Академический Документы
Профессиональный Документы
Культура Документы
During the 2nd session the participants will also understand the
architecture of various Smart Cities deployment; some of the
deployment issues; how to overcome the issues
2014
Cisco Confidential
Agenda
Use Cases
Infrastructure Enhancements
Deployment Models
Scaling & Sizing
QoS
Product Components
2014
Cisco Confidential
Use Cases
Cisco Confidential
VPN Tunnel
Netsense, Fastprk
Internet Cloud
3rd party
Authentication
Server
Remote user
ISG
Outside
AGT
Inside-ISG
CITY Data
Center
Intuvision
Inside
Inside-City
DHCP Server
SP
NETWORK
Inside-Gateway
Internet
Dundas
Storage
WLC
5508/8500
5520/8540
SMS Gateway
Vega Prime
Cognitech
City Mind
Nexus 5672 UP
Authentication
/Policy
enforcement server
ASA Cluster +
SourceFire
CPIPE (DHCP
Server)
Video Surveillance
Client -Operator/SASD
MSE
Cisco ACS
FC/FCoE
Cisco
Prime
vPC
Certification
Server -Microsoft
UCS Platform
CAT 4500 X
HSRP/VRRP
City Layer
10 Gig Fiber (vPC 80 Gig)
10 Gig Fiber
ASR920
1 Gig Fiber
REP 100
ASR920
SFP/fiber
Street
Layer
REP
200
IE 2K/3K/4K
2G
Root AP
Root AP
VS 6930, 6400E
1 Gbps 2 G
FR - AXIS 1357
LPR - 6500 PD
IR910
IR910
Mesh AP
IW3700 only
IW3700/1570
Sensity Nodes
LoRa Sensors
2014
IE4K
LPR/FR,
Cisco and/or its affiliates. All rights
reserved.
Cisco Confidential
Street
Video
Parking Lighting
People
Analytics
REP
300
IR910
2G
IE4K
IE4K
2G
1 Gbps
Fastprk
Root AP
Root AP
Mesh AP
Sensor
Architecture Considerations
Enable City Wi-Fi Network to have secure cloud connectivity for Smart
Lighting, Smart Parking Cloud based solution
Comply with Data Center best practices for AGT Integration including
FC, FCoE connectivity
Cisco Confidential
Infrastructure Changes
Enable City Wi-Fi Network to have secure cloud connectivity for Internet
Cloud based solution
ASA Firewall with Firepower Service AVC
ASA Clustering Model
2014
Cisco Confidential
10 G
Edge
Port
2G
Street Layer
IE4K
IE4K
2G
2G
1 Gbps
Root AP
Mesh AP
Root AP
Mesh AP
2014
Cisco Confidential
2014
Cisco Confidential
AP Deployment Model
MAP
LPR
MAP
VS
IW3700
AP1570
100 m
RAP
RAP
IW3700
LPR
VS
RAP
RAP
RAP
LPR
VS
LPR
RAP
RAP
VS
FR
VS
MAP
LPR
RAP
RAP
LPR
MAP
VS
RAP
IW3700
LPR
AP1570
RAP
RAP
VS
LPR
RAP
RAP
VS
LPR
RAP
VS
RAP
LPR
LPR
MAP
VS
RAP
RAP
VS
MAP
LPR
RAP
IW3700
VS
LPR
RAP
VS
IR910
IE4K/3K
IE4K/3K
900 m
100 m
900 m
Copper
Fiber
2014
Cisco Confidential
IE4K/3K
IE DeploymentASR920
Model
ASR920
ASR920
IE
IE Single Ring
<= 2700m
IE
900 m
ASR920
IE Multiple Rings
>= 2700m
900 m
900 m
900 m
IE
1800 m
2014
Cisco Confidential
1800 m
Cisco Confidential
IE Switch Capacity
Components
IE4000
MAP
No of
Devices
