思科移动交换CMXPPT课件.ppt

1、1 2004 Cisco Systems, Inc. All rights reserved.Cisco Mobile Exchange2 2 2 2004 Cisco Systems, Inc. All rights reserved.概况1您的内容打在这里，或者通过复制您的文本后。概况2您的内容打在这里，或者通过复制您的文本后。概况3您的内容打在这里，或者通过复制您的文本后。+整体概况3 3 3 2004 Cisco Systems, Inc. All rights reserved.SLAmonitoringSLAmonitoringSLAmonitoringOperatorContro

2、l point1OperatorControl point2Cisco Mobile Exchange Solution Set : Giving control back to the operatorMS : Mobile StationSGSN: Servicing GPRS Support NodeGGSN: Gateway GPRS Support NodePDSN: Packet Data Serving NodeCMX : Cisco Mobile ExchangeMSFC: Multilayer Switch Feature CardRLB: Radius Load-balan

3、cerFWLB: Firewall Load-balancer SSG: Service Selection Gateway POP: Point of Presence CSG: Content Services Gateway BMA: Billing Mediation AgentSESM: Subscriber Edge Service Manager4 4 4 2004 Cisco Systems, Inc. All rights reserved.The Cisco Mobile Exchange Scope Radio EdgeMobile Internet EdgeAggreg

4、ationMSCRadius Web PortalServices SelectionMIPL2TPGREIPSecMPLSIPV4IPV6CMXSession establishmentIP routing & forwardingAddress allocationUser authenticationAccess selectionAccountingVPN edge functionService profileContent billing/accounting Charging gatewayLoad balancingNetwork managementVPNIntranetIn

5、ternetInternetISP / ASPMVNOOpen GardenVPNWalledGardenWLAN2.5/3 GBSC/PCFCDMA 1X/DO/DVSGSNGGSNPDSNHAPacket GWGGSN HA PDSN 802.11 VPN SGSNService Proxy Passthrough TunnelSSGs5 5 5 2004 Cisco Systems, Inc. All rights reserved.Framework of solutions targeted at the Subscriber Internet EdgeA collection of

6、 Cisco devices that provide consistent mobile and IP servicesDelivers cost effective and scalable solutions to meet the needs of Mobile OperatorsDemonstrates Cisco IOS/IP value add servicesLeverage Catalyst 7600 family with IP, mobile & content functionalityWhat is CMX?Cisco Mobile ExchangeNetwork M

7、anagementand OperationsPlatforms forPerformance and ReliabilityLoad Balancing and continuous availability.Mobile ServicesService SelectionContent MonitoringAdvanced BillingPacket Gateways (GPRS/UMTS, PDSN, HA,)6 6 6 2004 Cisco Systems, Inc. All rights reserved.Agenda SSG CSG Billing Hardware7 7 7 20

8、04 Cisco Systems, Inc. All rights reserved.Service SelectionEnable Service SelectionSSG Service TypesService AccessSSGProxyPassthruUsernamePasswordInternet accessTunnelAccessing content partner networksCorporate accessAuto services logon (based on user configured settings) 8 8 8 2004 Cisco Systems,

9、Inc. All rights reserved.Typical Service Selection Call FlowRouterSESMAAA ServerPPPWeb RequestRedirectionUnAuth User PageLogin ResponseLogin InfoAuthentication Get ProfileAccess control and service selectionService access based on user profileSSGClientAccess ControlPDSNAccounting-StartAccounting-Sta

10、rt9 9 9 2004 Cisco Systems, Inc. All rights reserved.Service Selection ( SSG, SESM, AAA. ) Features Include:Captive PortalOpen Garden (Free services)Walled Garden (Premium services)Prepaid ServicesHierarchical Policing Subscriber Self-CareAdvertisingRADIUS/Directory AuthenticationLocation brandingAu

11、to loginWeb Services Gateway101010 2004 Cisco Systems, Inc. All rights reserved.SSG Services SSG provides a way to give different types of subscriber access to particular IP domains. The IP Domains can be a single host, a subnetwork or multiple networks. Depending on the configuration the services c

12、an be authenticated or free access.111111 2004 Cisco Systems, Inc. All rights reserved.OPEN-GARDEN(Free Services)Walled-GARDEN(Authenticated Services)Services Network or Application AccessSubscriber ServicesSSGBackboneSESM121212 2004 Cisco Systems, Inc. All rights reserved.Service Control User Exper

