Escolar Documentos
Profissional Documentos
Cultura Documentos
V800R011C00
Product Description
Issue 01
Date 2018-10-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Contents
Purpose
This document describes the NE40E in terms of its product positioning and features,
architecture, technical specifications, supported FPICs, link features, service features, usage
scenarios, and operation and maintenance.
Related Version
The following table lists the product version related to this document.
Intended Audience
This document is intended for:
Network planning engineers
Hardware installation engineers
Commissioning engineers
Data configuration engineers
On-site maintenance engineers
Network monitoring engineers
System maintenance engineers
Security Declaration
Encryption algorithm declaration
The encryption algorithms DES/3DES/RSA (RSA-1024 or lower)/MD5 (in digital
signature scenarios and password encryption)/SHA1 (in digital signature scenarios) have
a low security, which may bring security risks. If protocols allowed, using more secure
Special Declaration
This document serves only as a guide. The content is written based on device
information gathered under lab conditions. The content provided by this document is
intended to be taken as general guidance, and does not cover all scenarios. The content
provided by this document may be different from the information on user device
interfaces due to factors such as version upgrades and differences in device models,
board restrictions, and configuration files. The actual user device information takes
precedence over the content provided by this document. The preceding differences are
beyond the scope of this document.
The maximum values provided in this document are obtained in specific lab
environments (for example, only a certain type of board or protocol is configured on a
tested device). The actually obtained maximum values may be different from the
maximum values provided in this document due to factors such as differences in
hardware configurations and carried services.
Interface numbers used in this document are examples. Use the existing interface
numbers on devices for configuration.
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates an imminently hazardous situation which, if not
avoided, will result in death or serious injury.
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention Description
Convention Description
times.
# A line starting with the # sign is comments.
Change History
Updates between document issues are cumulative. Therefore, the latest document issue
contains all updates made in previous issues.
Changes in Issue 01 (2018-10-30)
This issue is the first official release. The software version of this issue is
V800R011C00.
The following figure shows the window of the Product Photo Gallery. The tool provides
various graphic resources for enterprise network products.
Enterprise users
Carrier users
The following figure shows the window of the product comparison tool. The tool provides the
product information query function, through which you can obtain specification differences
between different product versions.
Enterprise users
Carrier users
NE40E-X3(AC)
4.2.2 Evolutionability
Advanced 2T Platform
The NE40E, based on a 2T platform, is designed to conserve energy and reduce emissions. 1T
and 2T boards are provided. The NE40E can carry large-volume service traffic, satisfying the
increasing bandwidth demand of future networks. The VRP-based NE40E is compatible with
most of the line cards currently in use and shares the NMS with devices on the live network,
protecting carriers' investments to the largest extent. With high port density and compact
design, the NE40E chassis efficiently reduces the required installation space.
On NE40E-X8As, LPUI-2Ts can work only with 2T CR5D0SRUAA70s (BOM number: 03058135) and
2T CR5DSFUIU07Ds (BOM number: 03058136), not any other types of MPUs/SRUs and SFUs. On
NE40E-X16As, LPUI-2Ts can work only with 2T CR5DSFUIT27Bs (BOM: 03057825), not any other
types of SFUs. On NE40E-X16As, 2T CR5DSFUIT27Bs (BOM number: 03057825) can work only with
LPUF-200s (excluding LPUF-200-Es with the BOM number 03057177), LPUI-200s, LPUF-480s,
LPUI-480s, LPUI-1Ts, and LPUI-2Ts, not any other types of LPUs. On NE40E-X8As, 2T
CR5D0SRUAA70s (BOM number: 03058135) and CR5DSFUIU07Ds (BOM number: 03058136) can
work only with LPUF-200s (excluding LPUF-200-Es with the BOM number 03057177), LPUI-200s,
LPUF-480s, LPUI-480s, LPUI-1Ts, and LPUI-2Ts, not any other types of LPUs.
