Router Chips Spawn IP Services Race

Written by Channel
May 31, 1999

Posted: 06/1999

Router Chips Spawn IP Services Race
Telecom Giants Scramble To Acquire Intelligent Edge Suppliers
By Peter Lambert

In 1998, a new distributed microprocessor architecture for data routers began to yield
a new class of terabit-per-second routers that can forward packets as fast as the fastest
Internet backbone wires can deliver them. In 1999, the fruits of distributed processors
inside routers have reached the access edge of the Internet, too, and their promise lies
not only in "wire-speed" packet forwarding, but also in the ability to provision
sophisticated Internet protocol (IP) services to tens of thousands of calls per second,
all on a call-by-call basis.

Because of that promise, large telecommunications equipment makers have been on a
buying spree, acquiring makers of next-generation access routers since early this year.

In February, Alcatel USA, Plano, Texas, acquired access router maker Xylan Corp.,
Calabasas, Calif., for $2 billion. Xylan unveiled its Network Packet Access Concentrator
(Net-PAC) carrier-class IP routing products in April.

Image: Abatis Business Services Architecture

In March, Siemens AG’s new U.S.-based data networking subsidiary, Unisphere Solutions
Inc., Burlington, Mass., acquired startup access router maker Redstone Communications
Inc., Westford, Mass., for an undisclosed sum. Redstone shipped its first RX 1400 edge
router in April.

Also in April, Nortel Networks, Richardson, Texas, agreed to pay $340 million in stock
and cash to acquire Shasta Networks Inc., Sunnyvale, Calif., which plans to deliver its
Subscriber Service Gateway product by late summer. Only days before that, Ericsson Inc.,
Research Triangle Park, N.C., committed $450 million to acquire another next-generation
Internet edge router maker, Torrent Networking Technologies Inc., Silver Spring, Md.

The attraction in each case: a new packet-switching design that moves away from single,
centralized microprocessors and toward multiple, distributed microprocessors. The design
provides the foundation for products from Redstone, Shasta, Torrent, Xylan and other
"intelligent edge" access device makers, including Abatis Systems Corp.,
Vancouver, British Columbia; AccessLan Communications Inc., San Jose, Calif.; ArrowPoint
Communications Inc., Westford, Mass.; Ennovate Networks Inc., Boxborough, Mass.; and
Northchurch Communications Inc., Andover, Mass.

Some of those manufacturers, including AccessLan, Ennovate, Redstone, Torrent and
Xylan, initially are emphasizing their ability to aggregate tens of thousands of logical,
routed connections per physical connection at the service provider network edge.

Others, including Abatis, Arrow-Point, Northchurch and Shasta, emphasize their ability
to use that aggregation power to apply highly granular enhanced services to each
connection.

Both groups stake a claim to a more capable router for the service provider edge,
currently dominated by the 7500 series router from Cisco Systems Inc., San Jose, Calif.,
which they say depends on an overburdened, centralized, general-purpose reduced
instruction set computing (RISC) microprocessor for all access and routing functions.

As alternatives, these new access routers distribute multiple applications specific
integrated circuit (ASIC) microprocessors across fewer line cards and ports per ASIC and
dedicate the ASICs strictly to data forwarding, the basic process of searching route
tables for a packet’s destination address, then pushing it to the next logical router in
the chain.

"Every time I add a card, I’m adding processing, and there’s a high-speed bus
between the routing engine and port modules," says Russ Levesque, marketing vice
president, Excel Switching Corp., Hyannis, Mass., which combined forces this spring with
Rascom Inc., Salem, N.H., to release the EXS RAServer, an access router/switch designed to
deliver Class 5 voice and data access on the same hardware.

At the same time, the new routers employ separate RISC and ASIC processors that run
software for service-control computations more intriguing than pushing packets.

Image: Web Switching Architecture

These service-control tasks may encompass assigning varied class of service (CoS) or
encryption treatments, authorizing entrance into a corporate virtual private network
(VPN), assigning a "virtual router" with a private addressing scheme to each VPN
host company, enforcing contracted capacity ceilings on bursts in data traffic, applying
content filters to unwanted IP traffic or directing World Wide Web queries to multiple
sites simultaneously.

