Broadnet Architecture and Guideline-V1.0

Reliance Metro Ethernet - Broadnet

Reliance MEN - Broadnet Service Guidelines Reliance Confidential

Page 1 of 32 Release V1.0

BROADNET Architecture and Provisioning Guideline

Document No: - C1-NWN

1 0 25/09/2008 Karuna Manav Joshi Deepak Warang

Ver. Rev. Date Made By Checked By Approved By




NOTICE OF DISCLAIMER

RELIANCE INFOCOMM MAKES NO REPRESENTATION OR WARRANTY, EXPRESSED OR IMPLIED, WITH RESPECT TO THE SUFFICIENCY, ACCURACY, OR UTILITY OF ANY INFORMATION OR OPINION CONTAINED IN THIS DOCUMENT INCLUDING ANY WARRANTIES OF TITLE, NONINFRINGEMENT OF COPYRIGHT OR PATENT RIGHTS OF OTHERS. THE INFORMATION CONTAINED IN THIS DOCUMENT IS PROVIDED ON AN “AS-IS” BASIS.

RELIANCE INFOCOMM ADVISES THAT ANY USE OF OR RELYING UPON THE INFORMATION OR OPINION CONTAINED IN THIS DOCUMENT IS AT THE SOLE RISK OF THE USER AND THAT RELIANCE INFOCOMM SHALL NOT BE IN ANY MATTER BE LIABLE FOR ANY DAMAGE OR INJURY DIRECTLY OR INDIRECTLY INCURRED BY ANY PERSON ARISING OUT OF THE SUFFICIENCY, ACCURACY, OR UTILITY OF ANY INFORMATION OR OPINION CONTAINED HEREIN.

LOCAL CONDITIONS MAY GIVE RISE TO A NEED FOR ADDITIONAL PROFESSIONAL INVESTIGATIONS, MODIFICATIONS, OR SAFEGUARDS TO MEET SITE, EQUIPMENT, AND ENVIRONMENTAL SAFETY OR COMPANY-SPECIFIC REQUIREMENTS. IN NO EVENT IS THIS INFORMATION INTENDED TO REPLACE CENTRAL, STATE, LOCAL, OR OTHER APPLICABLE CODES, LAWS, OR REGULATIONS. SPECIFIC APPLICATIONS OR USE OF THE INFORMATION HEREIN WILL CONTAIN VARIABLES UNKNOWN TO OR BEYOND THE CONTROL OF RELIANCE INFOCOMM. AS A RESULT, RELIANCE INFOCOMM CANNOT WARRANT THAT THE APPLICATION OR USE OF THIS INFORMATION WILL PRODUCE THE TECHNICAL RESULT OR SAFETY ORIGINALLY INTENDED.

THIS IS NOT TO BE CONSTRUED AS A SUGGESTION TO ANYONE TO MODIFY OR CHANGE ANY PRODUCT OR SERVICE, NOR DOES THIS DOCUMENT REPRESENT ANY COMMITMENT BY ANYONE, INCLUDING BUT NOT LIMITED TO RELIANCE INFOCOMM TO PURCHASE, MANUFACTURE, OR SELL ANY PRODUCT WITH THE DESCRIBED CHARACTERISTICS. READERS ARE SPECIFICALLY ADVISED THAT ANY ENTITY MAY HAVE NEEDS, SPECIFICATIONS, OR REQUIREMENTS DIFFERENT FROM THE GENERIC DESCRIPTIONS HEREIN. THEREFORE, ANYONE WISHING TO KNOW ANY ENTITY’S NEEDS, SPECIFICATIONS, OR REQUIREMENTS SHOULD COMMUNICATE DIRECTLY WITH THAT ENTITY. NOTHING CONTAINED HEREIN SHALL BE CONSTRUED AS CONFERRING BY IMPLICATION, ESTOPPEL, OR OTHERWISE ANY LICENSE OR RIGHT UNDER ANY PATENT, WHETHER OR NOT THE USE OF ANY INFORMATION HEREIN NECESSARILY EMPLOYS AN INVENTION OF ANY EXISTING OR LATER ISSUED PATENT.

RELIANCE INFOCOMM DOES NOT HEREBY RECOMMEND, APPROVE, CERTIFY, WARRANT, GUARANTEE, OR ENDORSE ANY PRODUCTS, PROCESSES, OR SERVICES, AND NOTHING CONTAINED HEREIN IS INTENDED OR SHOULD BE UNDERSTOOD AS ANY SUCH RECOMMENDATION, APPROVAL, CERTIFICATION, WARRANTY, GUARANTY, OR ENDORSEMENT TO ANYONE.

THE DOCUMENT TO WHICH THIS NOTICE IS ATTACHED IS PROTECTED BY COPYRIGHT OWNED IN WHOLE OR IN PRINCIPAL PART BY RELIANCE INFOCOMM LIMITED. YOU MAY USE THE DOCUMENT ONLY FOR THE LIMITED PURPOSES SPECIFIED BY RELIANCE INFOCOMM.

ANY DISTRIBUTION OF COPIES OF THE DOCUMENT OR ANY ALTERED VERSION THEREOF IS EXPRESSLY PROHIBITED WITHOUT PRIOR WRITTEN CONSENT OF RELIANCE INFOCOMM

RELIANCE INFOCOMM RESERVES THE RIGHT TO REVISE THIS DOCUMENT FOR ANY REASON.




