3. 3
TOC
BB Multi-Services is happening today
Attract more subscribers by offering more services
Increased business opportunities
by offering services to both residential and business customers
Increased average revenue per user
by offering existing customers access to value-added services
Increased total revenues
by increasing penetration and attracting new customers
Retain and growth of existing customer base
Assuring end-to-end quality of service.
Providing new services
4. 4
TOC
Fixed operators go for Service Bundling: Triple Play
Realising the full potential of
xDSL
Increasing value of Services
Ability to offer a new range of
services to
• Business and residential
users
Triple Play
Voice,data,video
All voice and data related
services are kept
Video
– Broadcast TV
– VOD
Payback
Differentiation
Ubiquitization
Consolidation
Drivers
NVoD VoD
PVR
Interactive
TV
Broadcast
Gaming
HSI
Business
BB entertainment
BB entertainment
- Increase addressable market
New service components
New audiences
New appliances (TV,
consoles,…)
- Increase ARPUs
New services to HSI audience
Revenue generation
5. 5
TOC
Multi-Services drive Broadband adoption
HSI
Business Access
Gaming
PC Video & Music
HSI Broadcast TV, HDTV
VoD, Voice, Visio P2P
Increased
ARPU
Key
Services
DSL Dial-up
conversion
Non-internet
PC conversion
Non PC
conversion
2. Flexible
pricing &
bandwidth
management
3. New services
over PC
4. Beyond PC
• TV sets
• Videophones
Broadband
Penetration
(% households)
30-60% have a PC
20-40%
are on the web
5-15% have already
broadband
100%
~100% have a
TV set and
a fixed phone!
50%
25%
75%
15-30% have broadband
potential
1. Aggressive
marketing
Broadband
ubiquity
6. 6
TOC
10 Mbps (ADSL2+) per user covers MoD needs today
MPEG-4 to boost MoD offering with existing infrastructure
(*) For typical noise conditions
ADSL2+ covers MoD applications
needs (Tier 1, 2 & 3)
10 Mbps = 2 Video streams, 1
HDTV
Tier Service Description Down-
stream BW
Advised
Technology
Typical
Reach (*)
Tier 1 512 Kbps ADSL,
READSL2
6 Km
Tier 2 3-6 Mbps ADSL 3 Km
Tier 3 10 Mbps ADSL2+
MPEG-2
2 Km
Tier 4 10 Mbps ADSL2+
MPEG-4
2 km
Increasing
ARPU
Loop
Length
Multi-Services drive new access technologies
increasing penetration and attracting new customers
MPEG-4 Next-gen multimedia (Tier 4)
up to 5 channels with ADSL2+ !
+++
7. 7
TOC
Impact on Fixed Access of Multi-service evolution
Multi-service from the same access platform is key
Increasing need for bandwidth, resulting in
New BB access technologies (Multi-DSL, VDSL, FTTU)
Deep fiber & remotes deployment
Increased capacity in the DSLAM
Access Network architecture evolving to IP Multi-Edge &
Ethernet
Migration engaged with hybrid ATM/Giga Ethernet aggregation
DHCP is the end-game for VoIP, Video set top boxes, PPP remains for
HSIA
Service enabled edge, ensuring security & guaranteed QOS
Central Office Access platform becomes also an Intelligent
Multi-service hub
Centralized subscriber & access management
IP empowered (e.g. native multicast, IGMP proxy)
Optical Ethernet termination
1
2
3
4
8. 8
TOC
Multi-service from the same access platform is key
Leased line QoS
Predictability, Control
Strict Multicast QoS
Broadcast capacity
Strict QoS point to point
High Capacity
Real Time, no Delay
High Availability
Best Effort
Not Impacting
One or
Multiple
Aggregation
Network
Business Access
Video on Demand
Personal Video Recorder
Voice & Video phony
High Speed Internet
Broadcast TV
DSLAM, Litespan, FTTU, Wimax support
1
9. 9
TOC
New Services leading to bandwidth increase
Increased capacity needed in the DSLAM
Assumptions :
•~768 users per DSLAM
•100% BTV capacity
•10% VoD capacity
Unit:bps.
2. Flexible
pricing &
bandwidth
management
3. New
services
over PC
4. Beyond PC
TV sets
Videophones
100%
Broadband
penetration
(%households)
50%
25%
75%
1. Aggressive
marketing L1
L2
L3
L4
Capacity
/
User
512 k
(1:8)
512 k
(1:4)
2 M
4 M
15 M
Capacity
/
DSLAM
50 M
100 M
200 M
500M
1.5 G
Agg.
Edge
DSLAM
NT
LT
CPE
Capacity
/
NT-LT
12 M
12 M
48 M
96M
360M
16 M
16 M
64 M
128M
480M
24 M
24 M
96 M
192M
720M
24Lines
/Card
32Lines
/Card
48 Lines
/ Card
Capacity
/
NT-LT
Capacity
/
NT-LT
2
ADSL2+
10. 10
TOC
New Services leading to bandwidth increase
More bandwidth needed towards subscriber
Loop length & service constraints
drive fiber & remotes
Technology
Korea,Japan,PAC
China
RoAPAC, Taiwan
MEA,India
LAM
North America
5% 20% 37% 74%
13% 53% 77% 97%
Western Europe
Central & East
Europe
Km from CO
Mbits
ADSL2+ brings 10 Mbps to 51% of the users
ADSL2+
VDSL ADSL RE-ADSL2
0,75 2 3 6
7% 14% 26% 62%
13% 54% 78% 98%
10% 40% 71% 95%
13% 51% 74% 96%
25 10 5 0,5
18% 56% 78% 97%
13% 52% 75% 97%
Alternative deployment strategies
Time
Service driven :
Highest
profitability
Infrastructure driven :
Highest
investment
Initial first investment
ADSL FTTArea
(CO with ADSL2+)
FTTCab
(VDSL)
Deep Fiber
FTTNode
(Remotes)
FTTU
FTTP
Challenges: Remotes, Fiber reach, powering,
rights-of-way, civil work, operations
2
11. 11
TOC
ENTERTAINMENT COMMUNICATION BUSINESS
VOD TV Broadcast
Music
download
E-mail, chat, and
instant message
Unified
messaging
IP based
Telephony
Video
Communication
Impact on access network architecture
Services versus Network Requirements
Gaming
Beyond Internet Access…
Teleworking
IP-VPN
Voice over IP
Web hosting
Specific Network Requirements…
•More Bandwidth
•More Quality of Service
•Multicast (zapping)
•More Security
•Strict Quality of Service
• Upstr and Downstr
• Delay, packet loss
• Service Availability
•More Security
•Latency
•More Security
•Better Availability
•High Bandwidth
•Quality of Service
•CoS options
•Committed SLA
3
12. 12
TOC
Present
Mode of Operation
Internet
ATM
DSLAM
ATM
BRAS
CPE
Internet
Service
DSLAM
CPE ATM
BRAS
Internet
Service
DSLAM
CPE
ATM/Eth
BRAS
Service
DSLAM
BRAS
Packet
Network
Service
Edge
IP Multi
Services
Edge
+
Multiservice
Single Edge
Multiple
Edge
Service
Edge
Multiservice
CPE
Best Effort
Internet
IP
DSLAM
Ethernet
BRAS
CPE
Internet
Multiservice
Impact on access network architecture
Access Network evolving to IP Multi-Edge & Ethernet
New services impose New Network Requirements
New evolution trends
3
13. 13
TOC
Central Office node evolving to multi-service hub
Bringing the service delivery point closer to the subscriber
3- Advanced
Multicast
BTV Server
ISP 1..n
4- Authentication
e.g. GE Hubbing,
Central mgmt
e.g. Broadcast streams are not
duplicated in the network
e.g. Control/Block L2 user to user
communication (e.g. VoIP)
e.g. advanced
authentication
& session
awareness
(e.g. DHCP relay
option 82)
2- Security
1- Service node
5- IP intelligence e.g. PPP, IP Forwarding,
evolution towards IP routing
4
15. 15
TOC
Alcatel 7302 ISAM : The Full Service DSLAM
Product Highlights
> Non-blocking Video Delivery
• 1 Gigabit per LT
• IGMP Proxy @ LT
• Layer 2 Multicast inside
• Line Rate packet forwarding
• 100% BTV, 100% VoD
> Wire Speed service delivery
• 16 LT slots @ 1Gbps wire speed
• 24 Gbps non blocking switch
• Distributed processing
• Layer 2 QoS (Strict Priorities)
> Continuity with ASAM
• Same ASAM XD equip. practice
• Same AWS Management
• Same DSL provisioning SW
• Same DSL Chipset
> Service Intelligence
• Bridging & Cross-connect
• PPP Termination
• DHCP option 82
• Evolution to IP routing
> Service Hubbing
• 48 Multi-ADSL (ADSL, ADSL2,
READSL,ADSL2+)
• Up to 7 FE/GigE for uplinks & subtending
• Trunking (802.3ad) support
• 4 levels of subtending
> Ethernet access for SMEs
• FE or GigE connectivity
• Optical and/or Electrical
• Long reach with 1000B-Zx (up to 80Km)
> XD benefits
• 768 subscribers per shelf, 3072 per 60x60
• Splitterless practice
• Full Metallic Test Access
> An Alcatel product
• High reliability
• High quality supply chain : delivery in time
and first time right, spare parts locally
available
• Local presence of expertise and support
• End-to-end QoS with 7450 ESS
16. 16
TOC
Alcatel 7302 ISAM : The Multi-Service DSLAM
Continuity in operations &
zero effort introduction
Wire-speed service delivery
Multi-service intelligent
(3play, business) access
Service node in central
office
Key evolution factors 7302 ISAM value proposition
> Same (XD) equipment practice & DSL software
> AWS management
> Proven quality & operational support
> 1 Gigabit per LT
> Non-blocking architecture (Full Service to all users)
> Multi-ADSL2+ support, Multiple GigE uplinks
> Advanced Multicast for Video (IGMP Proxy @ LT)
> Stringent QoS
> Security
> Ethernet access to SME end-users
> Service delivery from the central office
> Small and remote aggregation
> Same management across all Alcatel DSLAMs
17. 17
TOC
7302 ISAM
7302 ISAM : Intelligent Services Access Manager
Multi Service Hub
Internally Ethernet based
Interfacing with an Ethernet aggregation
User terminations
DSL multiplexer: ADSL, ADSL2, ADSL2+, READSL, Direct Ethernet over Fiber
Future evolution
VDSL (Ethernet First Mile),ADSL2(+) Annex M
Services
HSI (High Speed Internet Access)
Using integrated or external BAS (Broadband Access Server)
Video over DSL
Leased line over DSL
And many more …
Extending coverage using subtending
Ethernet interfaces
Advanced Element Management
Alcatel 5523 AWS
18. 18
TOC
7302 ISAM: Introduction of a Multi-Service IP DSLAM
Serving new services deployment with technology evolution
Service
Technology
HSI
Triple
Play
Traditional
ATM DSLAM
Ethernet uplink
Traditional
“IP DSLAM”
Multi-Service
“IP DSLAM"
Multi-Service
ATM DSLAM
Ethernet uplink
Bandwidth
QoS Intelligence
Scalability
Next-Gen
access node :
•More Capacity
•More Intelligence
•More QoS
•More Scalable
IP DSLAM
Market Hype :
•Intermediate
platform
•Not ready for
100% 3play roll-out
7302 ISAM
19. 19
TOC
Central Office Alcatel DSLAM portfolio evolution
Add Multi-
Service
7300 ASAM R4
ATM
aggregation
7301 ASAM R5 ATM
aggregation
Broadcast Video
Video on Demand
High Speed
Internet
Business access
Add Ethernet
Aggregation
.
