Beruflich Dokumente
Kultur Dokumente
www.huawei.com
With the MPLS VPN, NGN, IPTV, and 3G services growing mature and being put into commercial use in large scale, the metropolitan area network (MAN) is developing from the single broadband Internet access service to the integrated IP MAN that can provide access for and bear multiple services such as data services, packet voice service, video service, and streaming service. This course discusses how to build the integrated IP MAN.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 1
This course helps you to: [ Master the IP MAN network planning. [ Master the IP MAN service planning. [ Master the IP MAN optimization plan. [ Learn typical MAN networking instances.
Page 2
Chapter 1 Overview of MAN Planning Chapter 2 MAN Service Planning Chapter 3 MAN Optimization Plan Chapter 4 MAN Typical Case Analysis
Page 3
Page 4
What Is MAN
Concept of MAN
l The network architectures available for large Internet providers
3-level architecture (backbone network to provincial network to MAN) is evolving to the 2-level architecture (backbone network to MAN).
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 5
Page 6
[ ADSL or LAN access, ATM or Ethernet convergence, BRAS terminated PPPoE session
l Internet leased line access service
[ ADSL leased line: ADSL access, BRAS terminated 1483bridge/routing or VLAN [ LAN leased line: LAN access, layer-2 and layer-3 switch termination
l VLAN interconnection layer-2 VPN (for most switched MANs)
[ MPLS layer-3 VPN (for a few routing MANs) [ VPN in other modes such as VR VPN, L2TP VPDN, IPSec, and GRE [ VPN leased line service
Page 7
Page 8
Switched MAN
Features of Switched MAN
l The switched MAN has the following features:
[ There are no egress routers, and the MAN serves as the local extension network of the IP backbone network [ Layer-2 and layer-3 switches serve as the core of the layer2 network and layer-3 network [ Layer-2 and layer-3 switches are also responsible for layer2 convergence, layer-3 access, and layer-3 convergence. [ The BRAS is mounted with layer-2 and layer-3 switches for access of the PPPoE.
Page 9
Internet leased line service VLAN layer-2 VPN service Note: When an arrow points at a device, the device is terminated or forwarded in layer-3. When a straight line passes a device, the device is penetrated in layer-2.
Page 10
ATM
Layer-2/Layer-3 switch DSLAM Cell switc h LAN leasedLAN PPPoE ADSL line uses PPPoE user user
BRAS It has complicated functions and can serve as: LAN leased line access router Ethernet layer-2 convergence switch Layer-3 convergence router: It cannot isolate or bind users. New service deployment is affected due to restriction on uplink bandwidth of the DSLAM. The Ethernet switching network is too big and is restricted by the upper limit of VLAN. The layer-2 protection is unavailable. The QoS function of the equipment is weak. Softswitch AG
PPPoE
LAN !
MPLS CE
Page 11
Routing MAN
Features of Routing MAN
l The routing MAN has the following features: A router is used
for egress and the core layer for networking. [ Layer-2 and layer-3 switches are also responsible for layer2 convergence, layer-3 access, and layer-3 convergence. [ The BRAS is mounted with layer-2 and layer-3 switches for access of the PPPoE. [ The MPLS PE is set especially, and it is mounted with layer-2 and layer-3 switches.
Page 12
Layer2/Layer-3 switch
ATM
DSLAM
LAN leased line uses ADSL LAN PPPoE useer PPPoE user
Page 13
Page 14
The service grows rapidly. [ In 2005, the number of broadband subscribers grows by 10 million. The total number of subscribers reaches around 25 million. [ It is estimated that the number of broadband subscribers will grow to 62.88 million by 2008.
Broadband is more and more popular in services. [ Video application requires that the bandwidth of common application reaches 2 M and that of some advanced application reached around 8 M by 2008.
Integration of services! [ The MAN bears voice services, video services, data services, and enterprise interconnection service simultaneously.
