Professional Documents
Culture Documents
Disclaimers
Alcatel products are intended for commercial uses. Without the appropriate network design
engineering, they must not be sold, licensed or otherwise distributed for use in any hazardous
environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft
navigation or communication systems, air traffic control, direct life-support machines, or weapons
systems, in which the failure of products could lead directly to death, personal injury, or severe physical
or environmental damage. The customer hereby agrees that the use, sale, licence or other distribution
of the products for any such application without the prior written consent of Alcatel, shall be at the
customer's sole risk. The customer hereby agrees to defend and hold Alcatel harmless from any claims
for loss, cost, damage, expense or liability that may arise out of or in connection with the use, sale,
licence or other distribution of the products in such applications.
This document may contain information regarding the use and installation of non-Alcatel products.
Please note that this information is provided as a courtesy to assist you. While Alcatel tries to ensure
that this information accurately reflects information provided by the supplier, please refer to the
materials provided with any non-Alcatel product and contact the supplier for confirmation. Alcatel
assumes no responsibility or liability for incorrect or incomplete information provided about
non-Alcatel products.
However, this does not constitute a representation or warranty. The warranties provided for Alcatel
products, if any, are set forth in contractual documentation entered into by Alcatel and its customers.
This document was originally written in English. If there is any conflict or inconsistency between the
English version and any other version of a document, the English version shall prevail.
PRINTED ON
RECYCLED PAPER
Preface
This preface provides general information about the documentation set for the
7302 Intelligent Services Access Manager (7302 ISAM).
Scope
This documentation set provides information about safety, features and
functionality, ordering, hardware installation and maintenance, CLI and TL1
commands, and software upgrade and migration procedures.
Audience
This documentation set is intended for planners, administrators, operators, and
maintenance personnel involved in installing, upgrading, or maintaining the
7302 ISAM.
Prerequisite knowledge
The reader must be familiar with general telecommunications principles.
Safety information
For safety information, see the 7302 ISAM Safety Manual.
Documents
Table 1 lists the documents that make up the 7302 ISAM Release 2.5 documentation
set.
General documentation
Product Information Provides general system information for the 7302 ISAM 3HH-03574-AAAA-TCZZA
System Description Provides conceptual information for the 7302 ISAM and the 3HH-03573-AAAA-TQZZA
7330 ISAM FTTN
Safety Manual Provides general safety guidelines when handling, installing, 3HH-03579-AAAA-TCZZA
or operating the 7302 ISAM equipment
Operations and Maintenance Provides task-oriented procedures for operating and 3HH-03580-AAAA-TQZZA
Using CLI maintaining the 7302 ISAM and 7330 ISAM FTTN using the
CLI
Migration User Guide Provides information for installing or upgrading the 7302 ISAM 3HH-03576-AAAA-TQZZA
Hardware documentation
Hardware Installation Guide Describes the hardware installation for the 7302 ISAM 3FE-21578-AAAA-RJZZA
equipment
CLI Commands Describes the CLI commands for the 7302 ISAM and the 3HH-03577-AAAA-TCZZA
7330 ISAM FTTN
TL1 Commands and Describes the TL1 commands and messages for the 3HH-03578-AAAA-TCZZA
Messages 7302 ISAM and the 7330 ISAM FTTN
Software documentation
Software Management User Describes the software management of the 7302 ISAM 3HH-03390-AAAA-RJZZA
Guide equipment
Special information
The following are examples of how special information is presented in this
document.
At step 1, you can choose option a or b. At step 2, you must do what the step indicates.
1 This step offers two options. You must choose one of the following:
At step 1, you must perform a series of substeps within a step. At step 2, you must do
what the step indicates.
1 This step has a series of substeps that you must perform to complete the step. You
must perform the following substeps:
Measurement conventions
Measurements in this document are expressed in imperial units. If metric
measurements are included, they appear in brackets following the imperial
measurement. The metric measurements follow the Systme international dunits
(SI) standard for abbreviation of metric units.
Preface iii
Scope .............................................................................................................................. iii
Audience .............................................................................................................................. iii
Prerequisite knowledge ......................................................................................................... iii
Safety information.................................................................................................................. iii
Documents ............................................................................................................................ iv
Special information .................................................................................................................v
2 NT redundancy 2-1
2.1 Overview............................................................................................................ 2-2
2.2 Link-only protection............................................................................................ 2-2
2.3 NT-only protection ............................................................................................. 2-4
2.4 Combined link and NT protection ...................................................................... 2-4
2.5 Independent link and NT protection................................................................... 2-6
2.6 NT protection and passive link protection .......................................................... 2-9
2.7 Subtending system protection ......................................................................... 2-10
8 Security 8-1
8.1 IP address anti-spoofing .................................................................................... 8-2
8.2 Secured MAC learning....................................................................................... 8-2
8.3 Management channel security........................................................................... 8-4
8.4 Miscellaneous Security Features....................................................................... 8-9
9 RADIUS 9-1
9.1 Introduction ........................................................................................................ 9-2
9.2 RADIUS Features .............................................................................................. 9-2
9.3 RADIUS server and proxy ................................................................................. 9-3
9.4 Operator authentication via RADIUS ................................................................. 9-5
9.5 Encryption of authentication data ...................................................................... 9-6
12 Statistics 12-1
12.1 Overview.......................................................................................................... 12-2
Glossary
Index
1.1 General
1.2 Multi-ADSL
The Network Element (NE) supports multi-ADSL subscriber lines. This section
provides some explanation on the different supported ADSL flavours and ADSL
bonding.
The chosen rate depends on the bi-directional services to be supported and the loop
characteristics.
This method allows high bandwidth services, for example, digital audio and video
(multimedia), Ethernet interconnection to the customer, and so on.
Bidirectional transport
With ADSL, the transport system provides bidirectional asymmetric communication
over a single or double twisted-pair without repeaters.
ADSL services
The maximum physical bit rate is automatically determined during initialization of
the modem. Modem initialization is done using a predefined noise margin and within
the constraints of the transmit power spectral density. The service management
system then sets the line rate to the correct value. This is done according to the
customer service profile and maximizes the noise margin and/or minimizes the
transmission power. This allows various levels of service, for example, offering the
highest bit rates at a premium or ensuring a guaranteed bit rate. Bit rates can be
selected linearly, up to the maximum rate possible. Each individual user can have
different bit rates.
Operational modes
The following table lists the ADSL modes of operation that are supported by the
multi-ADSL boards
G.992.1 Annex A (Also known as G.DMT. Operation over POTS non-overlapped spectrum
G.992.2 Annex A Also known as G.lite. Operation over POTS non-overlapped spectrum.
This standard is a medium bandwidth version of ADSL that allows Internet
access at up to 1.5 megabits downstream and up to 512 kilobits upstream.
ADSL2
A family of ADSL standards called ADSL2 adds features and functionality that
boost the performance, improve inter-operability, and support new applications,
services and deployment scenarios.
ADSL2 includes the following:
Better rate and reach
Improved modulation efficiency reduces framing overhead, achieves higher
coding gain, improves the initialization state machine, and provides enhanced
signal processing algorithms. ADSL2 increases downstream data rates to more
than 12 Mb/s, as compared to between 8 Mb/s and 10 Mb/s for original ADSL.
ADSL2 extends reach by approximately 183 m (600 ft).
Diagnostics
Real-time performance-monitoring capabilities provide information regarding
line quality and noise conditions at both ends of the line.
Fast startup
A fast start-up mode reduces initialization time from about 10 s to less than 3 s.
Packet-based services
Packet-based services such as Ethernet can be transported over ADSL2.
Note: The last two features are not supported in the Alcatel multi-ADSL cards
Operational modes
The following table lists the ADSL2 modes of operation that are supported by the
multi-ADSL boards
ADSL2+
A number of applications, such as some video streams or combinations of video and
data streams, can benefit from higher downstream rates than are currently possible
with ADSL2. By increasing the ADSL downstream bandwidth, higher bit rates can
typically be provided on loops up to 2400 m or 8000 ft (on 26 AWG) through the use
of ADSL2+.
Operational modes
The following table lists the ADSL2+ modes of operation that are supported by the
multi-ADSL boards
G.992.5 Annex M Extended upstream operation (up to 3 Mb/s) over POTS non-overlapped
spectrum
Operational modes
The following table lists the READSL2 modes of operation that are supported by the
multi-ADSL boards
Multi-ADSL bonding
Multi-ADSL bonding allows traffic to be carried to and from a single logical
subscriber interface over multiple physical multi-ADSL lines. It offers the following
services:
increase the bandwidth to a subscriber for the same reach, for example, for adding
video to the service package
increase the loop length for a given required service bandwidth, for example, for
offering a same standard service package also to subscribers farther away from
the NE.
1.3 VDSL
VDSL allows very high speed data transmission on a metallic twisted pair between
the operator network and the customer premise. This service is provisioned by using
the existing unshielded copper twisted pairs, without requiring repeaters. By using a
Frequency Division Multiplexing (FDM) technique, the existing POTS or BR ISDN
services can still be provided on the same wires. VDSL transceivers use Frequency
Division Duplexing (FDD) to separate upstream and downstream transmission.
VDSL1
However, VDSL provides subscribers with a higher bit rate than multi-ADSL and
can achieve speeds as high as 57 Mb/s downstream and 25 Mb/s upstream, compared
with 24 Mb/s downstream and 3 Mb/s upstream for multi-ADSL (annex M). The
maximum bit rates supported depend on deployment, noise environment, and
Ethernet system restrictions.
Operational modes
The following table lists the VDSL1 modes of operation that are supported by the
VDSL boards
Notes
(1) Restriction: ANSI and ETSI modes cannot be enabled simultaneously. The ITU-T and IEEE modes
can be combined with any other mode.
VDSL2
The VDSL2 standard (G.993.2) is an enhancement to the ITU-T Recommendation
G.993.1 (VDSL1). It specifies DMT modulation and is based on ITU-T G.993.1
(VDSL1) and G.992.3 (ADSL2) Recommendations and uses also the G.994.1
handshake and initialization procedures.
VDSL2 Features
The main features of VDSL2 are:
VDSL2 is DMT only
VDSL2 offers packet transport (PTM) with 64/65B encapsulation:
also support of ATM and STM
64/65B framing is also referred to as Ethernet in First Mile (EFM)
no HDLC as in VDSL1
the definition of profiles supports a wide range of deployment scenario's:
deployment from the exchange (Fiber To The Exchange (FTTEx))
deployment from the cabinet (Fiber To The Cabinet (FTTCab))
deployment from the building (Fiber To the Building (FTTB))
VDSL2 extends the reach with regard to VDSL1.
Range is 2.5 km (0.4 mm) / 8 kft (26 AWG), compared to ~1.5 km (0.4 mm) /
4.5 kft (26 AWG) for VDSL1
VDSL2 supports higher bit rates than VDSL1.
Up to 100 Mb/ symmetrical. The attainable maximum data rate depends on the
used VDSL2 profile (100 Mb/s requires 30 MHz profile). Other profiles are better
suited for operation on longer loops with reduced maximum bit rate.
VDSL2 offers improved performance over VDSL1:
by addition of Trellis coding
Increased maximum allowable transmit power
VDSL2 features provide better support for triple play over VDSL
improved Impulse Noise Protection (INP)
virtual noise (optional)
VDSL2 has some ADSL2-like features:
similar: loop diagnostics
improved: PSD shaping
Improved management with regard to VDSL1
Operational modes
The following table lists the VDSL2 modes of operation that are supported by the
VDSL boards
VDSL2 profile
Max. aggregate downstream 17.5 20.5 11.5 14.5 14.5 14.5 14.5 14.5
Tx power (dBm)
Max. aggregate upstream Tx 14.5 14.5 14.5 14.5 14.5 14.5 14.5 14.5
power (dBm)
US0 support M(1) M(1) M(1) M(1) M(1) O(1) O(1) O(1)
998 downstream upper 8.5 8.5 8.5 8.5 8.5 8.5 N/A N/A
frequency (MHz)
997 downstream upper 7.05 7.05 7.05 7.05 7.05 7.05 N/A N/A
frequency (MHz)
Notes
(1) M=Mandatory (required); O=Optional (not required)
Impulse Noise Protection (INP) is the ability to protect equipment against excessive
noise and vibrations, which cause signal degradation over xDSL lines. Configuring
INP provides the ability to configure the upstream and downstream minimum INP
parameters in the service profile. Minimum INP is specified in the G.992.3 (ADSL2)
and G.992.5 (ADSL2+) standards.
These standards include several provisions to reduce the number of errors that occur
due to impulse noise. The primary one is interleaving combined with forward error
correction (FEC) using Reed-Solomon (RS) error correcting codes.
Reed-Solomon
RS adds extra bits to the data packet when it is sent. When it is received, if the packet
is found to be corrupted, the decoder is able to use the extra bits to locate the error
and recover the original message.
Interleaving
Instead of transmitting the RS words directly on the line, a frame will be created of
the same size as the RS words and which is made up by multiple RS words by taking
only a portion of each of the original RS words. This has the advantage that when a
burst of errors occurs on the line and the original RS words are recreated on the
receiving side, the errors will be spread over multiple RS words.
This way, the errors within a single RS word can be corrected if the number of errors
are within the RS correction boundaries.
The main disadvantage of interleaving is the high delay. Constructing the blocs that
will finally be transmitted over the line takes time as you have to wait for a time
before you can actually start transmitting.
At the receiving side, it will also cost extra time to reconstruct the original RS word.
The first original RS word cannot be reconstructed before we have received all the
bytes of this first RS word.
Interleaving can be sped up by using different depths, that is, by taking bigger chunks
of the original RS words. This way, the first bloc for transmission can be constructed
much quicker. This has the disadvantage that errors will be spread over less RS
words on the receiving side with the possibility that they cannot be corrected.
INP calculation
The formula below can be used to calculate the INP.
