Cisco Intelligent Services Gateway (ISG)

Cisco Intelligent Services Gateway

  • Viewing Options

  • PDF (147.1 KB)
  • Feedback

Product Bulletin No. 3285


Service providers see growing demand for more access bandwidth to more subscribers, but increased profitability is difficult to achieve without increasing service value to customers. Market, technical, and competitive pressures are triggering large capital investments in delivering video and triple-play services. In order to successfully deliver a triple-play service bundle, the service provider must have a network that is truly "session aware" - without restrictions on media, access technology, or protocols. The network must dynamically identify the subscribers, track their actions, and apply policies to govern quality of service (QoS) and security; as well as provide complete accounting on each session.
Cisco ® Intelligent Services Gateway (ISG) is the next-generation policy and subscriber management solution to deliver dynamic session awareness. Cisco ISG supports IP, Ethernet, ATM, Multiprotocol Label Switching (MPLS), and VPN architectures, whether the business model is for retail, wholesale, or business services. Cisco ISG allows for zero-touch provisioning, and provides the per-flow granularity and dynamic control required for triple-play services. Unlike some competitive offerings, Cisco ISG is standards-based for multivendor deployment. With RADIUS Change of Authorization (RFC 3576), subscriber profiles can be changed dynamically based on user self-management (through a Web portal) or through an OSS process. Network utilization improves because per-subscriber bandwidth needs are managed dynamically, increasing customer satisfaction. Cisco ISG can also coexist with fixed-line networks managed by Cisco CNS Subscriber Edge Services Manager (SESM) and Cisco Service Selection Gateway (SSG), simplifying service extensions and migration from Cisco SSG to Cisco ISG deployments.
Cisco ISG is a software feature set available in Cisco IOS ® Software Release 12.2(28)SB for the Cisco 10000 Series, 7200 Series, and 7301 Routers. Cisco ISG takes advantage of Cisco IOS routing capabilities to provide uplink redundancy, load-balancing, and MPLS integration. Cisco ISG is highly scalable, with consistent performance regardless of the features used. It can define and enforce local policy embedded directly in the network, or interact with centralized policy-management systems. Its integral role within the Cisco IP Next-Generation Network (NGN) Service Exchange Framework helps create consistent services in a highly flexible way.
Table 1 lists the features available with Cisco Intelligent Services Gateway.


Table 1. Features Table



Dynamically adjustable user profiles

Cisco ISG monitors all sessions for events and triggers the appropriate action based on programmable and downloadable rules. It enables services such as pre-paid, post-paid, bandwidth-on-demand, and more.

Imbedded Policy Manager functions

Cisco ISG can act as a local policy manager or work with a centralized application to create a truly comprehensive solution. It provides policy management functions natively. Rules to manage specific events can be delegated to Cisco ISG and distributed in the network, rather than tracked centrally. Onboard capabilities provide greater network scale and reliability.

PPP sessions

Deliver complete services dynamically for PPP users, including dynamic QoS.

IP sessions

Create next-generation environments with full session control and troubleshooting capabilities without PPP. Ease migration from PPP to IP sessions with unified user interfaces. Deliver complete services dynamically for IP session access and provide per-session policing. Available now on the Cisco 7200 Series and 7301 Routers. Available on the Cisco 10000 Series in a future Cisco IOS Software release.

DHCP-aware policies

Link IP sessions, address pools, and physical port information to the service for security, wholesaling, and accounting of individual traffic flows. DHCP indicates session start. DHCP Option 82 is supported to identify the user in a secure manner.


Cisco ISG dynamically links subscribers to MPLS VPNs; it operates on L2TP Network Server (LNS) for integration into wholesale models.

Zero-touch provisioning

Service profiles are automatically downloaded to eliminate complex provisioning. OpEx is lowered as the network scales.

Transparent auto logon

Enable easy, transparent service access for IP session users with higher levels of security and accounting.