Table of Contents

1 INTRODUCTION....................................................................................... 4

2 BROADNET SERVICE ON MEN ............................................................ 4

3 CONNECTIVITY DIAGRAM ................................................................... 5

4 BROADNET SERVICE - Usage Based .................................................... 5

5 BROADNET SERVICE – Flat Fee ........................................................... 20

5.1 Indroduction ............................................................................................................ 20

5.2 Broadnet Flat Fee service Architecture ................................................................... 20

5.3 Configuration Guidelines for BROADNET-Flat Fee ............................................. 21

5.4 Sample Configuration Template for MCN device .................................................. 21

5.5 Configuration Template for BAN/ MAN device ................................................... 22

5.6 Configuration Template for BN Device .................................................................. 22

5.8 Config Template Using Huawei Devices : ............................................................. 25

6 Backhaul Creation for Wimax and LMDS last miles ................................ 28

6.1 Configuration Template for creating WIMAX and LMDS backhaul on Cisco ...... 28

6.2 Configuration Template for creating WIMAX and LMDS backhaul on Huawei : 29




1 INTRODUCTION

Reliance BROADNET-BIA Internet service provides best class, shared Internet bandwidth through on

demand usage based connection to the global Internet for customers over the Reliance Pan India IP

Backbone. This product will provide a reliable solution to small, medium business and residential

Internet bandwidth users.

No SLA will be committed. This service can be provided with access type of Ethernet, DLC and

LMDS. Customers get assigned a Dynamic IP allocated by DHCP server. All IP addresses remain

property of Reliance and are non-transferable.

MEN will do rate limiting at BRAS based on the customer bandwidth requirement. BROADNET

Usage Based Service allows customers to access internet with authentication. These customers are

charged based on the usage monthly. No SLA is provided for throughput and service will be provided

on best effort. By default this service allows subscriber to get one Public IP address dynamically and it

has no option to provide additional IP address. This service is provided on different last mile like

Ethernet, WiMax, ADSL and IP DSLAM.

This document explains Architecture of USAGE BASED INTERNET ACCESS service and gives

configuration guidelines for both using Cisco and Huawei NEs deployed in Metro Ethernet Network

and further based on the last mile parenting to MEN.

2 BROADNET SERVICE ON MEN

Broadnet Service on MEN is categorized based on the customer potential and the requirements For

BIA service on MEN named Broadnet Service - Usage Based and Broadnet Service – Flat Fee, both

the services are extended to the customer using diiferent last miles including MEN. For Usage based

the IP address allocation is done dynamically using DHCP servers based on the last mile. and where is

in Flat Fee IP address is allocated manually.

Broadnet Service Types :

1. Broadnet Service - Usage Based

2. Broadnet Service – Flat Fee

Service is extended to the customer on different last miles as detailed below,

1. BIA Service through MEN as last mile

2. BIA Service through ADSL parenting to MEN

3. BIA Service through Wimax parenting to MEN




3 CONNECTIVITY DIAGRAM

MCN2

BA RING

BAN RING

MAN RING

1 GE

1 GE

10 GE

BN 1BN 4

BN 3BN 2

BAN 1

BAN 2 BAN 3

MAN 1

MAN 2

MAN 3

MCN1

To BRAS

IUBXXXX VRF

UBXXXX VRF

SME BIA USERSME BIA USER

To DHCP Server

VLAN 66

ADSL Modem IDUSS

Trunk port vlan 3106,65

Trunk port vlan 3106,65

Port 23 & 24 of BN

WiMax User

4 BROADNET SERVICE - Usage Based

Usage Based is categorized by two types as described below,

1. Usage Based with Dynamic IP Assignment.

2. Usage Based with Static IP allocation.




4.1 Usage Based with Dynamic IP Assignment The IP address to the customer is Dynamically assigned by DHCP server, manual assignment of

IP address will not be possible. Misuse of IP will be prevented by ip verify-source command in BN.

IP Unnumbered is on interface VLAN (SVI) is configured pointing the loopback address and hence

the request to the DHCP server will take the source IP of the Loop back The service will be part of vrf

UBXXXX.

Number of MAC addresses permitted per customer is 5 and this restriction is configured on the port

connecting to the Usage Based customer. The customer is expected to connect to the internet through

BRAS.

Service is delivered to the users through the Metro Ethernet Network and further using different last

miles viz Wimax, LMDS and ADSL. Customer connecting port is associated with a service/super

VLAN and further service / super VLAN is carried till MAN/BAN and mapped with UBXXXX

spoke vrf.

DHCP Snooping and ARP inspections are enabled on the super VLAN in BN to restrict violations.

DHCP Discover / Request coming from the customer is carried on different VLAN based on the last

mile from the BN till BAN, On the BAN the DHCP packets are forwarded to respective loopback

interface using IP unnumbered. Where is interface loopback is associated with UBXXXX VRF and

discover / request packets are relayed to DHCP Servers using the helper address.

4.2 Usage Based with Static IP Allocation The IP address allocation and configuration to the customer device is done manually. DHCP requests

are dropped and not carried to the DHCP servers. The DHCP helper –address command will not be

present on SVI configured in the MAN/ BAN

The allocated IP address to the user is part of the IP address from the subnet that is configured on the

SVI. SVI IP acts as gateway for the user PCs.

Number of MAC addresses permitted per customer is 5 and this restriction is configured on the port

connecting to the Usage Based customer.

Service is delivered to the users through the Metro Ethernet Network and further using different last

miles viz Wimax, LMDS. Customer connecting port is associated with a service/super VLAN and

further service / super VLAN is carried till MAN/BAN and mapped with UBXXXX spoke vrf.

The user has to connect through BRAS and the AAA is done at BRAS.

