ZXR10 2900E Description
Product
ZXR10 2900E Product Description
ZXR10 2900E Product Description Version
Date
Author
_
Reviewer
V1.0
2011/9/25
LIUSHENG
YUANZHIYONG
V1.1
2011/10/14
LIUSHENG
YUANZHIYONG
Notes Not open to the third party Add high light description for ipv6 and OAM Add
feature
description
for
LLDP,UDLD,VOICE VLAN V1.2
2011/12/29
LIUSHENG
YUANZHIYONG
Fit to the new template
V1.3
2012/03/19
LIUSHENG
YUANZHIYONG
Add ZXR10 2928E-PS description
V1.4
2012/07/28
LIUSHENG
YUANZHIYONG
SYN hardware description
V1.5
2012/12/05
LIUSHENG
YUANZHIYONG
ZHUOMUNIAO modification
© 2011 ZTE Corporation. All rights reserved. ZTE CONFIDENTIAL: This document contains proprietary information of ZTE and is not to be disclosed or used without the prior written permission of ZTE. Due to update and improvement of ZTE products and technologies, information in this document is subjected to change without notice.
ZTE Confidential Proprietary
1
ZXR10 2900E Product Description
TABLE OF CONTENTS
2
1
Overview ............................................................................................................ 5
2 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11
Highlights........................................................................................................... 6 Energy saving, green and silent ........................................................................... 6 Easy deployment and easy management ............................................................ 6 Flexible networking .............................................................................................. 7 POE ..................................................................................................................... 7 Improve video service experience ........................................................................ 7 Perfect security design ......................................................................................... 8 Diverse VLAN features......................................................................................... 8 Overall supervision .............................................................................................. 9 Bidirectional ACL ................................................................................................. 9 Precision user locating ......................................................................................... 9 Ethernet OAM .................................................................................................... 10
3 3.1 3.1.1 3.1.2 3.1.3 3.1.4 3.1.5 3.2 3.2.1 3.2.2 3.2.3 3.2.4 3.2.5 3.2.6 3.2.7 3.2.8 3.2.9 3.2.10 3.2.11 3.2.12 3.2.13 3.2.14 3.2.15
Functions ......................................................................................................... 11 Basic service functions....................................................................................... 11 MAC address management ............................................................................... 11 VLAN ................................................................................................................. 12 STP features ...................................................................................................... 13 Link aggregation ................................................................................................ 13 Basic Ethernet features ...................................................................................... 14 Value-Added Service (VAS) ............................................................................... 15 DHCP-based batch upgrade .............................................................................. 15 IPTV................................................................................................................... 16 ACL.................................................................................................................... 16 SFLOW .............................................................................................................. 17 RSPAN .............................................................................................................. 18 Global counter ................................................................................................... 18 IP source guard ................................................................................................. 19 Dynamic ARP Inspection (DAI) .......................................................................... 19 LLDP.................................................................................................................. 19 UDLD ................................................................................................................. 20 Voice vlan .......................................................................................................... 20 802.1x authentication ......................................................................................... 20 Ring protection ................................................................................................... 21 ZESS smart switching ........................................................................................ 22 MButton ............................................................................................................. 22
ZTE Confidential Proprietary
ZXR10 2900E Product Description
4 4.1 4.2 4.2.1 4.2.2 4.2.3 4.3 4.3.1 4.3.2 4.3.3 4.3.4
System Architecture........................................................................................ 24 Appearance ....................................................................................................... 24 Hardware Architecture ....................................................................................... 25 Overall Hardware Architecture ........................................................................... 25 Working Principle of Hardware System .............................................................. 26 Introduction to Card ........................................................................................... 26 Software Architecture ......................................................................................... 28 Operation Support Sub-system .......................................................................... 29 MUX Sub-system ............................................................................................... 30 L2 Sub-system ................................................................................................... 30 NM and Maintenance Sub-system ..................................................................... 31
5 5.1 5.2
Technical Indexes and Specifications ........................................................... 32 Physical Indexes ................................................................................................ 32 Basic Specifications ........................................................................................... 34
6 6.1 6.1.1 6.1.2
Operation and Maintenance............................................................................ 37 NetNumen U31 Integrated NM Platform ............................................................. 37 NM Networking .................................................................................................. 37 NetNumen U31 NM System ............................................................................... 38
