The Cisco® Service Control Application for Broadband adds application- and subscriber-level intelligence to broadband networks, helping service providers optimize Internet traffic, improve network security, and create new broadband services. The solution runs on the Cisco SCE 1000, SCE 2000, and SCE 8000 Series Service Control Engines, yielding superior performance and reliability suitable for deployment in carrier networks. Accompanied by a powerful set of management tools and application programming interfaces (APIs), the Cisco Service Control Application for Broadband helps enable transparent integration into the operations support system (OSS) and ease of integration of the largest service control deployments.
Cisco Service Control technology comprises transport-independent, purpose-built hardware running extensible service applications designed to augment broadband IP networks with advanced capabilities. The technology allows service providers to take control over their network by facilitating an operator's ability to analyze, control, individually manage, and meter any number of IP services running on the IP network.
By deploying a Cisco Service Control Engine and the Cisco Service Control Application for Broadband, operators can:
• Perform detailed application- and subscriber-aware network profiling to improve network visibility.
• Optimize traffic of bandwidth-hungry peer-to-peer (P2P) applications, thereby reducing network congestion and improving network performance.
• Identify and mitigate malicious attack traffic to protect the operator from outbound attacks and their subsequent cost.
• Track and control individual subscribers' sessions based on application parameters to develop new service plans, capture additional markets, and increase customer loyalty.
• Develop advanced subscriber- and portal-controlled services through integration with back-office systems and policy servers: the Cisco Service Control solution integrates with a variety of policy server products, and its robust set of APIs also enables customer-specific integration.
• Integrate the Cisco Service Control Engine with third-party platforms to develop advanced "high-touch" services such as network-hosted content-filtering or security enhancements: the Cisco Service Control solution allows for subscriber-level virtualization that scales to enable deployment at the performance level required in a broadband network.
The Cisco Service Control Application for Broadband enhances transport networks with programmable application detection and subscriber awareness. The solution provides bidirectional, state-based monitoring of protocols that allows for the detection and control of virtually any network application, including web browsing, multimedia streaming, and P2P applications. Service providers can immediately reduce network congestion by optimizing application-level traffic, thereby taking advantage of existing infrastructure and eliminating costly network upgrades. Application awareness provides a foundation for deploying new tiers of service based on the application, the content, or a premium offering such as interactive gaming. The Cisco Service Control Application for Broadband runs on the Cisco Service Control Engine, a network element residing behind an aggregation device such as the Cisco 10000 Series Router (refer to Figure 1). The Cisco Service Control solution can monitor traffic flows at multigigabit speeds, and it offers providers a roadmap to profitability by enhancing the transport network with the underlying intelligence to manage, control, and charge for a multitude of value-added IP service offerings.
Using the patented multilayered hardware and software programmable architecture of the Cisco Service Control Engine, the Cisco Service Control Application can support new capabilities with software flexibility at hardware speeds. This advantage is highly notable in supporting new network protocols. The advanced signature-based classification system helps enable a quick turnaround for monitoring and measuring traffic of new protocols. This support is also available for encrypted network protocols such as Skype. Application layer information, however, would not be reported for encrypted protocols.
Typically installed at the broadband network edge, the Cisco Service Control Engine interoperates with subscriber authentication and management components as well as billing, data-collection, and policy-provisioning systems to transparently deliver dynamic, customized, and application-differentiated broadband services to subscribers.
The comprehensive collection, configuration, and management tools available as part of the product and the robust set of APIs available for solution integration help customers efficiently and economically design and deploy service control solutions, whether they are for a small network with minimum integration requirements or a large-scale network encompassing hundreds of SCE devices and requiring integration into policy, billing, and management systems.
The Cisco Service Control Application for Broadband runs on Cisco Service Control Engines and is accompanied by a set of auxiliary components that help enable a transparent integration of the technology into a provider's OSS. Solution components include:
• Cisco Service Control Application Console: This simple-to-use, GUI-based front end helps enable the network operator to quickly configure new traffic policies, develop and distribute new signatures, and view reports and device status. It provides a comprehensive set of management tools necessary to efficiently and reliably manage and operate a service control deployment of any size. Whether a solution includes a handful of devices or encompasses a large deployment with hundreds of devices, the console applications provide an efficient and easy-to-use configuration framework.
