380 likes | 397 Views
Qualified eXchange Network. The QXN Consortium Goals QXN Network Infrastructure QXN Services Future developments. Setup date: July 10th, 2006 Founding members: the four major italian TLC Operators
E N D
Qualified eXchange Network • The QXN Consortium • Goals • QXN Network Infrastructure • QXN Services • Future developments
Setup date: July 10th, 2006 Founding members: the four major italian TLC Operators On October 2006, QXN Consortium signed a contract with CNIPA in order to implement and run QXN infrastructure and services (60%) (5%) (10%) (25%) The QXN Consortium - Milestones
Management Board, formed by founding members representing the four partners of the Consortium: 1 President (BT Italia) 1 CEO (Fastweb) 4 Fastweb representatives 1 BT Italia representative 1 Wind representative 1 Telecom Italia representative Technical Committee: 1 Chairman (QXN Technical Director) 1 representative each from CNIPA, BT, Fastweb, Wind, Telecom Italia, Namex, MIX and CG-SPC QXN Consortium – Organization
QXN on Internet : company website www.qxn.it www.qxn-scpa.it
To design, implement, operate and develop a geographically-distributed IP backbone infrastructure (QXN) acting as an exchange network among SPC Q-ISP’s** backbones. To provide Q-ISPs with access to QXN services (such as housing, access ports, guaranteed bandwith, centralized DNS, NTP server) To guarantee equal access conditions to QXN infrastructure and services both to Members of Consortium and to other Q-ISPs. **Q-ISP: Qualified Internet Service Provider QXN Consortium – Main goals
PAL Centro Servizi Interoperabilità Evoluta -1 Centro Servizi Interoperabilità Evoluta -2 SPC Rete Nazionale Multifornitore – QISP 1 PAC Centro Servizi Cooperazione Applicativa PAC SPC Rete Internazionale RIPA QXN CG-SPC PAC SPC Rete Nazionale Multifornitore – QISP 2 Nodo Interconnessione VOIP PAL PAC QCN Qualified Community Network - n QCN Qualified Community Network - n SPC Rete Nazionale Multifornitore – QISP n PAC PAC PAL PAL PAL PAL PAL QXN within SPC General Framework
SPC management Technology and services Security SPC Future developments QXN within SPC General Framework (2) QXN is a “corner stone” within SPC Framework due to its central role in:
QXN Consortium, through the work of its bodies (Management Boards, Technical Committee), acts as an aggregation point among all actors involved in SPC, that are: CNIPA Q-ISPs CG-SPC NIV This has a fundamental importance in helping CNIPA to manage a complex environment as SPC is, due to its “multi-provider” nature. QXN Centrality in SPC management
Q-ISPs may implement their backbones by using different technologies, with differentservices andSLAs and according to different evolution paths. QXN “smooths” all these differences, by binding all Q-ISPs to comply with specific technical requirements and rules set by QXN Technical Committe. This results in creating a single SPC “virtual” network (integrating QXN and QISP’s backbones) that provides all SPC customers (the PAs) with services with high and homogeneous levels of quality, no matter what Q-ISP is. QXN Centrality in technology and services
