Upload
duncan-ngacha
View
153
Download
1
Embed Size (px)
Citation preview
WAN Interconnection Solution
Technical Proposal
Issue 01
Date 2011-09-08
HUAWEI TECHNOLOGIES CO., LTD.
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd i
Copyright © Huawei Technologies Co., Ltd. 2011. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: [email protected]
WAN Interconnection Solution
Technical Proposal Contents
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd ii
Contents
1 Overview of WAN Interconnection........................................................................................... 1
1.1 Challenges to WAN Interconnection ................................................................................................................ 1
1.1.1 Multi-Service Transmission .................................................................................................................... 1
1.1.2 High Reliability ....................................................................................................................................... 1
1.1.3 Security ................................................................................................................................................... 2
1.1.4 Maintainability ........................................................................................................................................ 2
1.2 Requirements for WANs .................................................................................................................................. 2
1.2.1 Requirement for Service QoS ................................................................................................................. 2
1.2.2 Requirement for Service Reliability ........................................................................................................ 3
1.2.3 Requirement for Service Security ........................................................................................................... 4
1.2.4 Requirement for Service Operation and Management ............................................................................ 5
2 Recommendations on Planning for WAN Interconnection .................................................. 7
2.1 WAN Networking Principles ............................................................................................................................ 7
2.1.1 Network Construction Mode ................................................................................................................... 7
2.1.2 Network Architecture Design Principles ................................................................................................. 7
2.1.3 WAN Layered Networking Principles ..................................................................................................... 9
2.2 IP Address Planning ....................................................................................................................................... 12
2.2.1 IP Address Assignment Principles ......................................................................................................... 12
2.2.2 Detailed IP Address Planning ................................................................................................................ 13
2.2.3 NGN Private Network Address Traversal ............................................................................................. 14
2.3 Routing Planning ............................................................................................................................................ 16
2.3.1 Inter-Domain Service Planning ............................................................................................................. 16
2.3.2 Routing Design ..................................................................................................................................... 19
2.4 Reliability Planning for IP Layer ................................................................................................................... 19
2.4.1 Fault Detection Techniques ................................................................................................................... 20
2.4.2 Network Protection Techniques ............................................................................................................ 21
2.5 Reliability Planning for Optical Transport Layer ........................................................................................... 23
2.5.1 Optical Line Protection ......................................................................................................................... 23
2.5.2 Optical Channel Protection ................................................................................................................... 24
2.5.3 Subnetwork Connection Protection ....................................................................................................... 25
2.5.4 ASON Protection .................................................................................................................................. 27
2.6 IP&OTN Protection Synergy ......................................................................................................................... 33
WAN Interconnection Solution
Technical Proposal Contents
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd iii
2.6.1 Multi-Layer Network Planning Tool ..................................................................................................... 33
2.6.2 SRLG .................................................................................................................................................... 33
2.6.3 Control Plane Intelligent Synergy ......................................................................................................... 34
2.6.4 Layered Protection Synergy .................................................................................................................. 35
2.7 QoS Planning ................................................................................................................................................. 36
2.7.1 Basic QoS Planning .............................................................................................................................. 36
2.7.2 HQoS Planning ..................................................................................................................................... 37
2.7.3 Huawei QoS Solution ........................................................................................................................... 38
2.8 Security Planning ........................................................................................................................................... 39
2.8.1 Security Measures ................................................................................................................................. 39
2.8.2 Network Security Architecture .............................................................................................................. 39
2.9 Network Management Planning ..................................................................................................................... 40
2.9.1 Unified Network Management .............................................................................................................. 41
2.9.2 Visualized OAM ................................................................................................................................... 42
3 Product Introduction .................................................................................................................. 45
3.1 NetEngine40E Core Router ............................................................................................................................ 45
3.1.1 Overview ............................................................................................................................................... 45
3.1.2 Product Models ..................................................................................................................................... 46
3.1.3 Product Features .................................................................................................................................... 48
3.1.4 Product Specifications........................................................................................................................... 48
3.2 NetEngine80/40 Series Universal Switching Router ...................................................................................... 49
3.2.1 Overview ............................................................................................................................................... 49
3.2.2 Product Models ..................................................................................................................................... 49
3.2.3 Product Features .................................................................................................................................... 51
3.2.4 Product Specifications........................................................................................................................... 52
3.3 NetEngine20E/20 Series Multi-Service Router .............................................................................................. 53
3.3.1 Overview ............................................................................................................................................... 53
3.3.2 Product Models ..................................................................................................................................... 53
3.3.3 Product Features .................................................................................................................................... 54
3.3.4 Product Specifications........................................................................................................................... 55
WAN Interconnection Solution
Technical Proposal 1 Overview of WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 1
1 Overview of WAN Interconnection
1.1 Challenges to WAN Interconnection
While the wide area network (WAN) offers a cost-effective way to connect geographically
separated business locations, using the WAN brings a number of challenges. Enterprises need
careful planning to ensure reliable handling for mission-critical functions such as the
production service system, operating management system, and office automation system. In
this regard, WAN interconnection brings the following challenges:
How does the enterprise transmit various enterprise services on an IP network?
How does the enterprise ensure the reliability of an IP network?
How does the enterprise ensure security?
How does the enterprise ensure maintainability and manageability over time?
1.1.1 Multi-Service Transmission
Today’s enterprises require the use of multiple services:
Real-time and non-real-time services
Key services and less-critical services
Voice services, data services, and video services
These services have different quality of service (QoS) requirements. For example, key
services require rapid forwarding but have low requirements for bandwidth. Office data
services are insensitive to latency but require a bandwidth guarantee. Finding the right ways
to transmit all these services on a WAN is the key to building a secure and effective IP
network.
1.1.2 High Reliability
An IP network must provide 99.999% reliability to ensure uninterrupted services. Achieving
this level of reliability requires eliminating single-device faults and single-link faults. The
WAN solution must also implement end-to-end switching within 200 ms.
WAN Interconnection Solution
Technical Proposal 1 Overview of WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 2
1.1.3 Security
Every enterprise requires high internal and external network security, from E-government
intranets to networks for key industries such as petroleum, national power, and banking.
Because the WAN is more vulnerable, compared to internal networks, careful measures must
be taken to guard the security of the IP network.
1.1.4 Maintainability
As the network expands to support services, network maintenance becomes increasingly
complex and requires specialized IP maintenance personnel. To enable personnel to maintain
and manage the network efficiently, the IP WAN interconnection solution must offer features
for easy maintainability, such as visual management and unified management of the entire
network.
1.2 Requirements for WANs
1.2.1 Requirement for Service QoS
Overview of WAN QoS
A traditional IP network can forward packets only in best-effort mode. The network transmits
packets in its capacity range, offering no guarantee for throughput, latency, jitter, or packet
loss ratio. If packet loss or excess latency occurs, terminals connected to the IP network need
to take measures to ensure data correctness. A mechanism such as connection admission
control (CAC) helps prevent bandwidth overload from deteriorating transmission performance.
However, the connectionless mechanism or dynamic routing protocols used on the traditional
IP network will result in high transient jitter. Therefore, the traditional IP network offers little
end-to-end QoS guarantee.
As the requirements on IP networks evolve, the IP WAN must carry a variety of real-time
services such as VoIP and IPTV that require an end-to-end QoS guarantee. The best-effort
mode of the traditional IP network cannot meet the needs of these applications.
At the same time, other services have different QoS requirements. For example, email and
FTP are not sensitive to latency. Therefore, the WAN solution must provide differentiated
services to ensure packet transmission for QoS-sensitive applications without devoting
excessive resources to non-critical services.
QoS mechanisms can provide differentiated service capabilities based on different
requirements. Availability, latency, jitter, and packet loss ratio are four performance indicators
for measuring the service level agreement (SLA) of an IP network:
Availability refers to the percentage of usable service time to total service working time.
Within five consecutive minutes, if the packet loss ratio of the services provided by an IP
network is less than or equal to 5%, the services are considered to be available in this
time period.
Latency refers to the interval from transmission to reception of an IP packet.
Jitter refers to the deviation of latency between different packets.
Packet loss refers to the ratio of lost IP packets to transmitted packets between two
reference points. Packet loss is mainly caused by network congestion.
WAN Interconnection Solution
Technical Proposal 1 Overview of WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 3
Effectively implementing IP QoS technologies achieves the following advantages:
Controls network resources and their use.
Integrates multiple services such as voice, video, and data into a single IP network
platform.
Provides differentiated services based on different users requirements.
Goal of QoS Construction of IP WANs
IP WANs should meet the QoS requirements of various telecom services and signaling. At
present, among services on IP WANs, key real-time services of enterprises have high QoS
requirements. IP WANs need to both transmit multiple services of enterprises and provide
QoS guarantees for real-time services.
The following table lists the QoS values recommended by the ITU-T for IP WANs.
Table 1-1 Goal of QoS construction of IP WANs
Application Type
Typical Service
Latency
(End-to-End Unidirectional)
Jitter
(End-to-End Unidirectional)
Packet Loss Ratio
(End-to-End Unidirectional)
Bandwidth
Real-time
voice/video
VoIP
Video phone
150 ms 20 ms 0.1% Guarantee
Real-time data Signaling 150 ms N/A 0.1% Guarantee
Streaming
multi-media
IPTV/VoD 1000 ms N/A 0.1% Guarantee
Normal data Internet access N/A N/A N/A Self adapt
1. Considering low-speed links, the ITU-T recommends 50 ms as the jitter value. For most users, the real jitter is 20 ms.
2. The preceding data is from ITU-T Y.1541 and recommended by the ITU-T. The end-to-end distance is less than 5000 km.
In the actual solution, do not totally rely on technical means to solve the QoS problem.
Instead, fulfill the construction thoughts of IP telecom networks and take into consideration
all factors such as comprehensive analysis of traffic models, network design, QoS assurance
technologies, and reliability improvement to achieve the goal of QoS construction of WANs.
1.2.2 Requirement for Service Reliability
As the types and importance of the services on IP WANs have been increasing, services are
becoming more and more sensitive to network quality. They require not only network
recoveries upon faults, but also short recovery duration. The planning for IP WANs must meet
the requirements of real-time service, non-real-time service, key service, and non-key service
of enterprises, to guarantee reliable service deployment.
The reliability of IP WANs generally includes three aspects:
Equipment reliability
Network reliability
WAN Interconnection Solution
Technical Proposal 1 Overview of WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 4
Fault protection switching time
Despite the dynamic protocol, redundancy connection, and other reliability technologies, the
traditional IP network does not meet the carrier-class requirements. In terms of reliability
index, a common IP network fault will result in service interruption for seconds or even
minutes. Such an index can meet the requirement for carrying traditional Internet services, but
not the QoS requirements of real-time voice and video services.
The requirements of carrier-class services for the reliability of a network are as follows:
The availability of network equipment reaches 99.999%.
The network availability reaches 99.999%.
