2. 2
TOC
Course objectives
At the end of the course, you will be able to …
explain why we need the ISAM
what is the ISAM? – what can the ISAM be used for?
describe the architecture of the ISAM
describe the functions and boards part of the ISAM
describe and compare the different forwarding models
supported by the ISAM and their network model
summarize and explain the features supported by the ISAM,
such as …
subscriber access scenarios: e.g. PPP(oE), DHCP, …
multicasting (MC) and IGMP
quality of service (QoS)
3. 3
TOC
Table of contents (1/2)
Doing business using ISAM
Why the ISAM? . . . . . . .
p.4
Architecture
What is the ISAM? . . . . . . p.16
General topology . . . . . . p.24
Hardware . . . . . . . p.31
Building blocks . . . . . . p.33
Equipment practice . . . . . . p.39
Features
Physical layer features . . . . . .
p.65
Forwarding models . . . . . . p.111
General
Layer 2 forwarding
• The Basics
• Intelligent Bridging
• Cross connect mode
6. 6
TOC
The need for … increased revenue
Attract more subscribers by offering more services
Increased business opportunities …
by offering services to both residential and business customers
Increased average revenue per user (ARPU) …
by offering existing customers access to value-added services
Increased total revenues …
by increasing penetration and attracting new customers
Retain and growth of existing customer base
Assuring end-to-end quality of service.
Providing new services
7. 7
TOC
The need for … service bundling
Payback
Differentiation
Ubiquitization
Consolidation
Drivers
NVoD VoD
PVR
Interactive
TV
Broadcast
Gaming
HSI
Business
BB entertainment
BB entertainment
- Increase addressable
market
New service components
New audiences
New appliances (TV,
consoles,…)
- Increase ARPUs
New services to HSI
audience
Revenue generation
Triple play: data, voice and video
data and voice related services
are retained
video
Broadcast TV
VOD
8. 8
TOC
The need for … higher market penetration
HSI
Business Access
Gaming
PC Video & Music
HSI Broadcast TV, HDTV
VoD, Voice, Visio P2P
Increased
ARPU
Key
services
DSL Dial-up
conversion
Non-internet
PC conversion
Non PC
conversion
2. Flexible
pricing &
bandwidth
management
3. New services
over PC
4. Beyond PC
• TV sets
• Videophones
Broadband
penetration
(% households)
30-60% have a PC
20-40%
are on the web
5-15% have already
broadband
100%
~100% have a
TV set and
a fixed phone!
50%
25%
75%
15-30% have broadband
potential
1. Aggressive
marketing
Broadband
ubiquity
9. 9
TOC
10 Mbps (ADSL2+) per user covers MoD needs today
MPEG-4 to boost MoD offering with existing infrastructure
(*) For typical noise conditions
ADSL2+ covers MoD applications
needs (Tier 1, 2 & 3)
10 Mbps = 2 Video streams, 1
HDTV
Tier Service Description Down-
stream BW
Advised
Technology
Typical
Reach (*)
Tier 1 512 Kbps ADSL,
READSL2
6 Km
Tier 2 3-6 Mbps ADSL 3 Km
Tier 3 10 Mbps ADSL2+
MPEG-2
2 Km
Tier 4 10 Mbps ADSL2+
MPEG-4
2 km
Increasing
ARPU
Loop
Length
The need for … new access technologies
increasing penetration and attracting new customers
MPEG-4 Next-gen multimedia (Tier 4)
up to 5 channels with ADSL2+ !
+++
10. 10
TOC
Impact of the need for speed on access
Multi-service from a single access platform is key.
Increased need for bandwidth results in …
new BB access technologies (Multi-DSL, VDSL, FTTU)
deployment of deep fiber & remote devices
upgraded capacity in the DSLAM
Access network architecture evolves to IP multi-edge & Ethernet:
initiated by DSLAMs providing both ATM/GE interfaces
DHCP is the end-game for VoIP and STBs, PPP remains for HSIA
this requires a service enabled edge, ensuring security & guaranteed QOS
Access platform becomes an intelligent multi-service hub …
which needs centralized subscriber & access management
which is IP empowered (e.g. native multicast, IGMP proxy)
which needs optical Ethernet termination
1
2
3
4
11. 11
TOC
Multi-service from a single access platform is key
Leased line QoS
Predictability, control
Strict Multicast QoS
Broadcast capacity
Strict QoS point to point
High capacity
Real Time, no delay
High availability
Best effort
Not impacting
One or
multiple
Aggregation
Network(s)
Business Access
Video on Demand
Personal Video Recorder
Voice & Video phony
High Speed Internet
Broadcast TV
DSLAM, Litespan, FTTU, Wimax support
1
12. 12
TOC
The increased need for bandwidth …
… from point of view of the DSLAM
Assumptions :
•~768 users per DSLAM
•100% BTV capacity
•10% VoD capacity
2. Flexible
pricing &
bandwidth
management
3. New
services
over PC
4. Beyond PC
TV sets
Videophones
100%
Broadband
penetration
(%households)
50%
25%
75%
1. Aggressive
marketing L1
L2
L3
L4
Capacity
/
User
512 k
(1:8)
512 k
(1:4)
2 M
4 M
15 M
Capacity
/
DSLAM
50 M
100 M
200 M
500M
1.5 G
Agg.
Edge
DSLAM
NT
LT
CPE
Capacity
/
NT-LT
12 M
12 M
48 M
96M
360M
16 M
16 M
64 M
128M
480M
24 M
24 M
96 M
192M
720M
24Lines
/Card
32Lines
/Card
48 Lines
/ Card
Capacity
/
NT-LT
Capacity
/
NT-LT
2
ADSL2+
Unit:bps.
13. 13
TOC
The increased need for bandwidth …
… from point of view of the subsrciber
Loop length & service constraints
drive fiber & remotes
Technology
Korea,Japan,PAC
China
RoAPAC, Taiwan
MEA,India
LAM
North America
5% 20% 37% 74%
13% 53% 77% 97%
Western Europe
Central & East
Europe
km from CO
Mbits
ADSL2+ brings 10 Mbps to 51% of the users
ADSL2+
VDSL ADSL RE-ADSL2
0,75 2 3 6
7% 14% 26% 62%
13% 54% 78% 98%
10% 40% 71% 95%
13% 51% 74% 96%
25 10 5 0,5
18% 56% 78% 97%
13% 52% 75% 97%
Alternative deployment strategies
Time
Service driven :
Highest
profitability
Infrastructure driven :
Highest
investment
Initial first investment
ADSL FTTArea
(CO with ADSL2+)
FTTCab
(VDSL)
Deep Fiber
FTTNode
(Remotes)
FTTU
FTTP
Challenges: Remotes, Fiber reach, powering,
rights-of-way, civil work, operations
2
14. 14
TOC
ENTERTAINMENT COMMUNICATION BUSINESS
VOD TV Broadcast
Music
download
E-mail, chat, and
instant message
Unified
messaging
IP based
Telephony
Video
Communication
The access network architecture …
… and the service and network requirements
Gaming
Beyond Internet Access…
Teleworking
IP-VPN
Voice over IP
Web hosting
Specific Network Requirements…
•More Bandwidth
•More Quality of Service
•Multicast (zapping)
•More Security
•Strict Quality of Service
• Upstr and Downstr
• Delay, packet loss
• Service Availability
•More Security
•Latency
•More Security
•Better Availability
•High Bandwidth
•Quality of Service
•CoS options
•Committed SLA
3
15. 15
TOC
Present
Mode of Operation
Internet
ATM
DSLAM
ATM
BRAS
CPE
Internet
Service
DSLAM
CPE ATM
BRAS
Internet
Service
DSLAM
CPE
ATM/Eth
BRAS
Service
DSLAM
BRAS
Packet
Network
Service
Edge
IP multiservice
edge
+
Multiservice
Single edge
Multiple edge
Service
Edge
Multiservice
CPE
Best Effort
Internet
IP
DSLAM
Ethernet
BRAS
CPE
Internet
Multiservice
The access network architecture …
… or the evolution towards IP multi-edge & Ethernet
new services impose new network requirements
new evolution trends
3
16. 16
TOC
Using the access platform as a service hub …
… brings the service delivery point closer to the subscriber
3- Advanced
Multicast
BTV Server
ISP 1..n
4- Authentication
e.g. GE hubbing,
Central mgmt
e.g. broadcast streams are not
duplicated in the network
e.g. control/block L2 user to user
communication (e.g. VoIP)
e.g. advanced
authentication
& session
awareness
(e.g. DHCP relay
option 82)
2- Security
1- Service node
5- IP intelligence e.g. PPP, IP forwarding,
evolution towards IP routing
4
18. 18
TOC
> Service hubbing
• 48 Multi-ADSL (ADSL, ADSL2,
READSL,ADSL2+)
• Up to 7 FE/GigE for uplinks & subtending
• Trunking (802.3ad) support
• 4 levels of subtending
> Ethernet access for SMEs
• FE or GigE connectivity
• Optical and/or Electrical
• Long reach with 1000B-Zx (up to 80Km)
> XD benefits
• 768 subscribers per shelf, 3072 per 60x60
• Splitterless practice
• Full metallic test access
> An Alcatel product
• High reliability
• High quality supply chain: in time delivery,
first time right, spare parts locally available
• Local presence of expertise and support
• End-to-end QoS with 7450 ESS
Alcatel 7302 ISAM – Product highlights
> Non-blocking video delivery
• 1 Gigabit per LT
• IGMP proxy @ LT
• Layer 2 multicast inside
• Line rate packet forwarding
• 100% BTV, 100% VoD
> Wire Speed service delivery
• 16 LT slots @ 1Gbps wire speed
• 24 Gbps non blocking switch
• Distributed processing
• Layer 2 QoS (Strict priorities)
> Continuity with ASAM
• Same ASAM XD equip. practice
• Same AWS management
• Same DSL provisioning SW
• Same DSL chipset
> Service Intelligence
• Bridging & Cross-Connect
• PPP termination
• DHCP option 82
• Evolution to IP routing
19. 19
TOC
Alcatel 7302 ISAM – A multi-service DSLAM
Continuity in operations &
zero effort introduction
Wire-speed service delivery
Multi-service intelligent
(3play, business) access
Service node in central
office
Key evolution factors 7302 ISAM value proposition
> Same (XD) equipment practice & DSL software
> AWS management
> Proven quality & operational support
> 1 Gigabit per LT
> Non-blocking architecture (full service to all users)
> Multi-ADSL2+ support, Multiple GigE uplinks
> Advanced multicast for Video (IGMP proxy @ LT)
> Stringent QoS
> Security
> Ethernet access to SME end-users
> Service delivery from the central office
> Small and remote aggregation
> Same management across all Alcatel DSLAMs
20. 20
TOC
Introducing a multi-service IP DSLAM
Serving new services deployment with technology evolution
Service
Technology
HSI
Triple
Play
Traditional
ATM DSLAM
Ethernet uplink
Traditional
“IP DSLAM”
Multi-Service
“IP DSLAM"
Multi-Service
ATM DSLAM
Ethernet uplink
Bandwidth
QoS Intelligence
Scalability
Next-Gen
access node :
•More Capacity
•More Intelligence
•More QoS
•More Scalable
IP DSLAM
Market Hype :
•Intermediate
platform
•Not ready for
100% 3play roll-out
7302 ISAM
21. 21
TOC
Evolution of Alcatel’s DSLAM portfolio for the CO
Add Multi-
Service
7300 ASAM R4
ATM
aggregation
7301 ASAM R5 ATM
aggregation
Broadcast Video
Video on Demand
High Speed
Internet
Business access
Add Ethernet
Aggregation
.
