Cisco ME-3400G-12CS-A-RF - Ethernet Access Switch Uživatelský manuál

© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKBBA-20061Fiber to the Home Access ArchitecturesBRKBBA-2006Thomas Martin

© 2009 Cisco Systems, Inc. All rights reserved.11Cisco PublicBRKBBA-2006What Is an Open Access NetworkProvides access on equal terms to Subscriber Se

© 2009 Cisco Systems, Inc. All rights reserved.101Cisco PublicBRKBBA-2006PPPoE Intermediate Agent Used by Service Providers to:Identify each user bas

© 2009 Cisco Systems, Inc. All rights reserved.102Cisco PublicBRKBBA-2006Design ConsiderationsSubscriber Isolation & Security

© 2009 Cisco Systems, Inc. All rights reserved.103Cisco PublicBRKBBA-2006Subscriber Isolation & Security Security is a prime consideration within

© 2009 Cisco Systems, Inc. All rights reserved.104Cisco PublicBRKBBA-2006Potential Security Threats Security attacks generally fall into one of the f

© 2009 Cisco Systems, Inc. All rights reserved.105Cisco PublicBRKBBA-2006Ethernet Access Security ThreatsSubscribers Access Nodes InfrastructureLayer

© 2009 Cisco Systems, Inc. All rights reserved.106Cisco PublicBRKBBA-2006• One of the biggest concerns in using a shared Ethernet Access device for mu

© 2009 Cisco Systems, Inc. All rights reserved.107Cisco PublicBRKBBA-2006Security Threat: SolutionLayer 2 Isolation between UNI portsLayer 2 Isolation

© 2009 Cisco Systems, Inc. All rights reserved.108Cisco PublicBRKBBA-2006Private VLAN What It Does:Prohibit switching traffic between subscriber UNI

© 2009 Cisco Systems, Inc. All rights reserved.109Cisco PublicBRKBBA-2006Private VLAN A few Routers, many Subscribers. Two P-VLANs, one “Down”, and

© 2009 Cisco Systems, Inc. All rights reserved.110Cisco PublicBRKBBA-2006DHCP Security DHCP is used to provision network elements (HAG, STB,…) and su

© 2009 Cisco Systems, Inc. All rights reserved.12Cisco PublicBRKBBA-2006Requirements for OANs Freedom of choice for services: voice, video, data Sep

© 2009 Cisco Systems, Inc. All rights reserved.111Cisco PublicBRKBBA-2006 Risk :• A rogue user spoof a DHCP server and send fake DNS, IP, Default. Ga

© 2009 Cisco Systems, Inc. All rights reserved.112Cisco PublicBRKBBA-2006 Risk:• MITM attack, malicious user sends Gratuitous ARP and poisons ARP tab

© 2009 Cisco Systems, Inc. All rights reserved.113Cisco PublicBRKBBA-2006 Risk:• Malicious subscriber usurps MAC or IP address Solution:• IP Source

© 2009 Cisco Systems, Inc. All rights reserved.114Cisco PublicBRKBBA-2006Access Nodes Security Security Threats often target the infrastructure itsel

© 2009 Cisco Systems, Inc. All rights reserved.115Cisco PublicBRKBBA-2006Security Concern: SolutionL2 Control Protocol Attack (STP, LACP, PAgP, CDP, V

© 2009 Cisco Systems, Inc. All rights reserved.116Cisco PublicBRKBBA-2006 Risk:• Defeat SP Nodes resources by overflowing MAC table (CAM) Solution:•

© 2009 Cisco Systems, Inc. All rights reserved.117Cisco PublicBRKBBA-2006Port Security Available on ME3400, Catalyst 4500 and Catalyst 6500 Allows t

© 2009 Cisco Systems, Inc. All rights reserved.118Cisco PublicBRKBBA-2006Controlling multicast traffic Options:• Service related Restrict access to

