Beruflich Dokumente
Kultur Dokumente
Feature Description
ZXA10 C300/C320 Feature Description Manual
ZXA10 C300/C320
Optical Access Convergence Equipment
Feature Description
Revision History
R1.0 (2014-06-30)
First edition
CONTENTS
1 GPON Feature .......................................................................................................... 14
1.1 Introduction ................................................................................................................. 14
1.2 GPON Principle .......................................................................................................... 17
1.2.1 Transmission Mechanism.......................................................................................... 17
1.2.2 OAM ............................................................................................................................ 22
1.2.3 ONU Registration and Authentication ...................................................................... 24
1.3 Key Technologies....................................................................................................... 28
1.3.1 Authentication security method introduction ............................................................ 28
1.3.2 Dynamic Bandwidth Allocation.................................................................................. 30
1.3.3 Data Encryption.......................................................................................................... 33
1.3.4 FEC ............................................................................................................................. 35
1.4 GPON ONU Remote Management .......................................................................... 36
1.4.1 Introduction ................................................................................................................. 36
1.4.2 Port Isolation............................................................................................................... 37
1.4.3 ONU Auto-Delivery .................................................................................................... 37
1.4.4 E1 Port Configuration ................................................................................................ 37
1.4.5 Port MAC Configuration............................................................................................. 37
1.4.6 Maximum MAC Address Learning Number of ONU Bridge ................................... 38
1.4.7 Multicast Configuration .............................................................................................. 38
1.4.8 Layer-2 Service on ONU ........................................................................................... 40
1.4.9 Remote ONU Version Upgrading ............................................................................. 41
13 ACL........................................................................................................................... 202
13.1 Introduction ............................................................................................................... 202
13.2 Basic Theory and Solution ...................................................................................... 204
FIGURES
Figure 1-1 GPON Position in PON............................................................................................ 14
Figure 1-12 The registration and authentication process of the GPON ONUs ..................... 26
Figure 2-1 Co-existence of XG-PON1, G-PON and RF video in the same ODN via WDM1r
........................................................................................................................................................ 45
Figure 5-2 Service Level Etherent OAM Maintenance Entity Group Model .......................... 71
Figure 8-1 Network architecture for Ethernet- based GPON aggregation ........................ 127
Figure 8-3 OLT tunnel ND messages with LIO appended .................................................... 131
Figure 8-4 AN as LDRA, BNG as DHCP L3 relay in DHCPv6-PD Process Diagram ........ 134
Figure 11-10 G.984.1 – Dual Parented duplex system model ............................................. 176
Figure 12-1 Implementation of isolation for different users (ONUs) ..................................... 179
Figure 12-2 Implementation of isolation for different service flows with different users ..... 179
Figure 15-2 Phase synchronization over GPON function Diagram ...................................... 211
Figure 18-1 Interfaces Supported by Common Public Interface Card ................................. 221
Figure 20-1 ZXA10 C300 supports time and clock redundancy function ............................ 238
TABLES
Table 2-1 Technical Difference between G-PON and XG-PON1........................................... 44
1 GPON Feature
1.1 Introduction
Description
GPON is an optical broadband access network. Its position in the PON network is
shown in the following Figure 1. The uplink network is the core switch network, while
the downlink is the user’s local network. It is to implement the user services
collecting, switching and forwarding.
ONUs provide the access to users. ONUs implement the following functions:
Multiplexes/de-multiplexes services.
OLT converges and handles the service traffics on several access nodes. An OLT is a
switch or router. It is also a platform, which provides multiple services. It is the core part
of GPON system. OLT implements the following functions:
ODN consists of single-mode optical fiber and optical splitter, optical connector, which
provides optical transmission media for the physical connection between the OLT and
the ONU.
Target
The downstream rate is 2488.32 Mbit/s and the upstream rate is 1244.16
Mbit/s.
The physical distance supports 3 modes, including 0-20 km, 20-40 km, and
40-60 km. The maximum logical distance is 60 km, and the maximum
difference distance is 20 km.
Description
GPON uses single fiber duplex transmission, with the downlink wavelength of 1490
nm and uplink wavelength of 1310 nm. The downlink data flow uses the TDM
technology and the uplink data flow uses the TDMA technology.
GPON defines the GEM frame format to encapsulate the uplink and downlink data
flow. The encapsulated GEM frames and the overhead bytes at the physical layer
form the GTC frames, which are transmitted between the OLT and ONU.
Target
GPON uses GEM as the data encapsulation method. Different GEM frames are
identified with different GEM Port-IDs. Figure 1-2 shows the GEM frame format.
The GEM header field consists of PLI, Port ID, PTI, and HEC. PLI indicates the
loading length, Port ID identifies the GEM frame, PTI indicates the GEM frame type,
and HEC is used to verify the header field. The GEM loading length can customized.
Since PLI is only 12 bits, the maximum loading length is 4095 bytes.
Figure 1-3 shows the method of encapsulating an Ethernet frames to a GEM frame.
For the methods of encapsulating other frames to GEM frames, refer to the GPON
standard.
After the data flow is encapsulated to GEM frames, multiple GEM frames are
encapsulated to a GTC frame.
filet-0000973721_A-036FE9D4_EncapsulatingGEMFramesToAGTC129_29
Figure 1-4 shows the downstream GTC frame format.
Since the TDMA transmission mechanism is used for upstream, the upstream GTC
frames consist of a series of ONU bursts, as shown in Figure 1-5.
PLOu indicates the uplink physical layer overhead of the ONU. Each Allocation
interval indicates a T-CONT upstream timeslot. ONU sends the data in the
T-CONT queue to the OLT during this timeslot. The BWmap field in PCBd of the
downstream frame defines the upstream starting time and end time of each
T-CONT.
Note:
The data of multiple GEM ports can be mapped to the same T-CONT.
In the GPON system, the downstream data flow of the OLT PON port is distributed
to different logical channels according to the GEM Port-IDs. The ONU filters the
downstream data according to the GEM Port-IDs, and it handles its own GEM data.
The data from one GEM Port-ID can be received by multiple ONUs to transmit
downstream broadcast or multicast data, as shown in Figure 1-7.
In the upstream direction, the data of multiple GEM Port-IDs can be converged to
one T-CONT. In the T-CONT upstream timeslot, the ONU sends these GEM
frames to the OLT. The OLT determines the scheduling between multiple GEM
Port-IDs in the same T-CONT. Figure 1-8 shows the upstream data transmission
mechanism.
1.2.2 OAM
Description
Embedded OAM and the PLOAM channel manage the functions of PMD, and
on the GTC layer.
Target
As shown in the Figure 1-9 GPON functions reference model, the DBA control
belongs to the embedded OAM channel provided by the domain signal field in the
GTC frame head. Because each signal section is directly mapped to a specific
area in the GTC frame head, the OAM channel provides a channel with low delay
for time sensitive control information. The channel has the following functions,
including bandwidth authorization, FEC enabling identifier, uplink dynamic
bandwidth report, and link BER information.
OLT can implement the following management functions through the OMCI
channel:
Description
GPON OLT applies embedded OAM and PLOAM channel to search ONUs
periodically. When it gets a legal ONU, it allocates corresponding ONU-ID and
measures the distance. After it successfully measures the distance, it registers the
ONU through PLOAM channel if necessary. After the successful registration, it
configures and manages services through the OMCI management channel just
set.
Target
Figure 1-12 The registration and authentication process of the GPON ONUs
After receiving the downstream GTC frame, the ONU clears the local
LOS/LOF, and the state is changed from O1 to O2.
After receiving the Upstream_Overhead PLOAM message, the ONU set the
preamble, delimiter, and equalization delay of the upstream frame according to
the message content, and the state is changed from O2 to O3.
The OLT uses the BWMap field of the downstream GTC frame to open a
public quiet window. All the unregistered ONUs can send their serial numbers
to the OLT through this quiet window.
The ONU sends its serial number to the OLT in the Serial_Number_ONU
PLOAM message.
After receiving the ONU serial number, the OLT assigns an ONU-ID to the
ONU through the Assign_ONU_ID PLOAM message.
The ONU receives the Assign_ONU_ID PLOAM message, and the state is
changed from O3 to O4.
The OLT uses the BWMap field of the downstream GTC frame to open an
upstream quiet window for the ONU-ID. The ONU sends its serial number to
the OLT through the quiet window.
The ONU sends its serial number to the OLT in the Serial_Number_ONU
PLOAM message.
After receiving the ONU serial number, the OLT calculates the ONU distance
and equalization delay, and sends the equalization delay to the ONU in the
Ranging_Time PLOAM message.
After receiving the Ranging_Time PLOAM message, the ONU sets its
equalization delay, and the state is changed from O4 to O5.
The ONU sends its password to the OLT in the Password PLOAM message.
The ONU password is verified, The OLT delivers the Configure Port-ID
PLOAM message and configures the ONU OMCI management channel.
The ONU sets the OMCI management channel. The OLT can perform service
configuration and management through this channel.
Description
Target
Disable
The ONU supports the session between the client and server by the
configured validation parameters.
Basic Theory
The OLT configures the parameters of authentication security method by OMCI
messages according to the G.984.4 9.12.4 authentication security method.
Relationships
Attributes
Managed entity id: This attribute uniquely identifies each instance of this
managed entity. The value 0xFFFF is not valid. (R, Set-by-create) (mandatory)
(2 bytes)
Validation scheme: This attribute specifies the validation scheme used when
the ONT validates a challenge. Validation schemes are defined as follows:
Validation disabled
Username: This string attribute is the user name. If the string is shorter than 25
bytes, it must be null terminated. (R, W) (mandatory) (25 bytes)
Password: This string attribute is the password. If the string is shorter than 25
bytes, it must be null terminated. (R, W) (mandatory) (25 bytes)
Realm: This string attribute specifies the realm used in digest authentication. If
the string is shorter than 25 bytes, it must be null terminated. (R, W)
(mandatory) (25 bytes)
Solution
Description
The dynamic bandwidth allocation of GPON is that the OLT dynamically allocate
uplink transmission time slot for ONU according to the transmission buffer
occupancy ratio.
Target
Features& Specification
In GPON, T-CONT is the minimum scheduling unit for uplink bandwidth allocation.
Bandwidth authority is correlated with only one T-CONT. Regardless the count of
cache queues on one T-CONT, OLT DBA algorithm considers T-CONT as a
container containing only one logical cache.
Builds the BWmap field for the downstream frame according to the upstream
bandwidth value and store it in the BWmap table.
The OLT can set the queue scheduling policy on ONU T-CONT through
management channel, as shown in Figure 1-13.
The OLT can obtain the occupied state of T-CONT logical cache by two ways:
The OLT continuously monitor the T-CONT upstream flow, and speculate the
current occupied state of the T-CONT logical cache according to the
fluctuation condition for corresponding bandwidth allocation. The DBA
implementing this method is known as TM-DBA.
The OLT can require ONU to report current occupied state of each T -CONT
logical cache for corresponding bandwidth allocation. The DBA applying this
method is known as SR-DBA.
Best-effort bandwidth: It is of the lowest priority and is allocated after the fixed,
assured, and non-assured bandwidth are allocated.
Description
Target
OLT delivers Request_Key PLOAM message to request ONU for a new key.
OLT saves the new key locally and delivers Key_Switching_Time PLOAM
message to inform the ONU of the activation time of the new key.
ONU configures the activation time of new key and transmits a confirmation
message to the OLT through Acknowledge message PLOAM.
At the activation time of the new key, the OLT encrypts the downstream data
with the new key, then delivers it to the ONU.
The ONU uses the new key to decipher downstream data to obtain effective
data.
1.3.4 FEC
Description
Target
In the GPON system, RS code is used to implement FEC and is based on a block.
It selects a fixed-size data block and adds extra redundancy at the end. FEC
decoder uses these extra bits to process the data flow, find errors, correct errors
and then obtain the original data.
The general RS code is RS (255, 239) with the length of 255 bytes including 239
data bytes and 16 bytes of check fields.
The original data is reserved when FEC based on the block is applied. Therefore,
even the opposite port does not support the FEC, the original data can be
processed by ignoring check bits.
1.4.1 Introduction
User can manage ONU through OLT by unified NMS for management and
maintenance, or directly manage ONU by unified NMS
Mode2: Users can configure and manage the ONU IP address by NMS or manual
configuration of IP address pool. When the ONU is online, OLT automatically
obtains an IP address and allocates it to ONU. The OLT sets the IP to the ONU.
After configuring ONU to manage IP, users can directly log on the ONU to manage
through in-band modes: such as SNMP, Telnet, Web etc
Port isolation is to prevent layer 2 interworking among ONU user ports to strengthen
the network security.The ONU bridge port allows local exchange or not by
Configure a bridge to allow or block the local exchange
Auto-delivery is to save ONU service data on OLT while ONU does not need the
service data. When the ONU goes online, the OLT automatically deliver remote
management data to the ONU to ensure normal services. The implementation of
the unified management of the OLT on the ONU is convenient to maintain and
replace the ONU.The system automatically delivers the configuration to the ONU
while the ONU goes online again.
OLT re-set the local configuration of the ONU after the an ONU goes online at the
first time, then it deliver the configuration to the ONU. If the ONU goes online again,
the OLT and ONU maintains a counter respectively. When the ONU goes online
again, the OLT compares the two counters. If the counters are different, use the
OLT configuration to reset the local configuration of the ONU. If they are the same,
it is unnecessary to reset the configuration.
Configure the ONU E1 port through OMCI, ZXA10 C300/C320 supports E1 port
enable/disable function.E1 supported ONUs can be configured to enable or disable
E1 port.
Configure MAC binding on ONU port to filter packets transmitted from illegal MAC
address. Configure port static MAC address to avoid MAC addresses learning.
After configuring port MAC address binding, only the packets with source MAC
of bound MAC can pass. The packets with other source MAC is to be
discarded.
After configuring port MAC filtering, the packets with the source MAC of the
filtered MAC is to be discarded.
The static MAC address must not age or learn after configuration.
Configure the maximum MAC address learning number of ONU bridge through
OMCI to restrict the user number connected to each ONU bridge.
Configure the maximum MAC address learning number of ONU bridge through
OMCI to restrict the user number connected to each ONU bridge. When the
addresses that the port learns reaches the maximum value, the port does not learn
the addresses of the different— source— address packets that it receives. The
difference in processing the packets leads to the possible difference in ONUs.
There are usually two situations as follows:
Forward the packets upstream. The downstream packets flood because they
fail to find the forwarding port.
Fastleave function.
IGMP Snooping
IGMP Snooping considers that Layer–2 switch is between the host and the
router (Layer–3 switch). Between the router and the host, IGMP establishes
the relation between the IP multicast group and router members . The router
transmits a Query packet to all the ports to query which host to join. The host
transmits a Report packet to the router after the host receives the Query
packet to inform the router the host IP address which intends to join. When the
IGMP packets is interacting, the router uses a specific type D multicast IP
address of 224.0.0.1 to transmit the Query packet and the host uses a specific
type D IP address of 224.0.0.2 to transmit the Report packet. The MAC
address that the two IP addresses maps is unique. Therefore, the Layer–2
switch traps the Ethernet frame of the two multicast MAC address which the
Layer–2 switch receives, then the CPU defames the Ethernet frame to be
IGMP packet. Processing the IGMP packet is to get the relation between the
IP multicast group and the switch port and map it to be the relation between
the MAC multicast group address and the switch port. The IGMP Snooping
module processes the Query packets from the router and ana lyzes its
multicast source, and forwards it to other ports of the same VLAN. The IGMP
Snooping also receives Report and Leave packets from other hosts, analyzes
the members of the multicast group, and forwards the frame all the ports of the
same VLAN.
Controllable Multicast
The OLT identifies the user on the port according to the use's LLID or the
VLAN ID carried by the upstream IGMP Join packet. It judges whether the user
has the authority and parameters to access the applied multicast services. The
OLT transmits the authority to access the multicast channel to the ONU
through the extended OAM packet controlled by the multicast. Then the ONU
forwards or shuts down the multicast service traffic of the user on this port.
Multicast VLAN
ZXA10 C300/C320 uses the flow concept of to implement Layer-2 services on the
ONU.
802.1p mapping service: Map the Ethernet data frame to different Gemport
according to the 3 bit priority field in the Ethernet data frame.
Flow: The service in ZXA10 C300/C320 GPON obtains a flow according a certain
mapping rules.
ZXA10 C300/C320 can upgrade ONU version remotely through OLT, ZXA10
C300/C320 supports remote upgrading multiple ONU version simultaneously.
OLT upgrades ONU version through OMCI protocol, as shown in Figure 1-17
Activate the version after downloading the version to the ONU, as shown in Figure
1-18
2 XG-PON1 Feature
2.1.1 Introduction
XGPON is accordance with ITU-T G.987 series standard The downstream rate of
XGPON1 is 10Gbit/s, and the upstream rate is 2.5Gbit/s.
Table 2-1 shows the technical Difference between G-PON and XG-PON1
G-PON XG-PON1
Multiple PLOAM messages are transmitted into one downstream XGTC frame,
which increases PLOAM channel capacity.
Decouple of FEC and bandwidth on the ONU side to reduce ONU’s cost.
Doze and cyclic sleep power saving modes to decrease power consumption
on the ONU side.
The basic principle of co-existence of XG-PON1, G-PON and RF video in the same
ODN prototype is shown in Figure 2-1
Figure 2-1 Co-existence of XG-PON1, G-PON and RF video in the same ODN via
WDM1r
Each XG-PON1 line card can provide eight 10G gigabit-capable passive optical
network(GPON) ports.
Each 10G GPON port supports 256 optical network units (ONUs).
Each 10G GPON port supports 8192 XGPON encapsulation mode (XGEM) ports.
OLTs use AES-128 to transmit key ciphertext. AES is the acronym for Advanced
Encryption Standard.
OLTs support the function for querying 10G GPON optical module parameters,
such as temperature, bias current, voltage, and receive optical power.
