Transcription
Metro Ethernet Architectures &Case StudiesSession NumberPresentation ID 2002, Cisco Systems, Inc. All rights reserved.1
What is a Network Architecture?“The term ‘architecture’ is of great importance forsystem engineering and software development,but often defined very vague and often useddifferent.”[Leist 2002]“What is an architecture?:Objects, which are representing/defining thestructure of a System.”[Foegen/Battenfeld 2001; Bass/Kazman 1999; Bass/Clements/Kazman 1998;Clements 1999]“A network architecture is a structure or structuresof a system, which comprises networkcomponents, their externally visible propertiesand the relationship between them.”[Bass/Clements/Kazman 1998]Presentation ID 2002, Cisco Systems, Inc. All rights reserved.2
Multilayer Service PortfolioOne Architecture – Many ServicesETTBETTBEnterprise/Business:Layer 1 to 7 focussedResidential/Consumer:Layer 3 to 7 focussedETTxETTxPresentation IDLayer 1 Layer 2 Layer 3 Layer 3 Service tainmentTelephony Email MessagingMgmntScreeningManaged Services / CDNs etc IP VPNsBusiness ClassInternet AccessAlways-OnInternet AccessEthernet Layer 2 Services: P2P, MP2MP, HybridAny-to-Any Service Interworking Storage ServicesSONET/SDH services 2002, Cisco Systems, Inc. All rights reserved.Wavelength services3
A Service DrivenMetro Network ArchitectureEthernet-UNI based Services –Layer 1 - 7Network Design:Glueing Products,Features and andcloss-platformfunctions togetherServicesDefinition/SolutionDelivery of servicearchitecture:Network DesignCatalystProduct Deploymentswitching,Cisco routingCisco OpticalNetworkingSystems (ONS)ArchitectureDeploymentDeploymentaspects for services andarchitecture building blocksService Interworking;Availability; Multicast; QoS forSLA delivery; Ethernet accessrings; RedundancyPresentation ID 2002, Cisco Systems, Inc. All rights reserved.SLA DefinitionSLA ModelsSLA Definitionfocus on chitectureScalability, Cost identificationand control, Integration of transmissionand transport, end-to-end capabilitiesfor service delivery,Roles Definition4
Broadband Consumer ServicesExperience Focused – Beyond ConnectivityContent screening –Parental controlStreaming:Audio, VideoVirtual VCRVideo on iceManagementCorporateaccess:IP VPN,Voice,VideoPresentation IDEthernet UNIInternet access 2002, Cisco Systems, Inc. All rights reserved.Entertainment - GamingSecurity;VideoSurveillance5
Summary of BusinessEthernet-based ServicesAnalogous to Private Line; transparent to customer BPDUSimilar to ERS only w/ VLAN transparency; transparent to customer BPDUAnalogous to Frame Relay; opaque to customer BPDUHybrid ERS EMSTransparent LAN Service/Emulated ultipointServiceL3 MPLSVPN /InternetAccessEthernet-Based ServicesLayer 1Layer 2Point-to-PointPresentation ID 2002, Cisco Systems, Inc. All rights reserved.Layer 3Multipoint6
Business Services Delivery using MetroEthernetConnectivity Options( Service Delivery Mechanism )End UserMetro ServicesE-LineE-Lineüüüüüü(P2P)Direct Internet AccessAccess to L3 VPNVPN with Frame/Frame/ATM InterworkingVoiceVideoStorage TransportData �üüP2P – Point to PointP2MP – Point to MultipointMP2MP – Multipoint to MultipointPresentation ID 2002, Cisco Systems, Inc. All rights reserved.7
Layer 3 and Layer 2 VPN ServiceCharacteristicsLayer 3 VPNsLayer 2 VPNs SP devices forwardcustomer packets basedon Layer 3 information(e.g. IP addresses) SP devices forwardcustomer frames based onLayer 2 information(e.g. DLCI, VPI/VCI, MAC) SP is involved in customerIP routing Enterprise stays in controlof L3 policies(Routing, QoS) Support for any access orbackbone technology IP specific Foundation for L4-7Services! Example: RFC 2547bisVPNs (L3 MPLS-VPN)Presentation ID 2002, Cisco Systems, Inc. All rights reserved. Access technology isdetermined by the VPN type Multiprotocol support Example: FR—ATM—Ethernet8
