1

MATHEMATICAL EVOLUTIONS FOR RISK MANAGEMENT: THETARAY ANOMALY DETECTION ALGORITHMS ARE A GAME CHANGER

0100110001101111011100100110010101101101001000000110100101110000011100110111010101101101001000000110010001101111011011000110111101110010001000000111001101101001011101000010000001100001011011010110010101110100001011000010000001100011011011110110111001110011011001010110001101110100011001010111010001110101011100100010000001100001011001000101001100011011110111001001100101011011010010000001101001011100000111001101110101011011010010000001100100011011110110110001101111011100100010000001110011011010010111010000100000011000010110110101100101011101000010110000100000011000110110111101101110011100110110010101100011011101000110010101110100011101010111001000100000011000010110010001 0100110001101111011100100110010101101101001000000110100101110000011100110111010101101101001000000110010001101111011011000110111101110010001000000111001101101001011101000010000001100001011011010110010101110100001011000010000001100011011011110110111001110011011001010110001101110100011001010111010001110101011100100010000001100001011001000101001100011011110111001001100101011011010010000001101001011100000111001101110101011011010010000001100100011011110110110001101111011100100010000001110011011010010111010000100000011000010110110101100101011101000010110000100000011000110110111101101110011100110110010101100011011101000110010101110100011101010111001000100000011000010110010001010011000110111101110010011001010110110100100000011010010111000001110011011101010110110100100000011001000110111

MPLS-TP FOR MISSION-CRITICAL

NETWORKS

2

MAINTAINING TDM PERFORMANCE OVER PACKET NETWORKS

Mission-critical communication networks serve strategic national assets. Energy (electricity, Gas & Oil, nuclear),

transportation, water, government agencies and military organizations are all considered critical infrastructures. The key

attributes for their communication networks are reliability, resiliency, and security. Therefore, it is not surprising that they

would try to avoid any change from the highly-trusted TDM-based infrastructure to a new packet-based one. However,

this shift is inevitable, since TDM-based communication equipment is reaching its end-of-life state and is becoming too

expensive to maintain.

The inevitable move to packet poses new challenges to strategic industries. These include increased security threats,

higher network complexity, and above all, maintaining TDM-predictable and deterministic performance over the packet

infrastructure.

MPLS-TP (MPLS Transport Profile) is the most widely accepted

technology as the successor for maintaining TDM transport

attributes. In this paper, we will outline the key differences between

MPLS-TP and IP/MPLS, with special focus on the implications for

mission-critical networks. We will present the features that are

common to the two technologies that make them interoperable.

The paper will also indicate which features were discarded and

which functionalities were added to maintain TDM performance

attributes over the packet infrastructure. Ultimately, we can see that

MPLS-TP and IP/MPLS are complementary—not competing—

technologies.

3

RELIABILITY enables end-user services to run on transport

layers that comply with stringent resiliency and

recovery constraints.

SCALABILITY

enables the coordination of subscribers, service

providers, and operators to achieve Carrier-Ethernet

based data connectivity between multiple subscriber

sites across multiple operator networks.

Ethernet has been the standard packet technology in the LAN. Therefore, it was the natural choice for service

providers who want to expand packet technology to the WAN. However, native Ethernet has a number of weaknesses

that disqualify it from maintaining carrier-grade quality. Many of them are rooted in the connectionless nature of the

technology, which does not support deterministic behavior. As a result, native Ethernet performs restoration relatively

slowly, has limited scalability, cannot guarantee performance parameters, and does not support service management. To

address these issues, MEF (Metro Ethernet Forum) defined a new class of Ethernet— Carrier Ethernet—which features

five key attributes:

FROM NATIVE ETHERNET TO CARRIER ETHERNET

STANDARDIZED SERVICES enables the coordination of subscribers, service providers,

and operators to achieve Carrier-Ethernet based data

connectivity between multiple subscriber sites across

multiple operator networks.

SERVICE MANAGEMENT enables service providers to roll out, maintain, and

troubleshoot data-connectivity services in a

cost-effective and timely manner.

QUALITY OF SERVICE enables a single network to run multiple services to

multiple end-users, running a wide variety of applications

with different bandwidth and latency requirements. It

also provides the required tools to ensure that services

maintain performance requirements according to Service

Level Specifications (SLS).

