Integration Solutions Guide for Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators

(1)

Integration Solutions Guide for Managed

Broadband Access Using MPLS VPNs for

Cable Multiservice Operators

This document describes a secure, scalable, managed broadband access system utilizing multiprotocol label switching virtual private networks (MPLS VPNs). The system configuration proposed in this document will enable cable multiple service operators (MSOs) to share the broadband transport system of the cable television infrastructure with different service providers and business customers. In so doing, MSOs will be able to offer their subscribers a choice from a variety of service providers while simultaneously delivering multiple value-added services such as Web and media caching.

Note This solutions guide deals only with the MPLS VPN method of managed broadband access.

This document is intended primarily for system administrators responsible for installing and

configuring internetworking equipment in a hybrid fiber-coaxial (HFC) cable network environment. It is assumed that the reader is familiar with the fundamentals of router-based and cable-based

internetworking, and also familiar with Cisco routers and Cisco IOS software.

This document will describe the basic network setup and configuration of the MPLS VPNs managed broadband access system. It will explain how to interface the cable modem termination system (CMTS) with the MPLS cloud, and how to interface ISPs with MPLS VPNs. It will not provide cable-specific installation information or describe the details of MPLS configuration.

The following sections are included in this document: • Business Objectives, page 2

• Possible Solutions, page 3

(2)

Integration Solutions Guide for Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators Business Objectives

Business Objectives

For a variety of business reasons, it is advantageous for cable Multiple Service Operators (MSOs) to be able to make their subscribers available to other organizations or Internet Service Providers (ISPs), and/or to provide their subscribers with IP access to other ISPs. The challenge faced by MSOs is to find a way of providing this kind of open access to their subscribers while maintaining the ability to track, bill, and monitor connections. The answer to this challenge is a process called managed broadband access.

In a managed broadband access environment, each ISP must have a method of moving traffic to and from a subscriber’s PC, through the MSO’s physical network infrastructure, to the ISP’s network. One of the optimal ways of accomplishing this is to form a secure virtual private network (VPN) through the MSO’s network. In an ideal scenario, each ISP VPN is insulated from other ISPs who might be using the same MSO infrastructure. MPLS VPNs are an efficient, scalable method of transporting ISP traffic seamlessly across the MSO’s network.

The method used by an MSO to provide managed broadband access will depend on the MSO’s business model and on the agreements made with their partner ISPs. In some business models, the MSO will bill the cable subscriber extra for providing the capability to connect to another ISP. The extra billing may be based on the time the subscriber is using the other ISP, or on the amount of data transferred by the subscriber while connected to the other ISP.

Typical Business Needs of a Cable MSO

In evaluating the advantages and disadvantages of alternate methods of providing managed broadband access, the following business needs were considered:

• Cable MSOs must provide a means by which end subscribers can obtain IP and internet services from any ISP with which the cable operator has a business agreement.

• MSOs must be able to maintain full control of the cable modems at the end subscriber premises. • MSOs desire to use authentication for logging onto an ISP, and have the ability to bill the subscriber

for either time logged on or volume of data used while logged on.

• Some MSOs want to be able to support multiple PCs behind a cable modem, each accessing a different ISP.

• Most ISPs do not wish to have a connection into each MSO headend, but they do want redundant connections into a Point of Interconnect.

Initial or Original Network Topology

Figure 1 depicts a typical DOCSIS cable modem network connected to a hybrid fiber/coax

(3)

Integration Solutions Guide for Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators

Possible Solutions

Figure 1 Typical MSO IP Network without MPLS VPNs

Business Drivers

Without additional configuration, the basic cable network depicted above lacks the ability to differentiate subscriber traffic and route it separately to a relavant ISP. Thus, the MSO must either supply IP service to its customers itself, or rely on a single ISP partner to supply it.

Possible Solutions

There are two primary strategies for providing managed broadband access:

• Physical separation. The MSO assigns a set of frequencies to each ISP upon which subscriber services are provided. Because frequencies essentially map to physical ports, this implies specific hardware dedicated to ISPs.

