Zxr10 8900e Series

7/23/2019 Zxr10 8900e Series

http://slidepdf.com/reader/full/zxr10-8900e-series 1/132

Operator Logo

ZXR10 8900E series CoreSwitch Product Description

loaded from www.Manualslib.com manuals search engine

http://www.manualslib.com/


7/23/2019 Zxr10 8900e Series





7/23/2019 Zxr10 8900e Series


ZXR10 8900E series Core Switch Product Description

ZTE Confidential Proprietary © 2013 ZTE CORPORATION. All rights reserved. I


Version Date Author Approved By Remarks

V1.00 2011-03-25 Li Ying Shen Chunsheng Not open to the Third Party

V1.01 2012-6-13 Li Ying Huang HongRu Delete wrong description

V1.02 2012-10-10 Li Ying Huang HongRu

Add new function in version3.00.02 including VSC、L2PT、MFF and so on. Modify thedescription about main controlboard and interface board.Update IPv6 function.

2012-11-16 Li Ying Huang HongRu Update：The description error

2013-02-19 Li Ying Huang HongRuUpdate：The description aboutsoftware load and unload

© 2013 ZTE Corporation. All rights reserved.

ZTE CONFIDENTIAL: This document contains proprietary information of ZTE and is not to bedisclosed or used without the prior written permission of ZTE.

Due to update and improvement of ZTE products and technologies, information in this document issubjected to change without notice.




7/23/2019 Zxr10 8900e Series



II ©2013ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

TABLE OF CONTENTS

1

Overview ......................................................................................................... 1

2

Highlights ........................................................................................................ 3

2.1 Super Big capacity/ High Density Interfaces ..................................................... 3

2.2 VSC Construct Solid Cloud Core ...................................................................... 3

2.3

Distributed Module Operating System ROS 5.0 ................................................ 3

2.4 Multi-service Bearing Capabilities ..................................................................... 4

2.5 Comprehensive IPv6 Features ......................................................................... 4

2.6 Multi-Dimensional Security & Reliability Mechanism Guarantees Ever-onlineServices ........................................................................................................... 4

2.7 Environment-friendly Innovations ...................................................................... 5

3

Function introduct ion ..................................................................................... 6

3.1

L2 function ........................................................................................................ 6

3.1.1

Basic Ethernet features .................................................................................... 6

3.1.2 VLAN and relative features ............................................................................... 7

3.1.3 Link aggregation ............................................................................................. 11

3.1.4 Spanning tree ................................................................................................. 13

3.1.5 L2 multicast .................................................................................................... 15

3.1.6 L2PT ............................................................................................................... 16

3.2

L3 function ...................................................................................................... 17

3.2.1 IPv4 route protocol.......................................................................................... 17

3.2.2 Ipv6 Routing ................................................................................................... 20

3.2.3 IPv4/IPv6 Transition ........................................................................................ 20

3.2.4

L3 Multicast .................................................................................................... 21

3.2.5 Controllable Multicast ..................................................................................... 23

3.2.6 MCE ............................................................................................................... 25

3.3

MPLS VPN ..................................................................................................... 26

3.3.1

Basic Functions of MPLS ................................................................................ 26

3.3.2 MPLS TE ........................................................................................................ 29

3.3.3 MPLS L2 VPN ................................................................................................ 30

3.3.4

MPLS L3 VPN ................................................................................................ 34

3.4 QoS ................................................................................................................ 35

3.4.1 Basic QoS ...................................................................................................... 35

3.4.2 MPLS QoS ..................................................................................................... 40

3.5

OAM ............................................................................................................... 41

3.5.1 Ethernet OAM ................................................................................................. 41

3.6 Clock synchronization ..................................................................................... 42

3.6.1 Clock source ................................................................................................... 42

3.6.2

Synchronous Ethernet .................................................................................... 42

3.6.3

IEEE 1588 v2.................................................................................................. 43

3.6.4 Clock protection .............................................................................................. 44

3.7 Reliability protection ........................................................................................ 45

3.7.1

Equipment-level protection ............................................................................. 45

3.7.2 Network detection mechanism ........................................................................ 46

3.7.3 VSC ................................................................................................................ 48

3.7.4

Ethernet intelligent protection ......................................................................... 49




7/23/2019 Zxr10 8900e Series



ZTE Confidential Proprietary © 2013 ZTE CORPORATION. All rights reserved. III

3.7.5 L3 route protection .......................................................................................... 52

3.7.6 VPN Protection ............................................................................................... 53

3.7.7 FRR Protection ............................................................................................... 56

3.8 Security and Authentication ............................................................................ 60

3.8.1 ACL ................................................................................................................ 60

3.8.2

Device Authentication ..................................................................................... 61

3.8.3 Access Security .............................................................................................. 63

3.8.4 MFF ................................................................................................................ 65

3.8.5 Network Security ............................................................................................ 66

3.9 Network Traffic Analysis ................................................................................. 68

3.9.1

Sflow .............................................................................................................. 68

4 System Architecture ..................................................................................... 70

4.1 Appearance .................................................................................................... 70

4.1.1 ZXR10 8912E Appearance ............................................................................. 70

4.1.2 ZXR10 8908E Appearance ............................................................................. 72

4.1.3 ZXR10 8905E Appearance ............................................................................. 74

4.1.4 ZXR10 8902E Appearance ............................................................................. 76

4.2

Hardware Architecture .................................................................................... 76

4.2.1 Overall Hardware Architecture ........................................................................ 77

4.2.2 Working Principles of Hardware System ......................................................... 79

4.3 Hardware Boards ............................................................................................ 81

4.3.1

Switching Main Control Board ......................................................................... 81

4.3.2 Power Module ................................................................................................. 88

4.3.3 Interface Module ............................................................................................. 89

4.4 Software Architecture ..................................................................................... 92

4.4.1 System Software Architecture ......................................................................... 92

4.4.2 Software Platform ........................................................................................... 94

5

Technical Specifi cations .............................................................................. 98

5.1

Basic features ................................................................................................. 98

5.2

Interface Specifications ................................................................................... 99

5.3 Functions ...................................................................................................... 101

5.3.1 L2 features ................................................................................................... 101

5.3.2 L3 features ................................................................................................... 102

5.3.3 Multicast features ......................................................................................... 102

5.3.4 MPLS ........................................................................................................... 102

5.3.5 QoS .............................................................................................................. 103

5.3.6 Service Management .................................................................................... 104

5.3.7 Reliability ...................................................................................................... 104

5.3.8 System security ............................................................................................ 105

5.3.9

Clock synchronization ................................................................................... 106

5.3.10 Operating and Maintenance .......................................................................... 106

6

Typical Networking Mode ........................................................................... 108

6.1

Application in Metro Ethernet ........................................................................ 108

6.2 Application in Data Center ............................................................................ 109

6.3 Application in Campus Network .................................................................... 110

6.4 Application in FTTx ....................................................................................... 111

6.5

Application in IP RAN ................................................................................... 112




7/23/2019 Zxr10 8900e Series



IV ©2013ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

7 Operation and Maintenance ....................................................................... 113

7.1 NetNumen U31 Unified Network Management Platform ............................... 113

7.1.1 Network Management Networking Mode ...................................................... 113

7.1.2 NetNumen U31 Network Management System ............................................. 114

7.2 Maintenance and Management .................................................................... 116

7.2.1

Multiple Configuration Modes ....................................................................... 116

7.2.2 Monitoring and Maintenance ......................................................................... 117

7.2.3 Software Upgrade ......................................................................................... 118

7.2.4 File System Management ............................................................................. 118

8

Glossary ...................................................................................................... 120




7/23/2019 Zxr10 8900e Series



ZTE Confidential Proprietary © 2013 ZTE CORPORATION. All rights reserved. V

FIGURES

Figure 1-1 ZXR10 8900E series product appearance ........................................................... 2

Figure 3-1 MC-ELAM structure........................................................................................... 13

Figure 3-2 L2TP Networking ............................................................................................. 16

Figure 3-3 Architecture of MCE .......................................................................................... 25

Figure 3-4 MPLS working principle ..................................................................................... 27

Figure 3-5 MPLS header structure ..................................................................................... 28

Figure 3-6 Basic VPWS network model .............................................................................. 30

Figure 3-7 Basic VPLS network model ............................................................................... 32

Figure 3-8 H-VPLS networking with U-PW access ............................................................. 32

Figure 3-9 H-VPLS networking with QinQ access .............................................................. 33

Figure 3-10 Basic BGP MPLS VPN network model ............................................................ 34

Figure 3-11 end to end MPLS QoS .................................................................................... 41

Figure 3-12 SyncE synchronization .................................................................................... 43

Figure 3-13 IEEE 1588 synchronization ............................................................................. 44

Figure 3-14 SQA association ............................................................................................. 48

Figure 3-15 VSC system logic connection diagram ............................................................ 48

Figure 3-15 ZESR break alarm........................................................................................... 49

Figure 3-16 ZESS protection mechanism ........................................................................... 51

Figure 3-17 ZESR+ working principle ................................................................................. 51

Figure 3-18 PW single-hop redundancy protection ............................................................. 54

Figure 3-19 PW multi-hop redundancy protection .............................................................. 54

Figure 3-20 CE dual-homing to PE ..................................................................................... 55

Figure 3-21 UPE dual-homing to NPE ................................................................................ 56

Figure 3-22 Route switching diagram ................................................................................. 56

Figure 3-23 Label switching diagram .................................................................................. 57

Figure 3-24 TE FRR local link and node protection ............................................................ 58

Figure 3-25 CE dual-homing model .................................................................................... 59

Figure 3-26 Multi-Level Processing Procedure ......................Error! Bookmark not defined.

Figure 3-27 sFlow Multi-level Architecture .......................................................................... 69

Figure 4-1 ZXR10 8912E appearance ................................................................................ 71

Figure 4-2 ZXR10 8912E structure ..................................................................................... 72





7/23/2019 Zxr10 8900e Series



VI ©2013ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary






Figure 4-9 ZXR10 8912E/8908E/8905E hardware system architecture .............................. 77

Figure 4-10 ZXR10 8902E hardware system architecture .................................................. 77

Figure 4-11 ZXR10 8905E/8908E/8912Esystem hardware diagram .................................. 80

Figure 4-12 ZXR10 8902E system hardware diagram ........................................................ 80

Figure 4-13 Principle diagram of 8912E/8908E/8905E main control board ......................... 81

Figure 4-14 Principle diagram of 8902E main control board ............................................... 81

Figure 4-15 8912EMSC1D main control board panel diagram ........................................... 84

Figure 4-16 8912EMSC1A main control board panel diagram ............................................ 85




Figure 4-20 8902EMSC1A main control board panel diagram ............................................ 86

Figure 4-21 8912E/8908E/8905E DC power board diagram ............................................... 88

Figure 4-22 8912E/8908E/8905E AC power board diagram ............................................... 89

Figure 4-23 8902E DC power board diagram ..................................................................... 89

Figure 4-24 8902E AC power board diagram ..................................................................... 89

Figure 4-25 E1GF24A ........................................................................................................ 91

Figure 4-26 H2GF24D ........................................................................................................ 91

Figure 4-27 H2GF48D ........................................................................................................ 91

Figure 4-28 H2GT48D ........................................................................................................ 91

Figure 4-29 H2XF8D .......................................................................................................... 91

Figure 4-30 S1XF12A ........................................................................................................ 91

Figure 4-31 S2XF48A ........................................................................................................ 91

Figure 4-32 S2LQ6L2A ...................................................................................................... 92

Figure 4-33 8900E software system architecture ............................................................... 93

Figure 4-34 New-generation ZXROS V5.0 software platform system architecture .............. 95

Figure 6-1 Application in metro network ........................................................................... 108

Figure 6-2 Application of Data Center .............................................................................. 109

Figure 6-3 Enterprise network Application ........................................................................ 110

Figure 6-4 FTTx Application ............................................................................................. 111




7/23/2019 Zxr10 8900e Series



ZTE Confidential Proprietary © 2013 ZTE CORPORATION. All rights reserved. VII

Figure 6-5 Application in IP RAN ...................................................................................... 112

TABLES

Table 4-1 Main control board panel interface features ........................................................ 86

Table 4-2 Main control board panel button function description .......................................... 87

Table 4-3 Main control board panel indicator function description ...................................... 87

Table 4-4 8900E interface board type ................................................................................ 90

Table 5-1 Basic features and performance ......................................................................... 98

Table 5-2 Interface Specifications ...................................................................................... 99

Table 5-3 L2 features ....................................................................................................... 101

Table 5-4 L3 features ....................................................................................................... 102

Table 5-5 Multicast features ............................................................................................. 102

Table 5-6 MPLS feature ................................................................................................... 102

Table 5-7 QoS .................................................................................................................. 103

Table 5-8 Service Management ....................................................................................... 104

Table 5-9 Reliability .......................................................................................................... 104

Table 5-10 System security .............................................................................................. 105

Table 5-11 Clock synchronization .................................................................................... 106

Table 5-12 Operating and Maintenance ........................................................................... 106

Table 8-1 Abbreviations ................................................................................................... 120




7/23/2019 Zxr10 8900e Series





7/23/2019 Zxr10 8900e Series



ZTE Confidential Proprietary © 2013 ZTE CORPORATION. All rights reserved. 1

1 Overview

ZXR10 8900E switch is ZTE’s new generation enhanced core switch. With years ofexperience in telecom network, ZTE designs and develops 8900E which has ultra-large

system capacity, ultra-high port density and ultra-strong service functions. It can address

immediate needs of metro network, data center network, campus network and enterprise

network for network core equipment.

Today, telecom network tends to larger user broadband, service bearing over IP and flat

network structure. Basic network is the uniform, converged and efficient platform bearing

various services. Because of large-scale growth of VOIP/IPTV/VIP access/3G services

and the introduction and deployment of IPv6 technology, there are higher requirements

for core /convergence switch. And the network is more complex, CAPEX and

maintenance cost remains high, more devices are in use, security and user experience

(UX) is difficult to improve. How to get out of these troubles is a hard nut for carriers andnetwork administrators.

ZXR10 8900E core switch with large capacity adopts distributed design to provide

high-density FE, GE and 40G/100G port, low-power-consumption component, innovative

fan and power supply. With physical port intelligent management mechanism, it expands

network capacity, increases convergence rate with low investment, reduces the cost per

user, saves the space in equipment room, and drops energy consumption. It offers

reliable equipment/link/network-level protection, and supports independent supervision

plane. Adopting reconfigurable design, the software supports multiple switching

technologies, and guarantees E2E service experience with multilevel QoS, and improves

network reliability and quality to bring down user maintenance cost. It supports

multiservice bearing, several clock synchronization technologies, IPTV, IPv6, andall-directional security. It can bear data, video and voice services, and integrates the

characteristics of multiple network equipments to meet the requirements of different

networks and reduce CAPEX. It offers excellent performance and features to help the

users to build efficient, intelligent and reliable network.

ZXR10 8900E series include ZXR10 8912E, ZXR10 8908E, ZXR10 8905E and ZXR10

8902E, which have 12, 8, 5 and 2 service slots respectively. They have high-integration

interface boards and a wide variety of service functions. Their appearance is shown in

Figure 1-1.




7/23/2019 Zxr10 8900e Series



2 © 2013ZTE CORPORATION. All rights reserved. ZTE Confidential Proprietary

Figure 1-1 ZXR10 8900E series product appearance




7/23/2019 Zxr10 8900e Series




2 Highlights

2.1 Super Big capacity/ High Densi ty Interfaces

With distributed modular design, non-blocking switching architecture, brand new

big-bandwidth fabric, ZXR10 8900E is an advanced core switch in the industry.

Each single slot of ZXR10 8900E can provide maximally 48*10GE interfaces or 8*40GE

interfaces. In the future 8900E will be able to be smoothly upgraded to provide 100G

interfaces.

2.2 VSC Const ruc t Solid Cloud Core

ZXR10 8900E supports Virtual Switch Clustering (VSC), which means the virtualization of

multiple physical switches into one logical switch. VSC enhances cluster system capacity

and port density, while at the same time simplifies simple topology and eases

administration.

Multiple physical switches can be interconnected through the normal line cards. The

80KM interconnection capability makes it possible to implement remote IDC backup.

The bandwidth of the VSC interconnection can reach 320Gbps, eliminating any possible

bottleneck in the VSC system.

The forwarding inside VSC system is optimized so that there will be least amount of trafficpassing between VSC members.

Switchover between master and slave in VSC system is really fast and the switchover will

not cause any service interruption.

2.3 Distr ibu ted Module Operating System ROS 5.0

ZXR10 8900E adopts full-distributed modular design: each process enjoys its dedicated

resources alone; the coordination between processes is efficient and secure.

Each line card has its own CPU, while the main-control card is equipped with a morepowerful CPU. Distributed protocol processing helps promote the overall computing

efficiency.

The expansion of management interfaces is flexible. Currently ZXR10 8900E is

compatible with management interfaces Netconf.




7/23/2019 Zxr10 8900e Series




2.4 Multi-serv ice Bearing Capabili ties

ZXR10 8900E supports rich features, including full L2/L3 features, multicast, MPLS L2/L3

VPN, etc.

ZXR10 8900E supports complete L2/L3 multicast technologies, including administratively

scoped multicast, MVR, IGMP Snooping, Filtering, Proxy, Fast Leave, IGMP,PIM-DM/SM,

PIM-SSM, DVMRP and MSDP. All these features help Enterprise user to deploy

multicast applications such as video conferencing and video surveillances.

2.5 Comprehens ive IPv6 Featur es

ZXR10 8900E supports comprehensive IPv6 features, to facilitate the migration to IPv6

network. For example, ZXR10 8900E supports all basic IPv6 features such as ICMPv6,

ND, SNMPv6, RADIUSv6; It also supports IPv6 routing protocols such as OSPFv3,

IS-ISv6, BGP4+, PIM-SM for IPv6, MLD snooping; Multiple tunnel technologies are alsosupported including 6to4 tunnel, ISATAP tunnel, 6PE, etc.

2.6 Multi-Dimensi onal Secur it y & Reliabil it yMechanism Guarantees Ever-onl ine Serv ices

Security/Reliability related designs in ZXR10 8900E fall into five categories, which

are secure architecture, secure management and control, secure operating system,

secure calculation and reliable service.

Secure architecture: Redundant backup design has been put in place for the

forwarding control engines. Fast active/standby switchover is supported. Redundantpower supply module, fan module and clock module combined to make the switch

more robust. What’s more, ZXR10 8900E supports intelligent inspection, control,

warning and hot-swappable components.

Secure management and control: Independent control, monitoring and forwarding

planes guarantee superior equipment stability.

Secure operating system: ZXR10 8900E supports modular service, intelligent

function modules

Secure processing: Based upon multi-core CPU, ZXR10 8900E implements

multi-thread parallel high-performance processing to guarantee seamlesscollaboration of multiple modules.

Reliable services: ZXR10 8900E supports multiple kinds of redundancy/backup

mechanisms including ZESR intelligent Ethernet smart ring, VRRP, LACP, FRR,

NSF and BFD. Service reliability can be well guaranteed.




7/23/2019 Zxr10 8900e Series




2.7 Environment-friendly Innovations

ZXR10 8900E supports multiple environmental-friendly innovations, including

centralized power management, 5 level intelligent fan speed adjustment. All these

environmental friendly designs help cut the power consumption.

ZXR10 8900E supports dying gasp, in case there is a power failure, 8900E can still

send out an alarm to the network OAM center, to inform about the reason of the

network break down. In this way, the time to do the trouble-shooting on these kinds

of events could be minimized.




7/23/2019 Zxr10 8900e Series




3 Function introduction

3.1 L2 funct ion

3.1.1 Basic Ethernet features

3.1.1.1 MAC address management

As all forwarding tables of ZXR10 8900E are closely associated with MAC addresses,

MAC management is the most basic and most important module of Ethernet switch. It

can maintain MAC address learning and synchronization and complete the following

management function:

MAC address binding: Bind specific MAC address to switch port. After binding, do

not dynamic learn MAC, which will limit user physical location and protect important

MAC address.

MAC address filtering: After receiving the packets from source or destination MAC

address to specific MAC address, the switch discard some packets to filter some

undesired users.

MAC address number limit: Limit MAC address number of some ports to control

user number of some ports, and prevent system resources of running out when the

ports suffer from DOS attack.

MAC address freeze: Freeze some important physical ports in stable network, e.g.,

address of uplink port, so as to avoid network disconnection caused by the

infringement of key MAC address.

MAC address multi-angle display: Display and count VLAN table according to

VLAN, port, static and dynamic aspects, provide network diagnosis, and maintain

network operation.

3.1.1.2 Port mir roring

Port mirroring can automatically copy the traffic of one port to the port so that networkadministrator makes real-time analysis on port traffic when he judges network issues. It

provides network administrator with a monitoring means. For ZXR10 8900E, any port can

be configured to mirroring port; the ports at different rate can mirror to each other;

many-to-one, one-to-many and many-to-many port mirroring can also be done. The

equipment supports cross-card port mirroring, and simultaneous mirroring of several




7/23/2019 Zxr10 8900e Series




mirroring group. It supports port-based mirroring as well as flow-based and ACL-based

one-to-many, many-to-one, and many-to-many mirroring.

ZXR10 8900E can perform port mirroring in the same equipment, and remote port

mirroring in RSPAN and ERSPAN. For RSPAN, mirroring port and mirrored port may be

in different switches. In some cases, monitoring equipment and switch are physically far

away from each other, so a remote span technology is needed for monitoring. RSPAN

monitoring principle is: set RSPAN source port at source switch, configure remote VLAN,

and send it out via Reflector port to reach destination switch via intermediate switch;

configure destination port at destination switch to reach remote monitoring destination.

ERSPAN (Encapsulated Remote SPAN), another remote port mirroring technology,

adopts GRE tunnel to encapsulate service stream of source port and transport it to

remote destination switch port. In the mirroring mode, data stream can fulfill the mirroring

across L3 interface, and ordinary SPAN and RSPAN can only fulfill the mirroring across

L2 network.

3.1.1.3 Port securi ty and protection

ZXR10 8900E supports port traffic control, broadcast storm suppression, whether to

allow jumbo frame to pass, and rate negotiation to effectively control port data traffic,

avoiding network blocking and ensuring normal operation of network services.

ZXR10 8900E can analyze line diagnosis, check whether line and line connection are

normal, and accurately locate line fault.

ZXR10 8900E can set some or all port to loop check, and not check by default. The

function can check user or switch loop of port connection to process the port so as to

avoid switch broadcast storm and limit the effect to a certain port.

ZXR10 8900E supports VLAN-based loop check. The loop check can be performed in

PVID VLAN or user-specified VLAN. One port supports the loop check of at most 8

VLANs at the same time.

The implementation principle of port loop check is that the port sends L2 multicast every

15 seconds; if there is a loop at a port, L2 multicast packet is returned to the port, thus it

can be judged that the loop is available.

3.1.2 VLAN and relative features

VLAN protocol, a basic protocol of L2 switching equipment, enables the administrator todivide one physical LAN into several VLAN. Each VLAN has one VLAN ID which uniquely

identifies the VLAN. Several VLANs share the switching equipment and links of physical

LAN.




7/23/2019 Zxr10 8900e Series




Each VLAN is logically like one independent LAN. All frame traffic in one VLAN is limited

to the VLAN. Cross-VLAN access is made through L3 forwarding which will improve

network performance and reduce the entire traffic in physical LAN.

VLAN reduces network broadcast storm and increases network security and centralized

management control.

ZXR10 8900E supports 802.1Q VLAN. The untagged packet can be added with VLAN

tag based on subnet, protocol and port to support a wide variety of VLAN features.

According to 802.1Q VLAN protocol, 12-bit VLAN is limit to 4096 in number, which affect

some actual applications. 8900E has four extension modes: QinQ, PVLAN, VLAN

translation, and L3-related Super VLAN.

3.1.2.1 PVLAN

Private VLAN is a mechanism that provides additional Layer 2 traffic isolation betweenports within a regular VLAN. This feature places constrains on traffic flow between

specific ports in a VLAN. For instance, in an enterprise network, client ports can

communicate with server ports, but not among each other.

Private VLAN is port based and it can be enabled through PVLAN_ENABLE field in

PORT_TABLE for each port. There are three types of private VLAN ports:

Promiscuous port—a promiscuous port can communicate with all interfaces,

including the community and isolated ports within a private VLAN.

