Professional Documents
Culture Documents
3KC69646KAAATPZZA - V1 - 1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide (Photonic Applications)
3KC69646KAAATPZZA - V1 - 1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide (Photonic Applications)
3KC69646KAAATPZZA - V1 - 1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide (Photonic Applications)
3KC-69646-KAAA-TPZZA
Issue 1
August 2017
Nokia 1830 PSS
Legal notice
Nokia is a registered trademark of Nokia Corporation. Other products and company names mentioned herein may be trademarks or
tradenames of their respective owners.
The information presented is subject to change without notice. No responsibility is assumed for inaccuracies contained herein.
© 2017 Nokia.
Conformance statement
NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC
Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio frequency energy. If the equipment is not installed and
used in accordance with the guidelines in this document, the equipment may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user will be required to correct the
interference at the expense of the user.
Security Statement
In rare instances, unauthorized individuals make connections to the telecommunications network through the use of remote access
features. In such an event, applicable tariffs require that the customer pay all network charges for traffic. Nokia cannot be responsible for
such charges and will not make any allowance or give any credit for charges that result from unauthorized access.
Limited Warranty
For terms and conditions of sale, contact your Nokia Account Team.
Release 10.0
August 2017
2 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS
Contents
1 Introduction ..................................................................................................................................................15
1.1 Overview ...........................................................................................................................................15
Basic aspects of network design ...............................................................................................................16
1.2 Network layers ..................................................................................................................................16
1.3 Physical layer ....................................................................................................................................17
1.4 Data Link layer ..................................................................................................................................17
1.5 Network layer ...................................................................................................................................18
1.6 Transport layer ..................................................................................................................................22
1.7 Application layer................................................................................................................................22
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 3
Nokia 1830 PSS
Glossary ............................................................................................................................................................133
Index ..................................................................................................................................................................141
Release 10.0
August 2017
4 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS
List of tables
Table 1 Information products related to 1830 PSS..........................................................................................11
Table 2 Network layers in TCP/IP model and ISO/OSI reference model ........................................................17
Table 3 TCP/IP protocol stack.........................................................................................................................26
Table 4 IPv6 capabilities of user service interfaces ........................................................................................29
Table 5 Shelf and card support for user service interfaces .............................................................................33
Table 6 DCN-related external interfaces (USRPNL) .......................................................................................35
Table 7 User Panel interfaces .........................................................................................................................38
Table 8 Shelf Panel interfaces ........................................................................................................................39
Table 9 User service interfaces.......................................................................................................................48
Table 10 Functionalities of user service interfaces ...........................................................................................49
Table 11 OSPF cost metrics .............................................................................................................................50
Table 12 Organization of the networks..............................................................................................................85
Table 13 Default behavior of DCN-related interfaces........................................................................................88
Table 14 Engineering rules and guidelines .......................................................................................................90
Table 15 Required buffering and table sizes ....................................................................................................92
Table 16 Management flows and ports on the GNE (Normal mode)...............................................................113
Table 17 Management flows and ports on the GNE (Encrypted mode) .........................................................115
Table 18 Port and Direction for filters delivered with the system.....................................................................117
Table 19 Parameters of the SET-ATTR-SECUDFLT command ......................................................................123
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 5
Nokia 1830 PSS
List of figures
Figure 1 ISO/OSI network architecture ..............................................................................................................16
Figure 2 Typical interconnection of OSPF areas ...............................................................................................21
Figure 3 Customer LAN port on LD cards..........................................................................................................31
Figure 4 1830 PSS-32 User Panel faceplate .....................................................................................................34
Figure 5 1830 PSS-16 User Panel faceplate .....................................................................................................35
Figure 6 1830 PSS-16II User Panel faceplate ...................................................................................................37
Figure 7 1830 PSS-8 User Panel faceplate ......................................................................................................38
Figure 8 1830 PSS-8 Shelf Panel faceplate .....................................................................................................39
Figure 9 CCC front view.....................................................................................................................................41
Figure 10 1830 PSS-16 and 1830 PSS-32 EC faceplate ..................................................................................43
Figure 11 1830 PSS-16II EC faceplate ..............................................................................................................44
Figure 12 Front view of the 1830 PSS-8 EC .....................................................................................................45
Figure 13 1830 PSS-4 EC faceplate ..................................................................................................................46
Figure 14 Front panel of the 1830 PSI-2T .........................................................................................................47
Figure 15 CIT and LAN ports of the 1830 PSI-2T ..............................................................................................47
Figure 16 Schematic diagrams of 1830 PSS system compounds .....................................................................51
Figure 17 Management DCN connection of a photonic compound GNE ..........................................................52
Figure 18 Management DCN connection of a converged system (GNE connection option 1) ..........................53
Figure 19 Management DCN connection of a converged system (GNE connection option 2) ..........................55
Figure 20 Management DCN connection of a converged system (GNE connection option 3) ..........................57
Figure 21 Management DCN connection of a converged system RNE with partial LAN connectivity ...............58
Figure 22 Management DCN connection of a converged system RNE with full LAN connectivity ....................60
Figure 23 Example of a Cluster setup (Example 1) ...........................................................................................62
Figure 24 Example of a Cluster setup (Example 2) ...........................................................................................63
Figure 25 Example of a Cluster setup with a TOR switch..................................................................................67
Figure 26 Basic GNE DCN setup (photonic application) ..................................................................................69
Figure 27 Basic RNE DCN setup (photonic application) ...................................................................................71
Figure 28 OSPF peering model (photonic application) .....................................................................................72
Figure 29 OSPF non-peering model via proxy ARP (photonic application) .......................................................74
Figure 30 Network management overview ........................................................................................................78
Figure 31 IP addressing scheme (nodes sharing a common sub-network) .......................................................79
Release 10.0
August 2017
6 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 7
Nokia 1830 PSS
List of procedures
3.2 Configure physical properties of interfaces..............................................................................................96
Release 10.0
August 2017
8 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS
What's new
Changes in Release 10.0:
Change Location
Support of Internet Protocol version 6 2.2.5 “IPv6 support” (p. 26)
(IPv6)
OSPF multi-area support for OSC/GCC 2.4 “OSPF multi-area support for OSC/GCC” (p. 49)
IP Access Control Lists (ACL) 3.9 “NE firewall with provisionable IP access control
lists (IP ACL)” (p. 107)
Intended audience
The primary audience for the present document is personnel who work with the 1830 PSS system,
that is:
• Network operation and maintenance specialists,
• System administrators,
• Engineers with responsibility for network planning, design, configuration, or optimization.
Supported systems
This document applies to photonic applications of the 1830 Photonic Service Switch (PSS),
Release 10.0, that is to 1830 PSS-4, 1830 PSS-8, 1830 PSS-16, 1830 PSS-16II, 1830 PSS-24x,
and 1830 PSS-32 systems.
Note:
• The terms “photonic applications” and “WDM applications” are used synonymously throughout
this document.
• The terms “system” and “NE” (Network Element) in the context of this document refer to the
photonic compound of an 1830 PSS Release 10.0 node only. The terms “photonic compound”
and “photonic node” are used synonymously.
• The term “main shelf” (alternatively “master shelf”) in the context of this document refers to the
main shelf of the photonic compound of an 1830 PSS Release 10.0 node only. Each 1830 PSS
shelf has a shelf identifier that can be configured by means of two rotary dials on each shelf. The
shelf ID determines the identity and role (main or extension shelf) of each universal shelf; see
also the 1830 PSS Product Information and Planning Guide, section “WDM shelf overview”.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 9
Nokia 1830 PSS
Important!In case you want to plan and configure a DCN for a converged system, or if you want to extend a
single-compound node to a converged system in a future configuration, please take both documents into
consideration.
Conventions used
These conventions are used in this document:
Numbering
The chapters of this document are numbered consecutively. The page numbering restarts at “1” in
each chapter. To facilitate identifying pages in different chapters, the page numbers are prefixed
with the chapter number. For example, page 2-3 is the third page in chapter 2.
Cross-references
Cross-reference conventions are identical with the conventions used for page numbering The first
number in a reference to a particular page refers to the corresponding chapter.
Keyword blocks
This document contains so-called keyword blocks to facilitate the location of specific text passages.
The keyword blocks are placed to the left of the main text and indicate the contents of a paragraph
or group of paragraphs.
Typographical conventions
Special typographical conventions apply to elements of the graphical user interface (GUI), file
names and system path information, keyboard entries, alarm messages, and so on:
• Text appearing on a graphical user interface (GUI), such as menu options, window titles or push
buttons:
− Provision…, Delete, Apply, Close, OK (push-button)
− Provision Timing/Sync (window title)
− Administration → Security → User Provisioning… (path for invoking a window)
• File names and system path information:
− setup.exe
Release 10.0
August 2017
10 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS
− C:\Program Files\
• Keyboard entries:
− F1, Esc X, Alt-F, Ctrl-D, Ctrl-Alt-Del (simple keyboard entries)
A hyphen between two keys means that you have to press both keys. Otherwise, you have to
press a single key, or a number of keys in sequence.
− copy abc xyz (command)
A complete command that you enter.
• Alarms and error messages:
− Loss of Signal
− HP-UNEQ, MS-AIS, LOS, LOF
Abbreviations
Abbreviations used in this document can be found in the “Glossary” unless it can be assumed that
the reader is familiar with the abbreviation.
Related information
1830 Photonic Service Switch (PSS) Release 10.0 Safety Guide 3KC-69646-KAAA-TAZZQ
Provides users of 1830 PSS with the relevant information and safety guidelines to protect
against personal injury. Furthermore, the Safety Guide is useful to prevent material damage to
the equipment. The Safety Guide must be read by the responsible technical personnel before
performing relevant work on the system. The valid version of the document must always be
kept close to the equipment.
1830 Photonic Service Switch (PSS) Release 10.0 Portable Provisioning Tool (PPT) User 3KC-69646-KAAA-TBZZA
Guide
Provides instructions for use and describes the features of the 1830 Portable Provisioning Tool.
1830 Photonic Service Switch 4 (PSS-4) Release 10.0 User Provisioning Guide 3KC-13563-KAAA-TCZZA
Provides step-by-step information for use in daily system operations for 1830 PSS-4. The
manual demonstrates how to perform system provisioning, operations, and administrative
tasks.
1830 Photonic Service Switch (PSS) Release 10.0 User Provisioning Guide 3KC-69646-KAAA-TCZZA
Provides step-by-step information for use in daily system operations. The manual
demonstrates how to perform system provisioning, operations, and administrative tasks.
1830 Photonic Service Switch 24x (PSS-24x) Release 10.0 User Provisioning Guide 3KC-69646-KAAA-SCZZA
Provides step-by-step information for use in daily system operations for 1830 PSS-24x. The
manual demonstrates how to perform system provisioning, operations, and administrative
tasks.
1830 Photonic Service Switch (PSS) Release 10.0 Engineering and Planning Tool User Guide 3KC-69646-KAAA-TEZZA
Provides step-by-step information for use in daily system operations for the EPT. The manual
demonstrates how to perform system provisioning, operations, and commissioning tasks.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 11
Nokia 1830 PSS
1830 Photonic Service Switch (PSS) Release 10.0 TL1 Commands and Messages Guide 3KC-69646-KAAA-TFZZA
(Switching Applications)
Describes the external TL1 interface for 1830 PSS-36/64 in terms of TL1 command,
responses, and notification definitions.
1830 Photonic Service Switch (PSS) Release 10.0 TL1 Commands and Messages Guide 3KC-69646-KAAA-TGZZA
(Photonic Applications)
Describes the external TL1 interface for 1830 PSS-4, 1830 PSS-8, 1830 PSS-16II,
1830 PSS-16/32, and 1830 PSS-24x.
1830 Photonic Service Switch (PSS) Release 10.0 Command Line Interface Guide 3KC-69646-KAAA-THZZA
Provides information about the Command Line Interface (CLI) for 1830 PSS-4, 1830 PSS-8,
1830 PSS-16II, 1830 PSS-16/32, and 1830 PSS-24x.
1830 Photonic Service Switch (PSS) Release 10.0 Command Line Interface Guide (OCS 3KC-69646-KAAA-SHZZA
Packet Applications)
Provides information about the Command Line Interface (CLI) for 1830 PSS-36/64.
1830 Photonic Service Switch 4 (PSS-4) Release 10.0 Installation and System Turn-up Guide 3KC-13563-KAAA-TJZZA
A step-by-step guide to install and turn-up 1830 PSS-4. It also includes information needed for
pre-installation site planning and post-installation acceptance testing.
1830 Photonic Service Switch 8 (PSS-8) Release 10.0 Installation and System Turn-up Guide 3KC-69646-KAAA-SLZZA
A step-by-step guide to install and turn-up 1830 PSS-8. It also includes information needed for
pre-installation site planning and post-installation acceptance testing.
1830 Photonic Service Switch 16II (PSS-16II) Release 10.0 Installation and System Turn-up 3KC-69646-KAAA-SMZZA
Guide
A step-by-step guide to install and turn-up 1830 PSS-16II. It also includes information needed
for pre-installation site planning and post-installation acceptance testing.
1830 Photonic Service Switch 16/32 (1830 PSS-16/32) Release 10.0 Installation and System 3KC-69646-KAAA-TJZZA
Turn-up Guide
A step-by-step guide to install and turn-up 1830 PSS-16/32. It also includes information needed
for pre-installation site planning and post-installation acceptance testing.
1830 Photonic Service Switch 36 (PSS-36) Release 10.0 Installation and System Turn-up 3KC-69646-KAAA-TKZZA
Guide
A step-by-step guide to install and turn-up 1830 PSS-36. It also includes information needed
for pre-installation site planning and post-installation acceptance testing.
