Odd010009 Ip Man Planning Issue1 - 1

Internal
ODD010009 IP MAN Planning

ISSUE 1.1
www.huawei.com
HUAWEI TECHNOLOGIES CO., LTD.
All rights reserved
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
With the MPLS VPN, NGN, IPTV, and 3G services growing mature and being put into commercial use in large scale, the metropolitan area network (MAN) is developing from the single broadband Internet access service to the integrated IP MAN that can provide access for and bear multiple services such as data services, packet voice service, video service, and streaming service. This course discusses how to build the integrated IP MAN.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 1
This course helps you to: [ Master the IP MAN network planning. [ Master the IP MAN service planning. [ Master the IP MAN optimization plan. [ Learn typical MAN networking instances.
All rights reserved
Page 2
Chapter 1 Overview of MAN Planning Chapter 2 MAN Service Planning Chapter 3 MAN Optimization Plan Chapter 4 MAN Typical Case Analysis
All rights reserved
Page 3
Chapter 1 Overview of MAN Planning

1.1 What Is MAN 1.2 Present Situation of MAN 1.3 General Clue and Optimization Objectives of MAN 1.4 MAN Target Network Architecture
All rights reserved
Page 4
What Is MAN
Concept of MAN
l The network architectures available for large Internet providers
are as follows: [ National backbone network [ Provincial backbone network [ MAN

l The MAN refers to the part that is under the provincial
backbone network and above the user access side.

l With the concept of larger MAN being put forward, the current
3-level architecture (backbone network to provincial network to MAN) is evolving to the 2-level architecture (backbone network to MAN).

All rights reserved
Page 6
Service Situation of the MAN

Service Situation of the MAN
l Internet broadband dialing access service
[ ADSL or LAN access, ATM or Ethernet convergence, BRAS terminated PPPoE session
l Internet leased line access service
[ ADSL leased line: ADSL access, BRAS terminated 1483bridge/routing or VLAN [ LAN leased line: LAN access, layer-2 and layer-3 switch termination
l VLAN interconnection layer-2 VPN (for most switched MANs)
[ MPLS layer-3 VPN (for a few routing MANs) [ VPN in other modes such as VR VPN, L2TP VPDN, IPSec, and GRE [ VPN leased line service
All rights reserved
Page 7
Networking Types of MAN

Networking Types of MAN
l The IP MAN falls into the following types based on networking
devices: [ Layer-3 switch-centered switched MAN [ High-speed router-centered routing MAN
All rights reserved
Page 8
Switched MAN
Features of Switched MAN
l The switched MAN has the following features:
[ There are no egress routers, and the MAN serves as the local extension network of the IP backbone network [ Layer-2 and layer-3 switches serve as the core of the layer2 network and layer-3 network [ Layer-2 and layer-3 switches are also responsible for layer2 convergence, layer-3 access, and layer-3 convergence. [ The BRAS is mounted with layer-2 and layer-3 switches for access of the PPPoE.
All rights reserved
Page 9
Service Implementation of Switched MAN

ChinaNet router
IP MAN Internet broadband dial-up service

Layer-2/Layer-3 switch BRAS
Internet leased line service VLAN layer-2 VPN service Note: When an arrow points at a device, the device is terminated or forwarded in layer-3. When a straight line passes a device, the device is penetrated in layer-2.
Page 10
Broadband access network
ATM
Layer-2/Layer-3 switch DSLAM Cell switc h LAN leasedLAN PPPoE ADSL line uses PPPoE user user
Intra-city interconnection user
Intra-city interconnection user
All rights reserved
Problems of Switched MAN

It does not support MPLS. It does not support multicast. The layer-3 forwarding capability is inadequate. The uplink bandwidth is not enough. The functions of QoS and traffic control are weak. It is not secure enough and is easy to be attacked. MPLS PE Layer-2/Layer-3 switch The PE has a weak performance and is less likely to be extended, and it does not support the VPN. ATM The port density is low, and the performance is weak. Cards or boards can be mounted only, and the multicast function cannot be enabled.
Core layer of IP MAN

