中国电信CN2网络介绍.ppt

1、,中国电信下一代承载网络 China telecom Next Carrier Network(CN2）,China Telecom Corporation ,韦乐平 Wei Leping,Challenges Total voice traffic and revenue decreases by the end of 2005. The mobile phone and IP phone calls have cannibalized part of the voice traffic businesses Traditional communication network is unab

2、le to support China Telecoms strategy to become a Integrated Information Service Provider. This is due to its lack of capability in offering value-added service. High OPEX (Operating Expenses) is required for traditional hetergeneous/multiple networks Existing ChinaNet is not a profit generating bus

3、iness Opportunities Acceleration of the Information and Communications Technology (ICT) adoption in government and enterprises would drives the demand for telecom services Adoption of the SIP-based soft-switch technology The impending releases of 3G license Rapid development of the broadband service

4、,Background,Migration of voice service from PSTN to soft-switch-based VoIP technology Preparation for 3G-based mobile services Accelerate the development and application of the broadband services base on xDSL access technology Drive managed service and system integration service Built an Integated I

5、P/MPLS-based multi-service platform CN2,solutions,Philosophy of Building CN2,CN2 strength network topology Scalable routing architecture Highest level of redundancy Highest level of security Different class service All services have edge functionality End to end control and managment,Homogeneous Glo

6、bal Architecture Single Global ASN(AS4809) IP Layer Redundancy Drives Accountability ISIS level2-only with sub-second convergence Diffserv-based QOS enabled network MPLS and multicast enabled network MPLS FRR with sub-50ms reroute Robust Architecture Allows for Unsurpassed Stability Offer Layer-2/3

7、over IP or MPLS Leading SLAs via Zero Loss & Speed of Light Delays 6PE-based IPV6 ready Offer Layer-2/3 over IP or MPLS Leading SLAs via Zero Loss & Speed of Light Delays End to end service provision and fault management,CN2 Strength,Simple Network Topology,CN2 comprises of two functional planes and

8、 four structural layers to offer a seamless connectivity for customers. CN2网络包括2个网络功能层面和4个网络结构层次，实现承载和业务提供相对独立 The two functional planes are high speed data forwarding plane and service provisioning plane 2个功能层面分别是高速转发层和业务提供层 The four structural layers are core layer, aggregation layer, edge layer a

9、nd services connecting layer 4个结构层次指核心层、汇聚层、边缘层和业务接入层 The high speed data forwarding plane and service offering plane is supported by 4 and 1 vendors respectively. This is to ensure minimum service disruption and better edge services control. 高速转发层包括4个厂家设备，业务提供层1个厂家。减少业务互通障碍，保证业务提供，边缘业务管理。,Core,Aggr

10、egation,Edge,Service,高速转发层,业务接入层,SR/PE,SR/PE,SR/PE,Simple Network Topology(cont),IP/MPLS Network All-Optical，Dense Wave Division Multiplexing (DWDM) SONET/SDH framing Per flow load-sharing and fail-over load-sharing with ISIS MPLS is enabled with traffic to the PE Loopback is tagged. Hence, only VPN

11、 traffic is encapsulated in MPLS, all others is transported native IP,MPLS,SONET FRAMING,DWDM,IP,IP,Scalable route architecture,To ensure networks scalability and security, only infrastructure address blocks are redistributed into the IS-IS (IGP) routing table. Non-infrastructure addresses are redis

12、tributed in BGP. Keeping the IS-IS routing table to a minimum would greatly enhance the network stability. 只有中继链路地址和管理地址通过ISIS,其他路由通过BGP,控制IGP路由表的条目,保证网络设备和链路数量的扩展性. Single Global ASN (AS4809), CN2 have two type Route reflector VPN RR for RFC2547-based VPN service,(VRR) Global RR for internet servic

13、e(GRR) VPN RR is independent of global RR, both use one level Route Reflector(RR) (VRR和GRR是独立设置的,各自专用的) BGP Communities are deployed for routes control and netflow-based traffic monitor Global iBGP: Scaling the Global Internet Routing Table involve the increase in the number of GRR group. 通过增加并列的GRR