Isolated port—an isolated port has complete Layer 2 separation from all other ports

within the same private VLAN except for the promiscuous ports. Private VLANsblock all traffic to isolated ports except traffic from promiscuous ports. Traffic

received from an isolated port is forwarded only to promiscuous ports.

Community port—Community ports communicate among themselves and with the

promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces

in other communities or isolated ports within their private VLAN.

PVLAN can effectively ensure the communication security of network data. The user is

connected only to his default gateway. Without several VLAN and IP subnets, one

PVLAN can provide the connection with L2 data communication security. All users can

access PVLAN to connect default gateway without any access to other users in the

PVLAN. PVLAN ensure that the ports in one VLAN do not communicate with each other,but the services can go through Trunk port. Thus, the users in one VLAN will not affect

each other because of service broadcast.

PVLAN does not need protocol message. It can be statically configure in ZXR10 8900E.




7/23/2019 Zxr10 8900e Series




3.1.2.2 VLAN Translation

VLAN translation is an extension of VLAN function. If a port of the switch starts VLAN

translation, the data stream from the port must be tagged packet. VLAN translation uses

PORT plus VLAN ID in tagged packet as the index to search in MAC – VLAN table and

get a new VID, then the traffic is switched in the new VLAN to translate data from one

VLAN to the other.

VLAN translation does not need protocol message. It can be statically configure in

ZXR10 8900E. It should be noticed that if VLAN translation is started, VLAN cannot be

divided based on MAC address; if VLAN is divided based on MAC address, VLAN

translation cannot be started.

In addition single tag conversion, 8900E uses VLAN translation and SVLAN to fulfill the

following functions:

1. If the incoming packet is single tagged, be able to add outer tag according to policy,

and modify outer tag’s 802.1P value according to inner tag’s 1P value, supporting

policy-based mapping or one-to-one mapping;

2. If the incoming packet is single tagged, be able to modify inner tag and add outer tag

according to policy, and modify inner and outer tag’s 1P value according to incoming

tag’s 1P value, supporting policy-based mapping or one-to-one mapping;

3. If the incoming packet is double tagged, be able to delete outer tag according to

policy;

4. If the incoming packet is double tagged, be able to delete outer tag, and modify

inner tag according to policy, and modify 1P value of the new inner tag according to

outer tag 1P value, supporting policy-based mapping or one-to-one mapping;

5. If the incoming packet is double tagged, be able to modify outer tag according to

policy, and modify 1P value of the new outer tag based on 1P value of the incoming

outer tag, supporting policy-based mapping or one-to-one mapping;

6. If the incoming packet is double tagged, be able to modify inner tag according to

policy, and modify 1P value of the new inner tag based on 1P value of the outer tag,

supporting policy-based mapping or one-to-one mapping;

7. If the incoming packet is double tagged, be able to modify inner and outer tag

according to policy, and modify 1P values of the new inner and outer tags according

to 1P value of the incoming outer tag, supporting policy-based mapping orone-to-one mapping.

8. If the incoming packet is untagged, be able to add inner and outer tag according to

policy at one time.




7/23/2019 Zxr10 8900e Series




3.1.2.3 Super VLAN

Super VLAN can make the hosts, which are in the same physical switching equipment

but in different virtual broadcast domains, to locate in one IPv4 subnet and use one

default gateway. In one large-scale switching LAN, the mechanism has several

advantages over the traditional IPv4 addressing system. The biggest advantage is to

save address space occupancy in IPv4 system.

Super VLAN and sub VLAN can be used to divide VLAN again. One or several sub

VLANs belong to one Super VLAN and use its default gateway IP address, namely,

aggregate several sub VLANs into one Super VLAN and use the same IP subnet and

default gateway.

Super VLAN is a software function. Ethernet ASIC chip is transparent to the function and

switches data according to software module VLAN setting. Super VLAN does not need

protocol message. It can be statically configure in ZXR10 8900E.

3.1.2.4 QinQ

QinQ with the multilayer VLAN tag stack, refers to tunnel protocol based on 802.1 Q

encapsulation. The core idea is to encapsulate private network VLAN tag to public

network VLAN tag; the message with double-layer tag goes through backbone network to

offer the user with a simple L2 VPN tunnel. QinQ, a simple and manageable protocol,

does not need protocol message. It can be statically configure in ZXR10 8900E. It is

applied to convergence-layer switch which can use QinQ (with double tags) to increase

VLAN number in metro network.

In ZXR10 8900E software system, QinQ software functional module statically configures

QinQ, and then correctly set the chip. QinQ VLAN consists of the following types:

SVLAN (Service VLAN): The VLAN defined in backbone network;

CVLAN (Customers VLAN): User-defined VLAN.

QinQ software functional module adds an attribute to the VLAN table. The attribute

indicates that the VLAN is SVLAN or CVLAN, and drive interface function at the lower

layer to set the QinQ function of the interface.

Ordinary QinQ only adds one outer tag to the datagram of a port, which greatly limits

networking flexibility. For the flow received from one port, SVLAN (Selective VLAN) can

selectively add different outer tag based on different inner tag according to userdemands.

With Selective VLAN, service providers can use a unique VLAN (called a service-provider

VLAN ID, or SP-VLAN ID) to support customers who have multiple VLANs, which offers

the multipoint-to-multipoint virtual LAN transparent transport and a simple L2 VPN tunnel.

Customer VLAN IDs (CE-VLAN IDs) are preserved and traffic from different customers is




7/23/2019 Zxr10 8900e Series




segregated within the service-provider infrastructure even when they appear to be on the

same VLAN. Selective VLAN expand the VLAN space by using a VLAN-in-VLAN

hierarchy. The VLAN number can extend to 4094*4094. Another layer of 802.1Q tag

(SP-VLAN ID) is added to the 802.1Q-tagged (CE-VLAN ID) packets that enter the

service-provider network.

Some service streams require SVLAN also supports the transparent transport of VLAN

service that the packet passes the switch without any interference, namely, the number

and value of the tags remain unchanged.

SVLAN can work with VLAN translation to flexibly process both inner and outer tags. For

details, refer to the chapter “VLAN translation”. In addition, SVLAN can fulfill the 802.1P

CoS priority mapping of outer tag and inner tag.

ZXR10 8900E supports traditional SVLAN configuration and VFP-based SVLAN

configuration. The latter can add the tags based on traffic type.

3.1.3 Link aggregation

Link aggregation means that physical links with the same transport medium and transport

rate are bound and logically look like a link. Link aggregation greatly increases the

bandwidth of peer physical links between switches or between switch and server.

Therefore, it is an important technology to increase link bandwidth and create link

transmission resilience and redundancy. Link aggregation can create

several-multiple-gigabit connection in GE, and logic link with faster transport in FE.

Meanwhile, link aggregation has good protection. When a fault occurs, the traffic in the

trouble links will switch quickly to normal links of the aggregation. Link aggregation can

increase the bandwidth and share traffic load.

ZXR10 8900E supports static and dynamic link aggregation of FE, GE, and 10G ports as

well as cross-card and cross-equipment link aggregation. Logic port from ZXR10 8900E

link aggregation is called smart group which can work as ordinary port.

3.1.3.1 Static aggregation

Static Trunk can manually add several physical ports into Trunk group to form one logic

port, but it is difficult to observe the status of link aggregation port.

ZXR10 8900E configures link aggregation functions according to the following principle

which is also applied to LACP:

128 Trunk groups can be configured, and each Trunk group includes at most 8

member ports.

Support cross-interface board aggregation. Member ports may be in any interface

board, but the selected port must work in the full-duplex mode, and working rates

must be consistent.




7/23/2019 Zxr10 8900e Series




Member port may adopt the access, trunk or hybrid mode, which must be

consistent.

3.1.3.2 LACP

LACP (Link Aggregation Control Protocol) follows IEEE 802.3ad. LACP dynamic

aggregates several physical ports to Trunk group for one smart group port. LACP

automatically aggregates to obtain the maximum bandwidth. LACP supports static

aggregation and dynamic aggregation. Static LACP aggregation is manually configured,

and dynamic LACP aggregation dynamically adds the port to aggregation group.

ZXR10 8900E supports smart group parameter configuration, and share traffic load

according to the following modes (It can also be applied to static aggregation).

Source MAC address, VLAN, Ethernet type, and ingress port;

Destination MAC address, VLAN, Ethernet type, and ingress port;

Source and destination MAC address, VLAN, Ethernet type, and ingress port;

Source IP address, source TCP or UDP port;

Destination IP address, destination TCP or UDP port;

Source and destination IP address, and source and destination TCP or UDP port.

8900E also supports global mode, namely, share the load in one smart-group according

to the parameters of protocol messages of IPv4, IPv6, MPLS L2 VPN and MPLS L3 VPN

to distribute the traffic equably in the smart-group.

3.1.3.3 MC-ELAM

8900E support inter-card and intra-card link aggregation as well as MC-ELAM

（Multi-Chassis Ethernet Link Aggregation Manager ） whose working principle is shown

as follows:




7/23/2019 Zxr10 8900e Series




Figure 3-1 MC-ELAM structure

Normally, only half of the links from CE to PE1 and PE2 are aggregated successfully. As

shown in the above figure, the successfully aggregated link from CE to PE1 is active link;

the non-aggregated link from CE to PE2 is standby link; data stream is forwarded viaactive link. When active aggregation equipment PE1 goes wrong, PE2 will release the

MC-ELAM control protocol signal of PE1 to process the LACP forwarding between PE2

and CE. When active equipment or active aggregation equipment returns to normal,

MC-ELAM control protocol will recover the forwarding process. MC-ELAM can access the

dual-uplink access network to increase network redundancy.

3.1.4 Spanning tree

3.1.4.1 STP

STP detects and clears the loop between L2 switching functional units, and provides

redundancy link to improve LAN performance and reliability.

STP module has the following major functions:

Avoid network loop, prevent LAN broadcast storm, and offer redundant path.

Detect topology change and reconfigure STP topology accordingly.

After the switch in one subnet executes STP algorithm, one STP dynamic topology is

formed. The topology prevents the loop between any two workstations in LAN to avoid

LAN broadcast storm. Meanwhile, STP algorithm monitors topology change, create the

new spanning tree after the change, and reconfigure spanning tree topology with fault

tolerance. The switch maintains and updates MAC route table according to the status of

STP dynamic topology, and finally gains the MAC-layer route.

STP algorithm aims to enable the switch to dynamically discover a no-loop subset (tree)

in topology and assure adequate connectivity so that a path is available between every

two LAN if the physical conditions allows. According to the principle in the figure, any line




7/23/2019 Zxr10 8900e Series




including node and connection node has one spanning tree which has good destination

connectivity and can avoid network cycling. Therefore, spanning tree algorithm and

protocol can avoid network loop in any dynamic topology and clear the loop between any

two stations.

As IEEE802.1s-defined MSTP is compatible with existing IEEE802.1w-defined RSTP

and IEEE802.1D-defined ordinary STP, STP software module is only required to support

MSTP. When started, MSTP can forcedly work as RSTP or STP to support STP and

RSTP mixed networking. And it can start STP in aggregation link and support port-based

enabling STP protocol.

ZXR10 8900E supports STP, RSTP and MSTP, and their mixed networking.

3.1.4.2 RSTP

RSTP (Rapid Spanning Tree Protocol), the STP upgrade version, follows IEEE 802.1w.

RSTP provide the fast port switching mechanism and shorten network convergence time.

RSTP has the following defects:

The entire switching network has only one spanning tree. Large network has slow

convergence and network topology change will have a great effect.

IEEE 802.1q is the switch connection standard protocol. In symmetrical connection

(in VLAN, the connected ports between switches has the same trunk), one spanning

tree has no influence on data forwarding between switches. However, in the

asymmetrical connection, the connected ports between switches are blocked by

RSTP, which will affect the connectivity and waste the bandwidth.

3.1.4.3 MSTP

MSTP (Multiple-instance Spanning Tree Protocol), developed based on STP/RSTP,

follows IEEE 802.1s. MSTP divides switching networks into several zones, and several

STP instances run in one zone. VLAN is translated to instance in M: 1 mode (bind several

VLANs to one instance), thus each VLAN is transformed into a tree network to avoid the

loop.

MSTP has the following advantages:

In single VLAN, STP supports rapid convergence.

As MSTP structure spanning tree through VLAN and does not block inter-switch

connection port, the load will be shared.

M: 1 mapping reduces switch resource utilization rate.

MSTP is compatible with STP/RSTP to make network deployment simpler.




7/23/2019 Zxr10 8900e Series




3.1.5 L2 multicast

After the router forwards multicast traffic, in the network, Ethernet switch forwards

multicast traffic to multicast user. Traditional switch usually broadcasts the multicast

traffic , which wastes network bandwidth, cause broadcast storm and affect normal

service. Therefore the switch needs to support L2 multicast so as to join and leave

multicast group according to multicast user status and dynamically maintain multicast

group.

3.1.5.1 IGMP Snoooping

ZXR10 8900E supports the L2 multicast technology IGMP Snooping to manage multicast

group members, suppress L2 network multicast flooding, and prevent unauthorized user

from receiving multicast traffic. By snooping IGMP message in the communication

between user and router, IGMP Snooping maintains the correspondence relation

between multicast address and VLAN correspondence table. It maps the members of

one multicast group to one VLAN, and forwards the received multicast packet only to the

VLAN members of the multicast group. IGMP Snooping and IGMP protocol are both used

for multicast group management and control, and both employ IGMP message. What is

different is that IGMP protocol runs on network layer and IGMP Snooping on link layer.

When the switch receives IGMP message, IGMP Snooping analyzes the information of

IGMP message and create and maintain L2 MAC multicast address table.

When ZXR10 8900E starts IGMP Snooping, multicast message performs L2 multicast;

when 8900E does not start IGMP Snooping, multicast message performs L2 broadcast.

8900E also support MLDv1/v2 snooping for smooth transition from IPv4 to IPv6.

3.1.5.2 IGMP Proxy

In some network topologies, IGMP proxy technology does not run multicast route

protocol, but learns the multicast member and makes simple multicast forwarding

according to the registered for multicast distribution. IGMP proxy supports host interface

and router interface. Host interface (also known as uplink interface) points to root node of

distribution tree, namely, uplink to multicast router. The interface runs the host function

rather than IGMP. When receiving IGMP query packet, host interface sends IGMP

member report. Multicast joining or leaving packet is sent to the connected router when

member database changes. Host interface also forwards the received multicast packet

according to member database. Router interface (downlink interface) deviates from root

node and downlinks to user host. The interface runs IGMP protocol to register, query and

delete downlink user group members. It receives member reports, creates and modifies

one member form, sends query packet, queries whether the host leaves its group, and

uplinks and downlinks the forwarded and received multicast packet according to the

registered multicast member database.

IGMP Proxy and IGMP Snooping have the same function but different mechanism:

IGMP Snooping looks into IGMP message to get relative information, and IGMP Proxy




7/23/2019 Zxr10 8900e Series




intercepts and processes IGMP request of terminal user and then forwards it to

upper-level router.

3.1.6 L2PT

In QinQ VPN mode, if VPN uses locating at different places want to initiate their L2

protocol for example, STP, LACP, ZDP, they need to use core network to transfer these

L2 protocol messages transparently, and these messages with preserved MAC address

for bridge cannot process transparent transmission normally. L2PT (layer 2 protocol

transportation) solves this problem, so it is widely used to transfer user network L2

protocol message in QinQ VPN.

L2PT networking is as shown in the following figure.

Edge Switches: It locating at the edge of operator network connects customer

network equipment.

Layer 2 protocol transportation port: On port of Edge Switch. The encapsulation of

L2 protocol message.

Transportation PDU: Encapsulated protocol message, for example ZDP, STP and

LACP, etc.

Figure 3-2 L2TP Networking

On the port without initiated L2PT, L2 protocol messages（STP，ZDP，LACP）instead

of being forwarded is either discarded or sent up for protocol processing, which will cause

several blocked stp domains in customer network as per different locations, so that the

entire customer VPN cannot run an integrated STP topology. L2PT transfer BPDUmessage transparently in VPN, which helps customers to supply the gap.

The received L2 protocol messages will be encapsulated at the transportation port of

edge switch, then broadcast the encapsulated messages. Initiate remote transportation

switch port to encapsulate these messages.




7/23/2019 Zxr10 8900e Series




The message encapsulation and de-capsulation can be done by changing message MAC

address.

3.2 L3 funct ion

3.2.1 IPv4 route protocol

3.2.1.1 RIP

RIP protocol is based on the vector distance routing algorithm of local network. It

employs UDP packet to switch RIP route information, and the protocol packet to be

transported is encapsulated into UDP packet. The route information in RIP message

includes the number of the nodes on the route, namely, hop number. Route node decides

the route to destination networks according to the hop number. RFC requires that the hop

number is not more than 16, which is applied to internal gateway in small-scale

autonomous system.

ZXR10 8900E RIP has the following functions:

Transmit and receive RIP message according to the protocol, check message

correctness and verify its identification.

Support RIPV1/V2, plain text authentication and MD5 authentication, and route

reallocation.

Route loop generation and route convergence acceleration adopt split-horizon and

trigger updates technology.

Support protocol DEBUG.

3.2.1.2 OSPF

OSPF is the IETF-developed internal gateway protocol (IGP) based on link status and

SPF algorithm. OSPF can converge routing table in a short time, and prevent loop, which

is vital to mesh networks or different LANs connected via several bridges. Each

equipment running OSPF maintains one unified database describing autonomous system

topology structure. The database includes such information as partial status of each

equipment, e.g., available interfaces and neighbors, connected network status andexternal route of autonomous system. OSPF uses link status algorithm to calculate the

shortest path from each area to all destinations. When the equipment works or any route

changes, the equipment configured with OSPF diffuses LSA to all equipments in one

area. LSA includes link status and neighbor association information of the equipment.

The information from LSA forms link status database. All equipments in the area use one

specific database to describe topology structure in the area.




7/23/2019 Zxr10 8900e Series




ZXR10 8900E OSPF has the following functions:

Adopt layered network topology structure which is suitable for enormous

interconnected network.

Use dynamic route algorithm. Route calculation adopts Dijiksra algorithm to

automatically follow network topology structure change at a quick rate;

Support display and configuration command from primary console as well as

SNMP-related command, display and MIB variable.

Support route protocol packet authentication, including simple password validation

and MD5 authentication, and prevent route protocol packet from illegal modification.

Adopt the retransmission and confirmation mechanism to assure the reliability of link

status synchronization.

Support different distance measurement solutions, e.g., physical distance, delay,throughput, etc.

Support STUB AREA and NSSA functions.

Support domain boundary and autonomous system boundary router.

Support classless route and route aggregation.

Use Route-Map to control route reallocation and filtering.

3.2.1.3 IS-IS

IS-IS route protocol, the representation of router OSI model, is used for TCP/IP-based IP

network. It can easily perform the extension, mainly IPv6. IS-IS system consists of two

layers: backbone layer (L2) and area layer (L1). One router is in only one area. L1 router

only knows the topology in its area. All traffic to other areas is sent to the nearest L2

router. L2 router must form the backbone, similar to OSPF backbone area 0.

ZXR10 8900E IS-IS protocol has the following functions::

Support L1 and L2 address aggregation.

Support L1 and L2 hierarchical routes and ATT identity.

Support 3-area address and smooth area address migration.

Support load balance to one destination.

Support plain text authentication of interface and area.




7/23/2019 Zxr10 8900e Series




3.2.1.4 BGP

BGP, an external gateway protocol, switches no-loop route information between

autonomous systems. The information has many attributes to create autonomous system

topology, carry out route policy based on autonomous system. The path reachable

information with autonomous system sequence attribute can clear route loop.

Autonomous system is the collection of routers and terminals which locate in one

management control domain, are treated as single entity, and control route table

extension through BGP classless inter-domain routing. BGP-4 also introduces the

mechanism to support route aggregation, including AS path aggregation. BGP is

designed to use autonomous system to provide one structural view of Internet. The

Internet is divided into several autonomous systems to create one large network which

composed of small, easily manageable networks. These small networks adopt their own

rules and management policies.

ZXR10 8900E BGP has the following functions:

Suitable for enormous networks, e.g., backbone network.

Support EBGP and IBGP.

Support EBGP multi-hop technology.

Support group attributes and route reflector.

Support AS ally and route turbulence suppression.

Support MP-BGP;

Support MD5 authentication and route filtering;

Support route reallocation.

3.2.1.5 Policy rout ing

Traditional routing policy performs route forwarding according to the route table

generated by routing protocol or static route. However, in some applications, the users

have some special requirements for routing. Traditional routing policy can only perform

forwarding by destination address. This indiscriminating forwarding mechanism cannot

meet the requirements of increasingly complicated network services.

Compared with traditional routing, policy routing provides more flexible message

forwarding and route control capability. The network management users can not only

perform route forwarding by destination address but also can select other forwarding

paths according to protocol type, message size, application, IP source address and other

conditions. Policy-based routing is more beneficial for network traffic distribution and QoS

improvement. Policy routing means to match certain feature values in IP data packet

according to the policy set by the network management user. Those that match the




7/23/2019 Zxr10 8900e Series




condition are forwarded according to the route specified by the policy; those that fail to

match are forwarded according to traditional route table.

ZXR10 8900E series realizes ACL-based policy routing.

In addition to policy routing, ZXR10 8900E series also provides policy routing backup

function.

The switch uses Redirect command to realize policy routing function based on ACL. For

one ACL rule, the route can only be redirected to a next-hop address. When this next-hop

address has any problem, the corresponding policy routing will also fail. When the switch

has multiple egresses, policy routing backup (PBR BACKUP) function can be realized by

configuring Redirect to multiple next-hop addresses, so that when the active link is faulty,

the route can be automatically switched to the backup next-hop address.

3.2.2 Ipv6 Routing

ZXR10 8900E supports the following IPv6 unicast route features:

Support IPv6 neighbor discovery protocol, which realizes the functions of router and

prefix discovery, address resolution, next-hop address determination, neighbor

unreachable test and repeated address test and which can better support the

mobility of nodes.

Support IPv6 path MTU discovery protocol, which can discover the maximum

transmission unit of the path so as to make sure the message size sent by the node

does not exceed the MTU value of the path.

Support IPv6 static route.

Support IPv6-based dynamic routing protocols RIPng, OSPFv3, ISISv6 and BGP4+.

3.2.3 IPv4/IPv6 Transit ion

ZXR10 8900E provides a number of transitional mechanisms for conversion from Ipv4

network to Ipv6 network, including double stack technology and various tunnel

technologies that are applicable to different environments:

Support IPv4/IPv6 double protocol stack. Double stack technology can completely

solve the coexistence problem of IPv4/IPv6, but is only effective when the

equipment in the whole network supports double stack. Therefore, it has high

requirement for IPv4 network reform. It should be noted that the double stack

technology is the foundation of all the tunnel mechanisms below.

Support manually configured IPv6 tunnel. Manual tunnel technology is simple,

mature and stable, but has high management overhead and poor expandability. It is




7/23/2019 Zxr10 8900e Series




applicable to be used in connection between two stable unchangeable IPv6

subnets.

Support 6to4 tunnel. The 6to4 technology uses special IPv6 address prefix to

automatically construct tunnel for interconnection of IPv6 network. This mechanism

consumes very few IPv4 addresses; one IPv6 subnet only needs one public IPv4

address, so it is applicable to interconnection between multiple IPv6 subnets.

However, the disadvantage of 6to4 technology is that it must use IPv6 address in

specific format, namely, 6to4 address.

Support ISATAP tunnel. ISATAP realizes interworking of IPv6 hosts by establishing

tunnels, mainly used for interconnection between ISATAP hosts and ISATAP

routers and between ISATAP hosts through IPv4 cloud. ISATAP tunnel is used

inside a site without crossing domains, so it is especially applicable to IPv6

transitional scheme of campus area network, which can enable the customer to

immediately realize communication of IPv6 network and can gradually develop to

complete IPv6 network. ISATAP hosts inside the area can access external IPv6

networks via ISATAP router.

Support IPv6 Provider Edge Router (6PE) over MPLS. The 6PE technology is

generally deployed in the environment where MPLS network is running or ready to

run. Ipv6 messages are encapsulated at PE side and double tag is used. The

internal tag carries Ipv6 route reachable information; the external tag uses the

existing MPLS tag to interconnect with Ipv6 isolated island network via switching

channel LSP. 6PE router is double stack router, so it can directly connect with the v4

network of Ipv4 protocol, which is convenient for the situation of v4/v6 coexistence,

and it is unnecessary to reform P.

