County of Sacramento Opt-E
Download
Report
Transcript County of Sacramento Opt-E
Opt-E-MAN Network
Overview, Implementation and Security
El Dorado County Office of Education
May 2007 – Technology Advisor Group
Dieter Wittenberg, Technical Sales Consultant
Opt-E-MAN Product Overview
• Switched Metro Ethernet Product Offering
• IntraLATA only
• Select Metros
OPT-E-MAN® does not cross Lata boundaries
OPT-E-MAN® does not offer Long Distance Ethernet*
With few exceptions, OPT-E-MAN® does not go Out of
Franchise
• Metro Ethernet Forum (MEF) 9 - Certified April 2006
• Certified Cisco Powered Network - Certified May 2006
• 24x7 management and monitoring center
• Enhanced Network Operations Center (ENOC) located in
Sacramento, California-1.888.644.3662
• Provides Single Point of Contact for service
Tier 1 and Tier 2 support provided by ENOC
Tier 3 support provided by Cisco
• All technicians on staff at ENOC, minimum CCNA certified
CCNA= Cisco Certified Network Administrator
Page 2
Opt-E-MAN Primary Applications
• OPT-E-MAN can be used to support a variety of applications.
• Ethernet Virtual Private Line Service (Basic Service)
Extends LAN into MAN
Data (E-Mail, Storage, Back-up)
Supports VLANS for customer traffic segregation (Tagged
Traffic)
Supports “Port Based” (Tagged and Untagged Traffic)
• Ethernet Virtual Private LAN Service (Basic Plus Service)
Supports true any to any connectivity
Single Domain as if locations were part of same LAN
segment
Supports VLAN’s for customer traffic segregation
Supports “Port Based” (Tagged and Untagged Traffic)
• Supports access to Layer 3 services i.e. Dedicated Internet
Access (DIA) and VPN services, as well as access to Layer 2
Wide Area Ethernet
Video
VoIP
EDIA Today, MIS Coming soon
Page 3
Additional Benefits
• SLAs are a major advantage
Latency = <27ms one way, Bronze Grade of Service (GoS)
Latency = <18ms one way, Silver GoS
Jitter = N/A, Bronze GoS
Most aggressive SLA’s available via ICB
Jitter = 12ms one way, Silver GoS
• Powerful alliance with Cisco
Cisco Edge to Edge
Certified Cisco Powered Network
• Flexibility
Single connection to support multiple services i.e. Internet
Access, NVPN, Extranet supplier, Storage Provider
• Emerging peer-to-peer communications supported
IP Telephony and Instant messaging
Positioned to support future IP based technologies
High bandwidth applications supported such as video &
storage
Page 4
OPT-E-MAN® is a Layer 2 Shared Switched Solution
• OPT-E-MAN does not provide or support:
• Oversubscription
Aggregate EVC bandwidth cannot exceed CIR on any port
• Depending on how customer service is configured,
customer-initiated Spanning Tree, VTP, or CDP is not
supported
If service is using multiplexed virtual connections over
single physical connection, then cannot support these. Port
based services DO transport these traffic types
• Bursting
• Dedicated customer equipment or network
Page 5
OPT-E-MAN® Grades of Service
• OPT-E-MAN currently provides 2 Grades of Service (GoS)
• Bronze: suggested for traffic with more latency toleration such
as general data traffic, internet access, etc.
