Quidway ME60 Series Multi-Service Control Gateway

HUAWEI TECHNOLOGIES CO., LTD.

Contents
1 Introduction ..............................................................................1 2 Product Feature .........................................................................3 3 Product Specification .................................................................5 4 Application ................................................................................6
4.1 Deployment Scenario for ME60 in Triple-play Solution .......................................6 4.2 Deployment Scenario for ME60 in MPLS VPN Solution.......................................7 4.3 Deployment Scenario for ME60 in Wholesale Service Solution ...........................8 4.4 Deployment Scenario for ME60 in Dynamic Service Selection Solution ...............9

Copyright 2006 by Huawei Technologies Co., Ltd. All Rights Reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Quidway ME60 Series Multi-Service Control Gateway

1 Introduction
The Quidway MultiserviceEngine 60 (hereinafter referred to as the ME60), is a series Multi-Service Control Gateway (MSCG) for delivering personalized triple play services to customers and carrier-class IP services to businesses at the network edge. The ME60 has abundant powerful functionalities for providing High Speed Internet Access, Voice over IP and IPTV services. These functionalities can be summarized in Figure 1.
Multicast Routing Protocol High Performance Multicast QoS Policy for Broadcast TV VoD Deployment Solution Admission Control for VoD Controllable Multicast Service Selection Gateway Dynamic QoS Policy Implement Powerful Authentication Function Flexible Charging Policy Multiple ISP Wholesale Service Awareness

Video

Data
Routing Policy for NGN Security Solution for NGN QoS Solution for NGN Reliability Solution for NGN Admission Control for NGN

Voice

Voice over IP + IP Video + HSI

Any Play Service

Figure 1 Abundant Functionalities Available from the ME60 Series Multi-Service Control Gateway

The ME60 is characterized by large capacity, high performance, powerful service processing capability, and integrated control capability. Therefore the ME60 is a key device for bringing many advantages of Telecom Network to IP Network that enables IP Network to bear Voice, Video, and Wireless/NGN services. In order to meet the diverse requirements of customers, the ME60 integrates multiple functions such as subscriber management, service control and security control. Firstly, for triple play service, the ME60 provides signalling and media proxy, multicast control, firewall, and 5-level hierarchical scheduling features. Secondly, the customized service provisioning enables operators to launch value-added services for both enterprises and individual subscribers with enhanced operation and management capability.

Huawei Datacom
Quidway ME60 Series Multi-Service Control Gateway

Thirdly, as a PE device, the ME60 provides powerful layer-2 and layer-3 VPN features, thus it is able to provide VPN services for enterprises. In addition, the ME60 provides security and carrier-class guarantee for the above services. Finally, the ME60 fully supports IPv6, thus it can meet the network requirements in the future. The architecture of the multi-service IP network is shown in Figure 2.

Access
DSL IP DSLAM PSTN TG 3G RAN/GSM SGSN/MSC ATM/FR

Edge

Core

Edge

Access

DSL IP DSLAM PSTN TG 3G RAN/GSM Service Aggregation, Management, Policy Control, ...... Service Aggregation, Management, Policy Control, ......

IP/MPLS Core

SGSN/MSC ATM/FR Metro Ethernet

Metro Ethernet RG STB

RG STB

Figure 2 Transformed IP Network for All Services

By adopting ME60 as the service edge, operators can build up a secure, reliable, operable and full-service Ethernet network with QoS guarantee. It converges traditional telecom services and new IP services, and bears them in a unified platform, thus the Capital Expenditure (CapEx) and the Operation Expenditure (OpEx) can be reduced. The ME60 enables the operator to deploy multiple value-added services, implement elaborate operation and improve the Average Revenue Per User (ARPU). The ME60 series includes two models: ME60-16 and ME60-8. The ME60-16 has 16 slots for line cards while the ME60-8 has 8 slots for line cards. Figure 3 shows the appearance of ME60-16 and ME60-8.

ME60-16

ME60-8
Figure 3 ME60 Appearance

2 Product Feature
Powerful Service Integration and Control Capability
The ME60 is an access control and management platform for multiple services. It has integrated various functions together such as user management, security control, and service control.

Flexible Multi-Service Aggregation Capability

The ME60 supports multiple interface types and access modes such as Ethernet, PoS and ATM. It can act as either Metro Ethernet access network service edge or IP/MPLS core network PE edge. The ME60 is a unified platform to deploy triple play services for broadband subscribers, and MPLS L2/L3 VPN services for enterprise customers. It has been designed for the migration from traditional ATM, FR and TDM services to IP/MPLS network.

Abundant Services Provisioning Capability

Working with the Policy Server and RADIUS Server, the ME60 implements service provisioning, management, and accounting for users. Therefore, users are able to customize the bandwidth and services as their wish, such as BTV, VoD, VoIP and online games, etc.

