisingRADIUS/Directory AuthenticationLocation brandingAuto loginWeb Services Gateway9 9 9 2004 Cisco Systems,Inc.All rights reserved.SSG Services SSG provides a way to give differe

11、nt types of subscriber access to particular IP domains.The IP Domains can be a single host,a subnetwork or multiple networks.Depending on the configuration the services can be authenticated or free access.101010 2004 Cisco Systems,Inc.All rights reserved.OPEN-GARDENOPEN-GARDEN(Free Services)(Free Se

12、rvices)Walled-GARDENWalled-GARDEN(Authenticated(Authenticated Services)Services)Services Network or Application AccessServices Network or Application AccessSubscriber ServicesSSGSSGBackboneBackboneSESM111111 2004 Cisco Systems,Inc.All rights reserved.Service Control User ExperienceTime/VolumePrepaid

13、/PostpaidAllowed&ChargedNot Allowed121212 2004 Cisco Systems,Inc.All rights reserved.SSG Service Summary Host Objects Connection Objects SubscriberINTERNETVODQUAKEHost-ObjService ObjectsNATNATL2TPPROXYRouted131313 2004 Cisco Systems,Inc.All rights reserved.SSG Service Access Types141414 2004 Cisco S

14、ystems,Inc.All rights reserved.SSG Service Access:Passthru Radius AAA is done by SSG Providers local AAA server Traffic is sent out“bound”interface based on service route definition Use next-hop table or explicit bindingsPassthrough Service TypeIntranetInternetSSGR192.168.1.0,255.255.255.0RADIUSR0.0

15、.0.0;SSG151515 2004 Cisco Systems,Inc.All rights reserved.SSG Service Definition:PassthruPassthrough Service TypeSample Passthrough Service Profilezap-com Password=“servicecisco”,Service-Type=OutboundService-Info=“I”,Service-Info=“R192.168.1.100;255.255.255.255”,Service-Info=“TP”service destination

16、route definitionService Type-passthroughRADIUS161616 2004 Cisco Systems,Inc.All rights reserved.SSG Service Definition:Passthru Passthrough Service Type(Internet)Sample Passthrough Service Profileintranet Password=“servicecisco”,Service-Type=OutboundService-Info=“IInternet”,Service-Info=“R0.0.0.0;0.

17、0.0.0”,Service-Info=R192.168.6.0;255.255.255.0;E,Service-Info=“TP”service destination route definition(special case for Internet)service type-passthroughRADIUS171717 2004 Cisco Systems,Inc.All rights reserved.SSG Service Access:Proxy-RADIUSThe SSG terminates user sessions from hosts to the SSG and m

18、akes a virtual Connection from the SSG to the service destinationThe SSG will Authenticate and Authorize the service via the remote Radius Server.The SSG does NAT if the remote RADIUS user authorization includes IP addressProxy-Radius Service TypeWeb PortalApplicationIntranetInternetExtranetRADIUSHT

19、TP TRAFFICRadius Request10.0.0.112.17.1.10Radius Reply(accept/IP)10.0.0.1192.168.1.10NATRADIUSSSG181818 2004 Cisco Systems,Inc.All rights reserved.SSG Service Definition:Proxy-RADIUSProxy-Radius Service TypeIP Address,Ports and shared-secret of Remote AAASample Proxy Service Profileproxy-service Pas

20、sword=“servicecisco”,Service-Type=OutboundService-Info=“IProxy-service”,Service-Info=“R12.17.1.10;255.255.255.255”,Service-Info=“S192.168.1.1;1812;1813;cisco”,Service-Info=“TX”service route definitionservice type-proxyRADIUS191919 2004 Cisco Systems,Inc.All rights reserved.SSG Service Access:L2TPLAC

21、 initiates L2TP tunnel to destination LNS,SSG-PPP session is establishedSSG-NAT is performed between subscribers IP address and LNS assigned IP addressTraffic is sent out the tunnel virtual-access interface based on service route definitionRadius AAA is done by SSG Providers local AAA server(RADIUS-

22、B)Tunnel(L2TP)Service TypeSSG-PPPVPDNR192.168.7.0,255.255.255.0RADIUS-ASubscriber ConnectionLACLNSRADIUS-BPool:192.168.1.xPPP SessionIOS-NAT10.0.0.1192.168.1.10SSG202020 2004 Cisco Systems,Inc.All rights reserved.SSG Service Definition:L2TPTunnel(L2TP)Service TypeSample Tunnel Service Profiletunnel1

