Cisco SCE 8000 Topology and Topology-Related Parameters
Revised: December 21, 2012, OL-26784-02
This chapter describes the possible deployment topologies of the Cisco SCE 8000 and explains how to configure the relevant parameters correctly for each topology:
•The Cisco SCE 8000 Platform
•Asymmetric Routing Topology
The Cisco SCE 8000 Platform
The Cisco SCE 8000 is a solution for dual links with load sharing and asymmetrical routing and support for fail-over between two SCE platforms.
The Cisco SCE 8000 is built to support wire speed processing of full-duplex 10 GBE streams. The Cisco SCE 8000 can, therefore, be deployed in a multi-link environment in several different topologies.
•Single Cisco SCE 8000 topology—Provides the ability to process both directions of a bi-directional flow, processing both the upstream and downstream paths of a flow, even if they traverse different links.
•Dual Cisco SCE 8000 topology (cascade)—Cascaded Cisco SCE 8000s provide high-availability and fail-over solution and maintain the line and service in case of Cisco SCE 8000 failure
•Multi-Gigabit Service Control Platform (MGSCP) topology—For scalability, the Cisco SCE 8000 platform supports the option to connect a multiple number of SCE platforms to a Cisco 7600 Series router used to perform load-balancing between the platforms.
There are several issues that must be considered in order to arrive at the optimum configuration of the topology-related parameters:
Will the system be used solely to monitor traffic flow, with report functionality only, or will it be used for traffic flow control, with enforcement as well as report functionality?
–Monitoring and Control—The Cisco SCE 8000 monitors and controls traffic flow. Decisions are enforced by the Cisco SCE 8000 depending on the results of the monitoring functions of the Cisco SCE 8000 and the configuration of the Service Control Application for Broadband or Mobile solution.
To perform control functions, the Cisco SCE 8000 must be physically installed as an inline installation.
–Monitoring only—The Cisco SCE 8000 monitors traffic flow, but cannot control it.
Either an inline installation or an optical splitter or port SPAN installation may be used for monitoring only.
The Cisco SCE 8000 deployment can range from a single 10 GBE link to multiple platforms in a MGSCP topology.
A complete discussion on sizing the system is beyond the scope of this document. Information about the number of Cisco SCE 8000 platforms required is related to the design considerations 'per link' (topology and redundancy factors) rather than to overall sizing of the system.
Must the system be designed to guarantee uninterrupted Cisco SCE 8000 functionality? If so, there must be a backup Cisco SCE 8000 platform (or a backup for each platform in an MGSCP topology) to assume operation in case of failure of the primary device.
A backup SCE platform is connected in a cascade configuration with the primary SCE platform so that, although all processing is performed only in the active Cisco SCE 8000, the standby Cisco SCE 8000 is constantly updated with all the necessary information so that it can instantly take over processing the traffic on the data links should the active Cisco SCE 8000 fail.
A MGSCP topology with multiple Cisco SCE 8000 platforms provides more sophisticated redundancy options, but the basic decision on each link is the same: does it require a standby SCE platform or not?
How should the Cisco SCE 8000 respond to platform failure in relation to link continuity? Should traffic flow continue even though the unit is not operating, or should it be halted until the platform is repaired or replaced?
If link continuity is a high priority, an external optical bypass module can be installed on the link. (See "Link Continuity" section and "The Cisco SCE 8000 Optical Bypass" section.)
Note In cascade configuration, installation of an external optical bypass module is required.
These issues determine two important aspects of system deployment and configuration:
•Physical topology of the system—Actual physical placement and connection of the Cisco SCE 8000 platform or platforms in the system.
•Topology-related configuration parameters—Correct values for each parameter must be ascertained before configuring the system to make sure that the system functions in the desired manner.
The following sections are descriptions of several physical topologies that Cisco SCE 8000 supports:
•Cisco SCE 8000 Interface Numbering
•Single Cisco SCE 8000 Topologies
•Dual Cisco SCE 8000 Topology (Cascade)
•Multi-Gigabit Service Control Platform (MGSCP) Topology
Cisco SCE 8000 Interface Numbering
Figure 3-1 shows the numbering of the Cisco SCE 8000 interfaces as indicated in the topology diagrams in this chapter. The interface numbering is explained as follows:
•First digit is the slot number (always 3).
