Documente Academic
Documente Profesional
Documente Cultură
Website: http://www.huawei.com
Email: support@huawei.com
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Summary
This document describes the product features, hardware architecture, link features,
software features, operation and maintenance, network management, networking
applications, and technical specifications of the Quidway CX600 Metro Services
platform.
This document includes:
Chapter Details
5 Primary Service Features This chapter describes the service features of the
CX600.
Contents
1 Product Features............................................................................................................ 9
1.1 Positioning ................................................................................................................................ 10
1.2 Abundant Services .................................................................................................................... 10
1.3 High-Density LPUs .....................................................................................................................11
1.4 Powerful Forwarding Capacity ................................................................................................... 13
1.5 Perfect QoS Mechanism............................................................................................................ 13
1.6 Excellent Security Design .......................................................................................................... 14
1.7 Good IPv4 and IPv6 Compatibility.............................................................................................. 14
1.8 Compatibility and Extensibility.................................................................................................... 15
1.9 High Reliability .......................................................................................................................... 15
3.6.5 SPU.................................................................................................................................. 47
4 Link Features................................................................................................................ 49
4.1 Ethernet Link Features .............................................................................................................. 50
4.1.1 Basic Features.................................................................................................................. 50
4.1.2 Ethernet Bundling ............................................................................................................. 50
4.1.3 Virtual Ethernet Interface................................................................................................... 51
4.2 FR Link Features....................................................................................................................... 51
4.3 POS Link Features .................................................................................................................... 52
4.3.1 SDH/SONENT Encapsulation............................................................................................ 52
4.3.2 POS Interfaces ................................................................................................................. 52
4.3.3 POS Sub-interfaces .......................................................................................................... 52
4.3.4 POS Bundling ................................................................................................................... 52
4.4 CPOS Link Features.................................................................................................................. 53
4.4.1 Channelization .................................................................................................................. 53
4.4.2 PPP/HDLC........................................................................................................................ 54
4.5 ATM Link Features..................................................................................................................... 54
4.5.1 SDH/SONENT Encapsulation............................................................................................ 54
4.5.2 PVP/PVC.......................................................................................................................... 54
4.5.3 IPoA ................................................................................................................................. 54
4.5.4 ATM Sub-interfaces........................................................................................................... 55
4.5.5 ATM OAM ......................................................................................................................... 55
4.5.6 1483B ............................................................................................................................... 55
4.5.7 ATM Cell Relay ................................................................................................................. 56
4.6 CE1/CT1/E3/T3/CT3 Link Features ........................................................................................... 57
1 Product Features
Section Description
1.3 High-Density LPUs This section describes the types of LPUs supported
by the CX600.
1.6 Excellent Security This section describes the security design on the
Design CX600.
1.7 Good IPv4 and IPv6 This section describes the IPv4/IPv6 solutions
Compatibility supported by the CX600.
1.1 Positioning
Huawei Quidway CX600 Metro services Platform (MSP) is a high end Ethernet
product (hereafter referred to as the CX600). It focuses on carrier-class FMC Ethernet
services access, aggregation and transmission in metro area. It mainly locates at
metro access and aggregation point.
To meet different demands of users, the CX600 provides four types of devices:
CX600-16, CX600-8, CX600-4, and CX600-X3. The CX600-16 supports a maximum
of 16 LPUs, the CX600-8 supports a maximum of 8 LPUs, the CX600-4 supports a
maximum of 4 LPUs, and the CX600-X3 supports a maximum of 3 LPUs. You can
choose either CX600-16, CX600-8, CX600-4, or CX600-X3 according to the
networking demands.
Thanks to its hardware based forwarding mechanism and non-blocking switching
technology, CX600 is Developed on the basis of Huawei proprietary Versatile Routing
Platform (VRP) and it has carrier class reliability, line speed forward capability, perfect
QoS management, abundant services processing and excellent expansibility.
With its Ethernet access, level 2 switching and EoMPLS transmission capability,
CX600 also supports abundant level IP services. It can provide wide band Internet,
Triple Play, IP special line, IP VPN services and etc. CX600 can perfectly co-work with
some Huawei products such as CX200/300, NE80E, CX600, ME60 and MA5200G to
set up a clearly hierarchical metro Ethernet to multiple services.
l Provides rich Layer 2 service features, such as Layer 2 VLAN, selective QinQ,
QinQ termination, Provider Backbone Bridging-Traffic Engineering (PBB-TE),
Rapid Ring Protection Protocol (RRPP), Spanning Tree Protocol (STP), Rapid
Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP).
10GE 4 CX600-16:32
CX600-8:16
CX600-4:8
CX600-X3:6
GE 24 CX600-16:384
CX600-8:192
CX600-4:96
CX600-X3:72
FE-TX 96 CX600-16:1536
CX600-8:768
CX600-4:384
CX600-X3:288
FE-SFP 24 CX600-16:384
CX600-8:192
CX600-4:96
CX600-X3:72
155M ATM 16 CX600-16:256
CX600-8:128
CX600-4:64
CX600-X3:48
10G RPR 1 CX600-16:16
CX600-8:8
CX600-4:4
2.5G RPR 4 CX600-16:64
CX600-8:32
CX600-4:16
622M ATM 8 CX600-16:128
CX600-8:64
CX600-4:32
CX600-X3:24
CE1/CT1 96 CX600-16:1536
CX600-8:768
CX600-4:384
CX600-X3:288
E3/T3/CT3 16 CX600-16:256
CX600-8:128
CX600-4:64
CX600-X3:48
The perfect QoS mechanism answers the demands of the IP Telephony Network
(IPTN). It provides guaranteed delay, jitter, bandwidth, and packet loss ratio of
different services. It guarantees the launch of carrier-class services such as Voice
over IP (VoIP) and meets the requirements for the development of multi-service IP
networks.
l Supports various IPv6 over IPv4 tunnels and IPv4 over IPv6 tunnels.
l Supports the routing table and the forwarding table with large capacities. This
enables the CX600 to serve as the VPN Provider Edge (PE) and supports future
expansion of services.
l Supports the distributed forwarding of IPv4/IPv6 and Multiprotocol Label
Switching (MPLS).
l Supports IPv4/IPv6 dynamic unicast and multicast routing protocols.
Item Description
System The boards, power modules, and fans are hot swappable.
protection
mechanism The SRU/MPUs run in 1:1 backup mode.
Item Description
The system provides fault detection for the system and boards,
indicators, and the NMS alarm function.
Fault Data backup The system supports hot backup of the data
tolerance between the active and standby units. When
design the active unit fails, the standby unit
automatically takes over the active unit for data
transmission. This ensures that no data is lost.
Synchronization The system supports the synchronization
configuration between the SRU/MPUs and LPUs.
Item Description
2 System Architecture
Section Description
2.2 Logical System This section describes the logical architecture of the
Architecture CX600.
Integrated
Power distribution system chassis
-48 V RTN
-48 V RTN
-48 V -48 V
Ethernet
Except the network management system (NMS), all other systems are in the
integrated cabinet. Both the power distribution system is in 1+1 backup mode. The
following introduces only the functional host system.
The functional host system processes data. In addition, it monitors and manages the
whole system, such as the power distribution system, the fan heat dissipation system,
and the NMS through NMS interfaces.
Figure 2-2 shows the functional host system of the CX600.
Monitoring
Monitoring bus System monitoring
unit
Monitoring unit bus Management Management bus
Management bus switching unit
Management unit bus
(1) MPU
MPU
(Active)
System backplane
POS/Ethernet Monitoring
Physical Forwarding
bus System monitoring
interface unit unit unit
Serial link Management
group Management bus
LPU bus switching unit
(1) MPU
MPU
Monitoring (Slave)
bus Monitoring
Monitoring unit
bus Switching network
Management monitoring unit
Management unit Management
bus Switching network
bus control unit
POS/Ethernet
Physical Forwarding
interface unit unit Switching network
Serial link Serial link
group group
LPU
SFU module
(1): The link connects to management bus switching unit of another MPU
Monitoring Monitoring
unit unit
Monitoring
plane
System
Monitoring monitoring unit Monitoring
unit unit
Management Management
unit Switching network unit
control unit
Forwarding Forwarding
unit Switching unit
Data plane network
SFU
Forwarding Forwarding
unit unit
LPU LPU
l The data plane is responsible for high speed processing and non-blocking
switching of data packets. It encapsulates or decapsulates packets, forwards
IPv4/IPv6/MPLS packets, performs QoS and scheduling, completes inner
high-speed switching, and collects statistics.
l The control and management plane is the core of the entire system. It controls
and manages the system. The control and management unit processes protocols
and signals, configures and maintains the system status, reports and controls the
system status.
l The monitoring plane monitors the system environment. It detects the voltage,
controls power-on and power-off of the system, monitors the temperature and
controls the fan. In this way, the security and stability of the system are ensured.
It can isolate the fault promptly in the case of a unit failure to guarantee the
operation of the other parts.
Fan
Power monitoring
monitoring
RPS RPS
SNMP Active Standby
IPC
In terms of the software, the CX600 consists of the Routing Process System (RPS),
power monitoring module, fan monitoring module, LCD control module, Forwarding
Support Unit (FSU), and Express Forwarding Unit (EFU).
l The RPS is the control and management module that runs on the SRU/MPU. The
RPSs of the active SRU/MPU and the standby SRU/MPU back up each other.
They support IPv4/IPv6, MPLS, LDP, and routing protocols, calculate routes, set
up LSPs and multicast distribution trees, generate unicast, multicast, and MPLS
forwarding tables, and deliver routing information to the LPU.
l The FSU implements the functions of the link layer and IP protocol stacks on an
interface.
l The EFU performs hardware-based IPv4/IPv6 forwarding, multicast forwarding,
MPLS forwarding, and statistics.
3 Hardware Architecture
Section Describes
3.1 Chassis This section describes the chassis of the CX600.
3.3 Power Modules This section describes the power supplies of the
CX600.
3.4 LCD This section describes the board cage of the CX600.
3.5 Board Cage This section describes the boards of the CX600.
3.6 Boards This section describes the chassis of the CX600.
3.1 Chassis
The CX600 consists of the components: integrated chassis, including the backplane;
power modules; ventilation and heat dissipation system and board cage.
l The chassis of the CX600-16 is 36 U high with the dimensions of 442 mm x 669
mm x 1600 mm (width x depth x height). The CX600-16 can be mounted in a
standard 19-inch cabinet or an N68E-22 cabinet. Figure 3-1 shows the
appearance of the CX600-16.
l The chassis of the CX600-8 is 20 U high with the dimensions of 442 mm x 669
mm x 886.2 mm (width x depth x height). The CX600-8 can be mounted in a
standard 19-inch cabinet or an N68E-22/N68E-18 cabinet. Figure 3-2 shows the
appearance of the CX600-8.
l The chassis of the CX600-4 is 10 U high with the dimensions of 442 mm x 669
mm x 442 mm (width x depth x height). The CX600-4 can be mounted in a
standard 19-inch cabinet or an N68E-22/N68E-18 cabinet. Figure 3-3 shows the
appearance of the CX600-4.
l The dimensions of the CX600-X3 vary with the types of power modules.
The CX600-X3 with DC power modules is 4 U high and the dimensions are
442 mm x 650 mm x 175 mm (width x depth x height). The CX600-X3 can be
mounted in a standard 19-inch cabinet or an N68E-22 cabinet. Figure 3-4
shows the appearance of the CX600-X3.
The CX600-X3 with AC power modules is 5 U high and the dimensions are
442 mm x 650 mm x 220 mm (width x depth x height). The CX600-X3 can be
mounted in a standard 19-inch cabinet or an N68-22E cabinet. Figure 3-4 and
Figure 3-5 show the appearance of the CX600-X3.
10
8
7
1. Panel of the 2. Fan frame 3. Board cage 4. Air intake 5. Plastic panel of the
fan frame frame power module
6. Power 7. Handle 8. Rack-mounting ear 9. Cabling
module trough
3.2 Fans
3.2.1 Ventilation and Heat Dissipation System
Ventilation and heat dissipation are performed from bottom up on the board cage of
the CX600-16 and CX600-8.
Ventilation and heat dissipation are performed from left to right on the board cages of
the CX600-4.
Ventilation and heat dissipation are performed from left to back on the board cages of
the CX600-X3.
l The fans integrated on the power module are located at the bottom of the
chassis.
l The air channels of the power module and the board cage are separated from
each other.
l The air flows from the front of the power module to the back for ventilation and
heat dissipation.
l Output under-voltage
l Input over-voltage
l Input under-voltage
l Over-temperature
l Short circuit
It also supports the alarm function.
3.4 LCD
3.4.1 Introduction
The LCD is used to display the information and status of the board, environment, fan
module, and power module.
LCD supports two display modes:
l Idle mode: the default mode. It is used to display the normal status of the system.
l Menu query mode: It can support 3-class menus at most.
3.4.2 Appearance
Figure 3-16 shows the appearance of the LCD.
L L L L M M L L L L L
P P P P P P P P P P P
U U U U U U U U U U U
L L L L S S S S L L L
P P P P F F F F P P P
U U U U U U U U U U U
1 0 11 12 13 19 20 21 22 14 15 16
The CX600-8 has one board cage, which has 12 slots. The slots can hold 8 LPUs, 2
SFUs (sharing one slot), and 2 SRUs.
Figure 3-18 is the schematic diagram.
1 2 3 4 9 11 10 5 6 7 8
S
F
L L L L S U S L L L L
P P P P R R P P P P
U U U U U S U U U U U
F
U
1 2 3 4 9 1210 5 6 7 8
The CX600-4 has one board cage, which has 8 slots. The slots can hold 4 LPUs, 2
SFUs (sharing one slot), and 2 SRUs.
SRU 6
SFU SFU 7 8
SRU 5
LPU 4
LPU 3
LPU 2
LPU 1
The CX600-X3 has one board cage, which has 5 slots. The slots can hold 3 LPUs and
2 MPUs.
Figure 3-20 is the schematic diagram.
MPU MPU 45
LPU 3
LPU 2
LPU 1
3.6 Boards
3.6.1 SRU
The Switch and Route Processing Unit (SRU) is an integrated unit of multiple
functional modules. The SRU provides the functions as described below by
integrating such units as the system control and management unit, the switching unit,
the system clock source, and the maintenance and management unit. The functions
and hardware implementation of each module is independent.
The main control module, clock module, and LAN switch module work in 1+1 hot backup mode,
and thus improving the reliability of the system.
3.6.2 MPU
The MPU integrates multiple functional modules such as the clock module, LAN
switch module, and Compact Flash (CF) module. As the system clock source and the
management and maintenance unit, the MPU runs as the core of system control and
management. It provides the functions of the control plane and the maintenance plane.
The MPU supports the clock board defined in IEEE 1588v2.
The MPU controls and manages the system. It is designed in 1:1 backup mode. The
MPU is composed of the main control unit, the system monitoring unit, the
management bus switching unit, and the clock unit.
l The main control unit processes network protocols and manages the whole
system. The main control unit of each MPU is connected with the management
bus switching unit of both the master and the slave MPUs. It controls and
manages all the functional units such as MPUs, SFUs, and LPUs. The main
control unit also communicates with the system monitoring unit. The system
monitoring unit reports the status and environment information about the
monitoring plane to the management control plane. And then the management
control plane sends control signals to the monitoring plane.
l The system monitoring unit collects the system monitoring information and
interacts with the main control unit. In addition, it monitors the status and
environment of its MPU. It communicates with the monitoring units in the system
or other boards or subsystems through the Monitorbus.
The management bus switching unit carries out the switching of the management bus.
It connects to the control units of two MPUs, all LPUs, and SFUs. Thus, there are two
sets of management buses in the system to perform the master/slave backup
protection no matter which Main_Control_Board is in master mode.
3.6.3 SFU
As the switching network unit of the CX600-16, CX600-8 and CX600-4, the SFU
switches data for the entire system.
On the CX600-16, the four SFUs operate in 3+1 load balancing and backup mode.
They share data processing. The whole system can thus support line-rate switching of
640 Gbit/s Gbit/s traffic.
On the CX600-8 and CX600-4, the two SFUs and the two switching units on the SRU
work in 3+1 load balancing mode. The entire system can thus switch the traffic at wire
speed of 640 Gbit/s.