CARRIER

ETHERNET

When MEF defined the attributes for Carrier Ethernet compliance,

it did not define the implementation method.

4

MPLS (MULTI-PROTOCOL LABEL SWITCHING)

MPLS-TP (MPLS TRANSPORT PROFILE)

MPLS-TP AND IP/MPLS COMPARISON

Standardized by the IETF, MPLS is a scalable protocol-agnostic mechanism designed to carry circuit and packet traffic

over virtual circuits, known as Label Switched Paths (LSPs). MPLS makes packet-forwarding decisions, based on the

contents of the label, without examining the packet payload and is considered as a layer between the traditional definitions

of Layer 2 and Layer 3.

MPLS (also known as IP/MPLS) was originally developed to facilitate packet forwarding by using label switching. It also

has additional attributes, like connection establishment, improved network resiliency, and OAM functions. These all

help overcome some of native Ethernet transport shortcomings. However, MPLS has several major deficiencies when

implemented in transport networks. These deficiencies became the drive for the development of the MPLS Transport

Profile (MPLS-TP).

MPLS-TP is the result of a joint effort by IETF and ITU-T. The drive behind it is to overcome the drawbacks of IP/MPLS

when used for metro transport networks.

MPLS-TP is a simplified version of IP/MPLS that is optimized for transport networks. MPLS-TP is both a subset and an

extension of IP/MPLS. The basic label-based packet forwarding is retained. However, some of the complex

IP/MPLS functionalities that do not support deterministic performance or that are not connection-oriented were

removed. Also, other transport features to facilitate operation and visibility were added. As a result,

MPLS-TP is strictly connection-oriented and does not rely on IP forwarding or routing. Nevertheless, MPLS-TP and IP/

MPLS are interoperable, enabling their use within the same network.

MPLS-TP key objectives are:

• To enable MPLS deployment in a transport network and

to operate in a similar manner to existing TDM transport

technologies (SDH/SONET)

• To enable MPLS support of packet transport services with a

similar degree of predictability, reliability, and OAM to that of

existing transport networks.

5

COMMON FEATURES

MPLS-TP and IP/MPLS share some key functionality.

MULTI-PROTOCOL

MPLS is L2-protocol independent and, therefore, is agnostic to the underlying transport protocols. In addition, using a

mechanism called pseudowire (PW), it is also agnostic to services running on top of it. MPLS PW is a mechanism that

emulates the essential attributes of a native service, while transporting over a packet switched network. With MPLS PW,

native services like ATM, Frame Relay, PDH, SONET/SDH, Ethernet, and others, are tunneled through the packet

network. Multi-protocol support is well suited to the mixed-technology environment of mission-critical networks (like

TDM-based SCADA and packet-based SCADA) and allows gradual and controlled transition.

LABEL SWITCHING

In traditional IP routing, each router makes independent routing decisions and determines the next hop, based on its

routing table. With MPLS, on the other hand, a path (LSP) from the source to the final destination is predetermined and

a “label” is applied to it.

The first device in the path adds the MPLS label. Subsequent devices along the path use this label to route the traffic,

without any additional IP lookups. The label switching process is considered faster and simpler to implement than routing.

The final destination device removes the label and the packet is delivered via normal IP routing, in the case of IP service.

6

ADDED FEATURES

In order to maintain TDM-like deterministic performance, visibility and control, several features

that do not exist in IP/MPLS were added in MPLS-TP.

These additional features or modifications of existing IP/MPLS features are divided into four responsibilities:

CONTROL PLANE

for label distribution and LSP setup

OAM

for monitoring and

troubleshooting

information

PROTECTION AND

RESILIENCY

for maintaining undisrupted

service

DATA PLANE

for packet forwarding

DATA PLANE

Bidirectional LSPs

A key difference between MPLS-TP and IP/MPLS involves the LSP. IP/MPLS uses unidirectional LSPs. This means that

traffic from A to B and from B to A can follow different paths. MPLS-TP on the other hand, uses bidirectional LSPs,

meaning that traffic in both directions uses exactly the same path.

Bidirectional LSPs are required for deterministic performance. They simplify network operation and provide easier SLA

control.

