muse winter school 2006 muse winter school bb europe, geneva december 11 th, 2006
TRANSCRIPT
MUSE Winter School 2006
MUSE Winter School
BB Europe, GenevaDecember 11th, 2006
Tutorial Access Architecture — 2 MUSE Winter School 2006
Agenda
14:00 Access network architecture (P. Vetter, Alcatel-Lucent)
15:30 Coffee Break
15:45 Optimal resource utilisation by Traffic Engineering (I. Moldován, BUTE)
16:35 Residential Gateway and CPE Configuration and Management (G. Doumenis, ICCS) (*)
17:20 Closing Q&A
17:30 End
(*) separate handout
MUSE Winter School 2006
MUSE Access Network ArchitectureTutorial
[email protected]@alcatel.be
MUSE Winter SchoolBB Europe GenevaDecember 11th, 2006
Tutorial Access Architecture — 4 MUSE Winter School 2006
Outline
Access Architecture
Autoconfiguration
Connectivity
QoS
(List of abbreviations)
(References)
Tutorial Access Architecture — 5 MUSE Winter School 2006
Outline
Access Architecture• Definitions• Business Models• Intermezzo: Ethernet• Issues with Ethernet in Access
Autoconfiguration
Connectivity
QoS
(List of abbreviations)
(References)
Tutorial Access Architecture — 6 MUSE Winter School 2006
Network architectureDefinitions (1): Networks
RGW
AccessEN
Ethernet aggregation network
AN
BRAS
RGW Service
EN
Terminals
Regional Network
ServiceNetwork
First MileCustomer
Premise Networks
Aggregation Networks
Access Network
Tutorial Access Architecture — 7 MUSE Winter School 2006
Network architectureDefinitions (2): Nodes
RGW
AccessEN
Ethernet aggregation network
AN
BRAS
RGW Service
EN
Terminals
Regional Network
ServiceNetwork
First MileCustomer
Premise Networks
Aggregation Networks
Access Network
Tutorial Access Architecture — 8 MUSE Winter School 2006
Network architectureDefinitions (3): Business roles
Regional Network
ServiceNetwork
Acce
ss N
ode
Acce
ss E
dge N
ode
First Mile
Customer Premise Networks
Aggregation Networks
NAP RNP
Connectivity Provider
Packager
ASP
NSP
ISP
Subscriber
Network Access Provider
Regional Network Provider
Service Providers
Tutorial Access Architecture — 9 MUSE Winter School 2006
Relations between business roles
ApplicationServiceProvider
ApplicationServiceProvider
AccessNetworkProvider
AccessNetworkProvider
AccessNetworkProvider
CustomerconsumerCustomerconsumer
ConnectivityProviderConnectivityProvider
RegionalNetworkProvider
ContentProvider
RegionalNetworkProvider
ContentProvider
ApplicationServiceProvider
Application Service / Content Provider
Customer
Packager
Network Provider
Application Service / Content Provider
Customer
Packager
Network Provider
Packager
ApplicationServiceProvider
Applications delivered with an assured QoS
NetworkServiceProvider
Tutorial Access Architecture — 10 MUSE Winter School 2006
Wholesale - Retail
“Wholesale” means that a provider offers his services to an other provider
“Retail” means that a a provider offers his services directly to the subscriber
Unless otherwise specified in this course, these terms mostly apply to a NAP
Examples• “IP wholesale”: the NAP does not provide IP connectivity to the
subscriber, only L2 connectivity. One or more NSP are responsible to offer IP connectivity.
• “IP retail”: NAP is also NSP and offers IP connectivity to subscribers.
• “Application retail”: NAP also acts as ASP and offers applications to subscribers.