2
RAP
Video Camera
FR Camera (Wired)
LPR Camera
IR 910
Sensity Sensor
Gateways
Internet Services
44
220
Bandwidth Consumption
IE3000
Comments
No of Devices
Devices
Comments
2 Mesh Hops
2 Mesh Hops
Video Camera
Connected on 1 Copper
& 8 SFP Fiber
Connected on 6
Bridged AP ports
Connected on 1 IE
Wired Port
Connected on 4
Bridged AP ports
Connected on 1
Bridged AP port
Average of 4 Nodes/AP
Connected on 1 copper
& 8 SFP Fiber
Connected on 6
Bridged AP ports
Connected on 1 IE
Wired Port
Connected on 1 copper
& 5 Bridged AP ports
Connected on 1
Bridged AP port
Average of 4 Nodes/AP
FR Camera
LPR Camera
6
1
6
1
44
220
Bandwidth in Mbps
(per device)
6
20
6
IR 910
0.01
Sensity Gateways
0.02
Internet Services
City Staff Services
0.5
2
Average of 20
Users/AP
1 users/IE
Average of 20
Users/AP
1 users/IE
Bridged ports
11
6 VC + 4 LPR + 1 IR
12
6 VC + 5 LPR + 1 IR
IE Wired Ports
1 RAP + 1 FR
Type of devices
MAP
Uplinks
Combo ports
Combo Ports
RAP
1
1
No of Devices
2
No of Wired Devices
11
12
Video Camera
No of Wireless Devices
265
265
FR Camera
No of Aps
11
11
LPR Camera
1100 m
1100 m
Traffic in
Mbps
110
Traffic in
Mbps
110
Traffic to Internet
Cloud
Traffic to DataCenter
1.5
1.5
62
74
Total Traffic
173
Trail
Traffic to Internet
2014
185
IR 910
12
Internet Services
City Staff Services
60
1
Cisco Confidential
57 Mbps
Sizing Considerations
Every ASR 920 Ring will have maximum of 9 Rings (based on 10 Gig
uplink)
Model
SFP ports
Ethernet Ports
Uplinks (combo)
Distance between
Each IE
IE3K
900 m
2014
Traffic type
Traffic in MB Interface Capacity
Traffic Per IE4K/IE3K
179
1GE
Traffic Per IE Ring
538
1GE
Total Traffic Per ASR920
5865
Uplink=10G
Ring (9 IE Rings+AP)
Traffic of IE4K Ring at CAT4K
1435
2 GE
Total Traffic at CAT4K
72519
Uplink=Vpc with 8x10GE
Cisco Confidential
Sizing Models
Input Considerations
Requirements
Number of VS Camera
Number of detections per day
(Average of 150/camera/day)
Required time period for VS Video
Storage
Medium
6 sq. Miles/Walking Trail of 35
Miles
276
Large
50 sq. Miles/ Walking trail of
270 Miles
2280
41400
342000
Medium
8633 (5.2 Gig 40% OS)
Large
72519 (44 Gig 40% OS)
405
3330
122
1060
527
4390
15 days
15 days
18
180
60 days
60 days
30
215
198
1670
13
135
1980000
16700000
10
Not Applicable
Not applicable
Number of IE Switches
27
270
60 days
22
60 days
215
10
44000
430000
30
15 days
15 days
Number of DC Switch
2 (Nexus 5000)
4 (Nexus 7000)
60 days
60 days
2 (CAT4500-X)
2 (CAT6000)
4
29
6
268
Clustering
Clustering
ASA Model
5585-X SSP60
5585-X SSP60
7500
2108
67000
17560
12
Sourcefire
Yes
Yes
Internet Services
10540
87800
WLC Model
5520
8500/8540
15
!
133
!
