View
19
Download
0
Category
Preview:
DESCRIPTION
IP MAN Planning
Citation preview
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
www.huawei.com
Internal
ODD010009 IP MAN Planning
ISSUE 1.1
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 1All rights reserved
With the MPLS VPN, NGN, IPTV, and 3G services growing mature and being put into commercial use in large scale, the metropolitan area network (MAN) is developing from the single broadband Internet access service to the integrated IP MAN that can provide access for and bear multiple services such as data services, packet voice service, video service, and streaming service. This course discusses how to build the integrated IP MAN.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 2All rights reserved
This course helps you to:
[Master the IP MAN network planning.
[Master the IP MAN service planning.
[Master the IP MAN optimization plan.
[Learn typical MAN networking instances.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 3All rights reserved
Chapter 1 Overview of MAN PlanningChapter 1 Overview of MAN Planning
Chapter 2 MAN Service PlanningChapter 2 MAN Service Planning
Chapter 3 MAN Optimization PlanChapter 3 MAN Optimization Plan
Chapter 4 MAN Typical Case AnalysisChapter 4 MAN Typical Case Analysis
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 4All rights reserved
Chapter 1 Overview of MAN PlanningChapter 1 Overview of MAN Planning
1.1 What Is MAN1.1 What Is MAN
1.2 Present Situation of MAN1.2 Present Situation of MAN
1.3 General Clue and Optimization 1.3 General Clue and Optimization
Objectives of MAN Objectives of MAN
1.4 MAN Target Network Architecture1.4 MAN Target Network Architecture
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 5All rights reserved
What Is MAN
l The network architectures available for large Internet providersare as follows:
[National backbone network
[Provincial backbone network
[MAN
l The MAN refers to the part that is under the provincial backbone network and above the user access side.
l With the concept of larger MAN being put forward, the current 3-level architecture (backbone network to provincial network to MAN) is evolving to the 2-level architecture (backbone network to MAN).
Concept of MANConcept of MAN
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 6All rights reserved
Chapter 1 Overview of MAN PlanningChapter 1 Overview of MAN Planning
1.1 What Is MAN1.1 What Is MAN
1.2 Present Situation of MAN1.2 Present Situation of MAN
1.3 General Clue and Optimization 1.3 General Clue and Optimization
Objectives of MAN Objectives of MAN
1.4 MAN Target Network Architecture1.4 MAN Target Network Architecture
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 7All rights reserved
Service Situation of the MAN
l Internet broadband dialing access service
[ ADSL or LAN access, ATM or Ethernet convergence, BRAS terminated PPPoEsession
l Internet leased line access service
[ ADSL leased line: ADSL access, BRAS terminated 1483bridge/routing or VLAN
[ LAN leased line: LAN access, layer-2 and layer-3 switch termination
l VLAN interconnection layer-2 VPN (for most switched MANs)
[ MPLS layer-3 VPN (for a few routing MANs)
[ VPN in other modes such as VR VPN, L2TP VPDN, IPSec, and GRE
[ VPN leased line service
Service Situation of the MAN Service Situation of the MAN
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 8All rights reserved
Networking Types of MAN
l The IP MAN falls into the following types based on networking devices:
[Layer-3 switch-centered switched MAN
[High-speed router-centered routing MAN
Networking Types of MANNetworking Types of MAN
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 9All rights reserved
Switched MAN
l The switched MAN has the following features:
[There are no egress routers, and the MAN serves as the local extension network of the IP backbone network
[Layer-2 and layer-3 switches serve as the core of the layer-2 network and layer-3 network
[Layer-2 and layer-3 switches are also responsible for layer-2 convergence, layer-3 access, and layer-3 convergence.
[The BRAS is mounted with layer-2 and layer-3 switches for access of the PPPoE.
Features of Switched MANFeatures of Switched MAN
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 10All rights reserved
Service Implementation of Switched MAN
VLAN layer-2 VPN service
Note: When an arrow points at a device, the device is terminated or forwarded in layer-3. When a straight line passes a device, the device is penetrated in layer-2.
Internet broadband dial-up service
Internet leased line service
LAN leasedline uses
BRAS
ChinaNet router
Intra-city interconnection user
ADSLPPPoE user
LAN PPPoEuser
DSLAM
Cell switch
IP MAN
Broadband access network ATM
Intra-city interconnection user
Layer-2/Layer-3 switch
Layer-2/Layer-3 switch
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 11All rights reserved
Problems of Switched MAN
ATM PPPoELAN专线 MPLS CE
MPLS PELayer-2/Layer-3
switch
BRAS
Core layer of IP MAN
Convergence layer of IP MAN
Router
Softswitch AG
Broadband access network
It does not support MPLS.It does not support multicast.The layer-3 forwarding capability is inadequate. The uplink bandwidth is not enough. The functions of QoS and traffic control are weak.It is not secure enough and is easy to be attacked.
