System Overview EDA
System Overview EDA . Copyright © Ericsson AB - 2005 All Rights Reserved Disclaimer No part of this document may be reproduced in any form without the written permission of the copyright owner. The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.
. Contents 1 Introduction to this Guide 1 1.1 Revision History 1 1.1.1 This revision (C) 1 1.1.2 Version B 1 1.1.3 Version A 1 2 The EDA Concept 2 2.1 ADSL Standards 3 2.2 The EDA System – Basic Principle 4 2.2.1 The IP DSLAM 5 2.2.2 The Aggregation Node 6 2.2.3 The EDA Management System 6 3 The EDA Access Network 8 3.1 The Access Domain 8 3.1.1 The Size of the Access Domain 8 3.1.2 Domain Subnets and IP Networks 9 3.1.
Contents iv 4.5.1 The FE to E1 and T1 Converter 33 4.5.2 Ethernet Gateway 34 4.6 Remote Powering 35 4.7 The EDA Subracks and Cabinets 37 5 Customer Premises Equipment 38 6 EDA System Services 40 6.1 The EDA Services 40 6.1.1 Bandwidth Control 44 6.1.2 CPE Access Methods 46 6.1.3 Transparent VLAN Service 46 6.2 Quality of Service 50 6.2.1 Traffic Classification 51 6.2.2 Traffic Handling 52 6.2.3 QoS Implementaion 54 6.2.4 QoS in IP Based Network Sections 54 6.2.
Contents 8.3 Multimedia Services 76 8.3.1 Quality 77 8.3.2 Security 77 8.4 Telephony Deployment in EDA 78 8.5 Broadcast Handling 78 8.6 Multicast Handling 79 9 Security 81 9.1 EDA Security Issues 81 9.2 PPP, VLAN and Forced Forwarding 82 9.2.1 PPP (Point to Point Protocol) 82 9.2.2 VLAN Technique 83 9.2.3 Forced Forwarding 85 9.3 DHCP Relay Agent Information Option 86 9.4 IP DSLAM Security Mechanisms 88 9.4.1 Filtering 88 9.4.2 Layer-2 Separation 89 9.
Contents 10.4.1 Capacity of System Elements 103 10.4.
Introduction to this Guide 1 Introduction to this Guide This guide is intended to provide the reader with an overview of the EDA system and concept. The guide describes the different elements forming an EDA network, and how they interact in order to constitute a versatile and flexible ADSL access network.
The EDA Concept 2 The EDA Concept The EDA system can be tailored to a wide range of access scenarios, depending on the actual requirements to function and performance. Performance requirements are about for example the number of end-users that the access system can handle, and the bandwidth allocated to the endusers. The functional requirements are more versatile, covering for example which IP services to support, how to ensure security and privacy, and how to provide options for service selection.
The EDA Concept 2.1 ADSL Standards The EDA system supports the following ADSL standards: • ITU-T G992.1 Annex A (ADSL over POTS) • ITU-T G992.1 Annex B (ADSL over ISDN) • ITU-T G992.2 (ADSL Lite) • ITU-T G992.3 Annex A (ADSL2 over POTS) • ITU-T G992.3 Annex B (ADSL2 over ISDN) • ITU-T G992.3 Annex L (Extended Reach) • ITU-T G992.3 Annex M • ITU-T G992.5 (ADSL2+) Annex A and B • ITU-T G992.
The EDA Concept 2.2 The EDA System – Basic Principle The basic principle of the EDA System is illustrated below in Figure 1 on page 4. The end-users are connected to the EDA network through the IP DSLAM. The IP DSLAM is connected to an aggregation node, which provides layer2 Ethernet switching and subsequently connects the end-users to various IP services through the EDA access network. The EDA system is managed by the EDA Management System called Public Ethernet Management (PEM).
The EDA Concept 2.2.1 The IP DSLAM The IP DSLAM is the cornerstone in the EDA system. It converts and aggregates all incoming ADSL subscriber lines into a 100 Mbps Ethernet connection and as opposed to a traditional DSLAM system, the ATM layer in the ADSL protocol stack is terminated directly in the IP DSLAM. By using link aggregation the subscriber lines can be increased to 200 Mbps connections.
The EDA Concept 2.2.2 The Aggregation Node As shown in Figure 1 on page 4 the IP DSLAMs are connected to an aggregation node. Ethernet switches can be used as aggregation nodes and provide the capability to increase the LAN bandwidth because they allow for simultaneous switching of data packets between their ports. Furthermore, an Ethernet switch may be able to perform more advanced functions regarding traffic, such as prioritizing and separation.
The EDA Concept running on a central computer, to a fully distributed solution where different parts are deployed on multiple servers. The Management Server contains the PEM servers and the database of the EDA system. The database contains all end-user and network configuration data. In a distributed configuration, the Management Server acts as a central point for operation and maintenance, providing the full view of the network.
The EDA Access Network 3 The EDA Access Network The main objective of the EDA system is to support provisioning of IP services to end-users. The EDA system supports this through: • Network Access • Service Access Network Access means providing access through the Access Domain. Service Access means managing the end-users access to IP services. The EDA system is mainly focused on providing network access, but it also provides several integrated service access solutions.
The EDA Access Network The EDA system network may have up to 20 Access Domains. Each Access Domain can have up to 2,000 IP DSLAMs. The maximum number of end-users in the EDA system network is approximately 1000,000. If the number of end-users exceeds the maximum, multiple EDA systems can be deployed. Figure 3 3.1.
The EDA Access Network Figure 4 The Access Domain in the Access Network The figure below shows that a Network ID, a Subnet Mask, and a Default Gateway, identify an IP network in the Access Domain.
