1. Field of the Invention
The present invention relates to broadband communication services, and more particularly to network configuration of metropolitan area communication networks laid out in rings managed according to a spanning tree protocol.
2. Description of Related Art
In a metropolitan area, fiber optic cables are typically installed in rings to provide an alternate route diverse path in the case of physical failure or interruption of a fiber optic link. Some of the fiber or fiber transmission capacity in each ring is reserved for use in the face of such a failure. The rules used by the networking equipment to react to such failures are usually governed by protocols that assume that the network is configured as a ring or as a set of interconnected rings.
In an enterprise data network, fiber optic connections between packet switches are usually made point to point in a xe2x80x98redundant, dual-homed, tree likexe2x80x99 topology to facilitate rapid reconfiguration with the minimum loss of service. The revised spanning tree protocol under standardization in IEEE 802.1 is a suitable protocol for establishing the failover rules in the network. The recently completed link aggregation standard, IEEE Std. 802.3ad, is anotherxe2x80x94providing for resiliency of parallel links.
A leading protocol deployed in metropolitan area networks is SONET (Synchronous Optical NETwork). SONET is a digital transmission technology that provides high availability communication between switching nodes. In networks comprising communicating switching nodes connected by fiber links in a ring topology, SONET provides protection against the loss of communications between any pair of nodes due to failure of links or intervening nodes by using the alternate path in the ring topology.
While other network topologies, e.g. meshes, are capable of providing high availability through redundancy, fiber rings are especially important because (a) their simple topology lends itself to simple fast protection switching arrangements (b) wide deployment of SONET means fiber is often available and operationally configured in ring topologies.
Unfortunately deployment of SONET in a network comes at the expense of fully half the potential bandwidth of the fiber ring. An alternative would be to use only the fiber between a pair of nodes to support communication between them. This permits xe2x80x98serial reusexe2x80x99 of the fiber ring to carry communication between other nodes. Such an approach is particularly attractive when data traffic is being carried. Unlike telephone traffic, data traffic, particularly that generated by TCP in the TCP/IP protocol suite, will adjust to increases or decreases in available transmission capacity. Serial reuse thus makes best use of the available resources in the normal case when failure has not occurred, while allowing the redundant connectivity of the ring to protect against failure.
The problem to be solved, then, is to make the best use of fiber rings for carrying IP (Internet Protocol) data traffic between nodes on the rings while retaining the benefits of the present SONET arrangements, notably (a) very rapid failover to backup links and switches typically within 50 milliseconds of a failure (b) timely delivery of traffic.
One available protocol is known as SRP (Serial Reuse Protocol) developed by Cisco Systems, Inc., San Jose, Calif., to support packet services on fiber rings. SRP is new media access protocol, providing mechanisms for xe2x80x98healingxe2x80x99 the ring in cases of failure, for determining where nodes (identified by their media access (MAC) address) are on the ring, and for confining traffic between the nodes to just that portion of the ring to allow reuse. Part of the operation of SRP gives priority to traffic already circulating on the ring (as opposed to traffic joining the ring) to ensure timeliness of delivery. Other organizations and individuals have also proposed similar services, introducing new protocols to provide frame relay like services on fiber rings. These solutions have the disadvantage that it is necessary to build special purpose hardware to support them.
Some proposals only work in ring topologies, or at least in topologies of interconnected rings. Growing the bandwidth of such a network beyond that naturally provided by a single ring typically involves the development of additional equipment supporting the specialized hardware, and may not be possible without disrupting the service provided by the ring.
It is desirable therefore to provide a network topology that is scalable and efficient as uses of networking are expanding, and which takes advantage of the existing deployed media arranged for ring based protocols in metropolitan area networks.
This invention comprises a method for configuring a network, and a network configured according to such method, in which a communication links laid out in a ring in a metropolitan area are partitioned into link segments, and managed according to a spanning tree protocol. In various embodiments, the switches are configured according to the methods described above, establishing unique, mesh or tree type network configurations suitable for application to communication media arranged to support ring based protocols.
The method is used for connecting communication links arranged in a plurality of rings, which traverse a plurality of collocation sites in a metropolitan area. The method comprises configuring switches in the plurality of collocation sites to partition rings in the plurality of rings into a plurality of link segments providing point to point paths between switches at collocation sites in the plurality of collocation sites. The switches and link segments are managed according to a spanning tree protocol.