4.3 Vlan Assignment

Last mile Type VLAN VLAN NAME

MEN – Dynamic 66 & 113-124 BRAS_MEN

MEN – Static 64 BRAS_STATIC

WiMax 65 BRAS_WIMAX

Wimax - Management 3106 WIMAX

ADSL 102 BRAS_IPADSL




4.4 RT Assignement

City Name VRF Name RT Values

Mumbai IUBMUMB 100:102

UBMUMB 100:103 - 144

IUBMUMB-C10K 100:170

UBMUMB-C10K 100:171

Nashik UBNSHK 100:152 - 159

Hyderabad IUBHYDR 100:202

UBHYDR 100:203 - 227

Vijayawada UBVWDA 100:252 - 258

Vizag UBVSPN 100:261 - 266

Cheenai IUBCHNN 100:302

UBCHNN 100:303 - 331

Madurai UBMDRI 100:352 - 360

Trivendrum UBTVPM 100:372 - 378

Delhi IUDLHI 100:402

UBDLHI 100:403 - 439

Ludhiyana UBLUDH 100:452 - 459

Chandigargh UBCDGR 100:472 - 483

Jaipur UBJIPR 100:492 - 498

Bangalore IUBBANG 100:502

UBBANG 100:503 - 520

Ernakulam UBERNC 100:532 - 537

Kozhikodu UBKZKD 100:542 - 546

Coimbatore UBCMBT 100:552 - 563

UBMYSR 100:572 - 576

UBMANG 100:582 - 586

Salem UBSLEM 100:592 - 596

Pune IUBPUNE 100:602

UBPUNE 100:603 - 625

Kolkatta IUBCALC 100:702

UBCALC 100:703 - 725

Kanpur UBKNPR 100:730 - 738

UBLUKH 100:752 - 760

Ahmedabad IUBAHDB 100:802

UBAHDB 100:803 - 825

Rajkot UBRJKT 100:852 - 859

Bhopal UBBHPL 100:873

Indoor UBINDR 100:892 - 897

Surat UBSURT 100:917 - 922

Vadodra IUBVDDR 100:1002

UBVDDR 100:1003 - 1022




4.4 Configuration Template using Cisco devices :

4.4.1 Configuration on BAN-C7609 :-

! ip vrf UBXXXX rd <loopback:RT> export map IAD route-target export X:Z route-target import X:Z ! vlan 64 name BRAS_STATIC ! vlan 65 name BRAS_WIMAX ! vlan 66 name BRAS_MEN ! vlan 101-102 ! interface Loopback102 description USAGE BASED SERVICES ip vrf forwarding UBXXXX ip dhcp relay information trusted ip address x.x.x.x 255.255.192.0 secondary ip address d.d.d.d 255.255.254.0 ! ip access-group antivirus in ip verify unicast source reachable-via rx 67 ip helper-address x.x.x.x ip helper-address y.y.y.y no ip redirects no ip unreachables load-interval 30 ! ! interface Vlan66 description BRAS_MEN_Customers ip vrf forwarding UBXXXX ip dhcp relay information trusted ip unnumbered Loopback102 ip access-group antivirus in ip verify unicast source reachable-via rx 67 ip helper-address X.X.X.X ip helper-address Y.Y.Y.Y ! interface Vlan65 description BRAS_WIMAX_Customers ip vrf forwarding UBXXXX ip dhcp relay information trusted ip unnumbered Loopback102




ip access-group antivirus in ip verify unicast source reachable-via rx 67 ip helper-address X.X.X.X ip helper-address Y.Y.Y.Y ! interface Vlan102 description <as per NDD> ip vrf forwarding UBXXXX ip dhcp relay information trusted ip unnumbered Loopback102 ip access-group antivirus in ip verify unicast source reachable-via rx 67 ip helper-address X.X.X.X ip helper-address Y.Y.Y.Y no ip unreachables load-interval 30 ! no ip redirects load-interval 30 ! router bgp 65000 ! address-family ipv4 vrf UBXXXX no synchronization redistribute connected redistribute static exit-address-family ! ! ip access-list extended IAD permit ip x.x.x.x 0.0.63.255 any ip access-list extended antivirus deny 53 any any deny 55 any any deny 77 any any deny tcp any any eq ident deny tcp any any eq 135 deny tcp any any eq 445 deny tcp any any eq 1025 deny tcp any any eq 1981 deny tcp any any eq 2745 deny tcp any any eq 3127 deny tcp any any eq 5000 deny tcp any any eq 6129 deny udp any any eq netbios-ns deny udp any eq 1434 any deny udp any any eq 1434 permit ip any any ! route-map IAD permit 10 match ip address IAD set extcommunity rt 100:2 !




4.4.2 Configuration on BN-C3400/3550/ME3750 :-

! ip arp inspection vlan ip arp inspection vlan 66,65,102 ! spanning-tree mode mst no spanning-tree optimize bpdu transmission spanning-tree extend system-id ! spanning-tree mst configuration name reliance revision 1 instance 1 vlan 1100-1149, 1500-1549 instance 2 vlan 1150-1199, 1550-1599 instance 3 vlan 1200-1249, 1600-1649 instance 4 vlan 1250-1299, 1650-1699 instance 5 vlan 1300-1349, 1700-1749 instance 6 vlan 1350-1399, 1750-1799 instance 7 vlan 1400-1449, 1800-1849 instance 8 vlan 1450-1499, 1850-1899 instance 9 vlan 999 instance 10 vlan 101-102, 127-130, 3100-4000 instance 11 vlan 2-100, 103-126, 131-998, 1000-1005, 1024-1099 ! ! vlan 102 name RESIDENTIAL-ADSL ! vlan 127 name Mnmt_vlan ! vlan 64 name TAL vlan 65 name Wimax ! vlan 101 name Flatfee ! vlan 66 name RESIDENTIAL-MEN vlan 999 name mvr ! class-map match-any Platinum match cos 5 ! class-map match-any Silver match cos 2 3 ! class-map match-any Gold




match cos 4 6 7 ! policy-map out-qos class Platinum priority ! class Gold bandwidth remaining percent 33 queue-limit 272 queue-limit cos 6 200 queue-limit cos 7 200 queue-limit cos 4 272 ! class Silver bandwidth remaining percent 53 queue-limit 272 queue-limit cos 2 200 queue-limit cos 3 272 ¡ class class-default bandwidth remaining percent 14 access-list 190 remark DENY MS Loop-Holes and P2P Ports access-list 190 deny tcp any any eq 135 access-list 190 deny udp any any eq 135 access-list 190 deny tcp any any eq 137 access-list 190 deny udp any any eq netbios-ns access-list 190 deny tcp any any eq 138 access-list 190 deny udp any any eq netbios-dgm access-list 190 deny tcp any any eq 139 access-list 190 deny udp any any eq netbios-ss access-list 190 deny tcp any any eq 445 access-list 190 deny tcp any any eq 593 access-list 190 deny tcp any any eq 4444 access-list 190 remark DENY MS SQL Scans access-list 190 deny udp any any eq 1434 access-list 190 remark PERMIT everything else access-list 190 permit udp any host 10.248.12.29 eq tftp access-list 190 permit udp any host 10.29.3.31 eq tftp access-list 190 permit ip any any access-list 190 remark END ip access-list extended ALL-IP permit ip any any ip access-list extended PRIVATE_IP permit ip 192.168.0.0 0.0.0.255 any ! vlan access-map Block_PRIVATE_IP 10 action drop match ip address PRIVATE_IP vlan access-map Block_PRIVATE_IP 20 action forward match ip address ALL-IP ! vlan filter Block_PRIVATE_IP vlan-list 102




