3KC69646KAAATPZZA - V1 - 1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide (Photonic Applications)

1830
Photonic Service Switch (PSS)

Release 10.0
DCN Planning and Engineering

Guide (Photonic applications)
3KC-69646-KAAA-TPZZA
Issue 1
August 2017
Nokia 1830 PSS
Legal notice
Nokia is a registered trademark of Nokia Corporation. Other products and company names mentioned herein may be trademarks or
tradenames of their respective owners.
The information presented is subject to change without notice. No responsibility is assumed for inaccuracies contained herein.
© 2017 Nokia.
Conformance statement
Interference Information: Part 15 of FCC Rules
NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC
Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio frequency energy. If the equipment is not installed and
used in accordance with the guidelines in this document, the equipment may cause harmful interference to radio communications.
Operation of this equipment in a residential area is likely to cause harmful interference, in which case the user will be required to correct the
interference at the expense of the user.
Security Statement
In rare instances, unauthorized individuals make connections to the telecommunications network through the use of remote access
features. In such an event, applicable tariffs require that the customer pay all network charges for traffic. Nokia cannot be responsible for
such charges and will not make any allowance or give any credit for charges that result from unauthorized access.
Limited Warranty
For terms and conditions of sale, contact your Nokia Account Team.
Release 10.0
August 2017
2 3KC-69646-KAAA-TPZZA Issue 1
Nokia 1830 PSS
Contents
About this document............................................................................................................................................9
1 Introduction ..................................................................................................................................................15
1.1 Overview ...........................................................................................................................................15
Basic aspects of network design ...............................................................................................................16
1.2 Network layers ..................................................................................................................................16
1.3 Physical layer ....................................................................................................................................17
1.4 Data Link layer ..................................................................................................................................17
1.5 Network layer ...................................................................................................................................18
1.6 Transport layer ..................................................................................................................................22
1.7 Application layer................................................................................................................................22
2 DCN planning ...............................................................................................................................................23

2.1 Overview ...........................................................................................................................................23
General..........................................................................................................................................................24
2.2 DCN concepts ...................................................................................................................................24
2.3 User service interfaces......................................................................................................................33
2.4 OSPF multi-area support for OSC/GCC ...........................................................................................49
2.5 DCN interconnections between photonic and switching NEs ...........................................................50
2.6 Cluster DCN ......................................................................................................................................61
MCN and SCN aspects.................................................................................................................................68
2.7 Overview ...........................................................................................................................................68
2.8 Management DCN aspects ...............................................................................................................68
2.9 Signaling DCN aspects .....................................................................................................................77
Network topology concept and dimensioning ..........................................................................................78
2.10 The 1830 PSS management network ...............................................................................................78
2.11 Basic network topologies ..................................................................................................................80
Address planning.........................................................................................................................................83
2.12 Network IP architecture .....................................................................................................................83
Engineering guidelines................................................................................................................................90
2.13 Summary of important rules and guidelines......................................................................................90
3 DCN configuration .......................................................................................................................................95

3.1 Overview ...........................................................................................................................................95
Physical configuration.................................................................................................................................96
3.2 Configure physical properties of interfaces .......................................................................................96
Release 10.0
August 2017
Issue 1 3KC-69646-KAAA-TPZZA 3
Nokia 1830 PSS
IP network configuration .............................................................................................................................98

3.3 DCN configuration overview..............................................................................................................98
3.4 Configure IP addresses and TCP/IP parameters ..............................................................................98
3.5 Configure OSPF parameters...........................................................................................................100
3.6 Create an OSPF area .....................................................................................................................103
3.7 Create static routes .........................................................................................................................105
Time management......................................................................................................................................106
3.8 Network Time Protocol (NTP) .........................................................................................................106
Security .......................................................................................................................................................107
3.9 NE firewall with provisionable IP access control lists (IP ACL) .......................................................107
3.10 RADIUS for user authentication ......................................................................................................118
3.11 Secure/unsecure mode ...................................................................................................................118
3.12 IPSec tunnel....................................................................................................................................121
3.13 Syslog server ..................................................................................................................................123
3.14 Advice on security hardening on the 1830 PSS .............................................................................123
3.15 Locked Secure Appliance mode (ANSSI QS mode) .......................................................................124
Software Server NE (SWNE)......................................................................................................................127
3.16 SWNE functionality .........................................................................................................................127
4 GMPLS Routing Engine (GMRE)...............................................................................................................129

4.1 Overview .........................................................................................................................................129
4.2 Specific considerations regarding the GMPLS Routing Engine (GMRE)........................................129
5 Supervision and troubleshooting ............................................................................................................131

5.1 Overview .........................................................................................................................................131
5.2 Monitoring, diagnosis and troubleshooting of abnormal situations .................................................131
Glossary ............................................................................................................................................................133
Index ..................................................................................................................................................................141
Release 10.0
August 2017
Nokia 1830 PSS
List of tables
Table 1 Information products related to 1830 PSS..........................................................................................11
Table 2 Network layers in TCP/IP model and ISO/OSI reference model ........................................................17
Table 3 TCP/IP protocol stack.........................................................................................................................26
Table 4 IPv6 capabilities of user service interfaces ........................................................................................29
Table 5 Shelf and card support for user service interfaces .............................................................................33
Table 6 DCN-related external interfaces (USRPNL) .......................................................................................35
Table 7 User Panel interfaces .........................................................................................................................38
Table 8 Shelf Panel interfaces ........................................................................................................................39
Table 9 User service interfaces.......................................................................................................................48
Table 10 Functionalities of user service interfaces ...........................................................................................49
Table 11 OSPF cost metrics .............................................................................................................................50
Table 12 Organization of the networks..............................................................................................................85
Table 13 Default behavior of DCN-related interfaces........................................................................................88
Table 14 Engineering rules and guidelines .......................................................................................................90
Table 15 Required buffering and table sizes ....................................................................................................92
Table 16 Management flows and ports on the GNE (Normal mode)...............................................................113
Table 17 Management flows and ports on the GNE (Encrypted mode) .........................................................115
Table 18 Port and Direction for filters delivered with the system.....................................................................117
Table 19 Parameters of the SET-ATTR-SECUDFLT command ......................................................................123
Release 10.0
August 2017
Nokia 1830 PSS
List of figures
Figure 1 ISO/OSI network architecture ..............................................................................................................16
Figure 2 Typical interconnection of OSPF areas ...............................................................................................21
Figure 3 Customer LAN port on LD cards..........................................................................................................31
Figure 4 1830 PSS-32 User Panel faceplate .....................................................................................................34
Figure 5 1830 PSS-16 User Panel faceplate .....................................................................................................35
Figure 6 1830 PSS-16II User Panel faceplate ...................................................................................................37
Figure 7 1830 PSS-8 User Panel faceplate ......................................................................................................38
Figure 8 1830 PSS-8 Shelf Panel faceplate .....................................................................................................39
Figure 9 CCC front view.....................................................................................................................................41
Figure 10 1830 PSS-16 and 1830 PSS-32 EC faceplate ..................................................................................43
Figure 11 1830 PSS-16II EC faceplate ..............................................................................................................44
Figure 12 Front view of the 1830 PSS-8 EC .....................................................................................................45
Figure 13 1830 PSS-4 EC faceplate ..................................................................................................................46
Figure 14 Front panel of the 1830 PSI-2T .........................................................................................................47
Figure 15 CIT and LAN ports of the 1830 PSI-2T ..............................................................................................47
Figure 16 Schematic diagrams of 1830 PSS system compounds .....................................................................51
Figure 17 Management DCN connection of a photonic compound GNE ..........................................................52
Figure 18 Management DCN connection of a converged system (GNE connection option 1) ..........................53
Figure 21 Management DCN connection of a converged system RNE with partial LAN connectivity ...............58
Figure 22 Management DCN connection of a converged system RNE with full LAN connectivity ....................60
Figure 23 Example of a Cluster setup (Example 1) ...........................................................................................62
Figure 24 Example of a Cluster setup (Example 2) ...........................................................................................63
Figure 25 Example of a Cluster setup with a TOR switch..................................................................................67
Figure 26 Basic GNE DCN setup (photonic application) ..................................................................................69
Figure 27 Basic RNE DCN setup (photonic application) ...................................................................................71
Figure 28 OSPF peering model (photonic application) .....................................................................................72
Figure 29 OSPF non-peering model via proxy ARP (photonic application) .......................................................74
Figure 30 Network management overview ........................................................................................................78
Figure 31 IP addressing scheme (nodes sharing a common sub-network) .......................................................79
Release 10.0
August 2017
Nokia 1830 PSS
Figure 32 Linear architecture .............................................................................................................................80

Figure 33 Ring architecture................................................................................................................................81
Figure 34 Meshed architecture ..........................................................................................................................81
Figure 35 IP architecture overview.....................................................................................................................83
Figure 36 1830 PSS network and ACL perimeter ...........................................................................................108
Figure 37 IP interfaces on a PSS-32 with ACL perimeter on external interfaces .............................................109
Figure 38 IPSec tunneling................................................................................................................................122
Figure 39 Usage of SWNEs in a WDM network ..............................................................................................128
Release 10.0
August 2017
Nokia 1830 PSS
List of procedures
3.2 Configure physical properties of interfaces..............................................................................................96
3.4 Configure IP addresses and TCP/IP parameters.....................................................................................98
3.5 Configure OSPF parameters .................................................................................................................100
3.6 Create an OSPF area ............................................................................................................................103
3.7 Create static routes................................................................................................................................105
Release 10.0
August 2017
Nokia 1830 PSS
About this document

Purpose
This document provides information for the planning and configuration of a Data Communication
Network (DCN) for photonic applications of the 1830 Photonic Service Switch (PSS), Release 10.0.
What's new
Changes in Release 10.0:
Change Location
Support of Internet Protocol version 6 2.2.5 “IPv6 support” (p. 26)
(IPv6)
OSPF multi-area support for OSC/GCC 2.4 “OSPF multi-area support for OSC/GCC” (p. 49)
IP Access Control Lists (ACL) 3.9 “NE firewall with provisionable IP access control
lists (IP ACL)” (p. 107)
Intended audience
The primary audience for the present document is personnel who work with the 1830 PSS system,
that is:
• Network operation and maintenance specialists,
• System administrators,
• Engineers with responsibility for network planning, design, configuration, or optimization.
Supported systems
This document applies to photonic applications of the 1830 Photonic Service Switch (PSS),
Release 10.0, that is to 1830 PSS-4, 1830 PSS-8, 1830 PSS-16, 1830 PSS-16II, 1830 PSS-24x,
and 1830 PSS-32 systems.
Note:
• The terms “photonic applications” and “WDM applications” are used synonymously throughout
this document.
• The terms “system” and “NE” (Network Element) in the context of this document refer to the
photonic compound of an 1830 PSS Release 10.0 node only. The terms “photonic compound”
and “photonic node” are used synonymously.
• The term “main shelf” (alternatively “master shelf”) in the context of this document refers to the
main shelf of the photonic compound of an 1830 PSS Release 10.0 node only. Each 1830 PSS
shelf has a shelf identifier that can be configured by means of two rotary dials on each shelf. The
shelf ID determines the identity and role (main or extension shelf) of each universal shelf; see
also the 1830 PSS Product Information and Planning Guide, section “WDM shelf overview”.
Release 10.0
August 2017
Nokia 1830 PSS
1830 PSS system concept

Please note that 1830 PSS systems support both switching as well as photonic applications, either
as separate switching or photonic compounds or as a converged system within a single node. Note
furthermore that two distinct DCN Planning and Engineering Guides exist, one document for each
application; see also “Related information” (p. 11).
Important!In case you want to plan and configure a DCN for a converged system, or if you want to extend a
single-compound node to a converged system in a future configuration, please take both documents into
consideration.
Interconnection of switching and photonic compounds

From a DCN perspective, switching and photonic compounds can be interconnected by placing
both into the same OAMP LAN subnet.
Conventions used
These conventions are used in this document:
Numbering
The chapters of this document are numbered consecutively. The page numbering restarts at “1” in
each chapter. To facilitate identifying pages in different chapters, the page numbers are prefixed
with the chapter number. For example, page 2-3 is the third page in chapter 2.
Cross-references
Cross-reference conventions are identical with the conventions used for page numbering The first
number in a reference to a particular page refers to the corresponding chapter.
Keyword blocks
This document contains so-called keyword blocks to facilitate the location of specific text passages.
The keyword blocks are placed to the left of the main text and indicate the contents of a paragraph
or group of paragraphs.
Typographical conventions
Special typographical conventions apply to elements of the graphical user interface (GUI), file
names and system path information, keyboard entries, alarm messages, and so on:
• Text appearing on a graphical user interface (GUI), such as menu options, window titles or push
buttons:
− Provision…, Delete, Apply, Close, OK (push-button)
− Provision Timing/Sync (window title)
− Administration → Security → User Provisioning… (path for invoking a window)
• File names and system path information:
− setup.exe
Release 10.0
August 2017
Nokia 1830 PSS
− C:\Program Files\
• Keyboard entries:
− F1, Esc X, Alt-F, Ctrl-D, Ctrl-Alt-Del (simple keyboard entries)
A hyphen between two keys means that you have to press both keys. Otherwise, you have to
press a single key, or a number of keys in sequence.
− copy abc xyz (command)
A complete command that you enter.
• Alarms and error messages:
− Loss of Signal
− HP-UNEQ, MS-AIS, LOS, LOF
Abbreviations
Abbreviations used in this document can be found in the “Glossary” unless it can be assumed that
the reader is familiar with the abbreviation.
Related information
Table 1 Information products related to 1830 PSS
Document title Document code
1830 Photonic Service Switch (PSS) Release 10.0 Safety Guide 3KC-69646-KAAA-TAZZQ
Provides users of 1830 PSS with the relevant information and safety guidelines to protect
against personal injury. Furthermore, the Safety Guide is useful to prevent material damage to
the equipment. The Safety Guide must be read by the responsible technical personnel before
performing relevant work on the system. The valid version of the document must always be
kept close to the equipment.
1830 Photonic Service Switch (PSS) Release 10.0 Portable Provisioning Tool (PPT) User 3KC-69646-KAAA-TBZZA
Guide
Provides instructions for use and describes the features of the 1830 Portable Provisioning Tool.
1830 Photonic Service Switch 4 (PSS-4) Release 10.0 User Provisioning Guide 3KC-13563-KAAA-TCZZA
Provides step-by-step information for use in daily system operations for 1830 PSS-4. The
manual demonstrates how to perform system provisioning, operations, and administrative
tasks.
1830 Photonic Service Switch (PSS) Release 10.0 User Provisioning Guide 3KC-69646-KAAA-TCZZA
Provides step-by-step information for use in daily system operations. The manual
demonstrates how to perform system provisioning, operations, and administrative tasks.
1830 Photonic Service Switch 24x (PSS-24x) Release 10.0 User Provisioning Guide 3KC-69646-KAAA-SCZZA
Provides step-by-step information for use in daily system operations for 1830 PSS-24x. The
manual demonstrates how to perform system provisioning, operations, and administrative
tasks.
1830 Photonic Service Switch (PSS) Release 10.0 Engineering and Planning Tool User Guide 3KC-69646-KAAA-TEZZA
Provides step-by-step information for use in daily system operations for the EPT. The manual
demonstrates how to perform system provisioning, operations, and commissioning tasks.
Release 10.0
August 2017
Nokia 1830 PSS
Table 1 Information products related to 1830 PSS (continued)
1830 Photonic Service Switch (PSS) Release 10.0 TL1 Commands and Messages Guide 3KC-69646-KAAA-TFZZA
(Switching Applications)
Describes the external TL1 interface for 1830 PSS-36/64 in terms of TL1 command,
responses, and notification definitions.
1830 Photonic Service Switch (PSS) Release 10.0 TL1 Commands and Messages Guide 3KC-69646-KAAA-TGZZA
(Photonic Applications)
Describes the external TL1 interface for 1830 PSS-4, 1830 PSS-8, 1830 PSS-16II,
1830 PSS-16/32, and 1830 PSS-24x.
1830 Photonic Service Switch (PSS) Release 10.0 Command Line Interface Guide 3KC-69646-KAAA-THZZA
Provides information about the Command Line Interface (CLI) for 1830 PSS-4, 1830 PSS-8,
1830 PSS-16II, 1830 PSS-16/32, and 1830 PSS-24x.
1830 Photonic Service Switch (PSS) Release 10.0 Command Line Interface Guide (OCS 3KC-69646-KAAA-SHZZA
Packet Applications)
Provides information about the Command Line Interface (CLI) for 1830 PSS-36/64.
1830 Photonic Service Switch 4 (PSS-4) Release 10.0 Installation and System Turn-up Guide 3KC-13563-KAAA-TJZZA
A step-by-step guide to install and turn-up 1830 PSS-4. It also includes information needed for
pre-installation site planning and post-installation acceptance testing.
1830 Photonic Service Switch 8 (PSS-8) Release 10.0 Installation and System Turn-up Guide 3KC-69646-KAAA-SLZZA
A step-by-step guide to install and turn-up 1830 PSS-8. It also includes information needed for
pre-installation site planning and post-installation acceptance testing.
1830 Photonic Service Switch 16II (PSS-16II) Release 10.0 Installation and System Turn-up 3KC-69646-KAAA-SMZZA
Guide
A step-by-step guide to install and turn-up 1830 PSS-16II. It also includes information needed
for pre-installation site planning and post-installation acceptance testing.
1830 Photonic Service Switch 16/32 (1830 PSS-16/32) Release 10.0 Installation and System 3KC-69646-KAAA-TJZZA
Turn-up Guide
A step-by-step guide to install and turn-up 1830 PSS-16/32. It also includes information needed
1830 Photonic Service Switch 36 (PSS-36) Release 10.0 Installation and System Turn-up 3KC-69646-KAAA-TKZZA
Guide
A step-by-step guide to install and turn-up 1830 PSS-36. It also includes information needed
1830 Photonic Service Switch 64 (PSS-64) Release 10.0 Installation and System Turn-up 3KC-69646-KAAA-TLZZA
Guide
A step-by-step guide to install and turn-up 1830 PSS-64. It also includes information needed
1830 Photonic Service Switch (PSS) Release 10.0 Maintenance and Trouble-Clearing Guide 3KC-69646-KAAA-TMZZA
Provides detailed information about possible alarm messages for 1830 PSS. It also provides
procedures for routine maintenance, troubleshooting, diagnostics, and component
replacement.
1830 Photonic Service Switch (PSS) Release 10.0 Quick Reference Guide 3KC-69646-KAAA-TNZZA
Provides users of 1830 PSS a streamlined, easy-to-use navigation aid to facilitate the use of
the system.
Release 10.0
August 2017
Nokia 1830 PSS
Table 1 Information products related to 1830 PSS (continued)
1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide 3KC-69646-KAAA-TPZZA
(Photonics Applications)
Provides information for the planning and configuration of a Data Communication Network
(DCN) for photonic applications, that is for 1830 PSS-4, 1830 PSS-8, 1830 PSS-16II,
1830 PSS-16/32, and 1830 PSS-24x.
1830 Photonic Service Switch 4 (PSS-4) Release 10.0 Product Information and Planning 3KC-13563-KAAA-TQZZA
Guide
Presents a detailed overview of 1830 PSS-4, describes its applications, gives planning
requirements, engineering rules, ordering information, and technical specifications.
1830 Photonic Service Switch (PSS) Release 10.0 Product Information and Planning Guide 3KC-69646-KAAA-TQZZA
Presents a detailed overview of 1830 PSS-8, 1830 PSS-16II, 1830 PSS-16/32, and
1830 PSS-36/64 describes its applications, gives planning requirements, engineering rules,
ordering information, and technical specifications.
1830 Photonic Service Switch 24x (PSS-24x) Release 10.0 Product Information and Planning 3KC-69646-KAAA-SQZZA
Guide
Presents a detailed overview of 1830 PSS-24x, describes its applications, gives planning
requirements, engineering rules, ordering information, and technical specifications.
1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide 3KC-69646-KAAA-TRZZA
(Switching Applications)
Provides information for the planning and configuration of a Data Communication Network
(DCN) for switching applications, that is for 1830 PSS-36 and 1830 PSS-64 systems (OCS).
1830 Photonic Service Switch (PSS) Release 10.0 GMPLS/GMRE Guide 3KC-69646-KAAA-TWZZA
Contains information about the GMPLS Routing Engine (GMRE) of the 1830 PSS; it provides a
high-level functional overview of the GMRE and describes the steps to plan and set up a
GMRE-controlled network.
1830 Photonic Service Switch (PSS) Release 10.0 Electronic Documentation Library 3KC-69646-KAAA-TZZZA
Contains all documents related to 1830 PSS in multiple electronic formats: epub, mobi, html,
and pdf.
Technical support
For technical support, contact your local customer support team. See the Support web site
(https://networks.nokia.com/support/) for contact information.
How to comment
To comment on this document, go to the Online Comment Form (http://infodoc.alcatel-lucent.com/
comments/) or e-mail your comments to the Comments Hotline (mailto:comments@nokia.com).
Release 10.0
August 2017
Nokia 1830 PSS
Release 10.0
August 2017
Nokia 1830 PSS Introduction
1 Introduction
1.1 Overview
1.1.1 Purpose
The present section provides some theoretical background information relating to the basic network
design principles; the main focus is on TCP/IP-based communication.
1.1.2 Contents
1.1 Overview 15
Basic aspects of network design 16
1.2 Network layers 16
1.3 Physical layer 17
1.4 Data Link layer 17
1.5 Network layer 18
1.6 Transport layer 22
1.7 Application layer 22
Release 10.0
August 2017
Network layers Nokia 1830 PSS
Basic aspects of network design
1.2 Network layers

1.2.1 Network architecture
The network architecture is in general described by means of the ISO/OSI reference model, which
defines seven “layers”, as shown in the following figure:
Figure 1 ISO/OSI network architecture
End host End host
Application layer Application layer

(Data) (Data)
Presentation layer Presentation layer

(Data) (Data)
Session layer Session layer

(Data) (Data)
Transport layer Transport layer

(Segment) (Segment)
One or more intermediate network elements
Network layer Network layer Network layer Network layer

(Packet) (Packet) (Packet) (Packet)
Data Link layer Data Link layer Data Link layer Data Link layer
(Frame) (Frame) (Frame) (Frame)
Physical layer Physical layer Physical layer Physical layer

(Bit) (Bit) (Bit) (Bit)
Release 10.0
August 2017
Nokia 1830 PSS Physical layer
A “layer” is a collection of conceptually similar functions that provide services to the layer above it
and receives service from the layer below it.
The Physical layer just transports bits, whereas the Data Link layer handles structured frames. The
Network layer has to route/forward packets from the sender NE along some intermediate NEs
towards the destination NE. This service is on behalf of the Transport layer which is handling
segments as pieces of data exchanged by the actual applications.
Note: The ISO/OSI reference model defines explicit Session and Presentation layers whereas
the TCP/IP model summarizes the layers above the Transport layer to a single Application
layer.
Table 2 Network layers in TCP/IP model and ISO/OSI reference model
TCP/IP model ISO/OSI reference model

Application layer
Application layer Presentation layer
Session layer
Transport layer Transport layer
Network layer Network layer
Data Link layer Data Link layer
Physical layer Physical layer
1.3 Physical layer

1.3.1
The physical layer is the lowest layer in the ISO/OSI network architecture, it deals with the basic
transmission characteristics of the hardware. In particular, it defines the relationship between a
device and a physical medium in terms of media, signal, and binary transmission.
The major functions and services performed by the physical layer are the establishment and
termination of a connection to the communication medium – including the conversion between the
digital representation of data and the corresponding signal transmitted over the communication
channel.
1.4 Data Link layer

1.4.1 Introduction
The Data Link layer provides means to transfer data frames between adjacent network elements. In
addition it may be able to detect and possibly correct errors occurred at the Physical Layer.
The Data Link layer may operate on point-to-point media (PPP) or on broadcast-capable
multiaccess media (Ethernet LAN).
Release 10.0
August 2017
Network layer Nokia 1830 PSS
1.4.2 Point-to-Point protocol (PPP)

The Point-to-Point protocol (PPP) is a full duplex, bit-synchronous data link protocol commonly
used to establish a direct connection between two NEs. In addition to the basic functionality it can
optionally provide connection authentication, transmission encryption, and compression.
The PPP is conformant to RFC 1661 (LCP), RFC 1662 (PPP in HDLC-like framing), and RFC 1332
(Internet Protocol Control Protocol, IPCP).
Connectivity
LCP (Link Control Protocol) - as a part of PPP - provides automatic consistent configuration of the
interfaces in terms of:
• Setting the maximum frame size, Maximum Transmission/Receive Unit (MTU/MRU) - by default
1500 octets. Frames less than 4 octets are silently discarded.
• Escaped characters.
• Options like magic number (for loop detection), authentication.
The LCP is specified by the same RFC 1661 as the PPP, and runs on top of the PPP. Therefore, a
basic PPP connection has to be established before LCP is able to configure it.
The PPP permits multiple network layer protocols to operate on the same communication link. For
every network layer protocol used, a separate Network Control Protocol (NCP) is provided in order
to encapsulate and negotiate options for the multiple network layer protocols. The Internet Protocol
(IP), for example, uses the IP Control Protocol (IPCP).
1.4.3 Ethernet
The Ethernet protocol is based on the following sub-layers:

