Networks, Ethernet, IPv6 , Cloud

yummypineappleΛογισμικό & κατασκευή λογ/κού

30 Ιουν 2012 (πριν από 5 χρόνια και 6 μήνες)

377 εμφανίσεις

Networks, Ethernet, IPv6, Cloud
Building blocks needed for Next Generation Networks
Building blocks needed for Next Generation Networks
Tom Siracusa
Executive Director –VPN Strategy
AT
&
T L
abs
&abs
© 2010 AT&T Intellectual Property. All rights reserved.
AT&T, AT&T logo and all other marks contained herein are trademarks
of AT&T Intellectual Property and/or AT&T affiliated companies.
Today’s Topics
Core Improvements•
Sca
l
e

a
n
d
R
e
li
ab
ilit
y
Scaeadeaby
Ethernet

Reach and High Bandwidth
Reach and High Bandwidth
IPv6

Internet of Everything

Internet of Everything
Cloud Architecture
A ti f th tk

A
n

ex
t
ens
i
on

o
f th
e

ne
t
wor
k
© 2010 AT&T Intellectual Property. All rights reserved.
2
IP/MPLS Network Evolution
ExaFlood
Scale
ExaFlood
Scale
,
Traffic Differentiation,
Cloud Computing,
Net Neutrality
Enterprise &
Internet Convergence
Scale & Merger
Integration
Scale, Metro
Aggregation,
FRR Resiliency
Phase 2
Phase 1
Core 2.0
2005 2006 2007 2008 2009 2010 2011+
Core 3.0
Class of Service
(Edge and Core)
MPLS Enabled Backbone
40G Backbone
Multi Service IP Edge
Network Based Security
40G Transport

䥐瘶⁅摧敳
SBC Integration
Fast Restoration
and Convergence
Intelligent Routing
Network Resiliency
Enhancements (FRR)
Network Intelligence
(IRSCP)
100G+ Infrastructure

䥐瘶⁅摧敳
CoSfor GETS
Mobility & BLS
Integrations
Extend network
integration
to metros (Team 10)
Traffic Engineering
Cloud Computing
UVerse Capable CBB
Massive Scale
© 2010 AT&T Intellectual Property. All rights reserved.
Traffic Differentiation
3
MPLS Fast Re-Route (FRR)
Link Protection
Link Protection
•Primary tunnels are established via RSVP
and are FRR eligible
•Each router in the path pre-computes a
backup tunnel to be taken upon any link
failure
•FRR uses backup tunnel. Backup tunnel
starts from Point of Local Repair (PLR) &
starts from Point of Local Repair (PLR) &
terminates on Merge Point (MP)
•The backup tunnel does not cross the link
it is protecting or sharing physical
resources (SRLG)
resources (SRLG)
•MP is one hop away from PLR
•PLR swaps label and pushes FRR backup
tunnel label
•Provides sub-second recovery a
g
ainst link
failures. Restoration time measured
for network events is <=100 ms
© 2010 AT&T Intellectual Property. All rights reserved.
4
Fast ReRoute (FRR) Convergence Times for Network
Link Failure Events

Dramatic Improvement
Link Failure Events
Dramatic Improvement
0.9
1
0.6
0.7
0.8
o
bability
Influence of
FRR pushes
the curve
inwards
Jun, Jul, Aug

FRR deployment completed in U.S. &
03
0.4
0.5
C
umulative pr
o
FRR deployment completed in U.S. &
Trans-continental links
•Dramatic improvement in convergence
times -carrier grade
•95% of events are less than 75ms,
and
998
% are
less than 3s
0
0.1
0.2
0
.
3
C
and
99
.
8
% are
less than 3s
.
•CRS-1 overall availability at
99.999+%
0
123456789101112131415
Event Time (seconds)
Nov 08 BF
Dec 08 BF
Jan 09 BF
Feb 09 BF
Mar 09 BF
Apr BF
May09BF
Jun09BF
Jul09BF
Aug09BF
Series6
© 2010 AT&T Intellectual Property. All rights reserved.
May

