DOCSLIB.ORG

Metro Ethernet Design Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Metro Ethernet Design Guide Design and Implementation Guide Juniper Networks Metro Ethernet Design Guide August 2016 ii © 2016 Juniper Networks, Inc. Design and Implementation Guide Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net Copyright © 2016, Juniper Networks, Inc. All rights reserved. © 2016 Juniper Networks, Inc. iii Design and Implementation Guide Table of Contents Chapter 1 Introduction ............................................................................................................... 1 Using MPLS with Metro Ethernet ........................................................................................... 1 Metro Ethernet Solutions ......................................................................................................... 2 Chapter 2 Metro Ethernet Overview ......................................................................................... 3 Metro Ethernet Service Types ..................................................................................................... 5 Carrier Ethernet Overview........................................................................................................... 5 Carrier Ethernet Certification ................................................................................................... 6 Chapter 3 Architecture Overview .............................................................................................. 7 Juniper Networks Portfolio for Metro Ethernet Networks .......................................................... 7 ACX Series Routers in the Access Segment ............................................................................ 7 ACX Series Routers in the Metro Aggregation Segment ........................................................ 7 MX Series Routers in the Metro Aggregation and Core Segments ......................................... 8 PTX Series Routers in the Core Segment ................................................................................ 8 Junos Space Platform ............................................................................................................... 8 Metro Ethernet as Part of Access and Aggregation ..................................................................... 9 Ethernet Bridging as Metro Ethernet Transport ........................................................................ 10 Chapter 4 Metro Ethernet Scenarios ........................................................................................ 13 Layer 2 Business Access ........................................................................................................... 13 Wholesale Mobile Backhaul ...................................................................................................... 15 Wholesale MBH Deployment Options .................................................................................. 17 Wholesale MBH Deployment with Dual E-Line Services and Layer 3 CPE ........................ 18 Wholesale MBH Deployment with Dual E-Line Services and Layer 2 CPE ........................ 19 Wholesale MBH Deployment with E-LAN/E-Tree Services ................................................ 20 Layer 3 Business Access and DIA Service Profile.................................................................... 22 Residential Aggregation Use Case ............................................................................................ 25 Enabling EVC for Residential Internet Access ...................................................................... 26 iv © 2016 Juniper Networks, Inc. Design and Implementation Guide Enabling Multicast Delivery in the MAN ................................................................................. 29 Enabling Connectivity for the Inbound OAM of the CPE/STB............................................. 33 Chapter 5 Enabling Metro Ethernet Services on Junos Platforms.......................................... 35 Design Considerations, Definitions, and Prerequisites ............................................................. 35 Deployment Topologies ............................................................................................................ 36 Chapter 6 Metro Ethernet Nodes and Functions ..................................................................... 39 Metro Access Nodes and Functions ....................................................................................... 39 Metro Aggregation Nodes and Functions .............................................................................. 40 Chapter 7 Enabling Metro EVC in Junos ................................................................................ 43 Establishing End-to-End EVCs .............................................................................................. 47 S-VLAN Translation of the EVC between Ethernet Rings .............................................. 48 Ethernet Bridging verses MPLS in the Access Node ............................................................. 50 Specifics of VPLS Deployments in the MAN ....................................................................... 51 BGP Versus LDP Signaling .............................................................................................. 51 End-to-End EVC Stitching with VPLS Routing Instance (Option 1)............................... 52 End-to-End EVC Stitching with VPLS RI (Option 2) ...................................................... 54 Recommendations for VPLS Routing Instances and VSI Deployment in the MAN ....... 56 Summary of the VPLS Flavors Supported by Junos Platforms ............................................. 57 MPLS AN with Multiple UNIs per Customer ....................................................................... 58 Using LT-Interface at VPLS Hub to Terminate Spoke’s PW........................................... 59 VPLS Light Deployment Options on ACX Series Routers .............................................. 60 Terminating Multiple Spokes from a Single AN into the Same Mesh Group .................. 60 © 2016 Juniper Networks, Inc. v Design and Implementation Guide Chapter 8 Tunneling L2CP Traffic .......................................................................................... 63 MX Series Router as VPLS or MPLS Access Node ................................................................. 65 ACX Router as Ethernet Access Node ...................................................................................... 