• Silver: suggested for more critical applications with low-latency
requirements such as VoIP
• Rate limit set on customer-facing port on the NTE
• Allows AT&T to provide Committed Information Rate (CIR)
• Customer should use CPE for traffic shaping whenever possible
to maintain application performance
• OPT-E-MAN will support frames up to 1546 bytes
Classification
AT&T Edge
Page 6
Policing
Policer
Drops
Grades of Service
(continued)
• AT&T marks 802.1p CoS bits for differentiated SLAs
• Customer IP ToS maintained end-to-end
• Nothing is changed in the Layer 3 packet
• Congestion Avoidance and Egress Queuing throughout EoMPLS
network
Classification
Policing
AT&T EDGE
Page 7
Congestion
Avoidance
Marking
Queuing
Queue
Drops
Scheduling
Ethernet Virtual Private Line Service - Basic
•
•
•
•
Layer 2 Virtual Private Network over a shared EoMPLS core
Provides Virtual Point to Point and Point to Multipoint connectivity
Supports Port and VLAN based implementations
Supports multiple Grades of Service
•802.3•-•VLAN
•Access
•802.3•-•VLAN
•Access
•MPLS Core
•VLAN •Red
Layer
2&3
•MPLS VC
•ISP/WAN
•3550
•3550
•7609
•7609
•VLAN •Blue
•VLAN •Brown
•MPLS
•Core
•GigE
•GigE
•VLAN •Green
•Basic Service -Point
to Point & Point to
Multipoint
•7609
•VLAN •–•MPLS•-•VC Translation
•Fiber
•Physical Link
•3550
•3550
Page 8
•3550
Opt-E-MAN with Point-to-Point EWS
(Ethernet Wire Service)
VoIP Call Site 2 to Site 1
NTE - Cisco
3550
Site 1
Site 1 Ports/CIR
Site 2
NTE - Cisco
3550
Site 2 Ports/CIR
10/100 Mbps Port, 50 Mb CIR
to 799 G Street
10/100 Mbps Port, 50 Mb CIR
to 799 G Street
10/100 Mbps Port, 50 Mb CIR
to Branch Center
50 Mb
CIR
50 Mb
CIR
VoIP Call
Completion
10/100 Mbps Port, 50 Mb CIR
to Branch Center
50 Mb
CIR 50 Mb
CIR
VoIP Call Setup
Datacenter 1
Datacenter 2
NTE - Cisco 3550
NTE - Cisco 3550
Ethernet
Ethernet
AT&T EoMPLS Opt-E-MAN Network
vlans
Datacenter 1 Ports/CIR
Datacenter 2 Ports/CIR
1 Gb Port 1 Gb CIR
To Datacenter 2
1 Gb Port 1 Gb CIR
To Datacenter 1
10/100 Mbps Port, 50 Mb
CIR to Site 1
10/100 Mbps Port, 50 Mb
CIR to Site 2
10/100 Mbps Port, 50 Mb
CIR to Site 3
10/100 Mbps Port, 50 Mb
CIR to Site 4
Site 3 Ports/CIR
Site 4 Ports/CIR
10/100 Mbps Port, 50 Mb CIR
to 799 G Street
10/100 Mbps Port, 50 Mb CIR
to Branch Center
Site 4
Page 9
50 Mb
CIR
NTE - Cisco
3550
50 Mb
CIR
50 Mb
CIR
50 Mb
CIR
10/100 Mbps Port, 50 Mb CIR
to 799 G Street
10/100 Mbps Port, 50 Mb CIR
to Branch Center
NTE - Cisco
3550
Site 3
10/100 Mbps Port, 50 Mb
CIR to Site 1
10/100 Mbps Port, 50 Mb
CIR to Site 2
10/100 Mbps Port, 50 Mb
CIR to Site 3
10/100 Mbps Port, 50 Mb
CIR to Site 4
Opt-E-MAN with Multiplexed UNI/ERS
(Ethernet Relay Service)
VoIP Call Site 2 to Site 1
Site 1
NTE - Cisco
3550
Site 2
NTE - Cisco
3550
Site 1 Ports/CIR
Site 2 Ports/CIR
10/100 Mbps Port
10/100 Mbps Port
EVC - 50 Mb CIR to 799 G Street
EVC - 50 Mb CIR to Branch Center
EVC - 50 Mb CIR to 799 G Street
EVC - 50 Mb CIR to Branch Center
Datacenter 1
Service
Multiplexed
UNI
50 Mb
CIR
50 Mb
CIR
VoIP Call
Completion
50 Mb
CIR
NTE - Cisco 3550
VoIP Call Setup
50 Mb
CIR
NTE - Cisco 3550
Service
Multiplexed
UNI
Datacenter 2
802.1Q Trunk
802.1Q Trunk
AT&T EoMPLS Opt-E-MAN Network
vlans
vlans
Datacenter 1 Ports/CIR
Datacenter 2 Ports/CIR
1 Gb Port 1 Gb CIR
To Datacenter 2
