carrier class campus ethernet service delivery class campus ethernet service delivery john lankford...
TRANSCRIPT
© Ciena Confidential and Proprietary
Carrier Class Campus Ethernet Service Delivery
John Lankford
Senior Systems Engineer
Research & Education
Internet2 Fall Member Meeting 2009 – San Antonio, TX
© Ciena Confidential and Proprietary
Agenda - Carrier Ethernet Defined - Carrier Ethernet (5 Attributes) - Carrier Ethernet features you might want to be aware of - ReferenceArchitectures
© Ciena Confidential and Proprietary
Carrier Ethernet Defined
© Ciena Confidential and Proprietary 4
Carrier Ethernet defined
• Carrier Ethernet is a ubiquitous, standardized, carrier-class SERVICE defined by five attributes that distinguish Carrier Ethernet from familiar LAN based Ethernet
Carrier Ethernet
• Scalability
• Standardized services
• Service management
• Quality of service
• Reliability
Carrier Ethernet Attributes
The 5 attributes of carrier Ethernet
© Ciena Confidential and Proprietary 5
Carrier Ethernet terminology Ethernet virtual circuits (EVCs) and services
In a Carrier Ethernet network, data is transported across… Point-to-Point and Multipoint-to-Multipoint EVCs
according to the attributes and definitions of the… E-Line, E-LAN and E-Tree services
Multipoint-to-Multipoint EVC
CE
UNI
CE
UNI E-LAN Service type
UNI UNI
E-Line Service type
Point-to-Point EVC
Root
CE UNI
UNI CE
CE
Leaf
Leaf
CE
Leaf
Rooted Multipoint EVC
E-Tree Service type
© Ciena Confidential and Proprietary 6
Carrier Ethernet Benefits • Many service types
• Eliminate traditional Ethernet subscriber and topology limitations
• SONET-like protection
• Bulk configuration and automation
• Dynamic bandwidth and multiple service levels
Carrier Ethernet: Multiple services, one network
MEF Carrier Ethernet
• Standardized Services
• Scalability
• Reliability
• Service Management
• Quality of Service
LAN Ethernet • Enterprise price points • Ubiquity • Simplicity
© Ciena Confidential and Proprietary
Carrier Ethernet 5 Attributes (Details)
© Ciena Confidential and Proprietary 8
Carrier Ethernet Standardized Services
All services supported by different encapsulations
Services may be dynamically provisioned, reconfigured, monitored, etc.
Q-in-Q PBB/PBB-TE MPLS H-VPLS
UNI
UNI UNI Q-in-Q PBB/PBB-TE MPLS H-VPLS
UNI Q-in-Q PBB/PBB-TE MPLS H-VPLS
E-Line (EPL) Pt-to-Pt EVCs
E-Line (EVPL) Pt-to-Pt EVCs
E-LAN, E-Tree MPt-MPt, Pt-MPt EVCs
Provides greatest flexibility to meet changing needs of end customers
Service Multiplexed UNIs Dedicated Port UNIs
© Ciena Confidential and Proprietary 9
VS
Simplified provisioning of end-to-end EVCs
VS PBB-TE
Carrier Ethernet Virtual Switching
Virtual switches enable operators to logically partition switch resources Improves L2VPN security Eases interworking between disparate encapsulation formats Enables unlimited MAC scalability for point-to-point services
Virtual Switching combined with connection-oriented Ethernet unlocks the benefits of E-LAN and multicast services over protected, traffic-engineered infrastructure
Q-in-Q
Expands network administrators ability to overcome network/topology limits while addressing customer connectivity/service needs
PBB-TE
VS MPLS
PBB-TE PBB-TE
PBB-TE PBB-TE PBB-TE VS
PBB-TE PBB-TE
© Ciena Confidential and Proprietary 10
Carrier Ethernet Virtual Architecture
Every Physical Port is an independent address/tag/label domain
Allows customers on different ports to have overlapping addresses and/or tags
Allows scalability beyond short tag limitations, e.g., traditional 4K VLANs
Logical Ports may map 1:1 to physical ports or span multiple physical ports
Logical ports for link aggregation groups may be created
Sub-Ports are logical interfaces created by ingress classifications of a logical port
For instance, a set of VLANs, range of priorities, MPLS tunnel, IP address or subnet, etc.
