Professional Documents
Culture Documents
Technical Proposal
Issue Date
01 2011-09-08
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.
Issue 01 (2011-09-08)
Contents
Contents
1 Overview of WAN Interconnection........................................................................................... 1
1.1 Challenges to WAN Interconnection ................................................................................................................ 1 1.1.1 Multi-Service Transmission .................................................................................................................... 1 1.1.2 High Reliability ....................................................................................................................................... 1 1.1.3 Security ................................................................................................................................................... 2 1.1.4 Maintainability ........................................................................................................................................ 2 1.2 Requirements for WANs .................................................................................................................................. 2 1.2.1 Requirement for Service QoS ................................................................................................................. 2 1.2.2 Requirement for Service Reliability........................................................................................................ 3 1.2.3 Requirement for Service Security ........................................................................................................... 4 1.2.4 Requirement for Service Operation and Management ............................................................................ 5
Issue 01 (2011-09-08)
ii
Contents
2.6.1 Multi-Layer Network Planning Tool ..................................................................................................... 33 2.6.2 SRLG .................................................................................................................................................... 33 2.6.3 Control Plane Intelligent Synergy ......................................................................................................... 34 2.6.4 Layered Protection Synergy .................................................................................................................. 35 2.7 QoS Planning ................................................................................................................................................. 36 2.7.1 Basic QoS Planning .............................................................................................................................. 36 2.7.2 HQoS Planning ..................................................................................................................................... 37 2.7.3 Huawei QoS Solution ........................................................................................................................... 38 2.8 Security Planning ........................................................................................................................................... 39 2.8.1 Security Measures ................................................................................................................................. 39 2.8.2 Network Security Architecture.............................................................................................................. 39 2.9 Network Management Planning ..................................................................................................................... 40 2.9.1 Unified Network Management .............................................................................................................. 41 2.9.2 Visualized OAM ................................................................................................................................... 42
Issue 01 (2011-09-08)
iii
Real-time and non-real-time services Key services and less-critical services Voice services, data services, and video services
These services have different quality of service (QoS) requirements. For example, key services require rapid forwarding but have low requirements for bandwidth. Office data services are insensitive to latency but require a bandwidth guarantee. Finding the right ways to transmit all these services on a WAN is the key to building a secure and effective IP network.
Issue 01 (2011-09-08)
1.1.3 Security
Every enterprise requires high internal and external network security, from E-government intranets to networks for key industries such as petroleum, national power, and banking. Because the WAN is more vulnerable, compared to internal networks, careful measures must be taken to guard the security of the IP network.
1.1.4 Maintainability
As the network expands to support services, network maintenance becomes increasingly complex and requires specialized IP maintenance personnel. To enable personnel to maintain and manage the network efficiently, the IP WAN interconnection solution must offer features for easy maintainability, such as visual management and unified management of the entire network.
Availability refers to the percentage of usable service time to total service working time. Within five consecutive minutes, if the packet loss ratio of the services provided by an IP network is less than or equal to 5%, the services are considered to be available in this time period. Latency refers to the interval from transmission to reception of an IP packet. Jitter refers to the deviation of latency between different packets. Packet loss refers to the ratio of lost IP packets to transmitted packets between two reference points. Packet loss is mainly caused by network congestion.
Issue 01 (2011-09-08)
Controls network resources and their use. Integrates multiple services such as voice, video, and data into a single IP network platform. Provides differentiated services based on different users requirements.
1. Considering low-speed links, the ITU-T recommends 50 ms as the jitter value. For most users, the real jitter is 20 ms. 2. The preceding data is from ITU-T Y.1541 and recommended by the ITU-T. The end-to-end distance is less than 5000 km.
In the actual solution, do not totally rely on technical means to solve the QoS problem. Instead, fulfill the construction thoughts of IP telecom networks and take into consideration all factors such as comprehensive analysis of traffic models, network design, QoS assurance technologies, and reliability improvement to achieve the goal of QoS construction of WANs.
Issue 01 (2011-09-08)
Despite the dynamic protocol, redundancy connection, and other reliability technologies, the traditional IP network does not meet the carrier-class requirements. In terms of reliability index, a common IP network fault will result in service interruption for seconds or even minutes. Such an index can meet the requirement for carrying traditional Internet services, but not the QoS requirements of real-time voice and video services. The requirements of carrier-class services for the reliability of a network are as follows:
The availability of network equipment reaches 99.999%. The network availability reaches 99.999%. Fault protection switching time: For a backbone network, less than 50 ms is recommended for the link protection switching time (to meet the SDH requirements). Key components of network equipment are redundant and interface boards are hot swappable Dual-node redundant backup is usually performed on key nodes. The dual-homing design is used on key links.
Confidentiality: Only the receiver designated by the sender can identify the communications contents. Data integrity and consistency: While being transmitted from the sender to the receiver, information is not modified by the third party. Service availability: This can be guaranteed by preventing malicious attacks on the network.
To improve service security and meet the carrier-class requirements, IP WANs must meet the following requirements:
Service security isolation: The network is physically isolated, or a service-based logical network can be built on a single physical network. In this case, there is no service leakage between logical networks and from the logical network to the infrastructure network under any circumstances. Inside the logical network: The network provides security measures to protect the security of internal key systems, preventing service thefts. Reliability of infrastructure network: The infrastructure network (equipment) of the network can effectively prevent illegal attacks and viruses, to ensure sustained and stable network operation without degrading network performance.
Issue 01 (2011-09-08)
Issue 01 (2011-09-08)
Layered network structure Network structure is divided into three layers: core layer, backbone layer, and service access layer. Layer-2 and layer-3 networks are separated to construct layer-3 routing backbone network and layer-2 MAN with clear physical and logical levels.
Flattened network structure Large-capacity devices are adopted to reduce the number of nodes as well as the number of physical and logical cascade connection layers and to ensure wide coverage.
At the service access layer, the layer-2 Metro Ethernet network is adopted. At the service access layer, the layer-2 Metro Ethernet network is adopted. Metro Ethernet adopts RPR/RRPP ring networking mode to save optical fibers and improve reliability.
Redundancy backup of key nodes and links For important nodes with heavy traffic, dual devices are adopted for redundancy backup. When the lower link connects to the upper link, dual homing is adopted.