The EDA Access Network Figure 5 3.1.3 IP Network and Domain Subnets The Domain Server An Access Domain is a logical network handled by a management system and defined by approved IP addresses. The components in an Access Domain are managed by a Public Ethernet Management (PEM) system through a Domain Server.
The EDA Access Network Figure 6 The Access Domain and Domain Subnets The Domain Server City 1 is responsible for all network nodes in the Access Domain City 1. The Domain Server for Access Domain City 2 is installed on the same computer as the Management server. This will typically be the case when the EAN is used as indicated in Figure 6 on page 12. Several Access Domains is only necessary in EDA deployment scenarios where the EAN is not used and the total number of end-users is high.
The EDA Components 4 The EDA Components The components of the EDA solution are described in further detail in the following sections. The nodes or components in an Access Domain are all connected to the same Ethernet, which carries both end-user and management traffic.
The EDA Components As opposed to many traditional DSLAMs the IP DSLAM also terminates the ATM layer used on top of the ADSL connections, thus interfacing directly to the switched Ethernet within the Access Domain. The IP DSLAM bridges between the switched Ethernet and the Ethernet at the customer premises, see Figure 7 on page 14.
The EDA Components In order to clarify the concept of a stand-alone and embedded IP DSLAM the EMP and non-EMP solution is explained below. 4.1.1 The EDA Management Proxy (EMP) EDA Management Proxy (EMP) is a built-in application in the Ethernet Controller Node ECN330/ECN320.
The EDA Components EMP makes the ECN330/ENC320 appear as one large IP DSLAM with one static IP address and up to 2016 end-users. This number of lines can be reached, if all ECN330/ECN320 downlink ports are used for aggregation of ESN108 switches, and the ESN108 switches each employ 7 electrical downlink ports, and if the EDN312 IP DSLAMs are used entirely. If the EDN312 IP DSLAMs are connected directly to the downlink ports of the ECN330/ECN320, then 288 ADSL lines will be available.
The EDA Components The Domain Server co-operates with the Management Server, thus creating a distributed management system. SNMP trap filtering in the Domain Server reduces management traffic towards the Management Server. Automatic discovery of nodes in the Access Domain by the local Domain Server is another advantage of a distributed management system. The number of maintenance IP addresses in the Access Domain can be quite high because every network element has its own IP address.
The EDA Components 4.1.3 The EDN312 and EDN312x IP DSLAM The 12-line IP DSLAM comes in two version, the EDN312 and the EDN312x both and available in different variants • EDN312p – 12 lines with built-in POTS filter • EDN312i – 12 lines with built-in ISDN filter • EDN312e – 12 lines with built-in POTS filter and complies to ETSI standard.
The EDA Components 4.1.4 The EDN288 IP DSLAMs With the 288-lines IP DSLAM Ericsson introduces the new and important concept of the Ethernet Access Node (EAN). In order to understand the function of the EDN288 it is important to understand the EAN concept, therefore the EAN is described in detail in the following. The EDN288 The EDN288 is an EAN node, and available in the variant EDN288p and EDN288xp.
The EDA Components EAN Redundancy EAN redundancy is ensured by connecting the two Ethernet ports of the IP DSLAM to each ECN330/ECN320, as illustrated in Figure 11 on page 20. Redundancy requires enabling of Rapid Spanning Tree (RSTP) in both of the ECN330/ECN320. Figure 11 Cabling of Ethernet Cables for EAN Redundancy EDN312x Link Aggregation The two ports of the IP DSLAM can also be used to enable link bandwidth of 200 Mbps to a single EDN312x.
The EDA Components Figure 12 EDN312 Link Aggregation Two ports of the ECN330/ECN320 can be joined to form one aggregated link. This is also called a trunk. By trunking two ports, the speed can be increased to 200 Mbps. The two uplink ports can also be grouped. There is a limitation though because the ECN330/ECN320 only supports up to 6 aggregated links. This means that if the two uplink ports are grouped, only 5 downlink trunks can be created.
The EDA Components Figure 13 4.1.5 Cabling of Ethernet Cables for Link and PoE Redundancy The ECN Aggregation Node The heart of an EAN is a node controller, the Ethernet Node Controller, which is an integrated part of the ECN330/ECN320, which also functions as a 24 ports Ethernet switch.
The EDA Components Figure 14 The Ethernet Controller Node - ECN320 The switch part has Power over Ethernet capabilities and apart from the controller IP DSLAMs (EDN312), and ESN108 can be connected to it to form an EAN. Furthermore the optical switch ELN220 can be connected to it in order to support small remote sites using fiber optical connections. The embedded nodes may be installed as and when desired. The Ethernet Node Controller of the ECN330/ECN320 manages all the embedded nodes.
The EDA Components Figure 15 Ethernet Access Node Structure The ECN320 contains 24 10BASE-T/100BASE-TX RJ-45 ports and two combo ports—10/100/1000BASE-T ports which operate in combination with Small Form Factor Pluggable (SFP) transceiver slots. The ECN330 contains 24 10BASE-T/100BASE-TX RJ-45 ports and two combo ports—10/100/1000BASE-T ports which operate in combination with Small Form Factor Pluggable (SFP) transceiver slots and an additional electrical 10/100/1000BASE-T port.
The EDA Components ECN330 looks very similar to ECN320, but ECN330 is built on an improved hardware platform supporting a number of advanced features like 4k VLAN, 16k MAC table, full link aggregation, and Layer 3 routing. ECN330 also supports Layer 2 MPLS for tunneling and a number of redundancy protocols, e.g. Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP) and Ethernet Automatic Protection Switching (EAPS).
