SJ-20160119164028-001-ZXR10 5960 Series (V3.02.20) All 10-Gigabit Data Center Switch Product Description

ZXR10 5960 Series
All 10-Gigabit Data Center Switch

Product Description
Version: 3.02.20
ZTE CORPORATION
No. 55, Hi-tech Road South, ShenZhen, P.R.China
Postcode: 518057
Tel: +86-755-26771900
Fax: +86-755-26770801
URL: http://support.zte.com.cn
E-mail: 800@zte.com.cn
LEGAL INFORMATION
Copyright © 2017 ZTE CORPORATION.
The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.
All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.
This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.
ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.
ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.
Users may visit the ZTE technical support website http://support.zte.com.cn to inquire for related information.
The ultimate right to interpret this product resides in ZTE CORPORATION.
Revision History
Revision No. Revision Date Revision Reason
R2.0 2017-02-28 Updated configuration commands and instances
R1.0 2016-02-28 First edition
Serial Number: SJ-20160119164028-001
Publishing Date: 2017-02-28 (R2.0)
SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

Contents
About This Manual ......................................................................................... I
Chapter 1 Product Positioning and Characteristics ............................... 1-1
1.1 Product Positioning ............................................................................................ 1-1
1.2 Product Characteristics....................................................................................... 1-3
Chapter 2 Functions and Features ........................................................... 2-1

2.1 L2 Functions ...................................................................................................... 2-1
2.1.1 Basic Ethernet Functions .......................................................................... 2-1
2.1.2 VLAN Functions ....................................................................................... 2-2
2.1.3 Link Aggregation ...................................................................................... 2-3
2.1.4 L2 Multicast ............................................................................................. 2-4
2.2 L3 Functions ...................................................................................................... 2-4
2.3 QoS .................................................................................................................. 2-8
2.4 Protection for Reliability .................................................................................... 2-10
2.5 Security and Authentication................................................................................2-11
2.6 Network Traffic Analysis.................................................................................... 2-15
Chapter 3 Technical Specifications .......................................................... 3-1

Chapter 4 Operation and Maintenance..................................................... 4-1
4.1 NetNumen U31 Unified Network Management Platform ........................................ 4-1
4.2 Maintenance and Management ........................................................................... 4-2
Appendix A Protocol and Standard Compliance.................................... A-1

Tables .............................................................................................................. I
Glossary ........................................................................................................ III

This page intentionally left blank.
II

About This Manual
Purpose
This manual describes the positioning, characteristics, functions and features,
architecture, network application, operation and maintenance, technical specifications,
and complied protocols and standards of the ZXR10 5960 series products.
Intended Audience
This manual is intended for network planning engineers.
What Is in This Manual

This manual contains the following chapters:
Chapter 1, Product Po-

Describes the positioning and characteristics of the ZXR10 5960 series
sitioning and Characteris-
products.
tics
Chapter 2, Functions and

Describes the major functions and features supported by the ZXR10 5960.
Features
Chapter 3, Technical Describes the basic specifications, interface specifications, and system
Specifications functions and features of the ZXR10 5960.
Chapter 4, Operation and Describes the management and maintenance of the NetNumen U31 uni-
Maintenance fied network management platform and the ZXR10 5960.
Appendix A, Protocol and

Describes the protocols and standards of the ZXR10 5960.
Standard Compliance
Conventions
This manual uses the following typographical conventions:
Italics Variables in commands. It may also refer to other related manuals and documents.
Bold Menus, menu options, function names, input fields, option button names, check boxes,
drop-down lists, dialog box names, window names, parameters, and commands.
Constant Text that you type, program codes, filenames, directory names, and function names.
width
[] Optional parameters.
{} Mandatory parameters.
| Separates individual parameter in series of parameters.
Note: provides additional information about a certain topic.

II

Chapter 1
Product Positioning and
Characteristics
Table of Contents
Product Positioning ....................................................................................................1-1
Product Characteristics ..............................................................................................1-3
1.1 Product Positioning

The ZXR10 5960 series switches are new-generation, enhanced core switches. These
switches provide extra large system capacity, high-density ports, and powerful service
features to satisfy equipment requirements of MAN, data center, campus, and enterprise
network environments.
The ZXR10 5960, designed as a user-oriented, large-capacity, and provides high-density
GE and 10 GE port solutions. The ZXR10 5960 uses energy-efficient components and
uses an intelligent mechanism for managing fans, power supply, and physical ports to solve
capacity expansion problems for users. The ZXR10 5960 provides high convergence with
low costs, reduces the investment fee per user, saves space occupied by devices, and
lowers power consumption.
The ZXR10 5960 helps users to build highly-efficient, intelligent, and reliable networks,
and reduces maintenance and duplicate investment costs by improving network reliability
and stability. The ZXR10 5960 performs the following functions:
l Provides comprehensive security protection to guarantee network core security.
l Provides QoS to guarantee end-to-end service experience and improve network
quality.
l Provides reliable protection for users from device, link, to network levels by
independent monitoring platform, reconfigurable software, and various switchover
technologies.
l Supports multi-service bearer and the IPv6 technology to provide IPTV solutions,
fulfilling the need of integrated data and voice bearer and various networks.
The ZXR10 5960 products include:
l ZXR10 5960-72DL-H
l ZXR10 5960-64DL-H
l ZXR10 5960-64DL/ZXR10 5960-64DL-L
l ZXR10 5960-32DL/ZXR10 5960-32DL-L
l ZXR10 5960-52DU-H
l ZXR10 5960-32LC-H
1-1

ZXR10 5960 Series Product Description
l ZXR10 5960-72NL-H
l ZXR10 5960-64NL-H
For their overview, seeTable 1-1 .
Table 1-1 Product overview
Product Overview
ZXR10 5960-72DL-H
ZXR10 5960-64DL-H
ZXR10 5960-64DL/ZXR10
5960-64DL-L
ZXR10 5960-32DL/ZXR10
5960-32DL-L
ZXR10 5960-52DU-H
1-2

Chapter 1 Product Positioning and Characteristics
Product Overview
ZXR10 5960-32LC-H
ZXR10 5960-72NL-H
ZXR10 5960-64NL-H
1.2 Product Characteristics

Multi-scenario and All-service Ideas
The ZXR10 5960 provides all-service support, satisfying hierarchical and multidimensional
requirements of users and covering network hotspots and mainstream scenarios such as
Metro E, IPTV bearer, FTTX ultra wide band (UWB) convergence, data center, and campus
network. The specific characteristics include:
l Rich QoS capabilities provide differentiated services for different application

l Layer-2 and layer-3 multicast protocols to provide high-rate multicast duplication
capability and leading IPTV solutions to satisfy the requirements for large-capacity
IPTV subscriber access and high-performance IP multicast video application
l A variety of IPv4/v6 transition technologies, and IPv6 multicast and application
management, protecting profits of customers and adapting to network service
development requirements
1-3

l Hierarchical intelligent operation and maintenance, and graphical network

management system, allowing users to easily perform multi-service deployment and
management
Multidimensional Security Model, Reinforcing the Network

The ZXR10 5960 provides a five-start network service guarantee through a 5-level model
covering safe architecture, safe control, safe operating system, safe computing, and safe
services.
l Safe architecture
Supports redundant backup and intelligent check, control and alarm for power supply
modules, and hot-swapping for all components.
l Safe control
Provides high system stability by isolating control, monitoring, and forwarding.
l Safe operating system
Uses ZTE's new-generation multi-process software platform ZXROS, which provides
the most advanced software architecture reliability in the industry to implement
function modularization, intelligent and dynamic loading, parallel processing, flexible
expansion of new functions, and process-based intelligent dormancy.
l Safe computing
Provides multi-thread parallel high-performance computing based on multiple CPUs
to guarantee seamless connection on different planes.
l Safe services
Supports a variety of reliability technologies and equipment-level to network-level
protective switching technologies, and guarantees smooth operation of all services
by the industry-leading OAM capability and security protection functions.
Low Carbon and Energy Efficient

ZTE is always committed to the R&D and application of "environment-friendly data"
products and solutions, and insists on sustainable development and environment
efficiency. Based on product lifecycle considerations, ZTE makes all efforts to reduce its
products' influence on the environment. The specific characteristics include:
l 40nm highly-integrated chips, proper PCB layout, optimized heat dissipation design
for a single board or the whole cabinet, and highly-efficient power switch to guarantee
an energy-efficient high-performance system.
l Intelligent power consumption control system: The power consumption control
module of the operating system supports dynamic port power saving, intelligent
fan speed controller, power supply, process dormancy, and service adjustment to
achieve the maximum balance for the performance-to-consumption ratio.
l Harmless material purchase, green certification for the production process,
renewable, biodegradable, and environment-friendly packaging and shipping
1-4

Chapter 1 Product Positioning and Characteristics
material, in compliance with domestic and international RoHS standards and the
concept of "green earth, care nature".
l Reconstructable operating system architecture and ideal remote management tools,
which greatly improve installation, debugging, operation and maintenance efficiency,
increase the remote maintenance ratio, reduce OPEX, and lower attendance and
environment costs.
1-5

1-6

Chapter 2
Functions and Features
Table of Contents
L2 Functions ..............................................................................................................2-1
L3 Functions ..............................................................................................................2-4
QoS ...........................................................................................................................2-8
Protection for Reliability............................................................................................2-10
Security and Authentication ......................................................................................2-11
Network Traffic Analysis ...........................................................................................2-15
2.1 L2 Functions
2.1.1 Basic Ethernet Functions
MAC Address Management
The ZXR10 5960 provides the basic functions of maintenance MAC address learning and
synchronization, and implements the following management functions:
l MAC address binding
l MAC address filtering
l MAC address number restriction
l MAC address permanence
l MAC address multi-view display
Port Mirroring
The port mirroring function duplicates traffic from one port to another port, so that a network
administrator can analyze the traffic in real time when solving network problems. Port
mirroring provides a monitoring approach for the network administrator. For the ZXR10
5960, any port can be configured as a mirrored port. The supported mirroring types include:
l Mirroring between ports of different rates
l Many-to-one port mirroring
l One-to-many port mirroring
l Many-to-many port mirroring
l RSPAN, ERSPAN, and other remote port mirroring
l Stream-based mirroring
2-1

Port Security Protection

The ZXR10 5960 supports the following port security protection functions:
l Port traffic control, broadcast storm suppression, jumbo restriction, rate negotiation for
effective data traffic control on a port, which prevents network congestion and ensures
normal network service operation.
l Line diagnosis, analysis, and testing, which checks whether lines or links are normal
and accurately locates line-specific faults, making network management and fault
locating more easy.
l Loop detection for some or all ports (no detection by default), which checks for
the loops of the subscribers or switches connected to these ports, so that switch
broadcast storms and other abnormal situations can be avoided and the influence
can be constrained to the specific ports.
l VLAN-based loop detection not only for the VLAN where the PVID of a port is
located, but also for a VLAN specified by the subscriber on a port, which supports
loop detection on up to eight VLANs at the same time.
2.1.2 VLAN Functions

