Nortel Networks on What It Will Take for IP/MPLS Edge Devices to Make the Grade

With FCC regulation of data networks looming on the horizon, service providers will be required to deliver security, reliability and availability beyond the capabilities of current-generation IP platforms.

The increased focus on network reliability -- both within the industry and more broadly by organizations such as the National Security Council -- is a testament to the growing importance of networks in our society.

As we become ever more reliant on IP data networks, the FCC -- and other regulatory bodies -- seem to be asking whether data networks are ready for this level of civic responsibility. Also in question is what role those bodies of regulators should play in regulating them.

In the last decade, service providers have responded to changing customer requirements by creating multiservice networks based on overlays of multiple, service-specific infrastructures. Now, to meet evolving network and service challenges, they are starting to converge multiple data networks into a single IP/MPLS-based edge platform for transport over a unified core.

There's a significant challenge to this convergence, though. As more mission-critical data traffic is placed over IP, the industry needs to ask some hard questions about reliability. Is IP up to the task? As Needham & Co. analysts Anton Wahlman and Brian Coyne recently publicly noted: "10mbps that dies when the power goes off is not the same as 10mbps that stays up through thick and thin."

Service providers have been working to upgrade their IP networks from 99 percent reliability to 99.99 percent -- good progress, but still nowhere near the reliability of the PSTN and far short of the "five nines" reliability required for mission-critical applications, which equates to less than five minutes of downtime a year.

Why do regulators, businesses and consumers care?

Average consumers might not blanch if their ISP connections are down now and then. But as our society marches deeper into the Web-dependent age, the stakes are changing.

For businesses, losing 30 minutes of critical e-commerce and business functions is not just an inconvenience, it's a real cost in lost revenue and productivity. And to someone dialing 911, a VoIP service outage -- regardless of the cause -- is completely unacceptable.

Sociocultural and economic shifts have transformed IP networks from ancillary into support roles that form the critical fabric by which business is transacted, government is operated, national defense is conducted and people communicate.

The FCC has taken notice.

Currently, the Network Reliability and Interoperability Council (NRIC), an advisory group to the FCC, asks that service providers voluntarily report data network outages that affect 30,000 or more subscribers for more than 30 minutes -- unlike the voice realm where reporting is mandatory. In theory, voluntary reporting will forestall the need for formal government regulation. In December 2003, NRIC recommended continuing the industry-led voluntary reporting initiative based on results from a two-year trial period.

It remains to be seen whether this will be satisfactory to regulators. The FCC may view data services as becoming too critical to public welfare to be exempt from regulatory oversight.

If data networks will be carrying PSTN traffic, national regulatory frameworks must change with them. It seems clear, at a minimum, a much more serious industry effort is going to happen -- whether by government mandate or a disclipined, voluntary practice.

In the words of FCC Chairman Michael Powell, emerging "best practices ... will guide the industry in fulfilling its commitments... to engineer and operate the most reliable, robust communications service network in the world."

According to FCC Commissioner J. Copps at a December 2003 forum, "[We] do need to discuss the consequences of the proliferation of VoIP services on our important statutory objectives -- universal service, homeland security, 911 services, accessibility by people with disabilities and encouraging the build-out of advanced telecommunications services."

What does this mean for service providers?

Service providers -- and the vendors that supply their equipment -- should consider themselves officially on notice. Next-generation IP/MPLS infrastructures will have to perform to standards not previously expected of data networks. Whether as a result of economic pressures, customer expectations or impending regulation, IP/MPLS networks will need to deliver security, reliability and availability at "carrier-grade" levels not delivered by current-generation IP platforms.

In the network core, reliability has historically been gained by deploying redundant switches -- and certain vendors have made significant progress in developing new carrier-grade IP core platforms.

The picture is quite different at the network edge, where companies such as British Telecom expect its future network to contain about 10 core devices and up to 30,000 aggregation and edge devices (according to its ITU Telecommunication Standardization Bureau CTO Panel Discussion in December). It's not feasible to deploy redundant equipment for all locations, and existing edge devices are typically not as mature from a reliability standpoint as core systems. Next-generation platforms that support new edge requirements -- known as multiservice edge products -- will have to offer a new level of intrinsic reliability.