.
.
High Speed
Internet
Ethernet
Aggregation
ATM
aggregation
7301 ASAM
One Management
Cost effective
bandwidth
For high Video
increase
7300 ASAM R4
Ethernet
Aggre-
gation
HSI & Ethernet only
FE
HSIA Towards a full IP
aggregation
network
Ethernet
Aggregation
7302 ISAM
Multi-Service
for Ethernet only
Multi-Service
for ATM and
Ethernet
Continuity in operation & zero effort introduction (practice, management, DSL Software, QOS)
22. 22
TOC
From the ASAM concept …
Internally the ASAM is ATM-based
Traditional
broadband
architecture
1st mile
xDSL
ATM over DSL
E1/3, STM-1/4
ATM
2nd mile
ASAM
ATM
swich
ATM
DSL with
Ethernet
backhaul
xDSL
ATM over DSL
FE, GbE
Ethernet
Ethernet
swich
ASAM
ATM
= SAR function
23. 23
TOC
… to the ISAM concept
Internally the ISAM is Ethernet based
DSL with
Ethernet
backhaul
xDSL
ATM over DSL
FE, GbE
Ethernet
Ethernet
swich
DSL with
Ethernet
backhaul
xDSL
ATM over DSL
FE, GbE
Ethernet
Ethernet
swich
ASAM
ISAM
ATM
Eth
DSL with
Ethernet
Backhaul
xDSL
Eth over DSL
FE, GbE
Ethernet
Ethernet
swich
ISAM
Eth
1st mile 2nd mile
= SAR function
“Direct
Ethernet”
Ethernet
25. 25
TOC
The ISAM in the access network
NSP IP backbone
NSP IP backbone
NSP IP backbone
EMAN
IP Edge
Router
Ethernet
Switch
ISAM
any
IP-DSLAM
ISAM
m*FE
k*FE/GE
ADSL
ADSL
ADSL
ISAM
ADSL
GE
GE
ISAM
ADSL
n*FE
p*FE/GE
l*FE/GE
cascading up to 4 levels
NSP IP backbone
FE/GE
FE/GE
FE/GE
26. 26
TOC
Cascading topology
Cascading topology
Link aggregation (n*FE/GE)
no strict limitation on the number of subtended ISAMs.
Other limitation … depending on forwarding models (MAC-address
tables, ARP tables)
7302 ISAM
7302 ISAM
7302 ISAM
7302 ISAM
xDSL xDSL xDSL xDSL
7302 ISAM
7302 ISAM
7302 ISAM
xDSL xDSL xDSL xDSL
Ethernet
DSLAM
N * FE/GigE N * FE/GigE N * FE/GigE N * FE/GigE
N * FE/GigE N * FE/GigE N * FE/GigE N * FE/GigE
EMAN node
EMAN node
27. 27
TOC
Star topology
Star topology
Limitation by number of physical interfaces
Link aggregation (n*FE/GE)
Limitations from forwarding models used
7302 ISAM
xDSL
7302 ISAM
7302 ISAM
7302 ISAM
xDSL
Ethernet
DSLAM
EMAN node
N * FE/GigE
28. 28
TOC
Ring topology
N * FE/GigE
EMAN node
7302 ISAM
xDSL
7302 ISAM
xDSL
7302 ISAM
xDSL
7302 ISAM
xDSL
N * FE/GigE
N * FE/GigE
N * FE/GigE
N * FE/GigE
Ring topology
Limitation by number of hops of STP
Link aggregation (n*FE/GE)
Limitations from forwarding models used
30. 30
TOC
Terminology – Ports
7302 ISAM
LT
Logical user port
ASAM port
Eth
Network port
GE/FE
Cascading port
NT
Aggr
Function
Contr
function
User port
Control port
32. 32
TOC
The ISAM building blocks
Aggregation function
GE1-16
External
ethernet
links GE/FE
1 -> 7
ASAM links
control
management
functions
Control link
FE
LT board
CPE
IWF
OBC
AGGR-
OBC
1 PVC = logical user port
IWF
…
…
16
1
xDSL
34. 34
TOC
General architecture
Based on 7300/7301 XD
equipment practice
16 LT boards
48 lines/LT
IWF on each LT
Aggregation (service hub) and
control- & management
function integrated on NT
1GE link between NT and LT
via backpanel
SMAS card
System MAC address storage
ASAM-shelf
External
Ethernet
links
ASAM link
Control link
LT 1
IWF
PVC/logical
user port
LT 16
IWF
NT
Aggregation function
Control/Mgt function
FE
GE1 ..16
GE/FE
1 - 7
SMAS
ACU
48 lines
35. 35
TOC
LT – Line termination
provide connection to DSL
users
contains the interworking
function = IWF
i.e. the LT is on the data
forwarding path
the applique boards are …
in a separate shelf,
maybe even in a separate rack
LT
.
.
.
…
…
P
S
P
S
PSTN
7302
ISAM
LT BOARDS
APPLIQUE
BOARDS
NT I/O LT
NT
ACU
3 x FE/GE
elec. or
GE optical
SMAS
4 x FE/GE
36. 36
TOC
NT – Network Termination
runs control plane software and
management software
management and control interfaces,
SW management,
fault management,
configuration management
DB management
service hub
electrical or optical Ethernet
interfaces
master clock distribution
LT
.
.
.
…
…
P
S
P
S
PSTN
7302
ISAM
NT I/O LT
NT
ACU
3 x FE/GE
elec or
GEoptical
SMAS
4 x FE/GE
37. 37
TOC
NT I/O – NT Input Output
provide additional external
interfaces to the 7302 ISAM shelf.
interfaces with the NT via the
backpanel
ethernet interface for
management
interface for test access
one NT-I/O per ISAM system
LT
.
.
.
…
…
P
S
P
S
PSTN
7302
ISAM
NT I/O LT
NT
ACU
4 x FE/GE
elec or
GEoptical
SMAS
38. 38
TOC
ACU – Alarm Control Unit
Collection of equipment alarms
(fans, fuses, …)
Customer external alarms
Drive alarm lamps in TRU
Connection to craft terminal
One ACU/ISAM system
Not to be used for out-band
management
Craft Terminal
LT
.
.
.
…
…
P
S
P
S
PSTN
7302
ISAM
NT I/O
LT
NT
ACU
4 x FE/GE
elec or
GE optical
SMAS
40. 40
TOC
ISAM 7302 equipment practice
Single-shelf ASAM equipment
practice
XD-LT ETSI splitterless shelf
ALTS-T
Different rack configurations
Splitterless deployment
Max 2 shelves per rack
2 ISAM systems per rack
Deployment with splitters integrated
in rack
1 shelf per rack
1 ISAM system per rack
TRU
SUB 2
SUB 1
Splitterless deployment
41. 41
TOC
Rack configurations
Splitterless deployment
2 ISAM systems in 1 rack
TRU
Splitterless
shelf 1
Splitterless
shelf 2
dustfilter
TRU
Splitterless
shelf 1
dustfilter
Splitterless deployment
1 ISAM systems in 1 rack
Combo deployment
splitters integrated
in rack
TRU
Splitter
Shelf
Splitterless
Shelf
dustfilter
42. 42
TOC
Dust filter
ALTS-T – Front view
ACU
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
LT
NT
connector area
line board
area
fan area
ISAM NT I/O
NT
(future)
ADSL Lines
25-48
ACU
ADSL Lines
1-24
SMAS
Fan unit
PWR
LT
43. 43
TOC
ALTS-T – Side view
XD-LT splitterless equipment (ETSI market)
530 x 285 x 750**mm shelf with front access
**750 mm fan unit without dustfilter
**763 mm fan unit with dustfilter
fits a conventional 2200mm rack
– 60 x 30 cm² footprint
housing for 2 NTs, 1 ACU , 16 LTs
has no splitter area
external splitter possible (in rack or MDF)
two shelves per rack possible
768 lines per shelf
fan unit inserted in each shelf
8 Fans – one failure supported
one dust filter per rack
XDSL x 24
LT board
Back panel
LINE(1..24)
LINE(25..48)
FAN
dustfilter
XDSL x 24
44. 44
TOC
ALTS-T – Connector area
remote CT
TRU
connectors for ADSL lines
extension
A B
previous
subrack
* not supported
next subrack
* Not supported
PSTN
dial-in modem
PWR
AL - AR
BL - BR
RET
45. 45
TOC
ALTS-T – PLID switches
Splitter shelf (ASPS-A)
no PLID jumpers.
In case a splitter shelf is
equipped, the next
splitterless shelf (ALTS-
T) in the rack is
considered as “subrack
1”.