Flexible VS Functions
As an important feature of the next-generation IP bearer devices, virtual system (VS) plays an
active role in centralized operation and reduction of capital expenditure (CAPEX) and
operational expenditure (OPEX). Large physical routers (PRs) can be divided into multiple
small independent VSs, optimizing physical resource allocation.
VSs can:
Reduce CAPEX and OPEX.
Flatten networks.
Support multi-service networks.
Different services are deployed on different VSs, forming a logical multi-service network.
This isolates different types of services to improve security and reliability.
Verify new services.
New services, such as IPv6 and video services, can be verified on VSs. This isolates
services and does not affect existing network applications.
5 Usage Scenarios
Core layer
Aggregation layer
Access layer
CR
NE5000E
BR
NE40E SoftX3000
AR
NE40E
Considering the status quo of existing bearer networks, carriers need to construct a set of core
bearer networks to carry 4G, 5G and NGN services. As new services and technologies develop
in a competitive market, the new IP bearer network will become a next-generation
multi-service bearer platform that supports NGN, video conference, video phone, streaming
media, enterprise interconnection, and 4G, 5G services.
In this solution, the NE40E acts as the core router, which forwards data at a high speed and
ensures high reliability. The NE40E acts as the edge router and access router, which provides
access for NGN voice, signaling, network management, and VIP services.
This solution has the following characteristics:
The core layer uses a dual-plane structure, and the NE40Es are fully meshed.
The BR is dual-homed to the CR.
Redundant devices are deployed on each important node.
MPLS VPN, which implements user and service isolation, is planned by the carrier by
considering all site entities.
VPN FRR is deployed on all PEs.
High reliability technologies, such as TE FRR, GR, BFD for VRRP, and IGP fast
convergence, are used on the network.
Figure 5-2 shows how the NE40E is applied on an IPTV bearer network.
Internet
Backbone
network backbone IP bearer
network network
BRAS USR
Access
IP broadband access network layer Customer and NGN access
network
Broadband Customer
service NGN service
access
An IP MAN consists of three layers: core layer, service control layer, and access layer.
The NE40E is usually deployed as the core or aggregation node on IP MANs. The NE40E is
mainly deployed as the core, aggregation node, or service control node on IP MANs.
The core layer is responsible for high-performance and large-capacity data forwarding. It
requires a simple network structure as well as secure and reliable transmission of multiple
services. The IP/MPLS technology is deployed at the core layer, allowing the physical
network to implement multiple logical service bearer planes through the MPLS VPN
technology. To ensure network reliability, the core layer uses many reliability techniques, such
as device-level reliability, network-level reliability, and inter-AS reliability. The core-layer
devices have large capacities, high-density interfaces, and high forwarding performance,
meeting the requirements of the core layer.
The NE40E provides the following functions to meet the IP MAN core layer requirements:
The NE40E has a powerful switching capacity. The interface capacity of a single system
reaches 640 Gbit/s. The NE40E provides 100GE interfaces at line speed and
high-density GE interfaces.
The NE40E provides powerful routing capabilities and various routing protocols. The
NE40E supports IP/MPLS and provides multiple VPN solutions, such as BGP/MPLS
L3VPN and MPLS L2VPN. In this manner, multiple services are carried over the logical
bearer plane of the core network, and service isolation and security can be implemented.
TheNE40E supports Seamless MPLS. Seamless MPLS is a bearer technique that extends
MPLS techniques to access networks. Seamless MPLS establishes an E2E LSP across
the access, aggregation, and core layers. All services can be encapsulated using MPLS at
the access layer and transmitted along the E2E LSP across the three layers. Seamless
MPLS simplifies network provisioning, operation, and maintenance.
The NE40E supports inter-AS VPN Option A/B/C. This guarantees inter-AS service
reliability.
The NE40E provides carrier-class reliability, such as redundancy of key modules and
in-service patching. In addition, the NE40E provides various FRR techniques, such as IP
FRR, LDP FRR, and TE FRR.