Huawei Datacom
Quidway ME60 Series Multi-Service Control Gateway

The ME60 supports L2 MPLS VPN (VLL, VPLS, CCC, etc.) and L3 MPLS VPN. It also supports tunnel technologies such as VPDN and GRE, thus making it able to provide enterprise interconnection service and ISP wholesale service. The ME60 is a carrier-class device for telecom network, providing firewall, session border control, and deep packet inspection.

H-QoS Support for Telecom Services

The ME60 supports various traffic classification methods and service aware policies. It can classify the services flexibly and detailedly. The ME60 provides 5-level hierarchical scheduling (up to 256k queues and each user can be configured with 8 queues), traffic monitor, congestion avoidance, and traffic shaping. With all these features, the ME60 is able to provide end-to-end QoS assurance for carrier-class services such as Triple Play, 3G services, and NGN.

Comprehensive Security Assurance Mechanism

The ME60 supports multiple authentication procedures to provide secure access to service terminals, and also supports protection of user service and equipment against attacks such as SYN Flooding, Proxy, ICMP Flooding, UDP Flooding, IP Spoofing, LAND attack, Smurf attack, Fragment attack, and Ping of Death, etc. In addition, the ME60 provides, manages, and maintains the logs such as attack defense log and traffic monitor log.

High-Performance Route Forwarding Platform

The ME60 has an unblocked 640 Gbps switching capacity and can provide 10 Gbps high-speed service interface. It also supports multiple routing protocols such as RIP/RIPng, OSPFv2/OSPFv3, IS-ISv4/IS-ISv6, and BGP/BGP+, etc. The ME60 supports 1M IPv4 routing table and 512K IPv6 routing table.

Carrier-Class System Design

The entire system of the ME60 is designed with considerations of carrier-class high availability. Firstly, all cards used in ME60 are hot-swappable. Secondly, all key components, such as Main Processing Unit (MPU), Switching Fabric Unit (SFU), clock system, power supply modules, fans, and internal management bus, work in redundancy backup mode. This way, the system reliability has been greatly improved. The ME60 is able to support many advanced protection technologies such as VRRP protocol, ASSP (Access Server Standby Protocol), BFD, MPLS OAM, and FRR. Therefore failures of both link layer and network layer can be recovered without interrupting services. In addition, The ME60 adopts NP (Network Processor) technology that enables operators to upgrade service features without changes of hardware.

3 Product Specification
Listed in Table 1 are the main specifications of ME60. Table 1 ME60 Specifications
Specification
Switching Capacity Backplane Capacity Forwarding Capacity No. of Slots Dimension (W D H) 640 Gbps 2.56T (bidirectional) 240 Mpps 22 (16 for line cards) 442mm 600mm 1600mm Height: 36U Standard chassis LCD status display MPU: 1:1 redundancy SFU: 3+1 redundancy Power supply: 1+1 redundancy Fan: 1+1 redundancy Broadband Service Unit (BSU) Enterprise Service Unit (ESU) Tunnel Service Unit (TSU) Security Service Unit (SSU) Session Border Controller (SBC) 110GE, 210GE, 4GE, 5GE, 10GE, 24GE, 32FE 4STM-16/OC-48 PoS, 1STM-64/OC-192 PoS 16STM-1 ATM, 4STM-4 ATM VLAN: 4K/port, 64K/slot, 512K/chassis QinQ: 64K/port, 64K/slot, 512K/chassis Supporting VLL,VPLS Supporting L3 MPLS VPN (RFC 2547bis) Supporting LAC, LNS, LTS, and 16K tunnels as well as 96K sessions 4K IPv4: RIP, OSPFv2, ISIS, BGP4, static IPv6: RIPng, OSPFv3, BGP4+, ISISv6, static

ME60-16
640 Gbps

ME60-8
1.28T (bidirectional) 120 Mpps 12 (8 for line cards) 442m 600mm 889mm Height: 22U

Structure

Line Module

Interface Card VLAN L2VPN L3VPN L2TP GRE Routing Protocol

Multicast

Supporting MSDP, PIM-SM, PIM-DM, and IGMP Supporting the configuration of static group members Supporting the interoperability between multicast protocols Supporting processing on multicast policies, including the multicast routing protocol and the forwarding policy (up to 8K entries in the forwarding table) Supporting the IPTV service based on multicast control

SSG QoS Queue

Policy based upon RADIUS or COPS 256K/line module, 5-level hierarchical scheduling Stateful firewall 9 Mpps, session setup: 150K/s Blacklist: 64K Attack defense: SYN flood, ICMP flood, UDP flood, IP spoofing, smurf, etc. Flow log: syslog, binary flow log

Security

P2P management
IPTV DHCP Option 60/82 Multicast to MVLAN/PPPoE session/VLAN/sub-interface, multicast right filter list, etc.

