Xu Jianfeng
China Telecom Corporation http://www.chinatelecom.com.cn

Challenges
Total voice traffic and revenue decreases by the end of 2005. The mobile phone and IP phone calls have cannibalized part of the voice traffic businesses
Traditional communication network is unable to support China Telecom’s strategy to become a Comprehensive Information Service Provider. This is due to its lack of capability in offering value-added service and service awareness on a unified network.
High OPEX (Operating Expenses) is required for operating separate networks in a tradition way
The existing ChinaNet is not best choice for NGN, 3G, VPN and other strict SLA demanding services
Opportunities
Acceleration of the Information and Communications Technology (ICT) adoption in government and enterprises would drives the demand for telecom services
Adoption of the SIP-based soft-switch technology
The impending releases of 3G license
Rapid development of the broadband service
Fix and Mobile Convergence ( FMC )

Migration of voice service from PSTN network to IP-based network
Preparation for 3G-based mobile services
Accelerate the development and deployment of the broadband services base on xDSL access technology
Drive managed service and system integration service
Triple play services and future IP NGN convergence including network convergence, service convergence and application convergence
Built an Integrated IP/MPLS-based multi-service platform — CN2
CN2 ： China telecom Next Carrier Network

Simple network topology
Scalable routing architecture
Highest level of redundancy
Highest level of security
Different class service
Day one support for voice , video and data
End to end control and management

Homogeneous Global Architecture
Single Global ASN(AS4809)
ISIS level2-only with sub-second convergence
MPLS FRR with sub-50ms reroute
Robust Architecture Allows for Unsurpassed Stability
Diffserv-based QOS 、 MPLS and multicast enabled network
6PE-based IPV6 network
Offer Layer-2/3 public/private flexible connectivity over IP or MPLS
Leading SLAs via Zero Loss & Speed of Light Delays
Fast automated end to end service provision and fault management utilizing industry leading IP service management solutions, help to greatly reduced OPEX and accelerate service deployment
End to end IP SLA monitoring tool make CN2 a true carrier class network

CN2 comprises of two functional planes and four structural layers to offer a seamless connectivity for customers.
The two functional planes are high speed data forwarding plane and service provisioning plane
The four structural layers are core layer, aggregation layer, edge layer and services connecting layer
The high speed data forwarding plane and service offering plane is supported by 4 and 1 vendors respectively. This is to ensure minimum service disruption and better edge services control.
SR/PE
Service
Edge
Aggregation
SR/PE
Core
高速转发层
业务接入层
SR/PE

IP/MPLS Network
All-Optical ， Dense Wave Division
Multiplexing (DWDM)
SONET/SDH framing
Per flow load-sharing and failover load-sharing with ISIS
MPLS is enabled on all network with
VPN traffic encapsulated in MPLS and others transported in native IP
IP
IP MPLS
SONET
FRAMING
DWDM

To ensure network ’ s scalability and security, only infrastructure address blocks are redistributed into the IS-IS (IGP) routing table. Non-infrastructure addresses are redistributed in BGP. Keeping the IS-IS routing table to a minimum would greatly enhance the network stability.
Single Global ASN (AS4809)
BGP Communities are deployed for routes control and netflow-based traffic monitor
CN2 have two type Route reflector
VPN RR for RFC2547-based VPN service,(VRR)
Global RR for global internet routing(GRR)
VPN RR is independent of global RR, both use one level Route Reflector(RR)
Global iBGP: Scaling the Global Internet Routing Table involve the increase in the number of GRR group,each group handles a part of global routes.
VPN iBGP: Likewise, scaling the VPN routing Table involve the increase of VRR group. Example, VPN1-500 is handled by VRR-G1 while VPN501-1000 can be handled by VRR-G2

Scaling the Global Internet Routing Table
Group 1 for part1 routes Group 2 for Part2 routes
GRR1
Full mesh Peers
GRR2 GRR3
Full mesh Peers
GRR4
Send Part 1 routes to G1
Send Part 2 routes to G2
Client
EBGP
Internet
Client
Receive Part 1 routes from G1
Client
EBGP
Client
Receive Part 2 routes from G2
Internet

scaling the VPN routing Table
Group 1 for VPN
1-500 routes
Group 2 for VPN
501-1000 routes
VRR1
Full mesh Peers
VRR2 VRR3
Full mesh Peers
VRR4
Send/ receive
VPN1 routes to/from G1
Client
PE
Client
PE PE
Client PE
Send/ receive
VPN501 routes to/from G2
Client

All network links are deployed in pairs over diverse facilities
Only POS interface are used on backbone link to do faster link failures detection
All network links are active (NOT working and protect)
Each PoP ’ s router pair is connected by multiple routers. Link failure protection is done through IS-IS (layer 3 control) and not dependent on transport layer (layer 2 control)
IS-IS routing protocol
Per flow load sharing between dual pairs
Fail-over load sharing
Sub-second fast convergence for gold service
Three priority LSP flooding and FIB update
MPLS FRR
1:1 mode FRR is deployed in core layer for 50 links
Sub-50ms reroute time
Built to maintain utilization not to exceed 50% during normal running
As a congestion-free network, CN2 ensures premium priority for delivery of all packets in the core

