电信下一代承载网络 China telecom Next Carrier Network(CN2) China Telecom Corporation
Download
Report
Transcript 电信下一代承载网络 China telecom Next Carrier Network(CN2) China Telecom Corporation
中国电信下一代承载网络
China telecom Next Carrier Network(CN2)
韦乐平 Wei Leping
China Telecom Corporation
http://www.chinatelecom.com.cn
Background
Challenges
Total voice traffic and revenue decreases by the end of 2005. The mobile
phone and IP phone calls have cannibalized part of the voice traffic
businesses
Traditional communication network is unable to support China Telecom’s
strategy to become a Integrated Information Service Provider. This is due
to its lack of capability in offering value-added service.
High OPEX (Operating Expenses) is required for traditional
hetergeneous/multiple networks
Existing ChinaNet is not a profit generating business
Opportunities
Acceleration of the Information and Communications Technology (ICT)
adoption in government and enterprises would drives the demand for
telecom services
Adoption of the SIP-based soft-switch technology
The impending releases of 3G license
Rapid development of the broadband service
solutions
Migration of voice service from PSTN to soft-switchbased VoIP technology
Preparation for 3G-based mobile services
Accelerate the development and application of the
broadband services base on xDSL access technology
Drive managed service and system integration service
Built an Integated IP/MPLS-based multi-service
platform — CN2
Philosophy of Building CN2
CN2 strength
network topology
Scalable routing architecture
Highest level of redundancy
Highest level of security
Different class service
All services have edge functionality
End to end control and managment
CN2 Strength
Homogeneous Global Architecture
Single Global ASN(AS4809)
IP Layer Redundancy Drives Accountability
ISIS level2-only with sub-second convergence
Diffserv-based QOS enabled network
MPLS and multicast enabled network
MPLS FRR with sub-50ms reroute
Robust Architecture Allows for Unsurpassed Stability
Offer Layer-2/3 over IP or MPLS
Leading SLAs via Zero Loss & Speed of Light Delays
6PE-based IPV6 ready
Offer Layer-2/3 over IP or MPLS
Leading SLAs via Zero Loss & Speed of Light Delays
End to end service provision and fault management
Simple Network Topology
CN2 comprises of two functional planes and four structural layers to offer a
seamless connectivity for customers. CN2网络包括2个网络功能层面和4个网络
结构层次,实现承载和业务提供相对独立
The two functional planes are high speed data forwarding plane and service provisioning
plane
2个功能层面分别是高速转发层和业务提供层
The four structural layers are core layer, aggregation layer, edge layer and services
connecting layer
4个结构层次指核心层、汇聚层、边缘层和业务接入层
The high speed data forwarding plane and service offering plane is supported by 4 and 1
vendors respectively. This is to ensure minimum service disruption and better edge
services control.
SR/PE
高速转发层包括4个厂家设备,业务提供层1个厂家。减少业务互通障碍,保证业务提供,
边缘业务管理。
Service
Edge
Aggregation
SR/PE
Core
高速转发层
业务接入层
SR/PE
Simple Network Topology(cont)
IP/MPLS Network
All-Optical,Dense Wave Division
Multiplexing (DWDM)
SONET/SDH framing
Per flow load-sharing and failover load-sharing with ISIS
MPLS is enabled with traffic to the PE
Loopback is tagged. Hence, only VPN
traffic is encapsulated in MPLS, all
others is transported native IP
IP
IP
MPLS
SONET
FRAMING
DWDM
Scalable route architecture
To ensure network’s scalability and security, only infrastructure address blocks are
redistributed into the IS-IS (IGP) routing table. Non-infrastructure addresses are redistributed
in BGP. Keeping the IS-IS routing table to a minimum would greatly enhance the network
stability.
只有中继链路地址和管理地址通过ISIS,其他路由通过BGP,控制IGP路由表的条目,保证网络设备
和链路数量的扩展性.