09

BF
Jun

09

BF
Jul

09

BF
Aug

09

BF
Series6
5
Going Further
MPLS as Enabler of Combined Bridging and Routing Domains
MPLS as Enabler of Combined Bridging and Routing Domains
Converged MPLS
Core
FE/GE

Corporations
db
MSE
MSE
FE/GE
FE/GE
FE
/
GE
2547
Routed
VPNs
attracte
d

b
y
simplicity of
bridged
domains
(Ethernet)
MSE
MSE
/
VPLS
Bridged
VPNs
(Ethernet)

Also--Need
reach and scale
of routed
domains
MSE
FE/GE
Internet
FE/GE

MPLS enables
next generation
of enterprise
architectures
FE/GE
Hubs can interconnect
Via GigE over VPLS
AND connect to Layer 3
VPN and/or Internet

Ethernet –
the next
“integrated
access”
Ethernet
The next “integrated
access”
© 2010 AT&T Intellectual Property. All rights reserved.
VPLS=Virtual Private LAN Service
MSE=Multi-Service Edge
6
Ethernet: Access or Network?
E-Access
Access through the local
facilities to lon
g
haul VPN
One Site
MSA
E
Internet
g
and Internet
MSA
E
VPN
MSA
E
MSA
E
E-Line
Ethernet point-to-point
using the Ethernet framing
for data transport
Two Sites
MSA
MSA
E-LANThree or
M Sit
for data transport
E
Virtual Private LAN Service,
multi-point irrespective of
distance
M
ore
Sit
es
MSA
MSA
MSA
E
E
E
© 2010 AT&T Intellectual Property. All rights reserved.
MSA: Multi-Service Access
7
Ethernet MAN & WAN Seamless Control Plane
Intra-Company Ethernet Bottlenecks
MAN and WAN operated as if independent
companies with non-resilient bottlenecks
as the Point of Interface
13 State
Last Year
WAN Core
OEM
7609
CBB
CS
EGS
NTE
L3 PE’s
GSR/
T640
C
P
C
P
EOO
CBB
9 State
POI
PE’s
MOW
OEM
7609
OEM
7609
NTE
3550
C
R
S
1
7613
CBB
CRS1
CPE
ME
3400
EGS
7613
ME
7609
C
P
C
P
EOE
C
P
C
P
EOE
P
P
Seamless MAN/WAN Ethernet network
Enable “Ethernet Everywhere” with scalable multivendor &
ltii iftt f MAN WAN & MOW
POI
L3 PE’s
GSR/
T640
CRS1
CPE
ME
7609
7613
mu
lti
serv
i
ce
i
n
f
ras
t
ruc
t
ure
f
or
MAN
,
WAN
,
& MOW
,

common

operations, common IT support, common BGP control plane,
consistent service definitions with e-t-e SLA’s, streamlined
Ethernet access to L3 services, resilient & lower capex
MAN/WAN & MAN to WAN
Now in Select Metros -
Seamless
CPE
L3 PE’s
VPLS
CBB
Fiber
NTE
Sl 22 Stt MAN & WAN C
EoCu
IPAG
MX
IPAG
MX
IPAG
MX
CPE
CPE
GSR/
T640
VPLS
MX
PE’s
MOW
CBB
CRS1
© 2010 AT&T Intellectual Property. All rights reserved.
S
eam
l
ess
22 St
a
t
e
MAN & WAN C
ore
8
Using VLANs with VPLS
Network
Access Sites
Ethernet Virtual Switches
Accounting Network
Marketing Network
MPLS Backbone
Customer
Edge Router
Accounting Network
Marketing Network
Provider
Edge Router

VLANs or ports can be mapped to VPLS VPNs

Great for segregating information within departments

Ideal for interconnecting hub sites and call centers
© 2010 AT&T Intellectual Property. All rights reserved.

