Cisco SCE8000 Topology and Topology-Related Parameters
This chapter describes the possible deployment topologies of the Cisco SCE8000 and explains how to configure the relevant parameters correctly for each topology.
•The Cisco SCE8000 Platform
•Asymmetric Routing Topology
The Cisco SCE8000 Platform
The Cisco SCE8000 is a solution for dual links with load sharing and asymmetrical routing and support for fail-over between two SCE platforms.
The Cisco SCE8000 is built to support wire speed processing of full-duplex 10GBE streams. The Cisco SCE8000 can, therefore, be deployed in a multi-link environment, in several different topologies.
•Single Cisco SCE8000 topology — Provides the ability to process both directions of a bi-directional flow, processing both the upstream and downstream paths of a flow, even if they traverse different links.
•Dual Cisco SCE8000 topology (cascade) — Cascaded Cisco SCE8000s provide high-availability and fail-over solution and maintain the line and service in case of Cisco SCE8000 failure
•Multi-Gigabit Service Control Platform (MGSCP) topology — For scalability, the Cisco SCE8000 platform supports the option to connect a multiple number of SCE platforms to a Cisco 7600 Series router used to perform load-balancing between the platforms.
There are several issues that must be considered in order to arrive at the optimum configuration of the topology-related parameters:
— Will the system be used solely to monitor traffic flow, with report functionality only, or will it be used for traffic flow control, with enforcement as well as report functionality?
–Monitoring and Control — The Cisco SCE8000 monitors and controls traffic flow. Decisions are enforced by the Cisco SCE8000 depending on the results of the monitoring functions of the Cisco SCE8000 and the configuration of the Service Control Application for Broadband or Mobile solution.
In order to perform control functions, the Cisco SCE8000 must be physically installed as an inline installation.
–Monitoring only — The Cisco SCE8000 monitors traffic flow, but cannot control it.
Either an inline installation or an optical splitter or port SPAN installation may be used for monitoring only.
A Cisco SCE8000 deployment can range from a single 10GBE link to multiple platforms in a MGSCP topology.
A complete discussion on sizing the system is beyond the scope of this document. Information regarding the number of Cisco SCE8000 platforms required is related to the design considerations 'per link' (topology and redundancy factors) rather than to overall sizing of the system.
Must the system be designed to guarantee uninterrupted Cisco SCE8000 functionality? If so, there must be a backup Cisco SCE8000 platform (or a backup for each platform in an MGSCP topology) to assume operation in case of failure of the primary device.
A backup SCE platform is connected in a cascade configuration with the primary SCE platform so that, although all processing is performed only in the active Cisco SCE8000, the standby Cisco SCE8000 is constantly updated with all the necessary information so that it can instantly take over processing the traffic on the data links should the active Cisco SCE8000 fail.
Note that an MGSCP topology with multiple Cisco SCE8000 platforms provides more sophisticated redundancy options, but the basic decision on each link is the same: does it require a standby SCE platform or not?
How should the Cisco SCE8000 respond to platform failure with regard to link continuity? Should traffic flow continue even though the unit is not operating, or be halted until the platform is repaired/replaced?
If link continuity is a high priority, an external optical bypass module can be installed on the link. (See Link Continuity and The Cisco SCE8000 Optical Bypass, page 2-8.)
Note In cascade configuration, installation of an external optical bypass module is required.
These issues determine two important aspects of system deployment and configuration:
•Physical topology of the system — The actual physical placement and connection of the Cisco SCE8000 platform or platforms in the system.
•Topology-related configuration parameters — The correct values for each parameter must be ascertained before configuring the system to make sure that the system will function in the desired manner.
Following are descriptions of a number of physical topologies that the Cisco SCE8000 supports.
•SCE8000 Interface Numbering
•Single Cisco SCE8000 Topologies
•Dual Cisco SCE8000 Topology (Cascade)
•Multi-Gigabit Service Control Platform (MGSCP) Topology
SCE8000 Interface Numbering
The following diagram shows the numbering of the SCE8000 interfaces as indicated in the topology diagrams in this chapter. The interface numbering is explained as follows:
•The first digit is the slot number (always 3).
