Professional Documents
Culture Documents
Alcatel-Lucent 1830
PHOTONIC SERVICE SWITCH (PSS) | Release 3.6.0 and
3.6.1
DATA COMMUNICATIONS NETWORK (DCN) PLANNING GUIDE
8DG60888RAAA
Issue 1
July 2011
Legal notice
Legal notice
Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective
owners.
The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.
Copyright 2011 Alcatel-Lucent. All rights reserved.
Notice
Every effort has been made to ensure that the information in this document is complete and accurate at the time of printing. However, information is subject
to change.
Documentation support
2 INTRODUCTION ................................................................................................... 7
2.1 The 1830 PSS management network ........................................................................................................ 7
3 1830 IP ARCHITECTURE................................................................................... 12
3.1 NE IP architecture....................................................................................................................................12
7 SECURITY........................................................................................................... 39
7.1 Use RADIUS for user identification ....................................................................................................... 39
The Engineering Guidelines are presented as follows. These are recommendations to get the
best of the product and/or network within supported space:
The restrictions are presented as the following. Typically when the behaviour is not as
predicted, is not as described into standards
The Customer Inputs which points to high level information required to implement associated
network design:
And where:
<Domain>: Identifies which Node, Network Element, Interface it is applicable (e.g.
LR, OADM, )
<Name>: Gives a title to the rule
<Nature>: Indicates the root cause for it (see Table 1 : Meaning of <Nature>)
FTP Servers
NMS
Management
DCN
IP
1830
GNE
-
1830-PSS
Network
1830
RNE
IP
Remotely
Managed
Device
The remotely managed device, as shown in the above figure, can be an IP-device co-located with
the 1830 NE (e.g. Raman amplifier) connected via the extension LAN. Or, the device could be the
1830 PSS-1 Edge Device which connects to the 1830 PSS over the GCC. Connection over the GCC is
illustrated in the following figure:
OSC
OSC
NE2
GNE NE3
135.1.1.2/32
135.1.1.3/32
IP
OSC
PPP-GCC
1 PPP-GCC
1
PPP-GCC PPP-GCC
1, 2, 3 1, 2, 3
135 . 10 . 10 . 1 / 32 135 .10 . 10 . 2/ 32 135 .10 . 10 . 3 /32
Fig. 2 - 1830PSS Communicating with PSS-1 Edge Device over the GCC
The basic communications network architecture for the 1830 PSS-32 includes all LAN interfaces,
OSC interfaces, and GCC interfaces. LAN interfaces include the OAMP, VoIP, E1, E2, CIT, and
Extension Shelf (ES) connections. The OSC interfaces can vary from one up to 20, one for each
degree. The OSC carries node-to-node communication, sharing of OSPF LSAs, Wave Tracker keys,
SCOT messages, etc.
The GCC interfaces can vary from 1 up to 32, depending on the number of supported OTs that are
provisioned for GCC0 termination. GCC0 terminations on the 1830 PSS-32 system are supported by
the 11STAR1 (client port), 11STMM10 (client port), 4DPA4 (line port),11DPE12, PSS1GBE, PSS1MD4,
11QPA4, 11DPE12E, 11DPM12 OTs. The other end of this 11STAR1 OT is the 1830 PSS-1 Edge Device.
135.1.1.4/32
192 .168. 1.2 /30 135.1.1.2/32 NMS
192.168 .1.6/30
135.1.1.7/32
135.1.1.6/32
N7
N6
OSC
Co- E1-LAN
135.50.10.1/30
Located OSC
135.1.1.8/32
135.50.10.2/30
SNMP-managed
External device N8
192.168 .1 .9/30
PPP-GCC
PPP-GCC
1 192 . 168.1.10/30
1
-PSS1 Network
PPP-GCC PPP-GCC
135.10.10.1/32 1, 2, 3 135.10.10.2/32 1, 2, 3 135.10.10.3/32
135.10.10.5/32 135.10.10.7/32
LILA ILA
L
Ring architecture:
At least 2 distinct NEs can be chosen to function as GNEs to provide redundant access to the WDM
sub-network
OADM as GNE
Line Terminal
as GNE ILA
L
OADM
LineTerminal TOADM IL
as GNE L
OADM
OADM
Line Terminal as
GNE
3.1 NE IP architecture
The 1830 brings a full IP communication architecture.
