Professional Documents
Culture Documents
Document Control
Authors: Haluk Goktas
Change Authority: N/A
Change Forecast: low
Revision History:
Reviewers:
1. INTRODUCTION............................................................................................................................................7
1.1 Purpose.............................................................................................................................................................. 7
1.2 Audience............................................................................................................................................................. 7
1.3 Scope.................................................................................................................................................................. 7
1.4 Comments.......................................................................................................................................................... 7
1.5 Alphabetical Index of Terms............................................................................................................................... 8
2. PHYSICAL TOPOLOGY................................................................................................................................11
2.1 UPE (USER PROVIDER EDGE) NETWORK ELEMENTS...............................................................................11
2.1.1. UPE-Site Swicth Topolofy Options............................................................................................................... 11
2.2 Distributed Switch NETWORK ELEMENTS...................................................................................................... 13
2.3 NPE (NETWORK PROVIDER EDGE) NETWORK ELEMENTS......................................................................13
3. PROTOCOL DESIGN.............................................................................................................................15
3.1 IGP Routing...................................................................................................................................................... 15
3.1.1. Hierarchy and Area Architecture.................................................................................................................. 15
3.1.2. Routes to be carried in ISIS.......................................................................................................................... 16
3.1.3. Link Metric.................................................................................................................................................... 16
3.1.4. MTU size...................................................................................................................................................... 18
3.2 BGP Routing..................................................................................................................................................... 18
3.3 BGP-LU............................................................................................................................................................ 19
3.3.1. BGP-LU Design Consideration on Existing PE routers................................................................................20
3.4 Non-Stop-Routing (NSR).................................................................................................................................. 20
3.5 GRES ( Graceful Routing Engine SwitchOver)................................................................................................. 21
3.6 Fast Failure Detection....................................................................................................................................... 22
3.6.1. LFS Advantages........................................................................................................................................... 22
3.6.2. LFS Through the DWDM Transponders....................................................................................................... 23
3.6.3. Distributed BFD Sessions............................................................................................................................. 23
3.6.4. OAM LFM (Link Fault Management)............................................................................................................ 23
3.7 MPLS................................................................................................................................................................ 25
3.7.1. MPLS Network Design Options.................................................................................................................... 25
3.7.2. LDP (Label Distribution Protocol)................................................................................................................. 25
3.7.3. RSVP (Resource Reservation Protocol........................................................................................................ 26
3.7.4. End-to-End RSVP Signaled LSP................................................................................................................. 27
3.8 LLDP (Link Layer Discovery Protocol).............................................................................................................. 30
4. TRAFFIC LOAD BALANCING...............................................................................................................32
4.1 Load Balancing of the MPLS Packets............................................................................................................... 32
5. CLASS OF SERVICE.............................................................................................................................33
5.1 Forwarding classes........................................................................................................................................... 33
5.2 Packet classification and pre-classification....................................................................................................... 33
5.3 Egress Scheduling............................................................................................................................................ 34
5.4 Egress Re-write rule......................................................................................................................................... 35
6. NETWORK SERVICES...........................................................................................................................36
6.1 Inline Jflow........................................................................................................................................................ 36
6.2 RPM (Real-Time Performance Monitoring)....................................................................................................... 38
6.2.1. Timestamping............................................................................................................................................... 38
6.2.2. Reporting of Results..................................................................................................................................... 40
6.3 Ethernet OAM (Operations, Administration and Maintenance) For Services....................................................42
6.3.1. Fault Detection (CCM).................................................................................................................................. 43
6.3.2. Fault Verification........................................................................................................................................... 43
6.3.3. Fault Isolation............................................................................................................................................... 43
6.3.4. OAM on JUNOS........................................................................................................................................... 44
6.3.5. Junos Space OAM Insight Overview............................................................................................................ 44
6.4 Inline Video Monitoring..................................................................................................................................... 46
7. SERVICES..............................................................................................................................................47
7.1 eVPN (Ethernet VPN)...................................................................................................................................... 47
7.2 Multicast............................................................................................................................................................ 47
7.2.1. GLOP........................................................................................................................................................... 47
7.2.2. Administratively Scoped IPv4 Multicast Space............................................................................................. 48
7.2.3. PIM-SM........................................................................................................................................................ 48
7.2.4. ANYCAST RP.............................................................................................................................................. 48
7.2.5. Next Generation Multicast............................................................................................................................ 48
7.3 SERVICES BY MULTISERVICE CARDS ( MS-MIC )......................................................................................49
7.3.1. Logical Topology.......................................................................................................................................... 50
7.3.2. CGNAT on MS-MIC...................................................................................................................................... 50
8. SYSTEM MANAGEMENT......................................................................................................................56
8.1 Time Zone......................................................................................................................................................... 56
8.2 Root Authentication........................................................................................................................................... 56
8.3 RADIUS............................................................................................................................................................ 56
8.4 Authentication Order......................................................................................................................................... 56
8.5 Multicast ICMP Response................................................................................................................................. 56
8.6 Redirects........................................................................................................................................................... 56
8.7 Routing Engine (RE) Synchronization............................................................................................................... 56
8.8 Default Address Selection................................................................................................................................. 56
8.9 Internet Options................................................................................................................................................ 56
8.10 Location............................................................................................................................................................ 57
8.11 NTP................................................................................................................................................................... 57
8.12 Ports................................................................................................................................................................. 57
8.13 Services............................................................................................................................................................ 57
8.14 Syslog............................................................................................................................................................... 57
8.15 SNMP............................................................................................................................................................... 57
9. PLANNING..............................................................................................................................................58
9.1 HOSTNAME..................................................................................................................................................... 58
9.2 IP ADDRESSING.............................................................................................................................................. 58
9.2.1. IPv6 IP Addressing....................................................................................................................................... 59
9.2.2. Loopback Ip Address.................................................................................................................................... 59
9.2.3. IP Address Mapping to Hostname................................................................................................................ 60
9.3 AS Numbers..................................................................................................................................................... 60
9.4 VRF Route Distinguishers................................................................................................................................. 60
9.5 VRF Route Targets........................................................................................................................................... 61
9.6 Link Description................................................................................................................................................ 61
9.7 VLAN STRUCTURE......................................................................................................................................... 61
9.8 SCALING.......................................................................................................................................................... 61
10. SIGN OFF..................................................................................................................................................64
List of Figures
Figure 1: Site Swicth-uPE Topology Option 1............................................................................................................... 12
Figure 2: New Metro Network Topology........................................................................................................................ 14
Figure 3: Provincial Metro Network Topology................................................................................................................ 14
Figure 4: NSAP Address Encoding.............................................................................................................................. 15
Figure 5: Traffic Flow- Scenario I................................................................................................................................. 17
Figure 6: Traffic Flow-Scenario II.................................................................................................................................. 18
Figure 7: BGP-LU Diagram........................................................................................................................................... 20
List of Tables
Table 1: Alphabetical Index of Terms............................................................................................................................... 9
Table 2: NPE Site Locations.......................................................................................................................................... 13
Table 3: ISIS Metrics-Scenario I.................................................................................................................................... 16
Table 4: ISIS Metrics-Scenario II................................................................................................................................... 17
Table 5: MX480 Scaling Table....................................................................................................................................... 19
Table 6: RSVP timers and multipliers............................................................................................................................ 26
Table 7: Queue design and METRO network links schedulers’ parameters..................................................................33
Table 8: Mapping of Scheduler priorities to Trio Hardware priorities..............................................................................34
Table 9: Inline Jflow Performance Scaling on Different MPC Cards..............................................................................36
Table 10: RPM Management Interface.......................................................................................................................... 40
Table 11: FTEL GPOL Address..................................................................................................................................... 48
Table 12: Administratively Scoped IPv4 Multicast address............................................................................................ 48
Table 13: IETF IMIX Ratio............................................................................................................................................. 49
Table 14: CGNAT Scaling Numbers.............................................................................................................................. 50
Table 15: JFLOW Scaling Numbers............................................................................................................................... 50
Table 16: System-Location variables............................................................................................................................. 57
1. Introduction
1.1 Purpose
This document is a METRO NETWORK HLD leveraging best practices expertise and experience of Juniper
Professional Services based on a review of the FTEL business and technical requirements. It is an outcome of the
service engaged by SVTECH and will be used as input into subsequent Plan and Build Phase deliverables.
