380 likes | 609 Views
This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/. Building L2 & L3 service with ALU Service Router. Gatot Susilo
E N D
This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/ Building L2 & L3 service with ALU Service Router Gatot Susilo October 7, 2013
This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/ Service Router
Pt-to-Pt L2-VPN: Virtual Lease Line (PWE-3 RFC3985) • Pseudo Wire Emulation Edge-to-Edge • Point-to-point service emulation (i.e., ATM, Frame Relay, Ethernet, TDM) over IP/MPLS (i.e., Packet Switched Networks) • Require bidirectional tunnel between two PEs • Inner connection is identified by MPLS label • Uses T-LDP for inner label exchange PWE-3 PE2 PE1 CE2 CE1 AC2 AC1 IP/MPLS Network Bidirectional Tunnel IP (GRE) or MPLS T-LDP
Pseudowire Emulation Edge to Edge - RFC3985 PWE-3 PE2 PE1 CE2 CE1 AC2 AC1 IP/MPLS Network Bidirectional Tunnel IP (GRE) or MPLS T-LDP Service Entities (Point to Point) • Customer • is also referred as subscriber • Identified by customer ID
Service Entity (Continue) • SDP • A logical way to direct uni-directional service tunnel • Support GRE (IP tunneling) or MPLS as service tunnel • Provide a better control for (LSP) tunnel selection • Multiple services can share the same SDP • Support forwarding class based (LSP) tunnel selection
Service Entity (Continue) • Service • Internet Enhanced Service (IES) • L2-VPN: EPIPE, VPLS (Multipoint), APIPE, FPIPE, CPIPE (Pt-to-Pt) • L3-VPN: IPIPE (Pt-to-Pt), VPRN (Multipoint) • Mirroring • SAP • A local entity and is uniquely identified by • The physical Ethernet port or SONET/SDH port or TDM channel • The encapsulation type (e.g., Null, Dot1q, QinQ, IPCP, BCP-null, BCP-dot1q, ATM, Frame Relay, Cisco-HDCLC) • The encapsulation identifier • Applicable to access port only • A single port can contain multiple SAPs PPP
Multi-Service Edge ATM UNI ATM Alcatel-Lucent Suite of Point-to-Point Pseudowire Services Ethernet UNI FR UNI Ethernet UNI IP/MPLS Network FR UNI IP PW IP PW ATM UNI FR PW ATM UNI ATM PW FR UNI Ethernet PW 7750 SR 7750 SR LSP Ethernet UNI Frame/ ATM UNI Note: The termination of routed or routed-bridged encapsulation of ATM traffic into an IES or IP-VPN is supported Leverage PWE3 for frame relay-ATM-Ethernet Service and Network Interworking
Multipoint L2-VPN: Virtual Private LAN Service (RFC4762) • Purpose • To provide connectivity between geographically dispersed customer site across MANs and WANs, as if they are connected using LAN • Two Categories of Applications • Connectivity between customer routers: LAN routing application • Connectivity between customer Ethernet switches: LAN switching application • Use MPLS (Ethernet Pseudowire) in the core network (i.e., PEs interconnection) • Multiple VPLS instances can be created on the same PE
VPLS VPLS VPLS VPLS VPLS – Attributes • Flooding for unknown unicast DA or broadcast/multicast frames • Forwarding known DA to designated port • Address Learning to build forwarding database (FDB) • Perform standard learning, filtering, and forwarding actions as per IEEE802.1D-ORIG, IEEE802.1D-REV, and IEE802.1Q • MAC Address Withdrawal using LDP Message to trigger address re-learning • Use H-VPLS (Hub and Spoke) to reduce number of mesh PWs CE2 PE2 PE1 PE3 IP/MPLS Network CE1 CE3 PE4 CE4