46. 46
TOC
ASPS-A – Front view
connector area
Splitter
board
area
ADSL Lines
1-24
TAUS
ADSL Lines
25-48
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
LP
connector area
ADSL
25-48
POTS
25-48
POTS
1-24
ADSL
1-24
P
W
R
A
L
M
TRU cable
47. 47
TOC
ASPS-A – Side view
XD splitter equipment
465x280x785mm shelf with front
access
fits a conventional 2200mm rack
60 x 30cm² footprint
housing for up to 16 splitter cards
each supporting 48 lines
can be mixed in the same rack with
XD-LT subrack
integrated splitter configuration
only one ISAM system in one rack
test/spare bus on backpanel
PSPC board
Back panel
LINE (25..48)
LINE (1..24)
LINE
25-48
POTS
25-48
POTS
1-24
LINE
1-24
48. 48
TOC
ASPS-C + PSPB-xx
The ASPS-C has no backplane
Splitter card has interfaces on frontplate for 2 x 24 ADSL, 2 x 24
POTS/ISDN and 2 x 24 subscriber lines
ASPS-A
ASPS-C
PSPB-xx
PSUB-xx
787,5mm
<600mm
540mm
49. 49
TOC
Other system components
Top Rack Unit
Up to 2 XD LT shelves
per rack
Fan Units
Splitter shelf can be integrated
in rack or separate (as shown)
ATRU-Q
AFAN-H
• power provisioning
• fuses for boards/fans
air flow
XD LT shelves
• with or without dust filter
50. 50
TOC
ATRU-Q – Top rack unit for ISAM
2 variants exists
top rack unit for splitterless rack
configuration
one or two LT subracks
Powering for service hub included
top rack unit for rack configuration
with splitter
one LT subrack + one SP subrack
Powering for service hub included
51. 51
TOC
ECNT – Network termination board (1/2)
service hub
24 Gbps line rate capacity
16 port reserved for line cards
1 port to the control & mgt function
7 ports remaining for Ethernet user links,
subtending links and network links
2 Variants
ECNT-A
2 variants
100 Mb to each LT
1 GE to each LT
contains FLASH, RAM and ROM memory
interfacing with management and control
interfaces via backpanel
traffic management on NT
layer 2 optimized
evolution to layer 3
ECNT-A
52. 52
TOC
ECNT – Network termination board (2/2)
3 Ethernet interfaces
RJ45 auto-sensing 10/100/1000Base-T
On board media conversion to GE optical
SFP optical modules required
3 status leds
extensive debug LEDs and LEDs per port
LEDs
Optical i/fs
Electrical
i/fs
53. 53
TOC
NT I/O – Network termination board
provides 4 additional (external) Ethernet interfaces
ECNC-A variant
RJ45 auto-sensing 10/100/1000Base-T (4)
on board media conversion to GE optical
ECNC-B variant
FE optical interfaces (4)
SFP optical modules required
RJ45 for out-band management (Ethernet)
RJ45 for test access (connection to TAU)
extensive debug LEDs and LEDs per port
one card per shelf (if needed)
54. 54
TOC
SFP pluggable optical modules for NT & NT-I/O
Optical modules available for GE
GE SX MM 850nm 550m (4dB)
GE LX SM 1310nm 10km (11dB)
GE EX SM 1310nm 40km
GE ZX SM 1550nm 80km (20dB)
List is not exhaustive – more available
Optical modules available for FE
FE MM 850nm 550m (4dB)
FE SM 1310nm 10km (11dB)
List is not exhaustive
All modules have LC connector
56. 56
TOC
EBLT - Line termination board
multi-ADSL line card
48 ports per card
ADSL/ADSL2/READSL2/ADSL2+ line
termination
POTS and ISDN line cards
GE interface towards switching matrix via
backpanel
ATM cell <-> Ethernet packet conversion
Inter Working Function (IWF)
EBLT-C/D – L2 & L3 <-> EBLT-A – L2 only
EBLT-A (POTS)
EBLT-C (POTS)
EBLT-D (ISDN)
EBLT-J (POTS) (R2.2)
57. 57
TOC
EBLT – Hardware functions
LT
ADSL
POTS
xDSL
modem
x/ATM/xDSL
High Pass
Filter
ADSL
POTS
ADSL
x/ATM
Ethernet
ATM/Eth
IWF
OBC
Backplane i/f
from connector
Backplane
i/f to NT
58. 58
TOC
New boards introduced from R2.1 onwards
New in R2.1:
PSPS-C: passive POTS splitter with MTA
New in R2.2
EBLT-J: multiDSL LT version J (POTS)
EVLT-A: VDSL (ANSI card for POTS)
EVLT-C: VDSL (ETSI card for POTS) – in rel. R2.2.01
EVLT-E: VDSL (in R2.2.01). Same as EVLT-A, but ready for
bonding
R2.3:
EVLT-C: VDSL (ETSI/POTS)
EVLT-D: VDSL (ETSI/IDSN)
…
59. 59
TOC
ACU – Alarm Control Unit
inserted in the leftmost slot of the splitterless shelf
(ALTS-T)
five LEDs to indicate different levels of fault conditions
ACO/lamp test push button switch
craft interface
9-position subminiature D connector
Ethernet connection
RJ-45 for out-band mgmt
cannot be used
one ACU/ISAM system
AACU-C
60. 60
TOC
SMAS – System MAC Address Storage
located on the XD splitterless shelf (ALTS-
T) next to slot 16
contains only a remote inventory
contains the MAC address of the shelf
NT public MAC address
without SMAS the ISAM doesn't come
online,
SMAS is delivered with XD splitterless shelf.
SMAS
61. 61
TOC
PSPS – POTS splitter board
48 lines per card
inserted in any of the 16 slots of
splitter shelf
separates the ADSL and POTS/ISDN
signals upstream & combines the
ADSL modem signals with
POTS/ISDN signals downstream
with or without relays
supports connection to external test
device for line measurement purposes
AA variant: outward line testing
AB variant: full test access
ready to support N+1 LT redundancy
compatible with ADSL2+ (2.2 MHz)
POTS and POTS+ISDN 2B1Q variant
ADSL
25-48
POTS/ISDN
25-48
POTS/ISDN
1-24
ADSL
1-24
XD-PSPC 48 lines
PSPS-A (POTS)
PSPS-B (POTS)
PSPS-C (POTS)
PSUS-A (POTS + ISDN)
65. 65
TOC
Cabling – Splitterless deployment
Data only solution
no POTS/ISDN needed
MDF
Competitive LEC
ISAM
ADSL
POTS
DATA
Eth
MDF <> BP Cable
180 degr
68. 68
TOC
802.3ad Link Aggregation Protocol
Multiple Links can be aggregated into a Link Aggregation Group
Data rate of aggregate is N times date rate of components links
Aggregate participates in forwarding decision process
Supported for network & subtending links
Max. 3 Link Aggregation Groups (LAG)
Max. 7 physical links in a LAG
Support for LACP
Hashing
Based on MAC SA and DA (R2.0)
Based on IP addresses (R2.1)
EMAN node
7302 iSAM
xDSL
xDSL
7302 iSAM
L.A.G. L.A.G.
69. 69
TOC
802.1w – Rapid Spanning Tree Protocol
Avoids loops in a bridged network by disabling certain links
provides path redundancy in bridged networks
rapid STP provides sub second reconvergence times
one spanning tree for all VLANs
can be configured in STP compatible mode
RSTP limits number of hops (typically 8)
xDSL
xDSL
X
X
X
71. 71
TOC
Forwarding engines
There is a forwarding engine on the LT
the forwarding engine is part of the IWF,
each LT-port has an IWF, 16 LTs per ISAM system
Another forwarding engine resides on the NT
the forwarding engine is part of the service hub
NT
Service
Hub
GE1-16
External
Ethernet
links
GE/FE
1 - 7
ASAM
link
PVC / Logical
user port
x/ATM/Phys. Layer
x/Eth x/Eth
x/Eth
CPE
Forwarding
Engine
LT 1
IWF FW
Engine
x/Eth x/Phys layer x/Eth
x/Eth
LT x
CPE
EFM / Logical
user port
FW
Engine
72. 72
TOC
Forwarding modes: General
Different forwarding modes for different forwarding decisions:
Network
side User
side
ANT
Eth-VLAN
L3+
L3
L2+
L2
7302 ISAM
PPPoA to PPPoE translation
IP aware Bridge
L2+
PPP termination
L3+
Routed
L3
VLAN Cross-Connect (CC)
Intelligent Bridge (IB)
L2
Forwarding mode
Decision
74. 74
TOC
L2 functionality – General overview (1/4)
The 7302 ISAM will
terminate…
– PVC for xDSL and ATM
– or Ethernet/Physical layer for EFM
have Ethernet on the network side
in case of tagged frames, the VLAN-id is ported transparently
layer 2 forwarding
Ethernet layer must be present at both sides.
encapsulation at CPE must include Ethernet
Network
side User
side
7302 ISAM
Eth-VLAN
L2
Eth - VLAN
Anything
Phys layer
ATM
Eth – (VLAN)
Anything
Phys layer
Eth – (VLAN)
Anything
coming from user side
75. 75
TOC
L2 functionality – General overview (2/4)
Two L2 forwarding modes supported in 7302 ISAM:
the cross-connect (CC) mode: one (or more) VLANs
Forwarding based upon
– User side: PVC for ATM or DSL port for EFM
– Network side: Single or stacked VLAN tag
the intelligent bridging (IB) mode: one (or more) VCs per VLAN
Forwarding based upon MAC addresses
Each IB-VLAN has 2 or more ports:
1 or more user logical ports, cascade ports or user Ethernet ports
1 or more network (trunk) ports
Each CC-VLAN has 2 or more ports:
Strictly 1 user logical port, cascade port or user Ethernet port
1 or more network (trunk) ports
76. 76
TOC
L2 functionality – General overview (3/4)
ASAM link
PVC / Logical
user port
LT 16
IWF
48
ADSL
lines
Standard VLAN enabled
bridge. Provide IB and
XC mode by standard
VLAN configuration
with extra features
Special E-Man/ATM
Layer 2 access
behavior of the IWF.
XC or IB mode.
LT 1
IWF
External
Eethernet
links
GE1-16
NT
Aggregation function
Service Hub
Control link
Control/Mgt function
FE
GE1 ..16
GE/FE
1 - 7
Management of data
plane LIMs,
no forwarding
77. 77
TOC
L2 functionality – General overview (4/4)
CPEs need to use Ethernet over ATM, encapsulated by AAL5
and RFC2684 “bridged”
POTS,ISDN
CPE
ISAM
LT
AAL5
ATM
xDSL?
LLC
SNAP
Anything
Ethernet
Layer 2
PHY
Ethernet
Layer 2
(+ MAC
Control)
E-MAN
Network
Anything
AAL5
ATM
PHY
LLC
SNAP
Ethernet
Layer 2
GE
Ethernet
Layer 2
(+ MAC
Control)
ETH-ATM
Interworking
Function
(IWF)
Eth
GE
Eth
FE/GE
Switch
GE
Eth
FE/GE
Eth
PHY
Switch
NT
79. 79
TOC
Standard bridging concept
MAC bridges can interconnect all kinds of LANs together
No guaranteed delivery of frames
A bridge remembers for each port which MAC addresses
reside on it.