There is a control channel on the SFU to provide the following functions:
l Detecting voltage, current, and temperature.
l Providing protections against over-voltage, over-current, and over-heat.
3.6.4 LPU
The CX600 provides multiple types of physical interfaces, including GE, POS, CPOS,
ATM, and RPR, and CE1/CT1/E3/T3/CE3/CT3 interfaces. These interfaces can
interconnect various network devices as required.
Function
The LPU consists of the Physical Interface Card (PIC), LPU module, and Fabric
Adaptor (FAD). These components work together to implement fast processing and
forwarding of the service data, and the maintenance and management of the link
protocol and service forwarding table. The main functions of each module are
described in Table 3-5.
The CX600 provides Common LPUs and flexible cards. CX600-X3 only provides
motherboard LPUF-10, motherboard LPUF-21 and their flexible cards.
Only CX600-16, CX600-8 and CX600-4 provide the fixed interface LPUs.
l Ethernet LPU
Table 3-6 lists the Ethernet LPUs supported by the CX600.
1-port 10G Ethernet optical interface LAN LPU (XFP optical module)
1-port 10G Ethernet optical interface WAN LPU (XFP optical module)
The Small Form-Factor Pluggable (SFP) and 10-Gigabit Small Form-Factor Pluggable
transceiver (XFP) are pluggable optical modules.
The 10G Ethernet optical interface LPUs can be classified into WAN LPUs and
LAN LPUs. The differences between the WAN LPUs and LAN LPUs are as
follows:
WAN LPUs need to encapsulate Ethernet frames in SDH/SONET frames
before transmitting them over optical fibers. Interfaces on a WAN LPU can be
connected to interfaces on other WAN LPUs or connected to SDH/SONET
transmission devices. WAN LPUs are mainly used for the Ethernet WAN
interconnection.
The flexible plug-in cards supported by the LPUF-10 are hot swappable. They
support automatic configuration restoration and card intermixing.
3.6.5 SPU
The SPU provides no interfaces and performs only integrated processing for specific
services. The CX600 provides multiple SPUs for load balancing.
The SPU provides the following functions:
l Integrated NetStream: The system samples packets on the LPU, and collects the
traffic statistics on the SPU. In this manner, the processing performance is high,
without affecting the forwarding capability. When initiating integrated NetStream
on the SPU, the system must be configured with a NetStream license.
l Integrated MVPN: When proving the integrated MVPN, the system must be
configured with a certain number of SPUs. The number of SPUs is determined by
the requirements of the MVPN performance. In addition, the system must be
configured with a MVPN License for SPU according to the number of SPUs.
l Integrated tunnel: includes the functions of lawful interception, GRE tunnels, and
IPv6 Provider Edge (6PE) tunnels. When starting the integrated tunnel on the
SPU, the system must be configured with the tunnel licenses the number of which
equals that of the SPUs. For example, if the system is mounted with three SPUs,
three tunnel licenses must be configured to enable the integrated tunnel.
4 Link Features
Section Description
4.1 Ethernet Link Features This section describes the features supported by
Ethernet links.
4.3 POS Link Features This section describes the features supported by
POS links.
4.4 CPOS Link Features This section describes the features supported by
CPOS links.
4.5 ATM Link Features This section describes the features supported by
ATM links.
l IPv4/IPv6 forwarding
l MPLS forwarding
l Multicast forwarding
l L3VPN
l L2VPN
The Layer 3 Eth-Trunk can support the creation of subinterfaces. Each Layer 3
Eth-Trunk can support a maximum of 4000 subinterfaces.
LACP (802.3ad)
The CX600 supports link aggregation in Link Aggregation Control Protocol (LACP)
static mode. Link aggregation in static LACP mode is in contrast with port bundling in
manual mode. Port bundling in manual mode requires neither LACP nor exchange of
protocol packets. The ISP alone decides the binding of ports. Link aggregation in
LACP static mode resorts to LACP and automatically maintains the port status by
exchanging protocol packets. The ISP, however, needs to set up the aggregation
group and add member links. LACP cannot change the configuration information.
The CX600 supports LACP that conforms to IEEE 802.3ad. Administrators can create
an Eth-Trunk, add member ports to the Eth-Trunk, and enable LACP on the Eth-Trunk.
The CX600 negotiates with the peer device to determine the interfaces for data
forwarding by exchanging LACP protocol packets. That is, they negotiate to determine
whether the outbound interfaces are in the selected or standby state.
LACP maintains the link status based on the port status. LACP adjusts or disables link
aggregation in the case of the aggregation changes.
Trunk
4.4.1 Channelization
A CPOS interface is a channelized POS interface. In channelization, multiple
independent channels of data are transmitted over an optical fiber by using low speed
tributary STM-N signals. During the transmission, each channel has its own bandwidth,
start and end points, and follows its own monitoring policy. Channelization can make
full use of bandwidth in transmitting multiple channels of low speed signals.
The channelization granularity of CPOS interfaces is as follows:
l A 155-Mbit/s CPOS interface can be channalized into 63 E1 channels, 84 T1
channels, or 1023 N x 64K channels.
l A 155-Mbit/s CPOS interface can be channelized into 3 E3/T3 channels.
The CX600 supports the bundling of E1/T1 channels. Up to 84 channels can be
bundled into a channel-set. A 155-Mbit/s CPOS interface supports up to 168
channel-sets.
4.4.2 PPP/HDLC
The CX600 provides CPOS interfaces at a rate of 155 Mbit/s. On the link layer, CPOS
supports the following protocols:
l PPP
l HDLC
PPP on CPOS interfaces supports the following:
l LCP
l IPCP
l MPLSCP
l MP
l PAP
l CHAP
4.5.2 PVP/PVC
ATM interfaces support PVP/PVC in the following aspects:
l VP/VC-based traffic shaping
l User-to-Network Interface (UNI) signaling
l RFC 1483: Multiprotocol Encapsulation over ATM Adaptation Layer 5
l RFC 1577: Classical IP and ARP over ATM
l F4 or F5 End to End Loopback OAM
l AAL5
l Nonreal-time Variable Bit Rate (nrt_VBR)
l Unspecified Bit Rate (UBR)
l Real-time Variable Bit Rate (rt_VBR)
l Constant Bit Rate (CBR)
4.5.3 IPoA
IP over ATM (IPoA) is a technology that bears IP services over the ATM network. It
inherits the fundamentals of TCP/IP and regards the ATM network as a physical
subnet. For IP protocols, the ATM network is equivalent to the physical subnet such as
the Ethernet. With IPoA applied, users can directly run IP-based network protocols
and applications on the ATM network.
The CX600 supports the following modes in setting up the mapping between PVCs
and the IP address of the peer device:
l Static mapping
l Inverse Address Resolution Protocol (InARP)
4.5.6 1483B
RFC 1483 defines the technological standards of transmitting multi-protocol data units
over the ATM network. The standards are as follows:
l 1484 Bridged
It is applied to the bridged Protocol Data Units (PDUs).
l 1483 Routed
It is applied to the routed PDUs.
It imitates the bridge function of the Ethernet network, so that the terminal devices on
the user side and the bridge devices on the network side are connected.
Figure 4-2 shows the stack protocol of 1483B.
TCP/UDP
IP
Ethernet
1483B
TCP/UDP AAL5
ATM
IP
Ethernet
ATM network
The IPoE Ethernet protocol stack is applied to a device on the user side. After 1483B
is configured on the ingress Router A on the ATM network, Router A can encapsulate
Ethernet packets into ATM cells, so that the received IPoE packets can be transmitted
transparently on the ATM network.
IP over Ethernet over ATM (IPoEoA) is the main application of 1483B supported by
the CX600. IPoEoA indicates that AAL5 bears Ethernet packets and Ethernet bears IP
packets. In this manner, the layer 2 forwarding of IPoEoA packets is implemented
between the Ethernet and PVC. IPoEoA converges the ATM backbone network and
the IP network. IPoEoA supports various Ethernet and IP services.
ATM Encapsulation
over PSN
PSN Transport Header Outer MPLS Label
Pseudo-wire Header Inner MPLS Label
MPLS PSN tunnel
identified by outer label ATM Control Word
ATM Service
The outer PSN label identifies the PSN tunnel, while the inner label, namely, PW
Header identifies a PW.
In ATM cell transport, the following two kinds of services are transmitted on the PSN:
l The services whose PW payload is ATM cells
l The services whose PW payload is AAL5 SDU/PDU
ATM cell transport can help transfer the earlier ATM or ISP network through the PSN
network without adding new ATM devices and changing the ATM CE configurations.
ATM CE routers consider the ATM cell transport service as the TDM leased line.
The CX600 support ATM cell transport over Permanent Virtual Circuit (PVC) and
Permanent Virtual Path (PVP).
Generally, the CX600 support the following ATM cell transport modes:
l ATM whole port cell transport
l 1-to-1 VCC cell transport
l N-to-1 VCC cell transport
l 1-to-1 VPC cell transport
l N-to-1 VPC cell transport
l ATM AAL5-SDU VCC transport
l PPP
l HDLC
l FR supported on CE1/CT1 interfaces
PPP on serial interfaces supports the following:
l LCP
l IPCP
l MPLSCP
l MP
l PAP
l CHAP
Section Description
5.1 Ethernet Features This section describes the Ethernet features
supported by the CX600.
5.4 MPLS Features This section describes the MPLS features supported
by the CX600.
5.5 VPN Features This section describes the VPN features supported
by the CX600.
5.6 IPTN Features This section describes the IPTN features supported
by the CX600.
5.7 QoS Features This section describes the QoS features supported
by the CX600.
5.8 Load Balancing This section describes the load balancing features
supported by the CX600.
5.9 Traffic Statistics This section describes the traffic statistics features
supported by the CX600.
5.10 IP Compression This section describes the IP compression features
supported by the CX600.
5.11 MSE Features This section describes the MSE features supported
by the CX600.
5.13 Network Reliability This section describes the high reliability features
supported by the CX600.
VLAN Trunk
A trunk is a P2P link between two routers. The interfaces on the connected routers are
called trunk interfaces. One VLAN trunk can transmit data flows from different VLANs
and allow the VLANs to contain the interfaces of many routers. The CX600 can
dynamically add, delete, or modify the VLANs of a VLAN trunk to maintain the
consistency of VLAN configurations in the entire network. The CX600 can also work
with non-Huawei devices for interworking.
VLANIF Interfaces
The CX600 supports VLANIF interfaces. You can assign IP addresses to VLANIF
interfaces and bind VLANIF interfaces to VPNs. This implements the Layer 3 access
of VLANIF interfaces. You can also bind VSIs to VLANIF interfaces to implement the
VPLS access.
VLAN Aggregation
Inter-VLAN routing is involved in the communication between VLANs. If each VLANIF
interface is assigned an IP address, IP address resources will be used up.
You can aggregate a group of VLANs to a super-VLAN. The VLANs in the
super-VLAN are called branch VLANs. A super VLAN is associated with an interface
at the IP layer. In addition, all branch VLANs in the super-VLAN use IP addresses in
the same network segment to improve the utilization of IP addresses.
Ethernet Sub-interfaces
The CX600 supports the configuration of sub-interfaces for a switched Ethernet
interface. You can configure Layer 3 services on the sub-interfaces and Layer 2
services on the main interface. In this manner, the switched Ethernet interfaces can
support both Layer 2 and Layer 3 services.
Ethernet Sub-interfaces
A common Ethernet sub-interface, which can belong to a VLAN only, functions as
follows:
l Terminates enterprise services.
l Supports complete routing protocols.
l Supports MPLS forwarding.
Super-VLAN Sub-interfaces
A super-VLAN sub-interface, which can belong to multiple VLANs, functions to
terminate the individual users' services. It supports the following features to ensure
security:
l DHCP relay
l DHCP binding
l URPF
l ACLs
MSC- MSC-
SERVER SERVER
NC
RNC PSTN
Mc IP Mc
Iu-CS
IP
Node B Nb
Iu-PS MGW MGW
Iur
IP SS7/TDM IP SS7/IP
HLR SCP
PS
IP IP t
Iu-PS I n ter
e rne
Gi
Node B RNC SGSN GGSN
In a wireless network, Ethernet links have high requirements for clocks. As shown in
Figure 5-1, in the future IP-RAN solution, the IP network runs as the bearer layer
between Node B and the RNC. With Ethernet clock synchronization, clock
transmission in the IP network can be guaranteed.
In addition, Ethernet clock synchronization supports the backup of the clock reference
source to enhance the reliability of links. When an Ethernet link becomes Down, the
system automatically selects the backup Ethernet interface to extract clock
information.
5.1.4 PBB-TE
Provider Backbone Bridging-Traffic Engineering (PBB-TE) is a connection-oriented
Ethernet technology that combines the features of telecom networks. Through
PBB-TE, MANs adopt the Ethernet technology to transmit Ethernet services. PBB-TE
is based on Provider Backbone Bridge (PBB) defined in IEEE 802.1ah, that is, the
MAC-in-MAC technology.
In compliance with IEEE 802.1ah, the CX600 supports the MAC-in-MAC technology.
P2P and MP2MP transmission of services can be carried out based on the
architecture of Ethernet. This implements the Ethernet technology in the MAN, even
the WAN from the access layer, convergence layer, to the core layer.
MAC-in-MAC is a tunneling technique based on MAC stacking. In MAC-in-MAC, the
MAC address of an ISP is encapsulated outside the MAC address of a user Ethernet
frame. Then, the user Ethernet frame is transparently transmitted across the public
network.
Deployed between two MANs, the MAC-in-MAC tunnel functions over the backbone
network of the ISP. For the ISP network, the MAC address of a user is isolated, which
enhances the security of services. In addition, double MAC addresses are applied,
which expands the space of MAC addresses.
The MAC-in-MAC tunnel can be set up between the CX600s. It supports fault
detection, fault location, and Automatic Protection Switching (APS). APS controls the
protection switching of tunnels. The CX600 supports 1+1 and 1:1 protection for the
MAC-in-MAC tunnels. The CX600 also supports the revertive mode, hold-off time, and
APS configuration mismatch test. This guarantees the fast recovery of services.
PBB-TE
UPE
Metro(+Core)
CE
CE
PBB-TE
Core
Metro
NPE
CE
In the P2P
application, end
nodes ignore the
user DA
PBB-TE
Trunk
UPE
Metro(+Core)
CE
CE
In the P2P
application, end
nodes ignore the
user DA
PBB-TE Core
Trunk
NPE
Metro
CE
CE
PE
Metro(+Core)
CE
PE PE
CE
PE
CE
5.1.5 QinQ
The QinQ protocol is a Layer 2 tunneling protocol based on the IEEE 802.1Q
technology. The QinQ technology expands the VLAN space by adding a new tag to a
packet that is already tagged through IEEE 802.1Q. The private VLAN packets are
thus transparently transmitted across the ISP network. This functions the same as a
Layer 2 VPN. The packets transmitted in the public network carry double 802.1Q tags,
one for the public network and the other for the private network. This is called
802.1Q-in-802.1Q, or QinQ for short.
The ISP network only provides one VLAN ID for different VLANs from the same user
network. This saves VLAN IDs of an ISP. Meanwhile, QinQ provides a Layer 2 VPN
solution that is easy to implement for LANs or small-scale MANs.
The QinQ technology can be applied to multiple services in Metro Ethernet solutions.
QinQ features the following:
l Packets from different users in the same VLAN are not transmitted transparently.
l Private networks are separated from the public network.
l The ISP's VLAN IDs are saved to the maximum.
Without being a formal protocol, QinQ is widely applied among carriers because it is
easy to implement. The introduction to selective QinQ (VLAN stacking) makes QinQ
more popular among carriers. With the development of the Metro Ethernet, all device
vendors have put forward their Metro Ethernet solutions. The QinQ technology plays
an important role in the solutions because of its simplicity and flexibility.
The CX600 provides rich QinQ features, which satisfies diverse networking
requirements.