7 7.1 7.2
Comprehensive Networking Applications ..................................................... 41 Community Access for Enterprise network ......................................................... 41 Corridor Access for MAN ................................................................................... 42
8
Abbreviations .................................................................................................. 43
ZTE Confidential Proprietary
3
ZXR10 2900E Product Description
FIGURES Figure 3-1 QinQ .................................................................................................................13 Figure 3-2 sFlow frame ......................................................................................................17 Figure 3-3 ZESS network topology ....................................................................................22 Figure 4-1 ZXR10 2910E-PS .............................................................................................24 Figure 4-2 ZXR10 2918E ...................................................................................................24 Figure 4-3 ZXR10 2918E-PS .............................................................................................24 Figure 4-4 ZXR10 2928E ...................................................................................................24 Figure 4-5 ZXR10 2928E-PS .............................................................................................25 Figure 4-6 ZXR10 2952E ...................................................................................................25 Figure 4-7 Working principle of the system ........................................................................26 Figure 4-8 Control principle ................................................................................................27 Figure 4-9 System framework diagram ..............................................................................29 Figure 4-10 L2 system structure ........................................................................................30 Figure 7-1 Desktop access for enterprise network .............................................................41 Figure 7-2 MAN access .....................................................................................................42
TABLES Table 5-1 Physical indexes ................................................................................................32 Table 5-2 System specifications ........................................................................................34 Table 8-1 Abbreviations .....................................................................................................43
4
ZTE Confidential Proprietary
ZXR10 2900E Product Description
1
Overview As a new-generation L2 Ethernet intelligent switch introduced by ZTE, ZXR10 2900E series devices can fully satisfy the access to MAN and enterprise network. By enhancing the features in energy saving, user information security, access control and management maintenance, 2900E when compared with similar products are outstanding for its powerful forwarding capability, flexible ACL and rich monitoring manners. ZXR10 2900E include 6 models: ZXR10 2910E-PS, ZXR10 2918E, ZXR10 2918E-PS, ZXR10 2928E,ZXR10 2929E-PS and ZXR10 2952E
ZTE Confidential Proprietary
5
ZXR10 2900E Product Description
2 2.1
Highlights Energy saving, green and silent By using highly integrated design solution, ZXR10 2900E series devices not only reduce entire power consumption, but also reduce fan to realize quiet design. The materials used in making ZXR10 2900E also go in line with European RoHS standard, which indicates minimum environment pollution and great contribution to global environment. With the most advanced chip producing philosophy, the power consumption of the active chip is reduced by 20%. By using multiple energy-saving technologies, for example, disable idle ports and adjust port power consumption as per cable length, ZXR10 2900E try their best to
decrease
the power consumption for the customer maximally. The devices give support to IEEE 802.3az, so it can set the port to idle status dynamically when there’s no traffic processed over the port. In this way, the electricity can be saved, and the power consumption of single port can be reduced by 70%.
2.2
Easy deployment and easy management Exquisite size enables ZXR10 2900E to be installed in small cabinet in corridor. As all the cables are designed in the front of the chassis, so the maintenance staff can easily arrange device inspection and cable installation. They do not need to open the rack panel of the chassis or disassemble the switch completely. Creative M-Button enables the administrator to obtain the status of equipment port, memory and CPU without logging in the system. Automatic remote in-batch upgrade can upgrade multiple devices of the same category at the same time. This mechanism stops the maintenance staffs traveling among different corridors at work.
6
ZTE Confidential Proprietary
ZXR10 2900E Product Description
It supports system information display. Via one command, the system operation information can be collected, which gives conveniences to information collection and failure location. It supports off-power warning. When the device is out of power, it is still capable of sending off-power warning to remote server. In this way, the administration center can be informed of the failure in the shortest time.
2.3
Flexible networking Compared with the products of the same category, ZXR10 2900E provides more flexible networking manner. 8-port device and 16-port device can provide 2 GE uplink interfaces, and 24-port device can provide 4 GE uplink interfaces. The common ring networking requires the device should have at least two uplink interfaces. And the aggregation node must have more than 3 uplink interfaces. But for the similar products from other vendors, 8-port device only provides 1 GE uplink interface, and 24-port device only offers 2 uplink interfaces, which can not satisfy mainstream ring networking. The uplink interface of ZXR10 2900E not only offers combo combination, but also is capable of working in 1000Base X and 100Base X mode in optical status. This makes ZXR10 2900E perfectly meet the requirements of the complicated network environment.
2.4
POE Full series of ZXR10 2900E products give support to all-port POE and POE+ power supply.
Going in line with 802.3af and 802.3at standard, it is also compatible with PD
device which supports 802.3af and 802.3at standard. The power supply efficiency of POE is 15.4W, and the power supply efficiency of POE+ power supply is of up to 30W.
2.5
Improve video service experience ZXR10 2900E series products support IPTV, so they provide rich rules and channel combinations. By supporting QoS mechanism, it gets rid of the traffic engineering management issue caused by multicast service multi-port multiplexing. This method
ZTE Confidential Proprietary
7
ZXR10 2900E Product Description
optimizes video traffic latency, jitter and abrupt packet loss. Also, it reduces the latency when the video service is added in or off line.
