Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Carrier-Grade Ethernet Challenges for
IPTV Deployment
Sundar Vedant...
services. Noticing the trend, MEF has identified                       provide service quality that is at least equal to, ...
class congestion will not be an issue. Having per-
able to exploit the synergies between telecom-
munication service providers and cable TV con-                             ...
trols) are important functions that help minimize                           tagged cells are treated with lower priority c...
allocation avoids losses that would be incurred                        is computed based on the system potential func-
by ...
designing in network processors on the access                                                       RELIABILITY
      NPs ...
[2] Infonetics Report, “Carrier Ethernet Booming,”                       [15] F. Hao, M. Kodialam, and T. V. Lakshman, “Re...
Upcoming SlideShare
Loading in …5

Carrier-Grade Ethernet Challenges for IPTV Deployment


Published on

  • Be the first to comment

  • Be the first to like this

Carrier-Grade Ethernet Challenges for IPTV Deployment

  1. 1. INTERCONNECT AND FABRIC TECHNOLOGY STANDARDS Carrier-Grade Ethernet Challenges for IPTV Deployment Sundar Vedantham, Seong-Hwan Kim, and Deepak Kataria, Agere Systems Inc. ABSTRACT Internet Protocol television (IPTV) is being touted as the next “killer application” that will Carrier-grade Ethernet standardization and consume available bandwidth on the Internet deployment is gaining momentum due to the and enable future network growth [6]. While the ease of deployment, lower cost, and compatibili- hype has been quite high, real-world use remains ty with existing networks on the access end. minimal and is only in its early stages. If the When Internet Protocol Television (IPTV) is deployment is to reach its full potential, we need deployed using Ethernet as the underlying inter- to look at end-to-end scenarios and ensure that connect fabric infrastructure, meeting fine- there are no stumbling blocks. This article ana- grained traffic management (TM) requirements lyzes IPTV requirements and how they could be on the service provider side to meet quality of met when delivered over carrier grade Ethernet. service (QoS), billing, and security features To put this subject in context, some basic implementation on the user side poses several background is instructive. Internet growth is challenges. Such challenges could be met using forcing the technology to migrate from simple the TM features built into network processors data services to triple-play services. A standard (NPs). definition of triple-play services includes voice, data, and video services provided over a single INTRODUCTION transport infrastructure. In addition, services like audio/video conferencing, collaborative editing, Present Ethernet deployments on the LAN side video on demand (VoD), PPV (pay-per-view are mature, very well understood, fairly inexpen- movies and content stored in the network and sive, and serve the requirements well. In the last streamed on demand), Internet telephony, Inter- decade, Ethernet technology has evolved from net radio, premium interactive content, and the 10 Mb/s shared wire model to switched oper- interactive gaming may form an emerging set of ation over unshielded twisted pair (UTP) that services supported. The delivery of such services support 1000 Mb/s and then on to fiber optic opens new revenue streams for telecom service transmission from 100 Mb/s to 10 Gb/s rates providers [7]. Customers will be willing to pay with transmission distances spanning from 2 to for such a rich suite of services, especially when 2000 km using long-haul dense wavelength-divi- multiple services are bundled and made afford- sion multiplexing (DWDM) systems [1]. Newer able. Ethernet versions also support up to eight class- This migration requires changes in the physi- es of service and unicast/multicast/broadcast cal infrastructure that bring service to homes modes via the VLAN technique. This evolution from current cable or satellite TV models. Ana- makes it a good candidate for both LAN and log cable TV will not be able to piggyback digital WAN interconnection space. Recent projections triple-play services on the same network due to estimate that close to US$29 billion will be spent bandwidth and interoperability limitations. Satel- worldwide on Ethernet in metropolitan networks lite TV, being unidirectional, does not lend itself between 2004 and 2008 [2]. But Ethernet tech- well to triple-play services that require bidirec- nology lacks carrier-grade features such as QoS, tional communication. Present satellite TV provisioning, fault tolerance, TDM compatibility, deployments use regular phone lines to receive OAM, and self-healing, making it unsuitable for information from subscribers even for pay per backbone and carrier space. Recently there has view orders. This dependence on regular phone been a lot of standards activity at the Metro Eth- lines and the technology’s inability to provide ernet Forum (MEF), the Internet Engineering any direct means of upstream communication Task Force (IETF), and the International (from subscriber to network) makes it an imprac- Telecommunication Union (ITU) with regard to tical contender in the triple-play arena. As of addressing these requirements, thus paving the now, technologies like fiber to the premises way for wider deployment of Ethernet as a carri- (FTTP), xDSL, digital cable, and high-speed er-class interconnection fabric [3–5]. Early wireless seems better positioned to handle multi- deployments are on in the Asia-Pacific region. media-based rich bidirectional communication 24 0163-6804/06/$20.00 © 2006 IEEE IEEE Communications Magazine • July 2006 Authorized licensed use limited to: IEEE Xplore. Downloaded on December 1, 2008 at 18:45 from IEEE Xplore. Restrictions apply.
