Considerations in an MPLS multi-service network

Chris Liljenstolpe

chris.liljenstolpe@alcatel.com

Agenda

Core network issues

>Traffic engineering
>Resilience and availability

Service interoperability
>Multi-domain services
>Legacy to multi-service network inter-working

Service migration
>PPPoE to IPoE
>802.1d to VLL/VPLS

OSS/BSS Issues

Examples

Page 2

All rights reserved 2006, Alcatel

Why traffic engineer

(or, were not a circuit network, are we?)

Traffic engineering in the telecoms environment, has been a long-term

practice, especially in circuit-oriented networks to increase the utilization
of network resources.

Originally packet switching did not have any mechanisms to support

traffic engineering as each forwarding node in the network made its
own, independent, forwarding decision for each packet in the network.
Most IP networks still operate in this way.

However, as IP networks became larger and more complex in

architecture, some limitations in the classic packet forwarding
mechanisms became apparent.

Page 3

All rights reserved 2006, Alcatel

Which mechanism?

This is a layer nine discussion. However, both have the advantages and
disadvantages

Layer three approach

>The layer three approach more closely looks like classical IP forwarding, and
is, therefore considered by some to be more pure. It uses standard IP
technologies that are available in any router
>Due to IGP flooding, there is no way to isolate adjustments to just one flow or
link. The adjustment, is, by nature, network wide in its affect.

Layer two approach

>The layer two approach is foreign to the IP technology and requires additional
protocol or OSS/BSS support (such as MPLS).
>However, the layer two approach can be much more selective in its application.

Page 4

All rights reserved 2006, Alcatel

Which method?

The online approach is more of a tactical approach, and the network

re-configures itself dynamically, based on stimulus within, or from
outside the network.

The offline or near-line approach is more strategic in approach, and is

usually done under administrative control, and done in the day to
month horizon.

Page 5

All rights reserved 2006, Alcatel

L2 traffic engineering model

Page 6

All rights reserved 2006, Alcatel

Control plane resiliency

As more (and higher-value) services are deployed on the IP/MPLS core,

resilience at all layers of the network becomes increasingly important.

Classical IP restoration (of control and data plane) takes seconds to

minutes (re-convergence of IGP).

MPLS and IP fast-reroute brings SONET/SDH restoration times to MPLS/

IP networks in the data plane.

Graceful restart improves data plane restoration again, with non-stop

forwarding, but that forwarding is:
>Headless - leading to potential loops and black-holes
>Places a CPU burden on peers, and requires all peers to support GR. Everyone
will know the failure, and will be impacted by it.

Page 7

All rights reserved 2006, Alcatel

Non-stop routing and non-stop services

NSR and NSS provides a mechanism to recover from a fault in the

control plane in real time at the element level.

No other routers are involved in the restoration.

>No other router needs to support an additional protocol.
>No other router will bear a CPU burden of the restoration.
>Your customers/peers will not see or be impacted by the event.

Restoration is in the order of 10s of ms.

State is shared between primary and backup control plane processors.

>State should not processed on a per-packet, lock-step manner, as the faults
would then potentially cascade from the primary to the secondary.

>State should be kept current, including not only RIB and FIB, but also ACL and
dynamic ACL/DHCP status, configuration, policies, etc.

Page 8

All rights reserved 2006, Alcatel

The progression of resilience in IP/MPLS control planes

00:00:00:0X

milliseconds

> 5.

Extends non-stop routing to Layer 2/

Layer 3 VPN services.

PA
I

Non-Stop Services

RE

> 4.

Router self-recovers. Transparent to neighbors.

TO

Non-Stop Routing

EA
N

TI

> 3.

> 2.
00:0X:XX:XX

minutes

>1.

Graceful Restart
Uses neighbors to help recovery. Uses non-stop forwarding
during recovery.

Non-stop Forwarding
Router continues forwarding traffic during recovery.

Protocol Reconvergence

> Standard operation of routing networks. Route around the failed node.

Page 9

All rights reserved 2006, Alcatel

Agenda

Core network issues

>Traffic engineering
>Resilience and availability

Service interoperability
>Multi-domain services
>Legacy to multi-service network inter-working

Service migration
>PPPoE to IPoE
>802.1d to VLL/VPLS

Examples

Page 10

All rights reserved 2006, Alcatel

Multi-domain services

MPLS was originally intended for intra-domain (AS) use.

>MPLS does not have a mechanism to pass routing beyond the IGP boundary.
>MPLS has no way of setting policies on control plane traffic (controlling signaling
flows between potentially untrusting peers).

>RFC2547 VPNs have some work-arounds to these problems, but they are point
solutions.

Solutions could include:

>Multi-segment pseudo-wires
>IP based transport over AS boundaries

Page 11

All rights reserved 2006, Alcatel

Legacy to new-model interworking

A greenfield deployment of a layer 2 service will have no inter-working

issues as all signaling will be via MPLS/IP.

However, if there is an existing network (such as an ATM network), then

there are models where the signaling on the existing network needs to
interoperate with the new network.

This is an area that is undergoing current development in the standards

bodies (IETF and ITU).