Differentiation of services [ According to requirements of customers and application, provide services in different QoS levels
Service Control [ Centralized control and management such as awareness, authentication, charging, security, and QoS for services
Page 15
50ms 1000ms U U
Note: The above specifications are sited from ITU-T Y.1541, G.114, YD/T 1071 of the communication standards of People!s Republic of China, and documents from some manufacturers. All specifications are network end-to-end (UNI-UNI) unidirectional specifications. "U# indicates that the upper limit is not specified. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 16
Network layers are clear. [ Layer-2 and layer-3 networks are separated to build the layer-3 routing network (IP MAN) with clear physical and logical levels and layer-2 broadband access network.
The network architecture is flat. [ The capacity is large, the number of nodes is small, and the coverage is large so as to reduce the number of physical and logical cascading levels.
The network quality is differentiated. [ The Diffserv mechanism is deployed for the network so as to provide different levels of QoS for different users and services.
Management control is centralized. [ Use the broadband access server (BRAS) and service router (SR) to build the border-to-service control layer of clear IP MAN to provide and control services on a centralized basis. In addition, normalize the network management interface requirements of devices, strengthen building of the integrated network management system, improve manageability of network, and achieve the carrier-class management.
The requirements for devices are normalized. [ The requirements are normalized to make new devices support network functions and performance features required for service deployment of MAN.
Page 17
Page 18
[ 99.9% l Unidirectional average delay upper limit (packet length: 1500 bytes) [ IP MAN: 10 ms (between service access control point and egress of MAN) [ Broadband access network: 10 ms (between service access control point and user CPE) l Upper limit of unidirectional packet loss rate: [ IP MAN: 5/10000 [ Broadband access network: 5/10000 l Upper limit of unidirectional average jitter: [ IP MAN and broadband access network: 5 ms
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 19
Page 20
[ IP MAN $ Service access control points (BRAS and service router) and layer-3 routing network consisting of routers above the points $ The IP MAN consists of the core layer, convergence layer, and service access control layer. [ Broadband access network $ Layer-2 access network under service access control points $ The network layer consists of layer-2 convergence network and lastmile access network. The service plane falls into the public access network plane and key account access network plane in logic.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 21
MAN Classification
MAN Classification Based On Scale
Phone capacity (classification standard) Over four million 0.4 million to 0.9 million 50 200 million
Total number of broadband users (reference) Over 90 million 40 90 million 10 40 million 4-10 million
Below 50 million
Page 22
ChinaNet
CN2
Transit router
BRAS
MAN SR
CN2 SR
MSTP/R PR
SDH/MSTP/RPR/Ethernet
Public access network plane HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
ChinaNet
CN2
SR-CN2 SR is needed for deployment of MPLS and for the MAN that requires cross-domain connection.
BRAS
SR
BRAS
SR
CN2 SR
Page 24
Tandem exchange ATME switching network Ethernet switching network Access switch
Access switch
Access equipment
Access equipment
Public access plane layer-2 convergence layer DSLAM DSLAM Park switch
LAN access network Last-mile access network on the public access plane LAN user All rights reserved Key account Page 25
ADSL user
Extra large MAN [ It is recommended to configure four routers in the core layer (also serve as the egress routers and convergence routers of the node), 8 to 12 routers in the transit layer, 40 to 60 BRASs (30000 users/BRAS), and 8 to 15 SRs (distributed in a centralized manner).
Large MAN [ It is recommended to configure 2 routers in the core layer (also serve as the egress router and convergence router of the node), four to eight routers in the transit layer, 30 to 40 BRASs (25000 users/BRAS), and five to eight SRs (distributed in a centralized manner).
Medium MAN [ It is recommended to configure four routers in the core and convergence layer (two of which serve as the egress router and convergence router of the node), 8 to 20 BRASs (20000 users/BRAS); and two SRs (distributed in a centralized manner).
Small MAN [ It is recommended to configure two routers in the core and convergence layers (also serve as the egress router and convergence router) and 5 to 10 BRASs (10000 users/BRAS). The SR is not set. It is shared with that of CN2.
