1、1 2004 Cisco Systems, Inc. All rights reserved.Cisco Mobile Exchange2 2 2 2004 Cisco Systems, Inc. All rights reserved.SLAmonitoringSLAmonitoringSLAmonitoringAccessYours, anyonesCoreYours, anyonesServicesYours, anyonesOperatorControl point1OperatorControl point2Cisco Mobile Exchange Solution Set : G
2、iving control back to the operatorMS : Mobile StationSGSN: Servicing GPRS Support NodeGGSN: Gateway GPRS Support NodePDSN: Packet Data Serving NodeCMX : Cisco Mobile ExchangeMSFC: Multilayer Switch Feature CardRLB: Radius Load-balancerFWLB: Firewall Load-balancer SSG: Service Selection Gateway POP:
3、Point of Presence CSG: Content Services Gateway BMA: Billing Mediation AgentSESM: Subscriber Edge Service Manager3 3 3 2004 Cisco Systems, Inc. All rights reserved.The Cisco Mobile Exchange Scope Radio EdgeMobile Internet EdgeAggregationMSCRadius Web PortalServices SelectionMIPL2TPGREIPSecMPLSIPV4IP
4、V6CMXSession establishmentIP routing & forwardingAddress allocationUser authenticationAccess selectionAccountingVPN edge functionService profileContent billing/accounting Charging gatewayLoad balancingNetwork managementVPNIntranetInternetInternetISP / ASPMVNOOpen GardenVPNWalledGardenWLAN2.5/3 GBSC/
5、PCFCDMA 1X/DO/DVSGSNGGSNPDSNHAPacket GWGGSN HA PDSN 802.11 VPN SGSNService Proxy Passthrough TunnelSSGs4 4 4 2004 Cisco Systems, Inc. All rights reserved.Framework of solutions targeted at the Subscriber Internet EdgeA collection of Cisco devices that provide consistent mobile and IP servicesDeliver
6、s cost effective and scalable solutions to meet the needs of Mobile OperatorsDemonstrates Cisco IOS/IP value add servicesLeverage Catalyst 7600 family with IP, mobile & content functionalityWhat is CMX?Cisco Mobile ExchangeNetwork Managementand OperationsPlatforms forPerformance and ReliabilityLoad
7、Balancing and continuous availability.Mobile ServicesService SelectionContent MonitoringAdvanced BillingPacket Gateways (GPRS/UMTS, PDSN, HA,)5 5 5 2004 Cisco Systems, Inc. All rights reserved.Agenda SSG CSG Billing Hardware6 6 6 2004 Cisco Systems, Inc. All rights reserved.Service SelectionEnable S
8、ervice SelectionSSG Service TypesService AccessSSGProxyPassthruUsernamePasswordInternet accessTunnelAccessing content partner networksCorporate accessAuto services logon (based on user configured settings) 7 7 7 2004 Cisco Systems, Inc. All rights reserved.Typical Service Selection Call FlowRouterSE
9、SMAAA ServerPPPWeb RequestRedirectionUnAuth User PageLogin ResponseLogin InfoAuthentication Get ProfileAccess control and service selectionService access based on user profileSSGClientAccess ControlPDSNAccounting-StartAccounting-Start8 8 8 2004 Cisco Systems, Inc. All rights reserved.Service Selecti
10、on ( SSG, SESM, AAA. ) Features Include:Captive PortalOpen Garden (Free services)Walled Garden (Premium services)Prepaid ServicesHierarchical Policing Subscriber Self-CareAdvertisingRADIUS/Directory AuthenticationLocation brandingAuto loginWeb Services Gateway9 9 9 2004 Cisco Systems, Inc. All right
11、s reserved.SSG Services SSG provides a way to give different types of subscriber access to particular IP domains. The IP Domains can be a single host, a subnetwork or multiple networks. Depending on the configuration the services can be authenticated or free access.101010 2004 Cisco Systems, Inc. Al
