Cisco Info Center VPN Policy Manager Installation and User Guide, 3.1 - Overview of Cisco Info Center VPN Policy Manager [Cisco Info Center VPN Policy Manager]

Table Of Contents

Overview of Cisco Info Center VPN Policy Manager

VPN Policy Manager Event Processing

Installation and Component Distribution

How Cisco ISC Is Used

Additional Cisco Info Center VPN Policy Manager Features

Overview of Cisco Info Center VPN Policy Manager

Cisco Info Center VPN Policy Manager is an application that acts as a data source for the Cisco Info Center 3.6 product by receiving events from the Cisco IP Solutions Center (ISC) 3.2 product and from network devices used to implement Multiprotocol Label Switching (MPLS)-based virtual private networks (VPNs) in the Cisco network environment.

VPN Policy Manager Event Processing

The ISC events processed by the Cisco Info Server and Cisco Info Center VPN Policy Manager include notifications that:

•A PE or Customer Premises Equipment (CPE) device has come up or gone down.

•An interface or subinterface associated with a Virtual Routing and Forwarding (VRF) instance is down.

•An interface associated with a VRF has come up.

When it receives ISC events, Cisco Info Center VPN Policy Manager queries the ISC database to obtain additional data about the events. Using predefined processing policies, Cisco Info Center VPN Policy Manager enhances the original events with the information obtained from ISC.

The events produced by Cisco Info Center VPN Policy Manager include information such as:

•The VPNs affected due to a fault on a Provider Edge (PE) router.

•The VPN customers affected.

•Which Customer Edge routers (CEs) are affected.

The enhanced events, along with additional events received from network devices used in the MPLS VPN network, are then placed in the Cisco Info Center database and displayed on the Info Server event list.

The policy-based processing capability provided by Cisco Info Center VPN Policy Manager greatly enhances the ability of network operators to monitor MPLS VPN networks and the operation of Cisco ISC.

Installation and Component Distribution

To install and use Cisco Info Center VPN Policy Manager, you must have an existing installation of Cisco Info Center 3.6. Cisco Info Center VPN Policy Manager is provided as a Cisco Info Center Support Pack that contains processing policies, rules, tools, and automations that enhance the Cisco Info Center core product to allow processing of ISC events.

You can install Cisco Info Center VPN Policy Manager on the same host where the Info Server component of Cisco Info Center is installed or on a separate, standalone host. Cisco Info Center VPN Policy Manager is installed as an additional Cisco Info Center component, called the Policy Manager component. This component consists of an Impact server and a data source adapter (DSA). Impact is a Micromuse product that is distributed by Cisco Systems, Inc. as part of an Original Equipment Manufacturer (OEM) agreement with Micromuse, Inc. The version of Impact that comes with Cisco VPN Policy Manager is pre-configured to work with Cisco Info Center and with ISC.

You can install the Info Mediators that are used to receive MPLS VPN events on the same host as the Info Server component, or on a separate remote host. Cisco recommends that you install the Policy Manager product on a separate host from the main Cisco Info Server.

Figure 1-1 shows how Cisco Info Center VPN Policy Manager functions in the network.

Figure 1-1 VPN Event Monitoring Using Cisco Info Center VPN Policy Manager

Figure 1-1 also illustrates the event flow from devices used implement VPNs to Cisco Info Center VPN Policy Manager:

The Cisco Info Center Info Server receives various types of events from ISC and from network devices used to implement Multiprotocol Label Switching. It receives these events through the following Info Mediators:

•MTTrapd Info Mediator—Info Mediator that receives general SNMP events.

When an interface on a PE router or a VRF goes down, the Cisco Info Server receives an event through the MTTrapd Info Mediator.

•Syslog Info Mediator—Info Mediator that receives syslog events from Cisco devices.

When a physical interface on a device interface that provides a link used in MPLS goes up or down, the Cisco Info Server receives a syslog event from the Syslog Info Mediator.

•Tibco Info Mediator (optional)—Info Mediator that receives Cisco Networking Services (CNS) events. Use of this Info Mediator is optional.

When a new PE or CPE is added to the MPLS network controlled by ISC, the ISC database is updated to indicate this change. Such changes include addition or deletion of a new PE router, Cisco Catalyst device, terminal server, Cisco VPN 3000, Cisco PIX firewall, or Cisco IE2100 device.

The database updates trigger CNS events that are received by the Cisco Info Center through the Tibco Info Mediator. The Tibco Info Mediator is also used to receive responses to queries that the Cisco Info Center sends to the ISC database.

