carrier class campus ethernet service delivery class campus ethernet service delivery john lankford...

© Ciena Confidential and Proprietary

Carrier Class Campus Ethernet Service Delivery

John Lankford

Senior Systems Engineer

Research & Education

[email protected]

Internet2 Fall Member Meeting 2009 – San Antonio, TX


Agenda - Carrier Ethernet Defined - Carrier Ethernet (5 Attributes) - Carrier Ethernet features you might want to be aware of - ReferenceArchitectures


Carrier Ethernet Defined

© Ciena Confidential and Proprietary 4

Carrier Ethernet defined

•  Carrier Ethernet is a ubiquitous, standardized, carrier-class SERVICE defined by five attributes that distinguish Carrier Ethernet from familiar LAN based Ethernet

Carrier Ethernet

•  Scalability

•  Standardized services

•  Service management

•  Quality of service

•  Reliability

Carrier Ethernet Attributes

The 5 attributes of carrier Ethernet


Carrier Ethernet terminology Ethernet virtual circuits (EVCs) and services

In a Carrier Ethernet network, data is transported across… Point-to-Point and Multipoint-to-Multipoint EVCs

according to the attributes and definitions of the… E-Line, E-LAN and E-Tree services

Multipoint-to-Multipoint EVC

CE

UNI

CE

UNI E-LAN Service type

UNI UNI

E-Line Service type

Point-to-Point EVC

Root

CE UNI

UNI CE

CE

Leaf

Leaf

CE

Leaf

Rooted Multipoint EVC

E-Tree Service type


Carrier Ethernet Benefits •  Many service types

•  Eliminate traditional Ethernet subscriber and topology limitations

•  SONET-like protection

•  Bulk configuration and automation

•  Dynamic bandwidth and multiple service levels

Carrier Ethernet: Multiple services, one network

MEF Carrier Ethernet

•  Standardized Services

•  Scalability

•  Reliability

•  Service Management

•  Quality of Service

LAN Ethernet •  Enterprise price points •  Ubiquity •  Simplicity


Carrier Ethernet 5 Attributes (Details)


Carrier Ethernet Standardized Services

 All services supported by different encapsulations

 Services may be dynamically provisioned, reconfigured, monitored, etc.

Q-in-Q PBB/PBB-TE MPLS H-VPLS

UNI

UNI UNI Q-in-Q PBB/PBB-TE MPLS H-VPLS

UNI Q-in-Q PBB/PBB-TE MPLS H-VPLS

E-Line (EPL) Pt-to-Pt EVCs

E-Line (EVPL) Pt-to-Pt EVCs

E-LAN, E-Tree MPt-MPt, Pt-MPt EVCs

Provides greatest flexibility to meet changing needs of end customers

Service Multiplexed UNIs Dedicated Port UNIs


VS

Simplified provisioning of end-to-end EVCs

VS PBB-TE

Carrier Ethernet Virtual Switching

Virtual switches enable operators to logically partition switch resources   Improves L2VPN security   Eases interworking between disparate encapsulation formats   Enables unlimited MAC scalability for point-to-point services

Virtual Switching combined with connection-oriented Ethernet unlocks the benefits of E-LAN and multicast services over protected, traffic-engineered infrastructure

Q-in-Q

Expands network administrators ability to overcome network/topology limits while addressing customer connectivity/service needs

PBB-TE

VS MPLS

PBB-TE PBB-TE

PBB-TE PBB-TE PBB-TE VS

PBB-TE PBB-TE


Carrier Ethernet Virtual Architecture

Every Physical Port is an independent address/tag/label domain

  Allows customers on different ports to have overlapping addresses and/or tags

  Allows scalability beyond short tag limitations, e.g., traditional 4K VLANs

Logical Ports may map 1:1 to physical ports or span multiple physical ports

  Logical ports for link aggregation groups may be created

Sub-Ports are logical interfaces created by ingress classifications of a logical port

  For instance, a set of VLANs, range of priorities, MPLS tunnel, IP address or subnet, etc.

Flow Interfaces created via hierarchical ingress classifications

  FIs provide ingress metering, L2/L3 CoS policies, L2/L3 ACLs, etc.

