a W h i t e P a p e r s e r i e sTwo Highwood Drive

Tewksbury, MA 01876

978.640.1970tel

978.640.1971fax

Convergent Networks'

Service-Enabling Architecturewww.convergentnet.com

Convergent Networks' Service-Enabling ArchitectureFor most people, the debate about the network of the future has been a debate abouttechnology. Certainly technology will form the basis of any future network, as it does for all theexisting ones, but technology won't justify the future network, or shape the applications businessesand residential users will run on that network. The network of the future will be about services, thebundled sets of communications features that carriers sell and everyone consumes. If the futureof networking is to be really different from the present, it must be different in the area of services.

What makes the future of networking complex is that the services we can expect aren'tcompletely formed by new demands of users. We can't envision exactly how we'll relate to futurenetworks. After all, who could have predicted the Internet phenomena in 1980s, or even 1990?New application demand will certainly impact the network of the future, but so will the changingregulatory view of communications, business changes, andyestechnology.

There are many things we can't predict about the future of network services, but two things areclear. First, the public voice services we've all depended upon in business and everyday life mustbe maintained and enhanced. Voice telephony is virtually the only technology-based resource inour lives with over a century of success behind it. Second, non-telephony services will be primarilybased on an IP interface. Personal computers are the only pervasive information appliancecapable of supporting new information services, so it makes sense to assume that services willfirst exploit those PCs, whatever their final application might be.

Can a single service architecture, a single image of the way that intelligence is added totransmission to create business and personal communications, support both these future truths?We think one can. We at Convergent Networks have created a vision of future networking that iscompelling and complete, one that bridges voice and data, past and future. We're excited about itspotential, and we'd like to share our vision and our excitement with you.

The notion that the telecommunications industry is converging on a single technology is veryappealing in an age where choices and complexity seem to be multiplying. Like many appealingconcepts, though, it's not really valid. We have been operating for decades on a "converged" viewof the public network; one based on time-division multiplexing or TDM. We may, at some point inthe far future, converge again on a different technology. In the near term, however, we are morelikely to experience divergence, as networks react to the variety of pressures being exerted onthem.

The first pressure is demand changes. Voice telephony has shaped our relationships with oneanother for a century. Ten years ago, no one would have dreamed that a public data networkbased on IP could change the way we learn, buy, sell, and even relate to one another. Today,while the full impact of the Internet is yet to be known, it is clear that a new form of communicationshas arisen alongside voice.

A Convergence of Forces Before a Convergence in Technology2

Convergent Networks' Service-Enabling ArchitecturePublic data communications such as the Internet could eventually generate tens of billions ofdollars in carrier revenues. Already, the Internet has launched a new breed of service providerthe Internet Service Provider or ISPand these new providers have dodged the incumbencies ofcurrent carriers to build new customer relationships. Other "new" service providers are followingthe IP service model to enter more traditional markets, even voice telephony. It's clear thatincumbent carriers will have to respond with their own services if they want to stay competitive,and in control of their key accounts.

The new competitive environment worldwide is the second market pressure. In the localexchange space, in particular, carriers have enjoyed the status of a protected monopoly. Thatstatus is now being eroded by regulatory shifts and new and more aggressive public policy goalsto create better and different services.

The competition being created is both positive and negative for new players. On the onehand, new carriers can now compete for the full spectrum of telecommunications servicerevenues. That opens the enormous public voice market to all players. On the other hand, theymay be forced to compete in all areas of telecommunications simply to remain credible withbuyers. That may require them to make large new infrastructure investments.

Competitive pressure will be felt most in voice telephony. Today, service providers earn over80% of their revenues and profits from voice, but according to market research done by CIMICorporation, voice services will account for only 20% of profits by the year 2010. Despite this,service providers will be forced to offer voice services as a part of a broad-based package tousers, or bulk discounts across multiple services offered by other providers will drive them from themarket.

