Professional Documents
Culture Documents
Internal
With the constantly increased network status of the data communication equipment of our company, which widely covers network access layer, convergent layer, core layer, and core backbone layer, we should provide entire network solutions. DCN is an important network for carriers. With the wide application of our equipment in DCN, we should have a better understanding of DCN and master the key points in DCN design planning to construct better DCN for clients and increase its expandability.
Page 2
This course helps you to know: [ Definition of DCN Typical [ networking of DCN [ MPLS VPN in DCN
Page 3
Chapter 1 Introduction of DCN Chapter 2 Typical networking of DCN Chapter 3 Network protocol design of DCN Chapter 4 MPLS design of DCN
Page 4
Definition of DCN
l The full name of DCN is Data Communication Network:
[ Its initial definition is the network for carriers to carry out out-band network management.The actual DCN covers various services of carriers.For example SPC switch NM, transmission NM, billing system, and OA.
l DCN is used to connect Network Elements (NE) and corresponding
Operation Support System (OSS), which is an important network between the network providing service and the network operation center.
l DCN is the nervous system! of the carriers, with the characteristics of
physical entity network, virtual service network !. Comparing with service networks of carriers (for example 169 network), DCN does not need a very high broadband, but has a high demand for network security, reliability, and manageability.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 5
Development of DCN
l OSN (Operation Support Network):
[ DCN can be seen as a subset of OSN, or DCN is the main part of current OSN. Before IP networks are widely used, DCN/OSN has existed already, just not through IP. But X.25 protocol has been widely used in 1980s, and X.25 once played an important role in OSN, for the above historical reasons, current DCN is impossible IP Only.
l DCN has become a comprehensive network with IP service as its main
service and compatible with X.25, and Async at the same time.
l Standard of DCN ITU-T G.7712/Y.1703 (Architecture and specification
and construction
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 6
Development of DCN
l For example, past MSC switch provided X.25 NM interface, but
may be comparatively independent physically in practice. X.25 is a network, and Async is another network.
l Currently IP-based DCN has integrated the above networks into a
large DCN
Page 7
at access layer.
Page 8
X2T (X.25 to TCP Translation) [ The principle and implementation methods of X2T scheme. X2T implements direct mutual translation between X.25 and TCP packet. Pure X.25 packet from X.25 network queries address translation list based on called party X.121 address, and triggers setting up TCP connection with the designated IP address. After setting up TCP connection, a router will extract pure data from X.25 packet and send them to IP host side through TCP connection.
Equipment: [ A Router supporting X2T; [ An X.25 Terminal server which can run X25 application, supporting x25 protocol, connected in X25 network; [ An IP Host, supporting/IP, connected in IP network.
X .121
IP address 10 .1.1.2
X .25 Terminal
IP Host
Page 9
program supporting X25 protocol, responsible for receiving request, and transmitting data.
l IP host at the IP network side runs a client program supporting
TCP/IP, responsible for requesting data from X25 host, and receiving the transmitted data.
l X25 Terminal Communicates with Router through PVC.
Page 10
20.1.1.1
20.1.1.2
10.110.96.49
10.110.96.51
IP Network
X.25 Network
IP Network
l Data first flow to router A from client application program and implement IP to X25
translation; then flow to router B through X25 network; finally flow to server application program, and implement X25 to IP translation.
l The example is used to check the translation between X.25 and TCP/IP
Page 11
program supporting X25 protocol, responsible for receiving request, and transmitting data.
l IP host at the IP network side runs a client program supporting
TCP/IP, responsible for requesting data from X25 host, and receiving the transmitted data.
l X25 Terminal Communicates with Router through PVC.
