The telecommunications
challenge
The ongoing deployment of IP-based next-generation networks and associated services signals the convergence of telecommunica-tions and data communicatelecommunica-tions. Today’s mobile operators are offering services that were previously only available from
fixed-access service providers. Notwithstanding, as next-generation mobile networks and the mobile internet gain momentum, mobile operators will face greater complexity and encounter the same kinds of challenges that fixed-access service providers experienced during the internet boom.
Operators are strongly emphasizing vice deployment but because no single ser-vice suite can satisfy every need, the serser-vices must be adapted to individual business strategies. The services framework must thus be extremely flexible, so as to fit the total service offering of different operators and to adjust to ever-changing business needs.
Fortunately, to facilitate these trends and overcome complexity, vendors of networks and services have a swelling arsenal of pow-erful technologies at their disposal. In addi-tion, the availability of open source code and open standards, such as IEEE Ethernet, IETF, Network Processing Forum, Service Availability Forum, and OSDL, facilitate the introduction of new technologies and give rise to the open, third-party ecosystems in which these technologies can be used. Highly competitive vendors are quick to
Ericsson’s Integrated Site concept
Jonas Bjurel, Staffan Blau, Anja Thyssen
The Integrated Site (IS) concept springs from ideas behind blade servers; that is, as with blade servers, Ericsson’s Integrated Site infrastructure pro-vides a framework that yields flexibility and short time to market for IP-centric applications.
The authors describe the blade server concept, which has a fundamen-tal role in the Integrated Site framework. They then describe the principles and components of the Integrated Site. They conclude the article with a description of the session border gateway and Ericsson’s EDA MSAN, each of which is a pioneer user of the Integrated Site infrastructure.
ADSL Asynchronous digital subscriber line ARP Address resolution protocol B2BUA Back-to-back user agent BFD Bi-directional forwarding detection CLI Command line interface
CORBA Common object request broker architecture
DHCP Dynamic host control protocol DiffServ Differentiated services DNS Dynamic naming service
E-GEM Enhanced Ericsson generic maga-zine
EXB LAN extension switchboard FW Firewall
GUI Graphical user interface HTTP Hypertext transport protocol IEEE Institute of Electrical and Electronics
Engineers,
IETF Internet Engineering Task Force IP Internet protocol
IPMB Intelligent platform management bus IPMI Intelligent platform management
interface
IPsec IP security protocol IS Integrated site ISCO IS central OAM ISER IS edge router ISL Inter-subrack link ISP Internet service provider
L2, L3 Layer 2, layer 3 LAN Local area network MAC Media access control MoIP Media over IP MP Media proxy
MSAN Multi-service access node MXB Main switchboard
NAPT Network address and port transla-tion
NAT Network address translator NPF Network Processing Forum OAM Operation, administration and
main-tenance
OSDL Open source development lab OSPF Open shortest path first OSS Operations support system QoS Quality of service
SAF Service Availability Forum SBG Session boarder gateway SGC Session gateway controller SIS IS site support blade system SIP Session initiation protocol SMO Software management office SNMP Simple network management
proto-col
ToS Type of service (field in IP header) VLAN Virtual LAN
VRRP Virtual redundant router protocol XML Extensible markup language
take advantage of these new technologies and ecosystems and to augment them with their own unique know-how.
The Integrated Site framework springs from the ideas behind blade servers. Through aggressive use of third-party tech-nologies, open-source code, and standard protocols, operators can employ blade sev-ers and Ericsson’s Integrated Site infra-structure to provide a framework that yields flexibility and short time to market. What is a blade server?
A blade server is a modular, chassis-based computing system that includes processors, memory, network interface cards, local stor-age and an operating system on a single board. Common resources, such as power, layer-2 (L2) infrastructure, keyboard, video card, mouse, external network connectivity, and cooling, are packaged as compact mod-ules and made available at the chassis level where several blade servers can share them. These common resources interact with in-dividual blade servers via passive midplanes and backplanes. This configuration makes for easy installation and removal of blade servers and common resource modules.
