Philosophy of Building CN2
China Telecom Corporation
http://www.chinatelecom.com.cn
Xu Jianfeng
ChallengesTotal voice traffic and revenue decreases by the end of 2005.
The mobile phone and IP phone calls have cannibalized part of the voice traffic businesses
Traditional communication network is unable to support China Telecom’s strategy to become a Comprehensive Information Service Provider. This is due to its lack of capability in offering value-added service and service awareness on a unified network.
High OPEX (Operating Expenses) is required for operating separate networks in a tradition way
The existing ChinaNet is not best choice for NGN, 3G, VPN and other strict SLA demanding services
OpportunitiesAcceleration of the Information and Communications Techn
ology (ICT) adoption in government and enterprises would drives the demand for telecom services
Adoption of the SIP-based soft-switch technologyThe impending releases of 3G licenseRapid development of the broadband serviceFix and Mobile Convergence ( FMC )
Background
Migration of voice service from PSTN network to IP-based networkPreparation for 3G-based mobile servicesAccelerate the development and deployment of the broadband services base on xDSL access technologyDrive managed service and system integration serviceTriple play services and future IP NGN convergence including network convergence, service convergence and application convergence
Built an Integrated IP/MPLS-based multi-service platform — CN2
CN2 : China telecom Next Carrier Network
Solutions
Philosophy of Building CN2
Simple network topology
Scalable routing architecture
Highest level of redundancy
Highest level of security
Different class service
Day one support for voice , video and data
End to end control and management
Homogeneous Global ArchitectureSingle Global ASN(AS4809) ISIS level2-only with sub-second convergenceMPLS FRR with sub-50ms reroute Robust Architecture Allows for Unsurpassed StabilityDiffserv-based QOS 、 MPLS and multicast enabled network6PE-based IPV6 networkOffer Layer-2/3 public/private flexible connectivity over IP or MPLSLeading SLAs via Zero Loss & Speed of Light DelaysFast automated end to end service provision and fault management utilizing industry leading IP service management solutions, help to greatly reduced OPEX and accelerate service deploymentEnd to end IP SLA monitoring tool make CN2 a true carrier class network
CN2 Strength
Simple Network TopologyCN2 comprises of two functional planes and four structural layers to offer a seamless connectivity for customers.
The two functional planes are high speed data forwarding plane and service provisioning planeThe four structural layers are core layer, aggregation layer, edge layer and services connecting layerThe high speed data forwarding plane and service offering plane is supported by 4 and 1 vendors respectively. This is to ensure minimum service disruption and better edge services control.
Core Core
Aggregation Aggregation
Edge Edge
Service Service
高速转发层业务接入层
SR/PESR/PE
SR/PESR/PE
SR/PESR/PE
Simple Network Topology(cont)
IP/MPLS Network
All-Optical , Dense Wave Division Multiplexing (DWDM)
SONET/SDH framing
Per flow load-sharing and fail-over load-sharing with ISIS
MPLS is enabled on all network with VPN traffic encapsulated in MPLS and others transported in native IP MPLS
SONET FRAMING
DWDM
IP
IP
Scalable route architecture
To ensure network’s scalability and security, only infrastructure address blocks are redistributed into the IS-IS (IGP) routing table. Non-infrastructure addresses are redistributed in BGP. Keeping the IS-IS routing table to a minimum would greatly enhance the network stability. Single Global ASN (AS4809)BGP Communities are deployed for routes control and netflow-based traffic monitor CN2 have two type Route reflector
VPN RR for RFC2547-based VPN service,(VRR)Global RR for global internet routing(GRR)
VPN RR is independent of global RR, both use one level Route Reflector(RR)Global iBGP: Scaling the Global Internet Routing Table involve the increase in the number of GRR group,each group handles a part of global routes.VPN iBGP: Likewise, scaling the VPN routing Table involve the increase of VRR group. Example, VPN1-500 is handled by VRR-G1 while VPN501-1000 can be handled by VRR-G2
Scalable routing architecture (Cont)
Full mesh Peers Full mesh Peers
Internet
GRR1 GRR2 GRR3 GRR4
Client
Client Client
Client
Group 1 for part1 routes Group 2 for Part2 routes
Internet
Send Part 2 routes to G2
Send Part 1 routes to G1
Receive Part 1 routes from G1
Receive Part 2 routes from G2
EBGP EBGP
Scaling the Global Internet Routing Table
Scalable route architecture (Cont)
Full mesh Peers Full mesh Peers
VRR1 VRR2 VRR3 VRR4
Client
Client Client
Client
Group 1 for VPN 1-500 routes
Send/ receive VPN1 routes to/from G1
PE PEPEPE
Group 2 for VPN 501-1000 routes
Send/ receive VPN501 routes to/from G2
scaling the VPN routing Table
Highest Level of redundancy
All network links are deployed in pairs over diverse facilitiesOnly POS interface are used on backbone link to do faster link failures detectionAll network links are active (NOT working and protect)Each PoP’s router pair is connected by multiple routers. Link failure protection is done through IS-IS (layer 3 control) and not dependent on transport layer (layer 2 control) IS-IS routing protocol
Per flow load sharing between dual pairsFail-over load sharingSub-second fast convergence for gold serviceThree priority LSP flooding and FIB update
MPLS FRR1:1 mode FRR is deployed in core layer for 50 linksSub-50ms reroute time
Built to maintain utilization not to exceed 50% during normal runningAs a congestion-free network, CN2 ensures premium priority for delivery of all packets in the core
Higher Level of security
Strict uRPF is deployed on all customer access interfacesLoose uRPF is deployed on interconnected interfaceInfrastructure ACLs (iACL) deny external traffic to ALL routers interfaces address. iACL are deployed on edges and borders of the network. No one outside network can reach routersInfrastructure routes are not distributed to internet or customerAll router access control is managed by AAA servers and syslogQOS technology would be deployed accordingly to reduce the impact of an attack or worm traffic. All customer facing routers interfaces do not have IGP turn on. When EBGP are deployed on these interfaces, BGP MD5 hash must be configured
Differentiated class service capability
CN2 QoS positioning QoS is used to allocate limited network resources to different services. Unlike traditional networks of ATM, Frame Relay, and lease circuit services, CN2 provides an uniform network for all these services. To differentiate the services based on the class of importance or contract, QdS is the mechanism in place to segregate and allocate network resources to different class of services.