Router
Convergence layer of IP MAN
BRAS It has complicated functions and can serve as: LAN leased line access router Ethernet layer-2 convergence switch Layer-3 convergence router: It cannot isolate or bind users. New service deployment is affected due to restriction on uplink bandwidth of the DSLAM. The Ethernet switching network is too big and is restricted by the upper limit of VLAN. The layer-2 protection is unavailable. The QoS function of the equipment is weak. Softswitch AG
PPPoE
LAN !
MPLS CE
All rights reserved
Page 11
Routing MAN
Features of Routing MAN
l The routing MAN has the following features: A router is used
for egress and the core layer for networking. [ Layer-2 and layer-3 switches are also responsible for layer2 convergence, layer-3 access, and layer-3 convergence. [ The BRAS is mounted with layer-2 and layer-3 switches for access of the PPPoE. [ The MPLS PE is set especially, and it is mounted with layer-2 and layer-3 switches.
All rights reserved
Page 12
Service Implementation of Routing MAN

IP MAN
ChinaNet router
Internet broadband dial-up service

Core router of MAN
Layer2/Layer-3 switch
Internet leased line service

BRAS

Layer-2 switch
ATM
MPLS layer-3 VPN service

Note: When an arrow points at a device, the device is terminated or forwarded in layer-3. When a straight line passes a device, the device is penetrated in layer-2.
LAN PPPoE user Cell switch MPLS CE
DSLAM
LAN leased line uses ADSL LAN PPPoE useer PPPoE user
All rights reserved
Page 13

All rights reserved
Page 14
Service Development Trends of MAN

Service Development Trends
l
The service grows rapidly. [ In 2005, the number of broadband subscribers grows by 10 million. The total number of subscribers reaches around 25 million. [ It is estimated that the number of broadband subscribers will grow to 62.88 million by 2008.
Broadband is more and more popular in services. [ Video application requires that the bandwidth of common application reaches 2 M and that of some advanced application reached around 8 M by 2008.
Integration of services! [ The MAN bears voice services, video services, data services, and enterprise interconnection service simultaneously.
Differentiation of services [ According to requirements of customers and application, provide services in different QoS levels
Service Control [ Centralized control and management such as awareness, authentication, charging, security, and QoS for services
All rights reserved
Page 15
Network Performance Features Required for Service Development of MAN

Network Performance Features Network availability: 99.9%
Application type
Instant voice Instant video (video telephony and video conferencing) Streaming video Instant interaction data Common data Typical services Softswitch voice Video telephony and video conferencing IPTV Games and signaling Upper limit of end-to-end unidirectional average delay 100ms Upper limit of end-to-end unidirectional average jitter 50ms Upper limit of end-to-end unidirectional packet loss rate 0.1%
Upper limit of end-to-end Unidirectional packet error rate

0.01%
100ms 1000ms 100ms U
50ms 1000ms U U
0.1% 0.1% 0.1% U
0.01% 0.01% 0.01% U
Note: The above specifications are sited from ITU-T Y.1541, G.114, YD/T 1071 of the communication standards of People!s Republic of China, and documents from some manufacturers. All specifications are network end-to-end (UNI-UNI) unidirectional specifications. "U# indicates that the upper limit is not specified. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 16
General Clue of MAN Building

