Professional Documents
Culture Documents
Contents
1 Introduction ..............................................................................1 2 Product Feature .........................................................................3 3 Product Specification .................................................................5 4 Application ................................................................................6
4.1 Deployment Scenario for ME60 in Triple-play Solution .......................................6 4.2 Deployment Scenario for ME60 in MPLS VPN Solution.......................................7 4.3 Deployment Scenario for ME60 in Wholesale Service Solution ...........................8 4.4 Deployment Scenario for ME60 in Dynamic Service Selection Solution ...............9
Copyright 2006 by Huawei Technologies Co., Ltd. All Rights Reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.
Video
Data
Routing Policy for NGN Security Solution for NGN QoS Solution for NGN Reliability Solution for NGN Admission Control for NGN
Voice
Figure 1 Abundant Functionalities Available from the ME60 Series Multi-Service Control Gateway
The ME60 is characterized by large capacity, high performance, powerful service processing capability, and integrated control capability. Therefore the ME60 is a key device for bringing many advantages of Telecom Network to IP Network that enables IP Network to bear Voice, Video, and Wireless/NGN services. In order to meet the diverse requirements of customers, the ME60 integrates multiple functions such as subscriber management, service control and security control. Firstly, for triple play service, the ME60 provides signalling and media proxy, multicast control, firewall, and 5-level hierarchical scheduling features. Secondly, the customized service provisioning enables operators to launch value-added services for both enterprises and individual subscribers with enhanced operation and management capability.
Huawei Datacom
Quidway ME60 Series Multi-Service Control Gateway
Thirdly, as a PE device, the ME60 provides powerful layer-2 and layer-3 VPN features, thus it is able to provide VPN services for enterprises. In addition, the ME60 provides security and carrier-class guarantee for the above services. Finally, the ME60 fully supports IPv6, thus it can meet the network requirements in the future. The architecture of the multi-service IP network is shown in Figure 2.
Access
DSL IP DSLAM PSTN TG 3G RAN/GSM SGSN/MSC ATM/FR
Edge
Core
Edge
Access
DSL IP DSLAM PSTN TG 3G RAN/GSM Service Aggregation, Management, Policy Control, ...... Service Aggregation, Management, Policy Control, ......
IP/MPLS Core
RG STB
By adopting ME60 as the service edge, operators can build up a secure, reliable, operable and full-service Ethernet network with QoS guarantee. It converges traditional telecom services and new IP services, and bears them in a unified platform, thus the Capital Expenditure (CapEx) and the Operation Expenditure (OpEx) can be reduced. The ME60 enables the operator to deploy multiple value-added services, implement elaborate operation and improve the Average Revenue Per User (ARPU). The ME60 series includes two models: ME60-16 and ME60-8. The ME60-16 has 16 slots for line cards while the ME60-8 has 8 slots for line cards. Figure 3 shows the appearance of ME60-16 and ME60-8.
ME60-16
ME60-8
Figure 3 ME60 Appearance
2 Product Feature
Powerful Service Integration and Control Capability
The ME60 is an access control and management platform for multiple services. It has integrated various functions together such as user management, security control, and service control.
Huawei Datacom
Quidway ME60 Series Multi-Service Control Gateway
The ME60 supports L2 MPLS VPN (VLL, VPLS, CCC, etc.) and L3 MPLS VPN. It also supports tunnel technologies such as VPDN and GRE, thus making it able to provide enterprise interconnection service and ISP wholesale service. The ME60 is a carrier-class device for telecom network, providing firewall, session border control, and deep packet inspection.