Page 12
IP Router 1 Router 2
X.25 Router 3
IPNetwork
X.25 Network
IP Network
IP Cloud
Page 13
Chapter 1 Introduction of DCN Chapter 2 Typical networking of DCN Chapter 3 Network protocol design of DCN Chapter 4 MPLS design of DCN
Page 14
R
National DCN
R
R
DCN [ National network of DCN [ Provincial network of DCN [ Municipal network of DCN
l Running BGP in National
Provincial DCN
R
R R R R
R
Municipal DCN
R
R
uniformly planned by
R S
R
R
S S
R
S S
R
R R
Page 15
R R R
EBGP RR
R R
R
l
R
EBGP
RR
R
R
R
X.25
national network,
R
R
R
S S
R
S
R
DD N
numbers. Page 16
R R
R R R R
National DCN can be divided into two layers "- core layer and convergence layer. Considering redundancy and disaster prevention, generally, one core node is not enough. As shown in the diagram above, there are two core nodes, which are in different cities geographically. Convergence layer is used to access to province and region/city, and the link is POS or E1, or binding of multiple E1s. Convergence layer routers geographically are in different provinces, through which connect with provincial network routers. This is for management consideration. The link between national network convergence layer and provincial network router is the division interface of national and provincial network. Provincial network takes charge of the management and maintenance of the lower part, while national network the upper part.
Page 17
$$
S
R
S
R
Backbone Network
The service between national network and provincial network, for example, national toll circuit NMS, intelligent network NMS, central interconnection of 97 system, finance and billing system. Page 18 HUAWEI TECHNOLOGIES CO., LTD. All rights reserved
PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com
Provincial DCN is the main part of DCN; Provincial DCN is used to connect national DCN and municipal DCN and at same time, connect the services of different provincial networks, for example, carriers# centralized billing and NM service. Provincial DCN itself can be divided into two layers, core layer, and access layer, core router of the core layer. Access layer includes layer-three switch, mainly used for access to server and PC of various services within provincial networks. As a connection between a province and a region/city, access layer router may be in a region/city physically, and is also the management boundary point between a province and a region/city. The distance between provincial core router and provincial distribution layer router is far, so generally the link between them is POS 155/622, and even E1. Provincial core router generally is NE80, Cisco 12000 series or Juniper M160 Layer-three switch of a provincial distribution layer can be S8500, S8016, and S6500 series. Provincial distribution layer router can be NE40, NE20, NE16/8,M20, M10, Cisco 7500,and Cisco 7200. All rights reserved Page 19
l l l
layer.
l Core layer takes charge of interconnection with provincial networks and municipal
nodes.
l Comparatively powerful performance, in urban area geographically, a large number of
R26, S3
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 20
is called MDCN.
l DCN is a private network of carriers, on which there are various operation
support services of carries. At the same time it is a pilot network for carriers, all new features of data communication may be on trial first by carriers in DCN.
l DCN is a private network, so theoretically its IP address and AS numbers
can be allocated at will. But in practice, carriers have corresponding regulations on IP address, AS numbers, and service name, which should be abided by in design planning.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 21
Chapter 1 Introduction of DCN Chapter 2 Typical networking of DCN Chapter 3 Network protocol design of DCN Chapter 4 MPLS design of DCN
Page 22
R
R
R
R
R
AS XX DCN Provincial DCN
R
R
R
R
S
R
R
R
R
S S
R
S
provincial network, and from provincial network to national network, there are generally dual egresses.
Page 23
R
R
R
R
R
Provincial DCN
R
R R R
R
R R
Municipal DCN
filtered at Provincial DCN egress to National network to avoid being sent to the national network
l A strategy can be set in provincial
DCN to filter out over-convergent routers sent from municipal DCN, for example /8 router.
Page 24
R
l
In municipal DCN, a router reflector is adopted, which is taken charge of by municipal DCN core layer equipment. The router reflector has redundancy setting, and configured with Cluster-id. Convergent layer equipment acts as the client of reflector. IBGP uses loopback to establish neighborhood relationship. Multi-egress load sharing should be considered, it can be into two cases: VRP version supports BGP load sharing, and VRP version does not support BGP load sharing. All rights reserved Page 25
l l
so they have changed the principle "- don#t put all eggs in one basket !.
l When BGP province and region/city have the same AS, provincial and
municipal networks may be in the same OSPF domain, and all in Area 0. There will be no problem if only from the largest router numbers one Area can support. One internal-province router is double-digit order of magnitude.
l In addition, different carriers or provinces may have different cases, so the
relationship between province and region/city may be EBGP neighborhood relationship, may be not.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 26
R
R R R R R
Municipal DCN OSPF Area1
R
R R R R R
If province and region/city have the same AS, provincial and municipal networks belong to the same OSPF Domain but different Areas, province and region/city are separated in management, and should be taken in charge by provincial and municipal offices. Divide into different Areas to ease management and router handling, and reduce calculating of OSPF.
