You are on page 1of 108

Quidway S9300 Terabit Routing Switch V100R002C00

Product Description

Issue Date

05 2010-01-08

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For any assistance, please contact our local office or company headquarters.

Huawei Technologies Co., Ltd.


Address: Huawei Industrial Base Bantian, Longgang Shenzhen 518129 People's Republic of China Website: Email: http://www.huawei.com support@huawei.com

Copyright Huawei Technologies Co., Ltd.2010. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd. Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd. All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied. The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway S9300 Terabit Routing Switch Product Description

Contents

Contents
About This Document................................................................................................................ 1 1 Product Overview ................................................................................................................. 1-1
1.1 Introduction............................................................................................................................................ 1-1 1.2 High-Density Interfaces.......................................................................................................................... 1-2 1.3 Flexible Expansibility............................................................................................................................. 1-3 1.4 Powerful Forwarding Capability ............................................................................................................. 1-3 1.5 Rich Service Features ............................................................................................................................. 1-3 1.6 Excellent Security Design....................................................................................................................... 1-4 1.7 Carrier-Class Reliability ......................................................................................................................... 1-5 1.8 Maintainability....................................................................................................................................... 1-7

2 System Architecture.............................................................................................................. 2-1


2.1 System Structure .................................................................................................................................... 2-1 2.1.1 System Structure of the S9303 ....................................................................................................... 2-2 2.1.2 System Structure of the S9306 ....................................................................................................... 2-3 2.1.3 System Structure of the S9312 ....................................................................................................... 2-5 2.2 Hardware Structure................................................................................................................................. 2-8 2.2.1 Backplane ....................................................................................................................................2-10 2.2.2 SRU .............................................................................................................................................2-10 2.2.3 MCU............................................................................................................................................2-10 2.2.4 CMU............................................................................................................................................2-11 2.2.5 LPU .............................................................................................................................................2-11 2.2.6 FSU..............................................................................................................................................2-14 2.2.7 Clock Board .................................................................................................................................2-14 2.3 Software Architecture............................................................................................................................2-15

3 Service Features..................................................................................................................... 3-1


3.1 IP Features ............................................................................................................................................. 3-2 3.1.1 IPv4/IPv6 Protocol Stack ............................................................................................................... 3-2 3.1.2 IPv4 Features................................................................................................................................. 3-3 3.1.3 IPv6 Features................................................................................................................................. 3-3 3.1.4 IPv4/IPv6 Transition Technologies................................................................................................. 3-3 3.2 MPLS .................................................................................................................................................... 3-6 3.2.1 Basic MPLS Functions .................................................................................................................. 3-6 Issue 05 (2010-01-08) Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. i

Contents

Quidway S9300 Terabit Routing Switch Product Description 3.2.2 MPLS TE ...................................................................................................................................... 3-6 3.2.3 MPLS OAM.................................................................................................................................. 3-7

3.3 MPLS L2VPN........................................................................................................................................ 3-7 3.3.1 VLL .............................................................................................................................................. 3-7 3.3.2 VPLS ............................................................................................................................................ 3-8 3.3.3 HVPLS ......................................................................................................................................... 3-8 3.4 MPLS L3VPN........................................................................................................................................ 3-8 3.5 IP Session............................................................................................................................................... 3-9 3.6 QoS........................................................................................................................................................ 3-9 3.6.1 Hierarchical Traffic Policing.........................................................................................................3-10 3.6.2 Flow Control ................................................................................................................................3-10 3.6.3 Re-marking ..................................................................................................................................3-10 3.6.4 Queue Scheduling.........................................................................................................................3-10 3.6.5 Congestion Avoidance ..................................................................................................................3-11 3.6.6 Traffic Shaping.............................................................................................................................3-11 3.7 Ethernet ................................................................................................................................................3-11 3.7.1 VLAN Mapping ...........................................................................................................................3-11 3.7.2 Selective QinQ .............................................................................................................................3-12 3.7.3 BPDU Tunnel...............................................................................................................................3-12 3.8 Ethernet OAM.......................................................................................................................................3-13 3.8.1 Point-to-Point Fault Management for Ethernet ..............................................................................3-13 3.8.2 End-to-End Fault Management for Ethernet ..................................................................................3-13 3.8.3 Ethernet Performance Management...............................................................................................3-15 3.9 NQA .....................................................................................................................................................3-15 3.10 NAC ...................................................................................................................................................3-18 3.11 Multicast .............................................................................................................................................3-20 3.11.1 Multicast Routing Protocol .........................................................................................................3-20 3.11.2 IGMP Snooping..........................................................................................................................3-20 3.11.3 Static Multicast...........................................................................................................................3-22 3.11.4 Multicast VLAN and Multicast Replication.................................................................................3-22 3.12 Reliability ...........................................................................................................................................3-22 3.12.1 Link Aggregation........................................................................................................................3-22 3.12.2 DLDP.........................................................................................................................................3-23 3.12.3 RRPP and the Multi-Instance Technology....................................................................................3-23 3.12.4 Smart Link and the Multi-Instance Technology............................................................................3-23 3.12.5 BFD ...........................................................................................................................................3-24 3.12.6 LSP Protection Switchover .........................................................................................................3-24 3.12.7 High Availability at the Equipment Level ....................................................................................3-24 3.13 LLDP ..................................................................................................................................................3-27 3.14 Security...............................................................................................................................................3-27 3.14.1 Security for Devices ...................................................................................................................3-27 3.14.2 Security for Services...................................................................................................................3-28

ii

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

Contents

3.15 Clock ..................................................................................................................................................3-30 3.16 NetStream ...........................................................................................................................................3-30

4 Maintenance and Network Management .......................................................................... 4-1


4.1 Maintenance and Management................................................................................................................ 4-1 4.1.1 Configuration Modes ..................................................................................................................... 4-1 4.1.2 Management and Monitoring ......................................................................................................... 4-2 4.1.3 Diagnosis and Debugging .............................................................................................................. 4-3 4.1.4 In-Service Software Upgrade and Patching .................................................................................... 4-4 4.2 U2000 .................................................................................................................................................... 4-5

5 Networking Applications .................................................................................................... 5-1


5.1 Application in the MAN ......................................................................................................................... 5-2 5.2 Application of MPLS L2VPN ................................................................................................................. 5-2 5.3 Application of HVPLS for Dual-homing Protection................................................................................. 5-4 5.3.1 UPE+NPE Network Architecture ................................................................................................... 5-5 5.3.2 UPE+PE-AGG+NPE Network Architecture ................................................................................... 5-6 5.4 Application of RRPP .............................................................................................................................. 5-6 5.5 Application of Smart Link in Dual-Homing Networking.......................................................................... 5-8 5.6 Application of Ethernet OAM................................................................................................................. 5-9 5.7 Application of QoS ................................................................................................................................5-10 5.8 Application of Selective QinQ ...............................................................................................................5-11 5.9 Application of the S9300 in IPTV Service..............................................................................................5-12 5.9.1 Networking of IPTV.....................................................................................................................5-12 5.9.2 Protection of IPTV Services..........................................................................................................5-14 5.10 Application of the S9300 in NAC Networking......................................................................................5-15

6 System Specifications........................................................................................................... 6-1


6.1 Technical Specifications ......................................................................................................................... 6-1 6.1.1 Physical Specifications .................................................................................................................. 6-1 6.1.2 System Configuration .................................................................................................................... 6-3 6.2 Performance Specifications..................................................................................................................... 6-4 6.3 Software Features List ............................................................................................................................ 6-7

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

iii

Quidway S9300 Terabit Routing Switch Product Description

Figures

Figures
Figure 2-1 Appearance of the S9303 ............................................................................................................ 2-2 Figure 2-2 Appearance of the back of the S9303 .......................................................................................... 2-2 Figure 2-3 Component layout of the S9303.................................................................................................. 2-3 Figure 2-4 Appearance of the S9306 ............................................................................................................ 2-4 Figure 2-5 Appearance of the back of the S9306 .......................................................................................... 2-4 Figure 2-6 Component layout of the S9306.................................................................................................. 2-5 Figure 2-7 Appearance of the S9312 ............................................................................................................ 2-6 Figure 2-8 Appearance of the back of the S9312 .......................................................................................... 2-7 Figure 2-9 Component layout of the S9312.................................................................................................. 2-8 Figure 2-10 Hardware structure of the S9303 ............................................................................................... 2-9 Figure 2-11 Hardware structure of the S9306 and S9312 .............................................................................. 2-9 Figure 3-1 Structure of the IPv4/IPv6 protocol stack .................................................................................... 3-3 Figure 3-2 Schematic diagram of the IPv6 over IPv4 tunnel technology ....................................................... 3-4 Figure 3-3 Networking diagram of the IPv4 over IPv6 tunnel ....................................................................... 3-5 Figure 3-4 6PE topology.............................................................................................................................. 3-5 Figure 3-5 Networking diagram of the IP session ......................................................................................... 3-9 Figure 3-6 Main components and networking of NAC ................................................................................3-19 Figure 5-1 S9300 application in the MAN.................................................................................................... 5-2 Figure 5-2 Point-to-point VPN application (VLL) ........................................................................................ 5-3 Figure 5-3 Multipoint-to-multipoint VPN application (VPLS) ...................................................................... 5-3 Figure 5-4 VPN services realized through the cooperation between the S9300 and CE.................................. 5-4 Figure 5-5 S9300 Application of HVPLS with UPE+NPE network architecture............................................ 5-5 Figure 5-6 S9300 application of HVPLS with UPE+PE-AGG+NPE network architecture............................. 5-6 Figure 5-7 Application of intersectant RRPP rings........................................................................................ 5-7 Figure 5-8 Application of Smart Link........................................................................................................... 5-8 Figure 5-9 Application of Ethernet OAM on the MAN................................................................................. 5-9

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Figures

Quidway S9300 Terabit Routing Switch Product Description

Figure 5-10 S9300 application of QoS ........................................................................................................5-10 Figure 5-11 S9300 application of selective QinQ.........................................................................................5-11 Figure 5-12 S9300 application of IPTV.......................................................................................................5-13 Figure 5-13 S9300 protection for IPTV services..........................................................................................5-14 Figure 5-14 Application of the S9300 in the NAC networking.....................................................................5-15

vi

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

Tables

Tables
Table 1-1 Number of interfaces supported by the entire system..................................................................... 1-2 Table 1-2 System parameters of the S9300 ................................................................................................... 1-3 Table 1-3 Carrier-class reliability ................................................................................................................. 1-6 Table 2-1 SRU............................................................................................................................................2-10 Table 2-2 Ethernet LPUs.............................................................................................................................2-11 Table 2-3 FSUA .........................................................................................................................................2-14 Table 3-1 List of NQA diagnosis tools provided by S9300...........................................................................3-15 Table 6-1 Physical specifications of the S9300 ............................................................................................. 6-1 Table 6-2 System configuration of the S9300 ............................................................................................... 6-3 Table 6-3 Performance specifications of the S9300....................................................................................... 6-4 Table 6-4 Software features list of the S9300................................................................................................ 6-7

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

vii

Quidway S9300 Terabit Routing Switch Product Description

About This Document

About This Document


Purpose
This document describes the product over, system architecture, service features, maintenance and network management system, networking applications, and system specifications of the S9300.

Related Versions
The following table lists the product versions related to this document. Product Name S9300 Version V100R002C00

Intended Audience
This document is intended for:
l l l l

Policy planning engineers Installation and commissioning engineers NM configuration engineers Technical support engineers

Organization
This document is organized as follows. Chapter 1 Product Overview 2 System Architecture 3 Service Features Description Describes the technical features of the S9300. Describes the structure, hardware, and software of the S9300. Describes the service features of the S9300.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

Quidway S9300 Terabit Routing Switch Product Description

Chapter 4 Maintenance and Network Management 5 Networking Applications 6 System Specifications

Description Describes the operation and maintenance of the S9300. Describes the typical networking of the S9300 and the deployment of the network. Describes the dimensions and weight of the S9300 and the environment indexes, including currency, voltage, temperature, and humidity.

Conventions
Symbol Conventions
The symbols that may be found in this document are defined as follows. Symbol Description Indicates a hazard with a high level of risk, which if not avoided, will result in death or serious injury. Indicates a hazard with a medium or low level of risk, which if not avoided, could result in minor or moderate injury. Indicates a potentially hazardous situation, which if not avoided, could result in equipment damage, data loss, performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text.

General Conventions
The general conventions that may be found in this document are defined as follows. Convention Times New Roman Boldface Italic Description Normal paragraphs are in Times New Roman. Names of files, directories, folders, and users are in boldface. For example, log in as user root. Book titles are in italics.

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

About This Document

Convention Courier New

Description Examples of information displayed on the screen are in Courier New.

Command Conventions
The command conventions that may be found in this document are defined as follows. Convention Boldface Italic [] { x | y | ... } [ x | y | ... ] { x | y | ... }* Description The keywords of a command line are in boldface. Command arguments are in italics. Items (keywords or arguments) in brackets [ ] are optional. Optional items are grouped in braces and separated by vertical bars. One item is selected. Optional items are grouped in brackets and separated by vertical bars. One item is selected or no item is selected. Optional items are grouped in braces and separated by vertical bars. A minimum of one item or a maximum of all items can be selected. Optional items are grouped in brackets and separated by vertical bars. Several items or no item can be selected. The parameter before the & sign can be repeated 1 to n times. A line starting with the # sign is comments.

[ x | y | ... ]* &<1-n> #

GUI Conventions
The GUI conventions that may be found in this document are defined as follows. Convention Boldface > Description Buttons, menus, parameters, tabs, window, and dialog titles are in boldface. For example, click OK. Multi-level menus are in boldface and separated by the ">" signs. For example, choose File > Create > Folder.

Keyboard Operations
The keyboard operations that may be found in this document are defined as follows.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

About This Document

Quidway S9300 Terabit Routing Switch Product Description

Format Key Key 1+Key 2

Description Press the key. For example, press Enter and press Tab. Press the keys concurrently. For example, pressing Ctrl+Alt+A means the three keys should be pressed concurrently. Press the keys in turn. For example, pressing Alt, A means the two keys should be pressed in turn.

Key 1, Key 2

Mouse Operations
The mouse operations that may be found in this document are defined as follows. Action Click Double-click Drag Description Select and release the primary mouse button without moving the pointer. Press the primary mouse button twice continuously and quickly without moving the pointer. Press and hold the primary mouse button and move the pointer to a certain position.

Update History
Updates between document issues are cumulative. Therefore, the latest document issue contains all updates made in previous issues.

Updates in Issue 05 (2010-01-08)


Based on issue 04 (2009-11-10), the document is updated as follows: The following information is modified:
l

Number of IPv4 and IPv6 ACLs supported by each LPU is modified: 6.2 Performance Specifications

Updates in Issue 04 (2009-11-10)


Based on issue 03 (2009-09-20), the document is updated as follows: The following information is modified:
l l l

The description of license support for the NQA function is added: 3.1.2 IPv4 Features The description of license support for the IPv6 function is added: 3.1 IP Features The description of license support for the MPLS function is added: 3.2 MPLS

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

About This Document

Updates in Issue 03 (2009-09-20)


Based on issue 02 (2009-08-15), the document is updated as follows: The following information is modified:
l l

Hardware Structure: 2.2 Hardware Structure LPU: 2.2.5 LPU

Updates in Issue 02 (2009-08-15)


Based on issue 01 (2009-07-29), the document is updated as follows: The following information is added:
l

Hardware Structure: 2.2.7 Clock Board

The following information is modified:


l l l

Hardware Structure: 2.2.5 LPU Technical Specifications: 6.1.1 Physical Specifications System Specifications: 6.2 Performance Specifications

Updates in Issue 01 (2009-07-29)


This is the first release.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Quidway S9300 Terabit Routing Switch Product Description

1 Product Overview

1
About This Chapter
1.1 Introduction 1.2 High-Density Interfaces 1.3 Flexible Expansibility

Product Overview

This section describes the features of the S9300 and the position of the S9300 on the network.

This section describes the position of the S9300 on the network.

This section describes the interface capability of the S9300.

This section describes the expansibility of the S9300. 1.4 Powerful Forwarding Capability

This section describes the forwarding capability of the S9300. 1.5 Rich Service Features

This section describes the service features of the S9300. 1.6 Excellent Security Design

This section describes the security features of the S9300. 1.7 Carrier-Class Reliability

This section describes the reliability of the S9300. 1.8 Maintainability

This section describes the maintainability of the S9300.

1.1 Introduction
This section describes the position of the S9300 on the network. With the popularization of the IP network and the trend of triple play services, the Metropolitan Area Network (MAN) is bearing more services, demanding higher requirements on the quality of transmission.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-1

1 Product Overview

Quidway S9300 Terabit Routing Switch Product Description

In view of such a demand, Huawei has developed the Quidway S9300 Terabit Routing Switch (hereinafter referred to as the S9300), a high-end network device. The S9300 is mainly used to access, converge, and transmit services on the MAN. As the access and convergence device on the MAN, the S9300 provides Fast Ethernet (FE), Gigabit Ethernet (GE), and 10GE interfaces that transmit services at line speed. The S9300 provides three models: S9312, S9306, and S9303. The S9312 supports a maximum of 12 Line Processing Units (LPUs); the S9306 supports a maximum of six LPUs; the S9303 supports a maximum of three LPUs. You can choose different models as required. The S9300 operates on the Versatile Routing Platform (VRP) operating system developed by Huawei and adopts the hardware-based forwarding and non-blocking data switching technology. The S9300 features carrier-class reliability, line-speed forwarding capability, perfect Quality of Service (QoS) mechanism, service processing capability, and good expansibility. In addition, the S9300 provides strong capabilities in network access, Layer 2 switching, and transmission of Ethernet over MultiProtocol Label Switching (EoMPLS) services. The S9300 also supports rich IP services and provides broadband access, triple play, IP leased line, and Virtual Private Network (VPN) services. The S9300 can also work in conjunction with the S series switches, NE80E, NE40E, ME60, and MA5200G developed by Huawei to set up a hierarchical metro Ethernet that provides rich services for customers.

1.2 High-Density Interfaces


This section describes the interface capability of the S9300. The S9300 provides high-density Ethernet interfaces. Table 1-1 provides the specifications of the boards with highest interface density supported by the S9300, including the interface types, interface density of a board, and interface density of the entire equipment. Table 1-1 Number of interfaces supported by the entire system Interface Type 10GE interface Board Density 12 System Density S9312: 144 S9306: 72 S9303: 36 GE interface 48 S9312: 576 S9306: 288 S9303: 144 FE interface 48 S9312: 576 S9306: 288 S9303: 144

1-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

1 Product Overview

1.3 Flexible Expansibility


This section describes the expansibility of the S9300. To satisfy the increasing requirements for carrier-class network services, the S9300 provides flexible expansibility in the following aspects:
l l

Services: The Switch Routing Unit (SRU) of the system supports the Flexible Service Unit A (FSUA), which can meet the requirements for service expansion in the future. Power supply capability: This version supports the 1600 W power supply capability and working in 1+1 or 2+2 backup mode; the later versions support power module working in 4+4 backup mode.