Single Global ASN (AS4809),
CN2 have two type Route reflector
VPN RR for RFC2547-based VPN service,(VRR)
Global RR for internet service(GRR)
VPN RR is independent of global RR, both use one level Route Reflector(RR) (VRR和GRR是
独立设置的,各自专用的)
BGP Communities are deployed for routes control and netflow-based traffic monitor
Global iBGP: Scaling the Global Internet Routing Table involve the increase in the number of
GRR group.
通过增加并列的GRR组来分担部分public 路由处理,这样具有很大的扩展性.
VPN iBGP: Likewise, scaling the VPN routing Table involve the increase of VRR group.
Example, VPN1-500 is handled by VRR-G1 while VPN501-1000 can be handled by VRR-G2
通过增加并列的VRR组来分担部分VPN路由表的处理,比如VPN1-500的路由表有G1转
发,VPN501-1000通过G2转发.
通过以上两种设计解决网络路由表的扩展性.
Scalable route architecture (Cont)
iBGP architecture for global routes
Group 1 for part1 routes
Group 2 for Part2 routes
Full mesh Peers
GRR1
GRR2
Full mesh Peers
GRR3
Send Part 1
routes to G1
Send Part 2
routes to G2
Client
Client
EBGP
Internet
GRR4
Client
Receive Part 1
routes from G1
Client
Receive Part 2
routes from G2
EBGP
Internet
Scalable route architecture (Cont)
iBGP architecture for VPN routes
Group 1 for VPN
1-500 routes
Group 2 for VPN
501-1000 routes
Full mesh Peers
Full mesh Peers
VRR1
VRR2
VRR3
VRR4
Send/ receive
VPN1 routes
to/from G1
Send/ receive
VPN501 routes
to/from G2
Client
Client
PE
Client
Client
PE
PE
PE
Highest Level of redundancy
All network links are deployed in pairs over diverse facilities
Only POS interface are used on backbone interconnection to facilitate
faster failures detection
All network links are active (NOT working and protect)
Each PoP’s router pair is connected by multiple routers. Link failure protection is
the function of IS-IS (layer 3 control) and would not be carried out on transport
layer (layer 2 control) (不依赖SDH或者DWDm的传输层保护)
IS-IS routing protocol
Per flow load sharing between dual pairs
Fail-over load sharing
Sub-second fast convergence for gold service
Three priority LSP flooding and FIB update
MPLS FRR
1:1 mode FRR is deployed in core layer for 50 links
Sub-50ms reroute time
Built to maintain utilization not to exceed 50% during normal running
As a congestion-free network, CN2 ensures premium priority for delivery
of all packets in the core
Higher Level of security
Strict uRPF is deployed on all customer access interfaces
Loose uRPF is deployed on interconnected interface
网间互连端口
Infrastructure ACLs (iACL) deny external traffic to ALL routers interfaces
address. iACL are deployed on edges and borders of the network.
在Cn2网络外部接口互连和用户接口上部署ACL,不允许任何目的Ip地址是
CN2网络,也就是网络外部任何人不能到达Cn2设备.
Infrastructure routes are distribted to internet or customer
隐形网络设计,也就是在其他网络上看不见CN2网络的路由信息
All router access control is manage by AAA servers and syslog
(所有的操作都通过AAA和syslog)
QOS technology would be deployed accordingly to reduce the impact of an
attack or worm traffic.