Such "hardware-assisted," personalized services will reside onboard the
routers in the form of "policy profiles for different customers," says Jayesh
Patel, vice president of business development, Northchurch. A profile, for example, might
provide tailored Internet access to a school, automating the provisioning of
1.5-megabits-per-second (mbps) access from 9 a.m. to 3 p.m., then lower-cost
64-kilobits-per-second (kbps) access during other hours.

With these new capabilities, the proponents say, service providers will gain new
revenues from premium IP services that are provisioned one subscriber at a time at the
edge then rocketed through the Internet core at the fastest fiber optic speeds.

"The edge will be critical for service providers to launch quality of service
(QoS), class of service and other value-added services for businesses and consumers,"
says Ron Westfall, research analyst in carrier infrastructure, Current Analysis Inc.,
Sterling, Va. He notes that international Internet service provider (ISP) UUNet, the
Internet arm of MCI WorldCom Inc., has projected it will need 100 edge devices for every
core packet-switching box it installs over the coming months and years.

Westfall believes that Cisco’s marketing and sales channel clout, along with its
end-to-end Internetworking Operating System software, substantially will protect its large
installed base at the edge. But, he says, "there will be a lot of growth beyond that
base, giving many of these players an opportunity for some foothold in the market, once
they’ve integrated and proved their technology with their new, larger parent companies’
product lines."

IP Centrex

In a nutshell, says Anthony Alles, co-founder and president of Shasta Networks, the new
access hardware architecture yields "IP Centrex–taking into the service provider
network the kind of services that end customers have, until now, had to develop and manage
at the endpoints outside of the network."

According to Alles, just as telephone Centrex systems (dominated by new Shasta parent
Nortel) house and manage corporate telephone systems and services from inside carrier
networks, the Shasta Subscriber System will enable service providers to house, provision
and manage services for tens of thousands of individual IP users.

"So we need to move service provisioning into the network and to automate it
through policy-based networking to achieve scale," Alles says, "This is really
about bringing Fortune 500 IP services and capacity to the mass market, including
small businesses and consumers."

To create this per-subscriber IP Centrex model, packet "switches" (the term
of art now used to describe routers that forward packets at wire speed) must be able to
examine a packet for more than its destination address. They must be able to open up
packets to discover increasingly granular information specific to each user.

"The subscriber edge is the only place where the network can have knowledge of the
customer and so the only place where you’re able to provision subscriber-specific IP
services and create value," says Clarence Chandran, president, Nortel Networks
Carrier Packet Solutions.

ArrowPoint Communications’ Content Smart web switch looks into a packet deeply enough
to provision "content VPNs" based on ascertaining the uniform resource locator
(URL) of a requested web address, how many copies of a particular web file are available
and on which server, as well as ascertaining a web session "cookie"–the user
and transaction ID specific to each web access session.

"With web transactions comprising up to 80 percent of Internet traffic, the old
definition of packets-per-second (pps) wire speed has to evolve to a definition of web
response time, encompassing URLs per second and flows per second, combined with the
average duration of those flows," says Ervin Johnson, director of product marketing,
ArrowPoint. And to exceed its current 20,000 URLs per second mark, ArrowPoint expects the
input/output speeds of its control-plane processors will have to scale 100-fold beyond
standard RISC chips to 1,000 millions of instructions per second (MIPS).

Shasta-Nortel and ArrowPoint are not alone in this pursuit of network-provisioned
services.

"The old general-purpose RISC processors are strained by speeds in the core
network, and they’re strained by sophisticated processes like service classification at
the edge of the network," says Redstone’s Engineering Vice President Chris Lawler.

Evolving RISC Management

Consequently, Redstone has moved stable forwarding functions into fixed ASIC hardware,
while employing a combination of software and programmable RISC processors to handle
evolving, less-stable functions, including VPNs and tiered service-class definitions.

For example, since IP prioritization and classification standards and implementations
remain in flux from provider to provider, some classifier functions must remain software
upgradable. So to control priority treatment for a high-, middle- or low-priority data
call, Redstone’s Edge Router employs a combined hardware-software "classifier
engine." The software looks inside a packet for a priority "tag," then
hands the tag to the classifier hardware, which conducts a classification database search
to determine the "case" into which the individual call fits. The hardware
returns a search result to the software, which then can drop the packet, mark it for
special treatment by routers downstream or assign it to a high-, middle- or low-priority
queue in the edge router itself.

