quidway s9300 terabit routing switch product description(v100r003c01_01).pdf

Quidway S9300 Terabit Routing SwitchV100R003C01

Product Description

Issue 01

Date 2010-12-15

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2010. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

Issue 01 (2010-12-15) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://www.huawei.com

mailto:[email protected]

About This Document

Intended AudienceThis document describes the product positioning and features, product architecture, link features,service features, application scenarios, operation and maintenance, and technical specificationsof the Quidway S9300 Terabit Routing Switch .

This document provides an overall description of the Quidway S9300 Terabit RoutingSwitch , which helps intended readers get a general understanding of all the product features.

This document is intended for:

l Network planning engineersl Hardware installation engineersl Commissioning engineersl Data configuration engineersl On-site maintenance engineersl Network monitoring engineersl System maintenance engineers

Symbol ConventionsThe symbols that may be found in this document are defined as follows.

Symbol Description

DANGERIndicates a hazard with a high level of risk, which if notavoided, will result in death or serious injury.

WARNINGIndicates a hazard with a medium or low level of risk, whichif not avoided, could result in minor or moderate injury.

CAUTIONIndicates a potentially hazardous situation, which if notavoided, could result in equipment damage, data loss,performance degradation, or unexpected results.

TIP Indicates a tip that may help you solve a problem or savetime.

Quidway S9300 Terabit Routing SwitchProduct Description About This Document


iii

Symbol Description

NOTE Provides additional information to emphasize or supplementimportant points of the main text.

Change HistoryUpdates between document issues are cumulative. Therefore, the latest document issue containsall updates made in previous issues.

Changes in Issue 01 (2010-12-15)This is the first release.

About This DocumentQuidway S9300 Terabit Routing Switch

Product Description

iv Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 01 (2010-12-15)

Contents

About This Document...................................................................................................................iii

1 Introduction.................................................................................................................................1-11.1 Positioning.......................................................................................................................................................1-21.2 Product Characteristics....................................................................................................................................1-2

2 Architecture.................................................................................................................................2-12.1 System Structure.............................................................................................................................................2-2

2.1.1 System Structure of the S9303...............................................................................................................2-22.1.2 System Structure of the S9306...............................................................................................................2-42.1.3 System Structure of the S9312...............................................................................................................2-6

2.2 Hardware Structure.........................................................................................................................................2-82.2.1 Backplane.............................................................................................................................................2-102.2.2 SRU......................................................................................................................................................2-102.2.3 MCU.....................................................................................................................................................2-112.2.4 CMU.....................................................................................................................................................2-112.2.5 LPU......................................................................................................................................................2-112.2.6 FSU.......................................................................................................................................................2-152.2.7 VSU......................................................................................................................................................2-152.2.8 SPU.......................................................................................................................................................2-16

2.3 Software Architecture...................................................................................................................................2-16

3 Service Features..........................................................................................................................3-13.1 Ethernet...........................................................................................................................................................3-3

3.1.1 VLAN Aggregation................................................................................................................................3-33.1.2 VLAN Mapping.....................................................................................................................................3-33.1.3 Selective QinQ.......................................................................................................................................3-43.1.4 BPDU Tunnel.........................................................................................................................................3-4

3.2 IP Features.......................................................................................................................................................3-43.2.1 IPv4/IPv6 Protocol Stack.......................................................................................................................3-53.2.2 IPv4 Features..........................................................................................................................................3-53.2.3 IPv6 Features..........................................................................................................................................3-63.2.4 IPv4/IPv6 Transition Technologies........................................................................................................3-63.2.5 IP Session...............................................................................................................................................3-8

3.3 Multicast..........................................................................................................................................................3-9

Quidway S9300 Terabit Routing SwitchProduct Description Contents


v

3.3.1 Multicast Routing Protocol.................................................................................................................... 3-93.3.2 IGMP Snooping....................................................................................................................................3-103.3.3 Static Multicast.....................................................................................................................................3-113.3.4 Multicast VLAN and Multicast Replication........................................................................................3-11

3.4 QoS................................................................................................................................................................3-113.4.1 Hierarchical Traffic Policing................................................................................................................3-123.4.2 Flow Control........................................................................................................................................3-123.4.3 Re-marking...........................................................................................................................................3-123.4.4 Queue Scheduling................................................................................................................................3-123.4.5 Congestion Avoidance.........................................................................................................................3-133.4.6 Traffic Shaping.....................................................................................................................................3-13

3.5 Reliability......................................................................................................................................................3-133.5.1 Link Aggregation.................................................................................................................................3-143.5.2 DLDP...................................................................................................................................................3-143.5.3 RRPP and the Multi-Instance Technology...........................................................................................3-143.5.4 Smart Link and the Multi-Instance Technology..................................................................................3-153.5.5 Ethernet OAM......................................................................................................................................3-153.5.6 BFD......................................................................................................................................................3-153.5.7 LSP Protection Switchover..................................................................................................................3-163.5.8 High Availability at the Equipment Level...........................................................................................3-16

3.6 Security..........................................................................................................................................................3-193.6.1 Security for Devices.............................................................................................................................3-193.6.2 Security for Services............................................................................................................................3-20

3.7 Network Management Features....................................................................................................................3-223.7.1 LLDP....................................................................................................................................................3-223.7.2 NetStream.............................................................................................................................................3-22

3.8 Clock.............................................................................................................................................................3-243.9 PoE................................................................................................................................................................3-243.10 Enterprise Network Features.......................................................................................................................3-25

3.10.1 NAC...................................................................................................................................................3-253.10.2 Firewall...............................................................................................................................................3-263.10.3 NAT....................................................................................................................................................3-273.10.4 Load Balancing..................................................................................................................................3-27

3.11 MPLS..........................................................................................................................................................3-283.11.1 Basic MPLS Functions.......................................................................................................................3-283.11.2 MPLS TE............................................................................................................................................3-283.11.3 MPLS OAM.......................................................................................................................................3-293.11.4 VLL....................................................................................................................................................3-293.11.5 VPLS..................................................................................................................................................3-303.11.6 HVPLS...............................................................................................................................................3-303.11.7 MPLS L3VPN....................................................................................................................................3-31

4 Application Scenarios...............................................................................................................4-1

ContentsQuidway S9300 Terabit Routing Switch

Product Description

vi Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 01 (2010-12-15)

4.1 Overview.........................................................................................................................................................4-24.2 Application of MPLS L2VPN.........................................................................................................................4-24.3 Application of HVPLS for Dual-homing Protection.......................................................................................4-4

4.3.1 UPE+NPE Network Architecture...........................................................................................................4-54.3.2 UPE+PE-AGG+NPE Network Architecture..........................................................................................4-5

4.4 Application of RRPP.......................................................................................................................................4-64.5 Application of Smart Link in Dual-Homing Networking...............................................................................4-84.6 Application of Ethernet OAM.........................................................................................................................4-94.7 Application of QoS........................................................................................................................................4-104.8 Application of Selective QinQ......................................................................................................................4-114.9 Application of the S9300 in IPTV Service....................................................................................................4-12

4.9.1 Networking of IPTV.............................................................................................................................4-124.9.2 Protection of IPTV Services.................................................................................................................4-13

4.10 Application of the S9300 in NAC Networking...........................................................................................4-144.11 Applications of the Firewall........................................................................................................................4-15

5 Operation and Maintenance....................................................................................................5-15.1 Maintenance and Management........................................................................................................................5-2

5.1.1 Configuration Modes..............................................................................................................................5-25.1.2 Management and Monitoring.................................................................................................................5-35.1.3 Diagnosis and Debugging......................................................................................................................5-35.1.4 In-Service Software Upgrade and Patching...........................................................................................5-5

5.2 NMS................................................................................................................................................................5-5

6 Technical Specification.............................................................................................................6-16.1 Physical Specifications....................................................................................................................................6-26.2 System Configuration......................................................................................................................................6-36.3 Performance and Capacity..............................................................................................................................6-46.4 List of Software Features................................................................................................................................6-8

Quidway S9300 Terabit Routing SwitchProduct Description Contents


vii

Figures

Figure 2-1 Appearance of the S9303....................................................................................................................2-2Figure 2-2 Appearance of the back of the S9303.................................................................................................2-3Figure 2-3 Component layout of the S9303.........................................................................................................2-3Figure 2-4 Appearance of the S9306....................................................................................................................2-4Figure 2-5 Appearance of the back of the S9306.................................................................................................2-5Figure 2-6 Component layout of the S9306.........................................................................................................2-5Figure 2-7 Appearance of the S9312....................................................................................................................2-6Figure 2-8 Appearance of the back of the S9312.................................................................................................2-7Figure 2-9 Component layout of the S9312.........................................................................................................2-8Figure 2-10 Hardware structure of the S9303......................................................................................................2-9Figure 2-11 Hardware structure of the S9306 and S9312....................................................................................2-9Figure 3-1 Structure of the IPv4/IPv6 protocol stack...........................................................................................3-5Figure 3-2 Schematic diagram of the IPv6 over IPv4 tunnel technology............................................................ 3-6Figure 3-3 Networking diagram of the IPv4 over IPv6 tunnel.............................................................................3-7Figure 3-4 6PE topology...................................................................................................................................... 3-8Figure 3-5 Networking diagram of the IP session................................................................................................3-8Figure 3-6 Networking diagram of E-Trunk......................................................................................................3-18Figure 3-7 Networking diagram of NetStream...................................................................................................3-23Figure 3-8 Main components and networking of NAC......................................................................................3-26Figure 4-1 S9300 application in the MAN...........................................................................................................4-2Figure 4-2 Point-to-point VPN application (VLL)...............................................................................................4-3Figure 4-3 Multipoint-to-multipoint VPN application (VPLS)........................................................................... 4-3Figure 4-4 VPN services realized through the cooperation between the S9300 and CE.....................................4-4Figure 4-5 S9300 Application of HVPLS with UPE+NPE network architecture................................................4-5Figure 4-6 S9300 application of HVPLS with UPE+PE-AGG+NPE network architecture................................4-6Figure 4-7 Application of intersectant RRPP rings..............................................................................................4-7Figure 4-8 Application of Smart Link..................................................................................................................4-8Figure 4-9 Application of Ethernet OAM on the MAN.......................................................................................4-9Figure 4-10 S9300 application of QoS...............................................................................................................4-10Figure 4-11 S9300 application of selective QinQ..............................................................................................4-11Figure 4-12 S9300 application of IPTV.............................................................................................................4-12Figure 4-13 S9300 protection for IPTV services...............................................................................................4-14Figure 4-14 Application of the S9300 in the NAC networking.........................................................................4-15

Quidway S9300 Terabit Routing SwitchProduct Description Figures


ix

Figure 4-15 Networking diagram for applying the firewall to the enterprise intranet.......................................4-16Figure 4-16 Networking diagram applying the firewall to the ISP network......................................................4-17Figure 4-17 Networking diagram for applying the firewall to the data center...................................................4-18

FiguresQuidway S9300 Terabit Routing Switch

Product Description

x Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 01 (2010-12-15)

Tables

Table 1-1 Table of interface density of the board and system..............................................................................1-3Table 1-2 System specifications of the S9300......................................................................................................1-3Table 1-3 Carrier-class reliability.........................................................................................................................1-6Table 2-1 SRU....................................................................................................................................................2-10Table 2-2 Ethernet LPUs....................................................................................................................................2-11Table 2-3 FSUA..................................................................................................................................................2-15Table 2-4 Stacking cards....................................................................................................................................2-15Table 2-5 SPU card.............................................................................................................................................2-16Table 6-1 Physical specifications of the S9300....................................................................................................6-2Table 6-2 System configuration of the S9300......................................................................................................6-3Table 6-3 Performance specifications of the S9300.............................................................................................6-4Table 6-4 Software features list of the S9300...................................................................................................... 6-8

Quidway S9300 Terabit Routing SwitchProduct Description Tables


xi

1 Introduction

About This Chapter

This section describes the features of the S9300 and the position of the S9300 on the network.

1.1 PositioningWith the popularization of the IP network and the trend of triple play services, the MetropolitanArea Network (MAN) is bearing more services, demanding higher requirements on the qualityof transmission. In view of such a demand, Huawei has developed the Quidway S9300 TerabitRouting Switch (hereinafter referred to as the S9300), a high-end network device.

1.2 Product CharacteristicsThe S9300 provides high-density Ethernet interfaces. This section describes the the maximuminterface density on the LPU and in the entire system, forwarding capability, features andreliability.

Quidway S9300 Terabit Routing SwitchProduct Description 1 Introduction


1-1

1.1 PositioningWith the popularization of the IP network and the trend of triple play services, the MetropolitanArea Network (MAN) is bearing more services, demanding higher requirements on the qualityof transmission. In view of such a demand, Huawei has developed the Quidway S9300 TerabitRouting Switch (hereinafter referred to as the S9300), a high-end network device.

The S9300 is mainly used to access, converge, and transmit services on the MAN. As the accessand convergence device on the MAN, the S9300 provides EPON, Fast Ethernet (FE), GigabitEthernet (GE), and 10GE interfaces that transmit services at line speed.The S9300 can be appliedto enterprise networks and data centers, providing high-density interfaces and rich value-addedservice (VAS) capabilities.

The S9300 provides three models: S9303, S9306, and S9312. The S9303 supports a maximumof three LPUs; the S9306 supports a maximum of six LPUs; the S9312 supports a maximum of12 Line Processing Units (LPUs). You can choose different models as required.

The S9300 operates on the Versatile Routing Platform (VRP) operating system developed byHuawei and adopts the hardware-based forwarding and non-blocking data switching technology.The S9300 features carrier-class reliability, line-speed forwarding capability, perfect Quality ofService (QoS) mechanism, service processing capability, and good expansibility.The S9300provides rich enterprise network features, including firewall, Network Address Translation(NAT), network traffic analysis, IPSec VPN, and load balancing, meeting requirements ofvarious services on enterprise networks.

NOTE

The release of Russia does not provide the IPSec VPN.

In addition, the S9300 provides strong capabilities in network access, Layer 2 switching, andtransmission of Ethernet over MultiProtocol Label Switching (EoMPLS) services. The S9300also supports rich IP services and provides broadband access, triple play, IP leased line, andVirtual Private Network (VPN) services. The S9300 can also work in conjunction with the Sseries switches, NE80E, NE40E, ME60, and MA5200G developed by Huawei to set up ahierarchical metro Ethernet that provides rich services for customers.

1.2 Product CharacteristicsThe S9300 provides high-density Ethernet interfaces. This section describes the the maximuminterface density on the LPU and in the entire system, forwarding capability, features andreliability.

High-Density InterfacesTable 1-1 lists the types of interfaces on the boards with high interface density and describesthe interface density of the boards and in the entire system.

1 IntroductionQuidway S9300 Terabit Routing Switch

Product Description

1-2 Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

Issue 01 (2010-12-15)

Table 1-1 Table of interface density of the board and system

Interface Type Interface Densityon the LPU

Interface Density of the System

10GE 48 S9312: 576S9306: 288S9303: 144

GE 48 S9312: 576S9306: 288S9303: 144

FE 48 S9312: 576S9306: 288S9303: 144

Flexible Extensibility

The system extensibility includes:

l Service extensibility: The SRU of the system supports the FSUA, which can meet therequirements for service development in the future.

l Power supply: Currently, the maximum power supply of a power supply module is 1600W, and 1+1 and 2+2 redundancy are supported. In the future, 4+4 redundancy will besupported.

l cluster switch system (CSS): In a CSS, two switches are connected through dedicatedstacking cables to form a logical switch. To meet the forwarding requirement of the databaseand ensure the network reliability, the CSS technology is used.

Powerful Forwarding Capability

On the S9300, the hardware completes two-level packet replication to forward multicast at wirespeed. That is, the SFU replicates multicast packets to the LPU, and the forwarding engine ofthe LPU replicates the multicast packets to its interfaces.

Table 1-2 System specifications of the S9300

S9312 S9306 S9303

Switchingcapacity

1 Tbit/s or 2 Tbit/s 1 Tbit/s or 2 Tbit/s 720 Gbit/s

Backplanecapacity

12Tbit/s 6Tbit/s 3Tbit/s

Forwardingcapacity

1320 Mpps 1080 Mpps 540 Mpps



1-3

Rich Featuresl The S9300 provides rich Layer 2 service features, including the following:

– VLAN

– Generic Attribute Registration Protocol / Generic VLAN Registration Protocol (GARP/GVRP)

– Selective QinQ

– RRPP

– Smart Ethernet Protection (SEP)

– Smart Link

– STP, RSTP, and MSTP

– Link aggregation

– DHCP snooping

– IGMP snooping

– IPV6 ND snooping

– MLDv1/v2 snooping

– Ethernet OAMl The S9300 provides various IP services, including:

– IPv4 unicast routing protocols, including the Routing Information Protocol (RIP), OpenShortest Path First (OSPFv2), Intermediate System-to-Intermediate System (IS-IS),Border Gateway Protocol (BGP), and Multiprotocol Border Gateway Protocol (MBGP)

– IPv6 unicast routing protocols, including RIPng, OSPFv3, ISISv6, and BGP+

– Multicast routing protocols, including IGMP, MLD, Multicast Source DiscoveryProtocol (MSDP), multicast VLAN, PIM-DM, PIM-SM, and PIM-SSM

– VRRP

– DHCP relay, DHCP server, and Option82

– The S9300 supports distributed and integrated NetStream.l The S9300 provides MPLS services.

– MPLS forwarding

– LDP

– MPLS-TE

– MPLS-OAMl The S9300 provides perfect VPN services, including the following features:

– VPLS

– VLL

– BGP/MPLS IP VPNl The S9300 provides mobile services, including:

– Stratum-3 clock

– Ethernet clock synchronization

– 1588v2l The S9300 provides rich intranet features, including:


Product Description


Issue 01 (2010-12-15)

– The S9300, which functions as the network access device (NAD), supports Webauthentication, 802.1x authentication, and MAC address authentication.