Integrated Site
Ericsson’s Integrated Site infrastructure en-ables operators to introduce a layered
frame-work for application nodes. This approach, which makes use of open-standard network interfaces and off-the-shelf technology, is similar to that used for introducing blade severs a few years ago. Autonomous blade systems provide complete user and network services. The blade systems in Ericsson’s In-tegrated Site framework, for instance, retain their autonomy while making use of com-mon resources. These comcom-mon resources, in turn, can be packaged as a blade system that is made available at the chassis level where a collection of blade systems can share them. The blade systems interact with one anoth-er via a passive backplane.
The Integrated Site is neither a platform nor a homogenous system. Instead, it is a framework for hosting multiple heteroge-neous, decoupled applications that are no more interrelated than classical telecommu-nications network elements (Figure 1). To support the framework, Ericsson developed an infrastructure that simplifies mainte-nance of the connectivity layer. An impor-tant aspect of the Integrated Site framework is the use of open-standard interfaces be-tween network elements. These interfaces enable the independent development of ap-plications and the framework. In the short term, the Integrated Site will solely consti-tute a subset of any given site, but the use of open interfaces will pave the way for a seamless migration of applications.
Figure 1
Network principles
Telecommunications network sites consist of several co-located systems—for example, servers and connectivity nodes that are pri-marily interconnected by a site LAN using open protocols. The systems connected to the site LAN are predominantly au-tonomous, self-contained, and function-specific nodes. The interconnection proto-cols are IP and Ethernet.
The Integrated Site makes use of existing, on-site network structures and standard net-work layer protocols. This, in itself, ensures
scalability and resiliency, and reduces the need for applications that implement these properties at the node level.
A fundamental feature of the Integrated Site infrastructure is resilient L2 connectiv-ity using standard Ethernet interconnec-tion. To enable the co-existence of multiple applications on the shared physical LAN, different traffic types have logically been separated from each other. The applications share available bandwidth while retaining service quality characteristics. The Inte-grated Site LAN is an innate extension of the local area network that connects appli-cations. Hardware miniaturization, fast LAN interconnect, network-level resilien-cy, and pooling concepts combine to pre-serve scalability and the availability of ap-plication systems (Figure 2).
Infrastructure components
The Integrated Site infrastructure is com-posed of
• one or more enhanced generic magazines (E-GEM, also called subracks, Figure 3); • duplicated site support blade systems
(SIS)—duplicated per site;
• duplicated main switchboard (MXB, Fig-ure 4) blade systems—duplicated per sub-rack;
• one or more LAN extension switchboard (EXB) blade systems—optional; and • one or more Integrated Site edge router
(ISER) blade systems—optional.
Figure 2
Example of an Integrated Site infrastruc-ture with multiple application systems.
Figure 3
Ericsson’s enhanced generic magazine (E-GEM).
Link layer
The physical communication in the Inte-grated Site infrastructure is based on IEEE Ethernet in the backplane. Two dual Ether-net stars (one 1Gbps and one 10Gbps) con-nect the blade systems by means of redun-dant Integrated Site switches. Redunredun-dant 1Gbps transport is available in every slot of the subrack. Redundant, high-speed 10Gbps transport is available in every other slot. The main switch is distributed on two blade systems per subrack. The systems func-tion as a single logical switch (Figure 5).
For out-band management (for instance, for managing hardware inventory) every subrack position has a duplicated intelligent platform management bus (IPMB) that is compatible with the widely adopted intel-ligent platform management interface (IPMI).
Attached systems
To guarantee connectivity to external (at-tached) systems, the Integrated Site infra-structure may be equipped with one or more LAN extension (EXB) blade systems, each of which provides twenty 1Gbps Ethernet LAN interfaces.
Multiple subracks
Up to 32 subracks can be interconnected with redundant 10Gbps IEEE Ethernet inter-subrack links (ISL) to form a homoge-nous, redundant site LAN.
Resilient connectivity architecture
Each blade system connects to two (dupli-cated) Ethernet links. The links, which form an IEEE link aggregation group, are super-vised by the IEEE link aggregation control protocol. During regular operation, traffic load is distributed across the two links. But if link supervision detects a fault on one of the links, all traffic is immediately redi-rected to the fault-free link (Figure 6).
Figure 4
The main switch blade (MXB) system.
Figure 5
Integrated Site subrack slots for blade systems.
