csci-370 c omputer networks: shrinking the globe one click at a time lecture 8
DESCRIPTION
CSCI-370 C omputer Networks: Shrinking the globe one click at a time Lecture 8. Khurram Kazi. Special Topics and Recent Trends in Networking. Ethernet Services Over Metro and Wide Area Networks: Standards Activities. What is so special about Ethernet. Why Ethernet, what not anything else! - PowerPoint PPT PresentationTRANSCRIPT
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370
CSCI-370Computer Networks:
Shrinking the globe one click at a time
Lecture 8
Khurram Kazi
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370
Ethernet Services Over Metro and Wide Area Networks: Standards Activities
Special Topics and Recent Trends in Networking
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 3
What is so special about Ethernet
Why Ethernet, what not anything else! Major driving factor is human mentality Familiarity breeds desire to keep using it until there is no
other choice Build on the existing know how and extend its capabilities
to meet future needs Reduced capital expenditure (economies of scale) and
operational costs: Is it reality or perception
Will have more feedback in near future as carriers have started to deploy these services
Connect multiple enterprise campuses via Ethernet Services using the Public WAN Infra-structure, may they be across the street in the same metro area or across the globe
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 4
Who is defining Ethernet standards
IEEE has been the pioneering standards body in defining (wired and wireless) Ethernet standards, primarily for Enterprise applications. They are working on defining Metro Wireless standards along with last mile Ethernet Solutions
Metro Ethernet Forum (MEF) took the initiative to bring Carrier Class Ethernet Services across the Metro networks building on IEEE work MEF defined the Ethernet services in such a way that they are
transport technology agnostic Internet Engineering Task Force (IETF)
MPLS as the foundation of defining such services International Telecommunication Union (ITU)
Defining Ethernet Services over SONET/G.709 (OTH): Virtual Concatenation, Link Capacity Adjustment Scheme (LCAS), Generic Framing Procedure (GFP)
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 5
Are SONET and SDH that different?
For all practical purposes at a high level of abstraction there is hardly any difference between SONET and SDH
Both support similar data ratesSTS-1 => STM-0STS-3 => STM-1 etc
So the SONET/SDH term will be used interchangeably in this presentation
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 6
Fundamentals of Services definition Services are defined in observable
terms with clear demarcation points between the subscriber and the Service Provider’s equipment
Subscriber equipment is called the Customer Edge (CE) At the CE, the observable
parameters are defined which become the basis for Service Level Agreements (SLAs)
Physical demarcation point between the subscriber and the Service Provider is termed as User-to-Network Interface (UNI)
Hence all the services are defined between the two or more UNIs Underlying Networking technology
is invisible to the subscriber These simple yet power definitions
have allowed almost 100 million Ethernet compliant devices to take advantage of these services
Metro Network Cloud
Service Attributes
Customer Edge (e.g router or Multi-Service Provisioning Platform,
MSPP)
UNI (User-to-Network Interface)
UNI (User-to-Network Interface)
Customer Edge (e.g router or Multi-Service Provisioning Platform,
MSPP)
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 7
Non abstract meaning of UNI (User to Network Interface)
UNI can be envisioned as a physical RJ-45 socket which can reside on an Ethernet Switch or a patch panel provided by the Service Provider
The physical aspect of turning on an Ethernet Service can be simply plugging in the right equipment at this Ethernet jack
The connection can be at 10 Mb/s, 100 Mb/s, 1 Gb/s or 10 Gb/s if Ethernet is used as the physical layer between the subscriber or the Service Provider If the subscriber initially wants 10 Mb/s and later requires 100
Mb/s, only the provisioning of the service is changed and not the physical link: making it future growth friendly
