Product Bulletin No. 393294
Last Updated: October 2008
This Product Bulletin introduces Cisco IOS® Software Release 12.2SR and includes the following sections:
1) Cisco IOS Software Release 12.2SR Introduction
2) Release 12.2(33)SRD Highlights
3) Release 12.2(33)SRC Highlights
4) Release 12.2(33)SRB Highlights
5) Release 12.2SR Additional Information
1) Cisco IOS Software Release 12.2SR Introduction
Cisco IOS Software Release 12.2S is designed for Service Provider edge and Enterprise campus networks that require world-class IP and Multiprotocol Label Switching (MPLS) services.
Release 12.2SR is the premier Cisco IOS Software for delivering industry-leading Carrier Ethernet, Broadband Aggregation and Subscriber Services, and MPLS Provider Edge functionality for next generation Service Provider edge, Enterprise MAN/WAN, and Federal networks that run the Cisco 7600 Series Routers, Cisco 7200 Series Routers, and the Cisco 7301 Router. Releases 12.2(33)SRD, 12.2(33)SRC, and 12.2(33)SRB are available from Cisco.com.
Release 12.2(33)SRD, the latest customer release of Release 12.2SR, delivers over 75 new Cisco IOS Software features and powerful new hardware support for the Cisco 7600 Series Routers. Release 12.2(33)SRD also provides support for the Cisco 7200 Series Routers, the Cisco 7201 Router, and the Cisco 7301 Router.
Release 12.2(33)SRC, the third release of 12.2SR supports the Cisco 7200 Series Routers, the Cisco 7201 Router, the Cisco 7301, and the Cisco 7600 Series Routers. Release 12.2(33)SRB, the second release of Release 12.2SR, is specific to the Cisco 7600 Series Routers.
Not all features may be supported on all platforms. Use Cisco Feature Navigator to find information about platform support and Cisco IOS Software image support. Access Cisco Feature Navigator at http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. You must have an account on Cisco.com.
2) Release 12.2(33)SRD Feature Highlights
The following sections include Release 12.2(33)SRD hardware and software feature highlights.
Like all 12.2SR releases, Release 12.2(33)SRD integrates Cisco IOS Software innovations that span multiple technology areas, including Carrier Ethernet Flexible Infrastructure, Manageability, and Quality of Service. It also features further improvements in the areas of Resiliency, Subscriber Aware Ethernet, Mobility, and Layer 2 functionality.
The 12.2(33)SRD Release also includes support for the Cisco 7600 Ethernet Services Plus (ES+) Series line cards that will be released in Q1CY2009. The 7600-ES+ series of line cards enables 40G per slot performance for video, voice, data, and mobility services.
Table 1. Release 12.2(33)SRD Highlights
2.1) Hardware
2.2) Carrier Ethernet Flexible Infrastructure
2.3) Carrier Ethernet Manageability
2.4) Carrier Ethernet Quality of Service
Cisco 7600 Series - Ethernet Services Plus 40G Line Cards*
SPA-8X1FE-TX-V2 & SPA-4X1FE-TX-V2 Support on Cisco 7600-SIP-400
Cisco 7200 Series Routers, Cisco 7201 Router, and Cisco 7301 Router Support
Service Instance (EVC) on Portchannel for Cisco 7600 40G Ethernet Services Plus Line Cards
Broadcast Storm Control on Switchports and Ports with Service Instances (EVCs)
DHCP Snooping on Service Instance (EVC)
Uni-Directional Link Detection on Service Instance (EVC)
Dual Rate Three Color ingress policer on Service Instances
IP SLAs Metro-Ethernet 2.0 (EVC)
Bandwidth Remaining Ratio Support
L2 Access Control List on Service Instance (EVC)
2.5) Resiliency
2.6) Subscriber Aware Ethernet
2.7) Mobile
2.8) L2 Enhancements
MST on Service Instance (EVC) Bridge Domain
NSF/SSO - E-LMI support
NSF/SSO - 802.3ah OAM support
NSF/SSO - CFM Support
Asymmetric Carrier Delay
SAE: DHCP - Relay Option 82 encapsulation
SAE: Authentication - DHCP Option 60 Support and VPN-ID Support
SAE: RSVP support for IP Sessions
IMA Core Facing Support
Port Mode Cell Relay Support
ISG Support on SAMI Blade
L2VPN Routed Mode Interworking: Ethernet/VLAN to ATM/FR/PPP on Cisco 7600
L2TPv3 - Layer-2 Tunneling Protocol Version 3 on Cisco Ethernet Services Plus Line Cards
Bridging using RFC1483 Routed Encapsulation (BRE) on 7600-SIP-400
Mini Protocol Analyzer using SPAN
* Ethernet Services Plus 40G Line cards will be available in Q1 CY2009
2.1) Hardware
2.1.1) Cisco 7600 Series Ethernet Services Plus 40G Line Cards
The Cisco® 7600 Series Ethernet Services Plus 40 Gbps (ES+40) Line Cards utilize an extensible design that enables service prioritization for voice, video, data, and wireless mobility services. Service Provider and Enterprise customers benefit from the improved economics, density, advanced Carrier Ethernet features, and the high performance of the ES+40 fixed-configuration line cards. With the same architecture and features, the Cisco 7600 Series Ethernet Services Plus 20 Gbps (ES+20) Line Cards are designed for networks with lower interface density requirements. In the following sections, the ES+40 and ES+20 Line Cards will be referred to as the ES+ series.
The ES+ series programmable interface processors protect network investments and reduce total cost of ownership. The design maximizes connectivity options and offers superior service intelligence through programmable interface processors operating at line rate. The family of Cisco 7600 ES+ series Line Cards is shown in Figure 1.
Figure 1. Cisco 7600 ES+ Series Line Cards: 4-port 10GE and 40-port GE; 2-port 10GE and 20-port GE
Benefits
• Higher density, greater scalability
– Offers up to 40G density per slot
– 256K queues (128K ingress and 128K egress)
– Available with DFC3C or DFC3CXL
• Line rate with services enabled
– Provides line rate forwarding performance on GE and 10GE interfaces with services enabled.
• Cisco Service Instance (EVC) Support
– ES+ supports Cisco Service Instance (EVC) to enable flexible UNI
• 10GE and GE port options
– Offers 4x10GE, 40xGE, 2x10GE, and 20xGE options
• DWDM and CWDM optics supports
– ES+ line cards support DWDM and CWDM optics that should reduce operational costs
2.1.2) SPA-8X1FE-TX-V2 & SPA-4X1FE-TX-V2 Support on Cisco 7600-SIP-400
The Cisco 4- and 8- port Fast Ethernet SPAs version 2 are now available on Cisco 7600-SIP-400, offering the benefits of network scalability with lower initial costs and easy upgrades. The Cisco SPA/SIP portfolio continues the company's focus on investment protection along with consistent feature support, broad interface availability, and the latest technology. The Cisco SPA/SIP portfolio allows deployment of different interfaces (packet over SONET/SDH [POS], ATM, Ethernet, etc.) on the same interface processor.
Fast Ethernet interfaces are commonly used to interconnect routers or other devices within a central office or data center or in a metropolitan-area network (MAN). With Cisco Fast Ethernet SPAs, users can mix and match SPA ports with other types of interfaces in the same slot. Each SPA provides standards-based Fast Ethernet implementation for compatibility and interoperability. The 8-port SPA is shown below in Figure 2.
The Cisco Fast Ethernet SPAs can be used in any combination of the following applications:
• Residential triple-play services
• Metro Ethernet services
• Converged residential and business services
• Internet peering
• Inter- and intra-point of presence (POP) aggregation
Figure 2. Cisco 8-Port 10BASE-T/100BASE-TX Fast Ethernet SPA
Benefits
• Member of the Cisco SIP/SPA portfolio
– Allows mixing and matching with other compatible port adaptors
– Provides improved slot economics when increasing density to reduce capital expenditures (CapEx)
• Expands interface breath on the 7600-SIP-400
– Adds Fast Ethernet interface to the 7600-SIP-400
2.1.3) Cisco 7200 Series Routers, Cisco 7201 Router, and Cisco 7301 Router Support
Cisco IOS Software Release 12.2(33)SRD includes support for the Cisco 7200 Series Routers and Cisco 7301 Router. Release 12.2(33)SRD also includes support for the Cisco 7201 Router, the latest generation of the Cisco 7200 Series Family.
Within the Cisco IOS Software Release 12.2S family, the migration path for new features on the Cisco 7200 Series Routers and Cisco 7301 Router is from Release 12.2SB to Release 12.2SR. Release 12.2(31)SB2 is the last Release 12.2SB release to include support for the Cisco 7200 Series Routers and Cisco 7301 Router.
Cisco 7200 Series Routers
The industry's most widely deployed universal services aggregation router for enterprise and service provider edge applications, the Cisco 7200 Series offers (See Figure 3):
• Exceptional price/performance - The NPE-G2 Network Processing Engine aggregates services at up to 2 Mpps
• A wide range of connectivity options and numerous features including serviceability and manageability
• Increased VPN performance with VPN Services Adapter
• Increased scalability and flexibility with the Port Adapter Jacket Card
Figure 3. Cisco 7200 Series Routers
Cisco 7201 Router
The Cisco 7201 Router is the latest generation of the Cisco 7200 Series Family. It is a compact, high performance Single Rack Unit (RU) router that uses the latest Cisco 7200VXR Network Processing Engine NPE-G2 coupled with a comprehensive range of interface options. (See Figure 4.)
Figure 4. Cisco 7201 Router
The Cisco 7201 Router addresses the demand for the same performance enhancements, and Cisco IOS Software features of the latest Cisco 7200VXR NPE-G2 but in a smaller form-factor and with low power consumption. The Cisco 7201 provides four built-in Gigabit Ethernet ports and one Port Adapter (PA) slot which make it ideal for various Service Providers and Enterprise applications. It also offers redundant and field-replaceable AC and DC power supplies
With its combination of scalable performance, compact architecture, high density, and low price per port, the Cisco 7301 is ideally suited for a variety of key applications within both the Service Provider and Enterprise markets.
Cisco 7301 Router
The Cisco 7300 Series is optimized for flexible, feature rich IP/MPLS services at the customer network edge, where service providers and enterprises link together. (See Figure 5.) With 3 built-in Gigabit Ethernet interfaces (copper or optical) and a single slot for any Cisco 7000 Series port adapter, the Cisco 7301 is highly flexible for a variety of applications. Additionally for broadband aggregation, the Cisco 7301 supports up to 16,000 subscribers sessions making it ideal for pay-as-you-grow broadband deployment models.
2.2.1) Service Instance (EVC) on Portchannel for Cisco 7600 40G Ethernet Services Plus Line Cards
802.3ad or port-channel has become a requirement for many Cisco 7600 customers. The predominant application for this feature is the aggregation of U-PE nodes or access nodes that don't have 10Gbps interfaces but require more than 1Gbps as an uplink. This translates to support on the Cisco 7600 for UNI facing link bundles/ether channels.
This particular feature allows for the bundling of EVC service instances into an 802.3ad bundle on the Ethernet Services Plus line cards.
Benefits
There are primarily two main reasons for implementing 802.3ad bundles:
1. increased bandwidth between nodes
2. increases redundancy by having link(s) protected by other member link(s) in the bundle
2.2.2) Broadcast Storm Control on Switchports and Ports with Service Instances (EVCs)
A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. The traffic storm control feature prevents LAN ports from being disrupted by a broadcast, multicast traffic storm on physical interfaces. Traffic storm control (also called traffic suppression) monitors incoming traffic levels over a 1-second traffic storm control interval and, during the interval, compares the traffic level with the traffic storm control level that you configure. The traffic storm control level is a percentage of the total available bandwidth of the port. Each port has a single traffic storm control level that is used for all types of traffic (broadcast, multicast).
