Download - MEN Part 1- Day1-Ver1_NoRestriction
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
1/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
2/162
Network Learning Centre
Proprietary & Confidential1
1
MEN Part 1
50464928
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
3/162
Network Learning CentreProprietary & Confidential
22
Class IntroductionsClass Introductions
Participant IntroductionsParticipant Introductions
NameName Location (city)/ DepartmentLocation (city)/ Department
How long with RelianceHow long with Reliance
Work experience in Data?Work experience in Data?
ExpectationsExpectations
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
4/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
5/162
Network Learning Centre
Proprietary & Confidential4
4
Agenda
Day 1
Module 1
VLAN
Module 2
QinQ
Module 3
Devices Cisco & Huawei
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
6/162
Network Learning Centre
Proprietary & Confidential5
5
Agenda
Day 2
Exercises
Basic Commands
Clear the Configuration
Telnet Configuration
Management Vlan
QinQ (optional)
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
7/162
Network Learning Centre
Proprietary & Confidential6
6
Day 3
Module 4
STP
RSTP
MSTP
Exercise
MSTP
Agenda
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
8/162
Network Learning Centre
Proprietary & Confidential7
7
Agenda
Day 4
Module 5
OSPF
Exercises
OSPF - 5 labs
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
9/162
Network Learning Centre
Proprietary & Confidential8
8
Agenda
Day 5
Module 6
BGP and MPLS Overview
Module 7
MEN Architecture & Services
Feedback & Test
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
10/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N
Network Learning Centre
Proprietary & Confidential9
9Page9
MAN Network Evolution
Service
Access
Core
X.25
ADSL
Ethernet
PSTN
IP
ATM
FR
GSM/GPRS CDMA
Cable
PDHSDH
W
irelessVoice
WirelessData
HighSpeed
Internet
Voice
Streaming
Dial-up
VoIP
Message
Today
WirelessDSL FTTP/HFC3G
RAN
IP / MPLS
Network
Location&
Presence
Message
OnlineGaming
Voice
Data
Video
Storage
Directory
Tomorrow
z Multiple networks merge together
z IP basedz Lower TCO
z Unified network, diversified services
z Gradual evolution
TCO: Total Cost of Ownership
IP network can transmit multi-services, such as VoIP, internet data and IPTV.Other networks can not do it.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
11/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential10
10Page10
Position of Metro Ethernet
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
12/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
13/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
14/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential13
13Page13
Characteristics of Metro Ethernet
MetroANCore
(IP/MPLS)
MetroEthernetMetro
Ethernet
z High Availability Switchover:
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
15/162
Network Learning Centre
Proprietary & Confidential14
14
Module 1
VLAN
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
16/162
Network Learning Centre
Proprietary & Confidential15
15Page 15
Broadcast Storm
broadcast
The traditional network is a flat structure in which one LAN belongs to thesame collision domain. The broadcast messages sent by any host will bereceived by other hosts in the same broadcast domain. Replacing the hub withthe bridge (layer 2 switch) in the networking greatly improves the efficiencyof the unicast message transmission in the network as well as the
performance of the layer 2 network. But the bridge will still make severalcopies of the broadcast messages in transmitting the broadcast messages tosend them to each corner of the network. With the increase of the networkscale, there are more and more broadcast messages in the network, which willoccupy more and more network resources that will seriously influence thenetwork performance. This is called broadcast storm.
Due to limitation of the working principle at the layer 2 network of thebridge, it can do nothing to the broadcast storm. In order to improve thenetwork efficiency, normally the network will be divided into segments:dividing one big broadcast domain into several small broadcast domains.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
17/162
Network Learning Centre
Proprietary & Confidential16
16Page 16
Divide Broadcast Domain by Router
broadcast
In the past, the segmentation is made on the LAN through the routers. Inthe figure above, we can replace the central node switch in the former figurewith the router to greatly diminish the transmitting range of the broadcastmessage. This solution solves the broadcast storm problem. But thesegmentation by the routers is to separate the network physically. As a result,
the network planning is too complex and the networking mode is not flexible,it will also increase the management and maintenance difficulty enormously.As an alternative LAN segmentation method, the virtual local area networkhas been introduced into the network solution to solve the problems occurringin the large-scale layer 2 environment.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
18/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
19/162
Network Learning Centre
Proprietary & Confidential18
18
VLAN
Vlan range 1- 4094
1- default
2-1005 normal
1006 4094 - extended
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
20/162
Network Learning Centre
Proprietary & Confidential19
19Page 19
Advantages of VLAN
Compared to the traditional LANtechnology, the VLAN has the followingadvantages:
Improve the bandwidth utilization rate
Enhance the communication security
Strengthen the network robustness.
The VLAN application has solved many problems occurred in the large-scale layer 2 switching network:
Improve the bandwidth utilization rate:The VLAN can effectively solvethe performance declining problem caused by the broadcast storm;
Enhance the communication security:The message of one VLAN will
not be received by the hosts in other VLANs;Strengthen the network robustness: When the network scale increases,the failure in part of the network will influence the whole network. Afterintroducing the VLAN, some network failure can be limited withinone;
As the VLAN makes the segmentation on the network logically, the flexiblenetworking solution and simple configuration management reduce themanagement and maintenance cost.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
21/162
Network Learning Centre
Proprietary & Confidential20
20Page 20
Port Based VLAN
VLAN TableVLAN Table
Port 1Port 2Port 3 Port 4
Host AHost A Host BHost B Host CHost C Host DHost D
LAN SwitchLAN Switch
Port VLAN
Port 1 VLAN5
Port 2 VLAN10
Port 3 VLAN5
Port 4 VLAN10
This kind of VLAN segmentation method is to make the segmentationaccording to the port of the Ethernet switch. For example, the switch ports1~4 belong to the VLAN A, the switch ports 5~17 belong to the VLAN B,and the switch ports 18~24 belong to the VLAN C. Of course, those portsbelonging to the same VLAN may not in consecutive numbers. The
administrator decides how to make the configuration.In the figure, the port 1 and port 3 are designated to the VLAN 5, and the
port 2 and port 4 are designated to the VLAN 10. The host A and host Cconnect to the port 1 and port 3 respectively. Therefore they belong to theVLAN5.In the same way, the host B and host D belong to the VLAN 10.
If there are several switches, you can designate that the ports 1~6 of theswitch 1 and the ports 1~4 of the switch 2 belong to the same VLAN. Thatsto say, the same VLAN can cross several Ethernet switches. The port-basedsegmentation is the most commonly used method in defining the VLAN. Theadvantage of this segmentation method is that it is simple to define the
VLAN members by only defining all the ports. Its disadvantage is that theport should be defined again if the VLAN subscriber leaves the original portto a certain port of a new switch .
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
22/162
Network Learning Centre
Proprietary & Confidential21
21Page 21
Format of 802.1Q Frame
DA SA Type Data CRC
Standard Ethernet Frame
DA SA Type Data CRCtag
TPID Priority CFI VLAN ID
TCI
Ethernet Frame with IEEE802.IQ Flag
The four-byte 802.1q tag head contains 2-byte tag protocol identifier(TPID) and two-byte tag control information (TCI).
TPID (Tag Protocol Identifier) is a new type defined by the IEEE,indicating that the frame bears the 802. 1Q tag. The TPID contains a fixedvalue 0x8100.
The TCI contains the frame control information including the followingelements:
Priority: Three bits indicate the frame priority with total 8 priority levelsranging 07. The IEEE 802.1p standard uses this three-digit information.
Canonical Format Indicator (CFI): If the CFI value is 0, it indicates thestandard format, and 1 indicates non-standard format. It is used in the tokenring /source routing FDDI medium access method to indicate the bitssequence information of the address in the encapsulated frame.
VLAN Identified (VLAN ID): This 12-digit domain indicates the VLAN
ID which totals 4096 and each supports 802.1q. Each data packet sent by thehost that supports the 802. 1Q protocol will contain this domain to indicatewhich VLAN it belongs to.
In the switching network environment, the Ethernet frame hastwo formats:Frames without such four-byte tag are called untagged frames; Frames withsuch four-byte tag are called tagged frame.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
23/162
Network Learning Centre
Proprietary & Confidential22
22Page 22
Link Type
Access Li nkAcc ess Link
Trunk Link or Hybrid LinkTrunk Link or Hybrid Link
The access link refers to the link that connects the host and switch. Innormal case, the host does not need to know which VLAN it belongs to, andthe host hardware does not need to support the frames with VLAN tags. Theframes sent and received by the host are all frames without tag.
The access link connected to a certain port that belongs to but only one
VLAN. This port can not directly receive the information from other VLANsor send the information to other VLANs. The information of differentVLANs should pass the layer 3 routing processing before forwarded to thisport.