.
.
High Speed
Internet
Ethernet
Aggregation
ATM
aggregation
7301 ASAM
One Management
Cost effective
bandwidth
For high Video
increase
7300 ASAM
Ethernet
Aggre-
gation
HSI & Ethernet only
F
E
HSIA
Towards a full IP
aggregation
network
Ethernet
Aggregation
7302 ISAM
Multi-Service
for Ethernet only
Multi-Service
for ATM and
Ethernet
Continuity in operation & zero effort introduction (practice, management, DSL Software, QOS)
20. 20
TOC
The well-known ASAM concept…
Internally the ASAM is ATM-based
Traditional
Broadband
Architecture
1st Mile
xDSL
ATM over DSL
E1/3, STM-1/4
ATM
2nd Mile
ASAM
ATM
swich
ATM
DSL with
Ethernet
Backhaul
xDSL
ATM over DSL
FE, GbE
Ethernet
Ethernet
swich
ASAM
ATM
= SAR function
21. 21
TOC
Introducing of the ISAM concept…
Internally the ISAM is Ethernet based
DSL with
Ethernet
Backhaul
xDSL
ATM over DSL
FE, GbE
Ethernet
Ethernet
swich
DSL with
Ethernet
Backhaul
xDSL
ATM over DSL
FE, GbE
Ethernet
Ethernet
swich
ASAM
ISAM
ATM
Eth
DSL with
Ethernet
Backhaul
xDSL
Eth over DSL
FE, GbE
Ethernet
Ethernet
swich
ISAM
Eth
1st Mile 2nd Mile
= SAR function
“Direct
Ethernet”
Ethernet
23. 23
TOC
7302 ISAM Network topology
NSP IP backbone
NSP IP backbone
NSP IP backbone
EMAN
IP Edge
Router
Ethernet
Switch
ISAM
any
IP-DSLAM
ISAM
mxFE
kxFE/GE
ADSL
ADSL
ADSL
ISAM
ADSL
GE
GE
ISAM
ADSL
n*FE
pxFE/GE
lxFE/GE
cascading up to 4 levels
NSP IP backbone
FE/GE
FE/GE
FE/GE
24. 24
TOC
Cascading topology
Cascading topology
Up to 4 levels of cascading
Link aggregation (n*FE/GE)
Other limitations … depending on forwarding models (MAC@
tables, ARP tables)
7302 ISAM
7302 ISAM
7302 ISAM
7302 ISAM
xDSL xDSL xDSL xDSL
7302 ISAM
7302 ISAM
7302 ISAM
xDSL xDSL xDSL xDSL
Ethernet
DSLAM
N * FE/GigE N * FE/GigE N * FE/GigE N * FE/GigE
N * FE/GigE N * FE/GigE N * FE/GigE N * FE/GigE
EMAN node
EMAN node
25. 25
TOC
Star topology
Star topology
Limitation by number of physical interfaces
Link aggregation (n*FE/GE)
Limitations from forwarding models used
7302 ISAM
xDSL
7302 ISAM
7302 ISAM
7302 ISAM
xDSL
Ethernet
DSLAM
EMAN node
N * FE/GigE
26. 26
TOC
Ring topology
N * FE/GigE
EMAN node
7302 ISAM
xDSL
7302 ISAM
xDSL
7302 ISAM
xDSL
7302 ISAM
xDSL
N * FE/GigE
N * FE/GigE
N * FE/GigE
N * FE/GigE
Ring topology
Limitation by number of HOPS of STP
Link aggregation (n*FE/GE)
Limitations from forwarding models used
27. 27
TOC
7302 ISAM Interfaces and terminology
7302 ISAM
LT
•ADSL links
•ADSL/ADSL2/READSL2
•ADSL2+
ASAM links
GE - electrical
Eth
•Network link
•FE/GE
•Optisch/electrical
VOICE
HSI
VIDEO
GE/FE
•Subtending/cascading Links
•GE/FE
•optical/electrical
User links
•GE/FE
•optical/electrical
NT
Internal interfaces:
External interfaces
Aggr
Function
Contr
function
Control link
FE - electrical
28. 28
TOC
7302 ISAM ports and terminology
7302 ISAM
LT
•Logical user port
ASAM port
Eth
•Network port
VOICE
HSI
VIDEO
GE/FE
•Cascading port
Internal interfaces:
External interfaces
NT
Aggr
Function
Contr
function
Control port
•User port
30. 30
TOC
7302 ISAM Building blocks
Aggregation function
GE1-16
External
ethernet links
GE/FE
1 - 7
ASAM links
Control link
FE
LIM
IWF
LIM
IWF
48
ADSL
lines
LIM
CPE
IWF
LT-OBC x
D
S
L
M
o
d
e
m
s
AGGR-
OBC
PVC / user logical port
Control/management
functions
32. 32
TOC
7302 ISAM R2.x system architecture
Based on 7300/7301 XD -
equipment practice
16 LT boards
48 lines/LT
Each LT contains an IWF
Aggregation (Service Hub)
and Control- & management
function integrated on NT
1GE connectivity between
NT and LT via backpanel
SMAS card
System MAC Address
Storage
ASAM -shelf
External
Ethernet
links
ASAM link
Control link
LT 1
IWF
PVC / Logical
user port
LT 16
IWF
48
ADSL
lines
NT
Aggregation function
Control/Mgt function
FE
GE1 ..16
GE/FE
1 - 7
SMAS
ACU
33. 33
TOC
ISAM R2.0 building blocks: NT and LT
Line Termination boards – LT’s
Connectivity to DSL user
Involved in the data forwarding path
IWF – Interworking function
Network termination board - NT
Runs Control Plane Software logic and
Management software
Provides management and control interfaces,
SW management, fault management,
configuration management and DB
management
Service Hub
Connectivity for electrical or optical
Ethernet interfaces
Master clock selection and distribution
One NT per shelf
No redundancy supported
LT
.
.
.
…
…
P
S
P
S
PSTN
7302
ISAM
LT BOARDS
APPLIQUE
BOARDS
NT I/O LT
NT
ACU
3 x FE/GigE
elec or
GigEoptical
SMAS
34. 34
TOC
ISAM R2.x building blocks: NT I/O
provide additional external
interfaces to the 7302 ISAM shelf.
Interfaces with the NT via the
backpanel
ethernet interface for
management
Interface for test access
One NT-I/O/ISAM system
LT
.
.
.
…
…
P
S
P
S
PSTN
7302
ISAM
NT I/O LT
NT
ACU
4 x FE/GigE
elec or
GigEoptical
SMAS
35. 35
TOC
ISAM R2.x building blocks: ACU
ACU: Alarm Control Unit
Collection of equipment alarms
(fans, fuses, …)
Customer external alarms
Drive alarm lamps in TRU
Connection to Craft Terminal
One ACU/ISAM system
Craft Terminal
LT
.
.
.
…
…
P
S
P
S
PSTN
7302
ISAM
NT I/O LT
NT
ACU
4 x FE/GigE
elec or
GigEoptical
SMAS
37. 37
TOC
ISAM 7302 R2.x
Single-shelf ASAM equipment practice
XD-LT ETSI splitterless shelf
ALTS-T
Different Rack configurations
Splitterless deployment
Max 2 Shelves per Rack
2 ISAM Systems per Rack
Deployment with splitters integrated in
rack
1 Shelf per Rack
1 ISAM System per Rack
TRU
SUB 2
SUB 1
Splitterless deployment
38. 38
TOC
ISAM 7302 R2.x : Rack configurations
Splitterless deployment
2 ISAM systems in 1 rack
TRU
Splitterless
shelf 2
Splitterless
shelf 1
dustfilter
TRU
Splitterless
shelf 1
dustfilter
Splitterless deployment
1 ISAM systems in 1 rack
Combo deployment
splitters integrated
in rack
TRU
Splitterless
Shelf
Splitter
Shelf
dustfilter
39. 39
TOC
XD-LT ETSI splitterless shelf: ALTS-T
XD splitterless equipment
530 x 285 x 750**mm shelf with front acces
**750 mm fanunit without dustfilter
**763 mm fanunit with dustfilter
Fits a conventional 2200mm rack
600 x 300 mm rack dimensions
Housing for 2 NTs, one ACU , 16 line cards (LTs)
Has no splitter area
External splitter possible ( in rack or MDF)
60 x30 cm² footprint
Two shelves per rack possible
768 lines per shelf
Fan unit inserted in each shelf
8 Fans – One failure supported
One dust filter needed per rack
Optimized for mass deployment
Low power consumption per line
XDSL x 24
XDSL x 24
LT board
Back panel
LINE(1..24)
LINE(25..48)
FAN
Dustfilter
40. 40
TOC
Dust filter
XD-LT ETSI splitterless shelf: ALTS-T
ACU
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
NT
connector area
line board area
fan area
ISAM NT I/O
NT
(future)
ADSL Lines
25-48
ACU
ADSL Lines
1-24
SMAS
Fan unit
PWR
LT
41. 41
TOC
XD-Splitterless shelf : Connector area
remote CT
TRU
connectors for ADSL lines
Extension
A B
previous
subrack
* not supported
next subrack
* Not supported
PSTN
Dial-in modem
PWR
AL - AR
BL - BR
RET
42. 42
TOC
PLID Setting (1/2)
The splitter shelf (ASPS-A)
does not have PLID jumpers.
In case a splitter shelf is
equipped in a rack, the next
splitterless shelf (ALTS-T) is
considered as “subrack 1”.