•Second digit is the number of the sub-slot or SPA module (0 to 3).
•Third digit is the number of the interface on the designated SPA module (always 0).
•Interfaces 3/0/0 and 3/2/0 are on the two left SPA modules and are the Subscriber-side interfaces.
•Interfaces 3/1/0 and 3/3/0 are on the two right SPA modules and are the Network-side interfaces.
Figure 3-1 Cisco SCE 8000 Interface Numbering
Single Cisco SCE 8000 Topologies
A single Cisco SCE 8000 supports both single 10 GBE link and dual 10 GBE link topologies:
•Single Link: Inline Topology
•Dual Link: Inline Installation
•Single Link: Receive-only Topology
•Dual Link: Receive-Only Topology
Single Link: Inline Topology
Typically, the Cisco SCE 8000 is connected in a full duplex 10 GBE link between two devices (Router, BRAS, and so on). When the Cisco SCE 8000 is installed as an inline installation, it physically resides on the data link between the subscribers and the network (see Figure 3-2).
Figure 3-2 Single Link: Inline Topology
When configuring the Cisco SCE 8000, an inline installation is referred to as "inline" connection mode.
Dual Link: Inline Installation
In this topology, one Cisco SCE 8000 is connected inline in two full duplex, 10 GBE links (see Figure 3-3).
In case the two links are load-shared, asymmetrical routing might occur, and some of the flows may be split, that is, the upstream packets of the flow go on one link, and the downstream packets go on the other link.
When installed in this topology, the Cisco SCE 8000 completely overcomes this phenomenon, and provides its normal functionality as if asymmetrical routing were not occurring in the two links.
Figure 3-3 Dual ink: Inline Installation
This topology supports both monitoring and control functionality, and is referred to as "inline" connection mode.
Single Link: Receive-only Topology
In this topology, an optical splitter resides physically on the 10 GBE link between the subscribers and the network (see Figure 3-4). The traffic passes through the optical splitter, which splits traffic to the Cisco SCE 8000. The Cisco SCE 8000, therefore, only receives traffic and does not transmit.
Figure 3-4 Single Link: Receive-only Topology
When configuring the Cisco SCE 8000, an optical splitter topology is referred to as "receive-only" connection mode.
Note In an optical splitter topology, the Cisco SCE 8000 only enables traffic monitoring functionality.
Note When implementing receive-only topologies with a switch, the switch must support SPAN functionality that includes separation between ingress and egress traffic and multiple SPAN-ports destinations.
Dual Link: Receive-Only Topology
In this topology, one Cisco SCE 8000 is connected in receive-only mode to two full duplex, 10 Gig links using optical splitters (see Figure 3-5). If the two links are load-shared, asymmetrical routing might occur, and some of the flows may be split, i.e. the upstream packets of the flow go on one link, and the downstream packets go on the other link.
When installed in this topology, the Cisco SCE 8000 completely overcomes this phenomenon, and provides its normal monitoring functionality as if asymmetrical routing were not occurring in the two links.
This installation supports monitoring functionality only, and is configured as "receive-only" connection mode.
Figure 3-5 Dual Link: Receive-Only Topology
Note When implementing receive-only topologies with a switch, the switch must support SPAN functionality that includes separation between ingress and egress traffic and multiple SPAN-ports destinations.
Dual Cisco SCE 8000 Topology (Cascade)
In this topology, two cascaded Cisco SCE 8000s are used. This allows a switchover solution, where in case of a failure of one Cisco SCE 8000, the functionality that the Cisco SCE 8000 provides is preserved by the redundant platform (see Figure 3-6).
This topology allows both control and monitoring functionality where redundancy is required and "inline" connection is used. The two Cisco SCE 8000s are cascaded, so the primary Cisco SCE 8000 processes the traffic of the two links, while the secondary Cisco SCE 8000 only bypasses the traffic of its links to the primary Cisco SCE 8000 for processing, and then bypasses the processed traffic back to the link. The two Cisco SCE 8000s also exchange keep-alive messages and subscriber state information.