Service Level Agreements:Defining the Nature of the Service Service Level Agreements define:– Attributes about a service, e.g.Availability– 99.99%, 99.999%, ?Drop– 0.01%, 0.1%?Delay– 50ms, 100ms?Jitter– 20ms, 30ms?Sequence preservation – yes, no?– Penalties if the attributes / performanceparameters are not within defined boundariesPresentation ID 2002, Cisco Systems, Inc. All rights reserved.9
The Choice of SLA will influence ServiceOfferingsQoSDeploymentDelay; JitterQoS Mechanisms,Transport choice (SONET/SDH,native Ethernet, )50ms, 100ms; 20ms?Data DeliveryRate99.99%, 99.999%?SequencePreservation 2002, Cisco Systems, Inc. All rights reserved.SecurityDeploymentRedundancy (equipment,network, protocols)Security99.99%, 99.999%?AvailabilityPresentation IDTopology &ArchitectureDeploymentYes/No?QoS Mechanisms,Transport choice,Protection types, ProtocolsQoS Mechanisms,Transport choice,10
Phase 2Phase 1Ethernet SLA ApproachesPresentation IDBandwidth Profiles - Ingress Policing onlyTwo-Rate, Three Colour Metering - trTCM (RFC 2689)Similar to common Frame Relay offerings (CIR, CBS,PIR, MBS)Phase 1 according to MEF Service Classes - Application Performance Requirementsbased SLA definition based on: Delay, jitter, loss,bandwidth/throughput, sequence-preservation, availability Service-class based SLAs – e.g. VoIP, Business latencyoptimized Similar to enhanced Frame Relay offerings 2002, Cisco Systems, Inc. All rights reserved.11
MBSCIRPIRBandwidthProfilesStep 1Ethernet Service Level AgreementsApproachesBest EffortThroughput opt.Latency opt.VoiceMAXService Classes with AttributesServiceClassesStep 2Identify Bandwidth ProfilesSimilar to Frame-Relay – PIR/CIR/MBSWell known, simple –limited traffic differentiation andper application network capacity planning Service ClassesDifferentiate and traffic-engineer accordinglyPresentation ID 2002, Cisco Systems, Inc. All rights reserved.12
The Network Architecture AbstractNetwork scale & consolidationIP/MPLS; Multi-service transport & QoS“Always on” reliabilityProgrammable servicesIntelligentIntelligentCoreCoreTransport agnosticData/Voice/ VideoVPNQoS, PEPresentation ansparency to IP, QoS, VPNsLower capitalLower provisioning costsMoreMore bandwidth;bandwidth; MoreMore appsappsServiceService Flexibility,Flexibility, QoS,QoS, SecuritySecurityIncreasedIncreased outsourcing;outsourcing; DataData andand Voice;Voice; SPSP ManagedManaged 2002, Cisco Systems, Inc. All rights reserved.ManagementManagementOSS integration,self-provisioningnetworks,service on-demand,advanced service andsupport,global presence,network diagnosticsand faultmanagement,network performance,characterization,SLA monitoring13
Metro Network ArchitectureRoles and ObjectsCoreCore DeviceDevice (P)(P)PFastFast PacketPacket Forwarding,Forwarding, SupportsSupports sophisticatedsophisticated TrafficTraffic EngineeringEngineering &&CongestionCongestion managementmanagementService-PE)*Service ApplicationApplication LayerLayer –– NetworkNetwork facingfacing PEPE (N(N-PE)*N-PEMPLS,MPLS, L2TPv3,L2TPv3, VPWS,VPWS, VPLSVPLSIPIP ServiceService ApplicationApplication layer:layer: L3VPN,L3VPN, InternetInternet AccessAccessValueValue AddedAdded Services:Services: Content,Content, ManagedManaged IDS,IDS, Firewall,Firewall, ony, L2 Service Inter-workingAggregation-AGG)Aggregation DeviceDevice (PE(PE-AGG)PE-AGGTrafficTraffic aggregationaggregation andand congestioncongestion managementmanagementEdge-PE)*Edge DeviceDevice –– UserUser facingfacing PEPE (U(U-PE)*U-PECEPresentation IDAdmissionAdmission control,control, SecuritySecurity PolicyPolicy Enforcement,Enforcement, Classification,Classification, PolicingPolicingandMarkingand MarkingMappingMapping function:function:“VPN“VPN Mapping”Mapping” toto aa VLANVLAN toto SONET/SDHSONET/SDH circuit,circuit,VLANVLAN toto EoMPLSEoMPLS tunnel,tunnel, VRFVRF litelite toto MPLSMPLS VPN,VPN, VC-IDVC-ID translationtranslationServiceService EnforcementEnforcement layer;layer; E2EE2E SLASLA monitoringmonitoring andand reportingreportingL2VPN,L2VPN, L3VPNL3VPN ServicesServices 2002, Cisco Systems, Inc. All rights reserved.* draft-ietf-ppvpn-l2-framework-03.txt 14
Metro Ethernet Network ArchitectureConnectivity Options – Behind the cloudsRelationship between layers/functionalelements and components definesProtocols, Topologies and their deploymentP ScalabilityTopology – Ring vs. Hub&SpokeN-PECost – fibre consumption, interface costs AvailabilityPE-AGGSTP convergence vs. SONET/SDH/RPRDual-Homing / RedundancyU-PE SLAsFair and secure access, consistent SLA – e2e QoSCEPresentation ID Service Ubiquity – access over anytechnology/protocol 2002, Cisco Systems, Inc. All rights reserved.15
Deployment ConsiderationsDriven by the Architecture, Services and SLAServicesSLA99.99% Service-Inter-workingwith FR/ATM/PPP TDM (E1/T1, ) Services that require- certain transporttechnology (EPL, ) Multicast VPLS/VPWS Service Interface(muxed/dedicated) End-to-End QoS Availability- Protocolconvergence- Dual-Homing/Redundancy Security deploymentArchitecture Topology & protocols MPLS deployment Installed base(Fibre and Systems) Transport & protocoloptions perfunctional elementDeployment ConsiderationsTopology InterworkingSecurity ScalabilityAvailability QoS MPLS CostPresentation ID 2002, Cisco Systems, Inc. All rights reserved.16
Architecture:Different Service & SLA models lead todifferent Network DeploymentsCost Optimized Access for ETTX:Service Bundles, Implicit SLAs,Oversubscription, RingsOptimized Access for ETTB:Wide variety of customized servicesoften including TDM, tight-SLAsE1, E3,STM1CoreLayerServiceApplication LayerAggregationLayerGbpsEthernet6SONET/SDH/RPR11 ss LayerResidential/Small Business CustomersPresentation ID 2002, Cisco Systems, Inc. All rights reserved.Customer Site ACustomer Site BEnterprise/Business Customers17
Topologies: Point-to-Point Limited scalability ifdeployed over dark-fibre # of fibres scales linearlywith # of devices # of Interfaces scaleslinearly with # devices Fibre capabilities maymake migration from2.5G to 10G challenging(attenuation, dispersionmanagement) : : CoreCore InterfaceInterface : : FibreFibreAggregation/Core : : UplinkUplink bre rarely runs point-to-point Cost of OpticsPredominates at 2.5G xWDM incurs penaltiesalsoPresentation ID 2002, Cisco Systems, Inc. All rights reserved.SiSiSiSiSiSiSiSiSiSiSiSi18
Topologies: or Ring Fibre-consumption reduced(compared to p2p fibre) Reduced # of core interfacesN:1 vs 1:1SiSiSiSiSiSiSiSiSiSiSiSi Fibre-length reduced –10G deployment feasible Rapid provisioning – provisionadditional bandwidth on thering (compared to physicallyadd fibre and interfaces)SiSiSiSiSiSiSiSiSiSiSiSi Layer 2/3 and/or Layer 1 rings?depends on traffic pattern (local vs. on-ring) and service mix – Ethernet-PL best delivered via EoS or WDM Effective and Fair use of Ring Bandwidth RPR or EoS –STP Ethernet-Rings more interesting if CAPEX is main issuePresentation ID 2002, Cisco Systems, Inc. All rights reserved.19