1830 Photonic Service Switch 64 (PSS-64) Release 10.0 Installation and System Turn-up 3KC-69646-KAAA-TLZZA
Guide
A step-by-step guide to install and turn-up 1830 PSS-64. It also includes information needed
for pre-installation site planning and post-installation acceptance testing.
1830 Photonic Service Switch (PSS) Release 10.0 Maintenance and Trouble-Clearing Guide 3KC-69646-KAAA-TMZZA
Provides detailed information about possible alarm messages for 1830 PSS. It also provides
procedures for routine maintenance, troubleshooting, diagnostics, and component
replacement.
1830 Photonic Service Switch (PSS) Release 10.0 Quick Reference Guide 3KC-69646-KAAA-TNZZA
Provides users of 1830 PSS a streamlined, easy-to-use navigation aid to facilitate the use of
the system.
Release 10.0
August 2017
12 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS
1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide 3KC-69646-KAAA-TPZZA
(Photonics Applications)
Provides information for the planning and configuration of a Data Communication Network
(DCN) for photonic applications, that is for 1830 PSS-4, 1830 PSS-8, 1830 PSS-16II,
1830 PSS-16/32, and 1830 PSS-24x.
1830 Photonic Service Switch 4 (PSS-4) Release 10.0 Product Information and Planning 3KC-13563-KAAA-TQZZA
Guide
Presents a detailed overview of 1830 PSS-4, describes its applications, gives planning
requirements, engineering rules, ordering information, and technical specifications.
1830 Photonic Service Switch (PSS) Release 10.0 Product Information and Planning Guide 3KC-69646-KAAA-TQZZA
Presents a detailed overview of 1830 PSS-8, 1830 PSS-16II, 1830 PSS-16/32, and
1830 PSS-36/64 describes its applications, gives planning requirements, engineering rules,
ordering information, and technical specifications.
1830 Photonic Service Switch 24x (PSS-24x) Release 10.0 Product Information and Planning 3KC-69646-KAAA-SQZZA
Guide
Presents a detailed overview of 1830 PSS-24x, describes its applications, gives planning
requirements, engineering rules, ordering information, and technical specifications.
1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide 3KC-69646-KAAA-TRZZA
(Switching Applications)
Provides information for the planning and configuration of a Data Communication Network
(DCN) for switching applications, that is for 1830 PSS-36 and 1830 PSS-64 systems (OCS).
1830 Photonic Service Switch (PSS) Release 10.0 GMPLS/GMRE Guide 3KC-69646-KAAA-TWZZA
Contains information about the GMPLS Routing Engine (GMRE) of the 1830 PSS; it provides a
high-level functional overview of the GMRE and describes the steps to plan and set up a
GMRE-controlled network.
1830 Photonic Service Switch (PSS) Release 10.0 Electronic Documentation Library 3KC-69646-KAAA-TZZZA
Contains all documents related to 1830 PSS in multiple electronic formats: epub, mobi, html,
and pdf.
Technical support
For technical support, contact your local customer support team. See the Support web site
(https://networks.nokia.com/support/) for contact information.
How to comment
To comment on this document, go to the Online Comment Form (http://infodoc.alcatel-lucent.com/
comments/) or e-mail your comments to the Comments Hotline (mailto:comments@nokia.com).
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 13
Nokia 1830 PSS
Release 10.0
August 2017
14 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Introduction
1 Introduction
1.1 Overview
1.1.1 Purpose
The present section provides some theoretical background information relating to the basic network
design principles; the main focus is on TCP/IP-based communication.
1.1.2 Contents
1.1 Overview 15
Basic aspects of network design 16
1.2 Network layers 16
1.3 Physical layer 17
1.4 Data Link layer 17
1.5 Network layer 18
1.6 Transport layer 22
1.7 Application layer 22
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 15
Network layers Nokia 1830 PSS
The network architecture is in general described by means of the ISO/OSI reference model, which
defines seven “layers”, as shown in the following figure:
Figure 1 ISO/OSI network architecture
Data Link layer Data Link layer Data Link layer Data Link layer
(Frame) (Frame) (Frame) (Frame)
Release 10.0
August 2017
16 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Physical layer
A “layer” is a collection of conceptually similar functions that provide services to the layer above it
and receives service from the layer below it.
The Physical layer just transports bits, whereas the Data Link layer handles structured frames. The
Network layer has to route/forward packets from the sender NE along some intermediate NEs
towards the destination NE. This service is on behalf of the Transport layer which is handling
segments as pieces of data exchanged by the actual applications.
Note: The ISO/OSI reference model defines explicit Session and Presentation layers whereas
the TCP/IP model summarizes the layers above the Transport layer to a single Application
layer.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 17
Network layer Nokia 1830 PSS
Connectivity
LCP (Link Control Protocol) - as a part of PPP - provides automatic consistent configuration of the
interfaces in terms of:
• Setting the maximum frame size, Maximum Transmission/Receive Unit (MTU/MRU) - by default
1500 octets. Frames less than 4 octets are silently discarded.
• Escaped characters.
• Options like magic number (for loop detection), authentication.
The LCP is specified by the same RFC 1661 as the PPP, and runs on top of the PPP. Therefore, a
basic PPP connection has to be established before LCP is able to configure it.
The PPP permits multiple network layer protocols to operate on the same communication link. For
every network layer protocol used, a separate Network Control Protocol (NCP) is provided in order
to encapsulate and negotiate options for the multiple network layer protocols. The Internet Protocol
(IP), for example, uses the IP Control Protocol (IPCP).
1.4.3 Ethernet
Connectivity
MAC address is a 6-byte identifier with specific ranges per equipment supplier. Some systems may
allow reassignment of the MAC addresses; if this is the case take care on uniqueness. Network
elements may support different rates, 10 Mb/s, 100 Mb/s, 1 Gb/s for example, which are to be
configured and/or aligned by auto-sensing and auto-negotiation according to IEEE 802.3.
ARP must be available in the IP context and used to resolve IP to MAC address translation.
Release 10.0
August 2017
18 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Network layer
1.5.3 Connectivity
In order to provide connectivity, it is essential to guarantee uniqueness of the IP addresses
assigned to the NE. In addition to a unique IP address, it is necessary to configure for each
numbered interface of an NE a sub-network mask (short: netmask). A netmask other than /32 (in
CIDR notation) has to be used on broadcast layer 2 networks, where multiple hosts can be reached
via a single network interface. All these hosts have to be in the same subnet, as defined by the
address and netmask. Note that routing problems will occur, if the hosts in one subnet are not all
connected to a common layer 2 network. On point-to-point networks, a /32 netmask can be used,
as there can be only one host behind the network interface, and hence only the interface Id is
needed for forwarding.
Since 1830 PSS rel. 9.0 also RFC3021 is supported (Using 31-Bit prefixes on IPv4 Point-to-Point
links)
In general the subnetworks may be determined by physical or administrative facts at the customer
site.
If it is possible to influence the distribution of NEs over different subnetworks, the following aspects
must be considered:
• Physical distribution
• Configuration constraints (scalability) of the routing domain:
− Convergence time after route changes.
− End to end forwarding performance influenced by routing performance and by path length.
The path length is particularly related to the connectivity, since the Time To Live (TTL) is
expressed in number of hops traversed and is set in accordance to the expected length.
• Gateway NEs have to handle additional message exchange.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 19
Network layer Nokia 1830 PSS
Connectivity
OSPF behavior must be conformant with RFC 2328 - Open Shortest Path First (OSPF) version 2,
April 1998.
OSPF allows hierarchical routing by splitting a routing domain (Autonomous System, AS) in areas,
which may improve performance. Connectivity between different areas is managed by routers.
Routers can participate with their interfaces in multiple areas, assuming the Area Border Router
(ABR) role. Each area must be connected to the backbone area (0.0.0.0), either directly or by a
virtual link . A typical OSPF topology is shown in Figure 2, “Typical interconnection of OSPF areas”
(p. 21). Connectivity to external areas is possible via an Autonomous System Boundary Router
(ASBR).
OSPF topology
The logical topology created by OSPF is a backbone area (area 0) through which all inter-area
traffic must pass. Around this backbone area, spider web or star topologies of many directly
attached areas can be created. Areas are delineated on the interface, so that an Area Border
Router (ABR) is always part of at least two areas.
The following figure shows the backbone with one Backbone Router (BR) and two ABRs:
• ABR1 has an interface configured for the area 1. Area 1 contains an Autonomous System
Boundary Router (ASBR) which is connected to a non OSPF area.
• ABR2 has one interface configured for the area 2, and one interface configured for the area 3;
area 2 and area 3 each contain some Internal Routers (IR).
Release 10.0
August 2017
20 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Network layer
IR
ASBR Non OSPF area
Area 1
ABR 1
Backbone area (area 0) BR
ABR 2
IR Area 2 Area 3
IR
IR IR
IR IR
Legend:
ABR Area border router
ABRs are located at the border of the backbone area; they have connections
to two or more areas and have information about each area they belong to.
ASBR Autonomous System (AS) boundary router
ASBRs are located at the boundary of an AS; they are capable of importing
external information into the local area.
BR Backbone router
BRs are located inside the backbone area (area 0); they have information
about the backbone area topology and about destinations that are reachable
outside the backbone.
IR Internal router
IRs are located inside a non-backbone area; they have neighbors only in the
same area and have information only about that area.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 21
Transport layer Nokia 1830 PSS
Connectivity
In addition to the source and destination IP addresses, source and destination port numbers are of
particular importance for the transport layer addressing. They are part of the protocol header, and
are used to identify the sending and receiving application of the messages.
The combination of source and destination IP addresses with the source and destination port
numbers are also referred to as “socket”.
Release 10.0
August 2017
22 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN planning
2 DCN planning
2.1 Overview
2.1.1 Purpose
This section provides information on how to plan DCN for the use with 1830 PSS.
2.1.2 Contents
2.1 Overview 23
General 24
2.2 DCN concepts 24
2.3 User service interfaces 33
2.4 OSPF multi-area support for OSC/GCC 49
2.5 DCN interconnections between photonic and switching NEs 50
2.6 Cluster DCN 61
MCN and SCN aspects 68
2.7 Overview 68
2.8 Management DCN aspects 68
2.9 Signaling DCN aspects 77
Network topology concept and dimensioning 78
2.10 The 1830 PSS management network 78
2.11 Basic network topologies 80
Address planning 83
2.12 Network IP architecture 83
Engineering guidelines 90
2.13 Summary of important rules and guidelines 90
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 23
DCN concepts Nokia 1830 PSS
General
ECCs can be the Optical Supervisory Channel (OSC), or Generic Communication Channels (GCC):
• OSCs are running on separate wavelength channels inside DWDM links, and are terminated on
line driver cards.
• GCCs are embedded in the overhead of the digital OTU and ODU signals (GCC0 for OTUk.
GCC1 and GCC2 for ODUk). GCCs are terminated either on OT cards or on PSS-24x client or
uplink cards.
The cards and the supported ECC terminations are described in the 1830 Photonic Service Switch
(PSS) Release 10.0 Command Line Interface Guide and in the 1830 Photonic Service Switch
(PSS) Release 10.0 TL1 Commands and Messages Guide (Photonic Applications), see Appendix
A: Reference tables - ECC slot ranges.
Note: The listed bandwidth values are the physical bandwidth of the raw channels. The full
physical bandwidth cannot be used for user data due to various mechanisms inside the
protocol stack, which use part of the bandwidth for their own purposes (among these are:
HDLC framing and inter-frame gaps, layer 2 .. 7 protocol headers and trailers, routing protocol
messages).
Release 10.0
August 2017
24 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN concepts
OSCs are preferred (where available) due to their higher bandwidth compared to GCCs.
Communication via OSC tends to have a higher hop-count, compared to GCC, due to the OSC
termination and regeneration on each In Line Amplifier (ILA).
GCCs are used where OSC is not available. This is the case for:
• Communication to edge devices (1830 PSS-4, for example), which are attached via single-
wavelength links or CWDM links.
• Communication to OTN client NEs, connected via OT client ports
• Long spans, which do not provide appropriate OSC performance
• GCCs from PSS-24x are used to communicate with switching NEs (especially PSS-36 or PSS-
64).
There is a 1:1 association between a single GCC and a single Network Interface (NETIF).
Note: Only one GCC type (i.e. GCC0, GCC1, or GCC2) may be terminated on any one given
port instance, that is only one out of OTU-1-1-1 GCC0, OTUODU2-1-1-1 GCC1, or
OTUODU2-1-1-1 GCC2 can be terminated.
Interworking is supported between GCCs that are terminated on different types of cards or in
different types of shelf, as long as interworking is supported for the embedding OTU/ODU signals.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 25
DCN concepts Nokia 1830 PSS
The TCP/IP protocol stack supported for an IP-based DCN is shown in the following table.
Important! The maximum NE SNMP packet size is 2047. The maximum NE MTU size that
can be set on any NE external communication interface (Ethernet, OSC, GCC) is 1500.
SNMP packets larger than the path MTU size will be fragmented. As a result customer DCN
routers should not be configured with any firewall that blocks fragmented packets.
Release 10.0
August 2017
26 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN concepts
All access and services via external interfaces support IPv6, along with IPv4. This specifically
includes the following user interfaces:
• CLI (via telnet or SSH) and performance-enhanced CLI over SSH (SSH/6022)
• Root Access (SSH/5122)
• TL1 (raw, telnet & SSH)
• SNMP, HTTP(S)
Most Services support both IPv4 and IPv6. Specifically, remote servers may be running the IPv6
version of services. This includes:
• FTP-type transfers (ftp, sftp) for:
− DB backup; PM backup; Software update and restore
− SWNE - The local NE can be an IPv6 FTP server
− License Server; debug dumps
• NTP; SNMP Traps; Syslog; Radius
Note: The internal NE addressing for inter-card communication supports IPv4 only.