The layered design is used. It divides a network into three layers: the access layer, backbone layer, and core layer. At the same layer, devices should be interconnected as much as possible. The core node uses the redundancy mechanism.
Issue 01 (2011-09-08)
The lower-layer device is dual-homed or multi-homed to a single node or multiple nodes of a device. The network topology can be adjusted according to the service traffic.
The current traffic volume and forecast size of a node rank top. A node has rich transmission resources and is located at the intersection of transmission trunks. A node is located in a central city. In principle, core nodes are fully connected. According to traffic and transmission resources, core nodes are not fully connected but semi-connected. According to the requirements for reliability protection and saving of optical fibers, the RPR ring network technology is adopted. According to the backbone-layer networking conditions, multiple devices can be deployed on a single core node. Ensure that at least one hop is reachable between two nodes with heavy traffic. If there is little traffic between two nodes, multiple hops can be considered. Transmission distance has a great impact on time delay. Try not to detour.
According to the forecast of the traffic direction, backbone nodes are deployed in the cities which have the main traffic (usually the regional central cities) as centers. Network structure optimization should be fully considered and more than one administrative region can be involved. According to the size and traffic of a city, multiple backbone nodes can be set. In a city where a core node is set, a backbone node can be integrated with the core node based on the actual situation. According to the reliability of links between backbone nodes and core nodes as well as the reliability of core nodes, backbone nodes can be connected to different core nodes respectively. According to the traffic size between backbone nodes, links can be directly added between convergence nodes with much traffic to distribute traffic.
Issue 01 (2011-09-08)
To save optical fibers and improve reliability, adopt RPR/RRPP rings to constitute a network. In the densely populated areas, the layer-1 ring is used to constitute a network.
At each PoP, set one to three AGG-Rings. For each AGG-Ring, set four to eight UPEs. For each UPE, set three to ten DSLAMs.
In the sparsely populated areas, the layer-2 ring is used to constitute a network, with the aim to save optical fibers.
For each AGG-Ring, set three to ten ACC-Rings. For each ACC-Ring, set four to eight UPEs. For each UPE, set three to ten DSLAMs.
In terms of route, number of actual hops minimum number of hops + 2. In terms of traffic sharing, traffic is shared properly and the routes with great pressure are avoided. For example, traffic between PoP nodes does not pass through the access node. The traffic within a node does not pass through other nodes. That is, traffic at the lower layer is only transmitted at the lower layer but not at the upper layer. In terms of backup: Backup should be reasonable (the backup path is relatively short in most cases; traffic should pass through the nodes and links with small pressure as much as possible). If the connections between PoP nodes are interrupted, traffic should be forwarded through the core node, but not the access node. If a fault occurs on the uplink to which a device connects within a PoP node, traffic should pass through another device that connects to the same node, but not other nodes. In terms of analysis and adjustment, for a particular destination, the path should be clear as much as possible to facilitate analysis and adjustment.
Issue 01 (2011-09-08)
Core layer
Backbone layer
Access layer
Issue 01 (2011-09-08)
10
Model 1: Only one PE is adopted and the PE is dual-homed to two Ps. Model 2: Two PEs are set on a PoP node for redundancy backup. Each PE is connected to a P. That is, on a backbone node, two links are connected to a P.
PE
PE
PE
In the service-intensive area, sites are relatively concentrated. The layer-1 ring network is usually adopted. In the service-sparse area, sites are relatively dispersed. Due to the geographical range, the layer-2 ring network can be adopted.
Issue 01 (2011-09-08)
11
CPE
CPE
IP address planning and assignment should satisfy requirements from the rapid development of MAN service and address segments should be reserved for future service development. IP address assignment must be flexible enough to access a variety of users such as dial-up users and leased line users. Address assignment is driven by services. Assign address segments for each place according to the volume of services. Adopt the VLSM technology for IP address assignment to ensure the utilization of IP addresses. Adopt the CIDR technology to reduce the size of routing table of routers, speed up the routing convergence of routers, and reduce the size of routing information broadcast in the network. Adopt the hybrid address assignment mode that combines public and private addresses or dynamic and static addresses to relieve the current pressure of serious shortage of IP address resources. IP address planning should take the network level into consideration to implement hierarchical management. Fully and properly use the applied address space to improve address utilization.
Issue 01 (2011-09-08)
12
Both public and private addresses are used in a MAN. In a MAN, public and private addresses are not converted. The routing devices in a MAN do not distinguish public addresses from private addresses and support routing of public and private addresses. At the network egress, the hybrid address switching router is adopted to convert addresses. Only the private addresses of data packets are translated. Packets with public addresses are forwarded. Unified planning for private IP addresses is required to avoid confusion in the future.
Hierarchical Assignment
According to network structure, area, territorial allocation, and the number of users in an area, the whole MAN is divided into several major regions. A major region is divided into several sub-regions. Each region obtains the sub-network segment from its higher-level region. Regarding the network scalability, addresses should be assigned from both ends to the middle.
This mode takes the planning for network level and routing protocol into full consideration. Through the aggregation network, the network routing and the number of addresses for maintenance in a network are reduced, fully reflecting the hierarchical management thought.
Residential users are usually assigned private addresses. Several successive IP addresses (to facilitate aggregation) are assigned based on class C addresses. For IP voice and video users, FANAVA assigns private IP addresses nationwide in the unified manner and reserves IP addresses for the next few years. The mapping relationships between the user number and the private IP address, public IP address of media gateway, and public IP address of access gateway are stored in the softswitch system, so that service traffic can be accurately routed to the user terminal during call connection. VPN users are assigned private IP addresses that are used in enterprises.
Hosts on the Internet, such as web, FTP, and mail servers in IDC which need to be open to the Internet MAN gateway devices, which require public addresses to connect to the Internet Devices on the routes which need to be broadcast externally (For example, a MAN connects to two ASs at the same time and the inter-domain routing protocol BGP is
Issue 01 (2011-09-08)
13
adopted. Because the MAN acts as the intermediate AS, the routes between AS egresses may need to be broadcast on the Internet. In this case, public IP addresses are required.)
