377c0fdc45ba701ce388017b7ef833c1.ppt
- Количество слайдов: 37
Rome, 31 march 2009 Sistema Pubblico di Connettività QXN (Qualified e. Xchange Network) Mauro Mascagna (Technical Director – QXN s. c. p. a. ) 1
Qualified e. Xchange Network n The QXN Consortium n Goals n QXN Network Infrastructure n QXN Services n Future developments Pag 2
The QXN Consortium - Milestones n Setup date: July 10 th, 2006 n Founding members: the four major italian TLC Operators (60%) (10%) n (5%) (25%) On October 2006, QXN Consortium signed a contract with CNIPA in order to implement and run QXN infrastructure and services Pag 3
QXN Consortium – Organization • Management Board, formed by founding members representing Board the four partners of the Consortium: • • • 1 1 4 1 1 1 President (BT Italia) CEO (Fastweb) Fastweb representatives BT Italia representative Wind representative Telecom Italia representative • Technical Committee: Committee • 1 Chairman (QXN Technical Director) • 1 representative each from CNIPA, BT, Fastweb, Wind, Telecom Italia, Namex, MIX and CG-SPC Pag 4
QXN on Internet : company website www. qxn. it www. qxn-scpa. it Pag 5
QXN Consortium – Main goals n n n To design, implement, operate and develop a geographicallydistributed IP backbone infrastructure (QXN) acting as an exchange network among SPC Q-ISP’s** backbones. To provide Q-ISPs with access to QXN services (such as housing, access ports, guaranteed bandwith, centralized DNS, NTP server) To guarantee equal access conditions to QXN infrastructure and services both to Members of Consortium and to other Q-ISPs. **Q-ISP: Qualified Internet Service Provider Pag 6
QXN within SPC General Framework PAL PAC SPC Rete Nazionale Multifornitore – QISP 1 Centro Servizi Interoperabilità Evoluta -2 Centro Servizi Cooperazione Applicativa PAC SPC Rete Internazionale RIPA PAC PAL PAC QXN CG-SPC Rete Nazionale Multifornitore – QISP 2 SPC Rete Nazionale Multifornitore – QISP n PAC PAL Nodo Interconnessione VOIP QCN Qualified Community Network - n PAL PAL Pag 7
QXN within SPC General Framework (2) QXN is a “corner stone” within SPC Framework due to its central role in: • SPC management • Technology and services • Security • SPC Future developments Pag 8
QXN Centrality in SPC management QXN Consortium, through the work of its bodies (Management Boards, Technical Committee), acts as an aggregation point among all actors involved in SPC, that are: • CNIPA • Q-ISPs • CG-SPC • NIV This has a fundamental importance in helping CNIPA to manage a complex environment as SPC is, due to its “multi-provider” nature. is Pag 9
QXN Centrality in technology and services Q-ISPs may implement their backbones by using different technologies, with different services and SLAs and according to technologies different evolution paths QXN “smooths” all these differences, by binding all Q-ISPs to differences comply with specific technical requirements and rules set by QXN Technical Committe. This results in creating a single SPC “virtual” network (integrating QXN and QISP’s backbones) that provides all SPC customers (the PAs) with services with high and homogeneous levels of quality, no matter what Q-ISP is. Pag 10
QXN centrality in security The QXN Points of Presence (Po. P) have been implemented by taking specific care to security issues such as: • physical security of equipment • logical security of data and traffic flowing through QXN network, (by using Firewalls that implement policies for traffic segregation, network intrusion detection, etc. . ) this resulting in a network infrastructure capable of ensuring high security and availability levels of service. Pag 11