On each 1830PSS, IP is used for
- External communication:
- Management purpose (communication between manager and NE)
- Inter-NE communication
- VoIP for the IP phone facility
- Connection of external devices
Protocols:
- CLI, Telnet, SSH, SSL, SNMP, TL1, HTTP, HTTPs: Used for management of 1830PSS
- CLI and MTNM/Corba : Used for the management of the GMPLS network
- OSPF-TE for SCOT : used for WDM power adjustment automation
- Application sFTP/tFTP/FTP : used for file transfer as upgrade or Data Base backup/restore.
- NTP for time management
The TCP/IP protocol stack supported for an IP-based DCN will be as shown in the following table:
L3 IPv4 + IP forwarding
OSC GCC0
Ethernet interface
3.1.2 IP routing
CIT
OAMP
ES1, ES2
OSPF
E1, E2
PPP
(OSC,GCC0)
VoIP
OSPF advertisement:
OSPF advertises the Loopback addresses, the serial interfaces and the directly connected
sub-networks if it is enabled on the interface.
When OSPF is enabled in passive mode on an interface, no OSPF message is sent on this
interface but OSPF advertises this interface subnet on all other OSPF enabled interfaces.
When OSPF is enabled on an interface, OSPF messages are exchanged via this interface.
Remark:
On 1830, OSPF is:
Disabled on an interface by setting the STATUS to DISABLE,
Enabled on an interface by setting the STATUS to ENABLE,
Enabled in passive mode on an interface by setting the STATUS to REDISTRIBUTE.
Workstation EMS
@PhM @OMS
1830 EMS
Customer Management Backbone Subnet
@W1
Workstation
@OAMP_1 @OAMP_6 @OAMP_8
@SYSTEM_3 @SYSTEM_8
@SYSTEM_1@SYSTEM_2
@SYSTEM_4 @SYSTEM_7 @SYSTEM_9 DCN
OSPF @SYSTEM_5 Customer
@VoIP_2 @E1 addresses
area @SYSTEM_6
TOADM
LR
ILA TOADM ILA
LR
1830PSS GNE
Internal
addresses
1830PSS GNE
ZIC 172.16.1.0/24
IP phone
Local dhcp connection SNMP external device
Local dhcp connection
(1 per 1830) (1 per 1830) Local dhcp connection
(2 per 1830)
@GMRE_3 @GMRE_8
@GMRE_1 @GMRE_9
@GMRE_4
@GMRE_2@GMRE_5 @GMRE_7
@GMRE_6 Per @GMRE_#:
Control OSPF area @GMRENODE
@GMRENOTIFY
The inside routers are logical routers running in Linux environment. The routing protocol is OSPF.
Customer addresses
- They are used for the network management.
- Only the GNEs are directly connected to the management network
The rule is to have only one area for all 1830 NEs of a WDM sub-network.
See the specific design described in chapter 3.3.
x.x.x.0
Loopback addresses for (given by MGMT0= MGMT255=
MGMT 256
Management customer) x.x.x.0/32 x.x.x.255/32
Initial commissioning
mas Manually
Name Function Subnet address Initial updated or interface
k OSPF
setting acknowledg
ed
External DCN access.
(Recommended d OAMP on
At
configure as a Point Customer ENABLE USRPNL (PSS-
OAMP least None Yes
to Point network defined if GNE 16/32) or FLC
/30
between the GNE (PSS-36)
and its front router)
Initial
SYSTEM Loopback address MGMT PASSIV
/32 commissio Yes Loopback0
(R_ID) for management E
ning
GMREnod CP (even addr)
GMPLS control plane PASSIV
e for PSS 16/32/36 /32 None Yes Loopback1
Loopback address E
(=CPN)
The operator must be sure the SYSTEM address is unique in the scope of its
DCN. ,
It can be performed by:
Assignation of a MGMT addresses range to the WDM sub-network taken into
account further extensions.
Each node is assigned a MGMT address.
Example where NE is assigned the MGMT4 address within the MGMT 135.1.1.0/24
network:
SYSTEM=MGMT4=135.1.1.4
The operator must be sure the GMRENODE and GMRENOTIFY addresses are
not duplicated in the Area.
In order to be ready for further GMPLS evolutions, it is recommended that these
addresses are unique in the customer DCN.
FLC (First Level Controller) provides two (2) general purpose switched auto-sensing LAN ports
(10/100BaseTX),
Ethernet #1 CIT - is dedicated to CIT connection
Ethernet #2 - OAMP - is dedicated to DCN backbone connection but can be used to connect
local third party equipment.
