Escolar Documentos
Profissional Documentos
Cultura Documentos
V600R006C00
Product Description
Issue 01
Date 2012-09-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Email: support@huawei.com
Purpose
This document describes the product positioning and features, product architecture, link
features, service features, application scenarios, operation and maintenance, and technical
specifications of the NE40E device.
This document provides an overall description of the NE40E device, which helps intended
readers get a general understanding of all the product features.
Intended Audience
This document is intended for:
l Network planning engineers
l Hardware installation engineers
l Commissioning engineers
l Data configuration engineers
l On-site maintenance engineers
l Network monitoring engineers
l System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
Symbol Description
Indicates a tip that may help you solve a problem or save
time.
Contents
12 NMS ....................................................................................................................................... 97
A Acronyms and Abbreviations.............................................................................................. 99
2 Product Positioning
NE40E-X3(AC) NE40E-8
3 Product Architecture
SFU module
(1) The link connects to the managment bus switching unit of another MPU
Monitoring Monitoring
unit unit
Monitoring
plane System
monitoring unit Monitoring
Monitoring unit
unit
Management Management
System
unit unit
Control and controlling unit
management
plane Management Management
Switching
unit unit
network
control unit
Forwarding Forwarding
unit unit
Data plane
Switching
network Forwarding
Forwarding
unit unit
LPU LPU
l The data plane is responsible for high speed processing and non-blocking switching of
data packets. It encapsulates or decapsulates packets, forwards IPv4/IPv6/MPLS packets,
performs QoS as well as scheduling and internal high-speed switching, and collects
statistics.
l The control and management plane completes all control and management functions for
the system and is the core of the entire system. Control and management units process
protocols and signals, and maintain, manage, report on, and control system status.
l The monitoring plane monitors the ambient environment to ensure secure and stable
operation of the system. It detects voltage levels, controls system power-on and-off,
monitors temperature, and controls fan modules. When a unit fails, the monitoring plane
isolates the faulty unit promptly so that other parts of the system can continue to run
normally.
Power FAN
Monitoring Monitoring
RPS RPS
SNMP
Master Slave
IPC
LPU
FSU FSU FSU
……
EFU EFU EFU
Software of the NE40E consists of the Routing Process System (RPS), power monitoring
system, fan monitoring system, Forwarding Support Unit (FSU), and Express Forwarding
Unit (EFU).
The RPS, which includes IPOS software, VRP software, and product-adaptation software, is
the control and management module that runs on the MPU. The RPS on the active MPU and
the one on the standby MPU back up each other. RPSs support IPv4/IPv6, MPLS, LDP, and
routing protocols, calculate routes, establish LSPs and multicast distribution trees, generate
unicast, multicast, and MPLS forwarding tables, and they deliver information concerning all
the preceding mentioned to the LPU.
PIC
Datagram Datagram
Congestion Queue
QoS in the management scheduling QoS in the
upstream Queue Congestion downstream
scheduling management
TM Multicast replication
As shown in Figure 3-4, the Packet Forwarding Engine (PFE) adopts a Network Processor
(NP) or an Application Specific Integrated Circuit (ASIC) to implement high-speed packet
routing. External memory types include Static Random Access Memory (SRAM), Dynamic
Random Access Memory (DRAM), and Net Search Engine (NSE). The SRAM stores
forwarding entries; the DRAM stores packets; the NSE performs searching routing table.
Data forwarding processes can be divided into upstream and downstream processes based on
the direction of the data flow.
l Upstream process: The Physical Interface Card (PIC) encapsulates packets to frames and
then sends them to the PFE. On the PFE of the inbound interface, the system
decapsulates the frames and identifies the packet types. It then classifies traffic according
to the QoS configurations on the inbound interface. After traffic classification, the
system searches the Forwarding Information Base (FIB) for the outbound interfaces and
next hops of packets to be forwarded. To forward an IPv4 unicast packet, for instance,
the system searches the FIB for the outbound interface and next hop according to the
destination IP address of the packet. Finally, the system sends the packets containing
information about outbound interfaces and next hops to the traffic management (TM)
module.
l Downstream process: Information about packet types that have been identified in the
upstream process and about the outbound interfaces is encapsulated through the link
layer protocol and the packets are stored in corresponding queues for transmission. If an
IPv4 packet whose outbound interface is an Ethernet interface, the system needs to
obtain the MAC address of the next hop. Outgoing traffic is then classified according to
the QoS configurations on the outbound interfaces. Finally, the system encapsulates the
packets with new Layer 2 headers on the outbound interfaces and sends them to the PIC.
4 Technical Specifications
Forwarding capacity 3200 Mpps 1600 Mpps 300 Mpps 400 Mpps
Interface capacity 3.2 Tbit/s 1.6 Tbit/s 240 Gbit/s 320 Gbit/s
(bidirectional) (bidirectional (bidirectional (bidirectional (bidirectional)
) ) )
SDRAM 2 GB (The 2 GB (The 2 GB 2 GB
capacity can capacity can
be extended be extended
to 4 GB.) to 4 GB.)
Flash 32 MB 32 MB 32 MB 32 MB
5 Boards
5.1 FPIC
LPUF-10 and Its FPICs
The LPUF-10 provides four sub-slots and supports a maximum of 10 Gbit/s bandwidth.
The LPUF-10 FPICs support hot swapping and automatic configuration restoration. The
LPUF-10 supports installation of different types of FPICs.
Name Remarks
Flexible Card Line Processing Motherboard
Name Remarks
Unit(LPUF-10,four slots)
Name Remarks
Flexible Card Line Processing Unit(LPUF-21,2 Motherboard
sub-slots) A (L3VPN, MVPN, IPv6 Enhanced) The LPUF-21-A supports all
software features provided by
the NE40E.
Flexible Card Line Processing Unit(LPUF-21,2 Motherboard
sub-slots) B The LPUF-21-B does not
support L3VPN, MVPN, or
IPv6. LPUF-21-B can be
upgraded with licenses to
support all functions of the
LPUF-21-A.
Name Remarks
Flexible Card Line Processing Motherboard
Unit(LPUF-40,2 sub-slots) A (L3VPN, The LPUF-40-A supports all software
MVPN, IPv6 Enhanced) features provided by the NE40E.
Name Remarks
Flexible Card Line Processing Motherboard
Unit(LPUF-50,four slots)
Name Remarks
Flexible Card Line Processing Motherboard
Unit(LPUF-51,2 sub-slots)
Flexible Card Line Processing Motherboard
Unit(LPUF-51,2 sub-slots) B
Name Remarks
Flexible Card Line Processing Motherboard
Unit(LPUF-100,4 sub-slots)
Name Remarks
Flexible Card Line Processing Motherboard
Unit(LPUF-101)
5.2 LPUS-20
Table 5-8 LPUS-20
5.3 LPUI-21-L
Table 5-9 LPUI-21-L
5.4 LPUI-41
The LPUI-41 can be used only on the NE40E-X16, NE40E-X8, NE40E-X3 and NE80E.
5.5 LPUS-41
The LPUS-41 can be used only on the NE40E-X16, NE40E-X8, NE40E-X3 and NE80E.
5.6 LPUI-51
The LPUI-51 can be used only on the NE40E-X16, NE40E-X8, NE40E-X3 .
5.7 LPUS-51
The LPUS-51 can be used only on the NE40E-X16, NE40E-X8, NE40E-X3.
5.8 LPUI-100
The LPUI-100 can be used only on the NE40E-X16 and NE40E-X8.
5.9 LPUS-100
The LPUS-100 can be used only on the NE40E-X16 and NE40E-X8.
5.10 LPUI-101
The LPUI-101 can be used only on the NE40E-X16, NE40E-X8, NE40E-X3.
5.11 LPUS-101
The LPUS-101 can be used only on the NE40E-X16, NE40E-X8, NE40E-X3.
5.12 SPU
Table 5-18 SPU
Flexible Card Versatile Service Unit 10 A VSUF-10 implements the FCC, RET and
(VSUF-10) MDI functions.
Flexible Card Versatile Service Unit 80 It forwards data at 80 Gbit/s and can hold
(VSUF-80) one versatile service flexible card (SP80).
Flexible Card Versatile Service Unit 160 It forwards data at 160 Gbit/s and can hold
(VSUF-160) two versatile service flexible cards
(SP160s).