The EDA Components 4.2 The EDA Switches The EDA solution offers a suite of switches - two 1st level aggregation Ethernet switches (ESN108 and ESN310) with integrated Power over Ethernet functionality for powering the IP DSLAMs, and one 2nd level optical aggregation Ethernet switch (ELN220). The ESN108 Switch For small sites in areas with low subscriber density the EDA Ethernet switch, ESN108, fits very well, see Figure 16 on page 27.
The EDA Components Figure 16 EDA Ethernet Switch (8 ports) with PoE - ESN108 The ESN310 Switch The ESN310 is a switch specially designed for the EDA solution, see Figure 17 on page 27. The switch offers 24 ports 100 Mbps Fast Ethernet downlink ports. The uplink ports can be either 2 Gigabit (10/100/1000) Fast Ethernet ports or 2 Gigabit optical ports. It has built in Power over Ethernet (PoE) and can be managed by the PEM.
The EDA Components The ELN220 Switch The ELN220 switch shown in Figure 18 on page 28, is a 2nd level aggregation switch offering 24 optical ports for aggregation of the ESN108 and ESN310. It has 2 Gigabit Ethernet uplink ports, and can be managed through PEM. The ELN220 can be used as an embedded node in an EAN and is then connected to the optical uplink port-25 of the ECN320. The main purpose is to support small remote sites through fiber optical connections.
The EDA Components Figure 19 The ELN220 as an Embedded Node in the EAN The ESN410 Switch The ESN410 is a layer-3 Gigabit aggregation switch for the EDA solution, primary for network configurations that require some type of routing functionality. This means that it supports IP routing with the ability of routing at layer-3. Furthermore it has comprehensive network management functions such as Spanning tree protocol for standard bridging, GVRP for VLAN configuration, SNMP, RMON and Web management.
The EDA Components The ESN410 is prepared for 19” rack mounting and has built-in fan units that can be replaced without service interception. Figure 20 4.3 The ESN410 Layer-3 Gigabit Switch The EDN424 HDSL IP DSLAM The EDN424 is a 24-port IP DSLAM in the EDA solution. EDN424 is an environmental hardened, 1U high mini-DSLAM that aggregates 24 SHDSL lines to one 100 Mbps Ethernet. Design flexibility enables the EDN424 to be mounted as rack, wall or vertical positioned units inside an existing closure.
The EDA Components • Small Medium Enterprise (SME) services, such as video conferencing, LAN to LAN, VPN services to the enterprise over the existing copper The SHDSL loops provide flexibility in the deployment schemes. The loops can be delivered individually in single port SHDSL customer premises. Other deployment options include 4-wire mode for longer reach or higher bandwidth. Security EDN424 ensures a secure network by offering VLAN according to IEEE 802.1Q.
The EDA Components 4.4 Ethernet Power Nodes For EDA solutions where the IP DSLAMs are not powered by an EDA switch or where a Fast Ethernet to E1 converter is used, Ethernet Power Nodes can be applied. The Ethernet Power Node is available, EPN102, Figure 22 on page 32. The Ethernet Power Node, EPN102, is able to supply two devices with power, but only one IP DSLAM. It is used for small sites for powering an IP DSLAM and a Fast Ethernet to E1 converter (FE-E1).
The EDA Components 4.5 The EDA Converters For small site solutions the EDA system offers two types of converters, the FE to E1 converter (EXN104) and the Ethernet gateway (EXN401/410) for bridging the Ethernet and the ATM network. 4.5.1 The FE to E1 and T1 Converter The Fast Ethernet to E1 converter (EXN104) is a small-managed converter developed for EDA rollout where no Ethernet uplink is available, see Figure 23 on page 33.
The EDA Components Figure 24 4.5.2 Fast Ethernet to E1 or T1 Converter in a Small Site Solution Ethernet Gateway The EXN401/410 is a small 1U easy-installable Ethernet to ATM STM-1 gateway developed to facilitate re-use of existing legacy ATM core networks. Ethernet traffic from a Fast or Gigabit port is encapsulated according to RFC2684 bridged mode onto ATM AAL5 PVCs according to traditional ATM DSLAM installations, see Figure 26 on page 35.
The EDA Components Figure 26 4.6 Migration from Ethernet to ATM through EXN401/410 Remote Powering Remote powering is a concept for distributing DC power over existing twisted pairs. Remote powering is typically used in broadband applications, where telecom equipment located close to the end-user requires power. What makes remote powering attractive is the independence of local power utilities and centralized back-up systems (batteries).
The EDA Components Central Office Remote site Flatpack Remote Power System Remote Unit I [mA] 190V-380V/48V DC/DC Converters Line impedance [Ohm] VA limit VA limit DC/DC converter -48 to ±190 +190 Vremote [V] Vco [V] 1 48V to DSLAM 1 GND -190 Cable length [m, km, kft] 5 12 VA limit Figure 27 Block diagram for the remote powering Figure 27 on page 36 shows a block diagram of the remote powering system.
The EDA Components 4.7 The EDA Subracks and Cabinets Subracks are available in various sizes and configurations adapted for different solutions. An overview of available pre-cabled subracks and cabinets is shown below in Table 1 on page 37.
Customer Premises Equipment 5 Customer Premises Equipment The termination of the ADSL connection at the customer premises may be performed in various ways, depending on the type of access protocol and the customer’s type of equipment. Since EDA is based on Ethernet, some part of the Customer Premises Equipment (CPE) must provide termination of this layer. The following possibilities exists: 1. The Access Domain Ethernet may be bridged by the modem towards a local physical Ethernet.