In case the primary Cisco SCE 8000 fails, the two Cisco SCE 8000s switch their roles, and this way switchover is provided.
Figure 3-6 Two Cascaded Cisco SCE 8000 Platforms
This switchover solution preserves the Cisco SCE 8000 functionality and the network link:
•The two Cisco SCE 8000s are simultaneously aware of the subscriber contexts, and subscriber states are constantly exchanged between them, such that if the primary Cisco SCE 8000 fails, the secondary can take over with minimum state loss.
•When one Cisco SCE 8000 fails (depending on the type of failure) its link traffic is still bypassed to the functioning Cisco SCE 8000 and processed there, so the traffic processing continues for both the links.
•The bypass of the traffic through the failed Cisco SCE 8000 is configurable, and the user may choose to always cutoff the line that goes through the failed Cisco SCE 8000. In this case network redundancy protocols like HSRP are responsible for identifying the line cutoff and switching all the traffic to go through the functioning Cisco SCE 8000.
•In addition, it is possible to configure the Cisco SCE 8000 to use the external optical bypass device so that if any failure of the Cisco SCE 8000 occurs, it is used to provide link continuity. This ensures full link continuity at the expense of providing asymmetric routing functionality.
Multi-Gigabit Service Control Platform (MGSCP) Topology
In this topology, multiple Cisco SCE 8000 platforms are connected to a Cisco 7600 Series router, which acts as a dispatcher between the platforms (see Figure 3-7). The router contains two EtherChannels (ECs), one for the subscriber side and one for the network side, that perform load balancing for the SCE platform traffic. Traffic enters the first router, is distributed between the SCE platforms by the subscriber-side EC and then returns to the router so it can be forwarded to its original destination.
Figure 3-7 Basic MGSCP Topology
There are several variables to be considered in the MGSCP topology. Two of the main factors to be considered include:
•Types of SCE Platform Redundancy
•Redundant Cisco 7600 Series Router
Types of SCE Platform Redundancy
All ports in the EC and all SCE platforms are active. If there is a failure in one of the SCE platforms, the links on the related ports in the EC go down and the EC automatically excludes it from the load distribution. The load then is distributed between the remaining active SCE platforms.
Because the Cisco SCE 8000 supports two links, this configuration requires one SCE platform per two links (two EC ports).
'N' SCE platforms are active and one platform is on standby. The EC ports connected to the standby SCE platform must be configured as standby ports. In the case of failure of one of the SCE platforms, the EC ports connected to the failing SCE platform are shut, and the standby EC ports that are connected to the standby SCE platform are activated.
Because the Cisco SCE 8000 supports two links, this configuration requires one SCE platform per two links (two EC ports), plus one extra SCE platform for standby.
The standby SCE platform must be connected to the two highest-numbered ports, because EC behavior automatically designates these as the standby ports.
Redundant Cisco 7600 Series Router
Two Cisco 7600 Series routers can be used to provide network redundancy (see Figure 3-8).
In this topology, one link on each Cisco SCE 8000 platform is connected to each router. Therefore, one SCE platform is required for each link.
Figure 3-8 MGSCP with Redundant Router
The internal bypass mechanism of the Cisco SCE 8000 allows traffic to continue to flow, if desired, even if the device itself is not fully functioning. In addition, the Cisco SCE 8000 is designed with the ability to control up to two external optical bypass devices (one per link). This is needed because the internal bypass mechanism cannot maintain traffic flow in all cases.
When the Cisco SCE 8000 is connected to the network through an optical splitter, a failure of the Cisco SCE 8000 does not affect the traffic flow, as the traffic continues to flow through the optical splitter.
•Internal Bypass Mechanism
•External Optical Bypass
Internal Bypass Mechanism
The Cisco SCE 8000-SIP module includes a bypass mechanism that is enabled upon Cisco SCE 8000 failure.
The Cisco SCE 8000-SIP supports the following three modes:
•Bypass—The bypass mechanism preserves the network link, but traffic is not processed for monitoring or for control.
•Forwarding—This is the normal operational mode, in which the Cisco SCE 8000 processes the traffic for monitoring and control purposes.