1 Gb Port 200 Mb CIR
Site 4 Ports/CIR
EVC - 50 Mb CIR, Site 1
EVC - 50 Mb CIR, Site 2
EVC - 50 Mb CIR, Site 3
EVC - 50 Mb CIR, Site 4
10/100 Mbps Port
50 Mb
CIR
50 Mb
CIR
EVC - 50 Mb CIR to 799 G Street
EVC - 50 Mb CIR to Branch Center
Site 4
Page 10
50 Mb
CIR
50 Mb
CIR
1 Gb Port 1 Gb CIR
To Datacenter 1
Site 3 Ports/CIR
1 Gb Port 200 Mb CIR
10/100 Mbps Port
EVC - 50 Mb CIR, Site 1
EVC - 50 Mb CIR, Site 2
EVC - 50 Mb CIR, Site 3
EVC - 50 Mb CIR, Site 4
EVC - 50 Mb CIR to 799 G Street
EVC - 50 Mb CIR to Branch Center
NTE - Cisco
3550
NTE - Cisco
3550
Site 3
Ethernet Virtual Private LAN Service – Basic Plus
• Basic Plus Service provides true any-to-any connectivity
• Multipoint to Multipoint = Fully meshed design
• Supports both point to point and multipoint via same port
• Multiple VPLS instances supported via same port
802.3VLAN
Access
802.3VLAN
Access
MPLS Core
OPT-E-MAN®
3550
E-LAN Blue
7609
7609
E-LAN Red
3550
7609
3550
7609
3550
3550
3550
Page 11
Opt-E-MAN with Meshed Multipoint EWS
VoIP Call Site 2 to Site 1
Site 1
NTE - Cisco
3550
Site 2
NTE - Cisco
3550
Site 2 Ports/CIR
Site 1 Ports/CIR
10/100 Mbps Port
10/100 Mbps Port
Datacenter 1
Service
Multiplexed
UNI
EVC – 20 Mb Silver CIR to MP Cloud
EVC – 80 Mb Bronze CIR to MP Cloud
VoIP Call
Completion
EVC – 20 Mb Silver CIR to MP Cloud
EVC – 80 Mb Bronze CIR to MP Cloud
VoIP Call Setup
Service
NTE - Cisco 3550
NTE - Cisco 3550
Multiplexed
UNI
Datacenter 2
802.1Q Trunk
802.1Q Trunk
Multi-point Cloud
vlans
vlans
Datacenter 1 Ports/CIR
Datacenter 2 Ports/CIR
1 Gb Port 1 Gb CIR
To Datacenter 2
1 Gb Port 1 Gb CIR
To Datacenter 1
AT&T EoMPLS Opt-E-MAN Network
1 Gb Port 250 Mb CIR to MP
Cloud
Site 3 Ports/CIR
Site 4 Ports/CIR
EVC – 20 Mb Silver CIR to
MP Cloud
EVC – 80 Mb Bronze CIR to
MP Cloud
10/100 Mbps Port
10/100 Mbps Port
Site 4
Page 12
EVC – 20 Mb Silver CIR to MP Cloud
EVC – 80 Mb Bronze CIR to MP Cloud
EVC – 20 Mb Silver CIR to MP Cloud
EVC – 80 Mb Bronze CIR to MP Cloud
NTE - Cisco
3550
NTE - Cisco
3550
Site 3
1 Gb Port 250 Mb CIR to MP
Cloud
EVC – 20 Mb Silver CIR to
MP Cloud
EVC – 80 Mb Bronze CIR to
MP Cloud
OPT-E-MAN® Service Level Agreements (SLAs)
•
All SLAs are tariffed in the both state and federal tariffs with associated credits
•
Network provides an Availability Service Level Agreement (SLA) of 99.95%, per month
•
•
•
•
•
Service Outage Credit is offered per location in instance that customer’s
service is disrupted
PDR, Latency and Jitter SLA’s are offered on an end-to-end basis,
including local loop!
Two Grades of Service are available: Bronze and Silver
•
•
•
Improved SLA’s are offered through ICB
Takes sample measurements of traffic using SAA probes established by
the ENOC
Bronze SLA:
Packet Delivery Rate - 99.5%
Latency - 27ms one way
Silver for applications requiring minimal loss and low jitter such as Voice
over IP
Packet Delivery Rate - 99.9%
Latency – 18 ms one way
Jitter – 12 ms
OPT-E-MAN Basic offers the following Service Level Objectives (SLOs)
•
•
Page 13
MTTR: 4 hrs. end-to-end, including the local loop, per month
Installation: mutually agreed upon due date established on location by
location basis based on fiber availability and equipment availability
Customer Responsibilities - MPOE
Customer CPE
OR
OSP FIBER
FROM C.O.