12、l rights reserved.OPEN-GARDENOPEN-GARDEN(Free Services)(Free Services)Walled-GARDENWalled-GARDEN(Authenticated (Authenticated Services)Services)Services Network or Application AccessServices Network or Application AccessSubscriber ServicesSSGSSGBackboneBackboneSESM111111 2004 Cisco Systems, Inc. All
13、 rights reserved.Service Control User ExperienceTime / VolumePrepaid / PostpaidAllowed & ChargedNot Allowed121212 2004 Cisco Systems, Inc. All rights reserved.SSG Service Summary Host Objects Connection Objects SubscriberINTERNETVODQUAKEHost-ObjService ObjectsNATNATL2TPPROXYRouted131313 2004 Cisco S
14、ystems, Inc. All rights reserved.SSG Service Access Types141414 2004 Cisco Systems, Inc. All rights reserved.SSG Service Access : Passthru Radius AAA is done by SSG Providers local AAA server Traffic is sent out “bound” interface based on service route definition Use next-hop table or explicit bindi
15、ngsPassthrough Service TypeIntranetInternetSSGR192.168.1.0,255.255.255.0RADIUSR0.0.0.0;SSG151515 2004 Cisco Systems, Inc. All rights reserved.SSG Service Definition : PassthruPassthrough Service TypeSample Passthrough Service Profilezap-com Password = “servicecisco”, Service-Type = OutboundService-I
16、nfo = “I”,Service-Info = “R192.168.1.100;255.255.255.255”,Service-Info = “TP”service destination route definitionService Type - passthroughRADIUS161616 2004 Cisco Systems, Inc. All rights reserved.SSG Service Definition : Passthru Passthrough Service Type( Internet )Sample Passthrough Service Profil
17、eintranet Password = “servicecisco”, Service-Type = OutboundService-Info = “IInternet”,Service-Info = “R0.0.0.0;0.0.0.0”, Service-Info = R192.168.6.0;255.255.255.0;E,Service-Info = “TP”service destination route definition( special case for Internet )service type - passthroughRADIUS171717 2004 Cisco
18、Systems, Inc. All rights reserved.SSG Service Access : Proxy-RADIUSThe SSG terminates user sessions from hosts to the SSG and makes a virtual Connection from the SSG to the service destinationThe SSG will Authenticate and Authorize the service via the remote Radius Server.The SSG does NAT if the rem
19、ote RADIUS user authorization includes IP addressProxy-Radius Service TypeWeb PortalApplicationIntranetInternetExtranetRADIUSHTTP TRAFFICRadius Request10.0.0.112.17.1.10Radius Reply(accept/IP)10.0.0.1192.168.1.10NATRADIUSSSG181818 2004 Cisco Systems, Inc. All rights reserved.SSG Service Definition :
20、 Proxy-RADIUSProxy-Radius Service TypeIP Address, Ports and shared-secret of Remote AAASample Proxy Service Profileproxy-service Password = “servicecisco”, Service-Type = OutboundService-Info = “IProxy-service”,Service-Info = “R12.17.1.10;255.255.255.255”,Service-Info = “S192.168.1.1;1812;1813;cisco
21、”,Service-Info = “TX”service route definitionservice type - proxyRADIUS191919 2004 Cisco Systems, Inc. All rights reserved.SSG Service Access : L2TPLAC initiates L2TP tunnel to destination LNS, SSG-PPP session is establishedSSG-NAT is performed between subscribers IP address and LNS assigned IP addr
22、essTraffic is sent out the tunnel virtual-access interface based on service route definitionRadius AAA is done by SSG Providers local AAA server(RADIUS-B)Tunnel (L2TP) Service TypeSSG-PPPVPDNR192.168.7.0,255.255.255.0RADIUS-ASubscriber ConnectionLACLNSRADIUS-BPool: 192.168.1.xPPP SessionIOS-NAT10.0.
