Вы находитесь на странице: 1из 59

WAN Interconnection Solution

Technical Proposal

Issue Date

01 2011-09-08

HUAWEI TECHNOLOGIES CO., LTD.

Copyright Huawei Technologies Co., Ltd. 2011. All rights reserved.


No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions


and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.


Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: Email: http://www.huawei.com support@huawei.com

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

WAN Interconnection Solution Technical Proposal

Contents

Contents
1 Overview of WAN Interconnection........................................................................................... 1
1.1 Challenges to WAN Interconnection ................................................................................................................ 1 1.1.1 Multi-Service Transmission .................................................................................................................... 1 1.1.2 High Reliability ....................................................................................................................................... 1 1.1.3 Security ................................................................................................................................................... 2 1.1.4 Maintainability ........................................................................................................................................ 2 1.2 Requirements for WANs .................................................................................................................................. 2 1.2.1 Requirement for Service QoS ................................................................................................................. 2 1.2.2 Requirement for Service Reliability........................................................................................................ 3 1.2.3 Requirement for Service Security ........................................................................................................... 4 1.2.4 Requirement for Service Operation and Management ............................................................................ 5

2 Recommendations on Planning for WAN Interconnection.................................................. 7


2.1 WAN Networking Principles ............................................................................................................................ 7 2.1.1 Network Construction Mode ................................................................................................................... 7 2.1.2 Network Architecture Design Principles ................................................................................................. 7 2.1.3 WAN Layered Networking Principles..................................................................................................... 9 2.2 IP Address Planning ....................................................................................................................................... 12 2.2.1 IP Address Assignment Principles......................................................................................................... 12 2.2.2 Detailed IP Address Planning................................................................................................................ 13 2.2.3 NGN Private Network Address Traversal ............................................................................................. 14 2.3 Routing Planning ............................................................................................................................................ 16 2.3.1 Inter-Domain Service Planning ............................................................................................................. 16 2.3.2 Routing Design ..................................................................................................................................... 19 2.4 Reliability Planning for IP Layer ................................................................................................................... 19 2.4.1 Fault Detection Techniques ................................................................................................................... 20 2.4.2 Network Protection Techniques ............................................................................................................ 21 2.5 Reliability Planning for Optical Transport Layer ........................................................................................... 23 2.5.1 Optical Line Protection ......................................................................................................................... 23 2.5.2 Optical Channel Protection ................................................................................................................... 24 2.5.3 Subnetwork Connection Protection....................................................................................................... 25 2.5.4 ASON Protection .................................................................................................................................. 27 2.6 IP&OTN Protection Synergy ......................................................................................................................... 33

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

ii

WAN Interconnection Solution Technical Proposal

Contents

2.6.1 Multi-Layer Network Planning Tool ..................................................................................................... 33 2.6.2 SRLG .................................................................................................................................................... 33 2.6.3 Control Plane Intelligent Synergy ......................................................................................................... 34 2.6.4 Layered Protection Synergy .................................................................................................................. 35 2.7 QoS Planning ................................................................................................................................................. 36 2.7.1 Basic QoS Planning .............................................................................................................................. 36 2.7.2 HQoS Planning ..................................................................................................................................... 37 2.7.3 Huawei QoS Solution ........................................................................................................................... 38 2.8 Security Planning ........................................................................................................................................... 39 2.8.1 Security Measures ................................................................................................................................. 39 2.8.2 Network Security Architecture.............................................................................................................. 39 2.9 Network Management Planning ..................................................................................................................... 40 2.9.1 Unified Network Management .............................................................................................................. 41 2.9.2 Visualized OAM ................................................................................................................................... 42

3 Product Introduction .................................................................................................................. 45


3.1 NetEngine40E Core Router ............................................................................................................................ 45 3.1.1 Overview ............................................................................................................................................... 45 3.1.2 Product Models ..................................................................................................................................... 46 3.1.3 Product Features.................................................................................................................................... 48 3.1.4 Product Specifications........................................................................................................................... 48 3.2 NetEngine80/40 Series Universal Switching Router...................................................................................... 49 3.2.1 Overview ............................................................................................................................................... 49 3.2.2 Product Models ..................................................................................................................................... 49 3.2.3 Product Features.................................................................................................................................... 51 3.2.4 Product Specifications........................................................................................................................... 52 3.3 NetEngine20E/20 Series Multi-Service Router.............................................................................................. 53 3.3.1 Overview ............................................................................................................................................... 53 3.3.2 Product Models ..................................................................................................................................... 53 3.3.3 Product Features.................................................................................................................................... 54 3.3.4 Product Specifications........................................................................................................................... 55

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

iii

WAN Interconnection Solution Technical Proposal

1 Overview of WAN Interconnection

Overview of WAN Interconnection

1.1 Challenges to WAN Interconnection


While the wide area network (WAN) offers a cost-effective way to connect geographically separated business locations, using the WAN brings a number of challenges. Enterprises need careful planning to ensure reliable handling for mission-critical functions such as the production service system, operating management system, and office automation system. In this regard, WAN interconnection brings the following challenges: How does the enterprise transmit various enterprise services on an IP network? How does the enterprise ensure the reliability of an IP network? How does the enterprise ensure security? How does the enterprise ensure maintainability and manageability over time?

1.1.1 Multi-Service Transmission


Todays enterprises require the use of multiple services:

Real-time and non-real-time services Key services and less-critical services Voice services, data services, and video services

These services have different quality of service (QoS) requirements. For example, key services require rapid forwarding but have low requirements for bandwidth. Office data services are insensitive to latency but require a bandwidth guarantee. Finding the right ways to transmit all these services on a WAN is the key to building a secure and effective IP network.

1.1.2 High Reliability


An IP network must provide 99.999% reliability to ensure uninterrupted services. Achieving this level of reliability requires eliminating single-device faults and single-link faults. The WAN solution must also implement end-to-end switching within 200 ms.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

WAN Interconnection Solution Technical Proposal

1 Overview of WAN Interconnection

1.1.3 Security
Every enterprise requires high internal and external network security, from E-government intranets to networks for key industries such as petroleum, national power, and banking. Because the WAN is more vulnerable, compared to internal networks, careful measures must be taken to guard the security of the IP network.

1.1.4 Maintainability
As the network expands to support services, network maintenance becomes increasingly complex and requires specialized IP maintenance personnel. To enable personnel to maintain and manage the network efficiently, the IP WAN interconnection solution must offer features for easy maintainability, such as visual management and unified management of the entire network.

1.2 Requirements for WANs


1.2.1 Requirement for Service QoS
Overview of WAN QoS
A traditional IP network can forward packets only in best-effort mode. The network transmits packets in its capacity range, offering no guarantee for throughput, latency, jitter, or packet loss ratio. If packet loss or excess latency occurs, terminals connected to the IP network need to take measures to ensure data correctness. A mechanism such as connection admission control (CAC) helps prevent bandwidth overload from deteriorating transmission performance. However, the connectionless mechanism or dynamic routing protocols used on the traditional IP network will result in high transient jitter. Therefore, the traditional IP network offers little end-to-end QoS guarantee. As the requirements on IP networks evolve, the IP WAN must carry a variety of real-time services such as VoIP and IPTV that require an end-to-end QoS guarantee. The best-effort mode of the traditional IP network cannot meet the needs of these applications. At the same time, other services have different QoS requirements. For example, email and FTP are not sensitive to latency. Therefore, the WAN solution must provide differentiated services to ensure packet transmission for QoS-sensitive applications without devoting excessive resources to non-critical services. QoS mechanisms can provide differentiated service capabilities based on different requirements. Availability, latency, jitter, and packet loss ratio are four performance indicators for measuring the service level agreement (SLA) of an IP network:

Availability refers to the percentage of usable service time to total service working time. Within five consecutive minutes, if the packet loss ratio of the services provided by an IP network is less than or equal to 5%, the services are considered to be available in this time period. Latency refers to the interval from transmission to reception of an IP packet. Jitter refers to the deviation of latency between different packets. Packet loss refers to the ratio of lost IP packets to transmitted packets between two reference points. Packet loss is mainly caused by network congestion.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

WAN Interconnection Solution Technical Proposal

1 Overview of WAN Interconnection

Effectively implementing IP QoS technologies achieves the following advantages:


Controls network resources and their use. Integrates multiple services such as voice, video, and data into a single IP network platform. Provides differentiated services based on different users requirements.

Goal of QoS Construction of IP WANs


IP WANs should meet the QoS requirements of various telecom services and signaling. At present, among services on IP WANs, key real-time services of enterprises have high QoS requirements. IP WANs need to both transmit multiple services of enterprises and provide QoS guarantees for real-time services. The following table lists the QoS values recommended by the ITU-T for IP WANs. Table 1-1 Goal of QoS construction of IP WANs Application Type Typical Service Latency (End-to-End Unidirectional) 150 ms Jitter (End-to-End Unidirectional) 20 ms Packet Loss Ratio (End-to-End Unidirectional) 0.1% Guarantee Bandwidth

Real-time voice/video Real-time data Streaming multi-media Normal data

VoIP Video phone Signaling IPTV/VoD Internet access

150 ms 1000 ms N/A

N/A N/A N/A

0.1% 0.1% N/A

Guarantee Guarantee Self adapt

1. Considering low-speed links, the ITU-T recommends 50 ms as the jitter value. For most users, the real jitter is 20 ms. 2. The preceding data is from ITU-T Y.1541 and recommended by the ITU-T. The end-to-end distance is less than 5000 km.

In the actual solution, do not totally rely on technical means to solve the QoS problem. Instead, fulfill the construction thoughts of IP telecom networks and take into consideration all factors such as comprehensive analysis of traffic models, network design, QoS assurance technologies, and reliability improvement to achieve the goal of QoS construction of WANs.

1.2.2 Requirement for Service Reliability


As the types and importance of the services on IP WANs have been increasing, services are becoming more and more sensitive to network quality. They require not only network recoveries upon faults, but also short recovery duration. The planning for IP WANs must meet the requirements of real-time service, non-real-time service, key service, and non-key service of enterprises, to guarantee reliable service deployment. The reliability of IP WANs generally includes three aspects:

Equipment reliability Network reliability

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

WAN Interconnection Solution Technical Proposal

1 Overview of WAN Interconnection

Fault protection switching time

Despite the dynamic protocol, redundancy connection, and other reliability technologies, the traditional IP network does not meet the carrier-class requirements. In terms of reliability index, a common IP network fault will result in service interruption for seconds or even minutes. Such an index can meet the requirement for carrying traditional Internet services, but not the QoS requirements of real-time voice and video services. The requirements of carrier-class services for the reliability of a network are as follows:

The availability of network equipment reaches 99.999%. The network availability reaches 99.999%. Fault protection switching time: For a backbone network, less than 50 ms is recommended for the link protection switching time (to meet the SDH requirements). Key components of network equipment are redundant and interface boards are hot swappable Dual-node redundant backup is usually performed on key nodes. The dual-homing design is used on key links.