Cards or boards can be mounted only, and the multicast function cannot be enabled.
The PE has a weak performance and is less likely to be extended, and it does not support the VPN.
It has complicated functions and can serve as:•LAN leased line access router •Ethernet layer-2 convergence switch •Layer-3 convergence router:
The port density is low, and the performance is weak.
It cannot isolate or bind users.New service deployment is affected due to restriction on uplink bandwidth of the DSLAM.The Ethernet switching network is too big and is restricted by the upper limit of VLAN. The layer-2 protection is unavailable. The QoS function of the equipment is weak.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 12All rights reserved
Routing MAN
l The routing MAN has the following features: A router is used for egress and the core layer for networking.
[Layer-2 and layer-3 switches are also responsible for layer-2 convergence, layer-3 access, and layer-3 convergence.
[The BRAS is mounted with layer-2 and layer-3 switches for access of the PPPoE.
[The MPLS PE is set especially, and it is mounted with layer-2 and layer-3 switches.
Features of Routing MANFeatures of Routing MAN
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 13All rights reserved
Service Implementation of Routing MAN
MPLS layer-3 VPN service
Note: When an arrow points at a device, the device is terminated or forwarded in layer-3. When a straight line passes a device, the device is penetrated in layer-2.
Internet broadband dial-up service
Internet leased line service
IP MAN
Broadband access network
BRAS
MPLS CE LAN
PPPoE useer
DSLAM
ATM
Core router of MAN
LAN leasedline uses
ChinaNet router
ADSLPPPoE user
LAN PPPoEuser
Layer-2switch
Cell switch
Layer-2/Layer-3 switch
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 14All rights reserved
Chapter 1 Overview of MAN PlanningChapter 1 Overview of MAN Planning
1.1 What Is MAN1.1 What Is MAN
1.2 Present Situation of MAN1.2 Present Situation of MAN
1.3 General Clue and Optimization 1.3 General Clue and Optimization Objectives of MAN Objectives of MAN
1.4 MAN Target Network Architecture1.4 MAN Target Network Architecture
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 15All rights reserved
Service Development Trends of MAN
l The service grows rapidly. [ In 2005, the number of broadband subscribers grows by 10 million. The total
number of subscribers reaches around 25 million. [ It is estimated that the number of broadband subscribers will grow to 62.88
million by 2008.l Broadband is more and more popular in services.
[ Video application requires that the bandwidth of common application reaches 2 M and that of some advanced application reached around 8 M by 2008.
l Integration of services’[ The MAN bears voice services, video services, data services, and enterprise
interconnection service simultaneously. l Differentiation of services
[ According to requirements of customers and application, provide services in different QoS levels
l Service Control[ Centralized control and management such as awareness, authentication,
charging, security, and QoS for services
Service Development Trends Service Development Trends
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 16All rights reserved
Network Performance Features Required for Service Development of MAN
Network Performance FeaturesNetwork Performance Features
Network availability: 99.9%
Note:The above specifications are sited from ITU-T Y.1541, G.114, YD/T 1071 of the communication standards of People’s Republic of China, and documents from some manufacturers. All specifications are network end-to-end (UNI-UNI) unidirectional specifications. “U” indicates that the upper limit is not specified.
100ms 50ms 0.1% 0.01%
100ms 50ms 0.1% 0.01%
IPTV 1000ms 1000ms 0.1% 0.01%
100ms U 0.1% 0.01%
U U U U
Application type
Instant voice
Instant video(video telephony
and video conferencing)
Streaming video
Instant interaction data
Common data
Typical services
Softswitchvoice
Video telephony and video conferencing
Games and signaling
Upper limit of end-to-end unidirectional average delay
Upper limit ofend-to-end unidirectionalaverage jitter
Upper limit ofend-to-endunidirectionalpacket loss rate
Upper limit of end-to-end Unidirectionalpacket error rate
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 17All rights reserved
General Clue of MAN Building
l Network layers are clear.[ Layer-2 and layer-3 networks are separated to build the layer-3 routing network (IP MAN) with
clear physical and logical levels and layer-2 broadband access network.l The network architecture is flat.
[ The capacity is large, the number of nodes is small, and the coverage is large so as to reduce the number of physical and logical cascading levels.
l The network quality is differentiated.[ The Diffserv mechanism is deployed for the network so as to provide different levels of QoS for
different users and services.l Management control is centralized.