The ZXR10 5960 supports 802.1Q VLANs. For an untagged packet, the ZXR10 5960
supports adding a subnet-based, protocol-based, or port-based VLAN tag to fulfill rich
VLAN functions.
In the 802.1Q VLAN protocol, a VLAN ID is represented by a 12-bit numeral. As a result,
the number of VLANs is limited to 4096 and cannot satisfy actual application requirements.
The ZXR10 5960 expands VLAN in four aspects including QinQ, PVLAN, VLAN translation,
and layer-3 related super VLAN.
QinQ
QinQ allows multiple VLAN tags in an Ethernet frame. A subscriber's private network
VLAN tag is encapsulated into a public network VLAN tag, and then the double-tagged
frame goes through the backbone network, providing a simple 2-layer VPN tunnel for the
subscriber. The ZXR10 5960 implements static configuration for QinQ. QinQ involves two
VLAN types:
l Service VLAN (SVLAN)
l Customers VLAN (CVLAN)
The ZXR10 5960 supports traditional SVLAN configuration and VFP-based SVLAN
configuration. The latter can implement traffic-type-based tagging.
PVLAN
All the servers are in the same subnet and can communicate only with their own gateway.
This is called private VLAN (PVLAN).
A PVLAN effectively guarantees data communication security for an access network by
connecting all subscribers to a default gateway and isolating them from each other. Ports
2-2

Chapter 2 Functions and Features
in the same VLAN cannot communicate with each. Subscribers in the same VLAN are not
affected by broadcast packets.
A PVLAN does not need protocol packet support, and can be implemented on the ZXR10
5960 by static configuration.
VLAN Translation
VLAN translation is an extended VLAN function. If a switch port is enabled with VLAN
translation, it is required that incoming data packets received on this port must be tagged
packets. VLAN translation uses "port number + vid in the tagged packet" as an index to
look up the VLAN table to obtain a new vid. Then, the packet is switched in the new VLAN.
Thus, VLAN-to-VLAN translation is implemented.
VLAN translation is implemented on the ZXR10 5960 by static configuration.
Super VLAN
VLAN aggregation divides VLANs into super VLANs and sub VLANs. Multiple VLANs
(called sub VLANs) are aggregated into one super VLAN, and all use the IP subnet and
default gateway IP address of the super VLAN.
2.1.3 Link Aggregation

Link aggregation means that physical links of the same type of transmission media and
the same transmission rate are bound together to obtain a logical link. Link aggregation
increases bandwidth and achieves traffic load sharing.
The ZXR10 5960 supports the aggregation of static and dynamic links for FE, GE, and
10 GE ports, as well as inter-device MAC-LAG link aggregation. Links aggregated on the
ZXR10 5960 to obtain a logical port called smartgroup, which can be used as a common
port.
Static Aggregation
Static port trunking allows multiple physical ports to be manually added to a trunk group
to obtain a logical port.
When configuring link aggregation on the ZXR10 5960, comply with the following
principles, which are also applicable to LACP:
l Up to 128 trunk groups can be configured, each of which contains up to 8 member
ports.
l A member port can be in access, trunk, or hybrid mode, and all the member ports
must be in the same mode.
LACP
The Link Aggregation Control Protocol (LACP) complies with the IEEE 802.3ad standard.
The LACP allows multiple physical ports to be aggregated into a trunk group to obtain a
2-3

logical port called smartgroup. The LACP automatically performs aggregation to achieve
the maximum bandwidth.
The ZXR10 5960 supports smartgroup configuration. Load sharing can be implemented
by the following means, which are also applicable to static aggregation:
l By source MAC address, VLAN, Ethertype, and incoming port
l By destination MAC address, VLAN, Ethertype, and incoming port
l By source and destination MAC addresses, VLAN, Ethertype, and incoming port
l By source IP address and source TCP or UDP port number
l By destination IP address and destination TCP or UDP port number
l By source and destination IP addresses and source and destination TCP or UDP port
numbers
MC-LAG
Besides machine frame link aggregation, the ZXR10 5960 also supports Multi-Chassis
Link Aggregation Group (MC-LAG) .
2.1.4 L2 Multicast
The ZXR10 5960 can implement layer-2 multicast and dynamically maintain a multicast
group that users dynamically join and leave.
IGMP Snooping
Based on the layer-2 multicast technology, the ZXR10 5960 supports the IGMP snooping
technology to effectively manage multicast group members, suppress multicast flooding in
a layer-2 network, and prevent unauthorized users from receiving multicast traffic.
If IGMP snooping is enabled on the ZXR10 5960, multicast packets are multicast to specific
ports on layer 2. If IGMP snooping is not enabled, multicast packets are broadcast to
all ports on layer 2. The ZXR10 5960 also supports MLDv1/v2-based MLD snooping to
implement smooth IPv4-to-IPv6 evolution.
IGMP Proxy
The ZXR10 5960 also supports the IGMP proxy function. Unlike IGMP snooping, which
obtains multicast information by listening to IGMP traffic, the IGMP proxy mechanism
blocks and processes the IGMP requests from terminal users, and forwards them to an
upper-layer router.
2.2 L3 Functions
IPv4 Routing Protocols
RIP
2-4

The Routing Information Protocol (RIP) is a distance-vector routing protocol based on the
local network. The RIP uses UDP packets to exchange RIP routing information. A protocol
packet to be transported is encapsulated into a UDP packet. The routing information in a
RIP packet contains the number of hops in a path from the source to a destination. Each
hop determines the route to the destination by the hop count. RFC has a limit on the hop
count. The maximum hop count is 15. Therefore, the RIP is applied to internal gateways
in small-size autonomous systems.
On the ZXR10 5960, the RIP has the following main functions:
l Sends and receives RIP packets according to the protocol, checks the correctness of
the packets, and performs certain identity verifications.
l Supports RIPV1/V2, plain text and MD5 authentication, and route redistribution.
l Uses split horizon and trigger update mechanisms to prevent routing loops and
shorten route convergence time.
l Supports protocol debugging.
OSPF
The Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) developed by
the IETF. The OSPF uses a link state routing and Shortest Path First (SPF) algorithms. The
OSPF is loop-free, which is of great significance for mesh networks or LANs connected
through multiple bridges. Each OSPF router maintains an identical database describing
the Autonomous System (AS)'s topology. The database is composed of each router's
partial state information, such as the router's available interfaces, neighbors, connected
networks, and external routing information of the AS.
On the ZXR10 5960, the OSPF has the following main functions:
l Employs a hierarchical network topology that is applicable to large interconnection
networks.
l Uses the dynamic routing algorithm Dijkstra to automatically and quickly trace network
topology changes.
l Supports display and configuration commands from the primary console,
SNMP-related command, display, and MIB variables.
l Supports routing protocol packet authentication, including simple password
authentication and MD5 authentication, to prevent routing protocol packets from
being illegally modified.
l Uses retransmission and confirmation mechanisms to guarantee the reliability of
link-state synchronization.
l Supports a variety of distance metric solutions, such as physical distance, delay, and
throughput.
l Supports stub area and NSSA functions
l Supports Area Border Routers (ABRs) and Autonomous System Border Routers
(ASBRs).
l Supports classless routing and route aggregation.
l Controls route re-distribution and filtering by a route map.
IS-IS
2-5

The Intermediate System-to-Intermediate System (IS-IS) intra-domain routing protocol

represents the OSI model for L3 switches. It can be applied to TCP/IP-based IP networks.
The IS-IS protocol is easy to extend for other protocols mainly IPv6. The IS-IS system
is divided into two layers: the backbone (L2) and areas (L1). An L3 switches can only
belong to one area. Ll switches know only topology of their own area. All the traffic to
other areas is sent through the closest L2 switch. L2 switches compose the backbone,
which is similar to the backbone area 0 in OSPF.
On the ZXR10 5960, the IS-IS has the following main functions:
l Supports L1/L2 address aggregation.
l Supports L1/L2 hierarchical routing and the ATT bit.
l Supports the three area addresses and smooth area address migration.
l Supports load balancing for the same destination.
l Supports plain-text authentication for an interface or area.
BGP
The Border Gateway Protocol (BGP) is an exterior gateway protocol. Its basic function is
to exchange loop-free routing information between multiple autonomous systems. The
information exchanged by the BGP carries rich attributes, which help to construct the
topology of ASs and implement AS-based routing policies. The routing information with
AS IDs can also help eliminate routing loops.
On the ZXR10 5960, the BGP has the following main functions:
l Applied to mass network application and backbone networks.
l Supports eBGP and IBGP.
l Supports the eBGP multi-hop technology.
l Supports the community and route reflector attributes.
l Supports AS alliance and route suppression.
l Supports MP-BGP.
l Supports MD5 authentication and route filtering.
l Supports route redistribution.
Policy Routing
Policy routing matches specific values in an IP packet to with a policy set by a network
management user. If the values satisfy the policy, the packet is forwarded according
to the route specified by the policy. Otherwise, the packet is forwarded according to a
conventional routing table.
The ZXR10 5960 implements ACL-based policy routing.
IPv6 Routing
The ZXR10 5960 supports the following IPv6 unicast routing features:
l Supports IPv6 neighbor discovery protocols to discover routers and prefixes, resolve
addresses, determine next-hops, redirect routes, and detect unreachable neighbors
and duplicate addresses, bringing more flexibility to node mobility.
2-6

l Supports the IPv6 MTU discovery protocol to dynamically identify the maximum
transmission unit (MTU) and ensure that the size of each packet sent by a node does
not exceed the MTU value.
l Supports IPv6 static routing.
l Supports the IPv6-based dynamic routing protocols RIPng, OSPFv3, ISISv6, and
BGP4+.
IPv4 to IPv6 Transition

The ZXR10 5960 provides multiple mechanisms for IPv4 to IPv6 transition. For example,
the dual-stack technology and various tunneling technologies, which are applicable to
different scenarios. The ZXR10 8900E supports the following features:
l Supports IPv4/IPv6 dual-stack coexistence.
l Supports manually configured tunnels.
l Supports 6to4 tunnels.
l Supports ISATAP tunnels.
L3 Multicast
The ZXR10 5960 supports the IGMPv2, IGMPv3, and MLDv1/v2 protocols, as well as
IPv4/v6-based PIM-DM and PIM-SM protocols, providing a complete set of multicast
solutions.
Controllable Multicast
The ZXR10 5960 supports a complete set of controllable multicast features. It implements
accurate control on multicast users by the functions of IGMP V1/V2/V3, IGMP Snooping,
IGMP Proxy, IGMP Fastleave, multicast VLAN, Channel Access Control (CAC) , and Call
Detail Record (CDR),
The ZXR10 5960 also provides the following customized controllable multicast
management functions to allow you to directly manage IPTV channels and subscribers:
l Channel access control
l Channel management
l Package management
l Preview configuration
l Preview template management
l CDR recording
l Uniform network management through MIB
The ZXR10 5960 provides these controllable multicast functions to allow the network
operator to accurately control their multicast services, perform overall subscriber
management, and flexibly deploy IPTV services.
2-7

MCE
The Multi-VRF CE (MCE) technology extends CE capabilities to support VRF functions.
Devices providing the MCE function are called MCE devices. The ZXR10 5960 supports
MCE configuration.
2.3 QoS
Basic QoS
As the IP network is evolving, more and more new services demand that the IP network
provide predictable as well as reliable transmission. Users demand that their network can
provide stable and high-performance services in any place and at any time.
Traffic engineering is intended for optimizing network performance. It can map traffic to
actual physical channels and meanwhile automatically optimize network resources to fulfill
the serviceability required by particular application. It is a network engineering technology
that allows both macro regulation and micro control.
At present the key to traffic engineering is load balancing and network recovery. IP traffic
engineering is to effectively implement the integration of the conventional best-effort IP
service and the QoS.
To fulfill the above objectives, the ZXR10 5960 provides the following functions:
Traffic Classification
Traffic means the packets sent through switches. Traffic classification is to classify the
packets according to particular characteristics. To achieve this purpose, you can use an
ACL, especially an extended ACL.
Packets can be classified by various ACL filtering options, such as source/destination IP
address, source/destination MAC address, IP protocol type, TCP source/destination port
number, UDP source/destination port number, DSCP, ToS, IP Precedence, VLAN ID, and
802.1p priority.
Traffic Policing
Traffic policing restricts the bandwidth for a specific service to reduce the impacts on other
services. Actions taken when the traffic exceeds a limit include:
l Dropping or forwarding the packet.

