p01 7302 isam r2.x

1. Alcatel 7302 ISAM
Intelligent Services Access Manager

2. Why the 7302 ISAM?
Why a Multi-Service IP DSLAM?

3. 3
TOC
BB Multi-Services is happening today
 Attract more subscribers by offering more services
 Increased business opportunities
by offering services to both residential and business customers
 Increased average revenue per user
by offering existing customers access to value-added services
 Increased total revenues
by increasing penetration and attracting new customers
 Retain and growth of existing customer base
 Assuring end-to-end quality of service.
 Providing new services

4. 4
TOC
Fixed operators go for Service Bundling: Triple Play
 Realising the full potential of
xDSL
 Increasing value of Services
Ability to offer a new range of
services to
• Business and residential
users
 Triple Play
 Voice,data,video
 All voice and data related
services are kept
 Video
– Broadcast TV
– VOD
Payback
Differentiation
Ubiquitization
Consolidation
Drivers
NVoD VoD
PVR
Interactive
TV
Broadcast
Gaming
HSI
Business
BB entertainment
BB entertainment
- Increase addressable market
New service components
New audiences
New appliances (TV,
consoles,…)
- Increase ARPUs
New services to HSI audience
Revenue generation

5. 5
TOC
Multi-Services drive Broadband adoption
HSI
Business Access
Gaming
PC Video & Music
HSI Broadcast TV, HDTV
VoD, Voice, Visio P2P
Increased
ARPU
Key
Services
DSL Dial-up
conversion
Non-internet
PC conversion
Non PC
conversion
2. Flexible
pricing &
bandwidth
management
3. New services
over PC
4. Beyond PC
• TV sets
• Videophones
Broadband
Penetration
(% households)
30-60% have a PC
20-40%
are on the web
5-15% have already
broadband
100%
~100% have a
TV set and
a fixed phone!
50%
25%
75%
15-30% have broadband
potential
1. Aggressive
marketing
Broadband
ubiquity

6. 6
TOC
10 Mbps (ADSL2+) per user covers MoD needs today
MPEG-4 to boost MoD offering with existing infrastructure
(*) For typical noise conditions
ADSL2+ covers MoD applications
needs (Tier 1, 2 & 3)
 10 Mbps = 2 Video streams, 1
HDTV
Tier Service Description Down-
stream BW
Advised
Technology
Typical
Reach (*)
Tier 1 512 Kbps ADSL,
READSL2
6 Km
Tier 2 3-6 Mbps ADSL 3 Km
Tier 3 10 Mbps ADSL2+
MPEG-2
2 Km
Tier 4 10 Mbps ADSL2+
MPEG-4
2 km
Increasing
ARPU
Loop
Length
Multi-Services drive new access technologies
 increasing penetration and attracting new customers
MPEG-4 Next-gen multimedia (Tier 4)
 up to 5 channels with ADSL2+ !
+++

7. 7
TOC
Impact on Fixed Access of Multi-service evolution
Multi-service from the same access platform is key
Increasing need for bandwidth, resulting in
 New BB access technologies (Multi-DSL, VDSL, FTTU)
 Deep fiber & remotes deployment
 Increased capacity in the DSLAM
Access Network architecture evolving to IP Multi-Edge &
Ethernet
 Migration engaged with hybrid ATM/Giga Ethernet aggregation
 DHCP is the end-game for VoIP, Video set top boxes, PPP remains for
HSIA
 Service enabled edge, ensuring security & guaranteed QOS
Central Office Access platform becomes also an Intelligent
Multi-service hub
 Centralized subscriber & access management
 IP empowered (e.g. native multicast, IGMP proxy)
 Optical Ethernet termination
1
2
3
4

8. 8
TOC
Multi-service from the same access platform is key
Leased line QoS
Predictability, Control
Strict Multicast QoS
Broadcast capacity
Strict QoS point to point
High Capacity
Real Time, no Delay
High Availability
Best Effort
Not Impacting
One or
Multiple
Aggregation
Network
Business Access
Video on Demand
Personal Video Recorder
Voice & Video phony
High Speed Internet
Broadcast TV
DSLAM, Litespan, FTTU, Wimax support
1

9. 9
TOC
New Services leading to bandwidth increase
 Increased capacity needed in the DSLAM
Assumptions :
•~768 users per DSLAM
•100% BTV capacity
•10% VoD capacity
Unit：bps.
2. Flexible
pricing &
bandwidth
management
3. New
services
over PC
4. Beyond PC
TV sets
Videophones
100%
Broadband
penetration
(%households)
50%
25%
75%
1. Aggressive
marketing L1
L2
L3
L4
Capacity
/
User
512 k
（1：8）
512 k
（1：4）
2 M
4 M
15 M
Capacity
/
DSLAM
50 M
100 M
200 M
500M
1.5 G
Agg.
Edge
DSLAM
NT
LT
CPE
Capacity
/
NT－LT
12 M
12 M
48 M
96M
360M
16 M
16 M
64 M
128M
480M
24 M
24 M
96 M
192M
720M
24Lines
/Card
32Lines
/Card
48 Lines
/ Card
Capacity
/
NT－LT
Capacity
/
NT－LT
2
ADSL2+

10. 10
TOC
New Services leading to bandwidth increase
 More bandwidth needed towards subscriber
Loop length & service constraints
drive fiber & remotes
Technology
Korea,Japan,PAC
China
RoAPAC, Taiwan
MEA,India
LAM
North America
5% 20% 37% 74%
13% 53% 77% 97%
Western Europe
Central & East
Europe
Km from CO
Mbits
ADSL2+ brings 10 Mbps to 51% of the users
ADSL2+
VDSL ADSL RE-ADSL2
0,75 2 3 6
7% 14% 26% 62%
13% 54% 78% 98%
10% 40% 71% 95%
13% 51% 74% 96%
25 10 5 0,5
18% 56% 78% 97%
13% 52% 75% 97%
Alternative deployment strategies
Time
Service driven :
Highest
profitability
Infrastructure driven :
Highest
investment
Initial first investment
ADSL FTTArea
(CO with ADSL2+)
FTTCab
(VDSL)
Deep Fiber
FTTNode
(Remotes)
FTTU
FTTP
Challenges: Remotes, Fiber reach, powering,
rights-of-way, civil work, operations
2

11. 11
TOC
ENTERTAINMENT COMMUNICATION BUSINESS
VOD TV Broadcast
Music
download
E-mail, chat, and
instant message
Unified
messaging
IP based
Telephony
Video
Communication
Impact on access network architecture
 Services versus Network Requirements
Gaming
Beyond Internet Access…
Teleworking
IP-VPN
Voice over IP
Web hosting
Specific Network Requirements…
•More Bandwidth
•More Quality of Service
•Multicast (zapping)
•More Security
•Strict Quality of Service
• Upstr and Downstr
• Delay, packet loss
• Service Availability
•More Security
•Latency
•More Security
•Better Availability
•High Bandwidth
•Quality of Service
•CoS options
•Committed SLA
3

12. 12
TOC
Present
Mode of Operation
Internet
ATM
DSLAM
ATM
BRAS
CPE
Internet
Service
DSLAM
CPE ATM
BRAS
Internet
Service
DSLAM
CPE
ATM/Eth
BRAS
Service
DSLAM
BRAS
Packet
Network
Service
Edge
IP Multi
Services
Edge
+
Multiservice
Single Edge
Multiple
Edge
Service
Edge
Multiservice
CPE
Best Effort
Internet
IP
DSLAM
Ethernet
BRAS
CPE
Internet
Multiservice
Impact on access network architecture
 Access Network evolving to IP Multi-Edge & Ethernet
 New services impose New Network Requirements
 New evolution trends
3

13. 13
TOC
Central Office node evolving to multi-service hub
 Bringing the service delivery point closer to the subscriber
3- Advanced
Multicast
BTV Server
ISP 1..n
4- Authentication
e.g. GE Hubbing,
Central mgmt
e.g. Broadcast streams are not
duplicated in the network
e.g. Control/Block L2 user to user
communication (e.g. VoIP)
e.g. advanced
authentication
& session
awareness
(e.g. DHCP relay
option 82)
2- Security
1- Service node
5- IP intelligence e.g. PPP, IP Forwarding,
evolution towards IP routing
4

14. What is the 7302 ISAM?

15. 15
TOC
Alcatel 7302 ISAM : The Full Service DSLAM
Product Highlights
> Non-blocking Video Delivery
• 1 Gigabit per LT
• IGMP Proxy @ LT
• Layer 2 Multicast inside
• Line Rate packet forwarding
• 100% BTV, 100% VoD
> Wire Speed service delivery
• 16 LT slots @ 1Gbps wire speed
• 24 Gbps non blocking switch
• Distributed processing
• Layer 2 QoS (Strict Priorities)
> Continuity with ASAM
• Same ASAM XD equip. practice
• Same AWS Management
• Same DSL provisioning SW
• Same DSL Chipset
> Service Intelligence
• Bridging & Cross-connect
• PPP Termination
• DHCP option 82
• Evolution to IP routing
> Service Hubbing
• 48 Multi-ADSL (ADSL, ADSL2,
READSL,ADSL2+)
• Up to 7 FE/GigE for uplinks & subtending
• Trunking (802.3ad) support
• 4 levels of subtending
> Ethernet access for SMEs
• FE or GigE connectivity
• Optical and/or Electrical
• Long reach with 1000B-Zx (up to 80Km)
> XD benefits
• 768 subscribers per shelf, 3072 per 60x60
• Splitterless practice
• Full Metallic Test Access
> An Alcatel product
• High reliability
• High quality supply chain : delivery in time
and first time right, spare parts locally
available
• Local presence of expertise and support
• End-to-end QoS with 7450 ESS

16. 16
TOC
Alcatel 7302 ISAM : The Multi-Service DSLAM
 Continuity in operations &
zero effort introduction
 Wire-speed service delivery
 Multi-service intelligent
(3play, business) access
 Service node in central
office
Key evolution factors 7302 ISAM value proposition
> Same (XD) equipment practice & DSL software
> AWS management
> Proven quality & operational support
> 1 Gigabit per LT
> Non-blocking architecture (Full Service to all users)
> Multi-ADSL2+ support, Multiple GigE uplinks
> Advanced Multicast for Video (IGMP Proxy @ LT)
> Stringent QoS
> Security
> Ethernet access to SME end-users
> Service delivery from the central office
> Small and remote aggregation
> Same management across all Alcatel DSLAMs

17. 17
TOC
7302 ISAM
 7302 ISAM : Intelligent Services Access Manager
 Multi Service Hub
 Internally Ethernet based
 Interfacing with an Ethernet aggregation
 User terminations
 DSL multiplexer: ADSL, ADSL2, ADSL2+, READSL, Direct Ethernet over Fiber
 Future evolution
VDSL (Ethernet First Mile),ADSL2(+) Annex M
 Services
 HSI (High Speed Internet Access)
Using integrated or external BAS (Broadband Access Server)
 Video over DSL
 Leased line over DSL
 And many more …
 Extending coverage using subtending
 Ethernet interfaces
 Advanced Element Management
 Alcatel 5523 AWS

18. 18
TOC
7302 ISAM: Introduction of a Multi-Service IP DSLAM
 Serving new services deployment with technology evolution
Service
Technology
HSI
Triple
Play
Traditional
ATM DSLAM
Ethernet uplink
Traditional
“IP DSLAM”
Multi-Service
“IP DSLAM"
Multi-Service
ATM DSLAM
Ethernet uplink
Bandwidth
QoS Intelligence
Scalability
Next-Gen
access node :
•More Capacity
•More Intelligence
•More QoS
•More Scalable
IP DSLAM
Market Hype :
•Intermediate
platform
•Not ready for
100% 3play roll-out
7302 ISAM