Flow Interfaces created via hierarchical ingress classifications
FIs provide ingress metering, L2/L3 CoS policies, L2/L3 ACLs, etc.
Virtual interfaces attach to virtual switches
VIs defined for tunnels (e.g., PBB-TE, MPLS) and other transformations (e.g., Q-in-Q, dual-tag push/pop/swap)
Each virtual switch is an independent address/switching domain
Provides isolation and security between customers/services
LP
SP
PP PP
LP
FI FI FI
PP
LP
FI
VI VI VI VI VI
VS
SP
PP
SP SP SP
PP
LP
SP
FI
VI
VS
VS
Superior security and performance for customer and infrastructure L2VPNs
© Ciena Confidential and Proprietary 11
EVC (PW) EVC Q-in-Q or PBB-TE Tunnel
EVC (PW) MPLS LSP
Carrier Ethernet Scalability/Interworking
Multiple encapsulation options provide greatest flexibility and interoperability with existing and emerging technologies
Ingress/egress virtual interfaces perform dual-tag push/pop/swap, which enables VLAN translation, connection-oriented Ethernet tunneling, and MPLS interworking
Q-in-Q or
PBB/PBB-TE MPLS H-VPLS
or PBB/TE MEF UNI
Access / Aggregation Metro Core
Q-in-Q or PBB-TE Tunnel EVC
Q-in-Q or PBB-TE Tunnel EVC
Dual tag push/pop/swap
Dual tag push/pop/swap
Seamless service/tunnel interworking between PB (Q-in-Q), PBB/PBB-TE and MPLS simplifies the handoff between domains
© Ciena Confidential and Proprietary 12
Carrier Ethernet Reliability
802.1Q/ad domains protected using 802.1w RSTP with 50 ms restoration
L2 control frame tunneling, including support for tunneling Cisco’s proprietary protocols enables robust L2VPNs
Multi-tiered, dual-homed PBB-TE (shown at right)
Superior link, path, device redundancy
Simplifies initial and ongoing provisioning
Distributed 802.1ag CCM tunnel resiliency
Improves tunnel failover performance Enhances scalability of tunnel architecture
1:1 (primary/backup), 1:n (tunnel group)
Multi-rooted E-Tree services supports redundant multicast/IPTV video sources
Ethernet flexibility with transmission reliability AAV – Alternate access vendor FRN – Fiber relay node RN – Radio node WSC – Wireless Switching Center
© Ciena Confidential and Proprietary 13
Carrier Ethernet Service Management
L2 ACLs per VLAN
Specifies accept, accept/copy, deny, deny/copy actions Copies to another port for selective
mirroring or to CPU for logging
Access Policy classification qualified by Sub-Port / Virtual Interface
E.g., IP address space within L2VPNs are independent for each VI
Note: flow can be single address, range of addresses, list of addresses/ranges, etc.