Fault protection switching time: For a backbone network, less than 50 ms is
recommended for the link protection switching time (to meet the SDH requirements).
Key components of network equipment are redundant and interface boards are hot
swappable
Dual-node redundant backup is usually performed on key nodes.
The dual-homing design is used on key links.
1.2.3 Requirement for Service Security
The traditional IP network carries Internet services. As an open network, Internet is vulnerable
to a mass of viruses, illegal attacks, and malicious service thefts. Such a network can hardly
guarantee the security of services.
The next-generation IP WANs will carry various key real-time services, which have a high
requirement for network security. Therefore, the security problem must be solved in the
process of network planning. Security includes the following three aspects:
Confidentiality: Only the receiver designated by the sender can identify the
communications contents.
Data integrity and consistency: While being transmitted from the sender to the receiver,
information is not modified by the third party.
Service availability: This can be guaranteed by preventing malicious attacks on the
network.
To improve service security and meet the carrier-class requirements, IP WANs must meet the
following requirements:
Service security isolation: The network is physically isolated, or a service-based logical
network can be built on a single physical network. In this case, there is no service
leakage between logical networks and from the logical network to the infrastructure
network under any circumstances.
Inside the logical network: The network provides security measures to protect the
security of internal key systems, preventing service thefts.
Reliability of infrastructure network: The infrastructure network (equipment) of the
network can effectively prevent illegal attacks and viruses, to ensure sustained and stable
network operation without degrading network performance.
WAN Interconnection Solution
Technical Proposal 1 Overview of WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 5
1.2.4 Requirement for Service Operation and Management
An IP network is both a transmission network and a service network. Traditional IP networks
focus on the openness but ignore the manageability. With the development trend of all-IP
services in WANs, an IP network is required to carry more and richer enterprise-class services.
To reach this goal, provide users with efficient network operation and management methods.
Manageability refers to not only the conventional network equipment management, but also
the service management capabilities, including user management capability, service quality
management capability, and service security management capability. These service
management functions can hardly be implemented if they are designed only in a module of
the BSS/OSS other than in network devices and network structure. Therefore, in IP WAN
planning, consider the various flexible capabilities of the transmission network for user
management, service management, and security management.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 7
2 Recommendations on Planning for WAN Interconnection
2.1 WAN Networking Principles
2.1.1 Network Construction Mode
Huawei recommends large enterprises to construct a new IP WAN in the process of transition
to ALL IP network. Network construction principles are as follows:
Layered network structure
Network structure is divided into three layers: core layer, backbone layer, and service
access layer. Layer-2 and layer-3 networks are separated to construct layer-3 routing
backbone network and layer-2 MAN with clear physical and logical levels.
Flattened network structure
Large-capacity devices are adopted to reduce the number of nodes as well as the number
of physical and logical cascade connection layers and to ensure wide coverage.
At the service access layer, the layer-2 Metro Ethernet network is adopted.
At the service access layer, the layer-2 Metro Ethernet network is adopted. Metro
Ethernet adopts RPR/RRPP ring networking mode to save optical fibers and improve
reliability.
Redundancy backup of key nodes and links
For important nodes with heavy traffic, dual devices are adopted for redundancy backup.
When the lower link connects to the upper link, dual homing is adopted.
2.1.2 Network Architecture Design Principles
Network Topology Design Principles
According to the WAN design principle, all the nodes of the entire network are located in an
AS and the flattened networking is used. The overall network topology design principles are
as follows:
The layered design is used. It divides a network into three layers: the access layer,
backbone layer, and core layer.
At the same layer, devices should be interconnected as much as possible. The core node
uses the redundancy mechanism.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 8
The lower-layer device is dual-homed or multi-homed to a single node or multiple nodes
of a device.
The network topology can be adjusted according to the service traffic.
Core Node Design Principles
The core-layer devices can constitute a mesh network, semi-mesh network, or RPR ring
network. The backbone-layer devices are dual-homed to the core-layer devices. The core node
design principles are as follows:
The current traffic volume and forecast size of a node rank top.
A node has rich transmission resources and is located at the intersection of transmission
trunks.
A node is located in a central city.
In principle, core nodes are fully connected.
According to traffic and transmission resources, core nodes are not fully connected but
semi-connected.
According to the requirements for reliability protection and saving of optical fibers, the
RPR ring network technology is adopted.
According to the backbone-layer networking conditions, multiple devices can be
deployed on a single core node.
Ensure that at least one hop is reachable between two nodes with heavy traffic.
If there is little traffic between two nodes, multiple hops can be considered.
Transmission distance has a great impact on time delay. Try not to detour.
Backbone Layer Design Principles
The backbone layer converges user traffic and services at the same time. Prevent a large
number of access-layer devices from directly connecting to the core layer. The backbone layer
design principles are as follows:
According to the forecast of the traffic direction, backbone nodes are deployed in the
cities which have the main traffic (usually the regional central cities) as centers. Network
structure optimization should be fully considered and more than one administrative
region can be involved.
According to the size and traffic of a city, multiple backbone nodes can be set.
In a city where a core node is set, a backbone node can be integrated with the core node
based on the actual situation.
According to the reliability of links between backbone nodes and core nodes as well as
the reliability of core nodes, backbone nodes can be connected to different core nodes
respectively.
According to the traffic size between backbone nodes, links can be directly added
between convergence nodes with much traffic to distribute traffic.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 9
Service Access Node Design Principles
The service access layer is constituted by layer-2 Metro Ethernet. Metro Ethernet consists of
Ethernet switches. The service access node design principles are as follows:
To save optical fibers and improve reliability, adopt RPR/RRPP rings to constitute a
network.
In the densely populated areas, the layer-1 ring is used to constitute a network.
− At each PoP, set one to three AGG-Rings.
− For each AGG-Ring, set four to eight UPEs.
− For each UPE, set three to ten DSLAMs.
In the sparsely populated areas, the layer-2 ring is used to constitute a network, with the
aim to save optical fibers.
− For each AGG-Ring, set three to ten ACC-Rings.
− For each ACC-Ring, set four to eight UPEs.
− For each UPE, set three to ten DSLAMs.
Traffic Transmission Principles
Planning the link metric of the whole network controls the service traffic of the whole
network scientifically. It is recommended that traffic control should abide by the following
principles:
In terms of route, number of actual hops ≤ minimum number of hops + 2.
In terms of traffic sharing, traffic is shared properly and the routes with great pressure
are avoided. For example, traffic between PoP nodes does not pass through the access
node. The traffic within a node does not pass through other nodes. That is, traffic at the
lower layer is only transmitted at the lower layer but not at the upper layer.
In terms of backup: Backup should be reasonable (the backup path is relatively short in
most cases; traffic should pass through the nodes and links with small pressure as much
as possible). If the connections between PoP nodes are interrupted, traffic should be
forwarded through the core node, but not the access node. If a fault occurs on the uplink
to which a device connects within a PoP node, traffic should pass through another device
that connects to the same node, but not other nodes.
In terms of analysis and adjustment, for a particular destination, the path should be clear
as much as possible to facilitate analysis and adjustment.
2.1.3 WAN Layered Networking Principles
A WAN can be divided into the core layer, backbone layer, and service access layer, as shown
in Figure 2-1.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 10
Figure 2-1 WAN network architecture
Core layer
Backbone layer
Access layer
Core Layer Networking Principles
At the core layer, full connection, semi-connection, or RPR ring network modes can be
adopted based on user traffic, optical fiber resources, and other conditions. In addition, hybrid
design should be conducted for partial structure in accordance with the actual project
situation.
In full-connection scheme, a direct link can be directly set between any two nodes at the core
layer. Meanwhile, links can be bundled to provide higher bandwidth between two nodes and
further extend the bandwidth. However, full connection of nodes requires a lot of optical fiber
resources, greatly increasing overall network cost. This scheme is recommended for
enterprises which have huge traffic and rich optical fiber resources. In addition, the partial
full-connection networking mode can be adopted based on the actual project situation to
reduce the required optical fiber resources.
RPR is an advanced reverse double-ring networking scheme. It can significantly save optical
fiber resources and provide protection switching within 50 ms. Meanwhile, it can provide a
large number of advanced features to facilitate network deployment and network operation
and maintenance management. However, the current RPR technology supports only 10 G
interfaces and does not support link bundling. Therefore, scalability of RPR is restricted.
Overseas enterprises can adopt RPR networking scheme based on the actual situation only if
traffic can be satisfied.
The advantages of the two schemes can be combined. Based on RPR networking, when there
is huge traffic between two nodes on a ring, a direct link is set between the two nodes to
ensure large capacity provision. In this way, optical fiber resources are saved, high reliability
is ensured, and the requirements for high bandwidth between some nodes are satisfied.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 11
Figure 2-2 Full mesh and RPR ring
Full Mesh structure RPR ring structure
Backbone Layer Networking Principles
The backbone layer has two networking models, as shown in Figure 2-3.
Model 1: Only one PE is adopted and the PE is dual-homed to two Ps.
Model 2: Two PEs are set on a PoP node for redundancy backup. Each PE is connected
to a P. That is, on a backbone node, two links are connected to a P.
Figure 2-3 Two networking modes of a backbone network
Service Access Layer Networking Principles
Considering the access quantity and device performance, the service access layer networking
principles are as follows:
In the service-intensive area, sites are relatively concentrated. The layer-1 ring network
is usually adopted.
In the service-sparse area, sites are relatively dispersed. Due to the geographical range,
the layer-2 ring network can be adopted.
P P
PE
P P
PEPE
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 12
Figure 2-4 Network architectures of service-intensive mode and service-sparse mode
2.2 IP Address Planning
2.2.1 IP Address Assignment Principles
The assignment and reasonable use of IP address space is closely associated with the network
topology, network organization, and routing policy. It will have a significant impact on the
availability, reliability, and effectiveness of MANs. Therefore, the requirement of the local
network for IP addresses must be considered to satisfy the requirement for IP addresses for
future service development. The MAN IP address planning should abide by the following
principles:
IP address planning and assignment should satisfy requirements from the rapid
development of MAN service and address segments should be reserved for future service
development.
IP address assignment must be flexible enough to access a variety of users such as
dial-up users and leased line users.
Address assignment is driven by services. Assign address segments for each place
according to the volume of services.
Adopt the VLSM technology for IP address assignment to ensure the utilization of IP
addresses.
Adopt the CIDR technology to reduce the size of routing table of routers, speed up the
routing convergence of routers, and reduce the size of routing information broadcast in
the network.
Adopt the hybrid address assignment mode that combines public and private addresses or
dynamic and static addresses to relieve the current pressure of serious shortage of IP
address resources.
IP address planning should take the network level into consideration to implement
hierarchical management.
Fully and properly use the applied address space to improve address utilization.