Traffic storm control monitors the level of each traffic type for which you enable traffic storm control in 1-second traffic storm control intervals. Within an interval, when the ingress traffic for which traffic storm control is enabled reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the traffic storm control interval ends.
The following are examples of traffic storm control behavior:
• If you enable broadcast traffic storm control, and broadcast traffic exceeds the level within a 1-second traffic storm control interval, traffic storm control drops all broadcast traffic until the end of the traffic storm control interval.
• If you enable broadcast and multicast traffic storm control, and the combined broadcast and multicast traffic exceeds the level within a 1-second traffic storm control interval, traffic storm control drops all broadcast and multicast traffic until the end of the traffic storm control interval.
• If you enable broadcast and multicast traffic storm control, and broadcast traffic exceeds the level within a 1-second traffic storm control interval, traffic storm control drops all broadcast and multicast traffic until the end of the traffic storm control interval.
If you enable broadcast and multicast traffic storm control, and multicast traffic exceeds the level within a 1-second traffic storm control interval, traffic storm control drops all broadcast and multicast traffic until the end of the traffic storm control interval.
Benefits
This feature adds support for broadcast storm control on switch-ports and on ports with Service Instances on Ethernet Services and Ethernet Services Plus Line Cards.
DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs the following activities:
• Validates DHCP messages received from untrusted sources and filters out invalid messages.
• Rate-limits DHCP traffic from trusted and untrusted sources.
• Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.
• Utilizes the DHCP snooping binding database to validate subsequent requests from untrusted hosts.
Other security features, such as dynamic ARP inspection (DAI) and IP Source Guard, also use information stored in the DHCP snooping binding database. DHCP snooping is enabled on a per-VLAN basis. By default, the feature is inactive on all VLANs. You can enable the feature on a single VLAN or a range of VLANs.
The DHCP snooping feature is implemented in software on the Route processor. Therefore, all DHCP messages for enabled VLANs are intercepted in the PFC and directed to the Route processor for processing.
Benefits
This feature addresses the support of DHCP snooping with service instances.
2.2.4) Uni-Directional Link Detection on Service Instances (EVCs)
UDLD is a Layer 2 protocol that works with Layer 1 mechanisms to determine the physical status of a link. At Layer 1, auto-negotiation takes care of physical signaling and fault detection. UDLD performs tasks that auto-negotiation cannot perform, such as detecting the identities of neighbors and shutting down misconnected ports. When you enable both auto-negotiation and UDLD, Layer 1 and 2 detections work together to prevent physical and logical unidirectional connections and the malfunctioning of other protocols.
Benefits
This feature extends the benefits of UDLD to a port that has a service instance configured underneath it.
IP Source Guard is a security feature that restricts IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database or manually configured IP source bindings. This feature helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host. Any IP traffic coming into the interface with a source IP address other than that assigned (via DHCP or static configuration) will be filtered out on the untrusted Layer 2 ports.
The IP Source Guard feature is enabled in combination with the DHCP snooping feature on untrusted Layer 2 interfaces. It builds and maintains an IP source binding table that is learned by DHCP snooping or manually configured (static IP source bindings). An entry in the IP source binding table contains the IP address and the associated MAC and VLAN numbers.
Benefits
This feature extends the IP Source Guard benefits to a service instance on Ethernet Services Plus Line Cards.
Currently, the default ether type is 0x8100 on a Cisco 7600 for the Q-in-Q outer tag. However, a few non-Cisco vendors use 0x9100 or 0x9200 ether type for the Q-in-Q outer tag. For Cisco 7600 router to operate seamlessly with other vendors it is required to provide a mechanism to change the default ethertype.
Moreover, there is a need to support ethertype 0x88A8 to support provider bridge defined by IEEE 802.1ad. Custom ethertype feature is proposed as a solution for this problem that enable change of ethertype as per requirements. Under the custom ethertype model, ethertype 0x9100, 0x9200 and 0x88A8 can be configured using "dot1q tunneling" CLI under a physical port.
Benefits
This provides for a seamless interoperability with other vendors and solutions when using default ethertype.
2.2.7) MAC address security for Service Instances (EVC)
The Cisco 7600 supports the Port Security feature on a per-port basis. With the advent of the Service Instance (EVC) infrastructure, it is now possible to provide the same type of functionality on a per-service instance basis. Since multiple customers and multiple services can be supported on a single port, it becomes useful to provide this functional to the granularity of the service instance. For instance, when a violation requires a shutdown, just the customer assigned to a given service instance is affected rather than all customers using the port.
MAC security operation is enabled on a service instance by configuring the "mac security" configuration command.
Benefits
The MAC Security functionality can be roughly divided into the following categories:
1. Configuration
• Enabling/Disabling MAC Security on service instance
• MAC Address whitelist configuration on service instance
• Sticky configuration
• Aging
• MAC Address limiting on service instance
• MAC Address limiting on BD
• Violation response configuration on service instance
The Private Hosts feature provides Layer 2 (L2) isolation between the hosts in a VLAN. You can use Private Hosts as an alternative to the Private VLAN isolated-trunks feature, which is currently not available on the Cisco 7600 router.
Service Providers (SPs) worldwide face increasing demand to provide their customers with triple-play services (voice, video, and data) over a single physical interface (copper or fiber). Typically, triple-play services are delivered over three different VLANs for each user, even though the VLAN for video traffic is often shared by multiple end users.
The key benefits of the Private Hosts feature are the ability to:
• Isolate traffic among hosts (subscribers) that share the same VLAN ID
• Reuse VLAN IDs across different subscribers, which improves VLAN scalability by making better use of the 4096 VLANs allowed
• Prevent MAC spoofing to prevent denial of service (DOS) attacks
The Private Hosts feature uses port-based Protocol-Independent MAC ACLs (PACLs) to provide Layer 2 isolation between hosts on trusted ports within a purely Layer 2 domain. The PACLs isolate the hosts by imposing Layer 2 forwarding constraints on the router ports.
Benefits
This feature addresses adding SVI's into the Private Host configuration, thus eliminating the need for an external router.
In the ITU-T specification Y.1731 a superset of fault management options have been defined that extend some of the Service Management functions outlined in the IEEE's Connectivity Fault Management (CFM) 802.1ag standard. Two of these are the Alarm Indication Signal (AIS) and the Remote Defect Indication (RDI)*. The added benefits of these two options are expanded upon below.
Alarm Indication Signal (ETH-AIS)
Ethernet Alarm Indication Signal function (ETH-AIS) is used to suppress alarms following detection of defect conditions at the server (sub) layer. Due to independent restoration capabilities provided within the Spanning Tree Protocol (STP) environments, ETH-AIS are not expected to be applied in the STP environments. In our case AIS is configurable and it's up to administrator to enable and disable AIS in STP environment or not.
Transmission of frames with ETH-AIS information can be enabled or disabled on a MEP (or on a Server MEP).
Frames with ETH-AIS information can be issued at the client Maintenance Level by a MEP, including a Server MEP upon detecting defect conditions. For example, the defect conditions may include:
• Signal fail conditions in the case that ETH-CC is enabled
• AIS condition or LCK condition in the case that ETH-CC is disabled.
For multipoint ETH connectivity, a MEP cannot determine the specific server (sub) layer entity that has encountered defect conditions upon receiving a frame with ETH-AIS information. More importantly, it cannot determine the associated subset of its peer MEPs for which it should suppress alarms since the received ETH-AIS information does not contain that information. Therefore, upon reception of a frame with ETH-AIS information, the MEP will suppress alarms for all peer MEPs whether there is still connectivity or not.
For a point-to-point ETH connection, however, a MEP has only a single peer MEP. Therefore, there is no ambiguity regarding the peer MEP for which it should suppress alarms when it receives the ETH-AIS information.
Only a MEP, including a Server MEP, is configured to issue frames with ETH-AIS information. Upon detecting a defect condition the MEP can immediately start transmitting periodic frames with ETH-AIS information at a configured client Maintenance Level. In Cisco IOS we send at MIP level configured at the interface. A MEP continues to transmit periodic frames with ETH-AIS information in the opposite direction of the defect until the defect condition is removed. AIS will automatically clear the defect condition of no AIS frames are received for a period of 3.5 times the AIS transmit interval.
Benefits
• AIS provides an mechanism for asynchronous notification of a failure in the network.
• AIS suppresses multiple redundant alarms from being transmitted to the NMS for a particular fault
Remote Defect Indication (ETH-RDI)
Ethernet Remote Defect Indication (ETH-RDI) can be used by a MEP to communicate to its peer MEPs that a defect condition has been encountered. ETH-RDI is used only when ETH-CC transmission is enabled as it is carried as bit in the Flags field of the ETH-CC message.
ETH-RDI has the following two applications:
• Single-ended fault management: The receiving MEP detects an RDI defect condition, which gets correlated with other defect conditions in this MEP and may become a fault cause. The absence of received ETH-RDI information in a single MEP indicates the absence of defects in the entire Maintenance.
• Contribution to far-end performance monitoring: It reflects that there was a defect condition in the far-end which is used as an input to the performance monitoring process.
A MEP that is in a defect condition transmits frames with ETH-RDI information. A MEP, upon receiving frames with ETH-RDI information, determines that its peer MEP has encountered a defect condition. However, for multipoint ETH connectivity, a MEP, upon receiving frames with ETH-RDI information, cannot determine the associated subset of its peer MEPs with which the MEP transmitting RDI information encounters defect conditions, as the transmitting MEP itself does not always have that information.
Benefits
• The Remote Defect Indication (RDI) serves to inform upstream MEPs that there has been a downstream failure and can be used as input to far-end performance monitoring.
* Remote Defect Indication is now included in the IEEE 802.1ag draft 8.1 (CFM) standard.
2.3.2) CFM Outward Facing (Down) MEP on Switchports
Existing Ethernet Connectivity Fault Management (CFM) provides for the provisioning of inward facing (UP) Maintenance End Points (MEP) on layer 2 switch ports. The CFM functionality was extended to support Outward Facing Maintenance End Points on Routed Ports for mainly monitoring the connectivity from CE to CE. With CFM being deployed in the core in bridges/switches, there comes a necessity to monitor the adjacent links with Outward Facing MEPs on switchport as well. The following figure illustrates where Outward (Down) MEPs are applied.
Figure 6. Outward MEP application
The following rules describe the behavior of an Outward (Down) MEP on switchport:
• It can send and receive CFM frames at its level via the wire connected to the port where the MEP is configured.
• It will drop all CFM frames at its level (or lower level) that come from the relay function side.
• It will drop all CFM frames at a lower level coming from the direction of the wire.
• It transparently forwards all CFM frames at a higher level, independent of whether they come in from the relay function side or the wire side. Not applicable to routed ports.
• If the port on which the MEP is configured is blocked by STP, the MEP can still transmit and receive CFM messages via the wire.
Benefits
• The Outward (Down) MEP on Switchport provides another option for CFM monitoring in Carrier Ethernet networks.
• This functionality compliments Y.1731 fault management functions.
The Service Instance (EVC) MIB has been implemented to support NMS functions for Cisco's flexible, scalable Carrier Ethernet Infrastructure. This includes the ability to retrieve information about the carrier Ethernet system. A partial list of reporting functions the Service Instance MIB can provide includes:
• Device capabilities in terms of Maximum EVC capability
• Currently configured EVCs, the nature of the EVC (point-to-point, or multipoint), and much more.
