Ethernet services
Overview
Most end-users and many edge-access networks use Ethernet to connect to their next-higher tier network. Alcatel-Lucent 1850 TSS-5 supports Private Line Ethernet connections.
The Private Line services are transported over their own dedicated SONET or SDH timeslots. If present, Ethernet switching functions may or may not be shared.
Private Line services are point-to-point in nature while Private LAN services are multipoint. Private LAN services always involve internal Ethernet switching while Private Line services do not.
Ethernet aggregation supports connections for up to 20 Fast Ethernet ports on Alcatel-Lucent 1850 TSS-5 with 802.1Q VLAN tagging.
Fast Ethernet Private Line over SONET/SDH
Alcatel-Lucent 1850 TSS-5 Fast Ethernet (10/100 Mb/s) Private Lines enable premium data transport services offering 10/100 Mb/s transport with optional bandwidth provisioning up to 100 Mb/s (variable bandwidth provisioning of 1, 2, or 3 STS-1/VC-3s. Fast Ethernet Private Lines provide the user the ability to transport frames completely transparently between two Alcatel-Lucent 1850 TSS-5 NEs. No VLAN knowledge or packet-layer provisioning is required by the user in this application. Simple, SONET/SDH cross-connect provisioning is all that is required. These Fast Ethernet capabilities allow the Alcatel-Lucent 1850 TSS-5 to provide dedicated bandwidth for individual customers and fast SONET/SDH-layer restoration.
Gigabit Ethernet Private Line over SONET/SDH
Alcatel-Lucent 1850 TSS-5 supports Gigabit Ethernet Private Lines. Bandwidth provisioning is available using variable bandwidth provisioning for SONET/SDH of up to 12 STS-1/VC-3s (low-order), 4 STS-3c/VC-4s, or 63 VT1.5s/VC-12s. Ethernet Private Lines provide the user the ability to transport frames completely transparently between two Alcatel-Lucent 1850 TSS-5 NEs. No VLAN knowledge or packet-layer provisioning is required by the user in this application. Simple SONET/SDH cross-connect provisioning is all that is required. These Ethernet capabilities allow an Alcatel-Lucent 1850 TSS-5, equipped with a VLNC50/52/55 circuit pack, to provide dedicated bandwidth for individual customers and fast SONET/SDH-layer restoration. Alcatel-Lucent 1850 TSS-5, equipped with a VLNC40/42/42B circuit pack, supports aggregating traffic from up to 20 10/100 Mb/s Fast Ethernet ports into a Gigabit Ethernet port, which may then be connected (using faceplate pluggable transmission modules, or a backplane connection) to the VLNC50/52/55 circuit pack for transport over SONET or SDH.
Ethernet aggregation
Up to 20 Fast Ethernet ports can be aggregated by Alcatel-Lucent 1850 TSS-5 into Gigabit Ethernet or Fast Ethernet links using 802.1Q VLAN tagging and 802.1D bridging. It also supports VLAN transparency with 802.1ad double VLAN tagging, but does not support other 802.1ad features.
Up to four Gigabit Ethernet or Fast Ethernet PTM ports are supported on each VLNC40/42/42B Ethernet Aggregator circuit pack. Although the VLNC40/42/42B circuit pack is not hardware protected, traffic toward the Ethernet access transport network (EATN) can be protected by multiple paths controlled by 802.1D Rapid Spanning Tree Protocol (RSTP) or ERP.
Ethernet aggregation on the VLNC40/42/42B circuit pack provides Layer 2 protection against denial of service attacks with ACL filtering and rate limiting. Security for connections to the VLNC40/42/42B circuit pack is provided by limiting connections from hardware with specific MAC addresses (MAC locking).
Circuit emulation service (CES)
TDM streams from DS1/E1 ports can be transported over Ethernet by Alcatel-Lucent 1850 TSS-5 equipped with a VLNC60/61/62 Circuit Emulator circuit pack. Two Gigabit Ethernet or Fast Ethernet PTM ports are supported on each VLNC60/61/62 circuit pack. These ports can be connected directly to the EATN, or they can be connected to the VLNC40/42/42B Ethernet Aggregator circuit pack for aggregation with other Ethernet traffic. The VLNC64 Circuit Emulation Mini-hub circuit pack supports up to 2 Gigabit Ethernet or Fast Ethernet PTM ports and one OC-3/STM-1 port channelized into VT1.5s (carrying DS1) or VC-12s (carrying E1).
