Ieee Artcile

IEEE Communications Magazine • July 200624 0163-6804/06/$20.00 © 2006 IEEE

INTERCONNECT ANDFABRIC TECHNOLOGY STANDARDS

INTRODUCTION

Present Ethernet deployments on the LAN sideare mature, very well understood, fairly inexpen-sive, and serve the requirements well. In the lastdecade, Ethernet technology has evolved fromthe 10 Mb/s shared wire model to switched oper-ation over unshielded twisted pair (UTP) thatsupport 1000 Mb/s and then on to fiber optictransmission from 100 Mb/s to 10 Gb/s rateswith transmission distances spanning from 2 to2000 km using long-haul dense wavelength-divi-sion multiplexing (DWDM) systems [1]. NewerEthernet versions also support up to eight class-es of service and unicast/multicast/broadcastmodes via the VLAN technique. This evolutionmakes it a good candidate for both LAN andWAN interconnection space. Recent projectionsestimate that close to US$29 billion will be spentworldwide on Ethernet in metropolitan networksbetween 2004 and 2008 [2]. But Ethernet tech-nology lacks carrier-grade features such as QoS,provisioning, fault tolerance, TDM compatibility,OAM, and self-healing, making it unsuitable forbackbone and carrier space. Recently there hasbeen a lot of standards activity at the Metro Eth-ernet Forum (MEF), the Internet EngineeringTask Force (IETF), and the InternationalTelecommunication Union (ITU) with regard toaddressing these requirements, thus paving theway for wider deployment of Ethernet as a carri-er-class interconnection fabric [3–5]. Earlydeployments are on in the Asia-Pacific region.

Internet Protocol television (IPTV) is beingtouted as the next “killer application” that willconsume available bandwidth on the Internetand enable future network growth [6]. While thehype has been quite high, real-world use remainsminimal and is only in its early stages. If thedeployment is to reach its full potential, we needto look at end-to-end scenarios and ensure thatthere are no stumbling blocks. This article ana-lyzes IPTV requirements and how they could bemet when delivered over carrier grade Ethernet.

To put this subject in context, some basicbackground is instructive. Internet growth isforcing the technology to migrate from simpledata services to triple-play services. A standarddefinition of triple-play services includes voice,data, and video services provided over a singletransport infrastructure. In addition, services likeaudio/video conferencing, collaborative editing,video on demand (VoD), PPV (pay-per-viewmovies and content stored in the network andstreamed on demand), Internet telephony, Inter-net radio, premium interactive content, andinteractive gaming may form an emerging set ofservices supported. The delivery of such servicesopens new revenue streams for telecom serviceproviders [7]. Customers will be willing to payfor such a rich suite of services, especially whenmultiple services are bundled and made afford-able.

This migration requires changes in the physi-cal infrastructure that bring service to homesfrom current cable or satellite TV models. Ana-log cable TV will not be able to piggyback digitaltriple-play services on the same network due tobandwidth and interoperability limitations. Satel-lite TV, being unidirectional, does not lend itselfwell to triple-play services that require bidirec-tional communication. Present satellite TVdeployments use regular phone lines to receiveinformation from subscribers even for pay perview orders. This dependence on regular phonelines and the technology’s inability to provideany direct means of upstream communication(from subscriber to network) makes it an imprac-tical contender in the triple-play arena. As ofnow, technologies like fiber to the premises(FTTP), xDSL, digital cable, and high-speedwireless seems better positioned to handle multi-media-based rich bidirectional communication

Sundar Vedantham, Seong-Hwan Kim, and Deepak Kataria, Agere Systems Inc.

ABSTRACT

Carrier-grade Ethernet standardization anddeployment is gaining momentum due to theease of deployment, lower cost, and compatibili-ty with existing networks on the access end.When Internet Protocol Television (IPTV) isdeployed using Ethernet as the underlying inter-connect fabric infrastructure, meeting fine-grained traffic management (TM) requirementson the service provider side to meet quality ofservice (QoS), billing, and security featuresimplementation on the user side poses severalchallenges. Such challenges could be met usingthe TM features built into network processors(NPs).

Carrier-Grade Ethernet Challenges forIPTV Deployment

KATARIA LAYOUT 6/16/06 12:13 PM Page 24

Authorized licensed use limited to: IEEE Xplore. Downloaded on December 1, 2008 at 18:45 from IEEE Xplore. Restrictions apply.

IEEE Communications Magazine • July 2006 25

services. Noticing the trend, MEF has identifiedresidential triple play with IPTV as one of thecarrier-grade Ethernet drivers.