3.2.4 L3 Multicast

3.2.4.1 L3 Multicast Protocol

L3 multicast protocol includes multicast group management protocol and multicast

routing protocol.

1. Multicast group management protocol

Multicast group management protocol runs between the host and L3 equipment and is

used to establish the relationship between group members in associated network

segments, that is, which multicast group members are under different ports. At present,the multicast group management protocol is mainly realized by IGMP (Internet Group

Management Protocol) and MLD (Multicast Listener Discovery Protocol).

i. IGMP is the Internet group management protocol in Ipv4 network. The major

versions used currently are IGMPv2 and IGMPv3. A new function is added to




7/23/2019 Zxr10 8900e Series




IGMPv3 that the member can specify to receive or reject the messages from

some multicast sources to support SSM model.

ii. MLD protocol is used for Ipv6 router to discover multicast listener in its

associated network segments. MLD is divided to MLDv1 and MLDv2. The

principle of MLDv1 is similar to IGMPv2 and that of MLDv2 is similar to

IGMPv3.

2. cast routing protocol

Multicast routing protocol runs between layer 3 multicast equipments, used to establish

and maintain multicast router and forward multicast data packets correctly and efficiently.

IP multicast routing technology realizes efficient P2MP(point 2 multiple point) data

transmission in IP network; it can effectively save network bandwidth and reduce network

load. Therefore, IP multicast routing technology is widely used in resource discovery,

multimedia conference, data copying, real-time data transmission, game and emulation.

Multicast routing protocol is divided to intra-domain protocol and inter-domain protocol.

Inter-domain protocols include MBGP (Multicast BGP) and MSDP (Multicast Source

Discovery Protocol), and intra-domain protocol includes PIM (Protocol Independent

Multicast). Intra-domain protocol is generally divided to two classes: sparse mode

multicast routing protocol including PIM-SM (Sparse Mode) and dense mode multicast

routing protocol including PIM-DM (Dense Mode). The most useful multicast protocol now

is PIM-SM.

PIM-SM constructs the shared tree using the mechanism of multicast destination explicit

join to perform multicast data packet distribution. In certain conditions, the destination

can be switched to the shortest path tree. PIM-SM is irrelevant to unicast routing protocol.

It uses unicast route table to perform RPF check but not depend on any specific unicast

routing protocol. PIM-SM is more suitable for the multicast network that has potential

multicast group members at the end of WAN link. Besides, PIM-SM allows to use SPT,

and thus reduces network delay brought about by share tree and improves the efficiency.

Therefore, PIM-SM is generally the best choice of multicast routing protocol in multicast

network domain.

3. Multicast model

According to the processing mode of multicast source by the receiver, multicast can be

divided to the following two models.

i. ASM (Any Source Multicast) model: In ASM model, any sender can send

multicast information to a multicast group address as the multicast source; the

receiver obtains the multicast information by joining the multicast group with

the tag of this multicast group address. The receiver cannot know the location

of the multicast source, but can join or leave the multicast group at any time.

ii. SSM (Source Specific Multicast) model: SSM provides the users with a

transmission service in which they can specify the multicast source at the

client, meeting the requirement of the users when they are only interested in




7/23/2019 Zxr10 8900e Series




the multicast information sent form some multicast sources and do not want to

receive information from other sources. SSM model directly builds the shortest

path tree between the multicast source and multicast data receiver, which is

highly efficient.

For ASM model, intra-domain and inter-domain multicast routing protocols are different.

Intra-domain protocol is mainly PIM protocol and inter-domain protocol uses MSDP and

MBGP protocols. For SSM model, there is no difference between intra-domain and

inter-domain protocols. As the receiver knows the location of the multicast source in

advance, multicast information can be transmitted by channel construction via PIM-SSM

protocol. Meanwhile, SSM model also needs the support of IGMPv3.

ZXR10 8900E, supporting IGMPv2, IGMPv3 and MLDv1/v2, IPv4 PIM-DM and

IPv4/v6-based PIM-SM and PIM-SSM, can provide complete multicast solutions. Besides,

to provide enhanced and more reliable multicast services and guarantee the provisioning

and operation of multicast services, 8900E also supports Multicast route guard and

anycast RP functions.

Multicast route guard can prevent unauthorized connection of multicast servers.

Designating a port as the multicast router port can allow multicast router control

messages to pass, otherwise they are discarded.

In multicast network, the existence of a single RP may become the bottleneck or Single

point of failure may occur. Anycast RP is to set multiple RPs with the same address in the

same PIM-SM domain and establish MSDP peer relation between these RPs. The

receiver originates RPT join to the nearest RP; the multicast originates registration to the

nearest RP; each RP only maintains part source/group information in PIM-SM domain

but it will exchange registration information via MSDP with other RPs. When one RP is

faulty, the new registration multicast source and the joined multicast receiver will

automatically select another near RP to perform registration and joining. Anycast RP

ensures new multicast data stream can be established between the new multicast source

and receiver at any time to realize RP load balance and backup.

3.2.5 Contro llable Multicast

IPTV (Internet Protocol Television), also called network television, is a service using IP

broadband network integrated with Internet, multimedia and telecommunication

technologies to provide interactive services like live TV, video on demand and online

browsing. It transmits stream media files or service control requests on the basis of IP

and completes demand and playing of the programs. The user terminals can be IP

set-top box + television or PC.

From network implementation, IPTV can be regarded as a specific application of

controllable multicast technology. Traditional multicast technology cannot control

unauthorized multicast services and thus cannot meet the controllable and manageable

requirements of telecommunication operators. Controllable multicast technology adds




7/23/2019 Zxr10 8900e Series




multicast control policy to original multicast technology and so realizes control on

accessed multicast services.

ZXR10 8900E series switches support complete controllable multicast features. By

supporting the functions including IGMP V1/V2/V3, IGMP Snooping, IGMP Proxy, IGMP

Fast-leave, multicast VLAN, CAC (Channel Access Control) and CDR (Call Detail

Record), they can realize precise control on multicast users.

In commercial IPTV network, controllable multicast technology integrated with current

network authentication technology can realize user access authentication and user

multicast authentication, enabling controllable multicast service access. CAC, CDR

together with SMS system can provide multicast service management and control

capability for users, facilitating the users to provide IPTV service. Multicast VLAN

together with QoS provides complete multicast data stream control measures from

multicast source to the receiver, effectively ensuring multicast quality. IGMP Snooping

technology can record multicast data transmission from the multicast source, traffic and

destination address. IGMP fastleave can strictly control and record a specific receiver

joining and leaving a specific multicast group to enhance multicast management

capability and provide technical support for IPTV billing. Multicast VLAN and IGMP

Snooping can prevent flooding of multicast messages in L2 network, isolate multicast

users and guarantee multicast information security.

Besides, the equipment provides the following controllable multicast management

functions to facilitate users to perform management on IPTV channel and subscribers,

including channel access control, channel management, suite management, preview

configuration function, preview template management, CDR function and unified network

management via MIB.

The procedure of IPTV user access control is generally as follows:

1. IPTV users have four kinds of rights: view, preview, query and reject.

2. The operator creates static channel table or suite table (can be regarded as

multicast group), creates static port principle (CAC) table, and applies the channel or

suite to the principle. In this way, the view function of some channels, preview

function of some channels and query function of some channels are enabled on the

port.

3. The user client sends a message to report, leave or query a multicast channel of

IGMP from the local port; IPTV module searches the matching CAC principle

according to the user’s port and VLAN and authenticates the rights of the channel

applied for by the user. The authentication method is to search the channel rights

(view, preview, query, reject) that has been configured in the principle and return the

result to IGMP Snooping for further processing. The processing methods of IGMP

Snooping for different rights are as follows to make the IPTV service management

controllable in the network layer: view and preview right: add the user’s port in the

multicast forwarding table; query right: broadcast the query message in the user’s

VLAN.




7/23/2019 Zxr10 8900e Series




4. When the use leaves this channel (multicast group), IGMP fastleave will delete the

user from the multicast group to avoid illegal receiving; at the same time the system

outputs user CDR to SMS system to realize billing management.

The controllable multicast technology provided by ZXR10 8900E series switches enables

the operator to control multicast services precisely, perform overall management on the

users and realize flexible provisioning of IPTV service.

3.2.6 MCE

In traditional MPLS VPN model, VPN access is provided by PE equipment and user

isolation is performed on PE equipment. The present MPLS VPN model is a plane model,

so no matter the PE equipment is located at which layer of the network, the requirements

for its performance is the same. The routes aggregate layer by layer, even when PE

extends to the edge direction, more routes need be maintained; while typical network is

core-aggregation-access three-layer model, in which the equipment performance

degrades sequentially and the network scale expands sequentially. This brings much

difficulty for PE equipment to extend to the network edge. Besides, when VPN users are

far away from PE, they need be linked by WAN links, whose number should be at least

the same as the number of VPN users. Using routers to access users nearby and

connecting them to PE via a WAN link after aggregation can save the cost and improve

bandwidth utilization rate, but different VPN users should be distinguished on this WAN

link.

MCE (Multi-VRF CE) technology extends the capability of CE and enables it to have VRF

function. The equipment with this function is called MCE equipment. In networking,

multiple MCEs together with PE are used to form a distributed PE. MCE enable multiple

VPN users to share one CE device and at the same time isolates different users, solving

the contradiction between security and cost. User data stream is terminated at MCE,

avoiding adverse effects of broadcast stream on PE equipment. Generally speaking,

MCE is a technology to realize multiple VPN users sharing one CE device in local area

network and sharing the links between this CE device and PE device. MCE can realize

total isolation between different services in transmission, solve the security problem of

traditional local area network with low cost and largely satisfy the customers’

requirements.

Figure 3-3 Architecture of MCE




7/23/2019 Zxr10 8900e Series




As shown in Figure 3-3, the characteristic of MCE technology is that it changes VPN

access from PE to CE.

Multiple VRFs are configured on MCE, corresponding to multiple VPN sites. Each VRF

needs an uplink interface to connect with PE; the same VRF is configured on the

corresponding interface of PE. As MCE does not need to support MPLS, between MCE

and PC equipment are ordinary data packets without MPLS label. This is different from

layered PE. There is a layer of MPLS label between layered PEs. Therefore, VPN traffic

can only be differentiated by the interfaces on PE. This means the number of VPN

interfaces PE correspond to should be equal to the number of VPNs MCE supports

(same configuration as PE supporting L3 VPN). A CE with MCE feature actually

simulates multiples CEs. The virtual CEs are isolated from each other and can be

accessed with multiple VPN users. PE equipment cannot sense whether this is multiple

CEs or one MCE, so PE needs no expansion.

3.3 MPLS VPN

3.3.1 Basic Functions of MPLS

MPLS is a multi-layer switching technology integrating L2 switching and L3 routing

technologies and using label as the means to aggregate and forward information. It runs

in route layer architecture, supports multiple upper-layer protocols and can be realized in

various physical platforms.

Labels are just like the zip codes of letters. Zip codes are encoded numbers for the

destination addresses of letters and some special requirements (such as QoS, CoS and

management information) which enable faster and more effective letter processing and

speed up the routing process of the letters to reach the destination. The basic concept of

label switching is label distribution, namely, binding of the label and network layer route.




7/23/2019 Zxr10 8900e Series




The basic routing mode of MPLS is hop-by-hop routing, which allows simpler forwarding

mechanism than data packets and can realize faster routing. As it uses universal method

of label distribution and universal routing protocol on various media (such as packet, cell

and frame), MPLS supports highly efficient and widely applicable specific routing (such

as QoS routing) and universal traffic engineering method as well as other operation

methods. Using LDP (label distribution protocol), its core protocol, together with standard

network layer routing protocol, MPLS distributes label information among the devices in

the MPLS network in the connectionless working mode. MPLS can also use

connection-oriented working mode, namely, signaling protocol to establish specific routes

for multimedia services that need long time and QoS support. Besides, MPLS can use

the working mode of resource reservation without specific connection, namely, RSVP

and RSVP-LSP-TUNNEL protocols, mainly in traffic engineering. The extended protocol

of LDP, CRLDP can be used to implement some routes with specific paths.

The working principle of MPLS network is as shown in Figure 3-4. From the figure, the

core components of an MPLS network are: Label Edge Switch Router (LER) and Label

Switch Router (LSR). Through label distribution protocol (LDP), label information isdistributed between LER and LSR and between LSR and LSR. Network routing

information comes from some common routing protocols, such as OSPF. The system

determines how to establish the label switching path (LSP) according to the routing

information. When a packet enters LER, the ingress LER determines the LSR to the

destination by searching the route table according to the input packet header, inserts the

corresponding label of the LSP to the packet header and then outputs the packet to the

path identified by the label. The network nodes perform label switching forwarding

completely depending on the packet label without searching the route table. The egress

LER forwards the packet to the destination according to certain principles.

Figure 3-4 MPLS working principle

Generally the structure of MPLS header is as shown in Figure 3-5, including 20-bit label,

3-bit EXP, commonly used for CoS, 1-bit S, used to identify whether this MPLS label is

the bottom layer label, and 8-bit TTL (Time To Live).

In Out

3 6

8 3 6

LSR LSR

In Out

3

In Out

6 8

In Out

8

Ingress LER Egress

LER

LDP

IP Route processing

LDP LDP




7/23/2019 Zxr10 8900e Series




Figure 3-5 MPLS header structure

MPLS decides forwarding by label. A label is a 20-bit identifier, only having local effect in

one hop link. What is identified by a label is a group of packets called Forwarding

Equivalence Class (FEC), which can be all packets to the same destination address

prefix or can be introduced with QoS to make the packets having the same service qualityrequirements belong to the same FEC. The packets belonging to the same FEC are

forwarded according to the same forwarding policy.

When a packet without a label enters an MPLS domain, the edge LSR will analyze the

destination address carried in the header, class this packet to an FEC according to QoS

requirement, add the corresponding label of this FEC to the packet and then forward it to

the next hop. The intermediate LSR maintains a table of mapping relations between

incoming label, outgoing label and forwarding direction. When receiving a packet with a

label, it will search the mapping relation table by the incoming label carried by the packet

to obtain the outgoing label and forwarding direction, replace the incoming label with the

effective outgoing label and then send it to the next hop. When the packet leaves the

MPLS domain, the label will be deleted at the edge LSR, turn back to a packet withoutlabel and be sent to the next hop.

In forwarding, the label can be processed in the form of stack. The label value at the top

of the label stack is the effective label, and LSR forwards packets by the top label of the

stack. When a packet enters an MPLS domain, a label is pushed in the label stack

occupying the top of the stack; at this time the stack depth increases by 1. The LSR in

this MPLS domain only checks and replaces the top label and ignores the other labels.

When the packet leaves the MPLS domain, POP operation is performed, and the label

stack turns back to the original depth before entering the MPLS domain. The packet

without label can be regarded as empty label stack; adding label to it when it first enters

MPLS network environment can also be regarded as PUSH operation. In this way, MPLS

can easily realize layered network. The depth of label stack indicates the network layer:when the packet passes a tunnel or a lower-level MPLS network, the depth of the label

stack will increase; on the contrary, when the packet returns to the upper-level network,

the depth decreases.

At present ZXR10 8900E series provides complete MPLS protocol with the major

functions as below:




7/23/2019 Zxr10 8900e Series




Support LDP and RSVP protocols;

Support TTL value decreasing, loop test, policy management and pop up at the last

but one hop;

Support downstream independent label distribution mode and free label reservation

mode;

Support fast rerouting of LSP and establishment of RSVP-LSP.

3.3.2 MPLS TE

Network congestion is a major problem that affects backbone network performance. The

reason of congestion may be insufficient network resource or unbalanced network

resource load which leads to local congestion. Traditional routing with shortest path first

will cause unbalanced distribution of network traffic, that is, when a path is congested, the

traffic will not be switched to other paths. With the expansion of network scale anddevelopment of network services, the customers have increasingly higher requirements

for service quality; the problem of traditional routing is thoroughly exposed. TE (Traffic

Engineering) is just to solve the congestion caused by unbalanced load. MPLS TE is a

technology integrating traffic engineering with MPLS. By MPLS TE, the service provider

can precisely control the path of the traffic, so as to avoid the congested node, solving the

problem of some paths being overloaded and some paths being idle and making full use

of the current bandwidth resource. At the same time, MPLS TE can reserve resource

when establishing LSP tunnel to guarantee service quality.

MPLS TE creates link bandwidth resource database in the nodes of the MPLS network

via OSPF TE or IS-IS TE, calculates tunnel creation path by CSPF algorithm according to

link bandwidth resource database and tunnel restriction conditions, and finally creates TEtunnel using RSVP-TE signaling protocol in the path calculated by CSPF algorithm.

RSVP (Resource Reservation Protocol) is a TCP/IP based transport layer protocol. By

RSVP, the host can apply for specific QoS to the network, providing secure data stream

services for specific services, and meanwhile reserve resource on the router nodes

where the data stream passes and keep this status until the service releases

corresponding resource. RSVP-TE protocol, an extended protocol of RSVP, can carry

parameters including bandwidth, some specific routes and color, create the LSP that

meets the restriction conditions according to traffic engineering route calculation and

complete link backup, node backup and load balance functions.

ZXR10 8900E supports MPLS TE-related technology and can provide the followingfeatures:

MPLS TE provides “non-IGP shortest path first” IP packet forwarding capability,

which can effectively avoid network congestion caused by unbalanced network

traffic by planning network resource reasonably.




7/23/2019 Zxr10 8900e Series




MPLS TE provides bandwidth guarantee for traffic. Bandwidth reservation, priority

definition and bandwidth preemption mechanisms are introduced for key traffic. It

can ensure the transmission traffic will not be discarded because the link bandwidth

is insufficient.

MPLS TE can also guarantee stable and reliable transmission of network traffic:

when the link or transmission node fails, fast link switching can be achieved via

MPLS TE FRR and MPLS TE tunnel backup technology. Besides, it also supports

LSP full path protection and thus can largely reduce the impact on the traffic.

Support MPLS VPN over TE; provide LDP over RSVP; TE tunnel provides

bandwidth guarantee and isolation for MPLS VPN service.

3.3.3 MPLS L2 VPN

MPLS L2 VPN can be divided into two classes. The first is called VPWS (Virtual Private

Wire Service), which realizes communication between the sites in VPN by point-to-pointconnection. This mode is mostly used for users using ATM and FR connection. The

connection between the users and network provider are not easy to be maintained, but

the services are transmitted on the IP backbone network of the network provider after

encapsulation. The second is called VPLS (Virtual Private LAN Service). The operator’s

network emulates the function of LAN SWITCH or bridge, connecting all LANs of the

users to form a simple bridge LAN. The major difference of VPLS and VPWS is that

VPWS only provides point-to-point service while VPLS provides point-to-multipoint

service. That is, the CE device in VPWS selects a virtual line and sends the data to a

user site; the CE device in VPLS only simply sends the data to all destinations to the PE

devices connected to it.

Figure 3-6 Basic VPWS network model

The most direct way to create L2 VPN is to create VC between CP and PE, and the

operator’s network uses LSP of MPLS to bear these connections, as shown in Figure 3-6.

MPLS TE can be adopted to meet the QoS requirement of the users. In this scheme, the

workload of configuring PVC between CE and PE and MPLS LSP for bearing is heavy.

Substantial LSP will occupy a lot of resource of LSR, which will reduce network




7/23/2019 Zxr10 8900e Series




expandability. Targeting the above expandability problem, Martini draft suggests creating

a fixed number of MPLS LSPs between PE and network devices. When VC bearer

services between user CE device and PE need to pass through the network, they will

enter the point-to-point sub-tunnel (i.e. “pseudo-wire”) in MPLS LSP. This LSP can be

regarded as the bearer channel of multiple VCs. This is similar to the relation between VC

channel and VP channel in ATM network. IETF draft defines the signaling to create

sub-tunnel and the encapsulation format of forwarding ATM, FR and Ethernet data

packets on sub-tunnel. Although this method save some network resource (such as LSP

quantity), but when creating large-scale MPLS VPN, we need create all sub-tunnels

manually; the configuration workload is quite high.

ZXR10 8900E series products support VPWS of Martini draft and extended LDP protocol.

They can create different LSP channels by service type. They support Ethernet

encapsulation and VLAN encapsulation as well as LDP-based extended VPLS.

3.3.3.1 VPLS

Virtual Private LAN Service (VPLS) is a kind of VPN with multi-station link in a single

bridge domain in IP/MPLS network managed by operators. All customer stations in VPLS

seem to locate in one LAN no matter where they actually locate. Since VPLS uses

Ethernet interface to implement customer exchange, it simplifies LAN/WAN boundary

and makes service providing quick and flexible. In VPLS, customers keep the complete

control over routing. Besides, since all routers of customers in VPLS are a part of the

same sub-net (LAN), they get a simplified IP address solution. This advantage becomes

especially obvious when it is compared with the full-meshed structure constituted by

different P2P links. Operators can also get benefits by reducing the complexity of VPLS

service management.

In Figure 3-7, CE1, CE2, and CE3 are in one VPLS domain – VPLS A. They are

connected by a packet switching network (here is MPLS network). Equipped with VPLS,

PEs establish Full-Meshed VC connection between each other. If CE1 communicates

with CE3, CE1 first learns MAC address of CE3, which is based on data flow. Meanwhile,

there must be two layers of tags to PE3 on PE1. One is packet switching tag for outer

layer, which is MPLS network here, and the other is VC tag for the inner layer. When PE1

receives MAC frames with the destination address of CE3, PE searches for inner and

outer layer tags arriving PE3 according to MAC address, VCID and other information, and

adds the tags to the data frames and transport them through MPLS network. Only inner

layer tags are left with the data when it arrives PE3. PE3 gets the connecting port of PE3

where CE3 locates according to inner layer tag and MAC address, and transport it from

the port. The data will arrive CE3. In this way communication between CE1 and CE3 iscompleted. Here all operations are implemented based on L2. Operators don’t need to

concern users’ routing configuration so that it reduces users dependence on operators,

and simplifies operators’ management of user services.




7/23/2019 Zxr10 8900e Series




Figure 3-7 Basic VPLS network model

3.3.3.2 H-VPLS

VPLS adopts PE full-connection to avoid loopback so that LDP session or BGP sessionwill be set up between all PEs in one VPLS instance, which brings great challenge to

network scalability. In scenario with medium scale, PE full-connection is acceptable. But

when PE increases in network, the number of sessions will grows by a square increase,

which put high requirement of equipment performance. At the same time network

management becomes very complicated. Hierarchical VPLS networking (H-VPLS)

perfectly solve this problem.

H-VPLS divides PE into NPE and UPE. UPE works as CE for access user. NPE works as

core layer of VPLS networking, providing transparent transport of user packet in

operator’s network. NPEs in H-VPLS networking compose full-connection. UPE doesn’t

need to establish connection with all PEs. With hierarchy, H-VPLS reduces PW number

and PW signaling costs.

There are two types of H-VPLS: PW and QinQ.

1. U-PW Access:

Figure 3-8 H-VPLS networking with U-PW access




7/23/2019 Zxr10 8900e Series




As shown in Figure 3-8, UPE works as aggregation device and establishes virtual

connection U-PW with NPE1. UPE provides user data packet access and tags VC label

corresponding to U-PW. When NPE1 receives the packet, it decides which VFI that the

packet belongs to based on VC label, tags VC label corresponding to N-PW based on the

destination MAC address of the packet, and forwards it. As for packets received from

N-PW, NPE1 tags VC label corresponding to U-PW and forwards it to UPE.

2. QinQ Access:

Figure 3-9 H-VPLS networking with QinQ access

As shown in Figure 3-9, working as aggregation device, UPE is a standard bridging

equipment supporting QinQ. UPE enables QinQ at access port of CE and tags

VLAN-TAG as multiplexing separating mark. Packets are transparently transported

through QinQ tunnel between UPE and N-PE to NPE1. NPE1 decides the VSI that the

packet belongs to based on VLAN-TAG tagged by UPE, tags multiplexing separation

mark (MPLS tag) based on the destination MAC of the packet and forwards it. When

NPE1 receives packets from PW side, it decides which VFI that the packet belongs to

based on the multiplexing separation tag (MPLS tag), tags VLAN-TAG based on the

destination MAC of the packet, and forwards the packet via QinQ tunnel to UPE, which

transfers the packet to CE.

