中国电信CN2网络介绍-文档资料.ppt

1、中国电信CN2网络介绍-文档资料ChallengesTotal voice traffic and revenue decreases by the end of 2019.The mobile phone and IP phone calls have cannibalized part of the voice traffic businessesTraditional communication network is unable to support China Telecoms strategy to become a Integrated Information Service P

2、rovider.This is due to its lack of capability in offering value-added service.High OPEX(Operating Expenses)is required for traditional hetergeneous/multiple networks Existing ChinaNet is not a profit generating businessOpportunitiesAcceleration of the Information and Communications Technology(ICT)ad

3、option in government and enterprises would drives the demand for telecom servicesAdoption of the SIP-based soft-switch technologyThe impending releases of 3G licenseRapid development of the broadband serviceBackgroundMigration of voice service from PSTN to soft-switch-based VoIP technologyPreparatio

4、n for 3G-based mobile servicesAccelerate the development and application of the broadband services base on xDSL access technologyDrive managed service and system integration serviceBuilt an Integated IP/MPLS-based multi-service platform CN2solutionsPhilosophy of Building CN2CN2 strengthnetwork topol

5、ogyScalable routing architecture Highest level of redundancyHighest level of securityDifferent class serviceAll services have edge functionalityEnd to end control and managment Homogeneous Global ArchitectureSingle Global ASN(AS4809)IP Layer Redundancy Drives AccountabilityISIS level2-only with sub-

6、second convergenceDiffserv-based QOS enabled networkMPLS and multicast enabled networkMPLS FRR with sub-50ms reroute Robust Architecture Allows for Unsurpassed StabilityOffer Layer-2/3 over IP or MPLSLeading SLAs via Zero Loss&Speed of Light Delays6PE-based IPV6 readyOffer Layer-2/3 over IP or MPLSL

7、eading SLAs via Zero Loss&Speed of Light DelaysEnd to end service provision and fault managementCN2 StrengthSimple Network TopologyCN2 comprises of two functional planes and four structural layers to offer a seamless connectivity for customers.CN2网络包括2个网络功能层面和4个网络结构层次，实现承载和业务提供相对独立The two functional

8、 planes are high speed data forwarding plane and service provisioning plane2个功能层面分别是高速转发层和业务提供层The four structural layers are core layer,aggregation layer,edge layer and services connecting layer4个结构层次指核心层、汇聚层、边缘层和业务接入层The high speed data forwarding plane and service offering plane is supported by 4

9、 and 1 vendors respectively.This is to ensure minimum service disruption and better edge services control.高速转发层包括4个厂家设备，业务提供层1个厂家。减少业务互通障碍，保证业务提供，边缘业务管理。高速转发层业务接入层Simple Network Topology(cont)IP/MPLS NetworkAll-Optical，Dense Wave Division Multiplexing(DWDM)SONET/SDH framingPer flow load-sharing and

10、fail-over load-sharing with ISISMPLS is enabled with traffic to the PE Loopback is tagged.Hence,only VPN traffic is encapsulated in MPLS,all others is transported native IPMPLSSONET FRAMINGDWDMIPIPScalable route architectureTo ensure networks scalability and security,only infrastructure address bloc

11、ks are redistributed into the IS-IS(IGP)routing table.Non-infrastructure addresses are redistributed in BGP.Keeping the IS-IS routing table to a minimum would greatly enhance the network stability.只有中继链路地址和管理地址通过ISIS,其他路由通过BGP,控制IGP路由表的条目,保证网络设备和链路数量的扩展性.Single Global ASN(AS4809),CN2 have two type R

12、oute reflectorVPN RR for RFC2547-based VPN service,(VRR)Global RR for internet service(GRR)VPN RR is independent of global RR,both use one level Route Reflector(RR)(VRR和GRR是独立设置的,各自专用的)BGP Communities are deployed for routes control and netflow-based traffic monitor Global iBGP:Scaling the Global In

13、ternet Routing Table involve the increase in the number of GRR group.通过增加并列的GRR组来分担部分public 路由处理,这样具有很大的扩展性.VPN iBGP:Likewise,scaling the VPN routing Table involve the increase of VRR group.Example,VPN1-500 is handled by VRR-G1 while VPN501-1000 can be handled by VRR-G2通过增加并列的VRR组来分担部分VPN路由表的处理,比如VP

14、N1-500的路由表有G1转发,VPN501-1000通过G2转发.通过以上两种设计解决网络路由表的扩展性.Scalable route architecture(Cont)Full mesh PeersFull mesh PeersInternetGRR1GRR2GRR3GRR4ClientClientClientClientGroup 1 for part1 routesGroup 2 for Part2 routesInternetSend Part 2 routes to G2Send Part 1 routes to G1Receive Part 1 routes from G1Re

15、ceive Part 2 routes from G2EBGPEBGPiBGP architecture for global routesScalable route architecture(Cont)Full mesh PeersFull mesh PeersVRR1VRR2VRR3VRR4ClientClientClientClientGroup 1 for VPN 1-500 routesSend/receive VPN1 routes to/from G1PEPEPEPEGroup 2 for VPN 501-1000 routesSend/receive VPN501 route

