Today's service providers are facing significant market-, operations-, and service-related challenges that are impacting every aspect of how they invest in, deploy, and manage their networks. To be successful, service providers require a solution that addresses each of these challenges.
Conservative capex budgets are pushing service providers to invest only in those areas of their infrastructure directly impacting the bottom line. Moreover, several service providers are investing in network management systems/operations support systems/business support systems (NMS/OSS/BSS) to squeeze more value out of their existing networking infrastructures built during the capex race of the mid-to-late 90s. To sustain high-margin revenues, however, service providers are eager to be the first to market with new services, particularly to their business customers. Some of these services include IPsec and MPLS VPNs, managed security services, and VoIP and Video On Demand for Cable MSOs.
The Cisco® IP Solution Center (ISC) MPLS VPN technology solution provides enterprises and service providers with a robust and centralized management platform that minimizes the deployment cost of MPLS VPN services, guarantees accuracy of service deployment, and effectively deploys and manages the entire lifecycle of MPLS VPN technologies including policy-based VPN, management VPN, SLA, QoS provisioning, and MPLS VPN routing audit. Cisco ISC has also been tightly integrated with Cisco CNS technology for zero-touch, plug-and-play MPLS VPN CPE deployment.
When planning the introduction of new services, service providers must ensure there is an alignment with their business objectives and processes. A Services Creation Environment must be in place where the following elements are elaborated:
- New service definition, creation, and testing
- Marketing plan
- Support structure and how this integrates with the overall Service-Order to Service Activation workflow process
- Skill and training to deploy, sell, and support the new service
- Required investment in the network infrastructure for service deployment and provisioning
Business metrics or performance targets for the service are important because they are tightly related to revenue objectives. These include the number of transactions to break even, time-to-provision goals, billing accuracy, and so on. The OSS application for enabling the new service(s) will be paramount in accelerating the time to revenue. The complexity and troubleshooting of extensive networks with large customers can become an inextricable problem. For each customer or each site, the service operator needs to keep track of network element configurations. The amount of information that must be tracked is enormous. There is a clear need to automate these processes from Service-Order to Service Activation.
Service providers have to define, create, test, and deploy every new technology that they think will make them competitive in the marketplace. This requires training the network operator and developing the skill set needed to effectively operate the network and activate services. The key aspects are rapid deployment of services, accuracy of deployed configurations, and traceability of what happened in the network elements.
Cisco ISC MPLS VPN Policy Manager Allows Network Operators to Define the Services That Will be Offered
- PE-CE protocol and the protocol-specific configuration
- IP Address allocation
- Configuration of the CE router in the case of managed CE
- Redistribution of CE routing protocols
- Redistribution of PE routing protocols
- Option of joining the Management VPN
- Configuration of the VRF configuration on the PE (maximum number of routes on the VRF, import and export maps for the VRF routing table)
All the services parameters can be entered into an MPLS VPN service policy and left editable for the service operator who is going to use this service policy. ISC MPLS VPN Policy Manager allows customers to define global, technology-level policies. The software automatically generates the device-level commands and provisions all the devices involved in a service through its powerful internal parallel computation engines. Once the global policies are defined, they can be reused across multiple networks.
During MPLS VPN service activation, the service operator has only to select the PE-CE attachment circuits (also called connection legs) to activate the service. Cisco ISC calculates the configurations needed for all the devices to activate the service using the network topology information, PE-CE connection, and all the intermediate switch connections. By utilizing the live network element configurations and its just-in-time technology, ISC ensures that the generated configurations will successfully turn up the service.
Once the MPLS VPN service is deployed, the service operator needs to ensure that the end customers are getting the service they paid for. This step of testing and auditing is rendered by ISC's industry-tested MPLS VPN auditing technology.
A new technology introduction requires acquisition of a new knowledge, training of the operators, and deployment experience. There is also a tremendous need for automating the deployment of MPLS VPN services. Service providers need automated tools to help them in their migration to new technologies as well as the ability to perform error-free operations in their service operations.
With the introduction of MPLS in service operator networks, technical staff must be trained to meet the challenges of a successful service deployment. The flexible architecture of ISC allows the network and service operator to be trained quickly. Network operators handle more complex tasks, while service operators, assisted by ISC, perform repetitive service-activation tasks. ISC keeps track of the configurations generated based on the service-activation intent.
More and more service providers are offering L2 and L3 services using a common MPLS infrastructure. L2 and L3 services are very different in terms of services and target customers. Both services exploit the same access and MPLS core infrastructure. For example, L2 switching access is tied to a PE and L2 VPN, and MPLS VPN services use the same L2-switching infrastructure to offer services to customers. A VLAN would be allocated for a given service/customer and would be configured on the customer-facing port. The VLAN traffic would be brought up to the PE via all the intermediate L2 switches and terminated on the PE.