CUSTOMER PROVIDED
CABLING TO EQUIPMENT
4’ X 4’ X 3/4”
FIRE RATED
PLYWOOD
BACKBOARD
MOUNTED TO
STUDS
CUSTOMER TO
PROVIDE
DEMARC
PANEL RJ-45
FIBER
TERMINATION
PANEL
10/100/1000/GBIC
PORTS FACING UP
FIBER PANEL
CISCO 3550
(OPTIONAL)
6’ AC POWER CORD
(PROVIDED BY AT&T)
Room Requirements:
Temperature: 40°F to 85°F
Humidity: 10% to 85%
(non-condensing)
Page 14
ONLY PLACED WHEN
HANDOFF TO CUSTOMER
IS OPTICAL
Customer Must Provide
110V 15 amp AC outlet
Properly Grounded, 3 prong
Traffic Shaping
• When traffic policing is applied on the OPT-E-MAN® network, traffic
shaping is required in order to ensure that packets are not dropped
when entering the network.
• If shaping is not turned on, AT&T will randomly drop traffic
if the customer exceeds the amount of Committed
Information Rate (CIR) that is contracted per connection.
Most routers on the market should support traffic shaping, which
makes it easy to implement in its simplest form.
• Shaping is supported in the standard Cisco IOS since it is a
common IP software function.
• OPT-E-MAN® can scale from 5 Mbps to 1 Gbps as long as the
customer can shape their traffic - If customers are not able to
shape their traffic, they should purchase service in the
10/100/1000 Mbps speed tiers to achieve maximum use of the
bandwidth. Failure to comply with this recommendation
could result in reduced throughput and performance!
Page 15
CPE and MAC Addresses
• Customer CPE can be a Layer 3 Switch or Router. If a customer
elects to connect to the OPT-E-MAN® network using a switch, then
the customer must be aware of the limitations on Media Access
Control (MAC) addresses per port.
• There are certain types of equipment that can’t work with the
3550. The CPE that Cisco has identified are the Cisco 8550
and the Cisco 5550. The basic problem is that these switches
will cause an intermittent 2-second flap.
• Other vendor’s equipment is unknown at this time.
• MAC Address Limitations
• If the customer connects to the OPT-E-MAN network using a
bridge or switch for Layer 2 connectivity, a total of 50 MAC
addresses can be utilized per Layer 2 device, per port.
• Any additional MAC addresses will be assessed an additional
charge, with a limit of 100 MAC addresses total per
port.MAC Address Limitations - OPT-E-MAN®
Page 16
Multicast and Broadcast traffic limitations
• The following information should be shared with your
customer regarding traffic controls that are placed on Basic
Plus (multipoint-to-multipoint) OPT-E-MAN® network
configurations
• Broadcast Traffic - is used to refer to Ethernet frames that are
forwarded to all nodes on the network using the broadcast
Ethernet address.
• Multicast Traffic - is used to refer to Ethernet frames that are
forwarded, in a point to multipoint fashion, across the network to
multiple recipients that belong to groups that are identified using
any of the multicast Ethernet addresses defined by the Internet
Assigned Numbers Authority (IANA) as Internet Multicast.
• Reason for Controls - Continuous and unpredicted floods of
broadcast and multicast traffic can use substantial network
bandwidth to the point of overloading the network’s capacity. For
this reason, it is necessary to place the following limits on the
traffic types noted above:
• Broadcast traffic limitation = 200 packets per second per port
• Multicast traffic limitation = 1 Mbps per port
Page 17
CPE Port Configurations
• Speed set to 100 Mbps (No auto-negotiation)
• Duplex set to Full (No auto-negotiation)
• Traffic Shaping/Policing - limit output rate at or below the
bandwidth usage purchased per connection
• If utilizing multipoint-to-multipoint configuration, customer
should enable controls for multicast and broadcast traffic
within the customer network(s).
• ERS/VLAN tagging - Customer traffic needs to be tagged
with local phone company assigned VLAN(s) provided by the
Ethernet Network Operations Center (ENOC)
Page 18
Caveats
• Changes to Customer Requirements – should the
customer change interface types, quantities, or locations
this would invalidate the network design agreed upon
between AT&T and the customer. This could delay service
turn-up as it may result in a change in the type of Network
Termination Equipment (NTE) to which the customer will be
connecting.