43. 43
TOC
XD Splitter shelf: ASPS-A
XD splitter equipment
465x280x785mm shelf with front
acces
Fits a conventional 2200mm rack
600 x 300 mm rack dimensions
Housing for up to 16 Splitter Cards
each supporting 48 lines
60 x30cm² footprint
Can be mixed in the same rack with
XD-LT subrack
Integrated splitter configuration
Only one ISAM system in one rack
Test/Spare bus on backpanel
PSPC board
Back panel
LINE (25..48)
LINE (1..24)
LINE
25-48
POTS
25-48
POTS
1-24
LINE
1-24
44. 44
TOC
XD Splitter shelf: ASPS-A
connector area
Splitter
board
area
ADSL Lines
1-24
TAUS
ADSL Lines
25-48
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
connector area
ADSL
25-48
POTS
25-48
POTS
1-24
ADSL
1-24
P
W
R
A
L
M
TRU cable
45. 45
TOC
Hardware – System’s components
Top Rack Unit
Up to 2 XD LT shelves
per rack
Fan Units
Splitter shelf can be integrated
in rack or separate (as shown)
ATRU-Q
AFAN-H
• Power provisioning
• Fuses for boards/fans
air flow
XD LT shelves
• with or without dustfilter
46. 46
TOC
Top Rack Unit: ATRU-Q ISAM variant
2 Variants exists
Top rack unit for splitterless rack configuration
One or two LT subracks
Powering for Service Hub included
Top rack unit for rack configuration with splitter
one LT subrack + one SP subrack
Powering for Service Hub included
47. 47
TOC
Network Termination board – ECNT
Service Hub
24 Gbps line rate capacity
16 port reserved for line cards
1 port to the control & mgt function
7 ports remaining for Ethernet user links,
subtending links and network links
2 Variants
ECNT-A – 100 Mb to each LT
ECNT-B – 1GE to each LT
Contains FLASH, RAM and ROM memory
Interfacing with management and control
interfaces via backpanel
Traffic management on NT
Layer 2 optimized
Evolution to layer 3
ECNT-A
ECNT-B
48. 48
TOC
Network Termination board – ECNT
3 Ethernet interfaces
RJ45 auto-sensing 10/100/1000Base-T
On board Media Conversion to GE Optical
SFP Optical Modules required
3 status leds
extensive debug LEDs and LEDS per port
LEDs
Optical i/fs
Electrical
i/fs
49. 49
TOC
Network Termination board – NT-I/O
Provides 4 Additional Ethernet External Interfaces
ECNC-A Variant
RJ45 auto-sensing 10/100/1000Base-T (4)
On board Media Conversion to GE Optical
ECNC-B Variant
FE Optical interfaces (4)
SFP Optical modules required
RJ45 for out-band management (Ethernet)
RJ45 for Test access (Connection to TAU)
extensive debug LEDs and LEDS per port
One card per shelf (if needed)
Status
LEDs
Optical
i/fs
50. 50
TOC
SFP Pluggable Optical Modules for NT & NT-I/O
Optical modules available for GE
GE SX MM 850nm 550m (4dB)
GE LX SM 1310nm 10km (11dB)
GE EX SM 1310nm 40km
GE ZX SM 1550nm 80km (20dB)
Optical modules available for FE
FE MM 850nm 550m (4dB)
FE SM 1310nm 10km (11dB)
All modules have LC connector
51. 51
TOC
Line Termination Board: LT
Multi-ADSL line card
48 ports per card
ADSL/ADSL2/Re-ADSL2/ADSL2+ line
termination
POTS and ISDN Line cards
GigE interface towards switching matrix via
backpanel
ATM cell <-> Ethernet packet conversion
Inter Working Function (IWF)
network processor to provide ATM and Ethernet
inter-working function.
IPX for EBLT-C & EBLT-D – L2&L3 Forwarding
Models
BCM6550 for EBLT-A – L2 Forwarding Model only
ISAM R1.0 LTs can be used in R2.0
Auto-sensing to determine from where the data
comes
EBLT-A (POTS - BCM 6550)
EBLT-C (POTS – IPX)
EBLT-D (ISDN – IPX)
52. 52
TOC
Line Termination Board: LT
Installed in any of the 16 LT slots
of the XD Splitterless shelf
(ALTS-T).
Status leds
Transport of Ethernet packages
from and to the Service Hub in the
NT via GE point to point connections
on the backpanel
Can be hot inserted or hot
extracted.
ISAM R1.0 LTs can be used in R2.0
Auto-sensing to determine from
where the data comes
53. 53
TOC
Hardware – Line Termination card (schematic)
LT
ADSL
POTS
xDSL
modem
x/ATM/xDSL
High Pass
Filter
ADSL
POTS
ADSL
x/ATM
Ethernet
ATM/Eth
IWF
OBC
Utopia
i/f
Backplane
i/f from connector
Backplane
i/f to NT
54. 54
TOC
Alarm control Unit Board: ACU
Inserted in the left outmost slot of the XD Splitterless
shelf (ALTS-T).
Five LEDs to indicate different levels of fault conditions
ACO/Lamp test pushbutton switch
Craft interface
9-position subminiature D connector
Ethernet connection
RJ-45 for out-band mgmt
Cannot be used
One ACU/ISAM system
AACU-C
55. 55
TOC
System MAC Address Storage: SMAS-card
SMAS = System MAC Address
Storage
Located on the XD Splitterless shelf
(ALTS-T) next to slot 16
Contains only a Remote Inventory
Contains the MAC@ of the shelf
NT public MAC@
Does not contain MAC@ of Service
Hub
Without SMAS the ISAM doesn't
come online,
SMAS is delivered with XD
Splitterless shelf.
ESSMAS
56. 56
TOC
POTS splitter board : PSPS
48 lines per card
Inserted in slot of splitter shelf
16 slots per shelf
Separates the ADSL and POTS/ISDN
signals in the upstream direction &
Combines the ADSL modem signals with
POTS/ISDN signals to the customer
With or without relays
Supports connection to external test device for
line measurement purposes
AA variant: outward line testing
AB variant : full test access
Ready to support N+1 LT redundancy
Compatible with ADSL2+ (2.2 MHz
bandwidth)
POTS and POTS+ISDN 2B1Q Variant
ADSL
25-48
POTS/ISDN
25-48
POTS/ISDN
1-24
ADSL
1-24
XD-PSPC 48 lines
PSPS-B (POTS)
PSPS-T (POTS + ISDN - Combo)
57. 57
TOC
MDF cabling in the 7302 ISAM
SFP SFP SFP SFP
Subscriber line
PSTN
MDF
ADSL
POTS
ADSL
POTS
POTS
DATA
Eth
ADSL
POTS
LPF
ADSL
POTS
SPLIT
ADSL
POTS
HPF
58. 58
TOC
SFP SFP SFP SFP
MDF cabling in the 7302 ISAM
Subscriber line
POTS
MDF
External Splitter
device
Incumbent LEC
Competitive LEC
Splitterless ISAM
shelf + Service Hub
ADSL
POTS
LPF
POTS
ADSL
POTS
SPLIT
ADSL
POTS
HPF
ADSL
POTS
ADSL
POTS
DATA
Eth
63. 63
TOC
802.3ad Link Aggregation Protocol
Multiple Links can be aggregated into a Link Aggregation
Group
Data rate of aggregate is N times date rate of components links
Aggregate participates in forwarding decision process
Supported for Network & Subtending Links
Support for up to 2 Link Aggregation Groups (LAG)
Support for LACP
EMAN node
7302 iSAM
xDSL
xDSL
7302 iSAM
L.A.G. L.A.G.
64. 64
TOC
802.1w Rapid Spanning Tree Protocol
xDSL
xDSL
X
X
X
>Avoids loops in a bridged network by disabling certain links
•Provides path redundancy in bridged networks
•Rapid STP provides sub second reconvergence times
•One spanning tree for all VLANs
•Can be configured in STP compatible mode
•R-STP limits number of hops (typically 8)
66. 66
TOC
NT
Forwarding functionalities provided by two forwarding engines
Forwarding functionality on LT
Each LT has an IWF
16 LTs per ISAM system
Service Hub on NT
Service
Hub
GE1-16
External
Ethernet
links
GE/FE
1 - 7
ASAM
link
LT 1
PVC / Logical
user port
CPE
x/ATM/ADSL
x/Eth x/Eth
x/Eth
VP/VC User
IWF
GE1-16
68. 68
TOC
L2 functionality - General (1/4)
Network
side
DSL
ATM
Eth – (VLAN) User
side
7302 ISAM
ANT
Eth - VLAN
The 7302 ISAM will:
Terminate xDSL and ATM coming from user side
Have Ethernet on the ‘network’ side
In case tagged frames at user side and tagged frames supported ,
VLAN-id ported transparently (only from R2.0 onwards)
Layer 2 forwarding
Ethernet Layer must bepresent at both sides.
Encapsulation at CPE must include Ethernet
Eth-VLAN
L2
Anything
Anything
69. 69
TOC
L2 functionality - General (2/4)
Two forwarding modes are supported in the7302 ISAM.
The cross-connect (CC) mode
One Virtual Circuit per VLAN (Not one VLAN per VC)
In combination with support of tagged frames on user side, possibility to have
multiple VLANs per Virtual Circuit
The Intelligent bridging (IB) mode
Each VLAN can be used by multiple Virtual Circuits
e.g. VLAN indicates provider
Each IB-VLAN has 2 or more egress ports:
1 or more user logical port/cascade (trunk) port/user Ethernet port
1 or more network (trunk) ports
Each CC-VLAN has 2 or more egress ports:
Strictly 1 logical port/cascade (trunk) port/user Ethernet port
1 or more network (trunk) ports
70. 70
TOC
7302 ISAM: Layer 2 behaviour (3/4)
ASAM link
PVC / Logical
user port
LIM 16
IWF
48
ADSL
lines
Standard VLAN enabled
bridge. Provde IB and XC
mode by standard VLAN
configuration with extra
features
Special E-Man/ATM Layer
2 access behaviour of the
IWF.
Cross-connect or
Intelligent bridge mode.
LIM 1
IWF
External
Eethernet
links
GE1-16
NT
Aggregation function
Service Hub
Control link
Control/Mgt function
FE
GE1 ..16
GE/FE
1 - 7
Management of data
plane LIMs,
no forwarding
71. 71
TOC
7302 ISAM - L2 functionality - General (4/4)
CPEs needs to use Ethernet over ATM, encapsulated by AAL5
and RFC2684 “bridged”
POTS,ISDN
CPE
ISAM
LT
AAL5
ATM
xDSL?
LLC
SNAP
Anything
Ethernet
Layer 2
PHY
Ethernet
Layer 2
(+ MAC
Control)
E-MAN
Network
Anything
AAL5
ATM
PHY
LLC
SNAP
Ethernet
Layer 2
GE
Ethernet
Layer 2
(+ MAC
Control)
ETH-ATM
Interworking
Function
(IWF)
Eth
GE
Eth
FE/GE
Switch
GE
Eth
FE/GE
Eth
PHY
Switch
NT
73. 73
TOC
Standard Bridging Principle
MAC bridges can interconnect all kinds of 802 LAN together
Delivery of frames is not guaranteed
A bridge monitors the traffic on all ports and remembers for each source MAC
address on which port it resides. This is called SELF LEARNING.
Learn MAC addresses of all connected users, and connected edge points
If the destination MAC address is broadcast, multicast or unknown, the frame
is forwarded to all interfaces:
“If you do not know, send it to everybody’
If the destination MAC address is known as a result of the self learning, the
frame is forwarded to the indicated interface
Possible states of a bridge (STP):
Learning: relay disabled, learning enabled
Forwarding: relay enabled, learning enabled
Blocking: relay disabled
Disabled: by management (STP disabled)
74. 74
TOC
DSLAM & Ethernet switches in bridged mode: Issues
Scalability:
Broadcast storms
Security
Broadcast frames (ARP, PPPoE-PADI…) are forwarded to all users
Customer segregation
customers are identified by MAC-address (not guaranteed unique)
Restrictions on services and revenues:
IP edge device has no info on the access line
e.g. not possible to limit the #PPP sessions per access line, or to do IP spoofing, …
User-to-user communication is possible without traffic passing the BRAS
(operator has no means to charge for that traffic)
note that PPPoE forces traffic to go via BRAS.