The QXN Points of Presence (PoP) have been implemented by taking specific care to security issues such as: physical security of equipment logical security of data and traffic flowing through QXN network, (by using Firewalls that implement policies for traffic segregation, network intrusion detection, etc.. ) this resulting in a network infrastructure capable of ensuring high security and availability levels of service. QXN centrality in security
As a central bulding block of SPC Framework, QXN is well suited to implement and provide new “centralized” services to PAs. As an example, QXN has already implemented and is currently running the Centralized SPC Domain Name System service, that ensures resolution of domain names of all hosts and services that PAs publish on SPC. Further services are currently under study by CNIPA. QXN centrality in SPC future development
OPA Interconnection OPO Interconnection(between Fastweb e other Q-ISPs who won SPC Bid, only) SPC Domain Name System (DNS) SPC Network Time Source (NTP server) Network Operation Center(24x365 service coverage) NTP= Network Time Protocol OPA = Offerta per le Amministrazioni OPO = Offerta per Operatori QXN Service Offer
Infranet traffic– IP traffic exchanged between two PAs participating in SPC through different Q-ISPs they’re connected to (OPA* interconnection); Intranet traffic– IP traffic exchanged among VPN sites of a single PAs, some sites of the VPN being connected to the network of one Q-ISP (Q-ISP1), some other sites being connected to the network of another Q-ISP (Q-ISP2). Q-ISP1 and Q-ISP2 exchange traffic flowing between the two parts of the VPN by using their interconnection to QXN (OPO* interconnection) Types of traffic flowing through QXN OPA = Offerta per le Amministrazioni OPO = Offerta per gli Operatori
QXN service offer – OPA Interconnection PA 3 PA m www.pa2.it QISP-1 SPC Network QXN www.pa2.it Infranet traffic (Intra Q-ISP) Infranet traffic (Inter Q-ISPs) Internet traffic INTERNET QISP-2 SPC Network www.pa2.it www.pa2.it PA 2 PA 1
QXN Service Offer – OPO Interconnection QXN ROMA RM-BRqxn1 VLAN1 IP subnet1 (/30) VPN PA1 (clt QISP) Sedi in OPA VPN PA1 (clt QISP) Sedi in OPO RM-Bropo-FW RM-BRopo-QISP VLAN2 IP subnet2 (/30) VPN PA1 (clt QISP) RM-BRqxn2 VPN PA1 (clt QISP) MI-BRqxn1 Fastweb QISP VLAN3 IP subnet3 (/30) VLAN4 IP subnet4 (/30) MI-BRopo-FW MI-BRopo-QISP QXN MILANO MI-BRqxn2
Two PoP based on Cisco technology, located at major italianNAP (Neutral Access Point) premisesin Rome (NAMEX) and Milan (MIX) High security levels (physical and logical) Service Level Agreement (SLA) Service Avalilability = 99,99% One Way Delay <= 20 ms Packet Loss <= 0,05% One set of technical rules that every Q-ISP must follow in order to be interconnected to QXN (certification process) Service Trial completedon July 26th, 2007, Commercial service started on July 27th, 2007 QXN - Main features
PA 1 PA 2 Rete QISP A BRqx BRqx BRqx BRqx BRqx BRqx BRqx BRqx BRqxn BRqxn BRqxn BRqxn INTERNET DNS DNS Nodo QXN Roma Nodo QXN Milano Rete QISP B PA 3 PA n QXN – Network Architecture
QXN network architecture (continued..) • Two nodes - Rome and Milan – interconnected by two redundant high speed transmission links(2x100 Mbps SDH, upgradable up to 1 Gbps), designed for high availability (equipment redundancy and physical path diversity) • Each node is equipped with : • n.2 Cisco 7609 high-performance routers (BRqxn – Border Routers QXN) interconnected locally and to BRqxn at the remote site; • SLA management system (based on Cisco IP SLA solution)in order to monitor and measure network quality parameters (One Way Delay, Packet Loss); • Firewall e Intrusion Detection System, in order to protect PA’s data and traffic flowing through QXN • Infrastructure for housing(rack), in order to accomodate equipment that QISPs use to interconnect their backbone to QXN nodes. These equipment must be co-located to the QXN Border Routers