IPv6 addresses
For detailed information regarding the IPv6 address representation and usage rules, refer to the
section “IPv6 address character (IPV6) definition” of the 1830 Photonic Service Switch (PSS)
Release 10.0 Command Line Interface Guide or 1830 Photonic Service Switch (PSS) Release 10.0
TL1 Commands and Messages Guide (Photonic Applications).
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 27
DCN concepts Nokia 1830 PSS
In most cases, the format of the CLI or TL1 command for configuring an IP address is the same for
IPv4 or IPv6 addresses. The distinction whether a command applies to IPv4 or IPv6 is made by the
system based on the format of the address (e.g., 192.168.10.121 vs. 2001::ff:11)
Important! Configuring an IPv6 address is only allowed for the primary loopback address,
configuring an IPv6 address for the secondary loopback address is not allowed.
For IPv6, the snmp_src option can be set similar to IPv4 when provisioning an IPv6 address for a
loopback, independently of the IPv4 address of the loopback. If the snmp_src option is set, then
the given IPv6 loopback will be used as the source IPv6 address for SNMP traps and responses.
This parameter is independent for IPv4 and IPv6. If, for example, the snmp_src option is set for the
IPv6 loopback only, then IPv4 SNMP requests might use a LAN interface address, while the IPv6
SNMP requests will always use the IPv6 loopback address.
Note: CLI commands that display the details of an interface will show the IPv6 address(es),
prefix length and scope, along with IPv4 address details. The display command will show the
IPv6 Unicast Address (Global Unicast or Unique Local) and (for LAN interfaces) the IPv6
Link-Local Address.
Release 10.0
August 2017
28 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN concepts
(RA), take the prefix that is advertised, and auto-assign the host identifier portion to form a unique
address that can be used on the network. The prefix length will be 64 bits (i.e., /64) and the host
identifier is formed using EUI-64 (Extended Unique Identifier) rules.
IPv6 Autoconfig can be enabled or disabled on an interface.
IPv6 capabilities
The following table provides an overview of the IPv6 capabilities and configuration options of the
various management ports.
IPv6 ACLs will follow the same auto-configuration principle as IPv4 ACLs
• There will be IPv6 ACL Default Patterns, Filters and ACL Filter-Interface Associations
• All are dependent on the NE mode
• Users cannot change IPv6 System default patterns or filters
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 29
DCN concepts Nokia 1830 PSS
The following parameters can be configured by the user via CLI or TL1:
• Link speed
• Duplex
• Status
• Description
Furthermore, the port supports auto-negotiation and auto-sensing. Link speed and duplex mode are
automatically selected by the auto-negotiation protocol.
Important!
1. The customer LAN port is only supported if OSC mode is set to OC3/STM1. Customer LAN
Release 10.0
August 2017
30 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN concepts
traffic will not be supported when the OSC mode is set to 100Base-FX. If the customer
LAN admin state is set to “Up”, the OSC mode cannot be set to 100Base-FX. Likewise, if
the OSC Mode is set to 100Base-FX, the customer LAN admin state cannot be set to “Up”.
2. The user traffic is rate limited to 10 Mb/s.
3. Duplex mode and link speed must be both in auto mode or both set to fixed values. If one
parameter is set to a fixed value, this will change the other parameter to its default fixed
value. The default fixed values for duplex mode and link speed are “Full” and “100Mb/s”.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 31
DCN concepts Nokia 1830 PSS
The ports can be configured for the following values of the link speed:
• 10 Mb/s
• 100 Mb/s
• 1000 Mb/s (applicable for OAMP LAN port on a PSS-16II, and for all PSS-24x LAN ports (OAMP,
E1, AUX, CIT)
• Auto (default setting)
“Auto” indicates that the port will participate in auto negotiation of the link speed.
Release 10.0
August 2017
32 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS User service interfaces
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 33
User service interfaces Nokia 1830 PSS
• E1 and E2 – External LAN interfaces that can be used to connect to externally managed devices
or to interconnect 1830 PSS NEs.
These ports are auto-sensing, so either a cross-over or straight-through Ethernet cable can be
used.
Note: Either the DB9 port or the USB-B port can be used to connect serially to the NE.
However, only one port should be active at any given time.
The front views of the 1830 PSS-32 and 1830 PSS-16 User Panels are shown in the following
figures.
Release 10.0
August 2017
34 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS User service interfaces
1 18 11 2 9 6 4 8
12 13 14 15 16 17 3 5 7
USERPNL
Legend:
1 “STATUS” LED 10 “CRAFT” interface (DB9 port, PSS-32 User Panel only)
CRAFT DB9 connector supporting RS-232C serial interface (support setting: 38,400 baud, 1 stop bit,
(PSS-32 User Panel no parity) for connection to craft terminal via a serial link.
only)
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 35
User service interfaces Nokia 1830 PSS
CRAFT Local RS-232C serial interface (support setting: 34800 baud, 1 stop bit, no parity) with a
type-B USB port for connection to craft terminal via a serial link.
During an EC switchover caused by a failure of the active EC, there may be a brief loss of
communication to the NE from NMS. The applications will be launched on the standby EC. Through
the backplane a LAN communication is established between the User Panel and the two EC
boards.
The User Panel provides four (4) general purpose switched auto-sensing RJ45 LAN ports:
• OAMP – External LAN interface (10/100/1000BaseTX) that can be used to connect to an
External Management System (EMS) or to interconnect 1830 PSS NEs.
• VOIP – The VOIP port (10/100BaseTX) can be used to connect to an IP phone or to interconnect
1830 PSS NEs.
• E1 and E2 – External LAN interfaces (10/100BaseTX) that can be used to connect to externally
managed devices or to interconnect 1830 PSS NEs.
These ports are auto-sensing, so either a cross-over or straight-through Ethernet cable can be
used.
The User Panel of the 1830 PSS-16II shelf provides a local RS-232C serial interface (support
setting: 34800 baud, 1 stop bit, no parity) with a type-B USB port for connection to a craft terminal
via serial link. The NE automatically detects when a laptop (or any equivalent active device) is
connected to that USB-B port.
Release 10.0
August 2017
36 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS User service interfaces
Legend:
1 LEDs “Alarms status”
2 LEDs “ATTENDED”
3 LEDs “STATUS”
4 2*Shelf-ID Rotary
Shelf-ID Rotary "H"
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 37
User service interfaces Nokia 1830 PSS
7 “HOUSEKEEPING1” interface
“HOUSEKEEPING2” interface
10 2*RJ45 interface
Expansion 1 ( FE) and its LED E1, Expansion 2 ( FE) and its LED E2
11 Two RJ45 timing/clock ports that support the IEEE 1588 Precision Time Protocol (PTP) with
ToD/1PPS (Time of day, 1pps (pulse-per-second) signal) and Building Integrated Timing Supply
(BITS) interfaces:
BITSin1 TODin1: BITS and 1pps and TOD IN1
BITSout1 TODout1: BITS and 1pps and TOD OUT1
12 Two RJ45 timing/clock ports that support the IEEE 1588 Precision Time Protocol (PTP) with
ToD/1PPS (Time of day, 1pps (pulse-per-second) signal) and Building Integrated Timing Supply
(BITS) interfaces:
BITSin2 TODin2: BITS and 1pps and TOD IN2
BITSout2 TODout2: BITS and 1pps and TOD OUT2
Note: The User Panel cannot be used in a 1+1 protected configuration of the EC because the
protection EC slot is occupied by the second EC in that case. Communications interfaces
such as the OAMP, ES1/ES2, and CRAFT/CIT interfaces are available via the Shelf Panel or
the active EC, respectively.
Release 10.0
August 2017
38 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS User service interfaces
The Shelf Panel is a mandatory card installed in slot 13 of the 1830 PSS-8 shelf. The Shelf Panel
provides OAMP and Timing interfaces (BITS and ToD).
BITS in/out and TOD in/out Two RJ45 timing/clock ports that support the IEEE 1588 Precision Time
Protocol (PTP) with ToD/1PPS (Time of day, 1pps (pulse-per-second)
signal) and Building Integrated Timing Supply (BITS) interfaces
connected to the Clock Recovery Units CRU_A and CRU_B.
2.3.5 Central Clock and Controller (CCC) card of the PSS-24x shelf
Every 1830 PSS-24x shelf contains a pair of equipment-protected CCC cards.
Each CCC provides a CIT port and three (3) general purpose switched auto-sensing LAN ports (10/
100/1000BaseTX), for connection to EMS/NMS, client devices, and externally managed devices.
• CIT – is dedicated to CIT connection.
CIT ports are active for CCCs in the main shelf only. For CCCs in extension shelves, the CIT
ports are disabled.
The CIT port is enabled by default on the active CCC in the main shelf.
• OAMP – is dedicated to connect to an Element Management System (EMS).
The OAMP port is enabled on the active CCC card only.
• E1 – is dedicated to connect to externally managed devices.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 39
User service interfaces Nokia 1830 PSS
Each of the two E1 ports (“E1-A” on CCC-A in slot 16, “E1-B” on CCC-B in slot 29) can be
configured as a general purpose external LAN port, which is logically terminated by the active
CCC.
In particular, the E1 ports can be used to connect externally managed devices to the 1830 PSS
NE via two independent IP subnets.
• AUX – is dedicated to connect to client devices.
Each of the two AUX ports (“AUX-A” on CCC-A in slot 16, “AUX-B” on CCC-B in slot 29) can be
configured as a general purpose external LAN port, which is logically terminated by the active
CCC.
In particular, the E1 and AUX ports can be used to connect the 1830 PSS NE as an optical
extension shelf to a 7750 service router via two independent IP subnets.
Note: The OAMP/E1/AUX ports may also be used to interconnect 1830 PSS NEs together in
order to extend the DCN when OSC or network interfaces (GCCs) are not an option. This
includes the interconnection of multiple NEs to form a cluster NE.
Release 10.0
August 2017
40 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS User service interfaces
The front of the central clock and controller (CCC) card is shown in the following figure:
Figure 9 CCC front view
6
1
10
11
12
13
g_pipg_0079
Legend:
1 Latches
4 Alarm LEDs
6 Debug Interfaces
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 41
User service interfaces Nokia 1830 PSS
MAC addresses
See 2.3.10 “ Multi Function Card (MFC24X) of the PSS-24x shelf” (p. 46).
Each EC provides four (4) RJ45 LAN ports (10/100BaseTX). These ports are auto sensing and
provide the following functionality:
• CIT – is dedicated to CIT connection.
Only the ECs in the main shelf have the CIT port enabled.
• AUX – is dedicated to auxiliary LAN connection. Each AUX port (on the active and redundant
EC) supports a separate IP subnet, and both are terminated by the active EC, that is, both can
be used.
• ES1 and ES2 – are reserved for inter-shelf connectivity (between main shelf and extension shelf,
or between extension shelves).
Release 10.0
August 2017
42 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS User service interfaces
The front view of the 1830 PSS-16 and 1830 PSS-32 equipment controller (EC) is shown in the
following figure:
Figure 10 1830 PSS-16 and 1830 PSS-32 EC faceplate
Legend:
1 “STATUS” LED
3 USB interface
4 “CIT” interface
5 “AUX” interface
6 “ES 1” interface
7 “ES 2” interface
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 43
User service interfaces Nokia 1830 PSS
The front view of the 1830 PSS-16II EC is shown in the following figure:
Figure 11 1830 PSS-16II EC faceplate
Legend:
1 “STATUS” LED
3 USB interface
Release 10.0
August 2017
44 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS User service interfaces
4 “CIT” interface
5 “AUX” interface
6 “ES 1” interface
7 “ES 2” interface
Each EC provides four (4) RJ45 ports with the following functionality:
• CIT – RJ45 LAN interface, dedicated to CIT connection.
• CRAFT – RS-232C serial interface, dedicated to craft interface.
RS-232C serial interface with RJ45 connector (38400 baud, 1 stop bit, no parity), to connect to a
craft terminal via serial link.
• ES1 and ES2 – RJ45 LAN interfaces, reserved for inter-shelf connectivity (between main shelf
and extension shelf, or between extension shelves).
The front view of the Equipment Controller for 1830 PSS-8 is shown in the following figure:
Figure 12 Front view of the 1830 PSS-8 EC
The 1830 PSS-4 equipment controller (EC) provides four (4) general purpose switched auto-
sensing RJ45 LAN ports (10/100BaseTX):
• OAM – External LAN interface that can be used to connect to an External Management System
(EMS) or to interconnect 1830 PSS NEs.
• CIT/CRAFT – The CIT LAN port and the CRAFT serial port are sharing one auto- sensing RJ45
port (pin 1/2/3/6 for CIT, pin 7/8 for RS232 Rx/Tx, pin4 GND for RS232).
− The “CIT port” is a LAN port used for local NE commissioning.
− The “CRAFT port” is a local RS-232 serial interface (support setting: 38400 baud, 1 stop bit,
no parity), used for the connection to a craft terminal via serial link.
