Beruflich Dokumente
Kultur Dokumente
Introduction
For some years now, the principal 'Next Generation Network' offerings of Telecoms Service Providers, for mid to large sized Enterprises, have been based on IP Virtual Private Network (IP VPN) technologies. The term 'Next Generation Network' is one of those wonderfully flexible marketing phrases which has been used (and possibly abused!) for many years. In reality, the term has never referred to a single, well defined architecture. Essentially the phrase originated in relation to Wide Area Network architectures, as packet-based networks emerged after the long-time dominance of TDM based PDH/SDH network infrastructures. Generally, of late, it has become synonymous with the deployment of IP Routed networks, underpinned by Multi-protocol Label Switching (MPLS). Out of this core technology has emerged an array of commercial IP VPN services, which are attractive primarily through support of both 'Quality of Service' features and flexibility of Access technology. More recently Ethernet, the ubiquitous technology of the Corporate Local Area Network (LAN), has evolved to the extent of becoming a viable choice for Wide Area Network (WAN) deployment. For some time, Ethernet has been one of the Access options for IP VPN networks, but increasingly Ethernet 'Layer2' WAN Services are now being adopted, as a either a competitive or complementary approach to IP VPNs. This paper provides a brief overview of both IP VPN and Ethernet WAN services, looking at the pros and cons of both, from the perspective of both Service Provider and customer, and then considers some of the challenges facing the Service Provider community, both in meeting increasing customer demands for 'Wires Only' Ethernet Access to IP VPNs and in making the transition to the provision of Layer-2 Ethernet WAN services. Not least of these challenges is the ability of the Service Provider to offer strong customer service value to their clients in relation to provisioning and troubleshooting, when local connectivity is almost invariably provided via wholesale 'tail' circuits offering little or no management visibility to the Service Provider at the point of hand off from WAN to LAN at the customer's premises.
C
Fig. 1: Each Router in a traditional IP Router network must make 'next hop' forwarding decisions for each packet in turn
Home Workers
SDSL ADSL
ADSL
Internet
Ethernet 1Gbps
CE PE PE
Customer Site
Fig. 3: A full mesh of pseudowires is used to connect all provider edge (PE) devices supporting a given VPLS VPN
IP VPN Characteristics
IP VPN WAN services have been available for several years and are offered by both 1st tier National/International Carriers and 2nd tier Service Providers worldwide. A large number of enterprises have adopted IP VPN services, allowing them to interconnect hundreds or thousands of disparate regional, national, and global locations very effectively. As always, there are both benefits and disadvantages associated with any service. However, the most important characteristics of IP VPN services are: Flexibility of Access IP VPN architectures support a wide range of Access technologies and media. These can include traditional SDH/PDH Leased Lines, DSL services, Frame relay, ATM and Ethernet. This is a great strength of IP VPN services in that connections from individual users or small office locations, right up to regional or HQ locations, may be made to the corporate VPN service, through a variety of available Access networks, at an appropriate bandwidth.
Scalability IP VPNs are essentially IP routed networks. As such, they offer a highly scalable platform for supporting very large enterprise networks with hundreds or even thousands of enterprise locations. Routed connections between Service Providers, and the large number of Service Providers offering IP VPN services, can enable connections for an enterprise customer to extend geographically on a regional, national or global basis, with the possibility for rapid expansion.