Best-effort service has been traditionally usedto provide Internet access services such as Webbrowsing. Ethernet works well in this context atthe subscriber end. But the new set of multime-dia services require end-to-end quality-of-service(QoS) guarantees. Since customers are used toviewing television programs and using their tele-phones without noticing any jitter or delay, QoSguarantees are a must in triple-play servicedeployment over Ethernet. This becomes criticalbecause, as the available bandwidth per customerincreases, emerging suite of services will demandeven more bandwidth, generating bottlenecksthat can only be handled well via traffic manage-ment (TM) features. Thus, for the ubiquitousEthernet idea to succeed from the end-user tothe carrier levels, carrier-grade Ethernet willrequire good TM capabilities on the network thatcan be provided by network processors (NPs).

BROADBAND SERVICEREQUIREMENTS

It is clear that each type of service will comewith a slightly different set of requirements. Letus consider them case by case as follows:• VoIP: Minimum bandwidth but strict limits

on delay and jitter• Video conferencing: Higher bandwidth, very

strict limits on delay and jitter• Live video broadcast: Higher bandwidth and

limits on delay and jitter; limited packetloss is acceptable

• Video on demand (VoD): Higher-band-width statistical guarantees; less stringentdelay and jitter requirements, as videostreams can be buffered

• Interactive gaming: Low bandwidth butstrict bounds on delay

• High-speed data services: Just bandwidthguarantees and less stringent delay require-ments; packet-loss limits

• Web Browsing: Medium bandwidth anddelay, high reliability, best-effort service

• Email: Low bandwidth and delay, high relia-bilityBesides QoS, support for additional control

functions is needed for various on-demand ser-vices. Quick channel-changing ability is one suchexample. The challenge it presents and possiblesolutions are discussed in the next section.

Billing and security features will require fine-grained metering of traffic. In addition to meet-ing these requirements, service providers need toensure that the available bandwidth is beingused to full extent so as to generate maximumrevenue. Thus, the deployment will rely heavilyon the traffic management functions available onnetwork processor chips.

IPTV REQUIREMENTSCustomers will be attracted to bundled triple-play services when the bundle costs less than thesum of the service fees for individual services.But to be successful, the bundled services should

provide service quality that is at least equal to, ifnot better than, the service customers are usedto. Customers will not migrate to bundled triple-play services if the television picture qualitytends to be more grainy with intermittent jittersand the channel switch controls are less respon-sive than what they are presently used to. Hence,key IPTV features needed for successful deploy-ment include [8]:• Selection: End users should be able to select

their program of choice from a plethora ofTV content available. This also requiresfaster channel selection and channel chang-ing time.

• Storage: TV content should be storable in alocal storage device, so that it can be madeavailable to customers whenever they wantto watch it (time shifting). Vendors areplanning to store about 100 hours of pro-gramming (new TV programs or movies)into the set-top boxes (STBs).

• QoS: The service should guarantee band-width for video streaming and QoS differ-entiation for supported classes of traffic.

• Low cost: Per-line/per-customer cost ofbundled services must be low.

• Upgrades: Service provider should be ableto upgrade codecs and user authenticationsoftware without disrupting service.

• Miscellaneous: Service providers should beable to provide high-quality resolution forprograms at no substantial additionalcharge to end users.Future IPTV service will provide two differ-

ent types of TV services: standard definition TV(SDTV) and high-definition TV (HDTV). SDTVbandwidth ranges from 1 to 4 Mb/s. HDTVbandwidth ranges from 4 to 13 Mb/s. The typicalnumber of TV channels available from aprovider hovers between 250 and 300 channelsof SD, and an additional 10 to 20 more channelsfor HDTV. If each home has approximately fourTVs, two to three SDTVs and one to twoHDTVs can be supported with about 20 Mb/sbandwidth. At this point, bandwidth manage-ment among different traffic classes to homesbecomes a critical issue, meaning voice, video,and data services must be handled differently.The following sections discuss how TM featuresavailable in network processors address theselisted requirements.

TRAFFIC MANAGEMENT ANDQOS CONTROL

From a QoS control perspective, traffic manage-ment in Ethernet-based IPTV networks can beparticularly challenging. This is because trafficmanagement solutions have to be implementedat different levels of control granularity. Thoselevels for xDSL service include:• Individual services actively used by a given

subscriber• Individual xDSL link-load for the given sub-

scriber• Aggregate subscribers supported on a given

line card• Aggregate line cards supported on a given

uplink card

If each home has

approximately four

TVs, two to three

SDTVs and one to

two HDTVs can be

supported with

about 20 Mb/s

bandwidth. At this

point, bandwidth

management among

different traffic

classes to homes

becomes a critical

issue, meaning voice,

video, and data

services must be

handled differently.



IEEE Communications Magazine • July 200626

There may be other intervening levels of con-trol granularity that have to do with the virtualpartitioning of the links at the various levels ofthe hierarchy for better QoS controls. For exam-ple, macro-level controls will be needed to dif-ferentiate residential customers from businesscustomers. Figure 1 shows a network topologydesigned to provide IPTV services based on Eth-ernet on xDSL networks. Services deployed viawireless or digital cable technology requires verysimilar service support levels.