Important:
• ES1 and ES2 – External LAN interfaces that can be used to connect the to 1830 PSS-4
extension shelves.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 45
User service interfaces Nokia 1830 PSS
The front view of the 1830 PSS-4 equipment controller (EC) is shown in the following figure:
Figure 13 1830 PSS-4 EC faceplate
Legend:
CIT/CRAFT “CIT/CRAFT” interface
The MFC24X provides MAC addresses for the following Ethernet ports for each of the two CCC
cards:
• OAMP
• CIT
• E1
• AUX
Release 10.0
August 2017
46 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS User service interfaces
The 1830 PSI-2T has one built-in equipment controller, PSIEC2, which has a CIT port and three (3)
general purpose switched auto-sensing LAN ports (10/100/1000BaseTX) for connection to NMS,
client devices, externally managed devices, or for interconnecting NEs.
• CIT – is dedicated to CIT connection. The CIT port is enabled by default.
• OAMP – is dedicated to connecting to the external DCN and Element Management System
(EMS) or Network Management Systems (NMS).
• AUX1, AUX2 – are general purpose LAN interfaces for connecting to the DCN LAN (to serve as
a redundant connection), or interconnecting shelves, such as in a cluster configuration.
The following is a detailed view of the CIT and LAN interfaces on the 1830 PSI-2T.
Figure 15 CIT and LAN ports of the 1830 PSI-2T
Note: Unlike other shelf types, the 1830 PSI-2T does not have redundant equipment
controllers.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 47
User service interfaces Nokia 1830 PSS
Port
Shelf Type Equipment
OAMP VOIP E1, E2 AUX ES1, ES2 CIT 1 CRAFT/USB
X X
PSS-4 EC - - - X
(OAM) (CIT/CRAFT)
SHFPNL X - - - - - -
PSS-8
X
8USRPNL - - (EXP) - - - -
(E1 only)
X2 X
EC - - - X X
PSS-16 (AUX-A/B) (USB-B)
USRPNL X X X - - - -
X2
32EC2 - - - X X X
(AUX-A/B)
PSS-16II
X
USRPNL X4 X X - - -
(USB-B)
2
EC X
- - - X X -
32EC2 (AUX-A/B)
PSS-32
X
USRPNL X X X - - -
(DB9 & USB-B)
X3 , 4
X2 , 4
PSS-24x CEC2 X1 , 4
- (E1A, - X -
(AUX-A/B)
E1B)
X5 , 6
X5 CRAFT (USB-B) &
PSI-2T PSIEC2 X5 - - (AUX1/ - (RJ45) USB
AUX2)
Notes:
1. When both active and standby controllers are installed, this port is up on the active controller; this port is
down on the inactive/standby controller.
2. There are two AUX ports: AUX-A on the first equipment controller and AUX-B on the second equipment
controller (if installed). When both active and standby controllers are installed, both ports are up (even when
an equipment controller is inactive/standby).
3. There are two E1 ports: E1A on the first equipment controller and E1B on the second equipment controller (if
installed). When both active and standby controllers are installed, both ports are up (even when an
equipment controller is inactive/standby).
4. These LAN interfaces are GbE.
Release 10.0
August 2017
48 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS OSPF multi-area support for OSC/GCC
For software releases prior to 1830 PSS Release 10.0, the following applied regarding the support
of multiple OSPF areas:
• The loopback interface and all Embedded Communication Channels (ECCs) are in one OSPF
area.
• The LAN interfaces can be in any OSPF area, including the OSPF area of the loopback.
By default, the loopback interface and all ECCs are in the area 0, though can be changed. The
opaque LSA capabilities are always in the area with the loopback. The LAN interfaces can be in a
different area than the loopback, but they will not have opaque LSA capabilities. Hence, there is
only one optical domain on the 1830 PSS.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 49
DCN interconnections between photonic and switching NEs Nokia 1830 PSS
Release 10.0
August 2017
50 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN interconnections between photonic and switching NEs
The following schematic diagrams will be used throughout this section to illustrate the DCN
connections of 1830 PSS system compounds:
Figure 16 Schematic diagrams of 1830 PSS system compounds
Active EC
FLC A
FLC B
(active)
Photonic
compound Switching compound
OSC GCC GCC
Please note that the interfaces shown serve as examples only, they represent a superset of all
possible interfaces; see 2.3 “User service interfaces” (p. 33).
Not all these interfaces are actually supported by all shelf types, for example:
• PSS-4 does not support E1/E2 and AUX.
• PSS-8 does not support E2 and AUX.
• PSS-24x does not support E2 and VOIP but E1-A/E1-B on the CCC-A and CCC-B, respectively.
The LAN interfaces (E1, E2, ... , OAMP) shown for the photonic compound on the left-hand side are
a superset of the potentially available LAN interfaces on photonic shelves. Depending on the type
of shelf, a subset of these LAN interfaces is actually supported, see Table 9, “User service
interfaces” (p. 48).
Important! Use twisted-pair LAN cables (halogen-free standard CAT6 LAN cables) with RJ45
connectors at both ends to connect the system compounds to the DCN equipment (routers or
LAN switches).
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 51
DCN interconnections between photonic and switching NEs Nokia 1830 PSS
The following figure shows the recommended way of connecting a photonic compound to the
management DCN as a GNE.
Figure 17 Management DCN connection of a photonic compound GNE
Management
system
x
Management network
(IP based)
Out-of-band DCN
Active EC
Photonic
compound
OSC GCC
The OAMP port on the user panel has to be connected to a single port of the management DCN
LAN infrastructure.
Release 10.0
August 2017
52 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN interconnections between photonic and switching NEs
Management
system
x Management network
(IP based)
Out-of-band DCN
LSW (RSTP)
Active EC
FLC A
FLC B
(active)
Photonic
Switching compound compound
GCC OSC GCC
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 53
DCN interconnections between photonic and switching NEs Nokia 1830 PSS
Advantages
Disadvantages
Release 10.0
August 2017
54 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN interconnections between photonic and switching NEs
Management
system
Management network
(IP based)
Out-of-band DCN
Advantages
Disadvantages
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 55
DCN interconnections between photonic and switching NEs Nokia 1830 PSS
Release 10.0
August 2017
56 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN interconnections between photonic and switching NEs
Management
system
Management network
(IP based)
Out-of-band DCN
Advantages
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 57
DCN interconnections between photonic and switching NEs Nokia 1830 PSS
Disadvantages
Figure 21 Management DCN connection of a converged system RNE with partial LAN
connectivity
Release 10.0
August 2017
58 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN interconnections between photonic and switching NEs
Advantages
Disadvantages
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 59
DCN interconnections between photonic and switching NEs Nokia 1830 PSS
Figure 22 Management DCN connection of a converged system RNE with full LAN connectivity
Advantages
Disadvantages
Release 10.0
August 2017
60 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Cluster DCN
Note: Due to the lack of LAN ports, 1830 PSS-8 cannot be the main shelf in any cluster node.
It can only be an extension shelf.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 61
Cluster DCN Nokia 1830 PSS
The following figure shows an example. It illustrates a 1:3 configuration with four node types: PSS-
32, PSS-16II, PSS-24x and PSS-16. The interconnecting interfaces are shown. NE 1 is a GNE, with
a connection to the customer DCN.
Figure 23 Example of a Cluster setup (Example 1)
OAMP
AUX-A NE 1 AUX-B
(PSS-32)
10.10.10.3/32
AUX-A AUX-B
NE 2 NE 4
(PSS-16II) (PSS-16)
10.10.10.1/32 10.10.10.4/32
AUX-B AUX-A
193.150.2.3/31
NE 3
(PSS-24x)
AUX-A 10.10.10.2/32 AUX-B
193.150.2.2/31
Optical Line Node
Add/Drop Node
Clustering does not preclude any node from being a GNE, and in fact, none of the nodes need to
be GNE. For example, NE-1 could be an RNE with an OSC connection to another site that has the
GNE. It is recommended that the higher performing NE be the GNE, and be the Main NE (in this
case a PSS-32 with two 32EC2 controllers).
Also, in Figure 23, “Example of a Cluster setup (Example 1)” (p. 62), each NE can be a single-shelf
NE, or a multi-shelf NE (up to 24 shelves). A node can have some shelves that have optical line
resources, and other shelves can have add/drop resources. Hence a node can be a Main NE in one
cluster and a Tributary NE in another cluster (second example).
The next example shows two intermixed clusters (1830 PSS NEs and 1830 PSI-2T NEs in a mixed
configuration).
• In the first cluster, NE 1 (i.e. shelf 2 of NE 1) is the Main NE, with NE 5 and NE 6 as the Tributary
NEs.
Release 10.0
August 2017
62 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Cluster DCN
• In the second cluster, NE 3 is the Main NE, and the Tributary NEs are NE 2 and the remaining
two shelves of NE 1.
Cluster 2
Cluster 1
NE 2 NE 1 AUX-1 NE 5
AUX-A
(PSS-16II) (PSS-32) (PSI-2T)
10.10.10.1/32 AUX-A 10.10.10.3/32 10.10.10.6/32
AUX-B
AUX-2
NE 6
(PSI-2T)
NE 4 NE 3
OSC 10.10.10.7/32
(PSS-32) (PSS-32)
10.10.10.8/32 10.10.10.2/32
Add/Drop Node
Both examples will be referenced in subsequent sections, which outline rules for connecting and
configuring clusters, along with setting of routing.
Important! Cluster configurations require two high capacity controllers in duplex operation
mode (two controllers for redundancy) to be installed on all cluster NEs (Main and Tributary
NEs), that is:
• 2 × 32EC2 on PSS-32 or PSS-16II
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 63
Cluster DCN Nokia 1830 PSS
• 2 × CCC/CEC2 on PSS-24x
2.6.3 Addressing
Every node has a loopback IP address, which serves as the SYSTEM address.
Release 10.0
August 2017
64 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Cluster DCN
2.6.6 Routing
Since each node in a cluster is independently managed, OSPF routing must be setup to allow
external DCN (i.e., contact with the NMS) connection to all nodes.
The following CLI commands illustrate how to remove an ACL from both AUX ports of a node:
• Allow the ACLs to be modified:
config acl_default snmpConfig enabled
• Remove the ACL from AUX-A & AUX-B (“1/1” and “1/18” representing slot 1 and slot 18,
respectively, where the ECs are installed):
config acl_port 1/1/AUX rx remove filter
config acl_port 1/18/AUX rx remove filter
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 65
Cluster DCN Nokia 1830 PSS
These commands should be executed on all NEs in the cluster for cluster interconnection LAN
interfaces.
Release 10.0
August 2017
66 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Cluster DCN
VLAN x
(Out-of-band)
DCN
Trunk
TOR TOR
L2 switch / L2 switch /
L3 router L3 router
PSI-2T
... PSI-2T
OAMP
PSI-2T AUX-A
PSS-32
AUX-2 193.150.3.1/28 20.20.5.2
DHCP
AUX-2
PSI-2T Server
PSI-2T
AUX-2
PSI-2T
AUX-2
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 67
Overview Nokia 1830 PSS
2.7 Overview
2.7.1 Purpose
The present chapter describes the DCN aspects of management communication and signaling
communication.
2.7.3 Contents
2.7 Overview 68
2.8 Management DCN aspects 68
2.9 Signaling DCN aspects 77
Release 10.0
August 2017
68 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Management DCN aspects
Four external LAN interfaces are provided via the user panel:
• The OAMP LAN is intended to connect a GNE to the OOB DCN.
• The E1 and E2 external LAN interfaces can be used to connect to externally managed devices
or to interconnect 1830 PSS NEs.
• The VOIP LAN is foreseen to optionally connect an IP phone, or to interconnect 1830 PSS NEs.
In this example above, the PSS-32 is used as the GNE, which has a user panel and additional
interfaces on the active and standby ECs.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 69
Management DCN aspects Nokia 1830 PSS
Other shelf types will have different interfaces, refer to Summary of user service interfaces for
comparison.
If used, all external LAN interfaces have to be configured for an IP subnet of their own.
A GNE or RNE is connected to the in-band DCN via OTU GCC0 or OSC interfaces. These are
unnumbered interfaces, using the SYSTEM loopback address as their local interface address.
As the SYSTEM loopback address is used as the management address, this address has to be
reachable throughout the DCN, and has to be allocated from an official address range.
The same is true for the IP subnets on the E1, E2, and VOIP LANs. These addresses have to be
officially assigned and routed to facilitate the management of external equipment, and the
reachability of the IP phone.
For these addresses to be reachable from management systems, routing information has to be
exchanged between the NEs and the OOB DCN. OSPF is used for this purpose. Please note that
static routes are an alternative to the OSPF dynamic routing protocol.
The IP subnetworks on E1, E2, VOIP and the SYSTEM loopback address are included in OSPF
routing advertisements. Note that, apart from the simple setup shown in Figure 26, “Basic GNE
DCN setup (photonic application) ” (p. 69), arbitrary network topologies can be connected to the E1,
E2, and VOIP LANs, and OSPF can be configured in active mode on these LANs. Any of these
LANs can also be used for dual-compound node interconnections; see 2.5 “DCN interconnections
between photonic and switching NEs” (p. 50).
Typically, OSPF runs in active mode on the OAMP LAN of GNEs, and on OSC/GCC interfaces.
Important! Due to the mechanism for the distribution of wavekeys via OSPF opaque LSAs, all
OSC/GCC interfaces of all NEs in a WDM domain must be in a single OSPF area. LAN
interfaces can be placed in separate areas.
The OAMP IP addresses are only needed for routing to the OOB DCN and can therefore be kept
private to their area.
Release 10.0
August 2017
70 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Management DCN aspects
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 71
Management DCN aspects Nokia 1830 PSS
NOC 2
NOC 1
Gateway Router
Gateway Router NOC 2
NOC 1
Out-of-band DCN
In-band DCN
A split OAMP LAN scenario does not affect the manageability of the GNE, as the SYSTEM
loopback address is used for communication to the GNE (instead of the OAMP LAN address). A
backup route to the SYSTEM loopback address via another GNE and the in-band DCN are
automatically found.
