CSCI-370 C omputer Networks: Shrinking the globe one click at a time Lecture 8

New York Institute of Technology

Engineering and Computer Sciences

Fall 2008 CSCI 370

CSCI-370Computer Networks:

Shrinking the globe one click at a time

Lecture 8

Khurram Kazi



Fall 2008 CSCI 370

Ethernet Services Over Metro and Wide Area Networks: Standards Activities

Special Topics and Recent Trends in Networking



Fall 2008 CSCI 370 3

What is so special about Ethernet

Why Ethernet, what not anything else! Major driving factor is human mentality Familiarity breeds desire to keep using it until there is no

other choice Build on the existing know how and extend its capabilities

to meet future needs Reduced capital expenditure (economies of scale) and

operational costs: Is it reality or perception

Will have more feedback in near future as carriers have started to deploy these services

Connect multiple enterprise campuses via Ethernet Services using the Public WAN Infra-structure, may they be across the street in the same metro area or across the globe




Who is defining Ethernet standards

IEEE has been the pioneering standards body in defining (wired and wireless) Ethernet standards, primarily for Enterprise applications. They are working on defining Metro Wireless standards along with last mile Ethernet Solutions

Metro Ethernet Forum (MEF) took the initiative to bring Carrier Class Ethernet Services across the Metro networks building on IEEE work MEF defined the Ethernet services in such a way that they are

transport technology agnostic Internet Engineering Task Force (IETF)

MPLS as the foundation of defining such services International Telecommunication Union (ITU)

Defining Ethernet Services over SONET/G.709 (OTH): Virtual Concatenation, Link Capacity Adjustment Scheme (LCAS), Generic Framing Procedure (GFP)




Are SONET and SDH that different?

For all practical purposes at a high level of abstraction there is hardly any difference between SONET and SDH

Both support similar data ratesSTS-1 => STM-0STS-3 => STM-1 etc

So the SONET/SDH term will be used interchangeably in this presentation




Fundamentals of Services definition Services are defined in observable

terms with clear demarcation points between the subscriber and the Service Provider’s equipment

Subscriber equipment is called the Customer Edge (CE) At the CE, the observable

parameters are defined which become the basis for Service Level Agreements (SLAs)

Physical demarcation point between the subscriber and the Service Provider is termed as User-to-Network Interface (UNI)

Hence all the services are defined between the two or more UNIs Underlying Networking technology

is invisible to the subscriber These simple yet power definitions

have allowed almost 100 million Ethernet compliant devices to take advantage of these services

Metro Network Cloud

Service Attributes

Customer Edge (e.g router or Multi-Service Provisioning Platform,

MSPP)

UNI (User-to-Network Interface)

UNI (User-to-Network Interface)

Customer Edge (e.g router or Multi-Service Provisioning Platform,

MSPP)




Non abstract meaning of UNI (User to Network Interface)

UNI can be envisioned as a physical RJ-45 socket which can reside on an Ethernet Switch or a patch panel provided by the Service Provider

The physical aspect of turning on an Ethernet Service can be simply plugging in the right equipment at this Ethernet jack

The connection can be at 10 Mb/s, 100 Mb/s, 1 Gb/s or 10 Gb/s if Ethernet is used as the physical layer between the subscriber or the Service Provider If the subscriber initially wants 10 Mb/s and later requires 100

Mb/s, only the provisioning of the service is changed and not the physical link: making it future growth friendly

If SONET is used, the physical link rates can be multiples of STS-1s or at lower sub-rates of STS-1 (based on VT structure)




Service Frames and Frame Delivery

Service frames are similar to the Ethernet frames without the preamble and the Start of Frame Delimiter

It starts with the Destination address and ends with the Frame Check Sequence

Frame is considered ingress frame when it enters the Metro Ethernet Network and egress frame when it exits the network

Service frame transparency is maintained between the two UNIs, as it traverses the Metro Network with some exceptions Egress service frame may have a 802.1Q tag when the

corresponding ingress frame did not have it Likewise the egress frame may not have the tag, while the

ingress had it The tag values between the ingress frame and the egress

frame are different




Fundamentals of Services definition:Ethernet Virtual Connection (EVC )