Interface-based QinQ
Figure 5-7 shows the networking diagram of applying interface-based QinQ. A user
configures interface-based QinQ on the router. When the user's packets, carrying the
user's VLAN tag, arrive at the router, the router takes the user's packets as untagged
packets and adds a VLAN tag of the ISP outside the existing VLAN tag. The user's
packets then go through the VLAN tunnel of the ISP and reach the remote user. The
VLAN tag of the ISP is stripped from the packets.
VLAN100
VLAN200
VLAN-based QinQ
VLAN-based QinQ is also called selective QinQ. Figure 5-8 shows the networking
diagram of applying selective QinQ. With the development of services such as
broadband access, VoIP, and IPTV services, ISPs may want to assign inner VLAN
tags to different services. For example:
l VLANs 10001999: broadband access services
l VLANs 20002999: VoIP services
l VLANs 30003999: IPTV services
iManager N2000
PVC1001
PVC2001
PVC3001
Users access the DSLAM through multiple PVCs. The DSLAM transfers PVC IDs to
VLAN IDs. You can enable selective QinQ on the gateway to apply an outer VLAN tag
with the VLAN ID as 100 to broadband access services, an outer VLAN tag with the
VLAN ID as 200 to VoIP services, and an outer VLAN tag with the VLAN ID as 300 to
IPTV services. This breaks the limit of 4094 VLAN IDs for one ISP network. In addition,
services are distributed, which facilitates the ISP's service management.
Services are distributed in one of the following ways:
l Adds different outer VLAN tags based on VLAN ranges, that is, changes packets
with a single tag to packets with double tags. In this manner, services from
different terminals are distributed.
l Adds different outer VLAN tags based on different protocol numbers, that is, adds
a tag to protocol packets. In this manner, services from different terminals are
distributed.
l Changes outer VLAN tags based on the range of inner VLAN tags, that is,
replacing a single tag with another tag. In this manner, services of different use
types are distributed. This is also called VLAN mapping.
VLAN-based QinQ may serve as one of the VPLS modes to allow packets of private
VLANs to be transmitted transparently through the backbone network. It may also
serve as one of the L2VPN or PWE3 modes to allow packets of private VLANs to be
transmitted transparently through the backbone network. Such a QinQ mode is
implemented on switched interfaces.
The differences between VLAN-based QinQ and interface-based QinQ are as follows:
l In interface-based QinQ mode, user packets from the same user side are added
with the same outer VLAN tag on the PE.
l In VLAN-based QinQ mode, user packets from the same user side are added
with different outer VLAN tags according to user's VLAN tags.
Therefore, VLAN-based QinQ is more flexible than interface-based QinQ.
VLAN-based QinQ is thus called selective QinQ.
VLAN Stacking
The early QinQ technology is used on switches on Layer 2 networks. With VLAN
stacking, packets are forwarded at Layer 2 by means of the outer VLAN tag. The outer
VLAN usually refers to the VLAN to which an ISP network belongs. VLAN stacking is
usually applied on switched interfaces.
The sub-interfaces for VLAN stacking are deployed on PEs. A sub-interface identifies
a user VLAN and then performs VLAN stacking to user's Layer 2 packets. After that,
packets are forwarded at Layer 2 by means of the outer VLAN tag.
With a sub-interface for VLAN stacking, packets from a batch of user VLANs can be
transparently transmitted. Packets enter an L2VPN based on their outer VLAN tag
after VLAN stacking is implemented. The outer VLAN tag is transparent to the ISP.
User packets from different VLANs can thus be transparently transmitted.
VLAN stacking support the following:
l Access to the VPLS through the sub-interfaces for VLAN stacking
l Access to the VLL/PWE3 through the sub-interfaces for VLAN stacking
QinQ Termination
Sub-interfaces for QinQ VLAN tag termination refer to the sub-interfaces that
terminate the double VLAN tags of users. The difference between the sub-interfaces
for QinQ VLAN tag termination and the sub-interfaces for VLAN stacking is as follows:
For the sub-interfaces for QinQ VLAN tag termination, a PE removes the double
VLAN tags of user packets when they enter the ISP network.
Double VLAN tags for users have specific meanings. For example, the outer VLAN
tag specifies a service and the inner VLAN tag specifies a user. Sub-interfaces for
QinQ VLAN tag termination access the user and identify the service by terminating
double VLAN tags.
Sub-interfaces for QinQ VLAN tag termination are similar to common VLAN
sub-interfaces. In addition, sub-interfaces for QinQ VLAN tag termination are used to
terminate double VLAN tags and provide the following functions:
l IP forwarding
l L3VPN/PWE3/VLL/VPLS access
l Proxy ARP
l Unicast routing protocols
l VRRP
l DHCP server and DHCP relay
Sub-interfaces for QinQ VLAN tag termination terminate double VLAN tags in the
following ways:
l Exact termination
Double VLAN tags of specified VLAN IDs are terminated.
l Fuzzy termination
Double VLAN tags of VLAN IDs in a specified range are terminated.
In IEEE 802.1ad, the value of the EType field in the TPID is defined as 0x88a8.
1 00
0x 9
0x9100 Switch A
IP/MPLS
Core
Router A CX 0x 81
00
Router C
As shown in Figure 5-9, the inbound interface on the router needs to identify the
EType value 0x9100 in the outer TPID. The Etype values, such as 0x9100 and
0x8100, of different outer TPIDs can be set for devices of different manufacturers so
that devices of different manufacturers can be set with the same Etype value in the
outer TPID. This ensures communication between devices of different manufacturers.
Internet
/Intranet PE1
Multicast
source QinQ(VLAN1)
PE2
VLAN2 VLAN3
No matter whether multicast data packets or multicast protocol packets are received,
they are not encapsulated by QinQ. Instead, their packets are transmitted according
to the outer P-VLAN IDs. In IGMP snooping, only the P-VLAN ID mapping to the user
host is maintained. In forwarding, the system searches the member host of the
mapped multicast group according to the P-VLAN ID and replaces the P-VLAN tag
with the C-VLAN tag in the packet for forwarding.
RRPP Domain
Master CX-B
Node Edge Node
SwitchA
RRPP Sub-Ring 1
RouterA
RRPP Major-Ring
Master Node
Master Assistant Node
Node
Transit Node
RRPP Sub-Ring 2
CX-C
SwitchB
Polling Mechanism
Polling is a mechanism used by the master node on the RRPP ring to detect the
network status.
The master node sends Hello packets periodically from its primary port. The packets
are transmitted by the transit nodes on the ring. If the master node can receive the
packets from its secondary interface, it indicates that the link of the ring is in the
normal state; otherwise, the master node considers that a link fault occurs to the ring.
When the master node that is in the Failed state receives the Hello packets from its
secondary interface, it changes into the Complete state, blocks its secondary interface,
and refreshes the Forwarding Database (FDB).
The master node also sends packets from its primary interface to inform all transit
nodes to release the temporary blocked interface and refresh the FDB.
5.1.7 RSTP/MSTP
The Rapid Spanning Tree Protocol (RSTP) is an enhancement of the Spanning Tree
Protocol (STP). RSTP simplifies the processing of the state machine, blocks some
redundant paths with specific algorithms, and reconstructs the networks with loops to
a loop-free network. In this way, the packets are prevented from increasing and
infinitely looping. Compared with STP, RSTP speeds up the Layer 2 loop convergence.
In a Layer 2 network, only one Shortest Path Tree (SPT) is generated.
The Multiple Spanning Tree Protocol (MSTP) is the multi-instance RSTP. MSTP
supports the running of STP based on one or more VLAN. In a Layer 2 network,
MSTP can be generated.
5.2 IP Features
5.2.1 IPv4/IPv6 Dual-Protocol Stacks
Figure 5-12 shows the structure of the IPv4/IPv6 dual-protocol stacks.
IPv4/IPv6 Application
TCP UDP
IPv4 IPv6
Link Layer
l IP policy-based routing to specify the next hop based on the attribute of packets
without searching routes in the routing table
5.2.4 GRE
Generic Routing Encapsulation (GRE) is used to encapsulate packets of certain
network layer protocols (such as IPX or IP) so that the encapsulated packets can be
transmitted over the network on which another network layer protocol (such as IP) is
applied.
As a Layer 3 tunnel protocol for VPNs, GRE uses the tunneling technology. A tunnel
can be taken as a virtual interface that supports only P2P connections. The tunnel
interface provides a tunnel for datagram forwarding and the packets are encapsulated
and decapsulated at both ends of the tunnel.
GRE is applied to in the following situations.
IP IP
term 1 term 2
In Figure 5-13, Group 1 and Group 2 are the local networks running Novell IPX. Team
1 and Team 2 are the local networks running the IP protocol.
The tunnel between CX A and CX B adopts the GRE protocol; therefore, Group 1
communicates with Group 2 without affecting the communication between Team 1
and Team 2.
IP network
IP network IP network
Tunnel
PC PC
In Figure 5-14, the IP protocol is run on the network. Assume that the IP protocol limits
the hop count to 255. If the hop count between two PCs is greater than 255, they
cannot communicate. When the tunnel is used in the network, a few hops are hidden.
This enlarges the scope of the network operation.
GRE tunnel
VPN VPN
site1 VPN site2
CE PE backbone PE CE
l As shown in Figure 5-16, the two ends of the GRE tunnel reside on the PE router
in the network-based VPN.
VPN
backbone
VPN VPN
site1 GRE tunnel site2
CE PE PE CE
Usually, the MPLS VPN backbone network uses label switched paths (LSPs) as the
public network tunnel. If the core router P in the backbone network, however, provides
only the IP function without the MPLS function while the PE router at the network edge
has the MPLS function, the LSP cannot be used as the public network tunnel. Then,
you can use the GRE tunnel in place of the LSP to provide Layer 3 or Layer 2 VPN
solutions at the core network.
Figure 5-17 CEs accessing the MPLS VPN backbone network through the backbone
network based on the IP technology
VPN IP MPLS
network VPN
Site network Site
CE PE PE CE
To connect a CE to the MPLS VPN, you can create a logically direct connection
between the CE and the PE. That is, you can connect the CE and the PE by using the
public network or private network, and create a GRE tunnel between the CE and the
PE. Then, the CE and the PE can be regarded as being directly connected. When
associating the VPN with the PE interface that is connected to the CE, you can regard
the GRE tunnel as a physical interface.
IPv6 Header
IPv4 Header IPv4 Header
IPv4 Header
IPv4 Payload IPv4 Payload
IPv4 Payload
6PE
The IPv6 Provider Edge (6PE) router allows communication between the IPv6
isolated CE routers over the IPv4 network. See Figure 5-20. With 6PE routers, ISPs
can provide access services to the IPv6 network of isolated customers over the
existing IPv4 backbone network.
IPv4/MPLS
Cloud
IBGP
CE P CE
IPv6 Cloud IPv6 Cloud
Customer site Customer site
The 6PE router labels IPv6 routing information and floods them onto ISPs IPv4
backbone network through Internal Border Gateway Protocol (IBGP) sessions. The
IPv6 packets are labeled before flowing into tunnels such as the GRE tunnel and
MPLS LSP on the backbone network.
The IGP protocol used on the ISP network can be OSPF or IS-IS, and the protocol
used between CE routers and 6PE routers can be a static routing protocol, IGP or
EBGP.
When ISPs want to extend their IPv4/MPLS networks with IPv6 traffic exchange
capability, they can just update the PE router. Therefore, using the 6PE feature as an
IPv6 transition mechanism is a cost-effective solution for ISPs.
IGMP Snooping
The CX600 supports IGMP snooping for Layer 2, Layer 3, and QinQ interfaces, VPLS
PW, STP, and RRPP.
IGMP snooping listens to the IGMP messages between routers and hosts and sets up
the Layer 2 forwarding table for multicast data packets. In this manner, IGMP
snooping controls and manages the forwarding of multicast data packets to carry out
Layer 2 multicast.
IGMP snooping aims to control the flooding of multicast flows, forward packets as
required, and save network resources. For the interface that joins a multicast group
without transmitting IGMP Report messages for application, the device does not send
the multicast flow to the interface.
Multicast VLAN
Multicast VLAN refers to the VLAN that converges multicast flows. When users need
certain multicast flows, they send a request to the multicast VLAN. Then, the multicast
VLAN replicates the multicast packets to different user VLANs. This implements the
function of multicast across VLANs.
The CX600 forwards multicast packets through the multicast VLAN and replicates the
packets based on the multicast routing entries. Then, the CX600 sends these packets
to the VLANs of different users. Using the multicast VLAN, the CX600 can converge
the multicast flows of different user VLANs to one or several specified VLANs.
Multicast across VLANs enables the CX600 to send unicast and multicast packets
across different VLANs. This facilitates the management and control of multicast flows.
This can also save bandwidth resources and improve the network security.
Multicast VPN
With wide applications of Virtual Private Network (VPN), the requirements of users for
operating multicast services over VPNs are increasingly stringent. The CX600 adopts
the MD solution to implement multicast transmission over VPNs.
For details, see Section 5.5 VPN Features."
Multicast CAC
The CX600 supports multicast Call Admission Control (CAC). When multicast CAC
rules are configured, the number of multicast groups and bandwidth are restricted for
IGMP snooping on interfaces or the entire system.
Multicast CAC is part of the IPTV multicast solutions. With the development of the
IPTV, the number of program channels is bursting. The bandwidth of the access and
convergence network no longer satisfies the bandwidth requirements of users. The
previous static management is thus outdated. In this manner, the number of users
allowed to access each link must be set on the convergence network.
Multicast CAC restrains the generation of multicast forwarding entries. When the set
threshold is reached, no more forwarding entries are generated. This ensures the
processing capacity of the device and controls link bandwidth.
l An LSR is a core router on the MPLS network. It switches and distributes labels.
5.4.2 MPLS TE
Network congestion lowers the performance of the backbone network. The congestion
may be caused by insufficient resources or unbalanced load of network resources.
Traffic Engineering (TE) is introduced to address the congestion caused by
unbalanced load of network resources.
The MPLS TE technology integrates the MPLS technology with traffic engineering. It
can reserve resources by setting up the LSP tunnels to a specified path in an attempt
to avoid network congestion and balance network traffic.
In the case of resource scarcity, MPLS TE can preempt bandwidth resources of the
LSPs with low priorities. This meets the demands of the LSPs with large bandwidth or
for important services. In addition, when an LSP fails or a node is congested, the
MPLS TE can protect the network communication through the backup path and the
fast reroute (FRR) function.
MPLS TE provides the following functions:
l Processing of static LSPs
MPLS TE creates and deletes static LSPs, which require bandwidth but are
manually configured.
l Processing of Constrained Route-Label Switched Path (CR-LSP)
MPLS TE processes various types of CR-LSPs.
The processing of static LSPs is easier. CR-LSPs are classified into the types
described in the following sections.
RSVP-TE
RSVP is designed for the Integrated Service (IntServ) model and used on each node
of a path for resource reservation.
To put it simply, RSVP has the following characteristics:
l Unidirectional.
l Receiver-oriented: The receiver initiates a request for resource reservation and
maintains the resource reservation information.
l It uses a soft state mechanism to maintain the resource reservation information.
RSVP, after being extended, can support MPLS label distribution. It carries resource
reservation information when transmitting label-binding message. The extended
RSVP is called RSVP-TE, used as a signaling protocol to establish LSPs in MPLS TE.
Auto Route
In auto routes, LSPs participate in IGP route calculation as logical links. The tunnel
interface is taken as the outbound interface of packets. In this manner, LSPs are
considered as P2P links. The following describes two types of auto routes:
l IGP shortcut: The LSP is not advertised to the neighboring router. So, other
routers cannot use this LSP.
l Forwarding adjacency: The LSP is advertised to the neighboring router. So, other
routers can use this LSP.
Fast Reroute
FRR is a technology in MPLS TE to implement the partial protection of the network.
The switching speed of FRR can reach 50 milliseconds. This minimizes data loss
when the network fails.
FRR is only a temporary protection method. When the protected LSP becomes
normal or a new LSP is established, the traffic is switched back to the original LSP or
the newly established LSP.
After an LSP is configured with FRR, traffic is switched to its protection link and the
ingress node of the LSP attempts to establish a new LSP when a link or a node on the
LSP fails.
Auto FRR
The FRR technology requires that when configuring a protected tunnel, you must
configure a bypass tunnel to bind to it. When a link or a node is Down, the data flow
can be automatically switched to the bypass tunnel.