Virtual interfaces attach to virtual switches

  VIs defined for tunnels (e.g., PBB-TE, MPLS) and other transformations (e.g., Q-in-Q, dual-tag push/pop/swap)

Each virtual switch is an independent address/switching domain

  Provides isolation and security between customers/services

LP

SP

PP PP

LP

FI FI FI

PP

LP

FI

VI VI VI VI VI

VS

SP

PP

SP SP SP

PP

LP

SP

FI

VI

VS

VS

Superior security and performance for customer and infrastructure L2VPNs


EVC (PW) EVC Q-in-Q or PBB-TE Tunnel

EVC (PW) MPLS LSP

Carrier Ethernet Scalability/Interworking

Multiple encapsulation options provide greatest flexibility and interoperability with existing and emerging technologies

  Ingress/egress virtual interfaces perform dual-tag push/pop/swap, which enables VLAN translation, connection-oriented Ethernet tunneling, and MPLS interworking

Q-in-Q or

PBB/PBB-TE MPLS H-VPLS

or PBB/TE MEF UNI

Access / Aggregation Metro Core

Q-in-Q or PBB-TE Tunnel EVC

Q-in-Q or PBB-TE Tunnel EVC

Dual tag push/pop/swap

Dual tag push/pop/swap

Seamless service/tunnel interworking between PB (Q-in-Q), PBB/PBB-TE and MPLS simplifies the handoff between domains


Carrier Ethernet Reliability

 802.1Q/ad domains protected using 802.1w RSTP with 50 ms restoration

 L2 control frame tunneling, including support for tunneling Cisco’s proprietary protocols enables robust L2VPNs

 Multi-tiered, dual-homed PBB-TE (shown at right)

  Superior link, path, device redundancy

  Simplifies initial and ongoing provisioning

 Distributed 802.1ag CCM tunnel resiliency

  Improves tunnel failover performance   Enhances scalability of tunnel architecture

  1:1 (primary/backup), 1:n (tunnel group)

 Multi-rooted E-Tree services supports redundant multicast/IPTV video sources

Ethernet flexibility with transmission reliability AAV – Alternate access vendor FRN – Fiber relay node RN – Radio node WSC – Wireless Switching Center


Carrier Ethernet Service Management

L2 ACLs per VLAN

 Specifies accept, accept/copy, deny, deny/copy actions  Copies to another port for selective

mirroring or to CPU for logging

 Access Policy classification qualified by Sub-Port / Virtual Interface

 E.g., IP address space within L2VPNs are independent for each VI

 Note: flow can be single address, range of addresses, list of addresses/ranges, etc.

 Can be in positive or negative mode  Accept all except for deny ingress

access policies

 Deny all except for accept ingress access policies

Port 2/3

C-VID 100

C-VID 200

MAC A

Logical Port (i.e., Building)

Sub-Port (i.e., Dept)

Flow Interface (i.e., VLAN or MAC)

MAC B

IP SA 192.168.1.23

TCP Port 80

MAC C

Deny

Accept

Deny

Deny

Accept

IP SA 192.168.1.23 Accept

Powerful Layer 2 Access Control Lists for secure L2VPNs



Carrier Ethernet Service Model

 Connectionless model (ETH)

 Connection-oriented model (PBB-TE, MPLS)  Composite model (ETH + PBB-TE + MPLS)

Service & Network Discovery

 Multi-layer Topological Relations

 Multi-protocol (LLDP, EOAM, CFM)

 Stage, template, and deep discovery  Real-time, automated zero touch

Topology & Inventory

 Rich & detailed Information

 Real-time state & status

 Policy-driven service lifecycles

Ser

vice

Li

nk

Con

nect

ivity

•  E-Line (EPL, EVPL), E-LAN •  E-Tree •  Class of Service & Service Profiles •  Composite Services (ETH+PBT+MPLS) •  Flow, Flow Domain, Fragments & Paths

•  ETH Links & Trunks •  UNI, NNI, E-NNI •  Bandwidth Profiles

•  EVC, QoS Profiles •  Virtual Interface & Virtual Switch •  Bridging Domains (STP, RSTP) •  Assurance & Validation •  EOAM, CFM, Y.1731

Mul

ti-La

yer D

isco

very

, Top

olog

y &

Inve

ntor

y

Ele

men

t

•  SFPs, Cards, Chassis •  Software •  Physical & Logical Ports

Mul

ti-La

yer C

onfig

urat

ion

& A

ctiv

atio

n

Enables rapid and accurate provisioning of flexible services



Hierarchical maps Network views Inventory & events

Service Profiles (e.g., E-Line)

1) Select end-points 2) Run wizard

Service provisioning

Service visualization

3) Choose service templates Complete menu options Done!