• Current EVC status (Active, Partially Active, etc.)
• Information on Flexible Service Mapping
• VLAN Matching Information
• VLAN Re-write operations in effect
• EVC forwarding information (Bridge Domain)
• Much more..
Benefits
• The Service Instance MIB allows operators to poll Service Instance information from NMS systems and provide operational status of provisioned services
The CISCO IEEE CFM MIB provides an excellent mechanism for managing the connectivity and the faults in providing EVC service. The CFM The MIB has several tables and objects that can be created, written and read by the network owners. It also provides for flexible allocation or rights. For instance, the owner may provide limited access to another provider, who can become the administrator of that table or object. The MIB interacts with the IF MIB and the scalable Carrier Ethernet Infrastructure sub-systems to provide information about connectivity and faults. A partial list of information the CISCO IEEE CFM MIB can provide includes:
• Information about the Maintenance Points configured on any given interface
• System Maintenance Point IDs,
• Maintenance Domain Levels including EVCs, MAs, MAC Address of an MP, etc.)
• VLANs associated with the Maintenance Points
• Much more.
Benefits
• The CISCO IEEE CFM (802.1ag) MIB allows operators to retrieve information about Connectivity Fault Management configuration and status in the network.
IEEE 802.3ah provides link level OAM monitoring for Service Providers utilizing native Ethernet to build out their Carrier Ethernet systems. Link Level OAM can provide early detection when a link is failing. Provide useful statistics about the general health of an interface. It can provide a means to put a link in to loopback for testing purposes. The 802.3ah MIB allows operators to retrieve information to an NMS that is available at the CLI. A partial list of the 802.3ah MIB capabilities includes:
• Providing status of the OAM enabled link (i.e. disabled, link fault, passive, active, etc.)
• Information about fault condition thresholds (i.e. Error Frames Thresholds)
• Interface Loopback status
• Much more.
Benefits
• The CISCO IEEE 802.3ah MIB allows operators to utilize an NMS to retrieve information about Link Level OAM that is available at the command line.
The Netflow MIB provides a simple and easy method to configure NetFlow, NetFlow aggregation caches, and NetFlow Data Export. You use the snmpget and snmpwalk tools to get NetFlow cache information and current NetFlow configuration information. The NetFlow MIB feature enables medium to small size enterprises to take advantage of NetFlow technology over SNMP at a reduced infrastructure cost. The MIB is created to provide Netflow information in these areas:
2.4.1) Dual Rate Three Color ingress policer on Service Instances
The Two Rate Three Color Marker (trTCM) meters an IP packet stream and marks its packets either conform, violate or exceed. This is based on the RFC 2698. Cisco IOS uses a token bucket algorithm to achieve this. The token bucket algorithm provides users with three actions for each packet: a conform action, an exceed action, and a violate action. Traffic entering the interface with traffic policing configured is placed into one of these categories.
Within these three categories, users can decide packet treatments. For instance, packets that conform can be configured to be transmitted; packets that exceed can be configured to be sent with a decreased priority; and packets that violate can be configured to be dropped.
Benefits
This feature allows the user to configure dual rates policing with 3 actions that can be specified (conform, exceed and violate) on the ingress of service instances.
With Release 12.2(33)SRD, the Cisco IOS IP Service Level Agreement (IPSLA) infrastructure has been extended to encompass the EVC infrastructure. Cisco IOS IPSLA enables customers to assure new business-critical IP applications, as well as IP services that utilize data, voice, and video, in an IP network. Cisco has augmented traditional service level monitoring and advanced the IP infrastructure to become IP application-aware by measuring both end-to-end and at the IP layer.
With Cisco IOS IP SLAs, users can verify service guarantees, increase network reliability by validating network performance, proactively identify network issues, and increase Return on Investment (ROI) by easing the deployment of new IP services. Cisco IOS IP SLAs use active monitoring to generate traffic in a continuous, reliable, and predictable manner, thus enabling the measurement of network performance and health.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Routers, Cisco 7600 Series Routers
Bandwidth Remaining Ration (BRR) is used to split bandwidth between users when the port is congested (i.e. oversubscribed). The configuration is simply "bandwidth remaining ratio <number>". Larger the number, the more bandwidth the session/sub-interface/evc the QoS policy-map is applied to will receive under congestion.
Priority rate propagation (PRP) is a knob that changes the baseline of calculation for BRR. PRP may be implicitly ON/OFF for a linecard, or may have a CLI that allows it to be explicitly turned ON/OFF. When PRP is ON, and a port is congested in egress, the bandwidth remaining on the link after all LLQ traffic has been serviced is split between users in the ratio configured.
Benefits
This feature brings the BRR support on SIP-400, Ethernet Services and Ethernet Services Plus modules on the Cisco 7600 platform.
2.4.4) L2 Access Control List on Service Instance (EVC)
Cisco's continued success in the carrier ethernet market is dependent on the availability of features that provide security, quality of service, and scalability, among other benefits. The ability to impose packet filters in a modular and scalable fashion is not only important for network security, but also for easier management of scaling networks. Therefore, the conventional methods of packet filtering are also being considered within the context of carrier ethernet technology.
Access Control Lists (ACLs) have provided the necessary packet filtering ability in routers and switches. Essentially a collection of sequential rules (ACEs), the ACL can be used to filter network traffic at a fine granularity.
Benefits
This feature addresses the requirement of making access control lists available on service instances (EVCs) on the Ethernet Services and Ethernet Services Plus line cards.
2.5.1) MST on Service Instance (EVC) Bridge Domain
Spanning-Tree Protocol (STP) is a layer 2 link management protocol that provides path redundancy while preventing undesirable loops in the network. For a layer 2 Ethernet network to function properly, only one active path can exist between any two stations. In addition, STP forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a redundant path exists, the STP algorithm recalculates the spanning tree topology and activates the standby path.
With MSTP, a MSTP instance specifies a topology. A group of VLANs can be mapped to a MSTP instance, and ports with those VLANs share the same spanning tree, i.e. the set of forwarding and blocking ports will be the same. MSTP is completely independent of bridge domain.
It is now possible to use MSTP in the Service Instance (EVC) model without any changes to the semantics of the protocol as long as one continues to use VLAN IDs for service instance to MSTP instance mapping. EVC service instances can have encapsulations with a single tag as well as double tags. There is no confusion on which VLAN IDs in the service instances with single tag encapsulation will be used for MSTP instance mapping. In case of double tag encapsulations, the outer VLAN ID shall be used for the MST instance mapping, and the inner VLAN ID is ignored.
Benefits
• MSTP over Service Instance (EVC) Bridge Domain allows for Service Providers to take advantage of Cisco's scalable Carrier Ethernet Infrastructure, while utilizing the resilient capabilities of the MST protocol.
Cisco IOS Software Release 12.2(33)SRD delivers High Availability (HA) functionality for Ethernet Local Management Interface (E-LMI) for Cisco 7600 Series Routers.
Ethernet Local Management Interface (E-LMI) Nonstop Forwarding (NSF) with Stateful Switchover (SSO) improves the availability of a network that uses E-LMI to provide Carrier Ethernet services. E-LMI NSF/SSO provides the ability to detect failures and handle them with minimal disruption to the service being provided. E-LMI NSF is achieved by Stateful Switchover (SSO) and Nonstop Forwarding (NSF) mechanisms. A standby route processor (RP) provides control-plane redundancy. The control plane state and data plane provisioning information for the E-LMI are checkpointed to the standby RP to provide NSF for E-LMI upon switchover from the primary RP.
Benefits
• NSF with SSO together for E-LMI provides the ability to detect failures and handle them with minimal disruption to the E-LMI service being provided
Cisco IOS Software Release 12.2(33)SRD delivers High Availability (HA) functionality for 802.3ah OAM for Cisco 7600 Series Routers.
802.3ah Nonstop Forwarding (NSF) with Stateful Switchover (SSO) improves the availability of a network that uses E-LMI to provide Carrier Ethernet services. 802.3ah NSF/SSO provides the ability to detect failures and handle them with minimal disruption to the service being provided. 802.3ah NSF is achieved by Stateful Switchover (SSO) and Nonstop Forwarding (NSF) mechanisms. A standby route processor (RP) provides control-plane redundancy. The control plane state and data plane provisioning information for the 802.3ah are checkpointed to the standby RP to provide NSF for E-LMI upon switchover from the primary RP.
Benefits
• NSF with SSO together for 802.3ah provides the ability to detect failures and handle them with minimal disruption to the 802.3ah service being provided
Cisco IOS Software Release 12.2(33)SRD delivers High Availability (HA) functionality for Connection Fault Management (CFM) for Cisco 7600 Series Routers.
Connection Fault Management (CFM) Nonstop Forwarding (NSF) with Stateful Switchover (SSO) improves the availability of a network that uses CFM to provide Carrier Ethernet OAM services. CFM NSF/SSO provides the ability to detect failures and handle them with minimal disruption to the service being provided. CFM NSF is achieved by Stateful Switchover (SSO) and Nonstop Forwarding (NSF) mechanisms. A standby route processor (RP) provides control-plane redundancy. The control plane state and data plane provisioning information for the CFM are checkpointed to the standby RP to provide NSF for CFM upon switchover from the primary RP.
Benefits
• NSF with SSO together for CFM provides the ability to detect failures and handle them with minimal disruption to the CFM service being provided
In redundant link deployment scenario, a link/port may be declared UP during line card boot-up even before it is ready for forwarding, which leads to loss of traffic under switchover cases. By providing a separate notification times for link UP and DOWN, it can prevent the traffic loss.
Benefits
The Asymmetric Carrier Delay enables users to set different delay timers for link UP and link Down notification. By setting a larger link UP timer, it can prevent traffic blackhole resulting from false declaration of link up. At the same time, a smaller timer for link Down notification will facilitate the fast detection of link failure.
Hardware
Routers
Cisco 7600 Series Routers
Line Cards and SPA's:
• SIP-200 with 4 or 8-port FE SPA
• SIP-400 with 4 or 8-port FE SPA, 2-port GE SPA, or 5-port GE SPA
IOS DHCP relay is enhanced to add an encapsulated option 82. IOS creates a composite value from the existing option 82 in the received DHCP message plus new information added by Radius via ISG during the initial authorization of the session. For example, the VPN-ID can added to the DHCP request before it is forwarded on the the server. The DHCP server can then use the VPN-ID to pick a specific address pool for wholesaling, or for other policy enforcement purposes.
Figure 7. DHCP Relay Option 82 handling
Benefits
Enables wholesaling in an IP session and DHCP-relay architecture with Transparent Auto Logon. The service provider can provide the scalable zero-touch provisioning of triple play services, with unique QOS, in a wholesale environment.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Routers, Cisco 7600 Series Routers with RSP720 and 7600-SIP-400
2.6.2) SAE: Authentication - DHCP Option 60 Support and VPN-ID Support
DHCP Vendor Class Identifier (Option 60) provides a new way for a service provider to differentiate between devices on a customer's premises when provisioning IP sessions. With Cisco support for Option 60 in ISG, the type of premises device can be used to authorize access and set-up the end-customer's services using Cisco Intelligent Services Gateway (ISG) functionality. For example, the ption 60 value can identify a certain type of Set Top Box. When used in conjunction with DHCP Option 82 and the VPN-ID, Cisco also supports new models for wholesaling using IP sessions.
Benefits
Improves customer exerience while improving network security for FTTH and 3-play deployments. Allows for the precise application of services, including QOS, that is tuned to the CPE in a highly-scalable way.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Routers, Cisco 7600 Series Routers with RSP720 and 7600-SIP-400
12.2SRD now provides support for RSVP on the same interface as IP sessions. RSVP can be used to deterrmine the availability of end-to-end network resources in parallel to the application of services using ISG.