2014
Cisco Confidential
QoS Considerations
No Ingress Policing
Traffic at every interface not exceed the capacity
configuration
No Ingress Queuing Considered
Needed when input rates from any/all switch ports exceed the switch fabrics capacity
Cisco Confidential
Actual DSCP
EF (46)
UP 6
Platinum
Smart Lighting,
Gateway Wireless Traffic
DF
CS3(0)
UP 5
Gold
DF (0)
UP 3
Silver
DF (0)
UP 1
Bronze
2014
Wireless Queue
Cisco Confidential
DSCP at IE2K
Network Control
CS6 (48)
1P3Q3T Model
CS6
EF (46)
AF41
CS3(34)
AF41
Q2T2
CS2
Q2T1
CS2 (16)
Network Management
DF
DF (0)
Citizens
Free Internet Access
(Wireless CAPWAP Traffic)
AF11 (10)
2014
Queue 1
Priority
EF
AF11
Cisco Confidential
Queue 2
Queue 3
Best Effort
(Default)
Queue 4
Background
Classification
Egress Policing
CIR
Egress Queuing
Video
EF
30%
Transmit
Drop
Priority
Network Control
CS6
2%
Transmit
Drop
Priority
Gateway Traffic
AF41
3% BW
Network Mgmt
CS2
5% BW
City User
DF
5% BW
Internet User
AF11
40% BW
Other
15% BW
Cisco Confidential
2014
AP (SL)
DHCP (DC)
WLC (DC)
WLC Relay
Node Registration [Certificate, Unique ID], TLS Handshake with Client Auth. ,DNS Resolution for produp.xeralux.com, Port 9443/10443
Node shares {Node ID, BSSID, SSID and other network information}, TCP Session {Port 9443/10443}, AES128 Encryption
2014
Cisco Confidential
Design Considerations
http://www.lrc.rpi.edu/programs/NLPIP/PDF/VIEW/SR_StreetlightsLocal.pdf
Creating a new SSID by configuring the Firewall as the gateway for the SSID traffic
Segregation of traffic to and from Sensity core nodes to a dedicated VLAN with a
new address range
Creating a new DHCP scope on Prime IP Express to cater to the Sensity core nodes
Configure the SSID for the Sensity nodes with the appropriate Gold QoS priority
(ie.AF41)
Configure a PAT rule on Firewall to allow traffic from the Sensity core nodes to reach
their management server on the cloud Netsense
2014
Cisco Confidential
Traffic Flow
Internet Service
Layer
ASA Firewall
VPN Tunnel
WLC
Authentication
/Policy
enforcement server
Inside
CITY Data
Center
ISG
Inside-City
3rd party
Authentication
Server
AGT
Remote user
Inside-Gateway
DHCP Server
SP
NETWORK
Outside
Netsense, Fastprk
Internet Cloud
Internet
City
Mind
Intuvision
Dundas
Vega Prime
Storage
Cognitech
CPIPE (DHCP
Server)
Nexus DC Switch
City
Layer
MSE
Cisco ACS
Cisco
Prime
vPC
SMS Gateway
Video Surveillance
Client -Operator/SASD
Certification
Server -Microsoft
UCS Platform
CAT 4500 X
(HSRP/VRRP)
100Gig Fiber
10 Gig Fiber
ASR920
1 Gig Fiber
REP 100
ASR920
Street
Layer
IE 2K/3K/4K
Bridged
SFP/fiber
REP
200
Access
Point
Root AP
2G
Access
Point
Root AP
Bridged
Mesh AP
AP 1552/1532/1570
2014
IE4K
IE4K
1 Gbps 2 G
2G
REP 300
Mesh AP
LPR/FR,
Video
Cisco and/or its affiliates. All rights
reserved.
Cisco Confidential
Street
Analytic
Parking Lighting
People
s
Root AP
Mesh AP
Mesh AP
IE4K
2G
1 Gbps
Root AP
Analytics
1. License Plate
Rec
2. Face Rec
3. Line Crossing
4. Left Object
5. Wrong Lane
6. Illegal
Parking
7. Vehicle
Counting
Video Infrastructure
1.
Video Cameras
2.
Media Server
3.
Video Management and Operations
4.
Video Storage
5.
Multi Service Network
with QoS,
2014 Cisco and/or its affiliates.
Traffic Engineering and Security
Cisco Confidential
3rd party
Authentication
Server
Remote user
ISG
Outside
AGT
Inside-ISG
CITY Data
Center
CityMind
Intuvision
Nexus 5672 UP
Authentication
/Policy
enforcement server
CPIPE (DHCP
Server)
MSE
Cisco ACS
Certification
Server -Microsoft
Cisco
Prime
FC/FCoE
SAN Storage
WLC
5508/8500
5520/8540
SMS Gateway
Media
Server
CityMind
Mobile
DB server
server
FR
LPR
Analytics
Analytics
VSOM server
Inside
SP
NETWORK
ASA Cluster +
SourceFire
Inside-City
Internet
DHCP Server
VPN Tunnel
Inside-Gateway
Internet Service
Layer
vPC
City
Layer
UCS Platform
C& C
CAT 4500 X
HSRP/VRRP
Video Traffic
ASR920
Analytics Traffic
REP 100
ASR920
SFP/fiber
Street
Layer
REP
200
IE 2K/3K/4K
2G
Access
Point
Root AP
VS 6930, 6400E
Access
Point
Root AP
IR910
IR910
AP 1552/IW3700/1570
Sensity Nodes
LoRa Sensors
2014
IE4K
1 Gbps 2 G
FR AXIS 1357
LPR 6500 PD
IE4K
REP
300
Mesh AP
LPR/FR,
Cisco and/or its affiliates. All rights
reserved.