General Clue
l
Network layers are clear. [ Layer-2 and layer-3 networks are separated to build the layer-3 routing network (IP MAN) with clear physical and logical levels and layer-2 broadband access network.
The network architecture is flat. [ The capacity is large, the number of nodes is small, and the coverage is large so as to reduce the number of physical and logical cascading levels.
The network quality is differentiated. [ The Diffserv mechanism is deployed for the network so as to provide different levels of QoS for different users and services.
Management control is centralized. [ Use the broadband access server (BRAS) and service router (SR) to build the border-to-service control layer of clear IP MAN to provide and control services on a centralized basis. In addition, normalize the network management interface requirements of devices, strengthen building of the integrated network management system, improve manageability of network, and achieve the carrier-class management.
The requirements for devices are normalized. [ The requirements are normalized to make new devices support network functions and performance features required for service deployment of MAN.
All rights reserved
Page 17
MAN Optimization Objectives: Network Function Features

Optimization of Network Function Features
l Isolate users in the layer-2 access network, identify users
uniquely, and trace sources of application.

l The broadband access network and the IP MAN have
differentiated service capability

l .Multicast capability of commercial scale Layer-2 and layer-3
VPN service capability in multiple access modes

l Implement the functions of secure trace, location, and isolation
in the network layer.
All rights reserved
Page 18
MAN Optimization Objectives: Network Quality Specifications

Optimization of Network Quality Specifications
l Network availability:
[ 99.9% l Unidirectional average delay upper limit (packet length: 1500 bytes) [ IP MAN: 10 ms (between service access control point and egress of MAN) [ Broadband access network: 10 ms (between service access control point and user CPE) l Upper limit of unidirectional packet loss rate: [ IP MAN: 5/10000 [ Broadband access network: 5/10000 l Upper limit of unidirectional average jitter: [ IP MAN and broadband access network: 5 ms

All rights reserved
Page 20
Overview of MAN Target Network

Overview of Target Network
l IP MAN target network architecture:
[ IP MAN $ Service access control points (BRAS and service router) and layer-3 routing network consisting of routers above the points $ The IP MAN consists of the core layer, convergence layer, and service access control layer. [ Broadband access network $ Layer-2 access network under service access control points $ The network layer consists of layer-2 convergence network and lastmile access network. The service plane falls into the public access network plane and key account access network plane in logic.
MAN Classification
MAN Classification Based On Scale
MAN types Extra large Large Medium Small
Phone capacity (classification standard) Over four million 0.4 million to 0.9 million 50 200 million
Total number of broadband users (reference) Over 90 million 40 90 million 10 40 million 4-10 million
Below 50 million
All rights reserved
Page 22
MAN Target Network Architecture Model

Target Network Architecture Model Diagram
Backbone network Core layer (egress) IP MAN Transit layer Access layer (service access control point)
ChinaNet
CN2
Core router/Egress router
Transit router
BRAS
MAN SR
CN2 SR
Layer-3 convergen ce network
ATM switching network ADSLaccess network
MSTP/R PR
Ethernet switching network
SDH/MSTP/RPR/Ethernet
Last-mile access network
LAN access network
Key account access network plane Page 23
Public access network plane HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
IP MAN Target Network Architecture Topology

Principle of IP MAN Design
ChinaNet
CN2
Core router/Transit router
SR-CN2 SR is needed for deployment of MPLS and for the MAN that requires cross-domain connection.
BRAS
SR
BRAS
SR
CN2 SR
Service access control point
All rights reserved
Page 24
Broadband Access Network Target Network Model

Broadband Access Network Target Network Model
BRAS
MAN SR CN2 SR
Tandem exchange ATME switching network Ethernet switching network Access switch
Access equipment SDH/MSTP/RPR network
Access switch
Access equipment
Access equipment
Public access plane layer-2 convergence layer DSLAM DSLAM Park switch
Layer-2 convergence network on the key account access plane
LAN access network Last-mile access network on the public access plane LAN user All rights reserved Key account Page 25
ADSL user
IP MAN Node Setting Examples