Alcatel-Lucent Premium VPN Services Support for OSPF allows VPN customer running OSPF to migrate to an IP-VPN backbone without changing their IGP, introduce BGP as the CE-PE protocol and stop relying on static routes for access to an IP-VPN service QoS policy runtime instantiation provides the ability to dynamically change bandwidth and QoS parameters for value-added services Internet Enable service interworking of VPWS using IP PW IP-VPN VPLS Frame Relay FR UNI 7750 SR IP-VPN IP-VPN Ethernet UNI Ethernet IP/MPLS Backbone ATM VPLS VPLS ATM UNI Frame Relay 7750 SR 7750 SR Ethernet FR UNI IP-VPN ATM VPLS Ethernet Ethernet UNI 7750 SR ATM UNI Ethernet UNI Multiple Spanning Tree Protocol (IEEE 802.1s) to interoperate with traditional L2 switches and operate along with Managed VPLS to provide an effective dual homing solution Transparent Layer 2 protocol tunneling (L2PT) to transparently transport Layer 2 PDUs between CPEs, including translation between different STP types Terminate RFC 2684 routed bridged encapsulation of ATM traffic onto IES and IP-VPN services
This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/ QoS
FC + PS FC + PS Basic QoS on 7x50/7710 SR Product Family • Use differentiated service (DiffServ) model • 8 Forwarding Classes (NC, H1, EF, H2, L1, AF, L2, and BE) • Profile State (in profile rate <= CIR; out of profile rate > CIR) • Separate queues for unicast and multicast traffic • Allow one queue per forwarding class or one queue for multiple forwarding classes • By default, remarking for EXP, DSCP, Dot1p iff: • L2 traffic or a non-trusted IP interface • The first network egress • Not remarked explicitly by SAP ingress No explicit Dot1p to FC in default mapping Pre-classification (Dot1p, IP Prec, DSCP, IP criteria, MAC criteria) EXP – MPLS DSCP – IP Dot1p – Ethernet Dot1p – Ethernet Allow Remarking for DSCP or IP Prec (applicable for L3 service only) Network Egress Network Ingress SAP Egress SAP Ingress
This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/ OAM
OAM • IP - ICMP Ping/Trace • MPLS - LSP Ping/Trace • PW - VCCV Ping/Trace • SDP - SDP Ping • SVC - SVC Ping • VPLS - MAC Ping/Purge/Populate/ • Ethernet – 802.1ag/Y1731
This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/ Next Gen Hotspot 2.0 – Why Wi-Fi?
Wi-Fi Opportunity and Strategy to Success WiFi Opportunity • By 2015 there will be 8B mobile devices; global mobile traffic will grow 26x to 6.6m TB/month where video will be 66% of all mobile traffic;1.2 million hotspot venues from 421K in 2010 worldwide (In-Stat Research Report) • Mobile operators need more cost effective radio technologies to handle increasing data traffic • Wi-Fi is global – same frequency band worldwide (2.4GHz and 5GHz) • Wi-Fi is built into smart phones and devices • Wi-Fi provides ~5x bandwidth (MHz) of Cellular (5GHz vs ~1GHz) • Carrier grade Wi-Fi offers platform for delivering a host of new location-based services Strategy To Success • Should complement operator’s spectrum • Should be easy/transparent for the user • Should be viable resource to meet users’ expectations • Should be easily and cost-effectively integrate into existing 3G/4G architectures
Hotspot 2.0 Technology Enablers VISION: Mobile Network: Turn on phone and secured Cellular connectivity WiFi Network: Turn on phone and get secured WiFi connectivity Automatic, Secured, EAP Based
This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/ ALU Light Radio WiFi Solutions
LIGHTRADIO WI-FI: 7750 WLAN G/WSolution Strengths DIAMETER Internet & Media GRE per HGW/AP S2a/S2b/Gn GTP Option to Breakout to Internet where cost-effective Unified authentication, authorization and accounting GRE per HGW/AP L2 transparency • Full flexibility for local breakout or GTP mobility • Mobility between WiFi and Macro with address preservation • WLAN GW N:1 redundancy with IP address preservation • WLAN GW mobility with IP address preservation • No IPSec required on UE • No mobility functions required on AP (Simpler APs) • Flexible choice of transport: L2/IP/MPLS or IPSec • Rapid inter-AP mobility (due to L2 transparency) • No per-AP provisioning: SoftGRE tunnels auto-created • Tunnel Scalability: tunnel state only if active subs • Subscriber Scale: IP address sharing with L2-aware NAT • Conservation of resources for migrant users RADIUSProxy PGW/GGSN HGW/AP SS7 MAP or Diameter Auto-provisioned tunnels for operational simplicity Anchoring subscriber through PGW/GGSN is independent of WLAN-GW location using standard interfaces HGW/AP AAA 7750 SR WLAN GW HLR HSS AuC
