How to Check CNIC Information Online with Pakdata cf
BandWise Presentation at IP Possibilities 2013
1. Policy Management with BandWise
Matt Reath, Director of Sales Engineering
CCIE #27316 (SP)
CCI Systems
2. Agenda
• Overview of Policy Management
• Policy Control with Cisco ISG/BNG
• Introduction to CCI’s BandWise Product
3. Why do we need policy management?
• More and more services are being deployed
on converged IP networks
• Growing bandwidth consumption by users
• Customer experience is high priority
• Network must be “session” aware and able to
apply custom parameters to each session
• Each session tracked in order to apply QoS and
security
4. • Initial drivers
– Bandwidth metering and monthly caps
– Recoup costs of increasing subscriber data usage
– Session/Subscriber identification (MAC, VLAN, Option
82, etc.)
• Additional value adds
– Network intelligence, reporting
– Peak-time bandwidth control
– Subscriber self-service
– WiFi hotspot portals/credit card authorization
– Per subscriber services (QoS, VRF, access control)
Policy Management
6. How does it work?
ISG Router
Internet
RADIUS Server
Data sent
RADIUS Auth
RADIUS Accept
Data sent
Data received
RADIUS Acct
RADIUS CoA
7. Configuration
aaa authentication login AUTHEN_LIST group AAA_GROUP
aaa authorization network AUTHOR_LIST group AAA_GROUP
aaa authorization subscriber-service default local group AAA_GROUP
aaa accounting update periodic 1
aaa accounting network ACCNT_LIST start-stop group AAA_GROUP
aaa group server radius AAA_GROUP
server 192.168.60.202 auth-port 1812 acct-port 1813
RADIUS
policy-map type control ISG_CTRL_POLICY
class type control IP_UNAUTH_COND event timed-policy-expiry
10 service disconnect
!
class type control always event session-start
10 authorize aaa list AUTHOR_LIST password cisco identifier circuit-id
40 set-timer IP_UNAUTH_TIMER 10
100 service disconnect
!
class type control always event account-logon
10 authenticate aaa list AUTHEN_LIST
!
class type control always event account-logoff
10 service disconnect delay 5
!
class type control always event session-restart
10 authorize aaa list AUTHOR_LIST password cisco identifier circuit-id
40 set-timer IP_UNAUTH_TIMER 10
!
Policy
Interface
interface GigabitEthernet0/0/1.400
encapsulation dot1Q 400
ip dhcp relay information trusted
ip address 192.168.240.1 255.255.255.0
ip helper-address 192.168.60.202
ip nat inside
service-policy type control ISG_CTRL_POLICY
ip subscriber l2-connected
initiator dhcp
8. • Built upon Cisco’s ISG (ASR1000) and BNG (ASR9000)
feature set(s)
• Includes: RADIUS, Policy Server, Web
management, Reporting, API access, Customizable
portals, and notifications (email, SMS, etc.)
• Customizable web portals for WiFi/unauthenticated user
scenarios – access code, username/password, pay for
access (authorize.net)
• Managed service – CCI manages the server
hardware, provides support, keeps system up-to-
date, and provides customization
• JSON-based API for further automation tasks
CCI Confidential
10. • Dashboard
• Overall system graphs
• Links to all management
functions
• Top talkers widget
• Quick access icons
CCI Confidential
BandWise Dashboard
11. • Policy Management
– Download/upload speeds
– Peak time caps
– Monthly caps
• Bandwidth Caps
– Create thresholds and cap
periods
– Flexible reaction system
• Reaction policies
• Notifications
• Shutoff
CCI Confidential
Policy Management
12. • Account creation
• View individual bandwidth cap
infractions
• See overall bandwidth usage
for each device on account or
aggregate
• Assign Group or Policy
• Add/remove/edit devices
associated with account
– MAC Address
– Option 82
– VLAN
CCI Confidential
Account Management
14. • Syslog, email, SNMP trap, and SMS notifications
• SFTP support for scheduled subscriber imports
• Full-featured API facilitates billing system integrations
CCI Confidential
BandWise Administration
16. • Provides storage and maintenance
advantages
– CCI manages updates to the system
via push from Cloud
– Data is stored locally and in the
Cloud; resulting in quicker
restoration of data
• Calculation, authentication, and
enforcement functions operate on
local redundant server pair
• Web
interface, management, update, rep
orting, and graphing functions
operate in CCI’s cloud service
CCI Confidential
Cloud Architecture
17. 1 – ISG/BNG router
2 – Redundant Bandwise Servers
3 – Redundant management switches
4 – Single or redundant VPN
gateways
5 – Redundant VPN gateway into CCI
cloud
6 – Load balancers
7 – Cluster of application servers
