Converging Office Communication Over A Single, Skinny Pipe

BY JIM HOURIHAN

Convergence -- the delivery of voice, data, video, and multimedia all over a single IP network -- promises great benefits for both enterprises and service providers. The promise for enterprises includes lower communication costs and ultimately new ways of doing business. For IP network service providers, convergence promises new money-making opportunities from high-quality, high-value interactive voice and video communication services including IP Centrex, conferencing, unified messaging, presence and instant communication, and more.

Convergence also entails numerous challenges. One of the huge challenges is converging voice, data, video, and multimedia on the skinny pipes between enterprise and service provider networks. Just look at the diagram below! See that skinny pipe? It's typically an expensive T1 -- 1.5 Mbps connecting an enterprise LAN site with 100 Mbps or more bandwidth to the service provider's network with gigabits of bandwidth. That's an extremely tight bottleneck with two orders of magnitude less bandwidth than the networks it ties together.

Take Merlman, Please!
To understand the types of traffic converging on this pipe, let's take the case of Merlman in accounting. (You know Merlman -- that sniffling slacker belittled in the Accountemps radio commercials. Even if you're not familiar with the ad, you surely know someone like this character.) When he is not "sick," Merlman spends his day producing and consuming different types of packets. The value of these packets to the enterprise -- and consequently to the service provider -- is indicated by the following colors in the diagram above:

Brown -- Personal-oriented Web traffic including:

• Browsing for weather forecasts.
• Shopping for hairpieces.
• Streaming video of New England Patriots' Super Bowl highlights.
• Metallica MP3 downloads from Morpheus.

Bronze -- Business-oriented traffic including:

• Corporate e-mail.
• Intranet access for vacation balances and medical coverage information for hair transplants.
• Intra-company IM to other accountants.

Silver -- Critical corporate data applications:

• Order processing, accounts receivable, ERP, and the like.

Gold -- Real-time interactive communications including:

• Voice calls to and from customers on credit hold.
• Voice or video call from Bob, the new CEO, demanding to know why Merlman hasn't extended credit to a huge customer with money.

Governing Flows Through The Pipe
While Merlman may be an extreme case, these four types of packets are produced and consumed by all organizations. To optimally converge Merlman and everyone else through this pipe, there are five basic rules that must govern how the pipe gets used:

1. Premium interactive voice and video is king. Once a real-time, revenue generating, SLA-guaranteed voice or video call is accepted, it must have absolute priority over anything else. The key word here is "accepted." See the final rule below.
2. Don't starve data. Don't allow a pipe to be completely used by voice. It's critical to allow some data, especially the silver packets, to traverse the link.
3. If the king isn't using the pipe, use all of it for data. The full capacity of the pipe must be available for data if there is no voice or video. Otherwise, we are still "channelizing" the pipe and not benefiting from all the cost savings resulting from complete convergence.
4. Even the king needs limits. Call admission policies must control and limit the maximum number of total calls, the number by type of call (voice versus video), the number initiated from inside and outside an enterprise location, and exceptions to these rules like emergency 911 calls.
5. If the king can't be satisfied, don't even try. If the pipe is already congested, new call set-up requests must be rejected (except for that 911 call). Adding just one more call to that pipe will deteriorate not only the quality of that new call, but each and every call on that pipe.

Fixing The Plumbing Into The Pipe
To implement these five rules, we need the right plumbing to the skinny pipe that gives us critical intelligence and control capabilities:

• Traffic classification and prioritization. Differentiate gold, silver, bronze, and brown packets and prioritize traffic flow through the pipe based upon packet color.
• Pipe capacity and utilization. Understand the total bandwidth of the pipe and the actual traffic volume flowing through the pipe.
• Call admission control. Accept or reject new calls based upon configurable call limit policies and actual traffic flowing through the pipe.

The right plumbing requires not only the right valves on the pipe, but the right feeder pipes and, in some cases, dye to color different water sources. Let's see what we have in our network plumbing bag that will give us these capabilities.

Traffic Classification And Prioritization
To get traffic optimally out of the enterprise through that skinny pipe, we don't even want to try to classify Merlman's brown packets. We just want to ensure that we can classify everything else. This can be done fairly easily for silver and bronze packets using the network address of the various application servers.