1.4 Powerful Forwarding Capability


This section describes the forwarding capability of the S9300. Designed with the hardware-based forwarding engine, the S9300 carries out full-duplex forwarding of IPv4, IPv6, MPLS, and Layer 2 packets at line speed on all interfaces. The S9300 also supports forwarding based on Access Control Lists (ACLs) at line speed. The hardware completes two-level packet replication to forward multicast at line speed:
l l

The SRU/Main Control Unit (MCU) replicates multicast packets to the Line Processing Unit (LPU). The forwarding engine of the LPU replicates the multicast packets to its interfaces.

Table 1-2 System parameters of the S9300 S9312 Switching capacity Backplane capacity 10GE port density FE/GE port density Forwarding capability 1 Tbit/s or 2 Tbit/s 4.8 Tbit/s 144 576 1320 Mpps S9306 1 Tbit/s or 2 Tbit/s 2.4 Tbit/s 72 288 1080 Mpps S9303 720 Gbit/s 1.2 Tbit/s 36 144 540 Mpps

1.5 Rich Service Features


This section describes the service features of the S9300. Based on the VRP, the S9300 provides the following service features:

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-3

1 Product Overview
l

Quidway S9300 Terabit Routing Switch Product Description

Layer 2 service features, including:


Virtual Local Area Network (VLAN) Selective QinQ Rapid Ring Protection Protocol (RRPP) Smart Link Spanning Tree Protocol (STP), Rapid Spanning Tree Protocol (RSTP), Multiple Spanning Tree Protocol (MSTP) Port aggregation Dynamic Host Configuration Protocol (DHCP) snooping Internet Group Management Protocol (IGMP) snooping Multicast Listener Discovery (MLD) snooping Ethernet OAM IPv4 unicast routing protocols, including Routing Information Protocol (RIP), Open Shortest Path First (OSPFv2), Open Shortest Path First (ISIS), Border Gateway Protocol (BGP), Multiprotocol Border Gateway Protocol (MBGP). IPv6 unicast routing protocol, including RIPng, OSPFv3, ISIS, and BGP+. Multicast routing protocols, including IGMP, MLD, Multicast Source Discovery Protocol (MSDP), PIM-DM, PIM-SM, and PIM-SSM. Virtual Router Redundancy Protocol (VRRP). DHCP Relay, DHCP Server, Option82. Netstream MPLS forwarding LDP MPLS-TE MPLS-OAM Virtual Private LAN Service (VPLS) Virtual Leased Line (VLL) BGP/MPLS IP VPN Stratum-3 clock Synchronization Ethernet clock Network Access Control (NAC). The S9300, which functions as the network access device (NAD), supports web authentication, 802.1x authentication, and MAC address authentication. Power On Ethernet (PoE)

Various IP services, including:

MPLS services, including:


Perfect VPN services, including:


Mobile service support, including


Enterprise intranet support

1.6 Excellent Security Design


This section describes the security features of the S9300.
1-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

1 Product Overview

The S9300 takes multiple security measures to protect the data of Internet Service Provider (ISP) networks and end users. The measures can protect against Denial of Service (DoS) attacks, illegal access, and overload on the control plane. The S9300 adopts a distributed structure, which guarantees the separation between the data plane and the control plane. It provides a security performance leading in the industry. The S9300 provides the following security features:
l

Three user authentication modes: local authentication, Remote Authentication Dial in User Service (RADIUS) authentication, and Huawei Terminal Access Controller Access Control System (HWTACACS) authentication Hardware-based packet filtering and sampling, which guarantees high performance and high scalability Multiple authentication methods including plain text authentication and Message Digest 5 (MD5) for upper-layer routing protocols such as Open Shortest Path First (OSPF), Intermediate System-to-Intermediate System (IS-IS), Routing Information Protocol (RIP), and Border Gateway Protocol-4 (BGP-4) ACLs on the forwarding plane and control plane Anti-attack features. The user can configure the blacklist and white list and set CAR to restrict the packets to be sent to the CPU. Interface protection function Unicast Reverse Path Forwarding (URPF) Dynamic Host Configuration Protocol (DHCP) snooping and DHCP Snooping over VPLS Limit the number of Medium Access Control (MAC) addresses the system can learn and MAC Forced Forwarding (MFF) Address Resolution Protocol (ARP) attack defense, IP source trail, and traffic suppression Blacklist and attack trace: Filter the traffic of the users on the blacklist and display the physical ports and VLANs of the attackers. Whitelist: Provide a high-priority channel for the protocol packets transmitted to the CPU.

l l

l l l l l l l l l

1.7 Carrier-Class Reliability


This section describes the reliability of the S9300. Based on the carrier-class design, the S9300 supports hot swap of boards. The S9300 chassis can be installed in an N66-18 or N66-22 cabinet provided by Huawei or a standard 19-inch cabinet of a third party. The S9300 provides a powerful monitoring system. The S9300 manages and maintains the entire system by using the individual monitoring module. The monitoring module manages, monitors, and maintains the boards, fans, and power modules. The system complies with Electro Magnetic Compatibility (EMC). The modular design of the system carries out EMC isolation between boards. The S9300 meets the requirements for the high reliability of carrier-class and high-end devices. The S9300 provides the following features shown in Table 1-3 to ensure high reliability.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-5

1 Product Overview

Quidway S9300 Terabit Routing Switch Product Description

Table 1-3 Carrier-class reliability Item System protection mechanism Description The boards, power modules, and fans are hot swappable. The monitoring module is totally separated from the service system. The system can operate normally for 96 hours when a single fan fails. The SRUs run in 1+1 backup mode. The power modules work in 1+1 or 2+2 backup mode. The key components such as the clocks and management buses work in backup mode. Protections against abnormalities The system restarts automatically when abnormalities occur and recovers the work. The system resets a board when abnormalities occur on the board and recovers the work. The system automatically restores the interface configuration. The system provides protections against over-current and over-voltage for power modules and interfaces. The system provides protection against mis-insertion of boards. Power alarm monitoring Voltage and environment temperature monitoring Reliability design The system provides alarm prompt, alarm indication, running status query, and alarm status query. The system provides alarm prompt, alarm indication, running status query, and alarm status query.

The system adopts distributed hardware-based forwarding. The control channel is separated from the service channel to provide a non-blocking control channel. The system provides fault detection for the system and boards, indicators, and the Network Management System (NMS) alarm function.

Reliable upgrade

The system supports in-service patching. The system supports version rollback. The system supports in-service upgrading of the BootROM. The system supports the Error Checking and Correction (ECC) Random Access Memory (RAM).

Fault tolerance design

Data backup

The system supports hot backup of the data between the active and standby units. When the active unit fails, the standby unit automatically takes over the active unit for data transmission. This ensures that no data is lost.

1-6

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

1 Product Overview

Item

Description Synchronizatio n configuration The system supports the synchronization between the SRUs and LPUs.

The system can automatically select and boot correct applications. The system supports the automatic upgrade and restoration of the BootROM program. The system can back up configuration files to the remote File Transfer Protocol (FTP) server. The system can automatically select and run correct configuration files. The system provides abnormality monitoring for the system software, automatic restoration, and log record. Operation security The system provides password protection for system operations. The system provides hierarchical protection for commands through the configuration of login user classes and command levels. The system can lock the terminal through commands to prevent illegal use. The system provides operation and confirmation prompts for some commands that may degrade the system performance. Operation and maintenance center The system adopts the generic integrated NMS platform developed by Huawei.

1.8 Maintainability
This section describes the maintainability of the S9300. Cooperating with the NMS, the S9300 provides performance measurement, alarm management, and fault location. Customers can configure and maintain the device remotely through the NMS. This decreases the management cost of the ISP.
l

Supports the point-to-point (P2P) Ethernet fault management defined in Ethernet Operation, Administration, and Maintenance (OAM) to detect faults in the first mile of the direct link on the user side of the Ethernet. The S9300 supports the following functions defined in IEEE 802.3ah:

OAM discovery Link monitoring Fault notification Remote loopback Connectivity check MAC trace

In addition, the S9300 supports the following functions defined in IEEE 802.1ag:

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

1-7

1 Product Overview
l l l l

Quidway S9300 Terabit Routing Switch Product Description

MAC ping

Supports MPLS OAM to provide fault detection and location techniques such as ping and trace. Supports the association among 802.1ag, 802.3ah, and BFD to achieve end-to-end OAM. Supports traffic statistics based on the physical interface, VLAN ID, LSP, and ACL. Through the U2000, you can operate the S9300 to perform the following management functions:

Device management Interface management VLAN management Multicast management MPLS management VPN management Software upgrading management Configuration file management End-to-end configuration Batch configuration Guide configuration

The U2000 offers various customized configuration methods, such as:


The U2000 also provides default configuration templates for different items.
l l

Supports remote device management. Users can log in to maintain the device through Telnet. Supports remote in-service upgrade. When the S9300 runs properly, the software can be upgraded remotely through FTP or TFTP. Along with the active/standby switchover, the S9300 can be upgraded without service interruption. Supports in-service patching. It can load patches as required. The services are not interrupted during the loading of patches. The patching can either be confirmed or removed. Supports version rollback. The S9300 supports version rollback in the case of an upgrade failure or patching failure. The system can be recovered to the normal status before the upgrading or patch loading.

1-8

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

2 System Architecture

2
About This Chapter
2.1 System Structure 2.2 Hardware Structure

System Architecture

This section describes the appearance, hardware structure and software architecture of the S9300

This section describes the appearance and component layout of the S9300.

This section describes the hardware structure, backplane, MCU, SRU, LPU, CMU , FSU and clock board of the S9300. 2.3 Software Architecture

This section describes the relationship between the operating system and software features of the S9300.

2.1 System Structure


This section describes the appearance and component layout of the S9300. The S9300 adopts a distributed hardware architecture. The S9300 consists of the following components:
l l l l l l l

Chassis Backplane Power module Fan frame Switch Routing Unit (SRU) or Main Control Unit (MCU) Line Processing Unit (LPU) Central Management Unit (CMU)

The S9300 can be installed in either the 297 cabinet specified by the International Electrotechnical Commission (IEC) or the cabinet specified by the European Telecommunications Standards Institute (ETSI).

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-1

2 System Architecture

Quidway S9300 Terabit Routing Switch Product Description

l l

The SRU and CMU are applicable only to the S9312 and S9306. The MCU is applicable only to the S9303.

2.1.1 2.1.2 2.1.3

System Structure of the S9303 System Structure of the S9306 System Structure of the S9312

2.1.1 System Structure of the S9303


Appearance of the S9303
Figure 2-1 shows the appearance of the S9303. Figure 2-1 Appearance of the S9303

1. Ack-mounting ear 4. LPU

2. Power module 5. PoE module

3. MCU 6. Cabling rack

Figure 2-2 shows the appearance of the back of the S9303. Figure 2-2 Appearance of the back of the S9303

1. Air filter

2. Fan module

The dimensions of the S9303 are 442 mm x 476 mm x 175 mm (width x depth x height).

2-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

2 System Architecture

Facing the chassis, the LPUs, MCUs, and power modules are mounted from top to bottom. Ventilation and heat dissipation of the S9303 are performed from the back of the chassis. The handles reside on both sides of the chassis.

Component Layout of the S9303


Figure 2-3 shows the component layout of the S9303. Figure 2-3 Component layout of the S9303
LPU LPU LPU MCU Power module
l

MCU Power module PoE

All components of the S9303 are located on the front panel for maintenance. There are totally five slots for horizontally inserted boards in the board cage. The two half-height slots in the lower half of the chassis are reserved for the MCUs that support 1+1 backup mode. The other three slots are reserved for the LPUs. The fan frame and air filter of the S9303 are located at the back of the chassis. Located at the bottom of the chassis, the power modules work in 1+1 backup mode and support double power supply networks for power input. The power modules can be either AC power modules or DC power modules. The power modules support PoE. The PoE function supports only the AC power supply and does not support the backup of power modules.

l l

2.1.2 System Structure of the S9306


Appearance of the S9306
Figure 2-4 shows the appearance of the S9306.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-3

2 System Architecture

Quidway S9300 Terabit Routing Switch Product Description

Figure 2-4 Appearance of the S9306

1. LPU 4. Cabling rack 7. Power module

2. SRU 5. PoE module

3. Ack-mounting ear 6. CMU

Figure 2-5 shows the appearance of the back of the S9306. Figure 2-5 Appearance of the back of the S9306

1. Air filter

2. Fan module

The dimensions of the S9306 are 442 mm x 476 mm x 441.7mm (width x depth x height).

2-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

2 System Architecture

Facing the chassis, the LPUs, SRUs, CMUs, and power modules are mounted from top to bottom. Ventilation and heat dissipation of the S9306 are performed from the back of the chassis. The handles reside on both sides of the chassis.

Component Layout of the S9306


Figure 2-6 shows the component layout of the S9306. Figure 2-6 Component layout of the S9306
LPU LPU LPU SRU SRU LPU LPU LPU Power module Power module Power module Power module CMU CMU POE POE POE POE

The board cage of the S9306 provides a total of eight slots for horizontally inserted boards. The two slots in the middle are reserved for the SRUs that support 1+1 backup mode. The other six slots are reserved for the LPUs. The fan frame and air filter of the S9306 are located at the back of the chassis. Located at the bottom of the chassis, the power modules support double power supply networks for power input. The power modules can be either AC power modules or DC power modules. The DC power modules can work in 1+1 mode. The AC power modules can work in 1+1 or 2+2 mode. Located at the bottom of the chassis, the CMUs work in 1:1 backup mode. The power modules support Power over Ethernet (PoE). The PoE function supports only the AC power supply. Four AC power modules work in 3+1, 2+2, or 4+0 (not backup) mode..

l l

l l

2.1.3 System Structure of the S9312


Appearance of the S9312
Figure 2-7 shows the appearance of the S9312.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-5

2 System Architecture

Quidway S9300 Terabit Routing Switch Product Description

Figure 2-7 Appearance of the S9312

1. LPU 4.Cabling rack 7. Power module

2. SRU 5. PoE module

3. Ack-mounting ear 6. CMU

Figure 2-8 shows the appearance of the back of the S9312.

2-6

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

2 System Architecture

Figure 2-8 Appearance of the back of the S9312

1. Air filter

2. Fan module

The dimensions of the S9312 are 442 mm x 476 mm x 663.95 mm (width x depth x height). Facing the chassis, the LPUs, SRUs, CMUs, and power modules are mounted from top to bottom. Ventilation and heat dissipation of the S9312 are performed from the back of the chassis. The handles are on both sides of the chassis.

Component Layout of the S9312


Figure 2-9 shows the component layout of the S9312.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-7

2 System Architecture

Quidway S9300 Terabit Routing Switch Product Description

Figure 2-9 Component layout of the S9312


LPU LPU LPU LPU LPU LPU SRU SRU LPU LPU LPU LPU LPU LPU Power module Power module Power module Power module CMU CMU POE POE POE POE

The board cage of the S9312 provides a total of 14 slots for horizontally inserted boards. The two slots in the middle are reserved for the SRUs that support 1+1 backup mode. The other 12 slots are reserved for the LPUs. The fan frame and air filter of the S9312 are located at the back of the chassis. Located at the bottom of the chassis, the power modules support double power supply networks for power input. The power modules can be either AC power modules or DC power modules. The DC power modules can work in 1+1 mode. The AC power modules can work in 1+1 or 2+2 mode. The power modules support PoE. The PoE function supports only the AC power supply. Four AC power modules work in 3+1, 2+2, or 4+0 (not backup) mode.. Located at the bottom of the chassis, the CMUs work in 1+1 backup mode.

l l

l l

2.2 Hardware Structure


This section describes the hardware structure, backplane, MCU, SRU, LPU, CMU , FSU and clock board of the S9300. Figure 2-10 shows the hardware structure of the S9303.

2-8

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

2 System Architecture

Figure 2-10 Hardware structure of the S9303


Service layer software

MCU

Management layer software

Control layer software

NMS

Control plane communication module

Control plane communication module

Main control module Material Service interface processing module module

High speed Serdes backplane System clock module

LPU
Monitoring module Clock module

System monitoring module

Figure 2-11 shows the hardware structure of the S9306 and S9312. Figure 2-11 Hardware structure of the S9306 and S9312
Service layer software

SRU

Management layer software

Control layer software

NMS

Control plane communication module

Control plane communication module

Main control module Material Service interface processing module module

High speed Serdes backplane

Switching network module

LPU
Monitoring module Clock module

System clock module

System monitoring module

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-9

2 System Architecture

Quidway S9300 Terabit Routing Switch Product Description

2.2.1 2.2.2 2.2.3 2.2.4 2.2.5 2.2.6 2.2.7

Backplane SRU MCU CMU LPU FSU Clock Board

2.2.1 Backplane
The S9300 is designed with a passive backplane. The backplane provides control buses, management buses, and clock buses between the SRU,MCU and other components for communication. The backplane of an S9300 provides two slots for the main process unit. In addition, the backplane of an S9303 provides 3 LPU slots, the backplane of an S9306 provides 6 LPU slots, and the backplane of an S9312 provides 12 LPU slots.

2.2.2 SRU
The SRU is applicable only to the S9306 and S9312. The SRU integrates multiple functional modules such as the data switching module, main control module, FSUA, Compact Flash (CF) module, and system monitoring module. The SRU can be expanded to provide the clock module. As the core of system control and management and data switching, the SRU switches data, and controls and monitors the system. The main control units of the SRU work in 1+1 backup mode. The data switching units can work in either 1+1 load balancing mode or 1:1 backup mode. The SRU of the S9300 performs the following functions:
l l l l

Forwards data on the data plane. Processes protocols including STP, MPLS, and various routing protocols. Monitors components. Manages the system and monitors system performance according to the user's instruction, and provides feedback on the running status of the system for users.

Table 2-1 SRU Name SRUA SRUB Note Provides 1 Tbit/s service switching capability. Provides 2 Tbit/s service switching capability.

2.2.3 MCU
The MCU is applicable only to the S9303. The MCU integrates the main control module, CF module, system monitoring module and clock module.