Recommended Node Setting Examples
l
Extra large MAN [ It is recommended to configure four routers in the core layer (also serve as the egress routers and convergence routers of the node), 8 to 12 routers in the transit layer, 40 to 60 BRASs (30000 users/BRAS), and 8 to 15 SRs (distributed in a centralized manner).
Large MAN [ It is recommended to configure 2 routers in the core layer (also serve as the egress router and convergence router of the node), four to eight routers in the transit layer, 30 to 40 BRASs (25000 users/BRAS), and five to eight SRs (distributed in a centralized manner).
Medium MAN [ It is recommended to configure four routers in the core and convergence layer (two of which serve as the egress router and convergence router of the node), 8 to 20 BRASs (20000 users/BRAS); and two SRs (distributed in a centralized manner).
Small MAN [ It is recommended to configure two routers in the core and convergence layers (also serve as the egress router and convergence router) and 5 to 10 BRASs (10000 users/BRAS). The SR is not set. It is shared with that of CN2.
All rights reserved
Page 26
All rights reserved
Page 27
Chapter 2 MAN Service Planning

2.1 Design of Route 2.2 Design of QoS 2.3 MAN Service Implementation 2.4 User Management/Network Management/Network Security Design 2.5 IPV6 Network Deployment Planning
All rights reserved
Page 28
Design of MAN Route: IGP Design Principles

IGP Design Principles
l The principles of designing MAN IGP routing protocols are as follows: l It is recommended to use a dynamic routing protocol for the MAN and
use a static routing protocol as supplement when necessary.

l A dynamic routing protocol is specified for each MAN, and IGP shall
cover the service access layer and all devices above the layer.
l It is recommended to use the OSPF and IS-IS based on link status as
dynamic routing protocols.It is recommended to use static routes between the MAN and leased line users to reduce the impact of user route fluctuation on the MAN.
l It is recommended to converge routes on the BRAS or leased line
access routers to reduce the number of routes in the MAN and the impact of routing fluctuation on the whole network, thus improving network stability.
Design of MAN Route: BGP Design Principles

BGP Design Principles
l The principles of designing MAN BGP routing protocols are as follows:
[ In principle, the egress router of the MAN exchanges routing information with ChinaNet and CN2 through the EBGP. Some routers in the convergence layer in large MANs can run the IBGP, which is used to bear and control user route in the MAN. [ The MAN only receives routing information from the CN2 and a default route from ChinaNet. [ Some large MANs can receive all Internet routes from ChinaNet. [ The MAN notifies ChinaNet and CN2 of convergence routes in the MAN. [ The egress router of MAN is used for strategic route forwarding modes based on destination address and service levels.
MAN Route Design: MAN Egress Division Principle

MAN Egress Division Principles
l MAN users can visit applications of CN2 and ChinaNet. l Service can be divided in the following two methods:
[ Allocate different IP addresses for users in different types and divide based on source addresses. [ Assign different QoS levels for user different application types and divide based on the QoS.
l The service access control point of the MAN marks service levels. l The egress router of the MAN can complete strategic routes based on destination
address, source address,and service levels to divide the applications of CN2 and ChinaNet. It is recommended to use the forwarding mode based on destination address and strategic forwarding based on service leve
MAN Route Design: Route Design Chart

Route Design Chart:
ChinaNet
EBGP Peering Core router CN2 key account/PE access router EBGP Peering
Forward routes according to destination addresses, source addresses, and service levels.
CN2
Static routes are configured on the BRAS. Cities or regions can decide whether the BRAS joins the IGP.
Transit router
Attach the specified service level labels on the packets to be transmitted by CN2.
BRAS
SR
BRAS IGP Domain
SR
BRAS MBGP switching VPN

route
Configure and summarize the static routes to leased line users and static VRF routes to VPN users.
Use the OSPF or ISIS
All rights reserved
Page 32

All rights reserved
Page 33
MAN QoS Design: QoS Model

QoS Model
ChinaNet CN2 CN2 SR
Core router
Diffserv PHB: queuing and congestion control (WRED)
Transit router Diffserv domain
Classification, marking, and speed limit
IP MAN BRAS Broadband access network ATM access network Ethernet access network SR BRAS
BRAS
SR
Traffic shaping
SDH/MSTP/RPR
In physical combination with layer2 QoS of 802.1P
All rights reserved
Page 34

