Вы находитесь на странице: 1из 117

Cisco Service Control Engine (SCE) For Mobile Technical Overview

July 2009

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Agenda
Market Challenges and Opportunities

Service Control Engine Fundamentals


Traffic Analysis and Business Intelligence

Peer-to-Peer Management and Network Optimization

Tiered Services and Advanced Services Network Insertion, Management and Integration
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Over 750 Customers Worldwide*

*Customer wins are confidential. Check with AMs if you want to use these as reference.
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Service Control
Advancing Broadband Services
Over 750 Service Providers Deployed
ANY broadband Network: xDSL, FTTx, Cable, Mobile 3G, Fixed-Wireless Significant rollouts in live networks

Largest Service Control deployments in the world over 100 million subscribers served

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Market Challenges & Opportunities

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Value Add to Commodity Product


Commodity
Prevailing prices for various coffee offerings

Good

Service

Experience

$.01$02
Per Cup

$.05$.25
Per Cup

$.75$1.50
Per Cup

$2.00$5.00
Per Cup

Graphic: BusinessWeek, 2005 Source: Pine and Gilmore, The Experience Economy, 1999
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Increasing Value of Broadband Currency


Bandwidth

Whats Next? 1 Terabyte?


Music, Gaming, File Sharing Browsing Web 2.0 A BulletinIP TV Board

Application

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Expectations Have Changed


From Mobile Data
Mobile phone with data
Access and SMSbased services Closed OS and browser

To Mobile BB
Mobile computer

On-demand video and content


Full HTML-based browsing Broadband data rates

Average 9.6kbps
Pay per kilobit plans
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

All-u-can eat service plans


8

iPhone Launch
1 million customers within 2 months

>40% new AT&T customers


Revenue sharing with Apple

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

gPhone

inside

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

10

TV on your Mobile Phone

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

11

Skype goes Mobile

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

12

Alex Day; AKA Nerimon (19 years old)

Nerimon: Number 1 Most Popular Britains Youtubers has 30,000 subscribers tune into him everyday

European Operator Video is number 1 application that is killing our network


Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

13

Who Will Capture the Value?


Content/ Application Providers Aggregators/ Integrators/ Over the Top (OTT) Network Based Operators Virtual Network Operators

Device Services

Source: Cisco IBSG Analysis, March 2006


Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

14

OTTs Create Three Areas of Concern for SPs

Un-monetised Traffic Growth

Service Substitution

Changing User Behaviour New Sources of Revenue

While remaining innovative, acquisitive and highly valued


Source: Cisco IBSG
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

15

Service Control Engine (SCE) Fundamentals

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

16

Deep Packet Inspection (DPI)


DPI allows Mobile service providers to cope with the dynamic nature of the net
permits SPs to classify all IP applications provides subscriber awareness to manage traffic streams based on individual subscriber state and policy

Critical To Managing Todays Mobile Networks

DPI provides usage analysis and reporting

DPI enables Mobile SPs to implement capacity management and fair-use policies
to gain visibility into network activities to optimize network bandwidth and improve network performance to guarantee a consistent QoE over RAN and backhaul

DPI enables Mobile SPs to create new persubscriber service offerings, and other differentiated services (such as parental control, advanced per-application charging and quota) DPI empowers Mobile SPs implement advanced targeted advertising schemes
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

17

Application Architecture of the Future


SCE enables User Experience
Cellular/WiFi Mesh/WiMAX
IP/TV/ VoD

DSL
Service Control Point

Broadband Access

Fixed Wireless

Service Provider Network

Gaming

Voice

Music

Cable
Messaging

Enterprise

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

18

What Is the Service Control Engine


Application Awareness Stateful Deep Packet Inspection: Instead of processing packets as individual events, the SCE fully reconstructs flows up through Layer 7. Carrier Class: Designed for carrier-grade deployments requiring: High Performance for Subscriber Multi-Gigabit and 10 Intelligence Gigabit Speeds. High Availability & Technology Reliability with stateful failover. Subscriber State Management with Per-Subscriber BW Management, and Quotas

Service Velocity

Rapidly Programmable: Rapidly re-tasked to support new protocols or applications. Real-Time Control Application Session-Level Bandwidth Shaping, Blocking, Redirecting (HTTP, RSTP, SIP)

Extensible Platform & Open Architecture: Based upon a flexible purpose-built platform: Modular and scalable HW acceleration Easy-to-use, with open APIs for seamless OSS Integration
19

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Process of Service Control


Intelligent Inspection and Control of IP Packets
Classify to end-user application; determine application semantics Map to subscriber identity, policy and state Select action based on conditions - time of day, congestion, usage, other concurrent activities Take action and report

Mark Block Redirect Set QoS Report

Service Control Engine

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

20

Service Control Engine


Functional Examples

Revenue Generation

Over-The-Top Application Partnership Services

Traffic Analysis and Reporting

Cost Management

Multimedia (Voice/Video) Traffic Prioritization

Quality of Experience Monitoring Premium Service Enablement Usage Analysis Usage Demographics

