The exponential growth of the Internet over the past several years has placed a tremendous strain on service provider networks. Not only has there been an increase in the number of users but there has been a multifold increase in connection speeds, backbone traffic, and newer applications. Initially, ordinary data applications required capability in a best-effort manner; but newer applications, like Virtual Private Networks (VPNs), voice, multimedia traffic, and real-time e-commerce applications, are pushing toward higher-bandwidth and better service guarantees. The major technologies currently in use that provide such Quality of Service (QoS) include Multi-Protocol Label Switching (MPLS) and Provider Backbone Transport (PBT).
Network operators are challenged by the radical shift in service revenue and technology that has occurred in the last two decades. In the late 1980s, nearly all service revenue was generated by wireline voice and leased-line services, based on traditional time division multiplexing (TDM) and Synchronous Optical Networking (SONET)/Synchronous Digital Hierarchy (SDH) or “circuit-switched” network infrastructures. By the late 1990s, it was clear that the growth of the Internet and the shift of business to packet-based services, including frame relay, Asynchronous Transfer Mode (ATM) and Internet Protocol (IP) services, would create a completely new revenue and service model.
Today, carriers are faced with increased competition in the “bit-pipe” business, a business model based purely on connectivity as a utility, but with both lower revenue and lower margins. The bit-pipe model, rather than emphasizing content and services, is driven by operational excellence. In order to maintain profits amidst declining revenues, carriers that adopt the bit-pipe approach are forced to reduce their operating costs, driven by IP technology, infrastructure consolidation, process automation, operational outsourcing and cutthroat competition. Further, carriers are looking to drive new top-line growth from a growing array of value-added services, such as managed business services, connection-oriented services, including Voice over IP (VoIP), IP Television (IPTV), and broadband Internet, and wholesale offerings, both outsourced and insourced, as well as turning to smaller enterprise customers to fuel their financial future.
In doing this, carriers are adding to another dominant trend: customer demand for bandwidth in orders of magnitude greater than that consumed just a few years ago, and fueling the need for automated turnkey service offerings for small and medium enterprises outsourcing Information Technology (IT) to the carrier. As a result, carriers must find a way to satisfy customer demand for products by creating a portfolio that includes multiple and clearly-differentiated services, from the simplest bit-pipe through sophisticated applications, while increasing the automation through the entire service lifecycle. However, these services are layered over disparate physical infrastructures with different constraints. For example, in the metro aggregation, managing costs is critical with the increased availability of bandwidth. Service providers want to construct new services through component reuse instead of independent stovepipes, which requires that these applications utilize a common physical infrastructure.
As demand for packet services has grown and surpassed the demand for voice and circuit services, traditional carriers have found themselves operating separate circuit- and packet-switched networks. Further, the carriers' transition from bit-pipe to value-added service providers has forced them to rethink traditional models for service delivery across their transport networks. The current model, which tightly couples services to the underlying transport network, fails to deliver the flexibility needed by carriers for true service innovation. Carriers need a flexible framework that deals with service and transport independently. Further, economics are always a prime concern. Therefore, service providers have recognized the need to drive Ethernet enterprise economics and flexibility to carrier networks. Carriers want to create new revenue stream by creating new applications and adding new customers to existing services, in both the wholesale and retail markets. Moreover, carriers want to reduce costs through service automation and streamlining of regulatory compliance.
The major problem faced by the carriers is that networks do not have one topology, they have three: the “logical topology” of a service through which the endpoints can address each other; the “traffic topology” of a network showing the actual path that the traffic follows between those endpoints; and the “physical topology” of a network which is critical for availability management and recovery from failures. The loss of independent control of the three network topologies is not an academic issue.
A VPN is a private communications network often used within a company, or by several companies or organizations, to communicate confidentially over a public network. VPN traffic can be carried over a public networking infrastructure (e.g., the Internet) on top of standard protocols, or over a service provider's private network with a defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider.
VPNs can be a cost-effective and secure way for different corporations to provide users access to the corporate network and for remote networks to communicate with each other across the Internet. VPN connections are more cost-effective than dedicated private lines; usually a VPN involves two parts: the protected or “inside” network, which provides physical and administrative security to protect the transmission; and a less trustworthy, “outside” network or segment (usually through the Internet). Generally, a firewall sits between a remote user's workstation or client and the host network or server. As the user's client establishes the communication with the firewall, the client may pass authentication data to an authentication service inside the perimeter. A known trusted person, sometimes only when using trusted devices, can be provided with appropriate security privileges to access resources not available to general users.
A well-designed VPN can provide great benefits for an organization. It can extend geographic connectivity, improve security where data lines have not been ciphered; reduce transit time and transportation costs for remote users; reduce operational costs versus traditional Wide Area Network (WAN); simplify network topology in certain scenarios; provide global networking opportunities, telecommuter support, broadband networking compatibility, and faster return on investment than traditional carrier leased/owned WAN lines, show a good economy of scale, and scale well when used with a public key infrastructure.