Tutorial Access Architecture — 11 MUSE Winter School 2006
Intermezzo: Ethernet Standards
IEEE802.3: Physical layer and MAC for LAN• (IEEE802.3ah: Ethernet in the first mile)
IEEE802.1:• 802.1D: Bridging • 802.1Q: Virtual Bridged LAN: 12 VLAN ID => 4094 possible (+2 reserved)• 802.1P: Use of priority 3 bits in VLAN Tag to differentiate class of service• 802.1ad: Provider bridge (Stacked VLANs)• 802.1X: Port Authentication
PRE SFD DA SALength/
TypeData FCS
7 1 6 6 2 46-1500 4 Bytes
PRE SFD DA SA
7 1 6 6 S-VLAN tag: 4 C-VLAN tag: 4 2 46-1500 4 Bytes
TPIDPriority
bitsVLAN IDCFI TPID
Prioritybits
VLAN IDCFILength/
TypeData FCS
PRE SFD DA SALength/
TypeData FCS
7 1 6 6 VLAN tag: 4 Bytes 2 46-1500 4 Bytes
TPIDPriority
bitsVLAN IDCFI
16 3 1 12 bits
Tutorial Access Architecture — 12 MUSE Winter School 2006
Intermezzo: Ethernet Bridge/Switch
Ethernet (CSMA)
Bridge
Ethernet Bridge (802.1D)
(Ethernet Switch)
VLAN aware Switch (802.1Q)
Hub
Tutorial Access Architecture — 13 MUSE Winter School 2006
Issues when using Ethernet in Access
Ethernet LAN (trusted environment)
Ethernet in Access (public network)
Bridge learning - Broadcast of some initialisation messages (ARP, DHCP, PPPoE)
• DOS attacks• Confidential info to other users
or competing providers
Secure and scalableconnectivity models
• Model 1 (L2 forwarding)• Model 2 (L3 forwarding)
No authentication AAA
Configurable MAC@• Conflicts, spoofing
Anti-spoofing mechanism
No QoS QoS framework
Tutorial Access Architecture — 14 MUSE Winter School 2006
Outline
Access Architecture
Autoconfiguration• AAA• PPP Model• Non-PPP autoconfiguration DCHP – 802.1X
Connectivity
QoS
(List of abbreviations)
(References)
Tutorial Access Architecture — 15 MUSE Winter School 2006
Definitions Auto configuration and AAA
Autoconfiguration: process of establishing a connection
AAAAuthentication
– process of determining whether someone or something is, in fact, who or what it is declared to be.
– based on identifiers and security attributes. – part of an actual access to a network/service in the context of a SLA or
contract, and often is linked with a fee (Accounting)
Authorization – process of giving individuals access to system objects based on their identity.
Accounting – recording, classifying, summarizing, and interpreting of events of a financial
character in a significant manner
Tutorial Access Architecture — 16 MUSE Winter School 2006
Autoconfiguration: PPP model
Characteristics :• PPP = Point-to-Point Protocol• PPP session performs (between CP modem - PPP peer)
– Link establishment (LCP packets)– Authentication (optional, PAP or CHAP)– Network-layer protocol (NCP packets :
eg IPCP: CP gets its IP@)• PPP encapsulation stays during session
Origin of PPP for Internet Access via voice band modems (fig.)• Continued to be used in DSL
PSTN InternetRASModemModem
bank
Tutorial Access Architecture — 17 MUSE Winter School 2006
Autoconfiguration : PPP model
PPP in access network• PPP can start at :
– CPE Modem(router)
– Host (PC)
• PPP can end at :
– (IP) DSLAM
– BRAS (NAP)
– BRAS (NSP) via L2TP tunnel
Switch
NAP NSP
L2TP
Tutorial Access Architecture — 18 MUSE Winter School 2006
PPPoE
PPPoE needed when PPP transported over Ethernet: allows– transport over shared medium– PPP session multiplexing
Autoconfig Procedure :- Detection of server(s):