Page 26
Chapter 1 Overview of MAN Planning Chapter 2 MAN Service Planning Chapter 3 MAN Optimization Plan Chapter 4 MAN Typical Case Analysis
Page 27
Page 28
cover the service access layer and all devices above the layer.
l It is recommended to use the OSPF and IS-IS based on link status as
dynamic routing protocols.It is recommended to use static routes between the MAN and leased line users to reduce the impact of user route fluctuation on the MAN.
l It is recommended to converge routes on the BRAS or leased line
access routers to reduce the number of routes in the MAN and the impact of routing fluctuation on the whole network, thus improving network stability.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 29
[ In principle, the egress router of the MAN exchanges routing information with ChinaNet and CN2 through the EBGP. Some routers in the convergence layer in large MANs can run the IBGP, which is used to bear and control user route in the MAN. [ The MAN only receives routing information from the CN2 and a default route from ChinaNet. [ Some large MANs can receive all Internet routes from ChinaNet. [ The MAN notifies ChinaNet and CN2 of convergence routes in the MAN. [ The egress router of MAN is used for strategic route forwarding modes based on destination address and service levels.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 30
[ Allocate different IP addresses for users in different types and divide based on source addresses. [ Assign different QoS levels for user different application types and divide based on the QoS.
l The service access control point of the MAN marks service levels. l The egress router of the MAN can complete strategic routes based on destination
address, source address,and service levels to divide the applications of CN2 and ChinaNet. It is recommended to use the forwarding mode based on destination address and strategic forwarding based on service leve
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 31
CN2
Static routes are configured on the BRAS. Cities or regions can decide whether the BRAS joins the IGP.
Transit router
Attach the specified service level labels on the packets to be transmitted by CN2.
BRAS
SR
SR
Page 32
Page 33
Core router
Diffserv PHB: queuing and congestion control (WRED)
IP MAN BRAS Broadband access network ATM access network Ethernet access network SR BRAS
BRAS
SR
Traffic shaping
SDH/MSTP/RPR
Page 34
Page 35
Although the standard is at the draft stage, some actual standards come into being due to support of multiple manufacturers. [ Martini: draft-martini-l2circuit-trans-mpls-xx [ Kompella: draft-kompella-ppvpn-l2vpn-xx [ The standards are not uniform for the VPLS. [ Circuit cross connect (CCC): Set up between two PE%CE connections a transparent connection, which uses a tunnel exclusively and one layer label. [ SVC: A static implementation of Martini.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 36
MPLS L3VPN
MPLS L3VPN Planning
l P router
[ The core router or convergence router of the MAN serves as the P router.
l PE router
[ The BRAS and SR, implementing the VPN service for public users and key accounts respectively, serve as the PE router. For the BRAS that does not support the MPLS, use the SR of the MAN to implement the VPN service for public users.
l MBGP
IGP
[ The MBGP is used to transmit VPN routing information between PEs. The IGP routing protocol ensures the reachability between PEs.
Page 37
[ Static route [ EBGP [ RIP [ OSPF [ IS-IS [ When the number of routes is small, it is recommended to use a static routing protocol. When the number of routes is large, it is recommended to use the EBGP.
l Cross-domain MPLS VPN
[ Option A!VRF to VRF [ Option B: MP - EBGP single jump [ Option C: MP - EBGP multiple jump
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 38
BRAS
Service function module Access function module
MPLS PE Internet gateway Internet gateway
MAN SR
MPL S PE
Internet gateway Internet gateway
CN2 SR
Internet gatewa y
MPLS PE
Dial-up access
MSTP/R PR
SDH/MSTP/RPR/Ethernet
Page 39
[ Public service system: public + public access network plane + BRAS or MAN SR [ Key account service system: key account + key account access network plane + MAN SR or CN2 SR l Service type [ Combination of the network function of service access control points and access function module. The following service types are provided: $ BRAS & Internet dial-up access service and Internet leased line access service & MPLS VPN dial-up access service and MPLS VPN leased line access service & Multicast service $ SR & Internet leased line access service & MPLS VPN leased line access service & Multicast type services
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 40
Access modes The public service system uses the public access network plane to implement access of users. $ ADSL access network + Ethernet switching network access $ ADSL access network + ATM switching network access $ LAN access network + Ethernet switching network access $ The key account service system uses the key account access network plane to implement access of users. $ SDH/MSTP/RPR access
Service levels [ Users of a service have several service levels, for example, common service (for common users) and advanced service (for VIP users). Service levels are implemented through the access network Diffserv and IP MAN Diffserv.