Benefits
Service Providers can further improve network utilization and scalability while offering 3-play services with IP sessions.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Routers, Cisco 7600 Series Routers with RSP720 and 7600-SIP-400
IMA core facing support has become a requirement for many Cisco 7600 customers. This feature allows the use of IMA interfaces as interface facing the core. This address the market which uses ATM interfaces and would like to take advantage of bundling multiple ATM interfaces towards the core.
Benefits
There are primarily two main reasons for implementing IMA core facing:
• increased bandwidth between nodes using ATM interfaces
• increases redundancy by having link(s) protected by other member link(s) in the bundle
Hardware
Routers
• Cisco 7600 Series Routers
• Line cards: 7600-SIP-400 with SPA-24CHT1-CE-ATM, or SPA-1CHOC3-CE-ATM
Cell Relay can be done in 3 modes - VC, VP and Port. The VC mode involves transport of all cells belonging to a VC (cells with same VPI/VCI) over the MPLS tunnel in either the Single or Packed form. Similarly VP mode transports cells belonging to a VP (cells with same VPI) over the MPLS tunnel, either in Single or Packed form. The Port mode involves transport of all the cells arriving on an ATM port over the MPLS cloud, separately or packed together.
Benefits
The ability to support port mode relay on ATM ports
Intelligent Service Gateway (ISG) is a Cisco IOS feature set that provides a structured framework in which edge access devices can deliver flexible and scalable services to subscribers.
Because almost any IP device can be voice-, video-, or data-enabled, service providers are delivering many services to many screens over converged fixed and mobile networks. Today's consumers of data, voice and video (triple-play) services demand a unified, high-performance experience at home, at work and on the move. The Cisco ISG controls subscriber access at the edge of the network to enable the provisioning and management of broadband networks for a broad range of access and edge technologies, subscriber numbers and service types, effectively linking subscriber service requests with distributed policy control to help ensure a high quality of experience for the emerging "Connected Life."
ISG on the SAMI has been designed with High Scalability and Wireless Deployment Scenarios in mind. With a massively distributed control plane contained within a single c7600 chassis, immense numbers of aggregated wireless customers can be terminated with very rich feature support.
What Is ISG?
Intelligent Service Gateway functionality provides advanced subscriber awareness, resource provisioning and access control capabilities. Cisco ISG distributes service intelligence to the Internet Protocol (IP) network edge. This simplifies creation and speeds delivery of advanced IP services over Cisco IP Next-Generation Networks (IP NGNs).
ISG handles the following key aspects of subscriber management:
• Full IP Session Support
• Subscriber identification
• Service and policy determination
• Session policy enforcement
• Session life-cycle management
• Accounting for access and service usage
• Session state monitoring
In addition, ISG provides a dynamic element to the provisioning and activation of services through control policies and Change of Authorization (CoA) extensions to the RADIUS protocol. This allows for "zero-touch" provisioning of an individual subscribers experience, all without impacting service to the end-user.
An ISG-enabled device may be deployed at the access edge and service edge of a network and is applicable to a range of subscriber network environments, such as digital subscriber line (DSL), public wireless LAN (PWLAN), mobile wireless, and WiMAX. Moreover, ISG has been designed to accommodate a flexible distribution of subscriber and service information within a given solution.
It is also possible to define services directly on an ISG. In all cases, service activation may be triggered as a result of a locally defined control policy, user profile associations, or CoA commands from an external policy server or portal application.
Benefits
Advanced Subscriber Management - ISG allows for numerous methods of identifying subscribers with the concept of the multi-dimensional id.
Broad Range of Ingress and Egress Methods - ISG allows a wide range of Layer 2 and Layer 3 access methods to be utilized.
Advanced Policy and User LifeCycle Management - Manage users or allow users to manage themselves. With CoA, user sessions can be managed dynamically in real time in ways never before possible.
Hardware
Routers
• Cisco 7600 Series Routers with Cisco SAMI Application blade
2.8.1) L2VPN Routed Mode Interworking: Ethernet/VLAN to ATM/FR/PPP
Routed interworking is used in cases where an SP wants to provide IP or other L3 routing protocol connectivity to different sites irrespective of their L2 connectivity to these sites and the sites can belong to a single customer or to multiple customers. In such cases, the SP doesn't participate in the customer's L3 network (e.g. routing functionality).
7600 supports various combinations of IP/Routed interworking including VLAN-to-Any combination. From 12.2SRD release onwards, PFC-based Ethernet-to-Any IP/Routed interworking is phased out. The 7600 VLAN to-Any IP/Routed interworking (this is also referred to as SVI/VLAN-based IP/Routed interworking) is the recommended combination for customers.
Benefits
Until the 12.2SRC release, the SVI/VLAN-based IP routed Interworking combination only works when the core-facing linecard is Flexwan, Enhanced Flexwan, and 7600-SIP-200. From 12.2SRD release, this feature is supported on the 7600-SIP400, 7600-SIP-600, ES-20, and ES+ line cards.
2.8.2) L2TPv3 - Layer-2 Tunneling Protocol Version 3 on Cisco Ethernet Services Plus Line Cards
Cisco IOS® Release 12.2(33)SRD offers Layer 2 Tunneling Protocol (L2TP) Version 3 on the Ethernet Services Plus Line Cards. L2TPv3 helps enable service providers to deliver traditional Layer 2 services entirely from their IP infrastructures.
Offering a traditional Layer 2 service such as Frame Relay using an IP network infrastructure can lower the cost of providing the same service compared to offering the same service using a dedicated Layer 2 network. IP network infrastructures support multiple service types, and multi-service networks can spread network investments and operating costs across a larger and more diverse customer base. L2TPv3 also allows a service provider to extend the geographic reach of its traditional Layer 2 service to areas where its Layer 2 networks do not currently exist. Traditional Layer 2 services can now be offered as far as the IP network can reach.
Using L2TPv3, service providers can now enhance their product portfolios to include managed Internet, intranet, and extranet services without adding complexity and expense. Customer equipment investments are protected as customers continue to connect to the service provider through their existing infrastructures.
On the Cisco 7600 series routers, L2TPv3 is a line card feature that was traditionally only implemented on the 7600-SIP-400 line card. In the 12.2(33)SRD Release, L2TPv3 is supported on the 7600-ES+20/40 line cards in hardware, with the same capabilities (excluding the non-Ethernet interface support) and restrictions as the 7600-SIP-400. The minimum hardware requirement for enabling the L2TPv3 service on a 7600 router are an L2TPv3-aware line card (such as the 7600-SIP-400/ES+) at the Layer 2 CE- facing side and an IP interface on any line card at the IP core-facing side. A service card is not required for L2TPv3.
7600-ES+40 line card supports 16,000 Psuedowires (up form 8,000 on 7600-SIP-400) with 512 tunnels and Ethernet (only) attachment circuit types.
Benefits
• Drive down the cost of providing traditional Layer 2 services through superior cost efficiencies of multiservice IP infrastructures and service bundling
• Extend their existing Layer 2 networks without expanding their legacy networks
Hardware
Routers
• Cisco 7600 Series Routers
• Line Cards: 7600-SIP-400, Cisco 7600 Ethernet Services Plus Series Line Cards
2.8.3) Bridging using RFC1483 Routed Encapsulation (BRE) on 7600-SIP-400
Bridging Routed Encapsulation (BRE) provides a network migration solution for ATM Service Providers starting to offer Ethernet Access services. Such service provider needs to migrate one of their network endpoints to an Ethernet service. This means that the routed connection from one router now goes across ATM cloud, gets terminated on an ATM sub-interface PVC, and then bridged traffic to another Ethernet router.
With the 12.2(33) SRD Release, Cisco 7600 now supports BRE on the 7600-SIP-400 in addition to the 7600-SIP-200.
Benefits
• Investment protection
– Service providers can continue to use the ATM and Ethernet equipment and reduce capital expenditures as they evolve their network.
• Increased SIP/SPA interface selection
– With the addition of 7600-SIP-400, there is an increase in the breadth of interface selections that supports BRE
Mini protocol analyzer provides a standalone packet capture tool to assist in remote troubleshooting. This feature allows the capture and inspection of packets on a live box using CLI. 7600 can passively capture the packets to local memory and display the packets on the console or export the captured buffer to external servers for post processing.
The captured packets are dumped on local flash disk in a standard PCAP format and can be later sourced to a common packet analyzing tools such as ethereal. This provides a powerful diagnostic tool to network administrators to quickly define and capture interesting traffic for troubleshooting purposes without any service disruption.
Benefits
• Improved troubleshooting
– Allows the capture and inspection of packets on a Cisco 7600 using CLI.
The following sections include Release 12.2(33)SRC hardware and software feature highlights.
Like all Release 12.2SR releases, this Release 12.2(33)SRC integrates Cisco IOS Software innovations that span multiple technology areas, including Broadband, Quality of Service, Layer 2 VPN, MPLS and Layer 3 VPN, IP Addressing and Services, and IPv6, IP Routing, and Infrastructure and Embedded Management.
Table 2. Release 12.2(33)SRC Highlights
3.1) Hardware
3.2) Broadband
3.3) Quality of Service
3.4) Layer 2 VPN
Cisco 7600 Series Route Switch Processor 720-10GE (RSP720-3C-10GE & RSP720-3CXL-10GE)
8-Port 10 Gigabit Ethernet Module for Cisco 7600 Series Routers
Wireless Services Module (WiSM) for Cisco 7600 Series Routers
PA-MC-T3-EC and PA-MC-2T3-EC for Cisco 7200 and 7301 Series Routers
Cisco 7200 Series Routers, Cisco 7201 Router, and Cisco 7301 Router Support
Cisco ISG Session Control High Availability (SSO/EFSU)
Cisco ISG Support for Cisco 7600 Series Routers
Cisco ISG: Service Control Engine Common Control Bus
Cisco ISG: MQC Support for IP Sessions
Cisco ISG: IP Session Keepalives (ARP and ICMP)
Broadband PPP - Features for Cisco 7600 Series Routers
Authentication, Authorization and Accounting Enhancements
Tunnel-Based Admission Control Support for Cisco 7600 Series Routers
Per-User QoS for Cisco 7600 Series Routers
Per-Session QoS for Cisco 7600 Series Routers
Per-Session Shaping and Queuing on LNS for Cisco 7600 Series Routers
Traffic Shaping Overhead Accounting for ATM for Cisco 7600 Series Routers
GRE Tunnel Marking for Cisco 7200 Series Routers
High Availability for Any Transport over MPLS (AToM): NSF with SSO;EFSU
AToM Tunnel Selection for Cisco 7200 Series Routers and the Cisco 7301 Router
MPLS PW Status Signaling
Per Subinterface MTU for Ethernet over MPLS (EoMPLS)
High Availability for Virtual Private LAN Service (VPLS): NSF with SSO; EFSU
H-VPLS N-PE Redundancy for QinQ or MPLS Access
VPLS MAC Address Withdrawal
TDM Local Switching
L2VPN PW Redundancy - ATM Attachment Circuits
3.5) MPLS and Layer 3 VPN
3.6) IP Addressing and Services, and IPv6
3.7) IP Routing
3.8) Cisco IOS Infrastructure and Embedded Management
Cisco IOS MPLS TE/RSVP Enhancements
Cisco IOS MPLS LDP Enhancements
Cisco IOS MPLS Embedded Management Enhancements
Cisco IOS MPLS Layer 3 VPN Enhancements
HSRP Group Shutdown
VRRP Stateful Switchover/Enhanced Fast Software Upgrade
The Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet uplinks is specifically designed to deliver high scalability, performance, and fast convergence required for today's and tomorrow's demanding voice, video, data, and mobility (quadruple-play) services. The RSP720-10GE offers Carrier Ethernet Service Providers tremendous flexibility, scalability and performance at the access or aggregation edge while deploying advanced IP video and triple-play (voice, video, and data) system applications in both the residential and business services markets. In essence, it gives Service Providers and Enterprises true service convergence with the ability to manage a wide variety of applications over a range of access mediums using a single platform, the Cisco 7600 Series. (See Figure 8).