FTEL is planning of new METRO network to provide End-to-End MPL Transport to business services, L2VPN&VPLS, L3VPN,
Mobile Backhaul and multicast services (plain multicast and NG-MVPN) using SEAMLESS MPLS solution.
A tiered IP/MPLS architecture will be implemented providing scalability and resiliency. The seamless MPLS architecture is
utilized from access nodes to the core nodes.
This high-level design document is based on a review of FTEL’s business and technical requirements as a part of New
METRO Project. It provides a high level network design for deployment of Juniper’s products for METRO network. Juniper
Professional Services has reviewed the following list of requirements as part of reviewing this High Level Design (HLD)
Infrastructure service:
Description of services to be supported by the METRO network.
Requirements on resiliency and HA
Requirements on Class of Service (CoS)
Requirements on routing policies
Scaling requirements and constraints and requirements on Capacity planning
Requirements on Network Management and Monitoring.
Requirements on Network planning ( Naming convention for hostname, interface description)
Requirements on Ip addressing
Requirements on new technologies ( eVPN, FW with MS-MIC etc…)
Requirements on timing and synchronization ( SyncE, PTP)
The high level design and recommendations presented in this document are based on the expertise and experience of Juniper
Professional Services team in evaluating and recommending network architectures, products and technologies. The Juniper
PS team leverages our current knowledge of leading practices to provide an optimum design and minimize network disruption.
The proposed design and recommendations presented here are based on information provided by FTEL. Additional
information has been collected during meetings, conference calls or other forms of communication with FTEL’s teams. Based
on a review of network requirements, a description of physical and logical topologies was created. These topologies will serve
as the foundation for a low level design that provides technical detail, including device configurations.
1.2 Audience
The primary audience for this report is SVTECH network design and engineering team, network operations team and
any other service personnel directly or indirectly involved in this project. Juniper Networks personnel such as Service
Managers, JTAC engineers and other Professional Services consultants may also use this document as part of the
service delivery process.
1.3 Scope
The scope of this document is strictly confined on the high level design of the routing and connectivity principles
across the new METRO network. The document includes high level of discussion of any service, as all services
should be referenced in the respective SD document created for each service.
The solutions discussed are limited to the new Juniper components of FTEL new METRO project and do not cover
any third party products.
1.4 Comments
It is assumed that all comments and inputs from the stakeholders have been taken into account. For further comments
and inputs, the reader is required to contact the author of this document and/or SVTECH/FTEL design engineers.
Acronym Description
802.1Q IEEE specification for adding virtual local area network (VLAN) tags to an Ethernet frame.
802.3ad link Process that enables grouping of Ethernet interfaces at the physical layer to form a single link layer interface, also known
Distribution as a link Distribution group (LAG) or LAG bundle
802.3ah IEEE specification defining Ethernet between the subscriber and the immediate service provider. Also known as Ethernet in
the first or last mile.
AE Logical Aggregate Ethernet
ARP Address Resolution Protocol. Protocol for mapping IPv4 addresses to media access control (MAC) addresses; dynamically
binds the IP address (the logical address) to the correct MAC address.
BA classifier Behaviour Aggregate classifier. Method of classification that operates on a packet as it enters the router. The packet
header contents are examined, and this single field determines the class–of–service (CoS) settings applied to the packet.
BFD Bidirectional Forwarding Detection. Protocol that uses control packets and shorter detection time limits to more rapidly
detect failures in a network.
BGP Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability
information among autonomous systems (AS) on the Internet. The protocol is often classified as a path vector protocol but
is sometimes also classed as a distance-vector routing protocol. The Border Gateway Protocol makes routing decisions
based on paths, network policies, or rule-sets configured by a network administrator and is involved in making core routing
decisions.
BGP may be used for routing within an autonomous system. In this application it is referred to as Interior Border Gateway
Protocol, Internal BGP, or iBGP. In contrast, the Internet application of the protocol may be referred to as Exterior Border
Gateway Protocol, External BGP, or EBGP.
BGP-LU BGP Labeled Unicast (BGP-LU) is defined in RFC3107 to carry label mapping information in BGP. It is used to stitch
multiple areas in IP/MPLS network and provide end to end MPLS transport so called seamless MPLS
Bootp Bootstrap protocol. UDP/IP-based protocol that allows a booting host to configure itself dynamically and without user
supervision. BOOTP provides a means to notify a host of its assigned IP address, the IP address of a boot server host, and
the name of a file to be loaded into memory and executed. Other configuration information, such as the local subnet mask,
the local time offset, the addresses of default routers, and the addresses of various Internet servers, can also be
communicated to a host using BOOTP.
CoS Class of Service. Method of classifying traffic on a packet-by-packet basis using information in the type-of-service (ToS)
byte to provide different service levels to different traffic.
DC Data Centre
DHCP Dynamic Host Configuration Protocol. Mechanism through which hosts using TCP/IP can obtain protocol configuration
parameters automatically from a DHCP server on the network; allocates IP addresses dynamically so that they can be
reused when no longer needed.
FW Firewall
GRES Graceful Routing Engine switchover. In a router that contains a master and a backup Routing Engine, allows the backup
Routing Engine to assume mastership automatically, with no disruption of packet forwarding.
HA High Availability
HLD High Level Design
HTTP Hypertext Transfer Protocol. Method used to publish and receive information on the Web, such as text and graphic files.
HTTPS Hypertext Transfer Protocol over Secure Sockets Layer. Similar to HTTP with an added encryption layer that encrypts and
decrypts user page requests and pages that are returned by a Web server. Used for secure communication, such as
payment transactions.
IGMP Internet Group Management Protocol. Host-to-router signalling protocol for IPv4 to report their multicast group
memberships to neighbouring routers and determine whether group members are present during IP multicasting. Similarly,
multicast routers, use IGMP to discover which of their hosts belong to multicast groups and to determine whether group
members are present.
ISIS Intermediate System to Intermediate System (IS-IS) is a routing protocol designed to move information efficiently within a
Network, a group of physically connected computers or similar devices. It accomplishes this by determining the best route
for datagrams through a packet-switched network.
JSRP JUNOS redundancy protocol
LACP Link Distribution Control Protocol. Mechanism for exchanging port and system information to create and maintain LAG
bundles.
LAG Link Distribution Group. Two or more network links bundled together to appear as a single link. Distributes MAC clients
across the link layer interface and collects traffic from the links to present to the MAC clients of the LAG. Also known as a
bundle.
LFM Link Fault Management. Method used to detect problems on links and spans on an Ethernet network defined in IEEE
Acronym Description
802.3ah.