Customer Premises Equipment Figure 29 CPE Equipment Protocol Termination Some ADSL modems are able to operate in either bridged or routed mode. A bridging modem requires a minimum of configuration, but does not provide any security for hosts connected through it. A routing modem, on the other hand, often provides means for enhancing the security, for example by firewall and NAT function. If telephony is required, the CPE should provide a POTS interface to legacy telephones.
EDA System Services 6 EDA System Services EDA is a versatile and flexible system, and can be designed to fit various requirements regarding service access, network architecture, and network performance. Furthermore the EDA system solution can be adapted to various requirements regarding scalability and redundancy. This section gives an overview of the services that can be provided by the EDA system. 6.
EDA System Services Figure 30 on page 41 depicts a traditional access network scenario, where a BRAS controls what End-users can access. The aggregation network in itself imposes no constraints, but only transport all the End-user traffic to and from the BRAS. Application Server Access Node IP Network Access Node Access Node Local loop Figure 30 BRAS Aggregation network Application Server Traditional BRAS Controlled Access Figure 31 on page 41 illustrates a multiple edge access network scenario.
EDA System Services These EDA Service rules or definitions are implemented in the Access Node as a virtual switch that does the following on each frame: • Inspection and identification of the service to which the frame belong • Classification • Filtering • Modification • Forwarding In the Access Domain aggregation network, the rules are implemented as VLANs with a specified classification, configured throughout the network. Figure 32 on page 42 depicts an EDA Service Access example.
EDA System Services As Figure 32 illustrates, EDA Access network support both BRAS and multiple edge access scenario. The basic service identifier is a PVC (denoted as logical access channel in Figure 32). A virtual switch controls the traffic for each PVC in the network. It is important here to remark that the virtual switch is automatically configured when a service is assigned to an End-user.
EDA System Services In practice, this scenario is done by creating two Service Configurations, and using the same PVC for both. 6.1.1 Bandwidth Control The bandwidth control in EDA is done in several layers: 1. The DSL layer by setting the overall bandwidth for the DSL connection 2. The ATM layer by setting the bandwidth for each PVC 3. The Ethernet layer by applying traffic policing Figure 34 on page 44 illustrates an example of the bandwidth control principle.
EDA System Services Two End-users are shown in Figure 34 on page 44. The DSL configuration is set for the total bandwidth of the entire customer services combined. End-user 1 has four EDA Services, which gives a total bandwidth demand of 13184 kbps downstream, and 1216 kbps upstream. The bandwidth for each PVC is set individually, and the DSL bandwidth is set to the total amount of all PVCs bandwidths together.
EDA System Services 6.1.2 CPE Access Methods When the End-user is to receive an IP based service, the Customer Premises Equipment (CPE) must be configured with IP settings such as IP address, subnet mask and default gateway. The way in which the equipment receives these settings is called Access Method. The Access Method is an attribute of an EDA Service, and when the Service is assigned to an End-user, the CPE can only use that specific Access Method. The following Access Methods can be used: 6.1.
EDA System Services QinQ is used for the following reasons: • To be able to preserve an existing tagging of the traffic from the Enduser or a sub-provider. • To enable the re-use of the VLAN IDs, thereby extending the amount of used VLANs above 4096. The QinQ can be used with any Access Method. Figure 35 on page 47 illustrates the QinQ principle. Local loop Ethernet Sub. header VLAN Data Ethernet Access Domain IP DSLAM Ethernet Outer Inner Sub.
EDA System Services Application Server Outer VLAN IP DSLAM Router/BRAS Inner VLANs Figure 36 Inner VLANs VLAN per End-user In the example in Figure 36, each user is assigned a different inner VLAN. The End-users are thus layer 2 separated, since the IP DSLAM (terminating and acting upon the inner VLAN) will not allow direct layer 2 traffic between the two End-users.
EDA System Services The IP DSLAM supports up to five VLAN tags (including the two it can add), in order to enable QinQ of frames that where QinQ is already used. If a frame already contain four tags, and the IP DSLAM should add two tags, the frame will be discarded. The IP DSLAM supports two types of QinQ: • IEEE 802.1Q (Ether type 8100) • VMAN (Ether type 8A88) VLAN stacking defined by Extreme Networks. The two QinQ types cannot be mixed within the same service.
EDA System Services 6.2 Quality of Service Quality of Service (QoS) of a network deals with the ability of the network to provide transport services suitable for the applications using the network.
EDA System Services Interactive gaming however, is more sensitive to large packets losses and unacceptably long delays. Loss of packets is rare within the EDA access network, unless the loss is caused by capacity limitations. In that case it tends to occur in bursts. Consequently, in order to provide the transport service required for Telephony over IP there are two main requirements for the QoS function.
EDA System Services Classification Classification Classification PoP PoP IP Network Ethernet Access Domain Edge Router Access node Ethernet Switch Access node Classification Figure 38 6.2.2 Voice Gateway PSTN/ISDN network Classification Traffic Classification in an EDA Network Traffic Handling The principle of differentiated services is that every single switch or router, as an autonomous unit, decides the order, in which packets or frames are forwarded on the transmission link.
EDA System Services “Voice” Class Entrance Link High Priority Queue Exit Link Mapping and Queuing “Data” Class Scheduling Low Priority Queue Network Service Class Policy Figure 39 Differentiated Services in an Ethernet Switch When a frame is received, the mapping and queuing process determines by examining the header, the destination port and the queue in which the frame will wait to be sent. The decision of which queue to use is based on the classification of the frame.