Release 10.0
August 2017
72 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Management DCN aspects
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 73
Management DCN aspects Nokia 1830 PSS
Release 10.0
August 2017
74 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Management DCN aspects
Important! All NEs, that is, the complete in-band DCN connecting the NEs, need to be in a
single OSPF area.
There are two options for the location of the area boundary:
• Inside GNEs, configuring the OAMP LAN into the backbone area:
− This might be an option for large numbers of NEs, in order to keep a reasonably low area
size.
− This might cause a conflict between the need for a reasonably high number of GNEs, and the
need for a reasonably low number of ABRs.
• In the OOB DCN:
− Some part of the OOB DCN, including the NEs’ gateway routers and enough connectivity to
ensure OOB routing resiliency from all ABRs to all GNEs needs to be in the same area as the
NEs.
− A reasonably low number of ABRs are selected in the OOB DCN.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 75
Management DCN aspects Nokia 1830 PSS
A fair number of GNEs from each type of node (switching or photonic) are needed to keep
management traffic out of the in-band DCN as much as possible. Otherwise, bandwidth usage
conflicts might arise between management and signaling traffic.
What can be considered a “fair number of GNEs”, depends on the network topology:
• For ring networks, at least two GNEs per ring should be assigned at “opposite ends” of the ring,
that is at distant points of the ring.
• For mesh networks, there should be not more than 3 or 4 hops from each RNE to the nearest
GNE.
• In control plane networks, there should be at least one GNE per 10 up to 20 RNEs at the
maximum.
Note: The values given in the preceding list relate to the recommendation that management
traffic should be kept out of the in-band DCN as much as possible (due to bandwidth
limitations of in-band connections).
If a non-peering model is mandatory in an operator network (for example if the OOB DCN uses a
routing protocol other than OSPF), the following options exist:
• Option 1: Configure all NEs as GNEs (similar to 2.8.2 “OSPF peering model (photonic
application)” (p. 72))
− Connect each NE via its OAMP LAN to a gateway router (dual-compound nodes can use a
common subnet to connect to a single router).
− Each gateway router, which is connected to a photonic node, has to be configured with a
static route via the OAMP LAN to the SYSTEM loopback address of that node, and has to
redistribute that static route into the OOB routing domain.
− Each photonic node has to be configured with a static default route via the gateway router on
the OAMP LAN.
− For management purposes, no dynamic routing is needed on the NEs.
− Restriction: Split LAN scenarios or in-band DCN partitioning scenarios cannot be mitigated in
this setup.
• Option 2: Follow the non-peering model of the switching nodes
− Only switching nodes are used as GNEs.
− Photonic nodes are attached to switching nodes either via LAN (dual-compound nodes), or
via GCC0. Best performance is reached, if dual-compound nodes are in GNE locations, in
order to keep photonic management traffic off GCCs.
Be aware, that OSPF has to be active on the OAMP LAN of dual-compound nodes. This has
to be tolerated by the non-peering gateway routers.
− The non-peering mode with tunnels between GNEs and NOC sites has to be used to ensure
routing to photonic NEs and switching RNEs.
Drawback: All management traffic needs to go through the FLC CPUs (tunnel endpoints) of
the switching GNEs.
• Option 3: Follow the non-peering model of the photonic nodes
− Only photonic nodes are GNEs, supporting proxy ARP. All externally visible IP addresses are
Release 10.0
August 2017
76 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Signaling DCN aspects
allocated from a reasonably small IP range; see Figure 29, “OSPF non-peering model via
proxy ARP (photonic application)” (p. 74).
− Switching nodes are attached to photonic nodes either via LAN (dual-compound nodes), or
via GCC0.
Be aware, that OSPF has to be active on the OAMP LAN of dual-compound nodes. This has
to be tolerated by the non-peering routers.
− Drawback 1: All management traffic needs to go through the EC CPUs of a few photonic
GNEs.
− Drawback 2: Split LAN scenarios or in-band DCN partitioning scenarios cannot be mitigated.
• Option 4: Set up a complete OSPF domain comprising the NEs and a small part of the OOB
DCN (quasi-peering setup)
− This can be a backbone-only domain, which in essence follows the principles of the OSPF
peering model.
− ASBRs can be configured to interact with the main part of the OOB DCN. Address
summarization should be applied for route import from the main DCN.
− Enough connectivity needs to be present in the OSPF domain, to provide routing resiliency
between ASBRs and GNEs.
The latter option should be preferred, where an end-to-end peering model is not feasible.
Please note that all NEs do not necessarily have to be GNEs as described in option 1 but static
routes may be configured instead.
2.8.5 Interworking between 1830 PSS and client devices via the IETF GMPLS UNI
protocols
Concerning the IP/Optical interworking between 1830 PSS systems and 7750 Service Router (SR)
via the IETF GMPLS UNI protocols, the following specific restrictions apply regarding both GNE
and RNE setups for an MRN control plane:
• IPCC for IETF GMPLS UNI is only via out-of-band (OOB) communication.
• IPCC (L3) redundancy is supported in Release 10.0 via: the two AUX ports on 1830 PSS-16,
1830 PSS-16II and 1830 PSS-32 as well as via the two AUX and the two E1 ports on 1830 PSS-
24x.
• Each 7750 SR requires a direct “one-hop” IP connectivity to its 1830 PSS UNI neighbours.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 77
The 1830 PSS management network Nokia 1830 PSS
The remotely managed device, as shown in Figure 30, “Network management overview” (p. 78),
Release 10.0
August 2017
78 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS The 1830 PSS management network
can be an IP-managed device co-located with the 1830 PSS NE, a Raman amplifier for example,
connected via the extension LAN.
In this example, all 1830 PSS NEs share the same subnet 135.1.1.0/24. This makes it easier for the
management network to communicate to the NE. In other words, only one routing entry needs to be
statically added to the management router (135.1.1.0/24) in order to access every 1830 PSS
network element. TCP/IP support is required over the LAN interface(s) and all Embedded
Communication Channels (ECC), e.g. OSC and GCC0.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 79
Basic network topologies Nokia 1830 PSS
An 1830 PSS network includes mainly three kinds of equipments. Basically the same boards and
shelves but with different functions:
• Line terminal
• Fixed, Reconfigurable, or Tunable Optical Add-Drop Multiplexers (FOADM, ROADM, TOADM)
• ILA (In Line Amplifier)
Each 1830 PSS NE can be configured as a Gateway Network Element (GNE) to provide an access
from the DCN to all the NEs on the optical network.
Release 10.0
August 2017
80 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Basic network topologies
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 81
Basic network topologies Nokia 1830 PSS
Release 10.0
August 2017
82 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Network IP architecture
Address planning
In the following figure the IP architecture is illustrated on a meshed network but applies to all the
topologies.
Figure 35 IP architecture overview
EMS
@OMS
1830 EMS
Customer Management Backbone Subnet
@W1
@OAMP_8
Workstation
@OAMP_1 @OAMP_6
@SYSTEM_3 @SYSTEM_8
@SYSTEM_1 @SYSTEM_2 @SYSTEM_9
@SYSTEM_4
DCN
@SYSTEM_5 @SYSTEM_7 Customer
@VoIP_2 @SYSTEM_6 @E1 addresses
OSPF area
TOADM
1830PSS GNE
Internal
addresses
1830PSS GNE
ZIC 172.16.1.0/24
IP phone SNMP external device
Local dhcp connection
Local dhcp connection Local dhcp connection
(1 per 1830)
(1 per 1830) (2 per 1830)
@GMRE_3 @GMRE_8
@GMRE_1 @GMRE_4 @GMRE_9
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 83
Network IP architecture Nokia 1830 PSS
Release 10.0
August 2017
84 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Network IP architecture
interface + 1 IP address for the external device). Typically, this network is advertized outside the
WDM sub-network in order to reach management systems.
In an EXTD network, E1, E2, AUX or VOIP ports can be used.
• INT network for addresses needed in order to reach interfaces which are involved in routing
process. This network is useful within an Area and is not advertized outside the WDM sub-
network.
In an INT network, E1, E2, AUX or VOIP ports can be used.
• LOCAL network for addresses needed in order to reach AUX LAN interfaces. This network is
similar to the INT network but not advertised by OSPF.
• OAMP addresses – several cases are possible (the OAMP address is different from the
SYSTEM address):
− In case of direct link between OAMP and external router, a /30 subnet within the ‘INT network’
range can be used;
− In case there are also other devices on the same LAN, a /29 (six usable addresses) or better
could be used;
− Otherwise, assign a free IP address to OAMP port within an already existing sub-network.
Note: The OAMP LAN interface is a numbered interface which is used for connecting the NE
to the DCN for central management. As a numbered interface, it requires a unique IP address.
The SYSTEM address, however, is shared as interface address by all unnumbered network
interfaces. Hence, the OAMP IP address and the SYSTEM address cannot be the same.
Name Function Subnet address Organization of the Network (based on a /24 network)
Number of
groups First address Last address
Management network,
loopback addresses for x.x.x.0 (given by
MGMT management customer) 256 MGMT0=x.x.x.0/32 MGMT255=x.x.x.255/32
2 ad-
dresses per
Customer GMRE See 4.2.3 “Example for GMRE node and notify
CP GMPLS control plane defined node addresses ” (p. 130)
x.x.x.0 (given by
VOIP IP phone customer) 64 VOIP0=x.x.x.0/30 VOIP63=x.x.x.252/30
x.x.x.0 (given by
EXTD External Devices addresses customer) 64 EXTD0=x.x.x.0/30 EXTD63=x.x.x.252/30
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 85
Network IP architecture Nokia 1830 PSS
Name Function Subnet address Organization of the Network (based on a /24 network)
Number of
groups First address Last address
x.x.x.0 (given by
LOCAL AUX LAN addresses customer) 64 LOCAL0=x.x.x.0/30 LOCAL63=x.x.x.252/30
Notes:
1. 1830 PSS NEs support 31-bit prefixes on IPv4 point-to-point links according to the RFC 3021. For interfaces
with IP subnetwork masks of /31, the broadcast IP will be set to 255.255.255.255.
Observe the following guidelines for the organization of networks within a WDM sub-network:
• The MGMT network addresses range shall be provided by the customer for the assignment of
NE management addresses.
• The CP network addresses range shall be provided by the customer for the assignment of
Control Plane addresses if GMPLS is enabled in the WDM sub-network.
• The VOIP network addresses range shall be provided by the customer for the assignment of
VOIP addresses if Voice over IP solution is used in the WDM sub-network.
• The EXTD network addresses range shall be provided by the customer for the assignment of
External Devices addresses if needed.
• The INT network addresses range shall be provided by the customer for enabling LAN interfaces
involved in routing process within an Area but invisible to the management system.
• The LOCAL network addresses range shall be provided by the customer for enabling AUX LAN
interfaces.
The size of each network depends on the WDM sub-network size. Typically each range of
addresses corresponds to a /24 subnet.
Note: The following subnets are reserved for internal addresses, and cannot be used:
• 100.0.0.0/8 (100.x.x.x)
• 172.16.0.1/24
Release 10.0
August 2017
86 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Network IP architecture
Default or INT
CIT ZIC/Local craft terminal or EXTD /30 172.16.0.1 Yes No CIT port on EC
PAS-
SIVE if
VOIP IP phone access VOIP /30 0.0.0.0/0 Yes used VOIP on USRPNL
PAS-
AUX-A, Auxiliary LAN SIVE if
AUX-B connections LOCAL /30 0.0.0.0/0 Yes used AUX ports on EC
see
4.2.3 “Example
for GMRE
node and
notify
GMRE node GMPLS control plane addresses ” PAS-
(CP node) loopback address (p. 130) /32 None Yes SIVE Loopback1
see
4.2.3 “Example
for GMRE
node and
Additional GMPLS notify
GMRE notify control plane loopback addresses ” PAS-
(CP notify) address (p. 130) /32 None Yes SIVE Loopback2
Notes:
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 87
Network IP architecture Nokia 1830 PSS
• If purpose is to reach any NE outside the WDM sub-network, assign a /30 subnet within the
EXTD range.
The SYSTEM address is the only IP address which must always be set on an 1830 PSS system.
The SYSTEM address is the NE's loopback IP address, which is shared as interface address by all
unnumbered network interfaces and which will also be used as the OSPF Router ID.
Note: On standby cards, the LAN interface ports are disabled in order to prevent loops from
forming and to prevent any external LAN switches from learning the same MAC address on
multiple ports.
Release 10.0
August 2017
88 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Network IP architecture
OSPF advertisement:
• When OSPF is enabled in active mode on an interface, then OSPF messages are exchanged
via this interface, and OSPF advertises the loopback addresses, the serial interfaces, and the
directly connected sub-networks on all other OSPF enabled interfaces.
• When OSPF is enabled in passive mode on an interface, no OSPF message is sent on this
interface but OSPF advertises this interface subnet on all other OSPF enabled interfaces.
In a network design where OSPF is enabled on the GNE OAMP/VOIP/E1/E2 management ports or
where static routes are configured such that an alternate path for the 1830 PSS NEs is available via
the customer DCN in addition to inter-NE paths via OSC/NETIF interfaces, the following should be
adhered to:
• At the GNEs the Loopback IP should be provisioned with the snmp_src option such that all
SNMP requests to the NE must use ONLY the Loopback IP of the NE (the OAMP/VOIP/E1/E2 IP
address will not be valid for SNMP requests). Likewise, any SNMP traps from the NE will contain
the Loopback IP as the source IP address.