• Logical separation. Logical separation can be accomplished in a number of ways, one of which is by using virtual private networks (VPNs). The MSO creates a distinct VPN for each ISP, all sharing

(4)

Integration Solutions Guide for Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators Possible Solutions

Managed Broadband Access Via Separate Frequencies

There are several difficulties encountered in providing managed broadband access by assigning a separate pair of frequencies to each ISP. Four of these difficulties are summarized below:

1. The DOCSIS specification states the that the cable modem (CM) MUST operate using the first valid downstream signal that it encounters while scanning (Section 7.2.13). The specification further states that the CM can be instructed via configuration file parameters to shift operations to a different downstream frequency.

This implies that there needs to be a single provisioning system that will know about all cable modems assigned to all of the various frequencies. Each ISP will therefore have to be able to upload cable modem information to the provisioning system for each new subscriber, and associate that cable modem with the appropriate frequency pair for that ISP. Because the provisioning system is the heart of the data-over-cable system, it will be a considerabe challenge to keep the information from multiple ISPs updated in real time.

2. If a cable modem locks onto the wrong downstream frequency for the ISP to which it is subscribed, the provisioning system that is assigned to the locked-on frequency will not assign an IP address to the cable modem because it will not know about its MAC address. (A provisioning system will only respond to cable modems whose MAC addresses are known; that is, whose MAC addresses are assigned to its ISP.)

3. There is a limited amount of usable upstream bandwidth. If the entire usable upstream bandwidth is assigned to ISPs, there will be no room for upstream frequency hopping in the event of ingress noise.

4. Assigning separate frequencies maps each ISP to a specific upstream port on the Cisco uBR7246 CMTS. Mapping a specific upstream port to an ISP means that a specific channel is mapped to each ISP.

Because of the above factors, separate frequency assignments is not recommended as a method for providing managed broadband access.

Managed Broadband Access Via Logical Separation

To provide managed broadband access via logical separation, a virtual tunnel is constructed between the MSO and the managed partner ISP. The tunnel can be created using one of the following methods:

• Point-to-Point Tunneling Protocol (PPTP) • Point-to-Point Protocol over Ethernet (PPPoE) • Layer 2 Tunneling Protocol (L2TP)

• IP Security (IPSEC)

• Service Selection Gateway (SSG) • Policy-Based Routing

• Source Routing

(5)

Proposed Solution: MPLS VPN-Enabled Cable Network

Proposed Solution: MPLS VPN-Enabled Cable Network

Cisco has extensively evaluated the range of technologies for providing managed broadband access and has concluded that network-based MPLS is the preferred technological foundation for building managed broadband access networks. For MSOs that require specific tunneling protocols, these approaches can work in conjunction with MPLS.

MPLS is an Internet Engineering Task Force (IETF) draft standard based on RFC 2547, and is supported by many equipment vendors around the world. MPLS VPN technology is useful for providing voice telephony services, digital video services such as movies, video on demand (VoD), and other streaming media services such as distant TV news or entertainment programming.

Overview/Strategy

The basic components of a network that supports MPLS are the devices of two entities: a provider and a customer. The provider is the owner of a physical network infrastructure. The customer’s goal is to route traffic across the provider’s network.

In an MPLS network there are three basic types of router: the customer edge (CE) router, which interfaces with the provider edge (PE) router, and the provider (P) router that is located in the core of the provider’s network and that helps route traffic. The MPLS VPN connects an interface on one PE router to an interface on a distant PE router, thus causing two or more remote CE routers to be “virtually connected” to each other via the VPN.

The MPLS VPN solution operates as an “overlay” on top of the typical MSO network and requires minimal changes to the physical network. Typically the network has a unique VPN that is used exclusively for management of the MSO provider’s devices. This VPN is called the management VPN and contains the servers and other devices to which all other VPNs require access.

In Figure 2, each ISP that signs a contract with the MSO is peered to a provider edge (PE) router that is MPLS-capable. The uBR7246, acting as CMTS and also as a PE router, and having its own managed broadband access subscribers to the ISPs, creates a VPN with each PE router that peers with an ISP. There may be multiple MSO routers in the core of the network that act as provider (P) routers. In addition to the PE routers connected to the ISPs, one additional PE router is connected to management servers (the CNR/DHCP) and is part of the management VPN.