– PoE– The S9300 provides service distribution, including:

l Firewall/NATl Load balancingl IPSec VPN

NOTE


Excellent Security DesignThe S9300 adopts a distributed structure, which guarantees the separation between the data planeand the control plane. It provides a security performance leading in the industry.

The S9300 provides the following security features:

l Three user authentication modes: local authentication, Remote Authentication Dial in UserService (RADIUS) authentication, and Huawei Terminal Access Controller Access ControlSystem (HWTACACS) authentication.

l Hardware-based packet filtering and sampling, which guarantees high performance andhigh scalability

l Multiple authentication methods including plain text authentication and Message Digest 5(MD5) for upper-layer routing protocols such as OSPF, IS-IS, RIP, and BGP-4

l ACL on the forwarding plane and control planel Anti-attack features: The S9300 provides the blacklist and CAR functions to limit the

packets to be sent to the CPU.l Port securityl URPFl DHCP snooping and DHCP snooping over VPLSl MAC limit and MAC Forced Forwarding (MFF)l IP source trail, ARP attack defense, ICMP attack defense,and broadcast traffic suppressionl Blacklist and attack trace: The S9300 filters out the traffic of users on the blacklist and

displays the physical interfaces and VLAN IDs of the attackers.l Whitelist: The S9300 provides a high-priority channel for the protocol packets transmitted

to the CPU.

Carrier-Class ReliabilityThe S9300 provides a powerful monitoring system. The S9300 manages and maintains the entiresystem by using the individual monitoring unit. The monitoring unit manages, monitors, andmaintains the boards, fans, and power modules.

The S9300 complies with Electro Magnetic Compatibility (EMC). The modular design of theS9300 implements EMC isolation between boards.

The S9300 meets the requirements for the high reliability of carrier-class and high-end devices.The S9300 provides the following features shown in Table 1-3 to ensure high reliability.



1-5

Table 1-3 Carrier-class reliability

Item Description

Systemprotectionmechanism

The boards, power modules, and fans are hot swappable.

The monitoring unit is totally separated from the service system.

The system can operate normally for 96 hours when a single fan fails.

The MPUs work in 1+1 backup mode.

The power modules work in 1+1 or 2+2 backup mode.

Key components such as the clocks and management buses work in backupmode.

Protectionagainstabnormalities

The system can restart automatically and be recoveredwhen abnormalities occur.

The system resets a board when abnormalities occur onthe board and resumes the work.

The system automatically restores the interfaceconfiguration.

The system provides protections against over-current and over-voltage forpower modules and interfaces.

The system provides protection against mis-insertion of boards.

Power alarmmonitoring

The system provides alarm prompt, alarm indication,running status query, and alarm status query.

Voltage andenvironmenttemperaturemonitoring

The system provides alarm prompt, alarm indication,running status query, and alarm status query.

Reliabilitydesign

The system adopts distributed hardware-based forwarding.

The control channel is separated from the service channel to provide a non-blocking control channel.

The system provides fault detection for the system and boards and alarmfunction for indicators, and the NMS.

Reliableupgrade

The system supports in-service patching.

The system supports version rollback.

The system supports online upgrade of the BootROM.

The system supports the Error Checking and Correction (ECC) RandomAccess Memory (RAM).


Product Description


Issue 01 (2010-12-15)

Item Description

Faulttolerancedesign

Data backup The system supports hot backup of the data between theactive and standby units. When the active unit fails, thestandby unit automatically takes over the active unit fordata transmission. This prevents data loss.

Synchronization configuration

The system supports the synchronization between theMPUs and LPUs.

The system can automatically select and boot correct applications.

The system supports the automatic upgrade and restoration of the BootROMprogram.

The system can back up configuration files to the remote FTP server.

The system can automatically select and run correct configuration files.

The system provides abnormality monitoring for the system software,automatic restoration, and log record.

Operationsecurity

The system provides password protection for system operations.

The system provides hierarchical protection for commands through theconfiguration of login user levels and command levels.

The system can lock the terminal through commands to prevent illegal use.

The system provides operation and confirmation prompts for somecommands that may degrade the system performance.

Operationandmaintenancecenter

The system adopts the generic integrated Network Management Systemplatform developed by Huawei.

Good MaintainabilityThe S9300 provides the following maintenance features:

l The S9300 supports Ethernet OAM, providing point-to-point Ethernet fault managementto detect faults in the first mile of the directly connected link on the user side of the Ethernet.The S9300 supports automatic neighbor discovery, link fault monitoring, remote faultnotification, and remote loopback configuration defined in IEEE 802.3ah, and ConnectivityCheck (CC) fault detection, MAC Ping, and MAC Trace defined in IEEE 802.1ag.

l The S9300 supports MPLS OAM, providing fault detection and location techniques suchas Ping and TraceRoute on the MPLS network.

l The S9300 supports 802.1ag, 802.3ah, association between the status of BFD sessions, andend-to-end OAM.

l The S9300 supports traffic statistics based on physical interfaces, VLAN IDs, MPLS LSPs,and ACLs.



1-7

l Through the U2000, you can operate the S9300 for: Device managementInterfacemanagementVLAN managementMulticast managementMPLS managementSoftwareupgrading managementConfiguration file management(item list)

l The S9300 supports different configuration methods such as end-to-end configuration,batch configuration, and configuration wizard. At the same time, it provides correspondingdefault configuration templates.

l The S9300 supports remote maintenance. The S9300 supports remote maintenance throughTelnet.

l The S9300 supports in-service upgrade. When the system is operating normally, it can beupgraded through FTP or TFTP. In addition, with the active/standby switchover function,services are not interrupted during the upgrade.

l The S9300 supports hot patch. It can upgrade only the features that need to be optimized.Services are not interrupted during a patch is installed. It also supports deletion andconfirmation during a patch is installed.

l It supports rollback of versions. When the in-service upgrade of the system software or thatof a patch fails, the S9300 can return to the version before the upgrade.


Product Description


Issue 01 (2010-12-15)

2 Architecture

About This Chapter

This section describes the appearance, hardware structure and software architecture of the S9300

2.1 System StructureThis section describes the appearance and component layout of the S9300.

2.2 Hardware StructureThis section describes the hardware structure, backplane, MCU, SRU, LPU, CMU , FSU andclock board of the S9300.

2.3 Software ArchitectureThis section describes the relationship between the operating system and software features ofS9300.

Quidway S9300 Terabit Routing SwitchProduct Description 2 Architecture


2-1

2.1 System StructureThis section describes the appearance and component layout of the S9300.

The S9300 adopts a distributed hardware architecture.

The S9300 consists of the following components:

l Chassisl Backplanel Power modulel Fan framel Switch Routing Unit (SRU) or Main Control Unit (MCU)l Line Processing Unit (LPU)l Central Management Unit (CMU)

The S9300 can be installed in either the 297 cabinet specified by the InternationalElectrotechnical Commission (IEC) or the cabinet specified by the EuropeanTelecommunications Standards Institute (ETSI).

NOTE

l The SRU and CMU are applicable only to the S9312 and S9306.

l The MCU is applicable only to the S9303.

2.1.1 System Structure of the S9303




Appearance of the S9303Figure 2-1 shows the appearance of the S9303.

Figure 2-1 Appearance of the S9303

1. Ack-mounting ear 2. Power module 3. MCU

2 ArchitectureQuidway S9300 Terabit Routing Switch

Product Description


Issue 01 (2010-12-15)

4. LPU 5. PoE module 6. Cabling rack

Figure 2-2 shows the appearance of the back of the S9303.

Figure 2-2 Appearance of the back of the S9303

1. Air filter 2. Fan module

The dimensions of the S9303 are 442 mm x 476 mm x 175 mm (width x depth x height).

Facing the chassis, the LPUs, MCUs, and power modules are mounted from top to bottom.Ventilation and heat dissipation of the S9303 are performed from the back of the chassis. Thehandles reside on both sides of the chassis.

Component Layout of the S9303

Figure 2-3 shows the component layout of the S9303.

Figure 2-3 Component layout of the S9303

MCU

LPU

LPU

LPU

MCU

PoEPower module Power module

l All components of the S9303 are located on the front panel for maintenance. There aretotally five slots for horizontally inserted boards in the board cage. The two half-heightslots in the lower half of the chassis are reserved for the MCUs that support 1+1 backupmode. The other three slots are reserved for the LPUs.

l The fan frame and air filter of the S9303 are located at the back of the chassis.

l Located at the bottom of the chassis, the power modules work in 1+1 backup mode andsupport double power supply networks for power input. The power modules can be eitherAC power modules or DC power modules.



2-3

l The power modules support PoE. The PoE function supports only the AC power supplyand does not support the backup of power modules.




1. LPU 2. SRU 3. Ack-mounting ear

4. Cabling rack 5. PoE module 6. CMU

7. Power module



Product Description


Issue 01 (2010-12-15)



The dimensions of the S9306 are 442 mm x 476 mm x 441.7mm (width x depth x height).

Facing the chassis, the LPUs, SRUs, CMUs, and power modules are mounted from top to bottom.Ventilation and heat dissipation of the S9306 are performed from the back of the chassis. Thehandles reside on both sides of the chassis.

Component Layout of the S9306

Figure 2-6 shows the component layout of the S9306.


SRU

LPU

LPU

SRU

LPU

LPU

LPU

CMU

CMU

Pow

erm

odul

e

POE

Pow

erm

odul

e

Pow

erm

odul

e

Pow

erm

odul

e

POE

LPU

POE

POE



2-5

l The board cage of the S9306 provides a total of eight slots for horizontally inserted boards.The two slots in the middle are reserved for the SRUs that support 1+1 backup mode. Theother six slots are reserved for the LPUs.

l The fan frame and air filter of the S9306 are located at the back of the chassis.l Located at the bottom of the chassis, the power modules support double power supply

networks for power input. The power modules can be either AC power modules or DCpower modules. The DC power modules can work in 1+1 mode. The AC power modulescan work in 1+1 or 2+2 mode.

l Located at the bottom of the chassis, the CMUs work in 1:1 backup mode.l The power modules support Power over Ethernet (PoE). The PoE function supports only

the AC power supply. Four AC power modules work in 3+1, 2+2, or 4+0 (not backup)mode..




1. LPU 2. SRU 3. Ack-mounting ear

4.Cabling rack 5. PoE module 6. CMU

7. Power module



Product Description


Issue 01 (2010-12-15)



The dimensions of the S9312 are 442 mm x 476 mm x 663.95 mm (width x depth x height).

Facing the chassis, the LPUs, SRUs, CMUs, and power modules are mounted from top to bottom.Ventilation and heat dissipation of the S9312 are performed from the back of the chassis. Thehandles are on both sides of the chassis.

Component Layout of the S9312Figure 2-9 shows the component layout of the S9312.



2-7


SRU

LPU

LPU

SRU

LPU

LPU

LPU

LPU

LPU

LPU

LPU

LPU

LPU

LPU

CMU

CMU

Pow

erm

odul

ePo

wer

mod

ule

Pow

erm

odul

ePo

wer

mod

ule

POE

POE

POE

POE

l The board cage of the S9312 provides a total of 14 slots for horizontally inserted boards.The two slots in the middle are reserved for the SRUs that support 1+1 backup mode. Theother 12 slots are reserved for the LPUs.

l The fan frame and air filter of the S9312 are located at the back of the chassis.

l Located at the bottom of the chassis, the power modules support double power supplynetworks for power input. The power modules can be either AC power modules or DCpower modules. The DC power modules can work in 1+1 mode. The AC power modulescan work in 1+1 or 2+2 mode.

l The power modules support PoE. The PoE function supports only the AC power supply.Four AC power modules work in 3+1, 2+2, or 4+0 (not backup) mode..

l Located at the bottom of the chassis, the CMUs work in 1+1 backup mode.

2.2 Hardware StructureThis section describes the hardware structure, backplane, MCU, SRU, LPU, CMU , FSU andclock board of the S9300.

Figure 2-10 shows the hardware structure of the S9303.


Product Description


Issue 01 (2010-12-15)

Figure 2-10 Hardware structure of the S9303

HighspeedSerdes

backplane

Materialinterfacemodule

Serviceprocessing

module

Main control module

Monitoringmodule

Clockmodule

LPUSystemclockmodule

Control plane communication module


Service layer softwareNMSManagement

layer softwareControl layer

software

System monitoring module

MCU

Figure 2-11 shows the hardware structure of the S9306 and S9312.

Figure 2-11 Hardware structure of the S9306 and S9312

HighspeedSerdes

backplane

Materialinterfacemodule

Serviceprocessing

module

Main control module

Monitoringmodule

Clockmodule

LPU

Switchingnetworkmodule

Systemclockmodule



Service layer softwareNMSManagement

layer softwareControl layer

software

System monitoring module

SRU



2-9

2.2.1 Backplane

2.2.2 SRU

2.2.3 MCU

2.2.4 CMU

2.2.5 LPU

2.2.6 FSU

2.2.7 VSU

2.2.8 SPU

2.2.1 BackplaneThe S9300 is designed with a passive backplane. The backplane provides control buses,management buses, and clock buses between the SRU,MCU and other components forcommunication.

The backplane of an S9300 provides two slots for the main process unit. In addition, thebackplane of an S9303 provides 3 LPU slots, the backplane of an S9306 provides 6 LPU slots,and the backplane of an S9312 provides 12 LPU slots.

2.2.2 SRUThe SRU is applicable only to the S9306 and S9312. The SRU integrates multiple functionalmodules such as the data switching module, main control module, FSUA, Compact Flash (CF)module, and system monitoring module. The SRU can be expanded to provide the clock module.As the core of system control and management and data switching, the SRU switches data, andcontrols and monitors the system.

The main control units of the SRU work in 1+1 backup mode. The data switching units can workin either 1+1 load balancing mode or 1:1 backup mode.

The SRU of the S9300 performs the following functions:

l Forwards data on the data plane.

l Processes protocols including STP, MPLS, and various routing protocols.

l Monitors components.

l Manages the system and monitors system performance according to the user's instruction,and provides feedback on the running status of the system for users.

Table 2-1 SRU

Name Note

SRUA Provides 1 Tbit/s service switching capability.

SRUB Provides 2 Tbit/s service switching capability.


Product Description


Issue 01 (2010-12-15)

2.2.3 MCUThe MCU is applicable only to the S9303. The MCU integrates the main control module, CFmodule, system monitoring module and clock module.

The MCU of the S9300 performs the following functions:

l Processes protocols including STP, MPLS, and various routing protocols.

l Monitors components, collects running data of each component periodically, and generatescontrol information based on the running status of the components, for example, checkingwhether the boards are available and controlling the running of the switching fabric.

l Manages the system and monitors system performance according to the user's instruction,and provides feedback on the running status of the system for users.

2.2.4 CMUThe CMU monitors and manages the follow devices:

l power modules

l fan modules

l PoE modules

These help monitor and manage the system and facilitates energy saving and emission reduction.

2.2.5 LPUThe LPUs are used to process packets and they provide service interfaces. Table 2-2 lists theLPUs supported by the S9300.

Table 2-2 Ethernet LPUs

Name ShortName

Remarks

48-port 100M Ethernet optical LPU(EA, SFP) -32K MAC

F48SA It supports the following functions:l MPLSl Netstreaml IPv6

48-port 100M Ethernet optical LPU(EC, SFP)-128K MAC

F48SC It supports the following functions:l MPLSl Netstreaml IPv6

48-port 100M Ethernet electrical LPU(EA, RJ45)-32K MAC

F48TA It supports the following functions:l MPLSl Netstreaml IPv6



2-11

Name ShortName

Remarks

48-port 100M Ethernet electrical LPU(EC, RJ45)-128K MAC

F48TC It supports the following functions:l MPLSl Netstreaml IPv6

48-port 100M Ethernet electrical LPU(FA, RJ45)-32K MAC

F48TFA It supports the following functions:l MPLSl Netstreaml IPv6

48-port 100M/1000M Ethernet opticalLPU (EA, SFP)-32K MAC

G48SA It supports the following functions:l MPLSl Netstreaml IPv6

48-port 100M/1000M Ethernet opticalLPU (EC, SFP)-128K MAC

G48SC It supports the following functions:l MPLSl Netstreaml IPv6

48-port 100M/1000M Ethernet opticalLPU (ED, SFP)-512K MAC

G48SD It supports the following functions:l MPLSl Netstreaml IPv6

48-port 1000M Ethernet optical LPU(FA, SFP)-32K MAC

G48SFA It supports the following functions:l MPLSl Netstreaml IPv6

48-port 100M/1000M Ethernetelectrical LPU (EA, RJ45)-32K MAC

G48TA It supports the following functions:l MPLSl Netstreaml IPv6

48-port 100M/1000M Ethernetelectrical LPU (EC, RJ45)-128KMAC

G48TC It supports the following functions:l MPLSl Netstreaml IPv6


Product Description


Issue 01 (2010-12-15)

Name ShortName

Remarks

48-port 100M/1000M Ethernetelectrical LPU (ED, RJ45)-512KMAC

G48TD It supports the following functions:l MPLSl Netstreaml IPv6

48-Port 1000M Ethernet electricalLPU (FA,RJ45)-32K MAC

G48TFA It supports the following functions:l MPLSl Netstreaml IPv6

12-Port 100M/1000M Opticalinterface + 36-Port 100M/1000Melectrical LPU (EA, RJ45/SFP)-32KMAC

G48CEAT It supports the following functions:l MPLSl Netstreaml IPv6

48-port 100M/1000M Ethernet PoEelectrical LPU (EA, RJ45, POE) -32KMAC

G48VA It supports the following functions:l MPLSl Netstreaml IPv6

4-port 10GE optical LPU (EA, XFP)-32K MAC

X4UXA It supports the following functions:l MPLSl Netstreaml IPv6

4-port 10GE optical LPU (EC, XFP)-128K MAC

X4UXC It supports the following functions:l MPLSl Netstreaml IPv6

4-port 10GE optical LPU (ED, XFP)-512K MAC

X4UXD It supports the following functions:l MPLSl Netstreaml IPv6

2-port 10GE optical LPU (EA, XFP)-32K MAC

X2UXA It supports the following functions:l MPLSl Netstreaml IPv6



2-13

Name ShortName

Remarks

2-port 10GE optical LPU (EC, XFP)-128K MAC

X2UXC It supports the following functions:l MPLSl Netstreaml IPv6

24-port 100M/1000M Ethernet optical+ 8-port 100M/1000M Comboelectrical LPU (EA, SFP/RJ45, 1588)-32K MAC

G24CEAS It supports the following functions:l MPLSl Netstreaml IPv6

24-port 100M/1000M Ethernet opticalLPU (SA, SFP) -32K MAC

G24SA -

24-port 100M/1000M Ethernet opticalLPU (EC, SFP) -128K MAC

G24SC It supports the following functions:l MPLSl Netstreaml IPv6

24-port 100M/1000M Ethernet opticalLPU (ED, SFP) -512K MAC

G24SD It supports the following functions:l MPLSl Netstreaml IPv6

24-port 100M/1000M Ethernet optical+ Combo electrical LPU (SA, SFP/RJ45) -32K MAC

G24CA -

12-port 10GE optical LPU (SA, SFP+) -32K MAC

X12SA -

24-port 100M/1000M Ethernetelectrical and 2-port GE optical LPU(EA, RJ45/XFP) -32K MAC

T24XA It supports the following functions:l MPLSl Netstreaml IPv6

24-port 100M/1000M Ethernet opticaland 2-port GE optical LPU (EA, SFP/XFP) -32K MAC

S24XA It supports the following functions:l MPLSl Netstreaml IPv6

12-port 1000M EPON optical and 12-port 100M/1000M Ethernet opticalLPU (SFP)

E12GA -


Product Description


Issue 01 (2010-12-15)

NOTE

The Small Form-Factor Pluggable (SFP), SFP+, and XFP are pluggable optical modules.