65 ACX Router as MPLS Access Node ......................................................................................... 65 Chapter 9 CoS Planning for Metro Ethernet Services ............................................................. 67 General Notes about CoS Management on Junos Platforms ..................................................... 67 Customer Frame Classification and Scheduling in MAN................................................. 70 Customer L2CP Frames Classification ............................................................................. 73 Chapter 10 Bandwidth Profile for Metro-E Services ................................................................ 75 Defining Bandwidth Profile ...................................................................................................... 75 Coupling Flag and Color Mode Consideration.......................................................................... 76 Bandwidth parameters: CIR, EIR, CBS and EBS ..................................................................... 77 Supported BWP Models and Platforms ................................................................................. 78 Chapter 11 Infrastructure Security Design and Considerations ................................................ 79 Security Considerations ............................................................................................................. 79 Protecting Against Unauthorized Access .................................................................................. 80 Protecting Against Hijacking Threats ....................................................................................... 80 Control Plane DDOS Protection ............................................................................................ 80 CFM Traffic Policing ............................................................................................................. 81 Restricting the Size of MAC Learning Tables ....................................................................... 81 Protecting Against Layer 2 Loops ............................................................................................. 81 Infrastructure Triggered Broadcast Storms ............................................................................ 82 Broadcast Storms in VPLS Architectures ......................................................................... 82 Broadcast Storms in a Hybrid Architectures .................................................................... 82 vi © 2016 Juniper Networks, Inc. Design and Implementation Guide Customer-Triggered Broadcast Storms .................................................................................. 82 Layer 2 Storm Control............................................................................................................ 84 Control Plane Protection During a Layer 2 Storm ................................................................. 85 MAC Move Control ..............................................................................................................
Load more

Recommended publications
  • MPLS-Based Metro Ethernet Networks a Tutorial • Paresh Khatri • 2018
    MPLS-based Metro Ethernet Networks A tutorial • Paresh Khatri • 2018 1 © Nokia 2017 Public Agenda 1. Introduction 2. Introduction to Metro Ethernet Services 3. Traditional Metro Ethernet networks 4. Delivering Ethernet over MPLS 5. Summary 6. Questions 2 © Nokia 2017 Public introduction 3 © Nokia 2017 Public Introduction • Paresh Khatri ([email protected]) - Chief Architect – IP Routing & Transport APAC, Alcatel-Lucent • Key focus areas: - End-to-end network architectures - SDN/NFV - Large-scale IP/MPLS networks - L2/L3 VPNs - Carrier Ethernet - Next-generation mobile backhaul networks • Acknowledgements: - Some figures and text are provided courtesy of the Metro Ethernet Forum (MEF) 4 © Nokia 2017 Public introduction to metro ethernet services 5 © Nokia 2017 Public AGenda 2. Introduction to Metro Ethernet Services a) Why Metro Ethernet ? b) Attributes of Carrier Ethernet c) Carrier Ethernet Services defined by the MEF 6 © Nokia 2017 Public 2.1 Why Metro Ethernet ? 7 © Nokia 2017 Public Introduction to Metro Ethernet Services What is Metro Ethernet ? “… generally defined as the network that bridges or connects geographically separated enterprise LANs while also connecting across the WAN or backbone networks that are generally owned by service providers. The Metro Ethernet Networks provide connectivity services across Metro geography utilising Ethernet as the core protocol and enabling broadband applications” from “Metro Ethernet Networks – A Technical Overview” from the Metro Ethernet Forum 8 © Nokia 2017 Public Introduction to Metro
    [Show full text]
  • Generating Synthetic Voip Traffic for Analyzing Redundant Openbsd
    UNIVERSITY OF OSLO Department of Informatics Generating Synthetic VoIP Traffic for Analyzing Redundant OpenBSD-Firewalls Master Thesis Maurice David Woernhard May 23, 2006 Generating Synthetic VoIP Traffic for Analyzing Redundant OpenBSD-Firewalls Maurice David Woernhard May 23, 2006 Abstract Voice over IP, short VoIP, is among the fastest growing broadband technologies in the private and commercial sector. Compared to the Plain Old Telephone System (POTS), Internet telephony has reduced availability, measured in uptime guarantees per a given time period. This thesis makes a contribution towards proper quantitative statements about network availability when using two redun- dant, state synchronized computers, acting as firewalls between the Internet (WAN) and the local area network (LAN). First, methods for generating adequate VoIP traffic volumes for loading a Gigabit Ethernet link are examined, with the goal of using a minimal set of hardware, namely one regular desktop computer. pktgen, the Linux kernel UDP packet generator, was chosen for generating synthetic/artificial traffic, reflecting the common VoIP packet characteristics packet size, changing sender and receiver address, as well as typical UDP-port usage. pktgen’s three main parameters influencing the generation rate are fixed inter-packet delay, packet size and total packet count. It was sought to relate these to more user-friendly val- ues of amount of simultaneous calls, voice codec employed and call duration. The proposed method fails to model VoIP traffic accurately, mostly due to the cur- rently unstable nature of pktgen. However, it is suited for generating enough packets for testing the firewalls. Second, the traffic forwarding limit and failover behavior of the redun- dant, state-synchronized firewalls was examined.