Volume and Time Based Billing Services Parental Control & Content Filtering

Content Charging

Service Control Technology

Traffic Optimization

Traffic Mix Optimization Fair Use Policy Enforcement QoS assurance

Service Self Selection

Tiering & Access Control

Service Security Traffic Anomaly Detection and DDOS Protection

Volume and Time Based Tiering of Services Bandwidth on Demand (Turbo Button)

Anti-X (SPAM/Worms)
Safe Harbor and Quarantine Services
Cisco Confidential

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

21

Service Control Platforms


Category
Interfaces SCE1000 SCE2000

SCE8000

2-GBE

4-GBE

(Fiber SX/LX)
2 x 10/100/1000 Eth 2M

(Fiber SX/LX)
2 x 10/100/1000 Eth 2M

2-10G, 4-10G 8-GBE, 16-GBE


(Fiber SX/LX/ZX) 2 x 10/100/1000 Eth

Mgmt. Interface
Max. Concurrent Unidirectional Application Flows Max SubscriberContexts

16M (Can grow up to 32M) 1M Out of Line Inline


Clustering

200,000
Out of Line

200,000 Out of Line Inline


Clustering

Network Configuration

Inline

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

22

SCE Product
Family and Milestones

1M
Capacity (Concurrent Subscribers) SCE 8000
2x10 G/ 4x10G & 8xGBE / 16xGBE Ethernet interfaces Classification of up to 32 million concurrent unidirectional application flows Total throughput of 15 Gbps (30+ Gbps by end 09) Up to 1M concurrent subscribers Complete modularity - FRU AC or DC power supplies, fans, cards, interfaces, optics

200K

SCE 2000

SCE 1000

5Gbps Performance
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

40Gbps
23

Cisco SCE In Mobile


3GPP Compliance
Content Filtering

Industry leading Deep Packet Inspection Rich set of IP services 3GPP Compliant

Content Charging Traffic Optimization


Usage Analysis

DPI

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

24

The SCE Mobile Solution


Applications Portal

AAA (Radius)

Policy Server

Billing & Charging

Core
SGSN GGSN

SCE

Internet

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

25

The SCE Mobile Solution 3GPP Compliance


Applications Portal
AF

AAA (Radius)
SRP

Policy Server
PCRF

Billing & Charging


OCF

Gx

Gy

Core
PCEF

SGSN

GGSN

SCE

Internet

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

26

What does an SCE solution look like?


SCE sits at the access or aggregation layer
Policy Server/Portal Service Portal AAA DHCP Radius

Billing

Collection Manager

Reporting Engage Tool Console

Subscriber Manager

Network

Subscribers
1. SCE Appliance to view and act on the packets 2. Collection Manager to collect data records for Reporting & external DBs
Cisco Confidential

Service Control Engine

3. Subscriber Manager to coordinate sub info w/ AAA and control sub-level policies

4. Policy Manager to control multiple devices and sophisticated policies

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

27

Service Control Engine Deployment


Approaches

Traffic Analysis & Business Intelligence:


Usage Analysis

Implement traffic monitoring, analysis, and reporting Determine subscriber and application usage patterns

Capacity Control & Fair-Use Policies (FUPs):

Manage bandwidth-intensive applications through packet flow optimization techniques, Implement Fair Usage Policies for fair allocation of network resources

Revenue Generating Services:


3

Service Creation

Implement tiered services using volume and time-base quotas Implement Service Self Selection Implement Over-The-Top (OTT) Application Strategy and Blended Services Implement Security Services (Anti-X, Quarantine, etc.) Innovate other Differentiated Services such as Parental Controls, Content Filtering, Turbo Buttons, Allowance Based Services, Prioritized App. Services, Pay-as-you-go Services

Subs Profile DHCP Policy

AAA Portal

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

28

Why does a Service Provider Want From SCE? Profitability


Enhanced Tiered Services Flat Rate Fair Use Policy Restricted Usage/Content Based Billing URL Blacklisting
Product Tiers in addition to flat rate all you can eat

All HSDPA Mobile Operators

Global Migration from Flat Rate to Usage Based

Restricting sites that are blacklisted by governments

Precision Advertising Copyright Infringement URL Blacklisting Blocking


OTT Revenue Share Proposition
Presentation_ID

Demographic Information & Per Sub Re-direction to Ad Server

Blocking Distribution of Pirated Film/Music

Application Intercept for Internet Content Prioritisation


Cisco Confidential

2007 Cisco Systems, Inc. All rights reserved.

29

Traffic Analysis and Business Intelligence

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

30

Business Intelligence Cycle


Service Offering Network Tuning Cooperation
Strategic Act Part of Business Ops

Transactions Information

Measure

Network Utilization

Customer Sales

Service QoE

Marketing Review

IT Review Engineering Review

Decide

Cisco Service Control

Data Aggregation

Category Recognition

Analyze

Correlation Data Mining

Histogram View Intersecting Set

Compare

Trend Analysis Geographies Comparison

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

31

Which specific Video applications is consuming bandwidth?

Who are the top video consumers ?


Video

How do usage patterns vary by time of day?