LLD Low Level Design
LLDP Link Layer Discovery Protocol. Is a standard Data Link Layer protocol used by network devices for advertising of their
identity, capabilities, and interconnections on a IEEE 802 LAN network.
M-BGP Multiprotocol Extensions for BGP (MBGP), sometimes referred to as Multiprotocol BGP or Multicast BGP and defined in
IETF 4760, is an extension to Border Gateway Protocol (BGP) that allows different types of addresses (known as address
families) to be distributed in parallel. Whereas standard BGP supports only IPv4 unicast addresses, Multiprotocol BGP
supports IPv4 and IPv6 addresses and it supports unicast and multicast variants of each.
MF classifier Method for classifying traffic flows. Unlike a behaviour aggregate (BA) classifier, a multi-field classifier examines multiple
fields in the packet to apply class-of-service (CoS) settings. Examples of fields that a multi-field classifier examines include
the source and destination address of the packet, as well as the source and destination port numbers of the packet.
MSDP Multicast Source Discovery Protocol. Used to connect multicast routing domains to allow the domains to discover multicast
sources from other domains. It typically runs on the same router as the PIM sparse mode rendezvous point (RP).
MSTP Multiple Spanning Tree Protocol. Spanning tree protocol used to prevent loops in bridge configurations. Unlike other types
of STPs, MSTP can block ports selectively by VLAN.
NMS Network Management System: network management station. System that enables a user to configure and monitor network
elements.
NTP Network Time Protocol. Used to synchronize the system clocks of hosts on the Internet to Universal Coordinated Time
(UTC). A router can update its clock automatically by configuring it as a Network Time Protocol (NTP) client. Using NTP
enables the system to record accurate times of events. You can view the log file of events to monitor the status of the
network.
OAM Operation, Administration, and Maintenance. ATM Forum specification for monitoring ATM virtual connections, verifying
that the connection is up and the router is operational. A set of Ethernet connectivity specifications and functions providing
connectivity monitoring, fault detection and notification, fault verification, fault isolation, loopback, and remote defect
identification. The primary specifications defining Ethernet OAM are IEEE 802.3ah link-fault management (LFM) and IEEE
802.1ag Ethernet connectivity-fault management (CFM).
OoB Out Of Band. OoB Management is when devices (switches, servers, fw) use a dedicated network for their management.
OSPF Open Shortest Path First. Dynamic routing protocol intended to operate within a single Autonomous System. It adverises
the states of local network links within the AS and makes routing decisions based on the shortest-path-first (SPF) algorithm
(also referred to as the Dijkstra algorithm). OSPF is a link-state routing protocol.
P2P Point-to-point.
PFE Packet Forwarding Engine. ASIC that is responsible of the forwarding functions.
PIM-SM Protocol Independent Multicast Sparse Mode. A sparse mode multicast protocol, which uses shared trees. In a shared tree,
sources forward multicast datagram’s to a directly connected router, the designated router. The designated router
encapsulates the datagram and unicasts it to an assigned rendezvous point router, which then forwards the datagram to
members of multicast groups.
POC Proof of Concept
PS Professional Services
QoS Quality of Service. Performance, such as transmission rates and error rates, of a communications channel or system. A
suite of features that configure queuing and scheduling on the forwarding path of networking equipment. QoS provides a
level of predictability and control beyond the best-effort delivery that the router provides by default.
RE Routing Engine
RG SRX Cluster Redundant Group
RP Rendezvous Point. For PIM sparse mode, a core router acting as the root of the distribution tree in a shared tree.
RETH SRX Cluster Redundant interface
RVI Routed Virtual Interface. L3 interface associated to a VLAN.
SNMP Simple Network Management Protocol. Protocol governs network management and the monitoring of network devices and
their functions.
SSH Secure Shell. Protocol that uses strong authentication and encryption for remote access across a non-secure network. SSH
provides remote login, remote program execution, file copy, and other functions.
STP Spanning Tree Protocol. Defined in the IEEE standard 802.1D, the Spanning Tree Protocol is an OSI Layer 2 protocol that
ensures a loop-free topology for any bridged LAN. This protocol creates a spanning tree within a mesh network of
connected Layer 2 bridges (typically Ethernet switches), and disables the links that are not part of that tree, leaving a single
active path between any two network nodes.
Syslog System log. Method for sending and storing messages to a log file for troubleshooting or record-keeping. It can also be
used as an action within a firewall filter to store information to the messages file.
VC Virtual Chassis. Interconnect two or more EX 4200 switches, enabling them to operate as a unified single high bandwidth
switch.
VDC Virtual Data Centre
VR A routing instance of type virtual router
Acronym Description
VRF A routing instance of type virtual routing and forwarding
2. Physical Topology
FTEL introduces a new METRO network to cater business services (L3VPN, L2VPN&VPLS, Mobile Backhaul and
Multicast service) to its enterprise customers. The new METRO network comprises the following parts:
UPE (User provider Edge) network elements with MX104 platform to be used to provide 1G connectivity to
customer and 10G uplinks to NPE (Network Provider Edge) network elements and it is located at PoP sites.
NPE (Network Provider Edge) network elements with MX480 platform to be used to provide 10G connectivity
to Core network and to UPE network elements. NPE is to have RR (Route Reflector) function as well as ABR (
Area Border Router) function to reflect ring VPN routes to Regional RRs and exchange IGP routes between
L1 and L2 networks
DIS (Distribution) switch network elements with QFX5100 platform to be used to aggregate and switch
multiple rings to NPE network elements. It named as DIS switch in FTEL deployment and it is located at Metro
PoP sites.
AGG (Aggregation) PoP Switch: 3rd party (Huawei) sitch will be used in PoP sites to connect local site
switches and routers. As it is 3rd party switches, it needs to be taken care of by FTEL for bandwidth/port
expansion. It is used for PoP+ sites
In case of multiple 10G needed between uPEs and/or between uPE and NPE, NPE and MC, Multiple Layer 3
links are configured in between network platforms with ECMP enabled. Each layer 3 link has multiple single
hop LSPs to balance the traffic between network elements based on the traffic load balancing described in
section 4
Option 1
In this option, 6 uPE per is considered and is followed for all rings with odd number of uPES ( 6xuPE, 4xuPE and
2xuPE).
The uPEs are paired for each group of site switches. Each switch is to be connected to dedicated uPE pair. It allows
us to forecast capacity requirement for each uPE pair downlink and uplinks and also helps to forcast the number of
port required per uPE pair. It make troubleshooting and management easy and makes the network behavior
predictable. It is recommended to follow this model when Site switch-uPE connections are designed.
Odd numbered uPE is chosen as primary router for Site Swicth sub group and even numbered uPE chosen as a
primary router for other site switch sub group. All uPEs will share the load between each other in active-active model
All connections between UPE-PoP Aggregation Switch, PoP Aggregation Switch-Distribution Switch, Distribution
Switch-NPE,NPE –MC ( Core prouter) platforms are 10-Gigabit Ethernet or multiple 10-Gigabit Ethernet connections.
In Some provinces, there will be dedicated NPE routers due to site distance to Hanoi or Ho Chi Minh City NPE sites. It
is decided to leverage same transmission Broadband service (MP) routers use via L2 switch. The platform to be used
for NPE is MX104 in mentioned provinces. Because of MX104 platform capacity, number of uPE will be limited to
24xuPE per MX104 NPE pair . Provincial network topology is shown in the following figure
3. PROTOCOL DESIGN
3.1 IGP Routing
FTEL is using ISIS for the IGP routing in its IP core network. The new Metro infrastructure will be integrated using the
same ISIS design deployed today. Access Network will be in Level1 ISIS network as Core network continues to be in
Level2 Network.