• Media Access Control (MAC) which manages the interaction of devices with the shared medium.
• Logical Link Control (LLC) which deals with addressing and multiplexing.
Connectivity
MAC address is a 6-byte identifier with specific ranges per equipment supplier. Some systems may
allow reassignment of the MAC addresses; if this is the case take care on uniqueness. Network
elements may support different rates, 10 Mb/s, 100 Mb/s, 1 Gb/s for example, which are to be
configured and/or aligned by auto-sensing and auto-negotiation according to IEEE 802.3.
ARP must be available in the IP context and used to resolve IP to MAC address translation.
1.5 Network layer

1.5.1 Introduction
The Network layer handles packet routing among the network nodes.
The Network layer is handled by two components:

• Protocol for forwarding the packets
Release 10.0
August 2017
Nokia 1830 PSS Network layer
• Routing protocol for updating the routing/forwarding tables

In the TCP/IP environment, the protocol for forwarding the packets is IP, and the routing protocol
used on 1830 PSS is OSPF (Open Shortest Path First).
1.5.2 Internet Protocol (IP)

The Internet Protocol (IP) is a connectionless protocol used for communicating data across a
packet-switched network using the Internet Protocol Suite, also referred to as TCP/IP. It has the
task to deliver distinguished protocol datagrams (packets) from the source host to the destination
host solely based on their addresses.
ICMP and ARP are needed as supporting protocols:

• ICMP messages are typically generated in response to errors in IP datagrams, or for diagnostic
or routing purposes.
• ARP is a protocol that allows dynamic distribution of the information needed to translate a local
IP address into a 48-bit Ethernet address. The scope of the ARP protocol is limited to a single
subnet. Prior to message exchange, it may be necessary to obtain the MAC address for the
next-hop IP address, so ARP must be available and enabled.
1.5.3 Connectivity
In order to provide connectivity, it is essential to guarantee uniqueness of the IP addresses
assigned to the NE. In addition to a unique IP address, it is necessary to configure for each
numbered interface of an NE a sub-network mask (short: netmask). A netmask other than /32 (in
CIDR notation) has to be used on broadcast layer 2 networks, where multiple hosts can be reached
via a single network interface. All these hosts have to be in the same subnet, as defined by the
address and netmask. Note that routing problems will occur, if the hosts in one subnet are not all
connected to a common layer 2 network. On point-to-point networks, a /32 netmask can be used,
as there can be only one host behind the network interface, and hence only the interface Id is
needed for forwarding.
Since 1830 PSS rel. 9.0 also RFC3021 is supported (Using 31-Bit prefixes on IPv4 Point-to-Point
links)
In general the subnetworks may be determined by physical or administrative facts at the customer
site.
If it is possible to influence the distribution of NEs over different subnetworks, the following aspects
must be considered:
• Physical distribution
• Configuration constraints (scalability) of the routing domain:
− Convergence time after route changes.
− End to end forwarding performance influenced by routing performance and by path length.
The path length is particularly related to the connectivity, since the Time To Live (TTL) is
expressed in number of hops traversed and is set in accordance to the expected length.
• Gateway NEs have to handle additional message exchange.
Release 10.0
August 2017
Network layer Nokia 1830 PSS
In order to avoid bottlenecks, it is necessary to allocate corresponding bandwidth and processing

power to the gateways. Often it is not clear in advance how much traffic will be going through.
Therefore, it is a good idea to observe the load of the gateway as well as the bandwidth
thresholds per interface.
1.5.4 Open Shortest Path First (OSPF)

OSPF is a link-state routing protocol used in the IP environment.
Connectivity
OSPF behavior must be conformant with RFC 2328 - Open Shortest Path First (OSPF) version 2,
April 1998.
OSPF allows hierarchical routing by splitting a routing domain (Autonomous System, AS) in areas,
which may improve performance. Connectivity between different areas is managed by routers.
Routers can participate with their interfaces in multiple areas, assuming the Area Border Router
(ABR) role. Each area must be connected to the backbone area (0.0.0.0), either directly or by a
virtual link . A typical OSPF topology is shown in Figure 2, “Typical interconnection of OSPF areas”
(p. 21). Connectivity to external areas is possible via an Autonomous System Boundary Router
(ASBR).
OSPF topology
The logical topology created by OSPF is a backbone area (area 0) through which all inter-area
traffic must pass. Around this backbone area, spider web or star topologies of many directly
attached areas can be created. Areas are delineated on the interface, so that an Area Border
Router (ABR) is always part of at least two areas.
The following figure shows the backbone with one Backbone Router (BR) and two ABRs:
• ABR1 has an interface configured for the area 1. Area 1 contains an Autonomous System
Boundary Router (ASBR) which is connected to a non OSPF area.
• ABR2 has one interface configured for the area 2, and one interface configured for the area 3;
area 2 and area 3 each contain some Internal Routers (IR).
Release 10.0
August 2017
Nokia 1830 PSS Network layer
Figure 2 Typical interconnection of OSPF areas
IR
ASBR Non OSPF area
Area 1
ABR 1
Backbone area (area 0) BR
ABR 2
IR Area 2 Area 3
IR
IR IR
IR IR
Legend:
ABR Area border router
ABRs are located at the border of the backbone area; they have connections
to two or more areas and have information about each area they belong to.
ASBR Autonomous System (AS) boundary router
ASBRs are located at the boundary of an AS; they are capable of importing
external information into the local area.
BR Backbone router
BRs are located inside the backbone area (area 0); they have information
about the backbone area topology and about destinations that are reachable
outside the backbone.
IR Internal router
IRs are located inside a non-backbone area; they have neighbors only in the
same area and have information only about that area.
Release 10.0
August 2017
Transport layer Nokia 1830 PSS
1.6 Transport layer

1.6.1 Overview
The Transport layer provides end-to-end communication services for the Application layer.
The most commonly known Transport layer protocols are the Transmission Control Protocol (TCP)
and the User Datagram Protocol (UDP).
1.6.2 TCP, UDP

TCP and UDP are end-to-end protocols that provide logical channels on behalf of the application
programs. Both are based on the underlying IP routing protocol.
TCP is a connection-oriented protocol with a three-way handshake mechanism. Regular data
exchange starts after connection setup.
UDP is a connectionless protocol, message exchange starts immediately, without a preliminary
setup phase.
Connectivity
In addition to the source and destination IP addresses, source and destination port numbers are of
particular importance for the transport layer addressing. They are part of the protocol header, and
are used to identify the sending and receiving application of the messages.
The combination of source and destination IP addresses with the source and destination port
numbers are also referred to as “socket”.
1.7 Application layer

1.7.1 MCN and SCN
The purpose of any DCN is to exchange information on behalf of the applications supporting one of
the following:
• Management Communication Network (MCN) functionality:
Exchange of management commands with the corresponding responses, spontaneous
notifications, file transfer.
• Signaling Communication Network (SCN) functionality:
Exchange of signaling messages. The signaling protocol of choice is the Reservation Protocol
(RSVP).
See ITU-T G.7712 for more details of MCN and SCN.
Release 10.0
August 2017
Nokia 1830 PSS DCN planning
2 DCN planning
2.1 Overview
2.1.1 Purpose
This section provides information on how to plan DCN for the use with 1830 PSS.
2.1.2 Contents
2.1 Overview 23
General 24
2.2 DCN concepts 24
2.3 User service interfaces 33
2.4 OSPF multi-area support for OSC/GCC 49
2.5 DCN interconnections between photonic and switching NEs 50
2.6 Cluster DCN 61
MCN and SCN aspects 68
2.7 Overview 68
2.8 Management DCN aspects 68
2.9 Signaling DCN aspects 77
Network topology concept and dimensioning 78
2.10 The 1830 PSS management network 78
2.11 Basic network topologies 80
Address planning 83
2.12 Network IP architecture 83
Engineering guidelines 90
2.13 Summary of important rules and guidelines 90
Release 10.0
August 2017
DCN concepts Nokia 1830 PSS
General
2.2 DCN concepts

2.2.1 Introduction
This section describes the data connectivity and protocols used in the DCN.
2.2.2 Major system design features

• The system supports TCP/IP, including OSPF routing support.
• The system does not support OSI-based communication.
• The system does not support a strict separation of Management Communication Network (MCN)
and Signaling Communication Network (SCN) IP traffic.
• The system does not support separate LAN interfaces for SCN traffic.
2.2.3 Embedded communication channels (ECCs)

Management information and control from the Operations System (OS), and control plane signaling
traffic between NEs is carried from one NE to the other over the internal 1830 PSS network via
embedded communication channels (ECCs).
ECCs can be the Optical Supervisory Channel (OSC), or Generic Communication Channels (GCC):
• OSCs are running on separate wavelength channels inside DWDM links, and are terminated on
line driver cards.
• GCCs are embedded in the overhead of the digital OTU and ODU signals (GCC0 for OTUk.
GCC1 and GCC2 for ODUk). GCCs are terminated either on OT cards or on PSS-24x client or
uplink cards.
The cards and the supported ECC terminations are described in the 1830 Photonic Service Switch
(PSS) Release 10.0 Command Line Interface Guide and in the 1830 Photonic Service Switch
(PSS) Release 10.0 TL1 Commands and Messages Guide (Photonic Applications), see Appendix
A: Reference tables - ECC slot ranges.
GCCs provide the following data transfer bandwidth:

• OTU1 GCC: 326.724 Kbit/s +-20ppm
• OTU2/ODU2 GCC: 1312.405 Kbit/s +-20ppm
• OTU2e/ODU2e GCC: 1359.770 Kbit/s +-20ppm
• OTU1f GCC: 1381.143 Kbit/s +-20ppm
• OTU4/ODU4 GCC: 13702.202 Kbit/s +-20ppm
Note: The listed bandwidth values are the physical bandwidth of the raw channels. The full
physical bandwidth cannot be used for user data due to various mechanisms inside the
protocol stack, which use part of the bandwidth for their own purposes (among these are:
HDLC framing and inter-frame gaps, layer 2 .. 7 protocol headers and trailers, routing protocol
messages).
Release 10.0
August 2017
Nokia 1830 PSS DCN concepts
OSCs are preferred (where available) due to their higher bandwidth compared to GCCs.
Communication via OSC tends to have a higher hop-count, compared to GCC, due to the OSC
termination and regeneration on each In Line Amplifier (ILA).
GCCs are used where OSC is not available. This is the case for:
• Communication to edge devices (1830 PSS-4, for example), which are attached via single-
wavelength links or CWDM links.
• Communication to OTN client NEs, connected via OT client ports
• Long spans, which do not provide appropriate OSC performance
• GCCs from PSS-24x are used to communicate with switching NEs (especially PSS-36 or PSS-
64).
There is a 1:1 association between a single GCC and a single Network Interface (NETIF).
Note: Only one GCC type (i.e. GCC0, GCC1, or GCC2) may be terminated on any one given
port instance, that is only one out of OTU-1-1-1 GCC0, OTUODU2-1-1-1 GCC1, or
OTUODU2-1-1-1 GCC2 can be terminated.
Interworking is supported between GCCs that are terminated on different types of cards or in
different types of shelf, as long as interworking is supported for the embedding OTU/ODU signals.
This includes GCC interworking between:

• classical WDM transponder cards (PSS-32/PSS-16) and SWDM cards (PSS-16II/PSS-8). This
requires standard packet format to be configured on the classical transponder cards.
• classical WDM transponder cards (PSS-32/PSS-16) and OTN cards (PSS-24x). This requires
standard packet format to be configured on the classical transponder cards.
• classical WDM transponder cards (PSS-32/PSS-16) and 1830 OCS cards (PSS-64/PSS-36).
This requires standard packet format to be configured on the classical transponder cards.
• SWDM cards (PSS-16II/PSS-8) and OTN cards (PSS-24x).
• SWDM cards (PSS-16II/PSS-8) and 1830 OCS cards (PSS-64/PSS-36).
• OTN cards (PSS-24x) and 1830 OCS cards (PSS-64/PSS-36).
2.2.4 TCP/IP support
TCP/IP is supported over:

• LAN interfaces
• Embedded Communication Channel (ECC)
• Optical Supervisory Channel (OSC)
Release 10.0
August 2017
The TCP/IP protocol stack supported for an IP-based DCN is shown in the following table.
Table 3 TCP/IP protocol stack
Layer Name Service/Protocol

7 Application raw terminal TL1, telnet TL1, telnet CLI, DHCP, FTP, LMP,
NTP, RADIUS, RSVP-TE (GMPLS signaling), SFTP, SNMP
6 Presentation
5 Session SSH, SSL
4 Transport TCP, UDP
3 Network IPv4, IPv6, ICMP, ARP, OSPF
2 Data Link PPP over HDLC (RFC 1662), IPCP (RFC 1332), LCP (RFC
1661), Ethernet
1 Physical LAN, ECC (OSC, GCC)
Important! The maximum NE SNMP packet size is 2047. The maximum NE MTU size that
can be set on any NE external communication interface (Ethernet, OSC, GCC) is 1500.
SNMP packets larger than the path MTU size will be fragmented. As a result customer DCN
routers should not be configured with any firewall that blocks fragmented packets.
2.2.5 IPv6 support

The 1830 PSS supports Internet Protocol version 6 (IPv6).
This specifically includes:

• All NE external LAN interfaces support IPv6.
This includes:
− OAMP
− CIT
− AUX-A/B
− VoIP
− E1, E2
− E1-A/B
• The loopback IP address supports IPv6.
• Inter-shelf communication (clustering) supports IPv6.
The following interfaces and services do not support IPv6:

• The secondary loopback and the GMRE loopback addresses do not support IPv6.
Release 10.0
August 2017
• Inter-NE communications (node-node) do not support IPv6.
All access and services via external interfaces support IPv6, along with IPv4. This specifically
includes the following user interfaces:
• CLI (via telnet or SSH) and performance-enhanced CLI over SSH (SSH/6022)
• Root Access (SSH/5122)
• TL1 (raw, telnet & SSH)
• SNMP, HTTP(S)
Most Services support both IPv4 and IPv6. Specifically, remote servers may be running the IPv6
version of services. This includes:
• FTP-type transfers (ftp, sftp) for:
− DB backup; PM backup; Software update and restore
− SWNE - The local NE can be an IPv6 FTP server
− License Server; debug dumps
• NTP; SNMP Traps; Syslog; Radius
IPv6 routing-related commands are supported:

• ICMPv6; Static routes
• Ping; traceroute
The IP access control lists (IP ACL) support IPv6.
Note: The internal NE addressing for inter-card communication supports IPv4 only.
TCP/IP protocol stack

In addition to the IPv4 support, the NE supports IPv6 protocols.
IPv4 only, or both IPv4 and IPv6 (“dual stack”) can be provisioned and used on the system.
Note: IPv6 only is not supported.
IPv6 addresses
For detailed information regarding the IPv6 address representation and usage rules, refer to the
section “IPv6 address character (IPV6) definition” of the 1830 Photonic Service Switch (PSS)
Release 10.0 Command Line Interface Guide or 1830 Photonic Service Switch (PSS) Release 10.0
TL1 Commands and Messages Guide (Photonic Applications).
Configuring an IPv6 address

In general, any interface that has an IPv4 address can also have an IPv6 address.
Release 10.0
August 2017
In most cases, the format of the CLI or TL1 command for configuring an IP address is the same for
IPv4 or IPv6 addresses. The distinction whether a command applies to IPv4 or IPv6 is made by the
system based on the format of the address (e.g., 192.168.10.121 vs. 2001::ff:11)
An IPv6 address can be configured on the following physical interfaces:

• OAMP
• E1, E2
• VoIP
• AUX-A, AUX-B
• E1-A, E1-B
• CIT
Important! Configuring an IPv6 address is only allowed for the primary loopback address,
configuring an IPv6 address for the secondary loopback address is not allowed.
For IPv6, the snmp_src option can be set similar to IPv4 when provisioning an IPv6 address for a
loopback, independently of the IPv4 address of the loopback. If the snmp_src option is set, then
the given IPv6 loopback will be used as the source IPv6 address for SNMP traps and responses.
This parameter is independent for IPv4 and IPv6. If, for example, the snmp_src option is set for the
IPv6 loopback only, then IPv4 SNMP requests might use a LAN interface address, while the IPv6
SNMP requests will always use the IPv6 loopback address.
Note: CLI commands that display the details of an interface will show the IPv6 address(es),
prefix length and scope, along with IPv4 address details. The display command will show the
IPv6 Unicast Address (Global Unicast or Unique Local) and (for LAN interfaces) the IPv6
Link-Local Address.
Automatic address configuration

The system supports the ability to dole out IPv6 addresses to attached devices, and to receive IPv6
addresses from the DCN, that is from an attached router.
For distributing IPv6 addresses (Server mode), DHCPv6 is used. For receiving an IPv6 address
(Client mode), Stateless Address Autoconfiguration (SLAAC) is used.
DHCP
Any interface that supports DHCP Server for IPv4 also supports DHCPv6 server for IPv6. DHCPv4
and DHCPv6 can individually be enabled or disabled on the interface. If enabled for DHCPv6, the
interface will run a DHCPv6 server, meaning it will distribute IPv6 addresses to attached devices.
To run a DHCPv6 Server on an interface requires three steps:

1. Assign an IPv6 address and prefix-length to the interface
2. Enable DHCPv6
3. Assign a DHCPv6 address range
SLAAC
The system supports SLAAC (Stateless Address Autoconfiguration), also called “IPv6 Autoconfig”,
in the client mode. If SLAAC is enabled, an interface will listen for a local Router Advertisement
Release 10.0
August 2017
(RA), take the prefix that is advertised, and auto-assign the host identifier portion to form a unique
address that can be used on the network. The prefix length will be 64 bits (i.e., /64) and the host
identifier is formed using EUI-64 (Extended Unique Identifier) rules.
IPv6 Autoconfig can be enabled or disabled on an interface.
IPv6 capabilities
The following table provides an overview of the IPv6 capabilities and configuration options of the
various management ports.
Table 4 IPv6 capabilities of user service interfaces
Interface Protocols Configuration options

OAMP CLI, TL1, HTTP(S), SNMP, Default state is up; IPv6 Autoconfig
FTP, SFTP (enabled by default); configurable
IPv6.
E1/E2/VoIP CLI, TL1, HTTP(S), SNMP, Default state is down; IPv6 Autoconfig
FTP, SFTP (disabled by default); DHCPv6 Server
(disabled by default); configurable IP
AUX CLI, TL1, HTTP(S), SNMP, Default state is down; IPv6 Autoconfig
FTP, SFTP (disabled by default); DHCPv6 Server
(disabled by default); configurable IP
CIT CLI, TL1, HTTP(S), SNMP, Default state is up; DHCPv6 Server
FTP, SFTP (disabled by default); configurable IP
IPv6 Access Control List

Access Control Lists (ACL) for IPv6 packets are supported. All physical interfaces that support an
IPv4 ACL - including logical interface LAN-PPP - will support an IPv6 ACL, too.
There can be two IPv6 filters associated with each interfaces: Rx & Tx. An IPv6 filter consists of an
ordered list of IPv6 Patterns, which can be ordered based on index. An IPv6 pattern specifies a
"block" or "pass" action.
If all IPv6 patterns are tested without yeilding a match, the IPv6 packet is blocked or passed
according to the ACL global default setting. Processing of an IPv6 packet is the same as an IPv4
packet with respect to the packet entering or passing through the EC. Processing of an IPv6 packet
for the logical LAN-PPP filter and filter on an ECC (NETIF|OSC) are the same as IPv4.
IPv6 ACLs will follow the same auto-configuration principle as IPv4 ACLs
• There will be IPv6 ACL Default Patterns, Filters and ACL Filter-Interface Associations
• All are dependent on the NE mode
• Users cannot change IPv6 System default patterns or filters
Release 10.0
August 2017
• Users are able to change the Filter-Interface association
The fields in the IPv6 Pattern are:

• IPv6 source address and prefix length
• IPv6 destination address and prefix length
• Protocol
• ICMPv6 type & code
• TCP/UDP Source Port
• TCP/UDP Destination Port
• IPv6 Fragment
• tcpEstablished
In addition there is an Action ("block" or "pass") and an ICMPv6 Error report action (False or True).
Note that, unlike IPv4, wildcard masks are not used for the addresses. The Protocol fileld will have
protocols common with IPv4 (TCP, UDP, IPIP, RSVP, GRE), plus IPv6 unique proto-cols (ICMPv6 &
OSPFv3).
Like the IPv4 equivalent, if all patterns in an IPv6 filter are tested without yielding a match, then the
packet is blocked or passed according to the IPv6 ACL global default setting for a specific direction
(Rx | Tx).
The default actions for IPv6 are separate from default actions for IPv4, and can differ from one
another.
The limits on IPv6 ACL patterns and filters are the same as IPv4 ACLs. Specifically,up to 256 IPv6
ACL patterns and up to 100 IPv6 ACL filters may be defined. Each filter may contain up to 256 IPv6
ACL Patterns. Internal memory allocation limits the number of simultaneously defined IPv6 ACL
patterns ac-cross all filters to 4000.
2.2.6 Customer LAN port on LD cards

The customer LAN port on LD cards is a 10/100BASE-T LAN port which can transport the customer
layer-2 traffic to the peer customer LAN port on the remote LD card. The port supports a point-to-
point connection. The details of this port can be displayed via CLI or TL1. The port details include
information on description, port admin state, link integrity, configured and actual duplex setting and
configured and actual link speed.
The following parameters can be configured by the user via CLI or TL1:
• Link speed
• Duplex
• Status
• Description
Furthermore, the port supports auto-negotiation and auto-sensing. Link speed and duplex mode are
automatically selected by the auto-negotiation protocol.
Important!
1. The customer LAN port is only supported if OSC mode is set to OC3/STM1. Customer LAN
Release 10.0
August 2017
traffic will not be supported when the OSC mode is set to 100Base-FX. If the customer
LAN admin state is set to “Up”, the OSC mode cannot be set to 100Base-FX. Likewise, if
the OSC Mode is set to 100Base-FX, the customer LAN admin state cannot be set to “Up”.
2. The user traffic is rate limited to 10 Mb/s.
3. Duplex mode and link speed must be both in auto mode or both set to fixed values. If one
parameter is set to a fixed value, this will change the other parameter to its default fixed
value. The default fixed values for duplex mode and link speed are “Full” and “100Mb/s”.
Figure 3 Customer LAN port on LD cards
Release 10.0
August 2017
2.2.7 Duplex mode

Duplex mode is configurable on all LAN ports (AUX, CIT, E1, E2, OAM/OAMP, VOIP)..
The ports can be configured for the following duplex modes:

• Full duplex
• Half duplex
• Auto (default setting)
“Auto” indicates that the port will participate in auto negotiation of the duplex mode.
2.2.8 Link speed

Link speed is configurable on all LAN ports (AUX, CIT, E1, E2, OAM/OAMP, VOIP).
The ports can be configured for the following values of the link speed:
• 10 Mb/s
• 100 Mb/s
• 1000 Mb/s (applicable for OAMP LAN port on a PSS-16II, and for all PSS-24x LAN ports (OAMP,
E1, AUX, CIT)
• Auto (default setting)
“Auto” indicates that the port will participate in auto negotiation of the link speed.
Release 10.0
August 2017
Nokia 1830 PSS User service interfaces
2.3 User service interfaces

2.3.1 Introduction
The 1830 PSS systems provide user service, or LAN, interfaces for local craft terminal access, for
connecting to the external DCN and external management systems, for connecting to other external
equipment, and for interconnecting NEs.
Depending on the type of shelf, these user service interfaces are located on the following
equipment components:
Table 5 Shelf and card support for user service interfaces
Type of shelf Equipment components providing the user service interfaces

PSS-16/PSS-32 User panel (USRPNL); see 2.3.2 “User Panel (USRPNL) of
PSS-16/PSS-32 shelves” (p. 33)
Equipment controller (EC); see 2.3.6 “Equipment controller of the
PSS-16/PSS-32 shelves” (p. 42)
PSS-24x Central Clock and Controller (CCC) card, also referred to as CEC2; see
2.3.5 “ Central Clock and Controller (CCC) card of the PSS-24x shelf”
(p. 39)
PSS-16II User panel (USRPNL); see 2.3.3 “ User Panel (USRPNL) of the
PSS-16II shelf” (p. 36)
Equipment controller (EC); see 2.3.7 “ Equipment Controller of the
PSS-16II shelf” (p. 44)
PSS-8 User panel (USRPNL); see 2.3.4 “User Panel and Shelf Panel of the
PSS-8 shelf” (p. 38)
Shelf panel (SHFPNL); see 2.3.4 “User Panel and Shelf Panel of the
Equipment controller (EC); see 2.3.8 “Equipment Controller of the
PSS-4 Equipment controller (EC); see 2.3.9 “Equipment controller of the
PSI-2T Built-in equipment controller (PSIEC2); see 2.3.11 “User service
interfaces for 1830 PSI-2T” (p. 47)
2.3.2 User Panel (USRPNL) of PSS-16/PSS-32 shelves