R SxD
INP = 0,5x(SxD)x = delay (ms)
N 4
where:
S = the number of Discrete Multi-Tone (DMT) symbols per RS word
D = the interleaving depth (number of combined RS words used)
N = the number of bytes per word (1..255 bytes)
R = the number of RS overhead bytes (0..16 bytes)
This INP formula expresses the length of protection in terms of DMT symbols
instead of in number of bytes. For example, an INP=1 DMT symbol, means that the
system will be able to correct a burst of errored bytes with a length corresponding to
the total number of bytes contained in 1 DMT symbol. The reason for expressing in
DMT symbols, lies in the fact that most impulse noises have lengths smaller than a
DMT symbol.
However, because of its potential high level, it will error potentially all bytes in the
specific DMT symbol. Because of the independence between DMT symbols, it will
not affect the next DMT symbol.
If the burst protection would have been expressed in bytes, different settings of
protection would have been required for changing datarates.
Conclusion
Configurable INP offers the operator direct control over:
the minimum INP of the xDSL line and, therefore, on the robustness of the line
for impulse noise
the maximum interleaving delay
Configuration
The configuration consists of:
characterizing the impulse noise on a line
setting the interleave depth to an optimal level for a particular region or even a
particular customer
The upstream and downstream minimum INP parameters can be configured in the
xDSL service profile (refer to the Operations and Maintenance Using CLI guide).
Practical
In practice, it has been noted that configuring INP=2 with a MaxDelay=8ms gives
good INP, reasonable low MaxDelay with high performance and reasonable
efficiency.
INP support
The configurable INP is supported on all multi-ADSL, VDSL and VDSL2 units.
1.5 Ethernet
The NE supports Fast Ethernet (FE) and Gigabit Ethernet (GE) uplinks through the
NT board on the network termination side of the NE, as well as for user and
subtending nodes. The 7330 ISAM FTTN ARAM-D NE supports additional optical
uplinks through the expander unit, as well as optical expansion links (downlinks).
100Base-TX Electrical 100 Mbps baseband Ethernet over two pairs of shielded
twisted pair or Category 4 twisted pair cable
1000Base-SX Optical 1000 Mbps baseband Ethernet over two multimode optical
fibers using shortwave laser optics (850 nm).
1000Base-EX Optical Duplex single mode fibers for longer wavelength (1310 nm)
1000Base-ZX Optical Same as 1000Base-EX but for extended distances (1550
nm)
1000Base-T Electrical 1000 Mbps baseband Ethernet over four pairs of Category 5
unshielded twisted pair cable.
The NE supports both modes and can adapt to either mode by way of
auto-negotiation or manual configuration.
Auto-negotiation
Auto-negotiation provides the capability for a device at one end of the link segment
to advertise its abilities to the device at the other end (its link partner), to detect
information defining the abilities of the link partner, and to determine if the two
devices are compatible. Auto-negotiation provides hands-free configuration of the
two attached devices.
Using auto-negotiation, the NE can determine the operational mode (full/half
duplex) and speed to be applied to the link.
Note 1 It is also possible to manually configure the transmission
mode and speed on the link.
Note 2 Auto-negotiation is supported for both optical and
electrical GE.
Advantages
Ethernet offers the following advantages:
high network reliability
general availability of management and troubleshooting tools
scalable to fit future needs
low cost both in purchase and support
easy migration from Ethernet or FE to GE
flexible internet working and network design
1.6 SHDSL
Supported standards
The following table lists the standards that are supported by the SHDSL boards
Standards Description
G.991.2 Annex A and Annex F Standards applicable for North America (region 1) (ANSI)
G.991.2 Annex B and Annex G Standards applicable for Europe (region 2) (ETSI)
Payload rates
The following payload rates are supported:
192 to 2304 kb/s in 64 kb/s steps for Annex A/B
192 to 5696 kb/s in 64 kb/s steps for Annex F/G
2.1 Overview
The NE supports line protection and EPS. If a second redundant NT unit is installed
in the shelf, EPS provides protection against internal failure of the active NT unit.
All possible uplinks of the NE can be used in active/standby mode on one NT unit
installed in the NE. In case an active link fails, traffic will be fully switched to the
standby link; see Figure 2-1.
NT
PHY
Active
L2-L3 PHY
PHY
Standby
17854
NT
PHY
L2-L3 PHY
PHY
17855
If an uplink for a single NT with multiple uplinks in a load-sharing group is lost, the
traffic is redistributed across the remaining links of the load-sharing group, by means
of the Link Aggregation Control Protocol (LACP).
If an active uplink for a single NT with dual uplinks in active/standby mode is lost,
the traffic is switched to the standby uplink, by means of the Rapid Spanning Tree
Protocol (RSTP).
NT protection is available for two NT units with a single uplink connected through
an NT I/O to the active NT. In case of failure of the active NT, the NT I/O
automatically reconnects the single uplink to the appropriate switch fabric port of the
standby NT.
NT protection is available for two NT units with a single uplink connected through
a passive optical splitter to the active NT. The passive optical splitter interconnects
the single fiber with an optical interface directly on the NT units. The NT protection
switching is executed by a laser disable logic that is activated on the standby NT unit.
The laser disable logic prevents the standby NT from disturbing uplink transmission
from the active NT unit on the shared fiber. This configuration is not possible for
electrical uplink connections.
When using two NT units without the NT I/O, all links connected to the active NT
unit will be in the active state; see Figure 2-3. These links can either be individual
links or load-sharing groups. The standby NT unit has the same number and
configuration of links as the active NT unit.
In the event of link failure (the number of available links falls below the threshold
value of available links) or NT failure (active NT unit failure), all connections will
simultaneously switch over to the active NT unit.
Figure 2-3 Combined link and NT protection with active/standby uplink interfaces
NT-A
PHY
L2-L3 PHY
Active
PHY
NT-B
PHY
L2-L3 PHY
PHY
Standby
17853
It is also possible to use the physical network interfaces on the active NT unit in
active/standby mode; see Figure 2-4. In this way the active NT unit has link
protection. In case the active NT unit fails, link protection and equipment protection
become coupled.
Figure 2-4 Combined link and NT protection each with active/standby uplink interfaces
NT-A
PHY
Active
L2-L3 PHY
PHY
Standby
NT-B
PHY
L2-L3 PHY
PHY
17852
Figure 2-5 Decoupled link and NT protection using the alarm control and host
expansion interface unit with single active uplink
NT-A
PHY
L2-L3 PHY
PHY
NTIO
Active
PHY
PHY
PHY
PHY
NT-B
PHY
L2-L3 PHY
PHY
17849
When two physical network interfaces are used in active/standby mode, each
connected physically to two equipped NT units by way of the alarm control and host
expansion interface unit, and logically connected to the active NT unit, both link and
NT protection are supported; see Figure 2-6.
Figure 2-6 Decoupled link and NT protection using the alarm control and host
expansion interface unit and dual active/standby uplinks
NT-A
PHY
L2-L3 PHY
PHY
NTIO
Active
PHY
PHY
Standby
PHY
PHY
NT-B
PHY
L2-L3 PHY
PHY
17850
Figure 2-7 Decoupled link and NT protection using the alarm control and host
expansion interface unit and dual load-sharing links
NT-A
PHY
L2-L3 PHY
PHY
NTIO
Active
PHY
PHY
PHY
PHY
NT-B
PHY
L2-L3 PHY
PHY
Standby
17851
The system provides protection for dual NT units with a load-sharing link group that
are connected through an NT I/O to the active NT. In case of accumulated excessive
link group capacity loss, the active NT will switch over traffic to the standby NT.
Dual NT units, active and standby links or load-sharing link groups, connected
through an NT I/O to the active NT, with RSTP enabled.
The system provides protection for dual NT units with a load-sharing link group that
are connected through passive optical splitters to the active NT. The passive optical
splitters interconnect the corresponding fibers of the load-sharing group with optical
interfaces directly on the NT units.
In order to have decoupled equipment and link protection for active/standby uplink
groups (load-sharing mode) without the alarm control and host expansion interface
unit, the N physical network interfaces must each be physically connected to the two
equipped NT units by way of a passive physical layer splitter and logically connected
to the active NT unit; see Figure 2-8.
NT-A
Active
PHY
L2-L3 PHY
PHY
NT-B
PHY
L2-L3 PHY Standby
PHY
17856
NT-A
PHY
L2-L3 PHY NTIO
PHY
PHY
PHY
PHY
PHY
NT-B
PHY
L2-L3 PHY
PHY NT-A
PHY
NT-A L2-L3 PHY NTIO Uplink
PHY
PHY PHY
L2-L3 PHY NTIO
PHY PHY
GE PHY
GE PHY
NT-B
GE
PHY
GE PHY
NT-B L2-L3
PHY
PHY
L2-L3 PHY
PHY
NT-A
PHY
L2-L3 PHY NTIO
PHY
PHY
PHY
PHY
PHY
NT-B
PHY
L2-L3 PHY
PHY
17977
NT-A
PHY
L2-L3 PHY NTIO
PHY
PHY
PHY
PHY
PHY
NT-B
PHY
L2-L3 PHY
PHY NT-A
PHY
NT-A L2-L3 PHY NTIO Uplink
PHY
PHY PHY
L2-L3 PHY NTIO
PHY PHY
GE PHY
GE PHY
NT-B
GE
PHY
GE PHY
NT-B L2-L3
PHY
PHY
L2-L3 PHY
PHY
NT-A
PHY
L2-L3 PHY NTIO
PHY
PHY
PHY
PHY
PHY
NT-B
PHY
L2-L3 PHY
PHY
17970
NT-A
PHY
L2-L3 PHY NTIO
PHY
PHY
PHY
PHY
PHY
NT-B
PHY
L2-L3 PHY
PHY NT-A
PHY
NT-B L2-L3 PHY NTIO Uplink
PHY
PHY PHY
L2-L3 PHY NTIO
PHY PHY
GE PHY
GE PHY
NT-B
GE
PHY
GE PHY
NT-A L2-L3
PHY
PHY
L2-L3 PHY
PHY
NT-A
PHY
L2-L3 PHY NTIO
PHY
PHY
PHY
PHY
PHY
NT-B
PHY
L2-L3 PHY
PHY
17971
With massive deployment of xDSL, many more Digital Subscriber Line Access
Multiplexers (DSLAMs) are provisioned in the network. They are mostly managed
separately, which makes the management load heavy and complicated. To simplify
the management load of the operator, cluster management groups multiple DSLAMs
as one logical management domain. The logical management domain of a cluster is
formed by a physically interconnected group of DSLAMs. The operator can organize
its clusters according to, for example, physical location. Topology display will
present the connectivity and status of DSLAMs in a connected environment, possibly
over more than one cluster. Moreover, separately managed DSLAMs use more
public Internet Protocol (IP) addresses, which are limited, especially in China.
The objective of cluster management is to manage a group of DSLAMs through one
entry as a single DSLAM by one IP address.
Figure 3-1 shows a cluster management topology.
Management
Cluster No.2 Command
(A logical DSLAM) to Cluster 2
EMS (AWS) Management
Command
to Cluster 1
Single Logical
Management Path Cluster No.1
(A logical DSLAM)
DSLAM
No.7 DSLAM
No.8 DSLAM
DSLAM No.2
No.1
DSLAM
DSLAM
No.9
No.10
DSLAM
DSLAM DSLAM DSLAM No.6
DSLAM No.3 No.4 No.5
No.11
CPE-MM
RMI
NE ADSL CPE
LMI
Diagnosis features
CPE remote management has the following diagnosis features:
CPE parameters
retrieval of CPE information
reset and restart of the CPE
Diagnosis testing
PPPoE testing
connectivity testing
bandwidth testing
The internal forwarding of the NE is done on layer 2 information. Layer 2 for the NE
is Ethernet, which includes the concept of Virtual Local Area Networks (VLANs).
The standard for VLANs is Institute of Electrical and Electronics Engineers (IEEE)
802.1q.
Generally, VLANs can be seen as analogous to a group of end-stations, perhaps on
multiple physical LAN segments, that are not constrained by their physical location
and can communicate as if they were on a common Local Area Network (LAN).
Figure 4-1 shows an example of VLANs.
ne 9 VLAN A
bo tch
8
ck i 7
Ba
6
Sw 5
4
2
3
VLAN B
1
9
h 8
itc 7
Sw 6 VLAN C
5
4
3
2
1
The VLANs used by the NE are configured statically by the operator (or
automatically under 802.1x control) and the NE ports are associated by configuration
to these VLANs. This means that the NE ports are not automatically removed after
some time, but must be explicitly removed from a VLAN by the operator.
Two forwarding modes are supported. Each can be manually configured per VLAN.
intelligent bridging (iBridge) mode, also known as residential bridging mode
VLAN cross-connect mode
For more information about MAC addresses, refer to the chapter Security.
Usage
A particular VLAN ID can be configured only once:
on any of the user ports in the NE
over all NEs in the complete Ethernet network to which the NE is connected
VLAN stacking allows the user to use the same ID for multiple VLANs (see
section 4.2). But if VLAN stacking is not used, the VLAN cross-connect mode
should only be used in small networks, where the NE is directly connected to the IP
Edge router or Broadband Remote Access Server (BRAS) of a Network Service
Provider (NSP), or for business customers.
Properties
Because there is only one single user, a VLAN in cross-connect mode also has the
two basic properties that differentiate iBridging from standard bridging:
no user-to-user communication is possible in the NE
prevention of broadcast storms.
Supported models
There are several VLAN cross-connect models supported:
basic VLAN cross-connect: C-VLAN cross-connect
VLAN stacking for business users: S-VLAN cross-connect
VLAN stacking for residential users: S-VLAN/C-VLAN cross-connect
Quality of Service (QoS)-aware VLAN cross-connect: VLAN + p-bits
cross-connect.
iBridge mode
The concept of iBridge mode is that multiple NSPs are each connected to the NE with
a VLAN. The user ports are connected to the VLAN of their corresponding NSP.
Figure 4-3 shows the concept of the iBridge mode. The NE supports up to 128
iBridges.