If CE1 and CE2 exchange data for local CE, equipped with bridging, UPE can directly

implement packet forwarding between the two without transporting the packets upwards

to NPE1. However, UPE will forward first packet with unknown destination MAC or

broadcasting packet to NPE1 via QinQ tunnel when UPE transmits traffic to CE2 by

bridge broadcasting. NPE1 implements packet duplication and forwards it to each

peer-end CE.

ZXR10 8900E support two above H-VPLS accesses.




7/23/2019 Zxr10 8900e Series




3.3.4 MPLS L3 VPN

3.3.4.1 MPLS VPN

Figure 3-10 Basic BGP MPLS VPN network model

As shown in Figure 3-10, a basic BGP/MPLS VPN network is composed of CE router, PE

router and P router. As customer edge equipment, CE is the router or switch connecting

operator’s network in customer stations. VPN function is provided by PE router. P and CE

router has no special VPN configuration needs.

To separate routing of a VPN and public Internet routing from other VPNs, PE router

generates a separated route/forwarding instance (VRF) for each VPN. PE router

generates a VRF table for each VPN connected by a CE router. Any customer and

station belongs to VPN only have access to the VRF table of the VPN.

When we build BGP/MPLS VPN network, each PE router must operate MP-BGP (use

MP-BGP between PE in MPLS VPN) to conduct VPN routing learning and notification

between PE. MP-BGP inherits BGP’s request – make full-connection between the peers

that run IBGP in one routing domain in order to notify BGP routing in routing domain.

When there are a large quantity of PE in VPN, IBGP full-connections will be a great deal,

which may cause N square problem and scalability problem. Routing reflector can be

used to solve this.

If two sites of one VPN are located in different Autonomous Systems, the corresponding

PE router cannot use IBGP connection to forward VPN-Ipv4 routes. At this time EBGP

must be used to transport VPN-IPv4 route between AS with back-to-back VRF: using

EBGP to distribute VPN-IPv4 route with mark and using Multi-hop EBGP to distributeVPN-IPv4 routes from one AS to another.

ZXR10 8900E series support complete MPLS L3 VPN, address overlapping, CE static

routing, RIP, OSPF, and BGP access. They support BGP scalable union, capability

negotiation, and route refreshing. They support binding of interface with VRF, and

binding of VLAN with VRF.

VPN1

VPN2

VPN1

VPN2

Customer

Edge Switch

Service ProvideEdge Switch

Backbone Switch

VRF VRF

PPE

PE




7/23/2019 Zxr10 8900e Series




3.3.4.2 Cross-domain VPN

At the beginning, MPLS-VPN application is mainly developed in enterprise network or

MAN with not very large scale. Deployment of MPLS-VPN inside an AS can meet the

service needs. With the expansion of MPLS-VPN application scale and the expansion of

network scale, cross-domain MPLS-VPN services are emerging. Multiple sites of user

VPN connect to multiple ISP or different AS domains of an ISP. If the AS number for all

AS domains are different, operators need to support Multi-AS cross-domain VPN.

The following are three solutions to solve Multi-AS cross-domain VPN:

VRF-to-VRF solution: set up logic sub-interface between edge routers with each

sub-interface associated to one VPN. Edge router distributes IPv4 route to

corresponding VPN user by sub-interface. Each VPN should be processed. It suits

the beginning phase of VPN service with little network change and little VPN

services provided.

Single hop MP-EBGP solution: edge routers distribute VPN user VPN-IPv4 routes

by MP-EBGP, avoiding the trouble of processing each VPN on edge router by VRF

to VRF. When VPN service develops to a certain phase, and edge router link is

restricted, single-hop MP-EBGP can be considered to provide cross-domain VPN

service.

Multi-hop MP-EBGP solution: Multi Hop MP-EBGP solution: It distributes user

VPN-IPv4 route between PE by Multi-hop MP-EBGP. With no need to process VPN

information by edge router, it suits cross-domain VPN service providing in a large

scale. But it needs to be planned in an integrated way in network deployment.

ZXR10 8900E provides the above three VPN cross-domain deployment solutions.

3.4 QoS

3.4.1 Basic QoS

The existing Internet provides best-effort services. In this mode all service flows are

“equally” and fairly compete for network resources. The router takes the working mode of

First Come First Service (FCFS) for all IP packets. It tries its best to sent IP packets to the

destination but provides no guarantee for reliability and delay of IP packet transport. This

suits Email, FTP and WWW services well.

With the high-speed growth of Internet, IP service develops quickly and becomes

diversified. With the emerging of multimedia service, computer is no longer a pure tool to

process data but getting closer and closer to people’s lives. Computer exchange

becomes more realtime and lively, which puts forward higher requirement to computer

and internet. For those applications with special bandwidth, delay and jitter requirements.

The existing “best-effort” service is apparently not enough. Although network bandwidth




7/23/2019 Zxr10 8900e Series




and speed are greatly improved with the development of network technology, the data

needs transmission is increasing as fast as network development. At the same time,

some new applications emerged in recent years (such as multimedia and multicast) not

only add to network traffic but also change the traffic on the Internet. They need

brand-new service requirements. Without service quality guarantee, bandwidth

reservation, and restricted network delay, the network cannot support the applications

sensitive to indexes of bandwidth, delay, jitter and packet loss ratio such as VoIP, video

conference, Providing capability to support QoS is a feasible measure to solve the

problem. QoS aims to provide different service quality for various applications with

different needs such as providing private bandwidth, reduce packet loss ratio, reduce

packet transport delay and jitter.

QoS works to effectively provide users with E2E service quality control or guarantee.

QoS enables network unit (such as program, host or network equipment) can guarantee

its service flow and service requirements are satisfied at a certain level. QoS can control

various network applications and satisfy multiple network application requirements. For

example:

To control the resource: to restrict bandwidth used by FTP on backbone network, or to

offer higher priority to database access.

Cuttable services: subscribers of ISP (Internet Service Provider) can transport voice,

video or other realtime services. QoS can make ISP distinguish these different packets

and provide different services.

Co-existence of multiple needs: be able to provide bandwidth and low delay guarantee

for time-sensitive multimedia services. Other services in operation will not influence these

time-sensitive services.

QoS doesn’t create bandwidth. It only manages bandwidth based on program needs and

network situation. QoS has a series performance indexes including the following:

Service availability: the reliability of the connection between subscribers and Internet

service.

Transmission delay: time interval of data packets transmitting and receiving between two

reference points.

Variable delay: also called jitter, is the time difference between data packets in a group of

data flow transmitted on one route.

Throughput: rate of data packets transmitted in the network, which can be represented inaverage rate or peak rate.

Packet loss ratio: the highest ratio of data packet loss in network. Data packet loss is

usually caused by network congestion.

ZXR10 8900E series provides the following functions to realize the above objectives:




7/23/2019 Zxr10 8900e Series




1．Traffic classification

2．Traffic monitoring

3．

Traffic shaping

4．Queue scheduling and default 802.1p priority

5．Re-orientation and policy routing

6．Priority mark

7．Traffic mirroring

8．Traffic statistics

3.4.1.1 Traffic Classif ication

Traffic classification defines or describes packets with certain features by classifying

packets go through the switch. Packet classification can be implemented by ACL,

especially extended ACL. Packets can be classified into different categories based on

different needs. Users classify packets based on filtering options of ACL such as packet

source/destination IP address, source/destination MAC address, IP protocol type, TCP

source/destination port number, UDP source/destination port number, DSCP, ToS, IP

Precedence, VLAN ID, 802.1p priority value, MPLS EXP, and MPLS tag.

3.4.1.2 Traffic Monitoring

Traffic monitoring takes bandwidth restriction of a service to prevent it from exceeding the

specified bandwidth or influencing other service flows. The following measures can be

taken to deal with the exceeded traffic:

To drop or forward

To change its DSCP value

To change its dropping priority (packets with higher dropping priority are dropped

first in queue congestion.)

ZXR10 8900E series swtich realizes Single Rate Three Color Marker (RFC2697) and

Two Rate Three Color Marker (RFC4115). Both two algorithms support Color-Blind and

Color-Aware modes.

Meter works in two modes: in Color-Blind mode, it supposes packets are uncolored. In

Color-Aware mode, it supposes packets are marked with color. The data packets go

through the switch will be distributed with a color based on certain rule (data packet




7/23/2019 Zxr10 8900e Series




information). Marker colors the IP packets based on Meter result and the color is marked

in DS domain.

The following are two types of marking algorithms.

1. Single Rate Three Color Marker (SrTCM)

This algorithm is used in Diffserv traffic conditioner. SrTCM measures information flow

and marks the packets based on three parameters: Committed Information Rate (CIR),

Committed Burst Size, (CBS), and Excess Burst Size (EBS). We call the three

parameters green, yellow and red mark. When a packet goes through the ingress

monitoring it takes token from CBS bucket first. The packet will be green if it can get a

token from CBS bucket. It takes token from EBS bucket if it cannot take one from CBS

bucket. The packet will be yellow if it can take one from EBS bucket. The packet will be

red if it cannot take a token from EBS bucket. Red packets will be dropped by default.

2. Two Rate Three Color Marker

This algorithm is used in Diffserv traffic conditioner. TrTCM measures IP information

traffic and marks data packets as green, yellow or red based on two rates: Peak

Information Rate (PIR) and Committed Information Rate (CIR), as well as their related

burst size (CBS and PBS). In color-aware mode, packet is marked as green if it doesn’t

exceed CIR. It is marked as yellow if it exceeds CIR but doesn’t exceed PIR. And it is

marked as red if it exceeds PIR. In color-blind mode, all packets are marked as green.

3.4.1.3 Traffic Shaping

Traffic shaping takes control over the rate of output packets to transmit the packets at an

even rate. Traffic shaping is usually used to match the packet rate with the downstreamequipment so as to avoid congestion and packet dropping.

The major difference between traffic shaping and traffic monitoring lies in the fact that

traffic shaping buffers the packets exceed rate limit to send the packets at an even rate.

While traffic monitoring drops the packets exceed rate limit. Traffic shaping adds to delay

while traffic monitoring doesn’t add extra delay.

ZXR10 8900E supports two-level traffic shaping, as well as shaping based on VLAN and

port. With two levels shaping of VLAN and port, the system can realize multi-level control

over service flows to guarantee the implementation of multi-level QoS and differentiated

management.

3.4.1.4 Congesti on Avoidance

Network equipment has limited processing and buffering capability. Packets exceed

equipment capability will cause congestion. Simply dropping of these packets will lead to

“global synchronization”. ZXR10 8900E adopts RED/WRED to avoid congestion and




7/23/2019 Zxr10 8900e Series




improve network quality. ZXR10 8900E WRED can sense the services including IP

priority, DSCP and MPLS EXP. It can set different early dropping strategy for packets

with different priorities to provide differentiated dropping feature.

3.4.1.5 Queue Scheduling

ZXR10 8900E series switch has each of its physical port supporting 8 output queues

(queue0~7) called CoS queues. The switch takes output queue operation at ingress

according to CoS queues corresponding to 802.1p of the packets. When network is

congested, many packets may compete for resources. Queue scheduling can solve the

problem.

ZXR10 8900E series switch supports three queue scheduling: Strict Priority (SP),

Weighted Round Robin (WRR), and Dynamic Weighted Round Robin (DWRR). 8 output

queues at the port can adopt different schedulings.

Strict Priority (SP)

SP takes scheduling of data of each queue based on the exact priority of the queue.

Firstly it gets the packet out of the queue with the highest priority and sends it out until

packets in the queue are send out. Then it sends packets in the queue with the second

highest priority. Similarly, it sends all the packets in the queue and then sends packets in

the queue with the third highest priority. And the rest can be done in the same way.

SP offers first processing for packets of key services so that quality of the key services is

guaranteed. However, queues with lower priority may never get processed and get

starved.

Weighted Round Robin (WRR)

WRR offers every queue chances to be scheduled without “starving”. However, each

queue gets scheduling at different time with different weight (the proportion of resources

each queue gets). Packets in the queue with higher priority are more possible to be

scheduled than those in the queue with lower priority.

Dynamic Weighted Round Robin (DWRR)

DWRR offers every queue chances to be scheduled too. Each queue has different weight.

The difference between DWRR and WRR lies in the fact that the weight configured by

DWRR indicates the bytes that scheduled every time for 8 queues at the port with the unit

of kbyte, while the weight configured by WRR indicates the packets that get scheduledevery time for each queue. Therefore, the size of DWRR data packet has little influence

on bandwidth.

802.1p tag covers data priority. If the data enters the port has no 802.1p tag, the switch

will distribute a default 802.1p value to it.




7/23/2019 Zxr10 8900e Series




3.4.1.6 Priori ty Mark

Priority mark re-distributes a set of service parameters to the particular traffic that

described by ACL. The following operatons can be implemented:

1. Change CoS queue of the data packet and change its 802.1p value.

2. Change CoS queue of the data packet without changing its 802.1p value.

3. Change the DSCP value of data packet.

4. Change the dropping priority of the data packet.

3.4.2 MPLS QoS

MPLS QoS is an important part in QoS service deployment since DiffServ has good

deployment flexibility and scalability. In practical MPLS networking solution, DiffServmechanism is usually used to implement QoS. ZXR10 8900E supports DiffServ -based

MPLS QoS. Traditional IP QoS decides the service level based on IP priority or DSCP so

as to realize differentiated service of the service. MPLS QoS distinguish data flows of

different services based on EXP value, implements mapping of priority between MPLS

EXP and IP & Ethernet, realizes differentiated service of services, and guarantee the

quality of voice and video services.

MPLS QoS has four modes:

Uniform mode

Pipe mode

Short Pipe mode

Long Pipe mode (mainly used in carrier supporting carrier architecture)

ZXR10 8900E supports uniform, pipe and short pipe. At MPLS Ingress PE node, packets

decide whether to map or duplicate IP priority or VLAN priority to MPLS EXP based on

uniform, pipe or short pipe. In backbone network classified traffic gets EXP value

remarked based on service protocol, gets traffic monitoring, shaping and scheduling. At

Egress node of MPLS, priority for IP or Ethernet service packets are redeployed based

on Uniform, Pipe or Short Pipe model. E2E QoS is provided based on DiffServ as shown

in Figure 3-11. In addition, ZXR10 8900E imports H-QoS into MPLS VPN, realizes

multi-level scheduling in VPN and improves comprehensive network operation capability.




7/23/2019 Zxr10 8900e Series




Figure 3-11 end to end MPLS QoS

3.5 OAM

3.5.1 Ethernet OAM

With the rapid development of Ethernet in recent years, Ethernet networking is taking

larger proportion in network construction and Ethernet scale also keeps growing.

Ethernet is used to replace ATM equipment in access, aggregation, and backbone

network. At the same time IP bearer network is developing as a multiservice and

broadband network. Without carrier-class management, the traditional Ethernet cannot

detect, notify or separate L2 network failure. The network manamgement system

adopting SNMP can only manage link and equipment state. It cannot detect E2E

connection performance and state of user service. When there’s network failure, it cannot

be located or located quickly. Besides, with the wide application of network equipment,

the managers pay more attention to OAM of Ethernet equipment.

ZXR10 8900E series support three standards of Ethernet OAM at the moment:

IEEE 802.3ah(Operations, Administration, and Maintenance-OAM)

IEEE 802.1ag(Connectivity Fault Management-CFM)

IEEE 802.3ah operation, management and maintenance standard is the formal one of

IEEE. It takes “link” level management, taking monitoring and failure processing of P2P

(or virtual P2P) Ethernet link. The protocol has great significance in connection

management of these points at the places where failures tend to occur such as the last

mile for the network user.

IEEE 802.1ag Connectivity Fault Management is the draft standard of IEEE at present. Ittakes “service” level management. It provides the network with easy and quick fault

discovery, detection and management. It submits effective detection, separation and

connectivity fault report of the virtual bridge LAN.

8900E supports OAM that complies with the above standard. It provides Ethernet

Connectivity Check (ETH-CC), Ethernet LoopBack (ETH-LB), and Ethernet Link Trace

(ETH-LT). It supports Frame Loss Measurement (ETH-LM), and Frame Delay




7/23/2019 Zxr10 8900e Series




Measurement (ETH-DM). It supports Ethernet link OAM, link discovery, link state

monitoring, remote defect indication, and remote loopback that conform to IEEE802.3ah.

3.6 Clock synchro nizationBecause of telecom bearing IP trend, there are clock requirements for Ethernet to provide

precision clock for mobile wireless network. Mobile network has high requirements for

high-precision synchronization. Its synchronization consists of frequency synchronization

and time synchronization. ZXR10 8900E supports Synchronous Ethernet and 1588v2

solution which uses synchronous Ethernet technology for clock frequency

synchronization, and IEEE 1588 phase fine control and time maintenance for clock time

synchronization.

ZXR10 8900E can configure different clock source priorities. Clock sources are selected

according to different priorities. The clock source with the highest priority will take effect in

the earliest time. If the clock fails, the clock source with the second highest priority willtake effect, and the rest will go similarly. The restoration policy of clock source is: If the

clock with high priority is restored, it can be configured to select whether to switch back.

3.6.1 Clock source

ZXR10 8900E support 5 clock sources, and the main control decides which clock source

information is distributed to the system.

Local clock: Local clock of system hardware, the most basic clock signal.

BITS: Support 2MHz analog signal and 2Mbits digital clock signal.

GPS: Traditional mobile network clock source providing high-precision clock signal

and 1PPS+TOD signal.

SyncE: Support Synchronous Ethernet interface, and restore and extract the clock

from physical layer.

1588v2: IEEE 1588v2 is a precision time synchronization protocol which transfers

messages between active and standby equipments to precisely synchronize

master/slave clock and time.

3.6.2 Synchronous Ethernet

Synchronous Ethernet (SyncE) technology adopts Ethernet link code stream to restore

the clock. It synchronizes frequency rather than synchronization phase, and needs all

bearer network equipments to support synchronous Ethernet features. ZXR10 8900E can

extract the clock from Ethernet link, or get support reference clock from external

synchronous interface (including BITS and GPS) as system clock. The system selects

the proper system clock source and export clock source according to synchronization




7/23/2019 Zxr10 8900e Series




status information or system alarm information. After clock source is determined, the

system uses high-precision clock at the Ethernet interface to send data and transfer

synchronization status information, synchronizing Ethernet physical-layer E2E data

transceiving. Its synchronization mode is shown as Figure 3-12.

Figure 3-12 SyncE synchronization

3.6.3 IEEE 1588 v2

IEEE 1588 v2 is a precision time synchronization protocol, called PTP protocol for short.

IEEE 1588 v2 adopts master/slave clock to transport time in the form of code. Time

stamp is generated at the protocol layer adjacent to the physical layer. It uses symmetry

and delay measurement technology of network link to synchronize frequency, phase and

absolute time of master/slave clock. 1588 key lies in delay measurement.

IEEE 1588 v2 master/slave clock synchronization principle is shown in Figure 3-13: Slave

clock synchronizes with master clock through offset measurement, and then delay

measurement is made to get inter-clock link delay and time deviation to adjust time

output of slave clock and synchronize the time between master clock and slave clock.




7/23/2019 Zxr10 8900e Series




Figure 3-13 IEEE 1588 synchronization

ZXR10 8900E supports 1588 v2 protocol and the following working modes:

Ordinary clock: Only one port supports 1588v2 protocol. The clock works as

grandmaster or slave.

Boundary clock: Several ports support 1588v2 protocol. The clock can connect

several ordinary clocks or transparent clock.

Transparent clock: The node does not run 1588v2 protocol, but needs to modify

time stamp. It is required in forwarding time message to fill in the time, when the

node processes the message, in the modification location. Both E2E and P2P

modes are included.

3.6.4 Clock protection

1. Port selection protection

ZXR10 8900E fulfills automatic protection switching of clock link based on SSM protocol

and BMC optimal clock algorithm to reliably transmit the clock. It select an algorithm

according to clock path to calculate the best synchronization path of clock and time

information to avoid clock loop. When a fault occurs to the network, the system makes

the protection switching of clock and time information according to clock path algorithm,

and provide synchronization locking, hold-over and free-run of clock and time

information.

2. Active/standby Main Control Module protection




7/23/2019 Zxr10 8900e Series




ZXR10 8900E active/standby main control modules always synchronize clock information.

When receiving Bits and GPS signals, one main control module sends the signals to the

other main control module. Line card receives the clock signal from active and standby

main control modules at the same time, but one line card only takes the clock of active

main control module as system reference clock. When a fault happens to active main

control module, line card can switch the clock to take the clock of standby main control

module as system reference clock.

3.7 Reliability protectio n

3.7.1 Equipment-level protect ion

3.7.1.1 Main control board protection

ZXR10 8900E adopts the carrier-class reliability design. It has two main control boards.

Each main control board has control module and switching module, and two main control

boards can make load balance and redundant backup, and supports the redundancy of

switching module and main control module. When a fault occurs to active module,

services and data can be switched from active main control board to standby main

control board to forward data and operate services without interruption.

3.7.1.2 Power supply module protection

To comply with strict equipment reliability requirements of telecom carriers, ZXR10

8900E adopts hot backup design for power supply, and employs 48V DC and 220V AC.

DC adopts 1+1 mode, and AC adopts 1+1 or 2+1 backup according to different racks to

improve the reliability of power supply system. Furthermore, 8900E power supply

supports several intelligent protection mechanisms, and provides protection, detection

and fault report for power supply according to such parameters as voltage, current and

temperature.

3.7.1.3 System supervision protection

ZXR10 8900E meets the carrier-class reliability requirements and provides a whole set of

system supervision means to drop user maintenance cost and improve equipment

stability and reliability.

In terms of hardware, ZXR10 8900E can supervise such information as environment

temperature, board temperature, fan status, power supply status, power supply power

sampling (including PoE power supply). In terms of software, it can collects such status

information as environment temperature, board temperature, fan status, power supply

status, power supply power sampling (including PoE power supply). When going wrong




7/23/2019 Zxr10 8900e Series




or exceeding alarm threshold, the system reports relative alarm and fault, and

automatically saves and sends them to related server regularly.

3.7.2 Network detection mechanism

When network equipment runs, link fault, equipment single point of failure and equipment

connectivity fault may take place. In order to find various network faults in time and start

effective protection measures, ZXR10 8900E offers a series of effective network

detection mechanisms. In addition to the detection technologies to be introduced below,

ZXR10 8900E also supports some detection and positioning means such as UDLD, IP

Ping, IP Trace, multicast Trace route, LSP Ping and LSP Trace route.

3.7.2.1 BFD

BFD (Bidirectional Forwarding Detection) is a path connectivity detection protocol. BFD

aims to offer a low overhead to detect the fault between adjacent forwarding systems in ashort time. BFD packet is the message encapsulated with UDP protocol, and can be

loaded into any proper media or network protocol. BFD can run at several system layers.

BFD can detect the fault in any path between systems. The path may be direct physical

link, virtual circuit, tunnel and MPLS, and indirect path. As BFD fault detection is simple,

BFD can quickly detect the forwarding fault.

BFD status mechanism needs three handshakes. It is a simple service. It is only required

to offer destination address and other parameters to create, delete and modify BFD

session. When BFD session is up or down, a signal is returned to the system for proper

processing.

BFD is a simple Hello protocol. It is partially similar to neighbor detection of famous route

protocols in many respects. A pair of system periodically send detection message on the

path of the session between them. If one system receives no detection message from the

other in enough time, it will consider that a fault occurs to a part of the bidirectional path

to the adjacent system. In certain conditions, transmitting and receiving rate between the

systems need to be negotiated to reduce the load.

After bidirectional communication between two systems is established, only one path is

running (unidirectional link is also possible). An independent BFD session may be

created for each communication path or data protocol between two systems. Each

system can evaluate the frequency of transmitting and receiving BFD packet so as to

keep two systems consistent in fault detection duration. The parameters can be modifiedaccording to different surroundings to meet the demands.

BFD protocol describes bidirectional detection mechanism which consists of

asynchronous mode and query mode. An auxiliary echo function can work with these

modes. The difference of asynchronous mode and query mode lies in detection location.