•Cutoff—There is no forwarding of traffic, and the physical link is forced down (cutoff functionality at layer 1).
The SPA Interface Processor card cannot preserve the link in the following circumstances:
•During platform reboot (SW reload), there is an 11-second period during which the link is forced down (cutoff functionality). If any routing or spanning tree protocols are used in the network, this delay may be extended.
•During a power failure (The Cisco SCE 8000 has two power supplies. A power failure occurs only when both of them fail).
•Under certain types of failure within the SIP module, the SPA cards, or the XFP optic modules.
External Optical Bypass
When a separate bypass mechanism is required, an external optical bypass device can be used to provide dependable link continuity. The external optical bypass device can be installed either inside the Cisco SCE 8000 chassis or be rack-mounted externally. The external optical bypass device can also be controlled manually by specific CLI commands.
Under normal operating conditions, traffic flows through the link as usual, with the exception that the optical bypass module sits on the link (see Figure 3-9).
Figure 3-9 Optical Bypass Under Normal Operating Conditions
If the Cisco SCE 8000 platform fails, traffic flows through the optical bypass module, bypassing the SCE 8000, so that traffic on the link is maintained (see Figure 3-10).
Figure 3-10 Optical Bypass Under Failure Conditions
Note In cascade configuration, installation of the optical bypass module is highly recommended.
This optical bypass module can be added to link without altering the basic characteristics of the topology. (The installation procedure and the actual connections are somewhat different when the optical bypass module is used, see "Optical Bypass Module Connectivity" section.)
For more information about the external bypass module, see "The Cisco SCE 8000 Optical Bypass" section.
See the following sections to determine the correct values for all topology-related parameters before beginning to run the initial setup of the Cisco SCE 8000:
•Connection Mode Parameter
•On-Failure Mode Parameter
There are four topology-related parameters:
•Connection mode—Can be any one of the following, depending on the physical installation of the Cisco SCE 8000 (See Connection Mode Parameter):
–Inline—single Cisco SCE 8000 inline
–Receive-only—single Cisco SCE 8000 receive-only
–Inline-cascade—two inline Cisco SCE 8000 platforms cascaded
–Receive-only-cascade—two receive-only Cisco SCE 8000 platforms cascaded
•sce-id—In cascaded topologies, defines which link is connected to this SCE platform.
The sce-id parameter, which identifies the SCE platform, replaces the physically-connected-link parameter, which identified the link. This change was required with the introduction of the
Cisco SCE 8000 GBE platform, which supports multiple links.
In the Cisco SCE 8000 10 GBE, the number assigned to the sce-id parameter (0 or 1) is defined as the of number of the physically connected link.
Note For backward compatibility, the physically-connected-links parameter is currently still recognized.
•Priority—This parameter defines which is the primary Cisco SCE 8000 (See Priority.)
It is applicable only in a cascade topology
•On-failure—This parameter determines whether the system cuts the traffic or bypasses it when the Cisco SCE 8000 either has failed or is booting. Traffic bypass can be achieved either through the external optical bypass device or through the internal bypass mechanism of the SPA interface processor. It is not applicable to receive-only topologies. (See the "On-Failure Mode Parameter" section.)
These parameters are configured via the connection-mode command.
Connection Mode Parameter
The connection mode parameter refers directly to the physical topology in which the Cisco SCE 8000 is installed. The connection mode depends on two factors:
–Inline—Cisco SCE 8000 resides on the data link between the subscriber side and the network side, thus both receiving and transmitting packets.
–Receive-only—Cisco SCE 8000 does not reside physically on the data link. Data is forwarded to the Cisco SCE 8000 via an external optical splitter. The Cisco SCE 8000 itself only receives and does not transmit.
•Cascade—Indicates a two Cisco SCE 8000 topology where the two Cisco SCE 8000 platforms are connected via the cascade ports.
The connection mode parameter is determined by the physical deployment of the Cisco SCE 8000, as follows:
•Single Cisco SCE 8000 inline installation = Inline connection mode.
•Single Cisco SCE 8000 optical splitter installation = Receive-only connection mode.
•Two-platform cascaded Cisco SCE 8000 inline installation = Inline-cascade connection mode.