One or more pairs of unidirectional tunnels are configured to create point-to-point connections in both directions over the packet switched network (PSN) between the Alcatel-Lucent 1850 TSS-5 shelves at edges of the network. Matching bi-directional pseudowire configurations are created on Alcatel-Lucent 1850 TSS-5 shelves connected by a pair of unidirectional tunnels and are associated with the tunnel connections. Then a DS1/E1 interface is associated with the pseudowire on each shelf. DS1/E1 voice data is carried over the pseudowire within the tunnel connections between the shelves. Timing is handled via BITS input, IEEE 1588 PTP, or Synchronous Ethernet. This creates a virtual DS1/E1 TDM circuit over Ethernet between the shelves.
MEF-8
In order to support a Metro Ethernet Forum 8 (MEF-8) based circuit emulation service, the user can specify an option for the mode of Circuit Emulation Service on the pack, either MPLS or Ethernet. If MPLS is selected, then the circuit emulation service is based on RFC 4553. If Ethernet is selected, then the circuit emulation service is based on MEF-8. The VLNC60/VLNC61/VLNC62/VLNC64 circuit pack cannot support mixed transport modes (RFC 4553 and MEF-8) simultaneously. In order to support a Metro Ethernet Forum 8 (MEF-8) based circuit emulation service, the user can specify an option for the mode of Circuit Emulation Service on the pack, either MPLS or Ethernet. If the mode of circuit emulation service is changed (from MPLS to Ethernet, or Ethernet to MPLS), all existing configurations are cleared and the pack is reset. Alcatel-Lucent 1850 TSS-5 can connect to either an MPLS network or a Metro Ethernet network; Alcatel-Lucent 1850 TSS-5 cannot connect to both simultaneously.
If MPLS is selected, then the circuit emulation service is based on RFC 4553. If Ethernet is selected, then the circuit emulation service is based on MEF-8. In the Ethernet mode, PSN Tunnel requires an endpoint which is based on Ethernet MAC address. The PWEs transported in Ethernet mode will have Ethertype of 0x88d8. In the Ethernet mode, there is no UPSR-like protection solution for the PWEs and end-to-end protection via BFD is not supported. If there is physical failure on Ethernet port that supports the PSN Tunnel, the PWE switches to the backup PSN Tunnel.
Ethernet mode specifies a differential timestamp frequency of 25 MHz. By default, the frequency for differential timestamp on the VLNC60/61/62/64 packs is 77.76 MHz. Beginning in Release 5.1, the VLNC60/61 packs also support the 25 MHz frequency. Beginning in Release 6.0, the VLNC64 packs support 25 MHz frequency.
Note:
The VLNC64 must be Series 1:2 (S1:2) or later, to support the 25 MHz frequency.
Ethernet ring protection
Ethernet ring protection (ERP) is based on ITU-T G.8032 and provides rapid switching (50 ms) for physically directly-connected Ethernet links in a ring configuration. The links in the ring can be a mix of FE and GbE ports. ERP is supported on optical PTM ports 1–4 on VLNC40/42/42B circuit packs. Each circuit pack can support a maximum of two rings.
Figure 3-12, Ethernet ring protection example illustrates a four-node ring. One of the links on Node 4 has been provisioned to be the Ring Protection Link (RPL). This is the link that by default is blocked for normal traffic. Node 4 is therefore the RPL Owner and blocks traffic bidirectionally. Switching is revertive – when a failure clears in the ring, the RPL is blocked (after a wait-to-restore delay).
The ring has a VLAN dedicated to APS signaling, called the R-APS channel. Messages are R-APS protocol data units (PDUs). When a change occurs in the ring, 3 R-APS PDUs are sent quickly; otherwise R-APS PDUs are sent every 5 seconds. Under most conditions, only a single node in the ring is sending R-APS messages. The link that is blocked in the ring is blocked bidirectionally by the RPL Owner, or by the node(s) detecting a failure. The R-APS channel within a blocked link is also partially blocked: it does not forward any messages it receives, but the node can initiate or receive messages. The VLAN used for the R-APS channel must be the same at every node in the ring, and should not be used for any other purpose. All traffic within the physical ports is protected. Switching is based on line failures. ERP switching is supported on Q-in-Q node service providers ports or customer ports; within a node both ports must be of the same Q-in-Q type.