  2. 2. services. Noticing the trend, MEF has identified provide service quality that is at least equal to, if residential triple play with IPTV as one of the not better than, the service customers are used If each home has carrier-grade Ethernet drivers. to. Customers will not migrate to bundled triple- approximately four Best-effort service has been traditionally used play services if the television picture quality to provide Internet access services such as Web tends to be more grainy with intermittent jitters TVs, two to three browsing. Ethernet works well in this context at and the channel switch controls are less respon- SDTVs and one to the subscriber end. But the new set of multime- sive than what they are presently used to. Hence, dia services require end-to-end quality-of-service key IPTV features needed for successful deploy- two HDTVs can be (QoS) guarantees. Since customers are used to ment include [8]: supported with viewing television programs and using their tele- • Selection: End users should be able to select about 20 Mb/s phones without noticing any jitter or delay, QoS their program of choice from a plethora of guarantees are a must in triple-play service TV content available. This also requires bandwidth. At this deployment over Ethernet. This becomes critical faster channel selection and channel chang- point, bandwidth because, as the available bandwidth per customer ing time. increases, emerging suite of services will demand • Storage: TV content should be storable in a management among even more bandwidth, generating bottlenecks local storage device, so that it can be made different traffic that can only be handled well via traffic manage- available to customers whenever they want classes to homes ment (TM) features. Thus, for the ubiquitous to watch it (time shifting). Vendors are Ethernet idea to succeed from the end-user to planning to store about 100 hours of pro- becomes a critical the carrier levels, carrier-grade Ethernet will gramming (new TV programs or movies) issue, meaning voice, require good TM capabilities on the network that into the set-top boxes (STBs). can be provided by network processors (NPs). • QoS: The service should guarantee band- video, and data width for video streaming and QoS differ- services must be entiation for supported classes of traffic. handled differently. BROADBAND SERVICE • Low cost: Per-line/per-customer cost of bundled services must be low. REQUIREMENTS • Upgrades: Service provider should be able It is clear that each type of service will come to upgrade codecs and user authentication with a slightly different set of requirements. Let software without disrupting service. us consider them case by case as follows: • Miscellaneous: Service providers should be • VoIP: Minimum bandwidth but strict limits able to provide high-quality resolution for on delay and jitter programs at no substantial additional • Video conferencing: Higher bandwidth, very charge to end users. strict limits on delay and jitter Future IPTV service will provide two differ- • Live video broadcast: Higher bandwidth and ent types of TV services: standard definition TV limits on delay and jitter; limited packet (SDTV) and high-definition TV (HDTV). SDTV loss is acceptable bandwidth ranges from 1 to 4 Mb/s. HDTV • Video on demand (VoD): Higher-band- bandwidth ranges from 4 to 13 Mb/s. The typical width statistical guarantees; less stringent number of TV channels available from a delay and jitter requirements, as video provider hovers between 250 and 300 channels streams can be buffered of SD, and an additional 10 to 20 more channels • Interactive gaming: Low bandwidth but for HDTV. If each home has approximately four strict bounds on delay TVs, two to three SDTVs and one to two • High-speed data services: Just bandwidth HDTVs can be supported with about 20 Mb/s guarantees and less stringent delay require- bandwidth. At this point, bandwidth manage- ments; packet-loss limits ment among different traffic classes to homes • Web Browsing: Medium bandwidth and becomes a critical issue, meaning voice, video, delay, high reliability, best-effort service and data services must be handled differently. • Email: Low bandwidth and delay, high relia- The following sections discuss how TM features bility available in network processors address these Besides QoS, support for additional control listed requirements. functions is needed for various on-demand ser- vices. Quick channel-changing ability is one such example. The challenge it presents and possible TRAFFIC MANAGEMENT AND solutions are discussed in the next section. Billing and security features will require fine- QOS CONTROL grained metering of traffic. In addition to meet- From a QoS control perspective, traffic manage- ing these requirements, service providers need to ment in Ethernet-based IPTV networks can be ensure that the available bandwidth is being particularly challenging. This is because traffic used to full extent so as to generate maximum management solutions have to be implemented revenue. Thus, the deployment will rely heavily at different levels of control granularity. Those on the traffic management functions available on levels for xDSL service include: network processor chips. • Individual services actively used by a given subscriber • Individual xDSL link-load for the given sub- IPTV REQUIREMENTS scriber Customers will be attracted to bundled triple- • Aggregate subscribers supported on a given play services when the bundle costs less than the line card sum of the service fees for individual services. • Aggregate line cards supported on a given But to be successful, the bundled services should uplink card IEEE Communications Magazine • July 2006 25 Authorized licensed use limited to: IEEE Xplore. Downloaded on December 1, 2008 at 18:45 from IEEE Xplore. Restrictions apply.