Rings may be deployed withdifferent technologies .Support for Multiple L1 TypesEthernet using Spanning Tree(Migrate rings with new low cost direct connections)(Inexpensive interfaces)WDM and workSTM-NSTM-NDWDM/CWDM(point to point behavior without new fiber)LocalTrafficPresentation ID 2002, Cisco Systems, Inc. All rights reserved.MetroCoreDPT/RPR(Spatial Reuse for Local Traffic)LocalTraffic20
Rings – Transport OptionsSONET/SDHMulti-service capabilityInstalled base in service providersTDM ServicesHierarchical bandwidth50 ms convergenceVery (cost-) effective for E-PLFoundation for all L1/2/3 VPNservicesDWDM/CWDMScales Fibre Capacity8Gbps, 320Gbps, 800GbpsConvergence dictated by xWDMsolutionCost effectiveEasy to deployFoundation for all Services –enables Storage etc. as wellPresentation ID 2002, Cisco Systems, Inc. All rights reserved.Switched Ethernet using Spanning TreeLower cost solutionPerceived simplicity of EthernetswitchingEasy to deploy over dark fiberFlexible BandwidthSub-second convergenceFoundation for Ethernet/IP L2/3 VPNDPT/RPRShared packet ring scales bandwidthup to 5 Gbps todaySONET/SDH framing providesinsertion point for many providersLarge number of nodes per ring50 ms convergenceFoundation for Ethernet/IP L2/3VPN21
Layer 2/3 Service InterworkingPPPFrameRelayHDLCATMEthernetEnd-to-End Service InterworkingConsistent Service Delivery / SLAPresentation ID 2002, Cisco Systems, Inc. All rights reserved. Add Ethernet toExisting ServicePortfolio ProtocolInterworking forubiquitous servicedelivery Layer 2 and Layer 3Solutions required –Solutions areprotocol specific22
Security Service-Variety / enhancedService-AttributesAttacks and DefensiveFeatures/Actionsresult in possiblynew security threats AttackDefensiveAttackDefensive Features/ActionsFeatures/ActionsLayer2/3 differentfrom simple Layer1E.g. Denial of Serviceattack can impactSLA (availability) Ethernet-centricattacksMACMAC attacksattacks(CAM(CAM tabletable overflow)overflow)PortPort SecuritySecurityARPARP attacksattacks((ArpArp spoofing,spoofing, misusemisuse ofof graciousgracious ARP)ARP)PrivatePrivate VLANs,VLANs, wire-speedwire-speed ACLs,ACLs, dynamicdynamic ARPARPinspectioninspectionVLANVLAN hopping,hopping, DTPDTP attacksattacksCarefulCareful configurationconfiguration (disable(disable autoauto-trunking,-trunking, useduseddedicateddedicated VLANVLAN-ID-ID forfor trunktrunk ports,ports, setset useruser portsports toto nonnontrunkingtrunking,, avoidavoid VLANVLAN 1,1, disabledisable unusedunused ports, )ports, )BPDUBPDU Guard,Guard, RootRoot Guard,Guard, MD5MD5 VTPVTP authenticationauthentication(consider(consider whetherwhether youyou needneed VTPVTP atat all)all)SpanningSpanning treetree attacksattacksDHCPDHCP RogueRogue ServerServer AttackAttackDHCPDHCP snoopingsnooping (differentiate(differentiate trustedtrusted andand untrusteduntrusted ports)ports)HijackHijack ManagementManagement AccessAccessSecureSecure variantsvariants ofof managementmanagement accessaccess protocolsprotocols ––notnottelnettelnet etc,etc, butbut SSH, SSH, asas wellwell asas outout ofof bandband management)management)Pro-ActivePro-Active security,security,wire-speedwire-speed ACLsACLs,,VMPS,VMPS, URT,URT, 802.1x802.1xMONARCHMONARCH rightsrightsreserved.reserved.DraftDraft- 464MAC, ARP, VLAN-Hopping, SPT, CDP, DHCP, Pro-Active and Re-Active Defence requiredPresentation ID 2002, Cisco Systems, Inc. All rights reserved.23
