Chorus Layer 2 consultation paper

Layer 2 Product Roadmap Consultation Paper – WiFi and RGW

February 2019 Chorus Confidential Page 1

© Copyright Chorus 2019

Chorus Layer 2

consultation paper WiFi and RGW

The purpose of this document is to solicit feedback on

product features that allow Service Providers to provide WiFi and RGW functions using the Chorus ONT

Publication Date: Februart 2019

Document Number: Draft 0.1




Document Control Document Authorities

Document Details Name Title

Document Owner Peter Coleman Lead Product Development Manager

Author(s) Peter Coleman Lead Product Development Manager

Contributor Stephen Thom

Jana Kodali

Business Strategy Manager

Product Manager

Content Stakeholder Martin Sharrock

Richard Cowsill

Head of Network Technology

Head of Business Technology

Legal Review Carl Allwood Assistant General Council

Approval to publish Date Name Approval By

Approver Ed Hyde, Chief Customer Officer

Version History This table shows a record of significant changes to the document.

Version Date Author Description

0.1 16.01.2019 Peter Coleman Draft

1.0 05.02.2019 Peter Coleman First release

Document Review

This document will be subject to periodic review. It is the responsibility of the Document Owner to initiate and control the review process.

The next update is scheduled for March 2019, to include feedback from the consultation process

Copyright

Copyright © 2019 Chorus New Zealand Ltd

All rights reserved

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the prior written permission of Chorus New Zealand Limited.

This document is the property of Chorus New Zealand Limited and may not be copied without consent.




Contents 1. OVERVIEW ....................................................................................................................................... 4

2. BITSTREAM, RGW AND WIFI SERVICES ............................................................................................... 5

2.1. NGA SERVICES .................................................................................................................................... 5

2.2. WIFI REMOTE ACCESS SERVICE ................................................................................................................ 6

2.3. LAYER 2 WIFI SERVICE .......................................................................................................................... 6

2.4. RESIDENTIAL GATEWAY SERVICE ............................................................................................................... 7

3. THE 3RD GENERATION ONT ARCHITECTURE ........................................................................................ 9

3.1. FUNCTIONAL ARCHITECTURE OF THE 3RD GENERATION ONT ............................................................................... 9

3.2. MODES OF OPERATION ......................................................................................................................... 10

3.3. REMOTE MANAGEMENT GATEWAY ............................................................................................................ 11

4. MANAGING WIFI PERFORMANCE ....................................................................................................... 13

4.1. MANAGING CUSTOMER EXPERIENCE .......................................................................................................... 13

4.2. OPTIMISING WIFI EXPERIENCE ............................................................................................................... 13

5. WIFI AND RGW OPERATE MODEL CONSIDERATIONS ........................................................................... 15

6. OPEN ACCESS GATEWAY FUNCTION SPECIFICATION .......................................................................... 20

APPENDIX A GLOSSARY ........................................................................................................................... 21




1. Overview

Chorus is in the process of introducing a 3rd generation standard ONT (Nokia G-140W-

C) as part of our normal technology lifecycle process. This new ONT will support our

existing NGA GPON product suite (Bitstream 2, ATA Voice and Multicast) and start to

be deployed as the default standard ONT from March 2019. The 2nd Generation ONT

will continue to be deployed for Bitstream 3/3a Customers or where dual ATA services

are required.

Chorus’s hardware selection policy is to use off-the-shelf technology where possible, to

avoid ending up in technology cul-de-sacs that may have long-term support issues. As

such, the standard deployment of 3rd Generation ONT only utilises a subset of the

features available on the device.

In particular, the Nokia G-140W-C is deployed overseas in vertically integrated markets

and thus includes residential gateway and WiFi features, which are turned off when the

device is deployed as a 3rd Generation standard ONT.

We have had several requests from Service Providers as to whether they can offer

services using these features. In particular:

• The ability for Service Providers to use the Residential Gateway function;

• The ability for Service Providers to use the WiFi mode in conjunction with, or

separate to, the Residential Gateway function.

This paper looks at options and considerations for Service Providers to utilise these

functions on the Chorus 3rd Generation ONT. Any productisation and commercial

offering by Chorus of the new technical capabilities of the 3rd Generation ONT will be

subject to Chorus ensuring it complies with all its contractual and regulatory obligations.