Can be in positive or negative mode Accept all except for deny ingress
access policies
Deny all except for accept ingress access policies
Port 2/3
C-VID 100
C-VID 200
MAC A
Logical Port (i.e., Building)
Sub-Port (i.e., Dept)
Flow Interface (i.e., VLAN or MAC)
MAC B
IP SA 192.168.1.23
TCP Port 80
MAC C
Deny
Accept
Deny
Deny
Accept
IP SA 192.168.1.23 Accept
Powerful Layer 2 Access Control Lists for secure L2VPNs
© Ciena Confidential and Proprietary 14
Carrier Ethernet Service Management
Carrier Ethernet Service Model
Connectionless model (ETH)
Connection-oriented model (PBB-TE, MPLS) Composite model (ETH + PBB-TE + MPLS)
Service & Network Discovery
Multi-layer Topological Relations
Multi-protocol (LLDP, EOAM, CFM)
Stage, template, and deep discovery Real-time, automated zero touch
Topology & Inventory
Rich & detailed Information
Real-time state & status
Policy-driven service lifecycles
Ser
vice
Li
nk
Con
nect
ivity
• E-Line (EPL, EVPL), E-LAN • E-Tree • Class of Service & Service Profiles • Composite Services (ETH+PBT+MPLS) • Flow, Flow Domain, Fragments & Paths
• ETH Links & Trunks • UNI, NNI, E-NNI • Bandwidth Profiles
• EVC, QoS Profiles • Virtual Interface & Virtual Switch • Bridging Domains (STP, RSTP) • Assurance & Validation • EOAM, CFM, Y.1731
Mul
ti-La
yer D
isco
very
, Top
olog
y &
Inve
ntor
y
Ele
men
t
• SFPs, Cards, Chassis • Software • Physical & Logical Ports
Mul
ti-La
yer C
onfig
urat
ion
& A
ctiv
atio
n
Enables rapid and accurate provisioning of flexible services
© Ciena Confidential and Proprietary 15
Carrier Ethernet Service Management
Hierarchical maps Network views Inventory & events
Service Profiles (e.g., E-Line)
1) Select end-points 2) Run wizard
Service provisioning
Service visualization
3) Choose service templates Complete menu options Done!
© Ciena Confidential and Proprietary 16
Carrier Ethernet Quality of Service
Rich Flow Classifications Logical Port, Customer MAC SA/DA, S-Tag/C-Tag
(EType, PCP, VID), C-VLAN Tag (EType, Pri, VID), IP SA/DA, IP TOS/DSCP/PHBG, IP Prot., L4 Src/Dst Port
Flexible priority resolution for CoS mapping May be mapped from frame fields such as VLAN
priority, IP DSCP, PBB-TE B-PCP, MPLS EXP, etc. or default values for source port, VLAN ID, etc.
Hierarchical Ingress Meter Profiles (64 kbps increments)
Specify CIR/CBS, EIR/EBS, Color Aware for a profile Profiles are live with changes affecting all meter policies that
reference profile
Allows efficient service upgrades - e.g. change all services from 10Mbps to 15Mbps in one step
Scheduling Profiles Allows definition of egress schedulers to merge
multiple queue or shaper outputs
Hierarchical Egress Shaping/Scheduling Flow → Sub-port → Logical Port
Shaping of sub-port queues → scheduling to merge queues → shaping of merged queues → scheduling with other sub-ports
80/200
30/100
50/100
MAC A
Logical Port (i.e., Building)
Sub-Port (i.e., Dept)
Flow Interface (i.e., VLAN or MAC)
MAC B
Voice VLAN
Data VLAN
L2VPN
15/50
5/50
20/20
10/100
20/100
VLAN 100 10/50
QoS controls for predictable service delivery and rich service stratification
CIR/EIR
© Ciena Confidential and Proprietary 17
Carrier Ethernet features you might want to be aware of…
Physical Connectivity Management (802.3ah OAM) Service Connectivity Management (802.1ag CFM)
Service Performance Management (ITU Y.1731) Provider Backbone Transport (802.1Qay)
© Ciena Confidential and Proprietary 18
Carrier Ethernet features you might want to be aware of…
Physical Connectivity Management (802.3ah OAM)
© Ciena Confidential and Proprietary 19
Physical Connectivity Management: 802.3ah OAM Physical Link - 802.3ah OAM Primary benefit is to provide the ability to monitor a link for critical events and
then put the remote device into loopback mode to test on the link. Link Loopback
Service Affecting Active or Passive per Port Config Returned frames analyzed by sender Determine Link quality and isolate link faults
Errored Frame Seconds Reported Link Based Dying Gasp Reported (Fault Signaling) OAM Discovery via LLDP
© Ciena Confidential and Proprietary 20
Physical Connectivity Management: 802.3ah OAM 802.3ah OAM uses 2 types of link events: critical link events and non-critical link events. Critical link events (link fault, dying gasp, etc.) are signaled to the remote DTE by setting the appropriate
flag in the OAMPDU frame header. Non-critical events are conveyed using Event Notification PDUs. The data field in an event OAMPDU
consists of event TLVs.