Edge 7x50 or 7705 SAR can encapsulate VLAN-only APs into GRE tunnels for a common model to GRE-capable APs WLAN GW: Deployment Models WLANGW • Soft GRE benefits of scale and auto-provisioning on the WLAN GW • Achievable with GRE-capable APs or • For non GRE-capable APs, L2 aggregator device such as 7x50, 7705 SAR families can be used to provide GRE transport over IP toward WLAN GW 7750 7x50 Regular ESM with 1 VLAN per Sub or 1 VLAN per service WLANGW 7x50 7750 WLANGW VLANs GRE Tunnel 7750 7x50
IP LIGHTRADIO WI-FI ARCHITECTUREACCESS POINT OPTIONS L3 Solution L2 Solution Offload SSID Offload SSID TUNNEL Bridge • Flexible for L2 Wholesale • L3 Wholesale with support for overlapping IP@ • GTP IP@ Mobility with overlapping IP@ • Faster Inter-AP mobility triggering • Simpler, less CPU-intensive CPE • Network portal • IP@ Sharing • Subscriber visibility in the network with NAT • MAC@ visibility in the network authentication • No L2 Wholesale • No L3 Wholesale with overlapping IP@ • No GTP IP@ Mobility with overlapping IP@ • L3 mobility which is slower • Complex CPE • Portal on CPE • No IP@ Sharing • No Subscriber visibility in the network with NAT • No MAC@ visibility in the network ALU Recommendation
Current 3GPP/2 standard for access to EPC over non trusted access WLAN AP WLAN WLAN AP ePDG/PDIF AAA AAA HSS HSS PDG/WLAN GW PGW PGW Protected tunnel 3GPP - WLAN TO 3G/4G INTERWORKING • IPSecISSUES: • IPSec/IKEv2 required on UE • Battery drain effect on UE and intensive CPU processing. • IPSec overhead & associated packet fragmentation on WLAN air interface • Poor user experience with Latency associated with tunnel establishment for short-sessions (e.g. MMS access) • Multiple tunnels one for each service SWx (possibly unsecure) WLAN AP & Backhaul a priori owned by any provider S2b: GTP IPSec: 3GPP/2 VPN ALU solution (fat-pipe model) that overcomes standard issues • WLAN GW solution over trusted or un-trusted access SWx (secure) WLAN AP & Backhaul 802.11i Radius Single tunnel / AP S2a: GTP
SLA and QoS Management • SLA-profiles created on WLAN-GW • SLA-profile is a template with parameters • (e.g. rates i.e. PIR/CIR) • Association of subscriber to an SLA-profile • is dynamic via RADIUS VSAs • Bandwidth control • Per AP • Per AP, per wholesale partner • Per IP@ Mobility public WIFI user • QOS mapping - 3G/4G <-> WIFI FC to queue mapping Per Tunnel (or per tunnel per wholesale partner) aggregate rate DSCP to FC mapping Per user policing GRE GTP WLAN GW Access GRE CM/RG/AP FC to DSCP mapping in outer header OR Copying DSCP in inner IP to outer IP DSCP to FC mapping
2. WLAN GW; BNG functionalityenhance sub-mgt (ESM) Legacy BRAS subscriber tunnel Per Sub HSI Per Sub Best effort • Single-service (HSI) Typical BNG multi-service Voice Voice Per Sub IPTV IPTV • Per-subscriber • Per-service HSI Hierarchical QoS GigE 10GE Per subscriber personalization 7750 SR as BNG multi-application Per Sub RG/AP Managed Video Online Services • Per-subscriber • Per-service • Per-application Managed VoIP Hierarchical QoS with Application Assurance Voice Managed Gaming IPTV HSI Per device Voice 7750 SR as WLAN GW multi-device IPTV Per Device Per Access Point Online Services Tab • Per access point • Per-device • Per-service • Per-application Per Device PC TV Online Services