16、s to/from G2iBGP architecture for VPN routesHighest Level of redundancyAll network links are deployed in pairs over diverse facilitiesOnly POS interface are used on backbone interconnection to facilitate faster failures detectionAll network links are active(NOT working and protect)Each PoPs router p

17、air is connected by multiple routers.Link failure protection is the function of IS-IS(layer 3 control)and would not be carried out on transport layer(layer 2 control)(不依赖SDH或者DWDm的传输层保护)IS-IS routing protocolPer flow load sharing between dual pairsFail-over load sharingSub-second fast convergence fo

18、r gold serviceThree priority LSP flooding and FIB updateMPLS FRR1:1 mode FRR is deployed in core layer for 50 linksSub-50ms reroute timeBuilt to maintain utilization not to exceed 50%during normal runningAs a congestion-free network,CN2 ensures premium priority for delivery of all packets in the cor

19、eHigher Level of securityStrict uRPF is deployed on all customer access interfacesLoose uRPF is deployed on interconnected interface网间互连端口Infrastructure ACLs(iACL)deny external traffic to ALL routers interfaces address.iACL are deployed on edges and borders of the network.在Cn2网络外部接口互连和用户接口上部署ACL,不允许

20、任何目的Ip地址是CN2网络,也就是网络外部任何人不能到达Cn2设备.Infrastructure routes are distribted to internet or customer隐形网络设计,也就是在其他网络上看不见CN2网络的路由信息All router access control is manage by AAA servers and syslog(所有的操作都通过AAA和syslog)QOS technology would be deployed accordingly to reduce the impact of an attack or worm traffic.

21、通过QOS机制保证高等级业务不收病毒泛滥等影响,通过QOS控制病毒流量的泛滥Different class service capabilityCN2网络中QOS技术的定位 QOS技术是统一承载网络内部资源分配的手段，从资源占用的角度看，是将统一的IP承载网络逻辑上分为不同的资源子网。比如3G，软交换、MPLS VPN、ATM等都可以单独建网，现在采用IP/MPLS技术建设一个网络，容量是所有网络的叠加，通过QOS技术分配资源给不同的业务。如CN2中软交换和3G语音流量最大可占用50%带宽资源，Vnet应用最大允许占用带宽资源小于15。QOS技术是网络故障或者拥塞情况下，实现业务等级区分的手段

22、，保证高等级业务提供。但在正常情况下，目前的QOS技术不能实现业务等级的质量区分。QOS技术是提高网络资源利用效率的手段。充分利用IP网络统计复用的优势，在保证各等级业务分配资源的前提下，充分利用部分剩余资源。比如软交换业务最大优先占用50的资源，如果实际的软交换业务流量只有20，剩下的30可以被Vnet等其他业务占用。Different class service capabilityCN2 QOS positioning QOS is a technique use to allocate limited network resources to different services.Un

23、like traditional networks of ATM,Frame Relay,and lease circuit services,CN2 provides an overlay network for all these services.To differentiate the services base on the class of importance or contract,QOS is the mechanism in place to segregate and allocate network resources to different class of ser

24、vices.Example of a QOS policy:3G and soft-switch traffic can be allocated with at least 50%of the available bandwidth while Vnet can only consumed a maximum of 15%of the total bandwidthQOS are also positioned for traffic congestion management.Under the unfortunate circumstances of equipment or circu

25、it failures,QOS helps to manage the limited usable network resources to different classes of services.Better resource utilization is expected from deploying QOS.Having elastic policy to re-allocate the under utilized resources results in efficient resources utilization.Different class service capabi

26、lityCN2 QOS设计思路CN2采用基于DiffServ架构的QOS技术体系，基于IP Precedence和MPLS EXP标记位最大支持8个业务等级分类。CN2网络初期实际部署5个业务等级，其中1个等级网络管理控制使用，1个等级中国电信自身业务使用，对外提供3个等级的业务。在用户接入端口上部署流量控制、classification、marking and remarking、shaping等功能给予不同等级的业务分配不同的资源冗余:比如金业务，配置1:2的资源，银业务配置1:1.5的资源，铜业务配置1:1的资源。由于金的资源冗余比较大，正常情况下由于业务流量突发造成的丢包率小于银和铜。

27、在链路故障情况下，金业务基本不收影响。采用等级化的快速路由收敛技术，CN2部署了3个等级的路由收敛。如故障情况下，金业务路由优先收敛，业务中断时间最短，其次是银和铜。Different class service capability(Cont)QOS design philosophyCN2 adhere to DiffServ framework base on IP precedence and MPLS EXP Bit classification.Thus offering 8?classes of serviceInitial CN2 service classification

28、is base on 5 basic classes of services.1 class for network control traffic1 class for network maintenances and operations3 classes for service offeringAll services are classified,remarked,shaped and rate-limited on the edge of the network to ensure a consistent QOS policy enforcement within the CN2