3.1 Introduction
Point-to-point (P2P) GE/FE optical access means the point-to-point FTTX access based
on the combination between its P2P GE/FE optical access card and the P2P GE/FE
terminal devices. ZXA10 C300/C320 provides point-to-point (P2P) Ethernet optical
access with GE/FE ports and coordinates with downstream devices to implement various
optical access solutions for users. The scenarios include FTTC/FTTB, FTTO, and
FTTCell
The P2P card in ZXA10 C300/C320 uses WDM technology. It uses single optical fiber for
sending and receiving. Therefore, it is greatly suitable for those occasions that access
layer is in great demand of optical fibers and optical fibers are in short, to achieve device
interconnection. The P2P card can save a large number of optical fiber resources and
thus reduce the network construction cost. To meet the requirement of connection with
the normal GE/FE Ethernet interface of the downlink equipment. In addition, the P2P
card can also use the dual-fiber SFP optical module to implement the normal GE/FE
Ethernet interface, therefore, the number of each card decrease to half. The P2P card is
mainly applied in the following scenarios:
FTTH
As an access scenario, the P2P card is connected to an P2P ONU to implement FTTH
application, The FTTH solution implemented through GE P2P optical access can provide
a higher bandwidth for users, thus meeting the requirements of high-end users. Because
each user exclusively possesses an optical fiber, he can be provided the most reliable
optical-layer security isolation.
FTTO/B
Through P2P access for FTTO application, it provides enterprise user with higher reliable
dedicated line and VPN services. The OLT is connected to enterprise SBUs through GE
P2P Ethernet optical access. The SBUs are connected to user terminals through FE,
POTS, or Wi-Fi. QinQ VLAN encapsulation is implemented on the SBUs and the OLT. In
this way, transparent and secure places, and thus the service data and BPDUs between
the enterprise private networks can be transparently transmitted over the public network.
FTTO is applicable to enterprise networks. In this scenario, FTTO implements TDM PBX,
IP PBX, and private line service in the enterprise intranets
FTTC
The P2P card provides Ethernet FTTC access which is subtended to mini-OLT/DSLAMs
and hence reduces the cost of networking in order to converge a large number of users
with the features such as inter-board aggregation, smart link, and ring check.
FTTcell
The P2P card can provide connection to base stations directly or through P2P ring. To
meet the backhaul requirement, it provides the synE/IEEE 1588V2 features. The OLT is
connected to CBUs or base stations through GE/FE P2P Ethernet optical access. The
OLT connects wireless base stations to the core IP bearer network through optical
access technologies. This implementation mode is not only simpler than traditional
private network technologies, but also drives down the costs of base station backhaul.
FTTCell is applicable to reconstruring and capacity expansion of mobile bearer networks.
In this scenario, FTTCell converges the fixed network and the mobile network on the
bearer plane
The ZXA10 C300/C320 supports the following P2P GE/FE optical access specifications:
Each P2P card supports a maximum of forty-eight GE/FE optical ports which is
compliant with IEEE802.3-2008 and ITU-T G.985/G.986.
The P2P interface support LACP/MSTP, the LACP function can support for those
ports of inner-card and inter-card
The P2P card provides multicast function such as IPv4 ASM, IPV4 SSM,IPV6
ASM,IPV6 SSM
The following IP security function can be supported in P2P card: DHCPV4 Snooping,
DHCPV6 Snooping, IPv4 source guard, IPV6 source guard, ND Snooping.
The port location can support PPPOE+,DHCPV4 L2 relay agent; DHCPV6 L2 relay
agent, and ND LIO;
The ACL function includes IPV4 ACL, IPV6 ACL, ACL can support traffic monitoring,
traffic statistics, VLAN, COS and DSCP modification,
The QOS function includes port+VLAN policing, port+VLAN shaping, DSCP to COS
mapping, etc.
4.1.1 Introduction
Description
Target
The system ages dynamic MAC addresses to ensure timely updates of the MAC
address table. If the MAC address table is full and not updated, the system will fail to
learn new MAC addresses and will consequently fail to forward data.
The MAC address management function description listed as the following Table
4-1:
4.2 VLAN
4.2.1 Overview
Description
Layer 2 switching uses the Media Access Control (MAC) address from the host's
Network Interface Cards (NICs) to decide where to forward frames. Layer 2 switching is
hardware based, provides wire speed and low latency. Layer 2 switch can be treated as
a multiport bridge. Layer 2 switching is commonly used in LAN communications.
VLAN switching is based on Layer 2 switching, and VLANs are identified by VLAN IDs.
Data with the same VLAN ID can be forwarded through L2 switching, and data with
different VLAN IDs is separated from each other. The VLAN technology ensures that
broadcast data and flood data would not be forwarded to all the other ports and reduces
the traffic load. Data with different VLAN IDs cannot be interworked, so the data security
is improved. In network planning, the Per User Per VLAN (PUPV), Per Service Per VLAN
(PSPV), or Per User Per Service Per VLAN (PUPSPV) methods can be used for
separated control of users or services.
The IEEE 8021.Q standard adds a tag field (four bytes) to an Ethernet frame.
IEEE802.1Q does not actually encapsulate the original frame. Instead, for Ethernet
frames, it adds a 32-bit field between the source MAC address and the
EtherType/Length fields of the original frame, so the minimum and maximum frame sizes
from 64 and 1,518 bytes (octets) to 64 and 1,522 bytes.
Tag Protocol Identifier (TPID): a 16-bit field set to a value of 0x8100 in order to
identify the frame as an IEEE 802.1Q-tagged frame. This field is located at the
same position as the EtherType/Length field in untagged frames, and is thus used
to distinguish the frame from untagged frames.
Priority Code Point (PCP): a 3-bit field which refers to the IEEE 802.1p priority.
It indicates the frame priority level. Values are from 0 (best effort) to 7 (highest);
1 represents the lowest priority. These values can be used to prioritize different
classes of traffic (voice, video, data, etc.). See also Class of Service or CoS.
Drop Eligible Indicator (DEI): a 1-bit field. (formerly CFI) May be used
separately or in conjunction with PCP to indicate frames eligible to be dropped
in the presence of congestion.
VLAN Identifier (VID): a 12-bit field specifying the VLAN to which the frame belongs.
The hexadecimal values of 0x000 and 0xFFF are reserved. All other values may be
used as VLAN identifiers, allowing up to 4,094 VLANs. The reserved value 0x000
indicates that the frame does not belong to any VLAN, it referred to as a priority tag.
On bridges, VLAN 1 (the default VLAN ID) is often reserved for a management
VLAN; this is vendor-specific by default
As the numbers of VLAN users and services keep increasing, 4094 VIDs cannot meet
the service requirements. Therefore, on the basis of IEEE 802.1Q, the IEEE 802.3ad
standard defines the concept of double-tag. IEEE802.1ad adds double tag field between
the source MAC address and the EtherType/Length fields of the original frame.
Double-tag can be useful for Internet service providers, allowing them to use VLANs
internally while mixing traffic from clients that are already VLAN-tagged. The outer (next
to source MAC and representing ISP VLAN) S-TAG (service tag) comes first, followed by
the inner C-TAG (customer tag). S-TAG VID and C-TAG VID can be combined as a
unique identifier. IEEE 802.3ad increases the number of VIDs to 4094 ×4094.
The ZXA10 C300/C320 may use the following concepts related to VLAN listed as Table
4-3
Target
It enable the carries network to support multiple service which could identify specific
subscribers and services.
The ZXA10 C300/C320 supports the following VLAN processing rules, which are
applicable to uplink services. For downlink services, the corresponding user -side
interfaces need to be located based on the S-VLANs and destination MAC addresses.
The down link services are then reversely converted according to the VLAN processing
rules of the user-side interfaces. The service flows whose VLAN processing rules cannot
be located will be discarded.
The following figure shows the detailed VLAN functions in ZXA10 C300 /C320 as listed in
Table 4-4 :
Description
IEEE 802.1Q
The basic VLAN service is simple. In the upstream direction, the ONU packets
have VLAN tags (configured through the home gateway or user interface by
default). The packets are sent to the main control and switching card through the
GPON card for VLAN tagging and MAC address learning. The first broadcast
packet is transmitted in flooding mode and then forwarded to the uplink port
(configured with the same VLAN tag) of the uplink card and then to the uplink
device.
In the downstream direction, the GPON card is found based on the user VLAN tag
and the destination MAC address. The packets then send to ONU and ONU will
match the original Tag or Untagged format.
Description
With the development of Triple Play, access devices are required to support more
services such as the Internet, VoIP and IPTV services. A subscriber can access
these services through one home gateway device.
Carriers want to simplify the home gateway configuration. At the meantime the
access devices (ONUs or OLTs) are required to identify different subscribers and
services, and implement N:1 VLAN translation or 1:1 VLAN translation.
1:1/N:1 VLAN translation is applicable per user /service/ VLAN. All the service
types (based on different VLANs) with each user are translated to different VLANs.
It is applicable for the single-edge and multi-edge networking, as shown in Figure
4-3
The GPON system works in the following procedures: When there is no home
gateway, ONU adds VLAN tag for each service and user. When there is a home
gateway, the home gateway configures different VLAN tags for different services.
After the ONU sends packets to the OLT, OLT implements 1:1 VLAN translation.
Each service of individual user is identified with a VLAN tag. The OLT can add an
external VLAN tag in order to distribute the traffic under the multi-edge condition.
For the downstream traffic, the OLT needs to implement the forwarding based on
VLAN ID or VLAN ID+MAC.
A indicates to implement 1:1 translation for the VLAN which VoIP belongs to
when stripping the GEM port ID, add the external VLAN, and then transmit it.
B indicates to implement 1:1 translation for the specific service VLAN (such
iTV), add the external VLAN, and then transmit it through the specific SNI as
required.
Description
VBES stands for VLAN for Business Ethernet Services. The traffic at the ONU UNI
interface can be untagged, tagged, double-tagged or priority-tagged. For TLS, the
required implementation is for the ONU to always add an S-Tag or translate an
incoming S-Tag to a new S-Tag, on upstream traffic.
Description
Selective Q-in-Q is the function that adding the outside VLAN Tag based on the
user packet VLAN tag and the given user port (GEM port in GPON).
Selective Q-in-Q is used with 1:1 VLAN translation for per user/ service/ VLAN.
Each rule of selective Q-in-Q is described as adding outside VLAN tag based on
the user packet VLAN Tag and the given user port(GEM port in GPON), when 1:1
VLAN translation is used, the VLAN will be given a new value which will not be the
original user packet VLAN.
In the upstream direction, the user packet with single VLAN tag is received. On
the user port, OLT find the select Q-in-Q rule by the VLAN tag and the user
port. If the rule is found, OLT adds the outside VLAN to the user packet and
forwards it to the NNI side.
In the downstream direction, the packet with S+C VLAN tag (Double VLAN tag)
is received on NNI port. Then the OLT forwards the packet to the user port with
1:1 or N:1 VLAN forwarding mode. Furthermore, on the user port of the OLT
will find the select Q-in-Q rule by the S+C VLAN tag plus user port. If the rule is
found, the OLT will remove the outside VLAN of the user packet and then send
out.
Description
N:1 and 1:1 VLAN Forwarding are the different ways to forward packets in Layer 2
devices.
N:1 VLAN forwarding mode is the common VLAN + MAC translation mode in
layer-2. Single VLAN can be associated with more than one user port and uplink
port. Firstly when the packets are received, the source MAC address and VLAN
will be learned and contribute to the MAC forwarding table. The next step is to
search the destination port in the MAC forwarding table based on destination MAC
and VLAN ID. If the destination port is found then forward the packets to the
destination port otherwise the packets is flooded.
1:1 VLAN forwarding mode forwards the packets only based on the VLAN ID. In
the upstream direction, the packets are transparently transmitted to the designated
uplink port. In the downstream direction, the packets search the destination port
from the 1:1 VLAN forwarding table and forward to that port.
According to the 1:1 VLAN forwarding mode, it is unnecessary to act the MAC
address learning.
5 Ethernet OAM
5.1 Introduction
Description
Ethernet has been widely deployed because it’s economic, interoperable and feasible.
Since the Ethernet, especially 10Gbit/s Ethernet standards getting matured, the
technology has penetrated to MAN (Metro Area Network) and WAN (Wide Area Network)
as the carrier-class transport network to cater for multi-service requirements. In MAN and
WAN, there are various types of subscribers who need to be supported by end -to-end
services from several different carriers’ network. People therefore will face more
challenges on its extensibility, reliability, security and manageability while Ethernet is
widely deployed. Today the most popular Ethernet OAM standards including: IEEE
802.3ah, IEEE 802.1ag and ITU-T Y.1731.
Target
Ethernet OAM solution includes two aspects: one is called Link Level Ethernet OAM
according to IEEE 802.3ah. It can realize automatic neighbor discovery, link fault
detection, link failure indication, and link loop test etc; the other one is called Service
Level Ethernet OAM according to 802.1ag/Y.1731. It can realize end-to-end performance
measurement for connection monitoring, failure indication, frame delay measurement
and frame loss measurement etc.
Supports 802.3ah for V-cut boards/P2P boards, and emergency link detection
5.2.1 Introduction
Description
Link Level Ethernet OAM is the tactics for link fault detection, link failure indication
and fault recovery processing in Point-to-Point Ethernet link.
Target
Users could achieve the Ethernet network management with the minimum cost in
Point-to-Point Ethernet level, which means to provide with connection monitoring,
failure indication and link loop test for link automatic protection switch.
Abbreviations
Link Level Ethernet OAM (IEEE 802.3ah) is an optional sub-layer in Data Link
Layer for implementing link operation, monitoring and fault location detection
supporting with remote link alarm indication, remote loopback control etc. Link
Level Ethernet OAM uses OAMPDU with the destination MAC address of
0x0180c2000002. Generally there is no forwarding over bridges for those
OAMPDU but it could be directly processed through MAC sub-layer.
Ethernet OAM is based on 802.3 full-duplex or simulate full-duplex data link for
Point-to-Point link management. It does not support those such as Point-to-
Multipoint shared link OAM management; in the meantime Ethernet OAM based on
Solution
Initially peer end devices will need to start the Link Level Ethernet OAM
protocol discovery process, the active side device will send out the Discovery
frame of the protocol from OAM port to negotiate the parameters with the
passive side device.
Link Level Ethernet OAM defines a series of process for response the link
operation consists of remote equipment communication mechanism. Through
the defined events, the local device will report the Link Event Notification to the
remote OAM client and provide the explicit Event Notification messages.
Link monitoring function are for detecting and indicting link faults under a
variety of circumstances. Link monitoring uses the Event Notification
OAMPDU, and sends events to the remote OAM entity when there are
problems detected on the link, The error events defined in the standard are:
Errored Symbol Period, Errored Frame, Errored Frame Period, Errored Frame
Seconds Summary.
OAM provides an optional data link level loopback mode for initiating remote
control. When the remote device under the OAM remote loopback mode, it can
query and compare the local and remote devices statistics at the random time.
Through analyzing the OAM sub- layer remote loopback message, it can
ensure the status of the link connection.
5.3.1 Introduction
Description
Supports 16 MD
Support 64 MA
Support Y.1731 Service Level Ethernet OAM function, support functions as below:
supports six frequency levels to send CCM frames, the 3.3ms is fast time interval
Abbreviations
CE Customer edge
LCK Locked
ME Maintenance entity
MEG ME group
PE Provider edge
Figure 5-2 Service Level Etherent OAM Maintenance Entity Group Model
Solution
Fault recovery
Network administrator operates the fault recovery, such as modify the
configuration errors, or enable STP protocol, or initiate APS.
For single-ended ETH-LM, the source MEP sends LMM message added with
the counters of service frames at the egress point, the peer MEP received the
LMM message, copy the original counters and also add the local counters of
service frames for ingress and egress packets, then send the LTP message
out. The source MEP receives the LMR message, cumulates the counters of
the service frames at all the interfaces, thus the source MEP will get the loss
measurement result by simply calculating the sending the receiving counters
of service frame.
By using this function, we can calculate the effective service time and total
time in a relative long period (e.g. 1h) to obtain the availability performance
results.
6 IPV4 L3 Feature
6.1.1 Introduction
IP Routing Overview
At present, carriers use VoIP to implement voice access. The ONU is built in with a
VoIP module or the ONU is connected by an IAD to access the broadband network
through the PON system.
The subscribers of different ONUs under the same OLT or different IADs under the
same ONU can realize VoIP interoperation. According to the networking plan of
most operators, the devices of access network are required to be separated from
each other. The access subscribers interoperate with each other through the uplink
router. Such a network has high security and is easy to be planned. The layer-2
devices are separated and they interoperate with each other through a layer-3
device.
Interoperating through layer-3 handles the ARP address resolution and packet
forwarding. The interoperating is realized in the following methods:
The uplink router enables the ARP proxy function, the OLT implements layer -2
separation, and the uplink router implements interoperating through layer-3.
The uplink router does not enable the ARP proxy function, the OLT
implements layer-2 separation, the OLT or the convergence switch enables
the ARP agent function (based on the VoIP VLAN, not for all subscribers). The
OLT takes place of the uplink router to return the MAC address of the router.
Packets are forwarded by the uplink routers on layer-3.
The uplink router does not enable the ARP proxy function, the OLT enables
the layer-3 function, that is, the OLT implements the functions of ARP proxy
and layer-3 data forwarding between the VoIP subscribers under the OLT.
Description
IP routing features refer to the condition that ZXA10 C300/C320 works for layer-3
forwarding. It uses the destination IP address of the IP packet and lookup the IP
routing table of ZXA10 C300/C320 to forward packets to the next-hop device. This
is different from the layer-2 forwarding where ZXA10 C300/C320 uses the
destination MAC+VLAN to forward packets to next-hop device. The IP routing table
can be configured in static mode or obtained dynamically through routing protocols
such as RIP, OSPF, BGP, or IS-IS.
Target
Figure 6-1 shows the layer-3 forwarding process. For layer-3 forwarding, the
destination MAC address is ZXA10 C300/C320 MAC address. The upper-layer
protocol configuration determines if the L3 marks with 1 in the layer-2 forwarding
table.
Description
Static routing
RIP
OSPF
BGP
IS-IS
6.2.1 Introduction
Description
OLT populates a local ARP table according to DHCP snooping or static IP/MAC
bundle (also called static ARP). When OLT snooping downstream broadcast ARP
request from network side, OLT looks up local table with Target IP of ARP request
message and change its Ethernet frame’s destination MAC from broadcast to
unicast. It prevents ARP request from network side broadcast to all end users
Supports enable IP-aware ARP request filtering for specific VLAN subscribers
only.
