1
MATHEMATICAL EVOLUTIONS FOR RISK MANAGEMENT: THETARAY ANOMALY DETECTION ALGORITHMS ARE A GAME CHANGER
0100110001101111011100100110010101101101001000000110100101110000011100110111010101101101001000000110010001101111011011000110111101110010001000000111001101101001011101000010000001100001011011010110010101110100001011000010000001100011011011110110111001110011011001010110001101110100011001010111010001110101011100100010000001100001011001000101001100011011110111001001100101011011010010000001101001011100000111001101110101011011010010000001100100011011110110110001101111011100100010000001110011011010010111010000100000011000010110110101100101011101000010110000100000011000110110111101101110011100110110010101100011011101000110010101110100011101010111001000100000011000010110010001 0100110001101111011100100110010101101101001000000110100101110000011100110111010101101101001000000110010001101111011011000110111101110010001000000111001101101001011101000010000001100001011011010110010101110100001011000010000001100011011011110110111001110011011001010110001101110100011001010111010001110101011100100010000001100001011001000101001100011011110111001001100101011011010010000001101001011100000111001101110101011011010010000001100100011011110110110001101111011100100010000001110011011010010111010000100000011000010110110101100101011101000010110000100000011000110110111101101110011100110110010101100011011101000110010101110100011101010111001000100000011000010110010001010011000110111101110010011001010110110100100000011010010111000001110011011101010110110100100000011001000110111
MPLS-TP FOR MISSION-CRITICAL
NETWORKS
2
MAINTAINING TDM PERFORMANCE OVER PACKET NETWORKS
Mission-critical communication networks serve strategic national assets. Energy (electricity, Gas & Oil, nuclear),
transportation, water, government agencies and military organizations are all considered critical infrastructures. The key
attributes for their communication networks are reliability, resiliency, and security. Therefore, it is not surprising that they
would try to avoid any change from the highly-trusted TDM-based infrastructure to a new packet-based one. However,
this shift is inevitable, since TDM-based communication equipment is reaching its end-of-life state and is becoming too
expensive to maintain.
The inevitable move to packet poses new challenges to strategic industries. These include increased security threats,
higher network complexity, and above all, maintaining TDM-predictable and deterministic performance over the packet
infrastructure.
MPLS-TP (MPLS Transport Profile) is the most widely accepted
technology as the successor for maintaining TDM transport
attributes. In this paper, we will outline the key differences between
MPLS-TP and IP/MPLS, with special focus on the implications for
mission-critical networks. We will present the features that are
common to the two technologies that make them interoperable.
The paper will also indicate which features were discarded and
which functionalities were added to maintain TDM performance
attributes over the packet infrastructure. Ultimately, we can see that
MPLS-TP and IP/MPLS are complementary—not competing—
technologies.
3
RELIABILITY enables end-user services to run on transport
layers that comply with stringent resiliency and
recovery constraints.
SCALABILITY
enables the coordination of subscribers, service
providers, and operators to achieve Carrier-Ethernet
based data connectivity between multiple subscriber
sites across multiple operator networks.
Ethernet has been the standard packet technology in the LAN. Therefore, it was the natural choice for service
providers who want to expand packet technology to the WAN. However, native Ethernet has a number of weaknesses
that disqualify it from maintaining carrier-grade quality. Many of them are rooted in the connectionless nature of the
technology, which does not support deterministic behavior. As a result, native Ethernet performs restoration relatively
slowly, has limited scalability, cannot guarantee performance parameters, and does not support service management. To
address these issues, MEF (Metro Ethernet Forum) defined a new class of Ethernet— Carrier Ethernet—which features
five key attributes:
FROM NATIVE ETHERNET TO CARRIER ETHERNET
STANDARDIZED SERVICES enables the coordination of subscribers, service providers,
and operators to achieve Carrier-Ethernet based data
connectivity between multiple subscriber sites across
multiple operator networks.
SERVICE MANAGEMENT enables service providers to roll out, maintain, and
troubleshoot data-connectivity services in a
cost-effective and timely manner.
QUALITY OF SERVICE enables a single network to run multiple services to
multiple end-users, running a wide variety of applications
with different bandwidth and latency requirements. It
also provides the required tools to ensure that services
maintain performance requirements according to Service
Level Specifications (SLS).