Carrier Ethernet Quality of Service

Rich Flow Classifications   Logical Port, Customer MAC SA/DA, S-Tag/C-Tag

(EType, PCP, VID), C-VLAN Tag (EType, Pri, VID), IP SA/DA, IP TOS/DSCP/PHBG, IP Prot., L4 Src/Dst Port

Flexible priority resolution for CoS mapping   May be mapped from frame fields such as VLAN

priority, IP DSCP, PBB-TE B-PCP, MPLS EXP, etc. or default values for source port, VLAN ID, etc.

Hierarchical Ingress Meter Profiles (64 kbps increments)

  Specify CIR/CBS, EIR/EBS, Color Aware for a profile   Profiles are live with changes affecting all meter policies that

reference profile

  Allows efficient service upgrades - e.g. change all services from 10Mbps to 15Mbps in one step

Scheduling Profiles   Allows definition of egress schedulers to merge

multiple queue or shaper outputs

Hierarchical Egress Shaping/Scheduling   Flow → Sub-port → Logical Port

  Shaping of sub-port queues → scheduling to merge queues → shaping of merged queues → scheduling with other sub-ports

80/200

30/100

50/100

MAC A

Logical Port (i.e., Building)

Sub-Port (i.e., Dept)

Flow Interface (i.e., VLAN or MAC)

MAC B

Voice VLAN

Data VLAN

L2VPN

15/50

5/50

20/20

10/100

20/100

VLAN 100 10/50

QoS controls for predictable service delivery and rich service stratification

CIR/EIR


Carrier Ethernet features you might want to be aware of…

Physical Connectivity Management (802.3ah OAM) Service Connectivity Management (802.1ag CFM)

Service Performance Management (ITU Y.1731) Provider Backbone Transport (802.1Qay)



Physical Connectivity Management (802.3ah OAM)


Physical Connectivity Management: 802.3ah OAM Physical Link - 802.3ah OAM   Primary benefit is to provide the ability to monitor a link for critical events and

then put the remote device into loopback mode to test on the link.   Link Loopback

  Service Affecting   Active or Passive per Port Config   Returned frames analyzed by sender   Determine Link quality and isolate link faults

  Errored Frame Seconds Reported   Link Based Dying Gasp Reported (Fault Signaling)   OAM Discovery via LLDP


Physical Connectivity Management: 802.3ah OAM 802.3ah OAM uses 2 types of link events: critical link events and non-critical link events. Critical link events (link fault, dying gasp, etc.) are signaled to the remote DTE by setting the appropriate

flag in the OAMPDU frame header. Non-critical events are conveyed using Event Notification PDUs. The data field in an event OAMPDU

consists of event TLVs.

  Critical events are generated for the following events:   • Dying Gasp- generated when a reboot command is issued administratively, when power is lost, or there

is a fatal software error.   • Critical Link Event- generated when the unit temperature crosses above the configured threshold, unit

temperature crosses below the configured threshold, or fan speed drops below a certain speed.

  Non-critical event notifications are sent under the following conditions:   • Errored Frame Event- generated if the errored frame count is equal to or greater than the specified

threshold for that period. Jabber, oversize, undersize, fragment and CRC errors are all monitored.   • Errored Frame Period Event- generated if the errored frame count is greater than or equal to the

specified threshold for a period (number of received frames). Jabber, oversize, undersize, fragment and CRC errors are all monitored.

  • Errored Frame Seconds Summary Event- generated if the number of errored frame seconds is equal to or greater than the specified threshold for that period. An errored frame second is a 1 second interval wherein at least one frame error is detected. Jabber, oversize, undersize, fragment and CRC errors are all monitored.



Service Connectivity Management (802.1ag CFM)


Service Connectivity Management: 802.1ag CFM 802.1ag CFM for Virtual Services   Connectivity Fault Management (CFM) provides a

method to continuously monitor the end-to-end network connectivity of a network service.

  Non-Service Affecting   Management End-Points   Management Intermediate-Points   Auto Discovery of MEPS/MIPS

MEP 10

MEP 12

MEP 11

MIP

MIP MIP

  Per VLAN/Tunnel MAC Ping   Per VLAN/Tunnel MAC Traceroute   Per VLAN/Tunnel Continuity Check

  Constantly Checks Service State   Creates Trap if 3 CCMs are lost   3.3msec to 10min intervals   CCM = Continuity Check Message


Service Connectivity Management: 802.1ag CFM

  CFM provides utilities to maintain network connectivity including:   • Path discovery - Linktrace messages to determine the path taken to a

target MAC address.   • Fault detection - CCMs to detect both connectivity failures and

unintended connectivity between Service Instances.   • Fault verification and isolation - Loopback messages to perform fault

verification, Linktrace messages and loopback messages to isolate faults.