Critical events are generated for the following events: • Dying Gasp- generated when a reboot command is issued administratively, when power is lost, or there
is a fatal software error. • Critical Link Event- generated when the unit temperature crosses above the configured threshold, unit
temperature crosses below the configured threshold, or fan speed drops below a certain speed.
Non-critical event notifications are sent under the following conditions: • Errored Frame Event- generated if the errored frame count is equal to or greater than the specified
threshold for that period. Jabber, oversize, undersize, fragment and CRC errors are all monitored. • Errored Frame Period Event- generated if the errored frame count is greater than or equal to the
specified threshold for a period (number of received frames). Jabber, oversize, undersize, fragment and CRC errors are all monitored.
• Errored Frame Seconds Summary Event- generated if the number of errored frame seconds is equal to or greater than the specified threshold for that period. An errored frame second is a 1 second interval wherein at least one frame error is detected. Jabber, oversize, undersize, fragment and CRC errors are all monitored.
© Ciena Confidential and Proprietary 21
Carrier Ethernet features you might want to be aware of…
Service Connectivity Management (802.1ag CFM)
© Ciena Confidential and Proprietary 22
Service Connectivity Management: 802.1ag CFM 802.1ag CFM for Virtual Services Connectivity Fault Management (CFM) provides a
method to continuously monitor the end-to-end network connectivity of a network service.
Non-Service Affecting Management End-Points Management Intermediate-Points Auto Discovery of MEPS/MIPS
MEP 10
MEP 12
MEP 11
MIP
MIP MIP
Per VLAN/Tunnel MAC Ping Per VLAN/Tunnel MAC Traceroute Per VLAN/Tunnel Continuity Check
Constantly Checks Service State Creates Trap if 3 CCMs are lost 3.3msec to 10min intervals CCM = Continuity Check Message
© Ciena Confidential and Proprietary 23
Service Connectivity Management: 802.1ag CFM
CFM provides utilities to maintain network connectivity including: • Path discovery - Linktrace messages to determine the path taken to a
target MAC address. • Fault detection - CCMs to detect both connectivity failures and
unintended connectivity between Service Instances. • Fault verification and isolation - Loopback messages to perform fault
verification, Linktrace messages and loopback messages to isolate faults.
• Fault notification - Fault notification is provided by the MEP that detected a connectivity fault either because expected CCM were not received, or unexpected or invalid CCM were received or CCM carried a notification of the failure of its associated MEP.
• Fault recovery - Fault notifications to help network operators correct configuration errors or replace failed components.
© Ciena Confidential and Proprietary 24
Carrier Ethernet features you might want to be aware of…
Service Performance Management (ITU Y.1731 & TWAMP)
© Ciena Confidential and Proprietary 25
L2 Service Performance Management: ITU Y.1731 Round trip delay/jitter and single ended frame loss (MEP to MEP)
Non-Service Affecting Utilizes IEEE 802.1ag (CCM) format frames for test packets Unicast messages to a specific MEP Delay, Jitter, and Frame Loss measurements Allows continual background SLA monitoring of loss, delay, and jitter to selected MEPs MIPs do not participate in delay/jitter/frame loss measurements
MEP 10
MEP 12
MEP 11
MIP
MIP MIP
802.1ag CCMs
© Ciena Confidential and Proprietary 26
L3 Service Performance Mgmt: TWAMP Complete Sender & Responder
L3 based measurement of delay/jitter values between two end points Operator configures a “test interface” on the endpoints and associates that
endpoint with a particular service
Traverses L3 core since it is an L3 protocol Test will run for limited duration as specified by the operator
Server
Control-client
Session-Sender