Figure 2 shows a Multiservice Access Net-work (MSAN) architecture that can deliverIPTV services using carrier Ethernet devices.The xDSL links from the subscribers terminatein digital subscriber-line access multiplexers(DSLAMs), which is part of the broadbandaccess network. The aggregating system is knownas the subtending system; each of the systemsconnected to it are known as subtended systems.

This many-to-one relationship at differentlevels is characteristic of DSLAM architectures.This one-way direction of aggregation from thesubscribers toward the provider is also known asthe upstream direction. The opposite directionfrom the provider to the subscribers is known asthe downstream direction.

In the downstream direction, hierarchicaltraffic management can provide differentiatedservices for different subscribers, because eachuser gets different types of services allotted bydifferent schedulers. In addition, class-depen-dent traffic isolation can be provided to the enduser between different traffic streams. Per-userscheduler configuration can be mirrored to otherusers who request the same bandwidth and setof services. Hierarchical traffic management, asshown in Fig. 3, would be ideal to handle such ascenario.

In the upstream direction, individual usertraffic gets monitored at the lowest level of hier-archical scheduler. And each class of traffic fromdifferent users can merge into a separate classscheduler (e.g., voice, data, and video) at thenext level of hierarchical scheduler.

Having a separate scheduler for each classwill provide class isolation. Another benefit isthat bandwidth starvation caused by lower/other

class congestion will not be an issue. Having per-user scheduling can also provide end-user isola-tion for billing and bandwidth control purposes.Without the presence of a network processor,scheduling at this level of granularity using carri-er-grade Ethernet gear alone is not possible.

CHANNEL SELECTIONContemporary TV technology sends all TV chan-nels to all end users and channel switching isperformed by simple filtering of the undesiredfrequencies. This mechanism is used in existingcable TVs. Specifically, channel changing simplyselects one channel functioning like a band passfilter and ignores the rest. IPTV cannot use thisapproach because of the limited bandwidthreaching each home. Therefore, the telecom ser-vice provider only sends the selected TV channelor channels to the customer premises. In case ofFig. 2, this model means that multicast treesshould first be established with QoS guaranteesfor video transmission. When the subscribersends in a request for a video channel using theSTB connected to the CPE, carrier Ethernet fil-ters the request and replicates and forwards onlythe requested channel to the subscriber.

This creates channel changing delay, since thechannel change information has to travelupstream through the network to the serviceprovider. But, if all content/channels are broughtto the DSLAM box using high-capacity back-plane, the distance IGMP messages need to trav-el to effect channel switching will be greatlyreduced, thus providing dramatic reductions inchannel changing delay since IGMP messagesneed not travel all the way up to a broadbandremote access server (BRAS).

The IPTV delivery architecture may alsowant to stream adjacent TV channels to the onethat is being watched to the STB so that movingone channel up/down at a time will be instanta-neous. But this approach triples the bandwidthrequired for each TV set.

BANDWIDTH UTILIZATIONWhen the TV sets in a household are all off,customers paying for 20 Mb/s bandwidth wouldwant to get the entire bandwidth diverted toother applications that are currently running,such as browsers or games. While this bandwidthadjustment does not have to be guaranteed (foroversubscription), the service provider shouldstill guarantee the minimum bandwidth for theservices that are running (such as browsers andgames). To achieve this, the service provider sys-tem should monitor the status of TVs at home.If one or more TVs are turned off, the serviceprovider may allocate more bandwidth to theend user’s data service with best-effort schedul-ing technology. When TVs are turned on, theservice provider needs to reduce the schedulerrate of other services. Thus, the controller musthave a powerful scheduler to dynamically controlbandwidth in this fashion.

As stated above, the bundled services shouldtarget the right inflection point from cost per-spective. That means a reasonably priced net-work processor would be required to provideproper QoS management, as well as all the ben-efits of traffic management technology. To be

n Figure 1. Carrier Ethernet-based IPTV network.

IP

IP

IPHome

CPEmodem

CPEmodem

Metrocarrier

Ethernet

Videoservice

network

Global carrier Ethernet

Metrocarrier

Ethernet

Metrocarrier

Ethernet




able to exploit the synergies between telecom-munication service providers and cable TV con-tent providers, the NPs handling the traffic flowsshould be able to balance the demands of theservices, while maximizing the bandwidth usageon the network.