• When OSPF is enabled at the OAMP/VOIP/E1/E2 port the OSPF metric should be provisioned
to be greater than the largest inter-NE path cost. This will allow for NE-NE application data
messages to prefer inter-NE path over customer DCN paths.
• When static routes are configured at the GNE in order to provide an alternate path for the
1830 PSS NE-NE communication via the customer DCN in addition to inter-NE paths via OSC/
NETIF interfaces – the distance value provisioned for each static route should be greater than
110. This will allow for NE-NE application data messages to prefer inter-NE paths over customer
DCN paths.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 89
Summary of important rules and guidelines Nokia 1830 PSS
Engineering guidelines
Connectivity A node belongs to an OSPF area if at least one of its interfaces is enabled in this area.
Each 1830 PSS NE must have links to at least two different neighbors. Links can be
OSC, GCC0 or Ethernet; neighbors can be an 1830 PSS NE or an IP router.
WDM sub-network and OSPF area Due to wavelength key distribution constraints, all nodes of a WDM sub-network must
belong to the same OSPF area..
Typically, a DCN OSPF area is assigned per WDM sub-network.
It is possible to set several WDM sub-networks in the same OSPF area if this is still
compatible with the maximum number of NEs.
Number of NEs per OSPF area In the DCN network, the maximum number of nodes per area is 500.
Number of GNEs The recommendation is to have at least two GNEs per OSPF area.
Additional rules (fair load sharing of outgoing traffic between GNEs):
• GNEs are defined in such a way that any RNE is at a reasonable distance from the
closest GNE.An equal distribution of RNEs to GNEs is desirable as far as the distance
of RNEs to their nearest GNE is concerned.
• Typically, 2 GNEs are required for areas of up-to 100 NEs + 1 GNE per additional group
of 100 NEs in the OSPF area.
OAMP on GNE An 1830 PSS plays the GNE role when it provides an access to the external DCN.
Typically, the following applies:
• This access is performed via the OAMP interface towards an external router.
• OSPF is enabled on the OAMP interface, and the OAMP interface is in the same OSPF
area as other interfaces.
• OAMP access is secured by other GNEs, and there is no need to be locally resilient to
OAMP failure.
Nevertheless, it is not forbidden to use another LAN interface (for example E1 or E2) in
order to locally secure the OAMP link.
Number of GMPLS NEs in a WDM If GMPLS is enabled in a WDM sub-network, the maximum number of 1830 PSS NEs
sub-network which run GMPLS is 400.
Release 10.0
August 2017
90 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Summary of important rules and guidelines
External routers Front routers for the 1830 PSS DCN must provide routes to join the management
systems (Network Management System (NMS)) and the other 1830 PSS NEs through the
DCN.
The following rules apply to gateway routers:
• There must be one router per GNE.
• Dynamic routing is recommended (see also “Routes management for gateway router”).
• Redundancy is not required on each GNE, the route(s) to other GNE(s) provide(s) the
redundancy (see also “Number of GNEs”).
• The router needs one physical interface connected to the 1830 PSS NE (10/100 Mb/s).
• The OAMP port is used to connect to external routers; see Table 6, “DCN-related
external interfaces (USRPNL)” (p. 35).
• The IP address of the external router port connected to the 1830 PSS NE must be in
the OAMP subnet.
Intra-area path redundancy between A direct path has to be set between each gateway router inside a DCN area, if the path
gateway routers redundancy is not ensured by a fully meshed architecture of the WDM network (through
the OSC/GCC0).
Due to hosts (1830 PSS) routes summarization inside the gateway routers , this path
must be an intra-area path, it can be any kind of direct link or a tunnel via the backbone.
This path will ensure the defense of routing in case of OSC/GCC0 failure in a linear
network for instance.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 91
Summary of important rules and guidelines Nokia 1830 PSS
2.13.2
Note: The values given in the following table are general maximum values. Deviating limits
may apply in certain circumstances, see “OSPF peering model (MRN)” (p. 75) for an
example.
Number of simultaneous file transfers over At least 1 One file transfer operation on a NETIF
NETIF connection carrying OTU1/ODU1 rate
traffic.
Release 10.0
August 2017
92 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Summary of important rules and guidelines
Number of NEs in one OSPF area 500 Default OSPF area is area 0.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 93
Summary of important rules and guidelines Nokia 1830 PSS
Release 10.0
August 2017
94 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS DCN configuration
3 DCN configuration
3.1 Overview
3.1.1 Purpose
This section provides instructions explaining how to setup DCN for 1830 PSS.
3.1.2 Contents
3.1 Overview 95
Physical configuration 96
3.2 Configure physical properties of interfaces 96
IP network configuration 98
3.3 DCN configuration overview 98
3.4 Configure IP addresses and TCP/IP parameters 98
3.5 Configure OSPF parameters 100
3.6 Create an OSPF area 103
3.7 Create static routes 105
Time management 106
3.8 Network Time Protocol (NTP) 106
Security 107
3.9 NE firewall with provisionable IP access control lists (IP ACL) 107
3.10 RADIUS for user authentication 118
3.11 Secure/unsecure mode 118
3.12 IPSec tunnel 121
3.13 Syslog server 123
3.14 Advice on security hardening on the 1830 PSS 123
3.15 Locked Secure Appliance mode (ANSSI QS mode) 124
Software Server NE (SWNE) 127
3.16 SWNE functionality 127
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 95
Configure physical properties of interfaces Nokia 1830 PSS
Physical configuration
3.2.2 Steps
For the customer LAN ports, set the duplex mode to one of the following values:
• Full duplex - Chose this setting to use full duplex mode on the LAN port.
• Half duplex - Chose this setting to use half duplex mode on the LAN port.
• Autonegotiated (System Default) - Chose this setting if you want the duplex mode to be
autonegotiated between the LAN port and its link partner.
The default value is the previously existing value or the system default AUTO.
For the customer LAN ports, set the transport capacity (link speed) to one of the following
values:
• 10 Mb/s
• 100 Mb/s
• 1000 Mb/s
• Autonegotiated (System Default) - Chose this setting if you want the link speed to be
autonegotiated between the LAN port and its link partner.
The default setting is the previously existing value or the system default.
3
Configure the MTU size for the OSC/GCC network interfaces.
The MTU (maximum transmission unit) defines the maximum size (in bytes) that a protocol data
unit (PDU) can have to be sent or received via the interface. The greater the MTU the lower is
the probability for fragmentation of data, and the more efficient is the data transmission.
Possible values range from 576 to 1500 bytes.
The default MTU size is 1500 bytes for OSC and GCC interfaces.
Release 10.0
August 2017
96 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Configure physical properties of interfaces
Note: When a virtual link is created across an OSC or GCC path, be sure to set the MTU
size to 1500 bytes for the OSC/GCC interfaces on that path. Be aware that no automatic
checking is done by the NE regarding this MTU size setting.
Important! The MTU size must be consistently configured at both ends of an OSC/GCC
link.
END OF STEPS
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 97
DCN configuration overview Nokia 1830 PSS
IP network configuration
1 Use a LAN cable to directly connect a local management system to the CIT interface and
configure IP addresses and TCP/IP stack parameters for NE interfaces (LAN interfaces
(OAMP, VOIP, E1/E2, ES1/ES2), SYSTEM, GMRENODE, GMRENOTIFY) - based on IP
address and subnet planning.
Local management systems can be the 1830 Command Line Interface (CLI), the TL1
command line interface (TL1), or the web-based user interface (WebUI), for example.
Part of this configuration step is typically done during initial commisioning.
2 Create OSPF areas.
3 Define static routes (if needed)
4 Configure OSPF
5 Enable OSPF per interface
6 Enable ECCs (OSC/GCC0)
OSC or GCC0, once enabled, will be used for management traffic. OSPF will be enabled
automatically and cannot be disabled.
The following IP addresses are typically assigned during the initial commissioning:
• OAMP:
One interface address with the backbone. The gateway router will have an interface in the same
subnet. Could be routed or not. At least /30 subnet.
• SYSTEM:
Loopback IP address of the NE. It is the management address of the NE. Must be routed toward
the backbone.
• GMRENODE :
See 4.2 “Specific considerations regarding the GMPLS Routing Engine (GMRE)” (p. 129) for
details.
• GMRENOTIFY :
See 4.2 “Specific considerations regarding the GMPLS Routing Engine (GMRE)” (p. 129) for
details.
Release 10.0
August 2017
98 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Configure IP addresses and TCP/IP parameters
SYSTEM address
The SYSTEM address must be set prior to connection into the NE via remote methods. Until it is
set, only local access will be allowed. Once the SYSTEM address is set, remote TL1, CLI, WebUI,
or SNMP commands may be sent to the NE using the provisioned IP interface.
For the TCP/UDP port numbers used to access the NE, see 3.9.10 “Firewall configuration” (p. 113).
Important! Since the SEEPROM drives the OAMP IP address, the old database can have an
IP address that is a duplicate to a newly provisioned OAMP IP address. When this occurs and
the old database is restored on the NE, it causes a duplicate IP scenario. Thus, it is highly
recommended that after an OAMP IP is configured, a database backup should be performed.
3.4.3 Steps
1
If not yet done during the initial commissioning phase, set the SYSTEM address.
This is the loopback IP address of the NE, which is shared as interface address by all
unnumbered network interfaces, and which is also used as the OSPF router Id.
2
At the GNE, provision the loopback IP address of the NE with the “SNMP source” option such
that all SNMP requests to the NE must use the loopback IP address of the NE only (the OAMP
IP address will not be valid for SNMP requests).
3
If not yet done during the initial commissioning phase, set the IP addresses on the customer
LAN ports (OAMP, VOIP, E1, E2, and CIT).
4
Specify the subnet masks for the customer LANs (OAMP, VOIP, E1, E2, and CIT).
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 99
Configure OSPF parameters Nokia 1830 PSS
5
Specify whether customer LAN ports (OAMP, VOIP, E1, E2, and CIT) shall support the Proxy
ARP function.
A customer LAN port that supports the Proxy ARP function replies back to ARP requests
from the remote server for all RNEs within the internal network, using its own MAC address
for the response.
6
When a customer LAN port (OAMP, VOIP, E1, E2, and CIT) supports the DHCP Server
function, then define the range of the IP pool for the DHCP server, and specify whether the IP
address of the customer LAN port is to be distributed as the Default Gateway via DHCP.
END OF STEPS
Note: The global OSPF parameters are typically set once in the lifetime of the NE while the
interface-specific parameters have to be set once per OSPF-enabled interface.
Release 10.0
August 2017
100 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Configure OSPF parameters
3.5.2 Steps
1
Configure the global OSPF parameters.
2
Configure the parameters associated with OSPF on each OSPF enabled interface.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 101
Configure OSPF parameters Nokia 1830 PSS
The system default setting is 10, the lower the cost, the better. OSPF determines the
“shortest path” in the sense of a least-cost calculation. Typically, lower costs are assigned to
higher bandwidth links, and vice versa. Setting all routes to equal costs automatically enables
load balancing between the paths.
• Router priority
This parameter is used on the LAN to determine which router will become the designated
router (DR).
Possible values range from 0 to 255, factory default is 1.
OSPF Hello interval and router dead timer: The OSPF Hello interval and router dead timer
are of particular importance because they relate to the OSPF Hello protocol which is a
central OSPF protocol, used for example to establish and maintain neighbor relationships
and thus to form OSPF adjacencies. When no adjacencies can be formed, then no OSPF
LSAs can be exchanged and OSPF routing is not possible. The OSPF Hello interval and
router dead timer determine the interval between two Hello PDUs and the waiting time
before declaring a neighbor down, when no Hello PDUs are received. The OSPF router dead
timer restarts each time an OSPF Hello PDU is received. Thus, it takes at least the router
dead interval to detect a neighbor down condition.
The OSPF Hello interval and router dead timer directly influence to the OSPF convergence
time. Reducing the timer values can improve the convergence time. However, decreasing
the timer values on the other hand increases the risk of premature or toggling neighbor down
decisions.
Note: As a general rule, the default settings of the OSPF Hello interval and router dead
timer strike a balance between convergence time and reliability.
Administratively enable or disable an OSPF interface by setting the OSPF interface status to
one of the following values:
• Enable - The interface will participate in OSPF LSA exchanges.
• Disable - The interface does not run the OSPF protocol.
• Redistribute - The interface does not run the OSPF protocol, but it does advertise.
The initial default setting for the OAMP, E1, E2, and VOIP ports is Disable.
The CIT port only supports Disable and Redistribute.
END OF STEPS
Release 10.0
August 2017
102 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Create an OSPF area
3.6.2 Steps
1
Specify the name of the OSPF area to be created, for example OSPFAREA-1.
If you do not explicitly specify a name, then the OSPF area will be assigned a name
automatically.
2
Define the OSPF area ID, for example 1.1.1.1 or 0.0.0.1.
The OSPF area ID has the format of an IP address, for example '0.0.0.0' for the backbone area,
or '1.1.1.1' or '0.0.0.1' for OSPF area 1. Note that area ID and area index are not numerically
coupled as shown in this example. The backbone area always has the area ID '0.0.0.0'. For
other areas, any 32-bit value except '0.0.0.0' is allowed.
3
Specify the type of OSPF area to be created.
4
Define the default metric (cost setting) for areas of type stub or NSSA.
Possible values range from 0 to 16777215, the default setting is 10.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 103
Create an OSPF area Nokia 1830 PSS
Default metric for areas of type stub or NSSA: In areas of type stub or NSSA, each Area
Border Router (ABR) advertises a default route to the area; see Step 3. The default metric
indicates the cost setting of that default route.
If you have more than one ABR, and you want a particular ABR to take precedence over
other ABRs for routes towards the backbone area, for example due to bandwidth limitations,
then you can use the default metric to achieve this.