The focus is on residential connections. While the 3rd Generation ONT can be used to

provide WiFi and RGW functions for SMEs, its primary focus is residential services.

We expect to introduce multiple ONT variants in the future to fit multiple market

requirements. Our expectation is that any services developed for the 3rd Generation

ONT will continue to be available on one or more of the future ONT variants.




2. Bitstream, RGW and WiFi services

Based on laboratory testing, the 3rd Generation ONT can support the following services.

Service Typical Service Provider market propositions

1 NGA services Internet broadband services, with a Service

Provider Residential Gateway (RGW).

2 WiFi Remote Access service A distributed WiFi subscriber service.

Provides a shared WiFi SSID that allows individual

devices to bypass a home network and securely

access a remote network, such as remote access

to a cloud or VPN.

3 Layer 2 WiFi service Cloud services, with all security and connectivity

managed within the data centre

4 Residential Gateway service Internet broadband services, using the ONT Open

Access Gateway function as a Residential

Gateway.

All four services can operate simultaneously, subject to physical and technical

limitations described in section 3.

2.1. NGA services

The 3rd Generation ONT can deliver our core residential and SME UFB bitstream

services, as shown below:

Figure 1. NGA services on the 3rd Generation ONT

NGA includes the following services:

• One or more Access-EVPL OVCs, each of which associates a single VLAN on a UNI

to a corresponding double-tagged VLAN on a E-NNI;

• An optional Multicast service, which is usually associated with an Access-EVPL

service; and




• An optional ATA Voice service, which comprises an ATA Port and SIP User Agent

attached to the Open Access Gateway function. This is then connected to a

corresponding double-tagged VLAN on an E-NNI using an Access-EVPL OVC.

The ATA Voice service requires the Open Access Gateway function to operate.

The 3rd Generation ONT does not support the followings UFB services or features:

• Bitstream3/3a;

• Bitstream 4 services;

• More than one ATA port; and

• Upstream ingress policer.

2.2. WiFi Remote Access service

The 3rd Generation ONT can deliver a WiFi Remote Access service, which allows multiple

Service Providers to offer a WiFi service over a shared WiFi access, as shown in the

diagram below:

Figure 2. WiFi Remote Access services on the 3rd Generation ONT

For the WiFi Remote Access service, the ONT acts as an Open Secure Wireless solution,

where the dual band SSID supports multiple independent network connectivity through

server certificate authentication.

A typical application is remote working using a BYOD device, where the device can

securely bypass the local home network and connect directly to the remote network.

Each device requires a specific certificate for their connecting, issued by the Service

Provider to the specific End User device. Authorisation is handled through 802.1x, with

requests proxied (via the Wireless LAN Gateway and AAA) through to the Service

Provider AAA based on realm/domain name/certificate.

The Service Provider authorises the device and manages the association to the Service

Provider VPRN (Virtual Private Routing Network). All traffic is device to Service Provider

and vice versa, i.e. there is no device to device routing.

As part of the authorisation process, the Wireless LAN Gateway may allocate an IP

address from a Service Provider IP address pool.

2.3. Layer 2 WiFi service




The 3rd Generation ONT can deliver basic Layer 2 WiFi services, as shown below:

Figure 3. Layer 2 WiFi service on the 3rd Generation ONT

The Layer 2 WiFi service comprises a single Access-EVPL bitstream service that is

associated to a single-band WiFi SSID.

All devices that connect to the SSID are associated with a single VLAN at the WiFi UNI

and all Ethernet frames are encapsulated in an 802.1ad frame and transported to the

E-NNI. Layer 3 functions, such as IP address allocation, are managed within the Service

Provider domain.

This suits a cloud model where all user/device security is managed within the cloud

infrastructure.

2.4. Residential Gateway service

The 3rd Generation ONT can deliver a single Residential Gateway service, as shown

below:

Figure 4. Residential Gateway services on the 3rd Generation ONT

For this service, a single Access-EVPL service is connected to the Open Access Gateway

function, which is then associated to the following ports:




• ATA port;

• UNI, ports 1-3 (port 4 is reserved for a secondary service);

• Dual band SSID. This will default to the SSID printed on the side of the 3rd

Generation ONT, and can be scanned directly by compatible Mobile devices to

automatically WiFi connect to the Residential Gateway function.