The LPUs of the S9300 are classified into S-series boards, E-series boards, F-series boards and EPONboard.

l The S-series boards include SA boards. For example, 24-port 100M/1000M Ethernet optical LPU(SA, SFP)-32K MAC

l The E-series boards include EA boards, EC boards, and ED boards. For example, 48-port 100MEthernet optical LPU (EA, SFP) -32K MAC.

l F-series boards include FA boards. For example, 48-port 1000M Ethernet electrical LPU (FA,RJ45)-32K MAC.

l The EPON board is 12-port 1000M EPON optical and 12-port 100M/1000M Ethernet optical LPU(SFP).

2.2.6 FSUThe Flexible Service Unit A (FSUA) of S9306 and S9312 supports the following functions:

l Hardware-based Ethernet OAMl Hardware-based MPLS OAMl Hardware-based Bidirectional Forwarding Detection (BFD)l Dos attack protection of the Central Processing Unit (CPU) of the SRU

NOTE

Software-based Ethernet OAM, MPLS OAM, BFD and NQA functions are available in other LPUs.

FSUA is an optional subcard on the SRU of the S9312 and S9306. Users can choose to installthe FSUA according to the service requirement.

Table 2-3 FSUA

Name Description

20 Gbit/s FSUA Provides 20 Gbit/s service switching capability.

2.2.7 VSUThe Virtual Switch Unit (VSU) is used to connect multiple devices to form a stack.

On the S9312 and S9306, the VSTSA is used as the VSU, which is installed on the SRU. Youcan configure the VSTSA according to service requirements. For the VSTSA, "VS" representsthe virtual switch, "T" represents the electrical interface, "S" represents the standard series, and"A" represents the version.

NOTE

The S9303 does not support stacking.

Table 2-4 Stacking cards

Name Description

VSTSA It provides the stacking function.



2-15

2.2.8 SPUThe SPU has no service interfaces.

The SPU is called Value Added service Multi-core Processor (VAMPA), where "A" representsthe version. It supports the following functions:l Firewalll NATl Integrated NetStreaml Load balancingl IPSec VPN

NOTE


Table 2-5 SPU card

Name Description

VAMPA It processes VASs.

2.3 Software ArchitectureThis section describes the relationship between the operating system and software features ofS9300.

The S9300 runs on the latest VRP version 5 (VRPv5) to provide software features. VRPv5consists of the following parts:

l System service planeIt provides the following functions based on the operating system:

– Task management

– Memory management

– Timer

– Software loading and patchingThis enhances the modular technology to facilitate system upgrade and customization.

l General control planeIt is the core of the VRP data communication platform. It functions as the basis of securityand QoS, and provides the following functions:

– Link management

– IP protocol stack

– Routing protocol processingIt is used to control the data forwarding plane and carry out various functions of the device.


Product Description


Issue 01 (2010-12-15)

l Data forwarding planeIt forwards data under the control of the general control plane to carry out data transmission.VRPv5 supports data forwarding based on software and hardware.

l Service control planeIt controls and manages the system based on users or interfaces. It implements theauthentication, authorization, and accounting for users through the DHCP Option 82 field.It also implements authentication for access interfaces through IEEE 802.1x.

l System management planeIt provides user interfaces and manages input/output ports. It is the basis of networkmanagement and maintenance.



2-17

3 Service Features

About This Chapter

This section describes the major service functions of the S9300, including IP features,MPLS,MPLS L2VPN, MPLS L3VPN, QoS, Ethernet, Ethernet OAM, NAC, multicast, reliability,LLDP, security, clock , stacking, Web network management, firewall/NAT, load balancing,IPSec VPN, and NetStream.

NOTE


3.1 EthernetThis section describes the basics of VLAN mapping, QinQ, selective QinQ, and BPDU tunnel.

3.2 IP FeaturesThis section describes the IP features supported by the S9300.

3.3 MulticastThis section describes the basics of IGMP snooping, multicast flow control, controllablemulticast, multicast VLAN, and multicast replication.

3.4 QoSThis section describes the basics of QoS supported by the S9300.

3.5 ReliabilityThis section describes the basics of link aggregation, BFD, and HA at the equipment level.

3.6 SecurityThis section describes the security measures for devices and services.

3.7 Network Management FeaturesThe S9300 provides network management functions of LLDP and NetStream.

3.8 ClockThis section describes the clock synchronization and calibration mechanisms supported by theS9300.

3.9 PoEOn Intranets, PoE can be used to provide centralized power for terminals such as IP phones,Access Points (APs), chargers of portable devices, POS machines, cameras, and data collectiondevices through the 10Base-T, 100Base-TX, or 1000Base-T Ethernet.

Quidway S9300 Terabit Routing SwitchProduct Description 3 Service Features


3-1

3.10 Enterprise Network FeaturesThe S9300 provides NAC, firewall, NAT, and load balancing for enterprise networks.

3.11 MPLSThis section describes the basics of MPLS, MPLS TE, and MPLS OAM.

3 Service FeaturesQuidway S9300 Terabit Routing Switch

Product Description


Issue 01 (2010-12-15)

3.1 EthernetThis section describes the basics of VLAN mapping, QinQ, selective QinQ, and BPDU tunnel.

3.1.1 VLAN Aggregation

3.1.2 VLAN Mapping

3.1.3 Selective QinQ

3.1.4 BPDU Tunnel

3.1.1 VLAN AggregationNetwork technologies develop fast, so network addresses are insufficient. To save IP addresses,VLAN aggregation is used.

In VLAN aggregation, a super VLAN is associated with multiple sub-VLANs. A super VLANcannot contain physical interfaces, but can be configured with a VLANIF interface. A sub-VLAN can contain physical interfaces, but cannot be configured with a VLANIF interface.Interfaces in all the sub-VLANs use the VLANIF interface address of the super VLAN. Thesubnet IDs, subnet gateway addresses, and subnet broadcast addresses can be saved. In addition,different broadcast domains use the addresses of the same subnet; therefore, addressing isflexible and IP addresses are saved. In addition to keeping each sub-VLAN as an independentbroadcast domain, VLAN aggregation uses less IP addresses than a common VLAN.

3.1.2 VLAN MappingVLAN mapping refers to the setting up of a mapping table on the S9300 to realize the mappingbetween the Customer VLAN (C-VLAN) and the Service VLAN (S-VLAN). One or multipleC-VLAN IDs can be mapped to a S-VLAN ID.

NOTE

l A C-VLAN is the VLAN of the port at the user side. It is of local significance and used to identify auser or a class of users.

l The S-VLAN is designated by the ISP at the network side. It takes effect globally and identifies a typeof service.

The S9300 supports VLAN mapping of a single VLAN tag in the following mode if the interfaceat the user side is specified:

l 1:1 VLAN mapping

Maps a C-VLAN tag to the S-VLAN tag.

l N:1 VLAN mapping

Maps multiple C-VLAN tags to the S-VLAN tagor adds a VLAN tag.

l N:1 mapping

Maps multiple C-VLAN tags to the same S-VLAN tag or adds a VLAN tag.

The S9300 also supports VLAN mapping between double VLAN tags.

l 2:2 VLAN mapping



3-3

The S9300 can map the double VLAN tags of packets from the user side to the doubleVLAN tags of packets from the network side. The S9300 can also switch the outer andinner VLAN tags of a packet.

l 2:1 VLAN mappingThe S9300 maps the user-side VLAN tags to the network-side VLAN tags. It can alsochange the outer VLAN tag but keep the inner VLAN tag unchanged.

In addition, the S9300 supports the CoS-based VLAN mapping. It can map multiple C-VLANtags to the same S-VLAN tag according to the CoS or add a VLAN tag to a packet.

For details about VLAN Mapping, see VLAN in the Quidway S9300 Terabit Routing SwitchFeature Description - Ethernet.

3.1.3 Selective QinQThe S9300 supports the selective QinQ technique. Selective QinQ expands the space of VLANtags. It enables the S9300 to flexibly select outer S-VLAN tag based on the C-VLAN tag of thereceived packets. In this case, various user services can travel along different paths. Thisfacilitates deployment of services. The selective QinQ feature can be applied to the incomingand the outgoing interfaces. This makes the networking more flexible.

The S9300 supports the selective QinQ feature in the following ways:

l On the port, the S9300 adds a different outer S-VLAN tag based on the VLAN ID of theC-VLAN tag of the packets.

l On the port, the S9300 changes an inner VLAN tag based on the VLAN ID of the C-VLANtag of the packets. The S9300 then adds a different outer S-VLAN tag.

The port enabled with QinQ learns the MAC address based on the outer VLAN tag of packets,and forwards the upstream packets and downstream packets based on the destination MACaddress of packets.

The S9300 provides powerful hardware, which implements selective QinQ through trafficclassification based on ACLs. In this case, the S9300 can flexibly add S-VLAN tags or modifyC-VLAN tags.

For details about slective QinQ, refer to the “QinQ” in Quidway S9300 Terabit Routing SwitchFeature Description - Ethernet.

3.1.4 BPDU TunnelBridge Protocol Data Unit(BPDU) tunnel is a Layer 2 tunnel technology. With BPDU tunnelenabled, the BPDUs are transparently transmitted from the customer network through the VLANVPN specified by the ISP network. In this way, all devices in the customer network can calculatethe spanning tree. The customer network and ISP network have spanning trees that areindependent of each other. Thus the convergence speed is improved.

With BPDU tunnel enabled, the S9300 considers the tagged BPDUs as ordinary frames. Thus,the BPDUs are forwarded within the specified VLAN; or the BPDUs are encapsulated to beMPLS packets and then forwarded within the MPLS network without being dealt with as theBPDUs.

3.2 IP FeaturesThis section describes the IP features supported by the S9300.


Product Description


Issue 01 (2010-12-15)

NOTE

To implement IPv6 functions, apply for and purchase the license from Huawei local office.

3.2.1 IPv4/IPv6 Protocol Stack

3.2.2 IPv4 Features

3.2.3 IPv6 Features

3.2.4 IPv4/IPv6 Transition Technologies

3.2.5 IP SessionThis section describes the IP session feature supported by the S9300.

3.2.1 IPv4/IPv6 Protocol StackThe IPv4/IPv6 protocol stack features good interworking and simplicity. Figure 3-1 shows thestructure of the IPv4/IPv6 protocol stack.

Figure 3-1 Structure of the IPv4/IPv6 protocol stack

IPv4/IPv6 Application

TCP UDP

Link Layer

IPv4 IPv6

3.2.2 IPv4 FeaturesThe S9300 supports the following IPv4 features:

l TCP/IP protocol stack, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), andARP

l Static DNS and specified DNS serverl FTP server/client and TFTP clientl DHCP relay agent and DHCP serverl Ping, tracert, and NQA: NQA can detect the status of ICMP, TCP, UDP, DHCP, FTP,

HTTP and SNMP services and test the response time of various services.

NOTE

To implement NQA functions, apply for and purchase the license from Huawei local office.

l IP policy-based routing: specifies the next hop based on the attribute of packets withoutsearching the routing table for the routes.

For details about IPv4refer to the “IPv4 Feature Description” in Quidway S9300 Terabit RoutingSwitch Feature Description - IP Service.



3-5

3.2.3 IPv6 FeaturesThe S9300 supports the following IPv6 features:

l IPv6 Neighbor Discovery (ND)l Path MTU Discovery (PMTU)l TCP6, ping IPv6, tracert IPv6, socket IPv6, UDP6 and RawIP6l TFTP IPv6 Clientl IPv6 policy-based routingl DHCPv6 snooping and MLDv1/v2 snoopingl Neighbor Discovery (ND) snooping

For details about IPv6, refer to the “IPv6” in Quidway S9300 Terabit Routing Switch FeatureDescription - IP Service.

3.2.4 IPv4/IPv6 Transition Technologies

IPv6 over IPv4 TunnelAs shown in Figure 3-2, the IPv6 over IPv4 tunnel technology is used for the transition fromthe IPv4 network to the IPv6 network.

Figure 3-2 Schematic diagram of the IPv6 over IPv4 tunnel technology

IPv4 Header

IPv6network

IPv6networkIPv6 over IPv4 Tunnel

IPv4 network

Dual StackDevice

Dual Stack Device

IPv6 host IPv6 hostIPv6 Header IPv6 Data

IPv6 Header IPv6 Data

IPv6 Header IPv6 Data

The S9300 supports the following IPv6 over IPv4 tunnels:

l IPv6 manual tunnelThe IPv6 manual tunnel is created manually on the routers on the two ends of a tunnel. Thesource and destination IPv4 addresses need to be statically configured. The tunnel is apermanent link that connects two IPv6 domains through an IPv4 backbone network. It is afixed channel for two edge routers to communicate with each other and can be used by theisolated IPv6 sites to communicate with each other.

l 6to4 tunnelThe 6to4 tunnel can connect multiple IPv6 isolated sites to the IPv6 network through theIPv4 network.


Product Description


Issue 01 (2010-12-15)

Compared with the manual tunnel, the 6to4 tunnel can be a P2MP connection. The manualtunnel, however, is a P2P connection. The routers where the 6to4 tunnel is set up are notconfigured in pairs. Similar to the routers on an automatic tunnel, a router on the 6to4 tunnelcan search for the other end of the tunnel; however, you do not need to specify the IPv4-compatible IPv6 address for the 6to4 tunnel. The 6to4 tunnel uses a special IPv6 address,that is, 6to4 address.

IPv4 over IPv6 TunnelDuring the later stage of the transition from the IPv4 network to the IPv6 network, a large numberof IPv6 networks are deployed; therefore, there may be IPv4 isolated sites. The cost spent onconnecting these isolated sites through dedicated lines is very high. You can create a tunnel onthe IPv6 network to connect IPv4 isolated sites. This is similar to deploying the VPN on the IPnetwork through the tunnel technology. The tunnel that is used to connect IPv4 isolated sites onthe IPv6 network is called an IPv4 over IPv6 tunnel.

To set up IPv4 over IPv6 tunnels, the IPv4/IPv6 dual stack needs to be enabled on the routersat the edge of the IPv6 network and the IPv4 network.

Figure 3-3 Networking diagram of the IPv4 over IPv6 tunnel

IPv4 PayloadIPv4 Header

IPv4network

IPv4networkIPv4 over IPv6 Tunnel

IPv6 network

Dual StackRouter

Dual Stack Router

IPv4 host IPv4 host

IPv4 HeaderIPv6 Header

IPv4 Payload

IPv4 Header

IPv6 Payload

6PEThe IPv6 Provider Edge (6PE) router allows the communication between the IPv6 isolated CErouters over the IPv4 network. Figure 3-4 shows the networking diagram of 6PE topology. TheISP can use the IPv4 backbone network to provide services for the IPv6 networks where usersare distributed dispersedly.



3-7

Figure 3-4 6PE topology

IPv4/MPSL CloudIBGP

PCE CE

IPv6 Cloud Customer site

IPv6 Cloud Customer site

The 6PE router labels IPv6 routing information and floods the information onto the ISP's IPv4backbone network through Internal Border Gateway Protocol (IBGP) sessions. The IPv6 packetsare labeled before entering the tunnels on the backbone network. The tunnels can be MPLSLSPs.

The IGP protocol used on the ISP network can be OSPF or IS-IS, and the protocol used betweenCE routers and 6PE routers can be a static routing protocol, an IGP, or EBGP.

If the IPSs want to use the IPv4/MPLS networks to exchange IPv6 traffic, they can just updatethe PE router. Therefore, using the 6PE feature as an IPv6 transition mechanism is a cost-effective solution for ISPs.

3.2.5 IP SessionThis section describes the IP session feature supported by the S9300.

As shown in Figure 3-5, Switch represents the S9300.

Figure 3-5 Networking diagram of the IP session

DHCP Server

AAA Server

Internet

SwitchDSLAM

The S9300 can terminate and authenticate IP sessions and assign IP addresses to IP sessions.