In the FRR protection, the bypass LSP must be configured manually. If it is not
configured, the protected LSP cannot be protected. The Auto FRR can solve the
preceding problem.
Auto FRR is an extension of MPLS TE FRR. Bypass LSPs can be automatically set
up along the LSP after you configure the attributes of bypass LSPs, global Auto FRR
attributes, and Auto FRR attributes of the interface. In addition, when the primary LSP
changes, the original bypass LSPs can be automatically deleted and new bypass
LSPs are set up.
CR-LSP Backup
The LSP that is used to protect the primary LSP in the same tunnel is called the
backup LSP. When the ingress detects that the primary LSP is unavailable, it switches
traffic to the backup path. After the primary LSP recovers, traffic is switched back to
the backup LSP. In this manner, the traffic on the primary LSP is protected.
The CX600 supports the following methods of backup:
l Hot backup: The backup CR-LSP is established immediately after the primary
CR-LSP is established. When the primary CR-LSP fails, MPLS TE switches traffic
immediately to the backup CR-LSP.
l Ordinary backup: The backup CR-LSP is established when the primary CR-LSP
fails.
LDP over TE
In existing networks, not all devices support MPLS TE. Only the devices in the core of
the network support TE and the devices at the network edge use LDP. The application
of LDP over TE is then put forward. The TE tunnel is considered as a hop of the entire
LDP LSP.
LDP is widely used in MPLS VPNs. To prevent the congestion of VPN traffic on certain
nodes, you can configure LDP over TE.
10 R3 10
CX1 R2 R5 CX6
20 10
R4
Figure 5-21 shows the MPLS VPN networking. Here, LDP is used as the signaling
protocol.
As the PE router, CX 1 and CX 6 discover that the links between Router 2 and Router
3 are rather congested after a large amount of user access. This also happens
because the traffic between Router 1 and Router 6 must pass through this link. The
link between Router 2 and Router 4 is free. The LSP, however, cannot use the link
between Router 2 and Router 4 for the influence of the IGP cost value.
Establish the TE tunnel passing through Router 4 between R2 and R5, and adjust the
metric value of the IGP shortcut. Thus, the two routes of R2 implement load balancing:
l The physical interface between R2 and R3
l The TE tunnel interface from R2 to R5
LDP establishes the LSP for load balancing to let traffic go along the idle link.
CV
F FD /F
FD
C V/
Ingress Egress
LSR LSR
BD I
I BD
l GRE tunnel
If the PE router at the edge of the ISP network supports MPLS, whereas the P
router supports only IP, an LSP cannot be used as the public tunnel. In this case,
a GRE tunnel can be used on the VPN backbone network.
l TE tunnel
When reroute is configured or traffic is forwarded through multiple paths, multiple
LSPs may be needed. In TE, this set of LSPs is called a TE tunnel. The TE tunnel
is identified by the tunnel ID and LSP ID. The tunnel ID is used to uniquely define
a TE tunnel.
VLL
Figure 5-23 shows the networking of a VLL supported by the CX600.
VPN1 site2
PE-ASBR
VPN2 site2 PE
Support inter-AS
solutions:
VRF-to-VRF
MP-Multihop EBGP
PE-ASBR
After both the AC and VLL tunnel become Up, the CEs on both ends can
transmit and receive IP packets.
After an VLL connection is established, the IP packets are processed as follows:
After receiving an IP packet from the CE, the PE decapsulates the link layer
encapsulation and transmits the IP packet across the MPLS network.
The IP packet is transparently transmitted to the peer PE across the MPLS
network.
The peer PE re-encapsulates the IP packet according to its link layer protocol
and transmits the packet to its directly connected CE.
The link control packet sent by the CE is processed by the PE without entering
the MPLS network.
All non-IP packets such as MPLS and IPX packets are discarded.
l Inter-AS VLL
The implementation of an inter-AS VLL depends on the actual environment. In
CCC mode, the label is of a single layer. Therefore, the inter-AS can be
implemented after a static LSP is set up between ASBRs. The following
describes the implementation of an inter-AS VLL in comparison with the three
methods of implementing an L3VPN.
The SVC, Martini, and Kompella modes can implement the inter-AS VLL
Option A (VRF-to-VRF). In an inter-AS VLL network, the link type between the
ASBRs must be the same as the VC type. In inter-AS Option A, each ASBR
must reserve a sub-interface for each inter-AS VC. If the number of inter-AS
VCs is small, Option A can be used. Compared with the L3VPN, the inter-AS
Option A of the VLL consumes more resources and requires more
configuration workload, which is not recommended.
Option B requires the exchange of both the inner label and the outer label on
the ASBR. Therefore, Option B is not suitable for the VLL.
Option C is a better solution. The devices on the ISP network only need to set up
the outer tunnel on PEs in different ASs. The ASBR does not need to maintain
information about the inter-AS VLL or provide interfaces for the inter-AS VLL. The
VLL information is exchanged only between PEs. Thus, the resources
consumption and the configuration workload decrease.
VPLS
Figure 5-24 shows the networking of VPLS. Several virtual switches (VSs) can be
created on a PE router. VSs on different PE routers form an L2VPN. LANs at the user
end can access the L2VPN through VSs. In this manner, users can expand their own
LAN over the WAN. VPLS can be taken as the VS across public networks. Like
L3VPN, it establishes LSPs on public networks for traffic transmission.
CE
VLAN1 CE
VLAN1
VSI 1 VSI 1
PE PE
VSI 2 VSI 2
CE
VSI 1 VSI 2 CE
VLAN2
VLAN2
PE
CE CE
VLAN1 VLAN2
VPLS requires that users access the network through Ethernet links. It forwards
packets according to the VLAN ID. For communication with remote users, a Virtual
Channel (VC) that can traverse the public network is established between PE routers,
and the VC is associated with the VLAN ID. Users communicate with each other over
the Layer 2 tunnel through the VC. The VLAN ID is used to identify the users' VPN.
When establishing a VC, the PE router allocates double labels to the VC. The outer
label is the MPLS LSP label of the public network and is allocated by LDP or
RSVP-TE. The inner label is the VC label and is allocated after the negotiation
between the remote LDP sessions on loopback interfaces.
The CX600 supports the following networking models:
l QinQ VPLS
QinQ is a tunnel protocol based on IEEE 802.1Q. In QinQ, the VLAN tag of
private networks is encapsulated in the VLAN tag of public networks. The packets
carry double tags when being transmitted across the ISP's backbone network.
This saves VC resources and provides users with an L2VPN tunnel easy to
implement.
l HVPLS
VPLS requires that PE routers forward Ethernet frames through the full-mesh
Ethernet emulation circuit or Pseudo-Wire (PW). Therefore, all PE routers must
be connected to each other in the same VPLS. If there are N PEs in a VPLS
network, the VPLS has N x (N 1)/2 connections. When the number of PEs
increases, the number of VPLS connections increases by N2.
Hierarchical Virtual Private LAN Service (HVPLS) is thus introduced to address
the full-mesh VPLS.
Figure 5-25 shows the HVPLS model.
CE
basic VPLS full mesh
AC SPE
PW
SPE
PW PW
UPE
PW SPE
AC
CE
UPE
The device directly connected with CE routers is called Underlayer PE (UPE).
The UPE only needs to be connected with one of PE routers in the basic
VPLS. The UPE supports routing and MPLS encapsulation. If one UPE is
connected with many CE routers and provides bridging functions, only the
UPE needs to forward the data frame to reduce the burden on the SPE.
SPE
The device connected with the UPE and located in the core of the full-mesh
VPLS is called Superstratum PE (SPE). The SPE is connected with all other
devices in the VPLS. The SPE takes the UPE connected as a CE router. The
PW established between the UPE and the SPE is taken as the AC of the SPE.
The SPE needs to learn the MAC addresses of sites at the UPE side and the
MAC addresses of the UPE interfaces connected with the SPE.
l IGMP snooping
VPLS can isolate users. Each VPN needs to support IGMP snooping, that is, the
multi-instance IGMP snooping.
VPLS learns MAC addresses in the following modes:
Unqualified
The Unqualified mode refers to allowing numerous VLANs in a VSI to share a
MAC address space and a broadcast area. VLANs need be learned.
Qualified
The Qualified mode refers to allowing a VLAN in a VSI to have an independent
MAC address space and broadcast area. VLANs need not be learned.
l mVPLS
mVPLS refers to a management VPLS. The VSIs associated with the mVPLS are
called management VSIs (mVSIs).
The prerequisite to the Up state of an mVSI differs from that to a common VSI
(service VSI) as follows:
Common VSI: has two or more Up AC interfaces, or has both one Up AC
interface and one Up PW.
mVSI: has one Up PW or AC interface.
PWE3
Pseudo-Wire Emulation Edge to Edge (PWE3) is a technology used to carry
end-to-end Layer 2 services. In the Packet Switched Network (PSN), PWE3 simulates
ATM, Frame Relay (FR), Ethernet, low-speed TDM, and SONET/SDH.
l Classifications of PW
PW can be classified into:
Static PW and dynamic PW in terms of implementation
Single-hop PW and multi-hop PW in terms of networking
LDP-PW and RSVP-PW in terms of signaling
l Control Word
The CW is negotiated at the control plane, and is used for packet sequence
detection, packet fragmentation, and packet reassembly at the forwarding plane.
In the PWE3 protocols, ATM Adaptation Layer Type 5 (AAL5) and FR require the
support for the CW. The negotiation of the CW at the control plane is simple. If
the CW is supported after the negotiation, the negotiation result needs to be
delivered to the forwarding module, which detects the packet sequence and
reassembles the packet.
The CW has the following functions:
Carries the sequence number for forwarding packets
If the control plane supports the CW, a 32-bit CW is added before the data
packet to indicate the packet sequence. When the load balancing is supported,
the packets may be out of sequence. The CW can be used to number the
packets so that the peer can reassemble the packets.
Fills the packet to prevent the packet from being too short.
For example, if Ethernet is between PEs and PPP is between PEs and CEs,
the size of the PPP control packet is smaller than the smallest MTU supported
by the Ethernet. Then the PPP negotiation fails. You can avoid this by adding
the CW, that is, by adding the fill bit.
Carries the control information of the Layer 2 frame header.
In certain cases, the frame does not need to be transmitted completely in the
L2VPN packets on the network. The frame header is stripped at the ingress
and added at the egress. This method, however, cannot be used if the
information in the frame header needs to be carried. You can use the CW to
solve this problem. The CW can carry the negotiated information between the
ingress PE and the egress PE.
At the control plane, the negotiation succeeds only when both ends or neither
end supports the CW. At the forwarding plane, the negotiation result at the
control plane determines whether the CW is added to the packet.
l VCCV Ping
VCCV ping is a tool that is used to manually test the connectivity of the virtual
circuit. Similar to ICMP ping and LSP ping, it is realized through the extended
LSP ping. The VCCV defines a series of messages transmitted between PEs to
verify the connectivity of PWs. To ensure that the path of VCCV packets is
consistent with the path of data packets in PWs, the encapsulation type and the
passed tunnel of VCCV packets must be the same as those of PW packets. For
details, refer to draft-ietf-pwe3-vccv and draft-ietf-mpls-lsp-ping.
The CX600 supports the manual detection on the connectivity of LDP PWs on the
U-PE, that is, the VCCV ping, including the detection on the connectivity of static
PWs, dynamic PWs, single-hop PWs, and multi-hop PWs. Figure 5-26 shows the
reference model of the PWE3 VCCV.
Emulate Service
PW1
AC AC
VCCV
The VCCV can be used as a fault detection and diagnostic tool for PWs. The
VCCV can be a combination of one type of CCs and one type of connectivity
verifications (CVs), because the lower layer PSNs are different, such as LSP ping,
L2TPv3, or Internet Control Message Protocol (ICMP) ping.
l PW Template
A PW template is a set of public attributes abstracted from PWs. A PW template
is shared by different PWs. For convenience of expansion, the command mode of
the PW template is added to set some public attributes of PWs. When creating a
PW in interface mode, you can use this template.
In the CX600, the PW can be bound with the PW template and can be reset.
l Interconnectivity of heterogeneous media
PWE3 can support:
Interconnectivity of homogenous media and heterogeneous media
Cell relay of data with different encapsulations
At present, the CX600 supports the following data transport by using PWE3:
ATM AAL5 SDU VCC transport
Ethernet
HDLC
ATM n-to-one VCC cell transport
IP Layer 2 transport
ATM one-to-one VCC cell mode
l ATM cell relay
ATM cell relay is a technology to carry ATM cells on the PWE3 virtual circuit.
Label encapsulation for ATM relay through PSN is shown in Figure 5-27.
L2 PE Pseudo-wire PE L2
Connection or 'port'
carried On pseudo-wire
A PSN label of the exterior layer identifies a PSN tunnel, while the PW header of
interior layer identifies a PW.
ATM cell relay is used to load the following services on a PSN:
The services whose PW payload is ATM cell
The services whose PW payload is AAL5 SDU
ATM cell relay can also be used to upgrade the former ATM network through a
PSN, with no new ATM devices and no change of the ATM CE configuration. ATM
CE takes ATM cell relay as TDM leased line, and relays cells through a PSN for
ATM interconnection.
ATM IWF
The ATM Inter-Working Function (ATM IWF) provides interoperation function
between the ATM link that is accessed through 1483B and the Ethernet link. With the
implementation of L2VPN, you can transparently transmit the ATM packets that are
accessed through 1483B to the Ethernet link. To keep the access information of ATM
(VPI and VCI accessed to a packet), VPI is mapped to be the external VLAN and VCI
is mapped to be the internal VLAN. By adding two layers of VLANs to the frame
header of the data link layer, the router can transmit the ATM packets with VPI/VCI
information to the Ethernet link through the two VLANs.
ATM IWF runs on L2VPN and has two implementation methods according to the
actual networking: the CCC local connection and PW.
l CCC local connection
The CCC is implemented between sub-interfaces of ATM and Ethernet on the
same router.
As shown in Figure 5-28, in the CCC local connection, the CX600 cross transmits
the flow that is based on 1483 encapsulation out of the ATM flow accessed from
devices like DSLAM to the Ethernet link. VPI is mapped to be the external VLAN,
and VCI is mapped to be the internal VLAN. Then, the packets are forwarded
from the Ethernet interface to the access device such as BRAS. The BRAS
distinguishes different DSLAM users based on the labels on the two-layer of
VLAN of a packet.
CCC
ATM GE
l PW
Through the LSP tunnel of L2VPN, layer 2 transparent transmissions of data
packets of the ATM link and the Ethernet link can be carried out between peer PE
routers.
As shown in Figure 5-29, the ATM flow based on 1483B encapsulation can be
transparently transmitted to the remote Ethernet link through PW (such as
configuring Martini or Kompella L2VPN). In the process, VPI is mapped to be the
external VLAN and VCI is mapped to be the internal VLAN. The ATM packets are
then transparently transmitted to the remote BRAS. The BRAS distinguishes
different DSLAM users based on the labels on the two-layer VLAN of a packet.
CX-A PW CX-B
ATM GE
ATM
VPNA
site1
CE4 CE1
PE1
VPN B VPN B
site4 site5
P1 P2 CE5
Core Edge
CPE
PE3 layer layer
layer
CE2
VPN A
P3
site3 CE3 PE2
VPN A
CE6
site2
VPN B
site6
Figure 5-31 shows the networking of a BGP/MPLS IP VPN that the CX600 supports.
PE-ASBR
VPN2 site2 UPE Hierarchical
PE
Support inter-AS
Support HoVPN to solutions:
extend the VPN VRF-to-VRF
MP-EBGP
MP-Multihop EBGP
PE-ASBR
Carrier's Carrier
The customer of the BGP/MPLS IP VPN service provider can serve as a service
provider, which is called the networking mode for the carrier's carrier. In this mode, the
BGP/MPLS IP VPN service provider is called the provider carrier or the first carrier.
The customer is called the customer carrier or the second carrier, which serves as a
CE router for the first carrier.