• Cisco Collection Manager: The collection manager performs real-time collection of usage data exported by the service control engines. It aggregates usage data collected from the SCE devices and stores them in a Structured Query Language (SQL) database or text files for further processing. The ability of this collection manager to work with any SQL database facilitates a variety of design options, including centralized or distributed collection and several redundancy options. When stored in the database, the Cisco reporting tool (prepackaged with more than 100 report templates) can be used to easily generate a wide range of reports about network activities and application usage. Operators can choose to use the Cisco Collection Manager for a simple and efficient solution or integrate the SCE with existing usage management, mediation, and billing solutions.
• Cisco Subscriber Manager: The Cisco Subscriber Manager dispatches subscriber-level traffic-control policies and IP address association to SCE devices. It allows operators to account for and control traffic on an individual subscriber basis in environments where IP addresses change dynamically. The Cisco Subscriber Manager is an integration point for authentication, authorization, and accounting (AAA); Dynamic Host Configuration Protocol (DHCP); and policy control systems. The Cisco Subscriber Manager software provides a simple way to rapidly develop complex, highly scalable service control solutions while simplifying integration with OSS and policy control products.
Figure 1. Cisco Service Control Engine with Cisco Service Control Application for Broadband
The Cisco Service Control Engine is a transparent network element allowing for easy insertion in any network environment. Thus service providers of any access type (cable, DSL, fiber, mobile, fixed-wireless, and so on) can deploy the Cisco solution in the edge of their IP network and glean immediate cost-management and revenue-generation benefits. The access-independent nature of the solution makes it a particularly good choice for service providers supporting multiple access technologies in a single network and service offering, because the technology relieves them from the need to address access-specific concerns or products.
The superior performance, scale, and reliability of the solution help enable cost-effective deployments in numerous configurations. The product supports low-cost deployments with limited redundancy (but assurance of no service downtime, even that caused by device failure), redundant 1 + 1 configurations, and cluster configurations, allowing for increased economy of scale. Installable in either inline or receive-only mode, all SCE models support an integrated bypass module for increased availability (Figure 2).
Figure 2. Cisco Service Control Engine: Network Topologies
Deployed in a cable multiple-system-operator (MSO) environment, the Cisco Service Control solution provides a rich set of traffic-management and service-creation opportunities meant to address network congestion and performance as well as allow for the development of innovative new service offerings. Thus the cable operator has better control over network operating expenses (OpEx) and capital expenditures (CapEx) and increased customer average revenue per user (ARPU) and loyalty.
The SCE can be deployed directly upstream of each cable-modem-termination-system (CMTS) platform, in either redundant or standalone mode. Alternatively, multiple SCEs can be clustered to allow for a more compact design. The SCEs support high-availability configurations and a bypass module that can help ensure network availability even in case of hardware or software failure of the SCE itself.
PacketCable Multimedia Support
PacketCable™ Multimedia (PCMM) is the emerging standard for service delivery in high-speed cable networks, and with the Cisco Service Control Application for Broadband, MSOs can deliver PCMM quality of service (QoS)-sensitive services with increased efficiency and velocity. In a PCMM architecture, the SCE acts as an intercept application manager, transparently identifying application sessions of interest and communicating QoS requirements to the policy server. This capability allows the operator to integrate services into a PCMM architecture without relying on the ability of the application server to interface with the policy server, enabling the use of PCMM services for distributed P2P applications such as gaming or file sharing. Moreover, by simplifying delivery of premium content and services offered by off-net partners or over-the-top applications into the PCMM architecture, providers can reduce integration, security, auditing, and management costs, thereby increasing the velocity of service rollouts and reducing OpEx for ongoing service management.