Reports

Focus on specific Video Application


Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

32

Insights into Web traffic


Top Domains

Top Hosts

Web Reports

Insights into
All popular Google Hosts
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

33

Web Reports
ClickStream
The ability to classify HTTP requests as belonging to a users ClickStream allows effective extraction of information about a user browsing habits

ClickStream events constitute only 1%-5% of the total amount of HTTP requests, which allows an immense reduction in the amount of data to be analyzed
Only ClickStream

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

34

Cumulative & Average Usage Distribution

Setting 5G Daily Quota per Subscriber will impact on Top 2% only

Top 1% => 15%+ of Traffic


Top 10% => 60%+ of Traffic Top 20% => 80%+ of Traffic

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

35

Service Control Engine Protocol Support


Protocol Pack Updates
Ciscos SCE keeps customers on top of the game Updated protocol packs issued once every 2.5 months
PP#17 [May 09] Joost (Web-based) YouTube and Yahoo Flash new flavors Updated Gnutella signatures YouTube Movies - HD vs. Normal Yahoo SIP Skype 4.0.0.206 Sky Player update PP#18 [Planned for Jul / Aug 09] Ares 2.1.1 Cisco IPSec YouTube Shows (RTMP based) Flavors for popular Video services Google Phone Gaming applications Facebook IM
36

Enhancements for existing clients/protocols/applications


New protocol or application signatures

Extensible protocol signature development toolkit to rollyour-own Rapid time to market

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Behavioral Signatures
Finding new signatures becomes difficult task Signatures are more complex (encryption) Protocol signatures are evolving all the time (new application versions) Many geography specific applications In some cases almost impossible (new trend of anti-shaping)
Its both a scalability and a feasibility challenge

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

37

Behavioral Classification
Benefits

Behavioral Classification

Time To Market Zero Day Response


Behavioral P2P signature use heuristic approach. New P2P client version not necessarily requires development of new signatures.

Scalability
Behavioral approach is capable of recognizing the application flows based only on few signatures. One signature per application family instead of per application signature (Behavioral P2P)

Cost-Effective
Behavioral P2P maybe enough for some of the use cases such as Traffic Optimization. In such case, there is no need to recognize the specific P2P application

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

38

Peer-to-Peer Management & Network Optimization

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

39

SCEs Flexible Control


Policy Implementation
Policy Implementation Impact
Service Level/Policy Dimensions

Application

Sessions or Bandwidth

Time Based

Peak/Off-Peak Hours

Congestion

Selective Prioritization

Subscriber
Per-Sub Limits

Destination

On-Net/Peering/Transit

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

40

Adaptive Subscriber Bandwidth Allocation Improve User Experience


User launches video
mobile tv peer to peer service

peer to peer peer to peer service service

web web browsing browsing

email email

email web browsing

peer to peer service

web browsing

email

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

41

Fair Usage
The Challenge

Bandwidth needs to be fairly distributed in real-time with equal access to network resources Short-term windows of usage also need to be taken into account In addition, monitoring and acting on longer term violation of the subscription plans acceptable usage policies to ensure a balanced community of subscribers

Two subscribers share network resources (and the network cannot fully satisfy both)
If at 0:40 the MSO divides bandwidth equally between them, would that be fair?

Clearly, Sub A is not getting a fair share of the resources


Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

42

Fair Usage

SCE Intelligent Traffic Management

FairUsage is a traffic management scheme implemented with Ciscos SCE DPI gear Enabling SPs to
Apply equitable distribution of network resources Improve the Quality of Experience that the network delivers Minimize service-abuse

No Fairness Some of the subscribers not getting a fair share of the BW

Fair allocation of BW with the SCEs FairShare

FairUsage works only during congestion times

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

43

RAN Optimization And Backhaul Optimization


Addressing the inherent congestion at RAN and Backhaul levels that the booming of Mobile data is imposing
Higher and more consistent performance and a much improved end-user experience Flexibility to generate revenue through differential billing and charging, e.g. email only Ability to provide SLA support or managed services for large enterprise users

Policy Server

GPRS
UTRAN

SGSN

GGSN
SCE

Internet

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

44

Tiered Services

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

45

Requirement: Flexible Billing Plans


Quality of Service Usage Pattern

Subscription
Content Type Transaction Volume
Time
Volume

Subscription
Content Type Transaction

Volume Time

Time

Bill by bandwidth usage over always on service


Presentation_ID 2007 Cisco Systems, Inc. All rights reserved.

