CVD City Wifi-Cisco

Abstract
During the session the participants will understand the architecture

behind Smart Cities; learn some of the best practices; Identify Cisco
& Partner Products that will be part of the solution; know whom to
reach when there is an opportunity
During the 2nd session the participants will also understand the
architecture of various Smart Cities deployment; some of the
deployment issues; how to overcome the issues
2014
Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Agenda
Use Cases
City Wi-Fi Reference Architecture
Infrastructure Enhancements
Deployment Models
Scaling & Sizing
QoS
Smart Lighting Solution
City Safety and Traffic Incident Management Solution
Smart Parking Solution
Product Components
2014
Cisco Confidential
Use Cases
Smart Lighting Solution Sensity Core Node

City Safety and Traffic Incident Management
Video Analytics Service - Monitoring, Incident Notification/Management, Events and
Report Generation 6400E
Face Recognition Service Detection, Recognition & Enrolment - AXIS Cameras

(1357)
License Plate Recognition (LPR) Service Detection, Capturing, Recognition &

Reporting Cisco 6500 PD
Smart Parking Solution World Sensing Semtec LoRa gateway on IR910

Infrastructure Enhancements
AP1570, IW3700, IE4K, ASR920, WLC5520/8540, FirePower, N5K
2014
Cisco Confidential
City Wi-Fi Reference Architecture

Internet Service Layer
Site to Site VPN
VPN Tunnel
Netsense, Fastprk
Internet Cloud
3rd party
Authentication
Server
Remote user
ISG
Outside
AGT
Inside-ISG
CITY Data
Center
Intuvision
Inside
Inside-City
DHCP Server
SP
NETWORK
Inside-Gateway
Internet
Dundas
Storage
WLC
5508/8500
5520/8540
SMS Gateway
Vega Prime
Cognitech
City Mind
Nexus 5672 UP
Authentication
/Policy
enforcement server
Data Center Layer
ASA Cluster +
SourceFire
Virtualization & Other Apps

Video Surveillance VSOM/VSMS
CPIPE (DHCP
Server)
Video Surveillance
Client -Operator/SASD
MSE
Cisco ACS
FC/FCoE
Cisco
Prime
vPC
Certification
Server -Microsoft
UCS Platform
CAT 4500 X
HSRP/VRRP
City Layer
10 Gig Fiber (vPC 80 Gig)
10 Gig Fiber
ASR920
1 Gig Fiber
REP 100
ASR920
1Gig /100 MB Copper
SFP/fiber
Street
Layer
REP
200
IE 2K/3K/4K
2G
Root AP
Root AP
VS 6930, 6400E
1 Gbps 2 G
FR - AXIS 1357
LPR - 6500 PD
IR910
IR910
Mesh AP
IW3700 only
IW3700/1570
Sensity Nodes
LoRa Sensors
2014
IE4K
LPR/FR,
Cisco and/or its affiliates. All rights
reserved.
Cisco Confidential
Street
Video
Parking Lighting
People
Analytics
REP
300
IR910
2G
IE4K
IE4K
2G
1 Gbps
Fastprk
Root AP
Root AP
Mesh AP
Sensor
Architecture Considerations
Increasing Wireless/Wired backhaul bandwidth
Enable City Wi-Fi Network to have secure cloud connectivity for Smart
Lighting, Smart Parking Cloud based solution
Comply with Data Center best practices for AGT Integration including
FC, FCoE connectivity
Enabling 3.0 use cases on the city infra

Connectivity, segregation of traffic, end-to-end Security, QoS, High
Availability & Network Management facilities
Wireless/Wired Network Design considerations with appropriate scaling

& sizing
2014
Cisco Confidential
Infrastructure Changes
Inclusion of AP1570, IW3700, IE4K, CAT4K high port density model,

WLC 5520/8540
Replacing ME2600 with ASR920 as ME2600-X is announced EOL.
Introducing Nexus 5K in DC for supporting FC & FCoE Connectivity
2 Hop Mesh Network
IE4K (2G) REP Ring termination with CAT4K/ASR920
Enable City Wi-Fi Network to have secure cloud connectivity for Internet
Cloud based solution
ASA Firewall with Firepower Service AVC
ASA Clustering Model
2014
Cisco Confidential
IE4k Ring With Port Channel

City Layer
10 G
Edge
Port
2G
Street Layer
REP Segment 100
IE4K
IE4K
2G
2G
1 Gbps
Root AP
IE4K uplink can be

increased to 2Gbps by
connecting IE4K ring on
Edge
Port
CAT4K with port-channel
Blocked
2G
Alternative Port
REP Load balancing is
for Video Vlan
IE4K
recommended
1 Gbps
8 IE4K possible in single
REP ring with 2 Gig traffic
Core Switch CAT4K/ASR920
Mesh AP
Root AP
Mesh AP
2014
Cisco Confidential
Which double the REP