Broadband DSL and Fiber Networks
Deployed in either a retail or wholesale broadband environment, the SCE can help broadband operators reduce operational costs and expand their service portfolio. The Cisco Service Control solution provides a rich set of traffic-management and service-creation capabilities meant to address network congestion and performance as well as allow for the development of innovative new service offerings, giving the operator better control over network OpEx and CapEx.
The SCE can be deployed upstream of the provider's broadband remote access server (B-RAS), in either redundant or standalone mode. Alternatively multiple SCEs can be clustered to allow for a more compact design. The SCEs support high-availability configurations and a bypass module that can help ensure network availability even in case of hardware or software failure of the SCE itself.
DSL Forum TR-058/059 and Policy Server Integration
Similar to the PCMM implementation targeted to the cable market, DSL Forum specifications and architectures enable the delivery of multimedia rich content over an IP-centric DSL network. The Cisco Service Control Application for Broadband integrates into these architectures and complements the overall Cisco product portfolio for the DSL market by providing application layer classification, accounting, and control functions. This solution helps DSL service providers efficiently create tiered application services and roll out premium service offerings.
An important capability of the Cisco Service Control solution is its ability to operate in Multiprotocol Label Switching (MPLS)-VPN environments, where there is the possibility of overlapped IP address space usage in each MPLS-VPN. In this environment, it is critical for the SCE to be able to distinguish between traffic on different MPLS-VPN tunnels and to virtualize deep packet inspection for each. By interfacing with the MPLS-VPN provider edge Border Gateway Protocol (BGP) information, the SCE can learn MPLS-VPN tunnel information and help ensure adequate inspection and traffic control.
This capability is used by service providers interested in enriching their managed-services capability for corporate or enterprise traffic as well as broadband operators rolling out managed VPN services for branch offices and telecommuters (Figure 3).
Figure 3. Service Control in an MPLS-VPN Network
Key Features and Benefits
Cisco Service Control solutions overlay intelligence and application-level control on existing IP transport networks, helping service providers analyze, optimize, secure, account for, and control application- and content-based services.
Improving and developing new business models require that broadband service providers accurately understand their subscribers' usage patterns. The Cisco Service Control Application for Broadband is designed to dramatically improve usage analysis by providing high-performance application and subscriber-aware traffic classification, giving operators superior visibility into network activity. By tracking all IP traffic flows and performing stateful deep packet inspection, the solution collects statistics on the applications and services used by individual subscribers. The platform is configurable, allowing providers to granularly collect data and focus on important information. This setup alleviates the common problems associated with privacy concerns or sorting through masses of data to glean information.
The Cisco Service Control Engine transparently integrates into any existing network architecture and offers scalability that helps ensure that operators gain visibility into usage activity even in the most complex of network environments without negatively affecting reliability or performance. More granular analysis, reporting, and control of network capacity planning and subscriber demographics help operators uncover hidden revenue potential while operating broadband networks.
Broadband Experience Monitoring
Going beyond byte and packet counts, the Cisco Service Control Application for Broadband provides features to enable a service provider to measure the quality of its end users' broadband experience. Particularly, the solution provides a rich set of service-quality reports for voice-over-IP (VoIP) communication. By tapping into the control information exchanged by a VoIP conversation endpoint, the SCE collects and reports the quality of each VoIP conversation and can generate reports indicating the average quality of voice calls realized in a particular timeframe and for a particular service. The system also provides operators more granular reports that allow them to understand not only the quality of voice calls realized by the subscriber base, but also the cause of poor quality.
The Cisco Service Control Application for Broadband provides this information not only on the service provider's own broadband voice offering but also on supported third-party "nonfacility" services.
Using the detailed reports available with the solution, the service provider can determine:
• How good is the quality of experience realized from these services?
• Is the quality consistent, or do subscribers get a poor experience during certain hours of the day?
• How does the quality compare to that of comparable off-net voice services?
• What can be done to improve the quality of both the managed and off-net voice services?
The broadband-experience-monitoring capabilities of the solution provide critical business support information for both marketing and engineering to facilitate design and management of a managed voice service offering.
