1. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
HIGHER EDUCTATION COMMISON
PAKISTAN EDUCATION & RESEARCH NETWORK
(PERN2)
HIGHER
COMMISSION
EDUCATION
2. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
1. Project Preview
PERN2 is a high speed dedicated National Research & Education Network
(NREN) for the universities/institutes and other academic sectors of Pakistan. This
will provide students, faculty members and researchers a fully integrated and
dedicated communication infrastructure using advanced Information &
Communication Technologies. This NREN is being established to achieve true
collaborative research, knowledge & resource sharing and distance learning. The
PERN2 is also aimed to have connectivity to other NREN(s) of the world including
APAN (Asia), Internet2 (USA), GEANT2 (Europe) etc. and initiate collaborative
research with the consortiums of NREN(s). It will establish 10GbE Metro Network in
Islamabad, Lahore, Karachi, Quetta, Multan, Hyderabad and Peshawar Regions for
universities/institutes.
The Pakistan Education & Research Network (herein referred to as PERN2) is
designed for multi-services carrier network. This network will carry the following
services but not limited to:
VOIP Service, Online Lecture& Online Research Lab etc
VOD, IPTV, Streaming , Online Test
Online Registration/Course selection/Score Query
MPLS L3/L2 VPN for Universities and Colleges
Digital Library, Emailing service, Discussion Forum
High speed Internet service
Normal Internet service and other traffic
3. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
This PERN2 ultimately is constructed by below list of equipment:
Region City NE80E NE40E NE20E
North ISB 1 3 20
PSH 1 6
Central LHR 1 2 20
MLT 1 1
FSB 1 3
South KHI 1 2 12
HYD 1 7
QTA 1 3
SUM: 8 3 12 78
The implementation includes:
Core Regional Access Point of Presence: 3
Islamabad, Karachi, Lahore
Sub Regional Access Point of Presence: 5
Peshawar, Quetta, Multan, Hyderabad, Faisalabad
Local Access Point of Presence: 7
Air University, Fatima Jinnah Women University Rawalpindi, Quaid-e-Azam
University
Govt. College University Lahore, Punjab University (New Campus)
Karachi University, College of Physicians & Surgeons Pakistan
University/Institute: 78
4. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
The PERN2 Network Diagram
5. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
1.1. PERN2 core network
Core network
ISB-AU-PE-NE40E
NE80E ISB-HEC-P-PE-EGRESS-NE80E ISB-FJWU-PE-NE40E
PSH-HEC-PRR-PE-NE40E
NE40E
ISB-QAU-PE-NE40E
Legend
10G Link
(Optic Fiber) LHR-GCUL-PE-NE40E
10G Link
MLT-BZU-P-PE-NE40E LHR-HEC-PRR-PE-NE80E
(Long Haul Fiber) QTA-BUITMS-P-PE-NE40E
MLT-FSB-P-PE-NE40E
KHI-CPSP-PE-NE40E LHR-PU-NEW-PE-NE40E
KHI-KU-PE-NE40E KHI-HEC-P-PE-EGRESS-NE80E HYD-USINDH-PE-NE40E
The PERN2 IP/MPLS network in core divides 8 Metro Networks: Islamabad,
Peshawar, Lahore, Faisalabad, Multan, Karachi, Hyderabad and Quetta.
Different Universities will connect to different Metro Networks. So, this network
topology has better redundancy and less links.
1.2. PERN2 Aggregation or Access network
According to network design, every city uses NE40Es/NE80Es as Aggregate
Routers, and the CEs use NE20Es,
6. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
Access site’s diagram and 8 POP site’s diagram:
Access Implementation (Access Site)
International University
Service,
Internet Service
VOIP Service
NE20E
(CPE) PERN2 Backbone
NE40E/80E (PE)
VOD,IPTV,
Streaming,
Online, etc. Webserver,
Mailserver, etc. L2VPN Service
GE Optic link
FE Electric link
The traffic of L3VPN will aggregate on the switch provided by University, then
connect to the NE20E (CE) routers and NE20E (CE) connect to NE40E/80E (PE) at
last;
The traffic of L2VPN will aggregate on the NE20E (PE) as well, NE40E/80E
work as P routers right now;
So NE20E work as CE and PE for different services;
7. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
For other 8 POP sites, we add NMS servers and clients. The traffic of NMS
(L3VPN) will aggregate on NE20E (CE) as well.
