MATHEMATICAL EVOLUTIONS FOR RISK MANAGEMENT: THETARAY ANOMALY DETECTION ALGORITHMS ARE A GAME CHANGER
MAINTAINING TDM PERFORMANCE OVER PACKET NETWORKS Mission-critical communication networks serve strategic national assets. Energy (electricity, Gas & Oil, nuclear), transportation, water, government agencies and military organizations are all considered critical infrastructures. The key attributes for their communication networks are reliability, resiliency, and security. Therefore, it is not surprising that they would try to avoid any change from the highly-trusted TDM-based infrastructure to a new packet-based one. However, this shift is inevitable, since TDM-based communication equipment is reaching its end-of-life state and is becoming too expensive to maintain. The inevitable move to packet poses new challenges to strategic industries. These include increased security threats, higher network complexity, and above all, maintaining TDM-predictable and deterministic performance over the packet infrastructure.
MPLS-TP (MPLS Transport Profile) is the most widely accepted technology as the successor for maintaining TDM transport attributes. In this paper, we will outline the key differences between MPLS-TP and IP/MPLS, with special focus on the implications for mission-critical networks. We will present the features that are common to the two technologies that make them interoperable. The paper will also indicate which features were discarded and which functionalities were added to maintain TDM performance attributes over the packet infrastructure. Ultimately, we can see that MPLS-TP and IP/MPLS are complementary—not competing— technologies.
FROM NATIVE ETHERNET TO CARRIER ETHERNET Ethernet has been the standard packet technology in the LAN. Therefore, it was the natural choice for service providers who want to expand packet technology to the WAN. However, native Ethernet has a number of weaknesses that disqualify it from maintaining carrier-grade quality. Many of them are rooted in the connectionless nature of the technology, which does not support deterministic behavior. As a result, native Ethernet performs restoration relatively slowly, has limited scalability, cannot guarantee performance parameters, and does not support service management. To address these issues, MEF (Metro Ethernet Forum) defined a new class of Ethernet— Carrier Ethernet—which features five key attributes:
STANDARDIZED SERVICES enables the coordination of subscribers, service providers, and operators to achieve Carrier-Ethernet based data connectivity between multiple subscriber sites across multiple operator networks.
enables end-user services to run on transport layers that comply with stringent resiliency and recovery constraints.
enables the coordination of subscribers, service providers, and operators to achieve Carrier-Ethernet based data connectivity between multiple subscriber sites across multiple operator networks.
QUALITY OF SERVICE
enables a single network to run multiple services to multiple end-users, running a wide variety of applications with different bandwidth and latency requirements. It also provides the required tools to ensure that services maintain performance requirements according to Service Level Specifications (SLS).
enables service providers to roll out, maintain, and troubleshoot data-connectivity services in a cost-effective and timely manner.
When MEF defined the attributes for Carrier Ethernet compliance, it did not define the implementation method.
MPLS (MULTI-PROTOCOL LABEL SWITCHING) Standardized by the IETF, MPLS is a scalable protocol-agnostic mechanism designed to carry circuit and packet traffic over virtual circuits, known as Label Switched Paths (LSPs). MPLS makes packet-forwarding decisions, based on the contents of the label, without examining the packet payload and is considered as a layer between the traditional definitions of Layer 2 and Layer 3. MPLS (also known as IP/MPLS) was originally developed to facilitate packet forwarding by using label switching. It also has additional attributes, like connection establishment, improved network resiliency, and OAM functions. These all help overcome some of native Ethernet transport shortcomings. However, MPLS has several major deficiencies when implemented in transport networks. These deficiencies became the drive for the development of the MPLS Transport Profile (MPLS-TP).
MPLS-TP (MPLS TRANSPORT PROFILE) MPLS-TP is the result of a joint effort by IETF and ITU-T. The drive behind it is to overcome the drawbacks of IP/MPLS when used for metro transport networks.
MPLS-TP key objectives are: • To enable MPLS deployment in a transport network and to operate in a similar manner to existing TDM transport technologies (SDH/SONET) • To enable MPLS support of packet transport services with a similar degree of predictability, reliability, and OAM to that of existing transport networks.
MPLS-TP AND IP/MPLS COMPARISON MPLS-TP is a simplified version of IP/MPLS that is optimized for transport networks. MPLS-TP is both a subset and an extension of IP/MPLS. The basic label-based packet forwarding is retained. However, some of the complex IP/MPLS functionalities that do not support deterministic performance or that are not connection-oriented were removed. Also, other transport features to facilitate operation and visibility were added. As a result, MPLS-TP is strictly connection-oriented and does not rely on IP forwarding or routing. Nevertheless, MPLS-TP and IP/ MPLS are interoperable, enabling their use within the same network.
COMMON FEATURES MPLS-TP and IP/MPLS share some key functionality.