The service control layer supports user access management, security control, and service
control and provides a platform for the operation of telecommunications services to
implement user-level management and control.
The NE40E supports IPoE/PPPoE/L2TP user access and integrates functions of the
conventional BRAS such as user authentication, call control, policy control, QoS guarantee,
and security guarantee over various services. In this way, the requirements of the service
control layer are met and the weakness of conventional routers and firewalls that cannot meet
carrier-class operation requirements is overcome, greatly reducing the operation cost.
PE PE
NE40E
NE40E IPv6 Internet
IPv6/IPv4 NE40E
NE5000E
IPv6 Core
NE5000E
PE PE
NE5000E
NE40E NE40E IPv4 Internet
IPv6
IPv6 EDGE
L3 L3
Switch Switch
L2
MA 5200 Switch
When IPv4 and IPv6 coexist on the backbone network, IPv4 forwarding or MPLS VPN can
be used to ensure that existing IPv4 services are not affected. In addition, the following
requirements must be met:
Interconnection between separate IPv6 networks
Interworking between IPv6 and IPv4 networks
To meet the preceding requirements, NE40Es, and NE40Es can work together to provide the
following solutions:
All routers on the backbone network support the IPv4/IPv6 dual stack. IPv4 services are
forwarded using IPv4, and IPv6 services are forwarded using IPv6.
The separate IPv6 networks are interconnected over 6to4 or manually configured Layer 3
tunnels. The core routers only need to support IPv4 forwarding and do not need to be
upgraded.
The separate IPv6 networks are interconnected over MPLS L2VPN connections, such as
VPLS or CCC connections. The core routers only need to support MPLS forwarding.
The interworking between IPv6 and IPv4 networks is implemented by configuring
NAT-PT on gateways.
Figure 5-5 Telecommunications service gateway solution with the separated control and
forwarding plane architecture
AAA
DHCP Portal
vBRAS-CP
Core DC
Enterprise
ACC-SW
Internet
Home Network
AGG-SW vBRAS-UP CR
OLT
Backbone
User Access Aggregation layer Core layer
layer
The IT-based telecommunications network is the trend for future network evolution. The SDN
and NFV technology as the key technology for IT-based transformation of carrier networks is
growing mature. A large number of broadband remote access servers (BRASs) with complex
functions configured are deployed on edges of the IP bearer network to function as the
gateways for user access. Therefore, the BRAS is the key NE for IT-based transformation of
the IP bearer network and the core bearer of intelligence and openness of the entire network.
In response to the challenges facing the conventional BRAS, the SDN and NFV technology is
introduced and the vBRAS architecture based on the separation between the control and
forwarding planes and integrating the advantages of CT and IT is proposed.
In the telecommunications service gateway solution with the separated control and forwarding
plane architecture, the BRAS functions are jointly implemented on NEs of the control and
forwarding planes.
The VNE9000–CP is a control plane NE (vBRAS-CP) deployed in the core DC to
implement user control and management, including user access control, user
management, authentication, authorization, and accounting, address management, and
UP management.
The NE40E is a forwarding plane NE (vBRAS-UP) deployed in the convergence
equipment room to implement the forwarding of user datagrams, including traffic
forwarding, QoS, traffic statistics collection, and dynamic routing protocol.
6 Product Architecture
The data plane is responsible for high-speed processing and congestion-free switching of
data packets. It encapsulates and decapsulates packets, forwards IPv4/IPv6/MPLS
packets, performs QoS as well as scheduling and internal high-speed switching, and
collects statistics.
The control and management plane provides all control and management functions for
the system and is the core of the entire system. Control and management units process
protocols and signals and configure, manage, report, and control system status.
The monitoring plane monitors the ambient environment to ensure the secure and stable
operation of the system. It detects voltage levels, controls system power-on and
power-off, monitors the temperature, and controls fan modules. If a unit fails, the
monitoring plane isolates the faulty unit promptly so that the other units remain
unaffected.