© 2009 Cisco Systems, Inc. All rights reserved.119Cisco PublicBRKBBA-2006CPU and Control Plane protection Options:• Provide an additional layer of CP

© 2009 Cisco Systems, Inc. All rights reserved.120Cisco PublicBRKBBA-2006Countering L2 protocol attackes Options:• Service related: limits the volum

© 2009 Cisco Systems, Inc. All rights reserved.13Cisco PublicBRKBBA-2006Reasons for Open Access Networks Future EU regulation (not yet) New business

© 2009 Cisco Systems, Inc. All rights reserved.121Cisco PublicBRKBBA-2006• Infrastructure attacks exploit insecure data, control and management planes

© 2009 Cisco Systems, Inc. All rights reserved.122Cisco PublicBRKBBA-2006Security Threats SolutionMan-in-the-Middle attacks on critical management tra

© 2009 Cisco Systems, Inc. All rights reserved.123Cisco PublicBRKBBA-2006Design ConsiderationsNetwork Resilience

© 2009 Cisco Systems, Inc. All rights reserved.124Cisco PublicBRKBBA-2006Network Resilience• 802.1D Spanning Tree for Layer 2 portions of the networkR

© 2009 Cisco Systems, Inc. All rights reserved.125Cisco PublicBRKBBA-2006Spanning Tree… The Spawn of the Devil? (Not Anymore!) Convergence and Scalab

© 2009 Cisco Systems, Inc. All rights reserved.126Cisco PublicBRKBBA-2006Cisco Spanning Tree ToolkitPortFastfor Edge Ports (0-30 secs)UplinkFastfor di

© 2009 Cisco Systems, Inc. All rights reserved.127Cisco PublicBRKBBA-2006Resilient Ethernet ProtocolREP is designed to address: Fast re-convergence f

© 2009 Cisco Systems, Inc. All rights reserved.128Cisco PublicBRKBBA-2006IP/MPLS CoreVoiceVideoDataRemote C.O. orEnvironmentally Controlled CabinetPE-

© 2009 Cisco Systems, Inc. All rights reserved.129Cisco PublicBRKBBA-2006REP is a Segment Protocol Ports are explicitly configured to be part of a se

© 2009 Cisco Systems, Inc. All rights reserved.130Cisco PublicBRKBBA-2006Design ConsiderationsQuality of Service (QOS)

© 2009 Cisco Systems, Inc. All rights reserved.14Cisco PublicBRKBBA-2006Generic EAN ModelSSP-FSSP-ESSP-DNSPAccessRGW/HAGSSP-CSSP-BSSP-ANSP CORENSP Agg

© 2009 Cisco Systems, Inc. All rights reserved.131Cisco PublicBRKBBA-2006FTTH QoS Strategy End-to-End QoS based on DiffServ model Traffic MarkingRel

© 2009 Cisco Systems, Inc. All rights reserved.132Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.133Cisco PublicBRKBBA-2006Scheduler DropPolicer DropClassification, Marking and PolicingClassification

© 2009 Cisco Systems, Inc. All rights reserved.134Cisco PublicBRKBBA-2006Q and A

© 2009 Cisco Systems, Inc. All rights reserved.135Cisco PublicBRKBBA-2006Meet The ExpertTo make the most of your time at Cisco Networkers 2009, schedu

© 2009 Cisco Systems, Inc. All rights reserved.136Cisco PublicBRKBBA-2006Recommended Reading  There are currently no Cisco Press Books recommended fo

© 2009 Cisco Systems, Inc. All rights reserved.137Cisco PublicBRKBBA-2006Thank You

© 2009 Cisco Systems, Inc. All rights reserved.138Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.15Cisco PublicBRKBBA-2006FTTH Infrastructure Is A Long-Term InvestmentNeed To Accommodate Present &

© 2009 Cisco Systems, Inc. All rights reserved.16Cisco PublicBRKBBA-2006FTTH Technologies

