CPC Overview

CPC architecture

Converged Policy and Charging (CPC), also known as the cloud-native AAA (cnAAA) system, integrates AAA components within a three-tier micro services framework. This architecture improves how you manage authentication, authorization, and accounting tasks.

Figure 1. cnAAA architecture

Key Capabilities

The cnAAA implementation provides these capabilities:

  • Protocol Tier: AAA services use the RADIUS Endpoint protocol. RADIUS endpoints manage protocol interactions. These endpoints forward requests from the Broadband Network Gateway (BNG) to the policy service and relay responses back to the BNG.

  • Service Tier: The AAA engine handles authentication, authorization, and proxy accounting messages. It manages AAA call flow procedures and selects policies for BNG based on subscriber profiles.

  • Session Tier: cnAAA uses MongoDB and a CDL endpoint to store data. The system includes an in-memory session store and a subscriber profile database that persists to disk.

  • Operations, Administration, and Maintenance (OAM): Ops-Center serves as the console for configuring and administering cnAAA. It supports CLI and RESTCONF API. Ops-Center enhancements include system configuration capabilities. You can configure the number of RADIUS endpoints and fine-tune buffers, queues, and thread pools for AAA services.

    These OAM components are part of the Cisco Cloud Native Data Plane (CNDP) integration. CNDP provides common execution environment services for the cnAAA system.

    • Policy Builder (GUI/API): It is enhanced to manage AAA services and configurations. Enhancements include use case templates, service options, and subscriber-triggered groups (STG).

    • Custom Resource Definitions (CRD): Enable data-driven policy implementations through extensible CRD components. The CRD components are extensible, so customers can add new CRD tables as needed.

    • Integration with Common Execution Environment (CEE): The AAA implementation integrates with CEE services. These services include centralized logging, metrics collection using Prometheus, KPI dashboards with Grafana, and alerts.


Note

CPC, also referred to as cnAAA (cloud native AAA), supports only RADIUS-related features. In this document, the terms CPC and cnAAA will be used interchangeably.

Components

This section provides an overview of the functional components that comprise the cnAAA architecture. It defines the roles of elements in the external endpoint, processing, configuration, and storage layers. This overview illustrates how the system manages network traffic, applies policy logic, and ensures data persistence.

Figure 2. CPC architecture components

The cnAAA comprises of these components:

  1. External endpoint

    • Unified Load Balancer (ULB) is a Network Function (NF) that manages the distribution of incoming RADIUS traffic to RADIUS endpoints deployed on worker nodes. The ULB ensures high availability and reliability across the network infrastructure.

    • RADIUS-EP: A microservice that provides a channel for inbound and outbound RADIUS messages.

  2. Processing layer

    • Engine: This component hosts the business logic and drives the rules engine to make policy decisions.

    • gRPC: This framework enables internal processes to communicate and synchronize events.

  3. Configurations

    • Policy Builder: Allows the configuration of Engine pods, services, and advanced policy rules.

    • CPC Central: A unified GUI that you use to configure the Policy Builder, manage custom reference table data, and access web-based applications such as Grafana and the Control Center.

    • Ops-Center: Allows to configure and manage the applications and pods configuration.

    • etcd: Stores the RADIUS-EP configurations.

  4. Storage layer

    • MongoDB: Stores subscriber-specific data and CRD configuration data.

    • Cisco Data Layer (CDL): A dedicated in-memory database used for session persistence.