The trunk link can bear multiple data links of different VLANs. The trunklink normally refers to the interconnection between switches, or betweenswitches and routers.
When the data frame is transmitted over the trunk link, the switch must useone method to identify which VLAN the data frame belongs to. The IEEE802.1q has defined the VLAN frame format. All the frames transmitted over
the trunk links are tagged frames. Through such tags, the switch can confirmwhich VLANs those frames belong to.
Different from the access link, the trunk link serves to bear the VLAN databetween different equipments (such as between switches and routers, orbetween switches). Therefore, the trunk link does not belong to any specificVLAN. Through the configuration, the trunk link can bear all theVLAN data.The configuration can also be made to transmit only the designated VLANdata.
Although the trunk link does not belong to any specific VLAN, one pvid(port VLAN ID) should be configured to the trunk link. In case that the
untagged frames appear in the trunk link for any reason, the switch will add
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
24/162
Network Learning Centre
Proprietary & Confidential23
23
VLAN Trunking
Allows to send traffic for multiple VLAN across
single link. Two devices must support same trunking protocol
802.1q
Device adds a header called tag to the originalEthernet frame which has field for VLAN ID
Allowed VLANs Each trunk allows all VLANs bydefault. However, they can be added or removedfrom the list.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
25/162
Network Learning Centre
Proprietary & Confidential24
24Page 24
Frame Changes in NetworkCommunication
VLAN 2 VLAN 3
VLAN 3 VLAN 2
Ethernet frame with tag
Ethernet frame with tag
Ethernet framewithout tag
The figure shows a LAN environment in which there are two switches inthe network and two VLANs configured. The link between the host andswitch is the access link. Switches connect each other through the trunk link.
For the host, it does not need to know whether the VLAN exists. All themessages sent by the host are untagged messages; when the switch receives
those messages, it will judge which VLAN the message belongs to accordingto the configuration principle (such as port information) before making theprocessing. If the messages have to be sent through another switch, themessages should be transmitted over the trunk link to another switch. In orderto guarantee that other switches process the VLAN information of themessages correctly, the messages sent over the trunk link are all with theVLAN tags.
When the switch finally confirms the ports that the messagesare sent to, itwill delete the VLAN tag in the Ethernet before sending the messages to theports. In this way, the messages received by the host are the Ethernet frames
without VLAN tags.Therefore, in normal case, the frames transmitted over the trunk link are all
tagged frames. The frames transmitted over the access link are all untaggedframes. The final result of this practice is that the VLAN configured in thenetwork can be processed correctly by all the switches, and the host does notneed to understand the VLAN information.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
26/162
Network Learning Centre
Proprietary & Confidential25
25Page 25
Trunk and VLAN
BroadcastBroadcastTrunk LinkTrunk Link
VLAN 4
VLAN 2 VLAN 4 VLAN 3 VLAN 2 VLAN 4 VLAN 5 VL AN 5 VL AN 2
VLAN 5
No matter how many switches one network includes, and no matter howmany switches one VLAN crosses, each VLAN confirms one broadcastdomain according to the VLAN definition. The broadcast messages can bereceived by all the hosts in the same broadcast domain. That's to say, thebroadcast messages should be sent to all the ports of one VLAN. The VLAN
may cross multiple switches. When one switch receives the broadcastmessage from one port of a certain VLAN, the switch should transfer themessage by performing the following principles to guarantee that all the hostsin the same VLAN will receive this broadcast message:
1Send to other ports of the same VLAN of this switch;
2Send this message to all the trunk links of this VLAN that the switchcontains, so that the ports of the same VLAN of other switches can also sendthis message.
One port is set as the trunk port. That is to say, the link connected to thisport is set as the trunk link. Whilst it should be configured what VLAN
messages can pass the trunk link. Before configuring which VLAN is allowedto pass through, we should consider the network configuration situation. Inthe meanwhile, we should not allow the trunk link to pass all the VLANs:Because all the broadcast messages should be sent to all the ports of eachVLAN, and those broadcast messages will be transmitted to other switchesover the trunk link. If there is no port of this VLAN member at the other sideof the trunk link, it will waste the bandwidth resource and processing time.
For most subscribers, the manual configuration is troublesome. A large-scale network may contain multiple VLANs. As the network configurationchanges at any time, it is quite complex to configure the trunk ports according
to the topology structure of the network. The GVRP protocol can solve this
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
27/162
Network Learning Centre
Proprietary & Confidential26
26
#switchport mode access
#switchport mode trunk
#switchport trunk allowed vlan add900
Cisco Commands
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
28/162
Network Learning Centre
Proprietary & Confidential27
27
GARP/GVRP
(Not used in RCOM)
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
29/162
Network Learning Centre
Proprietary & Confidential28
28Page 28
Generic Attribute Registration Protocol(GARP)
Att ribut e claim and reg ist rati on
GARP message
GARP model
a: to register attributes that the peer claimed
A: To claim its attributes to the peer
Attribute will be broadcast to the whole network
through GARP "claim-register-claim" process
Att ribut e clai m and regi st rati on
GARP work process
To understand GVRP, we have to mention GARP. The full name of theGARP is Generic Attribute Registration Protocol, which provides the meansof the information distribution, transmission and registration for the switchingmembers such as the VLAN and multicast address in the same switchingnetwork. Through the GARP mechanism, the configuration information of
one GARP member will be transmitted instantly to the whole switchingnetwork.
Through the claim and reclaim, the GARP member informs other GARPmembers to register or logout its attribute information. In the same way,according to the claim or reclaim registration from other GARP members, itcan logout the attribute information at the opposite side.
The GARP itself is only a protocol specification but not an entity existingin the switch. The application entity that observes the GARP protocol iscalled the GARP application. At present, the main GARP application isGVRP and GMRP.
The GVRP is the VLAN registration protocol, with full name GARPVLAN Registration Protocol. The GVRP, which adopts the GARP-basedworking mechanism, maintains the VLAN dynamic registration informationof the switch. All the switches supporting the GVRP attribute can receive theVLAN registration information from other switches, and dynamically updatethe local VLAN registration information. The VLAN registration informationtransmitted by the GVRP includes the static registration informationconfigured manually in the local switch and the dynamic registrationinformation from other switches.
According to the VLAN registration information, the switch can
understand What VLAN there are at the opposite side of the trunk link. So it
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
30/162
Network Learning Centre
Proprietary & Confidential29
29Page 29
GARP VLAN Registration Protocol(GVRP) Pruning
VLAN 1VLAN 1
VLAN 2VLAN 2
VLAN 1VLAN 1
VLAN 1VLAN 1
VLAN 2VLAN 2
VLAN 1VLAN 1
AA BB
AA BB
The frame tagged with vlan 2The frame tagged with vlan 2
can not pass throughcan not pass through
VLAN 2VLAN 2
Add vlan 2Add vlan 2
CC
CC
E0/1E0/1 E0/1E0/1 E0/2E0/2 E0/1E0/1
E0/1E0/1 E0/1E0/1 E0/2E0/2 E0/1E0/1
It is shown in the above figure how the GVRP works. Different from thedefault trunk link, the trunk link can decide whether to bear the message of acertain VLAN according to the VLAN status at the opposite side. In this way,it guarantees that the broadcast message transmitted over the trunk link iscorresponding to the port at the opposite switch which requires sending thismessage.
In the initial status of the figure, the switch A and B connect with eachother through the trunk link, and so do switch B and C. The switch Aconfigures two VLANs: VLAN 1 and VLAN 2. While the switch C has onlyVLAN 1, all the switches enable GVRP protocol. As we know, because ofGVRP protocol, all the switches have the attribute of vlan 2, but if we showthe status of Ethernet 0/2 on switch B, we can find that this port can not allowthe vlan2 frame to be passed because the vlan 2 attribute is not beingregistered in the port.
From the lower part of the figure we can see that VLAN 2 is newlyconfigured in the port of switch C. The GVRP protocol operating in the threeswitches will automatically update the VLAN registration status, andconfigure the trunk link to allow the messages from VLAN 2 to transmit overthe trunk link.
In the future, if a certain switch deletes one VLAN, the GVRP will alsoupdate the VLAN registration information, and configure the trunk link toforbidden the unnecessary VLAN message transmission over the trunk link.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
31/162
Network Learning Centre
Proprietary & Confidential30
30Page 30
InterInter--vlan Routingvlan Routing
L3 ForwardingL3 Forwarding
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
32/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
33/162
Network Learning Centre
Proprietary & Confidential32
32Page 32
Insulating layer 2 broadcast domain
zVLAN has insulated the layer 2 broadcast domain, thus strictlyinsulate any flow between any two VLANs
VLAN 100 VLAN 200
In order to solve the problems such as the low efficiency and securitycaused by the broadcast, the concept VLAN is introduced that each VLAN isdesigned into one independent broadcast domain in the network that supportsthe VLAN function and is constructed by the switches.