    [Show full text]
  • Navigating Network Migration Challenges: Upgrade Your 1GE
    Navigating Network Migration Challenges: Upgrade Your 1GE Metro Ethernet Access Network to 10GE A White Paper from Telco Systems Upgrade Your 1GE Metro Ethernet Access Network to 10GE | 2 Intoduction Many businesses and service providers are migrating from • Service providers are finding it more difficult to live up to 1GE to 10GE networks as they attempt to avoid the obstacles their customers’ service level agreements (SLA) to presented by heavy bandwidth, while leveraging the benefits provide multiple services, which require more bandwidth that 10GE networking has to offer. The requirement for • Generating more revenue within the current limits of a more bandwidth has become a constant battle. As internet 1Gig network usage continues to increase with the popularity of data and streaming services, so does the demand for more bandwidth. As the gap between service revenues and the demand for From education (homework, e-learning, campus networks), higher bandwidth grows, providers are looking for ways to finance (online banking, stock trading, bill pay), and business better control their expenses while offering higher bandwidth purposes (company intranets, remote workers), to social media and more services to more customers. With the increasing (Facebook, Instagram, Twitter, Snapchat), political (campaigns demand for more bandwidth with OTT (over-the-top) and outreach) and personal purposes, data requirements applications like video streaming, Hulu, Netflix, and Amazon continue to rise – quicker than service providers can react. Prime becoming more popular, 1GE networks aren’t going to cut it anymore. In support of these activities, service providers are being driven to enhance their network capacities in their business Ethernet, To conquer these challenges, enterprises and service mobile backhaul, E-Rate, cloud networking, and SDN & NFV providers are migrating their 1GE networks to 10GE.
    [Show full text]
  • Memory Protection in Embedded Systems Lanfranco Lopriore Dipartimento Di Ingegneria Dell’Informazione, Università Di Pisa, Via G
    CORE Metadata, citation and similar papers at core.ac.uk Provided by Archivio della Ricerca - Università di Pisa Memory protection in embedded systems Lanfranco Lopriore Dipartimento di Ingegneria dell’Informazione, Università di Pisa, via G. Caruso 16, 56126 Pisa, Italy E-mail: [email protected] Abstract — With reference to an embedded system featuring no support for memory manage- ment, we present a model of a protection system based on passwords and keys. At the hardware level, our model takes advantage of a memory protection unit (MPU) interposed between the processor and the complex of the main memory and the input-output devices. The MPU sup- ports both concepts of a protection context and a protection domain. A protection context is a set of access rights for the memory pages; a protection domain is a set of one or more protection contexts. Passwords are associated with protection domains. A process that holds a key match- ing a given password can take advantage of this key to activate the corresponding domain. A small set of protection primitives makes it possible to modify the composition of the domains in a strictly controlled fashion. The proposed protection model is evaluated from a number of salient viewpoints, which include key distribution, review and revocation, the memory requirements for storage of the information concerning protection, and the time necessary for key validation. Keywords: access right; embedded system; protection; revocation. 1. INTRODUCTION We shall refer to a typical embedded system architecture featuring a microprocessor inter- facing both volatile and non-volatile primary memory devices, as well as a variety of input/out- put devices including sensors and actuators.