CPE
UPE
PE-AGG
AGG-RingAGG-Ring
CPE
UPE
PE-AGG-a
PE-AGGAGG-Ring
ACC-RingACC-Ring
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 13
2.2.2 Detailed IP Address Planning
Hybrid of Public and Private Addresses
The hybrid address assignment mode that involves public and private addresses can be
adopted in a MAN to save IP addresses and reduce the cost.
Both public and private addresses are used in a MAN. In a MAN, public and private
addresses are not converted. The routing devices in a MAN do not distinguish public
addresses from private addresses and support routing of public and private addresses.
At the network egress, the hybrid address switching router is adopted to convert
addresses. Only the private addresses of data packets are translated. Packets with public
addresses are forwarded.
Unified planning for private IP addresses is required to avoid confusion in the future.
Hierarchical Assignment
According to network structure, area, territorial allocation, and the number of users in an
area, the whole MAN is divided into several major regions.
A major region is divided into several sub-regions.
Each region obtains the sub-network segment from its higher-level region.
Regarding the network scalability, addresses should be assigned from both ends to the
middle.
This mode takes the planning for network level and routing protocol into full consideration.
Through the aggregation network, the network routing and the number of addresses for
maintenance in a network are reduced, fully reflecting the hierarchical management thought.
Private Address Assignment
Private addresses are usually configured in the following cases:
Residential users are usually assigned private addresses. Several successive IP addresses
(to facilitate aggregation) are assigned based on class C addresses.
For IP voice and video users, FANAVA assigns private IP addresses nationwide in the
unified manner and reserves IP addresses for the next few years. The mapping
relationships between the user number and the private IP address, public IP address of
media gateway, and public IP address of access gateway are stored in the softswitch
system, so that service traffic can be accurately routed to the user terminal during call
connection.
VPN users are assigned private IP addresses that are used in enterprises.
Public Address Assignment
The following devices are assigned public addresses, to ensure that both local users and
Internet users in other places are able to access the local server, without NAT restrictions.
Hosts on the Internet, such as web, FTP, and mail servers in IDC which need to be open
to the Internet
MAN gateway devices, which require public addresses to connect to the Internet
Devices on the routes which need to be broadcast externally (For example, a MAN
connects to two ASs at the same time and the inter-domain routing protocol BGP is
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 14
adopted. Because the MAN acts as the intermediate AS, the routes between AS egresses
may need to be broadcast on the Internet. In this case, public IP addresses are required.)
Enterprise users are assigned public addresses for NAT. An enterprise usually sets up an
intranet by using the private address and connected the intranet to the Internet by using
the NAT device. Assigning an enterprise public address will not affect the address
planning of the enterprise.
Users are assigned public addresses to surf the Internet by using ADSL, FTTX+LAN,
and other broadband modes. It is recommended that 40 to 100 users in a residential area
should be assigned one public IP address. If TCP port mapping can be realized, an IP
address can support more users.
Users are assigned public IP addresses to connect to the Internet in the narrowband
dial-up mode. Generally, each RAS port is assigned a publicIP address.
Leased line users are assigned public IP addresses to connect to the Internet. A user is
assigned a public IP address.
NAT Device Deployment
For small and medium-sized cities, it is recommended that the device that provides the NAT
function and hybrid address switching function should be deployed at the core layer of a
network to reduce device investment and enhance network manageability.
For large cities, consider providing the functions at the aggregation layer or access layer to
reduce the pressure on the devices at the core layer.
Address Redundancy
In the process of address planning, reserve 50% to 80% IP addresses.
2.2.3 NGN Private Network Address Traversal
A large number of enterprise networks and customer premises networks (CPNs) that are
carried on IP WANs basically adopt private IP addresses to connect to the public network
through the NAT/FW device at the egress. However, in the current IP WANs, it is difficult for
the control channel or media channel of the protocols, which are used to carry voice and video
over IP such as H.323, SIP, MGCP, and H.248, to traverse the traditional NAT/FW devices to
communicate with the public network in the application of private network user access. That
is, currently, most of NATs/FWs support the traversal of HTTP data application protocol, but
do not support NAT/FW traversal for the signaling and media streams of session service.
The biggest advantage of the NGN is to provide users with rich services; especially it
provides enterprise users with IP Centrex service that integrates voice, data, and video.
Therefore, the preceding problem in the current IP WANs is becoming the biggest obstacle to
launch the NGN service. At present, the solutions in the industry are as follows:
Network address translation (NAT)/Application layer gateway (ALG) mode
Middle box communication (MIDCOM) mode
Simple traversal of UDP through network address translators (STUN) mode
Traversal using relay NAT (TURN) mode
Signal proxy + media relay (Full Proxy) mode
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 15
Table 2-1 illustrates the comparison of the five modes.
Table 2-1 Comparison of NGN private network traversal modes
Item ALG MIDCOM STUN TURN Full Proxy
Performance The NAT device
needs to
dynamically
monitor and
parse all packets,
which will
greatly increase
the burden on
the NAT device.
The NAT device
does not need to
dynamically
monitor packets
but needs to
receive commands
from the
MIDCOM agent,
which will not
increase the burden
on the NAT
device.
The NAT device
does not need to
parse packets,
which will not
increase the burden
on the NAT
device. The
performance is
good.
The NAT device
does not need to
parse packets,
which will not
increase the
burden on the
NAT device. The
performance is
good.
Full Proxy
forwards all call
packets and media
streams in the
designated
direction. A high
efficiency is
required, but Full
Proxy processes
only session
packets but not
data service
packets.
Extensibility Each time a
protocol is
added, the NAT
device needs to
be upgraded.
The extensibility
is poor.
The protocol is
developed on the
agent.
Only the protocols
over UDP are
supported. A new
protocol based on
UPD, does not
require upgrade of
the NAT device.
The extensibility
is the best.
A new protocol is
extended on the
proxy.
Networking
application
This mode is
applicable to
residential and
enterprise
networks of not
too large scale.
This mode is
applicable to
residential
network, enterprise
network, and
gateway,
depending on the
efficiency of the
NAT device.
This mode is
applicable to
residential network
and enterprise
network.
This mode is
applicable to
residential
network and
enterprise
network.
This mode is
applicable to
residential
network,
enterprise
network, gateway,
and other NGN
networking
applications. The
flexibility is the
highest.
Current
device
alteration
The NAT device
needs to be
upgraded. The
development
cost is high.
The NAT device
needs to be
upgraded to
support the
MIDCOM
protocol. The call
agent supports the
MIDCOM
protocol.
The STUN server
needs to be
provided.
Meanwhile, the
terminal needs to
support the STUN
client function.
The TURN server
needs to be
provided.
Meanwhile, the
terminal needs to
support the TURN
client function.
Only the Full
Proxy device
needs to be
provided. Other
devices do not
need to be altered.
Security Relatively high High Low Low Highest
QoS Unguaranteed Guaranteed Unguaranteed Unguaranteed Guaranteed
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 16
According to the preceding introduction and comparison, Full Proxy and MIDCOM are
recommended. Other solutions are used according to the actual situation.
Having no need to alter the current network devices, the Full Proxy mode features strong
adaptability and flexible networking and can meet the requirements of diversified
networking and user access at the initial stage of NGN. In addition, it can solve the NAT
problems, greatly extend the functions, and implement the QoS and security of session
service at the access layer. Therefore, the user access platform of the NGN can be
developed.
The MIDCOM mode has strong extensibility. Once the NAT/FW device supports the
MIDCOM protocol, the MIDCOM agent can be embedded in the softswitch. The
NAT/FW traversal problem of NGN service can be solved. The softswitch itself parses
and processes users' call protocol packets and can deliver the call QoS and security
information dynamically. The Middle box (NAT/FW) device at the lower layer takes
necessary measures based on the information.
2.3 Routing Planning
2.3.1 Inter-Domain Service Planning
If an inter-domain MPLS VPN needs to be constituted (it seldom occurs), because Layer 3
MPLS VPN routes are carried using BGP, the inter-domain problem can be solved in the
following three modes:
VRF-to-VRF mode
EBGP mode
Multi-hop BGP mode
VRF-to-VRF
The VRF-to-VRF mode is the basic BGP/MPLS IP VPN application in the inter-AS scenario,
without requiring additional configurations. In this mode, ASBRs of two ASs are directly
connected and function as the PEs in their respective ASs. Either of the two ASBRs regards
the peer ASBR as its CE and advertises IPv4 routes to each other using EBGP, as shown in
Figure 2-5.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 17
Figure 2-5 ASBRs managing VPN routes in VRF-to-VRF mode
In Figure 2-5, ASBR-PE1 in AS 100 and ASBR-PE2 in AS 200 are one CE of each other.
The inter-AS VPN in VRF-to-VRF mode is easy to implement. The two ASBR PEs do not
need to be specially configured to implement inter-AS VPN.
The disadvantage is poor scalability. The ASBRs functioning as PEs need to manage all the
VPN routes and create a VRF for each VPN. This may result in a large number of VPN-IPv4
routes on PEs. In addition, as common IP forwarding is performed between the ASBRs, each
inter-AS VPN requires different interfaces, which can be sub-interfaces, physical interfaces,
and bound logical interfaces. Therefore, this mode poses high requirements for PEs.
The inter-AS VPN in VRF-to-VRF mode requires VPNs to be configured, without requiring
additional configurations for the inter-AS.
Advertising Labeled VPN-IPv4 Routes Between ASBRs Using MP-EBGP
In this mode, two ASBRs exchange labeled VPN-IPv4 routes that they receive from PE
routers in their respective ASs through MP-EBGP. ASBRs need to process labeled VPN-IPv4
routes. Therefore, this mode is also called ASBR extension mode, as shown in Figure 2-6.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 18
Figure 2-6 Advertising labeled VPN-IPv4 routes between ASBRs using MP-EBGP
The route advertisement process is as follows:
a. The PE in AS1 advertises labeled VPN-IPv4 routes to the edge router PE in AS1 or the
route reflector (RR) which reflects routes for ASBR PE using MP-IBGP.
b. The PE functioning as the ASBR advertises labeled VPN-IPv4 routes to the PE in AS2
(that is, the edge router in AS2) using MP-IBGP.
c. The ASBR PE in AS2 advertises labeled VPN-IPv4 routes to the PE in AS2 or the RR
which reflects routes for PE using MP-IBGP.
When the MP-EBGP mode is used, note the following:
ASBRs do not filter the VPN-IPv4 routes received from each other based on VPN targets.
Therefore, the SPs in different ASs that exchange VPN-IPv4 routes must reach a trust
agreement on route exchange.
VPN-IPv4 routes are exchanged only between VPN peers. A VPN cannot exchange
VPN-IPv4 routes with public networks or MP-EBGP peers with whom there is no trust
agreement.
In terms of extensibility, distributing labeled VPN-IPv4 routes in MP-IBGP mode is superior
to inter-ASBR VPN management through sub-interfaces.
PEs Advertising Labeled VPN-IPv4 Routes Using Multi-hop MP-EBGP
The preceding two modes can satisfy networking requirements of the inter-AS VPN. ASBRs,
however, need to maintain and distribute VPN-IPv4 routes. When each AS needs to exchange
a large number of VPN routes, ASBRs may hinder network extension.
