Pakistan Education & Research Network


Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Pakistan Education & Research Network

  2. 2. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION1. Project Preview PERN2 is a high speed dedicated National Research & Education Network(NREN) for the universities/institutes and other academic sectors of Pakistan. Thiswill provide students, faculty members and researchers a fully integrated anddedicated communication infrastructure using advanced Information &Communication Technologies. This NREN is being established to achieve truecollaborative research, knowledge & resource sharing and distance learning. ThePERN2 is also aimed to have connectivity to other NREN(s) of the world includingAPAN (Asia), Internet2 (USA), GEANT2 (Europe) etc. and initiate collaborativeresearch with the consortiums of NREN(s). It will establish 10GbE Metro Network inIslamabad, Lahore, Karachi, Quetta, Multan, Hyderabad and Peshawar Regions foruniversities/institutes. The Pakistan Education & Research Network (herein referred to as PERN2) isdesigned for multi-services carrier network. This network will carry the followingservices but not limited to: VOIP Service, Online Lecture& Online Research Lab etc VOD, IPTV, Streaming , Online Test Online Registration/Course selection/Score Query MPLS L3/L2 VPN for Universities and Colleges Digital Library, Emailing service, Discussion Forum High speed Internet service Normal Internet service and other traffic
  3. 3. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION This PERN2 ultimately is constructed by below list of equipment: Region City NE80E NE40E NE20E North ISB 1 3 20 PSH 1 6 Central LHR 1 2 20 MLT 1 1 FSB 1 3 South KHI 1 2 12 HYD 1 7 QTA 1 3 SUM: 8 3 12 78The implementation includes:Core Regional Access Point of Presence: 3Islamabad, Karachi, LahoreSub Regional Access Point of Presence: 5Peshawar, Quetta, Multan, Hyderabad, FaisalabadLocal Access Point of Presence: 7Air University, Fatima Jinnah Women University Rawalpindi, Quaid-e-AzamUniversityGovt. College University Lahore, Punjab University (New Campus)Karachi University, College of Physicians & Surgeons PakistanUniversity/Institute: 78
  4. 4. Pakistan Education & Research Network (PERN2)HIG EDUCA COMMIHER SSION TION The PERN2 Network Diagram
  5. 5. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION1.1. PERN2 core network Core network ISB-AU-PE-NE40E NE80E ISB-HEC-P-PE-EGRESS-NE80E ISB-FJWU-PE-NE40E PSH-HEC-PRR-PE-NE40E NE40E ISB-QAU-PE-NE40E Legend 10G Link (Optic Fiber) LHR-GCUL-PE-NE40E 10G Link MLT-BZU-P-PE-NE40E LHR-HEC-PRR-PE-NE80E (Long Haul Fiber) QTA-BUITMS-P-PE-NE40E MLT-FSB-P-PE-NE40E KHI-CPSP-PE-NE40E LHR-PU-NEW-PE-NE40E KHI-KU-PE-NE40E KHI-HEC-P-PE-EGRESS-NE80E HYD-USINDH-PE-NE40E The PERN2 IP/MPLS network in core divides 8 Metro Networks: Islamabad, Peshawar, Lahore, Faisalabad, Multan, Karachi, Hyderabad and Quetta. Different Universities will connect to different Metro Networks. So, this network topology has better redundancy and less links.1.2. PERN2 Aggregation or Access network According to network design, every city uses NE40Es/NE80Es as Aggregate Routers, and the CEs use NE20Es,
  6. 6. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION Access site’s diagram and 8 POP site’s diagram: Access Implementation (Access Site) International University Service, Internet Service VOIP Service NE20E (CPE) PERN2 Backbone NE40E/80E (PE) VOD,IPTV, Streaming, Online, etc. Webserver, Mailserver, etc. L2VPN Service GE Optic link FE Electric link The traffic of L3VPN will aggregate on the switch provided by University, thenconnect to the NE20E (CE) routers and NE20E (CE) connect to NE40E/80E (PE) atlast; The traffic of L2VPN will aggregate on the NE20E (PE) as well, NE40E/80Ework as P routers right now; So NE20E work as CE and PE for different services;