Access Implementation (7 POP Sites)
International University
Service, etc.
Internet Service
VOIP Service
NE20E
(CPE) PERN2 Backbone
NE40E/80E (PE)
VOD,IPTV,
Streaming,
Online, etc. Webserver, NMS Servers
Mailserver, etc. L2VPN Service &Clients.
GE Optic link
FE Electric link
Other 8 POP site’s diagram: (ISB, KHI, LHR,FSB, PSH, QTA, MLT, HYD)
1.3. Technology in PERN2 IP MPLS NETWORK
PERN2 IP MPLS network will use the communication technology as following to
build high availability and fault tolerance backbone infrastructure.
IP TRUNK/Ethernet Trunk (For future)
IS-IS
OSPF/Multi-Instance OSPF
BGP/MBGP
MPLS
MPLS TE
MPLS L3 VPN
MPLS L2 VPN (PWE3)
VPLS (Martini)
Multicast VPN (Multicast Domain Mode)
PIM-SM
MPLS TE FRR
BFD
QOS (Diff-Serv/Traffic-Shaping/Traffic-Policing)
802.1Q
8. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
1.4 INTERNATIONAL NREN CONNECTIVITY
In August 2008, PERN joins the International Research and Education Community by
having a dedicated 155Mbps link to the TEIN2 PoP in Singapore. Initially the Link
was terminated at PTCL premises, and from there it was redistributed to all PERN
connected sites. During that time PTCL was responsible for the active monitoring of
the link. Since the time of Connection, HEC and PTCL thoroughly researched the
best way to utilize the entire bandwidth of the IPLC circuit, however, bandwidth for
PTCL’s commercial traffic was always compromised at the research traffic’s expense.
Therefore, eventually it was mutually decided to terminate the IPLC circuit on HEC’s
Karachi PoP, In October 2009, The link was shifted to HEC’s PERN2 PoP Karachi.
This link is only for the research & education purpose on special permission HEC
allows universities to use this link, currently none of the universities are utilizing this
link other than the only university i.e NCP (National University of Physics Islamabad)
requested to use this link for the Grid Computing Project.
The current utilization of IPLC Circuit is shown in Figure:
9. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
2. IGP Design
2.1. Routing protocol compare
IS-IS is used as IGP routing protocol in PERN2 network. The following arguments
explain why IS-IS may be a somewhat better protocol for this network.
Based on experience in the industry, IS-IS generally supports a larger a
number of nodes (up to 1024) in the same area. OSPF is generally deployed
with a much smaller number of nodes (less than 200).
Many of the carrier class large scale IP networks use IS-IS.
Much of the vendor experience with large scale network is with IS-IS, thus
making it easier for the vendor to support.
2.2. IS-IS Design
All routers will be ISIS L2-only routers in PERN2 core network
2.3. Interface
The interfaces should enable ISIS protocols are:
All 10 G interfaces in NE40E/80E connected to each other, including the
loopback interfaces.
All public sub interfaces of GE in NE20E connected to core routers, including
the loopback interface.
All public sub interfaces in NE40E/80E connected to NE20E.
Authentication
MD5 Authentication should be defined between all ISIS neighbors.
Redistribution
No re-distribution of routes is recommended either from the IGP to BGP or from BGP
into IGP.
