CPC architecture overview

CPC overview

Converged Policy and Charging (CPC) is a cloud-native network function (CNF) that provides unified, 3GPP-compliant policy control for both 4G and 5G networks. It integrates subscriber authentication, authorization, accounting (AAA), and policy management into a single, streamlined solution.

Benefits:

  • Simplified Migration: CPC eliminates the need for manual migration of user subscriptions during the transition from 4G to 5G.

  • Reduced Network Complexity: It supports incremental deployment of Standalone (SA) 5G networks by removing the requirement for complex inter-circle mesh connectivity, thus facilitating smoother network evolution.

System Composition:

  • CPC offers a containerized, cloud-native architecture based on a three-tier microservices framework.

  • It supports AAA components using RADIUS servers for subscriber management, with protocol, service, and session tiers managing authentication, authorization, accounting, and data persistence.

  • The solution includes operational tools such as Policy Builder and Ops-Center for configuration and management, integrated with Cisco Cloud Native Data Plane (CNDP) services for logging, metrics, and alerts.

CPC architecture

Cloud native AAA (cnAAA) is one of the components of Converged Policy and Charging (CPC). cnAAA integrates AAA components within a three-tier micro services framework. This architecture helps you manage tasks related to authentication, authorization, and accounting.

Figure 1. cnAAA architecture

Key Capabilities

The cnAAA implementation provides these capabilities:

  • Protocol Tier: AAA services use the RADIUS Endpoint protocol. RADIUS endpoints manage protocol interactions. These endpoints forward requests from the Broadband Network Gateway (BNG) to the policy service and relay responses back to the BNG.

  • Service Tier: The AAA engine handles authentication, authorization, and proxy accounting messages. It manages AAA call flow procedures and selects policies for BNG based on subscriber profiles.

  • Session Tier: cnAAA uses MongoDB and a CDL endpoint to store data. The system includes an in-memory session store and a subscriber profile database that persists to disk.

  • Operations, Administration, and Maintenance (OAM): Ops-Center serves as the console for configuring and administering cnAAA. It supports CLI and RESTCONF API. Ops-Center enhancements include system configuration capabilities. You can configure the number of RADIUS endpoints and fine-tune buffers, queues, and thread pools for AAA services.

    These OAM components are part of the Cisco Cloud Native Data Plane (CNDP) integration. CNDP provides common execution environment services for the cnAAA system.

    • Policy Builder (GUI/API): It is enhanced to manage AAA services and configurations. Enhancements include use case templates, service options, and subscriber-triggered groups (STG).

    • Custom Resource Definitions (CRD): Enable data-driven policy implementations through extensible CRD components. The CRD components are extensible, so customers can add new CRD tables as needed.

    • Integration with Common Execution Environment (CEE): The AAA implementation integrates with CEE services. These services include centralized logging, metrics collection using Prometheus, KPI dashboards with Grafana, and alerts.


Note

cnAAA provides support exclusively for features related to RADIUS. This document uses the terms CPC and cnAAA interchangeably.

Components

This section provides an overview of the functional components that comprise the cnAAA architecture. It defines the roles of elements in the external endpoint, processing, configuration, and storage layers. This overview illustrates how the system manages network traffic, applies policy logic, and ensures data persistence.

Figure 2. CPC architecture components

The cnAAA comprises of these components:

  1. External endpoint

    • Unified Load Balancer (ULB) is a Network Function (NF) that manages the distribution of incoming RADIUS traffic to RADIUS endpoints deployed on worker nodes. The ULB ensures high availability and reliability across the network infrastructure.

    • RADIUS-EP: A microservice that provides a channel for inbound and outbound RADIUS messages.

  2. Processing layer

    • Engine: This component hosts the business logic and drives the rules engine to make policy decisions.

    • gRPC: This framework enables internal processes to communicate and synchronize events.

  3. Configurations

    • Policy Builder: Allows the configuration of Engine pods, services, and advanced policy rules.

    • CPC Central: A unified GUI that you use to configure the Policy Builder, manage custom reference table data, and access web-based applications such as Grafana and the Control Center.

    • Ops-Center: Allows to configure and manage the applications and pods configuration.

    • etcd: Stores the RADIUS-EP configurations.

  4. Storage layer

    • MongoDB: Stores subscriber-specific data and CRD configuration data.

    • Cisco Data Layer (CDL): A dedicated in-memory database used for session persistence.