75. 75
TOC
VLAN Intelligent Bridging model
Multiple users connected to 1 VLAN ID
1 VLAN ID per [IP-edge –DSLAM]-pair
Each IB-VLAN has 2 or more egress ports:
1 or more user logical port/cascade (trunk) port/user Ethernet port
1 or more network (trunk) ports
Internet
E-MAN
Network
ISP2
ISP1
Routing to the
correct ISP is
based on the
VLAN-id
Routing to the correct
ISP is done based on
user-id and password in
the BRAS
E-MAN
Network
IP
Internet
ISP
Corporate
BAS
Login to ISP
or corporate
Note : Tagged frames supported from
7302 ISAM R2.0 onwards but not for IB
(only for CC mode )
76. 76
TOC
VLAN Intelligent Bridging model
Special layer 2 behavior needed for equipment being deployed in an
access environment
Intelligent bridging with VLAN tagging
Intelligent Bridge (IB) means
Difference between network ports and user ports
Frames received from a user always sent towards the network
Frames received from a user never sent to a user
• No user to user communication
Prevention of Broadcast storms
Avoid broadcast to all users
Avoid broadcast as consequence of flooding
Depending on protocol above Ethernet treatment of BC frame type can be different
Secure MAC-address learning
Avoid the use within one particular VLAN of the same MAC-address over multiple ports
Protocol filtering
A resulting match or mismatch with a protocol filter may lead to a frame being forwarded, sent to a host
processor, discarded or forwarded & sent to a host processor
77. 77
TOC
Security/Scalability issue with Standard bridging
Broadcast frames (ARP, PPPoE-PADI…) forwarded to
all users & flooding to all ports.
MAC-address of a user is exposed to other users
Broadcast storms
Ethernet
BRAS PC
CPE
DSLAM
PC
CPE
DSLAM
PC
CPE
BR
BC or unknown MAC DEST @
Problem:
Broadcast msg (ARP, PPPoE …) from
PC (US) and BRAS (DS) is broadcasted
to all ports.
Flooding of frames with unknown MAC
DEST address to all ports
MAC-address of a user is exposed to
other users
BC or unknown MAC DEST @
78. 78
TOC
“Intelligent bridging” – broadcast msgs & flooding US
Upstream broadcast frames only forwarded within a VLAN &
flooding only towards network port(s) within the VLAN
substantial reduction of flooding in the aggregation network.
No User-to-user communication is possible without traffic passing the BRAS
Different treatment depending on type of broadcast frames needed for certain
applications
Ethernet
BRAS PC A
CPE
ISAM
PC
CPE
ISAM
PC B
CPE
BC or unknown Mac DEST@
BR
Solution:
•ISAM forwards upstream broadcasts
only to the uplink
•ISAM floods frames with unknown
MAC DA only to uplink
•1 VLAN per ISAM/BRAS
•Bridge only broadcasts/floods
within a VLAN
VLAN 1
VLAN 2
79. 79
TOC
“Intelligent bridging” – broadcast msgs & flooding DS
Blocking of broadcast & flooding in the downstream
Avoids that some messages would be unintentionally distributed to all users
For some applications it is useful that flooding BC is possible
Solution: Make flooding BC/discarding BC a configurable option per VLAN
Different treatment depending on type of broadcast frames needed for certain
applications
Protocol filters
ISAM
Ethernet
BRAS
PC
CPE
ISAM
PC
CPE
PC
CPE
BC or unknown
MAC DA
BR
Solution:
No messages unintentionally
distributed to all users.
Security.
Principle
80. 80
TOC
NT
Intelligent Bridging function in 7302 ISAM
IWF on the LTs
support the E-MAN/ATM layer 2 access.
Each IWF has separate filtering databases (Fdb) to implement bridge
function
Service Hub on NT
Own filtering databases (Fdb)
Filtering databases on IWFs & Service Hub per VLAN
MAC-address learning is done within the VLAN
Service
Hub
GE1-16
External
Ethernet
links
GE/FE
1 - 7
ASAM
link
LT 1
PVC / Logical
user port
CPE
Eth/ATM/ADSL
Eth Eth
Eth
VP/VC User
IWF IB
IB
81. 81
TOC
Residential Bridging function in 7302 ISAM
Bridge function : Learning, aging, forwarding
Lookup MAC DA done based on VLAN and MAC-address
Intelligent bridging enhancements implemented on IWFs and
Service Hub
Autonomous behaviour of IWF and Service Hub
Independent MAC-address learning
Independent MAC-address aging
Aging timers are configurable
• Should be the same
82. 82
TOC
Self-learning in the IWF-LT
only in the upstream - when initiated from user logical port
No self-learning on Ethernet uplink of the IWF
Half a bridge
Self-learning can be disabled per user logical port.
In case of self-learning, limiting the number of MAC addresses is
possible.
LT
To Service
Hub
Learning of Source Mac@
within VLAN
NO selflearning
x
y
z
MacA
MacB
MacC
MacA ->MacD
MacD ->MacA
x
port
MacA
Mac@
1
y MacB 1
VLAN
z MacC 2
83. 83
TOC
Bridged mode in the IWF-LT: Upstream
Flood all unicast frames with unknown MAC DA to the Ethernet
port
No user to user communication within the LIM
No flooding from user to user port
Broadcast frames are flooded towards the NW port
Unless differently defined by a protocol filter.
LT
To Service
Hub
MAC DA unknown
or BC frame and no
match protocol filter
x
y
z
MacA
MacB
MacC
84. 84
TOC
Bridged mode in the IWF-LT: Upstream
Frames with MAC DA known not forwarded to user
but flooded to the Ethernet port
MAC DA known means address already learnt for a user on the
same LIM
No user to user communication within the LIM
due to HW functionality
LT
To
Service
Hub
x
y
z
MacA
MacB
MacC
MAC DA known
MACB MACA
x
port
MacA
Mac@
1
y MacB 1
VLAN
z MacC 2
85. 85
TOC
Bridged mode in the IWF-LT: Downstream
Forward all unicast frames with known MAC DA to the correct
user logical port
Discard all unicast frame with unknown MAC DA
No flooding from NW port to user port
No user to user communication
LT
From Service
Hub
x
y
port
MacA
MacB
Mac@
1
1
VLAN
x
y
z
MAC DA known
MACD MACA
MAC DA unknown
MACD MACC
86. 86
TOC
Bridged mode in the IWF-LT: Downstream
Broadcast frames received on Ethernet uplink are treated in
function of the BC flag in the system
Configurable per VLAN (in IB mode)
By default BC is disabled.
broadcast frames received on Ethernet uplink are dropped unless
differently stated by protocol filter rules.
BC flag enabled
broadcast frames received on Ethernet uplink are flooded to all users
unless differently stated by protocol filter rules.
BC disabled
and no match protocol filter
LT
From
Service
Hub
BC frame and BC enabled
and no protocol filter
LT
MAC-DA
Broadcast
MAC-DA
Broadcast
From
Service
Hub
87. 87
TOC
Bridged mode in the Service Hub: Upstream
Self-learning implemented for both upstream and downstream
direction
User port support only cross-connect mode
Discard all user unicast frames with MAC DA known on an
ASAM or Subtending port
No user to user communication
Learning of Source
Mac@ within VLAN
X’
port
MacA
Mac@
1
Y’ MacB 1
VLAN
Z’ MacC 1
U’ MacD 1
E-MAN
LT
LT
Service
Hub
E-MAN
X’
Y’
Z’
MacA
MacB
MacC
U’
V’
B A
B C
88. 88
TOC
Bridged mode in the Service Hub: Upstream
Flood all unicast frames with unknown MAC DA to the NW ports
Flooding within the VLAN and hardware
isolation group
No user to user communication
Broadcast frames are flooded towards the NW port
Broadcast within the VLAN and hardware isolation group
Unless differently defined by a protocol filter.
E-MAN
LT
LT
Service
Hub
E-MAN
X’
Y’
Z’
MacA
MacB
MacC
U’
V’
BBC
B E?
X’
port
MacA
Mac@
1
Y’ MacB 1
VLAN
Z’ MacC 1
89. 89
TOC
Bridged mode in the Service Hub: Downstream
Self-learning implemented for both upstream and downstream
direction
User port support only cross - connect mode
Forward unicast frames with known MAC DA based on learnt
information on ASAM ports,subtending ports
forwarding within the VLAN and HW isolation group
E-MAN
LT
LT
Service
Hub
E-MAN
X’
Y’
Z’
MacA
MacB
MacC
U’
V’
D A
X’
port
MacA
Mac@
1
VLAN
Z’ MacC 1
V’ MacD 1
90. 90
TOC
Bridged mode in the Service Hub: Downstream
Flood all unicast frames with unknown MAC DA to ASAM ports,
subtending ports,
flooding within the VLAN the HW isolation group
Frames dropped in the LIM
Broadcast frames flooded towards ASAM ports, subtending ports,
user ports
flooding within the VLAN and HW isolation group
Further processing of the BC frame by the LT-IWF
Unless differently defined by a protocol filter.
E-MAN
LT
LT
Service
Hub
E-MAN
X’
Y’
Z’
MacA
MacB
MacC
U’
V’
D BC
D E?
X’
port
MacA
Mac@
1
VLAN
Z’ MacC 1
V’ MacD 1
91. 91
TOC
Blocking of user to user communication on IWF
No flooding from user to user due to HW implementation
Unicast frame with known MAC DA forwarded only to uplink port
Forwarded to the Service Hub
LT
To
Service
Hub
x
y
z
MacA
MacB
MacC
B A
B C
B BC
x
port
MacA
Mac@
1
y MacB 1
VLAN
z MacC 2
92. 92
TOC
Blocking of user to user communication on Service Hub/NT
Port mapping on the Service Hub/NT
An interface can only communicate
with its mapping ports
Prevent certain ports from sending
packets to other ports even if they are
on the same VLAN
Link configuration implements
configuration of the link
port-mapping relationship of the
interfaces of the Service Hub
Default configuration present on the
Service Hub
Reconfigurable by the operator
Discard all user unicast frames with
MAC DA known on an ASAM or
Subtending port
ASAM links
7 Network
links
Control
link CPU port
1 15 16
Service
Hub
ASAM links
X Network
links
Control
link CPU port
1 15 16
Service
Hub
User links
Subtending
links
Default configuration
93. 93
TOC
Blocking of user to user communication on Service Hub
Prevented by port mapping
NW Network Link
SUB Subtending Link
ASAM ASAM Link
USER User Link
CONT Control Link
user links
subtending links
E-MAN
network
links
ASAM links
Control link
NT
LT
LT
94. 94
TOC
Unique VID per [IPedge -DSLAM]-pair in EMAN when Int. bridge
VLAN must be unique between [IPedge-ISAM]-pair to support
Intelligent Bridging feature
Avoid user to user communication
Avoid BC and flooding towards ISAMs
IP edge PC A
CPE
ISAM
PC C
CPE
VLAN1
BR
Problem:
If user A can obtain the MAC-
address of user C, since the
Ethernet switch learns all Mac-
addresses , user to user
communication is possible
Solution:
Make sure that all IPedge-ISAM
pairs are unique
ISAM
Ethernet
95. 95
TOC
Customer segregation issue resolved in IB
Protection against the learning of duplicate MAC-address
no unstable behaviour
Traffic from duplicate MAC-address in separate DSLAM can be
distinguished as separate flow in the Ethernet switches of aggregation
Network when different VLAN id per DSLAM is used
port Mac@
x MacA
y MacA
MacA
MacA
ETH Port x
Port y
Packet with destination address MacA
Problem:
If 2 users with same MAC-
address, forwarding engine can
not distinguish
Solution:
MAC@ conflict control
Secure MAC@ learning
?