•Two-platform cascaded Cisco SCE 8000 optical splitter installation = Receive-only-cascade connection mode.
A cascade topology supports two traffic links. In the Cisco SCE 8000 10 GBE, this parameter defines which link is connected to which Cisco SCE 8000 platform. The name of the parameter refers to its use in the Cisco SCE 8000 GBE platform, for which it actually defines a specific SCE platform. However, in the case of the Cisco SCE 8000 10 GBE, simply specify the number of the physically connected link for this parameter. Assign a value of 0 or 1.
Tip Alternatively, you can still use the physically-connected-links parameter, which is still supported for backward compatibility. Assign a value of link-0 or link-1.
In a cascade topology, the user must define the priority of each Cisco SCE 8000:
•Primary—Primary Cisco SCE 8000 is active by default
•Secondary—Secondary Cisco SCE 8000 is the default standby
These defaults apply only when both devices are started together. However, if the primary Cisco SCE 8000 fails and then recovers, it does not revert to active status, but remains in standby status, while the secondary device remains active.
On-Failure Mode Parameter
The on-failure mode parameter configures the action taken by a failed box when a failure is detected.
As described in the "Internal Bypass Mechanism" section, the SPA Interface Processor card supports three different modes. The Bypass and Cutoff modes are possible when the Cisco SCE 8000 is not operational because of platform failure or boot. The Forwarding mode enables control of traffic flow and is not compatible with the non-operational status.
The following on-failure modes are possible:
•Bypass—The SPA interface card forwards traffic between the two ports of each link with no intervention of the control application running in the Cisco SCE 8000 platform. This is also known as 'electrical bypass'.
In a cascade setup, this allows the traffic of the link connected to the failed box to be passed to the active box for processing.
•Cutoff—There is no forwarding of traffic. The link is forced down, resulting in traffic cutoff at Layer1.
•External-bypass—The external optical bypass device is used to bypass traffic, maintaining link continuity at all times.
In a single Cisco SCE 8000 topology, the value of this parameter is determined by whether or not the link can be completely cut when the Cisco SCE 8000 fails, or whether traffic flow should continue across the link in spite of platform failure. In the latter case, the External-bypass mode is the recommended setting, and is therefore the default value for the on-failure mode parameter.
In a dual cascaded Cisco SCE 8000 topology, the default on-failure mode is Bypass, because it preserves full traffic processing functionality on both links in most single box failures (as long as the SPA interface card is functioning properly).
•Cutoff mode is suggested for the following:
–Non-redundant inline topology if value-added services (such as security) are crucial and are more important than maintaining connectivity.
•Bypass mode is suggested for the following:
–Non-redundant inline topology if connectivity is of high importance.
–In redundant inline setups, if cutoff or traffic loss on a single link for a period of up to 10 minutes (during a rare event of a SPA interface card failure) can be tolerated.
•External-bypass mode is suggested for the following:
–Non-redundant inline topology if connectivity is crucial.
–Redundant inline setups, if connectivity is crucial. When this mode is used, the link connected to the failed box is not serviced, and the other link operates with asymmetric routing functionality.
Asymmetric Routing Topology
In some Service Control deployments, asymmetrical routing occurs between potential service control insertion points. Asymmetrical routing can cause a situation in which the two directions of a bi-directional flow pass through different SCE platforms, resulting in each SCE platform seeing only one direction of the flow (either the inbound traffic or the outbound traffic).
This problem is typically solved by connecting the two SCE platforms in cascade mode (or through an MGSCP cluster), thereby making sure that both directions of a flow run through the same SCE platform. However, this is sometimes not feasible, because the SCE platforms sharing the split flow are geographically remote (especially common upon peering insertion). In this type of scenario, the asymmetric routing solution enables the SCE platform to handle such traffic, allowing SCA BB to classify traffic based on a single direction and to apply basic reporting and global control features to uni-directional traffic.
Asymmetric Routing and Other Service Control Capabilities
Asymmetric routing can be combined with most other Service Control capabilities; however, there are some exceptions.
Service Control capabilities that cannot be used in an asymmetric routing topology include the following:
•Any kind of subscriber integration. (Use subscriber-less mode or anonymous subscriber mode instead.)