![Page 1: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/1.jpg)
Policy Management with BandWise
Matt Reath, Director of Sales EngineeringCCIE #27316 (SP)
CCI Systems
![Page 2: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/2.jpg)
Agenda
• Overview of Policy Management• Policy Control with Cisco ISG/BNG• Introduction to CCI’s BandWise Product
![Page 3: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/3.jpg)
Why do we need policy management?
• More and more services are being deployed on converged IP networks
• Growing bandwidth consumption by users• Customer experience is high priority• Network must be “session” aware and able to
apply custom parameters to each session• Each session tracked in order to apply QoS and
security
![Page 4: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/4.jpg)
• Initial drivers– Bandwidth metering and monthly caps– Recoup costs of increasing subscriber data usage– Session/Subscriber identification (MAC, VLAN, Option 82,
etc.)• Additional value adds– Network intelligence, reporting– Peak-time bandwidth control– Subscriber self-service– WiFi hotspot portals/credit card authorization– Per subscriber services (QoS, VRF, access control)
Policy Management
![Page 5: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/5.jpg)
• Intelligent Services Gateway (ISG)– Cisco ASR1000, Cisco 7200, Cisco 10000
• Broadband Network Gateway (BNG)– Cisco ASR9000 w/Typhoon line cards
Cisco Router Support
![Page 6: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/6.jpg)
How does it work?
ISG Router
Internet
RADIUS Server
Data sent
RADIUS Auth
RADIUS Accept
Data sent
Data received
RADIUS Acct
RADIUS CoA
![Page 7: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/7.jpg)
Configuration
aaa authentication login AUTHEN_LIST group AAA_GROUPaaa authorization network AUTHOR_LIST group AAA_GROUP aaa authorization subscriber-service default local group AAA_GROUP aaa accounting update periodic 1aaa accounting network ACCNT_LIST start-stop group AAA_GROUP
aaa group server radius AAA_GROUP server 192.168.60.202 auth-port 1812 acct-port 1813
RADIUS
policy-map type control ISG_CTRL_POLICY class type control IP_UNAUTH_COND event timed-policy-expiry 10 service disconnect ! class type control always event session-start 10 authorize aaa list AUTHOR_LIST password cisco identifier circuit-id 40 set-timer IP_UNAUTH_TIMER 10 100 service disconnect ! class type control always event account-logon 10 authenticate aaa list AUTHEN_LIST ! class type control always event account-logoff 10 service disconnect delay 5 ! class type control always event session-restart 10 authorize aaa list AUTHOR_LIST password cisco identifier circuit-id 40 set-timer IP_UNAUTH_TIMER 10 !
Policy
Interfaceinterface GigabitEthernet0/0/1.400 encapsulation dot1Q 400 ip dhcp relay information trusted ip address 192.168.240.1 255.255.255.0 ip helper-address 192.168.60.202 ip nat inside service-policy type control ISG_CTRL_POLICY ip subscriber l2-connected initiator dhcp
![Page 8: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/8.jpg)
CCI Confidential
• Built upon Cisco’s ISG (ASR1000) and BNG (ASR9000) feature set(s)
• Includes: RADIUS, Policy Server, Web management, Reporting, API access, Customizable portals, and notifications (email, SMS, etc.)
• Customizable web portals for WiFi/unauthenticated user scenarios – access code, username/password, pay for access (authorize.net)
• Managed service – CCI manages the server hardware, provides support, keeps system up-to-date, and provides customization
• JSON-based API for further automation tasks
![Page 9: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/9.jpg)
CCI Confidential
BandWise Overview
BandWisePolicyEngine
ISG/BNG Router
RADIUS
WEB
API
Billing/OSSAutomation Tools
Subscriber/PortalSystem Manager/CSR
WEB
![Page 10: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/10.jpg)
CCI Confidential
• Dashboard
• Overall system graphs
• Links to all management functions
• Top talkers widget
• Quick access icons
BandWise Dashboard
![Page 11: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/11.jpg)
CCI Confidential
• Policy Management
– Download/upload speeds
– Peak time caps
– Monthly caps
• Bandwidth Caps
– Create thresholds and cap periods
– Flexible reaction system
• Reaction policies
• Notifications
• Shutoff
Policy Management
![Page 12: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/12.jpg)
CCI Confidential
• Account creation
• View individual bandwidth cap infractions
• See overall bandwidth usage for each device on account or aggregate
• Assign Group or Policy
• Add/remove/edit devices associated with account
– MAC Address
– Option 82
– VLAN
Account Management
![Page 13: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/13.jpg)
CCI Confidential
• Client captive portal w/ credit card purchase, subscriber login, and access codes
• WiFi Hotspot Applications
Captive Portal
![Page 14: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/14.jpg)
CCI Confidential
• Syslog, email, SNMP trap, and SMS notifications
• SFTP support for scheduled subscriber imports
• Full-featured API facilitates billing system integrations
BandWise Administration
![Page 15: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/15.jpg)
CCI Confidential
Reporting
• Network Bandwidth
• Bandwidth Infractions
• Top Talkers
• Captive Portal Logins
• Captive Portal Purchases
• Scheduled Reporting
![Page 16: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/16.jpg)
CCI Confidential
• Provides storage and maintenance advantages
– CCI manages updates to the system via push from Cloud
– Data is stored locally and in the Cloud; resulting in quicker restoration of data
• Calculation, authentication, and enforcement functions operate on local redundant server pair
• Web interface, management, update, reporting, and graphing functions operate in CCI’s cloud service
Cloud Architecture
![Page 17: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/17.jpg)
CCI Confidential
1 – ISG/BNG router
2 – Redundant Bandwise Servers
3 – Redundant management switches
4 – Single or redundant VPN gateways
5 – Redundant VPN gateway into CCI cloud
6 – Load balancers
7 – Cluster of application servers
8 – Cluster of job servers
9 – Cluster of database servers
Cloud Architecture
![Page 18: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/18.jpg)
CCI Confidential
• Management Portal– User authentication
– Dashboard
– Policy management
– Account management
– Group management
– Reports
• Import users and profiles from existing SQL, LDAP, or text file sources
• Manual entry of account, policy, and group information
• Policy enforcement– ISG feature set required
– RADIUS
– Change of Authorization
Phase 1 – Oct ‘12
• Multilevel hierarchy for company/property management
• End-user portal– Subscribers can log-in to
view statistics and information
– Manage devices associated with account
• Sign-on portal– For unauthenticated
devices/WiFi hotspots
– Login to account to add device-or-
– Select option and pay via credit card
– Credit card authorization handled by web service
• Multiple devices per account
• Notifications of cap violations
Phase 2 – Nov ‘12
• Billing System API– JSON-based web service API
– Allows 3rd party development of billing system interface
• Data export options– CSV,XML
• Export delivery via:– SFTP, manual browser
download
• Software redundancy
Phase 3 – Jan ‘13
Beta Feb ‘13 – April ‘13
May 2013 GA Release
Roadmap
![Page 19: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/19.jpg)
CCI Confidential
• Anticipated Features (schedule TBD)
– Mobile device apps for end-user bandwidth reports and alerts (Andriod and iOS)
– CMTS/Cable Network Support (PCMM/IPDR)
– Bug fixes
– Feature updates
– Integration with CCI’s NOC monitoring/managed service packages
Roadmap
![Page 20: BandWise Presentation at IP Possibilities 2013](https://reader033.vdocuments.mx/reader033/viewer/2022061123/54710e17b4af9fb40a8b4a6e/html5/thumbnails/20.jpg)
Thank You!
Visit CCI’s Booth (Booth #307) fora BandWise Demo