Guest

Cisco IOS Software Releases 12.0 Mainline

Cisco IOS Software Release 12.0DC - No. 907

Product Bulletin No. 907

Cisco IOS Software Release 12.0DC

Introduction

This product bulletin describes the process used to deliver Cisco IOS™ Software for the Cisco 6400 Universal Access Concentrator (UAC) for Node Route Processor (NRP). It also describes features being delivered with 12.0(3)DC. This document will be updated in the future to include descriptions of features being delivered in future maintenance releases.

This bulletin should be used in conjunction with Product Bulletin #537, Cisco IOS Software Release Process. For details about features delivered with 12.0DC, please see the Features section below.

Summary

Cisco IOS software release 12.0DC is an Early Deployment (ED) release, which delivers support for the Cisco 6400 Universal Access Concentrator (UAC) for Node Route Processor (NRP). 12.0DC is being offered for early delivery of crucial IOS features (please see below for list of features)

The process to deliver 12.0DC is based on the Cisco IOS ED release process. Unique distinctions for 12.0DC are:

  • 12.0DC is based on the 12.0 Major Release, and is directly parented from 12.0DB which is in turn parented off 12.0T.

  • 12.0DC starts with the 12.0(3)DC release. The only maintenance releases that will be made available are 12.0(3)DC, 12.0(5)DC, and 12.0(6)DC. 12.0(4)DC will be skipped.

  • There will be no weekly interim releases. 12.0DC maintenance releases will be released on an eight week schedule. Please see Figure 1 for CCO FCS dates for each of the 12.0DC maintenance releases.


Table 1
CCO FCS Date Release Number

05/24/99

12.0(3)DC

07/26/99

12.0(5)DC

09/27/99

12.0(6)DC

Release Process

Release 12.0DC is based on the 12.0 Major Release, and is parented directly from 12.0DB which is in turn parented off 12.0T. As maintenance is performed on release 12.0, 12.0T and 12.0DB, it is synced to 12.0DC. Each maintenance release of 12.0DC contains all defect corrections on 12.0, 12.0T and 12.0DB in addition to maintenance or new functionality unique to 12.0DC.

As described in Product Bulletin #537, the numbering scheme explicitly describes the level of maintenance on 12.0, 12.0T, 12.0DB and 12.0DC. For example, 12.0(3)DC includes all maintenance that has been performed on 12.0(3), 12.0(3)T and 12.0(3)DB. 12.0(3)DC will also include additional maintenance or new functionality specific to 12.0DC.

Based on the unique needs of the Cisco 6400, there may be times when 12.0DC specific functionality or maintenance is required, but no additional maintenance is required from the 12.0DB parent releases. In these situations, a new maintenance release of 12.0DC will be created, but it will remain at the current maintenance level of 12.0DB. These maintenance releases are clearly numbered to identify:

  • the maintenance level of 12.0DB to which they are synced

  • revision level of 12.0DC since that last sync to 12.0DB

As an example, if there were to be a 12.0(3)DC1 release, the number "1" is added to the release number to identify that a maintenance release is synced from 12.0DB, and that there are differences between this release and the previous maintenance release, 12.0(3)DC. Readme files are created to clearly identify what was integrated into each maintenance release of 12.0DC.

Life span

The expectation is that Cisco IOS Software 12.0DC maintenance releases will be created until September 1999. After September 1999, customers will be directed to use 12.1DC for bug fixes and new features. Future Product Bulletins will be issued containing further information.

Support

Cisco IOS Software 12.0DC is supported by the Cisco Systems Product Support Policy. Release Notes will exist on CCO for every maintenance release.

Features for 12.0(3)DC

The 12.0(3)DC release adds new functionality such as PPP over Ethernet (PPPoE) and Service Selection Gateway (a feature set sometimes referred to as NRP-SSG). This is the first time web based service selection has been introduced into a branch of IOS. Cisco first introduced Web selection in November 1998 with the second release of the 6510. The 6510 however is not IOS based. While the user experience of selecting services using a web browser is identical for both products, the implementation for the 6400 NRP is slightly different. The 6510 implementation is reviewed below, highlighting the differences for the NRP-SSG.

The 6510 supports two methods for it's north bound traffic,

1. IP passthrough - where ingress IP traffic is forwarded through the SSG to the egress FE port,

2. L2F tunnels - where individual ingress source IP addresses are encapsulated into PPP sessions over L2F tunnels, then forwarded to the egress FE port.

When a service is selected in the 6510, the software initiates a PPP session for each user into an L2F tunnel. Upon successful PPP authentication, the 6510 will encapsulate IP traffic for that user's source IP address into the PPP session. VPN's or multiple domains are supported via L2F tunnels.

NRP-SSG introduces a slightly different model for web based VPN service selection. The 6400 NRP uses ATM PVC's to isolate VPN traffic rather than L2F tunnels. NRP-SSG forwards users IP traffic to selected PVC's rather than selected L2F tunnels. Authentication is also handled differently. The NRP-SSG uses a Radius client to authenticate a user rather than PPP authentication.

There have been two industry standard methods for Network Service Providers to wholesale PPP VPN's. One is tunneling, where PPP sessions are forwarded, and the other is Radius Proxy where PPP sessions are terminated. The 6510 employs L2F tunneling while the 12.0(3)DC employs Radius Proxy, sometimes referred to as PPP Termination Aggregation (PTA)

A future release of NRP-SSG will add the tunneling method.

