420 likes | 601 Views
CSCI-370 C omputer Networks: Shrinking the globe one click at a time Lecture 8. Khurram Kazi. Special Topics and Recent Trends in Networking. Ethernet Services Over Metro and Wide Area Networks: Standards Activities. What is so special about Ethernet. Why Ethernet, what not anything else!
E N D
CSCI-370Computer Networks:Shrinking the globe one click at a timeLecture 8 Khurram Kazi CSCI 370
Special Topics and Recent Trends in Networking Ethernet Services Over Metro and Wide Area Networks: Standards Activities CSCI 370
What is so special about Ethernet • Why Ethernet, what not anything else! • Major driving factor is human mentality • Familiarity breeds desire to keep using it until there is no other choice • Build on the existing know how and extend its capabilities to meet future needs • Reduced capital expenditure (economies of scale) and operational costs: • Is it reality or perception • Will have more feedback in near future as carriers have started to deploy these services • Connect multiple enterprise campuses via Ethernet Services using the Public WAN Infra-structure, may they be across the street in the same metro area or across the globe CSCI 370 3
Who is defining Ethernet standards • IEEE has been the pioneering standards body in defining (wired and wireless) Ethernet standards, primarily for Enterprise applications. They are working on defining Metro Wireless standards along with last mile Ethernet Solutions • Metro Ethernet Forum (MEF) took the initiative to bring Carrier Class Ethernet Services across the Metro networks building on IEEE work • MEF defined the Ethernet services in such a way that they are transport technology agnostic • Internet Engineering Task Force (IETF) • MPLS as the foundation of defining such services • International Telecommunication Union (ITU) • Defining Ethernet Services over SONET/G.709 (OTH): Virtual Concatenation, Link Capacity Adjustment Scheme (LCAS), Generic Framing Procedure (GFP) CSCI 370 4
Are SONET and SDH that different? • For all practical purposes at a high level of abstraction there is hardly any difference between SONET and SDH • Both support similar data rates • STS-1 => STM-0 • STS-3 => STM-1 etc • So the SONET/SDH term will be used interchangeably in this presentation CSCI 370 5
Fundamentals of Services definition • Services are defined in observable terms with clear demarcation points between the subscriber and the Service Provider’s equipment • Subscriber equipment is called the Customer Edge (CE) • At the CE, the observable parameters are defined which become the basis for Service Level Agreements (SLAs) • Physical demarcation point between the subscriber and the Service Provider is termed as User-to-Network Interface (UNI) • Hence all the services are defined between the two or more UNIs • Underlying Networking technology is invisible to the subscriber • These simple yet power definitions have allowed almost 100 million Ethernet compliant devices to take advantage of these services CSCI 370 6
Non abstract meaning of UNI (User to Network Interface) • UNI can be envisioned as a physical RJ-45 socket which can reside on an Ethernet Switch or a patch panel provided by the Service Provider • The physical aspect of turning on an Ethernet Service can be simply plugging in the right equipment at this Ethernet jack • The connection can be at 10 Mb/s, 100 Mb/s, 1 Gb/s or 10 Gb/s if Ethernet is used as the physical layer between the subscriber or the Service Provider • If the subscriber initially wants 10 Mb/s and later requires 100 Mb/s, only the provisioning of the service is changed and not the physical link: making it future growth friendly • If SONET is used, the physical link rates can be multiples of STS-1s or at lower sub-rates of STS-1 (based on VT structure) CSCI 370 7
Service Frames and Frame Delivery • Service frames are similar to the Ethernet frames without the preamble and the Start of Frame Delimiter • It starts with the Destination address and ends with the Frame Check Sequence • Frame is considered ingress frame when it enters the Metro Ethernet Network and egress frame when it exits the network • Service frame transparency is maintained between the two UNIs, as it traverses the Metro Network with some exceptions • Egress service frame may have a 802.1Q tag when the corresponding ingress frame did not have it • Likewise the egress frame may not have the tag, while the ingress had it • The tag values between the ingress frame and the egress frame are different CSCI 370 8
Fundamentals of Services definition:Ethernet Virtual Connection (EVC ) • EVC is defined as “an instance of an association of two or more UNIs • Why EVC needed to be defined? • Metro Ethernet Network (MEN) can be visualized as a shared medium where ingress frame is replicated and delivered to all the UNIs • Concept works OK within the LAN as it belongs to the same organization or entity • Not a good idea when the data traverses the public network • Traffic Isolation • Methodology need to be devised so that subscriber data is only transport and/or replicated to authorized UNIs and not to any other UNIs sharing the same MEN • Hence the concept of “VIRTUALIZATION of the Connection” to provide traffic isolation CSCI 370 9