IS-IS Fast Convergence
Partial route calculation and incremental SPF should be deployed to help L3
convergence time. (In Huawei NE40E/NE80E implementation, I-SPF and PRC is the
only algorithm for route calculation)
timer should be adjust to :
timer spf 1 50 50
10. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
3. BGP/MPLS IP VPN DESIGN
3.1. BGP/MPLS INTRODUCTION
The BGP/MPLS IP VPN is a PE-based L3VPN technology in the Provider
Provisioned VPN (PPVPN). It uses BGP to advertise the VPN routes and MPLS to
forward the VPN packets on the provider backbone network. The BGP/MPLS IP
VPN has flexible networking modes, good extensibility and convenient support for
the MPLS QoS and the MPLS TE. Hence, it is widely used.
The BGP/MPLS IP VPN model contains the following parts:
Customer Edge (CE): is an edge device in the customer network. It has one or more
interfaces directly connected with the service provider network. It can be a router, a
switch or a host. Mostly, the CE cannot "sense" the existence of the VPN, and does
not need to support MPLS .The University Campus devices act as CE equipment in
PERN2 network for L3VPN Service.
Provider Edge (PE): is an edge device of the provider network. It is directly
connected to the CE. In the MPLS network, the PE router disposes all the VPN
processing. All NE40Es and NE80Es are PE equipment in PERN2 Network for
L3VPN Service. And all NE20Es are PE equipments for L2VPN Service
Provider (P): is a backbone router in the provider network. It is not directly
connected to the CE. The P router should possess MPLS basic forwarding capability.
In PERN2 MPLS network, the NE40E/NE80E router operates as the P equipment.
3.2. AS Design
The entire PERN2 MPLS network will use a Public AS Number. The PERN2 AS
will be able to exchange Internet routes with other legal/public AS.
3.3. Router-reflector Design
For reduce the traffic among all PE routers, two RRs should be deployed for CORE
NETWORK to reflect all private route information among PE router.
The two reflectors can back up each other and reflect the VPNv4 route. The double
reflector can improve the network reliability.
It is recommended to select RR routers in Peshawar and Lahore because the
Karachi and Islamabad routers are the egress routers for PERN2 network. It is
recommended that the RR should be isolated. Because ISB/KHI are also Egress
routers and less pressure in them is better, and the popular design rule is that RR will
be router alone and not any other service in it. And if ISB/KHI are RRs and also run
EBGP with ISP/ERNET and learn internet/international ERNET route then two RRs
should be stayed in different cluster and routing-table will be fourfold in the other
core routers.
11. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
4. VPN Implement
4.1. VPN plan
According to HEC requirement, we will implement the following VPNs in MPLS
network.
Internet VPN: pt_ internet;
InternationUniversity VPN: pt_ internationuniversity;
Intranet VPN: pt_intranet;
NMS VPN: pt_nms.
5. PWE3
5.1. Introduction
In PERN2 MPLS Network, we need to facilitate Universities to communicate with
each other for different services according to their requirements without interfering
and caring PERN2 network. They can use IPs planned by themselves. These services
must be transported through MPLS network. The PWE3 technology is the right
choice to be used to accomplish this task. The PWE3 is a type of end-to-end Layer 2
transmitting technology. It emulates the essential attributes of a telecommunications
service (such as ATM, FR or Ethernet) in a PSN. It also emulates the essential
attributes of low speed TDM circuit and SONET/SDH.
The simulation just approximates to the real situation. The PWE3 uses the Label
Distribution Protocol (LDP) as the signaling protocol to transport bit streams, cells, or
PDUs over an intervening PSN. The transmission is transparent and done through the
tunnel, such as MPLS LSP, GRE and L2TPv3.
In this case, we adopt martini L2VPN bear communication between Universities.
12. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
6. Services for Universities
6.1. VOIP
The VOIP service is introduced in the PERN2 network. The universities will be able
to communicate with VOIP service. MPLS L3 VPN “Intranet” will play a role to keep
this service separated from internet and international university traffic. Normally,
When the delay, jitter or packet drop rate exceeds the normal level, the voice quality
is affected or even the call is disconnected. Therefore, PERN2 will implement QoS
for VOIP Service to ensure reliable transport for this service. The QoS (Quality of
Service) control is very important to the VoIP Service.