The STB or VOIP terminal of a family sends a DHCP Request message. Then the S9300 directlyassigns an IP address to the terminal or relays the message to the DHCP server requesting an IPaddress. Before assigning an IP address, the S9300 sends the VLAN (QinQ) information or


Product Description


Issue 01 (2010-12-15)

DHCP Relay Agent information to the AAA server for authenticating the terminal. If theauthentication is successful, the S9300 assigns an IP address to the terminal.

The S9300 can perform scheduling on the services of different types or encapsulate servicetraffic into different VPNs, thus separating services.

3.3 MulticastThis section describes the basics of IGMP snooping, multicast flow control, controllablemulticast, multicast VLAN, and multicast replication.

The S9300 supports rich multicast features including IGMP snooping, IGMP proxy, staticmulticast, multicast across VLANs, and multicast replication. The S9300 also provides strongmulticast duplication capacity and the deployment of multicast services on the VPLS network.

3.3.1 Multicast Routing Protocol

3.3.2 IGMP Snooping

3.3.3 Static Multicast

3.3.4 Multicast VLAN and Multicast Replication

3.3.1 Multicast Routing ProtocolThe S9300 supports the following multicast routing protocols:

l Internet Group Management Protocol (IGMP), Protocol Independent Multicast-DenseMode (PIM-DM), Protocol Independent Multicast-Sparse Mode (PIM-SM), MulticastSource Discovery Protocol (MSDP), and Multi-protocol Border Gateway Protocol(MBGP).

l PIM-SSM: When a multicast source is specified, a host can directly join the multicastsource, without registering with the Rendezvous Point (RP).

l Anycast RP: Multiple RPs can exist in a domain and they are configured as MSDP peers.A multicast source can register with the nearest RP, and the receiver can also choose thenearest RP and join the shared tree of the RP. When an RP expires, the multicast sourceand receiver registered on this RP choose another near RP to register and join. Thus loadsare shared on the RPs.

l IPv6 multicast routing protocols: PIM-IPv6-DM, PIM-IPv6-SM, and PIM-IPv6-SSM.

l Multicast Listener Discovery (MLD): MLD is used to set up and maintain the memberrelationship of groups between hosts and their directly connected multicast routers. Thefunctions and implementation of MLD are the same as those of the IGMP. MLD has thefollow versions:

– MLDv1

MLDv1 is defined in RFC 2710 and derived from IGMPv2. MLDv1 supports the Any-Source Multicast (ASM) model. With the help of SSM mapping, MLDv1 can supportthe Source-Specific Multicast (SSM) model.

– MLDv2

MLDv2 is defined in RFC 3810 and derived from IGMPv3. MLDv2 supports the ASMand SSM models.



3-9

When the multicast routing module receives, imports, and advertises multicast routes, theS9300 can filter the routes based on routing policies. When forwarding IP multicast packets, theS9300 can filter and forward the packets based on policies.

For details about Link Aggregation, refer to the Quidway S9300 Terabit Routing Switch FeatureDescription - Multicast.

3.3.2 IGMP SnoopingLocated between the host and the multicast router, the S9300 can statically configure themulticast forwarding entries. In addition, the S9300 maintains the multicast group and themapping of VLAN ID and outbound ports by listening to the passing IGMP messages. TheS9300 dynamically sets up a Layer 2 forwarding table for multicast packets.

When the S9300 receives a multicast packet, it forwards the packet to only the VLAN membersof that multicast group. Based on the Layer 2 forwarding table, the packet is multicast in theVLAN. This reduces the number of packets transmitted over the network to save networkbandwidth, and improves the security of information.

Prompt Leaving of PortsWhen a port of the S9300 is attached with only one host, the S9300 directly deletes thecorresponding multicast forwarding entry of that port as long as it receives an IGMP Leavemessage from the host through that port. After that, the S9300 does not forward IGMP Querymessages to that port. This saves bandwidth and system resources and realizes promptswitchover of services.

Multicast QuerierOn the Layer 2 network, the S9300 can function as the querier to realize the multicast functionin the following ways:

l Runs queries.l Terminates the IGMP packets.l Establishes the multicast forwarding table on the Layer 2 network.

The querier can be configured based on VLAN.

When querier is enabled in the VLAN, the multicast querier of the S9300 performs the followingfunctions:

l Terminates the Report packet from the IGMP of the user, and then establishes the multicastforwarding entry based on the Report packet.

l Terminates the Query packet from the IGMP of the router, and then sends the query packet.l Broadcasts the Protocol Independent Multicast (PIM) packet in the VLAN.l Terminates the Leave packet from the IGMP of the user. When the user sends a Leave

packet, the querier sends a specific group Query packet to confirm it.

Multicast Packet RepressionIf the S9300 receives the Report packet or Leave packet from the users within a short period oftime, the S9300 checks whether the same Report packet or Leave packet is received in therepression period. The S9300 then determines whether to send the packets to the router. Thisreduces the number of IGMP packets to be dealt with by the router.


Product Description


Issue 01 (2010-12-15)

Controllable MulticastThe S9300 can control the access of VLAN or VPLS VSI users to a multicast group byconfiguring ACL. This implements the controllable multicast communication.

Multicast Call Admission Control (CAC)multicast CAC is involved in the IPTV multicast scheme and is mainly used to control the numberand bandwidth of IPTV channels in the Layer 2 multicast scenario, thereby preventing usersfrom requesting additional channels or bandwidth and ensuring high service qualities for existingusers.

3.3.3 Static MulticastA user host receives the multicast traffic through a DSLAM. For example, the Set Top Box(STB) receives the video programs from the Broadband Television (BTV). The S9300 can bedeployed between multiple DSLAMs and the upstream multicast router. IGMP is not enabledfor some VLANs on the S9300. The S9300 sets up the multicast member relationship staticallyand sets up multicast forwarding entries for those VLANs as required.

Each DSLAM supports the controllable multicast to directly control the addition, deletion, andswitching of channels from the STB. The S9300 is not involved in the transmission of IGMPpackets. In this way, the delay of images and voices generated when users switch channels isgreatly shortened.

3.3.4 Multicast VLAN and Multicast ReplicationMulticast VLAN is used to converge and forward the multicast packets of different VLANs.The users join the multicast VLAN when they need multicast packets. Multicast VLAN copiesthe multicast packets to different user VLANs. This realizes the multicast duplication functionacross VLANs. The S9300 can copy up to 127 copies of multicast packets of different VLANsto a port.

The S9300 forwards multicast packets through the multicast VLAN, and copies the packetsbased on the multicast entries. The S9300 then sends these packets to the VLANs of differentusers. Using the multicast VLAN technique, the S9300 can converge the multicast packets inthe entire user VLANs to one or several VLANs.

The multicast across VLAN technique enables the S9300 to send unicast packets and multicastpackets in different VLANs. This helps to manage and control the multicast traffic and to savethe bandwidth resource.

3.4 QoSThis section describes the basics of QoS supported by the S9300.

QoS provides network services with different qualities as required.

NOTE

For details about Link Aggregation, refer to the Quidway S9300 Terabit Routing Switch FeatureDescription - QoS.

3.4.1 Hierarchical Traffic Policing

3.4.2 Flow Control



3-11

3.4.3 Re-marking

3.4.4 Queue Scheduling

3.4.5 Congestion Avoidance

3.4.6 Traffic Shaping

3.4.1 Hierarchical Traffic PolicingThe S9300 supports two-level traffic policing, namely, traffic policing based on users and trafficpolicing based on user groups. It supports the multiplexing of bandwidths of users and usergroups.

Traffic policing is used to monitor the service traffic that matches the traffic classifier rules onthe incoming interface. In this manner, the interface can be adapted to the assigned networkresources such as bandwidth. Traffic policing limits the rate of the traffic on the incominginterface. In this manner, the S9300 can monitor the traffic entering a network. If the rate is toohigh, the S9300 chooses to discard the packets or reset the priorities of the packets.

The S9300 supports the two-rate-three-color marker and one-rate-two-color marker. Thisguarantees granular management of bandwidths.

3.4.2 Flow ControlFlow control is used for congestion management. When a network cannot provide the committedor negotiated performance specifications, such as rate, congestion occurs.

In this case, an Ethernet switch sends pause frames to its peer to inform the peer to stop sendingdata for a while. This helps decrease the volume of traffic on the network. Flow control enabledon a port functions on all the traffic on the port.

3.4.3 Re-markingWith re-marking, the S9300 applies parameters about services to the packets that match certainACL rules. Re-marking is implemented as follows:

l The S9300 applies parameters about services provided by itself to the packets.l The S9300 applies parameters about services drawn upon the mapping table according to

the Differentiated Services Code Point (DSCP) of the packets.l The S9300 applies parameters about services drawn upon the mapping table according to

the DSCP defined by users.l Users assign parameters about services to the packets.

3.4.4 Queue SchedulingWhen an Ethernet switch forwards multiple packets, these packets may compete for resources.Queue scheduling is thus introduced to address this problem. The S9300 supports the followingqueue scheduling algorithms:

l Strict Priority (SP)l Weighted Round Robin (WRR)l SP + WRR


Product Description


Issue 01 (2010-12-15)

l Deficit Round Robin (DRR)l SP + DRR

Outgoing packets on the ports of the Ethernet switch are forwarded in different manners asdefined in the preceding algorithms.

3.4.5 Congestion AvoidanceWhen congestion occurs, a switch immediately discards certain packets to release resources ofqueues. The switch also schedules the packets into queues other than those with long delay. Thishelps to remove the congestion.

The S9300 supports the Weighted Random Early Detection (WRED) algorithm. WREDmonitors packets in each queue and compares the length of the queue with the low threshold fordropping packets. Based on the result, the S9300 processes the packets in queues in the followingways when congestion occurs.

l When a queue is shorter than the minimum threshold, the device does not discard packets.l When the length of a queue is between the low threshold and the high threshold, WRED

begins to discard packets randomly.l When a queue is longer than the high threshold, the device discards all incoming packets.

3.4.6 Traffic ShapingWith traffic shaping, the transmission rate of outgoing packets are controlled and packets aretransmitted at an even rate. Traffic shaping is applied to the downstream traffic to make itstransmission rate the same as that provided by the downstream devices. This prevents thediscarding of packets and traffic congestion. The difference between traffic shaping and trafficpolicing lies in that traffic shaping is used to buffer packets that exceed the set rate limit andthen transmit the packets at an even rate; traffic policing is used to discard packets that exceedthe set rate limit. In traffic shaping, packets are delayed for transmission. In traffic policing,however, no delay is added for packets.

The S9300 supports traffic shaping based on interfaces, class of service (CoS) and VLAN, thatis, shapes the traffic of all VLANs, interfaces and CoSs. The two types of traffic shaping can becarried out through different parameters.

3.5 ReliabilityThis section describes the basics of link aggregation, BFD, and HA at the equipment level.

3.5.1 Link Aggregation

3.5.2 DLDP

3.5.3 RRPP and the Multi-Instance Technology

3.5.4 Smart Link and the Multi-Instance Technology

3.5.5 Ethernet OAMThis section describes the basics of Ethernet OAM.

3.5.6 BFD

3.5.7 LSP Protection Switchover



3-13

3.5.8 High Availability at the Equipment Level

3.5.1 Link AggregationThe S9300 can bind multiple ports into an Eth-Trunk interface manually. The S9300 alsosupports link aggregation in static mode. That is, the administrator sets up the aggregation groupand adds member link, and the Link Aggregation Control Protocol (LACP) maintains theaggregated link.

When one of the links fails, traffic is balanced among the other links without interruption. TheS9300 supports the aggregation of links on different LPUs, which improves the reliability ofservices.

For details about Link Aggregation, refer to the “Trunk” in Quidway S9300 Terabit RoutingSwitch Feature Description - Ethernet.

3.5.2 DLDPThe S9300 supports the Device Link Detection Protocol (DLDP). DLDP monitors the link statusof optical fibers or copper twisted-pair cables. If a unidirectional link exists, DLDP automaticallyshuts down or notifies users to manually shut down the port on the unidirectional link as required.This prevents network faults.

For details about DLDP, refer to the “DLDP” in Quidway S9300 Terabit Routing Switch FeatureDescription - Reliability.

3.5.3 RRPP and the Multi-Instance TechnologyTo reduce convergence time and remove the impact of network scales on the convergence time,Huawei develops the Rapid Ring Protection Protocol (RRPP) that is a data link layer protocolexclusively used in Ethernet ring networks.

When an Ethernet ring network is complete, RRPP can prevent broadcast storms caused by dataloops. When a link is disconnected, RRPP helps to quickly enable the standby link and thenrecover the communications between nodes on the ring network.

Compared with other Ethernet ring technologies, RRPP boasts of the following features:

l Convergence time is less than 50 milliseconds (ms).l Convergence time bears no relation to the number of nodes on a ring network. Thus, RRPP

can be applied to a network with a great diameter.l RRPP can prevent broadcast storms caused by loops when an Ethernet ring network is

complete.l On an Ethernet ring network, when a link is torn down, a backup link immediately starts

to resume the normal communications between nodes.

On intersectant RRPP rings, when the topology of a ring changes, topology flapping by no meansoccurs on other rings. Instead, data transmission can be better guaranteed.

The RRPP multi-instance technology applies to ring Ethernet networks. Different RRPPinstances are arranged for different C-VLANs to carry out independent calculation andconvergence of topologies. In addition, the multi-instance technology optimizes the network andsimplifies configurations in complex topologies with multiple intersectant rings or multiple ringsin multiple domains.


Product Description


Issue 01 (2010-12-15)

For details about RRPP, refer to the “RRPP” in Quidway S9300 Terabit Routing Switch FeatureDescription - Reliability.

3.5.4 Smart Link and the Multi-Instance TechnologyThe dual-homing networking is one of the most commonly used networking. In most cases, STPis enabled to implement the backup of links. STP, however, cannot satisfy users that requirequick convergence.

Thus, Smart Link is introduced to provide link backup and fast switching of traffic between theactive and standby links. This meets the requirements of users for fast convergence of links. Ina dual-homing network, when the active link fails, the device automatically switches traffic tothe standby link. In this manner, the redundant link is blocked and backup of links isimplemented.

The features of Smart Link are as follows:

l It is dedicated to dual-homing networks.l The convergence time can reach sub-seconds.l It is easy to configure and operate.

Smart Link multi-instance means that a Smart Link group is configured with multiple instancesand each instance is configured with a VLAN range. You can use commands to configure someinstances to transmit packets through standby links. Thus the VLANs transmit packets throughdifferent paths to implement load balancing.

For details about Smart Link, refer to the “Smart Link” in Quidway S9300 Terabit Routing SwitchFeature Description - Reliability.

3.5.5 Ethernet OAMThis section describes the basics of Ethernet OAM.

The Ethernet OAM functions of the S9300 include fault management and performancemanagement.

For details about Ethernet OAM, refer to the “Ethernet OAM” in Quidway S9300 Terabit RoutingSwitch Feature Description - Reliability.

3.5.6 BFDThe S9300 supports the BFD mechanism to implement fast detection and monitor theconnectivity of links.

BFD realizes fast detection of link failures by using the "Hello" protocol. Detection packets aretransmitted periodically from both ends of a bidirectional link. If the S9300 fails to receive thedetection packets from the peer end in a certain period of time, it indicates that certain segmentof the bidirectional link fails. BFD then triggers the switchover mechanism to ensure thereliability of the network.

BFD supports failure detection in milliseconds. BFD also supports asynchronous detection.

The S9300 supports the following BFD detection methods:

l Detection of linksl Detection of the connectivity of IP routing



3-15

l Detection of the connectivity of an LSP, a CR-LSP, and an MPLS TE protection groupl BFD detection on the VPLS network

It also processes the diagnosis packet that manages the switchover of VPLS and performsthe switchover.

The S9300 supports the association among BFD, 802.3ad, and 802.1ag to achieve end-to-endOAM.

For details about BFD, refer to the “BFD Feature Description” in Quidway S9300 TerabitRouting Switch Feature Description - Reliability.

3.5.7 LSP Protection SwitchoverThe S9300 supports MPLS OAM and fast detection of LSP faults. A standby LSP can be set forthe active LSP to realize 1+1 backup of LSPs. When the active LSP fails, services can be fastswitched to the standby LSP. This greatly improves the reliability of the network.

For details about LSP protection switchover, refer to the “MPLS OAM” in Quidway S9300Terabit Routing Switch Feature Description - MPLS.

3.5.8 High Availability at the Equipment Level

Hot BackupThe S9300 supports hot backup of its key components including the SRU/MCU, power modules,and fan modules.

l SRU/MCUThe S9300 can be installed with two SRUs/MCUs that run in 1+1 backup mode.

l The two SRUs/MCUs in 1+1 backup mode support two types of protection switchover:– Automatic protection switchover

It is triggered by the system upon a serious fault or resetting of the active SRU/MCU.– Forcible protection switchover

It is triggered by commands through the console port. You can also prevent the active/standby switchover of the SRUs/MCUs by using commands through the console port.

After the active/standby switchover is performed, the standby SRU/MCU immediately takesover the entire services. This ensures continuity of services and availability of the system.

l Power modulesThe S9300 can be configured with 4 AC power modules or 4 DC power modules. Thepower modules work in redundancy backup mode.The power modules provide power for the S9300 when they are correctly installed andpowered on. When one of the power modules fails, the other one immediately takes overthe services without interruption.The PoE function supports only the AC power modules. The S9303 does not support thebackup of PoE power modules. The S9306 and the S9312 support the PoE power modulesworking in M+N mode.

l Fan modulesEach fan frame of the S9300 provides two layers of fan frames to carry out backup for thesystem. When any of the fan frames fails, the other fan frame still ensures that the ambient


Product Description


Issue 01 (2010-12-15)

temperature is not higher than 45°C. To ensure that the ambient temperature is not higherthan 40°C, a single fan frame can normally work for only 96 hours.When a fan fails, the system generates an alarm message.