Example illustrating EVC Concepts: Two Services instantiations • EVC1 => defined between 2 UNIs, HQ and the backup center • Point to Point service • All the ingress frames will be exchanged between the 2 UNIs with the exception of control messages (terminated by the MEN) • EVC2 => defined between the HQ, Engineering facility and the 2 sales regions • Multipoint to multipoint service • Supports unicast and multicast traffic between the UNIs defined in the EVC group • Generally speaking there can be more than one service instance • More than one EVC defined for a virtual network CSCI 370 10
CE (Customer Edge) -VLAN ID • There are 4095 CE-VLAN (Virtual Local Area Network) IDs and the ID numbers vary from 1,2 …4095 • The VLAN ID is extracted from the content of the Service Frame in the following manner • For a Service Frame that has an IEEE 802.1Q Tag and the 12 bit VLAN ID in the Tag is not zero, the CE-VLAN ID is equal to the VLAN ID in the Tag. • Untagged and priority tagged Service Frames have the same CE-VLAN ID and the CE-VLAN ID value is configurable to any value in the range 1, …, 4094 at each UNI. • An Ethernet frame with an IEEE 802.1Q Tag that has zero as the VLAN ID is called priority tagged. • Untagged priority frames are handled as if they belong to a default VLAN and the default VLAN is configured appropriately on each port of the Network Element, which can be an Ethernet Switch CSCI 370 11
CE-VLAN ID/EVC Mapping • At each UNI, the CE-VLAN ID has to be associated with an EVC ID • EVC ID is an arbitrary string administered by the Service Provider • VLAN ID of 2 is delivered through the MEN according the properties of the Red EVC • VLAN ID of 1 is delivered through the MEN according to the properties of Blue EVC • Any Service Frame with Tag ID other than 1, 2 or 4094 will dropped by the MEN as there is not EVC associated with them CSCI 370 12
CE-VLAN ID Significance • CE-VLAN ID MAY only have relevance at a given UNI • 47 (@UNI A) => EVC1 < = 47 (@ UNI B) • 1343(@ UNI A) => EVC 2 <= but untagged (@ UNI B) • 187 (@ UNI A)=> EVC3 <= 1343 (@ UNI B) CSCI 370 13
Traffic Engineering: Bandwidth profile attributes • Different subscribers will have different bandwidth needs. Some might require 100 Mb/s, others less than 20 Mb/s while some might require 1 Gb/s • Some may prefer pay as they use for the bandwidth needs; they may start with 20 Mb/s to begin with and at a future date increase their requirements to 100 Mb/s • To accommodate such requirements, there are bandwidth profile parameters that MEF defined • Committed Information Rate (CIR) expressed as bits per second • Committed Burst Size (CBS) expressed as bytes • Excess Information Rate (EIR) expressed as bits per second • Excess Burst Size (EBS) expressed as bytes • Coupling flag (CF) must have either value of 1 or a 0 • Code Mode (CM) must have only one of the two possible values • Color Blind • Color Aware • These profile attributes form the basis of the Service Level Agreements CSCI 370 14
Bandwidth Profiles defined in three ways Bandwidth Profile defined on per Ingress UNI CSCI 370 15
Bandwidth Profiles defined in three ways Bandwidth Profile defined on per EVC basis CSCI 370 16
Bandwidth Profiles defined in three ways Bandwidth Profile defined on per EVC and CE-VLAN CoS: The most granular defined attributes allowed CSCI 370 17
Ethernet Services over public WAN:Work being done at ITU-T CSCI 370 18
Summary of Ethernet types of Services CSCI 370 19
Ethernet Private Line (EPL) Service • EPL is the simplest service that existing SONET/SDH transport network can support • Desired dedicated bandwidth is allocated enabled by VCAT, LCAS and GFP • Mimics a virtual wire connectivity between two CEs CSCI 370 20
Ethernet Private LAN (EPLAN) Service • Multiple sites either across the street or across the globe connected virtually • Mesh connectivity using Multi-service Provisioning Platform type Network Elements CSCI 370 21
Ethernet Private LAN (EPLAN) Service • LAN connectivity made by using centralized switch, i.e. the traffic is hauled to a centralized switch and then forwarded to the respective UNI CSCI 370 22
Ethernet Private LAN (EPLAN) Service • Edge node serves as a bridge or a switch to provide connectivity between the respective UNIs CSCI 370 23
How is Ethernet affecting our lives in some other ways! • Examples of using Ethernet for “Virtual doctor’s” office service • Patients in a village from their homes can have a video conference with their doctor (residing somewhere else) [example cited from Telenor, Norway’s Service Provider] • Doctors can monitor/see intricate operations being performed at a hospital across the globe • Distance Learning CSCI 370 24