EVC is defined as “an instance of an association of two or more UNIs

Why EVC needed to be defined? Metro Ethernet Network (MEN) can be visualized as a

shared medium where ingress frame is replicated and delivered to all the UNIs

Concept works OK within the LAN as it belongs to the same organization or entity

Not a good idea when the data traverses the public network Traffic Isolation

Methodology need to be devised so that subscriber data is only transport and/or replicated to authorized UNIs and not to any other UNIs sharing the same MEN

Hence the concept of “VIRTUALIZATION of the Connection” to provide traffic isolation



Fall 2008 CSCI 370 10

Example illustrating EVC Concepts: Two Services instantiations

EVC1 => defined between 2 UNIs, HQ and the backup center Point to Point service All the ingress frames will be

exchanged between the 2 UNIs with the exception of control messages (terminated by the MEN)

EVC2 => defined between the HQ, Engineering facility and the 2 sales regions Multipoint to multipoint service Supports unicast and multicast

traffic between the UNIs defined in the EVC group

Generally speaking there can be more than one service instance More than one EVC defined for a

virtual network

Metro Network Cloud

HQ

Engineering Facilty

Sales Support Region 1

Sales Support Region 2

Backup/Disaster Recovery Center

Multipoint to Multipoint EVC

Point to Point EVC

EVC1

EVC2



Fall 2008 CSCI 370 11

CE (Customer Edge) -VLAN ID There are 4095 CE-VLAN (Virtual Local Area Network)

IDs and the ID numbers vary from 1,2 …4095 The VLAN ID is extracted from the content of the

Service Frame in the following manner For a Service Frame that has an IEEE 802.1Q Tag and the

12 bit VLAN ID in the Tag is not zero, the CE-VLAN ID is equal to the VLAN ID in the Tag.

Untagged and priority tagged Service Frames have the same CE-VLAN ID and the CE-VLAN ID value is configurable to any value in the range 1, …, 4094 at each UNI.

An Ethernet frame with an IEEE 802.1Q Tag that has zero as the VLAN ID is called priority tagged.

Untagged priority frames are handled as if they belong to a default VLAN and the default VLAN is configured appropriately on each port of the Network Element, which can be an Ethernet Switch



Fall 2008 CSCI 370 12

CE-VLAN ID/EVC Mapping

At each UNI, the CE-VLAN ID has to be associated with an EVC ID EVC ID is an arbitrary string

administered by the Service Provider

VLAN ID of 2 is delivered through the MEN according the properties of the Red EVC

VLAN ID of 1 is delivered through the MEN according to the properties of Blue EVC

Any Service Frame with Tag ID other than 1, 2 or 4094 will dropped by the MEN as there is not EVC associated with them

Service Frame Format

UntaggedTagged VID = 1Tagged VID = 2Tagged VID = 3

.

.

Tagged VID = 4094Tagged VID = 4095

CE -VLAN ID

123

.

.

40944095

EVC

Red

Green

Blue



Fall 2008 CSCI 370 13

CE-VLAN ID Significance

CE-VLAN ID MAY only have relevance at a given UNI 47 (@UNI A) => EVC1 < = 47 (@ UNI B) 1343(@ UNI A) => EVC 2 <= but untagged (@ UNI B) 187 (@ UNI A)=> EVC3 <= 1343 (@ UNI B)



Fall 2008 CSCI 370 14

Traffic Engineering: Bandwidth profile attributes Different subscribers will have different bandwidth needs.

Some might require 100 Mb/s, others less than 20 Mb/s while some might require 1 Gb/s

Some may prefer pay as they use for the bandwidth needs; they may start with 20 Mb/s to begin with and at a future date increase their requirements to 100 Mb/s

To accommodate such requirements, there are bandwidth profile parameters that MEF defined Committed Information Rate (CIR) expressed as bits per second Committed Burst Size (CBS) expressed as bytes Excess Information Rate (EIR) expressed as bits per second Excess Burst Size (EBS) expressed as bytes Coupling flag (CF) must have either value of 1 or a 0 Code Mode (CM) must have only one of the two possible values