Ring coverage
ASA with FirePower

FirePower Service
recommended on ASA Firewall

Application Visibility and
Control (AVC)
Advanced Malware Protection
(AMP)
URL Filtering
Next-Generation IPS (NGIPS)
2014
Cisco Confidential
AP Deployment Model
MAP
LPR
MAP
VS
IW3700
AP1570
100 m
RAP
RAP
IW3700
LPR
VS
RAP
RAP
RAP
LPR
VS
LPR
RAP
RAP
VS
FR
VS
MAP
LPR
RAP
RAP
LPR
MAP
VS
RAP
IW3700
LPR
AP1570
RAP
RAP
VS
LPR
RAP
RAP
VS
LPR
RAP
VS
RAP
LPR
LPR
MAP
VS
RAP
RAP
VS
MAP
LPR
RAP
IW3700
VS
LPR
RAP
VS
IR910
IE4K/3K
IE4K/3K
900 m
100 m
900 m
Copper
Fiber
2014
Cisco Confidential
IE4K/3K
IE DeploymentASR920
Model
ASR920
ASR920
IE
IE Single Ring
<= 2700m
IE
900 m
ASR920
IE Multiple Rings
>= 2700m
900 m
900 m
900 m
IE
1800 m
2014
Cisco Confidential
1800 m
Scaling & Sizing - Assumptions

Medium Scale Deployment 6 Sq. Miles with trails of 35 Miles
Large Scale Deployment 50 Sq. Miles with trails of 270 Miles
Every AP service 20 Internet users with maximum bandwidth of 512 Kbps
FR Camera is connected to only Wired port of IE Switch, as it consumes 20
Mbps of bandwidth per camera.
VS, LPR cameras connected to Wired port of IE switch or Bridged Ethernet
port of RAP/MAP
Sensity light fixtures are placed in every 30m (100 feet) and Every AP service
at least 4 sensity nodes
One Parking Gateway supports 500 sensors at maximum
2014
Cisco Confidential
IE Switch Capacity
Components
IE4000
MAP
No of
Devices
2
RAP
Video Camera
FR Camera (Wired)
LPR Camera
IR 910
Sensity Sensor
Gateways
Internet Services
44
220
Bandwidth Consumption
IE3000
Comments
No of Devices
Devices
Comments
2 Mesh Hops
2 Mesh Hops
Video Camera
Connected on 1 Copper
& 8 SFP Fiber
Connected on 6
Bridged AP ports
Connected on 1 IE
Wired Port
Connected on 4
Bridged AP ports
Connected on 1
Bridged AP port
Average of 4 Nodes/AP
Connected on 1 copper
& 8 SFP Fiber
Connected on 6
Bridged AP ports
Connected on 1 IE
Wired Port
Connected on 1 copper
& 5 Bridged AP ports
Connected on 1
Bridged AP port
Average of 4 Nodes/AP
FR Camera
LPR Camera
6
1
6
1
44
220
Bandwidth in Mbps
(per device)
6
20
6
IR 910
0.01
Sensity Gateways
0.02
Internet Services
City Staff Services
0.5
2
RAP Connected to ASR920
City Staff Services
Average of 20
Users/AP
1 users/IE
Average of 20
Users/AP
1 users/IE
Bridged ports
11
6 VC + 4 LPR + 1 IR
12
6 VC + 5 LPR + 1 IR
IE Wired Ports
1 RAP + 1 FR
1 RAP, 1 FR, 1 LPR
Type of devices
MAP
Uplinks
Combo ports
Combo Ports
RAP
1
1
No of Devices
2
No of Wired Devices
11
12
Video Camera
No of Wireless Devices
265
265
FR Camera
No of Aps
11
11
LPR Camera
1100 m
1100 m
Traffic in
Mbps
110
Traffic in
Mbps
110
Traffic to Internet
Cloud
Traffic to DataCenter
1.5
1.5
62
74
Total Traffic
173
Trail
Traffic to Internet
2014
185
IR 910
Sensity Sensor Gateways
12
Internet Services
City Staff Services
60
1
Total Traffic expected from RAP
Cisco Confidential
57 Mbps
Sizing Considerations
IE Rings will have max of 3 IE switches (based on 1 Gig Uplink) and

terminated in ASR920 Ring
Every ASR 920 Ring will have maximum of 9 Rings (based on 10 Gig
uplink)
Max of 10 ASR920 REP rings are possible with CAT4500-X.