PPPoE Active Discovery Initiation (PADI)- Server(s) reply :
PPPoE Active Discovery Offer (PADO)- Choice of server :
PPPoE Active Discovery Request (PADR)- Server confirmation :
PPPoE Active Discovery Session-confirmation (PADS)
PPP
IP
PPPoE
802.3 MAC
PPP
IP
PPPoE
802.3 MAC
RFC 2684
AAL5
ATM
PPPoE PPPoEoA
Tutorial Access Architecture — 19 MUSE Winter School 2006
PPPoE initialisation
PPPoEClient
<PADI>
Ethernet:- DA: Broadcast- SA: User MAC@
PPPoE:-ISP-Name
ModemTerminator
Access Node EthernetSwitch
PPPoEServer inEdge Node <PADI>
Ethernet:
-DA: Broadcast-SA: User MAC@PPPoE:
<PADI>
Ethernet:-S-VLAN ID-(C-VLAN ID)-DA: Unicast/Multicast- SA: User MAC@
PPPoE:
<PADI>
Ethernet:-S-VLAN ID-(C-VLAN ID)-DA: Unicast/Multicast- SA: User MAC@
PPPoE:
<PADO>
Ethernet:-S-VLAN ID-(C-VLAN ID)- DA: User MAC@- SA: Server MAC@
PPPoE:
<PADO>
Ethernet:-S-VLAN ID-(C-VLAN ID)- DA: User MAC@- SA: Server MAC@
PPPoE:
<PADO>
Ethernet:-DA: User MAC@-SA: Server MAC@PPPoE:
<PADO>
Ethernet:- DA: User MAC@- SA: Server MAC@
PPPoE:
<PADR>
Ethernet:- DA: Server MAC@- SA: User MAC@
<PADR>
Ethernet:-DA: Server MAC@-SA: User MAC@
<PADR>
Ethernet:-S-VLAN ID-(C-VLAN ID)- DA: Server MAC@- SA: User MAC@
<PADR>
Ethernet:-S-VLAN ID-(C-VLAN ID)- DA: Server MAC@- SA: User MAC@
<PADS><PADS><PADS><PADS>
-ISP-Name
-ISP-Name
-ISP-Name
-ISP-Name-ISP-Name
-ISP-Name-ISP-Name
Tutorial Access Architecture — 20 MUSE Winter School 2006
Non-PPP autoconfiguration
PPP is tunnel for each connection
Disadvantages of PPP:• Separate tunnel per QoS class• No support multicast streams• Dataplane process• Not supported by all types of terminals
Non-PPP: => DHCP• LCP ? • Authentication ?• NCP ?
DHCP
IP
802.3 MAC
Config Data
IP
802.3 MAC
Tutorial Access Architecture — 21 MUSE Winter School 2006
Authentication in Non-PPP model
Portal based authentication
EAP
IEEE 802.1X
PANA (Protocol for carrying Authentication for Network Access)
DHCP option 90
Tutorial Access Architecture — 22 MUSE Winter School 2006
Autoconfiguration : DHCP model
Characteristics :• DHCP = Dynamic Host Configuration Protocol• DHCP works in client/server mode• DHCP is carried over IP, only during config phase• DHCP session (host - server) :
– delivers host-specific config parameters– allocates NW addresses to host
– automatic : permanent IP@– dynamic : leased IP@ (limited time)– manual
Autoconfig procedure :• Discovery of DHCP server (DHCPDISCOVER)• Replies of server(s) (DHCPOFFER)• Host selects server (DHCPREQUEST)• Server acks and sets config (DHCPACK)
DHCP
IP
802.3 MAC
Config Data
IP
802.3 MAC
Tutorial Access Architecture — 23 MUSE Winter School 2006
IEEE 802.1X
802.1X compliant portof a NAP
LAN
UncontrolledPort
Port AuthenticationEntity(PAE)
ControlledPort
OtherPort
Services
802.1xSuplicant
RADIUS,DIAMETER
AuthenticationServer
PortAuthorize
Tutorial Access Architecture — 24 MUSE Winter School 2006
Authentication Architecture
CPN
aggregation network
802.1X Authenticator on the port
+ Radius client 802.1X supplicant
Bridged or routed modem
Authentication server
AAA server
Access Node
Terminal
Edge Node
Tutorial Access Architecture — 25 MUSE Winter School 2006
Autoconfiguration message sequenceAutoconfiguration messages
Tutorial Access Architecture — 26 MUSE Winter School 2006
Exercise (cf. Ethereal read-out)
