Cisco 10000 Series Internet Router Service Selection Gateway Configuration Guide - Service Selection Methods [Cisco 10000 Series Routers]

Table Of Contents

Service Selection Methods

PPP Terminated Aggregation

PTA-Multidomain

Restrictions for PTA-MD

Web Service Selection

SESM and SSG Performance

Service Selection Methods

The Cisco 10000 series router supports the following service selection methods:

•PPP Terminated Aggregation

•PTA-Multidomain

•Web Service Selection

This chapter describes the service selection methods.

PPP Terminated Aggregation

PPP terminated aggregation (PTA) is a PPP selection method in which service selection is based on a structured domain name (for example, username@service.com). PTA terminates the PPP session into a single routing domain. Users can only access one service and users do not have access to the default network or SESM.

The PTA-MD exclusion list allows you to create a set of domains that you want to exclude from SSG processing. When a PPP user attempts to establish a PPP session using a domain that is included in the exclusion list, the traffic is treated as non-SSG traffic and is processed by Cisco IOS software. The system does not apply SSG features and processing to the traffic.

PTA-Multidomain

PTA-Multidomain (PTA-MD) is a PPP selection method in which service selection is based on a structured domain name (for example, username@service.com). PTA-MD terminates the PPP sessions into multiple IP routing domains. SSG features and processing are applied to the user traffic and users can access one or more services at a time. PTA-MD service selection supports a wholesale VPN model where each domain is isolated from the other and has the capability to support overlapping IP addresses.

The Cisco 10000 series router implements PTA-MD service selection in the following way:

•The access provider terminates the user PPP sessions and logically associates each session with a particular service.

•Network side interfaces are associated with a service. SSG binds the user session and its service to the appropriate network side interface.

•SSG binds the network side interface associated with a service to a virtual routing and forwarding (VRF) instance. All users who subscribe to that service are also bound to that same VRF. Packets to and from the user and to and from the network side interface are routed within the same VRF.

Restrictions for PTA-MD

A user cannot connect to multiple services that are simultaneously in different VRFs.

Web Service Selection

Web service selection enables users to concurrently access multiple on-demand services from a list of personalized services. The Cisco 10000 series router supports the Cisco Subscriber Edge Services Manager (SESM) application for web service selection.

The SESM application provides subscriber authentication, service selection, and service connection capabilities to subscribers of Internet services. Subscribers interact with the SESM web application using a standard Internet browser. They do not need to download any software or plug-ins to use the SESM web pages. After a subscriber successfully authenticates, the SESM web application presents a list of services that the subscriber is currently authorized to use. The subscriber can gain access to one or more of those services by selecting them from a web page. Alternatively, an automatic connection feature might provide automatic connection to services.

SESM works in conjunction with other network components to provide extremely robust, highly scalable connection management to Internet services. Internet service providers (ISPs) and network access providers (NAPs) deploy SESM to provide their subscribers with a web interface for accessing multiple Internet services. The ISPs and NAPs can customize and brand the content of the web pages and thereby control the user experience for different categories of subscribers.

SESM Release 3.1(1) or later is a solution composed of a number of applications built on a core set of software components. ISPs and NAPs can use these core components to further develop and customize SESM web applications, if required. The Cisco Subscriber Edge Services Manager Web Developer Guide, Release 3.1(7) describes how to develop SESM applications.

SESM web applications (Release 3.1(1) or later) deployed in Directory Enabled Service Selection/Subscription (DESS) mode incorporate the use of the Cisco Subscriber Policy Engine (SPE) Release 1.0. The SPE allows subscribers to perform account maintenance and self-care activities, such as subscribing to new services, creating subaccounts (for other members of the family, for example), and changing basic account information, such as address, phone number, and e-mail.

For subscribers of Internet services, the SESM web application offers flexibility and convenience, including the ability to access multiple services simultaneously.

For Internet service providers, the SESM web application provides a way to control the subscriber experience and promote customer loyalty. Service providers can change the look and feel of their SESM web application, brand the application, and control the content of the pages displayed to their subscribers.

For more information, refer to the SESM documentation.

SESM and SSG Performance

Packets sent between the SSG and the SESM might require processing by the Cisco 10000 router Route Processor (RP), instead of the parallel express forwarding (PXF) engine.

The following conditions require RP processing of packets:

•When the SESM interface is connected to the network management (NME) port of the performance routing engine (PRE, Part Number ESR-PRE2), all traffic between the SSG and the SESM is passed to the RP for processing.

•When the SESM is connected to one of the line card interfaces and the Port-Bundle Host Key feature is configured on the SSG, all packets sent to and from the SESM are passed to the RP for processing.

•When the SESM is connected to one of the line card interfaces and TCP redirect is enabled, all TCP packets from the SESM to the SSG are passed to the RP for processing.

Note The RP does not have as much forwarding capacity as the PXF.