14、组来分担部分public 路由处理,这样具有很大的扩展性. VPN iBGP: Likewise, scaling the VPN routing Table involve the increase of VRR group. Example, VPN1-500 is handled by VRR-G1 while VPN501-1000 can be handled by VRR-G2 通过增加并列的VRR组来分担部分VPN路由表的处理,比如VPN1-500的路由表有G1转发,VPN501-1000通过G2转发. 通过以上两种设计解决网络路由表的扩展性.,Scalable route ar

15、chitecture (Cont),Full mesh Peers,Full mesh Peers,Internet,GRR1,GRR2,GRR3,GRR4,Client,Client,Client,Client,Group 1 for part1 routes,Group 2 for Part2 routes,Internet,EBGP,EBGP,iBGP architecture for global routes,Scalable route architecture (Cont),Full mesh Peers,Full mesh Peers,VRR1,VRR2,VRR3,VRR4,C

16、lient,Client,Client,Client,Group 1 for VPN 1-500 routes,PE,PE,PE,PE,Group 2 for VPN 501-1000 routes,iBGP architecture for VPN routes,Highest Level of redundancy,All network links are deployed in pairs over diverse facilities Only POS interface are used on backbone interconnection to facilitate faste

17、r failures detection All network links are active (NOT working and protect) Each PoPs router pair is connected by multiple routers. Link failure protection is the function of IS-IS (layer 3 control) and would not be carried out on transport layer (layer 2 control) (不依赖SDH或者DWDm的传输层保护) IS-IS routing

18、protocol Per flow load sharing between dual pairs Fail-over load sharing Sub-second fast convergence for gold service Three priority LSP flooding and FIB update MPLS FRR 1:1 mode FRR is deployed in core layer for 50 links Sub-50ms reroute time Built to maintain utilization not to exceed 50% during n

19、ormal running As a congestion-free network, CN2 ensures premium priority for delivery of all packets in the core,Higher Level of security,Strict uRPF is deployed on all customer access interfaces Loose uRPF is deployed on interconnected interface 网间互连端口 Infrastructure ACLs (iACL) deny external traff

20、ic to ALL routers interfaces address. iACL are deployed on edges and borders of the network. 在Cn2网络外部接口互连和用户接口上部署ACL,不允许任何目的Ip地址是CN2网络,也就是网络外部任何人不能到达Cn2设备. Infrastructure routes are distribted to internet or customer 隐形网络设计,也就是在其他网络上看不见CN2网络的路由信息 All router access control is manage by AAA servers an

21、d syslog (所有的操作都通过AAA和syslog) QOS technology would be deployed accordingly to reduce the impact of an attack or worm traffic. 通过QOS机制保证高等级业务不收病毒泛滥等影响,通过QOS控制病毒流量的泛滥,Different class service capability,CN2网络中QOS技术的定位 QOS技术是统一承载网络内部资源分配的手段，从资源占用的角度看，是将统一的IP承载网络逻辑上分为不同的资源子网。比如3G，软交换、MPLS VPN、ATM等都可以单独建网

22、，现在采用IP/MPLS技术建设一个网络，容量是所有网络的叠加，通过QOS技术分配资源给不同的业务。如CN2中软交换和3G语音流量最大可占用50%带宽资源，Vnet应用最大允许占用带宽资源小于15。 QOS技术是网络故障或者拥塞情况下，实现业务等级区分的手段，保证高等级业务提供。但在正常情况下，目前的QOS技术不能实现业务等级的质量区分。 QOS技术是提高网络资源利用效率的手段。充分利用IP网络统计复用的优势，在保证各等级业务分配资源的前提下，充分利用部分剩余资源。比如软交换业务最大优先占用50的资源，如果实际的软交换业务流量只有20，剩下的30可以被Vnet等其他业务占用。,Differen

23、t class service capability,CN2 QOS positioning QOS is a technique use to allocate limited network resources to different services. Unlike traditional networks of ATM, Frame Relay, and lease circuit services, CN2 provides an overlay network for all these services. To differentiate the services base o

24、n the class of importance or contract, QOS is the mechanism in place to segregate and allocate network resources to different class of services. Example of a QOS policy: 3G and soft-switch traffic can be allocated with at least 50% of the available bandwidth while Vnet can only consumed a maximum of