NPEs will be ABR (Area Border Router) to exchange router to/from Level1 and Level2 networks. Group of rings
connected to each NPE pair will be in different area in ISIS topology.
uPE routers use NPE routers as the next hop for the default route 0.0.0.0/0. The NPE routers do not advertise a
default route—instead, NPE routers set the attached bit, which is advertised to the uPE router and causes the uPE
router to install a default route with the NPE router as the next hop.
To prevent a default route from being installed, the attached bit must be ignored, and this can be accomplished by
configuring the “ignore-attached-bit” command.
It is recommended using unique IS-IS area-IDs to identify each region in conjunction with the ignore-attach-bit
command.
By default, IS-IS uPE internal routes are installed into the L2 database; which is an exchange of routing information
between levels that needs to be prevented in multi-region networks. To prevent uPE internal routes from being
installed into the L2 database, an IS-IS export policy must be configured on the NPE routers to reject L1 routes.
However, to provide end-to-end troubleshooting capabilities, aggregate routes for uPE loopback and interface address
and will be exported into L2 area on each NPE pair. L1 external routes are not installed into the L2 database by
default, and IS-IS L2 internal routes are not installed into the L1
The same practice of mapping the loopback address of the node into the System-ID or Router-ID of the NSAP
address is followed in the new infrastructure.
SCENARIO I
In this scenario, NPEs connecting core network will balance incoming and outgoing Metro network traffic.
Outgoing traffic from UPE is to use the closest NPE to exit to core network.
Incoming traffic from remote metro ring selects the closest NPE based on BGP best path selection.
Both NPEs routes rings’ traffic to core network.
Both NPEs are redundant to each other.
Traffic destined to customer in same ring remain within the ring.
Traffic destined to customer in different ring connected to same NPE ( same area) remains within the same
area.
Traffic destined to customer in different ring connected to different NPE travels across core network to reach
to destination.
The metric assignment for Metro network links categories are shown in the tables below.
Metro
Link Level IGP Metric Comment
uPE-uPE L1 300
uPE-NPE01 L1 300
To define a determintistic
uPE-NPE02 L1 310 path for traffic coming
from middle uPE
NPE01-NPE02 L1&L2 100
NPE-MC L2 200
MC-RR L2 10000
MC-MC L2 10 Intra-region
MC-MC L2 100 Inter-region
MC-PE/MP L2 500
SCENARIO II
In this scenario, NPE01 will route all ring incoming and outgoing traffic to core network (active-passive).
Outgoing traffic from UPE is to use NPE01 to exit to core network.
UPE link metric connecting to NPE02 will be 2000
Incoming traffic from remote metro ring selects NPE01 as NPE01 will advertise routes with higher local
preference.
Only NPE01 routes rings’ traffic to core network.
NPE02 is redundant to NPE02.
Traffic destined to customer in same ring remain within the ring.
Traffic destined to customer in different ring connected to same NPE (same area) remains within the same
area.
Traffic destined to customer in different ring connected to different NPE travels across core network to reach
to destination.
The metric assignment for Metro network links categories are shown in the tables below.
Each of these services is supported through a specific BGP address family, which has to be negotiated upon BGP
session establishment between the peers. For session scalability, the peering is established with Route Reflector (RR)
routers, which reflect the routes between all the clients.
In New Metro network, UPE routers are peered with NPEs, which is in inline RR function. NPEs establish BGP-LU
peering with respective site VPN RRs (Hanoi and Ho Chi Minh City). This design is called Hierarchical BGP-LU
design.
NPE routers could suffer huge demand for RIB capacity, as they are inline RR routers for given group of uPE rings.
The following table provides a summary of the routes scaling on the different new platforms involved in the METRO
project setup. The scaling numbers are based on testing in isolated conditions as per the Junos 14.2 releases.
Platform RIB scaling FIB scaling Comment
RE-S-1800x4-32G TRIO MPC
MX480 12 millions IPv4 routes with 2.5 millions IPv4 unicast prefixes
next-hop resolution
2.5 millions VPNv4 prefixes (VRF-
table-label)
1 million 6PE IPv6 prefixes
3.3 BGP-LU
BGP-LU provides reachability between regions by advertising uPE loopbacks and label bindings to NPE, which in turn
advertises the loopbacks and label bindings to remote uPEs in other regions. The diagram in Figure 6 outlines the
operation of BGP-LU at a high level in each of the different types of routers in the regions.
uPE router advertises is loopback ip address and label with next-hop self. NPE receives loopback ip address and
assign label then advertise the loopback and label with next-hop self. Remote NPE receives loopback ip address and
assigns label and then advertise loopback and label with next-hop self to remote uPE. Remote uPE receives loopback
ip address and use preferred route and label for forwarding.
Note: Seamless MPLS solution requires 5 labels and current default maximum label is set to 3 on MX routers.
It is recommended to set the maximum labels to 5 on all uPE and NPE routers to support Seamless MPLS
solution
ISIS
BGP
LDP
RSVP
BFD
All MP-iBGP sessions involved in this setup negotiate the following set of BGP address families.
inet unicast
inet flow
inet6 label-unicast explicit null
inet-vpn unicast
inet-vpn flow
inet-mvpn signaling
inet6-mvpn signaling
L2vpn signaling
route target
As of Junos 14.2 OS releases, NSR is not supported for the flow and NG-MVPN address families. If the BGP peer in
the master Routing Engine has negotiated address-family capabilities that are not supported for nonstop active
routing, then the corresponding BGP neighbor state on the backup Routing Engine shows as idle. On switchover, the
BGP session is re-established from the new master Routing Engine, causing huge network churn and slow
convergence. To optimize the setup, it might be a good option to isolate those unsupported families in a separate BGP
session. This enables NSR for all other families, which actually carry the most of routes in the network.
There will be 2 BGP groups configured on uPE and NPE platforms. One BGP group for NSR supported family groups
mentioned above and the second BGP groups for unsupported families. The secondary loopback ip address is used
for the second BGP group.
Note: uPE platforms are to be deployed with single Routing Engine (RE) and NSR is not needed at this
moment. NSR is to be enabled only on NPE platforms. Once Redundant RE is installed on uPE platform, NSR
will be enabled accordingly. It is recommended to have second BGP group for unsupported BGP families
using secondary loopback ip address on uPE even though NSR is not enabled.
All BFD sessions are distributed to the PFEs to provide independency from the Routing Engines. The distributed
mode is the default for all single-hop BFD sessions. This allows for sessions of shorter BFD transmit and receive
intervals to survive even under NSR and Routing Engines graceful switchover, which contributes to faster detection.
Distributed BFD sessions also contribute to improved session scale and offloads the processing from the Routing
Engine CPU to the FPC CPU, resulting in improved scaling and performance for Routing Engine-based applications
3.7 MPLS
FTEL new METRO network is a single IGP and MPLS domain. All core interfaces of the new infrastructure including
uPE, NPE, MC, MP, and PE routers run MPLS to join this domain.
MPLS LDP tunneling allows the targeted LDP sessions to be established over a one-hop RVSP LSP. These sessions
are set up over each core link to provide RVSP FRR services.
session failure. In FTEL Metro Network design, LDP is enabled only on loopback interface therefore this feature, ldp-
igp synchronization, is not needed.