One solution to the problem is that PEs directly exchange VPN-IPv4 routes with each other
and ASBRs do not maintain or advertise VPN-IPv4 routes.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 19
2.3.2 Routing Design
Routing Design Principles
Routing design is important to IP WANs and will directly affect the reliability and security of
WANs. The routing design should abide by the following principles:
Avoid route flapping in the entire network caused by partial route changes.
Balance network traffic in the entire network through routing design.
Avoid the situation where routes in an AS cannot be sent to other ASs and devices in the
AS cannot receive external routes.
Minimize the number of routes and take into account the transmission distance.
Implement fast convergence to find and respond to faults quickly so that the system
recovers from faults as soon as possible to avoid routing blackholes and routing loops.
Adopt the GR-enabled routing protocols.
Detailed Routing Design
All routers in a private network are located in a domain. The IS-IS or OSPF routing
protocol is used as an IGP. For flat routing design, IS-IS adopts the level-based mode,
while OSPF adopts the area-based mode.
BGP-4 is used as the inter-domain routing protocol of the private network. The AS
number is independent. At the border of an AS, routing transmitting, receiving,
summarizing, and attribute modification are controlled through EBGP.
Level-1 RR design is adopted to ensure that the number of BGP peers on each RR is less
than 100. When there are many clients, an independent router can be used as the RR. At
least two RRs are configured to avoid single-point faults. Clients are dual-homed to at
least two RRs.
The routes for router management address and link address are carried over IGP, while
the routes for private line users, 3G/NGN device address, and address pool are carried
over BGP.
MBGP is used in a VPN. The RR configuration principles for a VPN are the same as
those for the public network where BGP is used.
BGP or OSPF can be selected as the routing protocol between a PE and a CE in a VPN
based on the network size. In terms of security, the static routing protocol is
recommended.
The routing protocol supports MD5 authentication to ensure the security of the routing
protocol.
2.4 Reliability Planning for IP Layer
A stable and reliable network system is crucial to the normal operation of application systems.
Therefore, during network design, select highly reliable network products that have been
commercialized in a large scale, properly design network architecture, and develop reliable
network backup strategies to ensure the self-healing ability of the network and to support the
normal operation of the system to the most extent. The devices at the IP layer must achieve
99.999% reliability.
Huawei takes the lead in providing the end-to-end millisecond-level switchover scheme in the
industry, to meet the requirement for the reliability of carried telecom services (50 ms to 500
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 20
ms), to ensure the extensibility and feasibility of standard technologies, to reduce the
operation and maintenance cost, and to ensure the service operation effect.
2.4.1 Fault Detection Techniques
The traditional fault detection technique detects faults by monitoring the device interface
status. This detection technique can detect only physical faults and depends on Keepalive or
Hello packets sent by upper-layer routing protocols to detect faults such as forwarding engine
faults and unidirectional link faults.
Therefore, this fault detection mechanism requires a long time, uses a lot of resources, and is
not applicable to scenarios where different protocols are running.
To speed up fault detection and improve fault detection efficiency at the IP/MPLS layer, a
mechanism that can detect faults rapidly and support various protocols is required. MPLS
OAM and BFD are such mechanisms.
BFD
BFD is an interactive detection mechanism that rapidly detects communication faults between
systems and reports the detected faults to upper-layer applications.
BFD has the following functions:
Provides low-overhead, short-duration detection of faults in the path between adjacent
forwarding engines. These faults include interface faults, data link faults, and forwarding
engine faults. The BFD detection time is usually within 50 ms.
Provides a single mechanism for fault detection over any media and at any protocol layer
to implement BFD for Everything, such as BFD for IS-IS, OSPF, BGP, LSP, and TE.
With the preceding functions, BFD has been widely used to detect link faults and protocol
faults.
MPLS OAM
MPLS OAM is a rapid detection mechanism that checks MPLS LSP connectivity by allowing
nodes along an LSP to exchange OAM packets.
MPLS OAM provides the following functions, independent of upper-layer or lower-layer
protocols:
Detects, identifies, and locates MPLS user-plane faults efficiently.
Evaluates network usage and performance.
Performs protection switching in the event of a link defect or fault to provide services
according to the Service Level Agreements (SLAs).
For more information about MPLS OAM, see ITU-T Recommendation Y.1710 and Y.1711.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 21
2.4.2 Network Protection Techniques
On IP/MPLS networks, various network protection techniques are used to rectify faults:
Redundancy backup of main control boards, hot swap of boards, and GR, which ensure
device reliability
Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol
(GLBP), which improve node reliability
IGP fast route convergence and TE FRR, which ensure path availability
VPN FRR, which ensures PE reliability
The following are common network protection techniques.
IGP Fast Convergence
IGP fast convergence speeds up IGP route recalculation and convergence when a network
fault occurs. IGP fast convergence provides the following features:
Incremental SPF (I-SPF): calculates only the changed routes but not all routes each time.
Partial route calculation (PRC): calculates only the changed routes. It does not calculate
the shortest path but updates leaf routes based on the shortest path tree (SPT) calculated
by I-SPF.
LSP fast flooding: When a router receives one or more new LSPs, it floods out the LSPs
with a number smaller than the specified number before calculating routes. This
accelerates LSDB synchronization and network convergence.
Intelligent timer: adjusts the delay based on the route change frequency. This ensures fast
route convergence, without affecting router performance. Intelligent timers include the
SPF intelligent timer and LSP generation intelligent timer.
IP FRR
On legacy IP networks, it takes the routing system several seconds to complete route
convergence after a fault is detected. This convergence speed cannot meet requirements of the
services that are sensitive to packet delay and packet loss. For example, Voice over Internet
Protocol (VoIP) services are tolerant of millisecond-level interruption.
IP FRR allows the forwarding system to rapidly detect faults and take measures to restore
services as soon as possible. The IP FRR implementation principles are as follows:
When the primary link is available, you can configure IP FRR by using a routing policy
to provide the backup route information for the forwarding engine.
When the forwarding engine finds that the primary link fails, it uses the backup link to
forward traffic before the routes converge on the control plane.
IGP Auto FRR
In IP FRR, the backup next hop needs to be manually configured, which is complex and prone
to network loops if network planning is improper. IGP Auto FRR overcomes the preceding
problem.
IGP Auto FRR is a technique that allows routing protocols to generate the backup next hop
using routing algorithms according to the link status. This technique does not require manual
intervention, which reduces maintenance costs.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 22
BGP FRR
IGP/LDP FRR can rapidly switch traffic to another link when a link fault occurs. However,
when a fault occurs on a BGP node, routes need to converge on the BGP control plane and
then be delivered to the forwarding table. The route convergence time may reach the second
level. The BGP indirect next hop technique speeds up route convergence on the control plane,
but it still cannot ensure carrier-class reliability.
In BGP FRR, the LDP label or BGP label of a sub-optimal route is installed into the
forwarding table as a backup routing entry. When a rapid fault detection mechanism such as
BFD detects that the optimal route becomes unavailable, services are switched to the backup
route. This implements fast service switchover.
LDP FRR
With LDP FRR, the fast convergence of the LDP LSP can be achieved. LDP FRR means that
the device takes the optimal route of the LDP as the forwarding entry as well as takes the
secondary optimal route of the LDP as the backup path and puts it in the forwarding table.
When a fault occurs on the optimal next top, the device directly uses the backup path/label for
forwarding.
Through BFD, the connection to the optimal next top can be rapidly detected and the
convergence speed of 50 ms can be achieved.
There are some restrictions on the use of the LDP FRR convergence technology. For example,
in a ring network, the sub-optimal next hop may send packets back to the node, which causes
a forwarding loop.
Compared with the FRR protection technology for RSVP TE, the LDP ERR protection is
based on single points and end-to-end protection is not required.
MPLS TE FRR
MPLS TE FRR protects links and nodes in MPLS TE. When an LSP link or a node fails,
traffic can be forwarded along the tunnel of the protected link or protected node. This ensures
uninterrupted traffic forwarding. In addition, the ingress can continue re-establishing the
primary path without affecting data transmission.
In MPLS TE FRR, an LSP is established to protect one or more LSPs. This LSP is called the
FRR LSP and the protected LSP is called the primary LSP. When a link or node fails, MPLS
TE FRR uses the FRR LSP to transmit traffic; therefore, the primary LSP is protected. All the
nodes in the MPLS TE system need to participate in the establishment of the FRR LSP and
primary LSP.
MPLS TE FRR is implemented based on RSVP TE and complies with RFC 4090.
VPN FRR
MPLS TE FRR protects services in the case of a link or node failure between two PEs at both
ends of a TE tunnel; however, MPLS TE FRR cannot protect services in the case of a PE
failure.
Once a PE fails, services can only be restored by means of end-to-end route convergence and
LSP convergence. The service convergence time depends on the quantities of MPLS VPN
routes and hops on a network. The convergence time is usually 5s on a typical network, which
is longer than 1s required for end-to-end service convergence.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 23
VPN FRR solves the preceding problem. In VPN FRR, primary and backup forwarding
entries with the primary PE and backup PE as their respective destinations are preconfigured
on the remote PE. Rapid PE failure detection is also used so that the end-to-end service
convergence is within 1s on an MPLS VPN where a CE is dual homed to two PEs. The
recovery time is independent of the quantity of VPN routes.
2.5 Reliability Planning for Optical Transport Layer
The reliability planning for WANs refers to the reliability planning for the IP network.
Because the transport network at the bottom layer is the operator's network, enterprise users
do not need to consider its reliability.
However, some large or super-sized enterprises may build their own optical transport
networks. In this case, the reliability of the IP network needs to be considered in addition to
the reliability of the optical transport network.
The optical layer is a low-layer physical network of the service and data networks. If the
optical layer is unreliable, the service and data networks cannot operate properly. Therefore,
the optical layer uses various protection measures to ensure high reliability.
Protection measures at the optical layer include equipment-level protection measures and
network-level protection measures. Equipment-level protection includes SCC 1+1 protection,
cross-connect board 1+1 protection, DC input protection, centralized power protection, fan
redundancy protection, and subrack communication protection. The equipment-level
protection measures are not described in this document.
Network-level protection refers to the protection on all devices and links on the entire
network, including:
Optical line protection
Optical channel protection
Subnet connection protection
ASON protection
2.5.1 Optical Line Protection
Optical line protection uses the dual fed and selective receiving function of OLP boards and
diverse routes to protect the fibers between adjacent stations.
Each optical line uses two pairs of fibers. One pair functions as the working path to transmit
service signals. The other pair functions as the protection path to transmit service signals
when a fiber break occurs on the working path or signal attenuation is too large. Figure 2-7
shows the diagram of optical line protection.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 24
Figure 2-7 Optical line protection
Working signals
Protection signals
2.5.2 Optical Channel Protection
Optical channel protection includes client 1+1 protection and intra-board 1+1 protection.
