Doug --
Browsing NN's VPN web pages, I came across their White Paper on "Approaches to Wide Area Managed IP Networks." If you click on the front page story on VPNs, you'll see a list of white papers, this among them.
>>>
The opportunity and the requirements for high capability managed IP service networks are becoming more widely acknowledged and understood. There is still diversity on how to solve the problem of delivering these requirements, although it is increasingly apparent that the different approaches are tending to converge in spite of themselves.
<Picture: Figure 1: Approaches to managed IP networks >
Figure 1: Approaches to managed IP networks
As highlighted in the above diagram, the different approaches are influenced primarily by their history or starting point. When the Internet was conceived, there was no notion of providing multiple managed private service networks over the common Internet infrastructure, and yet there are considerable efforts underway to try and retrofit such capability. Enterprise networks on the other hand started as relatively simple leased bandwidth networks, evolving to managed bandwidth service networks to support the growing number of customers on the networks. Physical or logical partitioning to ensure security and bandwidth management have always been key attributes of this approach. As such, the notion of a managed service, and support of multiple private (virtual or otherwise) networks on a common infrastructure is well established. The effort on this side now is to retrofit Layer 3 (IP) service delivery while maintaining the key attributes of the managed service.
The two alternative approaches then are to a) boost the performance of current connectionless networks with gigarouters connected over high speed ATM and/or SONET networks; and b) merge IP with a connection-oriented fabric and a highly scalable service management model.
The first, clearly out of the Internet track, is very well suited to a public, any-to-any better best effort Internet service. There remain however a number of severe limitations with respect to delivering managed IP services for the enterprise market against the requirements set out earlier. Specifically, the approach requires additional software in the routers be added to support multiple isolated customer networks. In an environment whose routing system is already overburdened running a single network, adding partitions may be possible, but service will be severely limited in terms of:
•Number of partitions that can be supported •Ability to introduce new service capabilities •Range and flexibility of QoS enhancements •Premium customers will be willing to pay
The second approach, to add IP networking capabilities to an already partitionable and manageable network fabric, affords a much more stable architecture to meet the requirements of the enterprises services that are being defined.
This approach:
•Leverages standard VCs, QoS and bandwidth management of an ATM fabric, delivering secure partitions with definable and measurable bandwidth and quality characteristics •Allows the service to be defined in terms of customers and service attributes (applications, QoS, latency, etc.) rather than simply by ports and port parameters (VC# and CIR) •Provides service scalability through centralized definition of services, policies and reachability coupled with intelligent service delivery platforms at the network edge.
So while it can be easily acknowledged that bigger boxes are needed for the public Internet to grow, this is not the optimum approach to delivering on the promise of new enterprise managed IP services.
<Picture: Figure 2: Network and Service Architecture >
Figure 2: Network and Service Architecture
Managed IP Services
As alluded to above, the biggest problems in today's router networks are scalability, manageability, and cost. By using a reliable switching fabric as a core (ATM), separate devices for routing management (routing services control points), and forwarding devices (service points) that interconnect to existing IP network equipment, service providers can avoid these problems and be confident that they are building an IP network for the future. This system is represented in Figure 2 (page 7), including representation of extending the service benefits into an enterprise environment. Implied but not shown is the full range of customer access options over switched and dedicated connections.
An abstraction of the network and service architecture is shown in Figure 3, highlighting the clean separation of functions to support performance and scaling, as well as a service delivery infrastructure for fast deployment of new and innovative services and features.
<Picture: Figure 3: Architectural Blocks >
Figure 3: Architectural Blocks
The following paragraphs provide additional details on each of the elements and functional areas.
ATM Switching
The ATM switching fabric provides the following functions for a carrier scale internetworking service:
•Integration of multiple IP service interfaces •Connection-oriented switching fabric for rapid cut-through forwarding of IP packets •Standards-based traffic management to enforce multiple CoS levels •Standards-based signaling and routing to support interworking in a multi-vendor environment •Isolated virtual circuits for secure IP network partitioning •A scalable infrastructure that can grow as required, independent of other functions
As a connection-oriented switching fabric, ATM acts like a single-hop routing system whose ports are the ingress and egress service points in the network. This has obvious advantages for packet latency, network management, and scalability. As a technology that has been developed, implemented, and improved over the last 10 years, ATM is the right choice for reliability, and long term investment protection.