To keep good extensibility, the second carrier adopts the operating mode similar to the
stub VPN. That is, the CE router of the second carrier only advertises the routes
(internal routes) of the VPN where it resides to the PE router of the first carrier. The
CE router does not advertise its customers' routes (external routes). PE routers of the
second carrier exchange external routes through BGP. This greatly reduces the
number of routes maintained on the first carrier network.
Inter-AS VPN
The CX600 supports the following three inter-AS VPN solutions represented in RFC
2547bis:
l VPN instance to VPN instance: ASBRs manage VPN routes in between by using
sub-interfaces, which is also called Inter-Provider Backbones Option A.
l EBGP redistribution of labeled VPN-IPv4 routes: ASBRs advertise labeled
VPN-IPv4 routes to each other through MP-EBGP, which is also called
Inter-Provider Backbones Option B.
l Multihop EBGP redistribution of labeled VPN-IPv4 routes: PE routers advertise
labeled VPN-IPv4 routes to each other through Multihop MP-EBGP, which is also
called Inter-Provider Backbones Option C.
Multicast VPN
The CX600 supports multicast BGP/MPLS IP VPN.
Multicast services are deployed in the network shown in Figure 5-32. VPN users in
various sites receive multicast traffic from the local VPN. The PE in the public network
supports multi-instance.
As shown in Figure 5-32, the public network instances on each PE and the P router
implement public network multicast. VPN multicast data is multicast in the public
network.
PE1_public-instance
P1
P2
PE3_public-instance
P3
PE2_public-instance
As shown in Figure 5-33, the VPN A instances on each PE and the sites that belong to
the VPN A implement VPN A multicast.
VPNA
site1
CE1
PE1_vpnA-instance
PE3_vpnA-instance MD A
CE2
VPN A
site3 CE3 PE2_vpnA-instance
VPN A
site2
As shown in Figure 5-34, the VPN B instances on PEs and the sites that belong to the
VPN Bs implement VPN B multicast.
CE4
PE1_vpnB-instance
VPN B VPN B
site4 site5
CE5
MD B
PE2_vpnB-instance
CE6
VPN B
site6
IPv6 VPN
The next-generation network protocol IPv6 is an enhancement of IPv4. IPv6 improves
the address space, configuration, maintenance, and security and supports access of
more users and devices to the Internet.
The VPN is an extension of the private network constructed by the shared link or the
public network such as the Internet. The VPN enables the computers across two
areas of a client to transmit data through the shared link or the public network; thus
the function of the P2P private link is realized.
When each site of a VPN supports IPv6, all the sites can be connected to the PE
router of the Service Provider (SP) through an interface or sub-interface with the IPv6
address. In this way, the sites are connected to the backbone network of the SP and
the VPN is called an IPv6 VPN. Simply speaking, IPv6 VPN indicates that a PE router
receives IPv6 packets from a CE router, which is different from the IPv4 VPN.
Currently, the IPv6 VPN services are carried over the IPv4 network of the SP. In this
case, the backbone network runs IPv4 while the user sites use IPv6 addresses. PE
routers need to support the IPv4/IPv6 dual stack, as shown in Figure 5-35. Any
network protocol that bears IPv6 traffic CE routers and PE routers can run between
PE routers and CE routers. The PE routers run IPv6 on the interfaces connecting
clients and IPv4 on the interfaces connecting the public network.
Figure 5-35 Networking diagram of the IPv6 VPN over the IPv4 backbone network
IPv6
VPN site2
P PE CE
PE IPv6
CE VPN site1
P
IPv6
VPN site1
PE
CE
CE
IPv6 IPv6
VPN site2 VPN site1
The implementation principle of the IPv6 VPN is similar to that of BGP/MPLS IP VPN.
The IPv6 VPN advertises VPN-IPv6 routing information through Multiprotocol
Extensions for BGP-4 (MP-BGP) on the backbone network. The IPv6 VPN triggers
MPLS to allocate labels to identify IPv6 packets, and then transmits data of the private
network across the backbone network through LSP, MPLS TE, or GRE tunnels.
IPv6 VPN networking schemes that the CX600 supports are:
l Intranet VPN
l Extranet VPN
l Hub&Spoke
l Inter-AS or multi-AS backbones VPN
l Carriers' carrier
HoVPN
In BGP/MPLS VPN solutions, the key device, PE router, functions in the following
aspects:
l Provides access functions for users. To achieve this, a PE router needs a great
number of interfaces.
l Manages and advertises VPN routes and processes user packets. This requires
that a PE router have large-capacity memory and high forwarding capabilities.
This causes the PE to becomes a bottleneck. To solve this problem, Huawei launches
the Hierarchy of VPN (HoVPN) solution. In HoVPN, functions of a PE router are
distributed to multiple PEs. Playing different roles in a hierarchical architecture, the
PEs implement functions of a centralized PE router together.
The basic architecture of HoVPN is shown in Figure. The device that is directly
connected to users is called the Underlayer PE or User-end PE (hereafter referred to
as the UPE). The device that is connected to the UPE in the internal network is called
the Superstratum PE or Service Provider-end PE (hereafter referred to as the SPE).
Multiple UPEs and a SPE form a hierarchical PE, functioning together as a traditional
PE router.
VPN1 site
HoVPN
PE VPN1 site
VPN2 site
SPE
UPE1
MPLS
network
VPN1 site UPE2
PE VPN2 site
VPN2 site
The HoVPN takes advantage of the performance of SPEs and access capability of
UPEs.
The HoPE is the same as the traditional PE in appearance. It can exist together with
common PEs in an MPLS network.
HoVPN supports the embedding of HoPE:
l A HoPE can act as a UPE, and compose a new HoPE with another SPE.
l A HoPE can act as an SPE, and compose a new HoPE with multiple UPEs.
l Multiple embedding processes are supported.
The embedding of HoPE can infinitely extend a VPN network in theory.
RRVPN
Resource Reserved VPN (RRVPN) is a tunnel-multiplexing technology. It can provide
end-to-end QoS guarantee for VPN users.
To reserve and isolate resources for a VPN, RSVP-TE tunnels must be used. When
RRVPN is implemented, different VPNs use different tunnels. The resources of
different tunnels with the same tunnel interface, however, are isolated and reserved.
Note that the total bandwidth of the tunnels must not exceed the total bandwidth
reserved for the physical links.
Multi-role Hosts
In a BGP/MPLS IP VPN, the VPN attributes of the packets received by PEs from CEs
are decided by the VPN instance of the incoming interfaces on the PEs. Thus, all the
packets that are forwarded by the same PE interface belong to the same VPN.
In practice, however, a server or terminal is generally required to access multiple
VPNs. For example, a server in a financial system in VPN 1 and a server in an
accounting system in VPN 2 need to communicate. The server is called a multi-role
host.
In a multi-role host model, only the multi-role host can access multiple VPNs; the
non-multi-role hosts can access only the VPN to which the hosts belong.
The implementation principle of a multi-role host is simple. A multi-role host generally
fulfils the following functions:
l Ensures the data stream of the multi-role host can reach the destination VPN
network.
l Ensures the data stream from the destination VPN network can reach the
multi-role host.
As shown in Figure 5-37, the VPN to which the multi-role host PC belongs is VPN1. If
the VPN1 routes and VPN2 routes on PE1 do not import each other, the PC can
access only VPN1 instead of VPN2. The data stream from the PC to VPN2 can be
transmitted only by searching the VPN1 routing table of PE1. If the destination
address of a packet does not exist in the VPN1 routing table, PE1 discards the packet.
To ensure that the data stream of the PC can reach VPN2, configure PBR on PE1
interfaces through which CE1 accesses PE1. After the configuration, if the destination
address of a packet from CE1 does not exist in the VPN1 routing table, the VPN2
routing table is searched. The PBR here is generally based on IP addresses and can
guide data streams to access different VPNs.
VPN1
PC
Static-Route CE2
PE2
Backbone
VPN1
CE1 PE1
PE3
Policy-Based Routing
VPN2
CE3
To ensure that the data streams from the destination VPN network can return to the
PC, PE1 must be able to search the routes in the VPN1 routing table for the data
streams from VPN2. This is implemented through injecting the static route to the PC
into the VPN2 routing table on PE1. The outgoing interface of the static route is the
PE1 interface that connects CE1.
The functions of a multi-role host are realized mainly on the PE that the CE accesses.
(The multi-role host accesses the CE.)
l Through the PBR on a PE, the data streams from the same VPN can be
transmitted by searching routing tables of different VPNs at the same time.
l Static routes are installed to the routing table of the destination VPN on the PE.
The outgoing interfaces of the static routes are the interfaces that connect the
multi-role host and the VPN.
Note that the IP addresses of the VPN where a multi-role host resides and the VPN
that the host accesses cannot be the same.
L2VPN tunnel
L3VPN tunnel
MPLS is widely applied on the access network of the ISP because it features high
reliability and security and sound IP-based operating and maintenance capabilities,
and supports QoS. MPLS L2VPN provides MPLS-based VPN services and
transparently transmits Layer 2 data of users on the MPLS network. It thus provides a
channelized path for user services and reduces the LSPs maintained by transit nodes.
MPLS L3VPN services are a kind of common services provided by the ISP over the
bearer network. MPLS L2VPN tunnels enable users to access the MPLS L3VPN of
the bearer network. Users can access MPLS L3VPNs through low-end devices such
as the CXs. In this manner, networking cost is reduced and secure and stable MPLS
L3VPN services are provided for users.
To access L3VPNs through MPLS L2VPN tunnels, two devices that are a PE-AGG
and an NPE need to be deployed at the border between the access network and the
bearer network. In addition, the PE-AGG is used to terminate the L2VPN and the NPE
is used to terminate the L3VPN. The PE-AGG and the NPE run as the CE router for
each other. In this case, if an NPE combines the capability of the PE-AGG, networking
cost can be saved and networking is simplified. The VE interface, which is supported
by the CX600 to access multiple services, can be bound to the L2VPN and L3VPN at
the same time. That is, the VE interface can access and terminate the L2VPN and
L3VPN. In this manner, the CX600 can run as the NPE and PE-AGG at the same
time.
UPE
L2VPN tunnel
L3VPN tunnel
Without a dedicated board, the CX600 can associate Layer 2 with Layer 3 VE
interfaces by using a VE group. The CX600 terminates the VLL and the VPLS through
Layer 2 VE interfaces and accesses the L3VPN through Layer 3 VE interfaces. The
UNPE function is thus implemented.
PE2 VPNA
Backbone
site 3
network
PE1
VPNA
site 1 PE3
VPNA
site 2
Backbone
network VPNA
site 3
PE2
PE1
VPNA
site 1 PE3
VPNA
site 2
VPNA carries three types of services,
ensuring the QoS for each service in
the same VPN
COPS
SR
ISP
User DSLAM
DHCP Server
An IP packet of the user is encapsulated in a QinQ packet with double VLAN tags
through the DSLAM and then accesses the SR. The outer VLAN ID specifies the
DSLAM; the inner VLAN ID specifies the user.
With the DHCP relay function, the SR forwards a DHCP request packet to the DHCP
server when receiving an access request from the user. After the DHCP server returns
an assigned IP address to the user, the SR reports information about the online user
to the COPS server.
The information includes the following:
l Location of the user, that is, CircuitId in the DHCP Option 82 field
l VPN to which the user belongs
l IP address of the user
l MAC address of the user
In addition, the CX600 provides the following functions:
l Supports the three-level limit to the number of users.
l Provides the detection of online users and the processing of the user getting
offline.
l Checks the validity of IPTN users.
l Displays information about online users and forcibly cuts off online users.
The CX600 can implement all the eight PHB behaviors of Expedited Forwarding (EF),
Assured Forwarding 1 (AF1), AF2, AF3, AF4, Best-Effort (BE), Class Selector 6 (CS6),
and CS7. With the CX600, network operators can provide users with differentiated
QoS guarantee, and make the Internet an integrated network that can carry data,
voice, and video services at the same time.
Figure 5-43 shows the hierarchical QoS (HQoS) of the CX600.
Inbound
interface
L1
L2 RED
CAR WRED
L3
......
L4
Receive
packets Classify Congestion Priority
and avoidance scheduling
mark detection PQ
packets CQ
Outbound CBWFQ
interface
......
......
L1
RED L2 VOQ switch
WRED L3 Prevent the head
......
......
l On the ingress edge node, the router classifies traffic based on Multi-field (MF)
and then performs traffic policing, Differentiated Services Code Point (DSCP)
mark or re-mark, queue scheduling and management, and traffic shaping based
on user traffic.
l On the egress edge node, the router performs traffic classification, DSCP re-mark
or ToS mark, traffic shaping, queue scheduling and management based on DSCP.
If the downstream domain is a DiffServ domain, service traffic may be re-marked
with the DSCP priority based on the SLA signed between the provider and
customers. If the downstream domain is a CoS domain, service traffic should be
marked with a ToS flag. The traffic shaping performed on the egress allows the
traffic sent to the downstream domain to enjoy the bandwidth and CBS
conforming to the SLA.
The SLA is an agreement reached between the service subscriber and service
provider. The service provider provides services for service subscribers. The SLA
contains the parameters such as the Committed Information Rate (CIR), Peak
Information Rate (PIR), Committed Burst Size (CBS), and Peak Burst Size (PBS)
to monitor and control the incoming traffic. The router performs such behaviors as
Pass, Drop, or Markdown for the traffic exceeding the promised limit. Markdown
means that packets are marked with high drop priority. Markdown packets are
first dropped when network congestion occurs. This ensures that the packets
conforming to the SLA can enjoy the services specified in the SLA.
l On the core node, the router performs traffic classification, queue scheduling and
management based on DSCP.
Passed
Token bucket
Dropped
l The tokens are put into the TB at the rate preset by the user. The capacity of the
TB is also preset by users. When the number of tokens reaches the capacity of
the TB, the number does not increase any more.
l On arrival, the packets are classified according to the information such as the IP
precedence, source address, or destination address. The packets that conform to
the preset feature go into the TB for further processing.
l If the TB has enough tokens for sending packets, packets are forwarded.
Meanwhile, the number of tokens is reduced by the packet length. If the TB
contains insufficient tokens or is empty, the packets that are not assigned with
tokens or not assigned with enough tokens are discarded; or the information
about the IP precedence, DSCP, or EXP values are re-marked and the packets
are forward. At this time, the number of tokens in the TB remains unchanged.
The preceding process shows that the CAR technology enables a router to control
traffic, and to mark or re-mark packets.
To limit the traffic rate is the main function of CAR. With the CAR technology, a TB is
used to measure the data traffic that flows through the interfaces of a router so that in
the specified time only the packets that are assigned with tokens go through the router.
In this way, the traffic rate is limited. CAR limits the maximum traffic rates of both
incoming packets at the ingress and outgoing packets at the egress. Meanwhile, the
rate of certain types of traffic can be controlled according to such information as the IP
address, port number, and precedence. These characteristics include the IP address,
port number, and precedence. The traffic not conforming to the present conditions is
not limited in rate; such traffic is forwarded at the original rate.
The CAR technology is used at the network edge to ensure that the core device can
process data normally. The CX600 supports CAR in both the inbound and outbound
directions.
Frame Relay/X.25/DDN
CX-B PC2
Serial 1
2 Mbit/s Ethernet
LAN 2
CX-A
Ethernet Server2
10 Mbit/s
LAN 1
Server1
Congestion management provides means to manage and control traffic when traffic
congestion occurs. The queue scheduling technology is used to handle traffic
congestion. Packets sent from one interface are placed into many queues which are
identified with different priorities. Packets are then sent according to the priorities. A
proper queue scheduling mechanism can provide packets of different types with
reasonable QoS features such as the bandwidth, latency, and jitter. The queue here
refers to the outgoing packet queue. Packets are buffered into queues before the
interface is able to send them. Therefore, the queue scheduling mechanism works
only when an outbound interface is congested. The queue scheduling mechanism can
re-arrange the order of packets except those in First In First Out (FIFO) queues.
Commonly used queue scheduling mechanisms are:
l FIFO
l PQ
l Custom Queuing (CQ)
l WFQ
l Class-based WFQ (CBWFQ)
The CX600 supports FIFO, PQ, and WFQ to realize the queue scheduling on the
interface.
probabilities within the same traffic stream. This can effectively avoid and control
network congestion.
