10 fn key2

Networks, Ethernet,
IPv6, Cloud
Building blocks needed
for Next Generation Networks

Presented at FutureNet 2010
Tom Siracusa
Executive Director – VPN Strategy
AT&T Labs
5-12-2010

1 © 2010 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of
AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.

Technology Trends

• Broadband Growth
• Mobility
• Devices
• Invisible Computing
• IP Everywhere
• Media Modality

Taken individually, we see and to a large extent understand the
trends. Taken collectively, it’s likely we don’t appreciate the
implications, and how these technologies will conspire to change
our networks and the ways we will communicate.


Today’s Topics

Core Improvements
• Scale and Reliability

Ethernet
• Reach and High Bandwidth

IPv6
• Internet of Everything

Cloud Architecture
• An extension of the network


IP/MPLS Network Evolution
ExaFlood Scale,
Scale, Metro Traffic Differentiation,
Enterprise & Scale & Merger Aggregation, Cloud Computing,
Internet Convergence Integration FRR Resiliency Net Neutrality

Phase 1 Phase 2 Core 2.0 Core 3.0

2005 2006 2007 2008 2009 2010 2011+

 Class of Service
(Edge and Core)
 40G Backbone
 MPLS Enabled Backbone
 SBC Integration  Network Resiliency
 Multi Service IP Edge
 Fast Restoration Enhancements (FRR)
 Network Based Security and Convergence  Network Intelligence
 40G Transport (IRSCP)  100G+ Infrastructure
 Intelligent Routing
 IPv6 Edges  Mobility & BLS  Traffic Engineering
 CoS for GETS
Integrations  Cloud Computing
 Extend network  UVerse Capable CBB
integration
 Massive Scale
to metros (Team 10)
 Traffic Differentiation


MPLS Fast Re-Route (FRR)
Link Protection

• Primary tunnels are established via RSVP
and are FRR eligible
• Each router in the path pre-computes a
backup tunnel to be taken upon any link
failure
• FRR uses backup tunnel. Backup tunnel
starts from Point of Local Repair (PLR) &
terminates on Merge Point (MP)
• The backup tunnel does not cross the
link it is protecting or sharing physical
resources (SRLG)
• MP is one hop away from PLR
• PLR swaps label and pushes FRR backup
tunnel label
• Provides sub-second recovery against
link failures. Restoration time
measured for network events is
<=100 ms


Going Further
MPLS as Enabler of Combined Bridging and Routing Domains

Converged MPLS Core
• Corporations
FE/GE
attracted by FE/GE
simplicity of MSE 2547
MSE

bridged Routed
domains VPNs
(Ethernet) FE/GE

• Also--Need VPLS
reach and scale Bridged
of routed VPNs
domains MSE
MSE

• MPLS enables FE/GE
next generation Internet
of enterprise
architectures FE/GE

• Ethernet – Hubs can interconnect
FE/GE Via GigE over VPLS
the next Ethernet AND connect to Layer 3
―integrated The next ―integrated VPN and/or Internet
access‖ access‖
VPLS=Virtual Private LAN Service
MSE=Multi-Service Edge


Ethernet: Access or Network?

One Site E-Access E Internet
MSA
Access through the local
facilities to long haul VPN
and Internet E VPN
MSA

Two Sites E-Line
E E
Ethernet point-to-point MSA MSA

using the Ethernet framing
for data transport
MSA MSA

Three or E-LAN E
More Sites Virtual Private LAN Service,
MSA

multi-point irrespective of
E E
distance MSA MSA

MSA: Multi-Service Access


Carrier Ethernet’s Popularity is Growing

6 Reasons Customers are Embracing Ethernet
1. Value
2. Scalability
3. Staff Familiarity
4. CPE Costs
5. ―Share-ability‖
6. Application Fit

2 Additional Reasons Carriers
are Embracing Ethernet:
1. Network Efficiency
2. Customer Benefits


8
8 © 2009 AT&T Intellectual Property. All rights reserved.

AT&T Carrier Ethernet is Delivered via a Global
MPLS Core that also supports AVPN and MIS
Key Applications: Wide Area LANs, Core Location Connectivity, Virtual Private Lines, Access
Key Priorities: Footprint Expansion, Standardization, Interval Improvement, Specific Features

AT&T WAN (Inter LATA) Services
with Ethernet Access (provisioned over
OPT-E-MAN, Metro-E or 3rd party Infrastructure)
EGS: •AVPN (IP VPN)
Ethernet AVPN
Gateway •MIS (Internet Access)
•OPT-E-WAN (Wide Area LAN)

MIS
AVPN
AVPN
EGS

OPT-E-WAN Out-of Footprint
OPT-E-MAN Ethernet (eg, VZ)