All rights reserved
Page 35
Brief Introduction to MPLS VPN Technology

MPLS VPN Classification
l MPLS L3VPN is growing into a standard.
[ BGP/MPLS VPN: RFC2547bis

l Recently, MPLS L2VPN grows rapidly, and the technology is becoming mature.
Although the standard is at the draft stage, some actual standards come into being due to support of multiple manufacturers. [ Martini: draft-martini-l2circuit-trans-mpls-xx [ Kompella: draft-kompella-ppvpn-l2vpn-xx [ The standards are not uniform for the VPLS. [ Circuit cross connect (CCC): Set up between two PE%CE connections a transparent connection, which uses a tunnel exclusively and one layer label. [ SVC: A static implementation of Martini.
MPLS L3VPN
MPLS L3VPN Planning
l P router
[ The core router or convergence router of the MAN serves as the P router.
l PE router
[ The BRAS and SR, implementing the VPN service for public users and key accounts respectively, serve as the PE router. For the BRAS that does not support the MPLS, use the SR of the MAN to implement the VPN service for public users.
l MBGP
IGP
[ The MBGP is used to transmit VPN routing information between PEs. The IGP routing protocol ensures the reachability between PEs.
All rights reserved
Page 37
MPLS L3VPN (Continued)

MPLS L3VPN Planning
l Route between PE and CE
[ Static route [ EBGP [ RIP [ OSPF [ IS-IS [ When the number of routes is small, it is recommended to use a static routing protocol. When the number of routes is large, it is recommended to use the EBGP.
l Cross-domain MPLS VPN
[ Option A!VRF to VRF [ Option B: MP - EBGP single jump [ Option C: MP - EBGP multiple jump
Introduction of MAN Services

Public service system Key account service system
BRAS
Service function module Access function module
MPLS PE Internet gateway Internet gateway
MAN SR
MPL S PE
Internet gateway Internet gateway
CN2 SR
Internet gatewa y
MPLS PE
Leased line access
Dial-up access
Leased line access
Leased line access
Layer-2 transmissi Access on network network Last-mile access network
ATM switching network
MSTP/R PR
SDH/MSTP/RPR/Ethernet
ADSL access network
LAN access network Key account access plane
Public access network plane
All rights reserved
Page 39
MAN Service System and Service Types

Service System and Service Types
l Service system
[ Public service system: public + public access network plane + BRAS or MAN SR [ Key account service system: key account + key account access network plane + MAN SR or CN2 SR l Service type [ Combination of the network function of service access control points and access function module. The following service types are provided: $ BRAS & Internet dial-up access service and Internet leased line access service & MPLS VPN dial-up access service and MPLS VPN leased line access service & Multicast service $ SR & Internet leased line access service & MPLS VPN leased line access service & Multicast type services
MAN Service Access Modes and Service Levels

Service Access Modes and Service Levels
l l
Access modes The public service system uses the public access network plane to implement access of users. $ ADSL access network + Ethernet switching network access $ ADSL access network + ATM switching network access $ LAN access network + Ethernet switching network access $ The key account service system uses the key account access network plane to implement access of users. $ SDH/MSTP/RPR access
Service levels [ Users of a service have several service levels, for example, common service (for common users) and advanced service (for VIP users). Service levels are implemented through the access network Diffserv and IP MAN Diffserv.
All rights reserved
Page 41
Internet Access Service Implementation Chart