EDA System Services 6.2.3 QoS Implementaion The Quality of Service functions (mapping and queuing, scheduling) are implemented in different places in the EDA network in different ways. The implementation in the aggregation part of the network (switches and routers) is less demanding since it is expected that the ratio of available bandwidth compared with the traffic is greater than in the Access nodes (DSL lines).
EDA System Services Ethernet Access Domain IAD IP DSLAM Interacting Delay Figure 40 Ethernet Switch Network Delay Voice Gateway Interacting Delay Delay Contributors Delay Imposed by the Network Due to the QoS measures implemented throughout the network the total one-way delay is kept on a minimum for Telephony over IP frames.
EDA System Services Such small delays are in contrast to other VoIP based systems, often imposing one-way delays of 100 ms or more, and they are very close to what can be achieved with ATM based systems implemented according to the BLES model (Broadband Loop Emulation Service), as recommended by the DSL Forum. The delay figures for Telephony over IP can also be validated in a comparison with the recommended acceptable one-way delay of less than 150 ms, as specified by ITU.
EDA System Services an overload protection mechanism that is always active. In order to be able to limit the traffic from an End-user, policing can be applied on the traffic per PVC, per CoS flow or both. Figure 41 on page 57 illustrates the QoS and bandwidth control mechanisms in the IP DSLAM.
EDA System Services IP DSLAM Packet based queuing ATM prioritization PVCs Service VLAN Packet based queuing Packet based queuing IP DSLAM overload protection Service VLAN PVC mapping Ethernet Packet based queuing ATM prioritization PVCs Service VLAN Packet based queuing Traffic Figure 42 Downstream QoS Mechanisms The traffic from the Ethernet will go through the following processes: 1.
EDA System Services 2. PVC Mapping The Service of the packets is identified and the packets are sent towards the packet queuing of the designated PVC. 3. Packet Based Queuing The packet based queuing enables treating different traffic contents on the same PVC by transmitting high priority traffic before lower priority traffic. This is done in three steps: 1 Sorting the packets in up to four different queues (a queue for each CoS flow) according to their classification.
EDA System Services IP DSLAM Packet based queuing (4 flows) VBR-rt 7 CoS Flow policing 6 CoS Flow policing 5 CoS Flow policing 0-4 CoS Flow policing Traffic scheduler ATM Prioritization OLP PVC mapping Packet based queuing (1 flow) Traffic scheduler CoS Flow policing Algorithms: • Strict Priority • Deficit Round Robin • Modified Deficit Round Robin Downstream traffic Figure 43 Packet Based Queuing The buffer for the queues can contain up to 128 Ethernet frames per Enduser.
EDA System Services Figure 44 • Queue 1 Weight Queue 2 Weight Queue 3 Weight Queue 4 Weight One Round Deficit Round Robin Modified Deficit Round Robin (MDRR) - The highest prioritized queue (queue 1) is processed first and next the remaining queues are processed by weight as for Deficit Round Robin. The weights are fully operator configurable.
EDA System Services (1500) will be sent. The remaining 500 bytes (if there is no frame with less than 500 bytes waiting in the queue) will be summed with the weight of the next round again. When a queue is completely empty, any unused weight is deleted (not summed with the weight of the next round). Line Overload Situations Line overload situation, is a situation when the traffic coming downstream to a specific line is much larger than the bandwidth configured on the DSL line (typically UDP traffic).
EDA System Services Table 6 Discarding Evaluation Steps Step Evaluate 1 UBR: Strict priority queues 4 2 UBR: Strict priority queues 3, MDRR queues 2-4, DRR queues 1 – 4, PVC with one CoS flow only 3 UBR: Strict priority queues 2, MDRR queues 1 4 UBR: Strict priority queues 1 5 VBR-nrt: Strict priority queues 4 6 VBR-nrt: Strict priority queues 3, MDRR queues 2-4, DRR queues 1 – 4, PVC with one CoS flow only 7 VBR-nrt: Strict priority queues 2, MDRR queues 1 8 VBR-nrt Strict priority queu
EDA System Services the management traffic will use a hidden UBR PVC (a ninth PVC if eight other PVCs are used for End-user traffic). Class of Service (CoS) Classification (p-bit) Service Queues 7 Management 6 Voice (Telephony over IP) 5 Video (Video Multicast) 0-4 Data (Best Effort) Voice Gateway Voice VBR-rt P: 6 Video VBR-nrt P: 5 P: 0 Data IAD Management Max 8*PVC per ADSL connection UBR IP DSLAM P: 7 Video SP 1 Ethernet Switch ISP 1 Ethernet VLAN IEEE 802.
EDA System Services allowance. The Sustainable Cell Rate is an upper limit for the average cell rate that may be transmitted in the PVC. Video services are configured with service class VBR-nrt. This service class is suitable for non-real-time “burst” applications requiring service guarantee from the network. It is also characterized by PCR, SCR and MBS. Data services are configured with the service class UBR (Unspecified Bit Rate).
EDA System Services IP DSLAM Ethertype based multi-flow IP and PPPoE Services On a Single PVC PVC policing VLAN mapping IP DSLAM overload protection PVCs PVC policing VLAN mapping classification CoS Flow policing classification classification CoS Flow policing classification CoS Flow policing Multiple Flow service Classification based multi-flow CoS Flow policing Upstream traffic Figure 47 Upstream QoS Mechanisms The upstream mechanisms work in the following steps: 1.
EDA System Services Note the same four queues are used for all traffic coming from the DSL line. Strict priority is used in the scheduling of the overload protection. 2. PVC policing Discards frames if the traffic from the End-user on that PVC exceeds the configured bandwidth. This policing discards frames randomly. This policing is optional and is configured per service. 3. VLAN mapping Maps the frames to VLANs.