In one embodiment of the invention, the configuring of switches includes allocating a first set of the link segments as a first ring and a second set of the link segments as a second ring, breaking the first and second rings by blocking transmission on a link segment in the first ring between the first pair of collocation sites, and by blocking transmission on a link segment in the second ring between a second pair of collocation sites. In addition, the method includes cross-connection the first and second rings by a communication link. The communication link used for cross-connection in various embodiments is not part of the first and second rings, but consists of additional lengths of communication medium which extend between collocation sites in the first and second rings, such as other link segments of the same type of media, or other kinds of communication channels, such as high bandwidth wireless connections, or others. In one embodiment, the collocation sites in the first and second rings which are coupled by said communication link consists of collocation sites in which the first and second rings are broken. An ideogram illustrating this concept for heuristic purposes is shown in FIG. 2.
In one embodiment, the method includes aggregating a plurality of link segments between switches in different collocation sites to provide a single logical link with higher bandwidth between the collocation sites.
According to another embodiment of the invention, a metropolitan area network is provided. The metropolitan area network comprises a plurality of communication links, such as fiber-optic cable, arranged in a plurality rings which traverse a plurality of collocation sites in the metropolitan area. A plurality of switches is provided in the plurality of collocation sites, which are configured to partition rings in the plurality of rings into a plurality of link segments providing point to point paths between switches at the collocation sites. The plurality of switches and communication links is managed according to a spanning tree protocol.
According to one aspect of the invention, a communication system is provided using technology that has been developed within the communications, enterprise data networking, electronic commerce, and carrier service provider industries to provide service in new ways particularly complementary to a provisioning process and system described herein.
A foundation of industry standard products and practices in the following areas is used to construct the novel networks, including for one example:
Fiber optic transmission technology using WDM (wave division multiplexing) to carry additional bandwidth through the use of many xe2x80x98colorsxe2x80x99 of light on a single fiber, controlled and
Gigabit (or higher) ethernet packet switching technology to accept and deliver IP data from and to customers, providing a highly reliable service.
Electronic commerce technology to allow customers and their authorized agents to order, configure, and manage the communications services delivered and to enter into business agreements with other suppliers of services using the system""s communication services.
In each of these areas a number of novel practices and inventions support and advance the communications network and services.
Configuration of links and link segments to facilitate rapid reconfiguration of interconnected packet switches is provided in support of the commercial provisioning system.
A set of rules and heuristics is provided for the use and configuration of fiber optic transmission facilities, purchased or leased in ring configurations, as a set of links comprising selected concatenated segments from a set of rings. The resulting configurations have benefits in networks including:
1) They allow the use of high bandwidth low cost enterprise data packet switching equipment in the collocation facilities, while providing high network availability through the use of rapid reconfiguration with redundant links and switches.
2) They allow the use of general mesh topologies to support redundancy, rather than restriction to rings or rings with extraordinary interconnection arrangements.
In addition to realizing these topologies by concatenating physical segments from rings, equipment is provided so that a link can comprise logical segments, each consisting for example of a wavelength of light transmitted and received by WDM (wavelength division multiplexing) equipment attached to the physical fiber segment running between two locations on a ring. Electronic switching of the transmitted information stream at each ring node from one wavelength on a segment to another wavelength on the next, or to an attached device, allows for electronic rearrangement of the set of links connected to each packet switch in the network.
Modification of the Spanning Tree for resilient redundant connection of an edge device to a network is provided in some embodiments in support of efficient provisioning. The IEEE 802.1 Spanning Tree provides for redundant connections within a network, where data transmitted from one attachment to the network to another is constrained to follow a loop free path. It reduces the physical topology of the network to an active topology that is both loop free (xe2x80x98treexe2x80x99) and fully connected (xe2x80x98spanningxe2x80x99).
In the network, xe2x80x98demarcation devicesxe2x80x99 situated on individual customer""s premises can provide for redundant connections to the rest of the network. Selection of one link in preference to another can be achieved by use of the spanning tree or a similar protocol. However, only traffic that is transmitted by or destined for a given customer is allowed to reach that customer""s demarcation device (a packet switch). It is not desirable that a demarcation device act as a transit link in the network, that would be used to ensure full connectivity from one part of the network to another, either during a reconfiguration of the network or while the active topology is stable. Rather the network should partition if there is no connectivity other than through a demarcation devices between the two halves.