"Functions such as buffer management, queue management and queue scheduling are
fairly common, fixed processes, so they can be fixed in ASICs," Lawler says.
"But the edge of the provider network is exposed to a lot of change and upheaval,
like the expanding range of DSL (digital subscriber line) encapsulation formats, so you
also need to provide flexible software to run on RISCs."

Mat Mathews, director of service provider product development, Xylan, echoes this idea.
"We’re evolving to a happy medium, casting functions down to silicon with help from
general-purpose processors that are updateable."

The dissociation of control chips from forwarding chips has enabled the new class of
edge routers to integrate a growing list of control functions onboard, including firewalls
for security, remote authentication dial-in user service (RADIUS) for private network user
authentication, dynamic host configuration protocol (DHCP) for encapsulation of private
network addresses into public network addresses and lightweight directory access protocol
(LDAP) for lookups of service level agreement (SLA) rules stored in policy servers.

"The goal is to help service providers make more money with the abilities to
terminate a lot of connections and to treat each customer very individually," says
Ennovate President Ian Mashiter. "We do some of the heavy lifting at the edge of the
network, where you don’t have terabytes of packets to sort."

"Particularly in DSL and other broadband access realms, by separating the control
and forwarding planes, you get into management of sessions, not just physical
connections," Mathews says. "And it’s in session management where lots of
enhanced revenue possibilities lie."

Cisco also claims these abilities for its 6400 Universal Access Concentrator, which, at
$55,000, supports 14,000 data sessions, 3,500 VPN connections and dynamic selection of VPN
access, Internet access, multipoint conferencing and other services. As to charges that
Cisco lacks distributed processors, says Tim McShane, the company’s marketing director,
DSL, "Our wire-speed switch silicon is three years old, and when appropriate, we have
separated forwarding for years. The real issues are whether you can support scale and a
range of services."

I Want My VPN

Arguing that a lack of distinguishable IP services has led to a situation in which 50
percent of service provider bandwidth accounts for only 12 percent of revenues, Abatis
co-founder and Marketing Vice President Adam Lorant says that provisioning of IP services
such as extranet VPNs, CoS, multiuser conferencing, commerce transaction management and
application time-sharing must be made "dynamic, easy to subscribe and unsubscribe to
and guaranteeable."

To achieve that, Abatis’ Enterprise Service Point access device (scheduled for
third-quarter release) will support policy-enabled service provisioning for individual
sessions via 64,000 point-to-point protocol (PPP), frame relay or asynchronous transfer
mode (ATM) queues.

"A three-point videoconference requires at least 24 policies, so manual
provisioning won’t work," Lorant says. Consequently, Abatis intends to employ
wire-speed policy lookups per data call to provision service attributes such as bandwidth
allocation, delay, delay variation (jitter) and security level. According to Lorant, any
developer will be able to create a conferencing or commerce transaction or other service
without having to understand CoS mechanisms or ATM virtual circuits, "because we’ve
abstracted the services layer from the network layer."

Abatis also intends to facilitate creation of publishing, wholesaling and retailing of
IP services, as well as contracting of the network resources to deliver each service.
According to Lorant, once a developer creates a service, an application service provider
(ASP) can publish the service just as web content is published; a service portal can
create a web "storefront" for point-and-click sale of the services; and a
network services contractor (using Abatis Unix software due at year’s end) can manage
network devices and establish paths through the network to guarantee delivery of the
service to the customer.

"A Microsoft [Corp.] could play the ASP role, and an America Online or MCI
WorldCom could play the portal role, all of them sharing revenues [based on data gathered
by a common object request broker (CORB) residing in the enterprise service point], and a
business consumer could find itself buying under any of those brands," Lorant says.

Indeed, Alles agrees that the IP Centrex approach can add up to a portal power play for
service providers. The services gateway "can enable service providers to create a
captive Internet services portal in the form of a gateway that has knowledge of both users
and the network," he says, "and all users must pass through that gateway."

Peter Lambert is features editor for PHONE+ magazine.