[ Use the broadband access server (BRAS) and service router (SR) to build the border-to-service control layer of clear IP MAN to provide and control services on a centralized basis. In addition, normalize the network management interface requirements of devices, strengthen building of the integrated network management system, improve manageability of network, and achieve the carrier-class management.
l The requirements for devices are normalized.[ The requirements are normalized to make new devices support network functions and
performance features required for service deployment of MAN.
General ClueGeneral Clue
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 18All rights reserved
MAN Optimization Objectives: Network Function Features
l Isolate users in the layer-2 access network, identify users uniquely, and trace sources of application.
l The broadband access network and the IP MAN have differentiated service capability
l .Multicast capability of commercial scale Layer-2 and layer-3 VPN service capability in multiple access modes
l Implement the functions of secure trace, location, and isolationin the network layer.
Optimization of Network Function Features Optimization of Network Function Features
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 19All rights reserved
MAN Optimization Objectives: Network Quality Specifications
l Network availability: [99.9%
l Unidirectional average delay upper limit (packet length: 1500 bytes)[ IP MAN: 10 ms (between service access control point and
egress of MAN)[Broadband access network: 10 ms (between service
access control point and user CPE)l Upper limit of unidirectional packet loss rate: [ IP MAN: 5/10000[Broadband access network: 5/10000
l Upper limit of unidirectional average jitter: [ IP MAN and broadband access network: 5 ms
Optimization of Network Quality Specifications Optimization of Network Quality Specifications
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 20All rights reserved
Chapter 1 Overview of MAN PlanningChapter 1 Overview of MAN Planning
1.1 What Is MAN1.1 What Is MAN
1.2 Present Situation of MAN1.2 Present Situation of MAN
1.3 General Clue and Optimization 1.3 General Clue and Optimization
Objectives of MAN Objectives of MAN
1.4 MAN Target Network Architecture1.4 MAN Target Network Architecture
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 21All rights reserved
Overview of MAN Target Network
l IP MAN target network architecture:
[ IP MAN
− Service access control points (BRAS and service router) and layer-3 routing network consisting of routers above the points
− The IP MAN consists of the core layer, convergence layer, and service access control layer.
[ Broadband access network
− Layer-2 access network under service access control points
− The network layer consists of layer-2 convergence network and last-mile access network. The service plane falls into the public access network plane and key account access network plane in logic.
Overview of Target Network Overview of Target Network
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 22All rights reserved
MAN Classification
MAN Classification Based On ScaleMAN Classification Based On Scale
MAN types Phone capacity
(classification standard) Total number of broadband
users (reference)
Extra large Over four million Over 90 million
Large 0.4 million to 0.9 million 40-90 million
Medium 50-200 million 10-40 million
Small Below 50 million 4-10million
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 23All rights reserved
MAN Target Network Architecture Model Target Network Architecture Model Diagram Target Network Architecture Model Diagram
Core layer
(egress)
Transit layer
Layer-3 convergence network
Last-mile access network
Public access network planeKey account access network plane
Access layer(service
access control point)
IP MAN
BRAS MAN SR
SDH/MSTP/RPR/Ethernet ATM switching network
MSTP/RPR
ADSLaccessnetwork
LAN access network
CN2 SR
CN2ChinaNet
Broadband access network
Core router/Egress router
Backbone network
Transit router
Ethernet switching network
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 24All rights reserved
IP MAN Target Network Architecture Topology
Principle of IP MAN DesignPrinciple of IP MAN Design
SRBRAS
Core router/Transit router
SRBRASCN2 SR
Service access control point
SR-CN2 SR is needed for deployment of MPLS and for the MAN that requires cross-domain connection.
ChinaNet CN2
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 25All rights reserved
Broadband Access Network Target Network Model Broadband Access Network Target Network Model Broadband Access Network Target Network Model
Tandem exchange
Access switch Access equipment
ATME switching network
Ethernet switching network
DSLAM
LAN access network
Park switch DSLAMEthernet switching
network
Layer-2 convergence network on the key account access plane
LAN userKey
account
SDH/MSTP/RPR network
Last-mile access networkon the public access plane
BRASMANSR
CN2SR
Access switch
Access equipment
Access equipment
ADSL user
Public access plane layer-2 convergence layer
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 26All rights reserved
IP MAN Node Setting Examples
l Extra large MAN[ It is recommended to configure four routers in the core layer (also serve as
the egress routers and convergence routers of the node), 8 to 12 routers in the transit layer, 40 to 60 BRASs (30000 users/BRAS), and 8 to 15 SRs(distributed in a centralized manner).