	Cisco 10000 Series Internet Router Service Selection Gateway Configuration Guide
	Service Selection Methods
Cisco 10000 Series Internet Router Service Selection Gateway Configuration Guide About This Guide Service Selection Gateway Overview Scaling and Performance SSG Logon and Logoff Authentication and Accounting Service Selection Methods Service Connection Service Profiles and Cached Service Profiles SSG Hierarchical Policing Interface Configuration SSG TCP Redirect Miscellaneous SSG Features Monitoring and Maintaining SSG SSG Implementation Notes Configuration Example for SSG Glossary Index	Download this chapter Service Selection Methods Download the complete book Cisco 10000 Series Router Service Selection Gateway Configuration Guide (PDF - 1 MB) Table Of Contents Service Selection Methods PPP Terminated Aggregation PTA-Multidomain Restrictions for PTA-MD Web Service Selection SESM and SSG Performance Service Selection Methods The Cisco 10000 series router supports the following service selection methods: •PPP Terminated Aggregation •PTA-Multidomain •Web Service Selection This chapter describes the service selection methods. PPP Terminated Aggregation PPP terminated aggregation (PTA) is a PPP selection method in which service selection is based on a structured domain name (for example, username@service.com). PTA terminates the PPP session into a single routing domain. Users can only access one service and users do not have access to the default network or SESM. The PTA-MD exclusion list allows you to create a set of domains that you want to exclude from SSG processing. When a PPP user attempts to establish a PPP session using a domain that is included in the exclusion list, the traffic is treated as non-SSG traffic and is processed by Cisco IOS software. The system does not apply SSG features and processing to the traffic. PTA-Multidomain PTA-Multidomain (PTA-MD) is a PPP selection method in which service selection is based on a structured domain name (for example, username@service.com). PTA-MD terminates the PPP sessions into multiple IP routing domains. SSG features and processing are applied to the user traffic and users can access one or more services at a time. PTA-MD service selection supports a wholesale VPN model where each domain is isolated from the other and has the capability to support overlapping IP addresses. The Cisco 10000 series router implements PTA-MD service selection in the following way: •The access provider terminates the user PPP sessions and logically associates each session with a particular service. •Network side interfaces are associated with a service. SSG binds the user session and its service to the appropriate network side interface. •SSG binds the network side interface associated with a service to a virtual routing and forwarding (VRF) instance. All users who subscribe to that service are also bound to that same VRF. Packets to and from the user and to and from the network side interface are routed within the same VRF. Restrictions for PTA-MD A user cannot connect to multiple services that are simultaneously in different VRFs. Web Service Selection Web service selection enables users to concurrently access multiple on-demand services from a list of personalized services. The Cisco 10000 series router supports the Cisco Subscriber Edge Services Manager (SESM) application for web service selection. The SESM application provides subscriber authentication, service selection, and service connection capabilities to subscribers of Internet services. Subscribers interact with the SESM web application using a standard Internet browser. They do not need to download any software or plug-ins to use the SESM web pages. After a subscriber successfully authenticates, the SESM web application presents a list of services that the subscriber is currently authorized to use. The subscriber can gain access to one or more of those services by selecting them from a web page. Alternatively, an automatic connection feature might provide automatic connection to services. SESM works in conjunction with other network components to provide extremely robust, highly scalable connection management to Internet services. Internet service providers (ISPs) and network access providers (NAPs) deploy SESM to provide their subscribers with a web interface for accessing multiple Internet services. The ISPs and NAPs can customize and brand the content of the web pages and thereby control the user experience for different categories of subscribers. SESM Release 3.1(1) or later is a solution composed of a number of applications built on a core set of software components. ISPs and NAPs can use these core components to further develop and customize SESM web applications, if required. The Cisco Subscriber Edge Services Manager Web Developer Guide, Release 3.1(7) describes how to develop SESM applications. SESM web applications (Release 3.1(1) or later) deployed in Directory Enabled Service Selection/Subscription (DESS) mode incorporate the use of the Cisco Subscriber Policy Engine (SPE) Release 1.0. The SPE allows subscribers to perform account maintenance and self-care activities, such as subscribing to new services, creating subaccounts (for other members of the family, for example), and changing basic account information, such as address, phone number, and e-mail. For subscribers of Internet services, the SESM web application offers flexibility and convenience, including the ability to access multiple services simultaneously. For Internet service providers, the SESM web application provides a way to control the subscriber experience and promote customer loyalty. Service providers can change the look and feel of their SESM web application, brand the application, and control the content of the pages displayed to their subscribers. For more information, refer to the SESM documentation. SESM and SSG Performance Packets sent between the SSG and the SESM might require processing by the Cisco 10000 router Route Processor (RP), instead of the parallel express forwarding (PXF) engine. The following conditions require RP processing of packets: •When the SESM interface is connected to the network management (NME) port of the performance routing engine (PRE, Part Number ESR-PRE2), all traffic between the SSG and the SESM is passed to the RP for processing. •When the SESM is connected to one of the line card interfaces and the Port-Bundle Host Key feature is configured on the SSG, all packets sent to and from the SESM are passed to the RP for processing. •When the SESM is connected to one of the line card interfaces and TCP redirect is enabled, all TCP packets from the SESM to the SSG are passed to the RP for processing. Note The RP does not have as much forwarding capacity as the PXF.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.