Traffic separation
The Integrated Site infrastructure employs IEEE virtual LANs (VLAN) to separate traf-fic with different priority, security, and quality-of-service (QoS) characteristics. Layer-3 (L3) mechanisms, such as tunnels or policy-based forwarding, may also be used to separate traffic (Figure 7).
Network layer
Because each VLAN is treated as a separate logical network, all traffic traversing a VLAN boundary must pass a router. The In-tegrated Site edge routers are virtualized into router instances. Ordinarily, only one router instance is connected to one logical network.
Resiliency
Multiple physical routers use the virtual re-dundant router protocol (VRRP) to back up one another. Re-routing and bidirectional forwarding detection (BFD) methods pro-tect against link failures and provider edge outage.
Scalability
Blade systems that implement IP hosts are collected into static load groups with one default gateway router instance per group. One can scale the groups by adding physi-cal routers and subdividing them. To achieve symmetric routing for inbound and outbound traffic, the routing interfaces em-ploy different weight metrics for the inter-nal subnets and load groups (Figure 8).
Security
The Integrated Site infrastructure provides several levels of security. Security zones
de-Figure 7
Virtual LANs separate traffic with different service characteristics.
Figure 6
fine domains where rules can be applied to the traffic that enters them—for instance, packet filtering, encryption, and encapsula-tion. The Integrated Site infrastructure also • supports hardware-accelerated IPsec
en-cryption and stateless filtering;
• provides central user authentication and authorization; and
• supports external firewalls integrated as attached systems (Figure 9).
Operation, administration and maintenance
The functions of the Integrated Site central OAM (ISCO) implemented in the IS site support (SIS) node give operators central support for managing hardware, software, and to some extent, subnetworks. Operators access these functions via a graphical user interface (GUI), a command line interface (CLI) or over a northbound SNMP/CORBA/FTP interface.
Configuration management, alarm man -agement, and performance monitoring are implemented in independent blade systems. ISCO is generally unaware of the specific de-tails of any given blade system; instead, it employs a data-driven approach. The blade systems must thus comply with the man-agement models defined by the Integrated Site framework.
The interface between ISCO and the blade systems is composed of management object model declarations and specific blade sys-tem objects (alarms, counters, and so on).
Figure 8
Resilient and scalable subnetwork config-uration per VLAN.
Figure 9
These declarations are delivered in XML (Figure 10).
Hardware and software management
Via ISCO, operators can manage site hard-ware and softhard-ware as well as functions for in-ventorying hardware and software, assign-ing blade systems, assignassign-ing software, and
upgrading and rolling back software. To up-grade blade system software, ISCO fetches the upgrade container from a software man-agement office (SMO) and delivers it to the blade systems. The blade systems are them-selves responsible for unpacking and in-stalling or upgrading the software. In other words, ISCO needs not be aware of internal application structures, file systems or oper-ating systems.
Subnetwork management
Subnetwork management applies to shared resources, such as L2 connectivity, L3 site topology, and disks. The Integrated Site in-frastructure is not a surrogate for a sub-network manager but it does offer limited subnetwork support for reducing the risk of misconfigurations that might jeopardize connectivity or security.
Configuration management
Ordinarily, the blade systems are config-ured via a local command line interface or over a northbound SNMP/CORBA inter-face. A GUI-based solution can also be made available; that is, a central GUI (HTTP thin client) solution in ISCO de-creases redundant GUI development in the blade system.
Alarm and event management
ISCO implements a local alarm console that collects alarms from blade systems over SNMP/CORBA and presents them in a local GUI. The alarms are also relayed to an op-erations and support system (OSS) over a northbound SNMP/CORBA interface. Building practice
The Advanced Telecom Computing Archi-tecture (AdvancedTCA) constitutes the most advanced effort to date to standardize requirements put on carrier-grade commu-nications equipment. Ericsson is an active participant in the work to specify AdvancedTCA. The current specification, PICMG 3.0, is a framework with an abundance of options. In all likelihood, the Ad -vanced Mezzanine Card (AMC) will be the first part or subset of the specification to enjoy widespread adoption.
The Integrated Site framework does not specify or rely on a specific building prac-tice. Instead, it advocates the use of open, standardized interfaces. Ericsson’s first-generation Integrated Site infrastructure products have been designed for use in an enhanced version of the Ericsson GEM
Figure 11
The ENGINE multimedia network. Figure 10
building practice, which is compatible with current AXE and TSP product lines. This approach facilitates the reuse and migration of AXE and TSP hardware into the Inte-grated Site framework. GEM has already been evolved to comply with the function-al interfaces stipulated in PICMG 3.0. This means that AMCs can readily be used in it.