19. 19
TOC
Central Office Alcatel DSLAM portfolio evolution
Add Multi-
Service
7300 ASAM R4
ATM
aggregation
7301 ASAM R5 ATM
aggregation
Broadcast Video
Video on Demand
High Speed
Internet
Business access
Add Ethernet
Aggregation
.
.
.
High Speed
Internet
Ethernet
Aggregation
ATM
aggregation
7301 ASAM
One Management
Cost effective
bandwidth
For high Video
increase
7300 ASAM
Ethernet
Aggre-
gation
HSI & Ethernet only
F
E
HSIA
Towards a full IP
aggregation
network
Ethernet
Aggregation
7302 ISAM
Multi-Service
for Ethernet only
Multi-Service
for ATM and
Ethernet
Continuity in operation & zero effort introduction (practice, management, DSL Software, QOS)

20. 20
TOC
The well-known ASAM concept…
 Internally the ASAM is ATM-based
Traditional
Broadband
Architecture
1st Mile
xDSL
ATM over DSL
E1/3, STM-1/4
ATM
2nd Mile
ASAM
ATM
swich
ATM
DSL with
Ethernet
Backhaul
xDSL
ATM over DSL
FE, GbE
Ethernet
Ethernet
swich
ASAM
ATM
= SAR function

21. 21
TOC
Introducing of the ISAM concept…
 Internally the ISAM is Ethernet based
DSL with
Ethernet
Backhaul
xDSL
ATM over DSL
FE, GbE
Ethernet
Ethernet
swich
DSL with
Ethernet
Backhaul
xDSL
ATM over DSL
FE, GbE
Ethernet
Ethernet
swich
ASAM
ISAM
ATM
Eth
DSL with
Ethernet
Backhaul
xDSL
Eth over DSL
FE, GbE
Ethernet
Ethernet
swich
ISAM
Eth
1st Mile 2nd Mile
= SAR function
“Direct
Ethernet”
Ethernet

22. General topology

23. 23
TOC
7302 ISAM Network topology
NSP IP backbone
NSP IP backbone
NSP IP backbone
EMAN
IP Edge
Router
Ethernet
Switch
ISAM
any
IP-DSLAM
ISAM
mxFE
kxFE/GE
ADSL
ADSL
ADSL
ISAM
ADSL
GE
GE
ISAM
ADSL
n*FE
pxFE/GE
lxFE/GE
cascading up to 4 levels
NSP IP backbone
FE/GE
FE/GE
FE/GE

24. 24
TOC
Cascading topology
 Cascading topology
 Up to 4 levels of cascading
 Link aggregation (n*FE/GE)
 Other limitations … depending on forwarding models (MAC@
tables, ARP tables)
7302 ISAM
7302 ISAM
7302 ISAM
7302 ISAM
xDSL xDSL xDSL xDSL
7302 ISAM
7302 ISAM
7302 ISAM
xDSL xDSL xDSL xDSL
Ethernet
DSLAM
N * FE/GigE N * FE/GigE N * FE/GigE N * FE/GigE
N * FE/GigE N * FE/GigE N * FE/GigE N * FE/GigE
EMAN node
EMAN node

25. 25
TOC
Star topology
 Star topology
 Limitation by number of physical interfaces
 Link aggregation (n*FE/GE)
 Limitations from forwarding models used
7302 ISAM
xDSL
7302 ISAM
7302 ISAM
7302 ISAM
xDSL
Ethernet
DSLAM
EMAN node
N * FE/GigE

26. 26
TOC
Ring topology
N * FE/GigE
EMAN node
7302 ISAM
xDSL
7302 ISAM
xDSL
7302 ISAM
xDSL
7302 ISAM
xDSL
N * FE/GigE
N * FE/GigE
N * FE/GigE
N * FE/GigE
 Ring topology
 Limitation by number of HOPS of STP
 Link aggregation (n*FE/GE)
 Limitations from forwarding models used

27. 27
TOC
7302 ISAM Interfaces and terminology
7302 ISAM
LT
•ADSL links
•ADSL/ADSL2/READSL2
•ADSL2+
ASAM links
GE - electrical
Eth
•Network link
•FE/GE
•Optisch/electrical
VOICE
HSI
VIDEO
GE/FE
•Subtending/cascading Links
•GE/FE
•optical/electrical
User links
•GE/FE
•optical/electrical
NT
Internal interfaces:
External interfaces
Aggr
Function
Contr
function
Control link
FE - electrical

28. 28
TOC
7302 ISAM ports and terminology
7302 ISAM
LT
•Logical user port
ASAM port
Eth
•Network port
VOICE
HSI
VIDEO
GE/FE
•Cascading port
Internal interfaces:
External interfaces
NT
Aggr
Function
Contr
function
Control port
•User port

29. Hardware

30. 30
TOC
7302 ISAM Building blocks
Aggregation function
GE1-16
External
ethernet links
GE/FE
1 - 7
ASAM links
Control link
FE
LIM
IWF
LIM
IWF
48
ADSL
lines
LIM
CPE
IWF
LT-OBC x
D
S
L
M
o
d
e
m
s
AGGR-
OBC
PVC / user logical port
Control/management
functions

31. Building blocks

32. 32
TOC
7302 ISAM R2.x system architecture
 Based on 7300/7301 XD -
equipment practice
 16 LT boards
 48 lines/LT
 Each LT contains an IWF
 Aggregation (Service Hub)
and Control- & management
function integrated on NT
 1GE connectivity between
NT and LT via backpanel
 SMAS card
 System MAC Address
Storage
ASAM -shelf
External
Ethernet
links
ASAM link
Control link
LT 1
IWF
PVC / Logical
user port
LT 16
IWF
48
ADSL
lines
NT
Aggregation function
Control/Mgt function
FE
GE1 ..16
GE/FE
1 - 7
SMAS
ACU

33. 33
TOC
ISAM R2.0 building blocks: NT and LT
 Line Termination boards – LT’s
 Connectivity to DSL user
 Involved in the data forwarding path
IWF – Interworking function
 Network termination board - NT
 Runs Control Plane Software logic and
Management software
Provides management and control interfaces,
SW management, fault management,
configuration management and DB
management
 Service Hub
 Connectivity for electrical or optical
Ethernet interfaces
 Master clock selection and distribution
 One NT per shelf
No redundancy supported
LT
.
.
.
…
…
P
S
P
S
PSTN
7302
ISAM
LT BOARDS
APPLIQUE
BOARDS
NT I/O LT
NT
ACU
3 x FE/GigE
elec or
GigEoptical
SMAS

34. 34
TOC
ISAM R2.x building blocks: NT I/O
 provide additional external
interfaces to the 7302 ISAM shelf.
 Interfaces with the NT via the
backpanel
 ethernet interface for
management
 Interface for test access
 One NT-I/O/ISAM system
LT
.
.
.
…
…
P
S
P
S
PSTN
7302
ISAM
NT I/O LT
NT
ACU
4 x FE/GigE
elec or
GigEoptical
SMAS

35. 35
TOC
ISAM R2.x building blocks: ACU
 ACU: Alarm Control Unit
 Collection of equipment alarms
(fans, fuses, …)
 Customer external alarms
 Drive alarm lamps in TRU
 Connection to Craft Terminal
 One ACU/ISAM system
Craft Terminal
LT
.
.
.
…
…
P
S
P
S
PSTN
7302
ISAM
NT I/O LT
NT
ACU
4 x FE/GigE
elec or
GigEoptical
SMAS

36. Equipment practice

37. 37
TOC
ISAM 7302 R2.x
 Single-shelf ASAM equipment practice
 XD-LT ETSI splitterless shelf
ALTS-T
 Different Rack configurations
 Splitterless deployment
Max 2 Shelves per Rack
2 ISAM Systems per Rack
 Deployment with splitters integrated in
rack
1 Shelf per Rack
1 ISAM System per Rack
TRU
SUB 2
SUB 1
Splitterless deployment

38. 38
TOC
ISAM 7302 R2.x : Rack configurations
Splitterless deployment
2 ISAM systems in 1 rack
TRU
Splitterless
shelf 2
Splitterless
shelf 1
dustfilter
TRU
Splitterless
shelf 1
dustfilter
Splitterless deployment
1 ISAM systems in 1 rack
Combo deployment
splitters integrated
in rack
TRU
Splitterless
Shelf
Splitter
Shelf
dustfilter

39. 39
TOC
XD-LT ETSI splitterless shelf: ALTS-T
 XD splitterless equipment
 530 x 285 x 750**mm shelf with front acces
**750 mm fanunit without dustfilter
**763 mm fanunit with dustfilter
 Fits a conventional 2200mm rack
600 x 300 mm rack dimensions
 Housing for 2 NTs, one ACU , 16 line cards (LTs)
 Has no splitter area
External splitter possible ( in rack or MDF)
 60 x30 cm² footprint
 Two shelves per rack possible
 768 lines per shelf
 Fan unit inserted in each shelf
 8 Fans – One failure supported
 One dust filter needed per rack
 Optimized for mass deployment
 Low power consumption per line
XDSL x 24
XDSL x 24
LT board
Back panel
LINE(1..24)
LINE(25..48)
FAN
Dustfilter

40. 40
TOC
Dust filter
XD-LT ETSI splitterless shelf: ALTS-T
ACU
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
NT
connector area
line board area
fan area
ISAM NT I/O
NT
(future)
ADSL Lines
25-48
ACU
ADSL Lines
1-24
SMAS
Fan unit
PWR
LT

41. 41
TOC
XD-Splitterless shelf : Connector area
remote CT
TRU
connectors for ADSL lines
Extension
A B
previous
subrack
* not supported
next subrack
* Not supported
PSTN
Dial-in modem
PWR
AL - AR
BL - BR
RET

42. 42
TOC
PLID Setting (1/2)
 The splitter shelf (ASPS-A)
does not have PLID jumpers.
 In case a splitter shelf is
equipped in a rack, the next
splitterless shelf (ALTS-T) is
considered as “subrack 1”.

43. 43
TOC
XD Splitter shelf: ASPS-A
 XD splitter equipment
 465x280x785mm shelf with front
acces
 Fits a conventional 2200mm rack
600 x 300 mm rack dimensions
 Housing for up to 16 Splitter Cards
each supporting 48 lines
 60 x30cm² footprint
 Can be mixed in the same rack with
XD-LT subrack
 Integrated splitter configuration
 Only one ISAM system in one rack
 Test/Spare bus on backpanel
PSPC board
Back panel
LINE (25..48)
LINE (1..24)
LINE
25-48
POTS
25-48
POTS
1-24
LINE
1-24

44. 44
TOC
XD Splitter shelf: ASPS-A
connector area
Splitter
board
area
ADSL Lines
1-24
TAUS
ADSL Lines
25-48
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
connector area
ADSL
25-48
POTS
25-48
POTS
1-24
ADSL
1-24
P
W
R
A
L
M
TRU cable

45. 45
TOC
Hardware – System’s components
Top Rack Unit
Up to 2 XD LT shelves
per rack
Fan Units
Splitter shelf can be integrated
in rack or separate (as shown)
ATRU-Q
AFAN-H
• Power provisioning
• Fuses for boards/fans
air flow
XD LT shelves
• with or without dustfilter

46. 46
TOC
Top Rack Unit: ATRU-Q ISAM variant
 2 Variants exists
 Top rack unit for splitterless rack configuration
One or two LT subracks
Powering for Service Hub included
 Top rack unit for rack configuration with splitter
one LT subrack + one SP subrack
Powering for Service Hub included

47. 47
TOC
Network Termination board – ECNT
 Service Hub
 24 Gbps line rate capacity
 16 port reserved for line cards
 1 port to the control & mgt function
 7 ports remaining for Ethernet user links,
subtending links and network links
 2 Variants
 ECNT-A – 100 Mb to each LT
 ECNT-B – 1GE to each LT
 Contains FLASH, RAM and ROM memory
 Interfacing with management and control
interfaces via backpanel
 Traffic management on NT
 Layer 2 optimized
 Evolution to layer 3
ECNT-A
ECNT-B

48. 48
TOC
Network Termination board – ECNT
 3 Ethernet interfaces
 RJ45 auto-sensing 10/100/1000Base-T
 On board Media Conversion to GE Optical
 SFP Optical Modules required
 3 status leds
 extensive debug LEDs and LEDS per port
LEDs
Optical i/fs
Electrical
i/fs