The third pressure on the networking market is regulatory change. As in all things, the devil intelecommunications reform is in the details. The specific way in which regulatory bodies open newopportunities, deal with complex issues like wholesaling of facilities, and define the ways thatpublic interests in stable networks are balanced with competitive needs to introduce new networkelements, will largely determine the pace and direction of near-term network evolution.

In the US, the key regulatory trend is the demand that the incumbent local exchange carriers(primarily the RBOCs) open their networks for competitors in return for being allowed to enter thelong-distance market without restrictions. This will launch a minimum of three new full-servicecompetitors in the public network spacecompetitors with unique access to each customer via thelocal loop.

The key development in the regulatory space is the drive to break the RBOCs up into awholesale (ILEC) and retail (CLEC) pair. This would open existing infrastructure to competitorsmore quickly by making the RBOC's own CLEC subsidiary, in effect, a wholesale customer likeother CLEC competitors. It would also eliminate the current price/discount advantage CLECsoften receive because the incumbent RBOC must sell services at a tariff rate and the CLEC canprice as they desireeven if they wholesale the service elements from the RBOC! Such a change3

Convergent Networks' Service-Enabling Architecturewould force CLECs to deploy technology to add value in the services area, in order to continue tocompete.

This brings us to the final pressure, the pressure of new technology. Using digital subscriberloop chip sets, competitors can convert simple copper loop to a multi-megabit data or multi-serviceconduit. Never before in the history of networking has it been possible to provide network userswith more access bandwidth than current applications demand. That opens the possibility ofselling users new applications without the usual long provisioning delay.

It is the flexible nature of access bandwidth based on DSL that changes the nature of futurenetwork technology at the core level. With an increase in users' consumption of tactical orspontaneous data applications comes an increased demand for flexible core network resources.

What links these four factors; what solves the problems they present? It is the concept ofservices. Demand, competition, regulatory trends, and technology trends will interact to createbuyer and seller chaos without a model of services that can unify all of the forces. A unifiedservice concept can bridge the differences in infrastructure that ISPs, CLECs, RBOCs, and IXCswill inevitably generate as they pursue their own opportunities in their own way, providing buyerswith a single public network for voice and for data.

Creating a unified service model is more difficult than it may appear. The only two ubiquitouspublic network services todaypublic switched voice and the Internetare created withinfrastructure that is directly linked to the service. An ATM or IP network could create"connections" but not provide all the voice features of the public telephone network. An ATMswitch could pass IP traffic, but not create all of the services of the Internet. Adding a set ofapplication-facilitating features to a network that provides basic connectivity creates services. Aservice model must support all the connectivity networks, all current voice and data features, andalso provide a rich platform for feature enhancement. It's a daunting task.

Daunting, but one we've completed.4

Convergent Networks' Service-Enabling ArchitectureFigure 1 shows a view of the network of the future that seems so familiar that it's hard to find itinteresting. A network is built around a transport core built on some technology that offers efficienttraffic movement. At the edge, an access layer provides integrated digital connectivity to the usersof the network. Between the two is a service layer where the features of each service reside.Most readers of network trade publications have seen this model a hundred times or more.

Figure 1: The Layers and Missions of the 21st-Century Network

What's interesting is that most vendors appear not to have taken it seriously. Today'sequipment for building networks normally carries forward the same practice of integrating servicefeatures into transport or access network elements that have characterized networks for a century.

What the "onion" model of networks shows clearly is that service networks of any sort have tobe viewed as layered protocols under the OSI model. Each "layer" links to its neighbors using astrict set of rules or standards, and each layer is free to evolve at its own pace as long as itslinkages to its neighbors are maintained. In OSI terms, there is a boundary layer between each ofthe major OSI layers that define the rules by which information is passed between them.

The service layer is such a boundary layer. It is the part of the network that creates the rulesthat define both interaction among network technology layers, and interactions between networkand user. A network created with a flexible service layer model can support any access ortransport technology that can create service connections at the desired level of quality. Theservice layer provides the glue that links tomorrow's networks together, and lets them respond tothe pressures outlined previously. An example can illustrate this role.