System Maintenance 7 System Maintenance The EDA system does not require any scheduled maintenance apart from backup of the PEM. The only parts that should be replaced from time to time are the fans of the IP DSLAMs and switches. For a more detailed description of how to maintain the EDA nodes please see the specific user guide and installation guide.
Telephony and Multimedia Services 8 Telephony and Multimedia Services When migrating from analog line to ADSL, the EDA System supports the different telephony solutions as well as multimedia solutions: • Base band POTS • Base band ISDN • Telephony over IP • Multimedia services such as video over IP Base band POTS is traditional analog telephony, supplied by a local exchange, in the frequency band below the DSL frequency spectrum, see Figure 48 on page 69.
Telephony and Multimedia Services Telephony over IP (ToIP) is a Voice over IP (VoIP) based carrier class telephony application. The voice is transmitted in data packets, together with other data packets, but with higher priority. It can be used for replacement of POTS, and supports legacy telephony services including supplementary services (Class 5 services). Services are supported with the same functions as in local exchanges. Multimedia services are supported using basic EDA data access.
Telephony and Multimedia Services Figure 49 8.1.2 Base band Solution with Integrated POTS/ISDN Filter Baseband Solution with External Filter The 10-line IP DSLAM EDN110 supports a variety of external mechanical POTS low-pass filters and one combined ISDN splitter + low-pass filter solution. Connected to the IP DSLAM, the POTS low-pass filter complies with ETSI recommendations.
Telephony and Multimedia Services Figure 50 8.1.3 Base band Solution with External POTS Filter Baseband Solution with External ISDN Filter When implementing base band ISDN a splitter/filter is used and placed before the IP DSLAM as shown in Figure 51 on page 73. Connected to the IP DSLAM, the combined ISDN splitter/low–pass filter complies with ETSI recommendations.
Telephony and Multimedia Services Figure 51 8.2 Base band Solution with External ISDN Filter Telephony over IP Telephony over IP (ToIP) is a Voice over IP (VoIP) based application, intended to supplement or replace traditional POTS. The function and quality as perceived by the subscribers, is identical to traditional POTS. Charging is performed entirely in the local exchange.
Telephony and Multimedia Services Figure 52 Telephony over IP Architecture Telephony over IP is based on an H.323 to V5.2 voice gateway (VoGW), connected to a local exchange. H.323 signaling is used between the subscriber’s Integrated Access Device (IAD) and the voice gateway while V5.2 signaling is used between the voice gateway and the local exchange. The use of V5.
Telephony and Multimedia Services exchange is limited only by capacity and capabilities of the packet based and/or circuit switched networks. Figure 53 on page 75 shows possible locations of local exchanges and voice gateways. Figure 53 8.2.1 Locations of VoGW and Local Exchange Quality Considerations Reliability Telephony over IP in EDA provides highly reliable telephony service, implemented on carrier grade HW platforms. Speech Path ToIP is provided with full 64kbit/s G.
Telephony and Multimedia Services Call Signaling Call establishment timing has been optimized and is comparable to design objectives as specified for digital exchange equipment. 8.2.2 Capacity Providing G.711 ToIP requires 170 kbps per voice channel each way (with 10 ms voice packets). However, VoIP can be provided at lower speed, if POTS comparable quality is not required. 8.2.3 Security Identification of a subscriber accessing the VoGW is based on the subscriber’s IP address.
Telephony and Multimedia Services Increasing demands for streaming and broadcast video services in high quality make demands on the bandwidth. In order to save bandwidth the EDA system provides IGMP multicast for video streams in both the IP DSLAM and the aggregation layer. Using IGMP snooping saves Ethernet bandwidth. Requests from one end-user for video are detected by the switch, which connects the end-user to an already active stream to another end-user. This is illustrated in Figure 54 on page 80. 8.
Telephony and Multimedia Services 8.4 Telephony Deployment in EDA Whether base band POTS or Telephony over IP should be used to provide telephony services depends on the specific EDA deployment scenario. Both applications are capable of providing first line telephony, that is, they can provide reliable telephony with the range of services supplied by existing POTS telephony implementations.
Telephony and Multimedia Services 8.6 Multicast Handling The EDA system supports IP multicasting, which is especially suitable for multimedia services in order to avoid overloading the network for example if more end-users receive video over IP simultaneously. Multicasting actually means that a network node sends a packet addressed to a special group address. Nodes that are interested in this group register to receive packets addressed to the group.
Telephony and Multimedia Services Figure 54 IP Multicasting using IGMP Snooping for Video Services The EDA system can prevent end-users from unauthorized access to Multicast services using Multicast Whitelist. The number of simultaneous multicast streams to an end-user can also be limited.
Security 9 Security The ability to protect communication systems and information from various types of attacks has become increasingly important over the last years. Since the advent of the Internet, hackers have become more and more skilled and are today equipped with numerous tools to perform a multitude of different attacks on data networks. The number of attacks per day has increased dramatically and is ever increasing.
Security 9.2 PPP, VLAN and Forced Forwarding 9.2.1 PPP (Point to Point Protocol) Using PPP, sessions are created between the clients and the BRAS. The IP DSLAM does not take active part in handling the PPP sessions. Being able to recognize and verify the identity of a subscriber enables the Service Provider to deliver the exact service that the subscriber is entitled to. Furthermore, to perform charging of service usage the identity of the service user must be known to the system.
