Zte ZXR10 8900E series Скачать руководство пользователя | Manualshive

Страница: 76 / 132

background image

ZXR10 8900E series Core Switch Product Description

66

© 2013ZTE CORPORATION. All rights reserved.

ZTE Confidential Proprietary

3.8.5

Network Security

Ideally, user-class virus inspection which requires user to install patch and anti-virus
software is preffered in defending network virus. In most occasions, lots of users can not
accomplish this task, so switch must be able to provide network-class virus inspection
and alarm.

Besides, for some malicious network attacks, the switch must have some protective
mechanisms to avoid the breakdown of the switch and network. ZXR10 8900E series
switch mainly realizes network-based security mechanism. It configure security
inspection service to different units.

In ZXR10 8900E series switch, the network security mainly includes the following
services:

Inspect virus which cause outbreak traffic increase, e.g. “SQL worm”, “red code” and
“shockwave”. Corresponding alarms will be generated, or the client port will be closed.

Avoid user’s ARP proofing.

MAC address flooding protection. Restrict port MAC address number.

Set port broadcasting packet threshold.

L2, L3 and L4 hybrid ACL filtering.

Route filtering

Forbid ICMP relocation service. Prevent attacker from sending spoofing ICMP message.



Defend CPU attack. Implement protocol message protection. Distribute different
hardware CPU queue to protocol message. Set precedence, speed restriction, wred
and other QoS mechanisms. Protect CPU.



Defend DoS attack based upon hardware queue. Support anti-land | null-scan |
ping-of-death | smurf | sys-fin | syn-port-less-1024 | xma-scan | ping-flood |
syn-flood attack. Anti-ping-flood | syn-flood attack can support speed restriction.



Anti-IPv4 URPF source address deception.



Automatic broadcasting storm suppression.



Control/signaling MD5 encryption authentication



DHCP snooping



IP Source guard and DAI based upon DHCP Snooping.



IPv6 ND security

«
...
74
75
76
77
78
...
»

Содержание ZXR10 8900E series

Страница 1: ...Operator Logo ZXR10 8900E series Core Switch Product Description ...

Страница 2: ......

Страница 3: ...ersion 3 00 02 including VSC L2PT MFF and so on Modify the description about main control board and interface board Update IPv6 function 2012 11 16 Li Ying Huang HongRu Update The description error 2013 02 19 Li Ying Huang HongRu Update The description about software load and unload 2013 ZTE Corporation All rights reserved ZTE CONFIDENTIAL This document contains proprietary information of ZTE and ...

Страница 4: ...features 6 3 1 2 VLAN and relative features 7 3 1 3 Link aggregation 11 3 1 4 Spanning tree 13 3 1 5 L2 multicast 15 3 1 6 L2PT 16 3 2 L3 function 17 3 2 1 IPv4 route protocol 17 3 2 2 Ipv6 Routing 20 3 2 3 IPv4 IPv6 Transition 20 3 2 4 L3 Multicast 21 3 2 5 Controllable Multicast 23 3 2 6 MCE 25 3 3 MPLS VPN 26 3 3 1 Basic Functions of MPLS 26 3 3 2 MPLS TE 29 3 3 3 MPLS L2 VPN 30 3 3 4 MPLS L3 V...

Страница 5: ... Architecture 77 4 2 2 Working Principles of Hardware System 79 4 3 Hardware Boards 81 4 3 1 Switching Main Control Board 81 4 3 2 Power Module 88 4 3 3 Interface Module 89 4 4 Software Architecture 92 4 4 1 System Software Architecture 92 4 4 2 Software Platform 94 5 Technical Specifications 98 5 1 Basic features 98 5 2 Interface Specifications 99 5 3 Functions 101 5 3 1 L2 features 101 5 3 2 L3 ...

Страница 6: ...nance 113 7 1 NetNumen U31 Unified Network Management Platform 113 7 1 1 Network Management Networking Mode 113 7 1 2 NetNumen U31 Network Management System 114 7 2 Maintenance and Management 116 7 2 1 Multiple Configuration Modes 116 7 2 2 Monitoring and Maintenance 117 7 2 3 Software Upgrade 118 7 2 4 File System Management 118 8 Glossary 120 ...

Страница 7: ...ncE synchronization 43 Figure 3 13 IEEE 1588 synchronization 44 Figure 3 14 SQA association 48 Figure 3 15 VSC system logic connection diagram 48 Figure 3 15 ZESR break alarm 49 Figure 3 16 ZESS protection mechanism 51 Figure 3 17 ZESR working principle 51 Figure 3 18 PW single hop redundancy protection 54 Figure 3 19 PW multi hop redundancy protection 54 Figure 3 20 CE dual homing to PE 55 Figure...

Страница 8: ...SC1A main control board panel diagram 85 Figure 4 17 8908EMSC1D main control board panel diagram 85 Figure 4 18 8905EMSC1D main control board panel diagram 85 Figure 4 19 8902EMSC1D main control board panel diagram 85 Figure 4 20 8902EMSC1A main control board panel diagram 86 Figure 4 21 8912E 8908E 8905E DC power board diagram 88 Figure 4 22 8912E 8908E 8905E AC power board diagram 89 Figure 4 23...

Страница 9: ...ain control board panel indicator function description 87 Table 4 4 8900E interface board type 90 Table 5 1 Basic features and performance 98 Table 5 2 Interface Specifications 99 Table 5 3 L2 features 101 Table 5 4 L3 features 102 Table 5 5 Multicast features 102 Table 5 6 MPLS feature 102 Table 5 7 QoS 103 Table 5 8 Service Management 104 Table 5 9 Reliability 104 Table 5 10 System security 105 ...

Страница 10: ......

Страница 11: ...e capacity adopts distributed design to provide high density FE GE and 40G 100G port low power consumption component innovative fan and power supply With physical port intelligent management mechanism it expands network capacity increases convergence rate with low investment reduces the cost per user saves the space in equipment room and drops energy consumption It offers reliable equipment link n...

Страница 12: ...ZXR10 8900E series Core Switch Product Description 2 2013ZTE CORPORATION All rights reserved ZTE Confidential Proprietary Figure 1 1 ZXR10 8900E series product appearance ...