CARRIER
ETHERNET
When MEF defined the attributes for Carrier Ethernet compliance,
it did not define the implementation method.
4
MPLS (MULTI-PROTOCOL LABEL SWITCHING)
MPLS-TP (MPLS TRANSPORT PROFILE)
MPLS-TP AND IP/MPLS COMPARISON
Standardized by the IETF, MPLS is a scalable protocol-agnostic mechanism designed to carry circuit and packet traffic
over virtual circuits, known as Label Switched Paths (LSPs). MPLS makes packet-forwarding decisions, based on the
contents of the label, without examining the packet payload and is considered as a layer between the traditional definitions
of Layer 2 and Layer 3.
MPLS (also known as IP/MPLS) was originally developed to facilitate packet forwarding by using label switching. It also
has additional attributes, like connection establishment, improved network resiliency, and OAM functions. These all
help overcome some of native Ethernet transport shortcomings. However, MPLS has several major deficiencies when
implemented in transport networks. These deficiencies became the drive for the development of the MPLS Transport
Profile (MPLS-TP).
MPLS-TP is the result of a joint effort by IETF and ITU-T. The drive behind it is to overcome the drawbacks of IP/MPLS
when used for metro transport networks.
MPLS-TP is a simplified version of IP/MPLS that is optimized for transport networks. MPLS-TP is both a subset and an
extension of IP/MPLS. The basic label-based packet forwarding is retained. However, some of the complex
IP/MPLS functionalities that do not support deterministic performance or that are not connection-oriented were
removed. Also, other transport features to facilitate operation and visibility were added. As a result,
MPLS-TP is strictly connection-oriented and does not rely on IP forwarding or routing. Nevertheless, MPLS-TP and IP/
MPLS are interoperable, enabling their use within the same network.
MPLS-TP key objectives are:
• To enable MPLS deployment in a transport network and
to operate in a similar manner to existing TDM transport
technologies (SDH/SONET)
• To enable MPLS support of packet transport services with a
similar degree of predictability, reliability, and OAM to that of
existing transport networks.
5
COMMON FEATURES
MPLS-TP and IP/MPLS share some key functionality.
MULTI-PROTOCOL
MPLS is L2-protocol independent and, therefore, is agnostic to the underlying transport protocols. In addition, using a
mechanism called pseudowire (PW), it is also agnostic to services running on top of it. MPLS PW is a mechanism that
emulates the essential attributes of a native service, while transporting over a packet switched network. With MPLS PW,
native services like ATM, Frame Relay, PDH, SONET/SDH, Ethernet, and others, are tunneled through the packet
network. Multi-protocol support is well suited to the mixed-technology environment of mission-critical networks (like
TDM-based SCADA and packet-based SCADA) and allows gradual and controlled transition.
LABEL SWITCHING
In traditional IP routing, each router makes independent routing decisions and determines the next hop, based on its
routing table. With MPLS, on the other hand, a path (LSP) from the source to the final destination is predetermined and
a “label” is applied to it.
The first device in the path adds the MPLS label. Subsequent devices along the path use this label to route the traffic,
without any additional IP lookups. The label switching process is considered faster and simpler to implement than routing.
The final destination device removes the label and the packet is delivered via normal IP routing, in the case of IP service.
6
ADDED FEATURES
In order to maintain TDM-like deterministic performance, visibility and control, several features
that do not exist in IP/MPLS were added in MPLS-TP.
These additional features or modifications of existing IP/MPLS features are divided into four responsibilities:
CONTROL PLANE
for label distribution and LSP setup
OAM
for monitoring and
troubleshooting
information
PROTECTION AND
RESILIENCY
for maintaining undisrupted
service
DATA PLANE
for packet forwarding
DATA PLANE
Bidirectional LSPs
A key difference between MPLS-TP and IP/MPLS involves the LSP. IP/MPLS uses unidirectional LSPs. This means that
traffic from A to B and from B to A can follow different paths. MPLS-TP on the other hand, uses bidirectional LSPs,
meaning that traffic in both directions uses exactly the same path.
Bidirectional LSPs are required for deterministic performance. They simplify network operation and provide easier SLA
control.