6 Link Features
The Link Aggregation Control Protocol (LACP) maintains link status according to
interface status. LACP adjusts or disables link aggregation in the case of aggregation
changes.
l Virtual Ethernet interfaces
The NE40E supports virtual Ethernet (VE) interfaces. After an ATM Permanent Virtual
Circuit (PVC) is mapped to a manually-created VE interface, Ethernet frames can be
transmitted over the ATM Adaptation Layer (AAL5). This enables the VE interface to
provide Layer 2 switched services and Layer 3 IP services.
VE interfaces support IPv4 and IPv6 addresses and VRF dual-stack.
l Ethernet clock synchronization
l 1588v2 clock
l VLAN sub-interfaces
l Interface loopback, including local loopback and remote loopback
1483B supported by the NE40E is applicable to IPoEoA. IPoEoA indicates that Ethernet
packets are carried over AAL5 and IP packets are carried over the Ethernet. This
implements Layer 2 forwarding of IPoEoA packets between the Ethernet and PVC. By
converging the ATM backbone network and the IP network, IPoEoA supports various
Ethernet and IP services.
l ATM cell relay
The NE40E supports PVC-based or PVP-based ATM cell relay and AAL5 SDU relay.
The NE40E supports the following ATM cell relay modes:
− Interface-based ATM cell relay
− 1-to-1 VCC cell relay
− N-to-1 VCC cell relay
− 1-to-1 VPC cell relay
− N-to-1 VPC cell relay
− ATM AAL5-SDU VCC transport
l Interface loopback, including local loopback and remote loopback
l Configuration of the MTUs for IPv4 and MPLS packets
l Line clocks
l Scrambling and descrambling of transmitted data
l Configuration of the shutdown and undo shutdown commands on ATM interfaces
l Configuration of the shutdown and undo shutdown commands on PVCs/PVPs
l Configuration of the shutdown and undo shutdown commands on sub-interfaces
l AAL5 SNAP encapsulation
l Cell relay and IWF on different sub-interfaces of the same ATM interface
7 Service Features
l VLAN trunk
l VLANIF interfaces
l VLAN aggregation
l Inter-VLAN port isolation
l Ethernet sub-interfaces
l VLAN aggregated sub-interfaces
l Port number-based VLAN division
l VLAN mapping
l VLAN stacking
l MAC address limit
l Unknown unicast/multicast/broadcast suppression
l Spanning Tree Protocol (STP)/Rapid Spanning Tree Protocol (RSTP)
l Multiple Spanning Tree Protocol (MSTP)
l RRPP with switching time less than 50 ms
7.2 IP Features
7.2.1 IPv4/IPv6 Dual Stack
The IPv4/IPv6 dual stack can be easily implemented and can smoothly interoperate with other
protocols. Figure 7-1 shows the structure of the IPv4/IPv6 dual stack.
IPv4/IPv6 Application
TCP UDP
IPv4 IPv6
Link Layer
l TCP/IP protocol suite, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), and
ARP
l Static DNS and specified DNS server
l FTP server/client and TFTP client
l DHCP relay agent and DHCP server
l Suppression of DHCP flooding
l Ping, tracert, and NQA
NQA can detect the status of ICMP, TCP, UDP, DHCP, FTP, HTTP, and SNMP services
and test the response time of the services. The system supports NQA in UDP jitter and
ICMP jitter tests by sending and receiving packets on LPUs. The minimum interval at
which packets are transmitted can be 10 ms. Each LPU supports up to 100 concurrent
jitter tests. The entire system supports up to 1000 concurrent jitter tests.
l IP policy-based routing (PBR) and flow-based next hop to which packets are forwarded
l IP PBR-based load balancing
l Load balancing in unequal cost multiple path (UCMP) mode
l Configuration of secondary IP addresses for all physical and logical interfaces
Each interface can be configured with a maximum of 255 secondary IP addresses with
31-bit masks.
l IS-IS GR, OSPF GR and BGP GR, which ensure high reliability with Non-Stop
Forwarding (NSF)
l BGP indirect next hop and dynamic update peer-groups
l Policy-based route selection by BGP when there are multiple routes to the same
destination
l BGP route reflector (RR), which addresses the problem of high costs of full-mesh
requirement when there are many IBGP peers
l Sending of BGP Update packets that carry no private AS number
l IPv6 indirect next hop
l Route dampening, which suppresses unstable routes (unstable routes are neither added to
the BGP routing table nor advertised to other BGP peers)
l Routing protocol
l BGP fast convergence
The NE40E adopts a new route convergence mechanism and algorithm, which speeds up
convergence of BGP routes. The features are as follows:
− Indirect next hop
− On-demand route iteration
l BGP load balancing in multi-homing networking
l Non-Stop Routing (NSR)
The NE40E supports the following NSR modes:
− IS-IS NSR
− BGP NSR
7.4 MPLS
The NE40E supports MPLS features, and static and dynamic LSPs. Static LSPs require that
the administrator configure the Label Switch Routers (LSRs) along the LSPs and set up LSPs
manually. Dynamic LSPs are set up dynamically in accordance with the routing information
through the Label Distribution Protocol (LDP) and RSVP-TE.
The delay for MPLS packets can be controlled in the following aspects:
l In the case that there is no traffic congestion, the NE40E adopts a high-speed processor
to ensure line-rate forwarding and low delay.
l In the case of traffic congestion, the NE40E ensures preferential forwarding and low
delay for traffic with high priority through mechanisms such as QoS, HQoS, MPLS TE,
and DS-TE.
MPLS is supported on all interfaces of the NE40E.
MPLS TE
The MPLS TE technology combines the MPLS technology with traffic engineering. It can
reserve resources by setting up LSP tunnels for a specified path in an attempt to avoid
network congestion and balance network traffic.
In the case of resource scarcity, MPLS TE allows the preemption of bandwidth resources of
LSPs with low priorities. This meets the demands of important services or the LSPs with large
bandwidth. When an LSP fails or a node is congested, MPLS TE can ensure smooth network
communication through the backup path and the fast reroute (FRR) function. Through
automatic re-optimization and bandwidth adjustment, MPLS TE improves the self-adaptation
capability of tunnels and properly allocates network resources.
The process of updating the network topology through the TEDB is as follows: When a link
goes Down, the CSPF failed link timer is enabled. If the IGP route is deleted or the link is
changed within the timeout period of the CSPF failed link timer, CSPF deletes the timer and
then updates the TEDB. If the IGP route is not deleted or the link is not changed after the
timeout period of the CSPF failed link timer expires, the link is considered Up.
MPLS TE provides the following functions:
l Processing of static LSPs
MPLS can create and delete static LSPs, which require bandwidth but are manually
configured.
l Processing of Constrained Route-Label Switched Path (CR-LSP) of various types and
route calculation through the CSPF algorithm
CR-LSPs are classified into the following types:
l RSVP-TE
RSVP authentication complies with RFC 3097.
l Auto routing
Auto routing works in either of the following modes:
MPLS OAM
MPLS OAM functions are as follows:
VLL
The NE40E supports the following VLL functions:
l Martini VLL
The Martini mode supports double labels. The inner label adopts extended LDP for
signaling in compliance with RFC 4096.
The type of VC FEC is 128. VC encapsulation types include 0x0004 Ethernet Tagged
Mode, 0x0005 Ethernet, and 0x000B IP Layer2 Transport.
l Kompella VLL
VC encapsulation types of Kompella VLL include ATM-1to1-VCC, ATM-1to1-VPC,
ATM-AAL5-SDU, ATM-nto1-VCC, ATM-nto1-VPC, ATM-trans-cell, FR, Ethernet,
HDLC, PPP, VLAN, and IP-interworking.
Kompella VLL supports the local inter-board switching of packets in 802.1Q mode.
Kompella VLL supports inter-AS VPN.
l CCC VLL
CCC VLL supports the local inter-board switching of packets in 802.1Q mode
l SVC VLL
l VLL heterogeneous interworking
VLL heterogeneous IP-interworking is used when the link types of CEs on both ends of
an L2VPN link are different. In MPLS L2VPN heterogeneous IP-interworking, after
receiving a frame from a CE, a PE decapsulates the link-layer packet and transmits the IP
packet across an MPLS network. The IP packet is transparently transmitted to the peer
PE. The peer PE re-encapsulates IP packet according to its link layer protocol and
transmits the packet to the connected CE. The link-layer control packet sent by the CE is
processed by the PE and is not transmitted through the MPLS network. All non-IP
packets such as MPLS and IPX packets are discarded.
l Transparent transmission of certain types of link layer protocol packets
Interfaces can be configured to transparently transmit certain types of link layer protocol
packets, such as BPDUs, STP packets, LLDP packets, UDLD packets, CDP packets, and
HGMP packets.
l Inter-AS VLL
− SVC VLL, Martini VLL, and Kompella VLL can implement inter-AS L2VPN Option
A (VRF-to-VRF).