IE4K
Model
SFP ports
Ethernet Ports
Uplinks (combo)
Distance between
Each IE
IE3K
Cisco IE-3000-4TC with Cisco

IE-4000-8GS4G-E (8 GE SFP + IEM-3000-8SM= (4 FE T, 8 FE
SFP, 2 GE Combo)
4 GE Uplink combo)
8
8
0
4
4
2
900 m
900 m
2014
Traffic type
Traffic in MB Interface Capacity
Traffic Per IE4K/IE3K
179
1GE
Traffic Per IE Ring
538
1GE
Total Traffic Per ASR920
5865
Uplink=10G
Ring (9 IE Rings+AP)
Traffic of IE4K Ring at CAT4K
1435
2 GE
Total Traffic at CAT4K
72519
Uplink=Vpc with 8x10GE
Cisco Confidential
Sizing Models
Input Considerations
Requirements
Number of VS Camera
Number of detections per day
(Average of 150/camera/day)
Required time period for VS Video
Storage
Medium
6 sq. Miles/Walking Trail of 35
Miles
276
Large
50 sq. Miles/ Walking trail of
270 Miles
2280
41400
342000
Derived Output recommendations

Overall System Traffic (in Mbps)
Medium
8633 (5.2 Gig 40% OS)
Large
72519 (44 Gig 40% OS)
Total Traffic through FW (in Mbps)
5343 (3.2 Gig 40% OS)
44519 (27 Gig - 40% OS)
Total Number of RAPs
405
3330
Total Number of MAPs
122
1060
Total Number of Aps
527
4390
15 days
15 days
Total Number of RAPs in all ASR920s
18
180
Required time for VS event storage
60 days
60 days
Total Number of IE4000
30
215
Number of LPR Camera

Number of LPR Events per day
(Average of 10000/camera/day)
Required time period for LPR Video
Storage
198
1670
Total Number of IE2000/IE3000s
13
135
1980000
16700000
Number of IE4000 Ring on CAT4500-X
10
Not Applicable
Not applicable
Number of IE Switches
27
270
Required time for LPR event storage

Number of FR Camera
60 days
22
60 days
215
Number of IE (2000/3000/4000) Ring per

ASR920 Ring
Number of ASR920 Rings
10
Number of FR Events per day

Required time period for FR Video
Storage
44000
430000
Total Number of ASR920
30
15 days
15 days
Number of DC Switch
2 (Nexus 5000)
4 (Nexus 7000)
Required time for FR event storage
60 days
60 days
2 (CAT4500-X)
2 (CAT6000)
4
29
6
268
Number of City Switch (CAT4500X/CAT6000)

ASA Mode
Clustering
Clustering
ASA Model
5585-X SSP60
5585-X SSP60
Number of Parking Sensors

Sensity nodes
7500
2108
67000
17560
Anyconnect Remote User
12
Sourcefire
Yes
Yes
Internet Services
10540
87800
WLC Model
5520
8500/8540
15
!
133
!
Number of operators / clients

IR 910
City Staff Services

!
2014
Number of WLCs with HA
Cisco Confidential
QoS Considerations
Traffic Classification based on trusting DSCP value of the packets

DSCP Mutation
Uplink - At IE2K & N5K for Gateway Traffic, At N5K for Internet Traffic
Downlink - At N5K for Gateway and Internet Traffic
No Ingress Policing
Traffic at every interface not exceed the capacity
Egress policing for only Priority Queuing for avoiding mis-
configuration
No Ingress Queuing Considered
Needed when input rates from any/all switch ports exceed the switch fabrics capacity
Egress Queuing Considered

Priority Queue allocation, Guaranteed Bandwidth.
2014
Applying to all Interfaces of each devices.
Cisco Confidential
Wireless LAN QOS Model

Wireless Endpoints/Applications
Actual DSCP
Bridged Video Traffic

(LPR, VS)
EF (46)
UP 6
Platinum
Smart Lighting,
Gateway Wireless Traffic
DF
CS3(0)
UP 5
Gold
City Staff Street Access

Wireless Traffic
DF (0)
UP 3
Silver
Citizens Free Internet

Wireless Traffic
DF (0)
UP 1
Bronze
2014
Wireless Queue
Cisco Confidential
Wired LAN QOS Model - IE 2K/3K MLS QoS

Wired/ Wireless
Endpoints/Applications
DSCP at IE2K
Network Control
CS6 (48)
FR, LPR, VS (Wired/Bridged Traffic)
Smart Lighting/Parking Gateway

Traffic (Wireless CAPWAP Traffic),
Parking Gateway (Wired/Bridged)
1P3Q3T Model
CS6
EF (46)
AF41
CS3(34)
AF41
Q2T2
CS2
Q2T1
CS2 (16)
Network Management
DF
City Staff Street Access