49. 49
TOC
Network Termination board – NT-I/O
 Provides 4 Additional Ethernet External Interfaces
 ECNC-A Variant
 RJ45 auto-sensing 10/100/1000Base-T (4)
 On board Media Conversion to GE Optical
 ECNC-B Variant
 FE Optical interfaces (4)
 SFP Optical modules required
 RJ45 for out-band management (Ethernet)
 RJ45 for Test access (Connection to TAU)
 extensive debug LEDs and LEDS per port
 One card per shelf (if needed)
Status
LEDs
Optical
i/fs

50. 50
TOC
SFP Pluggable Optical Modules for NT & NT-I/O
 Optical modules available for GE
 GE SX MM 850nm 550m (4dB)
 GE LX SM 1310nm 10km (11dB)
 GE EX SM 1310nm 40km
 GE ZX SM 1550nm 80km (20dB)
 Optical modules available for FE
 FE MM 850nm 550m (4dB)
 FE SM 1310nm 10km (11dB)
 All modules have LC connector

51. 51
TOC
Line Termination Board: LT
 Multi-ADSL line card
 48 ports per card
 ADSL/ADSL2/Re-ADSL2/ADSL2+ line
termination
 POTS and ISDN Line cards
 GigE interface towards switching matrix via
backpanel
 ATM cell <-> Ethernet packet conversion
 Inter Working Function (IWF)
 network processor to provide ATM and Ethernet
inter-working function.
IPX for EBLT-C & EBLT-D – L2&L3 Forwarding
Models
BCM6550 for EBLT-A – L2 Forwarding Model only
 ISAM R1.0 LTs can be used in R2.0
 Auto-sensing to determine from where the data
comes
EBLT-A (POTS - BCM 6550)
EBLT-C (POTS – IPX)
EBLT-D (ISDN – IPX)

52. 52
TOC
Line Termination Board: LT
 Installed in any of the 16 LT slots
of the XD Splitterless shelf
(ALTS-T).
 Status leds
 Transport of Ethernet packages
from and to the Service Hub in the
NT via GE point to point connections
on the backpanel
 Can be hot inserted or hot
extracted.
 ISAM R1.0 LTs can be used in R2.0
 Auto-sensing to determine from
where the data comes

53. 53
TOC
Hardware – Line Termination card (schematic)
LT
ADSL
POTS
xDSL
modem
x/ATM/xDSL
High Pass
Filter
ADSL
POTS
ADSL
x/ATM
Ethernet
ATM/Eth
IWF
OBC
Utopia
i/f
Backplane
i/f from connector
Backplane
i/f to NT

54. 54
TOC
Alarm control Unit Board: ACU
 Inserted in the left outmost slot of the XD Splitterless
shelf (ALTS-T).
 Five LEDs to indicate different levels of fault conditions
 ACO/Lamp test pushbutton switch
 Craft interface
 9-position subminiature D connector
 Ethernet connection
 RJ-45 for out-band mgmt
 Cannot be used
 One ACU/ISAM system
AACU-C

55. 55
TOC
System MAC Address Storage: SMAS-card
 SMAS = System MAC Address
Storage
 Located on the XD Splitterless shelf
(ALTS-T) next to slot 16
 Contains only a Remote Inventory
 Contains the MAC@ of the shelf
 NT public MAC@
 Does not contain MAC@ of Service
Hub
 Without SMAS the ISAM doesn't
come online,
 SMAS is delivered with XD
Splitterless shelf.
ESSMAS

56. 56
TOC
POTS splitter board : PSPS
 48 lines per card
 Inserted in slot of splitter shelf
 16 slots per shelf
 Separates the ADSL and POTS/ISDN
signals in the upstream direction &
Combines the ADSL modem signals with
POTS/ISDN signals to the customer
 With or without relays
 Supports connection to external test device for
line measurement purposes
AA variant: outward line testing
AB variant : full test access
 Ready to support N+1 LT redundancy
 Compatible with ADSL2+ (2.2 MHz
bandwidth)
 POTS and POTS+ISDN 2B1Q Variant
ADSL
25-48
POTS/ISDN
25-48
POTS/ISDN
1-24
ADSL
1-24
XD-PSPC 48 lines
PSPS-B (POTS)
PSPS-T (POTS + ISDN - Combo)

57. 57
TOC
MDF cabling in the 7302 ISAM
SFP SFP SFP SFP
Subscriber line
PSTN
MDF
ADSL
POTS
ADSL
POTS
POTS
DATA
Eth
ADSL
POTS
LPF
ADSL
POTS
SPLIT
ADSL
POTS
HPF





58. 58
TOC
SFP SFP SFP SFP
MDF cabling in the 7302 ISAM
Subscriber line
POTS
MDF
External Splitter
device
Incumbent LEC
Competitive LEC
Splitterless ISAM
shelf + Service Hub
ADSL
POTS
LPF
POTS
ADSL
POTS
SPLIT
ADSL
POTS
HPF
ADSL
POTS
ADSL
POTS
DATA
Eth

59. 59
TOC
Cabling in ‘Splitterless’ Deployment
MDF
Competitive LEC
ISAM
ADSL
POTS
DATA
Eth
MDF <> BP Cable
180 degr

60. 60
TOC
Cabling in the 7302 ISAM
ADSL Lines
1-24
ADSL Lines
25-48
ADSL
25-48
POTS
25-48
POTS
1-24
ADSL
1-24
Splitter shelf cabling
Connector area Splitterless shelf

61. Features and Concepts

62. Physical Layer features

63. 63
TOC
802.3ad Link Aggregation Protocol
 Multiple Links can be aggregated into a Link Aggregation
Group
 Data rate of aggregate is N times date rate of components links
 Aggregate participates in forwarding decision process
 Supported for Network & Subtending Links
 Support for up to 2 Link Aggregation Groups (LAG)
 Support for LACP
EMAN node
7302 iSAM
xDSL
xDSL
7302 iSAM
L.A.G. L.A.G.

64. 64
TOC
802.1w Rapid Spanning Tree Protocol
xDSL
xDSL
X
X
X
>Avoids loops in a bridged network by disabling certain links
•Provides path redundancy in bridged networks
•Rapid STP provides sub second reconvergence times
•One spanning tree for all VLANs
•Can be configured in STP compatible mode
•R-STP limits number of hops (typically 8)

65. Forwarding modes in 7302 ISAM

66. 66
TOC
NT
Forwarding functionalities provided by two forwarding engines
 Forwarding functionality on LT
 Each LT has an IWF
16 LTs per ISAM system
 Service Hub on NT
Service
Hub
GE1-16
External
Ethernet
links
GE/FE
1 - 7
ASAM
link
LT 1
PVC / Logical
user port
CPE
x/ATM/ADSL
x/Eth x/Eth
x/Eth
VP/VC User
IWF
GE1-16

67. Forwarding modes in 7302 ISAM
Layer 2 forwarding
General concept

68. 68
TOC
L2 functionality - General (1/4)
Network
side
DSL
ATM
Eth – (VLAN) User
side
7302 ISAM
ANT
Eth - VLAN
 The 7302 ISAM will:
 Terminate xDSL and ATM coming from user side
 Have Ethernet on the ‘network’ side
In case tagged frames at user side and tagged frames supported ,
VLAN-id ported transparently (only from R2.0 onwards)
 Layer 2 forwarding
 Ethernet Layer must bepresent at both sides.
 Encapsulation at CPE must include Ethernet
Eth-VLAN
L2
Anything
Anything

69. 69
TOC
L2 functionality - General (2/4)
 Two forwarding modes are supported in the7302 ISAM.
 The cross-connect (CC) mode
One Virtual Circuit per VLAN (Not one VLAN per VC)
In combination with support of tagged frames on user side, possibility to have
multiple VLANs per Virtual Circuit
 The Intelligent bridging (IB) mode
Each VLAN can be used by multiple Virtual Circuits
e.g. VLAN indicates provider
 Each IB-VLAN has 2 or more egress ports:
 1 or more user logical port/cascade (trunk) port/user Ethernet port
 1 or more network (trunk) ports
 Each CC-VLAN has 2 or more egress ports:
 Strictly 1 logical port/cascade (trunk) port/user Ethernet port
 1 or more network (trunk) ports

70. 70
TOC
7302 ISAM: Layer 2 behaviour (3/4)
ASAM link
PVC / Logical
user port
LIM 16
IWF
48
ADSL
lines
Standard VLAN enabled
bridge. Provde IB and XC
mode by standard VLAN
configuration with extra
features
Special E-Man/ATM Layer
2 access behaviour of the
IWF.
Cross-connect or
Intelligent bridge mode.
LIM 1
IWF
External
Eethernet
links
GE1-16
NT
Aggregation function
Service Hub
Control link
Control/Mgt function
FE
GE1 ..16
GE/FE
1 - 7
Management of data
plane LIMs,
no forwarding

71. 71
TOC
7302 ISAM - L2 functionality - General (4/4)
 CPEs needs to use Ethernet over ATM, encapsulated by AAL5
and RFC2684 “bridged”
POTS,ISDN
CPE
ISAM
LT
AAL5
ATM
xDSL?
LLC
SNAP
Anything
Ethernet
Layer 2
PHY
Ethernet
Layer 2
(+ MAC
Control)
E-MAN
Network
Anything
AAL5
ATM
PHY
LLC
SNAP
Ethernet
Layer 2
GE
Ethernet
Layer 2
(+ MAC
Control)
ETH-ATM
Interworking
Function
(IWF)
Eth
GE
Eth
FE/GE
Switch
GE
Eth
FE/GE
Eth
PHY
Switch
NT

72. Forwarding modes in 7302 ISAM
Layer 2 forwarding
Intelligent Bridging

73. 73
TOC
Standard Bridging Principle
 MAC bridges can interconnect all kinds of 802 LAN together
 Delivery of frames is not guaranteed
 A bridge monitors the traffic on all ports and remembers for each source MAC
address on which port it resides. This is called SELF LEARNING.
 Learn MAC addresses of all connected users, and connected edge points
 If the destination MAC address is broadcast, multicast or unknown, the frame
is forwarded to all interfaces:
 “If you do not know, send it to everybody’
 If the destination MAC address is known as a result of the self learning, the
frame is forwarded to the indicated interface
 Possible states of a bridge (STP):
 Learning: relay disabled, learning enabled
 Forwarding: relay enabled, learning enabled
 Blocking: relay disabled
 Disabled: by management (STP disabled)

74. 74
TOC
DSLAM & Ethernet switches in bridged mode: Issues
 Scalability:
 Broadcast storms
 Security
 Broadcast frames (ARP, PPPoE-PADI…) are forwarded to all users
 Customer segregation
 customers are identified by MAC-address (not guaranteed unique)
 Restrictions on services and revenues:
 IP edge device has no info on the access line
e.g. not possible to limit the #PPP sessions per access line, or to do IP spoofing, …
 User-to-user communication is possible without traffic passing the BRAS
(operator has no means to charge for that traffic)
note that PPPoE forces traffic to go via BRAS.