At the same time, ZXR10 2900E support
multicast service access control technology, so they can make sure the secure access of the multicast service. This ensures the user to enjoy high-quality video service.
2.6
Perfect security design The security design of ZXR10 2900E is based upon two aspects: one is to guarantee the normal operation of the device, the other is to ensure the security of the data. For self security design, some restrictions to peer-end broadcasting message, multicast message, unknown unicast message. Therefore, these messages will have less impact to CPU. For CPU, the device uses control plane security service to classify and control the speed of the protocol messages that CPU needs to process. This mechanism makes sure that the speed of the delivered the message for the protocol stacking is within a proper range, which avoids the breakdown of CPU caused by exceeding messages. For user data security, besides PVLAN service, ZXR10 2900E also uses DHCP snooping plus IP source guard to make sure user’s validity. For the messages which do not satisfy bounding table, they will be discarded. The device is also capable of DAI service. So that it can effectively restrict ARP-based DOS attack. The device not only can discard arp message which does not accord with the condition, but also can restrict the number of arp one port learns. This mechanism successfully prevents equipment table entity from being occupied maliciously, which makes sure other people can use the resource normally.
2.7
Diverse VLAN features ZXR10 2900E not only gives support to 1:1 vlan map, but also supports N: 1
VLAN map.
In this way, by aggregating vlan at the access side, the device greatly enhances the usability of vlan resource. ZXR10 2900E supports standard QinQ service and flexible SVLAN service, which enables the operator to distinguish user and service at the access side effectively. In this
8
ZTE Confidential Proprietary
ZXR10 2900E Product Description
way, the units can implement different processing policies as per different users and services.
2.8
Overall supervision
ZXR10 2900E supports message mirroring service. It can classify mirroring image of different messages, so that different message mirroring image can go to different port.
ZXR10 2900E supports sFlow service. It can sample the message and send it to the designated server.
ZXR10 2900E support RSPAN service. It is used for the extension of common mirroring. So that, all the messages on the monitored port will be completely sent to the remote receiver.
The device also supports intelligent statistic service. Being different from the traditional accounting service which can only collect the number of the port or queue, the intelligent statistic service can count any interested traffic or port. The counting service can be as precise as one user‘s one service, which accordingly provides effective monitoring way for precise operation.
2.9
Bidirectional ACL In the course of further developing similar products, ZXR10 2900E at the same time supports incoming and outgoing ACL. User can implement both incoming and outgoing traffic classification and speed restriction at the same time. This mechanism enables more comprehensive and flexible ACL.
2.10
Precision user locating Via multiple methods like DHCP, option82, PPPOE+ and VBAS, ZXR10 2900E can provide user’s accurate location for the network management center. The field with user location information can be configured freely to meet different operators’ requirements.
ZTE Confidential Proprietary
9
ZXR10 2900E Product Description
2.11
Ethernet OAM Ethernet OAM is a very important guarantee to provide high-quality carrier-class network. In addition to monitor the changes of the link status in time, it also evaluates the service quality of the link. So that, the network maintenance staff can easily locate the network failures. So far, ZXR10 2900E supports two sorts of OAM protocols, i.e. 802.1ag, 802.3ah
10
ZTE Confidential Proprietary
ZXR10 2900E Product Description
3
Functions
3.1
Basic service functions
3.1.1
MAC address management ZXR10 2900E series fulfills the following MAC functions:
Convert dynamic MAC address into static one
On one hand, the administrator expects that the user is fixed only to a port; on the other hand, he does not want to configure too many static addresses. The function can be used to reach the goal.
Bind MAC address to a port
Dynamic, static or permanent MAC address can be added to MAC address table. The correspondence relation between static or permanent MAC address and port is fixed, and cannot be cancelled until the address is deleted manually.
Limit MAC address number of a port
MAC address table capacity of a switch is limited. When many users are available and MAC address table will reach the capacity limit, the MAC address number of low-priority user port will be restricted. The restriction can prevent MAC address broadcast to drive MAC address table to overflow the network attack.
Port MAC address learning protection
When abnormal MAC address learning of a port is checked out, the switch will protect the MAC address learning for some time. New address learning cannot be done in the protection. When the protection expires, the port will be in the state of MAC learning again.
Unknown-source MAC address filtering of a port
ZTE Confidential Proprietary
11
ZXR10 2900E Product Description
Unknown-source MAC address filtering of a switch port is closed by default, and the port does not filter the unknown-source MAC address. If a switch port is configured with enabling the unknown-source MAC address filtering, relative port will discard the packet of unknown-source MAC address received at the port and learn it.