3.7.2.3 Timers
The default values for the following timers are used:
LDP Hello-interval: 5 seconds for link hello messages and 15 seconds for targeted hello messages
LDP Hold-time: 3 times the Hello-interval
LDP session keepalive-interval: 10 seconds
LDP session keepalive-timeout: 3 times the keepalive-interval
In FTEL METRO network, there may be cases where equal cost multipath (ECMP) exist. With full-mesh RSVP
between NPE platforms, traffic balance is provided during link repair when there are failures in the network.
In fast reroute using local repair for LDP traffic; a backup path (repair path) is pre-installed in the Packet Forwarding
Engine. When the primary path fails, traffic is rapidly moved to the backup path without having to wait for the routing
protocols to converge. Loop-free alternate (LFA) is one of the methods used to provide IP fast reroute capability in the
core and service provider networks.
However, LFA has some limitations to provide full coverage for some cases. To overcome LFA limitations, there are 2
options provided.
Manual bypass LSP, it requires simulation of network and identify limitation of LFA coverage. Manual
bypass RSVP LSP is introduced to the network for links not covered by LFA .
Dynamic bypass LSP, Dynamic RSVP LSPs are created automatically and pre-installed in the
system so that they can be used immediately when there is a link failure.
Without LFA, when a link or a router fails or is returned to service, the distributed routing algorithms compute the new
routes based on the changes in the network. The time during which the new routes are computed is referred to as
routing transition. Until the routing transition is completed, the network connectivity is interrupted because the routers
adjacent to a failure continue to forward the data packets through the failed component until an alternative path is
identified. It is recommended to enable automatically established backup RSVP tunnels feature on all uPE to uPE
amd uPE to NPE interfaces. The system establishes bypass RSVP tunnels only when required (no LFA backup
coverage exists), thus offloading the operations team from maintaining the database describing which links require,
and which links doesn’t require backup RSVP tunnels.
Note: LDP based LSP with LFA is used within rings in FTEL design. Dynamic RSVP is chosen to extend LFA
capabilities. Remote LFA will be considered in the future once the network is successfully deployed.
In Seamless MPLS Network, BGP labeled unicast provides end-to-end transport label-switched paths (LSPs) by
stitching the intra-level LSPs together. Area Border routers (NPE) run BGP labeled unicast to VPN RR in order to
exchange labels for /32 NPE/UPE loopback routes. BGP labeled unicast also runs between UPE routers and NPE
routers and NPE routers acts as RR for the UPE routers connected to.
In Figure 12, the traffic goes from CE1 to CE2. NPE3 is the protected router, NPE4 is the protector, and MC is the
point of local repair (PLR). The primary path is chosen from NPE1 to NPE3. When NPE3 fails, Router MC detects the
NPE3 failure and forwards the traffic to NPE4, which provides backup service and forwards the traffic downstream.
smart-optimize-timer:
When the smart optimization is enabled on a router, the Junos OS operates on the assumption that the original LSP
path is preferable to any alternate or secondary path. When you enable the smart optimization timer and an LSP fails
and its traffic is switched to an alternate path, the smart optimization timer starts and waits 3 minutes (this is the
default value). After 3 minutes have passed, the LSP is switched back to the original path. If the original path fails
again and the LSP is switched to an alternate path again, the router waits 1 hour before attempting to switch the LSP
back to its original path. Smart optimization is enabled by default. For TM’s deployment, since the one-hop RSVP
LSPs are strictly defined, the smart-optimize-timer is to be set to zero to disable the smart optimization.
By default, when load balancing is used to help distribute traffic, Junos OS employs a hash algorithm to select a next-
hop address to install into the forwarding table. Whenever the set of next hops for a destination changes in any way,
the next-hop address is reselected by means of the hash algorithm.
Current Juniper Networks routers support per-prefix (default) and per-flow load balancing. The latter involves hashing
against various Layer 3 and Layer 4 headers, including portions of the source address, destination address, transport
protocol, incoming interface, and application ports. The effect is that now individual flows are hashed to a specific next
hop, resulting in a more even distribution across available next hops, especially when routing between fewer source
and destination pairs. If per-flow is not configured, the default per-prefix mode is in effect. Per-prefix mode only
considers the destination prefixes in the hashing algorithm to deterministically map the prefix onto one of the available
next hops.
Juniper Networks routers can load-balance on a per-packet basis in MPLS. Load balancing can be performed on
information in both the IP header and the MPLS label stack, providing a more uniform distribution of MPLS traffic to
next hops. This feature is enabled on supported platforms by default and requires no configuration.
5. CLASS OF SERVICE
The new METRO network is configured to support BA based Class of Service (CoS) model to provide the end-to-end
quality of service differentiation for all services offered over the METRO network..
The class of service model to be implemented in the core network is summarized in the following table:
Packet Loss
Delay Buffer
Drop Profile
Forwarding
MPLS EXP
Transmit
Priority
Priority
Queue
Class
Rate
to use queue 3 (network control) only when performing a retransmission. In general, control protocols packets are sent
over queue 3 and management protocols packets are sent over queue 0.
On all new METRO network routers, the defined custom BA classifiers of types inet-precedence and EXP are to be
applied on all the core logical interfaces. The EXP classifier is to be applied on all routing-instances to correctly
classify incoming VPN traffic. This is because all routing-instances are configured with the knob “vrf-table-label”.
The priority determines the order in which queues are serviced. A strict priority scheduler services high-priority queues
in positive credit before moving to the next level of priority. In Trio, in-profile queues of the same priority are serviced
in a simple round-robin manner, where one packet is removed from each queue while they remain positive.
Trio supports five (5) hardware priority levels, mapped to the scheduler priority (software priority) as shown in the table
below.
Transmit rate:
The queue’s transmit rate specifies the amount of bandwidth allocated to the queue and can be set based on bits per
second or as a percentage of interface bandwidth. By default, a queue can be serviced when in negative credit, as
long as no other queues have traffic pending and it’s not blocked from excess usage. Transmit rate acts as the
guaranteed rate for the queue and hence the queue’s priority is demoted to the excess region if traffic exceeds the
specified queue transmit rate.
Buffer size:
This is the delay buffer for the queue that allows it to accommodate traffic bursts. Buffer size could be configured as a
percentage of the output interface’s total buffer capacity, or as a temporal value from 1 to 200,000 microseconds,
which simply represents buffer size as a function of delay, rather than bytes. The value configured is mapped into the
closest matching hardware capability. Most Trio PFEs offer 500 milliseconds of delay bandwidth buffer, based on a 4
× 10GE MIC; each port is pre-assigned 100 milliseconds of that buffer with the balance left-for assignment via the CLI.
WRED (Weighted Random Early Detection) drop profile is applied only for Control class. WRED is effective in
combating congestion for TCP-based application. It proactively drops packets at certain fill level of the average
queue length. Trio WRED is implemented as a queue-tail process, meaning the packet marked for WRED
dropping is never en-queued in the first place.
6. NETWORK SERVICES
Network services are often implemented on customer facing (uPE) or internet facing (GW) routers to gauge network
quality and collect sampling for flow analysis and reporting. All uPE routers in METRO network are MX104 chassis
with Trio-based line cards. Trio-based line cards support inline services (license –based) which provides huge
advantages:
Table 9 shows MPC2 and MPC4E cards with the same inline Jflow performance as each has two PFEs. However, the
internal architecture of the MS-MPC4E is different. MPC4E has two LU blocks per PFE. The PFE main processor
sprays packets of the same flows across the two LU chips. Hence, each LU exports records for the same flows but
with different observation domain ID to the external flow collector. The collector is expected to aggregate the flow
records exported by the two LUs for the same flows.