l Passing the packet through with a modification to the DSCP value.
l Passing the packet through with a modification to the drop priority (packets with a high
drop priority are dropped first when the queue is congested)
The ZXR10 5960 implements the Single Rate Three Color Marker (RFC2697) and (Two
Rate Three Color Marker) (RFC4115) functions. Both algorithms support Color-Blind mode
and Color-Aware mode.
Traffic Shaping
2-8

Traffic shaping controls the rate of outputted packets, so that all the packets are sent out
in an even rate. Through traffic shaping, packet rates can match downstream devices, so
that congestion and packet dropping can be avoided.
The ZXR10 5960 supports traffic shaping at two levels, namely, VLAN-based traffic
shaping and port-based traffic shaping. Thus, the system can implement multi-level traffic
control and ensure hierarchical QoS and management.
Congestion Avoidance
The ZXR10 5960 uses the RED/WRED method to avoid congestion and improve network
quality.
The ZXR10 5960 WRED can perceive services, including the IP precedence, DSCP,
and can set different early drop policies for the packets of different priorities, so that
differentiated drop features are provided to different services.
Queue Scheduling
Each physical port of the ZXR10 5960 supports eight output queues (numbered from 0 to
7), which are called CoS queues. According to the CoS corresponding to the 802.1p tag
in a packet, the ZXR10 5960 performs output queue operations on the ingress. In case of
network congestion, multiple packets compete for resources. This problem can be solved
by queue scheduling.
The ZXR10 5960 supports three queue scheduling methods. The eight output queues on
a port can use different scheduling methods.
l Strict priority (SP)
l Weighted round robin (WRR)
l Dynamic weighted round robin (DWRR)
The 802.1p tag contains packet priority information. If the packet entering a port does not
carry a 802.1p tag, a switch allocates a default 802.1p value to the packet.
Priority Tag
A priority tag re-assigns a set of service parameters to the particular traffic described in an
ACL. The following types of operations can be performed:
l Modifying the CoS queue of a packet and the 802.1p value
l Modifying the CoS queue of a packet, but keeping the 802.1p value unchanged
l Modifying the DSCP value of a packet
l Modifying the drop priority of a packet
Ethernet OAM
At present, the ZXR10 5960 supports the following Ethernet OAM standards:
l IEEE 802.3ah (Operations, Administration, and Maintenance-OAM)
l IEEE 802.1ag (Connectivity Fault Management-CFM)
The ZXR10 5960 supports Ethernet OAM functions that support the above mentioned
standards. The functions include Ethernet continuity test (ETH-CC), Ethernet loopback
(ETH-LB), Ethernet link tracing (ETH-LT), remote fault indication, and remote loopback.
2-9

2.4 Protection for Reliability

Equipment Protection
Power Module Protection
To satisfy telecom carriers' strict requirements for equipment reliability, the ZXR10 5960
provides a hot backup design for power supply, and supports 48 V DC and 220 V AC power
supply modes. power supply operates in 1+1 mode, Thus the reliability of the power supply
system is improved.
System Monitoring
The ZXR10 5960 satisfies carrier-class reliability requirements, and provides a whole set
of system monitoring approaches to reduce customers' maintenance costs and improve
equipment stability and reliability.
In terms of hardware, the ZXR10 5960 monitors ambient temperature, fan status, power
status. In terms of software, the ZXR10 5960 actively collects the information about
ambient temperature, fan status, power status. If a fault occurs or an index exceeds
its alarm threshold, the system raises an alarm and reports the fault. Alarm and fault
information can be periodically stored and uploaded to a specified server.
Network Detection Mechanisms

During network equipment operation, link failures, single-point failures, and connectivity
problems may occur. To discover all sorts of faults in the network in time, and provide
protective measures, the ZXR10 5960 provides a series of effective network detection
mechanisms. In addition to the detection techniques mentioned below, the ZXR10 5960
also supports many fault detection and locating methods such as UDLD, IP Ping, IP Trace,
MAC Ping, and MAC Trace.
BFD
The ZXR10 5960 supports the BFD of static routes, OSPF and other dynamic routes,
and VRRP to implement fast convergence. The ZXR10 5960 supports combining BFD
and FRR technologies to provide a fast fault detection mechanism and implement fast
rerouting.
OAM Detection
OAM provides rich detection methods (mainly the Ethernet OAM technology) for identifying
network faults. Through OAM packet detection, the system can detect the link status, node
status, and tunnel connectivity, and trigger protective switching when finding a fault.
SQA
The ZXR10 5960 supports ICMP-echo, ICMP-jitter, DNS, FTP, HTTP, UDP-jitter, SNMP
and TCP detection.
2-10

Intelligent Ethernet Protection

The ZXR10 5960 supports ZTE Ethernet Switch Ring (ZESR), ZTE Ethernet Smart Switch
(ZESS), and ZESR+, and provides ring network protection and dual-uplink link protection.
Layer 3 Routing Protection

The ZXR10 5960 supports the following layer 3 routing protection functions:
l Enhanced VRRP
l Route load sharing
FRR Protection
Supporting IP FRR
The switching speed of IP Fast ReRoute (IP-FRR) reaches 50 ms, which can minimize
data loss upon network failures. The IP FRR function computes backup routes in advance.
If an active route fails, the IP FRR function does not re-compute routes, but switch traffic
to a backup route. When the active route is restored to normal, the traffic is switched back
to the active route.
The ZXR10 5960 supports static routing, OSPF, IS-IS, and RIP fast rerouting. Thus traffic
can be quickly switched in one direction, which satisfies the switching time requirement of
services.
2.5 Security and Authentication

ACL
To filter data, a network device should be configured with a series of matching rules to
identify the objects to be filtered. After particular objects are identified, the device permits
or denies the passing of the corresponding data packets, depending on preset policies.
An Access Control List (ACL) can be used to implement these functions.
The ZXR10 5960 provides five types of ACLs:
l Link ACLs
l IPv4 ACLs
l IPv4 mixed ACLs
l IPv6 ACLs
l IPv6 mixed ACLs
Device Authentication
AAA
The ZXR10 5960 support Authentication, Authorization and Accounting (AAA). It can
not only authenticate and authorize a subscriber by with the assistance of hierarchical
command line protection, but also verify the validity of network management users in
2-11

network management. By using the AAA mechanism, the ZXR10 5960 can effectively
prevent illegal subscribers from logging in.
For different subscriber access authentication policies, the device provides perfect AAA
authentication and authorization functions. According to different access authentication
requirements, you can configure different access authentication policies to perform
authentication and authorization on subscribers selectively.
The AAA supports three subscriber authentication modes:
l Local account verification
l Remote Authentication Dial-In User Service (RADIUS) verification
l Terminal Access Controller Access Control System (TACACS+) verification
The AAA supports four authorization modes:
l Direct authorization: Subscribers are trusted and directly authorized.
l Local account authorization: Authorizes subscribers according to the locally
configured accounts.
l TACACS+ authorization: TACACS+ can separate authorization from authentication.
The TACACS+ server performs subscriber authorization.
l Authorization after successful RADIUS authentication: The RADIUS protocol does
not allow the separation of authentication and authorization.
SSH
The Secure Shell (SSH), drafted by the IETF, is a security protocol established on the
application and transport layers. The SSH is a reliable protocol that provides security
particularly for remote login sessions and other network services. The SSH protocol can
effectively prevent information leakage during remote management. Through the SSH
protocol, data can be encrypted before transmission, and thus intermediary attacks can
be avoided.
The SSH supports two authentication modes:
l Password-based security verification
l Key-based security verification
The ZXR10 5960 supports SSHv2 security verification.
Hierarchical Commands
The ZXR10 5960 implements authority-based hierarchical command management. Up
to 16 command authority levels are supported. Different login subscribers are bound
to different authority levels. The lower the level, the less commands the subscriber is
allowed to use. The administrator, who has the highest authority level, can set different
authority levels for commands, and thus customized command authority configuration is
implemented.
Access Security
802.1x
The ZXR10 5960's 802.1X module performs the following functions:
2-12

l Supports the authenticator's functions.

l Supports local authentication.
l Supports that the authenticator PAE sends or receives EAPOL frames through an
uncontrolled port.
l Supports manipulating a controlled port by using AuthControlledPortControl
parameter values including ForceUnauthorized, Auto, and ForceAuthorized.
l Supports manipulating a controlled port by using both AdminControlledDirections and
OperControlledDirextions parameters.
l Supports periodic re-authentication for a supplicant according to a re-authentication
timer.
l Supports transparent transmission of 802.1x authentication packets when
authentication is not required.
DHCP
The ZXR10 5960 supports DHCPv4 server, DHCPv4/v6 relay, DHCPv4/v6 snooping, and
DHCP option82 functions.
IP source guard
By establishing the binding relations between a port and a VLAN, MAC address, or IP
address, an IP source guard checks the packet source and allows traffic satisfying specific
conditions to pass, and thus packet security control is implemented. The IP source guard
establishes a binding table in either of the following forms:
l Static binding
l Dynamic binding
The ZXR10 5960 supports IPv4-based and IPv6-based IP Source Guard function.
DAI
Dynamic ARP Inspection (DAI) sends ARP packets up to a CPU for processing. After
determining that the ARP packet is legal or not, the CPU forwards or drops it.
Network Security
The ZXR10 5960 implements network-based security protection, and every module has the
security checking function. In the ZXR10 5960, network security functions are as follows:
l Prevents subscriber ARP snooping.
l Supports MAC address flood protection, which restricts the number of MAC
addresses.
l Sets broadcast packet thresholds on a port.
l Filters layer 2, 3 and 4 ACLs together.
l Filters routes.
l Forbids ICMP redirection to prevent an attacker from sending fake ICMP packets.
l Prevents CPU attacks, provides protocol packet protection, distributes different
hardware CPU queues to protocol packets, sets priorities, limit rates, performs QoS
such as WRED, and protects CPU.
2-13

l Prevents DoS attacks by hardware queues, and supports preventing land | null-scan
| ping-of-death | smurf | sys-fin | syn-port-less-1024 | xma-scan | ping-flood | syn-flood
attacks (for ping-flood | syn-flood, rate limiting is supported).
l Prevents IPv4 URPF source address spoofing.
l Supports automatic broadcast storm suppression.
l Supports control/signaling MD5 authentication.
l Supports DHCP snooping.
l Supports DHCP snooping-based IP Source guard and DAI.
l Supports IPv6 ND security.
DDoS Attack Prevention
As the network environment becomes more and more complicated, switches are facing the
demand for higher attack prevention capabilities. There are many methods and policies
for DDoS attack prevention. CPU protection is one of the major methods.
The ZXR10 5960's DDoS attack prevention supports most L2 and L3 protocols. L2
protocols mainly include some STP and MSTP packets, as well as layer 2 ring network
packets of switches. L3 protocols mainly includes the IPv4 and IPv6 protocols.
l IPv4 protocols: OSPF, PIM, IGMP, VRRP, ICMP, ARPREPLY, ARPREQUEST,
GROUP MNG, VBASE, VRRP ARP, DHCP, RIP, BGP, Telnet, LDP_TCP, LDP_UDP,
TTL, BPDU, SNMP, MSDP, and RADIUS.
l IPv6 protocols: MLD, ND, ICMP6, BGP4+, RIPNG, OSPFv3, LDPTCP6, LDPUDP6,
Telnet6, and PIM6.
The ZXR10 5960 expands hierarchical CPU protection based on regular CPU protection.
Hierarchical CPU protection includes hardware, software, and protocol stack protection.
The ZXR10 5960 also prevents DDoS attacks by limiting MAC address learning, limiting
the port flow rate, and multi-layer ACL filtering.
uRPF
The ZXR10 5960 supports strict, loose, and loose-ingoring-default-route Unicast Reverse
Path Forwarding (uRPF).
l Strict uRPF means that a packet is dropped if the egress found according to the source
address does not exactly match the ingress, or is handled properly otherwise.
l Loose uRPF means that the packet is handled normally if a route is found according
to the source address and the default route's egress is consistent with the ingress, or
is dropped otherwise.
l Loose-ingoring-default-route uRPF means that the packet is handled normally if a
route is found according to the source address and it is not the default route, or is
dropped otherwise.
ND Security
The ZXR10 5960 supports the configuration of trusted switch ports, trusted switch
addresses, and ND learning quantity limit. It supports ND snooping-based ND packet
filtering by configuring a static binding relation between a port and a VLAN, IP address, or
2-14