The User Panel provides four (4) general purpose switched auto-sensing LAN ports (10/
100BaseTX):
• OAMP – External LAN interface that can be used to connect to an External Management System
(EMS) or to interconnect 1830 PSS NEs.
• VOIP – The VOIP port can be used to connect to an IP phone or to interconnect 1830 PSS NEs.
Release 10.0
August 2017
User service interfaces Nokia 1830 PSS
• E1 and E2 – External LAN interfaces that can be used to connect to externally managed devices
or to interconnect 1830 PSS NEs.
These ports are auto-sensing, so either a cross-over or straight-through Ethernet cable can be
used.
The following ports are available for craft terminal access:

• The 1830 PSS-32 supports 2 craft ports. There is a female 9-pin D-subminiature (DB9)
connector and a USB-B port. Both support local RS-232C serial interface (support setting: 34800
baud, 1 stop bit, no parity) for connection to a craft terminal via serial link.
• The 1830 PSS-16 supports a local RS-232C serial interface (support setting: 34800 baud, 1 stop
bit, no parity) with a type-B USB port for connection to a craft terminal via serial link.
Note: Either the DB9 port or the USB-B port can be used to connect serially to the NE.
However, only one port should be active at any given time.
The front views of the 1830 PSS-32 and 1830 PSS-16 User Panels are shown in the following
figures.
Figure 4 1830 PSS-32 User Panel faceplate
Release 10.0
August 2017
1 18 11 2 9 6 4 8
12 13 14 15 16 17 3 5 7
USERPNL
Legend:
1 “STATUS” LED 10 “CRAFT” interface (DB9 port, PSS-32 User Panel only)
2 “HOUSEKEEPING” interface 11 “ALARM” interface
3 “MJ/PROMPT” LED 12 “OAMP” interface
4 “CR/PROMPT” LED 13 “VOIP” interface
5 “WARNING” LED 14 “E1” interface
6 “MN/DEFRD” LED 15 “E2” interface
7 “ABNORMAL” LED 16 “CRAFT” USB connector
8 “ATTENDED” LED 17 “LAMP TEST” button
9 Alarm cut-off button (ACO) 18 “RACK LAMP” interface
Table 6 DCN-related external interfaces (USRPNL)
CRAFT DB9 connector supporting RS-232C serial interface (support setting: 38,400 baud, 1 stop bit,
(PSS-32 User Panel no parity) for connection to craft terminal via a serial link.
only)
OAMP OAMP LAN port to connect the NE to a management system.
VOIP VOIP LAN interface to connect an IP phone to an IP managed DCN.
E1 E1 LAN extension subrack connection
E2 E2 LAN extension subrack connection
Release 10.0
August 2017
Table 6 DCN-related external interfaces (USRPNL) (continued)
CRAFT Local RS-232C serial interface (support setting: 34800 baud, 1 stop bit, no parity) with a
type-B USB port for connection to craft terminal via a serial link.
During an EC switchover caused by a failure of the active EC, there may be a brief loss of
communication to the NE from NMS. The applications will be launched on the standby EC. Through
the backplane a LAN communication is established between the User Panel and the two EC
boards.
2.3.3 User Panel (USRPNL) of the PSS-16II shelf

The User Panel resides on the 1830 PSS-16II master shelf.
The User Panel provides four (4) general purpose switched auto-sensing RJ45 LAN ports:
• OAMP – External LAN interface (10/100/1000BaseTX) that can be used to connect to an
External Management System (EMS) or to interconnect 1830 PSS NEs.
• VOIP – The VOIP port (10/100BaseTX) can be used to connect to an IP phone or to interconnect
1830 PSS NEs.
• E1 and E2 – External LAN interfaces (10/100BaseTX) that can be used to connect to externally
managed devices or to interconnect 1830 PSS NEs.
used.
The User Panel of the 1830 PSS-16II shelf provides a local RS-232C serial interface (support
setting: 34800 baud, 1 stop bit, no parity) with a type-B USB port for connection to a craft terminal
via serial link. The NE automatically detects when a laptop (or any equivalent active device) is
connected to that USB-B port.
Release 10.0
August 2017
Figure 6 1830 PSS-16II User Panel faceplate
Legend:
1 LEDs “Alarms status”
2 LEDs “ATTENDED”
3 LEDs “STATUS”
4 2*Shelf-ID Rotary
Shelf-ID Rotary "H"
5 Shelf-ID Rotary "L"
6 1* Type B USB interface

Craft: Craft Port (USB signal)
Release 10.0
August 2017
7 “HOUSEKEEPING1” interface
“HOUSEKEEPING2” interface
8 ALARM: RACK ALARM

RACK LAMP
9 OAMP: OAMP (GbE) and its LED

VOIP: VOIP (FE) and its LED
10 2*RJ45 interface
Expansion 1 ( FE) and its LED E1, Expansion 2 ( FE) and its LED E2
11 Two RJ45 timing/clock ports that support the IEEE 1588 Precision Time Protocol (PTP) with
ToD/1PPS (Time of day, 1pps (pulse-per-second) signal) and Building Integrated Timing Supply
(BITS) interfaces:
BITSin1 TODin1: BITS and 1pps and TOD IN1
BITSout1 TODout1: BITS and 1pps and TOD OUT1
12 Two RJ45 timing/clock ports that support the IEEE 1588 Precision Time Protocol (PTP) with
ToD/1PPS (Time of day, 1pps (pulse-per-second) signal) and Building Integrated Timing Supply
(BITS) interfaces:
BITSin2 TODin2: BITS and 1pps and TOD IN2
BITSout2 TODout2: BITS and 1pps and TOD OUT2
13 RJ11 interface (INV): 1-wire connection to SFD44
14 Alarm cut-off button (ACO)
15 “LAMP TEST” button
2.3.4 User Panel and Shelf Panel of the PSS-8 shelf

The User Panel is an optional card that can be installed in the protection EC slot in the 1830 PSS-8
master shelf. The User Panel provides Housekeeping Interface, Rack Lamp, Rack Alarm, Lamp
test, ACO function and expansion Ethernet port.
Note: The User Panel cannot be used in a 1+1 protected configuration of the EC because the
protection EC slot is occupied by the second EC in that case. Communications interfaces
such as the OAMP, ES1/ES2, and CRAFT/CIT interfaces are available via the Shelf Panel or
the active EC, respectively.
Table 7 User Panel interfaces
STAT Status LED
Release 10.0
August 2017
Table 7 User Panel interfaces (continued)
LAMP TEST Lamp test button
E1 External RJ45 interface
HOUSEKEEPING (HK1, HK2) Two (3*HK IN + 2*HK OUT) RJ45 interfaces
ALARM RJ45 for alarm indications
RACK LAMP RJ45 interface for rack lamp control
ACO Alarm cut-off button
ATT Attended LED
The Shelf Panel is a mandatory card installed in slot 13 of the 1830 PSS-8 shelf. The Shelf Panel
provides OAMP and Timing interfaces (BITS and ToD).
Figure 8 1830 PSS-8 Shelf Panel faceplate
Table 8 Shelf Panel interfaces
OAMP Fast Ethernet RJ45 interface
BITS in/out and TOD in/out Two RJ45 timing/clock ports that support the IEEE 1588 Precision Time
Protocol (PTP) with ToD/1PPS (Time of day, 1pps (pulse-per-second)
signal) and Building Integrated Timing Supply (BITS) interfaces
connected to the Clock Recovery Units CRU_A and CRU_B.
2.3.5 Central Clock and Controller (CCC) card of the PSS-24x shelf
Every 1830 PSS-24x shelf contains a pair of equipment-protected CCC cards.
Each CCC provides a CIT port and three (3) general purpose switched auto-sensing LAN ports (10/
100/1000BaseTX), for connection to EMS/NMS, client devices, and externally managed devices.
• CIT – is dedicated to CIT connection.
CIT ports are active for CCCs in the main shelf only. For CCCs in extension shelves, the CIT
ports are disabled.
The CIT port is enabled by default on the active CCC in the main shelf.
• OAMP – is dedicated to connect to an Element Management System (EMS).
The OAMP port is enabled on the active CCC card only.
• E1 – is dedicated to connect to externally managed devices.
Release 10.0
August 2017
Each of the two E1 ports (“E1-A” on CCC-A in slot 16, “E1-B” on CCC-B in slot 29) can be
configured as a general purpose external LAN port, which is logically terminated by the active
CCC.
In particular, the E1 ports can be used to connect externally managed devices to the 1830 PSS
NE via two independent IP subnets.
• AUX – is dedicated to connect to client devices.
Each of the two AUX ports (“AUX-A” on CCC-A in slot 16, “AUX-B” on CCC-B in slot 29) can be
configured as a general purpose external LAN port, which is logically terminated by the active
CCC.
In particular, the E1 and AUX ports can be used to connect the 1830 PSS NE as an optical
extension shelf to a 7750 service router via two independent IP subnets.
Note: The OAMP/E1/AUX ports may also be used to interconnect 1830 PSS NEs together in
order to extend the DCN when OSC or network interfaces (GCCs) are not an option. This
includes the interconnection of multiple NEs to form a cluster NE.
Release 10.0
August 2017
The front of the central clock and controller (CCC) card is shown in the following figure:
Figure 9 CCC front view
6
1
10
11
12
13
g_pipg_0079
Legend:
1 Latches
2 Card status LEDs
3 Alarm Cut-Off push button
4 Alarm LEDs
5 Type A USB connector
6 Debug Interfaces
7 ES1 port LAN connector
8 ES2 port LAN connector
Release 10.0
August 2017
9 CIT port LAN connector
10 OAMP port LAN connector
11 E1 port LAN connector
12 AUX port LAN connector
13 RESET push button
For the PSS-24x as a main shelf, the following applies:

• OAMP provisioning is only effective for the OAMP LAN port on the active CCC. In case of an
equipment protection switch, the provisioning takes effect on the CCC that is active after the
switch.
• E1 and AUX ports are available on both CCC cards (CCC-A, CCC-B). They are handled as
separate interfaces (E1-A, E1-B, AUX-A, AUX-B).
MAC addresses
See 2.3.10 “ Multi Function Card (MFC24X) of the PSS-24x shelf” (p. 46).
2.3.6 Equipment controller of the PSS-16/PSS-32 shelves

Every 1830 PSS-16 and 1830 PSS-32 shelf contains at least one equipment controller (EC); two if
EC redundancy is required.
Each EC provides four (4) RJ45 LAN ports (10/100BaseTX). These ports are auto sensing and
provide the following functionality:
• CIT – is dedicated to CIT connection.
Only the ECs in the main shelf have the CIT port enabled.
• AUX – is dedicated to auxiliary LAN connection. Each AUX port (on the active and redundant
EC) supports a separate IP subnet, and both are terminated by the active EC, that is, both can
be used.
• ES1 and ES2 – are reserved for inter-shelf connectivity (between main shelf and extension shelf,
or between extension shelves).
Release 10.0
August 2017
The front view of the 1830 PSS-16 and 1830 PSS-32 equipment controller (EC) is shown in the
following figure:
Figure 10 1830 PSS-16 and 1830 PSS-32 EC faceplate
Legend:
1 “STATUS” LED
2 “EPS” LED (Equipment Protection Switching)
3 USB interface
4 “CIT” interface
5 “AUX” interface
6 “ES 1” interface
Release 10.0
August 2017
2.3.7 Equipment Controller of the PSS-16II shelf

Regarding the CIT, AUX, and inter-shelf (ES1, ES2) LAN ports, the 1830 PSS-16II equipment
controller (EC) provides the same functionality as the PSS-16/PSS-32 EC; see 2.3.6 “Equipment
controller of the PSS-16/PSS-32 shelves” (p. 42).
The front view of the 1830 PSS-16II EC is shown in the following figure:
Figure 11 1830 PSS-16II EC faceplate
Legend:
1 “STATUS” LED
2 “EPS” LED (Equipment Protection Switching)
3 USB interface
Release 10.0
August 2017
4 “CIT” interface
5 “AUX” interface
2.3.8 Equipment Controller of the PSS-8 shelf

Every 1830 PSS-8 shelf contains at least one EC; two if EC redundancy is required. The PSS-8
user panel card (see 2.3.4 “User Panel and Shelf Panel of the PSS-8 shelf” (p. 38)) is an optional
card that can be installed in the protection EC slot in 1830 PSS-8 master shelf in case no
redundancy is required.
Each EC provides four (4) RJ45 ports with the following functionality:
• CIT – RJ45 LAN interface, dedicated to CIT connection.
• CRAFT – RS-232C serial interface, dedicated to craft interface.
RS-232C serial interface with RJ45 connector (38400 baud, 1 stop bit, no parity), to connect to a
craft terminal via serial link.
• ES1 and ES2 – RJ45 LAN interfaces, reserved for inter-shelf connectivity (between main shelf
and extension shelf, or between extension shelves).
The front view of the Equipment Controller for 1830 PSS-8 is shown in the following figure:
Figure 12 Front view of the 1830 PSS-8 EC
2.3.9 Equipment controller of the PSS-4 shelf
The 1830 PSS-4 equipment controller (EC) provides four (4) general purpose switched auto-
sensing RJ45 LAN ports (10/100BaseTX):
• OAM – External LAN interface that can be used to connect to an External Management System
(EMS) or to interconnect 1830 PSS NEs.
• CIT/CRAFT – The CIT LAN port and the CRAFT serial port are sharing one auto- sensing RJ45
port (pin 1/2/3/6 for CIT, pin 7/8 for RS232 Rx/Tx, pin4 GND for RS232).
− The “CIT port” is a LAN port used for local NE commissioning.
− The “CRAFT port” is a local RS-232 serial interface (support setting: 38400 baud, 1 stop bit,
no parity), used for the connection to a craft terminal via serial link.
Important:
• ES1 and ES2 – External LAN interfaces that can be used to connect the to 1830 PSS-4
extension shelves.
Release 10.0
August 2017
Important! Do not connect the CIT/CRAFT ports to the external network.

used.
The front view of the 1830 PSS-4 equipment controller (EC) is shown in the following figure:
Figure 13 1830 PSS-4 EC faceplate
Legend:
CIT/CRAFT “CIT/CRAFT” interface
OAM “OAM” interface
ES1/ES2 “ES1/ES2” interface
2.3.10 Multi Function Card (MFC24X) of the PSS-24x shelf
The MFC24X provides MAC addresses for the following Ethernet ports for each of the two CCC
cards:
• OAMP
• CIT
• E1
• AUX
Release 10.0
August 2017
2.3.11 User service interfaces for 1830 PSI-2T
The 1830 PSI-2T is a high-capacity/high-density standalone Data Center Interconnect (DCI)

platform, as shown in the following figure.
Figure 14 Front panel of the 1830 PSI-2T
The 1830 PSI-2T has one built-in equipment controller, PSIEC2, which has a CIT port and three (3)
general purpose switched auto-sensing LAN ports (10/100/1000BaseTX) for connection to NMS,
client devices, externally managed devices, or for interconnecting NEs.
• CIT – is dedicated to CIT connection. The CIT port is enabled by default.
• OAMP – is dedicated to connecting to the external DCN and Element Management System
(EMS) or Network Management Systems (NMS).
• AUX1, AUX2 – are general purpose LAN interfaces for connecting to the DCN LAN (to serve as
a redundant connection), or interconnecting shelves, such as in a cluster configuration.
The following is a detailed view of the CIT and LAN interfaces on the 1830 PSI-2T.
Figure 15 CIT and LAN ports of the 1830 PSI-2T
Note: Unlike other shelf types, the 1830 PSI-2T does not have redundant equipment
controllers.
Release 10.0
August 2017
2.3.12 Summary of user service interfaces

The following table provides an overview of the available user service interfaces:
Table 9 User service interfaces
Port
Shelf Type Equipment
OAMP VOIP E1, E2 AUX ES1, ES2 CIT 1 CRAFT/USB
X X
PSS-4 EC - - - X
(OAM) (CIT/CRAFT)
8EC2 - - - - X X RJ45 & USB
SHFPNL X - - - - - -
PSS-8
X
8USRPNL - - (EXP) - - - -
(E1 only)
X2 X
EC - - - X X
PSS-16 (AUX-A/B) (USB-B)
USRPNL X X X - - - -
X2
32EC2 - - - X X X
(AUX-A/B)
PSS-16II
X
USRPNL X4 X X - - -
(USB-B)
2
EC X
- - - X X -
32EC2 (AUX-A/B)
PSS-32
X
USRPNL X X X - - -
(DB9 & USB-B)
X3 , 4
X2 , 4
PSS-24x CEC2 X1 , 4
- (E1A, - X -
(AUX-A/B)
E1B)
X5 , 6
X5 CRAFT (USB-B) &
PSI-2T PSIEC2 X5 - - (AUX1/ - (RJ45) USB
AUX2)
Notes:
1. When both active and standby controllers are installed, this port is up on the active controller; this port is
down on the inactive/standby controller.
2. There are two AUX ports: AUX-A on the first equipment controller and AUX-B on the second equipment
controller (if installed). When both active and standby controllers are installed, both ports are up (even when
an equipment controller is inactive/standby).
3. There are two E1 ports: E1A on the first equipment controller and E1B on the second equipment controller (if
installed). When both active and standby controllers are installed, both ports are up (even when an
equipment controller is inactive/standby).
4. These LAN interfaces are GbE.
Release 10.0
August 2017
Nokia 1830 PSS OSPF multi-area support for OSC/GCC
5. These LAN interfaces are 10/100/1000 Mb/s with auto negotiation.

6. There are two AUX ports to support additional functionality. For example OAMP and AUX1 can be used to
enable connectivity to a redundant LAN switch, providing a control network with higher availability.
The following table provides an overview of the capabilities of the various management ports:
Table 10 Functionalities of user service interfaces
Interface Protocols Configuration Options

Default State is up; DHCP Client (enabled
CLI, TL1, HTTP(S), SNMP, by default); configurable IP; ProxyARP;
OAMP FTP, SFTP OSPF
CLI, TL1, HTTP(S), SNMP, Default State is down; DHCP Client; DHCP
E1/E2/VOIP FTP, SFTP Server; configurable IP; ProxyARP; OSPF
CLI, TL1, HTTP(S), SNMP, Default State is down; DHCP Client; DHCP
AUX FTP, SFTP Server; configurable IP; ProxyARP; OSPF
Default State is up; DHCP Server (enabled
by default); fixed IP address by default;
CLI, TL1, HTTP(S), SNMP, configurable IP; ProxyARP, OSPF
CIT FTP, SFTP (redistribute only)
Serial Craft CLI, TL1 Default: enabled
ES1/ES2 internal Default: enabled
2.4 OSPF multi-area support for OSC/GCC

2.4.1 System behavior prior to 1830 PSS Release 10.0
For software releases prior to 1830 PSS Release 10.0, the following applied regarding the support
of multiple OSPF areas:
• The loopback interface and all Embedded Communication Channels (ECCs) are in one OSPF
area.
• The LAN interfaces can be in any OSPF area, including the OSPF area of the loopback.
By default, the loopback interface and all ECCs are in the area 0, though can be changed. The
opaque LSA capabilities are always in the area with the loopback. The LAN interfaces can be in a
different area than the loopback, but they will not have opaque LSA capabilities. Hence, there is
only one optical domain on the 1830 PSS.
2.4.2 New system behavior

In order to scale the network, the ECCs must be able to straddle mutiple OSPF areas.
With the “OSPF multi-area support for OSC/GCC” feature, introduced in 1830 PSS Release 10.0,
an OSC/GCC interface can now be in a different area than the loopback interface and other OSCs/
GCCs. Only one area, however, can have the opaque LSAs.
Release 10.0
August 2017
DCN interconnections between photonic and switching NEs Nokia 1830 PSS
2.4.3 OSPF cost metrics

The following table shows the OSPF cost metrics.
Table 11 OSPF cost metrics
WDM OSPF OCS OSPF

Type of link MRN OSPF costs
costs costs
OOB DCN Link 1 1 1
OSC [155 M] 10 - 10
OAMP (Dual-Compound RNE)
10 1 11
[100 M]
OTU4/ODU4 GCC [13.7 M] 10 7 12
OTU3e2/ODU3e GCC [5.46 M] 10 18 13
OTU3/ODU3 GCC [5.27 M] 10 19 14
OTU2e /ODU2e GCC [1.36 M] 10 74 16
OTU2/ODU2 GCC [1.31 M] 10 76 17
IP-in-IP Tunnel - 200 18
OAMP (Dual-Compound GNE)
10 1 19
[100M]
OAMP (Single compound GNE)
10 1 28
[100M]
2.5 DCN interconnections between photonic and switching NEs

2.5.1 Introduction
The present section provides information concerning the physical connections that need to be
established between the 1830 PSS equipment and the management DCN. For that purpose, the
section describes the interconnections between photonic and switching nodes/compounds and
provides information how these systems can act as gateway NEs (GNEs) or remote NEs (RNEs) in
an 1830 PSS management network.
The following scenarios are described:

• 2.5.2 “Connection of a pure photonic system to the management DCN” (p. 52)
• 2.5.3 “Connection of a converged system as a GNE (GNE connection option 1)” (p. 52)
• 2.5.6 “Connection of a converged system as an RNE (RNE connection option 1)” (p. 58)
• 2.5.7 “Connection of a converged system as an RNE (RNE connection option 2)” (p. 59)
Release 10.0
August 2017
Nokia 1830 PSS DCN interconnections between photonic and switching NEs
The following schematic diagrams will be used throughout this section to illustrate the DCN
connections of 1830 PSS system compounds:
Figure 16 Schematic diagrams of 1830 PSS system compounds
E1 E2 AUX-A AUX-B VOIP OAMP OAMP OAMP
LSW (RSTP) LSW (RSTP)
Active EC
FLC A
FLC B
(active)
Photonic
compound Switching compound
OSC GCC GCC
Photonic compound: Switching compound:

Every interface shown is an IP Interface. The The two OAMP ports of the Switching
OSCs and GCCs are also unnumbered IP Compound are switched ports and have to be
interfaces which use The SYSTEM IP address enabled for RSTP (Rapid Spanning Tree
(loopback address) for the local interface Protocol). They also have to be configured for
address. the same IP subnetwork.
Please note that the interfaces shown serve as examples only, they represent a superset of all
possible interfaces; see 2.3 “User service interfaces” (p. 33).
Not all these interfaces are actually supported by all shelf types, for example:
• PSS-4 does not support E1/E2 and AUX.
• PSS-8 does not support E2 and AUX.
• PSS-24x does not support E2 and VOIP but E1-A/E1-B on the CCC-A and CCC-B, respectively.
The LAN interfaces (E1, E2, ... , OAMP) shown for the photonic compound on the left-hand side are
a superset of the potentially available LAN interfaces on photonic shelves. Depending on the type
of shelf, a subset of these LAN interfaces is actually supported, see Table 9, “User service
interfaces” (p. 48).
Important! Use twisted-pair LAN cables (halogen-free standard CAT6 LAN cables) with RJ45
connectors at both ends to connect the system compounds to the DCN equipment (routers or
LAN switches).
Release 10.0
August 2017
2.5.2 Connection of a pure photonic system to the management DCN
The following figure shows the recommended way of connecting a photonic compound to the
management DCN as a GNE.
Figure 17 Management DCN connection of a photonic compound GNE
Management
system
x
Management network
(IP based)
Out-of-band DCN
E1 E2 AUX-A AUX-B VOIP OAMP
Active EC
Photonic
compound
OSC GCC
The OAMP port on the user panel has to be connected to a single port of the management DCN
LAN infrastructure.
Management DCN connection of photonic compound RNEs

Photonic compound RNEs have direct or indirect in-band OSC connectivity to one or more GNEs,
see RNE C in Figure 28, “OSPF peering model (photonic application) ” (p. 72) for example.
2.5.3 Connection of a converged system as a GNE (GNE connection option 1)

Figure 18, “Management DCN connection of a converged system (GNE connection option 1)”
(p. 53) shows a way of connecting a converged system as a GNE where both compounds are
connected to the management DCN.
Release 10.0
August 2017
Figure 18 Management DCN connection of a converged system (GNE connection option 1)
Management
system
x Management network
(IP based)
Out-of-band DCN
LSW (RSTP)
OAMP OAMP E1 E2 AUX-A AUX-B VOIP OAMP
Active EC
FLC A
FLC B
(active)
Photonic
Switching compound compound
GCC OSC GCC
The following characterize this GNE connection option:

• The photonic compound needs a single LAN port on the management DCN to connect the
OAMP LAN port to.
• The switching compound offers OAMP LAN port redundancy.
− To make use of this, both OAMP LAN ports need to be connected to an Rapid Spanning Tree
Protocol (RSTP)-enabled LAN switching infrastructure. In the easiest case, this is a single
LAN switch, as depicted in Figure 18, “Management DCN connection of a converged system
(GNE connection option 1)” (p. 53).
− Both OAMP LAN ports have to be connected to a common IP subnetwork.
− Though one can choose to use only one OAMP port, we encourage that both be used for
redundancy. As each OAMP LAN port is provided by one FLC, an equipment outage of the
connected FLC would interrupt GNE reachability.
• For uplink card management, the management DCN has to provide connectivity between both
compounds.
This is reached most easily by connecting the OAMP LAN ports of both compounds to a
common IP subnetwork. This is indicated in Figure 18, “Management DCN connection of a
converged system (GNE connection option 1)” (p. 53) by the extended external LAN switch
(dashed line).
Release 10.0
August 2017
Advantages
The GNE connection option 1 provides the following advantages:

• OAMP LAN port redundancy feature of the switching component is used.
Disadvantages
The GNE connection option 1 provides the following disadvantages:

• An extra switch in the DCN – LSW (RSTP) is needed to connect to all the OAMP interfaces.