96. 96
TOC
Secure MAC@ learning
Service Hub
MAC movement to highest
priority
Within priority , always MAC
Movement
Within priority , MAC
movement only when feature is
enabled in the VLAN
(configurable)
LT-IWF
Blocking duplicate MAC-
address
Static MAC-addresses never
disappear from learning table
irrespective of possible priority.
user links
subtending links
E-MAN network links
ISM links/outband
MGT link
ASAM links
NT
LT
LT
Control link
IWF
IWF
1
2
3
3
3
3
2
2
3
97. 97
TOC
Blocking of number of MAC-addresses per port in IB
Operator can configure max. number of MAC-addresses in the table.
Prevents attacks that would fill up the bridging tables
Service differentiation
set subscription rules on max number of devices connected simultaneously
Note : Number of MAC-addresses learned in the switches remains
an issue … .
port Max
Mac@
x 2
MacA
ETH
Port x
Connected
via PPPoE
MacB
MacC
bridged
IP
Internet
ISP
BAS
port Mac@
x MacA
x MacB
PADI with source address=MacC
ISAM
98. 98
TOC
Blocking of number of MAC-addresses in 7302 ISAM
On the LT-IWF
Max-Num-MAC-entries-DSL-Port
HW dependent
Max-Unicast-MAC-ULP (user logical port)
Configurable Max-Num-MAC-entries-DSL-Port
( # MAC@ per PVC)DSL port Max-Num-MAC-entries-DSL-Port
( # MAC@ per PVC)LT Max-Num-MAC-IWF - 72 MC entries
On the Service Hub
no object to limit the number of MAC-addresses per Ethernet port
the max. number of MAC-addresses is defined by Service Hub MAC-
address capacity
Max. Number of MAC-addresses Service Hub = 16K
99. 99
TOC
Intelligent Bridge drawbacks
Security Services !
IP edge has no info on the line id (e.g. not possible to limit the
number of PPP sessions per access line, or to do anti IP-address
spoofing, …)
The function could be taken up in BRAS, if associated with PPP relay
(BRAS would link IP@ - PPP session id – line id) or for non-ppp
connectivity via DHCP option82
No support for devices with same MAC-addresses when
connected to same ISAM
Protocol filters needed for protocols that rely on broadcast
messages towards user
100. 100
TOC
VLAN intelligent Bridging model – traffic
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
IB
IB
IP
Eth
RFC2684-br
IPoE
PPP
IP
Eth
PPPoE RFC2684-br
IPoE
DSL
IP
Eth
ATM
PPPoE
DSL
PPP
IP
Eth
ATM
PPPoE PPPoE
RFC2684-rt
IPoA
DSL
ATM
IP
PPP
IP
Eth
PPPoE PPPoA
DSL
IP
ATM
PPP
PPPoE
LT
Service
Hub/NT
IB
IB
IB
session layer
unchanged!
(transparent)
translation
to PPPoE
by PPPoE
server
IB
NT
LT
102. 102
TOC
Cross connect mode
Conceptually very similar to classical ATM PVC cross-
connect
One “customer”-VLAN (C-VLAN) contains strictly one user
User port or user logical port or user on subtended interface
One “customer”-VLAN contains one or more network ports
One user can be cross-connected to multiple VLANs
in this case user frames need to be tagged
Transparent bit pipe
104. 104
TOC
VLAN Cross-connect mode
Transparent pipe for unicast, multicast and broadcast traffic
any protocol : IP, PPP, IPX, Appletalk,...
Each CC-VLAN has 2 or more egress ports:
Strictly 1 logical port/cascade (trunk) port/user Ethernet port
1 or more network (trunk) ports
IP
Internet
E-MAN
Network
CPE
CPE
CPE
CPE
CPE
ISAM
ISP2
ISP1
BAS
Routing to the correct
ISP is done by the BAS
based upon the user’s
id (session)
Note : Tagged frames supported from
7302 ISAM R2.0 onwards for cross-
connect mode
VP/VC VLAN
2/100 1
2/101 2
105. 105
TOC
Cross connect mode
No Customer segregation
Mac-address not used in the forwarding decision, customer is identified by
access line (VP/vC), which is translated into VLAN id.
No user to user communication
IP edge device knows the line id (1 VLAN = 1VP/VC) , so can
implement features like max number of PPP sessions per line
(VP/VC), or IP-address spoofing, …(see later)
Broadcast frames are flooded per VLAN only:
No superfluous flooding in the aggregation network
Separation of broadcast traffic per user
Limiting number of MAC-addresses learnt per user interface – feature
still useful
In that case self-learning needs to be enabled on the DSL port
106. 106
TOC
Service
Hub
ASAM -shelf
GE1-16
External
ethernet
links
GE/FE
1 - 7
ASAM
link
LT 1
IWF
Cross connect mode in 7302 ISAM
Service Hub
Designed with the principle of
standard bridging
Xconnect mode achieved by:
Configuration of only one user to
one VLAN and disabling protocol
filters
LT-IWF
Cross connect mode configurable
Implicitly a 1-to-1 mapping between ATM
PVC and Eth VLAN is made
Transparent forwarding of frames to the
Ethernet port
Downstream
No MAC addresses needed to decide on
the forwarding
Frames with unknown VLAN are
discarded
VP/VC VLAN
1/100 1
1/200 2
1/300 3
1/100
1/300
1/200
Note : From 7302 ISAM R2.0 onwards
intention to configure VLAN mode also in
Service Hub
107. 107
TOC
Cross connect mode
But… new scalability issue:
VLAN technology only 4k VLAN-ids -> max 4k users per IP edge
Scalability issue in the switches behind the DSLAM
Option to enable self-learning per DSL port in cross-connect is
advisable
Normally in cross-connect mode you lose the self-learning aspect, which
is perceived as very attractive
108. 108
TOC
VLAN Cross-connect model – traffic types
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
CC
CC
IP
Eth
RFC2684-br
IPoE
PPP
IP
Eth
PPPoE RFC2684-br
IPoE
DSL
IP
Eth
ATM
PPPoE
DSL
PPP
IP
Eth
ATM
PPPoE PPPoE
RFC2684-rt
IPoA
DSL
ATM
IP
PPPoA
DSL
IP
ATM
PPP
LT
Service
Hub/NT
CC
CC
CC-mode configuration achieved
by configuration:
strictly one internal NT-LT
link belongs to each VLAN
(avoid flooding to other LTs)
One VC per VLAN
110. 110
TOC
L3 functionality - General
ISAM Layer 3 functionality from R2.0 onwards
Initially to support PPPoE termination
The 7302 ISAM will:
Terminate IP/ETH/ATM or IP/ATM (future) coming from user side
Terminate IP/Ethernet (VLAN) on the ‘network’ side
Different possible implementations
IP forwarder on LT, bridge on NT
IP forwarder on LT, VR on NT (future)
Network
side User
side
ANT
Eth-VLAN
L3
DSL
ATM
IP
Eth
IP
Eth - VLAN
IP
7302 ISAM
111. 111
TOC
IP Forwarding and Routing terminology in the 7302 ISAM
IP Forwarder
No user-to-user communication in ISAM
Via edge router
No own IP address -> “IP next hop” is edge router next to ISAM
Relays IP datagrams:
MAC SA of user replaced by MAC-address of the IP forwarder (LT)
But: all users in ARP table of IP edge router (same subnet)
Leads to large ARP table in next IP-routers
Max 128 IP forwarders, implemented on the layer 3 LT cards
IP Router
User-to-user communication
Advantage: users not in ARP table of IP edge router:
Has its own IP address -> default IP gateway of users
Routes IP datagram:
MAC SA replaced by MAC SA of IP router
MAC DA replaced by MAC-address of next destination (IP host or IP router)
1 IP router implemented on the NT (R2.1)
112. 112
TOC
Layer 3 forwarding - principles
2 options
1) IP forwarding
Supported for PPPoE traffic on R2.0
Supported for non-PPP traffic on R2.1
No Routing protocol support on NT
2) IP routing
Supported by R2.1.
Including routing protocol support on NT
114. 114
TOC
IP-forwarding in the 7302 ISAM (“semi-VR”)
IP forwarding is implemented on the LT boards
IP forwarding in ISAM R2.0 only needed as the data plane of terminated
PPP/PPPoE sessions
Implemented in 7302 ISAM R2.0 LT board with IPX-2400 network processor
Future proof.
The NT/Service Hub remains a pure layer 2 switch
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
(PPP)
(PPPoE)
ETH
Lower
layers
IP
(PPP)
(PPPoE)
ETH
Lower
layers
IP
IP
ETH
Lower
layers
Edge
Router
UDP
IP
ETH
Lower
layers
DHCP
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
IP
Network
IP
IP
ISP/Internet
LT
NT
FW
IB
115. 115
TOC
IP forwarding implementation
Implementation:
L3 Forwarder on LT
Bridge on NT
Max 128 minus other bridges already configured.
No routing protocols supported.
Static routes can be configured in FIB on LTs.
IP-address learning for IPoE/A and IP anti-spoofing
configuration for static
learning by DHCP snooping
Support of Proxy ARP
No user-to-user communication in ISAM
116. 116
TOC
IP-forwarding on the LT in the 7302 ISAM
LT board does not have an individual public IP-address
LT board can’t be addressed as a next-hop by the edge router
Therefore IP forwarding and not IP routing
Network configuration so that edge router “thinks” that all
users on all ISAMs are directly connected
Mapping in VRF
Virtual Routing and Forwarding
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
IB
VRF-Green
VRF-RED
117. 117
TOC
IP forwarding – 3 associated tables
E-MAN
Network
LT
Service Hub
IP
Network VRF-Green
ISP/Internet
10.1.0.1/16
MAC@edge
Subnet Next hop
10.1.0.0/16 DA* – IPint1
Default 10.1.0.1
* Directly attached – Direct route
Intf nr IP address VLAN ID
IP interface 1 10.1.0.9 VLANpink-VLANorange*
IP Interface table per VRF
IP@ MAC@-VLAN-ID
10.0.0.1 MAC@edge-VLANpink
10.0.0.2 MAC@video-VLANorange
IP net-to-media table - Layer 2 mapping table
Not configurable in R2.0 – dynamic ARP table per VRF
10.1.0.2/16
MAC@video
10.1.0.10/16
MAC@A
IP Forwarding table per VRF
10.1.0.9/16
* VLAN bundling
VRF-RED
118. 118
TOC
IP-forwarding model – PPP termination
POTS,ISDN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
IB
IP
Eth
IPoE
PPPoE
DSL
PPP
IP
Eth
ATM
PPPoE
LT
Service
Hub/NT
IB
IB
NT
LT
Edge
Router
Eth
IPoE
IP
FW
FW
PPP termination
mapping in VRF
PPPoA
DSL
PPP
IP
ATM
Multiple PPP sessions on single
VC supported
limiting # is possible (default: 4)
LTs do not have own IP-address, therefore
IP forwarding and not IP routing at LT
Edge router thinks that all users are directly connected
119. 119
TOC
Eth
IP-forwarding model – IPoE/IPoA
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
IB
Edge
Router
IB
NT
LT
Eth
IPoE
IP
RFC2684-br
IPoE
DSL
ATM
IP
FW
IB
NT
LT
Eth
IPoE
IP
RFC2684-rt
IPoA
DSL
ATM
IP
FW
mapping in VRF:
Virtual Routing and Forwarding
(IP forwarding table)
121. 121
TOC
Router
Implementation:
router on NT
Virtual Router on LT
Only one “full” router on ISAM
planned for future: multiple “full” virtual routers, but requires new NT
RIP and OSPF supported
directly connected subnets (to users and ER) configured on ISAM
IP-address learning for IPoE/A and IP anti-spoofing
configuration for static
learning by DHCP snooping
proxy ARP to users only from LT (note: also internally from LT to
NT).