© 2009 Cisco Systems, Inc. All rights reserved.17Cisco PublicBRKBBA-2006Next Generation NetworkBroadband First Mile OptionsISP1VoDVSPISP2Passive Optic

© 2009 Cisco Systems, Inc. All rights reserved.18Cisco PublicBRKBBA-2006Passive Optical Networks

© 2009 Cisco Systems, Inc. All rights reserved.19Cisco PublicBRKBBA-2006Core NetworkAggregationAccessMain Point of PresenceInternetPSTNONU in basement

© 2009 Cisco Systems, Inc. All rights reserved.20Cisco PublicBRKBBA-2006Drop Cables DistributionCableFeederCable Optical Distribution Frame (ODF)Optic

© 2009 Cisco Systems, Inc. All rights reserved.2Cisco PublicBRKBBA-2006Housekeeping We value your feedback- don't forget to complete your online

© 2009 Cisco Systems, Inc. All rights reserved.21Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.22Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.23Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.24Cisco PublicBRKBBA-2006PON Protocol OverviewOLTC B A1490 nmC B AC B AC B ACBA1310 nmACBONTONTONTACATV

© 2009 Cisco Systems, Inc. All rights reserved.25Cisco PublicBRKBBA-2006PON FlavorsBPON EPON GPONStandard ITU-T G.983 IEEE 802.3ah ITU-T G.984Bandwidt

© 2009 Cisco Systems, Inc. All rights reserved.26Cisco PublicBRKBBA-2006Motivations for PON deployment Fiber saving between splitter and CO/POPreleva

© 2009 Cisco Systems, Inc. All rights reserved.27Cisco PublicBRKBBA-2006About Next-Gen PON:GPON vendors say ...2006 2009 2010 2011+More bandwidth.New

© 2009 Cisco Systems, Inc. All rights reserved.28Cisco PublicBRKBBA-20062006 2009 2010 2011+More bandwidth.New optical components.10G PON.More capacit

© 2009 Cisco Systems, Inc. All rights reserved.29Cisco PublicBRKBBA-2006GPON vendors say ...2006 2009 2010 2011+More bandwidth.New optical components.

© 2009 Cisco Systems, Inc. All rights reserved.30Cisco PublicBRKBBA-2006A more realistic way of viewing the GPON with DWDM solution OLT4x 2.5Gbps1x 1.

© 2009 Cisco Systems, Inc. All rights reserved.3Cisco PublicBRKBBA-2006Introduction to Fiber to the Home FTTH TechnologiesFTTH Deployment Options and

© 2009 Cisco Systems, Inc. All rights reserved.31Cisco PublicBRKBBA-2006DWDM PON ArchitectureFTTxAccess NetworkIP/MPLSEdge/coreN-PEEthernet/MPLSAggreg

© 2009 Cisco Systems, Inc. All rights reserved.32Cisco PublicBRKBBA-2006DWDM PON ArchitectureFTTxAccess NetworkN-PEEthernet/MPLSAggregation Network• T

© 2009 Cisco Systems, Inc. All rights reserved.33Cisco PublicBRKBBA-2006Components of DWDM PON SolutionAWG: Arrayed-Waveguide Grating• Periodic filter

© 2009 Cisco Systems, Inc. All rights reserved.34Cisco PublicBRKBBA-2006Main Issues with PONsData sent to all users on the tree: inefficient Video m

© 2009 Cisco Systems, Inc. All rights reserved.35Cisco PublicBRKBBA-2006Main Issues with PONsData sent to all users on the tree: inefficient Video m

© 2009 Cisco Systems, Inc. All rights reserved.36Cisco PublicBRKBBA-2006PON CPE Aspects CPE’s (a.k.a. ONU’s or ONT’s) are an integral part of the PON

© 2009 Cisco Systems, Inc. All rights reserved.37Cisco PublicBRKBBA-2006Point-to-Point (P2P) orhome run fiber