MTX (matrix) provides four (4) general purpose switched auto-sensing LAN ports (10/100BaseTX),
Ethernet #1 - VoIP - and externally managed devices. The VoIP port can be used to connect
to an IP phone.
Ethernet #2 - AUX for future use.
Ethernet #3 and #4 E1 and E2 - two External LAN ports (which can be used to connect to
externally managed devices), labeled E1-LAN and E2-LAN. These ports are auto-sensing, so
either a cross-over or straight-thru Ethernet cable can be used
IP phone
FAN 41
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 .
42 43 Disabled
BTC VoIP
BTC
AUX
CIT interface
23 24 25 26 27 28 29 30 31 ES1 32 33 34 35 36 37 38 39 40
Daisy chain
ES2
CIT
E1
OAMP
E2
FLC MT0C MT0C FLC
Front router to
customer network
PF 44 PF 45
In PSS36 LAN interface redundancy is strictly coupled to FLC/MT0C redundancy, i.e. only
the LAN interfaces, which are hosted on the active FLC/MT0C, are enabled. The LAN interfaces of
the standby FLC/MT0C are disabled.
But, R3.6 PSS36 doesnt really support redundancy for FLC/MT0 packs
USRPNL (User panel) provides four (4) general purpose switched auto-sensing LAN ports
(10/100BaseTX),
Ethernet #1 OAMP - for connection to EMS/NMS, The OAMP port shall be used to connect
to the External Management System (EMS).
Ethernet #2 VoIP - and externally managed devices. The VoIP port can be used to connect
to an IP phone.
Ethernet #3 and #4 E-LAN1 and E-LAN2 - two External LAN ports (which can be used to
connect to externally managed devices), labeled E1-LAN and E2-LAN. These ports are auto-
sensing, so either a cross-over or straight-thru Ethernet cable can be used
The NE shall support 2 craft ports. There will be a female (DB9) and a USB-B port. Both will
support local RS-232C Serial interface (support setting: 34800 baud, 1 stop bit, no parity) for
connection to craft terminal via serial link.
EC (Equipment Shelf Controller) provides four (4) general purpose switched auto-sensing LAN ports
(10/100BaseTX),
Ethernet #1 CIT - is dedicated to CIT connection
Ethernet #2 - AUX - is dedicated to DCN backbone connection but can be used to connect
local third party equipment. This port is for future use.
Ethernet #3 and #4 ES1 and ES2 - are reserved for Inter-shelves connectivity (between
Master/slave or between slaves shelves)
From previous
Shelf
Inter shelves links
To next shelf
FAN provides three (3) general purpose switched auto-sensing LAN ports (10/100BaseTX) the ports
are physically connected to the Ethernet switch on the equipment controller through back plane
links
4.1.6 Managers
1830 PSS provides several management interfaces (SNMP, TL1, Web UI, CLI).
It can be managed by following Alcatel-Lucent managers:
The 1350 OMS is the network management product that provides unified end-to-end
network management and operational support for all network element products in the
Alcatel-Lucent's Optics portfolio. It includes including service provisioning over multi-
technology optical infrastructures.
It provides the ASON (Automatically Switched Optical Network) management of the
network.
It is the management solution of Alcatel-Lucent when GMPLS is used.
The PhM is another network management product focussed on 1830PSS that provides WDM
management.
The 5620 SAM is designed to manage IP/Optics networks.
- PSS1 & PSS4 nodes which are connected to a WDM 1830 PSS are also part of the WDM sub-
network
Other characteristics:
- Nodes of a WDM sun-network belong to the same management Area and have a centralized
Management System (ALU 1350 OMS).
- If GMPLS is used in the WDM sub-network, there is One, undividable Control Plan area
The 1830 DCN network architecture ensures the reliability of the connections for DCN and WDM
networks.
To ensure the reliability of the 1830 DCN network, several solutions are implemented.
- Meshed architecture.
Remind:
A Node belongs to an OSPF Area if at least one interface is enabled in this Area.
It is possible that an area is defined without any interface enabled in this Area
(for example, Area#0 is always defined on 1830).
The main rule is that each NE must have at least two links to two different neighbors. Links can be
OSC, GCC or Ethernet; neighbors can be 1830PSS or IP router.
Each 1830PSS must be connected at least to two NEs/routers within the same
OSPF Area, by OSC or GCC link or by Ethernet link.
A 1830PSS plays the GNE role when it provides an access to the external DCN.
Typically:
The recommendation is to have at least two GNE must be configured per OSPF
area.