Self-learning
If the destination MAC address is broadcast, multicast or
unknown, the frame is flooded:
“If you do not know, send it to everybody’
If the destination MAC address has been learned, the frame
is forwarded to the indicated interface
80. 80
TOC
DSLAM & Ethernet switches in bridged mode: Issues
Scalability:
Broadcast storms
Security
Broadcast frames (ARP, PPPoE-PADI…) are forwarded to all users
Customer segregation
customers are identified by MAC-address (not guaranteed unique)
Restrictions on services and revenues:
IP edge device has no info on the access line
So not possible to limit the # of (PPP) sessions per access line
User-to-user communication possible without passing the BRAS
Note: PPPoE forces traffic to go via BRAS.
81. 81
TOC
The intelligent bridging model (1/2)
Forwarding based on MAC addresses
Multiple users connected to 1 VLAN ID
Each IB-VLAN has 2 or more egress ports:
1 or more user logical ports, cascade ports or user Ethernet ports
1 or more network (trunk) ports
Internet
E-MAN
Network
ISP2
ISP1
Routing to the
correct ISP is
based on the
VLAN-id
Routing to the correct
ISP is done based on
user-id and password in
the BRAS
E-MAN
Network
IP
Internet
ISP
Corporate
BAS
Login to ISP
or corporate
Note: Tagged frames not
supported for IB!
82. 82
TOC
The intelligent bridging model (2/2)
Special layer 2 behavior needed in an access environment
IB with VLAN tagging
Intelligent Bridge (IB) means
distinction between network ports and user ports
Frames from a user always sent towards the network
No user to user communication
prevent broadcast traffic from escalating
avoid broadcast or flooding to all users
Protocol filters
secure MAC-address learning
avoid MAC-address duplication over multiple ports within a VLAN
protocol filtering
– may lead to a frame being forwarded, sent to a host processor,
discarded or forwarded & sent to a host processor
83. 83
TOC
Security/scalability issue with standard bridging
Broadcast frames (ARP, PPPoE-PADI…) forwarded to
all users & flooding to all ports.
MAC-address of a user is exposed to other users
Broadcast storms
Ethernet
BRAS PC
CPE
DSLAM
PC
CPE
DSLAM
PC
CPE
BR
BC or unknown MAC DA
BC or unknown MAC DA
84. 84
TOC
“Intelligent bridging” – broadcast msgs & flooding US
Upstream BC frames & flooding only forwarded only towards network
port(s) within a VLAN
1 VLAN per IP-edge
Reduction of flooding in the aggregation network.
No user-to-user communication is possible without traffic passing the BRAS
Ethernet
BRAS PC A
CPE
ISAM
PC
CPE
ISAM
PC B
CPE
BC or unknown Mac DA
BR
VLAN 1
VLAN 2
85. 85
TOC
“Intelligent bridging” – broadcast msgs & flooding DS
Blocking of broadcast & flooding in the downstream
Avoids that messages would be unintentionally distributed to all users
For some applications it is useful that flooding of BC is possible
Solution: Make BC flooding / BC discarding a configurable option per VLAN
ISAM
Ethernet
BRAS
PC
CPE
ISAM
PC
CPE
PC
CPE
BC or unknown
MAC DA
BR
86. 86
TOC
Intelligent bridging
IWF on the LTs
terminate PVC for ATM access or physical layer for EFM access
each IWF has separate filtering databases (fdb)
Service hub on NT
has its own filtering databases (fdb)
Filtering database on IWFs & service hub maintained per VLAN
MAC-address learning within VLAN
NT
Service
Hub
GE1-16
External
Ethernet
links
GE/FE
1 - 7
ASAM
link
PVC / Logical
user port
x/Eth/ATM/Phys. Layer
CPE
Forwarding
Engine
LT 1
IWF
FW
Engine
x/Eth x/Eth/Phys layer x/Eth
x/Eth
LT x
CPE
EFM / Logical
user port
FW
Engine
87. 87
TOC
lntelligent bridging
Bridge: learning, aging, forwarding
lookup MAC DA done based on VLAN and MAC-address
intelligent bridging enhancements implemented on IWFs and
service hub
Autonomous behaviour of IWF and SHUB
independent MAC-address learning
independent MAC-address aging
aging timers are configurable
88. 88
TOC
L2 communication in iBridge mode: Upstream
<-- <-- <-- BC User A - LT1
Network SHUB LT --> User B - LT1
--> User C - LT4
--> User D
--> S-ASAM
<-- <-- <-- Unknown MAC DA User A - LT1
Network SHUB LT --> User B - LT1
--> User C - LT4
--> User D
--> S-ASAM
<-- <-- <-- Known MAC DA User A - LT1
Network SHUB LT --> User B - LT4
--> User C - LT4
--> User D
--> S-ASAM
Only user to network allowed
89. 89
TOC
L2 communication in iBridge mode: Downstream
BC --> --> --> User A - LT1
Network SHUB --> LT -->if BC allowed User B - LT1
--> --> User C - LT4
--> User D
--> S-ASAM
Unknown MAC DA --> --> --> User A - LT1
Network SHUB --> LT --> User B - LT1
--> --> User C - LT4
--> User D
--> S-ASAM
Known MAC DA --> --> --> User A - LT1
Network SHUB --> LT --> User B - LT1
--> --> User C - LT4
--> User D
--> S-ASAM
Broadcast control configurable per VLAN in IB mode
90. 90
TOC
Self-learning in the IWF-LT
only in the upstream - when initiated from user logical port
No self-learning on Ethernet uplink for downstream frames
Self-learning can be disabled per user logical port.
In case of self-learning, limiting number of MAC addresses is possible.
LT
To Service
Hub
Learning of Source Mac@
within VLAN
NO selflearning
x
y
z
MacA
MacB
MacC
91. 91
TOC
Self learning in the Service Hub
Self-learning implemented for both upstream and downstream
Discard all user unicast frames with MAC DA known on an ASAM or
subtending port
No user to user communication
On user port: only cross-connect mode supported
Learning of Source
Mac@ within VLAN
E-MAN
LT
LT
Service
Hub
E-MAN
X’
Y’
Z’
MacA
MacB
MacC
U’
V’
B A
B C
LT
92. 92
TOC
Blocking of user to user communication on Service Hub/NT
Port mapping on the service hub/NT
An interface can only communicate
with its mapping ports
Prevent certain ports from sending
packets to other ports even if they are
on the same VLAN
Link configuration implements
configuration of the link
port-mapping relationship of the
interfaces of the service hub
Default configuration present on the
service hub
Discard user unicast frames with
MAC DA known on ASAM or
subtending port
ASAM links
7 Network
links
Control
link
1 15 16
Service
Hub
ASAM links
X Network
links
Control
link
1 15 16
Service
Hub
User links
Subtending
links
Default configuration
93. 93
TOC
Port mapping
Port mapping is used to …
block user to user communication
on the service hub
user links
subtending links
E-MAN
network
links
ASAM links
Control link
NT
LT
LT
94. 94
TOC
MACB
CPE
MACA
CPE
MACB
CPE
MACA
CPE
Unique VID per [IPedge -DSLAM]-pair in EMAN in case of IB
Advised to use unique VLAN between [IPedge-ISAM]-pair to
support IB feature
Avoid user to user communication
Avoid BC and flooding towards ISAMs
Problem:
If user A can obtain the MAC@ of
User C, since the Ethernet switch
learns all Mac @ , user to user
communication is possible
Solution:
Make sure that all IPedge-ISAM
pairs are unique
IP edge ISAM
VLAN1
B
R
ISAM
Ethernet
IP edge ISAM
B
R
ISAM
Ethernet
VLAN1
95. 95
TOC
Customer segregation issue resolved in IB
Protection against duplicate MAC-address learning
no unstable behavior
Traffic from duplicate MAC-address in separate DSLAM can be
distinguished as separate flows in the Ethernet switches of aggregation
Network when different VLAN id per DSLAM is used
port Mac@
x MacA
y MacA
MacA
MacA
ETH Port x
Port y
Packet with destination address MacA
Problem:
If 2 users with same MAC-
address, forwarding engine can’t
distinguish
Solution:
MAC@ conflict control
Secure MAC@ learning
?
96. 96
TOC
Secure MAC@ learning
Service Hub
MAC movement to highest priority
Within priority , always MAC
Movement
Within priority , MAC
movement only when feature is
enabled in the VLAN
(configurable)
LT-IWF
Blocking duplicate MAC-
address
Static MAC-addresses never
disappear from learning table
irrespective of possible priority.
user links
subtending links
E-MAN network links,
outband MGT link
ASAM links
NT
LT
LT
Control link
IWF
IWF
1
2
3
3
3
3
2
2
3
97. 97
TOC
Blocking of number of MAC-addresses per port in IB
Operator can configure max. number of MAC-addresses in the table.
Prevents attacks that would fill up the bridging tables
Service differentiation
set subscription rules on max number of devices connected simultaneously.
port Max
Mac@
x 2
MacA
ETH
Port x
Connected
via PPPoE
MacB
MacC
bridged
IP
Internet
ISP
BAS
port Mac@
x MacA
x MacB
PADI with source address=MacC
ISAM
98. 98
TOC
Intelligent-Bridge : IP network model
VRF
EMAN
Edge
Services Bridge
ISAM CPE
I-Bridge
IP subnet
IP address
PPP session
VLAN
7302 ISAM
IP
Eth
RFC2684-br
IPoE
RFC2684-br
IPoE
DSL
IP
Eth
ATM
LT
Service
Hub/NT
IB
IB
99. 99
TOC
PPPoE
DSL
PPP
IP
Eth
ATM
PPPoE
IP
Routin
g
I-Bridge : PPP network model, Residential users
EMAN
BRAS
To
the
Internet
ISAM CPE
I-Bridge
Bridge
PPP
Termin
ation
IP subnet
IP address
PPP session
VLAN 7302 ISAM
LT
Service
Hub/NT
IB
IB
PPP
IP
Eth
PPPoE
PPPoE
IP@gateway
100. 100
TOC
Intelligent Bridging, things to consider (1/3)
Security Services !
IP edge has no info on the line id
Solutions: PPP-connections (BRAS) or DHCP option 82…
User can access network with a different IP address than the
assigned IP address.