MAC address filtering
Data frame can be filtered according to MAC address in the following ways: 1.
Only the source MAC address of data frame is matched. If the source MAC address is the set MAC address, the data frame will be filtered.
2.
Only the destination MAC address of data frame is matched. If the destination MAC address is the set MAC address, the data frame will be filtered.
3.
The source or destination MAC address of data frame is matched. If the source or destination MAC address is the set MAC address, the data frame will be filtered.
3.1.2
VLAN Support port-based vlan, 1:1 and N:1 vlan translation, PVLAN, QinQ and SVLAN. QinQ, known as the tunnel protocol based on IEEE 802.1Q encapsulation, is also called VLAN stack. QinQ adds a VLAN label (external label) outside the existing VLAN label (internal label). The external label can shield the internal label. QinQ without protocol support can implement simple L2VPN, and is suitable for miniLAN taking L3 switch as the backbone. Typical QinQ networking is as follows. The port connecting user network is Customer port, the port connecting SP network is Uplink port, and SP network edge access equipment is called PE (Provider Edge).
12
ZTE Confidential Proprietary
ZXR10 2900E Product Description
Figure 3-1
QinQ
User network 1 CVLAN1100
SPVLAN 10 customer port Switch A PE
SPVLAN 10 Uplink port SP network
SPVLAN 10 Uplink port
Switch B PE
SPVLAN 10 customer port
User network 2 CVLAN1100
User network accesses PE via Trunk VLAN. Uplink ports in SP network are connected symmetrically via Trunk VLAN. When the packet comes from user network 1 to switch A customer port, no matter whether the packet is tagged or untagged, switch A will forcedly insert the external label (VLAN ID is 10). In SP network, the packet reaches switch B via VLAN 10 ports. Switch B finds out the port connected to user network 2 is customer port, removes the external label according to the conventional 802.1Q protocol, restores it to the original packet, and sends it to user network 2. The data between user network 1 and 2 can be transmitted transparently via SP network. User networks can freely plan their own private network VLAN ID to avoid the conflict with SP network VLAN ID.
3.1.3
STP features Support RSTP and MSTP as well as such protection features as bpdu guard, root guard and loop guard.
3.1.4
Link aggregation Link aggregation, known as Trunk, binds several physical ports into one logic port to share incoming/outgoing traffic load among member ports. The switch decides according to port load sharing policy configured by the user via which member port the packet is sent to the opposite switch. When detecting that a fault occurs to the link of a member
ZTE Confidential Proprietary
13
ZXR10 2900E Product Description
port, the switch will stop sending the packet via the port, and recalculate and decide a port for packet transport according to load sharing policy. After the faulty port restores, the switch will recalculate and decide a port for packet transport again. Link aggregation is an important technology to increase link bandwidth and support link transport resilience and redundancy. ZXR10 2900E supports static Trunk and LACP link aggregation. Static Trunk adds several physical ports directly to Trunk group to form one logic port, but it is not good at observing the status of link aggregation port. LACP (Link Aggregation Control Protocol), following IEEE 802.3ad, dynamically aggregates several physical ports into Trunk group through the protocol to form one logic port. LACP automatically aggregates to get the maximum bandwidth.
3.1.5
Basic Ethernet features ZXR10 2900E supports the following basic Ethernet features: Port mirroring copies the data of one or several switch ports (mirrored port) to one designated destination port (monitored port) to get the data of the monitored port for traffic analysis and wrong diagnosis
port
data. The mirroring (RSPAN) of
cross-equipment ports is supported. It can limit the number of broadcast packet allowed to pass Ethernet port per second. When broadcast traffic exceeds the value set by the user, the system will discard broadcast traffic, thus broadcast traffic will be reduced to a reasonable range to suppress broadcast storm and avoid network congestion to assure network services of normal operation. Broadcast storm suppression takes the set rate as the parameter. The smaller rate means the smaller broadcast traffic allowed to pass.
14
ZTE Confidential Proprietary
ZXR10 2900E Product Description
ZXR10 2900E supports cable line diagnosis analysis and test. It can check line and connection and find the location of cable fault to facilitate network management and fault locating. GE electrical interface is connected to other devices via network cable. Network cable has 4 twisted pairs. 100M network cable uses twisted pair 1-2 and 3-6, and 1000M 1-2, 3-6, 4-5 and 7-8. The status of each twisted pair can be detected in line check. Line statuses are as follows: 1.
Open: Open-circuit line
2.
Short: Short-circuit line
3.
Good: Normal line
4.
Broken: Open-circuit or short-circuit line
5.
Unknown: Unknown or no result
6.
Crosstalk: Line coupling
7.