MAC address. It can also detect ND packets based on DHCPv6 snooping entries, allow
legal packets to pass, so that network risks are minimized.
2.6 Network Traffic Analysis

The ZXR10 5960 supports mainstream network traffic analysis technologies including IETF
standard IPFIX and sflow.
2-15

2-16

Chapter 3
Technical Specifications
Basic Specifications
For the basic features and physical specifications of the ZXR10 5960, refer to Table 3-1
and Table 3-2.
Table 3-1 Basic Features and Physical Specifications of the Device (1)
Description
ZXR10 5960- ZXR10 5960-

Attribute ZXR10 ZXR10
64DL/ZXR10 32DL/ZXR10
5960–72DL-H 5960–64DL-H
5960-64DL-L 5960-32DL-L
Phys- Dimensions 43.6 mm (H)×442 mm (W)× 440 mm (D)

ical (H × W × D)
Pa-
rame-
ters
AC power supplies: 100 V–127 AC power supplies: 100 V–240 V, 50

V/240 V, 50 Hz–60 Hz, and 240 V Hz–60 Hz, and 240 V high voltage
Power Supply
high voltage DC input. DC input.
DC power supplies: -38 V–57 V DC power supplies: -38 V–57 V
Operating Long-term operating temperature: -5 ℃–45 ℃

Envi- temperature Short-term operating temperature: -5 ℃–55 ℃
ron-
Storage -40℃–70℃
ment
temperature
Re-
quire- Operating Relative humidity: 10%–90%, noncondensing
ments environment
temperature
Table 3-2 Basic Features and Physical Specifications of the Device (2)
Description
Attribute ZXR10 5960- ZXR10 5960- ZXR10 5960- ZXR10 5960-
52DU-H 32LC-H 72NL-H 64NL-H
Phys- Dimensions 43.6 mm (H)×442 mm (W)× 440 mm (D)

ical (H × W × D)
3-1

Description
Attribute ZXR10 5960- ZXR10 5960- ZXR10 5960- ZXR10 5960-
52DU-H 32LC-H 72NL-H 64NL-H
Pa-
Weight (full ≤9.0 kg
rame-
configuration)
ters
Po- AC power supplies: 100 V–127 V/240 V, 50 Hz–60 Hz, and 240 V high voltage DC input.
wer DC power supplies: -38 V–72 V
Sup-
ply
Operating Long-term operating temperature: -5 ℃–45 ℃

Envi- temperature Short-term operating temperature: -5 ℃–55 ℃
ron-
Storage -40℃–70℃
ment
temperature
Re-
quire- Operating Relative humidity: 10%–90%, noncondensing
ments environment
temperature
System Functions and Features

l L2 features
For L2 features of the ZXR10 5960, refer to Table 3-3.
Table 3-3 L2 Features
Attribute Description
VLAN Supports port-based, protocol-based, and subnet-based VLANs.

Supports VLAN translation.
Supports PVLAN.
Supports super VLAN.
QinQ Supports QinQ-based forwarding.

Supports normal QinQ and port-based outer labels.
Supports selective QinQ and stream-based outer labels.
Supports selective QinQ inner priority mapping.
L2
Supports TPID modification.
features
MAC Supports MAC address learning, aging, and solidifying.
Supports static MAC address setting.
Supports MAC address attack protection.
Supports MAC address binding.
Link Supports static link aggregation.

aggregation Supports dynamic LACP.
Supports stream-based load balancing
Supports inter-rack link aggregation.
3-2

Chapter 3 Technical Specifications
Port features Supports loopback detections.

Supports broadcast, multicast, and unknown unicast storm
suppression.
Supports layer 2 protocol protection and jumbo frame protection.
Supports port flow control.
Support 1-minute peak statistics.
ARP Supports static ARP configuration.

Supports dynamic ARP learning and aging.
Supports ARP agent.
Supports ARP anti-attack protection.
STP Supports STP, RSTP, and MSTP.

Supports BPDU protection.
MIRROR Supports ingress mirroring, egress mirroring, 1-to-many, many-to-1,

and many-to-many mirroring, stream mirroring, and CPU mirroring.
Supports RSPAN and ERSPAN.
Ethernet Supports IEEE 802.1ag.

OAM Supports IEEE 802.3ah.
l L3 features
For the L3 features of the ZXR10 5960, refer to Table 3-4.
Table 3-4 L3 Features
IPv4 unicast Supports IPv4 unicast static routing.

routing Supports RIPv1/v2, OSPFv2, IS-IS, and BGP-4.
Supports policy routing and routing policies.
Supports VRRP.
Supports URPF.
L3
Supports ECMP.
features
IPv6 unicast Supports the ND protocol, ND protocol protection, and IPv6 path
routing MTU.
Supports IPv6 static routing.
Supports RIPng, OSPFv3, IS-ISv6, and BGP4+.
Supports 6to4, 6in4, and ISATAP tunnels.
l Multicast features
For the multicastfeatures of the ZXR10 5960, refer to Table 3-5.
3-3

Table 3-5 Multicast Features
L2 multicast Supports IGMP Snooping/proxy.

Supports IGMP rate limit and IGMP rate filter.
Supports MLD snooping.
Multicast Supports PIM snooping
features Supports inter-VLAN multicast duplication.
L3 multicast Supports static multicast.

Supports IGMPv1/v2/v3 and MLDv1/v2.
Supports PIM-SM, PIM-DM, and MSDP.
l QoS features
For the QoS features of the ZXR10 5960, refer to Table 3-6.
Table 3-6 QoS Features
Traffic Supports traffic classification by physical port.

classification Supports traffic classification by physical port and ACL.
Packet Supports 802.1p priority, IP Precedence, IP DSCP and IP TOS

re-tagging re-tagging.
Supports double-layer label mapping.
Traffic Supports incoming port CAR.

policing Supports stream-based CAR.
QoS Supports incoming/outgoing traffic policing.
features Supports re-tagging after traffic policing.
Congestion Supports stream-based bandwidth control.

control Supports RED and WRED.
Queue Supports up to eight priority queues, each of which supports

scheduling minimum/maximum bandwidth management.
Supports SP, WRR, SP+WRR, and WDRR scheduling.
Traffic Supports port-based traffic shaping.

shaping Supports VLAN-based traffic shaping.
l Service management features

For the service management features of the ZXR10 5960, refer to ZXR10 5960Table
3-7.
3-4

Chapter 3 Technical Specifications
Table 3-7 Service Management Features
Supports IEEE 802.1x, 802.1x Relay, 802.1x RADIUS accounting,

and forcing subscribers to get offline.
Supports AAA authentication.
Supports hierarchical subscriber management.
Service management
Supports IPTV management (CAC, CDR, and UMS).
Supports DHCPv4/v6 Server, DHCP v4/v6 Relay, and DHCP v4/v6
Snooping.
Supports DHCP OPTION 82.
l Security features
For the security features of the ZXR10 5960, refer to Table 3-8.
Table 3-8 Security Features
Attack Supports DOS attack prevention.

prevention Supports BPDU attack prevention.
Supports CPU protection.
Supports ARP attack prevention.
Supports MAC address flood protection.
Supports IPv4 uRPF.
Supports hierarchical command protection.
Supports abnormal and error packet protection.
Supports SYN FLOOD attack prevention.
Supports PING FLOOD attack prevention.
Supports Ping of Death attack prevention.
Security Supports SNMP attack prevention.
features Supports fake source IP address attack prevention.
Supports ARP spoofing.
CPU Supports protocol priority processing configuration.

security Supports protocol protection.
protection Supports filtering the packets sent to a CPU.
Advanced Supports data log monitoring.

security Supports automatic suppression of broadcast storms.
features Supports filtering layer 2, 3 and 4 ACLs together.
Supports control/signaling MD5 authentication.
Supports IP source guard/DAI.
Supports ND security.
l O&M features
For the O&M features of the ZXR10 5960, refer to ZXR10 5960Table 3-9.
3-5

Table 3-9 O&M Features
O&M Supports the command line function.

Supports hierarchical management authority.
Supports password aging and confirmation.
Supports control console management.
Supports subscriber access service management.
Supports remote access by SSH, TELNET, or SNMP, and the
FTP/TFTP function.
Supports various alarms (sound or light).
Supports the ZXNM01 unified network management system.
Supports CLI and hierarchical network management.
Supports subscriber access control.
Supports storage and restoration configuration.
O&M
Supports log management, Syslog, and REMON functions.
Supports time management and NTP functions.
Supports IPv6 equipment management.
Supports basic MIB functions.
Supports traffic statistics.
Cluster LLDP/ZTP/ZDP.
manage-
ment
Traffic IPFIX, SFlow.

analysis
OAM Supports Ethernet OAM.
3-6

Chapter 4
Operation and Maintenance
Table of Contents
NetNumen U31 Unified Network Management Platform .............................................4-1
Maintenance and Management ..................................................................................4-2
4.1 NetNumen U31 Unified Network Management

Platform
With the development of all-IP technologies, the telecommunication industry is confronted
with great changes towards the mainstream trend for broadband, mobility, and
convergence. The all-IP network architecture requires that the existing operation and
management be transformed from vertical to horizontal direction. Thus, operation costs
can be reduced and O&M efficiency can be improved.
Faced with the future network development trend, ZTE releases the unified network
management platform NetNumen™ U31, and the sub-product NetNumen™ U31 (BN)
implements unified management for all bearer network devices. The U31 not only
provides multi-domain device management, but implements the convergence of element
layer management and network layer management, breaking through the vertical
management model and satisfying flat management requirements.
Networking Mode
Between the NetNumen U31 and the ZXR10 5960, in-band or out-band management can
be implemented.
l In-band management
In-band management means that network management information can be

transferred in the same channel as service information, without the need to establish
an extra DCN network. The NetNumen U31 need only be connected to a neighbor
network device and configured with SNMP parameters.
In-band management is flexible and does not need extra investment. However,
network management information occupies the service bandwidth, and thus service
quality may be affected.
l Out-band management
Out-band management means that network management information is separately
transferred in a network management network and an extra DCN network is needed.
The NetNumen U31 system is connected to the out-band management port of the
4-1