QXN centrality in SPC future development As a central bulding block of SPC Framework, QXN is well suited to implement and provide new “centralized” services to PAs. As an example, QXN has already implemented and is currently running the Centralized SPC Domain Name System service, that ensures resolution of domain names of all hosts and services that PAs publish on SPC. Further services are currently under study by CNIPA. Pag 12
QXN Service Offer • OPA Interconnection n OPO Interconnection (between Fastweb e other Q-ISPs who won SPC Bid, only) n SPC Domain Name System (DNS) n SPC Network Time Source (NTP server) n Network Operation Center (24 x 365 service coverage) NTP= Network Time Protocol OPA = Offerta per le Amministrazioni OPO = Offerta per Operatori Pag 13
Types of traffic flowing through QXN • Infranet traffic– IP traffic exchanged between two PAs participating in SPC through different Q-ISPs they’re connected to (OPA* interconnection); interconnection • Intranet traffic – IP traffic exchanged among VPN sites of a single PAs, some sites of the VPN being connected to the network of one Q-ISP (Q-ISP 1), some other sites being connected to the network of another Q-ISP (Q-ISP 2). Q-ISP 1 and Q-ISP 2 exchange traffic flowing between the two parts of the VPN by using their interconnection to QXN (OPO* interconnection) OPA = Offerta per le Amministrazioni OPO = Offerta per gli Operatori Pag 14
QXN service offer – OPA Interconnection PA 3 PA m www. pa 2. it QISP-1 SPC Network www. pa 2. it Infranet traffic (Intra Q-ISP) g Infranet traffic (Inter Q-ISPs) g Internet traffic g QXN INTERNET QISP-2 SPC Network www. pa 2. it PA 1 PA 2 www. pa 2. it Pag 15
QXN Service Offer – OPO Interconnection RM-BRqxn 1 QXN ROMA VLAN 1 IP subnet 1 (/30) VPN PA 1 (clt QISP) Sedi in OPO RM-Bropo-FW VLAN 2 IP subnet 2 (/30) RM-BRopo-QISP RM-BRqxn 2 VPN PA 1 (clt QISP) MI-BRqxn 1 Fastweb VPN PA 1 (clt QISP) Sedi in OPA QISP VLAN 3 IP subnet 3 (/30) MI-BRopo-FW VLAN 4 IP subnet 4 (/30) MI-BRqxn 2 MI-BRopo-QISP QXN MILANO Pag 16
QXN - Main features n Two Po. P based on Cisco technology, located at major italian NAP (Neutral Access Point) premises in Rome (NAMEX) and Milan (MIX) n High security levels (physical and logical) n Service Level Agreement (SLA) Service Avalilability = 99, 99% n One Way Delay <= 20 ms n Packet Loss <= 0, 05% n n n One set of technical rules that every Q-ISP must follow in order to be interconnected to QXN (certification process) Service Trial completed on July 26 th, 2007, Commercial service started on July 27 th, 2007 Pag 17
QXN – Network Architecture PA 1 PA 2 Rete QISP A BRqx DNS BRqxn INTERNET BRqxn Nodo QXN Roma BRqx DNS BRqxn BRqx Nodo QXN Milano Rete QISP B PA 3 PA n Pag 18
QXN network architecture (continued. . ) n n Two nodes - Rome and Milan – interconnected by two redundant high speed transmission links (2 x 100 Mbps SDH, upgradable up to 1 Gbps), designed for high availability (equipment redundancy and physical path diversity) Each node is equipped with : n n n. 2 Cisco 7609 high-performance routers (BRqxn – Border Routers QXN) interconnected locally and to BRqxn at the remote site; SLA management system (based on Cisco IP SLA solution) in order to monitor and measure network quality parameters (One Way Delay, Packet Loss); Firewall e Intrusion Detection System, in order to protect PA’s data and traffic flowing through QXN Infrastructure for housing (rack), in order to accomodate equipment that (rack) QISPs use to interconnect their backbone to QXN nodes. These equipment must be co-located to the QXN Border Routers Pag 19