l Large MAN [ It is recommended to configure 2 routers in the core layer (also serve as the
egress router and convergence router of the node), four to eight routers in the transit layer, 30 to 40 BRASs (25000 users/BRAS), and five to eight SRs(distributed in a centralized manner).
l Medium MAN [ It is recommended to configure four routers in the core and convergence
layer (two of which serve as the egress router and convergence router of the node), 8 to 20 BRASs (20000 users/BRAS); and two SRs (distributed in a centralized manner).
l Small MAN [ It is recommended to configure two routers in the core and convergence
layers (also serve as the egress router and convergence router) and 5 to 10 BRASs (10000 users/BRAS). The SR is not set. It is shared with that of CN2.
Recommended Node Setting ExamplesRecommended Node Setting Examples
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 27All rights reserved
Chapter 1 Overview of MAN PlanningChapter 1 Overview of MAN Planning
Chapter 2 MAN Service PlanningChapter 2 MAN Service Planning
Chapter 3 MAN Optimization PlanChapter 3 MAN Optimization Plan
Chapter 4 MAN Typical Case AnalysisChapter 4 MAN Typical Case Analysis
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 28All rights reserved
Chapter 2 MAN Service PlanningChapter 2 MAN Service Planning
2.2.1 Design of Route 1 Design of Route
2.2 Design of 2.2 Design of QoSQoS
2.3 MAN Service Implementation 2.3 MAN Service Implementation
2.4 User Management/Network2.4 User Management/Network
Management/Network Security Design Management/Network Security Design
2.5 IPV6 Network Deployment Planning2.5 IPV6 Network Deployment Planning
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 29All rights reserved
Design of MAN Route: IGP Design Principles
l The principles of designing MAN IGP routing protocols are as follows:
l It is recommended to use a dynamic routing protocol for the MAN and use a static routing protocol as supplement when necessary.
l A dynamic routing protocol is specified for each MAN, and IGP shall cover the service access layer and all devices above the layer.
l It is recommended to use the OSPF and IS-IS based on link status as dynamic routing protocols.It is recommended to use static routes between the MAN and leased line users to reduce the impact of user route fluctuation on the MAN.
l It is recommended to converge routes on the BRAS or leased line access routers to reduce the number of routes in the MAN and theimpact of routing fluctuation on the whole network, thus improving network stability.
IGP Design PrinciplesIGP Design Principles
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 30All rights reserved
Design of MAN Route: BGP Design Principles
l The principles of designing MAN BGP routing protocols are as follows:
[ In principle, the egress router of the MAN exchanges routing information with ChinaNet and CN2 through the EBGP. Some routers in the convergence layer in large MANs can run the IBGP, which is used to bear and control user route in the MAN.
[ The MAN only receives routing information from the CN2 and a default route from ChinaNet.
[ Some large MANs can receive all Internet routes from ChinaNet.
[ The MAN notifies ChinaNet and CN2 of convergence routes in the MAN.
[ The egress router of MAN is used for strategic route forwarding modes based on destination address and service levels.
BGP Design PrinciplesBGP Design Principles
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 31All rights reserved
MAN Route Design: MAN Egress Division Principle
l MAN users can visit applications of CN2 and ChinaNet.
l Service can be divided in the following two methods:
[ Allocate different IP addresses for users in different types and divide based on source addresses.
[ Assign different QoS levels for user different application types and divide based on the QoS.
l The service access control point of the MAN marks service levels.
l The egress router of the MAN can complete strategic routes based on destination address, source address,and service levels to divide the applications of CN2 and ChinaNet. It is recommended to use the forwarding mode based on destination address and strategic forwarding based on service leve
MAN Egress Division PrinciplesMAN Egress Division Principles
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 32All rights reserved
MAN Route Design: Route Design Chart Route Design Chart:Route Design Chart:
BRAS
Core router
ChinaNet CN2 CN2 key account/PE access router
EBGP Peering EBGP Peering
IGP Domain
Forward routes according to destination addresses, source addresses, and service levels.
MBGP switching VPN route
Configure and summarize the static routes to leased line users and static VRF routes to VPN users.
Static routes are configured on the BRAS. Cities or regions can decide whether the BRAS joins the IGP.
Use the OSPF or ISIS
Attach the specified service level labels on the packets to be transmitted by CN2.