6.2. Video Conferencing Service
The PERN2 IP/MPLS network will provide Video Conferencing service between
Pakistan Universities and with International Universities by MPLS L3 VPN.
6.3. MPLS L3 VPN Service:
Different services will keep separated with the use of BGP MPLS VPN.
According to services, following are the MPLS VPN deployed in PERN2
Network:
For Internet
VPN: pt_ internet;
For International Universities
VPN: pt_ internationuniversity;
For Intranet
VPN: pt_intranet;
For NMS
VPN: pt_nms.
6.4. MPLS L2 VPN Service (VLL-PWE3):
Universities can create MPLS L2 VPN to communicate to each other. MPLS L2 VPN
can establish VLL-PWE3 tunnel for universities to transparently communicate with
each other. This will work just like a physical link between two universities.
Universities can plan their IP addresses by themselves.
13. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
6.5. MPLS L2 VPN Service (VPLS Martini):
Universities can create MPLS L2 VPN to communicate to each other. If multiple
access sites want to communicate with each other, we can establish VPLS Martini
Service for this purpose. VPLS is an L2VPN technology based on MPLS and
Ethernet. VPLS implements the point-to-multipoint VPN networking that is a better
solution than the original point-to-point L2VPN service. VPLS prevents the carrier
from managing the routing information of the internal user like L3VPN.
6.6. High Speed Internet:
PERN2 will provide High speed internet service to the universities of Pakistan.
PERN2 will deploy separate MPLS VPN for Internet service. The universities can
host web or email services or any other Internet services. If the destination of PERN2
University is another PERN2 university, it can directly communicate to the university
without going to Internet. And HEC also can monitor and limit the bandwidth of each
university for internet access.
6.7. Services Hosting:
The universities can host services at their campuses. For example Web Service/FTP
Service or Email Service or any other Education Service, etc. The universities can
host web or email services. If the destination of PERN2 University is another PERN2
university, it can directly communicate to the university without going to Internet.
That provides high speed and availability.
6.8. Communication with International Universities
PERN2 universities can communicate with the international university for different
services. We can limit bandwidth for each university to communicate with NREN.
The PERN University will find different bandwidth for communication within PERN,
NREN and Internet. HEC can control the bandwidth of each university for different
communication. And HEC also can monitor the bandwidth of each university for
international university access.
6.9. Multicast Service:
If one university wants to Multicast a channel on the PERN2 network, other
universities will be able to see this multicast at their campuses.
6.10. IPV6 Support:
For universities running IPV6, they can communicate with each other using
IPV4/MPLS PERN2 network by IPv6 over IPv4 Tunnel Configuration.
14. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
7. Reliability Implement
To construct a high-reliable network, besides deploying high-reliable equipment,
the high-reliable characteristics of equipment should be effectively considered and
applied in the network layout to organize a high-reliable network with full redundancy
capability.
PERN2 IP/MPLS Core Network can implement these fault tolerance and reliability
technologies as: ISIS FC, BFD, TE FRR, Egress Load Balance, Egress Hot Standby
etc.
ISIS FC
BFD
TE FRR
Egress Load balance
Egress Hot Standby
7.1. ISIS FC (Fast Convergence)
The route convergence process on a router is as follows:
1) IGP receives changed link state packets.
2) IGP advertises the changed link state packets to neighbours and
performs route calculation.
3) IGP advertises route changes to the route management plane.
4) The route management plane refreshes the changed routes to the FIB
for forwarding guide.
To accelerate route convergence, the above key processes must be optimized. The
IGP route calculation, route management plane, and FIB process are related to the
software design and beyond the scope of this document. You can refer to the specified
documents for their details.
The IGP fast convergence technology concerns mainly the optimization of sending
and receiving link state information, and the route calculation. The route calculation is
the core of the optimization.
The currently mainstream IGP protocols such as ISIS and OSPF use the typical
SPF algorithm to calculate the network topology information and route information.
15. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
In most cases, when the link state information (LSP in ISIS and LSA in OSPF)
changes, the topology and routes in the whole network need be re-calculated.