Session-Reflector or Responder
Core IP/MPLS
© Ciena Confidential and Proprietary 27
Carrier Ethernet features you might want to be aware of…
Provider Backbone Transport (802.1Qay)
© Ciena Confidential and Proprietary 28
PBT (Provider Backbone Transport) 802.1Qay Frame Format
802.1ah
802.1ad
802.1Q
802.1Qay
© Ciena Confidential and Proprietary 29
Feature Review – VLAN Aware MAC Bridging aka VLAN Tagging – 802.1Q Addition of 12-bit VLAN field (C-Tag) to Ethernet frame Allows for 4094 VLAN Identifiers Switching on C-DA and VLAN ID Learning on C-SA Flood to Unknown for unknown C-DA Loop avoidance by xSTP
© Ciena Confidential and Proprietary 30
Feature Review – Q-in-Q aka Provider Bridging aka VLAN Stacking aka VLAN Double Tagging – 802.1ad
Addition of another 12-bit VLAN field (S-Tag) to Ethernet frame Allows for 4094 C-Tag VLAN Identifiers Allows for 4094 S-Tag VLAN Identifiers Allows for 16,760,836 VLANs but still only 4094 S-Tags Switching on C-DA and S-Tag VLAN ID C-Tag is transparent Learning on C-SA Flood to Unknown for unknown C-DA Loop avoidance by xSTP
© Ciena Confidential and Proprietary 31
Feature Review – MAC Header Encapsulation aka Provider Backbone Bridging (PBB) – 802.1ah
Addition of another 12-bit VLAN field (B-Tag) to Ethernet frame Addition of another 48-bit MAC field (B-SA) to Ethernet frame Addition of another 48-bit MAC field (B-DA) to Ethernet frame Addition of 24-bit Service Identifier field (I-Tag) to Ethernet frame Allows for 4094 C-Tag VLAN Identifiers Allows for 4094 S-Tag VLAN Identifiers Allows for 4094 B-Tag VLAN Identifiers Allows for 16,777,214 I-Tag Service Identifiers S-Tag is mapped to Service Identifier (I-Tag) Switching on B-DA and I-Tag C-Tag is transparent C-DA is transparent Customer Layer 2 Control Protocols are transparent Learning on B-SA Flood to Unknown for unknown B-DA Loop avoidance by xSTP
© Ciena Confidential and Proprietary 32
Feature Highlight – Provider Backbone Bridging –Traffic Engineering (PBB-TE) aka Provider Backbone Transport (PBT) aka Provider Backbone Tunneling (PBT) – 802.1Qay
Same frame format as 802.1ah (PBB) – No changes / additions Extension of 802.1ah (PBB) Difference is B-DA and I-Tag identifies bidirectional tunnel pair Allows for 16,777,214 I-Tag Service Identifiers S-Tag is mapped to Service Identifier (I-Tag) C-Tag is transparent C-DA is transparent Customer Layer 2 Control Protocols are transparent No learning in core backbone -- TE No flooding in core backbone -- TE No loop avoidance (xSTP) in core backbone -- TE
© Ciena Confidential and Proprietary 33
PBT (Provider Backbone Transport) 802.1Qay Frame Format - Review
802.1ah
802.1ad
802.1Q
802.1Qay
© Ciena Confidential and Proprietary 34
(802.1ah/802.1Qay) (802.1ad) (802.1Q)
Example PBT Network
© Ciena Confidential and Proprietary 35
Example PBT Network (Detail)
(802.1ah/802.1Qay) (802.1ad) (802.1Q)
© Ciena Confidential and Proprietary 36
Sample PBT Configuration Step 1. Create a PBT remote bridge MAC address and name pair
pbt remote-bridge create remote-bridge <name> bridge-mac <mac> Step 2. Create a tunnel group
pbt tunnel-group create group <name> Step 3. Create an Encap tunnel
pbt encap-tunnel create static-encap <name> dest-bridge-name <name> port <port> b-vid <B-Tag> tunnel-group <name> pair-index <1- 4> weight <1- 8>
Step 4. Create a Decap tunnel pbt decap-tunnel create static-decap <name> dest-bridge-name <name>
port <port> b-vid <B-Tag> tunnel-group <name> pair-index <1- 4> Step 5. Create a service
pbt service create service <name> ingress-isid <I-Tag> egress-isid <I-Tag> tunnel-group <name>
Step 6. Create a Virtual Circuit virtual-switch ethernet create vs <name> vc <name> virtual-switch ethernet add vs <name> port <port> vlan <S-Tag> virtual-circuit pbt create static-vc <name> egress-isis <I-Tag> ingress-isid <I-Tag>
tunnel <name>
© Ciena Confidential and Proprietary 37
Feature Highlight – PBT (Provider Backbone Transport) 802.1Qay – Definition, cont.
