CISCO ASR 9000 Series Router Broadband Network Gateway Overview User Guide

Broadband Network Gateway Overview

This chapter provides an overview of the Broadband Network Gateway (BNG) functionality implemented on the Cisco ASR 9000 Series Router.
Table 1: Feature History for Broadband Network Gateway Overview

Release 6.1.2

| Added BNG support for these hardware:
•  A9K-8X100G-LB-SE
•  A9K-8X100GE-SE
•  A9K-4X100GE-SE
•  A9K-MOD200-SE
•  A9K-MOD400-SE
•  A9K-MPA-1x100GE
•  A9K-MPA-2x100GE
•  A9K-MPA-20x10GE
Release 6.1.2| Added BNG support for the use of Cisco NCS 5000 Series Router as a satellite.
Release 6.1.2| Added BNG smart licensing feature.
Release 6.2.2| Added the support for BNG Geo Redundancy over Cisco NCS 5000 Series Router satellite.
Release 6.2.2| Added BNG support for the following hardware:
•  A9K-48X10GE-1G-SE
•  A9K-24X10GE-1G-SE

Understanding BNG

Broadband Network Gateway (BNG) is the access point for subscribers, through which they connect to the broadband network. When a connection is established between BNG and Customer Premise Equipment (CPE), the subscriber can access the broadband services provided by the Network Service Provide (NSP) or Internet Service Provider (ISP).
BNG establishes and manages subscriber sessions. When a session is active, BNG aggregates traffic from various subscriber sessions from an access network, and routes it to the network of the service provider.
BNG is deployed by the service provider and is present at the first aggregation point in the network, such as the edge router. An edge router, like the Cisco ASR 9000 Series Router, needs to be configured to act as the BNG. Because the subscriber directly connects to the edge router, BNG effectively manages subscriber access, and subscriber management functions such as:

• Authentication, authorization and accounting of subscriber sessions
• Address assignment
• Security
• Policy management
• Quality of Service (QoS)

Some benefits of using BNG are:

• The BNG router not only performs the routing function but also communicates with authentication, authorization, and accounting (AAA) server to perform session management and billing functions. This makes the BNG solution more comprehensive.
• Different subscribers can be provided different network services. This enables the service provider to customize the broadband package for each customer based on their needs.

BNG Architecture

The goal of the BNG architecture is to enable the BNG router to interact with peripheral devices (like CPE) and servers (like AAA and DHCP), in order to provide broadband connectivity to subscribers and manage subscriber sessions. The basic BNG architecture is shown in this figure.

Figure 1: BNG Architecture

The BNG architecture is designed to perform these tasks:

• Connecting with the Customer Premise Equipment (CPE) that needs to be served broadband services.
•  Establishing subscriber sessions using IPoE or PPPoE protocols.
• Interacting with the AAA server that authenticates subscribers, and keeps an account of subscriber sessions.
• Interacting with the DHCP server to provide IP address to clients.
• Advertising the subscriber routes.

The five BNG tasks are briefly explained in the following sections.

Connecting with the CPE
BNG connects to the CPE through a multiplexer and Home Gateway (HG). The CPE represents the triple play service in telecommunications, namely, voice (phone), video (set top box), and data (PC). The individual subscriber devices connect to the HG. In this example, the subscriber connects to the network over a Digital Subscriber Line (DSL) connection. Therefore, the HG connects into a DSL Access Multiplexer (DSLAM).
Multiple HGs can connect to a single DSLAM that sends the aggregated traffic to the BNG router. The BNG router routes traffic between the broadband remote access devices (like DSLAM or Ethernet Aggregation Switch) and the service provider network.

Establishing Subscriber Sessions
Each subscriber (or more specifically, an application running on the CPE) connects to the network by a logical session. Based on the protocol used, subscriber sessions are classified into two types:

• PPPoE subscriber session—The PPP over Ethernet (PPPoE) subscriber session is established using the point-to-point (PPP) protocol that runs between the CPE and BNG.
• IPoE subscriber session—The IP over Ethernet (IPoE) subscriber session is established using IP protocol that runs between the CPE and BNG; IP addressing is done using the DHCP protocol.