Traffic symmetry All Q-ISPs must ensure that traffic generated by/directed to a PA (or a group of PAs) connected to their networks is always delivered/received on the same QXN node (eg. Rome or Milan). BGP Communities are used by QXN and Q-ISPs in order to set priorities of BGP advertisements for their PA’s IP prefixes Traffic load balancing Traffic must be balanced between Q-ISP Border Routers (BRqx) and QXN Border Routers (BRQXN); Traffic coming from a Q-ISP network is balanced (on per session basis) by BRqx towards both BRQXNs in a QXN node BGP Routing OSPF fully-meshed protocol among four BRQXNs placed in Rome and Milan QXN nodes; External BGP v. 4 among BRQXNs and Q-ISP BRqx; QXN AS (41407) acting as transit AS among Q-ISP’s public AS; QXN - Traffic Routing issues
Communities BGP All Q-ISPs must announce their IP prefixes to QXN by using BGP communities, so that each Q-ISP can set a priority among their BRqxs where traffic must be sent to.. Use of BGP Communities is necessary in order to ensure traffic simmetry over QXN. BGP Communities have this format: ASn_QXN:LP where: ASn_QXN = 41407, is the public AS assigned by RIPE to QXN LPis theLocal Preference parameter value being set, within QXN, for the specific announcement community 41407:130 = Set LP equal to 130 within QXN network (highest priority) community 41407:120 = Set LP equal to 120 within QXN network community 41407:110 = Set LP equal to 110 within QXN network community 41407:100 = Set LP equal to 100 within QXN network (lowest priority) no community = traffic dropped by QXN All Q-ISP receive from QXN information about BGP Communities set by other Q-ISPs. QXN – Traffic routing issues
Prefix sede PA2 LP100 Prefix sede PA1 LP120 Prefix sede PA2 LP130 Prefix sede PA1 LP130 Prefix sede PA1 LP110 Prefix sede PA1 LP100 Prefix sede PA2 LP110 Prefix sede PA2 LP120 OPA Interconnection – traffic routing and fault scenarios PA 1 YYY / 23 Rete Fornitore SPC A X BRqxn BRqxn X NODO QXN ROMA NODO QXN MILANO BRqxn BRqxn X X Rete Fornitore SPC B PA 2 XXX / 24
Servizi Offerti – Interconnessione OPO QXN ROMA RM-BRqxn1 VLAN1 IP subnet1 (/30) VPN PA1 (clt QISP) Sedi in OPA VPN PA1 (clt QISP) Sedi in OPO RM-Bropo-FW RM-BRopo-QISP VLAN2 IP subnet2 (/30) VPN PA1 (clt QISP) RM-BRqxn2 VPN PA1 (clt QISP) FW QISP MI-BRqxn1 VLAN3 IP subnet3 (/30) VLAN4 IP subnet4 (/30) MI-BRopo-FW MI-BRopo-QISP QXN MILANO MI-BRqxn2
OPO interconnection – routing aspects • QISPs backbones are interconnected to QXN through their own OPO Border Routers (BRopo). Each Q-ISP may decide to implement BRopo functions on the same equipment acting as BRqx (for OPA interconnections), or on different equipment. • OPO interconnection and OPA interconnection use different ports on BRQXN. • In OPO interconnection, BRqxns act as L2 ethernet switches connecting Q-ISP A’s BRopo (Fastweb) and Q-ISP B’s BRopo (being Wind or BT) • Each L2 Link is configured in trunk mode (IEEE 802.1q), each VLAN whithin a trunk being associated to a specific VPN of specific PA.