Enterprise users are assigned public addresses for NAT. An enterprise usually sets up an intranet by using the private address and connected the intranet to the Internet by using the NAT device. Assigning an enterprise public address will not affect the address planning of the enterprise. Users are assigned public addresses to surf the Internet by using ADSL, FTTX+LAN, and other broadband modes. It is recommended that 40 to 100 users in a residential area should be assigned one public IP address. If TCP port mapping can be realized, an IP address can support more users. Users are assigned public IP addresses to connect to the Internet in the narrowband dial-up mode. Generally, each RAS port is assigned a publicIP address. Leased line users are assigned public IP addresses to connect to the Internet. A user is assigned a public IP address.
Address Redundancy
In the process of address planning, reserve 50% to 80% IP addresses.
Network address translation (NAT)/Application layer gateway (ALG) mode Middle box communication (MIDCOM) mode Simple traversal of UDP through network address translators (STUN) mode Traversal using relay NAT (TURN) mode Signal proxy + media relay (Full Proxy) mode
Issue 01 (2011-09-08)
14
Table 2-1 illustrates the comparison of the five modes. Table 2-1 Comparison of NGN private network traversal modes Item ALG MIDCOM The NAT device does not need to dynamically monitor packets but needs to receive commands from the MIDCOM agent, which will not increase the burden on the NAT device. STUN The NAT device does not need to parse packets, which will not increase the burden on the NAT device. The performance is good. TURN The NAT device does not need to parse packets, which will not increase the burden on the NAT device. The performance is good. Full Proxy Full Proxy forwards all call packets and media streams in the designated direction. A high efficiency is required, but Full Proxy processes only session packets but not data service packets. A new protocol is extended on the proxy.
Performance The NAT device needs to dynamically monitor and parse all packets, which will greatly increase the burden on the NAT device.
Extensibility Each time a The protocol is protocol is developed on the added, the NAT agent. device needs to be upgraded. The extensibility is poor. Networking This mode is application applicable to residential and enterprise networks of not too large scale. This mode is applicable to residential network, enterprise network, and gateway, depending on the efficiency of the NAT device.
Only the protocols The extensibility is the best. over UDP are supported. A new protocol based on UPD, does not require upgrade of the NAT device. This mode is applicable to residential network and enterprise network. This mode is applicable to residential network and enterprise network.
This mode is applicable to residential network, enterprise network, gateway, and other NGN networking applications. The flexibility is the highest. Only the Full Proxy device needs to be provided. Other devices do not need to be altered.
The NAT device needs to be upgraded to support the MIDCOM protocol. The call agent supports the MIDCOM protocol. High Guaranteed
The STUN server needs to be provided. Meanwhile, the terminal needs to support the STUN client function.
The TURN server needs to be provided. Meanwhile, the terminal needs to support the TURN client function.
Security QoS
Low Unguaranteed
Low Unguaranteed
Highest Guaranteed
Issue 01 (2011-09-08)
15
According to the preceding introduction and comparison, Full Proxy and MIDCOM are recommended. Other solutions are used according to the actual situation.
Having no need to alter the current network devices, the Full Proxy mode features strong adaptability and flexible networking and can meet the requirements of diversified networking and user access at the initial stage of NGN. In addition, it can solve the NAT problems, greatly extend the functions, and implement the QoS and security of session service at the access layer. Therefore, the user access platform of the NGN can be developed. The MIDCOM mode has strong extensibility. Once the NAT/FW device supports the MIDCOM protocol, the MIDCOM agent can be embedded in the softswitch. The NAT/FW traversal problem of NGN service can be solved. The softswitch itself parses and processes users' call protocol packets and can deliver the call QoS and security information dynamically. The Middle box (NAT/FW) device at the lower layer takes necessary measures based on the information.
VRF-to-VRF
The VRF-to-VRF mode is the basic BGP/MPLS IP VPN application in the inter-AS scenario, without requiring additional configurations. In this mode, ASBRs of two ASs are directly connected and function as the PEs in their respective ASs. Either of the two ASBRs regards the peer ASBR as its CE and advertises IPv4 routes to each other using EBGP, as shown in Figure 2-5.
Issue 01 (2011-09-08)
16
In Figure 2-5, ASBR-PE1 in AS 100 and ASBR-PE2 in AS 200 are one CE of each other. The inter-AS VPN in VRF-to-VRF mode is easy to implement. The two ASBR PEs do not need to be specially configured to implement inter-AS VPN. The disadvantage is poor scalability. The ASBRs functioning as PEs need to manage all the VPN routes and create a VRF for each VPN. This may result in a large number of VPN-IPv4 routes on PEs. In addition, as common IP forwarding is performed between the ASBRs, each inter-AS VPN requires different interfaces, which can be sub-interfaces, physical interfaces, and bound logical interfaces. Therefore, this mode poses high requirements for PEs. The inter-AS VPN in VRF-to-VRF mode requires VPNs to be configured, without requiring additional configurations for the inter-AS.
Issue 01 (2011-09-08)
17
Figure 2-6 Advertising labeled VPN-IPv4 routes between ASBRs using MP-EBGP
The route advertisement process is as follows: a. b. c. The PE in AS1 advertises labeled VPN-IPv4 routes to the edge router PE in AS1 or the route reflector (RR) which reflects routes for ASBR PE using MP-IBGP. The PE functioning as the ASBR advertises labeled VPN-IPv4 routes to the PE in AS2 (that is, the edge router in AS2) using MP-IBGP. The ASBR PE in AS2 advertises labeled VPN-IPv4 routes to the PE in AS2 or the RR which reflects routes for PE using MP-IBGP.
ASBRs do not filter the VPN-IPv4 routes received from each other based on VPN targets. Therefore, the SPs in different ASs that exchange VPN-IPv4 routes must reach a trust agreement on route exchange. VPN-IPv4 routes are exchanged only between VPN peers. A VPN cannot exchange VPN-IPv4 routes with public networks or MP-EBGP peers with whom there is no trust agreement.
In terms of extensibility, distributing labeled VPN-IPv4 routes in MP-IBGP mode is superior to inter-ASBR VPN management through sub-interfaces.
Issue 01 (2011-09-08)
18
Avoid route flapping in the entire network caused by partial route changes. Balance network traffic in the entire network through routing design. Avoid the situation where routes in an AS cannot be sent to other ASs and devices in the AS cannot receive external routes. Minimize the number of routes and take into account the transmission distance. Implement fast convergence to find and respond to faults quickly so that the system recovers from faults as soon as possible to avoid routing blackholes and routing loops. Adopt the GR-enabled routing protocols.