  3. 3. class congestion will not be an issue. Having per- user scheduling can also provide end-user isola- Video service tion for billing and bandwidth control purposes. network IP CPE Without the presence of a network processor, Home modem scheduling at this level of granularity using carri- Metro er-grade Ethernet gear alone is not possible. carrier Ethernet CHANNEL SELECTION Global carrier Ethernet Contemporary TV technology sends all TV chan- CPE modem nels to all end users and channel switching is IP performed by simple filtering of the undesired Metro carrier frequencies. This mechanism is used in existing Ethernet cable TVs. Specifically, channel changing simply Metro carrier selects one channel functioning like a band pass Ethernet filter and ignores the rest. IPTV cannot use this IP approach because of the limited bandwidth reaching each home. Therefore, the telecom ser- vice provider only sends the selected TV channel or channels to the customer premises. In case of I Figure 1. Carrier Ethernet-based IPTV network. Fig. 2, this model means that multicast trees should first be established with QoS guarantees for video transmission. When the subscriber There may be other intervening levels of con- sends in a request for a video channel using the trol granularity that have to do with the virtual STB connected to the CPE, carrier Ethernet fil- partitioning of the links at the various levels of ters the request and replicates and forwards only the hierarchy for better QoS controls. For exam- the requested channel to the subscriber. ple, macro-level controls will be needed to dif- This creates channel changing delay, since the ferentiate residential customers from business channel change information has to travel customers. Figure 1 shows a network topology upstream through the network to the service designed to provide IPTV services based on Eth- provider. But, if all content/channels are brought ernet on xDSL networks. Services deployed via to the DSLAM box using high-capacity back- wireless or digital cable technology requires very plane, the distance IGMP messages need to trav- similar service support levels. el to effect channel switching will be greatly Figure 2 shows a Multiservice Access Net- reduced, thus providing dramatic reductions in work (MSAN) architecture that can deliver channel changing delay since IGMP messages IPTV services using carrier Ethernet devices. need not travel all the way up to a broadband The xDSL links from the subscribers terminate remote access server (BRAS). in digital subscriber-line access multiplexers The IPTV delivery architecture may also (DSLAMs), which is part of the broadband want to stream adjacent TV channels to the one access network. The aggregating system is known that is being watched to the STB so that moving as the subtending system; each of the systems one channel up/down at a time will be instanta- connected to it are known as subtended systems. neous. But this approach triples the bandwidth This many-to-one relationship at different required for each TV set. levels is characteristic of DSLAM architectures. This one-way direction of aggregation from the BANDWIDTH UTILIZATION subscribers toward the provider is also known as When the TV sets in a household are all off, the upstream direction. The opposite direction customers paying for 20 Mb/s bandwidth would from the provider to the subscribers is known as want to get the entire bandwidth diverted to the downstream direction. other applications that are currently running, In the downstream direction, hierarchical such as browsers or games. While this bandwidth traffic management can provide differentiated adjustment does not have to be guaranteed (for services for different subscribers, because each oversubscription), the service provider should user gets different types of services allotted by still guarantee the minimum bandwidth for the different schedulers. In addition, class-depen- services that are running (such as browsers and dent traffic isolation can be provided to the end games). To achieve this, the service provider sys- user between different traffic streams. Per-user tem should monitor the status of TVs at home. scheduler configuration can be mirrored to other If one or more TVs are turned off, the service users who request the same bandwidth and set provider may allocate more bandwidth to the of services. Hierarchical traffic management, as end user’s data service with best-effort schedul- shown in Fig. 3, would be ideal to handle such a ing technology. When TVs are turned on, the scenario. service provider needs to reduce the scheduler In the upstream direction, individual user rate of other services. Thus, the controller must traffic gets monitored at the lowest level of hier- have a powerful scheduler to dynamically control archical scheduler. And each class of traffic from bandwidth in this fashion. different users can merge into a separate class As stated above, the bundled services should scheduler (e.g., voice, data, and video) at the target the right inflection point from cost per- next level of hierarchical scheduler. spective. That means a reasonably priced net- Having a separate scheduler for each class work processor would be required to provide will provide class isolation. Another benefit is proper QoS management, as well as all the ben- that bandwidth starvation caused by lower/other efits of traffic management technology. To be 26 IEEE Communications Magazine • July 2006 Authorized licensed use limited to: IEEE Xplore. Downloaded on December 1, 2008 at 18:45 from IEEE Xplore. Restrictions apply.