Note: The RSP720-10GE in Release 12.2(33)SRC is orderable on a limited basis. Contact your Cisco sales representative for details.
Figure 8. Cisco 7600 Series Route Switch Processor 720-10GE
Benefits
• Integrated 720-Gbps switch fabric
– Offers Layer 2 forwarding rates of up to 30 million packets per second (Mpps)
– Provides bandwidth capacity of 40 Gbps per slot
– Allows additional slots for increased port density
• Hardware-based Cisco Express Forwarding
– Offers Layer 3 (IP and MPLS) forwarding rates of 30 Mpps
• 10GE and GE port options
– Offers 2x10Gigabit Ethernet and 3xGigabit Ethernet ports options (including 1x 10/100/1000 RJ45 port) on the RSP
– Interfaces are configured either in 10GE port mode only or in mixed-mode
• Faster CPU and added memory - Performance improvements include:
– Faster protocol convergence times
– Improved Internet Group Management Protocol (IGMP) snooping times
– Improved router boot-up times
– Faster rates of establishing Dynamic Host Configuration Protocol (DHCP) server, Label Distribution Protocol (LDP), IP sessions, and traffic engineering
3.1.2) 8-Port 10 Gigabit Ethernet Module for Cisco 7600 Series Routers
The 8-port 10 Gigabit Ethernet module doubles the 10 Gigabit Ethernet density on the Cisco 7600 Series, providing up to 64 ports of 10 Gigabit Ethernet in a single Cisco 7600 Series chassis. (See Figure 9).
There are two versions of the Series 8-port 10 Gigabit Ethernet module:
Both modules contain the WS-X6708-10GE base board and a distributed forwarding card. The base module supports up to eight pluggable X2 optics and has a 40 Gbps connection to the fabric and is therefore 2:1 oversubscribed. The distributed forwarding card provides hardware-based MAC learning and forwards traffic at 48 Mpps. 8-port 10 Gigabit Ethernet module can demonstrate up to 64 Gbps local switching. Besides port density, it also has increased port buffering and enhanced queuing and scheduling mechanisms for congestion management.
Figure 9. 8-Port 10 Gigabit Ethernet Module for Cisco 7600 Series Routers
Benefits
• Increased port density
– 8 ports per module (up to 64 ports per chassis)
– Consolidates chassis for bandwidth aggregation
• Increased port buffering
– 200MB per port
– More efficient transmissions for long haul connections
• New scheduler
– Shaped Round Robin (SRR) in egress
– More efficient handling of bursty traffic
• New queuing mechanism
– Differentiated Services Code Point (DSCP)-based queue mapping
– Allows both ingress and egress queuing based on Layer 3 TOS and provides more granular classes of traffic
• Increased memory
– Default 1 GB DRAM
– Storage of larger forwarding table
Hardware
Routers
• Cisco 7604, 7606, 7606-S, 7609, 7609-S, and 7613
3.1.3) Wireless Services Module for Cisco 7600 Series Routers
Wireless Services Module (WiSM) support for Cisco 7600 Series Routers provides unparalleled security, mobility, redundancy, and ease of use for business-critical wireless LANs (WLANs). It delivers the most secure wireless system available for Enterprise-scale WLANs. As a Cisco 7600 Series module, it delivers centralized security policies, wireless Intrusion Prevention System (IPS) capabilities, award-winning RF management, Quality of Service (QoS), and Layer 3 fast secure roaming for WLANs. As a key component of the Cisco Unified Wireless Network, the Cisco WiSM provides the control, security, redundancy, and reliability that network managers need to scale and manage their wireless networks easily. (See Figure 10).
Figure 10. Cisco 7600 Series Wireless Services Module
The Cisco WiSM is a member of the Cisco Wireless LAN Controller family. It works in conjunction with Cisco Aironet® access points, the Cisco Wireless Control System (WCS) and the Cisco Wireless Location Appliance to support mission-critical wireless data, voice, and video applications. It provides real-time communication between access points and other WLAN controllers to deliver a secure and unified wireless solution.
The Cisco WiSM smoothly integrates into existing Cisco 7600 Series Enterprise networks. It communicates using the emerging Lightweight Access Point Protocol (LWAPP) standard to establish secure connectivity between access points and modules across Layer 3 networks. This protocol enables the automation of important WLAN configuration and management functions for cost-effective WLAN operations. With this integrated approach to large-scale wireless networking, customers can realize significant total cost of ownership benefits by streamlining support costs and reducing planned and unplanned network downtime.
Because the Cisco WiSM supports 802.11a/b/g and the IEEE 802.11n draft 2.0 standard, organizations can deploy the solution that best meets their individual requirements. Organizations can offer robust coverage with 802.11 a/b/g or deliver greater performance with 5x the throughput and unprecedented reliability using 802.11n and Cisco's Next-Generation Wireless Solutions and Cisco Enterprise Wireless Mesh.
Benefits
• Cisco 7600 Series Integration - Embedded system for the Cisco 7600 Series infrastructure, delivering centralized security policies, IPS, RF management, QoS, and Layer 3 fast secure roaming for WLANs
• Enterprise Scalability - Scalable architecture provides business-critical wireless services for deployments of all sizes
• Enterprise Reliability - Automated recovery from failures of Cisco Aironet access points, Cisco WiSMs, and Cisco 7600 Series Supervisor Engine 720 maximizes the availability of the wireless network
• Integrated RRM - Creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization
• Zero-Configuration Deployment - The Cisco WiSM is deployed without manually configuring access points or modifying existing network infrastructures
• Intrusion Detection, Location, and Containment - Integrated wireless intrusion protection preserves the integrity of wireless networks and sensitive corporate information
• Mobility Management - Users can roam between access points and across bridged and routed subnets without requiring changes to the underlying infrastructure
• Intuitive Management Interfaces - Better visibility and control of the air space reduces operational costs
3.1.4) PA-MC-T3-EC and PA-MC-2T3-EC for Cisco 7200 and 7301 Series Routers
The 1- and 2-port multichannel T3 port adapters for the Cisco 7200 Series Routers and Cisco 7301 Router are enhanced versions of the previous multichannel T3 port adapters (part numbers PA-MC-T3 and PA-MC-2T3+). (See Figure 11).
The new port adapters address specific scalability challenges by increasing performance and lowering CPU usage. They offload advanced capabilities and features from the CPU, delivering them directly to meet Enterprise and Service Provider WAN link-aggregation service requirements. Each port adapter T3 interface can be independently configured for either multichannel T3 or clear-channel packet-over-T3 operation. With T3 port configurations, connections to DS-3 and subrate DS-3 services can be provisioned. With multichannel T3 port configurations, up to 28 T1 links per T3 interface can be brought in on a singlewide port adapter. Each T1 can be further channelized to DS-0, making the port adapters highly flexible interfaces for WAN provisioning.
Figure 11. Cisco 1- and 2-Port Multichannel Enhanced Capability Port Adapters
The combination of multichannel T3 and clear-channel functions makes the Cisco 1- and 2-Port Multichannel Enhanced Capability Port Adapters ideal for today's rapidly changing WAN environment. Specific features such as MLPPP, MLFR, LFI, and FRF.12 have been offloaded from the CPU to further enable agile response to new services while using existing infrastructure connections to better advantage.
As an integral part of a service node where customer bandwidth needs are uncertain, the port adapters allow Service Providers to avoid determining beforehand how ports will be allocated between DS-0, DS-1, and DS-3 connections. For Enterprise remote-site connection, the flexibility to support DS-0, DS-1, and DS-3 connections means the port adapters reduce equipment expenditures by integrating the capabilities and services of numerous port adapters onto a single adapter. They also provide investment protection by growing with the Enterprise to meet the needs of both today's DS-0 and DS-1 aggregation networks and tomorrow's T3 aggregation networks.
Benefits
• Operation Modes
– Multichannel (channelized) - 28 T1 ports multiplexed onto a single T3 connection per interface
– Clear channel (unchanelized) - Offers an unchannelized 45-Mbps T3 clear channel per interface
• Performance
– Line rate - Provides full T3 line usage and throughput
– New intelligent software architecture - Lower CPU usage increases router efficiency and improves resource usage, enabling more services
• Feature Offloads
– MLPPP - Port adapter intelligence alleviates heavy processing of CPU-intensive features
– MLFR - Lowers CPU processing while performing fragmentation and defragmentation
– LFI - Reduces delay on slower-speed links by breaking up large datagrams and interleaving low-delay traffic packets with the smaller packets resulting from the fragmented datagram
– FRF.12 - Controls delay and delay variation when real-time traffic such as voice is carried across the same interfaces as data
3.1.5) Cisco 7200 Series Routers, Cisco 7201 Router, and Cisco 7301 Router Support
Starting with Cisco IOS Software Release 12.2(33)SRC, Release 12.2SR includes support for the Cisco 7200 Series Routers and the Cisco 7301 Router. Release 12.2(33)SRC also includes support for the Cisco 7201 Router, the latest generation of the Cisco 7200 Series Family.
Within the Cisco IOS Software Release 12.2S family, the migration path for new features on the Cisco 7200 Series Routers and the Cisco 7301 Router is from Release 12.2SB to Release 12.2SR. Release 12.2(31)SB2 is the last Release 12.2SB release to include support for the Cisco 7200 Series Routers and the Cisco 7301 Router.
Cisco 7200 Series Routers
The industry's most widely deployed universal services aggregation router for Enterprise and Service Provider edge applications, the Cisco 7200 Series offers (See Figure 12):
• Exceptional price/performance - The NPE-G2 Network Processing Engine aggregates services at up to 2 Mpps
• A wide range of connectivity options and numerous features including serviceability and manageability
• Increased VPN performance with VPN Services Adapter
• Increased scalability and flexibility with the Port Adapter Jacket Card
Figure 12. Cisco 7200 Series Routers
Cisco 7201 Router
The Cisco 7201 Router is the latest generation of the Cisco 7200 Series Family. It is a compact, high performance single Rack Unit (RU) router that uses the latest Cisco 7200VXR Network Processing Engine NPE-G2 coupled with a comprehensive range of interface options. (See Figure 13)
Figure 13. Cisco 7201 Router
The Cisco 7201 Router addresses the demand for the same performance enhancements, and Cisco IOS Software features of the latest Cisco 7200VXR NPE-G2 but in a smaller form-factor and with low power consumption. The Cisco 7201 provides four built-in Gigabit Ethernet ports and one Port Adapter (PA) slot which make it ideal for various Service Providers and Enterprise applications. It also offers redundant and field-replaceable AC and DC power supplies
With its combination of scalable performance, compact architecture, high density, and low price per port, the Cisco 7301 is ideally suited for a variety of key applications within both the Service Provider and Enterprise markets.