Fail: Failed detection
3.2
Value-Added Service (VAS)
3.2.1
DHCP-based batch upgrade ZXR10 2900E supports the DHCP-based batch upgrade. By supporting DHCP option66, 67 and 150, the device gets the server address, catalog and filename storing the version. Option150 stores the server IP address, option66 the version path, and option67 the version filename. With the information, the device can automatically get the version from the designated location via FTP or TFTP, which simplifies upgrade procedure, facilitate operation & maintenance and increase working efficiency.
ZTE Confidential Proprietary
15
ZXR10 2900E Product Description
3.2.2
IPTV IPTV, known as interactive network TV and launched by carriers based on broadband, uses IP broadband network and integrates Internet, multimedia and telecom technologies to provide for the user such interactive services as live TV, video VOD and Internet browse.
The user gets the services via PC or “IP set top box+TV”.
Controllable multicast is one of key technologies of ZTE’s IPTV system structure, and usually works at the broadband access network side. The equipment (BRAS, access equipment or switch) implementing the multicast control policy is called the multicast control point. As the termination point of user multicast IGMP request, the multicast control point decides according to relative IGMP request and control policy whether to copy multicast flow to user port. The closer the multicast control point is, the more network bandwidth the user can save. As the key equipment to implement the multicast control policy, Multicast control point supports the following services: IGMP V1/V2, IGMP Snooping, IGMP Filter, IGMP Proxy, IGMP Fastleave, MVR(Multicast Vlan Register), SGR(Static Group Register), UGAC(User Group Access Control) and UGAR(User Group Access Record). User’s on-demand authority can be controlled by binding rules and channels.
3.2.3
ACL ZXR10 2900E supports egress and ingress ACL. ZXR10 2900E offers the following four types of ACL
Basic ACL: Only match source IP address.
Extension ACL: Match source IP address, destination IP address, IP protocol type, TCP source port No., TCP destination port No., UDP source port No., UDP destination port No., ICMP type, ICMP Code, DSCP (DiffServ Code Point), and ToS.
L2 ACL: Match source MAC address, destination MAC address, source VLAN ID, L2 Ethernet protocol type, and 802.1p priority value.
Mixed ACL: Match source MAC address, destination MAC address, source VLAN ID, source IP address, destination IP address, TCP source port No., TCP
16
ZTE Confidential Proprietary
ZXR10 2900E Product Description
destination port No., UDP source port No., and UDP destination port No., including all matching fields of the above types.
3.2.4
SFLOW sFlow is the IETF standard traffic monitoring technology. It has low hardware requirements, less equipment resource consumption and high technical commonality, so it is now used by multiple vendors. sFlow service mainly consists of three parts: sFlow message sampling unit, sFlow proxy unit and sFlow collector (or named analyzer ). The sampling and proxy units of sFlow are integrated in the network equipment; while sFlow collector which analyzes messages of multiple sFlow proxies is out of the system structure. The entire basic system architecture is as shown in the following figure:
Figure 3-2
ZTE Confidential Proprietary
sFlow frame
17
ZXR10 2900E Product Description
sFlow sampling unit is the basis of sFlow mechanism. sFlow samples network
packets
at the network interface supporting sFlow and sends sampled packets to sFlow agent equipment for processing. sFlow Collector is the network equipment sFlow uses to manage, monitor, collect and analyze. It stores and analyzes network packets from sFlow Agents, and gives equipment traffic and service analysis reports and tables.
3.2.5
RSPAN Remote Switched Port Analyzer (RSPAN), i.e. remote port mirroring,
without asking the
mirrored port and the mirroring port on the same switch, enables cross-network mirrored port
and mirroring port. This gives great convenineces to the administrator for remote
switch management. The following switches can fulfill the RSPAN function.
Source switch: The switch of the monitored port makes L2 forwarding of the traffic, which needs to be mirrored, at Remote-probe VLAN L2 and forwards it to intermediate switch or destination switch.
Intermediate switch: The switch between source switch and destination switch in the network transports the mirroring traffic to the next intermediate switch or destination switch via Remote-probe VLAN. If source switch and destination switch are directly connected, there will be no intermediate switch.
Destination switch: The switch of destination port for remote mirroring forwards the mirroring traffic received from Remote-probe VLAN to the monitoring equipment via the mirroring destination port.
3.2.6
Global counter ZXR10 2900E has unique global counter. The port and flow to be monitored can be bound to a separate global counter. The specific flow can be decided according to flow classification. For example, monitor a specific source IP and destination IP. After binding, global counter separately counts the packets matching the flow.
18
ZTE Confidential Proprietary
ZXR10 2900E Product Description
Global counter provides the carriers with an effective way to monitor network traffic status, which may be for a specific traffic of each user, so as to offer more data for network structure planning.
