1、1 2004 Cisco Systems,Inc.All rights reserved.Cisco Mobile Exchange2 2 2 2004 Cisco Systems,Inc.All rights reserved.SLAmonitoringSLAmonitoringSLAmonitoringOperatorControl point1OperatorControl point2Cisco Mobile Exchange Solution Set:Giving control back to the operatorMS:Mobile StationSGSN:Servicing
2、GPRS Support NodeGGSN:Gateway GPRS Support NodePDSN:Packet Data Serving NodeCMX:Cisco Mobile ExchangeMSFC:Multilayer Switch Feature CardRLB:Radius Load-balancerFWLB:Firewall Load-balancer SSG:Service Selection Gateway POP:Point of Presence CSG:Content Services Gateway BMA:Billing Mediation AgentSESM
3、:Subscriber Edge Service Manager3 3 3 2004 Cisco Systems,Inc.All rights reserved.The Cisco Mobile Exchange Scope Radio EdgeMobile Internet EdgeAggregationMSCRadius Web PortalServices SelectionMIPL2TPGREIPSecMPLSIPV4IPV6CMXSession establishmentIP routing&forwardingAddress allocationUser authenticatio
4、nAccess selectionAccountingVPN edge functionService profileContent billing/accounting Charging gatewayLoad balancingNetwork managementVPNIntranetInternetInternetISP/ASPMVNOOpen GardenVPNWalledGardenWLAN2.5/3 GBSC/PCFCDMA 1X/DO/DVSGSNGGSNPDSNHAPacket GWGGSN HA PDSN 802.11 VPN SGSNService Proxy Passth
5、rough TunnelSSGs4 4 4 2004 Cisco Systems,Inc.All rights reserved.Framework of solutions targeted at the Subscriber Internet EdgeA collection of Cisco devices that provide consistent mobile and IP servicesDelivers cost effective and scalable solutions to meet the needs of Mobile OperatorsDemonstrates
6、 Cisco IOS/IP value add servicesLeverage Catalyst 7600 family with IP,mobile&content functionalityWhat is CMX?Cisco Mobile ExchangeNetwork Managementand OperationsPlatforms forPerformance and ReliabilityLoad Balancing and continuous availability.Mobile ServicesService SelectionContent MonitoringAdva
7、nced BillingPacket Gateways(GPRS/UMTS,PDSN,HA,)5 5 5 2004 Cisco Systems,Inc.All rights reserved.Agenda SSG CSG Billing Hardware6 6 6 2004 Cisco Systems,Inc.All rights reserved.Service SelectionEnable Service SelectionSSG Service TypesService AccessSSGProxyPassthruUsernamePasswordInternet accessTunne
8、lAccessing content partner networksCorporate accessAuto services logon(based on user configured settings)7 7 7 2004 Cisco Systems,Inc.All rights reserved.Typical Service Selection Call FlowRouterSESMAAA ServerPPPWeb RequestRedirectionUnAuth User PageLogin ResponseLogin InfoAuthentication Get Profile
9、Access control and service selectionService access based on user profileSSGClientAccess ControlPDSNAccounting-StartAccounting-Start8 8 8 2004 Cisco Systems,Inc.All rights reserved.Service Selection(SSG,SESM,AAA.)Features Include:Captive PortalOpen Garden(Free services)Walled Garden(Premium services)
10、Prepaid ServicesHierarchical Policing Subscriber Self-CareAdvertisingRADIUS/Directory AuthenticationLocation brandingAuto loginWeb Services Gateway9 9 9 2004 Cisco Systems,Inc.All rights reserved.SSG Services SSG provides a way to give different types of subscriber access to particular IP domains.Th
11、e IP Domains can be a single host,a subnetwork or multiple networks.Depending on the configuration the services can be authenticated or free access.101010 2004 Cisco Systems,Inc.All rights reserved.OPEN-GARDEN(Free Services)Walled-GARDEN(Authenticated Services)Services Network or Application AccessS
12、ubscriber ServicesSSGBackboneSESM111111 2004 Cisco Systems,Inc.All rights reserved.Service Control User ExperienceTime/VolumePrepaid/PostpaidAllowed&ChargedNot Allowed121212 2004 Cisco Systems,Inc.All rights reserved.SSG Service Summary Host Objects Connection Objects SubscriberINTERNETVODQUAKEHost-
13、ObjService ObjectsNATNATL2TPPROXYRouted131313 2004 Cisco Systems,Inc.All rights reserved.SSG Service Access Types141414 2004 Cisco Systems,Inc.All rights reserved.SSG Service Access:Passthru Radius AAA is done by SSG Providers local AAA server Traffic is sent out“bound”interface based on service rou