To make connections, a VPN may use tunnels. Tunneling is the transmission of data through a public network in such a way that routing nodes in the public network are unaware that the transmission is part of a private network. Tunneling is generally done by encapsulating the private network data and protocol information within the public network protocol data so that the tunneled data is not available to anyone examining the transmitted data frames. Tunneling allows the use of public networks (e.g., the Internet), to carry data on behalf of users as though they had access to a “private network,” hence the name.
Carriers use MPLS to direct the flow of traffic in their networks. MPLS is well-suited for use in tunneling for VPNs because it provides traffic isolation and differentiation without substantial overhead. MPLS is a data-carrying mechanism which emulates some properties of a circuit-switched network over a packet-switched network by setting up a specific path for a given sequence of packets, identified by a label placed in each packet. MPLS is protocol-independent and can be used to carry many different kinds of traffic, including IP packets, as well as native ATM, SONET, and Ethernet frames.
MPLS works by prepending packets with an MPLS header, containing one or more “labels.” This is called a label stack. lincoming data packets are assigned a label by a Label Edge Router (LER) and then forwarded along a Label Switch Path (LSP).
During its routing, the contents of the packet below the MPLS label stack are not examined. Along a LSP each Label Switch Router (LSR) forwards a packet based solely on the instructions of the topmost label on the stack. At each hop, the LSR strips off the existing label and applies a new label which informs the next hop of how to forward the packet. LSP is enforced at every hop along the data path such that a secure path is provided across an IP cloud. Specific IP tunnels can be created throughout a MPLS network for an individual customer without the need for encryption or end-user applications. Finally, the LER at the destination removes the label and delivers the packet to the destined address.
At the egress LER, the last label has been removed such that only the payload remains. This can be an IP packet, or any of a number of other kinds of payload packet. The egress router must therefore have routing information for the packet's payload, because it must forward it without the help of label lookup tables.
In addition to faster forwarding of traffic, MPLS makes it easy to manage a network for QoS. Internet Service Providers (ISPs) can better manage different kinds of data streams based on priority and service plans. For instance, customers that subscribe to a premium service plan, or customers that receive a large amount of streaming media or high-bandwidth content, may experience minimal latency and packet loss.
However, MPLS's operation is intertwined with IP and consequently may inherit much of the adaptive behavior issues, congestion and security problems associated with IP. Consumer traffic variations can impact network load and performance even for business services. Thus, there is a constant risk of congestion-induced service failure, where network load is high and the traffic is bursty. Therefore, a critical value proposition was undermined in the quality of the customers' total experience. Moreover, although packet networks provide adaptive behavior to increase resiliency, IP lacks the predictability of circuits because operators cannot easily determine the paths taken by their customers' critical data.
PBT is a set of enhancements to Ethernet technology that allows use of Ethernet as a carrier class transport network. Ethernet is a large diverse family of frame-based computer networking technologies for local area networks (LAN), and defines a number of wiring and signaling standards for the physical layer through means of network access at the Media Access Control (MAC) layer. The MAC layer provides a 48-bit addressing mechanism called a MAC address, which is a unique serial number assigned to each network adapter, making it possible to deliver data packets to a destination within a network.
The key standard in Ethernet architecture is Provider Backbone Bridge (PBB), standardized as Institute of Electrical and Electronics Engineers (IEEE) 802.1ah. This standard incorporates encapsulation based on MAC addresses, often called “M-in-M” or “MAC-in-MAC” encapsulation. PBT uses the concepts of Virtual Local Area Network (VLAN) tagging, as per IEEE standard 802.1Q, Q-in-Q as per IEEE 802.1ad and MAC-in-MAC as per IEEE 802.1ah to expand the number of “service VLANs” that can be supported on the network, but disables the concept of flooding/broadcasting and spanning tree protocol. PBT uses Ethernet for connection-oriented purposes, as is the case with present Synchronous SDH and SONET transport, by stripping down the complexity involved with the present Ethernet LAN. PBT simplifies the Operational Administration and Maintenance (OA&M), as in the SDH/SONET world, by using additional extensions based on IEEE 802.1ag, and provides extensions so as to provide path protection levels similar to the Unidirectional Path Swtiched Ring (UPSR) protection in SDH/SONET network.
The packets are forwarded based on outer VLAN Identifier (VID) and Destination MAC address. Path protection is provided by using one work and one protect VID. In case of work path failure, as indicated by loss of 802.1ag continuity check (CC) messages, the source node swaps the VID value to redirect the traffic onto the preconfigured protection path within 50 ms.
Currently there exists no means for composing a tunnel through mixed networks employing MPLS and PBT as there exists no technology that provides an interface between MPLS and PBT networks.