NSP IP backbone
EMAN
A NSP 1-VLAN
B
NSP1 NSP 2
C
NSP 2-VLAN NSP IP backbone
D NSP2
E NSP3
F NSP 3-VLAN
NSP 3
G
NSP IP backbone
iBridge VLANs support the snooping features DHCP Option 82 (refer to chapter
Layer 3 Protocols and IGMP (refer to chapter Multicast and IGMP).
The NE supports two VLAN classification modes in iBridge mode:
port-based VLAN
port/protocol based VLAN
For more information about these VLAN classification modes, refer to section
Port/protocol-based VLAN in iBridge mode.
Frame types
In iBridge mode, only the following frame types are accepted from the user ports:
IP over Ethernet (IPoE) (IPv4)/ARP/Reverse Address Resolution Protocol
(RARP)
PPPoE (discovery & session)
IPoE (IPv4)/ARP/RARP/PPPoE (discovery & session)
all ethernet types
Extensible Authentication Protocol Over LAN (EAPOL)
EAPOL frames are dedicated packets that are never forwarded but are processed
by the NE.
NE 1
NE 2
CVLANs
C-VLAN cross-connect
EFM/Ethernet
Ethernet or
ATM/AAL5/Bridged_encaps/Ethernet
Network port Access port
C-VLAN tagged/
C-VLAN tagged untagged/priority
tagged
S-VLAN PVC
C-VLANs
The NE acts as an S-VLAN-aware bridge, with the restriction that only one
subscriber interface can be attached; see Figure 4-9. Forwarding is only done based
on the S-VLAN forwarding context. The forwarding is transparent for the
C-VLANs. Frames on the subscriber interface may not have an S-VLAN tag. The
subscriber interfaces pre-configured S-VLAN ID will be assigned.
C-VLAN to
PVC/EFM
EMAN NE cross-connects CPE(s)
S-VLAN PVCs
C-VLANs
The NE acts as a C-VLAN-aware bridge (Figure 4-11), with the restriction that only
one subscriber interface can be attached. Frames on the subscriber interface may be
C-VLAN tagged or untagged/priority tagged. In case of C-VLAN tagged frames, a
check will be performed on the received C-VLAN ID, while the subscriber
interfaces preconfigured S-VLAN will be assigned. In case of untagged/priority
tagged frames, the subscriber interfaces pre-configured C-VLAN and S-VLAN will
be assigned.
When transferring packets without cell interleaving, small real-time packets (for
example, voice) might suffer some high jitter due to the high serialization delay on
slow DSL links caused by transmitting long packets. These DSL links have an ATM
layer, which is a transport mechanism on top of DSL that allows cell interleaving
between PVCs. At the same time, you do not want to extend this local issue through
the complete network.
Consequently, for highly QoS sensitive traffic, one might require to set up several
PVCs and associate each PVC with a given traffic priority, identified by the priority
bits (p-bits) associated with the VLAN tag. One ends up with extending the VLAN
cross-connect concept by associating each PVC with one or two VLAN IDs and a
p-bits value.
In the downstream direction, the NE selects the PVC according to the p-bits value
(that is, the QoS classification will be based on the p-bits contained in the C-VLAN);
see Figure 4-12.
In the upstream direction, the NE assigns p-bits as a function of the PVC the frames
originate from (that is, in case the subsciber sends single-tagged frames and the
second tag (for the S-VLAN) is added, the p-bits received from the user are copied
into the S-VLAN p-bits. Thus, the original p-bits from the C-VLAN sent by the user
and stacked in NE do not change); see Figure 4-13.
Ingress
classification
based on p-bits
Assign PVC
according to
traffic type
Introduction
This mode provides a connectivity scheme compatible with a fully centralized
subscriber management, where each individual subscriber is connected to an IP Edge
(IP connectivity) or a BRAS (PPP connectivity) through a single bit-pipe. In this
configuration, the subscribers are sharing the same subnet for scalability reasons and
do not present their private network configuration to the network.
Figure 4-14 shows the IP network model using IP connectivity and Figure 4-15
shows the IP network model using PPP connectivity.
VLAN-CC
Services VRF
VLAN-CC
IP PPP
Services Routing Termina-
tion
IP subnet IP address
PPP session VLAN
Subscriber management
To protect the whole network, several functions, which are grouped under the term
subscriber management, must be assured by the access network. These functions
can be classified as follows:
subscriber identification
security (MAC address and/or IP address anti-spoofing, user-to-user traffic
control and so on)
service enforcement
service selection
service accounting
When considering subscriber management, two main types of network
configurations exist:
Centralized subscriber management
In this configuration, the NE is kept as simple and as transparent as possible, and
everything related to subscriber management is then performed centrally in the
network. The network model in this configuration is based on one bit-pipe,
realized by one (potentially stacked) VLAN, connecting the subscriber PVC to
the BRAS or the IP edge. The end user is then fully identified by its associated
VLAN.
Distributed subscriber management
In this configuration, subscriber management is performed in the NE relaxing the
requirements for the BRAS or the IP edges. These models are typically based on
some traffic aggregation at the NE level like Ethernet bridging and/or IP
forwarding. In this case, the BRAS or the IP edges do not have direct visibility on
the subscriber interface. herefore everything related to subscriber identification,
security, and so on, must be performed within the NE.
Features
The protocol-aware VLAN cross-connect mode has the following features:
xDSL interfaces types:
ATM:
- Bridged encapsulation carrying both PPPoE and IPoE traffic
- PPPoA with the required interworking to convert the traffic to PPPoE
- IPoA with the required interworking to convert the traffic to IPoE
- Encapsulation auto-detection
Ethernet:
- VDSL EFM
- VDSL2 EFM
Subscriber identification:
A single (C-VLAN) or a stacked (S-VLAN/C-VLAN) VLAN tag towards the
network is associated with either a PVC (in the case of ATM) or a DSL port (in the
case of EFM)
Optional addition of the PPPoE relay tag in the PPPoE control messages
Optional addition of the DHCP Option 82 in the DHCP messages
Security features:
Secured MAC learning, see section 8.2
No MAC address or IP address anti-spoofing since the scope of these addresses
remain limited within the protocol-aware cross-connect mode. The IP edge router or
the BRAS must keep the freedom of allocating them as they want. This control will
typically be performed centrally.
Service enforcement:
Policing per PVC (ATM) or DSL line (EFM)
Further detailed policing actions based on CoS and/or ACL results have to be
performed centrally where the service awareness is present.
Service selection:
performed centrally
Service accounting:
performed centrally
Local multicast handling:
driven by IGMP
The following restrictions apply to the protocol-aware VLAN cross-connect mode:
Router CPEs are not supported. This type of CPE is mainly associated with
business users who need to present their internal IP subnets towards the network
(for example, IP VPN). When considering residential users, the typical CPEs are
either based on a bridge or a router plus NAT (with either IP or PPP to the
network). In short, the residential cross-connect only supports single IP addresses
and does not support IP subnets (directly or not directly attached subnets) at the
subscriber interfaces.
Untagged frames at the user interface. This is especially important when
considering the following aspects:
Encapsulation auto-detection: tagged frames cannot be supported with an XoA
encapsulation. Consequently, they are not supported by the protocol-aware VLAN
cross-connect mode, to present a consistent behaviour independently of the user
interface.
Multicast traffic: the multicast traffic is received over a different VLAN than the
unicast traffic. Both are merged before leaving the NE towards the subscriber.
Making traffic untagged at this point makes this merging easier.
Frame types
Tagging of an Ethernet frame consists in adding a tag of four bytes that specifies the
VLAN ID and the priority (from 0 to 7). Table 4-1 shows the used frame types with
their properties.
Figure 4-16 shows an untagged and a tagged Ethernet frame, in this case a
priority-tagged Ethernet frame.
7 1 6 6 2 461500 4
(priority-)tagged frame
MAC Client
Dest Src 802.1q VLAN
Preamble SFD Length Data + Pad FCS
Addr Addr Tag Tag Type
7 1 6 6 2 2 2 46...1500 4
If the port is a user port, then Permanent Virtual Connections (PVCs) are used. Each
DSL line supports up to 4 PVCs.
All untagged frames toward any port are tagged with the default VLAN ID and p-bit.
If the port is a network port, all priority-tagged frames toward this port are also
tagged with the default VLAN and p-bit. All 802.1q tagging modes are supported on
the network ports.
For more information about the handling of priority-tagged frames, refer to the
chapter Quality of Service.
The IPoA cross-connect mode offers a solution for connecting users with
RFC-2684-routed encapsulation (IPoA) via the GE uplink with the same services as
in an ATM environment. For example, it offers no changes in IP configuration,
transparency for the involved (routing) protocols, QoS and so on.
Note The IPoA cross-connect mode is comparable with the
VLAN cross-connect mode, but with IPoA instead of IPoE at the CPE
side.
In any case, the subnet configuration at the user side (behind the CPE) is transparent
to the ISAM. The ISAM only sees the IP address of the CPE and the IP address of
the edge router. (see figure 4-17).
VRF
VLAN-CC
VRF Customer
Services VRF premises
VRF IP subnet
VRF
5.1 Introduction
ARP 5.4
VBAS 5.5
DHCP 5.6
IGMP 5.7
802.1x 5.8
Ethernet
Switch NSP IP backbone
NE m*FE/GE
ADSL
FE/GE
EMAN NSP IP backbone
n*FE/GE
NSP IP backbone
Link aggregation allows you to increase the capacity and availability of the
communications channel between devices (both switches and end stations) using
Ethernet technology. Two or more Ethernet connections are combined to increase the
bandwidth capability and to create resilient and redundant links. A set of multiple
parallel physical links between two devices is grouped together to form a single
logical link.
Link aggregation also provides load balancing where the processing and
communications activity is distributed across several links in a trunk, so that no
single link is overwhelmed.
Advantages
Using link aggregation on the uplink interfaces provides the following advantages:
Higher link capacity
For example, capacity is 200 Mb/s instead of 100 Mb/s when 2 FE links are
aggregated.
Link redundancy
If one link fails, the other link takes over. Throughput is decreased, but the
connection is not lost.
5.3 RSTP
The NE can be configured with several network interfaces. They can be used to
connect the NE to multiple Ethernet switches.
For an Ethernet network to function properly, only one active path can exist between
two stations.
The Rapid Spanning Tree Protocol (RSTP) is a link management protocol that
provides path redundancy while preventing undesirable loops in the network.
Multiple active paths between stations cause loops in the network. If a loop exists in
the network topology, the potential exists for duplication of messages. When loops
occur, some switches see stations appear on both sides of the switch. This condition
confuses the forwarding algorithm and allows duplicate frames to be forwarded.
To provide path redundancy, RSTP defines a non-redundant tree topology within a
physical redundant network topology. RSTP forces certain redundant data paths into
a standby (blocked) state. After a network node or link has become unavailable,
RSTP will run again to define a new tree topology.
The RSTP operation is transparent to end stations, which are unaware whether they
are connected to a single LAN segment or a switched LAN of multiple segments.
5.4 ARP
The Address Resolution Protocol (ARP) is a protocol within TCP/IP that maps IP
addresses to Ethernet MAC addresses. TCP/IP requires ARP for use with Ethernet.
The NE has a limited ARP handling functionality, but it is sufficient to prevent
broadcast storms toward the users. This is achieved in the following ways.
In iBridge mode
When an ARP request is received from a PVC, the ARP request is broadcast to
the Ethernet network interface. This deviates from the standard Ethernet
broadcast because the ARP request is not broadcast to the VCs.
When an ARP request is received from an Ethernet network interface, the ARP
request is only broadcast in the VLAN when downstream broadcast is enabled in
the VLAN. Otherwise, the ARP request is dropped.
In cross-connect mode
ARP requests are forwarded transparently downstream or upstream like any other
data packet.
The Virtual Broadcast Access Server (VBAS) protocol is a Layer 2 protocol that
allows the external BRAS to query the NE for DSL link information so that the
BRAS can limit the number of Point-to-Point Protocol (PPP) sessions per DSL link.
VBAS allows the BRAS to obtain detailed information on the physical address of a
subscriber on the network element. The VBAS protocol goes through query and
response phases before the BRAS can obtain the physical address of any new
subscriber.
VBAS query
VBAS sends a VBAS query packet to the system to gather physical port
information corresponding to the MAC address of the new subscriber.
VBAS response
Upon receiving the request packet, the system sends a VBAS response packet to
the BRAS. This packet includes the physical port information of the new
subscriber.
BRAS
ISAM
EMAN
CPE
CPE Sends VBAS request with MAC DA address (the MAC address of
the user which is to be resolved) and waits for the response.
5.6 DHCP
DHCP relay
You can enable DHCP at layer 2 for VLANs configured in iBridge mode. For
VLANs configured in cross-connect mode, DHCP packets are forwarded
transparently. In layer 2, DHCP is used as an alternative to IP address allocation in
PPPoE.
Figure 5-4 shows the distributed DHCP relay implementation in NE.
The IP edge router only sees unicast packets and performs IP routing. Therefore, it
needs a route toward the DHCP servers and a route toward the IP address of the
VLAN in the network element. The IP address is used as the gateway IP address in
the relayed DHCP packet and as the IP destination address of the downstream packet
sent by the DHCP server. This address is in the same subnet as the IP address of the
edge router on that VLAN. The network element resets the gateway address to zero
if the network element is functioning as the relay agent.
There are differences in DHCP when it is used in the upstream and downstream
directions.
Upstream
Option 82
In the upstream direction, the NE supports the insertion of DHCP option 82 as a
configurable option.
In the case where in the NE the insertion of option 82 is enabled, the NE adds
DHCP option 82 to the DHCP message in a way compliant with the standard.
In the case where in the NE the insertion of option 82 is disabled, the NE forwards
the DHCP messages if they are standard compliant.
Downstream
Option 82
In the downstream direction, the LIM can receive either a broadcast or unicast DHCP
message. This depends on the broadcast flag inside the DHCP message received
from the network if the DHCP relay agent in the 7302 ISAM is enabled. If option 82
was added in the upstream direction, it is stripped from the packet in the downstream
direction.