Metro-E MIS

OPT-E-MAN
Metro-E

AT&T Local (Intra-LATA) Ethernet Services OPT-E-MAN


9

Ethernet MAN & WAN Seamless Control Plane
Last Year
L3 PE’s
OEM GSR/
13 State 7609 T640
NTE EGS CBB WAN Core
OEM 3400 7613 CRS1
NTE OEM 7609
CPE
3550 7609 POI
CBB PE’s
MOW
9 State E O O EGS CBB
C C
ME P P 7613 CRS1
E C O C E L3 PE’s
7609
ME P P GSR/
E C O C E 7609 POI T640
CPE P P

Seamless MAN/WAN Ethernet network
Now in Select Metros - Enable ―Ethernet Everywhere‖ with scalable multivendor &
multiservice infrastructure for MAN, WAN, & MOW, common
Seamless operations, common IT support, common BGP control plane,
consistent service definitions.

L3 PE’s
CPE EoCu VPLS
IPAG GSR/
MX T640
MX
IPAG
CPE Fiber IPAG MX
CBB
CRS1 CBB PE’s
MOW
NTE MX
Seamless 22 State MAN & WAN Core


OPT-E-WANsm
Global Carrier Ethernet Service
Definition
• E-Line delivery (Virtual)
Chicago NYC – Point to Point
• E-LAN delivery (VPLS)
Tokyo
Brussels – Point-to-multipoint (hub & spoke)
– Any to Any
• 1 Mb to 1000 Mb speeds
AT&T Global
• MEF Certified Global and Domestic
MPLS Network
(Categories)
– Category 9 – service types (E-LAN, EVPL)
RIER – Category 14 – Class of Service
Sydney Mexico City • Access
– Owned (Type 1) – US 22 states
Atlanta – Leased (Type 2) – US and global
– Zero Mile Access - US and global

OPT-E-WAN Service Summary
 CIR at 1-20 Mbps in 1 M increments  Business Class SLAs
• 20-100 Mbps in 10 M increments  MPLS provides core network resiliency
• 50-1000 Mbps in 50 M increments
 Coverage
 Supports up to 64 EVCs or VLANs per port (1M min)
• US (240 Ethernet POPs)
 Support Multi-cast and Broadcast
• Global (31 countries)
 4 Grades of Service based on 802.1
 Access Options
• Real Time
 Billing – In country/In currency
• Interactive
• Business Critical Medium
• Non Critical High


11

Using VLANs with VPLS
Network Ethernet Virtual Switches
Access Sites

Customer
Edge Router
MPLS Backbone

Accounting Network Marketing Network

Provider
Edge Router

• VLANs or ports can be mapped to VPLS VPNs
• Great for segregating information within departments
• Ideal for interconnecting hub sites and call centers
where tight route convergence is required

Hybrid Network Scenario

• Customer has a large global
network (300 sites)
with 3 large data centers VPLS

• Customer has existing
Layer 3 VPN so remote sites can
reach data centers Ethernet Access
via any access mechanism
Customer
HUB Site A HUB Site B HUB Site 3
• Need for high capacity between Data Centers
and Hubs
major locations
(call centers, data centers) Existing Customer VPNs
Multiple Sites
• Customer retains full routing Many Possible Access Types
(existing)
control among their data centers
– moving of data centers
becomes plug and play
ATM access DSL access
• Data centers participate
FR access PPP access Ethernet access
in VPLS as well as Layer 3 VPNs
from multiple Business Units


When and When Not to Use Carrier Ethernet?

Key areas to investigate when considering Carrier Ethernet
1. Availability
2. Intervals
3. Network topology
• Limits on number of locations for any to any configurations
e.g. ~100s of sites for AT&T VPLS
4. Design Considerations
• Multi-cast is constrained for Layer 2, not IP
– Carrier Ethernet is less efficient for large numbers of multi-cast
• Network Convergence
– Customer manages timers
• MTU Size – Encryption
– Limited by access suppliers (switched) which can require ICB or dedicated access to manage
• Diversity/Reliability
– Ability to procure diverse access or supplier

5. Total Cost of Ownership


Comparing VPLS and IP VPNs
Choose Your Control, Scalability and Performance
Layer 2 VPLS Layer 3 IP/MPLS
Routing Customer Customer & carrier

Any-to-any Y Y
(100s any to any; 1000s if hub- and-spoke) (1000s)

Circuit consolidation on access Y-limited in region Y
Diversity Y Y
Access Access agnostic:
Ethernet only, 1Meg-1Gig sub 1Meg-1Gig, 10Gig
(P2P, DSL, ATM, FR)
CoS Y – L2 Y – L3
Service “plug-ins”
Customer responsibility Network service options
VoIP, remote access, firewalls
Trouble shooting Customer demark at layer 3
Customer demark at layer 2
(routing)

Reconfiguration/convergence 1- 5 sec 2-30 sec
Non-IP protocols Pass seamlessly Tunnels
Representative SLA’s
Consistent across Layer 2 and 3 Consistent across Layer 2 and 3
Services Services


IPv6


What is IPv6?