(Wireless CAPWAP Traffic)
DF (0)
Citizens
Free Internet Access
(Wireless CAPWAP Traffic)
AF11 (10)
2014
Queue 1
Priority
EF
AF11
Cisco Confidential
Queue 2
Queue 3
Best Effort
(Default)
Queue 4
Background
Wired LAN QOS Model IE4000/ASR920/CAT4500-X/N5K MQC QoS

Traffic Type
Classification
Egress Policing
CIR
Egress Queuing
Transmit Action Exceed Action
Video
EF
30%
Transmit
Drop
Priority
Network Control
CS6
2%
Transmit
Drop
Priority
Gateway Traffic
AF41
3% BW
Network Mgmt
CS2
5% BW
City User
DF
5% BW
Internet User
AF11
40% BW
Other
15% BW
Cisco Confidential
2014
Smart Lighting Solution - System flow

Sensity Core Node
AP (SL)
DHCP (DC)
WLC (DC)
ASA FW (DC) NETSENSE (Public Cloud)
Node Association, WPA2-PSK

DHCP Phase, Private Network
WLC Relay
Node Registration [Certificate, Unique ID], TLS Handshake with Client Auth. ,DNS Resolution for produp.xeralux.com, Port 9443/10443
Node shares {Node ID, BSSID, SSID and other network information}, TCP Session {Port 9443/10443}, AES128 Encryption
TCP Keepalives Sent every minute
= Continuation of TCP session

SL = Street Layer
DC = Data Center
2014
Cisco Confidential
PAT with Public IP
Design Considerations
Height of the Pole : 25 feet / 7.6 Meters
Distance between two poles : 100 feet / 30 Meters
http://www.lrc.rpi.edu/programs/NLPIP/PDF/VIEW/SR_StreetlightsLocal.pdf
Creating a new SSID by configuring the Firewall as the gateway for the SSID traffic
Segregation of traffic to and from Sensity core nodes to a dedicated VLAN with a
new address range
Creating a new DHCP scope on Prime IP Express to cater to the Sensity core nodes
Configure the SSID for the Sensity nodes with the appropriate Gold QoS priority
(ie.AF41)
Configure a PAT rule on Firewall to allow traffic from the Sensity core nodes to reach
their management server on the cloud Netsense
2014
Cisco Confidential
Traffic Flow
Internet Service
Layer
ASA Firewall
VPN Tunnel
WLC
Authentication
/Policy
enforcement server
Inside
CITY Data
Center
ISG
Inside-City
3rd party
Authentication
Server
AGT
Remote user
Inside-Gateway
DHCP Server
SP
NETWORK
Data Center Layer
Outside
Netsense, Fastprk
Internet Cloud
Internet
City
Mind
Intuvision
Dundas
Vega Prime
Storage
Cognitech

CPIPE (DHCP
Server)
Nexus DC Switch
City
Layer
MSE
Cisco ACS
Cisco
Prime
vPC
SMS Gateway
Video Surveillance
Certification
Server -Microsoft
UCS Platform
CAT 4500 X
(HSRP/VRRP)
100Gig Fiber
10 Gig Fiber
ASR920
1 Gig Fiber
REP 100
ASR920
1Gig /100 MB Copper
Street
Layer
IE 2K/3K/4K
Bridged
SFP/fiber
REP
200
Access
Point
Root AP
2G
Access
Point
Root AP
Bridged
VS 6930, 7030, 6400
Mesh AP
AP 1552/1532/1570
2014
IE4K
IE4K
1 Gbps 2 G
FR AXIS, LPR 4500

IR910
2G
REP 300
Mesh AP
LPR/FR,
Video
reserved.
Cisco Confidential
Street
Analytic
Parking Lighting
People
s
Root AP
Mesh AP
Mesh AP
IE4K
2G
1 Gbps
Root AP
City Safety & Traffic Incident Management - System Flow

Situational
Awareness
1. Events
Management
2. Events
Correlation
3. Investigation
4. Visualization
5. Issue
Assignment,
Tracking and
Management
6. 2D/3D Views
7. Vehicle Counting
Analytics
1. License Plate
Rec
2. Face Rec
3. Line Crossing
4. Left Object
5. Wrong Lane
6. Illegal
Parking
7. Vehicle
Counting
Video Infrastructure
1.
Video Cameras
2.
Media Server
3.
Video Management and Operations
4.
Video Storage
5.
Multi Service Network
with QoS,
2014 Cisco and/or its affiliates.
Traffic Engineering and Security
All rights reserved.
Cisco Confidential
Centralized Architecture Layout

Netsense, Fastprk
Internet Cloud
3rd party
Authentication
Server
Remote user
ISG
Outside
AGT
Inside-ISG
CITY Data
Center
CityMind
Intuvision
Nexus 5672 UP
Authentication
/Policy
enforcement server
CPIPE (DHCP
Server)
MSE
Cisco ACS
Certification
Server -Microsoft
Cisco
Prime
FC/FCoE
SAN Storage
WLC
5508/8500
5520/8540
SMS Gateway