Interacting with the RADIUS Server
BNG relies on an external Remote Authentication Dial-In User Service (RADIUS) server to provide subscriber Authentication, Authorization, and Accounting (AAA) functions. During the AAA process, BNG uses RADIUS to:

•  authenticate a subscriber before establishing a subscriber session
• authorize the subscriber to access specific network services or resources
• track usage of broadband services for accounting or billing

The RADIUS server contains a complete database of all subscribers of a service provider, and provides subscriber data updates to the BNG in the form of attributes within RADIUS messages. BNG, on the other hand, provides session usage (accounting) information to the RADIUS server. For more information about RADIUS attributes, see RADIUS Attributes.
BNG supports connections with more than one RADIUS server to have fail over redundancy in the AAA process. For example, if RADIUS server A is active, then BNG directs all messages to the RADIUS server A. If the communication with RADIUS server A is lost, BNG redirects all messages to RADIUS server B.
During interactions between the BNG and RADIUS servers, BNG performs load balancing in a round-robin manner. During the load balancing process, BNG sends AAA processing requests to RADIUS server A only if it has the bandwidth to do the processing. Else, the request is send to RADIUS server B.

Interacting with the DHCP Server
BNG relies on an external Dynamic Host Configuration Protocol (DHCP) server for address allocation and client configuration functions. BNG can connect to more than one DHCP server to have fail over redundancy in the addressing process. The DHCP server contains an IP address pool, from which it allocates addresses to the CPE.
During the interaction between BNG and the DHCP server, BNG acts as a DHCP relay or DHCP proxy.
As the DHCP relay, BNG receives DHCP broadcasts from the client CPE, and forwards the request to the DHCP server.
As the DHCP proxy, BNG itself maintains the address pool by acquiring it from DHCP server, and also manages the IP address lease. BNG communicates on Layer 2 with the client Home Gateway, and on Layer 3 with the DHCP server.
The DSLAM modifies the DHCP packets by inserting subscriber identification information. BNG uses the identification information inserted by the DSLAM, as well as the address assigned by the DHCP server, to identify the subscriber on the network, and monitor the IP address lease.
Advertising Subscriber Routes
For optimal performance in design solutions where the Border Gateway Protocol (BGP) advertises the subscriber routes, the BNG advertises the entire subnet designated to the subscribers using the network command in the BGP configuration.
The BNG redistributes the individual subscriber routes only in scenarios where the Radius server assigns the IP address to a subscriber and there is no way to know to which BNG that particular subscriber will connect.

BNG Role in ISP Network Models

The role of BNG is to pass traffic from the subscriber to the ISP. The manner in which BNG connects to the
ISP depends on the model of the network in which it is present. There are two types of network models:

•  Network Service Provider, on page 5
• Access Network Provider, on page 5

Network Service Provider
The following figure shows the topology of a Network Service Provider model.

In the Network Service Provider model, the ISP (also called the retailer) directly provides the broadband connection to the subscriber. As shown in the above figure, BNG is at the edge router, and its role is to connect to the core network through uplinks.
Access Network Provider
The following figure shows the topology of a Access Network Provider model.

In the Access Network Provider model, a network carrier (also called the wholesaler) owns the edge network infrastructure, and provides the broadband connection to the subscriber. However, the network carrier does not own the broadband network. Instead, the network carrier connects to one of the ISPs that manage the broadband network.
BNG is implemented by the network carrier and its role is to hand the subscriber traffic off to one of several ISPs. The hand-off task, from the carrier to the ISP, is implemented by Layer 2 Tunneling Protocol (L2TP) or Layer 3 Virtual Private Networking (VPN). L2TP requires two distinct network components:

• L2TP Access Concentrator (LAC)—The LAC is provided by the BNG.
• L2TP Network Server (LNS)—The LNS is provided by the ISP.

BNG Packaging

The BNG pie, asr9k-bng-px.pie can be installed and activated on the Cisco ASR 9000 Series Router to access the BNG features. The install, uninstall, activate and deactivate operations can be performed without rebooting the router.
It is recommended that the relevant BNG configurations be removed from the running configuration of the router, before uninstalling or deactivating the BNG pie.
Installing and Activating the BNG Pie on Cisco ASR 9000 Series Router
Perform this task to install and activate the BNG pie on the Cisco ASR 9000 Series Router:

SUMMARY STEPS

1. admin
2.  install add {pie_location | source | tar}
3.  install activate {pie_name | id}

DETAILED STEPS

| Command or Action| Purpose
---|---|---
Step 1| admin
Example:
RP/0/RSP0/CPU0:router# admin| Enters the administration mode.
Step 2| install add { _pielocation | source | tar }
Example:
RP/0/RSP0/CPU0:router(admin)# install add tftp://223.255.254.254/softdir /asr9k-bng-px.pie| Installs the pie from the tftp location, on to the Cisco ASR 9000 Series Router.
Step 3| install activate { _piename | id }
Example:
RP/0/RSP0/CPU0:router(admin)# install activate asr9k-bng-px.pie| Activates the installed pie on the Cisco ASR 9000 Series Router.