Additional rules (fair load sharing of outgoing traffic between GNEs):
GNEs are defined in such a way that any RNE is at a reasonable
distance from closest GNE.
Typically, 2 GNEs are requested for areas of up-to 100 NEs + 1 GNE per
additional group of 100 NEs in the Area.
With the OSPF protocol, each area must be connected to the 0 area for inter-area exchanges.
The area 0 is called the backbone. Here, that means WDM management backbone. The 0 area is
dedicated to the DCN 1830PSS network. If connections are needed toward a higher level network it
is up to the network design team to provide a solution for network connections.
1350 O MS
Customer OSPF area is
Eth
-> AREA #0
0
Customer IP Network
Customer Network
Direct link
Eth Eth
IP I P only
IP
GNE 1 OSC GNE 2
Terminal
Terminal
Repeater OSC OSC
#i
OADM
The diagram above describes the standard case of a single area. All the 1830PSS belong to the same
area (#i) and the customer backbone is the area 0.
Redundancy within the Area #i is provided thanks to a Direct Link between the Routers at the
border of the area. This link can be made over a tunnel through the backbone (tunnel is configured
on external router only, not available on 1830). The constraint is to maintain it within the area #i.
1350 O MS
Customer OSPF area is
Eth
-> AREA #0
0
Customer IP Network
Customer Network
Eth Eth
IP
IP
GNE 1 OSC
I P only
GNE 2
Terminal
Terminal
Repeater OSC OSC
#i
OADM
In both previous cases, when the backbone is very simple and dedicated to the management of the
WDM network, this can be simplified in a single area#0 (-> Area#i=Area#0). Its up to the network
designer and the customer to decide.
All Nodes of a WDM sub-network must belong to the same OSPF Area.
It is requested for wavelength keys distribution constraints.
It is possible to set several WDM sub-networks in the same OSPF area if it is compatible with
maximum number of NEs.
- Hello interval : 10
- Dead interval : 40
- Route priority : 1
- Optionally
VOIP
In the DCN network, the maximum number of Nodes per Area is 500.
If GMPLS is enabled in a WDM sub-network, the maximum number of 1830 PSS which run
GMPLS is 100 (PSS1 & PSS4 dont run GMPLS).
Summarization
on ABRs
Eth Eth
Eth
GNE 2i GNE1j
Eth
GNE 1i OSC GNE 2j
External
Device
OSC OSC
Front routers for 1830PSS DCN must provide routes to join the Management equipments (1350 OMS)
and the other 1830PSS through the DCN.
- No redundancy required on each GNE, it is based on routes toward the other GNE.
(Ref rule Engineering Guidelines GNE number)
- The router needs one physical interface connected to the 1830PSS (10/100 Mb/s).
- The connection port is called OAMP. Depending of the type of the PSS shelf
used the port can be placed on User Panel, FLC or MTX.
- The IP address of the interface toward the 1830PSS must be in the OAMP subnet
- The routing protocol is OSPF; it must be activated at the interface with the GNE.
- The interface to the GNE must be set in the same area than the 1830 OAMP
interface.
- The configuration of interface to the backbone will depend on the customer DCN
(for example, routing protocol is Customer specific). It is the responsibility of the
network design team to adapt the external interface to particular needs (backbone
routing protocol, .
- Management subnet. This avoids routes recalculation if the 1350 OMS has to
move inside the management subnet and is not so wide than a default route.
Depending of other capabilities of the router, the following features are useful:
- Access lists. They can restrict the access to the 1350 OMS (the active one and the
standby one) inside the management subnet.
- Ip port filtering
- Qos marking
A direct path has to set between each front router inside a DCN area, if the path
redundancy is not ensured by a fully meshed architecture of the WDM network (through the
OSC/GCC).
Due to hosts (1830PSS) routes summarization inside the front routers, this path must be an intra
area path. Depending of project constraints, it can be any kind of direct link or a tunnel via
the backbone.
The 1830 NTP release is version 3 (RFC 1305) and version 4 (4.2.6p2).
The NE shall interoperate transparently with NTP servers that support either version 3
or version 4.
It is mandatory to provide an access to a NTP server for each 1830PSS in such a way that all
1830 PSS of a WDM sub-network are synchonized on the same time
The recommendation is to use the Network Manager as NTP server. Notice that the EMS is a NTP
tier 2 server which shall be connected to a tier 1 server.
Up to three NTP servers can be declared. It is mandatory to keep them synchronized. The backup
server must send the same time than the main one.