The Service Provider can configure the Residential Gateway features and attributes of

the Open Access Gateway function via the Remote Management Gateway..

The Customer can also configure the Residential Gateway features and attributes of the

Open Access Gateway function using a local Web GUI.

It is not possible to configure or change the NGA, Layer 2 WiFi or WiFi Remote Access

services through these interfaces.




3. The 3rd Generation ONT architecture

The 3rd Generation ONT is a flexible device that can be configured to support a variety

of services.

This section provides an overview of the architecture and subsequent limitations in

supporting multiple services.

3.1. Functional architecture of the 3rd Generation ONT

The following diagram shows the core functions of the WiFi ONT that can be coupled

together to provide broadband solutions, noting that this is a functional rather than a

technical architecture:

Figure 5. The 3rd Generation ONT architecture

Function Description

Switch The switching function bridges the SSIDs, UNIs, ATA, Open Access

Gateway function and GPON functions together to form broadband

solutions




Function Description

Open Access Gateway

Function

The Open Access Gateway provides standard Residential Gateway

and routing functions that can be combined with an Access-EVPL

to connect to the Service Provider.

Customer-facing UNIs, SSIDs and ATAs can be bridged to provide

Residential Gateway capability to the End Customer.

There is only one Open Access Gateway function per ONT, i.e. only

one Service Provider can use the Open Access Gateway function at

any time.

GPON The GPON provides connectivity upstream to the OLT, i.e.

connects to Access-EVPL to the OLT.

UNI The Customer facing 10/100/1000Base-T Ethernet port, which

terminates the Layer 2 OVCs.

The G-140W-C supports four 10/100/1000Base-T Ethernet ports.

ATA The Analogue Telephone Adaptor (ATA) port and associated SIP

User Agent.

The SIP User Agent must be bridged to the Open Access Gateway

function to operate.

The G-140W-C supports a single ATA port.

WiFi UNI The G-140W-C WiFi UNI comprises two concurrent WiFi radios,

each with four SSIDs.

• 2.4 GHz 802.11 b/g/n 2x2 MIMO; and

• 5 GHz 802.11ac 2x2 MIMO

Single band SSIDs consume one SSID.

A dual-band SSID consumes one 2.4 and one 5 MHz SSID.

3.2. Modes of Operation

The third Generation ONT can be configured in two modes, which change what ports

are associated with the Open Access Gateway (OAG), as shown in the table below:

Mode NGA Ports Layer 2 WiFi Hotspot OAG

Standard Port 1 UNI

Port 2 UNI

Port 3 UNI

Port 4 UNI

3 x 2.4 GHz WiFi

3 x 5 GHz WiFi

1 x 2.4 GHz WiFi

1 x 5 GHz WiFi

ATA Port

RGW Port 4 UNI 2 x 2.4 GHz WiFi

2 x 5 GHz WiFi

1 x 2.4 GHz WiFi

1 x 5 GHz WiFi

ATA Port

Port 1 UNI

Port 2 UNI

Port 3 UNI

1 x 2.4 GHz WiFi

1 x 5 GHz WiFi

Changing between modes requires the ONT to be rebooted, resulting in a service outage

on all services on the ONT.

A service provider can configure ports associated with the Open Access Gateway, e.g.

turn off port 3 UNI when in RGW mode, but has no visibility or control over ports not

associated with the Open Access Gateway, e.g. cannot see or change Port 4 UNI or the

WiFi Remote Access WiFi services.




3.3. Remote Management Gateway

The Open Access Gateway function is currently used for NGA Voice, as shown in the

diagram below:

Figure 6. Configuring and managing the Open Access Gateway function

Service Providers can configure the ATA Voice SIP client through the Open Access

Gateway Function by using in-band TR-069 from their Auto-Configuration Server (ACS).

However, TR-069 is not a suitable remote management solution for wholesale RGW and

WiFi services:

• There is only a single TR-069 client supporting multiple services from different

Service Providers. This is particularly an issue for WiFi Remote Access, where

the Service Provider may not be providing the primary fibre service to the

premises.

• TR-069 can be constrained to manage specific services, but this would create a

differential between remotely managed and remotely unmanaged services.