AT&T's CTO, Hossein Eslambolchi, has been vocal about the need for this new multiservice edge device. In a recent AT&T Viewpoints interview posted to the carrier's Web site, he says "We'll aggregate [access] services onto a new edge device ... which will accept all kinds of services -- voice, multicast video, corporate extranets, e-learning, CRM -- packetize them and then aggregate them ... and hand them off to the switched MPLS core."

The emerging edge requirement is intrinsic reliability at multiple levels.

Service providers often require equipment vendors adhere to QuEST Forum TL 9000 Quality Standards -- and base their procurement decisions not only on initial capital outlay but also on the longer-term cost of poor quality due to such factors as service outages, product defect rates and network fixes. The most recent version of TL 9000 standards will address the new multiservice edge products, enabling global service providers to make informed decisions about quality and reliability in this emerging category.

To fare well by TL 9000 standards and the emerging regulatory climate, the multiservice edge device must be designed from the ground up to deliver the availability required by the FCC for regulated voice traffic. This kind of reliability can only be achieved when it is integral to the design at multiple levels -- node, network, service and security.

At the nodal level, modular, flexible architectures should completely separate control-plane and data-plane processing and traffic. Common equipment (for example, fans, power supplies and control-plane processing) must provide hitless switchover in the event of a failure and be field-replaceable without affecting operation. The operating system must provide weighted fair queuing and scheduling of CPU and memory resources to ensure that each process -- customer, service or internal function -- receives appropriate and fair treatment within the node and across the network. Hitless software upgrade and patching capabilities reduce software-associated outages -- one of the most significant contributors to service disruptions and network downtime.

Programmable components, such as processor units and gate arrays, would limit downtime associated with hardware or firmware upgrades and enable the node to keep pace with new features, standards and scalability/performance improvements. All other nodal equipment should be hot-swappable and optionally redundant, with flexible 1:1 or 1:N sparing.

At the network level, support for IETF Graceful Restart/non-stop forwarding and MPLS Fast Re-route is required for interoperability with existing equipment. Non-stop routing and intelligent, resilient re-routing will incrementally protect routing processes without relying on other external network elements to recover from failures. This capability keeps routing tables synchronized without flooding the network with control and routing updates, and reduces route-flapping, black holes and routing loops.

Because these products will converge multiple services, they must offer dynamic, intelligent and resilient routing and service configuration not just for Layer 3 IP, but also between existing Layer 2 networks. This capability eliminates single points of failure within the Layer 2 network, across network mediation points and within the IP/MPLS network. The network continues to function regardless of where a failure might occur.

At the service level, independent, virtualized software processes and software process sparing enable the product to maintain connection-state awareness, with a backup always ready to take over under any failure condition. Services continue to run during disruptive events, such as equipment failures, routing problems and hardware or software upgrades.

The ability to configure CPU and memory allocation for each process will ensure that no single customer or service can impact others that use the same resources. Each software process should be configured with a backup process, ready to take over instantly should a problem arise.

At the security level, all users should be authenticated, and all management traffic should be authenticated, encrypted and logged to prevent identify theft, IP spoofing and loss of sensitive information to hackers. The product should provide extensive firewalling capability, from basic packet filtering to stateful inspection, and security logs that can be easily fed into open intrusion-detection systems for analysis. All configuration data, event logs, accounting records and the active software images should be stored locally on the node as well as an alternate backup site, with active spooling between sites. These capabilities will ensure secure network operation and rapid recovery after a network communications failure.

Given current regulatory and market uncertainties, all of these reliability features should be fully optional at all levels, letting you select the optimal balance between protection and price. You should only have to deploy and pay for as much redundancy and reliability as required to meet regulatory requirements and customer-care targets.

Even without the potential of regulatory mandates, reliability is its own reward. A reliable network reduces capex, opex and SLA penalties for service providers, while increasing customer satisfaction and retention.

A reliable network wins the bid, according to Wall Street analysts Wahlman and Coyne: "With IP voice becoming the norm in the next couple of years, the combined demands for reliability of high-speed data for both IP voice and the underlying high-speed IP Internet data pipe may make hardened and powered networks into a competitive advantage."

Scott McFeely is general manager of multiservice edge, wireline networks at Nortel Networks. He can be reached at mcfeely@nortelnetworks.com.

Share this article: Email, Slashdot, Digg, Del.icio.us, Yahoo!MyWeb, Windows Live Favorites, Furl
Add this article feed to: RSS, My Yahoo, Newsgator, Bloglines