For MPLS VPN, an L3 termination would be configured and added to a VPN. For an L2 VPN service, the VLAN would be terminated on the PE and a pseudo-wire would be created for the end-to-end connection. The co-existence of L2 and L3 services on the same infrastructure could be challenging for service operators.
Service providers are facing a mounting challenge dealing with a combination of technologies such as Optical, switching, and routing that co-exist in the same network. Service providers are also faced with customers that have been offered services with legacy technologies that have to be migrated to new technologies.
Access Architectures Can be Diverse and Complex
Managing L2 access domains, keeping track of VLAN IDs allocated for customer services, and mapping then to MPLS VPN services or L2VPN is an increasingly difficult challenge that some service operators are facing.
ISC manages these scenarios with extreme ease. ISC can offer services for L2 aggregation access domain or L2 ring topologies. The L2 access domain can be used for L2 access into MPLS VPN or simply L2VPN services using EoMPLS.
Security issues range from restricting MAC addresses and controlling the VLAN traffic that was allocated for a given customer to detecting an intrusion in the network. Service providers need automated tools to provision and track these security issues in the network.
Network Operations, commonly known as NetOps, is typically either a separate organization or part of the Information Technology department. The type of governance is very important because it does indeed impact how efficient and aligned the Network Operations organization is. Depending on the scale of the network to be managed, NetOps may have one or more NOCs centralized, or distributed in a hierarchical manner. These NOCs in almost all cases operate 24x7. NOCs of global service providers also implement a follow-the-sun concept where some or all NOC functions are "handed over" to other NOCs when time zone shifts occur.
When a service-affecting fault occurs in the network, the NOC operator must respond rapidly. ISC provides the service operator with a summarized report of the deployed service containing all the parameters needed to troubleshoot the problem. ISC also has a functional audit to detect if the requested customer service is actually working.
Configuration management and change management (moves/adds/changes) allows service providers to manage multiple versions of hardware and software elements and make network configuration changes through the Element Managers. The data concerning the current network environment is input and used by the service providers to modify the device configuration and process "adds-and-deletes" requests. This feature also maintains a configuration inventory of all monitored elements. Note that configuration management constitutes a part of the service activation in a provisioning order request.
Using an intelligent configuration engine, ISC supports service activation for various platforms and Cisco IOS versions. This allows service providers to migrate their networks to a newer version of Cisco IOS in a progressive fashion without disrupting customer services.
ISC ensures that accounting and usage data collection is done in a continuous and reliable manner (not that billing will typically reside in the customer care organization). ISC offers the SLA probe configuration as well as VPN-aware SLA collection.
In order for NOC staff to efficiently perform the above tasks, roles and associated tasks are clearly delineated between operators to minimize errors. For instance, some operators are dedicated to trouble ticketing, some to configuration changes, while others focus on problem resolution. The importance of the NMS/OSS application and its usability is crucial.
ISC's Role-based Access Control defines user roles, user-group roles, and users. Users with a certain role, or credential, can only view and work within the credential given by their role. Only the ISC administrator, for example, can create MPLS VPN or L2VPN roles and assign login users to them. A MPLS VPN user can only activate MPLS VPN service, and can access any L2VPN policies and service activation. A user assigned to a given customer can only view and work on the services and policies for that customer.
ISC's Service Policy Manager helps define the service with editable and non-editable parameters. When a service operator uses this policy, the non-editable parameters will not be prompted to the user.
ISC's MPLS VPN Service Auditing function keeps track of all the configuration changes that occur in the network elements and determines whether they are service effecting. ISC's MPLS VPN Service Auditing ensures that the requested customer routing is happening correctly.
- When the NMS/OSS application is rich in features and functions, a hierarchical navigation tree is desirable to remind the user of what navigation level they are at
- Access to a pull-down menu of network devices and services or protocols to be configured for newly deployed services
- Context-sensitive help whenever possible
NOC operators are taskmasters, not subject matter experts, and help with even the basic acronyms is an important feature to have. Operators don't have the time to research what a given term or concept means.
This is important especially for support problem resolution purposes. All the users' activities are logged based on time, date, type of action, and object manipulated. This can be retrieved and queried only by the ISC administrator.
Cisco's IP Solution Center is a carrier-class network and service-management offering for the rapid and cost-effective delivery of IP services. IP-based services targeted to enterprise customers can represent major revenue opportunities for service providers. Success in this highly competitive market requires the ability to effectively plan, provision, operate, and bill for such IP services.
Service providers are required to deliver advanced and reliable telecommunications services in a timely manner to demonstrate leadership in a competitive market. This competitive environment has created new business opportunities and new challenges for communications equipment providers. In addition to manufacturing hardware to support new communications technologies, communications equipment providers are expected to provide associated management products to enable rapid service delivery.
Service providers rely upon communications equipment vendors to provide management systems that enable and simplify the task of operating the network and its services. Service providers also require these management products to be integrated with their existing Business Support Systems and Operations Support Systems infrastructure. As this infrastructure grows in size and complexity, so does the requirement for vendors to provide much more functionality beyond element and network management.