Pure layer 2 device
No support for duplicate MAC-addresses on the same ISAM
Within the same VLAN
101. 101
TOC
Intelligent Bridging, things to consider (2/3)
Advised to use unique VLAN per [IPedge -DSLAM]-pair in
EMAN
avoid user-to-user communication
Traffic management per DSLAM
Complex IP network configuration
When 1 VLAN shared by multiple DSLAMs
User to user traffic in EMAN
Easy IP network configuration
One single subnet for all DSLAMs
MAC-address spoofing
Standard MAC address learning at EMAN level
Traffic will be rerouted to any spoofed MAC address
102. 102
TOC
Intelligent Bridging, things to consider (3/3)
Scalability
Switches learn all MAC@ of all end-users
# MAC addresses per logical port can be restricted in ISAM (R2.0)
IP edge learns all MAC@-IP@ of all end-user in ARP table
ISAM-1
ISAM-2
CPE
Bridge
IP1
MAC1
IP2
MAC2
IP3
MAC3
IP101
MAC101
IP102
MAC102
IP103
MAC103
CPE
Bridge
CPE
Bridge
IP201
MAC201
IP202
MAC202
IP203
MAC203
BR
IP edge
ARP
IP1
IP2
IP3
IP101
…
HSIA
VoIP
BTV
VoD
MAC
MAC1
MAC2
MAC3
MAC101
…
IB
IB
Dedicated VLAN
per Service/DSLAM
VLAN 100
VLAN 200
VLAN 101
VLAN 201
VLAN 400
VLAN 300
VLAN 301
VLAN 401
VLAN 100
VLAN 200
VLAN 300
VLAN 400
e.g: 1 VLAN per [IPedge -DSLAM]-pair
104. 104
TOC
Cross connect mode
Conceptually very similar to classical ATM PVC cross-connect
One “customer”-VLAN (C-VLAN) contains strictly one user
User port or user logical port or user on subtended interface
Two variants: Residential & Business cross-connect
One “customer”-VLAN contains one or more network ports
One user can be cross-connected to multiple VLANs
in this case user frames need to be tagged
Transparent bit pipe
106. 106
TOC
VLAN Cross-connect mode
Transparent pipe for unicast, multicast and broadcast traffic
any protocol : IP, PPP, IPX, Appletalk,...
Each CC-VLAN has 2 or more ports:
Strictly 1 logical port or 1 cascade port or 1 user Ethernet port
1 or more network ports
IP
Internet
E-MAN
Network
CPE
CPE
CPE
CPE
CPE
ISAM
ISP2
ISP1
BAS
Note : Tagged frames supported for
cross-connect mode
VP/VC VLAN
2/100 1
2/101 2
107. 107
TOC
Cross connect mode
No Customer segregation
MAC-address not used in the forwarding decision, customer is
identified by access port (e.g. VP/VC for ATM), which is translated
into VLAN id.
No user to user communication
Security - IP edge device knows the line id (1 VLAN = 1VP/VC)
Limit number of PPP sessions per line (VP/VC),
Anti-IP-address spoofing
BC frames flooded per VLAN only:
No superfluous flooding in the aggregation network
Separation of broadcast traffic per user
Limiting number of MAC-addresses learned per user interface –
feature still useful
In that case self-learning needs to be enabled on the DSL port
108. 108
TOC
Service
Hub
ASAM -shelf
GE1-16
External
ethernet
links
GE/FE
1 - 7 ASAM
link
Cross connect mode in 7302 ISAM
Service Hub
Designed as standard bridge
Xconnect mode achieved by:
Configuration of only one user to
one VLAN and disabling protocol
filters
LT-IWF
Cross connect mode configurable
A 1-to-1 mapping between ATM PVC or
physical port (in case of EFM) and Eth
VLAN is made
Transparent forwarding of frames to the
Ethernet port
Downstream
No MAC addresses needed for forwarding.
Frames with unknown VLAN are discarded
VP/VC VLAN
1/100 1
1/200 2
Ph. Port
1/200
Ph
port
EFM
VLAN
x 1
IWF
FW
Engine
FW
Engine
1/100
109. 109
TOC
Cross-Connect : PPP network model, Residential users
IP
Routing
ISAM
EMAN CPE
BRAS
To
the
Internet
VLAN-CC
PPP
Termina
tion
IP subnet
IP address
PPP session
VLAN
PPP
IP
Eth
PPPoE PPPoE
DSL
PPP
IP
Eth
ATM
PPPoE PPPoE
LT
Service
Hub/NT
CC
CC
One VC per VLAN
CC-mode configuration achieved
by configuration:
strictly one internal NT-LT
link belongs to each VLAN
(avoid flooding to other LTs)
110. 110
TOC
Cross-Connect : IP network model, Residential users
IP subnet
IP address
PPP session
VLAN
ISAM
EMAN
Edge CPE
VLAN-CC
VRF
Services
IP
Eth
RFC2684-br
IPoE
RFC2684-br
IPoE
DSL
IP
Eth
ATM
LT
Service
Hub/NT
CC
CC
One VC per VLAN
CC-mode configuration achieved
by configuration:
strictly one internal NT-LT
link belongs to each VLAN
(avoid flooding to other LTs)
111. 111
TOC
CC-mode configuration achieved
by configuration:
strictly one internal NT-LT
link belongs to each VLAN
(avoid flooding to other LTs)
Cross-Connect : IP network model, Business users
VRF
ISAM
EMAN
Edge CPE
VRF
VRF
VRF
VRF
VLAN-CC
Customer
premises IP
subnet
Services
IP subnet
IP address
PPP session
VLAN
IP
Eth
RFC2684-br
IPoE
RFC2684-br
IPoE
DSL
IP
Eth
ATM
LT
Service
Hub/NT
CC
CC
One VC per VLAN
112. 112
TOC
Cross connect mode, thing to consider (1/2)
Scalability issue:
VLAN technology only 4k VLAN-ids
Switches learn all MAC@ of all end-users
IP edge learns all MAC@-IP@ of all end-user in ARP table
ISAM-1
ISAM-2
CPE
Bridge
IP1
MAC1
IP2
MAC2
IP3
MAC3
IP101
MAC101
IP102
MAC102
IP103
MAC103
CPE
Bridge
CPE
Bridge
IP201
MAC201
IP202
MAC202
IP203
MAC203
BR
IP edge
ARP
IP1
IP2
IP3
IP101
…
HSIA
VoIP
BTV
VoD
MAC
MAC1
MAC2
MAC3
MAC101
…
CC
CC
VLAN 100
VLAN 101
VLAN 103
VLAN 102
…
VLAN 100
VLAN 101
VLAN 103
VLAN 102
…
VLAN 1000
VLAN 1001
VLAN 1002
VLAN 1003
…
Strictly 1 user
in 1 VLAN
113. 113
TOC
Cross connect mode and VLAN stacking
One solution to resolve the VLAN scalability issue.
MAC@ and IP@ scalability issue is not resolved
Basic Principle: Hierarchical tagging of frames:
Customer VLAN : C-VLAN
Service provider VLAN : S-VLAN
2 principles
C-VLAN transparency
C-VLAN/S-VLAN cross connect
Single or dual VLAN, depending on application
e.g. S-VLAN/C-VLAN to identify end-user if BAS/IP edge does not
support line ID
115. 115
TOC
L2+ functionality - General overview
The 7302 ISAM will:
Terminate IP/ETH/ATM, IP/ATM, PPPoA or IP/Eth/Physical layer for EFM coming
from user side
Terminate IP/Ethernet, PPPoE on the ‘network’ side
Forwarding based on
IP
IP aware bridge/IP forwarder
PPPoE session-ID
PPPoA to PPPoE translation
Bridged like model
From network viewpoint, users on ISAM and IP-edge belong to same subnet
Network
side User
side
Eth-VLAN
7302 ISAM
Phys layer
ATM
Eth
IP
Phys layer
ATM
IP
Phys layer
ATM
PPP
Eth – (VLAN)
IP
Eth – (VLAN)
PPPoE
PPP
Phys layer
Eth
IP
L2+
117. 117
TOC
L2+ forwarding: IP aware bridge
Simple network model - Bridge like model
Network configuration so that edge router “thinks” that all users on
all ISAMs are directly connected
LT board doesn’t have an individual public IP-address
LT board can’t be addressed as a next-hop by the edge router
Therefore IP aware bridge/IP forwarding
Aggregation at DSLAM level within a lightweight VRF
Forwarding based on IP addresses
IP forwarder on LT, bridge on NT
LT card needs to support L3 forwarding/IP aware bridging
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
NT
FW
IB
VRF-Blue
VRF-RED
Edge
Router
118. 118
TOC
IP aware bridge : IP network model
Same network model as bridged
model for residential subscribers
No IP@ allocated to ISAM
Transparent for IP sub-netting
Forwarding decision on LT based on
IP address
Lightweight VRF
Unnumbered interfaces at ISAM
• Bridge like behavior
No routing protocols supported
VRF
EMAN
Edge
Services Bridge
ISAM CPE
IP subnet
IP address
PPP session
VLAN
7302 ISAM
IP
Eth
RFC2684-br
IPoE
LT
Service
Hub/NT
IB FW
Eth
RFC2684-br
IPoE
DSL
ATM
IP
RFC2684-rt
IPoA
DSL
ATM
IP
IP aware
Bridge
119. 119
TOC
IP aware bridge : Principle – forwarding
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
Lower
layers
Lower
layers
IP
ETH
Lower
layers
E-MAN
Network
Edge
Router
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
IP
Network
IP
IP
ISP/Internet NT
IB
IP IP
IP@ER
P-VLAN
ETH
Lower
layers
IP
IPoE/IPoA always untagged
IPoE (P-VLAN)
IPoE (P-VLAN)
L2 forwarding on NT
Forwarding decision
based on IP DA
Layer 2 forwarding
P-VLAN
VRF-Blue
LT
FW
120. 120
TOC
IP aware bridge : Principle – forwarding
2 separate Forwarding Information Base (FIB) on LT
Downstream / Upstream
Forwarding Information Base (FIB) population
Downstream: Subscriber IP@ self-learned through DHCP
snooping
Upstream: Static routes
E-MAN
Network
IP
Network
ISP/Internet NT
IB
ISAM upstream FIB
Same configuration
for all ISAMs
IP@ER VLAN X
0.0.0.0 / 0 IP@ER
ISAM downstream FIB
IP_Subs_i DSL I
Dynamically populated
(DHCP snooping)
IP@ER
P-VLAN = VLAN X
VRF-Blue
LT
FW
123. 123
TOC
Basic configuration set-up
Basic topology
Single service : e.g. HSI
Single IP edge
One single subscribers’ IP pool
One VLAN in the access
network, shared by all ISAMs
ISAM configuration
All ISAMs configured identically
One IP Aware Bridge per ISAM
One default route to the IP edge
Subscriber’s configuration self-
learned
CPE
Bridge
PE(Provider Edge)1 FIB
IP11 VLAN X
IPW Green Itf
Red SN1 IP11
Green SN2 IPW
NT
NT
LT
LT
E-MAN
Network
RG
RG
RG
RG
ISAM 1
ISAM 2
IP11
WWW
IPW
PE
One IP pool for the access
network (shared VLAN) : easy IP
subnet mgmt, efficient IP pool
usage
ISAM upstream FIB
IP11 VLAN X
0.0.0.0 / 0 IP11
ISAM downstream FIB
IP_Subs_i DSL I
Subscriber subnet
on VLAN X
124. 124
TOC
Packet forwarding : IPA IPx: different subnets (Upstream)
IP A (SN1) IP x (SN2)
ARP IP 11(GW SN1) from IPA(SN1)
ARP Reply :
IP 11(GW)/MAC@ LT2 to IPA/MAC@A
IPA (SN1) IPx(SN2)
MAC A MAC@LT2
IP A (SN1) IP x (SN2)
MAC@LT2 (ISAM1) MAC@ER
ARP IP 11(GW SN1) from
IPA (SN1)/MAC@LT2 (ISAM 1)
ARP Reply – IP 11(GW)/MAC@ER to IPA/MAC@LT2 (ISAM 1)
NT
LT
CPE
Bridge
E-MAN
Network
ISAM 1
MAC@A
IP@A
LT1
LT2
LT3
WWW IPW
PE
ISAM 2
One single IP pool,
Shared VLAN
ARP miss
MAC@ER
IP11
Discard if IP SA is NOT learnt on this
interface.
