Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide, Release 6.1.x
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides
an overview of the Broadband Network Gateway (BNG) functionality implemented on
the Cisco ASR 9000 Series Router.
Table 1. Feature History
for Broadband Network Gateway Overview
Release
Modification
Release 4.2.0
Initial
release of BNG.
Release 5.3.3
RSP-880
support was added.
Release 6.1.2
Added BNG
support for these hardware:
A9K-8X100G-LB-SE
A9K-8X100GE-SE
A9K-4X100GE-SE
A9K-MOD200-SE
A9K-MOD400-SE
A9K-MPA-1x100GE
A9K-MPA-2x100GE
A9K-MPA-20x10GE
Release 6.1.2
Added BNG
support for the use of Cisco NCS 5000 Series Router as a satellite.
Release 6.1.2
Added BNG
smart licensing feature.
Understanding BNG
Broadband Network Gateway (BNG) is the access point for subscribers, through which they connect to the broadband network.
When a connection is established between BNG and Customer Premise Equipment (CPE), the subscriber can access the broadband
services provided by the Network Service Provide (NSP) or Internet Service Provider (ISP).
BNG establishes and manages subscriber sessions. When a session is active, BNG aggregates traffic from various subscriber
sessions from an access network, and routes it to the network of the service provider.
BNG is deployed by the service provider and is present at the first aggregation point in the network, such as the edge router.
An edge router, like the Cisco ASR 9000 Series Router, needs to be configured to act as the BNG. Because the subscriber directly
connects to the edge router, BNG effectively manages subscriber access, and subscriber management functions such as:
Authentication, authorization and accounting of subscriber sessions
Address assignment
Security
Policy management
Quality of Service (QoS)
Some benefits of using BNG are:
The BNG router not only performs the routing function but also communicates with authentication, authorization, and accounting
(AAA) server to perform session management and billing functions. This makes the BNG solution more comprehensive.
Different subscribers can be provided different network services. This enables the service provider to customize the broadband
package for each customer based on their needs.
BNG
Architecture
The goal of the BNG architecture is to enable the BNG router to interact with peripheral devices (like CPE) and servers (like
AAA and DHCP), in order to provide broadband connectivity to subscribers and manage subscriber sessions. The basic BNG architecture
is shown in this figure.
The BNG architecture
is designed to perform these tasks:
Connecting with
the Customer Premise Equipment (CPE) that needs to be served broadband
services.
Establishing
subscriber sessions using IPoE or PPPoE protocols.
Interacting with
the AAA server that authenticates subscribers, and keeps an account of
subscriber sessions.
Interacting with
the DHCP server to provide IP address to clients.
Advertising the subscriber routes.
The five BNG tasks are briefly explained in the following sections.
Connecting with
the CPE
BNG connects to the
CPE through a multiplexer and Home Gateway (HG). The CPE represents the triple
play service in telecommunications, namely, voice (phone), video (set top box),
and data (PC). The individual subscriber devices connect to the HG. In this
example, the subscriber connects to the network over a Digital Subscriber Line
(DSL) connection. Therefore, the HG connects into a DSL Access Multiplexer
(DSLAM).
Multiple HGs can
connect to a single DSLAM that sends the aggregated traffic to the BNG router.
The BNG router routes traffic between the broadband remote access devices (like
DSLAM or Ethernet Aggregation Switch) and the service provider network.
Establishing
Subscriber Sessions
Each subscriber (or
more specifically, an application running on the CPE) connects to the network
by a logical session. Based on the protocol used, subscriber sessions are
classified into two types:
PPPoE subscriber
session—The PPP over Ethernet (PPPoE) subscriber session is established using
the point-to-point (PPP) protocol that runs between the CPE and BNG.
IPoE subscriber
session—The IP over Ethernet (IPoE) subscriber session is established using IP
protocol that runs between the CPE and BNG; IP addressing is done using the
DHCP protocol.
Interacting
with the RADIUS Server
BNG relies on an
external Remote Authentication Dial-In User Service (RADIUS) server to provide
subscriber Authentication, Authorization, and Accounting (AAA) functions.