  7. 7. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION For other 8 POP sites, we add NMS servers and clients. The traffic of NMS (L3VPN) will aggregate on NE20E (CE) as well. Access Implementation (7 POP Sites) International University Service, etc. Internet Service VOIP Service NE20E (CPE) PERN2 Backbone NE40E/80E (PE) VOD,IPTV, Streaming, Online, etc. Webserver, NMS Servers Mailserver, etc. L2VPN Service &Clients. GE Optic link FE Electric link Other 8 POP site’s diagram: (ISB, KHI, LHR,FSB, PSH, QTA, MLT, HYD)1.3. Technology in PERN2 IP MPLS NETWORK PERN2 IP MPLS network will use the communication technology as following to build high availability and fault tolerance backbone infrastructure.  IP TRUNK/Ethernet Trunk (For future)  IS-IS  OSPF/Multi-Instance OSPF  BGP/MBGP  MPLS  MPLS TE  MPLS L3 VPN  MPLS L2 VPN (PWE3)  VPLS (Martini)  Multicast VPN (Multicast Domain Mode)  PIM-SM  MPLS TE FRR  BFD  QOS (Diff-Serv/Traffic-Shaping/Traffic-Policing)  802.1Q
  8. 8. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION1.4 INTERNATIONAL NREN CONNECTIVITYIn August 2008, PERN joins the International Research and Education Community byhaving a dedicated 155Mbps link to the TEIN2 PoP in Singapore. Initially the Linkwas terminated at PTCL premises, and from there it was redistributed to all PERNconnected sites. During that time PTCL was responsible for the active monitoring ofthe link. Since the time of Connection, HEC and PTCL thoroughly researched thebest way to utilize the entire bandwidth of the IPLC circuit, however, bandwidth forPTCL’s commercial traffic was always compromised at the research traffic’s expense.Therefore, eventually it was mutually decided to terminate the IPLC circuit on HEC’sKarachi PoP, In October 2009, The link was shifted to HEC’s PERN2 PoP Karachi.This link is only for the research & education purpose on special permission HECallows universities to use this link, currently none of the universities are utilizing thislink other than the only university i.e NCP (National University of Physics Islamabad)requested to use this link for the Grid Computing Project.The current utilization of IPLC Circuit is shown in Figure:
  9. 9. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION2. IGP Design2.1. Routing protocol compareIS-IS is used as IGP routing protocol in PERN2 network. The following argumentsexplain why IS-IS may be a somewhat better protocol for this network.  Based on experience in the industry, IS-IS generally supports a larger a number of nodes (up to 1024) in the same area. OSPF is generally deployed with a much smaller number of nodes (less than 200).  Many of the carrier class large scale IP networks use IS-IS.  Much of the vendor experience with large scale network is with IS-IS, thus making it easier for the vendor to support.2.2. IS-IS DesignAll routers will be ISIS L2-only routers in PERN2 core network2.3. InterfaceThe interfaces should enable ISIS protocols are:  All 10 G interfaces in NE40E/80E connected to each other, including the loopback interfaces.  All public sub interfaces of GE in NE20E connected to core routers, including the loopback interface.  All public sub interfaces in NE40E/80E connected to NE20E.AuthenticationMD5 Authentication should be defined between all ISIS neighbors.RedistributionNo re-distribution of routes is recommended either from the IGP to BGP or from BGPinto IGP.IS-IS Fast ConvergencePartial route calculation and incremental SPF should be deployed to help L3convergence time. (In Huawei NE40E/NE80E implementation, I-SPF and PRC is theonly algorithm for route calculation) timer should be adjust to : timer spf 1 50 50