MULTI-PROTOCOL MPLS is L2-protocol independent and, therefore, is agnostic to the underlying transport protocols. In addition, using a mechanism called pseudowire (PW), it is also agnostic to services running on top of it. MPLS PW is a mechanism that emulates the essential attributes of a native service, while transporting over a packet switched network. With MPLS PW, native services like ATM, Frame Relay, PDH, SONET/SDH, Ethernet, and others, are tunneled through the packet network. Multi-protocol support is well suited to the mixed-technology environment of mission-critical networks (like TDM-based SCADA and packet-based SCADA) and allows gradual and controlled transition.
LABEL SWITCHING In traditional IP routing, each router makes independent routing decisions and determines the next hop, based on its routing table. With MPLS, on the other hand, a path (LSP) from the source to the final destination is predetermined and a “label” is applied to it. The first device in the path adds the MPLS label. Subsequent devices along the path use this label to route the traffic, without any additional IP lookups. The label switching process is considered faster and simpler to implement than routing. The final destination device removes the label and the packet is delivered via normal IP routing, in the case of IP service.
ADDED FEATURES In order to maintain TDM-like deterministic performance, visibility and control, several features that do not exist in IP/MPLS were added in MPLS-TP. These additional features or modifications of existing IP/MPLS features are divided into four responsibilities:
for packet forwarding
for label distribution and LSP setup
for monitoring and troubleshooting information
PROTECTION AND RESILIENCY for maintaining undisrupted service
DATA PLANE Bidirectional LSPs A key difference between MPLS-TP and IP/MPLS involves the LSP. IP/MPLS uses unidirectional LSPs. This means that traffic from A to B and from B to A can follow different paths. MPLS-TP on the other hand, uses bidirectional LSPs, meaning that traffic in both directions uses exactly the same path. Bidirectional LSPs are required for deterministic performance. They simplify network operation and provide easier SLA control.
Teleprotection Example Teleprotection systems detect faults in the power grid and use circuit breakers to prevent them from affecting larger parts of the grid. Fast failure detection and rapid reaction of the teleprotection systems are critical for operating and maintaining a robust and reliable electric grid. Many teleprotection systems base their operation on the exchange of data, via the communication channel between the teleprotection relays on either side of the power line. Clearly, a teleprotection system’s proper operation is highly dependent upon the communication channel that delivers information sent from both sides of the protected line. Therefore, it is critical to maintain low and symmetric latency and jitter over the communication channel.
MPLS-TP deterministic performance (latency, jitter, timing) and bidirectional LSPs for symmetric communication are best suited to meet these requirements.
1588v2 Synchronization Example Packet technologies (unlike synchronous SONET/SDH technologies), lack inherent synchronization. Mission-critical networks rely on accurate timing and synchronization in a wide range of applications. These include: • CES (Circuit Emulation) – delivering TDM services (SCADA, E1/T1, SDH/SONET) from TDM based edge equipment over packet transport Synchronous Phasor Measurement (Synchrophasors) - synchronized measurements of the electrical waves at various locations in the power system are used to provide better visibility and control of the power grid • Control IEDs (Intelligent Electronic Devices) – time synchronization is required for accurate analysis of timeevents recorded by the IEDs. • Teleprotection – accurate time stamps on measurements taken on both sides of the protected line, as described above. The two common techniques being used to provide synchronization over packet are Synchronous Ethernet and 1588v2. In a mission-critical environment, usually only 1588v2 supports the required accuracy. In addition, since unlike SyncE, 1588v2 requires support by only the two end points, it easier to implement within a brown field environment. 1588v2 is Timing over Packet (ToP) technique based on back-and-forth exchange of time/stamp information. Being a packetbased technique, the packets that carry the timing information compete with all other data services and routing protocol information for network resources. Thus, they are impacted by the network traffic load. The key factor that affects the synchronization performance over packet is the Packet Delay Variation (PDV). This is the variation in the transfer delay of the packet. Once again, it is evident that proper synchronization performance can only be guaranteed with deterministic, bidirectional MPLS-TP LSPs.
CONTROL PLANE Management/Control and Data Plane Separation IP/MPLS does not separate between control and data planes. With MPLS-TP, the management/control plane is totally isolated from the data plane. The importance of total separation is that a failure in the management/control plane cannot impact the traffic. The result is a much more robust, reliable and secure network.
OAM (OPERATION ADMINISTRATION AND MAINTENANCE) OAM includes all connectivity verification tools for checking PW and LSP integrity. With IP/MPLS, OAM data is transmitted out-of-band and might not take the same path as data traffic. With MPLS-TP, as with SDH/SONET, OAM is carried with the user traffic within the MPLS-TP frame using G-Ach (Generic Associated Channel). In-band OAM ensures transport-like operation, supporting the connection-oriented concept. Moreover, MPLS-TP OAM proactive monitoring triggers fast switch-to-protection. This enables faster troubleshooting and makes the network performance more predictable.
