• What is Ethernet Circuit?
• Who Uses Ethernet Circuit?
• How is Ethernet Circuit Deployed?
• Ethernet Circuit Links

What is Ethernet Circuit?
MRV's unique Ethernet Circuit technology enables Ethernet based end-to-end Quality of Service (QoS) and traffic Classification (CoS).  It is a network policy management tool, which emulates circuit switching using Ethernet packets.  Traditional Ethernet switches for corporate Local Area Networks (LANs) are designed to forward frames, but are incapable of treating a stream of frames as belonging to a specific flow of information (a circuit). Ethernet Circuit switches can recognize a series of Ethernet frames as belonging to a predefined circuit, and apply the same policy parameters on them.
 
QoS policies, including fine-grained rate control can easily be implemented using Ethernet Circuit technology.  The switch simply provides a finite amount of bandwidth to the packets on the circuit.  Another important feature of Ethernet Circuit technology is the ability to define a circuit that cannot be tapped or tempered with by neighboring users.  Both security and QoS capabilities are critical to Enterprise and Carrier customers alike.


Who Uses Ethernet Circuit?
Both service providers and Enterprises can take advantage of Ethernet Circuit technology.  Ethernet Circuits enhance the solutions a carrier may offer over Ethernet, by providing both granular rate limiting and flexible security capabilities.  The provider can offer tiered services to its customers, delivering Service Level Agreements (SLAs) just like with traditional SONET, ATM, or frame-relay equipment, but at the price of Ethernet.  The Granular bandwidth feature enables the carrier to create a tiered product-positioning scheme. Even though the physical access speed is constant (10Mbps, for example), this feature defines the maximum speed actually utilized for each type of traffic. In a case where a Fast Ethernet connection is installed as the access medium, the speed of Internet traffic within the ISP's network can be unlimited, while external Internet access can be limited to 128 Kbps, LAN-to-LAN services to 5 Mbps and Voice or Video-conferencing can be enabled on demand. When implementing such tiered pricing models, carriers can maximize profit on the installed equipment and offer a competitive product set, while actually reducing operational costs.
 
A carrier has to protect its subscribers' traffic from malicious intrusion by neighboring subscribers. This demand is critical especially in shared technology such as Ethernet. MRV's technology creates a separate Ethernet circuit by defining a VLAN between each subscriber and a specific router. Each subscriber is assigned a unique "VLAN ID" in the access network, and in all switches on the path to that router, creating a physical barrier between all subscribers in the access network.  This architecture physically prevents subscribers from tapping into neighboring subscriber's traffic. Directly sending data between subscribers is impossible, as all circuits are terminated in the router, which implements further security checks.  In such a security scheme, even the electrical signals from a subscriber's traffic do not reach other subscribers' ports, preventing electrical tapping (wire-sniffing).
 
For the Enterprise, by using Ethernet Circuit LANs, the IT infrastructure can securely deliver the required services and applications directly to the desktop, with controlled access capabilities. An Ethernet Circuit switch can define what type and class of services a specific PC can receive.  For example, in an enterprise LAN, different access speeds and QoS can be defined per application and per user using Ethernet switches. This allows organizations to better utilize IT resources, such as data storage, ERP software, e-mail servers and rendering farms.  If the Enterprise is outsourcing these IT services to an Application Service Provider (ASP), Ethernet Circuit technology can reduce the costs of access fees, optimize the Internet connection's performance, and improve employee's productivity.
 
For security purposes, the LAN administrator can isolate the traffic of individuals or workgroups. Furthermore, this scheme can be integrated as part of the general Internet security scheme, to provide an overall security solution. Using separate Ethernet circuits allows isolation of sensitive information and mission critical servers from LAN users and access from the Internet.
 

How is Ethernet Circuit Deployed?
MRV's OptiSwitchT switching product lines support the Ethernet Circuit technology.  Any of the OS, OS-M, and OS-Z family of products can be used to configure security and rate limiting based on packet parameters.  Using the OptiSwitchT products, an entire end-to-end network can be constructed, from the desktop to the core.
 
Ethernet Circuit technology works by examining each packet at the ingress and egress of each switch port; the circuit classification starts at the access port level. This ability to check a circuit at the first port to which the subscriber or user-PC is attached ensures an end-to-end QoS scheme. Since the profile check is performed at the Ingress port, the overall network performance is improved by preventing out-of-profile traffic from traveling along the network until reaching some central profile server.
 
As the packet traverses the network, each switch may apply a policy to the identified circuit, allowing control over the traffic at all points in the network. This ability ensures that congestion can be avoided, and priority maintained end-to-end.  A simple network management tool, MegaVision WebT can be used to configure the circuits and assign policies, making the whole process seamless across the network.
 
An Ethernet Circuit can be defined based on a variety of Layer 1-5 parameters such as physical port, IP address and TCP or UDP port.  Once the circuit is defined, actions and procedures are performed based on a database of circuit entries held internally within the switch's hardware. These actions can include: marking and re-marking of fields in the different headers of the frame, conformity checks with the SLA, filtering and forwarding decisions, QoS decisions, statistics gathering and accounting.
 
Unlike in the traditional circuit-switching world, the provisioning of an Ethernet Circuit requires no manual re-configuration. Upgrading a 2 Mbps circuit (E1) to a 45 Mbps connection (DS3) can be performed in the software, without any manual, physical circuitry reconfiguration. This feature, when compared to today's slow provisioning times that are measured in days or even weeks, represents a huge upgrade of the service level a carrier can provide to its subscribers by offering on-the-spot changes and self-provisioning capabilities. When the Ethernet Circuit technology is extended into the entire access network and backbone, service providers can see additional benefits, including better use of technician's time, and operational cost savings from avoiding lost revenue from inactivated services and the need to purchase costly new systems.
 
The Ethernet Circuit security features also provide tools for prevention of subscriber masquerading. When not enforced, subscribers can impersonate other subscribers by using their IP source address. Such security flaws can result in subscriber's abusing their peer's SLAs and attacking other networks and computers without revealing the true source behind theseattacks.  Intrusion control can also be implemented by correlating each IP address to a physical port in a specific system. All incoming IP traffic is inspected on the access port. Incoming frames from a port are dropped if the source IP address is different from the IP addresses expected on this port. This feature disables any wire that is not centrally activated by the carrier, preventing "pirate subscribers" which are intruders that physically gain unauthorized access to a wire or a port.


Ethernet Circuit Links

• OptiSwitchT Product Pages