  • Fault notification - Fault notification is provided by the MEP that detected a connectivity fault either because expected CCM were not received, or unexpected or invalid CCM were received or CCM carried a notification of the failure of its associated MEP.

  • Fault recovery - Fault notifications to help network operators correct configuration errors or replace failed components.



Service Performance Management (ITU Y.1731 & TWAMP)


L2 Service Performance Management: ITU Y.1731 Round trip delay/jitter and single ended frame loss (MEP to MEP)

  Non-Service Affecting   Utilizes IEEE 802.1ag (CCM) format frames for test packets   Unicast messages to a specific MEP   Delay, Jitter, and Frame Loss measurements   Allows continual background SLA monitoring of loss, delay, and jitter to selected MEPs   MIPs do not participate in delay/jitter/frame loss measurements

MEP 10

MEP 12

MEP 11

MIP

MIP MIP

802.1ag CCMs


L3 Service Performance Mgmt: TWAMP Complete Sender & Responder

  L3 based measurement of delay/jitter values between two end points   Operator configures a “test interface” on the endpoints and associates that

endpoint with a particular service

  Traverses L3 core since it is an L3 protocol   Test will run for limited duration as specified by the operator

Server

Control-client

Session-Sender

Session-Reflector or Responder

Core IP/MPLS



Provider Backbone Transport (802.1Qay)


PBT (Provider Backbone Transport) 802.1Qay Frame Format

802.1ah

802.1ad

802.1Q

802.1Qay


Feature Review – VLAN Aware MAC Bridging aka VLAN Tagging – 802.1Q Addition of 12-bit VLAN field (C-Tag) to Ethernet frame Allows for 4094 VLAN Identifiers Switching on C-DA and VLAN ID Learning on C-SA Flood to Unknown for unknown C-DA Loop avoidance by xSTP


Feature Review – Q-in-Q aka Provider Bridging aka VLAN Stacking aka VLAN Double Tagging – 802.1ad

Addition of another 12-bit VLAN field (S-Tag) to Ethernet frame Allows for 4094 C-Tag VLAN Identifiers Allows for 4094 S-Tag VLAN Identifiers Allows for 16,760,836 VLANs but still only 4094 S-Tags Switching on C-DA and S-Tag VLAN ID C-Tag is transparent Learning on C-SA Flood to Unknown for unknown C-DA Loop avoidance by xSTP


Feature Review – MAC Header Encapsulation aka Provider Backbone Bridging (PBB) – 802.1ah

Addition of another 12-bit VLAN field (B-Tag) to Ethernet frame Addition of another 48-bit MAC field (B-SA) to Ethernet frame Addition of another 48-bit MAC field (B-DA) to Ethernet frame Addition of 24-bit Service Identifier field (I-Tag) to Ethernet frame Allows for 4094 C-Tag VLAN Identifiers Allows for 4094 S-Tag VLAN Identifiers Allows for 4094 B-Tag VLAN Identifiers Allows for 16,777,214 I-Tag Service Identifiers S-Tag is mapped to Service Identifier (I-Tag) Switching on B-DA and I-Tag C-Tag is transparent C-DA is transparent Customer Layer 2 Control Protocols are transparent Learning on B-SA Flood to Unknown for unknown B-DA Loop avoidance by xSTP


Feature Highlight – Provider Backbone Bridging –Traffic Engineering (PBB-TE) aka Provider Backbone Transport (PBT) aka Provider Backbone Tunneling (PBT) – 802.1Qay

Same frame format as 802.1ah (PBB) – No changes / additions Extension of 802.1ah (PBB) Difference is B-DA and I-Tag identifies bidirectional tunnel pair Allows for 16,777,214 I-Tag Service Identifiers S-Tag is mapped to Service Identifier (I-Tag) C-Tag is transparent C-DA is transparent Customer Layer 2 Control Protocols are transparent No learning in core backbone -- TE No flooding in core backbone -- TE No loop avoidance (xSTP) in core backbone -- TE


PBT (Provider Backbone Transport) 802.1Qay Frame Format - Review

802.1ah

802.1ad

802.1Q

802.1Qay


(802.1ah/802.1Qay) (802.1ad) (802.1Q)

Example PBT Network


Example PBT Network (Detail)

(802.1ah/802.1Qay) (802.1ad) (802.1Q)


Sample PBT Configuration   Step 1. Create a PBT remote bridge MAC address and name pair

pbt remote-bridge create remote-bridge <name> bridge-mac <mac>   Step 2. Create a tunnel group

pbt tunnel-group create group <name>   Step 3. Create an Encap tunnel

pbt encap-tunnel create static-encap <name> dest-bridge-name <name> port <port> b-vid <B-Tag> tunnel-group <name> pair-index <1- 4> weight <1- 8>