  10. 10. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION3. BGP/MPLS IP VPN DESIGN3.1. BGP/MPLS INTRODUCTIONThe BGP/MPLS IP VPN is a PE-based L3VPN technology in the ProviderProvisioned VPN (PPVPN). It uses BGP to advertise the VPN routes and MPLS toforward the VPN packets on the provider backbone network. The BGP/MPLS IPVPN has flexible networking modes, good extensibility and convenient support forthe MPLS QoS and the MPLS TE. Hence, it is widely used.The BGP/MPLS IP VPN model contains the following parts:Customer Edge (CE): is an edge device in the customer network. It has one or moreinterfaces directly connected with the service provider network. It can be a router, aswitch or a host. Mostly, the CE cannot "sense" the existence of the VPN, and doesnot need to support MPLS .The University Campus devices act as CE equipment inPERN2 network for L3VPN Service.Provider Edge (PE): is an edge device of the provider network. It is directlyconnected to the CE. In the MPLS network, the PE router disposes all the VPNprocessing. All NE40Es and NE80Es are PE equipment in PERN2 Network forL3VPN Service. And all NE20Es are PE equipments for L2VPN ServiceProvider (P): is a backbone router in the provider network. It is not directlyconnected to the CE. The P router should possess MPLS basic forwarding capability.In PERN2 MPLS network, the NE40E/NE80E router operates as the P equipment.3.2. AS Design The entire PERN2 MPLS network will use a Public AS Number. The PERN2 ASwill be able to exchange Internet routes with other legal/public AS.3.3. Router-reflector Design For reduce the traffic among all PE routers, two RRs should be deployed for CORENETWORK to reflect all private route information among PE router. The two reflectors can back up each other and reflect the VPNv4 route. The doublereflector can improve the network reliability. It is recommended to select RR routers in Peshawar and Lahore because theKarachi and Islamabad routers are the egress routers for PERN2 network. It isrecommended that the RR should be isolated. Because ISB/KHI are also Egressrouters and less pressure in them is better, and the popular design rule is that RR willbe router alone and not any other service in it. And if ISB/KHI are RRs and also runEBGP with ISP/ERNET and learn internet/international ERNET route then two RRsshould be stayed in different cluster and routing-table will be fourfold in the othercore routers.
  11. 11. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION4. VPN Implement 4.1. VPN planAccording to HEC requirement, we will implement the following VPNs in MPLSnetwork. Internet VPN: pt_ internet; InternationUniversity VPN: pt_ internationuniversity; Intranet VPN: pt_intranet; NMS VPN: pt_nms.5. PWE35.1. IntroductionIn PERN2 MPLS Network, we need to facilitate Universities to communicate witheach other for different services according to their requirements without interferingand caring PERN2 network. They can use IPs planned by themselves. These servicesmust be transported through MPLS network. The PWE3 technology is the rightchoice to be used to accomplish this task. The PWE3 is a type of end-to-end Layer 2transmitting technology. It emulates the essential attributes of a telecommunicationsservice (such as ATM, FR or Ethernet) in a PSN. It also emulates the essentialattributes of low speed TDM circuit and SONET/SDH.The simulation just approximates to the real situation. The PWE3 uses the LabelDistribution Protocol (LDP) as the signaling protocol to transport bit streams, cells, orPDUs over an intervening PSN. The transmission is transparent and done through thetunnel, such as MPLS LSP, GRE and L2TPv3.In this case, we adopt martini L2VPN bear communication between Universities.