In asynchronous mode, one system periodically sends BFD control message, and the




7/23/2019 Zxr10 8900e Series




other system remotely detects the BFD control message. In query mode, the system

transmits and detects the BFD control message.

Asynchronous mode: In asynchronous mode, two systems periodically sends BFD

control message to each other. If one receives no BFD control message from the other in

detection time, it will be announced that the session is down.

Query mode: In query mode, supposed that each system has an independent approach

to confirm that it is connected to other systems. Once a BFD session is created, the

system will stop sending BFD control message unless a system needs to explicitly verify

the connectivity. If it needs to explicitly verify the connectivity, the system sends a short

BFD control message. If it receives no message returned in detection time, it will be

announced that the session is down. If a message is returned, the protocol will remain

silent again.

Echo function: One system sends a series of BFD echo messages, and the other system

loops them back via its forwarding path. If several continuous echo messages are not

received, it will be announced that the session is down. The echo function can work with

the above two detection modes.

ZXR10 8900E support BFD for static route OSPF dynamic route and VRRP to fulfill fast

convergence. It combines BFD and FRR technologies and provides fast fault detection

mechanism to implement fast rerouting.

3.7.2.2 OAM detection

OAM offer a wide variety of detection means of network fault discovery. It consists of

Ethernet OAM and MPLS OAM. Ethernet OAM detects and discover Ethernet link fault,

and MPLS OAM provides defect detection tool and protection switching mechanism forMPLS network. For details, refer to Section 3.5. OAM message detection serves to detect

link status, node status and tunnel connectivity. It can detect the fault while triggering the

protection switching.

3.7.2.3 SQA

SQA (Service Quality Analyzer) sends the test message to analyze network performance,

network service and QoS, and provide the user with network performance and QoS

parameters, e.g., delay jitter, TCP connection delay, FTP connection delay and file

transport rate. SQA helps the user to know current network status, and detect and

position the fault to improve network management initiative and controllability .

ZXR10 8900E supports many kind of detections include ICMP-echo, DHCP, DNS, FTP,

HTTP, UDP-jitter, SNMP, TCP, UDP-echo, Voice and DLSw, and associates detection

result to VRRP function, as shown in Figure 3-14.




7/23/2019 Zxr10 8900e Series




Figure 3-14 SQA association

3.7.3 VSC

VSC( Virtual Switch Cluster) system can virtualize multiple independent devices into one

device to dynamically add or delete members. These VSC members that linked by VSC

port can select one main device by a certain selection mechanism. And others work as

forwarding devices. It’s like one device is expanded to support more interface cards,more interfaces, more services, provide equipment-level redundancy backup, and

improve the reliability of the equipment and network.

VSC can make a simple network without complicated and slow STP or VRRP. Multiple

devices only need one configuration to make the network more reliable to support

Multi-chassis link aggregation, to implement protocol-level and equipment-level cross-

chassis hot standby, and to make the network more effective. Multiple devices constitute

VSC system to effectively improve the system capacity, to implement load balancing, and

to fully utilize network bandwidth.

Figure 3-15 VSC system logic connection diagram




7/23/2019 Zxr10 8900e Series




3.7.4 Ethernet intelligent protection

ZXR 8900E supports ZESR (ZTE Ethernet Switch Ring), ZESS (ZTE Ethernet Smart

Switch) and ZESR+, and provides ring protection and dual-uplink protection mechanism.

3.7.4.1 ZESR

ZESR (ZTE Ethernet Smart Ring), the Ethernet ring technology, allows network

administrator to create Ethernet ring, similar to fiber distributed data interface (FDDI) or

SONET/SDH ring. It can recover any link or node fault within 50ms.

ZESR uses break alarm, ring monitoring and ring restoration to maintain the protocol.

1. Break alarm: When standby equipment in ZESR ring detects that a cable fault

occurs to its active or standby port connected to the ring, it immediately sends break

alarm frame from another port to active equipment. When active equipment receives

the alarm frame and knows the ring goes wrong, it unlocks standby port, refreshesL2 forwarding table (L2 table), and sends a notification frame to notify other ring

equipments to refresh their L2 tables, as shown in Figure 3-16.

Figure 3-16 ZESR break alarm

2. Ring monitoring: When working normally, active equipment periodically sends

diagnosis frame via active port. If the ring works normally, standby port of active

equipment will periodically receive the diagnosis frame, reset its timeout timer and

go on operation. If the timer exceeds the set time but standby port receives no




7/23/2019 Zxr10 8900e Series




diagnosis frame, active equipment will consider that the ring goes wrong and

unlocks standby port to assure ring connectivity. Meanwhile, active equipment

refreshes L2 table and sends a notification frame to notify other ring equipments to

refresh their L2 tables. Ring monitoring mechanism is the backup of break alarm

mechanism. Once break alarm frame is lost for unknown reason, the solution is a

reliable backup support.

3. Ring restoration: When a ring link breaks, active equipment still periodically sends

diagnosis frame via active port, but standby port cannot receives it. After the ring

restores, the next diagnosis frame will be received by standby port of active

equipment. When active equipment receives diagnosis frame, it knows the ring

restores; then it sets standby port to blocked, refreshes L2 table and sends a

notification frame to notify other ring equipments to refresh their L2 tables. When

standby equipment detects that its connection restores, as diagnosis frame is

periodically sent, active equipment will not receive diagnosis frame immediately (so

standby port is unblocked). If no measure is taken now, standby port of active

equipment will remain unblocked for some time, which will result in temporary loopand broadcast storm. To avoid the status, standby equipment needs to set the port

to be temporarily blocked when the port connection restores. When standby

equipment receives the notification frame from active equipment to refresh L2 table,

standby equipment knows that active equipment blocks its standby port, and then

standby equipment refreshes L2 table and unblock the restored port. Up to now the

ring returns to normal status.

3.7.4.2 ZESS

ZESS (ZTE Ethernet Smart Switching) technology fulfills fast switching protection and

load balance between L2 Ethernet links, and the active and standby links are switched

within 50ms. Its working principle is as shown in Figure 3-17: The node supports ZESS;

port 1 is active port and port 2 is standby port. When the node detects that active and

standby ports are UP, it blocks the protection service VLAN forwarding function of

standby port; when the node detects that active port is DOWN, it blocks the protection

service VLAN forwarding function of active port and unblocks the protection service

VLAN forwarding function of standby port; when the node detects that active port restores

to UP, it adopts inverse and non-inverse modes. In inverse mode, it unblocks active port

and blocks standby port again. In non-inverse mode, active port remains blocked and

standby port unblocked. In addition, in ZESS switching, it is required to upgrade FDB of

the blocked port.




7/23/2019 Zxr10 8900e Series




Figure 3-17 ZESS protection mechanism

3.7.4.3 Intelligent dual-homed ZESR+

When metro core network uplinks backbone network, one switch has two uplink ports

connecting two BRAS or SR, thus ZESS provides dual-uplink protection. Although the

connection has uplink and SR or BRAS protection, there is single-point fault risk from

uplink to BRAS or SR. For consideration of security in the actual networking, 2 uplink

ports connected to the same SR or BRAS are located in 2 switches, and the downlink still

uses the ZESR ring. Two uplink switches adopts ZESS and two switches remain the

heartbeat hello. When port 4 goes wrong, the traffic switches to port 5; when a fault

occurs to port 5, the traffic goes to the right switch. Thus lower-layer link fulfills the ring

protection and traffic load balance and backup. The working principle is shown as Figure

3-18.

Figure 3-18 ZESR+ working principle




7/23/2019 Zxr10 8900e Series




3.7.5 L3 route protection

3.7.5.1 Enhanced VRRP

If traditional VRRP technology is adopted, when router link goes wrong or powers off,

backup router spends 3 seconds in switching, which cannot address the user demands

when IP network bears voice service. Enhanced VRRP introduces fast BFD mechanism

to replace VRRP heartbeat message. It speeds up the detection between VRRP entities

and employs single-hop or multi-hop BFD to check whether the real-address

communication between slave and master routers is normal. If not, the slave will consider

the Master is unavailable and upgrade to the master to fulfill fast switching.

VRRP and BFD are bound based on BFD session between router and host, which means

that master and slave routers are respectively bound to different BFD-sessions (These

sessions are not established between master and slave routers). If the communication is

abnormal between master router BFD and HOST, VRRP downgrades master to slave,

and upgrades slave to master to link the communication between protection router and

host and fulfill fast switching between master and slave routers.

Furthermore, ZXR10 8900E supports VRRP group management. Multiple VRRPs forms

a VRRP management group, and each member keeps consistent with the group in the

status. When VRRP management group creates a BFD session to trigger management

group status switching, all members will make status switching. VRRP group

management reduces inter-equipment BFD message traffic to facilitate VRRP

management and bring down network and equipment load.

3.7.5.2 Route Load balance

Load balance helps the equipment to forward the traffic via several activated links so as

to make full use of the bandwidth of these links. Load balance does not mean that the

traffic of one link is equal to the other.

By configuring static route, route protocol and route number, ZXR10 8900E adopting

route-based load balance sets several reachable routes to one destination address in the

forwarding table so as to offer the basis for load balance.

The route technology for load balance includes ECMP (Equal-cost multi-path routing) and

WCMP (Weight-cost multi-path routing). ECMP working principle is: When there are

several paths reachable to one destination address in the network, the data is transmitted

via several links. ECMP makes full use of the bandwidth of idle links and backs up datatransport of failed links. WCMP improves ECMP. Because the links are different from

each other in the bandwidth, if the data is averaged to the links to transport, it is

impossible to make full use of the link with larger bandwidth. Therefore, WCMP adjusts

the route weights according to a policy to make ECMP more flexible and practical.




7/23/2019 Zxr10 8900e Series




ZXR10 8900E supports the per-destination load balance policy which considers source

address and destination address of a packet so that the packets with the same “source

address - destination address” go the same path (Even if several paths are available),

and the packets with different “source address - destination address” pairs go different

paths. The policy ensures the packets with the same “source address - destination

address” pair reach in sequence.

3.7.5.3 GR (Graceful Restart )

GR (Graceful Restart) uses the neighbor equipment to implement non-reset for control

plane session connection when the control plane has error and switching. GR realizes

non-stop forwarding services in routing protocol restart. At the same time it can quickly

recover the route. Each routing protocol has its own GR expansion.

When routing protocol restarts, it notifies its neighbor to wait for a specific period of time,

during which it maintains their neighborhood relationship and keeps routing stable. When

routing protocol restart is completed, the neighbor equipment helps it to implement

routing information synchronization and set up the session again. Various routing

information can be all recovered during a short period of time. With GR, protocol restart,

routing and forwarding are comparatively stable to realize non-stop packet forwarding.

ZXR10 8900E series support relative routing protocols such as GR for

OSPF/ISIS/BGP/RIP, which avoids network socillation and improve network stablity and

reliability.

3.7.6 VPN Protect ion

3.7.6.1 PW Protection

PW (Psedudo Wire) is one of the linear protection in MPLS L2VPN used to solve

end-to-end service convergence in CE dual-homing model. PW protection detects PW

layer failure by OAM and BFD mechanisms and implements failure notification and fast

traffic switching. Since PW can be set up between two PE and multi-hop PW can be set

up between two PE, PW redundancy-based protection mechanism should support

single-hop PW redundancy and multiple segment PW redundancy.

Single-hop PW redundancy set up multiple PW between PE. ZXR10 8900E series switch

supports 1:1 redundancy backup. It can realize PW fast switching for active/standby, as

shown in Figure 3-19.




7/23/2019 Zxr10 8900e Series




Figure 3-19 PW single-hop redundancy protection

Multi-hop PW redundancy imports S-PE between PE. S-PE connects PW on the two

ends. PE1 and PE2 sets up connection with S-PE respectively. In this way PW between

PE1 and PE2 is composed of multiple segments of PW. ZXR10 8900E series switch

supports 1:1 multi-segment PW redundancy backup. When PW1 fails, traffic can be

quickly switched to PW3 to realize fast switching between active and standby PW as


Figure 3-20 PW multi-hop redundancy protection

3.7.6.2 MPLS VPN Dual-homing Protect ion

1. CE Dual-homing to PE

In MPLS network, to provide network reliability and solve service interruption problem

caused by route re-convergence results from single PE failure, we import CE

dual-homing to PE solution. CE is accessed to two PE at the same time. One is activeand the other is standby. When CE perceives active PE or active link fails by LACP, STP,

ZESS, or port shutdown, it can automatically switch to standby PE and standby link.

When failure recovers, the original active PE can recover or automatically change to

standby PE based on certain strategy as shown in Figure 3-21.




7/23/2019 Zxr10 8900e Series




Figure 3-21 CE dual-homing to PE

L3VPN adopts FRR to set active/standby forwarding item directing active PE1 and

standby PE2 at remote PE. PE implements quick failure detection by BFD and MPLS

OAM. When PE4 detects PE1 failure, it can forward traffic to PE2. Service traffic betweenCE1 and CE2 can be switched to PE2-PE4 link.

In L2VPN PE4 save PE1 and PE2 forwarding table at the same time. That is to say, MAC

active egress for CE1 is PE1 and standby egress is PE2. PE4 forwarding item will set

forwarding prefix, inner layer label, and selected outer layer LSP tunnel. When PE1 fails

(for example, unavailable tunnel is perceived by BFD and MPLS OAM), PE4 can forward

traffic to PE2. When CE1-PE1 link fails, PE1 will notify PE4 to refresh MAC address,

change the egress, and switch the traffic to PE2-PE4 link.

2. UPE Dual-homing to NPE

In H-VPLS network, there’s also single-point failure. Dual-homing of UPE to NPE can

improve network reliability and avoid link and NPE single-point failure. When a link fails,

for example, BFD detection or port shutdown, traffic can be switched to standby link.

When the failure is recovered, the original active NPE will recover or automatically

become standby NPE based on certain strategy as shown in Figure 3-22.

In H-VPLS with U-PW access, LDP session is run between UPE and NPE. Whether the

active PW fails can be decided based on LDP session state. In H-VPLS with QinQ

access, STP can be run between UPE and the NPE connected to it to ensure that the

other link is activated when one link fails.




7/23/2019 Zxr10 8900e Series




Figure 3-22 UPE dual-homing to NPE

3.7.7 FRR Protect ion

3.7.7.1 IP FRR

IP FRR (IP Fast ReRoute) can reach 50ms switching, which can reduce data loss in case

of failure to the best. IP FRR calculates standby route in advance. When active route fails,

another route calculation is not implemented. Standby route is adopted to switch traffic to

standby link. When active link recovers and gets stable, the traffic is switched back to the

active route as shown in Figure 3-23.

Figure 3-23 Route switching diagram

NPE1

NPE3

NPE2

N-PW

U-PW

UPE

CE2

CE1

Master

Backup




7/23/2019 Zxr10 8900e Series




ZXR10 8900E supports FRR for static routing, OSPF, IS-IS, and RIP, which easily

implements traffic switching of single-directional traffic to meet the switching time

requirement.

3.7.7.2 LDP FRR

LDP FRR is MPLS-related reliability technology. With the help of LDP label distributing

protocol, it distributes active/standby labels for routes. Saving the standby label, it quickly

respond to route change, switch label to the standby label, and implement 50ms

switching protection in case of network failure. Label standby equals to standby LSP.

When a certain link or node on the protected LSP fails, label can be quickly switched to

the standby link as shown in Figure 3-24. R2 directs e2/2 to back up e2/1 port. In this way

LSP will has two next-hops. One is on the active link specified by the routing protocol.

The other is standby. When port 2/1 is detected to fail, label will be quickly switched to

e2/2. When the route recovers, label will be switched back to e2/1 port.

Figure 3-24 Label switching diagram

LDP FRR is only a temporary protection measure. When the protected link recovers,

traffic will be switched back to the original LSP. LDP FRR doesn’t need to rely on

complicated MPLS TE. Standby LSP for link, node or route doesn’t need to be set up

respectively. It’s easy to implement with the spreading of MPLS.

3.7.7.3 MPLS TE FRR

MPLS TE FRR is a set of link protection and node protection mechanism in MPLS TE.When LSP link or node fails, protection is implemented at the node where failure occurs.

In this way traffic can be permitted to go through via the tunnel of protected link or node

so that data transmission will not be interrupted. At the same time head node can go on

initiating recreation of active route with data transmission not influenced.




7/23/2019 Zxr10 8900e Series




MPLS TE FRR uses a LSP set up in advance to protect one or multiple LSP. The LSP set

up in advance is called FRR LSP. The protected LSP is called active LSP. The ultimate

objective of MPLS TE FRR is to use FRR route to detour failed link or node so as to

protect the active route as shown in Figure 3-25.

Figure 3-25 TE FRR local link and node protection

FRR LSP and active LSP creation get all components in MPLS TE system involved.

MPLS TE FRR complies with RFC4090 based on RSVP TE implementation.

There are two ways to realize FRR:

One-to-one Backup: one to one backup protection. One active LSP sets up a standby

protection LSP, which is called Detour LSP.

Facility Backup: one to multiple backup protection. Multiple active LSP set up a standby

protection LSP, which is called Bypass Tunnel.

Facility is usually adopted in MPLS TE FRR deployment. The creation of active LSP is

the same with that of common LSP. RSVP sends PATH message from the head node to

downstream hop by hop, and sends RESV message from the tail node to upstream hop

by hop. It distributes labels, reserves resource and sets up LSP when it processes RESV

messages. Bypass Tunnel can be set up in two ways: one is manual and the other is

automatic. When active LSP has no FRR feature, Bypass Tunnel can be manually

configured to protect the physical interface of the tunnel. Its configuration is similar to that

of the common LSP except FRR cannot be configured. That is to say, Bypass Tunnel

cannot work as active LSP at the same time. Nor LSP be protected by embedding.

Automatic Bypass Tunnel is a simplified manual configuration. When active LSP needs

FRR protection, it automatically sets up a Bypass Tunnel to protect the active LSP. A

single automatic Bypass Tunnel can protect multiple active LSP. Bypass Tunnel is

usually in idle state assuming no data services. If Bypass Tunnel is required to assume

common data forwarding task at the same time when it protects active LSP, enough

bandwidth should be configured. When link or node fails, if the interface is configured

with FRR protection, data will be automatically switched to the protection link. When the

failure recovers, normal forwarding path will be automatically recreated.




7/23/2019 Zxr10 8900e Series




In MPLS TE network usually MPLS TE FRR is deployed, which is determined by MPLS

TE’s features. In pure IP network, when there’s partial failure, if there are other available

route to the same destination, packets will be forwarded along these routes. Before route

change caused by the failure spreads to the whole network, only this mechanism can

quickly implement partial failure protection. In MPLS network with no TE deployed, LDP

setting up LSP by DU is widely applied. When partial failure occurs, if there are other

available routes, LDP will initiate LSP creation to upstream nodes. Not considering TE

related needs such as bandwidth, priority and link attribute, the possibility of successfully

creating LSP is comparatively big. Thus the process from failure to recovery is short. In

MPLS TE network, LSPs are usually established in DoD mode through RSVP. On a head

end, the CSPF algorithm calculates a path based on the routing information of the area

that satisfies the constraints and RSVP establishes an LSP along the path. When an

element along the LSP fails, a new LSP needs to be established. However, CSPF cannot

calculate the path before the head end knows the route change. In addition, a partial

failure may make it necessary to reestablish multiple LSPs. During LSP reestablishment,

problems such as insufficient bandwidth may intervene. Therefore, compared with pure

IP network and MPLS network with no TE configured, MPLS TE network needs moretime to recover from partial failure. So one standby LSP is set up in advance in MPLS TE

network. Initiating FRR and quick switching can be implemented in partial network failure.

3.7.7.4 L3VPN FRR

L3VPN FRR is used to solve CE dual-homing, which is the most common end-to-end

service convergence problem for network model. It can control end-to-end service

convergence within 1s in case of PE node failure. Since MPLS TE FRR can only solve

link or node failure between PE, and PE needs to rely on VPN route convergence when it

has failure, end-to-end fast convergence cannot be realized. CE model is shown in

Figure 3-26:

Figure 3-26 CE dual-homing model

Suppose the path for CE-B accessing CE-A is:

CE-B——PE-E——P-C——PE-A——CE-A. When PE-A node fails, the path for CE-B

accessing CE-A is converged as: CE-B——PE-E——P-D——PE-B——CE-A. Based on

standard MPLS L3 VPN, PE-A and PE-B both distribute route directing to CE-A to PE-E,

and distribute private network labels. In traditional technology, PE-E selects a VPNV4

CE-A CE-B

PE-A

PE-B

PE-C

PE-D

PE-E




7/23/2019 Zxr10 8900e Series




route sent by MBGP neighbor based on certain strategy. In this instance, the route

selected is distributed by PE-A. Only the route information distributed by PE-A (including

forwarding prefix, inner layer label, selected outer layer LSP tunnel) is filled in the

forwarding item used by forwarding engine to direct the forwarding.

When PE-A node fails, PE-E perceives PE-A’s failure (BGP neighbor is DOWN or outer

layer LSP tunnel is unavailable), it re-select a route distributed by PE-B, re-distribute

forwarding item, and complete service end-to-end convergence. Before PE-E

re-distributes forwarding item corresponding to route that distributed by PE-B, since the

destination of outer layer LSP tunnel that forwarding item of forwarding engine directs is

PE-A, and PE-A node fails, during this period, CE-B cannot get access CE-A. End-to-end

services are interrupted. In traditional technology, end-to-end service convergence time

covers: 1) PE-E perceives PE-A failure. 2) PE-E re-selects VPN V4 route distributed by

PE-B. 3) PE-E distributes new forwarding item to the forwarding engine. Obviously, step

2 and step 3 goes depending on the scale of VPN V4 route.

ZXR10 8900E switch can firstly download the route information distributed by PE-B to the

forwarding engine as the second choice. It adopts BFD to check the link between PE-E

and PE-A. Discovering failure, PE-E quickly switch the route to hte link between PE-E

and PE-B. Packets will be switched to CE-B via PE-B to recover services between CE-B

and CE-A and realize fast switching.

3.8 Securi ty and Authentication

3.8.1 ACL

In order to filter data, the netework needs to set lots of matching rules. After identifying

special objects, the corresponding packets can be allowed or forbidden to pass as per

the preset rules. ACL (Access Control List) is used to realize these services.

By using ACL, message filtering, policy route and special traffic control can be realized.

One ACL can contain one or more than more rules for one special type of packet. These

rules tell the switch if the selected packets are allowed or forbidden to pass.

The rules defined by ACL can also be used in other scenario, e.g. traffic classification in

QoS.

ZXR10 8900E series switch provides the following 4 types of ACL. Besides, it gives

support to two sorts of Ipv6 ACL.

Basic ACL: match source IP address only.

Extended ACL: Match source IP address, destination IP address, IP protocol type,

TCP source port number, TCP destination port number, UDP source port number,

UDP destination port number, ICMP type, ICMP Code, DSCP (DiffServ Code Point),

ToS and Precedence.




7/23/2019 Zxr10 8900e Series




L2 ACL: match source MAC address, destination MAC address, source VLAN ID,

L2 Ethernet protocol type and 802.1p precedence.

Hybrid IP address: match source MAC address, destination MAC address, source

VLAN ID, source IP address, destination IP address, TCP source port number, TCP

destination port number, UDP source port number and UDP destination port

number. The perfect fields match three types mentioned above.

Basic IPv6 ACL: only match IPv6 source IP address.

Extended IPv6 ACL: match IPv6 source and destination addresses.

3.8.2 Device Authentication

3.8.2.1 AAA Authentication

ZXR10 8900E supports complete AAA (Authentication, Authorization and Accounting )

mechanism. So it not only can be used to arrange login user authentiation and

authorization together with hierarchical protection mechanism of command line, but also

can verify user’s validity in network management. based upon AAA mechanism, ZXR10

8900E can effectively prevent illegal users from logging in the system.

For different user access authentication policies, the device provides complete AAA

service. As per different access authentication requirements, user can configure different

access authentication policies to arrange different authentication and authorization

services.

AAA supports three types of user authentication:

Local account authentication

RADIUS (Remote Authentication Dial-In User Service) authentication

TACACS+ (Terminal Access Controller Access Control System) authentication

AAA supports four types of authorization mode:

Direct authorization: for very trustable user, direct authorization without requiring

account number is implemented.

Local account authorization: give authority as per user’s local account.

TACACS+ authorization: TACACS+ consists of authentication and authorization.