Each VLAN is strictly separated. Any frame can not be forwarded from the
VLAN belonged to other VLANs. The whole network is divided into severalbroadcast domains in small scale. The network broadcast is controlled in acomparatively small scope so that it increases the network bandwidthutilization rate and improves the network efficiency and performance.
Everyone can not directly access one point of the network from anotherpoint of the network, or monitor the frames of the whole network with nolimitation. The separated broadcast domain improves the network security.
The VLAN can perform the subscriber grouping. By configuring theVLAN, it realizes the flexible network management. Whilst the network ismoved, the network design can be modified easily without any tedious and
time-consuming work on modifying the network wiring because of theflexible configuration of the switch.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
34/162
Network Learning Centre
Proprietary & Confidential33
33Page 33
Inter-VLAN communication
z Flows between different VLANs cannot directly cross VLAN
boundaries, we can use routers so that messages can betransferred from one VLAN to another VLAN
VLAN 100 VLAN 200
VLAN 300
"Where there is no connection, there is no network". When one network isdivided into multiple broadcast domains by the VLAN, all the VLANs cannot access each other because the flow of each VLAN is separatedphysicallyin nature.
Separating the network is not the final target of building the network.
Choosing the VLAN separation is only to optimize the network andour targetis to make the whole network interconnected finally.
The solution to the inter-VLAN communication is to configure 3-layerfacilities with the routing functions. The internal flow of the VLAN isperformed in the original layer 2 network within the VLAN. Thecommunication flow from one VLAN to another VLAN is forwarded throughthe routing at layer 3. After it is forwarded to the destination network, themessage is finally sent to the destination host through the layer 2 switchingnetwork.
As the layer 3 function adopts the no-forwarding strategy to the broadcast
messages in the Ethernet, configuring the routing function between VLANswill not change the intention of dividing the VLAN to separate the broadcast.
We can interconnect the layer 3 functions of the VLAN through variousconfigurations, such as the routing protocol configuration and the accesscontrol configuration to form the control strategy on the mutual accesses ofthe VLANs and make the network status under control.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
35/162
Network Learning Centre
Proprietary & Confidential34
34Page 34
Route selection in inter-VLANcommunication
z A default gateway is configured at the host; for non-local communication, the
host will automatically search for the default gateway, and send themessages to the default gateway for transferring instead of directly sending
to the destination host
VLAN 100VLAN 100
1.1.1.10/241.1.1.10/24
VLAN 200VLAN 200
2.2.2.20/242.2.2.20/24
Ping 2.2.2.20Ping 2.2.2.20
NonNon--local communicationlocal communicationUsing default g atewayUsing default g ateway
network1.1.1.0/24 at interface 1network1.1.1.0/24 at interface 1network2.2.2.0/24 at interface 2network2.2.2.0/24 at interface 2
In the network ,we divide the VLAN and interconnect the VLANs throughrouters, how do the hosts of the network communicate with each other?
First, let's give such a definition:
The hosts located in the same VLAN are called the local hosts. Thecommunication between the local hosts is called the local communication.
The hosts located in different VLANs are called non-local hosts. Thecommunication between non-local hosts is called non-local communication.
For the local communication, the hosts at both communicationsides locatein the same broadcast domain. The flow of two hosts can directly reach eachother. As the communication process is the same as which in the flat layer 2network, the details will not be described here.
For the non-local communication, the hosts at both communicating sideslocate in different broadcast domains. The flow of two hosts cannot directlyreach each other. The host can not request the address of the opposite side
through the ARP broadcast request. The current communication can only becompleted with the help of the intermediate router.
The routers between VLANs act as the gateway for each VLAN.Therefore, the hosts that make mutual communication through the routersshould know whether the routers exist and their addresses.
After configuring the router, configure the default gateway as the interfaceaddress of the router with this VLAN in the host.
As shown in the above figure, the host 1.1.1.10 should communicate with2.2.2.20.
At first, the host 1.1.1.10 compares the local subnet masks to find that it
can not directly access the destination host as the destination host is not the
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
36/162
Network Learning Centre
Proprietary & Confidential35
35Page 35
One physical connection for everyVLAN
z VLAN is configured on layer 2 switches, and every VLAN uses a
unique physical connection to one interface of the router.
VLAN 100VLAN 100 VLAN 200VLAN 200VLAN 300VLAN 300
As described before, the inter-VLAN communication operates through therouters. So there exists the Inter-network option problem in establishing thenetwork.
According to the traditional network building principle, each VLANrequiring the inter-networking will build an independent physical link to the
router. Each VLAN will occupy one switch port and one router port.In such configuration, each routing interface and physical port of the router
are in one-to-one relation. When the router makes the inter-VLAN routing, itforwards the message from one routing interface to another routing interface.In the same time, the message is forwarded from one physical interface toanother physical interface.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
37/162
Network Learning Centre
Proprietary & Confidential36
36Page 36
Use VLAN Trunking
z multiple VLANs in the network can share only one physical link.
z On the switch, configure that ports connecting to routers use the VLANTrunking.
z And make the same configuration in the router
VLAN 100VLAN 100 VLAN 200VLAN 200
VLAN 300VLAN 300
Using the VLAN Trunking technology can help optimize the abovenetwork.
The concept VLAN Trunking has been introduced in the chapter VLAN.Using this technology enables the service flow of multiple VLANs to sharethe same physical link. By transmitting the tagged frame in the physical link
of the VLAN Trunking, it distinguishes the flow of each VLAN.In making the inter-VLAN inter-networking, multiple VLANs in the
network can share only one physical link. In the switch, configure that portsconnecting to routers use the VLAN Trunking. And make the sameconfiguration in the router.
In such configuration, every router interface and physical interface in therouter are in many-to-one relation. When the router makes the inter-VLANrouting, it forwards the message from one routing interface to another routinginterface. But the message is forwarded from one physical interface back tothe same physical interface. The VLAN tag is replaced with the destination
network tag after the forwarding.In normal case, the flow of inter-VLAN routing is not enough to reach the
linear speed of the link. Using the VLAN Trunking configuration canimprove the bandwidth utilization rate of the link, save the port resources andsimplify the management. (e.g, if adding one VLAN in the network, you canonly maintain the equipment configuration without changing the networkwiring.)
After using the VLAN Trunking, there is still some performancedeficiencies in using the traditional router to make the inter-VLAN routing.
The routings make use of the universal CPU. The routers make the
forwarding totally relying on the software and support various
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
38/162
Network Learning Centre
Proprietary & Confidential37
37Page 37
Integration of switching and routing
z Functional integration of layer 2 switches and routers forms the layer 3
switch; the layer 3 switch functionally realizes VLAN classification,VLAN internal layer 2 switching and inter-VLAN route functions.
VLAN 100VLAN 100 VLAN 200VLAN 200
VLAN 300VLAN 300
VLAN 100VLAN 100 VLAN 200VLAN 200
VLAN 300VLAN 300
The emerging of the layer 3 switch brings huge economic benefits to thenetwork.
The layer 3 switch adopts the hardware technology to integrate the networkfunctions of the layer 2 switch and routers into one box throughsome cleverprocessing. Thus it improves the network integration and enhances the
forwarding performance.In order to implement the interconnection of heterogeneous networks, the
IP protocol offers abundant functions. The standard IP routing needs to makemuch processing and pass many processes when forwarding each IP message,bringing huge work to the software as described before.
But such work is not necessary for each message processing. Mostmessages only need to pass a small part of the processes. There is a largespace to improve the IP routing method.
The design of the layer 3 switch, based on the careful analysis of the IProuting, picks up the necessary processes that each message should pass in
the IP routing. This process is a simplified process
Most messages in the IP routing do not include the IP option. So the IPoption processing of the message is not necessary in most cases.
The message length in different networks is different. In order to adapt todifferent networks, the IP implements the message partition function.However, in the Ethernet environment, the network frame (message) length isfixed. So the message partition function can be omitted.