13、ienceTime / VolumePrepaid / PostpaidAllowed & ChargedNot Allowed131313 2004 Cisco Systems, Inc. All rights reserved.SSG Service Summary Host Objects Connection Objects SubscriberINTERNETVODQUAKEHost-ObjService ObjectsNATNATL2TPPROXYRouted141414 2004 Cisco Systems, Inc. All rights reserved.SSG Servic

14、e Access Types151515 2004 Cisco Systems, Inc. All rights reserved.SSG Service Access : Passthru Radius AAA is done by SSG Providers local AAA server Traffic is sent out “bound” interface based on service route definition Use next-hop table or explicit bindingsPassthrough Service TypeIntranetInternet

15、SSGR192.168.1.0,255.255.255.0RADIUSR0.0.0.0;SSG161616 2004 Cisco Systems, Inc. All rights reserved.SSG Service Definition : PassthruPassthrough Service TypeSample Passthrough Service Profilezap-com Password = “servicecisco”, Service-Type = OutboundService-Info = “I”,Service-Info = “R192.168.1.100;25

16、5.255.255.255”,Service-Info = “TP”service destination route definitionService Type - passthroughRADIUS171717 2004 Cisco Systems, Inc. All rights reserved.SSG Service Definition : Passthru Passthrough Service Type( Internet )Sample Passthrough Service Profileintranet Password = “servicecisco”, Servic

17、e-Type = OutboundService-Info = “IInternet”,Service-Info = “R0.0.0.0;0.0.0.0”, Service-Info = R192.168.6.0;255.255.255.0;E,Service-Info = “TP”service destination route definition( special case for Internet )service type - passthroughRADIUS181818 2004 Cisco Systems, Inc. All rights reserved.SSG Servi

18、ce Access : Proxy-RADIUSThe SSG terminates user sessions from hosts to the SSG and makes a virtual Connection from the SSG to the service destinationThe SSG will Authenticate and Authorize the service via the remote Radius Server.The SSG does NAT if the remote RADIUS user authorization includes IP a

19、ddressProxy-Radius Service TypeWeb PortalApplicationIntranetInternetExtranetRADIUSHTTP TRAFFICRadius Request10.0.0.112.17.1.10Radius Reply(accept/IP)10.0.0.1192.168.1.10NATRADIUSSSG191919 2004 Cisco Systems, Inc. All rights reserved.SSG Service Definition : Proxy-RADIUSProxy-Radius Service TypeIP Ad

20、dress, Ports and shared-secret of Remote AAASample Proxy Service Profileproxy-service Password = “servicecisco”, Service-Type = OutboundService-Info = “IProxy-service”,Service-Info = “R12.17.1.10;255.255.255.255”,Service-Info = “S192.168.1.1;1812;1813;cisco”,Service-Info = “TX”service route definiti

21、onservice type - proxyRADIUS202020 2004 Cisco Systems, Inc. All rights reserved.SSG Service Access : L2TPLAC initiates L2TP tunnel to destination LNS, SSG-PPP session is establishedSSG-NAT is performed between subscribers IP address and LNS assigned IP addressTraffic is sent out the tunnel virtual-a

22、ccess interface based on service route definitionRadius AAA is done by SSG Providers local AAA server(RADIUS-B)Tunnel (L2TP) Service TypeSSG-PPPVPDNR192.168.7.0,255.255.255.0RADIUS-ASubscriber ConnectionLACLNSRADIUS-BPool: 192.168.1.xPPP SessionIOS-NAT10.0.0.1192.168.1.10SSG212121 2004 Cisco Systems

23、, Inc. All rights reserved.SSG Service Definition : L2TPTunnel (L2TP) Service TypeSample Tunnel Service Profiletunnel1 Password = “servicecisco”, Service-Type = OutboundService-Info = “IVPDN Tunnel Service”,Service-Info = “R192.168.1.0;255.255.255.0”,Service-Info = “vpdn:l2tp-tunnel-password=cisco”,