Client 1+1 Protection
Client 1+1 protection uses the dual fed and selective receiving function of OLP/DCP boards
or the dual fed and dual receiving function of SCS boards to protect OTUs and OCh fibers. A
working wavelength and a protection wavelength are transmitted in two different routes to
protect OTUs.
When the SCS board is used on a device, the device opens the client-side laser of the working
OTU and closes the client-side laser of the backup OUT. When the working OTU detects an
SF or SD alarm, it reports the SF or SD alarm to the SCC board. The SCC board then closes
the client-side laser of the working OTU and opens the client-side laser of the backup OTU. A
switchover is completed.
When the OLP or DCP board is used on a device, the device opens the client-side laser of both
the working OTU and backup OTU. When the working OTU detects an SF or SD alarm, it
reports the SF or SD alarm to the SCC board. The SCC board then closes the client-side laser of
the working OTU. So the R_LOS alarm occurs on the OLP and the OLP performs switching.
Figure 2-8 Client 1+1 protection
Working signals
Protection signals
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 25
Intra-Board 1+1 Protection
Intra-board 1+1 protection uses the dual fed and selective receiving function of OTU, OLP, or
DCP boards and diverse routes to protect services. This protection measure is applicable to
chain networks and ring networks and uses the single-ended switching mode.
On a chain network, intra-board 1+1 protection provides diverse routes between adjacent
stations the same way as optical line protection. On a ring network, intra-board 1+1 protection
uses the diverse routes to protect services. Services are transmitted in the clockwise or
counter-clockwise direction on the ring, and finally reach the destination node.
Intra-board 1+1 protection is implemented in the following ways:
Uses the OTU with the dual fed and selective receiving function to protect services, as
shown in Figure 2-9.
Uses the OLP or DCP board with the dual fed and selective receiving function to protect
services. The network diagram is the same as Figure 2-9.
Figure 2-9 Intra-board 1+1 protection
Working signals
Protection signals
2.5.3 Subnetwork Connection Protection
Subnetwork connection protection (SNCP) predefines a dedicated protection route for a
subnet. If a fault occurs on the subnet, the protection route replaces the subnet to transmit
traffic.
SNCP protects channels without using the APS protocol. It sets up a two-fiber path protection
ring on a ring network. SNCP is applicable to various complex network topologies and
provides fast service switching.
SNCP includes sub-wavelength (SW) SNCP, ODUk SNCP, VLAN SNCP, tributary SNCP,
and master slave (MS) SNCP. This document uses ODUk SNMP as an example. For the other
types of SNCP, see the OptiX OSN 6800 documents.
ODUk SNCP protection uses the dual fed and selective receiving function of the
cross-connections at the electrical layer to protect line boards and OCh fibers. It protects
inter-subnet services without using any protocol. ODUk SNCP is applicable to various
networks. Figure 2-10 shows the working process of ODUk SNCP.
In the transmit direction, services to be protected are input through the tributary board.
They are transmitted to the working line board and backup line board by using working
signals and protection signals. The working signals and protection signals are transmitted
in the working channel and the protection channel respectively.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 26
In the receive direction, only the cross connection corresponding to the working line
board is valid and the cross connection corresponding to the backup line board is
disconnected. When the working channel is faulty, the line board reports an alarm to
trigger an SF or SD alarm. After detecting the SF or SD alarm, the main control board
disconnects the cross connection corresponding to the working line board and enables
the cross connection corresponding to the backup line board. Service signals are
transmitted over the protection channel.
After the working channel is recovered, service signals are switched back to the cross
connection corresponding to the specified line board.
Figure 2-10 ODUk SNCP protection
Working signals
Protection signals
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 27
2.5.4 ASON Protection
On legacy networks, wavelength division multiplexing (WDM) devices were the replacement
for fibers. In recent years, they have been used to transmit user's services. The devices must
be easy to operate and manage. The legacy networks have the following problems:
Service configuration procedures are complex, and it takes a long time to expand
capacity or launch services.
Bandwidth use is inefficient because about 50% bandwidth must be reserved on the ring
network.
Only a few protection measures are provided, so network self-healing capability is poor.
Automatically Switched Optical Network (ASON), also called intelligent optical transport
network, is used to solve the preceding problems. ASON uses GMPLS-UNIs and a control
plane on transport networks to enhance the network connection management and fault
recovery capabilities of optical transport devices. It supports end-to-end service configuration
and multiple service restoration methods.
Compared with WDM, ASON has the following advantages:
Computes routes using optical parameters and discards the routes that do not match the
optical parameters.
Adjusts wavelength during rerouting, eliminating wavelength conflicts.
Allocates wavelength for new services automatically.
Supports automatic configurations for end-to-end services.
Discovers topology automatically.
Protects the mesh network to enhance network availability.
Assigns protection priorities to services according to the priorities of the client-layer
signals.
Uses traffic engineering to dynamically adjust network topology according to users'
service requirements. This implements optimal network resource allocation.
The following sections describe the transport layer protection mechanisms based on ASON.
Mesh Networking
Mesh networking is a widely used networking type of ASON, and is flexible and easy to
extend. Compared with WDM networking, mesh networking supports more recovery paths,
which improve network security and reduce network resource waste.
In addition to the traditional protection measures (such as 1+1 protection) and shared
protection measures, the mesh networking can also use the rerouting mechanism to protect
services. Using all the preceding measures, the mesh networking is capable of restoring
services in any situations.
As shown in Figure 2-11, if the link between device C and device G is interrupted, a route
from device D to device H is generated. Services are restored through a newly generated LSP.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 28
Figure 2-11 Service protection and restoration using the mesh networking
Dynamic Rerouting
Rerouting recovers services when network faults occur. In non-revertive mode, the first node
on an interrupted LSP calculates the optimal path, and then sets up a new LSP using signaling
messages. Services are transmitted over the new LSP. The interrupted LSP is deleted after the
new LSP takes effect.
Rerouting, as a key technology of GMPLS/ASON, protects services without a waste of
resources. It is also a revolutionary improvement for traditional protection measures.
Rerouting protects services even if fibers are interrupted frequently.
As shown in Figure 2-12, an LSP passes devices A, D, G, and K. When the link between
devices D and G is interrupted, the rerouting process is as follows:
The FIU (for optical layer) or OUT (for electrical layer) of device D detects an alarm,
and then reports the alarm to the GMPLS module.
The GMPLS module on device D checks the affected intelligent services and sends a
Notify message to device A.
After receiving the Notify message, the GMPLS module of device A calculates an
end-to-end protection path and sends a PATH message along the new path. A reverse
cross-connected path destined for device K is set up.
After receiving the PATH message, the GMPLS module of device K returns a RESV
message along the new path to set up a cross-connected path destined for device A.
After receiving the RESV message, device A enables the alarm function and sends a
PATH message to request the downstream devices to enable the alarm function. The
downstream devices enable the alarm function for the new path.
After all devices on the LSP enable the alarm function, the old LSP is deleted if the
non-revertive mode is used. The rerouting process is complete.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 29
Figure 2-12 Rerouting diagram
Preset Protection Path
Preset protection paths ensure high reliability for services. When a path fails, the GMPLS and
ASON networks restore services using the preset protection path. The service paths on the
networks are controllable. If services cannot be restored, a new route is calculated.
To ensure that routes are controllable after fibers are disconnected multiple times, the ASON
allows more than one preset protection path for an end-to-end route (at the optical layer or
electrical layer). An LSP can have two preset protection paths and the paths have their own
priorities.
Resource Sharing on Working/Protection Paths
Resource sharing on the working and protection paths provides restoration resources as many
as possible. Figure 2-13 shows a tangent ring network where resource sharing is used.
The blue and red real lines indicate the working and protection paths. When link 1 and link 2
are broken, the working and protection paths are invalid. If the working and protection paths
cannot share resources, services will not be restored. If the paths can share resources, some
links on the paths form a complete backup path. The green broken lines in the figure indicate
the backup path. If link 3 is broken, the path represented by purple lines is formed.
A
B
D
C
E
F
G
H
K
Notify
PATH
PATH
PATH
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 30
Figure 2-13 Resource sharing on working and protection paths
Service Association
Two LSPs are associated. When an LSP is performing rerouting or optimization, this LSP is
separated from the other one. The two LSPs do not overlap each other. Service association is
applicable to the services having two access points (dual homing).
As shown in Figure 2-14, the two LSPs D-E-I and A-B-G-H are associated. If the link
between devices B and G is broken, the LSP A-B-G-H performs rerouting and the LSP D-E-I
is not affected.
Figure 2-14 Service association
SLA for Differentiated Services
WDM/OTN-based GMPLS and ASON provide protection services of different levels,
including Diamond, Silver, and Bronze. Users pay different fees for different service levels.
Table 2-2 lists the service levels.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 31
Table 2-2 Service levels
Service Level Protection and Recovery
Implementation Switchover Time
Diamond Protection and
recovery
Intra-board 1+1 protection,
ODUk SNCP, SW SNCP,
rerouting
Shorter than 50 ms
Silver Recovery Rerouting -
Bronze No protection, no
recovery
- -
2. Diamond service
Diamond service has the best protection ability. When there are enough resources on the
network, diamond service provides permanent 1+1 protection for paths such as ODUk paths.
Diamond services are applicable to voice and data services, VIP private line, such as banking,
security, and aviation.
A diamond service provides 1+1 protection from the source node to the sink node. It is also
called a 1+1 service. There are two LSPs available between the source node and the sink node.
The two LSPs are separated. One is the working LSP and the other is the protection LSP. The
same service is transmitted to the working LSP and the protection LSP at the same time.
When the working LSP is normal, the sink node receives services from the working LSP;
otherwise, the working LSP receives services from the protection LSP.
Figure 2-15 shows the network diagram of diamond service.
Figure 2-15 Diamond service
The diamond service uses the following rerouting policies:
Permanent 1+1 protection: triggers rerouting once an LSP fails.
Rerouting 1+1 protection: triggers rerouting only when the two LSPs fail.
No rerouting: does not trigger rerouting no matter whether LSPs fail.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 32
3. Silver service
Silver services include WDM ASON OCh paths, ODUk paths and Client paths. The recovery
time is several seconds. The silver service is suitable for the delay-insensitive services such as
data service and residential Internet service.
Silver service provides connections from the source node to the sink node with the rerouting
protection. It is also called rerouting services. If an LSP fails, rerouting is repeatedly initiated
to restore services until rerouting is successful. The silver service computes protection paths
without a reservation of resources. Hence, the bandwidth utilization is high. However, if
network resources are insufficient, services may be interrupted.
As shown in Figure 2-16, the silver service is provided for the path A-B-G-H-I. If the link
between devices B and G is broken, device A initiates rerouting to create a new path.