5.7 IGMP
The 802.1x protocol complies with both the IEEE and CCSA specification. It is
mapped to the LIM, where the authentication state of the port is enforced; see Figure
5-5. This means that packets from unauthenticated users are dropped at the LIM.
802.1x on the LIM communicates with the NT by way of the internal VLAN to
perform the authentication. The NT uses a local database or contacts a RADIUS
server.
CPE
LIM NT
CPE
For an authenticated port, all user frames are forwarded as tagged frames. The VLAN
ID used to tag user IPoE frames can be either:
the VLAN ID determined by the RADIUS server
the VLAN ID configured in the user domain database of the NE (when no specific
VLAN is returned by the RADIUS server)
the VLAN ID configured by the operator on the user PVC (when no specific
VLAN is returned by the RADIUS server and no specific VLAN is configured in
the user domain database of NE)
5.9 PPPoE
PPPoE relay
In case of PPPoE relay, a relay session ID, based on the DSL link/ATM PVC, is
inserted in all the PPPoE messages in the discovery phase (that is, EtherType =
0x8863). All PPPoE messages contain MAC addresses of the user as source and the
PPPoE server as destination MAC addresses. The only exception is the PPPoE
Active Discovery Initiation (PADI), which is sent upstream with a MAC DA equal
to the broadcast MAC address. All PPPoE messages in the session phase are
forwarded without any processing.
PPPoE traffic
CPE
LIM NT
CPE
terminated, the NE also terminates the corresponding PPPoE session. During the
session, every upstream PPP packet is encapsulated in PPPoE, whereby as source
MAC address, the MAC address of the NE is used, downstream the reverse operation
happens and the MAC layer is stripped off. From a BRAS perspective, the session
looks like any normal standard PPPoE session.
To give the Access Service Provider (ASP) the maximum information that can help
him to accept a PPPoE session establishment or to silently ignore the request, the NE
provides the server with line-related information as defined in DSL Forum
contribution 2004-071. This means it adds this information to the PADI message at
PPPoE session establishment. The NE provides this information through the vendor
specific tag. This option fulfills the same role as option 82 in DHCP. Figure 5-7
shows the PPPoA-PPPoE network topology.
IP Edge
This section focuses on the layer3 forwarding model to offer broadband services over
DSL. IP connectivity is established between terminals in the home environment and
content servers higher up in the network for High Speed Internet (HSI), Video
Broadcast, Video on Demand (VoD), VoIP service, and so on. IP packets are routed
(forwarding decision based on IP addresses) by the NE to the network or to the
individual DSL users.
Figure 6-1 shows the network topology.
IP Edge
USB Local ISP
USB modem
PPPoE
Ethernet
Bridge IP Srv: Video
EMAN Network
IP
IP
Routing
Gateway ISAM
Srv: VoIP
The main elements to contribute to the service on the data plane level are:
CPE
DSLAM
Ethernet switches
edge nodes, such as edge routers or even BRAS as a service edge and the servers
such as HTTP servers
video servers
Voice servers
From a control perspective, RADIUS servers will help in user authentication, service
accounting and personalized on demand service settings. DHCP servers contribute
in IP address assignment. On the IP and the Ethernet control plane, different
protocols are used to aggregate links and to provide availability of the service or auto
configuration of the network.
Over the DSL link, the following protocol stacks are supported: PPPoE, IPoA (7302
ISAM only) and IPoE. PPPoA is another protocol stack supported to CPEs, but not
yet supported in combination with layer 3 forwarding. Both PPPoE and IPoE can be
supported on the same PVC. By way of a protocol-based filter (that is, ethertype),
traffic can be treated by a PPP-oriented access application or by an
IP/DHCP-oriented access application.
IP routing
In the IP routing model, the NE behaves as a standard IP router toward the end users
and the network.
At the user side of the system (xDSL line), unnumbered IP interfaces are used, while
user subnets are configured on a user gateway interface. To achieve maximum
efficiency in the allocation of IP addresses, several users (on different DSL lines) can
share a same subnet. Toward the network, IP interfaces are numbered (meaning that
the NE IP addresses and subnets are configured).
Host routes toward the end user devices are either dynamically created in the NE, in
the case of dynamic DHCP or PPPoE sessions, or statically provisioned in the case
of static IP address assignment.
The end user subnets that are associated with the NE can be advertised to the
upstream routers by way of routing protocols. Conversely, network routes can be
advertised to the NE by way of these routing protocols.
End users that are attached to the same DSLAM can directly communicate with each
other at layer 3 (user-to-user traffic). In the case of users that share the same subnet,
this is achieved by providing a proxy ARP function towards those end users.
For security reasons, IP address anti-spoofing is performed, that is, comparing the
received source IP address with IP addresses that have been handed out over a given
PVC.
IP-aware bridge
The end users use the IP address of the edge router as their default gateway, while
the IP edge router sees the end user subnets as directly attached networks. The NE is
situated in between and performs packet forwarding at layer 3.
In an IPoA/IPoE DHCP scenario, the upstream packet forwarding happens as
follows:
End user devices use ARP to contact the default gateway (really the IP edge)
The LIM learns the end user subnets by snooping DHCP messages, and based on
this knowledge, they perform a proxy ARP function and return the LIM MAC
address in the ARP reply.
The IP packet is sent to the LIM, and is forwarded at layer 3 into the correct
VLAN that leads to the IP edge router. The network routes that are needed in the
LIMs FIB must be configured by the operator.
6.3 Authentication/authorization/accounting
The NE provides the possibility to authenticate the users to make sure that only those
users who have access rights can make use of the services offered by the service
providers
PPPoE sessions
The following applies for PPPoE user interfaces:
Users are authenticated during the PPP protocol Link Control Protocol (LCP)
phase. The NE can either use the RADIUS protocol to authenticate the users by
way of RADIUS servers, or the users can be locally authenticated by using the
local user database in the NE.
The user interfaces are authorized for services by associating either with an
IP-aware bridge or with a router, corresponding to the service provider which is
determined during the authentication phase.
Service provider selection can be either static (by way of configuration) or dynamic
(by way of authentication).
Static
IPoE and IPoA user interfaces are statically assigned to either an IP-aware bridge or
a router, corresponding to the NSP. Users connected to the NE by way of the same
interface can only get access to the NSP network configured on that interface.
Dynamic
PPPoE user sessions are dynamically assigned to either an IP-aware bridge or a
router, corresponding to the NSP, determined during the authentication of the user
session, based on domain name and user name.
7.1 Introduction
Routing protocols
Table 7-1 shows the supported routing protocols:
RIP 7.2
OSPF-2 7.3
ARP 7.4
PPPoE 7.5
DHCP 7.6
IGMP 7.7
7.2 RIP
RIPv1 compatibility
The NE is compatible with RIPv1 and RIPv2 versions of the RIP protocol. It supports
the configuration of the version of the RIP PDUs that are transmitted and received
by the RIP router in NE.
RIP authentication
The NE provides secure RIP update mechanisms using the password mechanism as
defined by the RFC. The RIP router accepts RIP updates only from peers whose
updates can be authenticated based on the configured authentication information.
The system accepts authentication based on simple text password and
MD5-encrypted authentication mechanisms as defined by the standards.
7.3 OSPF-2
Open Shortest Path First (OSPF) is a dynamic routing protocol used to learn and
populate the forwarding database in the DSLAMs, CPE at the user side, and edge
devices at the network side. For example, a network element used as a default
gateway by users connected to the DSLAM acts as a next hop gateway to reach the
users from the routers on the network side. The route to the users through the network
element is learned by the edge routers using either the OSPF or RIP routing protocol
depending on the configuration of the Internet Service Provider (ISP) network.
The following scenario is an example where the NE is used as a default gateway by
users connected to the DSLAM. The NE in this case acts as a next hop gateway to
reach the users from the routers on the network side. The route to the users through
the NE is learned by the edge routers using the routing protocol OSPF or RIP based
on the configuration of the ISP network.
Toward the network multiple VLANs may be required (one per service).
In this case, each VLAN can be connected to multiple next-hops as well.
Figure 7-1 shows a scenario where the NE is connected to OSPF routers on the
network side and acts as a layer 3 gateway between the users and the ISP.
IPx3 OSPF
User
SHub-NT
IPx4
User
LT OSPF on OSPF
User
IPx5 DSL/PVC Edge router
IPx6
User
Area support
The NE supports areas as defined in RFC 2328 for OSPF version 2 protocol. The
OSPF router on the NE is able to associate interfaces with the backbone area, a
normal area, a stub area, or an NSSA area.
OSPF-2 interfaces
The network element supports areas and interfaces as defined in RFC 2328 for the
OSPF-2 protocol. The router IP interfaces are configured as OSPF interfaces that
belong to a specific area number and type. When the router acts as an area border
router, there are multiple interfaces configured belonging to different areas. The
protocol, as defined by the standards, performs SPF on each area independently and
computes the intra- and inter-area routes and accordingly populates the forwarding
database.
OSPF is only supported on the network and subtending interfaces.
The subnets on the user side must be advertised for the edge routers to use network
element as the gateway to the users. This can be achieved by using route
redistribution and distributing interface routes into OSPF with route filters that are
applied on the distribution.
Load sharing
The NE supports load sharing as defined in RFC 2328 for OSPF version 2 protocol.
Multiple links are provisioned as OSPF interfaces that can provide the reachability
to a common network.
The NE provides the ability to share the traffic load by distributing the traffic over
these multiple links when they are learned through OSPF. This principle is defined
as Equal Cost Multi-Path (ECMP) routing in OSPF.
Border router
The NE provides the ability to act as a Border Router as defined in RFC 2328 for
OSPF version 2 protocol. The router IP interfaces are configured selectively as OSPF
interfaces, that belong to a specific area number and type. When the router acts as a
area border router, there are multiple interfaces configured belonging to different
areas. The protocol, as defined by the standards, performs SPF on each area
independently and compute the intra- and inter-area routes and accordingly populate
the forwarding database.
Alarms support
The NE provides the ability to report alarms when a new neighbour is discovered and
an adjacency is established using the OSPF protocol. An alarm is reported to indicate
a loss of adjacency. Events are reported to indicate the state in which each adjacency
is transitioning.
7.4 ARP
ARP is a protocol within TCP/IP that maps IP addresses to Ethernet MAC addresses.
TCP/IP requires ARP for use with Ethernet. The network element provides ARP
proxy on both the user and network interfaces.
CPE
LIM NT
CPE
[60]
internal Communication
Authenticate Ack
[60]
Session setup messages are normally spread over time. In case of a restart of the NE,
all active users will try to re-establish their session. Therefore, a high burst of PPPoE
messages after a restart of the NE may be expected. After PPPoE discovery phase, a
unique session ID is allocated to this session, which is used in all further messages
exchanged within this session.
PPPoE data packets are identified by way of the Ethertype (0x8864). Since PPP and
PPPoE are terminated in the NE, their headers are stripped in upstream direction. In
downstream direction, proper PPP and PPPoE headers are added. All PPPoE data
messages are sent upstream by the user with the LIM as destination MAC address.
To forward these data packets upstream, the NE looks at the IP destination address.
In this case, an IP forwarding table lookup is required.
At regular time intervals, both the user and the PPPoE server may send keep alive
(LCP echo request) messages. The PPPoE server sends these messages for all active
PPPoE sessions. The sending of these messages must be spread in time, to avoid a
burst of messages sent by the LIM.
The frequency at which these messages are sent can be configured. In most cases, the
user sends these echo request packets every 30 s. The keep-alive timer that is used
by the LIM does not have to be the same as the one used by the user.
7.6 DHCP
DHCP relay
DHCP at layer 3 is a user access protocol that enables DHCP servers to configure
internet hosts. The network element provides DHCP relay functionality in the
IP-aware bridge and router modes for both IPoE and IPoA user access interfaces.
DHCP relay functionality can be subdivided into two main components:
DHCP relay port
DHCP relay agent
The DHCP relay port on the network element performs the following:
upstream: add option 82 (if enabled)
downstream: remove option 82
The DHCP relay agent on the network element acts as the DHCP relay agent for
subscribers. In the upstream direction, broadcast DHCP messages received from
users are unicasted to the configured DHCP servers of the virtual router associated
with the user interface. In the downstream direction, unicast messages received from
the DHCP server are either unicasted or broadcasted (based on the broadcast flag) to
the correct user interfaces.
The DHCP relay agent function and the option-82 insertion can be individually
enabled/disabled per virtual router.
Option 82 handling
In layer 3, option 82 provides security when DHCP is used in public access networks.
In addition to enabling or disabling Option 82, you can configure the circuit ID to
identify the ingress PVC and the remote ID derived from the customer ID that is
configured on the ingress DSL line.
You can enable or disable the option 82 feature in upstream DHCP messages for each
DHCP relay agent. If enabled, option 82 parameters are inserted both for unicast and
broadcast DHCP messages.
The insertion of the circuit ID and the remote ID can also be enabled and disabled
separately. The remote ID is fully configurable for each DSL line or ATM PVC by
the operator (string with a length between 0 and 32 bytes). It is used to identify the
customer device at the remote end of the circuit.
By default, the circuit ID is auto-generated by the network element and contains
information used to identify the precise circuit (for example, DSL line and ATM
PVC) from which the DHCP message originates. With the network element, you can
enable or disable the circuit ID. You can insert the customer information that was
intended for the remote ID into the circuit ID. In this case, the remote ID is not sent.
If customer information is not configured on a given DSL line or PVC, the remote
ID (or configurable circuit ID) is sent with a NULL value for that DSL line/PVC.
7.7 IGMP
When a frame is received with an unknown MAC Source Address (SA) or the MAC
SA is received on a different bridge port than previously learned, the NE will learn
this MAC address with the following restrictions:
If the MAC address is learned on a bridge port and the number of MAC addresses
already learned on that bridge port has reached a certain maximum, the MAC
address is not learned and the frame is dropped.
Note: The secured MAC learning mechanism can be disabled to allow, e.g. in
case of cross-connect mode, an unlimited number of MAC addresses.
If the MAC address is learned on a bridge port, and the same MAC address is
already learned on an Ethernet network interface in the same VLAN as the bridge
port, the MAC address is not learned and the frame is dropped (MAC address
duplication).