Ip access-list extended BIA Permit ip any any Ip access-list extended VOIP Permit ip 10.0.0.0 0.31.255.255 any Permit ip 10.64.0.0 0.31.255.255 any Permit ip 10.128.0.0 0.31.255.255 any Permit ip 10.192.0.0 0.31.255.255 any Class-map match-all BIA Match access-group name BIA Class-map match-all VOIP Match access-group name VOIP Policy-map RESIDENTIAL class VOIP set cos 5 set ip dscp 46 class class-default set cos 0 set ip dscp 0 ! interface Range FastEthernet0/1 - 16 description RESIDENTIAL switchport access vlan 66 switchport mode access switchport port-security maximum 5 switchport port-security switchport port-security aging time 1 switchport port-security violation restrict switchport port-security aging type inactivity service-policy input RESIDENTIAL ip access-group 190 in storm-control broadcast level 1.00 storm-control multicast level 1.00 storm-control action trap ip dhcp snooping limit rate 100 no snmp trap link-status mvr type receiver mvr immediate ip verify source no shut exit ! ! interface Range FastEthernet0/17 - 19 description “ To daisy Chain Switch Customers” switchport access vlan 66 switchport mode access switchport port-security maximum 20 switchport port-security switchport port-security aging time 1 switchport port-security violation restrict




switchport port-security aging type inactivity service-policy input RESIDENTIAL ip access-group 190 in storm-control broadcast level 1.00 storm-control multicast level 1.00 storm-control action trap ip dhcp snooping limit rate 100 no snmp trap link-status mvr type receiver mvr immediate ip verify source no shut exit ! interface Range FastEthernet0/20 - 24 description RESIDENTIAL switchport access vlan 66 switchport mode access switchport port-security maximum 5 switchport port-security switchport port-security aging time 1 switchport port-security violation restrict switchport port-security aging type inactivity service-policy input RESIDENTIAL ip access-group 190 in storm-control broadcast level 1.00 storm-control multicast level 1.00 storm-control action trap ip dhcp snooping limit rate 100 no snmp trap link-status mvr type receiver mvr immediate ip verify source no shut Exit ! interface GigabitEthernet0/1 description < Description as link discription > port-type nni switchport trunk allowed vlan 999,102,127,66 switchport mode trunk load-interval 30 ip dhcp snooping trust service-policy output out-qos flowcontrol receive off mvr type source mvr immediate ip arp inspection trust storm-control broadcast level 1.00 exit ! interface GigabitEthernet0/2 description < Description as link discription>




port-type nni switchport trunk allowed vlan 999,102,127,66 switchport mode trunk load-interval 30 ip dhcp snooping trust service-policy output out-qos flowcontrol receive off mvr type source mvr immediate ip arp inspection trust storm-control broadcast level 1.00 exit !

4.5 Config Template Using Huawei Devices : 4.5.1 Configuration on BAN- CX600

vlan 64 description *** BRAS Static *** # vlan 65 description *** BRAS WiMaX DHCP *** # vlan 66 description *** MEN BRAS DHCP *** # vlan 102 description *** BRAS ADSL DHCP *** # vlan 999 description *** IPTV MVR VLAN *** # acl number 2100 rule 10 deny udp destination-port eq netbios-ns rule 15 deny udp destination-port eq netbios-ssn rule 20 deny udp destination-port eq netbios-dgm rule 25 deny udp destination-port eq 135 rule 30 deny tcp destination-port eq 445 rule 35 deny tcp destination-port eq 135 rule 40 deny tcp destination-port eq 137 rule 45 deny tcp destination-port eq 138 rule 50 deny tcp destination-port eq 139 rule 55 deny tcp destination-port eq 593 rule 60 deny tcp destination-port eq 4444 rule 65 deny udp destination-port eq 1434 # traffic classifier virus-block if-match acl 2100 # traffic classifier default if-match any #




traffic behavior virus-block deny # traffic behavior default count permit # traffic policy broadnet share-mode classifier virus-block behavior virus-block classifier default behavior default # interface GigabitEthernet2/1/X-3/1/X description ****BN Layer 2 Ring No. X***** undo shutdown set flow-stat interval 10 portswitch port default vlan 4001 port trunk allow-pass vlan 1 64 to 66 102 127 999 stp point-to-point force-true stp no-agreement-check traffic-policy broadnet inbound vlan 64 to 66 traffic-policy broadnet inbound vlan 102 efm enable trust upstream default vlan 1 64 to 66 102 127 999 trust 8021p vlan 64 to 66 102 999 trust upstream default port-queue be wfq weight 33 port-wred nni-trunk-wred outbound port-queue af2 wfq weight 30 port-wred nni-trunk-wred outbound port-queue af4 wfq weight 40 port-wred nni-trunk-wred outbound port-queue ef pq shaping shaping-percentage 10 outbound # vlan 4000 description **** Super VLAN for BAI-Usage based **** aggregate-vlan access-vlan 65 66 102 # route-policy IAD permit node 10 if-match acl 2100 apply extcommunity rt X:X additive # acl number 2100 rule 5 permit ip source I.I.I.I 0.31.255.255 destination any rule 10 permit ip source d.d.d.d. 0.31.255.255 destination any # ip vpn-instance UBXXXX route-distinguisher Loopback0:RT1 export route-policy IAD vpn-target X:Z export-extcommunity vpn-target X:Z import-extcommunity # bgp 65000 # ipv4-family vpn-instance UBXXXX




import-route direct # interface Vlanif4000 description **** Dynamic Usage-Based Broadnet **** ip binding vpn-instance UBXXXX ip address a.a.a.a 24 ip address b.b.b.b 24 sub ip helper-address P.P.P.P ip helper-address P2.P2.P2.P2 dhcp select relay arp-proxy enable arp-proxy inter-sub-vlan-proxy enable arp-proxy inner-sub-vlan-proxy enable # interface Vlanif64 description *** STATIC BRAS ***** ip binding vpn-instance UBXXXX ip address b.b.b.b 24 # 4.5.2 Configuration on CX200D