2-10

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

2 System Architecture

The MCU of the S9300 performs the following functions:


l l

Processes protocols including STP, MPLS, and various routing protocols. Monitors components, collects running data of each component periodically, and generates control information based on the running status of the components, for example, checking whether the boards are available and controlling the running of the switching fabric. Manages the system and monitors system performance according to the user's instruction, and provides feedback on the running status of the system for users.

2.2.4 CMU
The CMU monitors and manages the follow devices:
l l l

power modules fan modules PoE modules

These help monitor and manage the system and facilitates energy saving and emission reduction.

2.2.5 LPU
The LPUs are used to process packets and they provide service interfaces. Table 2-2 lists the LPUs supported by the S9300. Table 2-2 Ethernet LPUs Name 48-port 100M Ethernet optical LPU (EA, SFP) -32K MAC 48-port 100M Ethernet optical LPU (EC, SFP) -128K MAC 48-port 100M Ethernet electrical LPU (EA, RJ45) -32K MAC 48-port 100M Ethernet electrical LPU (EC, RJ45) -128K MAC 48-port 100M/1000M Ethernet optical LPU (EA, SFP) -32K MAC 48-port 100M/1000M Ethernet optical LPU (EC, SFP) -128K MAC 48-port 100M/1000M Ethernet optical LPU (ED, SFP) -512K MAC 48-port 100M/1000M Ethernet optical LPU (EA, RJ45) -32K MAC Short Name F48SA Remarks Not support:
l

synchronization Ethernet

F48SC

Not support:
l

synchronization Ethernet

F48TA

Not support: l synchronization Ethernet Not support: l synchronization Ethernet Not support:
l

F48TC

G48SA

synchronization Ethernet

G48SC

Not support:
l

synchronization Ethernet

G48SD

Not support: l synchronization Ethernet Not support:


l

G48TA

synchronization Ethernet

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-11

2 System Architecture

Quidway S9300 Terabit Routing Switch Product Description

Name 48-port 100M/1000M Ethernet optical LPU (EC, RJ45) -128K MAC 48-port 100M/1000M Ethernet optical LPU (ED, RJ45) -512K MAC 48-port 100M/1000M Ethernet PoE electrical LPU (EA, RJ45, POE) -32K MAC 4-port 10GE optical LPU (EA, XFP) -32K MAC 4-port 10GE optical LPU (EC, XFP) -128K MAC 2-port 10GE optical LPU (EA, XFP) -32K MAC 2-port 10GE optical LPU (EC, XFP) -128K MAC 24-port 100M/1000M Ethernet optical LPU (SA, SFP) -32K MAC

Short Name G48TC

Remarks Not support:


l

synchronization Ethernet

G48TD

Not support:
l

synchronization Ethernet

G48VA

Not support:
l

synchronization Ethernet

X4UXA

Not support:
l

synchronization Ethernet

X4UXC

Not support:
l

synchronization Ethernet

X2UXA

Not support: l synchronization Ethernet Not support:


l

X2UXC

synchronization Ethernet

G24SA

Not support :
l l l l l l

synchronization Ethernet MPLS VPN Netstream IP Session VLAN stacking based on VLAN priorities VLAN mapping based on VLAN priorities VLAN mapping of double tags N:1 VLAN mapping Adding double VLAN tags to untagged packets VLAN switching Sub-interface Priority mapping (DiffServ) IPv4 over IPv6 tunnel IPv6 over IPv4 tunnel

l l l

l l l l l

24-port 100M/1000M Ethernet optical LPU (EC, SFP) -128K MAC

G24SC

Not support:
l

synchronization Ethernet

2-12

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

2 System Architecture

Name 24-port 100M/1000M Ethernet optical LPU (ED, SFP) -512K MAC 24-port 100M/1000M Ethernet optical + Combo electrical LPU (SA, SFP/RJ45) -32K MAC

Short Name G24SD

Remarks Not support:


l

synchronization Ethernet

G24CA

Not support :
l l l l l l

synchronization Ethernet MPLS VPN Netstream IP Session VLAN stacking based on VLAN priorities VLAN mapping based on VLAN priorities VLAN mapping of double tags N:1 VLAN mapping Adding double VLAN tags to untagged packets VLAN switching Sub-interface Priority mapping (DiffServ) IPv4 over IPv6 tunnel IPv6 over IPv4 tunnel

l l l

l l l l l

12-port GE optical LPU (SA, SFP+) -32K MAC

X12SA

Not support :
l l l l l l

synchronization Ethernet MPLS VPN Netstream IP Session VLAN stacking based on VLAN priorities VLAN mapping based on VLAN priorities N:1 VLAN mapping Adding double VLAN tags to untagged packets VLAN switching Sub-interface Priority mapping (DiffServ) IPv4 over IPv6 tunnel IPv6 over IPv4 tunnel

l l

l l l l l

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-13

2 System Architecture

Quidway S9300 Terabit Routing Switch Product Description

Name 24-port 100M/1000M Ethernet electrical and 2-port GE optical LPU (EA, RJ45/XFP) -32K MAC 24-port 100M/1000M Ethernet optical and 2-port GE optical LPU (EA, SFP/XFP) -32K MAC

Short Name T24XA

Remarks Not support:


l

synchronization Ethernet

S24XA

Not support:
l

synchronization Ethernet

The Small Form-Factor Pluggable (SFP), SFP+, and XFP are pluggable optical modules. The LPUs of the S9300 are classified into S-series boards and E-series boards. E-series boards support more functions than S-series boards.
l

The S-series boards include SA boards. For example, 24-port 100M/1000M Ethernet optical LPU (SA, SFP) -32K MAC The E-series boards include EA boards, EC boards, and ED boards. For example, 48-port 100M Ethernet optical LPU (EA, SFP) -32K MAC

2.2.6 FSU
The Flexible Service Unit A (FSUA) of S9306 and S9312 supports the following functions:
l l l l

Hardware-based Ethernet OAM Hardware-based MPLS OAM Hardware-based Bidirectional Forwarding Detection (BFD) Dos attack protection of the Central Processing Unit (CPU) of the SRU
Software-based Ethernet OAM, MPLS OAM, BFD and NQA functions are available in other LPUs.

FSUA is an optional subcard on the SRU of the S9312 and S9306. Users can choose to install the FSUA according to the service requirement. Table 2-3 FSUA Name 20 Gbit/s FSUA Description Provides 20 Gbit/s service switching capability.

2.2.7 Clock Board


Currently, only one type of clock board is available: CKMB. CKMB is a subcard of the main control board of the S9312, S9306, or S9303. It provides the functions of clock synchronization and time synchronization and has Building Integrated Timing Supply System (BITS) interfaces. The CKM consists of the following functional units:
l

Clock synchronization unit, synchronizing the Ethernet clock or Precision Time Protocol (PTP) clock

2-14

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description


l

2 System Architecture

Time synchronization unit, that is the IEEE 1588 functional module

The functions of the CKM are as follows:


l

Providing the 19.44 MHz system clock, sending clock synchronization frames with 8 KB frame headers, and providing external clock signals. The output clock signal complies with the ITU-T G.813 standard. Implementing the IEEE 1588 protocol through the logic to ensure synchronization of time on the network. The time is accurate to 0.1 us, which complies with the 1588v2 protocol.

2.3 Software Architecture


This section describes the relationship between the operating system and software features of the S9300. The S9300 runs on the latest VRP version 5 (VRPv5) to provide software features. VRPv5 consists of the following parts:
l

System service plane It provides the following functions based on the operating system:

Task management Memory management Timer Software loading and patching

This enhances the modular technology to facilitate system upgrade and customization.
l

General control plane It is the core of the VRP data communication platform. It functions as the basis of security and QoS, and provides the following functions:

Link management IP protocol stack Routing protocol processing

It is used to control the data forwarding plane and carry out various functions of the device.
l

Data forwarding plane It forwards data under the control of the general control plane to carry out data transmission. VRPv5 supports data forwarding based on software and hardware.

Service control plane It controls and manages the system based on users or interfaces. It implements the authentication, authorization, and accounting for users through the DHCP Option 82 field. It also implements authentication for access interfaces through IEEE 802.1x.

System management plane It provides user interfaces and manages input/output ports. It is the basis of network management and maintenance.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

2-15

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

3
About This Chapter
3.1 IP Features 3.2 MPLS

Service Features

This section describes the major service functions of the S9300, including IP features,MPLS, MPLS L2VPN, MPLS L3VPN, QoS, Ethernet, Ethernet OAM, NAC,multicast, reliability, LLDP, security, clock and NetStream.

This section describes the IP features supported by the S9300.

This section describes the basics of MPLS, MPLS TE, and MPLS OAM. 3.3 MPLS L2VPN

This section describes the basic of VLL, VPLS, and HVPLS. 3.4 MPLS L3VPN

This section describes the basics of MPLS L3VPN supported by the S9300. 3.5 IP Session

This section describes the IP session feature supported by the S9300. 3.6 QoS

This section describes the basics of QoS supported by the S9300. 3.7 Ethernet

This section describes the basics of VLAN mapping, QinQ, selective QinQ, and BPDU tunnel. 3.8 Ethernet OAM

This section describes the basics of Ethernet OAM. 3.9 NQA

This section describes the basics of NQA supported by the S9300. 3.10 NAC

This section describes the principle of network admission control (NAC).

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-1

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

3.11

Multicast

This section describes the basics of IGMP snooping, multicast flow control, controllable multicast, multicast VLAN, and multicast replication. 3.12 Reliability

This section describes the basics of link aggregation, BFD, and HA at the equipment level. 3.13 LLDP

This section describes the basics of LLDP. 3.14 Security

This section describes the security measures for devices and services. 3.15 Clock

This section describes the clock synchronization and calibration mechanisms supported by the S9300. 3.16 NetStream

This section describes the NetStream function supported by the S9300.

3.1 IP Features
This section describes the IP features supported by the S9300.
To implement IPv6 functions, apply for and purchase the license from Huawei local office.

3.1.1 3.1.2 3.1.3 3.1.4

IPv4/IPv6 Protocol Stack IPv4 Features IPv6 Features IPv4/IPv6 Transition Technologies

3.1.1 IPv4/IPv6 Protocol Stack


The IPv4/IPv6 protocol stack features good interworking and simplicity. Figure 3-1 shows the structure of the IPv4/IPv6 protocol stack.

3-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

Figure 3-1 Structure of the IPv4/IPv6 protocol stack IPv4/IPv6 Application

TCP

UDP

IPv4

IPv6

Link Layer

3.1.2 IPv4 Features


The S9300 supports the following IPv4 features:
l l l l l

TCP/IP protocol stack, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), and ARP Static DNS and specified DNS server FTP server/client and TFTP client DHCP relay agent and DHCP server Ping, tracert, and NQA: NQA can detect the status of ICMP, TCP, UDP, DHCP, FTP, HTTP and SNMP services and test the response time of various services.
To implement NQA functions, apply for and purchase the license from Huawei local office.

IP policy-based routing: specifies the next hop based on the attribute of packets without searching the routing table for the routes.

3.1.3 IPv6 Features


The S9300 supports the following IPv6 features:
l l l l l l

IPv6 Neighbor Discovery (ND) Path MTU Discovery (PMTU) TCP6, ping IPv6, tracert IPv6, socket IPv6, UDP6 and RawIP6 TFTP IPv6 Client IPv6 policy-based routing DHCPv6 snooping and MLDv1 snooping

3.1.4 IPv4/IPv6 Transition Technologies


IPv6 over IPv4 Tunnel
As shown in Figure 3-2, the IPv6 over IPv4 tunnel technology is used for the transition from the IPv4 network to the IPv6 network.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-3

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

Figure 3-2 Schematic diagram of the IPv6 over IPv4 tunnel technology

Dual Stack Device IPv4 ne twork

Dual Stack Device

IPv6 network
IPv 6 host IPv6 Header IPv6 Data

IPv6 over IPv4 Tunnel

IPv6 network
IPv6 host IPv6 Data

IPv6 Header IPv6 Header IPv6 Data

IPv4 Header

The S9300 supports the following IPv6 over IPv4 tunnels:


l

IPv6 manual tunnel The IPv6 manual tunnel is created manually on the routers on the two ends of a tunnel. The source and destination IPv4 addresses need to be statically configured. The tunnel is a permanent link that connects two IPv6 domains through an IPv4 backbone network. It is a fixed channel for two edge routers to communicate with each other and can be used by the isolated IPv6 sites to communicate with each other.

6to4 tunnel The 6to4 tunnel can connect multiple IPv6 isolated sites to the IPv6 network through the IPv4 network. Compared with the manual tunnel, the 6to4 tunnel can be a P2MP connection. The manual tunnel, however, is a P2P connection. The routers where the 6to4 tunnel is set up are not configured in pairs. Similar to the routers on an automatic tunnel, a router on the 6to4 tunnel can search for the other end of the tunnel; however, you do not need to specify the IPv4-compatible IPv6 address for the 6to4 tunnel. The 6to4 tunnel uses a special IPv6 address, that is, 6to4 address.

IPv4 over IPv6 Tunnel


During the later stage of the transition from the IPv4 network to the IPv6 network, a large number of IPv6 networks are deployed; therefore, there may be IPv4 isolated sites. The cost spent on connecting these isolated sites through dedicated lines is very high. You can create a tunnel on the IPv6 network to connect IPv4 isolated sites. This is similar to deploying the VPN on the IP network through the tunnel technology. The tunnel that is used to connect IPv4 isolated sites on the IPv6 network is called an IPv4 over IPv6 tunnel. To set up IPv4 over IPv6 tunnels, the IPv4/IPv6 dual stack needs to be enabled on the routers at the edge of the IPv6 network and the IPv4 network.

3-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

Figure 3-3 Networking diagram of the IPv4 over IPv6 tunnel

Dual Stack Route r IPv6 network IPv4 network IPv4 host IPv4 over IPv6 Tunnel

Dual Stack Router IPv4 network IPv4 host

IPv4 Header IPv4 Payload

IPv6 Header IPv4 Header IPv4 Payload

IPv4 Header IPv6 Payload

6PE
The IPv6 Provider Edge (6PE) router allows the communication between the IPv6 isolated CE routers over the IPv4 network. Figure 3-4 shows the networking diagram of 6PE topology. The ISP can use the IPv4 backbone network to provide services for the IPv6 networks where users are distributed dispersedly. Figure 3-4 6PE topology

IPv4/MPSL Cloud IBGP CE IPv6 Cloud Customer site

CE IPv6 Cloud Customer site

The 6PE router labels IPv6 routing information and floods the information onto the ISP's IPv4 backbone network through Internal Border Gateway Protocol (IBGP) sessions. The IPv6 packets are labeled before entering the tunnels on the backbone network. The tunnels can be MPLS LSPs. The IGP protocol used on the ISP network can be OSPF or IS-IS, and the protocol used between CE routers and 6PE routers can be a static routing protocol, an IGP, or EBGP.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-5

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

If the IPSs want to use the IPv4/MPLS networks to exchange IPv6 traffic, they can just update the PE router. Therefore, using the 6PE feature as an IPv6 transition mechanism is a cost-effective solution for ISPs.

3.2 MPLS
This section describes the basics of MPLS, MPLS TE, and MPLS OAM.
To implement MPLS functions, apply for and purchase the license from Huawei local office.

The S9300 can be used to construct the MPLS network. Services that are external to the MPLS network are forwarded based on the VLAN ID and MAC addresses. On the MPLS network, services are transmitted based on the MPLS labels. This solves the problem regarding the capacity of the VLAN tag and the limit to the amount of MAC table entries. The S9300 can act as the PE device or Provider (P) device on the MPLS network. The S9300 supports multiple MPLS features, including basic MPLS features, the Label Distribution Protocol (LDP) or Resource Reservation Protocol for Traffic Engineering (RSVP-TE), MPLS TE, and MPLS OAM. 3.2.1 3.2.2 3.2.3 Basic MPLS Functions MPLS TE MPLS OAM

3.2.1 Basic MPLS Functions


The S9300 supports the following basic MPLS functions:
l l l l

LDP Static LSP Two-layer MPLS labels Mapping the 802.1p priority to the EXP field of MPLS packets

3.2.2 MPLS TE
The S9300 supports the MPLS Traffic Engineering (TE) function. MPLS TE is a technique that integrates TE with MPLS. Through the MPLS TE, the S9300 can create an LSP tunnel to a specified path and implement re-optimization. MPLS TE also provides protection against link or node failures by using path backup and fast reroute. The S9300 supports the following MPLS TE features:
l l l l l

Supports TE extension based on the IGP protocols including IS-IS and OSPF to collect network information. Supports preemption, route pinning, and re-optimization of CR-LSP. Supports establishment of CR-LSP based on RSVP TE; supports hot standby backup and basic backup functions of the MPLS TE tunnel. Supports the use of the Constraint Shortest Path First (CSPF) algorithm to calculate appropriate path of CR-LSP. This calculates the shorted path to a node through CSPF. Supports establishment of the MPLS TE tunnel and the following features of the tunnel:

3-6

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description


3 Service Features

Loop detection on the MPLS TE tunnel Record of routing and labels Re-establishment of the MPLS TE tunnel Configuration of the tunnel priority

3.2.3 MPLS OAM


The S9300 supports the MPLS OAM mechanism to perform end-to-end fault detection at the tunnel level and perform prompt protection switchover in 50 ms when an LSP link fails. MPLS OAM conforms to the ITU-T Y.1710, Y.1711, and Y.1720 recommendations to realize fast detection of LSP connectivity. The interval for detecting LSP connectivity can be adjusted as required. With the MPLS OAM mechanism, the S9300 can rapidly detect, locate, and report the fault in the MPLS network by using the Connectivity Verification (CV) message and the Fast Failure Detection (FFD) message. When a fault occurs, the S9300 triggers protection switchover by using the Forward Defection Indicator (FDI) message and the Backward Defect Indicator (BDI) message. The S9300 supports 1:1 and N:1 protection switchover of LSPs with an active LSP and a standby LSP. When the active LSP fails, the S9300 can promptly switch services to the standby LSP. This greatly improves the reliability of the MPLS network.

3.3 MPLS L2VPN


This section describes the basic of VLL, VPLS, and HVPLS. The S9300 supports various Virtual Leased Line (VLL) services, VPLS, and hierarchical VPLS (HVPLS). 3.3.1 3.3.2 3.3.3 VLL VPLS HVPLS

3.3.1 VLL
VLL is an emulation of the traditional leased line. By emulating the leased line through the IP network, it provides asymmetric, low cost point-to-point virtual leased line services. VLL is mainly applied to the access layer and convergence layer of the MAN. The S9300 supports the following four modes of VLL:
l

Martini The Martini mode uses double labels. The inner label takes the extended LDP as the signaling protocol to transmit information. The Martini mode conforms to the draft of draft-martini-l2circuit-trans-mpls. The Martini extends LDP by adding the FEC type in the VC FEC to exchange the VC label.