Bill differently for each type of application and content

Bill differently for the same content based on quality, priority, time of day and usage pattern

Cisco Confidential

46

Allowance or Quota Based Services


Buy Time or Bandwidth as Needed
Allowance Based Subscription
This Feature Allows Subscribers to Choose Volume Quota-Based or Time-Based Bandwidth for a Set Period of Time, for Example on a Monthly Basis

Pay-as-You-Go Subscription Service


This Option Is Ideal for Subscribers Who Use the Internet Intermittently and Only Want to Buy Time or Bandwidth as Needed; When Users Launch Their Browsers, They Are Redirected to a Web Portal Where They Select the Two-hour Pay As You Go Option; After Two Hours, the Session Could Either Be Terminated or the User Could Purchase More Usage

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

47

Quota Measurement / Enforcement Solution


Quota Manager Billing/Mediation

Policy Server

Network

Subscribers

Service Control Engine

SCE Capabilities:
Stateful classification of end-application regardless of port number Subscriber-based classification for detailed demographics data
No load added on existing network infrastructure End-to-end solution including analysis engine, collection server and easy to use reporting tools
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

48

Quota Measurement Flexibility


Content that has, other than Access Revenues can be exempted from Quota counting
SPs Content Delivery Store P2P Technology can also be supported in the Upload direction via DPI. SPs Gaming Services SPs VoIP Service Partnership Content Delivery Services

Quota measurement rate can change during time of day


Peak Hour: 1 byte of transfer = 1 byte of quota Middle of Night: 10 byte of transfer = 1 byte of quota

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

49

Application-Based Charging
Granular Charging for
VoIP Video

Subscriber Service Control

Applications and Services

2 3
Converged Packet Core
GGSN

advanced services based on volume, length of usage and application events

Standard Gy interface to

1
SCE

Online Charging Server

Internet

Access, Aggregation and Service Control

* The Gy interface is still under development and will be available in a future release
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

50

Gy Interface For Online Charging


Comprehensive implementation of Gy over Diameter
The SCE supports Diameter Credit Control Application (DCCA)

Online Charging Server

Integration with Online Charging Servers for Mobile prepaid and quota use cases
Multiple quota types
Volume Time Event driven

Gy Over Diameter

Internet

High availability and loadbalancing between Online Charging Servers

SCE

* The Gy interface is still under development and will be available in a future release
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

51

Quota Based Tiering


Telenet: Cable Company in Belgium
Quota compliments Speed as a Tiering parameter

When a User reaches Quota, his Internet service is reduced to dial-up speed The User then has the option to upgrade his Quota Level or continue at reduced speed till the end of the month 15% of the Customers upgrade their Quota every month*

*http://www.billingworld.com/rev2/main/featureArticle.cfm?featureI D=7799
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

52

View previous months Current product and speed

Extend monthly subscription volume Upgrade to other product Button to go from pay as you go broadband to free smallband or the other way around

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

53

Redirect Page
Re-direct page in case 100% of quota is reached. Three options presented to subscriber: Extend subscription - buy more Pay as you go on broadband Continue for free on narrowband

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

54

Quota Based Services - Results

15% of subscribers reaching their quota limit electing every month to move to a charge by the MB plan
Revenue increase!

15%
40%

40% REDUCTION in service support calls relating to this service Increased customer service satisfaction
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

55

T-Mobile Quota-Based With Application Control


Default Allowance VoIP Unlimited WnW 2GB WnW Pro 2GB WnW 1GB WNW Plus 3GB WnW Max 10GB Post Pay Day Pass

IM
P2P FTP

Media Stream
Web Browsing Downloads

Emails
Handset as modem

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

56

European Mobile
BB Web, 3G, and Skype for Mobile

Take your online world with you. TV, PC and the web on your mobile.
Business issue:
Skype taking mobile minutes away

Use case description:


SCE & PGW 2200 allows to route Skype users to mobile phones over PLMN

Business benefits:
Skype becomes chargeable minutes again. Non IP capable phones can use Skype
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

57

European Mobile
Volume Quota

> 40%

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

http://www.vodafone.es/particulares/internet/

58

Advanced Services

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

59

Dynamic Personalized Services


Enhanced Quality of Experience
Industrys First Subscriber and/or Application-Driven Solution
Pull: Enhanced Experience Is Subscriber-Driven

Turbo Button SelfCare Parental Control

IP/TV/ VoD

Broadband Gaming Access

Control Bus
Application Awareness

Voice

Messaging

Music

Push: Enhanced Experience Is Application-Driven


Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

60

Service Creation

SCEs Rich Service Creation Environment Rich Service-Creation Environment


Application-based control on a per-subscriber basis Integrates with AAA, policy-server to deliver personalized broadband experience

Personalized Subscription Service Examples


Parental Controls and Content Filtering: Set Internet controls for children, including blocking access and imposing time limits on online use Bandwidth-On-Demand (Turbo Button): A turbo button to boost bandwidth for a set or undetermined period of time, or for the life of a specific application

Allowance-Based Subscription Services: Choose volume or time-based quotas for a set period of time as referred to as prepaid service
Copyright Infringement: Validate that content distributed does not infringe copyrights.

