AA ISA groups

An AA ISA group allows operators to group multiple AA ISAs into one of several logical groups for consistent management of AA resources and policies across multiple AA ISA cards configured for that group. The following operations can be performed at the group level:

• Define one or multiple AA ISA groups to allow AA resource partitioning/reservation for different types of AA service.

• Define the AA subscriber scale mode for the group. Various scales for residential, VPN, and lightweight-Internet (used for WLAN-GW distributed subscriber management) modes are supported.

• Assign physical AA ISAs to a group.

• Select forwarding classes to be diverted for inspection by the AA subscribers belonging to the group and select the AA policy to be applied to the group.

• Configure redundancy and bypass mode features to protect against equipment failure.

• Configure QoS on IOMs which host AA ISAs for traffic toward AA ISAs and from AA ISAs.

• Configure ISA capacity planning using low and high thresholds.

• Enable partitions of a group.

• Configure the ISA traffic overload behavior for the group to either back pressure to the host IOM (resulting in possible network QoS-based discards) or to cut-through packets through the ISA without full AA processing. Cut-through is typically enabled for AA VPN groups but not for residential groups.

Residential services is an example where all AA services may be configured as part of a single group encompassing all AA ISAs, for operator-defined AA service. This provides management of common applications and reporting for all subscribers and services, with common or per customer AQP (using ASOs characteristics to divide AA group’s AQP into per app-profile QoS policies).

Multiple groups can be further used to create separate services based on different sets of common applications, different traffic divert needs (such as for capacity planning) or different redundancy models. Multiple groups may be used:

• when there is a mix of residential and business customers

• among different business VPN verticals

• for business services with a common template base but different levels of redundancy, different FC divert, or scaling over what is supported per single group

• when system level status statistics have AA ISA group/partition scope of visibility