As part of the Cisco® IP Solution Center (ISC) family of intelligent network management applications, the ISC Layer 2 VPN Management application helps service providers and enterprises effectively manage Layer 2 VPNs and Carrier Ethernet services.
Product Overview
Cisco IP Solution Center
Cisco IP Solution Center provides automated, workflow-based troubleshooting and diagnostics, automated resource management, and rapid profile-based planning and provisioning capabilities for Multiprotocol Label Switching (MPLS) VPNs. The ISC applications can operate as standalone applications or as a suite. Functions include provisioning and automated diagnostics for MPLS VPNs; provisioning of Ethernet, ATM, and, Frame Relay over MPLS VPNs; and Ethernet services on a bridged network; and planning and configuration of MPLS Traffic Engineering. ISC provides a flexible application set for managing MPLS and Carrier Ethernet technologies in service provider and large enterprise networks.
ISC also offers a scalable and reliable architecture for large-scale operations by providing a four-tiered system consisting of client, interface, control, and distribution tiers. Its Web-based GUI and open APIs help integrate IP services operations into existing service provider operations support systems (OSSs). Open APIs and OSS interfaces help service providers to easily integrate IP VPN services into their OSS and management infrastructure. The open APIs allow for integration with Cisco fault management products such as Cisco Info Center and performance management products from independent software vendors (ISVs). For additional information, contact your Cisco sales representative.
ISC delivers complete lifecycle management, from creating the IP service to real-time VPN and MPLS Traffic Engineering tunnel provisioning, activation, troubleshooting, and diagnostics. ISC accelerates deployment and time to market of IP services. Simultaneously, it simplifies management of multiple technologies by providing an integrated management product (Figure 1).
Figure 1. Intelligent Management Applications for MPLS and Carrier Ethernet Networks
Cisco ISC Layer 2 VPN Management Application
The ISC Layer 2 VPN Management application provides the tools for enterprises and service providers to effectively manage the entire lifecycle of Layer 2 VPNs, Any Transport over MPLS (AToM) and Metro Ethernet services. Management features such as policy-based VPN and quality of service (QoS) provisioning help minimize the cost of deploying Layer 2 VPN services. The management features reduce errors and increase the efficiency of service deployment and management.
Cisco ISC Layer 2 VPN Provisioning Capabilities
• Automated discovery. Under certain circumstances ISC will provide discovery of Layer 2 and Carrier Ethernet VPN services to simplify the discovery and creation of manually configured services.
• Management of resources such as regions, VLAN identification (ID) pools, pseudowire virtual-circuit ID pools, and service provider administrative domains.
• Definition of provisioning parameters in a service policy to be used during service activation, including support of Layer 2 aggregation access domain and Layer 2 ring topologies.
• Support of Metro Ethernet Forum (MEF) naming conventions and device role behavior.
• Carrer Ethernet service activation, including pseudowire creation, VLAN-to-pseudowire mapping, and VLAN translation 1:1 and 2:1.
• Configuration of Ethernet QoS using templates.
• Preprovisioning checks for validity of service design, including uploading of the current configuration and validation of service design against the existing network configuration .
• Postprovisioning validation of the service design to determine if the Layer 2 VPN is active and functional.
• A variety of service assurance reports for all deployed services, including end-to-end connection parameters as well as pseudowire parameters for a given customer VPN.
ISC Layer 2 VPN Planning Capabilities
• Configuration and management of MPLS Traffic Engineering tunnels on a network; for further details about the ISC Traffic Engineering Management application, refer to the Cisco IP/MPLS Traffic Engineering Management 5.0 data sheet.
ISC Layer 2 VPN Diagnostics Capabilities
Current capabilities for Layer 2 and Metro Ethernet VPNs provided in Cisco IP Solution Center for postprovisioning verification include the following:
• Smart configuration audits to validate VPN configuration.
• On-demand and scheduled audits for configuration diagnostics.
The ISC Layer 2 VPN Management application can be deployed with other Cisco ISC applications:
• The ISC MPLS VPN Management application, for managing MPLS VPNs.
• The ISC Traffic Engineering Management application, which supports MPLS Traffic Engineering configuration and planning.
• Cisco MPLS Diagnostics Expert for diagnosing and troubleshooting MPLS VPNs.
The ISC Layer 2 VPN Management application supports traditional Layer 2 VPNs networks as well as Carrier Ethernet applications.