Cisco ISC Provides a Robust and Centralized Management Platform for Managing the Entire Lifecycle of MPLS VPN Services
Deploying and offering MPLS VPN services for enterprise customers requires planning of network resources, deploying, maintaining, and finally configuring the network elements and services. This manual procedure can be time consuming and inaccurate. A service provider needs to automate all these steps in order to stay competitive in this high-touch market.
Cisco IP Solution Center is a four-tiered architecture for maximizing scalability, redundancy, and robustness. The four tiers are: Client, Interface, Control, and Distribution. This architecture provides the modular framework that is the foundation of this scalable, carrier-class system:
IP Solution Center Architecture
Recently, ABC has been losing customers to a new competitor, XYZ, who is offering IP MPLS VPN services. Many of ABC's customers have switched to XYZ. ABC wants to upgrade its network to offer MPLS VPN services. ABC decides to upgrade its network and provide a differentiated MPLS VPN Service to its customers.
Service Provider ABC's MPLS VPN Network
Turning on MPLS in the core of its network, ABC is able to offer very good security due to the isolation of VRF routing (for example, only routing inside a VPN is seen and published to the customer-connected sites). Using an L2 access switch to distribute access to its customers is a very savvy choice. L2 Access Ethernet has an excellent ROI model, and advanced QoS can be applied to customer traffic to guarantee QoS.
ABC defines all these service-related parameters in ISC's MPLS VPN Service Policy. By defining the service policies, ABC's service operators who are going to deploy the services will not have go through all the steps to activate a service. Service policies represent the service that the service provider wants to offer its customers.
ISC Enables Rapid Deployment of CPE
- CPE is shipped out of Cisco's manufacturing facility with a minimal configuration in the network element, which is needed for the CPE to become active in the network
- The customer receives the CPE and plugs it into the service provider's Ethernet uplink
- The CPE is powered up and contacts the network appliance that is programmed in the configuration
- The Cisco CNS IE 2100 network appliance responds with the CPE's configuration
- The CPE is now ready for service activation, and can participate in the service provider's network
Customer Deployment of MPLS VPN
6. An IP address is allocated for the PE-CE connection (for example, this IP address is taken out of the IP address pool associated with the PE in this case). This IP address allocation is performed for both sites A and B.
7. ISC collects just-in-time configuration from all the network elements that are involved in the service. Based on the actual Cisco IOS configuration, ISC generates IOS CLI Configlets needed to activate the service request.
Cisco ISC offers complete MPLS VPN services management with rapid deployment and error-free provisioning capabilities. ISC also provides scalability and redundancy with its distributed architecture. A service operator can begin with a single machine where ISC is installed and add processing servers that will be used by the ISC's master machine to off-load processing and monitoring. ISC's master machine controls and monitors all its processing servers to deliver load-balancing and error-free provisioning.
The benefits of utilizing Cisco ISC for deploying and managing MPLS services include time to market, improved network quality, reduced operational costs, and a lower total cost of ownership. The comprehensive management functionality of Cisco ISC also enables customers to minimize initial investments by taking full advantage of existing infrastructures and devices. Cisco ISC provides flexibility as well as allowing customers to implement the most suitable frameworkMPLS VPN services that require robust authentication, confidentiality, and secure scanning. Cisco ISC ensures that customers can meet both current and future service requirements without having to undergo "forklift" upgrades.
Cisco ISC eliminates common deployment and management issues by elevating the service administrator's role to that of business manager, as opposed to low-level device-specific policy manager and administrator. Cisco ISC implements a business-centric, service-level management model that allows customers to define high-level policies, while the application of those policies to specific network devices is offloaded to the ISC software.
ISC simplifies management of complex multiaccess, multiplatform IP services, and reduces management costs. Cisco ISC service options provide service-level provisioning, service-aware performance and service-level assurance, and service-aware usage. Accepted worldwide by over 160 leading corporations, Cisco IP Solution Center (evolution of well-established Cisco VPNSC) is the standalone management solution for effective management of converging services, supporting a unified view of MPLS VPN, Metro Ethernet, Security, and QoS services through a common repository of information across all these packet-based services.
Cisco ISC simplifies and speeds the deployment and management of packet-based services for faster time to revenue while increasing operating efficiencies. It is an end-to-end network management solution that scales as an organization evolves.
Cisco ISC provides the software management application that enable rapid and accurate deployment of security services. Simultaneously, the solution simplifies management of complex, multiaccess, multiplatform security services. The Cisco ISC MPLS VPN Services module provides full support for the provisioning and management of MPLS VPN services, Remote Access VPN, L2 Access into MPLS, and various access technologies for PE-CE interfaces such as ATM, Frame Relay, Serial, VLAN, and Ethernet. ISC hides the complexity of provisioning MPLS VPN services.
Visit the Cisco IP Solution Center product page for more information.