Cisco Service Control Application for Mobile Networks
PDF(391.6 KB) View with Adobe Reader on a variety of devices
Updated:Aug 15, 2008
The Cisco® Service Control Application for Mobile Networks provides application- and subscriber-level awareness for mobile data networks, offering traffic optimization, incremental service security, tiered services, and premium IP service delivery. The solution runs on the Cisco SCE 1000, SCE 2000 and SCE 8000 Series Service Control Engines, yielding unsurpassed performance and reliability suitable for deployment in carrier networks. Accompanied by a powerful set of management tools and application programming interfaces (APIs), the Cisco Service Control Application for Mobile Networks helps enable transparent integration into the operations support system (OSS) and ease of integration of the largest service control deployments.
Cisco Service Control technology comprises transport-agnostic, purpose-built hardware running extensible service applications designed to augment mobile data networks with advanced capabilities. The technology allows mobile providers to take control over their network by facilitating their ability to analyze, control, individually manage, and meter any number of IP services running on their IP network. By deploying a Cisco Service Control Engine and the Cisco Service Control Application for Mobile Networks, operators can:
• Perform detailed application- and subscriber-aware network profiling to improve network visibility.
• Optimize traffic of bandwidth-hungry peer-to-peer (P2P) applications, thereby reducing network congestion and improving network performance.
• Identify and mitigate malicious attack traffic to protect the mobile provider from outbound attacks and their subsequent cost.
• Track and control individual subscribers' sessions based on application parameters to develop new service plans, capture additional markets, and increase customer loyalty.
• Develop advanced subscriber- and portal-controlled services through integration with back-office systems and policy servers-the Cisco Service Control solution integrates with a variety of policy server products, and its robust set of APIs also enables customer-specific integration.
• Integrate the Cisco Service Control Engine with third-party platforms to develop advanced "high-touch" services such as network-hosted contentfiltering or security enhancements-the Cisco Service Control solution allows for subscriber-level virtualization that scales to enable deployment at the performance level required in a mobile network.
The Cisco Service Control Application for Mobile Networks enhances transport networks with programmable application detection and subscriber awareness. The software provides bidirectional, state-based monitoring of protocols that allows for the detection and control of virtually any network application, including Web browsing, multimedia streaming, and P2P applications. Service providers can immediately reduce network congestion by optimizing application-level traffic, thereby taking advantage of existing infrastructure and eliminating costly network upgrades. Application awareness provides a foundation for deploying new tiers of service based on the application, the content, or a premium offering such as interactive gaming. The Cisco Service Control Application for Mobile Networks runs on the Cisco Service Control Engine, a network element typically residing on the server side of an aggregation device such as the Cisco Gateway GPRS Support Node (GGSN) or Cisco Packet Data Serving Node (PDSN). The Cisco Service Control solution can monitor traffic flows at multigigabit speeds, and it offers providers a roadmap to profitability by enhancing the transport network with the underlying intelligence to analyze, manage, and control a multitude of value-added IP service offerings.
Using the patented multilayered hardware and software programmable architecture of the Cisco Service Control Engine, the Cisco Service Control Application can support new capabilities with software flexibility at hardware speeds. This advantage is highly notable in supporting new network protocols. The advanced signature-based classification system helps enable a quick turnaround for monitoring and measuring traffic of new protocols. This support is also available for encrypted network protocols such as Skype. Application layer information, however, would not be reported for encrypted protocols.
Typically installed as part of a mobile data aggregation framework, the Cisco Service Control Engine interoperates with subscriber authentication and management components as well as data-collection and policy-provisioning systems to transparently deliver dynamic, customized, and application-differentiated data services to subscribers.
The comprehensive collection, configuration, and management tools available as part of the product and the robust set of APIs available for solution integration help customers efficiently and economically design and deploy service control solutions, whether they are for a small network with minimum integration requirements or a large network encompassing hundreds of SCE devices and requiring integration into policy and management systems.
The Cisco Service Control Application for Mobile Networks runs on the Cisco Service Control Engine and is accompanied by a set of auxiliary components that help enable a transparent integration of the technology into a provider's OSS. Solution components include:
• Cisco Service Control Application Console-This simple-to-use, GUI-based front end helps the network operator quickly configure new traffic policies, develop and distribute new signatures, and view reports and device status. It provides a comprehensive set of management tools necessary to efficiently and reliably manage and operate a service control deployment of any size. Whether a solution includes a handful of devices or encompasses a large deployment with hundreds of devices, the console applications provide an efficient and easy-to-use configuration framework.