23、 Password=“servicecisco”,Service-Type=OutboundService-Info=“IVPDN Tunnel Service”,Service-Info=“R192.168.1.0;255.255.255.0”,Service-Info=“vpdn:l2tp-tunnel-password=cisco”,Service-Info=“vpdn:ip-addresses=192.168.1.1”,Service-Info=“vpdn:tunnel-id=tunnelxyx”,Service-Info=“TT”Tunnel informationservice t

24、ype-TunnelRADIUS212121 2004 Cisco Systems,Inc.All rights reserved.SSG Host Object Building BlocksHost Object Maintains user information User IP address Created at time of user Account logon List of Services user can access222222 2004 Cisco Systems,Inc.All rights reserved.SSG-Service Object Building

25、BlocksService Object Maintains Info about SSG service Service Name Service IP Domain(s)Other Service Attributes232323 2004 Cisco Systems,Inc.All rights reserved.SSG-Connection Object Building BlocksConnection Object Accounting information Service QoS Created at time of Service logon242424 2004 Cisco

26、 Systems,Inc.All rights reserved.Service Summary Host Objects Connection Objects SubscriberINTERNETVODQUAKEHost-ObjService ObjectsNATNATL2TPPROXYPassThru252525 2004 Cisco Systems,Inc.All rights reserved.Agenda SSG CSG Billing Hardware262626 2004 Cisco Systems,Inc.All rights reserved.Mobile Data Serv

27、ices“Gateway”Network/Content Usage Collection&EnforcementVideoVoiceContentWalled GardenCompany AIP VPNInternetContent provider/aggregator BContent provider/aggregator ABy piping all traffic through the“Gateway”for prepaid,the operator can enable consistent,real-time prepaid enforcement and control.M

28、ediation/Billing System Business/rating rules Content provider pricingSSG&CSGPDSNWLAN272727 2004 Cisco Systems,Inc.All rights reserved.CSG provides the following features and functionality:Postpaid Billing,BMA Load SharingHTTP 1.0 Content BillingHTTP 1.1 Content BillingPostpaid FTP BillingNon-HTTP T

29、rafficPrepaid Content Billing and AccountingObtaining User IDsLearning Client IP Addresses via Inspection of X-Forwarded-For HeadersFiltering AccountingRADIUS Proxy SupportHTTP Records Reporting FlexibilityHTTP Error Code ReportingStateful RedundancyIntermediate Billing RecordsPacket CountsFragment

30、SupportMMS ExcludeWAP Connectionless and Connection Orientated282828 2004 Cisco Systems,Inc.All rights reserved.Learning who the subscriber isRadius Accounting flowData flowAccounting messages are“paid attention to”ONLY Other RADIUS messages are passed through to the RADIUS SERVERRadius Accounting f

31、lowData flowAAARADIUS Accounting ProxyRADIUS Accounting Endpoint AAARADIUS Accounting sent from the AAA(or other RADIUS Proxy)to the CSGRADIUS ACCOUNTING START 292929 2004 Cisco Systems,Inc.All rights reserved.Intelligence in the Data PathCSGAAARadius flowData flowsService 1:User self-careBalance in

32、quiries,Account replenishment,Advice of ChargeMMS Bearer TrafficService 2Third Party hosted multimediaService 3:NewsStock quotes,Sports scores,WeatherService 4:DownloadsRing tones,screen savers,etcExample ServicesFree BearerBill per TimeFrom Quota 1Bill per ClickFrom Quota 2Bill per VolumeFrom Quota

33、 3Real Time InteractionAuthorisation;ProfilingVia Active MiddlewareTo Business Operations303030 2004 Cisco Systems,Inc.All rights reserved.Agenda SSG CSG Billing Hardware313131 2004 Cisco Systems,Inc.All rights reserved.CMX BillingSSG Postpaid BillingAccounting START/Accounting STOP are sent to the

34、AAA The RADIUS Accounting Records contain per service volume and time accounting,that can be used by billing systems to bill the userSSG Prepaid BillingBased on the SSG prepaid featuresCheck a subscribers available credit to determine whether to connect the subscriber to a service and how long the c

35、onnection can lastSSG interacts with the AAA server and the prepaid billing to determine the quota values and usageWhen the quota runs out,SSG performs reauthorization 323232 2004 Cisco Systems,Inc.All rights reserved.CMX Billing(Cont.)CSG Content Postpaid BillingCSG logs user traffic and generates

36、URL-based content CDRsThe content CDRs are then sent to a Charging Gateway(or billing mediation device)over GTPCSG Content Hot Billing Checks for available funds when a user want to access a particular content(a content is identified by a particular URL,it is also called per page billing)Within this