TACACS+ server gives user authorities.

Authorization when RADIUS authentication is successful: the authentication and

authorization of RADIUS can not be apart.




7/23/2019 Zxr10 8900e Series




3.8.2.2 SSH

SSH (Secure Shell) is made by IETF network working team. SSH is a security protocol

build on the basis of application layer and transport layer. SSH currently is a reliable

security protocol designed particularly for remote login session and other network

services. SSH protocol can be used to avoid information leaking effectively. Encrypting

transport data via SSH protocol can avoid middle attack.

SSH supports the following two sorts of authentication:

The first one is the security authentication based upon password. Input correct account

number and password, then user can access the remote host successfully. All transport

data are encrypted. This mode ensures reliable data transmission. But it may lead to faud

server which makes the data transferred to illegal servers.

The other security authentication is based upon encryption key. User must create a pair

of encryption key and save the public key to the target server. The client software asks

the server for security authentication via its own encryption key. When the server

receives the request, it looks for the public encryption key in the root category of this

user’s server. After confirming the two encryption keys are the same by comparing the

public key with the public key sent by the client, the server will encrypt challenge and

send it to the client software. After receiving the challenge, the client will decrypt it by

private encryption key and send it to the server.

ZXR10 8900E supports security authentication of SSHv2 protocol.

3.8.2.3 Command Line Hierarchical Protect ion

Currently, ZXR10 8900E series switch realizes different levels of command (16 levels intotal). For different access users, different levels of authority is used. Lower level leads to

less command. Higher level leads to more commands. The administrator (highest level)

is able to set different authority levels to different command, so that self-defined

command authority configuration can be implemented.

In order to realize hierarchical authority, two parts of authority level should be maintained:

Command node authority level maintenance: when the switch is initiated, each

command node has a default authority level. The administrator can change it.

Login user authority level maintenance: the administrator can set authority level for

each login user. Conditions for displaying and implementing the command are:when user’s authority level is bigger or equals to the command authority level, this

command can be displayed and executed on user’s terminal. In default situation, the

administrator can use all commands. Other authority levels can only use some

maintenance commands.




7/23/2019 Zxr10 8900e Series




3.8.3 Access Secur ity

3.8.3.1 802.1x

802.1X is a Client/Server-based access control and authentication protocol. When

connecting with user device at system port via authentication, it confirms if the user is

authorized to access system services via this port. In this way, unauthorized data

transmission between the user and system can be avoided. At first, 802.1X access

control only allows EAPOL frame to pass the port connecting with the user’s device. After

authentication, other data can pass this port then.

802.1X enables the access point via which the authenticator connects with LAN to

generate two logical ports: controlled port and uncontrolled port. The uncontrolled port

which is free from port authorization status can exchange PDU with other systems freely,

while the controlled port can only exchange PDU with other system when it is authorized.

PAE is the base of the algorithms and protocols related to operating and authentication

mechanisms. The authenticator’s PAE is responsible for communicating with requestor’s

PAE and sending information collected from the requestor’s PAE to authenticator’s

server. After verifying this information, the authentication server confirms if the requestor

is authorized to access the authenticator’s service. The authenticator’s PAE determines

the authorized and unauthorized status of the controlled port as per the authentication

results. The authenticator’s PAE uses uncontrolled port and EAPOL protocol to exchange

protocols with the requestor’s PAE. It uses EAPOR and RADIUS authentication server for

communication.

The 802.1X unit of ZXR10 8900E series switch mainly realizes the following services:

Support services of authenticator.

Local authentication.

Support authenticator’s PAE to exchange protocols with EAPOL via the uncontrolled

port.

Force-Unauthorized, Auto and Force-Authorized values of

Auth-Controlled-Port-Control can be used to run the controlled port.

Support Admin-Controlled-Directions and OperControlled-Directions to run the

controlled port.

Re-authentication timer can be used to authenticate the requestor again on aregular basis.

Transparent transmission of 802.1x authentication packet is supported when

authentication is not initiated.




7/23/2019 Zxr10 8900e Series




3.8.3.2 DHCP

DHCP server can allocate proper IP address for all sorts of device. With DHCP service,

the network administrator instead of distributing IP address manually can allocate IP

address automatically by exchanging DHCP protocol message. This not only reduces the

workload caused by manual configuration and configuration error, but also enables

unified IP address management when the device is moved.

DHCP adopts client/server communication mode. The client sends IP allocation

application to the server , then DHCP server returns the related configuration information

like allocated IP address to the server. When DHCP client gets the configuration

information, it can realize dynamic IP address configuration and communication with

external network. In this process, DHCP server can implement authentication. One

DHCP server usually has one IP address pool, so that it can distribute IP address to

multiple IP devices.

When DHCP server and DHCP client are not in the same network segment, DHCP relay

is required. DHCP sends request message to DHCP server. When DHCP relay receives

and processes the received messages, it will send the message to the DHCP server of

one network segment. The server provides related information as per the request

message. Then the DHCP relay will return the configuration information to the client to

finish dynamic client configuration.

Besides, DHCP also includes some extension serv ices, e.g. DHCP snooping and DHCP

Relay Agent Information Option (Option 82), etc. With some options in DHCP request

message, DHCP option 82 enables DHCP server to confirm user’s location more

accurately. In this way, different users adopt different address distribution policies to

make users can be effectively controlled even when they are in different VLANs or

network segments.

DHCP Snooping is mainly used to avoid some spoofing DHCP Server. The spoofing

DHCP Server made by some devices feeds back user’s DHCP address request, which

disable the user to get correct DHCP address and connect with the network. Or the

spoofing DHCPO Client send DHCP address request to DHCP Server frequently to use

DHCP Server address out. By initiating DHCP Snooping service, trust and un-trusted port

can be set. DHCP Server responding messages sent by the un-trusted port will be

discarded. In addition, Snooping can set the number of the IP address one un-trusted

port can allocate, so that DDoS attack for DHCP Server can be avoided.

ZXR10 8900E support DHCPv4 server, DHCPv4 relay, DHCPv4/v6 snooping and DHCP

option82 services. The specific supported options can be seen in the functional list.

3.8.3.3 IP source guard

IP source guard checks message source by binding port, VLAN, MAC and IP together. It

realizes message security control. The binding table of IP source guard can be set up in

the following two ways:




7/23/2019 Zxr10 8900e Series




1. Static binding: binding table item generated by manual configuration is used to

implement port control service. This method is suitable for one host or LAN where

there are less hosts.

2. Dynamic binding: implement port control service by getting the binding table items of

DHCP Snooping or DHCP Relay automatically. It is suitable for the LAN where there

are lots of hosts. Using DHCP to implement dynamic host configuration can

effectively avoid conflict IP address and IP address spoofing.when DHCP allocates

one entry to the user, the dynamic binding service will add one more binding table

entry to allow this user to access the network. If one user sets IP address privately, it

will not allowed to access the network as DHCP is not initated to allocate table entry

the dynamic binding service does not add related access rule.

ZXR10 8900E supports IP Source Guard service based upon IPv4 and IPv6.

3.8.3.4 DAI

DAI (Dynamic ARP Inspection) service sends ARP message to CPU to see its validity.

Then this message will be discarded or forwarded. If the ARP message source MAC

address, source IP address, port number and port VLAN are the same as DHCP

Snooping table or manual IP static binding table entry, this message which is considered

as legal ARP message will be forwarded. Otherwise, it will be discarded as illegal ARP

message. As ARP message is sent to CPU, lots of ARP messages will lead to DoS attack.

In real application, DoS attack to ARP message should be defended. ARP message is

only suitable for IPv4 protocol. For IPv6 protocol, ND message will be monitored.

3.8.4 MFF

Based upon RFC 4562, MFF is applied on user access device. It aims at isolating user at

user access side while providing effective IP address distribution. All streams are

forwarded to uplink access gateway, then the gateway will determine the forwarding

direction of these streams (L2 switching stream in one broadcasting domain is included).

In the past, these streams were directly forwarded by access devices, which leaves

potential security risks. MFF ensures user isolation, satisfies Broadband Forum (DSL

Forum in the past) and matches the requirements for access node interconnection and

security in TR101 report demanded by broadband access network.

Compared with PVLAN, MFF not only can realize user’s L2 isolation, but also saves

some user’s information. So it is safer in processing and forwarding messages. At the

same time, the communication between users in the same segment of layer 2 iscontrolled by gateway router, which makes the network more secure by realizing

integrated control.




7/23/2019 Zxr10 8900e Series




3.8.5 Network Secur ity

Ideally, user-class virus inspection which requires user to install patch and anti-virus

software is preffered in defending network virus. In most occasions, lots of users can not

accomplish this task, so switch must be able to provide network-class virus inspection

and alarm.

Besides, for some malicious network attacks, the switch must have some protective

mechanisms to avoid the breakdown of the switch and network. ZXR10 8900E series

switch mainly realizes network-based security mechanism. It configure security

inspection service to different units.

In ZXR10 8900E series switch, the network security mainly includes the following

services:

Inspect virus which cause outbreak traffic increase, e.g. “SQL worm”, “red code” and

“shockwave”. Corresponding alarms will be generated, or the client port will be closed.

Avoid user’s ARP proofing.

MAC address flooding protection. Restrict port MAC address number.

Set port broadcasting packet threshold.

L2, L3 and L4 hybrid ACL filtering.

Route filtering

Forbid ICMP relocation service. Prevent attacker from sending spoofing ICMP message.

Defend CPU attack. Implement protocol message protection. Distribute different

hardware CPU queue to protocol message. Set precedence, speed restriction, wred

and other QoS mechanisms. Protect CPU.

Defend DoS attack based upon hardware queue. Support anti-land | null-scan |

ping-of-death | smurf | sys-fin | syn-port-less-1024 | xma-scan | ping-flood |

syn-flood attack. Anti-ping-flood | syn-flood attack can support speed restriction.

Anti-IPv4 URPF source address deception.

Automatic broadcasting storm suppression.

Control/signaling MD5 encryption authentication

DHCP snooping

IP Source guard and DAI based upon DHCP Snooping.

IPv6 ND security




7/23/2019 Zxr10 8900e Series




3.8.5.1 Anti -DDoS Attack

Due to more and more complicated network environment, the switch should be more

competent in fighting against attacks. There are lots of ways to prevent DDoS attack,

CPU protection is a very important one.

Currently, controlling protocol message is used to protection CPU. The speed of

messages sent to CPU can be set. If the real speed exceeds the threshold, this message

will be discarded or its transport priority will be modified. CPU protection is implemented

based upon the following principle.

CPU protection is mainly realized by using the switch to monitor the speed of messages

sent to CPU. The speed threshold for messages going to CPU can be set on devices.

When messages are sent to CPU in an abnormal speed, related alarms will be generated

and the NM will be aware of the attack. At this moment, the NM can decide how to

process the message according to the message type and speed. When the protocol

protection unit finds one protocol message is transferred too fast, this unit will send an

alarm to warn user. After reading this alarm, the user can configure protocol protection

shutdown to avoid CPU failure.

Currently, the supported protocols include most L2 and L3 protocols. The covered Ipv4

protocol consists of: OSPF, PIM, IGMP, VRRP, ICMP, ARP reply, ARP request, group

mng, VBASE, DHCP, RIP, BGP, telnet, LDP_TCP, LDP_UDP, TTL=1, BPDU, SNMP,

MSDP and RADIUS. The included Ipv6 protocols are: MLD, ND, ICMP6, BGP4+, RIPng,

OSPFv3, LDPtcp6, LDPudp6, telnet6 and PIM6. L2 protocols cover some messages like

STP and MSTP, as well as some switch L2 ring protocols.

Based upon common CPU protection, 8900E has multi-level CPU protection which

includes: hardware protection, software protection and protocol stack protection. CPU

supports multiple hardware queues to make sure the precedence of key messages. Key

message filtering makes sure key messages are sent to CPU. Protocol stack controls

message transport speed. Via multi-level protection, network efficiency and key services

operation are guaranteed.

Moreover, ZXR10 8900E can also use MAC address learning restriction, port speed

restriction and multi-level ACL filtering to avoid DDoS attack.

3.8.5.2 Unicast Reverse Path Forwarding (uRPF)

Unicast Reverse Path Forwarding (uRPF) can be used to avoid the network attack based

upon source address spoofing.Source address spoofing (A legal address made by

attacker) in common DoS attack uses a fake source address to prevent the device from

providing normal services. uRPF can avoid such attacks effectively. uRPF is made for

normal route search. Normally when router receives packet and gets its destination

address, route table will be looked up as per the destination address. If the route is found,

the packet will be forwarded, otherwise, it will be discarded. uRPF by getting source

address and incoming interface of the packet sets source address as the target address




7/23/2019 Zxr10 8900e Series




to find out if the interface in forwarding table corresponding to the source address

matches the incoming interface. If not, the source address is considered spoofing, and

the packet will be dropped. In this way, malicious attack launched by modifying the

source address can be stopped.

ZXR10 8900E series swith supports three types of uRPFs, i.e. strict, loose and

loose-ingoring-default-route.

Strict mechanism strictly searches for outgoing port and incoming port as per source

address. If they do not match, the packet will be dropped. If they match, process it

normally.

Loose mechanism enables route search as per the source address. If the default

route egress is the same as the ingress, process the packet normally. Otherwise,

discard it.

Loose-ignoring-default-route ignores default route. If the route can be found by the

source address, and it is not the default route, it will be processed normally.

Otherwise, it will be dropped.

3.8.5.3 ND Security

The introduction of IPv6 can not solve the security issue in original IPv4 network. Some

IPv6 network security problems are also aroused by IPv6 protocol. In IPv6, ND (Neighbor

Discovery) protocol is similar to ARP protocol in IPv4. It resolutes MAC address, and

realizes automatic IP address distribution in non status. ND protocol mainly consists of

RS, RA, NS and NA protocols. RS and RA messages are used to get IP address prefix,

and NS/NA messages are used to get neighbor MAC address. So ND protocol also has

IP address prefix spoofing and MAC address spoofing issues.

ZXR10 8900E supports router trusted port. Trustable router address and restricted ND

learning number can be configured. ND message filtering based upon ND snooping is

supported. It supports the binding relationship between static IP address,l MAC, VLAN

and port. Also, based upon DHCP IPv6 snooping entry, ND message can be inspected.

Only legal messages can be allowed to pass.

3.9 Network Traffi c Analys is

3.9.1 Sflow

sFlow service is mainly composed by three parts: sFlow message sampling unit, sFlow

agent unit and sFlow collector(e.g. analyzer). The entire system architecture is as shown

in Figure 3-28.




7/23/2019 Zxr10 8900e Series




Figure 3-27 sFlow Multi-level Architecture

sFlow sampling and agent units are integrated in the network device. While sFlow

analyzer outside the system analyzes multiple sFlow agent messages in the network.

sFlow sampling service of 8900E is done by ASIC chip.

sFlow sampling service gets message samples via interfaces which give support to sFlow.

The collected messages are sent and processed by sFlow agent.

sFlow Agent is mainly responsible for analyzing the sampled messages, and sent them to

sFlow collector after encapsulation. At the same time, the statistical informaiton at the

interface will be get and sent to sFlow collector.

sFlow Collector is a network device used for sFlow managment , monitoring, collection

and analysis. After saving the messages sent by sFlow Agent, sFlow Collector makes

analysis and writes reports and statistics on device traffic and services. At the same time,

some collectors with MIB service can configure sFlow too.




7/23/2019 Zxr10 8900e Series




4 System Architecture

4.1 Appearance

ZXR10 8900E adopts a large-capacity rack structure. Its hardware system is composed

of chassis, backplane, fan chassis, power supply unit, switching MCC and various line

processing cards.

4.1.1 ZXR10 8912E Appearance

ZXR10 8912E appearance is shown in Figure 4-1




7/23/2019 Zxr10 8900e Series




Figure 4-1 ZXR10 8912E appearance




7/23/2019 Zxr10 8900e Series




ZXR10 8912E structure is shown in Figure 4-2.

Figure 4-2 ZXR10 8912E structure


ZXR10 8908E appearance is shown in Figure 4-3.




7/23/2019 Zxr10 8900e Series









7/23/2019 Zxr10 8900e Series









4.2 Hardw are Architecture

This section introduces the system hardware and working principle of ZXR10 8900E

series core switch and gives users an understanding of the system. This section covers

overall system architecture, functional modules, card principle diagram and working

principles.




7/23/2019 Zxr10 8900e Series




4.2.1 Overall Hardware Architecture

ZXR10 8900E series switch adopts rack design to implement a system architecture with

separated forwarding plane, control plane and monitoring plane. The three planes work

and implement system functions together. The system uses new-generation

large-capacity high-speed serial bus back plane to connect main control switching card

and all service line cards. The main control card and switching matrix are integrated in

one, which supports 1:1 redundancy design. The main control switching card implements

porotcol and signaling processing, fast data switching, system monitoring, clock

synchronization, and maintenance & management. The main control card adopts

super-large-capacity switching matrix to guarantee the switching capacity necessary for

system wire-speed operation. Main control card uses high-performance CPU and

large-capacity memory to guarantee high-speed protocol processing and storage space

for huge table capacity. Each line card provides wire-speed packet processing capability

by ASIC and provides 10G, GE, 100M and 40G interfaces based on service requirements.

Each line card clock modules implement time and frequency synchronization by

exchange between clock bus and main control clock module, so as to provide reliableand quality guarantee for clock synchronization. The main control node on the main

control card manages the monitoring node on line cards and collect the monitoring

information on the line cards by the monitoring bus, in order to realize intelligent

management of the equipment. Figure 4-9 and Figure 4-10 are hardware system

architecture diagram of ZXR10 8900E.

Figure 4-9 ZXR10 8912E/8908E/8905E hardware system architecture

Figure 4-10 ZXR10 8902E hardware system architecture




7/23/2019 Zxr10 8900e Series




Large-capacity high-speed back plane

The system uses the latest passive large-capacity high-speed back plane design, and

adopts 10G high-speed Serdes to connect main control switching card and every line

cards. Thus it guarantees abundant switching capacity for system operation and reserve

enough bandwidth for future upgrades. It supports 400G hardware platform, 40G line

card, and smooth upgrade to 100G line card.

Main control switching card

The main control card is important comprehensive card with 1:1 and 1+1 redundancy.

Each main control switching card covers a high-performance CPU, storage space with

large memory capacity, an inter-board communication switching module, a monitoringmodule, and a clock module. Each main control card on 8912E/8908E/8905E contains a

large-capacity switching matrix, which adopts independent design for multiple planes to

guarantee its switching capability and future expansion capability. 8902E main control

card has no switching matrix. Its line card implements back-to-back connection by

high-speed back plane. During operation two main control cards of 8900E series switch

maintain active connection with each other.

Service line card

Service line card directly takes processing of packets. It sends packet to a specific port of

destination service line card based on the processing result. It has its own forwarding

table on each service line card. Forwarding decision is implemented at local to guaranteewire-speed switching capability. There are many types of service line cards supporting

clock and monitoring. At present the following service line card can be provided based on

the needs:

− GE service card

Management and

control Module

XAUI

SyncE/

1588

POWER

IMPC

ASICSyncE/

1588

Line card 1

SyncE/

1588

Line card 2

IPMC

IPMC

ASIC




7/23/2019 Zxr10 8900e Series




− 10G Ethernet service card

− 40G Ethernet service card

Power supply

8900E uses intelligent power supply unit. Main control system can monitor the power

supply by RS485 interface to implement its intelligent monitoring of temperature,

over/low-voltage, power-down alarm, and traffic limit.

Intelligent fan

8900E system uses intelligent fan to satisfy the functional requirements of fan speed

adjusting, fan off alarm, fan speed alarm, and fan card temperature detection. It can also

adjust the speed for fan at each slot based on their temperature to save energy.

4.2.2 Working Princ iples of Hardware System

ZXR10 8912E/8908E/8905E core switch system adopts a distributed architecture which

is composed of forwarding, control and monitoring planes. Forwarding plane implements

wire-speed switching by two-layer hardware switching. Layer 1 switching is implemented

between ports of line cards by local ASIC chip, which is usually called Packet Processor

(abbreviated as PP). Layer 2 switching is implemented between line cards by the

switching matrix on the main control card. It can connect all PP to constitute a

large-capacity switch system. On the control plane, each line card has an independent

CPU to conduct local packet forwarding and protocol processing. It can communicate

with main control card CPU by high-speed channel. CPU implements route calculation,

management and control. The main monitoring node on main control card,

sub-monitoring node on line card and monitoring bus connecting all monitoring nodesconstitute a monitoring plane to realize the monitoring of the equipment and state of the

whole system. The system diagram is shown in Figure 4-11.




7/23/2019 Zxr10 8900e Series




Figure 4-11 ZXR10 8905E/8908E/8912Esystem hardware diagram

The switch structure for ZXR10 8902E is different in switching plane. When 8902E switch

conducts two-layer hardware switching, layer 1 switching is implemented between ports

of line cards. Layer 2 switching is implemented between two line cards by the high-speed

Serdes bus directly connected to line cards. The system diagram is shown in Figure 4-12.

Figure 4-12 ZXR10 8902E system hardware diagram

Switching

Fabric

Management

and control

Module

XAUI

XAUI

XAUI

XAUI

IPMCGE Serdes

GE SerdesPOWER SyncE/

1588

ASICSyncE

/1588

Line card

SyncE

/1588

Line card

IPMC

IPMC

ASIC

...

Line card

Line card

IPMC

IPMC

...ASIC

ASIC

SyncE

/1588

SyncE

/1588

Management and

control Module

XAUI

SyncE/

1588

POWER

IMPC

ASICSyncE/

1588

Line card 1

SyncE/

1588

Line card 2

IPMC

IPMC

ASIC




7/23/2019 Zxr10 8900e Series




4.3 Hardw are Boards

4.3.1 Switching Main Control Board

In actual application of ZXR10 8912E/8908E/8905E, the switching module and control

module are integrated on one main control board, including CPU subcard, switching chip,

clock system and monitoring subcard, realizing management control for the whole

system and switching function for data packets of line cards. It can be divided into the

following functional modules: switching, control, clock, monitoring, outband

communication, power supply and logic modules. Its principle diagram is as shown in

Figure 4-13.

Figure 4-13 Principle diagram of 8912E/8908E/8905E main control board

In actual application of ZXR10 8902E, the main control board realizes the control function.Its principle diagram is as shown in Figure 4-14.

Figure 4-14 Principle diagram of 8902E main control board

CROSSBARCPU

syst em

SDRAM BOOTROM

Consol e

i nt erf ace

MGT i nt er f ace

Hi gh-speed XAUI

i nt erf ace

Hi gh-speed XAUI

i nt erf ace

Cl ock

subcard

Moni t or i ng

subcard

I PMC i nt er f ace

CROSSBARCPU

syst em

SDRAM BOOTROM

Consol e

i nt erf ace

MGT i nt er f ace

Cl ock

subcard

Moni t or i ng

subcard

I PMC i nt er f ace

GE i nt er f aces

GE i nt er f aces




7/23/2019 Zxr10 8900e Series




4.3.1.1 Main Control Module

The main control module consists of a main processor and some external functional

chips, providing various operation interfaces such as serial interface and Ethernet

interface by which the system can process various applications. The main control module

includes the following functional units and fulfills the following tasks:

NMS unit: run system network management protocol, such as SNMP;

Protocol processing unit: run network and route protocols, such as OSPF, RIP and

BGP-4; maintain global routing and forwarding table; responsible for consistence of

multiple processor nodes;

Monitoring unit: provide operation and management interfaces for line cards;

Internal communication unit: provide high-speed signaling channel between boards,

so that the main control board can control the management CPU of other boards

efficiently and correctly through the internal communication module, and transmitrouting information to different boards via this channel.

The main control module has the following features:

Have high-performance CPU with powerful processing capability to run L2 and L3

protocol as well as network management and monitoring programs;

Provide GE outband communication channel that can be connected with the

management interface to provide system management and program download and

debugging function;

Provide an RS232 serial port as board debugging and management interface;

Provide temperature detection: each main control board has a temperature

detection component connected to CPU subcard, which can provide temperature

detection and report to background network management system;

Provide system log management function: all logs are stored in system FLASH;

CPU interface is mounted with clock chip to provide correct clock for the system;

Provide active/standby switching, active/standby status signal indication, line card

reset signal and line card online detection functions;

Provide fault level: warning fault and switching fault;

Provide route data synchronization channel between the active and standby

elements.