To enable subscribers A1 and C1 (in same VLAN and same IP subnet) under the
same OLT to communicate with each other, configure the global ARP function
based on the specific VLAN on the OLT. In addition, configure the IP address and
MAC address of the uplink router gateway.
Since subscribers A1 and C1 are in the same subnet, when A1 visits C1 for the
first time, it sends an ARP request broadcast packet to obtain the MAC
address of C1.
The ARP agent module intercepts the gateway MAC address, and then sends
the ARP reply packet to subscriber A1 using the gateway MAC address
instead of the C1 MAC address.
The packets that subscriber A1 sends to C1 are sent to the gateway firstly. The
gateway forwards the packets to subscriber C1. Thus subscribers A1 and C1
can communicate with each other.
Since ARP agent does not occupy the user address and does not need to enable
layer-3 interface, it is recommended for layer-2 interoperating based on specific
VLAN subscribers.
OLT has DHCP snooping feature enabled and populated an entry in local ARP
table that bundle A1’s IP address and MAC address
When BRAS send an broadcast ARP request to resolve A1’s MAC address, OLT
looks up Target IP of ARP request and hit an entry in local table
OLT changes broadcast destination MAC with A1’s MAC from the entry.
Only A1 received ARP request and replied his MAC as link-layer address
6.3.1 Introduction
Description
ARP proxy implements the layer-3 ARP function. The ARP proxy function needs to
be enabled on the layer-3 router for the VoIP subscribers under the same OLT to
interoperate with each other. When the layer-3 router does not enable ARP proxy
for security purposes, the OLT returns the MAC address of the uplink router
gateway, that is, the OLT enables ARP agent.
C300/C320 will create a layer-3 interface and the assigned IP address is in the
same subnet with the subscribers, and ARP proxy function is enabled on
C300/C320.
To enable subscribers A1 and C1 (in same VLAN and same IP address subnet)
under the same OLT to communicate with each other, configure a layer-3 interface
(based on the specific VLAN) on the OLT. On interface configuration mode,
configure an IP address in the same subnet as A1 and C1, and enable ARP proxy
function under the interface.
Since subscribers A1 and C1 are in the same subnet, when A1 visits C1 for the
first time, it sends an ARP request broadcast packet to obtain the MAC
address of C1.
The ARP proxy module sends the ARP reply packet to subscriber A1 using
OLT MAC address instead of the C1 MAC address, and adds a host route
entry pointing to A1 to the route table.
The packets that subscriber A1 sends to C1 are sent to the OLT firstly. Then
the OLT forwards the packets to subscriber C1. Thus subscribers A1 and C1
can communicate with each other.
When the subscriber sends an ARP request, ARP proxy returns the OLT MAC
address, while ARP agent returns the gateway MAC address.
For ARP proxy, the OLT transits data, while in ARP agent, the layer-3 gateway
router transits data.
ARP agent does not require layer-3 interface or occupy an IP address, while
ARP proxy does.
6.4.1 Introduction
Description
When a DHCP Client and DHCP servers are on different network segments,
DHCP relay is used to forward DHCP client’s request to a specific DHCP server.
ZXA10 C300/C320 works as a DHCP relay on the layer-3 switch condition.
Target
DHCP relay is a general way to deploy DHCP service in the layer-3 networking
environment. DHCP servers can be collectively deployed to simplify operator
Each layer-3 VLAN interface can be configured with at most four DHCP
servers per group for load balance, and adopts polling modes to implement
mutual backup.
Application Scenario
When the DHCP server and the user are in different network segment, ZXA10
C300/C320 is applied to implement layer-3 switch and to run DHCP relay function,
as shown in Figure 6-2.
The principle of DHCP relay is to modify the 'giaddr' in the heading of the DHCP
packet transmitted by the user to be as a local IP. It is forcibly transmitted to the
DHCP server in the unicast packet mode with the relay of ZXA10 C300/C320.
Then the DHCP server transmits DHCP response to ZXA10 C300/C320 with the
6.5.1 Introduction
Description
DHCP proxy is a special form of the DHCP relay. Through ZXA10 C300/C320, the
DHCP proxy converts the originally obtained long leased time to pre-configured
short leased time and assigns it to users. It can also implements abnormal offline
test on the DHCP users.
Target
Configure short lease time for users testing on layer 3 VLAN interface.
Application Scenario
The application scenario of the DHCP proxy is consistent with the DHCP relay.
DHCP proxy mainly applies the renew mechanism in the DHCP. According to the
protocol, the user should transmit a DHCP renew message to the DHCP server at
the 1/2 of the leased time. If the user leased time is not expired, the DHCP server
transmits a DHCP Ack to the user. Otherwise, it transmits a DHCP NAck to the
user. Then the user releases the IP address, which is to be recycled by the DHCP
server.
6.6.1 Introduction
Description
As a field in the DHCP, Option60 is used to define user ONT. ZXA10 C300/C320,
as a DHCP relay, forwards DHCP packets to different DHCP servers according to
the different Option60 fields and thereby obtains different IP addresses. Option60
is actually a special mode of DHCP relay/proxy to choose the DHCP server.
Target
Option60 is used for different ONT to forward protocol packets to different DHCP
servers according to ZXA10 C300/C320 configuration policy in the same VLAN.
Application Scenario
There are two types of ONT at ZXA10 C300/C320 user side: One is for VoIP, the
other is for IPTV, which are identified with Option60 fields. The ONT of the VoIP
applies addresses from the DHCP Server 139.1.1.1 and the ONT of the IPTV
applies address from the DHCP sever 160.1.1.1, as shown in Figure 6-5
There are two types of ONT at ZXA10 C300/C320 user side: One is for VoIP, the
other is for IPTV, which are identified with Option 60 fields. The ONT of the VoIP
applies addresses from the DHCP server 139.1.1.1 and the ONT of the IPTV
applies address from the DHCP sever 160.1.1.1.
As shown in Figure 6-6, ZXA10 C300/C320 obtains the address 139.1.1.1 of the
DHCP server according to the VoIP character string of the DHCP Option 60 from
the ONT, and then forwards it to the DHCP server 139.1.1.1 to obtain the IP
address.
6.7.1 Introduction
Description
The option82 is called the Relay Agent Information option and is inserted by the
DHCP relay agent when forwarding client-originated DHCP packets to a DHCP
server. It carries information like line identification. Servers recognizing the Relay
Agent Information option may use the information to implement IP address or other
parameter assignment policies.
Access node like OLT, DSLAM is only a bridge device and has no IP interfaces of
a Layer3 DHCP relay, while option82 is still required by DHCP server when
receiving request from same VLAN. In this case, DHCP L2RA (layer2 relay agent)
feature of OLT should be enabled to insert option82
Target
Act as a relay agent most close to DHCP client, insert option 82 in upstream and
remove option 82 in downstream
OLT provides the solution that is compliant with RFC3046 and draft-ietf-dhc-l2ra
2. The DHCP server responds with a DHCPOFFER message after applying its
local policies. It echoes back option82 in the DHCPOFFER message. The
message can be either unicast with MAC of client or broadcast. OLT as L2RA will
intercept the message and remove option82 if it’s closest L2RA to client. If the
message is broadcast, OLT will identify the outgoing port using option82 and
forwards the message to the identified interface only.
5. The server receives the DHCPREQUEST message from the client and
responds with a DHCPACK/DHCPNAK message. If DHCP server either unicasts
or broadcasts the DHCPACK/DHCPNAK message, OLTs process it similar to a
DHCPOFFER message.
6.8.1 Introduction
Description
Super VLAN is also known as VLAN aggregation. A super VLAN involves multiple
sub-VLANs. It has a VLAN interface with an IP address assigned for layer 3
communications between sub-VLANs.
Target
ZXA10 C300/C320 supports 256 super VLANs, and each super VLAN
contains1024 sub-VLANs.
ZXA10 C300/C320 supports super VLAN and has no requirements on the uplink or
downlink devices.
Application Scenario
Figure 6-7 shows the super VLAN application scenario. Three subscribers use
VLAN10, VLAN20, and VLAN30 for layer 3 routing. Super VLAN100 is created,
including three sub-VLANs: VLAN10, VLAN20, and VLAN30. The sub-VLANs
share one layer 3 interface for layer 3 forwarding.
Super VLAN principle is similar to the layer 3 routing principle. For details, refer to
the section 'Route Overview'.
6.9.1 Introduction
Description
Target
Static routing can implement IP route forwarding in the simple layer-3 networking.
6.10 ECMP
6.10.1 Introduction
Description
(ECMP) is a routing strategy in which the network element will assign multiple
next hops for a specific IP. The network element will load balance the traffic by the
IP header message.
Target
Application Scenario
Figure 6-8 shows the ECMP application scenario. The ZXA10 C300/C320 works
as the layer-3 router. Two route items, pointing to two next-hops, are configured to
route the IP address 190.1.1.1. The source IP address is selected as the load
balancing algorithm for IP packets from 136.1.0.0/16 subscribers. The IP route
from the ZXA10 C300/C320 to 190.1.1.1 is ECMP.
In the IP route forwarding process, multiple route entries are searched according to
the destination IP address before one route entry can be selected by the
equalization algorithm based on the source or destination IP address. The packets
are forwarded through this route entry, as shown in Figure 6-9.
6.11 RIP
6.11.1 Introduction
Description
RIP is an IGP used to transmit routing information inside an AS. RIP is based on
distance vector algorithm. It uses the hop count as its routing metric.
Target
RIP is used in small layer 3 networks with less than 16 hops to implement dynamic
IP routing learning and selection.
K (1 k = 1024) routes
Triggering update
Poison reverse
Split horizon
ZXA10 C300/C320 supports RIP, so the peer end device should also support RIP.
RIP is a distance-vector routing protocol that employs hop count as its routing
metric. The hop count increases with router count. The more the hops, the longer
the path is. RIP selects the path with least hops, according to the distance vector
algorithm. RIP supports 15 hops at the maximum. A network with more than 15
hops is considered unreachable (infinite distance) and cannot be reached.
RIP routes are updated by a periodic broadcast. By default, a router broadcasts its
routing table to its connected network every 30 seconds. The routers that receive
the broadcast information adds the information to its own routing table. All the
routers broadcast in this way, and thus all the routers in the network obtain all the
route information.
Update timer
Invalid timer
Flush timer
6.12 OSPF
6.12.1 Introduction
Description
OSPF is a typical link-state routing protocol, operating within a routing domain. The
routing domain refers to an AS, which is a collection of networks that exchange
routing information through a specific routing policy or protocol. In an AS, all the
OSPF routers maintain the same database presenting the AS. The database
stores the link status information on the routing domain. The OSPF calculates the
OSPF routing table through this database.
As a link-state routing protocol, OSPF sends the LSA packet to all the routers in
the same domain, while the distance-vector routing protocol router sends some or
all of the routing tables to its neighboring routers.
Target
OSPF is used for dynamic IP learning and selection in a large or medium layer-3
network containing hundreds of routers.
K (1 K = 1024) routers
OSPFv2
ZXA10 C300 supports OSPF, so the peer end device should also support OSPF.
Neighbor setup
The router that advertises OSPF sends the Hello packet through all the OSPF
interfaces. If two routers share one link and they can negotiate the Hello
packet parameters, neighbor relationship is set up between them. If the
parameters cannot be matched, the received Hello packet is discarded, and
the neighbor relationship cannot be set up. Hello packet parameters include
Routing flooding
Each router sends the LSA packet to its neighbors. LSA describes the
information on all the router links and interfaces, the router neighbors, and the
link status.
When a router receives an LSA packet from its neighbor, it re cords the LSA
information in its link state database, and then sends a copy of the LSA to the
other neighbors. The LSA packet is flooded in the entire area, and all the
routers then have the same link state database.
Routing calculation
Each router takes itself as the root to calculate a non-loop topology through the
SPF algorithm. This topology presents the shortest path to each destination.
6.13 IS-IS
6.13.1 Introduction
Description
Target
K (1 K = 1024) routers
SNP
MD5 authentication
FRR
ZXA10 C300 supports IS-IS, so the peer end device should also support IS-IS.
Neighbor setup
IS-IS hello PDU is similar to the HELLO packet in OSPF protocol, which is
responsible to form adjacency between routers, discovers new neighbors and
detects the leaving of any neighbors.
Routing flooding
IS-IS routers uses LSA to exchange routing information, set up and maintain
link state database. A LSP indicates the important information related to a
router, including the area and the connected network. SNP is used to ensure
that LSPs can be transmitted reliably.
Routing calculation
IS-IS protocol also uses the Dijkstra SPF algorithm to calculate routes. Based
on the link state database, it uses the SPF algorithm to calculate the optimal
route and then adds the route to IP routing table.
6.14 BGP
6.14.1 Introduction
Description
Target
CIDR
Route aggregation
MD5 authentication
EBGP, IBGP
ZXA10 C300 supports BGP, so the peer end device should also support BGP.
Idle State
It is the initial state. The BGP starts initialization after the protocol is activated.
It resets the timer, launches the first TCP connection and enters state 2.
Connect state
The BGP starts TCP connection and waits for the message of TCP successful
connection. If the connection is successful, then the BGP enters OpenSent
state. Otherwise, the BGP enters Active state.
Active state
The BGP always tries to establish TCP connection. If the connection timer
times out, then the BGP returns to Connect state. If TCP connection is
successful, then BGP enters OpenSent state.
OpenSent state
TCP connection is established already. The BGP sends the first OPEN packet
and waits for the reply from the peer. BGP examines the reply packet. If the
BGP finds error, it will send a NOTIFICATION packet and return to Idle state. If
there is no error in the reply packet, BGP will send a KEEPALIVE packet.
KEEKALIVE timer starts timing. The BGP enters into OpenConfirm state.
OpenConfirm state
The BGP waits for KEEPALIVE packet and resets the KEEPALIVE timer.
When the BGP receives a KEEPALIVE packet, it enters Established state.
Established state
7 MPLS Feature
7.1.1 Introduction
Description
Multi-Protocol Label Switch, MPLS operates at a layer that lies between traditional
definitions of layer 2 (data link layer) and layer 3 (network layer). In an MPLS
network, data packets are assigned labels. Packet-forwarding decisions are made
solely on the contents of this label, without the need to examine the packet itself.
MPLS supports label stacking that can build overlay network architecture that
multi-service forwarding on same bearing network.
Target
OLT here can act as a LER(Label Edge Router), and setup MPLS tunnels by IP
route topology. User services are overlaid on this IP/MPLS network by PWE3
encapsulation that includes SAToP and Ethernet mode. The MPLS service in
C300 focuses on MPLS L2VPN application including wholesale, mobile backhaul
scenarios. The Multi-Protocol Label Switch (MPLS) architecture is used for
high-speed data switching. MPLS provides network data flow with capacities such
as destination finding, routing, switching, and forwarding.
Features& Specifications
FEC forwarding equivalence class, a group of L3 packets which are forwarded in the
same manner (e.g., over the same path, with the same forwarding treatment)
LSR label switching router, an MPLS node which is capable of forwarding labeled L3
packets
LER label edge router, an MPLS node that connects an MPLS domain with a node
which is outside of the domain, either because it does not run MPLS, and/or because it is
in a different domain. Note that if an LSR has a neighboring host which is not running
MPLS, that the LSR is a LER.
LSP label switched path, the path through one or more LSRs at one level of the
hierarchy followed by a packets in a particular FEC.
In MPLS, a label is a short, fixed length, locally significant identifier which is used to
identify a FEC. The label which is put on a particular packet represents the Forwarding
Equivalence Class to which that packet is assigned.
The label stack entries appear AFTER the data link layer headers, but BEFORE any
network layer headers. The top of the label stack appears earliest in the packet, and
the bottom appears latest. The network layer packet immediately follows the label stack
entry which has the S bit set.
OAM
Application Protocol
L2 Protocol
stp vlan
Control Plane ……
Data Plane
ETH Switch/Aggregation
MPLS SubSystem
xPON Subsystem subSystem Network ETH port
The management plane supports telnet, ssh, console, snmp, and rmon. These are
device management methods used for configuration and management of
operation.
The control plane integrates multiple protocols and service control modules, which
are used to support frames switching and packets forwarding. C300 supports
IPV4/IPV6 dual stack, which can work simultaneously and forward packets through
binding the interface to the protocol stack.
The forwarding plane realizes frame switching and packet forwarding. MPL S Bear
Subsystem includes L2vpn processing, PW handling, label handling, Routing,
Load balancing, Redundancy, MPLS OAM, COS mapping, mapping between
MPLS TC and COS, and Performance Monitor.
7.2.1 Introduction
Description
MPLS requires a set of procedures to enhance network layer packets with label
stacks, which thereby turns them into labeled packets. Routers/OLT that supports
MPLS is known as Label Switching Routers (LSRs). In order to transmit a labeled
packet on a particular data link, an LSR must support the encoding technique
which, when given a label stack and a network layer packet, produces a labeled
packet.
Features& Specifications
Both PSN label and PW label in C300 support static and dynamic distribution.
Static LSP:
C300 can support static LSP. As a LER, C300 mainly supports the static egress
LSP.
Static PW:
LDP:
C300 supports LDP in accordance with IETF standards and drafts, such as
RFC3036, RFC5036, RFC4447, and RFC4762.
7.3 LDP
7.3.1 Introduction
Description
The Label Distribution Protocol (LDP) is a protocol defined by the IETF (RFC 5036)
for the purpose of distributing labels in an MPLS environment.
Target
Label Distribution Protocol (LDP) is used for two Label Switch Routers (LSR)
exchange label mapping information. The two LSRs are called LDP peers and the
exchange of information is bi-directional. LDP is used to build and maintain LSP
databases that are used to forward traffic through Multiprotocol Label Switching
(MPLS) networks.
Features& Specifications
Abbreviation
PW Pseudo Wire
LDP General
Independent mode: LSR can, at any time, distribute label to its peers. In this
distribution pattern, LSR would distribute label to the upstream node before
receiving labels distributed by the downstream node.
Ordered mode: The only condition for LSR to distribute label to the upstream
node is to receive labels distributed by the downstream node.