If the MAC address is learned on a bridge port, and the same MAC address was
already on another bridge port, and both bridge ports are in the same VLAN, the
new MAC address is not learned and the frame is dropped (MAC address
duplication).
If the MAC address is first learned on a bridge port, and then on an Ethernet
network interface, this movement is accepted and the MAC address is learned.
This means that the MAC address is removed on the bridge port (MAC address
movement).
Well-known MAC addresses (for example, multicast MAC addresses, MAC
addresses allocated for IEEE protocols, and so on) are not learned.
Note These restrictions are valid in both iBridge mode and VLAN
cross-connect mode.
These principles apply also for subtending ports. In this context, a subtending port
behaves at the same level as a bridge port.
Only independent VLAN learning is supported. This means that a MAC address is
unique within a VLAN, but not across VLANs. If a port is connected to two VLANs,
the MAC address is learned twice.
General
Both the IACM and SHub subsystem have their own management channels, but all
direct management access to the SHub subsystem is closed:
The software and database of the SHub subsystem are integrated in the software
and database of the IACM subsystem.
There is a single SNMP interface and IP address for both the IACM and the SHub
subsystem.
In order to make the ISAM securely managed, the operator must make sure that:
1 the ISAM works in single IP address mode
2 the secure variant of the used management channels are used. Unused
management channels must be closed.
Management channels
The following management channels on the IACM subsystem can be secured (refer
to Figure 8-1):
Simple Network Management Protocol (SNMP)
Can be secured by way of SNMPv3
Command Line Interface (CLI)
Can be secured by way of Secure Shell (SSH)
Transaction Language 1 (TL1)
Can be secured by way of SSH
Trivial File Transfer Protocol (TFTP)
Can be secured by way of Secured File Transfer Protocol (SFTP)
Simple Network Time Protocol (SNTP) does not have a secure variant. It is
configured to listen to a single SNTP server (the EMS). This configuration is done
by way of one of the above-listed management channels. Since these channels can
be secured by the operator, the SNTP configuration can be secured.
Apart from TFTP and SFTP, the system allows both the secure and insecure variant
to coexist so that the operator is able to contact the system in case the security setup
fails.
Table 8-1 Supported SSH and SNMP Authentication and Encryption Schemes
Security configuration
The configuration of the initial security parameters and usernames in the system is
done by way of CLI. Only the operator with security administrator rights has the
authorization to change the security configuration and to add or remove users.
Once the secure channel has been setup, the SNMPv3 parameters can also be
configured by way of the secured SNMPv3. For TL1 and CLI, the security
configuration remains a privilege of the security administrator (concept known in
both TL1 and CLI).
SNMPv3
The Simple Network Manager Protocol (SNMP) is used by element managers like
AWS or AMS to manage the 7302 ISAM or the 7330 ISAM FTTN.
Three versions of SNMP exist:
SNMP version 1 (SNMPv1) uses a community string (that is, a plain-text
password in the SNMP messages) to verify if a request may be executed or not.
This is very insecure.
SNMP version2 (SNMPv2) has the same syntax and security level as SNMPv1,
but has more commands, more error codes, different trap, and improved response
SNMP version 3 (SNMPv3) provides authentication, privacy and administration
for safe configuration and control operation. SNMPv3 also offers
transaction-by-transaction security configuration settings.
Security levels
SNMPv3 allows for three different security levels. Messages between agent and
manager can be:
1 unauthenticated and unencrypted
2 authenticated but unencrypted
3 both authenticated and encrypted
Security implementation
SNMPv3 implements security by adding a security header to a standard SNMP PDU,
allowing entities to support non-SNMPv3-aware agents and managers; see Figure
8-2.
Secure shell
Secure Shell (SSH) is a protocol that provides authentication, encryption, and data
integrity to secure network communications. On top of this protocol, SSH
implementations offer secure replacements for rsh, rlogin, rcp, ftp, and telnet, all of
which transmit data over the network as clear text. In addition, it offers secure
data-tunneling services for TCP/IP-based applications.
The NE uses the Interpeak SSH framework.
SSH protocol
The SSH protocol consists of several subprotocols:
SSH Transport Protocol
This subprotocol is responsible for setting up the secure channel that can be used
by the other SSH subprotocols. The SSH transport protocol handles secure key
exchange, server authentication, encryption, replay, and integrity protection. It
runs on top of any reliable transport protocol (for example, TCP). In case of TCP,
it always uses TCP port 22.
SSH User Authentication Protocol
This subprotocol provides client-side user authentication. It runs on top of the
SSH Transport protocol.
SSH Connection Protocol
This subprotocol provides interactive login sessions and forwarded TCP
connections.
SSH capabilities
The main capabilities of SSH are:
Secure command shell (ssh)
This secure version of the typical shell allows commands and applications to be
executed from the command-line.
Secure file transfer (SFTP)
This is a separate protocol layered over the SSH protocol to handle file transfers.
Supported services include file transfer in both directions, directory listings,
creation and removal of directories and files, and so on. It has the following
advantages over traditional (T)FTP:
SFTP encrypts both username/password and data.
SFTP uses the same port as the SSH server (no need to open an additional port).
SSH architecture
SSH has a client-server architecture. The NE acts as the SSH server toward the
manager; see Figure 8-3.
Secure link for SW&DB Server Secure link for the transfer
from FileServer to ISAM
(SW&dDB)
9.1 Introduction
Two applications on the LIM need authentication: 802.1x and PPP server.
These applications will use the internal communication to contact NT control (see
Figure 9-1). NT control will contact a RADIUS server outside the ISAM or it can use
a local authentication database (only for PPP). In the former case, NT control is
behaving as a RADIUS client.
CPE NT
LIM
CPE control
The RADIUS client in NT control selects the RADIUS servers based on the domain
name. This domain name maps to a certain RADIUS server policy. In the RADIUS
server policy, the IP addresses of the RADIUS servers are found. To route the
RADIUS packets towards the RADIUS servers, an IP lookup has to be done. This
requires that also the VRF is configured in the RADIUS server policy and this VRF
must contain a route (e.g., a static route) towards the RADIUS server(s).
NT control can contact RADIUS servers over the internal OAM VLAN, and over the
external OAM VLAN.
If the internal OAM VLAN is used, then NT control addresses the RADIUS
proxy on the SHub, and this one contacts the RADIUS servers of the ISPs over .
If the external OAM VLAN is used, then NT control addresses the external
RADIUS server directly.
The RADIUS proxy IP forwards the RADIUS packet to the RADIUS server.
Therefore, the routes towards the RADIUS servers are configured in the VRF of
SHub. The RADIUS client passes the selected RADIUS server IP address and VRF
in a proprietary tag, defined in the RADIUS messages, to the RADIUS proxy. The
RADIUS proxy removes the proprietary tag and forwards the RADIUS message to
the RADIUS server specified in the proprietary tag.
In case of RADIUS server redundancy, the RADIUS client on NT control will take
care of that and the proxy is not aware of this redundancy.
The communication between NT control and the RADIUS proxy on the SHub goes
over the internal OAM VLAN. NT control will use a local IP address as IP SA, the
RADIUS proxy on the SHub will replace it by its own global IP address (configured
on the outgoing VLAN) as IP source address.
Note: this IP address is also used for DHCP relay.
When a packet is sent from the RADIUS server to the ISAM, then in case of the
external OAM VLAN, the IP and MAC destination address will be those of NT
control. Hence, the packet is bridged at the SHub.
If the packet is sent from the RADIUS server to the ISAM over another VLAN than
the external OAM VLAN, the IP and MAC destination address will be those of the
SHub. When the RADIUS proxy receives a packet from the network, it will be sent
to NT control over the internal OAM VLAN.
CLI and TL1 operators can be authenticated either locally on each DSLAM or
remotely centralized at a RADIUS server. There is one restriction: if CLI or TL1 over
SSH with key authentication is used, the authentication has to be done locally as
RADIUS does not support keys.
This functionality is only supported for CLI and TL1. It does not apply for SNMP
operators as SNMP does not work with the concept of session. That would mean that,
for each SNMP request, communication with a RADIUS server would have to be
setup to authenticate the originator. In case of CLI and TL1, the authentication occurs
once for a complete session.
A centralized authentication server has a lot of benefits for the management of
operator accounts, but is a danger with regard to availability and security. It is
advisable to support redundant RADIUS servers (this is supported by the ISAM). In
addition, the ISAM will fallback to local authentication in case the communication
with the RADIUS server fails.
As an operator will either choose for local or centralized authentication, typically the
local database will only contain the administrator account in case RADIUS is used.
To prevent isolation, the operator can configure one default local operator profile
that applies when RADIUS is not reachable and the operator is not configured in the
local database.
EMS
CPE Ethernet
LIM SHub ER RADIUS
CPE server
RADIUS
NT
control
When a CLI or TL1 operator requests for authentication, NT control will perform
authentication using the local authentication database, or it will use RADIUS.
In case of RADIUS, the external OAM VLAN is used to contact an external
RADIUS server, or the internal OAM VLAN is used towards the SHub,
which will perform RADIUS proxy.
Passwords, RADIUS secrets and possible other authentication data are encrypted in
such a way in the system database that the plain form can not be derived from it
where this is not required for normal operation (for example, passwords for PAP
local authentication). In cases where it is necessary to retrieve the plain text form,
adequate encryption avoiding unauthorized retrieval is used. This applies for all
authentication on the management and user interfaces.
10.1 Overview
Multicast is the transmission from a single device (such as an IPTV host) to a group
of recipients (such as xDSL subscribers). Internet Group Management Protocol
(IGMP) is a protocol used between hosts and multicast routers on a single physical
network to establish hosts membership in particular multicast groups.
Actually, there are three versions of IGMP:
IGMP version 1 (IGMPv1) is described in RFC 1112
IGMP version 2 (IGMPv2) is described in RFC 2236
IGMP version 3 (IGMPv3) is described in RFC 3376
The network element:
supports IGMPv1 and IGMPv2 on the user interface.
When IGMPv3 is received from a user, the network element queries in IGMPv2.
At the network side, IGMPv1 is not supported. When a user uses IGMPv1, the
network element uses IGMPv2 toward the network. IGMPv1 is discarded by the
network element when it is received from the network.
supports fast IGMP zapping
enables user configurable limits to the number of multicast streams that can be
configured on an xDSL line.
You can configure the maximum number of multicast streams allowed on an
xDSL line to ensure that enough bandwidth is available for multicast services on
that line.
supports up to 1024 multicast streams
For information about commands handling IGMP, refer to the Operations and
Maintenance using CLI and the CLI Commands documents.
NE 1
Multicast Multicast
IGMP IGMP
Stream Stream
End User3 NE 3
Multicast
IGMP
Stream
End User4
Message Description
Membership query General membership query A query from the router asking hosts to respond
with all groups that they require. Used to learn
group members.
Group specific query A query from the router asking hosts if they are
listening to a specific group. Used to learn if a
particular group has any members.
(1 of 2)
Message Description
Leave group message Used by hosts to inform the router that a specific
stream is no longer required.
(2 of 2)
Multicast streams are only sent to the network element when at least one user who is
a member of that multicast group is connected to the network element over the xDSL
link. If no group members are connected, the multicast stream is not routed toward
the network element.
The IGMP packets are intercepted to identify the outgoing ports (PVCs) for each
multicast group for which there is at least one receiver. In this way, multicast data
packets will only be routed to those users who have subscribed to that particular
multicast group.
The multicast MAC destination address and VLAN ID are used to forward the
multicast streams, not IGMP packets. Multicast streams can only be sent
downstream and are never tagged by the network element. Multicast streams are
received as tagged packets from the service provider, but untagged by the NE before
forwarding them to the end user.
Multicast streams can be configured statically or created dynamically at the network
side using IGMP. At the user side, only dynamic multicast streams are supported.
The NE may receive a particular multicast stream through dynamic or static
connections:
Dynamic connection
Multicast streams are sent to the NE only on request meaning that at least one
member of the related group is connecting to the NE (by DSL or by way of
subtending NE). This is typically done through the IGMP protocol.
If not, the multicast stream is not directed toward the NE. At the network side, the
NE supports only IGMPv2.
Static connection
The multicast stream is sent to the NE through a configured static connection. The
multicast stream is terminated on the SHub subsystem.
An end user joins a multicast group by means of the IGMP protocol. Only IGMPv2
is supported on the end user interface.
In the case where an IGMPv3 message is received from a end user, the NE forces the
end user to switch to IGMPv2 Host Compatibility mode by sending an IGMPv2
query.
In the case where an IGMPv1 message is received from an end user, the network
element uses IGMPv2 toward the network.
For each multicast group, IGMP packets are intercepted to identify the outgoing
ports (subtending NE and end user ports). In this way, multicast data packets are only
sent to those end users who have subscribed to that particular multicast group.
Inside the NE, the multicast forwarding (multicast streams) is based on the Multicast
MAC destination address together with the multicast service provider VLAN ID
(layer 2 interfaces) or the multicast IP destination address (layer 3 interfaces).
The NE does not allow an end user to behave as a source for multicast stream
forwarding. Multicast streams are only accepted in the downstream direction.
CPE
Single PVC PPPoE or IPoE VLAN
RE
RE
PPPoE
PPPoE VLAN
The working assumptions of the multiple PVC usage network model are:
downstream IP packets and PPPoE packets are identified to different PVCs by the
user CPE
no upstream PPPoE packets in the PVC that has been configured to be in IPoE
usage
no upstream IPoE packets in the PVC that has been configured to be in PPPoE
usage
each PVC in an ADSL line must have a separate default VLAN ID
IGMP proxy
IGMP proxy is supported and used on the LIM of the network element. IGMP proxy
is supported on iBridge (RB VLANs), in the residential cross-connect forwarding
(C-VLAN) and on the IP aware bridge (IP interfaces). It is situated between two
IGMP networks and sends membership reports and leaves messages upstream as
required by the downstream users. IGMP proxy also replies to group specific and
general membership queries on behalf of downstream users. IGMP proxy sends
group-specific and general membership queries to downstream users to determine
which channels need to be sent to which ports. All messages sent by the proxy device
use the MAC and IP addresses of the device.