ChinaNet CN2 Internet gateway leased line access, downlink speed limit, layer-3 label
PPPoE dial-up and Internet gateway leased line access, downlink speed limit, layer-3 QoS label
Core router
BRAS
SR
BRAS SR
CN2 SR Link protection through dedicated VC loop, good QoS guarantee
QinQ encapsulation
Tandem exchange
Ethernet switching network/MSTP/RPR
SDH/MSTP /RPR
Allocate separate VLAN ID or PVC for different users and different services at user ports.
DSLAM
Access switch Park switch
Uplink speed limit, CoS label
Cascading DSLAM
Corridor switch
Personal dial-up user
Medium and small Personal VIP enterprise leased line user user
Key account
All rights reserved
Page 42
Enterprise Interconnection Service Implementation Strategy

Enterprise Interconnection Service Implementation Strategy
l
The MAN provides two technologies to interconnect enterprises: [ Layer-2/Layer-3 VPN service based on MPLS borne by IP MAN. Provide layer-2 and layer-3 VPN interconnection for common enterprises. [ Lower-layer connection service borne by MSTP transmission network. Provide physical leased line connection or pure layer-2 connection with high security and QoS guarantee for government institutions, public security, finance, and security industries.
As the layer-2 access mode between users and PE or MSTP equipment, the Ethernet switching network VLAN extends the above two interconnection services. Physical connection between SR and CN2-SR. Option 2 is used for it to implement MPLS VPN. Users can originate PE terminated IPSec or Tunnel in other forms so as to access MPLS layer-3 VPN remotely. All rights reserved Page 43
Enterprise Interconnection Service Implementation Chart

ChinaNet CN2
PPPoE dial-up and PPPoE leased line access MPLS PE, downlink speed limit, forwarding sensitive
Core router
Physical link between PE ASBR. Option 2 is used to implement crossdomain MPLS VPN.
BRAS SR CN2 SR
BRAS
SR
Tandem exchange ATM switching network Ethernet SDH/MSTP/RPR switching network/MSTP/R PR Access switch DSLAM Park switch Cascading DSLAM Corridor switch
Key account leased line accessed MPLS PE
CN2 MPLS PE
Personal dial-up user
Medium and small Personal VIP enterprise leased line user user
Key account
All rights reserved
Page 44
Pure L2 VPN service implement

ChinaNet CN2
VLAN interconnection mode: VPN users that accessed the public plane are connected to the MSTP through convergence switch. Only interconnected VLAN numbers need be allocated.
Core router
BRAS
SR
BRAS SR
CN2 SR
Tandem exchange Ethernet switching network/MSTP/RPR Access switch
SDH/MSTP/RPR Intra-city interconnected VC
DSLAM Cascading "#DSLAM DSLAM
Park switch Corridor switch MSTP interconnection mode. The TDM mode is used for transparent transmission between loops. Key account
Personal dial-up Medium and small Personal VIP Key account enterprise leased line user user user
All rights reserved
Page 45
IPTV Service Chart

IPTV Service Chart
IP MAN
BRAS/SR
PIM multicast routing protocol border, IGMP termination, configuration of static multicast groups, multicast service AAA management, PPP replication or port replication
Tandem exchange Ethernet switching network/MSTP/RPR Access switch
Provide a dedicated uplink channel. Configure dedicated PVC for IPTV.

DSLAM Set top box DSLAM Park/Corridor switch
SVLAN. The access switch bundles an external VLAN for several DSLAM/park switches. IGMP snooping
Allocate the internal VLAN for IPTV users and play the role of IGMP snooping.
Separate terminal. Public addresses are configured by preference.
Bundle the internal VLAN for dedicated PVC of IPTV users and play the role of IGMP snooping.
All rights reserved
Page 46
Softswitch Network Bearer Chart