The layer 3 switch adopts the accurate address-matching mode forprocessing to enable the hardware to fast inquiry, different from the mode
that requires matching the longest address mask in the router.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
39/162
Network Learning Centre
Proprietary & Confidential38
38Page 38
Function model of layer 3 switch
10.110.0.113/2410.110.0.113/24
G:10.110.0.254G:10.110.0.25410.110.1.69/2410.110.1.69/24
G:10.110.1.254G:10.110.1.25410.110.1.88/2410.110.1.88/24
G:10.110.1.254G:10.110.1.254
10.110.2.200/2410.110.2.200/24
G:10.110.2.254G:10.110.2.254
ETH0:10.110.0.254/24ETH0:10.110.0.254/24
ETH1:10.110.1.254/24ETH1:10.110.1.254/24
ETH2:10.110.2.254/24ETH2:10.110.2.254/24
The function of layer 3 switch is corresponding to the part in the dottedline frame of the figure.
As the layer 3 switch integrates functions of routers and the layer 2 switchsupporting the VLAN, it is also called the layer 2 and layer 3 Switch.
Functions of the layer 2 switch and the router are realized in the layer 2
VLAN forwarding engine and layer 3 forwarding engine.
The layer 2 VLAN engine, the same as the layer 2 forwarding engine of thelayer 2 switch supporting the VLAN, uses the hardware to support the layer 2forwarding of multiple VLANs.
The layer 3 forwarding engine uses the hardware ASIC technology torealize the high-speed IP forwarding.
Corresponding to the IP network module, each VLAN is corresponding toone IP network segment. The layer 3 forwarding engine of the layer 3 switchforwards the messages between each network segment (VLAN) to realize the
inter-networking between VLANs. Therefore, the routing function of thelayer 3 switch is called the inter-VLAN Routing.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
40/162
Network Learning Centre
Proprietary & Confidential39
39Page 39
Message to message Layer 3 switchingtechnology
1
2
3
1
2
3
1
2
3
1
2
3
z Traditional layer 3 technology processes each message, and transfers
messages based on the destination IP addresses. This method is
called from message to message
The difference between message-to-message switching mode and flowswitching mode is listed below. If each message should pass the layer 3processing and the service flow forwarding is based on the layer 3 address,this switching mode is called the message-to-message switching mode; ifonly the first message passes the layer 3 processing and other subsequent
messages pass only the layer 2 forwarding, this switching mode is called theflow switching mode.
In the message-to-message activity as shown in the figure above, first themessage enter the physical interface at layer 1 of the system OSI referencemodule; next, it reaches the layer 2 to receive the destination MAC addresscheck. If the list check result does not allow the switching, the message willenter the layer 3. At layer 3, the message passes the routing calculation andaddress analysis processing. After passing the layer 3 processing, the messageheader is modified and transmitted back to the layer 2. After the layer 2confirms the appropriate output port, the message is transmitted to thephysical medium through the layer 1. All the subsequent messagesshould gothrough the same process.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
41/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
42/162
Network Learning Centre
Proprietary & Confidential41
41
Isolate-user-VLAN
Isolate-user-VLAN (Huawei) is same as Private VLAN (Cisco)
This is not supported by CX200 (old technology not supported innew devices)
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
43/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
44/162
Network Learning Centre
Proprietary & Confidential43
43
Super-VLAN
No Physical Ports in Super-VLAN
Super-VLAN is the gateway for sub-vlans Super-VLAN has IP address (vlanif)
VLAN aggregation solves the problem that excessive IP addressesoccupation caused by VLANs.
As shown in Figure, in VLAN aggregation, multiple VLANs areaggregated into a super-VLAN. Member VLANs of a super-VLANare called sub-VLANs. All sub-VLANs share the same IP networksegment.
If a large number of VLANs exist in an Ethernet network, VLANaggregation can simplify the configurations.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
45/162
Network Learning Centre
Proprietary & Confidential44
44
Module 2
Q-in-Q
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
46/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
47/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
48/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
49/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
50/162
Network Learning Centre
Proprietary & Confidential49
49Page 49
Basis of the QinQ Technology
Tunnel port; external tag attached or peeled off
Trunk port: single tag at the customer side; two tags at the operator side
QinQ topical applicationQinQ topical application
SS
SS
SS
SS
SS
SS
SS
VLAN100
VLAN200Custom A
ISP network
VLAN100
VLAN200
header datauservlan
10header datauservlan header data
uservlan
Externallabel
20header datauservlan
Custom A
The users message is attached with an external tag before it traverses the operators
network; simple layer-2 VPN functions are enabled.
Typical applications of QinQ Tunnel port: The QinQ-supported port is configured. TheTunnel port is a VLAN allocated by the operator to the customer. The Tunnel port is onlyconfigured at the operators equipment. In the above figure, customer A is allocated with
VLAN10; all Tunnel ports connected with customer A belong to VLAN10 in the operatorsnetwork. When the data of customer A (already with a customer VLAN tag) reaches theTunnel port, an external tag will be added. The VLAN ID is 10. In the operators network,the data is transmitted according to the normal layer-2 transfer process in VLAN10. Whenthe data of customer A leaves the Tunnel port, the external tag will be peeled off. Only theinternal customer VLAN tag will be left. Upon arriving at the customer side switch, the datais transmitted in the customers network as a normal Tag message. MAC study: When thecustomer data reaches the Tunnel port, the MAC study is allocated to the customer VLAN(customer As data MAC study is in VLAN10); when the data reaches the customer side,MAC study is in the VLAN attached by the internal customer VLAN tag. The QinQ
function is not visible for the customer side switch. The operators network is transparentfor the customer. The Tunnel port is sometimes called the vlan-vpn port
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
51/162
Network Learning Centre
Proprietary & Confidential50
50Page 50
Basis of the QinQ Technology
It can be simply taken as a packet with twolayers of 802.1Q tags.
The QinQ technology reduce costs foroperator.
The customer can plan a private VLAN ID.
QinQ does not require signaling protocols.
QinQ has expanded VLAN resources .
Advantages of QinQAdvantages of QinQ
QinQ can be simply understood as a message with two layers of 802.1Q tags.
The QinQ technology enables the operator to provide layer-2 VPN to customers at low
costs. QinQ services are implemented in the operators network; users are insensitive to
QinQ.
In each message in the operators network, the internal tag is the customers privateVLAN ID, while the external tag is allocated by the operator. The customer can plan aprivate VLAN ID; changes in the operators network will not affect the customers network.
QinQ does not require signaling protocols; only static configurations shall be made;configurations are simple and stable.
QinQ has expanded VLAN resources and enable the operator to classify access usersaccording to VLAN IDs.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
52/162
Network Learning Centre
Proprietary & Confidential51
51Page 51
QinQ QOSQinQ QOS
Core switchore switchS85008500 QOS feature can realize:OS feature can realize:
For uplink traffic (messages with single tags)
QOS is enabled according to the internal VLAN ID
Mapping to external COS according to the internal COS
Mapping to DSCP according to the internal COS
Mapping to the local priority queue according to the internal COS
Basis of the QinQ Technology
How to realize Ethernet QOS in theQinQ network?
The message with 8021Q tag at the customer side contains the8021p priority level. After
the tunnel port is attached with an external tag, the message contents cannot be identified in
layer-2 transfer. How to realize Ethernet QOS in the QinQ network?
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
53/162
Network Learning Centre
Proprietary & Confidential52
52Page 52
Challenges for the QinQ technologyChallenges for the QinQ technology
Basis of the QinQ Technology
QinQ described above is port-based QinQ; its principle is : Whenan equipment port receives a message, the switch will label adefault VLAN tag on the message, whether the message has hada VLAN tag or not.
New challenges
In the QinQ network, the operators network is transparent forcustomers. In case there is redundancy in the connectionbetween a customer and the operators network, a loop will begenerated.
New technology--selected QinQ.
The principle of port-based QinQ is : When an equipment port receives a
message, the witch will label a default VLAN tag on the message, whether the
message has had a VLAN tag or not. In this case, if the message has already had a
VLAN tag, it will have two tags. If the message is untagged, it will have a default
VLAN tag.
New challenges : In the QinQ network, the operators network is transparent for
customers. In case there is redundancy in the connection between a customer and
the operators network, a loop will be generated. (See customer A in the QinQ
application schematic map.)
This challenge requires the operators network to transparently transmit
STP/RSTP/MSTP messages. In this way, the customer can construct a STP tree
outside the operators network and hence cut off the redundant link (BPDU-Tunnel).
Some operators propose user classification according to the user VID or other
features, rather than user access ports (selected QinQ).
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
54/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
55/162
Network Learning Centre
Proprietary & Confidential54
54Page 54
QinQ BPDU Tunnel
Layer-2 protocol messages are also called theBPDU messages.
The following requirements must be satisfied so thatBPDU messages can be transparently transmitted inthe operators QinQ network:
All branches in a customer network can receivetheir BPDU messages.
BPDU tunnels in different customer networks
must be isolated from one another to avoidinterference.