The network element functions as an IGMP proxy to the network, allowing end users
to announce their interest in multicast group memberships to the network. The main
functions of the IGMP proxy in the network element are:
responding to IGMP queries received from the network, with a single
membership report for each multicast stream to which end users have subscribed
sending IGMP queries at regular intervals to the end users; the transmission of
these IGMP queries is equally distributed in time over all the end user ports to
avoid overload situations
handling IGMP membership reports and leave requests received from the end
user; multicast replication trees are created on both the aggregation and the
interworking function
The IGMP proxy is mapped to the interworking function with the following
parameters:
support for IGMPv2 (IGMPv3-friendly behaviour)
IGMPv1 is partly supported at the end user side
ability to enable or disable IGMP on a port basis
support for IGMP Fast Leave with host tracking
content and rate-based admission control
a maximum of 256 simultaneously active multicast streams on the LIM
a maximum of 10 simultaneously active multicast streams per end user port.
IGMP snooping
You can configure IGMP snooping, virtual LAN router port-related parameters, and
the virtual LAN filter for IGMP snooping for a particular VLAN.
The IGMP snooping function is mapped to the aggregation function with the
following parameters:
enhanced IGMP snooping, including the ability to avoid IGMP report avalanches
support for IGMPv2
support for static multicast streams
support for dynamic multicast streams
a maximum of 1024 simultaneously active multicast streams
support for fast leave
IGMP modes
Table 10-2 describes the IGMP proxy behaviour depending on the different
forwarding models.
Mode Description
Cross-connect & IGMP packets are transparently forwarded (IGMP proxy is not supported)
PPPoE Relay
Figure 10-3 shows the supported IGMP modes in the network element.
Figure 10-3 Supported IGMP modes
Network NE User CPE
IGMP IGMP
IP IGMP in cross-connect IP
PPP PPP
PPPoE PPPoE
ETH ETH ETH ETH
Lower Lower Lower Lower
layers layers layers layers
IGMP IGMP
IP IGMP on top of PPPoE relay IP
PPP PPP
PPPoE PPPoE
ETH ETH ETH ETH
Lower Lower Lower Lower
layers layers layers layers
In cross-connect IGMP and IGMP over PPPoE relay modes, the IGMP packets are
forwarded transparently by the network element. In IGMP over IPoE mode, the
replication of the multicast streams is done by both the SHub subsystem and LIM. In
this case, IGMP is handled at the SHub subsystem and on all the LIMs. The LIM
functions as a router toward the users and as a host toward the network. The SHub
subsystem snoops the IGMP traffic between the LIMs and the network. Both router
and host functions on the LIM act independently of each other, queries sent to users
can be independent of receiving queries from the NT/SHub subsystem.
IGMP functions
There are two main functions performed by IGMP: handling of general IGMP
inquiries and IGMP zapping.
When the network interfaces of the network element receive a general IGMP query
from a network router, the IGMP proxy responds to the query and sends an IGMP
membership report message toward the network for each multicast group to which it
is subscribed.
IGMP zapping occurs when a user subscribes to a specific multicast stream, and then
unsubscribes from that multicast stream. When a user changes from one multicast
stream to another multicast stream, they unsubscribe from one stream, then subscribe
to another. A zap request is a combination of a leave message and two consecutive
report messages.
The network element implements an IGMP proxy to aggregate the IGMP reports
from users and limits the amount of IGMP messages at the network side. The
network element implements an integrated IGMP proxy.
The network element supports the two multicast VLAN models, as described in
Table 10-3.
Model Description
Cross-VLAN Multicast is delivered on a VLAN different from the one to which the user is
connected. All membership groups must be configured.
Intra-VLAN Multicast is delivered on the same VLAN as the one to which the user is
connected. Both configured and unconfigured groups are supported.
When the network element receives a join/leave request from the user, it performs a
query in the multicast source table with a key equal to the group IP address. There
are two ways the network element can resolve the routing request. The network
element performs:
cross-VLAN multicast routing if a matching entry in the multicast source table is
found
intra-VLAN multicast routing if a matching entry is not found
When a matching entry is found, the network element sets a tag in the join/leave
frame with the VLAN ID from the record. Further communication with the network
is performed with that VLAN ID. The multicast stream is then sent to the VLAN with
the replaced ID.
There is always a VLAN ID in the multicast source table. If the multicast group
requested by the user appears in the multicast source table, the VLAN ID in the tag
of the received IGMP packet is replaced by the VLAN ID found in the multicast
source table. If no corresponding entry was found in the multicast source table, the
IGMP packet is forwarded within the VLAN as it was tagged when it entered the
network element.
The network element performs intra-VLAN multicast routing if the multicast source
table query yields no matching result. The system records the VLAN ID in the
join/leave request from the default VLAN ID assigned to the port from which the
join/leave request originated (in case no VLAN ID is present). This VLAN is then
used for further communication with the network.
When the join/leave request comes from the cascading interface, this means that the
request was received at the SHub subsystem and that the central processor on the
network element LIM has already checked the multicast source table. The
cross-VLAN and intra-VLAN checking is done at the LIM.
For pre-configured multicast streams, a preventive traffic control is adopted in the
network element when handling an IGMP join request. A user can join the requested
multicast stream only when the allocated bandwidth for multicast is sufficient to
accommodate the new stream.
IGMP control
IGMP
If the user subscribes to a multicast group that is configured in the multicast source
table, the default VLAN ID of the user and the VLAN ID of the multicast source do
not need to be the same. When a user subscribes to a group within the multicast
group, the network element sends a join request to that group with the VLAN tag of
the multicast source provider.
If the user subscribes to a multicast group that is not configured in the multicast
source table, intra-VLAN multicast routing is performed, which means that the
multicast service can only be provided within a VLAN.
Cross-VLAN multicast routing has several advantages:
Cross-VLAN multicast routing for well-known multicast service groups can save
downstream bandwidth. For example, when a well-known multicast service
stream is requested by users from different VLANs, only one copy is needed.
With intra-VLAN multicast routing, several copies of that stream need to be sent
to the network element.
On the user side, you can have only one IGMP channel and one IPoE VLAN.
The IGMP proxy uses the information from the multicast source table to check
whether an end user has enough resources available to receive the stream.
The multicast source table can support up to 1024 multicast group entries. The
multicast source table is the same for all network elements in the same cascade.
User authentication is determined using information in both the multicast source
table and the IGMP channel table.
User authentication is determined using information from both the multicast source
table and the IGMP channel table.
Aggregation function
The objects used to configure and manage the enhanced IGMP snooping function are
presented in the following MIB tables or groups:
IGS system group
IGS VLAN group
VLAN-based multicast forwarding table
VLAN-based router port table
VLAN-based filter table
The network element supports IGMP multicast on IPoA user interfaces when IP
forwarding is enabled. To support multicast routing on IPoA, user IP addresses are
used instead of user MAC addresses to distinguish between the users.
IGMP multicast on IPoA has the following characteristics:
IP anti-spoofing support; IGMP messages from users that are not learned by the
network element on the incoming interface are discarded.
auto-detection of the encapsulation type
support for configured multicast streams (video) only.
Multicast on IPoA does not support intra-VLAN multicast routing.
Nonconfigured multicast streams (internet) are not supported, since the default
VLAN that is used to send IGMP messages to the network for unknown multicast
streams, cannot be configured on IPoA interfaces.
When the end user has preview rights for a given multicast group, the end user can
freely access the channel up to some predefined period. The frequency of subsequent
previews shall be limited per end user so as to avoid service theft.
A preview session is controlled by the following attributes:
The maximum duration for the preview session:
Per multicast channel: from 1 to 6000 s in multiples of 1 s.
The maximum number of preview sessions per reset period:
Per multicast channel: from 1 to 100 times.
The blackout period after each preview:
The time the end user must wait before he can watch a next preview session for
the same multicast stream.
Per multicast channel: from 1 to 7200 s in multiples of 1 s.
The reset period:
A pre-defined period of time in which the maximum number of preview sessions
is restricted.
Configurable system-wide: with a specific time on a day of the week (1 to 7), or,
a day of the month (1 to 31). For example, the operator can reset the counter at a
specific time, say 04:00, on all Mondays or, on every 1st, 11th, 21st of the month.
The preview recognition time:
The minimum time that an end user must watch a preview session before it is
considered as to be counted with regerd to the maximum number of preview
session threshold per reset period.
Configurable system-wide per system basis: from 1 to 120 s in multiples of 1 s.
The recognition time is used to determine that the preview session is valid. That
is, when the duration on the preview channel is shorter than the preview
recognition time, the preview counter is not increased and the blackout duration
timeout is not started.
The Call Data Record (CDR) recognition time:
The minimum time an end user must watch a preview session befor it is
considered for CDR generation. This attribute applies to full-view sessions too.
In order to support the operator with an overview of the multicast join and leave
activities on the DSL line (for example, for billing purposes, to distinguish between
popular and non-popular multicast streams and so on), the ISAM generates
autonomously CDR records whenever a DSL line initiates:
A subscription for a preview session
A subscription for a full-view session
A subsription outside its access rights
A subscription fro a preview session and the max number threshold has been
exceeded
A subscription for a preview session during the black-out period.
The generated CDR records are temporarely stored in a volatile memory buffer on
the LT board. At periodic time intervals, these memory buffers are retrieved by the
NT board which stores these CDR records in a compressed format in a file and
dedicated partition on the system disk. This partition may keep up to 8 hours of
generated CDR records.
An external management platform will periodically (typically 4 hours) request the
ISAM to transfer the compressed CDR files (by means of the TFTP protocol). This
external management platform is responsible to do any further correlation.
11.1 Introduction
These services must be delivered with the appropriate level of QoS. In the case of
xDSL access networks with Ethernet aggregation, there are a number of network
elements, for example, BRAS, IP edge routers, 7302 ISAM, or CPE, that must each
give the correct priority treatment to the various application flows.
This is achieved by classifying these application flows at the ingress of the network
into a limited set of aggregate flows that are characterized by certain QoS markings.
The different network elements will then provide per-QoS class queuing and
scheduling for these aggregate flows.
The following section provides an overview of the role played by the network
element in end-to-end QoS.
From a high-level point of view, packets may be subject to the following traffic
engineering steps while traversing the NE in the upstream direction. On the
subscriber interfaces at ingress the following applies:
Traffic filtering by way of Access Control Lists (ACLs)
It is possible to filter out certain packet flows based on multi-field classification
at layer 3/4 or layer 2
DSCP or p-bit marking
A number of DSCP or p-bit marking possibilities exist:
The simplest one is to not perform any DSCP or p-bit marking at all. This implies
that QoS markings received from the end user are accepted as they arrive. This
possibility is useful in case of trusted end user devices (for example, in a business
context).
A variation on this theme is the enforcement of a DSCP or p-bit marking contract.
In this case, QoS markings received from the end user are taken into account, but
they are subject to a contract that specifies what DSCP or p-bit markings are allowed
and what QoS markings need to be re-marked. In essence, this functionality
provides support for correct marking in case of multi-QoS Service Access Points
(SAPs).
Default DSCP or p-bit marking. In this case, all packets on the interface will be
re-marked to the configured value.
In addition to the above, it is possible to use multifield classification into QoS
subflows, and (re-)mark packets that belong to the subflow.
Ingress policing
End users are subject to certain traffic contracts that specify how much traffic
they can send towards the network. To enforce these contracts, policers will be
installed. A policer may apply to an entire subscriber interface or to QoS subflows
within the subscriber interface. In this context, a QoS subflow (or subclass) is
defined as all the packets flowing through the interface that are bound by a
subcontract and desire a specific common treatment. Out-of-profile traffic can be
subject to packet drop, but also to color remarking.
After traffic engineering on the ingress interfaces of the LIMs, packets will be
forwarded in the context of a Virtual bridge, VR, or VLAN X-connection. Finally,
packets will be subject to per-QoS class queuing and scheduling at the egress
interfaces of the SHub subsystem.
In the downstream direction, frames ususally arrive in the NE with DSCP or P-bits
that are properly marked by service-aware edge devices (BRAS, edge-router,
application gateway, and so on). If this is not practical for some reason, the SHub can
align the P-bits to the DSCP found in the packet IP header.
No traffic engineering will be done at ingress on the network interfaces. The idea
here is that ingress policing and ACLs at the service provider level have already been
applied in a (access provider-owned) box deeper in the network.
After the forwarding decision, the following traffic engineering steps can be
performed on the subscriber interfaces at egress (intelligent line cards only):
Egress policing
End users are subject to certain traffic contracts that specify how much traffic
they can receive on their DSL connection. To enforce these contracts, policers
will be installed. A policer may apply to an entire subscriber interface or to a QoS
subflow (that is, priority flow) within the subscriber interface.
Classification of traffic into QoS classes based on P-bit markings
Per QoS class queuing and scheduling
In the downstream direction, separate QoS queues are provided per DSL line.
Buffer acceptance control can be done by way of Tail Drop or Random Early
Detect (RED).
Four main traffic classes have been identified: Voice, Video, Controlled Load (CL)
and Best Effort (BE). These traffic classes together with their application and
recommended 802.1p value are listed in Table 11-1.
This approach segregates network control, voice and video-telephony into the
highest priority traffic class, broadcast video and video-on-demand into the second
traffic class, business customer data traffic into a third traffic class, and residential
customer data traffic into the fourth.
The scheduling model we seek to employ both on aggregates and on individual DSL
ports is presented in Figure 11-1. Voice gets absolute priority, then video, while CL
and BE (the two traffic classes relying mostly on TCP) will be protected from each
other by way of a bandwidth-sharing scheduler.
This model implies that both voice and video traffic are very well contained and only
trusted sources are allowed to use the high-priority traffic classes.