Ethernet VPN Services: Business Metro Services
Business Metro services provide VPN connections to enterprise customers using various technologies and network infrastructure. They support hub-and-spoke or ring access topologies. The service provider core network can be MPLS or Layer 2 VLAN. A service provider can offer the following services:
• Point-to-point Ethernet connections using Ethernet over MPLS (EoMPLS) or just Layer 2 VLAN infrastructure, with two types of User-Network Interface (UNI) access: 802.1Q-in-802.1Q (QinQ) and dot1Q encapsulation. These services are also known as Ethernet Relay Service (ERS) and Ethernet Wire Service (EWS). The MEF refers to them as Ethernet Point-to-Point Line (ELINE) services.
• Multipoint-to-multipoint services (ELAN services) using MPLS virtual private LAN services (VPLS) or just Layer 2 VLAN core.
Figure 2 depicts the feature areas that Cisco ISC Layer 2 VPN Management can help configure and support as defined in the following list:
• Supports point-to-point and multipoint services (EWS, ERS, VPLS)
• Creates a Virtual Forwarding Instance (VFI) or cross-connect instances and activates pseudowires
• Manages VLAN per Ethernet domain and virtual circuit ID allocation for pseudowire and VFI instances on network provider edge devices (N-PEs)
• Activates UNI with QoS and, optionally, security
• Configures VLAN trunking between UNI and N-PE
• Supports customer UNI QoS deployment
Figure 2. Metro Ethernet Business E-LAN and E-LINE Services
Ethernet Aggregation Applications
In Ethernet Aggregation applications, the User PE (U-PE) is generally a DSLAM that needs to be connected to an N-PE and broadband remote access server. Figure 3 depicts a sample network and topology supported by Cisco ISC and points out the feature areas that Cisco ISC Layer 2 VPN Management can help configure and support as defined in the following list:
• Interconnection of the U-PE/DSLAM with the aggregation node and the broadband remote access server, using dot1.q VLAN interconnects or dot1.q VLAN termination to Layer 3 VRF.
• Interconnection to broadband remote access server through pseudowires.
• Accurate reporting on the infrastructure used in this application.
Figure 3. Ethernet Aggregation in Broadband Triple-Play Networks
Ethernet Broadband Triple Play
Several service providers are deploying Ethernet to the home to provide consumers with triple-play services (voice, video, and data). Figure 4 depicts a sample network and topology supported by Cisco ISC and points out the feature areas that Cisco ISC Layer 2 VPN Management can help configure and support as defined in the following list:
• Accurate deployment of service VLANs, termination of service VLANs
• Interconnection to broadband remote access server through pseudowires or Layer 3 MPLS VPN
• Activation of customer UNIs
• Activation of QoS for the purchased rate
• Accurate reporting on the infrastructure used in this application
Figure 4. Ethernet Broadband Triple-Play Network to the Home
Traditional Layer 2 Networks
The Cisco ISC Layer 2 VPN Management application helps enable any existing or emerging Layer 2 transport technology to interwork through a common, converged MPLS or IP architectural framework. The benefits to the carrier can be substantial in the long run-for example, reducing operating expenses (OpEx) by decreasing the number of networks to manage and types of platforms deployed. The Cisco ISC Layer 2 VPN Management application helps service providers converge multiple services on a single network infrastructure and carry traditional Layer 2 data traffic over a packet-based network. It addresses the needs of carriers with a deployed MPLS footprint. The Cisco ISC Layer 2 VPN Management application supports the provisioning, planning, and troubleshooting of ATM and Frame Relay services over an MPLS core (AToM).
Table 1 lists the features and benefits of the Cisco ISC Layer 2 VPN Management application.
Table 1. Features and Benefits
Features
Description
Benefits
Tracking of Layer 2 resources
Cisco ISC Layer 2 VPN Management allows service operators to:
• Manage regions, service provider administrative domains, customer sites, and access domains
• Automatically allocate resources such as VLAN IDs and pseudowire
• virtual-circuit IDs
• Map a VLAN to a pseudowire virtual circuit
• Track management services and reserved VLANs per Ethernet access domain
Cisco ISC Layer 2 VPN Management keeps track of all the resources allocated and knows to which service, customer, or site these resources were allocated. This greatly reduces the time it takes the service operator to track these resources and relieves the operator from manually entering certain parameters during service activation.
