Delivering on the strategy• Is Cisco’s Service Management platform for multiple IP VPN technology offerings Managed MPLS VPN Managed IPsec VPN Access VPN Broadband & Narrowband ty
Trang 1MPLS/VPN Network
Management
Cisco VPN Solution Center 2.0
Tom Zingale tomz@cisco.com
Trang 2Overview/Timelines/Features
Trang 3Delivering on the strategy
• Is Cisco’s Service Management platform for multiple
IP VPN technology offerings
Managed MPLS VPN
Managed IPsec VPN
Access VPN (Broadband & Narrowband) tying to MPLS VPN
Last mile secure (IPsec) tying to MPLS VPN
• Provides across the board support for all MPLS and
IPsec VPN enabled Platforms
VPN Solution Center
Trang 4SLA Monitoring
VPN Aware SLA Reporting
Provisioning
VPN Usage Reporting VPN Usage
Accounting
Trang 5IP VPN Solution Strategy - Charter
Cisco IOS VPN Routers
Cisco VPN 5000 Concentrators
Cisco IOS Software-Based VPN Technologies
Cisco IOS Software-Based VPN Technologies
Cable Equipment
Wireless Equipment
DSL Equipment
MGX
VPN 5000 8xx - 4xxx
Routers VPN 3000
GSR
3xxx - 7xxx Routers
CUSTOMER PREMISES
CUSTOMER PREMISES
Trang 6VPNSC Timeline
VPNSC: MPLS Solution (Eureka 1.2.1) ) Nov, 00
Trang 7VPN Solution Center 2.0
Major Features
• Distributed Telnet Gateway Server (TGS)
• Auditing and Provisioning Engine performance enhancement
• Templates Manager
General IOS command generation
• CE Staging within VPNSC
• SSH and SNMPV3 support
• Auto Provisioning SAA probes with VPN service
• Exec command, IOS configuration version control and download
console
• IPSec Provisioning Engine and GUI
• High Availability Solution for Customer
Journaling of Database and Playback
Trang 8Provisioning
Trang 9Provisioning MPLS/VPN Services
VPN Solution Center
• Automatic Generation of VPN IOS commands
• Provisioning based on network configuration
• Manages IP addresses, RD and RT values and VRF’s
• Auditing of both configuration and routing to verify
VPN connectivity
• Managed and unmanaged CE support
• Automatic Management VPN provisioning
• Latest hardware support
Cable, DSL, GSR, ESR, MGX, 7600, others…
Trang 10Smart Provisioning Engine
• Easy modification of service using IOS
command object model
• Support of IOS delta’s and provisioning based
on uploaded commands
• Validation of operator inputs against the
current network configuration before
provisioning
Trang 11Just in Time Provisioning Mechanism
Blue VPN site 2 Blue VPN site 1
VPN SC
Management Network/NOC
Management VPN
MPLS CORE
Validate Operator input
against the network
Create the PE/CE configlet
Telnet or SSH to PE
Upload current configuration
Telnet or SSH to CE
Upload current configuration
Download and Activate
IPSec or MPLS/VPN’s
Trang 12Verification of VPN Service
• Auditing Verifies VPN is functioning
Audit per customer
Audit per VPN
Audit per PE and CE link
Audits are normally scheduled periodically
• Audit IOS Configuration
Verify provisioned VPN IOS commands line by line
• Audit Routing
Verify PE and CE link propagated between sites
Trang 13FUNCTIONAL Routing &
Config ok
BROKEN
No routing
State chance by provisioning
Bad Service Request FAILED
AUDIT
Download Failed
Download OK
Trang 15Scalable Activation Engine
• Distributed and multi-threaded telnet
gateway Server (TGS) for Activation
requests between multiple TGS’s
server and initializing router using console
and CE links per hour (using API)
Trang 16Distributed Telnet Gateway Server
Large Set of VPN Service Requests
Split Telnet Requests into smaller
bundles based on threads of GTL
Partition bundle Allocate to TGS2 and provision
Partition bundle
Allocate to TGS 1
and provision
VPNSC
Trang 17Event Based Provisioning
Configuration Express Scenario (3.0)
1 Service rep accepts new customer service order, orders Cisco CPE
2 Cisco ships devices to site with provider-specified PnP configuration
3 Device boots, pulls service configuration, and validates the change
Device publishes ‘configuration success’ event – IP Connectivity!
