|
|
|
|
|
802.3ah and Secure OAM Edge Awareness | |
||||
|
|
|
||||
|
|
|
||||
|
|
|
802.3ah and Secure OAM Edge Awareness
802.3ah Ethernet in the First Mile iConverter Network Interface Devices (NIDs) support the IEEE 802.3ah Ethernet in the First Mile standard and Secure Operations, Administration and Maintenance (OAM) provisioning. Support of these protocols offers additional security and robust management capabilities to enable large-scale deployment in carrier Metropolitan Ethernet networks. The IEEE 802.3ah Ethernet protocol allows network administrators using iConverter equipment to connect to and monitor 802.3ah compliant third-party devices at the Customer Premises. 802.3ah features include:
These status indicators provide the ability to both identify and isolate problems across multi-vendor, 802.3ah compliant network equipment.
Secure OAM Management Secure OAM is an encrypted, IP-less management channel that enhances the 802.3ah capability of the iConverter system and provides two benefits. First, it allows management of a large number of individual media converters and chassis through one IP address, and second, it provides an added level of security for the management channel that is not affected by customer/end-user actions or traffic on the system. IP-less communication is a unique Omnitron communication protocol using fixed MAC addresses that allows iConverter equipment to communicate over optical links at the physical layer. This communication channel is similar to the OAMPDU (OAM Protocol Data Units) channel defined by IEEE 802.3ah specifications, providing an increased level of security. The Secure OAM channel is not affected by VLAN and Port Access restrictions.
iConverter 10/100M 802.3ah / Secure OAM Management with a 19-Module Chassis
In this illustration, the Management Station controls the 19-Module chassis at the Central Office (CO) by accessing the iConverter Network Management Module (NMM) installed in the chassis. The Management Station can monitor the iConverter 10/100M located at the Customer Premise (CP) via the management channel established between the 10/100M installed in the 19-Module chassis and the standalone 10/100M at the CP. This management channel can be the Secure OAM management channel, the 802.3ah OAM management channel, or a combination of the two. When an 802.3ah OAM management channel is established between the 10/100Ms at the CO and the CP, the Management Station can monitor the health of the 10/100M at the CP. When a Secure OAM management channel is established between the 10/100Ms at the CO and the CP, the management data is IP-less and encrypted. The 10/100M at the CP is a
When the Secure OAM management channel is established between the CO and CP, the 10/100M at the CP can be configured to establish an 802.3ah OAM management channel to the customer equipment. The Management Station has full management control of the 10/100M at the CP and can monitor the health of the 802.3ah-compliant customer equipment. iConverter GX/TM 802.3ah/IP Management
Since IP management traffic shares the same link as the customer traffic at the CO, a management VLAN can be assigned to separate the traffic types and to prevent management traffic from reaching the customer equipment.
|
|
|
|
|
|
|
||||