(6)

Integration Solutions Guide for Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators Proposed Solution: MPLS VPN-Enabled Cable Network

Benefits

In addition to the advantages described above, MPLS VPN cable networks provide operationally scalable private IP services and internet access. Following are additional specific benefits of this solution:

• Allows the MSO to maintain full control over the cable modems or other devices directly connected to the cable plant

• Highly flexible, scalable, and easy to manage system – Easy to add or move devices

– No additional backbone configuration needed – One VPN per ISP scales well

• Supports overlapping IP address ranges

• Provides secure support for multiple intranets and extranets

– VPN isolation guaranteed by label stacking and L2 switching in core – VPN_ID cannot be spoofed

– IPsec or application-level encryption supported (up to 3DES) • Supports multiple IP QoS classes

– IP precedence copied into MPLS header – MPLS/TAG QoS supported in the core – CAR precedence marking supported at ingress

(7)

Proposed Solution: MPLS VPN-Enabled Cable Network

Network Topology

Figure 2 MPLS VPN Enabled Network Topology

uBR 7246 Cisco 7500 Cisco 7500 Provider edge router MSO as ISP

ISP-A _customerISP-A

(8)

Integration Solutions Guide for Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators Proposed Solution: MPLS VPN-Enabled Cable Network

How this Solution Works

The MPLS VPN network operation is as follows:

1. The MSO and the ISP negotiate a contract to provide internet services for end subscribers. 2. The MSO CMTS is notified of the new ISP, the classes of service allowed, the range of IP addresses

provided by the ISP, and the location of the ISP’s authentication server.

3. The network administrator assigns a range of IP addresses to the new ISP for the cable modems (CMs) that will be associated with the new ISP, and configures the CNR appropriately.

4. As subscribers sign up for the ISP’s services with the MSO, the CMTS notifies the CM management provisioning server of the new subscribers. The provisioning server will keep track of the MAC addresses of the subscriber cable modems and CPE devices, and will build a relationship between MAC address, service provider, and class of service.

Note Provisioning systems such as CSRC can be used to implement auto-provisioning and other management schemes.

5. The CMTS will know the IP addresses and subnet masks of the various router interfaces. The MSO will use this information to add the subnets and subnet masks to the CNR’s scope table.

6. The network administrator will add the appropriate configuration information to the PE routers and add the VPN information to Cable Manager if Cable Manager is supporting VPNs.

When a cable modem at an end subscriber site is connected to the HFC network and is powered on, the following events occur:

1. The cable modem completes its boot cycle and sends a DHCP discover packet.

2. The CMTS adds the giaddr to the discover packet and forwards it to the MSO’s provisioning system.

3. The provisioning system checks its tables to see if the MAC address of the cable modem is listed there. If it is not listed, it will forward the packet to the CNR with a class of service (CoS) of an unregistered cable modem. Unregistered cable modems can be denied service, connected to an auto-provisioning service, or allowed limited access.

4. Once the provisioned cable modem is reset, the provisioning system finds the cable modem’s MAC address in its tables and forwards the DHCP discover packet to the CNR with the appropriate CoS. 5. The CNR issues an IP address to the cable modem based on the giaddr taken from the discover

packet. As the IP address passes through the CMTS on its way to the cable modem, the CMTS gleans the IP address, assigns a corresponding SID to the cable modem, and associates that SID with the subinterface that is assigned to the ISP to which that IP address belongs.

(9)

Implementation

Ramifications

The MPLS VPN method of providing managed broadband access is the most flexible and scalable of all of the methods of providing VPN service over cable. It does require MPLS on the entire backbone; however, it offers the following advantages:

• Supports both permanent and temporary subscriber sessions • Does not require PC-based software

• PC IP address is assigned by the ISP • Provides virtual routing table for each ISP • Supports QoS and traffic engineering • Supports service level agreements (SLAs) • Supports multiple classes of service per ISP • Supports multiple PCs per cable modem • Supports multicast

• Supports billing per session or per usage

Implementation

The primary strategy used to provide managed broadband access via MPLS VPNs is to enable the creation of subinterfaces on a physical cable interface or on a bundle of cable interfaces. Each subinterface is then configured to connect to a separate managed partner ISP network; in this case, a separate ISP. The subinterfaces are tied to virtual routing and forwarding tables (VRFs) for their respective ISPs.