All routers in a private network are located in a domain. The IS-IS or OSPF routing protocol is used as an IGP. For flat routing design, IS-IS adopts the level-based mode, while OSPF adopts the area-based mode. BGP-4 is used as the inter-domain routing protocol of the private network. The AS number is independent. At the border of an AS, routing transmitting, receiving, summarizing, and attribute modification are controlled through EBGP. Level-1 RR design is adopted to ensure that the number of BGP peers on each RR is less than 100. When there are many clients, an independent router can be used as the RR. At least two RRs are configured to avoid single-point faults. Clients are dual-homed to at least two RRs. The routes for router management address and link address are carried over IGP, while the routes for private line users, 3G/NGN device address, and address pool are carried over BGP. MBGP is used in a VPN. The RR configuration principles for a VPN are the same as those for the public network where BGP is used. BGP or OSPF can be selected as the routing protocol between a PE and a CE in a VPN based on the network size. In terms of security, the static routing protocol is recommended. The routing protocol supports MD5 authentication to ensure the security of the routing protocol.
Issue 01 (2011-09-08)
19
ms), to ensure the extensibility and feasibility of standard technologies, to reduce the operation and maintenance cost, and to ensure the service operation effect.
BFD
BFD is an interactive detection mechanism that rapidly detects communication faults between systems and reports the detected faults to upper-layer applications. BFD has the following functions:
Provides low-overhead, short-duration detection of faults in the path between adjacent forwarding engines. These faults include interface faults, data link faults, and forwarding engine faults. The BFD detection time is usually within 50 ms. Provides a single mechanism for fault detection over any media and at any protocol layer to implement BFD for Everything, such as BFD for IS-IS, OSPF, BGP, LSP, and TE.
With the preceding functions, BFD has been widely used to detect link faults and protocol faults.
MPLS OAM
MPLS OAM is a rapid detection mechanism that checks MPLS LSP connectivity by allowing nodes along an LSP to exchange OAM packets. MPLS OAM provides the following functions, independent of upper-layer or lower-layer protocols:
Detects, identifies, and locates MPLS user-plane faults efficiently. Evaluates network usage and performance. Performs protection switching in the event of a link defect or fault to provide services according to the Service Level Agreements (SLAs).
For more information about MPLS OAM, see ITU-T Recommendation Y.1710 and Y.1711.
Issue 01 (2011-09-08)
20
Redundancy backup of main control boards, hot swap of boards, and GR, which ensure device reliability Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP), which improve node reliability IGP fast route convergence and TE FRR, which ensure path availability VPN FRR, which ensures PE reliability
Incremental SPF (I-SPF): calculates only the changed routes but not all routes each time. Partial route calculation (PRC): calculates only the changed routes. It does not calculate the shortest path but updates leaf routes based on the shortest path tree (SPT) calculated by I-SPF. LSP fast flooding: When a router receives one or more new LSPs, it floods out the LSPs with a number smaller than the specified number before calculating routes. This accelerates LSDB synchronization and network convergence. Intelligent timer: adjusts the delay based on the route change frequency. This ensures fast route convergence, without affecting router performance. Intelligent timers include the SPF intelligent timer and LSP generation intelligent timer.
IP FRR
On legacy IP networks, it takes the routing system several seconds to complete route convergence after a fault is detected. This convergence speed cannot meet requirements of the services that are sensitive to packet delay and packet loss. For example, Voice over Internet Protocol (VoIP) services are tolerant of millisecond-level interruption. IP FRR allows the forwarding system to rapidly detect faults and take measures to restore services as soon as possible. The IP FRR implementation principles are as follows:
When the primary link is available, you can configure IP FRR by using a routing policy to provide the backup route information for the forwarding engine. When the forwarding engine finds that the primary link fails, it uses the backup link to forward traffic before the routes converge on the control plane.
Issue 01 (2011-09-08)
21
BGP FRR
IGP/LDP FRR can rapidly switch traffic to another link when a link fault occurs. However, when a fault occurs on a BGP node, routes need to converge on the BGP control plane and then be delivered to the forwarding table. The route convergence time may reach the second level. The BGP indirect next hop technique speeds up route convergence on the control plane, but it still cannot ensure carrier-class reliability. In BGP FRR, the LDP label or BGP label of a sub-optimal route is installed into the forwarding table as a backup routing entry. When a rapid fault detection mechanism such as BFD detects that the optimal route becomes unavailable, services are switched to the backup route. This implements fast service switchover.
LDP FRR
With LDP FRR, the fast convergence of the LDP LSP can be achieved. LDP FRR means that the device takes the optimal route of the LDP as the forwarding entry as well as takes the secondary optimal route of the LDP as the backup path and puts it in the forwarding table. When a fault occurs on the optimal next top, the device directly uses the backup path/label for forwarding. Through BFD, the connection to the optimal next top can be rapidly detected and the convergence speed of 50 ms can be achieved. There are some restrictions on the use of the LDP FRR convergence technology. For example, in a ring network, the sub-optimal next hop may send packets back to the node, which causes a forwarding loop. Compared with the FRR protection technology for RSVP TE, the LDP ERR protection is based on single points and end-to-end protection is not required.
MPLS TE FRR
MPLS TE FRR protects links and nodes in MPLS TE. When an LSP link or a node fails, traffic can be forwarded along the tunnel of the protected link or protected node. This ensures uninterrupted traffic forwarding. In addition, the ingress can continue re-establishing the primary path without affecting data transmission. In MPLS TE FRR, an LSP is established to protect one or more LSPs. This LSP is called the FRR LSP and the protected LSP is called the primary LSP. When a link or node fails, MPLS TE FRR uses the FRR LSP to transmit traffic; therefore, the primary LSP is protected. All the nodes in the MPLS TE system need to participate in the establishment of the FRR LSP and primary LSP. MPLS TE FRR is implemented based on RSVP TE and complies with RFC 4090.
VPN FRR
MPLS TE FRR protects services in the case of a link or node failure between two PEs at both ends of a TE tunnel; however, MPLS TE FRR cannot protect services in the case of a PE failure. Once a PE fails, services can only be restored by means of end-to-end route convergence and LSP convergence. The service convergence time depends on the quantities of MPLS VPN routes and hops on a network. The convergence time is usually 5s on a typical network, which is longer than 1s required for end-to-end service convergence.