Page 27
Provincial DCN
R R R R R Region/city A DCN R R
R R R R R
Municipal B DCN
Page 28
[ The province and region/city are in the same Area, this may be present status of carriers# DCN [ The provincial network is Area 0, and municipal network is other Areas, for example Area 1,Area 2$ for convenience of management, router convergence and other operations
l Provincial network and municipal network are managed separately, so dividing
multiple Areas is more convenient for management; if province and region/city using different AS numbers can be predicated on the schedule, then consider to keep current state to ease dividing one Area 0 into multi Area 0s in the future.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 29
R
R
R R R R R
Municipal DCN ISISL1 R
R R R R
l When ISIS router protocol is used as IGP, the same case exists l Divide provincial DCN into ISIS Level 2, and take municipal DCN as ISIS Level 1
Page 30
Provincia DCN
R R R R R
Municipal DCN ISISL1
R R R R R R
Municipal DCN ISISL1
On IGP link COST value, united rules are recommended. Refer to the following recommended value: Interface type GE 155M POS 100M FE 10M ETHERNET N!E1 Cost 1 7 10 100 500/N
Usually there exist the following two load-sharing technologies: [ 1) Per-Packet: rotates output interfaces to send packet, with effective load sharing. But the packet with the same session may start off at different interfaces and different paths will result in disorder. [ 2) Per-Flow: distributes service flow to different output interfaces based on certain rules, for example (source IP +Destination IP) /N, and N is the router number of load sharing. It has effective load sharing, and at the same time it ensures the packet with the same session to start off at the same interface with the same path.
Equipment from different manufacturers with different models, supports different types and numbers of load sharing technologies, which should be considered when the equipment cooperates with each other.
Page 32
R
R
l Global load sharing can be implemented through modifying link COST value. l For a node, data are transmitted uplink through a path; while for the whole network, at
Chapter 1 Introduction of DCN Chapter 2 Typical networking of DCN Chapter 3 Network protocol design of DCN Chapter 4 MPLS design of DCN
Page 34
tendency.
l Classification of Common VPN:
than that of current VPN on DCN, the classification of VPN is not so detailed as it is in service, not excluding the possibility that in future single item or several items of services will be classified separately into one VPN.
l Consideration should be given in
designing.
Page 36
SPC Switch
Transmission
l Present situation of nodes in a certain office on a municipal DCN: l The IP addresses are classified geographically, but not in accordance with
service types. Different types of services are in the same Vlan and the same network segment.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 37
Switch Manages IP
SPC Switch
Transmission
l Divide Vlan based on the service types of nodes on each branch office,
When re-planning the IP addresses, consider the following points: Re-allocate addresses based on service types that are defined by carriers. Allocate address segment based on IP address numbers occupied by each service type on each node, at the same time consider the possible added numbers in the future. Ensure IP addresses are enough to be allocated and certain address segments have been reserved, then reserve fully. For future expandability, divide IP addresses strictly based on service types. Carriers may operate several VPNs in practice, and many services may be divided into one VPN as a large category, but not excluding the possibility that in the coming future single item or several items of services will be classified separately into one VPN. If dividing IP addresses strictly based on service types, we need not to re-allocate IP addresses again when the demands above appear." Though allocating IP addresses should be based on service types, we should follow the default principle in actual application. If the IP addresses are enough, do not multiplex IP address segment. Though VPN address composed of RD+IP address can distinguish multiplexing addresses, don#t use this way as far as possible. In addition, DCN featured in that itself is a large private network, and many addresses are available.