Routing control Outsourced By deploying IP VPNs, enterprise IT managers effectively adopt a single architecture for WAN connectivity, eliminating the challenges of operational and resource planning and of maintaining the traditional plethora of separate networks. The status of the Service Provider becomes that of a 'trusted partner', responsible for managing all aspects of WAN connectivity. Critically, the enterprise effectively outsources control over network Routing, which some IT managers may feel compromises their ability to manage security throughout the enterprise, i.e. within both LAN and WAN environments. The Service Provider also typically takes responsibility for traffic policies within the WAN, such as the prioritisation of critical applications and the effective handling of
As noted previously, Ethernet WAN services can be either point-to-point or multipoint in nature. Ethernet WAN services offer a number of potential benefits to both customer and Service Provider, including scalability, reliability, reduced complexity, management and flexibility. Ethernet WAN services have the following key characteristics: Routing control is retained by the customer Unlike the case of IP VPNs, Routing control in the WAN is maintained by the enterprise customer. Certain enterprises prefer not to share their routing topology and schema and do not wish to outsource this potentially sensitive aspect of their operational control. With an Ethernet WAN service,
Relatively high, Routing tables to be Point-to-point service only updated, close collaboration required Complex, Service Provider must reprovision through Routed network Rapid
Cost 'per unit bandwidth' Generally higher than for pure Layer- Generally lower than IP VPN due to to the customer 2 services, due to higher complexity lower complexity
Table 1. Comparisons between Ethernet and IP VPN WAN Services In real-word deployments, there is rarely a 'one size fits all' solution, and not surprisingly there are a growing number of 'hybrid' networks offered by Service Providers, promoting a combination of Ethernet WAN services and IP VPNs. One such example is that Ethernet WANs can be an excellent choice for high bandwidth connections between Corporate HQs and Data centres, with IP VPN 'domains' being
Customer Site B
Ethernet connection
Customer demarcation
Customer demarcation
Ethernet connection
In this classic Service Provider topology, the provider has full manageability not only of the core MPLS network, but also right up to the point of the Customer's LAN connections, i.e. via Managed 'Customer Premise Equipment' (CPE) Routers. As we've said earlier, not every customer will wish to pay the premium for an edge Router device to be installed, configured and managed by the Service Provider within their own premises. Moreover, many Service Providers look to third party Integrators and Resale partners to promote their core services, but such partners often wish to bring their own 'added value' to their customers, including providing management of their WAN environment, for which they may wish to install their own managed Routers at customer premises, in place of those of the Service Provider shown in Fig. 4. Either way, the Service Provider is faced with offering a so called 'wires only' service, for which they have no physical equipment at the actual point of connection to the ultimate customer's LAN. So, what's the problem with this? Well, the picture of Fig. 4 is somewhat simplified. In reality, most often the Service Provider is not actually the same company which provides the physical copper or fibre over which the core WAN connects into the customer site. Even those large National Carriers such as BT,
NOC INTERNET
Value-Added Services
Service Provider Core Network Service Provider must still take an active role in IP addressing schema Infrastructure Carrier Ethernet Circuit (Typ. via wholesale) Customer Site A IP/ MPLS
Problem! Lack of Management Visibility here for the SP Customer demarcation (Ethernet connection)
Customer's Routers
Fig. 5: 'Wires only' IP VPN showing 3rd party 'Tail' circuits to customer premises
In this case, we see that the customer site Router equipment is now owned by the customer themselves (or alternatively by an Integration partner of the Service Provider, but either way not by the MPLS WAN network provider). Moreover, the connection from the core MPLS network to the customer site is now shown provided by 3rd party 'tail circuits', typically supplied via wholesale arrangements. In fact, these tails may not simply comprise a straightforward 'last mile' connection, but may be quite complex, involving potentially more than one infrastructure provider, and extending from wherever the customer requires connection back to the location of the Service Provider's nearest point of MPLS network presence. In this increasingly common scenario, we see that the Service Provider not only has no visibility at the point of connection to the customer's LAN, but that in the worst case there may potentially be a long and complex multi-hop, multi-organisation link from the customer's site back to the nearest point of management access for the Service Provider. It's quite easy to understand how this can lead to a great deal of planning complexity for the Service Provider at the time of initial commissioning, and a real challenge for any subsequent troubleshooting. It is very often the case that the Service Provider has no rd visibility inside the 3 party infrastructure and must either be reliant on a strong SLA for each such link, or be prepared, at considerable cost, potentially to dispatch skilled staff with relatively complex test equipment in order to be able to check different elements of the network well outside of the MPLS core. So, if this can be the case for Service Providers using Ethernet as an access vehicle for IP VPN networks over MPLS, what happens in the case of 'pure' Layer-2 Ethernet WAN deployments? Essentially, the picture is little different, except that in this case the Service Provider will definitely not be installing an Edge Router as a customer CPE, since Layer-3 Routing architecture is always the responsibility of the customer in the case of Ethernet WANs. Just as in Fig. 5, the Service Provider lacks visibility at the point of customer connection, which may typically be either to a Router or in fact directly to an Ethernet LAN switch.
