Tài liệu Intelligent IP Network Value-Added Service ppt

SG-1 Service Gateway:Intelligent IP Network Value-Added Service Enhancements to Existing Broadband Networks... SG-1 as a Service Enabler in anExisting xDSL Network With its own advanced

SG-1 Service Gateway:

Intelligent IP Network Value-Added Service

Enhancements to Existing Broadband Networks

Wireline network operators have increased available customer bandwidth with xDSL modems, DSLAMs and Broadband Remote Access Server (BRAS) systems While this basic topology enables standard broadband service, most service providers want to expand their portfolios of broadband offerings to improve their competitive position, increase revenues and decrease operational expenses

At the same time, they realize that any enhancement to a network should leverage the existing architecture and easily integrate with it Such enhancements require only incremental capital investment with minimal replacement of existing network elements These enhancements also eliminate unnecessary operating expenses arising from changes in the network elements like operation and support, management and billing, and BRAS systems

Integration with the existing network, including its operational processes, is, therefore,

a decisive factor in the choice of any new equipment and systems that enable value-added services such as bandwidth on demand and application awareness These advanced services can be charged to the user with little or no impact on existing network elements and with minimal investment for the network operator

ADC’s SG-1 Service Gateway meets these requirements since it is designed for simple and straightforward integration with a wide range of network elements and topologies With its drop-in architecture, the SG-1 takes the responsibility for service creation, service enforcement and dynamic service management, independent of the access network elements being used The access network is responsible for access, transmission and switching, while service management and provisioning are handled

in central or regional locations by the SG-1 This concept and topology are similar to a voice intelligent network, where signaling and voice data transport are separate The SG-1’s network integration capability simplifies the system’s integration with the existing network, which shortens time-to-market for new value-added services, decreases the total cost of ownership including maintenance, and facilitates training The SG-1 integrates well with existing network devices such as a BRAS, dialup RAS, CMTS (Cable Modem Termination Systems) and WLAN Access Points The SG-1 also integrates easily with existing or third-party portals, operation and support systems, and management and billing The SG-1 enables any portal to handle user interactive service selection and subscription, regardless of the access or aggregation devices terminating the calls

Intelligent IP Network

To Existing Broadband Networks

Value-Added Service Enhancements

SG-1 as a Service Enabler in an

Existing xDSL Network

With its own advanced service-creation functionality,

the SG-1 is capable of upgrading existing BRAS systems

that lack service-creation capabilities It can also

simultaneously act as a BRAS by terminating the PPPoE

and PPPoA sessions using redundant SONET/SDH

interfaces Thus, users terminated by the existing BRAS

and those who are directly terminated by the SG-1

receive the same service and have the same user

experience

For example, users connected through the Redback

SMS 10000 are offered Try-Before-Buy, Third Party

Boost, Bandwidth-on-Demand, and other advanced

services, although the Redback system terminating

those users cannot provide those services by itself

Such enhanced functionality can be provided using the

methods described below

Tunnel Termination /

Tunnel Switching Method

The existing BRAS transmits (tunnel-switches) the user

PPP session via an L2TP tunnel to the SG-1 The

transmission is done using the existing AAA server,

which responds to each BRAS Access-Request message

with a tunnel switching command (tunnel switching

attributes)

The SG-1 can terminate the L2TP tunnels initiated by

the BRAS and terminate each of the tunneled user’s PPP

session within those tunnels On the other hand, it can

switch the tunnel to another LNS For example, the

tunnel may be switched by the SG-1 to an ISP network

that will terminate the tunnel and the PPP session

When the SG-1 terminates the tunnel, the SG-1

authenticates the user PPP session in the same way it

was authenticated by the BRAS, using the same AAA

server The SG-1 provides IP addresses and maintains

the point-to-point connection of the user PC or routers

The tunneled traffic to the SG-1 may be carried by

SDH/ATM or by Gigabit Ethernet using the SG-1

multi-interface support The BRAS in this case may either

tunnel a group of users through one tunnel or create a

separate tunnel for each user

When the SG-1 switches the tunnel without

termination of the PPP session, it can still authenticate

the user and communicate with the AAA server

Value-added services can be performed and additional user

scenarios may be supported For example, if the session

is terminated by a third-party ISP LNS, the network

operator can still provide independent value-added

network services and apply additional functions such as

bandwidth control

A customer service request, initiated through an existing portal (anywhere in the network) results in a personal service profile definition and support, independent of the type of edge router or BRAS being used The existing BRAS uses its L2TP tunnel switching capability that is standard for most BRAS systems and edge routers The SG-1 uses its own capabilities as an LNS or L2TP switcher to support this topology