  4. 4. able to exploit the synergies between telecom- munication service providers and cable TV con- PHY_IF tent providers, the NPs handling the traffic flows GMII Multi - should be able to balance the demands of the Work SERDES protocol Access- or traffic dependent services, while maximizing the bandwidth usage Protect PHY processor (last-mile) on the network. MSAN DSLAM uplink GMII transceiver card Line card Host Backplane NxGE, Carrier TRAFFIC MANAGEMENT FOR 10GE, OC-48 PHY Ethernet SERDES traffic AFFORDABLE BROADBAND CPU aggregator The overall objective of traffic management is to PHY_IF Memory GMII support a wide variety of services with diverse Work SERDES Multi- QoS requirements while ensuring efficient shar- protocol Access- or traffic dependent ing of network resources. The former allows pro- Protect PHY processor (last-mile) viders to offer new revenue-generating services; GMII transceiver the latter promotes service affordability. Traffic Line card Host management includes functions such as policing, buffer management, scheduling, shaping, back- pressure flow control, CAC admission control, I Figure 2. MSAN DSLAM architecture. route selection, and node/network monitoring. These functions must support full bandwidth flexibility such that upstream and downstream Changes BW rates can be chosen freely and continuously up Channel CBS MC group QoS queues Scheduler according to to the maximum physical limits. The functions DID 0-CBS to home 1 the channel also should enable full-service flexibility such DID 1-CBS to home 2 Q0 Strict Logical ports Port managers that a random mix of services with various bit Home1 DID 47-CBS to home 48 0 Home1 rates and various traffic requirements can be 0 supported, within available bit-rate limits. The Channel ABC MC group Changes BW 1 Home2 functions should foster maximum sharing of net- DID 48-ABC to home 3 according to BW usage 2 Home3 work resources and help minimize network DID 48-CBS to home 2 downtime [9]. Fixed 4 DID 85-CBS to home 3 These functions can be implemented in a WRR 1 Video (TV) Q1 Q2 5 centralized manner where all the control func- Voices MC groups tionality resides in an uplink card that handles Data Q3 Q4 Fixed 6 Q5 traffic from all the connected line cards, as well VoD Q6 as all the subscriber traffic from each line card. Q7 WRR 2 In the distributed approach, the control func- 47 Home48 tions are distributed between the uplink card and the line card. The distributed approach pro- vides for a more scalable and flexible architec- ture. I Figure 3. Downstream traffic management in a line card. Despite the aggregation in the upstream direction, the subscribers’ traffic needs to remain segregated. This can be achieved by providing an phony, audio and video conferencing and other equivalent mirrored structure of controls in the types of video services with real-time content. downstream direction. The call admission control (CAC) function In the upstream direction, policing ensures keeps track of upstream and downstream band- traffic conforming to the service level agreement width along all the nodes and links in the path. (SLA) is allowed into the network. Marking of Any new connection requesting a certain QoS traffic may be employed to signal the relative level is only admitted if the resulting bandwidth treatment of traffic in the network. Differentiat- use is within a predefined admissible region. It is ed traffic scheduling is needed to treat the delay- possible for the flow control flag from the sensitive real-time services (telephony or traffic upstream node to be turned off for class 2 traf- with real-time video content), preferentially over fic, while the flow control flag for class 1 is the data services. turned on. Class-specific backpressure flow control is For downstream traffic, the CAC function needed to handle the periods of temporal over- needs only ensure that aggregate bandwidth use load, when the incident traffic load exceeds the for guaranteed traffic remains within the avail- available bandwidth in the upstream direction. able capacity. For upstream traffic, the admissi- Due to the fan-out topology, no traffic aggrega- ble region is the set of bandwidth use values for tion exists in the downstream direction. Rate which all guaranteed flows receive their con- shaping is employed so that downstream traffic tracted QoS. Network/node monitoring functions flows smoothly with no likelihood of buffer over- allow the detection of resource problems proac- flows. Temporary rate excesses are accommodat- tively such that remedial actions can be taken ed by limited downstream buffering. Traffic for maximum availability. For example, switch- multicasting is needed at the edge node such level redundancy at the line card, and switch fab- that the WAN links upstream can be efficiently ric, common control, power supply levels, and used. Priority-based traffic handling is needed so network-level redundancy (such as automatic low latency can be provided for high-quality tele- routing, failure recovery, and congestion con- IEEE Communications Magazine • July 2006 27 Authorized licensed use limited to: IEEE Xplore. Downloaded on December 1, 2008 at 18:45 from IEEE Xplore. Restrictions apply.
