Guest

Cisco Intelligent Services Gateway (ISG)

Cisco Intelligent Services Gateway Overview

  • Viewing Options

  • PDF (92.9 KB)
  • Feedback
Solution Overview

Executive Summary

Worldwide broadband subscription continues to grow at a very rapid pace 1 as service providers worldwide deploy the technology to provide cost-effective Internet access to both residential and business customers.
However, it has become evident that service providers need to grow out of their current position as a simple access supplier that connects subscribers to value-added services offered by third-party content providers. Service providers need tools that allow them to take advantage of their incumbency and customer proximity in order to generate additional sources of revenue. A variety of new services, ranging from bandwidth-on-demand or voice over IP (VoIP) to IPTV, holds the promise to significantly increase average revenue per user (ARPU) for service providers, dramatically increasing their competitive standing against emerging challengers.
However, the rollout of these services poses daunting technical and economic challenges to service providers, because many service offerings require significant initial investments in overlay network architectures and operationally complex out-of-network service delivery platforms. Cisco ® Intelligent Services Gateway (ISG) can help transform today's broadband infrastructure into an agile and highly scalable service-delivery architecture based on the "pay-as-you-grow" principle. Moreover, it protects service providers' investment in their current broadband infrastructure. Cisco ISG dramatically accelerates the delivery of new services while minimizing initial investment.
Cisco ISG is an integral, highly modular component of Cisco IOS ® Software. It can act as a network-based, self-contained policy management and enforcement system, or interoperate with external service control systems using an array of open protocols. Cisco ISG is one of the components of the Cisco Service Exchange Framework, which empowers the transition from service provider to experience provider, and thus helps service providers evolve from their current position of incumbency into service dominance.

Challenges in Today's Broadband Networks

As service providers prepare to exploit their broadband infrastructure as a key competitive tool to offer new services, enter new markets, and increase ARPU, they face several challenges.
The first challenge encompasses the race for speed and for reach, because both are required to reach a larger customer base with increasingly bandwidth-intensive services. However, simply delivering higher speeds to broadband subscribers with technologies such as very-high-bit-rate DSL (VDSL) or fiber to the x (FTTx) is not sufficient to lock in long-term revenue streams. New services need to be successfully rolled out. To achieve that, service providers have to overcome the challenges and costs associated with delivering an on-demand, service-enabled network. Starting with service enablement in a broadband network, every phase of service delivery involves enormous costs and introduces additional challenges to the viability of selling individual services to broadband subscribers. These challenges include service creation, subscription solicitation, ease of subscription, on-demand network provisioning, maintaining and enforcing service-level agreements (SLAs), as well as billing.
The services that can be rolled out include, but are not limited to:

• VoIP phone service

• Bandwidth on demand

• IPTV

• Video on demand (VoD)

• Content filtering (parental controls)

• Home remote monitoring and control system

• Enterprise telecommuting service with security

• Virus detection and control

• Gaming services

Service Differentiation with Network Provisioning

Though some of these services listed could conceivably be delivered over broadband networks as best-effort services, a more robust service-delivery architecture is required to offer reliable, dependable services for which subscribers would consider incremental spending.
While VoIP is currently spreading as a best-effort-based service without any special network provisioning from network providers, this approach has limitations when it comes to replacing traditional voice services. For instance, SLAs for voice quality and calls to emergency hotlines cannot be delivered without a proper network provisioning for the service. Unlike today's best-effort-based VoIP service, a quality-assured phone service or a real-time videoconference (or video phone) requires an on-demand, service-enabled broadband network.
Recent partnerships between video content providers and wired and wireless technology providers are a strong indication that IPTV and VoD services over broadband networks are about to ignite rapid changes in the service-delivery infrastructure. Though an on-demand video download is quite feasible with just high-speed broadband, a real-time video is not feasible without service providers providing bandwidth provisioning and stricter SLA enforcement.

Service Advertisement, Subscription, Provisioning, and Accounting

In addition to creating new services, an equally challenging task for service providers includes advertising these new services, accepting new subscriptions, provisioning networks on demand, and billing for those services. Economic viability of offering new services can be seriously impacted if these challenges are not addressed properly. Manual subscription and network provisioning on an individual subscriber basis can be very expensive and does not scale. A sustainable, automated process has to be adopted to address these functions in a service-independent manner.

Tailored Services

Not all services can be delivered to every user, every location, and to every client device. Applications or services that can be delivered to individual subscribers need to be optimized to the access media (for example, DSL, Metro Ethernet, Wi-Fi, etc.) and the access device subscribers are using. Intelligence on the subscriber identity, location, and device are essential to offering appropriate, applicable services. An access-independent broadband network with identity awareness can intelligently provide appropriate services to individual subscribers based on their identity, location, access type, and device type.

Service Reliability

Among the important factors that influence subscribers in paying for and subscribing to broadband services are dependability and reliability. Subscribers will require highly reliable, dependable service delivery from service providers to convince them to accept and subscribe to the new service offerings. It is important for service providers to factor these into their broadband deployment decisions.