Liberal reservation mode: LSR keeps all label mappings received from its peer
LSR, regardless of whether the LSR is the next hop for the advertised
mapping.
Conservative reservation mode: LSR only keeps label mappings received from
its peer LSR, which is the next hop LSR according to routing.
Path Vector
Hop Count
DP Graceful Restart
C300 acts as a Restarter: While the main control board and standby board are
switching, the new main board starts a keeping timer, and keeps all MPLS
switching entries which are marked as stale. The binding relationship between
FEC and label is recovered through the interaction between Restarter and Helper.
The MPLS switching entries will be deleted when the forwarding status keeping
timer is timeout in Restarter.
C300 acts as a Helper: While the session down event is captured, Helper will mark
all MPLS entries as ―stale‖, which is learned from Restarter. These entries will be
kept for a while (The value of the Recovery Time advertised in the FT Session TLV
is set to the (current) value of the timer at the point in which the Initialization
message carrying the FT Session TLV is sent.) If LDP session restart fails during
this period, MPLS entries marked as ―stale‖ will be deleted. Otherwise, these
entries will be kept for a Recovery time. And during the Recovery time, Helper
interacts with Restarter and helps Restarter recover the MPLS switch entries,
which were marked as ―stale‖. Helper would delete the stale mark after receiving
the same label binding information from Restarter. The remaining entries marked
as ―stale‖ will be deleted after Recovery time.
The data flow would not be interrupted by the mechanism described above.
By default, Helper mode is enabled after the successful GR negotiation. And it can
also be shut down by command.
Inter-Area LSP
RFC5036 recommends that the IP address of the FEC Element should exactly
match an entry in the IP Routing Information Base (RIB). A Label Switching Router
(LSR) receiving a Label Mapping message from a downstream LSR for a Prefix
SHOULD NOT use the label for forwarding unless its routing table contains an
entry that exactly matches the FEC Element.
This figure shows the transmission path of 32-bits IGP routes and LDP labels. In
ABR1 and PE1, FEC 10.1.1.1/32 and FEC 10.1.1.2/32 cannot find an exactly
matched route, but they can use the longest-match method to find the route
10.1.1.0/24. So the outbound interface and the next hop information of this route
are used for both FECs to distribute labels.
7.4.1 Introduction
Target
Supporting MPLS Pseudowire (PW) and FEC types 128 and 129 in
accordance with RFC3985.
Acronyms
path or MPLS tunnel. A PW for VPWS is just like a direct link between local AC and
remote AC, which is used for transparently transmitting layer2 frames.
VPLS Instance (VSI): VPLS instance, which is used to manage AC and PW.
Tunnels: Tunnels are used for carrying PW. One tunnel can carry many PWs. In
general, they are MPLS LSP tunnels used for transparently transmitting frames
between local PE and remote PE.
Supporting FEC 128 type and 129 type, establishing PW through LDP
according to RFC4447.
C300 supports VPLS based on LDP in accordance with RFC4664, RFC4448 and
RFC4762.
Signaling Protocol
The VPLS service in C300 uses extension LDP signaling protocol to establish
session. VPLS information is carried in TLV field in LDP packet. FEC type 128 and
type 129 are supported. Target session type is needed for non-direct connection
devices to exchange VC signal information through LDP session.
As shown in the figure above, while one VSI is configured to PE1, and PE2 is
assigned to be its peer, a label will be allocated. After successfully establishing
LDP session, PE1 will send mapping message to PE2. After receiving mapping
message, PE2 will check whether the same VSI exists. If PE2 has the same VSI
and the same VCID and encapsulation type with PE1, PE1 and PE2 is in the same
VPN. After checking, the PW will be established in PE2. PE2 will also send
mapping message to PE1. After receiving mapping message, PE1 will do the same
check and then PW will be established in PE1. And then, a whole PW link is
created successfully.
While the VPN between PE1 and PE2 is broken, PE1 will send withdraw message
to PE2. After receiving withdraw message, PE2 removes PW and sends back to
PE1 with release message. After receiving release message, PE1 removes PW
and withdraw label.
Frames Switching
The VPLS network can be treated as a big switch crossing MPLS cloud. It
transparently switches frames through PWs established among VPN sites. PE
learns MAC addresses and creates a MAC switching table which contains
mappings between MAC address and AC and PW while switching frames. P
device switches MPLS frames according to MPLS label only and it does not care
about layer2 customer content. C300 can be PE device. After PSN tunnel and PW
have been established, C300 maintains L2VPN VSI and MAC table and switching
frames.
The VSI instance in VPLS network has the similar function of L2 Ethernet switch.
The L2 switching table needs to be created and maintained. Frames switching is
done according to this table. VSI supports L2 functions such as MAC address
learning, MAC address aging and MAC address flooding.
VSI would learn the MAC address in frames coming from CE.
Unused MAC address entries need to be deleted. A timer will be started just after
this entry is created. And then it will be deleted upon time out.
MAC address for unicast frames would be flooded in the whole VPLS network
before it is learned. The mechanism is also applied for broadcast and multicast
frames. While flooding, all AC and PW in the same VPN will be received.
For each MAC address in the TLV :Remove the association between the MAC
address and the AC or PW over which this message is received
For a MAC Address Withdraw message with empty list :Remove all the MAC
addresses associated with the VPLS instance (specified by the FEC TLV) except
the MAC addresses learned over the PW associated with this signaling session
over which the message was received
For a MAC Address Withdraw message with empty list and PE-ID TLV:Removes
all MAC addresses learned on the PW that terminated in PE associated with
PE-ID and relays MAC flush messages with the received PE-ID to all its peer PE
devices in accordance with draft-ietf-l2vpn-vpls-ldp-mac-opt.
H-VPLS
Based on the ―Framework for Layer 2 Virtual Private Networks‖ of the RFC4664 ,
C300 OLT supports the ―Encapsulation Methods for Transport of Ethernet over
MPLS Networks‖ defined in RFC4448, provides high-speed Layer 2 transparent
transmission to peer PE router of VPWS.
VPWS is mainly composed of PE routers, LDP and LSP Tunnel of the MPLS.
LSP tunnel through MPLS network should be defined between two PE routers and
should provide Tunnel Label transparently transmitting data between two PE
routers. At the same time, direct process of LDP label distribution protocol is also
defined between two PE routers to transmit virtual link information. Among them,
distributing VC Label through matching VCID is critical.
When data packet enters C300 OLT at the port of Layer 2 transparent transmission,
C300 OLT finds the corresponding Tunnel Label and VC Label through matching
VCID. C300 OLT will put two layers labels on the data packet. External layer is
Tunnel Label indicating the route from this PE router to destination PE router.
Internal layer is VC Label indicating which corresponding router port of VCID
belongs to on destination PE router. When C300 OLT receives packets from
pseudo wire, C300 OLT finds the corresponding L2VPN instance, removes the
labels and sends the packets to corresponding attachment circuit.
C300 OLT monitor Layer 2 protocol state at each port。When a fault occurs, users
can cancel VC Label through LDP label distribution protocol process so that Layer
2 transparent transmission is shut off avoiding producing unidirectional unwanted
data stream.
7.5.1 Introduction
Target
The Redundancy feature enables you to configure your network to detect a failure
in the network and reroute the Layer 2 (L2) service to another endp oint that can
continue to provide service.
Features& Specifications
For MPLS service, C300 mainly supports PSN tunnel fast re-route and PW
redundancy. The method of PSN re-route is LDP FRR. PW redundancy is
accomplished by referring to draft-ietf-pwe3-redundancy and
draft-ietf-pwe3-redundancy-bit draft.
Supports PW redundancy
Abbreviations
LDP FRR
C300 PSN protection function relies on LDP FRR technology. In DoU mode, when
the liberal reservation mode is used, C300 learns the labels distributed by the peer
PE, sets up the main LSP and reserves the label information of the backup path. In
DoD mode, for multiple paths, C300 actively requests for related next hop and
reserves path label. The fast PSN LSP switchover (that is, the previous active
LSP switches the traffic to the backup LSP.)can be initiated in the case of link fault
through associating the static route with the fault detection mechanisms like link
status, fast BFD.
As shown in the above figure, when LSR1 detects LSR2 path fault through link or
BFD, the backup LSP through LSR3 is enabled to guarantee that the service traffic
can be switched over a new available path quickly.
PW Redundancy
As shown in the above figure, C300 (PE1) establishes active or standby PWs
respectively with PE2 and PE3. The active/standby PW supports 1:1 backup.
C300 supports fault detection mechanism such as VCCV to detect the PE status.
When it detects communication failure, the PW switchover is initiated and the
active PW is switched over the standby PW. For VPLS application, C300 sends the
corresponding MAC address withdraw message to PE3 at the same time. When
the previous active PE2 returns to working status, the switch back depends on the
configured policy. If the policy is configured to switchover, the service traffic will
return to the PW connected to PE2. C300 supports both immediate and postponed
switchover configurations. If the policy is configured not to switch, the PW
connected to the PE3 will work as the active PW.
7.6.1 Introduction
Description:
To utilize the bandwidth of multiple data links efficiently, load balancing sets up a
bunch of equal-cost routings that have a same destination.
Features& Specifications:
Load balancing can also be enabled when C300 provides MPLS service based on
the bottom stack label to realize load balancing of MPLS L2VPN service flow. By
default, this bottom stack label is PW label. Data flow of the same PW label
transfers through the same LSP to the destination PE to ensure its order.
7.7.1 Introduction
Description
Target
To help operators to monitor, analyze, detect fault, diagnose the services in the
MPLS network. MPLS OAM functions are provided, including connectivity test of
label switching path, MPLS forwarding failure fast isolation or avoidance.
Abbreviations
CV Connectivity Verification
LSP Ping/Traceroute
pack the belonged FEC’s information into MPLS ping echo request message. An
MPLS ping packet is an IPv4/IPv6 UDP packet including sequence number and
timestamp. By handling MPLS ping requests, MPLS have the same forwarding
mechanism of the FEC packet. In "ping" mode (basic connectivity check), the
packet should reach the end of the path, at which point it is sent to the control
plane of the egress LSR, which then verifies whether it is indeed an egress for the
FEC.
4
3 1
5 3
2 4
P2 2 PE2 CE2
6
1
88.3 1 P1
3 MPLS Echo Request
MPLS
2
CE1 PE1
P3
P4
P5 PE3 CE3
LER LSR
LER
As shown in this Figure 7-10, when PE1 initiates an MPLS echo request toward the
PE2, the procedure is:
Step 1:PE1 initiates an MPLS echo request toward PE2 and sends it to the
next hop P1.
Step 2: P1 receives this MPLS echo request, and forwards it to P2 along the
LSP.
Step 3: P2 receives this MPLS echo request, pops the current MPLS label
(following penultimate hop popping) and sends the packet to PE2 along the
LSP.
Step 4: PE2 receives the MPLS echo request packet, processes MPLS echo
request, returns an MPLS echo reply packet to PE1 along the backward path.
Step 6: PE1 processes MPLS echo reply, and provides LSP path detecting
result.
When the LSP corresponding to the detected FEC communication fails, PE1 will
not receive MPLS echo reply from PE2. Then PE1 will provide the failure report.
LSP traceroute is used for hop-by-hop fault localization as well as path tracing..
In "traceroute" mode (fault isolation), the packet is sent to the control plane of
each transit LSR, which performs various checks that it is indeed a transit LSR for
this path; this LSR also returns further information that helps check the control
plane against the data plane, i.e., that forwarding matches what the routing
protocols determined as the path.
As shown in the Figure 7-11, when the PE1 initiates an MPLS traceroute toward
the PE2, the procedure is:
LSP
PE1 P1 P2 PE2
MPLS Echo Reply
2
LSP
3 4
PE1 P1 P2 PE2
MPLS Echo Reply
5
6 7 8
PE1 P1 P2 PE2
MPLS Echo Reply
9
Step 1: PE1 initiates an MPLS echo request toward PE2, sets value of the
MPLS label TTL to 1, and sends this request packet to next hop P1.
Step 2: P1 receives MPLS echo request with TTL=1, decreases the TTL value
from 1 to 0, which causes timeout, then sends it up to control plane to process.
P1 searches for download mapping according to the entrance label and sends
an MPLS echo reply containing its own download mapping information to PE1
on the control plane.
Step 3: When PE1 receives the MPLS echo reply and records the information,
the PE1 initiates a new MPLS echo request with TTL=2, which contains
download mapping information gained from the MPLS echo reply, and sends
to the next hop P1.
Step 4: P1 receives the MPLS echo request with TTL=2, decreases from 2 to 1,
forward it to next hop P2.
Step 5: P2 receives the MPLS echo request with TTL=1, decreases from 1
to 0, which causes timeout, then sends it up to control plane to pr ocess.. P2
searches for download mapping according to the entrance label and sends an
MPLS echo reply containing its own download mapping information to PE1 on
the control plane.
Step 6: When PE1 receives the MPLS echo reply and records the information,
the PE1 initiates a new MPLS echo request with TTL=3, which contains
download mapping information gained from the MPLS echo reply, and sends
to the next hop P1.
Step 7: P1 receives the MPLS echo request with TTL=3, decreases from 3 to 2,
forward it to next hop P2.
Step8: P2 receives the MPLS echo request with TTL=2, decreases from 2 to 1,
forward it to next hop PE2.
Step 9: PE2 receives the MPLS echo request with TTL=1, decreases from 1 to
0, which causes timeout, then sends it up to control plane to process. On the
control plane, PE2 searches for download mapping according to the entrance
label, finds it is egress LER of the LSP, and sends an MPLS echo reply to PE1.
Finally, PE1 receives the MPLS echo reply, and displays the result.
When the LSP corresponding to the detected FEC communication is broken, one
of LSRs will return an MPLS echo reply with corresponding echo return code. Then
PE1 displays the result according to the echo return code in the MPLS echo reply
or whether the MPLS echo reply is missing.
According to MPLS echo reply from routers on LSP path, PE1 will return
corresponding Echo Return Code. PE1 can give out the traceroute basing on the
received Echo Return Code within MPLS echo reply.
MPLS LSP Multipath Tree Trace feature provides an automated way to discover all
paths from the ingress PE to the egress PE in multivendor networks that use IPv4
load balancing at the transit devices. Once the PE-to-PE paths are discovered, use
MPLS LSP ping and MPLS LSP TRACEROUTE to periodically test them.
When executing MPLS LSP Multipath Tree Trace on the source device, the OLT
needs to find the set of IP header destination addresses to use all possible output
paths. The source device starts path discovery by sending a transit r outer a bitmap
in an MPLS echo request. The transit router returns information in an MPLS echo
request that contains subsets of the bitmap in a downstream map (DS Map) in an
echo reply. The source device can then use the information in the echo reply to
interrogate the next device. The source device interrogates each successive router
until it finds one bitmap setting that is common to all devices along the path. The
device uses TTL expiry to interrogate the routers to find the common bits.
Adr:1,2,4,15 Adr:1,4
Ad
,15 LSR120 LSR130
Ad
LSR140 r:4
,7 ,13 Ad
r :2
,15
~5 r: 3
r :1 ,5,
Ad 7 ,13
Adr:0~15
Adr:7,13 Adr:15
Adr:7
Adr:14
LSR101 LSR111 LSR131 LSR141 LSR150
Ad
r:
4
0,
1
9,
6,
6,
8,
r:
9,
Ad
10
,1
1,
12
,1
4
Adr:6,9,12,14
A router load balances MPLS packets based on the incoming label stack and the
source and destination addresses in the IP header. The outgoing label stack an d
IP header source address remain constant for each path being traced. The router
needs to find the set of IP header destination addresses to use all possible output
paths. This might require exhaustive searching of the 127.x.y.z/8 address space.
Once you discover all paths from the source LSR to the target or destination LSR
with MPLS LSP multipath tree trace, you can use MPLS LSP traceroute to monitor
these paths.
RFC4950), which are inserted into ICMP Time Exceeded and Destination
Unreachable messages upon timeout , original router receives the timeout
message, and analyze MPLS Label Stack Object to acquire the MPLS
encapsulation status.
an encapsulation for the VCCV control channel messages that allows the
receiving PE to intercept, interpret, and process them locally as OAM
messages
PW ping has the same mechanism as LSP ping, to detect fault on PW forwarding
plane.
8 IPV6 Features
8.1.1 Introduction
Description
Target
C300/C320 satisfies IPoE scenarios that defined in TR177, and supports all the
IPv6 functions in accordance with the definition of Access Node in T R177.
C300/C320 satisfies PPPoE scenarios that defined in TR187, and supports all the
IPv6 functions in accordance with the definition of Access Node in T R187.
Both user line card and network line card can receive and forward IPv4 and IPv6
frames.
Support both IPv4 and IPv6 address on L3 interface, and support Default Address
Selection that is compliant to RFC3484
C300/C320 can classify data flow based on protocol type in layer 2 frame.
Glossary
Abbreviations
As we all know, IPv6 provides us with so many addresses that solves the problem
of lacking of addresses for IPV4. IPv6 not only enables the operators to provide
internet service using public IP addresses, but also makes the M2M (Machine To
Machine) network, Intelligent Earth/Data Earth and the 4G services possible. All
these services require numerous IP addresses.
The IPv6 function in C300/C320, used as OLT, meets all requirements defined in
TR177 standard.
IPv4/IPv6 application
TCP UDP
Ethernet
When access node (OLT) working as a 802.3 Ethernet bridge, both IPv4 and IPv6
packets are encapsulated in 802.3 Ethernet frames however with different
EthType(protocol type). So OLT can classify data flow based on EthType without
inspection of IP payload. OLT can forward both IPv4 and IPv6 frames by MAC
address.
When OLT enable L3 interface, the IPv6 addressing architecture allows multiple
unicast addresses to be assigned to an interface. Typically OLT will have both LLA
and GUA addresses with different reachable scopes (link-local, or global). In
dual-stack scenario, the same interface will have an IPv4 global address too. So
when initiating an IP connection, OLT will have minimal three candidates as IP
source address. The algorithm described in RFC3484 is used for source and
destination address selection of IP applications. ND (neighbor detection) is used in
IPv6 to do address resolution instead of ARP in IPv4. ICMPv6 is used for
ping/traceroute that is similar to IPv4, and it’s also used for path MTU detection as
middle forwarding node of IPv6 should not fragment an IPv6 frame
8.2.1 Introduction
Description
Similar to IPv4 static route, an IPv6 static route is a route that is created manually
by a network administrator .