Consistent end-to-end QoSPVoiceDataEIRN-PEDSCP 46VoiceCoS 5OtherDSCPCIREIR/BurstCoS 2CoS 1PE-AGGOut of ProfileU-PEDataCustomersPresentation ID Transport Efficiency –engineer and reducetraffic, avoid frequentequipment upgradesleverage statisticalmux’ing through Oversubscription at each layerVoiceUNI Enable tight SLA –PIR/CIR – latency, loss,jitter, P2P and MP2MPdifferences 2002, Cisco Systems, Inc. All rights reserved.Keep local traffic local –leverage local switchingat each layer24
Multicast Deployment Multicast ApplicationsVPLSVoice/Video-Conferencing,Gaming, News-Channel /Information-bus Multicast DeploymentMulticast as Layer-2Broadcast --- e.g. VPLSinefficient distributionLayer 3 Multicast (with PIMSM) over P2P pseudo wirescontrolled distributionNative L3VPN Multicastenabled corecontrolled distributionPresentation ID 2002, Cisco Systems, Inc. All rights reserved.Layer 3with PIM -SM25
Redundancy/Availability Equipment Redundancy OptionsHigh Availability OS, redundant componentsP SecurityDenial of Service Attacks could impact SLAN-PE Protocols / ArchitecturesRedundant Access to Layer 2 ServiceDomains required but unresolvedPE-AGGU-PEU-PEIEEE 802.1ad (Provider Bridges) to provide astandardized solution for a redundant ethernetaccess network for VPLS – Idea by Norm Finn(Cisco) Topology / TransportCEPresentation IDRings to provide dual paths – differentprotocols will have different characteristics(STP vs. SONET/SDH/RPR convergence) 2002, Cisco Systems, Inc. All rights reserved.26
Cisco Ethernet InnovationsDriving Industry StandardsCisco FeatureIndustry FeatureEthernet Switching10Gb EthernetCreated industry standard802.3ae 10Gb EthernetGigabit EthernetFast EthernetEtherChannel / PAgP802.3z Gigabit Ethernet802.3u - Fast Ethernet802.3ad - LACP (Link Aggregation)ISLVTPMulti Instance Spanning Tree802.1q - Trunking EncapsulationGVRP802.1s - Shared STP InstancesPortfast UplinkFast, Backbone FastCisco Inline PowerTag Switching802.1w - RSTP802.3af - Inline powerMPLSQinQ/Tag-Stacking802.1ad – Provider BridgesPresentation ID 2002, Cisco Systems, Inc. All rights reserved.27
Example: Products to enable hybrid,highly scalable ONET/SDH/RPRN-PE7600U-PECEONS 15454Cisco 7600/SUP720 E1 to STM -64/OC-192 Integrated DWDM Optics DWDM Transponders Integrated Ethernet forEthernet-Private-Line Integrated Layer2/3Capabilities – QoSTraffic Shaping, Policing Integrated RPR High-Density Ethernet, ,10Gigabit-Ethernet Colored Interfaces/CWDM QoS, MPLS, AToM, VPLS Service Modules (Firewall,Service-Selection, IDS,.) Interworking (RBE, BRE,.) Interoperate withONS 15454 EthernetPresentation ID 2002, Cisco Systems, Inc. All rights reserved.Cisco 12xxx MPLS, QoS, Edge-FeaturesONS 153xx EoSDH, E1, SNCP, Catalyst 3550 QoS, QinQ, 802.1s/w, . Security features –Port Security, PVLAN, 28
A look at popular Metro EthernetArchitecturesSession NumberPresentation ID 2002, Cisco Systems, Inc. All rights reserved.29
Option 1 - Layer 2 Ring ConfigurationCatalyst 2950/35xx switchesinterconnected using1000BaseX connectionsGEGEL2GEU-PEAccess LayerLarge number of rings(typically 20-40)N-PEDistribution LayerCatalyst 6500/7600MultilayerswitchesPPresentation IDCore Layer 2002, Cisco Systems, Inc. All rights reserved.GSRL330
Option 1 variant – L3 Mini-POP with L2 RingCatalyst 2950/35xxAccess LayerGEL2Catalyst 3500XLU-PENNumberOf RingsApprox. 10BAD per ringL2GEPE-AGGGECatalyst 6500Catalyst 6500L3Nx GEAccess LayerMiniMiniPOPPOPNx GEDistribution LayerN-PECore LayerPPresentation IDCatalyst 6500LayerDistributionCatalyst 6500/7600Main POP Main POPGSR 12000CoreLayer 2002, Cisco Systems, Inc. All rights reserved.L3GSR 1200031