• Cisco Collection Manager-The collection manager performs real-time collection of usage data exported by the service control engines. It aggregates usage data collected from the SCE devices and stores them in a Structured Query Language (SQL) database or text files for further processing. The ability of this collection manager to work with any SQL database facilitates a variety of design options, including centralized or distributed collection and several redundancy options. When stored in the database, the Cisco reporting tool (prepackaged with more than 100 report templates) can be used to easily generate a wide range of reports on network activities and application usage. Operators can choose to use the Cisco Collection Manager for a simple and efficient solution or integrate the SCE with existing usage management, mediation, and datamining solutions.
• Cisco Subscriber Manager-The Cisco Subscriber Manager dispatches subscriber-level traffic-control policies and IP address association to SCE devices. It allows operators to account for and control traffic on an individual subscriber basis in environments where IP addresses change dynamically. The Cisco Subscriber Manager is an integration point for authentication, authorization, and accounting (AAA) and policy control systems. The Cisco Subscriber Manager software provides a simple way to rapidly develop complex, highly scalable service control solutions while simplifying integration with OSS and policy control products.
Figure 1. Cisco Service Control Engine with Cisco Service Control Application for Mobile Networks
The Cisco Service Control Engine is a transparent network element allowing for easy insertion in any network environment. Service providers delivering any access type (cable, DSL, fiber, mobile, fixed-wireless, etc.) can deploy the Cisco solution in the edge of their IP network and glean immediate cost-management and revenue-generation benefits. The access-agnostic nature of the solution makes it a particularly good choice for service providers supporting multiple access technologies in a single network and service offering, because the technology relieves them from the need to address access-specific concerns or products.
The unmatched performance, scale, and reliability of the solution help enable cost-effective deployments in numerous configurations. The product supports low-cost deployments with limited redundancy (but assurance of no service downtime, even that due to device failure), redundant 1 + 1 configurations, and cluster configurations, allowing for increased economy of scale. Installable in either inline or receive-only mode, all SCE models support an integrated bypass module for increased availability (Figure 2).
Figure 2. Cisco Service Control Engine-Network Topologies
An important capability of the Cisco Service Control solution is its ability to operate in Multiprotocol Label Switching (MPLS)-VPN environments, where there is the possibility of overlapped IP address space usage in each MPLS-VPN. In this environment, it is critical for the SCE to be able to distinguish between traffic on different MPLS-VPN tunnels and to virtualize deep packet inspection for each. By interfacing with the MPLS-VPN provider edge Border Gateway Protocol (BGP) information, the SCE can learn MPLS-VPN tunnel information and ensure adequate inspection and traffic control.
This capability is used by service providers interested in enriching their managed-services capability for corporate or enterprise traffic as well as mobile operators rolling out managed VPN services for branch offices and telecommuters (Figure 3).
Figure 3. Service Control in an MPLS-VPN Network
Key Features And Benefits
Cisco Service Control solutions overlay intelligence and application-level control on existing IP transport networks, helping service providers analyze, optimize, secure, meter, and control all traffic flows, including content-based services.
Improving and developing new business models requires that mobile service providers accurately understand their subscribers' usage patterns. The Cisco Service Control Application for Mobile Networks is designed to dramatically improve usage analysis by providing high-performance application and subscriber-aware traffic classification, giving operators unrivaled visibility into network activity. By tracking all IP traffic flows and performing stateful deep packet inspection, the solution collects statistics on the applications and services used by individual subscribers. The platform is configurable, allowing providers to granularly collect data and focus on important information. This setup alleviates the common problems associated with privacy concerns or sorting through masses of data to glean information.
The Cisco Service Control Engine transparently integrates into any existing network architecture and offers scalability that helps ensure that operators gain visibility into usage activity even in the most complex of network environments without impacting reliability or performance. More granular analysis, reporting, and control of network capacity planning and subscriber demographics help operators uncover hidden revenue potential while operating mobile networks.
Quality Experience Monitoring
Going beyond byte and packet counts, the Cisco Service Control Application for Mobile Networks provides unique features to enable a service provider to measure the quality of its end users' quality experience. Particularly, the solution provides a rich set of service-quality reports for voiceover-IP (VoIP) communication. By tapping into the control information exchanged by a VoIP conversation endpoint, the SCE collects and reports the quality of each VoIP conversation and can generate reports indicating the average quality of voice calls realized in a particular timeframe and for a particular service. The system also provides operators more granular reports that allow them to understand not only the quality of voice calls realized by the subscriber base, but also the cause of poor quality.