3.2.7
IP source guard IP source guard is a policy control technology. Based upon dynamic DHCP snooping table entry or manual static table entry, it is mainly responsible for checking if IP+MAC the same as DHCP snooping table entry or manual static table entry. If they are not the same, the message will be judged as illegal. Then it will be discarded or sent to CPU.
3.2.8
Dynamic ARP Inspection (DAI) ARP attack is the most commonly seen means in the network. It has two ways: One is to transmit a lot of ARP packets which is beyond normal processing capability and break down the equipment; the other is to transmit faked ARP packets and make the equipment learn wrong table items, thus the packets of a normal user are wrongly forwarded to the hacker faking the ARP packets and let him get private information of the user. DAI service can effectively process ARP attack. After initiating DAI, the equipment can restrict the number of ARP sent by the port, which guarantees adequate processing capability of the equipment. Also, DAI service can check the legality of the received ARP message according to user table entry generated dynamically. When the received ARP message does not accord with the user dynamic table entry of this port, this message will be dropped to make sure the correctness of the forwarding table entry.
3.2.9
LLDP LLDP is a neighbor discovery protocol. The network device informs its information to other devices via this protocol, so that it can builds neighbor relationship with different devices. 。ZXR10 2900E supports multiple LLDP TLV attributes, so it can announces its port and system information to the neighbors accurately.
ZTE Confidential Proprietary
19
ZXR10 2900E Product Description
At the same time, ZXR10 2900E supports LLDP MED.
LLDP EMD shortened from
LLDP for Media Endpoint Devices is usually used by the switch to configure the interconnecting terminal device.
3.2.10
UDLD UDLD a L2 network protocol is used to detect the single pass of the physical link among devices. Sometimes, the physical links between two devices only process the incoming data or outgoing data. At this moment, the links are in normal status, but the message transport is aberrant. After detecting the problem, the UDLD can either send alarms or close the port. The specific processing is decided by the specific configuration.
3.2.11
Voice vlan The voice vlan can provide higher forwarding priority for the voice data message. After detecting the accessed voice device, ZXR10 2900E without considering the default priorities of the data transfers the legal voice data o the appointed voice vlan. Also it will give them a higher priority to guarantee they can be forwarded first.
3.2.12 802.1x authentication DOT1X (IEEE 802.1x) is the port-based network access control protocol. It optimizes authentication means and authentication architecture and resolves the issues caused by conventional PPPoE and Web/Portal authentication, so it is more suitable for broadband Ethernet. IEEE 802.1x protocol architecture consists of three major parts: Supplicant System, Authenticator System and Authentication Server System. 1.
Supplicant system is a user terminal system which is usually installed with a supplicant software. The user starts the software to initiate the authentication in IEEE802.1x protocol. In order to support the port-based access control, supplicant system needs to support EAPOL (Extensible Authentication Protocol Over LAN).
20
ZTE Confidential Proprietary
ZXR10 2900E Product Description
2.
Authenticator system is usually the network equipment supporting IEEE802.1x protocol, such as switch. The equipment corresponds to the ports of different users (They may be physical ports, or MAC address, VLAN and IP of user equipment). Two logic ports are available: controlled port and uncontrolled port. i.
Uncontrolled port is always in bidirectional connection status and transmits EAPOL protocol frame to ensure that the supplicant can always send or receive the authentication.
ii.
Only when the authentication is passed, can controlled port be opened to transmit network resource and service. Controlled port can be configured to bidirectional control or input control for different applications. If the user does not pass the authentication, controlled port will be in authentication
status,
and the user will not access the service provided by authenticator system 3.
Authentication server is usually RADIUS server. It can store the user-related information, e.g., user VLAN, CAR parameters, priority, and user access control list. When the user passes the authentication, authentication server passes the user-related information to authenticator system which creates the dynamic access control list, and subsequent user traffic will be under the supervision of the above parameters. Authentication server communicates with RADIUS server through RADIUS protocol.
3.2.13 Ring protection ZTE Ethernet Switch Ring (ZESR) based upon EAPS principle of rfc3619 protocol makes some progresses. It makes sure if the ring works smoothly. Also it confirms there’s only one logic smooth path between two nodes. The port status can be changed between block and forward status according to the situation of the ring (through-break, break-through), which enables fast switchover of the logical path. ZESR supports multiple such as network topologies as tangent ring and insectant ring as well as multi-domain configuration. ZXR10 2900E ZESR supports to work with PVLAN to comply with MEF networking model.