If SONET is used, the physical link rates can be multiples of STS-1s or at lower sub-rates of STS-1 (based on VT structure)
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 8
Service Frames and Frame Delivery
Service frames are similar to the Ethernet frames without the preamble and the Start of Frame Delimiter
It starts with the Destination address and ends with the Frame Check Sequence
Frame is considered ingress frame when it enters the Metro Ethernet Network and egress frame when it exits the network
Service frame transparency is maintained between the two UNIs, as it traverses the Metro Network with some exceptions Egress service frame may have a 802.1Q tag when the
corresponding ingress frame did not have it Likewise the egress frame may not have the tag, while the
ingress had it The tag values between the ingress frame and the egress
frame are different
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 9
Fundamentals of Services definition:Ethernet Virtual Connection (EVC )
EVC is defined as “an instance of an association of two or more UNIs
Why EVC needed to be defined? Metro Ethernet Network (MEN) can be visualized as a
shared medium where ingress frame is replicated and delivered to all the UNIs
Concept works OK within the LAN as it belongs to the same organization or entity
Not a good idea when the data traverses the public network Traffic Isolation
Methodology need to be devised so that subscriber data is only transport and/or replicated to authorized UNIs and not to any other UNIs sharing the same MEN
Hence the concept of “VIRTUALIZATION of the Connection” to provide traffic isolation
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 10
Example illustrating EVC Concepts: Two Services instantiations
EVC1 => defined between 2 UNIs, HQ and the backup center Point to Point service All the ingress frames will be
exchanged between the 2 UNIs with the exception of control messages (terminated by the MEN)
EVC2 => defined between the HQ, Engineering facility and the 2 sales regions Multipoint to multipoint service Supports unicast and multicast
traffic between the UNIs defined in the EVC group
Generally speaking there can be more than one service instance More than one EVC defined for a
virtual network
Metro Network Cloud
HQ
Engineering Facilty
Sales Support Region 1
Sales Support Region 2
Backup/Disaster Recovery Center
Multipoint to Multipoint EVC
Point to Point EVC
EVC1
EVC2
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 11
CE (Customer Edge) -VLAN ID There are 4095 CE-VLAN (Virtual Local Area Network)
IDs and the ID numbers vary from 1,2 …4095 The VLAN ID is extracted from the content of the
Service Frame in the following manner For a Service Frame that has an IEEE 802.1Q Tag and the
12 bit VLAN ID in the Tag is not zero, the CE-VLAN ID is equal to the VLAN ID in the Tag.
Untagged and priority tagged Service Frames have the same CE-VLAN ID and the CE-VLAN ID value is configurable to any value in the range 1, …, 4094 at each UNI.
An Ethernet frame with an IEEE 802.1Q Tag that has zero as the VLAN ID is called priority tagged.
Untagged priority frames are handled as if they belong to a default VLAN and the default VLAN is configured appropriately on each port of the Network Element, which can be an Ethernet Switch
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 12
CE-VLAN ID/EVC Mapping
At each UNI, the CE-VLAN ID has to be associated with an EVC ID EVC ID is an arbitrary string
administered by the Service Provider
VLAN ID of 2 is delivered through the MEN according the properties of the Red EVC
VLAN ID of 1 is delivered through the MEN according to the properties of Blue EVC
Any Service Frame with Tag ID other than 1, 2 or 4094 will dropped by the MEN as there is not EVC associated with them
Service Frame Format
UntaggedTagged VID = 1Tagged VID = 2Tagged VID = 3
.
.
Tagged VID = 4094Tagged VID = 4095
CE -VLAN ID
123
.
.
40944095
EVC
Red
Green
Blue
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 13
CE-VLAN ID Significance
CE-VLAN ID MAY only have relevance at a given UNI 47 (@UNI A) => EVC1 < = 47 (@ UNI B) 1343(@ UNI A) => EVC 2 <= but untagged (@ UNI B) 187 (@ UNI A)=> EVC3 <= 1343 (@ UNI B)
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 14
Traffic Engineering: Bandwidth profile attributes Different subscribers will have different bandwidth needs.