Issue 01 (2011-09-08)
22
VPN FRR solves the preceding problem. In VPN FRR, primary and backup forwarding entries with the primary PE and backup PE as their respective destinations are preconfigured on the remote PE. Rapid PE failure detection is also used so that the end-to-end service convergence is within 1s on an MPLS VPN where a CE is dual homed to two PEs. The recovery time is independent of the quantity of VPN routes.
Optical line protection Optical channel protection Subnet connection protection ASON protection
Issue 01 (2011-09-08)
23
Working signals
Protection signals
Working signals
Protection signals
Issue 01 (2011-09-08)
24
Uses the OTU with the dual fed and selective receiving function to protect services, as shown in Figure 2-9. Uses the OLP or DCP board with the dual fed and selective receiving function to protect services. The network diagram is the same as Figure 2-9.
Working signals
Protection signals
In the transmit direction, services to be protected are input through the tributary board. They are transmitted to the working line board and backup line board by using working signals and protection signals. The working signals and protection signals are transmitted in the working channel and the protection channel respectively.
Issue 01 (2011-09-08)
25
In the receive direction, only the cross connection corresponding to the working line board is valid and the cross connection corresponding to the backup line board is disconnected. When the working channel is faulty, the line board reports an alarm to trigger an SF or SD alarm. After detecting the SF or SD alarm, the main control board disconnects the cross connection corresponding to the working line board and enables the cross connection corresponding to the backup line board. Service signals are transmitted over the protection channel. After the working channel is recovered, service signals are switched back to the cross connection corresponding to the specified line board.
Working signals
Protection signals
Issue 01 (2011-09-08)
26
Service configuration procedures are complex, and it takes a long time to expand capacity or launch services. Bandwidth use is inefficient because about 50% bandwidth must be reserved on the ring network. Only a few protection measures are provided, so network self-healing capability is poor.
Automatically Switched Optical Network (ASON), also called intelligent optical transport network, is used to solve the preceding problems. ASON uses GMPLS-UNIs and a control plane on transport networks to enhance the network connection management and fault recovery capabilities of optical transport devices. It supports end-to-end service configuration and multiple service restoration methods. Compared with WDM, ASON has the following advantages:
Computes routes using optical parameters and discards the routes that do not match the optical parameters. Adjusts wavelength during rerouting, eliminating wavelength conflicts. Allocates wavelength for new services automatically. Supports automatic configurations for end-to-end services. Discovers topology automatically. Protects the mesh network to enhance network availability. Assigns protection priorities to services according to the priorities of the client-layer signals. Uses traffic engineering to dynamically adjust network topology according to users' service requirements. This implements optimal network resource allocation.
The following sections describe the transport layer protection mechanisms based on ASON.
Mesh Networking
Mesh networking is a widely used networking type of ASON, and is flexible and easy to extend. Compared with WDM networking, mesh networking supports more recovery paths, which improve network security and reduce network resource waste. In addition to the traditional protection measures (such as 1+1 protection) and shared protection measures, the mesh networking can also use the rerouting mechanism to protect services. Using all the preceding measures, the mesh networking is capable of restoring services in any situations. As shown in Figure 2-11, if the link between device C and device G is interrupted, a route from device D to device H is generated. Services are restored through a newly generated LSP.
Issue 01 (2011-09-08)
27
Figure 2-11 Service protection and restoration using the mesh networking
Dynamic Rerouting
Rerouting recovers services when network faults occur. In non-revertive mode, the first node on an interrupted LSP calculates the optimal path, and then sets up a new LSP using signaling messages. Services are transmitted over the new LSP. The interrupted LSP is deleted after the new LSP takes effect. Rerouting, as a key technology of GMPLS/ASON, protects services without a waste of resources. It is also a revolutionary improvement for traditional protection measures. Rerouting protects services even if fibers are interrupted frequently. As shown in Figure 2-12, an LSP passes devices A, D, G, and K. When the link between devices D and G is interrupted, the rerouting process is as follows:
The FIU (for optical layer) or OUT (for electrical layer) of device D detects an alarm, and then reports the alarm to the GMPLS module. The GMPLS module on device D checks the affected intelligent services and sends a Notify message to device A. After receiving the Notify message, the GMPLS module of device A calculates an end-to-end protection path and sends a PATH message along the new path. A reverse cross-connected path destined for device K is set up. After receiving the PATH message, the GMPLS module of device K returns a RESV message along the new path to set up a cross-connected path destined for device A. After receiving the RESV message, device A enables the alarm function and sends a PATH message to request the downstream devices to enable the alarm function. The downstream devices enable the alarm function for the new path. After all devices on the LSP enable the alarm function, the old LSP is deleted if the non-revertive mode is used. The rerouting process is complete.