Hot SwapThe SRU, MCU, LPU, CMU, power modules, and fan frames of the S9300 are hot swappable.

WARNINGFSUA is not hot swappable.

l Hot swap of the SRU/MCUIf the S9300 is installed with two SRUs/MCUs that work in 1+1 backup mode, hot swapof the standby SRU/MCU does not interrupt services. Hot swap of the active SRU/MCU,however, implements fast switchover of services to the standby SRU/MCU. The dataswitching units can work in 1:1 load balancing mode. In this mode, the data switchingcapability is reduced by half when the SRU is hot swapped.

l Hot swap of the LPUl Hot swap of power modules

When the S9300 is installed with four power modules that run normally, hot swap of oneor two of them does not interrupt services.

l Hot swap of fan framesHot swap of fan frames does not affect services of the S9300.

l Hot swap of the air filterThe air filter is not powered and is swappable as required. It is convenient for routinecleaning.

Inter-SIC Eth-TrunkMultiple Ethernet ports, either on the same SIC or different SICs, of the S9300 can be bound toa logical Eth-Trunk interface. This realizes backup between ports and load balancing of traffic.

When one member port in the Eth-Trunk interface fails, the services on that port areautomatically carried by other ports in the Eth-Trunk interface. In this case, the Eth-Trunkinterface can still handle services normally. Therefore, service transmission is not affected.

Because the bound ports belong to different SICs, inter-SIC Eth-Trunk reduces the impact ofone SIC fault and removes the single-site fault.

E-Trunk Composed of Ethernet Interfaces on Different DevicesAs an extension to the Link Aggregation Protocol (LACP) that implements link aggregation ofa single device, the Enhanced Trunk (E-Trunk) protocol implements link aggregation of differentdevices. The link reliability is thus improved.

The E-Trunk is mainly applied to the scenario that a CE is dual homed to the VPLS, VLL, orPWE3 network. In this scenario, E-Trunk protects the links between the CE and PE and prevents



3-17

the fault on the PEs. Before the E-Trunk is introduced, a CE can only be connected to a PEthrough the Eth-Trunk.

If the Eth-Trunk or the PE is faulty, the CE cannot communicate with the PE. After the E-Trunkused, the CE can be dual homed to two PEs to implement backup between devices.

Figure 3-6 Networking diagram of E-Trunk

PE1

PE2

CEEth-Trunk 10

Eth-Trunk 20

E-Trunk 1

Stacking

A single switch cannot meet requirements of the increasing access volume of the data center andthe network reliability. To meet the forwarding requirement of the database and ensure thenetwork reliability, the stacking technology of switches is introduced.

In a CSS, multiple S9300s are connected through dedicated stacking cables to form a logicalswitch.

The stacking technology brings the following benefits to operators:

l Protecting investments during network capacity expansion

l Simplifying configuration and management during capacity expansion: multiple physicalswitches form a logical switch

l Improving system reliability through redundancy and backup of multiple switches

Protection Against Abnormity

The S9300 separates the control channel from the service channel. This provides a non-blockingcontrol channel. The S9300 supports the following measures for protecting against abnormities:

l Provides error correction for memory chip faults.

l Provides protection against mis-insertion on the power input interface.

l Provides fan frames with separate power supply channels. The failure of any of the fanframes does not affect the other.

l Provides protections against over-current and over-voltage for power and interfacemodules.

l Provides protection against mis-insertion of boards to prevent inserting the H-SICs into theL-SIC slots.


Product Description


Issue 01 (2010-12-15)

l Provides the monitoring and alarm functions for the power modules, voltage andenvironment temperature.

Protection in OperationThe S9300 supports the following protection measures:

l Supports in-service upgrade of the BootROM, in-service patching, and version rollback.l Supports data hot backup between the active and standby units. The active unit

automatically switches to the standby state when failures occur to the active unit. Thisprevents loss of data or information.

l Supports timely synchronization of configurations between the LPUs and SRUs/MCUs.l Supports the abnormity monitoring for the VRP system software, such as automatic

restoration and log record.l Supports final records of process status that can be used to locate faults more easily after

an accident.

The S9300 also provides protection and prompt for improper operations. The S9300 providesoperation and confirmation prompts for certain commands that may degrade the systemperformance.

3.6 SecurityThis section describes the security measures for devices and services.

3.6.1 Security for Devices

3.6.2 Security for Services

3.6.1 Security for Devices

Hierarchical Command LinesThe S9300 authenticates login users for safety when users Telnet the device through Ethernetports. Users can log in to configure and maintain the device only after they pass theauthentication.

Commands of the S9300 are divided into 4 levels. Login users are also divided into 4 levelscorresponding to these 4 levels. After logging in to the S9300, users can run only the commandwith the same or lower level than the user level. This mechanism effectively controls theauthority of login users.

The S9300 supports the extension of command levels and user levels, which can be mappedfrom four levels to 16 levels. This level mapping implements effective management on the userlevels.

The S9300 can also lock the terminal through commands to prevent illegal use of the terminal.

Remote Login Through SSHThe S9300 supports Secure Shell (SSH) of v1.5 and v2. On the network without securityguarantee, SSH provides powerful guarantee of security and authentication for login users andcan defend against illegal attacks.



3-19

Encryption Authentication in SNMPThe S9300 supports encryption authentication in SNMPv3. It authenticates the validity of themanagement packets from the NMS.

Authentication, Authorization and AuthorizationThe S9300 supports Authentication, Authorization and Accounting (AAA). AAA supports threetypes of user authentication:

l Local authenticationl Remote Authentication Dial-In User Service (RADIUS)l Huawei Terminal Access Controller Access Control System (HWTACACS) authentication

It can authenticate and authorize login users in cooperation with hierarchical command lineprotection. It can also authorize the validity of the NMS administrator. The S9300 can defendagainst login of illegal users based on AAA.

Hierarchical CPU ProtectionThe S9300 supports two levels of CPU protections.

l Protection at the LPU levelThe S9300 performs flow control for the protocol packets and management packets sentfrom the LPU to the CPU of the SRU based on the protocol type. This protects the channelbetween the LPU and the CPU from being congested with packets through Denial of Service(DoS) attacks.

l Protection at the SRU levelWhen the CPU receives protocol packets and management packets sent from the LPU tothe CPU, the S9300 performs traffic classification, re-marking, flow control, and thewhitelist function to the packets and implements QoS and rate limit on the CPU. Thisprotects the CPU against Distributed DoS (DDoS), IP spoofing, and SYN Flood attacks.

3.6.2 Security for Services

Packet Filtering Through ACLPacket filtering is used to filter illegal or unwanted packets.

The S9300 filters packets based on user-defined rules. For example, it filters packets by checkingthe source or destination address of the packet. Packet filtering does not check the state ofsessions and does not analyze the data.

By filtering packets, the S9300 can effectively control the packets passing the device.

DHCP Snooping/Option 82Deployed between the server and client of the Dynamic Host Configuration Protocol (DHCP),the S9300 listens to the sending DHCP packet. The S9300 then sets up a table binding the IPaddress with the MAC address based on the results of monitoring. This represses illegal packetsfrom being transmitted. The S9300 can also insert or strip the Option 82 field into or off thepacket.


Product Description


Issue 01 (2010-12-15)

l Receiving the request packet from the DHCP client, the S9300 inserts the Option 82 fieldinto the packet. The DHCP server then assigns IP addresses by identifying the Option 82field.

l The DHCP server inserts the Option 82 field into the response packet. The S9300 analyzesthe Option 82 field to select the forwarding port. The S9300 then strips the Option 82 fieldand forwards the packet to the user.

The Option 82 field records the ID number of the user circuit, which can effectively defend theattacker from tampering the DHCP packet.

Similarly, with the IP session feature, the S9300 checks the IP addresses, MAC addresses,interface numbers, and VLAN IDs of the packets according to the VLAN or Option 82information. This prevents unauthorized users from forging IP addresses.

Limit of MAC Address Learning at PortsThe S9300 supports the limit of MAC address learning.

The S9300 supports setting the maximum number of MAC entries learnt by a port. This candefend against attacks with forged MAC entries and prevent the MAC table resource of theS9300 from being used up.

The S9300 supports the following three ways to limit the number of MAC addresses:

l Based on portsl Based on VLAN IDl Based on VSI

When the number of MAC addresses learnt by a port exceeds the limited threshold, the S9300forwards or discards the incoming packets with new MAC addresses according to theconfigurations.

Blackhole MAC EntriesThe S9300 supports blackhole MAC entries. When the S9300 receives a packet, it compares thedestination MAC addresses of the packet with the MAC entries in the blackhole MAC table. Ifthe MAC address of the packet is identical with the MAC address of a blackhole entry, the packetis dropped.

After detecting that packets with a specific MAC address are attack packets, the administratorcan set a blackhole MAC entry to filter the packets with that specific MAC address. This canprevent attacks using MAC addresses.

Port Binding Based on MAC+VLANTo improve the security of interfaces, the S9300 allows the network administrator to add staticentries to the MAC address table. The static entries identify the mapping among the specifiedMAC address, VLAN ID, and interface. This binds the S9300 to the interfaces and thus preventsMAC spoofing attacks.

Broadcast Traffic SuppressionThe S9300 can limit the transmission rate of broadcast packets, multicast packets, and unknownunicast packets based on interfaces.



3-21

The S9300 can also limit the maximum traffic percentage of broadcast packets, multicastpackets, and unknown unicast packets, thus controlling the traffic volume of broadcast packets.

3.7 Network Management FeaturesThe S9300 provides network management functions of LLDP and NetStream.

3.7.1 LLDPThis section describes the basics of LLDP.

3.7.2 NetStream

3.7.1 LLDPThis section describes the basics of LLDP.

The S9300 supports the Link Layer Discovery Protocol (LLDP). LLDP conforms to IEEE802.1ab. LLDP discovers the adjacency relationships between devices on the link layer. It isused for the interconnected devices to acquire the connection information of each other.

Using the LLDP, the local network management station can acquire the link layer informationof all devices in the local network. It also collects detailed information about network topologyand topology change. This expands the scope of network management.

The port with LLDP enabled on the S9300 periodically notifies the neighbors of its status. If thestatus changes, the port sends the updates of the current state to the neighbors directly connectedto it. The neighbors then store the status of the port in the standard SNMP MIB. The NMSsearches the MIB for the link layer information of the network. Based on search results, the NMScan calculate the network topology.

3.7.2 NetStreamWith increasing services and applications on networks, users propose high requirements fortraffic statistics analysis. NetStream provides a way to obtain the detailed record through thedata network for network administrators.


Product Description


Issue 01 (2010-12-15)

Figure 3-7 Networking diagram of NetStream

NDENetStream

NSC NSC

NDA NDA

Traffic

NetStream traffic

traffic

NDE: Netstream Data Exporter NSC: Netstream Collector NDA: Netstream Data Analyzer

NetStream provides the following functions:l Network management and planningl Enterprise accounting and department billingl ISP billing reportl Data storagel Data collection for business

Due to the connectionless-oriented feature of the IP network, communications among differenttypes of services are implemented by transmitting IP datagrams from one terminal to another.Such IP datagrams actually constitute a data flow of a service on the network. Most data trafficon the network is temporary and bidirectional.

Based on the destination IP address, source IP address, destination port number, source portnumber, protocol number, Type of Service (ToS), and incoming or outgoing interface of packets,NetStream identifies different streams and collects statistics for these steams independently.

The NDE sends the collected traffic statistics regularly to the NSC for further processing andthen sends the statistics to the NDA for data analysis. The report generated based on the analysisresult is the basis for charging and networking planning.

(Item list)The S9300: Supports the NDE function. Samples IPv4/IPV6/MPLS packets. Supportsfix-packet sampling and fix-time sampling. Supports establishment of the original traffic,flexible traffic, and aggregation traffic. Exports packets in V5/V8/V9 format.

The S9300 supports distributed NetStream and integrated NetStream.



3-23

For details about netstream, refer to the “NetStream” in Quidway S9300 Terabit Routing SwitchFeature Description - Network Management.

3.8 ClockThis section describes the clock synchronization and calibration mechanisms supported by theS9300.

The S9300 supports the clock synchronization at the physical layer and the IEEE 1588V2 clocksynchronization and calibration mechanisms. These mechanisms provide precise clock formobile communication services.

With the physical-layer clock synchronization mechanism, the S9300 obtains clock data fromthe signaling over the physical transport link, thus synchronizing clock frequency. The S9300can obtain clock data from the synchronized Ethernet links.

IEEE 1588V2 is a clock synchronization protocol. The clock precision is at the microsecondlevel, which meets the requirements of 3G services and base stations. The S9300 supports thefollowing features of IEEE 1588V2:

l Timed clock synchronization and clock data synchronizationl Three clock modes, namely, boundary clock, ordinary clock, and transparent clock

(including end-to-end transparent mode and point-to-point transparent mode). An interfacecan be configured with a clock as required.

l Protective switching of clock sources

For details about clock synchronization at the physical layer, refer to the “SynchronizationEthernet” in Quidway S9300 Terabit Routing Switch Feature Description - DeviceManagement.

For details about IEEE 1588V2 clock synchronization, refer to the “PTP” in Quidway S9300Terabit Routing Switch Feature Description - Device Management.

3.9 PoEOn Intranets, PoE can be used to provide centralized power for terminals such as IP phones,Access Points (APs), chargers of portable devices, POS machines, cameras, and data collectiondevices through the 10Base-T, 100Base-TX, or 1000Base-T Ethernet.

Terminals are powered when they access the network. Therefore, the indoor cabling of powersupply is not required.

According to IEEE802.3af or IEEE 802.3at, PoE involves PSEs and PDs.

The PSEs provide power for other devices and are classified into MidSpan (the PoE module isinstalled out of the switch) and Endpoint (the PoE module is integrated to the switch) PSEs.IEEE 802.3af or IEEE 802.3at allow the Endpoint PSE to use copper line pairs connected topins 1 and 2 and pins 3 and 6 or pins 4 and 5 and pins 7 and 8 for power supply. The EndpointPSE is compatible with 10Base-T, 100Base-TX, and 1000Base-T interfaces. The Endpoint PSEis more widely used than the Midspan PSE.

The S9300 is the Endpoint PSE, complying with IEEE 802.3af or IEEE 802.3at. Each interfaceprovides 30 W power.

On the S9300, each interface supporting PoE provides three power supply priorities for PDs,that is, critical, high, and low. When the power consumption of PDs is greater than the total


Product Description


Issue 01 (2010-12-15)

power of the PSE, the PSE first provides power supply for the PD on the interface with thehighest priority. If different interfaces have the same priority, the PSE provides power supplyfor PDs in descending order of port numbers. The PD on the interface with the smallest interfacenumber first obtains power supply.

For details about PoE, refer to the “PoE” in Quidway S9300 Terabit Routing Switch FeatureDescription - Device Management.

3.10 Enterprise Network FeaturesThe S9300 provides NAC, firewall, NAT, and load balancing for enterprise networks.

3.10.1 NACThis section describes the principle of network admission control (NAC).

3.10.2 Firewall

3.10.3 NAT

3.10.4 Load Balancing

3.10.1 NACThis section describes the principle of network admission control (NAC).

The NAC concept is introduced to protect the enterprise intranets against the attacks of emerginghacker technologies such as new viruses and worms. By using the NAC function, the S9300 canallow only the authorized or trusted devices to access the network, for example, personalcomputers, servers, and PDAs.

The main components of NAC are as follows:

l Agent program installed on the terminall Network access devicel Policy server or AAA serverl Anti-virus serverl Management system

When functioning as a network access device, the S9300 provides the following functions:

l 802.1X access, including port mode and MAC model Portal accessl Relay authentication in which the S9300 obtains user entries through DHCP snooping

In addition, the NAC function is applicable to the following special scenarios:

l Best-effort: Users can access the network when the RADIUS server is Down.l Privileged users and devices without agent, such as printer and IP phone



3-25

Figure 3-8 Main components and networking of NAC

��

��

Internet

SA

VPN GatewayEnterprise external

networkEnterprise intranet

SA

SA

Pre-authenticationdomain

Third-party anti-virus serverThird-party domain management serverThird-party patch server

Authenticationdomain 1

Authenticationdomain 2

Coreinformation

Commoninformation

SACG

SRS SCSM

SA: Secospace AgentSM : Secospace ManagementSC: Secospace controllerSRS: Secospace repair serverSACG: Security acess control gateway

3.10.2 FirewallThe S9300 provides the distributed firewall with a processing capacity of 10 Gbit/s to providehigh-performance security guarantee for large enterprises, carriers, and data center networks.The S9300 supports the functions of external attack defense, internal network security, trafficmonitoring, email filtering, Web page filtering, and application layer filtering. This effectivelyensures the security of the network.

The S9300 provides the following firewall functions:

l Packet filtering firewall

l Stateful firewall

l ASPF

l Blacklist

l Whitelist

l Port mapping

l Attack defense

l Traffic statistics and traffic monitoring


Product Description


Issue 01 (2010-12-15)

l Firewall logl Virtual firewall

The S9300 supports hot backup of firewalls in a two-node cluster. The session table and statusinformation are backed up in real time between the master and backup firewalls. When the masterfirewall is faulty, the backup firewall takes over the work of the master firewall smoothly.

For details about firewall, refer to the “Firewall” in Quidway S9300 Terabit Routing SwitchFeature Description - SPU.

3.10.3 NATThe S9300 provides NAT applications of many-to-one mapping, many-to-many mapping, staticnetwork segment mapping, bidirectional conversion, and DNS mapping for enterprises. Itsupports the NAT Application Level Gateway (ALG) function for NAT transversal of multipleapplication layer protocols.