Domain
Server
Media
Server
CityMind
Mobile
DB server
server
FR
LPR
Analytics
Analytics
VSOM server
Inside
SP
NETWORK
Data Center Layer
ASA Cluster +
SourceFire
Inside-City
Internet
DHCP Server
Site to Site VPN
VPN Tunnel
Inside-Gateway
Internet Service
Layer
vPC
City
Layer
UCS Platform
C& C
CAT 4500 X
HSRP/VRRP
Video Traffic
ASR920
Analytics Traffic
REP 100
ASR920
SFP/fiber
Street
Layer
REP
200
IE 2K/3K/4K
2G
Access
Point
Root AP
VS 6930, 6400E
Access
Point
Root AP
IR910
IR910
AP 1552/IW3700/1570
Sensity Nodes
LoRa Sensors
2014
IE4K
1 Gbps 2 G
FR AXIS 1357
LPR 6500 PD
IE4K
REP
300
Mesh AP
LPR/FR,
reserved.
Cisco Confidential
Street
Video
Parking Lighting
People
Analytics
Root AP
Mesh AP
Mesh AP
IR910
2G
IE4K
2G
1 Gbps
Fastprk
Root AP
Sensor
Distributed Architecture Traffic Flow

Netsense, Fastprk
Internet Cloud
3rd party
Authentication
Server
Remote user
ISG
Outside
Inside-ISG
CITY Data
Center
CityMind
Mobile
server
CPIPE (DHCP
Server)
Certification
Server -Microsoft
Cisco
Prime
UCS Platform
CAT 4500 X
HSRP/VRRP
Local Analytics
ASR920
Analytics Traffic
REP 100
FR
Analytics
Media
Server
ASR920
REP
200
2G
Access
Point
Root AP
VS 6930, 6400E
LPR 6500 PD
IR910
IR910
Sensity Nodes
LoRa Sensors
2014
IE4K
REP
300
IE4K
1 Gbps 2 G
FR AXIS 1357
IW3700
Mesh AP
LPR/FR,
reserved.
Cisco Confidential
Street
Video
Parking Lighting
People
Analytics
LPR
Analytics
Intuvision
Storage
SFP/fiber
Access
Point
Root AP
IW3700/1570
C& C
Local Datacenter
Video Traffic
IE 2K/3K/4K
Cisco ACS
FC/FCoE
vPC
City
Layer
Street
Layer
MSE
SAN Storage
WLC
5508/8500
5520/8540
SMS Gateway
Domain
Server
CityMind
DB server
VSOM server
Nexus 5672 UP
Authentication
/Policy
enforcement server
AGT
Inside
SP
NETWORK
Data Center Layer
ASA Cluster +
SourceFire
Inside-City
Internet
DHCP Server
Site to Site VPN
VPN Tunnel
Inside-Gateway
Internet Service
Layer
Root AP
Mesh AP
Mesh AP
IR910
2G
IE4K
2G
1 Gbps
Fastprk
Root AP
Sensor
Smart Parking Solution - How it works

Solution high level flow
1
Cloud Services
Network and
Application
Server
RF communication
between Sensor and IR910
with Lora Technology.
2
IR910 communicate to
Cloud (Network/Application
Server) using Wired
backhaul
Internet
AP: terminates
Radio and proxy
packets to
Network Server
Semtec LoRa Card in IR910
Low Power,
Long Range
Radio
Small,
Embedded,
low cost smart
device

Parking Sensor
Parking Sensor
2014
Parking Sensor
Cisco Confidential
3
Fast Park Application gets
the parking status for the
users.
Sensor Traffic Flow in CityWifi 3.0

Internet Service
Layer
ASA Firewall
VPN Tunnel
WLC
Authentication
/Policy
enforcement server
Inside
CITY Data
Center
ISG
Inside-City
3rd party
Authentication
Server
AGT
Remote user
Inside-Gateway
DHCP Server
SP
NETWORK
Data Center Layer
Outside
Netsense, Fastprk
Internet Cloud
Internet
City
Mind
Intuvision
Dundas
Vega Prime
Storage
Cognitech

CPIPE (DHCP
Server)
Nexus DC Switch
City
Layer
MSE
Cisco ACS
Cisco
Prime
vPC
SMS Gateway
Video Surveillance
Certification
Server -Microsoft
UCS Platform
CAT 4500 X
(HSRP/VRRP)
100Gig Fiber
10 Gig Fiber
ASR920
1 Gig Fiber
REP 100
ASR920
1Gig /100 MB Copper
Street
Layer
IE 2K/3K/4K
Bridged
SFP/fiber
REP
200
Access
Point
Root AP
2G
Access
Point
Root AP
Bridged
VS 6930, 7030, 6400
2G
IE4K
REP 300
IE4K
1 Gbps 2 G
FR AXIS, LPR 4500