Advertisement Insertion: Perform local advertisement insertions. Security Services: Network-based security services to protect subscribers from attacks or mitigate risks associated with attacks emanating from the subscriber.
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

61

Self-Subscription Service
Via Personalized Web Portal

Enable Zero-Touch Provisioning, for Full Self-Service Account Setup

Enable Customers to Self-Select and Modify Services and Features

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

62

Personalized Subscriber Management:


Self Service Selection Example Personalization via Self Selection

Simplifies the end user experience

Personalize per user including self- subscription and account refresh, e.g., new consumer service activation
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

63

Bandwidth-On-Demand
Meeting Subscriber Needs on Demand

Turbo Button
Subscribers Who May Have a Standard Lower-Speed Internet Service May Visit a Web Page on the Providers Site and Click on a Turbo Button to Boost Their Bandwidth for a Set Period of Time or to Leave the Button Engaged Until They Return and Deselect It

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

64

Personalized Services
Self Provisioned

Quota Management

Turbo (Bandwidth on Demand) Application Prioritization Reporting/Monitori ng

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

65

Personalized Reporting
Self Managed

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

66

Parental Controls
Parental Controls and Content Filtering

Getting Involved in Your Childs Experience

Adults Can Access a Web Portal and Set Internet Controls for Children, Including Blocking Access to Certain Types of Websites, and Imposing Time Limits on Online Access

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

67

Example: Content Tiering - Kids Broadband


Application and Content based access control with white-lists / blacklists
Limits access to pre-defined web-sites

Internet

Limit access to pre-approved applications


http redirect to portal

Real-time policy change

Benefits
Customer loyalty and stickiness Revenue opportunity through content provider partnership
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Content Blocked!

Click here to unlock all Internet sites.

68

URL Filtering With External DB


On Device URL Filtering with External Database Integration
Enhance SCE URL classification with external party databases
Return URL Classification URL Not in Cache!!!

3rd Party URL Database


CacheLookup Update

External database size not constrained by SCE SCE on-board cache reduces transaction to external db Java based API Can be used with commercial parental control systems or proprietary databases Current integration is with Websense & Adaptive Mobile

URL Query RDR

Subscriber-Package

HTTP

DEFAULT
Block-none Block-all Block-and-slow ALLOW ALLOW ALLOW

HTTP List ID 1 ALLOW BLOCK BLOCK

HTTP List ID 2 ALLOW BLOCK RATE 64kbps


69

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Parental Control and Content Filtering


Example
Content Filtering

Page Blocked! Forbidden Content Detected

Subscriber-managed parental control

Basic website blacklisting provided free of charge


Comprehensive filtering and security for a small monthly subscription
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

70

BetterAds

Browsing habits
Geo-location Demographics

ISP

Advertiser

Publisher

Consumer

SPs participating in the advertising value chain


Leveraging their intimacy with their customer base for enabling enhanced targeting
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

71

BetterAds: Cisco SCE Targeted Advertising Solution


SPs to participating in the advertising value chain
Increase ARPU through a revenue sharing model Addressing privacy concerns through advanced Opt-in / Opt-out mechanisms

Initially focusing on behavioral targeting


Next step would be to add demographic targeting

Good for all access types: DSL, Cable, Mobile, WiFi Value-add on top of the SCEs product offering

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

72

BetterAds - Behavioral Targeted Advertizing


Arsenal of tools for Behavioral Targeted Advertizing
Traffic mirroring sending to a 3rd party server a copy of selected HTTP traffic using VLAN marking

Reporting HTTP click-stream info in RDR records and Anonyimizing the subscriber details in RDRs records
Enhanced HTTP redirect - additional parameters in the redirected message for inserting interstitials in WiFi

Behavioral Targeting through Traffic Mirroring


Alice: automotive, stock trading, PDAs Bob: cookware, online gaming, baby outfit..

Profiling servers process traffic, extract relevant attributes and compose subscriber profiles

SCE mirrors relevant traffic to profiling servers

1
Presentation_ID

Subscribers browse web


Cisco Confidential

2007 Cisco Systems, Inc. All rights reserved.

73

Infringing / Non-Infringing
P2P Identification
Classifying P2P content into infringing / non-infringing Identifying and reporting infringing material per the SPs policy Using the detection and blocking to up-sell a legal copy of the original request or a subscription to the SPs Content store Using the information to de-prioritize or control infringing material

SCE extracts file hash and consults DB

HASH DB

DB responds with file classification: Infringing / legal

Subscriber

Network

1
Presentation_ID

Subscriber initiates P2P file request


2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

SCE acts based on file classification - Lets request pass for legal file - Block / redirect / rate-limit for infringing file
74

Traffic Diversion To OTT Video Service


SCE analyzes and redirects OTT traffic to the caching server
Increase in demand for OTT Other OTT

SCE
P2P OTT VoIP

Cache delivers more bandwidth to end-users using existing network resources Cache relieves network peering load while improving QoE

SCE redirects OTT traffic

Cache delivers requested files

OTT Video Cache

Benefits: Saves on peering bandwidth Clears network congestion Increases user satisfaction

Best user experience OTT content is delivered from within the network, close as possible to the user
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

75

Service Security Challenges


Key challenges:
Open access: SP cannot apply restriction on usage (e.g. block certain port numbers) No mandatory security tools: end-users may not have any security protection
End-users are not educated on security best practices, New triple-play services increase potential threat (i.e. VoIP viruses, EPG hacking, etc.)