user-to-user communication in this router
122. 122
TOC
Eth
IP routing model – Router at NT – IPoE/IPoA
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
Edge
Router
NT
LT
Eth
IPoE
IP
RFC2684-br
IPoE
DSL
ATM
IP
FW
NT
LT
Eth
IPoE
IP
RFC2684-rt
IPoA
DSL
ATM
IP
FW
mapping in VRF
R
R
R
LTs do not have own IP-address,
therefore IP forwarding
and not IP routing
123. 123
TOC
IP routing model – Router at NT– PPP termination
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
IP
Eth
IPoE
PPPoE
DSL
PPP
IP
Eth
ATM
PPPoE
LT
Service
Hub/NT
NT
LT
Edge
Router
Eth
IPoE
IP
FW
FW
PPP termination
mapping in VRF
PPPoA
DSL
PPP
IP
ATM
Multiple PPP sessions on single
VC supported
limiting # is possible (default: 4)
LTs do not have own IP-address, therefore
IP forwarding and not IP routing at LT
R
R
R
125. 125
TOC
Two main evolutions in subscriber management
IP Edge/PoP
BAS Session
Management
Aggregation
Network
Internet
Business xDSL
xDSL
xDSL
IP Edge
Routing
IP Core
ISP1
Residential
DSLAM
ISPn
Video
Corporate
BAS
Business
BAS
1
2
3
Network Management
Distribution of some BRAS
functions in the access
node to scale Multi-Service
Increasing role
of DHCP as the end-game
for subscrIBer
management
Increased role in the subscrIBer
management (DHCP relay, PPP
relay & termination …)
126. 126
TOC
DHCP vs. PPP
PPPoE access to centralised BRAS is the main HSI access scenario today.
Requirement: support PPPoE access scenario (with the features that are
commonly used in a HSI/PPPoE context)
PPPoA is still around (mainly ILEC context)
Due to legacy CPE equipment, due to existing contracts between access
providers and ISPs, …
And PPPoE/PPPoA is autodiscovered in BRAS, hence operators do now know
which end-users are using PPPoA or PPPoE.
Requirement: support a PPPoA access scenario (with no impact on BRAS),
auto-detect PPPoE/PPPoA.
DHCP required for multimedia-services
Emerging, but still a long way to go before PPP has been reinvented
Some CLECs consider it for HSIA (no legacy)
127. 127
TOC
DHCP vs. PPP
www
accept/IP-address
“username/password”
www
setup PPP – IP-address
DHCP discover
IP-address
PPP (Point-to-point protocol ) mode
User authentication (LCP: PAP/CHAP)
Session concept
Not supported by all terminals
Requires BAS
DHCP (Dynamic Host Control Protocol ) mode
MAC-address authentication - DHCP option 82 possible
No session concept
Supported by most terminals (e.g. STB, IP phone)
Requires DHCP server (less expensive than BAS)
+ opt 82
add user identification
7302
ISAM
7302
ISAM
BAS
DHCP
server
AAA
server
129. 129
TOC
DHCP
DHCP allows you to define “pools” of TCP/ IP addresses, which
are then allocated to client PCs by the server (scopes in DHCP
terminology).
Also all the related configuration settings like the subnet mask,
default router, DNS server, …
IP address
subnet mask
default Gateway address
DNS server addresses
NetBIOS Name Server
(NBNS) addresses
Lease period in hours
IP address of DHCP server.
Client DHCP
Server 1
DHCP Discover (broadcast)
DHCP Offer 1 (IP1, DNS,…)
DHCP Ack
DHCP Offer 2 (IP2, DNS,…)
Wait 1 sec
Accept first Offer
DHCP
Server 2
DHCP Request 1 (IP1, …) (broadcast)
130. 130
TOC
DHCP in the 7302 ISAM with CC-mode
DHCP relay is disabled for VLAN in cross-connect mode
DHCP packets transparently forwarded
Due to hardware, DHCP packets first filtered in the Service
Hub/NT, and then inserted again in the traffic stream.
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
DHCP
UDP
IP
ETH
Lower
layers
DHCP
DHCP relay in Edge
Router
LT
CC
Service
Hub/NT
CC
Transparent bitpipe
131. 131
TOC
DHCP in the 7302 ISAM with IB-mode
DHCP relay is implemented in a distributed way
LT provides option 82
Configurable option 82 when enabled
Service Hub/NT relays the DHCP packets
E-MAN
Network
UDP
IP
UDP
IP
ETH
Lower
layers
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
DHCP relay Option 82
DHCP
UDP
IP
ETH
Lower
layers
DHCP
DHCP
DHCP
DHCP
IP
ETH
Lower
layers
Edge
Router
UDP
IP
ETH
Lower
layers
DHCP
ETH
Lower
layers
ETH
Lower
layers
IP
ETH
Lower
layers
IP
Network
DHCP
Server
LT
IB
Service
Hub/NT
IB
132. 132
TOC
DHCP relay network setup
E-MAN
Network
Edge
Router
IP
Network
DHCP
Server
Function: DHCP relaying
Configuration per VLAN
Enable / Disable
If enabled (per VLAN)
IP-address of the relay agent = Giaddr
IP-address of DHCP servers (min 1/max
4)
Static route per DHCP server:
* Per DHCP server the IP Next hop
Function : IP routing
Configuration per DHCP server
(Routers business)
Route towards the DHCP server
Route toward Relay agent
Function : Add/remove option 82
Configuration per VLAN
Enable / Disable (from R2.0 onwards)
Independent of configuration of DHCP
relay features.
LT
IB
Service
Hub/NT
IB
133. 133
TOC
DHCP on the LT
Add/Remove option 82
Configurable option 82 when enabled
LT will process packets US/DS if packets are not relayed by a
downstream relay agent – Gi-addr = 0
Upstream
Add option 82
If option 82 already exists in packet then packet is dropped
If packet size exceeds maximum packet size (= MTU) after adding option 82,
option 82 is not added .
Downstream
Remove option 82
Change destination address (MAC-address and IP-address) to broadcast
if BC flag is set
Forward packet to correct PVC
134. 134
TOC
DHCP in the Service Hub
DHCP relay is configurable
Irrespective of configuration, DHCP messages always filtered to
the Service Hub due to HW limitation
DHCP enabled
Downstream
Service Hub-OBC will relay if Gi-addr = one of Gi-addr in VLAN(s) of
Service Hub otherwise inserted in forwarding path of Service Hub
Upstream
Service Hub-OBC relays packet if Gi@=0 and configuration is present
for respective VLAN
DHCP disabled
Service Hub-OBC will insert DHCP message again to forwarding
path in the stream
135. 135
TOC
DHCP relay disabled and BC flag not set
E-MAN
Network
Selflearning
MACA port x
Option 82***
DHCP Discover : BROADCAST
IP=?
MacA
IPER
MacER
Selflearning
MACA port y
Broadcast flag NOT set by client
DHCP Offer : UNICAST
Yi@= IPA and Si@=IPS
IPA
MacA
L3: IPS IPA
L2: MACER MACA
Selflearning
MACER port z
L3: null IPBC
L2: MACA MACBC
DHCP Offer : UNICAST
Yi@= IPA and Si@=IPS
L3: IPS IPA
L2: MACER MACA
DHCP Request : BROADCAST
Si@=IPS / option 50 = IPA
L3: null IPBC
L2: MACA MACBC
DHCP relay in
Edge Router
Selflearning
MACA port x
Option 82***
*** if enabled – option 82 implemented irrespective of
DHCP configuration in Service Hub
LT
IB
Service
Hub/NT
IB
136. 136
TOC
DHCP Relay disabled
E-MAN
Network
Selflearning
MACA port x
Option 82 ***
DHCP Discover : BROADCAST
IP=?
MacA
Selflearning
MACA port x
Flooding
Broadcast flag set by client
Self-learning
MACER port y
Flooding
L3: null IPBC
L2: MACA MACBC
L3: IPS IPBC
L2: MACER MACBC
DHCP Offer : BROADCAST
Yi@= IPA and Si@=IPS
Broadcast blocked when
BC for VLAN is disabled
1
2
DHCP relay in
Edge Router
No Flooding
if option 82
enabled
LT
IB
Service
Hub/NT
IB
*** if enabled – option 82 implemented irrespective
of DHCP configuration in Service Hub
137. 137
TOC
Extract option 82
Change IP@DA &
MAC@DA i.f.o BC flag
Forwarded to correct
port
DHCP relay enabled
E-MAN
Network
Edge
Router
IP
Network
DHCP
Server
Add option 82
Self-learning
MACA port x L3: null IPBC
L2: MACA MACBC
IP=?
MacA
IPS
MacS
Relay message
Self-learning
MACA port x
DHCP RELAY
IPR , IPS and Next
hop IPER configured
IPER
MacER
DHCP Discover :
Broadcast – Gi@= Nul
DHCP Discover :
UNICAST – Gi@=IPR
L3: IPRELAY IPS
L2: MACRELAY MACER
L3: IPRELAY IPS
L2: MACER MACS
DHCP offer:
UNICAST – Gi@=IPR
Yi@= IPA / Si@=IPS
L3: IPS IPRELAY
L2: MACS MACER L3: IPS IPRELAY
L2: MACER MACRELAY
Relay message
Forwarded to
correct port
DHCP offer : UNICAST or Broadcast (flag set)
In case of BC , Terminal recognises his answer
via the Transaction ID - Gi@= Null
L3: IPRELAY IPBC or IPA
L2: MACRELAY MACBC or
MACA
DHCP offer : ALWAYS UNICAST
irrespective of BC flag Gi@= Null
L3: IPRELAY IPA
L2: MACRELAY MACA
LT
IB
Service
Hub/NT
IB
139. 139
TOC
Setting up a PPPoE session
Discovery stage
the PPPoE client (host) discovers the
PPPoE-server (access server)
the PPPoE session is uniquely defined once the
Ethernet MAC address and the PPPoE session-id
are known by both peers
Session stage
defining the peer to peer relationship
build the point-to-point connection over Ethernet.
PC
PPPoE client
PC
PC
DSLAM
ADSL Modem with Ethernet/
ATMF Interfaces
“bridge configuration”
BRAS
PPPoE Server
140. 140
TOC
Scenario – Single server environment
PPPoE Client
PC
PC
PC
PADR
PADS
PADO
PADI PPPoE Active Discovery Initiation packet
PPPoE Active Discovery Offer packet
PPPoE Active Discovery Request packet
PPPoE Active Discovery Session-confirmation packet
PPPoE Server
“bridge configuration”
broadcast
Unicast
Unicast
Unicast – unique session ID
141. 141
TOC
PPPoE in the 7302 ISAM with CC-mode
PPPoE relay is disabled for VLAN in cross-connect mode
PPPoE packets transparently forwarded
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
PPPoE relay in
Edge Router
LT
CC
Service
Hub/NT
CC
Transparent bitpipe
ETH
PPP
PPPoE
ETH
Lower
layers
IP
ETH
PPPoE
ETH
Lower
layers
142. 142
TOC
PPPoE relay in the 7302 ISAM with IB-mode
Make subscriber management easier at the PPP server
Relay functionality implemented on the LT boards
addition of unique line Id to the PPPoE discovery messages
MAC SA and DA remain unchanged
The Service Hub/NT remains a pure layer 2 switch.
