NetOP NAS Policy Intro

NetOp Policy Manager: Enabling New Value-added Services over Broadband Networks

After overcoming many technical and operational

issues, broadband service providers must now

address the key business challenges of

accelerating profitability and growing new markets.

Redback's NetOp Policy Manager enables service

providers to supplement basic broadband

connectivity with value-added IP services that

generate new revenue, improve customer retention

and increase ROI.

White Paper

User Intelligent Networks™

Redback Networks White Paper

IntroductionSince 1997, the build-out of DSL has overcome a number of criticalnetwork and operational issues. These issues included:� A lack of established standards� Little or no interoperability amongst vendors� No self-provisioning� Back-office integration and billing issues� Extending the reach of DSL to more subscribers

Each of these issues has been systematically addressed over thepast five years through the work of standards bodies, investmentinto provisioning software and integration projects. Still, two keychallenges remain:� Accelerate profitability of sunk DSL investments� Stem the slowing growth rate of DSL subscriptions

Before DSL service providers can justify the next round of capitalexpenditure necessary to build their next-generation broadbandarchitecture, they must overcome these challenges.

Analysts agree that inserting some basic IP services over simpleconnectivity will be the catalyst for the next wave of steep growthin DSL uptake. To leverage existing investments in DSLAMdeployments and drive free cash flow to the bottom line, serviceproviders must offer entry-level connectivity prices comparable todialup, while layering on a compelling menu of services.

To enable service providers to address these issues and support avariety of services, Redback Networks has introduced the NetOp™Policy Manager (NetOp PM). NetOp PM allows providers tosupplement their existing broadband networks with acomprehensive policy management solution. NetOp PM possessesthe flexibility to allow service providers to quickly deploy low riskrevenue generating services such as self provisioned tieredbandwidth, and then offer more complex services such as videomulticast when the provider gains experience and confidence insupporting value added services.

The importance of service bundlingDespite the much-hyped growth of DSL worldwide, existing DSLAMnetwork assets remain grossly underutilized (see Figure 1).

Subscriber growth, which routinely grew 15% to 25% quarter overquarter (qoq), has slowed to a less than 10% qoq growth rate. TheDSL industry has become sluggish as the pool of innovators andearly adopters of DSL subscribers dwindles. Vanilla DSLconnectivity has clearly entered "The Chasm," coined by GeoffreyMoore in Crossing the Chasm, and providers must find ways toentice the next wave of early majority and late adopters -- the next25-30 million potential DSL subscribers who are waiting for acompelling reason to sign up. Although DSL has attracted roughly17 million users in North America, there are still about 55 milliondialup subscribers, all of which are potential DSL users.

Lessons learned from the evolution of other mature industries canbe applied to the telecommunications industry and thedeployment of such technologies as DSL. The fast food industryprovides a strong analogy. Since its inception in the 1960's, theindustry evolved slowly, as did telecommunications, but alsoquite dramatically. Market leader McDonald's began by offering asimple menu consisting of stand-alone items: two or three typesof burgers, fries, various soft drinks and shakes.

However, as competition increased and revenue became sluggish,McDonald's looked for other potential revenue streams andcustomer incentives that could be offered without increasingcapital expenses. Soon bundled items like Happy Meals-combining multiple menu items-appeared on an expanded menu,as did breakfast items. The company began offering dollar menusand senior discounts as well. The new bundled items simplifiedthe ordering process and encouraged spending, while enticingcustomers with worthwhile deals. Lastly, as its customers took ona fast-paced lifestyle, McDonald's upgraded new and existingfranchises to include drive-through service, another effectiveincentive.

Similar to McDonald's cautious beginnings, players in the DSLmarket began by offering only flat-rate connectivity pricing, relyingon the benefits "always-on" and "fast" to attract new users. Butthe pool of potential subscribers willing to pay high flat rates forthose two benefits has been saturated, and new incentives mustbe developed and implemented to catch a new wave of users.

Bundled services such as tiered bandwidth, usage or time basedpricing; WiFi, VPN, security services (URL parental controls, anti-virus, firewall) and personal back-up can be deployed with theexisting DSL network and operational infrastructure. Securityservices typically require a small incremental investment, but noarchitectural changes. Such additional bundled services will fuelfree cash flow to the bottom line to help accelerate the build-outof the next-generation DSL architecture (see Figure 2). Just asMcDonald's responded to customers' lifestyle changes by makingordering faster and easier, DSL providers can later add the abilityto upgrade the current DSL architecture for tiered bandwidth,differentiated traffic, and new advanced services such as IP TV.