23、0.1192.168.1.10SSG202020 2004 Cisco Systems, Inc. All rights reserved.SSG Service Definition : L2TPTunnel (L2TP) Service TypeSample Tunnel Service Profiletunnel1 Password = “servicecisco”, Service-Type = OutboundService-Info = “IVPDN Tunnel Service”,Service-Info = “R192.168.1.0;255.255.255.0”,Servic
24、e-Info = “vpdn:l2tp-tunnel-password=cisco”,Service-Info = “vpdn:ip-addresses=192.168.1.1”,Service-Info = “vpdn:tunnel-id=tunnelxyx”,Service-Info = “TT”Tunnel informationservice type - TunnelRADIUS212121 2004 Cisco Systems, Inc. All rights reserved.SSG Host Object Building BlocksHost Object Maintains
25、 user information User IP address Created at time of user Account logon List of Services user can access222222 2004 Cisco Systems, Inc. All rights reserved.SSG - Service Object Building BlocksService Object Maintains Info about SSG service Service Name Service IP Domain(s) Other Service Attributes23
26、2323 2004 Cisco Systems, Inc. All rights reserved.SSG - Connection Object Building BlocksConnection Object Accounting information Service QoS Created at time of Service logon242424 2004 Cisco Systems, Inc. All rights reserved.Service Summary Host Objects Connection Objects SubscriberINTERNETVODQUAKE
27、Host-ObjService ObjectsNATNATL2TPPROXYPassThru252525 2004 Cisco Systems, Inc. All rights reserved.Agenda SSG CSG Billing Hardware262626 2004 Cisco Systems, Inc. All rights reserved.Mobile Data Services “Gateway” Network/Content Usage Collection & EnforcementVideoVoiceContentWalled GardenCompany AIP
28、VPNInternetContent provider /aggregator BContent provider /aggregator ABy piping all traffic through the “Gateway” for prepaid, the operator can enable consistent, real-time prepaid enforcement and control.Mediation/ Billing System Business/ rating rules Content provider pricingSSG & CSGPDSNWLAN2727
29、27 2004 Cisco Systems, Inc. All rights reserved.CSG provides the following features and functionality:Postpaid Billing,BMA Load SharingHTTP 1.0 Content BillingHTTP 1.1 Content BillingPostpaid FTP BillingNon-HTTP TrafficPrepaid Content Billing and AccountingObtaining User IDsLearning Client IP Addres
30、ses via Inspection of X-Forwarded-For HeadersFiltering AccountingRADIUS Proxy SupportHTTP Records Reporting FlexibilityHTTP Error Code ReportingStateful RedundancyIntermediate Billing RecordsPacket CountsFragment SupportMMS ExcludeWAP Connectionless and Connection Orientated282828 2004 Cisco Systems
31、, Inc. All rights reserved.Learning who the subscriber isRadius Accounting flowData flowAccounting messages are “paid attention to” ONLY Other RADIUS messages are passed through to the RADIUS SERVERRadius Accounting flowData flowAAARADIUS Accounting ProxyRADIUS Accounting Endpoint AAARADIUS Accounti
32、ng sent from the AAA (or other RADIUS Proxy) to the CSGRADIUS ACCOUNTING START 292929 2004 Cisco Systems, Inc. All rights reserved.Intelligence in the Data PathCSGAAARadius flowData flowsService 1: User self-careBalance inquiries, Account replenishment, Advice of ChargeMMS Bearer TrafficService 2Thi
33、rd Party hosted multimediaService 3: NewsStock quotes, Sports scores, WeatherService 4: DownloadsRing tones, screen savers, etcExample ServicesFree BearerBill per TimeFrom Quota 1Bill per ClickFrom Quota 2Bill per VolumeFrom Quota 3Real Time InteractionAuthorisation ; ProfilingVia Active MiddlewareT
34、o Business Operations303030 2004 Cisco Systems, Inc. All rights reserved.Agenda SSG CSG Billing Hardware313131 2004 Cisco Systems, Inc. All rights reserved.CMX BillingSSG Postpaid BillingAccounting START/Accounting STOP are sent to the AAA The RADIUS Accounting Records contain per service volume and
35、 time accounting, that can be used by billing systems to bill the userSSG Prepaid BillingBased on the SSG prepaid featuresCheck a subscribers available credit to determine whether to connect the subscriber to a service and how long the connection can lastSSG interacts with the AAA server and the pre
36、paid billing to determine the quota values and usageWhen the quota runs out, SSG performs reauthorization 323232 2004 Cisco Systems, Inc. All rights reserved.CMX Billing (Cont.)CSG Content Postpaid BillingCSG logs user traffic and generates URL-based content CDRsThe content CDRs are then sent to a C