Pioneering applications
Ericsson’s Integrated Site infrastructure is suitable for numerous IP-centric applica-tions. The first two applications to make use of it are
• the session border gateway (SBG)— Ericsson’s version of a session controller node1; and
• Ericsson’s Ethernet DSL access multi-service access node (EDA MSAN). Each of these applications is based on prin-ciples of the Integrated Site framework and hosted in Ericsson’s GEM-based IS infra-structure.
Session border gateway
A session controller node is basically a dy-namic, session–aware, firewall and network address and port translator (FW/NAPT) that intercepts session signaling (SIP or H.323). Only those media flows (RTP, MSRP, and so on) that correspond to what is described in session signaling are allowed to pass.
Ericsson’s IP Multimedia solution (IPMM) employs the SBG between the bor-der of the IMS core network and broadband access networks and other IP multimedia carriers’ networks (Figure 11). The SBG helps conceal core network IP address topol-ogy and protects against bandwidth fraud and distributed denial of service. It also pro-vides support for
• carrier peering accounting;
• helping IP multimedia traffic to traverse network address translators at customer premises; and
• interworking with non-IMS multimedia networks.
Architecture of the SBG implementation
A session controller consists of two logical parts:
• a back-to-back user agent (B2BUA), which intercepts the session signaling; and
• a dynamic FW/NAPT, which under the direction of the B2BUA, opens and clos-es pinholclos-es for media streams.
Ericsson’s session border gateway imple-ments the B2BUA and dynamic media pin-hole firewall as two physically separate IS blade system applications: the session gate-way controller (SGC) and the media proxy (MP). The session gateway controller uses the H.248 gateway control protocol to con-trol the media proxy. Figure 13 shows the relationship between components of the IS infrastructure and the SGC and MP blades. The SGC application is based on a stan-dard Linux processor blade; the MP appli-cation is based on a blade that includes a Linux processor and special hardware for wire-speed forwarding and processing of media packets.
Figure 12
Logical view of the session border gate-way (SBG).
Figure 13
Scalable capacity
The smallest SBG node consists of a single MP blade and a single SGC blade. For greater capacity, an SBG node can be com-posed of multiple SGC and MP blades, where each blade runs as an autonomous blade system in a loosely coupled cluster node. The number of SGCs and MPs can be dimensioned independently to accommo-date specific requirements for signaling ca-pacity and media bandwidth (Figure 14).
N+1 blade system redundancy for high availability
Given that the SGC application supports load distribution over an SGC blade system cluster, operators can obtain a high-availability SBG configuration by employ-ing one more (N+1) SGC and MP blade sys-tem than is needed for processing traffic.
1+1 blade redundancy for session retainability
Operators who require high availability and session retainability can employ 1+1blade redundancy. The SGC and MP applications have been designed to allow two identical blades to be paired in a 1+1configuration, forming a single blade system in which one blade serves as hot standby. A state replica-tion protocol continuously updates the standby blade with session state information from, and informs about the liveliness of, the active blade. Should the active blade fail, the standby blade takes over the reception and handling of all incoming traffic by emit-ting gratuitous ARP (over the internal
In-tegrated Site LAN) to rebind the IP ad-dresses of the failed blade system to its own MAC address.
Plug-and-play
The individual blade systems of a session border gateway use the IS’s internal DHCP and DNS services to discover other SGC and MP blade systems. All communication setup and exchange of configuration infor-mation between systems in the SBG are han-dled automatically.
SBG management
Generic management functions supported by the central Integrated Site OAM func-tion include the management of physical blade hardware and coordination of software boot and software upgrades for blade sys-tems in a session border gateway.
No matter how many blade systems a ses-sion border gateway node contains, opera-tors can manage every application-specific aspect of the node through a single simple network management protocol (SNMP) in-terface. For local management purposes, they may also access central IS OAM sup-port through an IS framework-aligned GUI that serves as a management client on the SNMP interface.
