中國電信CN2網(wǎng)絡介紹.ppt

1、,中國電信下一代承載網(wǎng)絡 China telecom Next Carrier Network(CN2）,China Telecom Corporation ,韋樂平 Wei Leping,Challenges Total voice traffic and revenue decreases by the end of 2005. The mobile phone and IP phone calls have cannibalized part of the voice traffic businesses Traditional communication network is unab

2、le to support China Telecoms strategy to become a Integrated Information Service Provider. This is due to its lack of capability in offering value-added service. High OPEX (Operating Expenses) is required for traditional hetergeneous/multiple networks Existing ChinaNet is not a profit generating bus

3、iness Opportunities Acceleration of the Information and Communications Technology (ICT) adoption in government and enterprises would drives the demand for telecom services Adoption of the SIP-based soft-switch technology The impending releases of 3G license Rapid development of the broadband service

4、,Background,Migration of voice service from PSTN to soft-switch-based VoIP technology Preparation for 3G-based mobile services Accelerate the development and application of the broadband services base on xDSL access technology Drive managed service and system integration service Built an Integated I

5、P/MPLS-based multi-service platform CN2,solutions,Philosophy of Building CN2,CN2 strength network topology Scalable routing architecture Highest level of redundancy Highest level of security Different class service All services have edge functionality End to end control and managment,Homogeneous Glo

6、bal Architecture Single Global ASN(AS4809) IP Layer Redundancy Drives Accountability ISIS level2-only with sub-second convergence Diffserv-based QOS enabled network MPLS and multicast enabled network MPLS FRR with sub-50ms reroute Robust Architecture Allows for Unsurpassed Stability Offer Layer-2/3

7、over IP or MPLS Leading SLAs via Zero Loss & Speed of Light Delays 6PE-based IPV6 ready Offer Layer-2/3 over IP or MPLS Leading SLAs via Zero Loss & Speed of Light Delays End to end service provision and fault management,CN2 Strength,Simple Network Topology,CN2 comprises of two functional planes and

8、 four structural layers to offer a seamless connectivity for customers. CN2網(wǎng)絡包括2個網(wǎng)絡功能層面和4個網(wǎng)絡結(jié)構(gòu)層次，實現(xiàn)承載和業(yè)務提供相對獨立 The two functional planes are high speed data forwarding plane and service provisioning plane 2個功能層面分別是高速轉(zhuǎn)發(fā)層和業(yè)務提供層 The four structural layers are core layer, aggregation layer, edge layer a

9、nd services connecting layer 4個結(jié)構(gòu)層次指核心層、匯聚層、邊緣層和業(yè)務接入層 The high speed data forwarding plane and service offering plane is supported by 4 and 1 vendors respectively. This is to ensure minimum service disruption and better edge services control. 高速轉(zhuǎn)發(fā)層包括4個廠家設備，業(yè)務提供層1個廠家。減少業(yè)務互通障礙，保證業(yè)務提供，邊緣業(yè)務管理。,Core,Aggr

10、egation,Edge,Service,高速轉(zhuǎn)發(fā)層,業(yè)務接入層,SR/PE,SR/PE,SR/PE,Simple Network Topology(cont),IP/MPLS Network All-Optical，Dense Wave Division Multiplexing (DWDM) SONET/SDH framing Per flow load-sharing and fail-over load-sharing with ISIS MPLS is enabled with traffic to the PE Loopback is tagged. Hence, only VPN

11、 traffic is encapsulated in MPLS, all others is transported native IP,MPLS,SONET FRAMING,DWDM,IP,IP,Scalable route architecture,To ensure networks scalability and security, only infrastructure address blocks are redistributed into the IS-IS (IGP) routing table. Non-infrastructure addresses are redis

12、tributed in BGP. Keeping the IS-IS routing table to a minimum would greatly enhance the network stability. 只有中繼鏈路地址和管理地址通過ISIS,其他路由通過BGP,控制IGP路由表的條目,保證網(wǎng)絡設備和鏈路數(shù)量的擴展性. Single Global ASN (AS4809), CN2 have two type Route reflector VPN RR for RFC2547-based VPN service,(VRR) Global RR for internet servic

13、e(GRR) VPN RR is independent of global RR, both use one level Route Reflector(RR) (VRR和GRR是獨立設置的,各自專用的) BGP Communities are deployed for routes control and netflow-based traffic monitor Global iBGP: Scaling the Global Internet Routing Table involve the increase in the number of GRR group. 通過增加并列的GRR