    [Show full text]
  • T-Metro 200 Carrier Ethernet Multi-Service Ces Aggregation
    T-Metro 200 carrier ethernet multi-service ces aggregation The T-Metro 200 is a feature-rich multiservice access device designed to increase service provider revenues and deliver a complete portfolio of voice, data and video services. The T-Metro family of products supports a wide variety of technologies including Ethernet, circuit emulation services (CES), MPLS, OAM (operations, administration and maintenance) tools and hierarchical quality of service (HQoS). This rich combination of technologies PRODUCT HIGHLIGHTS allows service providers to deliver an enhanced service offering while Enhanced Ethernet services, maintaining competitive pricing. features and capabilities The T-Metro 200 provides access to advanced data services such as virtual – 802.1ad provider bridges for Ethernet private LAN services (VPLS), virtual private wire services (VPWS) and IP virtual based L2VPN services private network (IP-VPN) services. In addition, the T-Metro product line enables – Super VLAN for traffic isolation service providers to carry native TDM traffic transparently across packet – Fast-Ring with sub 50ms recovery switched networks (PSN), using various circuit emulation techniques. The TDM traffic is encapsulated in Ethernet or IP frames to emulate the functionality of a – IEEE 802.3ad link aggregation TDM circuit, ensuring that all original feature-sets are preserved. Circuit Emulation Services deliver traditional voice or leased line Designed for Metro Ethernet Services services Convergence of voice, data and video services over a single Ethernet-based – Structured agnostic traffic over infrastructure is transforming the way enterprises and service providers packet (SAToP) conduct their businesses. The T-Metro 200’s versatility, advanced feature-set, – CES over packet switched networks wire speed performance and robust design makes it an ideal convergence (CESoPSN) platform for metro applications, either in a bridged metro Ethernet or MPLS – T1/E1; DS3/T3, OC-3/STM-1 environment.
    [Show full text]
  • Gigabit Ethernet Pocket Guide
    GbE.PocketG.fm Page 1 Friday, March 3, 2006 9:43 AM Carrier Class Ethernet, Metro Ethernet tester, Metro Ethernet testing, Metro Ethernet installation, Metro Ethernet maintenance, Metro Ethernet commissioning, Carrier Class Ethernet tester, Carrier Class Ethernet testing, Carrier Class Ethernet installation, Carrier Class Ethernet maintenance, Gigabit Ethernet tester, Gigabit Ethernet testing, Gigabit Ethernet installation, Gigabit Ethernet maintenance, Gigabit Ethernet commissioning, Gigabit Ethernet protocols, 1000BASE-T tester, 1000BASE-LX test, 1000BASE-SX test, 1000BASE-T testing, 1000BASE-LX testing Trend’s Gigabit EthernetPocket Guide AuroraTango Gigabit Ethernet Multi-technology Personal Test Assistant Platform for simple, fast and effective testing of Gigabit Ethernet, ADSL, OSI model 802.3 model SHDSL, and ISDN. Aurora Tango 7 Application Upper layers Gigabit Ethernet has an exceptional 6 Presentation Reconciliation range of features Upper ensuring reliable delivery of end-to-end 5 Session layers services over Metropolitan networks MII Media independent based on Gigabit Ethernet. 4 It includes a full range of tests and Transport measurements, such as RFC-2544, PCS top ten addresses, real-time Ethernet 3 Network LLC (802.2) statistics, multilayer BERT, etc. Two PMA Gigaport transceivers allow terminate, 2 Data Link MAC (803.3) loopback and monitor connections to Autonegotiation networks, plus a 10/100/1000BASE-T Physical cable port for legacy testing. 1 PHY (802.3) dependent Media MDI A PDA provides an intuitive graphical menu
    [Show full text]
  • Carrier Ethernet Configuration Guide, Cisco IOS Release 12.2SR