In addition to creating one subinterface for each ISP, one additional subinterface needs to be created for a management VPN. The management VPN connects the CMTS to a PE router that is connected to cable modem management servers such as CNR, DHCP, ToD, etc.

The MPLS model has some elementary built-in security. Because each MPLS VPN has its own routing/forwarding table, the VPN will only know about its own addresses. Any knowledge of other IP networks will come only from the ISP’s normal Internet routing. Therefore, even though two ISPs have an MPLS VPN on the same router, the only traffic through the router will be via the ISP’s internet routes.

(10)

Integration Solutions Guide for Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators Implementation

Network Topology

Figure 3 Post-Implementation Traffic Flow

(11)

Implementation

Prerequisites and Design Considerations

Prerequisites

To implement managed broadband access for cable using MPLS VPNs, the following conditions must be met:

• The cable return path must be available • The cable network must be DOCSIS-compliant

• Cable modems must be currently deployed and operational • You must have an operational IP network

Design Considerations

The basic supposition of this design is that the MSO must be able to maintain full control over the devices directly connected to the cable plant, whether they be cable modems (CMs), set top boxes (STBs), or integrated telephony cable modems (ITCMs).

It is also imperative for security purposes that each home connected to each ISP gets its DHCP addresses from that ISP and not from any other source.

Implementation Procedure

To implement the MPLS VPN solution, the MSO configures its routers to be MPLS-capable. To establish each new VPN, you only have to configure the VPN on the edge of the network. The implementation process is as follows:

1. Configure the uBR7246 CMTS 2. Configure each provider edge router

3. Configure the provider core router(s) to be MPLS-capable 4. Confirm the operation of MPLS

5. Configure the Cable Network Registrar (CNR) server

(12)

Integration Solutions Guide for Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators Device Characteristics and Configuration Files

Device Characteristics and Configuration Files

The following table describes the hardware, software, and interface IP addresses for the devices used in the case study sample configuration files.

Configuration Tasks for Managed Broadband Access with MPLS

Before configuring the MSO network for managed broadband access, it is assumed that the network has the following characteristics:

• the uBR7246 is configured to route internally • IGRP is operational

• the subscriber cable modems are operational • the CNR server is operational

• the cable plant is operating properly

To implement managed broadband access with MPLS, accomplish the following tasks: • Configure the uBR7246 CMTS

– Create subinterfaces

– Determine the number of VPNs and their names – Create VRFs using the VPN naming established above – Assign the VRFs to subinterfaces

– Configure BGP with address families to route VRF traffic and distribute routes – Use route maps and access lists to limit route sharing

Table 1 Hardware and Software Used in the Case Study

Customer Edge Provider Edge Provider Provider Edge Customer Edge Customer Edge

Hostname 2016 2014 2004 2005 Cable Modem PC

Chassis type Cisco 7200 series router Cisco 7500 series router Cisco 7500 series router Cisco uBR7246 cable access router Cisco uBR924 cable modem Host PC Physical interfaces

FastEthernet FastEthernet FastEthernet FastEthernet Cable subinterface

Cable subinterface Software

loaded

(13)

Device Characteristics and Configuration Files

• Configure the PE routers – Configure VRFs

– Assign the VRFs to subinterfaces

– Configure BGP with address families to route VRF traffic and distribute routes – Use route maps and access lists to limit route sharing

• Configure the provider core routers for MPLS – Use the tag switching ip CLI command • Confirm MPLS operation

– Use the ping ip vrf command – Use the show ip vrf command • Configure the CNR server for MPLS

Configuration Files for Managed Broadband Access with MPLS VPNs

This section contains a show running config file for each of the devices shown in the detailed network diagram (see Figure 3). The following configuration files are included:

• Configuration File for the Provider Edge Device: Cisco uBR7246 • Configuration File for the Provider Device: Cisco 7500 Series Router • Configuration File for the Provider Edge Device: Cisco 7500 Series Router • Configuration File for the Customer Edge Device: Cisco 7200 Series Router Configuration File for the Provider Edge Device: Cisco uBR7246

(14)

Figure 4 Provider Edge Device (Device 2005): Cisco uBR7246

Configuration File for Device 2005: Cisco uBR 7246 (Provider Edge Device)

!