•The second digit is the number of the sub-slot or SPA module (0-3).
•The third digit is the number of the interface on the designated SPA module (always 0).
•Interfaces 3/0/0 and 3/2/0 are on the two left-hand SPA modules and are the Subscriber side interfaces.
•Interfaces 3/1/0 and 3/3/0 are on the two right-hand SPA modules and are the Network side interfaces.
Figure 3-1 SCE8000 Interface Numbering
Single Cisco SCE8000 Topologies
A single Cisco SCE8000 supports both single 10GBE link and dual 10GBE link topologies.
•Single Link: Inline Topology
•Dual link: Inline Installation
•Single Link: Receive-only Topology
•Dual Link: Receive-Only Topology
Single Link: Inline Topology
Typically, the Cisco SCE8000 is connected in a full duplex 10GBE link between two devices (Router, BRAS, etc.). When the Cisco SCE8000 is installed as an inline installation, it physically resides on the data link between the subscribers and the network.
Figure 3-2 Single Link: Inline Topology
When configuring the Cisco SCE8000, an inline installation is referred to as "inline" connection mode.
Dual link: Inline Installation
In this topology, one Cisco SCE8000 is connected inline in two full duplex, 10GBE links.
In case the two links are load-shared, asymmetrical routing might occur, and some of the flows may be split, that is, the upstream packets of the flow go on one link, and the downstream packets go on the other link.
When installed in this topology, the Cisco SCE8000 completely overcomes this phenomenon, and provides its normal functionality as if asymmetrical routing were not occurring in the two links.
Figure 3-3 Dual link: Inline Installation
This topology supports both monitoring and control functionality, and is referred to as "inline" connection mode.
Single Link: Receive-only Topology
In this topology, an optical splitter resides physically on the 10GBE link between the subscribers and the network. The traffic passes through the optical splitter, which splits traffic to the Cisco SCE8000. The Cisco SCE8000, therefore, only receives traffic and does not transmit.
Figure 3-4 Single Link: Receive-only Topology
When configuring the Cisco SCE8000, an optical splitter topology is referred to as "receive-only" connection mode.
Note In an optical splitter topology, the Cisco SCE8000 only enables traffic monitoring functionality.
Note When implementing receive-only topologies with a switch, the switch must support SPAN functionality that includes separation between ingress and egress traffic and multiple SPAN-ports destinations.
Dual Link: Receive-Only Topology
In this topology, one Cisco SCE8000 is connected in receive-only mode to two full duplex, 10 Gig links using optical splitters. If the two links are load-shared, asymmetrical routing might occur, and some of the flows may be split, i.e. the upstream packets of the flow go on one link, and the downstream packets go on the other link.
When installed in this topology, the Cisco SCE8000 completely overcomes this phenomenon, and provides its normal monitoring functionality as if asymmetrical routing were not occurring in the two links.
This installation supports monitoring functionality only, and is configured as "receive-only" connection mode.
Figure 3-5 Dual Link: Receive-Only Topology
Note When implementing receive-only topologies with a switch, the switch must support SPAN functionality that includes separation between ingress and egress traffic and multiple SPAN-ports destinations.
Dual Cisco SCE8000 Topology (Cascade)
In this topology, two cascaded Cisco SCE8000s are used. This allows a fail-over solution, where in case of a failure of one Cisco SCE8000 the functionality that the Cisco SCE8000 provides is preserved by the redundant platform.
This topology allows both control and monitoring functionality where redundancy is required and "inline" connection is used. The two Cisco SCE8000s are cascaded, so the primary Cisco SCE8000 processes the traffic of the two links, while the secondary Cisco SCE8000 only bypasses the traffic of its links to the primary Cisco SCE8000 for processing, and then bypasses the processed traffic back to the link. The two Cisco SCE8000s also exchange keep-alive messages and subscriber state information.