Learn SRC-IP/SRC-MAC relation.
LPM lookup in VRF Next-Hop IP@
ARP lookup or request P-VLAN+Next-Hop MAC@
125. 125
TOC
Packet forwarding : IPx IPA :different subnets (Downstream)
ARP Reply IPA /MAC@LT2 to IP11/MAC@ER
IP x (SN2) IP A (SN1)
MAC IP11 MAC@LT2
NT
LT
CPE
Bridge
E-MAN
Network
RG
ISAM 1
IP11 MAC@A
IP@A
LT1
LT2
LT3
WWW IPW
PE
ISAM 2
Lookup in downstream FIB of VRF associated with incoming
P-VLAN Result: PVC (ATM) or physical port (EFM)
ARP lookup or request (ARP request not BC to all users but
to specific interface) end-user MAC@
ARP IPA from
IP 11(GW SN1)/MAC@LT2
IP x (SN2) IP A (SN1)
IP x (SN2) IP A (SN1)
MAC@LT2 MAC@A
ARP Reply MAC@A to IP11/MAC@LT2
Reply ARP if IPA present in
ISAM 1 downstream FIB.
One single IP pool,
Shared VLAN
ARP miss
ARP IPA (SN1) from
IP 11(GW SN1)/MAC@ER
LPM lookup in VRF directly attached (users)
ARP lookup or request P-VLAN+MAC@LT
Discard ARP if IPA not learned in ISAM 2.
126. 126
TOC
IP aware Bridge : User to user communication IPA IPB both on SN1,
Bridged
E-MAN
Network
IP11
MAC@A
IP@A(SN1)
WWW IPW
PE
ISAM 2
ISAM 1
Bridged
One single IP pool,
Shared VLAN
LT
LT
ARP IPB(SN1)
from IPA(SN1)/MAC@A
IPA(SN1)IPB(SN1)
MACA MAC@LT2
IPA(SN1)IPB(SN1)
MAC@LT2 (ISAM1) MAC@ER
ARP IPB (SN1) from IP11(GW)/MAC@ER
ARP IPB from
IP 11(GW SN1)/MAC@LT5
IPA (SN1) IP B(SN1)
MAC@LT5 MAC@B
ARP Reply MAC@B to IP11/MAC@LTx5
ARP miss
IPA(SN1) IPB(SN1)
ARP Reply :
IP B /MAC@ LT2 to IPA/MAC@A
MAC@B
IP@B(SN1)
ARP IP 11(GW SN1) from IPA (SN1)/MAC@LT2 (ISAM 1)
ARP Reply : IP 11(GW)/MAC@ER to IPA/MAC@LT2 (ISAM 1)
ARP Reply :IP B /MAC@LT5 (ISAM2) to IP11/MAC@ER
IPA(SN1)IPB(SN1)
MAC@ER MAC@LT5 (ISAM2)
IPA and IPB in same
subnet.
ARP lookup results
in P-VLAN + MAC@
user or ARP
request initiated
towards network.
IPA and IPB in
same subnet
127. 127
TOC
Configuration Multiple IP pools
Subscribers’ IP pools
IP pools requested in function of
penetration
Scattered IP pools and therefore
different subnets
No IP address allocated to ISAM but
Proxy ARP at ISAM level
Impacts
“Secured ARP” handling at IP
edge must be disabled
No check if ARP IPSA within same
subnet as target IPDA
No security issue : only known IP
addresses are allowed to ARP
(anti IP@ -spoofing at ISAM)
CPE
Bridge
PE(Provider Edge)1 FIB
IP11 VLAN X
IP21 VLANX
IPW Green Itf
Red SN1 IP11
Blue SN IP21
Green SN2 IPW
NT
NT
LT
LT
E-MAN
Network
RG
RG
RG
RG
ISAM 1
ISAM 2
IP11
WWW
IPW
PE
ISAM upstream FIB
IP11 VLAN X
0.0.0.0 / 0 IP11
ISAM downstream FIB
IP_Subs_i DSL I
IP22
IP23
IP21
Subscriber IP pool 1
Subscriber IP pool 2
Disable
“Secured ARP”
128. 128
TOC
IP aware Bridge : User to user communication IPA(SN1) IPB (SN2)
Bridged
E-MAN
Network
IP11
MAC@A
IP@A(SN1)
WWW IPW
PE
ISAM 2
ISAM 1
Bridged
LT
LT2
ARP IP11(GW SN1)
from IPA(SN1)/MAC@A
IPA(SN1)IPB(SN2)
MAC@A MAC@LT2
IPA(SN1)IPB(SN2)
MAC@LT2 (ISAM1) MAC@ER
IPA (SN1) and IPB
(SN2) IP edge performs
routing
VRF lookup results in
Next-HOP IP@ and IPitf
ARP lookup results in
P-VLAN+ MAC@ user
or ARP request initiated
towards network ARP IPB (SN2) from IP21(GW SN2)/MAC@IP11
IPA (SN1) IP B(SN2)
MAC@LT5 MAC@B
ARP miss
IPA(SN1) IPB(SN2)
ARP Reply : IP 11 (GW SN1)/MAC@ LT2 to
IPA/MAC@A
MAC@B
IP@B(SN2)
ARP IP 11 (GW SN1) from IPA (SN1)/MAC@LT2 (ISAM 1)
ARP Reply :IP 11(GW SN1)/MAC@ER to IPA/MAC@LT2 (ISAM 1)
ARP Reply :IP B(SN2)/MAC@LT5 (ISAM2)
to IP21(GW SN2)/MAC@ER
IPA(SN1)IPB(SN2)
MAC@ER MAC@LT5 (ISAM2)
2 Different IP pools,
Shared VLAN
IP21
ARP for IPB
from IP 21(GW SN2)/MAC@LT5
ARP Reply MAC@B to IP21/MAC@LT5
129. 129
TOC
IP aware Bridge : User to user communication IPB(SN2) IPA (SN1)
Bridged
E-MAN
Network
IP11 MAC@A
IP@A(SN1)
WWW IPW
PE
ISAM 2
ISAM 1
Bridged
LT
LT
ARP IP21(GW SN2)
from IPB(SN2)/MAC@B
IPB(SN2)IPA(SN1
MAC@B MAC@LT5
IPB(SN2)IPA(SN1)
MAC@LT5 MAC@ER (ISAM2)
ARP miss
IPB(SN2) IPA(SN1)
ARP Reply : IP 21 (GW SN1)/MAC@LT5
to IPB/MAC@B
MAC@B
IP@B(SN2)
ARP IP 11(GW SN1) from
IPB (SN2)/MAC@LT5 (ISAM 2)
ARP Reply : IP 11(GW SN1)/MAC@ER
to IPB (SN2) /MAC@LT5 (ISAM 2)
ARP Reply :
IP A(SN1)/MAC@LT2 (ISAM1) to IP11(GW SN1)/MAC@ER
IPB(SN2)IPA(SN1)
MAC@ER MAC@LT2 (ISAM1)
2 Different IP pools,
Shared VLAN
IP21
IP 11 and IP B not
in same subnet
Secured ARP
must be disabled
ARP IPA (SN1) from IP11(GW SN1)/MAC@ER
As before
Lookup in upstream
FIB.
Default GW is IP11
130. 130
TOC
IP aware bridge, things to consider/ extra benefits
Scalability
VLAN shared by N ISAMs:
Higher pooling effect for IP addresses
Less VLANs needed
MAC@ concentration, switches learn MAC@ of LT cards
1:48 reduction factor
Easier for EMAN
ARP proxy to network: ARP issued by ISAM, not by all subscribers
IP edge still learns all IP@ of all end-users in ARP table
Gracious ARP mechanism = ARP proxy
ISAM-1
ISAM-2
CPE
Bridge
IP1
MAC1
IP2
MAC2
IP3
MAC3
IP101
MAC101
IP102
MAC102
IP103
MAC103
CPE
Bridge
CPE
Bridge
IP201
MAC201
IP202
MAC202
IP203
MAC203
BR
MAC
MAC-LT1
MAC-LT2
MAC-LT3
…
FW
FW
IP edge
ARP
IP1
IP2
IP3
IP101
…
HSIA
VoIP
BTV
VoD
VLAN 100
VLAN 200
VLAN 300
Common VLAN
per Service
VLAN 400
VLAN 100
VLAN 200
VLAN 300
VLAN 400
131. 131
TOC
IP aware bridge, things to consider/ extra benefits
Security
MAC@ translation
Subscriber’s MAC@ never seen by the network
full proof security
user to user communication fully blocked even for shared VLANs
ARP proxy to subscribers
No ARP broadcast to all subscribers
• Downstream FIB knows IP-subscr – Interface relationship
Anti-IP@-spoofing
ISAM respond to ARP request by its own MAC@ if target IP DA is not
associated with the originating DSL line and IP SA is learnt on the
interface.