Color Blind Color Aware

These profile attributes form the basis of the Service Level Agreements



Fall 2008 CSCI 370 15

Bandwidth Profiles defined in three ways

UNIUNI

EVCEVC11

EVCEVC22

CECE--VLAN CoS 0,1,2,3VLAN CoS 0,1,2,3

CECE--VLAN CoS 4,5VLAN CoS 4,5


BandwidthBandwidthProfileProfile

Bandwidth Profile defined on per Ingress UNI



Fall 2008 CSCI 370 16


Bandwidth Profile defined on per EVC basis

UNIUNI

EVCEVC11

EVCEVC22




BandwidthBandwidthProfile 1Profile 1

BandwidthBandwidthProfile Profile 22



Fall 2008 CSCI 370 17


Bandwidth Profile defined on per EVC and CE-VLAN CoS:

The most granular defined attributes allowed

UNIUNI

EVCEVC11

EVCEVC22




Bandwidth Profile 1Bandwidth Profile 1






Fall 2008 CSCI 370 18

Ethernet Services over public WAN:Work being done at ITU-T

SONET/SDH/PDH/OTN

Carrier Network

Customer AEquipment

EthernetPHY

CarrierEquipment

CarrierEquipment

Customer AEquipment

EthernetPHY

Customer BEquipment

Customer BEquipment

SONET/SDH/PDH/OTH

Carrier Network

Customer AEquipment

EthernetPHY

CarrierEquipment

CarrierEquipment

Customer AEquipment

EthernetPHY

Customer BEquipment

Customer BEquipment

a) EPL for two customers, each with their own TDM channel

b) EVPL for two customers where they share a TDM channel for increasedefficiency



Fall 2008 CSCI 370 19

Summary of Ethernet types of Services

Connectivity

Resource sharing

Service type

Point-to-point Dedicated EPL (Ethernet Private Line)

Shared EVPL (Ethernet Virtual Private Line)

Multipoint Dedicated EPLAN (Ethernet Private LAN)

Shared EVPLAN (Ethernet Virtual Private LAN)



Fall 2008 CSCI 370 20

Ethernet Private Line (EPL) Service

EPL is the simplest service that existing SONET/SDH transport network can support

Desired dedicated bandwidth is allocated enabled by VCAT, LCAS and GFP

Mimics a virtual wire connectivity between two CEs

SONET/SDH/PDH/OTH

(or ATM/MPLS CIR)

Carrier NetworkCustomerEquipment

EthernetPHY

CarrierEquipment

CarrierEquipment

CustomerEquipment

EthernetPHY



Fall 2008 CSCI 370 21

Ethernet Private LAN (EPLAN) Service

Multiple sites either across the street or across the globe connected virtually

Mesh connectivity using Multi-service Provisioning Platform type Network Elements

Carrier Network

CustomerEquipment

CustomerEquipment

CustomerEquipment

EthernetPHY

EthernetPHY

EthernetPHY



Fall 2008 CSCI 370 22


LAN connectivity made by using centralized switch, i.e. the traffic is hauled to a centralized switch and then forwarded to the respective UNI

CarrierNetwork

CustomerEquipment

CustomerEquipment

CustomerEquipment

EthernetPHY

EthernetPHY



Fall 2008 CSCI 370 23


Edge node serves as a bridge or a switch to provide connectivity between the respective UNIs

Carrier Network

CustomerEquipment

CustomerEquipment

CustomerEquipment

EthernetPHY

EthernetPHY



Fall 2008 CSCI 370 24

How is Ethernet affecting our lives in some other ways!

Examples of using Ethernet for “Virtual doctor’s” office servicePatients in a village from their homes can

have a video conference with their doctor (residing somewhere else) [example cited from Telenor, Norway’s Service Provider]

Doctors can monitor/see intricate operations being performed at a hospital across the globe

Distance Learning



Fall 2008 CSCI 370

Architectural Design of Networking Standards based Multi-Gigabit Network Elements

Special Topics and Recent Trends in Networking



Fall 2008 CSCI 370 26

Technology/Market Trends Over the past few years the focus of the

networking industry has shifted towards providing various services that seamlessly connect diverse networks over different geographical locations across the globe.