TRAFFIC MANAGEMENT FORAFFORDABLE BROADBAND

The overall objective of traffic management is tosupport a wide variety of services with diverseQoS requirements while ensuring efficient shar-ing of network resources. The former allows pro-viders to offer new revenue-generating services;the latter promotes service affordability. Trafficmanagement includes functions such as policing,buffer management, scheduling, shaping, back-pressure flow control, CAC admission control,route selection, and node/network monitoring.These functions must support full bandwidthflexibility such that upstream and downstreamrates can be chosen freely and continuously upto the maximum physical limits. The functionsalso should enable full-service flexibility suchthat a random mix of services with various bitrates and various traffic requirements can besupported, within available bit-rate limits. Thefunctions should foster maximum sharing of net-work resources and help minimize networkdowntime [9].

These functions can be implemented in acentralized manner where all the control func-tionality resides in an uplink card that handlestraffic from all the connected line cards, as wellas all the subscriber traffic from each line card.In the distributed approach, the control func-tions are distributed between the uplink cardand the line card. The distributed approach pro-vides for a more scalable and flexible architec-ture.

Despite the aggregation in the upstreamdirection, the subscribers’ traffic needs to remainsegregated. This can be achieved by providing anequivalent mirrored structure of controls in thedownstream direction.

In the upstream direction, policing ensurestraffic conforming to the service level agreement(SLA) is allowed into the network. Marking oftraffic may be employed to signal the relativetreatment of traffic in the network. Differentiat-ed traffic scheduling is needed to treat the delay-sensitive real-time services (telephony or trafficwith real-time video content), preferentially overthe data services.

Class-specific backpressure flow control isneeded to handle the periods of temporal over-load, when the incident traffic load exceeds theavailable bandwidth in the upstream direction.Due to the fan-out topology, no traffic aggrega-tion exists in the downstream direction. Rateshaping is employed so that downstream trafficflows smoothly with no likelihood of buffer over-flows. Temporary rate excesses are accommodat-ed by limited downstream buffering. Trafficmulticasting is needed at the edge node suchthat the WAN links upstream can be efficientlyused. Priority-based traffic handling is needed solow latency can be provided for high-quality tele-

phony, audio and video conferencing and othertypes of video services with real-time content.

The call admission control (CAC) functionkeeps track of upstream and downstream band-width along all the nodes and links in the path.Any new connection requesting a certain QoSlevel is only admitted if the resulting bandwidthuse is within a predefined admissible region. It ispossible for the flow control flag from theupstream node to be turned off for class 2 traf-fic, while the flow control flag for class 1 isturned on.

For downstream traffic, the CAC functionneeds only ensure that aggregate bandwidth usefor guaranteed traffic remains within the avail-able capacity. For upstream traffic, the admissi-ble region is the set of bandwidth use values forwhich all guaranteed flows receive their con-tracted QoS. Network/node monitoring functionsallow the detection of resource problems proac-tively such that remedial actions can be takenfor maximum availability. For example, switch-level redundancy at the line card, and switch fab-ric, common control, power supply levels, andnetwork-level redundancy (such as automaticrouting, failure recovery, and congestion con-

n Figure 2. MSAN DSLAM architecture.

Back

plan

e

Line card

Access-dependent(last-mile)transceiver

Multi-protocoltraffic

processor

GMII

Protect

Work

PHY_IF

SERDES

CPU

Memory

NxGE,10GE,OC-48

MSAN DSLAM uplinkcard

CarrierEthernet

trafficaggregator

Host

GMII

SERDESor

PHY

Line card

Access-dependent(last-mile)transceiver

Multiprotocoltraffic

processor

GMII

Protect

Work

PHY_IF

Host

GMII

SERDESor

PHY

PHY

-

n Figure 3. Downstream traffic management in a line card.

Q5Q4

Q2Video (TV)MC groups

DID 0-CBS to home 1DID 1-CBS to home 2

DID 47-CBS to home 48

Channel ABC MC group

Channel CBS MC group

Q0Strict

Fixed

00

1

2

WRR

Fixed

WRR

Q1

Changes BWaccording to

BW usage

Changes BWaccording tothe channel

Q3

Q6Q7

QoS queues

Home1

VoicesData

VoD

Home1

Home2

Home3

Home48

Scheduler

Logical ports Port managers

1

2

4

5

6

47

DID 48-ABC to home 3DID 48-CBS to home 2

DID 85-CBS to home 3




trols) are important functions that help minimizenetwork downtime. While carrier-grade Ethernetstandards efforts are on to address these require-ments, it is clear that traffic management plays acritical role to support new revenue generatingservices for service providers.

Efficient traffic management also plays amajor role in maximizing use of networkresources. Traffic management helps increaseprovider revenue according to the following listof factors:• Using the minimum amount of buffer space

for the maximum good throughput• Satisfying the QoS requirements• Using the least amount of bandwidth• Supporting the maximum number of con-

nections over a given network link• Minimizing network downtime

This in turn makes broadband services moreaffordable and facilitates logarithmic increase incost of service with bandwidth demand. Thisoccurs by deriving maximum possible use fromexisting and newly deployed network and systemresources. In the absence of this, existing andnew capital investments are underused, leadingto the cost of service growing linearly with band-width demand.