1.2.3 Requirement for Service Security


The traditional IP network carries Internet services. As an open network, Internet is vulnerable to a mass of viruses, illegal attacks, and malicious service thefts. Such a network can hardly guarantee the security of services. The next-generation IP WANs will carry various key real-time services, which have a high requirement for network security. Therefore, the security problem must be solved in the process of network planning. Security includes the following three aspects:

Confidentiality: Only the receiver designated by the sender can identify the communications contents. Data integrity and consistency: While being transmitted from the sender to the receiver, information is not modified by the third party. Service availability: This can be guaranteed by preventing malicious attacks on the network.

To improve service security and meet the carrier-class requirements, IP WANs must meet the following requirements:

Service security isolation: The network is physically isolated, or a service-based logical network can be built on a single physical network. In this case, there is no service leakage between logical networks and from the logical network to the infrastructure network under any circumstances. Inside the logical network: The network provides security measures to protect the security of internal key systems, preventing service thefts. Reliability of infrastructure network: The infrastructure network (equipment) of the network can effectively prevent illegal attacks and viruses, to ensure sustained and stable network operation without degrading network performance.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

WAN Interconnection Solution Technical Proposal

1 Overview of WAN Interconnection

1.2.4 Requirement for Service Operation and Management


An IP network is both a transmission network and a service network. Traditional IP networks focus on the openness but ignore the manageability. With the development trend of all-IP services in WANs, an IP network is required to carry more and richer enterprise-class services. To reach this goal, provide users with efficient network operation and management methods. Manageability refers to not only the conventional network equipment management, but also the service management capabilities, including user management capability, service quality management capability, and service security management capability. These service management functions can hardly be implemented if they are designed only in a module of the BSS/OSS other than in network devices and network structure. Therefore, in IP WAN planning, consider the various flexible capabilities of the transmission network for user management, service management, and security management.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Recommendations on Planning for WAN Interconnection

2.1 WAN Networking Principles


2.1.1 Network Construction Mode
Huawei recommends large enterprises to construct a new IP WAN in the process of transition to ALL IP network. Network construction principles are as follows:

Layered network structure Network structure is divided into three layers: core layer, backbone layer, and service access layer. Layer-2 and layer-3 networks are separated to construct layer-3 routing backbone network and layer-2 MAN with clear physical and logical levels.

Flattened network structure Large-capacity devices are adopted to reduce the number of nodes as well as the number of physical and logical cascade connection layers and to ensure wide coverage.

At the service access layer, the layer-2 Metro Ethernet network is adopted. At the service access layer, the layer-2 Metro Ethernet network is adopted. Metro Ethernet adopts RPR/RRPP ring networking mode to save optical fibers and improve reliability.

Redundancy backup of key nodes and links For important nodes with heavy traffic, dual devices are adopted for redundancy backup. When the lower link connects to the upper link, dual homing is adopted.

2.1.2 Network Architecture Design Principles


Network Topology Design Principles
According to the WAN design principle, all the nodes of the entire network are located in an AS and the flattened networking is used. The overall network topology design principles are as follows:

The layered design is used. It divides a network into three layers: the access layer, backbone layer, and core layer. At the same layer, devices should be interconnected as much as possible. The core node uses the redundancy mechanism.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

WAN Interconnection Solution Technical Proposal


2 Recommendations on Planning for WAN Interconnection

The lower-layer device is dual-homed or multi-homed to a single node or multiple nodes of a device. The network topology can be adjusted according to the service traffic.

Core Node Design Principles


The core-layer devices can constitute a mesh network, semi-mesh network, or RPR ring network. The backbone-layer devices are dual-homed to the core-layer devices. The core node design principles are as follows:

The current traffic volume and forecast size of a node rank top. A node has rich transmission resources and is located at the intersection of transmission trunks. A node is located in a central city. In principle, core nodes are fully connected. According to traffic and transmission resources, core nodes are not fully connected but semi-connected. According to the requirements for reliability protection and saving of optical fibers, the RPR ring network technology is adopted. According to the backbone-layer networking conditions, multiple devices can be deployed on a single core node. Ensure that at least one hop is reachable between two nodes with heavy traffic. If there is little traffic between two nodes, multiple hops can be considered. Transmission distance has a great impact on time delay. Try not to detour.

Backbone Layer Design Principles


The backbone layer converges user traffic and services at the same time. Prevent a large number of access-layer devices from directly connecting to the core layer. The backbone layer design principles are as follows:

According to the forecast of the traffic direction, backbone nodes are deployed in the cities which have the main traffic (usually the regional central cities) as centers. Network structure optimization should be fully considered and more than one administrative region can be involved. According to the size and traffic of a city, multiple backbone nodes can be set. In a city where a core node is set, a backbone node can be integrated with the core node based on the actual situation. According to the reliability of links between backbone nodes and core nodes as well as the reliability of core nodes, backbone nodes can be connected to different core nodes respectively. According to the traffic size between backbone nodes, links can be directly added between convergence nodes with much traffic to distribute traffic.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Service Access Node Design Principles


The service access layer is constituted by layer-2 Metro Ethernet. Metro Ethernet consists of Ethernet switches. The service access node design principles are as follows:

To save optical fibers and improve reliability, adopt RPR/RRPP rings to constitute a network. In the densely populated areas, the layer-1 ring is used to constitute a network.

At each PoP, set one to three AGG-Rings. For each AGG-Ring, set four to eight UPEs. For each UPE, set three to ten DSLAMs.

In the sparsely populated areas, the layer-2 ring is used to constitute a network, with the aim to save optical fibers.

For each AGG-Ring, set three to ten ACC-Rings. For each ACC-Ring, set four to eight UPEs. For each UPE, set three to ten DSLAMs.

Traffic Transmission Principles


Planning the link metric of the whole network controls the service traffic of the whole network scientifically. It is recommended that traffic control should abide by the following principles:

In terms of route, number of actual hops minimum number of hops + 2. In terms of traffic sharing, traffic is shared properly and the routes with great pressure are avoided. For example, traffic between PoP nodes does not pass through the access node. The traffic within a node does not pass through other nodes. That is, traffic at the lower layer is only transmitted at the lower layer but not at the upper layer. In terms of backup: Backup should be reasonable (the backup path is relatively short in most cases; traffic should pass through the nodes and links with small pressure as much as possible). If the connections between PoP nodes are interrupted, traffic should be forwarded through the core node, but not the access node. If a fault occurs on the uplink to which a device connects within a PoP node, traffic should pass through another device that connects to the same node, but not other nodes. In terms of analysis and adjustment, for a particular destination, the path should be clear as much as possible to facilitate analysis and adjustment.

2.1.3 WAN Layered Networking Principles


A WAN can be divided into the core layer, backbone layer, and service access layer, as shown in Figure 2-1.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-1 WAN network architecture

Core layer

Backbone layer

Access layer

Core Layer Networking Principles


At the core layer, full connection, semi-connection, or RPR ring network modes can be adopted based on user traffic, optical fiber resources, and other conditions. In addition, hybrid design should be conducted for partial structure in accordance with the actual project situation. In full-connection scheme, a direct link can be directly set between any two nodes at the core layer. Meanwhile, links can be bundled to provide higher bandwidth between two nodes and further extend the bandwidth. However, full connection of nodes requires a lot of optical fiber resources, greatly increasing overall network cost. This scheme is recommended for enterprises which have huge traffic and rich optical fiber resources. In addition, the partial full-connection networking mode can be adopted based on the actual project situation to reduce the required optical fiber resources. RPR is an advanced reverse double-ring networking scheme. It can significantly save optical fiber resources and provide protection switching within 50 ms. Meanwhile, it can provide a large number of advanced features to facilitate network deployment and network operation and maintenance management. However, the current RPR technology supports only 10 G interfaces and does not support link bundling. Therefore, scalability of RPR is restricted. Overseas enterprises can adopt RPR networking scheme based on the actual situation only if traffic can be satisfied. The advantages of the two schemes can be combined. Based on RPR networking, when there is huge traffic between two nodes on a ring, a direct link is set between the two nodes to ensure large capacity provision. In this way, optical fiber resources are saved, high reliability is ensured, and the requirements for high bandwidth between some nodes are satisfied.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

10

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-2 Full mesh and RPR ring

Full Mesh structure

RPR ring structure

Backbone Layer Networking Principles


The backbone layer has two networking models, as shown in Figure 2-3.

Model 1: Only one PE is adopted and the PE is dual-homed to two Ps. Model 2: Two PEs are set on a PoP node for redundancy backup. Each PE is connected to a P. That is, on a backbone node, two links are connected to a P.

Figure 2-3 Two networking modes of a backbone network


P P P P

PE

PE

PE

Service Access Layer Networking Principles


Considering the access quantity and device performance, the service access layer networking principles are as follows:

In the service-intensive area, sites are relatively concentrated. The layer-1 ring network is usually adopted. In the service-sparse area, sites are relatively dispersed. Due to the geographical range, the layer-2 ring network can be adopted.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

11

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-4 Network architectures of service-intensive mode and service-sparse mode


PE-AGG AGG-Ring AGG-Ring AGG-Ring UPE ACC-Ring ACC-Ring UPE PE-AGG-a PE-AGG

CPE

CPE

2.2 IP Address Planning


2.2.1 IP Address Assignment Principles
The assignment and reasonable use of IP address space is closely associated with the network topology, network organization, and routing policy. It will have a significant impact on the availability, reliability, and effectiveness of MANs. Therefore, the requirement of the local network for IP addresses must be considered to satisfy the requirement for IP addresses for future service development. The MAN IP address planning should abide by the following principles:

IP address planning and assignment should satisfy requirements from the rapid development of MAN service and address segments should be reserved for future service development. IP address assignment must be flexible enough to access a variety of users such as dial-up users and leased line users. Address assignment is driven by services. Assign address segments for each place according to the volume of services. Adopt the VLSM technology for IP address assignment to ensure the utilization of IP addresses. Adopt the CIDR technology to reduce the size of routing table of routers, speed up the routing convergence of routers, and reduce the size of routing information broadcast in the network. Adopt the hybrid address assignment mode that combines public and private addresses or dynamic and static addresses to relieve the current pressure of serious shortage of IP address resources. IP address planning should take the network level into consideration to implement hierarchical management. Fully and properly use the applied address space to improve address utilization.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

12

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

2.2.2 Detailed IP Address Planning


Hybrid of Public and Private Addresses
The hybrid address assignment mode that involves public and private addresses can be adopted in a MAN to save IP addresses and reduce the cost.