Option 1 - Layer 2 Ring ConfigurationConsPros Efficient use of fiber ringarchitecture More or less efficient useof IP addressing Efficient distribution ofmulticast traffic Access Device relativelylow cost Uses 1 fiber pairPresentation ID 2002, Cisco Systems, Inc. All rights reserved. Over subscription in thedistribution layer likely Difficulty in mixing Businesscustomers and residentialservices Relies on SPT forconvergence (not really adisadvantage) Security issues(needs carefuldesign and features) Troubleshooting / Faultdetection Large number of VLANs needto be supported/terminated32
Option 2 – Star ArchitectureAccess LayerL2UUNN II VVEERRSS II TT YYDistributionFEGEOLTU-PEGEMain POPDistribution LayerCore LayerPPresentation IDCatalyst 4000Sup Eng. IIICatalyst 4000Catalyst 4000L2N-PEFECatalyst 6500GEFE/GEGEAccess LayerL2L3Distribution LayerL3L3GSR 12000 2002, Cisco Systems, Inc. All rights reserved.Core Layer33
Option 2 – Star ArchitecturePros Dedicated bandwidth foreach user Relatively simple toimplement broadcastvideo services Easy troubleshootingand fault detection High resiliency and fastconvergence High density of usedports at Hub sitePresentation ID 2002, Cisco Systems, Inc. All rights reserved.Cons Cost of deploying fiber inthe access Requires a higher-endplatform to aggregate theusers (potentially locatedat customer premises) Security issues may stillexist34
ETTB solutionsCurrent Service offers – L2VPNsEoMPLSTunnelsGSR 12xxxGSR 12xxxPMPLSBackboneMETRO AREA 1GBEGBE7600 OSR(VPLS)N-PEPE-AGGMETRO AREA 27600 OSR(VPLS)QinQTrunksCustomer SPVLANFeederFeederFeederU-PECEPresentation IDCustomerTrunks 2002, Cisco Systems, Inc. All rights reserved.35
ETTB solutionsEMS and L3 AccessBackboneGSR12016PGSR12016METRO AREAIP TrafficGBE7600 OSRMetroN-PEPE-AGGGBE7600 OSRMetroFeederFeederCustomer VLANU-PECat 3512Cat 2948G-L3Cat 3550Cat 3512Cat 2948G-L3Cat 3550Cat 3512Cat 2948G-L3Cat 3550Cat 3512Cat 2948G-L3Cat 3550Site “B”Site “A”Customer Broadcast DomainCEPresentation ID 2002, Cisco Systems, Inc. All rights reserved.36
Fastweb ETTx Rings Case StudySession NumberPresentation ID 2002, Cisco Systems, Inc. All rights reserved.37
Metroweb and Fastweb Start-up city-carrier located in Italy (spin-offof AEM - municipal power supply company) Metroweb:Very large optical infrastructure in themetropolitan area (using AEM tubes andducts) Fastweb:Communication services on top of Metrowebfiber optics rings infrastructure.Presentation ID 2002, Cisco Systems, Inc. All rights reserved.38
Fastweb service offering High speed multimedia communication capabilities forboth business andresidential customers Data/Voice/Video integration on topof the unified IP infrastructure Business customers (Large: 1,000; SMB: 45,000):Fast Internet, VoIP, MPLS VPN, VoIP, LAN-to-LAN (VPN)and application hosting, Video surveilance Residential customers (currently 250,000):Fast Internet, VoIP, Digital TV and VoD (MPEG2), VideoPhone, Internet Pay Per UsePresentation ID 2002, Cisco Systems, Inc. All rights reserved.39
Residential Services Example:Broadband Services and Revenue StreamsMonthly PricesActivation fee (one time) 53Always on Internet at 10 Mbps5 Mailboxes Unlimited on-net voiceCalls, Local (4h), National (2h) calls 53Flat Voice (excluded mobile, intl)VoD per movieDigital TV Broadcast.Set top box rentalSet top box DVD rentalPay Per UsePresentation ID 2002, Cisco Systems, Inc. All rights reserved. 9 2-5 35 5 10 X40