(p. 53) shows an alternate way of connecting a converged system as a GNE.
One of the OAMP ports of the switching compound is connected to the out-of-band DCN (OOB
DCN, management DCN). The OAMP port (or one of the other external LAN ports E1/E2/VOIP) of
the photonic compound is connected to the second OAMP port of the switching compound. Via the
on-board LAN switches of the switching compound FLCs, this setup puts FLCs and ECs into a
common IP subnet with the OOB gateway router. Management traffic for the photonic compound
passes through the LAN switches without impacting switching compound FLC CPUs. As the OAMP
LAN connections are single points of failure, the In-band DCN is used as backup, refer to the next
fig. where the right-hand converged system can provide a backup path to the left-hand converged
system.
Release 10.0
August 2017
Management
system
Management network
(IP based)
Out-of-band DCN
OAMP OAMP E1 E2 AUX-A AUX-B VOIP OAMP
E1 E2 AUX-A AUX-B VOIP OAMP OAMP OAMP

LSW (RSTP) LSW (RSTP) Active EC
FLC A
Active EC FLC B
FLC A (active)
FLC B
(active) Photonic
Photonic Switching compound compound
compound Switching compound GCC GCC OSC OSC
OSC OSC GCC GCC
In-band DCN (GCCs)
In-band DCN (OSCs)
Advantages

• Only one customer LAN port needed.
• Low latency/high throughput inter-compound communication, as long as the connected FLC card
is available.
• No additional IP forwarding load on FLC/EC CPUs, as long as LAN connectivity is operational.
Disadvantages

• The OAMP LAN port redundancy feature of the switching compound is not used. If the OOB-
connected FLC is not operational, OOB DCN connectivity of the dual-compound node is lost.
Release 10.0
August 2017
• Photonic compound OOB-connectivity depends on availability of both switching compound FLC

on-board LAN switches. That means that interruptions are possible during maintenance
scenarios (FLC reset, FLC switch, ISU, FLC replacement).
• A split LAN can occur if one of the LAN links is down. (For example, in Figure 19, “Management
DCN connection of a converged system (GNE connection option 2)” (p. 55), on the left-hand
converged node system the connection failed between FLC A OAMP and the photonic compound
OAMP). In a split LAN scenario, some of the IP addresses on the OAMP LAN may become
unreachable:
− This happens because the OSPF routers connected to the split LAN each advertise a subnet
route for the entire split LAN, but only a part of the split LAN is reachable via each of the
routers.
− This can affect all addresses on the subnet (gateway router address, FLC A address, FLC B
address, EC OAMP address), except for the active FLC address of the switching compound.
− The affected addresses are not essential for managing the node. But e.g. debug access to
the standby FLC can be affected.
− The active FLC address, which is used for managing the switching compound, is advertised
by the active FLC as a host route, which takes precedence over the subnet route.
− The photonic compound that is managed via a loopback address is not impacted by the split
LAN scenario.

(p. 57) shows a further alternative of connecting a converged system as a GNE.
The GNE connection option 3 is a combination of the preceding connection options: Each
compound is connected to the out-of-band DCN (OOB DCN, management DCN) via one OAMP
LAN port. Moreover, the second OAMP port of the switching compound is connected to one of the
other external LAN ports (E1/E2/AUX-A/AUX-B/VOIP) of the photonic compound. This additional
port is in the same IP subnet as the OAMP LAN of the switching compound, whereas the OAMP
port of the photonic compound has to be in a different IP subnet. With OSPF running on all involved
LAN ports, LAN port redundancy is achieved for the dual compound node, as long as the inter-
compound link is available.
Release 10.0
August 2017
Management
system
Management network
(IP based)
Out-of-band DCN
OAMP OAMP AUX-B VOIP OAMP

E1 E2 AUX-A
AUX-B OAMP VOIP
E1 E2 AUX-A OAMP OAMP
LSW (RSTP) LSW (RSTP) Active EC
FLC A
Active EC FLC B
FLC A (active)
FLC B
(active) Photonic
Photonic Switching compound compound
compound Switching compound GCC GCC OSC OSC
OSC OSC GCC GCC
In-band DCN (GCCs)
In-band DCN (OSCs)
Advantages

• Low latency/high throughput inter-compound communication, as long as the inter-compound
LAN link is available, or both OOB connections are available.
• No additional load on FLC CPU, as connection to photonic compound via switching compound
OAMP port is via FLC LAN switches.
• No additional load on EC CPU, as long as the OOB-connected FLC card is available.
• LAN redundancy for dual compound node.
Release 10.0
August 2017
Disadvantages

• Two OOB DCN LAN ports needed.
• Two IP subnets needed on OOB LAN.
• One of the external LAN ports of the photonic compound is occupied by the connection to the
switching compound, and cannot be used for its original purpose (external equipment for E1/E2
ports, IP phone for VOIP port).
• The Split LAN scenario (analogous to GNE connection option 2) can occur.
2.5.6 Connection of a converged system as an RNE (RNE connection option 1)

Figure 21, “Management DCN connection of a converged system RNE with partial LAN
connectivity” (p. 57) shows a converged system as RNE with partial LAN connectivity.
One of the OAMP ports of the switching compound is connected to the OAMP port (or one of the
other external LAN ports) of the photonic compound via a point-to-point LAN cable. As long as this
connection is operational, inter-compound communication is via LAN. The path via in-band DCN,
GNEs, and out-of-band DCN is used as a backup for the LAN. To enable dynamic routing via either
LAN or DCN, OSPF needs to be enabled on the interconnected LAN interfaces of both compounds.
Figure 21 Management DCN connection of a converged system RNE with partial LAN
connectivity
Release 10.0
August 2017
Advantages
The RNE connection option 1 provides the following advantages:

• Only limited LAN equipment needed (1 cable).
• Low latency/high throughput inter-compound communication, as long as the LAN-connected
FLC card is available.
Disadvantages
The RNE connection option 1 provides the following disadvantages:

• There will be a permanent External LAN Failure (EXTLANFAIL) alarm on the unconnected
OAMP LAN port of the switching compound.
• When the LAN-connect FLC (FLC A) fails, rerouting via DCN is done, resulting in the GCC being
used for inter-compound communication, which are high latency, low throughput.
2.5.7 Connection of a converged system as an RNE (RNE connection option 2)

Figure 22, “Management DCN connection of a converged system RNE with full LAN connectivity”
(p. 58) shows a converged system as RNE with full LAN connectivity.
Both OAMP ports of the switching compound are connected to the OAMP port (or one of the other
external LAN ports) of the photonic compound via an external LAN switch, which needs to be
configured for running RSTP. OSPF should be configured on the OAMP LAN of both compounds to
allow the usage of in-band and out-of-band DCN as a last resort backup for the LAN. Further
external equipment, such as Raman amplifiers or booster amplifiers, can be connected to the same
LAN switch.
Release 10.0
August 2017
Figure 22 Management DCN connection of a converged system RNE with full LAN connectivity
Advantages
The RNE connection option 2 provides the following advantages:

• Fully leverages the OAMP LAN port redundancy of the switching compound.
• Low latency/high throughput/highly resilient inter-compound communication, as long as the LAN-
connectivity is available.
Disadvantages
The RNE connection option 2 provides the following disadvantages:

• An additional external LAN switch is needed, which needs to be properly configured (RSTP).
2.5.8 RNE connection option assessment

From the described RNE connection options, the option with partial LAN connectivity (RNE
connection option 1) might be preferrable in sunny-day scenarios because the demands concerning
the required LAN equipment are kept to a minimum (single cable).
On the other hand, the option with full LAN connectivity (RNE connection option 2) provides the
best level of failure resiliency, but comes with additional cost (external LAN switch, LAN switch
management).
Release 10.0
August 2017
Nokia 1830 PSS Cluster DCN
2.5.9 Configurations using L3 redundancy of duplicated LAN ports

The AUX port pairs (and/or E1-A/E1-B port pairs for PSS-24x) on the equipment controllers (ECs)
or Central Clock & Controller (CCC) cards can be used to connect to externally managed devices/
client devices or to a UNI router for GMRE by using the L3 redundancy of these duplicated ports on
the EC/CCC.
2.6 Cluster DCN

2.6.1 Single-site/multi-node clusters
Single-site/multi-node clusters provide flexible and scalable growth options. Multiple 1830 PSS NEs
participate in a “Cluster” arrangement but each NE remains independent. Each NE is managed
separately, via its own management interface. Each NE has its own 24-shelves maximum size.
However, NEs with optical line resources can perform auto power management for OT line ports on
other NEs. General management functions continue to be performed by the individual NEs which
contain the OTs.
These roles are defined in a multi-node cluster:
Main NE
This is an NE with optical line resources which automatically manages power settings, wavekeys,
and channel assignments for connected OT line ports located on Tributary NEs. However the Main
NE does not perform other aspects of management (e.g. general provisioning and alarming) for
OTs located in Tributary NEs.
Tributary NE
This is an NE containing OTs whose line ports are connected to a Main NE. Most aspects of OT
management (e.g. general provisioning and alarming) are performed locally by the Tributary NE
itself. But port power settings, wavekeys, and channel assignments are managed by the Main NE.
On all node types, most aspects of management, e.g. NMS functions such as viewing, provisioning
and alarming, along with DCN routing, are performed on the node, be it an OLN, add/drop or End-
Terminal node.
Usually, a cluster contains a Main NE and several Tributary NEs (referred to as a 1:N configuration).
Configurations with multiple Main NEs and several Tributary NEs are also allowed (referred to as an
M:N configuration).
All the cluster NEs at a location should be directly cabled together in a circular daisy chain fashion.
In general, the OAMP port should not be used for that cluster inter-NE communication because the
OAMP port is reserved for management access. However, any of the other LAN ports of a shelf (i.e.
E1, E2, AUX, VOIP) can be used, provided that this type of LAN port is available on the respective
type of shelf. This connection approach keeps the OAMP port reserved for management access,
avoids the use of an office LAN switch/router, and avoids the performance and set-up issues of
OSC/GCC links.
See Table 9, “User service interfaces” (p. 48) for an overview of supported LAN interfaces per shelf
type.
Note: Due to the lack of LAN ports, 1830 PSS-8 cannot be the main shelf in any cluster node.
It can only be an extension shelf.
Release 10.0
August 2017
Cluster DCN Nokia 1830 PSS
The following figure shows an example. It illustrates a 1:3 configuration with four node types: PSS-
32, PSS-16II, PSS-24x and PSS-16. The interconnecting interfaces are shown. NE 1 is a GNE, with
a connection to the customer DCN.
Figure 23 Example of a Cluster setup (Example 1)
OAMP
AUX-A NE 1 AUX-B
(PSS-32)
10.10.10.3/32
AUX-A AUX-B
NE 2 NE 4
(PSS-16II) (PSS-16)
10.10.10.1/32 10.10.10.4/32
AUX-B AUX-A
193.150.2.3/31
NE 3
(PSS-24x)
AUX-A 10.10.10.2/32 AUX-B
193.150.2.2/31
Optical Line Node
Add/Drop Node
Clustering does not preclude any node from being a GNE, and in fact, none of the nodes need to
be GNE. For example, NE-1 could be an RNE with an OSC connection to another site that has the
GNE. It is recommended that the higher performing NE be the GNE, and be the Main NE (in this
case a PSS-32 with two 32EC2 controllers).
Also, in Figure 23, “Example of a Cluster setup (Example 1)” (p. 62), each NE can be a single-shelf
NE, or a multi-shelf NE (up to 24 shelves). A node can have some shelves that have optical line
resources, and other shelves can have add/drop resources. Hence a node can be a Main NE in one
cluster and a Tributary NE in another cluster (second example).
The next example shows two intermixed clusters (1830 PSS NEs and 1830 PSI-2T NEs in a mixed
configuration).
• In the first cluster, NE 1 (i.e. shelf 2 of NE 1) is the Main NE, with NE 5 and NE 6 as the Tributary
NEs.
Release 10.0
August 2017
• In the second cluster, NE 3 is the Main NE, and the Tributary NEs are NE 2 and the remaining
two shelves of NE 1.
This example illustrates:

1. A node can be both a Main NE and a Tributary NE, just in different clusters.
2. An OSC can be used as an interconnect link.
3. The GNE does not have to be a cluster node.
Figure 24 Example of a Cluster setup (Example 2)
Cluster 2
Cluster 1
NE 2 NE 1 AUX-1 NE 5
AUX-A
(PSS-16II) (PSS-32) (PSI-2T)
10.10.10.1/32 AUX-A 10.10.10.3/32 10.10.10.6/32
AUX-B
AUX-2
OAMP OSC AUX-1
NE 6
(PSI-2T)
NE 4 NE 3
OSC 10.10.10.7/32
(PSS-32) (PSS-32)
10.10.10.8/32 10.10.10.2/32
Optical Line Node
Add/Drop Node
Both examples will be referenced in subsequent sections, which outline rules for connecting and
configuring clusters, along with setting of routing.
2.6.2 Cluster interconnection
Important! Cluster configurations require two high capacity controllers in duplex operation
mode (two controllers for redundancy) to be installed on all cluster NEs (Main and Tributary
NEs), that is:
• 2 × 32EC2 on PSS-32 or PSS-16II
Release 10.0
August 2017
• 2 × CCC/CEC2 on PSS-24x
The following are some rules for connecting cluster nodes:

• For a point-to-point interconnection between nodes, use the AUX interface if possible, though any
LAN interface can be used, especially for nodes without AUX interface, e.g., the PSS-8 (see
Figure 23, “Example of a Cluster setup (Example 1)” (p. 62)).
− In some case, the OSC can also be used for interconnecting nodes in a cluster (see Figure
24, “Example of a Cluster setup (Example 2)” (p. 63)).
• It is recommended, but not required, to interconnect nodes in a daisy-chain manner for
redundancy. This provides protection against link failure and EC failure.
− Alternatively, nodes can be connected to a TOR (top-of-rack) switch (see2.6.9 “Example with
a top-of-rack (TOR) switch” (p. 66)).
• Use CAT5 or better cable to connect nodes.
• Use direct connections if possible (e.g., no intervening switch or router), unless you are using
TOR switch.
• The IP addresses of the connected LAN ports must be routable on the OAMP LAN.
• Set interface speed and duplex mode to auto (default setting) to assure that interface come up
automatically.
2.6.3 Addressing
Every node has a loopback IP address, which serves as the SYSTEM address.
The following guidelines apply to provisioning clusters:

• When provisioning the loopback address on all nodes, use the snmp_src parameter to force
SNMP to use the loopback.
• Use the primary loopback address as the cluster IP address (“clusterip”) when provisioning a
cluster.
− Do not use the secondary loopback address (loopback1) as the cluster IP address.
− Do not use any of the LAN interface addresses as the cluster IP address.
• The cluster IP address can be eihter the loopback’s IPv4 or IPv6 address.
Restriction: Consistently use either IPv4 or IPv6 when configuring all members of the cluster,
but do not mix IPv4 and IPv6 in a cluster. If possible, avoid the use of IPv6 cluster IP addresses
due to dependency of static route provisioning.
2.6.4 Configuring a Cluster

Examples of configuring a cluster are in the 1830 Photonic Service Switch (PSS) Release 10.0
User Provisioning Guide and the 1830 Photonic Service Switch (PSS) Release 10.0 Product
Information and Planning Guide.
Release 10.0
August 2017
2.6.5 DCN considerations

At least one node in the cluster must connected, directly or indirectly, to a GNE and Customer (Out-
of-Band) DCN.
In Figure 23, “Example of a Cluster setup (Example 1)” (p. 62):

• NE 1 is a GNE. The OAMP interface on the Main NE, NE 1 (a PSS-32), is connected to the
DCN.
• The other NEs (NE 2, NE 3, NE 4) use cluster interconnection to connect to NE 1, the Main NE.
The cluster nodes are equivalent to RNEs and are managed via the cluster interconnection.
In Figure 24, “Example of a Cluster setup (Example 2)” (p. 63):

• None of the cluster nodes are GNEs.
• However, the NE 3 has a path to the GNE (NE 4) via an OSC.
2.6.6 Routing
Since each node in a cluster is independently managed, OSPF routing must be setup to allow
external DCN (i.e., contact with the NMS) connection to all nodes.
The following are guidelines for setting up routing:

• All cluster nodes are running OSPF on the loopback interface (default setting).
• All interconnect interfaces must run OSPF.
• All nodes in the same cluster must be in the same OSPF area, and that area must support
Opaque LSAs for WaveKey and DNS distribution.
These rules apply to IPv4. In Release 10.0, OSPFv3 is not supported, and hence dynamic routing
cannot be used for IPv6. Nor will there be Opaque LSAs and Wavekeys for IPv6. Instead, static
routes must be created to properly route IPv6, and enable IPv6 communication between the NMS
and an NE.
2.6.7 Access Control Lists (ACLs)

The Access Control Lists (ACLs) on the LAN interfaces present a problem for clusters. The default
ACL on a LAN interface assume that the interface is to an external network (e.g., Customer DCN),
and thus, restrict traffic. For example, FTP is not allowed on a LAN interface from the external DCN.
Unfortunately, when a LAN is used for interconnecting cluster nodes, the default ACLs will block
some traffic that is used to management nodes. For example, FTP cannot pass through an Rx ACL.
Hence, the ACLs on these LAN should be removed.
The following CLI commands illustrate how to remove an ACL from both AUX ports of a node:
• Allow the ACLs to be modified:
config acl_default snmpConfig enabled
• Remove the ACL from AUX-A & AUX-B (“1/1” and “1/18” representing slot 1 and slot 18,
respectively, where the ECs are installed):
config acl_port 1/1/AUX rx remove filter
config acl_port 1/18/AUX rx remove filter
Release 10.0
August 2017
These commands should be executed on all NEs in the cluster for cluster interconnection LAN
interfaces.
2.6.8 Out-of-band DCN considerations

The final consideration for clusters is to make sure that all the cluster nodes can communicate to
the external management (e.g., NMS), and that there are no unexpected routing paths.
The following rules apply:

• All addresses used in the cluster – loopback and LAN (AUX) interface addresses – must be
routable to the external DCN, i.e., the NMS.
This is because many services (login, (S)FTP, Radius, etc.) will use the AUX interface address,
and hence, the NMS will need to know how to route to the AUX interface address.
• As a rule, it is recommended to set the OSPF cost on the OAMP interface of the GNE higher than
the cost of the longest path in the internal DCN.
− This is to prevent inter-node communication from using the out-of-band (customer) DCN.
− Also, ACLs on the OAMP interface will not allow traffic back into the in-band DCN from the
out-of-band DCN.
− An OSPF cost of 1000 on the OAMP interface is recommended.
2.6.9 Example with a top-of-rack (TOR) switch

The following figure illustrates a cluster of a PSS-32 (Optical Line Node) and multiple 1830 PSI-2T
(Add/Drop nodes). The PSI-2T’s are in a single rack and are all connected to the Optical Line Node
via the TOR switch. All PSI-2T’s AUX-2 interfaces are on a common VLAN (VLAN x), and will be in
the same IP subnetwork, getting their IP addresses from a DHCP Server on AUX-A of the PSS-32.
The AUX-A interface on the PSS-32 is running DHCP and is the gateway for the PSI-2T’s. All
routing will be through the PSS-32, which is the GNE, or gateway to the DCN.
If redundancy is needed, connections to the PSI-2T’s AUX-1 interfaces can be added (connecting to
another PSS-32, or AUX-B of the shown PSS-32).
Release 10.0
August 2017
Figure 25 Example of a Cluster setup with a TOR switch
Optical Line Node
Add/Drop Node NMS
VLAN x
(Out-of-band)
DCN
Trunk
TOR TOR
L2 switch / L2 switch /
L3 router L3 router
PSI-2T
... PSI-2T
OAMP
PSI-2T AUX-A
PSS-32
AUX-2 193.150.3.1/28 20.20.5.2
DHCP
AUX-2
PSI-2T Server
PSI-2T
AUX-2
PSI-2T
AUX-2
Release 10.0
August 2017
Overview Nokia 1830 PSS
MCN and SCN aspects
2.7 Overview
2.7.1 Purpose
The present chapter describes the DCN aspects of management communication and signaling
communication.
2.7.2 No strict separation of MCN and SCN traffic

There is no strict separation of Management Communication Network (MCN) and Signaling
Communication Network (SCN) IP traffic. The same DCN infrastructure is used for both.
2.7.3 Contents
2.7 Overview 68
2.8 Management DCN aspects 68
2.9 Signaling DCN aspects 77
2.8 Management DCN aspects

2.8.1 Management DCN setup of a photonic node
The management DCN setup of a photonic node is depicted in Figure 26, “Basic GNE DCN setup
(photonic application) ” (p. 69) for a GNE and in Figure 27, “Basic RNE DCN setup (photonic
application) ” (p. 71) for an RNE.
The SYSTEM loopback address (“SYSTEMIP” in the figures) is configured on the active EC as the
management address, that is, the address that may be contacted by management systems (SNMP,
TL1, CORBA, etc.) and for remote access (telnet, ssh). It is also the address used for outward-
directed connections (for example, file transfer).
On a RNE, the loopback is exclusively used for all inbound and outbound communication.
On a GNE, the OAMP port is also used for access; see Table 17, “Management flows and ports on
the GNE (Encrypted mode) ” (p. 115) and Table 16, “Management flows and ports on the GNE
(Normal mode)” (p. 113) for a list of protocols.
The SYSTEM IP address (loopback address) is also used as local interface address by all
unnumbered interfaces (OSCs, GCCs).
Release 10.0
August 2017
Nokia 1830 PSS Management DCN aspects
Figure 26 Basic GNE DCN setup (photonic application)
Four external LAN interfaces are provided via the user panel:
• The OAMP LAN is intended to connect a GNE to the OOB DCN.
• The E1 and E2 external LAN interfaces can be used to connect to externally managed devices
or to interconnect 1830 PSS NEs.
• The VOIP LAN is foreseen to optionally connect an IP phone, or to interconnect 1830 PSS NEs.
In this example above, the PSS-32 is used as the GNE, which has a user panel and additional
interfaces on the active and standby ECs.
Release 10.0
August 2017
Management DCN aspects Nokia 1830 PSS
Other shelf types will have different interfaces, refer to Summary of user service interfaces for
comparison.
If used, all external LAN interfaces have to be configured for an IP subnet of their own.
A GNE or RNE is connected to the in-band DCN via OTU GCC0 or OSC interfaces. These are
unnumbered interfaces, using the SYSTEM loopback address as their local interface address.
As the SYSTEM loopback address is used as the management address, this address has to be
reachable throughout the DCN, and has to be allocated from an official address range.
The same is true for the IP subnets on the E1, E2, and VOIP LANs. These addresses have to be
officially assigned and routed to facilitate the management of external equipment, and the
reachability of the IP phone.
For these addresses to be reachable from management systems, routing information has to be
exchanged between the NEs and the OOB DCN. OSPF is used for this purpose. Please note that
static routes are an alternative to the OSPF dynamic routing protocol.
The IP subnetworks on E1, E2, VOIP and the SYSTEM loopback address are included in OSPF
routing advertisements. Note that, apart from the simple setup shown in Figure 26, “Basic GNE
DCN setup (photonic application) ” (p. 69), arbitrary network topologies can be connected to the E1,
E2, and VOIP LANs, and OSPF can be configured in active mode on these LANs. Any of these
LANs can also be used for dual-compound node interconnections; see 2.5 “DCN interconnections
between photonic and switching NEs” (p. 50).
Typically, OSPF runs in active mode on the OAMP LAN of GNEs, and on OSC/GCC interfaces.
In general, the behavior regarding OSPF is as follows:

• OSPF may be configured to be Disabled/Enabled (active mode) or Redistributed (passive mode)
on any of the OAMP/VOIP/E1/E2 interfaces of a photonic compound.
• OSPF may be configured to be Disabled or Redistributed (passive mode) on the CIT interface of
a photonic compound.
• When an OSC/GCC interface is enabled, OSPF is enabled (active mode) and cannot be
disabled.
Important! Due to the mechanism for the distribution of wavekeys via OSPF opaque LSAs, all
OSC/GCC interfaces of all NEs in a WDM domain must be in a single OSPF area. LAN
interfaces can be placed in separate areas.
The OAMP IP addresses are only needed for routing to the OOB DCN and can therefore be kept
private to their area.
Release 10.0
August 2017
Figure 27 Basic RNE DCN setup (photonic application)
Release 10.0
August 2017
2.8.2 OSPF peering model (photonic application)

The OSPF peering mode, as depicted in Figure 28, “OSPF peering model (photonic application) ”
(p. 72), is the default setup with properties equivalent to those described for switching NEs.
Figure 28 OSPF peering model (photonic application)
NOC 2
NOC 1
Gateway Router
Gateway Router NOC 2
NOC 1
Out-of-band DCN
OAMP E1 E2 AUX-A/B VOIP OAMP E1 E2 AUX-A/B VOIP