Voice
Video SP
CL
WFQ
BE
upstream
Segregation into
GE output buffers Per-DSL
Per-DSLline
li Input ATM DSL
aggregate (802.1P aggregates) Policing processing
processing reassembly
reassembly
or EFM reassembly
The input-processing entity stands for all protocol and forwarding-plane processing
functions. Each frame received from the network interface will have a handler or
meta-data that will contain all the fields needed by subsequent QoS-related
functions.
The next phase is the classification, policing and segregation process within a DSL
link; see Figure 11-3.
Session rate limitation is achieved by way of policing. Policing can be done per
terminated IP session, PPP session, 802.1x session, or per PVC with the following
subsets:
PVC
PVC.VLAN
Both upstream and downstream policing is possible with possibly asymmetrical
values. Granularity of policing rates is 8 kb/s.
PPP session policing is only applicable when the sessions are terminated on the NE.
If the NE is not in the terminating node, PPP sessions are not to be rate limited by the
NE.
IPoA sessions are unique per PVC, and identified by way of the configuration of the
PVC.
The NE handles policer conflicts in such way that, for each frame, the policer
installed on the highest layer of the interface hierarchy will be applicable. No frame
will be policed by more than one policer.
The weight, used for calculating average buffer sizes in RED, is not configurable.
RED-parameters to be set are: low buffer thresholds, high buffer threshold, max drop
probability. There are also profile-based BAC parameters that can be configured.
A WFQ scheduler ensures fair redistribution of the remaining bandwidth between
CL and BE traffic. BAC is either tail drop or RED per downstream queue.
Figure 11-4 shows the Ethernet-to-ATM QoS transition.
Segmentation
buffers
VOICE VC1
Add correct
VPI/VCI VC2
VIDEO 1 frame
SP fields
VC3
CL Rate limitation to
WFQ DSL bandwidth
DSL
BE
Ethernet (frame level)
scheduler
Scheduling is done solely on the Ethernet frame level, even for ATM-based DSL
flavors.
The queuing decision (within a DSL port) is independent from the forwarding
decision. There is no explicit fairness between different PPPoE or IPoE sessions
within a DSL link. Their peak rate is enforced independently by way of policing, and
then they share the same First In First Out (FIFO) per traffic class.
Marking is generally applicable upstream, although with the policy framework, it is
possible to modify downstream code points. Packets may arrive from user PVCs
tagged, untagged, or priority-tagged. There is a per-PVC remarking table from all
user-defined P-values to allowed ones. Untagged frames can be marked based on
PVC or VLAN defaults (statically configured) or can be marked as received from
RADIUS in the QoS session profile.
Downstream, frames are expected to arrive correctly marked for priority. If the video
feed interface is a dedicated Ethernet interface, a default P-value can be attached to
video frames. If, for various reasons, it is impractical to set the P-bits in the upstream
node, the NE allows to align the P-bits to the DSCP for IP packets incoming on the
SHub interfaces.
The NE allows also DSCP-marking for various subrscriber SAPs. DSCP-remarking
is also possible, just like P-bit remarking for tagged and priority-tagged frames.
Finally, a global DSCP-to-P-bit alignment table is provided to align DSCP-marked
traffic on selected interfaces to P-bits, as traffic segregation still relies on P-bits.
PPP-session marking for P-bits is possible based on the QoS session profile
attributes.
The network element uses QoS profiles to perform ingress and egress traffic
policing, class queuing, and scheduling. QoS profiles can be created and then
assigned to QoS resources and SAPs. These are the types of QoS profiles:
CAC profile
Marker profile
Policer profile
Queue profile
Scheduler profile
Session profile
policy rule
layer2 filter
layer3 filter
policy action list
CAC profile
A CAC profile is primarily used to perform multicast video admission control for an
individual xDSL port in the downstream direction. The maximum downstream
bandwidth to be occupied by video can be further constrained by setting the
maximum multicast bandwidth parameter in the CAC profile. CAC profiles are
applicable on the LIMs, but not to interfaces on the SHub subsystem.
A CAC profile contains three configurable rate parameters:
the maximum allowed bandwidth for voice
the maximum allowed bandwidth for multicast video
the maximum reserved bandwidth for data traffic
The system derives the guaranteed line rate from the modem and calculates an
estimate of the available Ethernet bandwidth. In the profile, you can reserve a part of
the available downstream bandwidth for voice and data applications, and the
remaining part will be kept by the system as the available bandwidth for multicast
video. Only pre-configured multicast streams are considered for CAC. Unicast
video, regardless of whether or not it is premium content or generic internet
streaming video, is ignored by the CAC function.
A CAC profile can be associated with an xDSL interface, using the QoS DSL link
configuration command, see the Operations and Maintenance using CLI and the CLI
Commands documents for more information.
Marker profile
The marker profile is a building block of the QoS session profile. The marker profile
is used to convey upstream marking settings to the service access point.
The marker profile carries a flag for enabling DSCP to P-bits alignment of the SAP,
based on the global DSCP to P-bits alignment table of the layer3 cards. This allows
to specify the SAP default P-bits, the DSCP, or the DSCP contract table (depending
on the SAP type).
Six types of marker profiles exist:
single dot1p
DSCP contract
dot1p and DSCP
single DSCP
dot1p and DSCP contract
DSCP to dot1p alignment
See the Operations and Maintenance using CLI and the CLI Commands documents
for more information about marker profiles.
Policer profile
The network element uses policer profiles to enforce predetermined limits on
upstream and downstream subscriber traffic. These are single-token bucket policers
where the action upon the conformance result is either pass or discard. The layer3
LIMs support policing, both upstream and downstream . The SHub subsystem
supports ingress policing on externam interfaces, but it does not rely on policer
profiles.
Using a policer profile, you can set the committed information rate and the
committed burst size in 8 kb/s increments up to a maximum of 64 Mb/s for both
upstream and downstream policing. You need to create a separate policer profile for
each direction. When you create and configure a session profile, you have the option
to associate both an upstream and a downstream policer profile with that session
profile. Once configured and associated, policing is applied to all frames within the
session with which the policer profiles are associated. As such, rate enforcement is
performed uniformly for all subscriber lines that are associated with that session
profile.
Queue profile
The QoS queue profile is a BAC profile that contains admission control information
for frames arriving at the buffer from the services side of the network. Two types of
queues are supported on the LIMs: RED and tail drop.
A RED queue has three configurable parameters: the minimum number of frames to
queue before starting to discard, the maximum number of frames that will ever be
queued at one time, and the probability of a frame being discarded. Arriving frames
are queued until the minimum value is reached. Frames received after the minimum
is reached have the set discard probability chance of being discarded.
For tail drop queues, you only configure the queue size. Queue size is set as the
number of frames that can be stored in the queue. Arriving frames are queued as long
as the queue is not full. After the queue is full, all incoming frames are discarded until
the queue can transmit a frame over the xDSL line and space in the queue is made
available.
Scheduler profile
Each DSL port has four queues that are used to prioritize and buffer downstream
traffic. The highest priority queue is recommended for voice, followed by one for
video, next there is a controlled-load queue, and finally the BE queue.
The controlled-load and BE queues are prioritized based on a percentage using a
WFQ. The scheduler profile is used to change the default weight of the
controlled-load queue, which is set at 66%. The BE queue is auto-adjusted to yield a
sum of 100% and so no weight adjustments are required. You assign a scheduler
profile to a xDSL port to change the default weight of the controlled-load queue. You
can use scheduler profiles with the layer3 LIMs.
Session profile
The QoS session profile is the main building block for conveying user traffic,
contractual rights, and treatment of subscriber services through the network element.
This profile is a macro profile that has its own parameter settings, as well as
references to other profiles.
A QoS session profile is always a user logical interface. Please consult the CLI
Commands for the most recent list of supported SAP types.
A QoS session profile is composed of a logical flow type, a marker profile and two
policer profiles for up and downstream policing of the logical interface to which a
certain session profile is attached.
1..n 1..m
QoS Policy
Table
QoS Policer QoS Marker QoS L2 Filter QoS L3 Filter QoS Policy
Table Table Table Table ActionTable
The logical flow type parameter constrains the usage of a session profile to the
intended interface type. However, if the logical flow type is null (generic), the
session profile can be attached to any interface, provided that the settings inside the
profile can be configured on the target hardware. It is advised to always create
specific profiles for specific interface types to avoid wrong configurations.
A set of nonconflicting actions can be grouped in a Policy Action list. This includes
a default disposition (permit/deny statement for ACL functionality), setting P-bit and
DSCP and policing. All packets identified by way of the associated filter can be rate
limited by way of a policer instance. Some subflow policies can share common
attributes, such as policing. The Sharing property of a policy action table enables
or disables policer sharing. Policer sharing will be used when the same policy action
list is referenced more than once on the same SAP in the same direction, and if the
Sharing attribute was set to enable.
Up to 16 policies can be defined for upstream traffic per SAP and up to 4 in the
downstream direction. This is in line with the typical requirements, as more security
policies are required in the ingress direction, while in the egress, mostly only traffic
class rate limitation applies.
There is a complex sanity check in place for avoiding conflicting policies, such as
filtering on MAC DA for IPoA traffic, and so on. In the downstream direction, code
point modifications are supported.
NEs can be connected in cascade, star, or ring topology, except when there is a ring
behind a Hub NE.
Cascading should not be done with interfaces that have smaller bandwidth than the
Hub NE. If the network scenario requires this, this may have severe QoS
consequences and basically constrain the services to voice plus best effort.
Cascading increases network delay.
Multicast streams should be configured statically, such that all multicast streams are
always sent to the last NE from the cascaded chain, otherwise zapping times will
increase.
12.1 Overview
Statistics are useful counters that you can retrieve to determine the health and
operation of elements in a network. You can retrieve the statistics for the 7302 ISAM
and the 7330 ISAM FTTN using CLI, TL1, or Element Management System (for
example, 5523 AWS or 5526 AMS). See the following documents for detailed
information and the commands for retrieving statistics:
Operations and Maintenance Using CLI
Operations and Maintenance Using the 5526 AMS
(7330 ISAM FTTN only)
CLI Commands
TL1 Commands and Messages
13.1 General
Inverse Multiplexing for ATM (IMA) allows an ATM cell stream to be transported
on a number of lower-rate physical links (for example, several E1 span lines). This
is done by grouping these physical links into a single logical transport channel. The
bandwidth of this logical channel is approximately equal to the sum of the
transmission rates of the individual links in the IMA group.
Physical link #1
PHY PHY
Single ATM Cell stream Original ATM Cell
from ATM layer stream to ATM layer
Physical link #2
PHY PHY
In the Tx direction, the ATM cells are distributed across the linke in a round robin
sequence.
In the Rx direction, the ATM cells are recombined into a single ATM stream.
Topology
Each Line Termination (LT) unit that has IMA capability can support the following
IMA group sizes:
1 link in native mode (so called "Native-PHY line"). Such a link is a link without
IMA sublayer. This allows to connect CPE equipment, that is non-IMA capable,
to be directly connected to the NE.
1 link using the IMA protocol
2 to 8 SHDSL links using the IMA protocol
Apart from this individual group limit, the number of links that are actually
combined in one or more IMA groups is only limited by the total links of the IMA
device, which is maximum 24 links.
There is one IMA subsystem per 24-ports SHDSL LT. The IMA subsystem is the
hardware unit providing IMA functionality.
On 48 ports SHDSL LTs, the IMA is implemented as two independent subsystems
of 24 lines. Crossover between the lower and upper groups of 24-line IMA
subsystems is not allowed.
ISAM CPE
LT Native PHY
CPE
NT
LT CPE
SHDSL IMA
Native IMA
LT CPE
NT
IMA Native
LT CPE
NC
IMA Native
LT CPE
Native CPE
IMA
14.1 Overview
This chapter describes alarm management and programmable TCA alarm filters for
the 7302 ISAM and the 7330 ISAM FTTN. Table 14-1 lists the information available
in this chapter.
Contents Section
Alarm management enables you to manage alarm reporting for the NE. You can
manage the following alarm attributes and alarm reporting functions for all basic
system alarms, interface related alarms, derived alarms, and TCA alarm indications:
alarm identification and definition
alarm severity (intermediate, warning, minor, major, and critical)
alarm lists and logs
alarm filters
Alarm filters you configure at the NE affect how the NE reports its own alarms, as
well as alarms it receives from connected subtended NEs and from connected remote
expansion units. See 7302 ISAM | 7330 ISAM FTTN CLI Commands and the
7302 ISAM | 7330 ISAM FTTN TL1 Commands and Messages documents for alarm
management command definitions.
You can view alarm types and definitions as they are recorded in alarm lists and logs
using the TL1, CLI, 5526 AMS, or the 5528 WAM. See the
7302 ISAM | 7330 ISAM FTTN Operations and Maintenance Using CLI for a
complete listing of all alarms, along with their definitions. Alarm definitions are not
user configurable.
You can configure an identification attribute for alarms to identify if the alarm is
considered to be service affecting or non-service affecting. See
7302 ISAM|7330 ISAM FTTN CLI Commands and the
7302 ISAM|7330 ISAM FTTN TL1 Commands and Messages documents for alarm
management command definitions.
Alarm severity
Managed alarms are assigned a default minimum alarm severity level. There are five
alarm severity levels listed in ascending order of severity:
intermediate
warning
minor
major
critical
When an alarm level equals or exceeds its minimum severity level, that alarm is
forwarded to the alarm reporting and logging filters where it is reported and logged
as defined for that particular alarm. For TCA alarms, when the TCA feature is
enabled for an xDSL subscriber line, alarm indications are always sent to the alarm
reporting and logging filters. Whenever a minor, major, or critical alarm is received,
the corresponding alarm LED on the faceplate of the alarm control unit installed in
the shelf activates.
You can configure the minimum alarm severity of an alarm using the CLI. See
7302 ISAM | 7330 ISAM FTTN CLI Commands for alarm management command
definitions. It is also possible to disable alarm reporting for individual alarms.
Changing the minimum severity level for an alarm only affects new alarm events and
does not affect alarm indications that have already passed through the alarm
reporting and logging filters.
