China telecom Next Carrier Network(CN2)

1
??????????? China telecom Next Carrier
Network(CN2)
??? Wei Leping
China Telecom Corporation http//www.chinateleco
m.com.cn
2
Background

• Challenges
• Total voice traffic and revenue decreases by the
  end of 2005. The mobile phone and IP phone calls
  have cannibalized part of the voice traffic
  businesses
• Traditional communication network is unable to
  support China Telecoms strategy to become a
  Integrated Information Service Provider. This is
  due to its lack of capability in offering
  value-added service.
• High OPEX (Operating Expenses) is required for
  traditional hetergeneous/multiple networks
• Existing ChinaNet is not a profit generating
  business
• Opportunities
• Acceleration of the Information and
  Communications Technology (ICT) adoption in
  government and enterprises would drives the
  demand for telecom services
• Adoption of the SIP-based soft-switch technology
• The impending releases of 3G license
• Rapid development of the broadband service

3
solutions

• Migration of voice service from PSTN to
  soft-switch-based VoIP technology
• Preparation for 3G-based mobile services
• Accelerate the development and application of the
  broadband services base on xDSL access technology
• Drive managed service and system integration
  service
• Built an Integated IP/MPLS-based multi-service
  platform CN2

4
Philosophy of Building CN2

• CN2 strength
• network topology
• Scalable routing architecture
• Highest level of redundancy
• Highest level of security
• Different class service
• All services have edge functionality
• End to end control and managment

5
CN2 Strength

• Homogeneous Global Architecture
• Single Global ASN(AS4809)
• IP Layer Redundancy Drives Accountability
• ISIS level2-only with sub-second convergence
• Diffserv-based QOS enabled network
• MPLS and multicast enabled network
• MPLS FRR with sub-50ms reroute
• Robust Architecture Allows for Unsurpassed
  Stability
• Offer Layer-2/3 over IP or MPLS
• Leading SLAs via Zero Loss Speed of Light
  Delays
• 6PE-based IPV6 ready
• Offer Layer-2/3 over IP or MPLS
• Leading SLAs via Zero Loss Speed of Light
  Delays
• End to end service provision and fault management

6
Simple Network Topology

• CN2 comprises of two functional planes and four
  structural layers to offer a seamless
  connectivity for customers. CN2????2????????4?????
  ??,?????????????
• The two functional planes are high speed data
  forwarding plane and service provisioning plane
• 2???????????????????
• The four structural layers are core layer,
  aggregation layer, edge layer and services
  connecting layer
• 4???????????????????????
• The high speed data forwarding plane and service
  offering plane is supported by 4 and 1 vendors
  respectively. This is to ensure minimum service
  disruption and better edge services control.
• ???????4?????,?????1????????????,??????,???????

SR/PE
Service
Edge
Aggregation
SR/PE
Core
?????
?????
SR/PE
7
Simple Network Topology(cont)

• IP/MPLS Network
• All-Optical,Dense Wave Division Multiplexing
  (DWDM)
• SONET/SDH framing
• Per flow load-sharing and fail-over load-sharing
  with ISIS
• MPLS is enabled with traffic to the PE Loopback
  is tagged. Hence, only VPN traffic is
  encapsulated in MPLS, all others is transported
  native IP

IP
MPLS
IP
SONET FRAMING
DWDM
8
Scalable route architecture

• To ensure networks scalability and security,
  only infrastructure address blocks are
  redistributed into the IS-IS (IGP) routing table.
  Non-infrastructure addresses are redistributed
  in BGP. Keeping the IS-IS routing table to a
  minimum would greatly enhance the network
  stability.
• ???????????????ISIS,??????BGP,??IGP??????,????????
  ???????.
• Single Global ASN (AS4809),
• CN2 have two type Route reflector
• VPN RR for RFC2547-based VPN service,(VRR)
• Global RR for internet service(GRR)
• VPN RR is independent of global RR, both use one
  level Route Reflector(RR) (VRR?GRR??????,?????)
• BGP Communities are deployed for routes control
  and netflow-based traffic monitor
• Global iBGP Scaling the Global Internet Routing
  Table involve the increase in the number of GRR
  group.
• ???????GRR??????public ????,??????????.
• VPN iBGP Likewise, scaling the VPN routing Table
  involve the increase of VRR group. Example,
  VPN1-500 is handled by VRR-G1 while VPN501-1000
  can be handled by VRR-G2
• ???????VRR??????VPN??????,??VPN1-500?????G1??,VPN5
  01-1000??G2??.
• ???????????????????.