Страница 13: ...iple physical switches can be interconnected through the normal line cards The 80KM interconnection capability makes it possible to implement remote IDC backup The bandwidth of the VSC interconnection can reach 320Gbps eliminating any possible bottleneck in the VSC system The forwarding inside VSC system is optimized so that there will be least amount of traffic passing between VSC members Switcho...

Страница 14: ...ecurity Reliability Mechanism Guarantees Ever online Services Security Reliability related designs in ZXR10 8900E fall into five categories which are secure architecture secure management and control secure operating system secure calculation and reliable service Secure architecture Redundant backup design has been put in place for the forwarding control engines Fast active standby switchover is s...

Страница 15: ...ns including centralized power management 5 level intelligent fan speed adjustment All these environmental friendly designs help cut the power consumption ZXR10 8900E supports dying gasp in case there is a power failure 8900E can still send out an alarm to the network OAM center to inform about the reason of the network break down In this way the time to do the trouble shooting on these kinds of e...

Страница 16: ...umber limit Limit MAC address number of some ports to control user number of some ports and prevent system resources of running out when the ports suffer from DOS attack MAC address freeze Freeze some important physical ports in stable network e g address of uplink port so as to avoid network disconnection caused by the infringement of key MAC address MAC address multi angle display Display and co...

Страница 17: ...mirroring across L2 network 3 1 1 3 Port security and protection ZXR10 8900E supports port traffic control broadcast storm suppression whether to allow jumbo frame to pass and rate negotiation to effectively control port data traffic avoiding network blocking and ensuring normal operation of network services ZXR10 8900E can analyze line diagnosis check whether line and line connection are normal a...

Страница 18: ...rough PVLAN_ENABLE field in PORT_TABLE for each port There are three types of private VLAN ports Promiscuous port a promiscuous port can communicate with all interfaces including the community and isolated ports within a private VLAN Isolated port an isolated port has complete Layer 2 separation from all other ports within the same private VLAN except for the promiscuous ports Private VLANs block ...

Страница 19: ... be able to modify inner tag and add outer tag according to policy and modify inner and outer tag s 1P value according to incoming tag s 1P value supporting policy based mapping or one to one mapping 3 If the incoming packet is double tagged be able to delete outer tag according to policy 4 If the incoming packet is double tagged be able to delete outer tag and modify inner tag according to policy...

Страница 20: ... double layer tag goes through backbone network to offer the user with a simple L2 VPN tunnel QinQ a simple and manageable protocol does not need protocol message It can be statically configure in ZXR10 8900E It is applied to convergence layer switch which can use QinQ with double tags to increase VLAN number in metro network In ZXR10 8900E software system QinQ software functional module staticall...

Страница 21: ...k Link aggregation greatly increases the bandwidth of peer physical links between switches or between switch and server Therefore it is an important technology to increase link bandwidth and create link transmission resilience and redundancy Link aggregation can create several multiple gigabit connection in GE and logic link with faster transport in FE Meanwhile link aggregation has good protectio...

Страница 22: ...ion and share traffic load according to the following modes It can also be applied to static aggregation Source MAC address VLAN Ethernet type and ingress port Destination MAC address VLAN Ethernet type and ingress port Source and destination MAC address VLAN Ethernet type and ingress port Source IP address source TCP or UDP port Destination IP address destination TCP or UDP port Source and destin...

Страница 23: ...clears the loop between L2 switching functional units and provides redundancy link to improve LAN performance and reliability STP module has the following major functions Avoid network loop prevent LAN broadcast storm and offer redundant path Detect topology change and reconfigure STP topology accordingly After the switch in one subnet executes STP algorithm one STP dynamic topology is formed The ...

Страница 24: ...lowing defects The entire switching network has only one spanning tree Large network has slow convergence and network topology change will have a great effect IEEE 802 1q is the switch connection standard protocol In symmetrical connection in VLAN the connected ports between switches has the same trunk one spanning tree has no influence on data forwarding between switches However in the asymmetric...

Страница 25: ...f IGMP message and create and maintain L2 MAC multicast address table When ZXR10 8900E starts IGMP Snooping multicast message performs L2 multicast when 8900E does not start IGMP Snooping multicast message performs L2 broadcast 8900E also support MLDv1 v2 snooping for smooth transition from IPv4 to IPv6 3 1 5 2 IGMP Proxy In some network topologies IGMP proxy technology does not run multicast rout...

Страница 26: ...igure Edge Switches It locating at the edge of operator network connects customer network equipment Layer 2 protocol transportation port On port of Edge Switch The encapsulation of L2 protocol message Transportation PDU Encapsulated protocol message for example ZDP STP and LACP etc Figure 3 2 L2TP Networking On the port without initiated L2PT L2 protocol messages STP ZDP LACP instead of being forw...

Страница 27: ...tication and MD5 authentication and route reallocation Route loop generation and route convergence acceleration adopt split horizon and trigger updates technology Support protocol DEBUG 3 2 1 2 OSPF OSPF is the IETF developed internal gateway protocol IGP based on link status and SPF algorithm OSPF can converge routing table in a short time and prevent loop which is vital to mesh networks or diffe...

Страница 28: ...ferent distance measurement solutions e g physical distance delay throughput etc Support STUB AREA and NSSA functions Support domain boundary and autonomous system boundary router Support classless route and route aggregation Use Route Map to control route reallocation and filtering 3 2 1 3 IS IS IS IS route protocol the representation of router OSI model is used for TCP IP based IP network It can...

Страница 29: ...for enormous networks e g backbone network Support EBGP and IBGP Support EBGP multi hop technology Support group attributes and route reflector Support AS ally and route turbulence suppression Support MP BGP Support MD5 authentication and route filtering Support route reallocation 3 2 1 5 Policy routing Traditional routing policy performs route forwarding according to the route table generated by ...

Страница 30: ...he functions of router and prefix discovery address resolution next hop address determination neighbor unreachable test and repeated address test and which can better support the mobility of nodes Support IPv6 path MTU discovery protocol which can discover the maximum transmission unit of the path so as to make sure the message size sent by the node does not exceed the MTU value of the path Suppor...