5.7.7 HQoS
Hierarchical QoS (HQoS) is a kind of QoS technology that can control user traffic and
schedule service queues according to the priority level.
The HQoS of the CX600 has the following functions:
l The system provides abundant services with the five-level QoS scheduling
mechanism.
l The system supports PQ and Confirmed Bandwidth Priority Queue (CBPQ).
PQ is based on the absolute priority level. After you configure PQ, the packets
with the highest priority level are permitted; the packets with low priority levels
are discarded, once the network is congested. PQ is unable to configure
bandwidth for packets of all priority levels.
CBPQ is based on bandwidth guarantee. CBPQ makes full use of bandwidth
resources in the case of bandwidth guarantee.
l The system supports the configuration of the parameters of a queue, such as the
maximum queue length, WRED, low delay, SP/WRR weight, committed burst
size (CBS), PBS, and statistics enabling.
l The system supports the configuration of parameters such as the CIR, PIR,
number of queues, and scheduling algorithms between queues for each user.
l The system supports traffic statistics. It enables carriers to view the status of
bandwidth use of each service. The users can thus analyze traffic and properly
allocate bandwidth for services.
l The system supports the HQoS of VPLS, L3VPN, VLL, and TE.
5.7.8 QPPB
QoS policy propagation through the Border Gateway Protocol (QPPB) is a kind of
technology to propagate the QoS policy through BGP.
On the BGP receiver, you can:
l Set QoS parameters for BGP routes, such as IP precedence and traffic behavior,
based on the attributes of the route.
l Set the receiver to classify traffic based on QoS parameters, and set a QoS policy
for the classified traffic.
l Set the receiver to forward packets based on the QoS policy to realize QPPB.
On the BGP receiver, you can set QoS parameters, such as IP precedence and traffic
behavior, according to the following attributes of BGP routes:
l ACL
l AS path list
l Community attribute list
l Route cost
l Address prefix list
Configure a
QoS policy Advertise routing
information
AS100 AS200
Packets filtered by
the QoS policy
In the complex network environment, the policy for route classification needs to be
changed from time to time. QPPB can simplify the change of the policy on the BGP
receiver. Using QPPB, you can change the routing policy on the BGP receiver by
changing that on the BGP sender.
In the process of QinQ implementation, the 802.1p value in the inner VLAN tag needs
to be sensed. You can set the following rules through commands o sense the 802.1p
value:
l Ignore the 802.1p value in the inner VLAN tag and set a new 802.1p value in the
outer VLAN tag.
l Automatically set the 802.1p value in the inner VLAN tag as the 802.1p value in
the outer VLAN tag.
l Set the 802.1p value in the outer VLAN tag according to the 802.1p value in the
inner VLAN tag.
As shown in Figure 5-47, QinQ supports 802.1p remark in the following three modes:
l Setting a value (Pipe mode).
l Using the 802.1p value in the inner VLAN tag (Uniform mode).
l Mapping the 802.1p priority in the inner VLAN tag to a value in the outer VLAN
tag. Multiple values in multiple inner VLAN tags can be mapped to the same
value in the outer VLAN tag, but a value in an inner VLAN tag cannot be mapped
to values in multiple outer VLAN tags.
Q-in-Q Supports
802.1p Remark
ISP
Network
CE PE
BE
Set the packet precedence
and mark the packet on the
upstream ATM interface
AF1
...
EF
CX-A CX-B
CS6
CS7
ATM physical interfaces, ATM sub-interfaces, ATM PVCs, and ATM PVPs all support
forcible traffic classification.
5.7.11 FR QoS
FR has its own QoS that can be configured with PVCs to provide flexible services for
customers.
FRTS
Frame Relay Traffic Shaping (FRTS) is used on the outbound interface of the router to
limit the ratio of the packet sent from the VC.
FRTP
Frame Relay Traffic Policing (FRTP) is used on the inbound interface of the router to
monitor traffic received from the VC. If the traffic exceeds the specific value, the
packets are discarded.
FRTP can be used only on the Data Circuit-terminating Equipment (DCE) interface to
monitor traffic from the Data Terminal Equipment (DTE).
FR Congestion Management
The FR packet includes bits used for congestion management:
l Forward Explicit Congestion Notification (FECN)
If it is 1, congestion occurs on the forwarding direction.
l Backward Explicit Congestion Notification (BECN)
If it is 1, congestion occurs on the backward direction. If no backward packet is
forwarded during a period, the router automatically sends Q.922A Test Response
whose BECN tag is 1 to the DTE.
l DE
It specifies whether to discard the packet or not. If it is 1, the packet is discarded
in the case of congestion.
Data direction
BECN
Frame Relay
Network
DTE DCE NNI
CX-A CX-B FECN
The system determines congestion based on the proportion of the current queue
length of the FR interface or the VC to the total length of the interface or the queue. If
the proportion exceeds the threshold, it is taken that congestion occurs. The packets
whose DE is 1 are discarded; otherwise, the FECN and BECN are set to 1.
You can set the congestion threshold in the following two ways:
l Set the congestion threshold of the interface in the interface view.
l Set the congestion threshold of the FR VC in the FR class view.
FR Queue Management
Normally, an FR interface has a queue while an FR VC has no queue. When the FR
interface is enabled with FR traffic shaping, all the VCs on the interface have their own
queues and the packets sent on the VC join in the queue first.
Figure 5-50 shows the relationship between the VC queue and the interface queue.
Interface queue
FR Fragmentation
In the process of transmitting voice with data, a large packet takes up the bandwidth
for a long period. As a result, the voice packet may be delayed or discarded and voice
quality is degraded.
FR fragmentation is used to shorten the delay to ensure the real-time voice. After FR
fragmentation configuration, a large data packet is disassembled into fragments and
the voice packet and the fragments can be transmitted alternately. In this way, the
voice packet can be processed on time and delay is shortened.
Packets Statistics
Classifier
The default action for
unmatched packets is Pass
Packets that
match rules
Statistics
Perform the
action
Allow the packets complying
with URPF to pass through
Packets Statistics
Classifier
The default action for
unmatched packets is
Pass
Packets that
match rules
Statistics
Packets Statistics
l When the same traffic policy is applied on various interfaces, the CAR traffic
statistics in the traffic policy is based on the interface.
5.10 IP Compression
In the NGN bearer network, some carriers lack transmission resources. The
RTP/UDP/IP packet header, however, contains about 40 bytes in the IP NGN service.
For voice compression algorithms that work well, the voice data in each packet
occupies less than 30 bytes. In this case, the packet header costs much, with low
transmission efficiency. The CX600 provides types of compression algorithms. The
transmission efficiency of the network can thus be improved and the lack of
transmission resources can be solved.
CRTP
The Compressed Real-Time Protocol (CRTP) defined in RFC 2508 can compress the
40 byte RTP header including the UDP and IP headers into a header of 24 bytes. In
this manner, the lack of transmission resources is solved.
In the traditional network, voice over IP is supported through RTP, as shown in Figure
5-54.
Header encapsulation
In the figure given above, the voice data occupies tens of bytes; the IP, UDP, and RTP
headers contain more than 40 bytes. In a session, half bytes of the header, such as
the source and destination IP addresses and the source and destination port numbers,
remain unchanged. Besides, the length field in the IP/UDP header is unnecessary
because the length can be obtained by calculating the length of the link layer header.
Differential coding can be performed although some fields change. After these
redundant fields are compressed, only 2-4 bytes need to be reserved (normally, two
bytes are kept; four bytes contain the UDP checksum), as shown in Figure 5-55.
Header encapsulation
ECRTP
ECRTP is short for Enhanced Compression Real-Time Transport Protocol. CRTP has
to send FULL_HEADER packets frequently over the links with high ratio of packet loss,
packet disordering, and long delays. This greatly affects the efficiency of compression.
RFC3545 defines ECRTP to strengthen the CRTP functions and reduce the impact of
link quality on the efficiency of compression.
ECRTP changes the mode in which the compressor requests the decompressor to
update the context. In this manner, CRTP becomes more adaptable to the changes in
link quality in the following aspects:
The compressor regularly sends extended COMPRESSED_UDP packets to update
the context of the decompressor, so the context of the two ends can be synchronized.
The format of the packet is extended to carry more information about the changes in
the header.
If no UDP checksum is carried, the field of CRTP head checksum is added. According
to the CRTP head checksum, the decompressor determines whether errors occur
during decompression and makes a second try. This can reduce the packets lost
owing to the asynchronous state between two ends.
The compressor sends N+1 synchronization packets continuously. In this manner, if a
synchronization packet is lost, the context of two ends can remain synchronous. The
value of N can be determined according to the link quality.
CRTP applies to reliable point-to-point links with short delays. ECRTP applies to
low-rate links of poor quality with long delays, high ratio of packet ratio, and packet
disordering. ECRTP is recommended for MPLS networks.
AAA
AAA is short for Authentication, Authorization, and Accounting. AAA provides
authentication, authorization, and accounting, which are performed in a domain.
AAA supports the following authentication modes:
l Non-authentication
l Local authentication
l Remote Authentication Dial-In User Service (RADIUS)
In this mode, access users are authenticated by the RADIUS server. The
RADIUS server can work in active/standby mode.
l Huawei Terminal Access Controller Access Control System (HWTACACS)
In this mode, access users are authenticated by the HWTACACS server.
AAA supports the following authorization modes:
l Direct authorization: completely trusts users and directly authorizes them to pass
through.
l Local authorization: authorizes users according to the configured attributes of
user accounts.
l HWTACACS authorization: authorizes users through the HWTACACS server.
l If-authenticated authorization: authorizes users to pass through if they pass the
authentication and the authentication mode is not non-authentication.
AAA supports the following accounting modes:
l Non-accounting: provides free services.
l Remote accounting: supports remote accounting through the RADIUS server or
the HWTACACS server.
Static User
Static users refer to the users whose IP addresses, login interfaces, VLAN IDs, VPN
instances, or MAC addresses are specified by the system. Static users' IP addresses
are permanent instead of being allocated through DHCP.
The CX600 supports a maximum of 1024 static users.
is online. If users have gone offline, the CX600 releases resources related to the user
and deletes the user entry.
After the link recovers, the user will resend an ARP request packet if the ARP entry of
the user ages; if the ARP entry does not age, the user sends IP packets.
In this case, to enable the user to log in again, the CX600 supports the user access
triggered by ARP or IP packets. That is, when the CX600 receives an ARP packet but
fails to find the related ARP entry, a process of login and authentication of the user is
triggered.
Controllable Multicast
The users through the access interface can receive multicast packets only after
passing authentication. Each access user can receive a maximum of four multicast
programs, that is, four multicast streams. Unauthorized programs are not sent to
access users.
QoS policy
The CX600 supports user-based HQoS to bind the configured QoS template to users.
The CX600 can control QoS based on the host, location, or CE-VLAN ID.
The CX600 also supports port-based, VLAN-based, user-based, or service-based
traffic shaping, and HQoS.
CoA or DM Logout
When users go online, the CX600 allows dynamically modifying authorization
information about users, which is known as Change of Authorization (CoA).While
maintaining the online status of users, the network administrator can modify the
service features of the RADIUS server and then dynamically change the services
used by users through the CoA packet. This authorization mode is referred to as
dynamic authorization.
CoA can modify the following user attributes:
l Minimum and maximum bandwidth
l Residual duration
l Residual traffic
l Controllable multicast program template
l Real-time charging interval
l User group
l Idle-cut time
When residual traffic or duration is used up, the CX600 can send RADIUS DM
messages through the RADIUS server to inform the device of cutting off users.
BOD
BOD is a dynamic bandwidth allocation service. When users require adjusting
bandwidth, they can dynamically activate or deactivate the BOD service through the
Portal server without need of the intervention of operators. In addition, the BOD
service provides a more flexible service-based accounting mode for operators.
In addition to providing the BOD service for DHCP users, the CX600 provides the
BOD service for different services of enterprise users, including the Internet access
service and L3VPN and L2VPN internetworking.
RADIUS URPF
ARP Broadcast/abnormal
Layer 2 limit DHCP snooping Port rate limit
attackproof traffic suppression
The following section describes the security features that the CX600 supports.
5.12.2 RPF/URPF
Unicast Reverse Path Forwarding (URPF) functions to prevent network attacks based
on the source address spoofing.
Generally, when receiving a packet, a router obtains the destination address of the
packet and searches the forwarding table for a route to the destination address. If a
route to the destination address is found, the packet is forwarded; otherwise, the
packet is discarded. When a packet is sent to a URPF-enabled interface, URPF
obtains the source address and inbound interface of the packet. URPF then takes the
source address as the destination address to retrieve the corresponding inbound
interface and compares the retrieved interface with the inbound interface. If they do
not match, URPF considers the source address as a spoofing one and discards the
packet. In this way, URPF can effectively prevent malicious attacks that are launched
by changing the source address.
interface exceeds the limited threshold, the MAC address of a new access user is not
learnt. The traffic of this user is thus broadcast at a restricted transmission rate.
Whitelist
The whitelist refers to a group of valid users or users with the high priority. By setting
the whitelist, you can enable the system to protect existing services or user services
with the high priority. You can define the whitelist through Access Control List (ACL)
rules. Then, the packets matching the whitelist are sent to the CPU in preference at a
high rate.
The valid users that normally access the system as confirmed and the users with the
high priority can be added to the whitelist.
Blacklist
The blacklist refers to a group of invalid users. You can define the blacklist through
ACL rules. Then, the packets matching the blacklist are discarded or sent to the CPU
in a low priority.
The invalid users that are involved in attacks as confirmed can be added to the
blacklist.
User-defined Flows
User-defined flows indicate that the user defines ACLs. It is applied when unknown
attacks emerge on the network. The user can flexibly specify the characteristics of the
attack data flows and limit the data flows that match the specified characteristic.
Local URPF
URPF detects the packets forwarded and transmitted from the local devices at the
ingress of a network. In large-scale networks, local URPF can be enabled on local
devices to prevent impact on the forwarding performance. This allows URPF to detect
only the validity of source addresses of packets on the local devices. Thus, invalid
packets are discarded. This prevents the source address spoofing attacks.
5.12.7 GTSM
Currently, some attackers on the network simulate valid packets to attack a router. As
a result, the finite resources of the router such as the CPU on the SRU/MPU is heavily
loaded and consumed. For example, the attacker continuously sends simulate BGP
protocol packets to a router. After the LPU of the router receives the packets destined
for the local host, the LPU sends the packets to the BGP processing module of the
CPU on the SRU/MPU instead of identifying the validity of the packets. As a result, the
system is abnormally busy with the high CPU utilization rate when the SRU/MPU of
the router processes these valid packets.
To avoid the preceding attacks, the CX600 provides the GTSM. The GTSM protects
services of the upper layer over the IP layer by checking whether the TTL value in the
IP header is within the specified range. In the application, the GTSM is used to protect
the TCP/IP-based control layer such as the routing protocol from the type of
CPU-utilization attacks such as CPU overload.
The CX600 supports the following types of GTSM:
Timestamp-based Scanning-proof
The timestamp-based scanning-proof function can identify the scanning attack on
time and suppress the processing of the requests generated by the scanning when a
scanning attack occurs, regardless of whether it is an ARP scanning attack or IP
scanning attack. In this way, the CPU is kept away from attacks.
l The device processes only the ARP response packets of the ARP request
packets sent by its CPU. The ARP response packets of the ARP request packets
that are not sent by its CPU are then discarded. The normal ARP request packets
can thus be promptly processed.
5.12.9 Mirroring
Mirroring means that the system copies the received packets on a node in the network
to a specified observing port, without interrupting services. Users can specify the
number of the port to be observed and connect the packet analysis equipment with
the observing port to observe the traffic. In local mirroring, the observing port and
mirroring port reside on the same device. In local mirroring, the observing port and
mirroring port reside on different devices. The CX600 supports both the local mirroring
and remote mirroring.
Mirroring is divided into the following types according to the requirements for the
packets to be copied:
l Port mirroring: The packets received and sent by a mirroring port are completely
copied to a specific observing port.
l Flow mirroring: On the basis of traffic classification, the packets that match
specific rules are copied and other packets are filtered out. By analyzing the
filtered packets that the system does not concern about, the system can control
packets with fine granularity. The efficiency of the packet analysis equipment can
thus be improved.