Note: Be sure to assign the lowest default metric to the preferred ABR. Increasing values
of the default metric indicate a decreasing order of precedence.
5
Specify whether opaque LSAs for the DNS application shall be distributed into this OSPF area,
and received from this area.
Note: DNS opaque LSAs can only be enabled in one OSPF Area.
6
Specify whether opaque LSAs for the Wave KEY application shall be distributed into this OSPF
area, and received from this area.
Note: Wave Key opaque LSAs can only be enabled in one OSPF Area.
7
If needed, set up virtual links.
Virtual links: OSPF requires that all areas attach directly to the backbone area (area
0.0.0.0), but the attachment need not be physical.
One can take any physical arrangement of areas and attach them logically through OSPF
virtual links. Specify the loopback interface IP address of the NE to terminate the virtual link.
This NE should have an interface that is connected to Area 0.0.0.0 and a non 0.0.0.0 Area.
If the NE is not attached to the backbone area, the specified virtual link address is the
address of an ABR, which is attached to the backbone area.
If the NE is attached to the backbone area, the specified virtual link address is the address of
the NE, which has set up the corresponding reverse virtual link.
Note:
• A virtual link must be configured on both NEs, that is two unidirectional links have to be
set up. Virtual links cannot be established through the backbone area, stub areas, or
areas of type NSSA.
• When a virtual link is created across an OSC or GCC path, be sure to set the MTU size
to 1500 bytes for the OSC/GCC interfaces on that path. Be aware that no automatic
checking is done by the NE regarding this MTU size setting.
END OF STEPS
Release 10.0
August 2017
104 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Create static routes
3.7.2 Steps
1
Specify the IP address of the destination host or network and the subnet mask of the route.
2
Specify the IP address of the next interface (next hop) in the route. This is also known as the
“gateway address”.
Note: The destination host or network must be directly connected to this interface.
3
Define the distance value of the static route.
The NE allows to create multiple static routes to the same destination address via different
interfaces. The distance value can be used to decide which of the routes shall be used for
forwarding decisions. The route with the lowest distance value shall take precedence.
END OF STEPS
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 105
Network Time Protocol (NTP) Nokia 1830 PSS
Time management
Release 10.0
August 2017
106 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS NE firewall with provisionable IP access control lists (IP ACL)
Security
Important! User-specific filtering rules can only impose further restrictions on the default
setup of the NE firewall, it is not possible to open the NE firewall more than the basic
configuration allows.
Note: When “IP” is mentioned in this section without making a distinction between IPv4 or
IPv6 then IPv4 is meant. For information regarding IPv6 ACL, see .
IP ACLs are used in 1830 PSS systems at incoming and outgoing physical network interfaces (DCN
LAN, OSC, NETIF (GCC)) to protect the “inside” (secure) 1830 PSS network from unwanted traffic
originating from the “outside” (unsecure) network. For the 1830 PSS, the inside is the in-band DCN,
which consists of 1830 PSS systems that are usually interconnected by OSCs and GCCs. The
outside network is the out-of-band DCN including the DCN routers.
In addition to the physical network interfaces, ACLs can be used with a special logical sub-interface,
LAN-PPP, representing all GCC/OSC interfaces.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 107
NE firewall with provisionable IP access control lists (IP ACL) Nokia 1830 PSS
NMS
DCN
NMS
Out-of-band
DCN Routers x x
x
OAMP
OAMP
OAMP
1830 PSS
1830 PSS
1830 PSS Third-party
equipment
DCN
In-band
(Backbone area)
ACL perimeter
E2 E1
OAMP
OAMP
Area 1 Area 2
IP ACLs are used to form a security perimeter (ACL perimeter) around the 1830 PSS DCN network
(see Figure 1). Typically, the connection between the inside and the outside DCN is the OAMP
interface of the gateway network element (GNE). Any of the LAN interfaces of an 1830 PSS system
can be used to make a connection to the outside network. This is illustrated in the following figure,
using the 1830 PSS-32 as an example. Other 1830 PSS NEs may have different LAN interfaces;
see Table 9, “User service interfaces” (p. 48).
Release 10.0
August 2017
108 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS NE firewall with provisionable IP access control lists (IP ACL)
Photonic
compound
OSC GCC
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 109
NE firewall with provisionable IP access control lists (IP ACL) Nokia 1830 PSS
Release 10.0
August 2017
110 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS NE firewall with provisionable IP access control lists (IP ACL)
The number of simultaneously defined (index, pattern) pairs across all filters is limited to 4000.
3.9.5 Filters
2 filters are associated with each interface, a receive (Rx) filter and a transmit (Tx) filter. The Rx and
Tx filters can be independently enabled and disabled on an interface. An ACL filter is an ordered list
of filtering rules (patterns).
Note: If a filter/port association already exists in a direction, then it is not allowed to create an
additional association to this port in the same direction.
3.9.6 Patterns
A filter consists of a sorted list of (index, pattern) pairs, where the index indicates the relative
position in the list and the pattern indicates the pattern identifier.
A pattern has an action of “block” or “pass”, that is the matching packet is dropped or permitted to
pass. Once the packet matches a pattern, the progression through the filter list terminates.
When a packet is tested against a filter, it is tested against each pattern starting with the lowest
index and continuing through each remaining pattern in ascending order until a match occurs.
If all patterns in a filter list are tested without yielding a match, then the packet is blocked or passed
according to the ACL global default setting for a specific direction (Rx | Tx):
• If the packet matches a “block” pattern, all processing stops and the packet is dropped.
• If the packet matches a “pass” pattern, the packet arrives at its destination address.
• If the packet doesn't match a pattern and the default action is a “pass” action, the packet arrives
at its destination.
A pattern may also have an “ICMP Error” set (True or False), which specifies whether to send an
ICMP error for blocked packets. If a packet matches a pattern with a "block" action, and the ICMP-
Error is set to "true", an ICMP 3/13 [Destination Unreachable/Communication Administratively
Prohibited] error will be generated for transmission to the host originating the blocked packet.
3.9.7 Ports/Interfaces
ACL filters can be associated to ports.
Ports can either be a specific interface (for example LAN interfaces like OAMP, E1 & E2, VOIP,
AUX-A and AUX-B or ECC interfaces like GCC and OSC), or represent all interfaces of a particular
type (for example the LAN-PPP port which is the logical port for all ECC interfaces).
A packet is processed by a series of ACL filters. If a filter exists and is enabled, a packet ingresses
an Rx interface and is processed by an ACL filter (Rx filter). When the Rx filter has finished
processing the packet, the packet egresses the interface being processed by a Tx filter. If a packet
is processed without a drop at an Tx interface, the packet will be forwarded to its egress interface.
Associating an ACL filter to the LAN-PPP port means that traffic going to all ECC interfaces will be
processed by the ACL. The LAN-PPP filter is processed for all ECC interfaces. In addition, there
can be a user-defined filter on a specific ECC interface (e.g., 1/2/OSCSFP). If there is a user-
defined filter on the specific ECC interface, the user-defined filter will be processed first, followed by
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 111
NE firewall with provisionable IP access control lists (IP ACL) Nokia 1830 PSS
the LAN-PPP filter. The default system action does not occur unless the packet goes through both
filters without matching a pattern.
In normal mode, the LAN-PPP port does not have a default filter. However, a filter can be user-
provisioned.
Note: If no filter is associated with a port - neither in receive nor in transmit direction - or if the
filter is disabled for a direction, the packets pass in the respective direction without checking.
That is, the system will pass all packets through an interface without filter or with disabled
filter. The ACL default setting for a direction only applies to interfaces with an enabled ACL
filter. If there is no filter or if a filter is disabled, there is no default action on packets.
For the default configuration of the system, many ports have system filters associated. Some of
these ports and direction are marked as “SystemDefaultFilterAssoc”. If a port (interface) is marked
as “SystemDefaultFilterAssoc”, the filter on the port cannot be removed or disabled.
1830 PSS NEs support the following user interface (UI) modes:
• Normal mode
This is the least restrictive mode.
In Normal mode, there are no ACLs for the transmit (Tx) direction.
• Encrypted mode
The Encrypted mode is more restrictive than the Normal mode. Only secure protocols are
allowed. Unsecure protocols, such as telnet, ftp and http, have been removed.
In Encrypted mode, Tx filters are also present.
• FIPS mode
In FIPS mode, the same ACLs are used as in the Encrypted mode.
Release 10.0
August 2017
112 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS NE firewall with provisionable IP access control lists (IP ACL)
Important! The provisioning of IP access control lists is reserved for security administrators
only.
In case a user locks-out himself by incorrect ACL configuration, the system always allows SSH
on TCP on Rx direction for the CIT port. This way, the user can establish a CLI session on the
CIT port.
The user may need to configure a PC with a static IP address such as 172.16.0.2/24 and
gateway 172.16.0.1 before doing the trouble shooting.
Provisioning includes:
• Adding a new access control rule to the NE firewall
• Modifying an existing access control rule of the NE firewall
• Retrieving information concerning an existing access control rule of the NE firewall
• Removing an access control rule from the NE firewall
References
For related WebUI provisioning commands and procedures, see the 1830 Photonic Service Switch
(PSS) Release 10.0 User Provisioning Guide.
For related CLI commands, see the 1830 Photonic Service Switch (PSS) Release 10.0 Command
Line Interface Guide.
For related TL1 commands, see the 1830 Photonic Service Switch (PSS) Release 10.0 TL1
Commands and Messages Guide (Photonic Applications).
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 113
NE firewall with provisionable IP access control lists (IP ACL) Nokia 1830 PSS
Table 16 Management flows and ports on the GNE (Normal mode) (continued)
Release 10.0
August 2017
114 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS NE firewall with provisionable IP access control lists (IP ACL)
Table 16 Management flows and ports on the GNE (Normal mode) (continued)
Notes:
1. Source port if dialog initiator is 1830 PSS, destination port otherwise.
2. All LAN interfaces except OAMP can run a DHCP Server. All LAN interfaces can run a DHCP Client.
3. All LAN interfaces except OAMP can run a DHCPv6 Server.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 115
NE firewall with provisionable IP access control lists (IP ACL) Nokia 1830 PSS
Table 17 Management flows and ports on the GNE (Encrypted mode) (continued)
Release 10.0
August 2017
116 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS NE firewall with provisionable IP access control lists (IP ACL)
Notes:
1. Source port if dialog initiator is 1830 PSS, destination port otherwise.
2. All LAN interfaces except OAMP can run a DHCP Server. All LAN interfaces can run a DHCP Client.
3. All LAN interfaces except OAMP can run a DHCPv6 Server.
Table 18 Port and Direction for filters delivered with the system
Notes:
1. These are the default filter associations on this interface. Default filter associations cannot be
modified or disabled.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 117
RADIUS for user authentication Nokia 1830 PSS
Release 10.0
August 2017
118 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Secure/unsecure mode
used by SSH provides confidentiality and integrity of data over an insecure network, such as
Internet. Secure Shell allows a trusted path of communication between two ends (eg., NE and
EMS) using encrypted data stream.
Important! The SSH key needs to be generated before the NE mode can be changed to
secure mode.
The 1830 PSS is provided without any SSH key. A standard certificate can be generated using TL1
or CLI:
• TL1:
INIT-SSH-KEY:[TID]::[CTAG]:::[KEYTYPE=][,MODULUS=];
KEYTYPE is DSA.
MODULUS is 0.
• CLI:
crypto key generate
Note that in principle two possible types of keys exist, DSA (Digital Signature Algorithm) and RSA
(cryptographic algorithm, named after its designers, Ron Rivest, Adi Shamir and Leonard Adleman).
In the current release, only the generation of DSA-type keys with modulus zero is supported.
Example
To generate a DSA key with modulus zero:
INIT-SSH-KEY::::::KEYTYPE=DSA,MODULUS=0;
The network administrator can then get the public key, see 3.11.6 “Getting the public key” (p. 120),
and install it on the servers.
Note: A regeneration of the SSH key will render all previous trusted entities using the old key
to flag the NE as untrusted because of the key change.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 119
Secure/unsecure mode Nokia 1830 PSS
Attention: Before changing the secure mode to ENCRYPTED, check the ability of the
managers to use SSH, HTTPS and SFTP. All the remote systems must be compliant.
Changing the secure mode will provoke a reboot of the 1830 PSS, and if the remote systems
cannot use SSH, HTTPS and SFTP, they will no longer be able to connect to the 1830 PSS.
The following TL1 or CLI commands can be used to set the secure mode:
• TL1:
SET-ATTR-SECUDFLT::::::SECACC=ENCRYPTED;
• CLI:
config admin ui mode encrypted
The following TL1 or CLI commands can be used to get the public key of the NE:
• TL1:
RTRV-SSH-KEY;
• CLI:
crypto key details
This key should be distributed on the SSH clients. If it is not, the client must be allowed to accept
the key at first connection.
This command can be used whatever is the secure mode (secure or unsecure).
Release 10.0
August 2017
120 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS IPSec tunnel
Note: If IPSec tunneling is needed, then the gateway router must be able to manage IPSec
tunneling because this feature is not available on 1830 PSS systems.
Important! If the communication channel has to go through an unsecure network between the
management system and the 1830 PSS GNE, IPSec tunneling is highly recommended. The
same recommendation holds for the intra-area links between the gateway routers of the
GNEs.
An unsecure network could be the Internet domain or a third party network, for instance.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 121
IPSec tunnel Nokia 1830 PSS
IPSEC tunnel,
for management
Management Centre
through Internet
EMS/NMS
Customer Intranet
Customer
Emergency
Access
CustomerManagement Internet
network
Release 10.0
August 2017
122 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Syslog server
Note: We strongly advise to use these commands for hardening the 1830PSS DCN interface.