Cisco Confidential
Street
Video
Parking Lighting
People
Analytics
Root AP
Mesh AP
Mesh AP
IR910
2G
IE4K
2G
1 Gbps
Fastprk
Root AP
Sensor
3rd party
Authentication
Server
Remote user
ISG
Outside
Inside-ISG
CITY Data
Center
CityMind
Mobile
server
CPIPE (DHCP
Server)
Certification
Server -Microsoft
Cisco
Prime
UCS Platform
CAT 4500 X
HSRP/VRRP
Local Analytics
ASR920
Analytics Traffic
REP 100
FR
Analytics
Media
Server
ASR920
REP
200
2G
Access
Point
Root AP
VS 6930, 6400E
LPR 6500 PD
IR910
IR910
Sensity Nodes
LoRa Sensors
2014
IE4K
REP
300
IE4K
1 Gbps 2 G
FR AXIS 1357
IW3700
Mesh AP
LPR/FR,
Cisco and/or its affiliates. All rights
reserved.
Cisco Confidential
Street
Video
Parking Lighting
People
Analytics
LPR
Analytics
Intuvision
Storage
SFP/fiber
Access
Point
Root AP
IW3700/1570
C& C
Local Datacenter
Video Traffic
IE 2K/3K/4K
Cisco ACS
FC/FCoE
vPC
City
Layer
Street
Layer
MSE
SAN Storage
WLC
5508/8500
5520/8540
SMS Gateway
Domain
Server
CityMind
DB server
VSOM server
Nexus 5672 UP
Authentication
/Policy
enforcement server
AGT
Inside
SP
NETWORK
ASA Cluster +
SourceFire
Inside-City
Internet
DHCP Server
VPN Tunnel
Inside-Gateway
Internet Service
Layer
Root AP
Mesh AP
Mesh AP
IR910
2G
IE4K
2G
1 Gbps
Fastprk
Root AP
Sensor
Network and
Application
Server
RF communication
between Sensor and IR910
with Lora Technology.
2
IR910 communicate to
Cloud (Network/Application
Server) using Wired
backhaul
Internet
AP: terminates
Radio and proxy
packets to
Network Server
Semtec LoRa Card in IR910
Low Power,
Long Range
Radio
Small,
Embedded,
low cost smart
device
Parking Sensor
Parking Sensor
2014
Parking Sensor
Cisco Confidential
3
Fast Park Application gets
the parking status for the
users.
ASA Firewall
VPN Tunnel
WLC
Authentication
/Policy
enforcement server
Inside
CITY Data
Center
ISG
Inside-City
3rd party
Authentication
Server
AGT
Remote user
Inside-Gateway
DHCP Server
SP
NETWORK
Outside
Netsense, Fastprk
Internet Cloud
Internet
City
Mind
Intuvision
Dundas
Vega Prime
Storage
Cognitech
CPIPE (DHCP
Server)
Nexus DC Switch
City
Layer
MSE
Cisco ACS
Cisco
Prime
vPC
SMS Gateway
Video Surveillance
Client -Operator/SASD
Certification
Server -Microsoft
UCS Platform
CAT 4500 X
(HSRP/VRRP)
100Gig Fiber
10 Gig Fiber
ASR920
1 Gig Fiber
REP 100
ASR920
Street
Layer
IE 2K/3K/4K
Bridged
SFP/fiber
REP
200
Access
Point
Root AP
2G
Access
Point
Root AP
Bridged
2G
IE4K
REP 300
IE4K
1 Gbps 2 G
Mesh AP
AP 1552/1532/1570
2014
Mesh AP
LPR/FR,
Video
Cisco and/or its affiliates. All rights
reserved.