  12. 12. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION6. Services for Universities6.1. VOIPThe VOIP service is introduced in the PERN2 network. The universities will be ableto communicate with VOIP service. MPLS L3 VPN “Intranet” will play a role to keepthis service separated from internet and international university traffic. Normally,When the delay, jitter or packet drop rate exceeds the normal level, the voice qualityis affected or even the call is disconnected. Therefore, PERN2 will implement QoSfor VOIP Service to ensure reliable transport for this service. The QoS (Quality ofService) control is very important to the VoIP Service.6.2. Video Conferencing ServiceThe PERN2 IP/MPLS network will provide Video Conferencing service betweenPakistan Universities and with International Universities by MPLS L3 VPN.6.3. MPLS L3 VPN Service:Different services will keep separated with the use of BGP MPLS VPN.According to services, following are the MPLS VPN deployed in PERN2Network:For Internet VPN: pt_ internet;For International Universities VPN: pt_ internationuniversity;For Intranet VPN: pt_intranet;For NMS VPN: pt_nms.6.4. MPLS L2 VPN Service (VLL-PWE3):Universities can create MPLS L2 VPN to communicate to each other. MPLS L2 VPNcan establish VLL-PWE3 tunnel for universities to transparently communicate witheach other. This will work just like a physical link between two universities.Universities can plan their IP addresses by themselves.
  13. 13. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION6.5. MPLS L2 VPN Service (VPLS Martini):Universities can create MPLS L2 VPN to communicate to each other. If multipleaccess sites want to communicate with each other, we can establish VPLS MartiniService for this purpose. VPLS is an L2VPN technology based on MPLS andEthernet. VPLS implements the point-to-multipoint VPN networking that is a bettersolution than the original point-to-point L2VPN service. VPLS prevents the carrierfrom managing the routing information of the internal user like L3VPN.6.6. High Speed Internet:PERN2 will provide High speed internet service to the universities of Pakistan.PERN2 will deploy separate MPLS VPN for Internet service. The universities canhost web or email services or any other Internet services. If the destination of PERN2University is another PERN2 university, it can directly communicate to the universitywithout going to Internet. And HEC also can monitor and limit the bandwidth of eachuniversity for internet access.6.7. Services Hosting:The universities can host services at their campuses. For example Web Service/FTPService or Email Service or any other Education Service, etc. The universities canhost web or email services. If the destination of PERN2 University is another PERN2university, it can directly communicate to the university without going to Internet.That provides high speed and availability.6.8. Communication with International UniversitiesPERN2 universities can communicate with the international university for differentservices. We can limit bandwidth for each university to communicate with NREN.The PERN University will find different bandwidth for communication within PERN,NREN and Internet. HEC can control the bandwidth of each university for differentcommunication. And HEC also can monitor the bandwidth of each university forinternational university access.6.9. Multicast Service:If one university wants to Multicast a channel on the PERN2 network, otheruniversities will be able to see this multicast at their campuses.6.10. IPV6 Support:For universities running IPV6, they can communicate with each other usingIPV4/MPLS PERN2 network by IPv6 over IPv4 Tunnel Configuration.
  14. 14. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION7. Reliability Implement To construct a high-reliable network, besides deploying high-reliable equipment,the high-reliable characteristics of equipment should be effectively considered andapplied in the network layout to organize a high-reliable network with full redundancycapability. PERN2 IP/MPLS Core Network can implement these fault tolerance and reliabilitytechnologies as: ISIS FC, BFD, TE FRR, Egress Load Balance, Egress Hot Standbyetc.ISIS FCBFDTE FRREgress Load balanceEgress Hot Standby7.1. ISIS FC (Fast Convergence) The route convergence process on a router is as follows: 1) IGP receives changed link state packets. 2) IGP advertises the changed link state packets to neighbours and performs route calculation. 3) IGP advertises route changes to the route management plane. 4) The route management plane refreshes the changed routes to the FIB for forwarding guide. To accelerate route convergence, the above key processes must be optimized. TheIGP route calculation, route management plane, and FIB process are related to thesoftware design and beyond the scope of this document. You can refer to the specifieddocuments for their details. The IGP fast convergence technology concerns mainly the optimization of sendingand receiving link state information, and the route calculation. The route calculation isthe core of the optimization. The currently mainstream IGP protocols such as ISIS and OSPF use the typicalSPF algorithm to calculate the network topology information and route information.