Reconciling Network and Service Evolution

The Last Mile connection to theThe Last Mile connection to thecustomer; xDSL, fiber, wireless,customer; xDSL, fiber, wireless,analog copper, etc. Multi-serviceanalog copper, etc. Multi-servicein nature, and so lacking in servicein nature, and so lacking in servicefeatures.features.The network core, optimizedThe network core, optimized

for traffic-handling on a largefor traffic-handling on a largescale, and supporting manyscale, and supporting manydifferent users and applications.different users and applications.Based on DWDM, ATM, MPLS,Based on DWDM, ATM, MPLS,or other multi-service tech-or other multi-service tech-nologynology, it is also without service, it is also without servicefeatures.features.

The point where every sellable,The point where every sellable,billable, service is created bybillable, service is created byadding features to connectionadding features to connectionresources and transport facilitiesresources and transport facilities5

Convergent Networks' Service-Enabling ArchitectureFigure 2 shows a simple ATM network, a "cloud" to which users are attached. Each user hasan ATM address to represent its portal onto the network, so each user could create an SVC toconnect to partners. To make this into telephone service, a service layer is needed to first adaptthe user's preferred phone instrument to ATM transport, and then analyze the digits being dialed toseparate those representing requests for a special service (like last number redial) from simplerequests for connection. If this service layer performed these special services, and also providedany number translation required for things like 800 calling, the ATM network could appear to usersas a voice network.

Figure 2: Agents at the Service Edge Turn ATM into PSTN

A similar model works in the data network space. If the service layer receives IP packets andseparates out "control" packets like requests for logical name to IP address translation, theservice functions of IP could be performed here outside the ATM cloud. This layer could alsoprovide a translation of IP address to ATM for the creation of network paths to support IP flows.The service layer could make an ATM network appear as a public IP service.

This model also illustrates the benefit that service-layer-based networks bring to the additionof new service features. If a service provider desired to offer a new voice calling feature such as"follow-me-call-forwarding" or one not yet popularized like "selective do-not-disturb") the featurescould be added to the service layer alone, without impacting either access or transport core. Thiswould insulate the majority of network technology investment from the service change, reducingthe risk that adding the service would impact other services, and facilitating rapid introduction ofservices to meet user demands, and earn more revenue.

ATM Core

An incoming PSTN call is received at the serviceAn incoming PSTN call is received at the serviceedge of the network (1), and the called number isedge of the network (1), and the called number isconverted to an ATM Q.2931 address through aconverted to an ATM Q.2931 address through adirectory service request (2).directory service request (2).

A call is then placed to the specified ATMA call is then placed to the specified ATMaddress (3), which represents a service functionaddress (3), which represents a service functionat the called party location.at the called party location.

At the called partys service edge,At the called partys service edge,the ATM call is received (4). The originalthe ATM call is received (4). The originalcaller information is exchanged withcaller information is exchanged withthe calling service edge, and the call isthe calling service edge, and the call isthen completed to the destination (5).then completed to the destination (5).

1

2

3 4

5

Service Layer

Database

Agent

Agent6

Convergent Networks' Service-Enabling ArchitectureThis model draws from experiences in both telephony and the Internet. Individual services aresupported from "repositories of features" that could be Internet Domain Name Servers (DNSs) ordirectories, or Advanced Intelligent Network (AIN) voice Service Control Points (SCPs). Theservice-layer-to-user relationship is an intelligent service agent that speaks the language of theuser and translates user requests for service into specific network commands, much as a "callmodel" does in telephony, or a "proxy agent" does in data networking.

As service providers worldwide respond to the four pressures defined earlier, they will createnew networks either in parallel with their existing ones, or as "green fields" to support a newmarket. These new networks will probably be focused on meeting a new kind of servicedemandsomething like IP Virtual Private Networks (VPNs), or enhanced voice services. Manyof these networks will be single-service networks, reflecting the early state of the market.