Страница 31: ... external IPv6 networks via ISATAP router Support IPv6 Provider Edge Router 6PE over MPLS The 6PE technology is generally deployed in the environment where MPLS network is running or ready to run Ipv6 messages are encapsulated at PE side and double tag is used The internal tag carries Ipv6 route reachable information the external tag uses the existing MPLS tag to interconnect with Ipv6 isolated is...

Страница 32: ...e Mode and dense mode multicast routing protocol including PIM DM Dense Mode The most useful multicast protocol now is PIM SM PIM SM constructs the shared tree using the mechanism of multicast destination explicit join to perform multicast data packet distribution In certain conditions the destination can be switched to the shortest path tree PIM SM is irrelevant to unicast routing protocol It use...

Страница 33: ...t network the existence of a single RP may become the bottleneck or Single point of failure may occur Anycast RP is to set multiple RPs with the same address in the same PIM SM domain and establish MSDP peer relation between these RPs The receiver originates RPT join to the nearest RP the multicast originates registration to the nearest RP each RP only maintains part source group information in PI...

Страница 34: ...event flooding of multicast messages in L2 network isolate multicast users and guarantee multicast information security Besides the equipment provides the following controllable multicast management functions to facilitate users to perform management on IPTV channel and subscribers including channel access control channel management suite management preview configuration function preview template ...

Страница 35: ...nds sequentially This brings much difficulty for PE equipment to extend to the network edge Besides when VPN users are far away from PE they need be linked by WAN links whose number should be at least the same as the number of VPN users Using routers to access users nearby and connecting them to PE via a WAN link after aggregation can save the cost and improve bandwidth utilization rate but differ...

Страница 36: ...PE supporting L3 VPN A CE with MCE feature actually simulates multiples CEs The virtual CEs are isolated from each other and can be accessed with multiple VPN users PE equipment cannot sense whether this is multiple CEs or one MCE so PE needs no expansion 3 3 MPLS VPN 3 3 1 Basic Functions of MPLS MPLS is a multi layer switching technology integrating L2 switching and L3 routing technologies and u...

Страница 37: ... some routes with specific paths The working principle of MPLS network is as shown in Figure 3 4 From the figure the core components of an MPLS network are Label Edge Switch Router LER and Label Switch Router LSR Through label distribution protocol LDP label information is distributed between LER and LSR and between LSR and LSR Network routing information comes from some common routing protocols s...

Страница 38: ... direction replace the incoming label with the effective outgoing label and then send it to the next hop When the packet leaves the MPLS domain the label will be deleted at the edge LSR turn back to a packet without label and be sent to the next hop In forwarding the label can be processed in the form of stack The label value at the top of the label stack is the effective label and LSR forwards pa...

Страница 39: ...m of some paths being overloaded and some paths being idle and making full use of the current bandwidth resource At the same time MPLS TE can reserve resource when establishing LSP tunnel to guarantee service quality MPLS TE creates link bandwidth resource database in the nodes of the MPLS network via OSPF TE or IS IS TE calculates tunnel creation path by CSPF algorithm according to link bandwidth...

Страница 40: ...nnection This mode is mostly used for users using ATM and FR connection The connection between the users and network provider are not easy to be maintained but the services are transmitted on the IP backbone network of the network provider after encapsulation The second is called VPLS Virtual Private LAN Service The operator s network emulates the function of LAN SWITCH or bridge connecting all LA...

Страница 41: ...LAN WAN boundary and makes service providing quick and flexible In VPLS customers keep the complete control over routing Besides since all routers of customers in VPLS are a part of the same sub net LAN they get a simplified IP address solution This advantage becomes especially obvious when it is compared with the full meshed structure constituted by different P2P links Operators can also get bene...

Страница 42: ... of sessions will grows by a square increase which put high requirement of equipment performance At the same time network management becomes very complicated Hierarchical VPLS networking H VPLS perfectly solve this problem H VPLS divides PE into NPE and UPE UPE works as CE for access user NPE works as core layer of VPLS networking providing transparent transport of user packet in operator s networ...

Страница 43: ...tiplexing separating mark Packets are transparently transported through QinQ tunnel between UPE and N PE to NPE1 NPE1 decides the VSI that the packet belongs to based on VLAN TAG tagged by UPE tags multiplexing separation mark MPLS tag based on the destination MAC of the packet and forwards it When NPE1 receives packets from PW side it decides which VFI that the packet belongs to based on the mult...

Страница 44: ... VPN routing learning and notification between PE MP BGP inherits BGP s request make full connection between the peers that run IBGP in one routing domain in order to notify BGP routing in routing domain When there are a large quantity of PE in VPN IBGP full connections will be a great deal which may cause N square problem and scalability problem Routing reflector can be used to solve this If two ...

Страница 45: ...certain phase and edge router link is restricted single hop MP EBGP can be considered to provide cross domain VPN service Multi hop MP EBGP solution Multi Hop MP EBGP solution It distributes user VPN IPv4 route between PE by Multi hop MP EBGP With no need to process VPN information by edge router it suits cross domain VPN service providing in a large scale But it needs to be planned in an integrat...

Страница 46: ...ontrol various network applications and satisfy multiple network application requirements For example To control the resource to restrict bandwidth used by FTP on backbone network or to offer higher priority to database access Cuttable services subscribers of ISP Internet Service Provider can transport voice video or other realtime services QoS can make ISP distinguish these different packets and ...

Страница 47: ...l type TCP source destination port number UDP source destination port number DSCP ToS IP Precedence VLAN ID 802 1p priority value MPLS EXP and MPLS tag 3 4 1 2 Traffic Monitoring Traffic monitoring takes bandwidth restriction of a service to prevent it from exceeding the specified bandwidth or influencing other service flows The following measures can be taken to deal with the exceeded traffic To ...

Страница 48: ...ate CIR as well as their related burst size CBS and PBS In color aware mode packet is marked as green if it doesn t exceed CIR It is marked as yellow if it exceeds CIR but doesn t exceed PIR And it is marked as red if it exceeds PIR In color blind mode all packets are marked as green 3 4 1 3 Traffic Shaping Traffic shaping takes control over the rate of output packets to transmit the packets at an...