© 2009 Cisco Systems, Inc. All rights reserved.38Cisco PublicBRKBBA-2006Access switch in basementSMB and ResidentialWiFiVideosurveillanceHAGPCTV SetE

© 2009 Cisco Systems, Inc. All rights reserved.39Cisco PublicBRKBBA-2006Ethernet Star Architecture Characteristics (a.k.a. P2P) Direct fiber access t

© 2009 Cisco Systems, Inc. All rights reserved.40Cisco PublicBRKBBA-2006Ethernet Star Architecture Characteristics (a.k.a. P2P) Pay as you grow possi

© 2009 Cisco Systems, Inc. All rights reserved.4Cisco PublicBRKBBA-2006SP Next Generation Network Blue PrintIP & MPLS AggregationResidentialBusine

© 2009 Cisco Systems, Inc. All rights reserved.41Cisco PublicBRKBBA-2006Drop Cables DistributionCableFeederCable Optical Distribution Frame (ODF)Ether

© 2009 Cisco Systems, Inc. All rights reserved.42Cisco PublicBRKBBA-2006Primary (or Secondary) Hub VSO Secondary HubEDFAVideo OriginationHeadendVHOPri

© 2009 Cisco Systems, Inc. All rights reserved.43Cisco PublicBRKBBA-2006Single Fiber Video Overlay ConceptV-OLTCat4500Passive opticalshelfONTFE (RJ45)

© 2009 Cisco Systems, Inc. All rights reserved.44Cisco PublicBRKBBA-2006CPE Aspects CPEs can be commodity items purchased at retail stores No intero

© 2009 Cisco Systems, Inc. All rights reserved.45Cisco PublicBRKBBA-2006Ethernet Point-to-Point Advantages Dedicated Bandwidth Per User Greenfields:

© 2009 Cisco Systems, Inc. All rights reserved.46Cisco PublicBRKBBA-2006FTTxDeployment

© 2009 Cisco Systems, Inc. All rights reserved.47Cisco PublicBRKBBA-2006Cost of Equipment and Construction Deployment modelsSource: Corning and FTTH C

© 2009 Cisco Systems, Inc. All rights reserved.48Cisco PublicBRKBBA-2006FTTH Subscriber ConnectionAccess SwitchHome NetworkResidential GatewayFTTH Net

© 2009 Cisco Systems, Inc. All rights reserved.49Cisco PublicBRKBBA-2006FTTx Point-to-PointPhysical Subscriber Connection1. New multi/single mode fibe

© 2009 Cisco Systems, Inc. All rights reserved.50Cisco PublicBRKBBA-2006IEEE 802.3ah Ethernet First Mile 100/1000MB/s Interface Definitions100BaseLX-

© 2009 Cisco Systems, Inc. All rights reserved.5Cisco PublicBRKBBA-2006Introduction to FTTH

© 2009 Cisco Systems, Inc. All rights reserved.51Cisco PublicBRKBBA-2006Customer Premises EquipmentGamingTV ServiceVoice and Fax ServiceInternet Servi

© 2009 Cisco Systems, Inc. All rights reserved.52Cisco PublicBRKBBA-2006Customer Premise Equipment SP’s regard the CPE as demarcation point for the s

© 2009 Cisco Systems, Inc. All rights reserved.53Cisco PublicBRKBBA-2006Home Access Gateway ArchitectureLayer 2VoiceAdaptor(H.323, MGCP, SIP)VoiceAdap

© 2009 Cisco Systems, Inc. All rights reserved.54Cisco PublicBRKBBA-2006Video, VBR VC or VLANData, UBR VC or VLANVoice CBR VC or VLANDHCPOption 60DHCP

© 2009 Cisco Systems, Inc. All rights reserved.55Cisco PublicBRKBBA-2006In-House ConnectionsThe Connected HomeGamingTV ServiceVoice and Fax ServiceInt