Forwarding
Forwarding
OI I M
B V B R P T U A P H V R
SSI RG S D L N
S P G I C D R P
P I P M M D IP U E
A N P M P P P P L A N C S T X
F S P P C N
K L N C P
I M O L
SSP SMP P
N
BOS DRIVER F
NP LOGIC
PIC
Datagram Datagram
Congestion Queue
scheduling QoS in the
QoS in the management
downstream
upstream Queue Congestion
direction
scheduling management
TM Multicast replication
7 Technical Specifications
1. In the physical dimensions shown in the table, the width (W) does not include the rack-mounting
ears.
2. Temperature and humidity are measured at 1.5 m (4.92 ft.) above the floor and 0.4 m (1.31 ft.) in
front of the cabinet. There should be no protection board on the front or back of the cabinet.
3. "Short-term" refers to continuous working time that does not exceed 96 hours and accumulated
working time per year that does not exceed 15 days. If the working time exceeds either of these
values, it is considered "long-term".
4. The Bundle values in "Weight (full configuration)" include the weight of the interface boards in full
configuration.
8 Product Compatibility
The supported items of boards list in the Table 8-1 ("●" indicates supported items, "-"
indicates unsupported items).
9 Service Features
IPv4/IPv6 application
TCP UDP
IPv4 IPv6
Link layer
IP IPv4 TCP/IP protocol suite, including ICMP, IP, TCP, UDP, socket
features features (TCP/UDP/Raw IP), and ARP
Static DNS and DNS client/server
FTP client/server and TFTP client
DHCP relay agent/DHCP Server
Ping, tracert, and NQA
NQA can detect the status of ICMP, TCP, UDP, DHCP, FTP,
HTTP, and SNMP services and test the service response time.
IP policy-based routing (PBR) and flow-based next hop to
which packets are forwarded
IP PBR-based load balancing
Load balancing in unequal cost multiple path (UCMP) mode
Dynamic load balancing
IPv4 load balancing among QinQ interfaces (including QinQ
and Dot1q VLAN tag termination sub-interfaces)
Enabling and disabling the rapid ping reply function on
interface boards
IP IPv6 IPv6 neighbor discovery (ND)
features features Path MTU (PMTU) discovery
TCP6, ping IPv6, tracert IPv6, and socket IPv6
DHCPv6 relay
IPv6 PBR
IP IPv4/IPv6 IPv6 over IPv4 tunnels
features transition 6PE and 6vPE tunnels
Routing Unicast IPv4 routing protocols, including RIP, OSPF, IS-IS, and
protocols routing BGP4
IPv6 routing protocols, including Routing Information
Protocol Next Generation (RIPng), OSPFv3, IS-ISv6, and
10 Security Features
Feature Description
User management User authorization in AAA management
Refined user authority control, including user-group-based
control and task-group-based control
Hierarchical command authority management, preventing
unauthorized users from operating devices
HWTACACS authentication and authorization
Security AAA
authentication Plaintext authentication and MD5 ciphertext authentication
supported by routing protocols (RIPv2, OSPF, IS-IS, and
BGP)
MD5 ciphertext authentication supported by LDP and RSVP
SNMPv3 encryption and authentication
URPF The NE40E supports URPF for IPv4/IPv6 traffic.
MAC address MAC address limit
MAC entry deletion
Unknown traffic limit Bandwidth allocation
User traffic management
NOTE
The unknown traffic limit feature is implemented on a Layer 2 network to
maximize network bandwidth usage and ensure network security.
Feature Description
Filtering of BGP traffic based on the route attribute carried in
BGP packets.
IGMP snooping The NE40E supports IGMP snooping on Layer 2 interfaces and
VPLS PWs.
MLD snooping The NE40E supports MLS snooping on Layer 2 interfaces and
VPLS PWs.
Proactive loop The NE40E supports proactive loop detection on Ethernet
detection interfaces.