Special Topics and Recent Trends in Networking Architectural Design of Networking Standards based Multi-Gigabit Network Elements CSCI 370
Technology/Market Trends • Over the past few years the focus of the networking industry has shifted towards providing various services that seamlessly connect diverse networks over different geographical locations across the globe. • Service go beyond capabilities that of the traditional TDM or packet based technologies • Most leading service provides have transitioned to providing integrated services platforms • These platforms allow the service provides to offer bundled services to their customers that can be provisioned almost instantly. CSCI 370 26
Technology/Market Trends • Services could be • Provide Ethernet connectivity over metro or wide area public networks • Virtual point to point • Virtual point to multipoint • Virtual multipoint to multipoint • Offer Connectivity of Storage Area Networks using • Backhauling of cellular traffic using optical networks CSCI 370 27
Requirements Placed on the Network Elements by the Network CSCI 370 28
Packet Based Network Element CSCI 370 29
Line Card using TDM Switch Fabric CSCI 370 30
Integrated TDM/Packet based Line card with Different Switch Fabrics CSCI 370 31
Inter-chip communication recommendations • OIF (Optical Internetworking Forum) recommendations • Variants of SERDES Framer Interface Level 4 for 10 and 40 Gb/s • Variants of System Packet Interface operating at 2.5, 10 and 40 Gb/s • Variants of System Framer Interface operating at 10 and 40 Gb/s • SxI-5: Electrical Characteristics for 2.488 – 3.125 Gbps parallel interfaces. • TFI-5: TDM Fabric to Framer Interface Implementation Agreement CSCI 370 32
Network Security Architecture Customer’s responsibility or Service Provider’s CSCI 370
Security Issues Throughout History • Breaches in information security have translated into catastrophic losses and at times brought organizations or nations to their knees • As time progressed the techniques to transport sensitive information changed, however, the objectives of the sender and interested interceptor still remained the same • The sender always tries to ensure the message assurance • The interceptor on the other hand has been trying to find innovative ways to decipher the intercepted messages CSCI 370 34
Are Metro and Wide Area Networks Safe: A Myth or Reality • Physical Isolation • Does not guarantee data security CSCI 370 35
Are Metro and Wide Area Networks Safe: A Myth or Reality • Virtual Isolation • Data can be easily snooped at by unauthorized entities CSCI 370 36
Are Metro and Wide Area Networks Safe: A Myth or Reality? • Tandem Connection • Subscriber does not have any idea who all might be carrying its data CSCI 370 37
Are Metro and Wide Area Networks Safe: A Myth or Reality? • Snooping Subscriber’s Data by the Carriers • Cases have been reported where the Voice over IP service provider’s data is being blocked by the carriers it uses. • There are tools available that make data snooping, filtering and recording possible CSCI 370 38
Overview of Access Transport Technologies • SONET/SDH • Widely deployed and is being used for Ethernet services • 1/10 Gigabit Ethernet • Used in green field applications • Fibre Channel • Restricted to Storage Area Networks • Native traffic over dark fiber • Typically used by large organizations for whom it is cheaper to manage their own networks CSCI 370 39
Encryption at Different OSI Layers • Three main high speed access protocols • SONET/SDH, 1/10 Gigabit Ethernet and Fibre Channel • Client Mapping of signals over transport protocols CSCI 370 40
Encryption at SONET/SDH Layer • Encryption at SONET/SDH layer • Bulk encryption of data of varied traffic type • Less number of Security Associations (SAs) in SONET/SDH • Generation of encryption keys and their management easier (due to less SAs) • For STS-768 (40 Gb/s) using STS-1 granularities, maximum number of SAs will be 768; for STS-192, there will be 192 SAs. • Due to the lower number of end nodes, the authentication of the networks elements or nodes is significantly lowered. • Ease of management of security infrastructure due to low number of SAs. CSCI 370 41
Encryption of SAN Traffic Over SONET/SDH • Latency Sensitive traffic: Secure SAN extension example • Guaranteed delivery: Fibre Channel (FC) based SANs do not tolerate frame loss in the network beyond what might be expected from BER and availability • High Throughput:Storage applications are the largest drivers of traffic across a network. • Low Latency:Storage applications require quick response times or performance can suffer. • Zero Loss:Loss is unacceptable in a storage environment. Retransmissions significantly affect application performance CSCI 370 42