Transit router
SRBRAS SRBRAS
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 33All rights reserved
Chapter 2 MAN Service PlanningChapter 2 MAN Service Planning
2.2.1 Design of Route 1 Design of Route
2.2 Design of 2.2 Design of QoSQoS
2.3 MAN Service Implementation 2.3 MAN Service Implementation
2.4 User Management/Network2.4 User Management/Network
Management/Network Security Design Management/Network Security Design
2.5 IPV6 Network Deployment Planning2.5 IPV6 Network Deployment Planning
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 34All rights reserved
MAN QoS Design: QoS ModelQoSQoS Model Model
Broadband accessnetwork
SRBRAS BRAS
Core router
Diffserv domain
CN2 SR
SRBRAS
Transit router
Classification, marking, and speed limit
Traffic shaping
IP MAN
Diffserv PHB: queuing and congestion control (WRED)
ChinaNet CN2
ATM access network
Ethernet accessnetwork SDH/MSTP/RPR
In physical combination with layer-2 QoS of 802.1P
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 35All rights reserved
Chapter 2 MAN Service PlanningChapter 2 MAN Service Planning
2.2.1 Design of Route 1 Design of Route
2.2 Design of 2.2 Design of QoSQoS
2.3 MAN Service Implementation 2.3 MAN Service Implementation
2.4 User Management/Network2.4 User Management/Network
Management/Network Security Design Management/Network Security Design
2.5 IPV6 Network Deployment Planning2.5 IPV6 Network Deployment Planning
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 36All rights reserved
Brief Introduction to MPLS VPN Technology
l MPLS L3VPN is growing into a standard.
[ BGP/MPLS VPN: RFC2547bis
l Recently, MPLS L2VPN grows rapidly, and the technology is becoming mature. Although the standard is at the draft stage, some actual standards come into being due to support of multiple manufacturers.
[ Martini: draft-martini-l2circuit-trans-mpls-xx
[ Kompella: draft-kompella-ppvpn-l2vpn-xx
[ The standards are not uniform for the VPLS.
[ Circuit cross connect (CCC): Set up between two PE–CE connections a transparent connection, which uses a tunnel exclusively and one layer label.
[ SVC: A static implementation of Martini.
MPLS VPN Classification MPLS VPN Classification
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 37All rights reserved
MPLS L3VPN
l P router
[The core router or convergence router of the MAN serves as the P router.
l PE router
[The BRAS and SR, implementing the VPN service for public users and key accounts respectively, serve as the PE router. For the BRAS that does not support the MPLS, use the SR of the MAN to implement the VPN service for public users.
l MBGP和IGP
[The MBGP is used to transmit VPN routing information between PEs. The IGP routing protocol ensures the reachability between PEs.
MPLS L3VPN Planning MPLS L3VPN Planning
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 38All rights reserved
MPLS L3VPN (Continued)
l Route between PE and CE
[ Static route
[ EBGP
[ RIP
[ OSPF
[ IS-IS
[When the number of routes is small, it is recommended to use a static routing protocol. When the number of routes is large, it is recommended to use the EBGP.
l Cross-domain MPLS VPN
[ Option A-VRF to VRF
[ Option B: MP - EBGP single jump
[ Option C: MP - EBGP multiple jump
MPLS L3VPN PlanningMPLS L3VPN Planning
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 39All rights reserved
Introduction of MAN Services
Internet gateway
Internet gateway
MPLS PEService function module
Access function module
Access network
BRAS MAN SR
Leased line access Leased line access
MPLS
PE
Internet gatewa
y
CN2 SRPublic service system Key account service system
Layer-2 transmission network
Last-mile access network
Leased line access
Dial-up access
Public access network plane Key account access plane
Internet gateway
Internet gateway
MPLS PE
SDH/MSTP/RPR/Ethernet ATM switching network
MSTP/RPR
ADSL access network
LAN access network
Ethernet switching network
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 40All rights reserved
MAN Service System and Service Types
l Service system [ Public service system: public + public access network plane + BRAS or MAN SR[ Key account service system: key account + key account access network plane +
MAN SR or CN2 SRl Service type[ Combination of the network function of service access control points and access
function module. The following service types are provided:− BRAS
▪ Internet dial-up access service and Internet leased line access service▪ MPLS VPN dial-up access service and MPLS VPN leased line access
service▪ Multicast service
− SR▪ Internet leased line access service▪ MPLS VPN leased line access service ▪ Multicast type services
Service System and Service TypesService System and Service Types
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 41All rights reserved
MAN Service Access Modes and Service Levels
l Access modes
l The public service system uses the public access network plane to implement access of users.
− ADSL access network + Ethernet switching network access
− ADSL access network + ATM switching network access
− LAN access network + Ethernet switching network access
− The key account service system uses the key account access network plane to implement access of users.