9
Scalable route architecture (Cont)

• iBGP architecture for global routes

Group 1 for part1 routes
Group 2 for Part2 routes
Full mesh Peers
Full mesh Peers
GRR1
GRR2
GRR3
GRR4
Client
Client
EBGP
EBGP
Client
Client
Internet
Internet
10
Scalable route architecture (Cont)

• iBGP architecture for VPN routes

Group 1 for VPN 1-500 routes
Group 2 for VPN 501-1000 routes
Full mesh Peers
Full mesh Peers
VRR1
VRR2
VRR3
VRR4
Client
Client
Client
Client
PE
PE
PE
PE
11
Highest Level of redundancy

• All network links are deployed in pairs over
  diverse facilities
• Only POS interface are used on backbone
  interconnection to facilitate faster failures
  detection
• All network links are active (NOT working and
  protect)
• Each PoPs router pair is connected by multiple
  routers. Link failure protection is the function
  of IS-IS (layer 3 control) and would not be
  carried out on transport layer (layer 2 control)
  (???SDH??DWDm??????)
• IS-IS routing protocol
• Per flow load sharing between dual pairs
• Fail-over load sharing
• Sub-second fast convergence for gold service
• Three priority LSP flooding and FIB update
• MPLS FRR
• 11 mode FRR is deployed in core layer for 50
  links
• Sub-50ms reroute time
• Built to maintain utilization not to exceed 50
  during normal running
• As a congestion-free network, CN2 ensures premium
  priority for delivery of all packets in the core

12
Higher Level of security

• Strict uRPF is deployed on all customer access
  interfaces
• Loose uRPF is deployed on interconnected
  interface
• ??????
• Infrastructure ACLs (iACL) deny external traffic
  to ALL routers interfaces address. iACL are
  deployed on edges and borders of the network.
• ?Cn2????????????????ACL,???????Ip???CN2??,????????
  ??????Cn2??.
• Infrastructure routes are distribted to internet
  or customer
• ??????,????????????CN2???????
• All router access control is manage by AAA
  servers and syslog
• (????????AAA?syslog)
• QOS technology would be deployed accordingly to
  reduce the impact of an attack or worm traffic.
• ??QOS??????????????????,??QOS?????????

13
Different class service capability

• CN2???QOS?????
• QOS??????????????????,?????????,?????IP???????????
  ????????3G,????MPLS VPN?ATM????????,????IP/MPLS???
  ?????,??????????,??QOS??????????????CN2?????3G????
  ?????50????,Vnet??????????????15?
• QOS??????????????,???????????,?????????????????,??
  ?QOS????????????????
• QOS?????????????????????IP?????????,??????????????
  ??,????????????????????????50???,??????????????20
  ,???30???Vnet????????

14
Different class service capability

• CN2 QOS positioning
• QOS is a technique use to allocate limited
  network resources to different services. Unlike
  traditional networks of ATM, Frame Relay, and
  lease circuit services, CN2 provides an overlay
  network for all these services. To differentiate
  the services base on the class of importance or
  contract, QOS is the mechanism in place to
  segregate and allocate network resources to
  different class of services.
• Example of a QOS policy 3G and soft-switch
  traffic can be allocated with at least 50 of the
  available bandwidth while Vnet can only consumed
  a maximum of 15 of the total bandwidth
• QOS are also positioned for traffic congestion
  management. Under the unfortunate circumstances
  of equipment or circuit failures, QOS helps to
  manage the limited usable network resources to
  different classes of services.
• Better resource utilization is expected from
  deploying QOS. Having elastic policy to
  re-allocate the under utilized resources results
  in efficient resources utilization.

15
Different class service capability

• CN2 QOS????
• CN2????DiffServ???QOS????,??IP Precedence?MPLS
  EXP???????8????????
• CN2????????5?????,??1???????????,1?????????????,??
  ??3???????
• ???????????????classification ?marking and
  remarking?shaping???
• ??????????????????
• ?????,??12???,
• ?????11.5???,
• ?????11????
• ???????????,?????????????????????????????????,????
  ??????
• ??????????????,CN2???3???????????????,?????????,??
  ??????,???????