Security validating takes place. If the authentication request from the subscriber is acknowledged, the RADIUS server may provide subscriber profile information such as IP address, subnet mask, compression parameters, MTU, and more. 9.2.2 VLAN Technique The VLAN technology can be used to create separate logical networks within a LAN like the Access Domain Ethernet. The VLAN principle is useful for separating the traffic through the Access Domain Ethernet.
Security Figure 55 Separation of Traffic Types with VLANs Each of these VLANs has a unique value (the VLAN ID) indicated by the VLAN tag. Within the Access Domain the VLAN tag is included in the Ethernet frame, according to IEEE802.1Q, see Figure 56 on page 84. Figure 56 802.1Q MAC Frame with VLAN Tagging In an IP DSLAM the VLAN IDs are used to direct the traffic to the appropriate PVC.
Security example of assigning the voice VLAN ID to all voice PVCs, and the data VLAN ID to all data access PVCs. Separating the traffic in this way is a security mechanism that prevents EDA subscribers from attacking the local Management System, or performing hacking attacks on the access equipment (IP DSLAMs, aggregation switches, routers, voice gateway). Other schemes than the one illustrated in Figure 55 can be used for enhancing the security.
Security verify that the upstream traffic actually uses the returned MAC address of the default gateway as destination address in subsequent frames. The ARP proxy function implementing Forced Forwarding is an optional security feature that ensures layer-2 separation (rules for the Forced Forwarding are configurable through the management system). However, it is also a way to optimize the utilization of the downstream bandwidth.
Security Figure 57 DHCP Request with Relay Agent (Option 82) The Service Provider receives the DHCP request in the DHCP server and (based on the Option 82 identifier) authenticates the DHCP request. The DHCP server can then assign an IP address to the end-user according to the services offered by the ISP.
Security The encoding is used by Cisco for a number of routers, which supports the relay agent information scheme. With this configuration only the second sub-option, Remote Agent ID, is used. A total of 16 bytes are inserted, where the contents of each byte have been defined in advance. Even though the Cisco configuration is used with routers, the encoding is still relevant for the EDA system, and the requirement from RFC 3046 concerning a global unique Remote Agent ID is still fulfilled.
Security 9.4.1.1 Broadcast Broadcast traffic can in general be filtered out. This filtering will prevent subscribers from loading the network with broadcast traffic. Also, network information messages that are normally broadcasted on an Ethernet are not sent to the EDA subscribers. One example of exception is DHCP request from subscribers. These are needed to obtain the initial network configuration, for example an IP address, from a DHCP server.
Security other party’s IP address is located within the same subnet, then the sender can obtain the destination MAC address by an Address Resolution Protocol (ARP) request. The Access Domain Ethernet enables direct communication between EDA subscribers on layer 2. This can be considered an advantage in terms of efficiency, compared to the alternative of routing all communication via some IP router at the top of the Access Domain hierarchy.
Security The basic principle of virtual MAC addresses is that the IP DSLAM performs address translation of MAC addresses. The IP DSLAM preassigns a number of potential MAC addresses to be associated with the real MAC address from the end-users equipment for example a PC or a STB (Set Top Box) for video service. The IP DSLAM maps between the MAC addresses received from the endusers equipment and the locally administered MAC (Virtual MAC) address used in the Ethernet Access Domain.
Security Encryption of subscriber traffic is generally considered outside the EDA scope. 9.6 Other Security Measures General security measures should also be implemented in order to secure the network. 9.6.1 Management Security Policies Another type of attacker is trusted personnel misusing their authority. In this case nearly any threat is possible, because these people often have knowledge about security systems.
EDA System Design 10 EDA System Design 10.1 System Design Approach A wide range of different access scenarios can be designed to fit various requirements regarding service access functions, network architecture and network performance. Based on requirements to service selection, security, and services the function of the EDA System can be determined and optimized. Combined with requirements to network architecture and performance this can be used as the basis for designing the specific EDA System.
EDA System Design 10.2 Determining the EDA System Functions The basic EDA System functions are based on requirements to services, service selection, and security. The actual EDA scenario must provide these functions while observing the remaining system requirements such as the chosen MDF deployment scenario and the network performance requirements. The latter covers for example the number of subscribers, the bandwidth allocation policy, scalability options, and redundancy requirements.
EDA System Design • Security Requirements - Different security measures can be deployed in order to protect the EDA system and the end-users connected to it. Some of the security settings may overlap but can be activated simultaneously to improve the security. The following measures can be used: − Using PPP as access method can be used for verifying the identity of an end-user before granting access to the services. PPP sessions can be forwarded towards remote Service Providers using secure tunnels.
EDA System Design These requirements are the main input when dimensioning the aggregation network (the number of switches and the bandwidth required to connect them). 10.3 EDA Scenario Examples The following examples of EDA scenarios are divided primarily according to the method used for service selection: 1. No service selection. 2. Using a BRAS. 3. Using a VLAN per service or super VLAN. 4. Using IP sub-netting combined with Forced Forwarding. 5. LAN-to-LAN transparency 10.3.
EDA System Design c Non-IP-traffic filtering 2. Separating traffic types in different VLANs within the Access Domain, for example a separate VLAN for management traffic. This access scenario imposes no limits to what IP services can be offered. However, unmanaged access to Telephony over IP service may be considered inappropriate due to the lack of security and charging options. Consequently, Figure 60 on page 97 illustrates the use of base band POTS instead. Figure 60 10.3.
EDA System Design The use of PPP creates a kind of tunnel between the CPE and the BRAS. This provides an inherent level of security, because it creates layer-2 separation of the subscribers. Configuring the IP DSLAM filter to allow only PPPoE frames provides additional security. The security level can be extended with the use of VLAN to separate traffic types within the Access Domain. Multiple providers may each have a BRAS located within a single Access Domain.