In case the primary Cisco SCE8000 fails, the two Cisco SCE8000s switch their roles, and this way fail-over is provided.
Figure 3-6 Two Cascaded Cisco SCE8000 Platforms
This fail-over solution preserves the Cisco SCE8000 functionality and the network link:
•The two Cisco SCE8000s are simultaneously aware of the subscriber contexts, and subscriber states are constantly exchanged between them, such that if the primary Cisco SCE8000 fails, the secondary can take over with minimum state loss.
•When one Cisco SCE8000 fails (depending on the type of failure) its link traffic is still bypassed to the functioning Cisco SCE8000 and processed there, so the traffic processing continues for both the links.
•The bypass of the traffic through the failed Cisco SCE8000 is configurable, and the user may choose to always cutoff the line that goes through the failed Cisco SCE8000. In this case network redundancy protocols like HSRP are responsible for identifying the line cutoff and switching all the traffic to go through the functioning Cisco SCE8000.
•In addition, it is possible to configure the Cisco SCE8000 to use the external optical bypass device so that in the event of any failure of the Cisco SCE8000, it will be used to provide link continuity. This ensures 100% link continuity at the expense of providing asymmetric routing functionality.
Multi-Gigabit Service Control Platform (MGSCP) Topology
In this topology, multiple Cisco SCE8000 platforms are connected to a Cisco 7600 Series router, which acts as a dispatcher between the platforms. The router contains two EtherChannels (ECs), one for the subscriber side and one for the network side, that perform load balancing for the SCE platform traffic. Traffic enters the first router, is distributed between the SCE platforms by the subscriber-side EC and then returns to the router so it can be forwarded to its original destination.
Figure 3-7 Basic MGSCP Topology
There are a number of variables to be considered in the MGSCP topology. Two of the main factors to be considered include:
•Type of SCE Platform Redundancy
•Redundant Cisco 7600 Series Router
Type of SCE Platform Redundancy
All ports in the EC and all SCE platforms are active. If there is a failure in one of the SCE platforms, the links on the related ports in the EC will be down and the EC will automatically exclude it from the load distribution. The load will then be distributed between the remaining active SCE platforms.
Since the Cisco SCE8000 supports two links, this configuration requires one SCE platform per two links (two EC ports).
'N' SCE platforms are active and one platform is on standby. The EC ports connected to the standby SCE platform must be configured as standby ports. In the case of failure of one of the SCE platforms, the EC ports connected to the failing SCE platform are shut and the standby EC ports, connected to the standby SCE platform, will be activated.
Since the Cisco SCE8000 supports two links, this configuration requires one SCE platform per two links (two EC ports), plus one extra SCE platform for standby.
Note that the standby SCE platform must be connected to the two highest-numbered ports, since EC behavior automatically designates these as the standby ports.
Redundant Cisco 7600 Series Router
Two Cisco 7600 Series routers can be used to provide network redundancy.
In this topology, one link on each Cisco SCE8000 platform is connected to each router. Therefore, one SCE platform is required for each link.
Figure 3-8 MGSCP with Redundant Router
The internal bypass mechanism of the Cisco SCE8000 allows traffic to continue to flow, if desired, even if the device itself is not fully functioning. In addition, the Cisco SCE8000 is designed with the ability to control up to two external optical bypass devices (one per link). This is needed because the internal bypass mechanism cannot maintain traffic flow in all cases.
Note that when the Cisco SCE8000 is connected to the network through an optical splitter, a failure of the Cisco SCE8000 does not affect the traffic flow, as the traffic continues to flow through the optical splitter.
•Internal Bypass Mechanism
•External Optical Bypass
Internal Bypass Mechanism
The Cisco SCE8000 includes a SPA Interface Processor module with a bypass mechanism that is enabled upon Cisco SCE8000 failure.