Fundamentally: a new packet Version IHL
Type of
Service
Total Length
Version Traffic Class Flow Label

header with a larger address Identification Flags
Fragment
Offset

space. Time to Live Protocol Header Checksum Payload Length
Next
Header
Hop Limit

Source Address

Destination Address
Strategically: an enabler Options Padding Source Address

of new network-based
capabilities that previously
had been difficult or impossible Destination Address

with IPv4.

IPv6 provides: • Hop-by-Hop Options header
• The larger address space • Destination Options header
• The new fields • Routing header
• Standard packet header options • Fragment header
An intended ripple effect • Authentication header
of more addresses is: less • Encapsulating Security Payload header
dependency on NAT, thus
• Destination Options header
allowing more end-to-end
applications • Upper-layer header


Why IPv6?
• Need a larger address space
– IPv4 addresses exhaust
– Explosion of Number of Internet devices/appliances
• Users having multiple devices
• Always-on, peer to peer applications
– IPv6 provides a virtually limitless address space
• 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses available with IPv6 compared
to ~4 billion with IPv4
• Provide persistent public IP addresses to unlimited number of new & emerging always-on devices
• NAT Overlap
– Acquisitions and Mergers with overlapping private addressing (address space collisions)
• Functional Improvements over IPv4 protocol
– Streamlined header format
– Seamless IP mobility support
– Security enhancements (IPv6 IPSEC)
– Improved network management (auto configuration)
• Enables new network capabilities and services
– Push applications (e.g., push emails/messaging and alerting services)
– Peer-to-Peer based applications
– Improves service usability


Transition Mechanisms

• IPv4 and IPv6 will coexist for several years – IETF has defined
mechanisms for transitions and co-existence:
– Dual-stack allows IPv4 and IPv6 to co-exist in the same devices and
networks
– Tunneling allows IPv6 packets to be transmitted over an IPv4
infrastructure or vice versa later on when IPv6 becomes the more
prevalent network
• Configured
• Negotiated
• Automatic
– Translation allows IPv6-only devices to communicate with IPv4-only
devices (work in progress)


Dual Stack

Transport
IPv6 Header Header Data

IPv4/v6 IPv4/v6
Host IPv4/IPv6 IPv4/IPv6 Host
Router Router
IPv4/IPv6
IPv4/v6 IPv4/v6
Network Network

Transport


Tunneling

Transport

IPv6 IPv6
Host Dual-Stack Dual-Stack Host
Router Router
IPv4
IPv6 IPv6
Network Network

Tunnel: IPv6 in IPv4 packet
Transport
IPv4 Header IPv6 Header Header Data


Translation (work in progress)

Transport

IPv6 IPv4
Host Host
NAT
IPv6 IPv4
Network Network

DNS

Transport

A very simple diagram to illustrate the concept.
There are many variations and still a lot
of ongoing discussions in the industry and standards.


Minimal IPv6 Enterprise Customer Adoption
So Far
• Customer view is that Private Address space used internally
mitigates IPv4 exhaust concern
– Doesn’t mitigate NAT overlap, but neither would Dual Stack.
• Adopt edge strategy at DMZ to support Dual Stack
– Dual Content when necessary
• When IPv6-ONLY users exist
– IPv4 to IPv6 Web Proxy for outbound requirements
• When access to IPv6-ONLY content is desired. Most content will remain dual
stack for a long time.
• Mobile/Consumer access may be forced to IPv6, but translation to
IPv4 likely part of those services.
• No ―killer application‖ to motivate migration of Internal network to
IPv6
– VoIP on LTE might become the first killer app


IPv6 Migration: 3 – 5 years (feasible?)

IPv4 only
IPv6 only
IPv4/IPv6 user
IPv4 user

IPv4 user Internet Internet IPv4 only

IPv4 IPv4/IPv6

MIS WAN IPv6 only
IPv4/IPv6 IPv4
Dual stack
DNS

WAN
IPv4/IPv6 user
IPv4/IPv6

Customer Challenges:
• IPv6 Network Design and Planning
– Addressing plan (Unique Local, Global?)
• Dual stack support on Internet servers/gateways
to include DNS/DHCP servers
• IPv6 access to internal IPv4 users
• Application interoperability (NMS, email, etc)
HQ • Core WAN migration to IPv6


How does address exhaustion impact my
customer’s WAN?
• Likely migration scenario:
− Phase1--establishing IPv6 internet presence
− Phase2--enable internal users to access IPv6 internet
− Phase3--migrate WAN to dual-stack

• In Phase 1, internet servers upgraded to support dual-stack
• Phase 2 and 3 are disruptive—update routers, servers, and desktop
across the LAN/WAN
− Phase 2 require IPv6 tunnel or translation solutions
− Phase 3 similar to VPN migration but require upgrade of supporting
services such DHCP, DNS, Core App, etc.