• Distance limitation – The customer may need to address
signal regeneration beyond the demarcation. Demarcations
will be implemented consistent with the regional MPOE and
Demarcation rules. See the following table for signaling
limits from the AT&T NTE, which will be at some point
behind the demarcation.
Circuit Speed
100 Mb
1000-SX
Page 19
Cable type
UTP electrical
(CAT5e or better)
50u Multi-Mode Fiber
Overall Limit
90 M
550M
More things to know…
• If Virtual Local Area Network (VLAN) ID’s are required to achieve
traffic segregation Ethernet Relay Service, (ERS) also referred to
as service multiplexing, the local phone company WILL ASSIGN
all VLAN IDs to customer traffic/connections.
• If the customer will utilize Ethernet Wire Service (EWS) i.e. port
based point-to-point only, no coordination is necessary as the local
phone company will pass both tagged and untagged traffic across
the point-to-point connection.
• The local phone company WILL NOT assign an Internet Protocol
(IP) address to the customer port. The link between customer
and the local phone company is a trunk.
• The local phone company WILL NOT enable Cisco Discovery
Protocol (CDP) to/from the AT&T port.
• The local phone company WILL NOT enable UniDirectional Link
Detection (UDLD).
• The local phone company WILL NOT enable keep-alive.
• The local phone company will also drop customer's Bridge Protocol
Data Unit (BPDU) at User-Network Interface (UNI).
Page 20
Implementation Timing
• Typical installation time is 30 – 90 days
• Depends on AT&T construction and build
requirements
• Curb-to-MPOE build
• Customer MPOE issues are the most common
source of delays
Page 21
OEM Security
Aggregated UNI with DIA Port
District Location 2 Ports/CIR
100 Mbps Port
EVC - 20 Mb CIR to Data Center
Internet
OC-192
to Internet
Data Center Ports/CIR
AT&T EDIA or
EDCOE/HSN
20 Mb
CIR
NTE - Cisco 3550 10 Mb
CIR
50 Mb CIR
vlans
802.1Q Trunk
1 Gb Port 50 Mb CIR
Multiplexed UNI
AT&T OEM
Network
20 Mb
CIR
EVC – 10 Mb to Internet
EVC - 20 Mb CIR, Loc 1
EVC - 20 Mb CIR, Loc 2
District Location 1 Ports/CIR
100 Mbps Port
EVC - 20 Mb CIR to Data Center
Page 22
NTE - Cisco
3550
NTE - Cisco
3550
OEM Security
Aggregated UNI with DIA Port/Edcoe Firewall
District Location 2 Ports/CIR
100 Mbps Port
EVC - 20 Mb CIR to Data Center
Internet
OC-192
to Internet
Data Center Ports/CIR
EDCOE/HSN
w/Firewall
20 Mb
CIR
NTE - Cisco 3550 10 Mb
CIR
50 Mb CIR
vlans
802.1Q Trunk
1 Gb Port 50 Mb CIR
Multiplexed UNI
AT&T OEM
Network
20 Mb
CIR
EVC – 10 Mb to Internet
EVC - 20 Mb CIR, Loc 1
EVC - 20 Mb CIR, Loc 2
District Location 1 Ports/CIR
100 Mbps Port
EVC - 20 Mb CIR to Data Center
Page 23
NTE - Cisco
3550
NTE - Cisco
3550
OEM Security
Aggregated UNI with Separate DIA Port
District Location 2 Ports/CIR
NTE - Cisco
3550
100 Mbps Port
EVC - 20 Mb CIR to Data Center
Internet
OC-192
to Internet
AT&T EDIA or
EDCOE/HSN
20 Mb
CIR
10 Mb CIR
Data Center Ports/CIR
NTE - Cisco 3550
10 Mb CIR
50 Mb CIR
vlans
100 Mb Port 10 Mb CIR
EVC – 10 Mb to Internet
802.1Q Trunk
Multiplexed UNI
AT&T OEM
Network
20 Mb
CIR
1 Gb Port 50 Mb CIR
EVC - 20 Mb CIR, Loc 1
EVC - 20 Mb CIR, Loc 2
District Location 1 Ports/CIR
100 Mbps Port
EVC - 20 Mb CIR to Data Center
Page 24
NTE - Cisco
3550
QUESTIONS
Page 25
Thank You!!
Page 26