Kompella The Kompella mode uses MP-BGP as the signaling protocol. PEs automatically discover L2VPN nodes during the connection of BGP sessions. The Kompella uses BGP as the signaling protocol to transmit Layer 2 information and VC labels to realize L2VPN in end-to-end (CE to CE) mode on the MPLS network.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-7

3 Service Features
l

Quidway S9300 Terabit Routing Switch Product Description

SVC The setup process of the SVC outer label (public network tunnel) is the same as that of the Martini. The inner label is manually specified during the VC configuration. The transmission signaling of the VC label is not required. The network topology and the packets interaction of the SVC are the same as that of the Martini. Thus, the SVC is a simplified version of the Martini.

CCC In Circuit Cross Connect (CCC), VCs are statically configured, which is similar to SVC. Different from the common MPLS L2VPN, the CCC adopts one label to transmit user data. This label is used for label exchange on each Label Switching Router (LSR). Therefore, the CCC uses the LSP exclusively. Static LSPs must be configured in both directions.

3.3.2 VPLS
Virtual Private LAN Service (VPLS) is used to connect more than one Ethernet LAN segment through the Packet Switched Network (PSN) and make them operate in an environment similar to a LAN. With the VPLS technology, the ISP can establish multipoint-to-multipoint VPN connections between the dispersed users. The dispersed users can be enterprises located in different cities. The S9300 functions as the PE device on the VPLS network. The S9300 transmit VPLS services by establishing through-connection between PEs. The S9300 supports VPLS in the following methods:
l l

Martini Kompella

3.3.3 HVPLS
VPLS through-connection is required between PEs. For multiple nodes or a large geographic area, a large-scale VPLS network is required. This requires that the number of connections established be double the number of PEs. In this case, HVPLS is used to establish a large-scale VPLS network. The S9300 mainly functions as the User Provider Edge (UPE) device on the HVPLS network. It converges services from CE to Network Provider Edge (NPE) or PE-AGG (PE-Aggregation). The S9300 supports HVPLS in Martini mode. On the VPLS or HVPLS network, the S9300 maps services of different types to different Virtual Switch Instances (VSIs). The S9300 then transparently transmits these services to NPE or PE-AGG through the VPLS or HVPLS network.

3.4 MPLS L3VPN


This section describes the basics of MPLS L3VPN supported by the S9300. BGP/MPLS VPN provides Layer 3 VPN services over an MPLS network. MPLS facilitates the implementation of IP-based VPN services and meets the requirements of expansibility and manageability for VPNs. MPLS VPNs provide value-added services. Through configurations, a single access point can be configured with multiple VPNs, each of which identifies a type of

3-8

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

services. This allows different types of services to be transmitted in a flexible manner over networks.

3.5 IP Session
This section describes the IP session feature supported by the S9300. Figure 3-5 Networking diagram of the IP session DHCP Server

Internet

AAA Server

The S9300 can terminate and authenticate IP sessions and assign IP addresses to IP sessions. The STB or VOIP terminal of a family sends a DHCP Request message. Then the S9300 directly assigns an IP address to the terminal or relays the message to the DHCP server requesting an IP address. Before assigning an IP address, the S9300 sends the VLAN (QinQ) information or DHCP Relay Agent information to the AAA server for authenticating the terminal. If the authentication is successful, the S9300 assigns an IP address to the terminal. The S9300 can perform scheduling on the services of different types or encapsulate service traffic into different VPNs, thus separating services.

3.6 QoS
This section describes the basics of QoS supported by the S9300. QoS provides network services with different qualities as required. 3.6.1 3.6.2 3.6.3 3.6.4 3.6.5 3.6.6 Hierarchical Traffic Policing Flow Control Re-marking Queue Scheduling Congestion Avoidance Traffic Shaping

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-9

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

3.6.1 Hierarchical Traffic Policing


The S9300 supports two-level traffic policing, namely, traffic policing based on users and traffic policing based on user groups. It supports the multiplexing of bandwidths of users and user groups. Traffic policing is used to monitor the service traffic that matches the traffic classifier rules on the incoming interface. In this manner, the interface can be adapted to the assigned network resources such as bandwidth. Traffic policing limits the rate of the traffic on the incoming interface. In this manner, the S9300 can monitor the traffic entering a network. If the rate is too high, the S9300 chooses to discard the packets or reset the priorities of the packets. The S9300 supports the two-rate-three-color marker and one-rate-two-color marker. This guarantees granular management of bandwidths.

3.6.2 Flow Control


Flow control is used for congestion management. When a network cannot provide the committed or negotiated performance specifications, such as rate, congestion occurs. In this case, an Ethernet switch sends pause frames to its peer to inform the peer to stop sending data for a while. This helps decrease the volume of traffic on the network. Flow control enabled on a port functions on all the traffic on the port.

3.6.3 Re-marking
With re-marking, the S9300 applies parameters about services to the packets that match certain ACL rules. Re-marking is implemented as follows:
l l l l

The S9300 applies parameters about services provided by itself to the packets. The S9300 applies parameters about services drawn upon the mapping table according to the Differentiated Services Code Point (DSCP) of the packets. The S9300 applies parameters about services drawn upon the mapping table according to the DSCP defined by users. Users assign parameters about services to the packets.

3.6.4 Queue Scheduling


When an Ethernet switch forwards multiple packets, these packets may compete for resources. Queue scheduling is thus introduced to address this problem. The S9300 supports the following queue scheduling algorithms:
l l l l l

Strict Priority (SP) Weighted Round Robin (WRR) SP + WRR Deficit Round Robin (DRR) SP + DRR

Outgoing packets on the ports of the Ethernet switch are forwarded in different manners as defined in the preceding algorithms.

3-10

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

3.6.5 Congestion Avoidance


When congestion occurs, a switch immediately discards certain packets to release resources of queues. The switch also schedules the packets into queues other than those with long delay. This helps to remove the congestion. The S9300 supports the Weighted Random Early Detection (WRED) algorithm. WRED monitors packets in each queue and compares the length of the queue with the low threshold for dropping packets. Based on the result, the S9300 processes the packets in queues in the following ways when congestion occurs.
l l l

When a queue is shorter than the minimum threshold, the device does not discard packets. When the length of a queue is between the low threshold and the high threshold, WRED begins to discard packets randomly. When a queue is longer than the high threshold, the device discards all incoming packets.

3.6.6 Traffic Shaping


With traffic shaping, the transmission rate of outgoing packets are controlled and packets are transmitted at an even rate. Traffic shaping is applied to the downstream traffic to make its transmission rate the same as that provided by the downstream devices. This prevents the discarding of packets and traffic congestion. The difference between traffic shaping and traffic policing lies in that traffic shaping is used to buffer packets that exceed the set rate limit and then transmit the packets at an even rate; traffic policing is used to discard packets that exceed the set rate limit. In traffic shaping, packets are delayed for transmission. In traffic policing, however, no delay is added for packets. The S9300 supports traffic shaping based on interfaces and class of service (CoS), that is, shapes the traffic of all interfaces and CoSs. The two types of traffic shaping can be carried out through different parameters.

3.7 Ethernet
This section describes the basics of VLAN mapping, QinQ, selective QinQ, and BPDU tunnel. 3.7.1 3.7.2 3.7.3 VLAN Mapping Selective QinQ BPDU Tunnel

3.7.1 VLAN Mapping


VLAN mapping refers to the setting up of a mapping table on the S9300 to realize the mapping between the customer VLAN and the service VLAN. One or multiple customer VLAN IDs can be mapped to a service VLAN ID.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-11

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

Customer VLAN (C-VLAN) is the VLAN of the port at the user side. It is of local significance and used to identify a user or a class of users. Service VLAN (S-VLAN) is designated by the ISP at the network side. It is of global significance and used to identify a type of service.

The S9300 supports VLAN mapping between single VLAN tags in the following ways, given that the port on the user side is specified:
l

1:1 VLAN mapping It is the mapping between one C-VLAN tag and one S-VLAN tag. N:1 VLAN mapping It is the mapping between multiple C-VLAN tags to one S-VLAN tag.

The S9300 also supports VLAN mapping between double VLAN tags.
l

2:2 VLAN mapping The S9300 can map the double VLAN tags of packets from the user side to the double VLAN tags of packets from the network side. The S9300 can also switch the outer and inner VLAN tags of a packet.

2:1 VLAN mapping The S9300 can map the double VLAN tags of packets from the user side to a single VLAN tag of packets from the network side. In addition, the S9300 supports the CoS-based VLAN mapping. It can map multiple customer-VLAN (C-VLAN) tags to the same service-VLAN (S-VLAN) tag according to the CoS or add a VLAN tag to a packet.

3.7.2 Selective QinQ


The S9300 supports the selective QinQ technique. Selective QinQ expands the space of VLAN tags. It enables the S9300 to flexibly select outer S-VLAN tag based on the C-VLAN tag of the received packets. In this case, various user services can travel along different paths. This facilitates deployment of services. The selective QinQ feature can be applied to the incoming and the outgoing interfaces. This makes the networking more flexible. The S9300 supports the selective QinQ feature in the following ways:
l l

On the port, the S9300 adds a different outer S-VLAN tag based on the VLAN ID of the C-VLAN tag of the packets. On the port, the S9300 changes an inner VLAN tag based on the VLAN ID of the C-VLAN tag of the packets. The S9300 then adds a different outer S-VLAN tag.

The port enabled with QinQ learns the MAC address based on the outer VLAN tag of packets, and forwards the upstream packets and downstream packets based on the destination MAC address of packets. The S9300 provides powerful hardware, which implements selective QinQ through traffic classification based on ACLs. In this case, the S9300 can flexibly add S-VLAN tags or modify C-VLAN tags.

3.7.3 BPDU Tunnel


Bridge Protocol Data Unit(BPDU) tunnel is a Layer 2 tunnel technology. With BPDU tunnel enabled, the BPDUs are transparently transmitted from the customer network through the VLAN VPN specified by the ISP network. In this way, all devices in the customer network

3-12

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

can calculate the spanning tree. The customer network and ISP network have spanning trees that are independent of each other. Thus the convergence speed is improved. With BPDU tunnel enabled, the S9300 considers the tagged BPDUs as ordinary frames. Thus, the BPDUs are forwarded within the specified VLAN; or the BPDUs are encapsulated to be MPLS packets and then forwarded within the MPLS network without being dealt with as the BPDUs.

3.8 Ethernet OAM


This section describes the basics of Ethernet OAM. The Ethernet OAM functions of the S9300 include fault management and performance management. 3.8.1 3.8.2 3.8.3 Point-to-Point Fault Management for Ethernet End-to-End Fault Management for Ethernet Ethernet Performance Management

3.8.1 Point-to-Point Fault Management for Ethernet


Fault management means that the S9300 detects the network connectivity by sending detection packets, which is similar to Bidirectional Forwarding Detection (BFD). The user can set the interval for sending the detection packets or configure the S9300 to send the detection packets at specified time points. In addition, the S9300 provides the fault location methods on the Ethernet, which is similar to the ping or TraceRoute operations on the IP network. With the fault management function, the S9300 can trigger protection switchover, and thus the interrupted service can be restored within 50ms. IEEE 802.3 ah is introduced by the EFMA. IEEE 802.3 ah includes:
l l l l

Capability discovery Link performance monitoring Fault detection and alarm Loopback test

In addition, 802.3ah can detect the faults on the direct Ethernet links, especially the user links. 802.3ah is a slow protocol, which sends the detection packet every 1 second. Conforming to IEEE 802.3ah, the S9300 supports the point-to-point Ethernet fault management. It can detect faults in the last mile of the direct link on the user side of the Ethernet. By now, the S9300 supports the following functions defined in IEEE 802.3ah:
l l l l

OAM discovery Link monitoring Remote fault notification Remote loopback

3.8.2 End-to-End Fault Management for Ethernet


IEEE 802.1ag defines the end-to-end Ethernet OAM, which is widely used. 802.1ag is applied to the bridge, which is aware of VLANs, on the virtual bridging network to provide the fault

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-13

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

detection, verification, and isolation functions. 802.1ag can detect a fault within 50 ms. The S9300 triggers protective switchover with the fault management mechanism. Service interruption is within 50 ms. 802.1ag provides the following fault management functions to ensure the packet forwarding:
l l l l

Fault detection function, that is, continuity check (CC) function. Fault verification function, that is, loopback test function. Fault location and isolation, that is, Traceroute function. Fault notification and alarm suppression function, that is, alarm indication signal (AIS) function and remote defect indicator (RDI) function. In the current, S9300 does not support AIS.

Hierarchical Maintenance Domain


Conforming to IEEE 802.1ag, the S9300 provides the end-to-end fault management for Ethernet. IEEE 802.1ag is used to test the end-to-end Ethernet connectivity and locate faults. It provides different levels of management domains. OAM messages with low level are not forwarded to the management domain with high level. This guarantees security and maintainability of networks. According to IEEE 802.1ag, the network that bears the Ethernet OAM mechanism is divided into different Maintenance Domains (MDs). An MD is an interconnected Ethernet network maintained by the same administrator. Multiple Service Instances (SIs) can be applied on an MD. An SI corresponds to a VALN. An SI consists of multiple devices. The border port on the SI is called the Maintenance association End Point (MEP); all the other ports are called the Maintenance association Internal Point (MIP). An MIP is responsible for connecting different MEPs. MEPs and MIPs together are called the Maintenance Points (MPs). All the MEPs in an SI form a Maintenance Association (MA), in which fault detection is carried out. Part of the network in an MD might be maintained by another administrator, namely, MD might be nested. The MD level is used to differentiate different levels of OAM that can be carried out in an MA. The MD level is carried in the OAM message. The OAM message with low level is discarded in the high-level MP.

End-to-End Fault Detection and Location


The ISP and Internet Context Provider (ICP) have gradually used fault detection to guarantee QoS and reduce maintenance expense. Fault detection is realized by sending and detecting the Continuity Check (CC) message at scheduled time. The S9300 supports the tools of MAC Ping and MAC Trace by using the loopback (LB) and link trace (LT) packet defined in IEEE 802.1ag to locate faults.
l

MAC ping MAC ping realized by the LB message is used to test whether a device on the network is reachable. It acquires network state and the delay parameter. To carry out MAC ping between any two devices on the network, the S9300 needs to meet the following requirements:

The originating point is an MEP. The two points are MPs belonging to a same MA. The two points are reachable.

3-14

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description


l

3 Service Features

MAC trace MAC trace utilizes the LT message to test the transmission paths of messages and the link break point between the two devices. The requirements for MAC ping also apply to MAC trace.

3.8.3 Ethernet Performance Management


Conforming to ITU-T Y.1731 recommendations, the S9300 supports the Ethernet performance management. The S9300 can measure the delay, jitter and packet loss ratio in transmission. To achieve that, the S9300 inserts the timestamp in the LB message defined in IEEE 802.1ag. In this way, the S9300 can carry out performance detection for specified time period and specified network segment to measure the performance parameters of an end-to-end traffic. The S9300 can measure the performance parameter at scheduled time. The performance parameter and the network management information together output report. By using the performance management tools, the ISP can monitor the network status in real time through the NMS. The ISP checks whether the forwarding capacity of the network complies with the Service Level Agreement (SLA) signed. Then, faults can be swiftly located. The ISP need not to carry out detection on the user side. This greatly decreases the maintenance expense.

3.9 NQA
This section describes the basics of NQA supported by the S9300. The S9300 provides the NQA function. NQA measures and diagnoses network performance by sending a specified number of packets between multiple sites. In addition, NQA collects the statistics about network performance such as the jitter, delay, and packet loss ratio. NQA defines the two test ends as the client and the server. An NQA test is initiated by the client. After the test is configured on the client through command lines or after the configurations of the operation are sent by the NMS, NQA places the tests into test queues based on test types. Table 3-1 List of NQA diagnosis tools provided by S9300 Network Diagnosis Tool ICMP ping/traceroute tests Basic Principle ICMP ping is implemented by transmitting ICMP Echo packets between gateway addresses. ICMP traceroute can find out the network gateway on the forwarding path through the TTL timeout messages until the TTL is 0. LSP ping/traceroute tests LSP ping is implemented by transmitting MPLS Echo Request packets and MPLS Echo Reply packets to test the connectivity of an LSP. LSP traceroute can locate the faulty node on the LSP by sending MPLS Echo Request packets with TTL increasing by 1 each time.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-15

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

Network Diagnosis Tool Virtual Circuit Connectivity Verification (VCCV) ping tests MAC ping and MAC trace defined in Ethernet OAM tests

Basic Principle VCCV ping is implemented through the extended LSP ping. MAC ping is implemented by transmitting Loopback (LB) messages defined in IEEE 802.1ag. MAC trace is implemented by transmitting Link Trace (LT) messages defined in IEEE 802.1ag. Through the DHCP test, you can get the time taken by the client to obtain its IP address from the DHCP server. After the test is complete, the leased IP address is released. In the DHCP test, you need to configure the source interface that sends the discovery packet to the NQA server. FTP tests are performed to obtain the time taken for the FTP client to set up a connection with the FTP server and the time spent on packet transmission. To set up the connection with the FTP server, you must first enter the IP address, user name, and password on the FTP client. In FTP tests, you can perform the Put operation on a specified file and specify the file size. In the Get operation, the time for downloading the file is recorded, whereas in the Put operation, the time for uploading the file is recorded. HTTP tests have two request modes: Get and Post. Users can choose either of them. After entering a domain name, the HTTP client must perform the following: Send a DNS packet to the resolver for resolving the domain name into an IP address. Record the time for receiving a response packet from the resolver. Set up an HTTP connection with the HTTP server through "three-handshake"; record the time for setting up the connection. Send a Get or Post packet to the HTTP server. Receive a response packet and record the time. HTTP packets transmission then is complete. The response time during different phases of setting up an HTTP connection is then collected. This is helpful in locating the cause for the delayed response to the HTTP request.
NOTE You can also obtain the time taken for the HTTP client to set up a connection with the HTTP server and the time of packet transmission by directly entering the IP address of the HTTP server.