# vlan 64 description *** BRAS Static *** igmp-snooping enable # vlan 65 description *** BRAS WiMaX DHCP *** igmp-snooping enable dhcp snooping enable dhcp snooping trusted interface GigabitEthernet0/0/1 dhcp snooping trusted interface GigabitEthernet0/0/2 # vlan 66 description *** MEN BRAS DHCP *** igmp-snooping enable dhcp snooping enable dhcp snooping trusted interface GigabitEthernet0/0/1 dhcp snooping trusted interface GigabitEthernet0/0/2 # vlan 102 description *** BRAS ADSL DHCP *** igmp-snooping enable dhcp snooping enable dhcp snooping trusted interface GigabitEthernet0/0/1 dhcp snooping trusted interface GigabitEthernet0/0/2 # vlan 999 description *** IPTV VLAN *** igmp-snooping enable igmp-snooping query-interval 10 multicast-vlan enable multicast user-vlan 64 to 66 multicast user-vlan 101 to 102




# stp region-configuration region-name reliance revision-level 1 instance 1 vlan 1100 to 1149 1500 to 1549 instance 2 vlan 1150 to 1199 1550 to 1599 instance 3 vlan 1200 to 1249 1600 to 1649 instance 4 vlan 1250 to 1299 1650 to 1699 instance 5 vlan 1300 to 1349 1700 to 1749 instance 6 vlan 1350 to 1399 1750 to 1799 instance 7 vlan 1400 to 1449 1800 to 1849 instance 8 vlan 1450 to 1499 1850 to 1899 instance 9 vlan 999 instance 10 vlan 101 to 102 127 to 130 3100 to 4000 instance 11 vlan 2 to 100 103 to 126 131 to 998 1000 to 1005 1024 to 1099 active region-configuration # acl number 3100 rule 5 deny udp destination-port eq tftp rule 10 deny udp destination-port eq netbios-ns rule 15 deny udp destination-port eq netbios-ssn rule 20 deny udp destination-port eq netbios-dgm rule 25 deny udp destination-port eq 135 rule 30 deny tcp destination-port eq 445 rule 35 deny tcp destination-port eq 135 rule 40 deny tcp destination-port eq 137 rule 45 deny tcp destination-port eq 138 rule 50 deny tcp destination-port eq 139 rule 55 deny tcp destination-port eq 593 rule 60 deny tcp destination-port eq 4444 rule 65 deny udp destination-port eq 1434 # acl number 3200 rule 5 permit ip source 10.0.0.0 0.31.255.255 destination any rule 10 permit ip source 10.64.0.0 0.31.255.255 destination any rule 15 permit ip source 10.128.0.0 0.31.255.255 destination any rule 20 permit ip source 10.192.0.0 0.31.255.255 destination any # acl number 3300 rule 5 permit udp destination 10.248.12.29 0 destination-port eq tftp rule 10 permit udp destination 10.29.3.31 0 destination-port eq tftp # traffic classifier IPTV-TFTP if-match acl 3300 # traffic classifier broadnet-voice if-match acl 3200 # traffic classifier virus-block if-match acl 3100 # traffic classifier default if-match any # traffic classifier smac if-match source-mac <BAN-Gateway-MAC>




# traffic behavior virus-block deny # traffic behavior smac deny # traffic behavior IPTV-TFTP remark 8021p 0 permit # traffic behavior default count remark 8021p 0 permit # traffic behavior broadnet-voice count remark 8021p 5 permit # traffic policy broadnet classifier IPTV-TFTP behavior IPTV-TFTP classifier virus-block behavior virus-block classifier smac behavior smac classifier broadnet-voice behavior broadnet-voice classifier default behavior default # interface Ethernet0/0/1 description ****UNI MEN BRAS Customer interface******** port link-type access port default vlan 66 undo ip-subnet-vlan enable broadcast-suppression 1 stp disable traffic-policy broadnet inbound dhcp snooping check arp enable dhcp snooping check ip enable dhcp snooping check dhcp-chaddr enable dhcp snooping check dhcp-request enable undo negotiation auto loopback-detect enable loopback-detect action block mac-table limit 10 port-security enable port-security protect-action restrict undo lldp enable

# interface GigabitEthernet0/0/1 description ***** NNI Trunk Interface**** broadcast-suppression 10 port link-type trunk port trunk allow-pass vlan 1 64 to 66 102 127 999 stp point-to-point force-true stp config-digest-snoop stp compliance dot1s




stp no-agreement-check trust 8021p qos drr qos drr queue-index 0 weight 30 qos drr queue-index 1 weight 10 qos drr queue-index 2 weight 20 qos drr queue-index 3 weight 10 qos drr queue-index 4 weight 20 qos drr queue-index 5 weight 0 qos drr queue-index 6 weight 0 qos drr queue-index 7 weight 0 qos queue ef cir 100000 pir 100000 negotiation auto jumboframe enable bpdu enable efm enable # interface GigabitEthernet0/0/2 description ***** NNI Trunk Interface**** broadcast-suppression 10 port link-type trunk port trunk allow-pass vlan 1 64 to 66 102 127 999 stp point-to-point force-true stp config-digest-snoop stp compliance dot1s stp no-agreement-check trust 8021p qos drr qos drr queue-index 0 weight 30 qos drr queue-index 1 weight 10 qos drr queue-index 2 weight 20 qos drr queue-index 3 weight 10 qos drr queue-index 4 weight 20 qos drr queue-index 5 weight 0 qos drr queue-index 6 weight 0 qos drr queue-index 7 weight 0 qos queue ef cir 100000 pir 100000 negotiation auto jumboframe enable bpdu enable efm enable




