思科移动交换CMX.ppt

cisco mobile exchange,access yours, anyones,core yours, anyones,services yours, anyones,operator control point 1,operator control point 2,cisco mobile exchange solution set : giving control back to the operator,ms : mobile station sgsn: servicing gprs support node ggsn: gateway gprs support node pdsn: packet data serving node cmx : cisco mobile exchange msfc: multilayer switch feature card rlb: radius load-balancer fwlb: firewall load-balancer ssg: service selection gateway pop: point of presence csg: content services gateway bma: billing mediation agent sesm: subscriber edge service manager,the cisco mobile exchange scope,radio edge,mobile internet edge,aggregation,msc,radius web portal,services selection,mip l2tp gre ipsec mpls ipv4 ipv6,cmx,l2/l3 features session establishment ip routing & forwarding address allocation user authentication access selection accounting vpn edge function,l4+ features service profile content billing/accounting charging gateway load balancing network management,wlan,2.5/3 g,bsc/pcf,cdma 1x/do/dv,sgsn,ggsn,pdsn,ha,packet gw,ggsn,ha,pdsn,802.11,vpn,sgsn,service proxy passthrough tunnel,ssgs,framework of solutions targeted at the subscriber internet edge a collection of cisco devices that provide consistent mobile and ip services delivers cost effective and scalable solutions to meet the needs of mobile operators demonstrates cisco ios/ip value add services leverage catalyst 7600 family with ip, mobile & content functionality,what is cmx?,packet gateways (gprs/umts, pdsn, ha,),agenda,ssg csg billing hardware,service selection,enable service selection,ssg service types,service access,ssg,proxy,passthru,internet access,tunnel,accessing content partner networks,corporate access,auto services logon (based on user configured settings),typical service selection call flow,router,sesm,aaa server,authentication get profile,access control and service selection,service access based on user profile,ssg,client,access control,pdsn,service selection ( ssg, sesm, aaa. ),features include: captive portal open garden (free services) walled garden (premium services) prepaid services hierarchical policing subscriber self-care advertising radius/directory authentication location branding auto login web services gateway,ssg services,ssg provides a way to give different types of subscriber access to particular ip domains. the ip domains can be a single host, a subnetwork or multiple networks. depending on the configuration the services can be authenticated or free access.,open-garden (free services),walled-garden (authenticated services),services network or application access,subscriber services,backbone,sesm,service control user experience,ssg service summary,host objects connection objects,subscriber,internet,vod,quake,host-obj,service objects,nat,nat,l2tp,proxy,routed,ssg service access types,ssg service access : passthru,radius aaa is done by ssg providers local aaa server traffic is sent out “bound” interface based on service route definition use next-hop table or explicit bindings,passthrough service type,intranet,internet,ssg,r,,r;,00 ,ssg service definition : passthru,passthrough service type,sample passthrough service profile zap-com password = “servicecisco”, service-type = outbound service-info = “i”, service-info = “r00;55”, service-info = “tp”,service destination route definition,service type - passthrough,radius,ssg service definition : passthru,passthrough service type ( internet ),sample passthrough service profile intranet password = “servicecisco”, service-type = outbound service-info = “iinternet”, service-info = “r;”, service-info = “r;;e“, service-info = “tp”,service destination route definition ( special case for internet ),service type - passthrough,radius,ssg service access : proxy-radius,the ssg terminates user sessions from hosts to the ssg and makes a virtual connection from the ssg to the service destination the ssg will authenticate and authorize the service via the remote radius server. the ssg does nat if the remote radius user authorization includes ip address,proxy-radius service type,web portal application,intranet,internet,extranet,http traffic,radius request,,0,radius reply(accept/ip),,0,nat,ssg service definition : proxy-radius,proxy-radius service type,ip address, ports and shared-secret of remote aaa,sample proxy service profile proxy-service password = “servicecisco”, service-type = outbound service-info = “iproxy-service”, service-info = “r0;55”, service-info = “s;1812;1813;cisco”, service-info = “tx”,service route definition,service type - proxy,radius,ssg service access : l2tp,lac initiates l2tp tunnel to destination lns, ssg-ppp session is established ssg-nat is performed between subscribers ip address and lns assigned ip address traffic is sent out the tunnel virtual-access interface based on service route definition radius aaa is done by ssg providers local aaa server(radius-b),tunnel (l2tp) service type,ssg-ppp vpdn r,,subscriber connection,lac,lns,radius-b,pool: 192.168.1.x,ppp session,ios-nat,,0,ssg service