Cisco 7301 Router
The Cisco 7300 Series is optimized for flexible, feature rich IP/MPLS services at the customer network edge, where Service Providers and Enterprises link together. (See Figure 14.) With 3 built-in Gigabit Ethernet interfaces (copper or optical) and a single slot for any Cisco 7000 Series port adapter, the Cisco 7301 is highly flexible for a variety of applications. Additionally for broadband aggregation, the Cisco 7301 supports up to 16,000 subscribers sessions making it ideal for pay-as-you-grow broadband deployment models.
Figure 14. Cisco 7301 Router
The following are some of the key Cisco IOS Software highlights on the Cisco 7200 Series, the Cisco 7201, and the Cisco 7301 Routers in Release 12.2(33)SRC:
Bidirectional Forwarding Detection (BFD)
BFD is a detection protocol designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. BFD also provides a consistent failure detection method for network administrators.
BFD support was first introduced to Release 12.2SR in Release 12.2(33)SRA for the Cisco 7600 Series Routers. Release 12.2(33)SRB and Release 12.2(33)SRC include BFD enhancements which are highlighted in the later sections of this document. For more detailed information on BFD support in Release 12.2SR, please visit: http://www.cisco.com/en/US/products/ps6922/products_feature_guides_list.html
MPLS Traffic Engineering (TE) - Fast ReRoute
The MPLS TE - Fast Reroute (FRR) Link and Node Protection feature provides link protection (backup tunnels that bypass only a single link of the Label-Switched Path (LSP)), node protection (backup tunnels that bypass next-hop nodes along LSPs), and the following FRR features:
The Cisco implementation of IPv6 VPN provider edge router over MPLS is referred to as Cisco 6VPE and enables IPv6 sites in a VPN that communicate with each other over an MPLS IPv4 core network using MPLS Label Switched Paths (LSPs).
Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP) Synchronization ensures that LDP is fully established before the IGP path is used for switching. This feature is only supported on interfaces running OSPF or IS-IS processes.
MPLS LDP-IGP Synchronization was first introduced to Release 12.2SR in Release 12.2(33)SRB for the Cisco 7600 Series Routers. In Release 12.2(33)SRB and Release 12.2(33)SRC, MPLS LDP-IGP Synchronization is not supported with IS-IS. Only OSPF is supported. For more detailed information on MPLS LDP-IGP Synchronization in Release 12.2(33)SRB, please visit: http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00802d95dd.html
IP SLAs for MPLS Pseudo Wire (PWE3) via VCCV
IP SLAs for MPLS Pseudo Wire (PWE3) via VCCV is used to schedule pseudo-wire ping operations and provide monitoring and alerts for Round Trip Time (RTT), failure, and connection threshold violations via SNMP Traps.
Cisco IOS IP Service Level Agreement (IP SLA) is a capability embedded in Cisco IOS Software. IP SLAs allow Cisco customers to understand IP service levels, increase productivity, lower operational costs, and reduce the frequency of network outages. IP SLA utilizes active monitoring of network performance and can be used for network troubleshooting, network assessment and health monitoring. The feature reduces MPLS network trouble shooting time and allows proactive monitoring of MPLS network performance. IP SLAs Pseudo Wire (PWE) Health Monitor automatically tests connectivity for PWE between MPLS network edges. Threshold violations and scalable operation scheduling are also available.
Multicast VPN Extranet allows VPN closed user groups to share information and common multicast information to be distributed across multiple VPN customers.
An extranet can be viewed as part of a company's intranet that is extended to users outside the company. Extranet is a VPN connecting the corporate site or sites to external business partners or suppliers, to securely share part of the information of a business or operations among them. MPLS VPNs inherently provide security, ensuring that users access only appropriate information. The MPLS VPN Extranet service offers users unicast connectivity without comprising the integrity of their corporate data. Multicast VPN Extranet extends this service offering to include multicast connectivity to the extranet community of interest. It allows Service Providers to offer the next generation of flexible extranet services, helping to enable business partnerships between different Enterprises.
The MPLS LDP MD5 Global Configuration feature provides a configuration enhancement for enabling MD5-based session authentication of LDP sessions, which helps prevent unauthorized LDP peer applications from establishing LDP sessions with the local LDP process and also helps to block spoofed TCP messages.
Any Transport over MPLS (AToM) Tunnel Selection allows you to specify the path that AToM traffic uses.
AToM Tunnel Selection was first introduced to Release 12.2SR in Release 12.2(33)SRA for the Cisco 7600 Series Routers, and is further highlighted later in this document. For more detailed information on AToM Tunnel Selection in Release 12.2(33)SRA, please visit: http://www.cisco.com/en/US/products/ps6922/products_feature_guide09186a008067cf79.html
Multi-Topology Routing
Multi-Topology Routing (MTR) is a new and exciting technology that extends the capabilities of Cisco routing technologies. Multi-Topology Routing adds a service differentiation dimension to traditional destination based routing. In other words, different classes of services can follow different paths across the network.
The MPLS VPN carrier class feature portfolio is further enriched with MPLS VPN PE-CE link protection. Upon PE-CE link failure, VPN end-to-end convergence can be improved with an egress PE (Point of Local Repair) switching VPN traffic to an alternative egress PE before the control plane has converged.
3.2.1) Cisco Intelligent Services Gateway Session Control High Availability (SSO/EFSU)
Cisco IOS Software Release 12.2(33)SRC delivers Cisco IOS High Availability features with sub-second switchover during periods of hardware or software failure for Cisco Intelligent Services Gateway (ISG) PPP Sessions, IP Sessions or IP interface sessions on Cisco 7600 Series Routers.
Cisco ISG Session Control Stateful Switchover (SSO) enhancements extend Cisco SSO technologies to include PPPoEoX Sessions, IP Sessions, IOS Policy Manager and DHCP. With these enhancements, seamless route processor switchover is provided for dynamic session services available on a deployed Cisco ISG/BRAS. Cisco SSO protects from hardware or software faults on an active route processor by synchronizing session state information, including session initiator type, DHCP information, and Radius Change of Authorization (CoA) messages, with a standby router processor.
Release 12.2(33)SRC also delivers Cisco ISG Session Control Enhanced Fast Software Upgrade (ISSU/EFSU). Cisco IOS ISSU is the industry's first, true, in-service upgrade solution for the Broadband edge, mitigating network downtime due to upgrading or downgrading Cisco IOS Software images on Cisco 7600 Series Routers with redundant supervisor engines. Based on Nonstop Forwarding/Stateful Switchover (NSF/SSO), Cisco 7600 Series Routers implement Enhanced Fast Software Upgrade (eFSU), which allows users to upgrade or downgrade complete Cisco IOS Software images with only a short system outage. EFSU enables rapid software upgrades for new line cards, new power supplies, new features, or software fixes.
Currently, only session based-services are protected by SSO and EFSU. Services which apply to flow-based traffic classification (traffic classes) will have high availability services added to them in an upcoming release.
Benefits
Cisco ISG Session Control High Availability enhancements provide a route-processor protection solution with the following benefits:
• Provides automatic fault detection and seamless recovery - Allows for the persistence of PPP, Interface, or IP Sessions during an RP switchover scenario; the control plane recovers gracefully minimizing network churn.
• Reduces costs - Decreases network downtime expenses, including SLA penalties, lost revenue opportunities, user and administrative productivity costs, and emergency network expenditures
3.2.2) Cisco Intelligent Services Gateway Support for Cisco 7600 Series Routers
First introduced in Cisco IOS Software Release 12.2SB for Cisco 7200 Series Routers, the Cisco 7301 Router, and Cisco 10000 Series Routers, Release 12.2(33)SRC introduces Cisco Intelligent Services Gateway (ISG) support for Cisco 7600 Series Routers.
Cisco ISG is a Cisco IOS Software feature set that provides a structured framework in which edge access devices can deliver flexible and scalable services to subscribers. Because almost any IP device can be voice-, video-, or data-enabled, Service Providers are delivering many services to many screens over converged fixed and mobile networks. Today's consumers of data, voice and video (triple-play) services demand a unified, high-performance experience at home, at work, and on the move.
Cisco ISG controls subscriber access at the network edge to enable the provisioning and management of broadband networks for a broad range of access and edge technologies, subscriber numbers and service types, effectively linking subscriber service requests with distributed policy control to help ensure a high quality of experience for the emerging "Connected Life."
Cisco ISG provides advanced subscriber awareness, resource provisioning, and access control capabilities. Cisco ISG distributes service intelligence to the Internet Protocol (IP) network edge, which simplifies service creation and speeds delivery of advanced IP services over Cisco IP Next-Generation Networks (IP NGNs).
Cisco ISG handles the following key aspects of subscriber management:
• Subscriber identification
• Service and policy determination
• Session policy enforcement
• Session life-cycle management
• Accounting for access and service usage
• Session state monitoring
Cisco ISG also provides a dynamic element to the provisioning and activation of services through control policies and Change of Authorization (CoA) extensions to the RADIUS protocol. This element allows for "zero-touch" provisioning of an individual subscriber experience, all without impacting service to the end-user.
A Cisco ISG-enabled device may be deployed at the access edge and service edge of a network and is applicable to a range of subscriber network environments, such as a Digital Subscriber Line (DSL), public wireless LAN (PWLAN), and mobile wireless. Moreover, Cisco ISG has been designed to accommodate a flexible distribution of subscriber and service information within a given solution. Figure 8 illustrates the range of deployment types for which service profile data for individual subscribers may be stored in an Authentication, Authorization, and Accounting (AAA) database and retrieved and cached on demand.
Figure 15. Cisco ISG Sample Topology
It is also possible to define services directly on a Cisco ISG-enabled device. In all cases, service activation may be triggered as a result of a locally defined control policy, user profile associations, or CoA commands from an external policy server or portal application.
Benefits
• Advanced Subscriber Management - Cisco ISG allows for numerous methods of identifying subscribers with the concept of the multi-dimensional id.
• Broad Range of Ingress and Egress Methods - Cisco ISG allows a wide range of Layer 2 and Layer 3 access methods to be utilized.
• Advanced Policy and User LifeCycle Management - Manage users or allow users to manage themselves. With CoA, user sessions can be managed dynamically in real time in ways never before possible.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
3.2.3) Cisco ISG: Service Control Engine (SCE) Common Control Bus
Cisco ISG in Cisco IOS Software and the Service Control Engine (SCE) are critical components of the Cisco NGN SP network. Cisco ISG is becoming the primary mechanism for PPP and IP Session by which subscribers are authenticated and administered into a broadband network of any type. The scaleable, high performance deep-packet-inspection capabilities of SCE make it the platform of choice for the delivery of granular application-based services. Together, they provide an ideal toolset to implement high-touch broadband services.
The ISG-SCE common control bus project provides a mechanism by which Cisco ISG and SCE can communicate to co-manage subscriber sessions, without requiring coordination and orchestration by additional components (namely a policy-server or AAA server). The primary benefit that emerges is the simplification of the design and implementation of these platforms into an operational network. This reduces the dependency on third party components and reduces overall solution cost. (See Figure 16.)
This new, tighter integration between these two Cisco products, with Cisco ISG providing subscriber management and Layer 1-4 policies, and SCE providing Layer 5 through 7 deep packet inspection capabilities, open up numerous possible use cases including:
• Parental Control - Limit access to restricted websites for a specific user; limit access to specific applications for specific users at specific times of day
• Value Added Premium Packages - Offer differential services based on specific application traffic for a specific user
• Application Boost - Boost the bandwidth of a specific application
• Limit Resources for Basic Subscribers - In tiered services models, the basic level of service could have specific limits placed on specific users
Figure 16. Cisco ISG and SCE Integration
Benefits
• Simplified Architecture - Only one interface needs to be utilized to control both ISG and SCE
• Advanced Per-User Per-Application Services - By utilizing the best of both ISG and SCE products, new use cases can be created
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
Within ISG Sessions, full Modular QoS CLI (MQC) support was previously only available for dynamic PPP Sessions. With the inclusion of MQC support for IP Sessions in Cisco IOS Software Release 12.2(33)SRC, full MQC support is now available for setting QoS shapers and policers on IP Sessions, IP Subnet Sessions, and IP Interface Sessions.