5 BROADNET SERVICE – Flat Fee

5.1 Indroduction Broadnet Flat Fee service allows customers to access internet without authentication. These customers

are charged a Flat amount monthly. No SLA is provided for throughput and service will be provided

on best effort. By default this service allows subscriber to get one static Public IP address and it has

option to provide additional IP address of Maximum 16. This service is provided on different last mile

like Ethernet, WiMax, ADSL and IP DSLAM.

5.2 Broadnet Flat Fee service Architecture The Broadnet Flat Fee service can be provided in two methods as below. Two VRFs will be created as

HUB and SPOKE. Hub is created in MCN and it is connecting to RDN Network directly or thru SSG.

BROADNET Flat Fee services will be provided on this method at the beginning. Once SSG with TAL

is enabled, then this service will be provided based on Method 2. Rate limiting of customer bandwidth

will be done at last mile devices like on BN switch, ADSL, Wimax and IP DLSAM. The service will

be provided by using one common residential Vlan 101 along with access-list which allows only

customer ip address as source ip address to any destination. This method of solution is shown in

figure1

The VRF will be created in MCN is named with IFFXXXX. From HUB VRF , default route will be

advertised to all SPOKE VRF keeping RDN ( Juniper IP address) ip address as next hop. SPOKE

VRF is created in BAN,MAN and MCN where customer is connected.

Figure 1:




5.3 Configuration Guidelines for BROADNET-Flat Fee

This section provides configuration guideline for MCN, MAN, BAN and BN devices and

usage of VRF name and Route Target

VRF Nomenclature : -

For Flat Fee at MCN

IFFXXXX, XXXX is four alphabet City code

For Flat Fee at BAN/MAN

FFXXXX, XXXX is four alphabet City code

RT Assignment :

City Name RT At MCN RT At BANN

Mumbai 100:100 100:101

Hyderabad 100:200 100:201

Chennai 100:300 100:301

Delhi 100:400 100:401

Bangalore 100:500 100:501

Pune 100:600 100:601

Kolkatta 100:700 100:701

Ahemdabad 100:800 100:801

Surat 100:900 100:901

5.4 Sample Configuration Template for MCN device

********************* VRF Configuration********************** ip vrf IFFMUMB ( Flat Fee Based Internet) rd 97.209.5.1:100 route-target export 100:100 route-target import 100:100 route-target import 100:101 **********Interface connected to BRAS or INTERNET PE************** interface GigabitEthernet x/y.XX ip vrf forwarding IFFMUMB ip address 220.224.194.1 255.255.255.252 (IP address as per IP Planning)




************** MP-BGP Configuration************************** router bgp 65000 address-family ipv4 vrf IFFMUMB redistribute connected redistribute static default-information originate no auto-summary no synchronization exit-address-family ******************* Routing *********************** ip route vrf IUBMUMB 0.0.0.0 0.0.0.0 220.224.184.237 ip route vrf IFFMUMB 0.0.0.0 0.0.0.0 gateway

5.5 Configuration Template for BAN/ MAN device

! ip vrf FFMUMB rd 97.209.5.3:101 route-target export 100:101 route-target import 100:101 route-target import 100:100 ! interface VlanXXX ip vrf forwarding FFMUMB ip address 220.227.236.1 255.255.255.252 ( WAN Pool for customer ) ! address-family ipv4 vrf FFMUMB redistribute connected redistribute static no auto-summary no synchronization exit-address-family

5.6 Configuration Template for BN Device

5.6.1 Configuration Template for Cisco 3550

Ingress Policing on BN mls qos mls qos aggregate-policer ingress-vlan101-BIA-NB-<fe0/X> <cir> <cbs> exceed-action drop ! mls qos cos policy-map ! policy-map ingress-vlan101-BIA-NB-<fe0/X> description “customer name-bandwidth-BIA” class class-default police aggregate ingress-vlan101-BIA-NB-fe0/2 set cos 0




! interface FastEthernet0/X description “customer name-b/w-BIA –NB” switchport switchport access vlan 101 switchport mode access switchport protected switchport port-security switchport port-security maximum 5 switchport port-security violation restrict switchport port-security aging time 1 switchport port-security aging type inactivity storm-control broadcast level 1 storm-control multicast level 1 storm-control action trap no cdp enable spanning-tree portfast spanning-tree guard root ip dhcp snooping limit rate 10 service-policy input ingress-vlan101-BIA-NB-<fe0/X> no shutdown

BA Uplink Port Configuration :-

interface GigabitEthernet0/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan add 101 switchport mode trunk load-interval 30 storm-control broadcast level 1 ip dhcp snooping trust no shutdown end ! interface GigabitEthernet0/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan add 101 switchport mode trunk load-interval 30 storm-control broadcast level 1 ip dhcp snooping trust no shutdown end

5.6.2 Configuration Template for ME3400

Ingress Policing on BN policer aggregate ingress-vlan101-BIA-NB-fe0/2 128000 24000 conform-action transmit exceed-action drop ! access-list 100 permit ip any any ! class-map match-all IP-traffic




description Class of traffic for IP traffic match access-group 100 ! class-map match-all vlan101-BIA-NB-fe0/2 match vlan 101 match class-map IP-traffic ! policy-map ingress-vlan101-BIA-NB-fe0/2 description "customer name-bandwidth-BIA" class vlan101-BIA-NB-fe0/2 police aggregate ingress-vlan101-BIA-NB-fe0/2 set cos 0