− SDH/MSTP/RPR access
l Service levels
[ Users of a service have several service levels, for example, common service (for common users) and advanced service (for VIP users). Service levels are implemented through the access network Diffserv and IP MAN Diffserv.
Service Access Modes and Service LevelsService Access Modes and Service Levels
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 42All rights reserved
Internet Access Service Implementation Chart
SRBRAS
Core router
CN2
CN2 SRBRAS
ATM switching network
Tandem exchange
Access switch
Park switch
Corridor switch
DSLAM
Cascading DSLAM
QinQencapsulation
PPPoE dial-up and Internet gateway leased line access, downlink speed limit, layer-3 QoS label
Personal dial-upuser
Medium and small enterprise leased line user
Allocate separate VLAN ID or PVC for different users and different services at user ports.
Personal VIPuser
Uplink speed limit, CoSlabel
Key account
Link protection through dedicated VC loop, good QoSguarantee
Internet gateway leased line access, downlink speed limit, layer-3 label
SR
ChinaNet
Ethernet switching network/MSTP/RPR SDH/MSTP
/RPR
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 43All rights reserved
Enterprise Interconnection Service Implementation Strategy
l The MAN provides two technologies to interconnect enterprises:
[ Layer-2/Layer-3 VPN service based on MPLS borne by IP MAN. Provide layer-2 and layer-3 VPN interconnection for common enterprises.
[ Lower-layer connection service borne by MSTP transmission network. Provide physical leased line connection or pure layer-2 connection with high security and QoS guarantee for government institutions, public security, finance, and security industries.
l As the layer-2 access mode between users and PE or MSTP equipment, the Ethernet switching network VLAN extends the above two interconnection services.
l Physical connection between SR and CN2-SR. Option 2 is used for it to implement MPLS VPN.
l Users can originate PE terminated IPSec or Tunnel in other forms so as to access MPLS layer-3 VPN remotely.
Enterprise Interconnection Service Implementation Strategy Enterprise Interconnection Service Implementation Strategy
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 44All rights reserved
Enterprise Interconnection Service Implementation Chart
SRBRAS
CN2
CN2 SRBRAS
ATM switching network
DSLAM
PPPoE dial-up and PPPoE leased line access MPLS PE, downlink speed limit, forwarding sensitive
CN2 MPLS PE
Key account leased line accessed MPLS PESDH/MSTP/RPR
Physical link between PE ASBR. Option 2 is used to implement cross-domain MPLS VPN.
SR
ChinaNet
Core router
Ethernet switching network/MSTP/RPR
Tandem exchange
Access switch
Park switch
Corridor switchCascading DSLAM
Personal dial-upuser
Medium and small enterprise leased line user
Personal VIPuser
Key account
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 45All rights reserved
Pure L2 VPN service implement
SRBRAS
CN2
CN2 SRBRAS SR
ChinaNet
SDH/MSTP/RPR
Intra-city interconnected VC
MSTP interconnection mode. The TDM mode is used for transparent transmission between loops.
DSLAM
级连DSLAM
VLAN interconnection mode: VPN users that accessed the public plane are connected to the MSTP through convergence switch. Only interconnected VLAN numbers need be allocated.
Core router
Ethernet switching network/MSTP/RPR
Tandem exchange
Access switch
Park switch
Corridor switchCascading
DSLAM
Personal dial-upuser
Key account
Key account
Personal VIPuser
Medium and small enterprise leased line user
ATM switching network
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 46All rights reserved
IPTV Service ChartIPTV Service ChartIPTV Service Chart
ATM switching network
Access switch
Park/Corridor switch
DSLAM
IP MANBRAS/SR
Ethernet switching network/MSTP/RPR
Tandem exchange
DSLAM
Set top box
Provide a dedicated uplink channel.
PIM multicast routing protocol border, IGMP termination, configuration of static multicast groups, multicast service AAA management, PPP replication or port replication
Configure dedicated PVC for IPTV.
Allocate the internal VLAN for IPTV users and play the role of IGMP snooping.
Bundle the internal VLAN for dedicated PVC of IPTV users and play the role of IGMP snooping.
SVLAN. The access switch bundles an external VLAN for several DSLAM/park switches. IGMP snooping
Separate terminal. Public addresses are configured by preference.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 47All rights reserved
Softswitch Network Bearer Chart
Key account IAD
ATM switching network
Access switch
Park/Corridor switch
DSLAM
RPR/MSTP/SDH
SR/CN2 SR
Softswitch core processing layer
AG
Soft terminal user
Ethernet switching network/MSTP/RPR
Tandem exchange
DSLAMTG
BAC
Non-telecom access IAD
Anonymous user IAD
BRAS
Common network users can serve as VIP users and enjoy higher priority.