Issue 01 (2011-09-08)
28
fy Noti
A
PA TH
K C F
PA TH
H PAT
H
B E
Issue 01 (2011-09-08)
29
Service Association
Two LSPs are associated. When an LSP is performing rerouting or optimization, this LSP is separated from the other one. The two LSPs do not overlap each other. Service association is applicable to the services having two access points (dual homing). As shown in Figure 2-14, the two LSPs D-E-I and A-B-G-H are associated. If the link between devices B and G is broken, the LSP A-B-G-H performs rerouting and the LSP D-E-I is not affected. Figure 2-14 Service association
Issue 01 (2011-09-08)
30
Table 2-2 Service levels Service Level Diamond Protection and Recovery Protection and recovery Recovery No protection, no recovery Implementation Intra-board 1+1 protection, ODUk SNCP, SW SNCP, rerouting Rerouting Switchover Time Shorter than 50 ms
Silver Bronze
2. Diamond service Diamond service has the best protection ability. When there are enough resources on the network, diamond service provides permanent 1+1 protection for paths such as ODUk paths. Diamond services are applicable to voice and data services, VIP private line, such as banking, security, and aviation. A diamond service provides 1+1 protection from the source node to the sink node. It is also called a 1+1 service. There are two LSPs available between the source node and the sink node. The two LSPs are separated. One is the working LSP and the other is the protection LSP. The same service is transmitted to the working LSP and the protection LSP at the same time. When the working LSP is normal, the sink node receives services from the working LSP; otherwise, the working LSP receives services from the protection LSP. Figure 2-15 shows the network diagram of diamond service. Figure 2-15 Diamond service
Permanent 1+1 protection: triggers rerouting once an LSP fails. Rerouting 1+1 protection: triggers rerouting only when the two LSPs fail. No rerouting: does not trigger rerouting no matter whether LSPs fail.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd
Issue 01 (2011-09-08)
31
3. Silver service Silver services include WDM ASON OCh paths, ODUk paths and Client paths. The recovery time is several seconds. The silver service is suitable for the delay-insensitive services such as data service and residential Internet service. Silver service provides connections from the source node to the sink node with the rerouting protection. It is also called rerouting services. If an LSP fails, rerouting is repeatedly initiated to restore services until rerouting is successful. The silver service computes protection paths without a reservation of resources. Hence, the bandwidth utilization is high. However, if network resources are insufficient, services may be interrupted. As shown in Figure 2-16, the silver service is provided for the path A-B-G-H-I. If the link between devices B and G is broken, device A initiates rerouting to create a new path. Figure 2-16 Silver service
4. Bronze service The bronze services are seldom used. Generally, temporary services, such as the abrupt services in holidays, use the bronze service. The paths of bronze service include OCh paths, ODUk paths, and Client paths. The bronze service means no protection. If an LSP fails, rerouting is not triggered and services are interrupted. ----End
Issue 01 (2011-09-08)
32
Allocates bandwidth for the two layers based on traffic volume so that traffic is loaded evenly, improving utilization of network resources. Isolates faults on the IP layer and transport layer to prevent a fault from triggering repeated protection at the two layers. This ensures effective protection and improves network reliability, laying a foundation for intelligent synergy between the IP layer and transport layer of a backbone network.
2.6.2 SRLG
An SRLG is a group of links with the same reliability risks. For example, multiple links on a router involve the same transport path. If the transport path fails, both the working and protection links on the router will also fail. To prevent this problem, links in the same SRLG are not assigned to a pair of working and protection paths during path computation. This improves reliability on the IP layer because a link failure will not cause both the working and protection paths to fail.
Static SRLG
Static SRLG requires the IP network administrators to manually configure SRLG information on routers after confirming the information with the transport network administrators. Static SRLG is easy to implement and does not require configuration of other parameters. However, static SRLG has the following disadvantages:
The administrators of the IP network and transport network have to exchange and configure a large amount of detailed information, which is labor-consuming and prone to errors.
Issue 01 (2011-09-08)
33
When links on the transport layer are re-planned or adjusted, the transport network administrators must notify the IP network administrators, and the IP network administrators modify configurations on the IP layer. If the GMPLS ASON technology is used at the transport layer, the transport paths may change automatically. The IP network administrators cannot be notified of the changes in real time.
Dynamic SRLG
Huawei presents the dynamic SRLG solution to overcome problems of static SRLG. Transport devices transfer SRLG information to routers through extended GMPLS-UNIs between them. Dynamic SRLG has the following advantages:
The SRLG information is transmitted from the transport layer to the IP layer automatically and no manual operation is required, reducing workload in maintenance and preventing configuration errors. Transport devices update SRLG information when transport links are adjusted, saving network administrators' workload in modifying configurations. When the GMPLS ASON re-computes routes, transport devices notify routers of SRLG information update.
Transport devices send SRLG information to routers, including information specific to each layer such as OTN layer, optical layer, and fiber layer. Each router calculates and updates links on the working and protection paths according to the SRLG information received from the transport layer to ensure that the working and protection paths do not contain links in the same SRLG. Figure 2-17 shows dynamic SRLG implementation. Figure 2-17 Dynamic SRLG
SRLG: O-S4, L-S4, FS1, F-S3, F-S4
IP/MPLS
GMPLS-UNI extension O-S2 O-S1 O-S3 O-S4 O-S5 O-S6
OTN/sublambda
O-S4
L-S3 L-S5
WDM/lambda
L-S4
Fiber
F-S4
F-S1
F-S3
F-S4
Issue 01 (2011-09-08)
34
GMPLS-UNI
The GMPLS-UNI technology defined by the IETF is a key technology to enhance information exchange between the IP layer and transport layer. Routers on the IP layer send messages to request transport devices to set up or delete paths through GMPLS-UNIs. After a router sets up a link, it sends GMPLS-UNI signaling messages to notify transport devices of the source node, destination node, and attributes (such as bandwidth and protection attributes) of the link. Transport devices then set up a transport path according to the link information.
PCE
On a large network, constraint-based path computation is complex, and devices participating in path computation must have high calculation capabilities. If distributed path computation is performed on the network, each node must have high calculation capabilities, causing high costs on network construction. If the network is divided into multiple domains, the topology of each domain is hidden to other domains. Therefore, devices on the network must cooperate to compute the optimal end-to-end path. The PCE technology is used to solve the path computation problem. A PCE has high path computation capabilities and is deployed on a network device or an external server. A PCE is responsible for path computation in a domain. All path computation requests in a domain are sent to the PCE in this domain. After completing path computation, the PCE sends the computation result to the path computation clients (PCCs) that sent the path computation requests. PCEs in multiple domains work together to compute the optimal path.
TE FRR&ASON diamond 1+1 protection TE FRR&ASON silver reroute protection TE hot standby&optical line 1+1 protection
Issue 01 (2011-09-08)
35
primary tunnel. During the switching process, routers use the make-before-break technique to prevent packet loss.
Service Planning
Determine the bandwidths required by a variety of services carried on WANs to obtain the service traffic model and traffic bandwidth. Properly plan traffic and implement traffic engineering to ensure that congestion will not occur on some links due to too much traffic and to improve the utilization of the links on the entire network. Data for bandwidths required by services is obtained from the live network evaluation and service and traffic analysis.
Resource Reservation
Based on service planning and traffic model, reserve resources for services. For some WANs with high QoS requirements, use real-time data collection and analysis devices such as Huawei NetStream to adjust resource reservation in real time and optimize the network. There are two methods for reserving resources: IP/MPLS DiffServ and MPLS TE.