7/23/2019 Zxr10 8900e Series




4.3.1.2 Switching Module

The switching module is responsible for data switching of the whole system and providing

high-speed non-blocking switching channels between line cards. The switching module

employs specialized CROSSBAR chip and integrates multiple high-speed bidirectional

interfaces, so it can process wire-speed switching of multiple line cards. The switching

chip has the following functions:

Storage, forwarding and switching;

Support 16K bytes jumbo frame;

Support priority queue: when CoS queue is congested, it can selectively discard

some frames;

Provide a management control counter for each port.

4.3.1.3 Clock Module

This system adopts synchronous Ethernet Technology to realize clock frequency

synchronization and uses IEEE 1588 to perform phase modulation and time maintenance

to realize clock time synchronization. Synchronous Ethernet can perform system clock

frequency synchronization through the reference clock generated by 4 clock sources:

clock subcard local clock, Bits (2MHZ, 2Mbits), GPS, and line card line restorated clock.

To realize time synchronization, all boards in the system can check time through GPS or

1588 information obtained from any line card.

Synchronous Ethernet restores the clock by the PHY chip in the Ethernet; each interface

board selects one from the restored clocks of all ports and sends it to the two maincontrol boards respectively via the backplane; the main control board selects two (active

and standby) according to the configured policy and sends them to the clock module as

the one of the references of clock sources; the clock module will select the highest-quality

clock from clock subcard local clock, Bits (2MHZ, 2Mbits), GPS, and line card line

restoration clock and send it to the main control board; or the clock sources can be

configured with different priorities and the highest-priority clock is sent to the main control

board, which then sends this clock to each interface board as clock source for its chip. In

this way, Ethernet clock synchronization of the whole system is realized.

For 1588 processing, the line cards in the system and the main control board exchange

1588 information via bus connection. The main control board or any line card can be

configured as the synchronization source of the system; all other boards obtainsynchronization information from the synchronization source. Moreover, the clock

subcard of main control board can realize conversion between 1588 information and

GPS information via logic component to realize GPS time synchronization function.




7/23/2019 Zxr10 8900e Series




4.3.1.4 Monitoring Module

The monitoring module (IPMC) is a component of the equipment monitoring system. It

forms intelligent platform management system together with hardware management bus

and software monitoring management module. IPMC is designed as modular subcard

and located at the main control board and other boards. The monitoring modules of the

main control board and other boards are interconnected via monitoring bus.

IPMC module can be divided to IPMC management node and IPMC ordinary node by its

role in the system. IPMC in the active main control board is the manager of subsystems;

the standby main control board and ordinary line cards are all IPMC ordinary nodes. The

line card and standby main control functional nodes collect local information and send it

to the active main control node to provide for the users. The control information sent by

the users is distributed by the active main control node to the line card and standby main

control functional nodes. The management node also monitors system power supply and

fans.

The monitoring module fulfills the following tasks:

Information collection: collect information on environment temperature, board

temperature, fan status, power supply statue and power supply power sampling;

Monitoring alarm: set alarm parameters for the above detection items and generate

corresponding alarms when relevant faults occur;

Monitoring management: realize fan rotational speed control by user or automatic

control as well as board power-on and power-off functions.

4.3.1.5 Main Control Panel diagram and Features

The panel diagram of 8912E main control board named 8912EMSC1D supporting clock

synchronization is as shown.

Figure 4-15 8912EMSC1D main control board panel diagram

The panel diagram of 8912E main control board named 8912EMSC1A without clock





7/23/2019 Zxr10 8900e Series




Figure 4-16 8912EMSC1A main control board panel diagram







The panel diagram of 8902E main control board named 8902EMSC1D supporting Clock

synchronization named is as shown.





7/23/2019 Zxr10 8900e Series




The panel diagram of 8902E main control board named 8902EMSC1A without Clock


Figure 4-20 8902EMSC1A main control board panel diagram

The main control board has Console interface, IPMC management interface, MGT

interface, SD card interface and clock interface, that is, one BITS in, one BITS out, one

GPS in and one GPS out. Among them, the Console interface is used for local

configuration and management of the switch; MGT interface is mainly the

10/100/1000BASE-T interface used for upgrade and network management; IMPC

management interface is used to monitor local management of the system; SD interface

is used to insert SD card, which can control the software update, buffer and restoration.The capacity of SD card can be up to 32G. The features are as shown in Table 4-1.

Table 4-1 Main control board panel interface features

Interface name Feature

Console interface

RJ45 connector

RS232, baud rate 115200bit/s

Transmission distance<15m

MGT interface

10/100/1000 Base-T Ethernet interface

RJ45 connector

Use CAT-5 Unshielded Twisted Pair (UTP) cableMax. transmission distance 100m

Full duplex/half duplex

IMPC interface

RJ45 CONNECTOR

RS232, baud rate 115200bit/s

Transmission distance<15m

PPS&TOD OUTinterface

GPS signal second pulse (PPS) and time information (TOD)output

RJ45 CONNECTOR

RS422 level

PPS&TOD IN

interface

GPS signal second pulse (PPS) and time information (TOD)input

RJ45 CONNECTORRS422 level

BITS OUTinterface

BITS signal input

Use BNC connector, 75Ω coaxial cable

BITS IN interfaceBITS signal input

Use BNC connector, 75Ω coaxial cable




7/23/2019 Zxr10 8900e Series




There are a number of buttons on the panel, such as RST, EXCH and CPY. Their

functions are as shown in Table 4-2.

Table 4-2 Main control board panel button function description

Button name Function

RST Board reset button, used to reset the whole board

EXCHBoard switching button, used to switch the active main controlboard to standby board

CPY Reserved, not used

The functions of the indicators on the main control board panel are as shown in Table

4-3.

Table 4-3 Main control board panel indicator function description

Indicator Function

1~2/5/8/12

RUN (green)Off: corresponding line card fault or not in position

Flash: corresponding line card works properly

ALM (red)Off: corresponding line card has no alarm or not inposition

On: corresponding line card has alarm

PWR1~2/3

RUN (green)Off: corresponding power module fault or not inposition

On: corresponding power module works properly

ALM (red)Off: corresponding power module has no alarm or notin position

On: corresponding power module has alarm

RUN

RUN (green)Off: this main control board has fault

Flash: this main control board works properly

ALM (red)Off: this main control board has no alarm

On: this main control board has alarm

MST

RUN (green)On: this board is active

Off: this board is standby

ALM (red)On: active/standby status is exceptional

Off: active/standby status is normal

FAN (only8902E hasthis

indicator;for others,this isdisplayedon the fanframe)

RUN (green)On: fan frame power supply is normal

Off: fan frame power supply is exceptional

ALM (red)On: fan frame works exceptionally

Off: fan frame works properly or power supply isexceptional




7/23/2019 Zxr10 8900e Series




Indicator Function

SD interface ACT (green)

On: this interface is inserted with SD card

Off: this interface has no SD card or SD card isexceptional

Flash: SD card is under reading/writing

ACT (green)Flash: data receiving/sending on 10/100/1000 Base-TEthernet interface

LINK (green)

On: 10/100/1000 Base-T Ethernet interface link hasbeen established

Off: 10/100/1000 Base-T Ethernet interface is notconnected with any other interface

4.3.2 Power Module

ZXR10 8912E/8908E/8905E/8902E core switches address the practical application need.

To meet the strict requirement for equipment reliability, hot backup is designed for power

supply Module, and both 48V DC power supply and 220V AC power supply are designed.

DC power supply adopts 1+1 mode; AC power supply adopts 1+1 backup or 2+1 backup

depending on different racks, which highly improves the reliability of the power system.

Besides, 8900E series power supply also provides multiple intelligent protection

mechanisms, which can perform protection, detection and fault report for the power

supply according to voltage, current and temperature, including output overvoltage

protection, output overcurrent protection, output undervoltage protection, output

undercurrent protection, overtemperature short-cuicuit protection, input overvoltage

protection, input undervoltage protection, overtemperature, overvoltage, fan fault and

current limit alarm report function, voltage detection report function, current detection

report function and temperature detection report function.

The diagram of 8912E/8908E/8905E DC power rear panel is as shown in Figure 4-21.

Figure 4-21 8912E/8908E/8905E DC power board diagram

The diagram of 8912E/8908E/8905E AC power rear panel is as shown in Figure 4-22.




7/23/2019 Zxr10 8900e Series




Figure 4-22 8912E/8908E/8905E AC power board diagram

The diagram of 8902E DC power front panel is as shown in Figure 4-23.

Figure 4-23 8902E DC power board diagram

The diagram of 8902E AC power front panel is as shown in Figure 4-24.

Figure 4-24 8902E AC power board diagram

4.3.3 Interface Module

ZXR10 8900E series core switch interface module is the line interface card. The line card

types provided include Gigabit Ethernet interface board, 10G Ethernet optical interface

board and 40G Ethernet optical interface board. All optical interfaces of line cards in

ZXR10 8900E series core switches adopt pluggable optical module, so the same line

card can support multiple kinds of transmission media and transmission distances. Someline cards provide different types of ports, reducing the number of line cards that may be

needed in many cases, so that the use can get the largest profit with minimal investment.

Moreover, all user electrical interfaces in the line cards have cable diagnosis function.

They can detect the connection of cables at any time, make diagnosis for short circuit and

open circuit of cables and point out the position of the faults with a precision of less than

1m.




7/23/2019 Zxr10 8900e Series




1. Types of 8900E interface boards (as shown in Table 4-4)

Table 4-4 8900E interface board type

Board type Fixed interface lineprocessing boardname

Port state Description

E1GF24A

24-port NPenhanced gigabitoptical interfaceboard

24 GE opticalinterfaces; support100M and gigabitSFP

With NP extension;support MPLS; supportbig table entry; supportH-QoS; support EthernetOAM; support intelligentmonitoring

H2GF24D24-port gigabitoptical interfaceboard


Support MPLS; supportbig table entry; supportEthernet OAM; supportclock (SyncE, 1588v2);support intelligentmonitoring

H2GF48D48-port gigabitoptical interfaceboard



H2GT48D48-port gigabitelectrical interfaceboard

48 GE electricalinterfaces;10/100/1000Mtriple speed


H2XF8D8-port 10G opticalinterface board

8*10G opticalinterfaces; support10G SFP+


S1XF12A12-port 10G opticalinterface board

12*10G opticalinterfaces; support10G SFP+

Support L2/L3 andIPv4/v6 features; supportSyncE; support intelligentmonitoring

S2XF48A48-port 10G optical

interface board

48*10G opticalinterfaces; support

10G SFP+

Support L2/L3 andIPv4/v6 features; SupportMPLS; support SyncE;

support intelligentmonitoring

S2LQ6L2A

6-port 40GE QSFPopticalinterface+2-port40GE CFP opticalinterface board

6*40G QSFPinterfaces+2*40GCFP interfaces

Support MPLS; supportSyncE; support intelligentmonitoring




7/23/2019 Zxr10 8900e Series




2. Panel diagram of 8900E interface boards

Figure 4-25 E1GF24A

Figure 4-26 H2GF24D

Figure 4-27 H2GF48D

Figure 4-28 H2GT48D

Figure 4-29 H2XF8D

Figure 4-30 S1XF12A

Figure 4-31 S2XF48A




7/23/2019 Zxr10 8900e Series




Figure 4-32 S2LQ6L2A

3. Features of optical and electrical interfaces of 8900E interface board

See table 5-2 Interface Indicators.

4.4 Software Arch itecture

4.4.1 System Software Architecture

ZXR10 8900E series switches are multi-layer switches that have L2 switching, L3 routing

and MPLS L2/L3VPN and that support multiple service functions. They can provide L3

and L3 wire-speed switching and routing and QoS guarantee. The system software

implements system management, control and data forwarding. Its basic work includes

system startup, system configuration management, protocol running, table maintenance,

switching chip setting and state control as well as forwarding of some special messages.

The software system realizes the following functions:

Realize main L2 protocol functions, including 802.1D STP protocol, 802.1P priority

level control, 802.1Q VLAN related functions and 802.3ad link aggregation function;

Support IPv4/IPv6 protocol stack and basic routing protocol;

Realize multicast protocol and support IPTV deployment;

Realize ACL and DHCP multi-layer services;

Realize partial broadband access function;

Realize the Agent function of network management protocol SNMPv3;

The user can perform network management for Ethernet switch via serial portterminal, Telnet/SSH and SNMP Manager, including: network configuration

management, fault management, performance management and security

management;

Software version can be upgraded smoothly; the active and standby protocol

processing cards and switching network cards support online upgrade;




7/23/2019 Zxr10 8900e Series




Equipment security and network security functions;

Realize MPLS related functions, including MPLS VPN, MPLS OAM and MPLS QoS;

Support fast switching and convergence of routes, links and network; provide highly

reliable protection.

ZXR10 8900E series switch products adopt brand new software architecture to fulfill

various functions of the software system. The two major subsystems “unified support

platform” and “new-generation protocol stack platform” together with OAM, DB, product

management and operating system (CGEL) subsystems comprise 8900E product

software architecture, as shown in Figure 4-33:

Figure 4-33 8900E software system architecture

The functions of each subsystem are described below:

Unified support platform: It has operating system platform, componentized release

and process space separation, and supports dynamic loading and hot patch

capabilities. With the ability to be released independently, supporting centralized

and distributed systems, the unified support platform can serve as the support

platform for most product lines.

New-generation software platform: As the next-generation TCP/IP protocol stack

platform, ZXROS (Zhong Xing Route Operating System) Version 5.0 supports full

Software (protocol stack)

platform

Forwarding plane (firmware such as ASIC/microcode/FPGA)

OAM

D B

Distributed operating system infrastructure

For war d ing

plane

managment

Inter

- plane

inter connection

PM

Ver sionmanagement

Eq ui pmentmanagement




7/23/2019 Zxr10 8900e Series




series of data products and service products from low end to high end. The protocol

stack is realized in different processes by functional block to ensure the

independence and reliability of functions and locate software fault with ease. It has

NSR function, fast convergence capability, and mass route management capability.

The whole equipment can support 64K VPN to ensure the competitiveness and

progressiveness.

OAM: The system provides CLI, SNMP and HTTP management interfaces; the

foreground performs overall management for the system in a unified way. For

upper-level application part, OAM only provides management mechanism; relevant

management functions can be added for the services separately to realize loose

coupling of OAM and application.

DB: On the basis of the existing DB system, the system realizes multi-process

repelling mechanism to ensure data intactness; database access can be performed

concurrently in multi-channel multi-kernel system to improve access efficiency.

Product management: The software platform only concerns protocol realization; the

other functions including equipment management, equipment monitoring, version

management and line card management are all realized by product management.

OS: The operating system adopts self-developed Linux-based CGEL and is totally

compatible with Linux standard system architecture. It supports multiple kernels,

double state and multiple processes, and so meet the requirement for timeliness. It

supports diverse drivers and realizes distributed extension.

4.4.2 Software Platform

ZXR10 8900E core switch is the latest Version 5.0 of the next-generation IP protocolstack platform ZXROS (Zhong Xing Route Operating System). The protocol realization of

this platform is irrelevant to product; it only perceives protocol service functions but not

specific products. All software components can run in the user state of micro kernel

system to enhance system security; software components belong to different separate

process spaces, realizing safe isolation of illegal operation of application program; the

software is based on componentized management; component functions can be

developed independently and independent versions can be released; non-stopping

routing capability, distributed processing and fast reliable synchronization between

different CPUs. The overall software components o ZXROS V5.0 software platform is as





7/23/2019 Zxr10 8900e Series




Figure 4-34 New-generation ZXROS V5.0 software platform system architecture

ZXROS V5.0 software platform includes the following subsystems:

Route subsystem: including unicast routing protocol and multicast routing protocol;

L2 subsystem: include all L2 functional protocols;

MPLS subsystem: include LDP, RSVP and PWE3 functional protocol;

L3&PSS subsystem: include TCP/UDP, ARP, ND, message receiving/sending,

interface management, routing table, label table management, forwarding table

collection, integration and synchronization;

Configuration and resource management subsystem: include configurationmanagement modules such as ACL, route-map, L2VPN and L3VPN and system

resource management such as label and ip pool;

Application protocol subsystem: include various application protocols such as

Netflow, Radius, NTP and Telnet.

The key and competitive technologies of this software platform reflected in the following

aspects:

The system kernel resource runs in the highest priority mode and all software

components run in the user state of the micro-kernel system to enhance system

security (up/down isolation);

Software components belong to different separate process spaces, realizing safe

isolation of illegal operation of application program (left/right separation);

component functions can be developed independently and independent versions

can be released;

Operating system micro-kernel

Distributed infrastructure

L3&PSS subsystem (message receiving/sending, interface management,

table management, etc.)

Routing protocol

subsystem

C onf i g ur a t i onm an a g e m e n t an d

r

e s o ur c e m ai n t e n an c e

L2 protocol

subsystem

O

A

M

MPLS subsystem

TACACS+

Conf ig

RADIUS PING

FTP NTPNETFLOW

TRACE

. . . . . .

Application protocol subsystem

Software platform




7/23/2019 Zxr10 8900e Series




Software system architecture supports distributed protocol processing: message

communication is used between processes;

Fast data synchronization can be realized between multiple CPUs; reliable multicast

can be used to increase route convergence speed;

Separation of command configuration processing and specific protocol realization;

low coupling of command scripts of platform and project;

Have unified external interfaces that support fast secondary development and can

integrate with purchased parts;

Support non-stopping routing capability (NSR);

Support cluster technology.

Meanwhile, ZXROS V5.0 software platform has the following features:

High reliability and stability: meet the requirement of long-term stable running of

network

− The faults of component do not affect each other

− Software components release versions and upgrade independently

− Low coupling of platform and project

Real-time performance: meet the time requirement for large-scale dynamic routing

protocol, network management protocol and data synchronization between multiple

processors.

Self restoration: try to detect, process and record exceptions in the whole system,

perform necessary error restoration and equipment switching in exceptional cases.

Maintainable: perform necessary tracing and recording of usage and invocation of

core resource and system service; the components are independent of each other

which make it easier to trace faults.

Simple: only provide necessary system services to application programs and shield

unnecessary system services.

Encapsulation: completely shield hardware characteristics to make application

layer irrelevant to hardware, providing a unified and portable software platform for

the application programs of processors.

Smooth evolution: support fast secondary development; able to integrate with

purchased software and respond to customer requirements rapidly.




7/23/2019 Zxr10 8900e Series







7/23/2019 Zxr10 8900e Series




5 Technical Specif ications

5.1 Basic features

Table 5-1 Basic features and performance

FeaturesDescription

8912E 8908E 8905E 8902E

BasicPerformance

Backplanebandwidth

19.2 Tbps 19.2 Tbps 12Tbps 3.2Tbps

Switchingcapacity

2Tbps/7.68Tbps

2Tbps/7.68Tbps

1.28Tbps/4.8Tbps

960Gbps

Throughput

1536Mpps/5760Mpps

1536Mpps/5760Mpps

960Mpps/3600Mpps

720Mpps

GE PortDensities

576 384 240 96

10GE PortDensities

576 384 240 96

40GE PortDensities

96 64 40 16

Physical

parameters

Dimensions (Height xWidth x

Depth)

753mm*442mm*446mm

575mm*442mm*446mm

442mm*442mm*446mm

175mm*442mm*420mm

Weight <89.7kg <64.9kg <51.2kg <24kg

Slotnumber

Total slot 14 10 7 4

Serviceboard slot

12 8 5 2

Power

Powersupply(AC)

100V～240V, 50Hz ～60Hz

PowerSupply(DC)

-57V～-40V

Maximum

powerconsumption

<2718W <2084W <1235W <300W

EnvironmentalRequire

Operatingtemperatur e

Long time:-5°C～+45°C

Short time:-10°C～+55°C




7/23/2019 Zxr10 8900e Series


7/23/2019 Zxr10 8900e Series




Interface type Descripti on

1000BASE-LX (SFP-S40K)

LC connector. Single-mode fiber. Wavelength:1310nm. Max. transmission distance: 40km

Transmission power: -4dBm~0dBm. Receivesensitivity: <-22dBm.

1000BASE-LX(SFP-S40K-1550)


Transmission power: -5dBm～0dBm. Receivesensitivity: <-22dBm

1000BASE-LH (SFP-S80K)


Transmission power: 0dBm~5dBm. Receivesensitivity: <-22dBm

1000BASE-LH (SFP-S120K)


Transmission power: 5dBm~9dBm. Receivesensitivity: <-24dBm.

10GBASE-SR (SFP+-M300)

LC connector. Multi-mode fiber. Wavelength:850nm. Max. transmission distance: 300m

Transmission power: -7.3dBm～-1.0dBm. Receivesensitivity: <-11.1dBm

10GBASE-LR (SFP+-S10K)

LC connector. Single-mode fiber. Wavelength:1310nm. Max. transmission distance: 10Km

Transmission power: -8.2dBm～0.5dBm. Receivesensitivity: <-10.3dBm

10GBASE-ER/EW(SFP+-S40K)

LC connector. Single-mode fiber. Wavelength:1550nm. Max. transmission distance: 40Km

Transmission power: -4.7dBm～4.0dBm. Receivesensitivity: <-14.1dBm

40GBASE-SR4 (QSFP+150-D)

40G QSFP optical transceivers

Wavelength:850nm

Max. transmission distance: 150m

Transmission power: -7.0dBm～+2.3dBm.

Receive sensitivity: <-5.4dBm

40GBASE-LR4(CFP+-S10K-D)

40G CFP optical transceivers

Wavelength: 1270nm,1290nm,1310nm,1330nm

Max. transmission distance: 10Km

Transmission power: -7.0dBm～2.3dBm.