What to do next

Note

During upgrade from Release 4.2.1 to Release 4.3.0, it is recommended that the Cisco ASR 9000 base image pie (asr9k-mini-px.pie) is installed prior to installing the BNG pie (asr9k-bng-px.pie).
After BNG pie is installed, you must copy BNG related configurations from the flash or tftp location to the router. If BNG pie is deactivated and activated again, then load the removed BNG configurations by executing the load configuration removed command from the configuration terminal.
Note
Most of the BNG feature configurations are moved to a new namespace partition, and hence BNG features are not available by default now. To avoid inconsistent BNG configurations before, or after installing the BNG pie, run the clear configuration inconsistency command, in EXEC mode.

BNG Configuration Process

Configuring BNG on the Cisco ASR 9000 Series Router involves these stages:

• Configuring RADIUS Server—BNG is configured to interact with the RADIUS server for authentication, authorization, and accounting functions. For details, see Configuring Authentication, Authorization, and Accounting Functions.
• Activating Control Policy—Control policies are activated to determine the action that BNG takes when specific events occur. The instructions for the action are provided in a policy map. For details, see Activating Control Policy.
• Establishing Subscriber Sessions—Configurations are done to set up one or more logical sessions, from the subscriber to the network, for accessing broadband services. Each session is uniquely tracked and managed. For details, see Establishing Subscriber Sessions.
• Deploying QoS—Quality of Service (QoS) is deployed to provide control over a variety of network applications and traffic types. For example, the service provider can have control over resources (example bandwidth) allocated to each subscriber, provide customized services, and give priority to traffic belonging to mission-critical applications. For details, see Deploying the Quality of Service (QoS).
• Configuring Subscriber Features—Configurations are done to activate certain subscriber features that provide additional capabilities like policy based routing, access control using access list and accessgroups, and multicast services. For details, see Configuring Subscriber Features.
• Verifying Session Establishment—Established sessions are verified and monitored to ensure that connections are always available for use. The verification is primarily done using “show” commands. Refer to the Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference guide for the list of various “show” commands.

To use a BNG command, you must be in a user group associated with a task group that includes the proper task IDs. The Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Command Reference guide includes the task IDs required for each command. If you suspect that the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Restriction
The Select VRF Download (SVD) must be disabled, when BNG is configured. For more information about SVD, see the Cisco IOS XR Routing Configuration Guide for the Cisco XR 12000 Series Router.

Hardware Requirements for BNG

These hardwares support BNG:

• The Satellite Network Virtualization (nV) system.
• The route switch processors, RSP-440, RSP-880 and RSP-880-LT-SE.
• The route processor, A99-RP-SE, A99-RP2-SE, on the Cisco ASR 9912 and the Cisco ASR 9922 chassis.
• The below table lists the Line Cards and Modular Port Adapters that support BNG.

Table 2: Line Cards and Modular Port Adapters Supported on BNG

4-Port 10-Gigabit Ethernet, 16-Port Gigabit Ethernet Line Card, 40G Service Edge Optimized| A9K-4T16GE-SE
Cisco ASR 9000 High Density 100GE Ethernet line cards:

•  Cisco ASR 9000 8-port 100GE “LAN-only” Service Edge Optimized Line Card, Requires CPAK optics
•  Cisco ASR 9000 8-port 100GE
“LAN/WAN/OTN” Service Edge Optimized Line Card, Requires CPAK optics
•  Cisco ASR 9000 4-port 100GE
“LAN/WAN/OTN” Service Edge Optimized Line Card, Requires CPAK optics

| A9K-8X100G-LB-SE A9K-8x100GE-SE A9K-4x100GE-SE
Cisco ASR 9000 Series 24-port dual-rate 10GE/1GE service edge–optimized line cards| A9K-24X10-1GE-SE
Cisco ASR 9000 Series 48-port dual-rate 10GE/1GE service edge–optimized line cards| A9K-48X10-1GE-SE
80 Gigabyte Modular Line Card, Service Edge Optimized| A9K-MOD80-SE
160 Gigabyte Modular Line Card, Service Edge Optimized| A9K-MOD160-SE
20-Port Gigabit Ethernet Modular Port Adapter (MPA)| A9K-MPA-20GE
ASR 9000 200G Modular Line Card, Service Edge Optimized, requires modular port adapters| A9K-MOD200-SE
ASR 9000 400G Modular Line Card, Service Edge Optimized, requires modular port adapters| A9K-MOD400-SE
2-port 10-Gigabit Ethernet Modular Port Adapter (MPA)| A9K-MPA-2X10GE
4-Port 10-Gigabit Ethernet Modular Port Adapter (MPA)| A9K-MPA-4X10GE
ASR 9000 20-port 10-Gigabit Ethernet Modular Port Adapter, requires SFP+ optics| A9K-MPA-20x10GE
2-port 40-Gigabit Ethernet Modular Port Adapter (MPA)| A9K-MPA-2X40GE
Product Description| Part Number
---|---
1-Port 40-Gigabit Ethernet Modular Port Adapter (MPA)| A9K-MPA-1X40GE
ASR 9000 1-port 100-Gigabit Ethernet Modular Port Adapter, requires CFP2-ER4 or CPAK optics| A9K-MPA-1x100GE
ASR 9000 2-port 100-Gigabit Ethernet Modular Port Adapter, requires CFP2-ER4 or CPAK optics| A9K-MPA-2x100GE