Huawei Datacom
Quidway ME60 Series Multi-Service Control Gateway

Specification
Broadband Subscriber Management Session Border Controller Others Input Power MTBF Environment Requirement

ME60-16
Concurrent subscriber: 12K/slot, 96K/chassis Access type: PPPoX, DHCP, 802.1x Registered users: 100,000 Concurrent users: 40,000 SIP proxy, MGCP proxy, H.248, H.323, IADMS proxy BFD, ASSP, VRRP, Trunk, OAM, FRR DC (-48V) 19 years

ME60-8

DC (-48V) , AC (220V)

Long-term operating temperature: 0~45; short-term operating temperature: -5~55 Storage temperature: -40~70 Relative humidity: 10%RH~95%RH

4 Application
The ME60 should normally be positioned at the service edge of the carriers Metro Ethernet Network. It integrates various functions, such as user management, security control, service control and many other service capability.

4.1 Deployment Scenario for ME60 in Triple-play Solution

The ME60 supports triple-play. See Figure 4.
Middleware AAA Server Policy Server

IP/MPLS Core ME60

ME60 VoD Server

IP Edge

ME60

Soft Switch VoIP Gateway

Metro Network

DSLAM RG

DSLAM RG

Figure 4 Application of ME60 in Triple Play and IPTV

As shown in Figure 4, the working process of IPTV or VoD service is as follows:

After getting online, the terminal STB sends the VoD request to middleware. The middleware accepts the request and sends QoS parameters, such as bandwidth and priority, to policy server. The policy server passes the QoS parameters to the ME60. The ME60 allocates resource to the applications according to QoS parameters.
In this solution, the ME60 isolates terminals by using technologies such as binding check, terminal fraudulent detection, and URPF. In this way, terminals can not access each other directly. Therefore, the attacks from terminals can be avoided effectively.

4.2 Deployment Scenario for ME60 in MPLS VPN Solution

As shown in Figure 5, besides the virtual network services provided for business subscribers, the ME60 can provide MPLS VPN for broadband access subscribers. For broadband access subscribers, carriers can specify different VPNs based on service attributes or ISPs. In the core network, the ME60 provides tunnels for each VPN. Meanwhile, the ME60 also reserves resources and schedules services based on priority. In this way, the QoS of all VPNs can be ensured. The ME60 supports fast fault detection, and the switchover of service is implemented by MPLS OAM and FRR. Therefore, the interruption of VPN service can be avoided.

VPN1

ME60 Core Router

ME60

VPN2

VPN1

IP/MPLS Core

VPN2

IP/MPLS Edge ME60 VPN2 ME60 Metro Ethernet

VPDN Subscriber

Figure 5 Application of ME60 in MPLS VPN

Huawei Datacom
Quidway ME60 Series Multi-Service Control Gateway

4.3 Deployment Scenario for ME60 in Wholesale Service Solution

The ME60 supports three wholesale solutions:

Based on VPDN Based on policy-based routing and GRE tunnel Based on MPLS VPN
The following figure takes the wholesale service based on the L2TP tunnel for example, as shown in Figure 6.

LNS user1@isp1 LAC (ME60) Access Network user2@isp1

ISP1

el Tunn

Tunn el
IP/MPLS Network

LNS

user1@isp2

ISP2

Figure 6 Application of ME60 in Wholesale Service

In Figure 6, the ME60 acts as an LAC to distribute users packets of different ISPs to different LNSs of the ISPs. Then, the ISPs authenticate and authorize the users, and provide services for users. In this solution, the ME60 acts as an LAC, LNS, or LTS.

4.4 Deployment Scenario for ME60 in Dynamic Service Selection Solution

The ME60 provides dynamic service selection solution, as shown in Figure 7.

Service Select Portal

Policy Server

Radius Server

DHCP Server

Internet

SP

Metro Ethernet MSCG (ME60) Subscriber

IP/MPLS Core

VoD

SP

Gaming SP
Figure 7 Networking of the ME60 in Dynamic Service Selection

As shown in Figure 7, the process of dynamic service selection is as follows:

The RADIUS server identifies users for basic service access. The ME60 gets the authorization information of the basic service from the AAA server, and then notifies the service selection server (SSS). The SSS notifies the ME60 of the default and auto-activated services. After getting online, the user directly accesses the service selection portal (SSP), and then subscribes services on the SSP page. The SSP server notifies the users selection to the SSS. The SSS notifies the users selection to the ME60. The ME60 conducts control, authentication, and accounting for the service flow.
Similarly, after the users cancel a service on the SSP page, the SSP will notify the cancellation to SSS, and then request the ME60 to cancel the service. When the users get offline, the ME60 will notify the SSP, and cancel all the services.

HUAWEI TECHNOLOGIES CO., LTD. Add: Huawei Industrial Base Bantian Longgang Shenzhen 518129, P.R.China Tel : +86-755-28780808 Version No.: M3-085030-20061018-C-1.0 www.huawei.com