Receive sensitivity: <-11.5dBm




7/23/2019 Zxr10 8900e Series




5.3 Functions

5.3.1 L2 features

Table 5-3 L2 features

Features Description

L2 features

VLAN

Port-based VLAN, Protocol-based VLAN, IPsubnet-based VLAN

VLAN translation

PVLAN

Super VLAN

QinQ

IEEE 802.1ad (QinQ)

Selective QinQ and priority mapping

TPID modification

MAC

MAC address learning, aging, and freezing

Static MAC configuration

MAC address number limit for preventing attacks

MAC address binding

Linkaggregation

IEEE 802.3ad (link aggregation)

Static port aggregation

Inter-board link aggregation

Multi-chassis link aggregation

Port

Loop detect

Port-based broadcast/multicast/unknown Unicaststorm suppression

Jumbo framesFlow control

Peak Traffic Statistics in one minute

Default shutdown

ARP

Static ARP configuration

ARP learning, aging

ARP Proxy

Preventing ARP attacks

STPIEEE 802.1d (STP)/802.1w (RSTP)/802.1s (MSTP)

Preventing BPDU attacks

MIRROR

Ingress port mirroring, Egress port mirroring andTraffic mirroring

one-to-one, one-to-many, many-to-one, andmany-to-many mirroring

RSPAN

ERSPAN

Ethernet OAMIEEE 802.1ag

IEEE 802.3ah




7/23/2019 Zxr10 8900e Series




5.3.2 L3 features

Table 5-4 L3 features


L3 features

IPv4 unicastrouting

IPv4 Static routing

RIPv1/v2, OSPFv2, IS-IS, BGP-4

Policy routing

VRRP

URPF

ECMP

IPv6 unicastrouting

ND, ND security, PMTUD

IPv6 Static routing

RIPng, OSPFv3, IS-ISv6, BGP4+

6to4 tunnels, 6in4 tunnels, ISATAP

6PE

5.3.3 Multicast features

Table 5-5 Multicast features


Multicast

L2 Multicast

IGMP Snooping/proxy

IGMP rate limit, IGMP rate filter

MLD snooping

PIM snooping

Multicast VLAN

L3 Multicast

Static Multicast

IGMPv1/v2/v3

PIM-SM, PIM-SSM, PIM-DM, MSDP

Anycast RP

VPN Multicast VPN

5.3.4 MPLS

Table 5-6 MPLS feature


MPLS

Basic

LDP

CR-LDP

RSVP/RSVP-TE

MPLS L2 VPNVPLS，VPWS，H-VPLS(QinQ Access, LSP Access)

Vrf to Vrf method/Single-hop M-EBGP method




7/23/2019 Zxr10 8900e Series





/Multi-hop M-EBGP method for Inter-AS L2 VPN

CE dual-home to PE

UPE dual-home to NPE

MPLS L3 VPN

L3 VPN FRRL3 VPN ECMP

Vrf to Vrf method/Single-hop M-EBGP method/Multi-hop M-EBGP method for Inter-AS L3 VPN

Multi-VRF(MCE)

MPLS TE

Static LSP

Explicit-path LSP

LSP Priorities/LSP Preemption/LSP Backup

MPLS TE FRR

MPLS L2VPN /MPLS L3VPN Over TE

LDP over TE

MPLS OAM

CV/FFD

1 to 1 redundancyMPLS Ping

MPLS Trace Route

VCCV ping for VPWS

5.3.5 QoS

Table 5-7 QoS


QoS

ClassificationPhysical port-based Classification

Physical port and ACL based Classification

Marking andRemarking

802.1p, IP Precedence, IP DSCP, IP TOS, MPLSEXP priority marking and remarking

Mapping priority between double VLAN tag

Flow control

Ingress port-based CAR

Flow-based CAR

Ingress/Egress Traffic Meter

Remarking based on Traffic Meter

Congestionavoidance

Bandwidth control based on flow

RED, WRED

Scheduling

Minimum of 8 priority queues per port

Minimum bandwidth guarantee/ maximum bandwidthlimitation per queue based

Queue scheduling mechanisms: SP, WRR,SP+WRR, WDRR

ShapingShaping per egress port

Shaping per specified queue




7/23/2019 Zxr10 8900e Series





H-QoS H-QoSingress/egress H-QoS with 4-level queues and3-level scheduling

H-QoS for MPLS L2/L3 VPN

5.3.6 Service Management

Table 5-8 Service Management


ServiceManagement

IEEE 802.1X, 802.1X Relay, 802.1X RADIUS Accounting, andforcing user offline

RADIUS and TACACS+ authentication

Hierarchical user management

IPTV management (CAC, CDR, UMS)

DHCPv4 Server, DHCP v4 Relay, DHCP v4/v6 SnoopingSupporting DHCP OPTION 82

5.3.7 Reliability

Table 5-9 Reliability

FeaturesDescription

8912E 8908E 8905E 8902E

Availability

MTBF >200000 hours

MTTR <30 minutes Availability ≥99.999%

Hotplugging

Hot plugging of all components

maincontrolboard

1+1 redundancy backup

powermodule

AC: 2+1redundancy,DC: 1+1redundancy

AC 1+1 redundancy, DC 1+1 redundancy




7/23/2019 Zxr10 8900e Series





Reliability

MPLS-TE end-to-end Path protection

MPLS-TE FRR

IP FRR

LDP FRRMulticast FRR

BFD for Static Routing, LDP, OSPF, ISIS, BGP, RIP, VRRP,LSP, FRR, PIM DR, Super VLAN

Graceful Restart

NSF

VRRP

Protection against loops for VPLS

ESRP+ Ethernet ring protection

Dual uplink dual homing protection

ECMP

UDLD

LLDPLACP, MC-ELAM

5.3.8 System secur ity

Table 5-10 System security


Systemsecurity

Anti Attacks

Defend against attacks of DoS, MAC flood, ARPSpoof, IP Spoof, SYN flood of TCP, UDP flood, PINGflood, Ping of Death, LAND, SMURF, Session

hijacking, broadcast storms, IP fragment and largetraffic

BPDU guard, root guard, and loop guard

IPv4 uRPF

Hierarchical protection of command lines to preventunauthorized users and grant different configurationrights to different levels of users

CPUprotection

CPU channel guard by rate limiting of the messagessent to CPU

Filter of the messages sent to CPU

Priority Assignment of the messages sent to CPU

AdvancedSecurity

Log record

Broadcast storm auto suppression

Hybrid ACL with L2, L3 and L4 fields filtering

OSPF, RIP, and BGP MD5 authentication

IP source guard/DAI

ND Security

DPI

FIREWALL




7/23/2019 Zxr10 8900e Series




5.3.9 Clock synchronization

Table 5-11 Clock synchronization


Clock

SynchronizedEthernet

Restore and extract clock data from the SynchronousEthernet links

Clock distribution in chassis

Extract clock from physical links, BITS (2MHZ,2Mbits) and GPS

SSM (synchronization status message) handling

IEEE 1588v2

Clock Recovery from 1588v2 PTP

Transparent Clocks

E2E/P2P modes

Precision Time Synchronization

Best Master Clock (BMC) algorithm

5.3.10 Operating and Maintenance

Table 5-12 Operating and Maintenance


OperatingandMaintenance

Operating andMaintenance

Command lines configuration

Hierarchical protection of command lines to preventunauthorized users and grant different configurationrights to different levels of users

Password Aging and Verification

Terminal services through the ConsoleUser Access Service Management

Remote Management via SSH, TELNET, SNMP

FTP/TFTP

Multi-mode alarm service (Sound, Light, etc.)

Unified NMS of ZXNM01

Hierarchical commands through NMS

User access control

Configuration saving and restore

Log record, Syslog，RMON

NTP clocks

IPv6 network management

Supporting standard MIBTraffic statistics

GroupManagement

ZGMP, LLDP/ZTP/ZGMP

TrafficMonitoring

sFlow

OAM Ethernet OAM




7/23/2019 Zxr10 8900e Series





Network testing tools (LSP Ping, LSP trace route,VPLS MAC Ping, etc.)




7/23/2019 Zxr10 8900e Series




6 Typical Network ing Mode

6.1 Appl ication in Metro Ethernet

ZXR10 8900E can be deployed in the aggregation layer of metro Ethernet. Metro

Ethernet has the demand for unified bearing of mobile, fixed broadband and Enterprise

Customer and separated bearing of IP-based audio, video, data and IPTV services.

ZXR10 8900E can realize full-service bearing and isolation of different service by VPN

technology and provide carrier-class reliability for the operators with ring network

technology, multiple protection technologies and OAM.

Realize isolation of end-to-end service and bearing by MPLS to edge mode to

provide higher reliability and security;

Different service planes bear different services by MPLS VPN technology;

Ensure 50ms fast protection switching by MPLS TE/FRR/BFD technology;

Realize fast fault discovery by MPLS OAM/Ethernet OAM to improve network

operation maintenance capability.

Common networking of multi-service bearer metro Ethernet is as shown in Figure 6-1.

Figure 6-1 Application in metro network




7/23/2019 Zxr10 8900e Series




6.2 Appl ication in Data Center

Due to the development of broadband communications network, there are more and

more people using fixed network and broadband network. As a result, interactive service

and all sorts of Internet application are booming. Customers raise higher demands forresource, system operaiton and maintenance. The data center nowadays has to face

unexpected pressure from capacity extension, power consumption and maintenance.

ZXR10 8900E series switch with high-density 10G port and high-performance switching

capacity, can be deployed in the core/aggregation layer of the data center network. It

helps users to reduce their TCO and eliminate problems in capacity extension and OAM.

89E features large bandwidth, high performance and large capacity. So it can

provide high-speed path for data center and cloud computing, ensuring

non-blocking traffic.

With rich NM services, 8900E provides graphic network management, which

enables data center maintenance engineer to carry out equipment maintenance. Byproviding northbound interface, it realizes unified network management.

As a green and energy-saving product, 8900E with 40nm chip is designed with

controllable line card and port, which effectively reduces the power consumption of

the devices in the data center.

Common data center networking mode is as shown in Figure 6-2.

Figure 6-2 Application of Data Center




7/23/2019 Zxr10 8900e Series




6.3 Application in Campus Network

Community network core layer requires large bandwidth and high-density port. The entire

network must support user access authentification and security guarantee policies.

ZXR10 8900E series switch can be deployed in community network core layer toimplement high-speed service forwarding and service protection. The features of 8900E

in enterprise network are:

The enterprise user should pay more attention to costs reduction and internal

security enhancement. With rich security features, ZXR10 8900E supports DHCP

server and snooping which gives conveniences to address management. It supports

multiple authentication mechanisms like Radius and TACACS+ to realize authorized

management. Besides, IP source guard, DAI and anti-DOS attack security guard

services are provided to reduce network attacks. By support SQA, 8900E series

switch can know operation status of application servers and reduce network failure.

Provide complete IPv6 solution. Via dual-stack technology and multiple v4/v6 tunneltechnologies, it realizes seamless migration from IPv4 to IPv6. It helps universities

to develop IPv6 research and facilitate IPv6 development.

The common enterprise networking mode is as shown in Figure 6-3.

Figure 6-3 Enterprise network Application




7/23/2019 Zxr10 8900e Series




6.4 Appl ication in FTTx

Due to the increasing growth of services, users nowadays have higher requirements for

access bandwidth and QoS quality. Traditional DSL access bandwidth is far behind the

requirment of future service development. As the costs of optical access keeps goingdown, E-FTTx access becomes mainstream development in the future. ZXR10 8900E

supports green and eco-friendly E-FTTx access mode, which in other words enables the

access of the existing cable fibers while satisfying 100M/1000M optical access scenarios.

With rich interface cards, ZXR10 8900E provides highly integrated and

large-bandwidth access mode, which effectively meets the requirements of FTTx for

high density and high extensibility.

Via rich QoS feature, ZXR10 8900E realizes differentiated multiservice control as

per different service requirements. It provides pefect user experience for low-latency

and low-jitter services.

ZXR10 8900E supports SVLAN and MFF technologies to isolate service and user. It

makes the network much safer.

Ethernet intelligent ring protection technology ZESR/ZESS satisfies different users

with different requirements for reliability.

Switch-based IP over DWDM enables lower costs in network construction and

maintenance. It is known for more powerful scalability too.

Common FTTx networking mode is as shown in Figure 6-4.

Figure 6-4 FTTx Application




7/23/2019 Zxr10 8900e Series




6.5 Appl ication in IP RAN

IP backhaul focuses on the interconnection between base station and wireless service

control point (Gateway) to realize the implementation of mobile IP voice and data

services. In traditional 2G network, BTS uses TDM E1/T1 to access BSC (Base StationController). With the development of wireless network, IP Node B gradually becomes

popular in 3G network as it can provide Ethernet interface to enable upstream traffic via

the switch. The wireless traffic accesses/aggregates to RNC. IP backhaul network

requires clock synchronization, high scalability and high reliability. ZXR10 8900E can be

deployed on the aggregation node of IP Backhaul to serve for the entire network.

IP backhaul requires end-to-end clock synchronization. 8900E provides SyncE+1588v2

solution which synchronizes high-precise clock signal like BITS to all base stations.

The BS access ring and aggregation ring have ring protection requirements. 8900E

realizes 50ms switchover via ZESR+ (EAPS) Ethernet ring.

By supporting superVLAN and QinQ technologies, 8900E reduces the load of the

gateway when multiple base stations get accessed, which consumes less IP

address, realizes unified base station management and makes the network more

scalable.

8900E supports VPLS/H-VPLS and MPLS L3VPN technologies to give better

support to multipoint-to-multipoint access.

Common IP Backhaul networking mode is as shown in Figure 6-5.

Figure 6-5 Application in IP RAN




7/23/2019 Zxr10 8900e Series




7 Operation and Maintenance

7.1 NetNumen U31 Unif ied Network ManagementPlatform

IP network is going to bear more and more services. At the same time, due to large-scale

network, complicated configuration and high market expectation, network management

and working load become more complicated and bigger. Manual operation and negative

maintenance obviously can not guarantee reliable operation of the entire system.

Maintenance staffs nowadays have to think of the way to arrange fast service deployment

in the network, guarantee reliable network operation, forcast network operation quality

and find out the network failure in the shortest time when problems occur. So active

network monitoring, automatic network failure inspection and settlement must be

implemented to make sure sound network operation and maximum network benefit.

ZTE based upon the time’s call develops NetNumen U31 unified network management

system. Concentrating on multiple products like router, switch, ZXR10 8900E, NetNumen

U31 is an integrated network management system melting network element

management, network management and service management together. It supports

multiple database, graphic interface in multiple languages and convenient operation.

Provding flexible northbound interface, it is capable of powerful interconnection.

7.1.1 Network Management Networking Mode

Inband management and outband management can be used between NetNumen U31

NM system and ZXR10 8900E.

7.1.1.1 Inband Management

For inband management, network management information and service data are

transferred in the same channel without asking for an extra DCN network. NetNumen

U31 NM system only needs to connect with network devices nearby and configure SNMP

parameters.

The advantage of inband management: flexible netwoking and no extra investment.However, network management information takes up too much bandwidth, which may

seriously influence service quality.




7/23/2019 Zxr10 8900e Series




7.1.1.2 Outband Management

For outband management, the network management information which is independent

from service data is transferred in network management network. An extra DCN network

is required. NetNumen U31 network management system connects with the outband

management interface of ZXR10 8900E, so that, the network management information

and service information can be transferred independently.

The advantage of outband management: The breakdown of service channel is

independent from the device management carried out by the network management

station. The network management information can be transferred more reliablely. But

independent network management network is seriously restricted by areas and locations,

and extra investment is needed.

7.1.2 NetNumen U31 Network Management System

NetNumen U31 network management system developed by ZTE is an integratedmanagement system concentrating on multiple ZTE products like router, switch and CE,

etc. Covering NE management, network management and service management, the

network management system provides the following services.

Failure management ensures stable network operation.

In network management maintenance, the management staff wants to know the network

running status to make sure stable operation. The failure management service of

NetNumen U31 is responsible for receiving real-time device alarms and network events

of all Nes in the entire network. With all these audible and visible services, maintenance

staffs can make proper process after confirmation, e.g. file alarm reports for future

alarm stat. and query. Failure management is a very important and commonly usedmethod in user network operation maintenance, via which, users know ZXR10 8900E

running and failure status, implement real-time monitoring, fault filtration, fault location,

fault confirmation, fault deletion and fault analysis. NetNumen U31 system also provides

voice tip, graphic alarm board and real-time access to alarm box system, Email and SMS

to give user in-time notification. It gives conveniences to user’s daily maintenance.

Performance management gives overall understanding of network services.

Network traffic direction and traffic load are two key issues in network management.

Performance management unit of NetNumen U31 is responsible for data network and

device performance monitoring and analysis. Corresponding reports are generated when

all sorts of performance data got from NE are processed, so that the maintenance andmanagement departments can use them in future network construction, planning,

adjustment and quality improvement. By performance management, users can

implement statistics of device load, traffic direction and interface load, etc. In this way,

they can get real-time network service quality and make in-time evaluation to network

resource configuration.




7/23/2019 Zxr10 8900e Series




Resource management enables rational use of network resource.

Resource management system which realizes physical resource and local resource

management is a critical base station in operator’s service process. It is the most

precondition in realizing automatic service intiation and service guarantee. By using

resource management, user not only knows the management situation of the device,

board, interface and interface in the network, but also can understand the running status

of logcal resources like VLAN, L2/L3 VPN and MAC address in the network.

View management makes network running status clear.

View management provides unified network topology and multiview management which

enables user to know entire network topology and device running status. At the same

time, it offers network and device operating and maintenance interfaces. User can know

network device running status and alarm situation via the view management. At the same

time, it guides to other management systems.

Configuration management enables fast service deployment.

Configuration management enables ZXR10 8900E configuration, including device

management, interface management, VLAN management, L2 attribute management,

MPLS management, routing protocol management, QoS management, software upgrade

management and configuration file management, etc. Also, it supports multiple

customer-friendly configurtion modes like end-to-end configuration, in-batch configuration,

wizard-based configuration. At the same time, default configuration templates of

corresponding management are provided too.

Security management makes the network safer.

Security management makes sure legal adoption of the system. It realizes user, usergroup ad role management. By arranging rational relationship between user, user group

and rule, it provides security mechanism for administrator’s safe management.

Certification based upon login prevents illegal users from accessing the system.

Authorized operation ensures secure operations.

Northbound interface makes integration easy.

Due to the booming telecom services, one operator sometimes has to manage multiple

NE-based or network-based professional network management systems. Independent

information in different professional NMs, complicated contents, diversified operating

interfaces generate more and more restrictions. In order to make entire entwork

management more efficient, one network management station can be used to control allinterconnected networks, so that end-to-end integrated management can be

implemented.

Interfaces are used between integrated NM and professional networks. The network

should provide standard open northbound interface for the integrated network

management system, so that they can integrate together rapidly and reliably. NetNumen




7/23/2019 Zxr10 8900e Series




U31 supports multiple northbound interfaces, e.g. CORBA, SNMP, TL1,XML and FTP

etc.

7.2 Main tenance and Management

7.2.1 Multiple Configuration Modes

ZXR10 8900E provides multiple device access and management configuration modes,

which enables customers to choose proper connection way as per different application

scenarios.

Multiple configuration and management modes:

Serial connection configuration： using VT100 termianl mode, serial connection

can use Window operating system to offer super terminal tool for configuration. Bare

metal or devices without connection or configuration must use this connection

configuration mode.

Telnet connection configuration:

− Configure the switch according to IP address of the management Ethernet port

(10/100/1000Base-T) on Telnet MPU.

− Configure IP address under VLAN interface. Set user name and password.

Configure the switch according to IP address of telnet VLAN interface. When

remote users wan to access the device and communicate with it, they have to

choose this connection configuration method.

SSH (Secure Shell)protocol connection configuration: initate SSH server service on

ZXR10 8900E. Connect VLAN port IP address or management Etnerhet IP address

via SSH client software to configure safer switch. When remote customers have

higher security requirements, this connection configuration mode should be

preferred.

SNMP connection configuration: the background network management server is

called SNMP server. The front device ZXR10 8900E is the Client of SNMP. Sharing

one MIB management base, the front and background servers implement

management configuration on ZXR10 8900E via the network management

software. This connection configuration mode enables user to apply network

management software to carry out effective management configuration.




7/23/2019 Zxr10 8900e Series




7.2.2 Monitoring and Maintenance

ZXR10 8900E supports multiple types of equipment monitoring, management and

maintenance. These services enable the device to take correct action in any abnomal

cicurmstance. Also, they can offer all parameters related to equipment operation.

7.2.2.1 Equipment Monitoring

There are indicators on power supply unit, fan, MPU and all sorts of interface card to

show the operating status of the components.

MPU hot-swappable implementation and switchover event are recorded.

When fan, power supply unit and temperature are wrong, sound alarm and software

alarm will be generated.

Check the cross-division feature of the version when the system is running.

Check module temperature automatically in the course of running the system.

Provide temperature control and software alarm services.

The system monitors the running status of the software. If serious abnormity

happens, line card will be restarted and the MPU will be switched over.

7.2.2.2 Equipment Management and Maintenance

The command line provides flexible online help.

Provide hierarchical user authority management and command.

Support information center. Provide unified management of log, alarm and

debugging information.

Support switch cluster management. Provide unified maintenance management

channel for multiple devices.

Query basic information of MUP, interface card and optical module via CLI

command line.

Enable the query of multiple information, including version, component status,

environment temperature, CPU and memory utilization.

Support one-touch device information collection. The command result can either be

displayed on the device or input in the file. Hardware environment, software

information, version information, data configuration, real-time device running status

and protocol information can be displayed. This information can be totally or partially

exported.




7/23/2019 Zxr10 8900e Series




ZXR10 8900E provides multiple diagnosis and debugging methods, which enables user

to have more ways to adjust the device and to have more debugging information.

Ping and TraceRoute: network connectivity confirmation and packet transmission

path record can be the reference of fault location.

Debug: each software has rich debug commands. Each debug command supports

multiple debugging parameters, so it can be controlled flexibly. Debugging

command can be used to export specific device operating process, message

processing and tolerance inspection, etc.

Mirroring service: interface-based mirroring service is supported. The input/output or

bidirectional messages of the observed interface are completely replicated to the

observing interface. Giving support to RSPAN and ERSPAN, it can implement

remote port mirroring.

OAM service: check network status via multiple OAM messages. Device, link and

network fault can be monitored. It helps user to locate the failure rapidly.

SQA: SQA service can send all sorts of detective message to see if multiple

applications and services are on line.

7.2.3 Software Upgrade

ZXR10 8900E enables software upgrade in normal and abnormal circumstances.

Version upgrade when the system is wrong: by changing boot intiation mode the

version upgrade carried out when the device can not be initiated can be done by

downloading new version from the management Ethernet port.

Version upgrade when the system is normal: local or remote FTP online upgrade is

provided when the device is working correctly.

7.2.4 File System Management

1. File System Introduction

In ZXR10 8900E, the software and configuration files are saved in FLASH. The upgrade

and configuration storage of the software version require FLASH operation. FLASH

includes three default categories, i.e. IMG, CFG and DATA.

IMG: this category is used to save software version file. The software version file

ended with .zar is special compression file. Version upgrade refers to the upgrade of

the software version file in this category.

CFG: the configuration file is saved in this category. The configuration file is named

startrun.dat.




7/23/2019 Zxr10 8900e Series




DATA: this category is used to save equipment abnormal information. The file

format is “time.zte”.

2. File System Operation

File backup and recovery: FTP/TFTP is used to backup the software version file,

configuration file and log file of ZXR10 8900E to backgroud server. Or the backup

file can be recovered from the background server.

File export and import: files can be exported and imported. Copy files to the

background host via FTP/TFTP. The achievement of the alarm file and the

modification of the configuration file can be done by importing or exporting services.




7/23/2019 Zxr10 8900e Series




8 Glossary

Table 8-1 Abbreviations

Abbreviations Ful l Charac ter is ti cs

ACL Access Control List

APS Automatic Protect Switch

ASIC Application Specific Integrated Circuit

ATM Asynchronous Transfer Mode

BFD Bidirectional Forwarding Detection

BGP Border Gateway Protocol

BPDU Bridge PDU

CAN Controller-area NetworkCAPEX Capital Expenditures

CDN Content Distribution Network

CDR Call Detail Record

CE Carrier Ethernet

CV Connectivity Verification

DoS Denial of Service

DPI Deep Packet Inspection

DVMRP Distance vector Multicast Routing Protocol

EAPS Ethernet Automatic Protection Switching

ECMP Equal Cost of Multi－path

ESRP Ethernet standby Routing Protocol

FFD Fast Failure Detection

FRR Fast Reroute

GPS Global Position System

GR Graceful restart

H-VPLS Hierarchical Virtual Private Lan Service

ICMP Internet Control Message Protocol

IGMP Internet Group Management Protocol

ISIS Intermediate System－Intermediate System

LACP Link Aggregation Control Protocol

LSP Label Switch Path

MPLS Multi－Protocol Label Switching

MSTP Multiple Spanning Tree Protocol

MTU Maximum Transmission Unit

NE Network Element




7/23/2019 Zxr10 8900e Series





NGN Next Generation Network

OAM Operations Administration and Maintenance

OPEX Operation Expense

OSPF Open Shortest Path First

PIM Protocol Independent Multicast

PIM-DM Protocol Independent Multicast－Dense Mode

PIM-SM Protocol Independent Multicast－Sparse Mode

PIM-SSM Protocol Independent Multicast－Source Specific Multicast

PSN Packet Switch Network

PUPSPV Per User Per Service Per VLAN

PVLAN Private VLAN

PW Pseudo－wire

PWE3 PW Emulation End to End

RED Random Early Detection

RIP Routing Information Protocol

RNC Radio Network Controller

RP Rendezvous Point

RSTP Rapid Spanning Tree Protocol

SDH Synchronous Digital Hierarchy

SLA Service Level Agreement

SMS Service Management System

SNMP Simple Network Management Protocol

SSM Source Specific Multicast

STP Spanning Tree Protocol

SyncE Synchronous Ethernet

SVLAN Select VLAN

TCO Total Cost of Ownership

TCP Transport Control Protocol

TDM Time Division Multiplex and Multiplexer

TL1 Transaction Language 1

TM Traffic Manager

UDP User Datagram Protocol

URPF Unicast Reverse Path Forwarding

VOIP Voice over IP

VPLS Virtual Private Lan Service

VPN Virtual Private Network

VPWS Virtual Private Wire Service

VRF Virtual Routing and Forwarding

VRRP Virtual Router Redundancy Protocol




7/23/2019 Zxr10 8900e Series




WRED Weighted Random Early Detection

WFQ Weighted Fair Queuing

ZESR ZTE Ethernet Smart Ring

ZESS ZTE Ethernet Smart Switching

ZXROS ZTE Router Operating System

Zxr10 8900e Series

Documents

Transcript of Zxr10 8900e Series