IR910
Mesh AP
AP 1552/1532/1570
2014
Mesh AP
LPR/FR,
Video
reserved.
Cisco Confidential
Street
Analytic
Parking Lighting
People
s
Sensor
IR 910
GW
IE4K
2G
1 Gbps
Products & Systems for Integration

Street Layer Components
Component
Release & Version
Function
Cisco-, AP1570, IW3700
8.1 MR1
Cisco Outdoor Wi-Fi Access Point
Cisco IE 2000, IE 3000, IE 4000
Cisco Industrial Ethernet Access Switches
Cisco -ISR819
IE 2000/3000 ->15.2.3E1
IE 4000 ->15.2.2EA
15.4(2)T
Axis P1357-E Camera
Face Recognition Analytics
6400E, PTZ 6930 IP Camera
2.5.0
City safety and security Video Surveillance , Video Analytics
6500PD IP Camera
2.5.1
License Plate Recognition (LPR) Analytics
Sensity Core Node
Smart Lighting
World Sensing- Sensors

Semtec Lora Cards
Cisco IR910
Sensors & LoRa Cards works on LoRa technology to pass sensors details
1.2.1
Network Gateway for Smart parking Use cases
Cisco Wi-Fi/3G ruggedized router to deploy in street furniture
City Layer Components

Component
Release & Version
Function
Cisco ASR 920
3.16
Cisco ruggedized access/aggregation switches with fiber/copper ports and

10G port
Cisco Catalyst 4500X
03.04.06 SG
Core switch aggregating access switches and connect to the Data Center
2014
Cisco Confidential
Data Centre Layer Components

Component
Cisco UCS C-220 Series, UCS B Series
Chasis
Cisco-Nexus Series (5672UP)
Release & Version

ESXi 5.5
Function
Compute (CPU/Memory storage to host various software applications
7.2 (0) N1 (1)
Data Center Switch to interconnect various software applications
Cisco-WLC 5508/8500, 5520/8540
8.1 MR1
Wireless Controller controls and manages Wi-Fi Access Points.
Cisco -Mobility Service Engine
8.0
VM Component - Manage location of devices; provide location analytics etc.
Cisco ASA 5585-x with FirePower

SSP60
Cisco - ACS
ASA -> 9.4.1.3

FirePOWER -> 5.4.0.2
5.7.0.15
Firewall policy filtering
Video Surveillance Manager Software

application
Cisco Prime IP Express (CPIPE)
7.6
8.2
VM Component - Video Surveillance Media server (VSMS)/Video Surveillance

operation Manager (VSOM)
VM Component - DHCP server in the City network
Cisco Prime Infrastructure (PI)
2.2.2
VM Component - Life cycle management and assurance for MSE, WLC, AP, etc.
Intuvision Panoptes Video Analytics

Server
ViANANPR Server
6.3.7.12738
VM Component - Video Analytics
ANPR_TOLL_4.1
VM Component - License Plate Recognition
Cognitec FTS,FMS,FAM
FaceVACS-SDK 8.7.0
VM Component - Face Recognition
AGT City Mind Server
USH-6.5.6
NetApp SAN Storage
FAS 8020- NetApp Release 8.2.1 7-Mode

Disk Type : SAS with 10000 IOPs
VM Component - Application Server which controls FR, LPR, video Analytic ,

VSM Servers
For Storing video feed in Data Center
Vega Prime
V.14.0
Graphics display software for CityMind
Dundas
BI V 1.0.7
Reporting software for CityMind
2014
VM Component - Device authentication
Cisco Confidential
Key Takeaways
Enablement of new services on City Wi-Fi Infrastructure
Smart Lighting Solution
City Safety and Traffic Incident Management
Smart Parking Solution
City Wi-Fi Network having secure cloud connectivity for Smart
Lighting, Smart Parking Cloud based solution

Supporting AVC feature for Internet and Cloud traffic with FirePower
Distributed Architecture System for City Safety and Traffic Incident
Management solution
Latest hardware/software refreshes
2014
Cisco Confidential
Deepak Michael
Solution Architect - S+CC
December 2015
Agenda
Adelaide/Kansas City Deployment