Over the last 12-18 months, a number of IP switching proposals have appeared from various sources. The only proposal under development in a standards body, Multiprotocol Label Swapping (MPLS), has similarities to the architecture being discussed in this section: the use of virtual circuits to carry IP traffic, the "aggregation" of multiple flows onto a Layer 2 connection, the provision of standard IP router interfaces to existing devices, and support for virtual circuit setup based on data-flow, topology and control-traffic. Among many differences, there are two that stand out: how the virtual circuits are implemented and how the virtual circuits are routed.
With this approach, standard ATM virtual circuits are used to carry the ATM traffic. Consequently all the standard ATM management features (OAM flows, CMIP and SNMP definitions, etc.) are available as are the full semantics provided by the ATM Forum's Traffic Management 4.0 specification. End-to-end signaling of connections uses standard UNI signaling. When the ATM Forum completes work on the multipoint-to-point connection feature, this too will be available. By contrast, the MPLS effort, in its attempt to stay technology independent, seems to have embarked on reinventing virtual circuits. While it may in fact be possible to improve on the existing work, it would seem there is a significant amount of infrastructure that needs to be recreated before MPLS will be suitable for production use.
When it comes to routing virtual circuits, this architecture uses any method available to the ATM network; in many provider networks this will be the highly scalable and powerful PNNI protocol. The current MPLS proposal suggests that routing of "label switched paths," the MPLS equivalent of virtual circuits, will use Layer 2 information injected into the Layer 3 routing protocols. While this seems attractive on the surface (as there is one less routing protocol to run), the unavoidable consequence is that the two layers -- IP forwarding and Layer 2 switching -- have been irrevocably fused. Even "pure Layer 2" switches must now run Layer 3 routing protocols; when these protocols are upgraded (either to improve the implementation or to add IP features), the provider must upgrade not only the IP components of the network but also the Layer 2 components.
Routing Management:
Reachability Derivation and Distribution
The derivation and distribution of reachability information functions are provided by a limited number of redundant routing services control points (RSCPs). The functions of these RSCPs include:
•Accept policy and configuration information, and provide status information from and to network management elements •Run standard routing protocols •Compute forwarding information •Deliver policy, configuration and forwarding information to and from service points
The RSCPs use standard routing protocols to communicate with existing routing equipment outside the ATM core over standard service interfaces. To communicate with service points they set up long hold switched virtual circuits (SVCs). In this way, RSCPs act as the control plane interface between legacy networks and the new network core. Because there are only a few redundant network elements taking care of routing management, this function is easily managed, and upgraded, and does not overwhelm the data plane with control and routing traffic. Because they are part of the standard ATM fabric, they can take advantage of ATM's point-to-multipoint connections to update all of the service points at the edge of the network simultaneously, and avoid the problems associated with slow routing table convergence in a router-based network.
Layer 3 Forwarding and Policy Application
In this model Layer 3 forwarding and policy application is performed by service points at the edge of the ATM fabric. The function of these service points at the ingress side of the network:
•Encapsulate IP packets in accordance with RFC 1483 LLC Encapsulation Method •Map IP destination address to ATM destination address •Map IP policy description (including specified CoS) to ATM QoS •Segment encapsulated frames into ATM cells using AAL5 •Forward IP packets over the appropriate ATM VCC to the egress service point(s)
The function of egress service points is to transmit packets into the local network in their native format. This includes a full suite of datalink types (e.g. PPP, frame relay, ATM) over switched and dedicated access networks.