  5. 5. trols) are important functions that help minimize tagged cells are treated with lower priority com- For cell-based traffic, network downtime. While carrier-grade Ethernet pared to untagged cells [10]. standards efforts are on to address these require- For frame-based traffic, the service eligibility well-known GCRAs ments, it is clear that traffic management plays a test, or frame-based generic cell rate algorithm are used to check for critical role to support new revenue generating (F-GCRA), is defined in addition to confor- conformance to services for service providers. mance tests. A frame is deemed conforming if Efficient traffic management also plays a all its cells are conforming and nonconforming if limits on how fast major role in maximizing use of network one or more of its cells are nonconforming the cells may arrive resources. Traffic management helps increase (GCRA test). provider revenue according to the following list A frame is eligible for service guarantees if it and limits on the of factors: is conforming and passes the F-GCRA test for number of cells that • Using the minimum amount of buffer space the contracted minimum rate and the associated may arrive back-to- for the maximum good throughput tolerance. This tolerance limits the number of • Satisfying the QoS requirements frames that can arrive back-to-back during a back during a • Using the least amount of bandwidth specified interval. These notions of conformance specified interval. • Supporting the maximum number of con- and service eligibility make possible the specifi- nections over a given network link cation of guarantees of service at the frame-level Actions on detection • Minimizing network downtime for the variable-sized frames when using the of nonconformance This in turn makes broadband services more underlying Ethernet infrastructure for transport. include dropping or affordable and facilitates logarithmic increase in For frame-based traffic, ineligibility is handled cost of service with bandwidth demand. This by dropping complete frames or tagging all the tagging cells. occurs by deriving maximum possible use from cells of the frame to indicate lower priority dur- existing and newly deployed network and system ing the upstream queuing and buffer manage- resources. In the absence of this, existing and ment functions. new capital investments are underused, leading The ultimate objective of the policing func- to the cost of service growing linearly with band- tion is to protect network resources from mali- width demand. cious or unintentional source misbehavior that Efficient traffic management also offers sev- can affect QoS commitments to other users. This eral hooks for increasing provider revenue. By policing is done by detecting violations of con- dynamically adjusting the scheduling weights tracted parameters and taking appropriate dis- for both improving QoS for higher-priority carding or tagging actions. users — those that suffer from a high popula- tion of users with lower priority — revenue BUFFER MANAGEMENT earned by the service provider can be increased. Buffer management follows the policing func- However, this strategy should not completely tion and has the dual objectives of satisfying block the users who may have subscribed for the heterogeneous QoS requirements of con- cheaper service. nections or flows. This is done by first provid- Users can also be charged additional fees ing the necessary protection and isolation, and depending on the throughput improvement, for then simultaneously extracting multiplexing example, when real-time services are not being gains from sharing the different buffer alloca- used. Traffic management functions in this case tions across the hierarchy of classes/port, and must detect the change and provide the new rate across all ports. to the willing subscriber. Without distinct buffer allocations, it is not Thus, efficient traffic management plays a possible for the scheduling function to differen- major role in delivering QoS and increasing tiate between the various classes of traffic com- provider revenue, both of which are key ele- peting for a single output port. Even within a ments in making affordable Ethernet based per- single class, there may be QoS requirements of sonal broadband a reality. different connections or different flows, requir- ing separate queues or buffers. Providing a hierarchy of buffer allocations with static MANAGEMENT FACTORS thresholds achieves the needed differentiation, but does not allow efficient sharing across the In this section we look at four significant TM connections or flows within a class, between dif- features available in NPs that affect IPTV imple- ferent classes per port, or even between ports. mentation in carrier-grade Ethernet. As indicated above, buffer management should also promote maximal buffer use, because it POLICING has a direct effect on the cost of the service Policing is the function of monitoring traffic gen- provided. erated by the user. Its purpose is to ensure traf- Dynamic thresholding achieves the dual fic conformance to the contracted temporal objectives of QoS differentiation while maximiz- behavior and take appropriate action upon ing buffer use. The thresholds are dynamic detection of nonconformance. because they change, depending on the amount For cell-based traffic, well-known generic cell of free buffer space available. The larger the rate algorithms (GCRAs) are used to check for free buffer space, the higher the threshold. conformance to limits on how fast the cells may These thresholds are usually provided at all hier- arrive and limits on the number of cells that may archical levels: per connection/flow, per traffic arrive back-to-back during a specified interval. class per port, and per port. The dynamic thresh- Actions on detection of nonconformance include old function permits allocation of buffers to indi- dropping or tagging cells. During the upstream vidually overloaded connections when there are queuing and buffer management functions, large reserves of unoccupied buffers. This buffer 28 IEEE Communications Magazine • July 2006 Authorized licensed use limited to: IEEE Xplore. Downloaded on December 1, 2008 at 18:45 from IEEE Xplore. Restrictions apply.