The SS, AG, TG and key account IAD, serving as leased lines of key accounts, access through the MSTP. Allocate a dedicated VLAN for the SoftSwitch and give 802.1P higher priority.
The SS, AG, and TG start the VPN service through SR/CN2 SR.
The SIP and IAD can access softswitch terminals through the BAC by revisiting AG and TG.
If the IDA of key accounts are connected through key account leased lines, the IAD must be able to mark voice with different QoSlabels and allocate different VLANs for online users.
Allocate a dedicated VLAN and provide higher priority.
Softswitch terminals can be connected through the public network when the service demand is slight and security can be fully ensured.
IP MAN
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 48All rights reserved
Chapter 2 MAN Service PlanningChapter 2 MAN Service Planning
2.2.1 Design of Route 1 Design of Route
2.2 Design of 2.2 Design of QoSQoS
2.3 MAN Service Implementation 2.3 MAN Service Implementation
2.4 User Management/Network2.4 User Management/Network
Management/Network Security DesignManagement/Network Security Design
2.5 IPV6 Network Deployment Planning2.5 IPV6 Network Deployment Planning
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 49All rights reserved
User Management Principles
l Service access control points BRAS and SR, together with RADIUS,accomplish user management, including:
[ An account can be used by one user only according to multiple restrictions.
[ Bind attributes such as username, address, VLAN, and PVC.
[ Prevent users from applying for IP addresses maliciously.
[ Prevent users from maliciously originating dialing attack through the PPP scanning mode by restricting the number of dialing times and dial speed by users.
[ Prevent users from acting as illegal agents by restricting the connection times of TCP with sessions.
[ Prevent dummy address attack through functions of the equipment.
User Management Principles User Management Principles
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 50All rights reserved
User Authentication and Charging in MAN
l The BRAS, together with the Portal Server, Radius Server and background databases, authenticates dial-up users.
l Two co-existing authentication modes: PPPOE, DHCP+WEB
l The MAN can charge users based on duration or traffic.
l The MAN can implement Internet application charging through the pre-paid mode or by binding user broadband accounts.
l The MAN can charge based on the service network. The service network refers to services except Internet connection, for example, 3G, NGN, and video conferencing.
l The MAN can sign the service level agreement (SLA) with users.
User Authentication and Charging User Authentication and Charging
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 51All rights reserved
MAN NMS Building Principles
l In a province, the integrated network management system (NMS) of the IP MAN and broadband access network is built to manage networks above service access points of MANs on a centralized basis. ;
l Manage the VPN of all MANs on a centralized basis.
l All cities and regions have level-2 NMS or separate terminals to maintain and manage devices of MAN in the cities and regions, and separate NMS of MAN is not developed or built for the cities and regions.
NMS Building PrinciplesNMS Building Principles
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 52All rights reserved
MAN Security Control Function
l To ensure the security of MAN, the system must be able to scan virus
and prevent virus from spreading.
[The MAN can filter and restrict traffic. It can restrict the uplink or
downlink speeds based on the type of packets at the BRAS,
DSLAM or park switches for incoming and outgoing traffic. It
supports access control strategies based on standard quintuple or
MAC address.
[The MAN can monitor exceptional traffic or exceptional packets.
Security Control FunctionSecurity Control Function
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 53All rights reserved
Chapter 2 MAN Service PlanningChapter 2 MAN Service Planning
2.2.1 Design of Route 1 Design of Route
2.2 Design of 2.2 Design of QoSQoS
2.3 MAN Service Implementation 2.3 MAN Service Implementation
2.4 User Management/Network2.4 User Management/Network
Management/Network Security Design Management/Network Security Design
2.5 IPV6 Network Deployment Planning2.5 IPV6 Network Deployment Planning
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 54All rights reserved
IPv6 Deployment Principles
l The IPv4/IPv6 dual stack transition strategy is adopted. In the MAN, you can start the dual stack function partially and then enable the function in the whole MAN.
l If the equipment of MAN cannot support IPv6 well, add IPv6 layer-3 equipment to implement the IPv6 function of MAN based on servicedemands and implement interconnection through the MPLS or tunnel.
l Use the dual stack mode for access of users. You can use the tunnel mode at the initial stage and then transit to the dual stack mode gradually.
l The newly added devices of IP MAN or access network implement the dual stack function of IPv4/IPv6.