24、Service-Info = “vpdn:ip-addresses=192.168.1.1”,Service-Info = “vpdn:tunnel-id=tunnelxyx”,Service-Info = “TT”Tunnel informationservice type - TunnelRADIUS222222 2004 Cisco Systems, Inc. All rights reserved.SSG Host Object Building BlocksHost Object Maintains user information User IP address Created a

25、t time of user Account logon List of Services user can access232323 2004 Cisco Systems, Inc. All rights reserved.SSG - Service Object Building BlocksService Object Maintains Info about SSG service Service Name Service IP Domain(s) Other Service Attributes242424 2004 Cisco Systems, Inc. All rights re

26、served.SSG - Connection Object Building BlocksConnection Object Accounting information Service QoS Created at time of Service logon252525 2004 Cisco Systems, Inc. All rights reserved.Service Summary Host Objects Connection Objects SubscriberINTERNETVODQUAKEHost-ObjService ObjectsNATNATL2TPPROXYPassT

27、hru262626 2004 Cisco Systems, Inc. All rights reserved.Agenda SSG CSG Billing Hardware272727 2004 Cisco Systems, Inc. All rights reserved.Mobile Data Services “Gateway” Network/Content Usage Collection & EnforcementVideoVoiceContentWalled GardenCompany AIP VPNInternetContent provider /aggregator BCo

28、ntent provider /aggregator ABy piping all traffic through the “Gateway” for prepaid, the operator can enable consistent, real-time prepaid enforcement and control.Mediation/ Billing System Business/ rating rules Content provider pricingSSG & CSGPDSNWLAN282828 2004 Cisco Systems, Inc. All rights rese

29、rved.CSG provides the following features and functionality:Postpaid Billing,BMA Load SharingHTTP 1.0 Content BillingHTTP 1.1 Content BillingPostpaid FTP BillingNon-HTTP TrafficPrepaid Content Billing and AccountingObtaining User IDsLearning Client IP Addresses via Inspection of X-Forwarded-For Heade

30、rsFiltering AccountingRADIUS Proxy SupportHTTP Records Reporting FlexibilityHTTP Error Code ReportingStateful RedundancyIntermediate Billing RecordsPacket CountsFragment SupportMMS ExcludeWAP Connectionless and Connection Orientated292929 2004 Cisco Systems, Inc. All rights reserved.Learning who the

31、 subscriber isRadius Accounting flowData flowAccounting messages are “paid attention to” ONLY Other RADIUS messages are passed through to the RADIUS SERVERRadius Accounting flowData flowAAARADIUS Accounting ProxyRADIUS Accounting Endpoint AAARADIUS Accounting sent from the AAA (or other RADIUS Proxy

32、) to the CSGRADIUS ACCOUNTING START 303030 2004 Cisco Systems, Inc. All rights reserved.Intelligence in the Data PathCSGAAARadius flowData flowsService 1: User self-careBalance inquiries, Account replenishment, Advice of ChargeMMS Bearer TrafficService 2Third Party hosted multimediaService 3: NewsSt

33、ock quotes, Sports scores, WeatherService 4: DownloadsRing tones, screen savers, etcExample ServicesFree BearerBill per TimeFrom Quota 1Bill per ClickFrom Quota 2Bill per VolumeFrom Quota 3Real Time InteractionAuthorisation ; ProfilingVia Active MiddlewareTo Business Operations313131 2004 Cisco Syst

34、ems, Inc. All rights reserved.Agenda SSG CSG Billing Hardware323232 2004 Cisco Systems, Inc. All rights reserved.CMX BillingSSG Postpaid BillingAccounting START/Accounting STOP are sent to the AAA The RADIUS Accounting Records contain per service volume and time accounting, that can be used by billi

35、ng systems to bill the userSSG Prepaid BillingBased on the SSG prepaid featuresCheck a subscribers available credit to determine whether to connect the subscriber to a service and how long the connection can lastSSG interacts with the AAA server and the prepaid billing to determine the quota values

36、and usageWhen the quota runs out, SSG performs reauthorization 333333 2004 Cisco Systems, Inc. All rights reserved.CMX Billing (Cont.)CSG Content Postpaid BillingCSG logs user traffic and generates URL-based content CDRsThe content CDRs are then sent to a Charging Gateway (or billing mediation devic