As time passes, the profit growth in these new service areas will fuel expansion of theseservice-specific networks, and their cost of transport will decline. At the same time, competitionwill force single-service providers to expand their repertoire of services. The single-servicenetworks will become multi-service networks.

The question is how will the service provider respond? A network approach that integratesservices with access and transport will supply future service needs only if the network was builtfrom the start with the mission of multi-service support, and only if that mission was properlyfulfilled by the equipment vendor or vendors. Orif the service provider has adopted a service-layer approach to networking.

With service-layer networking in place, service providers will be able to respond to all serviceopportunities from a common access/transport infrastructure position. They'll be able to addservices to create new revenue opportunities, differentiate from competitors, support newapplication types, and respond to technology-driven shifts at the consumer level. They, and theirusers, will be free to exploit the promise of 21st century networking.

The concepts of service layer operations can be found even in service-specific networkarchitectures like the Internet and the public switched telephone network, as we've already noted.What is required for 21st century networking is a reformulation of these principles and concepts toreflect the four pressures impacting service providers.

The Service-Enabling Architecture7

Convergent Networks' Service-Enabling ArchitectureFigure 3 shows Convergent's Service-Enabling Architecture (SEA), the first architecture toprovide just that reformulation. SEA reflects the nature of access network and transport/corenetwork evolution, as well as the changes in the business and regulatory forces that drive serviceproviders. Finally, SEA reflects the changes in the nature of demand, the opportunity engine thatdrives network progress. With SEA, new problems or opportunities presented to thecommunications user can be addressed with a new service set. This maximizes service providerrevenues and user benefits at the same time.

Figure 3: Convergents Service Enabling Architecture

The major challenge of tomorrow's network will be the divergence of technologies andmultiplicity of providers created by the interaction of the market pressures described earlier. It iscrucial that users are protected from the impact of these changes. This is accomplished in SEA byintroducing a number of intelligent network elements called Agents and Service Managers.Agents stand between the user/subscriber and the network, and between variable technologyelements of the network itself, to create a standard set of interactions that can be molded into astable set of user services. Service Managers stand between intelligent network services andusers, brokering the services they represent to the collection of users on the network.

SS7SS7 MGCPMGCP SIPSIP H.323H.323 Q.2931Q.2931 B-ISUPB-ISUP ISUPISUP JAINJAIN

AINAIN CentrexCentrex VPNVPN

Integrated Billing and OSSIntegrated Billing and OSS

CLASSCLASS Call ControlCall Control

Voice MailVoice DialIVRConferencingAdvertisingPrepaid Cards

800800LNPLNPE911E911CNAMCNAMLIDBLIDBLDAPLDAPDNSDNS

IP/ATM

TDM (IMT/PRI)

Switching andInter-working Layer

Service Management Gateway (SMG)

DataDataBaseBaseService Bus

Core NetworkCore Network

IS-41IS-41

TDM (IMT)

E911/OperatorTDM (TR

-303)

HFC

TDM (PRI/CAS)IP

IMT

Wireless

Sub

scribers

Sub

scribers

ACCESSACCESS

ATM

Service Agents

Netw

orkAgents

TDM(MF)

MSTOMSTO

ServiceManagers

(SM)

IntelligentIntelligentPeripheralsPeripherals

InternetInternet

PacketPacket

PSTNPSTN

IntegratedConvergence

Switch(ICS)

CTICTI APIAPI

TR-303TR-303 AnyAny

Access

Agents

DLCDLC

PBXPBX

VOIPVOIP

C5EOC5EO

CableCable

CellCell

IADIAD

SERVICESSERVICES NETWORKNETWORK

Protocol Layer

Protocol Bus

VSIVSI8

Convergent Networks' Service-Enabling ArchitectureThe most critical agent of all is the Access Agent. This agent is the user's representative in thenetwork of the future. Its relationship with other agents gathers the resources needed to fulfill userrequests. User devices signal the Access Agent through one of many local service signalingprotocols (analog dial, ISDN digital Q.931, data-oriented H.323, MPLS, DiffServ, etc.) to make theirservice request, and the Access Agent does the rest. This makes each service (voice, video, ordata) independent of the particular user-to-network interface. The Access Agent is a universalnetwork client, in short.