ZXR10 5960, and thus network management information and service information are
separately transferred.
Out-band management allows network management information to be transferred
more reliably, even if the service channel is interrupted. However, to build a separate
network management network is restricted by region and needs extra investment.
NetNumen U31
The NetNumen™ U31 (BN) is a unified management platform for all bearer network
devices of ZTE. It implements integrated management of transmission, wavelength
division, PTN, and IP devices (routers and switches). The U31 is located on the network
element management layer or subnet management layer, and is a new-generation
network management system. It provides powerful functions for managing the network
element layer and network layer.
The NetNumen™ U31 (BN) uses distributed, multi-process, and modular design to
manage all-series bearer network devices. The U31 provides configuration, fault,
performance, maintenance, path, security, system, and report management functions.
It guarantees device stability, and implements management and control on network
elements and regional networks.
The system uses various network management technologies, and is designed and
developed based on the TMN concept of ITU-T and industry-leading experience in
network management software development. It provides powerful management functions
and flexible networking capability. The U31 system provides the following functions for
the ZXR10 5960:
l Fault management: Guarantees stable network operation.
l Performance management: Helps users to fully understand the network service
status.
l Resource management: Helps users to use network resources properly.
l View management: Presents network operation status clearly.
l Configuration management: Helps users to deploy services quickly.
l Security management: Guarantees network security.
l Northbound interface: Helpful for integration.
4.2 Maintenance and Management

Various Configuration Modes
The ZXR10 5960 provides various device login and management configuration modes,
which allow users to choose proper connection configuration modes according to their
scenarios, and thus devices can be maintained more easily.
l Serial connection configuration
Serial connection configuration uses the VT100 terminal method, and the
hyperterminal tool provided by the Windows operating system can be used for
4-2

Chapter 4 Operation and Maintenance
configuration. If the device is bare or without configuration or connection, this

connection configuration mode must be selected.
l Telnet connection configuration
à Telnet to the management Ethernet port (10/100/1000Base-T) on a Telnet main
control board to configure the switch.
à On a VLAN interface, configure the IP address, set the username and password,
and telnet to the IP address of the VLAN interface to configure the switch.
When a user remotely logs into the device and communicates with the device properly,
this connection configuration mode can be selected.
l SSH connection configuration

On the ZXR10 5960, enable the SSH server function, and use the SSH client software
to connect the IP address of the VLAN interface or management Ethernet port to
configure the switch in a more secure way. If the user requires secure remote login,
this connection mode can be selected.
l SNMP connection configuration

The back-end network management server acts as the SNMP server, and the
front-end ZXR10 5960 acts as the SNMP client. The front end and back end share
the same MIB, and use the network management software to manage and configure
the ZXR10 5960. This connection configuration mode helps users to effectively
manage and configure network devices by using network management software.
Monitoring and Maintenance

The ZXR10 5960 provides various methods for monitoring, manage, and maintain devices,
so that the devices can be handled properly in case of exceptions and users can learn all
the parameters about the device operation.
Device Monitoring
l The device and power modules have indicators, which show the operational status of
devices.
l The hot swapping events of power modules and fan modules are recorded for users
to review.
l Alarm prompts are generated when the fans, power supplies, or temperature is
abnormal.
l Environment temperature is automatically monitored during system operation, and
temperature control and message alarm functions are provided.
l Software operation is monitored by the system, and alarms are printed or devices are
automatically reset and restarted when a fault affects device operation.
Management and Maintenance
l Command lines provide flexible online help.

l Hierarchical user authority management and hierarchical commands are provided.
4-3

l An information centers is supported to provide uniform management for logs, alarms,

and debugging information.
l Switch cluster management is supported, providing a uniform channel for managing
and maintaining different devices.
l The basic information about main control boards, interface boards, and optical mod-
ules can be queried through the CLI.
l A variety of information can be queried, including the version, component status,
ambient temperature, CPU, and memory usage.
l All information can be collected with one key, and command results can be displayed
on the device or outputted to a file. Hardware environment, software information,
version information, data configuration, real-time operational status, and protocol
information can be displayed and be automatically or manually outputted.
Diagnosis and Debugging
l Ping and TraceRoute: Checks whether a network connection is reachable, and
records the transmission path of data packets online as a reference for locating faults.
l Debugging: Every software feature provides rich debugging commands, each
of which supports multiple parameters that can be flexibly controlled. By using
debugging commands, users can output the processing, packet sending/receiving,
and error checking information about this feature.
l Mirroring: Supports interface-based mirroring, which means that the packets on the
observed interface in the incoming, outgoing, or both directions are duplicated to the
observing interface without any change. RSPAN and ERSPAN are supported for
remote port mirroring.
l OAM: Various OAM packets are used to detect the network condition and monitor
device, link, and network faults, helping users to quickly locate the faults.
l SQA: Various detection packets are sent to detect the online and operational statuses
of most applications and services.
Software Upgrade
The ZXR10 5960 provides software upgrade in normal and abnormal situations.
l Version upgrade when the system is abnormal: If a device cannot be started properly,
to upgrade the software version, a user can modify the BOOT mode and download
the latest version through the management Ethernet port.
l Version upgrade when the system is normal: If a device is normal, the software version
can be locally upgraded or remotely upgraded through the FTP.
File System Management

Overview
In the ZXR10 5960, software version files and configuration files are stored in a flash
memory. During software upgrade, configuration storage need flash operations.
4-4

Chapter 4 Operation and Maintenance
l Version upgrade when the system is abnormal: If a device cannot be started properly,
to upgrade the software version, the user can modify the BOOT mode and download
the latest version through the management Ethernet port.
l Version upgrade when the system operates properly: If a device operates properly,
the software version can be locally upgraded or remotely upgraded through FTP.
File System Operations
l File backup and recovery: The software version files, configuration files, and log files
on the ZXR10 5960 can be backed up to a back-end server through the FTP/TFTP,
or the backup files can be recovered from the server.
l File import and export: Files can be copied to a back-end host through the FTP/TFTP.
By exporting/importing the files, users can obtain alarm files and modify configuration
files.
4-5

4-6

Appendix A
Protocol and Standard
Compliance
The ZXR10 5960 complies with the following protocols and standards (They are changed
frequently, so the following are only for your reference.)
Ethernet Standards
For the Ethernet standards that the ZXR10 5960 complies with, refer to Table A-1.
Table A-1 Ethernet Standards
Standard No. Standard Name
RFC 0826 An Ethernet Address Resolution Protocol or

Converting Network Protocol Addresses to 48.bit
Ethernet Address for Transmission on Ethernet
Hardware
RFC 1042 A Standard for the Transmission of IP Datagrams

over IEEE 802 Networks
RFC 3069 VLAN Aggregation for Efficient IP Address

Allocation
RFC 5171 Cisco Systems UniDirectional Link Detection

(UDLD) Protocol
IEEE 802.1ab Station and Media Access Control Connectivity

Discovery
IEEE 802.1d Media Access Control (MAC) Bridges.

Specifies an architecture and protocol for the
interconnection of IEEE 802 LANs below the
MAC service boundary
IEEE 802.1q IEEE Standard for Local and Metropolitan Area

Networks: Virtual Bridged Local Area Networks
IEEE 802.1s The amendment to IEEE Std 802.1D: Multiple

Spanning Trees
IEEE 802.1t 802.1D Maintenance
IEEE 802.1w The amendment to IEEE Std 802.1D: Rapid

Reconfiguration
A-1

IEEE 802.1ap Management Information Base (MIB) definitions

for VLAN Bridges
IEEE 802.2 IEEE Standards for Local Area Networks: Logical

Link Control (LLC)
IEEE 802.3 IEEE Standards for Local Area Networks: Carrier

Sense Multiple Access with Collision Detection
(CSMA/CD) Access, Method and Physical Layer
Specifications
IEEE 802.3ad Link Aggregation Control Protocol
IEEE 802.3ae 10 Gbit/s Ethernet Standard
IEEE 802.3af PoE(Power-over-Ethernet)
IEEE 802.3ag Connectivity Fault Management
IEEE 802.3ah Ethernet First Mile
IEEE 802.3z Gigabit fiber
IP Standards
For the IP standards that the ZXR10 5960 complies with, refer to Table A-2.
Table A-2 IP Standards
RFC 791 Internet Protocol
RFC 1122 Requirements for Internet Hosts - Communication

Layers
RFC 1812 Requirements for IP Version 4 Routers
RFC 1981 Path MTU Discovery for IP version 6
RFC 2292 Advanced Sockets API for IPv6
RFC 2373 IP Version 6 Addressing Architecture
RFC 2374 An IPv6 Aggregatable Global Unicast Address

Format
RFC 2375 IPv6 Multicast Address Assignments
RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
RFC 2461 Neighbor Discovery for IP Version 6 (IPv6)
RFC 2462 IPv6 Stateless Address Autoconfiguration
RFC 2464 Transmission of IPv6 Packets over Ethernet

Networks
RFC 2472 IP Version 6 over PPP
A-2

Appendix A Protocol and Standard Compliance
RFC 3306 Unicast-Prefix-based IPv6 Multicast Addresses
RFC 4193 Unique Local IPv6 Unicast Addresses
UDP Standards
For the UDP standards that the ZXR10 5960 complies with, refer to Table A-3.
Table A-3 UDP Standards
RFC 0768 User Datagram Protocol
TCP Standards
For the TCP standards that the ZXR10 5960 complies with, refer to Table A-4.
Table A-4 TCP Standards
RFC 0793 TRANSMISSION CONTROL PROTOCOL
RFC 2001 TCP Slow Start, Congestion Avoidance,Fast

Retransmit, and Fast Recovery Algorithms
RFC 2385 Protection of BGP Sessions via the TCP MD5

Signature Option
RFC 2581 TCP Congestion Control
RFC 2988 Computing TCP's Retransmission Timer
RFC 4987 TCP SYN Flooding Attacks and Common

Mitigations
ICMP Standards
For the ICMP standards that the ZXR10 5960 complies with, refer to Table A-5.
Table A-5 ICMP Standards
RFC 0792 Internet Control Message Protocol
RFC 2463 Internet Control Message Protocol (ICMPv6)

for the Internet Protocol Version 6 (IPv6)
Specification
RFC 4950 ICMP Extensions for Multiprotocol Label

Switching
SOCKET Standards
For the SOCKET standards that the ZXR10 5960 complies with, refer to Table A-6.
A-3

Table A-6 SOCKET Standards
RFC 2553 Basic Socket Interface Extensions for IPv6
Tunneling Standards
For the tunneling standards that the ZXR10 5960 complies with, refer to Table A-7.
Table A-7 Tunneling Standards
RFC 2473 Generic Packet Tunneling in IPv6 Specification
RFC 2784 Generic Routing Encapsulation (GRE)
RFC 2890 Key and Sequence Number Extensions to GRE
RFC 2893 Transition Mechanisms for IPv6 Hosts and

Routers
RFC 3056 Connection of IPv6 Domains via IPv4 Clouds
RFC 4214 Intra-Site Automatic Tunnel Addressing Protocol
SSH Standards
For the SSH standards that the ZXR10 5960 complies with, refer to Table A-8.
Table A-8 SSH Standards
RFC 4250 The Secure Shell (SSH) Protocol Assigned

Numbers
RFC 4251 The Secure Shell (SSH) Protocol Architecture
RFC 4252 The Secure Shell (SSH) Authentication Protocol
RFC 4253 The Secure Shell (SSH) Transport Layer Protocol
RFC 4254 The Secure Shell (SSH) Connection Protocol
RFC 4255 Using DNS to Securely Publish Secure Shell