Example of a QoS policy: 3G and soft-switch traffic can be allocated with at least 50% of the available bandwidth while Vnet can only consume a maximum of 15% of the total bandwidth
QoS are also positioned for traffic congestion management. Under the accidental circumstances of equipment or circuit failures, QoS helps to manage the limited usable network resources to different classes of services.Better resource utilization is expected from deploying QoS. Having elastic policy to re-allocate the under-utilized resources results in efficient resources utilization.
Differentiated class service capability (Cont)
QoS design philosophyCN2 adhere to DiffServ framework based on IP precedence and MPLS EXP Bit classification. Thus offering 8 classes of serviceInitial CN2 service classification is base on 5 basic classes of services.
1 class for network control traffic1 class for CT internal service3 classes for service offering
All services are classified, remarked, shaped and rate-limited on the edge of the network to ensure a consistent QOS policy enforcement within the CN2 network Service resource allocation is based on class of service. GOLD class of service would be allocated with 2 times more redundant resources than BRONZE class of serviceConvergence of prefix varies on the traffic class. Prefixes of a GOLD class of traffic would converge faster than prefixes of BRONZE class of traffic
Different class service capability
CN2 SLA
平均故障切换时间(s)
最大故障切换时间(s)
中断总时长(分钟/ 月)
中断时长(分钟 /次)
故障次数(次 /月)
月可用性 (%)
金业务 <3 <8 5 <5 <1 99.99
银业务 <15 <20 10 <5 <2 99.98
铜业务 <25 <45 15 <5 <3 99.95
QOS 标记 丢包率(%)
MTU(byte)
平均延时( ms )
最大延时(ms)
抖动 (ms)
金业务 5 0.05 1500 30 45 <2
银业务 3 0.1 1500 35 60 <5
铜业务 2 1 1500 40 75 <10
Services are enforced and policed on the edges of the network via the SR/PE device. Service comprises of soft-switch, video conference, VPN, Internet, ATM/FR/DDN etc.
To ensure core network’s stability and security, service provisioning, new service deployment and security control are performed on the edge of the network..
The SOLE responsibility of the Core Network is packet switching and forwarding
All services are Edge Functions
IP/MPLS platform
IPSecVPN
ATM/FR
broadbandaccess
SDH/DD
Corporate Dial
MPLS L3 VPN
QOS edge
Integrated VPN
PE
P P
PE
PE
PE
PE
P
PP
P
PP
PE
PE
PEPE
PE
PE
PE
PE
MPLS L2 VPN
AoMPLS
Network Capacity and Coverage (by the end of 2005) :
CN2 will provide coverage for 208 cities including Hong Kong, Tokyo, Singapore, London, New York, San Jose, Washington etc. with service offering MPLS/VPN and Internet Services.671 routers in total , including 439 P routers , 208 PE/SR routers , 12 Public RR , and 12 VPN RR1267 relay links with a total link bandwidth of 4.231TOver 800 external interlinkage with a total bandwidth of 2.8TA total customer access link bandwidth of 650.62GCN2 uses Cisco 12416 with E3&SIP line cards as PE routers exclusively to ensure a consistent connectivity and configuration management. This would reduce equipment interoperation issue as well as the speed of problem resolution.
Network Capacity and Coverage
CN2 service capability
Support MPLS layer 2/3 VPNL3 VPN(RFC2547)Ethernet point to point service(Draft-martini)Ethernet multi point service (Vkompella VPLS)ATM/FR over MPLS
Support 3 classes of service. GOLD, SILVER and BRONZE.Support internet & VPN services with SDH 、 Ethernet/VLAN 、ATM/FR/DDN 、 L2TPv3, pseudo-wired accessSupport network wide multicasts of 600 groups,1.2Gbps end to end multicast trafficSupport network wide 6PE-based IPv6 with wire speed CN2 uses Cisco 12416 with E3&SIP line cards as PE routers exclusively to ensure a consistent connectivity and configuration management. This would reduce equipment interoperation issue as well as the time of problem resolution, thus be more agile in time to market.
再见