Target
IPv6 Static routing can implement IPv6 route forwarding in the simple layer-3
networking.
8.3.1 Introduction
Description
Target
While the SLAAC IPv6 address allocation method is used, C300/C320 can add
user port information in RS packets so that BRAS server can locate each single
user.
Compliant to RFC6788
Abbreviations
NA neighbor advertisement
ND neighbor discovery
NS neighbor solicitation
RA router advertisement
RS router solicitation
While the RS packets sent by customers are crossing AN, OLT tunnels those
packets inside another IPv6 packet that original packets are left unmodified inside
the encapsulating packet.
The OLT can identify tunneled RAs from BRAS by destination address,
FF02::10/128 (All-BBF-Access-Nodes, which is a reserved link-local scoped
multicast address) of the outer packets and the presence of a destination option
header with an LIO destination option. OLT removes the tunnel encapsulation and
forward RA to subscriber.
8.4.1 Introduction
Description
Similar to DHCPv4, support both DHCPv6 L3 relay and LDRA (layer2 relay).
Target
If subscriber gets IPv6 address through DHCPv6, and DHCPv6 servers are on
different network segments route from OLT’s uplink, OLT can act as a DHCPv6 L3
relay and forward DHCP client’s request to a specific DHCP server.
Compliant to RFC3315
Each layer-3 VLAN interface can be configured with at most four DHCP
servers per group for load balance, and adopts polling modes to implement
mutual backup.
Compliant to RFC6221
OLT don’t modify the source and destination IP address in DHCPv6 packets;
don’t change the multicast packet to unicast packet. All multicast packets
would only be sent to network side.
If multicast DHCPv6 packets sent from BRAS, OLT as DHCP LDRA will only
forward to the specific user side, according to the interface-id in DHCPv6
packets
Glossary
Abbreviations
PD prefix delegate
DHCPv6 is the Dynamic Host Configuration Protocol for IPv6. Although IPv6's
stateless address auto-configuration removes the primary motivation for DHCP in
IPv4, DHCPv6 can still be used to statefully assign addresses if the network
administrator desires more control over addressing. It can also be used to
distribute information which is not otherwise discoverable; the most important case
of this is the DNS server.
Host
Host // Gateway
Gateway Access
Access Node
Node BNG
BNG DHCPv6
DHCPv6 Server
Server
1. DHCP v6 Solicit
+IA_PD
2. DHCP v6 Relay -forward
+ Interface-Id (option 18)
3. DHCP v6 Relay -forward
+ Interface-Id (option 18)
7. DHCP v6 Request
+IA_PD: /56 prefix
8. DHCP v6 Relay -forward
+ Interface-Id (option 18)
9. DHCP v6 Relay -forward
+ Interface-Id (option 18)
The DHCPv6 module in C300/C320 works as LDRA between client and server.
C300/C320 sends Relay-Forward message which contains ―Solicit‖ and ―Request‖
information coming from client side to DHCP Server. If DHCPv6 Option18
(Interface-id option) is enabled, the Relay-Forward message will contain ―Option18‖
which is the port information in C300/C320. DHCPv6 server replies ―Relay-reply‖
messages for answering. While receiving ―Relay-reply‖ message, C300/C320 will
delete ‖Option18‖ sector, then reconstruct ―Advertise‖ and ―Confirm‖ messages,
and finally send them to client.
If OLT is a L2 LDRA, OLT will not change source and destination IP of client’s
DHCPv6 message, client message will be copied to RELAY_FORWARD
message’s Relay Message option (option 9). In content of RELAY_FORWARD
message, copy client IP to Peer Address field, fill unspecified address (: :/128) in
Link Address field
If OLT is a DHCPv6 L3 relay, OLT will change destination IP from multicast ―all
DHCP relay/server‖ address to a DHCP server/relay unicast address, change
source IP from client IP to OLT’s L3 interface IP. Client message will be copied to
RELAY_FORWARD message’s Relay Message option (option 9). In
RELAY_FORWARD message content, copy client IP to Peer Address field and
OLT’s IP address to Link Address field
The format of ―Option18‖ which inserted in DHCPv6 packet is strictly complied with
TR-156’s definition (Access-Node-Identifier Eth
Slot/Port/ONUID/Slot/Port[:VLAN-ID])
8.5.1 Introduction
Description
Target
Support IPv6 address and/or IPv6 address prefix legitimate binding with VLAN
interface by DHCPv6 snooping, static IP configuration or ND RA snooping.
C300/C320 can monitor all DHCPv6 packets between customers and BRAS.
Before obtaining a valid configuration, C300/C320 drops all packets except ones
are not specified IPv6 address (::), FE80 prefix and DHCPv6 protocol packets.
Once C300/C320 gets the DHCPv6 Confirm packet, it will bind the <IPv6
address/prefix, MAC address> to customer interface and enable sending upstream
data flow. While customers are sending upstream data flow, C300/C320 will check
the IPv6 address and MAC address. If the addresses are not identical with the
binding table, packets will be dropped. After expiration of the leasing time,
C300/C320 will delete the binding item and stop forwarding customers’ upstream
packets except DHCPv6 protocol packets.
Downstream ND NS filter, that’s similar to ARP agent. OLT will change multicast NS
message from a multicast destination MAC to unicast MAC according to DHCP
binding table with Target address in NS message.
8.6.1 Introduction
Description
Target
Abbreviations
ICMPv Message
Destination IP address Upstream Downstream
6 type name
ICMPv6 error messages
Destination
1 Unicast Forward Forward
Unreachable
Packet Too
2 Unicast Forward Forward
Big
Time
3 Unicast Forward Forward
Exceeded
Parameter
4 Unicast Forward Forward
Problem
ICMPv6 informational messages
128 Echo Request Unicast Forward Forward
129 Echo Reply Unicast Forward Forward
Neighbor Discovery
Snoop(for
Router
133 All-routers multicast LIO Discard
Solicitation
insertion)
Router Unicast to host sending Snoop(for
134 Advertisemen RS Discard legitimate
t All-nodes multicast binding)
ICMPv Message
Destination IP address Upstream Downstream
6 type name
Forward(Snoo
Neighbor
135 Solicited-Node multicast Forward p when NS
Solicitation address corresponding filter enabled,
to the target like ARP
agent)
Forward(S
noop when
NA
Neighbor anti-spoofi
Unicast to host sending
136 Advertisemen ng Forward
NS or All-nodes multicast
t enabled(lik
e ARP
anti-spoofi
ng)
137 Redirect unicast Discard Forward
To prevent illegal steaming overflow, the legality of terminals and routers can be
identified by the use of forwarding control and monitoring of ND message which
are described in TR-177.
8.7.1 Introduction
Target
Support telnet6,ftp6
Application Layer
TCP/UDP
IPv4 IPv6
Data Transfer Layer
Physical Layer
For the IPv4&IPv6 dual stack supporting network elements, applications above
TCP/UDP Layer are universal. The Application Layer will determine whether to use IPv4
or IPv6 protocol stack according to the form of network element’s IP address, the
features of Application Layer remain.
A large amount of services, which network elements provide, for instance multicast and
IPTV, are able to co-existence with dual stack protocols. Network managements of those
services are also capable of inter-operation, for example, users can gain access and
administrate the services of aIPv6 network under IPv4 environment.
9 QOS
9.1 Introduction
Description
QoS provides various techniques to guarantee service quality for specific user,
specific application.
Target
The SLA requirements of the service will be guaranteed through below QOS
elements:
PON DBA
Dropping the packet based on the color of the packet when the network
congestion.
Support H-QOS
Based on 802.1p
Based on GEM-PORT
SP
SP+DWRR/WFQ
DWRR/WFQ
Support to classify the traffic based on the key words of L2 to L7 in the packet
and to colorize the traffic according to trTCM (RFC 2698 or RFC 2697),
support over-booking;
C300/C320 OLT provides hierarchical rate limitation and user traffic H-QoS
scheduling to implement QoS controlling based on user/service.
The color is marked at the GPON line card and indicated by the DEI bit. The
rate limitation at the Core-control card will be color aware and the yellow
packets will be first dropped
Ingress traffic from UNI will be mapped to different T-CONT based on VLAN,
priority and etc
PON DBA will schedule the packets from the T-CONT to the OLT based on the
DBA parameters
The traffic will be mapped to the user Scheduler. The below is the action of the
traffic based on the user QoS profile:
Scheduling
Shaping
Coloring(DEI bit)
SP
SP+DWRR
DWRR
The uplink scheduler will drop the packet base on the color (DEI bit) with
WRED algorithm.
The connection between Core-control card and PON card is unblock in the
upstream direction
The connection between Core-control card and Uplink card is unblock in the
upstream direction
The connection between the uplink card and the Core-control card is
non-block;
The traffic will schedule at the connection between Core-control card and PON
card, the scheduler will drop the packet based on the packet color, yellow
packets will be dropped first;
The multicast traffic can be mapped into SCB queue to be scheduled with the
highest priority
10 Multicast
10.1.1 Introduction
Description
Target
ZXA10 C300/C320 identifies the Layer-2 multicast at the access side. The control
plane constructs a multicast forwarding table by processing IGMP/MLD packets.
The multicast traffic implements the data platform Layer-2 forwarding according to
the table. The processing procedure is shown in Figure 10-1.
10.2.1 Introduction
Description
ZXA10 C300/C320 receives the user upstream report/leave packets and converts
the user VLANs to multicast VLANs. It forwards the packets to the upper layer
router to establish multicast group information without changing the packets
content. ZXA10 C300/C320 receives the downstream query packets from the
router and forwards them to the users. It deletes the users that do not respond in a
particular period of time.
IGMP snooping with proxy reporting has extended the following functions:
Last leave: blocks, absorbs and summarizes IGMP leave packets from IGMP
hosts. When the last user leaves the multicast group, summarized IGMP leave
message will be sent to the multicast router.
Query suppression: blocks and processes IGMP queries. In this method, the
IGMP specific query message will not transmit to the user side directly.
However the IGMP general query message will send to the user side by OLT.
10.3.1 Introduction
Description
In IGMP proxy mode, ZXA10 C300/C320 transmits query packets to a user and
responds to query packets from upper layer router. In other words, ZXA10
C300/C320 behaves as a proxy located between router and user.
IGMP proxy consists of IGMP host and IGMP router. The IGMP router is applicable
to the interface at the user side to terminate the report message on the host. IGMP
host is applicable to the interface at the network side to respond to the query
messages on the multicast router. The proxy host only forwards the join message
of the first user and leave message of the last user in the same multicast group. It
responds to the query message of the router. The proxy router periodically
transmits query packets.
Multicast group only forwards report packets from the first port member and leave
packets from the last port member.
Transmits specific-query packets to a specific port when the port is in the non-fast
leave mode.
10.4.1 Introduction
Description
ZXA10 C300/C320 acts as a multicast router to send the IGMP query message to
host periodically and at the meantime to respond the report message from the host.
Then construct the membership table and establish the multicast stream
forwarding table.
Target
Neither forward report/leave packets of users, nor respond the query packets
of the router.
10.5 IGMPv3
10.5.1 Introduction
Description
IGMP is the protocol used by IPv4 systems to report their IP multicast group
memberships to neighboring multicast routers. IGMPv3 is the latest version of
IGMP, adds support for ―source-filtering‖ to implement SSM. The network
operators can exert the advantages of IGMPv3 to fulfill need of multiple content
providers for IPTV service.
Abbreviations
IGMPv3 defines a new type (0x22) of IGMP report packet, includes several group
records. Each record comprises of a multicast IP group address, a list of source
address, and a source filter mode which can be one of the following values:
Mode is include
Mode is exclude
IGMPv3 protocol is running on the PON system, optionally working on proxy mode
on the OLT, and snooping mode on the ONU.
When the OLT receives IGMPv3 report packet, the group and user configuration
will be checked previously. Then one or more multicast filter entry based on l3
information will be setup on the hardware, and the report packet will be forwarded
to the uplink port.
10.6 MVLAN
10.6.1 Introduction
Description
MVLAN is a special VLAN to separate the multicast data from the unicast data.
Target
Each MVLAN support IGMP snooping, IGMP proxy mode and IGMP router
mode.
Only MVLAN members can receive multicast data. The MVLAN includes the
following:
Source port: The port is connected to the multicast traffic source port. The
upstream report/leave packets can only be transmitted to the source port.
Receiving port: the port is connected to the multicast user. Each multicast
address of the MVLAN stands for a multicast group. The multicast group
members can join in and leave the group at anytime.
The general multicast users can join multicast group with any sources. ZXA10
C300/C320 supports multicast access control. It separates invalid multicast
service and valid source addresses by specific configuration.
10.7.1 Introduction
Description
Target
The channel management allows the users to watch the channels which have
been purchased, to preview or deny access of some channels which have not
been purchased. It will record the user action log and generate the CDR report to
the server for billing.
Preview: Users can view a portion of a program for a short period for several
times.
Deny: Users are not allowed to view any content of the program.
According to the configuration and status of the channel/user, it will record the user
action log and generate the CDR report to the server for billing.
10.8.1 Introduction
Description
Target
The service package has all the functions of the channel management but it is
more flexible to manage comparing the channel management.
Configure each program in the service package to permit or preview. Any channel
can be configured into any service package and each service package can be
assigned with independent authorities. The service package will be applied to a
specific user for access control of the multicast channels.
When the same channel has different authorities in various service packages, the
authorities will be merged. The principle for merging is to take the highest among
all the authorities. The sequence from the highest to the lowest is: Permit,
Preview, and Deny. When deleting a service package, recalculate the authorities
again.
10.9.1 Introduction
Description
According to ITU-T G.984.4 standard, several multicast MEs are defined to support
ONU dominated multicast, including multicast operations profile, multicast
subscriber configuration and multicast subscriber monitoring.
Target
ZXA10 C300/C320 implements the ONU dominated multicast based on the local
multicast privilege table.
Multicast profile is configured through the standard OMCI interface. Each profile
contains a multicast channel and relative multicast protocol parameters.
10.10.1 Introduction
Description
MLD has two versions: MLDv1 and MLDv2. MLDv2 is fully compatible with MLDv1
and covers all basic concepts of MLDv1.
MLDv1 is derived from IGMPv2 and directly supports any-source multicast (ASM)
but requires source-specific multicast (SSM) mapping for supporting SSM.
MLDv2 is a translation of IGMPv3 for IPv6 semantics and directly supports ASM
and SSM.
Target
By using IPv6 multicast technologies, the network device can manage, control, and
forward IPv6 multicast services and in this way meets carriers' requirements for
provisioning IPv6 multicast services.
The following Figure 10-2 shows the format of an IPv6 multicast address as defined in
RFC4291:
The binary 11111111 at the start of the address identifies the address as being a
multicast address.
The flgs is a set of 4 flags:|0|R|P|T|. The high-order flag is reserved, and must be
initialized to 0.
The R flag's definition and usage can be found in [RFC3956].The scop is a 4-bit multicast
scope value used to limit the scope of the multicast group. The values are as follows:
0 reserved
1 Interface-Local scope
2 Link-Local scope
3 reserved
4 Admin-Local scope
5 Site-Local scope
6 (unassigned)
7 (unassigned)
8 Organization-Local scope
9 (unassigned)
A (unassigned)
B (unassigned)
C (unassigned)
D (unassigned)
E Global scope
F reserved
RFC2464 defines a set of rules for mapping IPv6 multicast addresses to MAC addresses.
An IPv6 address is mapped to the MAC address 3333.XXXX.XXXX, with the 32 -bit
XXXX.XXXX copied from the least significant 32 bits of the IPv6 address
The MLDv2 protocol, when compared to MLDv1, adds support for "source filtering", i.e.,
the ability for a node to report interest in listening to packets *only* from specific source
addresses, as required to support Source-Specific Multicast [RFC3569], or from *all but*
specific source addresses, sent to a particular multicast address.MLDv2 is designed to
be interoperable with MLDv1.
10.11.1 Introduction
Description
MLD Snooping with Proxy Reporting extends the specific functions of Report
Inhibition, Last Leave and Query Inhibition.
Report Inhibition: to intercept, accept and integrate the reports from MLD hosts. If
necessary, it would send an integrated MLD Report messages through the uplink
port to the multicast router.
Last Leave: to intercept, accept and integrate the reports from MLD hosts, only if
necessary, send the integrated MLD Leave messages through the uplink port to
the multicast router side.
Query Inhibition: to inhibit and process MLD Query message. Send none of the
specific-query to hosts’ port, but relay the general-query to hosts, when and only
when the ports accept at least one multicast group.
10.12.1 Introduction
Description
Within the same multicast group, relay only the first Report message and last
Leave message.
MLD Proxy consists of MLD Host and MLD Router. MLD Router, running on the
ports link to consumer, is used to terminate Report message from hosts. MLD Host,
running on ports uplink to network, is to response to Query message from multicast
routers.
10.13.1 Introduction
Description
C300/C320 send MLD Query message to the hosts instead of router, none of MLD
message interchange take place in between C300/C320 and uplink equipments.
Target
MLD Router mode is normally used in the occasion, in which multicast program
stream is directly forwarding to OLT, to reduce channel zapping time.
Features& Specifications
Not forwarding Report/Done message from the host, not responding query
from router.
Periodically send ―Report/Done message‖ of multicast group to upper layer router in MLD
Router Mode. Send ―Report message‖ only once under multi-hosts in one group
occasion, send ―Done message‖ when the last host of a group leaves.
11.1 STP/RSTP/MSTP
1.1.1 Introduction
Description
ZXA10 C300/C320 STP supports three modes including: SSTP, RSTP and MSTP.
SSTP complies with IEEE802.1d standard. The bridge running SSTP module can
work with the bridges running RSTP module and MSTP module.
RSTP provides faster spanning tree convergence than STP after a topology
change. The configured redundant switch transits rapidly from 'Discard' to
'Forward' in the point-to-point connection.