通过QOS机制保证高等级业务不收病毒泛滥等影响,通过QOS控制病毒流量
的泛滥
Different class service capability
CN2网络中QOS技术的定位
QOS技术是统一承载网络内部资源分配的手段,从资源占用的角
度看,是将统一的IP承载网络逻辑上分为不同的资源子网。比如
3G,软交换、MPLS VPN、ATM等都可以单独建网,现在采用
IP/MPLS技术建设一个网络,容量是所有网络的叠加,通过QOS
技术分配资源给不同的业务。如CN2中软交换和3G语音流量最大
可占用50%带宽资源,Vnet应用最大允许占用带宽资源小于15%。
QOS技术是网络故障或者拥塞情况下,实现业务等级区分的手段,
保证高等级业务提供。但在正常情况下,目前的QOS技术不能实
现业务等级的质量区分。
QOS技术是提高网络资源利用效率的手段。充分利用IP网络统计
复用的优势,在保证各等级业务分配资源的前提下,充分利用部
分剩余资源。比如软交换业务最大优先占用50%的资源,如果实
际的软交换业务流量只有20%,剩下的30%可以被Vnet等其他业
务占用。
Different class service capability
CN2 QOS positioning
QOS is a technique use to allocate limited network resources to
different services. Unlike traditional networks of ATM, Frame Relay,
and lease circuit services, CN2 provides an overlay network for all
these services. To differentiate the services base on the class of
importance or contract, QOS is the mechanism in place to segregate
and allocate network resources to different class of services.
Example of a QOS policy: 3G and soft-switch traffic can be allocated with
at least 50% of the available bandwidth while Vnet can only consumed a
maximum of 15% of the total bandwidth
QOS are also positioned for traffic congestion management. Under the
unfortunate circumstances of equipment or circuit failures, QOS helps
to manage the limited usable network resources to different classes of
services.
Better resource utilization is expected from deploying QOS. Having
elastic policy to re-allocate the under utilized resources results in
efficient resources utilization.
Different class service capability
CN2 QOS设计思路
CN2采用基于DiffServ架构的QOS技术体系,基于IP Precedence和
MPLS EXP标记位最大支持8个业务等级分类。
CN2网络初期实际部署5个业务等级,其中1个等级网络管理控制使用,
1个等级中国电信自身业务使用,对外提供3个等级的业务。
在用户接入端口上部署流量控制、classification 、marking and
remarking、shaping等功能
给予不同等级的业务分配不同的资源冗余:
比如金业务,配置1:2的资源,
银业务配置1:1.5的资源,
铜业务配置1:1的资源。
由于金的资源冗余比较大,正常情况下由于业务流量突发造成的丢包率
小于银和铜。在链路故障情况下,金业务基本不收影响。
采用等级化的快速路由收敛技术,CN2部署了3个等级的路由收敛。
如故障情况下,金业务路由优先收敛,业务中断时间最短,其次是
银和铜。
Different class service capability (Cont)
QOS design philosophy
CN2 adhere to DiffServ framework base on IP precedence and MPLS
EXP Bit classification. Thus offering 8 ??? classes of service
Initial CN2 service classification is base on 5 basic classes of services.
1 class for network control traffic
1 class for network maintenances and operations
3 classes for service offering
All services are classified, remarked, shaped and rate-limited on the
edge of the network to ensure a consistent QOS policy enforcement
within the CN2 network
Service resource allocation is base on class of service. GOLD class of
service would be allocated with 2 times more redundant resources then
BRONZE class of service
Convergence of prefix varies on the traffic class. Prefixes of a GOLD
class of traffic would convergence faster then prefixes of BRONZE
class of traffic
Different class service capability
表:CN2金、银、铜三个等级业务CN2网络传送质量指标。
QOS标记
丢包率(%) MTU(b
yte)
平均延时
(ms)
最大延时
(ms)
抖动(ms)
金业务
5
0.05
1500
30
45
<2
银业务
3
0.1
1500
35
60
<5
铜业务
2
1
1500
40
75
<10
表四:CN2金、银、铜三个等级业务CN2网络可用性相关
指标。平均故障 最大故障 中断总时 中断时 故障次 月可用
切换时间
(s)
切换时间
(s)
长(分钟/ 长(分
月)
钟/次)
数(次/
月)
性(%)
金业务
<3
<8
5
<5
<1
99.99
银业务
<15
<20
10
<5
<2
99.98
铜业务
<25
<45
15
<5
<3
99.95
All services are Edge Functions
Services are enforced and policed on the edges of the network via the SR/PE device.
Service comprises of soft-switch, video conference, VPN. Internet, ATM/FR/DDN etc.
