<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:919143679;
mso-list-type:hybrid;
mso-list-template-ids:-1849381022 201916417 201916419 201916421 201916417 201916419 201916421 201916417 201916419 201916421;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1276014645;
mso-list-type:hybrid;
mso-list-template-ids:-112038392 201916433 201916441 201916443 201916431 201916441 201916443 201916431 201916441 201916443;}
@list l1:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">IMHO getting the queueing/shaping right is the single most important factor. In my experience, using a rate-limit will result in significantly reduced performance amplified by the fact that there is quite often
only 1 or 2 users on the end of it with very few streams to spread the policing across. I would be very surprised if you are getting equivalent to the respective speed tier as to avoid NBNcos policer you would need such aggressive values that a single TCP
stream will continuously collapse and restart the moment the window size slides out. As per the NBN NNI specification the AVC should be shaped at no more than 10ms of peak burst size (PBS). Additionally the overall CVC should also be shaped at no more than
10ms PBS. In my experience, this is more like 1-4 ms in Cisco land and you need ASR equivalent to be able to shape correctly (in hardware). If you cannot do this, ask your supplier if they can do it for you.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Why in hardware? The timing interval of the CPU/software based platforms (eg classical LNS) don’t have the clock resolution needed to shape at the fine resolutions required by NBNCo. For example if we applied
a shaper on a Cisco software based platform which has a minimum clocking interval of 4ms and then sample the traffic at sub ms rates, we can see peaks of 13.7Mbps and such which are getting clipped by NBNCo’s policer despite the average rate (over 4ms) being
<12mbps (11.5Mbps) (see <a href="http://i.imgur.com/NGP6LlG.jpg">http://i.imgur.com/NGP6LlG.jpg</a>) If we were to use a policer we can see even when speedtest fires up 4 parallel streams it cannot get more than 13Mbps out of the link because each one is
being repeatedly smacked down due to the aggressive PBS (see <a href="http://i.imgur.com/E8UIpgE.jpg">
http://i.imgur.com/E8UIpgE.jpg</a> ) if we apply a shaper in hardware at 1ms resolution things look mucho better (see
<a href="http://i.imgur.com/UeJdwWh.jpg">http://i.imgur.com/UeJdwWh.jpg</a> ) (ASR will shape to us values with “lowburst-enabled”)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Now, on to the questions at hand.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>Benefits of terminating the CVC on a switch vs the router that terminates the AVCs (providing DHCP+RADIUS+Queuing)<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Really comes down to what your router is and what you want to do at the AVC/CVC level. The main reason I can see for moving the NNI to a switch is MTBF on ye old router vs ye old switch and whether your router
has redundant supervisor/linecards and can accommodate for all manner or failures. A switch would allow you to break out to multiple aggregation points and/or potentially do S/C-TAG manipulation that your router may not be able to. Without knowing the switchr/router/topology
and objectives this is a bit of a grey one.<o:p></o:p></span></p>
<p class="MsoListParagraph"><o:p> </o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>How to avoid the DHCP lease causing grief for customers that change their on-premises router (MAC address change)<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Ideally you want to take the Option 82 information and bounce this off your radius server. So in the DHCP DISCOVER the Option 82 circuit ID will be inserted by an intermediate agent being NBNCo as follows<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><i><span style="color:#1F497D"> Option: (82) Agent Information Option<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="color:#1F497D"> Length: 36<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="color:#1F497D"> Option 82 Suboption: (1) Agent Circuit ID<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="color:#1F497D"> Length: 15<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="color:#1F497D"> Agent Circuit ID: 415643303030303031303130303437<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Hex to Alphanumeric 415643303030303031303130303437 = AVC000001010047<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">This then allows you to authenticate the service and provide it an IP regardless of MAC changes on the UNI-D side.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>Our current config requires split-horizon bridging, otherwise traffic was dropped by nbn – this breaks inter-customer connectivity which we would like to resolve<o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">Ideally I would attempt to preserve the S/C-TAG (or at least C-TAG) all the way through to the aggregation layer so you have discrete services you can work with (as you mention you are doing with your other supplier)