1. What is the protocol used for autoconfiguration ?
2. Identify the main message groups as explained in the course ?
3. What is the IP-address assigned after autoconfiguration ?
4. What is the IP address of the DNS server ?
5. What is the hexadecimal code for a Broadcast MAC@ ?
Tutorial Access Architecture — 27 MUSE Winter School 2006
Outline
Access Architecture
Autoconfiguration
Connectivity• Model 1: L2 Forwarding• Model 2: L3 Forwarding
QoS
(List of abbreviations)
(References)
Tutorial Access Architecture — 28 MUSE Winter School 2006
Model 1: Ethernet network model
CPN
CPN
NSP/ISP
NSP/ISP
NSP/ISP
ASPNAP
EN
Ethernetaggregation network
AN
CPE
EN
CPE
Ethernet switch(802.1ad)
bridged
Ethernet switch(S-VLAN aware or 802.1Q)
BRAS or Edge Routerrouted
(IPv4/IPv6)
IP termination
Tutorial Access Architecture — 29 MUSE Winter School 2006
Model 1: Cross-connect mode
CPN
NSP/ISP
NSP/ISP
NSP/ISP
ASPNAP
CPN
EN
Ethernet aggregation network
Routed => L2 termination
CPE EN
MAC @ FWDwithin S-VLAN
US : L2 terminationDS : S-VLAN + C-VLAN tagging
S-VLAN 1
S-VLAN 4
S-VLAN 2
S-VLAN 3
C-VLAN 1C-VLAN 2
C-VLAN 1C-VLAN 2
C-VLAN 1C-VLAN 2
C-VLAN-based Cross-connecting : 1(+) C-VLAN(s) <=> 1 lineUS : S-VLAN taggingDS : S-VLAN stripping
IP@ in SubNet service 1 IP@ in SubNet service 2
Bridged => MAC@ FWD
Tutorial Access Architecture — 30 MUSE Winter School 2006
Model 1: Intelligent bridging mode
NSP/ISP
NSP/ISP
NSP/ISP
ASPNAP
CPN
ENEthernet
aggregation networkAN
MAC @ forwardingUS : S-VLAN taggingDS : S-VLAN stripping
Routed => L2 termination
CPE EN
MAC @ forwardingwithin S-VLAN
US : L2 terminationDS : S-VLAN tagging
S-VLAN1
S-VLAN4
S-VLAN2
S-VLAN3
CPN
Bridged => MAC@ FWD
Tutorial Access Architecture — 31 MUSE Winter School 2006
Model 1: Characteristics
Intrinsically• Based on Ethernet-compliant switches (802.1ad)
– MAC learning, VLAN configuration, RSTP, L2 QoS based on p-bits
• Interpretation of IGMP for multicast tree building• Scalability factor; MAC@ (bridging) / stacked VLANs (X-connect)• Priority has been put on intelligent bridging
– lower complexity, compatible with existing ENs
With respect to ATM networks• Possibility for cost-effective bandwidth upgrades with Ethernet technology• Packet-based nature of Ethernet =>
– more efficient delivery of multicast or broadcast streams (through the use of multicast trees),
– the ability to differentiate QoS on a packet basis for differentiated services, – a simpler provisioning of the network.
Tutorial Access Architecture — 32 MUSE Winter School 2006
Model 2: IP network model
NSP/ISP
NSP/ISP
NSP/ISP
ASPNAP
EN
AN
CPE
EN
CPNCPE
CPNCPE
Ethernet / IP / (MPLS)aggregation network
(optional)Ethernet for
IPoPPPoE
Ethernet switch(S-VLAN aware or 802.1Q)
BRAS or Edge Router
bridged
routed(IPv4/IPv6)
IP termination(IPv4/IPv6)
Router (IPv4/IPv6)
IP for IPoE (IPv4/IPv6)
Tutorial Access Architecture — 33 MUSE Winter School 2006
Model 2: IP forwarding mode (IPoE traffic)
CPN
CPN
NSP/ISP
NSP/ISP
NSP/ISP
ASPNAP
EN(router)Ethernet
aggreg. NWAN
CPE EN
(BRAS)
ARP proxyDHCP relay
IP forwarding
CPN
IP@ in SubNet service 1 (e.g. wholesale)IP@ in SubNet service 2 (e.g. retail)
Service connectionsS-VLANs (1 per EN,
+ optionally per service)
Tutorial Access Architecture — 34 MUSE Winter School 2006
Model 2: IP routing mode for retail (IPoE traffic)
CPN
CPN
NSP/ISP
NSP/ISP
NSP/ISP
ASPNAP
EN(router)Ethernet
aggreg. NWAN
CPE EN
(BRAS)
CPN
DHCP relayIP routing
S-VLANs (1 per EN, + optionally per service)
IP@ in SubNet retail applicationsIP@ in private subnet (not globally accessible)
Tutorial Access Architecture — 35 MUSE Winter School 2006
Model 2: IP routing mode for wholesale (IPoE traffic)
CPN
CPN
NSP/ISP
NSP/ISP
NSP/ISP
ASPNAP
EN(router)Ethernet
aggreg. NWAN
CPE EN
(BRAS)
CPN
DHCP relayIP routing