Services
High level System architecture
Design considerations
Deployment Models
Issues
Remedies to overcome the issues
2014
Cisco Confidential
Adelaide Sensity Deployment
Local Service Provider iiNET owns and manages Adelaide Free Wi-Fi
Network.
Services include S+CC lighting control and parking w/free WIFI.
Approximately 500 Cisco 1552 Access Points deployed.
Deployed 39 video nodes and 64 core nodes.
WLC Model 8510.
Approximately 4375 Clients.
2014
Cisco Confidential
System Architecture
1552 outdoor access point
3560 street layer switch
ME3600 & 4500 aggregation
switches
8510 WLC
ASR 1K
2014
Cisco Confidential
Adelaide Design Considerations
Adelaide public (Free) SSID broadcast on 2.4 GHz
Video and Core nodes SSID broadcast on 5 GHz
1552 AP's deployed with 4/7dBi Omni directional Antenna
Maximum of 1 or 2 Mesh Hops.
Backhaul connectivity Fiber/Ethernet
Mesh back haul over 5 GHz
2014
Cisco Confidential
AP Deployment Model
WIFI Based Lighting
Control + Video
Nodes
2014
Cisco Confidential
Mesh Deployment Model

Maximum 2 Mesh
Hops
Lighting and Video
node client access
allowed over 5 GHz
backhaul.
Edge Video hence
low BW.
2014
Cisco Confidential
Adelaide Deployment Issues
Client observations
Intermittent core and video node connectivity
Network observations -
Channel Utilization high with minimal Tx/Rx

Flapping mesh link
Coverage gaps
2014
Cisco Confidential
Adelaide Deployment Issues & Resolution
Resolution
Configure BGNs to logically group radios to avoid two networks on the same
channel from communicating with each other.
RAPs with the same BGN, but on different channels.
Strict Match BGN is enabled on the mesh AP.
Additional access points deployed after site survey

Modified Client Roaming Configuration to custom & hysteresis value to 15dB.
Client will only roam to neighboring AP if >15dB.
Reduce the amount of roaming between access points
Mesh Convergence method set to Fast:
2014
Cisco Confidential
Kansas City Deployment
Kansas City Wi-Fi provided by Sprint
Sprints customers are allowed 50% of total available BW on AP.
Kansas City is allowed remainder of available AP BW.
Deployment does not cover Hot Spot 2.0
Solutions booked
LBS via EMSP

Digital Kiosk in high traffic areas
Lighting Control
Edge based video surveillance
2014
Cisco Confidential
Smart
Lighting
Cloud
Managed
Services
(RMS)
Digital
Kiosks
S+CC App 3
City
City Use
Use
Wireless
Infrastructure
Wireless
Infrastructure
Sprint Use
Sprint
Use
AS IoE Services(along
with Sensity and
CityPost)
AS SP + Wireless COE
and Sprint Engagement
Physical Assets/Right of way
AS SLED Engagement
CCS Business
Outcome
CityofofKansas
Kansas
City
City
2014
Cisco Confidential
System
Integration
PMO - CCS/IOE Services
AMO IoE Services
City S+CC Overall Services Engagement

Structure
Device
What is being
deployed
Street level Quantities
2014
Cisco 3700
1. City Market
2. Convention Center
3. Sprint Center Front
Cisco 1570
1. River Market
2. Street Car Line (Streets 7-12)
3. Power and Light
4. Crossroads
5. Sprint Center Back
Cisco 2566 Panel Antenna for
3700s
Cisco 2547VG Omni Antenna for
1570
ASR 901
1. River Market
2. Street Car Line (Streets 7-12)
3. Power and Light
4. Crossroads
Cisco Confidential
Quantity
Total 95
1. 62
2. 17
3. 16
Total 234
1. 25
2. 16
3. 116
4. 71
5. 5
Total 95
Total 936
Total 51
1. 4
2. 5
3. 28
4. 14
Cisco Confidential
12
Core Architecture
Wireless/ IP Transport
Root Access Points
connect via Ethernet to
ASR 901
No more than two MAPs
per RAP
10G support from
distribution to core
infrastructure over
CAT4500.
Cisco 1K for Firewall
2014
Cisco Confidential
Security Requirements
Wireless LAN intrusion prevention and location Analytics
Wireless intrusion detection system
Identity based networking
Layer 2 Security 802.1x (PEAP, LEAP, EAP-TTLS), WPA/WPA2
Layer 3 Security Web Authentication, VLAN Assignments
Access Control List
Peer to Peer Blocking
Network Segregation
2014
Cisco Confidential
Lawful Intercept
The Cisco ASR 1000 Series Aggregation Services Routers support two types
of LI: regular and broadband (per-subscriber).
Broadband wiretaps are executed on access subinterfaces and tunnel
interfaces.
Regular wiretaps are executed on access subinterfaces, tunnel interfaces,
and physical interfaces.
The router determines which type of wiretap to execute based on the
interface that the targets traffic is using.
LI on the Cisco ASR 1000 series routers can intercept traffic based on a
combination of one or more of the following fields:
Destination IP address and mask (IPv4 or IPv6 address)

