As part of the Cisco® IP Solution Center (ISC) family of intelligent network management applications, the Cisco ISC Layer 2 VPN Management application helps service providers and enterprises effectively manage Layer 2 VPNs and Metro Ethernet services.
Product Overview
Cisco IP Solution Center
The Cisco IP Solution Center provides automated, workflow-based troubleshooting and diagnostics, automated resource management, and rapid profile-based planning and provisioning capabilities for MPLS VPNs. The Cisco ISC applications can operate as standalone applications or as a suite. Functions include provisioning and automated diagnostics1 for MPLS VPNs; ATM, Frame Relay, and Ethernet over MPLS VPNs; ATM and Frame Relay transport over Layer 2 Tunneling Protocol Version 3 (L2TPv3) VPNs and Metro Ethernet VPNs; and planning and configuration of MPLS Traffic Engineering. The Cisco IP Solution Center provides a flexible application set for managing MPLS and Metro Ethernet technologies in service provider and large enterprise networks.
The Cisco ISC also offers a scalable and reliable architecture for large-scale operations by providing a four-tiered system consisting of client, interface, control, and distribution tiers. Its Web-based GUI and open APIs help integrate IP services operations into existing service provider operations support systems (OSSs). Open APIs and OSS interfaces help service providers to easily integrate IP VPN services into their OSS and management infrastructure. Cisco ISC open APIs allow for integration with Cisco fault-management products such as Cisco Info Center and performance management products from independent software vendors (ISVs). For additional information, contact your Cisco Systems® sales representative.
The Cisco IP Solution Center delivers complete lifecycle management, from creating the IP service to real-time VPN and MPLS Traffic Engineering tunnel provisioning, activation, troubleshooting, and diagnostics. Cisco IP Solution Center accelerates deployment and time to market of IP services. Simultaneously, it simplifies management of multiple technologies by providing an integrated management product (Figure 1).
Figure 1. Intelligent Management Applications for MPLS and Metro Ethernet Networks
Cisco ISC Layer 2 VPN Management Application
The Cisco ISC Layer 2 VPN Management application provides the tools for enterprises and service providers to effectively manage the entire lifecycle of Layer 2 VPNs, Any Transport over MPLS (AToM), L2TPv3, and Metro Ethernet services. Management features such as policy-based VPN and quality of service (QoS) provisioning help minimize the cost of deploying Layer 2 VPN services. The management features reduce errors and increase the efficiency of service deployment and management.
Cisco ISC Layer 2 VPN Provisioning Capabilities
• Automated discovery of Layer 2 and Metro Ethernet VPN services to simplify the discovery, creation, and continual management of manually configured services
• Management of resources such as regions, VLAN identification (ID) pools, pseudowire virtual-circuit ID pools, and service provider administrative domains
• Definition of provisioning parameters in a service policy to be used during service activation, including support of Layer 2 aggregation access domain and Layer 2 ring topologies
• Support of Metro Ethernet Forum (EMF) naming conventions and device role's behavior
• Metro Ethernet service activation, including pseudowire creation, VLAN-to-pseudowire mapping, and VLAN translation 1:1 and 2:1
• Configuration of Ethernet QoS, including Ethernet QoS-to-MPLS EXP marking and Hierarchical QoS
• Pre-provisioning checks for validity of service design, including uploading of the current configuration and validation of service design against the existing network configuration
• Postprovisioning validation of the service design to determine if the Layer 2 VPN is active and functional
• A variety of service assurance reports for all deployed services, including end-to-end connection parameters as well as pseudowire parameters for a given customer VPN
Cisco ISC Layer 2 VPN Planning Capabilities
• Configuration and management of MPLS Traffic Engineering tunnels on a network; for further details about the Cisco ISC Traffic Engineering Management application, refer to the Cisco IP/MPLS Traffic Engineering Management 4.2 data sheet
Cisco ISC Layer 2 VPN Diagnostics Capabilities
Current capabilities for Layer 2 and Metro Ethernet VPNs provided in Cisco IP Solution Center for postprovisioning verification include the following:
• Smart configuration audits to validate VPN configuration
• On-demand and scheduled audits for configuration diagnostics
• Functional audit of L2TPv3 session status
For information on automated diagnostics for VPN deployments, please refer to the Cisco MPLS Diagnostics Expert at: http://www.cisco.com/go/mde.
The Cisco ISC Layer 2 VPN Management application can be deployed with other Cisco ISC applications:
• The Cisco ISC MPLS VPN Management application, for managing MPLS VPNs
• The Cisco ISC Traffic Engineering Management application, which supports MPLS Traffic Engineering configuration and planning
Cisco ISC Layer 2 VPN Management supports traditional Layer 2 VPNs networks as well as several Metro Ethernet applications.