• Not all remote management features of the ONT are accessible via TR-069;

Chorus proposes introducing a new Remote Management Gateway function, as shown

in the diagram below

Figure 7. The Remote Management Gateway

The Remote Management Gateway will allow Service Providers to monitor, control and

configure all services on the ONT. Service Providers will be able to access and change

their subscribed features and attributes via APIs through the Chorus API Digital

Gateway.

The Remote Management Gateway performs the following functions:

• Security, so Service Providers have visibility and control over their subscribed

services, but do not have any visibility of other Service Provider services on the

same ONT;




• Hardware abstraction, allowing us to introduce new ONT variants with the same

and new features and attributes, without impacting how Service Providers

monitor, control or configure their services;

• Access to a suite of rich provisioning and assure management functions; and

• Feature abstraction, allowing us to seamlessly develop and introduce new

services or remote management features over time.

The Remote Management Gateway will change the way NGA Voice services are

configured and manages as follows:

Figure 8. NGA Voice using the Remote Management Gateway

The introduction of the Remote Management Gateway will result in NGA Voice services

being configured and managed using APIs rather than TR-069. This should result in

improved scaling, but will mean a change. Ideally we would use the Remote

Management Gateway for all existing NGA services, as well as new ones, i.e. we do not

want a hybrid of remote management solutions.

Chorus sees the Remote Management Gateway as critical for reducing long term

complexity for Chorus and Service Providers. We would be interested in any feedback

regarding concerns, issues or suggestions regarding:

• Changing NGA Voice configuration from TR-069 to APIs from a technical

perspective;

• Retrospectively migrating existing NGA Voice services to use the Remote

Management, and how this might be done;

• Any additional remote management features or attributes you may be interested

in.




4. Managing WiFi performance

Wireless, both inside the home and generally, provides a number of key benefits to end

users. It provides a simple, easy way for Customers to connect the device they are

using to their home gateway, and provides a degree of mobility.

However, it can also act as a limiting factor in their experience. The primary function

of wireless is to provide connectivity between an End Customer device and the

designated ‘wired’ connection. However, if the speed between the device the wired

connection is slower than the speed available at the wired connection then the customer

will be limited by the slower wireless connection.

The Chorus 3rd Generation ONT includes two concurrent WiFi radios as follows:

• Wireless 2.4 GHz 802.11 b/g/n 2x2 MIMO, supporting speeds up to 250 Mbps;

• Wireless 5 GHz 802.11ac 2x2 MIMO, supporting speeds up to 500 Mbps;

However, actual wireless speeds observed on an individual device at a particular time

can vary significantly based on a number of factors, including the premises’

environmental conditions, the type of the device trying to connect, the distance and

topography between the device and the 3rd generation ONT and the number of devices

trying to use WiFi simultaneously. Also, WiFi is half-duplex, meaning that only one

direction can be transmitting at a time.

4.1. Managing Customer experience

A key challenge with broadband, and WiFi in particular, is closing the gap between

customers’ speed expectations and their ability to experience or observe these expected

speeds.

As an industry, we cannot expect the majority of customers to understand the

limitations and characteristics that impact their actual or observed broadband speed

without assistance. The onus is on us to manage these expectations by creating the

right conversations up front and to support these conversations with consistent

behaviour, messaging, education, information and tools, as follows:

• Set expectations up front;

• Provide the information or capability for the customer to optimise their

experience;

• Managing customer queries about speed and performance once they are using

the service;

• Educating the customer on how to get the most out of their broadband and WiFi

experience; and

• Providing training and support material, both internally and to customers.

4.2. Optimising WiFi experience

WiFi presents a number of unique challenges in optimising speeds.

Positioning of WiFi sources

The relationship between the End Customer device and the location of the WiFi source

is critical to providing the best experience.

The installation and position of the default position of the Chorus ONT is, by necessity,

a compromise between physical installation requirements and performance. The

preferred location close to the television, so as to be close to where the individual users

tend to be, but Customers can request it be installed elsewhere.