(SSH) Key Fingerprints
RFC 4256 Generic Message Exchange Authentication for

the Secure Shell Protocol (SSH)
RFC 4335 The Secure Shell (SSH) Session Channel Break

Extension
RFC 4344 The Secure Shell (SSH) Transport Layer

Encryption Modes
RFC 4345 Improved Arcfour Modes for the Secure Shell

(SSH) Transport Layer Protocol
A-4

RFC 4419 Diffie-Hellman Group Exchange for the Secure

Shell (SSH) Transport Layer Protocol
RFC 4432 RSA Key Exchange for the Secure Shell (SSH)
Transport Layer Protocol
RFC 4462 Generic Security Service Application Program

Interface (GSS-API) Authentication and Key
Exchange for the Secure Shell (SSH) Protocol
RFC 4716 The Secure Shell (SSH) Public Key File Format
RFC 4742 Using the NETCONF Configuration Protocol over

Secure SHell (SSH)
RFC 4819 Secure Shell Public Key Subsystem
draft-ylonen-ssh-protocol-00 The SSH (Secure Shell) Remote Login Protocol
draft-ietf-secsh-architecture-14 SSH Protocol Architecture
draft-ietf-secsh-assignednumbers-05-from-04.diff SSH Protocol Assigned Numbers
SFTP Standards
For the SFTP standards that the ZXR10 5960 complies with, refer to Table A-9.
Table A-9 SFTP Standards
draft-ietf-secsh-filexfer-13 SSH File Transfer Protocol
RIP Standards
For the RIP standards that the ZXR10 5960 complies with, refer to Table A-10.
Table A-10 RIP Standards
RFC 1058 Routing Information Protocol (RIP)
RFC 1722 RIP Version 2 Protocol Applicability Statement
RFC 1724 DRAFT STANDARD
RFC 1923 RIPv1 Applicability Statement for Historic Status
RFC 2080 RIPng support
RFC 2081 RIPng Protocol Applicability Statement
RFC 2453 RIP Version 2
OSPF Standards
For the OSPF standards that the ZXR10 5960 complies with, refer to Table A-11.
A-5

Table A-11 OSPF Standards
RFC 1131 OSPF specification
RFC 1242 OSPF specification Benchmarking terminology

for network interconnection devices
RFC 1245 OSPF Protocol Analysis
RFC 1246 Experience with the OSPF Protocol
RFC 1247 OSPF Version 2
RFC 1248 OSPF Version 2 Management Information Base
RFC 1364 BGP OSPF Interaction
RFC 1370 Applicability Statement for OSPF
RFC 1584 Multicast Extensions to OSPF
RFC 1585 MOSPF: Analysis and Experience
RFC 1586 Guidelines for Running OSPF Over Frame Relay

Networks
RFC 1587 The OSPF NSSA Option
RFC 1765 OSPF Database Overflow
RFC 1793 Extending OSPF to Support Demand Circuits
RFC 2154 OSPF with Digital Signatures
RFC 2329 OSPF Standardization Report
RFC 2370 The OSPF Opaque LSA Option
RFC 2676 QoS Routing Mechanisms and OSPF Extensions
RFC 2740 OSPF for IPv6 (OSPFv3)
RFC 2844 OSPF over ATM and Proxy-PAR
RFC 3101 The OSPF NSSA Option
RFC 3137 OSPF Stub Router Advertisement
A-6

RFC 3509 Alternative Implementations of OSPF Area

Border Routers
RFC 3623 OSPF Graceful Restart
RFC 3630 Traffic Engineering Extensions to OSPF
RFC 3883 Detecting Inactive Neighbors over OSPF Demand

Circuits (DC)
RFC 4061 Benchmarking Basic OSPF Single Router Control

Plane Convergence
RFC 4062 OSPF Benchmarking Terminology and Concepts
RFC 4063 Considerations When Using Basic OSPF

Convergence Benchmarks
RFC 4136 OSPF Refresh and Flooding Reduction in Stable

Topologies
RFC 4167 Graceful OSPF Restart Implementation Report
RFC 4222 Prioritized Treatment of Specific OSPF Version 2

Packets and Congestion Avoidance
RFC 4552 Authentication/Confidentiality for OSPFv3
RFC 4577 OSPF as the Provider/Customer Edge Protocol

for BGP/MPLS IP Virtual Private Networks
(VPNs)
RFC 4811 OSPF Out-of-Band Link State Database (LSDB)

Resynchronization
RFC 4812 OSPF Restart Signaling
RFC 4813 OSPF Link-Local Signaling
RFC 4915 Multi-Topology (MT) Routing in OSPF
RFC 4940 IANA Considerations for OSPF
RFC 4970 Extensions to OSPF for Advertising Optional

Router
RFC 5340 OSPF for IPv6 (OSPFv3)
RFC 5643 Management Information Base for OSPFv3
BGP Standards
For the BGP standards that the ZXR10 5960 complies with, refer to Table A-12.
A-7

Table A-12 BGP Standards
RFC 1265 BGP Protocol Analysis
RFC 1266 Experience with the BGP Protocol
RFC 1321 The MD5 Message-Digest Algorithm
RFC 1772 Application of the Border Gateway Protocol in the

Internet
RFC 1773 Experience with the BGP-4 protocol
RFC 1774 BGP-4 Protocol Analysis
RFC 1930 Guidelines for creation, selection, and registration

of an Autonomous System (AS)
RFC 1997 BGP Community Attribute
RFC 1998 An Application of the BGP Community Attribute

in Multi-home Routing
RFC 2270 Using a Dedicated AS for Sites Homed to a

Single Provider
RFC 2385 Protection of BGP Sessions via the TCP MD5

Signature Option
RFC 2439 BGP Route Flap Damping
RFC 2519 A Framework for Inter-Domain Route Aggregation
RFC 2545 BGP support IPV6
RFC 2918 Route Refresh Capability for BGP-4
RFC 3107 Carrying Label Information in BGP-4
RFC 3562 Key Management Considerations for the TCP

MD5 Signature Option
RFC 4271 A Border Gateway Protocol 4 (BGP-4)
RFC 4272 BGP Security Vulnerabilities Analysis
RFC 4273 Definitions of Managed Objects for BGP-4
RFC 4274 BGP-4 Protocol Analysis
RFC 4275 BGP-4 MIB Implementation Survey
RFC 4276 BGP 4 Implementation Report
RFC 4277 Experience with the BGP-4 Protocol
RFC 4360 BGP Extended Communities Attribute
RFC 4364 BGP/MPLS IP Virtual Private Networks
A-8

RFC 4365 Applicability Statement for BGP/MPLS IP Virtual

Private Networks (VPNs)
RFC 4382 MPLS/BGP Layer 3 Virtual Private Network

(VPN) Management information Base
RFC 4451 BGP MULTI_EXIT_DISC (MED) Considerations
RFC 4456 BGP Route Reflection: An Alternative to Full

Mesh Internal BGP (IBGP)
RFC 4486 Subcodes for BGP Cease Notification Message
RFC 4724 Graceful Restart Mechanism for BGP
RFC 4760 Multiprotocol Extensions for BGP-4
RFC 4781 Graceful Restart Mechanism for BGP with MPLS
RFC 4798 Connecting IPv6 Islands over IPv4 MPLS using

IPv6 Provider Edge Routers (6PE)
RFC 5065 Autonomous System Confederations for BGP
RFC 5492 Capabilities Advertisement with BGP-4
IS-IS Standards
For the IS-IS standards that the ZXR10 5960 complies with, refer to Table A-13.
Table A-13 IS-IS Standards
RFC 1142 OSI IS-IS Intra-domain Routing Protocol
ISO 10589 IS-IS intra-domain routing protocol
RFC 1195 Use of OSI Is-Is for Routing in TCP/IP and Dual
nvironments
RFC 2104 HMAC: Keyed-Hashing for Message

Authentication
RFC 2973 Support IS-IS Mesh Groups
RFC 3258 Distributing Authoritative Name Servers via

Shared Unicast Addresses
RFC 3277 IS-IS Transient Blackhole Avoidance
RFC 3359 Reserved Type, Length and Value (TLV)

Codepoints in Intermediate System to
Intermediate System
RFC 3719 Recommendations for Interoperable Networks

using IS-IS
A-9

RFC 3787 Recommendations for Interoperable IP Networks

using IS-IS
RFC 4444 Management Information Base for Intermediate

System to Intermediate System (IS-IS)
RFC 4972 Routing Extensions for Discovery of Multiprotocol

(MPLS) Label Switch Router (LSR) Traffic
Engineering (TE) Mesh Membership
RFC 5029 Definition of an IS-IS Link Attribute Sub-TLV
RFC 5120 M-ISIS: Multi Topology (MT) Routing in

Intermediate System to Intermediate Systems
(IS-ISs)
RFC 5130 A Policy Control Mechanism in IS-IS Using

Administrative Tags
RFC 5308 Routing IPv6 with IS-IS
RFC 5309 Point-to-Point Operation over LAN in Link State

Routing Protocols
RFC 5310 IS-IS Generic Cryptographic Authentication
Multicast Standards
For the multicast standards that the ZXR10 5960 complies with, refer to Table A-14.
Table A-14 Multicast Standards
RFC 1112 Host Extensions for IP Multicasting
RFC 2236 Internet Group Management Protocol, Version 2
RFC 2710 Multicast Listener Discovery (MLD) for IPv6
RFC 3376 Internet Group Management Protocol, Version 3
RFC 3446 Anycast Rendevous Point (RP) mechanism

using Protocol Independent Multicast (PIM) and
Multicast Source Discovery Protocol (MSDP)
RFC 3569 An Overview of Source-Specific Multicast (SSM)
RFC 3618 Multicast Source Discovery Protocol (MSDP)
RFC 3810 Multicast Listener Discovery Version 2 (MLDv2)

for IPv6
RFC 3956 Embedding the Rendezvous Point (RP) Address

in an IPv6 Multicast Address
A-10

RFC 3973 Protocol Independent Multicast - Dense

Mode(PIM-DM):Protocol Specification (Revised)
RFC 4541 Considerations for Internet Group Management

Protocol (IGMP) and Multicast Listener Discovery
(MLD) Snooping Switches
RFC 4601 Protocol Independent Multicast - Sparse Mode

(PIM-SM): Protocol Specification (Revised)
RFC 4604 Using Internet Group Management Protocol

Version 3 (IGMPv3) and Multicast Listener
Discovery Protocol Version 2 (MLDv2) for
Source-Specific Multicast
RFC 5059 Bootstrap Router (BSR) Mechanism for Protocol

Independent Multicast (PIM)
draft-rosen-vpn-mcast-8 Multicast in MPLS-BGP IP VPNs
MPLS Standards
For the MPLS standards that the ZXR10 5960 complies with, refer to Table A-15.
Table A-15 MPLS Standards
RFC 2205 Resource ReSerVation Protocol (RSVP) - Version