SMB CustomersBroadband Services & Revenue StreamsSMB Bundle(activation fee: 225 ) )Always on Internet at 10 Mbps5 Mailboxes5 Internet AccessMonthly PricesUnlimited onon-net voice callLocal (40h) National (20h) calls140 Hard Disk Storage (250 Mb)Additional 250 Mb voice traffic68 act. 45 45 x SHOPs & PROFESSIONALSVideo SurveillanceCamera and Encoder rentalDay Recording retrieval voice traffic225 act. 45 45 23 x ONE SOLUTION (SMB)IP Phone activation feeIP Phone monthly rentalSwitch monthly rental voice traffic 2002, Cisco Systems, Inc. All rights reserved.Presentation ID32 32 72 x 41
Top Enterprise CustomersBroadband Services and Revenue StreamsIP VPN (MPLS)10 Mbps100 Mbps1 GE 1,000 month / site 5,500 month / site“per project” pricedSLA: 99.97, 25ms round trip, 4 hours recoveryVideo Application for Business (NEW)- Exec. Management Business TV broadcasting- 24 hour Business TV channel à Managed Storage/Encoding- High Quality Multi video-conferencingPresentation ID 2002, Cisco Systems, Inc. All rights reserved.42
Fastweb Network ArchitectureRoles and ObjectsCoreCore DeviceDevice (P)(P)PMPLSMPLS PacketPacket Forwarding,Forwarding, SupportsSupports TrafficTraffic EngineeringEngineering && QoS.QoS. OSPFOSPF &&BGPBGP RoutingRoutingService-PE)*Service ApplicationApplication LayerLayer –– NetworkNetwork facingfacing PEPE (N(N-PE)*N-PEL2TPv3,L2TPv3, IPIP ServiceService ApplicationApplication layer:layer: L3VPN,L3VPN, InternetInternet AccessAccessValueValue AddedAdded Services:Services: NAT,NAT, AttachmentAttachment pointpoint forfor SomeSome Aggregation DeviceDevice (PE(PE-AGG)PE-AGGU-PETrafficTraffic aggregationaggregation andand congestioncongestion management,management, uRPFuRPF (Security)(Security)Edge-PE)Edge DeviceDevice (i)(i) –– UserUser facingfacing PEPE (U(U-PE)AdmissionAdmission control,control, SecuritySecurity PolicyPolicy Enforcement,Enforcement, Classification,Classification, MVRMVREdgeEdge DeviceDevice (ii)(ii) –– SetSet TopTop BoxBoxCEPresentation IDIPIP TelephonyTelephony Gateway,Gateway, DHCPDHCP Proxy,Proxy, AdmissionAdmission control,control, ClassificationClassification 2002, Cisco Systems, Inc. All rights reserved.* draft-ietf-ppvpn-l2-framework-03.txt 43
QoS Strategy Residential Users – Rate limited Best Effort trafficBusiness Users – Priority Gold and silver trafficMulticast (TV) – Own traffic classSignalling (H323) – Equivalent to GoldE2E QoS based on DiffServ modelTraffic MarkingRelies on CPE device in combination with Classificationcapability of Access Switch COS to/from DSCP mapping at first L3 switchPresentation ID 2002, Cisco Systems, Inc. All rights reserved.44
Case 1QoS– 2950End-to-EndEgressPrioritizebased onDSCPas accessIngressEgressIngressEgressNo ClassificationNo PolicingPrioritizebased onDSCPNoClassification(Trust COS)Map COS toDSCPPrioritizebased onCOSIngressEgressNoClassification(Trust COS)SetCOSQoSAction PolicingMDRRREDSTM4POSDrop tail1p1q4tTridentGE portPrioritizevoice &videoWRR(4 queues)6500GSRData flowWRED1p2q2tStrict WRR29506516-GBIC 6516-GBICGE portGE portGEUplinkServicing &CongestionAvoidanceMechanismTelsey, 17xxAccessPortCPESwitchData flowWREDDRR(2 queues)NomechanismPrioritizebased onDSCPNo Classification(Trust DSCP)WRED1p2q2tStrict WRRPrioritizebased onCOSMap DSCP toCOSIngressPresentation IDEgressIngress 2002, Cisco Systems, Inc. All rights reserved.EgressServicing &CongestionAvoidanceMechanismWRR(4 queues)No Classification(Trust COS)No PolicingIngressPrioritizebased onCOSEgressQoSActionIngress45
Ring Topology OverviewFastweb caseSession NumberPresentation ID 2002, Cisco Systems, Inc. All rights reserved.46
Fastweb PopLayer 3BR001Cisco12000Layer 2BH001Cat6509Layer 3AH002Cat6509Video n TrunkAH003Cat6509AH003Cat6509Aggregation switchesCat4908 or Cat6506Layer 2 or 3Up to 6 rings x 10 Cat3524Presentation ID 2002, Cisco Systems, Inc. All rights reserved.47
