Building a carrier-class core: the all-services-over-IP migration starts at the IP/MPLS core
David WardMany of today's networks were designed primarily to offer a single service or simple set of options. These networks are too inflexible to deliver the integrated advanced services that customers demand and which will ultimately drive higher revenues to satisfy Wall Street.
Carriers, however, can choose an evolutionary approach that takes full advantage of the intelligence of packet technology for offering all services--voice, data and video--over the ubiquitous IP connection. This all-services-over-IP migration starts at the IP/MPLS (multi-protocol label switching) core, yet allows for a broad range of access methods at the network edge. It eventually leads to the phasing out of single-service networks. To build or enhance this IP/MPLS backbone, carriers need a device that is a generation ahead in terms of scalability, availability, modularity and operational simplicity compared with equipment that is currently deployed.
Investment in an expensive network infrastructure can not be protected if carriers are coerced into constantly replacing their equipment to keep ahead of rising demand. They need to take into account the longevity of the service they are offering and develop a "bandwidth map" that allows them to plan their service offerings over a five-to 10-year life cycle. It should not be unrealistic to expect that a core network element could live in the network for a decade or longer.
For the carrier to adapt to changing market needs or move in a new direction, network equipment must be flexible. It should, for example, be modular so that the carrier isn't required to make a huge upfront investment if the nearterm need is for a subterabit of capacity. Yet, it should easily scale to provide tens of terabits of capacity should that become necessary. Flexibility also means that network equipment should be able to separate functions logically and physically in the POP without the service provider having to build and maintain multiple architectures or networks. To achieve this requires a network with a distributed and modular hardware and software architecture that provides unprecedented levels of scalability and availability, and yet is simple to manage.
Core Enhancements
The core device should be expandable as a single system through the addition of line card chassis, while providing fully nonblocking traffic switching, meaning that the core device will accommodate shifts in traffic without reconfiguration. Such a switch fabric should have a separate prioritized path for low-latency traffic, such as voice, and must also be able to replicate traffic to support large-scale video services.
Still, network elements should not only focus on offering a large number of ports; they should also be equipped with scalable control planes. Redundant, distributed route processors should allow the control plane to expand, and system processes like BGPs (Border Gateway Protocols), IGPs (Interior Gateway Protocols) and MPLS protocols should be able to be split among the various processors for greater efficiency. The network processor also greatly benefits by embracing the concept of massively parallel processing associated with supercomputing, and scalability gets an additional boost if the system can incorporate a hundred or more network processors. Using a RISC (reduced instruction set computer)-based massively parallel processor, capable of performing tens of billions of instructions per second, is the next logical next step for a high-end core device. This allows the device to accommodate changes in the control or forwarding planes to a degree far beyond ASICs or the current generation of network processors.
The forwarding plane's performance and scalability are greatly improved when both an ingress and an egress forwarding engine reside on the line cards. In this two-stage, packet-for-warding process, the ingress line card has only to direct an incoming packet to the correct output line card. It does not need to maintain information about other interfaces in the system, such as the QoS or other features associated with a particular interface. It now becomes the job of the egress engine to classify the different packets based on their destinations, for example whether security access control lists are associated with a particular interface because the packets are destined for a VPN.
The distributed hardware architecture of a device must be accompanied by an OS that relies on a microkernel architecture and that works asynchronously. This locates all but the most critical functions outside the kernel to limit service disruption due to failure of a file system or a device driver. Additionally, asynchronous, distributed operation allows each compute node to perform only the computations relevant to that specific node. This means that route processors, shelf controllers and line cards all operate independently of each other in a connectionless paradigm. This is in marked contrast to symmetric OS that requires all nodes to maintain a shared state, so that what affects one node will impact the entire system.
The system should be able to operate without interruption. But continuous system operation does not require that all processes recover transparently in the event of a failure. The system should offer multiple recovery options:
* Hot standby mode for fault-tolerant operation of the control and forwarding planes;
* Warm standby (restarting from the last stable state), primarily for the management and administration planes; and
* Cold standby (restarting from scratch) to help enable the carrier to upgrade the system incrementally on a pay-as-you-grow basis.
Carriers do not want to manage the infrastructure node by node, of course. Ease of use requires that multinodal systems be seen as a single entity in the routing topology and in the OSS. Regardless of where the data resides within the system, the carrier should have access to FCAPS (fault, configuration, accounting, performance and security) management information using a standard command-line interface, SNMP (Simple Network Management Protocol), and CORBA/XML (common object request broker architecture/extensible markup language) interfaces.
It is crucial that the network element be secure against distributed DOS (denial of service) attacks, and encryption and authentication technologies need to protect the processing device from malicious intent. Another important component of network security is helping to ensure that the network operator has access to an audit trail of all security violations.
Service Separation
Carrier-class scalability combined with a better than 99.999-percent system will help carriers to simplify the constellation of network POPs and eliminate the hierarchies within the POP topology. The existing separate core, aggregation, and peering layers could be collapsed into a single system or small group of systems, making the POP easier to manage while freeing more ports for revenue generation. A granular, asynchronous, distributed OS can help the carrier to configure the device into multiple logical routers, each of which could be used for a specific service or a particular customer. For example, a cable operator that wants a converged network for voice, data and video, could use logical routing to assign each service a separate routing domain, engineer the network for the latency requirements of each service, and tailor the recovery of the IP network in the event of a failure. VoIP traffic, for instance, requires fast route convergence, but this may not be necessary for multicast video traffic.
Unlike virtual routers, which run multiple routing processes within the same physical memory and CPU, each logical router in a multi-chassis system operates in complete isolation from other logical routers. This type of architecture allows the carrier to use the logical routers to test new features or services independent of the production traffic. It also allows the introduction of a multi-chassis system without network or POP rearchitecture. Each logical router within the multichassis system can directly replace the existing functional node as it is currently deployed.
Future-Proofed
A true carrier-grade IP/MPLS network offers carriers an infrastructure for supporting highly scalable and manageable Layer 2 and Layer 3 services. The vision beyond this involves a system in which voice, data and video services are delivered transparently over either broadband wireline or wireless connections--based on the customer's identity rather than location. Because the intelligence of the packet technology is central to this notion, the investment that carriers make today in the IP/MPLS core will give them long-term investment protection. Such a foundation will help enable the converging of disparate, operationally expensive networks, and assist in the convergence of services that customers have come to expect should be available on-demand, any time and anywhere around the globe.
David Ward (wardd@cisco.com) and David Tsiang (tsiang@cisco.com) both hold the title distinguished engineer at Cisco.
COPYRIGHT 2004 Horizon House Publications, Inc.
COPYRIGHT 2004 Gale Group