Care must be taken to avoid blocking the Wi-Fi signal between the WiFi access point

and the devices connecting to it:




• Avoid placing it in a cupboard or putting it directly behind something that may

weaken the signal, like an aquarium;

• Avoid placing it on the floor or too close to the ground; and

• Ensure there is a clear path between the WiFi device and the WiFi source;

WiFi strength throughout a house will vary based on distance, interference or any

material between the device and the WiFi router. For example:

• Wood and plaster have a low potential of limiting the WiFi signal;

• Water, bricks, marble or some cordless phones have a medium potential of

limiting the WiFi signal;

• Concrete, microwave ovens and particularly metal have a high potential of

limiting the WiFi signal.

Given these constraints, a WiFi mesh network is the recommended solution for

maximising WiFi connectivity within the premises.

Use wired when applicable

If speed is more important than mobility, it may be preferable to connect the device

using a wired Ethernet connection. Wired connections generally provide fast, reliable

and consistent speeds between the device and the local gateway.

Age of devices

Older devices may slow the WiFi experience by dropping down to a slower WiFi speed,

which will then affect all other devices connecting to the WiFi access point.

To avoid such constraints, customers should consider upgrading older devices to the

latest standard and constraining the WiFi source to the latest standards.

Running multiple wireless networks

Running multiple wireless networks may result in interference, confusing devices or

reducing speeds. This includes non-WiFi networks, such as cordless phones, baby

monitors or interference from microwave ovens.

Where possible, networks should be set to separate channels or even turned off, when

not in use.

WiFi sources may use multiple channels (e.g. 2.4GHz and 5GHz) to support multiple

devices. The 5GHz channel is faster, although with a more limited range. If range is not

an issue then turning off the 2.4GHz channel will ensure devices only connect via the

fastest channel.

Observable speed

The maximum speed observed by an End User will be less than their connect speed.

For example, the maximum observable speed on a typical speed meter is about 80-

90% of the physical connect speed due to packet encapsulation and protocol overheads

such as Ethernet preamble, frame delimiters and inter-frame gaps

There is no guarantee that Customers on a particular device will observe this speed for

any sustained period as their experience will be determined by a number of external

factors including, but not limited to, End User applications, sustained WiFi performance,

Service Provider network and the location and performance of the content they are

accessing.




5. WiFi and RGW operate model considerations

The following covers some of the items that need to be considered as part of the

development for using the WiFi and RGW. We would welcome feedback on these items,

or any other items we may not have considered.

Item Mode Considerations

Location of the

ONT

WiFi

OAG

The physical location of the ONT compared with the wireless

devices accessing it can have a significant impact on WiFi

performance.

The default installation position of the 3rd Generation is

attached to the wall, behind the television, although individual

installs can differ at the request of the homeowner.

Initial lab testing has indicated that the default position and

orientation of the 3rd Generation ONT provides good WiFi

performance, although this may be reviewed over time.

WiFi optimisation WiFi We may need to consider how we, as an industry, support WiFi

optimisation, e.g.:

• Customer education, such as collateral or videos;

• Help Desk functions;

• Optimisation as a service;

• Offering WiFi mesh services.

WiFi Mesh WiFi

OAG

Modern households tend to have multiple simultaneous users

and devices operating concurrently, and this trend is expected

to continue. A key challenge is how to provide stable, high-

performing reliable WiFi throughout the Customer premises

from a single Residential Gateway + WiFi device.

One solution is a WiFi Mesh. A wireless mesh network

comprises multiple access points organised in a mesh topology

that allow a WiFi network to be easily extended throughout a

premises.

We need to consider how to make WiFi Mesh solutions easily

available to customers, e.g. as an add-on service.

WiFi assure tools WiFi Telecommunications are moving to analytics-driven networks

and WiFi is no exception. WiFi analytics provide a rich source

of raw data about how individual devices are accessing and

using WiFi.

We are looking at solutions that can take WiFi analytical data,

interpret it, and present it to Chorus technicians, Customers

and Customer Care representatives in an easy to understand

manner. This will enable customers and Service Providers to

identify, analyse and resolve customer experience issues.

This is expected to evolve over time. We need to consider:

• Extending this capability to WiFi Mesh, noting this may

be vendor-specific;

• Providing access to information, such as APIs or

portals;

• The ability to learn and evolve such solutions over time.