However, the topologies of the present backbone networks are complicated and the
quantity of routes is a huge number. The requirements for the route convergence are
also high. Re-calculation of the network information takes long time (means slow
convergence) and costs vast CPU resources. Both hardware and software are greatly
affected. If the network information changes a little and all the routes are re-
calculated, it will cause more waste.
7.2. BFD
The BFD protocol is a simple “Hello” protocol. Many of its aspects are similar to
the neighbour detect part of those famous routing protocols. Two systems periodically
send and receive detection packets through a channel established between them. If
one system does receive a detection packet from the other for a long time, it indicates
that failures occur in a certain part of the bi-directional channel between the two
adjacent systems. Under some circumstances, consultation should be conducted on the
sending and receiving rate between the two systems, so as to reduce the load.
In PERN2 IP/MPLS network, we configure the one-hop BFD between 10G Core
links then fast detect and monitor the directly-connected 10G Core links in
milliseconds. And if there is failure in 10G Core links, our routers will be able to
detect it in milliseconds and tell protection application to switch traffic in 50
milliseconds while run with TE FRR.
7.3. TE FRR
TE FRR is a technique that implements partial protection in MPLS TE. It can
minimize data loss when network failure occurs. TE FRR is only a means of
temporary protection. Once the protected link or node restores or a new LSP is
established, traffic is switched back to the original LSP or the newly established LSP.
After the TE FRR function is configured to LSP, traffic is switched to the standby
link when certain link or node on LSP is out of service. Meanwhile, the ingress of
LSP attempts to establish a new LSP.
16. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
In PERN2 IP/MPLS network, we configure TE FRR between Core links in Core
network. Once link or node fail, TE FRR can switch traffic in 50 milliseconds and in
this way all the application service will not detect the failure of Core network.
7.4. Egress Load Balance and Hot Standby Policy
7.4.1. Internet Traffic
For the outgoing traffic from PERN2 to Internet, the traffic will be load share
between two ISPs PTCL and TWA. And we can adjust the traffic freely and
manually. For example, we can distribute more traffic in the high bandwidth egress
link and less in another low bandwidth egress link by BGP Policy. Or when there is
congestion in one link but idle in another link, we also can distribute the traffic to
balance by BGP Policy.
For the incoming traffic from Internet to PERN2, the traffic will be load share and
backup between two ISPs. For this purpose, Each ISP will maintain summary route of
PERN2 network and detailed route of PERN2 network. The detailed route means we
will divide the /20 (will be distributed to university users) subnet in two /21 subnets.
One /21 (detailed route) subnet and /20 subnet route is advertised to PTCL, and
another /21 subnet (detailed route) and /20 subnet route is advertised to TWA. In this
way, the incoming traffic to some university users who stay in /21 subnet will come
through PTCL and other users who stay in another /21 subnet through TWA. In case
of failure of one ISP, the traffic can use summary route from other ISP to reach
PERN2 network.
In case one ISP link gets down or Egress router gets down, the second will work as
Backup ISP as well.
7.4.2. International Universities Traffic
For the outgoing traffic from PERN2 to the NREN Universities, the traffic will be
load share on the multiple STM-1 links by configuring multi-paths function of BGP in
Egress router.
For the incoming traffic from NREN to PERN2, the traffic will be load share and
backup between two STM-1 links. The detailed implementation is the same as
Internet incoming traffic.
In case one link gets down gets down, the second will work as Backup link.
17. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
8. QoS Implement
8.1. QoS overview
The traditional IP network delivers various service packets in Best Effort (BE)
manner, which is suitable for the services insensitive to delay, such as file transfer,
web page browsing and email. For services requiring low delay and low jitter, such as
real-time IP voice, teleconference and video on demand, the BE delivery model is
unsatisfactory because of intolerable intermittent voice and graphics. To deploy these
real-time services on the Internet, the Internet devices must offer diverse Quality of
Service (QoS) for different services.
