Network Based IP Services

Horace Lau Senior Market Development Manager Lucent Technologies, INS IP Services Business Unit

Lucent Technologies – Proprietary 4/25/2020

1

Public IP Services;

Not The Internet

• The road to profits is in Public IP Services

Networks

– A best-effort Internet doesn’t deliver service provider profits – Profits continue in classic data networks because they deliver quality service • But…the Internet delivered some great

successes

– Infrastructure for common communications: The TCP/IP protocol – Infrastructure for applications: Browsers, Streaming Media Formats, Email, Messaging, Directories • Today, customers require the service richness of the Internet with the service quality of the classic data networks 4/25/2020 Lucent Confidential 2

Value-added IP Services Deliver Competitive Advantage

4/25/2020

Commodity Services

Access Services

Bandwidth-Managed Services IP VPNs Managed Security Business Internet Access Converged Services Content Management/ Acceleration Wholesale Subscriber Management Value-added Services

Lucent Confidential

Commodity Services

Core Backbone Services 3

Service Providers Need Business

Quality IP Services Network

PSTN Data Services Wireless

Public IP Network

Optical Core

• • • • • • • • • •

Services Connectivity Performance Reliability Security Simplicity Affordability Flexibility Scalability Ubiquity Best Effort Internet

4/25/2020

Broadband Access

Investment in public data network infrastructure will grow from $12B in 1999 to $22B in 2003. (IDC) Lucent Confidential 4

IP Is the New Public UNI (Network Connection)

• Public IP Networks Require • Routing functions on the edge – Consistent interface to subscriber applications • Application-Aware Dynamic Service Delivery – End-End Across The Network • Network Changes Behavior As Necessary • Public IP Networks Must Provide • Application-aware priority for IP flows • Application specific behavior for different IP Flows – Deliver bandwidth, and access privileges as required • Per application • Dynamic signaling to support application

requirements

– Deliver services where and when they are needed

Architecture

•

By requesting them from smart network elements

• Public IP Networks Cannot Use a Hop-by-Hop Internet • Routers alone won’t support what needs to be done 4/25/2020 Lucent Confidential 5

Deterministic Service Behavior

• Service-specific functions in virtual

routers

– Traffic classification • Voice, video, data – – Marking, shaping, policing • Priority queuing of IP application traffic – Voice first, then file transfer data packets Mapping IP application traffic to MPLS paths • To ensure service quality • Pre-engineered traffic paths in core – Supports MPLS paths in: • Frame based networks (core router-based networks) • ATM multi-service networks – Provides: bandwidth guarantees, latency commitments – Provides: QoS 4/25/2020 Lucent Confidential 6

Creating Personalized Services

Packet Criteria Intranet ASP WEB All Others Action IPsec FW/MPLS NAT/FW Deny Class of Service VPN Service Sales Automation Secure Internet N/A Billing Class $$$ $$ $ N/A Intranet Application Aware Traffic Treatment Enterprise A Application Stream LDAP Policy Server AAA Server

4/25/2020

Access Device Service Intelligent Element

Lucent Confidential

Core Network Tunnel C ASP ISP #1 ISP #2

7

Network Architecture for Public IP Services

Key Architecture Elements

• Service Intelligence to build end-to-end services – Virtual Routing – Intelligent Agents – Service Creation Model • MPLS to create dynamic connections in and between layers in the network • Unified network management for provisioning, monitoring, fault recovery • Professional services for full public network design and lifecycle management expertise 4/25/2020 Lucent Confidential 8

Complete Service Intelligent Architecture

Scalable on-ramp for IP service traffic Metro Optical RAS Actively mediates network behavior Reliable, high speed, transport Intranet DSL Cable Access Network IP Service Switch IP/ATM Core Switch IP/ATM Core Switch Optical Core IP/ATM Core Switch Extranet Web Frame/ ATM ISP Wireless

Access Layer

4/25/2020

Services Layer Core Layer Intelligent, dynamic, scalable.

Lucent Confidential

ASP

•Recognizes users &

their applications

•Understands their

individual service needs

•Mediates on their

behalf to deliver IP services

•Regardless of when,

where, or how they arrive on the network

•All in a reliable and

end-to-end, secure manner

9

• MPLS is an integral architecture element for communication in and between the network layers – Multi-Protocol Label Switching (MPLS) is not only used for traffic engineering in IP Networks • A Fundamental framework for Service Intelligence in Public IP Services networks • Benefit: Creation of highly customized services

based on subscriber, application, and network requirements

4/25/2020 Lucent Confidential 10

MPLS for Dynamic Connections: within the IP & ATM Transport Layers

4/25/2020

ATM Multiservice/ MPLS PSAX Family BSTDX GX550 NX NX NX IP Switching/ Packet MPLS

• Multiservice ATM Core

delivers infrastructure for Frame Relay, DSL, ATM Access and Multiservice MPLS

• IP Core provides

infrastructure for “pure IP” networks and Packet MPLS

• MPLS between

architectures provides for end-to-end IP services

Lucent Confidential 11

MPLS for Dynamic Connections: Between Layer 1 and Layer 2

The service intelligent network requests bandwidth and transport from the optical core via dynamic MPLS signal requests IP/ATM Core

Benefits:

•

Sub-second restoration in case of failure

•

Automatic addition of resources in response to demand

•

Layer 1 & Layer 2 are active participants in service delivery

4/25/2020 Lucent Confidential

Optical Core

12

Unified Network Management For IP Services

• Single service console for IP Services – Creation and management of all IP Service elements: Customer Located Equipment (CLE), Service Switch, Core – – Service creation built within virtual routers Policy driven network behavior not “port-by-port” configuration using network directories– like the voice network.