BPDU Tunnel principlesBPDU Tunnel principles
How to solve the twoproblems?
Layer-2 protocol messages are also called the BPDU messages. Their transparent
transmission tunnels in the operators network can be called layer-2 protocol tunnels or
BPDU tunnels
So how to solve the two problem brought up in the slide?
First: When receiving a BPDU message on the Tunnel port, theport labels a tag allocated
by the operator on the message. Such tags are used to identify BPDU messages in different
VPNs. In the operators network, BPDU messages are transmitted as normal data messages.
Second : to avoid the customers BPDU message being processed by the operators
network equipment, a multicast MAC shall be attached to each encapsulated BPDU
message as the destination MAC. This ensures that the messages are sent to different
branches in the VLAN allocated by the operator. When a message goes out of the Tunnel
port, the VLAN tag will be removed, and the destination MAC will be changed back to the
BPDU MAC.Characteristics of BPDU message messages: BPDU messages are layer-2 control
messages of bridge equipment. They are correlative globally in the equipment and have no
VLAN tags.
In the traditional bridge equipment, if a received BPDU message is not supported or
enabled, it will be propagated in all ports; otherwise, it will be processed in the equipment
before it is transferred.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
56/162
Network Learning Centre
Proprietary & Confidential55
55Page 55
BPDU-Tunnel Packet
DSAP(1)0x42
SSAP(1)0x42
Control(1)0x03
Length(2) Protocol DataDA01-80-C2-00-00-00
SA00-0F-E2-07-F2-E0
FCS
DSAP(1)0x42
SSAP(1)0x42
Control(1)0x03
Length(2) Protocol DataDA01-00-0C-CD-CD-D0
SA00-0F-E2-07-F2-E0
FCSUser_I nfo
BPDU Packet
Modifying the BPDU
destination addressto multicast MAC
add this part to
identify usernetwork
Realization of the BPDU TunnelRealization of the BPDU Tunnel
QinQ BPDU Tunnel
Upon receiving a BPDU message, the Tunnel port modifies the destination MAC into amulticast MAC (01-00-0c-cd-cd-d0). Identification information, such as the userinformation, is inserted in front of the FCS. The multicast MAC ensures that the message ispropagated in the VLAN; it also identifies the message as a BPDU-Tunnel message. Whenreceiving the message, the switch submits it to the CPU for processing; it recovers the
BPDU identity and sends the message to the corresponding customer network according tothe user information identification in the message.
Modifying the BPDU destination address to multicast MAC Modifying the BPDUdestination address to multicast MAC Destination: 01-00-0c-cd-cd-d0Source address: 00-0F-E2-07-F2-E0 The source of the BPDU messages sent by Huaweis switches is thisMAC. According to the above descriptions, we can find that BDPU messages and BPDU-Tunnel messages are both in LLC encapsulation. At present, Huaweis realization method isconsistent with the realization method of Cisco. Tests showed that Huaweis equipment caninterwork with Ciscos equipment.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
57/162
Network Learning Centre
Proprietary & Confidential56
56Page 56
Basis of the QinQ TechnologyBasis of the QinQ Technology
Appl ications of BPDU TunnelAppl ications of BPDU Tunnel
Principles and Applications of SelectedPrinciples and Applications of Selected
QinQQinQ
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
58/162
Network Learning Centre
Proprietary & Confidential57
57Page 57
Characteristics of selected QinQCharacteristics of selected QinQ
Principles and Applications of SelectedQinQ
Based on the stream classification results,selected QinQ can determine whether toattach external VLAN tags and the type ofexternal VLAN tags. Different bearer schemesare executed for different services.
IPTag Protocol DataDA mac SA mac FCS
z Selected QinQ is also called stream classification based Nested VLAN
feature. Each user can implement operations on messages that matchwith specific ACL stream rules.
Based on the stream classification results, selected QinQ can determine whetherto attach external VLAN tags and the type of external VLAN tags. Characteristicsof selected QinQ can be implemented according to the user VLAN tag, MACaddress, IP protocol, source address, destination address, priority level, or portnumber of the application program. With the above stream classification methods,
external VLAN tags can be encapsulated to messages according to different users,different services, and different priority levels; different bearer schemes areexecuted for different services.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
59/162
Network Learning Centre
Proprietary & Confidential58
58Page 58
Principles and Applications of SelectedQinQ
Inter-service-area traffic distribution byports
Scene 1 of selected QinQ applicationsScene 1 of selected QinQ applications
MANVLAN 10 VLAN1-XXX
SSSS
VLAN 20 VLAN1XXX
VLAN 30 VLAN2XXX
VLAN 2
VLAN 1001
VLAN 2001 VLAN 3
VLAN 1002
VLAN 2002
TrunkTrunk
Inter-service-area traffic distribution by ports: ordinary Internet user PC VLAN is in therange of 1~1K; IPTV user VLAN is in the range of 1K~2K; VIP customer Internet accessVLAN is in the range of 2K~3K...
Ordinary Internet users VLAN range 1~1K with external VLAN10
VLANIPTV users VLAN range 1K~2K with external VLAN20VIP customer Internet access VLAN range 2K~3K with external VLAN30
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
60/162
Network Learning Centre
Proprietary & Confidential59
59Page 59
Principles and Applications of SelectedQinQ
Traffic distribution by message protocolnumbers
Scene 2 of selected QinQ applicationsScene 2 of selected QinQ applications
MANVLAN 10 PPPOE
SS
VLAN 20 IPOE
VLAN 3
VLAN 2
SS
Traffic distribution by message protocol numbers: ordinary PCs use the PPPoE protocol
to access the Internet; IPTV adopts the IPoE protocols. The terminals are connected to the
uplink via a VLAN. The QinQ technology can be used to distributetraffic according to
different protocol numbers of messages, for example PPPoE and IPoE message.
In Huaweis 8500 switch, each PPPoE message of ordinary Internet PC is attached with
external VLAN10; each IPOE message of the IPTV is attached with external VLAN20.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
61/162
Network Learning Centre
Proprietary & Confidential60
60Page 60
Principles and Applications of SelectedQinQ
Traffic distribution by messagedestination IP addresses
Scene 3 of selected QinQ applicationsScene 3 of selected QinQ applications
MANVLAN 10 DA IP
SS
VLAN 20 DA VOIP
Service control
SS
Traffic distribution by message destination IP addresses: for service application messageswith the same source IP address and same message encapsulation, for example messagesgenerated from the SoftPhone program, traffic can be distributedvia the selected QinQtechnology according to the destination IP addresses of the messages.
Each ordinary Internet data message is attached with external VLAN10; each VOIPmessages with specific destination address is attached with external VLAN20
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
62/162
Network Learning Centre
Proprietary & Confidential61
61Page 61
Principles and Applications of SelectedQinQ
Traffic can be distributed by the internal VLAN tags ofthe QinQ.
Scene 4 of selected QinQ applicationsScene 4 of selected QinQ applications
MAN
VLAN 10 VLAN 100
VLAN 20 VLAN 200SS
VLAN 100
VLAN 200
SS
VLAN 30 VLAN 300
VLAN 40 VLAN 400
VLAN 300 VLAN 400
VLAN 10 VLAN 100
VLAN 10 VLAN 300
VLAN 20 VLAN 200
VLAN 20 VLAN 400
In the concatenated networking mode, some concatenated switches have adopted port-based QinQ. In this case, traffic can be distributed via the selected QinQ according to theinternal VLAN tags of the QinQ.
The ordinary QinQ attaches external VLAN10 to VLAN100; it attaches VLAN30 toVLAN300; VLAN 100 and VLAN300 belong to the same VPN user. Hencein the 8500switch, external tag VLAN10 is attached according to VLAN100 andVLAN300 of theQinQ message.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
63/162
Network Learning Centre
Proprietary & Confidential62
62Page 62
Typical applications of selected QinQTypical applications of selected QinQ
Principles and Applications of SelectedQinQ
SS
internet
BRAS
SS
VL AN 1001-1003
MulticastRouter
DHCP Server
VLAN 302
VL AN 303
S8500
VL AN 101-301
Campusaccessswitch DSLAM
Each user has oneVLAN (internaltag) to be isolated
from other users.
Users can be distributed todifferent VLANs (withexternal tags) according todifferent applications toisolate the applications.
The above is the networking of the most commonly used selected QinQ application byoperators. In general, telecom broadband user group include users accessed to the switch viathe campus network; the other are ADSL users accessed via DSLAM.