− Option B requires the switching of both inner and outer labels on the ASBR, and is
therefore not suitable for the VLL.
− Option C is the best solution.
l VLL over TE ECMP
VPLS
In a VPLS network, PEs can be all connected to each other and enabled with split horizon to
prevent Layer 2 loops.
The implementations of VPLS control plane through BGP and LDP are called Kompella
VPLS and Martini VPLS respectively.
l Kompella VPLS
Kompella VPLS has good scalability. With Kompella VPLS, BGP is adopted for
signaling, and VPN targets are configured to implement automatic discovery of VPLS
members. Therefore, the addition or deletion of PEs requires few additional operations.
l Martini VPLS
Martini VPLS has poor scalability. With Martini VPLS, LDP is adopted for signaling,
and the peers of a PE need to be manually specified. PEs in a VPLS network are all
connected to each other. Therefore, adding a new PE requires configurations on all the
other associated PEs to be modified.A pseudo wire (PW) is actually a point-to-point link.
This means that using LDP to create, maintain, and delete the PW is more effective.
The NE40E supports the following VPLS functions:
PWE3
The NE40E supports the following PWE3 functions:
l Virtual Circuit Connectivity Verification PING (VCCV-PING)
The NE40E supports the manual LDP PW connectivity detection on the UPE, including
the connectivity of static PWs, dynamic PWs, SS-PWs, and MS-PWs.
VCCV Ping over a static MS-PW
l PW template
The NE40E supports the binding between a PW and a PW template, and the reset of
PWs.
The NE40E supports heterogeneous interworking.
Currently, the NE40E supports the transparent transmission of the following packets
through PWE3: ATM AAL5 SDU VCC transport, Ethernet, HDLC, ATM n-to-one VCC
cell transport, IP Layer 2 transport, and ATM one-to-one VCC cell mode.
l ATM cell relay
l PW redundancy
l ATM IWF
ATM IWF runs on an L2VPN in CCC local connection mode or an L2VPN in PW mode.
l The NE40E supports the circuit emulation service (CES) by using Pseudo-Wire
Emulation Edge to Edge (PWE3).
The CES is classified into the Structure-aware TDM Circuit Emulation Service over
Packet Switched Network (CESoPSN) and Structure-Agnostic TDM over Packet (SAToP)
service.
7.5.5 GRE
Generic Routing Encapsulation (GRE) is applicable to the following:
7.5.6 IPSEC
The NE40E supports the following functions:
l 1:1 dual-system hot backup
l Transport mode and tunnel mode
l IKEv1 and IKEv2
l GRE over IPsec
l NAT Traversal
l VPN IPSec
l Packet fragmentation and reassembly
l Keepalive and DPD for peer detection
l Dynamic remote IPSec access
l IPSec PKI (Public Key Infrastructure)
l Pre-share-key
l CMPv2
CMPv2 manages certificates online and reduces the workload of those who manage and
maintain certificates.
7.6 QoS
On the NE40E, you can collect traffic statistics on the packets on which QoS is performed and
view the statistics result through corresponding display commands.
The NE40E supports the following QoS functions:
Diff-Serv Model
Multiple service flows can be aggregated into a Behavior Aggregate (BA) and then processed
based on the same Per-Hop Behavior (PHB). This simplifies the processing and storage of
services.
On the Diff-Serv core network, packet-specific QoS is provided. Therefore, signaling
processing is not required.
Traffic Policing
CAR is mainly used for rate limit. In the implementation of CAR, a token bucket is used to
measure the data flows that pass through the interfaces on a router so that only the packets
assigned with tokens can go through the router in the specified time period. In this manner,
the rates of both incoming and outgoing traffic are controlled. In addition, the rate of certain
types of data flows can be controlled based on the information such as the IP address, port
number, and priority. Rate limit is not performed on the data flows that do not meet the
specified conditions, and such data flows are forwarded at the original interface rate.
CAR is mainly implemented at the edge of a network to ensure that core devices on the
network process data properly. The NE40E supports CAR for both incoming and outgoing
traffic.
Queue Scheduling
The NE40E supports FIFO, PQ, and WFQ for queue scheduling on interfaces.
The NE40E maps packets of different priorities to different queues and adopts Round Robin
(RR) on each interface for queue scheduling.
Priority Queues (PQs) are classified into four types: top PQs, middle PQs, normal PQs, and
bottom PQs. They are ordered in descending order of priorities. When packets leave queues,
PQ allows the packets in the top PQ to go first. Packets in the top PQ are sent as long as there
are packets in this PQ. The NE40E sends packets in the middle PQ only when all packets in
the top PQ are sent. Similarly, the NE40E sends packets in the normal PQ only when all
packets in the middle PQ are sent; the NE40E sends packets in the bottom PQ only when all
packets in the normal PQ are sent. As a result, the packets in the PQ of a higher priority are
always sent preferentially, which ensures that packets of key services are processed
preferentially when the network is congested. Packets of common services are processed
when the network is idle. In this manner, the quality of key services is guaranteed, and the
network resources are fully utilized.
Weight Fair Queuing (hereinafter referred to as WFQ) is a complex queuing process, which
ensures that the services with the same priority are fairly treated and the services with
different priorities are weighted. The number of WFQ queues can be pre-set and is allowed to
range from 16 to 4096. WFQ weights services based on their requirements for the bandwidth
and delay. The weights are determined by the IP precedence in the IP packet headers. With
WFQ, the NE40E implements dynamic traffic classification based on quintuples or ToS
values. The packets with the same quintuple (source IP address, destination IP address, source
port number, destination port number, and protocol number) or ToS value belong to the same
flow. Packets in one flow are placed in one queue through the Hash algorithm. When flows
enter queues, WFQ automatically places different flows into different queues based on the
Hash algorithm. When flows leave queues, WFQ allocates bandwidths to flows on the
outbound interface based on different IP precedence of the flows. The smaller the precedence
value of a flow, the smaller the bandwidth of the flow. In this manner, services of the same
precedence are treated fairly; services of different precedence are treated based on their
weights.
Congestion Avoidance
Congestion avoidance is a traffic control mechanism used to avoid network overload by
adjusting network traffic. With this mechanism, the NE40E can monitor the usage of network
resources (such as queues and buffers in the memory) and discard packets when the network
congestion intensifies.
Random Early Detection (RED) or Weighted Random Early Detection (WRED) algorithms
are frequently used in congestion avoidance.
The RED algorithm sets the upper and lower limits for each queue and specifies the following
rules:
l When the length of a queue is below the lower limit, no packet is discarded.
l When the length of a queue exceeds the upper limit, all the incoming packets are
discarded.
l When the length of a queue is between the lower and upper limits, the incoming packets
are discarded randomly. A random number is set for each received packet, and the
random number is compared with the drop probability of the current queue. The packet
is discarded when the random number is larger than the drop probability. The longer the
queue, the higher the drop probability. The drop probability, however, has an upper limit.
Unlike RED, the random number in WRED is based on the IP precedence of IP packets.
WRED keeps a lower drop probability for the packets that have a higher IP precedence.
RED and WRED employ the random packet drop policy to avoid global TCP synchronization.
The NE40E adopts WRED to implement congestion avoidance.
The NE40E supports congestion avoidance in both inbound and outbound directions of an
interface. The WRED template is applied in the outbound direction; the default scheduling
policy in the system is applied in the inbound direction. In addition, WRED can be applied to
the Multicast Tunnel interface (MTI) that is bound to the distributed multicast VPN on the
NE40E.
The NE40E supports congestion avoidance based on services. The NE40E reserves on each
interface eight service queues, that is, BE, AF1, AF2, AF3, AF4, EF, CS6, and CS7. The
NE40E colors packets with red, yellow, and green to identify the priorities of packets and
discard certain packets.
HQoS
The NE40E supports the following HQoS functions:
QPPB
QPPB is the abbreviation of QoS Policy Propagation Through the Border Gateway Protocol.
The receiver of BGP routes performs the following operations:
l Sets QoS parameters such as IP precedence and traffic behavior for a BGP route based
on the attributes of the route.
l Classifies traffic according to QoS parameters and sets the QoS policy for the classified
traffic.
l Forwards packets according to the locally configured QoS policies to propagate QoS
policies through BGP.