Softswitch terminals can be connected through the public network when the service demand is slight and security can be fully ensured.
IP MAN
BRAS
BAC
SR/CN2 SR
The SIP and IAD can access softswitch terminals through the BAC by revisiting AG and TG.
Non-telecom access IAD
Softswitch core processing layer
The SS, AG, and TG start the VPN service through SR/CN2 SR. Tandem exchange Ethernet switchingAccess switch
network/MSTP/RPR
Allocate a dedicated VLAN and provide higher priority.
If the IDA of key accounts are connected through key account leased lines, the IAD must be able to mark voice with different QoS labels and allocate different VLANs for online users.
RPR/MSTP/SD H
DSLAM
DSLAM Park/Corridor switch
AG
Key account IAD
TG
Common network users can serve as VIP users and enjoy higher priority. Soft terminal user
Anonymous user IAD
The SS, AG, TG and key account IAD, serving as leased lines of key accounts, access through the MSTP. Allocate a dedicated VLAN for the SoftSwitch and give 802.1P higher priority.
All rights reserved
Page 47

All rights reserved
Page 48
User Management Principles

User Management Principles
l Service access control points BRAS and SR, together with RADIUS,
accomplish user management, including: [ An account can be used by one user only according to multiple restrictions. [ Bind attributes such as username, address, VLAN, and PVC. [ Prevent users from applying for IP addresses maliciously. [ Prevent users from maliciously originating dialing attack through the PPP scanning mode by restricting the number of dialing times and dial speed by users. [ Prevent users from acting as illegal agents by restricting the connection times of TCP with sessions. [ Prevent dummy address attack through functions of the equipment.
User Authentication and Charging in MAN

User Authentication and Charging
l The BRAS, together with the Portal Server, Radius Server and
background databases, authenticates dial-up users.

l Two co-existing authentication modes: PPPOE, DHCP+WEB l The MAN can charge users based on duration or traffic. l The MAN can implement Internet application charging through the pre-
paid mode or by binding user broadband accounts.

l The MAN can charge based on the service network. The service network
refers to services except Internet connection, for example, 3G, NGN, and video conferencing.
l The MAN can sign the service level agreement (SLA) with users.
All rights reserved
Page 50
MAN NMS Building Principles

NMS Building Principles
l In a province, the integrated network management system
(NMS) of the IP MAN and broadband access network is built to manage networks above service access points of MANs on a centralized basis. "
l Manage the VPN of all MANs on a centralized basis. l All cities and regions have level-2 NMS or separate terminals to
maintain and manage devices of MAN in the cities and regions, and separate NMS of MAN is not developed or built for the cities and regions.
All rights reserved
Page 51
MAN Security Control Function

Security Control Function
l To ensure the security of MAN, the system must be able to scan virus
and prevent virus from spreading. [ The MAN can filter and restrict traffic. It can restrict the uplink or downlink speeds based on the type of packets at the BRAS, DSLAM or park switches for incoming and outgoing traffic. It supports access control strategies based on standard quintuple or MAC address. [ The MAN can monitor exceptional traffic or exceptional packets.
All rights reserved
Page 52

All rights reserved
Page 53
IPv6 Deployment Principles

IPv6 Deployment Principles
l The IPv4/IPv6 dual stack transition strategy is adopted. In the MAN, you
can start the dual stack function partially and then enable the function in the whole MAN.
l If the equipment of MAN cannot support IPv6 well, add IPv6 layer-3
equipment to implement the IPv6 function of MAN based on service demands and implement interconnection through the MPLS or tunnel.
l Use the dual stack mode for access of users. You can use the tunnel
mode at the initial stage and then transit to the dual stack mode gradually.
l The newly added devices of IP MAN or access network implement the
dual stack function of IPv4/IPv6.