Figure 3-12: Ethernet ring protection example
Ethernet service multiplexing and bundling
In addition to the All-to-one Bundling capability supported in previous releases, in Release 5.1 Alcatel-Lucent 1850 TSS-5 supports Ethernet service multiplexing and bundling capabilities of MEFh Ethernet Virtual Connections (EVCs) on the VLNC40/42/42B circuit packs. In Q-in-Q nodes, Ethernet service multiplexing allows packets incoming from a customer port to have different outer (SVLAN) tags added, based on the incoming tag (CVLAN), preserving all the customer VLAN information. Untagged packets may also be mapped to an SVLAN using 0 (zero) as a special CVLAN for mapping untagged or priority-tagged packets. Every incoming packet receives a per-port provisionable default VLAN (DVLAN, provisioned using the vlan pvid <vlanid> command), unless it already had a tag with the DVLAN. This DVLAN must then be mapped to the proper SVLAN. After Level 2 switching (based on the DVLAN), the DVLAN tag is overwritten by the configured SVLAN.
Important!
Each NNI may communicate with service-multiplexed ports, or with non-service-multiplexed ports, but not both.
All Network-Network Interfaces (NNIs), also called service provider ports, must be PTM-based ports in order to turn on service-multiplexing on a User-Network Interface (UNI), (also called a customer port). Service multiplexed ports cannot be turned into NNI ports. When a port has service-multiplexing turned on, Level 2 switching occurs based on the port's pvid, so a packet will only egress the destination port if that port's VLAN participation include list contains: both the ingress port's DVLAN and a mapped SVLAN if the destination is an NNI, and both the ingress port's DVLAN and a mapped CVLAN if the destination is a UNI. Untagged and priority tagged packets are mapped using the special value of "0" (which is otherwise not a valid VLAN value). Packets with CVLAN values that do not have a mapping are dropped.
Figure 3-13: Service multiplexing concept
Service protection based on UPSR/SNCP path switching
TDM service protection can be provided using UPSR/SNCP path switching. A DACS or similar device that provides a grooming function is required at one end to support UPSR/SNCP path switching.
At one end of a typical network, a single VLNC60/61/62 Circuit Emulator circuit pack is configured with two bidirectional tunnels. Each tunnel terminates on a different VLNC64 Circuit Emulation Mini-hub circuit pack at the opposite end. Each tunnel has bidirectional forwarding detection (BFD) enabled. BFD is a network protocol that provides low-overhead method of detecting faults across media that does not support failure detection, like asynchronous messaging across Ethernet. BFD switch times are on the order of several seconds, rather than msec.
Each VLNC64 Circuit Emulation Mini-hub circuit pack is connected to the DACS. The DACS must be configured for UPSR/SNCP path switching. In the transmit direction, the DACS sends data in both directions of the UPSR/SNCP ring to both VLNC64 Circuit Emulation Mini-hub circuit packs. In the receive direction, the DACS receives traffic from only one VLNC64 Circuit Emulation Mini-hub circuit pack based on which VLNC64 Circuit Emulation Mini-hub circuit pack receives traffic on the tunnel. The other VLNC64 Circuit Emulation Mini-hub circuit pack sends VT/VC level AIS to the DACS.
ML-PPP termination
The Alcatel-Lucent 1850 TSS-5 VLNC60/61/62 Circuit Emulator circuit pack can terminate ML-PPP links on up to 8 DS1/E1 interfaces (VLNC60/62) or 16 DS1/E1 interfaces (VLNC61). The pack terminates the DS1/E1 ML-PPP links and transmits the data over Ethernet links running 802.1Q encapsulation. This reduces frame overhead associated with data backhaul over DS1/E1, and reduces the number of ML-PPP sessions that must be terminated by the MLS router.
Layer 2 control protocol tunneling
Layer 2 Control Protocols (L2CPs) are used for several purposes in IEEE 802 standard networks, including link maintenance, aggregation, [fllig ]ow control, authentication, identity/capability discovery and management. L2CPs are also used for managing the behavior of LAN bridges, including STP/RSTP/MSTP and GARP/MRP. The VLNC40/42/42B circuit packs support L2CP tunneling. A L2CP frame is identified by the destination MAC address.