MQC is a Command-Line Interface (CLI) structure that allows users to create traffic polices and attach these polices to interfaces. A traffic policy contains a traffic class and one or more QoS features. A traffic class is used to classify traffic, while the QoS features in the traffic policy determine how to treat the classified traffic.
Benefits
ISG Session Control High Availability enhancements provide a route-processor protection solution with the following benefits:
• Common Configuration - The same configuration used to define QoS characteristics for other WAN interfaces now applies to IP Sessions
• Flexible Services - Increased flexibility in defining QoS behavior for IP Sessions beyond simple rate policing.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
3.2.5) Cisco ISG: IP Session Keepalives (ARP and ICMP)
IP Session Keepalives provides end-to-end keepalive support for IP and IP interface sessions, similar to the functionality supplied by PPP keepalives for PPP sessions. (See Figure 10.) This determines if an individual customer premises end-device (PC, set top box, CPE, etc.) is still connected to an aggregation network in an IP-only environment. Often in public and private networks, users may walk away with or power down their client devices without gracefully signing-off from the network. This can lead to a longer-lasting session context for the user in a Cisco ISG if the session doesn't periodically ensure user connectivity or existence.
Two types of keepalives are provided by this functionality:
ARP Keepalives - ARP Keepalives are used in a network where the Cisco SG/BRAS is directly connected to the client host device without any Layer 3 device in the circuit. Cisco ISG will be able to reach the client device by Layer 2 ARP Ping. The primary advantages of using ARP ping are that ARP has a relatively low packet overhead and that firewalls usually don't block ARP Pings.
ICMP Keepalives - ICMP Keepalives are used in a network where the Cisco ISG/BRAS is not directly connected to the client host device or if there are any Layer 3 devices between the host and the Cisco ISG/BRAS. In a layer 3 path, only ICMP keepalives will be able to be used.
Session lifecycle management can also be controlled by idle-timers, absolute timers, or disconnect events, but IP Session keepalives allow the system to have greater control of when a user session should be disconnected.
When traffic has not been seen for the configured amount of time, the ICMP or ARP ping is sent directly to the end-device. If no response is received, the session is torn down, the resources are returned to the system, and an accounting stop record is sent to the AAA server.
Figure 17. IP Session Keepalives
Benefits
• Advanced Session Life Cycle Management - Cisco ISG can proactively disconnect sessions where the end-device is no longer present freeing up system resources.
• More Accurate Billing - By disconnecting sessions as soon as the end device is powered off or moved, more accurate usage information is obtained.
• Greater Security - Remove sessions as quickly as possible when no longer in use to reduce the chance of address spoofing.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
3.2.6) Broadband PPP Features for Cisco 7600 Series Routers
Cisco IOS Software Release 12.2(33)SRC equips Cisco 7600 Series Routers with a wide range of broadband Point-to-Point Protocol (PPP) features that extend broadband capabilities and enable a much wider range of network configurations and environments.
This broadband PPP feature set allows Service Providers to deploy next-generation policy and subscriber management for their PPPoE-based subscribers. Many Service Providers are looking to transition to IP-based access for their subscribers to reduce Service Provider costs while also benefiting from the easy management and provisioning of value-added services. As Service Providers make this transition they are faced with the challenge of supporting their legacy PPPoE-based subscribers.
The Broadband PPP feature set on Cisco 7600 Series Routers allows Service Providers to seamlessly deploy the routers to support their PPPoE-based subscribers while allowing them to benefit from other next generation features, such as PPPoE SSO/EFSU, which provides high availability for PPPoE sessions by preserving PPPoE sessions during a RP switchover. Without SSO/EFSU support, all PPPoE sessions are reset during a route processor switchover. PPPoE SSO support provides minimal interruption in Layer 2 connectivity.
Following PPP broadband features are supported on Cisco 7600 Series Routers:
• The broadband PPP feature set allows Service Providers to offer next generation network features to their existing PPPoE subscribers. The feature set also allows a smooth transition of legacy PPPoE subscribers to IP based access.
• PPPoE SSO/EFSU enhancements allow minimal layer 2 interruption in a RP switchover scenario. The control plane recovers gracefully restoring PPPoE sessions as well as minimizing network churn. By preserving user sessions and minimizing packet loss, PPPoE SSO/EFSU reduces the impact of service outages on network users and delivers increased network uptime at the provider edge. PPPoE SSO/EFSU decreases downtime expenses, including SLA penalties, lost revenue opportunities, user and administrative productivity costs, and emergency network expenditures.
3.2.7) Authentication, Authorization and Accounting Enhancements
Cisco IOS Software Release 12.2(33)SRC enhances Cisco IOS Software Authentication, Authorization and Accounting (AAA) capabilities with following new features:
• Throttling of AAA Accounting Records
• Inclusion of RADIUS Attribute Accounting-Session-Id in Access Requests
Throttling of AAA Accounting Records
AAA Remote Authentication Dial-In User Service (RADIUS) protocol operates over User Datagram Protocol (UDP) transport layer and can not take advantage of a transport layer built-in flow control mechanism such as those available in Transmission Control Protocol (TCP).
The ever increasing demand for reduced capital spending has resulted in development of NAS/BRAS platforms with higher port/interface density and capability to efficiently generate high volume RADIUS load in a dynamic network environment. Ironically such improvement in scaling exacerbates the lack of flow control problem in RADIUS. The heavy RADIUS load from AAA client experiencing a changing network condition such as reload, may cause irrecoverable failure in the RADIUS server.
Throttling of AAA records helps to limit RADIUS load on RADIUS servers and its surrounding network by allowing the customers to configure a required throttling rate to reduce sudden bursts of RADIUS traffic on the RADIUS servers.
Inclusion of RADIUS Attribute Accounting-Session-Id in Access Requests
The Accounting Session ID is the only identifier provided by the RADIUS protocol that can relate authentication and accounting requests with absolute certainty.
The new commands introduced in this feature enables the sending of RADIUS attribute 44 (Accounting Session ID) in all RADIUS packets, not just in accounting packets sent after user authentication. This method of operation allows Service Providers to track all packets associated with a given subscriber session by the session ID. It also allows the policy servers at the Service Provider to use the CoA interface of Cisco ISG to dynamically manage a subscriber session using Accounting Session Id.
Benefits
Following are benefits of Throttling of AAA Accounting Records:
• Helps protect the health of RADIUS servers by avoiding sudden bursts of RADIUS traffic to the servers
• Avoids loss of critical accounting data at RADIUS servers by preventing sudden bursts of accounting records sent to the AAA server from NAS/BRAS
Following are benefits of Inclusion of RADIUS Attribute Accounting-Session-Id in Access Requests:
• Allows Service Providers to correlate various RADIUS records generated for a subscriber session through Accounting Session Id
• Allows Service Providers to extend their policy managers to use Accounting session id to dynamically manage subscriber sessions
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
3.3.1) Tunnel-Based Admission Control Support for Cisco 7600 Series Routers
MPLS TE Tunnel-Based Admission Control (TBAC) enables classic Resource Reservation Protocol (RSVP) unicast flows traveling across a Multiprotocol Label Switching-Traffic Engineering (MPLS-TE) core to be aggregated over an MPLS TE tunnel. TBAC aggregates traffic from multiple, classic RSVP sessions across different forms of tunneling technologies that include MPLS TE tunnels, which act as aggregate reservations in the core.
Benefits
To understand the benefits of TBAC, you should be familiar with how Call Admission Control (CAC) works for RSVP and QoS. TBAC benefits include the following:
• Cost Effective - Real-time traffic is very sensitive to loss and delay. CAC avoids QoS degradation for real-time traffic because CAC ensures that the accepted load always matches the current network capacity. As a result, you do not have to overprovision the network to compensate for absolute worst peak traffic or for reduced capacity in case of failure.
• Highly Accurate - CAC uses RSVP signaling, which follows the exact same path as the real-time flow, and routers make a CAC decision at every hop. This ensures that the CAC decision is very accurate and dynamically adjusts to the current conditions such as a reroute or an additional link. Also, RSVP provides an explicit CAC response (admitted or rejected) to the application, so that the application can react appropriately and fast; for example, sending a busy signal for a voice call, rerouting the voice call on an alternate VoIP route, or displaying a message for video on demand.
• Combining RSVP and MPLS TE - TBAC allows you to combine the benefits of RSVP with those of MPLS TE. Specifically, you can use MPLS TE inside the network to ensure that the transported traffic can take advantage of Fast Reroute protection (50 millisecond restoration), Constraint Based Routing (CBR), and aggregate bandwidth reservation.
• Seamless Deployment - TBAC allows you to deploy IPv4 RSVP without any impact on the MPLS part of the network because IPv4 RSVP is effectively tunneled inside MPLS TE tunnels that operate unchanged as per regular RSVP TE. No upgrade or additional protocol is needed in the MPLS core.
• Enhanced Scaling Capability - TBAC aggregates multiple IPv4 RSVP reservations ingressing from the same MPLS TE head-end router into a single MPLS TE tunnel and egressing from the same MPLS TE tail-end router.
Along with Per-Session QoS, Per-User QoS is a key QoS enhancement in Cisco IOS Software Release 12.2(33)SRC for Broadband Aggregation.
Per-User QoS provides the ability to apply QoS features (such as traffic classification, shaping, queuing, and policing) on a per-user basis. Per-User QoS can be configured using either a virtual template or a RADIUS server.
Policy Maps and QoS Features
A policy map specifies the QoS feature to be applied to network traffic. Examples of QoS features that can be specified in a policy map include traffic classification, shaping, queuing, and policing, among others. Each QoS feature is configured using the appropriate QoS commands. A RADIUS server is then used to "push" the information in the policy map between the nodes of the network topology.
Per-User Traffic Shaping
Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the speed of the remote target interface. Traffic shaping ensures that the traffic conforms to policies contracted for it. Thus, traffic adhering to a particular profile can be shaped to meet downstream requirements, eliminating bottlenecks in topologies with data-rate mismatches.
Per-User Queuing
The queuing mechanism, Weighted Fair Queuing (WFQ), offers dynamic, fair queuing that divides bandwidth across queues of traffic based on weights. WFQ ensures that all traffic is treated fairly, given its weight. Class-Based WFQ (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria including protocols, Access Control Lists (ACLs), and input interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class. A FIFO queue is reserved for each class, and traffic belonging to a class is directed to the queue for that class.
Two Methods for Configuring Per-User QoS
When you configure Per-User QoS, you can choose one of the following configuration methods:
• Configure the feature using a virtual template - This method is considered a "legacy" method. It is of earlier origin and is still an available option for those familiar with using virtual templates.
• Configure the feature using a RADIUS server - This method takes advantage of more recent technology and is the recommended method.
Benefits
The ability to apply QoS features on a per-user basis helps Internet Service Providers (ISPs) to adhere to the Service Level Agreement (SLA) established for handling traffic. Applying QoS on a per-user basis provides a higher degree of granularity when managing traffic in the network.
3.3.3) Per-Session QoS for Cisco 7600 Series Routers
Along with Per-User QoS, Per-Session QoS is a key QoS enhancement in Cisco IOS Software Release 12.2(33)SRC for Broadband Aggregation.