1
Service Provider
Network 2
3
Cisco IE 2100 Appliances
Trang 18IPsec to MPLS/VPN Provisioning 2.1
MPLS
802.1q
• VPN 5000 or Double Diamond as IPSec Hub
• IPsec protects off-net traffic
Frame DLCI
CPE
CE CE
Trang 19Template System
Trang 20Template Provisioning System
• Allows flexible and smart provisioning
of any IOS commands
• Components
Template Manager GUI
Template API
• Template Definition language
Rich set of data types and expressions
Dimensional arrays, strings, float,
more
Tied to VPNSC VPN Service Request
Trang 21Example VPN Provisioning with
Trang 22VPNSC OSS Interfaces
• Complete Corba API’s for IPSec and MPLS/VPN
–Provisioning
–VPN aware SLA data
–Accounting API’s (MPLS Only)
–Task Manager (scheduling)
–Events API–Template Instantiation API
• Corba Event Gateway &Tibco bus Events
• SLA, Mib Data available in XML Format
• XML interface for easy import and export of data to VPNSC Repository
Trang 23VPNSC Partner Integrations
• VPN aware fault management
Cisco Info Center (OEM Micromuse)
• Multi-vendor and layer 2 Provisioning
Cisco Provisioning Center (OEM Syndesis)
System Integrators also available
• VPN aware Performance Reporting
Concord Network Health
• Usage Collection and Billing
Digiquant IMS and Portal Infranet
Trang 24Flow Thru Provisioning
using XML
Provisioning
GUI
XML File
•Create CE, Customer, Site
•Create PE, PAD
•Allocate Address Pools
Import Information into VPNSC Database
Output
VpnInvImport Executable
Output
XML File
•Flexible XML Data File
•Provision Any IOS Commands
XML Template Body
CORBA API to Create Template with
Template
Provision VPN Service + Template
Data
Body
Trang 25Performance Monitoring
Trang 26SLA Metrics Measured
SA Agent
Cisco IOS Router with SA Agent
SA Agent
Trang 27VPNSC SLA Network Statistics
• Customer Statistics
• Core Statistics (MPLS)
• Provision SAA probes to produce Traps
–Timeout trap
–Connectivity Loss trap
–Threshold trap
• Setup SAA history bucket for 15 minutes on router – collection and correlation hourly
• Mib2 Interface Statistics Collection
• Car Mib Stats Collection
Trang 28VPNSC Netflow Collection
Integration for MPLS
• VPNSC can produce VPN aware accounting reports
using Netflow collector
• VPNSC has repository of VPN information and
correlates using Netflow Data
• VPNSC has Accounting API’s for partners or an OSS
to retrieve the Data
• VPNSC data can be used by Billing Partners for
usage based Billing or Capacity Planning
Trang 29High Availability Strategy
–Sun Clustering 2.2 for fail over–Redundant Disk Arrays and Workstations with Fiber Channel connections
–Hot standby support
–Sun Clustering 3.0 support
–IP based disk to workstation connectivity
Trang 30Customer Deployment
Information
• 65+ Sales of VPNSC Today
• Examples of Customer Deployments
•GUI and API Deployments both in production
•Major provider EMEA - 8000 CE’s in production
Managed CE’s with DSL access
•Tier 1 with API OSS integration
MGX unmanaged CE environment
1000 CE’s
•5000 CE’s in production Asia
Provisioning 100 CE’s per day
Trang 31VPN Solution Center 2.1
Features
• Roadmap for 2.1 includes:
IPSec support for VPN3000
IPSec support for VPN5000
Support for VPN5000 and mapping of IPSec to MPLS VPN’s
PIX Firewall provisioning
Continued MPLS GSR support - Eng 3, Eng 4
MPLS 7600 support (Possibly Ethernet over MPLS also)
Additional MPLS ESR support
DSCP support for SAA probes
Trang 32VPN Solution Center 3.0
Proposed Features
Web based GUI
Distributed auditing and collection
Distributed relational DB
Extended User model support
VPN Auto-discovery
Event Based Provisioning
Automatic Event based Auditing
FOO over MPLS support
Ease of initialization