© 2009 Cisco Systems, Inc. All rights reserved.56Cisco PublicBRKBBA-2006MOCA802.11nHomePlug AVHPNAv3NOTE: Newer dwellings may be wired Ethernet throug

© 2009 Cisco Systems, Inc. All rights reserved.57Cisco PublicBRKBBA-2006Core NetworkAggregationAccessInternetPSTNVoice GatewayVideo Source (VoD / Bcas

© 2009 Cisco Systems, Inc. All rights reserved.58Cisco PublicBRKBBA-2006Centralized POP Approach 4510 with up to 384 portsn x GE or 10GE uplinks 3 x

© 2009 Cisco Systems, Inc. All rights reserved.59Cisco PublicBRKBBA-2006Centralized Access PopODF relative position to Cisco 4510R Cisco 4510R in a ra

© 2009 Cisco Systems, Inc. All rights reserved.60Cisco PublicBRKBBA-2006New Mechanical Solution• ODF for 2304 fiber terminations• Rack for 1152 active

© 2009 Cisco Systems, Inc. All rights reserved.6Cisco PublicBRKBBA-2006FTTH Motivations/Drivers The need for speed!Bandwidth requirements driven by N

© 2009 Cisco Systems, Inc. All rights reserved.61Cisco PublicBRKBBA-2006Core Network/PAggregationAccessPE-AGGInternetPSTNVoice GatewayVideo source (Vo

© 2009 Cisco Systems, Inc. All rights reserved.62Cisco PublicBRKBBA-2006Multi Tenant Building SolutionDecentralized AccessAccess Switch located in Ba

© 2009 Cisco Systems, Inc. All rights reserved.63Cisco PublicBRKBBA-2006FTTHArchitecture Overview

© 2009 Cisco Systems, Inc. All rights reserved.64Cisco PublicBRKBBA-2006SP Ethernet Access• Ethernet began as shared media tap points for workstations

© 2009 Cisco Systems, Inc. All rights reserved.65Cisco PublicBRKBBA-2006• Different L3 Edge by service, services can be added and managed independentl

© 2009 Cisco Systems, Inc. All rights reserved.66Cisco PublicBRKBBA-2006Design Considerations

© 2009 Cisco Systems, Inc. All rights reserved.67Cisco PublicBRKBBA-2006E-FTTH Design ConsiderationsDesign ConsiderationsService DeliveryAddress Mana

© 2009 Cisco Systems, Inc. All rights reserved.68Cisco PublicBRKBBA-2006Design ConsiderationsService Delivery

© 2009 Cisco Systems, Inc. All rights reserved.69Cisco PublicBRKBBA-2006Service Delivery Several Approaches are chosen for service delivery FTTH pro

© 2009 Cisco Systems, Inc. All rights reserved.70Cisco PublicBRKBBA-2006Service Delivery Centralized Access – All IPU-PE with up to 384 SubscribersIP

© 2009 Cisco Systems, Inc. All rights reserved.7Cisco PublicBRKBBA-2006FTTH The Way to Provide True High Speed AccessADSL is reaching it’s limitation

© 2009 Cisco Systems, Inc. All rights reserved.71Cisco PublicBRKBBA-2006Service Delivery Centralized Access – IP and PPPoEU-PE with up to 384 Subscri

© 2009 Cisco Systems, Inc. All rights reserved.72Cisco PublicBRKBBA-2006Service DeliveryDistributed AccessU-PE with up to 24 subscribers in L2 Mode–I

© 2009 Cisco Systems, Inc. All rights reserved.73Cisco PublicBRKBBA-2006Services ConnectivityNon Trunk UNI, N:1 VLAN• Single VLAN per U-PE or group of

© 2009 Cisco Systems, Inc. All rights reserved.74Cisco PublicBRKBBA-2006STB802.3, 802.11b/gAggregation NodeVideo/Voice Applications GatewayDHCP Relay;