When these types of event are received, the Cisco Info Server sends a database query to the ISC database using the Simple Object Access Protocol (SOAP). The ISC sends out responses to the queries in the form of CNS events, which are received by the Tibco Info Mediator and forwarded to the Info Server. The information received from ISC is sent to the Policy Manager application, which enhances the original event to indicate which VPNs and VPN customers are affected.

How Cisco ISC Is Used

Cisco IP Solutions Center (ISC) is an application that allows service providers to define and monitor virtual private networks (VPNs), for VPN and customer network information and uses this information to supplement events that are received from IOS devices to indicate the state of routers used to manage the VPN.

A VPN is a network in which two sites communicate over the service provider's network in a private manner—no site outside of the VPN can receive or transmit packets on the "private" route. This allows service providers to provide specialized, secure intranet and extranet services to customers.

Service Providers use ISC to configure two types of routers that enable deployment of VPNs:

•Provider Edge Routers (PEs). A router at the edge of a service provider's network that interfaces to CE routers. PEs communicate with each other using a version of the Border Gateway Protocol (BGP).

When a serial or main interface on a PE router goes down, all of the VPNs connected through that PE are affected. Policy Manager receives an event indicating that the router is down and relays fault information to Cisco Info Center.

•Customer Edge Routers (CEs). A router at the edge of a customer's network or equipment. Each customer's CE router(s) interfaces to a service provider's PE.

By establishing and maintaining unique routes between CEs and PEs, service providers can provide hundreds of thousands of VPNs to their customers.

Figure 1-2 shows the general network topology for VPNs created using PEs and CEs.

Figure 1-2 VPN Topology Example Using PEs and CEs

For more detailed information on how the Cisco ISC product provisions and monitors service provider networks that implement Multiprotocol Label Switching (MPLS) VPN policies, refer to the Cisco IP Solution Center 3.0: MPLS VPN Management Getting Started Guide.

Additional Cisco Info Center VPN Policy Manager Features

Cisco Info Center VPN Policy Manager adds additional features to the Cisco Info Server to facilitate viewing and processing of MPLS VPN-related events, including custom event views, automations, and tools.

For example, after installation of VPN Policy Manager, you can enable custom Cisco Info Center views that summarize CE and PE events obtained by Policy Manager. And you can use specialized tools for handling ISC events, such as the Launch ISC GUI tool.