MSTP extends the concepts of instances and VLAN mapping. Both SSTP and
RSTP can be considered the MSTP special cases. That means there's only the
instance of 0. MSTP also provides rapid aggregation of VLANs and load balancing.
In the modes of SSTP and RSTP, there is no VLAN. Each port has only one status:
The port has a consistent status while forwarding in different VLANs. In MSTP
mode, there are several spanning-tree instances: The port has different status
while transmitting in different VLANs. Inside the MST region, there are several
independent subtree instances to implement load balance.
Target
STP adopts certain algorithms to block some redundant paths and prevent
messages from proliferating and infinite recycling in the ring network.
IEEE802.1d
IEEE802.1w
IEEE802.1s
Glossary
BPDU: The BPDU is used for communication between bridges. STP BPDU is a
Layer-2 packet with the destination MAC of the STP multicast address
01-80-C2-00-00-00. All the bridges that support STP can receive and process the
received BPDU packets. The packets have all the information for Spanning Tree
computation.
Root Bridge: A root bridge is selected according to the smallest bridge ID which is
combined with bridge priority and MAC address.
Root Port: The root port is the BPDU port that receives information. Namely, the
root port is the least-cost path from the bridge to the root.
Designated Port: The designated bridge is the one with the least-cost path from the
network segment to the root.
MSTP Regions: All MST switches must be configured with the same MST
information. A group of switches within the same MST configurations make up
MST region. MST configuration, including region name, revision number and MST
VLAN-to-instance mapping, determines the switch location.
STP is used to exchange BPDU among all the STP switches in an extended LAN.
The following operations can be completed by exchanging the BPDU:
Avoid the loops in the topology network by setting the redundant switch port to
be Discard.
STP defines the concept of root bridge, root port, designated port, route cost etc. It
aims to get rid of the redundant loops by constructing a natural tree to implement
the link backup and find the best route. Spanning tree algorithm is applied to
construct the tree, as shown in Figure 11-1.
Defects:
When the topology changes, the new configuration information is spread to the
whole network with a certain delay, known as forward delay with the default
time of 15 seconds. Before all the bridges receive the information of changes,
if the port in forwarding status in the old topology does not take action to
suspend forwarding in the new topology, there is possibly a temporary loop. In
order to solve the problem of temporary loop, the spanning tree adopts a policy
of timer. That's to add an interim status between the blocked status and
forwarding status to the port to learn the MAC address only but not to forward.
The time for the two switchovers is the same as the forward delay. Thus, the
temporary loop can be effectively avoided when the topology changes. But the
seemingly good solution cost at least double forward delay for the
convergence.
RSTP has made the improvement on the following 3 important points on the
basis of STP, which accelerate the convergence rate (The fastest is within 1
second).
First: RSTP sets an alternate port and a backup port for rapid switchover for
the root port and the specified port. When the root port/specified port is invalid,
the alternate port/backup port enters the forwarding status without delay. As
shown in Figure 35, all the bridges run RSTP and SW1 is the root bridge.
Suppose the SW2 Port 1 is the root port, then Port 2 can distinguish the
topology to be the alternate port of the root port and enters the blocked status.
When the links on Port 1 are invalid, Port 2 can immediately enter the
forwarding status without waiting for two times of forward delay.
Second: On the point to point link which only connects two exchanging ports, the
specified port can enter the forwarding status without delay only after shaking
hands once with the downstream bridge. If the port is on a shared link which
connects over 3 bridges, the downstream bridge does not respond to the shaking
hands request from the specified port upstream. It can just wait for double forward
delay to enter the forwarding status.
Third: It defines the port directly connected to the terminal to be an edge port, not
the port connected to other bridges. The edge port can directly enter the
forwarding status without any delay. As the bridge can not know whether the port is
directly connected to the terminal, it needs to be configured manually.
Defects:
Both RSTP and STP belong to SST, which has its own defects as follows:
First, as there's only one spanning tree in the whole switching network, it takes
long time to converge in a larger network and the influence of the topology
changes is also great.
Suppose SW1 is the root bridge, solid line link is VLAN 10, dotted line link is
802.1Q trunk link connecting VLAN 10 and VLAN 20, as shown in Figure 11-3.
When SW2 is blocked, the VLAN 20 channel between SW1 and SW2 is broken.
Third, the link does not bear any traffic when it is blocked. Therefore, it causes
the waste of the bandwidth, which is quite obvious in ring MAN.
As these defects can not be overcome by the SST, the MSTP which support VLAN
appears.
MSTP defines the concept of instance. To be simple, the STP/RSTP base on ports,
the PVST/PVST+ on VLANs and the MISTP on instances. The so called instance
is a collection of multiple VLANs. Binding multiple VLANs to an instance can save
the communication overhead the resource occupancy.
Map several VLANs with the same topology structure to an instance in application.
The forwarding statuses of these VLANs are up to the status of the corresponding
instances in MSTP. The VLANs of all the switched in the network must be
consistent with the instances mapped, otherwise the network connectivity is
influenced. In order to detect the mistakes, the MSTP BPDU brings the instance
numbers together with the information of the corresponding VLANs. MSTP does
not process STP/RSTP/PVST BPDU, therefore it is not compatible with
STP/RSTP.
MSTP assigns the switches supporting MSTP and not supporting MSTP in
different regions, which are MST domain and SST domain respectively. Run the
spanning tree with multiple instances inside the MST domain and IST compatible
with RSTP at the edge of the MST domain.
As shown in Figure 11-5, the switches inside the MST domain applies MSTP
BPDU to exchange topology information and the switches in the SST domain
applies STP/RSTP/PVST+ BPDU to exchange the topology information. At the
edge between the MST domain and the SST domain, SST equipment considers
the equipment interconnected is a RSTP equipment. While the MST equipment
status on the edge port is up to the IST status. That means that the spanning tree
status of all the VLANs on the port will be consistent.
MSTP has more obvious advantages compared to the former spanning tree
protocols. MSTP has VLAN understanding ability to share the load and to
implement quick switchover of the port status similar to the RSTP. Binding multiple
VLANs to an instance can decrease the resource occupancy. The MSTP is
downward compatible with STP/RSTP.
In MST region, the MSTP maintains multiple spanning tree instances. Instance 0 is
a special instance, known as IST. Other MST instances are instance 1 to instance
15. The IST is the only spanning tree to receive and transmit BPDU packets. The
All the MST instances share the same protocol timer in the MST region, but each
instance have its own topology parameters, such as root switch ID, r oot path coast.
All the VLANs belong to IST by default.
MST instance belongs to MST region. For example, MST instance 1 in Region A is
independent from the instance 1 in Region B even if Region A and Region B are
interconnected.
CIST is integrated IST and CST in MST region. CST connects MST region and the
SST.
Spanning tree in the MST region is the CST sub-tree. CIST is the result of
spanning tree algorithm run by the switch, which supports 802.1D, 802.1W
and 802.1s protocols. The CIST inside the MST region and the CST outside
the region are the same.
11.2 LACP
1.1.3 Introduction
Description
Static trunk: It directly adds several ports in a trunk group to form a logical
channel.
Target
Nine trunk groups at most, each of which has 8 member ports at most.
The LACP long timeout is 30 seconds while the short timeout is 1 second.
Static trunk is used to directly add several physical ports in a trunk group to form a
logical channel. It is easy to implement but not convenient to observe the port
status of link aggregation.
Dynamic Trunk adopts LACP to add several physical ports in a trunk group
according to the port status. The opposite equipment of the ZXA10 C300/C320 to
the dynamic trunk must run LACP. They exchange LACPDU with each other to
inform the opposite of their system priority, system MAC, port priority, port number
and operation key. On receiving that information, the opposite chooses the port to
aggregate through comparing the information with the other information saved by
other ports. Thus, the two parties can be consistent in port-joining or exiting a
certain dynamic trunk group.
11.3 G.8032
1.1.5 Introduction
Description
The network is required to be highly reliable and stable in the scenarios such as mobile
backhaul, Digital Subscriber Line Access Multiplexer (DSLAM) convergence and
important enterprise/business application. The G.8032 protocol is the Ethernet Ring
Protection Switching (ERPS) protocol defined by the ITU-T. It provides high efficiency
and switching performance, and has been applied in the access network
Target
ERPS ensures the loop is recovered after multiple nodes or a single node is
recovered (from a fault).
ERPS supports multiple domains and multiple rings. For the C320 device, it
supports two physical rings and four logical rings. For the C300/C320 device, it
supports four physical rings and eight logical rings (low priority). For the
C300/C320 V2.0.0, crossover rings are not supported.
ERPS only supports physical ports forming a loop and does not support LAG
forming a loop. (The hardware does not support the function, but the standard
does not clarify it.)
ERPS detects links by using CCM packets defined in the ITU-T Y.1731, with a
frequency of 3.3 ms.
ERPS supports 16–255 nodes. For the C300/C320 V2.0.0, only 16 nodes are
supported.
Manual switching and protection switching upon link failure can be finished
within 50 ms. (For the C320 device, the function may not be fulfilled due to
hardware limit.)
ERPS supports the Guard time/WTR timer, but not the Holdoff timer (0–10 s,
default: 0) or WTB timer (5 s). For the WTR timer, the time is 1–12 min, and
the default is 5 min. For the Guard timer, the time is 10–2000 ms, and the
default is 500 ms.
The C320 device can serve as an ordinary node or RPL Owner node.
Under normal conditions, a main control node (RPL Owner) is configured in each
Ethernet Ring in accordance with ERPS (G.8032), and the main control node blocks a
port in the ring, for example, a port of the Node D in Figure 5-2 is blocked. Therefore, the
Ethernet Ring is broken logically, and broadcast storms are avoided. The link connected
to the blocked port of Node D is called the Ring Protection Link (RPL), that is, the
standby link. The node responsible for blocking the link is called RPL Owner Node. The
node at the other end of the RPL is known as RPL Neighbor Node Other nodes in the
Ethernet Ring are transmitting nodes and the ports on these nodes are set to be in
forwarding status. Each node in the Ethernet Ring is capable of forwarding services and
APS switching control messages through a bridge between two ring ports or between the
local port and ring port.
When a link fails in the ring, the transmitting nodes adjacent to the failed link will detect
the link failure and send an SF message every 5 s through two ports in two reverse
directions. On obtaining this message, the RPL Owner unblocks the blocked port to
resume data forwarding. Other nodes in the ring flush and re -create the forwarding
address table (FDB) after receiving the SF message. The node with the blocked port will
set the blocked port to forwarding status.
After the failed link is restored, the nodes that detect the restored link send recovery
messages in two directions and keep blocking the ports adjacent to the restored link.
After receiving the recovery message, the RPL Owner waits for the WTR timer to expire
in order to ensure stable switching, and sends the message that the RPL port is
re-blocked to the nodes adjacent to the restored link. Obtaining the re -blocking message,
the nodes adjacent to the restored link unblock the ports that are blocked due to link
failure to recover the traffic
11.4.1 Introduction
Description
ZXA10 C300 TDM Service supports 1+1 automatic protection between STM-1 or
STM-4 uplink interfaces.
Target
When one of the following alarm is detected by the equipment, the automatic
protection switch is launched:
LOS alarm
LOF alarm
MS-AIS alarm
Glossary
Abbreviations
IWF:Interworking Function
Uplink 1
TDM traffic
OLT
to/from
ONU
Uplink 2
The TDM service protection is 1+1 mode protection, that is the TDM traffic was
transmitted in both two uplink ports in upstream direction and only one uplink port
is allowed to receive downstream traffic. When alarm occurred, the protection
takes into action by switching downstream traffic from one uplink port to the other
one so as to ensure the service is not interrupted in the receiving direction. Note
that this kind of switchover should be taken at either the ends of the TDM service
provider despite whatever network set between.
Solution
Under normal condition, the TDM service traffic is copied into two uplink port in
upstream direction and only receives one traffic in the downstream direction. When
uplink ports detect LOS or some of the other alarms, then transfer the port
information to the main control board, the main control board receive the
information, analyze it which protection group it belongs to, and write the slot and
port information down, and transfer the information to switch module, the switch
module configure the hardware and make the receiving traffic allowed in the other
port, forbidding the old one, then inform software for later proposal.
1.1.7 Introduction
Description
Target
GPON standard provides the following four typical PON backup protections:
The OLT only duplex system at the OLT side is shown in Figure 11-7. It backs up
the OLT and the optical fiber between the OLT and the optical splitter which has
two input/output ports. This configuration mode can only recover the redundancy at
the OLT side.
The full duplex system is shown in Figure 13. It backs up OLT, ONU, optical splitter
and all optical fibers. This configuration mode has high reliability and recovers the
faults at any point by switching the over to the backup equipment.
Figure 14 shows the duplex system model for the dual parented access network.
The relevant part of the protection in the GPON system should be a part of the
protection between the ODN interface in the ONU and each ODN interface in the
two OLTs via the ODN, plus the signalling required to implement protection
functions upstream from the SNI.
S/R R/S
OLT
M PON LT(1)
UNI
U
LT
X
PON LT(0)
Network
OLT
ODN(0)
PON LT(0) Switch SNI LT(0)
11.6 UAPS
1.1.9 Introduction
Target
UAPS works in dual uplink scenario: Normally one link works at active mode
while another link works at backup state; when main link breaks down, backup
link will be switched on automatically, and active link can be switched back
after it is resumed.
Link state can be inspected by physical layer information or link layer (802.3AD,
BFD) information.
ZXA10 C300/C320 also supports switching UAPS links manually for the
convenience of installation and test.
12 Access Security
Access Security Overview
Rapid development of access network not only brings increase of users, but also
increases the possibility of attacking. With the widely usage of the Ethernet and IP
technology, the access network security is becoming more important. The security
related problems have frequently happened such as sniffering other users’
information, spoofing of service, attacking with Denial of Service and so on.
The common concerns of the equipment vendors and the carriers are included as
below:
ZXA10 C300/C320 provides the following two sets of access security solutions:
12.1.1 Introduction
Description
Services for different users will not be interacted each other by using user isolation.
Target
Two targets need to be met: one is to protect the security of user ’s data and make
sure it will not be sniffered illegally; another one is to control user’s access so as to
ensure user’s access security is not attacked by other malicious users.
Service flow isolation in same port for different users by VLAN in layer 2
Legal user’s private information can be prevented from leaking by VLAN or port
isolation.
Solution
Just as shown in Figure 47, ONU1 and ONU2 can visit each other freely as
they are configured into the same interoperative group while ONU3 is
OLT Interface
Just as shown in Figure 12-2, each ONU has 3 service flows: VLAN1, VLAN2 and
VLAN3. VLAN1 service flow can be accessed in ONU1, ONU2 and ONU3, while
VLAN2 and VLAn3 service flows are isolated among ONU1, ONU2 and ONU3 by
VLAN isolation.
Figure 12-2 Implementation of isolation for different service flows with different users
OLT Interface
12.2.1 Introduction
Target
The user identification technology is the perfect choice for blocking the illegal
access.
Glossary
The field N indicates the length of the relay agent fields. The relay agent field
consists of sub-option, length, sub-option value and is encoded in a certain format,
as shown in Figure 12-5
PPPOE+ option is added to the end of the PPPoE packet, as shown inFigure 12-7
12.3.1 Introduction
Target
MAC Anti-flooding
Malicious users attack the access equipment by constructing packets with dynamic
source MAC addresses to exhaust the MAC addresses. Legitimate services will be
affected because MAC address forwarding table in the access equipment is full
and new MAC address can not be learned, so legitimate user’s packets will be
discarded or flooded.
The MAC anti-flooding function in ZXA10 C300/C320 will effectively resist the
malicious user’s DoS attacks by preventing the MAC addresses numbers to be
automatically learned on each port.
If the MAC addresses learned by port which are less than configured, new users’
MAC addresses will be automatically learned and users’ packets will be forwarded
by ZXA10 C300/C320 forwarding module. On the contrary, if the MAC addresses
learned by port which are more than configured, new MAC addresses will be
ignored until the old MAC addresses are aged out and the packets will be
discarded.
Static MAC addresses and dynamic MAC addresses will be counted together when
MAC anti-flooding function is enabled in ZXA10 C300/C320.
MAC Anti-spoofing
Physical loops may be formed either at the user side equipment or at the
network side switch, which caused large abnormal traffics in OLT equipment.
OLT will fail to learn the MACaddresses functionally so no user will be able to
access the network.
The mean reason of these problems is the repeated MAC addresses which cause
the migration of the switching chip MAC address learning and some users will fail
to access the network.
In order to prevent from MAC address spoofing and physical loops, MAC
anti-spoofing/anti-migration and protection function at the network side are
enabled in ZXA10 C300/C320 automatically.
Suppose the MAC address, which is initially learned on Port A, appears on Port B,
following procedures will be implemented in ZXA10 C300/C320 as below:
If both Port A and Port B are UNIs, the MAC address won’t be migrated.
If Port A is a NNI and Port B is a UNI, the MAC address won’t be migrated.
If Port A is a UNI and Port B is a NNI, the MAC address will be migrated to Port
B.
Static MAC address binding refers to that the MAC address of a known device is
statically bound to the port of the OLT device and the Allow mode is set. The MAC
address is not allowed to be learnt and will not age, so that other devices cannot
imitate it. Static MAC address filtering refers to that the MAC address of a known
device is statically bound to the port of the OLT device and the Forbid mode is set.
Data flows of the source MAC address will be discarded on the port.
12.4 vMAC
12.4.1 Introduction
Target
Each MAC address on a Layer 2 network must be unique. The MAC address
allocation mechanism ensures global uniqueness of each address. However,
hackers use scanning tools to obtain existing MAC addresses, which allow hackers
to impersonate genuine users. The impersonation of a MAC address is known as
MAC spoofing. Duplicate MAC addresses exist in MAC spoofing; the same MAC
address appears on different ports of a switch, causing a MAC address transfer on
the switch. As a result, data is sent to the hacker's device instead of to the genuine
user.
The C300/C320 device supports source MAC address conversion. In the upstream
direction, the device uses the converted source MAC address to communicate with
the BNG server, and in the downstream direction, the device converts the source
MAC address reversely and sends data from the server to the user. The
C300/C320 device generates and coverts MAC addresses, ensuring the converted
MAC addresses are secure and unique. Users and servers are not perceptible to
the conversion operation. This technology is called virtual MAC.