Parameter Meaning
MINPIDLEN=10 Minimum password length
PAGE=30 Default value for password aging in days
PCND=7 Default number of days to change the password after PAGE
PCNN=3 Default number of login with aged password after PAGE
POINT Password obsolescence interval
Not supported in current release.
MINITVL=15 Default value for minimum interval in seconds between two invalid
login attempts
MXINV=3 Max Invalid Attempts, indicates the maximum number of
consecutive invalid login attempts (regardless of time interval or
number of sessions), before an NE shall logout a user and lockout
the user channel.
TMOUT=15 Default number of minutes of inactivity before closing session
KMINTVL=0 Keep Alive Message Interval, Not activated (not implemented in
1830PSS)
SECACC=SECURE Secure / unsecure mode
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 123
Locked Secure Appliance mode (ANSSI QS mode) Nokia 1830 PSS
3.14.3 Firewalls
Firewalls can be implemented at the border of a WDM sub-network in order to filter flows at going
From/To WDM.
Attention: Firewalls must be implemented if the IP flow has to go through unsecure zones,
such as the Internet for example.
Note: Even though the ANSSI QS mode is connected with a number of restrictions and
limitations, its aim is to enhance the system security.
The ANSSI QS mode is bound to equipment controller cards with specific part numbers (“ANSSI
ECs”):
• PSS-8: 3KC48910AAAA - 8EC2 for ANSSI QS
• PSS-32: 8DG63583AAAA - 32EC2 for ANSSI QS
A specific software load is required, the ANSSI QS software, which is pre-installed on the ANSSI
ECs.
Release 10.0
August 2017
124 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Locked Secure Appliance mode (ANSSI QS mode)
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 125
Locked Secure Appliance mode (ANSSI QS mode) Nokia 1830 PSS
In ANSSI QS mode, the NE acts as a single main shelf. Communication via GCC and OSC
is not supported.
• GMPLS/GMRE:
No control plane support in ANSSI QS mode.
Release 10.0
August 2017
126 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS SWNE functionality
Important! SWNE is only working in normal mode, it is not working in encrypted mode.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 127
SWNE functionality Nokia 1830 PSS
GNE / SWNE
RNE RNE
SWNE 1 SWNE 1
RNE
Release 10.0
August 2017
128 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS GMPLS Routing Engine (GMRE)
4.1 Overview
4.1.1 Purpose
This section provides information which is necessary to setup GMRE using 1830 PSS.
4.1.2 Contents
Important! The SYSTEM address (loopback IP address) has first to be configured before the
control plane IP addresses can be set.
4.2.2 Recommendations
The GMRE node address and the GMRE notify address have to be explicitly configured by the
operator via the 1830 WebUI or via the 1830 CLI. The GMRE addresses must be unique within the
GMRE network and disjoint to all subnets.
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 129
Specific considerations regarding the GMPLS Routing Engine (GMRE) Nokia 1830 PSS
Attention: Ensure that the settings for GMRE node and notify address are correct. After
activating the GMRE, the modification of these addresses is not possible anymore without
traffic impact. To modify the GMRE node address, the node must be reinstalled and all LSPs
related to this node will be failed or deleted.
Attention: Never try to change the node or notify address after the activation of the GMRE
node. The applications of that node will not startup again.
4.2.4
4.2.5
Release 10.0
August 2017
130 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Supervision and troubleshooting
5.1 Overview
5.1.1 Purpose
This section presents information specific for the area of fault handling.
5.1.2 Contents
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 131
Monitoring, diagnosis and troubleshooting of abnormal situations Nokia 1830 PSS
Release 10.0
August 2017
132 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Glossary
Glossary
Numerics
1pps
Pulse per second signal as defined by the IEEE 1588 Precision Time Protocol (PTP)
A
ABR
Area Border Router
ACO
Alarm cut-off
AES128 / AES256
Advanced Encryption Standard with a block size of 128 bits or 256 bits, respectively
Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI)
A certification authority on network and information security.
ANSSI
See “Agence Nationale de la Sécurité des Systèmes d'Information” (p. 133) for definition.
ARP
Address Resolution Protocol
AS
Autonomous System
ASBR
Autonomous System Boundary Router
ASON
Automatically Switched Optical Network
B
B&W interface (Black-and-white interface) (Uncolored interface) (Fixed-wavelength interface)
An optical interface supporting a single wavelength only.
BITS
Building Integrated Timing Supply - an external station clock used for network synchronization.
BR
Backbone Router
C
CIDR
Classless Inter-Domain Routing
CIT
Craft Interface Terminal
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 133
Glossary Nokia 1830 PSS
CLI
Command Line Interface
CORBA (Common Object Request Broker Architecture)
The communication interface between the Network Management System (NMS) and the GMRE
CP
Control plane
D
Data Communications Channel (DCC)
The embedded overhead communications channel in the line. It is used for end-to-end communications
and maintenance. It carries alarm, control, and status information between network elements in a
network.
DCN
Data Communication Network
DSA
Digital Signature Algorithm
E
E1, E2
E1/E2 LAN interface ports
EC
Equipment Controller
Embedded Communication Channel (ECC)
An overhead communications channel embedded in the transport signal. It is used for end-to-end
communications and maintenance. It carries alarm, control, and status information between network
elements in a network.
EPS
Equipment protection switching
ES1, ES2
LAN ports for inter-shelf connectivity (between main shelf and extension shelf (ES), or between extension
shelves)
F
FE
Fast Ethernet (100 Mb/s)
FLC
First-level Controller
FOADM
Fixed Optical Add/Drop Multiplexer
Release 10.0
August 2017
134 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Glossary
FTP
File Transfer Protocol
G
GbE
Gigabit Ethernet (1000 Mb/s)
GCC
General Communication Channel
GE
Gigabit Ethernet (1000 Mb/s)
GMPLS
Generalized Multi-Protocol Label Switching
GMRE
GMPLS Routing Engine
GNE
Gateway Network Element
GRE
Generic Routing Encapsulation
GUI
Graphical User Interface
H
HDLC
High-Level Data Link Control
HMACMD5
A specific hash-based message authentication code to verify data integrity and authentication of a
message.
HTTPS (Secure HTTP)
Hypertext Transfer Protocol Secure
I
IANA
Internet Assigned Numbers Authority
ICMP
Internet Control Message Protocol
IEEE
Institute of Electrical and Electronics Engineers
IEEE 1588 PTP
Precision Time Protocol (PTP) specified in IEEE 1588
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 135
Glossary Nokia 1830 PSS
K
kb/s
kilobit (1000 bits) per second
L
LAN
Local Area Network
LCP
Link Control Protocol
LLC
Logical Link Control
LSA
Link State Advertisement
LSW (RSTP)
LAN switching infrastructure that supports the Rapid Spanning Tree Protocol (RSTP) according to the
IEEE802.1D-2004 standard.
Release 10.0
August 2017
136 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Glossary
M
MAC
Media Access Control
MAN
Metropolitan Area Network
MCN (Management Communication Network)
According to the RFC 5951, a DCN supporting management plane communication is referred to as a
Management Communication Network (MCN).
MD5 (Message Digest 5)
Message Digest 5 is an algorithm that is used to verify data integrity, intended to be used with digital
signature applications.
MLN (Multi-Layer Network)
According to the IETF RFC 5212, a multi-layer network (MLN) is a traffic engineering domain comprising
multiple data plane switching layers that are controlled by a single GMPLS control plane instance.
MP
Management plane
MRN (Multi-Region Network)
A multi-region network (MRN) is defined as a traffic engineering domain supporting at least two different
switching types, either hosted on the same device or on different ones and under the control of a single
GMPLS control plane instance.
MTNM
Multi-Technology Network Management
MTU
Maximum Transmission Unit
N
NE
Network Element
NETIF
Network Interface
NM
Network Management
NMS
Network Management System
A network management system provides unified end-to-end network management and operational
support for all network element products in the Nokia Optics portfolio. It provides a common management
platform for end-to-end operations, including service provisioning over multi-technology optical
infrastructures (SDH/SONET, Carrier Ethernet, WDM, ROADM) and OSS/BSS (Operations Support
Systems/Business Support Systems) integration.
NOC
Network Operations Center
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 137
Glossary Nokia 1830 PSS
NTP
Network Time Protocol
O
OADM
Optical Add/Drop Multiplexer; variations include Fixed OADM (FOADM), Reconfigurable ROADM
(ROADM), and Tunable OADM (TOADM)
OAMP
Operations, Administration, Maintenance and Provisioning
OCh
Optical Channel
ODU
Optical Channel Data Unit
OOB
Out-of-band
OPU
Optical Channel Payload Unit
OSC
Optical Supervisory Channel
OSI
Open System Interconnection
OSPF
Open Shortest Path First
OT
Optical Transponder
OTU
Optical Channel Transport Unit
P
ppm
parts-per-million, 10−6
PPP
Point-to-Point Protocol
PPS
Pulse per second signal as defined by the IEEE 1588 Precision Time Protocol (PTP)
PTP
Precision Time Protocol
R
RFC
Request for Comments; see also “IETF” (p. 135)
Release 10.0
August 2017
138 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS Glossary
RMI
Remote Method Invocation
RNE
Remote Network Element (not a GNE)
ROADM
Reconfigurable Optical Add/Drop Multiplexer
RSA
A cryptographic algorithm for public-key encryption, named after Ron Rivest, Adi Shamir and Leonard
Adleman who developed the algorithm.
RSTP
Rapid Spanning Tree Protocol
RSVP
Reservation Protocol
S
SCN (Signaling Communication Network)
According to the RFC 5951, a DCN supporting control plane communication is referred to as a Signaling
Communication Network (SCN).
SCP
Secure Copy
Secure Hash Algorithm 1 (SHA-1)
A specific type of cryptographic hash function.
Secure Shell (SSH)
Secure Shell (SSH) is a network protocol that allows data to be exchanged using a secure channel
between two network devices.
Secure Shell File Transfer Protocol (SFTP)
SFTP is used for secure access to manage and download/upload files.
According to the IETF (see also “IETF” (p. 135)), the Secure Shell File Transfer Protocol provides secure
file transfer functionality over any reliable, bidirectional octect stream. It is the standard file transfer
protocol for use with the SSH2 protocol (SSH v2).
SFTP is also known as “SSH File Transfer Protocol”, “Secret File Transfer Protocol”, or “Secure FTP”.
SHA-1
See “Secure Hash Algorithm 1” (p. 139).
SHFPNL
Shelf panel
SNMP
Simple Network Management Protocol
SSL
Secure Sockets Layer
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 139
Glossary Nokia 1830 PSS
TCP
Transmission Control Protocol
TCP/IP
Transmission Control Protocol/Internet Protocol
TL1
Transaction Language 1
TOADM
Tunable Optical Add/Drop Multiplexer
ToD
Time of Day
TTL
Time To Live
U
UDP
User Datagram Protocol
USB
Universal Serial Bus
USRPNL
User panel
V
VOIP
Voice over IP
W
WDM
Wavelength Division Multiplexing
Release 10.0
August 2017
140 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS
Index
OSPF cost metrics 50
A G
OSPF multi-area support for
Access control list (ACL) 107 Gateway NE (GNE) 50, 52, 52, 54, 56 OSC/GCC 49
ACL auto-configuration principle 112 Generic Communication Channel
ACL filter 111 (GCC) 24
R
ANSSI QS mode 124 GMRE management address 129
Remote NE (RNE) 50, 52, 58, 59, 60
Area border router (ABR) 20 GMRE node address 129
Autonomous System boundary router GMRE notify address 129 S
(ASBR) 20 Shelf Panel
I PSS-8 38
B Internal router (IR) 20 Single-site/multi-node clusters 61
Backbone router (BR) 20 Internet Protocol (IP) 19 SLAAC
Internet Protocol version 6 (IPv6) 26 See: Stateless Address
Autoconfiguration
C IP access control list (IP ACL) 107
SNMP security options 125
Central clock and controller card IP access control lists (IP ACL) 107
Stateless Address Autoconfiguration
(CCC) IP ACL 107 (SLAAC) 28
front view 0
IP tunnel termination endpoints 129
Central Clock and Controller (CCC)
card 39 IPv6 T
See: Internet Protocol version 6
Cluster DCN 61 TCP/IP protocol stack 25
(IPv6)
Craft terminal 35 TCP/IP support 25
L
D U
LAN-PPP 111
Duplex mode 32 UI modes 112
Link speed 32
Uplink card management 53
Locked Secure Appliance mode 124
E User Panel (USRPNL)
Loopback IP address (LOOPBKIP) PSS-16II 36
E1/E2 LAN interfaces 35 129
PSS-16/PSS-32 33
Embedded Communication Channel PSS-8 38
(ECC) 24 M User service interfaces 33, 48
Encrypted mode 112 Multi Function Card (MFC24X) 46
Equipment Controller V
PSS-16II 44
N VOIP LAN interface 35
Equipment controller
PSS-16/PSS-32 42 NE firewall 107
PSS-4 45 Network layer 18
Equipment Controller Normal mode 112
PSS-8 45
Extension subrack connection 35 O
OAMP LAN interface 35
F OAMP LAN port redundancy 53, 55, 60
FIPS mode 112 Open Shortest Path First (OSPF) 20
front views OSPF topology 20
Central clock and controller card Optical Supervisory Channel (OSC)
(CCC) 0 24
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 141
Nokia 1830 PSS
Release 10.0
August 2017
142 3KC-69646-KAAA-TPZZA Issue 1