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
PPPoE
ETH
Lower
layers
Layer 2
forwarding
PPPoE relay
ETH
ETH
Lower
layers
ETH
Lower
layers
IP
Network
PPPoE
PPPoE
server
ISP/Internet
PPP
PPPoE
ETH
Lower
layers
IP
PPP
PPPoE
ETH
Lower
layers
IP
IP
Lower
layers
IP
Lower
layers
TCP
HTTP
TCP
HTTP
LT
IB
Service
Hub/NT
IB
143. 143
TOC
PPPoE Relay in 7302 ISAM with IB-mode
E-MAN
Network
Layer 2
forwarding
PPPoE relay
Add relay ID
IP
Network
PPPoE
server
ISP/Internet
PADI : Broadcast
L2: MACA MACBC
PADO : unicast
L2: MACS MACA
L2: MACA MACS
PADS : unicast with
session ID
L2: MACS MACA
PADR : unicast
IP=?
MacA
IPS
MacS
PADI : Broadcast with agent circuit ID and agent remote ID
L2: MACA MACBC
PADO : Unicast
L2: MACS MACA
L2: MACA MACS
PADS : Unicast with session ID
L2: MACS MACA
PADR : Unicast with agent circuit ID and agent remote ID
Add relay id
PPP session - LCP – PAP/CHAP-IPCP
IP=IPA
PPPoE
control
frames
PPPoE
data
frames
LT
IB
Service
Hub/NT
IB
145. 145
TOC
PPP/PPPoE termination in the ISAM 7302
PPP/PPPoE termination is implemented on the LT boards
Handles all PPPoE, LCP,PAP/CHAP and IPCP control messages
Interaction with NT board
Internal communication
Data packets received over PPP/PPPoE session are pure
IP packets
IP forwarding needed on the LT
The Service hub/NT remains a pure layer 2 switch
146. 146
TOC
PPP/PPPoE termination
E-MAN
Network
Edge
Router
IP
Network
RADIUS
Server
RADIUS Client
Local IP-address Management
Local Authentication pool
(not supported yet )
IC-VLAN
CTR
ETH
Lower
layers
ETH
Lower
layers
ETH
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
IP
PPP
PPPoE
ETH
Lower
layers
IP
IP
Lower
layers
IP
Lower
layers
TCP
HTTP
TCP
HTTP
PPPoE
ETH
Lower
layers
PPP
IP
ETH
Lower
layers
IP
ISP/Internet
Aggr LT
IB
FW
PPP/PPPoE
Server
147. 147
TOC
PPP/PPPoE termination- with PAP
E-MAN
Network
Edge
Router
RADIUS
Server
CTR
RADIUS
client
PPPoE Discovery phase:
LCP phase
PAP authentication request
P
P
P
o
E
S
e
s
s
i
o
n
-
I
D
Internal comm
Access Request
Access Accept
Internal comm
PAP authentication request
Authentication
Phase
PPP IPCP phase
Enable IP forwarding in
the data - plane IP=IPA
IP=?
MacA
LT
PPP/PPPoE
Server
Aggr
FW
IB
148. 148
TOC
PPP/PPPoE termination – with CHAP
E-MAN
Network
Edge
Router
RADIUS
Server
CTR
RADIUS
client
PPPoE Discovery phase:
LCP phase
CHAP Response
P
P
P
o
E
S
e
s
s
i
o
n
-
I
D
Internal comm
Access Request
Access Accept
Internal comm
CHAP Succes
Authentication
Phase
PPP IPCP phase
Enable IP forwarding in
the data - plane IP=IPA
IP=?
MacA
CHAP Challenge
IB
LT
PPP/PPPoE
Server
FW
Aggr
150. 150
TOC
What is EAP?
Extensible Authentication Protocol
Flexible protocol that carries authentication information.
Multiple authentication methods (smart cards, Kerberous, public
key, one-time password, etc):
Three forms of EAP are specified in the standard
EAP-MD5 – MD5 Hashed Username/Password
EAP-OTP – One-Time Passwords
EAP-TLS – Strong PKI Authenticated Transport Layer Security (SSL)
Typically rides on top of another protocol to carry the
authentication information between the client and the
authenticating authority
151. 151
TOC
802.1x Header EAP Payload
Standard link layer protocol used for transporting higher-level
authentication protocols
Client-server based access control and authentication protocol
that restricts unauthorized devices from connecting to a LAN
through publicly accessible ports
Standard for passing EAP over a wired or wireless LAN.
Port Based Network Access Control
Transport authentication information in the form of Extensible
Authentication Protocol (EAP) payloads
EAPoL – EAP over LAN
What is IEEE 802.1X?
152. 152
TOC
What does 802.1X do?
Works between the supplicant and the authenticator.
Maintains back-end communication to an authentication (RADIUS)
server
Authenticator
becomes the middleman for relaying EAP received in 802.1x packets to an
authentication server by using RADIUS to carry the EAP information
Authenticator PAE enables the controlled port based upon the result of the
authentication exchanges.
Authenticator PAE
Ethernet Switch, Router…
Supplicant PAE (Port Access Entity)
= client to be authenticated
Ethernet, Token Ring, Wireless etc
Authentication Server
Any EAP Server
Typically RADIUS
EAPOL
(Ethernet, Token Ring, 802.11)
Encapsulated EAP messages,
typically on Radius
153. 153
TOC
802.1x - Port Based Network Access Control
Controlled Port
accepts packets from authenticated devices
Uncontrolled Port
accepts 802.1X packets and Extensible Authentication Protocol over LAN
(EAPOL) packets only.
After successful authentication
Before authentication
154. 154
TOC
802.1x in the 7302 ISAM
802.1x protocol is only applicable for the Intelligent bridging
mode
VLAN tagged frames are not supported for 802.1x in IB mode
LT
Handles the 802.1 messages and communicates with the NT to
perform the authentication
Done via the internal communication VLAN
Enforcement of the authentication state of the port
NT
RADIUS Client
Performs authentication/authorisation/accounting for IPoE(802.1x) and
PPPoE sessions
Local authentication is not supported
Applicable from ISAM R2.0
155. 155
TOC
802.1x in the 7302 ISAM
Only port based authentication/accounting
Not MAC-based.
Multiple users per port
authentication
Only the first user on a port needs to authenticate
New authentication needed when authenticated user logs off
Accounting – only via RADIUS server
Linked to the session of the first authenticated user.
Enable/disable 802.1x per port
support of EAPoL-start/Initiation in case 802.1x is enabled.
156. 156
TOC
802.1x in 7302 ISAM
LT
Service Hub
Supplicant PAE
Authenticator PAE
RADIUS Client
IC-VLAN
NT
Layer 2 authentication
2 modes supported
EAP over RADIUS
EAP-MD5-Challenge user authentication
E-MAN
Network
Service Hub
Edge
Router
IP
Network
RADIUS
Server
ISP/Internet
Authentication
Server
RADIUS
157. 157
TOC
EAP over RADIUS
System relays the EAP messages to the RADIUS Server.
EAP protocol is terminated at the remote RADIUS server
E-MAN
Network
LT
Service Hub
EAP EAP
UDP
IP
ETH
Lower
layers
RADIUS
ETH
Lower
layers
ETH
Lower
layers
Radius
Server
EAPOL EAPOL
ETH
Lower
layers
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
RADIUS
EAP
EAP
IC-VLAN
NT
159. 159
TOC
EAP-MD5-Challenge user authentication
No EAP over RADIUS supported between Radius Server and
authenticator
NT terminates the EAP protocol and applies EAP-MD5
Challenge authentication to the user
NT translates the challenge response into RADIUS CHAP
attribute and continues user authentication via RADIUS server
UDP
IP
ETH
Lower
layers
RADIUS
ETH
Lower
layers
ETH
Lower
layers
EAP
EAPOL
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
RADIUS
EAPOL
ETH
Lower
layers
EAP
E-MAN
Network
LT
Service Hub
Radius
Server
NT
160. 160
TOC
EAP-MD5-Challenge user authentication
E-MAN
Network
Edge
Router
RADIUS
Server
NT
Service Hub
RADIUS
client
Layer 2
Forwarding
LT
Authenticator
EAPOL-Start
Access Request
(CHAP-Response/CHAP challenge)
Controlled
port –
authenticated
IP=?
MacA
EAP-Request/Identity
EAP-Response/Identity
EAP-Request / MD5 Challenge
EAP-Response / MD5 Challenge
Access Accept EAP-Success
IPoE traffic – e.g. DHCP
Internal comm
162. 162
TOC
Terminology
Static MC stream
MC stream sent/available on switch no matter if there is a subscriber or
not
Dynamic MC stream
MC stream sent to the switch only when there is a subscriber for it.
IP Backbone
Eth Switch
VLAN bridging
1
1
1
Ethernet Switch
Ethernet switch
Ethernet Switch IP edge
(BAS, IP router)
ISAM
1
1
1
1 N streams in one VLAN
IGMP for stream Nb s
ISAM
ISAM
IGMP snooping
163. 163
TOC
Terminology
Configured MC stream
configured by the operator
Service Hub: Configured as static MAC entry with corresponding VLAN ID
Does not mean that stream needs to be statically delivered
ASAM part: Configured in the Multicast Source Table
Known MC stream
Streams in the NW known by the operator
Defined in the forwarding table
minimum in use for one user
At least one join request received for that stream
Unknown MC stream
Currently no user
Not known in the forwarding table
No join request received for that stream
164. 164
TOC
Terminology
Multicast Source table
Provides traffic parameters and control parameters for the
configured multicast groups that are configured by the operator
IGMP Channel membership expansion table
Table kept internally – not configurable
Mac address table per port per group to keep track of which user
has joined which group
165. 165
TOC
Three modes
3 modes supported
IGMP handling in cross-connect mode
IGMP on top of PPPoE Relay
IGMP on top of IP over Ethernet at ISAM
166. 166
TOC
IGMP & MC in cross-connect mode or on top of PPPoE Relay
IGMP and MC are transparent
No IGMP messages are seen in the 7302 ISAM
No multicast streams are replicated in the 7302 ISAM
BW consuming
replication inside the router
Upstream multicast in CC VLAN is permitted
IGMP
IP
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
IGMP
IP
ETH
Lower
layers
E-MAN
Network
LT
Service
Hub/NT
Transparent bitpipe
R
(PPPoE) (PPPoE)
H
167. 167
TOC
LT
IB
Service
Hub/NT
IB
*** In case of static multicast group
IGMP and MC in IB mode
Support of IGMP v1/v2
IGMPv1 only at user side
IGMPv3 friendly
2 MC modes supported
INTRA-VLAN multicast
Cross-VLAN multicast
IGMP
IP
ETH
Lower
layers
IGMP
IP
ETH
Lower
layers
E-MAN
Network
R
H
IGMP
IP
ETH
Lower
layers
IGMP
IP
ETH
Lower
layers
IGMP
IP
ETH
Lower
layers
IGMP
IP
ETH
Lower
layers
R
H
Modified IGMP Snooping
Native Layer 2
multicasting
IGMP Proxy at LT
No duplication of streams
inside the DSLAM
R
***
168. 168
TOC
Multicast and IGMP in IB mode
2 modes supported in the 7302 ISAM
INTRA-VLAN multicast
Multicast service can only be provided within a P-VLAN
Cross-VLAN multicast
The default VLAN ID of the user and the P-VLAN ID of the multicast
source need not be the same
Replication of the multicast stream is done cross IB VLAN
Can save BW
Service Hub/NT always performs Intra-VLAN multicast
LIM supports Cross-VLAN and Intra-VLAN multicast
Cross-VLAN in case of configured MC groups
Intra-VLAN for other MC groups
169. 169
TOC
RB with configured MC source – Cross-VLAN
E-MAN
Network
ISP1=
ISP2=
MC = 3
2
1
A
B
Join MC1
1
Configured
channel
3
3
IGMP
snooped
MC1
MC
Known
3
3
1
Lookup in
IGMP memb
table
Join MC1
Recorded in IGMP memb
table
2
2
LT
IB
Service
Hub/NT
IB
H R
170. 170
TOC
RB with unconfigured MC source – Intra-VLAN
E-MAN
Network
Service Hub
ISP1 & MC=
ISP2= 2
1
A
B
Join MC1
1
unconfigured
channel
IGMP
snooped
MC1
MC = known
1
MC known
Lookup in IGMP
member table
Join MC1
Recorded in IGMP memb
table
2
1
1
1
1
2
2
No response or edge should provide
MC1 with VLAN2
=> more BW consuming
LT
IB
Service
Hub/NT
IB
H R
171. 171
TOC
MC in the Service Hub
Configured MC starts with zero replication
list
Can be static or dynamic MC
No Multicast stream coming from
ASAM or subtended ports
Blocked by LTs
In case of first time request … also zero
Service Hub will act as a querier for static
multicast groups
Only GMQ, no GSQ
LT will only send leave when last user disconnected
Unknown MC packets by default flooded to
ASAM ports, subtending ports
Not to user port
Normal bridging behaviour
No flooding to control port
In first instance 256 simultaneous multicast
streams supported in the Service Hub
E-MAN
LT
LT
Service
Hub
Known MC
IP@/MAC@ VLAN
MC-A 1
MC-B 1
MC-A
join
E-MAN
LT
LT
Service
Hub
UnKnown MC
IP@/MAC@ VLAN
MC-A 1
MC-B 1
MC-X?