Some might require 100 Mb/s, others less than 20 Mb/s while some might require 1 Gb/s
Some may prefer pay as they use for the bandwidth needs; they may start with 20 Mb/s to begin with and at a future date increase their requirements to 100 Mb/s
To accommodate such requirements, there are bandwidth profile parameters that MEF defined Committed Information Rate (CIR) expressed as bits per second Committed Burst Size (CBS) expressed as bytes Excess Information Rate (EIR) expressed as bits per second Excess Burst Size (EBS) expressed as bytes Coupling flag (CF) must have either value of 1 or a 0 Code Mode (CM) must have only one of the two possible values
Color Blind Color Aware
These profile attributes form the basis of the Service Level Agreements
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 15
Bandwidth Profiles defined in three ways
UNIUNI
EVCEVC11
EVCEVC22
CECE--VLAN CoS 0,1,2,3VLAN CoS 0,1,2,3
CECE--VLAN CoS 4,5VLAN CoS 4,5
CECE--VLAN CoS 6,7VLAN CoS 6,7
BandwidthBandwidthProfileProfile
Bandwidth Profile defined on per Ingress UNI
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 16
Bandwidth Profiles defined in three ways
Bandwidth Profile defined on per EVC basis
UNIUNI
EVCEVC11
EVCEVC22
CECE--VLAN CoS 0,1,2,3VLAN CoS 0,1,2,3
CECE--VLAN CoS 4,5VLAN CoS 4,5
CECE--VLAN CoS 6,7VLAN CoS 6,7
BandwidthBandwidthProfile 1Profile 1
BandwidthBandwidthProfile Profile 22
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 17
Bandwidth Profiles defined in three ways
Bandwidth Profile defined on per EVC and CE-VLAN CoS:
The most granular defined attributes allowed
UNIUNI
EVCEVC11
EVCEVC22
CECE--VLAN CoS 0,1,2,3VLAN CoS 0,1,2,3
CECE--VLAN CoS 4,5VLAN CoS 4,5
CECE--VLAN CoS 6,7VLAN CoS 6,7
Bandwidth Profile 1Bandwidth Profile 1
Bandwidth Profile 2Bandwidth Profile 2
Bandwidth Profile 3Bandwidth Profile 3
Bandwidth Profile 4Bandwidth Profile 4
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 18
Ethernet Services over public WAN:Work being done at ITU-T
SONET/SDH/PDH/OTN
Carrier Network
Customer AEquipment
EthernetPHY
CarrierEquipment
CarrierEquipment
Customer AEquipment
EthernetPHY
Customer BEquipment
Customer BEquipment
SONET/SDH/PDH/OTH
Carrier Network
Customer AEquipment
EthernetPHY
CarrierEquipment
CarrierEquipment
Customer AEquipment
EthernetPHY
Customer BEquipment
Customer BEquipment
a) EPL for two customers, each with their own TDM channel
b) EVPL for two customers where they share a TDM channel for increasedefficiency
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 19
Summary of Ethernet types of Services
Connectivity
Resource sharing
Service type
Point-to-point Dedicated EPL (Ethernet Private Line)
Shared EVPL (Ethernet Virtual Private Line)
Multipoint Dedicated EPLAN (Ethernet Private LAN)
Shared EVPLAN (Ethernet Virtual Private LAN)
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 20
Ethernet Private Line (EPL) Service
EPL is the simplest service that existing SONET/SDH transport network can support
Desired dedicated bandwidth is allocated enabled by VCAT, LCAS and GFP
Mimics a virtual wire connectivity between two CEs
SONET/SDH/PDH/OTH
(or ATM/MPLS CIR)
Carrier NetworkCustomerEquipment
EthernetPHY
CarrierEquipment
CarrierEquipment
CustomerEquipment
EthernetPHY
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 21
Ethernet Private LAN (EPLAN) Service
Multiple sites either across the street or across the globe connected virtually
Mesh connectivity using Multi-service Provisioning Platform type Network Elements
Carrier Network
CustomerEquipment
CustomerEquipment
CustomerEquipment
EthernetPHY
EthernetPHY
EthernetPHY
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 22
Ethernet Private LAN (EPLAN) Service
LAN connectivity made by using centralized switch, i.e. the traffic is hauled to a centralized switch and then forwarded to the respective UNI
CarrierNetwork
CustomerEquipment
CustomerEquipment
CustomerEquipment
EthernetPHY
EthernetPHY
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 23
Ethernet Private LAN (EPLAN) Service
Edge node serves as a bridge or a switch to provide connectivity between the respective UNIs
Carrier Network
CustomerEquipment
CustomerEquipment
CustomerEquipment
EthernetPHY
EthernetPHY
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 24
How is Ethernet affecting our lives in some other ways!