Both public and private addresses are used in a MAN. In a MAN, public and private addresses are not converted. The routing devices in a MAN do not distinguish public addresses from private addresses and support routing of public and private addresses. At the network egress, the hybrid address switching router is adopted to convert addresses. Only the private addresses of data packets are translated. Packets with public addresses are forwarded. Unified planning for private IP addresses is required to avoid confusion in the future.

Hierarchical Assignment

According to network structure, area, territorial allocation, and the number of users in an area, the whole MAN is divided into several major regions. A major region is divided into several sub-regions. Each region obtains the sub-network segment from its higher-level region. Regarding the network scalability, addresses should be assigned from both ends to the middle.

This mode takes the planning for network level and routing protocol into full consideration. Through the aggregation network, the network routing and the number of addresses for maintenance in a network are reduced, fully reflecting the hierarchical management thought.

Private Address Assignment


Private addresses are usually configured in the following cases:

Residential users are usually assigned private addresses. Several successive IP addresses (to facilitate aggregation) are assigned based on class C addresses. For IP voice and video users, FANAVA assigns private IP addresses nationwide in the unified manner and reserves IP addresses for the next few years. The mapping relationships between the user number and the private IP address, public IP address of media gateway, and public IP address of access gateway are stored in the softswitch system, so that service traffic can be accurately routed to the user terminal during call connection. VPN users are assigned private IP addresses that are used in enterprises.

Public Address Assignment


The following devices are assigned public addresses, to ensure that both local users and Internet users in other places are able to access the local server, without NAT restrictions.

Hosts on the Internet, such as web, FTP, and mail servers in IDC which need to be open to the Internet MAN gateway devices, which require public addresses to connect to the Internet Devices on the routes which need to be broadcast externally (For example, a MAN connects to two ASs at the same time and the inter-domain routing protocol BGP is

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

13

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

adopted. Because the MAN acts as the intermediate AS, the routes between AS egresses may need to be broadcast on the Internet. In this case, public IP addresses are required.)

Enterprise users are assigned public addresses for NAT. An enterprise usually sets up an intranet by using the private address and connected the intranet to the Internet by using the NAT device. Assigning an enterprise public address will not affect the address planning of the enterprise. Users are assigned public addresses to surf the Internet by using ADSL, FTTX+LAN, and other broadband modes. It is recommended that 40 to 100 users in a residential area should be assigned one public IP address. If TCP port mapping can be realized, an IP address can support more users. Users are assigned public IP addresses to connect to the Internet in the narrowband dial-up mode. Generally, each RAS port is assigned a publicIP address. Leased line users are assigned public IP addresses to connect to the Internet. A user is assigned a public IP address.

NAT Device Deployment


For small and medium-sized cities, it is recommended that the device that provides the NAT function and hybrid address switching function should be deployed at the core layer of a network to reduce device investment and enhance network manageability. For large cities, consider providing the functions at the aggregation layer or access layer to reduce the pressure on the devices at the core layer.

Address Redundancy
In the process of address planning, reserve 50% to 80% IP addresses.

2.2.3 NGN Private Network Address Traversal


A large number of enterprise networks and customer premises networks (CPNs) that are carried on IP WANs basically adopt private IP addresses to connect to the public network through the NAT/FW device at the egress. However, in the current IP WANs, it is difficult for the control channel or media channel of the protocols, which are used to carry voice and video over IP such as H.323, SIP, MGCP, and H.248, to traverse the traditional NAT/FW devices to communicate with the public network in the application of private network user access. That is, currently, most of NATs/FWs support the traversal of HTTP data application protocol, but do not support NAT/FW traversal for the signaling and media streams of session service. The biggest advantage of the NGN is to provide users with rich services; especially it provides enterprise users with IP Centrex service that integrates voice, data, and video. Therefore, the preceding problem in the current IP WANs is becoming the biggest obstacle to launch the NGN service. At present, the solutions in the industry are as follows:

Network address translation (NAT)/Application layer gateway (ALG) mode Middle box communication (MIDCOM) mode Simple traversal of UDP through network address translators (STUN) mode Traversal using relay NAT (TURN) mode Signal proxy + media relay (Full Proxy) mode

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

14

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Table 2-1 illustrates the comparison of the five modes. Table 2-1 Comparison of NGN private network traversal modes Item ALG MIDCOM The NAT device does not need to dynamically monitor packets but needs to receive commands from the MIDCOM agent, which will not increase the burden on the NAT device. STUN The NAT device does not need to parse packets, which will not increase the burden on the NAT device. The performance is good. TURN The NAT device does not need to parse packets, which will not increase the burden on the NAT device. The performance is good. Full Proxy Full Proxy forwards all call packets and media streams in the designated direction. A high efficiency is required, but Full Proxy processes only session packets but not data service packets. A new protocol is extended on the proxy.

Performance The NAT device needs to dynamically monitor and parse all packets, which will greatly increase the burden on the NAT device.

Extensibility Each time a The protocol is protocol is developed on the added, the NAT agent. device needs to be upgraded. The extensibility is poor. Networking This mode is application applicable to residential and enterprise networks of not too large scale. This mode is applicable to residential network, enterprise network, and gateway, depending on the efficiency of the NAT device.

Only the protocols The extensibility is the best. over UDP are supported. A new protocol based on UPD, does not require upgrade of the NAT device. This mode is applicable to residential network and enterprise network. This mode is applicable to residential network and enterprise network.

This mode is applicable to residential network, enterprise network, gateway, and other NGN networking applications. The flexibility is the highest. Only the Full Proxy device needs to be provided. Other devices do not need to be altered.

Current device alteration

The NAT device needs to be upgraded. The development cost is high.

The NAT device needs to be upgraded to support the MIDCOM protocol. The call agent supports the MIDCOM protocol. High Guaranteed

The STUN server needs to be provided. Meanwhile, the terminal needs to support the STUN client function.

The TURN server needs to be provided. Meanwhile, the terminal needs to support the TURN client function.

Security QoS

Relatively high Unguaranteed

Low Unguaranteed

Low Unguaranteed

Highest Guaranteed

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

15

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

According to the preceding introduction and comparison, Full Proxy and MIDCOM are recommended. Other solutions are used according to the actual situation.

Having no need to alter the current network devices, the Full Proxy mode features strong adaptability and flexible networking and can meet the requirements of diversified networking and user access at the initial stage of NGN. In addition, it can solve the NAT problems, greatly extend the functions, and implement the QoS and security of session service at the access layer. Therefore, the user access platform of the NGN can be developed. The MIDCOM mode has strong extensibility. Once the NAT/FW device supports the MIDCOM protocol, the MIDCOM agent can be embedded in the softswitch. The NAT/FW traversal problem of NGN service can be solved. The softswitch itself parses and processes users' call protocol packets and can deliver the call QoS and security information dynamically. The Middle box (NAT/FW) device at the lower layer takes necessary measures based on the information.

2.3 Routing Planning


2.3.1 Inter-Domain Service Planning
If an inter-domain MPLS VPN needs to be constituted (it seldom occurs), because Layer 3 MPLS VPN routes are carried using BGP, the inter-domain problem can be solved in the following three modes:

VRF-to-VRF mode EBGP mode Multi-hop BGP mode

VRF-to-VRF
The VRF-to-VRF mode is the basic BGP/MPLS IP VPN application in the inter-AS scenario, without requiring additional configurations. In this mode, ASBRs of two ASs are directly connected and function as the PEs in their respective ASs. Either of the two ASBRs regards the peer ASBR as its CE and advertises IPv4 routes to each other using EBGP, as shown in Figure 2-5.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

16

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-5 ASBRs managing VPN routes in VRF-to-VRF mode

In Figure 2-5, ASBR-PE1 in AS 100 and ASBR-PE2 in AS 200 are one CE of each other. The inter-AS VPN in VRF-to-VRF mode is easy to implement. The two ASBR PEs do not need to be specially configured to implement inter-AS VPN. The disadvantage is poor scalability. The ASBRs functioning as PEs need to manage all the VPN routes and create a VRF for each VPN. This may result in a large number of VPN-IPv4 routes on PEs. In addition, as common IP forwarding is performed between the ASBRs, each inter-AS VPN requires different interfaces, which can be sub-interfaces, physical interfaces, and bound logical interfaces. Therefore, this mode poses high requirements for PEs. The inter-AS VPN in VRF-to-VRF mode requires VPNs to be configured, without requiring additional configurations for the inter-AS.

Advertising Labeled VPN-IPv4 Routes Between ASBRs Using MP-EBGP


In this mode, two ASBRs exchange labeled VPN-IPv4 routes that they receive from PE routers in their respective ASs through MP-EBGP. ASBRs need to process labeled VPN-IPv4 routes. Therefore, this mode is also called ASBR extension mode, as shown in Figure 2-6.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

17

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-6 Advertising labeled VPN-IPv4 routes between ASBRs using MP-EBGP

The route advertisement process is as follows: a. b. c. The PE in AS1 advertises labeled VPN-IPv4 routes to the edge router PE in AS1 or the route reflector (RR) which reflects routes for ASBR PE using MP-IBGP. The PE functioning as the ASBR advertises labeled VPN-IPv4 routes to the PE in AS2 (that is, the edge router in AS2) using MP-IBGP. The ASBR PE in AS2 advertises labeled VPN-IPv4 routes to the PE in AS2 or the RR which reflects routes for PE using MP-IBGP.

When the MP-EBGP mode is used, note the following:

ASBRs do not filter the VPN-IPv4 routes received from each other based on VPN targets. Therefore, the SPs in different ASs that exchange VPN-IPv4 routes must reach a trust agreement on route exchange. VPN-IPv4 routes are exchanged only between VPN peers. A VPN cannot exchange VPN-IPv4 routes with public networks or MP-EBGP peers with whom there is no trust agreement.

In terms of extensibility, distributing labeled VPN-IPv4 routes in MP-IBGP mode is superior to inter-ASBR VPN management through sub-interfaces.

PEs Advertising Labeled VPN-IPv4 Routes Using Multi-hop MP-EBGP


The preceding two modes can satisfy networking requirements of the inter-AS VPN. ASBRs, however, need to maintain and distribute VPN-IPv4 routes. When each AS needs to exchange a large number of VPN routes, ASBRs may hinder network extension. One solution to the problem is that PEs directly exchange VPN-IPv4 routes with each other and ASBRs do not maintain or advertise VPN-IPv4 routes.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

18

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

2.3.2 Routing Design


Routing Design Principles
Routing design is important to IP WANs and will directly affect the reliability and security of WANs. The routing design should abide by the following principles:

Avoid route flapping in the entire network caused by partial route changes. Balance network traffic in the entire network through routing design. Avoid the situation where routes in an AS cannot be sent to other ASs and devices in the AS cannot receive external routes. Minimize the number of routes and take into account the transmission distance. Implement fast convergence to find and respond to faults quickly so that the system recovers from faults as soon as possible to avoid routing blackholes and routing loops. Adopt the GR-enabled routing protocols.