GNE A GNE B
IP addresses: IP addresses:
- OAMP IP subnet, - OAMP IP subnet,
- E1, E2, AUX-A, AUX-B, VOIP subnets - E1, E2, AUX-A, AUX-B, VOIP subnets
act. act.
pas. LO pas. LO
pas. pas.
OSPF IP address: OSPF IP address:
act. act. - SYSTEMIP act. act. - SYSTEMIP
IP address: IP address:
- SYSTEMIP - SYSTEMIP
OSC OSC OSC OSC
In-band DCN
OAMP E1 E2 AUX-A/B VOIP

RNE C
IP addresses:
- OAMP IP subnet,
- E1, E2, AUX-A, AUX-B, VOIP subnets
act.
pas.
OSPF pas. LO
IP address:
act. act. - SYSTEMIP
IP address:
- SYSTEMIP
OSC OSC
A split OAMP LAN scenario does not affect the manageability of the GNE, as the SYSTEM
loopback address is used for communication to the GNE (instead of the OAMP LAN address). A
backup route to the SYSTEM loopback address via another GNE and the in-band DCN are
automatically found.
Release 10.0
August 2017
2.8.3 OSPF non-peering model (photonic application)

As the SYSTEM loopback IP address is used as the management address, there is no exact
equivalent of the OSPF non-peering mode of the switching NE.
As an alternative, proxyARP can be configured on the OAMP LAN of GNEs, as depicted in Figure
29, “OSPF non-peering model via proxy ARP (photonic application)” (p. 72). The GNE answers
ARP requests for all IP addresses, for which it knows the routes. To the gateway router, this makes
the whole NE sub-domain – including the in-band DCN – look like a single IP subnet.
This makes routing in the OOB DCN independent from the in-band DCN, but it does not provide
resiliency against split LAN scenarios in GNE sites: All gateway routers advertise the NE sub-
domain “subnet” address into the OOB DCN. Each node in the OOB DCN selects the nearest
gateway router for routing to the NE sub-domain. If the selected gateway router is detached from its
GNE, the NE sub-domain is not reachable from the part of the OOB DCN, which is closest to the
detached GNE.
Release 10.0
August 2017
Figure 29 OSPF non-peering model via proxy ARP (photonic application)
Release 10.0
August 2017
2.8.4 Recommendations for an MRN control plane

In a network – be it MRN, overlay, pure switching, or pure photonic – NE management more or less
is a relationship between the management system and each single NE. The DCN has to provide
proper end-to-end routing.
In principle, the concepts existing for switching and photonic NEs could be used independent of
each other. However, this would produce two NE sub-domains, each with its own in-band DCN and
specific OOB DCN attachment. For converged nodes, also a convergence of both NE sub-domains
is needed, if synergies of the converged-node concept shall be used for the OOB DCN attachment;
also see section 2.5 “DCN interconnections between photonic and switching NEs” (p. 50).
The following address allocation rules apply:

• Addresses to be allocated from the official address space:
− Switching node OAMP subnets (including ACTIVEFLCIP management addresses)
− Photonic node SYSTEM loopback addresses
− Photonic node E1, E2, AUX-A, AUX-B, VOIP subnets (if used)
• Addresses, which might be allocated from a private address space, and can be kept contained in
the NE area/NE domain:
− Switching node LOOPBKIP addresses
− Photonic node OAMP subnets (if not already contained in the switching node OAMP subnet
of a dual-compound node)
Important! For an MRN network, it is essential to set up a single NE sub-domain. This is

required mainly for signaling purposes, in order to facilitate NE-to-NE communication between
layers.
The preferred setup for an MRN network is an OSPF peering model, as this model is supported in a
very similar way by switching nodes and photonic nodes as well; see2.8.2 “OSPF peering model
(photonic application)” (p. 72) .
OSPF peering model (MRN)
Important! All NEs, that is, the complete in-band DCN connecting the NEs, need to be in a
single OSPF area.
There are two options for the location of the area boundary:
• Inside GNEs, configuring the OAMP LAN into the backbone area:
− This might be an option for large numbers of NEs, in order to keep a reasonably low area
size.
− This might cause a conflict between the need for a reasonably high number of GNEs, and the
need for a reasonably low number of ABRs.
• In the OOB DCN:
− Some part of the OOB DCN, including the NEs’ gateway routers and enough connectivity to
ensure OOB routing resiliency from all ABRs to all GNEs needs to be in the same area as the
NEs.
− A reasonably low number of ABRs are selected in the OOB DCN.
Release 10.0
August 2017
A fair number of GNEs from each type of node (switching or photonic) are needed to keep
management traffic out of the in-band DCN as much as possible. Otherwise, bandwidth usage
conflicts might arise between management and signaling traffic.
What can be considered a “fair number of GNEs”, depends on the network topology:
• For ring networks, at least two GNEs per ring should be assigned at “opposite ends” of the ring,
that is at distant points of the ring.
• For mesh networks, there should be not more than 3 or 4 hops from each RNE to the nearest
GNE.
• In control plane networks, there should be at least one GNE per 10 up to 20 RNEs at the
maximum.
Note: The values given in the preceding list relate to the recommendation that management
traffic should be kept out of the in-band DCN as much as possible (due to bandwidth
limitations of in-band connections).
OSPF non-peering model (MRN)
If a non-peering model is mandatory in an operator network (for example if the OOB DCN uses a
routing protocol other than OSPF), the following options exist:
• Option 1: Configure all NEs as GNEs (similar to 2.8.2 “OSPF peering model (photonic
application)” (p. 72))
− Connect each NE via its OAMP LAN to a gateway router (dual-compound nodes can use a
common subnet to connect to a single router).
− Each gateway router, which is connected to a photonic node, has to be configured with a
static route via the OAMP LAN to the SYSTEM loopback address of that node, and has to
redistribute that static route into the OOB routing domain.
− Each photonic node has to be configured with a static default route via the gateway router on
the OAMP LAN.
− For management purposes, no dynamic routing is needed on the NEs.
− Restriction: Split LAN scenarios or in-band DCN partitioning scenarios cannot be mitigated in
this setup.
• Option 2: Follow the non-peering model of the switching nodes
− Only switching nodes are used as GNEs.
− Photonic nodes are attached to switching nodes either via LAN (dual-compound nodes), or
via GCC0. Best performance is reached, if dual-compound nodes are in GNE locations, in
order to keep photonic management traffic off GCCs.
Be aware, that OSPF has to be active on the OAMP LAN of dual-compound nodes. This has
to be tolerated by the non-peering gateway routers.
− The non-peering mode with tunnels between GNEs and NOC sites has to be used to ensure
routing to photonic NEs and switching RNEs.
Drawback: All management traffic needs to go through the FLC CPUs (tunnel endpoints) of
the switching GNEs.
• Option 3: Follow the non-peering model of the photonic nodes
− Only photonic nodes are GNEs, supporting proxy ARP. All externally visible IP addresses are
Release 10.0
August 2017
Nokia 1830 PSS Signaling DCN aspects
allocated from a reasonably small IP range; see Figure 29, “OSPF non-peering model via
proxy ARP (photonic application)” (p. 74).
− Switching nodes are attached to photonic nodes either via LAN (dual-compound nodes), or
via GCC0.
Be aware, that OSPF has to be active on the OAMP LAN of dual-compound nodes. This has
to be tolerated by the non-peering routers.
− Drawback 1: All management traffic needs to go through the EC CPUs of a few photonic
GNEs.
− Drawback 2: Split LAN scenarios or in-band DCN partitioning scenarios cannot be mitigated.
• Option 4: Set up a complete OSPF domain comprising the NEs and a small part of the OOB
DCN (quasi-peering setup)
− This can be a backbone-only domain, which in essence follows the principles of the OSPF
peering model.
− ASBRs can be configured to interact with the main part of the OOB DCN. Address
summarization should be applied for route import from the main DCN.
− Enough connectivity needs to be present in the OSPF domain, to provide routing resiliency
between ASBRs and GNEs.
The latter option should be preferred, where an end-to-end peering model is not feasible.
Please note that all NEs do not necessarily have to be GNEs as described in option 1 but static
routes may be configured instead.
2.8.5 Interworking between 1830 PSS and client devices via the IETF GMPLS UNI
protocols
Concerning the IP/Optical interworking between 1830 PSS systems and 7750 Service Router (SR)
via the IETF GMPLS UNI protocols, the following specific restrictions apply regarding both GNE
and RNE setups for an MRN control plane:
• IPCC for IETF GMPLS UNI is only via out-of-band (OOB) communication.
• IPCC (L3) redundancy is supported in Release 10.0 via: the two AUX ports on 1830 PSS-16,
1830 PSS-16II and 1830 PSS-32 as well as via the two AUX and the two E1 ports on 1830 PSS-
24x.
• Each 7750 SR requires a direct “one-hop” IP connectivity to its 1830 PSS UNI neighbours.
2.9 Signaling DCN aspects

2.9.1 Reference
For information regarding the signaling DCN and recommendations for an MRN control plane, refer
to the 1830 PSS DCN Guide (Switching Applications).
Release 10.0
August 2017
The 1830 PSS management network Nokia 1830 PSS
Network topology concept and dimensioning
2.10 The 1830 PSS management network

2.10.1 Introduction
In a WDM network, management information and control from the Operations System (OS) is
carried from one NE to the other over the internal 1830 PSS DCN via the Optical Supervisory
Channel (OSC), a GCC embedded in an optical signal, or a LAN connection.
The following figure shows the high-level management overview:

Figure 30 Network management overview
The remotely managed device, as shown in Figure 30, “Network management overview” (p. 78),
Release 10.0
August 2017
Nokia 1830 PSS The 1830 PSS management network
can be an IP-managed device co-located with the 1830 PSS NE, a Raman amplifier for example,
connected via the extension LAN.
2.10.2 IP addressing scheme (common sub-network)

The software allows the 1830 PSS NEs to share a common sub-network. Doing so will reduce the
number of routing entries that the management router(s) must keep, thereby providing a simpler
design especially if these management routers employ static routing entries. As such, the following
IP addressing scheme will be supported.
Figure 31 IP addressing scheme (nodes sharing a common sub-network)
In this example, all 1830 PSS NEs share the same subnet 135.1.1.0/24. This makes it easier for the
management network to communicate to the NE. In other words, only one routing entry needs to be
statically added to the management router (135.1.1.0/24) in order to access every 1830 PSS
network element. TCP/IP support is required over the LAN interface(s) and all Embedded
Communication Channels (ECC), e.g. OSC and GCC0.
Release 10.0
August 2017
Basic network topologies Nokia 1830 PSS
2.11 Basic network topologies

2.11.1 Introduction
The 1830 PSS is not standalone equipment; it is part of WDM sub-networks. The communications,
internal and external, are IP based. It has to be managed through an IP network.
An 1830 PSS network includes mainly three kinds of equipments. Basically the same boards and
shelves but with different functions:
• Line terminal
• Fixed, Reconfigurable, or Tunable Optical Add-Drop Multiplexers (FOADM, ROADM, TOADM)
• ILA (In Line Amplifier)
Each 1830 PSS NE can be configured as a Gateway Network Element (GNE) to provide an access
from the DCN to all the NEs on the optical network.
Generally the following three topologies can be distinguished:

• Linear architecture
• Ring architecture
• Meshed architecture
2.11.2 Linear architecture

At least the two NEs terminating the line must be configured as GNEs, providing redundancy for
management access to the other intermediate NEs, in case of a network fault.
Figure 32 Linear architecture
2.11.3 Ring architecture

In a ring architecture the traffic can be protected against node failures.
More than one GNE can prevent a network fault from disconnecting one or more NEs from the
management system.
In the example depicted in next figure, the WDM network elements remains reachable by the
management system despite the failure of a single optical link.
Release 10.0
August 2017
Nokia 1830 PSS Basic network topologies
Figure 33 Ring architecture
2.11.4 Meshed architecture

Carefully choose more than one GNE to prevent a network fault from disconnecting one or more
NEs from the management system.
In the example depicted in next figure, all WDM network elements remain reachable by the
management system despite the failure of any single optical link.
Figure 34 Meshed architecture
Release 10.0
August 2017
Basic network topologies Nokia 1830 PSS
Release 10.0
August 2017
Nokia 1830 PSS Network IP architecture
Address planning
2.12 Network IP architecture

2.12.1 Overview
In the following figure the IP architecture is illustrated on a meshed network but applies to all the
topologies.
Figure 35 IP architecture overview
EMS
@OMS
1830 EMS
Customer Management Backbone Subnet
@W1
@OAMP_8
Workstation
@OAMP_1 @OAMP_6
@SYSTEM_3 @SYSTEM_8
@SYSTEM_1 @SYSTEM_2 @SYSTEM_9
@SYSTEM_4
DCN
@SYSTEM_5 @SYSTEM_7 Customer
@VoIP_2 @SYSTEM_6 @E1 addresses
OSPF area
TOADM
ILA TOADM ILA
1830PSS GNE
Internal
addresses
1830PSS GNE
ZIC 172.16.1.0/24
IP phone SNMP external device
Local dhcp connection
Local dhcp connection Local dhcp connection
(1 per 1830)
(1 per 1830) (2 per 1830)
@GMRE_3 @GMRE_8
@GMRE_1 @GMRE_4 @GMRE_9
@GMRE_2@GMRE_5 @GMRE_7 Per @GMRE_#:

@GMRE_6 @GMRENODE
Control OSPF area @GMRENOTIFY
Release 10.0
August 2017
Network IP architecture Nokia 1830 PSS
2.12.2 DCN customer addresses

DCN customer addresses include the IP addresses assigned to the following interfaces:
• OAMP LAN connector on the User Panel of the main shelf.
• CIT LAN connector on one of the Equipment Controllers (EC) in the main shelf.
• VOIP LAN connector on the User Panel of the main shelf.
• E1 LAN connector on the User Panel of the main shelf.
• E2 LAN connector on the User Panel of the main shelf.
• AUX LAN connectors on the Equipment Controllers (EC) in the main shelf: “AUX-A” on EC-A,
“AUX-B” on EC-B.
AUX ports can be used exactly as E1, E2, VOIP are used, they can be in EXTD, VOIP, or INT
networks (see 2.12.3 “Types of networks” (p. 84)).
AUX ports (or any of E1, E2, VOIP) can be used to connect GMPLS UNI clients (Service
Routers). In the latter case, the following applies:
− netmask /30 or larger, depending on number of clients to be connected
− no routing need
− network name is “LOCAL” network
− address space should not conflict with any other address space the NEs need to be able to
communicate with.
These customer addresses are used for the network management.
Good practice dictates that each 1830 PSS NE must be reachable from the management network
through a Gateway NE (GNE) even in case of a single failure of an OSC/GCC link.
In order to help summarization, routing and filtering at the border of a WDM sub-network, IP
addresses shall be assigned depending on the nature and usage of the interface. For that purpose,
several types of networks shall be identified; a dedicated range of addresses shall be reserved for
each sub-network.
2.12.3 Types of networks

These types of networks can be distinguished:
• MGMT network for management loopback addresses (SYSTEM or SYSTEMIP): Each
1830 PSS is assigned a management IP address. Typically, this address is advertized outside
the WDM sub-network in order to reach management systems.
• CP network for control plane loopback addresses (GMRENODE & GMRENOTIFY): when
GMPLS is used in a WDM sub-network, each 1830 PSS is assigned 2 IP addresses for GMRE.
• VOIP network for VOIP addresses: used for IP phone access. Each 1830 PSS can be assigned
a VOIP /30 subnet (→ 1 IP address for VOIP LAN interface + 1 IP address for IP phone) in order
to connect an IP phone to the 1830 PSS. This network which is the summarization of all VOIP
subnets can be advertized or not outside the WDM sub-network depending on whether the
Phone network goes on beyond the WDM sub-network or not.
In a VOIP network, E1, E2, AUX or VOIP ports can be used.
• EXTD network for External Devices addresses (E1 & E2). When connecting an external device
to E1 or E2 LAN port, the NE can be assigned a /30 subnet (→ 1 IP address for the LAN
Release 10.0
August 2017
interface + 1 IP address for the external device). Typically, this network is advertized outside the
WDM sub-network in order to reach management systems.
In an EXTD network, E1, E2, AUX or VOIP ports can be used.
• INT network for addresses needed in order to reach interfaces which are involved in routing
process. This network is useful within an Area and is not advertized outside the WDM sub-
network.
In an INT network, E1, E2, AUX or VOIP ports can be used.
• LOCAL network for addresses needed in order to reach AUX LAN interfaces. This network is
similar to the INT network but not advertised by OSPF.
• OAMP addresses – several cases are possible (the OAMP address is different from the
SYSTEM address):
− In case of direct link between OAMP and external router, a /30 subnet within the ‘INT network’
range can be used;
− In case there are also other devices on the same LAN, a /29 (six usable addresses) or better
could be used;
− Otherwise, assign a free IP address to OAMP port within an already existing sub-network.
Note: The OAMP LAN interface is a numbered interface which is used for connecting the NE
to the DCN for central management. As a numbered interface, it requires a unique IP address.
The SYSTEM address, however, is shared as interface address by all unnumbered network
interfaces. Hence, the OAMP IP address and the SYSTEM address cannot be the same.
2.12.4 Organization of the networks

Organization of the networks which belong to the Area corresponding to a WDM sub-network:
Table 12 Organization of the networks
Name Function Subnet address Organization of the Network (based on a /24 network)
Number of
groups First address Last address
Management network,
loopback addresses for x.x.x.0 (given by
MGMT management customer) 256 MGMT0=x.x.x.0/32 MGMT255=x.x.x.255/32
2 ad-
dresses per
Customer GMRE See 4.2.3 “Example for GMRE node and notify
CP GMPLS control plane defined node addresses ” (p. 130)
x.x.x.0 (given by
VOIP IP phone customer) 64 VOIP0=x.x.x.0/30 VOIP63=x.x.x.252/30
x.x.x.0 (given by
EXTD External Devices addresses customer) 64 EXTD0=x.x.x.0/30 EXTD63=x.x.x.252/30
Release 10.0
August 2017
Table 12 Organization of the networks (continued)
Name Function Subnet address Organization of the Network (based on a /24 network)
Number of
groups First address Last address
LAN interfaces which are

advertised by OSPF but are
internal in the Area. INT
range does not need to be x.x.x.0 (given by
INT advertised outside the Area. customer) 64 INT0=x.x.x.0/30 INT63=x.x.x.252/30
x.x.x.0 (given by
LOCAL AUX LAN addresses customer) 64 LOCAL0=x.x.x.0/30 LOCAL63=x.x.x.252/30
External DCN access.

(Recommended to configure
as a point to point network At least 2
between the GNE and its Customer (1 per
OAMP gateway router) defined GNE) - -
Notes:
1. 1830 PSS NEs support 31-bit prefixes on IPv4 point-to-point links according to the RFC 3021. For interfaces
with IP subnetwork masks of /31, the broadcast IP will be set to 255.255.255.255.
Rules and guidelines
Observe the following guidelines for the organization of networks within a WDM sub-network:
• The MGMT network addresses range shall be provided by the customer for the assignment of
NE management addresses.
• The CP network addresses range shall be provided by the customer for the assignment of
Control Plane addresses if GMPLS is enabled in the WDM sub-network.
• The VOIP network addresses range shall be provided by the customer for the assignment of
VOIP addresses if Voice over IP solution is used in the WDM sub-network.
• The EXTD network addresses range shall be provided by the customer for the assignment of
External Devices addresses if needed.
• The INT network addresses range shall be provided by the customer for enabling LAN interfaces
involved in routing process within an Area but invisible to the management system.
• The LOCAL network addresses range shall be provided by the customer for enabling AUX LAN
interfaces.
The size of each network depends on the WDM sub-network size. Typically each range of
addresses corresponds to a /24 subnet.
Note: The following subnets are reserved for internal addresses, and cannot be used:
• 100.0.0.0/8 (100.x.x.x)
• 172.16.0.1/24
Release 10.0
August 2017
2.12.5 DCN IP networks summary of an 1830 PSS

Name Function Subnet Mask Initial commissioning Interface
address
Factory Manually OSPF
default updated
or
acknowl-
edged
SYSTEM Loopback address for PAS-

(Router ID) management MGMT /32 172.16.1.1 Yes SIVE Loopback0
External DCN access.

(Recommended to
configure as a point to
point network between
the GNE and its Customer At least ENABLE OAMP on the User
OAMP gateway router) defined /30 None Yes if GNE Panel (PSS-16/32)
Default or INT
CIT ZIC/Local craft terminal or EXTD /30 172.16.0.1 Yes No CIT port on EC
PAS-
SIVE if
VOIP IP phone access VOIP /30 0.0.0.0/0 Yes used VOIP on USRPNL
Connection with PAS-

E1-LAN, externally managed SIVE if E1-LAN, E2-LAN
E2-LAN device EXTD /30 0.0.0.0/0 Yes used on the User Panel
PAS-
AUX-A, Auxiliary LAN SIVE if
AUX-B connections LOCAL /30 0.0.0.0/0 Yes used AUX ports on EC
see
4.2.3 “Example
for GMRE
node and
notify
GMRE node GMPLS control plane addresses ” PAS-
(CP node) loopback address (p. 130) /32 None Yes SIVE Loopback1
see
4.2.3 “Example
for GMRE
node and
Additional GMPLS notify
GMRE notify control plane loopback addresses ” PAS-
(CP notify) address (p. 130) /32 None Yes SIVE Loopback2
Notes:
Several possibilities for CIT port:

• If only local NE managed, keep the default address (default mask is /24).
• If purpose is to reach other NEs within the WDM sub-network, assign a /30 subnet within the INT
range.
Release 10.0
August 2017
• If purpose is to reach any NE outside the WDM sub-network, assign a /30 subnet within the
EXTD range.
The SYSTEM address is the only IP address which must always be set on an 1830 PSS system.
The SYSTEM address is the NE's loopback IP address, which is shared as interface address by all
unnumbered network interfaces and which will also be used as the OSPF Router ID.
2.12.6 Default settings
Table 13 Default behavior of DCN-related interfaces
Interface Default settings

CIT LAN interface Enabled by default on the active Controller in the main shelf.
Disabled by default on the standby Controller in the main shelf,
and on extension shelves.
Default network address:172.16.0.1/24
OAMP LAN interface Disabled by default
OSPF is disabled
E1/E2 LAN interfaces Disabled by default
OSPF is disabled
AUX LAN interfaces Disabled by default
OSPF is disabled
VOIP LAN interface Disabled by default
OSPF is disabled
OSC/GCC interfaces OSPF is enabled (and cannot be disabled), OSPF parameters
(like Hello Interval, Metric etc.) can be modified
Default MTU size is 1500 bytes for OSC interfaces and for GCC
interfaces
Note: On standby cards, the LAN interface ports are disabled in order to prevent loops from
forming and to prevent any external LAN switches from learning the same MAC address on
multiple ports.
2.12.7 OSPF mode
OSPF is enabled individually on each interface:

• For GCC and OSC interfaces, OSPF is always enabled in active mode.
• OSPF is always enabled in passive mode on SYSTEM management loopback address
• OSPF is automatically enabled in passive mode on GMRE loopback addresses when the GMRE
is used; otherwise it is disabled.
• OSPF on customer LAN interfaces:
− OSPF is disabled by default for the OAMP, VOIP, E1, and E2 ports.
Release 10.0
August 2017
− OSPF is typically enabled on the OAMP interface if the NE is a GNE.

