STIX RESELLER SCHEME

Technical Requirement
Version 2
December 2009
1. OVERVIEW ............................................................................................................................................. 2
1.1 SERVICE OVERVIEW ..................................................................................................................... 2
1.2 DOCUMENT OVERVIEW ................................................................................................................ 2
2. STIX RESELLER SCHEME............................................................................................................. 2
2.1 NETWORK DESIGN ....................................................................................................................... 2
2.1.1 Topologies .............................................................................................................................. 2
2.2 INTERNATIONAL LEASED LINE REQUIREMENT .............................................................................. 2
2.3 LAYER 2 SWITCH SPECIFICATION ................................................................................................. 2
2.4 USER ACCEPTANCE TEST (UAT) ................................................................................................. 2

2
1. Overview

1.1 Service Overview

STiX Reseller Scheme provides Resellers not only the capability to provide IP Transit service to their
customers but also to:
• Provide their customers direct Exterior Border Gateway Protocol (EBGP) peering with
STiX AS7473
• Enable one hop connection from their customer’s network to STiX network
• Share a single international leased line with multiple customers

1.2 Document Overview

This document intends to present:

• Network Topologies for STiX Reseller Scheme
• Requirements for International Leased Line
• Specifications for the Layer 2 Switch
• User Acceptance Test

3
2. STiX Reseller Scheme

2.1 Network Design

2.1.1 Topologies

This part intends to describe:

• Network Setup
• Configuration requirement
• Demarcation
• Caveat
• Design constraints

Network Setup

Egress rate-limiting on STiX port
based on customer subscribed
bandwidth so as to protect all
customers sharing the
international leased line from
contention
Using Vlan Tagging 802.1q - One Vlan ID per customer
to segregate traffic
- Customer port will be un-tag
- One BGP session with AS7473
Ethernet Only
Cust A

STiX International
Leased Cust B
AS 7473 L in e

Cust C
Ethernet Hand-off

Direct EBGP peering between Ingress rate-limiting on Reseller

Customer and STiX AS7473
customer port based on customer
subscribed bandwidth to protect
all customers sharing the
International leased line from
contention

Configuration Requirement

The basic requirement the Reseller Scheme is mainly:

• International leased line with Ethernet hand-off on both ends
• Layer 2 Switch

Using the international leased line that has the capability to hand-off on Ethernet interface, we will be
able to use Vlan tagging protocol based on the standard IEEE 802.1q. This protocol allows multiple
bridged networks to transparently share the same physical network link without leakage of information
between networks.

4
On the layer 2 switch, Vlan or Virtual Local Area Network will be used to provide a logical network
for each customer while using the same international leased line.

SingTel will assign a unique Vlan-ID to each customer. The same Vlan-ID must be assigned on the
Reseller’s switch. Customer connected port on the switch will be assign as an untagged port and the
port where the international leased line is connected assigned as a tagged port. Both ports must be on
the same assigned Vlan.

To avoid contention, rate-limiting will be configured on the layer 2 switch ingress interface of the
customer-facing port based on the subscribed bandwidth. For example, if customer is connected to a 1
Gbps port but only subscribed to 500 Mbps, the port will be rate-limited to 500Mbps. This would limit
the outgoing traffic from customer network to STiX network.

Rate-limiting will also be configured on the STiX egress interface, which would limit the outgoing
interface from STiX network to customer network.

No special configuration is required on the customer interface.

Demarcation

STiX Reseller Responsibility

Responsibility

Cust A

International
S T iX Leased Cust B
AS 7473 L in e

Cust C
Ethernet Hand-off

The above diagram indicates the demarcation point between the STiX network and Reseller network.
The Reseller will be responsible for the section on the right of the diagram whereas STiX will be
responsible from the section on the left.