14、te definition Use next-hop table or explicit bindingsPassthrough Service TypeIntranetInternetSSGR192.168.1.0,255.255.255.0RADIUSR0.0.0.0;0.0.0.0192.168.1.100zapSSG151515 2004 Cisco Systems,Inc.All rights reserved.SSG Service Definition:PassthruPassthrough Service TypeSample Passthrough Service Profi
15、lezap-com Password=“servicecisco”,Service-Type=OutboundService-Info=“Izap”,Service-Info=“R192.168.1.100;255.255.255.255”,Service-Info=“TP”service destination route definitionService Type-passthroughRADIUS161616 2004 Cisco Systems,Inc.All rights reserved.SSG Service Definition:Passthru Passthrough Se
16、rvice Type(Internet)Sample Passthrough Service Profileintranet Password=“servicecisco”,Service-Type=OutboundService-Info=“IInternet”,Service-Info=“R0.0.0.0;0.0.0.0”,Service-Info=R192.168.6.0;255.255.255.0;E,Service-Info=“TP”service destination route definition(special case for Internet)service type-
17、passthroughRADIUS171717 2004 Cisco Systems,Inc.All rights reserved.SSG Service Access:Proxy-RADIUSThe SSG terminates user sessions from hosts to the SSG and makes a virtual Connection from the SSG to the service destinationThe SSG will Authenticate and Authorize the service via the remote Radius Ser
18、ver.The SSG does NAT if the remote RADIUS user authorization includes IP addressProxy-Radius Service TypeWeb PortalApplicationIntranetInternetExtranetRADIUSHTTP TRAFFICRadius Request10.0.0.112.17.1.10Radius Reply(accept/IP)10.0.0.1192.168.1.10NATRADIUSSSG181818 2004 Cisco Systems,Inc.All rights rese
19、rved.SSG Service Definition:Proxy-RADIUSProxy-Radius Service TypeIP Address,Ports and shared-secret of Remote AAASample Proxy Service Profileproxy-service Password=“servicecisco”,Service-Type=OutboundService-Info=“IProxy-service”,Service-Info=“R12.17.1.10;255.255.255.255”,Service-Info=“S192.168.1.1;
20、1812;1813;cisco”,Service-Info=“TX”service route definitionservice type-proxyRADIUS191919 2004 Cisco Systems,Inc.All rights reserved.SSG Service Access:L2TPLAC initiates L2TP tunnel to destination LNS,SSG-PPP session is establishedSSG-NAT is performed between subscribers IP address and LNS assigned I
21、P addressTraffic is sent out the tunnel virtual-access interface based on service route definitionRadius AAA is done by SSG Providers local AAA server(RADIUS-B)Tunnel(L2TP)Service TypeSSG-PPPVPDNR192.168.7.0,255.255.255.0RADIUS-ASubscriber ConnectionLACLNSRADIUS-BPool:192.168.1.xPPP SessionIOS-NAT10
22、.0.0.1192.168.1.10SSG202020 2004 Cisco Systems,Inc.All rights reserved.SSG Service Definition:L2TPTunnel(L2TP)Service TypeSample Tunnel Service Profiletunnel1 Password=“servicecisco”,Service-Type=OutboundService-Info=“IVPDN Tunnel Service”,Service-Info=“R192.168.1.0;255.255.255.0”,Service-Info=“vpdn
23、:l2tp-tunnel-password=cisco”,Service-Info=“vpdn:ip-addresses=192.168.1.1”,Service-Info=“vpdn:tunnel-id=tunnelxyx”,Service-Info=“TT”Tunnel informationservice type-TunnelRADIUS212121 2004 Cisco Systems,Inc.All rights reserved.SSG Host Object Building BlocksHost Object Maintains user information User I
24、P address Created at time of user Account logon List of Services user can access222222 2004 Cisco Systems,Inc.All rights reserved.SSG-Service Object Building BlocksService Object Maintains Info about SSG service Service Name Service IP Domain(s)Other Service Attributes232323 2004 Cisco Systems,Inc.A
25、ll rights reserved.SSG-Connection Object Building BlocksConnection Object Accounting information Service QoS Created at time of Service logon242424 2004 Cisco Systems,Inc.All rights reserved.Service Summary Host Objects Connection Objects SubscriberINTERNETVODQUAKEHost-ObjService ObjectsNATNATL2TPPR