Service points therefore serve as the service interconnection devices for both legacy IP WAN and LAN interfaces. In this way, they bridge the gap between today and tomorrow's carrier scale IP networks. They have several advantages in a wide area IP internetworking environment:
•Low latency forwarding: forwarding databases are populated by the RSCPs which perform all forwarding computation, and database creation. This means that service points are dedicated entirely to forwarding since they do not have to participate in the routing management function. Because there is only one IP lookup required in order to pass a packet across the entire network, there is less delay than in a multiple hop system •Manageable as part of the wide area network infrastructure: service points are first class members of the multi-service network, equal to ATM switches, RSCPs, access concentrators or service interface cards. This means that they are automatically configured by the network as new services or changes to existing services are brought on line. The service provider manages them as part of the standard NOC management function •Interwork with any standards-based ATM switches: support standard ATM UNI signaling to set up SVCs •Low cost routing function: memory and CPU requirements are lower than standard routers because routing management functions do not need to be supported. Network scaling is accomplished by adding less expensive access ports to increase forwarding capacity, and upgrading or adding a few RSCPs to increase routing capacity •Provider of CPE options: service points can be installed at the central office or on the customer premises, according to individual customer needs. A variety of LAN and WAN interfaces give the provider the ability to aggregate traffic from existing IP networks and relieve the pressure on the current narrowband infrastructure •Enforce service levels: traffic can be directed over the default packet forwarding overlay, or over an SVC cut-through connection. A finer granularity of classes of service can be established by leveraging the standard, well-defined QoS capabilities of the underlying ATM interconnect layer. All CoS policies can be tracked as a billable part of the service
While this system provides direct support for control-driven connectivity, such as that required by emerging QoS signaling protocol standards like RSVP, it is not clear that service providers can afford to support the current crop of such protocols. Without the proper billing systems to monitor and track customer requests, all applications will ask for the highest class of service as a default. This will obviously result in all applications getting the same best effort service that they used to get (if over a traditional distributed router network), or no service at all as admission control fails.
End-to-End Element, Network, and Service Management
To successfully deliver managed IP services, service providers need powerful, integrated network and service management capabilities as well as the element management functions that are available in any IP WAN environment today. The management environment must first cover the full TMN functional range, that is fault, configuration, accounting, performance and security. In addition, the management system must integrate functions from element to business management, allowing service providers to automate service delivery and management functions to achieve their service responsiveness and cost goals.
Element Management
Managing at the device level means network operators must be able to view the configuration and status of widely dispersed, multi-vendor devices in real-time. They need the system to present this information to them consistently, simplifying the complexities of the many types and versions of elements which comprise an internetworking services network.
Element management capabilities which must be provided include:
•Node level provisioning and status (at the node, cards, or port level) •Alarm reporting •Maintenance (system, loop back, database, software upgrade) •Node statistics •Node alarms •Integration to higher level management systems through standard interfaces •Ability to add new devices with no system down time, and without significant system development
Network Management
Managing at the network level means having a complete network topology available to all FCAPS functions, with each function working from accurate, real-time network status and configuration data. Network operators need graphical displays which show them the resources in the network and their relationships. They must also be able to drill down to device details to troubleshoot problems, or make configuration changes. Network management capabilities must include the following features across multitechnology, multiservices networks:
•Operator views via network map showing physical components and links •Autodiscovery and/or manual creation of nodes and links •Real-time status display for nodes and links •Network-wide software upgrade •Network-wide inventory •Network-wide "point and click" provisioning •Multi-level network partitioning •Network-wide alarm collection •Trouble tickets •Real-time statistics gathering, post-processing and viewing •Network simulation •Automated or manual path rerouting •Diagnostics •Problem management •Management reporting •Link and path management •Secure access through span of control and scope of command •Open interfaces to integrate with service and element management capabilities, and to quickly add new functionality to the system as networks, technologies and user needs evolve
Service Management
Service management means viewing the underlying network and devices from a service perspective. That is, mapping network resources to service policies and customers. Customer service representatives, service operators, and customers themselves will use service management systems to implement new services, make moves, adds, and changes to existing service, and monitor service performance. Service management must manage not only the IP services, but also multiple access services and underlying network services, and must offer the following capabilities:
•End-to-end service inventory and real-time status •End-to-end service and policy configuration and propagation •Open interfaces for automated service delivery processes (ordering, provisioning, activation, and billing) •End-to-end performance monitoring and reporting services (VPNs and Internet) •Customer and service provider monitored service level agreement service related billing information (VPNs and Internet) •User-customized visibility and control over VPNs •VPN and Internet service statistics generation •VPN partitioning •Customer data linked to subscribed service data •User management features to offer secure, controlled access to customers and service provider users
There are several advantages to this management environment, including:
•The service provider has the ability to manage the IP network as a whole, to provision customers as entities, and to have any network changes automatically propagated to all network elements •IP internetworking is managed the same way as other services such as cell relay, frame relay, SMDS, and circuit emulation. This makes management views fit into the existing and familiar environment •The customer can provision and monitor its own services using a view of its portion of the network, which can be manipulated from its own CPE-based terminal |