! Identifies the version of Cisco IOS software installed. version 12.1

! Defines the hostname of the Cisco uBR7246 hostname region-1-ubr

!

! Describes where the system is getting the software image it is running. In ! this configuration example, the system is loading a Cisco uBR7246 image named ! AdamSpecial from slot 0.

boot system flash slot0:ubr7200-p-mz.AdamSpecial !

! Creates the enable secret password.

enable secret 5 $1$SCp7$yyOG5jxTUPWPJht7WrR9F0 enable password cable

!

! Sets QoS per modem for the cable plant. no cable qos permission create

no cable qos permission update cable qos permission modems !

! Allows the system to use a full range of IP addresses, including subnet zero, for

(15)

ip dhcp relay information option !

! Enters the virtual routing forwarding (VRF) configuration mode and maps a VRF table to ! the virtual private network (VPN) called MSO. The VRF table contains the set of routes ! that points to or gives routes to the CNR device, which provisions the cable modem ! devices. Each VRF table defines a path through the MPLS cloud.

ip vrf MAINT !

! Creates the route distinguisher and creates the routing and forwarding table of the ! router itself.

rd 100:1 !

! Creates a list of inport and/or export route target communities for the VPN. route-target export 100:2

route-target export 100:3 !

! Maps a VRF table to the VPN called isp1. ip vrf isp-A

!

rd 100:2 !

! Creates a list of inport and/or export route target communities for the VPN. route-target import 100:1

!

! Maps a VRF table to the VPN called isp2. ip vrf isp-B

!

rd 100:3 !

! Creates a list of inport and/or export route target communities for the VPN. route-target import 100:1

!

! Maps a VRF table to the VPN called MSO-isp. Note: MSO-isp could be considered ISP-3; in ! this case, the MSO is competeing with other ISPs for other ISP services.

ip vrf MSO-isp !

rd 100:2 !

! Creates a list of inport and/or export route target communities for the VPN. route-target export 100:2

route-target import 100:2 route-target import 100:1 !

! Builds a loopback interface to be used with MPLS and BGP; creating a loopback interface ! eliminates unnecessary updates (caused by physical interfaces going up and down) from ! flooding the network.

(16)

!

! Enters cable interface configuration mode and configures the physical aspects of the ! 3/0 cable interface. Please note that no IP addresses are assigned to this interface; ! they will be assigned instead to the logical subinterfaces. All other commands for ! this cable interface should be configured to meet the specific needs of your cable RF ! plant and cable network.

interface Cable3/0 no ip address ip directed-broadcast no ip mroute-cache load-interval 30 no keepalive

cable downstream annex B

cable downstream modulation 64qam cable downstream interleave-depth 32 cable downstream frequency 855000000 cable upstream 0 frequency 30000000 cable upstream 0 power-level 0 no cable upstream 0 shutdown cable upstream 1 shutdown cable upstream 2 shutdown cable upstream 3 shutdown cable upstream 4 shutdown cable upstream 5 shutdown !

! Configures the physical aspects of the 3/0.1 cable subinterface. If cable modems have ! not been assigned IP addresses, they will automatically come on-line using the settings ! for subinterface X.1.

interface Cable3/0.1

description Cable Administration Network !

! Associates this interface with the VRF and MPLS VPNs that connect to the MSO cable ! network registrar (CNR). The CNR provides cable modems with IP addresses and other ! initialization parameters.

ip vrf forwarding MSO !

! Defines a range of IP addresses and masks to be assigned to cable modems not yet associated with an ISP.

ip address 10.0.1.1 255.255.255.0 !

! Disables the translation of directed broadcasts to physical broadcasts. no ip directed-broadcast

!

! Defines the DHCP server for cable modems whether they are associated with an ISP or ! with the MSO acting as ISP.

cable helper-address 10.4.1.2 cable-modem !

! Defines the DHCP server for PCs that are not yet associated with an ISP. cable helper-address 10.4.1.2 host

!

! Disables cable proxy Address Resolutio Protocol (ARP) and IP multicast echo on this ! cable interface.

no cable proxy-arp

no cable ip-multicast-echo !