Ethernet VPN Services: Business Metro Services
Business Metro services provide VPN connections to enterprise customers using various technologies and network infrastructure. They support hub-and-spoke or ring access topologies. The service provider core network can be MPLS or Layer 2 VLAN. A service provider can offer the following services:
• Point-to-point Ethernet connections using Ethernet over MPLS (EoMPLS) or just Layer 2 VLAN infrastructure, with two types of User-Network Interface (UNI) access: 802.1Q-in-802.1Q (QinQ) and dot1Q encapsulation. These services are also known as Ethernet Relay Service (ERS) and Ethernet Wire Service (EWS). The MEF refers to them as Ethernet Point-to-Point Line (ELINE) services
• Multipoint-to-multipoint services (ELAN services) using MPLS virtual private LAN services (VPLS) or just Layer 2 VLAN core
Figure 2 depicts the feature areas that Cisco ISC Layer 2 VPN Management can help configure and support as defined in the following list:
1. Supports point-to-point and multipoint services (EWS, ERS, VPLS)
2. Creates Virtual Forwarding Instance (VFI) or cross-connect instances and activates pseudowires
3. Manages VLAN per Ethernet domain and virtual circuit ID allocation for pseudowire and VFI instances on network provider edge devices (N-PEs)
4. Activates UNI with QoS and, optionally, security
5. Configures VLAN trunking between UNI and N-PE
6. Supports customer UNI QoS deployment
Figure 2. Metro Ethernet Business E-LAN and E-LINE Services
Ethernet Aggregation Applications
In Ethernet Aggregation applications, the U-PE is generally a DSLAM that needs to be connected to an N-PE and Broadband Remote Access Server. Figure 3 depicts a sample network and topology supported by Cisco ISC and points out the feature areas that Cisco ISC Layer 2 VPN Management can help configure and support as defined in the following list:
1. Interconnection of the U-PE/DSLAM with the aggregation node and the Broadband Remote Access Server, using dot1.q VLAN interconnects or dot1.q VLAN termination to Layer 3 VRF
2. Interconnection to Broadband Remote Access Server through pseudowires
3. Accurate reporting on the infrastructure used in this application
Figure 3. Ethernet Aggregation in Broadband Triple-Play Networks
Ethernet Broadband Triple Play
Several service providers are deploying Ethernet to the home to provide consumers with triple-play services (voice, video, and data). Figure 4 depicts a sample network and topology supported by Cisco ISC and points out the feature areas that Cisco ISC Layer 2 VPN Management can help configure and support as defined in the following list:
1. Accurate deployment of service VLANs, termination of service VLANs
2. Interconnection to Broadband Remote Access Server through pseudowires or Layer 3 MPLS VPN
3. Activation of customer UNIs
4. Activation of QoS for the purchased rate
5. Accurate reporting on the infrastructure used in this application
Figure 4. Ethernet Broadband Triple-Play Network to the Home
Traditional Layer 2 Networks
The Cisco ISC Layer 2 VPN Management application helps enable any existing or emerging Layer 2 transport technology to interwork through a common, converged MPLS or IP architectural framework. The benefits to the carrier can be substantial in the long run-for example, reducing operating expenses (OpEx) by decreasing the number of networks to manage and types of platforms deployed. The Cisco ISC Layer 2 VPN Management application helps service providers converge multiple services on a single network infrastructure and carry traditional Layer 2 data traffic over a packet-based network. It addresses the needs of carriers with a deployed MPLS footprint and those using pure IP in their network backbones. AToM and L2TPv3 are enabling technologies to address both types of customers. The Cisco ISC Layer 2 VPN Management application supports the provisioning, planning, and troubleshooting of ATM and Frame Relay services over an MPLS core (AToM) or a pure IP core (L2TPv3).
Table 1 lists the features and benefits of the Cisco ISC Layer 2 VPN Management application.
Table 1. Features and Benefits
Features
Description
Benefits
Tracking of Layer 2 resources
Cisco ISC Layer 2 VPN Management allows service operators to:
• Manage regions, service provider administrative domains, customer sites, and access domains
• Automatically allocate resources such as VLAN IDs and pseudowire
• virtual-circuit IDs
• Map a VLAN to a pseudowire virtual circuit
• Track management services and reserved VLANs per Ethernet access domain
Cisco ISC Layer 2 VPN Management keeps track of all the resources allocated and knows to which service, customer, or site these resources were allocated. This greatly reduces the time it takes the service operator to track these resources and relieves the operator from manually entering certain parameters during service activation.