Efficient traffic management also offers sev-eral hooks for increasing provider revenue. Bydynamically adjusting the scheduling weightsfor both improving QoS for higher-priorityusers — those that suffer from a high popula-tion of users with lower priority — revenueearned by the service provider can be increased.However, this strategy should not completelyblock the users who may have subscribed forcheaper service.

Users can also be charged additional feesdepending on the throughput improvement, forexample, when real-time services are not beingused. Traffic management functions in this casemust detect the change and provide the new rateto the willing subscriber.

Thus, efficient traffic management plays amajor role in delivering QoS and increasingprovider revenue, both of which are key ele-ments in making affordable Ethernet based per-sonal broadband a reality.

MANAGEMENT FACTORS

In this section we look at four significant TMfeatures available in NPs that affect IPTV imple-mentation in carrier-grade Ethernet.

POLICINGPolicing is the function of monitoring traffic gen-erated by the user. Its purpose is to ensure traf-fic conformance to the contracted temporalbehavior and take appropriate action upondetection of nonconformance.

For cell-based traffic, well-known generic cellrate algorithms (GCRAs) are used to check forconformance to limits on how fast the cells mayarrive and limits on the number of cells that mayarrive back-to-back during a specified interval.Actions on detection of nonconformance includedropping or tagging cells. During the upstreamqueuing and buffer management functions,

tagged cells are treated with lower priority com-pared to untagged cells [10].

For frame-based traffic, the service eligibilitytest, or frame-based generic cell rate algorithm(F-GCRA), is defined in addition to confor-mance tests. A frame is deemed conforming ifall its cells are conforming and nonconforming ifone or more of its cells are nonconforming(GCRA test).

A frame is eligible for service guarantees if itis conforming and passes the F-GCRA test forthe contracted minimum rate and the associatedtolerance. This tolerance limits the number offrames that can arrive back-to-back during aspecified interval. These notions of conformanceand service eligibility make possible the specifi-cation of guarantees of service at the frame-levelfor the variable-sized frames when using theunderlying Ethernet infrastructure for transport.For frame-based traffic, ineligibility is handledby dropping complete frames or tagging all thecells of the frame to indicate lower priority dur-ing the upstream queuing and buffer manage-ment functions.

The ultimate objective of the policing func-tion is to protect network resources from mali-cious or unintentional source misbehavior thatcan affect QoS commitments to other users. Thispolicing is done by detecting violations of con-tracted parameters and taking appropriate dis-carding or tagging actions.

BUFFER MANAGEMENTBuffer management follows the policing func-tion and has the dual objectives of satisfyingthe heterogeneous QoS requirements of con-nections or flows. This is done by first provid-ing the necessary protection and isolation, andthen simultaneously extracting multiplexinggains from sharing the different buffer alloca-tions across the hierarchy of classes/port, andacross all ports.

Without distinct buffer allocations, it is notpossible for the scheduling function to differen-tiate between the various classes of traffic com-peting for a single output port. Even within asingle class, there may be QoS requirements ofdifferent connections or different flows, requir-ing separate queues or buffers. Providing ahierarchy of buffer allocations with staticthresholds achieves the needed differentiation,but does not allow efficient sharing across theconnections or flows within a class, between dif-ferent classes per port, or even between ports.As indicated above, buffer management shouldalso promote maximal buffer use, because ithas a direct effect on the cost of the serviceprovided.

Dynamic thresholding achieves the dualobjectives of QoS differentiation while maximiz-ing buffer use. The thresholds are dynamicbecause they change, depending on the amountof free buffer space available. The larger thefree buffer space, the higher the threshold.These thresholds are usually provided at all hier-archical levels: per connection/flow, per trafficclass per port, and per port. The dynamic thresh-old function permits allocation of buffers to indi-vidually overloaded connections when there arelarge reserves of unoccupied buffers. This buffer

For cell-based traffic,

well-known GCRAs

are used to check for

conformance to

limits on how fast

the cells may arrive

and limits on the

number of cells that

may arrive back-to-

back during a

specified interval.

Actions on detection

of nonconformance

include dropping or

tagging cells.




allocation avoids losses that would be incurredby the overloaded connections under a staticthreshold policy.

Conversely, as the overall traffic-class occu-pancy approaches a per-traffic-class, per-portthreshold, the extra allocation is withdrawn toprevent any one traffic class from occupying adisproportionate share of buffer space at a givenport. For example, non-real-time services canuse large buffers. By contrast, for real-time ser-vices, delay variation tolerance, and transferdelay, constraints dictate smaller guaranteedbuffer requirements. Likewise, buffers acrossmultiple ports can be shared up to a guaranteedminimum per port. Thus, an intelligent buffermanagement function plays a major role in pro-viding needed service differentiation while maxi-mizing buffer use.