Cisco Confidential
Street
Analytic
Parking Lighting
People
s
Sensor
IR 910
GW
IE4K
2G
1 Gbps
Function
8.1 MR1
Cisco -ISR819
IE 2000/3000 ->15.2.3E1
IE 4000 ->15.2.2EA
15.4(2)T
2.5.0
6500PD IP Camera
2.5.1
Smart Lighting
Sensors & LoRa Cards works on LoRa technology to pass sensors details
1.2.1
Function
3.16
03.04.06 SG
Core switch aggregating access switches and connect to the Data Center
2014
Cisco Confidential
Function
Compute (CPU/Memory storage to host various software applications
8.1 MR1
8.0
7.6
8.2
2.2.2
VM Component - Life cycle management and assurance for MSE, WLC, AP, etc.
6.3.7.12738
ANPR_TOLL_4.1
Cognitec FTS,FMS,FAM
FaceVACS-SDK 8.7.0
USH-6.5.6
Vega Prime
V.14.0
Dundas
BI V 1.0.7
2014
Cisco Confidential
Key Takeaways
Enablement of new services on City Wi-Fi Infrastructure
Smart Lighting Solution
City Safety and Traffic Incident Management
Smart Parking Solution
Management solution
Latest hardware/software refreshes
2014
Cisco Confidential
Deepak Michael
Solution Architect - S+CC
December 2015
Agenda
2014
Cisco Confidential
Local Service Provider iiNET owns and manages Adelaide Free Wi-Fi
Network.
2014
Cisco Confidential
System Architecture
1552 outdoor access point
3560 street layer switch
ME3600 & 4500 aggregation
switches
8510 WLC
ASR 1K
2014
Cisco Confidential
2014
Cisco Confidential
AP Deployment Model
WIFI Based Lighting
Control + Video
Nodes
2014
Cisco Confidential
2014
Cisco Confidential
Client observations
Network observations -
2014
Cisco Confidential
Resolution
Configure BGNs to logically group radios to avoid two networks on the same
channel from communicating with each other.
2014
Cisco Confidential
Solutions booked
Cisco Confidential
Smart
Lighting
Cloud
Managed
Services
(RMS)
Digital
Kiosks
S+CC App 3
City
City Use
Use
Wireless
Infrastructure
Wireless
Infrastructure
Sprint Use
Sprint
Use
AS IoE Services(along
with Sensity and
CityPost)
AS SP + Wireless COE
and Sprint Engagement
AS SLED Engagement
CCS Business
Outcome
CityofofKansas
Kansas
City
City
2014
Cisco Confidential
System
Integration
PMO - CCS/IOE Services
AMO IoE Services
Device
What is being
deployed
2014
Cisco 3700
1. City Market
2. Convention Center
3. Sprint Center Front
Cisco 1570
1. River Market
2. Street Car Line (Streets 7-12)
3. Power and Light
4. Crossroads
5. Sprint Center Back
Cisco 2566 Panel Antenna for
3700s
Cisco 2547VG Omni Antenna for
1570
ASR 901
1. River Market
2. Street Car Line (Streets 7-12)
3. Power and Light
4. Crossroads
Cisco Confidential
Quantity
Total 95
1. 62
2. 17
3. 16
Total 234
1. 25
2. 16
3. 116
4. 71
5. 5
Total 95
Total 936
Total 51
1. 4
2. 5
3. 28
4. 14
Cisco Confidential
12
Core Architecture
Wireless/ IP Transport
Root Access Points
connect via Ethernet to
ASR 901
No more than two MAPs
per RAP
10G support from
distribution to core
infrastructure over
CAT4500.
Cisco 1K for Firewall
2014
Cisco Confidential
Security Requirements
Wireless LAN intrusion prevention and location Analytics
Wireless intrusion detection system
Identity based networking
Layer 2 Security 802.1x (PEAP, LEAP, EAP-TTLS), WPA/WPA2
Layer 3 Security Web Authentication, VLAN Assignments
Access Control List
Peer to Peer Blocking
Network Segregation
2014
Cisco Confidential
Lawful Intercept
The Cisco ASR 1000 Series Aggregation Services Routers support two types
of LI: regular and broadband (per-subscriber).
Broadband wiretaps are executed on access subinterfaces and tunnel
interfaces.
Regular wiretaps are executed on access subinterfaces, tunnel interfaces,
and physical interfaces.
The router determines which type of wiretap to execute based on the
interface that the targets traffic is using.
LI on the Cisco ASR 1000 series routers can intercept traffic based on a
combination of one or more of the following fields:
2014
Cisco Confidential
2014
Cisco Confidential
2014
Cisco Confidential