26、OXYPassThru252525 2004 Cisco Systems,Inc.All rights reserved.Agenda SSG CSG Billing Hardware262626 2004 Cisco Systems,Inc.All rights reserved.Mobile Data Services“Gateway”Network/Content Usage Collection&EnforcementVideoVoiceContentWalled GardenCompany AIP VPNInternetContent provider/aggregator BCon
27、tent provider/aggregator ABy piping all traffic through the“Gateway”for prepaid,the operator can enable consistent,real-time prepaid enforcement and control.Mediation/Billing System Business/rating rules Content provider pricingSSG&CSGPDSNWLAN272727 2004 Cisco Systems,Inc.All rights reserved.CSG pro
28、vides the following features and functionality:Postpaid Billing,BMA Load SharingHTTP 1.0 Content BillingHTTP 1.1 Content BillingPostpaid FTP BillingNon-HTTP TrafficPrepaid Content Billing and AccountingObtaining User IDsLearning Client IP Addresses via Inspection of X-Forwarded-For HeadersFiltering
29、AccountingRADIUS Proxy SupportHTTP Records Reporting FlexibilityHTTP Error Code ReportingStateful RedundancyIntermediate Billing RecordsPacket CountsFragment SupportMMS ExcludeWAP Connectionless and Connection Orientated282828 2004 Cisco Systems,Inc.All rights reserved.Learning who the subscriber is
30、Radius Accounting flowData flowAccounting messages are“paid attention to”ONLY Other RADIUS messages are passed through to the RADIUS SERVERRadius Accounting flowData flowAAARADIUS Accounting ProxyRADIUS Accounting Endpoint AAARADIUS Accounting sent from the AAA(or other RADIUS Proxy)to the CSGRADIUS
31、 ACCOUNTING START 292929 2004 Cisco Systems,Inc.All rights reserved.Intelligence in the Data PathCSGAAARadius flowData flowsService 1:User self-careBalance inquiries,Account replenishment,Advice of ChargeMMS Bearer TrafficService 2Third Party hosted multimediaService 3:NewsStock quotes,Sports scores
32、,WeatherService 4:DownloadsRing tones,screen savers,etcExample ServicesFree BearerBill per TimeFrom Quota 1Bill per ClickFrom Quota 2Bill per VolumeFrom Quota 3Real Time InteractionAuthorisation;ProfilingVia Active MiddlewareTo Business Operations303030 2004 Cisco Systems,Inc.All rights reserved.Age
33、nda SSG CSG Billing Hardware313131 2004 Cisco Systems,Inc.All rights reserved.CMX BillingSSG Postpaid BillingAccounting START/Accounting STOP are sent to the AAA The RADIUS Accounting Records contain per service volume and time accounting,that can be used by billing systems to bill the userSSG Prepa
34、id BillingBased on the SSG prepaid featuresCheck a subscribers available credit to determine whether to connect the subscriber to a service and how long the connection can lastSSG interacts with the AAA server and the prepaid billing to determine the quota values and usageWhen the quota runs out,SSG
35、 performs reauthorization 323232 2004 Cisco Systems,Inc.All rights reserved.CMX Billing(Cont.)CSG Content Postpaid BillingCSG logs user traffic and generates URL-based content CDRsThe content CDRs are then sent to a Charging Gateway(or billing mediation device)over GTPCSG Content Hot Billing Checks
36、for available funds when a user want to access a particular content(a content is identified by a particular URL,it is also called per page billing)Within this URL the user will be available to download some file to do per event billingThe CSG can account for the pages(URL)and for the events The bill
37、ing server may terminate the user session when the user credit reaches zero333333 2004 Cisco Systems,Inc.All rights reserved.Services BillingBillingMediationSSGOpen GardenInternetBrowsingPer packet Per downloadPer messagePer UrlFreeCharge based onValueBrandControl343434 2004 Cisco Systems,Inc.All ri
38、ghts reserved.Billing systemRADIUSaccounting serverServicesBilling and Pre-Paid Services Subscriber or service connection-based Support for prepaid and postpaid models Flexible billing allows providers to charge for any service in any manner353535 2004 Cisco Systems,Inc.All rights reserved.CSG Billi