DHCP Tests

FTP tests

HTTP tests

3-16

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

Network Diagnosis Tool DNS tests

Basic Principle DNS tests are used to check whether the client can set up a DNS connection with the DNS server and collect the time taken to respond to a DNS request packet. In DNS tests, domain names are resolved into IP addresses. In addition, the time taken to set up a DNS connection and return the response packet is recorded. In TCP tests, you must configure the TCP service on the NQA server. The client then originates a test to the specified IP address and port of the server. This test is used to collect the time taken to set up a TCP connection. In UDP tests, you must configure the UDP service on the NQA server. The client then initiates a test to the specified IP address and port of the server. If the filling character is not configured on the client, the system then generates a packet with the smallest packet size, by default. UDP tests are used to collect the RTT of UDP packets. In SNMP tests, SNMPv1, SNMPv2c, and SNMPv3 packets are sent to the SNMP agent simultaneously to query the status of the managed device. The agent returns an SNMP response packet of a certain version. That is, if SNMPv1 is enabled on the agent, an SNMPv1 response packet is returned. You can calculate the interval from the time a query packet is sent to the time a response packet is received, based on the timestamp carried in the packets. In Jitter tests, the sender periodically sends packets to the remote end, with every packet being marked with a timestamp. After receiving a packet, the remote end also marks the packet with a timestamp based on the local system time and returns the packet to the sender. The sender then calculates the jitter time based on the timestamp carried in the received packet. Jitter tests support the sending of a maximum of 3000 packets continuously to simulate voice traffic. You can adjust the number of packets to be sent through Licenses. The MPing test uses standard ICMP messages. A querier (an S9300 that performs MPing) generates an ICMP Echo Request message. This message is encapsulated in an IP packet with the destination address being a multicast address (a reserved group address or a common group address). In this manner, the querier can check the members of the reserved group on the specified network segment or test the performance of multicast services over the network.

TCP tests

UDP tests

SNMP Tests

Jitter tests

MPing tests

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-17

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

Network Diagnosis Tool MTrace tests

Basic Principle The MTrace test uses standard IGMP messages. A querier (an S9300 that performs MTrace) generates an ICMP Echo Request message. This message is encapsulated in an IP packet. In this manner, the querier can trace the RPF path or the multicast path. MTrace is often used to maintain multicast services and locate faults. The source end sends an MPLS Echo Request message and forwards the packet through a PW. When the packet reaches the outbound interface, the egress of the MPLS domain returns an MPLS Echo Reply message. If the source end receives the MPLS Echo Reply message, it considers that the PW can be used for data forwarding; otherwise, it considers the PW to be unavailable. In PWE3 Trace, MPLS Echo Request messages are sent continuously with the carried TTL value increased by 1. The first sent packet carries the TTL 1. Each node along the LSP returns an MPLS Echo Reply message because the TTL of the received packet times out. In this manner, the egress can collect information about each node along the PW and find the failed node. NQA creates an MPLS Echo Request packet and adds the network address 127.0.0.0/8 to the IP header as the destination IP address. The packet is forwarded along the specified LSP within the MPLS network. The egress monitors port 3503 that sends Echo packets. The LSP Jitter test can test the reachability of LSPs. With the information received by the source, the maximum jitter time from the source to the destination, maximum jitter time from the destination to the source, minimum jitter time, and average jitter time are calculated. The network conditions can be well reflected in the calculated results. A maximum of 1000 LSP ping test instances can concurrently run. After the number of ping test instances reaches the upper limit, a new test instance will be delayed.

PWE3 Ping tests

PWE3 Trace tests

LSP Jitter Tests

3.10 NAC
This section describes the principle of network admission control (NAC). The NAC concept is introduced to protect the enterprise intranets against the attacks of emerging hacker technologies such as new viruses and worms. By using the NAC function, the S9300 can allow only the authorized or trusted devices to access the network, for example, personal computers, servers, and PDAs. The main components of NAC are as follows:

3-18

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description


l l l l l

3 Service Features

Agent program installed on the terminal Network access device Policy server or AAA server Anti-virus server Management system

When functioning as a network access device, the S9300 provides the following functions:
l l l

802.1X access, including port mode and MAC mode Portal access Relay authentication in which the S9300 obtains user entries through DHCP snooping

In addition, the NAC function is applicable to the following special scenarios:


l l

Best-effort: Users can access the network when the RADIUS server is Down. Privileged users and devices without agent, such as printer and IP phone

Figure 3-6 Main components and networking of NAC

SA SA: Secospace Agent SM: Secospace Management SC: Secospace controller SRS: Secospace repair server SACG: Security acess control gateway

Internet Enterprise external VPN Gateway network Enterprise intranet

SA

SACG

Core information

Authentication domain 1

SA SRS SM SC Common information Authentication domain 2

Pre-authentication domain

Third-party anti-virus server Third-party domain management server Third-party patch server

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-19

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

3.11 Multicast
This section describes the basics of IGMP snooping, multicast flow control, controllable multicast, multicast VLAN, and multicast replication. The S9300 supports rich multicast features including IGMP snooping, IGMP proxy, static multicast, multicast across VLANs, and multicast replication. The S9300 also provides strong multicast duplication capacity and the deployment of multicast services on the VPLS network. 3.11.1 3.11.2 3.11.3 3.11.4 Multicast Routing Protocol IGMP Snooping Static Multicast Multicast VLAN and Multicast Replication

3.11.1 Multicast Routing Protocol


The S9300 supports the following multicast routing protocols:
l

Internet Group Management Protocol (IGMP), Protocol Independent Multicast-Dense Mode (PIM-DM), Protocol Independent Multicast-Sparse Mode (PIM-SM), Multicast Source Discovery Protocol (MSDP), and Multi-protocol Border Gateway Protocol (MBGP). PIM-SSM: When a multicast source is specified, a host can directly join the multicast source, without registering with the Rendezvous Point (RP). Anycast RP: Multiple RPs can exist in a domain and they are configured as MSDP peers. A multicast source can register with the nearest RP, and the receiver can also choose the nearest RP and join the shared tree of the RP. When an RP expires, the multicast source and receiver registered on this RP choose another near RP to register and join. Thus loads are shared on the RPs. IPv6 multicast routing protocols: PIM-IPv6-DM, PIM-IPv6-SM, and PIM-IPv6-SSM. Multicast Listener Discovery (MLD): MLD is used to set up and maintain the member relationship of groups between hosts and their directly connected multicast routers. The functions and implementation of MLD are the same as those of the IGMP. MLD has the follow versions:

l l

l l

MLDv1 MLDv1 is defined in RFC 2710 and derived from IGMPv2. MLDv1 supports the Any-Source Multicast (ASM) model. With the help of SSM mapping, MLDv1 can support the Source-Specific Multicast (SSM) model.

MLDv2 MLDv2 is defined in RFC 3810 and derived from IGMPv3. MLDv2 supports the ASM and SSM models.

When the multicast routing module receives, imports, and advertises multicast routes, the S9300 can filter the routes based on routing policies. When forwarding IP multicast packets, the S9300 can filter and forward the packets based on policies.

3.11.2 IGMP Snooping


Located between the host and the multicast router, the S9300 can statically configure the multicast forwarding entries. In addition, the S9300 maintains the multicast group and the

3-20

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

mapping of VLAN ID and outbound ports by listening to the passing IGMP messages. The S9300 dynamically sets up a Layer 2 forwarding table for multicast packets. When the S9300 receives a multicast packet, it forwards the packet to only the VLAN members of that multicast group. Based on the Layer 2 forwarding table, the packet is multicast in the VLAN. This reduces the number of packets transmitted over the network to save network bandwidth, and improves the security of information. The IGMP snooping function can also be enabled on the VPLS network.

Prompt Leaving of Ports


When a port of the S9300 is attached with only one host, the S9300 directly deletes the corresponding multicast forwarding entry of that port as long as it receives an IGMP Leave message from the host through that port. After that, the S9300 does not forward IGMP Query messages to that port. This saves bandwidth and system resources and realizes prompt switchover of services.

Multicast Querier
On the Layer 2 network, the S9300 can function as the querier to realize the multicast function in the following ways:
l l l

Runs queries. Terminates the IGMP packets. Establishes the multicast forwarding table on the Layer 2 network.

The querier can be configured based on VLAN. When querier is enabled in the VLAN, the multicast querier of the S9300 performs the following functions:
l l l l

Terminates the Report packet from the IGMP of the user, and then establishes the multicast forwarding entry based on the Report packet. Terminates the Query packet from the IGMP of the router, and then sends the query packet. Broadcasts the Protocol Independent Multicast (PIM) packet in the VLAN. Terminates the Leave packet from the IGMP of the user. When the user sends a Leave packet, the querier sends a specific group Query packet to confirm it.

Multicast Packet Repression


If the S9300 receives the Report packet or Leave packet from the users within a short period of time, the S9300 checks whether the same Report packet or Leave packet is received in the repression period. The S9300 then determines whether to send the packets to the router. This reduces the number of IGMP packets to be dealt with by the router.

Controllable Multicast
The S9300 can control the access of VLAN or VPLS VSI users to a multicast group by configuring ACL. This implements the controllable multicast communication.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-21

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

3.11.3 Static Multicast


A user host receives the multicast traffic through a DSLAM. For example, the Set Top Box (STB) receives the video programs from the Broadband Television (BTV). The S9300 can be deployed between multiple DSLAMs and the upstream multicast router. IGMP is not enabled for some VLANs on the S9300. The S9300 sets up the multicast member relationship statically and sets up multicast forwarding entries for those VLANs as required. Each DSLAM supports the controllable multicast to directly control the addition, deletion, and switching of channels from the STB. The S9300 is not involved in the transmission of IGMP packets. In this way, the delay of images and voices generated when users switch channels is greatly shortened.

3.11.4 Multicast VLAN and Multicast Replication


Multicast VLAN is used to converge and forward the multicast packets of different VLANs. The users join the multicast VLAN when they need multicast packets. Multicast VLAN copies the multicast packets to different user VLANs. This realizes the multicast duplication function across VLANs. The S9300 can copy up to 127 copies of multicast packets of different VLANs to a port. The S9300 forwards multicast packets through the multicast VLAN, and copies the packets based on the multicast entries. The S9300 then sends these packets to the VLANs of different users. Using the multicast VLAN technique, the S9300 can converge the multicast packets in the entire user VLANs to one or several VLANs. The multicast across VLAN technique enables the S9300 to send unicast packets and multicast packets in different VLANs. This helps to manage and control the multicast traffic and to save the bandwidth resource.

3.12 Reliability
This section describes the basics of link aggregation, BFD, and HA at the equipment level. 3.12.1 3.12.2 3.12.3 3.12.4 3.12.5 3.12.6 3.12.7 Link Aggregation DLDP RRPP and the Multi-Instance Technology Smart Link and the Multi-Instance Technology BFD LSP Protection Switchover High Availability at the Equipment Level

3.12.1 Link Aggregation


The S9300 can bind multiple ports into an Eth-Trunk interface manually. The S9300 also supports link aggregation in static mode. That is, the administrator sets up the aggregation group and adds member link, and the Link Aggregation Control Protocol (LACP) maintains the aggregated link.

3-22

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

When one of the links fails, traffic is balanced among the other links without interruption. The S9300 supports the aggregation of links on different LPUs, which improves the reliability of services.

3.12.2 DLDP
The S9300 supports the Device Link Detection Protocol (DLDP). DLDP monitors the link status of optical fibers or copper twisted-pair cables. If a unidirectional link exists, DLDP automatically shuts down or notifies users to manually shut down the port on the unidirectional link as required. This prevents network faults.

3.12.3 RRPP and the Multi-Instance Technology


To reduce convergence time and remove the impact of network scales on the convergence time, Huawei develops the Rapid Ring Protection Protocol (RRPP) that is a data link layer protocol exclusively used in Ethernet ring networks. When an Ethernet ring network is complete, RRPP can prevent broadcast storms caused by data loops. When a link is disconnected, RRPP helps to quickly enable the standby link and then recover the communications between nodes on the ring network. Compared with other Ethernet ring technologies, RRPP boasts of the following features:
l l l l

Convergence time is less than 50 milliseconds (ms). Convergence time bears no relation to the number of nodes on a ring network. Thus, RRPP can be applied to a network with a great diameter. RRPP can prevent broadcast storms caused by loops when an Ethernet ring network is complete. On an Ethernet ring network, when a link is torn down, a backup link immediately starts to resume the normal communications between nodes.

On intersectant RRPP rings, when the topology of a ring changes, topology flapping by no means occurs on other rings. Instead, data transmission can be better guaranteed. The RRPP multi-instance technology applies to ring Ethernet networks. Different RRPP instances are arranged for different C-VLANs to carry out independent calculation and convergence of topologies. In addition, the multi-instance technology optimizes the network and simplifies configurations in complex topologies with multiple intersectant rings or multiple rings in multiple domains.

3.12.4 Smart Link and the Multi-Instance Technology


The dual-homing networking is one of the most commonly used networking. In most cases, STP is enabled to implement the backup of links. STP, however, cannot satisfy users that require quick convergence. Thus, Smart Link is introduced to provide link backup and fast switching of traffic between the active and standby links. This meets the requirements of users for fast convergence of links. In a dual-homing network, when the active link fails, the device automatically switches traffic to the standby link. In this manner, the redundant link is blocked and backup of links is implemented. The features of Smart Link are as follows:
l l

It is dedicated to dual-homing networks. The convergence time can reach sub-seconds.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-23

3 Service Features
l

Quidway S9300 Terabit Routing Switch Product Description

It is easy to configure and operate.

Multiple Smart Link groups can be configured on an interface to protect different VLANs. This is the Smart Link multi-instance technology. The forwarding status of the interface in the protection VLAN is determined by the status of the Smart Link group to which the interface belongs. To transmit traffic from different VLANs along different forwarding paths, and thus implement load balancing, you must ensure the following:
l l

An interface is added to different Smart Link groups whose protection VLANs are different. The forwarding status of the interface is different in different Smart Link groups.

3.12.5 BFD
The S9300 supports the BFD mechanism to implement fast detection and monitor the connectivity of links. BFD realizes fast detection of link failures by using the "Hello" protocol. Detection packets are transmitted periodically from both ends of a bidirectional link. If the S9300 fails to receive the detection packets from the peer end in a certain period of time, it indicates that certain segment of the bidirectional link fails. BFD then triggers the switchover mechanism to ensure the reliability of the network. BFD supports failure detection in milliseconds. BFD also supports asynchronous detection. The S9300 supports the following BFD detection methods:
l l l l

Detection of links Detection of the connectivity of IP routing Detection of the connectivity of an LSP, a CR-LSP, and an MPLS TE protection group BFD detection on the VPLS network It also processes the diagnosis packet that manages the switchover of VPLS and performs the switchover.

The S9300 supports the association among BFD, 802.3ad, and 802.1ag to achieve end-to-end OAM.

3.12.6 LSP Protection Switchover


The S9300 supports MPLS OAM and fast detection of LSP faults. A standby LSP can be set for the active LSP to realize 1+1 backup of LSPs. When the active LSP fails, services can be fast switched to the standby LSP. This greatly improves the reliability of the network.

3.12.7 High Availability at the Equipment Level


Hot Backup
The S9300 supports hot backup of its key components including the SRU/MCU, power modules, and fan modules.
l

SRU/MCU The S9300 can be installed with two SRUs/MCUs that run in 1+1 backup mode. The two SRUs/MCUs in 1+1 backup mode support two types of protection switchover:

Automatic protection switchover

3-24

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

It is triggered by the system upon a serious fault or resetting of the active SRU/MCU.

Forcible protection switchover It is triggered by commands through the console port. You can also prevent the active/standby switchover of the SRUs/MCUs by using commands through the console port.

After the active/standby switchover is performed, the standby SRU/MCU immediately takes over the entire services. This ensures continuity of services and availability of the system.
l

Power modules The S9300 can be configured with 4 AC power modules or 4 DC power modules. The power modules work in redundancy backup mode. The power modules provide power for the S9300 when they are correctly installed and powered on. When one of the power modules fails, the other one immediately takes over the services without interruption. The PoE function supports only the AC power modules. The S9303 does not support the backup of PoE power modules. The S9306 and the S9312 support the PoE power modules working in M+N mode.

Fan modules Each fan frame of the S9300 provides two layers of fan frames to carry out backup for the system. When any of the fan frames fails, the other fan frame still ensures that the ambient temperature is not higher than 45C. To ensure that the ambient temperature is not higher than 40C, a single fan frame can normally work for only 96 hours. When a fan fails, the system generates an alarm message.

Hot Swap
The SRU, MCU, LPU, CMU, power modules, and fan frames of the S9300 are hot swappable.

FSUA is not hot swappable.


l

Hot swap of the SRU/MCU If the S9300 is installed with two SRUs/MCUs that work in 1+1 backup mode, hot swap of the standby SRU/MCU does not interrupt services. Hot swap of the active SRU/MCU, however, implements fast switchover of services to the standby SRU/MCU. The data switching units can work in 1:1 load balancing mode. In this mode, the data switching capability is reduced by half when the SRU is hot swapped.

l l

Hot swap of the LPU Hot swap of power modules When the S9300 is installed with four power modules that run normally, hot swap of one or two of them does not interrupt services.

Hot swap of fan frames Hot swap of fan frames does not affect services of the S9300. Hot swap of the air filter

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-25

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

The air filter is not powered and is swappable as required. It is convenient for routine cleaning.

Inter-SIC Eth-Trunk
Multiple Ethernet ports, either on the same SIC or different SICs, of the S9300 can be bound to a logical Eth-Trunk interface. This realizes backup between ports and load balancing of traffic. When one member port in the Eth-Trunk interface fails, the services on that port are automatically carried by other ports in the Eth-Trunk interface. In this case, the Eth-Trunk interface can still handle services normally. Therefore, service transmission is not affected. Because the bound ports belong to different SICs, inter-SIC Eth-Trunk reduces the impact of one SIC fault and removes the single-site fault.

Protection Against Abnormity


The S9300 separates the control channel from the service channel. This provides a non-blocking control channel. The S9300 supports the following measures for protecting against abnormities:
l l l l l l

Provides error correction for memory chip faults. Provides protection against mis-insertion on the power input interface. Provides fan frames with separate power supply channels. The failure of any of the fan frames does not affect the other. Provides protections against over-current and over-voltage for power and interface modules. Provides protection against mis-insertion of boards to prevent inserting the H-SICs into the L-SIC slots. Provides the monitoring and alarm functions for the power modules, voltage and environment temperature.

Protection in Operation
The S9300 supports the following protection measures:
l l

Supports in-service upgrade of the BootROM, in-service patching, and version rollback. Supports data hot backup between the active and standby units. The active unit automatically switches to the standby state when failures occur to the active unit. This prevents loss of data or information. Supports timely synchronization of configurations between the LPUs and SRUs/MCUs. Supports the abnormity monitoring for the VRP system software, such as automatic restoration and log record. Supports final records of process status that can be used to locate faults more easily after an accident.

l l l

The S9300 also provides protection and prompt for improper operations. The S9300 provides operation and confirmation prompts for certain commands that may degrade the system performance.