Detailed Routing Design

All routers in a private network are located in a domain. The IS-IS or OSPF routing protocol is used as an IGP. For flat routing design, IS-IS adopts the level-based mode, while OSPF adopts the area-based mode. BGP-4 is used as the inter-domain routing protocol of the private network. The AS number is independent. At the border of an AS, routing transmitting, receiving, summarizing, and attribute modification are controlled through EBGP. Level-1 RR design is adopted to ensure that the number of BGP peers on each RR is less than 100. When there are many clients, an independent router can be used as the RR. At least two RRs are configured to avoid single-point faults. Clients are dual-homed to at least two RRs. The routes for router management address and link address are carried over IGP, while the routes for private line users, 3G/NGN device address, and address pool are carried over BGP. MBGP is used in a VPN. The RR configuration principles for a VPN are the same as those for the public network where BGP is used. BGP or OSPF can be selected as the routing protocol between a PE and a CE in a VPN based on the network size. In terms of security, the static routing protocol is recommended. The routing protocol supports MD5 authentication to ensure the security of the routing protocol.

2.4 Reliability Planning for IP Layer


A stable and reliable network system is crucial to the normal operation of application systems. Therefore, during network design, select highly reliable network products that have been commercialized in a large scale, properly design network architecture, and develop reliable network backup strategies to ensure the self-healing ability of the network and to support the normal operation of the system to the most extent. The devices at the IP layer must achieve 99.999% reliability. Huawei takes the lead in providing the end-to-end millisecond-level switchover scheme in the industry, to meet the requirement for the reliability of carried telecom services (50 ms to 500
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

Issue 01 (2011-09-08)

19

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

ms), to ensure the extensibility and feasibility of standard technologies, to reduce the operation and maintenance cost, and to ensure the service operation effect.

2.4.1 Fault Detection Techniques


The traditional fault detection technique detects faults by monitoring the device interface status. This detection technique can detect only physical faults and depends on Keepalive or Hello packets sent by upper-layer routing protocols to detect faults such as forwarding engine faults and unidirectional link faults. Therefore, this fault detection mechanism requires a long time, uses a lot of resources, and is not applicable to scenarios where different protocols are running. To speed up fault detection and improve fault detection efficiency at the IP/MPLS layer, a mechanism that can detect faults rapidly and support various protocols is required. MPLS OAM and BFD are such mechanisms.

BFD
BFD is an interactive detection mechanism that rapidly detects communication faults between systems and reports the detected faults to upper-layer applications. BFD has the following functions:

Provides low-overhead, short-duration detection of faults in the path between adjacent forwarding engines. These faults include interface faults, data link faults, and forwarding engine faults. The BFD detection time is usually within 50 ms. Provides a single mechanism for fault detection over any media and at any protocol layer to implement BFD for Everything, such as BFD for IS-IS, OSPF, BGP, LSP, and TE.

With the preceding functions, BFD has been widely used to detect link faults and protocol faults.

MPLS OAM
MPLS OAM is a rapid detection mechanism that checks MPLS LSP connectivity by allowing nodes along an LSP to exchange OAM packets. MPLS OAM provides the following functions, independent of upper-layer or lower-layer protocols:

Detects, identifies, and locates MPLS user-plane faults efficiently. Evaluates network usage and performance. Performs protection switching in the event of a link defect or fault to provide services according to the Service Level Agreements (SLAs).

For more information about MPLS OAM, see ITU-T Recommendation Y.1710 and Y.1711.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

20

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

2.4.2 Network Protection Techniques


On IP/MPLS networks, various network protection techniques are used to rectify faults:

Redundancy backup of main control boards, hot swap of boards, and GR, which ensure device reliability Virtual Router Redundancy Protocol (VRRP) and Gateway Load Balancing Protocol (GLBP), which improve node reliability IGP fast route convergence and TE FRR, which ensure path availability VPN FRR, which ensures PE reliability

The following are common network protection techniques.

IGP Fast Convergence


IGP fast convergence speeds up IGP route recalculation and convergence when a network fault occurs. IGP fast convergence provides the following features:

Incremental SPF (I-SPF): calculates only the changed routes but not all routes each time. Partial route calculation (PRC): calculates only the changed routes. It does not calculate the shortest path but updates leaf routes based on the shortest path tree (SPT) calculated by I-SPF. LSP fast flooding: When a router receives one or more new LSPs, it floods out the LSPs with a number smaller than the specified number before calculating routes. This accelerates LSDB synchronization and network convergence. Intelligent timer: adjusts the delay based on the route change frequency. This ensures fast route convergence, without affecting router performance. Intelligent timers include the SPF intelligent timer and LSP generation intelligent timer.

IP FRR
On legacy IP networks, it takes the routing system several seconds to complete route convergence after a fault is detected. This convergence speed cannot meet requirements of the services that are sensitive to packet delay and packet loss. For example, Voice over Internet Protocol (VoIP) services are tolerant of millisecond-level interruption. IP FRR allows the forwarding system to rapidly detect faults and take measures to restore services as soon as possible. The IP FRR implementation principles are as follows:

When the primary link is available, you can configure IP FRR by using a routing policy to provide the backup route information for the forwarding engine. When the forwarding engine finds that the primary link fails, it uses the backup link to forward traffic before the routes converge on the control plane.

IGP Auto FRR


In IP FRR, the backup next hop needs to be manually configured, which is complex and prone to network loops if network planning is improper. IGP Auto FRR overcomes the preceding problem. IGP Auto FRR is a technique that allows routing protocols to generate the backup next hop using routing algorithms according to the link status. This technique does not require manual intervention, which reduces maintenance costs.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

21

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

BGP FRR
IGP/LDP FRR can rapidly switch traffic to another link when a link fault occurs. However, when a fault occurs on a BGP node, routes need to converge on the BGP control plane and then be delivered to the forwarding table. The route convergence time may reach the second level. The BGP indirect next hop technique speeds up route convergence on the control plane, but it still cannot ensure carrier-class reliability. In BGP FRR, the LDP label or BGP label of a sub-optimal route is installed into the forwarding table as a backup routing entry. When a rapid fault detection mechanism such as BFD detects that the optimal route becomes unavailable, services are switched to the backup route. This implements fast service switchover.

LDP FRR
With LDP FRR, the fast convergence of the LDP LSP can be achieved. LDP FRR means that the device takes the optimal route of the LDP as the forwarding entry as well as takes the secondary optimal route of the LDP as the backup path and puts it in the forwarding table. When a fault occurs on the optimal next top, the device directly uses the backup path/label for forwarding. Through BFD, the connection to the optimal next top can be rapidly detected and the convergence speed of 50 ms can be achieved. There are some restrictions on the use of the LDP FRR convergence technology. For example, in a ring network, the sub-optimal next hop may send packets back to the node, which causes a forwarding loop. Compared with the FRR protection technology for RSVP TE, the LDP ERR protection is based on single points and end-to-end protection is not required.

MPLS TE FRR
MPLS TE FRR protects links and nodes in MPLS TE. When an LSP link or a node fails, traffic can be forwarded along the tunnel of the protected link or protected node. This ensures uninterrupted traffic forwarding. In addition, the ingress can continue re-establishing the primary path without affecting data transmission. In MPLS TE FRR, an LSP is established to protect one or more LSPs. This LSP is called the FRR LSP and the protected LSP is called the primary LSP. When a link or node fails, MPLS TE FRR uses the FRR LSP to transmit traffic; therefore, the primary LSP is protected. All the nodes in the MPLS TE system need to participate in the establishment of the FRR LSP and primary LSP. MPLS TE FRR is implemented based on RSVP TE and complies with RFC 4090.

VPN FRR
MPLS TE FRR protects services in the case of a link or node failure between two PEs at both ends of a TE tunnel; however, MPLS TE FRR cannot protect services in the case of a PE failure. Once a PE fails, services can only be restored by means of end-to-end route convergence and LSP convergence. The service convergence time depends on the quantities of MPLS VPN routes and hops on a network. The convergence time is usually 5s on a typical network, which is longer than 1s required for end-to-end service convergence.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

22

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

VPN FRR solves the preceding problem. In VPN FRR, primary and backup forwarding entries with the primary PE and backup PE as their respective destinations are preconfigured on the remote PE. Rapid PE failure detection is also used so that the end-to-end service convergence is within 1s on an MPLS VPN where a CE is dual homed to two PEs. The recovery time is independent of the quantity of VPN routes.

2.5 Reliability Planning for Optical Transport Layer


The reliability planning for WANs refers to the reliability planning for the IP network. Because the transport network at the bottom layer is the operator's network, enterprise users do not need to consider its reliability. However, some large or super-sized enterprises may build their own optical transport networks. In this case, the reliability of the IP network needs to be considered in addition to the reliability of the optical transport network. The optical layer is a low-layer physical network of the service and data networks. If the optical layer is unreliable, the service and data networks cannot operate properly. Therefore, the optical layer uses various protection measures to ensure high reliability. Protection measures at the optical layer include equipment-level protection measures and network-level protection measures. Equipment-level protection includes SCC 1+1 protection, cross-connect board 1+1 protection, DC input protection, centralized power protection, fan redundancy protection, and subrack communication protection. The equipment-level protection measures are not described in this document. Network-level protection refers to the protection on all devices and links on the entire network, including:

Optical line protection Optical channel protection Subnet connection protection ASON protection

2.5.1 Optical Line Protection


Optical line protection uses the dual fed and selective receiving function of OLP boards and diverse routes to protect the fibers between adjacent stations. Each optical line uses two pairs of fibers. One pair functions as the working path to transmit service signals. The other pair functions as the protection path to transmit service signals when a fiber break occurs on the working path or signal attenuation is too large. Figure 2-7 shows the diagram of optical line protection.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

23

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-7 Optical line protection

Working signals

Protection signals

2.5.2 Optical Channel Protection


Optical channel protection includes client 1+1 protection and intra-board 1+1 protection.