BNG Interoperability

The BNG interoperability allows BNG to exchange and use information with other larger heterogeneous networks. These are the key features:

• BNG Coexists with ASR9001:
  ASR9001 is a standalone high processing capability router that comprises of a route switch processor (RSP), linecards (LC), and ethernet plugs (EPs). All BNG features are fully supported on the ASR9001 chassis.

• BNG Supports nV Satellite:
  The only topology that is supported with BNG-nV Satellite is – bundled Ethernet ports on the CPE side of the Satellite node connected to the Cisco ASR 9000 through non-bundle configuration (static-pinning).
  That is,
  CPE — Bundle — [Satellite] — Non Bundle ICL — ASR9K
  Although the following topology is supported on Satellite nV System (from Cisco IOS XR Software
  Release 5.3.2 onwards), it is not supported on BNG:

• Bundled Ethernet ports on the CPE side of the satellite node, connected to the Cisco ASR 9000 through bundle Ethernet connection.
  From Cisco IOS XR Software Release 6.1.2 and later, BNG supports the use of Cisco NCS 5000 Series
  Router as a Satellite.
  From Cisco IOS XR Software Release 6.2.2 and later, the BNG geo redundancy feature is supported on the Cisco IOS XR 32 bit operating system with the Cisco NCS 5000 Series satellite. Whereas, the same remains unsupported for Cisco ASR 9000v satellite. For details, see BNG Geo Redundancy chapter in Cisco ASR 9000 Series Aggregation Services Router Broadband Network Gateway Configuration Guide. For details on nV Satellite configuration, see nV System Configuration Guide for Cisco ASR 9000 Series
  Routers located here.

• BNG interoperates with Carrier Grade NAT (CGN):
  To address the impending threat from IPv4 address space depletion, it is recommended that the remaining or available IPv4 addresses be shared among larger numbers of customers. This is done by using CGN, which primarily pulls the address allocation to a more centralized NAT in the service provider network. NAT44 is a technology that uses CGN and helps manage depletion issues of the IPv4 address space. BNG supports the ability to perform NAT44 translation on IPoE and PPPoE-based BNG subscriber sessions.

Note

For BNG and CGN interoperability, configure the BNG interface and the application service virtual interface (SVI) on the same VRF instance.

Restrictions

• Only bundle access with non-bundle ICLs are supported for BNG interfaces over Satellite nV System access interfaces.

BNG Smart Licensing

BNG supports Cisco Smart Software Licensing that provides a simplified way for the customers to purchase licenses and to manage them across their network. This provides a customizable consumption-based model that aligns to the network growth of the customer. It also provides the flexibility to quickly modify or upgrade software feature configurations to deploy new services over time.
For more information about Cisco Smart Software Licensing, see Software Entitlement on the Cisco ASR 9000 Series Router chapter of System Management Configuration Guide for Cisco ASR 9000 Series Routers.
For latest updates, refer the latest version of guides present in http://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xr-software /products-installation-and-configuration-guides-list.html.
BNG Smart Licensing supports Geo redundancy as well as non-Geo redundancy subscriber sessions. One license is required for every group of 8000 subscribers or a fraction of it. For example, two licenses are required for 9000 subscribers.
These are the software license PIDs for BNG:

• S-A9K-BNG-LIC-8K —for non-geo redundancy sessions
• S-A9K-BNG-ADV-8K —for geo redundancy sessions

You can use the show sessionmon license command to display the subscriber session statistics.

References

• Cisco IOS XR Software - Configuration Guides - Cisco
• Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide, Release 6.0.x - Software Entitlement [Cisco IOS XR Software (End-of-Sale)] - Cisco

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>