QXN ROMA RM-BRqxn1 VLAN1 IP subnet1 (/30) RM-Bropo-FW RM-BRopo-QISP VLAN2 IP subnet2 (/30) PA1 (clt QISP) VPN1 - Sede B PA1 (clt QISP) VPN1 -Sede A (in opo) RM-BRqxn2 FW QISP MI-BRqxn1 VLAN3 IP subnet3 (/30) VLAN4 IP subnet4 (/30) MI-BRopo-FW MI-BRopo-QISP VLAN 1-2-3-4: assegnate da QXN IPsubnet 1-2-3-4: assegnate da QISP QXN MILANO MI-BRqxn2 OPO interconnections – traffic routing and fault scenarios Main node X X Backup Node
QXN Architecture – security & SLA management Sonda Sonda Sonda Sonda Sonda Sonda Sonda Sonda
SLA measuring and monitoring system Cisco 2811 Cisco 2811 Cisco 2811 Cisco 2811 Cisco 2811 Cisco 2811 Cisco 2811 Cisco 2811
Array of traffic measures SLA measuring and monitoring system (continued..) rm-qxn-sla-301 • Each SLA probe (Querier) sends a specific traffic pattern (10 IPpkt/min, 200 Bytes/pkt, 200 ms delay between two subsequent packets) to the other four SLA probes (Responders) connected to each BRqxn • This results in obtaining 16 traffic measures (one for each traffic relation) for every hour, that are used to calculate QXN hourly average PL and OWD • For every hour, QXN hourly average PL and QXN are matched with releavant SLA thresholds (PL=0,05%, OWD=20ms) in order to calculate penalties as foreseen in the service contract between SC-QXN and its customers (Q-ISPs) Q Q R R RM- BRqxn1 MI- BRqxn1 RM- BRqxn2 MI- BRqxn2 R R Q Q
SPC Domain Name System • SPC DNS is a federate systems with participation of : • PAs DNS • Q-ISPs DNS • QXN DNS • Main goal: to ensure that all IP traffic related to PA domain resolution process is completely confined within SPC environment. • This results in providing highest level of security to those critical applications run by PAs (e.g. Protocollo Informatico), because they can be based on domain/hosts that cannot be reached or viewed from outside SPC.
DNS Root Server Internet Internet Server DNS QXN QXN DNS Q-ISP1 DNS Q-ISP2 Q-ISP1 Q-ISP2 DNS PA1 Server PA1 Client PA1 DNS PA2 DNS PAn Public Administration #1 Public Administration #2 Public Administration #n DNS SPC Architecture
PA DNS It is Authoritative DNS for all domain zone belonging to PA It replicates all PA’s domain file zone on DNS’s Q-ISP (zone transfer/notify mechanism) Set Q-ISP’s DNS as forwarder for all domain zones they are not autorithative for. Q-ISP DNS Set as slave to PA’s DNS It ss Authoritative DNS for domain zones belonging to all PAs served by Q-ISP It replicates all its domain file zones on DNS QXN (zone transfer/notify mechanism) Set QXN DNS as forwarder for all domain zones it is not authoritative for. QXN DNS: Set as slave to Q-ISP’s DNSs. It ss Authoritative DNS for domain zones belonging to all PAs participating in SPC. Set Internet Root Servers as forwarders for all domain zones it’ not auuthoritative for. DNS SPC – functional model
DNS SPC – Functional model (Notify / Zone Transfer mechanism) DNS QXN QXN DNS Notify Zone Transfer DNS Q-ISP1 DNS Q-ISP2 Change in PA1.itzone file (e.g MX Record) Q-ISP1 Q-ISP2 Change in PA#n.it zone file (e.g MX Record) DNS PA1 Server PA1 Client PA1 DNS PA2 DNS PAn Public Administration #1 Public Administration #2 Public Administration #n
DNS SPC – Functional model (Query mechanism) DNS Root Server Internet Internet Server DNS QXN QXN Query to Server PA1 Query to Server PA2 Query to Server PA3 DNS Q-ISP1 DNS Q-ISP2 Query to Internet Server Q-ISP1 Q-ISP2 DNS PA1 Server PA1 Client PA1 DNS PA2 DNS PAn Public Administration #1 Public Administration #2 Public Administration #n
WHO are QXN Customers ? • Current • The 4 major Italian Telco Operators (BT, TI, Wind, Fastweb) • SPC Management Center (CG-SPC) • Coming next • Application Cooperation Centers • Regione Toscana Community Network • Future • Node for PAs Voip interconnection (NIV) • Other Q-ISP (with national or regional scope) fulfilling requirements set by QXN Board and Techical Committe according to general certification criteria set by CNIPA • QCN : Qualified Community Networks
Thank you for your attention www.qxn-scpa.it www.qxn.it