Egress Policing on BN

policer aggregate egress-vlan101-BIA-NB-fe0/2 128000 24000 conform-action transmit exceed-action drop ! class-map match-all vlan101-BIA-NB-DSCP0 match ip dscp default ! policy-map Flatfee-Gigport Description "All Flatfee customer -BIA" class vlan101-BIA-NB-DSCP0 set dscp default ! policy-map egress-vlan101-BIA-NB-fe0/2 description "customer name-bandwidth-BIA class vlan101-BIA-NB-DSCP0 police aggregate egress-vlan101-BIA-NB-fe0/2 priority ! interface FastEthernet0/2 description “customer name-b/w-BIA –NB” switchport switchport access vlan 101 switchport mode access switchport protected switchport port-security switchport port-security maximum 16 switchport port-security violation restrict switchport port-security aging time 1 switchport port-security aging type inactivity storm-control broadcast level 1 storm-control multicast level 1 storm-control action trap no cdp enable spanning-tree portfast spanning-tree guard root ip dhcp snooping limit rate 10 service-policy input ingress-vlan101-BIA-NB-fe0/2 service-policy output egress-vlan101-BIA-NB-fe0/2 no shutdown

Uplink port configuration




interface range GigabitEthernet0/1 -2 switchport trunk encapsulation dot1q switchport trunk allowed vlan add 101 switchport mode trunk load-interval 30 storm-control broadcast level 1 service-policy input Flatfee-Gigport

5.8 Config Template Using Huawei Devices :

5.8.1 Configuration on BAN- CX600 # vlan 101 description *** Flat Fee *** # vlan FFFF description **** Super VLAN for Broadnet Flat Fee **** # interface GigabitEthernet2/1/X-3/1/X description ****BN Layer 2 Ring No. X***** undo shutdown set flow-stat interval 10 portswitch port default vlan 4001 port trunk allow-pass vlan 1 64 to 66 101 102 127 999 stp point-to-point force-true stp no-agreement-check traffic-policy broadnet inbound vlan 101 efm enable trust upstream default vlan 1 64 to 66 101 102 127 999 trust 8021p vlan 64 to 66 101 102 999 trust upstream default port-queue be wfq weight 33 port-wred nni-trunk-wred outbound port-queue af2 wfq weight 30 port-wred nni-trunk-wred outbound port-queue af4 wfq weight 40 port-wred nni-trunk-wred outbound port-queue ef pq shaping shaping-percentage 10 outbound # ip vpn-instance FFXXXX route-distinguisher Loopback0:RT vpn-target X:Z export-extcommunity vpn-target X:Z import-extcommunity # bgp 65000 # ipv4-family vpn-instance FFXXXX import-route direct # interface Vlanif101 description **** Dynamic Usage-Based Broadnet **** ip binding vpn-instance FFXXXX




ip address a.a.a.a 24 arp-proxy enable arp-proxy inner-sub-vlan-proxy enable

5.8.2 Configuration on CX200D

# vlan 101 description *** Broadnet Flat Fee *** # acl number 3100 rule 10 deny udp destination-port eq netbios-ns rule 15 deny udp destination-port eq netbios-ssn rule 20 deny udp destination-port eq netbios-dgm rule 25 deny udp destination-port eq 135 rule 30 deny tcp destination-port eq 445 rule 35 deny tcp destination-port eq 135 rule 40 deny tcp destination-port eq 137 rule 45 deny tcp destination-port eq 138 rule 50 deny tcp destination-port eq 139 rule 55 deny tcp destination-port eq 593 rule 60 deny tcp destination-port eq 4444 rule 65 deny udp destination-port eq 1434 # acl number 3300 rule 5 permit udp destination 10.248.12.29 0 destination-port eq tftp rule 10 permit udp destination 10.29.3.31 0 destination-port eq tftp # traffic classifier virus-block if-match acl 3100 # traffic classifier IPTV-TFTP if-match acl 3300 # traffic classifier ff-speed-policer if-match any # traffic behavior virus-block deny # traffic behavior IPTV-TFTP remark 8021p 0 permit # traffic behavior ff-speed-policer car cir <customer-cir-speed> cbs <burst-size> green pass remark-8021p 0 yellow discard red discard # traffic policy FF-Broadnet classifier IPTV-TFTP behavior IPTV-TFTP classifier virus-block behavior virus-block classifier ff-speed-policer behavior ff-speed-policer # interface Ethernet0/0/1




description ****UNI MEN BRAS Customer interface******** port link-type access port default vlan 101 undo ip-subnet-vlan enable broadcast-suppression 1 stp disable traffic-policy FF-Broadnet inbound qos lr cir <customer-cir-speed> cbs <burst-size> undo negotiation auto loopback-detect enable loopback-detect action block mac-table limit 10 port-security enable port-security protect-action restrict undo lldp enable # interface GigabitEthernet0/0/1 description ***** NNI Trunk Interface**** broadcast-suppression 10 port link-type trunk port trunk allow-pass vlan 1 64 to 66 101 102 127 999 stp point-to-point force-true stp config-digest-snoop stp compliance dot1s stp no-agreement-check trust 8021p qos drr qos drr queue-index 0 weight 30 qos drr queue-index 1 weight 10 qos drr queue-index 2 weight 20 qos drr queue-index 3 weight 10 qos drr queue-index 4 weight 20 qos drr queue-index 5 weight 0 qos drr queue-index 6 weight 0 qos drr queue-index 7 weight 0 qos queue ef cir 100000 pir 100000 negotiation auto jumboframe enable bpdu enable efm enable # interface GigabitEthernet0/0/2 description ***** NNI Trunk Interface**** broadcast-suppression 10 port link-type trunk port trunk allow-pass vlan 1 64 to 66 101 102 127 999 stp point-to-point force-true stp config-digest-snoop stp compliance dot1s stp no-agreement-check trust 8021p qos drr qos drr queue-index 0 weight 30 qos drr queue-index 1 weight 10 qos drr queue-index 2 weight 20




qos drr queue-index 3 weight 10 qos drr queue-index 4 weight 20 qos drr queue-index 5 weight 0 qos drr queue-index 6 weight 0 qos drr queue-index 7 weight 0 qos queue ef cir 100000 pir 100000 negotiation auto jumboframe enable bpdu enable efm enable