The C300/C320 device supports the following two vMAC conversion modes:
1:1 vMAC: The C300/C320 device converts source MAC addresses on the user
side to new vMAC addresses, each of which is unique, in the ratio of one to one.
N:1 vMAC: The C300/C320 device converts a set of source MAC addresses on the
user side with the same features to a new vMAC address that is unique.
The basic principle of vMAC technology is shown in the following Figure 12-8:
MAC table =A MAC table =B MAC table =vA MAC table =vB
User A, source MAC=A User B, source MAC=B User A, source MAC=A User B, source MAC=B
12.5.1 Introduction
Target
DHCP Snooping
DHCP snooping binding table inspects the messages from the unreliable area,
such as the user MAC addresses, IP address, leased time, VLAN-ID interface
and so on. Items in DHCP snooping binding table will be aged according to the
leased time.
DHCP snooping binding table in ZXA10 C300/C320 can be saved in the flash.
System will read the backup message from the flash after it is rebooted to
avoid abnormal services when the user's IP address is not released.
Fields Description
PVC PVCID
Fields Description
IP User IP Address
XID Transaction ID
Vid VLAN-ID
IP Source Guard
The IP source guard technology relies on the DHCP Snooping binding table
established and maintained by the DHCP snooping. The non-DHCP IP
packets on this port are filtered with its source IP addresses in this method.
ZXA10 C300/C320 listens to the protocol packets from and to the users and
the DHCP Server/Relay. Before the user gets the configuration information,
the upstream packets are to be discarded but it will keep the DHCP protocol
packets. Once ZXA10 C300/C320 detects DHCP ACK packets, it binds the
distributed IP, user's MAC address to the user port and enables to transmit the
upstream data packets. Meanwhile, it guarantees the consistency between the
upstream data packets and the bound IP, user MAC, otherwise it discards the
packets. When the DHCP leased time is expired, the bound are to be
cancelled, and the transmission of the upstream non-DHCP packets are to be
suspended.
12.6.1 Introduction
Target
As there is no restriction to the users, some users transmit the illegal protocol
packets upwards, which deteriorate the network equipment processing
performance. Sometimes, it will cause the system disordered, even the system
shutdown. If the malicious users excessively transmit protocol packets,
broadcasting packets upwards, no matter legal or illegal ones, the system
performance will still be deteriorated. The processing of the protocol and
broadcasting packets consume a great deal of equipment resources. ZXA10
C300/C320 supports suppression of excess packets and illegal packets to
strengthen the protection on the security of the system and the users.
Packets Suppression
Processing the top three types of methods consume a great deal of equipment
resources while the fouth method consumes the limited resources of the MAC
address table, therefore all four excessive packets need to be controlled. .
Match the specific packets features: specific protocol packets, broadcast ing
packets (or some with more specific features), multicasting packets (or some
with more specific features).
It the transmission rate exceeds the predefined rate, discard the packets.
The upstream IGMP shouldn't have Query packets, and the downstream
shouldn't have the Report/Leave/Join packets.
The upstream DHCP shouldn't have Offer/ACK packets, and the downstream
shouldn't have the Discover/Request packets.
The upstream PPPoE shouldn't have PADO and PADS packets, while the
downstream shouldn't have PADI and PADR packets.
Generally, packet length less than 65 bytes are mini packets; those more than
1518 bytes are jumbo packets. In some specific situation, the length of the
jumbo frame can be as long as 9K bytes.
12.7.1 Introduction
Target
Anti-DoS attack on the management channel: Count on the basis of the user
source MAC, the user packets are not allowed to be sent to the management
channel if the source MAC exceeds a certain threshold.
SSH
ACL on the management channel is a special accessing policy for the network
management channel. The ZXA10 C300/C320 configures an IP address white
list. Only the hosts with the IP addresses on the white list can manage ZXA10
C300/C320. The management requested from other hosts is to be refused.
In-band configuration supports the rate limit on all packets and the other nine
packet types, such as ARP, BPDU, CFM, DHCP, ICMP, IGMP, PPPoE, SNMP,
VBAS etc. The out-of-band configuration supports the rate limitation on all
packets and packets types of ARP and ICMP.
SSH
SSH is used to provide secure remote login and network services on unsecure
network. The transmitted data can be encrypted through SSH, which
effectively prevents from middleman attacks, DNS spoofing and IP spoofing.
The application of SSH accelerates transmission speed as the transmitted
data are compressed.
Figure 12-9 shows ZXA10 C300/C320 SSH module position in the system.
SFTP
After enabling the anti-DoS function, the system dynamically counts the
packets transmitted to the management channel. It defines the users who
transmit excessive packets as MAC blacklist users and adds them to the
blacklist, sends trap alarms to them and discards their packets. If the packets
transmitted are less than 3 times of the normal packets value, check if the user
is on the blacklist. If the user is not the blacklist, the packets are transmitted to
the upper layer normally, otherwise the packets are discarded. The lower -layer
forwarding platform forwards the user packets normally.
The system periodically checks the statistics value and the blacklist. If the
user's MAC address ages out, remove the users from the blacklist. If the
statistics value is less than or equal to the normal value, the users will also be
cancelled from the blacklist. And their packets will be transmitted to the
management channel regularly.
In the common user mode, users can only view the configuration but cannot
modify any configuration. In the privilege user mode, users can view and
modify the configuration.
ZXA10 C300/C320 can create several common user accounts. The user can
login the system through the authenticated username and password. The
12.8.1 Introduction
Target
In N:1 VLAN forwarding mode, the user can communicate with each other on
layer-2, especially using ARP broadcasting packets.
MACFF is an enhanced security feature in VLAN and each MACFF VLAN can
have only one gateway IP. ZXA10 C300/C320 supports 16 MACFF VLANs.
To increase the efficiency, MACFF provides the solution to realize layer-2 and
layer-3 communication between the hosts within a broadcast domain.
MACFF captures ARP request message from Host, through ARP proxy and the
ARP response message is sent back with gateway MAC address. Using this, all
streams (with a subnet) are routed through gateway, so that the gateway can
supervise the stream. As a result, a more secured network is ensured.
As shown in Figure 12-10, Switch A and Switch B are Ethernet Access Nodes
(EAN) and a connection between the hosts (Switch A and Switch B) and Switch C
is setup. If the user configures the MACFF feature on EAN, it ensures that all the
streams from host (Switch A and Switch B) are transferred to the gateway through
Switch C and the layer-3 communication and layer-3 separation is also ensured.
For Host A, the MAC address of Host B is same as the gateway address, which
ensures that Host A and Host B are in the same segment, having the same VLAN.
The communication between them passes through the gateway, while they are
separated on layer-2 level.
12.9.1 Introduction
Description
DHCP snooping is applied to ensure security. DHCP snooping listens to the DHCP
exchange procedure of a specific ONT in a VLAN specified by ZXA10 C300/C320
and records the user IP/MAC relation of the ONT.
Target
Administrator can view the user DHCP exchange relation through the DHCP
snooping function to locate the protocol problems of the user DHCP access
and finally exclude the fault.
The DHCP snooping can generate dynamic user IP/MAC database. Combine
it with the DAI function exchanged on the layer-3 to implement user IP
anti-spoofing function.
It has a database recording the binding relation between ONT and user
IP/MAC.
It can be configured by adding binding of user’s MAC, IP, ONT Id and VLAN.
Application Scenarios
On the layer-3 networking condition, ARP learning of the layer-3 interface VLAN is
disabled at the user side and the DHCP of the VLAN is enabled at the user side.
The user IP/MAC information learnt is set to the ARP table of the layer-3 interface
VLAN. DAI function is enabled to control user ARP.
Thus, it prevents the route forwarding of the user with an illegal IP address and the
illegal user with legitimate user IP address (but with different MAC) to implement
the anti-spoofing function of the IP address.
12.10.1 Introduction
Target
The rogue ONU detection is a feature for detecting and isolating ONUs that send
optical signals in timeslots other than specified. .
GPON uses time division multiplexing (TDM) mechanism in the upstream direction.
Each ONU sends data upstream to the OLT at its own timeslot allocated by the
OLT. If an ONU sends optical signals at other ONUs' timeslots, the optical signals
of the ONU conflicts with those sent by other ONUs. As a result, the ommunication
of between the OLT and another ONU or all the ONUs is affected. Such an ONU
that sends optical signals upstream not at its allocated timeslot is called a rogue
ONU.
There are many types of rogue ONUs. Based on the time of optical signal
transmission, rogue ONUs can be classified into:
The OLT isolates the rogue ONU to ensure the normal services of other ONUs
.The OLT reports information about the faulty ONU to the NMS for the
operation, administration and maintenance (OAM) personnel to rectify the fault
in time.
The OLT supports the detection of rogue ONUs. It keeps monitoring signals in the
upstream direction in real time, which helps locate the rogue ONU. It can also control the
power of the optical transmitter (Tx) of the ONU PON interface.
When the OLT detects a rogue ONU or needs to diagnose the optical link, it can turn off
the optical transmitter power of the specific ONU by sending the Disable_Serial_Number
message (the third byte is 0x0FF) with the ―disable‖ option, or the optical transmitter
power supplies of all ONUs by sending the the Disable_Serial_Number message (the
third byte is 0x0F) with the ―disable‖ option, and can turn on the optical transmitter power
of the specific ONU by sending the disable_Serial_Number message (the third byte is
0x00) with the ―enable‖ option. After being restarted, the ONU in O7 status will remain in
O7 status and ensure its optical transmitter power is in Off status.
In the detection of rogue ONUs, the rogue ONU can be located by turning on and off the
optical transmitter power of the specific ONU in turn through the Disable_Serial_Number
message. The rogue ONU will turn off the optical transmitter power and go into O7 status
after receiving the Disable_Serial_Number (0xFF) message. When the OLT determines
the ONU is a rogue ONU, it will not send the Disable_Serial_Number (0x00) message to
the ONU, so the ONU will remain in O7 status and the power is off. Normal ONUs will be
restored to O2 status after receiving the Disable_Serial_Number (0xFF and 0x00)
message and then activated normally. Under special conditions, the OLT sends the
Disable_Serial_Number (0xFF and 0x00) message, but an ONU turns off the power
before receiving the Disable_Serial_Number (0x00) message. Therefore, the ONU will
remain in O7 status. After locating the rogue ONU and turning off the optical transmitter
power, the OLT should be able to turn on the optical transmitter power of the ONU and
make it go back to O2 status (the ONU is then activated, and the OLT can receive the
Serial_ Number_ONU message from the ONU).
In the detection of rogue ONUs, the OLT can record that the Disable_Serial_Number
message is sent to which ONUs that are connected to a PON interface. After completing
the detection, in accordance with the record, the OLT periodically sends the Disable
Serial Number (0x00) message to the ONUs, which receive the Disable_Serial_Number
(0xFF and 0x00) message but are not activated normally (the OLT does not receive the
Serial_Number_ONU message from the ONUs), to turn on their optical transmitter power
supplies. The period (Timer1) is the same for all possible ONUs, and the time is
configurable. The default is 30 s. When the OLT detects the Serial_Number_ONU
message from an ONU, it stops sending the Disable Serial Number message to the
ONU.
13 ACL
13.1 Introduction
Description
ACL is to classify and filter the packets accessed to the equipment according to the
predefined matching rules.
Target
ACL classification of data packets can be the reference to the subsequent QoS
process and is the prerequisite for the system to provide efficient and differentiated
services.
Each ACL can define 128 rules and each type of ACL in system has maximum of
3500 rules.
Glossary
ACL: A sequential list of a series of rules and each rule decides an action to be
triggered once that rule is matched in ACL.
The ACL processes data packets that access the equipment, as shown in Figure
13-1.
Match the data steam with rules in ACL in sequence. If the data steam
matches with a certain rule, related actions will be triggered and other rules will
not need to be matched. If the related action is to forward it, the subsequent
QoS processing is to be implemented.
Retagging priority: Tag the packet matched with the rules with priorities of TOS,
DSCP, CoS.
Retagging VLAN: Modify the VLAN ID of the packet matched with the rules.
Statistics: Count the data stream of the packet matched with the rules.
Limiting the rate: To limit the traffic rate of data stream matching with rules. Single
rate three color algorithms and the double rates three color algorithm will be used
in rate limitation.
Redirection: Forward the packets matched with the rules to the specified ports.
Data stream is to be discarded if rules are not matched or the specified action
related to match rule is discarding.
14.1 Introduction
Description
CES (circuit Emulation Services) is used to support traditional TDM service over
PSN in xPON system.
Target
The advantages of the low operation cost and the sole network management of the
PSN can extend the service scope of TDM for the operators.
Support Differential Timing and Adaptive Timing mode for service clock
synchronization..
Pseudo Wires create a transparent tunnel for all Layer 2 TDM information over
managed MPLS, IP or Ethernet networks
15.1.1 Introduction
Description
OLT Frequency Synchronization module can recover the frequency from all uplink
ports and T12 clock ports, and then select the best one as system clock based on
the Clock-source quality-level.
Target
System Clock input can be selected from two T12 ports (or E12
ports) , all 1GE ports, all 10GE port or all CES ports.
All 1GE and 10GE uplinks (NNI) can act as timing input for EEC frequency
synchronization via SyncE including Ethernet Synchronization Message
Channel (ESMC) with Synchronization Status Message (SSM) – Quality Level
(QL) according to G.8261, G.8262 and G.8264.
Support frequency accuracy with +/- 4.6 ppm for entire span time under
hold-over conditions
Support frequency accuracy with +/- 4.6 ppm for entire span time under
free-running conditions
The T12 port has the characteristics including impedance 120 ohm
non-earthed, symmetrical and short-circuits proof.
T12 port’s jitter and wander tolerance according to G.813 (8. noise tolerance)
Glossary
Abbreviations
In case of frequency synchronization module, there are three types of clock source:
T12/E12 clock, SyncE clock or CES recovery clock. Those clock sources and clock
alarms from each line card connect to CPLDs in both active and standby switch
control card. Clock Selector in CPLD receives signal to switch the clock source, the
signal is calculated by SSM_QL algorithm and clock alarm. CPLD provides two
clock output to PLL: main clock source and backup clock source. If the main clock
source is abnormal, the PLL will use backup clock source. PLL output provides a
19.44M system clock to each line card. PLL has the hold-on and free-run function.
The following Figure 15-1 shows the architecture of the system frequency
synchronization function.
Main
control
GE SyncE clock 16K clock
Card
SyncE(GE) PHY CPLD Cpld
LOS LOS 8K clock
PLL
SELECT 8K clock
VCXO
10GE SyncE clock 16K clock
SyncE(10GE) PHY CPLD
LOS LOS
TCXO
compar +/-
2M clock 16K clock 4.6PPM
T12 ator
CPLD
T12/E12(RJ45) relay LOS
E12 2M clock
E12 LOS
LIU SSM
select
Software _QL
control module
priority
E12 E12 2M clock
T12/E12(RJ45)
relay LIU 2M clock
2M clock
T12 To line card
select
19.44M clock
GPON PLL
To GPON card
OLT
To GPON ONU MAC
15.2.1 Introduction
Description
The OLT phase synchronization module can recover the 1PPS signal from the
uplink port according to IEEE 1588 V2 standard, or from the external 1PPS+TOD
interface, and then for GPON, the 1PPS information is transferred to ONU
according to G.984.3 Amendment 2. The ONU can provide 1PPS interface or 1588
active port to the mobile base station like LTE, CDMA2000 and TD SCDMA which
need the phase synchronization information. For P2P Ethernet port in OLT, each
port supports working at IEEE 1588V2 master mode and connects directly to base
station.
Target
The OLT has an IEEE1588-2008 Slave (SOOC) for phase extraction from
uplink signals.
The OLT has a 1PPS output from the selected IEEE1588-2008 signal
received.
The phase transfers between the OLT and the ONU. The GPON build-in time
transfer mechanism bases on G.984.3 Amendment 2 (11/2009).
The phase transfers between the P2P interfaces through IEEE 1588V2
The phase synchronization accuracy between the OLT and the ONU is +/-
50ns.
Glossary
Abbreviations
The system can receive 1588v2 Ethernet packet from all 1GE and 10GE ports. The
main switch control card has 1588 slave function, which can recover 1PPS from
the 1588 signal. The main switch control card sends the 1PPS signal to each line
card. The GPON OLT MAC receives the 1PPS and uses time transferring
mechanism according to G.984.3 Amendment 2 to transfer phase synchronization
information to the ONU. Figure 15-2 shows the architecture of the system phase
synchronization over GPON function.
TCXO
Ethernet traffic Ethernet traffic
19.44M clock
1588V2 packet 1588
Switch slave
1PPS GPON
OCXO OLT
MAC
splitter
OCXO
15.3 NTP
15.3.1 Introduction
Description
Target
The ZXA10 C300/C320 implements the NTP client functions. It can synchronize
with the NTP server’s time with the precision of seconds.
The ZXA10 C300/C320 implements the NTP client functions only, which complies
with RFC5905 NTPv4 standard.
In a failure of NTP, the local RTC(real time clock) will work in a free-running
mode, with the accuracy no worse than +/- 20ppm
Abbreviations
The NTP request packet arrives at the NTP server. The NTP server records
the arrival time T2 of the NTP request packet.
The NTP server sends the NTP response packet, which contains timestamps
T2 and T3 (T3 is when the NTP response packet leaves the NTP server).
The NTP response packet arrives at the ZXA10 C300/C320, and the ZXA10
C300/C320 records the arriving time T4.
The ZXA10 C300/C320 can calculate the transmission delay and clock offset
between the ZXA10 C300/C320 (NTP client) and NTP server. It then adjusts the
local clock to synchronize with the NTP server clock.
16 Power Saving
16.1 Introduction
Description
There are three kinds of power saving measures in system including ONU Power
Saving Management, Line Card Power Saving Management and Port Power
Saving Management.
As for ONU Power Saving Management, three kinds of power saving mode,
including Fast Sleep Power Saving Mode, Deep Sleep Power Saving Mode,
Dozing Power Saving Mode and Power Shedding Mode, are supported according
to white paper in ITU-T G.Suppl. 45 ―GPON power conservation‖, and can be
configured at ONU level.