Страница 49: ...en it sends packets in the queue with the second highest priority Similarly it sends all the packets in the queue and then sends packets in the queue with the third highest priority And the rest can be done in the same way SP offers first processing for packets of key services so that quality of the key services is guaranteed However queues with lower priority may never get processed and get starv...

Страница 50: ...ealize differentiated service of the service MPLS QoS distinguish data flows of different services based on EXP value implements mapping of priority between MPLS EXP and IP Ethernet realizes differentiated service of services and guarantee the quality of voice and video services MPLS QoS has four modes Uniform mode Pipe mode Short Pipe mode Long Pipe mode mainly used in carrier supporting carrier ...

Страница 51: ...the managers pay more attention to OAM of Ethernet equipment ZXR10 8900E series support three standards of Ethernet OAM at the moment IEEE 802 3ah Operations Administration and Maintenance OAM IEEE 802 1ag Connectivity Fault Management CFM IEEE 802 3ah operation management and maintenance standard is the formal one of IEEE It takes link level management taking monitoring and failure processing of ...

Страница 52: ... similarly The restoration policy of clock source is If the clock with high priority is restored it can be configured to select whether to switch back 3 6 1 Clock source ZXR10 8900E support 5 clock sources and the main control decides which clock source information is distributed to the system Local clock Local clock of system hardware the most basic clock signal BITS Support 2MHz analog signal an...

Страница 53: ...time synchronization protocol called PTP protocol for short IEEE 1588 v2 adopts master slave clock to transport time in the form of code Time stamp is generated at the protocol layer adjacent to the physical layer It uses symmetry and delay measurement technology of network link to synchronize frequency phase and absolute time of master slave clock 1588 key lies in delay measurement IEEE 1588 v2 m...

Страница 54: ...ding time message to fill in the time when the node processes the message in the modification location Both E2E and P2P modes are included 3 6 4 Clock protection 1 Port selection protection ZXR10 8900E fulfills automatic protection switching of clock link based on SSM protocol and BMC optimal clock algorithm to reliably transmit the clock It select an algorithm according to clock path to calculate...

Страница 55: ...ta can be switched from active main control board to standby main control board to forward data and operate services without interruption 3 7 1 2 Power supply module protection To comply with strict equipment reliability requirements of telecom carriers ZXR10 8900E adopts hot backup design for power supply and employs 48V DC and 220V AC DC adopts 1 1 mode and AC adopts 1 1 or 2 1 backup according ...

Страница 56: ...lt BFD status mechanism needs three handshakes It is a simple service It is only required to offer destination address and other parameters to create delete and modify BFD session When BFD session is up or down a signal is returned to the system for proper processing BFD is a simple Hello protocol It is partially similar to neighbor detection of famous route protocols in many respects A pair of sy...

Страница 57: ...announced that the session is down The echo function can work with the above two detection modes ZXR10 8900E support BFD for static route OSPF dynamic route and VRRP to fulfill fast convergence It combines BFD and FRR technologies and provides fast fault detection mechanism to implement fast rerouting 3 7 2 2 OAM detection OAM offer a wide variety of detection means of network fault discovery It c...

Страница 58: ...d to support more interface cards more interfaces more services provide equipment level redundancy backup and improve the reliability of the equipment and network VSC can make a simple network without complicated and slow STP or VRRP Multiple devices only need one configuration to make the network more reliable to support Multi chassis link aggregation to implement protocol level and equipment lev...

Страница 59: ... the protocol 1 Break alarm When standby equipment in ZESR ring detects that a cable fault occurs to its active or standby port connected to the ring it immediately sends break alarm frame from another port to active equipment When active equipment receives the alarm frame and knows the ring goes wrong it unlocks standby port refreshes L2 forwarding table L2 table and sends a notification frame to...

Страница 60: ...nt will remain unblocked for some time which will result in temporary loop and broadcast storm To avoid the status standby equipment needs to set the port to be temporarily blocked when the port connection restores When standby equipment receives the notification frame from active equipment to refresh L2 table standby equipment knows that active equipment blocks its standby port and then standby e...

Страница 61: ...tection there is single point fault risk from uplink to BRAS or SR For consideration of security in the actual networking 2 uplink ports connected to the same SR or BRAS are located in 2 switches and the downlink still uses the ZESR ring Two uplink switches adopts ZESS and two switches remain the heartbeat hello When port 4 goes wrong the traffic switches to port 5 when a fault occurs to port 5 th...

Страница 62: ...RRP management group and each member keeps consistent with the group in the status When VRRP management group creates a BFD session to trigger management group status switching all members will make status switching VRRP group management reduces inter equipment BFD message traffic to facilitate VRRP management and bring down network and equipment load 3 7 5 2 Route Load balance Load balance helps ...

Страница 63: ...ighborhood relationship and keeps routing stable When routing protocol restart is completed the neighbor equipment helps it to implement routing information synchronization and set up the session again Various routing information can be all recovered during a short period of time With GR protocol restart routing and forwarding are comparatively stable to realize non stop packet forwarding ZXR10 89...

Страница 64: ...itching between active and standby PW as shown in Figure 3 20 Figure 3 20 PW multi hop redundancy protection 3 7 6 2 MPLS VPN Dual homing Protection 1 CE Dual homing to PE In MPLS network to provide network reliability and solve service interruption problem caused by route re convergence results from single PE failure we import CE dual homing to PE solution CE is accessed to two PE at the same tim...

Страница 65: ...vailable tunnel is perceived by BFD and MPLS OAM PE4 can forward traffic to PE2 When CE1 PE1 link fails PE1 will notify PE4 to refresh MAC address change the egress and switch the traffic to PE2 PE4 link 2 UPE Dual homing to NPE In H VPLS network there s also single point failure Dual homing of UPE to NPE can improve network reliability and avoid link and NPE single point failure When a link fails...