Per-Session QoS provides the ability to apply QoS features (such as traffic classification, shaping, queuing, and policing) on a per-session basis. The Per-Session QoS feature can be configured using either a virtual template or a RADIUS server.
Policy Maps and QoS Features
A policy map specifies the QoS feature to be applied to network traffic. Examples of QoS features that can be specified in a policy map include traffic classification, shaping, queuing, and policing, among others. Each QoS feature is configured using the appropriate QoS commands. A RADIUS server is then used to "push" the information in the policy map between the nodes of the network topology.
Per-Session Traffic Shaping
Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the speed of the remote target interface. Traffic shaping ensures that the traffic conforms to policies contracted for it. Thus, traffic adhering to a particular profile can be shaped to meet downstream requirements, eliminating bottlenecks in topologies with data-rate mismatches.
Per-Session Queuing
The queuing mechanism, Weighted Fair Queuing (WFQ), offers dynamic, fair queuing that divides bandwidth across queues of traffic based on weights. WFQ ensures that all traffic is treated fairly, given its weight. Class-Based WFQ (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria including protocols, Access Control Lists (ACLs), and input interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class. A FIFO queue is reserved for each class, and traffic belonging to a class is directed to the queue for that class.
Two Methods for Configuring Per-Session QoS
When configuring Per-Session QoS, you can choose one of the following configuration methods:
• Configure the feature using a virtual template - This method is considered a "legacy" method. It is of earlier origin and is still an available option for those familiar with using virtual templates.
• Configure the feature using a RADIUS server - This method takes advantage of more recent technology and is the recommended method.
Benefits
The ability to apply QoS features on a per-session basis helps ISPs to adhere to the SLA established for handling traffic. Applying QoS on a per-session basis provides a higher degree of granularity when managing traffic on the network.
3.3.4) Per-Session Shaping and Queuing on LNS for Cisco 7600 Series Routers
Per-Session Shaping and Queuing on LNS supports traffic shaping and Class-Based WFQ (CBWFQ). With Per-Session Shaping and Queuing on LNS, traffic shaping and CBWFQ is implemented on a per-session basis (ie: when traffic arrives at the interface).
Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the speed of the remote target interface. Traffic shaping ensures that the traffic conforms to policies contracted for it. Thus, traffic adhering to a particular profile can be shaped to meet downstream requirements, eliminating bottlenecks in topologies with data-rate mismatches.
WFQ offers dynamic, fair queuing that divides bandwidth across queues of traffic based on weights. WFQ ensures that all traffic is treated fairly, given its weight. CBWFQ extends the WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria including protocols, Access Control Lists (ACLs), and input interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class. A FIFO queue is reserved for each class, and traffic belonging to a class is directed to the queue for that class.
Figure 18 shows a sample topology for per-session shaping and queuing on LNS. Downstream traffic is forwarded from the ISP (the source) to an ISP subscriber (the destination) during a PPP session. From an LNS at the ISP, the traffic is transmitted over an L2TP tunnel to an L2TP Access Concentrator (LAC), and then to the subscriber.
Figure 18. Per-Session Shaping and Queuing Sample Topology
Benefits
• The ability to shape or queue traffic on a per-session basis helps to avoid traffic congestion and allows the ISP to adhere to the SLA established for handling traffic.
• Shaping or queuing traffic on a per-session basis provides a higher degree of granularity when managing traffic on the network.
3.3.5) Traffic Shaping Overhead Accounting for ATM for Cisco 7600 Series Routers
The Modular QoS CLI (MQC) Traffic Shaping Overhead Accounting for ATM feature enables a Broadband Remote Access Server (BRAS) to account for various encapsulation types when applying QoS to packets.
Typically, in Ethernet Digital Subscriber Line (DSL) environments, the encapsulation from the router to the Digital Subscriber Line Access Multiplexer (DSLAM) is Gigabit Ethernet and the encapsulation from DSLAM to Customer-Premises Equipment (CPE) is ATM. ATM overhead accounting enables the router to account for ATM encapsulation on the subscriber line and for the overhead added by cell segmentation. This enables the Service Provider to prevent overruns at the subscriber line and ensures that the router executes QoS features on the actual bandwidth used by ATM packets.
Release 12.2(33)SRC supports the following subscriber line encapsulation types and traffic shaping overhead accounting on Cisco 7600 Series Routers:
3.3.6) GRE Tunnel Marking for Cisco 7200 Series Routers
Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP Internetwork.
The QoS: Tunnel Marking for GRE Tunnels feature allows you to define and control QoS for incoming customer traffic on the PE router in a Service Provider network. The feature lets you set (mark) either the IP precedence value or the Differentiated Services Code Point (DSCP) in the header of a GRE tunneled packet.
GRE tunnel marking can be implemented by using a QoS marking command, such as set ip {dscp | precedence} [tunnel], and it can also be implemented in QoS traffic policing. This feature simplifies administrative overhead previously required to control customer bandwidth by allowing you to mark the GRE tunnel header on the incoming interface on the PE routers.
Figure 19 shows traffic being received from the CE1 router through the incoming interface on the PE1 router on which tunnel marking occurs. The traffic is encapsulated (tunneled) and the tunnel header is marked on the PE1 router. The marked packets travel (tunnel) through the core and are decapsulated automatically on the exit interface of the PE2 router. This feature is designed to simplify classifying Customer Edge (CE) traffic and is configured only in the Service Provider network. This process is transparent to the customer sites. The CE1 and CE2 routers simply exist as a single network.
Figure 19. Sample Tunnel Marking Topology
Benefits
• GRE tunnel marking provides a simple mechanism to control the bandwidth of customer GRE traffic.
• This feature is configured entirely within the Service Provider network and only on interfaces that carry incoming traffic on the PE routers.
• Generally used within the mVPN scenario to mark mGRE tunnels in addition to mark Tunnel LSP.
3.4.1) High Availability for Any Transport over MPLS (AToM): NSF with SSO; EFSU
Cisco IOS Software Release 12.2(33)SRC delivers High Availability (HA) functionality for Any Transport over MPLS (AToM) for Cisco 7600 Series Routers.
Any Transport over MPLS (AToM) Nonstop Forwarding (NSF) with Stateful Switchover (SSO) improves the availability of a network that uses AToM to provide Layer 2 VPN services. AToM NSF/SSO provides the ability to detect failures and handle them with minimal disruption to the service being provided. AToM NSF is achieved by Stateful Switchover (SSO) and Nonstop Forwarding (NSF) mechanisms. A standby Route Processor (RP) provides control-plane redundancy. The control plane state and data plane provisioning information for the Attachment Circuits (ACs) and AToM pseudowires (PWs) are checkpointed to the standby RP to provide NSF for AToM L2VPNs upon switchover from the primary RP.
Any Transport over MPLS (AToM) supports Enhanced Fast Software Upgrade (EFSU) to minimize downtime for software upgrades. Apply bug fixes and deploy new features and services through in-service upgrade of the complete Cisco IOS Software image. A subset of ISSU, EFSU helps to minimize outage time during a software upgrade by preloading new line card software images onto supported line cards.
Benefits
• NSF with SSO together for AToM provides the ability to detect failures and handle them with minimal disruption to the AToM service being provided. The following are the AToM services protected by AToM NSF with SSO:
– Ethernet over MPLS
– Frame Relay over MPLS
– ATM AAL5 over MPLS
– ATM Cell Relay over MPLS
– PPP over MPLS
– HDLC over MPLS
– TDM over MPLS
• AToM support for EFSU provides the ability to upgrade router software while the router continues to forward traffic. EFSU increases network availability and reduces the downtime required for software upgrades.
– Rapid deployment of new features/services as well as maintenance updates
– Reduces planned downtime and operational expenses
– Ability to streamline and minimize planned downtime windows
Hardware
Routers
• Supervisor Engines: Sup720 3B/3BXL, RSP720, and Sup32
3.4.2) AToM Tunnel Selection for Cisco 7200 Series Routers and the Cisco 7301 Router
First introduced to Release 12.2SR in Release 12.2(33)SRA for the Cisco 7600 Series Routers, Release 12.2(33)SRC adds support for Cisco 7200 Series Routers and the Cisco 7301 Router.
Any Transport over MPLS (AToM) Tunnel Selection allows you to specify the path that AToM traffic uses. You can specify either a Multiprotocol Label Switching (MPLS) traffic engineering tunnel or a destination IP address and Domain Name System (DNS) name. If the specified path is unreachable, you can specify that the Virtual Circuits (VCs) should use the default path, which is the path that MPLS Label Distribution Protocol (LDP) uses for signaling. The option of having a backup LDP path is enabled by default; you must explicitly disable it.
Benefits
AToM Tunnel Selection allows you to specify the path that Any Transport over MPLS (AToM) traffic uses.
MPLS Pseudowire (PW) Status Signaling supports Provider Edge router (PE) signaling using LDP PW Status TLV (type-length-value) to indicate PW status to remote PE peers.
Benefits
Supports Signaling of Pseudowire Status per RFC 4447 Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP).
A pseudowire label mapping message can be signaled as soon as the pseudowire is administratively enabled to setup the pseudowire, irrespective of what the pseudowire status is. Further, a pseudowire status can be signaled using a status message without the need to withdraw the pseudowire label mapping message.
3.4.4) Per Subinterface MTU for Ethernet over MPLS (EoMPLS)
Per Subinterface MTU for Ethernet over MPLS (EoMPLS) provides a submode configuration Command-Line Interface (CLI) that allows per-subinterface setting of the MTU in xconnect configuration mode.
On Gigabit Ethernet (GE) interfaces the Maximum Transmission Unit (MTU) is inherited by the subinterfaces. Typically this MTU is 1500, which works well for customer-facing Ethernet connections. However, a Service Provider may want a different, typically larger, MTU for core-facing subinterfaces. Using this option, a Service Provider can configure the MTU on subinterfaces as desired.
Benefits
The submode configuration CLI option allows Service Providers to configure MTU values as required for different purposes, as in the following examples.
• Allows a Service Provider to use a subinterface default MTU of 1500 for customer-facing Ethernet subinterfaces and to configure an MTU of 2000 for core-facing subinterfaces.
• Allows a Service Provider to use a subinterface default MTU of 1500 for customer-facing VLAN subinterfaces and to configure a jumbo, 4470 or larger, MTU for core-facing subinterfaces.
3.4.5) High Availability for Virtual Private LAN Service (VPLS): NSF with SSO; EFSU
Cisco IOS Software Release 12.2(33)SRC delivers High Availability (HA) functionality for Cisco Virtual Private LAN Service (VPLS) for Cisco 7600 Series Routers.
High availability for Cisco VPLS is provided by Cisco Nonstop Forwarding (NSF) with Stateful Switchover (SSO). Cisco VPLS supports Enhanced Fast Software Upgrade (EFSU) to minimize downtime for software upgrades. Apply bug fixes and deploy new features and services through in-service upgrade of the complete Cisco IOS Software image. A subset of ISSU, EFSU helps to minimize outage time during a software upgrade by preloading new line card software images onto supported line cards.
Benefits
• Cisco VPLS NSF/SSO builds on AToM NSF/SSO for Ethernet over MPLS (EoMPLS) and improves the availability of a VPLS network. As with AToM NSF/SSO, VPLS NSF/SSO provides the ability to detect failures and handle them with minimal disruption to the service being provided. VPLS NSF is achieved by Cisco SSO and NSF mechanisms.
• VPLS support for EFSU provides the ability to upgrade router software while the router continues to forward traffic. EFSU increases network availability and reduces the downtime required for software upgrades.
– Rapid deployment of new features/services as well as