8 – Cluster of job servers
9 – Cluster of database servers
CCI Confidential
Cloud Architecture
18. • Management Portal
– User authentication
– Dashboard
– Policy management
– Account management
– Group management
– Reports
• Import users and
profiles from existing
SQL, LDAP, or text file
sources
• Manual entry of
account, policy, and
group information
• Policy enforcement
– ISG feature set required
– RADIUS
– Change of Authorization
Phase 1 – Oct ‘12
• Multilevel hierarchy for
company/property
management
• End-user portal
– Subscribers can log-in to
view statistics and
information
– Manage devices associated
with account
• Sign-on portal
– For unauthenticated
devices/WiFi hotspots
– Login to account to add
device
-or-
– Select option and pay via
credit card
– Credit card authorization
handled by web service
• Multiple devices per
account
• Notifications of cap
violations
Phase 2 – Nov ‘12
• Billing System API
– JSON-based web service
API
– Allows 3rd party
development of billing
system interface
• Data export options
– CSV,XML
• Export delivery via:
– SFTP, manual browser
download
• Software redundancy
Phase 3 – Jan ‘13
CCI Confidential
Beta Feb ‘13 – April ‘13
May
2013 GA
Release
Roadmap
19. • Anticipated Features (schedule TBD)
– Mobile device apps for end-user bandwidth reports and alerts (Andriod
and iOS)
– CMTS/Cable Network Support (PCMM/IPDR)
– Bug fixes
– Feature updates
– Integration with CCI’s NOC monitoring/managed service packages
CCI Confidential
Roadmap
What do we do? You could say we make the Internet and telephones and TV work for individuals and businesses.We’ve been leaders in the communications industry for more than 50 years and have customers all over the country.[If desired, customize second bullet to include customers similar to prospect]
What do we do? You could say we make the Internet and telephones and TV work for individuals and businesses.We’ve been leaders in the communications industry for more than 50 years and have customers all over the country.[If desired, customize second bullet to include customers similar to prospect]
What do we do? You could say we make the Internet and telephones and TV work for individuals and businesses.We’ve been leaders in the communications industry for more than 50 years and have customers all over the country.[If desired, customize second bullet to include customers similar to prospect]
What do we do? You could say we make the Internet and telephones and TV work for individuals and businesses.We’ve been leaders in the communications industry for more than 50 years and have customers all over the country.[If desired, customize second bullet to include customers similar to prospect]
What do we do? You could say we make the Internet and telephones and TV work for individuals and businesses.We’ve been leaders in the communications industry for more than 50 years and have customers all over the country.[If desired, customize second bullet to include customers similar to prospect]
What do we do? You could say we make the Internet and telephones and TV work for individuals and businesses.We’ve been leaders in the communications industry for more than 50 years and have customers all over the country.[If desired, customize second bullet to include customers similar to prospect]
What do we do? You could say we make the Internet and telephones and TV work for individuals and businesses.We’ve been leaders in the communications industry for more than 50 years and have customers all over the country.[If desired, customize second bullet to include customers similar to prospect]
What do we do? You could say we make the Internet and telephones and TV work for individuals and businesses.We’ve been leaders in the communications industry for more than 50 years and have customers all over the country.[If desired, customize second bullet to include customers similar to prospect]
What do we do? You could say we make the Internet and telephones and TV work for individuals and businesses.We’ve been leaders in the communications industry for more than 50 years and have customers all over the country.[If desired, customize second bullet to include customers similar to prospect]
What do we do? You could say we make the Internet and telephones and TV work for individuals and businesses.We’ve been leaders in the communications industry for more than 50 years and have customers all over the country.[If desired, customize second bullet to include customers similar to prospect]