Since the tunnels are point-to-point, PBT can also achieve recovery times approaching 50 ms. Providers can group a set of tunnels together that from a tunnel protection group. Only one tunnel in the protection group can be active at a time, but another tunnel in the group will be used if the primary tunnel fails.
Connection Fault Management (IEEE 802.1ag) is used to monitor these tunnels. This provides fault notifications in milliseconds and thus carrier-grade failover times can be achieved.
PBT also supports the dual homing of primary and backup tunnels. This enables PBT tunnels to terminate on entirely separate devices. This offers device redundancy and path diversity for upstream connections. This is achieved by grouping tunnels into tunnel groups.
© Ciena Confidential and Proprietary 38
PBB-TE Tunnel Resiliency: Failover / Restoration
PBB-TE BEB
PBB-TE BEB
PBB-TE BCBs
PBB-TE with 802.1ag CFM for Link Monitoring & Failover • Single or Dual Homed • Intelligent Tunnel Synchronization • Tunnel Monitoring and Failure Detection
• 802.1ag CCMs ( loss of 3 CCM triggers failure + far end rdi) • Variable Rates Depending on Needs (3.3 msec – 10 min) • Optional automatic Reversion with configurable timers
• Configurable E-Types for easy interoperability
PRIMARY
BACKUP
802.1ag CFM Continuity Check Messages (CCM)
BEB= Backbone Edge Bridge ; BCB=Backbone Core Bridge
CCM ( + CCM.rdi from far-end MEP)
(dual homed)
© Ciena Confidential and Proprietary 39
PBB-TE Tunnel : Performance Management
PBB-TE BEB
PBB-TE BEB
PBB-TE BCBs
PBB-TE with Y.1731 Performance Management • Performance Management between Tunnel Endpoints
• Provides Service Independent Tunnel Monitoring • Enhanced Scalability as 1,000’s of services may traverse the
tunnel without the need to monitor every service • Leverages 802.1ag frames for reduced overhead
• Multiple packets sent at 100ms interval to perform the test • Frame Delay / Frame Delay Variation / Loss Measurement • 2-way Delay Roundtrip Measurement • 1-way Delay Measurement (requires common time base) • Single Ended Frame-Loss (MEP to MEP)
PRIMARY
BACKUP
Y.1731 Performance Management Y.1731 ETH-LM PM
© Ciena Confidential and Proprietary 40
Feature Highlight - PBT (Provider Backbone Transport) 802.1Qay - Benefits The main benefits of PBT include: • Removing the 4,000 tag limitation, enabling 16 million distinct
services to be configured. • No learning or flooding in the core of the network for a reduction in
complexity and cost. • User MAC address and other information is tunneled through the
core network, enhancing security and scalability. • Using specifically engineered paths or tunnels allows you to target
maximum utilization of the core network devices. • The user and backbone control domains are separated, allowing
layer 2 control frames to be transported through the provider’s network.
• 802.1ag CFM can be used to monitor tunnels and provide carrier-grade failover detection.
© Ciena Confidential and Proprietary 41
Reference Architectures
© Ciena Confidential and Proprietary 42
Campus Services - Hub & Spoke Metro/Access
nxGig (P)
10Gig
Core
Campus Access Campus Metro Campus Core
Border
Border ISP
ISP
nxGig (P)
Gig (P)
Gig (P)
Gig (P)
Gig (P)
Gig (P)
Gig (P)
Core
© Ciena Confidential and Proprietary 43
Campus Services - Ring Metro/Access
10Gig
Core
Campus Access Campus Metro Campus Core
Border
Border ISP
ISP
Gig (P)
Gig (P) Gig (P)
nxGig (P)
nxGig (P)
Core
© Ciena Confidential and Proprietary 44
Campus Access Campus Metro Campus Core
Campus Services - Transport
Core
Border
Border ISP
ISP Core 10Gig
10Gig PBB-TE (P)
GigE (P)
GigE (P) GigE (P)