  15. 15. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TIONIn most cases, when the link state information (LSP in ISIS and LSA in OSPF)changes, the topology and routes in the whole network need be re-calculated. However, the topologies of the present backbone networks are complicated and thequantity of routes is a huge number. The requirements for the route convergence arealso high. Re-calculation of the network information takes long time (means slowconvergence) and costs vast CPU resources. Both hardware and software are greatlyaffected. If the network information changes a little and all the routes are re-calculated, it will cause more waste.7.2. BFD The BFD protocol is a simple “Hello” protocol. Many of its aspects are similar tothe neighbour detect part of those famous routing protocols. Two systems periodicallysend and receive detection packets through a channel established between them. Ifone system does receive a detection packet from the other for a long time, it indicatesthat failures occur in a certain part of the bi-directional channel between the twoadjacent systems. Under some circumstances, consultation should be conducted on thesending and receiving rate between the two systems, so as to reduce the load. In PERN2 IP/MPLS network, we configure the one-hop BFD between 10G Corelinks then fast detect and monitor the directly-connected 10G Core links inmilliseconds. And if there is failure in 10G Core links, our routers will be able todetect it in milliseconds and tell protection application to switch traffic in 50milliseconds while run with TE FRR.7.3. TE FRR TE FRR is a technique that implements partial protection in MPLS TE. It canminimize data loss when network failure occurs. TE FRR is only a means oftemporary protection. Once the protected link or node restores or a new LSP isestablished, traffic is switched back to the original LSP or the newly established LSP. After the TE FRR function is configured to LSP, traffic is switched to the standbylink when certain link or node on LSP is out of service. Meanwhile, the ingress ofLSP attempts to establish a new LSP.
  16. 16. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION In PERN2 IP/MPLS network, we configure TE FRR between Core links in Corenetwork. Once link or node fail, TE FRR can switch traffic in 50 milliseconds and inthis way all the application service will not detect the failure of Core network.7.4. Egress Load Balance and Hot Standby Policy7.4.1. Internet Traffic For the outgoing traffic from PERN2 to Internet, the traffic will be load sharebetween two ISPs PTCL and TWA. And we can adjust the traffic freely andmanually. For example, we can distribute more traffic in the high bandwidth egresslink and less in another low bandwidth egress link by BGP Policy. Or when there iscongestion in one link but idle in another link, we also can distribute the traffic tobalance by BGP Policy. For the incoming traffic from Internet to PERN2, the traffic will be load share andbackup between two ISPs. For this purpose, Each ISP will maintain summary route ofPERN2 network and detailed route of PERN2 network. The detailed route means wewill divide the /20 (will be distributed to university users) subnet in two /21 subnets.One /21 (detailed route) subnet and /20 subnet route is advertised to PTCL, andanother /21 subnet (detailed route) and /20 subnet route is advertised to TWA. In thisway, the incoming traffic to some university users who stay in /21 subnet will comethrough PTCL and other users who stay in another /21 subnet through TWA. In caseof failure of one ISP, the traffic can use summary route from other ISP to reachPERN2 network. In case one ISP link gets down or Egress router gets down, the second will work asBackup ISP as well.7.4.2. International Universities Traffic For the outgoing traffic from PERN2 to the NREN Universities, the traffic will beload share on the multiple STM-1 links by configuring multi-paths function of BGP inEgress router. For the incoming traffic from NREN to PERN2, the traffic will be load share andbackup between two STM-1 links. The detailed implementation is the same asInternet incoming traffic. In case one link gets down gets down, the second will work as Backup link.