Access Control List – ACL (from R2.3 on)
132. Forwarding modes in 7302 ISAM
Layer 2+ forwarding
PPPoA to PPPoE translation
133. 133
TOC
L2+ forwarding: PPPoA to PPPoE Relay
Bridged like model
All users in same subnet as BRAS
1 IP pool for all subscribers
Forwarding based on (PPPoE session ID, BRAS ID)
PPPoE client on the LT
Ethernet layer added by LT
Mac@ of LT is used
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
IB
translation
to PPPoE
by PPPoE
client
BRAS
134. 134
TOC
L2+ forwarding: PPPoA to PPPoE Relay
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
IB
translation
to PPPoE
by PPPoE
client
PADI + Line ID : Broadcast
PADO + Line ID : unicast
PADS + Line ID : unicast with session ID
PADR + Line ID : unicast
LCP Configure Request
PPPOA
PPPOE: Discovery
stage
LCP Configure Request
LCP Configure ACK
NCP
DATA (PPPoE session ID,BRAS ID)
BRAS
135. 135
TOC
IP
Routin
g
PPPoA to PPPoE relay Network model, Residential
users
EMAN
BRAS
To
the
Internet
ISAM CPE
PPPoA to PPPoE
Translation
Bridge
PPP
Termin
ation
IP subnet
IP address
PPP session
VLAN
PPP
IP
Eth
PPPoE PPPoA
DSL
IP
ATM
PPP
PPPoE
session layer
unchanged!
(transparent)
translation
to PPPoE
by PPPoE
client
IB
NT
LT
PPP
IP
Eth
PPPoE
No network model difference with Bridged model for residential subscribers
136. 136
TOC
PPPoA to PPPoE relay, things to consider
One VLAN can be shared by multiple DSLAMs
User-to-user fully blocked
No user MAC@ to network
Security
Scalability
Switches learn MAC@ of LT cards
Subscriber management fully centralized
IP address allocation, 1 pool for all subscribers
ISAM-1
ISAM-2
CPE
Bridge
IP1
MAC1
IP101
MAC101
CPE
Bridge
CPE
Bridge
IP201
MAC201
BR
MAC
MAC-LT1
MAC-LT2
MAC-LT3
…
BRAS
IP1
IP2
IP3
IP101
…
VLAN 100
Common VLAN
for PPP service
VLAN 100
translation
to PPPoE
by PPPoE
client
139. 139
TOC
L3 functionality - General overview
The 7302 ISAM will:
Terminate IP/ETH/ATM, IP/ATM, or IP/Eth/Physical layer for EFM coming from user side
Terminate IP/Ethernet on the ‘network’ side
Forwarding based on
IP
Full router on ISAM
ISAM is next hop
Directly connected subnets
Most feature rich but also most complex access network model
Automatic propagation or route configurations
Network
side User
side
Eth-VLAN
7302 ISAM
Phys layer
ATM
Eth
IP
Phys layer
ATM
IP
Eth – (VLAN)
IP
Phys layer
Eth
IP
L3
141. 141
TOC
IP router in the 7302 ISAM
Directly connected subnets (to users and ER) configured on
ISAM
ISAM is next-hop
Aggregation at DSLAM level within a full featured VRF
IP forwarder on LT , router on NT
Only one “full” router on ISAM
• planned for future: multiple “full” virtual routers,
but requires new NT
POTS,IS
DN
CPE
7302 ISAM
LT
E-MAN
Network
GE
Aggr.
FW
VRF-Green
VRF Blue
VRF-yellow
R
142. 142
TOC
DSL
ATM
IP
IP-routed : IP network model
IP subnet
IP address
PPP session
VLAN
ISAM
IP Router
CPE
RIP
VRF
EMAN
Edge
VRF
OSPF / RIP
OSPF / RIP
Bridge
Bridge
mapping in VRF
Eth
NT
LT
Eth
IPoE
IP
RFC2684-br
IPoE
DSL
ATM
IP
FW
R
LTs do not have own IP-address,
therefore IP forwarding
and not IP routing
RFC2684-rt
IPoA
ISAM is Next-Hop
Routes IP datagram:
MAC SA replaced by MAC SA of IP
router
MAC DA replaced by MAC-address of
next destination (IP host or IP router)
Aggregation at DSLAM level within a full
featured VRF
Routing functionality on NT
IP Forwarding on LT
RIP and OSPF to the network
(R2.1)
RIP to the users introduced in R2.2
143. 143
TOC
IP-routed : Principle – forwarding
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
Lower
layers
Lower
layers
IP
ETH
Lower
layers
E-MAN
Edge
Router
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
IP
Network
IP
IP
ISP/Internet
NT
IP IP
IP@ER
ETH
Lower
layers
IP
IPoA/IPoE always untagged
IPoE (V-VLAN)
IPoE (P-VLAN)
Forwarding decision
based on IP DA
Routed
P-VLAN
V-VLAN
IP IP
P-VLAN
R VRF-Blue
LT
FW
VRF-yellow
V-VLAN
144. 144
TOC
IP-routed: Principle – forwarding
Routing on NT
Single VR
One V-VLAN is required per VRF
in the system
at this stage only one
One single FIB
Normal routing
functionality
Forwarding on LT
Same principle as in IP aware
bridge mode
Differences
NT is next hop
Forwarding from LT to NT within
V-VLAN
E-MAN
Network
IP
Network
ISP/Internet
LT
NT
FW
ISAM upstream FIB LT
IP@ER 1 V-VLAN
IP@ER 1 V-VLAN
…
SN 1 IP@ER 1 (NT)
SN 2 IP@ER 2 (NT)
…
ISAM downstream FIB LT
IP_Subs_i DSL I
IP@ER
P-VLAN
R
P-VLAN
V-VLAN
ISAM FIB NT
IP 1 V-VLAN
IP 2 V-VLAN
IP 3 P-VLAN
IP 4 P2-VLAN
IP 5 P3 VLAN
…
SN 1 IP1
SN 2 IP 2
SN 3 IP3
SN 4 IP 4
0.0.0.0/0 IP 5
VRF-Blue
VRF-yellow
V-VLAN
145. 145
TOC
IP-routed: Principle – ARP on LT
Same functionality as in IP aware
bridge
ARP proxy towards subscribers and
network interface.
In the router mode, network
interface is the interface towards
NT.
Network interface is always
trusted
ARP initiated by LT to subscriber and
network interface
when IP packet destined for
user or next hop and MAC@ not
known
Next hop is NT
Reachable via V-VLAN
LT
IPoE/A Session
ARP
Proxy
IPoE/A
interface
DHCP
Relay
ARP
Proxy
VRF
FW
E-MAN
Network
Edge
Router
ARP Proxy
towards subscriber
FW LT
ARP Proxy towards network.
network interface is to NT
P-VLAN
P-VLAN
V-VLAN
NT
DHCP
Relay
ARP
VRF
Routing
Protocols
(OSPF, RIPv2)
R
146. 146
TOC
IP-routed: Principle – ARP on NT
ARP from NT to LT:
ARP is initiated by NT when a
received IP packet falls in one of
the subnets of the user-gateway
interface configured on V-VLAN
while no entry for the destination
user in the ARP table of LANX
User-gateway IP address is
used as source IP address of
the ARP requests
ARP from NT to Network
for directly attached hosts
ARP is initiated when an IP
packet destined for a directly
attached host while no entry for
the host in the ARP table:
LT
IPoE/A Session
ARP
Proxy
IPoE/A
interface
DHCP
Relay
ARP
Proxy
VRF
FW
E-MAN
Network
Edge
Router
FW LT
P-VLAN
P-VLAN
V-VLAN
NT
DHCP
Relay
ARP
VRF
Routing
Protocols
(OSPF, RIPv2)
ARP functionality
R
148. 148
TOC
Two main evolutions in subscriber management
IP Edge/PoP
BAS Session
Management
Aggregation
Network
Internet
Business xDSL
xDSL
xDSL
IP Edge
Routing
IP Core
ISP1
Residential
DSLAM
ISPn
Video
Corporate
BAS
Business
BAS
1
2
3
Network Management
Distribution of some BRAS
functions in the access
node to scale Multi-Service
Increasing role
of DHCP as the end-game
for subscriber
management
Increased role in the subscrIBer
management (DHCP relay, PPP
relay & termination …)
149. 149
TOC
DHCP vs. PPP
PPPoE access to centralised BRAS is the main HSI access scenario today.
Requirement: support PPPoE access scenario (with the features that are
commonly used in a HSI/PPPoE context)
PPPoA is still around (mainly ILEC context)
Due to legacy CPE equipment, due to existing contracts between access
providers and ISPs, …
And PPPoE/PPPoA is autodiscovered in BRAS, hence operators do now know
which end-users are using PPPoA or PPPoE.
Requirement: support a PPPoA access scenario (with no impact on BRAS),
auto-detect PPPoE/PPPoA.
DHCP required for multimedia-services
Emerging, but still a long way to go before PPP has been reinvented
Some CLECs consider it for HSIA (no legacy)
150. 150
TOC
DHCP vs. PPP
www
accept/IP-address
“username/password”
www
setup PPP – IP-address
DHCP discover
IP-address
PPP (Point-to-point protocol ) mode
User authentication (LCP: PAP/CHAP)
Session concept
Not supported by all terminals
Requires BAS
DHCP (Dynamic Host Control Protocol ) mode
MAC-address authentication - DHCP option 82 possible
No session concept
Supported by most terminals (e.g. STB, IP phone)
Requires DHCP server (less expensive than BAS)
+ opt 82
add user identification
7302
ISAM
7302
ISAM
BAS
DHCP
server
AAA
server
152. 152
TOC
DHCP
DHCP allows you to define “pools” of TCP/ IP addresses, which
are then allocated to client PCs by the server (scopes in DHCP
terminology).
Also all the related configuration settings like the subnet mask,
default router, DNS server, …
IP address
subnet mask
default Gateway address
DNS server addresses
NetBIOS Name Server
(NBNS) addresses
Lease period in hours
IP address of DHCP server.
Client DHCP
Server 1
DHCP Discover (broadcast)
DHCP Offer 1 (IP1, DNS,…)
DHCP Ack
DHCP Offer 2 (IP2, DNS,…)
Wait 1 sec
Accept first Offer
DHCP
Server 2
DHCP Request 1 (IP1, …) (broadcast)
153. 153
TOC
DHCP in the 7302 ISAM with CC-mode
DHCP relay is disabled for VLAN in cross-connect mode
DHCP packets transparently forwarded
Due to hardware, DHCP packets first filtered in the Service
Hub/NT, and then inserted again in the traffic stream.