All rights reserved Page 39
but most of times Internet access should be in the LDCN of each region/city (with the management right is gradually transferred to the upper, Internet egress of the carriers# DCN can only be found in national network in the future).
l Refer to modes of public network access for Internet access. There are several
route disorder.
l Particularly do not affect provincial DCN access
Page 40
Provincial DCN
R
R R R R
Municipal DCN
R R R
R
Municipal DCN
R
Firewall
R
R
R
S
l Each region/city DCN owns Internet egress of itself. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 41
Firewall
Provincial DCN
R
R R R R
Municipal DCN
R R
R
R
Municipal DCN
R
R
requirements in a centralized manner. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 42
R
PE Private network access MPLS VPN
R
CE
l
There are two logical links between PE and CE: [ One is private network access. This logic interface is bound to a corresponding VPN on PE. [ Another is public network access. This logic interface is not bound to a corresponding VPN on PE, but belongs to public network. [ On CE there are VPN private network route and public network default route for Internet access [ Because this mode is easy to operate and the earliest to be used, so it is called traditional way! for VPN users to access Internet. [ The disadvantage is that CE owns public router and private router at the same time. [ The mode may occur in earlier DCN deployed MPLS VPN
Page 43
R
PE VPN A MPLS VPN
R R
R
CE l l l l l VPN B CE
By Configuring a route to the private network in the public network And by leaking a default route to access to public Internet in the private network, VPN user can access to InternetIp route-static x.x.x.x 255.255.255.0 ethernet 0/0/0 Ip route-static vpn-instance VPNA 0.0.0.0 0.0.0.0 y.y.y.y public The principle of this method is simple, and its disadvantage is that route management is complicated and maintenance is difficult. All rights reserved Page 44
R
PE VPN A MPLS VPN
R
R
R
CE
VPN B CE
l l l l
Connect Internet and put it in the public VPN Allow other VPNs to visit this VPN through Hub-Spoke, and deliver default router to other VPNs from Internet VPN This mode is the completely-mutual access between VPNs, unrelated to public network route, having good security, Some public servers in DCN, for example, file server, virus server, can be put to the Internet VPN for centralized management All rights reserved Page 45
designed just for isolating different services and mutual access, but in actual application, for some historical reasons and practical requirements, this kind of mutual access is often needed.
l The most fearful mutual access is that all VPNs can access mutually, thus
VPN will totally lose its meaning. VPN in this kind of application is useless except that it looks pretty!. In addition, it will waste the equipment of the whole network (CPU, MEM, convergence speed and delay) and broadband resource.
l Our design planning is to guarantee users # VPN application will not get into
the above state, and ensure users will really benefit from their investment.
l Guide users, explain the problem and try to find solution together
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 46
Mutual access demand of each VPN generally should be confined within several servers. For example, in financial VPN, one server may require mutual access with a billing server, while in OA an anti-virus server requires all VPN can access it. Refer to the solution in MPLS VPN for servers# mutual access with certain limited numbers in VPN, or consider dividing the servers with this kind of requirement into one VPN, just as the centralized access of center VPN mode above.
NMS of group company functional network Import:100:1 Export:200:1 PE Network platform of DCN PE PE Network platform of DCN PE PE Import:200:1 Export:100:1 PE
Billing system NMS of provincia NMS of provincia of provincial company l company functional network l company functional network
Page 47
PE dynamically imports different VPNs based on user name and password and allocates different IP addresses
l Typical Application of ACCESS MPLS VPN l L2TP adaptor can replace real network card l Realize dynamic selection of VPN by using L2TP verification mechanism HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 48
l Share multiple VPNs, with a fixed position and fixed role. l Configure a special VRF for multi-purpose server, and exchange routes with
multiple VPNs.
l Multi-purpose server IP address is unique within the office. l Add security protection to server. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 49
ASBR CE PE
LSP1 l
LSP2
Between national and provincial network, or between provincial and municipal network, VPNs interconnections all belongs to cross-area MPLS VPN. In DCN, two modes, Option A or Option B, are usually adopted. Option A configuration is simple and not necessary to consider the compatibility of different manufactures. RT can be different in two AS, which is not suitable for the case with many VPNs. All rights reserved Page 50
l l
When Option B is used, it is necessary to consider the compatibility of different manufactures. Option B requires that RT in two AS be consistent. If RT rule in relevant regulation of carriers is ASN: XX, then RT of two AS cannot be consistent, which needs negotiation for a solution. The substance of users# selection schemes%dynamic access of VPN
Page 51
Thank You
www.huawei.com