  17. 17. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION8. QoS Implement8.1. QoS overview The traditional IP network delivers various service packets in Best Effort (BE)manner, which is suitable for the services insensitive to delay, such as file transfer,web page browsing and email. For services requiring low delay and low jitter, such asreal-time IP voice, teleconference and video on demand, the BE delivery model isunsatisfactory because of intolerable intermittent voice and graphics. To deploy thesereal-time services on the Internet, the Internet devices must offer diverse Quality ofService (QoS) for different services. There are several solutions to implement QoS, including Resource reservationProtocol (RSVP) and Differentiated Service (Diff-Serv) model. RSVP is an end-to-end protocol. Users that need QoS assurance send QoSrequirements (such as delay, bandwidth, and packet loss ratio) to the network devicethrough RSVP signalling. After receiving the resource reservation request, thenetwork nodes along the path perform admission control, authenticate the validity ofthe users and check the availability of resources, and then determine whether toreserve resources for applications. If the network nodes on the path assign resourcesfor users, the requirements for bandwidth and delay are addressed, therebyimplementing QoS guarantee. Because network nodes need to maintain somenecessary Soft State information for every reserved resource, the maintenance costwill be too much to bear for routers on the large-sized network. RSVP is unfit for thebackbone network where traffic is converged. In the Diff-Serv model, the application program uses the QoS information set in theIP packet header to notify the network node of its QoS requirements. Routers on thepath obtain the Type of Service (ToS) by analyzing the IP packet header. Inimplementing the Diff-Serv, the access router classifies the packets and marks ToS onthe IP packet header by which the downstream router identifies the service andforwards the packets. So, the Diff-Serv is a packet stream-based QoS solution. PERN2 will deploy Diff-serv Model architecture.
  18. 18. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION8.2. Diff-serv Model architecture Network nodes that perform Diff-Serv function are called DS nodes. A DS domainconsists of a group of interconnected DS nodes that adopts the same service policyand implements the same Per-Hop Behavior (PHB) set, as illustrated below.DS nodes are classified into DS boundary nodes and DS interior nodes. The formerconnects DS domains and non-DS domains. The latter connects DS boundary nodesand interior nodes. The DS boundary node controls traffic and sets the DifferentiatedServices Code Point (DSCP) according to the traffic conditioning agreement definedbetween domains. The DS interior node performs simple traffic classificationaccording to the DSCP value and performs traffic control on the associated traffic. DS domain DS Node DS Node DS Node Non-DS domain Non-DS domain In DS Domain of MPLS Domain, MPLS TE Tunnel will established between a pairingress router and egress router, the cr-lsp with bandwidth reserved can ensure thebandwidth between the pair routers, so the user data traffic will transit from ingressrouter to egress router without any congestion in DS Domain of MPLS Domain.Tos Field and DS Field RFC791, RFC134 and RFC1349 define the Type of Service (ToS) field in the IPv4packet header as shown in Illustrate 10-2. The ToS field consists of 3-bit Precedence,D bit, T bit, R bit and C bit, with the most significant bit being 0. D bit representsDelay, T bit represents Throughput, R bit represents Reliability, and C bit representsCost. In implementing the QoS, routers check the precedence of the packets. The restbits are not used.
  19. 19. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION RFC2474 re-defines the ToS field of the IPv4 packet header as the DS field. Asshown in below, the lower six bits (bits 0 to 5) of the DS field serve as DS CodePoint(DSCP) and the higher two bits (bits 6 and 7) as reserved bits. Where, the lower threebits (bits 0 to 2) are for Class Selector Code Point (CSCP), representing a kind ofDSCP. DS nodes choose appropriate PHBs according to the DSCP value. IPv4 ToS DS Field 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 CSCP unused Precedence D T R C 0 DSCP802.1P Field IEEE 802.1Q standard defined the IEEE802.1Q packet header as shown below,of which the 3-bits 802.1P field priority in 4 Bytes vlan tag, .The 801.1P ranges from0 to 7. By default, the 801.1P corresponds to the precedence in the IPv4 packet.Vlan Tag in IEEE802.1Q packet header 0 15 16 17 18 19 20 31 0x8100 802.1P CFI VLAN IDMPLS EXP Field RFC 3032 defines the MPLS packet header as shown below, of which the 3-bitEXP field stands priority. The EXP ranges from 0 to 7. By default, the EXPcorresponds to the precedence in the IPv4 packet. MPLS Header 0 1 2 3 20 21 22 23 31 LABEL EXP S TTLDS Field Define The space of 64 code points of the DSCP is divided into three pools as shown intable following: Classification of the DSCP: Coding pool Coding space Usage 1 xxxxx0 Standard Action (standard operation) 2 xxxx11 EXP/LU (experimental/local use) EXP/LU (which can be used as extended space 3 xxxx01 of later standard actions)
