Self-managed DWDM ring lowers long-term costs and shortens wait for circuits.
Local access networks at Cisco have grown organically over the years. At the San Jose, California campus, which spans two miles, buildings were connected to OC-192 circuits operated by two separate service providers, in case one provider's service was interrupted. "Paying for infrastructure from two service providers resulted in high ongoing costs, and business units that needed new circuits had to wait 60-90 days," says Mike Anderson, senior network design manager with Cisco IT. What's more, when business units needed additional circuits, Cisco had to connect one dark fiber at a time for each new circuit, an approach that was difficult to scale.
An incentive to take a new approach arrived in 2007, when Cisco IT began building a Texas metro virtual data center (MVDC) linking two sites. These sites needed a low-cost, scalable interconnect, and leasing circuits for every router and SAN switch interconnect would be prohibitively costly. "We realized that building a resilient metro ring connecting campus buildings to service provider POPs [points of presence] would lower the costs of telco services compared to delivering services directly to the campus," says Judy LaPorte, network engineer for Cisco IT. The same approach would work at certain other campuses, including the San Jose, California headquarters.
A cost analysis confirmed lower costs from building a dense wavelength-division multiplexing (DWDM) access ring using the Cisco® ONS 15454 Multiservice Transport Platform and managing it internally, even though the operational staff would need training. "You see cost savings for internally managed circuits if you have 4 to 6 10-Gbps circuits, depending on circuit price," says Anderson. "Of course, building your own access ring only makes sense if you own the land and property or have a long-term lease." Only a few Cisco sites meet these criteria, including San Jose; Richardson, Texas; Research Triangle Park (RTP), North Carolina; Boxborough, Massachusetts; and Amsterdam. But the savings start to add up when the capacity requirements increase and Cisco IT expects there will be need for 40Gbps in the near future and then 100Gbps.
Lowering the costs of access to the Texas MVDC was just one piece of a larger business initiative to lower communications costs, one of the largest expenses in the Cisco enterprise. "The last mile is nearly as expensive as the cross-country portion," says LaPorte. As an example, local access for Cisco's Research Triangle Park (RTP) campus costs one-third of total circuit costs, fully half as much as the long-haul connection between the campus and the POP in Ashburn, Virginia.
The San Jose campus now has a scalable, resilient, and cost-effective local access solution, consisting of two access rings, one owned and managed by a carrier and the other by Cisco IT. For diversity, the internally managed ring connects directly to a service provider POP. "If someone makes a configuration error on one ring that takes down several circuits, the circuits coming in on the other ring will still be available, an important consideration for highly visible service such as Cisco's public website," says LaPorte. The service provider POP is also a connection point for the National LambdaRail (NLR), a 12,000-mile high performance optical fiber network linking research and educational institutions throughout the United States.
In 2012, Cisco IT will also connect the internally managed ring to a nearby carrier-neutral facility. "Some people think that a fully-protected ring eliminates the need for carrier diversity," says Joe Silver, Cisco IT manager. "But at Cisco, the use cases for the carrier-managed and internally managed rings are different." For example, connecting certain major campuses to the carrier's DWDM ring saves money, because nearby branch offices already have WAN circuits from the same carrier.
To build the internally managed local access ring, Cisco IT leased dark fiber from a service provider and deployed a Cisco ONS 15454 to terminate the fiber in eight Cisco buildings and a service provider facility. "With this design, site-to-site connectivity costs nothing beyond the initial cost of the switch to turn up the circuits," says Anderson. "In contrast, if we had turned up eight links with the service provider, costs would be significant. This project was not a technology breakthrough, but about applying established technology to take a more strategic approach to local access."
Cisco IT implemented the local access solution in phases:
Phase 1: First, Cisco IT connected one San Jose building to a nearby collocation facility with an NLR POP, providing ultra-high-speed connectivity to the Texas MVDC and RTP. The ring was unprotected during this phase (Figure 1).
Figure 1. Phase 1: Unprotected Access
Phase 2: Cisco IT replaced a carrier's OC-192 circuit with an internally managed protected network, in both the San Jose and Richardson campuses (Figure 2). "We added protection by connecting another DWDM mux to the Cisco ONS 15454 chassis," says LaPorte. If fiber is cut between any two buildings, the ONS 15454 senses the cut, shuts down that path, and automatically follows the path in the other direction. "When a fiber did go down outside one of the Texas MVDCs, the router and SAN network interconnect remained operational, and nobody other than the personnel monitoring the node knew of the outage," LaPorte says.
Figure 2. Phase 2: San Jose Metro DWDM Ring, with Protection
Phase 3: Next, Cisco IT connected dark fiber to the ring for site-to-site connectivity. Eleven 10-Gbps circuits are currently in place, and 11 more will be added in 2012. A pair of local access circuits connects to NLR's long-haul network, which links the San Jose campus to both the Richardson and RTP campuses.
Phase 4: In early 2012, Cisco IT will extend the internally managed ring to a carrier-neutral facility to connect to additional service providers, for diversity.
The Cisco ONS 15454 platform multiplexes circuits across the dark fibers, and can support multiple point-to-point circuits. Cisco uses a 40-channel system, with traditional Wavelength Selective Switch (WSS) cards in some locations and Single Module ROADM (SMR) cards in others. ROADM stands for
reconfigurable optical add/drop multiplexer. "The SMR card simplifies the deployment because it combines the functions of the WSS, DMX [wavelength demultiplexer], pre-amplifier, and amplifier, taking up only one slot instead of half a shelf," says Anderson.
The ONS 15454 supports 40- and 100-Gbps channels, and Cisco IT will grow into these increased requirements. "As Cisco's business and application needs grow, moving toward 40 Gbps and 100 Gbps will provide clear economic benefits," says Jawahar Sivasankaran, distinguished IT engineer with Cisco IT.