The S9300 provides the following NAT functions:l NAT address pooll NAPTl Static NAT/NAPTl Easy IPl NAT serverl Twice NATl Source address associated with the VPN before NAT is performedl NAT server associated with the VPNl NAT ALG

For details about NAT, refer to the “NAT” in Quidway S9300 Terabit Routing Switch FeatureDescription - SPU.

3.10.4 Load BalancingThe S9300 provides server load balancing for Layers 4 to Layer 7 services and supportsdeployment of multiple applications and server clusters.

The S9300 supports the following load balancing algorithms:l WRR algorithml Least connection algorithml Least bandwidth algorithml Algorithm based on the loadl Algorithm based on the response timel Algorithm based on the source IP address of packetsl Algorithm based on the destination IP address of packetsl Algorithm based on the source and destination IP addresses of packetsl Algorithm based on the Layer 4 content of packetsl Algorithm based on the URL of HTTP packetsl Algorithm based on the header of HTTP packets



3-27

l Algorithm based on the Cookie and content

3.11 MPLSThis section describes the basics of MPLS, MPLS TE, and MPLS OAM.

NOTE

To implement MPLS functions, apply for and purchase the license from Huawei local office.

The S9300 can be used to construct the MPLS network. Services that are external to the MPLSnetwork are forwarded based on the VLAN ID and MAC addresses. On the MPLS network,services are transmitted based on the MPLS labels. This solves the problem regarding thecapacity of the VLAN tag and the limit to the amount of MAC table entries.

The S9300 can act as the PE device or Provider (P) device on the MPLS network.

The S9300 supports multiple MPLS features, including basic MPLS features, the LabelDistribution Protocol (LDP) or Resource Reservation Protocol for Traffic Engineering (RSVP-TE), MPLS TE, and MPLS OAM.

3.11.1 Basic MPLS Functions

3.11.2 MPLS TE

3.11.3 MPLS OAM

3.11.4 VLL

3.11.5 VPLS

3.11.6 HVPLS

3.11.7 MPLS L3VPNThis section describes the basics of MPLS L3VPN supported by the S9300.

3.11.1 Basic MPLS FunctionsThe S9300 supports the following basic MPLS functions:

l LDPl Static LSPl Two-layer MPLS labelsl Mapping the 802.1p priority to the EXP field of MPLS packets

For details about MPLS Functions, refer to the “MPLS LDP” in Quidway S9300 Terabit RoutingSwitch Feature Description - MPLS.

3.11.2 MPLS TEThe S9300 supports the MPLS Traffic Engineering (TE) function. MPLS TE is a technique thatintegrates TE with MPLS. Through the MPLS TE, the S9300 can create an LSP tunnel to aspecified path and implement re-optimization. MPLS TE also provides protection against linkor node failures by using path backup and fast reroute.

The S9300 supports the following MPLS TE features:


Product Description


Issue 01 (2010-12-15)

l Supports TE extension based on the IGP protocols including IS-IS and OSPF to collectnetwork information.

l Supports preemption, route pinning, and re-optimization of CR-LSP.l Supports establishment of CR-LSP based on RSVP TE; supports hot standby backup and

basic backup functions of the MPLS TE tunnel.l Supports the use of the Constraint Shortest Path First (CSPF) algorithm to calculate

appropriate path of CR-LSP. This calculates the shorted path to a node through CSPF.l Supports establishment of the MPLS TE tunnel and the following features of the tunnel:

– Loop detection on the MPLS TE tunnel– Record of routing and labels– Re-establishment of the MPLS TE tunnel– Configuration of the tunnel priority

For details about MPLS TE, refer to the “MPLS TE” in Quidway S9300 Terabit Routing SwitchFeature Description - MPLS.

3.11.3 MPLS OAMThe S9300 supports the MPLS OAM mechanism to perform end-to-end fault detection at thetunnel level and perform prompt protection switchover in 50 ms when an LSP link fails. MPLSOAM conforms to the ITU-T Y.1710, Y.1711, and Y.1720 recommendations to realize fastdetection of LSP connectivity. The interval for detecting LSP connectivity can be adjusted asrequired.

With the MPLS OAM mechanism, the S9300 can rapidly detect, locate, and report the fault inthe MPLS network by using the Connectivity Verification (CV) message and the Fast FailureDetection (FFD) message. When a fault occurs, the S9300 triggers protection switchover byusing the Forward Defection Indicator (FDI) message and the Backward Defect Indicator (BDI)message.

The S9300 supports 1:1 and N:1 protection switchover of LSPs with an active LSP and a standbyLSP. When the active LSP fails, the S9300 can promptly switch services to the standby LSP.This greatly improves the reliability of the MPLS network.

For details about MPLS OAM, refer to the “MPLS OAM” in Quidway S9300 Terabit RoutingSwitch Feature Description - MPLS.

3.11.4 VLLVLL is an emulation of the traditional leased line. By emulating the leased line through the IPnetwork, it provides asymmetric, low cost point-to-point virtual leased line services. VLL ismainly applied to the access layer and convergence layer of the MAN.

The S9300 supports the following four modes of VLL:

l MartiniThe Martini mode uses double labels. The inner label takes the extended LDP as thesignaling protocol to transmit information. The Martini mode conforms to the draft of draft-martini-l2circuit-trans-mpls. The Martini extends LDP by adding the FEC type in the VCFEC to exchange the VC label.

l KompellaThe Kompella mode uses MP-BGP as the signaling protocol. PEs automatically discoverL2VPN nodes during the connection of BGP sessions. The Kompella uses BGP as the



3-29

signaling protocol to transmit Layer 2 information and VC labels to realize L2VPN in end-to-end (CE to CE) mode on the MPLS network.

l SVCThe setup process of the SVC outer label (public network tunnel) is the same as that of theMartini. The inner label is manually specified during the VC configuration. Thetransmission signaling of the VC label is not required. The network topology and thepackets interaction of the SVC are the same as that of the Martini. Thus, the SVC is asimplified version of the Martini.

l CCCIn Circuit Cross Connect (CCC), VCs are statically configured, which is similar to SVC.Different from the common MPLS L2VPN, the CCC adopts one label to transmit user data.This label is used for label exchange on each Label Switching Router (LSR). Therefore,the CCC uses the LSP exclusively. Static LSPs must be configured in both directions.

For details about VLL, refer to the “VLL” in Quidway S9300 Terabit Routing Switch FeatureDescription - VPN.

3.11.5 VPLSVirtual Private LAN Service (VPLS) is used to connect more than one Ethernet LAN segmentthrough the Packet Switched Network (PSN) and make them operate in an environment similarto a LAN. With the VPLS technology, the ISP can establish multipoint-to-multipoint VPNconnections between the dispersed users. The dispersed users can be enterprises located indifferent cities.

The S9300 functions as the PE device on the VPLS network. The S9300 transmit VPLS servicesby establishing through-connection between PEs.

The S9300 supports VPLS in the following methods:

l Martinil Kompella

For details about VPLS, refer to the “VPLS” in Quidway S9300 Terabit Routing Switch FeatureDescription - VPN.

3.11.6 HVPLSVPLS through-connection is required between PEs. For multiple nodes or a large geographicarea, a large-scale VPLS network is required. This requires that the number of connectionsestablished be double the number of PEs. In this case, HVPLS is used to establish a large-scaleVPLS network.

The S9300 mainly functions as the User Provider Edge (UPE) device on the HVPLS network.It converges services from CE to Network Provider Edge (NPE) or PE-AGG (PE-Aggregation).

The S9300 supports HVPLS in Martini mode.

On the VPLS or HVPLS network, the S9300 maps services of different types to different VirtualSwitch Instances (VSIs). The S9300 then transparently transmits these services to NPE or PE-AGG through the VPLS or HVPLS network.

For details about HVPLS, refer to the “VPLS” in Quidway S9300 Terabit Routing SwitchFeature Description - VPN.


Product Description


Issue 01 (2010-12-15)

3.11.7 MPLS L3VPNThis section describes the basics of MPLS L3VPN supported by the S9300.

BGP/MPLS VPN provides Layer 3 VPN services over an MPLS network. MPLS facilitates theimplementation of IP-based VPN services and meets the requirements of expansibility andmanageability for VPNs. MPLS VPNs provide value-added services. Through configurations,a single access point can be configured with multiple VPNs, each of which identifies a type ofservices. This allows different types of services to be transmitted in a flexible manner overnetworks.

For details about MPLS L3VPN, refer to the “BGP/MPLS IP VPN” in Quidway S9300 TerabitRouting Switch Feature Description - VPN.



3-31

4 Application Scenarios

About This Chapter

This section describes the typical networking and applications of the S9300.

4.1 OverviewThis section describes the position of the S9300 at the access layer and convergence layer in theMAN.

4.2 Application of MPLS L2VPNThis section describes the function of MPLS VPN that can be applied in the actual networking.

4.3 Application of HVPLS for Dual-homing ProtectionThis section describes the function of HVPLS that can be applied at the access layer andconvergence layer of the MAN.

4.4 Application of RRPPThis section describes the function of RRPP in implementing fast protection switchover on ringnetworks.

4.5 Application of Smart Link in Dual-Homing NetworkingThis section describes the function of Smart Link in dual-homing networks.

4.6 Application of Ethernet OAMThis section describes the application of Ethernet OAM on the MAN.

4.7 Application of QoSThis section describes the application of QoS on the MAN.

4.8 Application of Selective QinQThis section describes the function of selective QinQ that can be applied in the actual networking.

4.9 Application of the S9300 in IPTV ServiceThis section describes the networking and application policy of the S9300 in the IPTV service.

4.10 Application of the S9300 in NAC NetworkingThis section describes the application of the S9300 in the NAC networking.

4.11 Applications of the FirewallThis section describes the firewall networking and policy of the S9300.

Quidway S9300 Terabit Routing SwitchProduct Description 4 Application Scenarios


4-1

4.1 OverviewThis section describes the position of the S9300 at the access layer and convergence layer in theMAN.

The S9300 is deployed at the access layer and convergence layer of the MAN. Figure 4-1 showsthe networking diagram.

Figure 4-1 S9300 application in the MAN

IP/MPLSCoreMAN MAN

LAN Switch

DSLAM

UPE UPE

NPE

DSLAM

As the UPE device in the MAN, the S9300 can converge services of Internet, VPN, IPTV, andVoIP from the downstream devices such as Digital Subscriber Line Access Multiplexer(DSLAM) and LAN switches such as the S2300, S3300.

The S9300 then accesses the upstream NPE devices, such as the Huawei ME60 and NE40E. TheS9300 can also act as a PE-AGG in complex networks to implement multiple levels ofaggregation.

4.2 Application of MPLS L2VPNThis section describes the function of MPLS VPN that can be applied in the actual networking.

The S9300 bears a strong capability of MPLS L2VPN.

The whole system supports 4 K VLL instances and 1 K VPLS instances.

As shown in Figure 4-2 and Figure 4-3, the S9300 functions as the UPE on the L2VPNnetwork,supports VLL and VPLS and provides the point-to-point VPN application andmultipoint-to-multipoint VPN application.

4 Application ScenariosQuidway S9300 Terabit Routing Switch

Product Description


Issue 01 (2010-12-15)

Figure 4-2 Point-to-point VPN application (VLL)

MANIntranet A

Intranet B

VLLVLL

Intranet B

Intranet A

UPE

UPEUPE

UPE

Figure 4-3 Multipoint-to-multipoint VPN application (VPLS)

MAN

VPLSVLL

Intranet A

Intranet B

Intranet A

Intranet A

Intranet B

UPE

UPE

UPE

UPE

As shown in Figure 4-4, cooperating with the DSLAM, Access Gateway (AG), and S2300/S3300, the S9300 realizes the mapping between the access services and the VLL or VPLSservices.



4-3

l Along with the DSLAM/AG, the S9300 maps the QinQ tunnel to the VLL or VPLS servicesinstances. This realizes the VLL services based on Digital Subscriber Line (DSL).

l

The S9300 bears multiple services at the access layer and convergence layer. The S9300 canmap a certain type of personal services such as broadband access and VoIP services, to the VLLor VPLS service instances.

Figure 4-4 VPN services realized through the cooperation between the S9300 and CE

VLL/VPLS

DSLVLLPOTS

Ethernet VLL

DSLAM/AG LAN switch

QinQ QinQVLL

UPE UPE

N P E

UPE

The S9300 provides the low-cost VLL or VPLS solutions. This allows the application of MPLSand MPLS VPN at the edge convergence layer.

l Solves the problem of pure Ethernet in the aspects of scalability, carrier-class reliability,and manageability.

l Lessens the burden on the higher level NPEs and avoids the problems of overburden andsingle-site faults.

l Realizes distributed processing of services with services implemented from devices at theedge convergence layer. This makes services customizable.

4.3 Application of HVPLS for Dual-homing ProtectionThis section describes the function of HVPLS that can be applied at the access layer andconvergence layer of the MAN.

The S9300 supports HVPLS to realize link protection to the two NPEs in dual-homing mode.On the HVPLS network, the S9300 acts as the UPE device to converge services from the CE.

The S9300 supports the following HVPLS network architecture:

l UPE+NPE Network Architecturel UPE+PE-AGG+NPE Network Architecture

4.3.1 UPE+NPE Network Architecture

4.3.2 UPE+PE-AGG+NPE Network Architecture


Product Description


Issue 01 (2010-12-15)

4.3.1 UPE+NPE Network Architecture

Figure 4-5 S9300 Application of HVPLS with UPE+NPE network architecture

IP/MPLSCore

UPEH-VPLS

DSLAM DSLAM

BFD for LSPBFD for LSP

LSW

UPE

UPE UPE

NPE NPE

LSW

LSW LSW

As shown in Figure 4-5, on the HVPLS network, the S9300 acts as the UPE device. The HuaweiME60 and NE40E routers can be used as the NPE devices.

l As the UPE device, the S9300 accesses services and classifies traffic through the selectiveQinQ. Services of different types can be mapped to different VSIs and then transparentlytransmitted to NPE devices through HVPLS.

l The NPE terminates services on the Pseudo Wire (PW) tunnel and then process servicesbased on the VLAN ID and QinQ information.

l Link protection is realized through MPLS TE protection group along with BFD for LSPon the HVPLS network.

4.3.2 UPE+PE-AGG+NPE Network ArchitectureOn the current network, PE-AGG devices can be added between the UPE and NPE devices. PE-AGG devices aggregate services, terminate VPLS, and transparently transmit services to theNPE device. The S9300 can serve as the PE-AGG or UPE device as shown in Figure 4-6.



4-5

Figure 4-6 S9300 application of HVPLS with UPE+PE-AGG+NPE network architecture

IP/MPLSCore

PE-AGG

NPE

H-VPLS

BFD for LSP

UPE

DSLAM DSLAMLSW

UPE

UPE

UPE

PE-AGG

NPE

LSW LSWLSW

In this networking mode:

l The S9300 functions the same in this network architecture as that in the "UPE+NPENetwork Architecture."

l The S9300 terminates the VPLS tunnel and transparently transmits services to the NPEdevice.

l The NPE terminate VLAN and QinQ, and then process services.

l Link protection is realized through BFD for LSP between the S9300 and the NPE device.

4.4 Application of RRPPThis section describes the function of RRPP in implementing fast protection switchover on ringnetworks.

In the networking where common Ethernet ring networks are used, RRPP is adopted instead ofMSTP to achieve fast convergence of topologies.

Generally, the metro Ethernet uses two-layer rings:

l One layer is the convergence layer between the convergence devices PE-AGGs, forexample, RRPP Domain 1 shown in Figure 4-7.


Product Description


Issue 01 (2010-12-15)

l The other layer is the access layer between PE-AGGs and UPEs, for example, RRPPDomain 2 shown in Figure 4-7.

Figure 4-7 Application of intersectant RRPP rings

IP/MPLSCore

Ring 1Domain 1

Ring 2

Domain 2

Switch-A

Switch-D

Switch-E

Switch-BAccess Layer

Aggregation Layer

Switch-FSwitch-G

LSWDSLAM

Switch-C

LSW

As shown in Figure 4-7, Ring 1 belongs to Domain 1; Ring 2 belongs to Domain 2. Ring 1 andRing 2 are tangent at Switch-C.

l On Ring 1, Switch-C is the master node; Switch-C, Switch-E, Switch-F, and Switch-G arePE-AGGs.

l On Ring 2, Switch-C is the master node; Switch-A, Switch-B, and Switch-D are UPEs.

For multiple tangent RRPP rings, the failure of a ring does not affect other domains. Theconvergence process of RRPP rings in a domain is the same as that of a single ring.

On RRPP rings, Layer 2 and Layer 3 services can be fast switched in the case of link faults.

l Fast switch of Layer 2 servicesIn normal situations, the data flow travels along the path of Switch-A → Switch-B →Switch-C on Ring 2. If the link between Switch-A and Switch-B fails, the data flow isswitched to another path on the RRPP ring.After the link between Switch-A and Switch-B fails and then the master node is notifiedof the link fault, the master node immediately unblocks the secondary port.At this time, the network topology changes, the original MAC address tables of the nodescannot correctly guide the Layer 2 forwarding. Thus, Layer 2 traffic is interrupted. Afterunblocking the secondary port, the master node immediately requires other nodes on the



4-7

ring to re-learn MAC address entries. The Layer 2 traffic on the RRPP ring is switched tothe path of Switch-A → Switch-D → Switch-C.

l Fast switch of Layer 3 services

In normal situations, the data flow travels along the path of Switch-C → Switch-E →Switch-F on Ring 1. When the link between Switch-C and Switch-E fails, the data flow isswitched to another path on the RRPP ring.

After the link between Switch-C and Switch-E fails and then the master node is notified ofthe link fault, the master node immediately unblocks the secondary port.