1 Functional Specification
RFC 2209 Resource ReSerVation Protocol (RSVP) - Version

1 Message Processing Rules
RFC 2210 The Use of RSVP with IETF Integrated Services
RFC 2702 Requirements for Traffic Engineering Over MPLS
RFC 2747 RSVP Cryptographic Authentication
RFC 2961 RSVP Refresh Overhead Reduction Extensions
RFC 3031 Multiprotocol Label Switching Architecture
RFC 3032 MPLS Label Stack Encoding
RFC 3037 LDP Applicability
RFC 3107 Support BGP carry Label for MPLS
RFC 3209 RSVP-TE Extensions to RSVP for LSP Tunnels
RFC 3210 Applicability Statement for Extensions to RSVP

for LSP-Tunnels
RFC 3215 LDP State Machine
A-11

RFC 3270 Multi-Protocol Label Switching (MPLS) Support

of Differentiated Services
RFC 3272 Overview and Principles of Internet Traffic

Engineering
RFC 3443 Time To Live (TTL) Processing in Multi-Protocol

Label Switching (MPLS) Networks
RFC 3469 Framework for Multi-Protocol Label Switching

(MPLS)-based Recovery
RFC 3478 Graceful Restart Mechanism for LDP
RFC 3479 Fault Tolerance for the Label Distribution Protocol

(LDP)
RFC 3612 Applicability Statement for Restart Mechanisms

for the Label Distribution Protocol (LDP)
RFC 4023 Encapsulating MPLS in IP or Generic Routing

Encapsulation (GRE) 2005-12-07
RFC 4090 Fast Reroute Extensions to RSVP-TE for LSP

Tunnels
RFC 4124 Protocol Extensions for Support of DS-TE
RFC 4125 Maximum Allocation Bandwidth Constraints

Model for Diffserv-aware MPLS Traffic
Engineering
RFC 4126 Max Allocation with Reservation Bandwidth

Constraints Model for Diffserv-aware MPLS
Traffic Engineering & Performance Comparisons
RFC 4127 Generalized MPLS Signaling - RSVP-TE

Extensions
RFC 4182 Removing a Restriction on the use of MPLS

Explicit NULL
RFC 4197 Requirements for Edge-to-Edge Emulation of

Time Division Multiplexed (TDM) Circuits over
Packet Switching Networks
RFC 4221 Multiprotocol Label Switching (MPLS)

Management Overview
RFC 4379 Detecting Multi-Protocol Label Switched (MPLS)

Data Plane Failures
RFC 4447 Pseudowire Setup and Maintenance Using the

Label Distribution Protocol (LDP)
A-12

RFC 4448 Encapsulation Methods for Transport of Ethernet

over MPLS Networks
RFC 4558 Node-ID Based Resource Reservation Protocol

(RSVP) Hello
RFC 4874 Exclude Routes - Extension to RSVP-TE
RFC 4905 Encapsulation Methods for Transport of Layer 2

Frames Over MPLS Networks
RFC 4906 Transport of Layer 2 Frames Over MPLS
draft-ietf-mpls-lsp-ping-version-09 Detecting Multi-Protocol Label Switched (MPLS)

Data Plane Failures
draft-ietf-ccamp-inter-domain-framework-04 Mechanisms for Inter-AS or Inter-Domain Traffic

Engineering
draft-minei-diffserv-te-multi-class-02 Extensions for Differentiated Services-aware

Traffic Engineered LSPs
LDP Standards
For the LDP standards that the ZXR10 5960 complies with, refer to Table A-16.
Table A-16 LDP Standards
RFC 3037 LDP Applicability
RFC 3215 LDP State Machine
RFC 3478 Graceful Restart Mechanism for LDP–GR helper
RFC 3479 Fault Tolerance for the Label Distribution Protocol

(LDP)
RFC 3612 Applicability Statement for Restart Mechanisms

for the Label Distribution Protocol (LDP)
RFC 4447 Pseudowire Setup and Maintenance Using the

Label Distribution Protocol (LDP)
RFC 4762 Virtual Private LAN Service (VPLS) Using Label

Distribution Protocol (LDP) Signaling
RFC 5036 LDP Specification
RFC 5037 Experience with the Label Distribution Protocol

(LDP)
RSVP-TE Standards
For the RSVP-TE standards that the ZXR10 5960 complies with, refer to Table A-17.
A-13

Table A-17 RSVP-TE Standards
RFC 2430 A Provider Architecture for Differentiated Services

and Traffic Engineering (PASTE)
RFC 2702 Requirements for Traffic Engineering over MPLS
RFC 3209 Extensions to RSVP for Tunnels
RFC 4090 Fast reroute Extensions to RSVP-TE for LSP

Tunnels
VPLS Standards
For the VPLS standards that the ZXR10 5960 complies with, refer to Table A-18.
Table A-18 VPLS Standards
RFC 4761 Virtual Private LAN Service (VPLS) Using BGP

for Auto-Discovery and Signaling
RFC 4762 Virtual Private LAN Service (VPLS) Using Label

Distribution Protocol (LDP) Signaling
RFC 4664 Framework for Layer 2 Virtual Private Networks

(L2VPNs)
RFC 4665 Service Requirements for Layer 2

Provider-Provisioned Virtual Private Networks
NTP Standards
For the NTP standards that the ZXR10 5960 complies with, refer to Table A-19.
Table A-19 NTP Standards
RFC 1305 Network Time Protocol (Version 3) Specification,

Implementation and Analysis
RFC 4330 Simple Network Time Protocol (SNTP) Version 4

for IPv4, IPv6 and OSI
IPV6 Standards
For the IPV6 standards that the ZXR10 5960 complies with, refer to Table A-20.
A-14

Table A-20 IPV6 Standards
RFC 1886 DNS Extensions to Support IP version 6
RFC 1887 An Architecture for IPv6 Unicast Address

Allocation
RFC 2374 An IPv6 Aggregatable Global Unicast Address

Format
RFC 2375 IPv6 Multicast Address Assignments
RFC 2452 MIB for TCP6
RFC 2454 MIB for UDP6
RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
RFC 2462 IPv6 Stateless Address Auto configuration
RFC 2463 Internet Control Message Protocol (ICMPv6)

for the Internet Protocol Version 6 (IPv6)
Specification
RFC 2464 Transmission of IPv6 Packets over Ethernet

Networks
RFC 2470 Transmission of IPv6 Packets over Token Ring

Networks
RFC 2473 Generic Packet Tunneling in IPv6 Specification
RFC 2529 Transmission of IPv6 over IPv4 Domains without

Explicit Tunnels
RFC 2893 Transition Mechanisms for IPv6 Hosts and

Routers
RFC 3056 Connection of IPv6 Domains via IPv4 Clouds
RFC 3363 Representing Internet Protocol version 6 (IPv6)

Addresses in the Domain Name System (DNS)
RFC 3493 Basic Socket Interface Extensions for IPv6
RFC 3542 Advanced Sockets API for IPv6
RFC 3587 An Aggregatable Global Unicast Address Format
A-15

RFC 3775 Mobility Support in IPv6
IPSec Standards
For the IPSec standards that the ZXR10 5960 complies with, refer to Table A-21.
Table A-21 IPSec Standards
RFC 2104 HMAC: Keyed-Hashing for Message

Authentication
RFC 2401 Security Architecture for the Internet Protocol
RFC 2402 IP Authentication Header
RFC 2403 The Use of HMAC-MD5-96 within ESP and AH
RFC 2404 The Use of HMAC-SHA-1-96 within ESP and AH
RFC 2405 The ESP DES-CBC Cipher Algorithm With

Explicit IV
RFC 2406 IP Encapsulating Security Payload (ESP)
RFC 2407 The Internet IP Security Domain of Interpretation

for ISAKMP
RFC 2408 Internet Security Association and Key

Management Protocol(ISAKMP)
RFC 2409 The Internet Key Exchange (IKE)
RFC 2410 The NULL Encryption Algorithm and Its Use With
IPsec
RFC 2412 The OAKLEY Key Determination Protocol
RFC 2451 The ESP CBC-Mode Cipher Algorithms
RADIUS Standards
For the RADIUS standards that the ZXR10 5960 complies with, refer to Table A-22.
Table A-22 RADIUS Standards
RFC 2865 Remote Authentication Dial In User Service

(RADIUS)
RFC 2866 RADIUS Accounting
RFC 2867 RADIUS Accounting Modifications for Tunnel

Protocol Support
RFC 2868 RADIUS Attributes for Tunnel Protocol Support
A-16

RFC 2869 RADIUS Extensions
RFC 3162 RADIUS and IPv6
RFC 3576 Dynamic Authorization Extensions to Remote

Authentication Dial In User Service (RADIUS)
RFC 3580 IEEE 802.1X Remote Authentication Dial In User

Service (RADIUS)
RFC 4590 RADIUS Extension for Digest Authentication
RFC 4675 RADIUS Attributes for Virtual LAN and Priority

Support
RFC 4679 DSL Forum Vendor-Specific RADIUS Attributes
TACACS+ Standards
For the TACACS+ standards that the ZXR10 5960 complies with, refer to Table A-23.
Table A-23 TACACS+ Standards
draft-grant-tacacs-02 The TACACS+ Protocol Version 1.78
Differentiated Services Standards

For the differentiated services standards that the ZXR10 5960 complies with, refer to Table
A-24.
Table A-24 Differentiated Services Standards
RFC 2474 Definition of the DS Field the IPv4 and IPv6

Headers(Rev)
RFC 2597 Assured Forwarding PHB Group (rev3260)
RFC 2598 An Expedited Forwarding PHB
RFC 3140 Per-Hop Behavior Identification Codes
VRRP Standards
For the VRRP standards that the ZXR10 5960 complies with, refer to Table A-25.
Table A-25 VRRP Standards
RFC 2787 Definitions of Managed Objects for the Virtual

Router Redundancy Protocol
A-17

RFC 3590 Source Address Selection for the Multicast

Listener Discovery (MLD) Protocol
RFC 3768 Virtual Router Redundancy Protocol
RFC 3810 Multicast Listener Discovery Version 2 (MLDv2)

for IPv6
RFC 4007 IPv6 Scoped Address Architecture
RFC 4193 Unique Local IPv6 Unicast Addresses
RFC 4291 IPv6 Addressing Architecture
RFC 4659 BGP-MPLS IP Virtual Private Network(VPN)

Extension for IPv6 VPN
DHCP Standards
For the DHCP standards that the ZXR10 5960 complies with, refer to Table A-26.
Table A-26 DHCP Standards
RFC 1533 DHCP Options and BOOTP Vendor

ExtensionsClass-identifier
RFC 1534 Interoperation Between DHCP and BOOTP
RFC 2131 Dynamic Host Configuration Protocol
RFC 2132 DHCP Options and BOOTP Vendor Extensions
RFC 3046 DHCP Relay Agent Information Option
RFC 3396 Encoding Long Options in the Dynamic Host

Configuration Protocol (DHCPv4)
BFD Standards
For the BFD standards that the ZXR10 5960 complies with, refer to Table A-27.
Table A-27 BFD Standards
draft-ietf-bfd-base-09 Bidirectional Forwarding Detection
draft-ietf-bfd-generic-05 Generic Application of BFD
draft-ietf-bfd-mib-07 BFD Management Information Base
draft-ietf-bfd-mpls-07 BFD For MPLS LSPs
draft-ietf-bfd-multihop-07 BFD for Multihop Paths
A-18

draft-ietf-bfd-v4v6-1hop-09 BFD for IPv4 and IPv6 (Single Hop)
draft-ietf-pwe3-vccv-bfd-05 Bidirectional Forwarding Detection (BFD) for

the Pseudowire Virtual Circuit Connectivity
Verification (VCCV)
draft-palanivelan-bfd-v2-gr-01 BFD with Graceful Restart
Network Management Standards