− OSPF is typically disabled on the CIT port because the CIT port is not assigned a routable
address.
− OSPF is typically enabled in passive mode on the VOIP interface if an IP phone is connected.
− OSPF is typically enabled in passive mode on E1 and E2 interfaces if an external device is
connected.
• OSPF is disabled within the Internal LAN (ES1/ES2).
OSPF advertisement:
• When OSPF is enabled in active mode on an interface, then OSPF messages are exchanged
via this interface, and OSPF advertises the loopback addresses, the serial interfaces, and the
directly connected sub-networks on all other OSPF enabled interfaces.
• When OSPF is enabled in passive mode on an interface, no OSPF message is sent on this
interface but OSPF advertises this interface subnet on all other OSPF enabled interfaces.
OSPF mode configuration:

• To disable OSPF on an interface, set the OSPF status to disable.
• To enable OSPF in active mode on an interface, set the OSPF status to enable.
• To enable OSPF in passive mode on an interface, set the OSPF status to redistribute.
In a network design where OSPF is enabled on the GNE OAMP/VOIP/E1/E2 management ports or
where static routes are configured such that an alternate path for the 1830 PSS NEs is available via
the customer DCN in addition to inter-NE paths via OSC/NETIF interfaces, the following should be
adhered to:
• At the GNEs the Loopback IP should be provisioned with the snmp_src option such that all
SNMP requests to the NE must use ONLY the Loopback IP of the NE (the OAMP/VOIP/E1/E2 IP
address will not be valid for SNMP requests). Likewise, any SNMP traps from the NE will contain
the Loopback IP as the source IP address.
• When OSPF is enabled at the OAMP/VOIP/E1/E2 port the OSPF metric should be provisioned
to be greater than the largest inter-NE path cost. This will allow for NE-NE application data
messages to prefer inter-NE path over customer DCN paths.
• When static routes are configured at the GNE in order to provide an alternate path for the
1830 PSS NE-NE communication via the customer DCN in addition to inter-NE paths via OSC/
NETIF interfaces – the distance value provisioned for each static route should be greater than
110. This will allow for NE-NE application data messages to prefer inter-NE paths over customer
DCN paths.
Release 10.0
August 2017
Summary of important rules and guidelines Nokia 1830 PSS
Engineering guidelines
2.13 Summary of important rules and guidelines

2.13.1
Table 14 Engineering rules and guidelines
Topics Rules and guidelines
Connectivity A node belongs to an OSPF area if at least one of its interfaces is enabled in this area.
Each 1830 PSS NE must have links to at least two different neighbors. Links can be
OSC, GCC0 or Ethernet; neighbors can be an 1830 PSS NE or an IP router.
WDM sub-network and OSPF area Due to wavelength key distribution constraints, all nodes of a WDM sub-network must
belong to the same OSPF area..
Typically, a DCN OSPF area is assigned per WDM sub-network.
It is possible to set several WDM sub-networks in the same OSPF area if this is still
compatible with the maximum number of NEs.
Number of NEs per OSPF area In the DCN network, the maximum number of nodes per area is 500.
Number of GNEs The recommendation is to have at least two GNEs per OSPF area.
Additional rules (fair load sharing of outgoing traffic between GNEs):
• GNEs are defined in such a way that any RNE is at a reasonable distance from the
closest GNE.An equal distribution of RNEs to GNEs is desirable as far as the distance
of RNEs to their nearest GNE is concerned.
• Typically, 2 GNEs are required for areas of up-to 100 NEs + 1 GNE per additional group
of 100 NEs in the OSPF area.
OAMP on GNE An 1830 PSS plays the GNE role when it provides an access to the external DCN.
Typically, the following applies:
• This access is performed via the OAMP interface towards an external router.
• OSPF is enabled on the OAMP interface, and the OAMP interface is in the same OSPF
area as other interfaces.
• OAMP access is secured by other GNEs, and there is no need to be locally resilient to
OAMP failure.
Nevertheless, it is not forbidden to use another LAN interface (for example E1 or E2) in
order to locally secure the OAMP link.
Number of GMPLS NEs in a WDM If GMPLS is enabled in a WDM sub-network, the maximum number of 1830 PSS NEs
sub-network which run GMPLS is 400.
Release 10.0
August 2017
Nokia 1830 PSS Summary of important rules and guidelines
Table 14 Engineering rules and guidelines (continued)
External routers Front routers for the 1830 PSS DCN must provide routes to join the management
systems (Network Management System (NMS)) and the other 1830 PSS NEs through the
DCN.
The following rules apply to gateway routers:
• There must be one router per GNE.
• Dynamic routing is recommended (see also “Routes management for gateway router”).
• Redundancy is not required on each GNE, the route(s) to other GNE(s) provide(s) the
redundancy (see also “Number of GNEs”).
• The router needs one physical interface connected to the 1830 PSS NE (10/100 Mb/s).
• The OAMP port is used to connect to external routers; see Table 6, “DCN-related
external interfaces (USRPNL)” (p. 35).
• The IP address of the external router port connected to the 1830 PSS NE must be in
the OAMP subnet.
Route management for gateway router Dynamic routing configuration:

• The routing protocol is OSPF; it must be activated at the interface with the GNE.
• The interface to the GNE must be set in the same area as the 1830 OAMP interface.
• The configuration of the interface to the backbone depends on the customer DCN (for
example, routing protocol is customer specific). It is the responsibility of the network
design team to adapt the external interface to particular needs of the customer DCN.
• Summarization: Routes summarization has to be activated at the border of the area.
Only a subset of the addresses shall be summarized (see 2.12.3 “Types of networks”
(p. 84)).
• Routes to advertise to the GNE: to simplify routing, the front router should advertise a
default route to the GNE, or only advertise the management subnet to further restrict
routing. Default route advertisement can also be accomplished by appropriate use of
totally stubby area on the front router.
Optional features of the gateway router:
• Depending on other capabilities of the router, the following features are useful:
- Access lists - They can restrict the access to the Network Management System
(NMS) (the active one and the standby one) inside the management subnet
- IP port filtering
- QoS marking
- IPsec tunneling - Mandatory if IP flow has to cross an unsecure network
Intra-area path redundancy between A direct path has to be set between each gateway router inside a DCN area, if the path
gateway routers redundancy is not ensured by a fully meshed architecture of the WDM network (through
the OSC/GCC0).
Due to hosts (1830 PSS) routes summarization inside the gateway routers , this path
must be an intra-area path, it can be any kind of direct link or a tunnel via the backbone.
This path will ensure the defense of routing in case of OSC/GCC0 failure in a linear
network for instance.
Release 10.0
August 2017
Table 14 Engineering rules and guidelines (continued)
IP access control lists (ACL) The following limitations apply:

• Maximum 100 empty filters can be created
• Maximum 256 patterns can be created
• The filter mapping table has maximum 4000 filter mapping entries (mapped with
patterns)
• Internal packets (packets in EC/FLC, packets between EC/FLC and local line cards,
packets between active and standby EC/FLC) shall never be dropped.
2.13.2
Note: The values given in the following table are general maximum values. Deviating limits
may apply in certain circumstances, see “OSPF peering model (MRN)” (p. 75) for an
example.
Table 15 Required buffering and table sizes
Maximum value Comment
Number of NETIF instances per NE 512 For equipment controllers of type EC or

8EC2, the number of NETIF instances
should not exceed 128.
Number of NETIF instances per shelf 64
Number of OSC instances 20
Number of simultaneous file transfers over At least 1 One file transfer operation on a NETIF
NETIF connection carrying OTU1/ODU1 rate
traffic.
2 or more on higher rate NETIFs.
Number of simultaneous file transfers over 2 or more

OSC
Recommended guaranteed Customer 10 Mbps or greater

DCN Bandwidth from EMS to GNE
RNEs managed from one GNE via OSC 32
RNEs managed from one GNE via NETIF 8

of OTU2 rate or higher
RNEs managed from one GNE via NETIF 4

of OTU1 rate
Size of TID-IP MAP per GNE 500
Active users 32 Combinations of TL1, WEB, CLI, and

SNMP users.
Active CLI sessions 10
Active WebUI sessions 20 Without any performance degradation.
Release 10.0
August 2017
Nokia 1830 PSS Summary of important rules and guidelines
Table 15 Required buffering and table sizes (continued)
Maximum value Comment
Active TL1 sessions 40
Number of degrees supported by one NE 148 128 NETIF + 20 OSC
Number of NEs in one OSPF area 500 Default OSPF area is area 0.
Number of OSPF areas supported on the 4 0, 1, 2, 3

NE
Release 10.0
August 2017
Release 10.0
August 2017
Nokia 1830 PSS DCN configuration
3 DCN configuration
3.1 Overview
3.1.1 Purpose
This section provides instructions explaining how to setup DCN for 1830 PSS.
3.1.2 Contents
3.1 Overview 95
Physical configuration 96
3.2 Configure physical properties of interfaces 96
IP network configuration 98
3.3 DCN configuration overview 98
3.4 Configure IP addresses and TCP/IP parameters 98
3.5 Configure OSPF parameters 100
3.6 Create an OSPF area 103
3.7 Create static routes 105
Time management 106
3.8 Network Time Protocol (NTP) 106
Security 107
3.9 NE firewall with provisionable IP access control lists (IP ACL) 107
3.10 RADIUS for user authentication 118
3.11 Secure/unsecure mode 118
3.12 IPSec tunnel 121
3.13 Syslog server 123
3.14 Advice on security hardening on the 1830 PSS 123
3.15 Locked Secure Appliance mode (ANSSI QS mode) 124
Software Server NE (SWNE) 127
3.16 SWNE functionality 127
Release 10.0
August 2017
Configure physical properties of interfaces Nokia 1830 PSS
Physical configuration
3.2 Configure physical properties of interfaces

3.2.1 Purpose
Use this procedure to configure physical properties of customer LAN ports or OSC/GCC network
interfaces that have an influence on data transmission.
Physical properties include:

• Duplex mode and transport capacity (link speed) of customer LAN ports
• MTU size for OSC/GCC network interfaces
3.2.2 Steps
For the customer LAN ports, set the duplex mode to one of the following values:
• Full duplex - Chose this setting to use full duplex mode on the LAN port.
• Half duplex - Chose this setting to use half duplex mode on the LAN port.
• Autonegotiated (System Default) - Chose this setting if you want the duplex mode to be
autonegotiated between the LAN port and its link partner.
The default value is the previously existing value or the system default AUTO.
For the customer LAN ports, set the transport capacity (link speed) to one of the following
values:
• 10 Mb/s
• 100 Mb/s
• 1000 Mb/s
• Autonegotiated (System Default) - Chose this setting if you want the link speed to be
autonegotiated between the LAN port and its link partner.
The default setting is the previously existing value or the system default.
3
Configure the MTU size for the OSC/GCC network interfaces.
The MTU (maximum transmission unit) defines the maximum size (in bytes) that a protocol data
unit (PDU) can have to be sent or received via the interface. The greater the MTU the lower is
the probability for fragmentation of data, and the more efficient is the data transmission.
Possible values range from 576 to 1500 bytes.
The default MTU size is 1500 bytes for OSC and GCC interfaces.
Release 10.0
August 2017
Nokia 1830 PSS Configure physical properties of interfaces
Note: When a virtual link is created across an OSC or GCC path, be sure to set the MTU
size to 1500 bytes for the OSC/GCC interfaces on that path. Be aware that no automatic
checking is done by the NE regarding this MTU size setting.
Important! The MTU size must be consistently configured at both ends of an OSC/GCC
link.
END OF STEPS
Release 10.0
August 2017
DCN configuration overview Nokia 1830 PSS
IP network configuration
3.3 DCN configuration overview

3.3.1 Overview
1 Use a LAN cable to directly connect a local management system to the CIT interface and
configure IP addresses and TCP/IP stack parameters for NE interfaces (LAN interfaces
(OAMP, VOIP, E1/E2, ES1/ES2), SYSTEM, GMRENODE, GMRENOTIFY) - based on IP
address and subnet planning.
Local management systems can be the 1830 Command Line Interface (CLI), the TL1
command line interface (TL1), or the web-based user interface (WebUI), for example.
Part of this configuration step is typically done during initial commisioning.
2 Create OSPF areas.
3 Define static routes (if needed)
4 Configure OSPF
5 Enable OSPF per interface
6 Enable ECCs (OSC/GCC0)
OSC or GCC0, once enabled, will be used for management traffic. OSPF will be enabled
automatically and cannot be disabled.
3.4 Configure IP addresses and TCP/IP parameters

3.4.1 Purpose
Use this procedure to configure IP addresses and TCP/IP parameters for the system (Host ID), for
customer LAN ports (OAMP, VOIP, E1, E2, AUX and CIT), or for the control plane node (control
plane node address, control plane notify address).
The following IP addresses are typically assigned during the initial commissioning:
• OAMP:
One interface address with the backbone. The gateway router will have an interface in the same
subnet. Could be routed or not. At least /30 subnet.
• SYSTEM:
Loopback IP address of the NE. It is the management address of the NE. Must be routed toward
the backbone.
• GMRENODE :
See 4.2 “Specific considerations regarding the GMPLS Routing Engine (GMRE)” (p. 129) for
details.
• GMRENOTIFY :
See 4.2 “Specific considerations regarding the GMPLS Routing Engine (GMRE)” (p. 129) for
details.
Release 10.0
August 2017
Nokia 1830 PSS Configure IP addresses and TCP/IP parameters
SYSTEM address
The SYSTEM address must be set prior to connection into the NE via remote methods. Until it is
set, only local access will be allowed. Once the SYSTEM address is set, remote TL1, CLI, WebUI,
or SNMP commands may be sent to the NE using the provisioned IP interface.
For the TCP/UDP port numbers used to access the NE, see 3.9.10 “Firewall configuration” (p. 113).
3.4.2 Before you begin

Please observe the following notes.
Note, that the IP address range 100.0.0.0/8 is not allowed to be configured as an external IP
address. This address range is used for internal purposes of the NE. Therefore, the NE cannot
communicate with any external partner, which uses an address from this range.
Also note, that the IP address range 101.0.0.0/8 is allowed, yet discouraged to be used as an
external IP address. Other Nokia NEs use this address range for internal purposes, and hence
forbid its usage for external addresses. Therefore, if configured for the 101.0.0.0/8 address range,
the NE cannot communicate with those NEs.
Finally note, that a database restore will not change the address on the OAMP port; other LAN
ports (VOIP, E1, E2, CIT), however, can change if different in the database restore. The equipment
controller does not check address conflicts during a database restore. So it is advisable to perform
a database backup after setting LAN ports.
Important! Since the SEEPROM drives the OAMP IP address, the old database can have an
IP address that is a duplicate to a newly provisioned OAMP IP address. When this occurs and
the old database is restored on the NE, it causes a duplicate IP scenario. Thus, it is highly
recommended that after an OAMP IP is configured, a database backup should be performed.
3.4.3 Steps
1
If not yet done during the initial commissioning phase, set the SYSTEM address.
This is the loopback IP address of the NE, which is shared as interface address by all
unnumbered network interfaces, and which is also used as the OSPF router Id.
2
At the GNE, provision the loopback IP address of the NE with the “SNMP source” option such
that all SNMP requests to the NE must use the loopback IP address of the NE only (the OAMP
IP address will not be valid for SNMP requests).
3
If not yet done during the initial commissioning phase, set the IP addresses on the customer
LAN ports (OAMP, VOIP, E1, E2, and CIT).
4
Specify the subnet masks for the customer LANs (OAMP, VOIP, E1, E2, and CIT).
Release 10.0
August 2017
Configure OSPF parameters Nokia 1830 PSS
5
Specify whether customer LAN ports (OAMP, VOIP, E1, E2, and CIT) shall support the Proxy
ARP function.
A customer LAN port that supports the Proxy ARP function replies back to ARP requests
from the remote server for all RNEs within the internal network, using its own MAC address
for the response.
6
When a customer LAN port (OAMP, VOIP, E1, E2, and CIT) supports the DHCP Server
function, then define the range of the IP pool for the DHCP server, and specify whether the IP
address of the customer LAN port is to be distributed as the Default Gateway via DHCP.
END OF STEPS
3.5 Configure OSPF parameters

3.5.1 Purpose
Use this procedure to configure the global OSPF parameters as well as the parameters associated
with OSPF on the OSPF-enabled interfaces.
OSPF is enabled by interface:

• For GCC and OSC interfaces, OSPF is enabled by default and cannot be modified.
• OSPF is always enabled in passive mode on SYSTEM management loopback address.
• OSPF is enabled in passive mode on GMRE loopback addresses if the GMRE is used.
• OSPF on customer LAN interfaces:
− OSPF is disabled by default for the OAMP, VOIP, E1, and E2 ports.
− OSPF is typically enabled on the OAMP interface if the NE is a GNE.
− OSPF is typically disabled on the CIT port because the CIT port is not assigned a routable
address.
− OSPF is typically enabled in passive mode on the VOIP interface if an IP phone is connected.
− OSPF is typically enabled in passive mode on E1 and E2 interfaces if an external device is
connected.
• OSPF is disabled within the Internal LAN (ES1/ES2).
Each one of these interfaces can be configured independently.
Note: The global OSPF parameters are typically set once in the lifetime of the NE while the
interface-specific parameters have to be set once per OSPF-enabled interface.
Release 10.0
August 2017
Nokia 1830 PSS Configure OSPF parameters
3.5.2 Steps
1
Configure the global OSPF parameters.
The global OSPF parameters include:

• Static Route External Metric Type
Determines the metric type to be set in all AS-external LSAs (Type 5 LSAs), which result from
advertised static routes.
− INT Internal metric type (metric type 1): The metric value is assumed comparable to
intra-AS metric values.
− EXT External metric type (metric type 2): The metric value is assumed higher than the
path cost of any intra-AS path.
Factory default is EXT
• ABR Default Route Cost
Determines the cost metric value to be set in all AS-external LSAs (Type 5 LSAs), which
result from advertised default routes.
Possible values range from 0 to 16777215, factory default is 10.
• Default Route External Metric Type
Determines the metric type to be set in all AS-external LSAs (Type 5 LSAs), which result from
advertised default routes.
− INT Internal metric type (metric type 1): The metric value is assumed comparable to
intra-AS metric values.
− EXT External metric type (metric type 2): The metric value is assumed higher than the
path cost of any intra-AS path.
Factory default is EXT
2
Configure the parameters associated with OSPF on each OSPF enabled interface.
These OSPF parameters include:

• OSPF Hello interval timer (in seconds)
This is the time elapsed before the next Hello PDU is sent.
• OSPF Router Dead timer (in seconds)
This is the time elapsed between not hearing a router's Hello PDU before the neighbors will
declare it down. The router dead interval is a timer used to timeout inactive adjacencies.
The value of the OSPF Router Dead timer is typically four times the value of the OSPF Hello
interval timer, and must always be greater than the OSPF Hello interval timer.
• Metric or cost of the OSPF interface
This is the cost metric of the route.
Release 10.0
August 2017
Configure OSPF parameters Nokia 1830 PSS
The system default setting is 10, the lower the cost, the better. OSPF determines the
“shortest path” in the sense of a least-cost calculation. Typically, lower costs are assigned to
higher bandwidth links, and vice versa. Setting all routes to equal costs automatically enables
load balancing between the paths.
• Router priority
This parameter is used on the LAN to determine which router will become the designated
router (DR).
OSPF Hello interval and router dead timer: The OSPF Hello interval and router dead timer
are of particular importance because they relate to the OSPF Hello protocol which is a
central OSPF protocol, used for example to establish and maintain neighbor relationships
and thus to form OSPF adjacencies. When no adjacencies can be formed, then no OSPF
LSAs can be exchanged and OSPF routing is not possible. The OSPF Hello interval and
router dead timer determine the interval between two Hello PDUs and the waiting time
before declaring a neighbor down, when no Hello PDUs are received. The OSPF router dead
timer restarts each time an OSPF Hello PDU is received. Thus, it takes at least the router
dead interval to detect a neighbor down condition.
The OSPF Hello interval and router dead timer directly influence to the OSPF convergence
time. Reducing the timer values can improve the convergence time. However, decreasing
the timer values on the other hand increases the risk of premature or toggling neighbor down
decisions.
Note: As a general rule, the default settings of the OSPF Hello interval and router dead
timer strike a balance between convergence time and reliability.
Observe the following rules and guidelines:

• When you change the OSPF Hello interval and router dead timer then be sure to change
these timers on all interconnected OSPF-enabled interfaces consistently. Interconnected
OSPF-enabled interfaces exchange Hello PDUs with each other, and the timer values in
these Hello PDUs must match.
• Do not set the OSPF Hello interval and router dead timer to the same value; set the OSPF
router dead timer to at least twice the value of the Hello interval timer.
• Always set the OSPF router dead timer to an integer multiple of the Hello interval timer.
Administratively enable or disable an OSPF interface by setting the OSPF interface status to
one of the following values:
• Enable - The interface will participate in OSPF LSA exchanges.
• Disable - The interface does not run the OSPF protocol.
• Redistribute - The interface does not run the OSPF protocol, but it does advertise.
The initial default setting for the OAMP, E1, E2, and VOIP ports is Disable.
The CIT port only supports Disable and Redistribute.
END OF STEPS
Release 10.0
August 2017
Nokia 1830 PSS Create an OSPF area
3.6 Create an OSPF area

3.6.1 Purpose
Use this procedure to create an OSPF area.
3.6.2 Steps
1
Specify the name of the OSPF area to be created, for example OSPFAREA-1.
If you do not explicitly specify a name, then the OSPF area will be assigned a name
automatically.
2
Define the OSPF area ID, for example 1.1.1.1 or 0.0.0.1.
The OSPF area ID has the format of an IP address, for example '0.0.0.0' for the backbone area,
or '1.1.1.1' or '0.0.0.1' for OSPF area 1. Note that area ID and area index are not numerically
coupled as shown in this example. The backbone area always has the area ID '0.0.0.0'. For
other areas, any 32-bit value except '0.0.0.0' is allowed.
3
Specify the type of OSPF area to be created.
The following types of OSPF areas are supported:

• NORMAL areas are defined as areas that can accept intra-area, inter-area and external
routes.
• STUB areas do not accept routes belonging to external autonomous systems (AS); however,
these areas have inter-area and intra-area routes. This reduces the size of the routing
databases for the area's internal routers. Routers in the stub area also contain a default route
which is advertised to the area by the Area Border Router (ABR).
• TOTALLY-STUB areas do not allow routes other than intra-area and the default route to be
propagated within the area. This further reduces the size of the routing databases for the
area's internal routers. The ABR advertises a default route into the area and all the routers
belonging to this area use the default route to send any traffic outside the area.
• NSSA (Not So Stub Areas) can import AS external routes from within the area and send them
to other areas, but cannot receive AS external routes from other areas. Inter-area and intra-
area routes are allowed along with a default route which is advertised to the area by the ABR.
• NSSA-TOTALLY-STUB areas are similar to NSSA with the additional restriction that inter-
area routes are not allowed.
4
Define the default metric (cost setting) for areas of type stub or NSSA.
Possible values range from 0 to 16777215, the default setting is 10.
Release 10.0
August 2017
Create an OSPF area Nokia 1830 PSS
Default metric for areas of type stub or NSSA: In areas of type stub or NSSA, each Area
Border Router (ABR) advertises a default route to the area; see Step 3. The default metric
indicates the cost setting of that default route.
If you have more than one ABR, and you want a particular ABR to take precedence over
other ABRs for routes towards the backbone area, for example due to bandwidth limitations,
then you can use the default metric to achieve this.
Note: Be sure to assign the lowest default metric to the preferred ABR. Increasing values
of the default metric indicate a decreasing order of precedence.
5
Specify whether opaque LSAs for the DNS application shall be distributed into this OSPF area,
and received from this area.
Note: DNS opaque LSAs can only be enabled in one OSPF Area.
6
Specify whether opaque LSAs for the Wave KEY application shall be distributed into this OSPF
area, and received from this area.
Note: Wave Key opaque LSAs can only be enabled in one OSPF Area.
7
If needed, set up virtual links.
Virtual links: OSPF requires that all areas attach directly to the backbone area (area
0.0.0.0), but the attachment need not be physical.
One can take any physical arrangement of areas and attach them logically through OSPF
virtual links. Specify the loopback interface IP address of the NE to terminate the virtual link.
This NE should have an interface that is connected to Area 0.0.0.0 and a non 0.0.0.0 Area.
If the NE is not attached to the backbone area, the specified virtual link address is the
address of an ABR, which is attached to the backbone area.
If the NE is attached to the backbone area, the specified virtual link address is the address of
the NE, which has set up the corresponding reverse virtual link.
Note:
• A virtual link must be configured on both NEs, that is two unidirectional links have to be
set up. Virtual links cannot be established through the backbone area, stub areas, or
areas of type NSSA.
• When a virtual link is created across an OSC or GCC path, be sure to set the MTU size
to 1500 bytes for the OSC/GCC interfaces on that path. Be aware that no automatic
checking is done by the NE regarding this MTU size setting.
END OF STEPS
Release 10.0
August 2017
Nokia 1830 PSS Create static routes
3.7 Create static routes

3.7.1 Purpose
Use this procedure to add a new static IP route into the IP routing table.
3.7.2 Steps
1
Specify the IP address of the destination host or network and the subnet mask of the route.
2
Specify the IP address of the next interface (next hop) in the route. This is also known as the
“gateway address”.
Note: The destination host or network must be directly connected to this interface.
3
Define the distance value of the static route.
The NE allows to create multiple static routes to the same destination address via different
interfaces. The distance value can be used to decide which of the routes shall be used for
forwarding decisions. The route with the lowest distance value shall take precedence.
END OF STEPS
Release 10.0
August 2017
Network Time Protocol (NTP) Nokia 1830 PSS
Time management
3.8 Network Time Protocol (NTP)

3.8.1 Time of day synchronization
The NE supports an automatic time of day synchronization mode that uses the Network Time
Protocol (NTP).
NTP synchronization can be enabled or disabled, it is enabled by default.
3.8.2 Time-of-day synchronization modes

The NE shall support the following time-of-day synchronization modes:
• Non-synchronized, free-running mode: The NE is not synchronized to an NTP server and is
instead using its own internal clock as a source.
• Synchronized mode: The NE is using the NTP protocol to synchronize to an NTP server. The
NE is polling the NTP server and periodically making corrections to its internal clock so as to
maintain the same clock time as the NTP server.
• Non-synchronized, holdover mode: NTP is enabled, and the NE has lost NTP server
connectivity, and is using the last known clock update to synchronize its clock.
3.8.3 Supported protocol versions

The NE supports the NTP protocol version 4 which is backward compatible with NTP version 3 and
version 2.
3.8.4 NTP configuration

Please refer to the 1830 PSS User Provisioning Guide for NTP configuration procedures.
Release 10.0
August 2017
Nokia 1830 PSS NE firewall with provisionable IP access control lists (IP ACL)
Security
3.9 NE firewall with provisionable IP access control lists (IP ACL)