Page 41
PPPoE dial-up and Internet gateway leased line access, downlink speed limit, layer-3 QoS label
Core router
BRAS
SR
BRAS SR
QinQ encapsulation
Tandem exchange
SDH/MSTP /RPR
Allocate separate VLAN ID or PVC for different users and different services at user ports.
DSLAM
Cascading DSLAM
Corridor switch
Medium and small Personal VIP enterprise leased line user user
Key account
Page 42
The MAN provides two technologies to interconnect enterprises: [ Layer-2/Layer-3 VPN service based on MPLS borne by IP MAN. Provide layer-2 and layer-3 VPN interconnection for common enterprises. [ Lower-layer connection service borne by MSTP transmission network. Provide physical leased line connection or pure layer-2 connection with high security and QoS guarantee for government institutions, public security, finance, and security industries.
As the layer-2 access mode between users and PE or MSTP equipment, the Ethernet switching network VLAN extends the above two interconnection services. Physical connection between SR and CN2-SR. Option 2 is used for it to implement MPLS VPN. Users can originate PE terminated IPSec or Tunnel in other forms so as to access MPLS layer-3 VPN remotely. All rights reserved Page 43
PPPoE dial-up and PPPoE leased line access MPLS PE, downlink speed limit, forwarding sensitive
Core router
Physical link between PE ASBR. Option 2 is used to implement crossdomain MPLS VPN.
BRAS SR CN2 SR
BRAS
SR
Tandem exchange ATM switching network Ethernet SDH/MSTP/RPR switching network/MSTP/R PR Access switch DSLAM Park switch Cascading DSLAM Corridor switch
CN2 MPLS PE
Medium and small Personal VIP enterprise leased line user user
Key account
Page 44
VLAN interconnection mode: VPN users that accessed the public plane are connected to the MSTP through convergence switch. Only interconnected VLAN numbers need be allocated.
Core router
BRAS
SR
BRAS SR
CN2 SR
Park switch Corridor switch MSTP interconnection mode. The TDM mode is used for transparent transmission between loops. Key account
Personal dial-up Medium and small Personal VIP Key account enterprise leased line user user user
Page 45
IP MAN
BRAS/SR
PIM multicast routing protocol border, IGMP termination, configuration of static multicast groups, multicast service AAA management, PPP replication or port replication
Tandem exchange Ethernet switching network/MSTP/RPR Access switch
SVLAN. The access switch bundles an external VLAN for several DSLAM/park switches. IGMP snooping
Allocate the internal VLAN for IPTV users and play the role of IGMP snooping.
Bundle the internal VLAN for dedicated PVC of IPTV users and play the role of IGMP snooping.
Page 46
IP MAN
BRAS
BAC
SR/CN2 SR
The SIP and IAD can access softswitch terminals through the BAC by revisiting AG and TG.
The SS, AG, and TG start the VPN service through SR/CN2 SR. Tandem exchange Ethernet switchingAccess switch
network/MSTP/RPR
If the IDA of key accounts are connected through key account leased lines, the IAD must be able to mark voice with different QoS labels and allocate different VLANs for online users.
RPR/MSTP/SD H
DSLAM
AG
Key account IAD
TG
Common network users can serve as VIP users and enjoy higher priority. Soft terminal user
The SS, AG, TG and key account IAD, serving as leased lines of key accounts, access through the MSTP. Allocate a dedicated VLAN for the SoftSwitch and give 802.1P higher priority.