The Cisco Service Control Application for Mobile Networks provides this information not only on the provider's own VoIP offering but also on supported third-party "nonfacility" services.
Using the detailed reports available with the solution, the service provider can determine:
• How good is the quality of experience realized from these services?
• Is the quality consistent or do subscribers get poor experience during certain hours of the day?
• How does the quality compare to that of comparable off-net voice services?
• What can be done to improve the quality of both the managed and off-net voice services?
The quality-experience-monitoring capabilities of the solution provide critical business support information for both marketing and engineering to facilitate design and management of a managed voice service offering.
As the IP traffic over data networks increases in complexity thanks to high-volume applications such as music, video downloading, and gaming, service providers need the ability to consistently and cost-effectively deliver quality of experience (QoE) for all subscribers. Cisco Service Control technology can classify application-level traffic and subscribers while prioritizing and segmenting network resources. The solution uses stateful deep packet inspection, giving operators the ability to optimize traffic on their networks, thereby increasing efficient use of network resources, reducing costs, and maximizing capital investments.
Using state-of-the-art bandwidth management applied to network traffic on a global, subscriber, or individual flow-level hierarchy, the solution gives operators the ability to dictate how network resources are distributed. The results include:
• Improved overall subscriber experience by enhancing network performance.
• Reduced transit charges and costly network upgrades-the Cisco Service Control Application for Mobile Networks puts the operator in complete control of the distribution of network resources, ensuring operational costs are minimized and user satisfaction is maximized.
The Cisco Service Control Application for Mobile Networks is designed to help service providers quickly identify and mitigate malicious activities in their network, thereby reducing network management and customer support costs.
Using a variety of techniques, the Cisco Service Control Application for Mobile Networks can identify malicious activity and isolate it from the rest of the data traffic. By doing so the solution can protect the network from "outbound attacks" (those emanating from subscribers' infected by a Trojan or zombie application). The benefits for the service provider include:
• Rapid identification of a worm or virus epidemic enables the operations team to quickly react and contain its effect on the network and subscribers.
• Automatic notification to infected subscribers through a captive HTTP page helps subscribers prevent infection or disinfect compromised hosts, not only helping the community to shorten the lifecycle of a worm, but also reducing the load on the service provider's customer support center-thereby saving money and resources.
• A security risk handled properly by mobile providers provides a valuable opportunity to educate subscribers on security risks and possible protective methods, and can provide a good opportunity to up-sell subscribers a security package to their data service.
Application-Based Tiers of Service
The Cisco Service Control Application for Mobile Networks is designed to help operators expand their portfolio of services. Differentiating service levels with compelling new content can accelerate the migration of data users to third-generation (3G) access speeds, creating a critical mass of users for premium value-added service deployment. The Cisco Service Control Application for Mobile Networks helps operators account for usage on an individual subscriber level, while enforcing different policies on a variety of applications or services. The solution allows operators to create a wide range of subscription-based tiers of service that are tailored to the needs of individual subscribers or market segments.
This dynamic, subscriber-centric enforcement model provides for access and bandwidth-on-demand services that can improve overall subscriber satisfaction. Subscribers can select or gain access to chosen content and resources and providers can create truly customized data services and enforce service parameters directly correlated to the needs of individual users. With the Cisco Service Control Application for Mobile Networks, operators can develop services that:
• Migrate subscribers to 3G access speeds by crafting introductory high-speed packages.
• Attract online gamers and power users with quality add-ons for bandwidth-intensive applications.
• Protect content from unauthorized access by subscriber or device type.
Table 1 summarizes the primary features provided by Cisco Service Control solutions.
Table 1. Cisco Service Control Solutions Features
Stateful Deep Packet Inspection
• Classifies traffic to application based on Layers 3-7 parameters
• Supports the identification of P2P and port-hopping applications
• Classifies multimedia applications using multiple concurrent flows
• Behavioral classification identifies traffic type by type of application use
• Voice "fast path" helps ensure minimal latency for VoIP traffic
• The BitTorrent dormant flows repository minimizes the capacity impact of BitTorrent flow-spawning applications
• Multimedia applications: Real Time Streaming Protocol (RTSP), Session Initiation Protocol (SIP), Skype, H323, and Media Gateway Control Protocol (MGCP)
• HTTP (HyperText Transfer Protocol), NTTP, Simple Mail Transfer Protocol (SMTP), point of presence 3 (POP3), Internet Mail Access Protocol (IMAP), etc.