  Step 4. Create a Decap tunnel pbt decap-tunnel create static-decap <name> dest-bridge-name <name>

port <port> b-vid <B-Tag> tunnel-group <name> pair-index <1- 4>   Step 5. Create a service

pbt service create service <name> ingress-isid <I-Tag> egress-isid <I-Tag> tunnel-group <name>

  Step 6. Create a Virtual Circuit virtual-switch ethernet create vs <name> vc <name> virtual-switch ethernet add vs <name> port <port> vlan <S-Tag> virtual-circuit pbt create static-vc <name> egress-isis <I-Tag> ingress-isid <I-Tag>

tunnel <name>


Feature Highlight – PBT (Provider Backbone Transport) 802.1Qay – Definition, cont.

 Since the tunnels are point-to-point, PBT can also achieve recovery times approaching 50 ms. Providers can group a set of tunnels together that from a tunnel protection group. Only one tunnel in the protection group can be active at a time, but another tunnel in the group will be used if the primary tunnel fails.

 Connection Fault Management (IEEE 802.1ag) is used to monitor these tunnels. This provides fault notifications in milliseconds and thus carrier-grade failover times can be achieved.

 PBT also supports the dual homing of primary and backup tunnels. This enables PBT tunnels to terminate on entirely separate devices. This offers device redundancy and path diversity for upstream connections. This is achieved by grouping tunnels into tunnel groups.


PBB-TE Tunnel Resiliency: Failover / Restoration

PBB-TE BEB

PBB-TE BEB

PBB-TE BCBs

PBB-TE with 802.1ag CFM for Link Monitoring & Failover •  Single or Dual Homed •  Intelligent Tunnel Synchronization •  Tunnel Monitoring and Failure Detection

•  802.1ag CCMs ( loss of 3 CCM triggers failure + far end rdi) •  Variable Rates Depending on Needs (3.3 msec – 10 min) •  Optional automatic Reversion with configurable timers

•  Configurable E-Types for easy interoperability

PRIMARY

BACKUP

802.1ag CFM Continuity Check Messages (CCM)

BEB= Backbone Edge Bridge ; BCB=Backbone Core Bridge

CCM ( + CCM.rdi from far-end MEP)

(dual homed)


PBB-TE Tunnel : Performance Management

PBB-TE BEB

PBB-TE BEB

PBB-TE BCBs

PBB-TE with Y.1731 Performance Management •  Performance Management between Tunnel Endpoints

•  Provides Service Independent Tunnel Monitoring •  Enhanced Scalability as 1,000’s of services may traverse the

tunnel without the need to monitor every service •  Leverages 802.1ag frames for reduced overhead

•  Multiple packets sent at 100ms interval to perform the test •  Frame Delay / Frame Delay Variation / Loss Measurement •  2-way Delay Roundtrip Measurement •  1-way Delay Measurement (requires common time base) •  Single Ended Frame-Loss (MEP to MEP)

PRIMARY

BACKUP

Y.1731 Performance Management Y.1731 ETH-LM PM


Feature Highlight - PBT (Provider Backbone Transport) 802.1Qay - Benefits   The main benefits of PBT include:   • Removing the 4,000 tag limitation, enabling 16 million distinct

services to be configured.   • No learning or flooding in the core of the network for a reduction in

complexity and cost.   • User MAC address and other information is tunneled through the

core network, enhancing security and scalability.   • Using specifically engineered paths or tunnels allows you to target

maximum utilization of the core network devices.   • The user and backbone control domains are separated, allowing

layer 2 control frames to be transported through the provider’s network.

  • 802.1ag CFM can be used to monitor tunnels and provide carrier-grade failover detection.


Reference Architectures


Campus Services - Hub & Spoke Metro/Access

nxGig (P)

10Gig

Core

Campus Access Campus Metro Campus Core

Border

Border ISP

ISP

nxGig (P)

Gig (P)

Gig (P)

Gig (P)

Gig (P)

Gig (P)

Gig (P)

Core


Campus Services - Ring Metro/Access

10Gig

Core


Border

Border ISP

ISP

Gig (P)

Gig (P) Gig (P)

nxGig (P)

nxGig (P)

Core



Campus Services - Transport

Core

Border

Border ISP

ISP Core 10Gig

10Gig PBB-TE (P)

GigE (P)

GigE (P) GigE (P)

carrier class campus ethernet service delivery class campus ethernet service delivery john lankford...

Documents