Classifying gold packets requires more work. For IP phones and other devices that generate only gold bits, we need to either set the ToS (Type of Service) bits correctly on the phone and/or assign them to a VLAN (Virtual Local Area Network) separate from data so that the router can use the packet markings or VLAN interface for prioritization over the skinny pipe.

For Merlman's Windows XP PC, we will have a problem. A Windows XP PC supports all four colors of packets. We can't put this PC on the voice VLAN, because we'll end up classifying both the brown and gold packets from this PC as gold. We cannot rely on ToS bits either, unless the softphone application can set them, and this brings us to our first problem: many of today's softphones do not allow us to set ToS bits.

Once the packets leave the access router, they flow through the skinny pipe and enter the service provider cloud via its edge router. The quality of service (QoS) approach used in the cloud will have a major impact not only on the packet's ability to optimally traverse the cloud and get into the other skinny pipe, but also to get onto the right VLAN in the enterprise. Prioritizing and routing the silver and bronze packets are easy since the same network address rules can be used. For the gold packets again, things are more complicated.

Packets can be prioritized and routed correctly all the way to the enterprise VLAN only if the service provider:

• Trusts all of their customers to use the exact same ToS bit marking scheme and correctly mark gold packets. (This is a big "if" and is related to the problem of not all softphones setting ToS bits.)
• Does not change the ToS bits and uses ToS or MPLS in their network. (MPLS just assigns an additional tag that doesn't change the ToS bits.)

With networks using DiffServe, a problem may exist since ToS and DiffServe bit markings are overlapping and might not be compatible. The gold packets won't be able to get on the right VLAN in the enterprise if they have been changed by the service provider.

This brings us to our second problem. If gold packet markings coming from another network cannot be trusted, the service provider changes the ToS bits, or DiffServe is used in the service provider cloud, the gold packets must be explicitly marked based upon call signaling intelligence.

Pipe Capacity And Utilization, Plus Call Admission Control
The problem of understanding pipe capacity and utilization and making admission control decisions is very challenging. Routers using ToS and DiffServe for packet prioritization have absolutely no notion of capacity limits and utilization. MPLS routers do, but only internal to the cloud and not over the external skinny pipe. Even if they did, they could not gracefully refuse a call because they do not participate in call set-up messages. A router using any of these mechanisms will just try to cram every packet it receives through that skinny pipe.

RSVP won't solve the problem either because it cannot be used to establish a single reservation for a collection of related flows going in different directions. In the case of voice or video, multiple two-way signaling and media flows must all be accepted for the call to be started. Consequently, it's possible that reservations for the low-bandwidth call set-up messages would be accepted, but not for the high-bandwidth media flows. The results cause huge problems. Bob and/or Merlman hear or see nothing, an accounting record is created, and if the call is billable, huge customer care and billing reconciliation costs are incurred. Lastly, RSVP works on a first-come, first-served basis. It has no notion of call admission policies to reserve bandwidth for data by limiting the maximum number of total calls, the number of types of call, and exceptions to rules like emergency 911 calls. That brings us to the last of three problems: No routers today understand skinny pipe capacity and utilization, and can make call admission control decisions based upon that intelligence.

The Skinny On Solving The Three Big Skinny Pipe Problems
The key to overcoming these obstacles and successfully converging Merlman's packets through that skinny pipe and is the tight integration of session signaling and media flow control. A new category of equipment has recently been introduced that specifically solves these three big problems. They also satisfy other critical security, SLA assurance, bandwidth policing, and law enforcement requirements for interactive, session-oriented communications like voice and video.

These products, generically called "session directors," sit at the edge of the service provider network where these skinny pipes connect and complement the traffic classification and prioritization capabilities of the service provider's edge router and the enterprise's access router. They handle both the SIP signaling messages and the RTP-based media packets with microsecond latency. They control call admission gracefully based upon pipe capacity, utilization, and other policies, and tightly control just the signaled media flows including Layer 2 and 3 QoS marking, network address and port translation, bandwidth policing, and other functions.

The ability to closely control packet prioritization will help enterprises logically route our "fat," converged data through our skinny pipes.

Jim Hourihan is vice president, marketing & product management for Acme Packet. Acme Packet enables network service providers to deliver premium, interactive communications -- voice, video and multimedia sessions -- across IP networks. The company's carrier-class equipment satisfies critical security, SLA assurance, revenue and profit protection and law enforcement requirements in wireline, wireless and cable networks.