Let me briefly introduce the characteristics of this networking case:
1. VLAN101-200 users accessed from the campus network are ordinary users; this groupis allocated with pubic network VLAN1001 by the 8500 switch. VLAN201-300 users areVIP users accessed from the campus network; this group is allocated with pubic networkVLAN1002 by the 8500 switch; VIP users have high requirements onnetwork performance;hence the bandwidth of VIP users shall be guaranteed via QOS.
2. ADSL users accessed from DSLAM are VLAN 101-300 users, who get an IP addressfor Internet access via PPPOE dialing; this group is allocated with public networkVLAN1003 from the 8500 switch.
3. VLAN 301 is dedicated to multicast. IPTV users accessed via DSLAM or campusnetwork shall access multicast programs via VLAN 301. IPTV client terminals first get IP
addresses from the DHCP server; then they join the IGMP group on the 8500 switch toaccess multicast programs.
4. For Internet users, the 8500 switch attaches a public network tag on each Internet usermessages before the message is submitted to BASE for processing. Each user implementsauthentication, authorization and layer-2 termination on BASE.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
64/162
Network Learning Centre
Proprietary & Confidential63
63
Module 3
Devices-Huawei & Cisco
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
65/162
Network Learning Centre
Proprietary & Confidential64
64
Huawei CX200D
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
66/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential65
65
Hardware Architecture of the CX200D
Dimensions 442mm220mm43.6mm
Port Switch capacity
Forwarding performance
8.8Gbps/6.6Mpps
Interface type 24*10/100TX+2*GE(SFP)
Power DC/AC 25W
CX200D-EA
CX200D
S2300SI/EI capability : 8.8Gbps/ 6.6Mpps
S3300SI/EI capability : 12.8Gbps / 9.6Mpps
Product List:
S2318P-SI 16*10/100TX+2*GE(SFP)
S2318P-EI 16*10/100TX+2*GE(SFP) (Enhanced L2)
S2326P-SI 24*10/100TX+2*GE(SFP)
S2326P-EI 24*10/100TX+2*GE(SFP) (Enhanced L2)
S3328TP-SI 24*10/100TX+2*GE(SFP)+2*GE Combo
S3328TP-EI 24*10/100TX+2*GE(SFP)+2*GE Combo (Enhanced L3)
S3352TP-SI 48*10/100TX+4*GE Combo
S3352TP-EI 48*10/100TX+4*GE Combo (Enhanced L3)
S2309P-SI 8*10/100TX+1*GE(SFP)
S2309P-EI 8*10/100TX+1*GE(SFP)
In EA there is 2 extra SFP, these are combo ports. If we use this we cant use 2 FE ports.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
67/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
68/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
69/162
Network Learning Centre
Proprietary & Confidential68
68
CX200DCX200D Significant FeaturesSignificant Features
Selective QinQ & Vlan Mapping
RRPP
IEEE802.3ah
IGMP Snooping
QoS
DHCP Option82
HGMP
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
70/162
Network Learning Centre
Proprietary & Confidential69
69
Selective-QinQ Make Service Provisioning Easier
user2
user1
C-MAC-DA
C-MAC-SA
C-VLAN-TAG
C-ETH-TYPE
C-DATA
C-MAC-DA
C-MAC-SA
C-VLAN-TAG
C-ETH-TYPE
C-DATA
S-VLAN-TAG
user1
user2
VALN1VoIPservice
VLAN2 BTVservice
VLAN3 Internet
DATA 1 SA DA
DATA 2 SA DA
DATA 3 SA DA
VLAN4 Internet
DATA 4 SA DA
VLAN30
DATA 1 SA DA
DATA 2 SA DA
DATA 3 SA DA
DATA 1 SA DA
DATA 2 SA DA
DATA 4 SA DA
DATA 10 SA DA
DATA 20 SA DA
DATA 3 SA DA
DATA 10 SA DA
DATA 20 SA DA
DATA 4 SA DA
30
30
CX200D
VLAN10
VLAN20
IP/MPLS Core
NPE
Access AggregationNetwork
BRAS
VLAN Translation change VLAN tag as necessary, make service provisioning more flexible.
Selective QinQ insert different out tag based on different inner Tag.
4096 * 4096 =16 million vlans
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
71/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential70
70
SelectiveQinQ
DATA3SADA DATA5SADA
1. Modify C-VLAN ID
UNI (FE/GE) NNI
DATASADA DATA3SADA 6
2. Add S-VLAN ID
3
UNI (FE/GE) NNI
In selective QinQ we use normal vlan packets
On a certain port we we send multiple vlan in normal qinq same vlan is used in public
- in selective qinq we can change thepublic vlan as per private vlan id
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
72/162
Network Learning Centre
Proprietary & Confidential71
71
VLAN Mapping1:1
Vlan 1 Vlan 3
Vlan 2
Vlan 100/200/300
Global mapping
vlan 1vlan 100
vlan 2vlan 200
vlan 3vlan 300
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
73/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential72
72
VLAN Mapping & QinQ-Application inIPTV
Home GatewayHome Gateway
IPTVIPTV
PCPCPOPPOP
IPTVIPTV
PCPC
Campus 1Campus 1Access LayerAccess LayerS2000TPS2000TP--EAEA
Aggregation LayerAggregation LayerVLAN1
VLAN2
VLAN1
VLAN2
VLAN1VLAN2
VLAN1
VLAN2
VLAN2001@VLAN1
VLAN2001@VLAN2
VLAN 3001@VLAN 1001
VLAN 3001@VLAN 1002
IPTVIPTV
PCPC
IPTVIPTV
PCPC
VLAN1
VLAN2
VLAN1
VLAN2
VLAN1VLAN2
VLAN1
VLAN2
VLAN2002@VLAN1
VLAN2002@VLAN2Campus 2Campus 2
Two VLAN per HG Same VLAN for
different users
Enable 1:1VLAN mapping
in user port of switchPUPSPV
VLAN1VLAN1001
VLAN2VLAN1002
VLAN1VLAN1001
VLAN2VLAN1002
VLAN 3002@VLAN 1001
VLAN 3002@VLAN 1002
BRAS
Selective QinQ based onVLAN for internet and IPTV
service
PUPSPV is realized based on the same HG configuration, and 1:1 VLAN mapping on port ofCX200D Series Metro Ethernet.
At the Home Gateway edge, VLAN1 for PC to access internet with broadband service, VLAN2 for
IPTV service.At the access layerwe use the 1:1 vlan mapping.
At the campus network, we use the QinQ feature.
CX200D
CX200D
CX200D
CX200D
CX200D
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
74/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential73
73
Metro Network
RRPPRapid Ring Protection Protocol
MainNode
TransitNode
SlavePort
MainPort
Link-Down
Notification
Block Status
Link Failure
Link-DownNotification
MainRing
Sub-Ring 1
User1 User2
Hello Packet
RRPP provides Ethernet Ring solution with ordinary Ethernet Port Less than 50ms failure protection. Ring span support Link Aggregation
TransitNode
TransitNode
TransitNode
Sub-Ring 2
Huawei proprietary protocol
RSTP/MSTP is too high for our network..we need max 50ms
We have to manually define the main node (main switch) and declair main port to configureRRPP. In STP every thing is automatically done.
Number of nodes in the ring has not been stated yet
A standard protocol RPR can also be used for
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
75/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential74
74
RRPP
RRPP Feature
CX200D CX200D
UPE
NPE
Metro Core
CX200DHello Packet
CX200D
CX200D
RRPP can be used in Dual-Homed Protection network
RRPP can be apply between CE and UPE, or between UPE and NPE User side device are RRPP Main Node in Protection Domain, block Slave Port. Service can be switch between Master Port and Slave Port.
RRPP support Trunk
Main nodeMain port Slave port
Transit Node Transit Node
Block Status
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
76/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential75
75
Ethernet OAM802.3ahProtocol
802.3ah protocol is used to solve TheLast Mileproblem, and suitable for
Ethernet link between two devices too.
Main Functions
OAM Auto Discover
OAM Link Monitor
Remote Fault Notify
OAM Remote Loopback
Remote Taking MIB
CX200D
CX200D
CE PE
User to Network Interface
Link Failure Message
CX380
CE PE
Link Loopback Message
Test Message CX380
User to Network Interface
The Ethernet OAM 802.3ah verifies the connectivity, fault isolation, performancemonitoring and troubleshooting capabilities of Ethernet Services. Its objectives areto push widely Ethernet technology into access network market of carriers.EthOAM can improve network performance, and reduce OPEX and CAPEX.802.3ah protocol includes all technology elements Ethernet must have, such as
physical criterions on cable, P2P fiber and P2MP fiber, and OAM mechanisms.