Страница 66: ...tching which can reduce data loss in case of failure to the best IP FRR calculates standby route in advance When active route fails another route calculation is not implemented Standby route is adopted to switch traffic to standby link When active link recovers and gets stable the traffic is switched back to the active route as shown in Figure 3 23 Figure 3 23 Route switching diagram NPE1 NPE3 NPE...

Страница 67: ...y LSP will has two next hops One is on the active link specified by the routing protocol The other is standby When port 2 1 is detected to fail label will be quickly switched to e2 2 When the route recovers label will be switched back to e2 1 port Figure 3 24 Label switching diagram LDP FRR is only a temporary protection measure When the protected link recovers traffic will be switched back to the...

Страница 68: ...m the head node to downstream hop by hop and sends RESV message from the tail node to upstream hop by hop It distributes labels reserves resource and sets up LSP when it processes RESV messages Bypass Tunnel can be set up in two ways one is manual and the other is automatic When active LSP has no FRR feature Bypass Tunnel can be manually configured to protect the physical interface of the tunnel I...

Страница 69: ...ds to be established However CSPF cannot calculate the path before the head end knows the route change In addition a partial failure may make it necessary to reestablish multiple LSPs During LSP reestablishment problems such as insufficient bandwidth may intervene Therefore compared with pure IP network and MPLS network with no TE configured MPLS TE network needs more time to recover from partial ...

Страница 70: ...he scale of VPN V4 route ZXR10 8900E switch can firstly download the route information distributed by PE B to the forwarding engine as the second choice It adopts BFD to check the link between PE E and PE A Discovering failure PE E quickly switch the route to hte link between PE E and PE B Packets will be switched to CE B via PE B to recover services between CE B and CE A and realize fast switchin...

Страница 71: ... command line but also can verify user s validity in network management based upon AAA mechanism ZXR10 8900E can effectively prevent illegal users from logging in the system For different user access authentication policies the device provides complete AAA service As per different access authentication requirements user can configure different access authentication policies to arrange different au...

Страница 72: ...fter confirming the two encryption keys are the same by comparing the public key with the public key sent by the client the server will encrypt challenge and send it to the client software After receiving the challenge the client will decrypt it by private encryption key and send it to the server ZXR10 8900E supports security authentication of SSHv2 protocol 3 8 2 3 Command Line Hierarchical Prote...

Страница 73: ...n mechanisms The authenticator s PAE is responsible for communicating with requestor s PAE and sending information collected from the requestor s PAE to authenticator s server After verifying this information the authentication server confirms if the requestor is authorized to access the authenticator s service The authenticator s PAE determines the authorized and unauthorized status of the contro...

Страница 74: ...est message Then the DHCP relay will return the configuration information to the client to finish dynamic client configuration Besides DHCP also includes some extension serv ices e g DHCP snooping and DHCP Relay Agent Information Option Option 82 etc With some options in DHCP request message DHCP option 82 enables DHCP server to confirm user s location more accurately In this way different users a...

Страница 75: ...rt VLAN are the same as DHCP Snooping table or manual IP static binding table entry this message which is considered as legal ARP message will be forwarded Otherwise it will be discarded as illegal ARP message As ARP message is sent to CPU lots of ARP messages will lead to DoS attack In real application DoS attack to ARP message should be defended ARP message is only suitable for IPv4 protocol For...

Страница 76: ...break traffic increase e g SQL worm red code and shockwave Corresponding alarms will be generated or the client port will be closed Avoid user s ARP proofing MAC address flooding protection Restrict port MAC address number Set port broadcasting packet threshold L2 L3 and L4 hybrid ACL filtering Route filtering Forbid ICMP relocation service Prevent attacker from sending spoofing ICMP message Defen...

Страница 77: ... ARP reply ARP request group mng VBASE DHCP RIP BGP telnet LDP_TCP LDP_UDP TTL 1 BPDU SNMP MSDP and RADIUS The included Ipv6 protocols are MLD ND ICMP6 BGP4 RIPng OSPFv3 LDPtcp6 LDPudp6 telnet6 and PIM6 L2 protocols cover some messages like STP and MSTP as well as some switch L2 ring protocols Based upon common CPU protection 8900E has multi level CPU protection which includes hardware protection ...

Страница 78: ...lly Otherwise it will be dropped 3 8 5 3 ND Security The introduction of IPv6 can not solve the security issue in original IPv4 network Some IPv6 network security problems are also aroused by IPv6 protocol In IPv6 ND Neighbor Discovery protocol is similar to ARP protocol in IPv4 It resolutes MAC address and realizes automatic IP address distribution in non status ND protocol mainly consists of RS ...

Страница 79: ...terfaces which give support to sFlow The collected messages are sent and processed by sFlow agent sFlow Agent is mainly responsible for analyzing the sampled messages and sent them to sFlow collector after encapsulation At the same time the statistical informaiton at the interface will be get and sent to sFlow collector sFlow Collector is a network device used for sFlow managment monitoring collec...

Страница 80: ...ial Proprietary 4 System Architecture 4 1 Appearance ZXR10 8900E adopts a large capacity rack structure Its hardware system is composed of chassis backplane fan chassis power supply unit switching MCC and various line processing cards 4 1 1 ZXR10 8912E Appearance ZXR10 8912E appearance is shown in Figure 4 1 ...

Страница 81: ...ZXR10 8900E series Core Switch Product Description ZTE Confidential Proprietary 2013 ZTE CORPORATION All rights reserved 71 Figure 4 1 ZXR10 8912E appearance ...

Страница 82: ...t Description 72 2013ZTE CORPORATION All rights reserved ZTE Confidential Proprietary ZXR10 8912E structure is shown in Figure 4 2 Figure 4 2 ZXR10 8912E structure 4 1 2 ZXR10 8908E Appearance ZXR10 8908E appearance is shown in Figure 4 3 ...

Страница 83: ...ZXR10 8900E series Core Switch Product Description ZTE Confidential Proprietary 2013 ZTE CORPORATION All rights reserved 73 Figure 4 3 ZXR10 8908E appearance ZXR10 8908E structure is shown in Figure 4 4 ...