The receiver of BGP routes can set QoS parameters (IP precedence and associated traffic
behavior) based on the following attributes:
l ACL
l AS path list in routing information
l Community attribute list in routing information
l Metrics in routing information
l IP prefix list
Based on the preceding methods and the mapping of the inner VLAN tag to the outer
VLAN tag, QinQ supports 802.1p re-marking in the following modes:
− Specifying a given value.
− Adopting the 802.1p value in the inner VLAN tag.
− Mapping the 802.1p value in the inner VLAN tag to the 802.1p value in the outer
VLAN tag. The 802.1p values in multiple inner VLAN tags of different packets can
be mapped to the 802.1p value in one outer VLAN tag; whereas the 802.1p value in
one inner VLAN tag cannot be mapped to the 802.1p values in multiple outer VLAN
tags of different packets.
ATM QoS
The NE40E supports the following ATM QoS functions:
l ATM simple traffic classification
With ATM simple traffic classification enabled on an interface, a PVC, or a PVP, the CoS
and CLP value of incoming traffic can be mapped to the internal priority of a router; the
internal priority can be mapped back to the CoS and CLP value on the interface where
the traffic is forwarded. In this manner, various QoS services are implemented on
different ATM networks.
ATM simple traffic classification supports ATM cell relay, 1483R, and 1483B. The
1483R protocol is used to encapsulate IP packets into IPoA packets. The 1483B protocol
is used to encapsulate Ethernet frames into IPoEoA packets.
l ATM forced traffic classification
Although ATM cells carry precedence information, it is very difficult to implement
services such as IPoA, ATM cell relay, and IWF simple traffic classification based on
such precedence information. Alternatively, forced traffic classification can be adopted.
That is, you can run a command to configure forced traffic classification on the inbound
interface to set the precedence and color for the traffic of a specific PVC, an interface
(including the main interface and the sub-interface), or a PVP. Then, the traffic is
forwarded to the outbound interface carrying the specified precedence and color.
Forced traffic classification is supported on ATM physical interfaces, ATM
sub-interfaces, and ATM PVCs and ATM PVPs.
MPLS HQoS
MPLS QoS is a complete L2VPN/L3VPN QoS solution. It resorts to various QoS techniques
to meet the diversified and delicate QoS demands of VPN users. MPLS QoS provides relative
QoS on the MPLS Diff-Serv network and end-to-end QoS on the MPLE TE network. In
actual applications, the following QoS policies are supported.
l QPPB applied to an L3VPN
l MPLS Diff-Serv applied to an L2VPN/L3VPN
l MPLS TE applied to an L2VPN/L3VPN
l MPLS DS-TE applied to an L2VPN/L3VPN
l VPN-based QoS applied to the network side of an L2VPN/L3VPN
Last-mile QoS
Last-mile QoS is also known as link-level QoS. Last-mile QoS indicates that QoS is
implemented on the distance between a user and a DSLAM, where the NE40E adjusts the
downstream traffic based on the link layer protocol running between the user and the DSLAM.
In QoS shaping, the NE40E deducts extra link costs such as ATM cell headers and Ethernet
frame headers. In this manner, QoS shaping is more accurate and network congestion can be
prevented when DSLAM traffic volume is beyond the actual capability of the link.
The NE40E supports the configuration of last-mile QoS, QoS scheduling of ATM cells and
Ethernet frames, and smallest packet compensation.
AAA
The NE40E supports the following Authentication, Authorization, and Accounting (AAA)
functions:
l Flexible AAA schemes
Authentication schemes include non-authentication, local authentication, remote
authentication, and any combination of these modes.
Authorization schemes include HWTACACS authorization, authorization through
authentication, local authorization, and online authorization.
Accounting schemes include non-accounting, remote accounting through Remote
Authentication Dial In User Service (RADIUS)/RADIUS+ or Terminal Access
RADIUS
The NE40E supports flexible RADIUS/RADIUS+ authentication, authorization, and
accounting.
Address Management
The NE40E supports the following address management functions:
l IPv4 address pool management through the DHCP server, DHCP relay agent, and DHCP
proxy
l IPv6 prefix pool management through the local prefix, delegation prefix, and proxy
prefix
l IPv6 address pool management through the DHCPv6 server and DHCPv6 relay agent
Reliability
The NE40E supports the following reliability functions:
l User access through a trunk interface whose member interfaces reside on the same LPU
l User access through dual systems that back up each other
User Security
The NE40E supports the following user security functions:
l IP-based or IP+MAC-based bogus user access
l MAC address-based CAR
VAS
The NE40E supports the following value-added service (VAS) functions:
l Bandwidth On Demand (BOD) for enterprises
l Common Open Policy Service (COPS)
l RADIUS Change of Authorization (COA)
l Bandwidth modification for access users through a COPS server that can be an RM9000
l Report of accounting information on access users to a COPS server that can be an
RM9000
l Customized services of access users being valid in a specific time period
The plug-and-play function only can be configured on the X3 models of the NE40E.
Plug-and-Play (PNP) enables new devices to be automatically identified by the NMS and be
commissioned remotely by using the NMS.
On an IP RAN network deployed with a large number of devices, the device deployment costs,
especially the costs of on-site software commissioning, are high. This greatly harms the
growth of profits. To address this issue, Huawei puts forward the PNP solution.
The PNP feature effectively reduces the on-site software commissioning time, frees engineers
from working in bad outdoor environments, and greatly speeds up the project process and
improves project quality.
Y.1731
Y.1731 supports the following functions:
l Single-ended frame loss statistics collection, two-ended frame loss statistics collection,
one-way frame delay, two-way frame delay and one-way jitter
l Y.1731 over PBB VPLS
MPLS TP OAM
MPLS TP OAM supports the following functions:
l Basic connectivity detection
l LoopBack (LB)
l Link Trace (LT)
l Remote Defect Indication (RDI)
l AIS
l Single-ended frame loss statistics collection and two-ended frame loss statistics
collection
l One-way frame delay and two-way frame delay
l VE interfaces support TP OAM
l Dynamic PWs and MS-PWs support TP OAM
APS
The NE40E supports the following Automatic Protection Switching (APS) functions:
FRR
The NE40E provides multiple fast reroute (FRR) features. You can deploy FRR as required to
improve network reliability.
l IP FRR
FRR switching can be complete in 50 ms. In this manner, the data loss caused by
network failures is minimized to a great extend.
FRR supported by the NE40E enables the system to monitor and save the status of LPUs
and interfaces in real time and to check the status of interfaces during packet forwarding.
When faults occur on an interface, the system can rapidly switch the traffic to another
pre-set route, thus reducing time between failures and the packet loss ratio.
l LDP FRR
LDP FRR switching can be complete in 50 ms.
l Hybrid FRR
Hybrid FRR is a combination of IP FRR and VPN FRR of IP routes and VPN routes in a
same VPN instance.
On a bearer network where a CE is dual-homed to two PEs, IP FRR is deployed between
the CE and each PE. If there are multiple voice VPNs and the two PEs are connected
through a POS link, you cannot bind sub-interfaces to different VPN instances to provide
a backup link for the traffic, because the NE40E does not support POS sub-interfaces.
In this case, a BGP VPNv4 peer relationship can be set up between the two PEs.
Therefore, the backup path, in the form of a private route, is exchanged between the two
PEs. The VPNv4 route then functions as a backup of the IP routes between the CE and
each PE. This implements FRR and switches traffic within 50 ms.
l TE FRR
TE FRR is an MPLS TE technology used to protect local networks. Only the interfaces
with a transmission rate of over 100 Mbit/s support TE FRR. TE FRR switching can be
complete within 50 ms. It can minimize data loss when network failures occur.
TE FRR protects traffic only temporarily. When the protected LSP becomes normal or a
new LSP is established, traffic is switched back to the original protected LSP or the
newly established LSP.
When a link or a node on the LSP fails, traffic is switched to the protection link and the
ingress node of the LSP attempts to establish a new LSP, if an LSP is configured with TE
FRR.
With different protected objects, TE FRR is classified into the following types:
− Link protection
− Node protection
l Auto FRR
Auto FRR is an extension of MPLS TE FRR. It automatically creates a bypass tunnel
that meets the requirements for the LSP through the configuration of the attributes of the
bypass tunnel, global auto FRR attributes, and interface-based auto FRR attributes on the
interface of the primary tunnel. When the primary tunnel changes to another path, the
previous bypass tunnel is automatically deleted. Then, a bypass tunnel that meets the
requirements is set up.
l VLL FRR
VLL FRR switching can be complete in 50 ms.
l VPN FRR
VPN FRR switching can be complete in 50 ms.
file, and reports the alarms to the NMS. The cause of the master/slave switchover and the
associated operations are recorded in the system diagnosis information base for users to
analyze.