75. 75
TOC
VLAN Intelligent Bridging model
 Multiple users connected to 1 VLAN ID
 1 VLAN ID per [IP-edge –DSLAM]-pair
 Each IB-VLAN has 2 or more egress ports:
 1 or more user logical port/cascade (trunk) port/user Ethernet port
 1 or more network (trunk) ports
Internet
E-MAN
Network
ISP2
ISP1
Routing to the
correct ISP is
based on the
VLAN-id
Routing to the correct
ISP is done based on
user-id and password in
the BRAS
E-MAN
Network
IP
Internet
ISP
Corporate
BAS
Login to ISP
or corporate
Note : Tagged frames supported from
7302 ISAM R2.0 onwards but not for IB
(only for CC mode )

76. 76
TOC
VLAN Intelligent Bridging model
 Special layer 2 behavior needed for equipment being deployed in an
access environment
 Intelligent bridging with VLAN tagging
 Intelligent Bridge (IB) means
 Difference between network ports and user ports
Frames received from a user always sent towards the network
Frames received from a user never sent to a user
• No user to user communication
 Prevention of Broadcast storms
Avoid broadcast to all users
Avoid broadcast as consequence of flooding
Depending on protocol above Ethernet treatment of BC frame type can be different
 Secure MAC-address learning
Avoid the use within one particular VLAN of the same MAC-address over multiple ports
 Protocol filtering
A resulting match or mismatch with a protocol filter may lead to a frame being forwarded, sent to a host
processor, discarded or forwarded & sent to a host processor

77. 77
TOC
Security/Scalability issue with Standard bridging
 Broadcast frames (ARP, PPPoE-PADI…) forwarded to
all users & flooding to all ports.
 MAC-address of a user is exposed to other users
 Broadcast storms
Ethernet
BRAS PC
CPE
DSLAM
PC
CPE
DSLAM
PC
CPE
BR
BC or unknown MAC DEST @
Problem:
Broadcast msg (ARP, PPPoE …) from
PC (US) and BRAS (DS) is broadcasted
to all ports.
Flooding of frames with unknown MAC
DEST address to all ports
MAC-address of a user is exposed to
other users

BC or unknown MAC DEST @

78. 78
TOC
“Intelligent bridging” – broadcast msgs & flooding US
 Upstream broadcast frames only forwarded within a VLAN &
flooding only towards network port(s) within the VLAN
 substantial reduction of flooding in the aggregation network.
 No User-to-user communication is possible without traffic passing the BRAS
 Different treatment depending on type of broadcast frames needed for certain
applications
Ethernet
BRAS PC A
CPE
ISAM
PC
CPE
ISAM
PC B
CPE
BC or unknown Mac DEST@
BR
Solution:
•ISAM forwards upstream broadcasts
only to the uplink
•ISAM floods frames with unknown
MAC DA only to uplink
•1 VLAN per ISAM/BRAS
•Bridge only broadcasts/floods
within a VLAN

VLAN 1
VLAN 2

79. 79
TOC
“Intelligent bridging” – broadcast msgs & flooding DS
 Blocking of broadcast & flooding in the downstream
 Avoids that some messages would be unintentionally distributed to all users
For some applications it is useful that flooding BC is possible
Solution: Make flooding BC/discarding BC a configurable option per VLAN
 Different treatment depending on type of broadcast frames needed for certain
applications
Protocol filters
ISAM
Ethernet
BRAS
PC
CPE
ISAM
PC
CPE
PC
CPE
BC or unknown
MAC DA
BR
Solution:
No messages unintentionally
distributed to all users.
Security.

Principle

80. 80
TOC
NT
Intelligent Bridging function in 7302 ISAM
 IWF on the LTs
 support the E-MAN/ATM layer 2 access.
 Each IWF has separate filtering databases (Fdb) to implement bridge
function
 Service Hub on NT
 Own filtering databases (Fdb)
 Filtering databases on IWFs & Service Hub per VLAN
 MAC-address learning is done within the VLAN
Service
Hub
GE1-16
External
Ethernet
links
GE/FE
1 - 7
ASAM
link
LT 1
PVC / Logical
user port
CPE
Eth/ATM/ADSL
Eth Eth
Eth
VP/VC User
IWF IB
IB

81. 81
TOC
Residential Bridging function in 7302 ISAM
 Bridge function : Learning, aging, forwarding
 Lookup MAC DA done based on VLAN and MAC-address
 Intelligent bridging enhancements implemented on IWFs and
Service Hub
 Autonomous behaviour of IWF and Service Hub
 Independent MAC-address learning
 Independent MAC-address aging
Aging timers are configurable
• Should be the same

82. 82
TOC
Self-learning in the IWF-LT
 only in the upstream - when initiated from user logical port
 No self-learning on Ethernet uplink of the IWF
Half a bridge
 Self-learning can be disabled per user logical port.
 In case of self-learning, limiting the number of MAC addresses is
possible.
LT
To Service
Hub
Learning of Source Mac@
within VLAN
NO selflearning
x
y
z
MacA
MacB
MacC
MacA ->MacD
MacD ->MacA
x
port
MacA
Mac@
1
y MacB 1
VLAN
z MacC 2

83. 83
TOC
Bridged mode in the IWF-LT: Upstream
 Flood all unicast frames with unknown MAC DA to the Ethernet
port
 No user to user communication within the LIM
 No flooding from user to user port
 Broadcast frames are flooded towards the NW port
 Unless differently defined by a protocol filter.
LT
To Service
Hub
MAC DA unknown
or BC frame and no
match protocol filter
x
y
z
MacA
MacB
MacC

84. 84
TOC
Bridged mode in the IWF-LT: Upstream
 Frames with MAC DA known not forwarded to user
but flooded to the Ethernet port
 MAC DA known means address already learnt for a user on the
same LIM
 No user to user communication within the LIM
due to HW functionality
LT
To
Service
Hub
x
y
z
MacA
MacB
MacC
MAC DA known
MACB  MACA
x
port
MacA
Mac@
1
y MacB 1
VLAN
z MacC 2

85. 85
TOC
Bridged mode in the IWF-LT: Downstream
 Forward all unicast frames with known MAC DA to the correct
user logical port
 Discard all unicast frame with unknown MAC DA
 No flooding from NW port to user port
 No user to user communication
LT
From Service
Hub
x
y
port
MacA
MacB
Mac@
1
1
VLAN
x
y
z
MAC DA known
MACD  MACA
MAC DA unknown
MACD  MACC

86. 86
TOC
Bridged mode in the IWF-LT: Downstream
 Broadcast frames received on Ethernet uplink are treated in
function of the BC flag in the system
 Configurable per VLAN (in IB mode)
 By default BC is disabled.
broadcast frames received on Ethernet uplink are dropped unless
differently stated by protocol filter rules.
 BC flag enabled
broadcast frames received on Ethernet uplink are flooded to all users
unless differently stated by protocol filter rules.
BC disabled
and no match protocol filter
LT
From
Service
Hub
BC frame and BC enabled
and no protocol filter
LT
MAC-DA
Broadcast
MAC-DA
Broadcast
From
Service
Hub

87. 87
TOC
Bridged mode in the Service Hub: Upstream
 Self-learning implemented for both upstream and downstream
direction
 User port support only cross-connect mode
 Discard all user unicast frames with MAC DA known on an
ASAM or Subtending port
 No user to user communication
Learning of Source
Mac@ within VLAN
X’
port
MacA
Mac@
1
Y’ MacB 1
VLAN
Z’ MacC 1
U’ MacD 1
E-MAN
LT
LT
Service
Hub
E-MAN
X’
Y’
Z’
MacA
MacB
MacC
U’
V’
B A
B C

88. 88
TOC
Bridged mode in the Service Hub: Upstream
 Flood all unicast frames with unknown MAC DA to the NW ports
 Flooding within the VLAN and hardware
isolation group
 No user to user communication
 Broadcast frames are flooded towards the NW port
 Broadcast within the VLAN and hardware isolation group
 Unless differently defined by a protocol filter.
E-MAN
LT
LT
Service
Hub
E-MAN
X’
Y’
Z’
MacA
MacB
MacC
U’
V’
BBC
B E?
X’
port
MacA
Mac@
1
Y’ MacB 1
VLAN
Z’ MacC 1

89. 89
TOC
Bridged mode in the Service Hub: Downstream
 Self-learning implemented for both upstream and downstream
direction
 User port support only cross - connect mode
 Forward unicast frames with known MAC DA based on learnt
information on ASAM ports,subtending ports
 forwarding within the VLAN and HW isolation group
E-MAN
LT
LT
Service
Hub
E-MAN
X’
Y’
Z’
MacA
MacB
MacC
U’
V’
D  A
X’
port
MacA
Mac@
1
VLAN
Z’ MacC 1
V’ MacD 1

90. 90
TOC
Bridged mode in the Service Hub: Downstream
 Flood all unicast frames with unknown MAC DA to ASAM ports,
subtending ports,
 flooding within the VLAN the HW isolation group
 Frames dropped in the LIM
 Broadcast frames flooded towards ASAM ports, subtending ports,
user ports
 flooding within the VLAN and HW isolation group
 Further processing of the BC frame by the LT-IWF
 Unless differently defined by a protocol filter.
E-MAN
LT
LT
Service
Hub
E-MAN
X’
Y’
Z’
MacA
MacB
MacC
U’
V’
D  BC
D  E?
X’
port
MacA
Mac@
1
VLAN
Z’ MacC 1
V’ MacD 1

91. 91
TOC
Blocking of user to user communication on IWF
 No flooding from user to user due to HW implementation
 Unicast frame with known MAC DA forwarded only to uplink port
 Forwarded to the Service Hub
LT
To
Service
Hub
x
y
z
MacA
MacB
MacC
B A
B C
B BC
x
port
MacA
Mac@
1
y MacB 1
VLAN
z MacC 2

92. 92
TOC
Blocking of user to user communication on Service Hub/NT
 Port mapping on the Service Hub/NT
 An interface can only communicate
with its mapping ports
Prevent certain ports from sending
packets to other ports even if they are
on the same VLAN
 Link configuration implements
configuration of the link
port-mapping relationship of the
interfaces of the Service Hub
Default configuration present on the
Service Hub
Reconfigurable by the operator
 Discard all user unicast frames with
MAC DA known on an ASAM or
Subtending port
ASAM links
7 Network
links
Control
link CPU port
1 15 16
Service
Hub
ASAM links
X Network
links
Control
link CPU port
1 15 16
Service
Hub
User links
Subtending
links
Default configuration

93. 93
TOC
Blocking of user to user communication on Service Hub
 Prevented by port mapping
NW Network Link
SUB Subtending Link
ASAM ASAM Link
USER User Link
CONT Control Link
user links
subtending links
E-MAN
network
links
ASAM links
Control link
NT
LT
LT

94. 94
TOC
Unique VID per [IPedge -DSLAM]-pair in EMAN when Int. bridge
 VLAN must be unique between [IPedge-ISAM]-pair to support
Intelligent Bridging feature
 Avoid user to user communication
 Avoid BC and flooding towards ISAMs
IP edge PC A
CPE
ISAM
PC C
CPE
VLAN1
BR
Problem:
If user A can obtain the MAC-
address of user C, since the
Ethernet switch learns all Mac-
addresses , user to user
communication is possible

Solution:
Make sure that all IPedge-ISAM
pairs are unique

ISAM
Ethernet

95. 95
TOC
Customer segregation issue resolved in IB
 Protection against the learning of duplicate MAC-address
 no unstable behaviour
 Traffic from duplicate MAC-address in separate DSLAM can be
distinguished as separate flow in the Ethernet switches of aggregation
Network when different VLAN id per DSLAM is used
port Mac@
x MacA
y MacA
MacA
MacA
ETH Port x
Port y
Packet with destination address MacA
Problem:
If 2 users with same MAC-
address, forwarding engine can
not distinguish
Solution:
MAC@ conflict control
Secure MAC@ learning


?