172. 172
TOC
IGMP in the Service Hub
IGMP enable/Disable in Service Hub
Enabled : IGMP messages filtered to Service Hub-
OBC
Disabled: IGMP and unknown MC streams are
flooded to all ports
Service Hub performs Intra-VLAN IGMP &
Multicast
Verification on IGMP message
Valid multicast IP address ,Group address
conflict , Max number of Multicast groups
reached
Modified IGMP snooping !
No transparent forwarding of IGMP message
MAC SA replaced by MAC-address control link
IP SA replaced by IP-address control link
E-MAN
LT
LT
Service
Hub
UnKnown MC
Join/Leave
GMQ
GSQ
Only flooding to
member ports
of MC group
GMQ/GSQ
OBC
MAC-
address
IP-address
173. 173
TOC
Bridging mode and MC in LT
Only dynamic multicast streams supported
Multicast set up to the LT when at least one user connected
All downstream unknown MC packets are discarded in IB VLAN
Multicast stream from user (US) always blocked
Irrelevant of IGMP configuration
LT
To
Service
Hub
Known MC group
LT-OBC
MC
MC
LT
To
Service
Hub
Unknown MC group
LT-OBC
MC
MC
174. 174
TOC
IGMP in LT
Verification on IGMP message
Valid IP-address, MAC-address conflict, user access, BW …
IGMP Proxy
MAC-address table per port per group kept inside LT
IGMP for configured multicast group treated differently from unconfigured
multicast group
Cross-VLAN multicast for configured multicast groups
Intra-VLAN for unconfigured multicast groups
Enable/Disable IGMP in LT
LT
To
Service
Hub
IGMP enabled
LT-OBC
JOIN/LEAVE
GMQ,GSQ
Known MC
LT
To
Service
Hub
IGMP disabled
LT-OBC
IGMP
IGMP
MC
Known MC
GMQ,GSQ
IGMP
JOIN if first user
LEAVE if last user
175. 7302 ISAM – Quality of Service (QoS)
Traffic Handling principles
176. 176
TOC
Traffic Handling Terminology - abstract
7302 ISAM
1
2
3
prioritization
p
p
p
marking mapping queueing scheduling
This slideset focuses on functionality of the “intelligent” LT cards;
behaviour of the “L2” LT cards (BCM based) is completely different
(e.g. queue mapping based on VLAN/MAC@, not p-bits, no IP CoS/filtering)
!
177. 177
TOC
Define following classes of service:
Voice: for real-time traffic (VoIP, video conferencing)
Video: for high-priority traffic; can tolerate some delay (VoD, BTV)
Data:
Controlled Load: receives “better than Best Effort” treatment;
business traffic is classified (at least) as CL
Best Effort (residential HSI)
Prioritizing traffic
1 Voice
2 Video (BTV,VoD)
3 CL (dad home-working)
4 BE (kid gaming)
prioritization
sensitive to both packet loss and jitter
sensitive to packet loss (even more), less to jitter
(STBs can handle ~ 100s ms delay variation)
178. 178
TOC
Marking traffic
Per logical interface a default ingress p-bit marker is supported (802.1p based)
Per PVC or 802.1x IPoE session; for bridged PPP sessions, VLAN and p-bit can
be set (tagged customer frames can use a P-bit re-marking table; such tables are
available as profiles, and can be instantiated per PVC)
R2.0: terminated PPP sessions inherit p-bit setting upstream from the PVC – will be
further enhanced later (see roadmap)
prioritization
111
110
101
100
011
010
001
000
.1p
p-bit marking
!
Marking is NOT done on basis of ATM
QoS – instead, marking needs to be
based on PVCs or sessions
More powerful since can e.g. police separate
sessions within 1 single VC
(better fit for fewer VCs)
179. 179
TOC
Marking traffic (details)
p-bit marking
For L2 user ports (such as PVC and 802.1x authenticated IPoE session):
Untagged: no p-bits marked by end-user
• Apply per VLAN defaults (works fine as long as VLAN corresponds to a service) or
per L2 user port defaults; i.e. per PVC or per IPoE session
Tagged: p-bits marked by end-user
• Untrusted VC: apply p-bit remarking using per PVC mapping tables (user-side p-
bits to network-side p-bits)
• Trusted VC: accept available p-bit markings
Via protocol-based VLANs, bridged PPP sessions can be marked (1 value per VC)
Terminated PPP sessions inherit p-bit from PVC (will be enhanced in future – see
roadmap)
For L3 user ports (IP interfaces associated to IPoE, IPoA, PPPoE, PPPoA traffic), accept
or (re)mark DSCP, then map DSCP onto p-bits
No DSCP marked (i.e. “000000”) by end-user
• Apply default DSCP per VC or per L3 user port
DSCP marked by end-user
• Untrusted L3 user ports: apply DSCP (re)marking
• Trusted L3 user ports: accept incoming DSCP
R2.0
R2.1
181. 181
TOC
Default p-bit to CoS (QoS class) mapping – see below
but: this is configurable – can even be mapped differently in upstream and
downstream if required (not standard)
Principle of 4 queues in “hot” points of ISAM (i.e. egress ports on NT
interfaces, downstream per DSL line) – see further for more details
Mapping and queuing traffic
Voice
Video
CL
BE
prioritization
111
110
101
100
011
010
001
000
.1p
p-bit marking
ISAM queues
mapping to queues
P
P
P
P
182. 182
TOC
Priority scheduling
Voice: traffic gets scheduled first (Strict Priority)
Video: traffic is scheduled next (Strict Priority)
CL and BE packets compete for BW in a fair manner (Weighted Fair Queuing
or Weighted Round Robin, depending on interface: see further); CL higher
weights than BE
> Scheduling is work-conserving, i.e. lower QoS classes can occupy BW
that is not actually consumed by higher QoS classes
Scheduling traffic
SP
WRR
WFQ
Voice
Video
CL
BE
prioritization
111
110
101
100
011
010
001
000
.1p
ISAM queues
mapping to queues
priority scheduling
P
P
P
P
p-bit marking
GigE/FE
183. 183
TOC
Link shaping can be set on each output interface on the aggregation function
(NT)
Useful for network planning or to protect subtended system that may not be
able to process at GigE/FE line rate
Aggregate can be shaped from 64 kbps – 1 Gbps.
Granularity is 1 Mbps (R2.0), future 64 kbps (R2.1)
Shaping traffic
SP
WRR
WFQ
GigE/FE
Voice
Video
CL
BE
prioritization
111
110
101
100
011
010
001
000
.1p
ISAM queues
mapping to queues
priority scheduling
P
P
P
P
p-bit marking
S
184. 7302 ISAM – Quality of Service (QoS)
QoS Architecture
185. 185
TOC
ISAM Architecture – schematic overview
LT 16
NT
1
48
GigE
direct Ethernet i/f
LT 1
…
GigE
FE
aggregation i/f
FE
GigE
…
NT I/O (optional)
GigE
FE
Additional GigE/FE
interfaces (4)
7
16 48 multiDSL lines
per LT card
24 Gbps
Ethernet
aggregation
Control
function
186. 186
TOC
direct Ethernet i/f
Architecture – where is traffic handling needed?
LT 16
NT
1
48
LT 1
…
…
~1G
~1G 48`M*
1G ~16G
12M
1G ~16G
Downstream QOS
mainly at the LT
* = 48 x 1M (ADSL2+)
Upstream QOS
mainly at the NT
GigE
FE
GigE
GigE
FE
aggregation i/f
187. 187
TOC
Traffic handling in the NT (upstream)
LT 16
NT
GigE
FE
xDSL
modem
ATM/Eth
IWF
xDSL
modem
…
Utopia
WRR
voice
video
CL
BE
SP
1
48
GigE
direct Ethernet i/f
LT 1
…
GigE
FE
WRR
voice
video
CL
BE
SP
subtending i/f
FE/GigE
FE/GigE
cell domain (ATM)
Frame domain (Ethernet)
egress
shaping
egress
shaping
(flexible)
p-bit mapping
into queues
Upstream
queuing
scheduling
P
Ingress
link policing
p-bit marking
188. 188
TOC
LT ATM
segmentation
GigE
cell domain (ATM)
Frame domain (Ethernet)
rate limitation
to xDSL rate xDSL
policing
WFQ
voice
video
CL
BE
SP
BAC
BAC
BAC
BAC
VC2
VC1
VCn
1 frame add correct
VPI/VCI
…
…
Non-blocking
Traffic handling in the LT (downstream)
classification
queuing
scheduling
Logical
segregation
per xDSL line
Segmentation
buffer and
PVC forwarding
Future proof architecture
Consistent treatment of EFM traffic
(flexible)
p-bit mapping
into queues
189. 189
TOC
LT ATM
reassembly
GigE
cell domain (ATM)
Frame domain (Ethernet)
xDSL
policing
VC2
VC1
VCn
1 frame
Non-blocking
Traffic handling in the LT (upstream)
Output
queuing
(802.1p aggregates)
Reassembly
framer per VC
Future proof architecture
Consistent treatment of EFM traffic
1 frame
1 frame
WFQ
voice
video
CL
BE
SP