On the VLNC40/42/42B, L2CP Tunneling (l2cp-tunnel) can be enabled or disabled on a port-by-port basis. When the mode is disabled, all the rules and characteristics described for the peering of supported protocols apply. When the l2cp-tunnel mode is enabled on a port, all customer L2CP frames/messages for supported and unsupported protocols that are received at that port are forwarded. Because the tunneled protocol is either disabled or unsupported, VLNC40/42/42B does not interpret any of the frames associated with a tunneled protocol.
L2CP Tunneling must be enabled on the terminating customer LAN/host port, as well as all Ethernet ports carrying the tunneled frames at all nodes through the network. Layer 2 control protocol tunneling may not be enabled on ports that are part of a protected Ethernet ring.
Note:
Refer to Layer 2 control protocol tunneling for more information.
Applications
Ethernet applications are examples of what users can do with the services and topologies described in previous sections. The user can be the owner of the equipment or a client of the owner. For example, an ISP can have a private network or buy the services from an LEC to construct the application. Applications include:
LAN interconnect
Two or more enterprise LANs are interconnected. The LANs may be point-to-point Private Line connections, in which case Ethernet switching services are not provided. If Virtual Private Lines are desired, Ethernet switching is required. Even so, in a three-node LAN Interconnect application composed of Virtual Private Lines the middle node has two termination ports, one for each neighbor. This is different from a three-node LAN Extension (next application) using Virtual Private LAN in which the middle node may have only one (effectively a hub) port.
LAN extension
Sometimes called intranet or Layer 2 VPN, this extends an enterprise LAN to multiple locations via embedded Ethernet switching. Either Private LAN or Virtual Private LAN may be used.
Transparent LAN is a common form of LAN Extension in which the subscriber's traffic is transported without regard to the presence of subscriber VLAN tags. Transparency is achieved by the use of Port Tags, avoiding the need for the provider to administer VLANs with subscribers. The Port Tag is effectively a customer ID; only ports in the network assigned a particular customer ID will exchange traffic.
In Non-Transparent LANs, greater flexibility is available when the subscriber's 802.1Q tags are used for traffic management (802.1Q mode). For example, the priority bits within the tag can be used to give a portion of the subscriber's traffic, for example VoIP, preferential treatment through the network versus its file transfer or Internet traffic. Although in a Virtual Private LAN service a Non-transparent LAN application requires the administration of VLAN IDs among customers, in a Private LAN where no other customers share the embedded Ethernet switch this is not necessary.
ISP access
In this application an ISP uses a provider's network to collect Internet traffic. It is also an example of a trunking application, where traffic from multiple customers is handed off to the ISP router on a single trunk link for efficiency. The Virtual Private LAN service may be used to efficiently transport the best-effort Internet traffic. It is typically done using the 802.1Q mode for separating the ISP's clients' traffic. If the ISP's router supports stacked VLANs then it can be done in Transparent Mode The trunk link may be GbE while the access links may be 10/100 Mb/s Ethernet.
Internet access
In this application the ISP owns the network. In this case the clients' traffic is untagged. The ISP adds tags for customer separation using the 802.1Q mode. The ISP administers the tags directly; there is no third party involved.
Wireless backhaul
In this application a wireless service provider uses Ethernet links between remote base transceiver stations (BTS) and the central office to transport TDM/voice or data. TDM information for DS1/E1 signals is carried over pseudowires within Ethernet tunnel connections. The DS1/E1 signals at the base transceiver stations (BTS) are connected to the DSX in the central office over the Ethernet pseudowire connections. Timing for the DS1/E1 signals is handled via BITS input, IEEE 1588 PTP, or Synchronous Ethernet. Data backhaul is handled by terminating ML-PPP links containing data at the remote location and transmitting the data via Ethernet over the EATN.
Video distribution
Video distribution can be accomplished using Ethernet Multicasting. A Private LAN service is used to guarantee the bandwidth. Video traffic, generated at the head end, is sent using a multicast address. Transparent mode or 802.1Q mode may be used. At each node the traffic is dropped to its user and also duplicated and sent to the rest of the Private LAN. Because of the duplication process, the maximum throughput is only half the line rate, for example 500 Mb/s on GbE links.