29、network Service resource allocation is base on class of service.GOLD class of service would be allocated with 2 times more redundant resources then BRONZE class of serviceConvergence of prefix varies on the traffic class.Prefixes of a GOLD class of traffic would convergence faster then prefixes of B

30、RONZE class of trafficDifferent class service capability表：表：CN2金、银、铜三个等级业务金、银、铜三个等级业务CN2网络传送质量指标。网络传送质量指标。平均故障切换时间(s)最大故障切换时间(s)中断总时长（分钟/月）中断时长（分钟/次）故障次数（次/月）月可用性(%)金业务3855199.99银业务1520105299.98铜业务2545155399.95QOS标记丢包率(%)MTU(byte)平均延时（ms）最大延时(ms)抖动(ms)金业务50.05150030452银业务30.1150035605铜业务211500407510

31、表四：表四：CN2金、银、铜三个等级业务金、银、铜三个等级业务CN2网络可用性相关网络可用性相关指标。指标。Services are enforced and policed on the edges of the network via the SR/PE device.Service comprises of soft-switch,video conference,VPN.Internet,ATM/FR/DDN etc.所有业务在边缘实现，只能通过业务路由器（SR/PE）接入，包括软交换、视频会议、VPN业务、互连网专线、ATM/FR/DDN业务接入等等。To ensure core n

32、etworks stability and security,service provisioning,new service deployment and security control are performed on the edge of the network.业务升级或者新业务的增加、安全控制等等只须在边缘层进行，保证骨干网络的稳定。The SOLE responsibility of the Core Network is packet switching and forwarding骨干网络只负责数据转发，中国电信内部网络网间互连通过骨干网络，比如城域网互连、IDC等等All

33、 services are Edge FunctionsIP/MPLS platformIPSecVPNATM/FR接入接入宽带接宽带接入入 SDH/DDN专线接专线接入入Corporate DialMPLS L3 VPNQOS边边缘缘Integrated VPNPEPPPEPEPEPEPPPPPPPEPEPEPEPEPEPEPEMPLS L2 VPNAoMPLSNetwork Capacity and Coverage(by the end of 2019)：CN2 will provide coverage for 199 cities including Hong Kong,Tokyo,

34、Singapore,London,New York,San Jose,Washington etc.with service offering MPLS/VPN and Internet Services.Cn2网络覆盖国内199个城市，和香港、东京、新加坡、伦敦、法兰克福、纽约、华盛顿、圣何塞、洛杉矶9个海外节点，提供国际VPN、Internet接入和网间互连业务653 routers in total，including 417 P routers，202 PE/SR routers，12 Public RR，and 12 VPN RR1267 relay links with a tot

35、al link bandwidth of 4.231T（网内中继电路）Over 800 external interlinkage bandwidth（网间互连电路）with 2.8T（网络间互连电路，主要是与城域网互连电路）A total customer access link bandwidth of(用户业务接入电路)650.62G(不包括软交换、3G接入带宽)Network Capacity and CoverageCN2 VPN capabilitySupport MPLS layer 2/3VPN,RFC2547-based L3 VPNDraft-martini based E

36、thernet point to point serviceEthernet multi point service(Vkompella VPLS)ATM/FR over MPLS（请根据思科的技术，补充相关的标准）Support 3 classes of service.GOLD,SILVER and BRONZE.支持金、银、铜三个业务等级Support N*2M、N*64K、Ethernet/VLAN、L2TPv3,pseudo-wiredSupport network wide multicats of 600 multicast groups,1.2Gbps end to end m

37、ulticast trafficVPN coverage（by end 2019）202 PE routers in 199 cities2 X ISR in GuangZhou,Beijing and Shanghai.The ISR can be deployed as VPN InterAS ASBR.18 PE routes in 9 POPs located in Hong Kong,Tokyp,Singapore,London,Frankfurt,New York,Washington,San Jose and Los Angeles.By Mid 2019,the number

38、of PE is expected to increase from 202 to 418 to facilitate intra-POP layer redundancy.CN2 VPN capablityVPN network capacityCN2 uses Cisco 12416 as PE routers with a total traffic handling capacity of 140G(unilateral direction)业务接入端口/PE（2个档次）：D档次。210个SDH/DDN/FR业务接入端口，最大4*2M SDH接入/电路；500个 VLAN业务接入逻辑端口（平均5M/用户），最大业务带宽200M/VLAN电路。E档次。210个SDH/DDN/FR业务接入端口，最大4*2M SDH接入/电路；500个 VLAN业务接入逻辑端口（平均5M/用户），最大业务带宽200M/VLAN电路。需要配置延伸接入以太网交换机增加物理业务接入端口。路由型VPNVPN用户数量/PE：本期工程设计为500。路由表容量/PE：VPN公共路由表容量目前为15万条，将来可扩展到30万条路由（VPN路由数量与公共路由数量比例按照4:1预计）路由条目/VPN：2万路由条目/RR：50万电路型点对点VPN单台4000 电路型点对点VPN，500/接口卡（思科E3板卡）