3-26

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

3 Service Features

3.13 LLDP
This section describes the basics of LLDP. The S9300 supports the Link Layer Discovery Protocol (LLDP). LLDP conforms to IEEE 802.1ab. LLDP discovers the adjacency relationships between devices on the link layer. It is used for the interconnected devices to acquire the connection information of each other. Using the LLDP, the local network management station can acquire the link layer information of all devices in the local network. It also collects detailed information about network topology and topology change. This expands the scope of network management. The port with LLDP enabled on the S9300 periodically notifies the neighbors of its status. If the status changes, the port sends the updates of the current state to the neighbors directly connected to it. The neighbors then store the status of the port in the standard SNMP MIB. The NMS searches the MIB for the link layer information of the network. Based on search results, the NMS can calculate the network topology.

3.14 Security
This section describes the security measures for devices and services. 3.14.1 3.14.2 Security for Devices Security for Services

3.14.1 Security for Devices


Hierarchical Command Lines
The S9300 authenticates login users for safety when users Telnet the device through Ethernet ports. Users can log in to configure and maintain the device only after they pass the authentication. Commands of the S9300 are divided into 4 levels. Login users are also divided into 4 levels corresponding to these 4 levels. After logging in to the S9300, users can run only the command with the same or lower level than the user level. This mechanism effectively controls the authority of login users. The S9300 supports the extension of command levels and user levels, which can be mapped from four levels to 16 levels. This level mapping implements effective management on the user levels. The S9300 can also lock the terminal through commands to prevent illegal use of the terminal.

Remote Login Through SSH


The S9300 supports Secure Shell (SSH) of v1.5 and v2. On the network without security guarantee, SSH provides powerful guarantee of security and authentication for login users and can defend against illegal attacks.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-27

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

Encryption Authentication in SNMP


The S9300 supports encryption authentication in SNMPv3. It authenticates the validity of the management packets from the NMS.

Authentication, Authorization and Authorization


The S9300 supports Authentication, Authorization and Accounting (AAA). AAA supports three types of user authentication:
l l l

Local authentication Remote Authentication Dial-In User Service (RADIUS) Huawei Terminal Access Controller Access Control System (HWTACACS) authentication

It can authenticate and authorize login users in cooperation with hierarchical command line protection. It can also authorize the validity of the NMS administrator. The S9300 can defend against login of illegal users based on AAA.

Hierarchical CPU Protection


The S9300 supports two levels of CPU protections.
l

Protection at the LPU level The S9300 performs flow control for the protocol packets and management packets sent from the LPU to the CPU of the SRU based on the protocol type. This protects the channel between the LPU and the CPU from being congested with packets through Denial of Service (DoS) attacks.

Protection at the SRU level When the CPU receives protocol packets and management packets sent from the LPU to the CPU, the S9300 performs traffic classification, re-marking, flow control, and the whitelist function to the packets and implements QoS and rate limit on the CPU. This protects the CPU against Distributed DoS (DDoS), IP spoofing, and SYN Flood attacks.

3.14.2 Security for Services


Packet Filtering Through ACL
Packet filtering is used to filter illegal or unwanted packets. The S9300 filters packets based on user-defined rules. For example, it filters packets by checking the source or destination address of the packet. Packet filtering does not check the state of sessions and does not analyze the data. By filtering packets, the S9300 can effectively control the packets passing the device.

DHCP Snooping/Option 82
Deployed between the server and client of the Dynamic Host Configuration Protocol (DHCP), the S9300 listens to the sending DHCP packet. The S9300 then sets up a table binding the IP address with the MAC address based on the results of monitoring. This represses illegal packets from being transmitted. The S9300 can also insert or strip the Option 82 field into or off the packet.

3-28

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description


l

3 Service Features

Receiving the request packet from the DHCP client, the S9300 inserts the Option 82 field into the packet. The DHCP server then assigns IP addresses by identifying the Option 82 field. The DHCP server inserts the Option 82 field into the response packet. The S9300 analyzes the Option 82 field to select the forwarding port. The S9300 then strips the Option 82 field and forwards the packet to the user.

The Option 82 field records the ID number of the user circuit, which can effectively defend the attacker from tampering the DHCP packet. Similarly, with the IP session feature, the S9300 checks the IP addresses, MAC addresses, interface numbers, and VLAN IDs of the packets according to the VLAN or Option 82 information. This prevents unauthorized users from forging IP addresses.

Limit of MAC Address Learning at Ports


The S9300 supports the limit of MAC address learning. The S9300 supports setting the maximum number of MAC entries learnt by a port. This can defend against attacks with forged MAC entries and prevent the MAC table resource of the S9300 from being used up. The S9300 supports the following three ways to limit the number of MAC addresses:
l l l

Based on ports Based on VLAN ID Based on VSI

When the number of MAC addresses learnt by a port exceeds the limited threshold, the S9300 forwards or discards the incoming packets with new MAC addresses according to the configurations.

Blackhole MAC Entries


The S9300 supports blackhole MAC entries. When the S9300 receives a packet, it compares the destination MAC addresses of the packet with the MAC entries in the blackhole MAC table. If the MAC address of the packet is identical with the MAC address of a blackhole entry, the packet is dropped. After detecting that packets with a specific MAC address are attack packets, the administrator can set a blackhole MAC entry to filter the packets with that specific MAC address. This can prevent attacks using MAC addresses.

Port Binding Based on MAC+VLAN


To improve the security of interfaces, the S9300 allows the network administrator to add static entries to the MAC address table. The static entries identify the mapping among the specified MAC address, VLAN ID, and interface. This binds the S9300 to the interfaces and thus prevents MAC spoofing attacks.

Broadcast Traffic Suppression


The S9300 can limit the transmission rate of broadcast packets, multicast packets, and unknown unicast packets based on interfaces.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

3-29

3 Service Features

Quidway S9300 Terabit Routing Switch Product Description

The S9300 can also limit the maximum traffic percentage of broadcast packets, multicast packets, and unknown unicast packets, thus controlling the traffic volume of broadcast packets.

3.15 Clock
This section describes the clock synchronization and calibration mechanisms supported by the S9300. The S9300 supports the clock synchronization at the physical layer and calibration mechanisms. These mechanisms provide precise clock for mobile communication services. With the physical-layer clock synchronization mechanism, the S9300 obtains clock data from the signaling over the physical transport link, thus synchronizing clock frequency. The S9300 can obtain clock data from the synchronized Ethernet links.

3.16 NetStream
This section describes the NetStream function supported by the S9300. NetStream is a technology for collecting and releasing information about network streams. NetStream provides detailed statistics for accounting based on the occupation of resources, such as links, bandwidth, and time period. NetStream provides advanced network management tools with the key information. It implements almost realtime networking monitoring function and the traffic mode of the entire network. It also provides the functions such as fault pre-detection, effective fault rectification, and fast problem solution. NetStream promotes the technical development of network stream analysis and provides data for carriers in charge settlement, network planning, and networking operation and maintenance. When the NetStream function is enabled on an S9300, the S9300 provides the traffic sampling and statistics output functions, which do not degrade the forwarding performance. The details about the NetStream function supported by the S9300 are as follows:
l

The S9300 can sample and count the IPv4 packets. The sampling interval is calculated by the number of packets. The sampling ratio on a GE interface is 1/10000. The sampling ratio can be set manually, which ranges from 1 to 65535. The S9300 supports the Flexible NetStream function. Compared with the sampling based on the seven keys of the original flow, the user can set necessary keys for packets sampling, which greatly saves the flow entry resources of the system. The supported keys include source IP address, destination IP address, protocol, DSCP, L4 source port, and L4 destination port. The S9300 supports 10 aggregation flows, including AS, AS+TOS, Protocol+Port, Protocol+Port+TOS, Destination+Prefix, Destination+Prefix+TOS, Source+Prefix, Source+Prefix+TOS, Prefix, and Prefix+TOS. The version of the original flow can be V5 or V9. The version of the aggregation flow can be V8 and V9. The S9300 can perform sampling and statistics on both the incoming packets and outgoing packets. An LPU supports 4k incoming original flows and 4k outgoing original flows.

l l l

3-30

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

4 Maintenance and Network Management

Maintenance and Network Management

About This Chapter


This section describes the method of configuration and login, the measures to monitor devices and debug faults, the process of software upgrade and in-service patching and the functions of network management system for the S9300. 4.1 Maintenance and Management

This section describes the method of configuration and login, the measures to monitor devices and debug faults, and the process of software upgrade and in-service patching. 4.2 U2000

This section describes the functions of the U2000, including managing resources, topology, configurations, faults, performance, and security.

4.1 Maintenance and Management


This section describes the method of configuration and login, the measures to monitor devices and debug faults, and the process of software upgrade and in-service patching. 4.1.1 4.1.2 4.1.3 4.1.4 Configuration Modes Management and Monitoring Diagnosis and Debugging In-Service Software Upgrade and Patching

4.1.1 Configuration Modes


Multiple Maintenance Modes
The S9300 supports configuration and management in the following ways:
l

Through the command line interface (CLI) Users can configure and manage the S9300 by logging in to the device from a terminator through the console port or the ETH interface.

Through NMS

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-1

4 Maintenance and Network Management

Quidway S9300 Terabit Routing Switch Product Description

Users can configure and manage the S9300 based on SNMP through a network management station.

Flexible Login Modes


To support local and remote login, the S9300 offers the following interfaces:
l

Console port Users can log in to the console port of the S9300 through the RS-232 serial port of a terminal device.

ETH interface Users can log in to the ETH interface of the S9300 through Telnet or SSH.

In addition, users can also telnet the S9300 through other service ports. To satisfy different security demands, the S9300 offers various measures to authenticate user login, such as:
l l l

Non-authentication Local authentication AAA authentication

4.1.2 Management and Monitoring


Hardware Monitoring
The S9300 provides the following hardware monitor functions:
l l

Provides the MCU, SRU, LPU, CMU, power module, and panel of a fan frame with indicators to indicate their running status. Provides in-service board detection, hot swap detection, Watch Dog, board resetting, fan module monitoring, power module monitoring, active/standby switchover and log recording for the users' reference. Monitors the temperature of boards automatically when the system is running and controls the temperature. Provides statistics on abnormal and error packets. Provides statistics on the protocol packets to be delivered to the CPU and details of the packets. Provides information for querying the utilization of CPU and memory.

l l l l

Management and Maintenance


The S9300 provides the following management and maintenance functions:
l l l l l

Supports multi-user operations and user interface (UI) in two languages: Chinese and English. Provides command lines with flexible online help. Command line descriptor searches keywords with a partial match, which speeds up the input of commands. Provides hierarchical command lines and management of user authorities which prevents unauthorized users from logging in to the S9300. Provides classification and filtering of alarms. Provides DosKey-like function to run a history command.
Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 05 (2010-01-08)

4-2

Quidway S9300 Terabit Routing Switch Product Description


l l l l

4 Maintenance and Network Management

Provides local and remote loading and upgrading of software and supports version rollback, backup, storage and purge. Supports information collection at different layers such as the port, Layer 2, or Layer 3. Supports the information center to provide the uniform management of logs, traps and debugging information and can redirect information as required. Supports display of system status and version, and environment parameters such as temperature, utilization of CPU and memory.

4.1.3 Diagnosis and Debugging


Ping and Trace
The S9300 supports the following tools for testing the connectivity and recording transmission paths of packets on IP networks:
l l

Ping Trace

The S9300 supports the following tools for testing the connectivity and recording transmission paths of packets on MPLS networks:
l l

MPLS ping MPLS trace

The S9300 provides the following tools to check the link-layer connectivity of the devices on the network and obtain information about network status and delay:
l l

MAC Ping MAC TraceRoute

Debugging
The S9300 provides the debugging commands for each feature. The debugging information is extensive and in detail to diagnose faults easily. Each debugging command supports multiple parameters. Debugging can be enabled or disabled on specified interfaces for specified services through the console port. The debugging commands can display the following information of the feature:
l l l l l l

Critical events Process running Packet transmission and processing Packet resolution State switchover Error check

Trace
The S9300 supports the system trace function. Trace is used to perform advanced test and diagnose software. The S9300 also uses trace to on-line record important events including the task switching, interrupting, queue reading and writing, and system exception.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-3

4 Maintenance and Network Management

Quidway S9300 Terabit Routing Switch Product Description

System can refer to the trace information to locate faults after rebooting in case of failures. Trace can be enabled and disabled by using commands.

Mirroring
The S9300 supports port mirroring and flow mirroring.
l

Port mirroring Incoming traffic, outgoing traffic, or both incoming and outgoing traffic at the observed port is copied intact to the observing port.

Flow mirroring Observed flows are copied intact to the observing port.

Connecting a host with the observing port of the S9300 and watching the received packet, the ISPs can observe the packets that the S9300 inputs and outputs. The mirroring function offers a basis of traffic detection, fault allocation, and data analysis.

Virtual Cable Detection


Given the virtual cable detection feature, the S9300 allows you to detect the current status of cables connected to the Ethernet interfaces in the following aspects:
l l

Whether short circuits or open circuits occur on the receive or transmit cables Length of the faulty cable

4.1.4 In-Service Software Upgrade and Patching


In-Service Upgrade
The S9300 supports local and remote upgrading of the system software.
l

Local upgrade When the S9300 is booted, the software can be upgraded through the BootROM menu. Remote upgrade The S9300 supports the active and standby main process units. To ensure uninterrupted services when upgrading the software on the S9300, it is recommended to upgrade the standby main process unit before carrying out active/standby switchover. After upgrading the standby main process unit, upgrade the active main process unit.

In-Service Patching
The S9300 supports in-service patching. The features of in-service patching are as follows:
l l l

The service is not interrupted during the loading of patches. The patching can either be confirmed or removed. Prompts of patching status are provided.

Version Rollback
The S9300 supports version rollback. The features of version rollback are as follows:
l

If the upgraded version becomes unavailable, restart the software of another version to boot the system.

4-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description


l

4 Maintenance and Network Management

If faults occur during the process of upgrading or patching, the system can be recovered to the status before the upgrading or patch loading.

4.2 U2000
This section describes the functions of the U2000, including managing resources, topology, configurations, faults, performance, and security. The S9300 uses the Huawei iManager U2000 as a centralized NMS. The U2000 supports a multi-language graphical user interface (GUI) for convenient and visualized operations. The U2000 also provides northbound interfaces for connecting to a third-party NMS and can be integrated with other NMSs of carriers. The U2000 uses Simple Network Management Protocol (SNMP) to manage devices and supports the mode of Command Line Interface (CLI) to manage device configuration. As the basis of Huawei data communication network management system, the U2000 provides solution to manage and maintain the data communication network. The U2000 can manage the network elements and certain devices on the network layer. The details are as follows.

Resource Management
The U2000 provides the resource management function, which enables users to collect statistics on and query the resources on the entire network. Therefore, users can quickly learn the structure and changes of the resources on the network. The major functions of resource management include:
l l l

Managing entities Managing links Monitoring resource changes

Topology Management
The U2000 provides the topology management function, which enables users to establish and manage the topology of the network. Users can learn the operating status of devices on the topology view. The major functions of topology management include:
l l l l l l

Providing the topology view that shows the device relations and topology of the networking; providing an entry for users to configure and maintain the devices Allowing users to define and create the topology views according to their needs Marking the nodes in different colors to show their status Zooming in or out the topology view and providing the aerial view and the full-screen display Providing the navigation tree of views, which guides users to the related views quickly Loading the topology data of the devices that are added manually or discovered automatically and loading the basic configuration data of the devices added to the topology view, which simplifies configurations Polling and updating the status of network devices periodically and mapping the status to the topology view

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-5

4 Maintenance and Network Management

Quidway S9300 Terabit Routing Switch Product Description

The U2000 updates the topology data by polling the devices so that the data on the NMS is consistent with the data on the devices. Users can learn the operating status of the entire network in real time by viewing the network view.
l

Discovering links through the network resource data, including Layer 2 links and IP links, and providing individual views to show the links

Fault Management
The U2000 supports centralized alarm management, provides various alarm location methods, supports alarm query and alarm filtering, and provides an alarm knowledge base for sharing experience. The major functions of alarm management include:
l l l l l l l l l

Collecting alarm information of the managed devices and processing SNMPv1, SNMPv2, and SNMPv3 trap data Supporting alarm query, which helps users analyze the causes of alarms Allowing users to customize alarm levels Taking statistics on the alarm information according to the conditions set by users Providing alarm knowledge base for users to share experience Monitoring alarms on the network in real time by using an alarm board Filtering alarms and providing alarm filtering templates Providing alarm sounds Supporting remote alarm notification This function is used to notify the alarms to the users who are not on site. The U2000 can send E-mails or short messages to users to notify the users of alarms.

Supporting alarm location on the topology By selecting an alarm, the user can locate the object that generates this alarm on the topology.

l l

Supporting manual alarm acknowledgement, manual alarm recovery, redefining of alarm levels, alarm classification, and automatic alarm acknowledgement Supporting alarm synchronization The alarms of the devices that support the SNMP and MML protocols can be synchronized on schedule or manually. This improves the reliability of alarms.

l l

Supporting auto-dump and manual dump of the alarm data Marking the nodes in different colors to identify the alarm status and alarm levels of the devices

Supporting the northbound interfaces, which enable the upper layer NMS to carry out second development

Performance Management
The U2000 provides the performance monitoring function, which supports the management of network elements and network performance. The U2000 provides the Web pages for users to analyze current and historical data. This enables users to learn the operating status and performance of the network and helps users prevent network accidents, predict network operating status, and plan the network.

4-6

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

4 Maintenance and Network Management

On a large-scale network, the performance management function can be integrated on the distributed collector. Thus the U2000 meets the performance management requirement of the large-scale network through the distributed deployment. The major functions of performance management include:
l l l l l l l l

Managing the performance resource Managing performance instances Setting performance thresholds Maintaining data Querying and analyzing data Monitoring performance of network elements Monitoring network traffic Monitoring quality of service (QoS)

Test and Diagnosis Management


The U2000 can test the network connectivity and QoS of the network. Users can diagnose network faults according to the test result and minimize the impact of the faults. This function shortens the time spent on fault location and recovery. The test and diagnosis tools include the following:
l l l l l

Network scanning Historical data Diagnosis result analysis Test suite Diagnosis policy

Network Element Configuration


The U2000 provides GUIs for users to configure and maintain the network elements. Most configurations on the devices can be performed on GUIs. The major functions of network element configuration includes:
l l l l l l l l l l l l l l

Managing devices Managing entities Managing panels Managing interfaces Managing Link Layer Discovery Protocol (LLDP) Managing Ethernet features Managing Ethernet OAM Managing QoS Managing routes Managing MPLS Managing ACLs Managing BFD Managing VRRP/VGMP Managing EPON

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-7

4 Maintenance and Network Management

Quidway S9300 Terabit Routing Switch Product Description

VPN Service Management


The U2000 can uniformly manage the VPN services. Currently, the U2000 can manage the BGP/MPLS VPN, VPLS, and VLL services and provide the functions of service distribution, service monitoring, and service diagnosis.