(17)

! with the MSO as ISP network.

ip address 10.1.0.1 255.255.255.0 secondary !

! Defines a range of IP addresses and masks to be assigned to host devices associated ! with the MSO as ISP network.

ip address 24.0.1.1 255.255.255.0 !

!

! Defines the DHCP server for PC host devices. cable helper-address 24.0.1.1 host

!

! Configures the physical aspects of the 3/0.3 cable subinterface interface Cable3/0.3

description ISP1's Network !

! Makes this subinterface a member of the MPLS VPN. ip vrf forwarding isp1

!

! Defines a range of IP addresses and masks to be assigned to cable modems associated ! with the MSO as ISP network.

ip address 10.1.1.1 255.255.255.0 secondary !

ip address 11.0.1.1 255.255.255.0 !

!

(18)

ip address 22.0.1.1 255.255.255.0 !

!

cable dhcp-giaddr policy !

!! Defines the DHCP server for cable modems whether they are associated with an ISP or ! with the MSO acting as ISP.

!

! Configures OSPF as an IGP (Interior Gateway Protocol). OSPF should be configured so ! that the MSO network can communicate appropriately.

router ospf 100

redistribute connected

network 10.0.0.0 0.255.255.255 area 0 network 24.0.0.0 0.255.255.255 area 0 default-metric 25

! Enables BGP on the router and configures the IP addresses for the BGP neighbors. BGP ! communication is linked to the loopback interface.

router bgp 100

neighbor 10.100.0.3 remote-as 100

neighbor 10.100.0.3 update-source Loopback0 neighbor 10.100.0.14 remote-as 100

neighbor 10.100.0.14 update-source Loopback0 !

! Defines static route parameters for every BGP PE to CE session—in essence, associating an address family with a defined VPN.

!

address-family ipv4 vrf isp2 redistribute connected redistribute static no auto-summary no synchronization exit-address-family !

address-family ipv4 vrf isp1 redistribute connected redistribute static no auto-summary no synchronization exit-address-family !

(19)

! Configures an address family for the MSO that makes the MSO avaialble to all other ! address families.

address-family ipv4 vrf MSO redistribute connected

neighbor 10.100.0.14 remote-as 100

neighbor 10.100.0.14 update-source Loopback0 neighbor 10.100.0.14 activate no auto-summary no synchronization network 10.1.0.0 mask 255.255.0.0 network 24.0.1.0 mask 255.255.255.0 exit-address-family ! address-family vpnv4 neighbor 10.100.0.3 activate

neighbor 10.100.0.3 send-community extended neighbor 10.100.0.14 activate

neighbor 10.100.0.14 send-community extended exit-address-family ! ip classless no ip http server ! !

! Configures passwords for telnet sessions. line con 0

password cable login

(20)

Configuration File for the Provider Device: Cisco 7500 Series Router

Following is a description of what is being accomplished by configuring this device—and the purpose of this device in the larger view of the configuration.

Figure 5 Provider Device (Device 2004): Cisco 7500 Series Router

Sample Configuration File for Device 2004: One of Several Cisco 7500 Series Core Routers (Provider Device)

!

version 12.1

service timestamps debug uptime service timestamps log uptime no service password-encryption service udp-small-servers service tcp-small-servers ! hostname region-1-7500 !

boot system flash slot1:rsp12108.T

enable secret 5 $1$wsjq$v1F6SXDGtBlsqLxiKbUNA. enable password cable

(21)

interface FastEthernet0/1 ip address 10.10.0.25 255.255.255.252 full-duplex tag-switching ip ! interface FastEthernet1/0/0 no ip address ip route-cache distributed shutdown half-duplex ! interface FastEthernet1/1/0 no ip address ip route-cache distributed shutdown half-duplex ! interface POS2/0/0 ip address 10.10.0.5 255.255.255.252 ip route-cache distributed no keepalive

! Enables MPLS tag switching on this interface. tag-switching ip

clock source internal no cdp enable ! interface POS3/0/0 ip address 10.10.0.9 255.255.255.252 ip route-cache distributed no keepalive tag-switching ip clock source internal no cdp enable

!