EDA System Design Figure 61 EDA Access Network Incorporating a BRAS 10.3.3 Service Selection Using VLAN The VLAN technology may be used to separate the Access Domain between Network Service Providers, giving each Service Provider a logically separated access network with a unique VLAN ID. The Service Provider has the option of using a BRAS, or an IP router.
EDA System Design Four different VLANs are defined: One for system management traffic (VLAN1), one for the voice access domain (VLAN2), and one for each of the two data access domains (VLAN3, VLAN4). The IP DSLAMs map between PVCs and VLANs (magnified to the right in Figure 62 on page 100). Between the IP DSLAMs and the top-level switch all VLANs are present.
EDA System Design All VLANs solutions except for the three VLANs scenario (Management, Data and Voice) have one drawback: each IP DSLAM and each top-level switch must be configured manually. The PEM does not support automatic configuration of VLANs, other than the three mentioned above, which are the default for the IP DSLAMs. The top-level switches have to be configured under all circumstances. The various VLAN scenarios offer different levels of security.
EDA System Design transparent for both tagged and untagged Ethernet frames. This allows services like Home office, where the IP address is assigned from the DHCP server at the office premises. Another service example is a VLAN for Home interconnections where a group of end-users wants to interconnect their LAN networks. Figure 63 on page 102 shows the VLAN service for Home Office and Home interconnection.
EDA System Design 10.4 Dimensioning the Network An EDA access network is build around generic system elements that to a great extent adapt automatically to architectural changes in the network. It can therefore easily be extended to support increasing traffic and/or changed performance requirements. 10.4.1 Capacity of System Elements All elements included with the EDA system are optimized to meet the capacity requirements of any ADSL access network.
Glossary Glossary AAA Authentication, Authorization and Accounting AAL5 ATM Adaptation Layer 5 Access Domain A logical network handled by the OAM system and defined by the approved IPaddresses. One or more Access Domains makes up an EDA network, which is a switched Ethernet. An Access Domain is managed by one Collection Station. Access Provider The Access Provider owns the physical network, installs equipment and monitors network status and provides the basis for offering services to end-users.
Glossary Broadband A transmission bandwidth higher than 2Mbps. Burst Tolerance (BT) The maximum time for which the source may transmit the PCR. Carrier Grade Designates highly reliable equipment intended for use in telecommunication (central office and backbone installations). Cell The unit of data, transferred as an entity through an ATM network. A cell has a fixed length of 53 bytes. Central Office Building with telecommunication equipment. Also referred to as CO.
Glossary Re. the CPE equipment, a DHCP server shall be available somewhere in the ISPnetwork to provide IP addresses for the IADs. Re. the Access Domain/Domain subnet, there shall be access to an Access Domain DHCP server to provide IP-addresses for the Elements in the Access Domain/Domain subnet server. DHCP server Dynamic Host Configuration Protocol server. A configuration server, capable of configuring hosts with a variety of information required for their operation.
Glossary EDN Ethernet DSL Node comprises EDN110 and EDN312. management are done by the ECN320. The EDN288 IP DSLAM is an example of an EAN. EMP Ethernet DSL Node Ethernet Converter Node Converter Node for Ethernet. End-user An end-user is a consumer of services in the access network. The end-user is physically connected to the network and is uniquely identified in PEM. Services are given to and removed from end-users. EDA Official product name for the EDA product.
Glossary use in multimedia applications, for example Voice over IP (VoIP) HPOV Hewlett Packard Open View - a term for packages used for viewing networks. HTTP Hyper Text Transfer Protocol HUt High Unit IAD Integrated Access Device - a generic term for various customer equipment. IEEE Institute of Electrical and Electronic Engineers In-band Telephony Means that the ADSL/IP also has voice (Voice over IP) transmission within the ADSL/IP signal. This is called Telephony over IP. See also Baseband.
Glossary MAC Media Access Control unless it is a connection initiated from within the local network. MAC address Media Access Control address. The physical address of a device connected to a network, expressed as a 6 byte hexadecimal number. Network Configuration Manager The Network Configuration Manager is a GUI used for management of IP DSLAMs and their related servers (Domain File Server and DHCP Server).
Glossary be: Network Operator; Service Operator; Subscriber Operator. collected and stored, and an Operator can extract the data and view them. OVP Over Voltage Protection PoE Power over Ethernet Packet A format in which data is transmitted over an IP network A packet contains the data itself as well as addresses, error checking, and other information necessary to ensure the packet arrives intact at its intended destination. Power over Ethernet Power supplying devices through category 5 LAN cables.
Glossary An authentication and accounting system used by many ISPs. RSS Remote Sub System RSS filter Compact clip-on POTS filter for the Ericsson SDH Synchronous Digital Hierarchy is the physical layer in the ATM network. Security Manager GUI used for PEM user’s management. Security Server The Security Server interfaces between the Security Manager and the database. Server The term Server in the PEM can be either a robust computer with high specifications (as opposed to a workstation) or a SW application.
database, IP-DSLAMs (through the PEM Domain Service) and NNM. Sustainable Cell Rate (SCR) The upper limit for the average cell rate that may be transmitted in the PVC. TAG Telephony Access Gateway TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol Time Synchronization Server The Time Synchronization Server is used for setting the real time in the system elements. The real time is used for making the time stamps in log files and alarms, and in the IP DSLAM also for the Remote Storage.
Ericsson AB © Ericsson AB - 2005 All Rights Reserved www.ericsson.