During the AAA process, BNG uses RADIUS to:
authenticate a
subscriber before establishing a subscriber session
authorize the
subscriber to access specific network services or resources
track usage of
broadband services for accounting or billing
The RADIUS server
contains a complete database of all subscribers of a service provider, and
provides subscriber data updates to the BNG in the form of attributes within
RADIUS messages. BNG, on the other hand, provides session usage (accounting)
information to the RADIUS server. For more information about RADIUS attributes,
see
RADIUS Attributes.
BNG supports
connections with more than one RADIUS server to have fail over redundancy in
the AAA process. For example, if RADIUS server A is active, then BNG directs
all messages to the RADIUS server A. If the communication with RADIUS server A
is lost, BNG redirects all messages to RADIUS server B.
During interactions
between the BNG and RADIUS servers, BNG performs load balancing in a
round-robin manner. During the load balancing process, BNG sends AAA processing
requests to RADIUS server A only if it has the bandwidth to do the processing.
Else, the request is send to RADIUS server B.
Interacting
with the DHCP Server
BNG relies on an
external Dynamic Host Configuration Protocol (DHCP) server for address
allocation and client configuration functions. BNG can connect to more than one
DHCP server to have fail over redundancy in the addressing process. The DHCP
server contains an IP address pool, from which it allocates addresses to the
CPE.
During the
interaction between BNG and the DHCP server, BNG acts as a DHCP relay or DHCP
proxy.
As the DHCP relay,
BNG receives DHCP broadcasts from the client CPE, and forwards the request to
the DHCP server.
As the DHCP proxy,
BNG itself maintains the address pool by acquiring it from DHCP server, and
also manages the IP address lease. BNG communicates on Layer 2 with the client
Home Gateway, and on Layer 3 with the DHCP server.
The DSLAM modifies
the DHCP packets by inserting subscriber identification information. BNG uses
the identification information inserted by the DSLAM, as well as the address
assigned by the DHCP server, to identify the subscriber on the network, and
monitor the IP address lease.
Advertising Subscriber Routes
For optimal performance in design solutions where the Border Gateway Protocol (BGP) advertises the subscriber routes, the
BNG advertises the entire subnet designated to the subscribers using the network command in the BGP configuration.
The BNG redistributes the individual subscriber routes only in scenarios where the Radius server assigns the IP address to
a subscriber and there is no way to know to which BNG that particular subscriber will connect.
BNG Role in ISP Network Models
The role of BNG is to pass traffic from the subscriber to the ISP. The manner in which BNG connects to the ISP depends on
the model of the network in which it is present. There are two types of network models:
The following figure shows the topology of a Network Service Provider model.
In the Network Service Provider model, the ISP (also called the retailer) directly provides the broadband connection to the
subscriber. As shown in the above figure, BNG is at the edge router, and its role is to connect to the core network through
uplinks.
Access Network Provider
The following figure shows the topology of a Access Network Provider model.
In the Access Network Provider model, a network carrier (also called the wholesaler) owns the edge network infrastructure,
and provides the broadband connection to the subscriber. However, the network carrier does not own the broadband network.
Instead, the network carrier connects to one of the ISPs that manage the broadband network.
BNG is implemented by the network carrier and its role is to hand the subscriber traffic off to one of several ISPs. The hand-off
task, from the carrier to the ISP, is implemented by Layer 2 Tunneling Protocol (L2TP) or Layer 3 Virtual Private Networking
(VPN). L2TP requires two distinct network components:
L2TP Access Concentrator (LAC)—The LAC is provided by the BNG.
L2TP Network Server (LNS)—The LNS is provided by the ISP.
BNG Packaging
The BNG pie, asr9k-bng-px.pie can be installed and activated on the Cisco ASR 9000 Series Router to access the BNG features. The install, uninstall, activate
and deactivate operations can be performed without rebooting the router.
It is recommended that the relevant BNG configurations be removed from the running configuration of the router, before
uninstalling or deactivating the BNG pie.
Installing and Activating the BNG Pie on Cisco ASR 9000 Series Router
Perform this task to install and activate the BNG pie on the Cisco ASR 9000 Series Router:
Activates the installed pie on the Cisco ASR 9000 Series Router.