DHCP snooping The NE40E can defend against the following attacks:
Bogus DHCP server attack
Man-in-the-middle attack
IP/MAC spoofing attack and DHCP exhaustion attack
Starvation attack
DoS attack
Keychain Keychain authentication for non-TCP applications
Keychain authentication for TCP applications
Packet header Obtaining of packet headers to be sent to CPUs
obtaining Obtaining of packet headers to be forwarded
Local attack defense Whitelist
Blacklist
CPU total CAR
User-defined list
Active link protection (ALP)
The NE40E protects TCP-based application-layer data, such as
session data, using the whitelist function.
Uniform configuration of CAR parameters
Smallest packet compensation
Association between the application layer and lower layers
Local URPF
Management and service plane protection
Defense against TCP/IP packet attacks
Attack source tracing
Discarding and rate limit based on the TTL range
GTSM BGP GTSM
OSPF GTSM
LDP GTSM
SSHv2 The NE40E supports the STelnet client and server and the SFTP
client and server. Both support SSHv1 (SSH1.5) and SSHv2
(SSH2.0).
Feature Description
IPsec Transport mode and tunnel mode
IKEv1 and IKEv2
GRE over IPsec
NAT traversal
IPsec L3VPN
Packet fragmentation and reassembly
Keepalive and DPD for peer detection
Dynamic and remote IPsec access
IPsec Public Key Infrastructure (PKI)
Pre-shared key
CMPv2, which manages certificates online and simplifies
certificate management and maintenance
IPsec dual-device backup
VXLAN over IPsec
System integrity Digital signature
protection Trusted computing
Function Description
Configuration mode Command-based configuration
Configuration through the console interface
Remote Telnet access
SNMP-based configuration using the NMS
Two-phase configuration validation mode
Configuration rollback
NMS-based configuration
NETCONF (XML)
SNMP (MIB)
System management and The NE40E provides the following system management and
maintenance maintenance functions:
DCN plug and play
DHCP plug and play
Board detection, hot swap detection, Watchdog, board
reset, RUN indicator control, fan and power supply control,
system debugging, master/slave switchover control, and
version query
Local and remote software upgrading and data loading,
version rollback, and data backup, saving, and clearing
Hierarchical user authority management, operation log
management, command online help, and command
comments
Three user authentication modes: local authentication,
RADIUS authentication, and HWTACACS authentication,
which authenticate and authorize users using commands
and an SNMP-based NMS
Network management over inband and outband channels
Multi-user operations
Layer 2 and Layer 3 interface information queries
Hierarchical alarm management, alarm classification, and
Function Description
alarm filtering
Support for the shutdown and undo shutdown commands
on interfaces and optical modules
Network monitoring NetStream
IPFIX
802.3ah
802.1ag
Y.1731
NQA
IP FPM
TWAMP
RFC 2544
Bit-error-triggered protection switching
Enhanced Media Delivery Index (EMDI)
Device operation The information center receives and processes the following
monitoring types of information:
Logs
Debugging information
Traps
There are eight severity levels for the preceding types of
information. The lower the level, the higher the severity.
The NE40E can output the preceding types of information to a
log host or user terminal. Logs and traps are output through the
SNMP agent or buffer.
System service and status The NE40E provides the following functions for tracking
tracking system services and status:
Monitors the changes of routing protocol state machines.
Monitors the changes of MPLS LDP state machines.
Monitors the changes of VPN state machines.
Monitors the types of protocol packets sent by the
forwarding engine to the control plane and displays detailed
packet information by enabling debugging.
Monitors abnormal packets and collects statistics.
Displays a notification when the abnormality process starts.
Collects statistics about the resources used by each feature.
System test and diagnosis Debugging
Ping
Tracert
Real-time CPU usage query
Online debugging The NE40E provides the mirroring function, allowing you to
map specific traffic to an observing interface for online
Function Description
debugging. The mirroring function allows maintenance
personnel to analyze network operating status.
Upgrade ISSU
System upgrade
Dynamic loading
Version rollback
License The NE40E provides a license management platform to
implement flexible license authorization for service modules.