As of Junos OS 13.1 release, a maximum of six records for IPv4 can be exported in one packet, and a maximum of 3
records for IPv6 can be exported in one packet. The flow records packets are transported to the collector over UDP
transport protocol. The collector should be reachable through the global routing instance over revenue ports (non-
management). Starting from Junos OS 13.3, the collector could be reachable through non-default routing instances as
well. Nevertheless, inline Jflow is limited to only one collector as opposed to the service-PIC-based Jflow, which can
send the flow records to multiple collectors.
The MTU size across the network should be set according to the guidelines in section 3.1.4 to minimize the chances
of fragmentation, which would lead to duplicate creation of flow records for fragmented packets.
Before configuring inline sampling, the hash tables should be adequately sized for IPv4 and IPv6 flow sampling.
These tables can use one to fifteen 256k areas, and each table is assigned a default value of one such area. The
values of 15x256K for IPv4 table and 1K for IPv6 table are generally recommended on all FPCs (MPCs). Changing
these values at any time causes the FPC to automatically reboot. Therefore, it is very important to ensure the
adequate sizing is met in each of the nodes to avoid subsequent changes.
The following shows an example of how to use flow information;
The diagram above shows Arbor’s Distributed Denial of Service (DDoS) molution into IPCore.
The Arbor flagship product, Peakflow appliances is used and integrated into IPCore. The Peakflow appliances are
made of the following components, of which IP/MPLS Network has only subscribed to the first three:
Peakflow SP Collector Platform (CP) appliances in the peering edge or backbone.
Peakflow SP Flow Sensor (FS) appliances in the customer aggregation edge;
Peakflow SP Threat Management System (TMS) appliances deployed in any part of the network to surgically
mitigate network threats.
Peakflow SP Business Intelligence (BI) appliances to increase scalability and add redundancy for managing
critical business objects.
Peakflow SP Portal Interface (PI) appliances to increase the scale, redundancy and profitability of Arbor-
based managed services.
Arbor Networks Peakflow SP product suite offers network-wide visibility and security to proactively fend off malicious
threats, thwart distributed denial of service (DDoS) attacks and strengthen the quality of service.
The different packet types that can be used within the probe include:
Internet Control Message Protocol (ICMP) echo
ICMP timestamp
HTTP GET
UDP echo
TCP connection
UDP timestamp
ICMP ping is the default probe type in Junos devices.
6.2.1 Timestamping
The timestamping activity consists of the source (client) node applying a timestamp (T1) to the RPM packets with the
time at which they leave the node. The destination (server) node applies a timestamp (T2) when it receives the probe
and a timestamp (T3) when the probe leaves the destination back to the source. The source receives the response
and applies a timestamp (T4). Different metrics are calculated based on these timestamps collected from a series of
probes. For example, the RTT can be computed as the difference between the timestamps T1 and T4 less T3 minus
T2.
PFE-based timestamping is supported in Trio chipset. All edge routers in METRO network routers (uPE, NPEare
configured to do time stamping on the PFE before sending RPM probes to the local RE or to the remote probe
destination. This supports one-way hardware timestamp services to measure the one-way delay and jitter metrics.
Probes are still managed (request, response, and result analysis) by the RE. Figure 9 explains this PFE-based
timestamping.
PFE-based timestamping eliminates the need for the service card, and the probes flow directly between the RE and
the PFEs. Timestamping is done on the distributed PFEs as opposed to sending all the probes through one service
card. Service-PIC based timestamping is explained in Figure 10 below.
RPM probes can be configured from the JUNOS CLI, or SNMP. The results can be reported via CLI or SNMP.
Alternatively, a third-party MIB browser or performance management application can be used to retrieve RPM
measurement data and plot the resulting graphs.
For SNMP, MIB definitions allow SNMP operations on RPM variables. Two MIBs can be used for this purpose—the
Ping MIB that is based on the RFC2925 (DISMAN-PING-MIB) Definitions of Managed Objects for Remote Ping,
Traceroute, and Lookup Operations, and the RPM MIB or jnx-rpm.mib.
These two MIBs can be used either together or separately to collect RPM data (although the jnx-rpm.mib provides
more information because it is RPM-specific). The RPM MIB has been developed from the flat Ping MIB to provide a
hierarchical collection of data.
The jnx-ping.mib allows creation of hardware timestamp-based probes, and it provides thresholds for raising alarms
via SNMP to configure the number of samples in the moving average collection. The jnx-rpm.mib tables can be
classified into a Results and History group respectively. However, in case of the jnx-rpm.mib, the data is classified into
separate collection types and measurement sets.
Figure 18 shows the MIB object identifiers (OIDs) for each of the probes that are configured for different traffic
forwarding classes. The different metrics such as RTT, jitter, and so on are tracked for each of the probes belonging to
a different traffic class.
Maintenance Association (MA) is used to monitor connectivity for a single service instance within
the Maintenance Domain.
Maintenance End Point (MEP) resides at the edge of a maintenance domain.
o DOWN MEP: The CFM monitoring on physical interfaces and logical routed Ethernet interfaces is
done using DOWN MEPs.
o UP MEP: For bridge, VPLS and L2VPN services, the downstream service monitoring (AC side) is
done with DOWN MEPs and upstream service monitoring (core side) is done with UP MEPs.
Maintenance Intermediate Point (MIP) is a passive functional entity located at intermediate points in a
Maintenance Domain
OAM frames from higher domain levels go transparent over the MEPs of lower level domains. With this approach, a
customer line monitored with Domain of level 7 will have its CFM packets all the way through the Service provider
domains untouched. If the Customer support wants to monitor the line between the border switches in this network,
the service provider domain will pass the OAM packets to their destination untouched. It is valid with the Network
operator Rings in the diagram. They will allow the level 5 domain CFM packets to go to their destination over their
rings. The End points (MEPs) are responsible to filter or process the CFM packets on the ports they are set. If an
equal to their Domain level CFM packets are received, the MEPs need to process them. If higher than their level CFM
frames are received, the MEPs need to pass them transparently. And if they receive lower level CFM packets –the
MEPs need to drop them so they don’t go to supposedly higher-level domains behind the Maintenance End point.
With this logic –customer equipment is not supposed to receive CFM packets from Provider or Operator equipment
and the provider equipment will not receive CFM packets from the Operators. Thus, each different organization
(customer, service provider) has the ability to isolate the fault within the organization's maintenance level, without the
service provider having to share its network information to the customer, or the operator having to share its network
information to the service provider.
in a local database to expedite fault isolation, and for link protection purposes. LTMs can also be used to identify
adjacency relationships with remote MEPs and MIPs at the same administrative level.
The Junos Space OAM Insight application provides capabilities for automated end-to-end network management,
monitoring, and troubleshooting. OAM Insight provides a set of functions designed to monitor network operation to
detect network faults and measure network performance.
The OAM Insight application allows network operators to configure OAM (Operations, Administration and
Maintenance) functionality on all devices and to monitor, detect, isolate and troubleshoot networking faults in a quick
and efficient manner. Operators can also measure quality-of-service (QoS) attributes, such as availability, frame
delay, frame delay variation, and frame loss. Monitoring and fault isolation can be performed at the Link Layer,
Transport Layer, and Session Layer, thus providing a clear demarcation view to the operator, service provider, and
customer.