The system provides two clock boards in master/slave backup mode. If the system detects that
the master clock board becomes faulty or is reset through a command, the system
automatically performs the master/slave switchover of clock boards. The master/slave
switchover of clock boards does not result in phase offsets or interrupt services.
The master/slave switchover time of each key part is less than 100 us.
Inter-Device Backup
In the scenario where a PPPoE user accesses the BRAS, you can configure a response delay
after which the access interface responds to the request packet, based on information about the
access interface and even or odd MAC address or Option 82 information of the user. By
setting different response delays on different NE40Es, you can perform load balancing and
backup for PPPoE users. This is a simple and effective warm backup solution.
Inter-device backup can be performed in either of the following modes:
l Hot backup
Hot backup means that backup information takes effect immediately after the device
receives it. That is, traffic of the local device can be switched immediately when the
master/slave switchover is performed. The traffic convergence time of the entire network
depends on the previously described detection technologies and the traffic switching
technologies that will be described later.
l Warm backup
Warm backup means that backup information does not take effect after the device
receives it. Instead, it is stored in the backup module and takes effect after the
master/slave switchover is performed. The NE40E supports switching of traffic of 500
users per second. Therefore, when there are a large number of users, traffic is interrupted
or even users are logged out.
The backup solution varies with the requirement of the specific user.
l To help improve user experiences, it is recommended that hot backup be adopted to
shorten the duration of service interruption during master/slave switchover.
l To help cut investments and reduce the amount of backup information, it is
recommended that warm backup be adopted.
HA Backup
NE40E supports the following HA (High Availability) backup functions:
l 1+1 or 1:1 intra-chassis warm backup of CGN service
l 1+1 or 1:1 intra-chassis hot backup of CGN service
l 1+1 or 1:1 inter-chassis warm backup of CGN service
l 1+1 or 1:1 inter-chassis hot backup of CGN service
VRRP
VRRP dynamically associates the virtual router with a physical router that carries services.
When the physical router fails, another router is elected to take over services. Failover is
transparent to users and thus the internal network and the external network can communicate
without interruption.
The NE40E supports the following VRRP functions:
l mVRRP
l VGMP
l E-VRRP
l VRRP For IPv6
GR
Graceful Restart (GR) is a key technology in implementing HA. It is designed based on NSF.
GR switchover and subsequent restart can be performed by the administrator or triggered by
faults. GR neither deletes the routing information from the routing table or the FIB nor resets
the board during the switchover when faults occur. This prevents the service interruption of
the entire system.
The NE40E supports system-level GR and protocol-level GR. Protocol-based GR includes:
l BGP GR
l OSPF GR
l IS-IS GR
l MPLS LDP GR
l Martini VLL GR
l Martini VPLS GR
l L3VPN GR
l RSVP GR
l PIM GR
BFD
BFD is a detection mechanism used uniformly in an entire network. It is used to rapidly detect
and monitor the connectivity of links or IP routes in a network.
BFD sends detection packets at both ends of a bidirectional link to check the link status in
both directions. The defect detection is implemented at the millisecond level. The NE40E
supports single-hop BFD and multi-hop BFD.
BFD of the NE40E supports the following applications.
l BFD for VRRP
The system uses BFD to detect and monitor the connectivity of links or IP routes in a
network. The rapid VRRP switchover is thus triggered.
l BFD for FRR
− BFD for LDP FRR.
− LDP FRR switchover is triggered after BFD detects faults on protected interfaces.
− BFD for IP FRR and BFD for VPN FRR.
− IP FRR and VPN FRR are triggered after BFD detects faults and reports fault
information to the upper layer applications.
l BFD for static routes
l BFD for IS-IS
The NE40E supports detection on the IS-IS adjacency by using the BFD session that is
configured statically.
BFD detects the fault of the link between the adjacent IS-IS nodes and rapidly reports the
fault to IS-IS. Thus fast convergence of IS-IS routes is performed.
l BFD for OSPF/BGP
The NE40E supports OSPF and BGP in dynamically setting up and deleting the BFD
session.
l BFD for PIM
BFD detection on IP-Trunks and Eth-Trunks
On the NE40E, BFD can detect a trunk and the member links of the trunk independently.
That is, it can detect the connectivity of the trunk and that of an important member link
of the trunk.
l BFD for LSP
BFD for LSP performs fast fault detection of the LSP, the TE tunnel, and the PW. In this
manner, BFD for LSP implements fast switchover of MPLS services such as VPN FRR,
TE FRR, and VLL FRR.
7.13 Clock
The NE40E supports the following clock features:
l CES ACR
l CES DCR
l Ethernet clock synchronization
l The Ethernet interfaces on the LPUF-10 and LPUF-21 of theNE40E provide Ethernet
clock synchronization so that the clock quality and stratum of the network can be
guaranteed.
l 1588v2
The 1588v2 feature:
− Supports the input and output of the externally synchronized time.
− Supports 10M/100M/1000M/10G Ethernet interfaces and auto sensing of
10M/100M/1000M Ethernet interfaces.
− Supports Eth-Trunk.
− Supports OC, BC, E2ETC, P2PTC, E2ETCOC, P2PTCOC and TCandBC.
− Allows the NE40E to function as a GrandMaster.
− Supports slave-only when functioning as an OC.
− Supports the dynamic BMC algorithm.
− Supports two delay measurement methods: Delay and PDelay
− Supports one-step mode and two-step mode in which 1588v2 packets that are used by
1588v2 devices to perform time synchronization are timestamped..
− Supports multicast MAC encapsulation (the VLAN and 802.1p priority are
configurable).
− Supports multicast UDP encapsulation (the source IP address, VLAN, and DSCP
priority are configurable).
− Supports unicast MAC encapsulation (the destination MAC, VLAN, and 802.1p
priority are configurable).
− Supports unicast UDP encapsulation (the source IP address, destination IP address,
destination MAC, VLAN, and DSCP priority are configurable).
− Uses the clock recovered through the Precision Time Protocol (PTP) as the clock
source and supports the algorithm for dynamic clock source selection (based on the
priority and clock stratum).
− Implements clock recovery that complies with G.813.
− Implements frequency recovery that meets the requirements of the SDH equipment
clock (SEC) in G.823.
l 1588 ACR
− Supports frequency synchronization only.
− Supports the change of selected clock sources.
− Supports unicast UDP encapsulation (and the DSCP field).
− Complies with Recommendation G.8261 in terms of service modeling and
networking and performs clock recovery with accuracy that is prescribed by G.823.
− Supports 1588v2 header overlapping without affecting forwarding capabilities.
− Supports switchover between master and slave MPUs/SRUs without affecting
services.
− Supports hot swapping of LPUs and sub-cards.
− Supports 1588 ACR server.
Supports the two-way frequency restoration mode.
l Supports clock synchronization.
The NE40E supports clock synchronization on CPOS interfaces, E1 interface, and WAN
interfaces to ensure high clock quality and stratum on the network.
l Network Time Protocol (NTP) clock
The NE40E supports the following working modes of NTP:
− Server/client mode
− Peer mode
− Broadcast mode
− Multicast mode
The NE40E supports two NTP security mechanisms:
− Access authority
The NE40E provides four levels of access control. After receiving an NTP access
request packet, the NE40E matches it from the lowest access control level to the
highest access control level. The first successfully matched access control level takes
effect. The matching order is as follows:
peer: indicates the minimum access control. The remote end can send a time request
and a control query to the local end. The local clock can also be synchronized with
the clock of the remote server.
server: indicates that the remote end can send a time request and a control query to
the local end. The local clock, however, is not synchronized with the clock of the
remote server.
synchronization: indicates that the remote end can only send a time request to the
local end.
query: indicates the maximum access control. The remote end can only send a control
query to the local end.
l Authentication
When configuring NTP authentication, note the following rules:
The NTP authentication must be configured on both the client and the server; otherwise,
the authentication does not take effect. If NTP authentication is enabled, keys must be
configured and declared reliable.
The server and the client must be configured with the same key.
l Internal clock
The NE40E provides an internal clock and can extract clock information from LPUs.