Some of the services requested by Access Agents on behalf of their users will involve creatinga connection across the network, and this function is facilitated by means of a Network Agent.There is a unique Network Agent for each type of transport network (ATM, IP, PSTN, etc.), and theagent knows the protocol needed to signal connections over its associated network. The use of anetwork agent makes the construction of a service connection independent of the type of network.

Other services require special features, such as a lookup of an 800 number. For thesefeatures, SEA provides a series of Service Agents that represent clients in a distributed client/server network architecture. When an Access Agent representing a user requires a specialservice (like the 800 number decoding), the request is made through a Service Agent.

The services themselves are supported via Service Managers, the server in the client/serverarchitecture. A network can contain any number of service managers, connected to the serviceagents via a logical "Service and Protocol Bus (SPB)" that creates a standard set of interfacesbetween the agents and managers. The SPB provides a translation between a high-level logicalservice request protocol and the individual signaling protocols required. Thus, SS7, MGCP, TCAPand other standard protocols may be used to deliver service feature requests and responses.

As the figure shows, Access Agents and Service Agents reside in Convergent's IntegratedConvergence Switch (ICS), the universal edge device to the network of the future. The ICS islinked to the access network using any convenient technology, including copper analog loop,ISDN, or ATM.

Figure 4 shows the way these elements interact in the creation of a service. As the figureshows, the model is not voice, data, or video-specific, but rather a general model of the creation ofa useful user-to-user or user-to-network relationship. The strength of SEA is that the same modelof service fulfillment works for everything. This is true convergencenot a demand that everynetwork converge on a common technology, but that every service converge on a common andflexible architecture that works for any technology.9

Convergent Networks' Service-Enabling ArchitectureFigure 4: Information Flows in an SEA-Enabled Service

Figure 5 illustrates the application of SEA to a traditional telephone service. The user interactswith the Access Agent via the interface associated with the calling instrumentin this case, analogDTMF dialing. The Access Agent presents dialtone and collects the digits dialed, according tohow it was parameterized by the service provider. In this example, the user dials an 800 number,and the entire 11-digit string is collected.

Figure 5: An 800 Call Using SEA

ICSA

SN

Service Management Gateway

ServiceManager

ServiceManager

ServiceManager

ServiceManager

To UserTo User To UserTo User

NetworkICS

AS

N

User Information FlowUser Information Flow

Service Control FlowService Control Flow

ICSA

SN

Service Management Gateway

ServiceManager

ServiceManager

ServiceManager

ServiceManager

To User To User

Network ICSA

SN

1

23

6

4

57

8

9

The user dials an 800 number (1) and the signalingThe user dials an 800 number (1) and the signalingis received by the Access Agent (2) in the originatingis received by the Access Agent (2) in the originatingICS. The Access Agent recognizes a special requestICS. The Access Agent recognizes a special request(800 dial) has been made, and sends the number to(800 dial) has been made, and sends the number toits local Service Object Interface (3), which dispatchesits local Service Object Interface (3), which dispatchesit to the associated Service Manager via the Serviceit to the associated Service Manager via the ServiceManagement Gateway for decoding. The result isManagement Gateway for decoding. The result ispassed back to the Access Agent (4) for handling.passed back to the Access Agent (4) for handling.

The decoded number representing the real 800 destination isThe decoded number representing the real 800 destination ispassed to the Network Agent supporting the network connection (5).passed to the Network Agent supporting the network connection (5).The Network Agent requests a connection to the destination (6) usingThe Network Agent requests a connection to the destination (6) usingthe networks own setup protocol (Q.2931, H.323, etc.), which thethe networks own setup protocol (Q.2931, H.323, etc.), which thenetwork completes (7).network completes (7).