The network operator, using this method, can divide the user sessions into two groups One group can be provided with an extended range of services and can be tunneled to the SG-1, while the other group can be served with the current range of services and will continue to be terminated as before This capability enables gradual introduction of new services to the customers, based on geographic or other criteria

In parallel to upgrading existing tunneled sessions, the SG-1 can have a direct connection to the ATM cloud and provide direct enhanced services to additional sessions directly from the DSLAMs As the number of new xDSL customers grows, the network operator may route the new DSLAM traffic directly to the SG-1, which may terminate the user PPPoE and PPPoA sessions, or aggregate the traffic for termination in another network The SG-1 can support simultaneously ATM and IP traffic through the same chassis

The network diagram below illustrates the SG-1’s role in

an existing xDSL network according to this method User traffic can be supported by both the SG-1 and the BRAS: Network architecture can now provide service using the existing infrastructure, and the SG-1 can act

as a service enhancement platform and as an additional BRAS The SG-1, in this case, is actually enhancing the BRAS service capabilities by providing advanced services

to part or all of the users The SG-1 can support simultaneously both ATM and IP traffic

M T A

S L P M -P I e r o

s P I

1 -G S

M A L D

M A L D s e s U

r e s U

B s e s U

t n t n C

S A B

Tunnel Termination / Tunnel Switching Method

IP Routing Method A

In the following topology, the BRAS is not required to

use L2TP capabilities In fact, the BRAS does not change

its behavior in any way This topology might be most

suitable in two scenarios:

• When the service creation functionality is managed

by the network operator, independent of an access

network that includes BRAS systems In this case, the

manager of the SG-1 may not want or may not be

able to make any changes in the BRAS configuration

• When the processing power of the existing BRAS

may be overloaded with additional functionality and

may not support the required L2TP tunneling for all

the traffic

The router, using its policy-based routing, sends the IP

traffic to the SG-1, which monitors the user sessions

and provides each user with a selected or configured

service profile The SG-1 may authenticate the users just

before enabling the service In this application, the

SG-1 uses its native IP service creation features The

routed traffic to the SG-1 may be carried both by

SDH/ATM or IP Gigabit Ethernet using the SG-1

multi-interface support

The network diagram below illustrates the SG-1’s role in

an existing xDSL network supporting this method

Sessions can be supported by the SG-1 and DSLAMs;

the router distributes the traffic according to provider

service policy, and routes the session traffic to the SG-1

for adding the service layer

Sessions can be authenticated and authorized

simultaneously through web authentication or PPPoE

application through the existing AAA server Different

users or user groups, or different service requests, may

be authenticated, authorized and billed by different

AAA servers The SG-1 can interact with many different

AAA servers accordingly

IP Routing Method B

The BRAS in this method uses its own IP interface and routing capabilities, and routes the users’ IP traffic to the SG-1 The SG-1 monitors the user sessions and provides each user with its selected or configured service profile The SG-1 can act as the existing BRAS default gateway and may authenticate the sessions before enabling the service The routed traffic to the SG-1 may be carried both by SDH/ATM or IP Gigabit Ethernet using the SG-1 multi-interface support The network diagram below illustrates the SG-1’s role in

an xDSL network supporting this method The BRAS interface with the SG-1 (illustrated by the blue dash line

in the diagram) represents the new routed traffic from the BRAS to the SG-1

M T A

S L P M -P I e r o

s P I

1 -G S

M

A

L

D

M

A

L

D

s

e

s

U

r

e

s

U

B s e s U

t n t n C

S A B

M T A

S L P M -P I e r o

s P I

1 -G S

M A L D

M A L D s e s U

r e s U

B s e s U

t n t n C

r e t u R

S A B

IP Routing Method B

IP Routing Method A

Integration with IP DSLAM

The SG-1 includes support for the new generation of IP

DSLAMs The IP DSLAM in this case uses its own IP

interface and routing capabilities, and routes the users’