LSP Service Management


LSP service management is used to plan and deploy the services of the entire MPLS network. The carrier can plan, deploy, audit and monitor the end-to-end LSP through service management. Thus the cost spent on running the MPLS network is effectively cut down.

DC Management
The U2000 provides the centralized management for configuration files and mapping programs. It stores and restores configuration files and upgrades the mapping program and patches. This function helps administrators manage the configuration files of network devices and the mapping programs. The major functions of DC management include:
l l l l

Backing up configuration files periodically, providing a maximum of 20 copies, and restoring services upon wrong configurations Upgrading software versions of the devices periodically and in batches, thus minimizing the impact on services Comparing the configuration files and presenting the differences between the files, thus help users find the configuration error quickly Discovering and recording the changes of device inventory by polling the device configuration periodically or polling the software mapping periodically

Syslog Management
The U2000 provides GUIs to manage system logs. The log data reported by devices complies with the RFC 3164, and the U2000 can present the logs on GUIs for users to query and view. The major functions of syslog management include:
l

Managing the logs of the Huawei data communication devices, including sampling and querying the logs, and supporting the log filtering rules and triggering actions, thus facilitating event processing Deploying multiple log collectors in distributed manner, thus enabling users to manage large-scale networks Setting log filtering rules on each device: discarding the packets matching the rules and storing the packets that do not match the rules Setting the log triggering actions to trigger the specified operations when receiving certain logs, thus enabling users to monitor and process key events in time

l l l

Security Management
The U2000 provides flexible user authorization policies (based on object and operation) that grant rights to users on the basis of actual management responsibility. In addition, the U2000 provides detailed operation logs that are on the basis of users or tasks. The major functions of security management include:

4-8

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description


l l l l l l l l l l

4 Maintenance and Network Management

Managing users and user groups Managing passwords Encrypting and decrypting data Managing user authority Authenticating login users Authenticating user operations Disconnecting users forcibly Supporting automatic client lock and manual client lock Working with the third-party LDAP server to authenticate users Supporting ACLs

Operation Log Management


The U2000 can record the key operations performed by users and provide a real-time monitoring window for users to trace and audit the operations.
l

The network administrator can set the query conditions, for example, user name, time range, operation terminal, operation object, operation result, or the combination of the preceding conditions. Thus the network administrator can know all the operations performed by a user on the NMS. The major functions of operation log management include: Supporting the manual deletion and automatic deletion of operation logs Storing operation logs in txt, HTML, or XLS format Supporting the output, manual dump, and automatic dump of operation logs

l l l

Report Management
The U2000 generates, distributes, and manages reports based on Web. It provides a set of flexible and easy report services. The U2000 provides a powerful report system to users to monitor, analyze, and optimize network performance and make decisions. The report system not only supports manual and periodical generation of reports, but also distributes the reports. It can be integrated with the NMS security management function and present data perfectly.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

4-9

Quidway S9300 Terabit Routing Switch Product Description

5 Networking Applications

5
About This Chapter
5.1 Application in the MAN 5.2

Networking Applications

This section describes the typical networking and applications of the S9300.

This section describes the position of the S9300 at the access layer and convergence layer in the MAN. Application of MPLS L2VPN

This section describes the function of MPLS VPN that can be applied in the actual networking. 5.3 Application of HVPLS for Dual-homing Protection

This section describes the function of HVPLS that can be applied at the access layer and convergence layer of the MAN. 5.4 Application of RRPP

This section describes the function of RRPP in implementing fast protection switchover on ring networks. 5.5 Application of Smart Link in Dual-Homing Networking

This section describes the function of Smart Link in dual-homing networks. 5.6 Application of Ethernet OAM

This section describes the application of Ethernet OAM on the MAN. 5.7 Application of QoS

This section describes the application of QoS on the MAN. 5.8 Application of Selective QinQ

This section describes the function of selective QinQ that can be applied in the actual networking. 5.9 Application of the S9300 in IPTV Service

This section describes the networking and application policy of the S9300 in the IPTV service.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-1

5 Networking Applications

Quidway S9300 Terabit Routing Switch Product Description

5.10

Application of the S9300 in NAC Networking

This section describes the application of the S9300 in the NAC networking.

5.1 Application in the MAN


This section describes the position of the S9300 at the access layer and convergence layer in the MAN. The S9300 is deployed at the access layer and convergence layer of the MAN. Figure 5-1 shows the networking diagram. Figure 5-1 S9300 application in the MAN
LAN Switch

UPE
M AN

UPE IP/MPLS Core NPE


MAN

DSLAM

As the UPE device in the MAN, the S9300 can converge services of Internet, VPN, IPTV, and VoIP from the downstream devices such as Digital Subscriber Line Access Multiplexer (DSLAM) and LAN switches such as the S2300, S3300. The S9300 then accesses the upstream NPE devices, such as the Huawei ME60 and NE40E. The S9300 can also act as a PE-AGG in complex networks to implement multiple levels of aggregation.

5.2 Application of MPLS L2VPN


This section describes the function of MPLS VPN that can be applied in the actual networking. The S9300 bears a strong capability of MPLS L2VPN. The whole system supports 4 K VLL instances and 1 K VPLS instances. As shown in Figure 5-2 and Figure 5-3, the S9300 supports VLL and VPLS and provides the point-to-point VPN application and multipoint-to-multipoint VPN application.

5-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

5 Networking Applications

Figure 5-2 Point-to-point VPN application (VLL)

Intranet B

Intranet A

MAN

Intranet B

Intranet A

VLL VLL

Figure 5-3 Multipoint-to-multipoint VPN application (VPLS)

Intranet A

Intranet B

Intranet A MAN

Intranet B

Intranet A

VPLS VLL

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-3

5 Networking Applications

Quidway S9300 Terabit Routing Switch Product Description

As shown in Figure 5-4, cooperating with the DSLAM, Access Gateway (AG), and S2300/S3300, the S9300 realizes the mapping between the access services and the VLL or VPLS services.
l

Along with the DSLAM/AG, the S9300 maps the QinQ tunnel to the VLL or VPLS services instances. This realizes the VLL services based on Digital Subscriber Line (DSL). Along with the S2300 or S3300, the S9300 maps the QinQ tunnel and VLL tunnel to the VLL or VPLS service instances.

The S9300 bears multiple services at the access layer and convergence layer. The S9300 can map a certain type of personal services such as broadband access and VoIP services, to the VLL or VPLS service instances. Figure 5-4 VPN services realized through the cooperation between the S9300 and CE
NPE

S9300

VLL/VPLS

S9300

QinQ
S9300 DSLAM/AG S2300 DSLVLL POTS

QinQ VLL

Ethernet VLL

The S9300 provides the low-cost VLL or VPLS solutions. This allows the application of MPLS and MPLS VPN at the edge convergence layer.
l l l

Solves the problem of pure Ethernet in the aspects of scalability, carrier-class reliability, and manageability. Lessens the burden on the higher level NPEs and avoids the problems of overburden and single-site faults. Realizes distributed processing of services with services implemented from devices at the edge convergence layer. This makes services customizable.

5.3 Application of HVPLS for Dual-homing Protection


This section describes the function of HVPLS that can be applied at the access layer and convergence layer of the MAN. The S9300 supports HVPLS to realize link protection to the two NPEs in dual-homing mode. On the HVPLS network, the S9300 acts as the UPE device to converge services from the CE. The S9300 supports the following HVPLS network architecture:
5-4 Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd. Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description


l l

5 Networking Applications

UPE+NPE Network Architecture UPE+PE-AGG+NPE Network Architecture UPE+NPE Network Architecture UPE+PE-AGG+NPE Network Architecture

5.3.1 5.3.2

5.3.1 UPE+NPE Network Architecture


Figure 5-5 S9300 Application of HVPLS with UPE+NPE network architecture

IP/MPLS Core

ME60 NPE ME60 BFD for LSP S9300 NE40E BFD for LSP H-VPLS S9300 UPE S9300 S9300

S2300

S2300 S2300

LSW DSLAM DSLAM

As shown in Figure 5-5, on the HVPLS network, the S9300 acts as the UPE device. The Huawei ME60 and NE40E routers can be used as the NPE devices.
l

As the UPE device, the S9300 accesses services and classifies traffic through the selective QinQ. Services of different types can be mapped to different VSIs and then transparently transmitted to NPE devices through HVPLS. The NPE terminates services on the Pseudo Wire (PW) tunnel and then process services based on the VLAN ID and QinQ information. Link protection is realized through MPLS TE protection group along with BFD for LSP on the HVPLS network.

l l

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-5

5 Networking Applications

Quidway S9300 Terabit Routing Switch Product Description

5.3.2 UPE+PE-AGG+NPE Network Architecture


On the current network, PE-AGG devices can be added between the UPE and NPE devices. PE-AGG devices aggregate services, terminate VPLS, and transparently transmit services to the NPE device. The S9300 can serve as the PE-AGG or UPE device as shown in Figure 5-6. Figure 5-6 S9300 application of HVPLS with UPE+PE-AGG+NPE network architecture

IP/MPLS Core

ME60 NE40E BFD for LSP CX600 CX600 H-VPLS S9300 S9300 S9300

ME60 NPE

PE-AGG

UPE

S9300

S2300

S2300

S2300

LSW DSLAM DSLAM

In this networking mode:


l l l l

The S9300 functions the same in this network architecture as that in the "UPE+NPE Network Architecture." The S9300 terminates the VPLS tunnel and transparently transmits services to the NPE device. The NPE terminate VLAN and QinQ, and then process services. Link protection is realized through BFD for LSP between the S9300 and the NPE device.

5.4 Application of RRPP


This section describes the function of RRPP in implementing fast protection switchover on ring networks.

5-6

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

5 Networking Applications

In the networking where common Ethernet ring networks are used, RRPP is adopted instead of MSTP to achieve fast convergence of topologies. Generally, the metro Ethernet uses two-layer rings:
l l

One layer is the convergence layer between the convergence devices PE-AGGs, for example, RRPP Domain 1 shown in Figure 5-7. The other layer is the access layer between PE-AGGs and UPEs, for example, RRPP Domain 2 shown in Figure 5-7.

Figure 5-7 Application of intersectant RRPP rings

IP/MPLS Core

S9300-F S9300-E Ring 1 Domain 1 S9300-C S9300-G Aggregation Layer

Ring 2 Domain 2 S9300-B

Access Layer S9300-D S9300-A

S2300

LSW

DSLAM

As shown in Figure 5-7, Ring 1 belongs to Domain 1; Ring 2 belongs to Domain 2. Ring 1 and Ring 2 are tangent at S9300-C.
l l

On Ring 1, S9300-C is the master node; S9300-C, S9300-E, S9300-F, and S9300-G are PE-AGGs. On Ring 2, S9300-C is the master node; S9300-A, S9300-B, and S9300-D are UPEs.

For multiple tangent RRPP rings, the failure of a ring does not affect other domains. The convergence process of RRPP rings in a domain is the same as that of a single ring. On RRPP rings, Layer 2 and Layer 3 services can be fast switched in the case of link faults.
l

Fast switch of Layer 2 services

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-7

5 Networking Applications

Quidway S9300 Terabit Routing Switch Product Description

In normal situations, the data flow travels along the path of S9300-A S9300-B S9300-C on Ring 2. If the link between S9300-A and S9300-B fails, the data flow is switched to another path on the RRPP ring. After the link between S9300-A and S9300-B fails and then the master node is notified of the link fault, the master node immediately unblocks the secondary port. At this time, the network topology changes, the original MAC address tables of the nodes cannot correctly guide the Layer 2 forwarding. Thus, Layer 2 traffic is interrupted. After unblocking the secondary port, the master node immediately requires other nodes on the ring to re-learn MAC address entries. The Layer 2 traffic on the RRPP ring is switched to the path of S9300-A S9300-D S9300-C.
l

Fast switch of Layer 3 services In normal situations, the data flow travels along the path of S9300-C S9300-E S9300-F on Ring 1. When the link between S9300-C and S9300-E fails, the data flow is switched to another path on the RRPP ring. After the link between S9300-C and S9300-E fails and then the master node is notified of the link fault, the master node immediately unblocks the secondary port. At this time, the network topology changes, the original ARPs and FIBs of the nodes cannot correctly guide the Layer 3 forwarding. After unblocking the secondary port, the master node immediately requires other nodes on the ring to re-learn MAC address entries. The Layer 2 traffic on the RRPP ring is switched to the path of S9300-C S9300-G S9300-F.

5.5 Application of Smart Link in Dual-Homing Networking


This section describes the function of Smart Link in dual-homing networks. Generally, Smart Link is adopted on dual-homing Ethernet networks to implement fast switching of links. Figure 5-8 Application of Smart Link
UPE1
Intranet

PE-AGG1
SmartLink Group

SmartLink Group SmartLink Group

IP/MPLS Core network

Intranet

SmartLink Group

UPE2

PE-AGG2
Active link Standby link

5-8

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

5 Networking Applications

Smart Link can be deployed anywhere on the MAN to provide the dual-homing connections By adopting Smart Link, UPE 1 or UPE 2 is dual-homed to PE-AGG 1 and PE-AGG 2 . For example, configure the Smart Link group on UPE 1 and UPE 2. The upstream devices only need to receive and send Flush packets. In the two uplinks, one link forwards packets and the other is blocked. When the active link fails, Smart Link swiftly senses the fault and switches traffic to the standby link. When the Monitor Link group is configured on PE-AGG 1 and PE-AGG 2, the uplink interface is associated with the downlink interface.

5.6 Application of Ethernet OAM


This section describes the application of Ethernet OAM on the MAN. The S9300 provides Ethernet OAM to implement fault detection and protection switchover in less than 50 ms. Figure 5-9 Application of Ethernet OAM on the MAN CE Intranet CE UPE PE-AGG BRAS UPE

Hotel

CE

UPE

IP/MPLS core network

CE Commercial center CE Residential area EFM OAM (802.3ah) Ethernet in the first mile

UPE

PE-AGG

Router

UPE

Ethernet CFM (802.1ag) Access convergence layer on the MAN

Backbone network

Ethernet CFM can be applied at the access convergence layer on the MAN. MDs are classified based on which ISP manages the devices. All the devices that are managed by the same ISP can be configured in the same MD. MAs are classified based on different services. An MA is associated with a VLAN. MEPs within an MA periodically exchange CCMs to test the connectivity on the network. After Ethernet CFM detects a connectivity fault, alarms are generated and MAC ping and MAC trace are provided to verify and locate the fault.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-9

5 Networking Applications

Quidway S9300 Terabit Routing Switch Product Description

EFM OAM is enabled on the CEs and UPEs. EFM OAM can test link connectivity of user services by periodically exchanging OAMPDUs between the CE and NPE. EFM OAM monitors link performance by testing the errored frames, errored codes, and errored frame seconds on the link. This provides transmission services required in the SLA for users. EFM OAM also provides alarms when a fault occurs.

5.7 Application of QoS


This section describes the application of QoS on the MAN. In the networking shown in Figure 5-10, enterprise A has two subdivisions: enterprise A-1 and enterprise A-2; enterprise B has two subdivisions: enterprise B-1 and enterprise B-2. The Ethernet VLL between the subdivisions of an enterprise is used to transmit services of voice, video, and data. Meanwhile, each subdivision requires access to the Internet. Figure 5-10 S9300 application of QoS

IP/MPLS core network

I n te rn et er

Enterprise A-2 Metro S9300 Voice 2 Mbit/s Video 4 Mbit/s Data 4 Mbit/s 10 Mbit/s S9300

Enterprise B-2

S9300 S2300

Voice 2 Mbit/s Video 4 Mbit/s Data 4 Mbit/s 10 Mbit/s

Enterprise A-1

Enterprise B-1

VPN of enterprise A VPN of enterprise B

Enterprise A has the following requirements:


l

The Ethernet VLL services between enterprise A-1 and enterprise A-2 need a bandwidth of 10 Mbit/s to guarantee bandwidth for different services. Voice services The guaranteed bandwidth is 2 Mbit/s.

Video services

5-10

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

5 Networking Applications

The guaranteed bandwidth is 4 Mbit/s.

Data services The guaranteed bandwidth is 4 Mbit/s. It is also required that the remaining idle bandwidth can be occupied by data services. Thus, the peak bandwidth is 10 Mbit/s.

Enterprise B has the same requirements as enterprise A. By applying level-2 traffic management of QoS on the S9300, you can meet the requirements of different services and users for network resources.

5.8 Application of Selective QinQ


This section describes the function of selective QinQ that can be applied in the actual networking. The S9300 provides the selective QinQ function. The networking of selective QinQ is shown in Figure 5-11. Figure 5-11 S9300 application of selective QinQ Vide o server Route r
I n tern et

TMG PSTN

ISP network VLAN1-1000

BRAS

BRAS v10 v100 v10 v600 S9300 v10 v800

v30 v450 v30 v650 v30 v850

User network VLAN1-1000 v100 v450

LSW

DSLAM v800

LSW v850

v600 VLAN1-500

v650

VLAN700-1000

VLAN500-700

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-11

5 Networking Applications

Quidway S9300 Terabit Routing Switch Product Description

The three enterprise networks shown in Figure 5-11, all need to transmit data, voice, and video services. The S9300 can append an outer ISP VLAN tag to the packets of each kind of access services. For example:
l l

Add an outer ISP VLAN tag VLAN 10 for data services of VLAN 100, VLAN 600, and VLAN800 from the customer networks. Add an outer ISP VLAN tag VLAN 30 for video services of VLAN 450, VLAN 650, and VLAN850 from the customer networks.

Offering the selective QinQ function, the S9300 can converge services and choose different paths for various services. This facilitates network deployment.

5.9 Application of the S9300 in IPTV Service


This section describes the networking and application policy of the S9300 in the IPTV service. 5.9.1 5.9.2 Networking of IPTV Protection of IPTV Services

5.9.1 Networking of IPTV


The S9300 supports IPTV application as shown in Figure 5-12.