Ideal for interconnecting hub sites and call centers
where tight route convergence is required
9
Hybrid Network Scenario

Customer has a large global
network (300 sites)
with 3 large data centers
VPLS

Customer has existing
Layer 3 VPN so remote sites can
reach data centers
via any access mechanism
Ethernet Access
via any access mechanism

Need for high capacity between
major locations
(
call centers
,
data centers
)
Existing Customer VPNs
Customer
Data Centers
and Hubs
HUB Site A
HUB Site B
HUB Site 3
(,)

Customer retains full routing
control among their data centers
–moving of data centers
becomes plug and play
Existing Customer VPNs
Multiple Sites
Many Possible Access Types
(existing)
becomes plug and play

Data centers participate
in VPLS as well as Layer 3 VPNs
from multi
p
le Business Units
Ethernet access
DSL access
ATM access
PPP access
FR access
© 2010 AT&T Intellectual Property. All rights reserved.
p
10
When and When Not to Use Carrier Ethernet?
Key areas to investigate when considering Carrier Ethernet 1. Availability
2. Intervals
3. Network topology

Limits on number of locations for any to any configurations
eg
~
100s of sites for AT&T VPLS
e
.
g
.
100s of sites for AT&T VPLS
4. Design Considerations •
Multi-cast is constrained for Layer 2, not IP –Carrier Ethernet is less efficient for large numbers of multi-cast

Network Convergence –Customer manages timers

MTU Size –Encryption

Limited by access suppliers (switched) which can require ICB or dedicated access to manage

Limited by access suppliers (switched) which can require ICB or dedicated access to manage

Diversity/Reliability –Ability to procure diverse access or supplier
5. Total Cost of Ownership
© 2010 AT&T Intellectual Property. All rights reserved.
11
Comparing VPLS and IP VPNs
Choose Your Control Scalability and Performance
Choose Your Control
,
Scalability and Performance
Layer 2 VPLSLayer 3 IP/MPLS
Routing
CustomerCustomer & carrier
Any-to-any
Y
(100s any to any; 1000s if hub-and-spoke)
Y
(1000s)
Circuit consolidation on access
Y-limited in regionY
Diversity
YY
Access
Ethernet only, 1Meg-1Gig
Access agnostic:
sub 1Meg-1Gig, 10Gig
(P2P, DSL, ATM, FR)
CoS
Y –L2Y –L3
Service

plug
-
ins


Ct ibilit
Ntk i ti
Service plug
ins
VoIP, remote access, firewalls
C
us
t
omer

respons
ibilit
y
N
e
t
wor
k
serv
i
ce

op
ti
ons
Trouble shooting
Customer demark at layer 2
Customer demark at layer 3
(routing)
Reconfiguration/convergence
1-5 sec2-30 sec
Non-IP protocols
Pass seamlesslyTunnels
SLA’s
Network Available: 100% WAN; 99.95% MAN
Data Delivery Rate: 99.7%-99.95%*
Latency (RT): US WAN <37 ms ; MAN 5 ms
Jitter: US WAN 1 ms; MAN 3 ms
Network Available: 100% WAN
Data Delivery Rate: 99.9% -99.95%*
Latency (RT): <37 ms US WAN
Jitter: 1ms US WAN
© 2010 AT&T Intellectual Property. All rights reserved.
* US CoSdependent
12
IPv6
IPv6
What is IPv6?
Fundamentally: a new packet
header with a larger address
space.
Fragment
Offset
Flags
Total Length
Type of
Service
IHL
Header Checksum
Protocol
Time to Live
Identification
Version
Next
Header
Hop Limit
Flow Label
Traffic Class
Payload Length
Version
Strategically: an enabler
of new network-based
capabilities that previously
had been difficult or impossible
Padding
Options
Destination Address
Source Address
Source Address
had been difficult or impossible
with IPv4.
IPv6 provides:

The larger address space
Destination Address

Hop-by-Hop Options header

Hop-by-Hop Options header

The larger address space

The new fields

Standard packet header options
An intended ripple effect

Destination Options header

Routing header

Fragment header
hhd

Destination Options header

Routing header

Fragment header
hhd
An intended ripple effect
of more addresses is: less
dependency on NAT, thus
allowing more end-to-end
applications

Aut
h
entication
h
ea
d
er

Encapsulating Security Payload header

Destination Options header

Upper
-
layer header

Aut
h
entication
h
ea
d
er

Encapsulating Security Payload header

Destination Options header

Upper
-
layer header
© 2010 AT&T Intellectual Property. All rights reserved.
applications
Upper
layer header
Upper
layer header
14
Why IPv6?