96. 96
TOC
Secure MAC@ learning
 Service Hub
 MAC movement to highest
priority
 Within priority , always MAC
Movement
 Within priority , MAC
movement only when feature is
enabled in the VLAN
(configurable)
 LT-IWF
 Blocking duplicate MAC-
address
 Static MAC-addresses never
disappear from learning table
irrespective of possible priority.
user links
subtending links
E-MAN network links
ISM links/outband
MGT link
ASAM links
NT
LT
LT
Control link
IWF
IWF
1
2
3
3
3
3
2
2
3

97. 97
TOC
Blocking of number of MAC-addresses per port in IB
 Operator can configure max. number of MAC-addresses in the table.
 Prevents attacks that would fill up the bridging tables
 Service differentiation
set subscription rules on max number of devices connected simultaneously
 Note : Number of MAC-addresses learned in the switches remains
an issue … .
port Max
Mac@
x 2
MacA
ETH
Port x
Connected
via PPPoE
MacB
MacC
bridged
IP
Internet
ISP
BAS
port Mac@
x MacA
x MacB
PADI with source address=MacC
ISAM

98. 98
TOC
Blocking of number of MAC-addresses in 7302 ISAM
 On the LT-IWF
 Max-Num-MAC-entries-DSL-Port
HW dependent
 Max-Unicast-MAC-ULP (user logical port)
Configurable  Max-Num-MAC-entries-DSL-Port
 ( # MAC@ per PVC)DSL port  Max-Num-MAC-entries-DSL-Port
 ( # MAC@ per PVC)LT  Max-Num-MAC-IWF - 72 MC entries
 On the Service Hub
 no object to limit the number of MAC-addresses per Ethernet port
the max. number of MAC-addresses is defined by Service Hub MAC-
address capacity
Max. Number of MAC-addresses Service Hub = 16K

99. 99
TOC
Intelligent Bridge drawbacks
 Security Services !
 IP edge has no info on the line id (e.g. not possible to limit the
number of PPP sessions per access line, or to do anti IP-address
spoofing, …)
The function could be taken up in BRAS, if associated with PPP relay
(BRAS would link IP@ - PPP session id – line id) or for non-ppp
connectivity via DHCP option82
 No support for devices with same MAC-addresses when
connected to same ISAM
 Protocol filters needed for protocols that rely on broadcast
messages towards user

100. 100
TOC
VLAN intelligent Bridging model – traffic
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
IB
IB
IP
Eth
RFC2684-br
IPoE
PPP
IP
Eth
PPPoE RFC2684-br
IPoE
DSL
IP
Eth
ATM
PPPoE
DSL
PPP
IP
Eth
ATM
PPPoE PPPoE
RFC2684-rt
IPoA
DSL
ATM
IP
PPP
IP
Eth
PPPoE PPPoA
DSL
IP
ATM
PPP
PPPoE
LT
Service
Hub/NT
IB
IB
IB
session layer
unchanged!
(transparent)
translation
to PPPoE
by PPPoE
server
IB
NT
LT

101. Forwarding modes in 7302 ISAM
Layer 2 forwarding
Cross-connect mode

102. 102
TOC
Cross connect mode
 Conceptually very similar to classical ATM PVC cross-
connect
 One “customer”-VLAN (C-VLAN) contains strictly one user
 User port or user logical port or user on subtended interface
 One “customer”-VLAN contains one or more network ports
 One user can be cross-connected to multiple VLANs
 in this case user frames need to be tagged
 Transparent bit pipe

103. 103
TOC
Eth. bridging
Appl.
IP
TCP
PPP
Eth.
Phys.
Phys.
LLC
SNAP
AAL5
ATM
xDSL
Phys.
ATM
xDSL
Phys.
LLC
SNAP
AAL5
Eth. Xconnect
Eth.
IP
routing
PPP
PPPoE
PPPoE
Phys. Phys.
Eth. Bridging
VLAN
VLAN
VLAN
VLAN
Ethernet
BRAS
PC
CPE
ISAM
1 VLAN id per DSL line 1 PVC / DSL line
Cross connect mode: Example
 PPPoE in an Eth aggregation environment “emulating ATM”

104. 104
TOC
VLAN Cross-connect mode
 Transparent pipe for unicast, multicast and broadcast traffic
 any protocol : IP, PPP, IPX, Appletalk,...
 Each CC-VLAN has 2 or more egress ports:
 Strictly 1 logical port/cascade (trunk) port/user Ethernet port
 1 or more network (trunk) ports
IP
Internet
E-MAN
Network
CPE
CPE
CPE
CPE
CPE
ISAM
ISP2
ISP1
BAS
Routing to the correct
ISP is done by the BAS
based upon the user’s
id (session)
Note : Tagged frames supported from
7302 ISAM R2.0 onwards for cross-
connect mode
VP/VC VLAN
2/100 1
2/101 2

105. 105
TOC
Cross connect mode
 No Customer segregation
 Mac-address not used in the forwarding decision, customer is identified by
access line (VP/vC), which is translated into VLAN id.
 No user to user communication
 IP edge device knows the line id (1 VLAN = 1VP/VC) , so can
implement features like max number of PPP sessions per line
(VP/VC), or IP-address spoofing, …(see later)
 Broadcast frames are flooded per VLAN only:
 No superfluous flooding in the aggregation network
 Separation of broadcast traffic per user
 Limiting number of MAC-addresses learnt per user interface – feature
still useful
 In that case self-learning needs to be enabled on the DSL port

106. 106
TOC
Service
Hub
ASAM -shelf
GE1-16
External
ethernet
links
GE/FE
1 - 7
ASAM
link
LT 1
IWF
Cross connect mode in 7302 ISAM
 Service Hub
 Designed with the principle of
standard bridging
 Xconnect mode achieved by:
Configuration of only one user to
one VLAN and disabling protocol
filters
 LT-IWF
 Cross connect mode configurable
Implicitly a 1-to-1 mapping between ATM
PVC and Eth VLAN is made
Transparent forwarding of frames to the
Ethernet port
 Downstream
No MAC addresses needed to decide on
the forwarding
Frames with unknown VLAN are
discarded
VP/VC VLAN
1/100 1
1/200 2
1/300 3
1/100
1/300
1/200
Note : From 7302 ISAM R2.0 onwards
intention to configure VLAN mode also in
Service Hub

107. 107
TOC
Cross connect mode
 But… new scalability issue:
 VLAN technology only 4k VLAN-ids -> max 4k users per IP edge
 Scalability issue in the switches behind the DSLAM
 Option to enable self-learning per DSL port in cross-connect is
advisable
Normally in cross-connect mode you lose the self-learning aspect, which
is perceived as very attractive

108. 108
TOC
VLAN Cross-connect model – traffic types
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
CC
CC
IP
Eth
RFC2684-br
IPoE
PPP
IP
Eth
PPPoE RFC2684-br
IPoE
DSL
IP
Eth
ATM
PPPoE
DSL
PPP
IP
Eth
ATM
PPPoE PPPoE
RFC2684-rt
IPoA
DSL
ATM
IP
PPPoA
DSL
IP
ATM
PPP
LT
Service
Hub/NT
CC
CC
CC-mode configuration achieved
by configuration:
strictly one internal NT-LT
link belongs to each VLAN
(avoid flooding to other LTs)
One VC per VLAN

109. Forwarding Models in 7302 ISAM
Layer 3 Forwarding
General concept

110. 110
TOC
L3 functionality - General
 ISAM Layer 3 functionality from R2.0 onwards
 Initially to support PPPoE termination
 The 7302 ISAM will:
 Terminate IP/ETH/ATM or IP/ATM (future) coming from user side
 Terminate IP/Ethernet (VLAN) on the ‘network’ side
 Different possible implementations
IP forwarder on LT, bridge on NT
IP forwarder on LT, VR on NT (future)
Network
side User
side
ANT
Eth-VLAN
L3
DSL
ATM
IP
Eth
IP
Eth - VLAN
IP
7302 ISAM

111. 111
TOC
IP Forwarding and Routing terminology in the 7302 ISAM
 IP Forwarder
 No user-to-user communication in ISAM
Via edge router
 No own IP address -> “IP next hop” is edge router next to ISAM
 Relays IP datagrams:
MAC SA of user replaced by MAC-address of the IP forwarder (LT)
But: all users in ARP table of IP edge router (same subnet)
Leads to large ARP table in next IP-routers
 Max 128 IP forwarders, implemented on the layer 3 LT cards
 IP Router
 User-to-user communication
 Advantage: users not in ARP table of IP edge router:
Has its own IP address -> default IP gateway of users
 Routes IP datagram:
MAC SA replaced by MAC SA of IP router
MAC DA replaced by MAC-address of next destination (IP host or IP router)
 1 IP router implemented on the NT (R2.1)

112. 112
TOC
Layer 3 forwarding - principles
2 options
1) IP forwarding
Supported for PPPoE traffic on R2.0
Supported for non-PPP traffic on R2.1
No Routing protocol support on NT
2) IP routing
Supported by R2.1.
Including routing protocol support on NT

113. Forwarding Models in 7302 ISAM
Layer 3 Forwarding
IP Forwarding

114. 114
TOC
IP-forwarding in the 7302 ISAM (“semi-VR”)
 IP forwarding is implemented on the LT boards
 IP forwarding in ISAM R2.0 only needed as the data plane of terminated
PPP/PPPoE sessions
Implemented in 7302 ISAM R2.0 LT board with IPX-2400 network processor
 Future proof.
 The NT/Service Hub remains a pure layer 2 switch
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
(PPP)
(PPPoE)
ETH
Lower
layers
IP
(PPP)
(PPPoE)
ETH
Lower
layers
IP
IP
ETH
Lower
layers
Edge
Router
UDP
IP
ETH
Lower
layers
DHCP
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
IP
Network
IP
IP
ISP/Internet
LT
NT
FW
IB

115. 115
TOC
IP forwarding implementation
 Implementation:
 L3 Forwarder on LT
 Bridge on NT
 Max 128 minus other bridges already configured.
 No routing protocols supported.
 Static routes can be configured in FIB on LTs.
 IP-address learning for IPoE/A and IP anti-spoofing
 configuration for static
 learning by DHCP snooping
 Support of Proxy ARP
 No user-to-user communication in ISAM

116. 116
TOC
IP-forwarding on the LT in the 7302 ISAM
 LT board does not have an individual public IP-address
 LT board can’t be addressed as a next-hop by the edge router
 Therefore IP forwarding and not IP routing
 Network configuration so that edge router “thinks” that all
users on all ISAMs are directly connected
 Mapping in VRF
 Virtual Routing and Forwarding
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
IB
VRF-Green
VRF-RED

117. 117
TOC
IP forwarding – 3 associated tables
E-MAN
Network
LT
Service Hub
IP
Network VRF-Green
ISP/Internet
10.1.0.1/16
MAC@edge
Subnet Next hop
10.1.0.0/16 DA* – IPint1
Default 10.1.0.1
* Directly attached – Direct route
Intf nr IP address VLAN ID
IP interface 1 10.1.0.9 VLANpink-VLANorange*
IP Interface table per VRF
IP@ MAC@-VLAN-ID
10.0.0.1 MAC@edge-VLANpink
10.0.0.2 MAC@video-VLANorange
IP net-to-media table - Layer 2 mapping table
Not configurable in R2.0 – dynamic  ARP table per VRF
10.1.0.2/16
MAC@video
10.1.0.10/16
MAC@A
IP Forwarding table per VRF
10.1.0.9/16
* VLAN bundling
VRF-RED

118. 118
TOC
IP-forwarding model – PPP termination
POTS,ISDN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
IB
IP
Eth
IPoE
PPPoE
DSL
PPP
IP
Eth
ATM
PPPoE
LT
Service
Hub/NT
IB
IB
NT
LT
Edge
Router
Eth
IPoE
IP
FW
FW
PPP termination
mapping in VRF
PPPoA
DSL
PPP
IP
ATM
Multiple PPP sessions on single
VC supported
limiting # is possible (default: 4)
LTs do not have own IP-address, therefore
IP forwarding and not IP routing at LT
Edge router thinks that all users are directly connected

119. 119
TOC
Eth
IP-forwarding model – IPoE/IPoA
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
IB
Edge
Router
IB
NT
LT
Eth
IPoE
IP
RFC2684-br
IPoE
DSL
ATM
IP
FW
IB
NT
LT
Eth
IPoE
IP
RFC2684-rt
IPoA
DSL
ATM
IP
FW
mapping in VRF:
Virtual Routing and Forwarding
(IP forwarding table)

120. Forwarding Models in 7302 ISAM
Layer 3 Forwarding
IP Routing

121. 121
TOC
Router
 Implementation:
 router on NT
 Virtual Router on LT
 Only one “full” router on ISAM
 planned for future: multiple “full” virtual routers, but requires new NT
 RIP and OSPF supported
 directly connected subnets (to users and ER) configured on ISAM
 IP-address learning for IPoE/A and IP anti-spoofing
 configuration for static
 learning by DHCP snooping
 proxy ARP to users only from LT (note: also internally from LT to
NT).
 user-to-user communication in this router