IP/MPLS DiffServ IP/MPLS DiffServ is popular and its application is mature. It is a QoS guarantee mechanism based on the statistical model. Before deployment of the IP/MPLS DiffServ scheme, an analysis on the network traffic model must be conducted to analyze the traffic directions of different network services and provide the basis for QoS deployment. Then, there must be the SLA measurement mechanism. Huawei HWping solution can provide the measurement data of delay, jitter, and packet loss rate based on services, providing technical support for QoS redeployment.
MPLS TE MPLS TE is a more advanced method, which needs the implementation of MPLS VPN and MPLS TE in the entire network. Different services are encapsulated in different VPNs and different VPNs are mapped into different MPLS TE tunnels, providing high QoS similar to that of the private network.
Issue 01 (2011-09-08)
36
Because TE tunnels are end-to-end connection-oriented, there is a lot of work for deployment and maintenance if MPLS TE tunnels are deployed in a large scale. It is recommended to use the flexible mapping between VPNs and MPLS TE tunnels as well as hierarchical TE to improve network flexibility and significantly reduce the workload for implementation, configuration, and maintenance.
CAC
If a highly reliable IP WAN needs to carry real-time service, CAC must be configured. The traditional IP network is a best-effort network, without limiting the number of services. As a result, too many services are accessed and all service resources cannot be guaranteed. An IP WAN inherits the thought of the traditional TDM telecom network. By refusing excessive service call requests, the IP WAN can avoid overuse of resources and ensure the resources and QoS for established service connections. Only a multi-service IP network with the CAC mechanism can meet the requirements of a highly reliable WAN. At present, the mainstream multi-service IP network achieves the CAC function through the service system such as a softswitch. In the future, fixed mobile convergence (FMC) is an inevitable trend and the IP multimedia subsystem (IMS) architecture is the network development direction. In the IMS network age, the integrated CAC function will be achieved by the control layer.
Based on user and service The CIR or PIR can be configured based on different home users and services on the same interface. Priority scheduling and bandwidth guarantee/control are performed between services; QinQ needs to be configured, that is, the S-VLAN and C-VLAN tags are used to identify services and users.
Based on service The CIR or PIR is configured for different user services on the same interface and the services are scheduled based on priorities. Only the S-VLAN tag needs to be identified.
User level When CIRs/PIRs are configured for different enterprise users on the same port, user service types are not distinguished. Users are distinguished in VLAN or QinQ mode.
In VLAN mode, different sites of the same enterprise use different VLAN IDs and the sites of different enterprises also use different VLAN IDs. In QinQ mode, the outer VLAN IDs of the same enterprise are the same and the inner VLAN IDs identify the sites. The outer VLAN IDs of different enterprises must be different and the VLAN ID identifying the site can be the same.
Issue 01 (2011-09-08)
37
User + service level When CIRs or PIRs are configured for different enterprise users on the same port and different services (they can be divided into eight levels) of a user, priority scheduling and bandwidth assurance/control can be conducted among different services.
User group + user + service level When CIRs or PIRs are configured for different enterprise users and different services of a user, multiple enterprise users on the same port constitute a user group for bandwidth assurance and control.
/RRP P
10GE
DSLAM
RPR
AG
RP R/ RR
PP
CPE
UPE
DHCP
Limit #subs per ring: 10K subs per 10G 1K subs per 1G
VoD
SBC
Deploy VoD ES at PoP Deploy CAC for VoD PE-AGG-a polices traffic of each service
Huawei MAN QoS solution adopts the Diff-Serv model. In a network with limited resources, Huawei MAN QoS solution can provide quality assurance through appropriate traffic classification and priority processing. The Diff-Serv model aims to improve QoS extensibility and simplify the implementation. Therefore, the Diff-Serv model does not require the absolute quality assurance, but fully considers the features of IP networks and adopts the convergence traffic processing mode based on traffic classification. The DiffServ model completes the following functions:
Issue 01 (2011-09-08)
38
Congestion avoidance Traffic adjustment, including traffic policing and traffic shaping Mapping between CoS of Ethernet frames and EXP of MPLS packets
Use the ACL to control the access of users and authority of network devices. Restrict the SNMP and Telnet access to network devices. Implement mutual authentication of interconnected devices. Authenticate the routing information (such as IS-IS MD encryption authentication). Use the Syslog to record all important events. Use NTP or PTP to synchronize clocks of network devices in the entire network.
Issue 01 (2011-09-08)
39
NMS Center
OAM Terminal
Trusted zone
SG
MG
SoftSwitch
NMS
AG
TMG
MCU U- NICA
MRU
Untrusted zone
SBC
MSCG
Firewall
OpenEye
IAD
H. 323 Phone
SIP Phone
AG: Access Gateway IADMS: IAD Management System MCU: Multipoint Control Unit MRU: Media Record Unit NMS: Network Management System SG: Signaling Gateway STP: Signaling Transfer Point U-NICA: Universal Network Intelligent Core Architecture
IAD: Integrated Access Device IDS: Intrusion Detection System MG: Media Gateway MSCG: Multi-Service Control Gateway SBC: Session Border Controller SIP: Session Initiation Protocol TMG: Trunk Media Gateway UC: Unified Communication
When the IP network requires one more wavelength, it may take one or two months to provide a wavelength on the transport network. This greatly delays service provisioning and launch. Over 80% traffic from the IP network is carried over wavelengths. When services on a router are interrupted, it is difficult to quickly identify whether the fault occurred on the IP network or on a WDM device, let alone to isolate the fault. When a fault occurs on a transport device, the transport network administrators do not know whether this fault affects IP links and which IP links are affected.
Issue 01 (2011-09-08)
40
Device connections on the IP network are complex, making OAM on IP networks difficult. Network administrators have to open many pages on the NMS to configure a service.
The OAM synergy solution is introduced to reduce workload on network management and make network OAM easy. It solves the preceding problems implementing unified management on the IP network and OTN and visualized service maintenance.
Unified NE Management
The U2000 manages transport devices, access devices, and IP devices uniformly. It manages devices such as routers, switches, DSLAMs, and firewalls, and services such as MSTP, WDM, OTN, microwave, PTN, MSAN, and FTTx.