7
Teleprotection Example
Teleprotection systems detect faults in the power grid and use circuit breakers to prevent them from affecting larger
parts of the grid. Fast failure detection and rapid reaction of the teleprotection systems are critical for operating and
maintaining a robust and reliable electric grid.
Many teleprotection systems base their operation on the exchange of data, via the communication channel between
the teleprotection relays on either side of the power line. Clearly, a teleprotection system’s proper operation is highly
dependent upon the communication channel that delivers information sent from both sides of the protected line.
Therefore, it is critical to maintain low and symmetric latency and jitter over the communication channel.
1588v2 Synchronization Example
Packet technologies (unlike synchronous SONET/SDH technologies), lack inherent synchronization. Mission-critical
networks rely on accurate timing and synchronization in a wide range of applications. These include:
• CES (Circuit Emulation) – delivering TDM services (SCADA, E1/T1, SDH/SONET) from TDM based edge
equipment over packet transport Synchronous Phasor Measurement (Synchrophasors) - synchronized measurements
of the electrical waves at various locations in the power system are used to provide better visibility and control of the
power grid
• Control IEDs (Intelligent Electronic Devices) – time synchronization is required for accurate analysis of time-
events recorded by the IEDs.
• Teleprotection – accurate time stamps on measurements taken on both sides of the protected line, as described
above.
The two common techniques being used to provide synchronization over packet are Synchronous Ethernet and 1588v2.
In a mission-critical environment, usually only 1588v2 supports the required accuracy. In addition, since unlike SyncE,
1588v2 requires support by only the two end points, it easier to implement within a brown field environment. 1588v2 is
Timing over Packet (ToP) technique based on back-and-forth exchange of time/stamp information. Being a packet-
based technique, the packets that carry the timing information compete with all other data services and routing protocol
information for network resources. Thus, they are impacted by the network traffic load. The key factor that affects the
synchronization performance over packet is the Packet Delay Variation (PDV). This is the variation in the transfer delay of
the packet. Once again, it is evident that proper synchronization performance can only be guaranteed with deterministic,
bidirectional MPLS-TP LSPs.
MPLS-TP deterministic performance (latency, jitter, timing) and
bidirectional LSPs for symmetric communication are best suited to
meet these requirements.
8
CONTROL PLANE
Management/Control and Data Plane Separation
IP/MPLS does not separate between control and data planes. With MPLS-TP, the management/control plane is totally
isolated from the data plane.
The importance of total separation is that a failure in the management/control plane cannot impact the traffic. The result
is a much more robust, reliable and secure network.
OAM (OPERATION ADMINISTRATION AND MAINTENANCE)
OAM includes all connectivity verification tools for checking PW and LSP integrity. With IP/MPLS, OAM data is
transmitted out-of-band and might not take the same path as data traffic.
With MPLS-TP, as with SDH/SONET, OAM is carried with the user traffic within the MPLS-TP frame using G-Ach
(Generic Associated Channel).
In-band OAM ensures transport-like operation, supporting the connection-oriented concept. Moreover, MPLS-TP
OAM proactive monitoring triggers fast switch-to-protection. This enables faster troubleshooting and makes the network
performance more predictable.
PROTECTION
With IP/MPLS, sub-50 msec convergence cannot be guaranteed when using the LDP signaling protocol. A Fast Reroute
(FRR) protection scheme that can guarantee sub-50 msec switch-to-protection for ring topology, requires the RSVP-TE
signaling protocol. This is not scalable in large networks and does not fit all topologies
With MPLS-TP, sub-50 msec switch-to-protection is guaranteed for any network topology, using hardware-based
proactive OAM, static FRR provisioning, and a variety of protection schemes.
Guaranteed sub-50 msec mission-critical grade switch-to-protection is essential for maximum network availability and
undisrupted service continuity.
9
DISCARDED FEATURES
The discarded section refers to the features or mechanisms used by IP/MPLS, but not by
MPLS-TP. As a rule, all features and mechanisms that are not used by MPLS-TP do not comply
with the connection-oriented nature of transport networks, and therefore, impair predictable
deterministic performance.
PHP (Penultimate Hop Popping)
PHP, used by IP/MPLS, removes the MPLS label one node before the egress node, to minimize router processing.