2

Figure 1: The growth of DSL users has slowed dramatically as the number of earlyadopters taper off. IP services will encourage increased growth amongpotential subscribers.


3

The role of NetOp Policy ManagerNetOp Policy Manager enables service providers to supplementtheir already deployed DSL networks with a comprehensive policymanagement solution. NetOp PM possesses the flexibility to allowservice providers to quickly deploy low risk revenue generatingservices such as self provisioned tiered bandwidth, and then offermore complex services such as video multicast when the providergains experience and confidence in supporting value addedservices.

In line with Redback's User Intelligent NetworkTM (UIN) vision,NetOp PM works with Redback's SMSTM and SmartEdge®

platforms, leveraging the strengths of both platforms to offer valueadded services in a cost-effective manner. NetOp PM allowsservice delivery to millions of subscribers over multiple broadbandaccess technologies, including DSL but also encompassingWireless Fidelity (Wi-Fi), cable, and Ethernet.

The NetOp PM architecture is primarily composed of the followingcomponents (see Figure 3):� NetOp Policy Manager software with accompanying subscriber

database� Redback SMS and/or SmartEdge� Service Web portal

The broadband subscriber can use a service Web portal tologin, sign up for a service, or change an existing service. Theservice portal delivers a service order to NetOp PM, whichauthenticates the subscriber and then implements the orderby provisioning the appropriate policies on the SMS orSmartEdge device. The service portal is not specificallyrequired for authentication, as NetOp PM can rely on anattribute such as the subscriber's PPP username or MACaddress for DHCP authentication.

The NetOp PM architecture primarily uses the RADIUS protocolfor subscriber authentication and service delivery. The SMS orSmartEdge relies on RADIUS to authenticate subscribers anddownload policies using RADIUS attributes in a subscriber'sprofile such as amount of bandwidth and packet classification.NetOp PM acts as the RADIUS server, retrieving from andupdating all subscriber information in a SQL database.

NetOp PM also communicates with a backend OSS/BSS viaRADIUS messages or an API that allows backend systems tointerface directly with NetOp PM. If a wholesale/retailarchitecture is in place with other RADIUS servers, NetOp PMwill act as a RADIUS proxy, forwarding all messages to theseservers. In a non-wholesale environment, NetOp PM can alsoproxy RADIUS messages to other RADIUS servers.

NetOp Policy Manager services

Web LoginOne of the basic services supported by NetOp PM is WebLogin, where a subscriber uses a Web service portal to login tothe system (See Figure 4). When the subscriber first starts thebroadband session, all traffic is directed toward this serviceportal. The subscriber enters authentication information intothe portal, such as username and password. The service portaltransfers this information to NetOp PM, which then uses thesubscriber database to verify subscriber authentication. Afterauthentication, NetOp downloads policy information for thissubscriber from the database and then uses it to configure theappropriate services on the SMS or SmartEdge network device.The subscriber now has full access.

Figure 3: NetOp Policy Manager technical architecture

Figure 2: Adding IP services will increase free cash flow (FCF).

Figure 4: Web Login


4

Tiered BandwidthWith the Tiered Bandwidth service, the subscriber uses theservice portal to change the bandwidth level instead of merelylogging in. After the change has been made on the service portal,the portal updates NetOp PM, which writes the change to thedatabase and then performs a Policy Refresh on the SMS orSmartEdge. This has the effect of applying the new policies andenabling the service for the subscriber. Appropriate billinginformation for the service change is also generated.

Access based on Volume, Duration, or Time of DayWith this service, subscriber access can be based on a number offactors: Volume (bytes downloaded), Duration (hours or minutesof total online access), or Time of Day (access only granted atspecific times). All accounting data are stored in the NetOp PMdatabase, so the system is aware of how long the subscriber hasbeen online and how many bytes have been downloaded. Once athreshold such as bytes downloaded has been exceeded, NetOpPM configures the SMS or SmartEdge to perform a specifiedaction such as disconnecting the subscriber or rate limitingaccess. NetOp PM can also force the subscriber to be redirectedto the service portal in order to purchase more online time or theability to download more bytes.

These services enable new billing models, helping to diversify thesubscriber base and increase service penetration. For example,providers can charge lower prices for services that are onlyoffered at certain times of the day or only allow a specific amountof content to be downloaded. Dialup customers may therefore beencouraged to migrate to broadband because of the low pricepoints.