The license management platform allows you to:
Purchase only required functional modules, reducing
purchasing costs.
Extend device functions and expand the device capacity by
purchasing new licenses.
Other operation and The NE40E also supports the following functions:
maintenance functions Hierarchical command authorization to prevent
unauthorized access
Online help obtained by entering a question mark (?)
Rich and detailed debugging information for network fault
diagnosis
DOSKEY-like function that allows specific historical
commands to be run
Fuzzy matching of keywords using the command resolver,
for example, "disp" for a display command
12 NMS
U2000
The NE40E is managed by the Huawei iManager U2000 unified network management system
(U2000). With an industry-leading flexible architecture, the U2000 provides rich and unified
northbound interfaces (NBIs). U2000 supports multiple operating systems and provides
multilingual graphical user interfaces (GUIs), such as the topology view, panel view, and
terminal management view. You can use the U2000 to manage Huawei transport devices (such
as WDM devices), access devices (such as DSLAM devices), and IP devices (such as routers
and switches) in a centralized manner.
U2000 uses SNMP or NETCONF to communicate with the NE40E for management and
maintenance.
U2000 allows you to:
Manage distributed network devices in a centralized manner and deploy services in
batches, reducing operation costs.
Analyze network operating status and service bottlenecks so that network resources can
be appropriately planned and allocated based on collected network performance
statistics.
Monitor, forecast, and detect network faults to improve network reliability and service
quality.
eSight
eSight is a new-generation management and maintenance system developed by Huawei for
enterprise agile campus networks and branch networks. It implements unified management of
and intelligent interaction between enterprise resources, services, and users.
eSight supports centralized management of basic enterprise networks, unified management of
Huawei network devices, WLAN monitoring and configuration management, and network
quality monitoring and analysis through Packet Conservation Algorithm for Internet (iPCA),
service level agreement (SLA), and network traffic analyzer (NTA). In addition, eSight
provides a flexible and open platform, which enables enterprises to customize intelligent
network management systems.
eSight manages Huawei routers through SNMP. For the NE40E, eSight supports only basic
NE management.
Feature Description
Regulation The NE40E complies with the following energy conservation and
compliance emission reduction regulations:
Directive 2002/95/EC on the Restriction of the Use of Certain
Hazardous Substances in Electrical and Electronic Equipment
(RoHS)
Regulation (EC) No 1907/2006 concerning the Registration,
Evaluation, Authorization and Restriction of Chemicals
(REACH)
Directive 2002/96/EC on waste electrical and electronic
equipment (WEEE)
ATIS-0600015.03.2009 Energy Efficiency for
Telecommunications Equipment: Methodology for Measurement
and Reporting for Router and Ethernet Switch Products
Directive 2009/125/EC establishing a framework for the setting
of ecodesign requirements for energy-related products (recast)
Power The NE40E provides the following power consumption management
consumption functions:
management Power supply management
Device- and board-based power consumption query
Configuration and query of the energy conservation mode
Power To reduce power consumption, the NE40E:
consumption Allows fan modules to automatically adjust the fan speed based
reduction designs on environment temperature.
Allows you to run commands to power off boards, except the
master main control board.
Allows you to run commands to power off unused subcards and
interfaces on service boards.
Supports dynamic energy conservation for unused modules.
Supports dynamic energy conservation based on service loads.
Feature Description
Energy The energy conservation suggestions for the NE40E are as follows:
conservation Separate hot and cold air ducts in equipment rooms, place the air
suggestions intake vent of the NE40E besides the cold air duct, and prevent
hot air from entering the air intake vent.
Select the most appropriate AC power modules to prevent great
power loss caused by AC power light load (with a load ratio of
less than 30%).
Clean the dustproof nets regularly and keep the air intake vents
unblocked to reduce power consumption and noise.
Cover unused slots with filler panels and cap unused interfaces
with rubber plugs to ensure efficient heat dissipation.
Power off unused boards and interfaces.
Enable the NE40E to work in energy conservation mode.