  6. 6. allocation avoids losses that would be incurred is computed based on the system potential func- by the overloaded connections under a static tion (also called the virtual time). System poten- Timestamp values threshold policy. tial function keeps track of the total work done Conversely, as the overall traffic-class occu- by the scheduler and is thus a nondecreasing (finishing times) are pancy approaches a per-traffic-class, per-port function of time. A queue becomes eligible when assigned to queues threshold, the extra allocation is withdrawn to the starting time is less than or equal to the sys- based on the system prevent any one traffic class from occupying a tem potential function. disproportionate share of buffer space at a given Timestamp values (finishing times) are potential function. port. For example, non-real-time services can assigned to queues based on the system potential It advances each use large buffers. By contrast, for real-time ser- function. It advances each cell/packet departure vices, delay variation tolerance, and transfer instant by an amount equal to the reciprocal of cell/packet departure delay, constraints dictate smaller guaranteed connection/flow service rate. At any time, the instant by an buffer requirements. Likewise, buffers across queue with the minimum eligible timestamp amount equal to multiple ports can be shared up to a guaranteed value is selected for service. Thus, eligibility is minimum per port. Thus, an intelligent buffer tested with respect to starting time, and schedul- the reciprocal of management function plays a major role in pro- ing is done based on finishing time. Because connection/flow viding needed service differentiation while maxi- packets can be variable in size, packet lengths mizing buffer use. should also be considered for packet scheduling. service rate. At any Work done by the scheduler should be accu- time, the queue with SCHEDULING rately tracked (the actual byte count) in this the minimum eligible The scheduling mechanism selects a queue to case, because it affects the ability to deliver service at each cell/packet dispatch time such as bandwidth and delay guarantees. The objective timestamp value is to meet the associated QoS requirements. Such of such a scheduler type is to assure bounded selected for service. requirements are usually specified in terms of delay independent of the number of active con- acceptable statistical bounds on maximum delay, nections, while maintaining fairness of service delay variation, loss rate, or some combination among competing connections. of these, depending on service type. For connections/flows that do not require While satisfying the QoS requirements, the delay guarantees but need bandwidth guaran- scheduling mechanism must deliver the band- tees, frame-based approaches can be used [11]. width committed as part of the traffic contract. In this type of approach, weights are assigned to The scheduling mechanism must ensure suffi- each connection/flow, and at any time the length cient isolation between connections such that the of the frame is equal to the sum of all the traffic characteristics and QoS requirements of weights of all the active connections/flows. The one connection do not adversely impact the service for connection/flow is deemed complete bandwidth and QoS provided to another connec- in a given frame if the connection/flow is served tion. It is also expected that the scheduler will a number of times equal to the assigned weight provide fair share to connections of excess link in the frame; such service is repeated in the next bandwidth whenever it is available. frame, and so on. Rather than serve each con- The scheduling mechanism should promote nection/flow consecutively based on its weight, high use of both bandwidth and buffers. It should service is interleaved among all the be scalable with respect to the number of con- connections/flows in a round-robin fashion. nections and over a wide range of link speeds. For variable-sized packets, packet lengths are While isolating connections requiring guarantees considered in scheduling and the frame-based on bandwidth and QoS, the scheduling mecha- packet scheduler keeps track of the deficit nism must allow maximal sharing among connec- accrued at each frame service. To meet the long- tions requiring no bandwidth guarantee or QoS. term average commitment of bandwidth guaran- It is also desirable that scheduling functions tees, the scheduler applies it during the next in NPs work in conjunction with buffer manage- frame service and so on. ment functions to provide tunable parameters The scheduling schemes at the first level are that can maximize coverage of operating points extended at the second level, where the schedul- and facilitate design of the connection admission ing is among the different service classes. At this control (CAC), which operates at the connection level, bandwidth and delay guarantees are met at set-up phase. the aggregate service class level. Any leftover bandwidth from the guaranteed class level sched- PROVIDING QOS DIFFERENTIATION uler can be made available to different service Similar to the buffer management function classes in a fair manner. Similarly, scheduling at requirements, the need to provide QoS differen- the third level can provide bandwidth and delay tiation while enabling the best possible sharing guarantees at the port level, while providing the of bandwidth resources and fairness requires a capability to distribute excess bandwidth among hierarchical scheduler active at the per-connec- ports. This hierarchical scheduling provides QoS tion/flow level, per-service-class level, and per- differentiation and promotes efficient bandwidth port level to provide the needed bandwidth use. guarantees, delay bounds, and fair share of To summarize, Ethernet networks designed excess bandwidth. The scheduling function for delivery of triple-play services should be able should also be augmented to deal with transient to perform policing well in the upstream direc- backpressure conditions, especially for real-time tion, support sophisticated buffer management services like IPTV. schemes, and provide hierarchical scheduling At the first level, each connection/flow is usu- with enough queues and schedulers to maintain ally provided its own queue for scheduling. The differentiated QoS for a large number of traffic time to serve the queue, called the starting time, flows. These requirements can be supported by IEEE Communications Magazine • July 2006 29 Authorized licensed use limited to: IEEE Xplore. Downloaded on December 1, 2008 at 18:45 from IEEE Xplore. Restrictions apply.