5-12

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

5 Networking Applications

Figure 5-12 S9300 application of IPTV

IP/MPLS Core IPTV Server

DR NPE H-VPLS S9300 S9300 S9300

BDR NPE

Multicast over PW S9300

DSLAM

DSLAM

STB

STB

STB

PIM Interface BFD for PIM over VPLS Multicast traffic

The S9300 provides the IGMP snooping function and multicast across VLANs. It can serve as the duplication and control point for multicast at the access layer of the MAN to meet the demand for large-capacity multicast services. The multicast traffic can be copied within or across VLANs. The DSLAM device provides the IGMP proxy function. In the networking shown in Figure 5-12:
l l

The S9300 acts as the UPE device. The multicast function is applied to the HVPLS network to process IPTV services. The NPE runs the PIM protocol. PIM packets can be transparently transmitted through the daisy chain PW. The NPEs run for the Designated Router (DR) or Backup Designated Router (BDR). DR processes the IGMP packets and copies the video stream from the IPTV server to the daisy chain PW. Enable the IGMP snooping on the S9300 to listen to IGMP packets. The S9300 only sends an IGMP request packet to join the multicast group. The multicast forwarding group is then established. A static multicast group can be set up with popular channels.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-13

5 Networking Applications
l

Quidway S9300 Terabit Routing Switch Product Description

The S9300 copies the multicast data to the DSLAM based on the multicast forwarding table. The S9300 then copies the multicast data to another S9300 through IGMP snooping over VPLS.

In addition, the S9300 supports port prompt-join or prompt-leave. This realizes fast switch of IPTV services.

5.9.2 Protection of IPTV Services


As shown in Figure 5-13, along with the NPE in the networking, the S9300 provides a protection mechanism for IPTV services. Figure 5-13 S9300 protection for IPTV services

IPTV Server

IP/MPLS Core

NPE

BDR NPE H-VPLS

DR

S9300 S9300 S9300 S9300

DSLAM

DSLAM

STB

STB

STB

BFD for PIM over VPLS Multicast Traffic PIM Interface Fault

The S9300 acts as the UPE device;. A HVPLS is set up between the S9300 and the NPE. The multicast function is applied to the HVPLS network. The two NPE devices run the PIM protocol. The following mechanism is used to protect the IPTV services: 1. BFD for PIM over VPLS is enabled between the two NPE. The BFD detection packet is transmitted over the HVPLS network.

5-14

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

5 Networking Applications

2.

BFD for PIM over VPLS is used to detect the link status of the multicast link. When faults occur, BDR is switched to DR. The two NPE devices copy the multicast data to PW at the same time. When faults are removed, the NPE devices run for DR/BDR again. The service is back to normal. When faults occur to the link of the daisy chain, or the S9300, or one of the NPE devices, BFD for PIM is used to detect faults in 50 ms. The NPE on the right acts as BDR. BDR swiftly switches to DR. Thus both the NPE devices become DR to forward multicast packets at the same time. When faults recover, the NPE devices run for DR/BDR again. The service is back to normal.

3. 4. 5.

5.10 Application of the S9300 in NAC Networking


This section describes the application of the S9300 in the NAC networking. Figure 5-14 shows the application of the S9300 in the NAC networking. Figure 5-14 Application of the S9300 in the NAC networking Portal Server Work Area S9300

Visit Area ACS/SC Separated area Patch/anti-virus server

Policy server

On an enterprise intranet, a personal computer (PC) does not need to be installed with the terminal software program. The user is redirected to the login page by captive portal. The user needs to enter user name and password. Then the NAD, namely, the S9300, submits the user name and password to the RADIUS server for authentication. Before passing the authentication, the user can access only the resources in the separated area. The ACS or SC, which is similar to a RADIUS server, returns a message notifying that the user passes the authentication. The PC and the ACS set up an HTTP link and the ACS verifies the security of the PC. After the security of the PC is verified, the user can access the common data area or core data area depending on the user authority.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

5-15

5 Networking Applications

Quidway S9300 Terabit Routing Switch Product Description

When the Session-Time-Out feature is configured, if the authentication server is unavailable, for example, authentication times out or the RADIUS server does not respond, the user is allowed to go online and access the network. In this case, the Session-Time-Out timer is started and the user is authenticated again when the timer expires.

5-16

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

6 System Specifications

6
About This Chapter
6.1 Technical Specifications 6.2 Performance Specifications

System Specifications

This section lists the physical parameters, power supply parameters, specification, and performance indexes of the S9300.

This section describes the appearance, weight, power, input voltage, temperature, and humidity of the S9300.

This section describes the performance specifications of the software and hardware of the S9300. 6.3 Software Features List

This section describes the software features of the S9300.

6.1 Technical Specifications


This section describes the appearance, weight, power, input voltage, temperature, and humidity of the S9300. 6.1.1 6.1.2 Physical Specifications System Configuration

6.1.1 Physical Specifications


Table 6-1 Physical specifications of the S9300 Item Dimensions (width x depth x height) without the switching rack-mounting ear Specifications S9303: 442.0 x 476 x 175 S9306: 442 x 476 x 441.7 S9312: 442 x 476 x 663.95

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-1

6 System Specifications

Quidway S9300 Terabit Routing Switch Product Description

Item Maximum power consumption (fully configured)

Specifications S9303: 350 W S9306: 800 W S9312: 1400 W

Weight (fully configured)

S9303 < 22 kg S9306 < 42 kg S9312 < 70 kg

DC input voltage

Rated voltage Maximum voltage range

-48 V/ -60 V -48 V: -38.4 V to -57.6 V -60 V: -48 V to -72 V

AC input voltage

Rated voltage

S9303/S9306: 110 V/220 V S9312: 220 V

Maximum voltage range PoE Power input mode Redundancy mode of power supplies

90 V to 290 V Built-in. Only the AC power supply is supported. The S9303 does not support the backup of AC power modules. The S9306 and the S9312 support the power supplies in 3+1, 2+2, or 4+0 (not backup) mode.

Output power consumption

S9303: a maximum of 800 W S9306 and S9312: a maximum of 3200 W

Temperature

Long-term operation Short-term operation Storage

0C to 45C -5C to 55C -40C to 60C 5% RH to 85% RH, non-condensing 0% RH to 95% RH, non-condensing Less than 3000 m Less than 5000 m

Relative humidity

Long-term operation Short-term operation

Altitude for installation

Long-term operation Storage

6-2

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

6 System Specifications

6.1.2 System Configuration


Table 6-2 System configuration of the S9300 Item Configuratio n of the S9312 700 MHz (Dominant frequency) 1 GB 512 KB 64 MB 512 MB Configuratio n of the S9306 700 MHz (Dominant frequency) 1 GB 512 KB 64 MB 512 MB Configuratio n of the S9303 500 MHz (Dominant frequency) 512 MB 512 KB 64 MB 512 MB Note

Processor

DDR2 SDRAM NVRAM Flash CF card

Battery supply The CF card serves as a mass storage device to save data files and logs. Bidirectional Bidirectional LPU (Optional)

Switching capacity Backplane capacity 10GE port density FE/GE port density Forwarding capability Number of slots for the LPUs Number of slots for the SRUs/MCU s Max transmissio n rate on a port of the LPU

2 Tbit/s 4.8 Tbit/s 144 576 1320 Mpps 12

2 Tbit/s 2.4 Tbit/s 72 288 1080 Mpps 6

720 Gbit/s 1.2 Tbit/s 36 144 540 Mpps 3

S9306/S9312: SRU S9303: full mesh

48GE, 12 x 10GE

48GE, 12 x 10GE

48GE, 12 x 10GE

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-3

6 System Specifications

Quidway S9300 Terabit Routing Switch Product Description

6.2 Performance Specifications


This section describes the performance specifications of the software and hardware of the S9300. Table 6-3 Performance specifications of the S9300 Attribute Availability Service Feature Availability Mean Time Between Failure (MTBF) Mean Time To Repair (MTTR) Downtime Ethernet Number of MAC addresses supported by each LPU Specifications 0.99999768 24.59 years 0.5 hours 1.22 minutes/year
l l l

ED board: 512 K EC board: 128 K EA/SA/12*10GE board: 32 K

Number of VLANs Number of trunk groups and number of interfaces supported by each trunk group Rate of learning MAC addresses Number of ARP entries Number of ARP entries supported by each LPU QoS Number of QoS queues on a port CAR

4K 128 trunk groups, each of which supports a maximum of 8 interfaces More than 4000 each second 16 K EA/EC/ED board: 16 K SA/12*10GE board: 8 K 8 ED/EC/EA/12*10GE board: 8 Kbit/s SA board: 64 Kbit/s

ACL

ACLv4

Number of IPv4 ACLs supported by each LPU


l

ED board: 70K for inbound traffic; 1000 for outbound traffic EC board: 70K for inbound traffic; 1000 for outbound traffic EA board: 6000 for inbound traffic; 1000 for outbound traffic SA board: 3000 for inbound traffic; 500 for outbound traffic 12*10GE board: 1200 for inbound traffic; 500 for outbound traffic

6-4

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

6 System Specifications

Attribute

Service Feature ACLv6

Specifications Number of IPv6 ACLs supported by each LPU


l

ED board: 67K for inbound traffic; 250 for outbound traffic EC board: 35K for inbound traffic; 250 for outbound traffic EA board: 3000 for inbound traffic; 250 for outbound traffic SA board: 1500 for inbound traffic; 250 for outbound traffic 12*10GE board: 250 for inbound traffic; 120 for outbound traffic

MPLS

Number of LSPs Number of LDP neighbors

8K > 256 4K 1K 2K S9306/S9312: 512 K S9303: 230 K 8 K on an LPU and 16 K on the entire equipment IPv4 forwarding at line speed S9306/S9312: 512K S9303: 230K

L2VPN

Number of VLL entries Number of VSI entries

L3VPN

Number of VRFs Number of VPN routes

IP Session IP unicast

IPv4 forwarding Number of routing entries

IPv4 FIB

l l l l

ED board: 512 K EC board: 144 K EA board: 32 K SA/12*10GE board: 20 K ED/EC/EA board: 16 K SA/12*10GE board: 10 K

IPv6 FIB

l l

Multicast

Number of static multicast routes Number of L2 multicast forwarding entries Number of L3 multicast forwarding entries

256 1K
l l

ED/EC/EA board: 4 K SA/12*10GE board: 2 K

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-5

6 System Specifications

Quidway S9300 Terabit Routing Switch Product Description

Attribute Reliability

Service Feature BFD

Specifications
l l

BFD sessions: 2 K Minimum fault discovery duration: If no FSU is configured, the duration is 3s; if an FSU is configured, the duration is 50 ms.

Ethernet OAM

802.1ag Up to 64 MDs can be created on the entire equipment. The number of MAs on the entire equipment is as follows:

S9312 and S9306 :4K S9303 :2K

Detection time: 3.3 ms/10 ms/100 ms/1s/10s/1 min/10 min 802.3ah Detection time: 100 ms/1s RRPP
l

Maximum number of RRPP instances: 48 Rings supported by the entire equipment: 64 Rings supported by an LPU: 5 Maximum number of RRPP domains: 64 link switchover time: less than 50 ms VRRP backup groups on the entire equipment: 255 VRRP backup groups on the entire equipment: 16 Virtual IP addresses in each VRRP backup group: 16 Switchover time: If no FSU is configured, the time is 3s; if an FSU is configured, the time is 50 ms. Maximum number of instances on the entire equipment: 48 The switchover time is less than 50 ms.

l l

VRRP

SmartLink

6-6

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

6 System Specifications

Attribute

Service Feature MSTP

Specifications
l

Maximum number of instances on the entire equipment: 48 The switchover time is less than 100 ms.

6.3 Software Features List


This section describes the software features of the S9300. Table 6-4 Software features list of the S9300 Feature Ethernet features Ethernet Description Supports operating mode of full-duplex, half-duplex, and auto-negotiation. Supports 10/100/1000 Mbit/s and 10 Gbit/s rate of Ethernet ports. Supports auto-negotiation rate of Ethernet ports. Supports flow control on ports. Supports Jumbo packets. Supports binding ports into Ethernet trunk. Supports load balancing on links in the trunk. Supports port isolation and forwarding restriction. Supports broadcast storm suppression. VLAN Supports access modes of Access, Trunk, Hybrid, and QinQ. Supports default VLAN. Supports 1:1 VLAN mapping. Supports N:1 VLAN mapping. Supports 802.1p-based VLAN mapping. Supports QinQ. Supports selective QinQ. Supports VLAN switching. MAC Supports automatic learning and aging of MAC addresses. Supports static, dynamic, and blackhole MAC entries. Supports limit to MAC address learning based on ports and VLANs.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-7

6 System Specifications

Quidway S9300 Terabit Routing Switch Product Description

Feature ARP

Description Supports static and dynamic ARP. Supports ARP in VLAN. Supports aging of ARP entries. Smart Link Supports Smart Link. Supports Smart Link multi-instance. Supports Monitor Link. DLDP LLDP Virtual cable test Supports unidirectional link detection. Supports LLDP. Supports virtual cable detection. Supports STP. Supports RSTP. Supports MSTP. Supports BPDU guard, root guard, and loop guard. Supports BPDU tunnel. RRPP Supports RRPP. Supports RRPP multi-instance. Loop detection Support loop detection. Network management interface supports IPv4 unicast data packets. Network management interface supports static IPv4 unicast routes. Supports RIP, OSPF, IS-IS, and BGP. Supports the DHCP server and the DHCP relay. Supports DHCP snooping. IPv6 unicast Supports RIP, OSPFv3, ISISv6, and BGP+. Supports TCP6, ping IPv6, tracert IPv6, and socket IPv6. Supports DHCPv6 snooping. IPv4/IPv6 transition Supports the IPv6 over IPv4 tunnel. Supports IPv4 over IPv6. Supports 6FE.

Protection against Ethernet loops

MSTP

IP routing

IPv4 unicast

6-8

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

6 System Specifications

Feature Multicast -

Description Supports IGMP, MLD, MSDP, PIM-DM, PIM-SM, and PIM-SSM. Supports IGMPv1, IGMPv2, IGMPv3 snooping. Supports MLDv1 snooping. Supports fast-leave of users. Controls multicast traffic. Supports multicast VLAN. Supports multicast querier. Suppresses multicast protocol packets. Supports multicast ACL. Supports multicast copy. Supports IGMP snooping over VPLS.

MPLS features

Basic MPLS functions

Supports static LSP. Supports static mapping between VLAN and MPLS SVC to provide virtual dedicated Ethernet lines. Supports L2VPN and L3VPN. Supports two-layer MPLS labels. Supports MPLS over Ethernet. Maps the 802.1p priority to the EXP field in the MPLS packet.

MPLS OAM

Supports LSP ping and LSP traceroute. Supports automatic fault detection. Supports 1+1 protection of LSP.

MPLS-TE

Supports establishment of MPLS-TE tunnel. Supports MPLS-TE protection group.

VLL/HVPLS

Supports VLL in SVC, Martini, Kompella or CCC mode. Supports VPLS in Martini or Kompella mode. Supports HVPLS in LSP and QinQ mode. Supports the VLL access and VPLS access after VLAN switching is performed.

Ethernet OAM

Ethernet OAM

Supports P2P Ethernet fault management defined in IEEE 802.3ah. Supports Ethernet OAM defined in IEEE 802.1ag. Supports MAC ping and MAC trace.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-9

6 System Specifications

Quidway S9300 Terabit Routing Switch Product Description

Feature BFD -

Description Supports BFD physical link detection. Supports connectivity detection for IP. Supports connectivity detection for LSP, CR-LSP, and MPLS TE protection group. Supports BFD detection on the VPLS network. Supports BFD detection based on VPLS and protection switchover for the diagnosis packet that manages the switchover of VPLS.

QoS features

Traffic classification

Supports classification based on Layer 2 protocol header, Layer 3 protocol, Layer 4 protocol, 802.1p priority, or their combination. Supports classification based on C-VID of QinQ packets.

Traffic behavior

Controls access of the classified packets. Supports traffic policing based on CAR. Supports packet re-marking according to the classification. Supports queuing of the classified packets. Supports mixed use of traffic classification and traffic behavior.

Queue scheduling Congestion avoidance Traffic shaping Traffic policing Clock Configuration and maintenance Terminal services

Supports PQ, WRR, DRR, PQ+WRR, and PQ+DRR scheduling. Supports WRED. Supports tail drop. Supports traffic shaping for the outbound traffic. Supports two-level traffic policing. synchronization Ethernet Supports CLI configuration. Supports prompt and help information in English and Chinese. Supports terminal services through the Console port, AUX port, or Telnet. Supports the Send function to make the terminals communicate with each other.

File system

Supports file system. Supports directory and file management. Supports file uploading and downloading through FTP and TFTP.

6-10

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)

Quidway S9300 Terabit Routing Switch Product Description

6 System Specifications

Feature Debug and maintenance

Description Supports unified management of logs, traps, and debugging information. Supports electronic labels. Supports logs of users. Supports detailed debugging information to assist troubleshooting. Supports black box. Supports network testing tools such as traceroute and ping commands. Supports port mirroring and traffic mirroring. Availability Supports the power modules in 1+1 or 2+2 backup mode and the fan modules in N+1 backup mode. Supports hot swap of the SRUs/MCUs, LPUs, fan modules, and power modules. Supports the SRUs/MCUs in 1+1 backup mode. Supports automatic switchover and forcible switchover of the SRUs/MCUs. Supports the bundling of Ethernet ports on different boards. Software upgrade Supports in-service upgrade of VRP system software. Supports in-service upgrade of BootROM. Supports in-service patch. Supports version rollback.

Security and management

System security

Supports hierarchical commands to protect against unauthorized users. Supports SSH v1.5 and v2.0. Supports RADIUS and HWTACACS authentication. Supports ACL filtering. Supports defend against attacks of DoS, SYN flood of TCP, UDP flood, broadcast storms, and large traffic. Supports limit to MAC address learning. Supports blackhole MAC. Supports port isolation. Supports packet filtering. Supports CPU channel guard. Supports the suppression of ARP packets based on IP addresses. Supports blacklist and whitelist. Supports attack trace.

Issue 05 (2010-01-08)

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

6-11

6 System Specifications

Quidway S9300 Terabit Routing Switch Product Description

Feature Network management

Description Supports ping and traceroute functions. Supports SNMPv1/v2c/v3. Supports standard MIB. Supports RMON.

6-12

Huawei Proprietary and Confidential Copyright Huawei Technologies Co., Ltd.

Issue 05 (2010-01-08)