Client 1+1 Protection


Client 1+1 protection uses the dual fed and selective receiving function of OLP/DCP boards or the dual fed and dual receiving function of SCS boards to protect OTUs and OCh fibers. A working wavelength and a protection wavelength are transmitted in two different routes to protect OTUs. When the SCS board is used on a device, the device opens the client-side laser of the working OTU and closes the client-side laser of the backup OUT. When the working OTU detects an SF or SD alarm, it reports the SF or SD alarm to the SCC board. The SCC board then closes the client-side laser of the working OTU and opens the client-side laser of the backup OTU. A switchover is completed. When the OLP or DCP board is used on a device, the device opens the client-side laser of both the working OTU and backup OTU. When the working OTU detects an SF or SD alarm, it reports the SF or SD alarm to the SCC board. The SCC board then closes the client-side laser of the working OTU. So the R_LOS alarm occurs on the OLP and the OLP performs switching. Figure 2-8 Client 1+1 protection

Working signals

Protection signals

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

24

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Intra-Board 1+1 Protection


Intra-board 1+1 protection uses the dual fed and selective receiving function of OTU, OLP, or DCP boards and diverse routes to protect services. This protection measure is applicable to chain networks and ring networks and uses the single-ended switching mode. On a chain network, intra-board 1+1 protection provides diverse routes between adjacent stations the same way as optical line protection. On a ring network, intra-board 1+1 protection uses the diverse routes to protect services. Services are transmitted in the clockwise or counter-clockwise direction on the ring, and finally reach the destination node. Intra-board 1+1 protection is implemented in the following ways:

Uses the OTU with the dual fed and selective receiving function to protect services, as shown in Figure 2-9. Uses the OLP or DCP board with the dual fed and selective receiving function to protect services. The network diagram is the same as Figure 2-9.

Figure 2-9 Intra-board 1+1 protection

Working signals

Protection signals

2.5.3 Subnetwork Connection Protection


Subnetwork connection protection (SNCP) predefines a dedicated protection route for a subnet. If a fault occurs on the subnet, the protection route replaces the subnet to transmit traffic. SNCP protects channels without using the APS protocol. It sets up a two-fiber path protection ring on a ring network. SNCP is applicable to various complex network topologies and provides fast service switching. SNCP includes sub-wavelength (SW) SNCP, ODUk SNCP, VLAN SNCP, tributary SNCP, and master slave (MS) SNCP. This document uses ODUk SNMP as an example. For the other types of SNCP, see the OptiX OSN 6800 documents. ODUk SNCP protection uses the dual fed and selective receiving function of the cross-connections at the electrical layer to protect line boards and OCh fibers. It protects inter-subnet services without using any protocol. ODUk SNCP is applicable to various networks. Figure 2-10 shows the working process of ODUk SNCP.

In the transmit direction, services to be protected are input through the tributary board. They are transmitted to the working line board and backup line board by using working signals and protection signals. The working signals and protection signals are transmitted in the working channel and the protection channel respectively.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

25

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

In the receive direction, only the cross connection corresponding to the working line board is valid and the cross connection corresponding to the backup line board is disconnected. When the working channel is faulty, the line board reports an alarm to trigger an SF or SD alarm. After detecting the SF or SD alarm, the main control board disconnects the cross connection corresponding to the working line board and enables the cross connection corresponding to the backup line board. Service signals are transmitted over the protection channel. After the working channel is recovered, service signals are switched back to the cross connection corresponding to the specified line board.

Figure 2-10 ODUk SNCP protection

Working signals

Protection signals

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

26

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

2.5.4 ASON Protection


On legacy networks, wavelength division multiplexing (WDM) devices were the replacement for fibers. In recent years, they have been used to transmit user's services. The devices must be easy to operate and manage. The legacy networks have the following problems:

Service configuration procedures are complex, and it takes a long time to expand capacity or launch services. Bandwidth use is inefficient because about 50% bandwidth must be reserved on the ring network. Only a few protection measures are provided, so network self-healing capability is poor.

Automatically Switched Optical Network (ASON), also called intelligent optical transport network, is used to solve the preceding problems. ASON uses GMPLS-UNIs and a control plane on transport networks to enhance the network connection management and fault recovery capabilities of optical transport devices. It supports end-to-end service configuration and multiple service restoration methods. Compared with WDM, ASON has the following advantages:

Computes routes using optical parameters and discards the routes that do not match the optical parameters. Adjusts wavelength during rerouting, eliminating wavelength conflicts. Allocates wavelength for new services automatically. Supports automatic configurations for end-to-end services. Discovers topology automatically. Protects the mesh network to enhance network availability. Assigns protection priorities to services according to the priorities of the client-layer signals. Uses traffic engineering to dynamically adjust network topology according to users' service requirements. This implements optimal network resource allocation.

The following sections describe the transport layer protection mechanisms based on ASON.

Mesh Networking
Mesh networking is a widely used networking type of ASON, and is flexible and easy to extend. Compared with WDM networking, mesh networking supports more recovery paths, which improve network security and reduce network resource waste. In addition to the traditional protection measures (such as 1+1 protection) and shared protection measures, the mesh networking can also use the rerouting mechanism to protect services. Using all the preceding measures, the mesh networking is capable of restoring services in any situations. As shown in Figure 2-11, if the link between device C and device G is interrupted, a route from device D to device H is generated. Services are restored through a newly generated LSP.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

27

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-11 Service protection and restoration using the mesh networking

Dynamic Rerouting
Rerouting recovers services when network faults occur. In non-revertive mode, the first node on an interrupted LSP calculates the optimal path, and then sets up a new LSP using signaling messages. Services are transmitted over the new LSP. The interrupted LSP is deleted after the new LSP takes effect. Rerouting, as a key technology of GMPLS/ASON, protects services without a waste of resources. It is also a revolutionary improvement for traditional protection measures. Rerouting protects services even if fibers are interrupted frequently. As shown in Figure 2-12, an LSP passes devices A, D, G, and K. When the link between devices D and G is interrupted, the rerouting process is as follows:

The FIU (for optical layer) or OUT (for electrical layer) of device D detects an alarm, and then reports the alarm to the GMPLS module. The GMPLS module on device D checks the affected intelligent services and sends a Notify message to device A. After receiving the Notify message, the GMPLS module of device A calculates an end-to-end protection path and sends a PATH message along the new path. A reverse cross-connected path destined for device K is set up. After receiving the PATH message, the GMPLS module of device K returns a RESV message along the new path to set up a cross-connected path destined for device A. After receiving the RESV message, device A enables the alarm function and sends a PATH message to request the downstream devices to enable the alarm function. The downstream devices enable the alarm function for the new path. After all devices on the LSP enable the alarm function, the old LSP is deleted if the non-revertive mode is used. The rerouting process is complete.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

28

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-12 Rerouting diagram

fy Noti
A

PA TH
K C F

PA TH
H PAT
H

B E

Preset Protection Path


Preset protection paths ensure high reliability for services. When a path fails, the GMPLS and ASON networks restore services using the preset protection path. The service paths on the networks are controllable. If services cannot be restored, a new route is calculated. To ensure that routes are controllable after fibers are disconnected multiple times, the ASON allows more than one preset protection path for an end-to-end route (at the optical layer or electrical layer). An LSP can have two preset protection paths and the paths have their own priorities.

Resource Sharing on Working/Protection Paths


Resource sharing on the working and protection paths provides restoration resources as many as possible. Figure 2-13 shows a tangent ring network where resource sharing is used. The blue and red real lines indicate the working and protection paths. When link 1 and link 2 are broken, the working and protection paths are invalid. If the working and protection paths cannot share resources, services will not be restored. If the paths can share resources, some links on the paths form a complete backup path. The green broken lines in the figure indicate the backup path. If link 3 is broken, the path represented by purple lines is formed.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

29

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-13 Resource sharing on working and protection paths

Service Association
Two LSPs are associated. When an LSP is performing rerouting or optimization, this LSP is separated from the other one. The two LSPs do not overlap each other. Service association is applicable to the services having two access points (dual homing). As shown in Figure 2-14, the two LSPs D-E-I and A-B-G-H are associated. If the link between devices B and G is broken, the LSP A-B-G-H performs rerouting and the LSP D-E-I is not affected. Figure 2-14 Service association

SLA for Differentiated Services


WDM/OTN-based GMPLS and ASON provide protection services of different levels, including Diamond, Silver, and Bronze. Users pay different fees for different service levels. Table 2-2 lists the service levels.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

30

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Table 2-2 Service levels Service Level Diamond Protection and Recovery Protection and recovery Recovery No protection, no recovery Implementation Intra-board 1+1 protection, ODUk SNCP, SW SNCP, rerouting Rerouting Switchover Time Shorter than 50 ms

Silver Bronze

2. Diamond service Diamond service has the best protection ability. When there are enough resources on the network, diamond service provides permanent 1+1 protection for paths such as ODUk paths. Diamond services are applicable to voice and data services, VIP private line, such as banking, security, and aviation. A diamond service provides 1+1 protection from the source node to the sink node. It is also called a 1+1 service. There are two LSPs available between the source node and the sink node. The two LSPs are separated. One is the working LSP and the other is the protection LSP. The same service is transmitted to the working LSP and the protection LSP at the same time. When the working LSP is normal, the sink node receives services from the working LSP; otherwise, the working LSP receives services from the protection LSP. Figure 2-15 shows the network diagram of diamond service. Figure 2-15 Diamond service

The diamond service uses the following rerouting policies:


Permanent 1+1 protection: triggers rerouting once an LSP fails. Rerouting 1+1 protection: triggers rerouting only when the two LSPs fail. No rerouting: does not trigger rerouting no matter whether LSPs fail.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

Issue 01 (2011-09-08)

31

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

3. Silver service Silver services include WDM ASON OCh paths, ODUk paths and Client paths. The recovery time is several seconds. The silver service is suitable for the delay-insensitive services such as data service and residential Internet service. Silver service provides connections from the source node to the sink node with the rerouting protection. It is also called rerouting services. If an LSP fails, rerouting is repeatedly initiated to restore services until rerouting is successful. The silver service computes protection paths without a reservation of resources. Hence, the bandwidth utilization is high. However, if network resources are insufficient, services may be interrupted. As shown in Figure 2-16, the silver service is provided for the path A-B-G-H-I. If the link between devices B and G is broken, device A initiates rerouting to create a new path. Figure 2-16 Silver service

4. Bronze service The bronze services are seldom used. Generally, temporary services, such as the abrupt services in holidays, use the bronze service. The paths of bronze service include OCh paths, ODUk paths, and Client paths. The bronze service means no protection. If an LSP fails, rerouting is not triggered and services are interrupted. ----End

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

32

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

2.6 IP&OTN Protection Synergy


A fault on the WAN or backbone network affects thousands of enterprises' services, which lowers these enterprises' production efficiency and delays their response to market changes. Therefore, reliability of the WAN and backbone network is important to enterprises' business and competitiveness. Although both the IP layer and transport layer have many protection mechanisms, mechanisms may not collaborate well with each other. For example, some protection mechanisms fail to function together or some protection mechanisms repeat each other, resulting in a waste of resources and service quality degrade. Protection synergy uses the protection mechanisms on both the IP layer and transport layer according to requirements of the WAN and backbone network. The major protection features include static SRLG, dynamic SRLG, intelligent control plane synergy, and layered protection synergy.