IPv6 Deployment PrinciplesIPv6 Deployment Principles
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 55All rights reserved
Chapter 1 Overview of MAN PlanningChapter 1 Overview of MAN Planning
Chapter 2 MAN Service PlanningChapter 2 MAN Service Planning
Chapter 3 MAN Optimization PlanChapter 3 MAN Optimization Plan
Chapter 4 MAN Typical Case AnalysisChapter 4 MAN Typical Case Analysis
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 56All rights reserved
Internal Causes for Optimization of MAN
l At present, the following problems exist in the MAN:
l Because slots on the BRAS are all inserted and ports cannot be added, mount the BRAS directly.
[The path between DSLAM and BRAS is complicated. Any adjustment has much impact on users.
[There are not enough routers or ports to build the core layer or transit layer.
[There are no dedicated leased line access routers.
l To solve the above problems, much investment and complicated project must be implemented. To achieve the final objective, the IP MAN must be built gradually.
Problems Exist in the MANProblems Exist in the MAN
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 57All rights reserved
Optimization of Routing MAN l At present, the routing MAN has its own core egress router. The BRAS is
mounted aside mostly. The transit layer consists of large number of layer-3 switches, and it also serves as the access device of commercial users.
DSLAMEthernet
dedicated line DSLAM
Layer-2/Layer-3 switch
Key account router/CE
Exchange routinginformation through the EBGP
Backbone network border router Routing MAN
Leased lineaccess point
AS65001
ATM/FR/DDN/Ethernet
SS
SS
RR RR
RR RR
SS Layer-2/Layer-3 switch
MAN egress router
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 58All rights reserved
Routing MAN after Optimization
Leased line access/PE router
Layer-3 direction
Layer-2 network
DSLAM
Ethernet dedicated line
ATM/FR/DDN/Ethernet
SS SS
SS
China Net
CN2
Exchange routinginformation through the EBGP
MAN core/transit router
Layer-2/Layer-3 switch
Key account
router/CE
Leased lineaccess point
Layer-2/Layer-3 switch
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 59All rights reserved
Optimization of Switched MAN l At present, the switched MAN is often a small and medium MAN. The core egress of the MAN is
the layer-3 switch, which also serves as the transit layer. The BRAS accesses by mounting aside. The transit layer consists of large number of layer-3 switches. The transit layer or access layer switch also serves as the access device of commercial users.
DSLAM DSLAM
Switched MAN
ATM/FR/DDN/Ethernet
SS
SS
RR RR
SSBRAS
Exchange routinginformation through the EBGP
Leased line access/PE router
Layer-2/Layer-3 switch
Layer-2/Layer-3 switch
Leased lineaccess point
Key account router/CE
Ethernet dedicated line
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 60All rights reserved
Switched MAN after Optimization
Layer-3 direction
New MANCORE ROUTER
DSLAM
ATM/FR/DDN/Ethernet
SS SS
SS
China Net
CN2
Exchange routinginformation through the EBGP
Leased line access/PE router Layer-2/Layer-3
switch
Layer-2/Layer-3 switch
Leased lineaccess point
Key account
router/CE
Ethernet dedicated line
Layer-2 network
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 61All rights reserved
Chapter 1 Overview of MAN PlanningChapter 1 Overview of MAN Planning
Chapter 2 MAN Service PlanningChapter 2 MAN Service Planning
Chapter 3 MAN Optimization PlanChapter 3 MAN Optimization Plan
Chapter 4 MAN Typical Case AnalysisChapter 4 MAN Typical Case Analysis
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 62All rights reserved
NE80
NE80
MA5200
GE GE
2.5G POSCore layer
Transit layer
155M POS
NE80
NE80 NE80 NE80 NE80 NE80 NE80NE80
CMNET provincial backbone CMNET provincial backbone
Typical Case: XX Province IP MANl In the province, 10 NE80s are
used to implement the MPLS VPN, egress planning, and line speed network access translation (NAT).
l The MA5200G has strong service management capability. It manages key accounts and the access of WLAN/LAN in detail.
l Support smooth upgrade of new services and IPv6 migration capability. The network is quite extensible and reliable.
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
HUAWEI TECHNOLOGIES CO., LTD. Page 63All rights reserved
Typical Case: XX City MAN l The core layer of the MAN consists of four NE5000Es;
l In the convergence layer, seven NE5000Es are responsible for converging services of large districts.
NE5000E NE5000E
NE5000E NE5000E
NE5000E
NE5000E
NE5000ENE5000E
NE5000E
NE5000E
NE5000E
ChinaNet
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
www.huawei.com
Thank You
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
Recommended