Rapid profile-based provisioning for AToM Layer 2 VPN services:
• Point-to-point Ethernet Wire Service (EWS)
• Point-to-point Ethernet Relay Service (ERS)
• Frame Relay over MPLS
• ATM over MPLS
IP services:
• Frame Relay over L2TPv3
• ATM over L2TPv3
Virtual private LAN services (VPLS):
• Ethernet Multipoint Service (EMS) for MPLS- and Ethernet-based provider core
Cisco ISC Layer 2 VPN Management allows service operators to define Layer 2 VPN provisioning parameters in a service policy and uploads the network-element configuration to calculate the change in configuration needed for successful service activation. It supports the configuration and management of:
• Layer 2 VPN services and VPLS
• Full-mesh VPLS support for Cisco 7600 Series platforms (802.1Q-in-802.1Q [QinQ] and dot1Q encapsulation)
• Full-mesh, hub-and-spoke, and partial-mesh VPN topologies
• VLAN translation (1:1 and 2:1)
• Metro Ethernet QoS including hierarchical QoS
• User-Network Interface (UNI) port security profiling (secure MAC addresses, protocol unicast and broadcast thresholding, and protection shutdown)
• Managed and unmanaged customer-edge scenarios
• Autodiscovery and out-of-band change synchronization
Automation of these processes helps reduce provisioning fallouts due to error-prone manual procedures.
The use of service policies for service activation speeds the provisioning cycle and reduces time to market. It greatly reduces the service operator's tasks because the only parameters required for service activation have already been captured in the service policy.
By uploading the configuration prior to applying it, Cisco ISC Layer 2 VPN Management helps ensure that the service-activation configuration is successfully applied and does not collide with the existing configuration, reducing outages caused by incorrect provisioning.
Autodiscovery of Layer 2 VPN and Metro Ethernet services
Cisco ISC Layer 2 VPN Management can discover Layer 2 VPN and Metro Ethernet services that were configured prior to Cisco IP Solution Center's activation on the service provider's network.
Helps operators to quickly set up Cisco ISC Layer 2 VPN Management in networks with manually configured Layer 2 VPN and/or Metro Ethernet services, and efficiently takes over management of these services.
Recognition of incorrect service configuration
Cisco ISC Layer 2 VPN Management provides postprovisioning validation of the service design to determine if the Layer 2 VPN is active and functional.
• Configuration audits
• Functional audit of L2TPv3 sessions
• On-demand audits for configuration troubleshooting
Cisco ISC Layer 2 VPN Management reduces the time it takes to troubleshoot network outages due to incorrect service configuration by verifying that the commands for a service are present on the network elements and the links involved or VPN are working correctly.
Investment protection from Cisco IOS® Software and line-card changes
• Cisco 7600 Series Router with the Supervisor Engine 720 and 720-3BXL
• Cisco Catalyst® 3550 Series switches
• Cisco Catalyst 3750 Metro Series switches
• Cisco Catalyst 2950 Series switches
• Cisco Catalyst 6500 Series switches
• Cisco 12000, 7500, and 7200 series routers (L2TPv3)
Cisco IOS Software and Cisco Catalyst Operating Systems supported include:
• Cisco IOS Software Release 12.1E and 12.2S branches for AToM and VPLS
• Cisco IOS Software Release 12.2(27) SBB and 12.0(31) S for IP Services (L2TPv3)
The Cisco ISC Layer 2 VPN Management solution reduces time to market of new services and the cost of upgrading the customer OSS due to upgrades in platforms, Cisco IOS Software or Cisco Catalyst OS versions, and line cards by providing extensive support of the latest hardware and software.
Carrier-grade infrastructure for large deployments
Cisco ISC L2VPN Management makes use of the following Cisco ISC set of system features in order to provide a carrier-grade VPN management system:
• Four-tiered distributed architecture
• Thin Web-based GUI client
• Role-based access control (RBAC)
• Extensible Markup Language (XML)-over-HTTP northbound interface
• Data backup and restore
Cisco ISC offers a scalable and reliable architecture for large-scale operations by providing a four-tiered system consisting of client, interface, control, and distribution tiers. RBAC provides access control to service providers that want to implement strict operational processes. The backup and restore capabilities of Cisco ISC protect your data against OS crashes, file corruption, disk failures, and total machine failure.
Product Specifications
Product specifications for each element-management application are found in data sheets of the respective applications at Cisco.com, and more details are available in the installation guide at: http://www.cisco.com/go/isc.
System Requirements
The server, client, and Web browser system requirements can be found in the installation guide at http://www.cisco.com/go/isc under Cisco IP Solution Center Technical Documentation. Refer to this and the product documentation guide for more detailed information about setting up and configuring this product.
Ordering Information
The Cisco ISC Layer 2 VPN Management application is available for purchase through regular Cisco sales and distribution channels worldwide. To place an order, visit the Cisco Ordering Home Page.
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, refer to Cisco Technical Support Services or Cisco Advanced Services.