As the IP traffic over broadband networks increases in complexity because of high-volume applications such as music, video downloading, and gaming, service providers need the ability to consistently and cost-effectively deliver quality of experience (QoE) for all subscribers. Cisco Service Control technology can classify application-level traffic and subscribers while prioritizing and segmenting network resources. The solution uses stateful deep packet inspection, giving operators the ability to help optimize traffic on their networks, thereby increasing efficient use of network resources, reducing costs, and maximizing capital investments.
Using state-of-the-art bandwidth management applied to network traffic on a global, subscriber, or individual flow-level hierarchy, the solution gives operators the ability to dictate how network resources are distributed. The results include:
• Improved overall subscriber broadband experience by enhancing network performance.
• Reduced transit charges and costly network upgrades: the Cisco Service Control Application for Broadband puts the operator in complete control of the distribution of network resources, helping ensure that operational costs are kept to a minimum and user satisfaction is maximized.
The Cisco Service Control Application for Broadband is designed to help service providers quickly identify and mitigate malicious activities in their network, thereby reducing network management and customer support costs.
Using a variety of techniques, the Cisco Service Control Application for Broadband can identify malicious activity and isolate it from the rest of the broadband traffic. By doing so, the solution can protect the network from "outbound attacks" (those emanating from subscribers' machines infected by a Trojan or zombie application). The benefits for the service provider include:
• Rapid identification of a worm or virus epidemic enables the operations team to quickly react and contain its effect on the network and subscribers.
• Automatic notification to infected subscribers through a captive HTTP page helps subscribers prevent infection or disinfect compromised hosts, not only helping the community to shorten the lifecycle of a worm, but also reducing the load on the service provider's customer support center, thereby saving money and resources.
• A security risk handled properly by service providers provides a valuable opportunity to educate subscribers about security risks and possible protective methods and can provide a good opportunity to upsell subscribers a security package to their broadband service.
Application-Based Tiers of Service
The Cisco Service Control Application for Broadband is designed to help operators expand their portfolio of services. Differentiating service levels with compelling new content can promote the migration of dialup users to broadband access, creating a critical mass of users for premium value-added service deployment. The Cisco Service Control Application for Broadband helps operators account for usage on an individual subscriber level, while enforcing different policies on a variety of applications or services. The solution allows operators to create a wide range of subscription-based tiers of service that are customized to the needs of individual subscribers or market segments.
This dynamic, subscriber-centric enforcement model provides for access and bandwidth-on-demand services that can improve overall subscriber satisfaction. Subscribers can select or gain access to chosen content and resources, and providers can create truly customized broadband services and enforce service parameters directly correlated to the needs of individual users. With the Cisco Service Control Application for Broadband, operators can develop services that:
• Migrate dialup users to broadband by crafting introductory broadband packages specifically customized to appeal to dialup users
• Attract online gamers and power users with quality add-ons for bandwidth-intensive applications
• Allow for custom service plans for the small office or home office (SOHO) segment
• Protect content from unauthorized access by subscriber or device type
Table 1 summarizes the primary features provided by Cisco Service Control solutions.