Affect on SP business:
Increased cost for carrier from network management and downtime Subscriber churn and customer support costs

Ability to Identify and Mitigate Attacks Emanating from Its Own Users
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

76

Service Security Protection


Mitigates security threats in the open broadband network
DoS: DoS attacks from subscribers
Email Servers

Spam: Spam activity from botnets or malicious users Worms: Worm infections and propagation attempts

Internet Service Control

Three-tier solution; uses a combination of anomaly detection and signature matching to:
Identify: Threat using stateful traffic processing and alert SP operations Protect: Block/mitigate threat based on configured policy

Notify: Quarantine subscriber and notify of security risk

Dear Valued Subscriber: We are advising you that your PC may have become infected with an "email zombie" generating spam mail and could potentially cause additional security issues for you. Click here for technical assistance: www.technicalsupport.com.

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

77

Service Security Protection


Value to the Service Provider

Reduce Administrative Costs During Outbreaks Limit Subscriber Infection to Reduce Call Center Load

Increase Customer Loyalty and Reduce Churn Upsell Opportunity of Security Add-on Services Saving on Network Bandwidth

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

78

Virus and Malware Protection


Remove Malware Destined to Users
User 1 1 Carrier Ethernet MPLS/IP 2 SCE Outbound Traffic Inbound Traffic 4 3

Internet

Traffic Blocked

VAS Server

1 Subscriber 1 attempts to retrieve e-mail from a mail server or download file from Website or Peer application

2 The SCE identifies subscriber traffic flows matches Virus Protection Package
3 The VAS server receives traffic from the SCE with a VLAN tag used in communication between User 1 and the server 4 The server transmits the file, which contains a virus or other malware. VAS will detect the embedded malware and drop remaining packets so file isnt loaded on user machine

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

79

Network Insertion and Configuration

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

80

Network Insertion Point


Network

Typical insertion point - Broadband Edge/Aggregation


Directly after subscriber-aggregator (B-RAS/CMTS, Retail-LNS)

Aggregation point further down the network edge


Support for inline (active) and receive-only (monitoring) configurations

Issues to consider:
Traffic visibility (engine must see all traffic it needs to control)

Network interfaces Split-flow Network redundancy


IP/Tunneling environment
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

81

Insertion Concept

SCE is a Bump-on-a-Wire
P/D/R Analysis Engine
Police/Drop/ Rewrite Actions

P/D/R

Stateful Analysis Engine with application awareness sees all packets in both directions The SCE Analysis Engine implements Business Rules via Dynamic Control Policy on a subscriber basis (ex. rate policing, packet drop or header rewrite actions) Packets are not routed or switched; packets from a subscriber interface always go to the corresponding network interface, and vice-versa
82

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Inline and Receive-Only Configurations


Non-Intrusive and Stealthy
Receive-only configuration
Using Optical Splitters/Port-Span
Traffic monitoring only
o.splitter o.splitter

Inline configuration
Engine installed in data-path Monitor and control traffic
Subscribers Network

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

83

High Availability
Cascading Configurations Addressing split -flows between the two links
Providing 1+1 Active-Standby failover
Slave forwards all traffic to Master for processing Master updates Slave with subscriber policy / state information

Roles switch on failure of Master The two SCEs must have an identical configuration
Master Active Link

Active Link

Slave

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

84

Redundant Configurations
Active/Standby Schemes 1+0
Active/Standby; SCE on active link
On failure network uses alternate path No service redundancy Bypass config: Fail opened
Standby Link

1+1
Active/Standby; SCE on each link

Active Link

On failure network uses alternate path


Standby SCE resumes service Bypass config: Fail opened
Standby Link

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

85

Optical Bypass
The SCE can be inserted through optical bypass modules

For the SCE8000, the Optical Bypass Modules are activated in the following cases
In case of a major failure in the SCE SW or HW Manually via CLI On boot
Default bypass state (no power) None default bypass state
Optical Bypass

0/0

SCE8000

1/0

2/0

3/0

Optical Bypass

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

86

MGSCP Cluster Insertion N+1 SCEs


Very cost-effective DPI processing of 10s and 100s Gbps of traffic

Scalability buy as you grow approach (add SCE as needed) for scaling up to 240Gbps with 8 30Gbps SCE8000s
High Availability Provides N+1 device-level high availability addressing ALL failure scenarios Technical concept
7600 dispatches the flows to a unique port served by a SCE The SCE performs DPI functionality and returns the packets to the original data path All the flows of the subscriber are dispatched to the same SCE for maintaining flow & subscriber states

Internet
Flows N+1 Return Flows

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

87

Network Architectures

SCEs Open & Extensible Architecture

Accounting, Policy Control

DSL/Fiber

1+1 HA BRAS/ LAC LNS


N+1

Internet

Mobile
Bypass HAs

GGSN

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

88

Tunneling Environment
SCE Supports Tunneled IP Traffic
Supports Various Packet Encapsulation or Tunneling Techniques including: VLAN 802.1q Tagging MPLS Traffic Engineering L2TP Tunneling

IP-in-IP Tunneling GRE & GTP planned for end of 2009

ppp..
IP

l2tp, mpls
IP

l2tp, mpls
IP

TCP
Payload

TCP
Payload

TCP
Payload

Packet Inspection

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

89

Management and Integration

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

90

What does an SCE solution look like?


