Professional Documents
Culture Documents
Broadband Network Architecture: Jan Martijn Metselaar
Broadband Network Architecture: Jan Martijn Metselaar
Winitu Consulting
Klipperaak 2d
2411 ND Bodegraven
slide
The Netherlands
Broadband Services
slide 2
Current broadband services over FTTH networks
! Internet access
! Unicast IP (Duh…)
! Television
! IP unicast for video-on-demand
! IP multicast for broadcast television (the ‘default’
package of 50 channels)
! Telephony
! SIP signaling, RTP for transport
slide 3
Network Architecture – Layered model
! Access
! Lots of individual connections
! Focus on physical aggregation of lines
! Security
! Distribution
! Connection towards access layer
! Focus on logical aggregation of connections
! Route summarization
! Core
! Connection towards the distribution layer
! Focus on traffic volume
! No identification of individual connections
slide 4
Network
Architecture
–
Layered
model
Service Service
provider 1 provider 2
metro
access
slide 5
Discussion
slide 6
Network Architecture – Ethernet as uniform transport protocol
Leased line
ATM
Frame Relay
Ethernet
X.25 PPP
Ethernet
Packet over Sonet (POS)
SONET
STM-1, 4, 16
SDH
slide 7
Network structure – Domain separation
ISP 1
CPE
WWW
backbone ISP 2
ISP 3 PSTN/ISDN
slide 8
Network Architecture – Access: connection model
slide 9
Network Architecture – Core: MPLS VPN
VPN ISP
VPN SP 11
Distributie / Core ISP 1
CPE apparatuur
VPN ISP
SP 22 ISP 2
backbone
ISP 3
VPN ISP
SP 33
City PoP
slide 10
Network Architecture – Core Network
IP Routing
! IGP
! For distributing ‘next-hop’ routing information
! OSPF or IS-IS
! M-BGP
! For distributing IPv4 prefixes
slide 11
Network Architecture – MPLS primer: labels
IP packet L1 IP packet
L2
IP
packet
L3
IP
packet
IP packet
slide 12
Network Architecture – MPLS primer: forwarding
IP rou>ng table
Label
Forwarding
informa>on
Base
(LFIB)
slide 13
Network Architecture – Increasing complexity
Complexiteit
Triple play
Dual play
Single play
Multiplay
slide 14
Quizzz
slide 15
Network Architecture – Quality of Service
Core network
! QoS only relevant if congestion can occur
! Used to be irrelevant in broadband networks as bandwidth was
plenty. FTTH and Docsis3 has changed this.
! QoS policy of most providers was: “upgrade capacity”.
Currently large providers are running into technological limits:
10GE is not fast enough and 100GE is not yet there!
! Cost for service providers is increasing rapidly
! Traffic is becoming more symmetrical
slide 16
Network Architecture – Quality of Service
Access networks
! Multi-play services all use the same connection
! Voice traffic needs to be protected
! Video needs to get enough bandwidth (otherwise you’ll see
blocks)
! Video and voice need protection from general internet traffic
(especially P2P and news traffic)
slide 17
Network Architecture – Quality of Service
CPE
backbone ISP 2
QoS transparent
slide 19
Network Architecture – Security
! Network
! Access to network elements
! Access to network management systems
! Protocols
! “Security by obscurity”
! Control plane protection
! Services platform
! Policy: every service is responsible for it’s own platform
! Where possible network security can provide additional protection
! Separate users
! Spoofing filters
! User isolation
! Protocol filters (note that new OS like Windows Vista and 7 bring new
challenges, like IPv6 default enabled).
slide 20
Network Architecture – Security Attack Vectors
! ARP flood attack, plus spoofing
! DHCP flood attack
! MAC flood attack, plus spoofing
! IGMP flood attack
! IPv4 broadcast flood attacks
! IPv4 unicast flood attack
! TTL=1 attack
! IP options attack
! IPv6 MLD
! … some others.
slide 21
Network Architecture – Security
CPE
backbone ISP 2
Private vlan’s
CPE configuration
vlan filtering
Security force configuration
from a central server
slide 22
Network Architecture – FTTH networks Security toolbox
DHCP snooping VACL Layer-2 filtering:
PFC based special case
Dynamic Arp Inspection - Allow ethertypes 0x800 and 0x806
Hardware limiters
Private VLAN - Broadcast ARP filtering
- Multicast filtering
- Broadcast redirection
slide 23
Network Architecture – IPv6 adressing
! IPv6 display
! 2031:0:130F::9C0:876A:130B
! Leading ‘0’ in a segment is optional
! Use double colon ‘::’ to summarise two segments with 0’s
allowed only once in an address.
slide 24
Network Architecture – IPv6 adressing
! Adress scopes:
! Unicast – single host or interface
! Anycast – group of hosts or interfaces
! Multicast – group of receivers
! There are no IPv6 broadcast adresses (!)
! Adress types:
! Link-local adres, starts with FE80:: /10
! Site-local adres, stars with FEC0:: /10
! Global aggregate adress, worldwide unique
slide 25
Network Architecture – IPv6 adressing
slide 26
Network Architecture – IPv6 migration scenarios
slide 27
Network Architecture – IPv6 – Dual-Stack
IPv6
backbone IPv6 Internet
CPE
IPv4
backbone IPv4 Internet
CPE configuration
security configuration envoforcement
from central provisioning system also IPv6
slide 28
Quizzz
! Netwerk management?
! Why does that seem to be so difficult for most
Service Providers?
slide 29
Network IT - Provisioning
! Bullshit or …?
slide 30
Network IT – Provisioning
slide 31
Network and IT – Systems
slide 32
That’s all for now!
Questions?
slide 33