3 Product Specification
Listed in Table 1 are the main specifications of ME60. Table 1 ME60 Specifications
Specification
Switching Capacity Backplane Capacity Forwarding Capacity No. of Slots Dimension (W D H) 640 Gbps 2.56T (bidirectional) 240 Mpps 22 (16 for line cards) 442mm 600mm 1600mm Height: 36U Standard chassis LCD status display MPU: 1:1 redundancy SFU: 3+1 redundancy Power supply: 1+1 redundancy Fan: 1+1 redundancy Broadband Service Unit (BSU) Enterprise Service Unit (ESU) Tunnel Service Unit (TSU) Security Service Unit (SSU) Session Border Controller (SBC) 110GE, 210GE, 4GE, 5GE, 10GE, 24GE, 32FE 4STM-16/OC-48 PoS, 1STM-64/OC-192 PoS 16STM-1 ATM, 4STM-4 ATM VLAN: 4K/port, 64K/slot, 512K/chassis QinQ: 64K/port, 64K/slot, 512K/chassis Supporting VLL,VPLS Supporting L3 MPLS VPN (RFC 2547bis) Supporting LAC, LNS, LTS, and 16K tunnels as well as 96K sessions 4K IPv4: RIP, OSPFv2, ISIS, BGP4, static IPv6: RIPng, OSPFv3, BGP4+, ISISv6, static
ME60-16
640 Gbps
ME60-8
1.28T (bidirectional) 120 Mpps 12 (8 for line cards) 442m 600mm 889mm Height: 22U
Structure
Line Module
Multicast
Supporting MSDP, PIM-SM, PIM-DM, and IGMP Supporting the configuration of static group members Supporting the interoperability between multicast protocols Supporting processing on multicast policies, including the multicast routing protocol and the forwarding policy (up to 8K entries in the forwarding table) Supporting the IPTV service based on multicast control
Policy based upon RADIUS or COPS 256K/line module, 5-level hierarchical scheduling Stateful firewall 9 Mpps, session setup: 150K/s Blacklist: 64K Attack defense: SYN flood, ICMP flood, UDP flood, IP spoofing, smurf, etc. Flow log: syslog, binary flow log
Security
P2P management
IPTV DHCP Option 60/82 Multicast to MVLAN/PPPoE session/VLAN/sub-interface, multicast right filter list, etc.
Huawei Datacom
Quidway ME60 Series Multi-Service Control Gateway
Specification
Broadband Subscriber Management Session Border Controller Others Input Power MTBF Environment Requirement
ME60-16
Concurrent subscriber: 12K/slot, 96K/chassis Access type: PPPoX, DHCP, 802.1x Registered users: 100,000 Concurrent users: 40,000 SIP proxy, MGCP proxy, H.248, H.323, IADMS proxy BFD, ASSP, VRRP, Trunk, OAM, FRR DC (-48V) 19 years
ME60-8
DC (-48V) , AC (220V)
Long-term operating temperature: 0~45; short-term operating temperature: -5~55 Storage temperature: -40~70 Relative humidity: 10%RH~95%RH
4 Application
The ME60 should normally be positioned at the service edge of the carriers Metro Ethernet Network. It integrates various functions, such as user management, security control, service control and many other service capability.
IP Edge
ME60
Metro Network
DSLAM RG
DSLAM RG
After getting online, the terminal STB sends the VoD request to middleware. The middleware accepts the request and sends QoS parameters, such as bandwidth and priority, to policy server. The policy server passes the QoS parameters to the ME60. The ME60 allocates resource to the applications according to QoS parameters.
In this solution, the ME60 isolates terminals by using technologies such as binding check, terminal fraudulent detection, and URPF. In this way, terminals can not access each other directly. Therefore, the attacks from terminals can be avoided effectively.
VPN1
ME60
VPN2
VPN1
IP/MPLS Core
VPN2
VPDN Subscriber
Huawei Datacom
Quidway ME60 Series Multi-Service Control Gateway
Based on VPDN Based on policy-based routing and GRE tunnel Based on MPLS VPN
The following figure takes the wholesale service based on the L2TP tunnel for example, as shown in Figure 6.
ISP1
el Tunn
Tunn el
IP/MPLS Network
LNS
user1@isp2
ISP2
In Figure 6, the ME60 acts as an LAC to distribute users packets of different ISPs to different LNSs of the ISPs. Then, the ISPs authenticate and authorize the users, and provide services for users. In this solution, the ME60 acts as an LAC, LNS, or LTS.
Policy Server
Radius Server
DHCP Server
Internet
SP
IP/MPLS Core
VoD
SP
Gaming SP
Figure 7 Networking of the ME60 in Dynamic Service Selection
The RADIUS server identifies users for basic service access. The ME60 gets the authorization information of the basic service from the AAA server, and then notifies the service selection server (SSS). The SSS notifies the ME60 of the default and auto-activated services. After getting online, the user directly accesses the service selection portal (SSP), and then subscribes services on the SSP page. The SSP server notifies the users selection to the SSS. The SSS notifies the users selection to the ME60. The ME60 conducts control, authentication, and accounting for the service flow.
Similarly, after the users cancel a service on the SSP page, the SSP will notify the cancellation to SSS, and then request the ME60 to cancel the service. When the users get offline, the ME60 will notify the SSP, and cancel all the services.
HUAWEI TECHNOLOGIES CO., LTD. Add: Huawei Industrial Base Bantian Longgang Shenzhen 518129, P.R.China Tel : +86-755-28780808 Version No.: M3-085030-20061018-C-1.0 www.huawei.com