Secured Access

Security is of paramount concern among subscribers as well as service providers when considering broadband services. Subscribers are concerned about sensitive personal information being transmitted over the Internet and public access network. Service providers should seriously plan on deploying secured access and secured service delivery. Enterprise telecommuters should be able to connect to their enterprises through secured channels to run their business applications.

Virus Protection and Spam Control

It is quite common that computer viruses pass from subscriber to subscriber through e-mails, Web downloads, and even unsolicited connections. Some subscribers unknowingly pass these viruses to other subscribers on the network. Service providers often track such infections but find it expensive to inform and help subscribers to disinfect their machines. E-mail notifications to subscribers are often ignored, causing the problem to worsen as those infected subscribers pass on the virus to others on the network. Similar problems exist with those subscribers that knowingly generate spam that impacts other users on the network.

Access Independence and Service Convergence

Broadband mobility should be an important consideration going forward as more and more subscribers are using laptops and mobile computing devices such as personal digital assistants (PDAs) for online access. To retain customers to their broadband service regardless of access location, service providers are either deploying or partnering to provide broadband in both wired and wireless environments as well as at home or on the road. The broadband-aggregation platform is becoming the convergence point for service aggregation and subscriber identification, authentication, and accounting. In the near future, seamless connectivity and real-time service delivery while roaming will be an important consideration for broadband networks.

Investment Protection

As new innovations continue and new standards emerge, more scalable, reliable software and hardware solutions are being developed by network equipment vendors. It is important for the existing network to be flexible and capable of incorporating these innovations and new open standards for service provisioning and delivery.

Cisco Intelligent Service Gateway

As a market leader in broadband aggregation, Cisco Systems ® recognizes the strategic importance of service delivery in broadband networks as essential for service providers' profit growth. Cisco understands the challenge of reducing provisioning and operational costs so as to deliver revenue-generating, value-add services to subscribers. More than eight years of experience in deploying large service-oriented broadband networks with Cisco IOS Service Selection Gateway (SSG) have provided deep insights that help address the issues impacting service creation, delivery, and intelligent policies to manage these services.
Cisco ISG is an integral, highly modular component of Cisco IOS Software, designed to accelerate and scale the delivery of value-add services to broadband subscribers. Cisco ISG offers service providers an opportunity to provision their network and deliver services with intelligent policies. Intelligent policies can be defined and triggered to deliver services based on the identity of subscribers or any events that occur during the session lifecycle, and can be implemented with both distributed and centralized implementation models, allowing for maximum operational flexibility.
Cisco ISG can also greatly ease troubleshooting and debugging in broadband aggregation networks by conditionally monitoring designated flows. This technology can also be used for easy, scalable implementation of lawful intercept applications.

Dynamic Policy Control with Cisco ISG

Cisco ISG introduces a radically innovative approach to intelligent service delivery in broadband networks. It provides a clean separation between business-level policy planning, event-driven policy decisions, and fair policy enforcement at the network layer. Cisco ISG can make decentralized policy decisions based on locally configured triggers, and optimally enforce policies while assuring available network resources are fairly distributed among active subscribers and services. Cisco ISG also smoothly integrates with other policy decisions points (such as the Cisco Broadband Policy Manager) using open, standard interfaces. The collaborative, open, and flexible policy management allows for the best possible implementation on a per-service basis. Mature, well-understood services that need to quickly and massively scale can be implemented within the highly scalable, self-contained Cisco ISG framework without burdening a centralized policy server, while new services can be rolled out with the tighter control made possible by a centralized model. The Cisco ISG architecture is uniquely suited to support sophisticated policies that can be dynamically applied to sessions, thus enabling service establishment in an access-independent manner.
Conditional policies (conditioned upon a network event or time of day or session identity) can be defined, triggered, and enforced dynamically at every stage of the session lifecycle without restarting a session. The duration of policy enforcement can be defined and its expiration can trigger another policy. For example, a new QoS policy can be enforced dynamically on an existing session without any service interruption.

Cisco ISG Multidimensional Identifier

Another important concept that Cisco ISG introduces is the way it identifies sessions. Cisco ISG acquires various session-identity attributes during different stages of a session lifecycle and builds a composite multidimensional identifier for every session which includes a varied, easily extensible list of attributes:

• MAC

• DHCP Option 82

• VLAN ID

• Virtual Route Forwarding (VRF) ID

• Calling line ID (CLID)

• Source IP

• Port Bundle Host Key (PBHK)

• NAS port

• Session ID

• Ascend Server Key

• GUI ID

• Domain name

• Username

These attributes will help service providers to deliver tailored services to subscribers based on their identity, location, or the device used to access the network. This full range of identification options allows for a rich set of policies that can implement flow redirection, authentication, authorization, and accounting; allow for competitive advantages through increased customer intimacy; and greatly increase network security.

Implementing Intelligent Services with Cisco ISG

Cisco ISG allows for quick implementation of a variety of new services. The following sections provide an overview of some services that Cisco ISG is already delivering in current service provider infrastructures.