PPP over Ethernet (PPPoE)

PPP over Ethernet (PPPoE) provides the ability to connect a network of hosts over a simple bridging access device to the 6400 Universal Access Concentrator. With this model, each host utilizes it's own PPP stack and the user is presented with a familiar user interface. To provide a point-to-point connection over Ethernet, each PPP session residing on a host must learn the Ethernet address of the remote peer such as the 6400, as well as establish a unique session identifier. PPPoE includes a discovery protocol that provides this.

More information about PPPoE can be found under Informational RFC 2516: ftp://ftp.isi.edu/in-notes/rfc2516.txt. There are currently two clients that support PPPoE, one from Routerware http://www.routerware.com/win_prod.htm, and another from NTS: http://www.nts.com/products/enternet_overvw.html. Both of these products have been tested successfully with 12.0(3)DC.

PTA-Multi-Domain (PTA-MD)

PTA is PPP Termination and Aggregation. While concept of PPP termination is well known, the Aggregation part of the acronym indicates that after the PPP sessions are terminated, the traffic is aggregated. For an ISP, the aggregated traffic either remains in the ISP's network or routes to the Internet. For a wholesale provider, the aggregated IP traffic will be forwarded to different destinations or domains depending on the service selected; thus the term PTA-Multi-Domain. ISP's or Enterprise customers typically would not use the PTA-Multi-Domain.

PTA-MD supports Overlapping IP Addresses

NRP-SSG supports overlapping IP addresses when using PTA-Multi-Domain. This feature allows a wholesale provider to offer a PTA-MD service to several enterprise customers that may use private IP address space. It allows the wholesale provider to connect multiple enterprise customers to the same NRP within a 6400, thus simplifying the provisioning and fully utilizing the NRP. IP addresses must remain unique within a service or domain, but now the NRP-SSG can support multiple domains with overlapping IP address space.

Local Profiles

"Local profiles" allows NRP-SSG service profiles to be stored locally in the NRP's configuration memory rather than on an external Radius server. The profiles stored locally are identical to the ones stored in a Radius server. Some customers, such as ILEC's, prefer not to use an external Radius server. These customers will appreciate the local profile feature. Other customers, such as Tier 1 ISP's, prefer storing the profiles in an external Radius server. The NRP-SSG offers the option of storing service profiles locally or externally in a Radius server. Note that when using Web selection, an external Radius server is required.

Web Selection

Web selection offers the ability for a user to select destination services using a standard Netscape or Microsoft web browser. For this configuration, the NRP-SSG software must also be supported by a standard Radius Server (or CiscoSecure AAA server) as well as the Cisco Service Selection Dashboard (SSD) server. An SSD CD will ship with the 6400 chassis beginning in June 1999, or SSD can be downloaded from CCO. (Note: A customer is only licensed to use NRP with SSD when they have purchased the proper license. See the section titled "12.0DC Software Images and Product Numbers" below.)

Using a standard web browser, the Service Selection Dashboard server offers customers a menu of selectable services. Customers can easily select services by pushing buttons on their web browser. These services are dynamically turned on and off through web selection. Each service that is selected is accounted for by the SSG, allowing Service Providers to bill for individual services on a usage basis.

With the Service Selection Dashboard menu, a single user can go to multiple destinations simultaneously, such as their company, the Internet or extranet. The SSG will forward the packets to the appropriate destination.

Further feature detail can be found at:

Supported Hardware Platforms

Cisco IOS Software release 12.0DC supports the following platform:

  • Cisco 6400

12.0DC Product Summary

For additional information on Cisco IOS Release 12.0DC software, refer to:

Memory Size

The Cisco 6400 UAC for NRP requires a minimum of 16MB flash and 64MB DRAM.

12.0DC Software Images and Product Numbers

There are three versions of 12.0(3)DC software that may be purchased for each actively running NRP. (Note that NRP's used for fault tolerant hot standby, do not require a separate software license.) The base version of the NRP software license offers customers the 12.0(3)DC IOS feature set, plus includes PPPoE. The base image license is appropriate for ISP's and Enterprise customers that are not offering PTA-MD wholesaling service, and are not using web selection. The next version adds the PPP Termination Aggregation-Multi-Domain (PTA-MD) to the base version. This version is appropriate for service providers offering a wholesale service using PTA-MD. The third version adds Web Selection to the PTA-MD version and licenses the Service Selection Dashboard server. The three part numbers, the corresponding spares, and upgrade licenses are listed below.:

Product Number Description

S64J3-12.0.3DC

Cisco 6400 Series IOS for NRP1

S64J5-12.0.3DC

Cisco 6400 Series IOS for NRP-MD1

S64J6-12.0.3DC

Cisco 6400 Series IOS for NRP-MD w/ Web Selection1

S64J3-12.0.3DC=

Cisco 6400 Series IOS for NRP (spare)

S64J5-12.0.3DC=

Cisco 6400 Series IOS for NRP-MD (spare)

S64J6-12.0.3DC=

Cisco 6400 Series IOS for NRP-MD w/ Web Selection(spare)

FL64-J3-J5=

Upgrade from NRP to NRP-MD

FL64-J5-J6=

Upgrade from NRP-MD to NRP-MD w/ Web Selection

FL64-J3-J6=

Upgrade from NRP to NRP-MD w/ Web Selection

11 per NRP unless NRP is redundant. No charge for 2nd redundant NRP


MD - Multi-Domain
NRP - Node Route Processor