Have the supplier indicate to you in the provisioning process what the Vlan tag(s) are for the AVC. This avoids using bridge groups with split horizons at Layer2 and lets routing take care of the inter-CE connectivity in the public table or drop the service
into a VRF, MPLS/VPLS/L2TP it elsewhere or basically whatever. You can still use a common configuration to aggregate all C-Tags under a common S-Tag for example S-Tag 106 C-Tags 1000-3999 ;<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><i><span style="color:#1F497D">interface GigabitEthernet0/2.106<o:p></o:p></span></i></p>
<p class="MsoNormal"><i><span style="color:#1F497D">encapsulation dot1Q 106 second-dot1q 1000-3999<o:p></o:p></span></i></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">All of the NBN specification documents are available here but they won’t go into the design you talk of as that is in the realm of the access seeker (ie your supplier) . There is a couple of ways to cook the
goose but I suspect what they’ll be doing is a 2-to-2 swap with a egress pop. So on the BNG the AVC will be provided by NBNCO in the format of S/C-Tag let’s say S-tag 2150 and C-tag 3766 . BNG would then vlan swap the outer to an internal vlan and vlan swap
the inner to an incrementing vlan. Eg swap 2150/3766 to 100/1000 . Your traffic is carried through their network on a single Vlan 100 and on the egress side (your AGVC to the supplier) they will pop Vlan 100 exposing the underlying C-Tag so you see a single
Vlan per AVC (auto incrementing from 1000)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"><a href="http://www.nbnco.com.au/sell-nbn-services/supply-agreements/wba2.html">http://www.nbnco.com.au/sell-nbn-services/supply-agreements/wba2.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#002060"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">If you need any clarification just holler.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D">… and I’ve said it before, and I’ll say it again, the silence from NBNCo on this list is deafening. C’mon guys, come to the party ;) ;)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="mso-fareast-language:EN-AU">From:</span></b><span lang="EN-US" style="mso-fareast-language:EN-AU"> AusNOG [mailto:ausnog-bounces@lists.ausnog.net]
<b>On Behalf Of </b>Philip Loenneker<br>
<b>Sent:</b> Tuesday, 24 November 2015 9:05 AM<br>
<b>To:</b> ausnog@ausnog.net<br>
<b>Subject:</b> [AusNOG] NBN NNI recommendations<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Hi all,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We already supply NBN services to customers, however our NNI configuration is not ideal. We are in the process of building a new NNI for a PoI we will start servicing soon, and rather than just copy what we already have, we’re going back
to the drawing board to try identify a better setup. I’ve been reading through the NBN technical documents, but I’m after some advice beyond the scope of their documentation. I wasn’t around when it was originally set up so I’m going by what I’ve been told
and have been able to identify so far. Please excuse any foolish questions <span style="font-family:Wingdings">
J</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We are using IPoE, not PPPoE. The CVC is terminating on a single router hooking into Freeradius for static IP and rate limit configs.
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’m particularly interested in getting some advice based on practical experience regarding what works and what should be avoided, including:<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>Benefits of terminating the CVC on a switch vs the router that terminates the AVCs (providing DHCP+RADIUS+Queuing)<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>How to avoid the DHCP lease causing grief for customers that change their on-premises router (MAC address change)<o:p></o:p></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo2"><![if !supportLists]><span style="font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]>Our current config requires split-horizon bridging, otherwise traffic was dropped by nbn – this breaks inter-customer connectivity which we would like to resolve<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">On a related note, we have previously purchased layer 2 NBN services from another supplier, where they present a VLAN on our cross-connect which is effectively presented untagged on a UNI-D port. We put IPs at each end and can route across
it without needing DHCP etc. There is no additional equipment connected to the UNI-D to terminate a VPN, it’s just our device with no special port config. I can’t find documentation around this type of service (it seems to be available for voice and multicast
traffic, but not regular traffic), but it’s something we’re interested in being able to supply. Does anyone know how this might be done?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any thoughts would be appreciated.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:JA">Regards,<o:p></o:p></span></p>
<p class="MsoNormal">Philip Loenneker<o:p></o:p></p>
</div>
</body>
</html>