GRE per HGW/AP Inter-AP Mobility 7750 SR WLAN GW PBB Bridge MS-ISA GRE per HGW/AP HGW/AP UE Anchored on MS-ISA MS-ISA MS-ISA HGW/AP • When UE moves between AP, WLAN GW re-learns UE MAC on new GRE tunnel: • Learning from re-authentication • Learning from normal data packets • Learning based on a “mobility trigger” packet from AP • Subscriber is not deleted/recreated on WLAN GW • Full re-authentication after re-association with new AP can be avoided if PMK-caching enabled on AP & UE, or if Wi-Fi AP implements 802.11r
INTER WLAN-GW REDUNDANCY & MOBILITY • IP@ preserved when subscriber moves or switches to new WLAN-GW. • L2-aware NAT on old and new WLAN-GW. • “Data-triggered” authentication and subscriber creation on new WLAN-GW. • First data packet on new WLAN-GW to trigger RADIUS authentication based on <IP@,MAC@>. Subscriber created after authentication. Inter-WLAN-GW Redundancy Inter-WLAN-GW Mobility WLAN-GW1 WLAN-GW1 1. Health-check for WLAN-GW (based on IP Pings) 1. UE Moves AAA AAA 2. Data switched to wards backup WLAN-GW 2. Access-Request <IP, MAC> 3. Access-Request <IP, MAC> 4. Data-triggered Subscriber creation 3. Data-triggered Subscriber creation WLAN-GW2 WLAN-GW2
SOFT-GRE ESM USER – OPEN SSID Call Flow WLAN-GW AAA Captive Portal Internet UE WAP 802.11 PHY Attachment DHCP Discover GRE( DHCP Discover ) • If no previous session for this UE-MAC is found, it will create a new user entry; a redirect policy will be returned in the RADIUS Access-Accept • If already an authenticated session for this UE-MAC is found, no redirect policy will be returned in the RADIUS Access-Accept RADIUS Access-Request RADIUS Access-Accept DHCP Offer GRE( DHCP Offer) • A new regular ESM subscriber context is created with HTTP redirect filter DHCP Request GRE( DHCP Request) DHCP Ack GRE( DHCP Ack) RADIUS Accounting-Start ARP Request GRE( ARP Request ) SR OS 10 PORTAL-BASED AUTHENTIC ATION GRE( ARP Reply ) ARP Reply HTTP GET( URL ) GRE( HTTP GET( URL ) ) HTTP Redirect/302( Portal ) GRE( HTTP Redirect/302( Portal ) ) HTTP Web-Based Authentication to the Captive Portal Authentication Request RADIUS CoA • Change of Authorization Authentication Success Internet Access OK!
SOFT GRE ESM USER – SECURED SSID – Call FlowLocal Breakout The WLAN-GW’s RADIUS proxy server will send the RADIUS message to one (or more) AAA server(s). WLAN-GW AAA UE WAP Start authentication 802.1X EAPoL-Start 802.1X EAP-Request(Id) RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port, Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID) RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port, Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID) 802.1X EAP-Response(Id) 802.1X EAP-Request(Challenge) RADIUS Access-Challenge(EAP-Challenge) RADIUS Access-Challenge(EAP-Challenge) AUTHENTICATION RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port, Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID) RADIUS Access-Request(User-Name, EAP-Response, NAS-IP, NAS-Port, Calling-Station-Id=UE-MAC, Called-Station-Id=AP-MAC:SSID) 802.1X EAP-Response(Id) ... ... ... ... RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout) RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout) 802.1X EAP-Success() 802.1X EAPoL-Key(ANonce) 4-WAY IEEE 802.11i Four-Way Handshake 802.1X EAPoL-Key(SNonce, MIC) 802.1X EAPoL-Key(Encrypted GTK, MIC) 802.1X EAPoL-Key(MIC) RADIUS Accounting-Start(User-Name, NAS-IP, NAS-Port, Calling-Station-ID=UE-MAC, Called-Station-Id = AP-MAC:SSID) ACCT RADIUS Accounting-Response() LUDB in the cache of the RADIUS proxy server DHCP Discover(chaddr=UE-MAC) GRE( DHCP Discover(chaddr=UE-MAC) ) DHCP Offer(chaddr=UE-MAC, yip=UE-IP, Subnet-Mask, Router, Lease-Time) GRE( DHCP Offer(chaddr=UE-MAC, your-ip=UE-IP, Subnet-Mask, Router=WLAN-GW-IP, Lease-Time) DHCP DHCP Request(chaddr=UE-MAC, Requested-IP-Address=UE-IP) GRE( DHCP Request(chaddr=UE-MAC, Requested-IP-Address=UE-IP) RADIUS Accounting-Start(User-Name, NAS-ID, NAS-Port, Calling-Station-ID=UE-MAC, Called-Station-Id = AP-MAC:SSID) DHCP Ack(chaddr=UE-MAC, yip=UE-IP, Subnet-Mask, Router, Lease-Time) GRE( DHCP Ack(chaddr=UE-MAC, your-ip=UE-IP, Subnet-Mask, Router=WLAN-GW-IP, Lease-Time) RADIUS Accounting-Response()