7

Teleprotection Example

Teleprotection systems detect faults in the power grid and use circuit breakers to prevent them from affecting larger

parts of the grid. Fast failure detection and rapid reaction of the teleprotection systems are critical for operating and

maintaining a robust and reliable electric grid.

Many teleprotection systems base their operation on the exchange of data, via the communication channel between

the teleprotection relays on either side of the power line. Clearly, a teleprotection system’s proper operation is highly

dependent upon the communication channel that delivers information sent from both sides of the protected line.

Therefore, it is critical to maintain low and symmetric latency and jitter over the communication channel.

1588v2 Synchronization Example

Packet technologies (unlike synchronous SONET/SDH technologies), lack inherent synchronization. Mission-critical

networks rely on accurate timing and synchronization in a wide range of applications. These include:

• CES (Circuit Emulation) – delivering TDM services (SCADA, E1/T1, SDH/SONET) from TDM based edge

equipment over packet transport Synchronous Phasor Measurement (Synchrophasors) - synchronized measurements

of the electrical waves at various locations in the power system are used to provide better visibility and control of the

power grid

• Control IEDs (Intelligent Electronic Devices) – time synchronization is required for accurate analysis of time-

events recorded by the IEDs.

• Teleprotection – accurate time stamps on measurements taken on both sides of the protected line, as described

above.

The two common techniques being used to provide synchronization over packet are Synchronous Ethernet and 1588v2.

In a mission-critical environment, usually only 1588v2 supports the required accuracy. In addition, since unlike SyncE,

1588v2 requires support by only the two end points, it easier to implement within a brown field environment. 1588v2 is

Timing over Packet (ToP) technique based on back-and-forth exchange of time/stamp information. Being a packet-

based technique, the packets that carry the timing information compete with all other data services and routing protocol

information for network resources. Thus, they are impacted by the network traffic load. The key factor that affects the

synchronization performance over packet is the Packet Delay Variation (PDV). This is the variation in the transfer delay of

the packet. Once again, it is evident that proper synchronization performance can only be guaranteed with deterministic,

bidirectional MPLS-TP LSPs.

MPLS-TP deterministic performance (latency, jitter, timing) and

bidirectional LSPs for symmetric communication are best suited to

meet these requirements.

8

CONTROL PLANE

Management/Control and Data Plane Separation

IP/MPLS does not separate between control and data planes. With MPLS-TP, the management/control plane is totally

isolated from the data plane.

The importance of total separation is that a failure in the management/control plane cannot impact the traffic. The result

is a much more robust, reliable and secure network.

OAM (OPERATION ADMINISTRATION AND MAINTENANCE)

OAM includes all connectivity verification tools for checking PW and LSP integrity. With IP/MPLS, OAM data is

transmitted out-of-band and might not take the same path as data traffic.

With MPLS-TP, as with SDH/SONET, OAM is carried with the user traffic within the MPLS-TP frame using G-Ach

(Generic Associated Channel).

In-band OAM ensures transport-like operation, supporting the connection-oriented concept. Moreover, MPLS-TP

OAM proactive monitoring triggers fast switch-to-protection. This enables faster troubleshooting and makes the network

performance more predictable.

PROTECTION

With IP/MPLS, sub-50 msec convergence cannot be guaranteed when using the LDP signaling protocol. A Fast Reroute

(FRR) protection scheme that can guarantee sub-50 msec switch-to-protection for ring topology, requires the RSVP-TE

signaling protocol. This is not scalable in large networks and does not fit all topologies

With MPLS-TP, sub-50 msec switch-to-protection is guaranteed for any network topology, using hardware-based

proactive OAM, static FRR provisioning, and a variety of protection schemes.

Guaranteed sub-50 msec mission-critical grade switch-to-protection is essential for maximum network availability and

undisrupted service continuity.

9

DISCARDED FEATURES

The discarded section refers to the features or mechanisms used by IP/MPLS, but not by

MPLS-TP. As a rule, all features and mechanisms that are not used by MPLS-TP do not comply

with the connection-oriented nature of transport networks, and therefore, impair predictable

deterministic performance.

PHP (Penultimate Hop Popping)

PHP, used by IP/MPLS, removes the MPLS label one node before the egress node, to minimize router processing.