37、e) over GTPCSG Content Hot Billing Checks for available funds when a user want to access a particular content (a content is identified by a particular URL, it is also called per page billing)Within this URL the user will be available to download some file to do per event billingThe CSG can account f

38、or the pages (URL) and for the events The billing server may terminate the user session when the user credit reaches zero343434 2004 Cisco Systems, Inc. All rights reserved.Services BillingBillingMediationSSGOpen GardenInternetBrowsingPer packet Per downloadPer messagePer UrlFreeCharge based onValue

39、BrandControl353535 2004 Cisco Systems, Inc. All rights reserved.Billing systemRADIUSaccounting serverServicesBilling and Pre-Paid Services Subscriber or service connection-based Support for prepaid and postpaid models Flexible billing allows providers to charge for any service in any manner363636 20

40、04 Cisco Systems, Inc. All rights reserved.CSG BillingCSGRadius Accounting flowData flowusername DatabaseBilling and Mediation PartnersQuotaServerMediationAgentRequest quota per serviceReport used quotaQuota RequestSrc IPDest IPURLusernameTOSAccountingRecordsXML(optional)373737 2004 Cisco Systems, I

41、nc. All rights reserved.Call Flows (User Sign-On)PDSNAAACSGService 1Service 2Service 3QSBMAAcct-Start User Logs InAcct-Startreplicated Acct-Start is received by CSGUsrProfileReq CSG Requests the Users ProfileUsrProfileRsp QS (Quota Server) Sends the Users Profile containing his Billing Plan383838 20

42、04 Cisco Systems, Inc. All rights reserved.First Service Access (Service 2)PDSNAAACSGService 1Service 2:Local MultimediaService 3QSBMAGET(http:/ This is the first access to Service 2 by the user CSG needs to obtain quota firstSvcAuthReq CSG Sends SvcAuthReq(UserName, Service 2) to QSSvcAuthRsp QS ta

43、kes a part of the users credit (say, 1), converts it to equivalent number of “bytes” (say, 1Meg) and sends SvcAuthResp(UserName, service2, 1Meg) to CSG.GET(http:/ CSG forwards the original request to the content server, meters traffic on this connection, and keeps deducting from the 1Meg quota. CSG

44、sends billing records (CDRs) to the BMA, either periodically or at the end of the transactionCDR393939 2004 Cisco Systems, Inc. All rights reserved.Continued Access to Service 2PDSNAAACSGService 1Service 2:Local MultimediaService 3QSBMAGET(http:/ CSG still has more Service 2 quota for the user, say

45、0.7Meg. User sends new request, for another transaction under Service 2. CSG will keep using this quota for any further accesses to service2. CSG forwards the request, and the user accesses this service as long as there is sufficient quota When CSG reaches a low threshold for the users quota for a s

46、ervice, it re-authorizes the user for that serviceSvcReAuth404040 2004 Cisco Systems, Inc. All rights reserved.Access to Service 3PDSNAAACSGService 1Service 2:Local MultimediaService 3Stock QuotesQSBMAGET(http:/ The user requests a stock quote, which matches Service 3. CSG has not authorized the use

47、r for Service 3 yet.SvcAuthReq CSG Sends SvcAuthReq(UserName, Service 3) to QS. Service 3 is billed per download, so the quota server deducts money (say, another 1) from the users account which will allow 10 downloads.SvcAuthRsp QS sends SvcAuthResp(UserName, service2, 10) to CSG, which allows the u

48、ser 10 downloads in service 3 CSG forwards the request to the content server, and the user gets the quote. CSG now has sufficient quota for another 9 stock quotes.414141 2004 Cisco Systems, Inc. All rights reserved.Self-care (Free Service)GGSNAAACSGService 1:SelfCareService 2:Local MultimediaService

49、 3:Stock QuotesQSBMAGET(http:/ The user tries to go to the selfcare website to edit his profile, or add money to his prepaid credit.SvcAuthReq CSG Sends SvcAuthReq(UserName, Service 1) to QS. Service 1 is free, so the quota server allows CSG a large number of downloads without deducting money from t

50、he users account.SvcAuthRsp QS sends SvcAuthResp(UserName, service2, 0 xffffffff) to CSG, which allows the user 0 xffffffff downloads in service 1 CSG forwards the request to the content server. CSG still has virtually infinite number of downloads from this service without asking for more quota. 424