Service go beyond capabilities that of the traditional TDM or packet based technologies

Most leading service provides have transitioned to providing integrated services platforms

These platforms allow the service provides to offer bundled services to their customers that can be provisioned almost instantly.



Fall 2008 CSCI 370 27

Technology/Market TrendsServices could be

Provide Ethernet connectivity over metro or wide area public networksVirtual point to point Virtual point to multipoint Virtual multipoint to multipoint

Offer Connectivity of Storage Area Networks using

Backhauling of cellular traffic using optical networks



Fall 2008 CSCI 370 28

Requirements Placed on the Network Elements by the Network

Physical Layer

MAC/WAN Framer (e.g. Ethernet or SONET/SDH frame processing)

Data Header Parsing (e.g. for address/protocol information)

Classification (filtering, forwarding, lookup etc)

Protocol Translations

Traffic Management (segmentation reassembly, queuing, policing etc.)

Data encryption/decryption

Topology management

Configuration/statistics gathering

Signalling/provisioning

Network management

Policy administration/applications

Data plane processing;(Time sensitive data: to be processed at line rate)

Operation, Administration, Management and Provisioning (OAM&P);(Less time critical applications to be performed at much slower rates than the line rate)



Fall 2008 CSCI 370 29

Packet Based Network Element

FEC(Optional)

Transponder/(Optics +SERDES)

NetworkProcessor

Host Processor

Multi-ServiceFramer/Mapper

TrafficManager

SwitchFabric

InterfaceDevice

CrossBar/SwitchMatrix

TrafficManager

(Optional)

NetworkProcessor(Optional)

Switch FabricChipset

SFI/SXI

SFI/SXI

SPI

SPI

SPI

SPI

SPI

SPI

Proprietary or S

tandardizedB

ackplane Interface

Line Card Switch Fabric Card

Host Processor Interface, (e.gPCI 2.2 compliant 66 MHz, 64 bit host interface)



Fall 2008 CSCI 370 30

Line Card using TDM Switch Fabric

FEC(Optional)

Transponder/(Optics +SERDES)

Host Processor


TDMSwitchFabric

SFI/SXI

SFI/SXI

TF

I (TD

M F

ramer S

witch F

abric Interface)

Line Card Switch Fabric Card

Host Processor Interface (e.gPCI 2.2 compliant 66 MHz, 64 bit host interface)



Fall 2008 CSCI 370 31

Integrated TDM/Packet based Line card with Different Switch Fabrics

FEC(Optional)

Transponder/(Optics +SERDES) Network

Processor

Host Processor


TrafficManager

SwitchFabric

InterfaceDevice

Packet/cellbased

CrossBar/SwitchMatrix

TrafficManager

(Optional)

NetworkProcessor(Optional)

Switch FabricChipset

SFI/SXI

SFI/SXISPI

SPI

SPI

SPI

SPI

SPI

Proprietary or S

tandardizedB

ackplane Interface

Line Card Switch Fabric Card(s)

Host Processor Interface (e.gPCI 2.2 compliant 66 MHz, 64 bit host interface)

TDMSwitchFabric

TFI



Fall 2008 CSCI 370 32

Inter-chip communication recommendations

OIF (Optical Internetworking Forum) recommendations Variants of SERDES Framer Interface Level 4 for 10

and 40 Gb/s Variants of System Packet Interface operating at 2.5,

10 and 40 Gb/s Variants of System Framer Interface operating at 10

and 40 Gb/s SxI-5: Electrical Characteristics for 2.488 – 3.125 Gbps

parallel interfaces. TFI-5: TDM Fabric to Framer Interface Implementation

Agreement



Fall 2008 CSCI 370

Network Security Architecture

Customer’s responsibility or Service Provider’s



Fall 2008 CSCI 370 34

Security Issues Throughout History

Breaches in information security have translated into catastrophic losses and at times brought organizations or nations to their knees

As time progressed the techniques to transport sensitive information changed, however, the objectives of the sender and interested interceptor still remained the same

The sender always tries to ensure the message assurance

The interceptor on the other hand has been trying to find innovative ways to decipher the intercepted messages