There are several solutions to implement QoS, including Resource reservation
Protocol (RSVP) and Differentiated Service (Diff-Serv) model.
RSVP is an end-to-end protocol. Users that need QoS assurance send QoS
requirements (such as delay, bandwidth, and packet loss ratio) to the network device
through RSVP signalling. After receiving the resource reservation request, the
network nodes along the path perform admission control, authenticate the validity of
the users and check the availability of resources, and then determine whether to
reserve resources for applications. If the network nodes on the path assign resources
for users, the requirements for bandwidth and delay are addressed, thereby
implementing QoS guarantee. Because network nodes need to maintain some
necessary Soft State information for every reserved resource, the maintenance cost
will be too much to bear for routers on the large-sized network. RSVP is unfit for the
backbone network where traffic is converged.
In the Diff-Serv model, the application program uses the QoS information set in the
IP packet header to notify the network node of its QoS requirements. Routers on the
path obtain the Type of Service (ToS) by analyzing the IP packet header. In
implementing the Diff-Serv, the access router classifies the packets and marks ToS on
the IP packet header by which the downstream router identifies the service and
forwards the packets. So, the Diff-Serv is a packet stream-based QoS solution.
PERN2 will deploy Diff-serv Model architecture.
18. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
8.2. Diff-serv Model architecture
Network nodes that perform Diff-Serv function are called DS nodes. A DS domain
consists of a group of interconnected DS nodes that adopts the same service policy
and implements the same Per-Hop Behavior (PHB) set, as illustrated below.
DS nodes are classified into DS boundary nodes and DS interior nodes. The former
connects DS domains and non-DS domains. The latter connects DS boundary nodes
and interior nodes. The DS boundary node controls traffic and sets the Differentiated
Services Code Point (DSCP) according to the traffic conditioning agreement defined
between domains. The DS interior node performs simple traffic classification
according to the DSCP value and performs traffic control on the associated traffic.
DS domain
DS Node DS Node
DS Node
Non-DS domain Non-DS domain
In DS Domain of MPLS Domain, MPLS TE Tunnel will established between a pair
ingress router and egress router, the cr-lsp with bandwidth reserved can ensure the
bandwidth between the pair routers, so the user data traffic will transit from ingress
router to egress router without any congestion in DS Domain of MPLS Domain.
Tos Field and DS Field
RFC791, RFC134 and RFC1349 define the Type of Service (ToS) field in the IPv4
packet header as shown in Illustrate 10-2. The ToS field consists of 3-bit Precedence,
D bit, T bit, R bit and C bit, with the most significant bit being 0. D bit represents
Delay, T bit represents Throughput, R bit represents Reliability, and C bit represents
Cost. In implementing the QoS, routers check the precedence of the packets. The rest
bits are not used.
19. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
RFC2474 re-defines the ToS field of the IPv4 packet header as the DS field. As
shown in below, the lower six bits (bits 0 to 5) of the DS field serve as DS CodePoint
(DSCP) and the higher two bits (bits 6 and 7) as reserved bits. Where, the lower three
bits (bits 0 to 2) are for Class Selector Code Point (CSCP), representing a kind of
DSCP. DS nodes choose appropriate PHBs according to the DSCP value.
IPv4 ToS DS Field
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
CSCP unused
Precedence D T R C 0
DSCP
802.1P Field
IEEE 802.1Q standard defined the IEEE802.1Q packet header as shown below,
of which the 3-bits 802.1P field priority in 4 Bytes vlan tag, .The 801.1P ranges from
0 to 7. By default, the 801.1P corresponds to the precedence in the IPv4 packet.
Vlan Tag in IEEE802.1Q packet header
0 15 16 17 18 19 20 31
0x8100 802.1P CFI VLAN ID
MPLS EXP Field
RFC 3032 defines the MPLS packet header as shown below, of which the 3-bit
EXP field stands priority. The EXP ranges from 0 to 7. By default, the EXP
corresponds to the precedence in the IPv4 packet.
