Network Based IP Services

1
Network Based IP Services

• Horace Lau
• Senior Market Development Manager
• Lucent Technologies, INS
• IP Services Business Unit

2
Public IP Services Not The Internet

• The road to profits is in Public IP Services
  Networks
• A best-effort Internet doesnt deliver service
  provider profits
• Profits continue in classic data networks because
  they deliver quality service
• Butthe Internet delivered some great successes
• Infrastructure for common communications The
  TCP/IP protocol
• Infrastructure for applications Browsers,
  Streaming Media Formats, Email, Messaging,
  Directories
• Today, customers require the service richness of
  the Internet with the service quality of the
  classic data networks

3
Value-added IP Services Deliver Competitive
Advantage
Bandwidth-Managed Services IP VPNs Managed
Security Business Internet Access Converged
Services Content Management/ Acceleration Wholesa
le Subscriber Management
Commodity Services
Commodity Services
Margin
Access Services
Value-added Services
Core Backbone Services
4
Service Providers Need Business Quality IP
Services Network

• Services
• Connectivity
• Performance
• Reliability
• Security
• Simplicity
• Affordability
• Flexibility
• Scalability
• Ubiquity

Public IP Network
Investment in public data network infrastructure
will grow from 12B in 1999 to 22B in 2003.
(IDC)
Broadband Access
5
IP Is the New Public UNI(Network Connection)

• Public IP Networks Require
• Routing functions on the edge
• Consistent interface to subscriber applications
• Application-Aware Dynamic Service Delivery
• End-End Across The Network
• Network Changes Behavior As Necessary
• Public IP Networks Must Provide
• Application-aware priority for IP flows
• Application specific behavior for different IP
  Flows
• Deliver bandwidth, and access privileges as
  required
• Per application
• Dynamic signaling to support application
  requirements
• Deliver services where and when they are needed
• By requesting them from smart network elements
• Public IP Networks Cannot Use a Hop-by-Hop
  Internet Architecture
• Routers alone wont support what needs to be done

6
Deterministic ServiceBehavior

• Service-specific functions in virtual routers
• Traffic classification
• Voice, video, data
• Marking, shaping, policing
• Priority queuing of IP application traffic
• Voice first, then file transfer data packets
• Mapping IP application traffic to MPLS paths
• To ensure service quality
• Pre-engineered traffic paths in core
• Supports MPLS paths in
• Frame based networks (core router-based networks)
• ATM multi-service networks
• Provides bandwidth guarantees, latency
  commitments
• Provides QoS

7
Creating Personalized Services
Application Aware Traffic Treatment
Enterprise A
Core Network
Service Intelligent Element
8
Network Architecture forPublic IP Services

• Key Architecture Elements
• Service Intelligence to build end-to-end services
• Virtual Routing
• Intelligent Agents
• Service Creation Model
• MPLS to create dynamic connections in and between
  layers in the network
• Unified network management for provisioning,
  monitoring, fault recovery
• Professional services for full public network
  design and lifecycle management expertise

9
Complete Service Intelligent Architecture
Service Intelligence

• Recognizes users their applications
• Understands their individual service needs
• Mediates on their behalf to deliver IP services
• Regardless of when, where, or how they arrive on
  the network
• All in a reliable and end-to-end, secure manner

Scalable on-ramp for IP service traffic
Actively mediates network behavior
Reliable, high-speed, transport
Metro Optical
Intranet
RAS
IP/ATMCore Switch
DSL
Extranet
Optical Core
IP/ATMCore Switch
IP Service Switch
Cable
Web
IP/ATM Core Switch
ISP
Frame/ATM
ASP
Wireless
Access Layer
Core Layer
Services Layer
Intelligent, dynamic, scalable.
10
MPLS for Dynamic ConnectionsIn Between Layers

• MPLS is an integral architecture element for
  communication in and between the network layers
• Multi-Protocol Label Switching (MPLS) is not only
  used for traffic engineering in IP Networks
• A Fundamental framework for Service Intelligence
  in Public IP Services networks
• Benefit Creation of highly customized services
  based on subscriber, application, and network
  requirements

11
MPLS for Dynamic Connectionswithin the IP ATM
Transport Layers

• Multiservice ATM Core delivers infrastructure for
  Frame Relay, DSL, ATM Access and Multiservice
  MPLS
• IP Core provides infrastructure for pure IP
  networks and Packet MPLS
• MPLS between architectures provides for
  end-to-end IP services

ATM Multiservice/ MPLS
MPLS Signaling
NX
NX
NX
IP Switching/ Packet MPLS
12
MPLS for Dynamic Connections Between Layer 1
and Layer 2
The service intelligent network requests
bandwidth and transport from the optical core via
dynamic MPLS signal requests
MPLS Signaling