The clock precision reaches 4.6 ppm, that is, 0.00002s.
l Extended SSM
The NE40E supports the following functions:
− Sending and receiving of SSM information carrying Clock IDs
− Clock ID configuration for a clock source
− Clock source selection based on extended SSM
7.14 CGN
The following describes the CGN features supported by the NE40E:
l NAT444
− Distributed deployment
− Integrated deployment
− re-allocation or dynamic allocation of ports
− VPN NAT
− NAT ALG (FTP/ICMP/PPTP/RTSP/SIP)
− Port forwarding (Port forwarding rules are delivered to the BRAS by the RADIUS
server when users get online or by the OSS after users get online to create mappings
between public network addresses, private network addresses, and ports.)
− NAT server
− Web users authentication
l DS-Lite
− Distributed deployment
− Integrated deployment
− Pre-allocation or dynamic allocation of ports
− NAT ALG (FTP/ICMP/PPTP/RTSP/SIP)
− Port forwarding
− Port number limited
− Session number limited
l L2-Aware NAT
L2-Aware NAT on the NE40E is implemented based on user access information, private
network address, public network address to which the private network address maps, and
port. IP overlapping is allowed in L2-Aware NAT. L2-Aware NAT supports the following
functions:
− IP address overlapping among CPEs
− Semi-Dynamic port allocation
Perform the following configurations on the NE40E:
1. Number of ports to be allocated to each user for the first time
2. Number of ports that can be assigned every time after the first port allocation
3. Number of times ports can be assigned after the first port allocation
When a user gets online for the first time, the system allocates ports to the user from
the ports available to be allocated for the first time. If the ports are unavailable, the
system allocates ports based on the number of ports that can be assigned every time
after the first port allocation. The number of times ports can be assigned after the first
port allocation is controlled. If the ports to be allocated after the first allocation are
not used, they are reclaimed for other users.
In Semi-Dynamic mode, if user's port range changes, the public network address and
port number segment can be carried in real-time accounting packets to be sent to a
RADIUS server.
− The capacity of a NAT address pool can be extended online.
8 Security Features
Security Authentication
The NE40E supports the following security authentication functions:
l AAA
l PAP and CHAP in PPP
l Plain text authentication and MD5 encrypted text authentication supported by routing
protocols that include RIPv2, OSPF, IS-IS, and BGP
l MD5 encrypted text authentication supported by LDP and RSVP
l SNMPv3 encryption and authentication
URPF
The NE40E supports URPF for IPv4/IPv6 traffic.
Static entries are configured by users and delivered to LPUs. Static entries do not age.
After static entries are configured and saved, they are not lost in the case of the system
reset, LPU hot swap, or LPU reset.
l Blackhole entries
Blackhole entries are used to filter out the data frames that contain specific destination
MAC addresses. Blackhole entries are configured by users and delivered to LPUs.
Blackhole entries do not age. After blackhole entries are configured and saved, they will
not be lost in the case of the system reset, LPU hot swap, or LPU reset.
IGMP Snooping
The NE40E supports IGMP snooping on Layer 2 interfaces, Layer 3 interfaces, QinQ
interfaces, STP topologies, RRPP rings, and VPLS PWs.
DHCP Snooping
DHCP snooping is mainly used to prevent DHCP Denial of Service (DoS) attacks, bogus
DHCP server attacks, ARP middleman attacks, and IP/MAC spoofing attacks when DHCP is
enabled on the NE40E.
The working mode of DHCP snooping varies with the attack type, as shown in Table 8-1.
DoS attack by changing the value of the Check on the CHADDR field in DHCP
Client Hardware Address (CHADDR) packets
field
GTSM
On the current network, attackers forge valid packets to attack routers, which overloads the
routers and consumes limited resources such as the CPU on the MPU. For example, an
attacker forges BGP protocol packets and continuously sends them to a router. After the LPU
of the router receives the packets, it finds that the packets are destined to itself and then sends
the packets directly to the BGP processing module on the MPU without checking the validity
of the packets. As a result, the system is abnormally busy processing these forged valid
packets and the CPU usage is high.
To guard against the preceding attacks, the NE40E provides the Generalized TTL Security
Mechanism (GTSM). The GTSM protects services above the IP layer by checking whether
the TTL value in the IP header is within a specified range. In actual applications, the GTSM is
mainly used to protect the TCP/IP-based control plane such as the routing protocol against
attacks of the CPU-utilization type such as CPU overload.
The NE40E supports BGP GTSM, BGP+ GTSM, OSPF GTSM, and LDP GTSM.
Local Mirroring
In local mirroring, an LPU can be configured with a physical observing port, multiple logical
observing ports, and multiple mirrored ports.
Local mirroring can be inter-LPU mirroring, which means that the observing port and
mirrored port reside on different LPUs. Inbound and outbound traffic mirroring is supported
in inter-board port mirroring
Mirroring between different types of interfaces is supported.
Netstream
NetStream provides the following functions:
l Accounting
l Network planning and analysis
l Network monitoring
l Application monitoring and analysis
l Abnormal traffic detection
NetStream involves three devices: the NetStream Data Exporter (NDE), the NetStream
Collector (NSC), and the NetStream Data Analyzer (NDA).
The NE40E functions as an NDE to sample packets and aggregate and output flows.
NetStream on the NE40E is classified into distributed NetStream and integrated NetStream
based on where to collect packets and process flows.
l Distributed NetStream
Certain LPUs can sample packets and aggregate and output flows by themselves.
l Integrated NetStream
Certain LPUs do not process flows. They only sample packets and send the sampled
packets to the NetStream SPU for integrated flow aggregation and output.Integrated
NetStream supports load balancing among multiple NetStream boards.
The NE40E supports the following functions in terms of sampling:
l Sampling on the inbound and outbound interfaces
l Certain LPUs support sampling on only inbound interfaces.
l Interface-based sampling and traffic-classification-based sampling
l Sampling of the IPv4 unicast/multicast packets, fragmented packets, MPLS packets,
MPLS L3VPN packets, and L2VPN VLL packets
l Regular packet sampling, random packet sampling, sampling at regular time, and
sampling at random time
l Sampling on various types of physical and logical interfaces such as POS interfaces,
Ethernet interfaces, VLAN sub-interfaces, serial/MP/FR PVC/FR MP interfaces
channelized from CPOS interfaces, ATM interfaces, FR interfaces, trunk interfaces,
VLANIF interfaces, and GRE interfaces
The NE40E provides the following functions in terms of aggregation and output:
l IPv4 packets can be aggregated based on the AS number, AS-ToS, protocol-port,
protocol-port-ToS, source-prefix, source-prefix-ToS, destination-prefix,
destination-prefix-ToS, prefix, prefix-ToS, VLAN-ID, index-tos, BGP-nhp-tos,
source-index-tos.
l MPLS packets can be aggregated based on Layer 3 labels.
l The generated statistics can be output in v5, v8, or v9 format with 16-bit or 32-bit AS
numbers, which can be set through commands. When packets are output in the v9 format,
both the 16-bit and 32-bit interface indexes are supported, and can be set through
commands as required.
l Each type of aggregated flows can be output to two NMS servers if configured.
NE40E supports NetStream IPv4 and NetStream IPv6.
SSHv2
The NE40E supports the STelnet client and server and the SFTP client and server. Both
support SSH 1.5 and SSH 2.0.
Regulation Compliance
The NE40E complies with the following energy conservation and emission reduction
regulations:
l Directive 2002/95/EC on the Restriction of the Use of certain Hazardous Substances in
Electrical and Electronic Equipment (RoHS)
l Regulation (EC) No 1907/2006 concerning the Registration, Evaluation, Authorization
and Restriction of Chemicals (REACH)
l Directive 2002/96/EC on waste electrical and electronic equipment (WEEE)
l ATIS-0600015.03.2009 Energy Efficiency for Telecommunications Equipment:
Methodology for Measurement and Reporting for Router and Ethernet Switch Products
l Directive 2009/125/EC establishing a framework for the setting of ecodesign
requirements for energy-related products (recast)
10 Applicable Environment
Core layer
Convergence layer
Access layer
CR
NE5000E
BR
NE80E SoftX3000
AR
NE40E
SoftX3000
UMG8900
Directed at the condition of the existing bearer network and oriented at the NGN bearer
network and the 3G services, it is necessary for carriers to set up a core bearer network to
carry NGN multi-services. In the new market competition environment, with the development
of new services and technologies, the newly built bearer network will become the
next-generation multi-service bearer platform that supports voice, data, and video
transmission. Specifically, the newly built bearer network will carry NGN, video conference,
video phone, streaming media, enterprise interconnection, and 3G services. It will bring about
the milestone of network transformation and network convergence for carriers.