The SPA Interface Processor card supports the following three modes:
•Bypass — The bypass mechanism preserves the network link, but traffic is not processed for monitoring or for control.
•Forwarding — This is the normal operational mode, in which the Cisco SCE8000 processes the traffic for monitoring and control purposes.
•Cutoff — There is no forwarding of traffic, and the physical link is forced down (cutoff functionality at layer 1).
The SPA Interface Processor card cannot preserve the link in the following circumstances:
•During platform reboot (SW reload), there is a 5-second period (at most) during which the link is forced down (cutoff functionality).
•During a power failure (The Cisco SCE8000 has two power supplies. A power failure occurs only when both of them fail).
•Under certain types of failure within the SIP module, the SPA cards, or the XFP optic modules.
External Optical Bypass
In installations in which the limitations of the internal bypass are not acceptable, an external optical bypass device can be used to provide dependable link continuity. The external optical bypass device can be installed either inside the Cisco SCE8000 chassis or be rack-mounted externally. The external optical bypass device can also be controlled manually by specific CLI commands.
Under normal operating conditions, traffic flows through the link as usual, with the exception that the optical bypass module sits on the link.
Figure 3-9 Optical Bypass Under Normal Operating Conditions
If the SCE8000 platform fails, traffic flows through the optical bypass module, bypassing the SCE8000, so that traffic on the link is maintained
Figure 3-10 Optical Bypass Under Failure Conditions
Note In cascade configuration, installation of the optical bypass module is required
This optical bypass module can be added to link without altering the basic characteristics of the topology. (The installation procedure and the actual connections are somewhat different when the optical bypass module is used, see Optical Bypass Module Connectivity, page 6-9.)
For more information regarding the external bypass module, refer to The Cisco SCE8000 Optical Bypass, page 2-8.
Refer to the following sections to determine the correct values for all topology-related parameters before beginning to run the initial setup of the Cisco SCE8000.
•Connection Mode Parameter
•Physically Connected Links Parameter
•On-Failure Mode Parameter
There are four topology-related parameters:
•Connection mode — Can be any one of the following, depending on the physical installation of the Cisco SCE8000 (Refer to Connection Mode Parameter):
–Inline — single Cisco SCE8000 inline
–Receive-only — single Cisco SCE8000 receive-only
–Inline-cascade — two inline Cisco SCE8000 platforms cascaded
–Receive-only-cascade — two receive-only Cisco SCE8000 platforms cascaded
•Physically-connected-links — In cascaded configurations, this parameter defines the number of the link connected to the Cisco SCE8000 platform being configured. (Refer to Physically Connected Links Parameter.)
It is applicable only in a cascade topology.
•Priority — This parameter defines which is the primary Cisco SCE8000 (Refer to Priority.)
It is applicable only in a cascade topology
•On-failure — This parameter determines whether the system cuts the traffic or bypasses it when the Cisco SCE8000 either has failed or is booting. Traffic bypass can be achieved either through the external optical bypass device or through the internal bypass mechanism of the SPA interface processor. It is not applicable to receive-only topologies. (Refer to On-Failure Mode Parameter.)
These parameters are configured via the connection-mode command.
Connection Mode Parameter
The connection mode parameter refers directly to the physical topology in which the Cisco SCE8000 is installed. The connection mode depends on two factors:
–Inline — The Cisco SCE8000 resides on the data link between the subscriber side and the network side, thus both receiving and transmitting packets.
–Receive-only — The Cisco SCE8000 does not reside physically on the data link. Data is forwarded to the Cisco SCE8000 via an external optical splitter. The Cisco SCE8000 itself receives only and does not transmit.
•Cascade — Indicates a two Cisco SCE8000 topology where the two Cisco SCE8000 platforms are connected via the cascade ports.
The connection mode parameter is determined by the physical deployment of the Cisco SCE8000, as follows:
•Single Cisco SCE8000 inline installation = Inline connection mode.
•Single Cisco SCE8000 optical splitter installation = Receive-only connection mode.