3.9.1 NE firewall
1830 PSS systems provide an integrated NE firewall with provisionable IP access control lists (IP
ACL) to protect the system against security threats.
The basic configuration of the NE firewall consists of fixed filtering rules which cover well known
security threats. The functional range of the NE firewall can be extended by adding user-specific
filtering rules.
Important! User-specific filtering rules can only impose further restrictions on the default
setup of the NE firewall, it is not possible to open the NE firewall more than the basic
configuration allows.
3.9.2 Provisionable IP access control lists (IP ACL)
Note: When “IP” is mentioned in this section without making a distinction between IPv4 or
IPv6 then IPv4 is meant. For information regarding IPv6 ACL, see .
IP ACLs are used in 1830 PSS systems at incoming and outgoing physical network interfaces (DCN
LAN, OSC, NETIF (GCC)) to protect the “inside” (secure) 1830 PSS network from unwanted traffic
originating from the “outside” (unsecure) network. For the 1830 PSS, the inside is the in-band DCN,
which consists of 1830 PSS systems that are usually interconnected by OSCs and GCCs. The
outside network is the out-of-band DCN including the DCN routers.
In addition to the physical network interfaces, ACLs can be used with a special logical sub-interface,
LAN-PPP, representing all GCC/OSC interfaces.
Release 10.0
August 2017
NE firewall with provisionable IP access control lists (IP ACL) Nokia 1830 PSS
Figure 36 1830 PSS network and ACL perimeter
NMS
DCN
NMS
Out-of-band
DCN Routers x x
x
OAMP
OAMP
OAMP
1830 PSS
1830 PSS
1830 PSS Third-party
equipment
DCN
In-band
(Backbone area)
ACL perimeter
E2 E1
OAMP
OAMP
Area 1 Area 2
IP ACLs are used to form a security perimeter (ACL perimeter) around the 1830 PSS DCN network
(see Figure 1). Typically, the connection between the inside and the outside DCN is the OAMP
interface of the gateway network element (GNE). Any of the LAN interfaces of an 1830 PSS system
can be used to make a connection to the outside network. This is illustrated in the following figure,
using the 1830 PSS-32 as an example. Other 1830 PSS NEs may have different LAN interfaces;
see Table 9, “User service interfaces” (p. 48).
Release 10.0
August 2017
Figure 37 IP interfaces on a PSS-32 with ACL perimeter on external interfaces
E1 E2 AUX-A AUX-B VOIP OAMP

ACL perimeter
SYSTEM-A SYSTEM-B
Active EC CIT
GMRENODE GMRENOTIFY
Photonic
compound
OSC GCC
The following classes of interfaces exist, with different security requirements:

• LAN Interfaces
LAN interfaces (especially the OAMP) face the out-of-band DCN (customer DCN). These
interfaces (OAMP, E1 & E2, VOIP, AUX-A & AUX-B) have the strictest ACLs.
• CIT Interface (or the local Craft port)
This interface is for attaching a local PC or should be kept accessible as the access of last
resort. The IP ACL on this interface must allow at least basic login traffic.
• ECC Interfaces
ECC interfaces usually interconnect 1830 PSS NEs, they need to be more open than the LAN
interfaces to accommodate inter-NE traffic, and might even be completely open (i.e., no ACL). As
these are unnumbered interfaces (no IP address), the loopback IP address is used as the
address.
3.9.3 Matching criteria
IP ACLs can match traffic based on the following criteria:

• Source IP address (or range):
This consists of two parameters -- source IP address and source wildcard mask -- which define a
source address or range of addresses (subnet).
The following is two of the ways to define the above parameters:
− A single address can be specified by setting the source IP address to an IPv4 address and
the wildcard mask to ‘0.0.0.0’.
− A range can be specified by setting the source IP address with a wildcard mask unequal to
‘0.0.0.0’.
Note that the wildcard mask is the inverse of the subnet mask. Thus, a /24 subnet has the
wildcard mask ‘0.0.0.255’ in dotted decimal notation.
• Destination IP address (or range)
Like the source IP address, this consists of two parameters: destination IP address and
destination wildcard mask. An IP address or range is constructed the same way as for the
source address.
Release 10.0
August 2017
• TCP/UDP source port

Ranging from 0 - 65535, this specifies a source port for TCP or UDP. Set to 0 (default) to match
all source ports of TCP or UDP packets.
• TCP/UDP destination port
Ranging from 0 - 65535, this specifies a destination port for TCP or UDP. Set to 0 (default) to
match all destination ports of TCP or UDP packets.
• IP protocol
This specifies the IP protocol. Values are: GRE, ICMP, IPIP, OSPF, RSVP, TCP, UDP, Other. For
Other, a value between 0 and 255 can be selected; 0 will match all IP protocols.
• IP Fragmentation
This will match packets that are the second or later fragments of the original IP packet. Set to
FALSE to block fragments.
• ICMP Type and Code
Only applicable if IP Protocol is ICMP.
− “Type” is the ICMP type identifier: {0-255}. This will match packets with the given ICMP type.
Use 255 to match any ICMP packets.
− “Code” is the ICMP code identifier: {0-255}. This will match packets with the given ICMP
code. The ICMP type must be specified when setting this parameter. Use 255 to match all
codes.
• TCP Established
Only applicable if IP Protocol is TCP. Matches a packet in which the TCP flags in the IP header
correspond to the “established” state. Such packets are responses (or ACK) to sessions.
3.9.4 1830 PSS IP ACL model

The IP ACL model for the 1830 PSS is characterized by the following parts:
1. Patterns
List of individual filtering rules for processing packets. A pattern matches on various IP fields in
the packet and has an action of “block” or “pass”, meaning the matching packet is dropped or
permitted to pass, respectively.
2. Filters
Filters contain one or more patterns. Each pattern in the filter is assigned a position index (1-
256) representing the relative order of processing; patterns are processed in the order of low
index to high index.
3. Ports
IP interfaces which can have filters associated with it. A port can have two filters, an Rx filter for
receive (ingress) traffic, and a Tx filter for transmitted (egress) traffic.
4. Default Action
The action (“block” or “pass”) to apply to packets that do not match any pattern in a filter. There
are separate default actions for Rx and Tx.
Up to 256 patterns and up to 100 filters may be defined on the system where each filter may
contain up to 256 (index, pattern) pairs.
Release 10.0
August 2017
The number of simultaneously defined (index, pattern) pairs across all filters is limited to 4000.
3.9.5 Filters
2 filters are associated with each interface, a receive (Rx) filter and a transmit (Tx) filter. The Rx and
Tx filters can be independently enabled and disabled on an interface. An ACL filter is an ordered list
of filtering rules (patterns).
Note: If a filter/port association already exists in a direction, then it is not allowed to create an
additional association to this port in the same direction.
3.9.6 Patterns
A filter consists of a sorted list of (index, pattern) pairs, where the index indicates the relative
position in the list and the pattern indicates the pattern identifier.
A pattern has an action of “block” or “pass”, that is the matching packet is dropped or permitted to
pass. Once the packet matches a pattern, the progression through the filter list terminates.
When a packet is tested against a filter, it is tested against each pattern starting with the lowest
index and continuing through each remaining pattern in ascending order until a match occurs.
If all patterns in a filter list are tested without yielding a match, then the packet is blocked or passed
according to the ACL global default setting for a specific direction (Rx | Tx):
• If the packet matches a “block” pattern, all processing stops and the packet is dropped.
• If the packet matches a “pass” pattern, the packet arrives at its destination address.
• If the packet doesn't match a pattern and the default action is a “pass” action, the packet arrives
at its destination.
A pattern may also have an “ICMP Error” set (True or False), which specifies whether to send an
ICMP error for blocked packets. If a packet matches a pattern with a "block" action, and the ICMP-
Error is set to "true", an ICMP 3/13 [Destination Unreachable/Communication Administratively
Prohibited] error will be generated for transmission to the host originating the blocked packet.
3.9.7 Ports/Interfaces
ACL filters can be associated to ports.
Ports can either be a specific interface (for example LAN interfaces like OAMP, E1 & E2, VOIP,
AUX-A and AUX-B or ECC interfaces like GCC and OSC), or represent all interfaces of a particular
type (for example the LAN-PPP port which is the logical port for all ECC interfaces).
A packet is processed by a series of ACL filters. If a filter exists and is enabled, a packet ingresses
an Rx interface and is processed by an ACL filter (Rx filter). When the Rx filter has finished
processing the packet, the packet egresses the interface being processed by a Tx filter. If a packet
is processed without a drop at an Tx interface, the packet will be forwarded to its egress interface.
Associating an ACL filter to the LAN-PPP port means that traffic going to all ECC interfaces will be
processed by the ACL. The LAN-PPP filter is processed for all ECC interfaces. In addition, there
can be a user-defined filter on a specific ECC interface (e.g., 1/2/OSCSFP). If there is a user-
defined filter on the specific ECC interface, the user-defined filter will be processed first, followed by
Release 10.0
August 2017
the LAN-PPP filter. The default system action does not occur unless the packet goes through both
filters without matching a pattern.
In normal mode, the LAN-PPP port does not have a default filter. However, a filter can be user-
provisioned.
Note: If no filter is associated with a port - neither in receive nor in transmit direction - or if the
filter is disabled for a direction, the packets pass in the respective direction without checking.
That is, the system will pass all packets through an interface without filter or with disabled
filter. The ACL default setting for a direction only applies to interfaces with an enabled ACL
filter. If there is no filter or if a filter is disabled, there is no default action on packets.
For the default configuration of the system, many ports have system filters associated. Some of
these ports and direction are marked as “SystemDefaultFilterAssoc”. If a port (interface) is marked
as “SystemDefaultFilterAssoc”, the filter on the port cannot be removed or disabled.
3.9.8 User interface modes (UI modes)
1830 PSS NEs support the following user interface (UI) modes:
• Normal mode
This is the least restrictive mode.
In Normal mode, there are no ACLs for the transmit (Tx) direction.
• Encrypted mode
The Encrypted mode is more restrictive than the Normal mode. Only secure protocols are
allowed. Unsecure protocols, such as telnet, ftp and http, have been removed.
In Encrypted mode, Tx filters are also present.
• FIPS mode
In FIPS mode, the same ACLs are used as in the Encrypted mode.
ACL auto-configuration principle

1. The NE performs an auto-configuration of the global default settings, system default patterns,
filters and filter-interface associations based on the UI mode.
2. Users are not allowed to change (delete or modify) system default patterns or filters. An attempt
to change system default patterns or filters will be denied.
3. Users are allowed to configure filter-interface associations for either direction (Rx|Tx) on any
physical network interface (OAMP, VOIP, CIT, E1, E2, AUX-A, AUX-B, E1-A, E1-B, or a single
OSC/GCC interface) or logical sub-interface (LAN-PPP).
When a user changes the UI mode, then all existing ACL settings including customized and system
ACL configuration settings will be removed. Afterwards, the NE auto-configures the system default
patterns, filters, ACL associations, and default action based on the new mode.
After a successful auto-configuration, a warm reboot is performed.
3.9.9 User provisioning of ACLs

ACLs can be provisioned by means of the web user interface (WebUI) or by using CLI or TL1
commands.
Release 10.0
August 2017
Important! The provisioning of IP access control lists is reserved for security administrators
only.
In case a user locks-out himself by incorrect ACL configuration, the system always allows SSH
on TCP on Rx direction for the CIT port. This way, the user can establish a CLI session on the
CIT port.
The user may need to configure a PC with a static IP address such as 172.16.0.2/24 and
gateway 172.16.0.1 before doing the trouble shooting.
Provisioning includes:
• Adding a new access control rule to the NE firewall
• Modifying an existing access control rule of the NE firewall
• Retrieving information concerning an existing access control rule of the NE firewall
• Removing an access control rule from the NE firewall
References
For related WebUI provisioning commands and procedures, see the 1830 Photonic Service Switch
(PSS) Release 10.0 User Provisioning Guide.
For related CLI commands, see the 1830 Photonic Service Switch (PSS) Release 10.0 Command
Line Interface Guide.
For related TL1 commands, see the 1830 Photonic Service Switch (PSS) Release 10.0 TL1
Commands and Messages Guide (Photonic Applications).
3.9.10 Firewall configuration

Table 16 Management flows and ports on the GNE (Normal mode)
Dialog initiator Source/Destination Protocol Comment

port 1
20/TCP File transfers (SW download,
Backup,/Restore), initiated from
1830 PSS FTP server
21/TCP File transfers (SW download,
Backup,/Restore), response
External 22/TCP SSH CLI via SSH
1830 PSS 22/TCP SFTP Secure File Transfer Protocol
External CLI Login
23/TCP Telnet
1830 PSS Response from Telnet
External 80/TCP HTTP WebUI
External 67/UDP DHCP Request to DHCP Server
DHCP 2
External 68/UDP Response from DHCP Server
Release 10.0
August 2017
Table 16 Management flows and ports on the GNE (Normal mode) (continued)

port 1
1830 PSS 123/UDP NTP Network Time Protocol
External 161/UDP SNMP Simple Network Management
Protocol
1830 PSS 162/UDP SNMPTRAP SNMP Traps. The SNMP trap
destination port and IP address can
be configured. As a side effect of the
configuration, the IP ACL rules are
adapted accordingly.
External 443/TCP HTTPS Secure WebUI
1830 PSS 514/UDP SYSLOG Remote logging of system events
using Syslog protocol (disabled by
default) can be opened via ACL
configuration. The Syslog destination
port can be configured. The IP ACL
rules may need to be adapted
additionally.
External 547/UDP DHCPv6 3 DHCPv6 Request
External 701/UDP LMP GMRE LMP protocol to neighbor
GMRE or to 7750 SR for IETF UNI
1830 PSS GMRE-LMP Response
External 830/TCP NETCONF/YANG Open SSH for OpenAgent
(NETCONF/YANG)
1830 PSS 1024+/TCP FTP Passive FTP Data Response
1830 PSS 1812/UDP RADIUS Authentication requests to a Radius
server if Radius enabled. This port
can be changed when Radius is
configured. The IP ACL rules may
need to be adapted additionally.
External TL1-Raw
3082/TCP TCP
1830 PSS TL1-raw for uplink card management
External 3083/TCP TL1-Telnet
External 5122/TCP SSH Root Login via SSH
1830 PSS Response from Root Login
Release 10.0
August 2017
Table 16 Management flows and ports on the GNE (Normal mode) (continued)

port 1
1830 PSS 6022/TCP SSH Response from CLI over SSH
External CLI via SSH; performance enhanced
External 6084/TCP SSH TL1-Raw via SSH
External 6085/TCP SSH TL1-Telnet via SSH
External 7162/TCP SNMP Power management to retrieve AtoZ
and ZtoA traces, using special
SNMPv3
1830 PSS EPIC TCP Response from SNMPv3
viaTCP AtoZ & ZtoA traces
External 8980/TCP TLS Telemetry Server (gNMI/gRPC via
TLS)
External 30000/TCP Telnet GMRE CLI
External 34567/TCP MTNM/Corba Control plane management
External 44701/UDP INCH GMRE INCH protocol for FLPS
1830 PSS GMRE-INCH Response
Notes:
1. Source port if dialog initiator is 1830 PSS, destination port otherwise.
2. All LAN interfaces except OAMP can run a DHCP Server. All LAN interfaces can run a DHCP Client.
3. All LAN interfaces except OAMP can run a DHCPv6 Server.
Table 17 Management flows and ports on the GNE (Encrypted mode)

port 1
External 22/TCP SSH CLI over Secure shell (SSH)
1830 PSS 22/TCP SFTP Secure File Transfers (SW download,
Backup,/Restore)
External 67/UDP DHCP Request to DHCP Server
DHCP 2
External 68/UDP Response from DHCP Server
1830 PSS 123/UDP NTP Network Time Protocol
External 161/UDP SNMP Simple Network Management
Protocol
Release 10.0
August 2017
Table 17 Management flows and ports on the GNE (Encrypted mode) (continued)

port 1
1830 PSS SNMP Traps. The SNMP trap
destination port and IP address can
162/UDP SNMPTRAP be configured. As a side effect of the
configuration, the IP ACL rules are
adapted accordingly.
External 443/TCP HTTPS Secure WebUI
External 547/UDP DHCPv6 3 DHCPv6 Request
External GMRE LMP protocol to neighbor
701/UDP LMP GMRE or to 7750 SR for IETF UNI
1830 PSS GMRE-LMP Response
External 830/TCP NETCONF/YANG Open SSH for OpenAgent
(NETCONF/YANG)
1830 PSS Authentication requests to a Radius
server if Radius enabled. This port
1812/UDP RADIUS can be changed when Radius is
configured. The IP ACL rules may
need to be adapted additionally.
External Root Login via SSH
5122/TCP SSH
1830 PSS Response from Root Login
1830 PSS Response from CLI over SSH
6022/TCP SSH
External CLI via SSH; performance enhanced
External 6084/TCP SSH TL1-raw via Secure shell (SSH)
External 6085/TCP SSH TL1-telnet via Secure shell (SSH)
External Power management to retrieve AtoZ
and ZtoA traces, using special
7162/TCP SNMP SNMPv3
1830 PSS EPIC TCP Response from SNMPv3
viaTCP AtoZ & ZtoA traces
External 34567/TCP MTNM/Corba Control plane management (Corba
Interface to NMS)
External GMRE INCH protocol for FLPS
44701/UDP INCH
1830 PSS GMRE-INCH Response
Release 10.0
August 2017
Notes:
1. Source port if dialog initiator is 1830 PSS, destination port otherwise.
2. All LAN interfaces except OAMP can run a DHCP Server. All LAN interfaces can run a DHCP Client.
3. All LAN interfaces except OAMP can run a DHCPv6 Server.
3.9.11 System defaults

This section describes the ACL system defaults for 1830 PSS NEs.
ACLs delivered with the system
Table 18 Port and Direction for filters delivered with the system
System Default Filter Present

Interface Direction
Normal mode Encrypted mode FIPS
1 1 1
Rx yes yes yes
CIT
1 1
Tx − yes yes
Rx yes yes yes
OAMP
Tx − yes yes
Rx yes yes yes
VOIP
Tx − yes yes
Rx yes yes yes
E1, E2
Tx − yes yes
Rx yes yes yes
AUX-A, AUX-B
Tx − yes yes
1
Rx − yes yes
LAN-PPP
Tx − − −
Notes:
1. These are the default filter associations on this interface. Default filter associations cannot be
modified or disabled.
Release 10.0
August 2017
RADIUS for user authentication Nokia 1830 PSS
3.10 RADIUS for user authentication

3.10.1 Introduction
At the first installation of the 1830 PSS, user authentication is done with local database user
definitions. Using Remote Authentication Dial In User Service (RADIUS) permits the user to
reinforce this security and share the same user definitions between several NEs.
The procedure for setting RADIUS is:

1. Choose a RADIUS server
2. Activate the server for user authentication
3.10.2 Set the RADIUS server

The following TL1 or CLI command will set the RADIUS server on the 1830 PSS:
• TL1:
ENT-RADIUS-SERVER RAD1,ENABLE:IPADDR=<ip>[,PORT=<port>],SECRET=<
sharedSecret>;
• CLI:
config admin authentication radius add RAD1 <ip> [:<port>]
<sharedSecret>
<ip> is the IP address of the RADIUS server.
<port> is the IP port used by your RADIUS server. Possible values range from 1 to 65536, (0-
1024 reserved) the default value is 1812.
<sharedSecret> is a password consisting of 5 to 32 characters .
3.10.3 Enable RADIUS usage

The following TL1 or CLI command will force user authentication using RADIUS server on the
1830 PSS:
• TL1:
SET-RADIUS-AUTH:::::RADIUS;
• CLI:
config admin authentication order radius
3.11 Secure/unsecure mode

3.11.1 Introduction
At commissioning the 1830 PSS is provided in unsecure mode. In secure mode, for the TL1/CLI
flow, the telnet (23, 3082, 3083), ftp (20&21) and http (80) flow will be disabled and only SSH, SFTP
(22) and HTTPS (443) will be available; port assignment in brackets.
SSH is designed as a replacement for TELNET and other insecure remote shells which send
informations notably passwords, in plaintext, leaving them open to interception. The encryption
Release 10.0
August 2017
Nokia 1830 PSS Secure/unsecure mode
used by SSH provides confidentiality and integrity of data over an insecure network, such as
Internet. Secure Shell allows a trusted path of communication between two ends (eg., NE and
EMS) using encrypted data stream.
3.11.2 Secure Shell (SSH)

Secure Shell (SSH) is a network protocol that allows data to be exchanged using a secure channel
between two network devices. This protocol implements ciphering and provides authentication of
the 1830 PSS. It has to be implemented on each 1830PSS NE (GNE or not) and the 1830 PSS will
act as a server, clients are applications on the Network Management System (NMS) or any other
terminal or customer management system. The 1830 PSS supports SSH version 2.0 (SSHv2).
Important! The SSH key needs to be generated before the NE mode can be changed to
secure mode.
The procedure for implementing the secure mode is:

1. Generate the SSH key.
2. Set the secure mode on. In secure mode the user will not be able to connect without SSH. So
the key must have been generated before commuting to secure mode.
3.11.3 Certificate generation
Important! Generating an SSH key requires security administrator privileges.
The 1830 PSS is provided without any SSH key. A standard certificate can be generated using TL1
or CLI:
• TL1:
INIT-SSH-KEY:[TID]::[CTAG]:::[KEYTYPE=][,MODULUS=];
KEYTYPE is DSA.
MODULUS is 0.
• CLI:
crypto key generate
Note that in principle two possible types of keys exist, DSA (Digital Signature Algorithm) and RSA
(cryptographic algorithm, named after its designers, Ron Rivest, Adi Shamir and Leonard Adleman).
In the current release, only the generation of DSA-type keys with modulus zero is supported.
Example
To generate a DSA key with modulus zero:
INIT-SSH-KEY::::::KEYTYPE=DSA,MODULUS=0;
The network administrator can then get the public key, see 3.11.6 “Getting the public key” (p. 120),
and install it on the servers.
Note: A regeneration of the SSH key will render all previous trusted entities using the old key
to flag the NE as untrusted because of the key change.
Release 10.0
August 2017
Secure/unsecure mode Nokia 1830 PSS
3.11.4 Hypertext Transfer Protocol Secure (HTTPS)

The 1830 PSS is provided with a self signed certificate. It is up to the customer to allow this
certificate in his network by adding it to his trusted certificates list.
The first time a user will connect to the NE, he will obtain a security alert stating that there is a
problem with the site's security certificate, or that the website is certified by an unknown authority.
The right action is to select “No” or “Do not accept this certificate ...” and contact your network
administrator. The network administrator should examine the certificate and if he recognizes it, add
it to the trusted certificates list.
3.11.5 Secure mode initialization
Attention: Before changing the secure mode to ENCRYPTED, check the ability of the
managers to use SSH, HTTPS and SFTP. All the remote systems must be compliant.
Changing the secure mode will provoke a reboot of the 1830 PSS, and if the remote systems
cannot use SSH, HTTPS and SFTP, they will no longer be able to connect to the 1830 PSS.
The following TL1 or CLI commands can be used to set the secure mode:
• TL1:
SET-ATTR-SECUDFLT::::::SECACC=ENCRYPTED;
• CLI:
config admin ui mode encrypted
3.11.6 Getting the public key
Important! Retrieving the public key requires security administrator privileges.
The following TL1 or CLI commands can be used to get the public key of the NE:
• TL1:
RTRV-SSH-KEY;
• CLI:
crypto key details
This key should be distributed on the SSH clients. If it is not, the client must be allowed to accept
the key at first connection.
This command can be used whatever is the secure mode (secure or unsecure).
3.11.7 Certificate modification

To modify the certificate, a new key generation must be performed, see 3.11.3 “Certificate
generation” (p. 119).
Release 10.0
August 2017
Nokia 1830 PSS IPSec tunnel
3.11.8 OSPF authentication

The system supports independent OSPF authentication configuration on each NE interface.
These interfaces include:

• OAMP and other user service interfaces; see Table 9, “User service interfaces” (p. 48)
• GCC
• OSC
The cryptographic algorithm is MD5 (Message Digest 5), it uses an MD5 128-bits hash value
generated from a key string (from 1 to 16 characters) that identifies the message digest, and a key
identifier (from 1 to 255) that identifies the secret key used to create the message digest. The MD5
key string and key ID can be configured through user interfaces.
In order to have successful authentication, both NEs must be configured with the same parameters
having the same parameter values.
If MD5 authentication is not successful for any reason, this will be treated as data link failure
causing an “OSPF Adjacency not Full” alarm.
The authentication can be turned on or off on a given NE interface.
3.12 IPSec tunnel

3.12.1 Network security level
It is up to the customer to determine the security level of his network and so to decide if IPSec
tunneling is required.
Note: If IPSec tunneling is needed, then the gateway router must be able to manage IPSec
tunneling because this feature is not available on 1830 PSS systems.
3.12.2 IPSec tunneling
Important! If the communication channel has to go through an unsecure network between the
management system and the 1830 PSS GNE, IPSec tunneling is highly recommended. The
same recommendation holds for the intra-area links between the gateway routers of the
GNEs.
An unsecure network could be the Internet domain or a third party network, for instance.
Release 10.0
August 2017
IPSec tunnel Nokia 1830 PSS
The following figure shows an example.