For the network management standards that the ZXR10 5960 complies with, refer to Table
A-28.
Table A-28 Network Management Standards
ITU-T M.3000 Overview of TMN recommendations
ITU-T M.3010 Principles for a Telecommunications management

network
ITU-T M.3016 TMN security overview
ITU-T M.3020 TMN Interface Specification Methodology
ITU-T M.3100 Generic Network Information Model
ITU-T M.3001 Managed Object Conformance Statements for

the Generic Network Information Model
ITU-T M.3200 TMN management services and telecommunica-

tions managed areas: overview
ITU-T M.3300 TMN F interface requirements
ITU-T M.3400 TMN Management Function
TU-T Temporary Document 69 (IP Experts) Revised draft document on IP access network
architecture
ITU-T X.701-X.709 Systems Management framework and

architecture
ITU-T X.710-X.719 Management Communication Service and

Protocol
ITU-T X.720-X.729 Structure of Management Information
ITU-T X.730-X.799 Management functions
RFC 1157 Simple Network Management Protocol
RFC 1213 Management Information Base for Network

Management of TCP/IP based internets: MIB-II
RFC 1215 A Convention for Defin-ing Traps for use with the
SNMP
A-19

RFC 1493 Definitions of Managed Objects for Bridges
RFC 1558 A String Representation of LDAP Search Filters
RFC 1657 BGP4-MIB
RFC 1724 RIPv2-MIB
RFC 1757 Remote Network Monitoring Management

Information Base
RFC 1777 Lightweight Directory Access Protocol
RFC 1778 The String Representation of Standard Attribute

Syntaxes
RFC 1850 OSPF-MIB
RFC 1901 Introduction to Community-based SNMPv2
RFC 1902 Structure of Management Information for Version

2 of the Simple Network Management Protocol
(SNMPv2)
RFC 1903 Textual Conventions for Version 2 of the Simple

Network Management Protocol (SNMPv2)
RFC 1905 Protocol Operations for Version 2 of the Simple

Network Management Protocol (SNMPv2)
RFC 1907 Management Information Base for Version 2

of the Simple Network Management Protocol
(SNMPv2)
RFC 1959 An LDAP URL Format
RFC 2011 SNMPv2 MIB for IP
RFC 2012 SNMPv2 MIB for TCP
RFC 2013 SNMPv2 MIB for UDP
RFC 2037 Entity MIB using SMIv2
RFC 2096 IP-FORWARD-MIB
RFC 2138 RADIUS
RFC 2206 RSVP-MIB
RFC 2233 The Interface Group MIB using SMIv2
RFC 2251 Lightweight Directory Access Protocol (v3)
RFC 2271 An Architecture for Describing SNMP

Management Frameworks
RFC 2273 SNMPv3 Applications
A-20

RFC 2452 IPv6 Management Information Base for

theTransmission Control Protocol
RFC 2454 IPv6 Management Information Base for the User

Datagram Protocol
RFC 2465 Management Information Base for IP Version 6:

Textual
RFC 2571 An Architecture for Describing SNMP

Management Frameworks
RFC 2572 Message Processing and Dispatching for the

imple Network Management Protocol (SNMP)
RFC 2574 User-based Security Model (USM) for version

3 of the Simple Network Management Protocol
(SNMPv3)
RFC 2863 The Interfaces Group MIB
RFC 2987 VRRP-MIB
RFC 3014 NOTIFICATION-LOGMIB
RFC 3019 IP Version 6 Management Information Base for

The Multicast Listener Discovery Protocol
RFC 3164 The BSD syslog Protocol
RFC 3291 Textual Conventions for Internet Network

Addresses
RFC 4293 Management Information Base for the Internet

Protocol (IP)
GB901 A Service management Business Process Model
GB908 Network Management Detailed Operations Map
GB909 Generic Requirements for Telecommunications

Management Building Blocks
GB910 Telecom Operations Map
GB914 System Integration Map
GB917 SLA Management Handbook V1.5
NMF037 Sub-System Alarm Surveillance Ensemble V1.0
NMF038 Bandwidth Management Ensemble V1.0
TMF053 NGOSS Architecture Technology Neutral

Specification V1.5
TMF053A NGOSS Architecture Technology Neutral

Specification V1.5
A-21

TMF053B NGOSS Architecture Technology Neutral

Specification V1.5
TMF508 Connection and Service Management Information

Model Business Agreement
TMF605 Connection and Service Management Information

Model
TMF801 Plug and Play Service Fulfillment Phase 2

Validation Specification V1.0
TMF816 B2B Managed Service for DSL Interface

Implementation Specification V1.5
TMF821 IP VPN Management Interface Implementation

Specification V1.5
YD/T 852-1996 Telecommunication Management Network (TMN)

General Design Principles
YD/T 871-1996 Telecommunication Management Network (TMN)

General Information Model
YD/T XXXX-2001 Broadband MAN Overall Technology

Requirements
YD/T XXXX-2001 IP Network Technology Requirements: Network

Performance Specifications and Availability
YD/T XXXX-2001 IP Network Technology Requirements: Network

Overview
YDN 075-1998 China Public Multimedia Communications

Network Management Specification
YDN 075-1998 China Public Multimedia Communications

Network Management Specification
FTP/TFTP Standards
For the FTP/TFTP standards that the ZXR10 5960 complies with, refer to Table A-29.
Table A-29 FTP/TFTP Standards
RFC 1350 The TFTP PROTOCOL (REVISION 2)
RFC 4217 Securing FTP with TLS
A-22

Tables
Table 1-1 Product overview....................................................................................... 1-2
Table 3-1 Basic Features and Physical Specifications of the Device (1) .................... 3-1
Table 3-2 Basic Features and Physical Specifications of the Device (2) .................... 3-1
Table 3-3 L2 Features ............................................................................................... 3-2
Table 3-4 L3 Features ............................................................................................... 3-3
Table 3-5 Multicast Features ..................................................................................... 3-4
Table 3-6 QoS Features............................................................................................ 3-4
Table 3-7 Service Management Features.................................................................. 3-5
Table 3-8 Security Features ...................................................................................... 3-5
Table 3-9 O&M Features........................................................................................... 3-6
Table A-1 Ethernet Standards ...................................................................................A-1
Table A-2 IP Standards .............................................................................................A-2
Table A-3 UDP Standards .........................................................................................A-3
Table A-4 TCP Standards .........................................................................................A-3
Table A-5 ICMP Standards........................................................................................A-3
Table A-6 SOCKET Standards ..................................................................................A-4
Table A-7 Tunneling Standards .................................................................................A-4
Table A-8 SSH Standards .........................................................................................A-4
Table A-9 SFTP Standards .......................................................................................A-5
Table A-10 RIP Standards.........................................................................................A-5
Table A-11 OSPF Standards .....................................................................................A-6
Table A-12 BGP Standards .......................................................................................A-8
Table A-13 IS-IS Standards.......................................................................................A-9
Table A-14 Multicast Standards...............................................................................A-10
Table A-15 MPLS Standards................................................................................... A-11
Table A-16 LDP Standards......................................................................................A-13
Table A-17 RSVP-TE Standards .............................................................................A-14
Table A-18 VPLS Standards ...................................................................................A-14
Table A-19 NTP Standards .....................................................................................A-14
Table A-20 IPV6 Standards.....................................................................................A-15
Table A-21 IPSec Standards ...................................................................................A-16
Table A-22 RADIUS Standards ...............................................................................A-16

Table A-23 TACACS+ Standards ............................................................................A-17

Table A-24 Differentiated Services Standards .........................................................A-17
Table A-25 VRRP Standards...................................................................................A-17
Table A-26 DHCP Standards ..................................................................................A-18
Table A-27 BFD Standards .....................................................................................A-18
Table A-28 Network Management Standards ..........................................................A-19
Table A-29 FTP/TFTP Standards ............................................................................A-22
II

Glossary
AAA
- Authentication, Authorization and Accounting
ACL
- Access Control List
BFD
- Bidirectional Forwarding Detection
BGP
- Border Gateway Protocol
CAC
- Channel Access Control
CDR
- Call Detail Record
CVLAN
- Customer Virtual Local Area Network
DDoS
- Distributed Denial of Service
DHCP
- Dynamic Host Configuration Protocol
DWRR
- Deficit Weighted Round Robin
FRR
- Fast Reroute
ICMP
- Internet Control Message Protocol
IGMP
- Internet Group Management Protocol
IPTV
- Internet Protocol Television
IS-IS
- Intermediate System-to-Intermediate System
LACP
- Link Aggregation Control Protocol
MAC
- Media Access Control
III

MLD
- Multicast Listener Discovery
MSDP
- Multicast Source Discovery Protocol
OAM
- Operation, Administration and Maintenance
OPEX
- Operating Expenditure
OSPF
- Open Shortest Path First
PIM
- Protocol Independent Multicast
PVLAN
- Private Virtual Local Area Network
QoS
- Quality of Service
RADIUS
- Remote Authentication Dial In User Service
RED
- Random Early Detection
RIP
- Routing Information Protocol
RIPng
- Routing Information Protocol next generation
SNMP
- Simple Network Management Protocol
SP
- Strict Priority
SSH
- Secure Shell
SVLAN
- Service Virtual Local Area Network
TACACS+
- Terminal Access Controller Access-Control System Plus
TTL
- Time To Live
VLAN
- Virtual Local Area Network
IV

Glossary
VRF
- Virtual Route Forwarding
VRRP
- Virtual Router Redundancy Protocol
WRED
- Weighted Random Early Detection
WRR
- Weighted Round Robin
ZESR
- ZTE Ethernet Switch Ring
ZESS
- ZTE Ethernet Smart Switch

SJ-20160119164028-001-ZXR10 5960 Series (V3.02.20) All 10-Gigabit Data Center Switch Product Description

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SJ-20160119164028-001-ZXR10 5960 Series (V3.02.20) All 10-Gigabit Data Center Switch Product Description

Uploaded by

Copyright:

Available Formats

ZXR10 5960 Series

All 10-Gigabit Data Center Switch

Revision No. Revision Date Revision Reason

R2.0 2017-02-28 Updated configuration commands and instances

R1.0 2016-02-28 First edition

Serial Number: SJ-20160119164028-001

Publishing Date: 2017-02-28 (R2.0)

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

Chapter 2 Functions and Features ........................................................... 2-1

Chapter 3 Technical Specifications .......................................................... 3-1

Appendix A Protocol and Standard Compliance.................................... A-1

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

What Is in This Manual

Chapter 1, Product Po-

Chapter 2, Functions and

Appendix A, Protocol and

| Separates individual parameter in series of parameters.

Note: provides additional information about a certain topic.

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

1.1 Product Positioning

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

Table 1-1 Product overview

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

1.2 Product Characteristics

l Rich QoS capabilities provide differentiated services for different application

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

l Hierarchical intelligent operation and maintenance, and graphical network

Multidimensional Security Model, Reinforcing the Network

Low Carbon and Energy Efficient

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

This page intentionally left blank.

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

Port Security Protection

2.1.2 VLAN Functions

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

2.1.3 Link Aggregation

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

The Intermediate System-to-Intermediate System (IS-IS) intra-domain routing protocol

The ZXR10 5960 implements ACL-based policy routing.

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

IPv4 to IPv6 Transition

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

l Dropping or forwarding the packet.

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

2.4 Protection for Reliability

Network Detection Mechanisms

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

Intelligent Ethernet Protection

Layer 3 Routing Protection

2.5 Security and Authentication

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

l Supports the authenticator's functions.

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential

2.6 Network Traffic Analysis

SJ-20160119164028-001|2017-02-28 (R2.0) ZTE Proprietary and Confidential