    Carrier Ethernet Configuration Guide, Cisco IOS Release 12.2SR Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Carrier Ethernet Tutorial
    Carrier . Ethernet Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 [email protected] These slides and audio/video recordings of this class lecture are at: http://www.cse.wustl.edu/~jain/cse570-19/ Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-19/ ©2019 Raj Jain 6-1 Overview 1. Enterprise vs Carrier Ethernet 2. UNI vs Peer-to-Peer Signaling 3. Metro Ethernet 4. Ethernet Provider Bridge (PB) 5. Provider Backbone Network (PBB) 6. Connection Oriented Ethernet Note: Although these technologies were originally developed for carriers, they are now used inside multi-tenant data centers Washington(clouds) University in St. Louis http://www.cse.wustl.edu/~jain/cse570-19/ ©2019 Raj Jain 6-2 Enterprise vs. Carrier Ethernet Enterprise Carrier Distance: up to 2km Up to 100 km Scale: Few K MAC addresses Millions of MAC Addresses 4096 VLANs Millions of VLANs Q-in-Q Protection: Spanning tree Shortest Path Routing Path determined by spanning Traffic engineered path tree Simple service SLA Priority ⇒ Aggregate QoS Need per-flow QoS No performance/Error Need performance/BER monitoring (OAM) Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-19/ ©2019 Raj Jain 6-3 Carriers vs. Enterprise We need to exchange topology for Sorry, We can’t tell you optimal routing. anything about our internal network. Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse570-19/ ©2019 Raj Jain 6-4 Network Hierarchy Provider Provider Backbone Provider Customer Bridge Network Bridge Network Bridge Network Customer Network (PBN) (PBBN) (PBN) Network Backbone Provider Provider Core Core Core Bridge Bridge Bridge Customer Provider Provider Customer Edge Edge Backbone Edge Edge Bridge Bridge Provider Backbone Edge Provider Bridge Bridge Edge Edge Bridge Edge Bridge Bridge Bridge Washington University in St.
    [Show full text]
  • Kafl: Hardware-Assisted Feedback Fuzzing for OS Kernels
    kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Sergej Schumilo, Cornelius Aschermann, and Robert Gawlik, Ruhr-Universität Bochum; Sebastian Schinzel, Münster University of Applied Sciences; Thorsten Holz, Ruhr-Universität Bochum https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/schumilo This paper is included in the Proceedings of the 26th USENIX Security Symposium August 16–18, 2017 • Vancouver, BC, Canada ISBN 978-1-931971-40-9 Open access to the Proceedings of the 26th USENIX Security Symposium is sponsored by USENIX kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Sergej Schumilo Cornelius Aschermann Robert Gawlik Ruhr-Universität Bochum Ruhr-Universität Bochum Ruhr-Universität Bochum Sebastian Schinzel Thorsten Holz Münster University of Applied Sciences Ruhr-Universität Bochum Abstract free vulnerabilities, are known threats for programs run- Many kinds of memory safety vulnerabilities have ning in user mode as well as for the operating system been endangering software systems for decades. (OS) core itself. Past experience has shown that attack- Amongst other approaches, fuzzing is a promising ers typically focus on user mode applications. This is technique to unveil various software faults. Recently, likely because vulnerabilities in user mode programs are feedback-guided fuzzing demonstrated its power, pro- notoriously easier and more reliable to exploit. How- ducing a steady stream of security-critical software bugs. ever, with the appearance of different kinds of exploit Most fuzzing efforts—especially feedback fuzzing—are defense mechanisms – especially in user mode, it has limited to user space components of an operating system become much harder nowadays to exploit known vul- (OS), although bugs in kernel components are more nerabilities.