122. 122
TOC
Eth
IP routing model – Router at NT – IPoE/IPoA
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
Edge
Router
NT
LT
Eth
IPoE
IP
RFC2684-br
IPoE
DSL
ATM
IP
FW
NT
LT
Eth
IPoE
IP
RFC2684-rt
IPoA
DSL
ATM
IP
FW
mapping in VRF
R
R
R
LTs do not have own IP-address,
therefore IP forwarding
and not IP routing

123. 123
TOC
IP routing model – Router at NT– PPP termination
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
IP
Eth
IPoE
PPPoE
DSL
PPP
IP
Eth
ATM
PPPoE
LT
Service
Hub/NT
NT
LT
Edge
Router
Eth
IPoE
IP
FW
FW
PPP termination
mapping in VRF
PPPoA
DSL
PPP
IP
ATM
Multiple PPP sessions on single
VC supported
limiting # is possible (default: 4)
LTs do not have own IP-address, therefore
IP forwarding and not IP routing at LT
R
R
R

124. Subscription management

125. 125
TOC
Two main evolutions in subscriber management
IP Edge/PoP
BAS Session
Management
Aggregation
Network
Internet
Business xDSL
xDSL
xDSL
IP Edge
Routing
IP Core
ISP1
Residential
DSLAM
ISPn
Video
Corporate
BAS
Business
BAS
1
2
3
Network Management
Distribution of some BRAS
functions in the access
node to scale Multi-Service
Increasing role
of DHCP as the end-game
for subscrIBer
management
Increased role in the subscrIBer
management (DHCP relay, PPP
relay & termination …)

126. 126
TOC
DHCP vs. PPP
 PPPoE access to centralised BRAS is the main HSI access scenario today.
 Requirement: support PPPoE access scenario (with the features that are
commonly used in a HSI/PPPoE context)
 PPPoA is still around (mainly ILEC context)
 Due to legacy CPE equipment, due to existing contracts between access
providers and ISPs, …
 And PPPoE/PPPoA is autodiscovered in BRAS, hence operators do now know
which end-users are using PPPoA or PPPoE.
 Requirement: support a PPPoA access scenario (with no impact on BRAS),
auto-detect PPPoE/PPPoA.
 DHCP required for multimedia-services
 Emerging, but still a long way to go before PPP has been reinvented
 Some CLECs consider it for HSIA (no legacy)

127. 127
TOC
DHCP vs. PPP
www
accept/IP-address
“username/password”
www
setup PPP – IP-address
DHCP discover
IP-address
 PPP (Point-to-point protocol ) mode
 User authentication (LCP: PAP/CHAP)
 Session concept
 Not supported by all terminals
 Requires BAS
 DHCP (Dynamic Host Control Protocol ) mode
 MAC-address authentication - DHCP option 82 possible
 No session concept
 Supported by most terminals (e.g. STB, IP phone)
 Requires DHCP server (less expensive than BAS)
+ opt 82
add user identification
7302
ISAM
7302
ISAM
BAS
DHCP
server
AAA
server

128. Subscription management
DHCP

129. 129
TOC
DHCP
 DHCP allows you to define “pools” of TCP/ IP addresses, which
are then allocated to client PCs by the server (scopes in DHCP
terminology).
 Also all the related configuration settings like the subnet mask,
default router, DNS server, …
 IP address
 subnet mask
 default Gateway address
 DNS server addresses
 NetBIOS Name Server
(NBNS) addresses
 Lease period in hours
 IP address of DHCP server.
Client DHCP
Server 1
DHCP Discover (broadcast)
DHCP Offer 1 (IP1, DNS,…)
DHCP Ack
DHCP Offer 2 (IP2, DNS,…)
Wait 1 sec
Accept first Offer
DHCP
Server 2
DHCP Request 1 (IP1, …) (broadcast)

130. 130
TOC
DHCP in the 7302 ISAM with CC-mode
 DHCP relay is disabled for VLAN in cross-connect mode
 DHCP packets transparently forwarded
 Due to hardware, DHCP packets first filtered in the Service
Hub/NT, and then inserted again in the traffic stream.
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
DHCP
UDP
IP
ETH
Lower
layers
DHCP
DHCP relay in Edge
Router
LT
CC
Service
Hub/NT
CC
Transparent bitpipe

131. 131
TOC
DHCP in the 7302 ISAM with IB-mode
 DHCP relay is implemented in a distributed way
 LT provides option 82
Configurable  option 82 when enabled
 Service Hub/NT relays the DHCP packets
E-MAN
Network
UDP
IP
UDP
IP
ETH
Lower
layers
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
DHCP relay Option 82
DHCP
UDP
IP
ETH
Lower
layers
DHCP
DHCP
DHCP
DHCP
IP
ETH
Lower
layers
Edge
Router
UDP
IP
ETH
Lower
layers
DHCP
ETH
Lower
layers
ETH
Lower
layers
IP
ETH
Lower
layers
IP
Network
DHCP
Server
LT
IB
Service
Hub/NT
IB

132. 132
TOC
DHCP relay network setup
E-MAN
Network
Edge
Router
IP
Network
DHCP
Server
Function: DHCP relaying
Configuration per VLAN
Enable / Disable
If enabled (per VLAN)
IP-address of the relay agent = Giaddr
IP-address of DHCP servers (min 1/max
4)
Static route per DHCP server:
* Per DHCP server the IP Next hop
Function : IP routing
Configuration per DHCP server
(Routers business)
Route towards the DHCP server
Route toward Relay agent
Function : Add/remove option 82
Configuration per VLAN
Enable / Disable (from R2.0 onwards)
Independent of configuration of DHCP
relay features.
LT
IB
Service
Hub/NT
IB

133. 133
TOC
DHCP on the LT
 Add/Remove option 82
 Configurable  option 82 when enabled
 LT will process packets US/DS if packets are not relayed by a
downstream relay agent – Gi-addr = 0
 Upstream
 Add option 82
If option 82 already exists in packet then packet is dropped
If packet size exceeds maximum packet size (= MTU) after adding option 82,
option 82 is not added .
 Downstream
 Remove option 82
 Change destination address (MAC-address and IP-address) to broadcast
if BC flag is set
 Forward packet to correct PVC

134. 134
TOC
DHCP in the Service Hub
 DHCP relay is configurable
 Irrespective of configuration, DHCP messages always filtered to
the Service Hub due to HW limitation
 DHCP enabled
 Downstream
Service Hub-OBC will relay if Gi-addr = one of Gi-addr in VLAN(s) of
Service Hub otherwise inserted in forwarding path of Service Hub
 Upstream
Service Hub-OBC relays packet if Gi@=0 and configuration is present
for respective VLAN
 DHCP disabled
 Service Hub-OBC will insert DHCP message again to forwarding
path in the stream

135. 135
TOC
DHCP relay disabled and BC flag not set
E-MAN
Network
Selflearning
MACA port x
Option 82***
DHCP Discover : BROADCAST
IP=?
MacA
IPER
MacER
Selflearning
MACA port y
Broadcast flag NOT set by client
DHCP Offer : UNICAST
Yi@= IPA and Si@=IPS
IPA
MacA
L3: IPS  IPA
L2: MACER  MACA
Selflearning
MACER port z
L3: null  IPBC
L2: MACA  MACBC
DHCP Offer : UNICAST
Yi@= IPA and Si@=IPS
L3: IPS  IPA
L2: MACER  MACA
DHCP Request : BROADCAST
Si@=IPS / option 50 = IPA

L3: null  IPBC
L2: MACA  MACBC
DHCP relay in
Edge Router
Selflearning
MACA port x
Option 82***
*** if enabled – option 82 implemented irrespective of
DHCP configuration in Service Hub
LT
IB
Service
Hub/NT
IB

136. 136
TOC
DHCP Relay disabled
E-MAN
Network
Selflearning
MACA port x
Option 82 ***
DHCP Discover : BROADCAST
IP=?
MacA
Selflearning
MACA port x
Flooding
Broadcast flag set by client
Self-learning
MACER  port y
Flooding
L3: null  IPBC
L2: MACA  MACBC
L3: IPS  IPBC
L2: MACER  MACBC
DHCP Offer : BROADCAST
Yi@= IPA and Si@=IPS
Broadcast blocked when
BC for VLAN is disabled
1
2
DHCP relay in
Edge Router
No Flooding
if option 82
enabled
LT
IB
Service
Hub/NT
IB
*** if enabled – option 82 implemented irrespective
of DHCP configuration in Service Hub

137. 137
TOC
Extract option 82
Change IP@DA &
MAC@DA i.f.o BC flag
Forwarded to correct
port
DHCP relay enabled
E-MAN
Network
Edge
Router
IP
Network
DHCP
Server
Add option 82
Self-learning
MACA port x L3: null  IPBC
L2: MACA  MACBC
IP=?
MacA
IPS
MacS
Relay message
Self-learning
MACA port x
DHCP RELAY
IPR , IPS and Next
hop IPER configured
IPER
MacER
DHCP Discover :
Broadcast – Gi@= Nul
DHCP Discover :
UNICAST – Gi@=IPR
L3: IPRELAY  IPS
L2: MACRELAY  MACER
L3: IPRELAY  IPS
L2: MACER  MACS
DHCP offer:
UNICAST – Gi@=IPR
Yi@= IPA / Si@=IPS
L3: IPS  IPRELAY
L2: MACS MACER L3: IPS  IPRELAY
L2: MACER MACRELAY
Relay message
Forwarded to
correct port
DHCP offer : UNICAST or Broadcast (flag set)
In case of BC , Terminal recognises his answer
via the Transaction ID - Gi@= Null
L3: IPRELAY  IPBC or IPA
L2: MACRELAY  MACBC or
MACA
DHCP offer : ALWAYS UNICAST
irrespective of BC flag Gi@= Null
L3: IPRELAY  IPA
L2: MACRELAY  MACA
LT
IB
Service
Hub/NT
IB

138. Subscription management
PPPoE Relay

139. 139
TOC
Setting up a PPPoE session
 Discovery stage
 the PPPoE client (host) discovers the
PPPoE-server (access server)
 the PPPoE session is uniquely defined once the
Ethernet MAC address and the PPPoE session-id
are known by both peers
 Session stage
 defining the peer to peer relationship
 build the point-to-point connection over Ethernet.
PC
PPPoE client
PC
PC
DSLAM
ADSL Modem with Ethernet/
ATMF Interfaces
“bridge configuration”
BRAS
PPPoE Server

140. 140
TOC
Scenario – Single server environment
PPPoE Client
PC
PC
PC
PADR
PADS
PADO
PADI PPPoE Active Discovery Initiation packet
PPPoE Active Discovery Offer packet
PPPoE Active Discovery Request packet
PPPoE Active Discovery Session-confirmation packet
PPPoE Server
“bridge configuration”

broadcast

Unicast
Unicast

Unicast – unique session ID


141. 141
TOC
PPPoE in the 7302 ISAM with CC-mode
 PPPoE relay is disabled for VLAN in cross-connect mode
 PPPoE packets transparently forwarded
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
PPPoE relay in
Edge Router
LT
CC
Service
Hub/NT
CC
Transparent bitpipe
ETH
PPP
PPPoE
ETH
Lower
layers
IP
ETH
PPPoE
ETH
Lower
layers

142. 142
TOC
PPPoE relay in the 7302 ISAM with IB-mode
 Make subscriber management easier at the PPP server
 Relay functionality implemented on the LT boards
 addition of unique line Id to the PPPoE discovery messages
 MAC SA and DA remain unchanged
 The Service Hub/NT remains a pure layer 2 switch.
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
PPPoE
ETH
Lower
layers
Layer 2
forwarding
PPPoE relay
ETH
ETH
Lower
layers
ETH
Lower
layers
IP
Network
PPPoE
PPPoE
server
ISP/Internet
PPP
PPPoE
ETH
Lower
layers
IP
PPP
PPPoE
ETH
Lower
layers
IP
IP
Lower
layers
IP
Lower
layers
TCP
HTTP
TCP
HTTP
LT
IB
Service
Hub/NT
IB