Page 12

All rights reserved 2006, Alcatel

No problem

(but not too useful in the long-term)

IP/MPLS Network
ATM
Switch

Page 13

IP/MPLS
Router

IP/MPLS
Router

All rights reserved 2006, Alcatel

ATM
Switch

No problem here

MSE
ATM/PNNI
Legacy
Network

ATM-MSE
PE

IP/MPLS
MSE
Network

ATM
Switch

Page 14

All rights reserved 2006, Alcatel

No un-recoverable problem here

MSE
ATM/PNNI
Legacy
Network

ATM-MSE
PE

IP/MPLS
MSE
Network

ATM
Switch

Page 15

All rights reserved 2006, Alcatel

Nor here

MSE
ATM/PNNI
Legacy
Network

ATM-MSE
PE

IP/MPLS
MSE
Network

ATM
Switch

Page 16

All rights reserved 2006, Alcatel

Here be dragons...

MSE
ATM/PNNI
Legacy
Network

ATM-MSE
PE

IP/MPLS
MSE
Network

ATM
Switch

Page 17

All rights reserved 2006, Alcatel

Agenda

Core network issues

>Traffic engineering
>Resilience and availability

Service interoperability
>Multi-domain services
>Legacy to multi-service network inter-working

Service migration
>PPPoE to IPoE
>802.1d to VLL/VPLS

OSS/BSS Issues

Examples

Page 18

All rights reserved 2006, Alcatel

Every service has its migration challenges

PPPoE, for example, provides configuration control for residential and

SOHO broadband customers, as well as authentication, authorization,
and security mechanisms.

However, PPPoE has limitations:

>Multicast
>Highly centralized state
>Encapsulation is compute intensive

The IPoE mechanism which is replacing PPPoE needs to provide those

same capabilities.
>IPoE can use DHCP for configuration of the client.
>IPoE can use 802.1X or DHCP option 82 for authentication and authorization.
>An IP/MPLS infrastructure that is going to support IPoE needs to provide antisnoop and anti-spoof capabilities at least as rigorous as PPPoE.

Page 19

All rights reserved 2006, Alcatel

PPPoE: Inefficient Multicasting

...
BRAS

CH
2

Video

1 copy of each
channel

Must replicate
copies to each
home at BRAS
multicas
t

Access
Nodes

Page 20

multicas
t

> Last network multicast point at

BRAS

multicas
t

Aggregation

PPP model breaks multicasting

throughout the network
Inefficient use of b/w and fiber

> Second mile GE is the limit

for all VOD and BTV

Imagine 50K viewers all tune to

watch World Cup Soccer!

> BTV drives greater distribution

of BRAS

No multicast
because of PPP
encapsulations
on bearer traffic

$$$

> Slow Channel Flipping

All rights reserved 2006, Alcatel

New Solution: IPoE for Multicasting

DHCP
Server

...

Video
1 copy of each
channel

IGMP, PIM SM/SSM

DHCP Relay to DHCP
Server
DHCP Snooping
IGMP Snoop/
Proxy
DHCP Snooping

IP Edge
7750 SR

multicast
1 copy per
channel per ESS

Aggregation
7450 ESS

IGMP Snoop/
Proxy
DHCP Relay: Add
Option 82

multicast

1 copy per
channel per VDSL
Remote

Access
7330 DSLAM

multicast
1 copy per
channel per
subscriber

Page 21

All rights reserved 2006, Alcatel

IPoE security model

Access
Node

BTV

CO

VPLS
..
.

Home
Gateway

DHCP/AAA
Servers

VHO

IP
7750

7450

802.1X port authentication

RG
First Spoken SrcMAC

Antispoof

Pass PPPoE or DHCP Bcast

Learm IP-MAC association
DHCP ACK
(UserIP/
MAC)

Block user-user bridged traffic

No ARPs
(DHCP-configured ARP table)
Valid SrcMAC/SrcIP

Data

Invalid SrcMAC/SrcIP

Page 22

All rights reserved 2006, Alcatel

Spanning tree a spanner for the network?

802.1d was designed for campus networks and can not deal well with
large, and/or complex network topologies:
>Instability
>Long reconvergence times
>Difficult to manage

With an MPLS/IP network there are other options, including VLL (Martini
draft) and VPLS.
>Stable, made for large, complex carrier networks - its MPLS/IP
>Fast reconvergence (MPLS/IP fast re-route, NSR/NSS)
>Lots of management tools

An example - when migrating services, dont necessarily take the easy

approach - avail yourself of the new capabilities that the IP/MPLS
network provide.

Page 23

All rights reserved 2006, Alcatel

Agenda

Core network issues

>Traffic engineering
>Resilience and availability

Service interoperability
>Multi-domain services
>Legacy to multi-service network inter-working

Service migration
>PPPoE to IPoE
>802.1d to VLL/VPLS

OSS/BSS Issues

Examples

Page 24

All rights reserved 2006, Alcatel

OSS/BSS

Dont discount this, most new network roll-outs pay attention to these
systems as an afterthought - usually with crippling results.