Removing the outer label makes MPLS-TP OAM invalid and protection schemes are unable to function. In addition, PHP

assumes traffic is IP, which is not necessarily the case. This is why MPLS-TP doesn’t use PHP.

LSP Merge

LSP merge means that two or more LSPs (with the same destination) are merged to use the same MPLS label. This

reduces the number of labels used in the network. LSP merge causes loss of source information, which prevents the

original LSPs from being monitored end-to-end. Therefore, it is not used by MPLS-TP.

ECMP (Equal Cost Multiple Path)

ECMP allows a traffic split within the same LSP over multiple LSPs with the same cost. This results in different packets

taking different paths. ECMP is not deterministic and contradicts the concept of connection-oriented operation.

Therefore, it is not used by MPLS-TP.

Control Plane

While LSP is a network-wide path, the label value is local and can be changed along the way. MPLS signaling protocol is

used to map LSPs to specific label values:

• Label Distribution Protocol (“LDP”) - simple non-constrained protocol (no traffic engineering support).

• Resource Reservation Protocol with Traffic Engineering (“RSVP-TE”) – more complex protocol with more overhead,

which includes support of traffic-engineering via network resource reservation.

IP/MPLS is strictly dependent upon control plane protocols. Traffic engineering (TE) and FRR, which are supported only

by RSVP-TE protocol, are complex and do not scale well for large networks.

MPLS-TP does not require any control plane protocols for its

operation. LSPs and pseudowires can be provisioned statically using

a Network Management System (NMS). This is the same way it is

already implemented on the legacy TDM-based transport network.

Eliminating the control plane and using central control provides all fast reroute and traffic engineering features, without

the complications of running a distributed control plane in every network element. The result is CAPEX and OPEX

savings.

10

MPLS-TP, on the other hand, scales easily. Eliminating the need to

manage complex routing tables. It keeps NEs simple and cost-effective

and the centralized multiprocessor servers (NMS) scale easily, as

required.

The use of a distributed control plane by IP/MPLS requires substantial processing power and memory to run control

plane protocols on every NE. This affects cost, power consumption, and stability. Managing a large number of routing

tables requires expert IP routing knowledge and is an operational challenge, especially for large-scale networks.

11

COMPLEMENTARY OR COMPETING?

Clearly, MPLS-TP overcomes IP/MPLS transport gaps, making it a better fit for mission-critical operational networks.

However, IP/MPLS’s facilitates operation in a dynamic environment and is commonly used at the core of the networks.

ECI’s Elastic MPLS supports both MPLS-TP and IP/MPLS from the same network element, including signaling gateway

functionality between the two protocols. Elastic MPLS enables the use of the best-suited technology for each network

domain, without being forced to use the same technology across the entire network. It is likely that seamless interworking

provided by Elastic MPLS will be compulsory, since IP/MPLS is commonly used at the core of the network and in IT

networks that are separated from the operational networks. Conversely, MPLS-TP is best suited whenever deterministic

performance and full visibility and control are required.

With the Neptune product line, you enjoy the best of two worlds, with flexible and risk-free MPLS implementation.

With the Neptune product line, you enjoy the best of two worlds, with

flexible and risk-free MPLS implementation.

12

MPLS-TP and IP/MPLS are complementary technologies, each having

unique characteristics better suited to different network domains and

requirements.

Combining packet efficiency with mission-critical grade performance,

MPLS-TP is the best fit for packet-based mission-critical operational

networks.

Since IP/MPLS is typically used in other network domains, a gateway

functionality between IP/MPLS and MPLS-TP, like the one provided by

ECI’s Elastic MPLS, enhances the adoption of MPLS-TP in mission-critical

networks.

Contact us to discover how ECI ensures risk-free and future-proof transition to packet.

ABOUT ECI

ECI is a global provider of ELASTIC network solutions to CSPs, utilities as well as data center operators. Along

with its long-standing, industry-proven packet-optical transport, ECI offers a variety of SDN/NFV applications,

end-to-end network management, a comprehensive cyber security solution, and a range of professional services.

ECI's ELASTIC solutions ensure open, future-proof, and secure communications. With ECI, customers have the

luxury of choosing a network that can be tailor-made to their needs today – while being flexible enough to evolve

with the changing needs of tomorrow. For more information, visit us at w w w.e c i t e l e .c o m