Examples of using Ethernet for “Virtual doctor’s” office servicePatients in a village from their homes can
have a video conference with their doctor (residing somewhere else) [example cited from Telenor, Norway’s Service Provider]
Doctors can monitor/see intricate operations being performed at a hospital across the globe
Distance Learning
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370
Architectural Design of Networking Standards based Multi-Gigabit Network Elements
Special Topics and Recent Trends in Networking
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 26
Technology/Market Trends Over the past few years the focus of the
networking industry has shifted towards providing various services that seamlessly connect diverse networks over different geographical locations across the globe.
Service go beyond capabilities that of the traditional TDM or packet based technologies
Most leading service provides have transitioned to providing integrated services platforms
These platforms allow the service provides to offer bundled services to their customers that can be provisioned almost instantly.
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 27
Technology/Market TrendsServices could be
Provide Ethernet connectivity over metro or wide area public networksVirtual point to point Virtual point to multipoint Virtual multipoint to multipoint
Offer Connectivity of Storage Area Networks using
Backhauling of cellular traffic using optical networks
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 28
Requirements Placed on the Network Elements by the Network
Physical Layer
MAC/WAN Framer (e.g. Ethernet or SONET/SDH frame processing)
Data Header Parsing (e.g. for address/protocol information)
Classification (filtering, forwarding, lookup etc)
Protocol Translations
Traffic Management (segmentation reassembly, queuing, policing etc.)
Data encryption/decryption
Topology management
Configuration/statistics gathering
Signalling/provisioning
Network management
Policy administration/applications
Data plane processing;(Time sensitive data: to be processed at line rate)
Operation, Administration, Management and Provisioning (OAM&P);(Less time critical applications to be performed at much slower rates than the line rate)
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 29
Packet Based Network Element
FEC(Optional)
Transponder/(Optics +SERDES)
NetworkProcessor
Host Processor
Multi-ServiceFramer/Mapper
TrafficManager
SwitchFabric
InterfaceDevice
CrossBar/SwitchMatrix
TrafficManager
(Optional)
NetworkProcessor(Optional)
Switch FabricChipset
SFI/SXI
SFI/SXI
SPI
SPI
SPI
SPI
SPI
SPI
Proprietary or S
tandardizedB
ackplane Interface
Line Card Switch Fabric Card
Host Processor Interface, (e.gPCI 2.2 compliant 66 MHz, 64 bit host interface)
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 30
Line Card using TDM Switch Fabric
FEC(Optional)
Transponder/(Optics +SERDES)
Host Processor
Multi-ServiceFramer/Mapper
TDMSwitchFabric
SFI/SXI
SFI/SXI
TF
I (TD
M F
ramer S
witch F
abric Interface)
Line Card Switch Fabric Card
Host Processor Interface (e.gPCI 2.2 compliant 66 MHz, 64 bit host interface)
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 31
Integrated TDM/Packet based Line card with Different Switch Fabrics
FEC(Optional)
Transponder/(Optics +SERDES) Network
Processor
Host Processor
Multi-ServiceFramer/Mapper
TrafficManager
SwitchFabric
InterfaceDevice
Packet/cellbased
CrossBar/SwitchMatrix
TrafficManager
(Optional)
NetworkProcessor(Optional)
Switch FabricChipset
SFI/SXI
SFI/SXISPI
SPI
SPI
SPI
SPI
SPI
Proprietary or S
tandardizedB
ackplane Interface
Line Card Switch Fabric Card(s)
Host Processor Interface (e.gPCI 2.2 compliant 66 MHz, 64 bit host interface)
TDMSwitchFabric
TFI
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 32
Inter-chip communication recommendations
OIF (Optical Internetworking Forum) recommendations Variants of SERDES Framer Interface Level 4 for 10
and 40 Gb/s Variants of System Packet Interface operating at 2.5,
10 and 40 Gb/s Variants of System Framer Interface operating at 10
and 40 Gb/s SxI-5: Electrical Characteristics for 2.488 – 3.125 Gbps
parallel interfaces. TFI-5: TDM Fabric to Framer Interface Implementation
Agreement
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370
Network Security Architecture
Customer’s responsibility or Service Provider’s
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 34
Security Issues Throughout History
Breaches in information security have translated into catastrophic losses and at times brought organizations or nations to their knees
As time progressed the techniques to transport sensitive information changed, however, the objectives of the sender and interested interceptor still remained the same
The sender always tries to ensure the message assurance
The interceptor on the other hand has been trying to find innovative ways to decipher the intercepted messages
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 35
Are Metro and Wide Area Networks Safe: A Myth or Reality
MS
PP
Office Building
Wiring Closet
Local Central Office
Network Cloud
Possible Vulnerable Spots
Physical Isolation Does not guarantee data security
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 36
Are Metro and Wide Area Networks Safe: A Myth or Reality
Virtual Isolation Data can be easily snooped at by unauthorized
entities
Customer A’s Traffic
Customer B’s Traffic
Customer C’s Traffic
Customer N’s Traffic
Customer A’s Traffic
Customer B’s Traffic
Customer C’s Traffic
Customer N’s Traffic
Multiplexed Traffic
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 37
Are Metro and Wide Area Networks Safe: A Myth or Reality?