Need a larger address space–
IPv4 addresses exhaust

Explosion of Number of Internet devices/appliances
Users having multiple devices

Users having multiple devices

Always-on, peer to peer applications

IPv6 provides a virtually limitless address space•
340,282,366,920,938,463,463,374,607,431,768,211,456 addresses available with IPv6 compared
to ~4 billion with IPv4

Provide persistent public IP addresses to unlimited number of new & emerging always-on devices

NAT Overlap

Acquistions and Mergers with overlapping private addressing (address space collisions)

Functional Improvements over IPv4 protocol

Functional Improvements over IPv4 protocol

Streamlined header format

Seamless IP mobility support

Security enhancements (IPv6 IPSEC)
Improved network management (auto configuration)

Improved network management (auto configuration)

Enables new network capabilities and services –
Push applications (e.g., push emails/messaging and alerting services)

Peer-to-Peer based applications
I i bilit
© 2010 AT&T Intellectual Property. All rights reserved.

I
mproves

serv
i
ce

usa
bilit
y

15
Why Should I care?

AT&T is expected to run out of IPv4 around 2011 (MIS)

IPv6 allocated to new customers upon exhaustion

RIRs urging customers to deploy IPv6

Increasing IPv6 adoption in Asia and EMEA –
Global companies standardize on dual-stack WAN/MIS

Potential global consumers lost w/o IPv6 presence

IPv6 is a foreign concept to many customers –
Need to start learning

O
p
eratin
g
S
y
stem Su
pp
ort
pgypp

Every major OS supports IPv6 today (IPv6 “preferred”)•
Framework for P2P applications

Windows Vista/Server 2008 –top to bottom TCP/IP stack redesign

All applications and services with Vista/Server 2008 support IPv4 and IPv6 •
Active Directory, IIS, File/Print/Fax, WINS/DNS/DHCP/LDAP, Windows Media Services, Terminal
Services, Network Access Services—Remote Access (VPN/Dial-up), Network Access Protection
(NAP), Windows Deployment Service, Certificate Services, SharePoint services, Network Load-
Balancing Internet Authentication Server Server Clustering etc
© 2010 AT&T Intellectual Property. All rights reserved.
Balancing
,
Internet Authentication Server
,
Server Clustering
,
etc
.
16
Transition Mechanisms

IPv4 and IPv6 will coexist for several years –IETF has defined
mechanisms for transitions and co-existence:–
Dual-stackallows IPv4 and IPv6 to co-exist in the same devices and
networks

Tunnelingallows IPv6 packets to be transmitted over an IPv4
infrastructure or vice versa later on when IPv6 becomes the more
prevalent network
prevalent network

Configured

Negotiated

Automatic

Translationallows IPv6-only devices to communicate with IPv4-only
devices (work in progress)
© 2010 AT&T Intellectual Property. All rights reserved.
17
Dual Stack
IPv6 HeaderIPv6 Header
Transport
Transport
HeaderHeader
Transport Transport
HeaderHeader
DataData
IPv4/v6
Host
IPv4/IPv6
Router
IPv4/IPv6
Router
IPv4/v6
Host
IPv4/IPv6
IPv4/v6
Network
IPv4/v6
Network
Router
Router
IPv4 HeaderIPv4 Header
Data
Data
Transport
Transport
HeaderHeader
Transport Transport
HeaderHeader
© 2010 AT&T Intellectual Property. All rights reserved.
18
Tunneling
IPv6 HeaderIPv6 Header
Transport
Transport
HeaderHeader
Transport Transport
HeaderHeader
DataData
IP4
IPv6
Host
Dual-Stack
Router
Dual-Stack
Router
IPv6
Host
IP
v
4
IPv6
Network
IPv6
Network
Router
Router
Tunnel: IPv6 in IPv4 packet
IPv6 HeaderIPv6 HeaderIPv4 Header
IPv4 Header
Data
Data
Transport
Transport
Header
Header
Transport
Transport
Header
Header
Header
Header
Header
Header
© 2010 AT&T Intellectual Property. All rights reserved.
19
Translation (work in progress)
IPv6 HeaderIPv6 Header
Transport
Header
Transport
Header
DataData
IPv6
Host
IPv4
Host
IPv6
Network
IPv4
Network
NAT
DNS
IPv4 HeaderIPv4 Header
Data
Data
Transport
Header
Transport
Header
DNS
Header
Header
A ver
y
sim
p
le dia
g
ram to illustrate the conce
p
t. There are man
y
variations and still a lot
© 2010 AT&T Intellectual Property. All rights reserved.
ypgpy
of ongoing discussions in the industry and standards.
20
Minimal IPv6 Enterprise Customer
Adoption So Far
Adoption So Far