Figure 2-16 Silver service
4. Bronze service
The bronze services are seldom used. Generally, temporary services, such as the abrupt
services in holidays, use the bronze service. The paths of bronze service include OCh paths,
ODUk paths, and Client paths.
The bronze service means no protection. If an LSP fails, rerouting is not triggered and
services are interrupted.
----End
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 33
2.6 IP&OTN Protection Synergy
A fault on the WAN or backbone network affects thousands of enterprises' services, which
lowers these enterprises' production efficiency and delays their response to market changes.
Therefore, reliability of the WAN and backbone network is important to enterprises' business
and competitiveness.
Although both the IP layer and transport layer have many protection mechanisms,
mechanisms may not collaborate well with each other. For example, some protection
mechanisms fail to function together or some protection mechanisms repeat each other,
resulting in a waste of resources and service quality degrade.
Protection synergy uses the protection mechanisms on both the IP layer and transport layer
according to requirements of the WAN and backbone network. The major protection features
include static SRLG, dynamic SRLG, intelligent control plane synergy, and layered protection
synergy.
2.6.1 Multi-Layer Network Planning Tool
Legacy WAN and backbone network are planned layer by layer, wasting network resources
and making QoS and reliability complex. When the network is large, concurrent designs are
very difficult.
Unlike layer-by-layer network planning tools, a multi-layer network planning tool improves
resource utilization and network reliability by planning the IP layer and transport layer
together. This tool has the following advantages:
Allocates bandwidth for the two layers based on traffic volume so that traffic is loaded
evenly, improving utilization of network resources.
Isolates faults on the IP layer and transport layer to prevent a fault from triggering
repeated protection at the two layers. This ensures effective protection and improves
network reliability, laying a foundation for intelligent synergy between the IP layer and
transport layer of a backbone network.
2.6.2 SRLG
An SRLG is a group of links with the same reliability risks. For example, multiple links on a
router involve the same transport path. If the transport path fails, both the working and
protection links on the router will also fail. To prevent this problem, links in the same SRLG
are not assigned to a pair of working and protection paths during path computation. This
improves reliability on the IP layer because a link failure will not cause both the working and
protection paths to fail.
Static SRLG
Static SRLG requires the IP network administrators to manually configure SRLG information
on routers after confirming the information with the transport network administrators.
Static SRLG is easy to implement and does not require configuration of other parameters.
However, static SRLG has the following disadvantages:
The administrators of the IP network and transport network have to exchange and
configure a large amount of detailed information, which is labor-consuming and prone to
errors.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 34
When links on the transport layer are re-planned or adjusted, the transport network
administrators must notify the IP network administrators, and the IP network
administrators modify configurations on the IP layer.
If the GMPLS ASON technology is used at the transport layer, the transport paths may
change automatically. The IP network administrators cannot be notified of the changes in
real time.
Dynamic SRLG
Huawei presents the dynamic SRLG solution to overcome problems of static SRLG.
Transport devices transfer SRLG information to routers through extended GMPLS-UNIs
between them. Dynamic SRLG has the following advantages:
The SRLG information is transmitted from the transport layer to the IP layer
automatically and no manual operation is required, reducing workload in maintenance
and preventing configuration errors.
Transport devices update SRLG information when transport links are adjusted, saving
network administrators' workload in modifying configurations.
When the GMPLS ASON re-computes routes, transport devices notify routers of SRLG
information update.
Transport devices send SRLG information to routers, including information specific to each
layer such as OTN layer, optical layer, and fiber layer. Each router calculates and updates
links on the working and protection paths according to the SRLG information received from
the transport layer to ensure that the working and protection paths do not contain links in the
same SRLG. Figure 2-17 shows dynamic SRLG implementation.
Figure 2-17 Dynamic SRLG
2.6.3 Control Plane Intelligent Synergy
The control plane is not involved in static synergy, but it plays an important role in dynamic
synergy. The key technologies used on the control plane are GMPLS-UNI, and PCE.
IP/MPLS
WDM/lambda
Fiber
OTN/sub-
lambda
F-S1
F-S2
F-S3
F-S4
L-S1
L-S2 L-S3
L-S4
L-S5
O-S1
O-S2
O-S3O-S4
O-S5O-S6
O-S4
L-S4
F-S1 F-S3 F-S4
GMPLS-UNI extension
SRLG: O-S4, L-S4, F-S1, F-S3, F-S4
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 35
GMPLS-UNI
The GMPLS-UNI technology defined by the IETF is a key technology to enhance information
exchange between the IP layer and transport layer. Routers on the IP layer send messages to
request transport devices to set up or delete paths through GMPLS-UNIs.
After a router sets up a link, it sends GMPLS-UNI signaling messages to notify transport
devices of the source node, destination node, and attributes (such as bandwidth and protection
attributes) of the link. Transport devices then set up a transport path according to the link
information.
PCE
On a large network, constraint-based path computation is complex, and devices participating
in path computation must have high calculation capabilities. If distributed path computation is
performed on the network, each node must have high calculation capabilities, causing high
costs on network construction. If the network is divided into multiple domains, the topology
of each domain is hidden to other domains. Therefore, devices on the network must cooperate
to compute the optimal end-to-end path.
The PCE technology is used to solve the path computation problem. A PCE has high path
computation capabilities and is deployed on a network device or an external server. A PCE is
responsible for path computation in a domain. All path computation requests in a domain are
sent to the PCE in this domain. After completing path computation, the PCE sends the
computation result to the path computation clients (PCCs) that sent the path computation
requests. PCEs in multiple domains work together to compute the optimal path.
2.6.4 Layered Protection Synergy
The IP&OTN synergy solution provides layered protection for each layer by using the
protection mechanisms on both the IP layer and transport layer. This solution provides the
following protection modes:
TE FRR&ASON diamond 1+1 protection
TE FRR&ASON silver reroute protection
TE hot standby&optical line 1+1 protection
TE FRR&ASON Diamond 1+1 Protection
This protection mode is applicable to networks that have sufficient optical lines and IP links
and require high reliability.
TE FRR is used at the IP/MPLS layer to protect key paths, and ASON diamond 1+1
protection is used at the transport layer. TE FRR&ASON diamond 1+1 protection prevents
service interruption caused by link and node failures at the IP layer and transport layer. In
addition, this protection mode protects services against multiple fiber break events.
TE FRR&ASON Silver Reroute Protection
This protection mode is applicable to networks that have sufficient optical lines and require
high reliability.
TE FRR is used at the IP/MPLS layer to protect key paths, and ASON silver 1+1 protection is
used at the transport layer. When WDM fibers at the transport layer fail, TE FRR triggers
protection switching at the IP/MPLS layer to switch traffic to the bypass tunnel. After a new
path is selected at the transport layer using silver reroute, traffic is switched back to the
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 36
primary tunnel. During the switching process, routers use the make-before-break technique to
prevent packet loss.
TE Hot Standby and Optical Line 1+1 Protection
This protection mode is applicable to networks that require medium reliability and do not
have sufficient optical lines or IP links. It only protects services against fiber faults between
sites but cannot protect services against failure in the entire transport board or site. In addition,
this protection mode can withstand only one fiber break event.
TE hot standby is used at the IP/MPLS layer to protect end-to-end paths, and optical line 1+1
protection is used at the transport layer. When a WDM fiber fails, optical line 1+1 protection
is triggered to switch traffic to the backup fiber.
2.7 QoS Planning
2.7.1 Basic QoS Planning
To plan and design the QoS of the entire network, plan services, reserve resources, and
perform call admission control (CAC).
Service Planning
Determine the bandwidths required by a variety of services carried on WANs to obtain the
service traffic model and traffic bandwidth. Properly plan traffic and implement traffic
engineering to ensure that congestion will not occur on some links due to too much traffic and
to improve the utilization of the links on the entire network.
Data for bandwidths required by services is obtained from the live network evaluation and
service and traffic analysis.
Resource Reservation
Based on service planning and traffic model, reserve resources for services. For some WANs
with high QoS requirements, use real-time data collection and analysis devices such as
Huawei NetStream to adjust resource reservation in real time and optimize the network. There
are two methods for reserving resources: IP/MPLS DiffServ and MPLS TE.
IP/MPLS DiffServ
IP/MPLS DiffServ is popular and its application is mature. It is a QoS guarantee
mechanism based on the statistical model.
Before deployment of the IP/MPLS DiffServ scheme, an analysis on the network traffic
model must be conducted to analyze the traffic directions of different network services
and provide the basis for QoS deployment. Then, there must be the SLA measurement
mechanism. Huawei HWping solution can provide the measurement data of delay, jitter,
and packet loss rate based on services, providing technical support for QoS
redeployment.
MPLS TE
MPLS TE is a more advanced method, which needs the implementation of MPLS VPN
and MPLS TE in the entire network. Different services are encapsulated in different
VPNs and different VPNs are mapped into different MPLS TE tunnels, providing high
QoS similar to that of the private network.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 37
Because TE tunnels are end-to-end connection-oriented, there is a lot of work for
deployment and maintenance if MPLS TE tunnels are deployed in a large scale. It is
recommended to use the flexible mapping between VPNs and MPLS TE tunnels as well
as hierarchical TE to improve network flexibility and significantly reduce the workload
for implementation, configuration, and maintenance.
CAC
If a highly reliable IP WAN needs to carry real-time service, CAC must be configured. The
traditional IP network is a best-effort network, without limiting the number of services. As a
result, too many services are accessed and all service resources cannot be guaranteed.
An IP WAN inherits the thought of the traditional TDM telecom network. By refusing
excessive service call requests, the IP WAN can avoid overuse of resources and ensure the
resources and QoS for established service connections. Only a multi-service IP network with
the CAC mechanism can meet the requirements of a highly reliable WAN.
At present, the mainstream multi-service IP network achieves the CAC function through the
service system such as a softswitch. In the future, fixed mobile convergence (FMC) is an
inevitable trend and the IP multimedia subsystem (IMS) architecture is the network
development direction. In the IMS network age, the integrated CAC function will be achieved
by the control layer.
2.7.2 HQoS Planning
HQoS of Individual Services
You need to schedule different services (HSI, VoIP, VoD, and BTV) based on their priorities.
To schedule the triple-play service, you do not need to configure HQoS but only need to
configure Diff-Serv QoS on AGGs. You can implement HQoS based on the following items:
Based on user and service
The CIR or PIR can be configured based on different home users and services on the
same interface. Priority scheduling and bandwidth guarantee/control are performed
between services; QinQ needs to be configured, that is, the S-VLAN and C-VLAN tags
are used to identify services and users.
Based on service
The CIR or PIR is configured for different user services on the same interface and the
services are scheduled based on priorities. Only the S-VLAN tag needs to be identified.
HQoS of Enterprise Services
For enterprise VPN services, HQoS can be applied in the following modes:
User level
When CIRs/PIRs are configured for different enterprise users on the same port, user
service types are not distinguished. Users are distinguished in VLAN or QinQ mode.