Standard mode vs

Open Access

Gateway mode

Standard

OAG

Standard mode is for:

• Service Providers who want to consume a standard

bitstream 2 service and provide their own RGW;

• If multiple secondary bitstream services are required;

• Allows simultaneous operation of NGA, Layer 2 WiFi

and WiFi Remote Access services.

Open Access Gateway mode is for:

• Service Providers who want to offer an internet service

without providing their own RGW;

• A maximum of one secondary bitstream service is

required;

• Allows simultaneous operation of RGW, Layer 2 WiFi

and WiFi Remote Access services.

Web GUI

branding

OAG For the Residential Gateway service, Customers can configure

the RGW functions via the Open Access Gateway web portal.

We have not looked at what branding options are available for

this GUI, e.g.:

• Vendor (Nokia);

• Vendor + Chorus;

• Vendor + Chorus + Service Provider

SSID

Management

OAG The SSIDs associated with the Open Access Gateway function

will default to the SSID on the QR label on the ONT. This QR

code allows compatible mobile devices to scan the QR code

and automatically connect to the Open Access Gateway SSID.

Service Providers can change this SSID via the Remote

Management Gateway, noting that this would mean the QR

label on the ONT would no longer work.

Customers can change the SSIDs using the web GUI.

It is not possible to add additional SSIDs.

Migrating from

standard mode to

Open Access

Gateway mode

Standard

OAG

Switching between architecture modes requires the ONT to be

remotely rebooted, resulted in a 1-2 minute outage for all

services on the ONT.

Switching from Standard to Open Access Gateway mode will

require the Service Provider ACS to subsequently configure the

RGW functions prior to the Customer using them.

As switching between mode results in a significant reallocation

of the port association, it will be necessary to confirm service

compatibility both before and after the switch, to ensure

service continuity.





Identifying if a

Customer has a

compatible ONT

All We are looking at several options for advising whether the

Customer has a compatible ONT installed:

• Chorus Portal/B2B will be updated to advise current

services and basic ONT information.

• Introduction of APIs to advise:

o The number and IDs of ONTs installed at a

location;

o The number of ports (WiFi/UNI/ATA) in use on

a particular ONT;

o The number of ports, or other features,

available in a particular ONT.

Note that the number of connected services and

used/available port association can change if the ONT is

switched between standard and open access gateway modes.

Therefore it is important to have access to near-real-time

information on ONT compatibility.

Changing a

Customer ONT

All Service Providers need to be able to request that a compatible

ONT be installed, if the current installed ONT is not compatible

with the service they wish to offer.

The ONT can only be replaced if the new ONT is compatible

with ALL services offered at the premises.

The assumption is that Service Provider orders an

incompatible service that triggers the need (and truck roll

schedule) for ONT replacement.

Note that if multiple devices are compatible with the requested

services then Chorus would choose which device to install.

ONT Capacity /

resource shortfall

All We need to consider what happens if a service is ordered that

cannot be fulfilled due to resource shortage. In this scenario

the ONT is compatible but may not have sufficient ports or

resources to complete the request.

For example, ordering a second ATA voice service on a 3rd

Generation ONT, or ordering a second secondary NGA

bitstream service on a 3rd Generation ONT set to Open Access

Gateway mode.

Possible options include:

• Identify shortfall prior to order submission. This may

be difficult to do based on the current system

interaction, as currently device capacity is not checked

until the order is submitted.

• Reject orders due to ‘insufficient resources available’.

The Service Provider can then choose to request an

ONT upgrade, an alternative service or an additional

fibre connection.

Configuring the

ONT via the

Remote

Management

Gateway

OAG Service Providers can configure the Open Access Gateway

function via the Remote Management Gateway.

The detailed commands and features will need to be

investigated.

WiFi Remote

Access Status

Hotspot WiFi Remote Access may require specific diagnostics to

support troubleshooting connections, including connection

status, WiFi status, performance and connectivity.





Creating and

distributing

device certificates

Hotspot The WiFi Remote Access Service Provider would create and

manage certificate promulgation, although Chorus could

create these certificates on their behalf.

These then need to be loaded on each authorised device.