FastWeb Mini Pop topology6gig to core6gig to core6 gig InterSwitch link All links in the rings aregigabit dot1q trunks 6 GEC between the two 6506Cat6506 6 GEC uplink to PoPCat6506 One VLAN per AccessswitchUp to 36Rings perMini pop Up to 10 switches per ring Up to 36 rings per pair of6506 Each users on XL at 10M HD Each rings carries :10 users VLAN (one perswitch )1 mgmt VLAN3524XLPresentation ID 2002, Cisco Systems, Inc. All rights reserved.The multicast VLAN48
FastWeb Mini Pop topology (cont.)6gig to coreCat6506-aWith msfc-a6gig to core6 gig InterSwitch linkCat6506-2With msfc-b Each vlans is terminated onmsfc-a and msfc-b bothrunning HSRPUp to 36rings Each rings are purely L2 androot and backup root arelocated on 6506-a and 6506-bà each VLAN is blocked inthe middle of the ring3524XLPresentation ID 2002, Cisco Systems, Inc. All rights reserved.49
The last few meters – Building connectionHAGSTBHAGFibre or Cat5 copperTo theBackboneCatalyst 3550 or 2950 There is a 3550 or 2950switch in the basementof each building. A Ethernet connectionsto each of the flat is set.It can be copper or fiber(with optical converters) Each of the switches hastwo GigEth links towardsthe backbone.Fiber dropPresentation ID 2002, Cisco Systems, Inc. All rights reserved.50
Spanning TreeSTP in Ring overview and Failure scenariosSession NumberPresentation ID 2002, Cisco Systems, Inc. All rights reserved.51
Spanning Tree in RingsRootBackupRootBPDUsUsBPDMake sure Root and backup RootAre statically configured onDistribution switchesRecommended to use low priorityValue (0 and 1 for example).Layer-2Gigabit EthernetRing (N bridges)We will block somewhere in theMiddle of the ring.Block portPresentation ID 2002, Cisco Systems, Inc. All rights reserved.52
Spanning Tree in Rings : one user vlan perswitch.Root 101-105BackupRootRoot 106-110BackupRootOne user VLAN per igabit EthernetRing (N bridges)N VLANSVl103Vl104Vl105Presentation IDVl106 2002, Cisco Systems, Inc. All rights reserved.Vl109Trying to load balance RootBetween the two dist switchAlways Match HSRP active withSTP root.If provisioning permits try toVl108Use to have HSRP activeThe closest switchàMinimal pathàAvoid using the Inter switchLink between dist switchVl107!! Remember oversubscription ofThat linksI.E. : Fastweb uses 6Gig for 36Rings.53
Diameter of the STP IEEE default timers are :Max age 20sFwd delay 15sHello 2s These timers consider :Max Diameter N 73 BPDUs can be lost without triggering recalculations See : http://www.cisco.com/warp/customer/473/122.htmlfor detail on IEEE calculation to reaches these values. They suppose very conservative values (1 sec delayintroduced per switch, .) Some calculation done more recently usually allows moreaggressive timer values (like the one used to calculatetimers when macro commands are used in CatOS)Presentation ID 2002, Cisco Systems, Inc. All rights reserved.54
Diameter of the STP With 10 access switch in rings diameter would be up to 12(longest L2 path between two switches) Far above L2 recommendation However, it has been tested in such ring architecture tobe OK to go up to 12 access switches per ring (N 14) withdefault timers.Presentation ID 2002, Cisco Systems, Inc. All rights reserved.55
Risks linked to high value of N (diameter)RootBac
Ethernet-Based Services Ethernet Private Line Analogous to Private Line; transparent to customer BPDU Ethernet Wire Service Similar to ERS only w/ VLAN transparency; transparent to customer BPDU Ethernet Relay Service Analogous to Frame Relay; opaque to customer BPDU Hybrid ERS EMS Ethernet R