IP traffic directly to the SG-1 The routed traffic from

the DSLAM to the SG-1 may be carried both by

SDH/ATM or IP Gigabit Ethernet using the SG-1

multi-interface support The SG-1 monitors the user sessions

and provides each user with its selected or configured

service profile The SG-1 can act as the IP DSLAM

default gateway and may authenticate the sessions

before enabling the service

The network diagram below illustrates the SG-1’s role in

an xDSL network supporting the new IP DSLAM along

with the existing ones

Advanced and Unique Services

Functionality

The SG-1 delivers a new set of functionalities that are

applicable to all of the topologies mentioned above

The main capabilities are:

• No Profile/Policy/Service Server: SG-1 does not

require any type of profile, policy or service server

because the profiles are kept within a Standard

RADIUS database format This concept simplifies

integration and significantly decreases deployment

time

• Real-Time Profile Change Without Session

Termination: To offer services such as “Turbo

Button”, the SG-1 handles real-time profile changes

without session termination

• Dynamic Access Lists For Walled Gardens:

Dynamic access lists are important to modify a user's

profile to exit a garden or to access another type of

garden, all within one session

• Real-Time User Profile Bandwidth Limitations:

For Turbo Button features, it is important that user bandwidth limitations can be changed within a session real-time SG-1 is capable of this

• Real-Time User Profile Prepaid and Quota

Limitations: For prepaid and quota features, it is

important that a user time limitation can be changed within a session real-time

• Scalability: The system can grow as service demand

grows The operator can start with a lean 4,000 end-user session support and gradually and seamlessly scale up the system without service interruption Eventually, a 10U system can populate up to 64,000 concurrent sessions

• Standard Protocols: The SG-1 is designed to use

standard protocols, so the operator doesn’t need to invest heavily in new platforms and/or servers and go through painful network upgrades and

enhancements

• Support For Home Networks: The SG-1 is able to

authorize, authenticate and support self-provisioning for each terminal or home appliance within a home network separately and with an individual associated service profile

• Advanced Security Features For The Mass

Market: By using the SG-1, the operator can now

offer new and exciting security services for the Broadband user mass market The SG-1 is offered with a third party anti-virus system that scans HTTP/FTP traffic and delivers a full-service suite in real time to users Combined with SG-1 service

capabilities, the operator can receive a complete platform, geared to handle the new challenges in Internet service provisioning:

– An anti-virus engine certified to block 100% of the

"in the wild" viruses as well as more than 50,000 samples of malware (viruses, worms, Trojans, etc.) Scans all MIME types and compressed files Virus protection is certified by ICSA Labs and Check Mark to comply with industry standards

– Ghost Machine®proactively protects against sophisticated, encrypted, stealth and polymorphic viruses

– SmartScript™ proactively blocks all malicious scripts

in email and web pages Non-malicious scripts still function without difficulty

– MacroTerminator™ heuristically detects and blocks variants of known Microsoft Office macro viruses,

as well as unknown ones

M T A

t e r e t E

S L P M -P I e r o

s P I

1 -G S

M

A

L

D

M

A

L

D

M

A

L

D

s

e

s

U

s

e

s

U

r

e

s

U

B s e s U

t n t n C

r e t u R

Integration with IP DSLAM

– Vandal Protection inspects all web pages,

downloaded files, and email traffic, cleaning

malicious Java, ActiveX and script vandals

– Office Protection removes macros and embedded

objects such as executables from Microsoft Office®

documents arriving from un-trusted sources

Benefit to the Service Provider

The SG-1 allows for the rapid creation and

implementation of new services With dynamic

bandwidth control and application awareness services

for voice and peer-to-peer traffic, different applications

from the same user may be associated with different

service profiles These profiles can be changed

dynamically upon customer request made through any

commercial or existing portal

ADC Telecommunications, Inc., P.O Box 1101, Minneapolis, Minnesota USA 55440-1101 Specifications published here are current as of the date of publication of this document Because we are continuously improving our products, ADC reserves the right to change specifications without prior notice At any time, you may verify product specifications by contacting our headquarters office in Minneapolis ADC Telecommunications, Inc views its patent portfolio as an important corporate asset and vigorously enforces its patents Products or features contained herein may be covered by one or more U.S or foreign patents An Equal Opportunity Employer

1317098 5/05 Original © 2005 ADC Telecommunications, Inc All Rights Reserved

Web Site: www.adc.com

From North America, Call Toll Free: 1-800-366-3891 • Outside of North America: +1-952-938-8080 Fax: +1-952-917-3237 • For a listing of ADC’s global sales office locations, please refer to our web site.