ZTE Confidential Proprietary
21
ZXR10 2900E Product Description
3.2.14 ZESS smart switching ZTE Ethernet Smart Switch (ZESS), an Ethernet intelligent switchover technology introduced by ZTE, describes a highly efficient link switchover mechanism. When the active link breaks down, traffic can be switched over to the standby link, which makes sure normal data transmission. As shown in Figure 3, node 1 supports ZESS.
Port 1 is master port and port 2 is slave
port. When node 1 finds that master port and slave port are UP, the protection service VLAN forwarding of slave port will be blocked. When node 1 finds that master port is DOWN, the protection service VLAN forwarding of master port will be blocked, and the protection service VLAN forwarding of slave port will be opened. When node 1 finds that master port restores to UP, inversion and non-inversion modes are available. In inversion mode, master port is opened and slave port is blocked again. In non-inversion mode, master port is still blocked and slave port is still opened. Furthermore, when ZESS is switched, FDB of the blocked port will be upgraded.
Figure 3-3
ZESS network topology
Upper-level network
Node 3
Node 2
Slave port
Master port
Node 1
3.2.15 MButton ZXR10 2900E switch can provide the MButton function without increasing user cost. The function makes use of existing port indicators to indicate the run status of the switch.
22
ZTE Confidential Proprietary
ZXR10 2900E Product Description
MButton can switch different modes. When a mode is switched, port indicator shows system status of the mode according to relative rules. The following statuses are available now:
Port link status
Port duplex status
Port rate status
Memory utilization rate
CPU utilization rate
Port of packets with CRC error
Port generating broadcast storm
Uplink interface bandwidth occupancy
Port which does not learn MAC address
Ping NM server
POE status
ZTE Confidential Proprietary
23
ZXR10 2900E Product Description
4 4.1
System Architecture Appearance ZXR10 2900E is a sort of cassette Ethernet switch. Its hardware is composed by chassis, control switching fabric unit, line interface unit and power supply unit. The size of the chassis
24
goes in line with European standard.
Figure 4-1
ZXR10 2910E-PS
Figure 4-2
ZXR10 2918E
Figure 4-3
ZXR10 2918E-PS
Figure 4-4
ZXR10 2928E
ZTE Confidential Proprietary
ZXR10 2900E Product Description
Figure 4-5
ZXR10 2928E-PS
Figure 4-6
ZXR10 2952E
4.2
Hardware Architecture
4.2.1
Overall Hardware Architecture ZXR10 2900E is a cassette product that adopts centralized hardware architecture design. All service interfaces are directly connected to switching main control card.
ZTE Confidential Proprietary
25
ZXR10 2900E Product Description
4.2.2
Working Principle of Hardware System Figure 4-7 Working principle of the system
4.2.3
Introduction to Card ZXR10 2900E system contains one main control card and service expansion slot. The cards can be divided into switching control module, power supply module and interface module based on the responsibilities they assume.
4.2.3.1
Control Card Control card is the core component of ZXR10 2900E. It mainly implements two functions of control module and switch module. In ZXR10 2900E system, control switch card is installed in the cassette structure with no independent panel. Its related interface and indicator are on the front panel of the system. The principle is shown in the following diagram:
26
ZTE Confidential Proprietary
ZXR10 2900E Product Description
Figure 4-8
4.2.3.2
Control principle
Control Module Control module is composed of main processor and some external functional chips. It provides various external operation interfaces such as serial interface, and Ethernet interface to implement processing of various applications by the system. The main processor adopts high-performance CPU processor to implement the following tasks:
4.2.3.3
System network management protocol such as SNMP.
Network protocol such as STP.
Takes data operation and maintenance.
Switch Module Switch module adopts the private Switch chip with multiple FE and GE bi-directional interfaces integrated. It can process multi-port wire-speed switching. The switch chip can implement the following functions:
Storage, forwarding, and switching
ZTE Confidential Proprietary
27
ZXR10 2900E Product Description
Support 10KB jumbo frame
Support priority queuing. When CoS queue is in congestion, it drops frames selectively.
4.3
Software Architecture Ethernet switch ZXR10 2900E series switch is capable of L2 switching, providing L2 wire-speed switching and QoS guarantee. The system
software
implements
management, control and data forwarding of system. Its basic tasks include system start, system configuration and management, protocol operation, table maintenance, switching chip setting and state control, and some special packet software forwarding. System software mainly implements the following functions: SNMPv3 的 Agent 功能;It implements major L2 protocol functions including 802.1D STP protocol, 802.1P priority control, 802.1Q VLAN functions, and 802.3ad link aggregation. It supports IPv4 protocol stacking. It realizes multi-layer services of ACL and DHCP. It implements part of broadband access functions and network management protocol. Users can take network management of Ethernet switch by serial interface terminal, Telnet, and SNMP Manager, covering network configuration management, failure management, performance management, and security management. System software can be divided into the following four sub-systems based on the above system function requirements.