37、 URL the user will be available to download some file to do per event billingThe CSG can account for the pages(URL)and for the events The billing server may terminate the user session when the user credit reaches zero333333 2004 Cisco Systems,Inc.All rights reserved.Services BillingBillingMediationS

38、SGOpen GardenInternetBrowsingPer packet Per downloadPer messagePer UrlFreeCharge based onValueBrandControl343434 2004 Cisco Systems,Inc.All rights reserved.Billing systemRADIUSaccounting serverServicesBilling and Pre-Paid Services Subscriber or service connection-based Support for prepaid and postpa

39、id models Flexible billing allows providers to charge for any service in any manner353535 2004 Cisco Systems,Inc.All rights reserved.CSG BillingCSGRadius Accounting flowData flowusername DatabaseBilling and Mediation PartnersQuotaServerMediationAgentRequest quota per serviceReport used quotaQuota Re

40、questSrc IPDest IPURLusernameTOSAccountingRecordsXML(optional)363636 2004 Cisco Systems,Inc.All rights reserved.Call Flows(User Sign-On)PDSNAAACSGService 1Service 2Service 3QSBMAAcct-Start User Logs InAcct-Startreplicated Acct-Start is received by CSGUsrProfileReq CSG Requests the Users ProfileUsrPr

41、ofileRsp QS(Quota Server)Sends the Users Profile containing his Billing Plan373737 2004 Cisco Systems,Inc.All rights reserved.First Service Access(Service 2)PDSNAAACSGService 1Service 2:Local MultimediaService 3QSBMAGET(http:/ is the first access to Service 2 by the user CSG needs to obtain quota fi

42、rstSvcAuthReq CSG Sends SvcAuthReq(UserName,Service 2)to QSSvcAuthRsp QS takes a part of the users credit(say,1),converts it to equivalent number of“bytes”(say,1Meg)and sends SvcAuthResp(UserName,service2,1Meg)to CSG.GET(http:/ forwards the original request to the content server,meters traffic on th

43、is connection,and keeps deducting from the 1Meg quota.CSG sends billing records(CDRs)to the BMA,either periodically or at the end of the transactionCDR383838 2004 Cisco Systems,Inc.All rights reserved.Continued Access to Service 2PDSNAAACSGService 1Service 2:Local MultimediaService 3QSBMAGET(http:/

44、still has more Service 2 quota for the user,say 0.7Meg.User sends new request,for another transaction under Service 2.CSG will keep using this quota for any further accesses to service2.CSG forwards the request,and the user accesses this service as long as there is sufficient quota When CSG reaches

45、a low threshold for the users quota for a service,it re-authorizes the user for that serviceSvcReAuth393939 2004 Cisco Systems,Inc.All rights reserved.Access to Service 3PDSNAAACSGService 1Service 2:Local MultimediaService 3Stock QuotesQSBMAGET(http:/ user requests a stock quote,which matches Servic

46、e 3.CSG has not authorized the user for Service 3 yet.SvcAuthReq CSG Sends SvcAuthReq(UserName,Service 3)to QS.Service 3 is billed per download,so the quota server deducts money(say,another 1)from the users account which will allow 10 downloads.SvcAuthRsp QS sends SvcAuthResp(UserName,service2,10)to

47、 CSG,which allows the user 10 downloads in service 3 CSG forwards the request to the content server,and the user gets the quote.CSG now has sufficient quota for another 9 stock quotes.404040 2004 Cisco Systems,Inc.All rights reserved.Self-care(Free Service)GGSNAAACSGService 1:SelfCareService 2:Local

48、 MultimediaService 3:Stock QuotesQSBMAGET(http:/ user tries to go to the selfcare website to edit his profile,or add money to his prepaid credit.SvcAuthReq CSG Sends SvcAuthReq(UserName,Service 1)to QS.Service 1 is free,so the quota server allows CSG a large number of downloads without deducting mon

49、ey from the users account.SvcAuthRsp QS sends SvcAuthResp(UserName,service2,0 xffffffff)to CSG,which allows the user 0 xffffffff downloads in service 1 CSG forwards the request to the content server.CSG still has virtually infinite number of downloads from this service without asking for more quota.

50、414141 2004 Cisco Systems,Inc.All rights reserved.Customer Features,Advantages&BenefitsPostpaid/Prepaid BillingEnables differentiated billing for individual pieces of ContentAdds User Identity informationWatches Radius Accounting Starts/Stops/ON/OFFProvision for customer-supplied XML feed from a dat