Wi-Fi AccessWi-Fi Access works very similarly to the Web Login service (SeeFigure 5). The Wi-Fi access points are connected to the DSLconnection via Ethernet. As with Web Login, the Wi-Fi subscriberuses the service portal to login, and then the NetOp PM Serverconfigures policy information for the subscriber on theSmartEdge or SMS. Wi-Fi Access supports flexible billing, so asubscriber can be charged per minute, for example, or an existingDSL subscriber can also use the same account for Wi-Fi Access.Additionally, 802.1x with Extensible Authentication Protocol (EAP)are supported for greater wireless security.

Dynamic Quality of ServiceNetOp PM must ensure sufficient Quality of Service for videoor voice traffic where video or voice packets are prioritizedover others. Otherwise crucial packets can be dropped ordelayed, resulting in a suboptimal session. As a new sessionis established, the video or voice middleware notifies NetOpPM of this event. NetOp PM then dynamically configures theSMS or SmartEdge platform to prioritize the video or voicepackets and send out the appropriate billing messages. Afterthe session is complete, the packets are no longer prioritized.

Video StreamingFor Video Streaming services, NetOp PM supports both IP TVand Video on Demand. The broadband subscriber uses theWeb service portal (see Figure 7) to determine which groupsof channels to have access to. The video content itself is sentto the subscriber's PC or set-top box via multicast streaming.Because a sophisticated video infrastructure is used to sendthe content to the subscriber, there must be coordinationbetween the video "middleware" and NetOp PM. When thevideo infrastructure sends content to the subscriber, itinforms NetOp PM so can dynamically configure the SMS orSmartEdge device to prioritize video traffic and alsocoordinate billing.

Figure 7: Dynamic Quality of ServiceFigure 5: Access based on Volume, Time of Day, or Duration

Figure 6: Wi-Fi Access


5

Features and benefits of NetOp Policy ManagerRADIUS as integrated mechanism for AAA and service deliveryNetOp PM uses the RADIUS protocol for authentication,authorization, and accounting (AAA) and service delivery (seeFigure 9). RADIUS is widely deployed by service providers, beingoperationally proven with a large install base. RADIUS serverscan be deployed in a load balancing configuration, offeringscalability and redundancy. Because RADIUS is used for bothAAA and service delivery, no new protocols need to beintroduced in the network, reducing complexity and expense.

Furthermore, subscriber attributes are mapped into RADIUS asVendor Specific Attributes (VSAs). New subscriber attributes areeasily added by creating new VSAs and new database fields inthe subscriber database.

Open and flexible XML API with service portal flexibilityNetOp PM's support of an open XML API enables seamlessintegration with third party custom portals or a backendOSS/BSS. Service providers have flexibility in choosing a serviceportal that meets their needs. They can begin a service rolloutwith the bundled NetOp PM lightweight portal and then latermigrate to a custom or off the shelf portal with more advancedfeatures.

GUI tool for policy creation and managementNetOp PM provides a GUI to create and manage servicesconsisting of multiple policies. This easy-to-use tool facilitatestraining for operations personnel, as rampup time is shortened.

Multiple methods of subscriber accessNetOp PM supports subscriber access in both PPP client orclientless (DHCP) modes. Different end devices such as PC, set-top box, and Wi-Fi phone are supported as well as multiplenetwork transport methods such as DSL, cable, Ethernet, and Wi-Fi, etc.

Customizable for different platformsThe source code for NetOp PM can be modified by integrators orcarriers to a) add new features thereby allowing them to enablenew services without having to wait for a new release; and b)enable NetOp PM to work with other hardware devices or networkarchitectures.

Deploying services with NetOp Policy ManagerOnce the NetOp Policy Manager software and service portal areimplemented in the network, providers can begin to offer anynumber of IP services. For example, a customer might choose tosign up for bandwidth services at 256k or 348k, paying a flatmonthly fee of just $29.95 or $34.95 per month respectively.Alternatively, a carrier may introduce a time-based service toconvert dial-up subscribers to DSL. Conversely, many dial-upsubscribers use their Internet connection for only five hours amonth. Now a carrier could introduce a $19.95 plan for 8 or fewerhours per month and upsell subscribers once they see thebenefits of a faster always-on connection (see Table 1).

Based upon a positive business case, the service provider caneasily add on network-based security services such as URLfiltering, anti-virus or firewall and charge an incremental fee of$3.00 per month, respectively. Services offered to small andmedium businesses such as VPNs and online storage of key datacan also fuel free cash flow. By providing low-cost connectivityand the ability to inexpensively add on numerous compellingservices as needed, providers can more easily attract newcustomers and provide incentive to spend more money down the line.