2.6.1 Multi-Layer Network Planning Tool


Legacy WAN and backbone network are planned layer by layer, wasting network resources and making QoS and reliability complex. When the network is large, concurrent designs are very difficult. Unlike layer-by-layer network planning tools, a multi-layer network planning tool improves resource utilization and network reliability by planning the IP layer and transport layer together. This tool has the following advantages:

Allocates bandwidth for the two layers based on traffic volume so that traffic is loaded evenly, improving utilization of network resources. Isolates faults on the IP layer and transport layer to prevent a fault from triggering repeated protection at the two layers. This ensures effective protection and improves network reliability, laying a foundation for intelligent synergy between the IP layer and transport layer of a backbone network.

2.6.2 SRLG
An SRLG is a group of links with the same reliability risks. For example, multiple links on a router involve the same transport path. If the transport path fails, both the working and protection links on the router will also fail. To prevent this problem, links in the same SRLG are not assigned to a pair of working and protection paths during path computation. This improves reliability on the IP layer because a link failure will not cause both the working and protection paths to fail.

Static SRLG
Static SRLG requires the IP network administrators to manually configure SRLG information on routers after confirming the information with the transport network administrators. Static SRLG is easy to implement and does not require configuration of other parameters. However, static SRLG has the following disadvantages:

The administrators of the IP network and transport network have to exchange and configure a large amount of detailed information, which is labor-consuming and prone to errors.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

33

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

When links on the transport layer are re-planned or adjusted, the transport network administrators must notify the IP network administrators, and the IP network administrators modify configurations on the IP layer. If the GMPLS ASON technology is used at the transport layer, the transport paths may change automatically. The IP network administrators cannot be notified of the changes in real time.

Dynamic SRLG
Huawei presents the dynamic SRLG solution to overcome problems of static SRLG. Transport devices transfer SRLG information to routers through extended GMPLS-UNIs between them. Dynamic SRLG has the following advantages:

The SRLG information is transmitted from the transport layer to the IP layer automatically and no manual operation is required, reducing workload in maintenance and preventing configuration errors. Transport devices update SRLG information when transport links are adjusted, saving network administrators' workload in modifying configurations. When the GMPLS ASON re-computes routes, transport devices notify routers of SRLG information update.

Transport devices send SRLG information to routers, including information specific to each layer such as OTN layer, optical layer, and fiber layer. Each router calculates and updates links on the working and protection paths according to the SRLG information received from the transport layer to ensure that the working and protection paths do not contain links in the same SRLG. Figure 2-17 shows dynamic SRLG implementation. Figure 2-17 Dynamic SRLG
SRLG: O-S4, L-S4, FS1, F-S3, F-S4

IP/MPLS
GMPLS-UNI extension O-S2 O-S1 O-S3 O-S4 O-S5 O-S6

OTN/sublambda

O-S4

L-S2 L-S1 L-S4 F-S2 F-S1 F-S3

L-S3 L-S5

WDM/lambda

L-S4

Fiber
F-S4

F-S1

F-S3

F-S4

2.6.3 Control Plane Intelligent Synergy


The control plane is not involved in static synergy, but it plays an important role in dynamic synergy. The key technologies used on the control plane are GMPLS-UNI, and PCE.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

34

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

GMPLS-UNI
The GMPLS-UNI technology defined by the IETF is a key technology to enhance information exchange between the IP layer and transport layer. Routers on the IP layer send messages to request transport devices to set up or delete paths through GMPLS-UNIs. After a router sets up a link, it sends GMPLS-UNI signaling messages to notify transport devices of the source node, destination node, and attributes (such as bandwidth and protection attributes) of the link. Transport devices then set up a transport path according to the link information.

PCE
On a large network, constraint-based path computation is complex, and devices participating in path computation must have high calculation capabilities. If distributed path computation is performed on the network, each node must have high calculation capabilities, causing high costs on network construction. If the network is divided into multiple domains, the topology of each domain is hidden to other domains. Therefore, devices on the network must cooperate to compute the optimal end-to-end path. The PCE technology is used to solve the path computation problem. A PCE has high path computation capabilities and is deployed on a network device or an external server. A PCE is responsible for path computation in a domain. All path computation requests in a domain are sent to the PCE in this domain. After completing path computation, the PCE sends the computation result to the path computation clients (PCCs) that sent the path computation requests. PCEs in multiple domains work together to compute the optimal path.

2.6.4 Layered Protection Synergy


The IP&OTN synergy solution provides layered protection for each layer by using the protection mechanisms on both the IP layer and transport layer. This solution provides the following protection modes:

TE FRR&ASON diamond 1+1 protection TE FRR&ASON silver reroute protection TE hot standby&optical line 1+1 protection

TE FRR&ASON Diamond 1+1 Protection


This protection mode is applicable to networks that have sufficient optical lines and IP links and require high reliability. TE FRR is used at the IP/MPLS layer to protect key paths, and ASON diamond 1+1 protection is used at the transport layer. TE FRR&ASON diamond 1+1 protection prevents service interruption caused by link and node failures at the IP layer and transport layer. In addition, this protection mode protects services against multiple fiber break events.

TE FRR&ASON Silver Reroute Protection


This protection mode is applicable to networks that have sufficient optical lines and require high reliability. TE FRR is used at the IP/MPLS layer to protect key paths, and ASON silver 1+1 protection is used at the transport layer. When WDM fibers at the transport layer fail, TE FRR triggers protection switching at the IP/MPLS layer to switch traffic to the bypass tunnel. After a new path is selected at the transport layer using silver reroute, traffic is switched back to the
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

Issue 01 (2011-09-08)

35

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

primary tunnel. During the switching process, routers use the make-before-break technique to prevent packet loss.

TE Hot Standby and Optical Line 1+1 Protection


This protection mode is applicable to networks that require medium reliability and do not have sufficient optical lines or IP links. It only protects services against fiber faults between sites but cannot protect services against failure in the entire transport board or site. In addition, this protection mode can withstand only one fiber break event. TE hot standby is used at the IP/MPLS layer to protect end-to-end paths, and optical line 1+1 protection is used at the transport layer. When a WDM fiber fails, optical line 1+1 protection is triggered to switch traffic to the backup fiber.

2.7 QoS Planning


2.7.1 Basic QoS Planning
To plan and design the QoS of the entire network, plan services, reserve resources, and perform call admission control (CAC).

Service Planning
Determine the bandwidths required by a variety of services carried on WANs to obtain the service traffic model and traffic bandwidth. Properly plan traffic and implement traffic engineering to ensure that congestion will not occur on some links due to too much traffic and to improve the utilization of the links on the entire network. Data for bandwidths required by services is obtained from the live network evaluation and service and traffic analysis.

Resource Reservation
Based on service planning and traffic model, reserve resources for services. For some WANs with high QoS requirements, use real-time data collection and analysis devices such as Huawei NetStream to adjust resource reservation in real time and optimize the network. There are two methods for reserving resources: IP/MPLS DiffServ and MPLS TE.

IP/MPLS DiffServ IP/MPLS DiffServ is popular and its application is mature. It is a QoS guarantee mechanism based on the statistical model. Before deployment of the IP/MPLS DiffServ scheme, an analysis on the network traffic model must be conducted to analyze the traffic directions of different network services and provide the basis for QoS deployment. Then, there must be the SLA measurement mechanism. Huawei HWping solution can provide the measurement data of delay, jitter, and packet loss rate based on services, providing technical support for QoS redeployment.

MPLS TE MPLS TE is a more advanced method, which needs the implementation of MPLS VPN and MPLS TE in the entire network. Different services are encapsulated in different VPNs and different VPNs are mapped into different MPLS TE tunnels, providing high QoS similar to that of the private network.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

36

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Because TE tunnels are end-to-end connection-oriented, there is a lot of work for deployment and maintenance if MPLS TE tunnels are deployed in a large scale. It is recommended to use the flexible mapping between VPNs and MPLS TE tunnels as well as hierarchical TE to improve network flexibility and significantly reduce the workload for implementation, configuration, and maintenance.

CAC
If a highly reliable IP WAN needs to carry real-time service, CAC must be configured. The traditional IP network is a best-effort network, without limiting the number of services. As a result, too many services are accessed and all service resources cannot be guaranteed. An IP WAN inherits the thought of the traditional TDM telecom network. By refusing excessive service call requests, the IP WAN can avoid overuse of resources and ensure the resources and QoS for established service connections. Only a multi-service IP network with the CAC mechanism can meet the requirements of a highly reliable WAN. At present, the mainstream multi-service IP network achieves the CAC function through the service system such as a softswitch. In the future, fixed mobile convergence (FMC) is an inevitable trend and the IP multimedia subsystem (IMS) architecture is the network development direction. In the IMS network age, the integrated CAC function will be achieved by the control layer.

2.7.2 HQoS Planning


HQoS of Individual Services
You need to schedule different services (HSI, VoIP, VoD, and BTV) based on their priorities. To schedule the triple-play service, you do not need to configure HQoS but only need to configure Diff-Serv QoS on AGGs. You can implement HQoS based on the following items:

Based on user and service The CIR or PIR can be configured based on different home users and services on the same interface. Priority scheduling and bandwidth guarantee/control are performed between services; QinQ needs to be configured, that is, the S-VLAN and C-VLAN tags are used to identify services and users.

Based on service The CIR or PIR is configured for different user services on the same interface and the services are scheduled based on priorities. Only the S-VLAN tag needs to be identified.

HQoS of Enterprise Services


For enterprise VPN services, HQoS can be applied in the following modes:

User level When CIRs/PIRs are configured for different enterprise users on the same port, user service types are not distinguished. Users are distinguished in VLAN or QinQ mode.

In VLAN mode, different sites of the same enterprise use different VLAN IDs and the sites of different enterprises also use different VLAN IDs. In QinQ mode, the outer VLAN IDs of the same enterprise are the same and the inner VLAN IDs identify the sites. The outer VLAN IDs of different enterprises must be different and the VLAN ID identifying the site can be the same.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

37

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

User + service level When CIRs or PIRs are configured for different enterprise users on the same port and different services (they can be divided into eight levels) of a user, priority scheduling and bandwidth assurance/control can be conducted among different services.