14、組來分擔部分public 路由處理,這樣具有很大的擴展性. VPN iBGP: Likewise, scaling the VPN routing Table involve the increase of VRR group. Example, VPN1-500 is handled by VRR-G1 while VPN501-1000 can be handled by VRR-G2 通過增加并列的VRR組來分擔部分VPN路由表的處理,比如VPN1-500的路由表有G1轉(zhuǎn)發(fā),VPN501-1000通過G2轉(zhuǎn)發(fā). 通過以上兩種設計解決網(wǎng)絡路由表的擴展性.,Scalable route ar

15、chitecture (Cont),Full mesh Peers,Full mesh Peers,Internet,GRR1,GRR2,GRR3,GRR4,Client,Client,Client,Client,Group 1 for part1 routes,Group 2 for Part2 routes,Internet,EBGP,EBGP,iBGP architecture for global routes,Scalable route architecture (Cont),Full mesh Peers,Full mesh Peers,VRR1,VRR2,VRR3,VRR4,C

16、lient,Client,Client,Client,Group 1 for VPN 1-500 routes,PE,PE,PE,PE,Group 2 for VPN 501-1000 routes,iBGP architecture for VPN routes,Highest Level of redundancy,All network links are deployed in pairs over diverse facilities Only POS interface are used on backbone interconnection to facilitate faste

17、r failures detection All network links are active (NOT working and protect) Each PoPs router pair is connected by multiple routers. Link failure protection is the function of IS-IS (layer 3 control) and would not be carried out on transport layer (layer 2 control) (不依賴SDH或者DWDm的傳輸層保護) IS-IS routing

18、protocol Per flow load sharing between dual pairs Fail-over load sharing Sub-second fast convergence for gold service Three priority LSP flooding and FIB update MPLS FRR 1:1 mode FRR is deployed in core layer for 50 links Sub-50ms reroute time Built to maintain utilization not to exceed 50% during n

19、ormal running As a congestion-free network, CN2 ensures premium priority for delivery of all packets in the core,Higher Level of security,Strict uRPF is deployed on all customer access interfaces Loose uRPF is deployed on interconnected interface 網(wǎng)間互連端口 Infrastructure ACLs (iACL) deny external traff

20、ic to ALL routers interfaces address. iACL are deployed on edges and borders of the network. 在Cn2網(wǎng)絡外部接口互連和用戶接口上部署ACL,不允許任何目的Ip地址是CN2網(wǎng)絡,也就是網(wǎng)絡外部任何人不能到達Cn2設備. Infrastructure routes are distribted to internet or customer 隱形網(wǎng)絡設計,也就是在其他網(wǎng)絡上看不見CN2網(wǎng)絡的路由信息 All router access control is manage by AAA servers an

21、d syslog (所有的操作都通過AAA和syslog) QOS technology would be deployed accordingly to reduce the impact of an attack or worm traffic. 通過QOS機制保證高等級業(yè)務不收病毒泛濫等影響,通過QOS控制病毒流量的泛濫,Different class service capability,CN2網(wǎng)絡中QOS技術(shù)的定位 QOS技術(shù)是統(tǒng)一承載網(wǎng)絡內(nèi)部資源分配的手段，從資源占用的角度看，是將統(tǒng)一的IP承載網(wǎng)絡邏輯上分為不同的資源子網(wǎng)。比如3G，軟交換、MPLS VPN、ATM等都可以單獨建網(wǎng)

22、，現(xiàn)在采用IP/MPLS技術(shù)建設一個網(wǎng)絡，容量是所有網(wǎng)絡的疊加，通過QOS技術(shù)分配資源給不同的業(yè)務。如CN2中軟交換和3G語音流量最大可占用50%帶寬資源，Vnet應用最大允許占用帶寬資源小于15。 QOS技術(shù)是網(wǎng)絡故障或者擁塞情況下，實現(xiàn)業(yè)務等級區(qū)分的手段，保證高等級業(yè)務提供。但在正常情況下，目前的QOS技術(shù)不能實現(xiàn)業(yè)務等級的質(zhì)量區(qū)分。 QOS技術(shù)是提高網(wǎng)絡資源利用效率的手段。充分利用IP網(wǎng)絡統(tǒng)計復用的優(yōu)勢，在保證各等級業(yè)務分配資源的前提下，充分利用部分剩余資源。比如軟交換業(yè)務最大優(yōu)先占用50的資源，如果實際的軟交換業(yè)務流量只有20，剩下的30可以被Vnet等其他業(yè)務占用。,Differen

23、t class service capability,CN2 QOS positioning QOS is a technique use to allocate limited network resources to different services. Unlike traditional networks of ATM, Frame Relay, and lease circuit services, CN2 provides an overlay network for all these services. To differentiate the services base o

24、n the class of importance or contract, QOS is the mechanism in place to segregate and allocate network resources to different class of services. Example of a QOS policy: 3G and soft-switch traffic can be allocated with at least 50% of the available bandwidth while Vnet can only consumed a maximum of