Any Access, One Network

With current support for DSL and Ethernet access technologies and support for cable and wireless accesses on the horizon, Cisco ISG will play the important role of converged subscriber aggregation point. Service providers can unify their subscriber edge networks to converge their subscriber access, using Cisco ISG as a single place to authenticate subscribers and offer consistent services at home or on road. Operational costs are greatly reduced with one data store for subscriber information and accounting.

Figure 1

Cisco ISG in a Broadband Network Gateway

Captive Portal and User Containment

Cisco ISG implements a very flexible session-redirection mechanism called Layer 4 redirect that can selectively redirect individual sessions or flows to selected destinations. An important use of this kind of flow redirection is to redirect unauthenticated sessions to portals. Subscribers can optionally be forced to a Web portal for interactive authentication and then admitted to authorized services. During this authentication process, portals can also be used for service advertisement and solicitation for subscriptions. Layer 4 redirect is also capable of periodic redirection and captivation of flows to facilitate periodic advertisement.
Another emerging use of redirection is to contain virus-infected subscribers in a captive portal or a "walled garden." Within that walled garden, subscribers have an opportunity to disinfect their client devices with provided software patches or links on the portal.

Turbo Button (Bandwidth on Demand)

One of the popular applications for bandwidth on demand is the "turbo button" service. With Cisco ISG providing build-in policy enforcement and session control over QoS parameters, service providers can offer temporary on-demand bandwidth upgrades to their subscribers (for the duration of the session or service). Subscribers, when using an application requiring higher bandwidth (for example, downloading a movie), can choose to temporarily upgrade the bandwidth by clicking on a turbo button on the portal. This bandwidth increase can also be enforced automatically with a service policy requiring higher bandwidth for the duration of the service. Service providers can bill subscribers for the temporary bandwidth increase.

Subscriber Self-Care

Cisco ISG includes a flexible RADIUS control system interface, so policy servers can implement a self-care system for subscribers to manage their accounts, pay bills, subscribe to new services, and create sub-accounts. The operational cost savings can be passed onto end users.

Parental Control

As broadband is becoming ubiquitous and available in private homes as well as public locations, parents are concerned of their children's uncontrolled access to the Internet. Cisco ISG with its subscriber awareness can selectively redirect and control children's access to the Internet. Access to any restricted content can be blocked from children's accounts.

Intelligent DHCP Proxy Control

Some ISPs and application service providers (ASPs; for example, gaming service providers) require that client devices use the IP addresses assigned by them and not use Network Address Translation (NAT). This leads to the problem of how users can connect to the network and dynamically update their IP address to use those applications. Cisco ISG has an intelligent DHCP proxy system with a service awareness that addresses this problem by assigning a temporary IP address to the client device for initial connection and then renewing the IP address with an ASP- or ISP-assigned IP address.

External Policy Control

As mentioned previously, the Cisco ISG architecture allows for distributed and centralized policy management, as well as an optimized mix of the two approaches. Current standards-based Cisco ISG interfaces include RADIUS and Change of Authorization (CoA) RFC 3576, enabling business support system (BSS) infrastructures to control Cisco ISG. Cisco ISG supports open standards, facilitating support of a broad array of third-party policy servers and BSSs, and also integrates with systems developed internally by service providers.

Conclusion

Innovative service creation, provisioning, delivery, and billing are of strategic importance for service providers looking to grow their subscriber base and increase retention rate, ARPU, and overall revenue. The intelligent service infrastructure of Cisco ISG helps enable the efficient rollout of new services across a converged, IP Next-Generation Network (IP NGN) infrastructure, allowing consistent access to services and generating new revenue with lower operating costs. Cisco ISG transforms today's broadband infrastructure into tomorrow's service-delivery architecture, helping win customer loyalty to a variety of new services. Cisco provides a unique, flexible service-delivery architecture that allows optimal implementation of services, exploiting network intelligence to enhance the end-user experience and minimize the total cost of network ownership for service providers.
Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital Tower Singapore 068912www.cisco.comTel: 	+65 6317 7777Fax: 	+65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on theCisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa RicaCroatia · Cyprus · Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SARHungary · India · Indonesia · Ireland · Israel · Italy · Japan · Korea · Luxembourg · Malaysia · MexicoThe Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal · Puerto Rico · Romania · RussiaSaudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · TaiwanThailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2006 Cisco Systems, Inc. All rights reserved. Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)	PD/LW11177Printed in the USA	CXX-XXXXX-00   05/06 Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel: 	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital Tower Singapore 068912www.cisco.comTel: 	+65 6317 7777Fax: 	+65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on theCisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa RicaCroatia · Cyprus · Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SARHungary · India · Indonesia · Ireland · Israel · Italy · Japan · Korea · Luxembourg · Malaysia · MexicoThe Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal · Puerto Rico · Romania · RussiaSaudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · TaiwanThailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2006 Cisco Systems, Inc. All rights reserved. Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)	PD/LW11177Printed in the USA	CXX-XXXXX-00   05/06
1Instat: From approximately 200 million currently to more than 400 million in 2009.