QXN - Traffic Routing issues • Traffic symmetry • All Q-ISPs must ensure that traffic generated by/directed to a PA (or a group of PAs) connected to their networks is always delivered/received on the same QXN node (eg. Rome or Milan). • BGP Communities are used by QXN and Q-ISPs in order to set priorities of BGP advertisements for their PA’s IP prefixes • Traffic load balancing • Traffic must be balanced between Q-ISP Border Routers (BRqx) and QXN Border Routers (BRQXN); • Traffic coming from a Q-ISP network is balanced (on per session basis) by BRqx towards both BRQXNs in a QXN node • BGP Routing • OSPF fully-meshed protocol among four BRQXNs placed in Rome and Milan QXN nodes; • External BGP v. 4 among BRQXNs and Q-ISP BRqx; • QXN AS (41407) acting as transit AS among Q-ISP’s public AS; Pag 20
QXN – Traffic routing issues • Communities BGP • All Q-ISPs must announce their IP prefixes to QXN by using BGP communities, so that each Q-ISP can set a priority among their BRqxs where traffic must be sent to. . • Use of BGP Communities is necessary in order to ensure traffic simmetry over QXN. • BGP Communities have this format: ASn_QXN: LP where: • ASn_QXN = 41407, is the public AS assigned by RIPE to QXN • LP is the Local Preference parameter value being set, within QXN, for the specific announcement • community 41407: 130 = Set LP equal to 130 within QXN network (highest priority) • community 41407: 120 = Set LP equal to 120 within QXN network • community 41407: 110 = Set LP equal to 110 within QXN network • community 41407: 100 = Set LP equal to 100 within QXN network (lowest priority) • no community = traffic dropped by QXN • All Q-ISP receive from QXN information about BGP Communities set by other Q-ISPs. Pag 21
OPA Interconnection – traffic routing and fault scenarios YYY / 23 PA 1 Prefix sede PA 1 LP 130 Prefix sede PA 1 LP 110 Prefix sede PA 1 LP 120 Rete Fornitore SPC A X BRqxn X NODO QXN ROMA Prefix sede PA 1 LP 100 BRqxn NODO QXN MILANO BRqxn X X Prefix sede PA 2 LP 100 Rete Fornitore SPC B PA 2 Prefix sede PA 2 LP 110 Prefix sede PA 2 LP 120 Prefix sede PA 2 LP 130 XXX / 24 Pag 22
Servizi Offerti – Interconnessione OPO RM-BRqxn 1 QXN ROMA VLAN 1 IP subnet 1 (/30) VPN PA 1 (clt QISP) Sedi in OPO RM-Bropo-FW VLAN 2 IP subnet 2 (/30) RM-BRopo-QISP RM-BRqxn 2 VPN PA 1 (clt QISP) FW VPN PA 1 (clt QISP) Sedi in OPA VPN PA 1 QISP) (clt MI-BRqxn 1 VLAN 3 IP subnet 3 (/30) MI-BRopo-FW VLAN 4 IP subnet 4 (/30) MI-BRqxn 2 MI-BRopo-QISP QXN MILANO Pag 23
OPO interconnection – routing aspects • QISPs backbones are interconnected to QXN through their own OPO Border Routers (BRopo). Each Q-ISP may decide to implement BRopo functions on the same equipment acting as BRqx (for OPA interconnections), or on different equipment. • OPO interconnection and OPA interconnection use different ports on BRQXN. • In OPO interconnection, BRqxns act as L 2 ethernet switches connecting QISP A’s BRopo (Fastweb) and Q-ISP B’s BRopo (being Wind or BT) • Each L 2 Link is configured in trunk mode (IEEE 802. 1 q), each VLAN whithin a 802. 1 q) trunk being associated to a specific VPN of specific PA. Pag 24
OPO interconnections – traffic routing and fault scenarios Main node RM-BRqxn 1 X QXN ROMA VLAN 1 IP subnet 1 (/30) RM-Bropo-FW PA 1 (clt QISP) VPN 1 -Sede A (in opo) VLAN 2 IP subnet 2 (/30) RM-BRopo-QISP X PA 1 (clt QISP) VPN 1 - Sede B RM-BRqxn 2 FW QISP MI-BRqxn 1 VLAN 3 IP subnet 3 (/30) MI-BRopo-FW VLAN 4 IP subnet 4 (/30) MI-BRopo-QISP VLAN 1 -2 -3 -4 : assegnate da QXN IPsubnet 1 -2 -3 -4: assegnate da QISP Backup Node MI-BRqxn 2 QXN MILANO Pag 25
QXN Architecture – security & SLA management Sonda Sonda Pag 26