  7. 7. designing in network processors on the access RELIABILITY NPs monitoring end of the network. Application service resiliency (ASR) is a means individual user traffic to ensure that end-user access to the network and blocking SECURITY resources is never totally denied, even if cables malicious IGMP Developing an architecture that adequately pro- and/or equipment providing the service become tects the network resources so that good end- faulty. This end has always been achieved through messages can user experience is maintained while malicious redundancy in networks. In the standard redun- prevent overloading users/software are kept out is extremely impor- dant models, the entire traffic reaching a destina- tant in converged networks. Since the services tion (such as a curbside DSLAM box) would be of the network are bundled and delivered through one medium, replicated by simply provisioning double the resources. The same attacks carried out on one service can end up bandwidth required for the destination using a NP can also identify bring down all the services simultaneously, thus different physical medium. This results in half of making the system more vulnerable. the bandwidth going unused most of the time. and block malicious A denial of service (DoS) attack aims to pre- The ASR technique leverages the fine-grained traffic getting into vent legitimate users from obtaining services traffic management features available in NPs to from desired resources by typically flooding the individually isolate and track Layer 4 services the system using fast network with unwanted traffic. This flooding reaching the same home. If and when the main pattern matching overloads the provider of the service (such as route providing the service goes down due to abilities built Web servers), thereby preventing services from equipment/cable malfunction, a selected subset being delivered. DoS attacks could also be of Layer 4 services is immediately restored to the into NPs. attempts to prevent individual systems from home via redundant lines, while the rest of the communicating with each other. service restoration may be completed as soon as In a distributed DoS (DDoS) attack, the possible. Thus, to give an example, even though a attack uses a “many-to-one” approach, typically single medium brings in triple-play services into a by taking control of several zombie machines home, when there is a network failure, the ser- (i.e., systems taken over without the owner’s vice provider can choose to provide VoIP service knowledge to perpetuate such attacks), and alone via the redundant line immediately while coordinating the attack from several machines to letting other services restore on a normal healing the targeted service provider system at one syn- schedule. This technique allows service providers chronized time. In case of IPTV, infected STBs to lease a smaller-capacity (say, just 20 percent of could be forced to send out endless IGMP the original bandwidth) line and use it as a redun- join/leave messages upstream as if individual TV dant line, resulting in cost savings. In order to viewers are switching the channels continuously. implement this technique, since the Ethernet A coordinated attack initiated from every STB gear is not designed to work at a fine-grained in a system can overwhelm the provider network level, the NPs used in the system should be capa- if the IGMP messages flood the network all the ble of supporting multiple scheduling queues to way up to the service provider’s office. The solu- serve a single customer, and be able to identify tions discussed above would address this security failures and switch the selected services to redun- concern as well. dant lines instantaneously while maintaining Solutions have been proposed to handle such FIFO order of packets being routed. attacks [12, 13]. Typical approaches involve sep- arating legitimate traffic from the flood of DDoS traffic and continuing to provide the service to CONCLUSION legitimate traffic while ignoring the pseudo-traf- Efficient use of network resources while provid- fic trying to exhaust resources. One of the tech- ing differentiated QoS for multiple service class- niques used is enforcing a quota system when es requires a comprehensive traffic management attackers use legitimate IP addresses to initiate framework. The carrier-grade Ethernet effort the attack. This ensures no client system con- underway does not fully address these require- sumes an unacceptably high share of the avail- ments, since the focus is oriented more towards able resource, thereby eliminating starvation scalability, protection, TDM support, minimum (i.e., service denial) for any of the participating QoS control, and OAM issues. An integrated clients. Monitoring the extent to which a given traffic management solution implemented using user is consuming resources requires fine-grained network processors that employs appropriate traffic flow monitoring. Thus, NPs monitoring controls on sophisticated policing, buffer man- individual user traffic and blocking malicious agement, and hierarchical scheduling for differ- IGMP messages can prevent overloading of the entiated services can provide a hierarchy of network resources. The same NP can also identi- economies and revenue benefits valuable to ser- fy and block malicious traffic getting into the vice providers. This maximizes service affordabil- system using fast pattern matching abilities built ity and fills an important void in making the into NPs [14]. ubiquitous Ethernet model successful. Thus, Implementing algorithms that measure traffic leveraging traffic management is key for success- flow anomalies [15] even though what is being ful deployment of triple-play services, including looked for may not be well known ahead of time IPTV, in the near future. is another powerful technique in this realm. Fine-grained flow measurement capabilities REFERENCES available in network processors can be put to use [1] White Paper, “Understanding Intelligent Carrier Ether- to identify suspicious flow patterns so they can net: Bringing the Advantages of Ethernet to the Service be isolated for investigation or blocked from Provider,” entering the local network. lnty/etty/ggetty/prodlit/intgn_wp.pdf, 2003. 30 IEEE Communications Magazine • July 2006 Authorized licensed use limited to: IEEE Xplore. Downloaded on December 1, 2008 at 18:45 from IEEE Xplore. Restrictions apply.