At this time, the network topology changes, the original ARPs and FIBs of the nodes cannotcorrectly guide the Layer 3 forwarding. After unblocking the secondary port, the masternode immediately requires other nodes on the ring to re-learn MAC address entries. TheLayer 2 traffic on the RRPP ring is switched to the path of Switch-C → Switch-G →Switch-F.

4.5 Application of Smart Link in Dual-Homing NetworkingThis section describes the function of Smart Link in dual-homing networks.

Generally, Smart Link is adopted on dual-homing Ethernet networks to implement fast switchingof links.

Figure 4-8 Application of Smart Link

Intranet

UPE1

UPE2

PE-AGG1

PE-AGG2

Intranet

SmartLinkGroup

Active linkStandby link

SmartLinkGroup

Core network

IP/MPLS

SmartLinkGroup

SmartLinkGroup

Smart Link can be deployed anywhere on the MAN to provide the dual-homing connections Byadopting Smart Link, UPE 1 or UPE 2 is dual-homed to PE-AGG 1 and PE-AGG 2 .

For example, configure the Smart Link group on UPE 1 and UPE 2. The upstream devices onlyneed to receive and send Flush packets. In the two uplinks, one link forwards packets and theother is blocked. When the active link fails, Smart Link swiftly senses the fault and switchestraffic to the standby link.

When the Monitor Link group is configured on PE-AGG 1 and PE-AGG 2, the uplink interfaceis associated with the downlink interface.


Product Description


Issue 01 (2010-12-15)

4.6 Application of Ethernet OAMThis section describes the application of Ethernet OAM on the MAN.

The S9300 provides Ethernet OAM to implement fault detection and protection switchover inless than 50 ms.

Figure 4-9 Application of Ethernet OAM on the MAN

Hotel

Residentialarea

Commercialcenter

EFM OAM (802.3ah)Ethernet in the first mile

……

Ethernet CFM (802.1ag)Access convergence

layer on the MAN

Backbonenetwork

BRAS

Router

IP/MPLScore network

PE-AGG

PE-AGG

UPE

UPE

UPE

UPE

UPECE

CE

CE

CE

CE

Intranet

Ethernet CFM can be applied at the access convergence layer on the MAN. MDs are classifiedbased on which ISP manages the devices. All the devices that are managed by the same ISP canbe configured in the same MD. MAs are classified based on different services. An MA isassociated with a VLAN. MEPs within an MA periodically exchange CCMs to test theconnectivity on the network. After Ethernet CFM detects a connectivity fault, alarms aregenerated and MAC ping and MAC trace are provided to verify and locate the fault.

EFM OAM is enabled on the CEs and UPEs. EFM OAM can test link connectivity of userservices by periodically exchanging OAMPDUs between the CE and NPE. EFM OAM monitorslink performance by testing the errored frames, errored codes, and errored frame seconds on thelink. This provides transmission services required in the SLA for users. EFM OAM also providesalarms when a fault occurs.



4-9

4.7 Application of QoSThis section describes the application of QoS on the MAN.

In the networking shown in Figure 4-10, enterprise A has two subdivisions: enterprise A-1 andenterprise A-2; enterprise B has two subdivisions: enterprise B-1 and enterprise B-2. TheEthernet VLL between the subdivisions of an enterprise is used to transmit services of voice,video, and data. Meanwhile, each subdivision requires access to the Internet.In Figure 4-10,Switch represents the S9300.

Figure 4-10 S9300 application of QoS

LSW

Switch

SwitchSwitch

Enterprise A-1

Enterprise A-2

Enterprise B-1

Enterprise B-2

IP/MPLScore

network

VPN of enterprise AVPN of enterprise B

Metro

VoiceVideoData

2 Mbit/s4 Mbit/s4 Mbit/s

10 Mbit/s

VoiceVideoData

2 Mbit/s4 Mbit/s4 Mbit/s

10 Mbit/s

InternetInternetInternetInternet

Enterprise A has the following requirements:

l The Ethernet VLL services between enterprise A-1 and enterprise A-2 need a bandwidthof 10 Mbit/s to guarantee bandwidth for different services.

– Voice services

The guaranteed bandwidth is 2 Mbit/s.

– Video services

The guaranteed bandwidth is 4 Mbit/s.

– Data services


Product Description


Issue 01 (2010-12-15)

The guaranteed bandwidth is 4 Mbit/s. It is also required that the remaining idlebandwidth can be occupied by data services. Thus, the peak bandwidth is 10 Mbit/s.

Enterprise B has the same requirements as enterprise A.

By applying level-2 traffic management of QoS on the Switch, you can meet the requirementsof different services and users for network resources.

4.8 Application of Selective QinQThis section describes the function of selective QinQ that can be applied in the actual networking.

The S9300 provides the selective QinQ function. The networking of selective QinQ is shown inFigure 4-11.In Figure 4-11, Switch represents the S9300.

Figure 4-11 S9300 application of selective QinQ

Router

Switch

LSW

DSLAM

VLAN1-500

TMG

Video server

ISP networkVLAN1-1000

User network

VLAN500-700

VLAN700-1000

VLAN1-1000 LSW

v10 v100

v10 v800

v10 v600v30 v450

v30 v850

v30 v650

v450v100

PSTN

BRAS BRAS


v650v600

v850v800

The three enterprise networks shown in Figure 4-11, all need to transmit data, voice, and videoservices. The Switch can append an outer ISP VLAN tag to the packets of each kind of accessservices. For example:



4-11

l Add an outer ISP VLAN tag VLAN 10 for data services of VLAN 100, VLAN 600, andVLAN800 from the customer networks.

l Add an outer ISP VLAN tag VLAN 30 for video services of VLAN 450, VLAN 650, andVLAN850 from the customer networks.

Offering the selective QinQ function, the S9300 can converge services and choose differentpaths for various services. This facilitates network deployment.

4.9 Application of the S9300 in IPTV ServiceThis section describes the networking and application policy of the S9300 in the IPTV service.

4.9.1 Networking of IPTV

4.9.2 Protection of IPTV Services

4.9.1 Networking of IPTVThe S9300 supports IPTV application as shown in Figure 4-12.

Figure 4-12 S9300 application of IPTV

STB

DSLAM

Switch

BRAS BRAS

Router(DR)

Router(BDR)

STB STB

Switch

DSLAM

Video server

IP/MPLS core

Video stream


Product Description


Issue 01 (2010-12-15)

The S9300 provides the IGMP snooping function and multicast across VLANs. It can serve asthe duplication and control point for multicast at the access layer of the MAN to meet the demandfor large-capacity multicast services. The multicast traffic can be copied within or acrossVLANs.

The DSLAM device provides the IGMP proxy function.

In the networking shown in Figure 4-12:

l The routers runs the PIM protocol. The routers run for the Designated Router (DR) orBackup Designated Router (BDR). DR processes the IGMP packets and copies the videostream from the IPTV server.

l Enable the IGMP snooping on the Switch to listen to IGMP packets. The Switch only sendsan IGMP request packet to join the multicast group. The multicast forwarding group is thenestablished. A static multicast group can be set up with popular channels.

l The Switch copies the multicast data to the DSLAM based on the multicast forwardingtable.

In addition, the S9300 supports port prompt-join or prompt-leave. This realizes fast switch ofIPTV services.

4.9.2 Protection of IPTV ServicesAs shown in Figure 4-13, along with the NPE in the networking, the S9300 provides a protectionmechanism for IPTV services.



4-13

Figure 4-13 S9300 protection for IPTV services

STB

DSLAM

Switch

BRAS BRAS

Router(DR)

Router(BDR ->DR)

STB STB

Switch

DSLAM

IPTV server

IP/MPLS core

Video stream

Fault

BFD for PIM

BFD for PIM

The following mechanism is used to protect the IPTV services:

1. BFD for PIM is enabled between the two routers. BFD for PIM is used to detect the linkstatus of the multicast link.

2. When faults occur to the link, or the Switch, or one of the routers, BFD for PIM is used todetect faults in 50 ms.

3. The router on the right acts as BDR. BDR swiftly switches to DR. Thus both the routersbecome DR to forward multicast packets at the same time.

4. When faults recover, the routers run for DR/BDR again. The service is back to normal.

4.10 Application of the S9300 in NAC NetworkingThis section describes the application of the S9300 in the NAC networking.


Product Description


Issue 01 (2010-12-15)

Figure 4-14 shows the application of the S9300 in the NAC networking.In Figure 4-14,Switch represents the S9300.

Figure 4-14 Application of the S9300 in the NAC networking

Policy server Patch/anti-virus server

Separated area

Visit area

Work areaPortal server

Switch

ACS/SC

On an enterprise intranet, a personal computer (PC) does not need to be installed with the terminalsoftware program. The user is redirected to the login page by captive portal. The user needs toenter user name and password. Then the NAD, namely, the Switch, submits the user name andpassword to the RADIUS server for authentication. Before passing the authentication, the usercan access only the resources in the separated area.

The ACS or SC, which is similar to a RADIUS server, returns a message notifying that the userpasses the authentication.

The PC and the ACS set up an HTTP link and the ACS verifies the security of the PC. After thesecurity of the PC is verified, the user can access the common data area or core data areadepending on the user authority.

When the Session-Time-Out feature is configured, if the authentication server is unavailable,for example, authentication times out or the RADIUS server does not respond, the user is allowedto go online and access the network. In this case, the Session-Time-Out timer is started and theuser is authenticated again when the timer expires.

4.11 Applications of the FirewallThis section describes the firewall networking and policy of the S9300.

Application on the Enterprise IntranetThe switch that provides the firewall function is deployed at the egress of the headquarters of acompany. When providing external services such as Web, FTP, and email services, the switchprevents internal resources of the headquarters from being attacked on the Internet. Theswitch provides NAT for the staff of the company who need to log in to the Internet, and functionsas the remote VPN access point of branches. Branch egress where the firewall is deployed: The



4-15

switch prevents internal resources of the headquarters from being attacked on the Internet andprovides VPN services for the branch staff who need to access the network of the headquarters.Figure 4-15 shows the networking of the firewall on the enterprise intranet.

Figure 4-15 Networking diagram for applying the firewall to the enterprise intranet


On-business staff Web Server

Mail Server

FTP Server

Switch（firewall）

Branch

Switch（firewall）

Application on the ISP NetworkThe switch that provides the firewall function is deployed at the egress of the ISP. It protectsISP servers and ISP users, prevents attacks on the Internet, and functions the NAT gateway forusers to access the Internet. Figure 4-16 shows the networking of the firewall on an ISP network.


Product Description


Issue 01 (2010-12-15)

Figure 4-16 Networking diagram applying the firewall to the ISP network


PSTN

Access server

Web server

Switch (firewall)

Application in the Data CenterThe switch that provides the firewall function is deployed at the egress of the data center. Itprotects the servers in the data center against attacks on the Internet and protects the key datastored in the data center. The firewall is deployed at the egress of the data center; therefore, youneed to deploy the firewalls in redundancy mode to ensure the high availability of the data center.Figure 4-17 shows the networking of the firewall in the data center.



4-17

Figure 4-17 Networking diagram for applying the firewall to the data center


Server farm

Convergence layer

Switch (firewall)Switch (firewall)

Core layer

Access layer

Cashes

Server farm Server farm

Active link

Backup link


Product Description


Issue 01 (2010-12-15)

5 Operation and Maintenance

About This Chapter

This section describes the method of configuration and login, the measures to monitor devicesand debug faults, the process of software upgrade and in-service patching and the functions ofnetwork management system for the S9300.

5.1 Maintenance and ManagementThis section describes the method of configuration and login, the measures to monitor devicesand debug faults, and the process of software upgrade and in-service patching.

5.2 NMSThis NMS provides resource management, topology management, configuration management,fault management, performance management, and security management for the S9300.

Quidway S9300 Terabit Routing SwitchProduct Description 5 Operation and Maintenance


5-1

5.1 Maintenance and ManagementThis section describes the method of configuration and login, the measures to monitor devicesand debug faults, and the process of software upgrade and in-service patching.

5.1.1 Configuration Modes

5.1.2 Management and Monitoring

5.1.3 Diagnosis and Debugging

5.1.4 In-Service Software Upgrade and Patching

5.1.1 Configuration Modes

Multiple Maintenance Modes

The S9300 supports configuration and management in the following ways:

l Through the command line interface (CLI)

Users can configure and manage the S9300 by logging in to the device from a terminatorthrough the console port or the ETH interface.

l Through the NMS

Users can configure and manage the S9300 based on SNMP through a network managementstation.

l Through Web network management

The Web server is embedded in the S9300. You can configure the S9300 by logging in tothe Web page through the browser.

Flexible Login Modes

To support local and remote login, the S9300 offers the following interfaces:

l Console port

Users can log in to the console port of the S9300 through the RS-232 serial port of a terminaldevice.

l ETH interface

Users can log in to the ETH interface of the S9300 through Telnet or SSH.

In addition, users can also telnet the S9300 through other service ports.

To satisfy different security demands, the S9300 offers various measures to authenticate userlogin, such as:

l Non-authentication

l Local authentication

l AAA authentication

5 Operation and MaintenanceQuidway S9300 Terabit Routing Switch

Product Description


Issue 01 (2010-12-15)

5.1.2 Management and Monitoring

Hardware MonitoringThe S9300 provides the following hardware monitor functions:

l Provides the MCU, SRU, LPU, CMU, power module, and panel of a fan frame withindicators to indicate their running status.

l Provides in-service board detection, hot swap detection, Watch Dog, board resetting, fanmodule monitoring, power module monitoring, active/standby switchover and logrecording for the users' reference.

l Monitors the temperature of boards automatically when the system is running and controlsthe temperature.

l Provides statistics on abnormal and error packets.l Provides statistics on the protocol packets to be delivered to the CPU and details of the

packets.l Provides information for querying the utilization of CPU and memory.

Management and MaintenanceThe S9300 provides the following management and maintenance functions:

l Supports multi-user operations and user interface (UI) in two languages: Chinese andEnglish.

l Provides command lines with flexible online help. Command line descriptor searcheskeywords with a partial match, which speeds up the input of commands.

l Provides hierarchical command lines and management of user authorities which preventsunauthorized users from logging in to the S9300.

l Provides classification and filtering of alarms.l Provides DosKey-like function to run a history command.l Provides local and remote loading and upgrading of software and supports version rollback,

backup, storage and purge.l Supports information collection at different layers such as the port, Layer 2, or Layer 3.l Supports the information center to provide the uniform management of logs, traps and

debugging information and can redirect information as required.l Supports display of system status and version, and environment parameters such as

temperature, utilization of CPU and memory.

5.1.3 Diagnosis and Debugging

Ping and TraceThe S9300 supports the following tools for testing the connectivity and recording transmissionpaths of packets on IP networks:

l Pingl Trace

The S9300 supports the following tools for testing the connectivity and recording transmissionpaths of packets on MPLS networks:



5-3

l MPLS pingl MPLS trace

The S9300 provides the following tools to check the link-layer connectivity of the devices onthe network and obtain information about network status and delay:

l MAC Pingl MAC TraceRoute

DebuggingThe S9300 provides the debugging commands for each feature. The debugging information isextensive and in detail to diagnose faults easily. Each debugging command supports multipleparameters. Debugging can be enabled or disabled on specified interfaces for specified servicesthrough the console port.

The debugging commands can display the following information of the feature:

l Critical eventsl Process runningl Packet transmission and processingl Packet resolutionl State switchoverl Error check

TraceThe S9300 supports the system trace function. Trace is used to perform advanced test anddiagnose software. The S9300 also uses trace to on-line record important events including thetask switching, interrupting, queue reading and writing, and system exception.

System can refer to the trace information to locate faults after rebooting in case of failures. Tracecan be enabled and disabled by using commands.

MirroringThe S9300 supports port mirroring and flow mirroring.

l Port mirroringIncoming traffic, outgoing traffic, or both incoming and outgoing traffic at the observedport is copied intact to the observing port.

l Flow mirroringObserved flows are copied intact to the observing port.

Connecting a host with the observing port of the S9300 and watching the received packet, theISPs can observe the packets that the S9300 inputs and outputs. The mirroring function offersa basis of traffic detection, fault allocation, and data analysis.

Virtual Cable DetectionGiven the virtual cable detection feature, the S9300 allows you to detect the current status ofcables connected to the Ethernet interfaces in the following aspects:


Product Description


Issue 01 (2010-12-15)

l Whether short circuits or open circuits occur on the receive or transmit cablesl Length of the faulty cable

5.1.4 In-Service Software Upgrade and Patching

In-Service UpgradeThe S9300 supports local and remote upgrading of the system software.

l Local upgradeWhen the S9300 is booted, the software can be upgraded through the BootROM menu.

l Remote upgradeThe S9300 supports the active and standby main process units. To ensure uninterruptedservices when upgrading the software on the S9300, it is recommended to upgrade thestandby main process unit before carrying out active/standby switchover. After upgradingthe standby main process unit, upgrade the active main process unit.

In-Service PatchingThe S9300 supports in-service patching. The features of in-service patching are as follows:

l The service is not interrupted during the loading of patches.l The patching can either be confirmed or removed.l Prompts of patching status are provided.

Version RollbackThe S9300 supports version rollback. The features of version rollback are as follows:

l If the upgraded version becomes unavailable, restart the software of another version to bootthe system.

l If faults occur during the process of upgrading or patching, the system can be recovered tothe status before the upgrading or patch loading.

5.2 NMSThis NMS provides resource management, topology management, configuration management,fault management, performance management, and security management for the S9300.

U2000The S9300 uses Huawei U2000 as a centralized NMS. The U2000 provides a multi-languagegraphical user interface (GUI) for convenient and visualized operations. The U2000 alsoprovides northbound interfaces for connecting to a third-party NMS and can be interconnectedor integrated with other NMSs of carriers.