EDA MSAN
Based on the principles of the IS framework and using the IS as a control subrack, Ericsson’s EDA multi-service access node (EDA MSAN) represents the next genera-tion of access systems. A high-capacity
Figure 14
Relationship in the Integrated Site between the session gateway controller (SGC) and media proxy (MP).
Figure 15
The EDA MSAN interface subrack can support 640 DSL lines, 640 POTS lines or 320 combined lines.
broadband node with optional narrowband capabilities, EDA MSAN uses switched Public Ethernet in the access network and deploys an IP-all-the-way system that sup-ports integrated, high-speed, always-on, triple-play (data, video and voice) services as well as more advanced services such as mul-ticast. It also provides an innovative solu-tion for baseband telephony (Figure 15).
Architecture
EDA MSAN is a rack-mounted, board-based system that features high port count per board and excellent scalability, accom-modating up to 10,000 subscribers per multi-service access node. The solution sup-ports ADSL/ADSL2/ADSL2+ or POTS as separate services or as combined services via a dedicated ComboConnector. Operators may thus seamlessly pre-provision ADSLx services on EDA MSAN lines via PEM OneView (management system GUI). EDA MSAN is built around the interface subrack, the control subrack and the management system (Figure 16).
IS in EDA MSAN
The control subrack in EDA MSAN is based on the Integrated Site framework. The main switchboard (MXB), which serves as a sub-rack switch in the control subsub-rack, switch-es traffic from every position in the control subrack. The core switch, which is based on a LAN extension switchboard (EXB), forms • 16 interfaces to interface subracks; and • 4 uplink interfaces to the core network. The node controller, which uses the same Linux processor board as the session gate-way controller, functions as element man-ager and H.248 voice gateway control sig-naling termination. A node that serves up to 10,000 subscribers, EDA MSAN guar-antees redundancy at every level—power, interface subrack switches, control subrack switches, core switches and node controller.
Conclusion
Operator emphasis is on service deployment but because no single service suite can sat-isfy every need, the services must be adapt-ed to individual business strategies. Ericsson’s Integrated Site concept provides a framework that yields flexibility and short time to market. Thanks to native support for aggressive use of third-party technolo-gies, open-source codes, and standard pro-tocols, it enables operators to introduce a layered framework for application nodes.
The Integrated Site framework makes use of existing, on-site network structures and standard network layer protocols. Its infra-structure is composed of enhanced generic magazines, site support blade systems, main switch blade systems, LAN extension blade systems, and Integrated Site edge router blade systems. All physical communication is based on IEEE Ethernet in the backplane. The Integrated Site framework does not specify or rely on a specific building prac-tice. Instead, it advocates the use of open, standardized interfaces.
Ericsson’s session border gateway is a dy-namic, session-aware FW/NAPT that in-tercepts session signaling (SIP or H.323). Only those media flows (RTP, MSRP, and so on) that correspond to what is described in session signaling are allowed to pass. The session boarder gateway is based on the In-tegrated Site framework and makes full use of the IS infrastructure.
EDA MSAN represents the next genera-tion of access systems that are based on the Integrated Site framework and make use of the IS infrastructure. It uses switched Pub-lic Ethernet in the access network and de-ploys an IP-all-the-way system that sup-ports integrated, high-speed, always-on data, video and voice services, and advanced multicast services.
www.sessioncontrollerforum.com
REFERENCES
The session border gateway (SBG) relies on functionality provided by the Integrated Site infrastructure. Its implementation fully con-forms to the architecture of the Integrated Site framework.
The SBG features central operation, administration and maintenance (OAM) sup-port.
Thanks to the VLAN capabilities of the Inte-grated Site edge router and its support of large ARP tables and ARP signaling to exter-nal Ethernet networks, each SBG node can interface to a Public Ethernet access solution with up to 80,000 Ethernet endpoints (MAC addresses).
The deployment of an SBG in various net-work scenarios makes extensive use of Inte-grated Site edge router support for essential features, such as packet filtering, DiffServ and ToS (remarking, OSPF, and IPsec).
Integrated Site dynamic host control proto-col (DHCP) and dynamic naming service (DNS) support give the session gateway con-troller (SGC) and media proxy (MP) blade systems a high level of plug-and-play func-tionality.
BOX B, SBG IMPLEMENTATION
Figure 16