definition : l2tp,tunnel (l2tp) service type,sample tunnel service profile tunnel1 password = “servicecisco”, service-type = outbound service-info = “ivpdn tunnel service”, service-info = “r;”, service-info = “vpdn:l2tp-tunnel-password=cisco”, service-info = “vpdn:ip-addresses=”, service-info = “vpdn:tunnel-id=tunnelxyx”, service-info = “tt”,tunnel information,service type - tunnel,radius,ssg host object building blocks,host object maintains user information user ip address created at time of user account logon list of services user can access,ssg - service object building blocks,service object maintains info about ssg service service name service ip domain(s) other service attributes,ssg - connection object building blocks,connection object accounting information service qos created at time of service logon,service summary,host objects connection objects,subscriber,internet,vod,quake,host-obj,service objects,nat,nat,l2tp,proxy,passthru,agenda,ssg csg billing hardware,mobile data services “gateway” network/content usage collection & enforcement,video,voice,content,walled garden,personalized portal!,company a ip vpn,aaa server,internet,content provider /aggregator b,content provider /aggregator a,by piping all traffic through the “gateway” for prepaid, the operator can enable consistent, real-time prepaid enforcement and control.,mediation/ billing system,business/ rating rules content provider pricing,ldap directory,ssg & csg,pdsn,wlan,csg provides the following features and functionality:,postpaid billing, bma load sharing http 1.0 content billing http 1.1 content billing postpaid ftp billing non-http traffic prepaid content billing and accounting obtaining user ids learning client ip addresses via inspection of x-forwarded-for headers filtering accounting radius proxy support http records reporting flexibility http error code reporting stateful redundancy intermediate billing records packet counts fragment support mms exclude wap connectionless and connection orientated,learning who the subscriber is,radius accounting flow,data flow,accounting messages are “paid attention to” only other radius messages are passed through to the radius server,radius accounting flow,data flow,aaa,radius accounting proxy,radius accounting endpoint,aaa,radius accounting sent from the aaa (or other radius proxy) to the csg radius accounting start,intelligence in the data path,csg,aaa,radius flow,data flows,service 1: user self-care balance inquiries, account replenishment, advice of charge mms bearer traffic,service 2 third party hosted multimedia,service 3: news stock quotes, sports scores, weather,service 4: downloads ring tones, screen savers, etc,example services,free bearer,bill per time from quota 1,bill per click from quota 2,bill per volume from quota 3,real time interaction authorisation ; profiling,via active middleware to business operations,agenda,ssg csg billing hardware,cmx billing,ssg postpaid billing accounting start/accounting stop are sent to the aaa the radius accounting records contain per service volume and time accounting, that can be used by billing systems to bill the user ssg prepaid billing based on the ssg prepaid features check a subscribers available credit to determine whether to connect the subscriber to a service and how long the connection can last ssg interacts with the aaa server and the prepaid billing to determine the quota values and usage when the quota runs out, ssg performs reauthorization,cmx billing (cont.),csg content postpaid billing csg logs user traffic and generates url-based content cdrs the content cdrs are then sent to a charging gateway (or billing mediation device) over gtp csg content hot billing checks for available funds when a user want to access a particular content (a content is identified by a particular url, it is also called per page billing) within this url the user will be available to download some file to do per event billing the csg can account for the pages (url) and for the events the billing server may terminate the user session when the user credit reaches zero,services billing,billing mediation,ssg,open garden,internet browsing,per packet,per download,per message,per url,free,charge based on value brand control,billing system,radius accounting server,services,billing and pre-paid services,subscriber or service connection-based support for prepaid and postpaid models flexible billing allows providers to charge for any service in any manner,ssg,csg billing,csg,radius accounting flow,data flow,username database,billing and mediation partners,xml (optional),call flows (user sign-on),pdsn,aaa,csg,service 1,service 2,service 3,qs,bma,first service access (service 2),pdsn,aaa,csg,service 1,service 2: local multimedia,service 3,qs,bma,continued access to service 2,get(/s2/worldcup/ronaldo.mpg),csg still has more service 2 quota for the user, say 0.7meg. user sends new request, for another transaction under service 2.,csg will keep using this quota for any further accesses to service2. csg forwards the request, and the user accesses