39、ngCSGRadius Accounting flowData flowusername DatabaseBilling and Mediation PartnersQuotaServerMediationAgentRequest quota per serviceReport used quotaQuota RequestSrc IPDest IPURLusernameTOSAccountingRecordsXML(optional)363636 2004 Cisco Systems,Inc.All rights reserved.Call Flows(User Sign-On)PDSNAA
40、ACSGService 1Service 2Service 3QSBMAAcct-Start User Logs InAcct-Startreplicated Acct-Start is received by CSGUsrProfileReq CSG Requests the Users ProfileUsrProfileRsp QS(Quota Server)Sends the Users Profile containing his Billing Plan373737 2004 Cisco Systems,Inc.All rights reserved.First Service Ac
41、cess(Service 2)PDSNAAACSGService 1Service 2:Local MultimediaService 3QSBMAGET(goals/s2/recentgoals/beckham-goal.mpg)This is the first access to Service 2 by the user CSG needs to obtain quota firstSvcAuthReq CSG Sends SvcAuthReq(UserName,Service 2)to QSSvcAuthRsp QS takes a part of the users credit(
42、say,1),converts it to equivalent number of“bytes”(say,1Meg)and sends SvcAuthResp(UserName,service2,1Meg)to CSG.GET(goals/s2/recentgoals/beckham-goal.mpg)CSG forwards the original request to the content server,meters traffic on this connection,and keeps deducting from the 1Meg quota.CSG sends billing
43、 records(CDRs)to the BMA,either periodically or at the end of the transactionCDR383838 2004 Cisco Systems,Inc.All rights reserved.Continued Access to Service 2PDSNAAACSGService 1Service 2:Local MultimediaService 3QSBMAGET(goals/s2/worldcup/ronaldo.mpg)CSG still has more Service 2 quota for the user,
44、say 0.7Meg.User sends new request,for another transaction under Service 2.CSG will keep using this quota for any further accesses to service2.CSG forwards the request,and the user accesses this service as long as there is sufficient quota When CSG reaches a low threshold for the users quota for a se
45、rvice,it re-authorizes the user for that serviceSvcReAuth393939 2004 Cisco Systems,Inc.All rights reserved.Access to Service 3PDSNAAACSGService 1Service 2:Local MultimediaService 3Stock QuotesQSBMAGET(stock/getQuote?s=CSCO&d=1d)The user requests a stock quote,which matches Service 3.CSG has not auth
46、orized the user for Service 3 yet.SvcAuthReq CSG Sends SvcAuthReq(UserName,Service 3)to QS.Service 3 is billed per download,so the quota server deducts money(say,another 1)from the users account which will allow 10 downloads.SvcAuthRsp QS sends SvcAuthResp(UserName,service2,10)to CSG,which allows th
47、e user 10 downloads in service 3 CSG forwards the request to the content server,and the user gets the quote.CSG now has sufficient quota for another 9 stock quotes.404040 2004 Cisco Systems,Inc.All rights reserved.Self-care(Free Service)GGSNAAACSGService 1:SelfCareService 2:Local MultimediaService 3
48、:Stock QuotesQSBMAGET(selfcare/editprofile.html)The user tries to go to the selfcare website to edit his profile,or add money to his prepaid credit.SvcAuthReq CSG Sends SvcAuthReq(UserName,Service 1)to QS.Service 1 is free,so the quota server allows CSG a large number of downloads without deducting
49、money from the users account.SvcAuthRsp QS sends SvcAuthResp(UserName,service2,0 xffffffff)to CSG,which allows the user 0 xffffffff downloads in service 1 CSG forwards the request to the content server.CSG still has virtually infinite number of downloads from this service without asking for more quo
50、ta.414141 2004 Cisco Systems,Inc.All rights reserved.Customer Features,Advantages&BenefitsPostpaid/Prepaid BillingEnables differentiated billing for individual pieces of ContentAdds User Identity informationWatches Radius Accounting Starts/Stops/ON/OFFProvision for customer-supplied XML feed from a
