This chapter outlines the steps to install and run Oracle Communications IP Service Activator. For more detailed information about installing IP Service Activator, see IP Service Activator Installation Guide.
Customizing IP Service Activator for your network and applying services and policies to it requires the following steps:
Install the system.
Configure the system.
Set up global (system and domain) information.
Define policy roles and role assignment rules.
Discover the network and set up device information.
Set up VPN services.
Set up basic policy data.
Set up QoS or security policies.
Set up SLA monitoring.
In a normal distributed operation, IP Service Activator components are installed on multiple hosts. For tests and evaluations, we recommend that you install a single host system. This allows you to become familiar with IP Service Activator before installing a fully-operational distributed system. We also recommend that the test environment represent the live deployment, based on the performance guidelines.
For full details of the installation process, see IP Service Activator Installation Guide.
After installation of IP Service Activator, there are a number of configuration tasks that must be performed. Some of the aspects that must be configured include setting the IP addresses and ports for the different components of IP Service Activator, specifying connectivity information for the database, specifying which components of IP Service Activator to run, and setting tuning parameters for the various components.
For full details of the installation process, see IP Service Activator System Administrator's Guide.
There are a number of tasks that you should do immediately after installation. These include the following:
Setting up system users and groups: one initial system user is created the first time you log in. You need to set up security options for that user and create additional user groups and users.
Setting up domains: you can set up multiple domains. Autonomous System (AS) regions can be configured globally, and multiple AS regions can be configured on a domain. Device AS regions override global AS configurations.
Loading basic configuration data: you can install set-up files for each domain that automatically create the basic data that you need when setting up services and policies.
These tasks are described in detail in IP Service Activator System Administrator's Guide.
In IP Service Activator, roles provide the meeting point between policy elements and policy targets, such as devices, interfaces, and sub-interfaces. The roles you need to set up depend on the service or policy you plan to implement:
IP Service Activator provides a set of system-defined roles. In order to configure MPLS VPNs, you must apply these roles to the devices and interfaces that are to be managed.
User-defined roles can be created and assigned to policy targets.
See "Defining and Applying Roles" for more information about defining roles.
The next step is to set up details of the network for each domain that you are managing. You do this by running a device discovery process that uses SNMP to find out information about devices and connected segments. The discovery process does the following:
Finds out details of the devices, segments, and hosts in the network
Assigns devices to the network processors that will manage them
Sets up the security parameters that IP Service Activator needs to configure devices
Ascertains the capabilities of devices and interfaces, indicating the QoS, access control, measurement, and VPN features that are available
Before running the discovery process you must set up certain device-specific information, and after discovery is complete you must set up IP Service Activator to manage the devices.
See "Discovering and Setting Up the Network" for full details about discovering devices and the tasks you must perform before and after device discovery.
The topology map provides a visual representation of the discovered network.
If IP Service Activator is set to map the network automatically, nodes are added to the topology map as they are discovered. By default, discovered nodes must be mapped manually when the discovery process is complete.
See "Representing and Mapping Objects" for information about mapping the network.
After discovering the devices and network interfaces, creating new network interfaces as required, and mapping the network, you can create the VPN services that you want to implement in each domain:
Multi-Protocol Label Switching VPNs (MPLS VPNs): Set up a VPN by defining customers and sites and specifying how sites are linked together.
Transparent LAN Service (TLS): Set up a TLS by defining customers and layer 2 sites that specify the criteria on which access to the TLS is based. Layer 2 sites are linked together in a TLS object.
Layer 2 VPNs (VPLS): Set up a Layer 2 VPLS VPN as a way to provide Ethernet-based multipoint-to-multipoint communication over IP or MPLS networks. It allows geographically dispersed sites to share an Ethernet broadcast domain by connecting sites through pseudo-wires.
Martini Layer 2 VPNs: Set up a Martini Layer 2 VPN by defining customers, creating the Layer 2 Martini VPN and linking Martini endpoints. Layer 2 Martini VPNs are specific to Cisco and Juniper M-series devices.
VRF-Lite: Set up VRF-Lite by logically partitioning a CE device into groups of interfaces, creating a Virtual CE object, and associating the interfaces from the physical CE to the Virtual CEs.
For more information about VPN services, see IP Service Activator VPN User's Guide.
If you plan to implement a QoS or security policy, you need to set up the basic data used in configuring these elements.
Class of service information: defining how differentiated services are being used. You need to set this up if you are setting up a QoS policy.
Rule components: traffic types, classifications, IP protocols, packet markings, and date and time templates, used when setting up QoS and policy rules.
For information about setting up basic data, see IP Service Activator QoS User's Guide.
If you have set up basic policy data, you can create the policies that you want to implement in each domain.
QoS policies: classification rules, policing rules and PHB groups can be implemented to manage and prioritize categories of traffic at any point in the network.
Access control policies: access rules can be set up to deny or explicitly permit defined categories of traffic.
For more information about setting up QoS policies, see IP Service Activator QoS User's Guide.
IP Service Activator integrates with third-party reporting tools to provide SLA monitoring. Various measurement types are available to generate the source data for reporting:
Service Assurance Agent (SAA) enables you to monitor point-to-point connections in an MPLS VPN or a measurement-only VPN.
NetFlow and MIB-based measurements enable you to monitor activity at a specific point in the network.
For more information about setting up SLA monitoring, see IP Service Activator Network and SLA Monitoring Guide, which provides details of setting up SLA measurement within IP Service Activator.
IP Service Activator uses a transaction-based model for updating the system and implementing configuration changes. This means that you can make changes through the IP Service Activator client and implement them immediately or save them in a pending state and implement them at another time.
Each transaction has a status on it. Transaction monitor connects to the IP Service Activator Policy Server through the OSS Integration Manager (OIM) and allows upstream systems to confirm that activation transactions have been successfully applied to network elements. See IP Service Activator System Administrator's Guide for more information.
The tasks associated with initial system setup are generally performed by a single user as a one-time task. You can implement these changes immediately. For implementing VPN services and setting up policies, you can break down configuration changes into a number of transactions and perform a phased implementation.
See "Working with Transactions" for more information about transactions.