This product bulletin describes new features introduced in Cisco IOS® Software Release 12.2(15)BX for the Cisco® 10000 Series Router. Cisco IOS Software Release 12.2(15)BX will run only on PRE-2. There will be no support for PRE or PRE-1 forwarding engines.
L2TP multihop enables the Cisco 10000 Series to terminate sessions arriving in L2TP tunnels from a Layer 2 Tunneling Protocol access concentrator (LAC) and to forward the sessions through new L2TP tunnels to the router's peer L2TP network server (LNS). The packets arrive at the router with L2TP encapsulation and the router forwards the packets with a different L2TP encapsulation. The Cisco 10000 Series maps the sessions to the new tunnels based on the session's domain or the tunnel in which it arrived.
In a virtual private dialup network (VPDN) environment, sessions generated from a remote host are routed over an existing tunnel or a tunnel built to route to a specific domain. Typically, sessions cannot traverse more than one L2TP tunnel before reaching the ISP or corporate network. However, using the Multihop VPDN feature, the Cisco 10000 can terminate sessions arriving in L2TP tunnels from a LAC, and then route the remote traffic through new L2TP tunnels to an LNS or corporate network.
The Cisco 10000 Series supports dynamic bandwidth selection (DBS) for ATM virtual circuits. Using this feature, wholesale service providers can sell different levels of service to retail service providers based on the bandwidth of the ATM virtual circuit connection. The retail service provider can then offer subscribers the ability to choose services with varying levels of bandwidth allocation. DBS dynamically changes ATM traffic shaping parameters based on a subscriber's RADIUS profile.
The tunnel accounting feature enhances authentication, authorization, and accounting (AAA) by adding the ability to include tunnel-related statistics in the RADIUS information. Using the tunnel accounting feature, one can track the services that users are accessing and the amount of network resources that they are consuming.
Tunnel authentication enables the Cisco 10000 Series to verify users before they are allowed to access the network. If a large number of VPDN groups are configured, the Cisco 10000 Series supports the capability to do tunnel authentication using a RADIUS server to avoid having to maintain configuration across multiple LNS devices.
Auto-virtual circuit provisioning enables end-customers to self provision their virtual circuits, such that virtual circuits are automatically set up (and taken down) with no provider preprovisioning. In addition, memory is only allocated when a virtual circuit is active.
The VLAN range command allows the user to configure a group of VLAN subinterfaces at one time (instead of configuring each separately). The commands the user enters for a group of VLAN subinterfaces are therefore applied to each subinterface within the group and are applied to all existing VLANs.
Using this managed LNS feature, the Cisco 10000 Series terminates L2TP sessions from the LAC and places each session into the appropriate VPN Routing and Forwarding (VRF) instance based on the L2TP tunnel in which the session arrived.
This feature enables RBE sessions to be uniquely placed into VRFs. For example, a wholesale provider may use VPNs instead of tunnels to separate the subscribers of different retail providers. With this feature, the subscribers on the access side are each uniquely placed in VRFs.
Acting as the Dynamic Host Configuration Protocol (DHCP) relay agent, the Cisco 10000 Series can include VPN ID information in the agent remote ID suboption when forwarding client-oriented DHCP packets to a DHCP server that has knowledge of existing VPNs. The DHCP server can use the VPN ID information to determine from which VPN to allocate an address.
The Cisco 10000 Series supports the DHCP relay agent information option (Option 82) feature when ATM routed bridge encapsulation (RBE) is used to configure DSL access. This feature communicates information to the DHCP server using a suboption of the DHCP relay agent information called agent remote ID. The information sent in the agent remote ID includes an IP address identifying the relay agent, and information about the ATM interface and PVC over which the DHCP request came in. The DHCP server can use this information to make IP address assignments and security policy decisions.
The MPLS VPN ID is a 14-digit hexadecimal number that uniquely identifies a VPN and its associated VRF across all virtual hyperglossaries (VHGs) and Provider Edge (PE) routers in the network. In a router with multiple VPNs configured, one can use the VPN ID to identify a particular VPN.
The on-demand address pool (ODAP) manager feature is a mechanism for assigning and managing IP addresses. On-demand address pools use a central server to manage a block of addresses for each customer. The central server can be a DHCP or a RADIUS server.
RBE to Multiprotocol Label Switching Virtual Private Network (MPLS VPN) is an architecture in which the wholesale provider uses VPNs to separate the subscribers of different retail providers. On the access side, the subscribers are uniquely placed in VRFs. A tag interface separates traffic for the different retail providers on the network side. Beginning in Cisco IOS Software Release 12.2(15)BX, the Cisco 10000 Series supports RBE to MPLS VPN.
This class of service (CoS) based packet matching and marking feature enables the Cisco 10000 Series to interoperate with switches and deliver end-to-end quality of service (QoS). The IEEE 802.1P standard allows QoS to classify inbound Ethernet packets based on the value in the CoS field and to explicitly set the value in the CoS field of the outbound packet.
This feature is a traffic regulation mechanism that allows the user to control the maximum rate of traffic sent or received on an interface for a session. It is configured on interfaces at the edge of a network to limit traffic into or out of the network. This feature uses a modular CLI to provide input and output policing rates for each session.
The L2TP tunnel switching feature enables the Cisco 10000 Series to group incoming L2TP tunnels and forward them in new L2TP tunnels to the LNS. L2TP tunnel switching is similar to L2TP multihop, but it does not terminate the incoming L2TP tunnels.
Multilink Frame Relay (MLFR) enables service providers to bond multiple Frame Relay DLCIs into a single logical link. It is used by service providers to provide service option granularity between low speed (T1/E1) services and higher speed T3/E3 services through offering the option to increase bandwidth in smaller, more cost-effective increments. In addition to providing incremental bandwidth, bonding multiple DLCIs can add a level of fault tolerance to a customer's dedicated access service, as bonding can be implemented across multiple cards, protecting against the failure of any single card.
Table 1 Cisco IOS Software Release 12.2(15)BX Feature Sets, Images, and Memory Recommendations
[Note: PRE2s ship with 1GByte of SDRAM, 64MByte of Bootflash, and a 64MByte PCMCIA Flash disk
(with an option to upgrade to 128MByte)].