The Network Agents exchange status andThe Network Agents exchange status andcaller information on the link, and thecaller information on the link, and theNetwork Agent passes the call to the AccessNetwork Agent passes the call to the AccessAgent who owns the called party (8). TheAgent who owns the called party (8). TheAccess Agent signals the call in the languageAccess Agent signals the call in the languageappropriate to the called party (DTMF, H.323,appropriate to the called party (DTMF, H.323,etc. (9) and the call is completed.etc. (9) and the call is completed.10

Convergent Networks' Service-Enabling ArchitectureAt this point, the Access Agent generates a request to its local Service Agent, identifying thetype of event it has recognized (the dialing of an 800 number) and providing the serviceparameters, such as ANI, for the user it is representing. This request is routed to the ServiceManagement Gateway, which in turn routes it to the Service Manager registered to handle therequest. The Service Manager looks up the 800 number and provides the required routinginstructions. This can be a source-route IP vector, an ATM PNNI Designate Transfer List, orsimply a new address (translated phone number) to call.

When the originating Access Agent receives the response, it routes its call request accordingto the instructions provided. These move the call through the Network Agent controlling the exitpath from the ICS (in the figure, via an ATM UNI), through the transport network, and to theNetwork Agent at the destination ICS. There, the call is routed to the Access Agent representingthe called party. The Access Agent generates a "ring" to that party in whatever its local signalingprotocol may be.

Figure 6 illustrates a more complex voice application; a "new service" that a CLEC might wantto offer subscribers called "Authenticated Calling". With this service, the called party identifies anumber of calling numbers from which it will accept calls, and also a "password" to allow callers atarbitrary locations to call through. The network then filters incoming calls, ringing through on onlythe authenticated calls.

Figure 6: Authenticated Calling Using SEA

The first step in this service is to provide a database of authenticated users. This database iscollected and maintained by a Service Manager, and it can be updated by the customer servicerepresentative of the CLEC offering the service. The database contains a series of records foreach Authenticated Calling subscriber, including the caller IDs of those callers to be presumed"authentic" and the password to require from other callers.

ICSA

SN

23

ICSA

SN

Service Management Gateway

ServiceManager

ServiceManager

ServiceManager

ServiceManager

To User To User

Network

1

6

4

57

The calling party places a call to anThe calling party places a call to anAuthenticated Calling subscriber usingAuthenticated Calling subscriber usingthe procedures described in Figure 5 (1).the procedures described in Figure 5 (1).

When the called partys ICS receives the call, the called Access Agent (2)When the called partys ICS receives the call, the called Access Agent (2)sends the called number and calling number to the Service Object Interface (3),sends the called number and calling number to the Service Object Interface (3),which requests a Service Manager validation of the call (4). If the callingwhich requests a Service Manager validation of the call (4). If the callingparty is on the authentic list, the Service Manager returns a connectionparty is on the authentic list, the Service Manager returns a connectionauthorization. If not, the calling Access Agent is requested to obtain aauthorization. If not, the calling Access Agent is requested to obtain apassword in the calling partys signaling protocol (5). This password ispassword in the calling partys signaling protocol (5). This password issent to the called Access Agent over the network connection (6) andsent to the called Access Agent over the network connection (6) andon to the Service Manager for authentication. If the password is valid, theon to the Service Manager for authentication. If the password is valid, theconnection is authorized (7)connection is authorized (7)11

Convergent Networks' Service-Enabling ArchitectureTo activate the new service, the subscriber dials a sequence of digits (we'll assume thesequence "*41" to toggle the state of the screening process). When the subscriber dials theactivation sequence, the Access Agent sends a request message to the Service Manager asbefore, but this time the Service Manager reads the state of the Authenticated Calling On/Offvariable in the subscriber's database. If Authenticated Calling was "OFF", the Service Managersets the variable "ON" and sends a message indicating the current state of the variable to theAccess Agent. This message invokes a voice response "Authenticated Calling is ON" to the user.