• Flow-through integration with Layer 2 infrastructure – Automatic connections between devices – End-to-end within layer-two framework • Layer-one integration with dynamic signaling: – On demand bandwidth creation driven by Service Intelligence through ODSI/OIF Optical Interface

Benefit: scalable, single seat management with end-to end provisioning, monitoring, fault isolation

4/25/2020 Lucent Confidential 13

Intelligent IP Service Management

• Provisioning – Unified – supports all network elements actively enforcing Service Attributes – – – Scaleable – Virtually centralized with distributed content Integrated - Built on top of a single platform Flexible – GUI or API driven • Surveillance/Assurance – Common Fault and Performance architecture – SLA Assurance w/detailed analysis • Capacity planning – Historical trend analysis 4/25/2020 Lucent Confidential 14

Radically Different Approach

• Policy driven network behavior – Not “port-by-port” configuration • Configure the network services, not the devices • Let the devices grab configuration elements and change behavior as users of a service arrive at a port • IP Framework for Services – Service creation built within virtual routers • On edge of service provider network • Driven by central database servers 4/25/2020 Lucent Confidential 15

Voice:

Policy Makes The Difference

Back-office Customer care TCAP

User provisioning is to a directory 5ESS

User

5ESS 5ESS

Service Endpoint

5ESS

• Traditional voice services – SS7/TCAP and central services • Service elements: circuit-based connection oriented services • Reliability, predictability, security, billable connections 4/25/2020 Lucent Confidential 16

Data: Policy Makes The Difference

Web/ Corba Back Office Customer Care LDAP (Oracle)

User provisioning is to a directory SIN

Data User

SIN SIN

Data Service Endpoint

SIN

• IP Data Services – RADIUS/LDAP user-level policy • Service elements: predictable bandwidth, security,

connection oriented IP

– IP “conference calls” – Managed bandwidth services per application – Predictable “SLA’s” for customer and carrier 4/25/2020 Lucent Confidential 17

Policy Driven Service Creation

• As with voice: – Specific subscriber profiles drive network element behavior • Same with Data: – Network elements interact with provisioning servers – Service Provider defines services – Active network “reacts” to policies • Sets-up network resources on behalf of users • Uses MPLS, other technologies to signal for enforcement of service attributes 4/25/2020 Lucent Confidential 18

Web-based Service Selection

Service Provider

User connects to VR ATM User browser set to service provider homepage for service selection LightShip Call Logging Receiver User HTTP Request Service Selection Page VR Web server, presents HTML page collects service request, updates DB HTML IP Network Web Server

HTML

Database LDAP records LightShip Configuration Server

• Enables powerful flow-through provisioning – Users can “turn up” or change certain services themselves • Users edit web pages that update LDAP service profiles • Active network elements get “change notice” – Network elements download new profile & provide service 4/25/2020 Lucent Confidential 19

Key IP Service Applications

Site-site intranet Branch offices Desktops

Campus

eCommerce Internet Intranet servers Telecommuters

Public IP network

Web servers

Web

Mobile users Extended intranet Extranet servers

Campus

Customers Business-business extranets Partner Supplier Desktops 4/25/2020 Lucent Confidential 20

Site-to-Site Intranet VPN

Remote office CPE PVC DNS DHCP auth acct DNS DHCP auth Remote office CPE FR switch PPP Servers CPE Remote office VPN CPE Router IPSec Central site

4/25/2020 • • • • •

Requirements High bandwidth, low latency Selectable authentication Authorization Secure virtual routing High performance IPSec

• • • • •

3DES encryption Key management IP address management (per VR) Tunnel switching & concentration Accounting for dept. bill-back

Lucent Confidential 21

Business-to-Business Extranet VPN

Suppliers DNS DHCP Auth Acct CA CPE Extranet Host Central Site Servers Business Partners CPE CPE Customers

4/25/2020 • • • • •

CPE Authentication Authorization Secure Virtual Routing High performance IPSec 3DES encryption Requirements

• • • • •

Rapid, high capacity key generation IP address management Tunnel switching & concentration User-granular accounting for bill-back X.509v3 digital certificates

Lucent Confidential 22

Network-Based Firewall Service

Remote office CPE Remote office DSL modem Mobile VC ATM switch DSLAM/ RAS PPPoE Dynamic service profiles VR VR LDAP policy server Backbone network ISP #3 Intranet Extranet Requirements

• • • • 4/25/2020

Small-medium business Stateful inspection, denial of service protection Extranet access control, NAT Granular user/site level policy

• •

On-the-fly, Follow-me Firewall from single configuration Different policies for different flows within same session or site

Lucent Confidential 23

IP Services Vision

+ + + = 4/25/2020

Service Intelligent infrastructure from edge to core to edge

Benefit: Provides a network platform for service delivery tailored to the needs to the subscriber/application

Intelligent dynamic signaling in and between the network layers

Benefit: Provides a rich framework for deploying service intelligence between the layers of the network

Scalable, end-to-end network management from single console Full lifecycle professional services from planning to operations

Benefit: Allows for efficient network operations and leverage of network investment Benefit: Allows for service providers to outsource to save engineering/operations costs

Profitable, Value-added services

Lucent Confidential 24