The current alarm list and the snapshot alarm list display alarm activity when
initiated by the user. The alarm severity delta logging list is a log of alarm indications
that can be accessed at any time and contains a historic record of alarm events. Only
alarms that have their alarm mode enabled appear on these alarm lists.
Alarm filters
There are three types of filters:
alarm logging filter
alarm reporting filter
programmable alarm filters
The alarm logging filter determines if the alarm indication should be processed and
recorded in one of the five alarm severity delta logging lists. The alarm reporting
filter determines if the alarm indication should be processed for a current view or
snapshot list. Programmable alarm filters enable you to customize how alarm
reporting occurs for specific diagnostic and monitoring scenarios.
Alarm filtering applies to non-interface related alarms, such as equipment failure
alarms, and interface related alarms that involve ATM and xDSL interfaces. It is
possible to enable and disable alarm filtering for individual alarms.
There are two types of programmable alarm filters: temporal alarm filters and spatial
alarm filters. You can define a maximum of 31 temporal alarm filters and 31 spatial
alarm filters. See the 7302 ISAM | 7330 ISAM FTTN TL1 Commands and Messages
documents for programmable alarm filter command definitions.
When you use programmable temporal or spatial alarm filters, the system raises a
derived alarm whenever the conditions of the alarm filter are met. The resulting
derived alarm has the same identification parameters as the alarm filter that
generated the derived alarm.
Alarm
severity
15 15 15 15
minutes minutes minutes minutes
Set
level
Time
1 2 3
Derived Derived
alarm ON alarm OFF
18311
The derived alarm condition remains on until the end of the filtering window and is
cleared at the end of each filtering window time period.
Temporal alarm filters are useful for TCA alarms which can be raised frequently.
Using temporal alarm filters, you can filter out minor TCA alarm indications and
provide better visibility of major TCA alarm conditions.
Using spatial alarm filters, you can create a unique alarm condition such that when a
specified group of individual alarms are raised, a derived alarm is reported. This is
used to identify alarm conditions that are characterized by a certain set of alarm
conditions occurring simultaneously.
Identification of alarm filters and derived alarms consists of two main parts: a type
identifier and a number. Temporal and spatial alarm filters have a unique filter type
identifier. Derived alarms have a unique alarm type identifier. The number used in
the identification of derived alarms matches the number assigned to the alarm filter
that generates the derived alarm. Additionally, each derived alarm entry recorded in
alarm reporting and logging lists contains the identification of the affected
component. In the case of an interface related derived alarm, the identification of the
affected interface is provided.
The state change of a derived alarm must pass through the alarm reporting and
logging filters before being added to the alarm reporting lists and the alarm severity
delta logging list. A derived alarm that is generated from a temporal filter is
identified as an interface related alarm if the basic alarm being referenced by the
filter is also an interface related alarm. The derived alarms generated from spatial
alarm filters are always identified as non-interface related alarms.
You can change these settings for the derived alarm, but not if the alarm filter is
active. You must first deactivate the alarm filter.
After the filter is deactivated, you can configure the filtering threshold, filtering
window, and the alarm to which the filter applies. Once configured, you must
manually reactivate the alarm filter. See the 7302 ISAM | 7330 ISAM FTTN TL1
Commands and Messages documents for programmable alarm filter command
definitions.
Alarm reporting
Alarm reporting occurs differently, depending on whether or not alarm filters are
configured for the basic alarm. If no alarm filters are configured for the basic alarm,
then alarm state changes of the basic alarm are always reported to the appropriate
alarm reporting and logging lists when the alarm conditions are met.
If a temporal alarm filter is configured for a basic alarm, only state changes of the
derived alarm are recorded in the appropriate alarm reporting and logging lists during
the time period when the derived alarm is on. During the off period, state changes of
the basic alarm are recorded in the appropriate alarm reporting and logging lists.
With spatial alarm filters, both the derived alarm state changes and the basic alarm
state changes are recorded in the appropriate alarm reporting and logging lists.
The 7302 ISAM and the 7330 ISAM FTTN ARAM-D host shelf provide Metallic
Test Access (MTA) to the xDSL lines.
During turn-up of a subscriber line, the operator can test the line to verify whether it
is suited to carry the promised xDSL service. After the service has been established,
the operator can also perform a variety of tests during routine or diagnostic tests.
Testing using MTA can be either single-ended or dual-ended.
Note Only full MTA requires all the test access modes.
RTU RTU
xTU-C xTU-C
Equipment pair Equipment pair
LPF LPF
DSLAM DSLAM
PSTN PSTN
Line
Facility pair
RTU
xTU-C
Equipment pair
LPF
DSLAM
PSTN
Split Access
The two following access modes are partial implementations of the split-access
mode and are called limited test access:
Limited outward access mode
Provides a breaking connection that allows the test system to test outwards
toward the line. The Low Pass Filter (LPF) and the line to the Public Switched
Telephone Network (PSTN) remain connected to the line. This limits the number
of measurements that the test system is capable of.
Undisturbed outward access mode
Provides a breaking connection that allows the test system to test outwards
toward the line. The LPF and the line to the PSTN are either not present or they
have been removed from the line. This ensures that the measurements are not
disturbed by the presence of the LPF or the DC battery voltage that is put on the
line.
RTU RTU
x-TU-C x-TU-C
Equipment pair LPF Equipment pair LPF
DSLAM DSLAM
PSTN PSTN
Single-Ended Line Testing (SELT) can be performed from the CO without need for
support by the CPE or by a craftsperson at the customer premises. The SELT works
together with external data analysis software, such as the Alcatel 5530 Network
Analyzer (NA), to provide loop prequalification and maintenance of the network.
SELT is based on Frequency Domain Reflectometry (FDR). An excitation signal is
sent on the line and its echo response is analysed. Processing of the echo response is
done in the NA. The polarity and the position of the reflections indicate the loop
length, attenuation, presence of gauge wire changes and bridge taps of the line under
test.
The operator can check the presence of an interconnection to the Main Distribution
Frame (MDF). This feature can be of interest in situations where this interconnection
is being provisioned by a third party.
SELT has the following limitations:
SELT measurement is only possible on one DSL line at a time
Only one measurement at a time is possible
The NE does not check possible conflicts between the actual state and usage of
the DSL line that is being checked with SELT. The operator has to make sure that
a DSL line is available for testing, before starting the measurement on it.
loop topology mixed wire gauges (2 loop types): 0.4 mm and 0.5 mm or
24 AWG and 26 AWG are supported
NAS-Port
The system sets the NAS-port attribute as described below:
802.1x sessions:
The NAS-port attribute contains the ifIndex of underlying bridge port.
PPPoE sessions:
The NAS-port attribute contains the ifIndex of the PPPoE sessions.
NAS-Port-Id
The system sets the NAS-Port-Id attribute according to the following text format:
atm <rack>/<shelf>/<slot>/<DSL-Line>:<VPI>.<VCI>
The fields indicated between "<" and ">" is the information retrieved from the
management model:
Rack & shelf:
Rack and shelf number of the board that terminates the DSL line. Each item is
represented with 1 ASCII character.
Slot & DSL-line:
Slot number and port number of the board and of the DSL-line within the board,
each item is represented with 2 ASCII characters that correspond with the
decimal number.
For example, port 12 is represented with character "1" followed by character "2".
Port 5 is represented by character "0" followed by character "5".
VPI:
VPI represented with between 1 and 3 ASCII characters, using the number of
characters that is needed.
For example, VPI 12 is represented with character "1" followed by character "2".
VPI 5 is represented by character "5". VPI 0 is represented by character "0".
VCI:
VCI represented with between 1 and 5 ASCII characters, using the number of
characters that is needed.
For example, VCI 32 is represented with character "3" followed by character "2".
The fixed separators, including the blanks are characters that are inserted in
between the previous characters.
General
Vendor ID 637 is used for ISAM.
The vendor specific attribute type has a length of two bytes long where the highest
byte is the project ID and the lowest byte is the project specific attribute ID.
The project ID 7 is assigned to ISAM project. This means that the vendor specific
attribute range from 1792 to 2047 will be used for ISAM.
VRF-Name
VLAN-ID
QoS-Profile-Name
The QoS-Profile-Name is a character string of maximum 32 characters identifying
the QoS user profile configured in the system. The QoS user profile contains both
marker and policer information.
Note: This attribute cannot be specified together with QoS-Parms attribute.
Vendor Type: 1794
Vendor Length: 4 < length < 35
Vendor Value: STRING
Packet: Access-Accept
QoS-Parms
Note: This attribute cannot be specified together with QoS-Profile-Name attribute.
Vendor Type: 1795
Vendor Length: 4 < length < 249
Vendor Value: STRING
Packet: Access-Accept
ES Expansion Shelf
An expansion shelf using the same shelf (ARAM-D) as the
7330 ISAM FTTN host shelf, but with some different units installed to
provide additional subscriber line connections for the host shelf.
ESD Electrostatic Discharge
ETR Extended Temperature Range
ETSI European Telecommunications Standards Institute
The European counterpart to ANSI. Established to produce
telecommunication standards integration in the European community for
users, manufacturers, suppliers, and Post Telephone and Telegraph
administration.
EVLT-A xDSL Line Termination Unit
A card that supports connectivity between an NT unit and ADSL, VDSL,
and VDSL2 subscribers through the VPSC-D applique.
FDM Frequency Division Multiplexing
Multiplexing in which several independent signals are allocated separate
frequency bands for transmission over a common channel.
FE Fast Ethernet
FENT Fast Ethernet Network Termination
FIB Forwarding Information Base
The FIB is an internal table containing only the IP routes actually used by a
router to forward IP traffic.
FIFO First In, First Out
FPGA Field Programmable Gate Array
An integrated chip with functions that can be programmed by software.
FTP File Transfer Protocol
GE Gigabit Ethernet
Ethernet interface running at 1000 Mb/s.
GENC-E Alarm Control and Host Expansion Interface unit
An alarm control and host expansion interface unit that performs multiple
functions and provides additional optical Gigabit Ethernet connectivity and
expansion links for the ARAM-D shelf.
GENC-F Alarm Control and Host Expansion Interface unit
An alarm control and host expansion interface unit that performs multiple
functions, including ITSC, and provides additional optical Gigabit Ethernet
connectivity and expansion links for the ARAM-D shelf.
D NT redundancy
D layer 3
forwarding, 6-3
derived alarms, 14-2, 14-5 protocol handling, 7-2
DHCP license
layer 2, 5-8 management, 3-6
layer 3, 7-11 logging alarms, 14-3
E M
ethernet management
FE, 1-11 cluster, 3-2
CPE remote, 3-4
F license, 3-6
user IP address, 6-6
FE
MTA
about, 1-11
in 7302 ISAM, 15-3
I in 7330 ISAM FTTN, 15-4
TAC, 15-4
iBridge mode test access modes, 15-2
about, 4-4 multi-ADSL
port and protocol based classification, 4-16 ADSL, 1-2
port based classification, 4-16 ADSL2, 1-3
IGMP ADSL2+, 1-4
about, 10-2 bonding, 1-5
functions, 10-9 INP, 1-9
modes, 10-8 READSL2, 1-5
parameters, 10-12 SELT, 15-5
PPV, 10-16 multicast
proxy, 10-6 about, 10-2
snooping, 10-7 IPoA, 10-16
INP parameters, 10-12
calculation, 1-9
IPoA N
cross-connect mode, 4-17
non-service affecting alarms, 14-2
IGMP, 10-8
NT redundancy
multicast, 10-16
about, 2-2
IPoE
combined link and equipment protection,
IGMP, 10-8
2-4
L equipment only protection, 2-4
independent link and equipment protection,
LACP 2-6
about, 5-3 link only protection, 2-2
layer 2 NT protection and passive link protection,
forwarding, 4-2 2-9
protocol handling, 5-2 subtending system protection, 2-10
O VDSL
O R
OSPF-2 RADIUS
layer 3, 7-4 authentication, 9-2, 9-5
data encryption, 9-6
P server and proxy, 9-3
READSL
PPPoE about, 1-5
about, 5-12 remote CPE
IGMP, 10-8 management, 3-4
layer 3, 7-8 RIP
PPPoA to PPOE relay, 5-12 layer 3, 7-3
PPPoE relay, 5-12 RSTP
PPPoE relay in 7302 ISAM, 5-5
IGMP, 10-8 in 7330 ISAM FTTN, 5-5
programmable alarm filters, 14-5
configuration, 14-6 S
spatial alarm filters, 14-5
temporal alarm filters, 14-5 SELT
about, 15-5
Q multi-ADSL, 15-5
VDSL, 15-6
QoS service affecting alarms, 14-2
about, 11-2 snapshot alarm list, 14-3
CAC, 11-9 statistics
downstream, 11-4 about, 12-2, 13-2
on LIMs, 11-5
on SHub subsystem, 11-5 U
policy framework, 11-14
profiles, 11-10 user
subtending model, 11-15 accounting, 6-5
traffic classes, 11-4 authentication, 6-5
upstream, 11-3 authorization, 6-5
QoS profiles IP@ management, 6-6
CAC profile, 11-10 service provider selection, 6-6
marker profile, 11-11
policer profile, 11-11 V
queue profile, 11-11
scheduler profile, 11-12 VBAS
session profile, 11-12 query, 5-7
response, 5-7
VDSL
about, 1-6
INP, 1-9
SELT, 15-6
VDSL2
about, 1-6
VLAN cross-connect
about, 4-3
C-VLAN cross-connect, 4-7
protocol aware cross-connect, 4-12
S-VLAN cross-connect, 4-8
S-VLAN/C-VLAN cross-connect, 4-9
VLAN + P-bits cross-connect, 4-10
VLAN stacking, 4-7
VLAN forwarding
about, 4-2
cross-connect mode, 4-3
iBridge mode, 4-4
VLAN frame
frame type usage, 4-15
frame types, 4-15
Customer documentation
http://www.alcatel.com/osds/
Product manuals and documentation updates are available through the Alcatel Support
Documentation and Software Download service at Alcatel.com. If you are a new user and
require access to this service, please contact your Alcatel sales representative.
Technical support
http://www.alcatel.com/support/