Service templates: The U2000 provides various service templates such as tunnel templates, L2VPN/ L3VPN/VPLS/PWE3 service templates, and QoS policy templates. These templates implement one-stop service parameter configuration, improving configuration efficiency by 3 to 6 times. Batch service delivery: improves configuration efficiency by 2 to 3 times. Automatic calculation of static routes: The U2000 calculates static routes and allocates MPLS labels, and no manual operation is required. Inter-domain end-to-end service maintenance: helps to identify and locate faults accurately. One-key layer switching and layered service presentation: Administrators can switch between the IP layer and optical layer easily to configure services. The relationship between IP and WDM services is displayed clearly on the GUI.
Issue 01 (2011-09-08)
41
P E
Only need to maintain a unified alarm report after Correlation Analysis and Suppression Help to fast trouble shooting
Service routes on the IP network are invisible to administrators. Fault identification on the IP network is difficult and time-consuming. Some transient faults cannot be eliminated permanently. End users are unaware of services transmitted over the IP network, so QoS is difficult to manage on the IP network.
Huawei provides a visualized service quality management (SQM) solution to improve maintainability of IP networks. This solution is implemented by the U2520 (an IP SQM system) and the U2000. The SQM solution provides the following functions:
KPI monitoring The SQM system effectively monitors key performance indicators (KPIs) on the IP network, such as latency, jitter, and packet loss ratio. The user experience can be measured and evaluated in various usage scenarios, and pre-warnings can be generated for factors that degrade user experience.
End-to-end IP service management The SQM system implements end-to-end monitoring and presentation of IP services such as video, voice, and file transfer. It monitors service performance and detects faults in real time, helping to locate faults quickly.
Real-time IP route display The SQM system collects and displays IGP routes and LSPs on the entire network in real time. Historical transient faults can be traced and eliminated.
Issue 01 (2011-09-08)
42
IP fault location The SQM system uses Huawei's IP fault locating techniques to locate faults on the IP network. After the source IP address/port and destination IP address/port are entered, the SQM system can locate the fault within 5 minutes.
Issue 01 (2011-09-08)
43
3 Product Introduction
Product Introduction
The following products are used in the WAN interconnection solution: Core router: NetEngine40E core router Backbone router: NetEngine80/40 universal switching router Access router: NetEngine20E/20 multi-service router
Issue 01 (2011-09-08)
45
3 Product Introduction
Issue 01 (2011-09-08)
46
3 Product Introduction
Issue 01 (2011-09-08)
47
3 Product Introduction
Being properly designed, the NE40E provides high-density ports. Each chassis supports a maximum of 1320 GE ports, which is twice that of the industry average. Based on an energy-saving 400G platform, each GE port consumes less than 9 W power, which is 10% lower than the industry average. All boards and software based on a new 400G platform are compatible with those based on a 40G platform.
All-Service Bearing
The NE40E has the leading all-service bearing capability in the industry to ensure the operation of carrier-class services.
The NE40E supports BRAS, DPI, and other functional modules, to ensure the multi-service access capability. As the most complete HQoS solution in the industry, the NE40E supports HQoS, DS-TE, and MPLS HQoS to guarantee the QoS deployment in multiple scenarios.
High Reliability
The NE40E provides the well-designed end-to-end reliability solution to ensure uninterrupted services.
Device-level reliability: With the backup of key parts and ISSU/NSR/GR, service interruption is minimized. Network-level reliability. The Huawei proprietary BFD for Anything and enhanced protection techniques such as E-APS, E-Trunk, and E-STP allow the protection switchover of end-to-end services to be performed within 200 ms.
7.08 Tbit/s 1.08 Tbit/s (bidirectional) (bidirectional) 1600 Mpps 15 Tbit/s 300 Mpps 1.35 Tbit/s
Issue 01 (2011-09-08)
48
3 Product Introduction
Specifications
NE40E-X16
Number of service slots 16 Width (mm) Depth (mm) Height (mm) 442 770 1420
32 U 267 kg
14 U 130 kg
4U
20 U
6500 W
3300 W
1100 W
2200 W
Issue 01 (2011-09-08)
49
3 Product Introduction
Description Supports four LPUs. Switching capacity: 128 Gbit/s (bidirectional) Forwarding performance: 24 Mpps
NE40-2
Supports two LPUs. Switching capacity: 16 Gbit/s (bidirectional) Forwarding performance: 12 Mpps
Issue 01 (2011-09-08)
50
3 Product Introduction
The NE80/40 has been maturely used for commercial purpose for nine years. More than 15000 NE80/40s have been sold globally. There have been no quality accidents for many years.
All-Service Transmission
The NE80/40 is a complete series of multi-service products and can flexibly meet the needs of enterprise users.
Issue 01 (2011-09-08)
51
3 Product Introduction
A complete series of products include products with two, four, eight, and 16 slots respectively, which can flexibly meet the requirements of users in different scenarios. With comprehensive multi-service capabilities such as tunnel, VPN, and NAT, the NE80/40 can process services competently. The NE80/40 integrates routing and switching, providing a cost-effectiveness solution.
High Reliability
The NE80/40 provides the complete end-to-end reliability solution to ensure uninterrupted services.
Uses various device-level, network-level, and service-level reliability technologies. Supports redundant backup of key components and supports hot patches. Provides hierarchical HQoS to ensure QoS flexibly.
Less than 1800 W Less than 1000 W Less than 600 W Less than 300 W
Issue 01 (2011-09-08)
52
3 Product Introduction
Issue 01 (2011-09-08)
53
3 Product Introduction
The NE20E/20 has been widely used for commercial purpose for eight years. About 10000 NE20E/20s have been sold globally. There have been no quality accidents for many years. The performance is outstanding.
Issue 01 (2011-09-08)
54
3 Product Introduction
The NE20E/20 provides superb aggregation capability, providing line-rate aggregation on ATM, CPOS, and CE1 interfaces, which can converge 96 line-rate E1/T1 channels The NE20E/20 provides powerful security tunnels and supports hardware IPSec encryption, GRE, L2TP, and NAT. The NE20E/20 provides comprehensive route processing and supports various multicast and multicast routing protocols.
High Reliability
The NE20E/20 provides the complete end-to-end reliability solution to ensure uninterrupted services.
The NE20E/20 uses double control engines and double forwarding engines for backup, which pioneers the industry and provides high-quality service. The NE20E/20 uses the device-level, network-level, and service-level reliability techniques, ensuring high-speed, reliable network operation. The NE20E/20 supports HQoS, ensuring service quality.
Issue 01 (2011-09-08)
55