    [Show full text]
  • Marvell Carrier Ethernet 2.0 White Paper
    WHITE PAPER Carrier Ethernet 2.0: A Chipmaker’s Perspective Tal Mizrahi Uri Safrai Marvell June 2015 ABSTRACT Over the past decade Ethernet has increasingly become a common and widely deployed technology in carrier networks. Carrier Ethernet 2.0 is a set of features and services that form the second generation of carrier networks, as defined by the Metro Ethernet Forum (MEF). This white paper presents a brief overview of CE 2.0, and provides a chipmaker’s perspective on CE 2.0, its main features, and its impact on network equipment silicon, with a focus on Marvell® Prestera®-DX devices. Introduction The Metro Ethernet Forum The Metro Ethernet Forum (MEF) is an industry consortium, focused on the adoption of Carrier Ethernet networks and services. The forum is composed of service providers, carriers, network equipment vendors and other networking companies that share an interest in Metro Ethernet [9]. As opposed to other networking-related standard organizations, such as the Internet Engineering Task Force (IETF) and the IEEE 802.1 working group, that define networking protocols, the MEF is dedicated to defining how all the pieces of the puzzle fit together in Carrier Ethernet networks. The MEF defines network architectures, deployment scenarios and test suites. The MEF also defines the relationship and interaction between two main entities: -Subscriber—the organization purchasing the Carrier Ethernet service. -Service Provider—the organization providing the Carrier Ethernet service. The MEF has a certification program that provides conformity testing to the MEF specifications. What is Carrier Ethernet 2.0? CE 2.0 is the second generation of services and networks defined by the MEF.
    [Show full text]
  • Carrier Ethernet Interconnect
    Carrier Ethernet Interconnect MEF Reference Presentation November 2011 1 MEF Reference Presentations • Intention – These MEF reference presentations are intended to give general overviews of the MEF work and have been approved by the MEF Marketing Committee – Further details on the topic are to be found in related specifications, technical overviews, white papers in the MEF public site Information Center: http://metroethernetforum.org/InformationCenter Notice © The Metro Ethernet Forum 2011. Any reproduction of this document, or any portion thereof, shall contain the following statement: "Reproduced with permission of the Metro Ethernet Forum." No user of this document is authorized to modify any of the information contained herein. 2 Topics • Definition and Benefits • Carrier Ethernet Services • Carrier Ethernet Interconnect Review • MEF Carrier Ethernet Interconnect Program • Carrier Ethernet Expansion Continues End User Ethernet Virtual Connection (EVC) End User Subscriber Subscriber Site Site UNI Carrier Ethernet Service Provider ENNI Carrier Ethernet Service Provider UNI CE CE 3 4 MEF Carrier Ethernet Interconnect Interconnected, autonomous, Carrier Ethernet networks, locally, regionally, nationally, globally Enabling… – Standardized, streamlined delivery of MEF-certified Carrier Ethernet services over multiple, connected, Carrier Ethernet networks. – End-to-end support for all Carrier Ethernet attributes 5 Why Carrier Ethernet Interconnect? • Fulfills the goal of providing business with a seamless, local and worldwide business network
    [Show full text]
  • 130 Demystifying Arm Trustzone: a Comprehensive Survey
    Demystifying Arm TrustZone: A Comprehensive Survey SANDRO PINTO, Centro Algoritmi, Universidade do Minho NUNO SANTOS, INESC-ID, Instituto Superior Técnico, Universidade de Lisboa The world is undergoing an unprecedented technological transformation, evolving into a state where ubiq- uitous Internet-enabled “things” will be able to generate and share large amounts of security- and privacy- sensitive data. To cope with the security threats that are thus foreseeable, system designers can find in Arm TrustZone hardware technology a most valuable resource. TrustZone is a System-on-Chip and CPU system- wide security solution, available on today’s Arm application processors and present in the new generation Arm microcontrollers, which are expected to dominate the market of smart “things.” Although this technol- ogy has remained relatively underground since its inception in 2004, over the past years, numerous initiatives have significantly advanced the state of the art involving Arm TrustZone. Motivated by this revival ofinter- est, this paper presents an in-depth study of TrustZone technology. We provide a comprehensive survey of relevant work from academia and industry, presenting existing systems into two main areas, namely, Trusted Execution Environments and hardware-assisted virtualization. Furthermore, we analyze the most relevant weaknesses of existing systems and propose new research directions within the realm of tiniest devices and the Internet of Things, which we believe to have potential to yield high-impact contributions in the future. CCS Concepts: • Computer systems organization → Embedded and cyber-physical systems;•Secu- rity and privacy → Systems security; Security in hardware; Software and application security; Additional Key Words and Phrases: TrustZone, security, virtualization, TEE, survey, Arm ACM Reference format: Sandro Pinto and Nuno Santos.
    [Show full text]