Customer view is that Private Address space used internally
mitigates IPv4 exhaust concern
mitigates IPv4 exhaust concern

Doesn’t mitigate NAT overlap, but neither would Dual Stack.

Adopt edge strategy at DMZ to support Dual Stack

Dual Content when necessary
Dual Content when necessary

When IPv6-ONLY users exist

IPv4 to IPv6 Web Proxy for outbound requirements•
When access to IPv6-ONLY content is desired. Most content will remain dual
stack for a long time
stack for a long time
.

Mobile/Consumer access may be forced to IPv6, but translation to
IPv4 likely part of those services.
No

killer application

to motivate migration of Internal network to

No killer application to motivate migration of Internal network to
IPv6

VoIP on LTE might become the first killer app
© 2010 AT&T Intellectual Property. All rights reserved.
21
IPv6 Migration : 3 –5 years (feasible?)
IPv4/IPv6 user
IPv4 use
r
MIS
Internet
IPv4/IPv6
Internet
IPv4
WAN
IPv4 user
MIS
IPv4/IPv6
Dual stack
DNS
WAN
IPv4
WAN
IP4/IP6
IPv4/IPv6 use
r
IP
v
4/IP
v
6
Customer Challenges:
IPv6NetworkDesignandPlanning
HQ
-
IPv6

Network

Design

and

Planning
-addressing plan (Unique Local, Global?)
-Dual stack support on Internet servers/gateways
To include DNS/DHCP servers
-IPv6 access to internal IPv4 users
© 2010 AT&T Intellectual Property. All rights reserved.
HQ
-Application interoperability (NMS, email, etc)
-Core WAN migration to IPv6
22
How does address exhaustion impact my
customer

s WAN?
customers WAN?

Likely migration scenario:
Phase1
establishing IPv6 internet presence

Phase1
--
establishing IPv6 internet presence

Phase2--enable internal users to access IPv6 internet

Phase3--migrate WAN to dual-stack

In Phase 1, internet servers upgraded to support dual-stack

Phase 2 and 3 are disruptive—update routers, servers, and desktop
across the LAN/WAN

Phase 2 require IPv6 tunnel or translation solutions

Phase 3 similar to VPN migration but require upgrade of supporting
services such DHCP, DNS, Core App, etc.
© 2010 AT&T Intellectual Property. All rights reserved.
23
IPv6 Addressing
What type of addressing to deploy on your internal network?•
Unique Local Address (ULA)

Similar to private IPv4 addresses (RFC 1918), need NAT (or Proxy)
to go to the Internet

RFC 4193 –randomly generate unique prefix, lower 64 bits based
on MAC address

No IPv6

IPv6 NAT in production yet (RFC defined, but expired)
No IPv6
IPv6 NAT in production yet (RFC defined, but expired)

Global only addresses

Recommended approach

1 address for internal and external use

Security folks may fight (believing topology hiding and NAT are required
for security)

Remember, NAT was created for scale, not security.

ULA + Global Addresses

ULA + Global Addresses

Each device/interface has 2 addresses

1 for Internal use

1 for External use (Not for internal servers, printers, etc)
Mh dd ih DHCP DNS i
© 2010 AT&T Intellectual Property. All rights reserved.

M
uc
h
more

a
dd
ress

management

w
i
t
h DHCP
,
DNS
,

rout
i
ng,

etc
24
Challenges to Enterprise Migration

IPv6 Addressing Plan

Global Addressing vs. Unique Local Addressing (ULA)?