PROTECTION With IP/MPLS, sub-50 msec convergence cannot be guaranteed when using the LDP signaling protocol. A Fast Reroute (FRR) protection scheme that can guarantee sub-50 msec switch-to-protection for ring topology, requires the RSVP-TE signaling protocol. This is not scalable in large networks and does not fit all topologies With MPLS-TP, sub-50 msec switch-to-protection is guaranteed for any network topology, using hardware-based proactive OAM, static FRR provisioning, and a variety of protection schemes. Guaranteed sub-50 msec mission-critical grade switch-to-protection is essential for maximum network availability and undisrupted service continuity.
DISCARDED FEATURES The discarded section refers to the features or mechanisms used by IP/MPLS, but not by MPLS-TP. As a rule, all features and mechanisms that are not used by MPLS-TP do not comply with the connection-oriented nature of transport networks, and therefore, impair predictable deterministic performance.
PHP (Penultimate Hop Popping) PHP, used by IP/MPLS, removes the MPLS label one node before the egress node, to minimize router processing. Removing the outer label makes MPLS-TP OAM invalid and protection schemes are unable to function. In addition, PHP assumes traffic is IP, which is not necessarily the case. This is why MPLS-TP doesn’t use PHP.
LSP Merge LSP merge means that two or more LSPs (with the same destination) are merged to use the same MPLS label. This reduces the number of labels used in the network. LSP merge causes loss of source information, which prevents the original LSPs from being monitored end-to-end. Therefore, it is not used by MPLS-TP.
ECMP (Equal Cost Multiple Path) ECMP allows a traffic split within the same LSP over multiple LSPs with the same cost. This results in different packets taking different paths. ECMP is not deterministic and contradicts the concept of connection-oriented operation. Therefore, it is not used by MPLS-TP.
Control Plane While LSP is a network-wide path, the label value is local and can be changed along the way. MPLS signaling protocol is used to map LSPs to specific label values: •
Label Distribution Protocol (“LDP”) - simple non-constrained protocol (no traffic engineering support).
Resource Reservation Protocol with Traffic Engineering (“RSVP-TE”) – more complex protocol with more overhead, which includes support of traffic-engineering via network resource reservation.
IP/MPLS is strictly dependent upon control plane protocols. Traffic engineering (TE) and FRR, which are supported only by RSVP-TE protocol, are complex and do not scale well for large networks.
MPLS-TP does not require any control plane protocols for its operation. LSPs and pseudowires can be provisioned statically using a Network Management System (NMS). This is the same way it is already implemented on the legacy TDM-based transport network.
Eliminating the control plane and using central control provides all fast reroute and traffic engineering features, without the complications of running a distributed control plane in every network element. The result is CAPEX and OPEX savings.
The use of a distributed control plane by IP/MPLS requires substantial processing power and memory to run control plane protocols on every NE. This affects cost, power consumption, and stability. Managing a large number of routing tables requires expert IP routing knowledge and is an operational challenge, especially for large-scale networks.
MPLS-TP, on the other hand, scales easily. Eliminating the need to manage complex routing tables. It keeps NEs simple and cost-effective and the centralized multiprocessor servers (NMS) scale easily, as required.
COMPLEMENTARY OR COMPETING? Clearly, MPLS-TP overcomes IP/MPLS transport gaps, making it a better fit for mission-critical operational networks. However, IP/MPLS’s facilitates operation in a dynamic environment and is commonly used at the core of the networks.
ECI’s Elastic MPLS supports both MPLS-TP and IP/MPLS from the same network element, including signaling gateway functionality between the two protocols. Elastic MPLS enables the use of the best-suited technology for each network domain, without being forced to use the same technology across the entire network. It is likely that seamless interworking provided by Elastic MPLS will be compulsory, since IP/MPLS is commonly used at the core of the network and in IT networks that are separated from the operational networks. Conversely, MPLS-TP is best suited whenever deterministic performance and full visibility and control are required. With the Neptune product line, you enjoy the best of two worlds, with flexible and risk-free MPLS implementation.
With the Neptune product line, you enjoy the best of two worlds, with flexible and risk-free MPLS implementation.
MPLS-TP and IP/MPLS are complementary technologies, each having unique characteristics better suited to different network domains and requirements. Combining packet efficiency with mission-critical grade performance, MPLS-TP is the best fit for packet-based mission-critical operational networks. Since IP/MPLS is typically used in other network domains, a gateway functionality between IP/MPLS and MPLS-TP, like the one provided by ECI’s Elastic MPLS, enhances the adoption of MPLS-TP in mission-critical networks.
Contact us to discover how ECI ensures risk-free and future-proof transition to packet. ABOUT ECI ECI is a global provider of ELASTIC network solutions to CSPs, utilities as well as data center operators. Along with its long-standing, industry-proven packet-optical transport, ECI offers a variety of SDN/NFV applications, end-to-end network management, a comprehensive cyber security solution, and a range of professional services. ECI's ELASTIC solutions ensure open, future-proof, and secure communications. With ECI, customers have the luxury of choosing a network that can be tailor-made to their needs today – while being flexible enough to evolve with the changing needs of tomorrow. For more information, visit us at www.eci tel e.com 12