Open interfaces to policy management systems

The open, standards-based Cisco architecture is proven with subscriber management solutions from partners such as BroadHop Service Management Engine (SME) as well as Cisco products such as Cisco Broadband Policy Manager.

Prepaid and postpaid services

Encourage migration from dial-up to broadband. Create "pay-as-you go" offerings to reach more market segments with lower OpEx.

Tariff switching for prepaid and post paid services

When billing rates vary at fixed times, sessions may be active across the boundary at which the rates change. Cisco ISG automatically manages the changes in accounting data with the change in tariffs to improve billing accuracy and improve customer satisfaction.

Multiple services, multiple flows per subscriber

For complete control over triple-play services, unique streams can be managed and monitored for each subscriber, as well as on an aggregate basis to preserve service integrity with oversubscription.

MPLS and VRF awareness

Dynamically assign Virtual Route Forwarding (VRF) to map sessions to MPLS VPNs. Enable wholesale models, lower OpEx, and create new services on a converged MPLS core.

Dynamic VPN selection

Use a service in one VPN and then switch to a service that belongs in a different VPN without interrupting the user experience.

Flexible, feature-rich identity and authorization

Identify sessions and flows from a range of attributes for better service control, more accurate accounting, and enhanced customer service.

Granular, flexible accounting

Per-session and per-service accounting, QoS accounting, prepaid (volume), and prepaid (time-based) billing help generate more revenue, more accurate billing, and faster reconciliation.


Idle timeout and session timeouts facilitate accurate accounting and better security.

Push and pull models

Events that create or change services can be invoked from the network (pulled) or from centralized applications (pushed) to create the most flexible and cost-effective service delivery architecture. Policies for session bandwidth, security, and accounting can be pushed dynamically in real time while session is still active.

Change Of Authorization

Standard-based "push" of new service policy attributes from central server is available at any time during the session. Uses standard RADIUS and standard (RFC 3576) Change Of Authorization (CoA) for easy integration with existing OSS infrastructure (AAA servers) and rapid development of new services, and creates new services and revenue opportunity for triple-play services. Allows you to manage bandwidth dynamically for lower OpEx with higher customer satisfaction.

Layer 4 redirect for Web-based authentication

Automatically direct users to a Web portal for authentication and service selection.

Conditional debugging

Debugging based on any subscriber, service, or any other identifier helps speed trouble resolution, reduce OpEx, and improve customer satisfaction.

High scalability

High-performance design scales to 32,000 sessions with the Performance Routing Engine 2 (PRE-2) and up to 40,000 sessions with PRE-3 on the Cisco 10000 Series. The Cisco 7200 Series and Cisco 7301 scale from 4000 to 8000 sessions. Performance can vary depending on the configuration.


Customers that are currently using Cisco Service Selection Gateway (SSG) can upgrade to Cisco ISG for no additional charge. Most existing services that use Cisco SSG are supported by Cisco ISG. See Cisco product documentation for details on configuration changes needed for migration from Cisco SSG to Cisco ISG.


Cisco ISG is available on Cisco IOS Software Release 12.2(28)SB or later. Cisco ISG is supported on the Cisco 10000 Series, 7200 Series, and 7301 Routers.


Cisco Systems ® requires the purchase of a Broadband Aggregation feature license for all deployments that exceed 1000 subscribers for the Cisco 7200 Series and Cisco 7301 Routers, or 8000 subscribers on the Cisco 10000 Series Routers. For deployments with fewer subscribers, a license is not needed. To use Cisco ISG, Cisco requires the purchase of the ISG feature license in addition to the Broadband Aggregation feature license.

Table 2. Ordering Information for Cisco ISG

Part Number



ISG Feature License for Cisco 7200 Series Routers


ISG Feature License for Cisco 7301 Router


ISG Feature License for Cisco 10000 Series Routers


For more information about the Cisco ISG or the Cisco 10000 Series Routers, visit or contact your local account representative.