所有业务在边缘实现,只能通过业务路由器(SR/PE)接入,包括软交换、视频会议、
VPN业务、互连网专线、ATM/FR/DDN业务接入等等。
To ensure core network’s stability and security, service provisioning, new service
deployment and security control are performed on the edge of the network..
业务升级或者新业务的增加、安全控制等等只须在边缘层进行,保证骨干网络的稳定。
The SOLE responsibility of the Core Network is packet switching and forwarding
骨干网络只负责数据转发,中国电信内部网络网间互连通过骨干网络,比如城域网互连、
IDC等等
QOS边
缘
P
宽带接
E
P
入
E
P
MPL
E
S L3
P
VPN
E
IPS
P
ecV
E
PN
ATM/FR接入
P
P
P
P
IP/MPLS
platform
P
P
E
Corporate
Dial
P
E
Integrat
P
ed VPN
E
P
E
P
P
E
P
P
E
P
P
E
P
E
AoMP
LS
SDH/DD
N专线接
入
MPL
S L2
VPN
Network Capacity and Coverage
Network Capacity and Coverage (by the end of 2005):
CN2 will provide coverage for 199 cities including Hong Kong,
Tokyo, Singapore, London, New York, San Jose, Washington etc.
with service offering MPLS/VPN and Internet Services.
Cn2网络覆盖国内199个城市,和香港、东京、新加坡、伦敦、法兰克福、
纽约、华盛顿、圣何塞、洛杉矶9个海外节点,提供国际VPN、Internet接入和网间互
连业务
653 routers in total,including 417 P routers,202 PE/SR routers,
12 Public RR,and 12 VPN RR
1267 relay links with a total link bandwidth of 4.231T
(网内中继电路)
Over 800 external interlinkage bandwidth(网间互连电路)with
2.8T
(网络间互连电路,主要是与城域网互连电路)
A total customer access link bandwidth of (用户业务接入电
路)650.62G
(不包括软交换、3G接入带宽 )
CN2 VPN capability
Support MPLS layer 2/3VPN,
RFC2547-based L3 VPN
Draft-martini based Ethernet point to point service
Ethernet multi point service (Vkompella VPLS)
ATM/FR over MPLS(请根据思科的技术,补充相关的标准)
Support 3 classes of service. GOLD, SILVER and BRONZE.
支持金、银、铜三个业务等级
Support N*2M、N*64K、Ethernet/VLAN、L2TPv3, pseudo-wired
Support network wide multicats of 600 multicast groups,1.2Gbps end to end
multicast traffic
VPN coverage(by end 2005)
202 PE routers in 199 cities
2 X ISR in GuangZhou, Beijing and Shanghai. The ISR can be deployed as VPN
InterAS ASBR.
18 PE routes in 9 POPs located in Hong Kong, Tokyp, Singapore, London,
Frankfurt, New York, Washington, San Jose and Los Angeles.
By Mid 2006, the number of PE is expected to increase from 202 to 418 to
facilitate intra-POP layer redundancy.
CN2 VPN capablity
VPN network capacity
CN2 uses Cisco 12416 as PE routers with a total traffic handling capacity of
140G (unilateral direction)
业务接入端口/PE(2个档次):
D档次。210个SDH/DDN/FR业务接入端口,最大4*2M SDH接入/电路;500个
VLAN业务接入逻辑端口(平均5M/用户),最大业务带宽200M/VLAN电路。
E档次。210个SDH/DDN/FR业务接入端口,最大4*2M SDH接入/电路;500个
VLAN业务接入逻辑端口(平均5M/用户),最大业务带宽200M/VLAN电路。
需要配置延伸接入以太网交换机增加物理业务接入端口。
路由型VPN
VPN用户数量/PE:本期工程设计为500。
路由表容量/PE:VPN+公共路由表容量目前为15万条,将来可扩展到30万条
路由(VPN路由数量与公共路由数量比例按照4:1预计)
路由条目/VPN:2万
路由条目/RR:50万
电路型点对点VPN
单台4000 电路型点对点VPN,500/接口卡(思科E3板卡)