Page 47
Page 48
accomplish user management, including: [ An account can be used by one user only according to multiple restrictions. [ Bind attributes such as username, address, VLAN, and PVC. [ Prevent users from applying for IP addresses maliciously. [ Prevent users from maliciously originating dialing attack through the PPP scanning mode by restricting the number of dialing times and dial speed by users. [ Prevent users from acting as illegal agents by restricting the connection times of TCP with sessions. [ Prevent dummy address attack through functions of the equipment.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 49
refers to services except Internet connection, for example, 3G, NGN, and video conferencing.
l The MAN can sign the service level agreement (SLA) with users.
Page 50
(NMS) of the IP MAN and broadband access network is built to manage networks above service access points of MANs on a centralized basis. "
l Manage the VPN of all MANs on a centralized basis. l All cities and regions have level-2 NMS or separate terminals to
maintain and manage devices of MAN in the cities and regions, and separate NMS of MAN is not developed or built for the cities and regions.
Page 51
and prevent virus from spreading. [ The MAN can filter and restrict traffic. It can restrict the uplink or downlink speeds based on the type of packets at the BRAS, DSLAM or park switches for incoming and outgoing traffic. It supports access control strategies based on standard quintuple or MAC address. [ The MAN can monitor exceptional traffic or exceptional packets.
Page 52
Page 53
can start the dual stack function partially and then enable the function in the whole MAN.
l If the equipment of MAN cannot support IPv6 well, add IPv6 layer-3
equipment to implement the IPv6 function of MAN based on service demands and implement interconnection through the MPLS or tunnel.
l Use the dual stack mode for access of users. You can use the tunnel
mode at the initial stage and then transit to the dual stack mode gradually.
l The newly added devices of IP MAN or access network implement the
Chapter 1 Overview of MAN Planning Chapter 2 MAN Service Planning Chapter 3 MAN Optimization Plan Chapter 4 MAN Typical Case Analysis
Page 55
be added, mount the BRAS directly. [ The path between DSLAM and BRAS is complicated. Any adjustment has much impact on users. [ There are not enough routers or ports to build the core layer or transit layer. [ There are no dedicated leased line access routers.
l To solve the above problems, much investment and
complicated project must be implemented. To achieve the final objective, the IP MAN must be built gradually.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 56
mounted aside mostly. The transit layer consists of large number of layer-3 switches, and it also serves as the access device of commercial users.
Backbone network border router R
Routing MAN
R
S
AS65001
Layer-2/Layer-3 switch
Layer-2/Layer-3 switch
DSLAM
Page 57
China Net
Layer-2/Layer-3 switch
Layer-2/Layer-3 switch
DSLAM
Layer-2 network
Layer-3 direction
Page 58
At present, the switched MAN is often a small and medium MAN. The core egress of the MAN is the layer-3 switch, which also serves as the transit layer. The BRAS accesses by mounting aside. The transit layer consists of large number of layer-3 switches. The transit layer or access layer switch also serves as the access device of commercial users.
R
Switched MAN
S
BRAS
Layer-2/Layer-3 switch
DSLAM
DSLAM
Page 59
China Net
Layer-2/Layer-3 switch
DSLAM
Layer-2 network
Layer-3 direction
Page 60
Chapter 1 Overview of MAN Planning Chapter 2 MAN Service Planning Chapter 3 MAN Optimization Plan Chapter 4 MAN Typical Case Analysis
Page 61
used to implement the MPLS VPN, egress planning, and line speed network access translation (NAT).
l The MA5200G has strong
GE NE80
service management capability. It manages key accounts and the access of WLAN/LAN in detail.
l Support smooth upgrade of
NE80
NE80
Transit layer
new services and IPv6 migration capability. The network is quite extensible and reliable.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
MA5200
Page 62
NE5000E
NE5000E
NE5000E NE5000E NE5000E HUAWEI TECHNOLOGIES CO., LTD. NE5000E NE5000E Page 63 NE5000E
NE5000E
Thank You
www.huawei.com