SCHEDULINGThe scheduling mechanism selects a queue toservice at each cell/packet dispatch time such asto meet the associated QoS requirements. Suchrequirements are usually specified in terms ofacceptable statistical bounds on maximum delay,delay variation, loss rate, or some combinationof these, depending on service type.

While satisfying the QoS requirements, thescheduling mechanism must deliver the band-width committed as part of the traffic contract.The scheduling mechanism must ensure suffi-cient isolation between connections such that thetraffic characteristics and QoS requirements ofone connection do not adversely impact thebandwidth and QoS provided to another connec-tion. It is also expected that the scheduler willprovide fair share to connections of excess linkbandwidth whenever it is available.

The scheduling mechanism should promotehigh use of both bandwidth and buffers. It shouldbe scalable with respect to the number of con-nections and over a wide range of link speeds.While isolating connections requiring guaranteeson bandwidth and QoS, the scheduling mecha-nism must allow maximal sharing among connec-tions requiring no bandwidth guarantee or QoS.

It is also desirable that scheduling functionsin NPs work in conjunction with buffer manage-ment functions to provide tunable parametersthat can maximize coverage of operating pointsand facilitate design of the connection admissioncontrol (CAC), which operates at the connectionset-up phase.

PROVIDING QOS DIFFERENTIATIONSimilar to the buffer management functionrequirements, the need to provide QoS differen-tiation while enabling the best possible sharingof bandwidth resources and fairness requires ahierarchical scheduler active at the per-connec-tion/flow level, per-service-class level, and per-port level to provide the needed bandwidthguarantees, delay bounds, and fair share ofexcess bandwidth. The scheduling functionshould also be augmented to deal with transientbackpressure conditions, especially for real-timeservices like IPTV.

At the first level, each connection/flow is usu-ally provided its own queue for scheduling. Thetime to serve the queue, called the starting time,

is computed based on the system potential func-tion (also called the virtual time). System poten-tial function keeps track of the total work doneby the scheduler and is thus a nondecreasingfunction of time. A queue becomes eligible whenthe starting time is less than or equal to the sys-tem potential function.

Timestamp values (finishing times) areassigned to queues based on the system potentialfunction. It advances each cell/packet departureinstant by an amount equal to the reciprocal ofconnection/flow service rate. At any time, thequeue with the minimum eligible timestampvalue is selected for service. Thus, eligibility istested with respect to starting time, and schedul-ing is done based on finishing time. Becausepackets can be variable in size, packet lengthsshould also be considered for packet scheduling.

Work done by the scheduler should be accu-rately tracked (the actual byte count) in thiscase, because it affects the ability to deliverbandwidth and delay guarantees. The objectiveof such a scheduler type is to assure boundeddelay independent of the number of active con-nections, while maintaining fairness of serviceamong competing connections.

For connections/flows that do not requiredelay guarantees but need bandwidth guaran-tees, frame-based approaches can be used [11].In this type of approach, weights are assigned toeach connection/flow, and at any time the lengthof the frame is equal to the sum of all theweights of all the active connections/flows. Theservice for connection/flow is deemed completein a given frame if the connection/flow is serveda number of times equal to the assigned weightin the frame; such service is repeated in the nextframe, and so on. Rather than serve each con-nection/flow consecutively based on its weight,service is interleaved among all theconnections/flows in a round-robin fashion.

For variable-sized packets, packet lengths areconsidered in scheduling and the frame-basedpacket scheduler keeps track of the deficitaccrued at each frame service. To meet the long-term average commitment of bandwidth guaran-tees, the scheduler applies it during the nextframe service and so on.

The scheduling schemes at the first level areextended at the second level, where the schedul-ing is among the different service classes. At thislevel, bandwidth and delay guarantees are met atthe aggregate service class level. Any leftoverbandwidth from the guaranteed class level sched-uler can be made available to different serviceclasses in a fair manner. Similarly, scheduling atthe third level can provide bandwidth and delayguarantees at the port level, while providing thecapability to distribute excess bandwidth amongports. This hierarchical scheduling provides QoSdifferentiation and promotes efficient bandwidthuse.

To summarize, Ethernet networks designedfor delivery of triple-play services should be ableto perform policing well in the upstream direc-tion, support sophisticated buffer managementschemes, and provide hierarchical schedulingwith enough queues and schedulers to maintaindifferentiated QoS for a large number of trafficflows. These requirements can be supported by

Timestamp values

(finishing times) are

assigned to queues

based on the system

potential function.

It advances each

cell/packet departure

instant by an

amount equal to

the reciprocal of

connection/flow

service rate. At any

time, the queue with

the minimum eligible

timestamp value is

selected for service.




designing in network processors on the accessend of the network.