In this solution, the NE5000E acts as the core router to forward data at a high speed and
ensure high reliability; the NE80E/40E acts as the convergence router to converge NGN voice,
signaling, NMS, and customer services.
This application has the following characteristics:
l The core layer uses double planes. The NE5000Es are fully meshed.
l The NE80E is dual-homed to the NE5000Es.
l Two devices are deployed at an important node to back up each other.
l MPLS VPN is uniformly planned, which implements user isolation and service isolation.
l VPN FRR is deployed on all PEs.
l High reliability technologies such as TE FRR, GR, BFD for VRRP, and IGP fast
convergence are used on the network.
CS NMS
BAS
ES
NE80E
/NE40E
QinQ, 4K x 4K VLANs,
isolated unicast services, Convergence Selective QinQ, dedicated
secure access switch multicast VLAN,avoiding
replication on the gateway
Multicast replication on
Multicast switch,
the edge, ensuring high
saving reconstruction
efficiency and
expense
controllable multicast
DSLAM Multicast switch
End switch
Home Home
gateway gateway
TV PC TV PC
Backbone Internet
network backbone IP bearer
network network
MAN core
ASBR-PE
network
BRAS USR
Access
IP broadband access network network Customer and NGN access
network
Broadband Customer
NGN service
access service
As shown in Figure 10-3, an IP MAN is classified into the core layer, service control layer,
and access layer.
The NE40E is usually deployed as the core node on IP backbone networks, IP MANs, and
large-scale IP networks. In this application, the NE80E is deployed on the egress of an IP
MAN core network.
The NE40E is usually deployed as the core or convergence node on IP MANs. In this
application, theNE40E is deployed as the convergence node on an IP MAN core network.
The core layer is responsible for high-performance and large-capacity data forwarding. It
requires a simple network structure and secure and reliable transmission of multiple services.
Huawei enables IP/MPLS at the core layer and allows a physical network to implement
multiple logical service bearer planes through the MPLS VPN technology. To ensure network
security and reliability, Huawei adopts many reliability techniques at the core layer, such as
high reliability of devices and networks, and inter-AS high reliability. Huawei provides
PE PE
NE80E NE80E
IPv6 Internet
IPv6/IPv4 NE80E
NE5000E/80E
IPv6 Core 5000E/80E
PE PE
NE5000E/80E
NE80E/40E NE80E/40E IPv4 Internet
IPv6
IPv6 EDGE
L3 Switch L3 Switch
MA 5200 L2 Switch
The IPv6 application on a backbone network does not affect the original IPv4 services such as
IPv4 forwarding and MPLS VPN. The application needs to solve the following problems:
E1
TD
M*
N Router
Router
E1 TDM E1 TDM*N
BSC
MPLS over SDH/ME
Deploying devices on a Metro Ethernet-based MPLS network can solve the problem of
bandwidth multiplexing. Node B is connected to the NE40E that supports E1 IMA interfaces.
After the NE40E terminates IMA, the high-speed ATM cell flow is transparently transmitted
through ATM PWE3 to the NE40E at the RNC side. Then, the NE40E at the RNC side divides
the high-speed ATM cell flow into n x E1 links, and sends multiple channels of low-speed
cells to the RNC. For the Node B and RNC, the NE40E and MPLS network are transparent.
That is, multiple E1 interfaces on the Node B and RNC are directly connected through the
TDM link.
GPS GPS
POS
BC BC
1588v2 1588v2
GE GE
BC BC
FE E1 E1 FE
1588v2 1588v2
Middlewar
AAA server Policy server
e
IP/MPLS Core
NE40E
IP/MPLS Edge
soft switch
NE40E NE40E
VoIP
VoD server
gateway
Metro
Network PSTN
L3
DSLAM DSLAM
IAD IAD
After detecting packet loss according to received channel data, the STB sends the
retransmission request to the NE40E. Then, the NE40E searches the cached channel data for
the packets to be retransmitted and retransmits these packets to the STB.
The iVSE-capable NE40E can monitor video quality by calculating the quality data of video
from the source and then drawing a conclusion on video quality on the NE40E. The result
contains the quality of video flows on the NE40E.
Distribution In te rn et
node
BRAS Internet
DSLAM
CMTS Aggregafion
P/PE
Node
P/PE SoftX
VoD ES
Distribution P/PE
node
AccSwitch PE VoD CS
As the aggregation node and distribution node, the NE40E accesses the IPTV service and
forwards IPTV packets on Layer 3. In this scenario, after iVSE is applied to the aggregation
node and distribution node, fast switchover of videos, retransmission of lost video packets,
and monitoring of video quality can be provided.
l When the user switches channels, the STB sends a fast switchover request to the
iVSE-capable NE40E. Then, the NE40E fast pushes channel data to the STB and reports
new channels. The STB sends the IGMP adding request to the DSLAM or multicast
switch. Finally, the DSLAM or multicast switch pushes multicast data of new channels
to the STB.
l After detecting packet loss according to received channel data, the STB sends the
retransmission request to the NE40E. Then, the NE40E searches the cached channel data
for the packets to be retransmitted and retransmits these packets to the STB.
l In addition, the iVSE-capable NE40E can monitor video quality by calculating the
quality data of program flows from the source and then drawing a conclusion on video
quality on the NE40E.
As the aggregation node and distribution node, the NE40E accesses the IPTV service and then
transparently transmits IPTV packets to the BRAS or integrated PEs through VPLS. In this
scenario, after monitoring of video quality is applied to the aggregation nodes and distribution
nodes separately, end-to-end monitoring of video quality can be provided.
l When monitoring of video quality is deployed on a distribution node, the IPTV flows are
monitored and calculated before they enter the VPLS tunnel. The calculated result shows
the quality of the IPTV flows on the distribution node.
l When monitoring of video quality is deployed on an aggregation node, the IPTV flows
are monitored and calculated after they leave the VPLS tunnel. The calculated result
shows the quality of the IPTV flows on the aggregation node.
l When monitoring of video quality is deployed on both distribution nodes and
aggregation nodes, you can deploy monitoring of video quality on the ingress and egress
of VPLS tunnels, that is, distribution nodes and aggregation nodes, to check video
quality on each segment. By checking video quality on each segment, you can locate the
causes of poor video quality.
PC1 Access CR
Network
CPE BRAS(CGN)
operation server
PC2
In distributed deployment mode, CGN cards are installed on access nodes (BRASs) to provide
the CGN function, which brings no changes to existing aggregation nodes (CRs). Distributed
deployment applies to the networks on which a large amount of services are transmitted on
CRs, a large number of BRASs are connected to CRs, or a large number of devices need to be
deployed or upgraded.
2 Critic A critical exception occurs on the device, which needs to be handled and
al analyzed. For example, the memory usage exceeds the alarm threshold; the
temperature exceeds the alarm threshold; and Bidirectional Forwarding
4 Warn An abnormality that may cause the device to malfunction occurs on the
ing device, which requires attention. For example, a routing process is disabled
by the user; BFD detects packet loss; and error protocol packets are
detected.
5 Notic A key operation is performed to keep the device running normally. For
e example, the user runs the shutdown command on the interface, a neighbor
is discovered, and the protocol state machine changes status.
6 Infor A routine operation is performed. For example, the user runs a display
matio command.
nal
The information center supports 10 channels, of which channels 0 through 5 each have a
default channel name. By default, the six channels correspond to six directions in which
information is output. The log information on the CF card is output to log files through
Channel 9 by default. This means that a total of seven default output directions are supported.
When multiple log hosts are configured, you can configure log information to be output to
different log hosts through one channel or multiple channels. For example, you can configure
some log information to be output to a log host through Channel 2 (loghost), and some log
information to a log host through Channel 6. In addition, you can change the name of Channel
6 to implement the desired channel management.
The NE40E stores all alarms in a log file, and provides the CF card to store the log file. How
long the alarms can be stored depends on the number of the alarms. Generally, the alarms can
be stored for months.
11.4 HGMP
The NE40E supports the Huawei Group Management Protocol (HGMP). HGMP is a cluster
management protocol developed by Huawei.
HGMP is used to group Layer 2 devices that are connected to the NE40E into a unified
management domain, that is, a cluster. HGMP supports automatic collection of network
topologies and provides integrated maintenance and management channels. In this manner, a
cluster uses only one IP address for external communications, simplifying device management
and saving IP addresses.