Mirroring is divided into the following types according to the direction in which the
packets are copied:
l Upstream mirroring: All packets or the packets that match specific rules received
by a mirroring port are copied to a specific observing port.
l Downstream mirroring: All packets or the packets that match specific rules to be
sent by a mirroring port are copied to a specific observing port.
Local Mirroring
Figure 5-57 shows the networking diagram of applying local mirroring.
Network 1 and Network 2 are connected through Router. When the incoming packets
from Network 1 to Port A need to be monitored, you can copy the incoming packets to
Port A as mirroring packets. When the incoming packets are normally forwarded, the
mirroring packets can be forwarded through Port C to the packet analysis equipment
for processing. In certain cases, both the incoming packets and outgoing packets to
and from Network 1 need be monitored. This allows Router to copy the incoming and
outgoing packets on Port A to the observing port.
In local mirroring, a physical observing port and multiple logical observing ports can
be configured on an LPU. Multiple mirroring ports can be configured on an LPU.
l Mirroring ports in local mirroring can be Ethernet interfaces and sub-interfaces,
low-speed serial interfaces channelized from POS interfaces, MFR interfaces, or
MP interfaces.
l Observing ports in local mirroring can be Ethernet interfaces and sub-interfaces,
POS interfaces, Eth-Trunks and Eth-Trunk sub-interfaces, or IP-Trunks.
When the downstream mirroring in local mirroring is implemented, inter-LPU mirroring
is supported. That is, the observing port and mirroring port can be configured on
different LPUs. If the observing port is a logical interface, the system can carry out
CAR to the local mirroring packets.
Remote Mirroring
Compared with local mirroring, remote mirroring features the following:
CX-C
Customer1 IP/MPLS
Packet analysis
backbone network
equipment
CX-A CX-B
Customer2
CX-D
CX-A and CX-B are edge routers on the IP/MPLS backbone network. Customer 1 and
Customer 2 access the backbone network through CX-C and CX-D respectively. To
maintain the network, analyze attacks, and locate faults, you need to check whether
the protocol packets sent from or received by CX-A are correct; or you need to check
whether the sub-interfaces of a VPN user bound to CX-C are attacked. In this manner,
you need to copy a type of protocol packets received by CX-A, protocol packets sent
from CX-A to CX-C, or packets received by sub-interfaces on CX-A to CX-B. CX-B
then forwards the preceding packets to the packet analysis equipment for analysis.
In remote mirroring, data from the mirroring port is copied and then the copy of data is
sent over a specified tunnel to a remote destination router where the remote
observing port resides. The remote observing port then forwards the copy of data to
the packet analysis equipment. Data transmitted from a mirroring port to a remote
observing port forms a flow. If there are two pieces of data transmitted from two
mirroring ports to a remote observing port, these two pieces of data form two flows.
The CX600 provides MPLS LSPs, MPLS TE tunnels, and GRE tunnels for remote
mirroring.
In remote mirroring, multiple observing ports and mirroring ports can be configured on
an LSP.
l Mirroring ports in remote mirroring can be Ethernet interfaces and sub-interfaces,
Eth-Trunks and Eth-Trunk sub-interfaces, IP-Trunks, low-speed serial interfaces,
MP interfaces, or MFR interfaces.
5.12.10 NetStream
The Internet develops rapidly. This requires more delicate network monitoring and
management while this provides more bandwidth resources. Developing a technology
to answer the preceding demands becomes urgent.
NetStream is a technology that is based on network traffic statistics. It collects
statistics on traffic flows and resource usage in the network accordingly, and monitors
and manages the network based on types of services and resources. NetStream
provides the following functions:
l Accounting
NetStream provides detailed statistics for the resource-occupation-based (such
as links, bandwidth, and time periods) accounting. Statistics such as IP
addresses, number of packets and bytes, transmission time, ToS fields, and
application types are collected. Based on the collected statistics, the ISP can
charge users flexibly based on time periods, bandwidth, application, or QoS;
enterprises can count their expenses or distribute costs to make better use of
resources. The enterprise customer can count the expense of the department or
assign the cost according to the information to make effective use of the
resources.
l Network planning and analysis
NetStream provides key information for advanced network management tools to
optimize the network design and planning. The minimum network operation cost
thus achieves the best network performance and reliability.
l Network monitoring
NetStream realizes the real-time network monitoring. The remote monitoring
(RMON), RMON-2, and flow-based analysis technology visualizedly displays the
flow mode on a single router or routers across the network. This provides the
basis for fault pre-detection and effective fault rectification.
l Application monitoring and analyzing
NetStream provides detailed application statistics about the network. For
example, the network administrator can view the proportion of each application,
such as Web, the File Transfer Protocol (FTP), Telnet, and other TCP/IP
applications to network traffic. The ISP then properly plans and allocates network
application resources to meet the users' requirements according to these
application statistics.
l Abnormal traffic detection
NetStream detects the abnormal traffic such as network attack traffic of various
types in the real-time manner. NetStream ensures network security by means of
alarms of the NMS and the cooperation with devices.
NetStream consists of three devices: NetStream Data Exporter (NDE), NetStream
Collector (NSC), and NetStream Data Analyzer (NDA). The relations among the three
devices are shown in Figure 5-59.
NSC
NDA
NSC
The NDE samples packets and exports the information to the NSC. The NSC is
responsible for analyzing and collecting the statistics data from the NDE. The NDA
analyzes the statistics data and then provides the basis for various services, such as
network accounting, network planning, network monitoring, application monitoring,
and analysis.
The CX600 can run as an NDE to sample packets, aggregate flows, and output flows.
According to the position of sampling packets and processing flows, NetStream on the
CX600 is classified into distributed NetStream and integrated NetStream. Distributed
NetStream supports load balancing among multiple NetStream boards.
l Distributed NetStream: An LPU can sample packets, aggregate flows, and output
flows independently.
l Integrated NetStream: Some LPUs do not support integrated NetStream. They
only sample packets and then send the sampled packets to the NetStream SPU
for integrated processing of flow aggregation and output.
The CX600 provides the following functions from the aspect of sampling:
l Supports sampling in the inbound and outbound interfaces. Some boards support
sampling on the inbound interface.
l Supports interface-based sampling and traffic-classification-based sampling.
l Supports sampling on IPv4 unicast/multicast packets, fragmented packets, MPLS
packets, and MPLS L3VPN packets.
l Supports regular packet sampling, random packet sampling, regular time
sampling, and random time sampling.
l Supports sampling of various physical and logical interfaces such as POS
interfaces, Ethernet interfaces, VLAN sub-interfaces, serial/MP/FR PVC/FR MP
interfaces provided by CPOS interfaces, ATM interfaces, FR interfaces, RPR
interfaces, trunk interfaces, VLANIF interfaces, and GRE interfaces.
The CX600 provides the following functions from the aspect of aggregation and
output:
l IPv4 supports the ten aggregation modes that are as, as-tos, protocol-port,
protocol-port-tos, source-prefix, source-prefix-tos, destination-prefix,
destination-prefix-tos, prefix, and prefix-tos 10.
l Supports aggregation of MPLS packets based on three-layer labels.
l Outputs the generated statistics in v5, v8, and v9 formats. When the packets are
output in the v9 format, both the 16-bit and 32-bit indexes are supported, which
can be set through commands as required.
l Each aggregated flow can be output to two NMS servers.
In this scenario, the IRI is provided by the AAA server and the CC is provided by the CX600.
AAA server
HI1
Interception center 1 L1
X1,X2 Carrier
HI2
Interception center 2
... Interception
HI3 X1,X3
management
LIG
center
CX
Interception center N
The LIG management system delivers the configuration to the LIG through the L1 interface. The
LIG is located in the network of the carrier. The LIG management system is managed by the
interception management center.
l Carrier
The carrier deploys the lawful interception function on the network devices. The
devices that support lawful interception receive the configuration from the
interception management center, and then send the intercepted traffic to the
interception management center.
Performance management is used to measure the packet loss ratio, delay, and jitter
during the transmission of packets. It also collects statistics on various kinds of traffic
such as the number of transmitted bytes and the number of errored packets.
OAM message. The OAM message with a low level are discarded in the
high-level MP.
l End-to-end fault detection and location
The ISP and Internet Context Provider (ICP) have gradually used fault detection
to guarantee QoS and reduce maintenance expense. Fault detection is realized
by sending and detecting the Continuity Check (CC) message at a scheduled
time.
The CX600 supports the tools of MAC ping and MAC trace by using the Loop
Back (LB) and Link Trace (LT) packet defined in IEEE 802.1ag to locate faults.
MAC ping
MAC ping realized by the LB message is used to test whether a device on the
network is reachable. It acquires the network status and the delay parameter.
To carry out MAC ping between any two devices on the network, the CX600
needs to meet the following requirements:
The originating point is a MEP.
The two points are MPs belonging to the same MA.
The two points are reachable.
MAC trace
MAC trace realized by the LT message is used to test the transmission paths
of messages and the link break point between the two devices.
The requirements for MAC ping also apply to MAC trace.
5.13.5 VRRP
The Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. VRRP
realizes route selection among multiple egress gateways by separating the physical
devices from logical devices.
VRRP is applicable to such a LAN that supports multicast or broadcast as the
Ethernet. VRRP uses logical gateways to ensure high availability of transmission links.
This avoids service interruption that results from a gateway device failure, without
changing the configuration of routing protocols.
VRRP combines a group of routers in a LAN into a backup group that functions as a
virtual router. Hosts in the LAN know the IP address of only this virtual router rather
than that of a specific router in the backup group. Hosts set the IP address of the
virtual router as their own default next-hop address. Hosts in the LAN thus access
other networks through the virtual router.
In the backup group, only one router is active and called master router; other routers
are in backup state with different priorities and called backup router.
Figure 5-62 shows the typical networking diagram of VRRP.
10.100.10.2/24 Master
PC
10.100.10.3/24
Backup Internet
Server
Internal network Backup
10.100.10.0/24
Backup group
Virtual IP address
10.100.10.1/24 10.100.10.4/24
VRRP dynamically associates the virtual router with a physical router that undertakes
transmission services. VRRP can select a new router to take over the transmission
when the physical router fails. The entire process is transparent to users, and realizes
non-blocking communication between the internal network and the external network.
mVRRP
The management Virtual Router Redundancy Protocol (mVRRP) refers to a
management VRRP group. The only difference between an mVRRP group and a
common VRRP group is that the mVRRP group can be bound to common VRRP
groups and determine the status of a common VRRP group according to the binding.
An mVRRP group cannot serve as a common VRRP group and be bound to other
mVRRP groups although it can be bound to multiple common VRRP groups.
An mVRRP group can join a VGMP group as a member. After an mVRRP group joins
a VGMP group, you can configure the mVRRP group to monitor the statuses of both
the peer and link BFD sessions. The mVRRP group, however, loses its independence.
Except for the Initialize state, the Backup and Master statuses depend on the status of
the VGMP group that the mVRRP group joins.
VGMP
Some applications require the same come-and-go path of a session. That is, the
packets of the same session must pass through the same devices. In this case, VRRP
has its own limitations. If the master/backup switchover is performed, the
come-and-go path of the same session cannot be ensured the same.
To avoid the preceding problem, Huawei develops the VRRP Group Management
Protocol (VGMP) on the basis of VRRP. The VRRP management group set up on the
basis of VGMP uniformly manages the joining VRRP backup groups. On a router, the
interfaces that belong to different VRRP backup groups are thus kept master or
backup simultaneously. In this manner, the VRRP statuses of the router are kept
consistent.
Configure VGMP in the following scenarios:
l The system is configured with a large number of VRRP backup groups.
The system processes the VRRP protocol packets on the SRU/MPU. A large
number of VRRP backup groups may generate many VRRP protocol packets.
These protocol packets compete with other protocol packets for the CPU
resources and the channel as well as the bandwidth of the inter-board
communication. In this case, the system is overloaded.
When you configure a VRRP management group to uniformly manage the VRRP
backup groups, the managed VRRP backup groups do not send protocol packets
independently. In this way, the occupancy of system resources is reduced.
l The router has functions of the firewall, NAT gateway, or proxy server.
These functions require the same come-and-go path of a session. Configuring a
VRRP management group to uniformly manage the VRRP backup groups
ensures the status of the VRRP backup group consistent.
5.13.6 GR
Graceful Restart (GR) is a key technology in implementing HA. The GR switchover
and subsequent restart can be performed by the administrator or triggered by faults.
GR neither deletes the routing information from the routing table or the FIB nor resets
the board during the switchover when faults occur. This prevents the services
interruption of the entire system.
GR has the following advantages:
l Simple and easy to implement. You only need to modify some protocols rather
than changing the current software.
l It does not need to back up the protocol status information.
l Few data needs to be backed up from the AMB to the SMB. The data includes
configuration modification, updated messages and events, interface status
change, and topology information and routing information from neighbors after
restart.
l During the switchover, there is little probability of service interruption.
l The network converges rapidly in normal situations.
The CX600 supports system-based GR and protocol-based GR. The protocol-based
GR includes:
l BGP GR
l OSPF GR
l IS-IS GR
l MPLS LDP GR
l L3VPN GR
l RSVP GR
5.13.7 BFD
The BFD is a detection mechanism used in the entire network. It is used to quickly
detect and monitor the connection of links and forwarding state of the IP route in the
network.
Detection packets are transmitted from both ends of the bidirectional link. The CX600
tests the link status from both directions to realize failure detection in milliseconds.
The CX600 supports single-hop BFD and multi-hop BFD.
The following describes the BFD features supported by the CX600.
5.13.8 FRR
The CX600 provides multiple FRR features. You can deploy FRR as required to
improve network reliability.
IP FRR
FRR can minimize data loss due to network faults. The switching time can reach 50
ms.
The CX600 provides FRR that enables the system to monitor and store the real-time
status of the boards and ports, and check the status of the ports when packets are
forwarded. When abnormality occurs on a port, the system can fast switch traffic to
another preset route. This improves the Mean Time Between Failures (MTBF) and
reduces the amount of lost packets.
LDP FRR
The traditional IP FRR cannot effectively protect the traffic in the MPLS network. The
CX600 provides the LDP FRR function and the solution to port protection.
Along an LDP with Downstream Unsolicited (DU) label distribution, ordered label
control and liberal label retention, a Label Switch Router (LSR) saves all label
mapping messages. Only the label mapping messages sent by the next hop
corresponding to the FEC can generate a label forwarding table. With this feature, the
backup LSP is set up if a label forwarding table is produced for the liberal label
mappings.
Normally, a packet is forwarded through the primary LSP. When the outgoing interface
of the primary LSP is Down, the packet is forwarded through the backup LSP. This
ensures continuous traffic follow before network convergence.
Hybrid FRR
The CX600 supports the FRR formed by the combination of IP routes and VPN routes
in a same VPN instance. That is, the CX600 supports hybrid FRR.
In a bearer network, IP FRR is deployed when a CE is dual-homed to PEs. If multiple
voice VPNs are connected to the CE and a POS link is encapsulated between the two
PEs, the POS interface cannot be divided into subinterfaces that can be bound to
different VPNs to provide a backup link for the traffic.
In this case, the BGP VPNv4 peer can be set up between the two PEs. Therefore, the
backup path, in the form of a private route, is exchanged between the two PEs. The
VPNv4 route then serves as a backup of the IP route between the PE and the CE, and
FRR is thus implemented on the CX600. In this manner, the traffic can be switched
within 50 ms.
TE FRR
TE FRR is a technology used in MPLS TE to implement local protection for the
network. Only the interfaces at a speed of over 100 Mbit/s support TE FRR. The
switching time of TE FRR can reach 50ms. It can minimize data loss when network
failures occur.
TE FRR is only a temporary protection method. When the protected LSP becomes
normal or a new LSP is established, the traffic is switched back to the original LSP or
the newly established LSP.
After an LSP is configured with TE FRR, the traffic is switched to its protection link and
the ingress node of the LSP attempts to establish a new LSP when a link or a node on
the LSP fails.
