Cisco Service Advertisement Framework Deployment Guide
PDF(659.5 KB) View with Adobe Reader on a variety of devices
Updated:December 3, 2010
What You Will Learn
® Service Advertisement Framework (SAF) is a network-based, scalable, bandwidth-efficient approach to service advertisement and discovery. Unlike traditional service discovery mechanisms, Cisco SAF provides a dynamic, real-time messaging mechanism that allows host applications to discover the presence, location, and configuration of networked resources on a LAN or a WAN network based on industry-proven Cisco IP routing technology.
This document is designed for technical decision makers and provides guidance on Cisco SAF deployment.
• To learn more about the components and protocols of Cisco SAF, refer to Cisco Service Advertisement Framework Fundamentals at http://www.cisco.com/go/saf.
• To learn more about the benefits and applications of Cisco IOS® SAF, refer to Service Advertisement: Application Service Advertisement on Your Networks, also at http://www.cisco.com/go/saf.
This document begins with a quick-start guide and then discusses Cisco SAF forwarder design, client and SAF WAN design, and deployment considerations.
Cisco SAF deployment involves the following steps:
1. Configure the Cisco SAF Forwarding Protocol (SAF-FP)
2. Configure the Cisco SAF Client Protocol (SAF-CP) for external Cisco SAF clients and configure the Cisco SAF API for internal Cisco SAF clients.
Figure 1 shows an example of Cisco SAF-FP and SAF-CP with an external client.
Figure 1. Cisco SAF-FP and SAF-CP with External Client
Note that Cisco SAF is enabled on all interfaces by default.
Enabling Cisco SAF on all routers and switches in the network is recommended; however, it is not required. Cisco SAF forwarders can peer with each other across networks that do not use Cisco SAF, such as Layer 3 Multiprotocol Label Switching (MPLS) VPN service provider networks, assuming that IP connectivity exists between the peering Cisco SAF forwarders.
Because Cisco SAF is independent of IP routing and uses underlying Cisco routing technology to distribute service advertisements in a reliable and efficient manner, Cisco SAF will run in networks over any routing protocol they may have in place such as Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), Exterior Border Gateway Protocol (EBGP) over an MPLS service, or static routing (Figure 2).
Figure 2. Cisco SAF and Routing Protocol Examples
Cisco SAF Forwarder Design
Cisco SAF forwarders periodically send hello packets to each other to dynamically discover who their neighbors are and to learn when their neighbors become unreachable or inoperative. Cisco SAF forwarders can use link-local IP multicast to discover and communicate with other Cisco SAF forwarders on a LAN. They can also use a multicast group or unicast point-to-point peering statements across networks that do not support Cisco SAF such as MPLS service provider networks, or in cases which configuration of Cisco SAF forwarders is prohibitive.
Cisco SAF neighbor relationships can be classified into two broad categories:
• Layer 2 adjacent neighbors
• Nonadjacent remote neighbors
Layer 2 Adjacent Neighbors
Layer 2 adjacent neighbor relationships can be dynamic or static.
Layer 2 dynamic neighbor discovery relies on link-local multicast and occurs automatically on all interfaces enabled for Cisco SAF. The link-local multicast address is the same as that used by EIGRP (IPv4: 18.104.22.168, or IPv6: FF02::a). See Figures 3 and 4.
Nonadjacent remote neighbors can also be statically or dynamically configured. Static configuration of nonadjacent remote neighbors is unicast and configured between each pair of forwarders. Loopback interfaces are used as the source interface on both Cisco SAF forwarders for neighbor establishment. IP connectivity to loopback IP addresses is necessary for neighbor establishment. Loopback interfaces provide more resiliency when alternative paths are available to reach them.
In Figure 6, the EIGRP virtual instance used is arbitrarily named "saf." The service-family used is IPv4 and belongs to autonomous system 1. The Cisco SAF unicast neighbor addresses used are 10.1.1.1 and 10.1.1.2, with a hop count of 16. Note that both the service family and autonomous system number must match on both forwarders.