• HTTP classification based on URL or user-agent regular expression
• RTSP classification based on URL or user-agent regular expression
• SIP classification based on source or destination domain name
• Multipacket and bidirectional, configurable signatures
• User-definable signatures using a simple GUI
• Point-and-click signature distribution
• Classification and control of traffic flows on an individual subscriber basis
• Management and reporting of subscriber usage of network resources
• Subscriber quotas for tiered services
• Integration in RADIUS environments using RADIUS relay or RADIUS sniffing
• Integration in Dynamic Host Configuration Protocol (DHCP) environments using DHCP lease query or DHCP sniffing
• Direct API for subscriber integration with policy servers
• Integration with Cisco Broadband Policy Manager and third-party policy servers
• Ability to set bandwidth limits and guarantees on application and subscriber traffic
• Ability to set bandwidth rules on a subscriber, group, and global basis
• Control for the number of concurrent application sessions
• API for dynamic subscriber provisioning
• API for quota management
• Integration with policy control and authentication systems
• Simple Network Management Protocol (SNMP) interface for usage statistics
• HTTP classification API-Support for content-filtering and parental-control applications
• Value-added service (VAS) integration model-Ability to virtualize any network appliance based on subscriber or application
• Identification and mitigation of outbound attacks
• Identification of spam zombie activity
• Notification to operator and subscriber browser redirection for technical support
• SNMP alarm on threat detection
• Easy-to-use reports for trend analysis
• Security dashboard for simple configuration of security policies
• Overlapping private IP address space
• BGP neighborhood integration
• Automatic association of RT/RD tags
Data Collection and Reporting
• Offers operator-configurable transaction and aggregated subscriber usage reporting
• Stores data in any SQL-compliant database (Oracle, MySQL, or Sybase)
• Offers more than 100 preconfigured reports and supports third-party SQL reporting tools:
• Drill-down reports-Click report segment to see further information
• Redundant database and collector
• Central reporting from multiple devices or drill down to individual subscriber
• GUI-driven policy editor
• GUI-driven signature editor
• GUI-driven reporting tool
• GUI-driven subscriber manager
• Network navigator for multidevice management
• Batch distribution of policies and rule base
• Batch distribution of new signatures and protocols
• Logical grouping of devices into sites
• Software update wizard
Only the Cisco Service Control Solution with stateful deep packet inspection up to the application layer permits providers to identify content transported over any protocol, provide detailed analysis and control of complex content-based applications, and prioritize sessions in real time. Cisco Service Control technology is transport- and content-agnostic, fully extensible, fully programmable, and it easily integrates into the existing fabric of the network. The result is maximized use of network resources, customized service levels, and optimized subscriber experience. Operators that take advantage of this exclusive high-performance and stateful architecture can profitably deliver an array of services customized to individual subscriber needs.
View Only License
With a view only license a customer can use the traffic classification and reporting functions of the system to perform detailed analysis and statistics collection on subscriber and application activity. This license is used by providers to gain insight into network activity for capacity planning, usage demographics, and market intelligence.
Capacity Control License
The capacity control license is applicable when performing global traffic management and using the system to optimize application traffic. When using this license the system is not integrated with the back-end AAA, DHCP, or policy-server infrastructure and is used to apply global or anonymous policies. This license is used by providers for advanced network management applications to improve performance and optimize network resources.
Tier Control License
With a tier control license, customers can use the application suite to deliver individualized policies for each subscriber. The system can be provisioned with a control policy for each subscriber and integrated into authentication and registration OSS systems (RADIUS, DHCP, or policy servers) to dynamically bind IP addresses assigned to subscribers' sessions and their control policy. This license is used by providers to create new data services and deliver tiered network experience to their subscribers.
Table 2. Ordering Information for Cisco Service Control Application for Mobile Networks
Cisco Service Control Application for Mobile Networks, View Only
Cisco Service Control Application for Mobile Networks, Capacity Control
Cisco Service Control Application for Mobile Networks, Tiered Control
Cisco SCE 1010 Multimode Chassis
Cisco SCE 1010 Single-Mode Chassis
Cisco SCE 2020 Multimode Chassis
Cisco SCE 2020 Single-Mode Chassis
Cisco SCE 2020 Fast Ethernet Chassis
Cisco SCE8000 Service Control Engine
Cisco SCE8000 2 x 10GE Interfaces Bundle
Cisco SCE8000 4 x 10GE Interfaces Bundle
* XXX indicates number of subscribers: 10K, 50K, 250K, 1M
Service and Support
® offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, refer to
Cisco Technical Support Services.