SLA measuring and monitoring system Cisco 2811 Cisco 2811 Pag 27
SLA measuring and monitoring system (continued. . ) rm-qxn-sla-301 Q Q R R RM- BRqxn 1 MI- BRqxn 1 RM- BRqxn 2 MI- BRqxn 2 R R Q Q • Each SLA probe (Querier) sends a specific traffic pattern (10 IPpkt/min, 200 Bytes/pkt, 200 ms delay between two subsequent packets) to the other four SLA probes (Responders) connected to each BRqxn • This results in obtaining 16 traffic measures (one for each traffic relation) for every hour, that are used to calculate QXN hourly hour average PL and OWD • For every hour, QXN hourly average PL and QXN are matched with releavant SLA thresholds (PL=0, 05%, OWD=20 ms) in order to calculate penalties as foreseen in the service contract between SCQXN and its customers (Q-ISPs) Array of traffic measures Pag 28
QXN SLA Monitoring and Reporting Pag 29
QXN SLA Monitoring and Reporting Pag 30
SPC Domain Name System • SPC DNS is a federate systems with participation of : • PAs DNS • Q-ISPs DNS • QXN DNS • Main goal: to ensure that all IP traffic related to PA domain resolution process is completely confined within SPC environment. • This results in providing highest level of security to those critical applications run by PAs (e. g. Protocollo Informatico), because they can be based on domain/hosts that cannot be reached or viewed from outside SPC. Pag 31
DNS SPC Architecture Internet DNS Root Server Internet Server DNS QXN DNS Q-ISP 1 DNS Q-ISP 2 Q-ISP 1 Q-ISP 2 DNS PA 1 Client PA 1 Server PA 1 Public Administration #1 DNS PA 2 Public Administration #2 DNS PAn Public Administration #n Pag 32
DNS SPC – functional model PA DNS g g g It is Authoritative DNS for all domain zone belonging to PA It replicates all PA’s domain file zone on DNS’s Q-ISP (zone transfer/notify mechanism) Set Q-ISP’s DNS as forwarder for all domain zones they are not autorithative for. Q-ISP DNS g g Set as slave to PA’s DNS It ss Authoritative DNS for domain zones belonging to all PAs served by Q-ISP It replicates all its domain file zones on DNS QXN (zone transfer/notify mechanism) Set QXN DNS as forwarder for all domain zones it is not authoritative for. QXN DNS: g g Set as slave to Q-ISP’s DNSs. It ss Authoritative DNS for domain zones belonging to all PAs participating in SPC. Set Internet Root Servers as forwarders for all domain zones it’ not auuthoritative for. Pag 33
DNS SPC – Functional model (Notify / Zone Transfer mechanism) DNS QXN DNS Notify Zone Transfer DNS Q-ISP 1 DNS Q-ISP 2 Q-ISP 1 Change in PA 1. it zone file (e. g MX Record) Change in PA#n. it zone file (e. g MX Record) DNS PA 1 Client PA 1 Server PA 1 Public Administration #1 Q-ISP 2 DNS PA 2 Public Administration #2 DNS PAn Public Administration #n Pag 34
DNS SPC – Functional model (Query mechanism) Internet DNS Root Server Internet Server DNS QXN Query to Server PA 1 Query to Server PA 2 Query to Server PA 3 Query to Internet Server DNS Q-ISP 1 DNS Q-ISP 2 Q-ISP 1 Q-ISP 2 DNS PA 1 Client PA 1 Server PA 1 Public Administration #1 DNS PA 2 Public Administration #2 DNS PAn Public Administration #n Pag 35
WHO are QXN Customers ? • Current • The 4 major Italian Telco Operators (BT, TI, Wind, Fastweb) • SPC Management Center (CG-SPC) CG-SPC • Coming next • Application Cooperation Centers • Regione Toscana Community Network • Future • Node for PAs Voip interconnection (NIV) NIV • Other Q-ISP (with national or regional scope) fulfilling requirements set by QXN Board and Techical Committe according to general certification criteria set by CNIPA • QCN : Qualified Community Networks Pag 36
Thank you for your attention www. qxn-scpa. it www. qxn. it Pag 37
377c0fdc45ba701ce388017b7ef833c1.ppt