What to do next
Note
During upgrade from Release 4.2.1 to Release 4.3.0, it is recommended that the Cisco ASR 9000 base
image pie (asr9k-mini-px.pie) is installed prior to installing the BNG
pie (asr9k-bng-px.pie).
After BNG pie is installed, you must copy BNG related configurations from the flash or
tftp location to the router. If BNG pie is deactivated and activated again, then load
the removed BNG configurations by executing the load configuration removed
command from the configuration terminal.
Note
Most of the BNG feature configurations are moved to a new namespace partition, and hence BNG features are not available by
default now. To avoid inconsistent BNG configurations before, or after installing the BNG pie, run the clear configuration inconsistency command, in EXEC mode.
BNG Configuration Process
Configuring BNG on the Cisco ASR 9000 Series Router involves these stages:
Activating Control Policy—Control policies are activated to determine the action that BNG takes when specific events occur.
The instructions for the action are provided in a policy map. For details, see Activating Control Policy.
Establishing Subscriber Sessions—Configurations are done to set up one or more logical sessions, from the subscriber to the
network, for accessing broadband services. Each session is uniquely tracked and managed. For details, see Establishing Subscriber Sessions.
Deploying QoS—Quality of Service (QoS) is deployed to provide control over a variety of network applications and traffic
types. For example, the service provider can have control over resources (example bandwidth) allocated to each subscriber,
provide customized services, and give priority to traffic belonging to mission-critical applications. For details, see Deploying the Quality of Service (QoS).
Configuring Subscriber Features—Configurations are done to activate certain subscriber features that provide additional capabilities
like policy based routing, access control using access list and access groups, and multicast services. For details, see Configuring Subscriber Features.
Verifying Session Establishment—Established sessions are verified and monitored to ensure that connections are always available
for use. The verification is primarily done using "show" commands. Refer to the Cisco ASR 9000 Series Aggregation Services Router Broadband Network
Gateway Command Reference
guide for the list of various "show" commands.
To use a BNG command, you must be in a user group associated with a task group that includes the proper task IDs. The Cisco ASR 9000 Series Aggregation Services Router Broadband Network
Gateway Command Reference
guide includes the task IDs required for each command. If you suspect that the user group assignment is preventing you from
using a command, contact your AAA administrator for assistance.
Restriction
The Select VRF Download (SVD) must be disabled, when BNG is
configured. For more information about SVD, see the Cisco IOS
XR Routing Configuration Guide for the Cisco XR 12000 Series Router.
Hardware
Requirements for BNG
These hardwares
support BNG:
The Satellite Network Virtualization (nV) system.
The route switch processors, RSP-440, RSP-880
.
The route processor, A99-RP-SE, A99-RP2-SE, on the Cisco ASR 9912 and the Cisco ASR 9922 chassis.
The below table lists the Line Cards and Modular Port Adapters that support BNG.