OAMOperations Administration and Maintenance
Only cx box can support this
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
77/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential76
76
IGMP Snooping
Internet Internet
VOD Server1 VOD Server2
Multicast Router
CX200D
Multicast Group
Member
Multicast Group
Member
Multicast Group
Member
Video Stream
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
78/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential77
77
Only one copy for whole ring
IGMP Snooping V1/V2
MVLAN+
Native L2 multicast forwarding easy
to deploy and maintain
50ms switch over
IGMP fast leave, fast zapping
Multicast function Feature
High Reliable Multicast
Convergence Layer
Core Layer
STP/RRPP CX200DCX200D
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
79/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
80/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential79
79
DHCP client CX
DISCOVER
OFFER
RELEASE
Data transmit
DHCP server
DISCOVER+Option82
OFFER(+Option82)
REQUEST
ACK
RE QUE ST+Option82
ACK(+Option82)
RE LEASE+Option82
Transmission of DHCP Messages
Process of transmitting DHCP messages when the function of forciblyappending the Option 82 field is enabled.
The Option 82 field carries the
inbound interface number and
VLAN ID of DHCP messages.
After being initialized, the DHCP client sends a DHCPDISCOVER message to theDHCP server. The Option 82 field is forcibly appended to the DHCPDISCOVERmessage on the CX.
When receiving the DHCPDISCOVER message that carries the Option 82 field,the DHCP server sends a DHCPOFFER message that carries the Option 82 field to
the DHCP client. The CX removes the Option 82 field from the DHCPOFFERmessage and then sends the message without the Option 82 field to the DHCPclient.
The DHCP client sends a DHCPREQUEST message to the DHCP server torespond to the DHCPOFFER message sent by the DHCP server. The Option 82field is forcibly appended to the DHCPREQUEST message on the CX.
When receiving the DHCPREQUEST message that carries the Option 82 field, theDHCP server sends a DHCPACK message that carries the Option 82 field to theDHCP client. The CX removes the Option 82 field from the DHCPACK messageand then sends the message without the Option 82 field to the DHCP client.
The DHCP client sends a DHCPRELEASE message to the DHCP server toactively release the IP address assigned by the DHCP server. TheOption 82 field isforcibly appended to the DHCPRELEASE message on the CX.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
81/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
Network Learning Centre
Proprietary & Confidential80
80
Networking diagram of DHCP Option 82
IP/MPLS core
DHCP server
DHCP relayagent
LSW DSLAM
DHCP client DHCP client
enabled withDHCP snooping
Eth0/0/3Eth0/0/2
Eth0/0/1
As shown in Figure, DHCP Option 82 is enabled on the CX. The function offorcibly appending the Option 82 field to DHCP messages is enabled on Ethernet0/0/1, Ethernet 0/0/2, and Ethernet 0/0/3. For the DHCP messagessent from theuser side, the CX appends the Option 82 field to them. In this manner, the inboundinterface number and VLAN ID of the DHCP messages are provided for the
upstream device. For the DHCP messages sent from the network side, the CXremoves the Option 82 field. In this case, clients can still receive the DHCPmessages.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
82/162
Network Learning Centre
Proprietary & Confidential81
81
HGMPGroup Management Protocol
Discovery automatically
Topology collection and display
Download configure Automatically Rapid deployment Convenient maintenance
Save on management IP address
Plug and Play
DMS
HGMPClient
HGMP
ServerMetro Ethernet
Save OPEX!
Combine multiple lan switch in to single big lan switch
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
83/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
84/162
Network Learning Centre
Proprietary & Confidential83
83
Product Features
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
85/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
86/162
Network Learning Centre
Proprietary & Confidential85
85
L2 Transparent LAN Service (TLS)
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
87/162
Network Learning Centre
Proprietary & Confidential86
86
L2 Protocol Tunneling (L2TP)
L2TP allows the propagation of specific layer 2 PDUs to be tunneledthrough a layer 2 network
PDUs that can be tunneled are Vlan trunking protocol, STP, CDP
L2tp is based on PPP. It takes the packet of any protocol (IP,IPX,etc) and encryptsto deliver over internet using IP.
(Layer 2TunnelingProtocol) A protocol from the IETF that allows a PPP session
to travel over multiple links and networks. L2TP is used to allow remote usersaccess to the corporate network. PPP is used to encapsulate IP packets from theuser's PC to the ISP, and L2TP extends that session across the Internet
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
88/162
Network Learning Centre
Proprietary & Confidential87
87
Aggregate QoS Model
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
89/162
Network Learning Centre
Proprietary & Confidential88
88
QoS Functions
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
90/162
Network Learning Centre
Proprietary & Confidential89
89
Multicast Support
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
91/162
Network Learning Centre
Proprietary & Confidential90
90
Problem to Distribute Multicast in L2Ring
We have 2 user Vlans per switch in the ring and28 user vlans are sent over each trunk in thering.
We need to be able to send all multicast streamsto each users
In standard multicast the distribution, the BANneeds to replicate multicast streams topotentially 28 users Vlans
28 copies of each multicast packet mighttravel over the ring
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
92/162
Network Learning Centre
Proprietary & Confidential91
91
Problem to Distribute Multicast in L2Ring
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
93/162
Network Learning Centre
Proprietary & Confidential92
92
MVR Operation
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
94/162
Network Learning Centre
Proprietary & Confidential93
93
IGMP Snooping
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
95/162
Network Learning Centre
Proprietary & Confidential94
94
Supervisor Subsystem
Managing control plane traffic for the switch Provides address learning capabilities
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
96/162
Network Learning Centre
Proprietary & Confidential95
95
ACL
Network security through Cisco access control lists
(ACLs) based on Layer 2 through Layer 4 information Access control all packets
Lookups done in hardware : less delay
Security at the edge
Minimizes congestion by filtering unwanted traffic
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
97/162
Network Learning Centre
Proprietary & Confidential96
96
Other features
Simplified network management through the CiscoCluster Management Suite (CMS) Software
Telnet traffic is encrypted (Secure Shell)
Supports SNMP v3: encrypt admin traffic duringSNMP session
MAC address notification : Alerts administrator whenuser comes to the network.
DHCP Interface Tracker: Provides Switch & port ID toDHCP server
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
98/162
Network Learning Centre
Proprietary & Confidential97
97
Cisco ME 3400
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
99/162
Network Learning Centre
Proprietary & Confidential98
98
Cisco ME 3400
24 Ethernet 10/100 ports 2 SFP gigabit uplinks (GBIC in 3550)
30W max power consumption (25 W less than3550)
Operating temperature-50 deg (5 more than3550)
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
100/162
Network Learning Centre
Proprietary & Confidential99
99
Cisco Catalyst 3750
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
101/162
Network Learning Centre
Proprietary & Confidential100
100
Cisco Catalyst 3750
12 SFP based Gigabit ports 32 Gbps high speed stacking bus
Power consumption 120W max
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
102/162
Network Learning Centre
Proprietary & Confidential101
101
Huawei CX600
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
103/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential102
102Page102
Contents
1. Introduction to CX 600
2. Service Features of CX600
3. Application of CX600
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
104/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential103
103Page103
Positioning of CX600
MSPCX600
DSLAMCMTS
AG
NodeB
Access
Acc Switch
SBC
RNC
SoftX
Internet
Headend
VoD
CS
VoDES
SGSN
P
P
Edge Core Application
PE
P
BRAS
MSPCX600
Aggregation
MSPCX600
MSPCX600
CX600 Metro Services Platform (MSP) is a high end Ethernetproduct. It focuses on Ethernet services access, aggregation andtransmission in metro area. It mainly locates at metro access andaggregation point and can provide FE, GE, 10 GE and RPRinterfaces with line speed performance.