Design Constraints

This design allows customers to connect ONLY with Ethernet interface, so there are distance
limitations as shown below:

• 100base TX (100 Mbps on Two copper-wired pair) = 100 meters

• 100base FX (100 Mbps on pair of optical fiber)
o Multimode-Fiber = 400 meters to 2 km
o Single-Mode fiber = 10, 20 and 40 km
• 100base BX (100 Mbps on single strand of optical fiber)
o Single-Mode fiber only = 10, 20 and 40 km

5
 • 1000base SX ( 1 Gbps on optical fiber)
o Multimode-Fiber = 220 meters
• 1000base LX (1 Gbps on optical fiber)
o Single-Mode fiber = 5 km
• 1000base ZX (1 Gbps on optical fiber)
o Single-Mode fiber = 7 km

2.2 International leased line requirement

An important component of the whole design, the international leased line must provide the following:

• Hand-off Ethernet interface on both ends

• Support and carry the IEEE 802.1q information
• If link-aggregation 802.3ad is required for redundancy, then it must be able to support it
and at the same time support and carry IEEE 802.1q information on the aggregated link.

SingTel offers a product, ConnectPlus Ethernet Line (E-Line), which meets all the above
requirements. For more information, please contact your Account Manager.

6
Layer 2 Switch Specification

The basic layer 2 switch specification to support the design is as follows:

Switching

• IEEE 802.1Q – Virtual Local Area Network

• Spanning Tree Protocol
o IEEE 802.1D
IEEE 802.1W
o IEEE 802.1Q (formally IEEE 802.1s)
• Per VLAN Spanning Tree Protocol
• IEEE 802.3ad static load sharing and LACP base dynamic configuration (only required if
Reseller want to do link-aggregation)

Management

• RFC 854 Telnet client and server

• Port-mirroring (Applicable for Resellers who need to be have visibility on their customers’
traffic profile due to regulatory requirements.)

Security, Switch and Network Protection

• Access policies for Telnet

o Only allow legitimate connection
• Ingress Rate-limiting
• Broadcast Traffic limitation capability
• ARP broadcast limit
o Limit broadcast storm traffic

List of switches

• Cisco 3650 series switches

• Cisco 3650-E series switches

• Cisco 3750 series switches

• Cisco 3750-E series switches

For more details, please visit the following web sites:

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps6406/CatalystPoster_Final.pdf

It is recommended for the Reseller to do their own evaluation of their selected switch to ascertain
that all features meet the above-mentioned specifications.

7
Recommended Practice

Since this setup involves switches, it is a good practice to limit the broadcast traffic on the port
where the international leased line is connected. This will prevent any broadcast storm due to mis-
configuration, connection loops or DDoS attacks from impacting customers.

Broadcast traffic to be
limited on this port

Cust A

STiX International
Leased Cust B
AS 7473 L in e

Cust C

Please consult your switch vendor on the broadcast limit configuration and the recommended
limitation to manage the risk of a broadcast storm, without blocking legitimate broadcast traffic.

8
User Acceptance Test (UAT)

A simple test is required to ensure the functionality of the whole design before provisioning any
customer. The setup is shown below.

International
STiX Leased
Port 20
Port 1
AS 7473 Line

Ethernet Hand-off

Reseller will need to connect a desktop or laptop to one of the Ethernet ports (port 1 in the above
diagram) in the layer 2 switch.

STiX will provide:

• The /30 ip address (example x.x.x.1/30 for STiX and x.x.x.2/30 for Reseller)
• The Vlan ID to use (example VLAN ID 10)

Reseller will then configure the following:

• On layer 2 switch
o Create a vlan id 10
o Configure port 1 as vlan 10 member and set it to untagged
o Configure port 20 as vlan 10 member and set it as tagged

• On desktop/laptop
o Configure the IP address x.x.x.2/30 as assigned

Once the above is set up, the following steps will be tested:

• Continuous ping test (1000 count)

o STiX will ping x.x.x.2
o Reseller will ping x.x.x.1

• Traceroute test
o STiX will traceroute x.x.x.2
o Reseller will traceroute x.x.x.1

Acceptable result
• Ping Test
o All ping result is successful with 0 packet loss
o Consistent latency

• Traceroute Test
o Successful result with only 1 hop