16
Different class service capability (Cont)

• QOS design philosophy
• CN2 adhere to DiffServ framework base on IP
  precedence and MPLS EXP Bit classification. Thus
  offering 8 ??? classes of service
• Initial CN2 service classification is base on 5
  basic classes of services.
• 1 class for network control traffic
• 1 class for network maintenances and operations
• 3 classes for service offering
• All services are classified, remarked, shaped and
  rate-limited on the edge of the network to ensure
  a consistent QOS policy enforcement within the
  CN2 network
• Service resource allocation is base on class of
  service. GOLD class of service would be allocated
  with 2 times more redundant resources then BRONZE
  class of service
• Convergence of prefix varies on the traffic
  class. Prefixes of a GOLD class of traffic would
  convergence faster then prefixes of BRONZE class
  of traffic

17
Different class service capability

• ?CN2???????????CN2?????????

QOS?? ???() MTU(byte) ????(ms) ????(ms) ??(ms)
??? 5 0.05 1500 30 45 lt2
??? 3 0.1 1500 35 60 lt5
??? 2 1 1500 40 75 lt10

• ??CN2???????????CN2??????????

????????(s) ????????(s) ?????(??/?) ????(??/?) ????(?/?) ????()
??? lt3 lt8 5 lt5 lt1 99.99
??? lt15 lt20 10 lt5 lt2 99.98
??? lt25 lt45 15 lt5 lt3 99.95
18
All services are Edge Functions

• Services are enforced and policed on the edges of
  the network via the SR/PE device. Service
  comprises of soft-switch, video conference, VPN.
  Internet, ATM/FR/DDN etc.
• ?????????,?????????(SR/PE)??,???????????VPN???????
  ??ATM/FR/DDN???????
• To ensure core networks stability and security,
  service provisioning, new service deployment and
  security control are performed on the edge of the
  network..
• ???????????????????????????,??????????
• The SOLE responsibility of the Core Network is
  packet switching and forwarding
• ???????????,??????????????????,????????IDC??

19
Network Capacity and Coverage

• Network Capacity and Coverage (by the end of
  2005)
• CN2 will provide coverage for 199 cities
  including Hong Kong, Tokyo, Singapore, London,
  New York, San Jose, Washington etc. with service
  offering MPLS/VPN and Internet Services.
• Cn2??????199???,?????????????????????????????????9
  ?????,????VPN?Internet?????????
• 653 routers in total,including 417 P routers,202
  PE/SR routers,12 Public RR,and 12 VPN RR
• 1267 relay links with a total link bandwidth of
  4.231T
• (??????)
• Over 800 external interlinkage bandwidth(??????)wi
  th 2.8T
• (???????,???????????)
• A total customer access link bandwidth of
  (????????)650.62G
• (???????3G???? )

20
CN2 VPN capability

• Support MPLS layer 2/3VPN,
• RFC2547-based L3 VPN
• Draft-martini based Ethernet point to point
  service
• Ethernet multi point service (Vkompella VPLS)
• ATM/FR over MPLS(????????,???????)
• Support 3 classes of service. GOLD, SILVER and
  BRONZE.
• ?????????????
• Support N2M?N64K?Ethernet/VLAN?L2TPv3,
  pseudo-wired
• Support network wide multicats of 600 multicast
  groups,1.2Gbps end to end multicast traffic
• VPN coverage(by end 2005)
• 202 PE routers in 199 cities
• 2 X ISR in GuangZhou, Beijing and Shanghai. The
  ISR can be deployed as VPN InterAS ASBR.
• 18 PE routes in 9 POPs located in Hong Kong,
  Tokyp, Singapore, London, Frankfurt, New York,
  Washington, San Jose and Los Angeles.
• By Mid 2006, the number of PE is expected to
  increase from 202 to 418 to facilitate intra-POP
  layer redundancy.

21
CN2 VPN capablity

• VPN network capacity
• CN2 uses Cisco 12416 as PE routers with a total
  traffic handling capacity of 140G (unilateral
  direction)
• ??????/PE(2???)
• D???210?SDH/DDN/FR??????,??42M SDH??/??500?
  VLAN????????(??5M/??),??????200M/VLAN???
• E???210?SDH/DDN/FR??????,??42M SDH??/??500?
  VLAN????????(??5M/??),??????200M/VLAN???
• ?????????????????????????
• ???VPN
• VPN????/PE???????500?
• ?????/PEVPN??????????15??,??????30????(VPN??????
  ?????????41??)
• ????/VPN2?
• ????/RR50?
• ??????VPN
• ??4000 ??????VPN,500/???(??E3??)