Figure 38 IPSec tunneling
IPSEC tunnel,
for management
Management Centre
through Internet
EMS/NMS
Customer Intranet
Customer
Emergency
Access
CustomerManagement Internet
network
Customer Aggregation network
IPSEC or GRE First LAN

Second LAN
tunnel, for
management Direct link through
IP R1 IPSEC or GREtunnel,
inside Area #1 R2
IP
OSPF area GNE 1 OSC GNE 2
OADM
#i Terminal
OSC Terminal
Repeater OSC
Optional firewall Mandatory firewall End/Start of tunnel
The graphic describes three possible use cases of tunnels:

• The first one is to secure the rescue intra-area link between the two routers R1 and R2. This
allows the extension of the OSPF area and builds a ring with the 1830 PSS, R1 and R2 inside
the OSPF area #i. (green surrounded).
• The second one is to secure communications coming through a not trusted network, such as the
Internet, for example. Tunnel must be established to cross the unsecured network. Firewalls are
mandatory. Typically, these tunnels are set toward the management center.
• The third one is to secure the communication channel between R1 and the management center.
In the example, a tunnel is set between the customer LAN and R1; another one is set between
the customer LAN and R2. Firewalls are optional, depending on the security level of each zone.
Note that it is recommended to end the tunnel before crossing a firewall (and reopen it on the
other side of the firewall, if needed).
Release 10.0
August 2017
Nokia 1830 PSS Syslog server
3.13 Syslog server

3.13.1
The 1830 PSS supports syslog server.
3.14 Advice on security hardening on the 1830 PSS

3.14.1 TL1 commands
These TL1 commands are available for hardening the 1830PSS:

• SET-ATTR-SECUDFLT
• SET-ATTR-SECULOG
• ED-USER-SECU
Note: We strongly advise to use these commands for hardening the 1830PSS DCN interface.
Table 19 Parameters of the SET-ATTR-SECUDFLT command
Parameter Meaning
MINPIDLEN=10 Minimum password length
PAGE=30 Default value for password aging in days
PCND=7 Default number of days to change the password after PAGE
PCNN=3 Default number of login with aged password after PAGE
POINT Password obsolescence interval
Not supported in current release.
MINITVL=15 Default value for minimum interval in seconds between two invalid
login attempts
MXINV=3 Max Invalid Attempts, indicates the maximum number of
consecutive invalid login attempts (regardless of time interval or
number of sessions), before an NE shall logout a user and lockout
the user channel.
TMOUT=15 Default number of minutes of inactivity before closing session
KMINTVL=0 Keep Alive Message Interval, Not activated (not implemented in
1830PSS)
SECACC=SECURE Secure / unsecure mode
3.14.2 Router hardening

The security features of the router should be activated, that is policies, access lists, authentication,
encryption, etc.
Release 10.0
August 2017
Locked Secure Appliance mode (ANSSI QS mode) Nokia 1830 PSS
3.14.3 Firewalls
Firewalls can be implemented at the border of a WDM sub-network in order to filter flows at going
From/To WDM.
Attention: Firewalls must be implemented if the IP flow has to go through unsecure zones,
such as the Internet for example.
3.15 Locked Secure Appliance mode (ANSSI QS mode)

3.15.1 Introduction
1830 PSS-8 and 1830 PSS-32 support a Locked Secure Appliance mode (ANSSI QS mode) which
ensures that only those functions and features are available by default that are needed for the
ANSSI QS certification. User modifications are restricted to the modifications allowed for ANSSI
QS.
The ANSSI (Agence Nationale de la Sécurité des Systèmes d'Information) is a certification authority
on network and information security (“cyber security”).
Note: Even though the ANSSI QS mode is connected with a number of restrictions and
limitations, its aim is to enhance the system security.
3.15.2 Required hardware and software
The ANSSI QS mode is bound to equipment controller cards with specific part numbers (“ANSSI
ECs”):
• PSS-8: 3KC48910AAAA - 8EC2 for ANSSI QS
• PSS-32: 8DG63583AAAA - 32EC2 for ANSSI QS
A specific software load is required, the ANSSI QS software, which is pre-installed on the ANSSI
ECs.
Important! A mixed operation of an ANSSI EC and a non-ANSSI EC within a single shelf is

not possible.
3.15.3 Port and protocol restrictions

The open TCP/UDP ports are limited to the ports which are tested during ANSSI QS certification.
The following communication flows are allowed:

• port 22/TCP - CLI over SSH, SFTP
• port 123/UDP - NTP
• port 161/UDP - SNMP
• port 162/UDP - SNMP TRAP
Release 10.0
August 2017
Nokia 1830 PSS Locked Secure Appliance mode (ANSSI QS mode)
• port 6022/TCP - CLI over SSH, performance enhanced
The following protocols are blocked in ANSSI QS mode:

• ICMP type 0 and 8 (ping)
• OSPF
The port and protocol restrictions are implemented by a set of default rules in the IP access control
list (IP ACL). The user is allowed full modification of IP ACL rules to allow or block ports and
protocols.
3.15.4 LAN ports in ANSSI QS mode

In ANSSI QS mode, the following LAN ports are enabled to allow for extended DCN connectivity:
• OAMP
• CIT
• VOIP
• E1, E2
The LAN ports support management via SNMP and CLI (CLI over SSH), and file transfer using
SFTP.
These LAN ports can be disabled on user request.
The following LAN ports are permanently disabled:

• AUX
• ES1, ES2
3.15.5 SNMP security options

For the ANSSI QS mode, two SNMP security options are supported:
• HMACMD5/AES128
• SHA-1/AES256
Default SNMP users are available for both security options.
3.15.6 Blocked management access protocols

In ANSSI QS mode, the following management access protocols are blocked:
• RADIUS authentication, that is only authentication via the local NE database is used.
• HTTPS, that is WebUI is not supported.
• TL1, that is all TL1 access is blocked, including TL1 over SSH and telnet TL1.
3.15.7 Blocked management features

Important! The following management features are not available in ANSSI QS mode:
• GNE - RNE configuration:
Release 10.0
August 2017
Locked Secure Appliance mode (ANSSI QS mode) Nokia 1830 PSS
In ANSSI QS mode, the NE acts as a single main shelf. Communication via GCC and OSC
is not supported.
• GMPLS/GMRE:
No control plane support in ANSSI QS mode.
Release 10.0
August 2017
Nokia 1830 PSS SWNE functionality
Software Server NE (SWNE)
3.16 SWNE functionality

3.16.1 Purpose
1830 PSS NEs can be configured as Software File Server Network Element (SWNE), i.e. they can
work as FTP server for other NEs to download SW images.
Software download to a network of 1830 PSS nodes can be accelerated by first downloading the
SW release to the designated SWNE.
3.16.2 Functional principle

The SWNE can be configured to serve as FTP server for the other Remote NEs (RNEs) within the
1830 PSS network. Given that the SWNE is to respond to FTP requests, it is understood that the
SWNE may be opened to malicious attacks. This weakness can be addressed with IP Access
Control Lists (IP ACL) to disallow FTP requests from unspecified sources.
Any NE can be configured as a designated SWNE, which runs FTP server and can be available to
accept FTP requests over OSC and GCC interfaces. More than one SWNE can be configured in a
WDM network. The SWNE can be provisioned by using CLI or TL1 commands.
Incoming FTP requests must be locally authenticated.
Only a user with administration privileges can change the default user ID and password for the FTP
server. The default FTP server user ID is “UserSWNE”. The default FTP server password is “Ftp-
id#1”.
If the NE is reset, the SWNE user ID and password remain stored in the system. If the database is
restored, the SWNE user ID and password are changed back to the status of the last backup.
If the SWNE FTP server is disabled, the SWNE user ID and password remain stored in the system.
However, the FTP user ID will be denied by the system.
Important! SWNE is only working in normal mode, it is not working in encrypted mode.
Release 10.0
August 2017
SWNE functionality Nokia 1830 PSS
The following figure shows an example.

Figure 39 Usage of SWNEs in a WDM network
Management DCN FTP Server
GNE / SWNE
RNE RNE
SWNE 1 SWNE 1
RNE
Release 10.0
August 2017
Nokia 1830 PSS GMPLS Routing Engine (GMRE)
4 GMPLS Routing Engine (GMRE)
4.1 Overview
4.1.1 Purpose
This section provides information which is necessary to setup GMRE using 1830 PSS.
4.1.2 Contents
4.1 Overview 129

4.2 Specific considerations regarding the GMPLS Routing Engine (GMRE) 129
4.2 Specific considerations regarding the GMPLS Routing Engine

(GMRE)
4.2.1 Control plane IP addresses
As all GMRE protocols are IP-based, a set of IP addresses needs to be defined for each GMRE
node.
Important! The SYSTEM address (loopback IP address) has first to be configured before the
control plane IP addresses can be set.
Each GMRE node requires the following IPv4 addresses:

• GMRE node address, used for the RSVP-TE, OSPF-TE and LMP protocols.
Setting the GMRE node address is essential for the GMRE network configuration. Note that the
control plane can start only after the GMRE node address has been configured.
• GMRE notify address, used for fast restoration trigger notification.
The GMRE notify address is used to signal failures on downstream nodes upstream to the head
node. The GMRE notify address is always freely routed, to ensure that the packets are routed as
fast as possible towards the head node.
• GMRE management address
The GMRE management address is used for the communication between the GMRE and its
management interfaces, such as CLI or MTNM CORBA. The GMRE management address
corresponds to the SYSTEM address (also known as the “OSPF router ID” or “loopback IP
address”).
4.2.2 Recommendations
The GMRE node address and the GMRE notify address have to be explicitly configured by the
operator via the 1830 WebUI or via the 1830 CLI. The GMRE addresses must be unique within the
GMRE network and disjoint to all subnets.
Release 10.0
August 2017
Specific considerations regarding the GMPLS Routing Engine (GMRE) Nokia 1830 PSS
Attention: Ensure that the settings for GMRE node and notify address are correct. After
activating the GMRE, the modification of these addresses is not possible anymore without
traffic impact. To modify the GMRE node address, the node must be reinstalled and all LSPs
related to this node will be failed or deleted.
Attention: Never try to change the node or notify address after the activation of the GMRE
node. The applications of that node will not startup again.
4.2.3 Example for GMRE node and notify addresses

A commonly used way to assign IP addresses in the network is the following approach:
1. Assign a unique natural number n to each GMRE node.
2. Derive the GMRE node and GMRE notify addresses using the number n:
• GMRE node address: 10.27.255.n
• GMRE notify address: 10.27.254.n
Here, “255” indicates GMRE node addresses while “254” indicates GMRE notify addresses.
See also “Rules and guidelines” (p. 86).
4.2.4
4.2.5
Release 10.0
August 2017
Nokia 1830 PSS Supervision and troubleshooting
5 Supervision and troubleshooting
5.1 Overview
5.1.1 Purpose
This section presents information specific for the area of fault handling.
5.1.2 Contents
5.1 Overview 131

5.2 Monitoring, diagnosis and troubleshooting of abnormal situations 131
5.2 Monitoring, diagnosis and troubleshooting of abnormal situations

5.2.1 Alarms and troubleshooting
Typical sources of errors relating to the Data Communication Network (DCN) include:
• Improper cabling:
− Incorrect cable routing between communication partners
− Incorrect cable types
• Inconsistent provisioning on both sides of a connection
• Failures regarding the link integrity, for example on OAMP, VOIP, E1, and E2 ports.
• Improper powering, setup and configuration of connected equipment
As a result, dedicated alarms will be reported, for example:

• APR Active - OSC Disabled (APROSC)
• Data Link down (NET)
• Link Down (NET)
• Network Time Protocol is enabled-no server is reachable (NTPOOSYNC)
• OSPF Adjacency not Full (OSPFADJ)
Please refer to the 1830 PSS Maintenance and Trouble-Clearing Guide for alarm descriptions and
trouble-clearing procedures.
Release 10.0
August 2017
Monitoring, diagnosis and troubleshooting of abnormal situations Nokia 1830 PSS
Release 10.0
August 2017
Nokia 1830 PSS Glossary
Glossary
Numerics
1pps
Pulse per second signal as defined by the IEEE 1588 Precision Time Protocol (PTP)
A
ABR
Area Border Router
ACO
Alarm cut-off
AES128 / AES256
Advanced Encryption Standard with a block size of 128 bits or 256 bits, respectively
Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI)
A certification authority on network and information security.
ANSSI
See “Agence Nationale de la Sécurité des Systèmes d'Information” (p. 133) for definition.
ARP
Address Resolution Protocol
AS
Autonomous System
ASBR
Autonomous System Boundary Router
ASON
Automatically Switched Optical Network
B
B&W interface (Black-and-white interface) (Uncolored interface) (Fixed-wavelength interface)
An optical interface supporting a single wavelength only.
BITS
Building Integrated Timing Supply - an external station clock used for network synchronization.
BR
Backbone Router
C
CIDR
Classless Inter-Domain Routing
CIT
Craft Interface Terminal
Release 10.0
August 2017
Glossary Nokia 1830 PSS
CLI
Command Line Interface
CORBA (Common Object Request Broker Architecture)
The communication interface between the Network Management System (NMS) and the GMRE
CP
Control plane
D
Data Communications Channel (DCC)
The embedded overhead communications channel in the line. It is used for end-to-end communications
and maintenance. It carries alarm, control, and status information between network elements in a
network.
DCN
Data Communication Network
DSA
Digital Signature Algorithm
E
E1, E2
E1/E2 LAN interface ports
EC
Equipment Controller
Embedded Communication Channel (ECC)
An overhead communications channel embedded in the transport signal. It is used for end-to-end
communications and maintenance. It carries alarm, control, and status information between network
elements in a network.
EPS
Equipment protection switching
ES1, ES2
LAN ports for inter-shelf connectivity (between main shelf and extension shelf (ES), or between extension
shelves)
F
FE
Fast Ethernet (100 Mb/s)
FLC
First-level Controller
FOADM
Fixed Optical Add/Drop Multiplexer
Release 10.0
August 2017
FTP
File Transfer Protocol
G
GbE
Gigabit Ethernet (1000 Mb/s)
GCC
General Communication Channel
GE
Gigabit Ethernet (1000 Mb/s)
GMPLS
Generalized Multi-Protocol Label Switching
GMRE
GMPLS Routing Engine
GNE
Gateway Network Element
GRE
Generic Routing Encapsulation
GUI
Graphical User Interface
H
HDLC
High-Level Data Link Control
HMACMD5
A specific hash-based message authentication code to verify data integrity and authentication of a
message.
HTTPS (Secure HTTP)
Hypertext Transfer Protocol Secure
I
IANA
Internet Assigned Numbers Authority
ICMP
Internet Control Message Protocol
IEEE
Institute of Electrical and Electronics Engineers
IEEE 1588 PTP
Precision Time Protocol (PTP) specified in IEEE 1588
Release 10.0
August 2017
IETF (Internet Engineering Task Force)

The IETF is a standards organization that develops and distributes standards for the Internet. Documents
published by the IETF are called Request for Comments (RFC).
ILA
In Line Amplifier
ILAN
Internal LAN
Internet Protocol Security (IPSec)
IPSec is a set of protocols to provide secure IP communication by means of authentication and
encryption mechanisms.
IOR
Interoperable Object Reference
IP
Internet Protocol
IPCC
IP Control Channel
IPCP
IP Control Protocol
IPv4
Internet Protocol version 4
IR
Internal Router
ISO
International Organization for Standardization
K
kb/s
kilobit (1000 bits) per second
L
LAN
Local Area Network
LCP
Link Control Protocol
LLC
Logical Link Control
LSA
Link State Advertisement
LSW (RSTP)
LAN switching infrastructure that supports the Rapid Spanning Tree Protocol (RSTP) according to the
IEEE802.1D-2004 standard.
Release 10.0
August 2017
M
MAC
Media Access Control
MAN
Metropolitan Area Network
MCN (Management Communication Network)
According to the RFC 5951, a DCN supporting management plane communication is referred to as a
Management Communication Network (MCN).
MD5 (Message Digest 5)
Message Digest 5 is an algorithm that is used to verify data integrity, intended to be used with digital
signature applications.
MLN (Multi-Layer Network)
According to the IETF RFC 5212, a multi-layer network (MLN) is a traffic engineering domain comprising
multiple data plane switching layers that are controlled by a single GMPLS control plane instance.
MP
Management plane
MRN (Multi-Region Network)
A multi-region network (MRN) is defined as a traffic engineering domain supporting at least two different
switching types, either hosted on the same device or on different ones and under the control of a single
GMPLS control plane instance.
MTNM
Multi-Technology Network Management
MTU
Maximum Transmission Unit
N
NE
Network Element
NETIF
Network Interface
NM
Network Management
NMS
Network Management System
A network management system provides unified end-to-end network management and operational
support for all network element products in the Nokia Optics portfolio. It provides a common management
platform for end-to-end operations, including service provisioning over multi-technology optical
infrastructures (SDH/SONET, Carrier Ethernet, WDM, ROADM) and OSS/BSS (Operations Support
Systems/Business Support Systems) integration.
NOC
Network Operations Center
Release 10.0
August 2017
NTP
Network Time Protocol
O
OADM
Optical Add/Drop Multiplexer; variations include Fixed OADM (FOADM), Reconfigurable ROADM
(ROADM), and Tunable OADM (TOADM)
OAMP
Operations, Administration, Maintenance and Provisioning
OCh
Optical Channel
ODU
Optical Channel Data Unit
OOB
Out-of-band
OPU
Optical Channel Payload Unit
OSC
Optical Supervisory Channel
OSI
Open System Interconnection
OSPF
Open Shortest Path First
OT
Optical Transponder
OTU
Optical Channel Transport Unit
P
ppm
parts-per-million, 10−6
PPP
Point-to-Point Protocol
PPS
Pulse per second signal as defined by the IEEE 1588 Precision Time Protocol (PTP)
PTP
Precision Time Protocol
R
RFC
Request for Comments; see also “IETF” (p. 135)
Release 10.0
August 2017
RMI
Remote Method Invocation
RNE
Remote Network Element (not a GNE)
ROADM
Reconfigurable Optical Add/Drop Multiplexer
RSA
A cryptographic algorithm for public-key encryption, named after Ron Rivest, Adi Shamir and Leonard
Adleman who developed the algorithm.
RSTP
Rapid Spanning Tree Protocol
RSVP
Reservation Protocol
S
SCN (Signaling Communication Network)
According to the RFC 5951, a DCN supporting control plane communication is referred to as a Signaling
Communication Network (SCN).
SCP
Secure Copy
Secure Hash Algorithm 1 (SHA-1)
A specific type of cryptographic hash function.
Secure Shell (SSH)
Secure Shell (SSH) is a network protocol that allows data to be exchanged using a secure channel
between two network devices.
Secure Shell File Transfer Protocol (SFTP)
SFTP is used for secure access to manage and download/upload files.
According to the IETF (see also “IETF” (p. 135)), the Secure Shell File Transfer Protocol provides secure
file transfer functionality over any reliable, bidirectional octect stream. It is the standard file transfer
protocol for use with the SSH2 protocol (SSH v2).
SFTP is also known as “SSH File Transfer Protocol”, “Secret File Transfer Protocol”, or “Secure FTP”.
SHA-1
See “Secure Hash Algorithm 1” (p. 139).
SHFPNL
Shelf panel
SNMP
Simple Network Management Protocol
SSL
Secure Sockets Layer
Release 10.0
August 2017
TCP
Transmission Control Protocol
TCP/IP
Transmission Control Protocol/Internet Protocol
TL1
Transaction Language 1
TOADM
Tunable Optical Add/Drop Multiplexer
ToD
Time of Day
TTL
Time To Live
U
UDP
User Datagram Protocol
USB
Universal Serial Bus
USRPNL
User panel
V
VOIP
Voice over IP
W
WDM
Wavelength Division Multiplexing
Release 10.0
August 2017
Nokia 1830 PSS
Index
OSPF cost metrics 50
A G
OSPF multi-area support for
Access control list (ACL) 107 Gateway NE (GNE) 50, 52, 52, 54, 56 OSC/GCC 49
ACL auto-configuration principle 112 Generic Communication Channel
ACL filter 111 (GCC) 24
R
ANSSI QS mode 124 GMRE management address 129
Remote NE (RNE) 50, 52, 58, 59, 60
Area border router (ABR) 20 GMRE node address 129
Autonomous System boundary router GMRE notify address 129 S
(ASBR) 20 Shelf Panel
I PSS-8 38
B Internal router (IR) 20 Single-site/multi-node clusters 61
Backbone router (BR) 20 Internet Protocol (IP) 19 SLAAC
Internet Protocol version 6 (IPv6) 26 See: Stateless Address
Autoconfiguration
C IP access control list (IP ACL) 107
SNMP security options 125
Central clock and controller card IP access control lists (IP ACL) 107
Stateless Address Autoconfiguration
(CCC) IP ACL 107 (SLAAC) 28
front view 0
IP tunnel termination endpoints 129
Central Clock and Controller (CCC)
card 39 IPv6 T
See: Internet Protocol version 6
Cluster DCN 61 TCP/IP protocol stack 25
(IPv6)
Craft terminal 35 TCP/IP support 25
L
D U
LAN-PPP 111
Duplex mode 32 UI modes 112
Link speed 32
Uplink card management 53
Locked Secure Appliance mode 124
E User Panel (USRPNL)
Loopback IP address (LOOPBKIP) PSS-16II 36
E1/E2 LAN interfaces 35 129
PSS-16/PSS-32 33
Embedded Communication Channel PSS-8 38
(ECC) 24 M User service interfaces 33, 48
Encrypted mode 112 Multi Function Card (MFC24X) 46
Equipment Controller V
PSS-16II 44
N VOIP LAN interface 35
Equipment controller
PSS-16/PSS-32 42 NE firewall 107
PSS-4 45 Network layer 18
Equipment Controller Normal mode 112
PSS-8 45
Extension subrack connection 35 O
OAMP LAN interface 35
F OAMP LAN port redundancy 53, 55, 60
FIPS mode 112 Open Shortest Path First (OSPF) 20
front views OSPF topology 20
Central clock and controller card Optical Supervisory Channel (OSC)
(CCC) 0 24
Release 10.0
August 2017
Nokia 1830 PSS
Release 10.0
August 2017

3KC69646KAAATPZZA - V1 - 1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide (Photonic Applications)

Uploaded by

Copyright:

Available Formats

You might also like

3KC69646KAAATPZZA - V1 - 1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide (Photonic Applications)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3KC69646KAAATPZZA - V1 - 1830 Photonic Service Switch (PSS) Release 10.0 DCN Planning and Engineering Guide (Photonic Applications)

Uploaded by

Copyright:

Available Formats

1830

Photonic Service Switch (PSS)

DCN Planning and Engineering

Interference Information: Part 15 of FCC Rules

About this document............................................................................................................................................9

2 DCN planning ...............................................................................................................................................23

3 DCN configuration .......................................................................................................................................95

IP network configuration .............................................................................................................................98

4 GMPLS Routing Engine (GMRE)...............................................................................................................129

5 Supervision and troubleshooting ............................................................................................................131

Figure 32 Linear architecture .............................................................................................................................80

3.4 Configure IP addresses and TCP/IP parameters.....................................................................................98

3.5 Configure OSPF parameters .................................................................................................................100

3.6 Create an OSPF area ............................................................................................................................103

3.7 Create static routes................................................................................................................................105

About this document

1830 PSS system concept

Interconnection of switching and photonic compounds

Table 1 Information products related to 1830 PSS

Document title Document code

Table 1 Information products related to 1830 PSS (continued)

Document title Document code

Table 1 Information products related to 1830 PSS (continued)

Document title Document code

Basic aspects of network design

1.2 Network layers

End host End host

Application layer Application layer

Presentation layer Presentation layer

Session layer Session layer

Transport layer Transport layer

Network layer Network layer Network layer Network layer

Physical layer Physical layer Physical layer Physical layer

Table 2 Network layers in TCP/IP model and ISO/OSI reference model

TCP/IP model ISO/OSI reference model

1.3 Physical layer

1.4 Data Link layer

1.4.2 Point-to-Point protocol (PPP)

The Ethernet protocol is based on the following sub-layers:

1.5 Network layer

The Network layer is handled by two components:

• Routing protocol for updating the routing/forwarding tables

1.5.2 Internet Protocol (IP)

ICMP and ARP are needed as supporting protocols:

In order to avoid bottlenecks, it is necessary to allocate corresponding bandwidth and processing

1.5.4 Open Shortest Path First (OSPF)

Figure 2 Typical interconnection of OSPF areas

1.6 Transport layer

1.6.2 TCP, UDP

1.7 Application layer

2.2 DCN concepts

2.2.2 Major system design features

2.2.3 Embedded communication channels (ECCs)

GCCs provide the following data transfer bandwidth:

This includes GCC interworking between:

2.2.4 TCP/IP support

TCP/IP is supported over:

Table 3 TCP/IP protocol stack

HOUSEKEEPING (HK1, HK2) Two (3HK IN + 2HK OUT) RJ45 interfaces