37、harging Gateway (or billing mediation device) over GTPCSG Content Hot Billing Checks for available funds when a user want to access a particular content (a content is identified by a particular URL, it is also called per page billing)Within this URL the user will be available to download some file t
38、o do per event billingThe CSG can account for the pages (URL) and for the events The billing server may terminate the user session when the user credit reaches zero333333 2004 Cisco Systems, Inc. All rights reserved.Services BillingBillingMediationSSGOpen GardenInternetBrowsingPer packet Per downloa
39、dPer messagePer UrlFreeCharge based onValueBrandControl343434 2004 Cisco Systems, Inc. All rights reserved.Billing systemRADIUSaccounting serverServicesBilling and Pre-Paid Services Subscriber or service connection-based Support for prepaid and postpaid models Flexible billing allows providers to ch
40、arge for any service in any manner353535 2004 Cisco Systems, Inc. All rights reserved.CSG BillingCSGRadius Accounting flowData flowusername DatabaseBilling and Mediation PartnersQuotaServerMediationAgentRequest quota per serviceReport used quotaQuota RequestSrc IPDest IPURLusernameTOSAccountingRecor
41、dsXML(optional)363636 2004 Cisco Systems, Inc. All rights reserved.Call Flows (User Sign-On)PDSNAAACSGService 1Service 2Service 3QSBMAAcct-Start User Logs InAcct-Startreplicated Acct-Start is received by CSGUsrProfileReq CSG Requests the Users ProfileUsrProfileRsp QS (Quota Server) Sends the Users P
42、rofile containing his Billing Plan373737 2004 Cisco Systems, Inc. All rights reserved.First Service Access (Service 2)PDSNAAACSGService 1Service 2:Local MultimediaService 3QSBMAGET(http:/ This is the first access to Service 2 by the user CSG needs to obtain quota firstSvcAuthReq CSG Sends SvcAuthReq
43、(UserName, Service 2) to QSSvcAuthRsp QS takes a part of the users credit (say, 1), converts it to equivalent number of “bytes” (say, 1Meg) and sends SvcAuthResp(UserName, service2, 1Meg) to CSG.GET(http:/ CSG forwards the original request to the content server, meters traffic on this connection, an
44、d keeps deducting from the 1Meg quota. CSG sends billing records (CDRs) to the BMA, either periodically or at the end of the transactionCDR383838 2004 Cisco Systems, Inc. All rights reserved.Continued Access to Service 2PDSNAAACSGService 1Service 2:Local MultimediaService 3QSBMAGET(http:/ CSG still
45、has more Service 2 quota for the user, say 0.7Meg. User sends new request, for another transaction under Service 2. CSG will keep using this quota for any further accesses to service2. CSG forwards the request, and the user accesses this service as long as there is sufficient quota When CSG reaches
46、a low threshold for the users quota for a service, it re-authorizes the user for that serviceSvcReAuth393939 2004 Cisco Systems, Inc. All rights reserved.Access to Service 3PDSNAAACSGService 1Service 2:Local MultimediaService 3Stock QuotesQSBMAGET(http:/ The user requests a stock quote, which matche
47、s Service 3. CSG has not authorized the user for Service 3 yet.SvcAuthReq CSG Sends SvcAuthReq(UserName, Service 3) to QS. Service 3 is billed per download, so the quota server deducts money (say, another 1) from the users account which will allow 10 downloads.SvcAuthRsp QS sends SvcAuthResp(UserNam
48、e, service2, 10) to CSG, which allows the user 10 downloads in service 3 CSG forwards the request to the content server, and the user gets the quote. CSG now has sufficient quota for another 9 stock quotes.404040 2004 Cisco Systems, Inc. All rights reserved.Self-care (Free Service)GGSNAAACSGService
49、1:SelfCareService 2:Local MultimediaService 3:Stock QuotesQSBMAGET(http:/ The user tries to go to the selfcare website to edit his profile, or add money to his prepaid credit.SvcAuthReq CSG Sends SvcAuthReq(UserName, Service 1) to QS. Service 1 is free, so the quota server allows CSG a large number
50、of downloads without deducting money from the users account.SvcAuthRsp QS sends SvcAuthResp(UserName, service2, 0 xffffffff) to CSG, which allows the user 0 xffffffff downloads in service 1 CSG forwards the request to the content server. CSG still has virtually infinite number of downloads from this