Onboarding as a

WiFi Remote

Access Service

Provider

Hotspot WiFi Remote Access onboarding will need to consider:

• Process for creating and distributing device digital

certificates;

• AAA proxy establishment;

• IP or pure Ethernet connectivity. If IP, then IP Address

pools will need to be assigned by the Service Provider

WiFi Security WiFi

Hotspot

WiFi is, by its nature, less secure than physical connectivity

and several security protocols will need to be managed:

• Layer 2 WiFi and Open Access Gateway supports WPA,

WPA-PSK/TKIP, WPA2, WPA2-PSK/AES secure access.

• Layer 2 WiFi Layer 3 functions, including security,

would be managed within the Service Provider domain.

• The Open Access Gateway provides a number of

standard RGW security features.

• WiFi Remote Access uses 802.1x with device digital

security.

We need to look at identifying what devices are connected to

a WiFi node. The Open Access Gateway will likely provide this

information to Service Providers via the Remote Management

Gateway and Customers via the Web GUI, however this needs

to be confirmed.

RGW Security OAG The Open Access Gateway contains a number of security

features, as described in section 6.

Chorus undertakes standard security testing on all network

devices, including ONTs, prior to deployment. This has

currently only been undertaken in the standard architecture

mode, but this will also be undertaken for WiFi and Open

Access Gateway mode.





ONT roadmap All Chorus expects to introduce additional ONT types in the future,

which may have different features and attributes that

constrain what services they can support. For example, we

would expect to have the following ONTs available in our

network in late 2020:

• 1st Generation ONT;

• 2nd Generation ONT

• 3rd Generation ONT;

• Business ONT;

• Power over Ethernet ONTs

• SFP ONT (two generations);

• 10GPON standard ONT;

• 10GPON SFP ONT.

This will increase the importance of understanding what

device is currently installed in a premises, and how it is

currently configured. Where possible, functions to support

this will be genericised, so that it can support additional

services features in the future

Customer

Experience

All The features described above will create challenges around

customer experience and Business Support System business

logic complexity.

For example, if a customer requests a feature that requires a

replacement ONT, or even a new fibre install, it is important

to set the right expectations up front.

With multiple ONT types, with different functionality and

number of ports, means that the possible permutations will

increase and we need to work together to try and mitigate both

the customer experience implications and avoiding adding too

much complexity into support systems to manage this

experience.




6. Open Access Gateway function specification

Open Access

Gateway Function

Configuration and Management

Remote Management Gateway

Web GUI management

Physical Interfaces Four RJ-45 10/100/1000 Ethernet port with auto negotiation and

MDI/MDIX auto sensing

One POTS ports for carrier grade voice services

Two USB 2.0 ports, accessible to all LAN devices

WiFi Wireless 2.4 GHz 802.11 b/g/n 2x2 MIMO

Wireless 5 GHz 802.11ac 2x2 MIMO

64/128 WEP encryption

WPA, WPA-PSK/TKIP

WPA2, WPA2-PSK/AES

Multiple SSIDs

ONT

Characteristics

Built-in layer 2 switch; Line Rate L2 traffic

4 external/internal antennas: 2 for 2.4G and 2 for 5G

WLAN on/off push button

WPS on/off push button

LEDs on/off push button

Reset button

Ethernet Traffic classification and QoS capability

VLAN tagging/detagging and marking/remarking of IEEE 802.1p per Ethernet port.

Forward Error Correction (FEC)

Frame Check Sequence (FCS) error counter

Ethernet-based Point-to-Point (PPPoE)

Traffic classification and QoS capability

Routed mode per LAN port

ATA Voice SIP voice support

Voice Services via Session Initiation Protocol (SIP)

Multiple voice Codecs

DTMF dialling

Echo cancellation (G.168)

Fax mode configuration (T.30/T.38)

Caller ID, call waiting, call hold, 3-way calling, call transfer, message waiting

Open Access

Gateway Function features

Triple-Play services, including voice, video and high speed Internet access

IP video distribution

DHCP client/server

DNS server/client

DDNS

Port forwarding

Network Address Translation (NAT)

Network Address Port Translation (NAPT)

UPnP IGD2.0 support

ALG

IGMP snooping and proxy (v2/v3)

Performance monitoring and alarm reporting

IP/MAC/URL filter

Multi-level firewall and ACL




Appendix A Glossary

[If needed, noting this document introduces a number of new terms]

Item Definition

Documents

Chorus Layer 2 consultation paper