Based on the objects to be protected, FRR is divided into the following two types:
l Link protection: Direct link connection exists between PLR and MP, and primary
LSP passes this link. When this link is out of service, traffic is switched to bypass
LSP. As shown in Figure 5-63, the primary LSP is R1R2R3R4, and the
bypass LSP is R2R6R3.
PLR MP
R1 R2 R3 R4
Primary LSP
Bypass LSP
R6
l Node protection: PLR is connected with MP through R3, and primary LSP passes
this router. When R3 fails, traffic is switched to bypass LSP. As shown in Figure
5-64, the primary LSP is R1R2R3R4R5, and the bypass LSP is
R2R6R4. R3 is the protected router.
PLR MP
R1 R2 R3 R4 R5
Primary LSP
Bypass LSP
R6
VLL FRR
VLL FRR is a technique of realizing network protection in the L2VPN. It fast switches
user traffic to the backup link after a fault occurs to the network. In this way, the
reliability of the L2VPN is improved. VLL FRR is also called VLL redundancy.
VLL FRR in the L2VPN includes fault detection, fault notification, and active/standby
switchover of links.
The CX600 provides kinds of features that can be combined to realize VLL FRR.
l Fault detection
BFD for LSP/PW can fast detect the fault of the LSP/PW at the network side in
an L2VPN.
Ethernet OAM, ATM OAM, PPP, and FR can fast detect the fault at the access
circuit (AC) side in an L2VPN.
l Fault notification
LDP, BGP, or RSVP can notify the remote PE router of the fault of the LSP/PW
or the AC.
BFD for LSP/PW can inform the remote PE router of the fault of the LSP/PW
or the AC.
Ethernet OAM, ATM OAM, PPP, and FR can notify the local CE router of the
fault.
l Active/standby switchover of links
In a symmetric network, CE routers perform the active/standby switchover.
In an asymmetric network, PE routers work with CE routers to perform
active/standby switchover.
VPN FRR
In the traditional L3VPN, the local PE router senses the fault of the remote PE router
through the BGP Hello packets. The time taken to sense the fault defaults to 90
seconds. That is, VPN routes on the local PE router converge after the fault of the
remote PE router lasts 90 seconds.
VPN FRR supported by the CX600 can solve the preceding problem. When the CE
router is dual-homed, VPN FRR can fast switch VPN services to the backup tunnel
and PE router after the link between the CE router and the PE router is disconnected
or after the PE router restarts. In this manner, services are restored within a short
period.
l The forwarding engine of the local PE router keeps not only the outer labels of the
remote active PE router and the inner labels distributed to VPN routes, but also
the outer labels of the remote standby PE router and the inner labels distributed
to VPN routes.
l With the end-to-end fault detection mechanisms such as BFD, the local PE router
senses the fault of the remote active PE router within 200 milliseconds and then
switches the outer and inner labels of the remote active and standby PEs at the
same time.
l VPN FRR solves the problem of switchover between inner labels. The switchover
priority level of VPN FRR is lower than that of LDP/MPLS TE FRR. The time
taken by VPN FRR to sense the fault is thus more than that taken by LDP/TE
FRR.
Section Description
6.1 Maintenance Features This section describes the maintenance features and
and Functions functions of the CX600.
6.1.3 HGMP
The CX600 supports Huawei Group Management Protocol (HGMP), which is a cluster
management protocol developed by Huawei.
HGMP is used to group Layer 2 devices that are connected to the CX600 into a
unified management domain, that is, a cluster. In addition, HGMP supports automatic
collection of network topologies and provides integrated maintenance and
management channels. In this manner, a cluster uses only one IP address for external
communications, simplifying device management and saving IP addresses.
System Upgrade
The system upgrade optimizes the upgrading process. You can use one command to
complete the upgrading. Thus, you can save time. During the upgrading process, the
progress is displayed. After the upgrading is complete, you can view the results.
Rollback
During the upgrading process, if the new system software cannot start the system,
you can use the previous one that successfully started the system.
The rollback function can protect services against the failure in the system upgrading.
The N2000 NMS can also be integrated with other universal NMSs in the industry,
such as HP OpenView, IBM NetView, What's up Gold, and SNMPc. This makes it
possible to perform the unified management on the devices of multiple vendors. The
N2000 NMS provides real-time management on the topology, fault, performance,
configuration tool, equipment log, security and users, QoS policy, and VPN service. In
addition, it can be used to download, save, modify, and upload configuration files, as
well as upgrade the system software.
6.2.2 LLDP
At present, the Ethernet technology is extensively used in the Local Area Network
(LAN) and Metropolitan Area Network (MAN). With the increasing demand for
large-scale networks, the network management capabilities of Ethernet are in great
demand. For example, the network management of Ethernet should address issues
such as automatically obtaining topology of interconnected devices and conflicts in
configurations on different devices.
Recently, the Network Management System (NMS) software adopts the function of
automated discovery to trace changes in topology. Most NMS software, however, can
at best analyze the network layer topology and group devices to different IP subnets.
The NMS provides data only about adding or deleting devices. The NMS cannot
obtain information about the interfaces on a device, which are used to connect
another device. That is, the NMS cannot locate a device or determine its operation
mode.
The Layer 2 Discovery (L2D) protocol can discover precise information about the
interfaces situated on the devices and the interfaces that are used to connect other
devices. The L2D protocol also displays the paths between the client, switch, router,
application server, and network server. The preceding detailed information helps
locate a network fault.
The Link Layer Discovery Protocol (LLDP) is an L2D protocol defined in IEEE 802.1ab.
LLDP specifies that the status information is stored on all the interfaces and the
device can send its status to the neighbor stations. The interfaces can also send
information about changes in the status to the neighbor stations as required. The
neighbor stations then store the received information in the standard Management
Information Base (MIB) of the Simple Network Management Protocol (SNMP). The
NMS can search for the Layer 2 information in the MIB. As specified in IEEE 802.1ab,
the NMS can also find the unreasonable Layer 2 configurations based on the
information provided by LLDP.
When LLDP runs on the devices, the NMS can obtain the Layer 2 information about all
the devices it connects and the detailed network topology information. This expands
the scope of network management. LLDP also helps find unreasonable configurations
on the network and reports the configurations to the NMS. This removes error
configurations timely.
7 Networking Applications
As shown in Figure 7-1, the metro Ethernet consists of the core layer, the edge layer,
the aggregation layer, and the access layer. The core layer is responsible for the
high-speed forwarding of service data. The edge layer and the aggregation layer
serve as the access point of various services. The services access the network for
forwarding through the BRAS, the centralized PE, or the aggregation node, based on
the service type. The access layer is responsible for the user access, and the devices
at the access layer include the DSLAM, the converged switch, AG, and NodeB.
Distribution I n te rnet
node
BRAS Internet
DSLAM
CMTS Aggregafion
P/PE
Node
P/PE SoftX
VoD ES
Distribution P/PE
node
AccSwitch PE VoD CS
The aggregation layer device accesses and forwards the services through the IP or
MPLS technologies. Individual services are accessed to the aggregation node
through the DSLAM, and corporate services are converged at Layer 2 through a
switch or are directly accessed to the aggregation node.
l DSLAM: refers to the Digital Subscriber Line Access Multiplexer that accesses
the individual services through the permanent virtual circuit (PVC). The DLSAM
adds the VLAN or QinQ tag based on the types of users and services, and is
generally connected to the aggregation node.
l Switch: refers to the access switch that converges the Layer 2 corporate services
to the aggregation node.
l Aggregation node: refers to the distributed service node (PE). The aggregation
node distinguishes the VLAN or QinQ user services, forwards Layer 3 services or
VPN services, or transparently transmits services to the BRAS or the centralized
PE through the IP or MPLS technologies.
l Distribution node: refers to the distribution node that converges the services in
the metro Ethernet. The distribution node terminates the IP or MPLS technologies
and transparently transmits the services to the BRAS or the centralized PE.
l BRAS: refers to a device that processes PPPoE login services of individual
users.
l PE: refers to the centralized service node, which can also serve as the
distribution node. PE accesses the services that should be converged and
processed, such as centralized L3VPN services.
l P/PE: refers to the core forwarding node or the edge node on the back bone
network. P or PE rapidly forwards the services or accesses the services to the
backbone network.
The CX600 is applicable for the aggregation node and the distribution node to
guarantee the access of individual services and corporate services.
Individual Services
l HSI service: The DSLAM adds QinQ tags to distinguish user services. The outer
VLAN tag indicates the service type. The CX600 at the aggregation node
transparently transmits the services to the distribution node through EOMPLS
(VLL or VPLS). The distribution node can be the CX600 or the CX600. The
distribution node terminates the transmission and then transparently transmits
the QinQ data to the BRAS.
l VOD/VoIP: The CX600 at the aggregation node terminates the VLAN or QinQ tag
added by the DSLAM, and forwards the services to Layer 3 network or accesses
the services to L3VPN for forwarding.
l BTV: The CX600 at the aggregation node serves as the designated router (DR)
of the Protocol Independent Multicast (PIM). The aggregation node receives the
multicast data distributed through the PIM protocol, and then sends the data to
the DSLAM through multicast VLAN. The user joins or withdraws a group through
IGMP, and the hot channels send data to DR by static route.
Corporate Services
l Corporate dedicated line: The corporate dedicated line is connected to Layer 3
network through the CX600 at the aggregation node.
l E-LINE: The PW, an end-to-end L2VPN tunnel, is set up between the CX600 at
the aggregation node and the peer end. The E-LINE services are transmitted to
the peer end through different tunnels based on the VLAN or QinQ tags identified
at the aggregation node.
l E-LAN: The CX600 at the aggregation node creates the VSI, and forwards the
service data to different VSIs for forwarding after the VLAN or QinQ tag is
identified. The service data can also be accessed to the 2-LAN services through
H-PVLS, during which the VSI is created by the distribution node.
L3VPN: The services are accessed to the Virtual Route Forwarding (VRF) at the
aggregation node, or accessed to the centralized service node for VRF forwarding
through HoVPN.
8 Technical Specifications
Section Description
Item Description
External dimensions (width x l CX600-16 442 mm x 669 mm x 1600 mm (36
depth x height) U)
l CX600-8: 442 mm x 669 mm x 886 mm (20 U)
l CX600-4: 442 mm x 669 mm x 442 mm (10 U)
l CX600-X3:DC input power module: 442 mm x
650 mm x 175 mm (4 U); AC input power
module: 442 mm x 650 mm x 220 mm (5 U)
Installation Mounted in a 19-inch standard cabinet or an
N68E-22/N68E-18 cabinet
Item Description
SDRAM 2 GB
NVRAM 512 KB
Flash 32 MB
Number of SRU/MPU 2
slots
Feature Description
Interworking LAN protocols Ethernet_II
IEEE802.1Q
IEEE802.1p
Link layer PPP, MP
protocols HDLC
FR
ATM
IP over ATM
RPR
RRPP
POS over FR
Ethernet Basic VLAN features
switching VLAN aggregation
VLAN trunk
Dynamic learning between VLAN members
VLANIF interface
Inter-VLAN routing
VLAN translation
VLAN Mapping
STP/RSTP/MSTP
QinQ
VLAN Stacking
Feature Description
Feature Description
Feature Description
Others IP FRR
LDP FRR
TE FRR
VLL FRR
VPN FRR
IP and VPN hybrid FRR
VRRP
BFD
Dampening control to support Up/Down of
interfaces
Transmission alarm customization and
suppression
QoS Traffic Simple traffic classification
classification Complex traffic classification: based-on port;
based on Layer 2, Layer 3, or Layer 4 packets
Traffic Traffic policing and traffic shaping based on
policing and srTCM or trTCM
shaping DiffServ EF and AF services
GTS
Feature Description
Congestion PQ/WFQ
management
Congestion WRED
avoidance
Policy-based Route redirection, MPLS LSP explicit route
routing distribution
QPPB IP precedence
Specific traffic behavior
BGP BGP identifies and classifies the routes through
accounting BGP traffic index to account the traffic on the
basis of classification
Feature Description
A Compliant Standards
draft-ietf-pwe3-MS-PW-arch -
A
AAA Authentication, Authorization and Accounting
AAL5 ATM Adaptation Layer 5
AC Alternating Current
ACL Access Control List
AF Assured Forwarding
ANSI American National Standard Institute
ARP Address Resolution Protocol
ASBR Autonomous System Boundary Router
ASIC Application Specific Integrated Circuit
ATM Asynchronous Transfer Mode
AUX Auxiliary (port)
B
BE Best-Effort
BGP Border Gateway Protocol
BGP4 BGP Version 4
C
CAR Committed Access Rate
CBR Constant Bit Rate
CE Customer Edge
CHAP Challenge Handshake Authentication Protocol
CoS Class of Service
E
EACL Enhanced Access Control List
EF Expedited Forwarding
EMC ElectroMagnetic Compatibility
F
FE Fast Ethernet
FEC Forwarding Equivalence Class
FIB Forward Information Base
FIFO First In First Out
FR Frame Relay
FTP File Transfer Protocol
G
GE Gigabit Ethernet
GRE Generic Routing Encapsulation
GTS Generic Traffic Shaping
H
HA High availability
HDLC High level Data Link Control
HTTP Hyper Text Transport Protocol
I
ICMP Internet Control Message Protocol
L
L2TP Layer 2 Tunneling Protocol
LAN Local Area Network
LCD Liquid Crystal Display
LCP Link Control Protocol
LDP Label Distribution Protocol
LER Label switching Edge Router
LPU Line Processing Unit
LSP Label Switched Path
LSR Label Switch Router
M
MAC Media Access Control
MBGP Multiprotocol Border Gateway Protocol
MD5 Message Digest 5
MIB Management Information Base
MP Multilink PPP
N
NAT Network Address Translation
NLS Network Layer Signaling
NP Network Processor
NTP Network Time Protocol
NVRAM Non-Volatile Random Access Memory
O
OSPF Open Shortest Path First
P
PAP Password Authentication Protocol
PE Provider Edge
PFE Packet Forwarding Engine
PIC Parallel Interference Cancellation
PIM-DM Protocol Independent Multicast-Dense Mode
PIM-SM Protocol Independent Multicast-Sparse Mode
POP Point Of Presence
POS Packet Over SDH/SONET
PPP Point-to-Point Protocol
PQ Priority Queue
PT Protocol Transfer
PVC Permanent Virtual Channel
PWE3 Pseudo Wire Emulation Edge-to-Edge
Q
QoS Quality of Service
R
RADIUS Remote Authentication Dial in User Service
RAM Random-Access Memory
RED Random Early Detection
RFC Requirement for Comments
RH Relative Humidity
RIP Routing Information Protocol
RMON Remote Monitoring
ROM Read Only Memory
RP Rendezvous Point
RPR Resilient Packet Ring
RSVP Resource Reservation Protocol
RSVP-TE RSVP-Traffic Engineering
S
SAP Service Advertising Protocol
SCSR Self-Contained Standing Routing
SDH Synchronous Digital Hierarchy
SDRAM Synchronous Dynamic Random Access Memory
SFU Switch Fabric Unit
SLA Service Level Agreement
SNAP SubNet Attachment Point
SNMP Simple Network Management Protocol
SONET Synchronous Optical Network
SP Strict Priority
SPI4 SDH Physical Interface
SSH Secure Shell
STM-16 SDH Transport Module -16
SVC Switching Virtual Connection
T
TCP Transfer Control Protocol
TE Traffic Engineering
TFTP Trivial File Transfer Protocol
TM Traffic Manager
ToS Type of Service
TP Topology and Protection packet
U
UBR Unspecified Bit Rate
UDP User Datagram Protocol
UNI User Network Interface
UTP Unshielded Twisted Pair
URPF Unicast Reverse Path Forwarding
V
VBR-NRT Non-Real Time Variable Bit Rate
VBR-RT Real Time Variable Bit Rate
VC Virtual Circuit
VCI Virtual Channel Identifier
VDC Variable Dispersion Compensator
VLAN Virtual Local Area Network
VLL Virtual Leased Line
VPI Virtual Path Identifier
VPLS Virtual Private LAN Service
VPN Virtual Private Network
VRP Versatile Routing Platform
VRRP Virtual Router Redundancy Protocol
W
WAN Wide Area Network
WFQ Weighted Fair Queuing
WRED Weighted Random Early Detection