The OAM Insight application is compliant with ITU-T and IEEE standards that support cross-platform link fault
management, connectivity fault management (CFM), and performance management on all Juniper Networks devices
using the OAM Insight application in Junos Space.
The following standards are supported:
802.3ah, Link Fault Management which defines OAM link-fault management mechanisms
802.1ag, Connectivity Fault Management
Y1731, Draft, Performance Management
The OAM Insight application supports service-based CFM provision, LFM provision, and performance measurements
of Y.1731 standard frames on the network services. The OAM Insight application also supports the following functions:
CFM configuration of the following features:
CFM Action Profile—You can configure a CFM action profile and specify the action to be taken when any of
the configured events occur. Alternately, you can configure an action profile and specify default actions when
connectivity to a remote maintenance end point (MEP) fails.
Service Level Agreement (SLA)-Iterator Profile—The OAM application uses the SLA-iterator profile to collect
Y.1731 statistics. These iterator profiles have to be configured before starting performance monitoring.
Remote MEP—You can configure a remote MEP to wait for continuity check messages (CCMs). If
autodiscovery is not enabled, the remote MEP must be configured under a MEP. If the remote MEP is not
configured under a MEP, the CCMs from the remote MEP are treated as errors.
CFM Modify Service—You can add or delete new endpoints, as well as modify attributes for remote MEP
configuration for MEP.
LFM configuration
LFM Profile—You can define an LFM profile and specify the action to be taken when any of the configured
events occur.
LFM Action Profile—You can configure an LFM action profile and define event fault flags and thresholds and
the action to be taken when any of the configured events occur.
CFM Integration with Network Activate Services
The CFM is enabled for Point-to-Point (PPP) (E-Line) and virtual private LAN service (VPLS) (E-LAN) services
through the Network Activate application. The Network Activate application now detects the availability of CFM service
profiles automatically. On availability, the Network Activate application imports the CFM service profiles (CFM service
definitions) from the OAM Insight application and attaches them to a Network Activate service order.
OAM Insight Performance Management
In Performance Management, the OAM Insight application provides an option to measure the frame delay, frame loss,
frame delay variation, and service availability. These measurements are achieved in either of the following ways:
Triggering a one-way delay
Triggering a two-way delay
Users can also get this information through the Loss Measurement/Delay Measurement (LM/DM) iterator.
The performance measurement is useful for generating periodic service level agreement conformance reports from
the deployed network and for studying traffic patterns in the network over a period of time. The iterator profiles are
configured on remote MEP for measurement of frame delay (ETH-DM), frame loss (ETH-LM) and statistical frame loss
(SFL).
7. SERVICES
7.1 eVPN (Ethernet VPN)
Ethernet VPN (EVPN) is a new standards-based technology that provides virtual multi-point bridged connectivity
between different Layer 2 domains over an IP or IP/MPLS backbone network. Similar to other VPN technologies such
as Layer3 VPN and VPLS, EVPN instances (EVIs) are configured on uPE (PE) routers to maintain logical service
separation between customers. The uPEs connect to customer devices, which can be a router, switch. The uPE
routers then exchange reachability information using Multi-Protocol BGP (MP-BGP) and encapsulated customer traffic
is forwarded between uPEs.
EVPN MAC address learning between uPEs occurs in the control plane. A new MAC address detected from a CE is
advertised by the local uPE to all remote PEs using an MP-BGP MAC route. This method differs from existing Layer 2
VPN solutions such as VPLS, which performs MAC address learning by flooding unknown unicast in the data plane.
This control plane-based MAC learning method provides better control over the virtual Layer 2 network.
7.2 Multicast
Multicast is required in FTEL IP/MPLS network to provide IPTV services .
During any development of new products, the following should be considered.
o PIM-SM is the preferred Multicast protocol due to its superior scaling properties in both the control and
forwarding planes.
o P2MP LSP’s are a valid alternative to PIM-SM
o IGMP can be supported in customer networks through the use of CE devices
7.2.1 GLOP
RFC 3180 [3] GLOP is an assignment of Global Multicast IPv4 Address space that is inherited due to the assignment
of an AS number. FTEL is the owner of AS18403. GLOP is driven from AS number and the following global multicast
address is unique.
IANA has allocated 233/8 for this purpose; by mapping the AS number to two middle octets.
For example, taking AS 18403 written in binary = 0100011111100011. Mapping these 16 bits into two middle octets
01000111&11100011 (71 & 227)
AS Multicast
address
AS1840 233.71.227.0/24
3
Table 11: FTEL GPOL Address
7.2.3 PIM-SM
PIM-SM (Protocol Independent Multicast – Sparse Mode) is the multicast protocol of choice for the support of wide
scale “opt-in” style multicast solutions.
PIM-SM only forwards multicast traffic towards clients who have explicitly requested the multicast traffic, and it
requires the function of a RP (Rendezvous Point) to allow multicast clients to find sources of multicast traffic on the
network. Once a source is found a shortest path tree is built to provide optimal path forwarding of multicast traffic. In
other words the RP is required to start a multicast session, but is not required once that session has started between
that client and that specific source.
7.2.4 ANYCAST RP
The RP is an important function in the multicast network to allow clients to discover sources, and so redundancy
should be provided in the network for the RP. There are multiple methods for RP redundancy. These include Auto-RP,
Bootstrap and Anycast RP. Anycast RP is recommended due to its fast convergence and simpler troubleshooting.
Anycast RP requires that MSDP be configured between all RP’s in the backbone. MSDP is similar to BGP, must be
configured per neighbor. It is established via a TCP session and it advertises active sources between the RP’s in the
network.
o uPE can be a transit and an egress router for different branch LSPs of the same point-to-multipoint LSP.
o Link protection provides bypass LSP for each of the branch LSPs that make up the point-to-multipoint
LSP.Traffic is switched to the bypass LSP in case of primary LSP failure
o sub-paths can be configured either statically or dynamically.
o Graceful restart can be used for on point-to-multipoint LSPs.
Because each of the new uPE nodes will be serving and translating many of business customers, the CGNAT service
must be as friendly as possible to the end user’s applications. This mandates the use of the following NAT features:
• Address Pooling Paired (APP)
• Endpoint Independent Mapping (EIM)
• Endpoint Independent Filtering (EIF)
• Application Layer Gateway (ALG)
• Hair pinning
The following subsections elaborate on all of the aspects summarized above that together carve out the CGNAT
solution in FTEL network.
APP does not say anything on what public port is going to be used on the post-NAT’d IP address. Neither does it say
which connections are going to be accepted from the outside.
All it does is to guarantee that, if a private IP IPc is randomly translated to the public address IPn1, then all
subsequent other flows from the same IPc will be translated to the same public IP of IPn1. It solves the problems of an
application opening multiple connections. Some examples of use cases are:
If a SIP client is sending RTP and RTCP, it should be expected that they come from the same IP address,
even after they go through NAT. Otherwise it should have been negotiated beforehand.
Any Peer-2-Peer protocol that negotiated ports assuming address stability will benefit from address pooling
paired.
7.3.2.1.4 Hair-pinning
Hair-pinning allows two endpoints on the internal side of the same LSN to communicate even if they use each other’s
external IP addresses and ports. The following diagram illustrates a typical hair-pinning communication.
APP, EIM, EIF and Hair-pinning are very essential for many applications such as online gaming.
DCE-RPC-PORTMAP
Other basic TCP/UDP ALGs for user-defined applications
8. SYSTEM MANAGEMENT
The following section provides high level design for METRO network routers system config. It includes user login
accounts (including user authentication), root level authentication, time-zone, NTP (Network Time Protocol)
addresses, and the routers auxiliary/console ports.