WLAN-GW 3G INTERWORKING – GN InterfaceWi-Fi Offload ► Call Flow WLAN-GW RADIUS Server UE WAP P-GW RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, Alc-Wlan-APN-Name, 3GPP-GGSN-Address, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout) 802.1X EAP-Success() • The WLAN-GW detects that RADIUS attributes have been received in the Access-Accept to setup a GTP tunnel. It will initiate GTP-C tunnel setup with: • Handover Indication set to TRUE (since it is DHCP Request) • PDN Address Allocation set to the IP address, requested in the DHCP Request DHCP Request(Requested-IP) GRE( DHCP Request(IP) ) GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=TRUE, PAA=DHCP-Requested-IP) GTP Create-Session-Response(Cause= “Context Not Found”) The GGSN doesn’t find a previous context and refuses the bearer setup. GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=FALSE, PAA=0.0.0.0) Wi-Fi OFFLOAD CONNECT SCENARIO • The WLAN-GW sees that the bearer setup was not successful and tries again with: • Handover Indication set to FALSE • PDN Address Allocation set to 0.0.0.0 GTP Create-Session-Response(Cause= “Request Accepted”, PAA=New-IP) GRE( DHCP NAK() ) DHCP NAK() Since the P-GW assigned a different IP address then what was requested by the UE, the WLAN-GW will cache this IP address for 30s and force the UE restart DHCP from scratch by sending a DHCP NAK. DHCP Discover() GRE( DHCP Discover() ) GRE( DHCP Offer(New-IP) ) DHCP Offer(New-IP) GRE( DHCP Request(New-IP) ) DHCP Request(New-IP) DHCP Ack(New-IP) GRE( DHCP Ack(New-IP) )
WLAN-GW 4G/LTE INTERWORKING – S2B InterfaceWi-Fi Offload ► Call Flow Rel 11.0.R2 Diameter Server WLAN-GW RADIUS Server UE WAP P-GW RADIUS Access-Accept(EAP-Success, Alc-SLA-Prof, Alc-Subsc-Prof, Alc-Wlan-APN-Name, 3GPP-GGSN-Address, MSMPPE-Recv-Key, MS-MPPE-Send-Key, Session-Timeout) 802.1X EAP-Success() • The WLAN-GW detects that RADIUS attributes have been received in the Access-Accept to setup a GTP tunnel. It will initiate GTP-C tunnel setup with: • Handover Indication set to TRUE (since it is DHCP Request) • PDN Address Allocation set to the IP address, requested in the DHCP Request DHCP Request(Requested-IP) GRE( DHCP Request(IP) ) GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=TRUE, PAA=DHCP-Requested-IP) GTP Create-Session-Response(Cause= “Context Not Found”) The PGW doesn’t find a previous context and refuses the bearer setup. GTP Create-Session-Request(IMSI, RAT-Type=WLAN, APN, HI=FALSE, PAA=0.0.0.0) Wi-Fi OFFLOAD CONNECT SCENARIO • The WLAN-GW sees that the bearer setup was not successful and tries again with: • Handover Indication set to FALSE • PDN Address Allocation set to 0.0.0.0 DIAMETER AA-Request(Application=S6b, User-Name, RAT-Type=WLAN) DIAMETER AA-Answer(Application=S6b, Result-Code = DIAMETER-SUCCESS) GTP Create-Session-Response(Cause= “Request Accepted”, PAA=New-IP) GRE( DHCP NAK() ) DHCP NAK() Since the P-GW assigned a different IP address then what was requested by the UE, the WLAN-GW will cache this IP address for 30s and force the UE restart DHCP from scratch by sending a DHCP NAK. DHCP Discover() GRE( DHCP Discover() ) GRE( DHCP Offer(New-IP) ) DHCP Offer(New-IP) GRE( DHCP Request(New-IP) ) DHCP Request(New-IP) DHCP Ack(New-IP) GRE( DHCP Ack(New-IP) )
This is a placeholder image only. Please select an image to reflect the content of your PPT presentation. Visit our approved corporate photography collection on the MarCom Store at: https://all.alcatel-lucent.com/marcomstore/ Research Recommendation
Research Recommendation • WiFi Access Point • Wireless Mesh Network • Radio • Location Based Services • HTTP Redirect/Inline advertisements