SECURITYDeveloping an architecture that adequately pro-tects the network resources so that good end-user experience is maintained while malicioususers/software are kept out is extremely impor-tant in converged networks. Since the servicesare bundled and delivered through one medium,attacks carried out on one service can end upbring down all the services simultaneously, thusmaking the system more vulnerable.

A denial of service (DoS) attack aims to pre-vent legitimate users from obtaining servicesfrom desired resources by typically flooding thenetwork with unwanted traffic. This floodingoverloads the provider of the service (such asWeb servers), thereby preventing services frombeing delivered. DoS attacks could also beattempts to prevent individual systems fromcommunicating with each other.

In a distributed DoS (DDoS) attack, theattack uses a “many-to-one” approach, typicallyby taking control of several zombie machines(i.e., systems taken over without the owner’sknowledge to perpetuate such attacks), andcoordinating the attack from several machines tothe targeted service provider system at one syn-chronized time. In case of IPTV, infected STBscould be forced to send out endless IGMPjoin/leave messages upstream as if individual TVviewers are switching the channels continuously.A coordinated attack initiated from every STBin a system can overwhelm the provider networkif the IGMP messages flood the network all theway up to the service provider’s office. The solu-tions discussed above would address this securityconcern as well.

Solutions have been proposed to handle suchattacks [12, 13]. Typical approaches involve sep-arating legitimate traffic from the flood of DDoStraffic and continuing to provide the service tolegitimate traffic while ignoring the pseudo-traf-fic trying to exhaust resources. One of the tech-niques used is enforcing a quota system whenattackers use legitimate IP addresses to initiatethe attack. This ensures no client system con-sumes an unacceptably high share of the avail-able resource, thereby eliminating starvation(i.e., service denial) for any of the participatingclients. Monitoring the extent to which a givenuser is consuming resources requires fine-grainedtraffic flow monitoring. Thus, NPs monitoringindividual user traffic and blocking maliciousIGMP messages can prevent overloading of thenetwork resources. The same NP can also identi-fy and block malicious traffic getting into thesystem using fast pattern matching abilities builtinto NPs [14].

Implementing algorithms that measure trafficflow anomalies [15] even though what is beinglooked for may not be well known ahead of timeis another powerful technique in this realm.Fine-grained flow measurement capabilitiesavailable in network processors can be put to useto identify suspicious flow patterns so they canbe isolated for investigation or blocked fromentering the local network.

RELIABILITY

Application service resiliency (ASR) is a meansto ensure that end-user access to the networkresources is never totally denied, even if cablesand/or equipment providing the service becomefaulty. This end has always been achieved throughredundancy in networks. In the standard redun-dant models, the entire traffic reaching a destina-tion (such as a curbside DSLAM box) would bereplicated by simply provisioning double thebandwidth required for the destination using adifferent physical medium. This results in half ofthe bandwidth going unused most of the time.

The ASR technique leverages the fine-grainedtraffic management features available in NPs toindividually isolate and track Layer 4 servicesreaching the same home. If and when the mainroute providing the service goes down due toequipment/cable malfunction, a selected subsetof Layer 4 services is immediately restored to thehome via redundant lines, while the rest of theservice restoration may be completed as soon aspossible. Thus, to give an example, even though asingle medium brings in triple-play services into ahome, when there is a network failure, the ser-vice provider can choose to provide VoIP servicealone via the redundant line immediately whileletting other services restore on a normal healingschedule. This technique allows service providersto lease a smaller-capacity (say, just 20 percent ofthe original bandwidth) line and use it as a redun-dant line, resulting in cost savings. In order toimplement this technique, since the Ethernetgear is not designed to work at a fine-grainedlevel, the NPs used in the system should be capa-ble of supporting multiple scheduling queues toserve a single customer, and be able to identifyfailures and switch the selected services to redun-dant lines instantaneously while maintainingFIFO order of packets being routed.

CONCLUSIONEfficient use of network resources while provid-ing differentiated QoS for multiple service class-es requires a comprehensive traffic managementframework. The carrier-grade Ethernet effortunderway does not fully address these require-ments, since the focus is oriented more towardsscalability, protection, TDM support, minimumQoS control, and OAM issues. An integratedtraffic management solution implemented usingnetwork processors that employs appropriatecontrols on sophisticated policing, buffer man-agement, and hierarchical scheduling for differ-entiated services can provide a hierarchy ofeconomies and revenue benefits valuable to ser-vice providers. This maximizes service affordabil-ity and fills an important void in making theubiquitous Ethernet model successful. Thus,leveraging traffic management is key for success-ful deployment of triple-play services, includingIPTV, in the near future.

REFERENCES[1] White Paper, “Understanding Intelligent Carrier Ether-

net: Bringing the Advantages of Ethernet to the ServiceProvider,” http://www.cisco.com/warp/public/cc/techno/lnty/etty/ggetty/prodlit/intgn_wp.pdf, 2003.