MPLS Header
0 1 2 3 20 21 22 23 31
LABEL EXP S TTL
DS Field Define
The space of 64 code points of the DSCP is divided into three pools as shown in
table following:
Classification of the DSCP:
Coding pool Coding space Usage
1 xxxxx0 Standard Action (standard operation)
2 xxxx11 EXP/LU (experimental/local use)
EXP/LU (which can be used as extended space
3 xxxx01
of later standard actions)
20. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
Standard PHB
Per-Hop Behavior (PHB) is a behavior that the DS node acts on data flow. Network
administrators can configure the mapping between DSCPs and PHBs. When a DS
node receives a packet, it checks the DSCP of the packet. If finding that no mapping
for this DSCP to PHB is defined, the DS node forwards the packet using the default
PHB (that is, Best-Effort, DSCP=000000). Every DS node must support the default
PHB.
At present, the IETF defines three standard PHBs, namely, Expedited Forwarding
(EF), Assured Forwarding (AF) and Best-Effort (BE). The BE is the default PHB.
Congestion Management and Avoidance
When congestion occurs and becomes severe, the special queuing and the packet
drop policy can be adopted to trade off the resources assignment among various
forwarding services (such as EF and AF). The common packet drop policies include
Tail Drop, Random Early Detection (RED), and Weighted Random Early Detection
(WRED).
The Tail Drop drops the newly arriving packets when the queue reaches the maximum
length. The RED drops the packets at random when the queue reaches a certain
length, which can avoid the global synchronization due to the TCP slow start.
Compared with the RED, the WRED drops the packets based on queue length and
packet precedence. The packet with a low precedence will be dropped first, and its
drop probability is high.
QoS Queues Schedule
NE40E and NE80E Core router support 8 queues such as CS6, CS7, EF, AF1, AF2,
AF3, and AF4 and BE, CS6 and CS7 queues just for protocol traffic, other queues for
user data traffic. The traffic entered into 8 queues according different DSCP codes,
and queues scheduling mode support PQ+WFQ mixed.
21. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
8.3. QoS Implementation in PERN2 IP/MPLS network
QoS Policy in PERN2 IP/MPLS network:
1. Limit the access speed (ingress/egress) of each university according to different
services at NE40E/80E of POP Sites.
2. Deploy Diff-Serv mode for Hop by Hop provision at Core Network to guarantee
bandwidth of each service by end-to-end.
Analyzing the services in HEC PERN2 MPLS network, Following are the types of
services and their recommended bandwidth specifications:
Bandwidth Limitation for Universities:
Classify
Service Type Bandwidth DSCP EXP
Criterion
VOIP Service 3M 0.3% source ip EF 5
VOD,IPTV, Streaming 275M 27.5% source ip AF4 4
Digital Library; Discussion
Forum
Online Lecture& Online Email:
Research Lab, Online Test, TCP 25
80M
Online Registration; Online 8% Others: AF3 3
Course selection; Online Score TCP 80
Query, Emailing service, Web
service, etc.
International University service 15M 1.5% subinterface30
L2VPN service 20M 2% subinterface10
AF2 2
FTP service 30M 3% TCP 21/22
Internet service 10M 1% subinterface20 AF1 1
NMS Traffic 2M 0.2% subinterface50
All traffic not classified in other BE 0
10M 1% /
traffic classes.
Totally 445M 44.5% / / /
22. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
For VOIP, one call per second needs 95.2Kbps, We suppose 30 calls will be in one
second as usual.
For VOD, the bandwidth of program is 750-1500Kbps; For BTV, if MPEG4 Coding
is used, bandwidth per channel is 1Mbps; if MPEG2 Coding, bandwidth per channel
is 4Mbps. So Bandwidth (IPTV/VOD)=(750-1500Kbps)*(Most users in one
time)+(1Mbps or 4 Mbps)*(TV channel number).
We suppose MPEG2 Coding, TV channel number is 50 and 50 users in one time for
VOD.