The U2000 uses Simple Network Management Protocol (SNMP) to manage devices andsupports the CLI to manage device configuration. As the basis of Huawei data communicationsnetwork management system, the U2000 provides solution to manage and maintain the datacommunications network. The U2000 can manage network elements and certain devices at thenetwork layer. The U2000 provides the following functions:



5-5

l Resource managementl Topology managementl Fault managementl Performance managementl Test and diagnosis managementl Network element configuration managementl VPN service managementl LSP service managementl DC managementl Syslog managementl Security managementl Operation log managementl Report management

Web Network ManagementThe S9300 uses Huawei U2000 as a centralized NMS. The U2000 supports a multi-languageGUI for convenient and visualized operations. The U2000 also provides northbound interfacesfor connecting to a third-party NMS and can be integrated with other NMSs of carriers.

To facilitate maintenance and use of the S9300, the Web network management is introduced.

Web network management provides an embedded Web server in the S9300. Users can log in tothe S9300 through PCs to manage and maintain the S9300. By using Web network management,the maintenance personnel need to configure only IP addresses and Web-based NMS accountson the S9300s, and then enter IP addresses in the address bar of the Microsoft Internet Explorerto manage and maintain the S9300s. The operations are easy to learn and perform. In this manner,the working efficiency of the network management personnel is greatly improved.


Product Description


Issue 01 (2010-12-15)

6 Technical Specification

About This Chapter

This section lists the physical parameters, power supply parameters, specification, andperformance indexes of the S9300.

6.1 Physical SpecificationsThis section describes the dimensions, power consumption, weight, voltage, and workingenvironment parameters of the S9300.

6.2 System ConfigurationThis section describes the switching capacity, backplane capacity, and forwarding rate of theS9300.

6.3 Performance and CapacityThis section describes the performance specifications of the software and hardware of theS9300.

6.4 List of Software FeaturesThis section describes the software features of the S9300.

Quidway S9300 Terabit Routing SwitchProduct Description 6 Technical Specification


6-1

6.1 Physical SpecificationsThis section describes the dimensions, power consumption, weight, voltage, and workingenvironment parameters of the S9300.

Table 6-1 Physical specifications of the S9300

Item Specifications

Dimensions (width x depth x height) without theswitching rack-mounting ear

l S9303: 442.0 x 476 x 175l S9306: 442 x 476 x 441.7l S9312: 442 x 476 x 663.95

Maximum power consumption (fully configured) l S9303: 350 Wl S9306: 800 Wl S9312: 1400 W

Weight (fully configured) l S9303 < 22 kgl S9306 < 42 kgl S9312 < 70 kg

DC input voltage Rated voltage -48 V/ -60 V

Maximum voltage range -48 V: -38.4 V to -57.6 V-60 V: -48 V to -72 V

AC input voltage Rated voltage l S9303/S9306: 110 V/220 Vl S9312: 220 V

Maximum voltage range 90 V to 290 V

PoE Power input mode Built-in. Only the AC power supply issupported.

Redundancy mode ofpower supplies

The S9303 does not support the backupof AC power modules.The S9306 and the S9312 support thepower supplies in 3+1, 2+2, or 4+0 (notbackup) mode.

Output power consumption S9303: a maximum of 800 WS9306 and S9312: a maximum of 3200W

Temperature Long-term operation 0°C to 45°C

Short-term operation -5°C to 55°C

Storage -40°C to 60°C

Relative humidity Long-term operation 5% RH to 85% RH, non-condensing

6 Technical SpecificationQuidway S9300 Terabit Routing Switch

Product Description


Issue 01 (2010-12-15)

Item Specifications

Short-term operation 0% RH to 95% RH, non-condensing

Altitude forinstallation

Long-term operation Less than 3000 m

Storage Less than 5000 m

6.2 System ConfigurationThis section describes the switching capacity, backplane capacity, and forwarding rate of theS9300.

Table 6-2 System configuration of the S9300

Item Configuration of the S9312

Configuration of the S9306

Configuration of theS9303

Note

Processor 700 MHz(Dominantfrequency)

700 MHz(Dominantfrequency)

500 MHz(Dominantfrequency)

-

DDR2SDRAM

1 GB 1 GB 512 MB -

NVRAM 512 KB 512 KB 512 KB Battery supply

Flash 64 MB 64 MB 64 MB -

CF card 512 MB 512 MB 512 MB The CF card serves as amass storage device tosave data files and logs.

Switchingcapacity

2 Tbit/s 2 Tbit/s 720 Gbit/s Bidirectional

Backplanecapacity

12Tbit/s 6Tbit/s 3Tbit/s Bidirectional

10GE portdensity

576 288 144 -

FE/GE portdensity

576 288 144 -

Forwardingcapability

1320 Mpps 1080 Mpps 540 Mpps -

Number ofslots for theLPUs

12 6 3 LPU (Optional)



6-3

Item Configuration of the S9312

Configuration of the S9306

Configuration of theS9303

Note

Number ofslots for theSRUs/MCUs

2 2 2 S9306/S9312: SRUS9303: full mesh

Maxtransmission rate on aport of theLPU

48GE,48×10GE

48GE,48×10GE

48GE,48×10GE

-

6.3 Performance and CapacityThis section describes the performance specifications of the software and hardware of theS9300.

Table 6-3 Performance specifications of the S9300

Attribute Service Feature Specifications

Availability Availability 0.99999768

Mean Time Between Failure (MTBF) 24.59 years

Mean Time To Repair (MTTR) 0.5 hours

Downtime 1.22 minutes/year

Ethernet Number of MAC addresses supportedby each LPU

l ED board: 512 Kl EC board: 128 Kl EA/SA/FA board: 32 K

Number of VLANs 4 K

Number of trunk groups and number ofinterfaces supported by each trunk group

128 trunk groups, each of whichsupports a maximum of 8 interfaces

Rate of learning MAC addresses More than 3000 each second

Number of ARP entries 16 K

Number of ARP entries supported byeach LPU

l EA/EC/ED board: 16 Kl SA/FA board: 8 K

QoS Number of QoS queues on a port 8

CAR l ED/EC/EA/FA board: 8 kbit/sl SA board: 64 kbit/s


Product Description


Issue 01 (2010-12-15)


ACL ACLv4 Number of IPv4 ACLs supportedby each LPU:l ED board: 70K for inbound

traffic; 1000 for outboundtraffic

l EC board: 70K for inboundtraffic; 1000 for outboundtraffic

l EA board: 6000 for inboundtraffic; 1000 for outboundtraffic

l SA (24GE) board: 3000 forinbound traffic; 500 foroutbound traffic

l SA (X12SA/X48SSA) board:1200 for inbound traffic; 500 foroutbound traffic

l FA (G48SFA/G48TFA/F48TFA) board: 1200 forinbound traffic; 500 foroutbound traffic

l FA (G24CFAT) board: 3000 forinbound traffic; 500 foroutbound traffic

ACLv6 Number of IPv6 ACLs supportedby each LPU:l ED board: 67K for inbound

traffic; 250 for outbound trafficl EC board: 35K for inbound

traffic; 250 for outbound trafficl EA board: 3000 for inbound

traffic; 250 for outbound trafficl SA (24GE): 1500 for inbound

traffic; 250 for outbound trafficl SA (X12SA/X48SSA): 250 for

inbound traffic; 120 foroutbound traffic

l FA (G48SFA/G48TFA/F48TFA): 250 for inboundtraffic; 120 for outbound traffic

l FA (G24CFAT): 250 forinbound traffic; 120 foroutbound traffic

MPLS Number of LSPs 8 K



6-5


Number of LDP neighbors > 256

L2VPN Number of VLL entries 4 K

Number of VSI entries 1 K

L3VPN Number of VRFs 2 K

Number of VPN routes l S9306/S9312: 500 Kl S9303: 140 K

IP Session - 8 K on an LPU and 16 K on theentire equipment

IP unicast IPv4 forwarding IPv4 forwarding at line speed

Number of routing entries l S9306/S9312: 512Kl S9303: 220K

IPv4 FIB l ED board: 512 Kl EC board: 128 Kl EA board: 16 Kl SA/FA board: 12K

IPv6 FIB l ED board: 256 Kl EC board: 64 Kl EA board: 8 Kl SA/FA board: 6K

Multicast Number of static multicast routes 256

Number of L2 multicast forwardingentries

1 K

Number of L3 multicast forwardingentries

l ED/EC/EA board: 4 Kl SA/FA board: 2 K

Reliability BFD l BFD sessions: 2 Kl Minimum fault discovery

duration: If no FSU isconfigured, the duration is 3s; ifan FSU is configured, theduration is 50 ms.


Product Description


Issue 01 (2010-12-15)


Ethernet OAM l 802.1agUp to 64 MDs can be created onthe entire equipment.The number of MAs on theentire equipment is as follows:– S9312 and S9306: 4 K– S9303: 2 KDetection time: 3.3 ms/10 ms/100 ms/1s/10s/1 min/10 min

l 802.3ahDetection time: 100 ms/1s

RRPP l Maximum number of RRPPinstances: 48

l Rings supported by the entireequipment: 64

l Rings supported by an LPU: 5l Maximum number of RRPP

domains: 64l link switchover time: less than

50 ms

VRRP l VRRP backup groups on theentire equipment: 255

l VRRP backup groups on theentire equipment: 16

l Virtual IP addresses in eachVRRP backup group: 16

l Switchover time: If no FSU isconfigured, the time is 3s; if anFSU is configured, the time is 50ms.

SmartLink l Maximum number of instanceson the entire equipment: 48

l The switchover time is less than50 ms.

MSTP l Maximum number of instanceson the entire equipment: 48

l The switchover time is less than100 ms.



6-7


SEP l Maximum number of segmentson the entire equipment: 256

l The convergence time is lessthan 50ms

6.4 List of Software FeaturesThis section describes the software features of the S9300.

Table 6-4 Software features list of the S9300

Feature Description

Ethernet features Ethernet l Supports operating mode of full-duplex, half-duplex, and auto-negotiation.

l Supports 10/100/1000 Mbit/s and 10 Gbit/s rateof Ethernet ports.

l Supports auto-negotiation rate of Ethernet ports.l Supports flow control on ports.l Supports Jumbo packets.l Supports binding ports into Ethernet trunk.l Supports load balancing on links in the trunk.l Supports port isolation and forwarding

restriction.l Supports broadcast storm suppression.

VLAN l Supports access modes of Access, Trunk, Hybrid,and QinQ.

l Supports default VLAN.l Supports 1:1 VLAN mapping.l Supports N:1 VLAN mapping.l Supports 802.1p-based VLAN mapping.l Supports QinQ.l Supports selective QinQ.l Supports VLAN switching.

MAC l Supports automatic learning and aging of MACaddresses.

l Supports static, dynamic, and blackhole MACentries.

l Supports limit to MAC address learning based onports and VLANs.


Product Description


Issue 01 (2010-12-15)

Feature Description

ARP l Supports static and dynamic ARP.l Supports ARP in VLAN.l Supports aging of ARP entries.

Smart Link l Supports Smart Link.l Supports Smart Link multi-instance.l Supports Monitor Link.

DLDP Supports unidirectional link detection.

LLDP Supports LLDP.

Virtual cable test Supports virtual cable detection.

Protectionagainst Ethernetloops

MSTP l Supports STP.l Supports RSTP.l Supports MSTP.l Supports BPDU guard, root guard, and loop

guard.l Supports BPDU tunnel.

RRPP l Supports RRPP.l Supports RRPP multi-instance.

Loop detection l Support loop detection.

IP routing IPv4 unicast l Network management interface supports IPv4unicast data packets.

l Network management interface supports staticIPv4 unicast routes.

l Supports RIP, OSPF, IS-IS, and BGP.l Supports the DHCP server and the DHCP relay.l Supports DHCP snooping.

IPv6 unicast l Supports RIP, OSPFv3, ISISv6, and BGP+.l Supports TCP6, ping IPv6, tracert IPv6, and

socket IPv6.l Supports DHCPv6 snooping.l Supports ND Snooping

IPv4/IPv6transition

l Supports the IPv6 over IPv4 tunnel.l Supports IPv4 over IPv6.l Supports 6FE.



6-9

Feature Description

Multicast - l Supports IGMP, MLD, MSDP, PIM-DM, PIM-SM, and PIM-SSM.

l Supports IGMPv1, IGMPv2, IGMPv3 snooping.l Supports MLDv1 snooping.l Supports fast-leave of users.l Controls multicast traffic.l Supports multicast VLAN.l Supports multicast querier.l Suppresses multicast protocol packets.l Supports multicast ACL.l Supports multicast copy.l Supports IGMP snooping over VPLS.l Supports multicast VPN

MPLS features Basic MPLSfunctions

l Supports static LSP.l Supports static mapping between VLAN and

MPLS SVC to provide virtual dedicated Ethernetlines.

l Supports L2VPN and L3VPN.l Supports two-layer MPLS labels.l Supports MPLS over Ethernet.l Maps the 802.1p priority to the EXP field in the

MPLS packet.

MPLS OAM l Supports LSP ping and LSP traceroute.l Supports automatic fault detection.l Supports 1+1 protection of LSP.

MPLS-TE l Supports establishment of MPLS-TE tunnel.l Supports MPLS-TE protection group.

VLL/HVPLS l Supports VLL in SVC, Martini, Kompella orCCC mode.

l Supports VPLS in Martini or Kompella mode.l Supports HVPLS in LSP and QinQ mode.l Supports the VLL access and VPLS access after

VLAN switching is performed.

Ethernet OAM Ethernet OAM l Supports P2P Ethernet fault management definedin IEEE 802.3ah.

l Supports Ethernet OAM defined in IEEE802.1ag.

l Supports MAC ping and MAC trace.


Product Description


Issue 01 (2010-12-15)

Feature Description

BFD - l Supports BFD physical link detection.l Supports connectivity detection for IP.l Supports connectivity detection for LSP, CR-

LSP, and MPLS TE protection group.l Supports BFD detection on the VPLS network.l Supports BFD detection based on VPLS and

protection switchover for the diagnosis packetthat manages the switchover of VPLS.

QoS features Trafficclassification

l Supports classification based on Layer 2 protocolheader, Layer 3 protocol, Layer 4 protocol, 802.1ppriority, or their combination.

l Supports classification based on C-VID of QinQpackets.

Traffic behavior l Controls access of the classified packets.l Supports traffic policing based on CAR.l Supports packet re-marking according to the

classification.l Supports queuing of the classified packets.l Supports mixed use of traffic classification and

traffic behavior.

Queuescheduling

l Supports PQ, WRR, DRR, PQ+WRR, and PQ+DRR scheduling.

Congestionavoidance

l Supports WRED.l Supports tail drop.

Traffic shaping l Supports traffic shaping for the outbound traffic.

Traffic policing Supports two-level traffic policing.

Clock - l Ethernet clock synchronizationl 1588v2

PoE - l Supports IEEE 802.3af/802.3at.l Each interface provides 30 W power.

enterprisenetwork feature

NAC l Supports 802.1x authentication.l Supports MAC address authentication.l Supports Portal authentication.l Supports MAC address bypass authentication.l Supports direct authentication.



6-11

Feature Description

Firewall l Packet filteringl ASPFl Supports attack defense.l Supports transparent firewall.l Supports firewall multi-instance.

NAT l Supports the NAT address pool.l Supports NAPT.l Supports the NAT server.l Supports static NAT/NAPT.l Supports Easy IP.l Supports ALG.l Supports NAT multi-instance.

Load balancing l Supports server detection.l Supports session holding.l Supports multiple load balancing algorithms.l Supports server load balancing at Layers 4 to 7.

IPSec VPNNOTE

The release ofRussia does notprovide the IPSecVPN.

l Supports IKEv1/v2 negotiation.l Supports AH and ESP modes.l Supports detection through Keepalive messages.l Supports NAT traversal.l Supports manual configuration of the static SA.l Supports multiple encryption algorithms.

Configurationand maintenance

Terminalservices

l Supports CLI configuration.l Supports prompt and help information in English

and Chinese.l Supports terminal services through the Console

port or Telnet.l Supports the Send function to make the terminals

communicate with each other.

File system l Supports file system.l Supports directory and file management.l Supports file uploading and downloading through

FTP and TFTP.


Product Description


Issue 01 (2010-12-15)

Feature Description

Debug andmaintenance

l Supports unified management of logs, traps, anddebugging information.

l Supports electronic labels.l Supports logs of users.l Supports detailed debugging information to assist

troubleshooting.l Supports black box.l Supports network testing tools such as

traceroute and ping commands.l Supports port mirroring and traffic mirroring.

Availability l Supports the power modules in 1+1 or 2+2 backupmode and the fan modules in N+1 backup mode.

l Supports hot swap of the SRUs/MCUs, LPUs, fanmodules, and power modules.

l Supports the SRUs/MCUs in 1+1 backup mode.l Supports automatic switchover and forcible

switchover of the SRUs/MCUs.l Supports the bundling of Ethernet ports on

different boards.

Softwareupgrade

l Supports in-service upgrade of VRP systemsoftware.

l Supports in-service upgrade of BootROM.l Supports in-service patch.l Supports version rollback.



6-13

Feature Description

Security andmanagement

System security l Supports hierarchical commands to protectagainst unauthorized users.

l Supports SSH v1.5 and v2.0.l Supports RADIUS and HWTACACS

authentication.l Supports ACL filtering.l Supports defend against attacks of DoS, SYN

flood of TCP, UDP flood, broadcast storms, andlarge traffic.

l Supports limit to MAC address learning.l Supports blackhole MAC.l Supports port isolation.l Supports packet filtering.l Supports CPU channel guard.l Supports the suppression of ARP packets based

on IP addresses.l Supports blacklist and whitelist.l Supports attack trace.l Supports Automatic Laser Shutdown (ALS)

Networkmanagement

l Supports ping and traceroute functions.l Supports SNMPv1/v2c/v3.l Supports standard MIB.l Supports RMON.


Product Description


Issue 01 (2010-12-15)

quidway s9300 terabit routing switch product description(v100r003c01_01).pdf

Documents