Table 2. Line Cards and
Modular Port Adapters Supported on BNG
Product Description
Part Number
24-Port
10-Gigabit Ethernet Line Card, Service Edge Optimized
A9K-24X10GE-SE
36-Port
10-Gigabit Ethernet Line Card, Service Edge Optimized
A9K-36X10GE-SE
40-Port
Gigabit Ethernet Line Card, Service Edge Optimized
A9K-40GE-SE
4-Port
10-Gigabit Ethernet, 16-Port Gigabit Ethernet Line Card, 40G Service Edge
Optimized
A9K-4T16GE-SE
Cisco ASR 9000
High Density 100GE Ethernet line cards:
Cisco ASR 9000 8-port 100GE "LAN-only" Service Edge
Optimized Line Card, Requires CPAK optics
Cisco ASR
9000 8-port 100GE “LAN/WAN/OTN” Service Edge Optimized Line Card, Requires CPAK
optics
Cisco
ASR 9000 4-port 100GE “LAN/WAN/OTN” Service Edge Optimized Line Card, Requires
CPAK optics
A9K-8X100G-LB-SE
A9K-8x100GE-SE
A9K-4x100GE-SE
80 Gigabyte
Modular Line Card, Service Edge Optimized
A9K-MOD80-SE
160 Gigabyte
Modular Line Card, Service Edge Optimized
A9K-MOD160-SE
20-Port
Gigabit Ethernet Modular Port Adapter (MPA)
A9K-MPA-20GE
ASR 9000
200G Modular Line Card, Service Edge Optimized, requires modular port adapters
A9K-MOD200-SE
2-port
10-Gigabit Ethernet Modular Port Adapter (MPA)
A9K-MPA-2X10GE
4-Port
10-Gigabit Ethernet Modular Port Adapter (MPA)
A9K-MPA-4X10GE
ASR 9000
20-port 10-Gigabit Ethernet Modular Port Adapter, requires SFP+ optics
A9K-MPA-20x10GE
2-port
40-Gigabit Ethernet Modular Port Adapter (MPA)
A9K-MPA-2X40GE
1-Port
40-Gigabit Ethernet Modular Port Adapter (MPA)
A9K-MPA-1X40GE
ASR 9000
1-port 100-Gigabit Ethernet Modular Port Adapter, requires CFP2-ER4 or CPAK
optics
A9K-MPA-1x100GE
ASR 9000
2-port 100-Gigabit Ethernet Modular Port Adapter, requires CFP2-ER4 or CPAK
optics
A9K-MPA-2x100GE
BNG
Interoperability
The BNG
interoperability allows BNG to exchange and use information with other larger
heterogeneous networks. These are the key features:
BNG Coexists with
ASR9001:
ASR9001 is a
standalone high processing capability router that comprises of a route switch
processor (RSP), linecards (LC), and ethernet plugs (EPs). All BNG features are
fully supported on the ASR9001 chassis.
BNG Supports nV
Satellite:
The only topology
that is supported with BNG-nV Satellite is - bundled Ethernet ports on the CPE
side of the Satellite node connected to the Cisco ASR 9000 through non-bundle
configuration (static-pinning). That is,
Although the
following topology is supported on Satellite nV System (from Cisco IOS XR
Software Release 5.3.2 onwards), it is not supported on BNG:
Bundled
Ethernet ports on the CPE side of the satellite node, connected to the Cisco
ASR 9000 through bundle Ethernet connection.
From Cisco IOS XR Software
Release 6.1.2 and later, BNG
supports the use of Cisco NCS 5000 Series Router as a Satellite.
For details on nV Satellite
configuration, see
nV System Configuration Guide for Cisco ASR 9000 Series Routers
located
here.
BNG interoperates
with Carrier Grade NAT (CGN):
To address the
impending threat from IPv4 address space depletion, it is recommended that the
remaining or available IPv4 addresses be shared among larger numbers of
customers. This is done by using CGN, which primarily pulls the address
allocation to a more centralized NAT in the service provider network. NAT44 is
a technology that uses CGN and helps manage depletion issues of the IPv4
address space. BNG supports the ability to perform NAT44 translation on IPoE
and PPPoE-based BNG subscriber sessions.
Note
For BNG and
CGN interoperability, configure the BNG interface and the application service
virtual interface (SVI) on the same VRF instance.
Restrictions
Only bundle
access with non-bundle ICLs are supported for BNG interfaces over Satellite nV
System access interfaces.
BNG Smart
Licensing
BNG supports Cisco
Smart Software Licensing that provides a simplified way for the customers to
purchase licenses and to manage them across their network. This provides a
customizable consumption-based model that aligns to the network growth of the
customer. It also provides the flexibility to quickly modify or upgrade
software feature configurations to deploy new services over time.
BNG Smart Licensing
supports Geo redundancy as well as non-Geo redundancy subscriber sessions. One
license is required for every group of 8000 subscribers or a fraction of it.
For example, two licenses are required for 9000 subscribers.
These are the
software license PIDs for BNG:
S-A9K-BNG-LIC-8K —for non-geo redundancy sessions
S-A9K-BNG-ADV-8K —for geo redundancy sessions
You can use the
show sessionmon license command to display
the subscriber session statistics.