143. 143
TOC
PPPoE Relay in 7302 ISAM with IB-mode
E-MAN
Network
Layer 2
forwarding
PPPoE relay
Add relay ID
IP
Network
PPPoE
server
ISP/Internet
PADI : Broadcast
L2: MACA  MACBC
PADO : unicast
L2: MACS  MACA
L2: MACA  MACS
PADS : unicast with
session ID
L2: MACS  MACA
PADR : unicast
IP=?
MacA
IPS
MacS
PADI : Broadcast with agent circuit ID and agent remote ID
L2: MACA  MACBC
PADO : Unicast
L2: MACS  MACA
L2: MACA  MACS
PADS : Unicast with session ID
L2: MACS  MACA
PADR : Unicast with agent circuit ID and agent remote ID
Add relay id
PPP session - LCP – PAP/CHAP-IPCP
IP=IPA
PPPoE
control
frames
PPPoE
data
frames
LT
IB
Service
Hub/NT
IB

144. Subscription management
PPPoE Termination

145. 145
TOC
PPP/PPPoE termination in the ISAM 7302
 PPP/PPPoE termination is implemented on the LT boards
 Handles all PPPoE, LCP,PAP/CHAP and IPCP control messages
 Interaction with NT board
Internal communication
 Data packets received over PPP/PPPoE session are pure
IP packets
 IP forwarding needed on the LT
 The Service hub/NT remains a pure layer 2 switch

146. 146
TOC
PPP/PPPoE termination
E-MAN
Network
Edge
Router
IP
Network
RADIUS
Server
RADIUS Client
Local IP-address Management
Local Authentication pool
(not supported yet )
IC-VLAN
CTR
ETH
Lower
layers
ETH
Lower
layers
ETH
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
IP
PPP
PPPoE
ETH
Lower
layers
IP
IP
Lower
layers
IP
Lower
layers
TCP
HTTP
TCP
HTTP
PPPoE
ETH
Lower
layers
PPP
IP
ETH
Lower
layers
IP
ISP/Internet
Aggr LT
IB
FW
PPP/PPPoE
Server

147. 147
TOC
PPP/PPPoE termination- with PAP
E-MAN
Network
Edge
Router
RADIUS
Server
CTR
RADIUS
client
PPPoE Discovery phase:
LCP phase
PAP authentication request
P
P
P
o
E
S
e
s
s
i
o
n
-
I
D
Internal comm
Access Request
Access Accept
Internal comm
PAP authentication request
Authentication
Phase
PPP IPCP phase
Enable IP forwarding in
the data - plane IP=IPA
IP=?
MacA
LT
PPP/PPPoE
Server
Aggr
FW
IB

148. 148
TOC
PPP/PPPoE termination – with CHAP
E-MAN
Network
Edge
Router
RADIUS
Server
CTR
RADIUS
client
PPPoE Discovery phase:
LCP phase
CHAP Response
P
P
P
o
E
S
e
s
s
i
o
n
-
I
D
Internal comm
Access Request
Access Accept
Internal comm
CHAP Succes
Authentication
Phase
PPP IPCP phase
Enable IP forwarding in
the data - plane IP=IPA
IP=?
MacA
CHAP Challenge
IB
LT
PPP/PPPoE
Server
FW
Aggr

149. Subscription management
802.1x – EAPoL

150. 150
TOC
What is EAP?
 Extensible Authentication Protocol
 Flexible protocol that carries authentication information.
 Multiple authentication methods (smart cards, Kerberous, public
key, one-time password, etc):
 Three forms of EAP are specified in the standard
EAP-MD5 – MD5 Hashed Username/Password
EAP-OTP – One-Time Passwords
EAP-TLS – Strong PKI Authenticated Transport Layer Security (SSL)
 Typically rides on top of another protocol to carry the
authentication information between the client and the
authenticating authority

151. 151
TOC
802.1x Header EAP Payload
 Standard link layer protocol used for transporting higher-level
authentication protocols
 Client-server based access control and authentication protocol
that restricts unauthorized devices from connecting to a LAN
through publicly accessible ports
 Standard for passing EAP over a wired or wireless LAN.
 Port Based Network Access Control
 Transport authentication information in the form of Extensible
Authentication Protocol (EAP) payloads
 EAPoL – EAP over LAN
What is IEEE 802.1X?

152. 152
TOC
What does 802.1X do?
 Works between the supplicant and the authenticator.
 Maintains back-end communication to an authentication (RADIUS)
server
 Authenticator
 becomes the middleman for relaying EAP received in 802.1x packets to an
authentication server by using RADIUS to carry the EAP information
 Authenticator PAE enables the controlled port based upon the result of the
authentication exchanges.
Authenticator PAE
Ethernet Switch, Router…
Supplicant PAE (Port Access Entity)
= client to be authenticated
Ethernet, Token Ring, Wireless etc
Authentication Server
Any EAP Server
Typically RADIUS
EAPOL
(Ethernet, Token Ring, 802.11)
Encapsulated EAP messages,
typically on Radius

153. 153
TOC
802.1x - Port Based Network Access Control
 Controlled Port
 accepts packets from authenticated devices
 Uncontrolled Port
 accepts 802.1X packets and Extensible Authentication Protocol over LAN
(EAPOL) packets only.
After successful authentication
Before authentication

154. 154
TOC
802.1x in the 7302 ISAM
 802.1x protocol is only applicable for the Intelligent bridging
mode
 VLAN tagged frames are not supported for 802.1x in IB mode
 LT
 Handles the 802.1 messages and communicates with the NT to
perform the authentication
Done via the internal communication VLAN
Enforcement of the authentication state of the port
 NT
 RADIUS Client
Performs authentication/authorisation/accounting for IPoE(802.1x) and
PPPoE sessions
 Local authentication is not supported
 Applicable from ISAM R2.0

155. 155
TOC
802.1x in the 7302 ISAM
 Only port based authentication/accounting
 Not MAC-based.
 Multiple users per port
 authentication
Only the first user on a port needs to authenticate
New authentication needed when authenticated user logs off
 Accounting – only via RADIUS server
Linked to the session of the first authenticated user.
 Enable/disable 802.1x per port
 support of EAPoL-start/Initiation in case 802.1x is enabled.

156. 156
TOC
802.1x in 7302 ISAM
LT
Service Hub
Supplicant PAE
Authenticator PAE
RADIUS Client
IC-VLAN
NT
 Layer 2 authentication
 2 modes supported
 EAP over RADIUS
 EAP-MD5-Challenge user authentication
E-MAN
Network
Service Hub
Edge
Router
IP
Network
RADIUS
Server
ISP/Internet
Authentication
Server
RADIUS

157. 157
TOC
EAP over RADIUS
 System relays the EAP messages to the RADIUS Server.
 EAP protocol is terminated at the remote RADIUS server
E-MAN
Network
LT
Service Hub
EAP EAP
UDP
IP
ETH
Lower
layers
RADIUS
ETH
Lower
layers
ETH
Lower
layers
Radius
Server
EAPOL EAPOL
ETH
Lower
layers
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
RADIUS
EAP
EAP
IC-VLAN
NT

158. 158
TOC
EAP over RADIUS
E-MAN
Network
Edge
Router
RADIUS
Server
NT
Service Hub
RADIUS
client
Layer 2
Forwarding
LT
Authenticator
EAPOL-Start
Internal comm
Access Request
(EAP-Response/Identity)
Access Challenge
(EAP-Request/MD5 Challenge)
Authentication
Phase
Controlled
port –
authenticated
IP=?
MacA
EAP-Request/Identity
EAP-Response/Identity
EAP-Request / MD5 Challenge
EAP-Response / MD5 Challenge
Access Challenge
(EAP-Response /MD5 Challenge)
EAP-Success
Access Accept
(EAP-Success)
IPoE traffic – f.e. DHCP

159. 159
TOC
EAP-MD5-Challenge user authentication
 No EAP over RADIUS supported between Radius Server and
authenticator
 NT terminates the EAP protocol and applies EAP-MD5
Challenge authentication to the user
 NT translates the challenge response into RADIUS CHAP
attribute and continues user authentication via RADIUS server
UDP
IP
ETH
Lower
layers
RADIUS
ETH
Lower
layers
ETH
Lower
layers
EAP
EAPOL
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
RADIUS
EAPOL
ETH
Lower
layers
EAP
E-MAN
Network
LT
Service Hub
Radius
Server
NT

160. 160
TOC
EAP-MD5-Challenge user authentication
E-MAN
Network
Edge
Router
RADIUS
Server
NT
Service Hub
RADIUS
client
Layer 2
Forwarding
LT
Authenticator
EAPOL-Start
Access Request
(CHAP-Response/CHAP challenge)
Controlled
port –
authenticated
IP=?
MacA
EAP-Request/Identity
EAP-Response/Identity
EAP-Request / MD5 Challenge
EAP-Response / MD5 Challenge
Access Accept EAP-Success
IPoE traffic – e.g. DHCP
Internal comm

161. IGMP and MC in 7302 ISAM

162. 162
TOC
Terminology
 Static MC stream
 MC stream sent/available on switch no matter if there is a subscriber or
not
 Dynamic MC stream
 MC stream sent to the switch only when there is a subscriber for it.
IP Backbone
Eth Switch
VLAN bridging
1
1
1
Ethernet Switch
Ethernet switch
Ethernet Switch IP edge
(BAS, IP router)
ISAM
1
1
1
1 N streams in one VLAN
IGMP for stream Nb s
ISAM
ISAM
IGMP snooping

163. 163
TOC
Terminology
 Configured MC stream
 configured by the operator
 Service Hub: Configured as static MAC entry with corresponding VLAN ID
Does not mean that stream needs to be statically delivered
 ASAM part: Configured in the Multicast Source Table
 Known MC stream
 Streams in the NW known by the operator
 Defined in the forwarding table
minimum in use for one user
At least one join request received for that stream
 Unknown MC stream
 Currently no user
 Not known in the forwarding table
No join request received for that stream

164. 164
TOC
Terminology
 Multicast Source table
 Provides traffic parameters and control parameters for the
configured multicast groups that are configured by the operator
 IGMP Channel membership expansion table
 Table kept internally – not configurable
 Mac address table per port per group to keep track of which user
has joined which group

165. 165
TOC
Three modes
 3 modes supported
 IGMP handling in cross-connect mode
 IGMP on top of PPPoE Relay
 IGMP on top of IP over Ethernet at ISAM

166. 166
TOC
IGMP & MC in cross-connect mode or on top of PPPoE Relay
 IGMP and MC are transparent
 No IGMP messages are seen in the 7302 ISAM
 No multicast streams are replicated in the 7302 ISAM
BW consuming
replication inside the router
Upstream multicast in CC VLAN is permitted
IGMP
IP
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
IGMP
IP
ETH
Lower
layers
E-MAN
Network
LT
Service
Hub/NT
Transparent bitpipe
R
(PPPoE) (PPPoE)
H

167. 167
TOC
LT
IB
Service
Hub/NT
IB
*** In case of static multicast group
IGMP and MC in IB mode
 Support of IGMP v1/v2
 IGMPv1 only at user side
 IGMPv3 friendly
 2 MC modes supported
 INTRA-VLAN multicast
 Cross-VLAN multicast
IGMP
IP
ETH
Lower
layers
IGMP
IP
ETH
Lower
layers
E-MAN
Network
R
H
IGMP
IP
ETH
Lower
layers
IGMP
IP
ETH
Lower
layers
IGMP
IP
ETH
Lower
layers
IGMP
IP
ETH
Lower
layers
R
H
Modified IGMP Snooping
Native Layer 2
multicasting
IGMP Proxy at LT
No duplication of streams
inside the DSLAM
R
***