In the past, the simple selection of one link or another for connection to the interior of a network has been performed by a simple physical layer redundancy scheme that interrogates the health of the links from a demarcation device switch to the network. One link is configured as a primary link and the secondary link is activated only if the primary fails a simple connectivity test to the remainder of the network, e.g. loss of the transmitted light signal.
The system improves on this prior arrangement, while not allowing the demarcation device to participate in the active topology of the network, by choosing the active link from the demarcation device to the network on the basis of the spanning tree information received by the device, but not allowing it to forward or generate spanning tree information. This arrangement protects against a failure in the network that causes the switch connected to by the demarcation device to be separated from the main body of the network.
Security arrangements for a packet switched data transmission network using LAN switches are provided. The network makes use of packet data switching equipment that is typically used in private data networks. While such equipment has facilities that can be used to construct ad-hoc security arrangements, the system""s public service network requires a systematic approach to its security.
The network ensures that no data is ever delivered to a service interface other than the service interface(s) explicitly authorized by the customer whose network attached equipment transmits the data, and that no data is received on a service interface other than data from the service interface(s) explicitly authorized by the customer whose network attached equipment is receiving the data.
The mechanisms that the system uses to ensure such secure delivery include:
(a) The organization of switches within the network architecture and the placement of security functions within that architecture.
(b) Assuring a unique identity for each device connected to a service interface anywhere within the network.
(c) Checking that identity at points identified within the network (see a. above)
(d) Ensuring that the identity of each of the customers/parties controlling the assignment of service interfaces and the connections between them is securely known.
(e) Providing for the known delegation of control within the constraints imposed by (d) above.
The network architecture is distinguished by its use of switches organized into:
Demarcation devices. These are typically, but not necessarily, located on a single customer""s premises. It is assumed that that customer will secure physical access to his or her own premises. Each demarcation device supports a number of service interfaces that the customer uses to connect to the network, and one or more ""drops"" that connect to access ports on access switches (see below).
Access switches. These are located on premises physically secured, usually at a customer site linked by a communication media of choice, including for example fiber optic cable, to a collocation site in the metropolitan area network. In addition to access ports they have interior ports that connect to interior switches at the collocation sites within the network.
Interior switches. These form the heart of the network, typically in collocation sites of the metropolitan area network.
The identity of the connected device is ascertained by observing packets transmitted by the device at the service interface of the demarcation device. Each packet contains a source MAC address. This is captured by the service interface and a notification sent to the system managing the network using normal network management protocols. The management system assures itself that the MAC address is unique. Filters are configured on access ports to ensure that only packets with source MAC addresses checked in this way are accepted from the attached demarcation device. Similarly only packets from source addresses that are permitted to transmit to the demarcation device are allowed from the access port to the demarcation device.
Interior switches do not filter or otherwise constrain connections on the basis of the identities of devices attached to either the transmitting or receiving service interfaces. This allows the active topology maintained by interior switches to scale independently of the number of active connections through the network, and to reconfigure rapidly since information concerning individual connections does not have to be communicated or changed during reconfiguration.
A range of options is offered to customers to control changes to the source MAC address used on the interface, including automatic configuration, latching of a learnt address, explicit manual configuration, and identification of attempts at intrusion into the network.
The system is capable of extension to allow additional security protocols to establish the identity of the connecting system. Once that identity has been established, the MAC address of the transmitting system is used, as described above, to secure connections.
Disconnection and reconnection of the device can be detected, even if the same MAC address is used throughout. This protects against attempts to masquerade once a device identity has been established.
Provision of multiple connectivity options across a packet switched network, is supported by the network, including point-to-multipoint services. The network supports point-to-point connectivity between a pair of service interfaces, multipoint to multipoint switched LAN like connectivity between a set of service interfaces, and point to multipoint connectivity. This last provides for the equipment attached at one service interface, the xe2x80x98root,xe2x80x99 to be able to transmit to one or all other interfaces while equipment attached at those interfaces can only transmit to the root. This functionality supports serving many of a service provider""s customers through a single connection to the network.
Spatial reuse in a packet based data network with a ring topology is accomplished in the preferred network configuration. The network architecture uses packet switches with rapid reconfiguration protocols and VLAN technology to constrain packets that might otherwise be broadcast or flooded to the necessary paths between access ports in the network. Thus a combination of existing standard technologies serves to support the same robust efficient communications goals sought by new non-standard equipment.
Other aspects and advantages of the present invention can be seen on review of the figures, the detailed description and the claims, which follow.