Strict uRPF is deployed on all customer access interfaces
Loose uRPF is deployed on interconnected interface
Infrastructure ACLs (iACL) deny external traffic to ALL routers interfaces address. iACL are deployed on edges and borders of the network. No one outside network can reach routers
Infrastructure routes are not distributed to internet or customer
All router access control is managed by AAA servers and syslog
QOS technology would be deployed accordingly to reduce the impact of an attack or worm traffic.
All customer facing routers interfaces do not have IGP turn on. When
EBGP are deployed on these interfaces, BGP MD5 hash must be configured

QoS is used to allocate limited network resources to different services.
Unlike traditional networks of ATM, Frame Relay, and lease circuit services, CN2 provides an uniform network for all these services. To differentiate the services based on the class of importance or contract,
QdS is the mechanism in place to segregate and allocate network resources to different class of services.
Example of a QoS policy: 3G and soft-switch traffic can be allocated with at least 50% of the available bandwidth while Vnet can only consume a maximum of 15% of the total bandwidth
QoS are also positioned for traffic congestion management. Under the accidental circumstances of equipment or circuit failures, QoS helps to manage the limited usable network resources to different classes of services.
Better resource utilization is expected from deploying QoS. Having elastic policy to re-allocate the under-utilized resources results in efficient resources utilization.

CN2 adhere to DiffServ framework based on IP precedence and MPLS
EXP Bit classification. Thus offering 8 classes of service
Initial CN2 service classification is base on 5 basic classes of services.
1 class for network control traffic
1 class for CT internal service
3 classes for service offering
All services are classified, remarked, shaped and rate-limited on the edge of the network to ensure a consistent QOS policy enforcement within the CN2 network
Service resource allocation is based on class of service. GOLD class of service would be allocated with 2 times more redundant resources than
BRONZE class of service
Convergence of prefix varies on the traffic class. Prefixes of a GOLD class of traffic would converge faster than prefixes of BRONZE class of traffic

金业务
银业务
铜业务
QOS 标记 丢包率 (%) MTU(b yte)
5
3
2
0.05
0.1
1
1500
1500
1500
平均延时
（ ms ）
30
35
40
最大延时
(ms)
45
60
75
抖动 (ms)
<2
<5
<10
平均故障
切换时间
(s)
金业务 <3
银业务 <15
铜业务 <25
最大故障
切换时间
(s)
<8
<20
<45
中断总时
长（分钟 /
月）
5
10
15
中断时
长（分
钟 / 次）
<5
<5
<5
故障次
数（次 /
月）
<1
<2
<3
月可用
性 (%)
99.99
99.98
99.95

Services are enforced and policed on the edges of the network via the SR/PE device.
Service comprises of soft-switch, video conference, VPN, Internet, ATM/FR/DDN etc.
To ensure core network’s stability and security, service provisioning, new service deployment and security control are performed on the edge of the network..
The SOLE responsibility of the Core Network is packet switching and forwarding
QOS edge
PE broadband access
PE
MPLS
L3 VPN
PE
IPSec
VPN
PE
PE P
PE
P
P
P
P
IP/MPLS platform
P
PE
ATM/FR PE
P
P
Corporate Dial
PE
PE
Integrated
VPN
PE
PE
PE
AoMPLS
SDH/DD
MPLS
L2 VPN

Network Capacity and Coverage (by the end of 2005) ：
CN2 will provide coverage for 208 cities including Hong Kong, Tokyo,
Singapore, London, New York, San Jose, Washington etc. with service offering MPLS/VPN and Internet Services.
671 routers in total ， including 439 P routers ， 208 PE/SR routers ， 12
Public RR ， and 12 VPN RR
1267 relay links with a total link bandwidth of 4.231T
Over 800 external interlinkage with a total bandwidth of 2.8T
A total customer access link bandwidth of 650.62G
CN2 uses Cisco 12416 with E3&SIP line cards as PE routers exclusively to ensure a consistent connectivity and configuration management. This would reduce equipment interoperation issue as well as the speed of problem resolution.

Support MPLS layer 2/3 VPN
L3 VPN(RFC2547)
Ethernet point to point service(Draft-martini)
Ethernet multi point service (Vkompella VPLS)
ATM/FR over MPLS
Support 3 classes of service. GOLD, SILVER and BRONZE.
Support internet & VPN services with SDH 、 Ethernet/VLAN 、
ATM/FR/DDN 、 L2TPv3, pseudo-wired access
Support network wide multicasts of 600 groups,1.2Gbps end to end multicast traffic
Support network wide 6PE-based IPv6 with wire speed
CN2 uses Cisco 12416 with E3&SIP line cards as PE routers exclusively to ensure a consistent connectivity and configuration management. This would reduce equipment interoperation issue as well as the time of problem resolution, thus be more agile in time to market.

再见