IPv6 Addressing
What type of addressing to deploy on your internal network?
• Unique Local Address (ULA)
– Similar to private IPv4 addresses (RFC 1918), need NAT (or Proxy)
to go to the Internet
– RFC 4193 – randomly generate unique prefix, lower 64 bits based
on MAC address
– No IPv6 – IPv6 NAT in production yet (RFC defined, but expired)
• Global only addresses
– Recommended approach
– 1 address for internal and external use
– Security folks may fight (believing topology hiding and NAT are required
for security)
– Remember, NAT was created for scale, not security.
• ULA + Global Addresses
– Each device/interface has 2 addresses
• 1 for Internal use
• 1 for External use (Not for internal servers, printers, etc)
– Much more address management with DHCP, DNS, routing, etc

Challenges to Enterprise Migration
• IPv6 Addressing Plan
– Global Addressing vs. Unique Local Addressing (ULA)?
• No IPv6 – IPv6 NAT devices in production to support ULA yet
• Global addressing creates the desire for Provider Independent space for even small enterprise
customers
– Can’t be locked into a Carrier for Internal network
– Re-addressing an Internal Network is not trivial
• Dual Stack support not limited to Routers
– Internet Servers, DNS, DHCP, LDAP, Management tools, etc
• IPv6-IPv4 Interoperability Complex
– NAT, DNS, DHCP, etc
• Application Interoperability or Migration Complex
– NMS, email, etc
– C, C++ and Java don’t have a primitive data type that supports IPv6.
Expensive to investigate all internal applications
• Tools we count on don’t work
– E.g.; NTP, NFS, syslog, MIBs
• Assume Nothing
– E.g.; printers that were supposed to be v6 capable didn’t work

START PLANNING NOW!

Cloud


There’s More to the Cloud than Computing

Security Management
CRM SFA SCM ERP
Productivity Messaging Contact Center
Audio Unified Communications
Video Web
Conferencing and Collaboration
Platform as Content Application
Queuing
a Service Delivery Delivery
Workflow DB Computing Storage
IP PBX VoIP IP/MPLS VPN
POTS Data


Key Observation

Existing cloud platforms primarily cover
computation and storage

Cloud Platform

Disk VM +

+

Enterprise Sites

Enterprise Clouds need control
over the network as well

© 2010 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of

Cloud becomes Extention of the Network

Cloud Manager
• Allocates computation and storage resources

Network Manager
• Manages VLAN assignment within cloud network
• Creates and configure cloud VPN endpoints
• Reserves cloud network resources

Network Manager Cloud Manager

VPN VLAN VM VM

VPN VLAN VM VM


Our network based strategy creates a “virtual
private cloud” enabling a rich set of services

• Enables customers to create and customize services
• Adds value on top of virtual private cloud
• Drives consumption of cloud infrastructure and network
Service • Allows AT&T to monetize third-party software and services
Templates • Provides an environment to build next-gen AT&T products

XML
Orchestrate across locations
Service Manager including provisioning,
configuration, changes, billing

Three Basic
Ingredients… IRSCP REST APIs

Network Compute Storage

Nodes, Bandwidth, Instances, Images, Capacity, Policies,
Routing, QoS CPU, RAM Replication

On Demand  Self Service  Pay Per Use


Our strategy is to extend the AT&T network value
proposition with a rich set of on-demand IT services

Category XaaS Approach

• Unified Communications Deliver AT&T branded on-
• Email/Collaboration demand applications adjacent
Software to our core competencies
• Content Management
as a Service • Customer Applications Empower others to deliver
• Third-Party Applications their own SaaS applications

• Runtime Engines-aaS Deliver platforms and tools
enabling creation of next-gen
Platform • Catalog of Web Services
applications
as a Service APIs
• Developer Community Foundation for SaaS

• Compute Build core set of IaaS
• Storage offerings that can be sold
Infrastructure
• Disaster Recovery across all markets
as a Service • Security
• Network Foundation for PaaS


10 fn key2

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 10 fn key2

Similar to 10 fn key2 (20)

More from Scott Foster

More from Scott Foster (20)

10 fn key2