11.7 NQA
The NE40E supports Network Quality Analysis (NQA).NQA measures the performance of
different protocols running on the network. In that case, carriers can collect the operation
index of networks in real time, such as:
l Total delay of the HTTP
l Delay in TCP connection
l Delay in DNS resolution
l File transmission speed
l Delay in FTP connection
l DNS resolution error rate.
Taking control of these indexes, carriers can provide network services of different levels
and charge differently. NQA is also an effective tool for diagnosing and locating a
network fault.
NQA supports the following functions:
l PWE3 traceroute
l Multicast ping
l Multicast traceroute
l Traceroute function through DISMAN-TRACEROUTE-MIB
l Ping/UDP/TCP/SNMP functions through DISMAN-PING-MIB
l CE-ping (ping the host from a VPLS PW)
l VPLS MAC ping and VPLS MAC trace
l VPLS MAC purge and VPLS MAC populate
l LSP ping, LSP tracerout, and MPLS jitter
l Verification of DNS functions through DISMAN-NSLOOKUP-MIB
l NMS management over all NQA functions through NQA-MIB
l Transmission of consecutive 3000 simulated voice packets in one test
l Minimum transmission intervals at 10 ms
l NQA for multiple next hops in packet redirection
The rollback function provided by the NE40E prevents the services from being affected by
the failure in system upgrade.
11.10 License
With the variation of the NE40E software functions and higher ratio of software cost
occupying the overall cost, the current service mode cannot satisfy the development
requirements of customers and carriers.
l Common users need to reduce the purchase cost.
l Upgrade and expansion users need to effectively control the capacity and functions.
To satisfy the requirements of different users, the NE40E needs to implement the flexible
authorization to service modules.
For the authorization control of service modules, the NE40E provides the License
authorization management platform . Through the License authorization mode:
l Common users can purchase service modules as required and reduce the purchase cost.
l Upgrade and expansion users can expand the capacity, and support and maintain the
functions by applying for a new License.
12 NMS
SNMP
The NE40E supports device operation and management by the network management station
through SNMP.
The NE40E supports SNMPv1, SNMPv2c, and SNMPv3.
l SNMPv1
SNMPv1 supports community name-based and MIB view-based access control.
l SNMPv2c
SNMPv2c supports community name-based and MIB view-based access control.
l SNMPv3
SNMPv3 inherits the basic functions of SNMPv2c, defines a management frame, and
introduces a User-based Security Model (USM) to provide a more secure access control
mechanism for users.
SNMPv3 supports user groups, user group-based access control, user-based access
control, and authentication and encryption mechanisms.
NMS
The NE40E adopts Huawei iManager U2000 network management system. The U2000
improves its management capability, scalability, and usability to construct a unified and
customer-oriented next-generation NMS.
l Unified and Abundant NBIs
Unified NBIs enable the U2000 to manage transport equipment, access equipment, IP
equipment.
Abundant NBIs (XML, CORBA, SNMP, TLI, TEXT, and Customer OSS Test) address
the needs for OSS integration.
l Unified Network Management
The U2000 manages transport equipment, access equipment, IP equipment in a unified
manner.
In addition, the U2000 manages end-to-end (E2E) services. The services include MSTP,
WDM, Microwave, PTN, ATN, CX, Router, and Switch services.
LLDP
The Link Layer Discovery Protocol (LLDP) is a Layer 2 protocol defined in IEEE 802.1ab.
LLDP specifies that the status information is stored on all interfaces and the device can send
its status to the neighbor stations. The interfaces can also send information about changes in
the status to the neighbor stations as required. The neighbor stations then store the received
information in the standard SNMP MIB. The NMS can search for Layer 2 information in the
MIB. As specified in the IEEE 802.1ab standard, the NMS can also discover unreasonable
Layer 2 configurations based on information provided by LLDP.
When LLDP runs on the devices, the NMS can obtain Layer 2 information about all the
devices to which it connects and detailed network topology information. This is helpful to the
rapid expansion of the network and acquirement of detailed network topologies and changes.
LLDP also helps discover unreasonable configurations on networks and reports the
configurations to the NMS. This removes incorrect configurations in time.
A
AAA Authentication, Authorization and Accounting
AAL5 ATM Adaptation Layer 5
AC Access Controller
ACL Access Control List
AF Assured Forwarding
ANSI American National Standard Institute
AP Access Point
ARP Address Resolution Protocol
ASBR Autonomous System Boundary Router
ASIC Application Specific Integrated Circuit
ATM Asynchronous Transfer Mode
AUX Auxiliary (port)
B
BE Best-Effort
BGP Border Gateway Protocol
BGP4 BGP Version 4
BoD Bandwidth on Demand
C
CAR Committed Access Rate
CBR Constant Bit Rate
CE Customer Edge
D
DAA Destination Address Accounting
DC Direct Current
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
DS Differentiated Services
E
EACL Enhanced Access Control List
EF Expedited Forwarding
EMC EElectroMagnetic Compatibility
F
FCC Fast Channel Change
FE Fast Ethernet
FEC Forwarding Equivalence Class
FIB Forward Information Base
FIFO First In First Out
FR Frame Relay
FTP File Transfer Protocol
G
GE Gigabit Ethernet
GRE Generic Routing Encapsulation
GTS Generic Traffic Shaping
HA High availablity
HDLC High level Data Link Control
HTTP Hyper Text Transport Protocol
I
iVSE Integrated Value-added Service Engine
ICMP Internet Control Message Protocol
IDC Internet Data Center
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force
IGMP Internet Group Management Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
IPoA IP Over ATM
IPTN IP Telephony Network
IPTV Internet Protocol Television
IPv4 IP version 4
IPv6 IP version 6
IPX Internet Packet Exchange
IS-IS Intermedia System-Intermedia System;
ISP Interim inter-switch Signaling Protocol
ITU International Telecommunication Union - Telecommunication
Standardization Sector
L
L2TP Layer 2 Tunneling Protocol
LAN Local Area Network
LCD Liquid Crystal Display
LCP Link Control Protocol
LDP Label Distribution Protocol
LER Label switching Edge Router
LPU Line Processing Unit
LSP Label Switched Path
N
NAT Network Address Translation
NLS Network Layer Signaling
NP Network Processor
NTP Network Time Protocol
NVRAM Non-Volatile Random Access Memory
O
OSPF Open Shortest Path First
P
PAP Password Authentication Protocol
PBB Provider Backbone Bridge
PE Provider Edge
PFE Packet Forwarding Engine
PIC Parallel Interference Cancellation
PIM-DM Protocol Independent Multicast-Dense Mode
PIM-SM Protocol Independent Multicast-Sparse Mode
POP Point Of Presence
Q
QoE Quality of Experience
QoS Quality of Service
R
RADIUS Remote Authentication Dial in User Service
RAM Random-Access Memory
RED Random Early Detection
RFC Requirement for Comments
RH Relative Humidity
RIP Routing Information Protocol
RMON Remote Monitoring
ROM Read Only Memory
RP Rendezvous Point
RSVP Resource Reservation Protocol
RSVP-TE RSVP-Traffic Engineering
S
SAP Service Advertising Protocol
SCSR Self-Contained Standing Routing
SDH Synchronous Digital Hierarchy
SDRAM Synchronous Dynamic Random Access Memory
SFU Switch Fabric Unit
SLA Service Level Agreement
SNAP SubNet Attachment Point
SNMP Simple Network Management Protocol
SONET Synchronous Optical Network
SP Strict Priority
SPI4 SDH Physical Interface
SSH Secure Shell
STM-16 SDH Transport Module -16
SVC Switching Virtual Connection
T
TCP Transfer Control Protocol
TE Traffic Engineering
TFTP Trivial File Transfer Protocol
TM Traffic Manager
ToS Type of Service
TP Topology and Protection packet
U
UBR Unspecified Bit Rate
UDP User Datagram Protocol
UNI User Network Interface
UTP Unshielded Twisted Pair
V
VBR-NRT Non-Real Time Variable Bit Rate
VBR-RT Real Time Variable Bit Rate
VC Virtual Circuit
VCI Virtual Channel Identifier
VDC Variable Dispersion Compensator
VLAN Virtual Local Area Network
VLL Virtual Leased Line
VPI Virtual Path Identifier
VPLS Virtual Private LAN Service
VPN Virtual Private Network
VRP Versatile Routing Platform
VRRP Virtual Router Redundancy Protocol
W
WAN Wide Area Network
WFQ Weighted Fair Queuing
WRED Weighted Random Early Detection
WRR Weighted Round Robin