this service as long as there is sufficient quota,when csg reaches a low threshold for the users quota for a service, it re-authorizes the user for that service,svcreauth,access to service 3,self-care (free service),ggsn,aaa,csg,service 1: selfcare,service 2: local multimedia,service 3: stock quotes,qs,bma,customer features, advantages & benefits postpaid/prepaid billing,enables differentiated billing for individual pieces of content adds user identity information watches radius accounting starts/stops/on/off provision for customer-supplied xml feed from a database or cib reports individual transactions (content billing) flow info: bytes uploaded/downloaded, start time, stop time, tos url, http, tcp, ip, ftp/tftp, wap, rtsp exclude retransmitted bytes for tcp gtp feed for billing mediation systems,data reported (for http),reported using gtp v0 acknowledgements retransmits backup receiver loadsharing,http header record: correlator source & destination ip addresses source & destination port numbers username (max 64 bytes) url (max 512 bytes) content of host field in http header (max 64 bytes) content of user-agent field in http header (max 64 bytes) content of “from” field in http header (max 256 bytes) customer string (max 16 bytes),http statistics record: correlator source & destination ip addresses source & destination port numbers type of service (tos) from first packet or each get/post protocol http error code (if an http application-level error was detected) flags: connection initiator (server or client) connection terminator (server or client) tcp termination (fin, rst, timeout) ip bytes transferred in each direction ip packets transferred in each direction tcp bytes transferred in each direction connection start time and duration service id and session id quota used,http data is reported in two records: http header record is reported at the beginning of the get request, http statistics are reported at the end of the flow.,for http 1.1 persistent connections, a pair of accounting records is generated for each get. when placed after a proxy (e.g., content engine or wap gateway), csg can be configured to use the ip address from the x-forwarded-for http header to resolve the username.,data reported (for connection oriented wap),csg_wap_stats record: wsp pdu type (connect, get, post, push/confirmed push, disconnect) correlator wtp info (normal, aborted or incomplete) abort reason code wtp transaction class wsp content type (e.g. 0x3e for application/vnd.wap.mms-message) wsp response code browser string bytes uploaded bytes downloaded retransmitted bytes uploaded retransmitted bytes downloaded source ip address destination ip address source port destination port tos protocol username (max 64 bytes) url (max 512 bytes) customer string (max 16 bytes) service id and session id quota used connection start time and duration,the csg_wap_stats record is generated at the conclusion of each connection-oriented wap transaction byte counts in the wap stats tlv reflect the total bytes for the transaction that begins with the reported wsp pdu type. for example, a get begins a transaction that successfully concludes with an ack to the final reply. the byte counts tally all ip bytes for these wap packets and for acks belonging to this transaction. multiple wap transactions happen over a single udp session. when the udp session ends due to a disconnect or an inactivity timeout, the csg generates a summary udp statistics record detailing byte counts for the entire udp session.,the statistics/info included depends on the wsp pdu type.,data reported (for generic tcp and udp),tcp record: source & destination ip addresses source & destination port numbers type of service (tos) from first packet protocol flags: connection initiator (server or client) connection terminator (server or client) tcp termination (fin, rst, timeout) ip bytes transferred in each direction ip packets transferred in each direction tcp bytes transferred in each direction connection start time and duration service id and session id quota used username,udp record: source ip address destination ip address source port destination port type of service (tos) from first packet protocol flags: connection initiator ip bytes transferred in each direction ip packets transferred in each direction flow start time and duration service id and session id quota used username,tcp flows (without http or ftp content processing) or udp flows will result in the following data records:,delivering csg billing records,csg billing records are reported to billing mediation agent (bma) using gtp v0 udp transport, but reliability built in via: acknowledgements retransmits backup receiver multiple billing records can be reported in each gtp message support load sharing to multiple bmas highest efficiency with the required reliability,350 packets,content-based billing,cisco,mediation partner, /banners/banners, /index.htm, /music/rap/rap2.mp3,600 packets,1 mp3 file and 2000 packets,350 packets of general browsing = included in basic access 600 packets for