Professional Documents
Culture Documents
Winitu Consulting
Klipperaak 2d
2411 ND Bodegraven
slide
The Netherlands
Broadband Services
slide 2
Current broadband services over FTTH networks
! Internet access
! Unicast IP (Duh)
! Television
! IP unicast for video-on-demand
! IP multicast for broadcast television (the default
package of 50 channels)
! Telephony
! SIP signaling, RTP for transport
slide 3
Network Architecture Layered model
! Access
! Lots of individual connections
! Focus on physical aggregation of lines
! Security
! Distribution
! Connection towards access layer
! Focus on logical aggregation of connections
! Route summarization
! Core
! Connection towards the distribution layer
! Focus on traffic volume
! No identification of individual connections
slide 4
Network
Architecture
Layered
model
Service Service
provider 1 provider 2
metro
access
slide 5
Discussion
slide 6
Network Architecture Ethernet as uniform transport protocol
Leased line
ATM
Frame Relay
Ethernet
X.25 PPP
Ethernet
Packet over Sonet (POS)
SONET
STM-1, 4, 16
SDH
slide 7
Network structure Domain separation
ISP 1
CPE
WWW
backbone ISP 2
ISP 3 PSTN/ISDN
slide 8
Network Architecture Access: connection model
slide 9
Network Architecture Core: MPLS VPN
VPN ISP
VPN SP 11
Distributie / Core ISP 1
CPE apparatuur
VPN ISP
SP 22 ISP 2
backbone
ISP 3
VPN ISP
SP 33
City PoP
slide 10
Network Architecture Core Network
IP Routing
! IGP
! For distributing next-hop routing information
! OSPF or IS-IS
! M-BGP
! For distributing IPv4 prefixes
slide 11
Network Architecture MPLS primer: labels
IP packet L1 IP packet
L2
IP
packet
L3
IP
packet
IP packet
slide 12
Network Architecture MPLS primer: forwarding
IP rou>ng table
Label
Forwarding
informa>on
Base
(LFIB)
slide 13
Network Architecture Increasing complexity
Complexiteit
Triple play
Dual play
Single play
Multiplay
slide 14
Quizzz
slide 15
Network Architecture Quality of Service
Core network
! QoS only relevant if congestion can occur
! Used to be irrelevant in broadband networks as bandwidth was
plenty. FTTH and Docsis3 has changed this.
! QoS policy of most providers was: upgrade capacity.
Currently large providers are running into technological limits:
10GE is not fast enough and 100GE is not yet there!
! Cost for service providers is increasing rapidly
! Traffic is becoming more symmetrical
slide 16
Network Architecture Quality of Service
Access networks
! Multi-play services all use the same connection
! Voice traffic needs to be protected
! Video needs to get enough bandwidth (otherwise youll see
blocks)
! Video and voice need protection from general internet traffic
(especially P2P and news traffic)
slide 17
Network Architecture Quality of Service
CPE
backbone ISP 2
QoS transparent
slide 19
Network Architecture Security
! Network
! Access to network elements
! Access to network management systems
! Protocols
! Security by obscurity
! Control plane protection
! Services platform
! Policy: every service is responsible for its own platform
! Where possible network security can provide additional protection
! Separate users
! Spoofing filters
! User isolation
! Protocol filters (note that new OS like Windows Vista and 7 bring new
challenges, like IPv6 default enabled).
slide 20
Network Architecture Security Attack Vectors
! ARP flood attack, plus spoofing
! DHCP flood attack
! MAC flood attack, plus spoofing
! IGMP flood attack
! IPv4 broadcast flood attacks
! IPv4 unicast flood attack
! TTL=1 attack
! IP options attack
! IPv6 MLD
! some others.
slide 21
Network Architecture Security
CPE
backbone ISP 2
Private vlans
CPE configuration
vlan filtering
Security force configuration
from a central server
slide 22
Network Architecture FTTH networks Security toolbox
DHCP snooping VACL Layer-2 filtering:
PFC based special case
Dynamic Arp Inspection -Allow ethertypes 0x800 and 0x806
Hardware limiters
Private VLAN -Broadcast ARP filtering
-Multicast filtering
-Broadcast redirection
slide 23
Network Architecture IPv6 adressing
! IPv6 display
! 2031:0:130F::9C0:876A:130B
! Leading 0 in a segment is optional
! Use double colon :: to summarise two segments with 0s
allowed only once in an address.
slide 24
Network Architecture IPv6 adressing
! Adress scopes:
! Unicast single host or interface
! Anycast group of hosts or interfaces
! Multicast group of receivers
! There are no IPv6 broadcast adresses (!)
! Adress types:
! Link-local adres, starts with FE80:: /10
! Site-local adres, stars with FEC0:: /10
! Global aggregate adress, worldwide unique
slide 25
Network Architecture IPv6 adressing
slide 26
Network Architecture IPv6 migration scenarios
slide 27
Network Architecture IPv6 Dual-Stack
IPv6
backbone IPv6 Internet
CPE
IPv4
backbone IPv4 Internet
CPE configuration
security configuration envoforcement
from central provisioning system also IPv6
slide 28
Quizzz
! Netwerk management?
! Why does that seem to be so difficult for most
Service Providers?
slide 29
Network IT - Provisioning
! Bullshit or ?
slide 30
Network IT Provisioning
slide 31
Network and IT Systems
slide 32
Thats all for now!
Questions?
slide 33