SCE sits at the access or aggregation layer

Policy Server/Portal Billing

Service Portal

AAA DHCP Radius

Collection Manager

Reporting Engage Tool Console

Subscriber Manager

Network

Subscribers

Service Control Engine

Modular Solution: Includes SCE Devices, Management Tools and Integration APIs
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

91

Management and Integrations

Network Management

Policy/Service Configuration

Subscriber Management

Data Collection

Description

FCAPS

Definition of Policies and Dissemination to SE Devices SCA-API

Dynamic Collection of Management of Usage Data for Subscriber Reporting and Contexts Billing SM API NetFlow v9

Protocols and Tools

SNMP, CLI, SSH

GUI, Scripts
XML

RADIUS

RDR-Protocol

External Software Modules

N/A

Service Control Application Suite GUI

Subscriber Manager

Collection Manager

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

92

Network Management (FCAPS)


SNMP (v2) MIB-II Proprietary SE MIB
Link throughput Flows statistics Subscriber statistics Device performance RDR statistics

CLI Telenet/SSH Cisco look and feel CLI Configuration wizard

Traps
MIB-II traps RDR-link up/down Link status up/down

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

93

Management - Network Navigator


Single Interface to Manage All Solution Components
Group devices into sites

SCE, CM, SM, database Batch management of devices/sites


Apply configuration

Update signatures Update software Common management operations


View device status Retrieve log

Activate/bypass

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

94

Signature Editor
Customer defined signatures

GUI based Rich signature language

Multi-packet, Bi-Directional Patterns, Binary Characters, String-Match, HTTP User-Agent, HTTP X-Header

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

95

Integrated Reporter
Integrated Java-based reporting tool Works with Oracle, MySQL or Sybase CM backend
Context sensitive Drill down between reports and configuration

INTERACTIVE: Click on Top Subscriber to Activate Subscriber Real-Time Report

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

96

Service Security Dashboard


Integrated console to manage service security functionality
View/load/edit signatures Configuration identification thresholds
Setup mitigation actions View reports

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

97

Subscriber Management
Cisco Subscriber Manager (SM) serves as integration point Subscriber-aware solutions

Manages Subscriber-Contexts Subscriber-ID: ID of subscriber-context Network-ID: IP addresses used to map traffic to context Policy-ID: ID of policy (package) defining rules Subscriber-Quotas: set/add/read usage quota buckets Integration into back-office/AAA RADIUS AAA DHCP servers Policy Control Systems
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

98

Subscriber Manager Roles


Abstracts SCE device network layoutsingle point of integration Persists subscriber policies across logins Push and pull mode
Push: Login messages sent directly to relevant SCE device Pull: SCE device queries SM for mapping of IP addresses

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

99

Subscriber Manager
Radius Integration - Push

1
(RADIUS) ACCT Start Username=Joe Framed-IP-Address=1.2.3.4

Radius

2
(RADIUS RELAY) ACCT Start Username=Joe Framed-IP-Address=1.2.3.4 SCE-VAS-PID=12

Cisco Subscriber Manager

Event Manager

Radius

Internal SDB SCE device Controller

(SM-API) Set Subscriber (Joe,1.2.3.4, 12)

SUBSCRIBERS

NETWORK

B-RAS

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

100

Subscriber Manager
Radius Integration - Pull

1
(RADIUS) ACCT Start Username=Joe Framed-IP-Address=1.2.3.4

Radius

2
(RADIUS RELAY) ACCT Start Username=Joe Framed-IP-Address=1.2.3.4 SCE-VAS-PID=12

Cisco Subscriber Manager

Event Manager

Radius

Internal SDB

Who is using IP 1.2.3.4?

SCE device Controller

(SM-API) Set Subscriber (Joe,1.2.3.4, 12)

SUBSCRIBERS

NETWORK

B-RAS

Traffic from joe (IP 1.2.3.4)

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

101

Radius Integration
LEGs translation in Brief
RADIUS LEGs
Login
Subscriber ID
Domain

RADIUS attributes
User-Name

Mappings SCE-Sniffer RADIUS LEG RADIUS Listener LEG


Lease time

NAS-Identifier
Framed-IP-Address

Policy

Vendor-Specific

Logout
Subscriber ID

DHCP LEGs

Mappings

SM

DHCP lease query LEG

SCE-Sniffer DHCP LEG

CNR LEG

DHCP
yiaddr, chaddr, ciaddr
Options Relay-agent-information-remote-ID (82:2), lease-time (51), vendor-specific (43), message-type (53)
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

102

Policy Server Integration


API Overview

SCA BB exposes several APIs for external utilities

The following APIs available for integration:


SCE API allows direct Subscriber Management with the SCE (provided in Java)

SM API allows dynamic Subscriber management (provided in C, Java). SCE MIB allows integration for maintenance operation.
RDRs allows integration for billing/quota provisioning issues. NetFlow v9 - allows integration for billing/quota provisioning cases.