8.3 RADIUS
RADIUS (Remote Authentication Dial In User Service) is to be used to authenticate users, in addition to the auditing of
CLI commands. Two (2) RADIUS servers will be used for authentication, ensuring a high level of redundancy. These
servers are hosted on the EMS segments (at different locations).
The METRO network routers will source all RADIUS messages from its primary loopback interface address. All
RADIUS messages will be sent and received from UDP ports 1812 and 1813 as per RFC 2865 with an encrypted
RADIUS key. A default timeout of 3 seconds will be used between RADIUS requests (three RADIUS retries) before
the redundant RADIUS server is used.
8.6 Redirects
By default, METRO network router will sends protocol redirect messages. This is to be disabled by including the knob
“no-redirects”.
8.10 Location
The physical location information for a IP Core router will be configured with the parameters summarized in Table 9.
Variable Example Description
building-name Hanoi FTEL Well known name/abbreviation for site
country-code VN The ISO 3166 country code [link]
floor-number 2 Floor number
rack-identifier 02/3/4 Rack Identifier
Table 16: System-Location variables
8.11 NTP
NTP (Network Time Protocol) synchronize the METRO network router to a centralized clock source, enabling log
messages to be correlated to other events on the network. Each METRO network router will synchronize its clock to
the NTP servers hosted on the EMS segments (at different locations),
The METRO network routers will source all NTP messages from its primary loopback interface address, where all
messages are authenticated.
8.12 Ports
The console port on the craft interface is enabled by default @9600bps. The auxiliary port is disabled.
Console ports are to emulate a VT100 terminal and the “log-out-on-disconnect” knob is to be enabled to log out
sessions when the data carrier on the console port is lost.
8.13 Services
By default all remote access to the router is disabled. Only SSH v2 is proposed as a remote terminal application, and
ftp and telnet is implicitly not enabled. Note that SCP (sftp) is inherently part of the SSH protocol suite and is to be
used to provide remote file transfer as required. The default values for connection limit (75) and rate-limit (150/min)
shall be maintained.
Root login is only permitted via the console. It is important to emphasis how important securing the OOB (Out of Band)
network is for this reason.
The above requirement implies that clients must support SSHv2 to access the routers.
8.14 Syslog
SYSLOG provides the primary logging facility for the auditing of events, e.g. error events, login attempts, and CLI
commands. Events will be logged to redundant SYSLOG servers hosted on the EMS network segments. In addition
specific events are to be logged to METRO network routers file system.
8.15 SNMP
SNMPv3 is the preferred method to SNMP poll METRO network routers as it is more secure. SNMPv3 authenticates
and encrypts the SNMP messages. SNMP traps will be set to three (3) redundant SNMP trap servers hosted on the
EMS segments with the following IPv4 addresses. However, currently FTEL uses snmpv2 for its deployment with
authentication enabled
9. PLANNING
In this section, some of planning items are discussed in terms of naming convention, description format, Ip
addressing, RD format etc..
9.1 HOSTNAME
Each hostname of network platforms contains information about the followings;
Function of the platform
Location of the platform
Number of the ring it is within
Number of Pop it is within
Function and location of the platform is identified with 3 alpha-numeric character and number of ring and number of
Pop is identified with 3 numeric characters. The variables of hostname is shown in the following table:
The following is an example for 6th uPE platform in Hanoi, PoP1, Ring5, connecting to NPE01
UPEHNO11056
The following is an example for 3rd uPE platform in Ho Chi Minh City, PoP2, Ring2, connecting to NPE02
UPEHCM22023
The following example shown is for 1st NPE in Ho Chi Minh City connecting to MC01 and 2 nd NPE in Hanoi connecting
to MC02
NPEHCM10001
NPEHNO20002
9.2 IP ADDRESSING
It is recommended to use /31 network address on point-to-point logical connectives between uPE-uPE and uPE-NPE
as well as NPE-MC in METWOR network. To facilitate efficient and ease of management, the 10.254.0.0/16 address
space will be sub-divided into regions. Ip subnet range 10.245.0.0/16-10.255.235.0.0/16 are reserved for P2P links.
The following table shown the ip address distribution on 10.245.0.0/16 subnet and it is recommended to follow same
structure for the rest of /16 spaces if it is needed in the future
IP Address Space Allocation
10.245.0.0/19 OOB (Out of Band)
10.245.32.0/22 Hanoi Region
10.245.36.0/22 HCM Region
10.245.40.0/24 Province Region A
10.245.41.0/24 Province Region B
10.245.42.0/24 Province Region C
10.245.43.0/24 Province Region D
10.245.44-10.245.159.0 Range For the rest of 58 Regions
10.245.160.-10.245.255 Unallocated
Table 18: IPv4 Private Address allocation per regions for IP/MPLS links
9.3 AS Numbers
The following table shows AS numbers used by FTEL today.
AS Number Purpose of AS Number
18403 FTEL Internet Service Provider
18403 FTEL IPVPN Layer 3 VPN Services
Table 21: AS Numbers Deployed Across Legacy Networks
9.8 SCALING
METRO network consists of MX104 and MX480 platforms with the following features enabled
o OAM (LFM, CFM)
o BGP
o BFD
o NSR
o GRES
o ISIS
o Link Protection
o IPv4/IPv6
o Inline Jflow
With the following services
o L2VPN ( L2 circuits, VPLS)
o L3VPN
The following table also shows the scaling for each platform:
FIB MX480 MX104
FIB Capacity:IPv4 unicast 2.5M IPv4 1.8M
FIB Capacity:IPv6 Unicast 2.5M IPv6 1M
Max L3VPN prefixes with remote PE 5M 1M
using one CPNc4 Label per CE
RIB MX480 MX104
RIB Capacity:IPv4 Unicast (w NSR) 12M 4M
RIB Capacity:IPv6 Unicast (w NSR) 12M 3M
BGP Max IPv4 Prefixes MX480 MX104
Max BGP Routes without route 12M 3M (RR Capacity)
resolution (w NSR and single hop)
BGP Max Peers MX480 MX104
eBGP/iBGP with no prefixes 4K 1K
IGP MX480 MX104
ISIS Max Adjacency 4K 300
ISIS Max Routes 300K 100K
MPLS,VPLS,VPN MX480 MX104
Max RSVP-TE LSPs (head-end) 32K 32K
Max LDP targeted sessions 2400 2400
Maximum number of instances (VRF 8K 2K
L3VPN, L2VPN Kompella, Virtual
router)
BFD MX480 MX104
Distributed BFD ( with 100ms hello 300 300
interval)
Non-Distributed BFD (with 100ms 300 300
hello interval)
OAM MX480 MX104
CCM session with 100ms session 500 per line card and 2000 per 300
interval chassis
Table 26: METRO Network platform Scaling Metrics
With the scaling number shown in the table above, the following principles are decided for FTEL METRO network
o Each NPE Pair will have maximum of 128xuPE Platforms
o Each ring will have maximum of 6xuPEs
o In Provinces where MX104 is used as NPE platform will follow the followings
o Each NPE pair will have maximum of 24xuPE
o Each ring will have maximum of 6xuPE
JunOS 14.2R5 for MX104/MX480 routers and JunOS 14.1X53-D30 for QFX5100 are recommended for FTEL METRO
Project.
Name Name
Signature Signature
Position Position
Date Date