  20. 20. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TIONStandard PHB Per-Hop Behavior (PHB) is a behavior that the DS node acts on data flow. Networkadministrators can configure the mapping between DSCPs and PHBs. When a DSnode receives a packet, it checks the DSCP of the packet. If finding that no mappingfor this DSCP to PHB is defined, the DS node forwards the packet using the defaultPHB (that is, Best-Effort, DSCP=000000). Every DS node must support the defaultPHB. At present, the IETF defines three standard PHBs, namely, Expedited Forwarding(EF), Assured Forwarding (AF) and Best-Effort (BE). The BE is the default PHB.Congestion Management and Avoidance When congestion occurs and becomes severe, the special queuing and the packetdrop policy can be adopted to trade off the resources assignment among variousforwarding services (such as EF and AF). The common packet drop policies includeTail Drop, Random Early Detection (RED), and Weighted Random Early Detection(WRED).The Tail Drop drops the newly arriving packets when the queue reaches the maximumlength. The RED drops the packets at random when the queue reaches a certainlength, which can avoid the global synchronization due to the TCP slow start.Compared with the RED, the WRED drops the packets based on queue length andpacket precedence. The packet with a low precedence will be dropped first, and itsdrop probability is high.QoS Queues Schedule NE40E and NE80E Core router support 8 queues such as CS6, CS7, EF, AF1, AF2,AF3, and AF4 and BE, CS6 and CS7 queues just for protocol traffic, other queues foruser data traffic. The traffic entered into 8 queues according different DSCP codes,and queues scheduling mode support PQ+WFQ mixed.
  21. 21. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION8.3. QoS Implementation in PERN2 IP/MPLS networkQoS Policy in PERN2 IP/MPLS network:1. Limit the access speed (ingress/egress) of each university according to different services at NE40E/80E of POP Sites.2. Deploy Diff-Serv mode for Hop by Hop provision at Core Network to guarantee bandwidth of each service by end-to-end.Analyzing the services in HEC PERN2 MPLS network, Following are the types ofservices and their recommended bandwidth specifications:Bandwidth Limitation for Universities: ClassifyService Type Bandwidth DSCP EXP CriterionVOIP Service 3M 0.3% source ip EF 5VOD,IPTV, Streaming 275M 27.5% source ip AF4 4Digital Library; DiscussionForumOnline Lecture& Online Email:Research Lab, Online Test, TCP 25 80MOnline Registration; Online 8% Others: AF3 3Course selection; Online Score TCP 80Query, Emailing service, Webservice, etc.International University service 15M 1.5% subinterface30L2VPN service 20M 2% subinterface10 AF2 2FTP service 30M 3% TCP 21/22Internet service 10M 1% subinterface20 AF1 1NMS Traffic 2M 0.2% subinterface50All traffic not classified in other BE 0 10M 1% /traffic classes.Totally 445M 44.5% / / /
  22. 22. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TIONFor VOIP, one call per second needs 95.2Kbps, We suppose 30 calls will be in onesecond as usual.For VOD, the bandwidth of program is 750-1500Kbps; For BTV, if MPEG4 Codingis used, bandwidth per channel is 1Mbps; if MPEG2 Coding, bandwidth per channelis 4Mbps. So Bandwidth (IPTV/VOD)=(750-1500Kbps)*(Most users in onetime)+(1Mbps or 4 Mbps)*(TV channel number).We suppose MPEG2 Coding, TV channel number is 50 and 50 users in one time forVOD.Services At Core Network: Following are the services at PERN2 Core Network and their recommendedbandwidth specifications: Bandwid Service Type DSCP EXP th Routing and other Protocols 1% CS7 7 Routing and other Protocols 1% CS6 6 VOIP Service 6% EF 5 VOD,IPTV, Streaming 50% AF4 4 Digital Library; Discussion Forum Online Lecture& Online Research Lab, OnlineTest, Online Registration; Online Course 25% AF3 3selection; Online Score Query, Emailing service,Web service, etc. International University service L2VPN service, FTP service 10% AF2 2 Internet service, 5% AF1 1 NMS and all traffic not classified in other 2% BE 0traffic classes.