Figure 6. Non adjacent Remote Neighbors
In future releases, Cisco SAF will support dynamic discovery of non adjacent remote Cisco SAF forwarders.
Cisco SAF Client Design
Cisco SAF clients can be deployed in either of two ways:
• The client can reside on the same router as a Cisco SAF forwarder in which case the Cisco SAF client uses an internal API to connect to a Cisco SAF forwarder. Cisco Unified Communications Manager Express is an example of a Cisco SAF internal client.
• The client can be a Cisco SAF forwarder. In this configuration, the Cisco SAF client is referred to as a Cisco SAF external client and requires the Cisco SAF client protocol to connect to the Cisco SAF forwarder. Cisco Unified Communications Call Manager is an example of a Cisco SAF external client.
This document focuses on the following common Cisco SAF external client deployments:
• Single Cisco SAF external client connected to a Cisco SAF forwarder
• Multiple Cisco SAF external clients connected to the same Cisco SAF forwarder
Single Cisco SAF External Client Connected to Cisco SAF Forwarder
When a single Cisco SAF external client needs to connect to a Cisco SAF forwarder, the Cisco SAF forwarder requires the client to match its configured client label, service family, username and password credentials, and destination TCP port. The client label used in Figure 7 is "Client-A" with username "safuser" and password "safpassword123." The service family used is IPv4 and TCP port 5050. The keepalive timer for the Cisco SAF external client is optionally set to 360,000 milliseconds (the default is 9600 milliseconds).
Figure 7. Generic Single Cisco SAF External Client Connected to Cisco SAF Forwarder
Figure 7 can be extended so that multiple clients can use different client labels or the same client label with different or shared usernames, passwords, and TCP ports. In the example in Figure 8, multiple clients use different client labels with different credentials but the same TCP ports.
Figure 8. Multiple Cisco SAF External Clients Connected to Same Cisco SAF Forwarder Using Different Client Labels, Different Credentials, and Same TCP Port
In situations in which the use of different client labels that share common username and password credentials is desired, configuration can become complex. Configuration of a Cisco Unified Communications Manager cluster a Cisco SAF client is an example of such a case. (Figure 9).
Figure 9. Cisco Unified Communications Manager Cluster as Cisco SAF Client: Complex Configuration
Use of a client label naming convention that allows clients to share a common client-label "basename" helps simplify the Cisco Unified Communications Manager cluster and Cisco SAF external client configuration. (Figure 10).
Figure 10. Cisco Unified Communications Manager Cluster as Cisco SAF External Client: Using "Basename" Client-Label Naming Convention
The client-label naming convention used in Figure 10 takes the form
client-label@[1-50] where the client-label basename is "CUCM_SJ" and clients can use any number in the range 1 through 50.
Cisco SAF WAN Design
Networks with Cisco SAF forwarders in the WAN can form neighbor relationships using Layer 2 adjacent Cisco SAF peerings, and nonadjacent remote neighbor Cisco SAF peerings can be used to form neighbor relationships across WANs that do not have Cisco SAF.
Figure 11 shows an example of how to deploy Cisco SAF across a network that does not have Cisco SAF, using remote static neighbors in a hub-and-spoke topology. When using remote static neighbors across such a network, configure the hub with a single loopback interface as the source, making the loopback interface behave like a multipoint link. Disable split-horizon option on the multipoint link on the Cisco SAF hub router when Cisco SAF advertisements need to be advertised between spoke routers through the hub router.
Figure 11. Cisco SAF Hub-and-Spoke Design
Note in Figure 11 that Cisco SAF is enabled only on loopback0 on the hub, and it is enabled on all interfaces by default on the spokes. If the hub has Layer 2 adjacent neighbors on other interfaces (not shown in the figure), those interfaces should be enabled.
Cisco SAF stub forwarders help control the direction of service advertisements and increase service network convergence in hub-and-spoke topologies. Cisco SAF stub forwarders can learn service advertisements normally and advertise their local services, or they can learn service advertisements normally but not advertise their local services. (Figure 12).