Страница 84: ...ries Core Switch Product Description 74 2013ZTE CORPORATION All rights reserved ZTE Confidential Proprietary Figure 4 4 ZXR10 8908E structure 4 1 3 ZXR10 8905E Appearance ZXR10 8905E appearance is shown in Figure 4 5 ...

Страница 85: ...s Core Switch Product Description ZTE Confidential Proprietary 2013 ZTE CORPORATION All rights reserved 75 Figure 4 5 ZXR10 8905E appearance ZXR10 8905E structure is shown in Figure 4 6 Figure 4 6 ZXR10 8905E structure ...

Страница 86: ... Figure 4 7 ZXR10 8902E appearance ZXR10 8902E structure is shown in Figure 4 8 Figure 4 8 ZXR10 8902E structure 4 2 Hardware Architecture This section introduces the system hardware and working principle of ZXR10 8900E series core switch and gives users an understanding of the system This section covers overall system architecture functional modules card principle diagram and working principles ...

Страница 87: ...switching matrix to guarantee the switching capacity necessary for system wire speed operation Main control card uses high performance CPU and large capacity memory to guarantee high speed protocol processing and storage space for huge table capacity Each line card provides wire speed packet processing capability by ASIC and provides 10G GE 100M and 40G interfaces based on service requirements Eac...

Страница 88: ...ain control card on 8912E 8908E 8905E contains a large capacity switching matrix which adopts independent design for multiple planes to guarantee its switching capability and future expansion capability 8902E main control card has no switching matrix Its line card implements back to back connection by high speed back plane During operation two main control cards of 8900E series switch maintain act...

Страница 89: ...d architecture which is composed of forwarding control and monitoring planes Forwarding plane implements wire speed switching by two layer hardware switching Layer 1 switching is implemented between ports of line cards by local ASIC chip which is usually called Packet Processor abbreviated as PP Layer 2 switching is implemented between line cards by the switching matrix on the main control card It...

Страница 90: ...ds Layer 2 switching is implemented between two line cards by the high speed Serdes bus directly connected to line cards The system diagram is shown in Figure 4 12 Figure 4 12 ZXR10 8902E system hardware diagram Switching Fabric Management and control Module XAUI XAUI XAUI XAUI IPMC GE Serdes GE Serdes POWER SyncE 1588 ASIC SyncE 1588 Line card SyncE 1588 Line card IPMC IPMC ASIC Line card Line ca...

Страница 91: ... outband communication power supply and logic modules Its principle diagram is as shown in Figure 4 13 Figure 4 13 Principle diagram of 8912E 8908E 8905E main control board In actual application of ZXR10 8902E the main control board realizes the control function Its principle diagram is as shown in Figure 4 14 Figure 4 14 Principle diagram of 8902E main control board C R O SSBAR C PU syst em SD R ...

Страница 92: ... through the internal communication module and transmit routing information to different boards via this channel The main control module has the following features Have high performance CPU with powerful processing capability to run L2 and L3 protocol as well as network management and monitoring programs Provide GE outband communication channel that can be connected with the management interface t...

Страница 93: ...can check time through GPS or 1588 information obtained from any line card Synchronous Ethernet restores the clock by the PHY chip in the Ethernet each interface board selects one from the restored clocks of all ports and sends it to the two main control boards respectively via the backplane the main control board selects two active and standby according to the configured policy and sends them to ...

Страница 94: ...ormation and send it to the active main control node to provide for the users The control information sent by the users is distributed by the active main control node to the line card and standby main control functional nodes The management node also monitors system power supply and fans The monitoring module fulfills the following tasks Information collection collect information on environment te...

Страница 95: ...SC1D supporting clock synchronization is as shown Figure 4 17 8908EMSC1D main control board panel diagram The panel diagram of 8905E main control board named 8905EMSC1D supporting clock synchronization is as shown Figure 4 18 8905EMSC1D main control board panel diagram The panel diagram of 8902E main control board named 8902EMSC1D supporting Clock synchronization named is as shown Figure 4 19 8902...

Страница 96: ...ce is used to insert SD card which can control the software update buffer and restoration The capacity of SD card can be up to 32G The features are as shown in Table 4 1 Table 4 1 Main control board panel interface features Interface name Feature Console interface RJ45 connector RS232 baud rate 115200bit s Transmission distance 15m MGT interface 10 100 1000 Base T Ethernet interface RJ45 connector...

Страница 97: ...e card works properly ALM red Off corresponding line card has no alarm or not in position On corresponding line card has alarm PWR1 2 3 RUN green Off corresponding power module fault or not in position On corresponding power module works properly ALM red Off corresponding power module has no alarm or not in position On corresponding power module has alarm RUN RUN green Off this main control board ...

Страница 98: ...igned DC power supply adopts 1 1 mode AC power supply adopts 1 1 backup or 2 1 backup depending on different racks which highly improves the reliability of the power system Besides 8900E series power supply also provides multiple intelligent protection mechanisms which can perform protection detection and fault report for the power supply according to voltage current and temperature including outp...

Страница 99: ...nterface board 10G Ethernet optical interface board and 40G Ethernet optical interface board All optical interfaces of line cards in ZXR10 8900E series core switches adopt pluggable optical module so the same line card can support multiple kinds of transmission media and transmission distances Some line cards provide different types of ports reducing the number of line cards that may be needed in ...

Страница 100: ...MPLS support big table entry support Ethernet OAM support clock SyncE 1588v2 support intelligent monitoring H2GT48D 48 port gigabit electrical interface board 48 GE electrical interfaces 10 100 1000M triple speed Support MPLS support big table entry support Ethernet OAM support clock SyncE 1588v2 support intelligent monitoring H2XF8D 8 port 10G optical interface board 8 10G optical interfaces supp...

Страница 101: ...ZTE Confidential Proprietary 2013 ZTE CORPORATION All rights reserved 91 2 Panel diagram of 8900E interface boards Figure 4 25 E1GF24A Figure 4 26 H2GF24D Figure 4 27 H2GF48D Figure 4 28 H2GT48D Figure 4 29 H2XF8D Figure 4 30 S1XF12A Figure 4 31 S2XF48A ...