  23. 23. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION9. SecurityFollowing security measures will be taken to provide PERN2 network security.1. ISIS/BGP MD5 authentication to prevent negotiation and connection from others about ISS/BGP and protect ISIS/BGP to run in security.2. SSHv2 Telnet, HW Tacacs/Radius authentication users, Filter user(IP address) access: Telnet/SSH/SNMP etc. to prevent illegal users to access equipments of PERN2.3. Apply VPN in IP Bearer Network to separate different services.4. Filter famous virus ports by ACL at access routers and egress routers to prevent normal virus attack from university or Internet or NERN.5. Firewalls avoid attack from University, Internet and NERN. If HEC trust the network of university, firewall at access site is not necessary. We recommend HEC to provide firewalls in front of Karachi Egress router and Islamabad Egress router to avoid attack from Internet or NERN. Remarks: The basic function of routers is forwarding data quickly and correctly. It has littlesecurity idea to let it out of attack. Avoid attack is the important function of security equipments, such as firewall, IDSand etc.10. Scalability The PERN2 network will provide scalability for expansion for more universitiesand new technologies like IPv6 for universities to implement and communicate withPERN2 and NREN universities. This will provide students, faculty members andresearchers a fully integrated and dedicated communication infrastructure usingadvanced Information & Communication Technologies.
  24. 24. Pakistan Education & Research Network (PERN2) HIG EDUCA COMMI HER SSION TION11. Network management11.1. NMS VPN Routers in Core network should be managed via traffic in-band. The managementtraffic will use the same links as data traffic. In-band management for DMS/NMS should be enabled on all the routers in CoreNetwork. Bandwidth should be allocated to in-band management on all links. Adoptthe IP Forwarding to carry NMS of IP/MPLS core.11.2. Telnet All routers must configured username and password to improve the network management and security.12. Reference:Following are the references for the technologies being used in PERN2 network fromPakistan and other networks:  ISIS- Ufone/CMPaK/China Telecom/China Netcom/China Mobile  OSPF- Ufone/CMpak/ China Telecom/ China Netcom/ China Mobile  MPLS L3 VPN- Ufone/CMPAK/ China Telecom/ China Netcom/China Mobile  EBGP- TWA/ China Telecom/China Netcom/ China Mobile  MPLS L2 VPN- Ufone/CMpak/China Telecom/China Netcom/China Mobile  Multicast L3 VPN Service, PM-SM- China Netcom  Online research - CERNET  Online lab - CERNET  Online test - CERNET  Online registration - CERNET  Discussion Forum - CERNET  High speed internet- TWA  Route Reflector- Ufone/CMPAK/TWA/China Telecom/China Netcom/China Mobile  Load Balancing for internet traffic - China Telecom/China Netcom/China Mobile  Hot Standby policy for internet - China Telecom/China Netcom/China Mobile  Load Balancing for NERN - China Telecom/China Netcom/China Mobile  Hot Standby policy for NERN - China Telecom/China Netcom/China Mobile  VPLS Martini – Russia Central Telecom  NMS VPN- Ufone/CMPaK  LDP Load Balance - China Telecom/China Netcom/China Mobile  MPLS TE FRR- CMPaK/China Mobile  BFD- CMPak/China Netcom/China Mobile  QoS Diff-Serv Model- Ufone/CMPak/China Netcom/China Mobile