Figure 12. SAF Cisco Stub Forwarders
Cisco SAF Reflector Design
Currently, Cisco SAF supports static neighbor assignments in which peering Cisco SAF forwarders need to have corresponding neighbor statements to exchange advertisements. Fully meshed unicast neighbor peering makes Cisco SAF configuration intensive and prone to error over large networks that do not use Cisco SAF. Figure 13 shows fully meshed Cisco SAF forwarder peerings across an MPLS network where all forwarders are part of the same Virtual Routing and Forwarding instance named BLUE.
Figure 13. Fully Meshed Unicast Cisco SAF Peering
A centralized Cisco SAF forwarder called a Cisco SAF reflector can be used to distribute advertisements between forwarders. To reduce the need for Cisco SAF neighbor configuration between forwarders, use Multipoint Generic Encapsulation (mGRE) to enable dynamic Cisco SAF peering. Use of a Cisco SAF reflector with mGRE makes Cisco SAF over a service provider MPLS WAN service simpler to configure and faster to deploy: similar to a Cisco SAF Dynamic Multipoint VPN (DMVPN) design but without IP Security (IPsec). Because mGRE relies on the Next Hop Resolution Protocol (NHRP) to map the mGRE tunnel IP address to the physical WAN IP address, the Cisco SAF reflector is made the NHRP server and Cisco SAF spokes the NHRP clients. Keeping the mGRE tunnel out of the IP routing table helps prevent control-plane messages not from Cisco SAF from crossing the mGRE tunnel, and this goal can be accomplished by not including the IP subnet of the mGRE tunnels under the IP routing protocol process. A redundant Cisco SAF reflector can be used to provide redundancy if needed. (Figure 14).
Figure 14. Cisco SAF Reflector Example
In future releases, Cisco SAF will support dynamic discovery of nonadjacent Cisco SAF forwarders. Dynamic discovery of nonadjacent Cisco SAF forwarders helps alleviate the need for a full mesh of remote static neighbors across a network that does not use Cisco SAF. Dynamic discovery of nonadjacent Cisco SAF forwarders relies on multicast routing and requires all participating Cisco SAF forwarders to join a common multicast group. (Figure 15).
Figure 15. Dynamic Neighbor Discovery of Nonadjacent Cisco SAF Forwarders
• Cisco SAF scalability
– Neighbor scale is similar to that of EIGRP
– Cisco SAF advertisements are variable in size and depend on the data that the application is sending.
– Cisco SAF advertisements can be up to 16KB in size.
– Up to 50 external clients can connect to the same Cisco SAF forwarder.
– The maximum number of external clients varies based on platform resources (CPU and memory).
• Unified communications CCD with Cisco SAF
– Up to 2000 advertised dial-number patterns per cluster
– Up to 20,000 learned dial-number patterns per cluster
• Firewalls and access-lists should permit the following:
– Cisco SAF hellos: Link-local destination multicast group 22.214.171.124/FF02::a for dynamic neighbor discovery
– Cisco SAF-FP: IP Protocol 88
– Cisco SAF-CP TCP ports: Port numbers defined by "service-family external-client listen ipv4 <port>"
Platform and Software Support
Cisco SAF was initially released as part of Cisco IOS Software Release 15.0(1)M on the Cisco 800 and 7200 Series Routers; Cisco 1800, 2800, and 3800 Series Integrated Services Routers; Cisco IOS Software Release 12.2(33)SRE on the Cisco 7600 Series; Cisco IOS Software Release XE 2.5 on the ASR 1000 Series Aggregation Services Routers; Cisco IOS Software Release 12.2(33)SXI4 on the Cisco Catalyst
® 6000 Series Switches; and Cisco IOS Software Release 12.2(54)SG on the Cisco Catalyst 4000 Series Switches.
The Cisco Unified Communications Systems Release 8.0 CCD is the first application that supports SAF.
For more platform and Cisco IOS Software and Cisco Catalyst OS software image support, refer to Cisco Feature Navigator at