No IPv6 –IPv6 NAT devices in production to support ULA yet

Global addressing creates the desire for Provider Independent space for even small enterprise
t
cus
t
omers

Can’t be locked into a Carrier for Internal network

Re-addressing an Internal Network is not trivial

Dual Stack support not limited to Routers
Internet Servers DNS DHCP LDAP Management tools etc

Internet Servers
,
DNS
,
DHCP
,
LDAP
,
Management tools
,
etc

IPv6-IPv4 Interoperability Complex

NAT, DNS, DHCP, etc

Application Interoperability or Migration Complex

NMS, email, etc

C, C++ and Java don’t have a primitive data type that supports IPv6.
Expensive to investigate all internal applications

Tools we count on don’t work

E.g.; NTP, NFS, syslog, MIBs

Assume Nothing

E.g.; printers that were supposed to be v6 capable didn’t work
© 2010 AT&T Intellectual Property. All rights reserved.
START PLANNING NOW!
25
High-Level Network Architecture for IPv6 AVPN
IPv4 only
IPv4 only
PE
PE
CE
VPN A
VPN B
CE
MP-iBGP
IPv4 VPN
RR
IPv6
VPN RR
IPv4
MP-Ibgp
IPv6
6VPE
6VPE
MP-iBGP
IPv6
VPN A
CE
Dual Stack
IPv4/IPv6
VPN B
CE
VPN B
CE
VPN A
CE
•IPv4 and Builds upon the existing IPv4 AT&T VPN service
•Secure IP transport among customer sites across the AT&T IP/MPLS network
•Will support “dual-stack”: IPv4 and IPv6 on the same link
IP6 t iddtl
© 2010 AT&T Intellectual Property. All rights reserved.

IP
v
6
opera
t
e
i
n
d
epen
d
en
tl
y
–AT&T provides no protocol translation
26
Cloud
Cloud
© 2010 AT&T Intellectual Property. All rights reserved.
There’s More to the Cloud than Computing
SFA
SCM
MessagingContact Center
Management
Productivity
CRM
ERP
Security
Queuing
Video
Audio
Conferencing
Platform as
a Service
Unified Communications
and Collaboration
Web
Content
Delivery
Application
Delivery
POTS
StorageDB
IP PBX
Workflow
Data
Computing
VoIP
IP/MPLS VPN
© 2010 AT&T Intellectual Property. All rights reserved.
28
Key Observation
Existing cloud platforms primarily cover
computation and storage
+
CloudPlatform
+
+
VM
Disk
+
EiSi
Enterprise Clouds need control
over the network as well
E
nterpr
i
se
Si
tes
© 2010 AT&T Intellectual Property. All rights reserved.
over the network as well
29
Cloud becomes Extention of the Network
Cloud Manager

Allocates com
p
utation and stora
g
e resources
pg
Network Manager
M VLAN it ithi ld tk

M
anages
VLAN
ass
i
gnmen
t
w
ithi
n

c
l
ou
d
ne
t
wor
k

Creates and configure cloud VPN endpoints

Reserves cloud network resources
CloudManager
Network Manager

Reserves cloud network resources
VM
VM
VLAN
VPN
VM
VM
VPN
VLAN
© 2010 AT&T Intellectual Property. All rights reserved.
30
Our network based strategy creates a “virtual
private cloud

enabling a rich set of services
private cloud enabling a rich set of services
•Enables customers to create and customize services

Adds value on top of virtual private cloud
Service
Templates
Adds value on top of virtual private cloud
•Drives consumption of cloud infrastructure and network
•Allows AT&T to monetize third-party software and services
•Provides an environment to build next-gen AT&T products
Service Manager
Orchestrate across locations
including provisioning,
configuration, changes, billing
Three Basic
XML
Network
Compute
Storage
IRSCPREST APIs
Three Basic
Ingredients…
On Demand Self Service Pay Per Use
On Demand Self Service Pay Per Use
Nodes, Bandwidth,
Routing, QoS
Instances, Images,
CPU, RAM
Capacity, Policies,
Replication
© 2010 AT&T Intellectual Property. All rights reserved.
31
Thank You
Thank You