S-VLANs (1 per EN, + optionally per service)
IP@ in SubNet service 1 (e.g. wholesale)IP@ in SubNet service 2 (e.g. retail)IP@ in private subnet (not globally accessible)
Tutorial Access Architecture — 36 MUSE Winter School 2006
Model 2: Characteristics
Intrinsically• Higher level of IP-awareness• Forwarding decisions based on IP addresses (not necessarily full router)• Interpretation of IGMP or PIM for multicast tree building• Scalability factor;
– ARP tables (IP forwarding) / routing messages (routing case, depending on subnetting)
• Priority has been put on IP forwarding for IPoE and L2 switching for IPoPPPoE– No need for routing protocols between AN and EN while allowing best subnetting– Easiest migration from existing networks
With respect to Ethernet NW model• IP as basis for packet handling =>
– IP QoS– Natural way for peer-peer– Security; separation of user at L2, more control on IP@ by operator than on MAC@– Scalability; solved for L2, at L3 depends on subnetting scheme– Flexibility for S-VLANs; can be shared over multiple ANs– Future-ready (for service enablers operating at IP level)
Tutorial Access Architecture — 37 MUSE Winter School 2006
Outline
Access Architecture
Autoconfiguration
Connectivity
QoS
(List of abbreviations)
(References)
Tutorial Access Architecture — 38 MUSE Winter School 2006
QoS introduction
QoS is key in multi-service access
End-to-End QoS solutions (e.g. IntServ) • commercially failed because of complexity
Priority based QoS (e.g. Diffserv) • works in Core Networks with sufficient capacity, • not suited for Access & Aggregation
=> Simplified QoS control in Access & Aggregation needed
EdgeNodeAccess
Node
Tutorial Access Architecture — 39 MUSE Winter School 2006
Principle of CAC (Call Admission Control)
EdgeNodeAccess
Node
Pre-provisioned pipes
RAC
Resource Admission Control Function• View of flows and BW already allocated
• Configures policers at borders
• Admission control after request
Tutorial Access Architecture — 40 MUSE Winter School 2006
CP
QoS Control Functions and Steps
RNP
Customer
ISP
ASP1
ASP2NAP
AccessEN
RGW Terminals
AN
EthernetAggregation network
RACF
AF
AF
S-VLANS-VLAN
RACF for RN
S-PDF
Policy Enforcement function
Tutorial Access Architecture — 41 MUSE Winter School 2006
Considerations for CAC
CP
RNP
Customer
ISP
ASP1
ASP2NAP
AccessEN
RGW Terminals
AN
EthernetAggregation network
RACF
AF
AF
S-VLANS-VLAN
RACF for RN
S-PDF
LocalRACF
Selective CAC:• Only for services that need it• Only for network sections that
need it
Centralised or distributed CAC
S-VLAN 2S-VLAN 2
Policy enforcement• US: at AN• DS: at EN and at ANPer flow or per aggregate
Tutorial Access Architecture — 42 MUSE Winter School 2006
Standardisation and industry forumsrelevant for BB Access Architecture
DSL Forum• Architecture & Transport (e.g. TR-101 Migration to Ethernet in
Access)• DSL Home (e.g. TR-069 remote management protocol)• Operations & Network Service Management• Test & Interoperability
ETSI-TISPAN• NGN Architecture (QoS framework)
HGI• Requirements for Residential Gateways
Other: IEEE802, IETF, MEF, ITU-T
Tutorial Access Architecture — 43 MUSE Winter School 2006
Agenda
14:00 Access network architecture (P. Vetter, Alcatel-Lucent)
15:30 Coffee Break
15:45 Optimal resource utilisation by Traffic Engineering (I. Moldován, BUTE)
16:35 Residential Gateway and CPE Configuration and Management (G. Doumenis, ICCS)
17:20 Closing Q&A
17:30 End
Tutorial Access Architecture — 44 MUSE Winter School 2006
Abbreviations (1)
Tutorial Access Architecture — 45 MUSE Winter School 2006
Abbreviations (2)
Tutorial Access Architecture — 46 MUSE Winter School 2006
Abbreviations (3)
Tutorial Access Architecture — 47 MUSE Winter School 2006
Abbreviations (4)
Tutorial Access Architecture — 48 MUSE Winter School 2006
References