|Topic:||Availability and reliability take priority|
Axel Föry, CEO, Keymile
Axel Foery began his career as Chief Engineer for broadband technology at Deutsche Fernkabel GmbH. Since then, he has held leading positions in international telecommunications projects with Trans European Line and with Philips Kommunikations Industrie. In 1994 he moved to Nokia Kabel GmbH, where he worked as a Regional Sales Manager responsible for Southern Germany. Between 1998 and 2013 he held various sales management positions at Cisco Systems GmbH – most recently from August 2009 in the role of Director Borderless Network Architecture DACH (Germany, Austria, Switzerland).
On 1st November 2013 he joined KEYMILE group as CSO. In October 2014 he assumed the position CEO of the KEYMILE group.
In the communication networks of railways and utilities, secure transmission and availability of application-critical data play a vital role. MPLS-TP offers operators of mission-critical networks an attractive option to migrate to a packet-oriented world. Encrypting packet network’s traffic gives mission-critical networks additional protection.
Mission-critical systems provide network solutions for critical appli-cations on rail networks, high- and medium-voltage grids of power providers, gas and oil pipelines, public authorities, and air traffic control. Outages in these applications can create grave consequences for their users due to accidents in railway tracks, and road or air traf-fic.
Because availability is one of the key aspects of a mission-critical application, expansions and network changes are only performed when there is a clear necessity. There are historical reasons for this: the TDM (Time Division Multiplexing) based transport networks such as SDH/SONET used by railways and utilities for many years – in some cases, decades – have established high standards for future technologies. At the same time, many network operators still expect the most cost-efficient and flexible operation possible; with the abil-ity to serve diverse applications, like their Local Area Networks (LANs), as an example. Packet-based network solutions are attrac-tive from an economic perspective; they support new packet-based services such as video surveillance; and they can be adjusted to changing conditions in a more flexible and efficient manner than rigid SDH/SONET technologies.
Packet-based networks for new application scenarios
For new application scenarios in Packet-based Transport Networks (PTNs), operators of mission-critical networks use systems, which support Multi-Protocol Label Switching – Transport Profile (MPLS-TP). MPLS-TP is an enhancement of IP/MPLS, which has been in use more than ten years, by telecom operators in diverse areas of their network. The strength of this protocol is its fast and largely automatic establishment of Label Switched Paths (LSPs).
MPLS-TP is an upgraded version of IP/MPLS, but unlike IP/MPLS it functions in a connection oriented way. The decision and control of transport paths does not take place in the individual network nodes, but rather through a network management system. This sys-tem makes it possible to set up end-to-end SLA-based services within a transport network. Since it is a connection-based technol-ogy, MPLS-TP provides the right packet based infrastructure for mission-critical networks.
The key aims of MPLS-TP are:
• To implement and operate MPLS in a packet-based network so as to enable the provision of functions comparable to those of TDM-based technologies.
• To support Point-to-Point and Any-to-Any connections with simi-larly high levels of predictability, reliability, and OAM (Operation, Administration and Management) functionality to those offered by time-tested TDM networks.
MPLS-TP enables granular control of data traffic thus enabling the foundation for high reliability and availability. Network operators can use it to configure static VPNs and Label Switched Paths – and they can do so directly on a network element or via the network management system.
Static connections play an important role in mission-critical net-works. If the Management Plane used to configure the transport path fails, then the Data Plane, which is responsible for forwarding, OAM and protection, continues functioning normally. As the configuration is saved permanently in every network element, the transport paths do not have to be re-configured via Control Plane mechanisms every time a restart occurs, for example, after a power failure.
MPLS-TP supports a comprehensive list of OAM features that can be used for error detection and localisation as well as performance monitoring, for example packet delay and loss measurement. These features offer functions comparable to the fault management features of SDH.
Furthermore, MPLS-TP ensures logical and physical separation of the Control and Management Plane from the Data Plane, which is re-sponsible for the transmission of data. The advantage of this separa-tion is that disaster recovery can take place independently of the Control and Management Plane.
Failsafe performance functions
To ensure reliability of service, MPLS-TP provides similar protec-tion switching functions to those found in time-tested SDH/SONET network technology. Depending on the topologies deployed and ap-plication scenarios, network operators can implement various levels of failsafe performance:
• two parallel traffic paths (1+1)
• one active and one standby path with a guaranteed bandwidth for both paths (1:1)
• one active and one standby path with shared use resources through one or more active paths (shared protection)
Linear protection (1:1) offers a quick and simple method to protect co-routed end-to-end LSPs. It does this by redirecting traffic to a preconfigured, co-routed bidirectional LSP. In the event of a network failure, in-band OAM mechanisms enable rapid error detection in the network connections. Protection State Coordination (PSC) protocols ensure switching times of less than 50 milliseconds.
Encrypted data transmission
To give mission-critical networks additional protection against hack-ers, today’s network operators must also consider ways of encrypting packet network’s traffic. Encryption methods such as AES have al-ready become established, yet they require secure transport of the key via a so-called public key infrastructure. The calculation of ran-dom numbers on a mathematical basis and their distribution are both potential weak spots. Since the development of quantum computing is continuing at a fast pace, the probability that mathematical encryp-tion methods considered secure up to now, will be easier to crack in future. One possible solution for improved encryption is provided by quantum processes, i.e. quantum key distribution.
One important factor for the secure functioning of cryptography is that the key must be changed as frequently as possible, meaning that new keys are constantly being generated. This can be done at quite a high rate with current quantum key distribution methods. Addition-ally, when using quantum key distribution and in order to intercept communications, the quantum state has to be measured, yet measur-ing it changes its state; this means that any attempts at manipulation are immediately apparent. Systems based on quantum key distribu-tion are already fully developed and in commercial use for highly critical applications. We believes that the quantum process is very promising, which is why we are working on a wider deployment of this solution and its future integration into our MPLS-TP solution.
Network solutions for mission-critical systems have to meet very high requirements in terms of reliability, availability, security, and long life. They should also provide sufficient flexibility to be used in various application scenarios, while supporting both circuit-switched and packet-based transport protocols such as SDH and MPLS-TP. They must provide data paths that ensure deterministic transmission behaviour even in Ethernet-based transport networks. This allows Ethernet transport networks to attain the levels of availability ex-pected of SDH networks.
* Axel Föry is Chief Executive Officer at Keymile
Attributes IP/MPLS MPLS-TP
Connection type Connectionless Connection-oriented
Label switch path Unidirectional Uni/bidirectional (co-routed)
Control Plane Mandatory Optional (NMS pro-visioning preferred)
Operations, Admini-stration and Man-agement (OAM) Out-of-band OAM In-band OAM
Protection switching Depends on control plane (bidirectional more than 50 ms) Data Plane switch-ing (less than 50 ms)
Complexity High Low
Figure 1 (MPLS-TP.jpg)
MPLS-TP is a sub-protocol of IP/MPLS and func-tions in a transport-oriented way. The definition and control of transport paths does not take place in the individual network nodes, but rather through a network management system. (Source: KEYMILE)
Figure 2 (Data Plane.jpg)
MPLS-TP enables such features as the use of bidi-rectional Label Switched Paths and accelerates rapid switching between working and backup paths in an emergency. KEYMILE XMC20 combines packet-based and TDM services. (Source: KEYMILE)