! This is part of the IGP. This must be configured as per IGP. router ospf 100 redistribute connected network 10.0.0.0 0.255.255.255 area 0 default-metric 25 ! ip classless no ip http server ! ! ! line con 0

(22)

Configuration File for the Provider Edge Device: Cisco 7500 Series Router

Following is a description of what is being accomplished by configuring this device—and the purpose of this device in the larger view of the configuration. The provider edge device provides routing through the MPLS cloud so that the MSO can reach the ISPs.

Figure 6 Provider Edge Device (Device 2014): Cisco 7500 Series Router

Configuration File for Device 2014: Cisco 7500 Series Router (Provider Edge Device)

! version 12.1 ! ! hostname region-2-7500 !

boot system flash slot1:rsp12108.T

enable secret 5 $1$wc3I$.06R34MjkfJMeDM2j8PiH1 enable password cable

(23)

ip vrf MSO-isp rd 100:2 route-target export 100:2 route-target import 100:2 route-target import 100:1 ! ip vrf isp1 rd 100:3 route-target export 100:3 route-target import 100:3 route-target import 100:1 ! ip vrf isp2 rd 100:4 route-target export 100:4 route-target import 100:4 route-target import 100:1 ip cef distributed cns event-service server ! ! ! ! ! ! interface Loopback0 ip address 10.100.0.14 255.255.255.255 ! interface FastEthernet0/0

description Region-2 connection no ip address shutdown full-duplex tag-switching ip ! interface FastEthernet0/1 ip vrf forwarding MSO ip address 10.4.1.1 255.255.255.0 half-duplex ! interface POS1/0/0

description Connect 2004(region-1-7500) ip address 10.10.0.6 255.255.255.252 ip route-cache distributed

(24)

! interface FastEthernet3/1/0 ip vrf forwarding isp2 ip address 22.1.0.2 255.255.255.252 ip route-cache distributed full-duplex ! router ospf 100 network 10.0.0.0 0.255.255.255 area 0 network 24.0.0.0 0.255.255.255 area 0 ! router bgp 100 redistribute connected neighbor 10.100.0.3 remote-as 100

neighbor 10.100.0.3 update-source Loopback0 neighbor 10.100.0.5 remote-as 100

neighbor 10.100.0.5 update-source Loopback0 !

address-family ipv4 vrf isp2 neighbor 22.1.0.1 remote-as 6200 neighbor 22.1.0.1 activate no auto-summary no synchronization exit-address-family !

address-family ipv4 vrf isp1 neighbor 11.1.0.1 remote-as 6100 neighbor 11.1.0.1 activate no auto-summary no synchronization exit-address-family !

address-family ipv4 vrf MSO-isp no auto-summary

no synchronization exit-address-family !

address-family ipv4 vrf MSO no auto-summary no synchronization network 10.4.1.0 mask 255.255.255.0 exit-address-family ! address-family vpnv4 neighbor 10.100.0.3 activate

neighbor 10.100.0.3 send-community extended neighbor 10.100.0.5 activate

(25)

Configuration File for the Customer Edge Device: Cisco 7200 Series Router

Following is a description of what is being accomplished by configuring this device—and the purpose of this device in the larger view of the configuration.

Figure 7 Customer Edge Device (Device 2016): Cisco 7200 Series Router

Configuration File for Device 2016: Cisco 7200 Series Router (Customer Edge Device)

!

version 12.1 !

!

service timestamps debug uptime service timestamps log uptime no service password-encryption !

hostname cse-ce1-7200 !

boot system flash slot0:c7200-12108.T

enable secret 5 $1$inJL$97cEHC5GGR4qI2WtDbMDb1 enable password cable

(26)

Integration Solutions Guide for Managed Broadband Access Using MPLS VPNs for Cable Multiservice Operators Related Documents interface FastEthernet0/0 ip address 11.1.0.1 255.255.255.252 full-duplex ! interface FastEthernet1/0 ip address 11.4.1.1 255.255.255.0 full-duplex ! router bgp 6100 redistribute connected neighbor 11.1.0.2 remote-as 100 ! ip classless no ip http server ! ! ! line con 0

transport input none line aux 0 line vty 0 4 password cable login ! end