NPs monitoring

individual user traffic

and blocking

malicious IGMP

messages can

prevent overloading

of the network

resources. The same

NP can also identify

and block malicious

traffic getting into

the system using fast

pattern matching

abilities built

into NPs.




[2] Infonetics Report, “Carrier Ethernet Booming,”http://www.lightreading.com/document.asp?doc_id=71770, Apr. 12, 2005.

[3] Metro Ethernet Forum, “MEF 2: Requirements andFramework for Ethernet Service Protection in MetroEthernet Networks,” http://www.metroethernetforum.org/PDFs/Standards/MEF2.pdf

[4] Metro Ethernet Forum, “MEF 4: Metro Ethernet Net-work Architecture Framework — Part 1: Generic Frame-work,” http://www.metroethernetforum.org/PDFs/Standards/MEF4.pdf

[5] Metro Ethernet Forum, “MEF 12: Metro Ethernet Net-work Architecture Framework Part 2: Ethernet ServicesLayer” http://www.metroethernetforum.org/PDFs/Stan-dards/MEF12.pdf

[6] B. Alfonsi, “I Want My IPTV: Internet Protocol TelevisionPredicted a Winner,” IEEE Distributed Systems Online,IEEE Computer Society 1541-4922, vol. 6, no. 2, Feb.2005.

[7] S. Cherry, “The Battle For Broadband,” IEEE Spectrum,Jan. 2005, pp. 24–29.

[8] S.-H. Kim and D. Kataria, “Delivering the Next BigMotion Picture: IPTV,” http://www.networksystemsde-signline.com/showArticle.jhtml?articleID=170700184,Nov. 2005.

[9] D. Kataria, “Traffic Management for Affordable Broad-band,” Electronicstalk.com, Mar. 22, 2004

[10] ATM Forum, “Traffic Management Specification Ver-sion 4.1,” AF-TM-0121.000, Mar. 1999.

[11] N. Giroux and S. Ganti, Quality of Service in ATM Net-works: State of the Art Traffic Management, PrenticeHall, 1999, p. 10.

[12] J. Xu and W. Lee, “Sustaining Availability of Web Ser-vices Under Distributed Denial of Service Attacks,” IEEETrans. Comp., vol. 52, no. 2, Feb. 2003, pp 195-208.

[13] X. F. Wang and M. K. Reiter, “Defending AgainstDenial-of-Service Attacks with Puzzle Auctions,” Proc.2003 IEEE Symp. Security & Privacy.

[14] S. Vedantham, “Network Processors Battle e-Crimes,”http://www.eetimes.com/showArticle.jhtml?arti-cleID=173600 898, Nov. 2005.

[15] F. Hao, M. Kodialam, and T. V. Lakshman, “Real-TimeDetection of Hidden Traffic Patterns,” Proc. 12th IEEEInt’l. Conf. Network Protocols, 2004.

BIOGRAPHIESSUNDAR VEDANTHAM ([email protected]) is a senior systemsengineer working in the Telecom, Enterprise & Networking(TEN) division of Agere Systems, Allentown, PA. He receivedhis Ph.D. in computer science from Louisiana State Univer-sity in 1997. He is working on system integration issuesrelated to DSLAM, RNC/Node-B systems as part of Agere’stelecom system integration group. His research interestsinclude network traffic and congestion management, secu-rity, high-speed networking, theoretical computer models,and evolutionary computing.

SEONG-HWAN KIM ([email protected]) received a Ph.D.degree in electrical engineering from State University ofNew York at Stony Brook in 2000. Since 2001 he hasbeen with Agere Systems, where he is a DistinguishedMember of Technical Staff in the System Integrationgroup of the TEN division. He is currently working ondata networking and wireless system integration, whichincludes residential gateway, SMB, RNC, and DSLAMapplication systems for which he has contributed to thearchitectural designs.

DEEPAK KATARIA ([email protected]) holds a B.S. in elec-tronics and communications engineering, and M.S. andPh.D. degrees in electrical engineering from Rutgers Uni-versity. He is systems integration manager in the TEN divi-sion of Agere Systems. He manages the development ofenabling and value-added software for reference plat-forms targeting the home gateway, small-medium busi-ness gateway, wireline/wireless access networks, andcarrier-Ethernet-based multiservice edge systems. Hisresearch interests include networking, traffic manage-ment, network security, multihop wireless, timing overpacket, fixed-mobile convergence, reliability, and storagearea networking.

An integrated traffic

management

solution implemented

using network

processors can

provide a hierarchy

of economies and

revenue benefits

valuable to service

providers. This

maximizes service

affordability and fills

an important void in

making the

ubiquitous Ethernet

model successful.



Documents

Ieee Artcile