All rights reserved
Page 55
Internal Causes for Optimization of MAN

Problems Exist in the MAN
l At present, the following problems exist in the MAN: l Because slots on the BRAS are all inserted and ports cannot
be added, mount the BRAS directly. [ The path between DSLAM and BRAS is complicated. Any adjustment has much impact on users. [ There are not enough routers or ports to build the core layer or transit layer. [ There are no dedicated leased line access routers.
l To solve the above problems, much investment and
complicated project must be implemented. To achieve the final objective, the IP MAN must be built gradually.
Optimization of Routing MAN

l At present, the routing MAN has its own core egress router. The BRAS is
mounted aside mostly. The transit layer consists of large number of layer-3 switches, and it also serves as the access device of commercial users.
Backbone network border router R
Routing MAN
R
Exchange routing information through the EBGP

MAN egress router R R
S
AS65001
Layer-2/Layer-3 switch
Leased line access point ATM/FR/DDN/ Ethernet
DSLAM
Ethernet Key account DSLAM dedicated line router/CE
All rights reserved
Page 57
Routing MAN after Optimization

CN2
MAN core/transit router
China Net
Leased line access/PE router
Leased line access point ATM/FR/DDN/ Ethernet Key account router/CE
DSLAM
Ethernet dedicated line
Layer-2 network
Layer-3 direction
All rights reserved
Page 58
Optimization of Switched MAN

l
At present, the switched MAN is often a small and medium MAN. The core egress of the MAN is the layer-3 switch, which also serves as the transit layer. The BRAS accesses by mounting aside. The transit layer consists of large number of layer-3 switches. The transit layer or access layer switch also serves as the access device of commercial users.
R
Switched MAN
S
BRAS
Layer-2/Layer-3 switch Leased line access/PE router
Leased line access point
DSLAM
DSLAM
ATM/FR/DDN/ Ethernet Ethernet Key account dedicated line router/CE
All rights reserved
Page 59
Switched MAN after Optimization

CN2
Exchange routing information through the EBGP New MAN CORE ROUTER Layer-2/Layer-3 switch
China Net
Leased line access/PE router
Leased line access point ATM/FR/DDN/
DSLAM
Ethernet dedicated line
Ethernet Key account router/CE
Layer-2 network
Layer-3 direction
All rights reserved
Page 60
All rights reserved
Page 61
Typical Case: XX Province IP MAN

l In the province, 10 NE80s are
used to implement the MPLS VPN, egress planning, and line speed network access translation (NAT).
l The MA5200G has strong
CMNET provincial backbone
GE NE80 Core layer 2.5G POS

155M POS
GE NE80
service management capability. It manages key accounts and the access of WLAN/LAN in detail.
l Support smooth upgrade of
NE80
NE80 NE80 NE80 NE80 NE80 NE80
NE80
Transit layer
new services and IPv6 migration capability. The network is quite extensible and reliable.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
MA5200
Page 62
Typical Case: XX City MAN

l The core layer of the MAN consists of four NE5000Es " l In the convergence layer, seven NE5000Es are responsible for converging
services of large districts. ChinaNet

NE5000E NE5000E
NE5000E
NE5000E
NE5000E NE5000E NE5000E HUAWEI TECHNOLOGIES CO., LTD. NE5000E NE5000E Page 63 NE5000E
NE5000E
All rights reserved
Thank You
www.huawei.com

Odd010009 Ip Man Planning Issue1 - 1

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Odd010009 Ip Man Planning Issue1 - 1

Hochgeladen von

Copyright:

Verfügbare Formate

Internal

ODD010009 IP MAN Planning

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Overview of MAN Planning

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

are as follows: [ National backbone network [ Provincial backbone network [ MAN

backbone network and above the user access side.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Overview of MAN Planning

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Service Situation of the MAN

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Networking Types of MAN

devices: [ Layer-3 switch-centered switched MAN [ High-speed router-centered routing MAN

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Service Implementation of Switched MAN

IP MAN Internet broadband dial-up service

Broadband access network

Intra-city interconnection user

Intra-city interconnection user

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Problems of Switched MAN

Core layer of IP MAN

Convergence layer of IP MAN

Broadband access network

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Service Implementation of Routing MAN

Internet broadband dial-up service

Internet leased line service

Broadband access network

MPLS layer-3 VPN service

LAN PPPoE user Cell switch MPLS CE

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Overview of MAN Planning