Fall 2008 CSCI 370 35

Are Metro and Wide Area Networks Safe: A Myth or Reality

MS

PP

Office Building

Wiring Closet

Local Central Office

Network Cloud

Possible Vulnerable Spots

Physical Isolation Does not guarantee data security



Fall 2008 CSCI 370 36

Are Metro and Wide Area Networks Safe: A Myth or Reality

Virtual Isolation Data can be easily snooped at by unauthorized

entities

Customer A’s Traffic

Customer B’s Traffic

Customer C’s Traffic

Customer N’s Traffic

Customer A’s Traffic

Customer B’s Traffic

Customer C’s Traffic

Customer N’s Traffic

Multiplexed Traffic



Fall 2008 CSCI 370 37

Are Metro and Wide Area Networks Safe: A Myth or Reality?

Tandem Connection Subscriber does not have any idea who all might be

carrying its data

User User

Operator A Operator BOperator N

Working

End-to-End Path

Data Traversing Multiple Domains



Fall 2008 CSCI 370 38

Are Metro and Wide Area Networks Safe: A Myth or Reality?

Snooping Subscriber’s Data by the CarriersCases have been reported where the Voice

over IP service provider’s data is being blocked by the carriers it uses.

There are tools available that make data snooping, filtering and recording possible



Fall 2008 CSCI 370 39

Overview of Access Transport Technologies SONET/SDH

Widely deployed and is being used for Ethernet services

1/10 Gigabit Ethernet Used in green field applications

Fibre Channel Restricted to Storage Area Networks

Native traffic over dark fiber Typically used by large organizations for whom it is

cheaper to manage their own networks



Fall 2008 CSCI 370 40

Encryption at Different OSI Layers

Three main high speed access protocols SONET/SDH, 1/10 Gigabit Ethernet and Fibre Channel

Client Mapping of signals over transport protocols

SONET/SDHSONET/SDH

ATMATM

PDH

SONET/SDHSONET/SDH

ATMATM

CBR IP

10 GbE GFPGFPGFPGFP

GFPGFPGFPFibre ChannelPDHPDHPDHDVBMPLS 1 GbE

SONET/SDHSONET/SDH

PDH

SONET/SDH1/10 Gigabit Ethernet

CBR IPMPLS

SONET/SDHSONET/SDHSONET/SDHFibre Channel

A B

C



Fall 2008 CSCI 370 41

Encryption at SONET/SDH Layer

Diverse Traffic Aggregation over SONET/SDH

Laptop

Server

Exchange Servers

Laptop

Server

Exchange Servers

LAN Switch (10/100 Mb/s

Ethernet)

LAN Switch (10/100 Mb/s

Ethernet)

LAN Switch (1 and/or 10 Gb/s

Ethernet)

WAN Connectivity (SONET/SDH)

MSPP

Storage/Fibre Channel Element

Traditional TDM traffic source (T1/T3 etc)

Encryption at SONET/SDH layer Bulk encryption of data of varied

traffic type Less number of Security

Associations (SAs) in SONET/SDH Generation of encryption keys and

their management easier (due to less SAs)

For STS-768 (40 Gb/s) using STS-1 granularities, maximum number of SAs will be 768; for STS-192, there will be 192 SAs.

Due to the lower number of end nodes, the authentication of the networks elements or nodes is significantly lowered.

Ease of management of security infrastructure due to low number of SAs.



Fall 2008 CSCI 370 42

Encryption of SAN Traffic Over SONET/SDH

Latency Sensitive traffic: Secure SAN extension example Guaranteed delivery: Fibre

Channel (FC) based SANs do not tolerate frame loss in the network beyond what might be expected from BER and availability

High Throughput: Storage applications are the largest drivers of traffic across a network.

Low Latency: Storage applications require quick response times or performance can suffer.

Zero Loss: Loss is unacceptable in a storage environment. Retransmissions significantly affect application performance

Fibre Channel

Fibre Channel

FCIP

TCP

IP

IPSEC

GFP

SONET/SDH

GFP

SONET/SDH

Storage Over IPStorage Over SONET/SDH

Documents

CSCI-370 C omputer Networks: Shrinking the globe one click at a time Lecture 8