25、 15% of the total bandwidth QOS are also positioned for traffic congestion management. Under the unfortunate circumstances of equipment or circuit failures, QOS helps to manage the limited usable network resources to different classes of services. Better resource utilization is expected from deployi

26、ng QOS. Having elastic policy to re-allocate the under utilized resources results in efficient resources utilization.,Different class service capability,CN2 QOS設計思路 CN2采用基于DiffServ架構(gòu)的QOS技術(shù)體系，基于IP Precedence和MPLS EXP標記位最大支持8個業(yè)務等級分類。 CN2網(wǎng)絡初期實際部署5個業(yè)務等級，其中1個等級網(wǎng)絡管理控制使用，1個等級中國電信自身業(yè)務使用，對外提供3個等級的業(yè)務。 在用戶接入端口

27、上部署流量控制、classification 、marking and remarking、shaping等功能 給予不同等級的業(yè)務分配不同的資源冗余: 比如金業(yè)務，配置1:2的資源， 銀業(yè)務配置1:1.5的資源， 銅業(yè)務配置1:1的資源。 由于金的資源冗余比較大，正常情況下由于業(yè)務流量突發(fā)造成的丟包率小于銀和銅。在鏈路故障情況下，金業(yè)務基本不收影響。 采用等級化的快速路由收斂技術(shù)，CN2部署了3個等級的路由收斂。如故障情況下，金業(yè)務路由優(yōu)先收斂，業(yè)務中斷時間最短，其次是銀和銅。,Different class service capability (Cont),QOS design phil

28、osophy CN2 adhere to DiffServ framework base on IP precedence and MPLS EXP Bit classification. Thus offering 8 ? classes of service Initial CN2 service classification is base on 5 basic classes of services. 1 class for network control traffic 1 class for network maintenances and operations 3 classes

29、 for service offering All services are classified, remarked, shaped and rate-limited on the edge of the network to ensure a consistent QOS policy enforcement within the CN2 network Service resource allocation is base on class of service. GOLD class of service would be allocated with 2 times more red

30、undant resources then BRONZE class of service Convergence of prefix varies on the traffic class. Prefixes of a GOLD class of traffic would convergence faster then prefixes of BRONZE class of traffic,Different class service capability,表：CN2金、銀、銅三個等級業(yè)務CN2網(wǎng)絡傳送質(zhì)量指標。,表四：CN2金、銀、銅三個等級業(yè)務CN2網(wǎng)絡可用性相關(guān)指標。,Servic

31、es are enforced and policed on the edges of the network via the SR/PE device. Service comprises of soft-switch, video conference, VPN. Internet, ATM/FR/DDN etc. 所有業(yè)務在邊緣實現(xiàn)，只能通過業(yè)務路由器（SR/PE）接入，包括軟交換、視頻會議、VPN業(yè)務、互連網(wǎng)專線、ATM/FR/DDN業(yè)務接入等等。 To ensure core networks stability and security, service provisioning,

32、 new service deployment and security control are performed on the edge of the network. 業(yè)務升級或者新業(yè)務的增加、安全控制等等只須在邊緣層進行，保證骨干網(wǎng)絡的穩(wěn)定。 The SOLE responsibility of the Core Network is packet switching and forwarding 骨干網(wǎng)絡只負責數(shù)據(jù)轉(zhuǎn)發(fā)，中國電信內(nèi)部網(wǎng)絡網(wǎng)間互連通過骨干網(wǎng)絡，比如城域網(wǎng)互連、IDC等等,All services are Edge Functions,Network Capacity a

33、nd Coverage (by the end of 2005)： CN2 will provide coverage for 199 cities including Hong Kong, Tokyo, Singapore, London, New York, San Jose, Washington etc. with service offering MPLS/VPN and Internet Services. Cn2網(wǎng)絡覆蓋國內(nèi)199個城市，和香港、東京、新加坡、倫敦、法蘭克福、紐約、華盛頓、圣何塞、洛杉磯9個海外節(jié)點，提供國際VPN、Internet接入和網(wǎng)間互連業(yè)務 653 ro

34、uters in total，including 417 P routers，202 PE/SR routers，12 Public RR，and 12 VPN RR 1267 relay links with a total link bandwidth of 4.231T （網(wǎng)內(nèi)中繼電路） Over 800 external interlinkage bandwidth（網(wǎng)間互連電路）with 2.8T （網(wǎng)絡間互連電路，主要是與城域網(wǎng)互連電路） A total customer access link bandwidth of (用戶業(yè)務接入電路)650.62G (不包括軟交換、3G接入帶寬 ),Network Capacity and Coverage,CN2 VPN capability,Support MPLS layer 2/3VPN, RFC2547-based L3 VPN Draft-martini based Ethernet point to point service Ethernet multi point service (Vkompella VPLS) ATM/