Now, assume another party places a call to the Authenticated Calling subscriber. Severalpossible actions can take place, depending on how the carrier deployed SEA-based services. Forthis example, we will summarize two different service policy options.

One possibility is that all incoming calls are filtered for destination-requested special handling,meaning that every incoming call request is validated by a Service Manager to insure it conformsto subscriber policies. In this case (Figure 6), the Access Agent for the called party issues arequest for call validation prior to completing the call to its user. If the caller is not "authentic", thecalled Access Agent will pass a service action request back along the connection path to thecalling Access Agent to ask for a password using the caller's signaling protocol. This passwordwill be forwarded to the called Access Agent over the connection, and validated through theService Manager. If it is valid, the connection will be authorized.

The second possibility is that incoming calls are filtered based on subscriber status, meaningthat the invoking of a special feature like Authenticated Calling will set a variable in thesubscriber's Access Agent record, and the filtering process will take place only if that variableindicates that some special call handling is activated. This reduces service overhead for situationswhere most subscribers do not use special call features.

Whenever a Service Manager request is made by an Access Agent, the called and callingnumbers (if available) and the connection information (if available) are provided so that the entirerequest process can be fulfilled from a single message. Thus, the called Access Agent in theexample above will provide the Service Manager with the calling number, permitting callingnumber lookup and authentication if the Authenticated Calling feature, or some other featurerequiring calling number validation, is active for that customer.

The local Access Agents retain a connection table for the connections they support. This tablecontains call state information and also calling/called party numbers and network routing vectors.This allows the local Access Agents to respond to special conditions such as a "hold" request or alost call, offering the service provider greater versatility in setting up custom service features.

These examples illustrate the power of SEA. Special features can be activated at the callsource, the call destination, or in fact at any Network Agent between. This allows the mosteconomical and efficient application of special features to voice call applications. New servicescan be created simply by providing a Service Agent and defining a call handling instruction set forthe Access Agentswhat in current telephony terms would be "creating a call model".12

Convergent Networks' Service-Enabling ArchitectureThe most powerful aspect of SEA, however, is its applicability to data applications as well asvoice applications. Figure 7 shows a data VPN application created using SEA. This applicationcould coexist on the same IP interface with other applications such as H.323 voice calling andInternet access.

Figure 7: A Data VPN Using SEA

The key to this multi-use IP interface is a table of forwarding instructions maintained by theAccess Agent. This table contains a set of rules by which incoming packets are analyzed andprocessed. One rule, for example, could recognize H.323 sessions and divert them to an H.323Access Agent.

A VPN service is created by providing rules by which VPN traffic can be recognized at the IPinterface. This would normally be done based on source/destination IP address, and possibly byTCP port number or other internal TCP/IP header variables.

The process is initiated by the receipt of a data packet from the user. The Access Agent firstremoves any specialized local encapsulation header (PPP, RFC 1490, etc.) from the packet andthen matches the packet itself against the forwarding table, each entry representing a VPN rule.

When an incoming packet matches a VPN rule, the Access Agent applies the associatedforwarding instructions. These could, for example, encapsulate the packet in an MPLS(MultiProtocol Label Switching) header for handling. The rule might also require that the AccessAgent request special routing instructions, in the form of a route vector, from a Service Manager.

In our example in Figure 7, the VPN packets are passed to an MPOA (Multi-Protocol OverATM) Network Agent for transmission. MPOA provides a means of converting IP flows to ATMswitched Virtual Circuits. The MPOA client would issue a request to its MPOA route server askingfor the ATM address equivalent to this particular IP address. The server would respond with thataddress and the Network Agent would then set up an SVC. That SVC would then carry trafficbetween the user pair without further route analysis interaction.