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

103

Policy Servers Integration


Topology Example
SCMS SM is responsible for mapping Network ID to Subscriber ID, with one or more policy servers.
Subscriber Manager Policy Server

The number of policy servers depends on whether the SM is used for policy profile provisioning in addition to the network ID:

API

API

SCE

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

104

PCEF - Subscriber Policy Enforcement


SCE acting as a 3GPPP PCEF
VoIP Video

Applying per user policies (e.g.


Subscriber Service Control
Applications and Services

5
Converged Packet Core

4 1
GGSN PCEF / SCE

bandwidth control, VoIP detection, etc.) after requesting the subscribers profile from a PCRF / Policy Server
Communication with the PCRF

Internet

through a standard Gx interface

Access, Aggregation and Service Control

* The Gx interface is still under development and will be available in a future release
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

105

Gx Interface And Radius VSAs


SCE supports policy provisioning via the Gx interface over Diameter
SCE policy attributes that can be provisioned include package-ID, subscriber-monitor, upstream-virtual-link and downstream-virtual-link

3GPP Subscriber Attributes can be provisioned to the SCE by the PCRF over the SCE API and included in SCE outgoing Gx/Gy messages
Attributes supported include: Called-Station-Id 3GPP-SGSN-IP-Address 3GPP-SGSN-MCC-MNC 3GPP-GPRS-Negotiated-QoS-Profile 3GPP-Charging-Characteristics

* The Gx interface is still under development and will be available in a future release
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

106

Collection Manager
Analysis and data processing functions of the SCE result in the generation of NetFlow v9 records and Raw Data Records (RDRs)

NetFlow v9 Records sent to external NetFlow Collector RDRs are sent to Collection Manager for processing
Cisco Bundled Collection Manager Third party database

Configurable data granularity


Interval between RDRs

Sample rates

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

107

Collection Manager
RDR Protocol
Usage Data streamed from device using RDR Protocol

TCP, binary encoded Support for multiple destination, failover, subscriptions


RDR-Protocol integrated directly into 3rd party systems Policy-Control, Mediation, Home grown customer
RDR Protocol

TCP RDR Stream RDR RDR RDR RDR RDR

Mediation Collection Platform

RDR
Presentation_ID

Header

Field 0

Field 1

Field n
108

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

Collection Manager
NetFlow v9 Export
NetFlow Export v9 to support L7 report records
Regulatory bodies extended protocol to include L7 fields as part of Cisco pre-standard SCE supports new extensions
SCMS Reporter NetFlow Reporter

Records equivalent to existing RDR groups


Subscriber Usage (NUR) Package Usage (PUR) Link Usage (LUR)
SCMS Collection Manager NetFlow Collector

Format supported by various NetFlow collectors including Cisco NFC 6.0


Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

109

Collection Manager
Software Overview
CM-Software Unix (Solaris, Linux) Java software Collection software stores data in any JDBC compliant database (Oracle, MySQL, Sybase) Template-driven reporting tool (100+ report templates)

CM-Bundle Cisco provides collection software pre-packaged with a DB (Sybase) Template-driven reporting tool (100+ report templates)

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

110

ToS Marking
ToS Marking decoupled from the queuing mechanism. Provides a simplified GUI configuration based on 7 selective DSCP values. Once an application was classified, the SCE ToS Marking capability provides the ability to mark traffic :
Per Package Per Service Per Direction (aka Upstream / Downstream)
Browsing P2P VoIP
Downstream Flows Upstream Flows

Subscriber Side
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

Network Side

Network
111

ToS Classification
SCE provides traffic classification based no ToS bits

ToS based classification assumes that DSCP or IPPrecedence have been set by another element in the network. The main goal of this functionality is to classify the traffic based on this ToS marking, and provide the appropriate service level accordingly.
DSCP-based classification takes precedence over other classification methods (signatures, etc), and is based on the Flavor mechanism.

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

112

Summary

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

113

Cisco SCE Sample Customers


Mobile Mobile

Cable

Cable

DSL

DSL

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

114

Advertising
UK DSL provider Phorm Italian DSL provider Feeva CTT / China Mobile Adzilla Korean Telecom Local China Local Italy

Policy & Billing Camiant ONO Openet Rogers YouSee Mediation T-Malaysia HP T-Mobile T-Mobile Broadhop Vodafone TV Cabo Bridgewater KDG C&W FTS

Security & Content Filtering


Vodacom Aladdin Cable & Wireless Websense Watanya Adaptive Mobile NTT
Presentation_ID 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential

URL Black-listing

NTT Websense Cable & Wireless In platform Cache Tiscali

115

Content Infringement
European Audible Magic Legislators Advestigo Altnet providers Content Initial POCs

Management Reporting Telecom Proxy Italia Business Objectives CYTA Comability Aqsacom Info Vista

Flash / Caching Video Various Oversi European and Asian CDS Operators

Data Warehousing

Orange Objects Business T-Mobile Oracle Telenet

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

116

Presentation_ID

2007 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

117