User group + user + service level When CIRs or PIRs are configured for different enterprise users and different services of a user, multiple enterprise users on the same port constitute a user group for bandwidth assurance and control.

2.7.3 Huawei QoS Solution


Figure 2-18 shows Huawei MAN QoS solution. Figure 2-18 Huawei MAN QoS solution
Diff-Serv QoS in ME DSLAM UPE PE-AGG CPE NPE-VPN AG Diff-Serv QoS & TE in Core MSCG

/RRP P

10GE

DSLAM

RPR

IP/MPLS Backbone NPE-Tel PEAGG-a ISP/ICP

AG

RP R/ RR

PP

CPE

UPE

DHCP
Limit #subs per ring: 10K subs per 10G 1K subs per 1G

VoD

SBC

Priority marking on UPE or DSLAM

Deploy VoD ES at PoP Deploy CAC for VoD PE-AGG-a polices traffic of each service

Priority re-marking on NPE (optional)

Huawei MAN QoS solution adopts the Diff-Serv model. In a network with limited resources, Huawei MAN QoS solution can provide quality assurance through appropriate traffic classification and priority processing. The Diff-Serv model aims to improve QoS extensibility and simplify the implementation. Therefore, the Diff-Serv model does not require the absolute quality assurance, but fully considers the features of IP networks and adopts the convergence traffic processing mode based on traffic classification. The DiffServ model completes the following functions:

Packet classification Packet marking (coloring) Congestion management

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

38

WAN Interconnection Solution Technical Proposal


2 Recommendations on Planning for WAN Interconnection

Congestion avoidance Traffic adjustment, including traffic policing and traffic shaping Mapping between CoS of Ethernet frames and EXP of MPLS packets

2.8 Security Planning


As the enterprise service transmission network, the WAN needs to carry the VPN service, Internet access service, and other services. As a result, security risks are introduced inevitably. Therefore, proper security measures must be taken to protect the security of various important value-added services. In terms of network security, the physical security of devices, as well as the configuration security and anti-attack capability of devices, must be ensured. For a multi-service transmission network, the most important issue is to isolate different services using VPNs.

2.8.1 Security Measures


The following measures can be used to effectively enhance the security of WANs:

Use the ACL to control the access of users and authority of network devices. Restrict the SNMP and Telnet access to network devices. Implement mutual authentication of interconnected devices. Authenticate the routing information (such as IS-IS MD encryption authentication). Use the Syslog to record all important events. Use NTP or PTP to synchronize clocks of network devices in the entire network.

2.8.2 Network Security Architecture


For network security architecture, the transmission device needs to have the service differentiation capability to divide different services into zones with different security levels, such as untrusted zone, trusted zone, and semi-trusted zone. Different zones are isolated through security gateway devices such as the FW and SBC, as shown in Figure 2-19 (asterisks in this figure indicate the security level).

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

39

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-19 Security architecture model of IP WANs


Narrowband signaling network Out-of-band management network

Accouting Center STP

NMS Center

OAM Terminal

Trusted zone

SG

MG

SoftSwitch

NMS

Semi-trusted zone UC Agent Server

AG

TMG

MCU U- NICA

MRU

IADMS Parlay Server

UC Portal Other App IDS Server Server

Untrusted zone

SBC

MSCG

Firewall

OpenEye

IAD

H. 323 Phone

SIP Phone

AG: Access Gateway IADMS: IAD Management System MCU: Multipoint Control Unit MRU: Media Record Unit NMS: Network Management System SG: Signaling Gateway STP: Signaling Transfer Point U-NICA: Universal Network Intelligent Core Architecture

IAD: Integrated Access Device IDS: Intrusion Detection System MG: Media Gateway MSCG: Multi-Service Control Gateway SBC: Session Border Controller SIP: Session Initiation Protocol TMG: Trunk Media Gateway UC: Unified Communication

2.9 Network Management Planning


On a legacy network, devices at the IP layer and transport layer are managed by different NMSs and maintained by different departments, making quick service provisioning and fault identification difficult. For example:

When the IP network requires one more wavelength, it may take one or two months to provide a wavelength on the transport network. This greatly delays service provisioning and launch. Over 80% traffic from the IP network is carried over wavelengths. When services on a router are interrupted, it is difficult to quickly identify whether the fault occurred on the IP network or on a WDM device, let alone to isolate the fault. When a fault occurs on a transport device, the transport network administrators do not know whether this fault affects IP links and which IP links are affected.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

40

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Device connections on the IP network are complex, making OAM on IP networks difficult. Network administrators have to open many pages on the NMS to configure a service.

The OAM synergy solution is introduced to reduce workload on network management and make network OAM easy. It solves the preceding problems implementing unified management on the IP network and OTN and visualized service maintenance.

2.9.1 Unified Network Management


The U2000 is a unified NMS that manages NEs on the IP network and transport network uniformly and provides functions such as quick service provisioning, and quick fault identification.

Unified NE Management
The U2000 manages transport devices, access devices, and IP devices uniformly. It manages devices such as routers, switches, DSLAMs, and firewalls, and services such as MSTP, WDM, OTN, microwave, PTN, MSAN, and FTTx.

Quick Service Provisioning


The U2000 implements quick end-to-end service provisioning by using the following functions:

Service templates: The U2000 provides various service templates such as tunnel templates, L2VPN/ L3VPN/VPLS/PWE3 service templates, and QoS policy templates. These templates implement one-stop service parameter configuration, improving configuration efficiency by 3 to 6 times. Batch service delivery: improves configuration efficiency by 2 to 3 times. Automatic calculation of static routes: The U2000 calculates static routes and allocates MPLS labels, and no manual operation is required. Inter-domain end-to-end service maintenance: helps to identify and locate faults accurately. One-key layer switching and layered service presentation: Administrators can switch between the IP layer and optical layer easily to configure services. The relationship between IP and WDM services is displayed clearly on the GUI.

Quick Fault Identification


The U2000 helps to analyze root causes of alarms on the IP network and clears 85% of ineffective alarms to improve availability of alarms on the IP network. The U2000 also provides IP and OTN alarm correlation analysis and displays IP links affected by OTN alarms. Figure 2-20 shows alarm correlation and root analysis.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

41

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

Figure 2-20 IP&OTN alarm correlation and root cause analysis


23,000 Alarms/Day, KPN IP Backbone Abundant alarms database in both layers Customized alarm correlation analysis rules

U2000 NMS & Alarm Center


P
P E

P E

Where is the fault?

Alarms caused by the root alarms are shielded

Only need to maintain a unified alarm report after Correlation Analysis and Suppression Help to fast trouble shooting

6,000 alarms per day on KPN WDM Backbone

2.9.2 Visualized OAM


The legacy IP network is more difficult to manage and maintain than other types of networks due to technical limitations:

Service routes on the IP network are invisible to administrators. Fault identification on the IP network is difficult and time-consuming. Some transient faults cannot be eliminated permanently. End users are unaware of services transmitted over the IP network, so QoS is difficult to manage on the IP network.

Huawei provides a visualized service quality management (SQM) solution to improve maintainability of IP networks. This solution is implemented by the U2520 (an IP SQM system) and the U2000. The SQM solution provides the following functions:

KPI monitoring The SQM system effectively monitors key performance indicators (KPIs) on the IP network, such as latency, jitter, and packet loss ratio. The user experience can be measured and evaluated in various usage scenarios, and pre-warnings can be generated for factors that degrade user experience.

End-to-end IP service management The SQM system implements end-to-end monitoring and presentation of IP services such as video, voice, and file transfer. It monitors service performance and detects faults in real time, helping to locate faults quickly.

Real-time IP route display The SQM system collects and displays IGP routes and LSPs on the entire network in real time. Historical transient faults can be traced and eliminated.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

42

WAN Interconnection Solution Technical Proposal

2 Recommendations on Planning for WAN Interconnection

IP fault location The SQM system uses Huawei's IP fault locating techniques to locate faults on the IP network. After the source IP address/port and destination IP address/port are entered, the SQM system can locate the fault within 5 minutes.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

43

WAN Interconnection Solution Technical Proposal

3 Product Introduction

Product Introduction

The following products are used in the WAN interconnection solution: Core router: NetEngine40E core router Backbone router: NetEngine80/40 universal switching router Access router: NetEngine20E/20 multi-service router

3.1 NetEngine40E Core Router


3.1.1 Overview
NetEngine40E core routers (the NE40E for short) are high-end network products provided by Huawei. The NE40E is widely used at the aggregation layer or core layer of the IP national backbone network, IP provincial backbone network, and other large-scale IP networks. Based on distributed hardware forwarding and non-blocking switching technologies, the NE40E uses the Huawei patented Solar chips and features the line-speed forwarding capability, good scalability, well-designed QoS mechanism, and powerful service processing capabilities. Based on the expandable 400G platform, the NE40E supports the smooth expansion from 40 Gbit/s per slot to 400 Gbit/s per slot and is compatible with all line cards that are currently in use, helping maximize return on investment (ROI). The NE40E is powerful in service access and aggregation and can be flexibly configured with various features such as L2VPN, L3VPN, multicast, multicast VPN, MPLS TE, and QoS to guarantee the reliability of carrier-class service transmission. In addition, the NE40E supports IPv6 as well as the smooth transition from IPv4 to IPv6. The NE40E can be flexibly deployed at the aggregation layer or core layer of IP or MPLS networks, which simplifies the network structure. With the provision of various types of services and reliable service quality, the NE40E functions as an important driving force for the IP or MPLS networks to become more broadband, secure, intelligent, and service-oriented.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

45

WAN Interconnection Solution Technical Proposal

3 Product Introduction

3.1.2 Product Models


The following table lists product models of the NetEngine40E core routers. Table 3-1 Product models of NetEngine40E core router series Product Model NE40E-X16 Description Supports 16 LPUs. Switching capacity: 12.58 Tbit/s (bidirectional) Backplane capacity: 30 Tbit/s Forwarding performance: 3200 Mpps. NE40E-X8 Supports eight LPUs. Switching capacity: 7.08 Tbit/s (bidirectional) Backplane capacity: 15 Tbit/s Forwarding performance: 1600 Mpps NE40E-X3 Supports three LPUs. Switching capacity: 1.08 Tbit/s (bidirectional) Backplane capacity: 1.35 Tbit/s Forwarding performance: 300 Mpps NE40E-8 Supports eight LPUs. Switching capacity: 640 Tbit/s (bidirectional) Backplane capacity: 2 Tbit/s Forwarding performance: 400 Mpps

Figure 3-1 Appearance of the NE40E-X16

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

46

WAN Interconnection Solution Technical Proposal

3 Product Introduction

Figure 3-2 Appearance of the NE40E-X8

Figure 3-3 Appearance of the NE40E-X3 (DC)

Figure 3-4 Appearance of the NE40E-X3 (AC)

Figure 3-5 Appearance of the NE40E-8

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

47

WAN Interconnection Solution Technical Proposal

3 Product Introduction

3.1.3 Product Features


400G Routing Platform
At present, the NE40E is the industry's most powerful router based on a 400G platform, which can meet future development needs for at least a decade.