Management Access
Ethernet Service Provider Core Network (MPLS with L-2 VPN or VPLS)
Management Access
Customer Site A
Customer Site B
Basic Ethernet Demarcation Devices provide EndPoint Manageability, typically via dedicated Management 'Carrier VLAN' (Q-in-Q S-Tag), or via protected 'Customer VLAN' (Reserved C-Tag)
The role of Ethernet Demarcation Devices is, at minimum, to provide management visibility and information regarding the customer connection point. At the least, they should be able to indicate connection status and traffic levels looking both towards the core network and towards the customer's first connected device. For Ethernet WAN networks, such as that of Fig. 6, it is possible that seamless end-to-end Ethernet connectivity exists between customer end-point sites (shown as 'Site A' and 'Site B' above), which enables the possibility for more advanced diagnostic and monitoring services to be available from the EDD units in relation to the full end-to-end link. In the case of Ethernet used as an Access technology for an IP VPN network, it's likely instead that management visibility from the Service Provider's 'Network Operations Centre' (NOC) might be limited to individual 'core to customer-site' links. Nevertheless, in either case, such visibility and diagnostic tools offer considerable benefits in terms of network commissioning and troubleshooting, more than offsetting the comparatively low cost of EDDs. As shown in Fig. 6, in a Switched Ethernet WAN normally specific 'VLAN Tagging' is used to differentiate User traffic from the Service Provider's Management traffic, and the EDD should be sufficiently flexible to offer a number of different Tagging modes by which to identify and isolate both Management traffic and indeed potentially different classes of User traffic. Let us finally consider a more comprehensive picture of a typical Point-to-Point example of an Ethernet WAN service, as shown in Fig. 7. In this case, we have highlighted the fact that it may very well be the case (as for BT OpenReach 'EAD' Services in the UK, for example) that the tail circuit provider is able to offer the main Service Provider information about the status of such individual links, including both connection status and even potentially validation to specific Service Level Agreements (SLAs) relating to
NOC
Value-Added Services
Management Access
Management Access
Customer Site A
Customer Site B
Carrier 1 SLA
Carrier 2 SLA
Infrastructure Carriers may offer a clear SLA for their short or long-haul circuits, but this does not provide full end-to-end SLA assurance. Advanced EDD equipment offers this functionality
By deploying their own advanced EDDs at each end of the link above, the Service Provider can, irrespective of the number and variety of 3rd party tail circuits, potentially verify both the connection status and Service characteristics of the complete end-to-end link.
Fig. 8: MetroCONNECT FCM9004 Ethernet Demarcation Device (AC and -48V DC PSU variants)
In addition to the features of the FCM9002, the FCM9004 offers: Service Multiplexing with advanced C-Tag, Q-in-Q S-Tag and Multi-Tag VLAN handling Per-flow Traffic Policing and Colour Marking for multiple services up to 1Gbps ITU-T Y.1731 for in-service performance monitoring and alerting Dedicated hardware Service Assurance Module, 'MetroSAM', providing 'Performance Assurance' capabilities for Core-Edge and End-End network applications, including: Embedded wirespeed test traffic generator with packet time-stamping Layer 2/3 SA/DA Loopback for assurance measurement over extended networks Throughput, Frame Loss Ratio, Frame Latency and Jitter analysis Off-line configuration toolset to enable remote profiling of customer connection requirements prior to installation Zero Touch Commissioning (ZTC) toolset, enabling simple installation with automatic detection and download of pre-prepared configuration
Full information regarding the MetroCONNECT family of Ethernet Demarcation Devices, may be found here: http://www.metrodata.co.uk/solutions/ethernet-extension/carrier-ethernet-demarcation-devices.htm
Metrodata Ltd. Fortune House, Eversley Way EGHAM, Surrey TW20 8RY U.K.