168. 168
TOC
Multicast and IGMP in IB mode
 2 modes supported in the 7302 ISAM
 INTRA-VLAN multicast
Multicast service can only be provided within a P-VLAN
 Cross-VLAN multicast
The default VLAN ID of the user and the P-VLAN ID of the multicast
source need not be the same
Replication of the multicast stream is done cross IB VLAN
Can save BW
 Service Hub/NT always performs Intra-VLAN multicast
 LIM supports Cross-VLAN and Intra-VLAN multicast
 Cross-VLAN in case of configured MC groups
 Intra-VLAN for other MC groups

169. 169
TOC
RB with configured MC source – Cross-VLAN
E-MAN
Network
ISP1=
ISP2=
MC = 3
2
1
A
B
Join MC1
1
Configured
channel
3
3
IGMP
snooped
MC1
MC
Known
3
3
1
Lookup in
IGMP memb
table
Join MC1
Recorded in IGMP memb
table
2
2
LT
IB
Service
Hub/NT
IB
H R

170. 170
TOC
RB with unconfigured MC source – Intra-VLAN
E-MAN
Network
Service Hub
ISP1 & MC=
ISP2= 2
1
A
B
Join MC1
1
unconfigured
channel
IGMP
snooped
MC1
MC = known
1
MC known
Lookup in IGMP
member table
Join MC1
Recorded in IGMP memb
table
2
1
1
1
1
2
2
No response or edge should provide
MC1 with VLAN2
=> more BW consuming
LT
IB
Service
Hub/NT
IB
H R

171. 171
TOC
MC in the Service Hub
 Configured MC starts with zero replication
list
 Can be static or dynamic MC
 No Multicast stream coming from
ASAM or subtended ports
Blocked by LTs
 In case of first time request … also zero
 Service Hub will act as a querier for static
multicast groups
 Only GMQ, no GSQ
LT will only send leave when last user disconnected
 Unknown MC packets by default flooded to
ASAM ports, subtending ports
 Not to user port
 Normal bridging behaviour
No flooding to control port
 In first instance 256 simultaneous multicast
streams supported in the Service Hub
E-MAN
LT
LT
Service
Hub
Known MC
IP@/MAC@ VLAN
MC-A 1
MC-B 1
MC-A
 join
E-MAN
LT
LT
Service
Hub
UnKnown MC
IP@/MAC@ VLAN
MC-A 1
MC-B 1
MC-X?

172. 172
TOC
IGMP in the Service Hub
 IGMP enable/Disable in Service Hub
 Enabled : IGMP messages filtered to Service Hub-
OBC
 Disabled: IGMP and unknown MC streams are
flooded to all ports
 Service Hub performs Intra-VLAN IGMP &
Multicast
 Verification on IGMP message
 Valid multicast IP address ,Group address
conflict , Max number of Multicast groups
reached
 Modified IGMP snooping !
 No transparent forwarding of IGMP message
MAC SA replaced by MAC-address control link
IP SA replaced by IP-address control link
E-MAN
LT
LT
Service
Hub
UnKnown MC
Join/Leave
GMQ
GSQ
Only flooding to
member ports
of MC group
GMQ/GSQ
OBC
MAC-
address
IP-address

173. 173
TOC
Bridging mode and MC in LT
 Only dynamic multicast streams supported
 Multicast set up to the LT when at least one user connected
 All downstream unknown MC packets are discarded in IB VLAN
 Multicast stream from user (US) always blocked
 Irrelevant of IGMP configuration
LT
To
Service
Hub
Known MC group
LT-OBC
MC
MC
LT
To
Service
Hub
Unknown MC group
LT-OBC
MC
MC

174. 174
TOC
IGMP in LT
 Verification on IGMP message
 Valid IP-address, MAC-address conflict, user access, BW …
 IGMP Proxy
 MAC-address table per port per group kept inside LT
 IGMP for configured multicast group treated differently from unconfigured
multicast group
 Cross-VLAN multicast for configured multicast groups
 Intra-VLAN for unconfigured multicast groups
 Enable/Disable IGMP in LT
LT
To
Service
Hub
IGMP enabled
LT-OBC
JOIN/LEAVE
GMQ,GSQ
Known MC
LT
To
Service
Hub
IGMP disabled
LT-OBC
IGMP
IGMP
MC
Known MC
GMQ,GSQ
IGMP
JOIN if first user
LEAVE if last user

175. 7302 ISAM – Quality of Service (QoS)
Traffic Handling principles

176. 176
TOC
Traffic Handling Terminology - abstract
7302 ISAM
1
2
3
prioritization
p
p
p
marking mapping queueing scheduling
This slideset focuses on functionality of the “intelligent” LT cards;
behaviour of the “L2” LT cards (BCM based) is completely different
(e.g. queue mapping based on VLAN/MAC@, not p-bits, no IP CoS/filtering)
!

177. 177
TOC
 Define following classes of service:
 Voice: for real-time traffic (VoIP, video conferencing)
 Video: for high-priority traffic; can tolerate some delay (VoD, BTV)
 Data:
Controlled Load: receives “better than Best Effort” treatment;
business traffic is classified (at least) as CL
Best Effort (residential HSI)
Prioritizing traffic
1 Voice
2 Video (BTV,VoD)
3 CL (dad home-working)
4 BE (kid gaming)
prioritization
 sensitive to both packet loss and jitter
 sensitive to packet loss (even more), less to jitter
(STBs can handle ~ 100s ms delay variation)

178. 178
TOC
Marking traffic
 Per logical interface a default ingress p-bit marker is supported (802.1p based)
 Per PVC or 802.1x IPoE session; for bridged PPP sessions, VLAN and p-bit can
be set (tagged customer frames can use a P-bit re-marking table; such tables are
available as profiles, and can be instantiated per PVC)
 R2.0: terminated PPP sessions inherit p-bit setting upstream from the PVC – will be
further enhanced later (see roadmap)
prioritization
111
110
101
100
011
010
001
000
.1p
p-bit marking
!
Marking is NOT done on basis of ATM
QoS – instead, marking needs to be
based on PVCs or sessions
More powerful since can e.g. police separate
sessions within 1 single VC
(better fit for fewer VCs)

179. 179
TOC
Marking traffic (details)
 p-bit marking
 For L2 user ports (such as PVC and 802.1x authenticated IPoE session):
Untagged: no p-bits marked by end-user
• Apply per VLAN defaults (works fine as long as VLAN corresponds to a service) or
per L2 user port defaults; i.e. per PVC or per IPoE session
Tagged: p-bits marked by end-user
• Untrusted VC: apply p-bit remarking using per PVC mapping tables (user-side p-
bits to network-side p-bits)
• Trusted VC: accept available p-bit markings
 Via protocol-based VLANs, bridged PPP sessions can be marked (1 value per VC)
 Terminated PPP sessions inherit p-bit from PVC (will be enhanced in future – see
roadmap)
 For L3 user ports (IP interfaces associated to IPoE, IPoA, PPPoE, PPPoA traffic), accept
or (re)mark DSCP, then map DSCP onto p-bits
No DSCP marked (i.e. “000000”) by end-user
• Apply default DSCP per VC or per L3 user port
DSCP marked by end-user
• Untrusted L3 user ports: apply DSCP (re)marking
• Trusted L3 user ports: accept incoming DSCP
R2.0
R2.1

180. 180
TOC
Policing traffic
prioritization
111
110
101
100
011
010
001
000
.1p
p-bit marking
P
P
P
P
 Policing = rate limiting per logical flow:
 Provisioned: per PVC, per PVC.VLAN combination, per 802.1x
authenticated session (forced authentication)
 Dynamic: per terminated PPP session (local authentication or via RADIUS),
per 802.1x authenticated session (via RADIUS)

181. 181
TOC
 Default p-bit to CoS (QoS class) mapping – see below
 but: this is configurable – can even be mapped differently in upstream and
downstream if required (not standard)
 Principle of 4 queues in “hot” points of ISAM (i.e. egress ports on NT
interfaces, downstream per DSL line) – see further for more details
Mapping and queuing traffic
Voice
Video
CL
BE
prioritization
111
110
101
100
011
010
001
000
.1p
p-bit marking
ISAM queues
mapping to queues
P
P
P
P

182. 182
TOC
 Priority scheduling
 Voice: traffic gets scheduled first (Strict Priority)
 Video: traffic is scheduled next (Strict Priority)
 CL and BE packets compete for BW in a fair manner (Weighted Fair Queuing
or Weighted Round Robin, depending on interface: see further); CL higher
weights than BE
> Scheduling is work-conserving, i.e. lower QoS classes can occupy BW
that is not actually consumed by higher QoS classes
Scheduling traffic
SP
WRR
WFQ
Voice
Video
CL
BE
prioritization
111
110
101
100
011
010
001
000
.1p
ISAM queues
mapping to queues
priority scheduling
P
P
P
P
p-bit marking
GigE/FE

183. 183
TOC
 Link shaping can be set on each output interface on the aggregation function
(NT)
 Useful for network planning or to protect subtended system that may not be
able to process at GigE/FE line rate
 Aggregate can be shaped from 64 kbps – 1 Gbps.
Granularity is 1 Mbps (R2.0), future 64 kbps (R2.1)
Shaping traffic
SP
WRR
WFQ
GigE/FE
Voice
Video
CL
BE
prioritization
111
110
101
100
011
010
001
000
.1p
ISAM queues
mapping to queues
priority scheduling
P
P
P
P
p-bit marking
S

184. 7302 ISAM – Quality of Service (QoS)
QoS Architecture

185. 185
TOC
ISAM Architecture – schematic overview
LT 16
NT
1
48
GigE
direct Ethernet i/f
LT 1
…
GigE
FE
aggregation i/f
FE
GigE
…
NT I/O (optional)
GigE
FE
Additional GigE/FE
interfaces (4)
7
16 48 multiDSL lines
per LT card
24 Gbps
Ethernet
aggregation
Control
function

186. 186
TOC
direct Ethernet i/f
Architecture – where is traffic handling needed?
LT 16
NT
1
48
LT 1
…
…
~1G
~1G 48`M*
1G ~16G
12M
1G ~16G
Downstream QOS
mainly at the LT
* = 48 x 1M (ADSL2+)
Upstream QOS
mainly at the NT
GigE
FE
GigE
GigE
FE
aggregation i/f

187. 187
TOC
Traffic handling in the NT (upstream)
LT 16
NT
GigE
FE
xDSL
modem
ATM/Eth
IWF
xDSL
modem
…
Utopia
WRR
voice
video
CL
BE
SP
1
48
GigE
direct Ethernet i/f
LT 1
…
GigE
FE
WRR
voice
video
CL
BE
SP
subtending i/f
FE/GigE
FE/GigE
cell domain (ATM)
Frame domain (Ethernet)
egress
shaping
egress
shaping
(flexible)
p-bit mapping
into queues
Upstream
queuing
scheduling
P
Ingress
link policing
p-bit marking

188. 188
TOC
LT ATM
segmentation
GigE
cell domain (ATM)
Frame domain (Ethernet)
rate limitation
to xDSL rate xDSL
policing
WFQ
voice
video
CL
BE
SP
BAC
BAC
BAC
BAC
VC2
VC1
VCn
1 frame add correct
VPI/VCI
…
…
Non-blocking
Traffic handling in the LT (downstream)
classification
queuing
scheduling
Logical
segregation
per xDSL line
Segmentation
buffer and
PVC forwarding
Future proof architecture
Consistent treatment of EFM traffic
(flexible)
p-bit mapping
into queues

189. 189
TOC
LT ATM
reassembly
GigE
cell domain (ATM)
Frame domain (Ethernet)
xDSL
policing
VC2
VC1
VCn
1 frame
Non-blocking
Traffic handling in the LT (upstream)
Output
queuing
(802.1p aggregates)
Reassembly
framer per VC
Future proof architecture
Consistent treatment of EFM traffic
1 frame
1 frame
WFQ
voice
video
CL
BE
SP