The NTP feature can be activated from ZIC or via management interface commands.
WDM sub-network
OSPF Area :
Router
Network type Address subnet Mask Address
gateway
MGMT . . . /
CP /
VoIP . . . /
EXTD . . . /
INT . . . /
Ext. router 1 subnet (ER1) . . . /30
Ext. router 2 subnet (ER2) . . . /30
As many external routers as
/30
GNEs
Router
NE Name Interface Address subnet Mask Address
gateway
The following command will set the RADIUS server on the 1830PSS.
[TL1]ENT-RADIUS-SERVER:::::RAD1,ENABLE:IPADDR=<ip>[,PORT=<port>],SECRET=<
sharedSecret>;
[CLI] config admin authentication radius add RAD1 <ip> [:<port>]
<sharedSecret>
<ip> Is the IP address of the RADIUS server
<port> Is the IP port used by your RADIUS server, from 1 to 65000. Default value is 1812.
<sharedSecret> is a 5 to 32 chars password.
7.1.2 Enable RADIUS usage
The following command will force user authentication using RADIUS server on the 1830PSS.
[TL1]SET-RADIUS-AUTH:::::RADIUS;
[CLI]config admin authentication order radius
7.2.1.1 SSH/SFTP
The 1830PSS is provided without any SSH key. A standard certificate can be generated using TL1 or
CLI :
Public and private keys will be generated on the 1830PSS.
[TL1]INIT-SSH-KEY:[TID]::[CTAG]:::[KEYTYPE=][,MODULUS=];
KEYTYPE is DSA.
MODULUS is 0.
[CLI]crypto key generate
Examples:
- To generate a DSA key:
[TL1]INIT-SSH-KEY::::::KEYTYPE=DSA,MODULUS=0;
The network administrator can then get the public key (7.2.2.1.1) and install it on his servers.
The 1830PSS is provided with a self signed certificate. Its up to the customer to allow this
certificate in his network by adding it to his trusted certificates list.
The first time a user will connect to the NE, he will obtain the following screen.
The right action is to select No or Do not accept this certificate and contact your
network administrator.
Customer Administrator
The network administrator should examine the certificate and if he recognizes it, add it to
the trusted certificates list.
Warning:
- Before changing the secure mode to ENCRYPTED, check the ability of
the managers to use SSH, HTTPs and sFTP. All the remote systems
must be compliants.
- Changing the secure mode will provoque a reboot of the 1830PSS and if
the remote systems can not use SSH, HTTPs and sFTP, they will no
longer be able to connect the the 1830PSS.
The TL1 or CLI command allows to get the public key of the NE.
[TL1]RTRV-SSH-KEY;
[CLI]crypto key details
This key should be distributed on the ssh clients. If it is not, the client must be allowed to accept
the key at first connection.
This command can be used whatever is the secure mode (secure or insecure).
7.2.2.1.2 Certificate modification
Src
Name Dest Port Dialogue initiator Comment
port
SSH 22/tcp Manager Secured telnet and ftp. Use SSH
TL1 secure session
opened through CLI
session over SSH
Manager
port 22
using tools tl1 CLI
command
HTTPS 443/tcp Manager HTTPS
Src Dialogue
Name Dest Port Comment
port initiator
sFTP 22/tcp 1830PSS
Src
Name Dest Port Dialogue initiator Comment
port
Telnet 23/tcp Manager
HTTP 80/tcp Manager
Destination port opened by OAM
TL1 3082/tcp Manager
server TL1 agent raw mode
Destination port opened by OAM
3083/tcp Manager
server TL1 agent
MTNM/Corba 34567/tcp Manager GMPLS MTNM management
GMRE CLI 30000/tcp manager GMPLS CLI management
Src Dialogue
Name Dest Port Comment
port initiator
FTP 20&21/tcp 1830PSS
IPSEC or GRE
Boston LAN Miami LAN
tunnel,
for management Direct link throught
R1 IPSEC or GRE tunnel,
IP R2
inside Area # i IP
OSPF area GNE 1 OSC GNE 2
OADM
#i Terminal
Terminal
Repeater OSC OSC
WARNING: This is not a real security diagram. It is here only to introduce IPSec tunnels
We strongly advise to use these commands for hardening the 1830PSS DCN interface.
SET-ATTR-SECUDFLT:
For more details about SET-ATTR-SECUDFLT command, read the document ref Error!
Reference source not found.
The security features of the router should be activated. Policies, access lists,
authentication, encryption
7.6.3 Architecture