− In VLAN mode, different sites of the same enterprise use different VLAN IDs and
the sites of different enterprises also use different VLAN IDs.
− In QinQ mode, the outer VLAN IDs of the same enterprise are the same and the inner
VLAN IDs identify the sites. The outer VLAN IDs of different enterprises must be
different and the VLAN ID identifying the site can be the same.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 38
User + service level
When CIRs or PIRs are configured for different enterprise users on the same port and
different services (they can be divided into eight levels) of a user, priority scheduling and
bandwidth assurance/control can be conducted among different services.
User group + user + service level
When CIRs or PIRs are configured for different enterprise users and different services of
a user, multiple enterprise users on the same port constitute a user group for bandwidth
assurance and control.
2.7.3 Huawei QoS Solution
Figure 2-18 shows Huawei MAN QoS solution.
Figure 2-18 Huawei MAN QoS solution
Huawei MAN QoS solution adopts the Diff-Serv model. In a network with limited resources,
Huawei MAN QoS solution can provide quality assurance through appropriate traffic
classification and priority processing.
The Diff-Serv model aims to improve QoS extensibility and simplify the implementation.
Therefore, the Diff-Serv model does not require the absolute quality assurance, but fully
considers the features of IP networks and adopts the convergence traffic processing mode
based on traffic classification.
The DiffServ model completes the following functions:
Packet classification
Packet marking (coloring)
Congestion management
RP
R/R
RP
P
10G
E R
PR
/RR
PP
IP/MPLS
Backbone
ISP/ICP
Diff-Serv QoS in ME Diff-Serv QoS & TE in Core
DSLAM
CPE
AG
DSLAM
CPE
AG
UPE
UPE
PE-AGG
PE-
AGG-a
MSCG
NPE-VPN
NPE-Tel
DHCP VoD SBC
Priority marking on
UPE or DSLAM
Limit #subs per ring:
10K subs per 10G
1K subs per 1G
Deploy VoD ES at PoP
Deploy CAC for VoD
PE-AGG-a polices traffic
of each service
Priority re-marking
on NPE (optional)
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 39
Congestion avoidance
Traffic adjustment, including traffic policing and traffic shaping
Mapping between CoS of Ethernet frames and EXP of MPLS packets
2.8 Security Planning
As the enterprise service transmission network, the WAN needs to carry the VPN service,
Internet access service, and other services. As a result, security risks are introduced inevitably.
Therefore, proper security measures must be taken to protect the security of various important
value-added services.
In terms of network security, the physical security of devices, as well as the configuration
security and anti-attack capability of devices, must be ensured. For a multi-service
transmission network, the most important issue is to isolate different services using VPNs.
2.8.1 Security Measures
The following measures can be used to effectively enhance the security of WANs:
Use the ACL to control the access of users and authority of network devices.
Restrict the SNMP and Telnet access to network devices.
Implement mutual authentication of interconnected devices.
Authenticate the routing information (such as IS-IS MD encryption authentication).
Use the Syslog to record all important events.
Use NTP or PTP to synchronize clocks of network devices in the entire network.
2.8.2 Network Security Architecture
For network security architecture, the transmission device needs to have the service
differentiation capability to divide different services into zones with different security levels,
such as untrusted zone, trusted zone, and semi-trusted zone. Different zones are isolated
through security gateway devices such as the FW and SBC, as shown in Figure 2-19 (asterisks
in this figure indicate the security level).
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 40
Figure 2-19 Security architecture model of IP WANs
STPAccouting Center NMS Center OAM Terminal
SG MG SoftSwitch NMS UC Agent Server
AG TMG MCU U- NICA MRU IADMS Parlay
Server
UC Portal
Server
Other App
ServerIDS
SBC MSCG Firewall
OpenEye IAD H. 323 Phone SIP Phone
Trusted zone
★★★★
Semi-trusted zone
★★
Untrusted zone★
Narrowband signaling network
★★★★★
Out-of-band management network
★★★
AG: Access Gateway IAD: Integrated Access Device
IADMS: IAD Management System IDS: Intrusion Detection System
MCU: Multipoint Control Unit MG: Media Gateway
MRU: Media Record Unit MSCG: Multi-Service Control Gateway
NMS: Network Management System SBC: Session Border Controller
SG: Signaling Gateway SIP: Session Initiation Protocol
STP: Signaling Transfer Point TMG: Trunk Media Gateway
U-NICA: Universal Network Intelligent Core
Architecture
UC: Unified Communication
2.9 Network Management Planning
On a legacy network, devices at the IP layer and transport layer are managed by different
NMSs and maintained by different departments, making quick service provisioning and fault
identification difficult. For example:
When the IP network requires one more wavelength, it may take one or two months to
provide a wavelength on the transport network. This greatly delays service provisioning
and launch.
Over 80% traffic from the IP network is carried over wavelengths. When services on a
router are interrupted, it is difficult to quickly identify whether the fault occurred on the
IP network or on a WDM device, let alone to isolate the fault.
When a fault occurs on a transport device, the transport network administrators do not
know whether this fault affects IP links and which IP links are affected.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 41
Device connections on the IP network are complex, making OAM on IP networks
difficult. Network administrators have to open many pages on the NMS to configure a
service.
The OAM synergy solution is introduced to reduce workload on network management and
make network OAM easy. It solves the preceding problems implementing unified
management on the IP network and OTN and visualized service maintenance.
2.9.1 Unified Network Management
The U2000 is a unified NMS that manages NEs on the IP network and transport network
uniformly and provides functions such as quick service provisioning, and quick fault
identification.
Unified NE Management
The U2000 manages transport devices, access devices, and IP devices uniformly. It manages
devices such as routers, switches, DSLAMs, and firewalls, and services such as MSTP, WDM,
OTN, microwave, PTN, MSAN, and FTTx.
Quick Service Provisioning
The U2000 implements quick end-to-end service provisioning by using the following
functions:
Service templates: The U2000 provides various service templates such as tunnel
templates, L2VPN/ L3VPN/VPLS/PWE3 service templates, and QoS policy templates.
These templates implement one-stop service parameter configuration, improving
configuration efficiency by 3 to 6 times.
Batch service delivery: improves configuration efficiency by 2 to 3 times.
Automatic calculation of static routes: The U2000 calculates static routes and allocates
MPLS labels, and no manual operation is required.
Inter-domain end-to-end service maintenance: helps to identify and locate faults
accurately.
One-key layer switching and layered service presentation: Administrators can switch
between the IP layer and optical layer easily to configure services. The relationship
between IP and WDM services is displayed clearly on the GUI.
Quick Fault Identification
The U2000 helps to analyze root causes of alarms on the IP network and clears 85% of
ineffective alarms to improve availability of alarms on the IP network. The U2000 also
provides IP and OTN alarm correlation analysis and displays IP links affected by OTN alarms.
Figure 2-20 shows alarm correlation and root analysis.
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 42
Figure 2-20 IP&OTN alarm correlation and root cause analysis
2.9.2 Visualized OAM
The legacy IP network is more difficult to manage and maintain than other types of networks
due to technical limitations:
Service routes on the IP network are invisible to administrators.
Fault identification on the IP network is difficult and time-consuming. Some transient
faults cannot be eliminated permanently.
End users are unaware of services transmitted over the IP network, so QoS is difficult to
manage on the IP network.
Huawei provides a visualized service quality management (SQM) solution to improve
maintainability of IP networks. This solution is implemented by the U2520 (an IP SQM
system) and the U2000.
The SQM solution provides the following functions:
KPI monitoring
The SQM system effectively monitors key performance indicators (KPIs) on the IP
network, such as latency, jitter, and packet loss ratio. The user experience can be
measured and evaluated in various usage scenarios, and pre-warnings can be generated
for factors that degrade user experience.
End-to-end IP service management
The SQM system implements end-to-end monitoring and presentation of IP services such
as video, voice, and file transfer. It monitors service performance and detects faults in
real time, helping to locate faults quickly.
Real-time IP route display
The SQM system collects and displays IGP routes and LSPs on the entire network in real
time. Historical transient faults can be traced and eliminated.
P
E
PP
EP
Where is the fault?
23,000 Alarms/Day, KPN IP Backbone
6,000 alarms per day on KPN WDM Backbone
• Abundant alarms database in both layers
• Customized alarm correlation analysis rules
U2000 NMS &
Alarm Center
Only need to maintain a unified alarm report
after Correlation Analysis and Suppression
Help to fast trouble shooting
Alarms caused by the root
alarms are shielded
WAN Interconnection Solution
Technical Proposal 2 Recommendations on Planning for WAN Interconnection
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 43
IP fault location
The SQM system uses Huawei's IP fault locating techniques to locate faults on the IP
network. After the source IP address/port and destination IP address/port are entered, the
SQM system can locate the fault within 5 minutes.
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 45
3 Product Introduction
The following products are used in the WAN interconnection solution:
Core router: NetEngine40E core router
Backbone router: NetEngine80/40 universal switching router
Access router: NetEngine20E/20 multi-service router
3.1 NetEngine40E Core Router
3.1.1 Overview
NetEngine40E core routers (the NE40E for short) are high-end network products provided by
Huawei. The NE40E is widely used at the aggregation layer or core layer of the IP national
backbone network, IP provincial backbone network, and other large-scale IP networks.
Based on distributed hardware forwarding and non-blocking switching technologies, the
NE40E uses the Huawei patented Solar chips and features the line-speed forwarding
capability, good scalability, well-designed QoS mechanism, and powerful service processing
capabilities. Based on the expandable 400G platform, the NE40E supports the smooth
expansion from 40 Gbit/s per slot to 400 Gbit/s per slot and is compatible with all line cards
that are currently in use, helping maximize return on investment (ROI).
The NE40E is powerful in service access and aggregation and can be flexibly configured with
various features such as L2VPN, L3VPN, multicast, multicast VPN, MPLS TE, and QoS to
guarantee the reliability of carrier-class service transmission. In addition, the NE40E supports
IPv6 as well as the smooth transition from IPv4 to IPv6.
The NE40E can be flexibly deployed at the aggregation layer or core layer of IP or MPLS
networks, which simplifies the network structure. With the provision of various types of
services and reliable service quality, the NE40E functions as an important driving force for
the IP or MPLS networks to become more broadband, secure, intelligent, and
service-oriented.
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 46
3.1.2 Product Models
The following table lists product models of the NetEngine40E core routers.
Table 3-1 Product models of NetEngine40E core router series
Product Model Description
NE40E-X16 Supports 16 LPUs.
Switching capacity: 12.58 Tbit/s (bidirectional)
Backplane capacity: 30 Tbit/s
Forwarding performance: 3200 Mpps.
NE40E-X8 Supports eight LPUs.
Switching capacity: 7.08 Tbit/s (bidirectional)
Backplane capacity: 15 Tbit/s
Forwarding performance: 1600 Mpps
NE40E-X3 Supports three LPUs.