Страница 102: ...itching chip setting and state control as well as forwarding of some special messages The software system realizes the following functions Realize main L2 protocol functions including 802 1D STP protocol 802 1P priority level control 802 1Q VLAN related functions and 802 3ad link aggregation function Support IPv4 IPv6 protocol stack and basic routing protocol Realize multicast protocol and support...

Страница 103: ... 33 Figure 4 33 8900E software system architecture The functions of each subsystem are described below Unified support platform It has operating system platform componentized release and process space separation and supports dynamic loading and hot patch capabilities With the ability to be released independently supporting centralized and distributed systems the unified support platform can serve ...

Страница 104: ... protocol realization the other functions including equipment management equipment monitoring version management and line card management are all realized by product management OS The operating system adopts self developed Linux based CGEL and is totally compatible with Linux standard system architecture It supports multiple kernels double state and multiple processes and so meet the requirement f...

Страница 105: ... pool Application protocol subsystem include various application protocols such as Netflow Radius NTP and Telnet The key and competitive technologies of this software platform reflected in the following aspects The system kernel resource runs in the highest priority mode and all software components run in the user state of the micro kernel system to enhance system security up down isolation Softwa...

Страница 106: ...t each other Software components release versions and upgrade independently Low coupling of platform and project Real time performance meet the time requirement for large scale dynamic routing protocol network management protocol and data synchronization between multiple processors Self restoration try to detect process and record exceptions in the whole system perform necessary error restoration ...

Страница 107: ...ZXR10 8900E series Core Switch Product Description ZTE Confidential Proprietary 2013 ZTE CORPORATION All rights reserved 97 ...

Страница 108: ... Throughpu t 1536Mpps 5 760Mpps 1536Mpps 5 760Mpps 960 Mpps 3600M pps 720Mpps GE Port Densities 576 384 240 96 10GE Port Densities 576 384 240 96 40GE Port Densities 96 64 40 16 Physica l parame ters Dimension s Height x Width x Depth 753mm 442 mm 446mm 575mm 442 mm 446mm 442mm 442 mm 446mm 175mm 442 mm 420mm Weight 89 7kg 64 9kg 51 2kg 24kg Slot number Total slot 14 10 7 4 Service board slot 12 8...

Страница 109: ...4dBm Receive sensitivity 30dBm 100BASE FX SFP S15K LC connector Single mode fiber Wavelength 1310nm Max transmission distance 15km Transmission power 14dBm 8dBm Receive sensitivity 31dBm 100BASE FX SFP S40K LC connector Single mode fiber Wavelength 1310nm Max transmission distance 40km Transmission power 4dBm 0dBm Receive sensitivity 37dBm 100BASE FX SFP S80K LC connector Single mode fiber Wavelen...

Страница 110: ...mission distance 120km Transmission power 5dBm 9dBm Receive sensitivity 24dBm 10GBASE SR SFP M300 LC connector Multi mode fiber Wavelength 850nm Max transmission distance 300m Transmission power 7 3dBm 1 0dBm Receive sensitivity 11 1dBm 10GBASE LR SFP S10K LC connector Single mode fiber Wavelength 1310nm Max transmission distance 10Km Transmission power 8 2dBm 0 5dBm Receive sensitivity 10 3dBm 10...

Страница 111: ...mit for preventing attacks MAC address binding Link aggregation IEEE 802 3ad link aggregation Static port aggregation Inter board link aggregation Multi chassis link aggregation Port Loop detect Port based broadcast multicast unknown Unicast storm suppression Jumbo frames Flow control Peak Traffic Statistics in one minute Default shutdown ARP Static ARP configuration ARP learning aging ARP Proxy P...

Страница 112: ...ic routing RIPng OSPFv3 IS ISv6 BGP4 6to4 tunnels 6in4 tunnels ISATAP 6PE 5 3 3 Multicast features Table 5 5 Multicast features Features Description Multicast L2 Multicast IGMP Snooping proxy IGMP rate limit IGMP rate filter MLD snooping PIM snooping Multicast VLAN L3 Multicast Static Multicast IGMPv1 v2 v3 PIM SM PIM SSM PIM DM MSDP Anycast RP VPN Multicast VPN 5 3 4 MPLS Table 5 6 MPLS feature F...

Страница 113: ...y MPLS Ping MPLS Trace Route VCCV ping for VPWS 5 3 5 QoS Table 5 7 QoS Features Description QoS Classification Physical port based Classification Physical port and ACL based Classification Marking and Remarking 802 1p IP Precedence IP DSCP IP TOS MPLS EXP priority marking and remarking Mapping priority between double VLAN tag Flow control Ingress port based CAR Flow based CAR Ingress Egress Traff...

Страница 114: ...1X 802 1X Relay 802 1X RADIUS Accounting and forcing user offline RADIUS and TACACS authentication Hierarchical user management IPTV management CAC CDR UMS DHCPv4 Server DHCP v4 Relay DHCP v4 v6 Snooping Supporting DHCP OPTION 82 5 3 7 Reliability Table 5 9 Reliability Features Description 8912E 8908E 8905E 8902E Availability MTBF 200000 hours MTTR 30 minutes Availability 99 999 Hot plugging Hot p...

Страница 115: ...curity Anti Attacks Defend against attacks of DoS MAC flood ARP Spoof IP Spoof SYN flood of TCP UDP flood PING flood Ping of Death LAND SMURF Session hijacking broadcast storms IP fragment and large traffic BPDU guard root guard and loop guard IPv4 uRPF Hierarchical protection of command lines to prevent unauthorized users and grant different configuration rights to different levels of users CPU p...

Страница 116: ...Operating and Maintenance Table 5 12 Operating and Maintenance Features Description Operating and Maintenance Operating and Maintenance Command lines configuration Hierarchical protection of command lines to prevent unauthorized users and grant different configuration rights to different levels of users Password Aging and Verification Terminal services through the Console User Access Service Manag...

Страница 117: ...0 8900E series Core Switch Product Description ZTE Confidential Proprietary 2013 ZTE CORPORATION All rights reserved 107 Features Description Network testing tools LSP Ping LSP trace route VPLS MAC Ping etc ...

