On Thursday, February 06, 2014 09:19:59 AM Måns Nilsson wrote:
Or, one could make sure everything has a globally unique IP address and is using reasonably secured communications. The downside is that one then can't defend the existence of those empire-building middleboxes. It is not the telco way, so is of course unthinkable. Like anything beyond WAP was on cell phones a decade ago.
There are, typically, three topology models for modern FTTH (wireline, really) networks that a service provider could deploy: 1. SVLAN N:1 model 2. CVLAN 1:1 model 3. Hybrid of both The SVLAN (N:1) model is simple; just have a single VLAN for each service (VLAN 10 for Internet/Unicast, VLAN 20 for VoIP, VLAN 30 for IPTv/Multicast). This is simple and easy to scale, but if one is using relatively "dumb" AN's (like GPON's or MSAN's), it can be difficult to control how much bandwidth customers need, and how they can roam between services in the home (given CPE ties services to ports). The CVLAN (1:1) model is good for identifying services and bandwidth requirements on a per-customer basis. The main problem with this model is that Multicast traffic gets treated like Unicast, because each customer has a unique VLAN for themselves, and as such, the upstream PE router ends up having to replicate the same linear video stream as many times as there are customers down the line. The Hybrid model, where CVLAN's are used for all Unicast traffic (Internet, VoIP and VoD, typically), and a single SVLAN is used for all customers to handle Multicast traffic (so-called MVLAN). The challenge here is if you're the type of operator that likes to have a consistent set of address per VLAN, it can become a little tricky if your VoIP service is a walled-garden running on private IP space, given it shares the same VLAN as Internet and VoD which would normally run on public IP space. The N:1 SVLAN model is quite simple and scalable for wholesale FTTH services. There is product from some vendors, now, that is built with FTTH in mind. 1U, dense switches (Active-E) that support (reasonably) proper QoS and bandwidth management controls on customer- and core-facing ports, at Layer 2. So that offers you a lot more capability at the AN, and you can manage bandwidth as close to the customer as possible, unlike typical GPON deployments which may not have these features, leaving you to apply bandwidth policy at the PE router - much too far up the line. These new products can also support split horizons across bridge domains (which GPON's and DSLAM's do today), meaning that customers can use the same SVLAN's, but can only communicate via the upstream router (Layer 3), eliminating risk associated with Layer 2 visibility between customers connected to the same bridge domain. Cheers, Mark.