Being properly designed, the NE40E provides high-density ports. Each chassis supports a maximum of 1320 GE ports, which is twice that of the industry average. Based on an energy-saving 400G platform, each GE port consumes less than 9 W power, which is 10% lower than the industry average. All boards and software based on a new 400G platform are compatible with those based on a 40G platform.

All-Service Bearing
The NE40E has the leading all-service bearing capability in the industry to ensure the operation of carrier-class services.

The NE40E supports BRAS, DPI, and other functional modules, to ensure the multi-service access capability. As the most complete HQoS solution in the industry, the NE40E supports HQoS, DS-TE, and MPLS HQoS to guarantee the QoS deployment in multiple scenarios.

High Reliability
The NE40E provides the well-designed end-to-end reliability solution to ensure uninterrupted services.

Device-level reliability: With the backup of key parts and ISSU/NSR/GR, service interruption is minimized. Network-level reliability. The Huawei proprietary BFD for Anything and enhanced protection techniques such as E-APS, E-Trunk, and E-STP allow the protection switchover of end-to-end services to be performed within 200 ms.

3.1.4 Product Specifications


The following table lists the specifications of the NE40E series products. Table 3-2 Specifications of the NE40E series products Specifications Switching capacity Forwarding performance Backplane bandwidth Port capacity (bidirectional) NE40E-X16 12.58 Tbit/s (bidirectional) 3200 Mpps 30 Tbit/s NE40E-X8 NE40E-X3 NE40E-8 640 Gbit/s (bidirectional) 400 Mpps 2 Tbit/s 320 Gbit/s (bidirectional)

7.08 Tbit/s 1.08 Tbit/s (bidirectional) (bidirectional) 1600 Mpps 15 Tbit/s 300 Mpps 1.35 Tbit/s

3.2 1.6 Tbit/s 240 Gbit/s Tbit/s(bidirecti (bidirectional) (bidirectional) onal)

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

48

WAN Interconnection Solution Technical Proposal

3 Product Introduction

Specifications

NE40E-X16

NE40E-X8 8 442 770 620

NE40E-X3 3 442 750 DC chassis: 175 AC chassis: 220

NE40E-8 8 442 669 886

Number of service slots 16 Width (mm) Depth (mm) Height (mm) 442 770 1420

Height (U) Weight (fully configured) Maximum power

32 U 267 kg

14 U 130 kg

4U

20 U

DC chassis: 41 kg 147 kg AC chassis: 51 kg

6500 W

3300 W

1100 W

2200 W

3.2 NetEngine80/40 Series Universal Switching Router


3.2.1 Overview
The NetEngine80/40 series universal switching router (the NE80/NE40 for short) uses the distributed network processor technology and non-blocking switching technology and has the superb scalability. The NE80/NE40 supports IPv6 and has the line-speed forwarding capability for high-speed interfaces, well-designed QoS mechanism, and carrier-class reliability. The NE80/NE40 integrates the powerful IP service processing capability and Layer 2 Ethernet switching capability of the core router and can provide richer services, more flexible networking, and better cost-effectiveness. The NE80/NE40 is often used as the core router in IP backbone networks, IP MANs, and other large-scale IP networks. The NE80/NE40 is a high-end network product that is launched by Huawei for large-scale enterprise networks and industry networks.

3.2.2 Product Models


The following table lists product models of the NE80/40 series routers. Table 3-3 Product Models of the NE80 series routers Product Model NE80 Description Supports 16 LPUs. Switching capacity: 128 Gbit/s (bidirectional) Forwarding performance: 96 Mpps NE40-8 Supports eight LPUs. Switching capacity: 128 Gbit/s (bidirectional) Forwarding performance: 48 Mpps

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

49

WAN Interconnection Solution Technical Proposal

3 Product Introduction

Product Model NE40-4

Description Supports four LPUs. Switching capacity: 128 Gbit/s (bidirectional) Forwarding performance: 24 Mpps

NE40-2

Supports two LPUs. Switching capacity: 16 Gbit/s (bidirectional) Forwarding performance: 12 Mpps

Figure 3-6 Appearance of the NE80

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

50

WAN Interconnection Solution Technical Proposal

3 Product Introduction

Figure 3-7 Appearance of the NE40-8

Figure 3-8 Appearance of the NE40-4

Figure 3-9 Appearance of the NE40-2

3.2.3 Product Features


Wide Deployment and Stable Application
The NE80/40 can be widely deployed and stably applied.

The NE80/40 has been maturely used for commercial purpose for nine years. More than 15000 NE80/40s have been sold globally. There have been no quality accidents for many years.

All-Service Transmission
The NE80/40 is a complete series of multi-service products and can flexibly meet the needs of enterprise users.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

51

WAN Interconnection Solution Technical Proposal


3 Product Introduction

A complete series of products include products with two, four, eight, and 16 slots respectively, which can flexibly meet the requirements of users in different scenarios. With comprehensive multi-service capabilities such as tunnel, VPN, and NAT, the NE80/40 can process services competently. The NE80/40 integrates routing and switching, providing a cost-effectiveness solution.

High Reliability
The NE80/40 provides the complete end-to-end reliability solution to ensure uninterrupted services.

Uses various device-level, network-level, and service-level reliability technologies. Supports redundant backup of key components and supports hot patches. Provides hierarchical HQoS to ensure QoS flexibly.

3.2.4 Product Specifications


The following table lists the specifications of the NE80/40 series products. Table 3-4 Specifications of the NE80/40 series products Specifications NE80 Switching capacity Forwarding performance Number of service slots Width (mm) Depth (mm) Height (mm) Height (U) Weight (fully configured) Maximum power 128 Gbit/s 96 Mpps 16 600 800 2200 46 U Less than 400 kg NE40-8 128 Gbit/s 48 Mpps 8 482.6 420 797.3 18 U Less than 85 kg NE40-4 128 Gbit/s 24 Mpps 4 482.6 420 352.8 8U Less than 50 kg NE40-2 16 Gbit/s 12 Mpps 2 482.6 420 219.5 5U Less than 35 kg

Less than 1800 W Less than 1000 W Less than 600 W Less than 300 W

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

52

WAN Interconnection Solution Technical Proposal

3 Product Introduction

3.3 NetEngine20E/20 Series Multi-Service Router


3.3.1 Overview
Independently developed by Huawei, the NetEngine20E/20 series router (the NE20E/20 for short) is the fifth-generation general multi-service router with high performance. The NE20E/20 adopts the NP hardware technology and has excellent forwarding performance. The NE20E/20 series router is designed to meet the requirements for high carrier-class availability of convergence layers of enterprise networks and edge networks of operators. With the advantages of high performance, multiple services, dual main control boards, and hot backup, the NE20E/20 supports service deployment and network construction. With strong extensibility and configurability, the NE20E/20 supports multiple interfaces and service features to integrate MPLS, VPN, QoS, traffic engineering, multicast, and other technologies. In terms of networking application, as the high-performance aggregation device, the NE20E/20 series router provides the comprehensive service processing capability as well as the comprehensive and flexible network solution, to effectively improve the network value and reduce the network construction cost.

3.3.2 Product Models


According to the number of provided service slots, the NE20E/20 series router can be classified into four types: NE20E-8, NE20-8, NE20-4, and NE20-2. The NE20E is an enhanced product of the NE20. The following table lists product models of the NE20E/20 series routers. Table 3-5 Product models of the NE20E/20 core router series routers Product Model NE20E-8 Description Supports eight LPUs. Switching capacity: 16 Gbit/s (bidirectional) Forwarding performance: 6 Mpps NE20-8 Supports eight LPUs. Switching capacity: 8 Gbit/s (bidirectional) Forwarding performance: 4.5 Mpps NE20-4 Supports four LPUs. Switching capacity: 8 Gbit/s (bidirectional) Forwarding performance: 4.5 Mpps NE40-2 Supports two LPUs. Switching capacity: 8 Gbit/s (bidirectional) Forwarding performance: 3 Mpps

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

53

WAN Interconnection Solution Technical Proposal

3 Product Introduction

Figure 3-10 Appearance of the NE20E-8

Figure 3-11 Appearance of the NE20-8

Figure 3-12 Appearance of the NE20-4

Figure 3-13 Appearance of the NE20-2

3.3.3 Product Features


Stable and Mature Application
The NE20E/20 has been maturely and stably applied for many years.

The NE20E/20 has been widely used for commercial purpose for eight years. About 10000 NE20E/20s have been sold globally. There have been no quality accidents for many years. The performance is outstanding.

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

54

WAN Interconnection Solution Technical Proposal

3 Product Introduction

Multi-Service Access and Convergence Capability


The NE20E/20 is a complete series of multi-service products and can flexibly meet the needs of enterprise users.

The NE20E/20 provides superb aggregation capability, providing line-rate aggregation on ATM, CPOS, and CE1 interfaces, which can converge 96 line-rate E1/T1 channels The NE20E/20 provides powerful security tunnels and supports hardware IPSec encryption, GRE, L2TP, and NAT. The NE20E/20 provides comprehensive route processing and supports various multicast and multicast routing protocols.

High Reliability
The NE20E/20 provides the complete end-to-end reliability solution to ensure uninterrupted services.

The NE20E/20 uses double control engines and double forwarding engines for backup, which pioneers the industry and provides high-quality service. The NE20E/20 uses the device-level, network-level, and service-level reliability techniques, ensuring high-speed, reliable network operation. The NE20E/20 supports HQoS, ensuring service quality.

3.3.4 Product Specifications


The following table lists the specifications of the NE20E/20 series products. Table 3-6 Specifications of the NE20E/20 series products Specifications Switching capacity Forwarding performance Number of service slots Width (mm) Depth (mm) Height (mm) Height (U) Weight (fully configured) Maximum power NE20E 16 Gbit/s 6 Mpps 8 436.2 480 261 6U 32.5 kg 350 W NE20-8 128 Gbit/s 48 Mpps 8 436.2 420 219.5 5U 27.5 kg 320 W NE20-4 128 Gbit/s 24 Mpps 4 436.2 420 130.5 5U 17.5 kg 240 W NE20-2 16 Gbit/s 12 Mpps 2 436.2 420 130.5 3U 15 kg 240 W

Issue 01 (2011-09-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd

55