• Benefits
• Sub-second restoration in case of failure
• Automatic addition of resources in response to
  demand
• Layer 1 Layer 2 are active participants in
  service delivery

13
Unified Network ManagementFor IP Services

• Single service console for IP Services
• Creation and management of all IP Service
  elements Customer Located Equipment (CLE),
  Service Switch, Core
• Service creation built within virtual routers
• Policy driven network behavior not port-by-port
  configuration using network directories like the
  voice network.
• Flow-through integration with Layer 2
  infrastructure
• Automatic connections between devices
• End-to-end within layer-two framework
• Layer-one integration with dynamic signaling
• On demand bandwidth creation driven by Service
  Intelligence through ODSI/OIF Optical Interface
• Benefit scalable, single seat management with
  end-to end provisioning, monitoring, fault
  isolation

14
Intelligent IP Service Management

• Provisioning
• Unified supports all network elements actively
  enforcing Service Attributes
• Scaleable Virtually centralized with
  distributed content
• Integrated - Built on top of a single platform
• Flexible GUI or API driven
• Surveillance/Assurance
• Common Fault and Performance architecture
• SLA Assurance w/detailed analysis
• Capacity planning
• Historical trend analysis

15
Radically Different Approach

• Policy driven network behavior
• Not port-by-port configuration
• Configure the network services, not the devices
• Let the devices grab configuration elements and
  change behavior as users of a service arrive at a
  port
• IP Framework for Services
• Service creation built within virtual routers
• On edge of service provider network
• Driven by central database servers

16
Voice Policy Makes The Difference
TCAP
User provisioning is to a directory
Back-office Customer care
5ESS
Service Endpoint
5ESS
User
5ESS
5ESS

• Traditional voice services
• SS7/TCAP and central services
• Service elements circuit-based connection
  oriented services
• Reliability, predictability, security, billable
  connections

17
Data Policy Makes The Difference
Web/ Corba
LDAP (Oracle)
Back Office Customer Care
User provisioning is to a directory
SIN
Data Service Endpoint
SIN
Data User
SIN
SIN

• IP Data Services
• RADIUS/LDAP user-level policy
• Service elements predictable bandwidth,
  security, connection oriented IP
• IP conference calls
• Managed bandwidth services per application
• Predictable SLAs for customer and carrier

18
Policy Driven Service Creation

• As with voice
• Specific subscriber profiles drive network
  element behavior
• Same with Data
• Network elements interact with provisioning
  servers
• Service Provider defines services
• Active network reacts to policies
• Sets-up network resources on behalf of users
• Uses MPLS, other technologies to signal for
  enforcement of service attributes

19
Web-based Service Selection
Web server, presents HTML page collects service
request, updates DB
User HTTP Request Service Selection Page
User connects to VR
Service Provider
HTML
VR
Web Server
IP Network
ATM
HTML
User browser set to service provider homepage for
service selection
LightShip Call Logging Receiver
LightShip Configuration Server
LDAP records
Database

• Enables powerful flow-through provisioning
• Users can turn up or change certain services
  themselves
• Users edit web pages that update LDAP service
  profiles
• Active network elements get change notice
• Network elements download new profile provide
  service

20
Key IP Service Applications
eCommerce Internet
Web servers
Desktops
Intranet servers
Web
Telecommuters
Site-site intranet
Campus
Extendedintranet
Mobile users
Public IPnetwork
Extranet servers
Branch offices
Campus
Customers
Desktops
Partner
Supplier
Business-business extranets
21
Site-to-Site Intranet VPN
DNS
DHCP
auth
acct
PVC
DNS
DHCP
auth
FR switch
Servers
PPP
CPE
Router
Remote office
Central site
VPN CPE
IPSec
Requirements

• 3DES encryption
• Key management
• IP address management (per VR)
• Tunnel switching concentration
• Accounting for dept. bill-back

• High bandwidth, low latency
• Selectable authentication
• Authorization
• Secure virtual routing
• High performance IPSec

22
Business-to-Business Extranet VPN
Requirements

• Authentication
• Authorization
• Secure Virtual Routing
• High performance IPSec
• 3DES encryption

• Rapid, high capacity key generation
• IP address management
• Tunnel switching concentration
• User-granular accounting for bill-back
• X.509v3 digital certificates

23
Network-Based Firewall Service
Dynamic service profiles
LDAP policy server
VC
ISP 3
ATM switch
VR
Remote office
VR
DSL modem
Backbone network
DSLAM/RAS
Intranet
Mobile
PPPoE
Extranet
Requirements

• On-the-fly, Follow-me Firewall from single
  configuration
• Different policies for different flows within
  same session or site

• Small-medium business
• Stateful inspection, denial of service protection
• Extranet access control, NAT
• Granular user/site level policy

24
IP Services Vision