Switching capacity: 1.08 Tbit/s (bidirectional)
Backplane capacity: 1.35 Tbit/s
Forwarding performance: 300 Mpps
NE40E-8 Supports eight LPUs.
Switching capacity: 640 Tbit/s (bidirectional)
Backplane capacity: 2 Tbit/s
Forwarding performance: 400 Mpps
Figure 3-1 Appearance of the NE40E-X16
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 47
Figure 3-2 Appearance of the NE40E-X8
Figure 3-3 Appearance of the NE40E-X3 (DC)
Figure 3-4 Appearance of the NE40E-X3 (AC)
Figure 3-5 Appearance of the NE40E-8
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 48
3.1.3 Product Features
400G Routing Platform
At present, the NE40E is the industry's most powerful router based on a 400G platform,
which can meet future development needs for at least a decade.
Being properly designed, the NE40E provides high-density ports. Each chassis supports
a maximum of 1320 GE ports, which is twice that of the industry average.
Based on an energy-saving 400G platform, each GE port consumes less than 9 W power,
which is 10% lower than the industry average.
All boards and software based on a new 400G platform are compatible with those based
on a 40G platform.
All-Service Bearing
The NE40E has the leading all-service bearing capability in the industry to ensure the
operation of carrier-class services.
The NE40E supports BRAS, DPI, and other functional modules, to ensure the
multi-service access capability.
As the most complete HQoS solution in the industry, the NE40E supports HQoS, DS-TE,
and MPLS HQoS to guarantee the QoS deployment in multiple scenarios.
High Reliability
The NE40E provides the well-designed end-to-end reliability solution to ensure uninterrupted
services.
Device-level reliability: With the backup of key parts and ISSU/NSR/GR, service
interruption is minimized.
Network-level reliability. The Huawei proprietary BFD for Anything and enhanced
protection techniques such as E-APS, E-Trunk, and E-STP allow the protection
switchover of end-to-end services to be performed within 200 ms.
3.1.4 Product Specifications
The following table lists the specifications of the NE40E series products.
Table 3-2 Specifications of the NE40E series products
Specifications NE40E-X16 NE40E-X8 NE40E-X3 NE40E-8
Switching capacity 12.58 Tbit/s
(bidirectional)
7.08 Tbit/s
(bidirectional)
1.08 Tbit/s
(bidirectional)
640 Gbit/s
(bidirectional)
Forwarding
performance
3200 Mpps 1600 Mpps 300 Mpps 400 Mpps
Backplane bandwidth 30 Tbit/s 15 Tbit/s 1.35 Tbit/s 2 Tbit/s
Port capacity
(bidirectional)
3.2
Tbit/s(bidirecti
onal)
1.6 Tbit/s
(bidirectional)
240 Gbit/s
(bidirectional)
320 Gbit/s
(bidirectional)
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 49
Specifications NE40E-X16 NE40E-X8 NE40E-X3 NE40E-8
Number of service slots 16 8 3 8
Width (mm) 442 442 442 442
Depth (mm) 770 770 750 669
Height (mm) 1420 620 DC chassis: 175
AC chassis: 220
886
Height (U) 32 U 14 U 4 U 20 U
Weight (fully
configured)
267 kg 130 kg DC chassis: 41 kg
AC chassis: 51 kg
147 kg
Maximum power 6500 W 3300 W 1100 W 2200 W
3.2 NetEngine80/40 Series Universal Switching Router
3.2.1 Overview
The NetEngine80/40 series universal switching router (the NE80/NE40 for short) uses the
distributed network processor technology and non-blocking switching technology and has the
superb scalability. The NE80/NE40 supports IPv6 and has the line-speed forwarding
capability for high-speed interfaces, well-designed QoS mechanism, and carrier-class
reliability.
The NE80/NE40 integrates the powerful IP service processing capability and Layer 2 Ethernet
switching capability of the core router and can provide richer services, more flexible
networking, and better cost-effectiveness. The NE80/NE40 is often used as the core router in
IP backbone networks, IP MANs, and other large-scale IP networks. The NE80/NE40 is a
high-end network product that is launched by Huawei for large-scale enterprise networks and
industry networks.
3.2.2 Product Models
The following table lists product models of the NE80/40 series routers.
Table 3-3 Product Models of the NE80 series routers
Product Model Description
NE80 Supports 16 LPUs.
Switching capacity: 128 Gbit/s (bidirectional)
Forwarding performance: 96 Mpps
NE40-8 Supports eight LPUs.
Switching capacity: 128 Gbit/s (bidirectional)
Forwarding performance: 48 Mpps
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 50
Product Model Description
NE40-4 Supports four LPUs.
Switching capacity: 128 Gbit/s (bidirectional)
Forwarding performance: 24 Mpps
NE40-2 Supports two LPUs.
Switching capacity: 16 Gbit/s (bidirectional)
Forwarding performance: 12 Mpps
Figure 3-6 Appearance of the NE80
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 51
Figure 3-7 Appearance of the NE40-8
Figure 3-8 Appearance of the NE40-4
Figure 3-9 Appearance of the NE40-2
3.2.3 Product Features
Wide Deployment and Stable Application
The NE80/40 can be widely deployed and stably applied.
The NE80/40 has been maturely used for commercial purpose for nine years. More than
15000 NE80/40s have been sold globally.
There have been no quality accidents for many years.
All-Service Transmission
The NE80/40 is a complete series of multi-service products and can flexibly meet the needs of
enterprise users.
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 52
A complete series of products include products with two, four, eight, and 16 slots
respectively, which can flexibly meet the requirements of users in different scenarios.
With comprehensive multi-service capabilities such as tunnel, VPN, and NAT, the
NE80/40 can process services competently.
The NE80/40 integrates routing and switching, providing a cost-effectiveness solution.
High Reliability
The NE80/40 provides the complete end-to-end reliability solution to ensure uninterrupted
services.
Uses various device-level, network-level, and service-level reliability technologies.
Supports redundant backup of key components and supports hot patches.
Provides hierarchical HQoS to ensure QoS flexibly.
3.2.4 Product Specifications
The following table lists the specifications of the NE80/40 series products.
Table 3-4 Specifications of the NE80/40 series products
Specifications NE80 NE40-8 NE40-4 NE40-2
Switching
capacity
128 Gbit/s 128 Gbit/s 128 Gbit/s 16 Gbit/s
Forwarding
performance
96 Mpps 48 Mpps 24 Mpps 12 Mpps
Number of
service slots
16 8 4 2
Width (mm) 600 482.6 482.6 482.6
Depth (mm) 800 420 420 420
Height (mm) 2200 797.3 352.8 219.5
Height (U) 46 U 18 U 8 U 5 U
Weight (fully
configured)
Less than 400 kg Less than 85 kg Less than 50 kg Less than 35 kg
Maximum
power
Less than 1800 W Less than 1000 W Less than 600 W Less than 300
W
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 53
3.3 NetEngine20E/20 Series Multi-Service Router
3.3.1 Overview
Independently developed by Huawei, the NetEngine20E/20 series router (the NE20E/20 for
short) is the fifth-generation general multi-service router with high performance. The
NE20E/20 adopts the NP hardware technology and has excellent forwarding performance.
The NE20E/20 series router is designed to meet the requirements for high carrier-class
availability of convergence layers of enterprise networks and edge networks of operators.
With the advantages of high performance, multiple services, dual main control boards, and hot
backup, the NE20E/20 supports service deployment and network construction. With strong
extensibility and configurability, the NE20E/20 supports multiple interfaces and service
features to integrate MPLS, VPN, QoS, traffic engineering, multicast, and other technologies.
In terms of networking application, as the high-performance aggregation device, the
NE20E/20 series router provides the comprehensive service processing capability as well as
the comprehensive and flexible network solution, to effectively improve the network value
and reduce the network construction cost.
3.3.2 Product Models
According to the number of provided service slots, the NE20E/20 series router can be
classified into four types: NE20E-8, NE20-8, NE20-4, and NE20-2. The NE20E is an
enhanced product of the NE20.
The following table lists product models of the NE20E/20 series routers.
Table 3-5 Product models of the NE20E/20 core router series routers
Product Model Description
NE20E-8 Supports eight LPUs.
Switching capacity: 16 Gbit/s (bidirectional)
Forwarding performance: 6 Mpps
NE20-8 Supports eight LPUs.
Switching capacity: 8 Gbit/s (bidirectional)
Forwarding performance: 4.5 Mpps
NE20-4 Supports four LPUs.
Switching capacity: 8 Gbit/s (bidirectional)
Forwarding performance: 4.5 Mpps
NE40-2 Supports two LPUs.
Switching capacity: 8 Gbit/s (bidirectional)
Forwarding performance: 3 Mpps
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 54
Figure 3-10 Appearance of the NE20E-8
Figure 3-11 Appearance of the NE20-8
Figure 3-12 Appearance of the NE20-4
Figure 3-13 Appearance of the NE20-2
3.3.3 Product Features
Stable and Mature Application
The NE20E/20 has been maturely and stably applied for many years.
The NE20E/20 has been widely used for commercial purpose for eight years. About
10000 NE20E/20s have been sold globally.
There have been no quality accidents for many years. The performance is outstanding.
WAN Interconnection Solution
Technical Proposal 3 Product Introduction
Issue 01 (2011-09-08) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd 55
Multi-Service Access and Convergence Capability
The NE20E/20 is a complete series of multi-service products and can flexibly meet the needs
of enterprise users.
The NE20E/20 provides superb aggregation capability, providing line-rate aggregation
on ATM, CPOS, and CE1 interfaces, which can converge 96 line-rate E1/T1 channels
The NE20E/20 provides powerful security tunnels and supports hardware IPSec
encryption, GRE, L2TP, and NAT.
The NE20E/20 provides comprehensive route processing and supports various multicast
and multicast routing protocols.
High Reliability
The NE20E/20 provides the complete end-to-end reliability solution to ensure uninterrupted
services.
The NE20E/20 uses double control engines and double forwarding engines for backup,
which pioneers the industry and provides high-quality service.
The NE20E/20 uses the device-level, network-level, and service-level reliability
techniques, ensuring high-speed, reliable network operation.
The NE20E/20 supports HQoS, ensuring service quality.
3.3.4 Product Specifications
The following table lists the specifications of the NE20E/20 series products.
Table 3-6 Specifications of the NE20E/20 series products
Specifications NE20E NE20-8 NE20-4 NE20-2
Switching capacity 16 Gbit/s 128 Gbit/s 128 Gbit/s 16 Gbit/s
Forwarding performance 6 Mpps 48 Mpps 24 Mpps 12 Mpps
Number of service slots 8 8 4 2
Width (mm) 436.2 436.2 436.2 436.2
Depth (mm) 480 420 420 420
Height (mm) 261 219.5 130.5 130.5
Height (U) 6 U 5 U 5 U 3 U
Weight (fully configured) 32.5 kg 27.5 kg 17.5 kg 15 kg
Maximum power 350 W 320 W 240 W 240 W