•Two-platform cascaded Cisco SCE8000 inline installation = Inline-cascade connection mode.
•Two-platform cascaded Cisco SCE8000 optical splitter installation = Receive-only-cascade connection mode
Physically Connected Links Parameter
A cascade topology supports two traffic links. This parameter defines which link is connected to which Cisco SCE8000 platform. The links are designated as follows:
In a cascade topology, the user must define the priority of each Cisco SCE8000.
•Primary — The Primary Cisco SCE8000 is active by default
•Secondary — The Secondary Cisco SCE8000 is the default standby.
Note that these defaults apply only when both devices are started together. However, if the primary Cisco SCE8000 fails and then recovers, it will not revert to active status, but remains in standby status, while the secondary device remains active
On-Failure Mode Parameter
The on-failure mode parameter configures the action taken by a failed box when a failure is detected.
As described in the section Internal Bypass Mechanism, the SPA Interface Processor card supports three different modes. The Bypass and Cutoff modes are possible when the Cisco SCE8000 is not operational due to platform failure or boot. The Forwarding mode enables control of traffic flow and is not compatible with the non-operational status.
The following on-failure modes are possible:
•Bypass — The SPA interface card forwards traffic between the two ports of each link with no intervention of the control application running in the Cisco SCE8000 platform. This is also known as 'electrical bypass'.
In a cascade setup, this allows the traffic of the link connected to the failed box to be passed to the active box for processing.
•Cutoff — There is no forwarding of traffic. The link is forced down, resulting in traffic cutoff at Layer1.
•External-bypass - The external optical bypass device is used to bypass traffic, maintaining link continuity at all times.
In a single Cisco SCE8000 topology, the value of this parameter is determined by whether or not the link can be completely cut when the Cisco SCE8000 fails, or whether traffic flow should continue across the link in spite of platform failure. In the latter case, the External-bypass mode is the recommended setting, and is therefore the default value for the on-failure mode parameter.
In a dual cascaded Cisco SCE8000 topology, the default on-failure mode is Bypass, since it preserves full traffic processing functionality on both links in most single box failures (as long as the SPA interface card is functioning properly).
•Cutoff mode is suggested for the following:
–Non-redundant inline topology if value-added services (such as security) are crucial and are more important than maintaining connectivity.
•Bypass mode is suggested for the following:
–Non-redundant inline topology if connectivity is of high importance.
–In redundant inline setups, if cutoff or traffic loss on a single link for a period of up to ten minutes (during a rare event of a SPA interface card failure) can be tolerated.
•External-bypass mode is suggested for the following:
–Non-redundant inline topology if connectivity is crucial.
–Redundant inline setups, if connectivity is crucial. Note that when this mode is used, the link connected to the failed box is not serviced, and the other link operates with asymmetric routing functionality.
Asymmetric Routing Topology
In some Service Control deployments, asymmetrical routing occurs between potential service control insertion points. Asymmetrical routing can cause a situation in which the two directions of a bi-directional flow pass through different SCE platforms, resulting in each SCE platform seeing only one direction of the flow (either the inbound traffic or the outbound traffic).
This problem is typically solved by connecting the two SCE platforms in cascade mode (or through an MGSCP cluster), thereby making sure that both directions of a flow run through the same SCE platform. However, this is sometimes not feasible, due to the fact that the SCE platforms sharing the split flow are geographically remote (especially common upon peering insertion). In this type of scenario, the asymmetric routing solution enables the SCE platform to handle such traffic, allowing SCA BB to classify traffic based on a single direction and to apply basic reporting and global control features to uni-directional traffic.
Asymmetric Routing and Other Service Control Capabilities
Asymmetric routing can be combined with most other Service Control capabilities, however there are some exceptions.
Service Control capabilities that cannot be used in an asymmetric routing topology include the following:
•Any kind of subscriber integration. (Use subscriber-less mode or anonymous subscriber mode instead)