© 2009 Cisco Systems, Inc. All rights reserved.75Cisco PublicBRKBBA-2006Services Connectivity Trunk UNI, N:1 Service VLAN• VLAN per Service☺ IP addres

© 2009 Cisco Systems, Inc. All rights reserved.76Cisco PublicBRKBBA-2006STB802.3, 802.11b/gAggregation NodeVideo/Voice Applications GatewayDHCP Relay;

© 2009 Cisco Systems, Inc. All rights reserved.77Cisco PublicBRKBBA-2006STB802.3, 802.11b/gAggregation NodeVideo/Voice Applications GatewayDHCP Relay;

© 2009 Cisco Systems, Inc. All rights reserved.78Cisco PublicBRKBBA-2006PCTVPCTVCustomer 1802.1QISP #1ISP #2MPLSNetworkPE RouterAggregation andPE Rout

© 2009 Cisco Systems, Inc. All rights reserved.79Cisco PublicBRKBBA-2006Single VLAN with Policy Based Routing (PBR) One VLAN per switch (U-PE) or per

© 2009 Cisco Systems, Inc. All rights reserved.80Cisco PublicBRKBBA-2006PCPCTVTVVLAN 1VLAN 1VLAN 2VLAN 2PCPCTVTVVLAN 1VLAN 1VLAN 2VLAN 2VLAN 8VLAN 8VL

© 2009 Cisco Systems, Inc. All rights reserved.9Cisco PublicBRKBBA-2006FTTH Enables New Service Delivery Models “Classic” Model: SP provides access a

© 2009 Cisco Systems, Inc. All rights reserved.81Cisco PublicBRKBBA-2006Per SP VLAN Every customer sees a VLAN per SP at his UNI CPE must be VLAN-en

© 2009 Cisco Systems, Inc. All rights reserved.82Cisco PublicBRKBBA-2006Design ConsiderationsAddress Management

© 2009 Cisco Systems, Inc. All rights reserved.83Cisco PublicBRKBBA-2006IP Address Management Mix of public and private IP addressesPublic addresses

© 2009 Cisco Systems, Inc. All rights reserved.84Cisco PublicBRKBBA-2006IP Address Management DHCP is widely used to provide IP addresses to Network

© 2009 Cisco Systems, Inc. All rights reserved.85Cisco PublicBRKBBA-2006Subscriber Provisioning Cisco Partner Applications Support both self and CSR

© 2009 Cisco Systems, Inc. All rights reserved.86Cisco PublicBRKBBA-2006Generic Provisioning PlatformV V U-PE 3rdPartyBilling/Workflow SystemCNR DHCPC

© 2009 Cisco Systems, Inc. All rights reserved.87Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.88Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.89Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.90Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.10Cisco PublicBRKBBA-2006NETWORK(Backbone and Access) PHYSICAL INFRASTRUCTURE(Dark Fiber)ACCESS, SERVIC

© 2009 Cisco Systems, Inc. All rights reserved.91Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.92Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.93Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.94Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.95Cisco PublicBRKBBA-2006

© 2009 Cisco Systems, Inc. All rights reserved.96Cisco PublicBRKBBA-2006Subscriber Portal Example

© 2009 Cisco Systems, Inc. All rights reserved.97Cisco PublicBRKBBA-2006Subscriber Portal ExampleService Subscription

© 2009 Cisco Systems, Inc. All rights reserved.98Cisco PublicBRKBBA-2006Design ConsiderationsSubscriber Identification

© 2009 Cisco Systems, Inc. All rights reserved.99Cisco PublicBRKBBA-2006Subscriber Identification Subscriber & Network elements need to be identi

© 2009 Cisco Systems, Inc. All rights reserved.100Cisco PublicBRKBBA-2006DHCP Interface Tracker (Option 82) Subset of DHCP Snooping feature Used by