The IP/MPLS network is now much more critical to the carrier business,
the existing IP/MPLS management systems may or may not be capable
of providing the necessary level of provide/assure/bill.

The OSS/BSS system for IP/MPLS now also needs to manage services,
not just point-to-cloud, but point-to-point, mp-to-mp, etc.
>Not only may the OSS/BSS need adaptation, but the business model may need
adjustment as well.
>For business model, consider starting with the business model that the existing
service utilizes, and modify from there. Remember, the customer doesnt care
that it is a new IP/MPLS converged core, they are buying a SERVICE.

Page 25

All rights reserved 2006, Alcatel

Agenda

Core network issues

>Traffic engineering
>Resilience and availability

Service interoperability
>Multi-domain services
>Legacy to multi-service network inter-working

Service migration
>PPPoE to IPoE
>802.1d to VLL/VPLS

OSS/BSS Issues

Examples

Page 26

All rights reserved 2006, Alcatel

Triple Play Win: AT&T LightSpeed Project

Make video available to 18 million

homes in ~3 years by leveraging FTTN
strategy

Considerable network implications

> High bandwidth (~20 Mb/s per home)
> Large number of streams (~250 channels)
> Tremendous scaling of routing and queuing with service
differentiation to guarantee service delivery

Alcatel is sole supplier of network

infrastructure
> IP routing, Ethernet switching, deep access (FTTN)
> Alcatel 7750 SR, 7450 ESS and 7330 FTTN
> Access and aggregation management systems

Alcatel is network system and video

service integrator
> Design and integration of end-to-end solution

Page 27

All rights reserved 2006, Alcatel

Connectivity Model
Integrated switching and routing in
the 7750 enables use of 10 GE and
common interface for all services
even if destined to separate edges

Per-subscriber, per-service
accounting queuing and policing/
shaping.

FTTX
Access
Node

BTV

7450

IP: 10.20.192/20
MAC:A

DHCP
Server

7750

PPPoE
BRAS

IP: 192.168.0/20
MAC:B
IP: 138.120.0/20
MAC:C

PPPoE

PPPoE traffic is separated. No PPPoE

traffic is forwarded to 7750 for IP routing.

Page 28

Local VPLS instance to switch PPPoE traffic

to BRAS. Performs Layer 2 bridging for
forwarding traffic to BRAS. Other traffic is
routed to appropriate service edges.

VPLS

IP: 138.120.64/20
MAC:D

NxGE to BRAS. Only PPPoE

traffic is forwarded to BRAS.

All rights reserved 2006, Alcatel

QoS Model to the Subscriber at 7450

Differentiate service levels in the aggregation network

Enforce subscribers access rate in the aggregation network

Reserve CIRs for critical applications

Define PIR for shaping
H-QoS enables the service b/w to be shared within the subscribers access rate

Enable low priority and best-effort traffic to burst up to full access rate if bandwidth is available
(high priority traffic using less than committed rate)

Offload per-Sub. QoS to 7450 instead of Router performing QoS for 60K Sub!
PIR = 20 Mbps
CIR = 90 Kbps

VoIP (priority 1)

GE

Subscriber VLAN
CIR = 5.5 Mbps
PIR = 20 Mbps

VOD/BTV (priority 2)
FG (priority 3)
HSI (priority 4)

Page 29

PIR = 20 Mbps
CIR = 4 Mbps
PIR = 20 Mbps
CIR = 1 Mbps
PIR = 20 Mbps
CIR = 200Kbps

All rights reserved 2006, Alcatel

Consumer QoS Model at 7450: Downstream

Per-sub rate-limited HSI
Per-sub QoS policy
Per-service priority/delay/loss

GE
VLAN
Per
Sub

Per-service priority/delay/loss
Content Differentiation in HSI

VoIP

VoIP VLAN

Video

Video VLAN

HSI

GOLD

DSLAM

QoS Per Subscriber.

VoIP prioritized over Video. 802.1p
marking for prioritization in the
access and home

Page 30

7450

BRONZE
ON-NET

GE
7750

HSI
VLAN
Preferred content
marked (DSCP) at
trusted ingress points
of IP network .

QoS per Forwarding Class

All rights reserved 2006, Alcatel

Consumer QoS Model at 7450: Upstream

Per-sub rate-limited HSI
Per-sub QoS policy
Per-service priority/delay/loss

GE

VLAN
Per
Sub

Per-service priority/delay/loss
Content Differentiation in HSI

Realtime

VoIP VLAN

HSI

Video VLAN
GOLD

7450

DSLAM

Per-subscriber QoS/
Content classification

VoIP/Video: shared queueing for

prioritization of real-time traffic
over HSI. Upstream Video traffic
is negligible
Page 31

BRONZE
ON-NET

GE

HSI
VLAN

IP
7750

Video/VoIP: QoS policy defines priority and

aggregate CIR/PIR.
HSI: QoS policy defines priority and
aggregate CIR/PIR. Content differentiation
based on ingress classification. DSCP
marked.

All rights reserved 2006, Alcatel

Questions?

THANK YOU!