Line Card Power Saving Management and Port Power Saving Management are for
power saving measurements provided by OLT in line cards, PON interfaces and
uplink interfaces.
Target
ZXA10 C300/C320 supports three kinds of power saving measures including ONU
Power Saving Management, Line Card Power Saving Management and Port
Power Saving Management. Detail implementation of these measurements are
listed in the following:
Remote query for attributes of power off line card in Network Management
System (NMS).
OLT support the following ONU Power Saving Modes Management: Fast
Sleep Power Saving Mode, Deep Sleep power saving Mode, Dozing Power
Saving Mode and Power Shedding Mode.
Power down and power on are controlled by single chip in line card.
Unconfigured service line card can be configured to Power Down mode and
main switch control card can send command to single chip in line card.
Only single chip works when line card is configured in Power Down mode to
inspect configuration commands, while other parts of line card are in Power
Down state.
Offline alarm of line card can be sent to NMS as long as Power Down
command is executed successfully by line card. Restore alarm will be sent to
NMS when line card powers on successfully and state of line card returns to
normal.
Users can use NMS or CLI command (show card) to check if line card is at
Power Saving state.
If optical port didn’t be used, Shut Down command can be applied to close
optical module.
Optical module will be opened and closed periodically after configured enable.
If no optical signal is received during open period, close period will be entered
alternately.
If optical signal is received during open period, Normal Work mode will be
entered.
17.1 Introduction
Description
Target
It supports the diagnosis of FTTX based broadband service failures and the
diagnosis includes connectivity diagnosis, stability diagnosis and quality
diagnosis. In case that these service failures happen, it can start the diagnosis
and find out whether the failure is located in access layer; furthermore, for
access layer failures, it can still locate the accurate failure position or scope,
and propose the correct solution per the diagnosis result.
When the FTTX service failures are caused by optical fiber link, it can
diagnose the link and find out the most possible fault reason via OLS
technology.
With the built-in OLS technology and expert knowledge supported, it can
realize the fiber fault demarcation, feeder fiber fault or distribution fiber fault
(inclusive of which branch fault); It can also detect the possible fiber fault
cause, fiber broken, power attenuation, or transceiver failures; and for the
possible faults detected, it can propose the correct solution per the diagnosis
result.
With the external OTDR, it can perform high accurate fiber link fault diagnosis
to locate the real fault position and fault type or cause. The follow Table 17-1 is
the comparison between the OLS and OLS+OTDR.
OLT/OLT Module ● ●
Abnormal
Service Performance ● ●*
Prediction
Service Optimization ● ●*
support
○ not support
OUN fault diagnosis mainly includes MDU fault diagnosis, ONT fault diagnosis
and Rouge ONU diagnosis.
In case that MDU subscriber encounters service failure, it can start the MDU
diagnosis remotely to determine whether MDU is power off or its uplink fiber is
broken, whether the configuration is correct and whether the user port status is
normal, and then as per the diagnosis result the related solution is proposed.
Meanwhile, the MDU failure information, diagnosis result and related
subscriber information can be forwarded to the concerned maintenance
engineer via e-mail or SMS to realize the proactive maintenance.
In case of FTTH service failure, it can diagnose the ONT remotely to determine
whether ONT is power off or its uplink fiber is broken, whether the
configuration is correct and whether each UNI port status is normal, and then
as per the diagnosis result the related solution is proposed.
It can determine whether ONU is experiencing a rogue ONU issue: if yes, it will
try to locate the rogue ONU and turn it off.
The fault diagnostics function needs the high reliability server, and configure RAID
card and redundant hard disk for mirror mode storage. Based on the reliable server,
the storage redundancy assures the whole reliability further.
The fault diagnostic function mainly includes following eight function modules:
system administration module, integrated interface management module,
WEB-based GUI module, expert knowledge base module, fault diagnostics module,
performance prediction module and statistics and analysis module, and
optimization module. The relationship among the function modules is illustrated in
the following software architecture Figure 17-1.
WEB-based GUI module is to realize the WEB interface for maintenance engineer
to conduct the diagnosis and related operations.
Fault diagnostics module mainly implements the intelligent diagnosis logic for the
related FTTX faults, including the network status analysis, alarm analysis, fault
analysis, diagnosis procedure generation and optimization, diagnosis result
generation and optimization, and so on.
Statistics and analysis module mainly provides the statistics and report facility for
faults, diagnosis operations, historical performance data and related manpower
works.
18 Environment Monitor
18.1 Introduction
Description
Target
ZXA10 C320 provides various environment monitoring serial ports with RJ-45
connector: They connect with the environment monitoring module with dedicated
cables to collect various environment information from the environment monitoring
module, including temperature, humidity, power voltage, and smog to facilitate
system management and maintenance.
ZXA10 C300 environment and power monitoring card CICG/CICK provide the
following interfaces:
19 Device management
19.1.1 Introduction
Description
Cards are the physical fundermental to implement various services. The card
management refers to the unified management of cards resources on ZXA10
C300.
Target
Card management is used to promptly discover the change of the card running
status and thereby inform each service module without any delay. It presents to the
user with the card running status through running indicators especially alarm
indicators. The user can also query the card running status through the NM or
command lines.
Card management aims at managing card resources by monitoring the card and
status information. It includes the following:
If the user does not configure the card which is plugged in the shelf, the card
reports the alarm notification and informs the user to configure the card
correctly.
It supports offline configuration on cards and informs the user if the configured
card is not available.
Informs the service card to change status to online if the configured card runs
normally.
Reports the alarm to the user if the configured card type is not consistent with
the card in actual environment.
19.2.1 Introduction
Description
Target
As the version files are downloaded through FTP or SFTP, it requires a host
enabled as FTP server and stored with version files. ZXA10 C300/C320 equipment
enables FTP client to complete downloading the version files from the FTP server.
Updating card version means to obtain the version from the main control&switch
card and to update running software in the local memory. The procedure is
completed through a self-defined private protocol and a server/client mechanism.
The server known as VN server is started on the main control&switch card while
the clients, known as VN clients, are started on other cards. In order to support the
related updates, all version downloading command and other relative updating
negotiation flow maintain a session status table. The session represents one
updating flow (possibly including several version files). It is a dynamic concept
including all the information exchanged during the version updating negotiation
and downloading. One session is identified with an ID. All the information related
with the session has the same ID. After the line card is powered on or the main
control&switch card delivers the version updating command, the VN server and the
VN client start the version negotiation flow between them to complete the version
information exchange and the version download.
The C300/C320 V2.0 supports SNMP V1, SNMP V2c, and SNMP V3 Server. The SNMP
V3 is recommended. The specific mechanisms of each SNMP version follow relevant
standards.
The in-band management VPN refers to the carrier managing and maintaining devices
through the VPN network. The management protocol on devices can be forwarded by
using virtual routers.
19.4.1 Introduction
Description
In the in-band management VPN, the associated in-band management protocols on the
device support the specified VPN instances so that management packets can be
received and forwarded using multiple virtual routes. In this way, the carrier can manage
and maintain remote devices through private IP addresses. This method not only saves
public IP addresses but also isolates the management network from the public network.
Target
Both the in-band management server and client be able to receive the connection
requests and data packets from VPN, to achieve in-band management VPN.
The out-of-band management interfaces cannot be assigned to the VPN. They always
belong to the public network. Therefore, only the in-band interfaces support VPN
management.
Telnet server
SSH server
SNMP AGENT
FTP client
SFTP client
SNMP TRAP
SYSLOG
Telnet client
VPN is a networking technology for encapsulating or encrypting private data and then
transmitting the data over the public network. With this technology, the security level of
the private network can be provided for the transmitted data and a private network can be
constructed based on the public network. VPN is a logical private network that provides
the functions of the private network. The network itself, however, is not an independent
physical network. In the IP bearer network, VPN is an important measure for logically
isolating services, preventing attacks, and helping implement QoS control.
A VPN instance is also called a VPN routing and forwarding table (VRF). Each router is
logically divided into multiple virtual routers, that is, multiple VRFs. Each VRF
corresponds to a VPN, and has its own routing table, forwarding table and corresponding
interfaces. In other words, one router that is shared by VPNs is simulated as multiple
dedicated routers, thereby isolating VPN routes. Devices that are grouped into a private
route exchange routing information of only the private route.
The in-band management VPN uses the VRF function and assigns the remote network
management and OLT to the same VPN. On the OLT, the management addresses and
VoIP addresses are assigned to different VRFs. In this way, the carrier ca n manage and
maintain remote devices through private IP addresses. This method saves public IP
addresses and isolates the management network from the public network.
19.5 SSH
19.5.1 Introduction
Description
Secure Shell (SSH) is formulated by the IETF Network Working Group. Based on the
application layer and transport layer, SSH provides security for remote login session and
other network services.
Target
Compared with the traditional network service programs that send passwords and data in
plaintext, SSH encrypts all the data before sending it. This avoids information disclosure
during remote management. Therefore, SSH is recommended. With the use of SSH, the
data transmission is speeded up because the data is compressed.
AES, DES, 3DES, and BLOWFISH encryption algorithms for SSH login.
A device can serve as an SSH server and at the same time as an SSH client to
log in to other devices.
An SSH client includes SSH programs and application programs such as slogin and sftp.
Viewed from a client, SSH provides the following two levels of security authentication:
One is password-based security authentication. The client can log in to the remote
host only with an account and password. All the data is encrypted. But it cannot
ensure the server to be logged in is the desired server because another server may
imitate the desired server.
SSH is a cryptographic protocol. It provides a secure channel only not data transmission.
Through the steps including version negotiation, key exchange, algorithm negotiation,
and user authentication, an SSH secure channel is set up. Any data transfer protocol can
transfer data in the channel. The tool used by the secure maintenance terminal provides
the SSH client function.
The system supports remote operation and management, including out-of-band Telnet
and in-band Telnet.
The interface used by out-of-band Telnet is the only Ethernet maintenance interface
(RJ45) on the main control panel. After the IP address of the interface and relevant
routes are configured, the system can telnet to remote devices and perform operation
and maintenance.
The interface used by in-band Telnet is the VLAN L3 interface inside the device. The
system supports a maximum of 32 IP addresses for the VLAN interfaces. The subnets of
these IP addresses must be different.
In the remote operation, both the secure and ordinary maintenance terminals use the
Telnet protocol. The difference is that the secure maintenance terminal encrypts all the
data using SSH before transferring data using Telnet. With SSH-based encryption, all the
operations are secure after the user logs in to the device through a remote terminal for
maintenance and management.
SSH File Transfer Protocol (SFTP) is a protocol based on SSH. When the password
mode is used for client authentication, a client must enter the user name and password. If
the user name or password is not correct, files cannot be transferred.
The client writes the local data onto the server in accordance with the returned file
handle.
Files can be downloaded through SFTP only after the SSH authentication is passed.
The file downloading flow is as follows:
The server and the client both verify the SFTP version in the SFTP stage.
The client closes the opened files after reading the data.
19.6.1 Introduction
Description
A user needs to be authenticated with user name and password when the user atte mpts
to log in to the device through the Command Line Interface (CLI).
Users are classified into four levels: supervisor, administrator, operator, and user.
Different levels of users are assigned different operation rights.
Target
The supervisor can manage all the accounts and is allowed to execute all the
configuration and operation commands.
The administrator can manage all the operators, query the accounts and is
allowed to execute all the configuration and operation commands.
The operator can only perform data configuration and service provisioning,
and has no right to manage the accounts.
The user can only query the data, mainly for troubleshooting.
User name: 1–16 characters length, a space is not allowed. The allowed characters are
as follows:0123456789abcdefghijklmorqrstuvwxyz_
Password, 3–16 characters length. a space is not allowed. The allowed characters are as
follows:
0123456789abcdefghijklmnopqrstuvwxyz_ABCDEFGHIJKLMNOPQRST UVWXYZ`*-=~!
@#$%^&()_+[]{}|;':,./<> \\
When a user logs in to the system through the CLI, the user must enter the user name
and password for authentication. In this way, the user is authenticated to ensure the
system security.
Users are classified into four levels: super user, administrator, operator, and user.
Different levels of users are assigned different operation rights.
The internal command nodes in the system have their corresponding rights. A user can
see and operate a command node only if its access right is larger tha n or equal to the
access right of the command node. Therefore, users with high priority have the operation
rights of users with low priority.
19.7.1 Introduction
Description
With the remote connection security feature, the IP firewall, or the service port of the
system is disabled to prevent the device from being attacked by illegal users or illegal
operations.
Target
IP firewall or disabling the service port can prevent the device from being attacked by
illegal users to ensure the security of devices.
With the IP firewall function, only the operators from valid IP address segments are
allowed to log in to the device through valid access protocols, and the operators from
invalid IP address segments or through invalid access protocols are not allowed to log in
to the device.
With the function of disabling the system service, the default service monitoring port of
the system can be disabled to prevent the port from malicious scanning or attack.
19.8.1 Introduction
Description
Logs can be classified into security event logs and operation logs.
A security event log is a log recorded by the system after a security event
occurs.
An operation log is a log about the user operation recorded by the system. It
records user login and logout information and other operations performed on
the system.
Generally, logs are queried through the CLI, syslog, or backup log file during
troubleshooting.
Operation logs and security event logs are reported to the NMS.
Target
Logs recorded help users obtain the overall system maintenance information for
timely troubleshooting.
Operation Log
The system records commands of successfully issued configurations from the CLI
or SNMP interface, that is, operation logs. Operation logs record both succe ssful
and failed operations. In logs of failed operations, the operation results can also be
recorded. By default, the system supports a maximum of N (configurable) operation
logs, which are saved in the order of time and are overwritten cyclically. After the
system is restarted, logs recorded are not lost.
Events are reminders to the user during the system running.When the level of a
security event is changed, whether the event is recorded may be changed. A
security event is recorded in the log only when its level is minor or higher.
Log Server
Logs can be reported to the log server using syslog in real time. Also, logs can be
transmitted to the file server through TFTP/FTP/SFTP at a specified time or when
the specified capacity is reached after the automatic uploading conditions are
configured. Integrity of logs must be ensured.
19.9.1 Introduction
Description
Alarm and event management mainly involves recording and setting alarms and events
and collecting their statistics.
Target
Alarms and events of four severity levels: critical, major, minor, and warning
The alarm and event management refers to recording and setting the alarms and events
and collecting statistics of the alarms and events. The maintenance engineers maintain
the device through the alarm and event management so that the device works effectively.
After an alarm or event is generated, the system broadcasts the alarm or event to the
terminals, mainly including the Network Management System (NMS) and CLI terminals.
The system supports storing history alarms and 800 history events.
The severity level of an alarm or event can be critical, major, minor, or warning. Although
an alarm or event has a default severity level, this severity level can be adjusted in
accordance with actual conditions. The contents of an alarm or event include name,
parameters (including subrack, slot, and port information), description, possible causes,
and handling suggestions.
When an alarm is generated, the system implements the jitter-proof function of the alarm
to prevent the misreporting of the alarm. To be specific, the alarm is reported only after a
specified period expires after the alarm status changes (the specified period ranges from
1 s to 60 s and default is 10 s). If the alarm status recovers within the specified period,
the alarm is not reported.
The alarm statistics function is used to collect the statistics of alarms within a specified
period. This helps to locate system faults.
Alarm correlation refers to associating related alarms. When alarms are in the
parent-child relations, the system automatically filters related child alarms if the parent
alarm is generated.
With the alarm and event filtering function, the user can configure the filtering conditions
so that the system reports only the alarms and events that pass the filtering. In this way,
the user can concentrate on the important and specified alarms and events. The alarms
and events can be filtered by alarm/event ID, severity level, and alarm/event type.
20 Reliability
20.1.1 Introduction
Target
The main control and switch module implements centralized processing on ZXA10
C300/C320 main control and switch card. In order to ensure the reliability of the
services, it is necessary for the main control and switch module to support 1:1
active/standby mode backup or 1+1 load-sharing mode to ensure the continuity of
services.
The control module implements real-time detection on the main modules in the
card. When detecting any hardware fault, the active card gives up and is
rebooted, and then the standby card is automatically switched over to be
active.
ZXA10 C300/C320 supports the following features of the main control and
switching protection:
Active/standby mode
As the core of the C300/C320, the active control board communicates with external
devices and implements functions of internal modules of the system. The standby
control board
does not communicate with external devices and only serves as a backup of the
active control board. During its operation, the active control board backs up all static
configurations and some dynamic configurations to the standby control board to
keep data synchronized between the two boards.
System upgrade. In this case, the operator resets the control boards and
performs the active/standby switchover manually.
Load-sharing mode
When the two control boards work in load sharing mode, redundancy backup
improves reliability of services as well as doubling bandwidth and enhancing data
forwarding performance.
On the forwarding plane, the active and standby control boards share loads.
Both boards forward data.
On the control plane, the two control boards work in the active/standby mode.
The CPU on the active control board manages the system and controls data
forwarding while the CPU on the standby control board is in the standby state.
20.3.1 Introduction
Description
ZXA10 C300 supports time and clock synchronization between active control
module and standby control module to ensure high reliability services of time and
clock. Seamless switch over is also supported.
Figure 20-1 ZXA10 C300 supports time and clock redundancy function
B I
1 P
M a i
( S
M a i
B I ( T AC S cE
1 P T P i S
C P I r C
S ( P1 O
L i n e
C E P S 2
S y n X c E
X E /
Time and clock module is placed in the main switch and control card, and
different kinds of clock source are passed to the active and standby switch and
control cards through the backplane card. Time and clock modules in both
e
active and standby switch and control card work simultaneously and lock the
same clock source. Time and clock module in line card choose and lock output
clock source based on active/standby state of main switch and control card
and quality of clock. Each time and clock module supports multi clock source
input, and chooses clock source based on clock quality and priority. When one
clock source got lost, another clock source can be switched over smoothly.
l
Similar to time and clock module, active and standby switch and control cards
both support 1588v2 SLAVE function. Time and clock module supporting
1588v2 can rescue clock by PTP protocol and pass 1PPS+TOD message to
line card, and then forward to ONU through PON protocol.
e
Glossary
ACL - Access Control List
NM - Network Management
TB - Tocken Bucket