Redback's sophisticated Redback IP Services Business Case,endorsed by The Yankee Group, can assist providers to computefree cash flow based on a number of parameters for each of theservices listed in Tables 1 and 2. For more information on theRedback IP Services Business Case, please visitwww.redback.com.

Figure 8: Video streaming

Figure 9: RADIUS protocol used for subscriber AAA and service delivery


6

Bandwidth Services Example Price per Month Description

256Kbps $24.95 Up to 150MB

384Kbps $34.95 Up to 150MB

1Mbps $44.95 Up to 150MB

Time based (up to 8 hours) $19.95 Up to 150MB

Unlimited usage $59.95

Wi-Fi access at hot-spots $9.95

Security & Back up Services

Back up Storage Free 100MB

Additional Storage $2.00 per additional 100MB

Web Hosting $8.95 includes domain name

Firewall $3.00

Parental Control/URL Filtering $3.00

Virus Scanning $3.00

Intrusion Detection $3.00

Content & Gaming Services

Video Conferencing/Video Telephony $15.00

Point to Point $0.10 per minute

Point to Multi-point $0.25 per minute

Basic Broadcast TV $39.95 1 set top box

Premium Broadcast TV $49.95 1 set top box

Near Video on Demand $3.95 per movie

MPEG Music $9.95

Interactive Gaming $3.00 unlimited games

Interactive Gaming $9.95 per game

Table 1. Example of a Stand-Alone IP Services Menu


7

Bandwidth Services Example Price per Month Description

256Kbps + Wi-Fi $36.95 Up to 150MB

384Kbps + Wi-Fi $46.95 Up to 150MB

1Mbps + Wi-Fi $56.95 Up to 150MB

Usage (bytes) + Wi-Fi $25.95 256k; Up to 50MB

Unlimited usage + Wi-Fi $59.95

Security & Back up Services

Back up Storage + Parental Control $4.00 250MB

Additional Storage $2.00 per additional 100MB

Web Hosting $8.95 includes domain name

Firewall + Anti-Virus $5.00

Firewall + Anti-Virus + Parental control $7.50

Intrusion Detection + Firewall $7.00

All Security & Back up Services $12.95

Content & Gaming Services

Video Conferencing/Video Bundled with TV

Telephony (VC/VT)

Point to Point $0.10 per minute

Point to Multi-point $0.25 per minute

Basic Broadcast TV + NVOD $45.95 1 set top box; 5 movies

Premium Broadcast TV + NVOD $55.95 1 set top box; 5 movies

Basic Broadcast TV + VC/VT $49.95 per minute charges apply

Premium Broadcast TV + VC/VT $59.95 per minute charges apply

MPEG Music $9.95 No bundle due to wholesale

Interactive Gaming $3.00 No bundle due to wholesale

Table 2. Example of a Bundled IP Services Menu

Product Specifications are subject to change without notice.REDBACK and SmartEdge are trademarks registered at the U.S. Patent & Trademark Office and in other countries. User Intelligent Networks, SMS and NetOp are trademarks or service marks of Redback Networks Inc. All other products or services mentioned are the trademark, service marks, registered trademarks or registered service marks of their respective owners.

©2003 Redback Networks Inc. All Rights Reserved.

For further informationSmartEdge Service GatewayProduct [email protected]

w w w . r e d b a c k . c o m

User Intelligent Networks™

North & South America

Corporate Headquarters300 Holger WaySan Jose, CA 95134-1362USA Tel: +408 750 5000Fax: +408 750 5599

Asia Pacific

APAC HeadquartersRm 1615, 16/F ChinaMerchants Tower Shun Tak Centre 168-200Connaught Road CentralHong Kong, ChinaTel: +852 2587 8832 Fax: +852 2587 7119

Europe, Middle East & Africa

EMEA HeadquartersMax Euwelaan 61 3062 MA Rotterdam The NetherlandsTel: +31 10 498 77 66 Fax: +31 10 498 77 88

SummaryNetOp Policy Manager enables service providers to adopt an evolutionary path to build a solid but flexible IP services architecture.Providers can leverage existing investments in network equipment, easily add on RADIUS-based NetOp PM policy managementsoftware and service portals, and begin to offer the compelling services needed to capture new DSL users. As service providerscontinue to grow their subscriber bases and increase their average revenue per user (ARPU), the new services-based infrastructure willmake it possible to evolve to the next-generation DSL architecture and roll out more advanced services, such as video and gaming. It isthis seamless progression toward a fully optimized service delivery strategy that will define the playing field for service providersmoving forward.

RB-WP-SG-0803

NetOP NAS Policy Intro

Documents

Transcript of NetOP NAS Policy Intro