Position of CX600-8:
1. CX600-8 is Metro Services Platform, supports abundant Metro Ethernetservices.
2. Special for Ethernet Aggregation; bring L3 access to network margin;
3. Does not support POS, ATM, E1/E3 and T1/T3 interfaces for WAN application.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
105/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
106/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential105
105Page105
CX600 System Architecture
LPU
LPULPU
FAN(redundancy)
FAN(redundancy)
FAN(redundancy)
FAN(redundancy)
SRU
(1:1 redundancy)
SRU(1:1 redundancy)
SFU
(3+1)
SFU
(3+1)
Monitor Bus Control Bus
SFU
3+1 redundancy
SFU
3+1 redundancy
SwitchingFabric
Data Bus
Redundancy design for all components, no single point failure Distributed forwarding architecture to eliminate performance bottle neck and maximize
throughput Separated data bus, control bus and monitor bus 2:1 speedup (=switching capacity : port capacity), non-blocking crossbar switching fabric
Redundancy design for all components, no single point failure Distributed forwarding architecture to eliminate performance bottle neck and maximize
throughput Separated data bus, control bus and monitor bus 2:1 speedup (=switching capacity : port capacity), non-blocking crossbar switching fabric
LPU
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
107/162
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
108/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential107
107Page107
CX600 Line Card
Framer
SMPFE
TCAM
CPcontrol module
physicalinterface
TM
Bufferfabric interface
management interface
Micro cell switchingVOQ4 priorities
Wire speed & low latency 10G forwarding capability
Per user per service ingress & egress H-QoS guarantee Large packet buffer to reduce packet loss rate, meet requirements of criticalservices
VOQ to avoid HOLB (head of line blocking) issue and maximize throughput
Wire speed & low latency 10G forwarding capability Per user per service ingress & egress H-QoS guarantee Large packet buffer to reduce packet loss rate, meet requirements of critical
services VOQ to avoid HOLB (head of line blocking) issue and maximize throughput
32K flow queues per direction8 queues per port5 level H-QoS
100ms buffering
200K FIB16K ARP128K MAC
8K ACL1K CAR
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
109/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential108
108
Page108
Major Functions & Characteristics
supports the 2*10G/slot,
IPv6
Ethernet OAM
perfect carrier-class feature
RPR Bridge Mode
FE, GE, 10GE
1G, 2.5G, 10G RPR
BFD, GR, and TE,
22,000 FIB entries.
ME features (RRPP, BPDU
Tunnel, QinQ termination,
DHCP+)
HQOS are newly added,
which satisfy the marketing
requirements of the Metro
Ethernet
V200R002V200R001
2008Q1 GA2007-08-10 GA
ME features: Metro Ethernet
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
110/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential109
109Page109
Software features(1)
Name of Software Features Remarks
Interface binding (IP TRUNK and Ethernet
TRUNK) Supports the cross-service LPU binding.
TRUNK int erface HASH load balancing
RPR (10G, 2.5G, 1000M)
GRE tunnel
IPv4 unicast service
IPv4 multicast service
Suppor ts RIP, OSPF, IS-IS, and BGP4 Suppor ts BGP Account ing and BGP MD5.
Weak poly-based routi ng
IGMPv3, PIM-SSM, Multicase Source Control
Common layer 2 features (interface isolationin VLAN, VLANIF, QinQ, and STP/MSTP)
128K Mac address per sl ot
VLAN Mapping (1 to 1)
DHCP+(IP, MAC, Interface, and VLAN binding )
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
111/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential110
110Page110
Software features(2)Name of Software Features Remarks
RRPP (for Ethernet and Ethernet-Trunk)
RRPP ring multicast isolation feature
BPDU Tunnel
FIB table supports the load balancingSupports complete load balancing and supportseight ECMPs of load balancin g.
LSP load balancingSupports t he LSP traffic-based load balancing andthe fault switch less than 50ms.
MPLS TE
LDP over TE LDP over TE for PE/P
TE over TRUNK (IP TRUNK, EthernetTRUNK
MPLS L3VPN
Supports three kinds of inter-domain modes:
Option A, B and C.
Supports ISIS, OSPF, RIP, BGP, and static route.
Can be access to the PE in static ro uting. TheOSPF suppor ts 1000 instances.
Supports t he HoPE.
MPLS L2VPN (VLL/PWE3, VPLS, HVPLS)Supports the following two kinds of protocolmodes: Martini and Kompella.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
112/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential111
111Page111
Software features(3)
Name of Software Features Remarks
VPLS over TEStatic LSP is accessed to VPLS
QinQ termination is accessed to VPLS,L2VPN, and L3VPN
Multicast VPN
MPLS OAM
MPLS Ping, MPLS Traceroute
IS-IS and fast con vergenceThe IS-IS convergence on the whol e network isless than 1s, and convergence of the single nodeis less than 50ms.
IP/LDP FRR
TE FRR
VPN FRR
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
113/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential112
112Page112
Software features(4)
Name of Software Features Remarks
BFD for FRR, VRRP, and ISIS
BFD for BGP, OSPF, TRUNK, and VLANIF
BFD for VRF, Cisco Interco nnection
BGP/ISIS/OSPF/LDP GR
VLL (LDP mode)/VPLS GR
L3VPN GR
HQOS (FADD only)
VPN QoS (Resource Reservation VPN)
QPPB
Tunnle/VPN statistics
NTP
SSHv2
IPTN TPE
NetStream fo r IPv4
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
114/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential113
113Page113
Specification of CX600
Description CX600
Interface Ethernet,RPR,GRE,NetStream
PPP/MP NO
IPV6
FIBv63KACLv61KARPv61K
FIB 200K
Routing Table 1M
OSPF Nei gh bors 256, Def au lt 50
OSPF Int erfac es 256, Def au lt 50
OSPF
Session/Instances256, Default 50
ISIS Neighbor 256, Default 50
ISIS Interfaces 256, Default 50
ISIS Instances 256, Default 50
BGP Neighbors 256, Default 50
Description CX600 V2R1
VPN-Instance 1K, Default 500
ARPv4 16K
IPV4 ACL per Board 8K
Max. IPv4 ACL per
Equipment64K
H-QOS Levels 5-level Scheduler
FQ per BoardIngress 24K
Egress 24K
MAC per Board 128K
QinQs per Board 16K
MPLS LSP Tunnels 64K
MPLS TE Tunnels 1K
Multicast core Routing
Table4K
SRU Memory 2Gbps, Default: 1G
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
115/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential114
114
Page114
Introduction to Boards
Newly Added LPUs
1*10GBase-LAN-XFP Optical Interface LPU1*10GBase-WAN-XFP Optical Interface LPU
10*1000Base-X-SFP SFP Optic al Interf ace LPU
24*10/100/1000Base-TX-RJ45 Electrical Interface LPU
24*100/1000Base-X-SFP Optic al Interface LPU
1*OC-192c/STM-64c RPR-XFP Optical Interface LPU
2*OC-48c/STM-16c RPR-XFP Optical InterfaceLPU
4*OC-48c/STM-16c RPR-XFP Optical InterfaceLPU
2*1000M RPR-SFP Optical InterfaceLPU
4*1000M RPR-SFP Optical InterfaceLPU
Service Processing Circuit Board-NetStream Processing
Service Processing Circuit Board-TSU Service Processing
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
116/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential115
115
Page115
Introduction to Interface Types
Type Interface Remarks
Ethernet 10G LAN (XFP)
10G WAN (XFP)GE (SFP)
GE (RJ45)
FE (SFP)
RPR 10G RPR(XFP)
2.5G RPR(SFP)
1000M RPR(SFP)
Optical Module XFP 10G 10Km For 10G WAN and RPR, the distance is2Km
XFP 10G 40Km
XFP 10G 80Km Only fo r 10G WAN and 10G RPR
XFP 10G 300m Only fo r 10G LAN
SFP GE550m/10Km/40Km/80Km/100Km
SFP CWDM 1GE 70Km
SFP 1000BaseT RJ45 Auto negotiation
SFP 2.5G 2Km/15Km/40Km/80Km
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
117/162
Network Learning Centre
Proprietary & Confidential116
116Page116
Contents
1. Introduction to CX 600
2. Service Features of CX600
3. Application of CX600
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
118/162
Course Name
Confidential Information of Huawei. No
Spreading Without Permission N-1
Network Learning Centre
Proprietary & Confidential117
117Page117
Networking Capacities
Core layer is responsible for the high-speed forwarding of service data.
Edge and aggregation layer serve as the access point of various services.
Access layer is responsible for the user access (DSLAM, converged-switch, AG,NodeB)
The services access the network for forwarding through the BRAS, the centralizedPE, or the aggregation node, based on the service type.
-
8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction
119/162
Network Learning Centre
Proprietary & Confidential118
118Page118
Networking Capacities
DSLAM
Switch
Aggregation node
Distribution node
BRAS
PE
P/PE
Access individual services through the permanent virtual circuit(PVC).Adds VLAN or QinQ tag based on the types of users and services
Refers to the access switch that converges the Layer 2 corporateservicesto the aggregation node.
Distinguishes the VLAN or QinQ user services, forwards Layer 3 servicesor VPN services, or transparently transmits services to the BRAS or thecentralized PE through the IP or MPLS technologies.
Converges the services in ME and terminates the IP or MPLS pipes andtransparently transmits the services to the BRAS or the centralized PE
Refers to a device that processes PPPoE login services of individual users
Refers to the centralized service node, which can also serve as thedistribution node. PE accesses the services that should be converged andprocessed, such as centralized L3VPN services
Refers to the core forwarding node or the edge node on the back bone
network. P or PE rapidly forwards the services or accesses the services tothe