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
DHCP
UDP
IP
ETH
Lower
layers
DHCP
DHCP relay in Edge
Router
LT
CC
Service
Hub/NT
CC
Transparent bitpipe
154. 154
TOC
DHCP in the 7302 ISAM with IB-mode
DHCP relay is implemented in a distributed way
LT provides option 82
Configurable option 82 when enabled
Service Hub/NT relays the DHCP packets
E-MAN
Network
UDP
IP
UDP
IP
ETH
Lower
layers
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
UDP
IP
ETH
Lower
layers
DHCP relay Option 82
DHCP
UDP
IP
ETH
Lower
layers
DHCP
DHCP
DHCP
DHCP
IP
ETH
Lower
layers
Edge
Router
UDP
IP
ETH
Lower
layers
DHCP
ETH
Lower
layers
ETH
Lower
layers
IP
ETH
Lower
layers
IP
Network
DHCP
Server
LT
IB
Service
Hub/NT
IB
155. 155
TOC
DHCP relay network setup
E-MAN
Network
Edge
Router
IP
Network
DHCP
Server
Function: DHCP relaying
Configuration per VLAN
Enable / Disable
If enabled (per VLAN)
IP-address of the relay agent = Giaddr
IP-address of DHCP servers (min 1/max
4)
Static route per DHCP server:
* Per DHCP server the IP Next hop
Function : IP routing
Configuration per DHCP server
(Routers business)
Route towards the DHCP server
Route toward Relay agent
Function : Add/remove option 82
Configuration per VLAN
Enable / Disable (from R2.0 onwards)
Independent of configuration of DHCP
relay features.
LT
IB
Service
Hub/NT
IB
156. 156
TOC
DHCP on the LT
Add/Remove option 82
Configurable option 82 when enabled
LT will process packets US/DS if packets are not relayed by a
downstream relay agent – Gi-addr = 0
Upstream
Add option 82
If option 82 already exists in packet then packet is dropped
If packet size exceeds maximum packet size (= MTU) after adding option 82,
option 82 is not added .
Downstream
Remove option 82
Change destination address (MAC-address and IP-address) to broadcast
if BC flag is set
Forward packet to correct PVC
157. 157
TOC
DHCP in the Service Hub
DHCP relay is configurable
Irrespective of configuration, DHCP messages always filtered to
the Service Hub due to HW limitation
DHCP enabled
Downstream
Service Hub-OBC will relay if Gi-addr = one of Gi-addr in VLAN(s) of
Service Hub otherwise inserted in forwarding path of Service Hub
Upstream
Service Hub-OBC relays packet if Gi@=0 and configuration is present
for respective VLAN
DHCP disabled
Service Hub-OBC will insert DHCP message again to forwarding
path in the stream
158. 158
TOC
DHCP relay disabled and BC flag not set
E-MAN
Network
Selflearning
MACA port x
Option 82***
DHCP Discover : BROADCAST
IP=?
MacA
IPER
MacER
Selflearning
MACA port y
Broadcast flag NOT set by client
DHCP Offer : UNICAST
Yi@= IPA and Si@=IPS
IPA
MacA
L3: IPS IPA
L2: MACER MACA
Selflearning
MACER port z
L3: null IPBC
L2: MACA MACBC
DHCP Offer : UNICAST
Yi@= IPA and Si@=IPS
L3: IPS IPA
L2: MACER MACA
DHCP Request : BROADCAST
Si@=IPS / option 50 = IPA
L3: null IPBC
L2: MACA MACBC
DHCP relay in
Edge Router
Selflearning
MACA port x
Option 82***
*** if enabled – option 82 implemented irrespective of
DHCP configuration in Service Hub
LT
IB
Service
Hub/NT
IB
159. 159
TOC
DHCP Relay disabled
E-MAN
Network
Selflearning
MACA port x
Option 82 ***
DHCP Discover : BROADCAST
IP=?
MacA
Selflearning
MACA port y
Flooding
Broadcast flag set by client
Self-learning
MACER port
z`
Flooding
L3: null IPBC
L2: MACA MACBC
L3: IPS IPBC
L2: MACER MACBC
DHCP Offer : BROADCAST
Yi@= IPA and Si@=IPS
Broadcast blocked when
BC for VLAN is disabled
1
2
DHCP relay in
Edge Router
No Flooding
if option 82
enabled
LT
IB
Service
Hub/NT
IB
*** if enabled – option 82 implemented irrespective
of DHCP configuration in Service Hub
160. 160
TOC
Extract option 82
Change IP@DA &
MAC@DA i.f.o BC flag
Forwarded to correct
port
DHCP relay enabled
E-MAN
Network
Edge
Router
IP
Network
DHCP
Server
Add option 82
Self-learning
MACA port x L3: null IPBC
L2: MACA MACBC
IP=?
MacA
IPS
MacS
Relay message
Self-learning
MACA port x
DHCP RELAY
IPR , IPS and Next
hop IPER configured
IPER
MacER
DHCP Discover :
Broadcast – Gi@= Nul
DHCP Discover :
UNICAST – Gi@=IPR
L3: IPRELAY IPS
L2: MACRELAY MACER
L3: IPRELAY IPS
L2: MACER MACS
DHCP offer:
UNICAST – Gi@=IPR
Yi@= IPA / Si@=IPS
L3: IPS IPRELAY
L2: MACS MACER L3: IPS IPRELAY
L2: MACER MACRELAY
Relay message
Forwarded to
correct port
DHCP offer : UNICAST or Broadcast (flag set)
In case of BC , Terminal recognises his answer
via the Transaction ID - Gi@= Null
L3: IPRELAY IPBC or IPA
L2: MACRELAY MACBC or
MACA
DHCP offer : ALWAYS UNICAST
irrespective of BC flag Gi@= Null
L3: IPRELAY IPA
L2: MACRELAY MACA
LT
IB
Service
Hub/NT
IB
*** if enabled – option 82 implemented irrespective
of DHCP configuration in Service Hub
162. 162
TOC
Setting up a PPPoE session
Discovery stage
the PPPoE client (host) discovers the
PPPoE-server (access server)
the PPPoE session is uniquely defined once the
Ethernet MAC address and the PPPoE session-id
are known by both peers
Session stage
defining the peer to peer relationship
build the point-to-point connection over Ethernet.
PC
PPPoE client
PC
PC
DSLAM
ADSL Modem with Ethernet/
ATMF Interfaces
“bridge configuration”
BRAS
PPPoE Server
163. 163
TOC
Scenario – Single server environment
PPPoE Client
PC
PC
PC
PADR
PADS
PADO
PADI PPPoE Active Discovery Initiation packet
PPPoE Active Discovery Offer packet
PPPoE Active Discovery Request packet
PPPoE Active Discovery Session-confirmation packet
PPPoE Server
“bridge configuration”
broadcast
Unicast
Unicast
Unicast – unique session ID
164. 164
TOC
PPPoE in the 7302 ISAM with CC-mode
PPPoE relay is disabled for VLAN in cross-connect mode
PPPoE packets transparently forwarded
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
PPPoE relay in
Edge Router
LT
CC
Service
Hub/NT
CC
Transparent bitpipe
ETH
PPP
PPPoE
ETH
Lower
layers
IP
ETH
PPPoE
ETH
Lower
layers
165. 165
TOC
PPPoE relay in the 7302 ISAM with IB-mode
Make subscriber management easier at the PPP server
Relay functionality implemented on the LT boards
addition of unique line Id to the PPPoE discovery messages
MAC SA and DA remain unchanged
The Service Hub/NT remains a pure layer 2 switch.
E-MAN
Network
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
PPPoE
ETH
Lower
layers
Layer 2
forwarding
PPPoE relay
ETH
ETH
Lower
layers
ETH
Lower
layers
IP
Network
PPPoE
PPPoE
server
ISP/Internet
PPP
PPPoE
ETH
Lower
layers
IP
PPP
PPPoE
ETH
Lower
layers
IP
IP
Lower
layers
IP
Lower
layers
TCP
HTTP
TCP
HTTP
LT
IB
Service
Hub/NT
IB
166. 166
TOC
PPPoE Relay in 7302 ISAM with IB-mode
E-MAN
Network
Layer 2
forwarding
PPPoE relay
Add relay ID
IP
Network
PPPoE
server
ISP/Internet
PADI : Broadcast
L2: MACA MACBC
PADO : unicast
L2: MACS MACA
L2: MACA MACS
PADS : unicast with
session ID
L2: MACS MACA
PADR : unicast
IP=?
MacA
IPS
MacS
PADI : Broadcast with agent circuit ID and agent remote ID
L2: MACA MACBC
PADO : Unicast
L2: MACS MACA
L2: MACA MACS
PADS : Unicast with session ID
L2: MACS MACA
PADR : Unicast with agent circuit ID and agent remote ID
Add relay id
PPP session - LCP – PAP/CHAP-IPCP
IP=IPA
PPPoE
control
frames
PPPoE
data
frames
LT
IB
Service
Hub/NT
IB
168. 168
TOC
PPP/PPPoE termination in the ISAM 7302
PPP/PPPoE termination is implemented on the LT boards
Handles all PPPoE, LCP,PAP/CHAP and IPCP control messages
Interaction with NT board
Internal communication
Data packets received over PPP/PPPoE session are pure
IP packets
IP forwarding needed on the LT
The Service hub/NT remains a pure layer 2 switch
169. 169
TOC
PPP/PPPoE termination
E-MAN
Network
Edge
Router
IP
Network
RADIUS
Server
RADIUS Client
Local IP-address Management
Local Authentication pool
(not supported yet )
IC-VLAN
CTR
ETH
Lower
layers
ETH
Lower
layers
ETH
ETH
Lower
layers
ETH
Lower
layers
ETH
Lower
layers
IP
PPP
PPPoE
ETH
Lower
layers
IP
IP
Lower
layers
IP
Lower
layers
TCP
HTTP
TCP
HTTP
PPPoE
ETH
Lower
layers
PPP
IP
ETH
Lower
layers
IP
ISP/Internet
Aggr LT
IB
FW
PPP/PPPoE
Server
170. 170
TOC
PPP/PPPoE termination- with PAP
E-MAN
Network
Edge
Router
RADIUS
Server
CTR
RADIUS
client
PPPoE Discovery phase:
LCP phase
PAP authentication request
P
P
P
o
E
S
e
s
s
i
o
n
-
I
D
Internal comm
Access Request
Access Accept
Internal comm
PAP authentication request
Authentication
Phase
PPP IPCP phase
Enable IP forwarding in
the data - plane IP=IPA
IP=?
MacA
LT
PPP/PPPoE
Server
Aggr
FW
IB
171. 171
TOC
PPP/PPPoE termination – with CHAP
E-MAN
Network
Edge
Router
RADIUS
Server
CTR
RADIUS
client
PPPoE Discovery phase:
LCP phase
CHAP Response
P
P
P
o
E
S
e
s
s
i
o
n
-
I
D
Internal comm
Access Request
Access Accept
Internal comm
CHAP Succes
Authentication
Phase
PPP IPCP phase
Enable IP forwarding in
the data - plane IP=IPA
IP=?
MacA
CHAP Challenge
IB
LT
PPP/PPPoE
Server
FW
Aggr