Operation support sub-system. It includs software modules of BSP, ROS, SSP and VxWorks kernel.
MUX sub-system. It includes data distributing module, statistics monitoring module and drive encapsulating module. Data distributing module takes charge of distribution of data packets in the drive and upper layer software. Statistics monitoring module takes charge of statistics data forwarding message and drive software table monitoring.
L2 sub-system. It includes STP, LACP, IGMP SNOOPING, MAC address management, VLAN management, and L2 data forwarding.
28
ZTE Confidential Proprietary
ZXR10 2900E Product Description
Network management and operation maintenance sub-system. It implements Agent function of SNMP network management. It supports command line management, provides operation maintenance interface and provides MIB information.
4.3.1
Operation Support Sub-system Operation support sub-system drives and encapsulates hardware in the lower layer to provide support for other software systems in the upper layer. Operation support sub-system mainly provides support for hardware operation, distributes operation resource for hardware, and provides related interface for software in upper layer. Operation support sub-system uses ZXR10 ROS platform including system support, system control, version loading control, BSP, and SSP. System support can be further divided into modules of operation system kernel, process scheduling, process communication, timer management, and memory management. The system diagram of operation support sub-system is shown in the following figure:
Figure 4-9
ZTE Confidential Proprietary
System framework diagram
29
ZXR10 2900E Product Description
4.3.2
MUX Sub-system MUX sub-system implements information switching of drive and upper layer software, and takes statistics and monitoring of software table of switching chip. The main functions of MUX sub-system are data forwarding and statistics monitoring. MUX layer receives data packets from drive module and distributes data packets based on ETHER TYPES field in MAC frame. MUX data forwarding also takes charge of encapsulating data forwarding function of the drive. It provides new data forwarding function invoking for each module in upper layer, which invokes data forwarding function provided by MUX to implement forwarding when there’s data packet or protocol packet needs to be forwarded. Statistics monitoring takes charge of state statistics of drive layer, physical layer and MUX layer, receiving and sending packets statistics, register reading monitoring, and data packet sniffer. It provides OAM module with interface function.
4.3.3
L2 Sub-system L2 sub-system mainly implements configuration management (management layer) of data link layer, L2 protocol processing (control layer), and data forwarding (data layer or service layer). Its functional
Figure 4-10
30
L2 system structure
ZTE Confidential Proprietary
ZXR10 2900E Product Description
4.3.4
NM and Maintenance Sub-system Foreground network management and operation maintenance sub-system use TCP/IP to work as SNMP network management agent. They use the executive body of managed entity in lower layer to implement management. By network communication background and foreground network management take management of foreground system and realize separation of management network and transport network.
ZTE Confidential Proprietary
31
ZXR10 2900E Product Description
5 5.1
Technical Indexes and Specifications Physical Indexes Table 5-1
Physical indexes
Physical indexes Dimensions (H*W*D)m m
2910E-PS
2918E
43.6*340*2 20
2918E-PS
2928E
43.6*442*220
2928E-PS
2952E
43.6*442* 440
43.6*44 2*280
Maximal weight for the whole
3.0kg
2.8kg
3.8kg
3kg
6.4kg
3.4kg
set Not POE
Support
suppor t
32
Not Support
suppor t
Support
Not support
ZTE Confidential Proprietary
ZXR10 2900E Product Description
Support
Support Suppo rt
AC
and DC
Power supply
Only
input
support AC
AC:
input
100V
AC: 100V~
~
240V,
240V,
50Hz~
50Hz
60Hz
~ 60Hz DC: -48V~ -57V
Maximal consumptio n
Working
AC and DC input, support external power supply AC: 100V~ 240V, 50Hz~ 60Hz DC: -48V~ -57V RPS: -52V~
two Suppo rt AC and DC input AC: 100V ~ 240V, 50Hz ~ 60Hz DC: -48V~ -57V
modular power, both support AC and
-48V~
Maximal
Maximal
Maximal
consumptio
consumpti
consumpti
n for the
on for the
on for the
whole set::
whole set:
whole set:
POE
311W POE
DC input
DC: -57V
13W
AC and
DC input。 AC: 100V~ AC : 240V, 100V 50Hz~ ~ 60Hz 240V DC: AC; -48V~ 50/6 -57V 0Hz
-57V DC
306W
Support
17.1W
831W POE
maximal
maximal
maximal
output
output
output
power:
power:
power:
240W
247W
720W
27.2W
-5℃~50℃
temperatur e Working
10%~90%
humidity Earthquake
8 earthquake intensity
proof Reliability
ZTE Confidential Proprietary
MTBF>200,000 hours, MTTR