Connecting Headquarters to the Texas MVDC
Circuits from the San Jose campus to the Texas MVDC travel over the local access ring to the carrier facility, across the NLR to the local-access ring in Richardson, and then to the MVDC. "With our internally managed solution, we were able to connect to the Texas MVDC sooner and for significantly less cost than if we had waited for a carrier solution," says LaPorte.
At the two Texas MVDC sites, Cisco IT deployed a single pair of Cisco ONS 15454 platforms at each location, splitting the pair between two rooms. The Cisco ONS 15454 can still maintain its data traffic for a limited time even if connectivity is lost between the main shelf and its subtending shelves.
The split-shelf design has two drawbacks, however. If the node controller shelf fails, Cisco IT loses visibility into the second shelf even though it continues to operate. The other drawback is that the split-shelf design requires a fiber pair between the two rooms for each protected lambda. In subsequent deployments, beginning with the Mountain View, California data center, Cisco IT will implement two nodes at each location, to keep track of the control plane and simplify fiber management.
To minimize latency, the data center interconnects are independent of Cisco's local access rings, which may extend farther than the 80 kilometers that the MVDC interconnect supports. "Both the working path and protect path are short, so that databases remain synchronized in the event of failure," says LaPorte.
Creating new circuits requires very little staff time, and Cisco IT's operations team easily absorbed the additional work. Cisco Services team provided one week of training for operations and implementation staff, plus another week when the SMR card was introduced. Later, Cisco Services conducted half-day classes on the add-drop multiplexer (ADM) on a card used for SONET-over-DWDM and the GE XPonder Enhanced (GE-XPE) card that multiplexes lower-speed Ethernet over a 10-Gbps channel.
Operations personnel use the Cisco Technical Assistance Center (TAC) Optical service for support. "Once the Cisco ONS 15454 is operational, it requires very little maintenance," says LaPorte. "The only effort required is for making changes such as adding new circuits or adding a node to the ring."
Strategic Foundation for Growth and Cost Containment
The internally managed access ring has lowered ongoing operational costs while enabling Cisco business units to obtain circuits in 30 days instead of 60-90 days. "In the past, individual Cisco departments went directly to one of several service providers to patch dark fiber, resulting in redundant costs in some cases," LaPorte says. "Now Cisco IT can provide 10-Gbps, 40-Gbps, and 100-Gbps circuits as a service." To fulfill a request, Cisco IT gathers the bandwidth requirements from the end user, determines the required hardware, and then schedules the hardware installation with the implementation team. To fulfill requests in a timely fashion, Cisco IT maintains an inventory of the cards and optics used in most circuit deployments.
To date, Cisco Services, the Cisco global sales organization, Cisco WebEx®, and the Linksys division are using circuits operating over the Cisco local access rings
Rapid Return on Investment
Projected savings from the project are $3-5 million within three years. "Building versus leasing dark fiber is like buying versus renting a house," says Anderson. "The economics are favorable if you intend to live there a long time."
Previously, local access was based on unprotected rings from multiple providers. Now Cisco has protected access, reducing the risk of business disruption in the event of a fiber outage.
More Carrier Choices, Lowering Costs
Cisco IT can now work with carriers in addition to those that happen to provide local access. "Now we can connect our ring to a couple of carrier-neutral facilities with multiple service providers, gaining access to more carriers and providing diversity," says LaPorte.
Cisco IT shares the following lessons learned with other organizations planning to build and manage their own local access ring:
Calculate whether an internally managed DWDM ring will save money in your environment. "The decision depends on which carrier's circuits you're accessing, their location, and costs," says Silver. "If the endpoint is a particular service provider's POP, it may make economic sense to use that carrier's access ring to avoid collocation fees."
Recognize that managing an optical network requires significantly different skills than managing an enterprise network, and that your operations team will need training. Cisco Services provided training for the Cisco IT operations team.
Consider implementing two nodes at each location. This design preserves visibility even if one node goes down.
Create a circuit management database to keep track of internal customers and the hardware associated with those customers. This database will enable you to contact customers on a timely basis if an outage occurs on their hardware. Also note the criticality of the circuit. At Cisco, the WAN backbone interconnect has the highest priority, while lab circuits can be best-effort services.
Consider using the SMR card for the ONS 15454. "SMRs make the deployment much simpler and reduce the footprint," says Bill Luong, network engineer for Cisco IT.
Maintain a stock of spares for items with long order times. These items include transponders and SMRs.
Use tunable optics when possible. Tunable optics, which cost approximately 10 percent more than fixed-frequency optics, simplify inventory and can shorten lead times to turn up a new circuit. "Tunable optics were not available at the beginning of the project, and sometimes we needed four optics with the same frequency to turn up lambda," says LaPorte. "Accidentally putting an optic in the wrong port can delay circuit availability. Now we don't have that risk, because we simply plug in the optic and specify the frequency."
Cisco IT plans to build local access infrastructures in other U.S. regions where doing so will lower costs. "Regions that do not want to take responsibility for optical management can use a service provider's DWDM ring that carries circuits to their facility," says Silver. "Many large enterprises benefit by combining strategies: internally-managed rings plus service provider rings."
Cisco also plans to implement session initiation protocol (SIP) circuits for site-to-site connectivity.
For More Information
To read additional Cisco IT case studies on a variety of business solutions, visit Cisco on Cisco: Inside Cisco IT
This publication describes how Cisco has benefited from the deployment of its own products. Many factors may have contributed to the results and benefits described; Cisco does not guarantee comparable results elsewhere.
CISCO PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Some jurisdictions do not allow disclaimer of express or implied warranties, therefore this disclaimer may not apply to you.