Removing the outer label makes MPLS-TP OAM invalid and protection schemes are unable to function. In addition, PHP
assumes traffic is IP, which is not necessarily the case. This is why MPLS-TP doesn’t use PHP.
LSP Merge
LSP merge means that two or more LSPs (with the same destination) are merged to use the same MPLS label. This
reduces the number of labels used in the network. LSP merge causes loss of source information, which prevents the
original LSPs from being monitored end-to-end. Therefore, it is not used by MPLS-TP.
ECMP (Equal Cost Multiple Path)
ECMP allows a traffic split within the same LSP over multiple LSPs with the same cost. This results in different packets
taking different paths. ECMP is not deterministic and contradicts the concept of connection-oriented operation.
Therefore, it is not used by MPLS-TP.
Control Plane
While LSP is a network-wide path, the label value is local and can be changed along the way. MPLS signaling protocol is
used to map LSPs to specific label values:
• Label Distribution Protocol (“LDP”) - simple non-constrained protocol (no traffic engineering support).
• Resource Reservation Protocol with Traffic Engineering (“RSVP-TE”) – more complex protocol with more overhead,
which includes support of traffic-engineering via network resource reservation.
IP/MPLS is strictly dependent upon control plane protocols. Traffic engineering (TE) and FRR, which are supported only
by RSVP-TE protocol, are complex and do not scale well for large networks.
MPLS-TP does not require any control plane protocols for its
operation. LSPs and pseudowires can be provisioned statically using
a Network Management System (NMS). This is the same way it is
already implemented on the legacy TDM-based transport network.
Eliminating the control plane and using central control provides all fast reroute and traffic engineering features, without
the complications of running a distributed control plane in every network element. The result is CAPEX and OPEX
savings.
10
MPLS-TP, on the other hand, scales easily. Eliminating the need to
manage complex routing tables. It keeps NEs simple and cost-effective
and the centralized multiprocessor servers (NMS) scale easily, as
required.
The use of a distributed control plane by IP/MPLS requires substantial processing power and memory to run control
plane protocols on every NE. This affects cost, power consumption, and stability. Managing a large number of routing
tables requires expert IP routing knowledge and is an operational challenge, especially for large-scale networks.
11
COMPLEMENTARY OR COMPETING?
Clearly, MPLS-TP overcomes IP/MPLS transport gaps, making it a better fit for mission-critical operational networks.
However, IP/MPLS’s facilitates operation in a dynamic environment and is commonly used at the core of the networks.
ECI’s Elastic MPLS supports both MPLS-TP and IP/MPLS from the same network element, including signaling gateway
functionality between the two protocols. Elastic MPLS enables the use of the best-suited technology for each network
domain, without being forced to use the same technology across the entire network. It is likely that seamless interworking
provided by Elastic MPLS will be compulsory, since IP/MPLS is commonly used at the core of the network and in IT
networks that are separated from the operational networks. Conversely, MPLS-TP is best suited whenever deterministic
performance and full visibility and control are required.
With the Neptune product line, you enjoy the best of two worlds, with flexible and risk-free MPLS implementation.
With the Neptune product line, you enjoy the best of two worlds, with
flexible and risk-free MPLS implementation.
12
MPLS-TP and IP/MPLS are complementary technologies, each having
unique characteristics better suited to different network domains and
requirements.
Combining packet efficiency with mission-critical grade performance,
MPLS-TP is the best fit for packet-based mission-critical operational
networks.
Since IP/MPLS is typically used in other network domains, a gateway
functionality between IP/MPLS and MPLS-TP, like the one provided by
ECI’s Elastic MPLS, enhances the adoption of MPLS-TP in mission-critical
networks.
Contact us to discover how ECI ensures risk-free and future-proof transition to packet.
ABOUT ECI
ECI is a global provider of ELASTIC network solutions to CSPs, utilities as well as data center operators. Along
with its long-standing, industry-proven packet-optical transport, ECI offers a variety of SDN/NFV applications,
end-to-end network management, a comprehensive cyber security solution, and a range of professional services.
ECI's ELASTIC solutions ensure open, future-proof, and secure communications. With ECI, customers have the
luxury of choosing a network that can be tailor-made to their needs today – while being flexible enough to evolve
with the changing needs of tomorrow. For more information, visit us at w w w.e c i t e l e .c o m