Services At Core Network:
Following are the services at PERN2 Core Network and their recommended
bandwidth specifications:
Bandwid
Service Type DSCP EXP
th
Routing and other Protocols 1% CS7 7
Routing and other Protocols 1% CS6 6
VOIP Service 6% EF 5
VOD,IPTV, Streaming 50% AF4 4
Digital Library; Discussion Forum
Online Lecture& Online Research Lab, Online
Test, Online Registration; Online Course
25% AF3 3
selection; Online Score Query, Emailing service,
Web service, etc.
International University service
L2VPN service, FTP service 10% AF2 2
Internet service, 5% AF1 1
NMS and all traffic not classified in other
2% BE 0
traffic classes.
23. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
9. Security
Following security measures will be taken to provide PERN2 network security.
1. ISIS/BGP MD5 authentication to prevent negotiation and connection from others
about ISS/BGP and protect ISIS/BGP to run in security.
2. SSHv2 Telnet, HW Tacacs/Radius authentication users, Filter user(IP address)
access: Telnet/SSH/SNMP etc. to prevent illegal users to access equipments of
PERN2.
3. Apply VPN in IP Bearer Network to separate different services.
4. Filter famous virus ports by ACL at access routers and egress routers to prevent
normal virus attack from university or Internet or NERN.
5. Firewalls avoid attack from University, Internet and NERN. If HEC trust the
network of university, firewall at access site is not necessary. We recommend
HEC to provide firewalls in front of Karachi Egress router and Islamabad Egress
router to avoid attack from Internet or NERN.
Remarks:
The basic function of routers is forwarding data quickly and correctly. It has little
security idea to let it out of attack.
Avoid attack is the important function of security equipments, such as firewall, IDS
and etc.
10. Scalability
The PERN2 network will provide scalability for expansion for more universities
and new technologies like IPv6 for universities to implement and communicate with
PERN2 and NREN universities. This will provide students, faculty members and
researchers a fully integrated and dedicated communication infrastructure using
advanced Information & Communication Technologies.
24. Pakistan Education & Research Network (PERN2)
HIG
EDUCA COMMI
HER SSION
TION
11. Network management
11.1. NMS VPN
Routers in Core network should be managed via traffic in-band. The management
traffic will use the same links as data traffic.
In-band management for DMS/NMS should be enabled on all the routers in Core
Network. Bandwidth should be allocated to in-band management on all links. Adopt
the IP Forwarding to carry NMS of IP/MPLS core.
11.2. Telnet
All routers must configured username and password to improve the
network management and security.
12. Reference:
Following are the references for the technologies being used in PERN2 network from
Pakistan and other networks:
ISIS- Ufone/CMPaK/China Telecom/China Netcom/China Mobile
OSPF- Ufone/CMpak/ China Telecom/ China Netcom/ China Mobile
MPLS L3 VPN- Ufone/CMPAK/ China Telecom/ China Netcom/China Mobile
EBGP- TWA/ China Telecom/China Netcom/ China Mobile
MPLS L2 VPN- Ufone/CMpak/China Telecom/China Netcom/China Mobile
Multicast L3 VPN Service, PM-SM- China Netcom
Online research - CERNET
Online lab - CERNET
Online test - CERNET
Online registration - CERNET
Discussion Forum - CERNET
High speed internet- TWA
Route Reflector- Ufone/CMPAK/TWA/China Telecom/China Netcom/China Mobile
Load Balancing for internet traffic - China Telecom/China Netcom/China Mobile
Hot Standby policy for internet - China Telecom/China Netcom/China Mobile
Load Balancing for NERN - China Telecom/China Netcom/China Mobile
Hot Standby policy for NERN - China Telecom/China Netcom/China Mobile
VPLS Martini – Russia Central Telecom
NMS VPN- Ufone/CMPaK
LDP Load Balance - China Telecom/China Netcom/China Mobile
MPLS TE FRR- CMPaK/China Mobile
BFD- CMPak/China Netcom/China Mobile
QoS Diff-Serv Model- Ufone/CMPak/China Netcom/China Mobile