Destination port or destination port range
Source IP address and mask (IPv4 or IPv6 address)
Source port or source port range
Protocol ID
Type of Service (TOS)
Virtual routing and forwarding (VRF) name, which is translated to a vrftableid value within the router.
2014 Cisco and/or its affiliates. All rights reserved.
Cisco Confidential
Subscriber (user) connection ID
Lawful Intercept Requirements

Radius Based LI
A subscriber is to be intercepted by a Law
Enforcement Agency; the Mediation
Device sends an interception order to the
Radius Server.
RADIUS provision the ASR1000 to
intercept the target using RADIUS
Change of Authorization (CoA)
message.
RADIUS transmits Intercept Related
Information (IRI) to the Medication Device
(MD), and the ASR1000 transmits Contecnt
of communication (CC) to the MD.
2014
Cisco Confidential
Lawful Intercept Requirements

Interception of communication
content. The router duplicates each
intercepted packet and then places
the copy of the packet within a UDPheader encapsulated packet (with a
configured CCCid).
The router sends the encapsulated
packet to the LI mediation device.
Even if multiple lawful intercepts are
configured on the same data flow,
only one copy of the packet is sent to
the mediation device. If necessary,
the mediation device can duplicate
the packet for each LEA.
2014
Cisco Confidential
Reference & Contacts
City Wi-Fi CVD Material For Internal Use Only

Design Guide : https://docs.cisco.com/share/s/sHSO5pDdT0qPCugSm3xJ9Q
Implementation Guide : https://docs.cisco.com/share/s/xNB0b5nHSja6_rpcNGiy7g
City Wi-Fi Mailer Alias - ivsg-citywifi-team
For Sales and Technical Support scc-pm@cisco.com
2014
Cisco Confidential

CVD City Wifi-Cisco

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

CVD City Wifi-Cisco

Загружено:

Авторское право:

Доступные форматы

Abstract

During the session the participants will understand the architecture

Cisco and/or its affiliates. All rights reserved.

City Wi-Fi Reference Architecture

Smart Lighting Solution

City Safety and Traffic Incident Management Solution

Smart Parking Solution

Cisco and/or its affiliates. All rights reserved.

Smart Lighting Solution Sensity Core Node

Face Recognition Service Detection, Recognition & Enrolment - AXIS Cameras

License Plate Recognition (LPR) Service Detection, Capturing, Recognition &

Smart Parking Solution World Sensing Semtec LoRa gateway on IR910

Cisco and/or its affiliates. All rights reserved.

City Wi-Fi Reference Architecture

Site to Site VPN

Data Center Layer

Virtualization & Other Apps

1Gig /100 MB Copper

Increasing Wireless/Wired backhaul bandwidth

Enabling 3.0 use cases on the city infra

Wireless/Wired Network Design considerations with appropriate scaling

Cisco and/or its affiliates. All rights reserved.

Inclusion of AP1570, IW3700, IE4K, CAT4K high port density model,

Replacing ME2600 with ASR920 as ME2600-X is announced EOL.

Introducing Nexus 5K in DC for supporting FC & FCoE Connectivity

2 Hop Mesh Network

IE4K (2G) REP Ring termination with CAT4K/ASR920

Cisco and/or its affiliates. All rights reserved.

IE4k Ring With Port Channel

REP Segment 100

IE4K uplink can be

Core Switch CAT4K/ASR920

Cisco and/or its affiliates. All rights reserved.

Which double the REP

ASA with FirePower

recommended on ASA Firewall

Cisco and/or its affiliates. All rights reserved.

Cisco and/or its affiliates. All rights reserved.

Cisco and/or its affiliates. All rights reserved.

Scaling & Sizing - Assumptions

Cisco and/or its affiliates. All rights reserved.

RAP Connected to ASR920

City Staff Services

1 RAP, 1 FR, 1 LPR

Cisco and/or its affiliates. All rights reserved.

Sensity Sensor Gateways

Total Traffic expected from RAP

IE Rings will have max of 3 IE switches (based on 1 Gig Uplink) and

Max of 10 ASR920 REP rings are possible with CAT4500-X.

Cisco IE-3000-4TC with Cisco

Cisco and/or its affiliates. All rights reserved.

Derived Output recommendations

Total Traffic through FW (in Mbps)

5343 (3.2 Gig 40% OS)

44519 (27 Gig - 40% OS)

Total Number of RAPs

Total Number of MAPs

Total Number of Aps

Total Number of RAPs in all ASR920s

Required time for VS event storage

Total Number of IE4000

Number of LPR Camera

Total Number of IE2000/IE3000s