25、 15% of the total bandwidth QOS are also positioned for traffic congestion management. Under the unfortunate circumstances of equipment or circuit failures, QOS helps to manage the limited usable network resources to different classes of services. Better resource utilization is expected from deployi

26、ng QOS. Having elastic policy to re-allocate the under utilized resources results in efficient resources utilization.,Different class service capability,CN2 QOS设计思路 CN2采用基于DiffServ架构的QOS技术体系，基于IP Precedence和MPLS EXP标记位最大支持8个业务等级分类。 CN2网络初期实际部署5个业务等级，其中1个等级网络管理控制使用，1个等级中国电信自身业务使用，对外提供3个等级的业务。 在用户接入端口

27、上部署流量控制、classification 、marking and remarking、shaping等功能 给予不同等级的业务分配不同的资源冗余: 比如金业务，配置1:2的资源， 银业务配置1:1.5的资源， 铜业务配置1:1的资源。 由于金的资源冗余比较大，正常情况下由于业务流量突发造成的丢包率小于银和铜。在链路故障情况下，金业务基本不收影响。 采用等级化的快速路由收敛技术，CN2部署了3个等级的路由收敛。如故障情况下，金业务路由优先收敛，业务中断时间最短，其次是银和铜。,Different class service capability (Cont),QOS design phil

28、osophy CN2 adhere to DiffServ framework base on IP precedence and MPLS EXP Bit classification. Thus offering 8 ? classes of service Initial CN2 service classification is base on 5 basic classes of services. 1 class for network control traffic 1 class for network maintenances and operations 3 classes

29、 for service offering All services are classified, remarked, shaped and rate-limited on the edge of the network to ensure a consistent QOS policy enforcement within the CN2 network Service resource allocation is base on class of service. GOLD class of service would be allocated with 2 times more red

30、undant resources then BRONZE class of service Convergence of prefix varies on the traffic class. Prefixes of a GOLD class of traffic would convergence faster then prefixes of BRONZE class of traffic,Different class service capability,表：CN2金、银、铜三个等级业务CN2网络传送质量指标。,表四：CN2金、银、铜三个等级业务CN2网络可用性相关指标。,Servic

31、es are enforced and policed on the edges of the network via the SR/PE device. Service comprises of soft-switch, video conference, VPN. Internet, ATM/FR/DDN etc. 所有业务在边缘实现，只能通过业务路由器（SR/PE）接入，包括软交换、视频会议、VPN业务、互连网专线、ATM/FR/DDN业务接入等等。 To ensure core networks stability and security, service provisioning,

32、 new service deployment and security control are performed on the edge of the network. 业务升级或者新业务的增加、安全控制等等只须在边缘层进行，保证骨干网络的稳定。 The SOLE responsibility of the Core Network is packet switching and forwarding 骨干网络只负责数据转发，中国电信内部网络网间互连通过骨干网络，比如城域网互连、IDC等等,All services are Edge Functions,Network Capacity a

33、nd Coverage (by the end of 2005)： CN2 will provide coverage for 199 cities including Hong Kong, Tokyo, Singapore, London, New York, San Jose, Washington etc. with service offering MPLS/VPN and Internet Services. Cn2网络覆盖国内199个城市，和香港、东京、新加坡、伦敦、法兰克福、纽约、华盛顿、圣何塞、洛杉矶9个海外节点，提供国际VPN、Internet接入和网间互连业务 653 ro

34、uters in total，including 417 P routers，202 PE/SR routers，12 Public RR，and 12 VPN RR 1267 relay links with a total link bandwidth of 4.231T （网内中继电路） Over 800 external interlinkage bandwidth（网间互连电路）with 2.8T （网络间互连电路，主要是与城域网互连电路） A total customer access link bandwidth of (用户业务接入电路)650.62G (不包括软交换、3G接入带宽 ),Network Capacity and Coverage,CN2 VPN capability,Support MPLS layer 2/3VPN, RFC2547-based L3 VPN Draft-martini based Ethernet point to point service Ethernet multi point service (Vkompella VPLS) ATM/