ICSA

SN

ICSA

SN

Service Management Gateway

ServiceManager

ServiceManager

ServiceManager

ServiceManager

To User To User

Network

Forwarding Rules

Incoming data packets from the sending user (1) are matched against a tableIncoming data packets from the sending user (1) are matched against a tableof forwarding rules (2) maintained by the Access Agent for that user. Whenof forwarding rules (2) maintained by the Access Agent for that user. Whena packet matches a rule, the handling instructions may direct the packet to aa packet matches a rule, the handling instructions may direct the packet to aNetwork Agent (3) for dispatch to the destination, to a Service Manager (4)Network Agent (3) for dispatch to the destination, to a Service Manager (4)for the determination of a complete source routing vector, or to a network-for the determination of a complete source routing vector, or to a network-resident service such as DNS (5). In this case, the Network Agent (3) usesresident service such as DNS (5). In this case, the Network Agent (3) usesthe ATM MPOA standard to create an SVC across the ATM network to thethe ATM MPOA standard to create an SVC across the ATM network to thedestination ICS (6).destination ICS (6).

An incoming packet from a remote sender (6)An incoming packet from a remote sender (6)contains the routing vector to the destination,contains the routing vector to the destination,and is directed to the Access Agent thereand is directed to the Access Agent therefor delivery to the user (7). Any specialfor delivery to the user (7). Any specialencapsulation (PPP, etc.) is applied byencapsulation (PPP, etc.) is applied bythe Access Agent.the Access Agent.

1

2

36

4 5

713

Convergent Networks' Service-Enabling ArchitectureAt the destination ICS, the Access Agent applies the packet encapsulation appropriate to theinterface to the destination user, and delivers the packet. This process is also based on aforwarding rules table, permitting destination-based VPN handling rules (such as MPLS tunnel IDor DiffServ TOS bit setting) to be applied in an appropriate manner.

Because the Access Agent where the packet originated provides the Network Agent a VPN ID,the addresses used in the data packets on the VPN need be unique only within the VPN (and, ofcourse, at the access interface to the user). This means that the RFC 1918 "private" IP addressescan be used on VPNs without fear that they will overlap with the addresses of other users. SimilarVPN address management can be applied in non-MPOA applications to support flexible VPNaddressing regardless of the type of network providing the connection between VPN users.

SEA also provides for the introduction of data services by the carrier. A special IP packet likea Domain Name Server (DNS) request for address translation, or a Distributed Host ConfigurationProtocol (DHCP) request for a dynamic IP address assignment, can be recognized by the AccessAgent through an entry in the handling table, and routed to a Service Manager that offers theseservices. Similarly, network-resident Web or mail resources, or network-resident applications, canbe given unique IP addresses and directed to internal network resources by the Access Agents ateach site.

"Convergence" is a good way to describe the current telecommunications market conditions,but not in its usual sense. What is "converging" is a combination of technical, competitive, andregulatory pressures. What they are "converging" on is the service provider. Some serviceproviders will meet these converging challenges and prosper, and others will fail.

The key to success in any business is sales, and the key to service provider sales is servicesto sell. With SEA, Convergent Networks has defined an architecture that is directed at creatingservicesboth the current voice/data services and new and innovative servicesthat will buildcustomer value and thus create revenues for the provider.

SEA is a full-service, multimedia, architecture because the nature of the carrier market is thatall successful players must eventually be full service players. SEA is a flexible architecturebecause the service providers will be able to deal with the combination of market pressures, in theshort term, in a variety of ways. SEA is an extensible architecture because we cannot assume thatthe things we do with networks today will be the only things we do in the next millennium. In fact,we can be sure of the opposite.

Many vendors promise support for the architecture of the next century. We promise supportfor the buyers, the sellers, and the valuable services that they exchange. We think that's the rightapproach, and invite your further exploration of our capabilities.

Conclusion14

Convergent Networks' Service-Enabling ArchitectureFor more information, please contact us at:

Convergent Networks

Two Highwood DriveTewksbury, MA 01876978.640.1970 tel978.640.1971 fax

www.convergentnet.com