Tandem Connection Subscriber does not have any idea who all might be
carrying its data
User User
Operator A Operator BOperator N
Working
End-to-End Path
Data Traversing Multiple Domains
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 38
Are Metro and Wide Area Networks Safe: A Myth or Reality?
Snooping Subscriber’s Data by the CarriersCases have been reported where the Voice
over IP service provider’s data is being blocked by the carriers it uses.
There are tools available that make data snooping, filtering and recording possible
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 39
Overview of Access Transport Technologies SONET/SDH
Widely deployed and is being used for Ethernet services
1/10 Gigabit Ethernet Used in green field applications
Fibre Channel Restricted to Storage Area Networks
Native traffic over dark fiber Typically used by large organizations for whom it is
cheaper to manage their own networks
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 40
Encryption at Different OSI Layers
Three main high speed access protocols SONET/SDH, 1/10 Gigabit Ethernet and Fibre Channel
Client Mapping of signals over transport protocols
SONET/SDHSONET/SDH
ATMATM
PDH
SONET/SDHSONET/SDH
ATMATM
CBR IP
10 GbE GFPGFPGFPGFP
GFPGFPGFPFibre ChannelPDHPDHPDHDVBMPLS 1 GbE
SONET/SDHSONET/SDH
PDH
SONET/SDH1/10 Gigabit Ethernet
CBR IPMPLS
SONET/SDHSONET/SDHSONET/SDHFibre Channel
A B
C
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 41
Encryption at SONET/SDH Layer
Diverse Traffic Aggregation over SONET/SDH
Laptop
Server
Exchange Servers
Laptop
Server
Exchange Servers
LAN Switch (10/100 Mb/s
Ethernet)
LAN Switch (10/100 Mb/s
Ethernet)
LAN Switch (1 and/or 10 Gb/s
Ethernet)
WAN Connectivity (SONET/SDH)
MSPP
Storage/Fibre Channel Element
Traditional TDM traffic source (T1/T3 etc)
Encryption at SONET/SDH layer Bulk encryption of data of varied
traffic type Less number of Security
Associations (SAs) in SONET/SDH Generation of encryption keys and
their management easier (due to less SAs)
For STS-768 (40 Gb/s) using STS-1 granularities, maximum number of SAs will be 768; for STS-192, there will be 192 SAs.
Due to the lower number of end nodes, the authentication of the networks elements or nodes is significantly lowered.
Ease of management of security infrastructure due to low number of SAs.
New York Institute of Technology
Engineering and Computer Sciences
Fall 2008 CSCI 370 42
Encryption of SAN Traffic Over SONET/SDH
Latency Sensitive traffic: Secure SAN extension example Guaranteed delivery: Fibre
Channel (FC) based SANs do not tolerate frame loss in the network beyond what might be expected from BER and availability
High Throughput: Storage applications are the largest drivers of traffic across a network.
Low Latency: Storage applications require quick response times or performance can suffer.
Zero Loss: Loss is unacceptable in a storage environment. Retransmissions significantly affect application performance
Fibre Channel
Fibre Channel
FCIP
TCP
IP
IPSEC
GFP
SONET/SDH
GFP
SONET/SDH
Storage Over IPStorage Over SONET/SDH
CSCI 690 CSCI-690 C omputer Networks: Shrinking the globe one click at a time Lecture 1 Khurram Kazi
CSCI-370 C omputer Networks: Shrinking the globe one click at a time Lecture 6 Khurram Kazi CSCI 370