Table 1. Cisco Service Control Solutions Features
Stateful Deep Packet Inspection
• Classifies traffic to application based on Layer 3-7 parameters
• Supports the identification of P2P and port-hopping applications
• Classifies multimedia applications using multiple concurrent flows
• Behavioral classification identifies traffic type by type of application use
• Voice "fast-path" helps ensure minimal latency for VoIP traffic
• The BitTorrent dormant flows repository minimizes the capacity effects of BitTorrent flow-spawning applications
• Multimedia applications: Real Time Streaming Protocol (RTSP), Session Initiation Protocol (SIP), Skype, H323, and Media Gateway Control Protocol (MGCP)
• HTTP, NTTP, Simple Mail Transfer Protocol (SMTP), point of presence 3 (POP3), Internet Mail Access Protocol (IMAP), and so on
• HTTP classification based on URL or user-agent regular expression
• RTSP classification based on URL or user-agent regular expression
• SIP classification based on source or destination domain name
• Multipacket and bidirectional, configurable signatures
• User-definable signatures using a simple GUI
• Point-and-click signature distribution
• Classification and control of traffic flows on an individual subscriber basis
• Management and reporting of subscriber usage of network resources for analysis and billing
• Subscriber quotas for prepaid content charging
• Integration in RADIUS environments using RADIUS relay or RADIUS sniffing
• Integration in DHCP environments using DHCP lease query or DHCP sniffing
• Direct API for subscriber integration with policy servers
• Integration with Cisco Broadband Policy Manager and third-party policy servers
• Ability to set bandwidth limits and guarantees on application and subscriber traffic
• Ability to set bandwidth rules on a subscriber, group, and global basis
• Control for the number of concurrent application sessions
• API for dynamic subscriber provisioning
• API for quota management and charging
• Integration with policy control, billing, and authentication systems
• Simple Network Management Protocol (SNMP) interface for usage statistics
• HTTP classification API: support for content-filtering and parental-control applications
• Value-added service (VAS) integration model: ability to virtualize any network appliance based on subscriber or application
• Identification and mitigation of outbound attacks
• Identification of spam zombie activity in subscriber home networks
• Notification to operator and subscriber browser redirection for technical support
• SNMP alarm on threat detection
• Easy-to-use reports for trend analysis
• Security dashboard for simple configuration of security policies
• Overlapping private IP address space
• BGP neighborhood integration
• Automatic association of RT/RD tags
• Operator-configurable transaction and aggregated subscriber usage reporting
• Stores data in any SQL-compliant database (Oracle, MySQL, or Sybase)
• More than 100 preconfigured reports and supports third-party SQL reporting tools:
• Drill-down reports: click report segment to see further information
• Redundant database and collector
• Central reporting from multiple devices or drill down to individual subscriber
• GUI-driven policy editor
• GUI-driven signature editor
• GUI-driven reporting tool
• GUI-driven subscriber manager
• Network navigator for multidevice management
• Batch distribution of policies and rule base
• Batch distribution of new signatures and protocols
• Logical grouping of devices into sites
• Software update wizard
The Cisco Service Control solution with stateful deep packet inspection up to the application layer permits providers to identify content transported over any protocol, provide detailed analysis and control of complex content-based applications, and prioritize sessions in real time. Cisco Service Control technology is transport- and content-independent, fully extensible, and fully programmable, and it easily integrates into the existing fabric of the network. The results are maximized use of network resources, customized service levels, and optimized subscriber experience. Operators that take advantage of this exclusive high-performance and stateful architecture can profitably deliver an array of services customized to individual subscriber needs.
With a view-only license a customer can use the traffic classification and reporting functions of the system to perform detailed analysis and statistics collection on subscriber and application activity. This license is used by providers to gain insight into network activity for capacity planning, usage demographics, and market intelligence.
Capacity Control License
The capacity control license is applicable when performing global traffic management and using the system to optimize application traffic. When using this license the system is not integrated with the back-end AAA, DHCP, or policy-server infrastructure and is used to apply global or anonymous policies. This license is used by providers for advanced network management applications to improve performance and optimize network resources.
Tier Control License
With a tier control license, customers can use the application suite to deliver individualized policies for each subscriber. The system can be provisioned with a control policy for each subscriber and integrated into authentication and registration OSS systems (RADIUS, DHCP, or policy servers) to dynamically bind IP addresses assigned to subscribers' sessions and their control policy. This license is used by providers to create new broadband services and advanced billing plans.
Table 2 shows ordering information.
Table 2. Ordering Information for Cisco Service Control Application for Broadband
Cisco Service Control Application for Broadband Release 3.0, View Only
Cisco Service Control Application for Broadband Release 3.0, Capacity Control
Cisco Service Control Application for Broadband Release 3.0, Tiered Control
* XXX represents number of subscribers: 10,000, 50,000, 250,000, or 1 million.
Service and Support
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, refer to Cisco Technical Support Services.