  8. 8. [2] Infonetics Report, “Carrier Ethernet Booming,” [15] F. Hao, M. Kodialam, and T. V. Lakshman, “Real-Time Detection of Hidden Traffic Patterns,” Proc. 12th IEEE 770, Apr. 12, 2005. Int’l. Conf. Network Protocols, 2004. An integrated traffic [3] Metro Ethernet Forum, “MEF 2: Requirements and Framework for Ethernet Service Protection in Metro management Ethernet Networks,” http://www.metroethernetforum. BIOGRAPHIES solution implemented org/PDFs/Standards/MEF2.pdf SUNDAR VEDANTHAM ( is a senior systems [4] Metro Ethernet Forum, “MEF 4: Metro Ethernet Net- engineer working in the Telecom, Enterprise & Networking using network work Architecture Framework — Part 1: Generic Frame- (TEN) division of Agere Systems, Allentown, PA. He received work,” his Ph.D. in computer science from Louisiana State Univer- processors can Standards/MEF4.pdf sity in 1997. He is working on system integration issues [5] Metro Ethernet Forum, “MEF 12: Metro Ethernet Net- provide a hierarchy related to DSLAM, RNC/Node-B systems as part of Agere’s work Architecture Framework Part 2: Ethernet Services telecom system integration group. His research interests of economies and Layer” include network traffic and congestion management, secu- dards/MEF12.pdf rity, high-speed networking, theoretical computer models, revenue benefits [6] B. Alfonsi, “I Want My IPTV: Internet Protocol Television and evolutionary computing. Predicted a Winner,” IEEE Distributed Systems Online, valuable to service IEEE Computer Society 1541-4922, vol. 6, no. 2, Feb. S EONG -H WAN K IM ( received a Ph.D. 2005. providers. This degree in electrical engineering from State University of [7] S. Cherry, “The Battle For Broadband,” IEEE Spectrum, New York at Stony Brook in 2000. Since 2001 he has maximizes service Jan. 2005, pp. 24–29. been with Agere Systems, where he is a Distinguished [8] S.-H. Kim and D. Kataria, “Delivering the Next Big Member of Technical Staff in the System Integration affordability and fills Motion Picture: IPTV,” http://www.networksystemsde- group of the TEN division. He is currently working on, data networking and wireless system integration, which an important void in Nov. 2005. includes residential gateway, SMB, RNC, and DSLAM [9] D. Kataria, “Traffic Management for Affordable Broad- making the application systems for which he has contributed to the band,”, Mar. 22, 2004 architectural designs. ubiquitous Ethernet [10] ATM Forum, “Traffic Management Specification Ver- sion 4.1,” AF-TM-0121.000, Mar. 1999. D EEPAK K ATARIA ( holds a B.S. in elec- model successful. [11] N. Giroux and S. Ganti, Quality of Service in ATM Net- tronics and communications engineering, and M.S. and works: State of the Art Traffic Management, Prentice Ph.D. degrees in electrical engineering from Rutgers Uni- Hall, 1999, p. 10. versity. He is systems integration manager in the TEN divi- [12] J. Xu and W. Lee, “Sustaining Availability of Web Ser- sion of Agere Systems. He manages the development of vices Under Distributed Denial of Service Attacks,” IEEE enabling and value-added software for reference plat- Trans. Comp., vol. 52, no. 2, Feb. 2003, pp 195-208. forms targeting the home gateway, small-medium busi- [13] X. F. Wang and M. K. Reiter, “Defending Against ness gateway, wireline/wireless access networks, and Denial-of-Service Attacks with Puzzle Auctions,” Proc. carrier-Ethernet-based multiservice edge systems. His 2003 IEEE Symp. Security & Privacy. research interests include networking, traffic manage- [14] S. Vedantham, “Network Processors Battle e-Crimes,” ment, network security, multihop wireless, timing over packet, fixed-mobile convergence, reliability, and storage cleID=173600 898, Nov. 2005. area networking. IEEE Communications Magazine • July 2006 31 Authorized licensed use limited to: IEEE Xplore. Downloaded on December 1, 2008 at 18:45 from IEEE Xplore. Restrictions apply.