	Cisco Info Center VPN Policy Manager Installation and User Guide, 3.1
	Overview of Cisco Info Center VPN Policy Manager
Cisco Info Center VPN Policy Manager Installation and User Guide, 3.1 Index About This Manual Overview of Cisco Info Center VPN Policy Manager Overview of Installation Installing Cisco Info Center VPN Policy Manager Using Policy Manager (UNIX) Using Policy Manager on the Webtop Client	Download this chapter Overview of Cisco Info Center VPN Policy Manager Download the complete book Cisco Info Center VPN Policy Manager Installation and Configuration Guide, 3.1 (PDF version) (PDF - 2 MB) Table Of Contents Overview of Cisco Info Center VPN Policy Manager VPN Policy Manager Event Processing Installation and Component Distribution How Cisco ISC Is Used Additional Cisco Info Center VPN Policy Manager Features Overview of Cisco Info Center VPN Policy Manager Cisco Info Center VPN Policy Manager is an application that acts as a data source for the Cisco Info Center 3.6 product by receiving events from the Cisco IP Solutions Center (ISC) 3.2 product and from network devices used to implement Multiprotocol Label Switching (MPLS)-based virtual private networks (VPNs) in the Cisco network environment. VPN Policy Manager Event Processing The ISC events processed by the Cisco Info Server and Cisco Info Center VPN Policy Manager include notifications that: •A PE or Customer Premises Equipment (CPE) device has come up or gone down. •An interface or subinterface associated with a Virtual Routing and Forwarding (VRF) instance is down. •An interface associated with a VRF has come up. When it receives ISC events, Cisco Info Center VPN Policy Manager queries the ISC database to obtain additional data about the events. Using predefined processing policies, Cisco Info Center VPN Policy Manager enhances the original events with the information obtained from ISC. The events produced by Cisco Info Center VPN Policy Manager include information such as: •The VPNs affected due to a fault on a Provider Edge (PE) router. •The VPN customers affected. •Which Customer Edge routers (CEs) are affected. The enhanced events, along with additional events received from network devices used in the MPLS VPN network, are then placed in the Cisco Info Center database and displayed on the Info Server event list. The policy-based processing capability provided by Cisco Info Center VPN Policy Manager greatly enhances the ability of network operators to monitor MPLS VPN networks and the operation of Cisco ISC. Installation and Component Distribution To install and use Cisco Info Center VPN Policy Manager, you must have an existing installation of Cisco Info Center 3.6. Cisco Info Center VPN Policy Manager is provided as a Cisco Info Center Support Pack that contains processing policies, rules, tools, and automations that enhance the Cisco Info Center core product to allow processing of ISC events. You can install Cisco Info Center VPN Policy Manager on the same host where the Info Server component of Cisco Info Center is installed or on a separate, standalone host. Cisco Info Center VPN Policy Manager is installed as an additional Cisco Info Center component, called the Policy Manager component. This component consists of an Impact server and a data source adapter (DSA). Impact is a Micromuse product that is distributed by Cisco Systems, Inc. as part of an Original Equipment Manufacturer (OEM) agreement with Micromuse, Inc. The version of Impact that comes with Cisco VPN Policy Manager is pre-configured to work with Cisco Info Center and with ISC. You can install the Info Mediators that are used to receive MPLS VPN events on the same host as the Info Server component, or on a separate remote host. Cisco recommends that you install the Policy Manager product on a separate host from the main Cisco Info Server. Figure 1-1 shows how Cisco Info Center VPN Policy Manager functions in the network. Figure 1-1 VPN Event Monitoring Using Cisco Info Center VPN Policy Manager Figure 1-1 also illustrates the event flow from devices used implement VPNs to Cisco Info Center VPN Policy Manager: The Cisco Info Center Info Server receives various types of events from ISC and from network devices used to implement Multiprotocol Label Switching. It receives these events through the following Info Mediators: •MTTrapd Info Mediator—Info Mediator that receives general SNMP events. When an interface on a PE router or a VRF goes down, the Cisco Info Server receives an event through the MTTrapd Info Mediator. •Syslog Info Mediator—Info Mediator that receives syslog events from Cisco devices. When a physical interface on a device interface that provides a link used in MPLS goes up or down, the Cisco Info Server receives a syslog event from the Syslog Info Mediator. •Tibco Info Mediator (optional)—Info Mediator that receives Cisco Networking Services (CNS) events. Use of this Info Mediator is optional. When a new PE or CPE is added to the MPLS network controlled by ISC, the ISC database is updated to indicate this change. Such changes include addition or deletion of a new PE router, Cisco Catalyst device, terminal server, Cisco VPN 3000, Cisco PIX firewall, or Cisco IE2100 device. The database updates trigger CNS events that are received by the Cisco Info Center through the Tibco Info Mediator. The Tibco Info Mediator is also used to receive responses to queries that the Cisco Info Center sends to the ISC database. When these types of event are received, the Cisco Info Server sends a database query to the ISC database using the Simple Object Access Protocol (SOAP). The ISC sends out responses to the queries in the form of CNS events, which are received by the Tibco Info Mediator and forwarded to the Info Server. The information received from ISC is sent to the Policy Manager application, which enhances the original event to indicate which VPNs and VPN customers are affected. How Cisco ISC Is Used Cisco IP Solutions Center (ISC) is an application that allows service providers to define and monitor virtual private networks (VPNs), for VPN and customer network information and uses this information to supplement events that are received from IOS devices to indicate the state of routers used to manage the VPN. A VPN is a network in which two sites communicate over the service provider's network in a private manner—no site outside of the VPN can receive or transmit packets on the "private" route. This allows service providers to provide specialized, secure intranet and extranet services to customers. Service Providers use ISC to configure two types of routers that enable deployment of VPNs: •Provider Edge Routers (PEs). A router at the edge of a service provider's network that interfaces to CE routers. PEs communicate with each other using a version of the Border Gateway Protocol (BGP). When a serial or main interface on a PE router goes down, all of the VPNs connected through that PE are affected. Policy Manager receives an event indicating that the router is down and relays fault information to Cisco Info Center. •Customer Edge Routers (CEs). A router at the edge of a customer's network or equipment. Each customer's CE router(s) interfaces to a service provider's PE. By establishing and maintaining unique routes between CEs and PEs, service providers can provide hundreds of thousands of VPNs to their customers. Figure 1-2 shows the general network topology for VPNs created using PEs and CEs. Figure 1-2 VPN Topology Example Using PEs and CEs For more detailed information on how the Cisco ISC product provisions and monitors service provider networks that implement Multiprotocol Label Switching (MPLS) VPN policies, refer to the Cisco IP Solution Center 3.0: MPLS VPN Management Getting Started Guide. Additional Cisco Info Center VPN Policy Manager Features Cisco Info Center VPN Policy Manager adds additional features to the Cisco Info Server to facilitate viewing and processing of MPLS VPN-related events, including custom event views, automations, and tools. For example, after installation of VPN Policy Manager, you can enable custom Cisco Info Center views that summarize CE and PE events obtained by Policy Manager. And you can use specialized tools for handling ISC events, such as the Launch ISC GUI tool.
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.