Rapid profile-based provisioning for AToM Layer 2 VPN services:
• Point-to-point EWS
• Point-to-point ERS
• Frame Relay over MPLS
• ATM over MPLS
Virtual private LAN services (VPLS):
• Ethernet Multipoint Service (EMS) for MPLS- and Ethernet-based provider core
Cisco ISC Layer 2 VPN Management allows service operators to define Layer 2 VPN provisioning parameters in a service policy and uploads the network-element configuration to calculate the change in configuration needed for successful service activation. It supports the configuration and management of:
• Layer 2 VPN services and VPLS
• Full-mesh VPLS support for Cisco 7600 Series platforms (802.1Q-in-802.1Q [QinQ] and dot1Q encapsulation)
• Full-mesh, hub-and-spoke, and partial-mesh VPN topologies
• VLAN translation (1:1 and 2:1)
• Metro Ethernet QoS including hierarchical QoS
• UNI port security profiling (secure MAC addresses, protocol unicast and broadcast thresholding, and protection shutdown)
• Managed and unmanaged customer-edge scenarios
• Autodiscovery and out-of-band change synchronization
Automation of these processes helps reduce provisioning fallouts due to error-prone manual procedures.
The use of service policies for service activation speeds the provisioning cycle and reduces time to market. It greatly reduces the service operator's tasks because the only parameters required for service activation have already been captured in the service policy.
By uploading the configuration prior to applying it, Cisco ISC Layer 2 VPN Management helps ensure that the service-activation configuration is successfully applied and does not collide with the existing configuration, reducing outages caused by incorrect provisioning.
Autodiscovery of Layer 2 VPN and Metro Ethernet services
Cisco ISC Layer 2 VPN Management can partially discover Layer 2 VPN and Metro Ethernet services that were configured prior to Cisco IP Solution Center's activation on the service provider's network. Please see ISC Infrastructure Reference, 5.0.1 for details.
Helps operators, with the help of Cisco Advanced Services or other integrator, to quickly set up Cisco ISC Layer 2 VPN Management in networks with manually configured Layer 2 VPN or Metro Ethernet services, and efficiently takes over management of these services.
Recognition of incorrect service configuration
Cisco ISC Layer 2 VPN Management provides postprovisioning validation of the service design to determine if the Layer 2 VPN is active and functional.
• Configuration audits
• On-demand audits for configuration troubleshooting
Cisco ISC Layer 2 VPN Management reduces the time it takes to troubleshoot network outages due to incorrect service configuration by verifying that the commands for a service are present on the network elements and the links involved or VPN are working correctly.
Investment protection from Cisco IOS® Software and line-card changes
• Cisco Catalyst® 6500 , 4900, 4500, 3750, 3550, and 2950 Series switches
• Cisco 12000, 7500, and 7200 series routers
The Cisco ISC Layer 2 VPN Management solution reduces time to market of new services and the cost of upgrading the customer OSS due to upgrades in platforms, Cisco IOS Software or Cisco Catalyst OS versions, and line cards by providing extensive support of the latest hardware and software.
Carrier-grade infrastructure for large deployments
Cisco ISC Layer 2 VPN Management makes use of the following Cisco ISC set of system features in order to provide a carrier-grade VPN management system:
• Four-tiered distributed architecture
• Thin Web-based GUI client
• Role-based access control (RBAC)
• Extensible Markup Language (XML)-over-HTTP northbound interface
• Data backup and restore
Cisco ISC offers a scalable and reliable architecture for large-scale operations by providing a four-tiered system consisting of client, interface, control, and distribution tiers. RBAC provides access control to service providers that want to implement strict operational processes. The backup and restore capabilities of Cisco ISC protect your data against OS crashes, file corruption, disk failures, and total machine failure.
Product Specifications
Product specifications for each element-management application are found in data sheets of the respective applications at Cisco.com, and more details are available in the installation guide at: http://www.cisco.com/go/isc.
System Requirements
The server, client, and Web browser system requirements can be found in the installation guide at http://www.cisco.com/go/isc under Cisco IP Solution Center Technical Documentation. Refer to this and the product documentation guide for more detailed information about setting up and configuring this product.
Ordering Information
The Cisco ISC Layer 2 VPN Management application is available for purchase through regular Cisco sales and distribution channels worldwide. To place an order, visit the Cisco Ordering Home Page.
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, refer to Cisco Technical Support Services or Cisco Advanced Services.