6 Backhaul Creation for Wimax and LMDS last miles

6.1 Configuration Template for creating WIMAX and LMDS backhaul on

Cisco

6.1.1 Configuration on BAN-C7609 :-

! ip vrf LMDSMNGN rd <loopback0:RT1> route-target export X:A route-target import X:A route-target import 500:6002 ! ! ip vrf WIMAXMGNMT rd <loopback0:RT2> route-target export Y:B route-target import Y:B ! vlan 3101 name RIC_LMDS ! vlan 3106 name WIMAXMGNMT ! interface Vlan3101 description < as per NDD > ip vrf forwarding LMDSMNGN ip address x.x.x.x 255.255.255.248 ! interface Vlan3106 description < as per NDD > ip vrf forwarding WIMAXMGNMT ip dhcp relay information trusted ip address y.y.y.y 255.255.252.0 ip helper-address a.a.a.a ip helper-address b.b.b.b load-interval 30




! router bgp 65000 ! address-family ipv4 vrf WIMAXMGNMT no synchronization redistribute connected exit-address-family ! address-family ipv4 vrf LMDSMNGN no synchronization redistribute connected exit-address-family

!

6.1.2 Configuration on BN-C3400/3550/ME3750 :- ! vlan 3106 name WIMAX ! Vlan 3101 name LMDS ! interface GigabitEthernet0/1 description < as per NDD > port-type nni switchport trunk allowed vlan 64-66,101,102,127-130,212,999,1100-1899, 3101, 3106 switchport mode trunk ip arp inspection trust service-policy output out-qos load-interval 30 mvr type source mvr immediate storm-control broadcast level 10.00 ip dhcp snooping trust ! interface GigabitEthernet0/2 description < as per NDD > port-type nni switchport trunk allowed vlan 64-66,101,102,127-130,212,999,1100-1899, 3101, 3106 switchport mode trunk ip arp inspection trust service-policy output out-qos load-interval 30 mvr type source mvr immediate storm-control broadcast level 10.00 ip dhcp snooping trust

!

6.2 Configuration Template for creating WIMAX and LMDS backhaul on

Huawei :




6.2.1 Configuration on BAN- CX600

vlan 3101 description LMDS # vlan 3106

description WIMAX # interface GigabitEthernet2/1/X-3/1/X description ****BN Layer 2 Ring No. X***** undo shutdown set flow-stat interval 10 portswitch port default vlan 4001 port trunk allow-pass vlan 1 64 to 66 102 127 999 3101 3106 stp point-to-point force-true stp no-agreement-check traffic-policy broadnet inbound vlan 64 to 66 traffic-policy broadnet inbound vlan 102 efm enable trust upstream default vlan 1 64 to 66 102 127 999 trust 8021p vlan 64 to 66 102 999 trust upstream default port-queue be wfq weight 33 port-wred nni-trunk-wred outbound port-queue af2 wfq weight 30 port-wred nni-trunk-wred outbound port-queue af4 wfq weight 40 port-wred nni-trunk-wred outbound port-queue ef pq shaping shaping-percentage 10 outbound # ip vpn-instance WIMAXMGNMT route-distinguisher Loopback0:RT1 vpn-target Y:B export-extcommunity vpn-target Y:B import-extcommunity # ip vpn-instance LMDSMNGN route-distinguisher Loopback0:RT2 vpn-target X:A export-extcommunity vpn-target X:B import-extcommunity # bgp 65000 # ipv4-family vpn-instance WIMAXMGNMT import-route direct # # ipv4-family vpn-instance LMDSMNGN import-route direct # interface Vlanif3101 description **** LMDS Management**** ip binding vpn-instance LMDSMNGN




ip address a.a.a.a 24 ip address b.b.b.b 24 sub ip helper-address P.P.P.P ip helper-address P2.P2.P2.P2 dhcp select relay # interface Vlanif3106 description *** Wimax Management ***** ip binding vpn-instance WIMAXMGNMT ip address C.C.C.C 24 ip helper-address P.P.P.P ip helper-address P2.P2.P2.P2 dhcp select relay #

6.2.2 Configuration on CX200D

# vlan 3101 description *** LMDS Management *** # vlan 3106 description *** Wimax Management *** # interface GigabitEthernet0/0/1 description ***** NNI Trunk Interface**** broadcast-suppression 10 port link-type trunk port trunk allow-pass vlan 1 64 to 66 102 127 999 3101 3106 stp point-to-point force-true stp config-digest-snoop stp compliance dot1s stp no-agreement-check trust 8021p qos drr qos drr queue-index 0 weight 30 qos drr queue-index 1 weight 10 qos drr queue-index 2 weight 20 qos drr queue-index 3 weight 10 qos drr queue-index 4 weight 20 qos drr queue-index 5 weight 0 qos drr queue-index 6 weight 0 qos drr queue-index 7 weight 0 qos queue ef cir 100000 pir 100000 negotiation auto jumboframe enable bpdu enable efm enable # interface GigabitEthernet0/0/2 description ***** NNI Trunk Interface****




broadcast-suppression 10 port link-type trunk port trunk allow-pass vlan 1 64 to 66 102 127 999 3101 3106 stp point-to-point force-true stp config-digest-snoop stp compliance dot1s stp no-agreement-check trust 8021p qos drr qos drr queue-index 0 weight 30 qos drr queue-index 1 weight 10 qos drr queue-index 2 weight 20 qos drr queue-index 3 weight 10 qos drr queue-index 4 weight 20 qos drr queue-index 5 weight 0 qos drr queue-index 6 weight 0 qos drr queue-index 7 weight 0 qos queue ef cir 100000 pir 100000 negotiation auto jumboframe enable bpdu enable efm enable

Documents

Broadnet Architecture and Guideline-V1.0