Страница 118: ...ing and isolation of different service by VPN technology and provide carrier class reliability for the operators with ring network technology multiple protection technologies and OAM Realize isolation of end to end service and bearing by MPLS to edge mode to provide higher reliability and security Different service planes bear different services by MPLS VPN technology Ensure 50ms fast protection s...

Страница 119: ...ng capacity can be deployed in the core aggregation layer of the data center network It helps users to reduce their TCO and eliminate problems in capacity extension and OAM 89E features large bandwidth high performance and large capacity So it can provide high speed path for data center and cloud computing ensuring non blocking traffic With rich NM services 8900E provides graphic network managemen...

Страница 120: ...ecurity enhancement With rich security features ZXR10 8900E supports DHCP server and snooping which gives conveniences to address management It supports multiple authentication mechanisms like Radius and TACACS to realize authorized management Besides IP source guard DAI and anti DOS attack security guard services are provided to reduce network attacks By support SQA 8900E series switch can know o...

Страница 121: ...ss scenarios With rich interface cards ZXR10 8900E provides highly integrated and large bandwidth access mode which effectively meets the requirements of FTTx for high density and high extensibility Via rich QoS feature ZXR10 8900E realizes differentiated multiservice control as per different service requirements It provides pefect user experience for low latency and low jitter services ZXR10 8900...

Страница 122: ... high scalability and high reliability ZXR10 8900E can be deployed on the aggregation node of IP Backhaul to serve for the entire network IP backhaul requires end to end clock synchronization 8900E provides SyncE 1588v2 solution which synchronizes high precise clock signal like BITS to all base stations The BS access ring and aggregation ring have ring protection requirements 8900E realizes 50ms s...

Страница 123: ...peration and maximum network benefit ZTE based upon the time s call develops NetNumen U31 unified network management system Concentrating on multiple products like router switch ZXR10 8900E NetNumen U31 is an integrated network management system melting network element management network management and service management together It supports multiple database graphic interface in multiple language...

Страница 124: ... sure stable operation The failure management service of NetNumen U31 is responsible for receiving real time device alarms and network events of all Nes in the entire network With all these audible and visible services maintenance staffs can make proper process after confirmation e g file alarm reports for future alarm stat and query Failure management is a very important and commonly used method ...

Страница 125: ...g protocol management QoS management software upgrade management and configuration file management etc Also it supports multiple customer friendly configurtion modes like end to end configuration in batch configuration wizard based configuration At the same time default configuration templates of corresponding management are provided too Security management makes the network safer Security managem...

Страница 126: ...et port 10 100 1000Base T on Telnet MPU Configure IP address under VLAN interface Set user name and password Configure the switch according to IP address of telnet VLAN interface When remote users wan to access the device and communicate with it they have to choose this connection configuration method SSH Secure Shell protocol connection configuration initate SSH server service on ZXR10 8900E Conn...

Страница 127: ...perature control and software alarm services The system monitors the running status of the software If serious abnormity happens line card will be restarted and the MPU will be switched over 7 2 2 2 Equipment Management and Maintenance The command line provides flexible online help Provide hierarchical user authority management and command Support information center Provide unified management of l...

Страница 128: ...network fault can be monitored It helps user to locate the failure rapidly SQA SQA service can send all sorts of detective message to see if multiple applications and services are on line 7 2 3 Software Upgrade ZXR10 8900E enables software upgrade in normal and abnormal circumstances Version upgrade when the system is wrong by changing boot intiation mode the version upgrade carried out when the d...

Страница 129: ...n File backup and recovery FTP TFTP is used to backup the software version file configuration file and log file of ZXR10 8900E to backgroud server Or the backup file can be recovered from the background server File export and import files can be exported and imported Copy files to the background host via FTP TFTP The achievement of the alarm file and the modification of the configuration file can ...

Страница 130: ...ecord CE Carrier Ethernet CV Connectivity Verification DoS Denial of Service DPI Deep Packet Inspection DVMRP Distance vector Multicast Routing Protocol EAPS Ethernet Automatic Protection Switching ECMP Equal Cost of Multi path ESRP Ethernet standby Routing Protocol FFD Fast Failure Detection FRR Fast Reroute GPS Global Position System GR Graceful restart H VPLS Hierarchical Virtual Private Lan Se...

Страница 131: ...lation End to End RED Random Early Detection RIP Routing Information Protocol RNC Radio Network Controller RP Rendezvous Point RSTP Rapid Spanning Tree Protocol SDH Synchronous Digital Hierarchy SLA Service Level Agreement SMS Service Management System SNMP Simple Network Management Protocol SSM Source Specific Multicast STP Spanning Tree Protocol SyncE Synchronous Ethernet SVLAN Select VLAN TCO T...

Страница 132: ...3ZTE CORPORATION All rights reserved ZTE Confidential Proprietary Abbreviations Full Characteristics WRED Weighted Random Early Detection WFQ Weighted Fair Queuing ZESR ZTE Ethernet Smart Ring ZESS ZTE Ethernet Smart Switching ZXROS ZTE Router Operating System ...

Отзывы:

Нет отзывов

Похожие инструкции для ZXR10 8900E series

BB-HGW700A - Network Camera Router

Бренд: Panasonic Страницы: 10

Бренд: LaCie Страницы: 4

Бренд: LaCie Страницы: 4

Бренд: LaCie Страницы: 4

Бренд: REXROTH Страницы: 68

Бренд: Garland Страницы: 43

UniFi Cloud Key

Бренд: Ubiquiti Страницы: 13

Бренд: UfiSpace Страницы: 34

Бренд: NETGEAR Страницы: 142

301297U - 1TB Ethernet Disk XP Embedded Network Attached...

Бренд: LaCie Страницы: 67

Бренд: MSNswitch Страницы: 2

DVI-Vision-IP-Fiber

Бренд: G&D Страницы: 240

Бренд: MICRADIGITAL Страницы: 2

Бренд: Comelit Страницы: 140

TigerSwitch 100 SMC6924VF

Бренд: SMC Networks Страницы: 174

Бренд: Supero Страницы: 54

Бренд: ActionTec Страницы: 87

Бренд: Paradyne Страницы: 46

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды