Cisco Systems OL-4344-01 manual Overview of ISC, ISC Network Management Subnet

Page 2

Chapter 1 About Cisco IP Solution Center

Overview of ISC

The notable ISC network elements are as follows:

ISC Network Management Subnet

The ISC Network Management Subnet is required when the service provider’s service offering entails the management of CEs. The management subnet consists of the ISC workstation (where ISC is installed). On the same LAN, the service provider can optionally install one or more Processing servers. The Processing servers are responsible for executing tasks such as provisioning, auditing, SLA data collection, and so on.

The Management VPN

The Management VPN is a special VPN employed by the ISC Network Management Subnet to manage the CEs in a service provider network. Once a CE is in a VPN, it is no longer accessible by means of conventional IPv4 routing, unless the CEs are part of the Management VPN. To communicate with the PEs, the link between the Management PE (MPE) and the Management-CE (MCE) uses a parallel IPv4 link. The Management VPN connects to the managed CEs.

Multi-VRF CE

The Multi-VRF CE is a feature that provides for Layer 3 aggregation. Multiple CEs can connect to a single Multi-VRF CE (typically in an enterprise network); then the Multi-VRF CE connects directly to a PE. Figure 1-1shows CE 1 and CE2 connected to the Multi-VRF CE, and the Multi-VRF CE is connected directly to the PE. For details, see the “About Multi-VRF CEs” section on page 1-10.

Layer 2 Access to MPLS VPNs

The service provider can install multiple Layer 2 switches between a PE and CE, as shown in Figure 1-1. This feature provides Layer 2 aggregation. Additional CEs can be connected to the switches as well. Cisco supports two switches for the Layer 2 access to MPLS: either a Cisco Catalyst 2950 Switch or a Cisco Catalyst 3550 Intelligent Ethernet Switch.

Collection Servers

Cisco ISC is designed to provision a large number of devices through its distributed architecture. If the Master server (equivalent to the ISC workstation) cannot keep up with the number of devices, Collection servers can be added to offload the work of the Master server. Among other tasks, Collection servers are responsible for uploading and downloading configuration files to and from Cisco routers. For more information, see the “Defining Collection Zones and Assigning Devices to Zones” section on page 2-13.

Overview of ISC

Cisco ISC offers service providers the ability to plan, provision, operate and bill for the MPLS services. Using the ISC, service providers can do the following:

Provision IP-based MPLS VPN services.

Generate audit reports for service requests.

Perform data collection to measure SLA performance.

Evaluate service usage for each VPN.

An MPLS VPN consists of a set of sites that are interconnected by means of an MPLS provider core network. At each site, there are one or more CEs, which attach to one or more PEs. PEs use the Border Gateway Protocol-Multiprotocol (MP-BGP) to dynamically communicate with each other.

Cisco IP Solution Center, 3.0: MPLS VPN Management User Guide, 3.0

1-2

OL-4344-01

 

 

Image 2
Contents About Cisco IP Solution Center Overview of ISC ISC Network Management SubnetISC Features Service Provider Network for Vlan ID Management Access Domain Assigned Resource PoolsFeatures and Functions Provided in Provisioning with ISC VPN Service Profile-Based ProvisioningRole-Based Access Control Rbac CPE Customer’s and Provider’s View of the Network Customer’s View of the NetworkAbout Provider Edge Routers PEs About Multi-VRF CEsA Multi-VRF CE Providing Layer 3 Aggregation Using Templates to Customize Configuration Files Mapping IPsec Tunnels to Mpls VPNsAuditing Service Requests Uses for the Template FunctionAbout Mpls VPNs VPNs Sharing SitesCharacteristics of Mpls VPNs Intranets and ExtranetsVPN Routing and Forwarding Tables VRFs VRF Implementation Considerations Ip vrf site2 rdCreating a VRF Instance Route Distinguishers and Route TargetsRoute Target Communities CE Routing CommunitiesHub and Spoke Considerations Address Space Separation Security Requirements for Mpls VPNsAddress Space and Routing Separation Routing SeparationHiding the Mpls Core Structure Resistance to Attacks Securing the Routing ProtocolLabel Spoofing Trusted Devices Routing AuthenticationSecuring the Mpls Core PE-CE InterfaceConnectivity Between VPNs LDP AuthenticationSeparation of CE-PE Links MP-BGP Security Features Security Through IP Address ResolutionAPI Functionality Supported North Bound Interface NBIEnsuring VPN Isolation API Approach Distributed Load BalancingNBI Benefits 11 Simple Flat-Based Server Load Balancing Configuration Four-Tier System Architecture Client tierControl tier